[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: FW: Access to bard web/ftp servers denied -- Open ticket #279083304
- To: Yuval Shchory <syuval@netvision.net.il>
- Subject: Re: FW: Access to bard web/ftp servers denied -- Open ticket #279083304
- From: "Marc A. Volovic" <marc@bard.org.il>
- Date: Tue, 6 Oct 1998 22:10:30 +0200
- In-Reply-To: <Pine.GSO.3.95.981006120459.16268A-100000@nvt>; from Yuval Shchory on Tue, Oct 06, 1998 at 12:20:25PM +0200
- References: <19981006115856.A17547@bard.org.il> <Pine.GSO.3.95.981006120459.16268A-100000@nvt>
- Reply-To: "Marc A. Volovic" <marc@bard.org.il>
- Sender: owner-linux-il@cs.huji.ac.il
On Tue, Oct 06, 1998 at 12:20:25PM +0200, Yuval Shchory wrote:
>
> As I believe you understood yourself, there was a mistake in my first
> email, it should read 'you can be assured that both NetVision's and
> Ort's administration will not treat this issue with full attention.'
Unless I am mistaken, this means EXACTLY what the original meant -
a translation into transcribed hebrew:
"Ata yachol lihyot batuach she lo Netvision ve lo Ort lo ityachasu
le nose ze btsumat lev melea'a." I am, assuming, for now, that this is
the _wrong_ translation. I hope that this is, indeed, a wrong translation.
I do hope.
> Our ABUSE procedure (network abuse, spamming, etc.) is quite simple - we
> notify the administrator responsible for the IP addresses from which the
> attempt came from. It is HIS/HER responsibility to get the culprit and
> make sure such cases will not happen again. Most of the times such cases
> are resolved by the administrator identifying the problem and eliminating
> it, either by warning the culprit or by taking the necessary measures
> (patches, ACLs, etc.).
This is a reasonable policy and seems to fit well with the idea that
self-policing is encouraged.
> We have not received an answer from Ort, about a specific action taken
> regarding this specific problem. As already said, we will notify you if
^^
> there will be any specific information that might interest you.
Ah - herein lies the rub. You seem to think that, once the offending net's
system admin has been notified, you're done. This is an, alas, typical
Israeli approach - "Halas, asinu ta'yomit. Bo nelech." And if you
never see a reply (I think you will not, since you make no effort to
_prod_ a reply out of them) - what then? Nothing? A shake of the head?
This is most definetely not good enough for me. A specific act has been
recorded and the logs thereof have been sent you. I hoped for some action
from you (not you=Yuval Shchori, you=Netvision), since I have no direct
ability to influence Ort. Since you seem to lack the incentive to enforce
behavior, you are labled as an unsafe zone in my books (my previous
experience with some of your router just strengthens that opinion).
> Marc - frankly - I'm not sure that blocking a CIDR block is the best thing
> to do when there's a hacking attempt. If this is a way to make us 'work
> faster' - you KNOW that we are doing the best we can. As was stated in my
> previous letter, these things take time - please remember that we are
> talking about a school, during a holiday vacation. It is your decision
> whether to block the whole NetVision's block or not, but frankly I believe
> that it is as good as 'deny 0.0.0.0 0.0.0.0'.
First, blocking you is NOT an attempt to make you work faster. This would
an an idiotic idea, were I embarked on it. This is a reaction to what I
consider an unsafe area of operation - it will not stop a determined
attack anyway, just the jerks of the type that tried me. If and when I
see something out of NV that signifies an attempt to enforce non-abuse,
I will strike you from my "unsafe" book. When I see something out of Ort,
I will likewise strike THEM out of the "unsafe" book.
As for "block us=block 0.0.0.0 0.0.0.0", this is again a typical Israeli
statement - "We are the world". Well, no, you are not. You are indeed the
largest Israeli provider, no doubt about that. But you're not the world.
Blocking you means a WHOLE lot of stuck Israelis. But most sites that
connect to me come from outside Israel (and from Actcom :-). I provide
a minor service. Those that are interested in this service may use it,
whose who are not, needn't. The result of blocking you hurts only ONE
agency, actually - Netvision. People requiring this service from a
nevision.net.il site have to go abroad, using up your international
bandwidth. If this is important enough - go bite Ort. Not important,
no matter.
> Yuval Shchory
> Netvision Corporate Support
I remain at your service (except ports 20/21 and 80, that is :-),
Marc
---MAV
Marc A. Volovic | Comfort, n: A feeling one gets from
marc@bard.org.il | contemplating discomfort in another.
http://www.bard.org.il/~marc | A. Bierce.