Re: Random address in asia != APNIC

From: Blaine Kahle (goatee@binary.net)
Date: 06/26/02


Date: Tue, 25 Jun 2002 19:21:16 -0500
From: Blaine Kahle <goatee@binary.net>
To: ggm@apnic.net

On Wed, Jun 26, 2002 at 09:23:28AM +1000, ggm@apnic.net wrote:
> Blaine Kahle <goatee@binary.net> Said in security@freebsd.org:
> > And I think it's being scanned for:
> >
> > Jun 25 16:10:06 aspire sshd[26012]: scanned from 203.74.9.16 with
> > SSH-1.0-SSH_Version_Mapper. Don't panic.
> > Jun 25 16:10:06 aspire sshd[26009]: Did not receive identification string
> > from 203.74.9.16
> >
> >203.74.9.16 is APNIC.
>
> Please, if you work in a 'security' domain in FreeBSD, do not, ever
> attribute random addresses to the Internet Registry that allocated
> them.
>
> APNIC, RIPE, ARIN (and soon LACNIC and AFRNIC) are registries. They
> are not the source, they provision the handing out of the addresses.
>
> They are not responsible for the packet source, or destination of
> arbitrary flows in the internet.
>
> Indeed, whois contact information is often out of date, and the whois
> returns the /8 network region which is the parent block, but that
> doesn't make the packets 'ours' -It just means we're doing the best we
> can to tell you where the addresses were obtained. Not where they are
> used, not where the sender is.
>
> If you run, configure, write code which intuits owners from whois, can
> you not propagate this mistake please?

I apologize. It was a bad statement from a burnt-out admin. Rest and
reflection have made me very repentant concerning that line. I am aware
of the role of the registry, and my poor choice of words was not
intended to imply that the packet was actually from APNIC, the registry.
I am also sorry for the misuse of "APNIC" in trying to convey my
assumptions about the origin and intent of the SSH scan.

-- 
Blaine Kahle                                         blaine@binary.net
Systems Programmer                                    Binary Net, Inc.
UID 0, Zip, Zilch, Nada                                 www.binary.net
                                                            0x178AA0E0
Do not meddle in the affairs of sysadmins,
for they are quick to anger and have no need for subtlety.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message


Relevant Pages

  • Re: irpstacksize error message
    ... changed the registry setting to 15 but I am still getting the error message. ... to store information about the state and handling of that packet. ... reserved for each driver used in the SMB request. ... memory usage of each packet by over 700 bytes and that specific allocation ...
    (microsoft.public.sqlserver.clustering)
  • Re: Be smart and try this auctions site
    ... Address and phone number in the WhoIs below ... Redirecting to ASCIO TECHNOLOGIES, INC. ... send queries or data to the systems of any Registry Operator ... to register domain names or modify existing registrations. ...
    (uk.rec.cars.classic)
  • Changing TCP packet size
    ... I wanted to know where I can change the maximum TCP/IP ... packet size in XP. ... I've looked in the registry, ... Yony ...
    (microsoft.public.windowsxp.general)