mailing list archives
From: Karyn Ulriksen <kulriksen () publichost com>
Date: Tue, 24 Oct 2000 09:23:48 -0700
You're kidding, right?
From: bmanning () vacation karoshi com
[mailto:bmanning () vacation karoshi com]
Sent: Tuesday, October 24, 2000 7:23 AM
To: tme () 21rst-century com
Cc: nanog () nanog org
Subject: Re: whois
Yow! A chance to play devils advocate... Cool :)
If you told me a dialup user on my network did anything, I'd doubt
your veracity. How do you know I have dialup services in my network?
The accuracy of your clock and the recorded IP address
are suspect since I have zero visability into your network structure
or administrative practice... and you don't have that visability into
mine. Your clock is hacked and you are forging IP addresses
in an attempt
to distract me from providing services. Tell me why this is
not a simple
case of harassment? Full and public disclosure of the attack
help build your credibility. And yes, if I have no business
to you and I've never had a relationship with you and you are making
assertions about my infrastructure and clients, I will prolly want
some incentive to cover the costs of investigating your outragous
Are you really saying that if I tell you that a dial-up
user on your network
hacked into my system at some precise time, from a precise
(so that you could probably tell easily which user did it),
and did so
in a fashion
which suggested an automated "script kiddie" effort, I should only
expect a response from you if I PAY for it ?!?
This seems pretty close to the "protection" money that I
hear people with
POP's in Moscow have to pay :)
(BTW, I said nothing about timeliness
or 24x7 availability - a note a week or two later would
The key to an anti-hacker ISP association would be
a very special ip address / contact person lookup database.
ie: who/how to contact for the 'SWAT' response for a
When we have had attacks such as root exploits, we have
source (at least,
the ISP hosting the immediate source) as to the date,
time, IP address, etc.
(In one case, the attack appeared to come from a
dial-up address in Germany,
so I thought we had them.) We have NEVER received a
conversations at meetings, etc., I understand that this
is typical - almost
universal - and that it would be naive to expect other
ISPs to actually
about being a source for attacks.
Maybe a start would be to a BCP for some level of
minimal response if
an attack, and a "web site of shame" listing those
domains that source
attacks and do nothing about it when notified.
Multicast Technologies, Inc.
10301 Democracy Lane, Suite 201
Fairfax, Virginia 22030
Phone : 703-293-9624 Fax : 703-293-9609
e-mail : tme () on-the-i com http://www.on-the-i.com
- RE: whois Karyn Ulriksen (Oct 24)