Date: Tue, 25 Jun 2002 19:21:16 -0500 From: Blaine Kahle <goatee@binary.net> To: ggm@apnic.net Cc: security@freebsd.org Subject: Re: Random address in asia != APNIC Message-ID: <20020626002116.GF2718@deskpuppy.ops.binary.net> In-Reply-To: <30409.1025047408@durian.apnic.net> References: <30409.1025047408@durian.apnic.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, Jun 26, 2002 at 09:23:28AM +1000, ggm@apnic.net wrote:
> Blaine Kahle <goatee@binary.net> Said in security@freebsd.org:
> > And I think it's being scanned for:
> >
> > Jun 25 16:10:06 aspire sshd[26012]: scanned from 203.74.9.16 with
> > SSH-1.0-SSH_Version_Mapper. Don't panic.
> > Jun 25 16:10:06 aspire sshd[26009]: Did not receive identification string
> > from 203.74.9.16
> >
> >203.74.9.16 is APNIC.
>
> Please, if you work in a 'security' domain in FreeBSD, do not, ever
> attribute random addresses to the Internet Registry that allocated
> them.
>
> APNIC, RIPE, ARIN (and soon LACNIC and AFRNIC) are registries. They
> are not the source, they provision the handing out of the addresses.
>
> They are not responsible for the packet source, or destination of
> arbitrary flows in the internet.
>
> Indeed, whois contact information is often out of date, and the whois
> returns the /8 network region which is the parent block, but that
> doesn't make the packets 'ours' -It just means we're doing the best we
> can to tell you where the addresses were obtained. Not where they are
> used, not where the sender is.
>
> If you run, configure, write code which intuits owners from whois, can
> you not propagate this mistake please?
I apologize. It was a bad statement from a burnt-out admin. Rest and
reflection have made me very repentant concerning that line. I am aware
of the role of the registry, and my poor choice of words was not
intended to imply that the packet was actually from APNIC, the registry.
I am also sorry for the misuse of "APNIC" in trying to convey my
assumptions about the origin and intent of the SSH scan.
--
Blaine Kahle blaine@binary.net
Systems Programmer Binary Net, Inc.
UID 0, Zip, Zilch, Nada www.binary.net
0x178AA0E0
Do not meddle in the affairs of sysadmins,
for they are quick to anger and have no need for subtlety.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020626002116.GF2718>