[nsp-sec] Changes Coming

Dave Monnier dmonnier at cymru.com
Thu Feb 14 14:09:31 EST 2013 

Hi, Hank.

Thank you for your reply.

To be clear.  Access to data is *not* going away.  The system used to
access the data is changing.  If you have authority to view infection
data for a network you will still have that access.  If you've been
accessing data for networks not of your control you can introduce those
networks to the console.

For those folks concerned that networks will be left out if the cold due
to clueless admins, etc, there is little we can do to help sadly. If you
were able to hold their hand through remediation, then please hold their
hand to signing up for the console.

This is a classic fish/fishing situation.

Give someone a fish and they'll eat for a day, teach them to fish and
they'll eat for life.

If you've been giving data to these networks to save them, you've
effectively been giving them fish.  If you show them the way to the
console, you've taught them how to fish. Best of all, you'll be
recovering time for yourself and time is irreplaceable.

If they're so lost that they can't work the console, it's likely the
data you've been proxying them is on no help either.

Our intention isn't to upset anyone's operation but to streamline our
own.  As a no-cost service we have to ensure we're able to deliver it
for the long-term with minimal impact.  By reducing our burden to
deliver it we'll better be able to deliver this service in the long run.

Cheers,
-Dave




On 2/14/13 1:53 PM, Hank Nussbacher wrote:
> At 10:40 14/02/2013 -0500, William Allen Simpson wrote:
>> ----------- nsp-security Confidential --------
>>
>> On 2/14/13 8:19 AM, Dave Monnier wrote:
>>> 2. You must have verifiable authority for the ASN or prefixes you're
>>> requesting.  If you've been pulling data fro networks that are not your
>>> responsibility as a favor, etc, our apologies. We would welcome these
>>> parties to the new system as well.
>> This is really too bad.  In fact, the only data I've received for *years*
>> is for 3rd parties (current and former upstreams, peers, etc).  We've
>> almost always been squeaky clean ourselves, as I've made it a priority.
>>
>> As for signing them up, that's highly unlikely.  We're all so small that
>> we don't really qualify for NSP-Sec alone.  Heck, I probably wouldn't
>> qualify on my own anymore -- I'm largely here because I was one of the
>> founding members and keep my hand in operations from time to time.
>>
>> Therefore, I've personally extracted the daily data by hand and handed it
>> off without nsp-sec fingerprints to my personal trusted contacts.  One of
>> them has been getting their reports from REN-ISAC lately.  But I think
>> it's highly unlikely you'll ever get each REN-ISAC member to sign up for
>> your new service on their own.
>>
>> Good luck.  I'm just very disappointed.  We're really getting away from
>> the personally vetted community model.
> 
> Ditto.  I have proxying about 10-15 small Israeli ASNs for years in
> addition to the main academic one which I am registered for in whois. 
> The small ASNs don't have a clue.   Their questions range from "how do
> you know the data you are giving me is accurate" to "how exactly do they
> know this about my network".  It requires a lot of hand holding, and
> personnel changes often in these small ASNs, in which case every 1-2
> years you have to rinse and repeat, since handover of this stuff *
> never* happens.
> 
> Their whois data is long out of date, they don't even know what whois
> means nor what RIPE/ARIN are, nor do they care to learn.   The 3 larger
> Israeli ISP ASNs I dropped years ago since they continually have
> thousands of records in every report and don't care to fix or repair
> anything.   So what we will end up having is less overall security
> since  these small ASNs will have their botted PCs left as is - with no
> one to warn them to explain what needs to be done.
> 
> This service has been wonderful over the years and has probably brought
> more overall security to the Internet than all the corporate firewalls
> put together.
> 
> Tis a shame, but I guess it is Team Cymru's decision.
> 
> Regards,
> Hank
> 


-- 
Dave Monnier
Team Cymru
https://www.team-cymru.org/
PGP: https://www.cymru.com/dmonnier/0x7C1AAE55_pub.asc


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 203 bytes
Desc: OpenPGP digital signature
URL: <https://puck.nether.net/mailman/private/nsp-security/attachments/20130214/93055e0c/attachment-0001.sig>

More information about the nsp-security mailing list