A finely tuned killfile that remains mostly static once defined works
wonders across all threads and fairly well.
Best,
Marty
On 3/15/09, Marshall Eubanks wrote:
>
> On Mar 15, 2009, at 1:20 AM, Charles Wyble wrote:
>
>> Can we please get this thread closed or something?
>>
>
> Maybe we shoul
Marshall Eubanks wrote:
Maybe we should start the nanog-law mailing list.
Maybe we should stick to the operational "Subject" at hand: log retention?
Is there any disagreement that everybody SHOULD keep dynamic assignment logs
for at least 36 hours as a Best Current Practice?
Is there any evi
On Mar 15, 2009, at 1:20 AM, Charles Wyble wrote:
Can we please get this thread closed or something?
Maybe we should start the nanog-law mailing list.
Jim Popovitch wrote:
On Sat, Mar 14, 2009 at 23:17, Joe Greco wrote:
"Looking around" Rockefeller Center generally isn't a crime.
"Look
Can we please get this thread closed or something?
Jim Popovitch wrote:
On Sat, Mar 14, 2009 at 23:17, Joe Greco wrote:
"Looking around" Rockefeller Center generally isn't a crime.
"Looking around" where you're in my back yard and peeking in the windows
is, at a minimum, trespass, and if our
On Sat, Mar 14, 2009 at 23:17, Joe Greco wrote:
> "Looking around" Rockefeller Center generally isn't a crime.
>
> "Looking around" where you're in my back yard and peeking in the windows
> is, at a minimum, trespass, and if our local cops notice you doing it, you
> can expect that you may find yo
> And there's another name for 'casing the joint', it is 'looking around'.
> Looking around generally isn't a crime. Neither is casing a joint, for that
> matter. And like I suggested with port scanning, whether someone was
> 'looking around' or 'casing the joint' is really only determinable afte
On Sat, Mar 14, 2009 at 6:24 AM, Bill Bogstad wrote:
> On Sat, Mar 14, 2009 at 4:12 AM, Neil wrote:
> > On Wed, Mar 11, 2009 at 6:34 AM, Brett Charbeneau wrote:
> >
> >.
> >As William pointed out, it's the things that follow that determine whether
> >someone's being bad. To flag port-s
Chris Adams wrote:
Do you think Covad would respond to a DMCA complaint like that?
That's actually the one thing that would make sense of this - that they
*do* purge the logs fast enough that they could reply to a DMCA
complaint by saying "sorry, we don't have logs".
The question is, in
Once upon a time, Neil said:
> I think you are being a little naive. Port scans, while possibly used for
> malicious ends, can very often be benign.
That sounds naive to me. From what I've seen, the number of malicious
scans is much greater than the number of benign scans. The vast
majority of
On Sat, Mar 14, 2009 at 4:12 AM, Neil wrote:
> On Wed, Mar 11, 2009 at 6:34 AM, Brett Charbeneau wrote:
>
>.
>As William pointed out, it's the things that follow that determine whether
>someone's being bad. To flag port-scans might be responsible, but I think
>pursuing legal action over
On Wed, Mar 11, 2009 at 6:34 AM, Brett Charbeneau wrote:
>I've been nudging an operator at Covad about a handful of hosts from
> his DHCP pool that have been attacking - relentlessly port scanning - our
> assets. I've been informed by this individual that there's "no way" to
> determine w
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Mar 14, 2009 at 12:42 AM, Joe Greco wrote:
>
> I have worked for large ISP's, I understand corporate budgets and
> politics, and I'm smart enough to understand that "corporate budgets and
> politics" do not define what is acceptable within th
> Joe,
>
> I'll respond to you and this will be my last reply to this thread because
> I know I won't be able to change your mind.
Yes, it's clear *you* won't be able to.
> Saying a company's business
> decisions are antisocial just because they aren't doing you want is very
> unhelpful.
Well,
Ross wrote:
We can all improve in our operations, public shaming
for not dropping ones other duties to hand over information that you
aren't privileged to is a bit sad.
No one asked anyone to "hand over information that they weren't
privileged to". Trying to publicly shame someone for asking
Vladis,
I'm not going to argue with you on a socio economic opinion that companies
who have stock holders are evil because they don't spend their funds where
they want you to and promote anti-social behavior by doing so. If you
think society's biggest problem is to stop port scanning then I hope y
On Sat, 14 Mar 2009 00:56:24 CDT, Ross said:
> I know I won't be able to change your mind. Saying a company's business
> decisions are antisocial just because they aren't doing you want is very
> unhelpful. I don't know how many large ISPs you have worked for but I'm
> not sure if you understand co
Joe,
I'll respond to you and this will be my last reply to this thread because
I know I won't be able to change your mind. Saying a company's business
decisions are antisocial just because they aren't doing you want is very
unhelpful. I don't know how many large ISPs you have worked for but I'm
no
On Fri, Mar 13, 2009 at 2:15 PM, wrote:
> After all, you didn't *really* care that the IP was assigned to
> a computer belonging to Herman Munster, 1313 Mockingbird Lane. What you
> actually *wanted* was for somebody (preferably Covad) to hand Herman a clue.
Yeah. I miss the days that you cou
Um Aren't dsl addresses handed out over ipcp? So perhaps a bit more static
then dhcp?
Sent via BlackBerry from T-Mobile
-Original Message-
From: Bobby Mac
Date: Fri, 13 Mar 2009 13:57:56
To:
Subject: Re: Dynamic IP log retention = 0?
Just wondering but the knowledge I ha
On Fri, 13 Mar 2009 13:57:56 CDT, Bobby Mac said:
> That said, unless Covad is constantly exhausting it's pool or they mandate
> that after the lease expires to give a different IP a reverse lookup would
> give you the hostname of the offender which should remain accurate for some
> amount of tim
Just wondering but the knowledge I have of DHCP is that an IP address is
assigned to the same computer (or host) and will continue to do so until the
pool of IP's is exhausted. Once that occurs, a new request is parsed by
the DHCP server and the oldest non-renewed lease address is checked to see
> On Thu, Mar 12, 2009 at 8:52 PM, Joe Greco wrote:
> > > Well most port scanning is from compromised boxes. Once a
> > > box is compromised it can be used for *any* sort of attack.
> > > If you really care about security you take reports of ports
> > > scans seriously.
>
On Thu, Mar 12, 2009 at 8:52 PM, Joe Greco wrote:
> > Well most port scanning is from compromised boxes. Once a
> > box is compromised it can be used for *any* sort of attack.
> > If you really care about security you take reports of ports
> > scans seriously.
>
> Yeahbut
N. Yaakov Ziskind wrote:
Not to disagree with any of your points, but the OP (which you quoted!)
was talking about Covad, while you're bashing Comcast.
Oops, my bad. Well, and Covad's bad too. :-)
jc
> Well most port scanning is from compromised boxes. Once a
> box is compromised it can be used for *any* sort of attack.
> If you really care about security you take reports of ports
> scans seriously.
Yeahbut, the real problem is that port scanning is typically used as
p
In message , "Ross"
writ
es:
> Whether Covad chooses to enforce their AUP against port scanning is a
> business decision up to them. Again, why worry about things out of your
> control, especially when we are talking about port scanning. I would think
> people have more pressing issues, guess not
> Not to disagree with any of your points, but the OP (which you quoted!)
> was talking about Covad, while you're bashing Comcast.
Any sufficiently advanced NANOG conversation is indistinguishable from
Comcast-bashing.
Rob
(Not agreeing, just observing.)
> Whether Covad chooses to enforce their AUP against port scanning is a
> business decision up to them.
Yes, it's all a business decision. That kind of antisocial thinking is
the sort of thing that has allowed all manner of bad guys to remain
attached to the Internet.
> Again, why worry about t
Whether Covad chooses to enforce their AUP against port scanning is a
business decision up to them. Again, why worry about things out of your
control, especially when we are talking about port scanning. I would think
people have more pressing issues, guess not.
--
Ross
ross [at] dillio.net
>
> I
In message <20090312120816.b...@egps.egps.com>, "N. Yaakov Ziskind" writes:
> JC Dill wrote (on Thu, Mar 12, 2009 at 09:02:25AM -0700):
> > Ross wrote:
> >
> > There seems to be a big misconception that he asked them to "hand over"
> > the info. As I read the OP, he asked Comcast to do somethin
J. Oquendo wrote:
On Thu, 12 Mar 2009, Glen Turner wrote:
William Allen Simpson wrote:
A telecommunications carrier releasing a customer's details without their
permission, to a non-investigatory third party, without a court order.
Hmmm. It's certainly illegal here in Australia. And last I che
On Thu, 12 Mar 2009, Glen Turner wrote:
> William Allen Simpson wrote:
>
> A telecommunications carrier releasing a customer's details without their
> permission, to a non-investigatory third party, without a court order.
> Hmmm. It's certainly illegal here in Australia. And last I checked wasn't
valdis.kletni...@vt.edu wrote:
You *do* realize that "has a public address" does not actually mean that
the machine is reachable from random addresses, right? There *are* these
nice utilities called iptables and ipf - even Windows and Macs can be configured
to say "bugger off" to unwanted traff
On Wed, 11 Mar 2009 07:53:01 -0800, Marcus Reid said:
> A quick scan of the reverse mapping for your address space in DNS reveals
> that you have basically your entire network on public addresses. No wonder
> you're worried about portscans when the printer down the hall and the
> receptionists ma
JC Dill wrote (on Thu, Mar 12, 2009 at 09:02:25AM -0700):
> Ross wrote:
>
> There seems to be a big misconception that he asked them to "hand over"
> the info. As I read the OP, he asked Comcast to do something about it
> and Comcast said "we can't do anything about it because we don't have
>
Ross wrote:
I'll try to answer you in a more common sense approach as some have tried
to do. First of all no network operator has to hand over their logs or
user information over to you just because you want to know.
There seems to be a big misconception that he asked them to "hand over"
the i
On Mar 12, 2009, at 12:25 AM, Ross wrote:
How did a simple thread about network scanning get so derailedwe
have
people talking about the legal implications of port scanning, hiring
lawyers to go after ISPs, talking to the fbi, the benefits/downfalls
of
NAT as a security policy, etc. Wow
How did a simple thread about network scanning get so derailedwe have
people talking about the legal implications of port scanning, hiring
lawyers to go after ISPs, talking to the fbi, the benefits/downfalls of
NAT as a security policy, etc. Wow just wow.
I'll try to answer you in a more commo
On Wed, Mar 11, 2009 at 6:27 PM, Peter Beckman wrote:
> On Wed, 11 Mar 2009, Joe Greco wrote:
>
>> In our neighbourhood, we don't have a high crime rate. Despite that,
>> if we saw someone walking from house to house, trying doorknobs, we'd
>> call the cops. The fact that everyone has locks on t
> On Wed, 11 Mar 2009, Joe Greco wrote:
> > In our neighbourhood, we don't have a high crime rate. Despite that,
> > if we saw someone walking from house to house, trying doorknobs, we'd
> > call the cops. The fact that everyone has locks on their doors does
> > not make it all right for someone
On Wed, 11 Mar 2009, Joe Greco wrote:
In our neighbourhood, we don't have a high crime rate. Despite that,
if we saw someone walking from house to house, trying doorknobs, we'd
call the cops. The fact that everyone has locks on their doors does
not make it all right for someone to go around fr
Joe Greco wrote:
A quick scan of the reverse mapping for your address space in DNS reveals
that you have basically your entire network on public addresses. No wonder
you're worried about portscans when the printer down the hall and the
receptionists machine are sitting on public addresses. I th
> A quick scan of the reverse mapping for your address space in DNS reveals
> that you have basically your entire network on public addresses. No wonder
> you're worried about portscans when the printer down the hall and the
> receptionists machine are sitting on public addresses. I think you are
William Allen Simpson wrote:
Port scanning is rather common, and shouldn't be considered "attacking" --
unless it's taking a significant amount of bandwidth.
Attempting to gain unauthorised access to a computing system is a crime in
most countries. Port scanning is a tool used to gain unauthor
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeremy L. Gaddis wrote:
> RFC 3514? :-)
Ah, but if it was just that easy...
The choice of "evil" for a table name was not random, of course! I do
appreciate that the pf syntax makes for such entertaining configuration
snippets. I have yet to pen a f
On Wed, Mar 11, 2009 at 12:57 PM, Alec Berry wrote:
> block in log quick from to any label "evil"
RFC 3514? :-)
--
Jeremy L. Gaddis
http://evilrouters.net/
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jon Lewis wrote:
> If port scans really bother you, then you should setup a system to detect
> them, and regularly rebuild ACLs/null route lists/etc. to stop them in
> near real time. AFAIK, Cisco sells such a product, as do other network
> vendor
On Wed, 11 Mar 2009, Marcus Reid wrote:
MR> A quick scan of the reverse mapping for your address space in DNS reveals
MR> that you have basically your entire network on public addresses. No wonder
MR> you're worried about portscans when the printer down the hall and the
MR> receptionists machine
On 11 Mar 2009, at 11:53, Marcus Reid wrote:
A quick scan of the reverse mapping for your address space in DNS
reveals
that you have basically your entire network on public addresses.
It's indeed nice to see people deploying networks the way there were
supposed to be built, for once.
Ni
Hope you did that scan from covad. Lol. *ducks*
Sent via BlackBerry from T-Mobile
On Wed, Mar 11, 2009 at 10:55:43AM -0400, Brett Charbeneau wrote:
> On Wed, 11 Mar 2009, William Allen Simpson wrote:
>
> WAS> While I applaud your taking security seriously, and your active
> monitoring
> WAS> of your resources, other folks might be handling huge numbers of
> Conficker,
> WAS>
On Wed, 11 Mar 2009 12:42:40 -0300
Rubens Kuhl wrote:
> Covad telling you they don't keep logs is different from them not
> really having the logs... but, if they really don't keep logs, they
> are posing a risk that FBI or DHS might not be happy with. The feds
> will probably be more persuasive
Covad telling you they don't keep logs is different from them not
really having the logs... but, if they really don't keep logs, they
are posing a risk that FBI or DHS might not be happy with. The feds
will probably be more persuasive than you, so maybe hinting them about
this situation may change
On Wed, 11 Mar 2009 10:28:33 -0400
Joe Abley wrote:
>
> On 11-Mar-2009, at 10:03, Jon Lewis wrote:
>
> > but what's the point in getting lawyers involved?
>
> It might convince some pointy-haired person at covad to review the
> policies and procedures on the abuse desk, maybe.
>
> > Whateve
On Wed, 11 Mar 2009, William Allen Simpson wrote:
WAS> While I applaud your taking security seriously, and your active monitoring
WAS> of your resources, other folks might be handling huge numbers of Conficker,
WAS> Mebroot, and Torpig infections these days. So, they might be rather busy.
Brett Charbeneau wrote:
I've been nudging an operator at Covad about a handful of hosts from
his DHCP pool that have been attacking - relentlessly port scanning -
our assets.
Port scanning is rather common, and shouldn't be considered "attacking" --
unless it's taking a significant amount
On 11-Mar-2009, at 10:03, Jon Lewis wrote:
but what's the point in getting lawyers involved?
It might convince some pointy-haired person at covad to review the
policies and procedures on the abuse desk, maybe.
Whatever access isn't supposed to be open should be filtered.
If you can dem
On Wed, 11 Mar 2009, Darden, Patrick S. wrote:
I think your next step is your lawyer. Put all your missives, your
email, your phone conversations, your logs, your auditing results, your
detection troubleshooting and sleuthing trails etc. in a folder, create
a one page summary including any dama
I think your next step is your lawyer. Put all your missives, your
email, your phone conversations, your logs, your auditing results, your
detection troubleshooting and sleuthing trails etc. in a folder, create
a one page summary including any damages you feel might have been caused
(e.g. time, e
59 matches
Mail list logo
