ICANN opens up Pandora's Box of new TLDs
Warren Kumari
warren at kumari.net
Mon Jun 30 17:22:04 UTC 2008
On Jun 30, 2008, at 12:54 PM, Valdis.Kletnieks at vt.edu wrote:
> On Sun, 29 Jun 2008 17:55:53 EDT, "Tuc at T-B-O-H.NET" said:
>
>> 220 Sending HELO/EHLO constitutes acceptance of this agreement
>
> Even in a UCITA state that has onerous rules regarding shrink-
> wrapped EULA
> terms, I think you'd have a very hard time getting a court to
> enforce an
> alleged contract based on this. And it's different from the usual
> suggestion
> to put "all activity may be monitored" in your telnet/ssh login
> banners, because
> there's an expectation that the human will look at a login banner
> when they
> login, but there's no expectation that an SMTP server will look at
> the 220
> banner any further than checking the first digit is a '2' (go read
> the section
> on SMTP reply codes in RFC2821).
>
> Feel free to cite any relevant case law (in fact, even the case law on
> login banners read by humans is a tad skimpy - in most cases, it
> does nothing
> for intruders, but it protects you from your own users complaining
> their
> privacy was violated)...
I have found the biggest advantage of banners to be the fact that you
learn to recognize your own devices *before* typing your password...
It you *always* have a banner on *all* of your devices, you quickly
learn to expect them...
For example:
ssh router1.example.net
**************************************************************
* This device belongs to example.net. Don't login if you
* are not supposed to be here... Blah blah blah.
* <><><><><><><><><><><><><><><><><><><><><>
*************************************************************
wkumari at router1.example.net's password:
versus:
ssh router1.exsmple.net
wkumari at router1.exsmple.net's password:
Having a cute, customized banner (not the default from the standard
security templates) helps with this...
W
--
If the bad guys have copies of your MD5 passwords, then you have way
bigger problems than the bad guys having copies of your MD5 passwords.
-- Richard A Steenbergen
More information about the NANOG
mailing list