Hey!
New message, please read <http://hartsawyer.com/fresh.php?18ct>
Merike Kaeo
Heh….this reminded me of a project I had to do circa 1991/2 when getting my
Master's in EE where we used this book and mechanism to
'validate' TCP. http://spinroot.com/gerard/popd.html
Although as a student homework assignment I wouldn't say what we did was in any
way rigorous but certainly
On Aug 21, 2014, at 12:51 PM, Tarko Tikan ta...@lanparty.ee wrote:
hey,
My home IP is in both the PBL and the SORBS DUL and I have no trouble
using ebay or paypal.
Thanks for confirmation.
Given that the problem range is in Estonia, I expect that it's some
combination of abuse from
On Aug 13, 2014, at 6:52 AM, Warren Kumari war...@kumari.net wrote:
On Wed, Aug 13, 2014 at 1:40 AM, valdis.kletni...@vt.edu wrote:
On Wed, 13 Aug 2014 08:08:04 +0300, Hank Nussbacher said:
We went with 768 - enough time to replace the routers with ASR9010s. It is
merely a stop-gap
On May 23, 2014, at 1:24 AM, Randy Bush ra...@psg.com wrote:
Thanks everyone. There's been a lot of great on and off list
responses, and we have a much better list of contacts for the next
time this happens.
We are in contact with the FBI now (very impressed, particularly
compared to
On May 23, 2014, at 3:03 AM, Matthew Petach mpet...@netflight.com wrote:
On Fri, May 23, 2014 at 1:24 AM, Randy Bush ra...@psg.com wrote:
Thanks everyone. There's been a lot of great on and off list
responses, and we have a much better list of contacts for the next
time this happens.
I will use this opportunity to solicit real world experience and use cases that
could be discussed at the Security Track at NANOG 61. While I've been
soliciting talks in operational security specific groups, this thread also
peaked my interest.
Nothing beats sharing the good, the bad, the ugly
On Mar 14, 2014, at 7:06 AM, Stephane Bortzmeyer bortzme...@nic.fr wrote:
On Fri, Mar 14, 2014 at 01:59:27PM +,
Nick Hilliard n...@foobar.org wrote
a message of 10 lines which said:
did you characterise what dns servers / embedded kit were
vulnerable?
He said We have not been able
On Mar 4, 2014, at 6:54 AM, valdis.kletni...@vt.edu wrote:
On Tue, 04 Mar 2014 09:28:01 -0400, jim deleskie said:
Why want to swing such a big hammer. Even blocking those 2 IP's will
isolate your users, and fill your support queue's.
Set up a DNS server locally to reply to those IP's
On Dec 6, 2013, at 11:55 AM, Eugeniu Patrascu eu...@imacandi.net wrote:
On Fri, Dec 6, 2013 at 9:48 PM, Jared Mauch ja...@puck.nether.net wrote:
On Dec 6, 2013, at 1:39 PM, Brandon Galbraith brandon.galbra...@gmail.com
wrote:
If your flows are a target, or your data is of an extremely
On Oct 4, 2012, at 7:36 AM, Dobbins, Roland wrote:
On Oct 4, 2012, at 9:26 PM, Sander Steffann wrote:
The closer you get to the edge the more common it might become...
iACLs should be implemented at the network edge to drop all IPv4 and IPv6
traffic - including non-initial fragments -
PCI DSS just came up with version 2 in October 2010 and one of the changes was:
Removed specific references to IP masquerading and use of network address
translation (NAT) technologies and added examples of methods for preventing
private IP address disclosure.
- merike
On Jan 12, 2011, at
I've pinged someone offline who may have a contact. Will let you know offline
if I do and connect you. I had some peripheral insight a few years ago when I
did some work with Boeing. Even had a hand at editing some ARINC standards.
The airline industry was umminteresting :) Suffice
On May 14, 2010, at 1:36 PM, Jared Mauch wrote:
On May 14, 2010, at 3:43 PM, Brielle Bruns wrote:
(Sent from my Blackberry, please avoid the flames as I can't do
inline quoting)
Native IPv6 is a crapshoot. About the only people in the US that
I've seen that are no-bullshit IPv6
No - if you read the below pointers carefully it does specify that
ESP-Null is a MUST for OSPFv3 authentication protocol while AH is a
MAY. AH is mostly superfluous and complicates implementations.
Someone on the IPsec mailing list stated that at least two
implementations he was aware of
If I recall correctly what an implementor once told me, the work
involved in taking the fields that are immutable, then hashing
packet, then sticking those immutable fields back in is actually more
work than encrypting. Surprised me at the time but seems to be the
case.
- merike
On
I agree as well that ESP-Null the way to go for integrity. From
operational perspective if you are supporting both v4 and v6 (and you
will) then having different protocols will be a nightmare. Common
denominator is ESP-Null.
Realistically for IPsec, unless you have the scalable
Yeah - the main issue with using ESP is that there's a trailer at end
of packet that tells you more info to determine whether you can
inspect the packet. So you have to look at the end of the packet to
see whether ESP is using encryption or null-encryption (i.e. just
integrity
throw out AH and stick to one protocol
which has
been extensively tested. A quick scan through some of vendors data
sheets
quickly reveals that most of them dont even provide support for AH.
Jack
On Tue, May 26, 2009 at 2:33 AM, Merike Kaeo k...@merike.com wrote:
Yeah - the main issue with using
with TCP performance
enhancement proxies used in wireless networks, which couldnt deep
inspect the ESP packets to extract TCP flow IDs and seq numbers,
but that should all change with the new WESP proposal.
Jack
On Tue, May 26, 2009 at 8:21 AM, Merike Kaeo k...@merike.com wrote:
Coming from
Opsec wg alsoabout 2 years ago Ross Callon went to most NOGs to
solicit input and I suppose now with Joel it'll be ongoing :)
- merike
On Feb 18, 2009, at 3:00 PM, Steven M. Bellovin wrote:
On Wed, 18 Feb 2009 17:40:02 -0500
Leo Bicknell bickn...@ufp.org wrote:
And let me ask you this
21 matches
Mail list logo
