Home page logo
/

nanog logo nanog mailing list archives

Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their own backbone?)
From: Sean Donelan <sean () donelan com>
Date: Fri, 29 Aug 2003 11:58:07 -0400 (EDT)


On Fri, 29 Aug 2003, Christopher L. Morrow wrote:
That was a ccourt order, not much any US based corporation can do about
that, eh? Oh, yeah, and it didn't help stop any child pornographers, all
it did was hide their tracks from the authorities :(

I suspect most ISPs in the US will follow lawful orders issued by
authorities with jurisdiction.  Some may try to also point out how
stupid or ineffective those orders are.

In the last month there have been several worms, viruses and activites
by law enforcement and other authorities related to those.  I think some
folks are confusing the various different requests, orders, subpoenaes,
etc.

NIPC/DHS issued an advisory about the RPC/DCOM vulnerability and worm
including suggested mitigation steps including filtering certain ports.
This was a suggestion.  Some ISPs followed the advice, some ISPs in
particular some cable modem providers have blocked NETBIOS ports for
a long time.

For the Sobig.F virus the FBI subpoened at least one ISP for records,
which the ISP turned over.  Other AHJ's tried to coordinate the shutdown
of the 20 or so IP addresses used by the Sobig.F "controller" which was
supposed to issue directions last Friday.  F-Secure also issued a press
release about their cooperating with the FBI to shutdown those systems
just in the "nick of time."  Some ISPs cooperated with the AHJ's to
shutdown access to those 20 IP addresses.  Since most of the 20 IP
addresses were on cable and dsl providers, the AHJs may have only
contacted those providers for assistance.

I have no idea if UUNET cooperated with the FBI, NICP, DHS or other AHJ
concerning any of the worms or viruses over the last month.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]