Aha, for last 200 reports we've got 3(!) replies back with confirmation of investigation or with requests for additional log files. I have a feeling that ISPs just ignore alerts/reports until you have a legal/criminal case against them. This is why I'm using ARIS to report (hope it help everybody/someone to see a global picture) and hope one day federal government will such global DB to prosecute attackers/ISPs. Dmitri. -----Original Message----- From: Security Coordinator [mailto:securityat_private] Sent: Tuesday, February 19, 2002 6:51 AM To: Peter Johnson; incidentsat_private Subject: Re: SNMP Scans 02/17/02 On Sunday 17 February 2002 23:23, Peter Johnson wrote: > > Do you think we should be reporting snmp scans to ISPs > or just a waste of time? Well, one way or another ISPs need to be fingered. I don't see other people in the security community saying much, so maybe its time someone started. ISPs ARE RESPONSIBLE for a lot of the security problems on the net today. How could someone do SNMP scans of a network unless ISPs let them get away with it? Actually this is a bad example, there is legitimate SNMP traffic and it would be hard for them to know, but then why is it we see so many spoofed packets around? There should be ZERO of them on the net. Every router knows what addresses to expect to be inside vs outside. I won't belabour the point, but YES, you should not just report it to the ISP, you should let everyone know where attacks come from. What we REALLY need is a database and system good enough to understand the topology of the net and processes attack reports in a sophisticated enough way that we can say things like "if this router was filtering like thus, this would be impossible" and if an ISP won't configure their equipment properly, then they can be held liable. > ================================================================== > > Peter ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sat Feb 23 2002 - 04:52:56 PST