On 02/10/12 12:21, Jeff Moore wrote:
First - Thank you all for responding to my question. It has made it
clear that what we were seeing was not crazy but that you all have been
seeing similar things. Thanks everyone!!
Second - Michael Sinatra - I am assuming you must have read this on a
bad day. I am sorry for any problems you are having. From what I have
read from folks on this thread I assume that folks are quite intelligent
and that none of them assume that the internet is still classful. It is
simply a way that they communicate. Perhaps it is my mistake for how I
phrased the question. My apologies if that was the case.
I wasn't reading it on a bad day, but I have had many many bad days caused
by very good and talented security professionals assuming that netblocks
were divided on octet boundaries. That being said, let me state in as
friendly and constructive way as can be inferred in email: It is much
better to be as precise as possible when discussing issues regarding
malicious activities. I don't feel that "91.x.x.x" is very precise for the
same reasons Marty outlined. It may be a useful shortcut for some, but
just as I should be cognizant of how others will interpret my
admittedly-too-emphatic message, so should everyone here. It is very easy
to misinterpret what was being said on this thread with respect to the
exact netblocks and providers that are at issue and that is of concern to
me.
I think that
these intelligent professionals also have the courtesy not to yell and
not to try to make others looks or feel bad. In your case it looks as
though my assumptions were incorrect.
The use of capitalization was intended for emphasis and not to make others
look or feel bad, and it was definitely not to simulate yelling--I
apologize for that; I should have used a different mechanism for emphasis.
You'll notice that I didn't respond directly to anyone (including you) in
this thread, but instead wanted to make an emphatic reminder to the whole
community to be careful and precise when you communicate regarding
netblocks. I did paraphrase my own misinterpretation of your text, which
is unfortunate. Sorry about that.
I am not a member of this group to
get into arguments over semantics with folks that have no respect for
their peers. If you read my message and the other kind folks that
replied you would see that we did not say we got scanned by every host
in these ranges. Please take the time to read the messages that you are
responding to. I think folks here understand the consequences of
blocking entire ranges. Its their job.
You're correct on that one. I did misread your message. I now see that
you were saying that all of the traffic you have seen in 91.0.0.0/8 has
been bad. I sincerely apologize for that. Given that, it would be useful
to have more information as to exactly which providers in that block seem
to be especially problematic, or which IP addresses (or classless ranges)
appear to be the biggest problem. I don't think the legitimate users and
providers who happen to be assigned parts of 91.0.0.0/8 appreciate being
painted with a broad brush.
Realizing that people in this community don't like being painted with a
broad brush, I will also take your criticism to heart.
cheers,
michael
