ICANN opens up Pandora's Box of new TLDs

Warren Kumari warren at kumari.net
Mon Jun 30 12:22:04 CDT 2008


On Jun 30, 2008, at 12:54 PM, Valdis.Kletnieks at vt.edu wrote:

> On Sun, 29 Jun 2008 17:55:53 EDT, "Tuc at T-B-O-H.NET" said:
>
>> 220 Sending HELO/EHLO constitutes acceptance of this agreement
>
> Even in a UCITA state that has onerous rules regarding shrink- 
> wrapped EULA
> terms, I think you'd have a very hard time getting a court to  
> enforce an
> alleged contract based on this.  And it's different from the usual  
> suggestion
> to put "all activity may be monitored" in your telnet/ssh login  
> banners, because
> there's an expectation that the human will look at a login banner  
> when they
> login, but there's no expectation that an SMTP server will look at  
> the 220
> banner any further than checking the first digit is a '2' (go read  
> the section
> on SMTP reply codes in RFC2821).
>
> Feel free to cite any relevant case law (in fact, even the case law on
> login banners read by humans is a tad skimpy - in most cases, it  
> does nothing
> for intruders, but it protects you from your own users complaining  
> their
> privacy was violated)...


I have found the biggest advantage of banners to be the fact that you  
learn to recognize your own devices *before* typing your password...

It you *always* have a banner on *all* of your devices, you quickly  
learn to expect them...

For example:
ssh router1.example.net
**************************************************************
* This device belongs to example.net. Don't login if you
* are not supposed to be here... Blah blah blah.
* <><><><><><><><><><><><><><><><><><><><><>
*************************************************************
wkumari at router1.example.net's password:

versus:
ssh router1.exsmple.net
wkumari at router1.exsmple.net's password:


Having a cute, customized banner (not the default from the standard  
security templates) helps with this...

W

--
If the bad guys have copies of your MD5 passwords, then you have way  
bigger problems than the bad guys having copies of your MD5 passwords.
-- Richard A Steenbergen






More information about the NANOG mailing list