[nsp-sec] Changes Coming

Hank Nussbacher hank at efes.iucc.ac.il
Thu Feb 14 13:53:24 EST 2013 

At 10:40 14/02/2013 -0500, William Allen Simpson wrote:
>----------- nsp-security Confidential --------
>
>On 2/14/13 8:19 AM, Dave Monnier wrote:
>>2. You must have verifiable authority for the ASN or prefixes you're
>>requesting.  If you've been pulling data fro networks that are not your
>>responsibility as a favor, etc, our apologies. We would welcome these
>>parties to the new system as well.
>This is really too bad.  In fact, the only data I've received for *years*
>is for 3rd parties (current and former upstreams, peers, etc).  We've
>almost always been squeaky clean ourselves, as I've made it a priority.
>
>As for signing them up, that's highly unlikely.  We're all so small that
>we don't really qualify for NSP-Sec alone.  Heck, I probably wouldn't
>qualify on my own anymore -- I'm largely here because I was one of the
>founding members and keep my hand in operations from time to time.
>
>Therefore, I've personally extracted the daily data by hand and handed it
>off without nsp-sec fingerprints to my personal trusted contacts.  One of
>them has been getting their reports from REN-ISAC lately.  But I think
>it's highly unlikely you'll ever get each REN-ISAC member to sign up for
>your new service on their own.
>
>Good luck.  I'm just very disappointed.  We're really getting away from
>the personally vetted community model.

Ditto.  I have proxying about 10-15 small Israeli ASNs for years in 
addition to the main academic one which I am registered for in whois.  The 
small ASNs don't have a clue.   Their questions range from "how do you know 
the data you are giving me is accurate" to "how exactly do they know this 
about my network".  It requires a lot of hand holding, and personnel 
changes often in these small ASNs, in which case every 1-2 years you have 
to rinse and repeat, since handover of this stuff * never* happens.

Their whois data is long out of date, they don't even know what whois means 
nor what RIPE/ARIN are, nor do they care to learn.   The 3 larger Israeli 
ISP ASNs I dropped years ago since they continually have thousands of 
records in every report and don't care to fix or repair anything.   So what 
we will end up having is less overall security since  these small ASNs will 
have their botted PCs left as is - with no one to warn them to explain what 
needs to be done.

This service has been wonderful over the years and has probably brought 
more overall security to the Internet than all the corporate firewalls put 
together.

Tis a shame, but I guess it is Team Cymru's decision.

Regards,
Hank

More information about the nsp-security mailing list