RE: LDAP Client API in C with Notification of the end of a reques t

[Dawson, Peter D]

strtok() can be used to break the string pointed  to  by  s1
into a sequence of tokens, each of which is delimited by one
or more  characters  from  the  string  pointed  to  by  s2.
strtok() considers the string s1 to consist of a sequence of
zero or more text tokens separated by spans of one  or  more
characters  from  the  separator  string s2.  The first call
(with pointer s1 specified) returns a pointer to  the  first
character  of  the first token, and will have written a null
character into s1 immediately following the returned  token.
The  function  keeps  track  of  its  position in the string
between separate calls, so that subsequent calls (which must
be  made  with the first argument being a null pointer) will
work through the string s1 immediately following that token.
In this way subsequent calls will work through the string s1
until no tokens remain.  The separator string s2 may be dif-
ferent  from  call  to call.  When no token remains in s1, a
null pointer is returned.

->-Original Message-
->From: Lloyd Wood [mailto:[EMAIL PROTECTED]]
->Sent: Friday, May 25, 2001 11:44 AM
->To: George Xu
->Cc: 'James P. Salsman'; [EMAIL PROTECTED]
->Subject: RE: LDAP Client API in C with Notification of the end of a
->reques t
->
->
->On Fri, 25 May 2001, George Xu wrote:
->
->> Very interesting statement about strtok().  Do you know 
->which OS or where I
->> can find the material supporting your point here?
->
->type 
->
->man strtok
->
->on a unix box.
->
->L.
->
-><[EMAIL PROTECTED]>PGP
->

RE: Carrier Class Gateway

[Dawson, Peter D]

.dark fiber optics..based on Dense Wavelength 
Division Multiplexing.. layed 2 km below the surface
of the sea... oh factor in high/low tide ...

->-Original Message-
->From: Pat Holden [mailto:[EMAIL PROTECTED]]
->Sent: Wednesday, April 25, 2001 2:05 PM
->To: Robert G. Ferrell; [EMAIL PROTECTED]
->Cc: [EMAIL PROTECTED]
->Subject: Re: Carrier Class Gateway 
->
->
->what type of media do you propose to run ISBP over?
->- Original Message - 
->From: "Robert G. Ferrell" <[EMAIL PROTECTED]>
->To: <[EMAIL PROTECTED]>
->Cc: <[EMAIL PROTECTED]>
->Sent: Wednesday, April 25, 2001 1:13 PM
->Subject: Re: Carrier Class Gateway 
->
->
->> >And of *course*, you want the bridge and the ship to be 
->using some sort
->> >of IM Presence protocol so each knows the other is there
->> 
->> This is a perfect application for the ISBP (Intraship 
->Bridge Protocol)...
->> 
->> RGF
->

EDIINT WG ??

[Dawson, Peter D]

hi,
can some1 clue me into the status
of the following drafts;


Requirements for Inter-operable Internet EDI
expired march 2000


HTTP Transport for Secure EDI 
expired Jan 2001


MIME-based Secure EDI
expired March 2000


disbanded ?? recharted ??  url for archive info ??

thanks

/pd

   

RE: Proposal to deal with archiving of I-Ds

[Dawson, Peter D]

Melinda,

->-Original Message-
->From: Melinda Shore [mailto:[EMAIL PROTECTED]]
->Sent: Thursday, September 28, 2000 1:55 PM
->To: Dawson, Peter D; [EMAIL PROTECTED]
->Subject: Re: Proposal to deal with archiving of I-Ds 
->
->
->> Some authors = > No ;
->> Some authors = > yes;
->> Libarian = > yes;
->> Historian => yes;
->> IETF => no;
->
->Interesting set of categories, there.  Who's
->the "IETF?"

I could (&would) say that it is the entity indirectly responsible 
for ID/RFC publications with the rights of such publications
residing with the ISOC

RE: Proposal to deal with archiving of I-Ds

[Dawson, Peter D]

oh ...hold on folks !, a pgp signature for an
expire i-d ?. I think the question 
was "about whether TO archive or NOT archive ID".

some consensus right now is,

Some authors = > No ;
Some authors = > yes;
Libarian = > yes;
Historian => yes;
IETF => no;

and lets stick to the question of why/how ID's are
reference in RFC's 

/pd

->-Original Message-
->From: Bill Sommerfeld [mailto:[EMAIL PROTECTED]]
->Sent: Thursday, September 28, 2000 9:19 AM
->To: [EMAIL PROTECTED]
->Cc: Greg Minshall; [EMAIL PROTECTED]
->Subject: Re: Proposal to deal with archiving of I-Ds 
->
->
->> Convert the I-Ds to ps or pdf files (something hard to change) 
->
->Postscript files are straightforward for a postscript hacker to
->change.  I imagine the same is true for pdf files.
->
->If you want to make the files hard to change, try a pgp signature.
->
->  - Bill
->

RE: Netscape Netcenter Unsubscribe

[Dawson, Peter D]

could the list owner block these repetive msg's ..
i tkae it.. there is a glitch somewhere

->-Original Message-
->From: mailto:[EMAIL PROTECTED]]
->Sent: Thursday, August 10, 2000 7:19 AM
->To: [EMAIL PROTECTED]
->Subject: Netscape Netcenter Unsubscribe
->
->
->Dear cnri,
->
->The following email address has been unsubscribed from 
->Netscape Netcenter:
->[EMAIL PROTECTED]
->
->Thank you. 
->
->:
->annmn:[63J4t367U3J5C55UVXa01263Fo5SG32f3W3571Og]
->
->

RE: ferul/farrell postings

[Dawson, Peter D]

->-Original Message-
->From: Tony Hain [mailto:[EMAIL PROTECTED]]
->Sent: Wednesday, August 09, 2000 2:14 PM
->To: William Allen Simpson; [EMAIL PROTECTED]
->Cc: Beatrice Dominguez-Meiers
->Subject: RE: ferul/farrell postings
->
->
->Because it is not a technology problem... Join Harald's list 
->to opt out
->of the noise.  http://www.alvestrand.no/ietf+censored.html
->

.. or just create filters on your email client...

/pd

RE: Addresses and ports and taxes -- oh my!

[Dawson, Peter D]

good point... but I do wonder how the border edge
router will handle a datagram with 
TTL approx > 240 sec's 
( i.e min time required for msg to pass between earth <=> mars) ?
what about jitters, latency ,dropped packets, icmpv6 err msg well
whatever

->-Original Message-
->From: Rick H Wesson [mailto:[EMAIL PROTECTED]]
->Sent: Thursday, August 03, 2000 2:50 PM
->To: Dawson, Peter D
->Cc: [EMAIL PROTECTED]
->Subject: RE: Addresses and ports and taxes -- oh my!
->
->
->
->peter,
->
->who said all the addresses were going to be used only on earth?
->
->-r
->
->On Thu, 3 Aug 2000, Dawson, Peter D wrote:
->
->> v6 address space works out to about 1500 address 
->> per sq  mtr of the earth's surface...
->> NOW..how many house fit on 1 sqm ?
->> 
->> ->-Original Message-
->> ->From: Parkinson, Jonathan [mailto:[EMAIL PROTECTED]]
->> ->Sent: Thursday, August 03, 2000 10:23 AM
->> ->To: 'Rakers, Jason'; 'Dennis Glatting'; [EMAIL PROTECTED]
->> ->Subject: RE: Addresses and ports and taxes -- oh my!
->> ->
->> ->
->> ->Err I think that would take some thinking about ? How many 
->> ->houses are there
->> ->in the world!
->> ->
->> ->-Original Message-
->> ->From: Rakers, Jason [mailto:[EMAIL PROTECTED]]
->> ->Sent: Thursday, August 03, 2000 2:41 PM
->> ->To: 'Dennis Glatting'; [EMAIL PROTECTED]
->> ->Subject: RE: Addresses and ports and taxes -- oh my!
->> ->
->> ->
->> ->When household appliances begin becoming IP addressable, I 
->> ->think we will see
->> ->a move towards assigning an Internet IP address per household 
->> ->(much like
->> ->today's street address).  The household will perform NAT for 
->> ->all devices
->> ->within (one street address can house many people, not just one).
->> ->
->> ->
->> 
->

RE: Complaint to Dept of Commerce on abuse of users by ICANN

[Dawson, Peter D]

..and neither do I see the reason why one would waste 
their time 'harping' about the issue...

->-Original Message-
->From: Russ Smith [mailto:[EMAIL PROTECTED]]
->Sent: Thursday, August 03, 2000 11:45 AM
->To: Jean Camp; vinton g. cerf; [EMAIL PROTECTED]; [EMAIL PROTECTED];



->
->I don't see why anyone would want to waste their time trying 
->to participate
->in something like this.
->
->Russ Smith
->http://consumer.net
->

RE: Addresses and ports and taxes -- oh my!

[Dawson, Peter D]

v6 address space works out to about 1500 address 
per sq  mtr of the earth's surface...
NOW..how many house fit on 1 sqm ?

->-Original Message-
->From: Parkinson, Jonathan [mailto:[EMAIL PROTECTED]]
->Sent: Thursday, August 03, 2000 10:23 AM
->To: 'Rakers, Jason'; 'Dennis Glatting'; [EMAIL PROTECTED]
->Subject: RE: Addresses and ports and taxes -- oh my!
->
->
->Err I think that would take some thinking about ? How many 
->houses are there
->in the world!
->
->-Original Message-
->From: Rakers, Jason [mailto:[EMAIL PROTECTED]]
->Sent: Thursday, August 03, 2000 2:41 PM
->To: 'Dennis Glatting'; [EMAIL PROTECTED]
->Subject: RE: Addresses and ports and taxes -- oh my!
->
->
->When household appliances begin becoming IP addressable, I 
->think we will see
->a move towards assigning an Internet IP address per household 
->(much like
->today's street address).  The household will perform NAT for 
->all devices
->within (one street address can house many people, not just one).
->
->

RE: Addresses and ports and taxes -- oh my!

[Dawson, Peter D]

->-Original Message-
->From: Rakers, Jason [mailto:[EMAIL PROTECTED]]
->Sent: Thursday, August 03, 2000 9:41 AM
->To: 'Dennis Glatting'; [EMAIL PROTECTED]
->Subject: RE: Addresses and ports and taxes -- oh my!
->
->
  The household will perform NAT for 
->all devices
->within (one street address can house many people, not just one).

.. and lose out on e2e connectivity ?? 
imho, primary v6 address arch
was to negate the NAT bottleneck..and of course
v4 address exhaustion

RE: Addresses and ports and taxes -- oh my!

[Dawson, Peter D]

->-Original Message-
->From: Dennis Glatting [mailto:[EMAIL PROTECTED]]
->Sent: Thursday, August 03, 2000 8:32 AM
->To: [EMAIL PROTECTED]
->Subject: Addresses and ports and taxes -- oh my!
->
->

->Nonetheless, with IPv6, I naively hoped, until last night, the
->conservation of space issues would go away, and thus the 
->fees. Big duh!

ARIN ..still needs to delegate/admin the space.. costs will be incured.

->
->If we look at today's marketing hype and think forward a bit 
->there is a
->thrust to "Internet enable" appliances, such as dryers, ovens, and
->stereos. Assuming ARIN fees persist, my first philosophical 
->question is
->whether any consumer of these appliances MUST periodically 
->(e.g., monthly)
->drop coins in the ARIN fountain?

what does the appliance have to do with a /32 or /28 ??

->Imagine for a moment the effect of a fee against the 
->allocation or use of
->port 80 or 443, maybe even port 25 or 53.

Does IANA charge for  port assignment numbers ?? 

RE: Heard at the IETF

[Dawson, Peter D]

->-Original Message-
->From: Steven M. Bellovin [mailto:[EMAIL PROTECTED]]
->Sent: Wednesday, August 02, 2000 3:52 PM
->To: [EMAIL PROTECTED]
->Cc: Jon Crowcroft; Dawson, Peter D; [EMAIL PROTECTED]
->Subject: Re: Heard at the IETF 
-
..

->
->And of course, security folks want the buildings to be 
->O(2^1024) floors 
->high, so that we can see some *useful* primes...
->
->  --Steve Bellovin

of course, using the floor factors , as indicated...
this will eliminate all possibilities of hackers getting
into the elevator system.. correct ?.. a total flawless design..
except for base calculations... :))...or maybe not !

RE: Heard at the IETF

[Dawson, Peter D]

oh... did the other members on the elevator dispute 
the prime number sequence ..I.E as the elevator descended or ascended ?? 
if so.. 
then they were part of the ietf convention 
else
they were a bunch of normal geeks


->-Original Message-
->From: Dennis Glatting [mailto:[EMAIL PROTECTED]]
->Sent: Wednesday, August 02, 2000 11:57 AM
->To: [EMAIL PROTECTED]
->Subject: Heard at the IETF
->
->
->
->
->Based on an experience of mine last night.
->
->  Q: How can you tell if you are at a convention
-> with a bunch of geeks?
->  A: When you are in a crowded elevator and 
-> someone looks down at the panel of lit 
-> buttons and says: look, they're all prime 
-> numbers!
->
->
->
->

RE: Firewall standard

[Dawson, Peter D]

RFC2401.. is a good starting point


->-Original Message-
->From: Salavat R. Magazov [mailto:[EMAIL PROTECTED]]
->Sent: Tuesday, July 18, 2000 12:28 PM
->To: IETF mailing list
->Subject: Firewall standard
->
->
->Hello
->
->Are there any standards for application layer firewalls, 
->particularly secure
->tunnelers. Or may be some kind of recommendations to vendors 
->and system
->administrators.
->
->Salavat
->

RE: Is WAP mobile Internet??

[Dawson, Peter D]

->-Original Message-
->From: Jon Crowcroft [mailto:[EMAIL PROTECTED]]
->Sent: Wednesday, July 05, 2000 11:19 AM
->To: Parkinson, Jonathan
->Cc: '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
->Subject: Re: Is WAP mobile Internet??
->
->
->
->In message 
-><[EMAIL PROTECTED]>, 
->"Parkinson, Jonathan" typed:
->
-> >>I disagree, WAP, Wireless Application Protocol, Its a way 
->of transmitting
-> >>data I.E. to and from the Web. How does this not fall 
->under the Internet
-> >>Umbrella ?
->
->1 youcan't get at an arbirtrary web page
->2/ you can't get at an arbitraty application written on TCP/IP or
->UDP/IP


Jon, I wonder how WAP will fit into  Multicast apps - even 
if its single line txt based msg's app ?

/pd

RE: fyi.. House Committee Passes Bill Limiting Spam E-Mail

[Dawson, Peter D]

->-Original Message-
->From: Lillian Komlossy [mailto:[EMAIL PROTECTED]]
->Sent: Friday, June 16, 2000 9:29 AM
->To: '[EMAIL PROTECTED]'
->Subject: Re: fyi.. House Committee Passes Bill Limiting Spam E-Mail 
->
->
->Perhaps one of the solution would be to limit the amount of 
->addressees one
->email can go out to simultaneously. 

The MX admin.. can limit the no of addressess/per outgoing mail

/pd

pollem

[Dawson, Peter D]

I looking for info on the s/w routine
"pollem"... (which is used for firewall monitoring.)
any pointers/urls ?
thanks

/pd

RE: remove me from list

[Dawson, Peter D]

->-Original Message-
->From: Robert G. Ferrell [mailto:[EMAIL PROTECTED]]
->Sent: Monday, June 12, 2000 3:51 PM
->To: [EMAIL PROTECTED]
->Subject: Re: remove me from list 
->



->
->As to forwarding it to the "appropriate agency for 
->pursuit...,"  good luck.  
->If you find one that does any sort of pursuit, let me know, would you?

yeah.. just post back onto the list ! :) 
THAT info is really welcome !!

/pd

RE: "Big 5" Company SPAMMING

[Dawson, Peter D]

->-Original Message-
->From: Scot Mc Pherson [mailto:[EMAIL PROTECTED]]
->Sent: Monday, June 12, 2000 3:16 PM
->To: [EMAIL PROTECTED]
->Subject: RE: "Big 5" Company SPAMMING
->
->
->Actually replying to spam just informs the spammers they have good
->addresses...plus since the e-mailed the list, they don't have your
->individual e-mail addresses, but they will if you respond to them.
->

Actually, they can get the individual email addy... as long
as they join the list... and then email majordemo.. with the request !

/pd

RE: Acronims' ambiquity

[Dawson, Peter D]

Scott,

->-Original Message-
->From: Scott Bradner [mailto:[EMAIL PROTECTED]]
->Sent: Tuesday, June 06, 2000 8:04 PM
->To: [EMAIL PROTECTED]
->Subject: RE: Acronims' ambiquity 
->
->
->
->> the IETF's RFC/BCP's etc etc are the property of ISOC.
->
->this is more than a bit simplistic
->
->the ISOC holds a copyright license on RFCs that permit them to be
->published and freely copied and, in most cases, the right for 
->derivative
->works within the IETF standards process - the authoirs retain 
->all other
->rights including the basic copyright
->
->Scott
->
This is interesting... a couple of weeks ago
I remember a thread of Pete Loshin's saying 
something about a 10 series release of various RFC's.
does this imply (if I understand you correctly)
that royalty payments (on such publications)
are made to both Authors/ISOC ??

Pete, , clarifications/ comment's please. 

/pd

RE: Acronims' ambiquity

[Dawson, Peter D]

->-Original Message-
->From: Salvador Vidal [mailto:[EMAIL PROTECTED]]
->Sent: Tuesday, June 06, 2000 12:38 PM
->To: salavat
->Cc: [EMAIL PROTECTED]
->Subject: Re: Acronims' ambiquity
->

->the owner of the
->information has the right to stop abuse of this, the 
->information owner not
->necesary means the author, i.e.: I think that the works and 
->discusions at
->IETF are property of IETF, so must follow the rules of IEFT, 

the IETF's RFC/BCP's etc etc are the property of ISOC. 

/pd

RE: Regarding the pointer field in LSSR options of IP packet.

[Dawson, Peter D]

->-Original Message-
->From: Bob Braden [mailto:[EMAIL PROTECTED]]
->Sent: Tuesday, June 06, 2000 11:44 AM
->To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
->Subject: Re: Regarding the pointer field in LSSR options of IP packet.
->
->Yes.  
->
->Some years ago I twigged Jon Postel about this precise issue.  As I
->recall, he shrugged his shoulders and said something like 
->"Well, I made
->a choice, maybe not the choice I would make today, but... [that's the
->way it is, learn to live with it!].
->
->(The part in [] is my interpretation of his shrug).
->
->Bob Braden

I think at that "time" [early '80'], someone had to make "some" 
decision's and Jon did, as he was the rfc editor... 

/pd

RE: Storage over Ethernet/IP

[Dawson, Peter D]

->-Original Message-
->From: Steven M. Bellovin [mailto:[EMAIL PROTECTED]]
->Sent: Monday, May 29, 2000 1:56 PM
->To: Dawson, Peter D
->Cc: [EMAIL PROTECTED]
->Subject: Re: Storage over Ethernet/IP 
->
->
->In message 
-><[EMAIL PROTECTED]>, 
->"Dawson, Peter D" writes:
->>
->>
->>->-Original Message-
->>->From: Harald Tveit Alvestrand [mailto:[EMAIL PROTECTED]]
->>->Sent: Friday, May 26, 2000 6:27 PM
->>->To: [EMAIL PROTECTED]
->>->Cc: [EMAIL PROTECTED]
->>->Subject: RE: Storage over Ethernet/IP 
->>
->>->The point being made, remade and made again here is:
->>->- Any protocol that offers no means of countering such 
->>->security threats is 
->>->broken, and should not be considered for standardization.
->>
->>->It is perfectly possible that after conducting a threat 
->and modality 
->>->analysis, one ends up with saying that hardware-accelerated 
->>->IPsec using 
->>->host identities is adequate for the scenarios involving 
->>->otherwise-unprotected Internet links, and that a mode with no 
->>->protection is 
->>->adequate when the media is physically secured.
->>->
->>->But the analysis MUST BE DONE.
->>->
->>
->>is vulnerability and threat analysis part of the 
->>standardization process ??
->>
->Yes, in order to come up with a reasonable security considerations 
->section.  (Clearly, much of it is site-specific.  But the protocol 
->developers can't ignore it.)
->
->
->  --Steve Bellovin
->
OK...but nowhere in rfc2401/2402 do the STD doc's specify 
finding's of the  security /threat analysis, so how does
one state that the std doc, is within the reasonable limits
to counter "such threats and security" ?? 

/pd

RE: Storage over Ethernet/IP

[Dawson, Peter D]

->-Original Message-
->From: Harald Tveit Alvestrand [mailto:[EMAIL PROTECTED]]
->Sent: Friday, May 26, 2000 6:27 PM
->To: [EMAIL PROTECTED]
->Cc: [EMAIL PROTECTED]
->Subject: RE: Storage over Ethernet/IP 

->The point being made, remade and made again here is:
->- Any protocol that offers no means of countering such 
->security threats is 
->broken, and should not be considered for standardization.

->It is perfectly possible that after conducting a threat and modality 
->analysis, one ends up with saying that hardware-accelerated 
->IPsec using 
->host identities is adequate for the scenarios involving 
->otherwise-unprotected Internet links, and that a mode with no 
->protection is 
->adequate when the media is physically secured.
->
->But the analysis MUST BE DONE.
->

is vulnerability and threat analysis part of the 
standardization process ??

/pd

RE: Privacy (RE: Should IETF do more to fight computer crime?)

[Dawson, Peter D]

>-Original Message-
>From: Randy Bush [mailto:[EMAIL PROTECTED]]
>Sent: Thursday, May 25, 2000 1:55 PM
>To: Dawson, Peter D
>Cc: 'IETF general mailing list'
>Subject: RE: Privacy (RE: Should IETF do more to fight computer crime?)
>
>
>> Is there a GRIP online email archive ??
>
>details about all ietf wgs are on the ietf web site, 
><http://ietf.org/>.
>grip's in particular is 
><http://www.ietf.org/html.charters/grip-charter.html>.
>
>randy
>



Thanks, however, I was looking for a online archive..rather then the 
flat file,< archive: http://www-ext.eng.uu.net/grip-wg/grip-wg.txt >

/pd

RE: Privacy (RE: Should IETF do more to fight computer crime?)

[Dawson, Peter D]

>-Original Message-
>From: Harald Alvestrand [mailto:[EMAIL PROTECTED]]
>Sent: Wednesday, May 24, 2000 9:45 AM
>To: Dawson, Peter D; 'IETF general mailing list'
>Subject: RE: Privacy (RE: Should IETF do more to fight computer crime?)
>
>
>At 12:40 24.05.2000 +, Dawson, Peter D wrote:
>>So the "unverified accusation" ... should become "verifiable" and this
>>could only be possible if there is a code of ethics between 
>noc/isp etc...
>>i.e just what I suggested in my earlier posting...
>RFC 2350 and draft-ietf-grip-isp-expectations, and other GRIP 
>documents are 
>the furthest the IETF has come in addressing the "code of 
>ethics" problem.
>


Is there a GRIP online email archive ??
/pd

RE: Privacy (RE: Should IETF do more to fight computer crime?)

[Dawson, Peter D]

...

>pinpoint my habits, physiological profiles "etc" by an unverified 
^^ 
>accusation of suspicion of computer crime .
 ^

So the "unverified accusation" ... should become "verifiable" and this
could only be possible if there is a code of ethics between noc/isp etc...
i.e just what I suggested in my earlier posting...

/pd

RE: Should IETF do more to fight computer crime?

[Dawson, Peter D]

>On Tue, 23 May 2000 18:27:41 -, "Dawson, Peter D" 
><[EMAIL PROTECTED]>  said:
>> True, but only the origin of packets are determined. What is 
>needed is
>> a code of ethics between ISPs , to share information.
>> i.e once a packet leaves isp1 cloud and travels across isp2 cloud,
>> very rarely would isp1 be willing to disclose to isp2,...
>> which (user) is leased that specific dynamic ip address.
>
>Note that many providers may be legally bound to not give any more
>information than "Yeah, that's one of our IP addresses".  I know we
>have a lot of issues regarding privacy laws due to the fact that we're
>an agency of the Commonwealth of Virginia.  If we find that one of our
>students has been naughty, about all we can say to people outside is
>that we're aware of it and that action is being taken as per 
>our procedures.
>-- 

lets say a non-student was naughty and was attacking the vt.edu network...
would you feel satisfied with the answer.. "we're aware of it and that 
action is being taken as per our procedures" knowing fully well that
the outage costs is running into a couple of millions on a single site ??
/pd

RE: Should IETF do more to fight computer crime?

[Dawson, Peter D]

>-Original Message-
>From: Vernon Schryver [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, May 23, 2000 4:14 PM
>To: [EMAIL PROTECTED]
>Subject: RE: Should IETF do more to fight computer crime?
>
>
>> From: "Dawson, Peter D" <[EMAIL PROTECTED]>
>
>> >Jacob Palme <[EMAIL PROTECTED]> wrote:
>> >
>> >> But would not better logg production in routers be an aid
>> >> in finding the villain behind computer crimes?
>> >
>> >What type of logging do you propose?  It seems that the types 
>> >of logging
>> >that are already done enable people to trace the origins of 
>suspicious
>> >traffic.
>> >
>> >--gregbo
>
>> True, but only the origin of packets are determined. What is 
>needed is
>> a code of ethics between ISPs , to share information.
>> i.e once a packet leaves isp1 cloud and travels across isp2 cloud,
>> very rarely would isp1 be willing to disclose to isp2,...
>> which (user) is leased that specific dynamic ip address.
>>
>> btw, this info would be required on the fly... so that net admin/sec
>> would be in a better position to pinpoint the perpetrator's habits/ 
>> physiological profile etc..
>
>
>Let's actually think for a moment about serious logging or sharing
>information about Internet traffic.  State of the art large routers
>move Tbits/sec.  If the average packet size is 500 bytes, you're
>talking about logging or sharing information about 100 Mpackets/second.
>If you only log or share the source and destination IPv4 addresses,
>TCP or UDP port numbers, in incoming interface, a timestamp, and 1 or
>2 bits saying the packet was not unusual (e.g. no TCP options other
>than window scaling or SAK and no IP options), you're talking about
>logging or sharing more than 20 bytes/packet or a few GBytes/second/big
>router.  There are 86,400 seconds/day, so you're talking about logging
>or sharing about 100 TBytes/day per large router.
>
>Typical IP paths seem to be at least 10 hops long these days, and
>often 20 or 30.  Most of those routers are not going to be Tbit/sec
>backbone routers, but more than one will be, and the rest can be
>counted or aggregated as if they were.  Thus, you're talking about
>logging or sharing several 1000 TBytes/day.
>
>Perhaps it would not be a problem to burn 1,000,000 GByte CDROM, tapes,
>or other media per day, but what would you be able to do with 
>those logs?
>Searching a 1000 TByte database on the fly, especially if it is merely
>a primitive sequential log, would be a serious challenge.
>
>Yes, not many Tbit routers have been deployed, but they will be, and I
>think the average packet size is less than 500, which 
>increases the amount
>of logging.  Yes, you might not need to keep those 1000's of TBytes for
>more than a few days, but you still need a way to do something 
>with them.
>
>To put it another way, the complaints from the large ISP's 
>that they cannot
>police Internet traffic to shield their customers from 
>pornography, talk
>about World War II political parties, and the other things that various
>pressure groups and governments dislike have some technical reality.

I agree on the technical reality of tbyte storage/tcpdump etc...

>
>Technical reality always trumps political blather everywhere 
>that matters.
>

Yes, but if I were  behind a DMZ and my IDS triggers... and if I got a
source address .. my question is...
 would 'THe ISP' provide any type of information to  negate the threat ? is
this a political problem?? , beyond technical reality or just plain
non-compliance to 'Collabration' ???


/pd

RE: Should IETF do more to fight computer crime?

[Dawson, Peter D]

>Jacob Palme <[EMAIL PROTECTED]> wrote:
>
>> But would not better logg production in routers be an aid
>> in finding the villain behind computer crimes?
>
>What type of logging do you propose?  It seems that the types 
>of logging
>that are already done enable people to trace the origins of suspicious
>traffic.
>
>--gregbo

True, but only the origin of packets are determined. What is needed is
a code of ethics between ISPs , to share information.
i.e once a packet leaves isp1 cloud and travels across isp2 cloud,
very rarely would isp1 be willing to disclose to isp2,...
which (user) is leased that specific dynamic ip address.

btw, this info would be required on the fly... so that net admin/sec
would be in a better position to pinpoint the perpetrator's habits/ 
physiological profile etc..

/pd

RE: VIRUS WARNING

[Dawson, Peter D]

this is a good idea !! maybe the security wg could look
into this. Jeff, Marcus , any comments ??
/pd

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 12, 2000 2:05 PM
To: [EMAIL PROTECTED]
Subject: Re: VIRUS WARNING 


On Fri, 12 May 2000 13:38:43 EDT, Jeremy said:
> Can you plase pleaes stop this Virus Thread.

Actually, there *ARE* important issues here.

Would the IESG support the creation of a WG to discuss these, with the
charter of producing a BCP documenting what *should* be done to minimize
these risks in today's internet? 
-- 
Valdis Kletnieks
Operating Systems Analyst
Virginia Tech