Re: Schneier: ISPs should bear security burden

[Steven Champeon <schampeo () hesketh com>]

on Thu, Apr 28, 2005 at 10:20:37AM -0400, Steve Sobol wrote:
> Mark Newton <newton () internode com au> wrote:
>
> > On Thu, Apr 28, 2005 at 02:16:36AM -0400, Steven J. Sobol wrote:
> >
> >  > Any IP that a provider allows servers on should have 
> >  > distinctive, non-dynamic-looking DNS (and preferably be in a separate 
> >  > netblock from the dynamically-assigned IPs).
> >
> > What the hell is a "non-dynamic-looking DNS"?  Sure, if I see something
> > like "static-192-168-1-1.isp.net" I can be reasonably sure that it's
> > non-dynamic-looking, but what does the same thing look like in 
> > Portugese?  German?  Spanish?  French?  (Korean?  Chinese?)
>
> France Telecom has a reasonably easy-to-understand naming scheme that ends in
> <POP-Location>.wanadoo.fr.

Hrm? The only examples I have are:

.abo.wanadoo.fr
.adsl.wanadoo.fr  \
                   --- haven't seen any of these in a long time, though
.cable.wanadoo.fr /

with the POP-Location coming at the forefront, after 'A', e.g.

ANantes-106-1-5-107.w193-251.abo.wanadoo.fr
AVelizy-154-1-44-113.w82-124.abo.wanadoo.fr
APoitiers-152-1-35-162.w83-193.abo.wanadoo.fr

or 'L' or 'M'

Laubervilliers-151_11-15-186.w82-127.abo.wanadoo.fr
LNeuilly-152_21-4-2.w82-127.abo.wanadoo.fr
Mix-Amiens-107-2-8.w193-248.abo.wanadoo.fr

or 'ca', which I assume is for cable:

ca-angers-2-19.w80-8.abo.wanadoo.fr
 
> Deutsche Telekom has an equally easy-to-understand scheme that ends in  
> dip.t-dialin.de (for their German dialups, anyhow).

They must be filtering/redirecting outbound port 25, then; it's been
some time since I saw any of their traffic here in the logs. Or maybe
it's because they're using t-dialin.net now. <clickety clack> Yep. I
don't see any t-dialin.de in 60 days, but tons of t-dialin.net hosts.

-- 
hesketh.com/inc. v: +1(919)834-2552 f: +1(919)834-2554 w: http://hesketh.com
join us!   http://hesketh.com/about/careers/account_manager.html    join us!