Dynamic IP log retention = 0?

J. Oquendo sil at infiltrated.net
Thu Mar 12 16:53:13 UTC 2009


On Thu, 12 Mar 2009, Glen Turner wrote:

> William Allen Simpson wrote:
> 
> A telecommunications carrier releasing a customer's details without their
> permission, to a non-investigatory third party, without a court order.
> Hmmm. It's certainly illegal here in Australia. And last I checked wasn't
> the US firm Hewlett Packard in trouble for hiring people to do just that?

<!-- rambling

One of the funniest things I see with these arguments (dishing out info to
someone else) is what I perceive to be a sort of chain-mail like trickle
effect where no matter what anyone says, don't trust them. "We never give
out information" sayeth the forms on many a vendor. This does not mean if
that company is bought old the purchaser won't dish out your information.
So then who do you see?

> So your basic problem is that you have a law enforcement problem, and
> the law enforcers don't give this priority. Which leads to one of those
> vicious circle thingies, where the ISPs don't give a stuff about their
> customers running scans, since they aren't seeing any hassle from Mr Plod,
> those customers aren't seeing any consequences, and so the amount of 
> scanning
> increases, to the extent where people believe it is normal and acceptable.

Why should it be given priority. There is only so much a provider can do.
I'm with you when you state providers can do more but guess what? So can
vendors of operating systems. Should we point the finger back at Microsoft
for making things as simple as possible for the average non-technical user?
Maybe petition them to close all ports by default and allow its users to
open up what they need when they need it? How long before their userbase
drops? Grandma: "Say who, what? What's a netbios? Port? 137? Huh? Darling,
I just want to print and send pictures... Oh darn forget it!"

> Why not contact the FBI. Not because it will help. But because if even 1%
> of the libraries in the country do that then the FBI will take the path of
> least resistance, which is to hassle ISPs with enough warrants until the
> ISPs find it economic to clean up their act, at least with regard to their
> own customers.
> 

If 1% of the cases of port scanning were even taken serious, I'd
be pretty pissed my tax money is going down the toilet - I mean
it's bad enough my economy is tanking, no need to add to it. With
this said, re-take on another analogy I've done on this before...

Acme Superlocks states certain versions of their locks may be
picked. I know this because for one, not only did I receive
the e-mail from them, the news is showing that many owners
of Acme Superlocks have had their homes and businesses broken
into. As an owner of Acme Superlocks seeing the newsflashes,
getting the emails, I decide to continue using the locks. My
home is intruded. Who's fault is it, Acme Superlocks or was I
the idiot for not taking a second to fix my lock. After all
the company did some form of "due diligence" in explaining
that 1) their lock is fubar'd 2) they did send me the email
3) I did see the news 4) I'm not cripple - but competent
enough to "Google" "Acme Superlock". Who's to blame?

Now take this a step further, if I were about to do an
insurance claim, do you think my insurance company would
cover my claim after (at this point) I neglected to act
on my own behalf.

Claim Adjustor: "We see you did receive the warnings"
Me: "My bad. Sure I knew they were vulnerable..."

When you get down to the nitty-gritty, it was my own
negligence that cause this at the end of the day. We
can say for those instances where I was the first person
"hit up" that I was just unlucky, but at what point in
time should I stop shifting blame to my provider or
say Microsoft. I already *know* it's not my providers
role to protect me. I already *know* Microsoft "can be"
an insecure operating system. So here I am not doing
anything about it, yet shifting the blame when compromised.

rambling -->


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
SGFA, SGFE, C|EH, CNDA, CHFI, OSCP

"Enough research will tend to support your
conclusions." - Arthur Bloch

"A conclusion is the place where you got
tired of thinking" - Arthur Bloch

227C 5D35 7DCB 0893 95AA  4771 1DCE 1FD1 5CCD 6B5E
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x5CCD6B5E





More information about the NANOG mailing list