How did a simple thread about network scanning get so derailedwe have
people talking about the legal implications of port scanning, hiring
lawyers to go after ISPs, talking to the fbi, the benefits/downfalls of
NAT as a security policy, etc. Wow just wow.
I'll try to answer you in a more
On Mar 12, 2009, at 12:25 AM, Ross wrote:
How did a simple thread about network scanning get so derailedwe
have
people talking about the legal implications of port scanning, hiring
lawyers to go after ISPs, talking to the fbi, the benefits/downfalls
of
NAT as a security policy, etc.
Tim Utschig wrote:
[Please reply off-list. I'll summarize back to the list if there
is more than a little interest in me doing so.]
Please do. There are many rural ISPs and WISPs that might benefit from a
decent look at these products, or any open source clones that might be
available to
JC Dill wrote (on Thu, Mar 12, 2009 at 09:02:25AM -0700):
Ross wrote:
There seems to be a big misconception that he asked them to hand over
the info. As I read the OP, he asked Comcast to do something about it
and Comcast said we can't do anything about it because we don't have
logs.
On Wed, 11 Mar 2009 07:53:01 -0800, Marcus Reid said:
A quick scan of the reverse mapping for your address space in DNS reveals
that you have basically your entire network on public addresses. No wonder
you're worried about portscans when the printer down the hall and the
receptionists
valdis.kletni...@vt.edu wrote:
You *do* realize that has a public address does not actually mean that
the machine is reachable from random addresses, right? There *are* these
nice utilities called iptables and ipf - even Windows and Macs can be configured
to say bugger off to unwanted traffic.
On Thu, 12 Mar 2009, Glen Turner wrote:
William Allen Simpson wrote:
A telecommunications carrier releasing a customer's details without their
permission, to a non-investigatory third party, without a court order.
Hmmm. It's certainly illegal here in Australia. And last I checked wasn't
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
The IANA AS Numbers registry has been updated to reflect the allocation of
four blocks of AS Numbers recently.
49152-50175Assigned by RIPE NCC whois.ripe.net 2009-03-06
50176-51199Assigned by RIPE NCC whois.ripe.net
Can a person in charge contact me off list
mail:~ $ whois -h whois.arin.net 131.107.65.41
OrgName:Microsoft Corp
OrgID: MSFT
Address:One Microsoft Way
City: Redmond
StateProv: WA
PostalCode: 98052
Country:US
NetRange: 131.107.0.0 - 131.107.255.255
CIDR:
Sorry I am getting dos attacked from below and it would be nice if microsoft
working abuse ph# or noc# or a name ?
Thomas P Galla
t...@bluegrass.net
BluegrassNet
Voice (502) 589.INET [4638]
Fax 502-315-0581
321 East Breckinridge St
Louisville KY 40203
-Original Message-
From: Thomas
You are getting dossed from a Microsoft network range? Really? Perhaps
they got bit by a worm targeting windows systems? :)
Thomas P. Galla wrote:
Sorry I am getting dos attacked from below and it would be nice if microsoft
working abuse ph# or noc# or a name ?
Thomas P Galla
More likely spoofed sources.
Good luck.
-Original Message-
From: ext Charles Wyble [mailto:char...@thewybles.com]
Sent: Thursday, March 12, 2009 12:40 PM
To: Thomas P. Galla
Cc: nanog@nanog.org
Subject: Re: microsoft please contact me off list
You are getting dossed from a Microsoft
He's gonna need it!
On Thu, Mar 12, 2009 at 12:54 PM, chris.ra...@nokia.com wrote:
More likely spoofed sources.
Good luck.
-Original Message-
From: ext Charles Wyble [mailto:char...@thewybles.com]
Sent: Thursday, March 12, 2009 12:40 PM
To: Thomas P. Galla
Cc: nanog@nanog.org
J. Oquendo wrote:
On Thu, 12 Mar 2009, Glen Turner wrote:
William Allen Simpson wrote:
A telecommunications carrier releasing a customer's details without their
permission, to a non-investigatory third party, without a court order.
Hmmm. It's certainly illegal here in Australia. And last I
Yes I agree. I forgot to do the *raises an incredulous eyebrow* bit. :)
By the way try calling that number and reaching an operator then
asking for the NOC.
chris.ra...@nokia.com wrote:
More likely spoofed sources.
Good luck.
On Thu, 12 Mar 2009 12:40:06 PDT, Charles Wyble said:
You are getting dossed from a Microsoft network range? Really? Perhaps
they got bit by a worm targeting windows systems? :)
You mean like this?
http://www.theregister.co.uk/2001/07/20/code_red_bug_hits_microsoft/
(To be fair, screw-ups
In our case we didn't bother with where it was coming from - our router
guy figured out where it was going to - and had that IP shut down a
couple levels away from us.
Thomas P. Galla wrote:
Sorry I am getting dos attacked from below and it would be nice if microsoft
working abuse ph# or
In message 20090312120816.b...@egps.egps.com, N. Yaakov Ziskind writes:
JC Dill wrote (on Thu, Mar 12, 2009 at 09:02:25AM -0700):
Ross wrote:
There seems to be a big misconception that he asked them to hand over
the info. As I read the OP, he asked Comcast to do something about it
Here is what I got back OBTW thanx
Thomas
=
Sent: Thursday, March 12, 2009 4:22 PM
To: Thomas P. Galla
Subject: FW: microsoft please contact me off list
Importance: High
Thomas,
I work in the research group managing the network range that you are reporting.
What were the traffic characteristics that lead you to believe you were
under a DDOS attack?
Thomas P. Galla wrote:
Here is what I got back OBTW thanx
Thomas
=
Sent: Thursday, March 12, 2009 4:22 PM
To: Thomas P. Galla
Subject: FW: microsoft please contact
Whether Covad chooses to enforce their AUP against port scanning is a
business decision up to them. Again, why worry about things out of your
control, especially when we are talking about port scanning. I would think
people have more pressing issues, guess not.
--
Ross
ross [at] dillio.net
In
Whether Covad chooses to enforce their AUP against port scanning is a
business decision up to them.
Yes, it's all a business decision. That kind of antisocial thinking is
the sort of thing that has allowed all manner of bad guys to remain
attached to the Internet.
Again, why worry about
Not to disagree with any of your points, but the OP (which you quoted!)
was talking about Covad, while you're bashing Comcast.
Any sufficiently advanced NANOG conversation is indistinguishable from
Comcast-bashing.
Rob
(Not agreeing, just observing.)
In message c229aa5b01749718e25f61ae579659a3.squir...@www.dillio.net, Ross
writ
es:
Whether Covad chooses to enforce their AUP against port scanning is a
business decision up to them. Again, why worry about things out of your
control, especially when we are talking about port scanning. I would
Well most port scanning is from compromised boxes. Once a
box is compromised it can be used for *any* sort of attack.
If you really care about security you take reports of ports
scans seriously.
Yeahbut, the real problem is that port scanning is typically used as
part
N. Yaakov Ziskind wrote:
Not to disagree with any of your points, but the OP (which you quoted!)
was talking about Covad, while you're bashing Comcast.
Oops, my bad. Well, and Covad's bad too. :-)
jc
On Thu, Mar 12, 2009 at 8:52 PM, Joe Greco jgr...@ns.sol.net wrote:
Well most port scanning is from compromised boxes. Once a
box is compromised it can be used for *any* sort of attack.
If you really care about security you take reports of ports
scans seriously.
In answer to a question below about experience with similar products...
Cisco IOS has the dynamic routing injection feature as part of recent
IOS versions.
The feature is now called Performance Routing (PfR) formerly known as
OER (Optimized Edge Routing) and as of 12.4(24)T, it can optimize
28 matches
Mail list logo