Martin Hannigan

Martin Hannigan hannigan at world.std.com
Wed Jan 25 20:49:12 UTC 2006


> 
> Serious answers: (much like your 'serious questions'):
> 
> > If I don't see SANS running around with their capes off, I don't
> 
> http://isc.sans.org/blackworm
> Further, our reports lead to a SANS ISC temporary URL's for each AS.

The last time SANS felt something was so serious they needed all
of NANOG to dance, they came out and said so. That's their handlers
diary. I read it. A lot of people read it. It's well balanced and 
usually on target. Just like that. It's not alarmist. It seems 
fairly certain that as long as Symantec et. al. do their thing, we
will be able to watch the superbowl in peace.

> I don't work for IL-CERT (which is actually the GOV cert, not IL-CERT), 
> except in an advisory capacity volunteer-base now. I.e., I am a civilian 
> now.

Congratulations.

> 
> > off our football, and get ready for "worms". I'd hope to see US-CERT
> > continue making progress and telling North Americans when to worry.
> 
> US-CERT is kept in the loop every step of the way, as is the FBI, Secret 
> Service and a lot of others who contribute from their time and effort. 
> We can all criticize others, it's easy. How about you start pulling your 
> own weight instead of causing havoc non-stop?

I'm glad to hear that, as many times as you state it. Thank you.

Trust isn't havoc. Your loose cannon response is an excellent
reason why we should be skeptical. My point was around trust and who
we should and shouldn't. There are a lot of characters out there doing
things that are helpful, but that doesn't mean we should trust them.
I don't think that North American Network operators should trust you
and my reason why is that I had at one point asked you to disclose how
you were collecting information you wanted me to rely on and you 
refused. My dis-trust is not personal. There are now other reasons
that I'd prefer to not have to disclose here as it does nothing to
further the conversation.

As far as my contribution goes, I'm making it. I read, observe, discuss,
and comment. I'm sorry if you feel particularly targeted or flamed. It
is not intentional. What would you like me to do to make it better
for you? A good example of the interaction I describe is when you
were first posting the bot reports and there was discussion. They
changed and they were quite ok and I believe I commented to the same.

Perhaps my typing style is irritating? I apologize.

As far as general security goes, I do not trust DA, NSP-SEC, or
many others as the final authoritative source on anything. There
are some people I trust more than others, Thomas, Bellovin, Bush, etc., and
then there are the people I can't trust i.e. the IRC'ers, etc.

> Is this some sort of VeriSign plot or did you come up with it all on 
> your own?

I think I'll watch "White Noise" on the DVD now.

Admins: Clearly, a personal attack and I'd like the AUP enforced
please.

-M<





More information about the NANOG mailing list