ICANN opens up Pandora's Box of new TLDs

Warren Kumari warren at kumari.net
Mon Jun 30 12:22:04 CDT 2008

On Jun 30, 2008, at 12:54 PM, Valdis.Kletnieks at vt.edu wrote:

> On Sun, 29 Jun 2008 17:55:53 EDT, "Tuc at T-B-O-H.NET" said:
>> 220 Sending HELO/EHLO constitutes acceptance of this agreement
> Even in a UCITA state that has onerous rules regarding shrink- 
> wrapped EULA
> terms, I think you'd have a very hard time getting a court to  
> enforce an
> alleged contract based on this.  And it's different from the usual  
> suggestion
> to put "all activity may be monitored" in your telnet/ssh login  
> banners, because
> there's an expectation that the human will look at a login banner  
> when they
> login, but there's no expectation that an SMTP server will look at  
> the 220
> banner any further than checking the first digit is a '2' (go read  
> the section
> on SMTP reply codes in RFC2821).
> Feel free to cite any relevant case law (in fact, even the case law on
> login banners read by humans is a tad skimpy - in most cases, it  
> does nothing
> for intruders, but it protects you from your own users complaining  
> their
> privacy was violated)...

I have found the biggest advantage of banners to be the fact that you  
learn to recognize your own devices *before* typing your password...

It you *always* have a banner on *all* of your devices, you quickly  
learn to expect them...

For example:
ssh router1.example.net
* This device belongs to example.net. Don't login if you
* are not supposed to be here... Blah blah blah.
* <><><><><><><><><><><><><><><><><><><><><>
wkumari at router1.example.net's password:

ssh router1.exsmple.net
wkumari at router1.exsmple.net's password:

Having a cute, customized banner (not the default from the standard  
security templates) helps with this...


If the bad guys have copies of your MD5 passwords, then you have way  
bigger problems than the bad guys having copies of your MD5 passwords.
-- Richard A Steenbergen

More information about the NANOG mailing list