[nsp-sec] Changes Coming

Smith, Donald Donald.Smith at CenturyLink.com
Thu Feb 14 14:06:41 EST 2013 

Wait our reports always included customers and cyrmu's whois service shows our customers as our blocks when you run it through their ip to asn tool. So I suspect we will continue to get reports for customers unless they use some logic beyond their own ip to asn tools?



Next this thread had this alias on it outreach at cymru.com<mailto:outreach at cymru.com> since I don't know who is on that alias I removed it from the cc list. In general we shouldn't use aliases as the rest of nsp-sec can't tell whos behind that alias.



Everyone of the cymru people I have met is trustworthy, most of them are on list but it is a bad habit to get into :)





(coffee != sleep) & (!coffee == sleep)
 Donald.Smith at centurylink.com<mailto:Donald.Smith at centurylink.com>
________________________________
From: nsp-security-bounces at puck.nether.net [nsp-security-bounces at puck.nether.net] on behalf of Hank Nussbacher [hank at efes.iucc.ac.il]
Sent: Thursday, February 14, 2013 11:53 AM
To: William Allen Simpson; Dave Monnier
Cc: outreach at cymru.com; NSP-Sec
Subject: Re: [nsp-sec] Changes Coming

----------- nsp-security Confidential --------

At 10:40 14/02/2013 -0500, William Allen Simpson wrote:
>----------- nsp-security Confidential --------
>
>On 2/14/13 8:19 AM, Dave Monnier wrote:
>>2. You must have verifiable authority for the ASN or prefixes you're
>>requesting.  If you've been pulling data fro networks that are not your
>>responsibility as a favor, etc, our apologies. We would welcome these
>>parties to the new system as well.
>This is really too bad.  In fact, the only data I've received for *years*
>is for 3rd parties (current and former upstreams, peers, etc).  We've
>almost always been squeaky clean ourselves, as I've made it a priority.
>
>As for signing them up, that's highly unlikely.  We're all so small that
>we don't really qualify for NSP-Sec alone.  Heck, I probably wouldn't
>qualify on my own anymore -- I'm largely here because I was one of the
>founding members and keep my hand in operations from time to time.
>
>Therefore, I've personally extracted the daily data by hand and handed it
>off without nsp-sec fingerprints to my personal trusted contacts.  One of
>them has been getting their reports from REN-ISAC lately.  But I think
>it's highly unlikely you'll ever get each REN-ISAC member to sign up for
>your new service on their own.
>
>Good luck.  I'm just very disappointed.  We're really getting away from
>the personally vetted community model.

Ditto.  I have proxying about 10-15 small Israeli ASNs for years in
addition to the main academic one which I am registered for in whois.  The
small ASNs don't have a clue.   Their questions range from "how do you know
the data you are giving me is accurate" to "how exactly do they know this
about my network".  It requires a lot of hand holding, and personnel
changes often in these small ASNs, in which case every 1-2 years you have
to rinse and repeat, since handover of this stuff * never* happens.

Their whois data is long out of date, they don't even know what whois means
nor what RIPE/ARIN are, nor do they care to learn.   The 3 larger Israeli
ISP ASNs I dropped years ago since they continually have thousands of
records in every report and don't care to fix or repair anything.   So what
we will end up having is less overall security since  these small ASNs will
have their botted PCs left as is - with no one to warn them to explain what
needs to be done.

This service has been wonderful over the years and has probably brought
more overall security to the Internet than all the corporate firewalls put
together.

Tis a shame, but I guess it is Team Cymru's decision.

Regards,
Hank



_______________________________________________
nsp-security mailing list
nsp-security at puck.nether.net
https://puck.nether.net/mailman/listinfo/nsp-security

Please do not Forward, CC, or BCC this E-mail outside of the nsp-security
community. Confidentiality is essential for effective Internet security counter-measures.
_______________________________________________

More information about the nsp-security mailing list