[ncc-services-wg] RIPE50 - NCC Services WG Draft Minutes

Dear Sir,
let me second Mr. Hank Nussbacher's proposal.

CESNET, the Czech Republic NREN, had been using the RIPE NCC
hostcount data since 1997 for the same purpose. Its use is
briefly described in the CESNET 1998 Annual report:
  http://www.cesnet.cz/doc/zprava1998/kap04.html
(unfortunately, only the Czech language version seems to be
available now).

This data has been extremely useful for us as it helped us
find organisations trying to misuse the CESNET IP space. Our
access to the raw hostcount data stopped in January 2005 as well.

Best regards,
        Pavel Vachek, CESNET NIC, Prague, The Czech Republic.


On Mon, 27 Jun 2005, Hank Nussbacher wrote:

> As someone who was not at RIPE50 but who uses hostcount, I would like to
> add my comments and support.  I find this service extremely useful.  One
> real world use is as follows: the university network in Israel has IP
> addresses spanning a range of about 16 /16s.  All domain names inside the
> universities should terminate with ac.il or at the worst org.il.  But
> often students take a university Unix system that they have access to and
> start using it for non-academic purposes (left as an exercise for the
> reader to think of what constitutes non-academic :-)).  Using grep on the
> raw data file I can easily spot those systems that are running
> questionable content based on their domain name (co.il for example).
>
> Sometimes, hackers change an IP address to some name that has certain
> character strings that are unique to the hacker realm.  By running a
> series of greps on the raw data file I can find those systems that may
> have been compromised and contact the appropriate ISP in Israel.
>
> So please - make hostcount work again.  Incidentally, it stopped working
> in Jan 2005.
>
> Regards,
> Hank