[AusNOG] Speaking of DNS...

[Mark Newton]

> On 14 Feb 2014, at 11:59 am, Aaron Wigley <aaron.wigley at rea-group.com> wrote:
> 
>> On 14/02/14 11:55 AM, "Joseph Goldman" <joe at apcs.com.au> wrote:
>> 
>> To be fair - I wouldn't expect a 3rd party 'user' to be calling and
>> informing of problems within my network.
> 
> Our organisations need to be prepared for this to happen.  For example, in
> a security context, this happens frequently.
> Third parties often try to contact companies to let them know of issues or
> vulnerabilities in their environment,
> even when they are not a direct customer.

Yeah, and that's pretty funny too.

Years ago when internode was allocated 59.167/16 by APNIC, it fell unto me to deal with the many organizations (almost exclusively within Australia) who were annoying my customers by configuring firewalls with broken outdated bogon filters, which thought anything in 59/8 couldn't possibly be real and ought to be blocked.

Some organizations, when alerted to the problem, said something like, "Oh, yeah, that's messed up. We probably should stop filtering IANA reserved space." Correct answer.

Some instead said, "We'll permit 59/8 in our filters." Wrong answer, but it solved my immediate problem so yeah, whatever. Thanks.

One particular company has stuck in my mind ever since, for the most abysmally stupid response to my attempts to contact them. Turns out that the IT department of this company, part of the same corporate group as the company whose website failed for a fortnight after Boxing Day last year, claimed in reply email that they considered my attempt to urge them to change their firewall filter was a probable social engineering attack, and that if I didn't stop contacting them they'd turn the matter over to their security department and perhaps the AFP.

If I'd reacted by setting them on fire, the judge would've called ME the bad guy. There's no justice in this world.

   - mark