>>>>> "ds" == Dmitri Smirnov <Dmitri.Smirnovat_private> writes: ds> for last 200 reports we've got 3(!) replies back with confirmation ds> of investigation or with requests for additional log files. I ds> have a feeling that ISPs just ignore alerts/reports until you have ds> a legal/criminal case against them. This is why I'm using ARIS to ds> report (hope it help everybody/someone to see a global picture) ds> and hope one day federal government will such global DB to ds> prosecute attackers/ISPs. We have a similar response rate for our complaints. But we still complain to offenders. You've gotta realize that being an ISP is a buisiness, not a public service. Read some peering agreements. Read the AUP of your ISP, and of the ISPs that you complain to. THey're carefully worded. The services you want are possible. We have the technology for them. But they don't scale well, and they aren't cheap. If you insist, and enough people like you do so as well, then this will change. The federal government will pass legislation requiring ISPs to perform these services, and ISPs will comply. Your Internet costs will quadruple. Or have you not noticed Global Crossing, PSINet, XO Communications, etc? It ain't a money making business anymore, and any expenses forced onto us will be passed directly on to you. A much simpler, cheaper, more cost effective solution is to just be a good Internet citizen. Antispoof at the edges, keep your ARIN contacts up to date, respond to complaints. You get what you pay for and you (collectively) want cheap bandwidth. ericb ds> -----Original Message----- ds> From: Security Coordinator [mailto:securityat_private] ds> Sent: Tuesday, February 19, 2002 6:51 AM ds> To: Peter Johnson; incidentsat_private ds> Subject: Re: SNMP Scans 02/17/02 ds> On Sunday 17 February 2002 23:23, Peter Johnson wrote: >> >> Do you think we should be reporting snmp scans to ISPs >> or just a waste of time? ds> Well, one way or another ISPs need to be fingered. I don't see other people ds> in the security community saying much, so maybe its time someone started. ds> ISPs ARE RESPONSIBLE for a lot of the security problems on the net today. How ds> could someone do SNMP scans of a network unless ISPs let them get away with ds> it? Actually this is a bad example, there is legitimate SNMP traffic and it ds> would be hard for them to know, but then why is it we see so many spoofed ds> packets around? There should be ZERO of them on the net. Every router knows ds> what addresses to expect to be inside vs outside. ds> I won't belabour the point, but YES, you should not just report it to the ds> ISP, you should let everyone know where attacks come from. What we REALLY ds> need is a database and system good enough to understand the topology of the ds> net and processes attack reports in a sophisticated enough way that we can ds> say things like "if this router was filtering like thus, this would be ds> impossible" and if an ISP won't configure their equipment properly, then they ds> can be held liable. >> ================================================================== >> >> Peter ds> ---------------------------------------------------------------------------- ds> This list is provided by the SecurityFocus ARIS analyzer service. ds> For more information on this free incident handling, management ds> and tracking system please see: http://aris.securityfocus.com ds> ---------------------------------------------------------------------------- ds> This list is provided by the SecurityFocus ARIS analyzer service. ds> For more information on this free incident handling, management ds> and tracking system please see: http://aris.securityfocus.com -- Eric Brandwine | The editor of the beast - vi vi vi UUNetwork Security | ericbat_private | +1 703 886 6038 | - Usenet Key fingerprint = 3A39 2C2F D5A0 FC7C 5F60 4118 A84A BD5D 59D7 4E3E ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Sun Feb 24 2002 - 21:57:49 PST