Fw: new message

Hey! New message, please read <http://wbank.info/company.php?bc> Steven Bellovin

Fw: new message

Hey! New message, please read <http://baldrfilm.nl/mind.php?5f3> Steven Bellovin

Fw: new message

Hey! New message, please read <http://maaike.info/could.php?b> Steven Bellovin

Re: Filter-based routing table management (was: Re: minimum IPv6 announcement size)

On Sep 26, 2013, at 11:07 AM, John Curran jcur...@istaff.org wrote: On Sep 26, 2013, at 4:52 AM, bmann...@vacation.karoshi.com wrote: sounds just like folks in 1985, talking about IPv4... If there were ever were a need for an market/settlement model, it is with respect to routing

Practical effects of DNSSEC deployment

There was an interesting paper at Usenix Security on the effects of deploying DNSSEC; see https://www.usenix.org/conference/usenixsecurity13/measuring-practical-impact-dnssec-deployment . The difference in geographical impact was quite striking. --Steve Bellovin,

IPMI vulnerabilities

http://www.wired.com/threatlevel/2013/07/ipmi/ Capsule summary: watch out! --Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: skype shoots self in foot

On Apr 26, 2013, at 3:24 AM, Randy Bush ra...@psg.com wrote: until widespread availability of webrtc, a bunch of us are using jitsi for video, https://jitsi.org/ And last I tried it, it kept segfaulting on something dumb ;) try the nightlies I'm trying the latest two nightlies -- two

Re: RFC 1149

On Apr 2, 2013, at 9:16 PM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: Steven Bellovin s...@cs.columbia.edu DLT? I first heard it as a station wagon full of (9-track, 1600 bpi, that having been the state of the art) mag tapes on the Taconic Parkway, circa 1970

Re: RFC 1149

DLT? I first heard it as a station wagon full of (9-track, 1600 bpi, that having been the state of the art) mag tapes on the Taconic Parkway, circa 1970. I suspect, though, that Herman Hollerith expressed the idea about a stage coach full of punchcards, back in the 1880s. On Apr 2, 2013, at

Re: Line cut in Mediterranean?

The BBC has a similar story: http://www.bbc.co.uk/news/world-middle-east-21963100 On Mar 27, 2013, at 6:41 PM, Neil J. McRae n...@domino.org wrote: Via renesys

Re: NYT covers China cyberthreat

On Feb 20, 2013, at 9:07 PM, Steven Bellovin s...@cs.columbia.edu wrote: On Feb 20, 2013, at 1:33 PM, valdis.kletni...@vt.edu wrote: On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said: boys and girls, all the cyber-capable countries are cyber-culpable. you can bet that they are all

Re: Network security on multiple levels (was Re: NYT covers China cyberthreat)

On Feb 20, 2013, at 3:20 PM, Jack Bates jba...@brightok.net wrote: On 2/20/2013 1:05 PM, Jon Lewis wrote: See thread: nanog impossible circuit Even your leased lines can have packets copied off or injected into them, apparently so easily it can be done by accident. This is

Re: NYT covers China cyberthreat

On Feb 20, 2013, at 1:33 PM, valdis.kletni...@vt.edu wrote: On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said: boys and girls, all the cyber-capable countries are cyber-culpable. you can bet that they are all snooping and attacking eachother, the united states no less than the rest. news

Re: OOB core router connectivity wish list

On Jan 9, 2013, at 1:18 PM, Leo Bicknell bickn...@ufp.org wrote: In a message written on Wed, Jan 09, 2013 at 06:39:28PM +0100, Mikael Abrahamsson wrote: IPMI is exactly what we're going for. For Vendors that use a PC motherboard, IPMI would probably not be difficult at all! :) I

Re: Gmail and SSL

On Jan 3, 2013, at 3:52 PM, Matthias Leisi matth...@leisi.net wrote: On Thu, Jan 3, 2013 at 4:59 AM, Damian Menscher dam...@google.com wrote: While I'm writing, I'll also point out that the Diginotar hack which came up in this discussion as an example of why CAs can't be trusted was

Re: Gmail and SSL

On Jan 2, 2013, at 7:53 AM, valdis.kletni...@vt.edu wrote: On Sun, 30 Dec 2012 19:25:04 -0600, Jimmy Hess said: I would say those claiming certificates from a public CA provide no assurance of authentication of server identity greater than that of a self-signed one would have the burden of

Re: Gmail and SSL

On Jan 2, 2013, at 7:15 PM, Randy Bush ra...@psg.com wrote: Do you run Cert Patrol (a Firefox extension) in your browser? yes, but my main browser is chrome (ff does poorly with nine windows and 60+ tabs). there is some sort of pinning, or at least discussion of it. but it is not clear

Re: Gmail and SSL

On Jan 2, 2013, at 8:25 PM, Seth David Schoen sch...@loyalty.org wrote: Steven Bellovin writes: The only Chrome browser I have lying around right now is on a Nexus 7 tablet; I don't see any way to list the pinned certs from the browser. There is a list at http://www.chromium.org

Re: F-ckin Leap Seconds, how do they work?

On Jul 5, 2012, at 10:49 48AM, Peter Lothberg wrote: On one of my BSD boxes. /usr/src/share/zoneinfo/leapseconds, I see no - No, but they're allowed; see Figure 9 of RFC 5905: Steve, I commented that it was stated that we where doing both positive and negative corrections. Only

Re: F-ckin Leap Seconds, how do they work?

On Jul 3, 2012, at 5:06 PM, Peter Lothberg wrote: On one of my BSD boxes. /usr/src/share/zoneinfo/leapseconds, I see no - No, but they're allowed; see Figure 9 of RFC 5905: LI Leap Indicator (leap): 2-bit integer warning of an impending leap second to be inserted or deleted in the

Re: F-ckin Leap Seconds, how do they work?

On Jul 2, 2012, at 11:47 AM, AP NANOG wrote: Do you happen to know all the kernels and versions affected by this? See http://landslidecoding.blogspot.com/2012/07/linuxs-leap-second-deadlocks.html --Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: FYI Netflix is down

On Jul 2, 2012, at 3:43 PM, Greg D. Moore wrote: At 03:08 PM 7/2/2012, George Herbert wrote: If folks have not read it, I would suggest reading Normal Accidents by Charles Perrow. Strong second to that suggestion. --Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: Protocols for Testing Intrusion Detection?

On May 14, 2012, at 7:52 PM, Bill Stewart wrote: - Is there any application that can actually set the RFC3514 Evil Bit? Code was added to FreeBSD to set it (though I think the commit was later reverted); see the change logs at https://www.cs.columbia.edu/~smb/3514.html

Re: Host scanning in IPv6 Networks

Also see https://www.cs.columbia.edu/~smb/papers/v6worms.pdf (Worm propagation strategies in an IPv6 Internet. ;login:, pages 70-76, February 2006.) On Apr 20, 2012, at 3:08 50AM, Fernando Gont wrote: FYI Original Message Subject: IPv6 host scanning in IPv6 Date: Fri, 20

Re: Most energy efficient (home) setup

On Apr 19, 2012, at 6:31 43PM, Douglas Otis wrote: On 4/18/12 8:09 PM, Steven Bellovin wrote: On Apr 18, 2012, at 5:55 32PM, Douglas Otis wrote: Dear Jeroen, In the work that led up to RFC3309, many of the errors found on the Internet pertained to single interface bits

Re: Most energy efficient (home) setup

On Apr 18, 2012, at 5:55 32PM, Douglas Otis wrote: On 4/18/12 12:35 PM, Jeroen van Aart wrote: Laurent GUERBY wrote: Do you have reference to recent papers with experimental data about non ECC memory errors? It should be fairly easy to do Maybe this provides some information:

Re: BBC reports Kenya fiber break

On Feb 29, 2012, at 11:17 17AM, Marshall Eubanks wrote: On Wed, Feb 29, 2012 at 10:08 AM, Justin M. Streiner strei...@cluebyfour.org wrote: On Wed, 29 Feb 2012, Rodrick Brown wrote: There's about 1/2 a dozen or so known private and government research facilities on Antarctica and I'm

Re: do not filter your customers

On Feb 24, 2012, at 7:46 40AM, Danny McPherson wrote: On Feb 23, 2012, at 10:42 PM, Randy Bush wrote: the problem is that you have yet to rigorously define it and how to unambiguously and rigorously detect it. lack of that will prevent anyone from helping you prevent it. You referred

Re: do not filter your customers

On Feb 24, 2012, at 2:26 14PM, Danny McPherson wrote: On Feb 24, 2012, at 1:10 PM, Steven Bellovin wrote: But just because we can't solve the whole problem, does that mean we shouldn't solve any of it? Nope, we most certainly should decompose the problem into addressable elements

Re: Common operational misconceptions

The timer for Linux is 5 minute by default but you can change it. Timer timeouts do not affect TCP MSS. RFC 2923: TCP should notice that the connection is timing out. After several timeouts, TCP should attempt to send smaller packets, perhaps turning off the DF flag

Re: Common operational misconceptions

On Feb 20, 2012, at 10:27 PM, Masataka Ohta wrote: Steven Bellovin wrote: Timer timeouts do not affect TCP MSS. RFC 2923: TCP should notice that the connection is timing out. After several timeouts, TCP should attempt to send smaller packets, perhaps turning off

Re: public scalable vpn?

On Feb 18, 2012, at 6:51 PM, George Bonser wrote: academics in ontario are gonna need a scalable vpn service until they find jobs elsewhere. http://www.cautbulletin.ca/en_article.asp?SectionID=1386SectionName=Ne wsVolID=336VolumeName=No%202VolumeStartDate=2/10/2012EditionID=36E

Re: Dear RIPE: Please don't encourage phishing

Oh, and 'i' and 'l' need to be banned as well, because a san-serif uppercase I looks a lot like a san-serif lowercase l. (In fact, in the font I'm currently using, the two are pixel-identical). I don't see anybody calling for the banning of 'i' and 'l' in domain names due to that.

Dear RIPE: Please don't encourage phishing

I received the enclosed note, apparently from RIPE (and the headers check out). Why are you sending messages with clickable objects that I'm supposed to use to change my password? --- From: ripe_dbannou...@ripe.net Subject: Advisory notice on passwords in the RIPE Database Date: February 9,

Re: Dear RIPE: Please don't encourage phishing

If they're intended as a path to log in with a typed password, that's correct. Sad, but correct. On Feb 10, 2012, at 12:18 PM, Richard Barnes wrote: So because of phishing, nobody should send messages with URLs in them? On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin s

Re: Dear RIPE: Please don't encourage phishing

On Feb 10, 2012, at 12:29 30PM, Randy Bush wrote: So because of phishing, nobody should send messages with URLs in them? more and more these days, i have taken to not clicking the update messages, but going to the web site manyually to get it. Yup -- I wrote about that a while back

Re: Dear RIPE: Please don't encourage phishing

On Feb 10, 2012, at 12:37 01PM, Leo Bicknell wrote: In a message written on Fri, Feb 10, 2012 at 09:29:30AM -0800, Randy Bush wrote: more and more these days, i have taken to not clicking the update messages, but going to the web site manyually to get it. wy to much phishing, and it

Re: LAw Enforcement Contact

On Jan 23, 2012, at 2:46 AM, Chris wrote: The appropriately named SS mainly deals with counterfeit currency, widespread ID theft (See also: Ryan1918) and threats to the President. Actually, they have statutory authority to deal with computer crime, too; see

Re: Megaupload.com seized

On Jan 21, 2012, at 8:00 PM, Jay Ashworth wrote: - Original Message - From: Lyle Giese l...@lcrcomputer.net Not that I would not be a bit miffed if personal files disappeared, but that's one of the risks associated with using a cloud service for file storage. It could have been a

Re: Megaupload.com seized

On Jan 19, 2012, at 6:44 PM, ja...@smithwaysecurity.com wrote: You guys serous, when did the order come in to sezie the domain? http://arstechnica.com/tech-policy/news/2012/01/why-the-feds-smashed-megaupload.ars has a good analysis; also see

Re: Megaupload.com seized

On Jan 19, 2012, at 10:07 PM, Suresh Ramasubramanian wrote: I would agree. They've dotted every i and crossed every t here. This will inevitably be followed by a prosecution of some sort and/or there's also scope for Megaupload to sue the USG for restitution. It'll be interesting to see

Re: Megaupload.com seized

in such a prosecution - it would quite probably not constitute private mail On Fri, Jan 20, 2012 at 8:49 AM, Steven Bellovin s...@cs.columbia.edu wrote: The Megaupload case is unusual, said Orin S. Kerr, a law professor at George Washington University, in that federal prosecutors obtained

Re: DNS Attacks

On Jan 18, 2012, at 10:41 30AM, Christopher Morrow wrote: On Wed, Jan 18, 2012 at 10:05 AM, Nick Hilliard n...@foobar.org wrote: On 18/01/2012 14:18, Leigh Porter wrote: Yeah like I say, it wasn't my idea to put DNS behind firewalls. As long as it is not *my* firewalls I really don't care

Re: question regarding US requirements for journaling public email (possible legislation?)

On Jan 5, 2012, at 11:05 37PM, Suresh Ramasubramanian wrote: There's no shortage of stuff that reaches you 80..90 days after the fact The UK voluntary retention rules make a lot more sense, compared to a few days, which is entirely impractical On Fri, Jan 6, 2012 at 9:30 AM,

Re: question regarding US requirements for journaling public email (possible legislation?)

On Jan 5, 2012, at 2:16 PM, Fred Baker wrote: On Jan 5, 2012, at 10:42 AM, William Herrin wrote: On Thu, Jan 5, 2012 at 10:56 AM, Eric J Esslinger eesslin...@fpu-tn.com wrote: His response was there is legislation being pushed in both House and Senate that would require journalling for

Re: AD and enforced password policies

On Jan 3, 2012, at 8:09 19AM, Greg Ihnen wrote: On Jan 3, 2012, at 4:14 AM, Måns Nilsson wrote: Subject: RE: AD and enforced password policies Date: Mon, Jan 02, 2012 at 11:15:08PM + Quoting Blake T. Pfankuch (bl...@pfankuch.me): However I would say 365 day expiration is a little

Re: AD and enforced password policies

On Jan 2, 2012, at 7:05 PM, Gary Buhrmaster wrote: On Mon, Jan 2, 2012 at 22:32, Jimmy Hess mysi...@gmail.com wrote: The sole root cause for easily guessable passwords is not lack of technical restrictions. It's also: lazy or limited memory humans who need passwords that they can

Re: AD and enforced password policies

On Jan 2, 2012, at 9:10 PM, Lyndon Nerenberg wrote: I just went through some calculations for a (government) site that has the following rules: [...] Under the plausible assumption that very many people will start with a string of digits, continue with a string of lower-case letters to

Re: Does anybody out there use Authentication Header (AH)?

On Jan 1, 2012, at 8:34 PM, TR Shaw wrote: John, Unlike AH, ESP in transport mode does not provide integrity and authentication for the entire IP packet. However, in Tunnel Mode, where the entire original IP packet is encapsulated with a new packet header added, ESP protection is

Re: Does anybody out there use Authentication Header (AH)?

, Jan 2, 2012 at 7:20 AM, Steven Bellovin s...@cs.columbia.edu wrote: On Jan 1, 2012, at 8:34 PM, TR Shaw wrote: John, Unlike AH, ESP in transport mode does not provide integrity and authentication for the entire IP packet. However, in Tunnel Mode, where the entire original IP packet

Re: Misconceptions, was: IPv6 RA vs DHCPv6 - The chosen one?

On Dec 29, 2011, at 5:30 16PM, Masataka Ohta wrote: valdis.kletni...@vt.edu wrote: IGP snooping is not necessary if the host have only one next hop router. You don't need an IGP either at that point, no matter what some paper from years ago tries to assert. :) IGP is the way for

Re: IPv6 RA vs DHCPv6 - The chosen one?

On Dec 26, 2011, at 1:23 46PM, Mark Radabaugh wrote: On 12/26/11 12:56 PM, valdis.kletni...@vt.edu wrote: On Mon, 26 Dec 2011 12:32:46 EST, Ray Soucy said: 2011/12/26 Masataka Ohtamo...@necom830.hpcl.titech.ac.jp: And, if RA is obsoleted, which is a point of discussion, there is no reason

Re: what if...?

On Dec 22, 2011, at 7:04 PM, Jeroen van Aart wrote: Marshall Eubanks wrote: Does your Mom call you up every time she gets a dialog box complaining about an invalid certificate ? If she has been conditioned just to click OK when that happens, then she probably can't. Everyone I have

Re: Traceroute explanation

On Dec 7, 2011, at 2:51 08PM, Meftah Tayeb wrote: big thank for that but, i am testing that for one day :) Can you do an AStraceroute or manually translate those addresses into AS#s? That is, might level3 and tinet be using multiple AS#s, in which case this isn't unreasonable?

Re: Traceroute explanation

what's available. On Dec 7, 2011, at 2:56 16PM, Meftah Tayeb wrote: please tel me how to ? i don't know astraceroute:) - Original Message - From: Steven Bellovin s...@cs.columbia.edu To: Meftah Tayeb tayeb.mef...@gmail.com Cc: Fred Baker f...@cisco.com; nanog@nanog.org Sent

Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmapwith malware!]

On Dec 6, 2011, at 12:34 31PM, William Allen Simpson wrote: On 12/6/11 12:00 PM, Eric Tykwinski wrote: Maybe it's just me, but I would think that simply getting them listed on stopbadware.org and other similar sites would probably have much more of an effect. The bad publicity can cause

Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmap with malware!]

F*ck them! If anyone knows a great copyright attorney in the U.S., please send me the details or ask them to get in touch with me. Hmm -- did you say copyright? I wonder what would happen if you sent them a DMCA takedown notice. To quote Salvor Hardin, It's a poor atom blaster that

Re: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

On Nov 28, 2011, at 4:51 52PM, Owen DeLong wrote: On Nov 28, 2011, at 7:29 AM, Ray Soucy wrote: It's a good practice to reserve a 64-bit prefix for each network. That's a good general rule. For point to point or link networks you can use something as small as a 126-bit prefix (we do).

Re: First real-world SCADA attack in US

On Nov 22, 2011, at 7:51 59PM, valdis.kletni...@vt.edu wrote: On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said: http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html And In addition, DHS and FBI have concluded that there was no malicious traffic from

Re: First real-world SCADA attack in US

On Nov 22, 2011, at 8:08 58PM, Steven Bellovin wrote: On Nov 22, 2011, at 7:51 59PM, valdis.kletni...@vt.edu wrote: On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said: http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html And In addition, DHS and FBI have

Re: First real-world SCADA attack in US

On Nov 21, 2011, at 4:30 PM, Mark Radabaugh wrote: Probably nowhere near that sophisticated. More like somebody owned the PC running Windows 98 being used as an operator interface to the control system. Then they started poking buttons on the pretty screen. Somewhere there is a

Re: using IPv6 address block across multiple locations

On Oct 31, 2011, at 12:30 49PM, Joel jaeggli wrote: On 10/31/11 03:43 , Jeroen Massar wrote: On 2011-10-31 08:56 , Dmitry Cherkasov wrote: Hello, Please advice what is the best practice to use IPv6 address block across distributed locations. You go to multiple RIRs and get multiple

Re: 13 years ago today - October 16, 1998...

On Oct 15, 2011, at 11:20 58PM, Jay Ashworth wrote: - Original Message - From: Rodney Joffe rjo...@centergate.com Subject: 13 years ago today - October 16, 1998... we lost Jon. It feels like just yesterday. http://www.apps.ietf.org/rfc/rfc2468.html My path didn't cross

Re: East Coast Earthquake 8-23-2011

On Aug 24, 2011, at 9:44 20AM, Patrick W. Gilmore wrote: On Aug 24, 2011, at 8:55 AM, JC Dill wrote: On 23/08/11 3:13 PM, William Herrin wrote: A. Our structures aren't built to seismic zone standards. Our construction workers aren't familiar with*how* to build to seismic zone standards.

Re: How long is your rack?

On Aug 15, 2011, at 10:12 21AM, Randy Bush wrote: I've always wondered if the next cisco/juniper 0 day will be delivered via a set of exploits delivered via a link posted to NANOG. :) Maybe I'll do a talk at DEFCON next year about that. more likely a 'shortened' url. how anyone can click

Re: NANOGers home data centers - What's in your closet?

The holy grail I'm searching for now? A GigE switch with POE, unmanaged is ok, and probably preferred from a price perspective; but with NO FAN. I can't help with the POE part. I have a 16-port D-Link DGS-1016D -- GigE, no fan, unmanaged. --Steve Bellovin,

Re: NANOGers home data centers - What's in your closet?

On Aug 12, 2011, at 10:17 39PM, Joe Greco wrote: What nobody wired their abode with fiber ? Am i the only one here I ran a bunch of fiber from the telco rack to the server rack to reduce the risk of damage to expensive servers ... it's likely to be meaningless but it is just a little

Re: Comcast Bussiness Class and GRE Tunnels

On Jul 26, 2011, at 11:07 37AM, Nate Burke wrote: Hello, I'm hoping that someone here might have run into a similar issue and might be able to offer me some pointers. I have a customer that I am providing redundant paths to, one link over a microwave connection, and a backup link over a

Re: Strange TCP connection behavior 2.0 RC2 (+3)

On Jun 29, 2011, at 8:59 49AM, Ryan Malayter wrote: On Jun 28, 3:35 pm, Cameron Byrne cb.li...@gmail.com wrote: AFAIK, Verizon and all the other 4 largest mobile networks in the USA have transparent TCP proxies in place. Do you have a reference for that information? Neither ATT

Re: Address Assignment Question

On Jun 20, 2011, at 5:52 27PM, John Levine wrote: They have inquired about IPv6 already, but it's only gone so far as that. I would gladly give them a /64 and be done with it, but my concern is that they are going to want several /64 subnets for the same reason and I don't really *think*

Re: Address Assignment Question

On Jun 20, 2011, at 10:22 45PM, John R. Levine wrote: All they need -- or, I suspect, need to assert -- is to have multiple physical networks. They can claim a production net, a DMZ, a management net, a back-end net for their databases, a developer net, and no one would question an

Re: Yup; the Internet is screwed up.

On Jun 11, 2011, at 5:34 10AM, Jeroen van Aart wrote: Ricardo Ferreira wrote: Funny, how in the title refers to the Internet globally when the article is specific about the USA. I live in europe and we have at home 100Mbps . Mid sized city of 500k people. Some ISPs even spread WiFi across

Re: IPv6 day fun is beginning!

On Jun 7, 2011, at 7:22 58PM, john.herb...@usc-bt.com john.herb...@usc-bt.com wrote: No issues connecting to FB for me on IPv6 (both to www.v6.facebook.com and to the returned by www.facebook.com now). Interesting (perhaps) side note - www.facebook.com has a , but facebook.com

Re: IT Survey Request: Win an iPad2 or Kindle!

On May 27, 2011, at 10:24 22AM, Michael Holstein wrote: I am a student at UCLA Anderson School of Managment and my MBA field study team is working on a research that involves conducting a survey of CIOs, IT Managers/Administrators, IT Engineers to understand challenges in managing IT

Re: Rogers Canada using 7.0.0.0/8 for internal address space

On May 24, 2011, at 9:29 06PM, Jay Ashworth wrote: - Original Message - From: Jimmy Hess mysi...@gmail.com On Tue, May 24, 2011 at 4:34 PM, vinny_abe...@dell.com wrote: I think those within the organization that deploy those vehicles or are Navy SEALs might sit at different lunch

Re: Had an idea - looking for a math buff to tell me if it's possiblewith today's technology.

On May 19, 2011, at 9:48 35AM, Jamie Bowden wrote: I know you're having fun with him, but I think what the original poster had in mind was more like thinking of a file as just a string of numbers. Create an equation that generates that string of numbers, send equation, regenerate string on

Re: Had an idea - looking for a math buff to tell me if it's possible with today's technology.

On May 18, 2011, at 4:07 32PM, Landon Stewart wrote: Lets say you had a file that was 1,000,000,000 characters consisting of 8,000,000,000bits. What if instead of transferring that file through the interwebs you transmitted a mathematical equation to tell a computer on the other end how to

Re: user-relative names - was:[Re: Yahoo and IPv6]

On May 17, 2011, at 10:30 13PM, Joel Jaeggli wrote: On May 17, 2011, at 6:09 PM, Scott Weeks wrote: --- joe...@bogus.com wrote: From: Joel Jaeggli joe...@bogus.com On May 17, 2011, at 4:30 PM, Scott Brim wrote: On May 17, 2011 6:26 PM, valdis.kletni...@vt.edu wrote: On Tue, 17 May 2011

Re: 23,000 IP addresses

On May 10, 2011, at 9:07 11AM, Marshall Eubanks wrote: A Federal Judge has decided to let the U.S. Copyright Group subpoena ISPs over 23,000 alleged downloads of some Sylvester Stallone movie I have never heard of; subpoenas are expected to go out this week. I thought that there might

Re: 23,000 IP addresses

On May 10, 2011, at 2:10 10PM, Wil Schultz wrote: On May 10, 2011, at 10:56 AM, Steven Bellovin wrote: On May 10, 2011, at 9:07 11AM, Marshall Eubanks wrote: Has anyone converted that file to some useful format like ASCII? You know -- something greppable? I've converted

Re: 23,000 IP addresses

On May 10, 2011, at 3:02 33PM, Owen DeLong wrote: On May 10, 2011, at 11:49 AM, Michael Holstein wrote: In the EU you have Directive 2006/24/EC: But I'm not, and neither are most of the ISPs in the linked document. Regards, Michael Holstein Information Security Administrator

Re: 23,000 IP addresses

On May 10, 2011, at 3:51 32PM, Michael Holstein wrote: In the US, I believe that CALEA requires you to have those records for 7 years. No, it doesn't (records *of the requests* are required, but no obligation to create subscriber records exists). Even if it did .. academic

Re: 23,000 IP addresses

On May 10, 2011, at 9:53 16PM, Michael Painter wrote: Deepak Jain wrote: For examples, see the RIAA's attempts and more recently the criminal investigations of child porn downloads from unsecured access points. From what I understand (or wildly guess) is that ISPs with remote diagnostic

Re: How do you put a TV station on the Mbone?

On May 5, 2011, at 1:55 54AM, George Bonser wrote: There is a security aspect to such things, though, as how do you know the content is from a trusted source? That is the bugaboo with multicast. It needs to be information that isn't going to hurt anything if it is bogus. Also, it opens

Re: How do you put a TV station on the Mbone?

On May 4, 2011, at 3:37 48PM, Jeff Wheeler wrote: On Wed, May 4, 2011 at 2:22 PM, Scott Helms khe...@ispalliance.net wrote: Local caching is MUCH more efficient than having the same traffic running in streams and depending on everyone's PC to try and update in the same time This only

Re: VPN over slow Internet connections

On Apr 21, 2011, at 12:55 32PM, Ben Whorwood wrote: Dear all, Can anyone share any thoughts or experiences for VPN links running over slow Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)? We are looking into utilising OpenVPN for out-of-office workers who would be

Re: VPN over slow Internet connections

On Apr 21, 2011, at 4:31 32PM, Phil Regnauld wrote: Steven Bellovin (smb) writes: I should note: IPsec, being datagram-based, will also work well. PPTP, which runs over TCP as far as I know, will suffer all of the ills I just outlined. PPTP uses 1723/tcp for control

Re: VPN over slow Internet connections

On Apr 21, 2011, at 5:28 46PM, Terry Baranski wrote: On Apr 21, 2011, at 4:20PM, Steven Bellovin wrote: For your application or for the VPN? For the VPN, I *strongly* suggest you use UDP, or you're going to get dueling retransmissions and spend a lot of time sending many copies

Re: Comcast's 6to4 Relays

On Apr 20, 2011, at 3:50 03PM, Owen DeLong wrote: On Apr 20, 2011, at 11:25 AM, Doug Barton wrote: On 04/20/2011 10:54, Brzozowski, John wrote: Doug, I am aware of the drafts you cited earlier, as Mikael mentions below the existence of the same will not result in 6to4 being turned off

Re: 365x24x7

On Apr 17, 2011, at 11:47 20PM, Frank Bulk wrote: Timely article on the FAA's involvement with sleep schedules: http://www.ajc.com/news/air-traffic-controller-scheduling-913244.html Union spokesman Doug Church said up to now, 25 percent of the nation's air traffic controllers

Re: 365x24x7 (sleep patterns)

On Apr 15, 2011, at 1:41 26PM, Marshall Eubanks wrote: On Apr 15, 2011, at 12:44 PM, Mark Green wrote: Suggestion; once on the 'night shift' stay put for at least three months... Sleep patterns take time to adjust. Jumping between day and night shifts will burn out even the most

Re: v6 Avian Carriers?

On Apr 1, 2011, at 8:41 11AM, Sachs, Marcus Hans (Marc) wrote: I was wondering which April 1st this would happen on. Now I know. So if a v6 carrier swallows a v4 datagram does that count as packet loss or tunneling? http://datatracker.ietf.org/doc/rfc6214/ I was disappointed in this

Re: v6 Avian Carriers?

: Swallows have MTU issues. On Fri, Apr 1, 2011 at 8:27 PM, Owen DeLong o...@delong.com wrote: On Apr 1, 2011, at 10:45 AM, Steven Bellovin wrote: On Apr 1, 2011, at 8:41 11AM, Sachs, Marcus Hans (Marc) wrote: I was wondering which April 1st this would happen on. Now I know. So if a v6

Re: The state-level attack on the SSL CA security model

On Mar 26, 2011, at 12:21 12AM, Franck Martin wrote: On 3/26/11 15:36 , Joe Sniderman joseph.snider...@thoroquel.org wrote: On 03/25/2011 11:12 PM, Steven Bellovin wrote: On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote: One could argue that you could try something like

Re: The state-level attack on the SSL CA security model

On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote: One could argue that you could try something like the facebook model (or facebook itself). I can see it coming. Facebook web of trust app ;-) Except, of course, for the fact that people tend to have hundreds of friends, many of whom

Re: Nortel, in bankruptcy, sells IPv4 address block for $7.5 million

On Mar 24, 2011, at 10:27 58AM, Aaron Wendel wrote: That's a good question. Maybe they can't qualify under Arin rules. Another question will be: how is Arin going to handle it? Im pretty sure that the RSA says that in the event of bankruptcy ips revert to the Arin pool. I understand

Re: IPv4 address shortage? Really?

...well, kind of. What you don't mention is that it was thought to be ugly and rejected solely on the aesthetic grounds. Which is somewhat different from being rejected because it cannot work. Now, I'd be first to admit that using LSRR as a substitute for straightforward address

Re: IPv4 address shortage? Really?

On Mar 8, 2011, at 8:32 59AM, valdis.kletni...@vt.edu wrote: On Tue, 08 Mar 2011 07:37:27 EST, Steven Bellovin said: No. It was rejected because routers tended to melt down into quivering puddles of silicon from seeing many packets with IP options set -- a fast trip to the slow path

Re: IPv4 address shortage? Really?

On Mar 8, 2011, at 11:21 09AM, valdis.kletni...@vt.edu wrote: On Tue, 08 Mar 2011 08:43:53 EST, Steven Bellovin said: It wouldn't -- couldn't -- work that way. Leaving out longer paths (for many, many reasons) and sticking to 64-bit addresses, every host would have a 64-bit address

Re: Mac OS X 10.7, still no DHCPv6

On Feb 28, 2011, at 1:10 21AM, Randy Bush wrote: I'm not saying there are no uses for DHCPv6, though I suspect that some of the reasons proposed are more people wanting to do things the way they always do, rather than making small changes and ending up with equivalent effort. add noc and

  1   2   3   >