Contact for va.gov
Yes, two in one day. Wholesalers don't wipe device configs, apparently. Anyways, would a technical contact for va.gov please contact me off-list? Best Regards, Nathan Eisenberg
Wouldn't the world be a better place if the ARIN contact information was correct and usable. It would be nice to have an easy place for these types of requests. I guess maybe this list is that place. Sent from my iPhone On Apr 14, 2011, at 7:33 PM, Nathan Eisenberg <nathan@atlasnetworks.us> wrote:
Yes, two in one day. Wholesalers don't wipe device configs, apparently.
Anyways, would a technical contact for va.gov please contact me off-list?
Best Regards, Nathan Eisenberg
I pinged a buddy of mine at the VA. No word yet and I'm working from Sydney this week so a bit delayed anyhow... Josh -----Original Message----- From: Bret Palsson [mailto:bret@getjive.com] Sent: Friday, April 15, 2011 11:46 AM To: Nathan Eisenberg Cc: nanog@nanog.org Subject: Re: Contact for va.gov Wouldn't the world be a better place if the ARIN contact information was correct and usable. It would be nice to have an easy place for these types of requests. I guess maybe this list is that place. Sent from my iPhone On Apr 14, 2011, at 7:33 PM, Nathan Eisenberg <nathan@atlasnetworks.us> wrote:
Yes, two in one day. Wholesalers don't wipe device configs, apparently.
Anyways, would a technical contact for va.gov please contact me off-list?
Best Regards, Nathan Eisenberg
It would be far more effective if more organizations set up and maintained a slash-security page (see the NIAC Vulnerability Disclosure Framework for details). This is _exactly_ the kind of information that should be posted there. Jim -- James N. Duncan, CISSP Manager, Juniper Networks Security Incident Response Team (Juniper SIRT) E-mail: jduncan@juniper.net Mobile: +1 919 608 0748 PGP key fingerprint: E09E EA55 DA28 1399 75EB D6A2 7092 9A9C 6DC3 1821 ----- Original Message ----- From: Bret Palsson [mailto:bret@getjive.com] Sent: Thursday, April 14, 2011 09:45 PM To: Nathan Eisenberg <nathan@atlasnetworks.us> Cc: nanog@nanog.org <nanog@nanog.org> Subject: Re: Contact for va.gov Wouldn't the world be a better place if the ARIN contact information was correct and usable. It would be nice to have an easy place for these types of requests. I guess maybe this list is that place. Sent from my iPhone On Apr 14, 2011, at 7:33 PM, Nathan Eisenberg <nathan@atlasnetworks.us> wrote:
Yes, two in one day. Wholesalers don't wipe device configs, apparently.
Anyways, would a technical contact for va.gov please contact me off-list?
Best Regards, Nathan Eisenberg
On Thu, Apr 14, 2011 at 8:32 PM, Nathan Eisenberg <nathan@atlasnetworks.us> wrote:
Yes, two in one day. Wholesalers don't wipe device configs, apparently.
Anyways, would a technical contact for va.gov please contact me off-list?
Best Regards, Nathan Eisenberg
Is tracking down the original user and letting them know about the config leak a standard practice, necessary or "the right thing to do"? I've always just wiped flash and carried on.
Is tracking down the original user and letting them know about the config leak a standard practice, necessary or "the right thing to do"?
Municipal networks often provide some emergency services, and we all know what the VA provides. Once you know whose gear it is, I guess you have to decide if you'd be willing to have a little bit of that organization's (or their patrons) blood on your hands. Especially in the case of the VA, for me, the answer is 'hell no'. If it was "Joes defunct sprocket startup", I'd likely just format flash: and move on. Nathan
On 04/14/2011 07:54 PM, Nathan Eisenberg wrote:
Is tracking down the original user and letting them know about the config leak a standard practice, necessary or "the right thing to do"?
Municipal networks often provide some emergency services, and we all know what the VA provides. Once you know whose gear it is, I guess you have to decide if you'd be willing to have a little bit of that organization's (or their patrons) blood on your hands.
Especially in the case of the VA, for me, the answer is 'hell no'. If it was "Joes defunct sprocket startup", I'd likely just format flash: and move on.
A few months back I had exactly this situation - I bought a switch off ebay that was still loaded with it's config, and it had come from yahoo.com. Now, I am the good netizen and I flagged them about this and was able to help them find the source which I assume they 'fixed' this leak. The data in the fig file could have been (mis)used to yahoo's network security disadvantage and wherever you stand I think we all can agree that cluing them in was the right thing to do. But for someone else's startup, probably would not have bothered. Mike-
participants (6)
-
Bret Palsson
-
Jim Duncan
-
Jon Auer
-
Mike
-
Nathan Eisenberg
-
Stephens, Josh