North American Network Operators Group|
Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical
Re: Fw: GLBX ICMP rate limiting (was RE: Tier-1 without their ownbackbone?)
On Fri, 29 Aug 2003, Christopher L. Morrow wrote: > That was a ccourt order, not much any US based corporation can do about > that, eh? Oh, yeah, and it didn't help stop any child pornographers, all > it did was hide their tracks from the authorities :( I suspect most ISPs in the US will follow lawful orders issued by authorities with jurisdiction. Some may try to also point out how stupid or ineffective those orders are. In the last month there have been several worms, viruses and activites by law enforcement and other authorities related to those. I think some folks are confusing the various different requests, orders, subpoenaes, etc. NIPC/DHS issued an advisory about the RPC/DCOM vulnerability and worm including suggested mitigation steps including filtering certain ports. This was a suggestion. Some ISPs followed the advice, some ISPs in particular some cable modem providers have blocked NETBIOS ports for a long time. For the Sobig.F virus the FBI subpoened at least one ISP for records, which the ISP turned over. Other AHJ's tried to coordinate the shutdown of the 20 or so IP addresses used by the Sobig.F "controller" which was supposed to issue directions last Friday. F-Secure also issued a press release about their cooperating with the FBI to shutdown those systems just in the "nick of time." Some ISPs cooperated with the AHJ's to shutdown access to those 20 IP addresses. Since most of the 20 IP addresses were on cable and dsl providers, the AHJs may have only contacted those providers for assistance. I have no idea if UUNET cooperated with the FBI, NICP, DHS or other AHJ concerning any of the worms or viruses over the last month.