Re: Route Collector
### On Tue, 26 Mar 2002 08:50:44 -0500, Chris Pace [EMAIL PROTECTED] ### casually decided to expound upon Todd Suiter [EMAIL PROTECTED] the ### following thoughts about Route Collector: CP Is it common or a good idea to have a route collector in a CP datacenter/enterprise environment ? We have 1 router that just collects CP routes using bgp and ospf, then set all servers to use it as the default CP gateway. Is this practical or am I making more work for myself ? So it's doing more than just collecting routes? It's also forwarding traffic? Is it carrying a full table of eBGP routes too? -- /*===[ Jake Khuon [EMAIL PROTECTED] ]==+ | Packet Plumber, Network Engineers /| / [~ [~ |) | | --- | | for Effective Bandwidth Utilisation / |/ [_ [_ |) |_| N E T W O R K S | +=*/
Re: Route Collector
Yes, it is forwarding bgp routes. However, it has no serial lines connected. Do you think it is causing unnecessary traffic ? Thanks - Original Message - From: Jake Khuon [EMAIL PROTECTED] To: Chris Pace [EMAIL PROTECTED] Cc: Todd Suiter [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, March 26, 2002 9:02 AM Subject: Re: Route Collector ### On Tue, 26 Mar 2002 08:50:44 -0500, Chris Pace [EMAIL PROTECTED] ### casually decided to expound upon Todd Suiter [EMAIL PROTECTED] the ### following thoughts about Route Collector: CP Is it common or a good idea to have a route collector in a CP datacenter/enterprise environment ? We have 1 router that just collects CP routes using bgp and ospf, then set all servers to use it as the default CP gateway. Is this practical or am I making more work for myself ? So it's doing more than just collecting routes? It's also forwarding traffic? Is it carrying a full table of eBGP routes too? -- /*===[ Jake Khuon [EMAIL PROTECTED] ]==+ | Packet Plumber, Network Engineers /| / [~ [~ |) | | --- | | for Effective Bandwidth Utilisation / |/ [_ [_ |) |_| N E T W O R K S | +=*/
Re: Odd spam / virus - comments ?
On Tue, 26 Mar 2002 09:13:08 EST, Steven M. Bellovin said: There are worms out there (such as Nimda.E) that use Outlook address books not just for lists of victims, but also as From: addresses. In other words, your involvement might be having sent email to someone else who is infected. An important addendum here - having sent mail includes posting to a mailing list that has a subscriber. I've gotten a lot of complaints because the actual perpetrator was a subscriber to NANOG or IETF or one of the many SecurityFocus mailing lists I post to. And once you take the union of *all* those lists, you start hitting the birthday paradox - it becomes *very* likely that if you and the recipient know each other (by virtue of being in the computer industry) that a third party has seen mail from both of you. Another way to look at it is that the 6 degrees game can easily drop 2 or 3 degrees *really* fast if you allow A and B both subscribe to the same mailing list as a connection. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech msg00417/pgp0.pgp Description: PGP signature
RE: How to get better security people
On that note, Etrade layed off their entire net sec team a few months back. I don't trade there no more. ;) -Original Message- From: Sean Donelan [mailto:[EMAIL PROTECTED]] Sent: Monday, March 25, 2002 7:05 PM To: [EMAIL PROTECTED] Subject: How to get better security people According to a recent salary survey telephone companies have some of the lowest paid information security professionals in comparison with other technology corporations, federal government, or financial companies. When the US Transportation Security Administration (aka, the agency in charge of airport screeners) is paying their computer security people more than telephone companies, its hard for phone companies to attact top security talent. Customers need to let companies know that security and responsiveness affects their purchasing decisions. I think some companies are getting the message. But in today's market, with tight budgets and layoffs, security is often viewed as overhead. A lot of providers are lucky if they have one network engineer who does security stuff in her spare time. Full-fledge security departments are rare. On Mon, 25 Mar 2002, Eric Whitehill wrote: UUNet, by far is the best. I've had mixed results with Sprint. A couple of years ago I had to deal with Hurricane Electric and the tech was really good about it - he added in the ACL I needed right over the phone. Also, I know of a couple providers in the upper midwest that are pretty good at working with DOS stuff. Email me off list if you are interested.
RE: How to get better security people
On Tue, 26 Mar 2002, LeBlanc, Jason wrote: On that note, Etrade layed off their entire net sec team a few months back. I don't trade there no more. ;) Fewer and fewer companies are paying attention to network security with the right mindset. They all want peopl who have been in the field for 7-10+ years, with 10+ years of general systems admin skills. I'm 21. I have 5 years of combined network security and sysadmin experience. No-one is interested. I spent 5 months looking for a job, applied at at least a few hundred locations, only to be told each time that I didn't have enough experience. I know around 100 other security admins, and I think 2 have that much experience. It's semi-understandable when a MNC wants that kind of experience, but when your run of the mill start up wants to too, it gets rather sick. These people aren't going to get what they're looking for. They'll realise it too late I guess. I dropped out of security and went back to sysadmining. I prefer the job I have now to any I've had in the past, and I wouldn't trade it for a security job with some of these firms in 10 lifetimes. -- Av Go here, now - http://www.ircnetops.org/smurf
Re: How to get better security people
I don't know where you get your information, but E*Trade hasn't laid-off their network security department. In fact, we're currently adding to it. I know there are some good network security experts on this list so if you're looking for a position then send your resume my way. Or to me if you're in Southern California (Orange County).
Re: Exodus/CW Depeering
I'm presuming that Exodus is planning to get the transit they need after this depeering via CW's peering points? If so, this makes a certain amount of sense - no need to maintain separate peering circuits; this is probably just a step in the eventual assimilation of Exodus' IP backbone into CW's. -C On Tue, Mar 26, 2002 at 11:12:12AM -0600, Chris Parker wrote: Well, another round of the depeering battles. We received notice this morning that Exodus is depeering at all US public exchanges on Friday ( gotta love that notice by the way ). They are also not accepting any requests for private peering ( despite meeting the requirements still listed on the peering page ): http://bengi.exodus.net/external/peering.html They will happily continue to sell transit at said exchanges though, and all CW peering contacts forward to sales ( ain't that cute! ). Should be interesting to see how this impacts the ability to reach sites hosted at Exodus. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net
RE: Exodus/CW Depeering
snip Should be interesting to see how this impacts the ability to reach sites hosted at Exodus. /snip nothing complicated. just means you will utilize a transit provider to reach Exodus hosted sites instead of direct public peer. unless you privately peer with CW. the bottom line - it will now cost you more to reach Exodus hosted sites... /chris
Re: Exodus/CW Depeering
I wrote: Of course there's little point in maintaining an overlay network with the same AS and separate peering. ^^^ I meant different AS. -Bill
RE: Exodus/CW Depeering
On Tue, 26 Mar 2002, Chris Flores wrote: snip Should be interesting to see how this impacts the ability to reach sites hosted at Exodus. /snip nothing complicated. just means you will utilize a transit provider to reach Exodus hosted sites instead of direct public peer. unless you privately peer with CW. the bottom line - it will now cost you more to reach Exodus hosted sites... Since Exodus is mostly a webhoster, do they have an asymetric traffic flow. Isn't bulk of the bandwidth is outbound from Exodus. Won't this just increase the distance and AS count for Exodus outbound traffic, making Exodus hosting even less desirable?
Re: Exodus/CW Depeering
It is a free market and they can do anything they want. If you have 5000 routes, and OC48c backbone and 3 OC3s worth of traffic at a 2:1 ratio; peering with CW is a snap. It clearly improved the ability of new players to enter the market for the FCC to aprove the transfer of MCI Internet assests to CW. It clearly resulted in the market conditions the federal goverment desired. --On Tuesday, 26 March 2002 12:35 -0500 German Martinez [EMAIL PROTECTED] wrote: Chris, You are right. On Tue, 26 Mar 2002, Chris Woodfield wrote: I'm presuming that Exodus is planning to get the transit they need after this depeering via CW's peering points? If so, this makes a certain amount of sense - no Looking at Exodus Route Server you will see that they are now getting transit from CW. Probably using as you state their current peering circuits (it makes sense from an operational point of view, when you are consolidating an AS into a single one). route-server.exodus.netsh ip bgp regexp _3561_ BGP table version is 15604957, local router ID is 209.1.220.234 Status codes: s suppressed, d damped, h history, * valid, best, i - internal Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * i3.0.0.0 209.1.40.148 1000 0 3561 1239 80 i * i 209.1.220.2421000 0 3561 1239 80 i * i 209.1.220.1021000 0 3561 1239 80 i * i 209.1.220.9 1000 0 3561 1239 80 i * i3.18.135.0/24209.1.220.1021000 0 3561 7018 ? * i 209.1.220.9 1000 0 3561 7018 ? * i4.0.0.0 209.1.40.148 1000 0 3561 1 i * i 209.1.220.1741000 0 3561 1 i * i 209.1.220.1021000 0 3561 1 i * i 209.1.220.2421000 0 3561 1 i * i 209.1.220.1331000 0 3561 1 i * i 209.1.40.72 1000 0 3561 1 i * i 209.1.40.141 1000 0 3561 1 i * i 209.1.220.9 1000 0 3561 1 i * i 209.1.220.1021000 0 3561 1 i * i 209.1.220.9 1000 0 3561 1 i * i6.0.0.0/20 209.1.40.148 1000 0 3561 3549 i * i 209.1.220.1561000 0 3561 3549 i * i 209.1.220.2421000 0 3561 3549 i * i 209.1.40.72 1000 0 3561 3549 i * i 209.1.40.141 1000 0 3561 3549 i * i 209.1.220.1741000 0 3561 3549 i * i9.2.0.0/16 209.1.40.148 1000 0 3561 701 i * i 209.1.220.1741000 0 3561 701 i need to maintain separate peering circuits; this is probably just a step in the eventual assimilation of Exodus' IP backbone into CW's. -C What I don't know is what they are going to do with their private peers ? Does somebody has a clue on this ? -- Joseph T. Klein
RE: How to get better security people
Surely you're looking for someone who can tell you what they are trying to protect from ie hacking, DoS, DDoS and how and why that is a security problem.. Then I guess you want them to have had sufficient experience to know how the different security products address these issues. No other major points really.. Product specialisations must be a distraction - if their knowledge and training comes from Checkpoint training then they may not know the details of the attack method and are more familiar with config'ing a checkpoint than what it is doing and in what areas it lacks.. And qualifications should never outnumber instances of hands on experience, what good is an academic with little knowledge in the field! Steve On Tue, 26 Mar 2002, Sean Donelan wrote: On Tue, 26 Mar 2002, Avleen Vig wrote: On Tue, 26 Mar 2002, LeBlanc, Jason wrote: On that note, Etrade layed off their entire net sec team a few months back. I don't trade there no more. ;) Fewer and fewer companies are paying attention to network security with the right mindset. They all want peopl who have been in the field for 7-10+ years, with 10+ years of general systems admin skills. I attended my first IETF meeting in 1991. There were 384 attendees. There are very few people who really have 10+ years experience in this industry. If I was looking for top security talent, what would I ask for whether I was hiring directly or outsourcing? Do I want a bunch of ex-miltary, ex-law enforcement, ex-banker, lots of certifications (CISSP, GIAC) none of which have existed for 10 years, published papers, can answer tricky questions about checkpoint firewalls (why is a confusing firewall configuration a good thing?), a college degree in crypto, big 5 accounting firm (or is that now big 4 accounting firm)? The problem right now is if you advertise for a job, you will get blasted with literally tens of thousands of resumes. What should I be telling the HR department to look for? Likewise, if I was going to outsource. What should I be looking for in a security management provider? The best information security person I've ever met/worked with/etc was at Disney Imagineering. I've yet to find anyone at a security consulting firm or other company that came close to matching him. -- Stephen J. Wilcox IP Services Manager, Opal Telecom http://www.opaltelecom.co.uk/ Tel: 0161 222 2000 Fax: 0161 222 2008
Re: Exodus/CW Depeering
From the sound of things, it seems that CW might have been better off migrating AS3561 into AS3967, not the other way around ;) I am assuming that the reasons it's not happening like this are much more political than technical. -C On Tue, Mar 26, 2002 at 10:18:04AM -0800, Bill Woodcock wrote: On Tue, 26 Mar 2002, Stephen J. Wilcox wrote: You mean Exodus are well connected and CW limit themselves which gives longer paths and increased latency. Longer paths definitely, increased jitter probably, increased latency probably, increased loss possibly. CW obviously have to have a lot of peering as well, since it's all they have to sell to their customers. However, their peering tends to be limited to a small number of peers to whom they have large connections, whereas Exodus had a large number of peers to whom they had medium-sized connections. So the average hop-count and as-path length for the Internet as a whole are both increased by this action, and nearly all paths increase in length for Exodus customers. So yes, Exodus customers are the big losers in the wake of this. -Bill
Re: Exodus/CW Depeering
From the sound of things, it seems that CW might have been better off migrating AS3561 into AS3967, not the other way around ;) I think that's what CW's engineering group thinks is happening. :-/ I will say that CW maintains a good backbone internally, even if it's pretty constricted at the edges. Be sad to see that expertise subsumed or driven away. -Bill
Re: Exodus/CW Depeering
Date: Tue, 26 Mar 2002 18:20:02 + (GMT) From: Stephen J. Wilcox [EMAIL PROTECTED] On another angle, if enough people refuse to take CW routes from transit preferring only peering nar, thats a conspiracy! Good plan tho. But if provider X becomes undesirable, I'd expect people to adjust local-pref on learned routes. That reduces the amount of traffic _to_ the provider in question, which certainly affects symmetry. If you _really_ want to get nasty, think frac-DS1, ^AS$ on inbound, and ^$ on outbound. :-P Oh, wait... except for the filter lists being a tish off, that's how peering between certain providers used to be in the mid, even late, 1990s. ;-) [Stretching the truth, but certain inter-AS hops sure made me wonder...] Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: How to get better security people
On Tue, 26 Mar 2002, Tony Wasson wrote: If I was looking for top security talent, what would I ask for whether I was hiring directly or outsourcing? I agree with Steve Wilcox, incidents are important. I would ask for a description of the 3 most interesting incidents they've ever worked on, and what they contributed. I'm sorry, but that's confidential information and I can't disclose it. Would you hire a security person, who will likely be involved in the most embarrassing slip ups your company makes, if he tells people about interesting incidents at previous employers. Maybe, it depends on what he says.
RE: Exodus/CW Depeering
-Original Message- AS3561 (InternetMCI) was once the number 1 ISP, by almost every measure that existed. The marketplace has not been kind to CW since they bought AS3561. Why isn't Adam Smith's Invisible Hand rewarding CW? Is CW number 5 or 6 these days? I think all that shows is that a well-engineered network does not sell itself. Those MCI sales and TSC people did a bangup job of taking care of data customers, from my limited point of view at the time. When the Transaction occurred, overnight my company's account team went from being 3 competent people in a local office to someone who worked out of her house on the other side of the state.
RE: How to get better security people
| The problem right now is if you advertise for a job, you will get | blasted with literally tens of thousands of resumes. What should I | be telling the HR department to look for? New careers. Sean.
RE: Exodus/CW Depeering
the Invisible Hand said you should talk to the face instead. Go figure. A monk I met on the street, however, said: Even stupid companies can make smart decisions sometimes, the trouble is that you can only tell in hindsight whether the choices made were the right ones. I was also given a copy of a book by Lao Tze before the monk was chased off by aggressive chanters and bongo-drummers from a rival sect. Central London is weird. Sean. | AS3561 (InternetMCI) was once the number 1 ISP, by almost every | measure that existed. The marketplace has not been kind to CW | since they bought AS3561. Why isn't Adam Smith's Invisible Hand | rewarding CW? Is CW number 5 or 6 these days?
Re: How to get better security people
On Mar 26, 2:15pm, Sean Donelan wrote: Subject: Re: How to get better security people * *On Tue, 26 Mar 2002, Tony Wasson wrote: * If I was looking for top security talent, what would I ask for whether * I was hiring directly or outsourcing? * * I agree with Steve Wilcox, incidents are important. I would ask for a * description of the 3 most interesting incidents they've ever worked on, and * what they contributed. * *I'm sorry, but that's confidential information and I can't disclose it. * *Would you hire a security person, who will likely be involved in the *most embarrassing slip ups your company makes, if he tells people about *interesting incidents at previous employers. * *Maybe, it depends on what he says. Long ago and downstairs, when I used to interview people for Operations Security, I asked each candidate whether s/he had ever handled a Denial of Service attack or an intrusion, and if so, could they describe in general terms how they handled it? I would specifically ask them to NOT provide any identifying info, just the process (and an explication of the attack) so I could gauge their understanding of the situation. I also had a short list of other questions that I used to try and get a feel for the person's security minded-ness (my term, I invented it a'ight?). Because when it comes to ISP security, there's a very limited pool of talent so candidates are unlikely to come in with the right skillset native. But if the person comes in and s/he is someone who thinks about scenarios and contingency plans and has a working knowledge of networking/computing, then I can teach him/her everything else. Kelly J. -- Kelly J. Cooper- Security Engineer, CISSP GENUITY- Main # - 800-632-7638 3 Van de Graaff Drive - Fax - 781-262-2744 Burlington, MA 01803 - http://www.genuity.net
RE: How to get better security people
Title: RE: How to get better security people -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 2:41 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: How to get better security people | The problem right now is if you advertise for a job, you will get | blasted with literally tens of thousands of resumes. What should I | be telling the HR department to look for? New careers. Sean. = That's the problem. Too many folks seeing the big money going to the tech weenies, and upon taking an MCSE boot camp, think they now qualify for a senior Admin/Security job. That and resume inflation, real or percieved. Too much noise in the system and inefective noise reduction methods... My resume is factual, and when I got out of the military, I was penalized by my first civilian employer. When I stated I could in fact set up a needed DNS, I was told they would hire it out. I asked why hire it out when I could do it. I was told, we only believe half of any resume we get, and we don't think that you have the necessary experience. If setting up and running deleted.af.mil (now gone), and doing the very first deleted.af.mil DNS located on the base (complete with off-site secondaries), and running it until transitioned about a year later to the comm squadron folks I trained didn't count, then what did? Not bitter, though. Got a new employer... James H. Smith II NNCDS NNCSE Systems Engineer The Presidio Corporation
RE: How to get better security people
It's also a matter of the market being saturated with unemployed people with paper certs, genuine competence, and some with both. The company I worked for sold out 5 months ago - I too have been looking ever since. I've made it a point to ask the recruiters/companies how much interest they've had in the position. The /typical/ response is *gasp*, we've received over 1300 (thirteen hundred) resumes for this position in the past week, I only talk to the people who call to follow-up. Extremely frustrating to say the least. -- Blake Fithen [EMAIL PROTECTED] www.pobox.com/~fithen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Avleen Vig Sent: Tuesday, March 26, 2002 10:39 AM To: LeBlanc, Jason Cc: 'Sean Donelan'; [EMAIL PROTECTED] Subject: RE: How to get better security people On Tue, 26 Mar 2002, LeBlanc, Jason wrote: On that note, Etrade layed off their entire net sec team a few months back. I don't trade there no more. ;) Fewer and fewer companies are paying attention to network security with the right mindset. They all want peopl who have been in the field for 7-10+ years, with 10+ years of general systems admin skills. I'm 21. I have 5 years of combined network security and sysadmin experience. No-one is interested. I spent 5 months looking for a job, applied at at least a few hundred locations, only to be told each time that I didn't have enough experience. I know around 100 other security admins, and I think 2 have that much experience. It's semi-understandable when a MNC wants that kind of experience, but when your run of the mill start up wants to too, it gets rather sick. These people aren't going to get what they're looking for. They'll realise it too late I guess. I dropped out of security and went back to sysadmining. I prefer the job I have now to any I've had in the past, and I wouldn't trade it for a security job with some of these firms in 10 lifetimes. -- Av Go here, now - http://www.ircnetops.org/smurf
Re: Exodus/CW Depeering
At 10:18 AM 26-03-02 -0800, Bill Woodcock wrote: On Tue, 26 Mar 2002, Stephen J. Wilcox wrote: You mean Exodus are well connected and CW limit themselves which gives longer paths and increased latency. Longer paths definitely, increased jitter probably, increased latency probably, increased loss possibly. In general, as companies and backbones merge and eliminate old ASNs, that would reduce the overall AS path length. That in general should not affect latency but as tier-1 ASNs grow in size, and control more of the path end to end, the latency should improve. The majors/tier1s like ATT, UUnet, Genuity and CW provide SLAs end-to-end *within* their ASN. They control the pipes, they know what they can take and they don't have to worry about some overloaded peering link. So as consolidation takes place, we should see better latencies and better SLAs. -Hank CW obviously have to have a lot of peering as well, since it's all they have to sell to their customers. However, their peering tends to be limited to a small number of peers to whom they have large connections, whereas Exodus had a large number of peers to whom they had medium-sized connections. So the average hop-count and as-path length for the Internet as a whole are both increased by this action, and nearly all paths increase in length for Exodus customers. So yes, Exodus customers are the big losers in the wake of this. -Bill
RE: Exodus/CW Depeering
At 10:40 PM 3/26/2002 +0200, Hank Nussbacher wrote: At 11:49 AM 26-03-02 -0800, Sean M. Doran wrote: the Invisible Hand said you should talk to the face instead. Go figure. A monk I met on the street, however, said: Even stupid companies can make smart decisions sometimes, the trouble is that you can only tell in hindsight whether the choices made were the right ones. I was also given a copy of a book by Lao Tze before the monk was chased off by aggressive chanters and bongo-drummers from a rival sect. Central London is weird. I think in business they should rather be reading Sun Tzu. Either one may or may not be applicable. Depends on your view. When the country is ruled with a light hand The people are simple. When the country is ruled with severity, The people are cunning. So, I will be cunning in light of this severity. ;) ... the stiff and unbending is the disciple of death. The gentle and yielding is the disciple of life. Thus an army without flexibility never wins a battle. A tree that is unbending is easily broken. The hard and strong will fall. The soft and weak will overcome. I prefer an inclusive peering policy instead of an exclusive one. I think it makes more sense in terms of building a quality network. But then, I don't make money selling high-bandwidth ip transit, so perhaps this is just my view of the peering elephant. -Chris -- \\\|||/// \ StarNet Inc. \Chris Parker \ ~ ~ / \ WX *is* Wireless!\ Director, Engineering | |\ http://www.starnetwx.net \ (847) 963-0116 oOo---(_)---oOo--\-- \ Wholesale Internet Services - http://www.megapop.net
RE: How to get better security people
Title: RE: How to get better security people A knowledgeable investor would ask your HR department a few questions: 1. Which half of the resume do you believe? 2. Is it really more economical to ignore half your talent than spend a little checking resumes? 3. What does it say about your company's ethics that you accept that all your employees are liars? but then you have to find that knowledgeable investor first... Just my 2ยข and in similar circumstances, -Al USAF Ret. -Original Message-From: James Smith [mailto:[EMAIL PROTECTED]]Sent: Tuesday, March 26, 2002 12:03 PMTo: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'Cc: '[EMAIL PROTECTED]'; '[EMAIL PROTECTED]'Subject: RE: How to get better security people -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 2:41 PM To: [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: RE: How to get better security people | The problem right now is if you advertise for a job, you will get | blasted with literally tens of thousands of resumes. What should I | be telling the HR department to look for? New careers. Sean. = That's the problem. Too many folks seeing the big money going to the tech weenies, and upon taking an MCSE boot camp, think they now qualify for a senior Admin/Security job. That and resume inflation, real or percieved. Too much noise in the system and inefective noise reduction methods... My resume is factual, and when I got out of the military, I was penalized by my first civilian employer. When I stated I could in fact set up a needed DNS, I was told they would hire it out. I asked why hire it out when I could do it. I was told, "we only believe half of any resume we get, and we don't think that you have the necessary experience." If setting up and running deleted.af.mil (now gone), and doing the very first deleted.af.mil DNS located on the base (complete with off-site secondaries), and running it until transitioned about a year later to the comm squadron folks I trained didn't count, then what did? Not bitter, though. Got a new employer... James H. Smith II NNCDS NNCSE Systems Engineer The Presidio Corporation
Re: Exodus/CW Depeering
On Tue, 26 Mar 2002, Hank Nussbacher wrote: In general, as companies and backbones merge and eliminate old ASNs, that would reduce the overall AS path length. This isn't something I really care to make a big argument of, but my point was that for many ISPs, the path will go from: SELF - EXODUS to: SELF - OTHER BACKBONE - CW for a net increase in average path length. That is, of course, a gross generalization. And not anything I'm trying to make a big point of. -Bill
RE: Exodus/CW Depeering
Okay, okay, when is someone going to start posting as Dean S. Moran? -Bill
RE: How to get better security people
-Original Message- From: LeBlanc, Jason What eBay does as a business is of little consequence to me, as a network engineer, though it seems they make pretty good decisions based on things I've seen in three years here. That fact came from someone who worked for them in Atlanta, was merely an idle comment meant to share a bit of information. The tone of your reply is a bit off. I'm sorry you feel that way, you misunderstood the tone of my reply. Your one-off assessment about eTrade (accented by your smirk about trading elsewhere) was wrong, and I was just pointing that out. To counter this is futile, as is continuing this thread. -Jim P.
RE: Exodus/CW Depeering
to end, the latency should improve. The majors/tier1s like ATT, UUnet, Genuity and CW provide SLAs end-to-end *within* their ASN. They control the pipes, they know what they can take and they don't have to worry about some overloaded peering link. So as consolidation takes place, we should see better latencies and better SLAs. --- One could also make the argument, that if the number of major players consolidates to say =4 [like ages past], the pressure the market will be able to place will be significantly reduced. The trend in oligopolies is managed competition, or competition limited to a few markets and no competition in smaller/less interesting markets. In otherwords, there won't be much reason for these companies to make significant or even progressive improvements to their SLAs. This is, of course, the devil's advocate position. Regards, Deepak Jain AiNET
Re: How to get better security people
Date: Tue, 26 Mar 2002 12:56:39 -0500 (EST) From: batz [EMAIL PROTECTED] (snip) Nimda and CodeRed were excellent indicators of how a good security policy can be a competetive edge during (increasingly common) global incidents. Hopefully we will see more security folks pressing this message, and more decision makes hearing it. Sun Tzu and Lao Tze in the 3967/3561 thread... ...anyone else read Demming or other TQM proponents? Visible numbers only syndrome is the problem with many people's attitudes toward security... I could name a local (Wichita) company that for the longest time was running IIS4 + SP5, vulnerable to the iishack buffer overrun. They stored their websites and company files on said machine. The goons^H^H^H^H^Hconsultants who set it up gave a big it's secure because it's NT -- look, it asks for passwords spiel that management bought. Even after one of their employees _demonstrated_ how an arbitrary person could break in. Response? We're not that big... nobody would be that interested in us. Warnings about random scans fell on deaf ears. Service patches were never applied. When some suspicious happenings left said server inoperable, they just installed Win2000 and went on, not caring what had happened or why. No, I was not the employee. A friend of mine worked there before getting fed up and quitting. If it works, it must be right, versus, It doesn't truly work unless it's right. I find it amusing how the same people keep who keep things under tight physical lock and key are so lax and apathetic about electronic security. As Demming said, People who buy on price alone deserve to get rooked. Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
RE: Exodus/CW Depeering
The universal service requirement is governmental protection for the incumbent. Or are you suggesting that the requirement for universal service is natural, rather than regulatory? Monopolies (there is nothing natural about them) are normal only when they are socially established and maintained. Thank you governmental economic planners for the frameworks in which each one of them has evolved. As always, you know best! Sean. | repeat after me Natural monopolies are normal in cerain environments, where | univeral service is required.
RE: Exodus/CW Depeering
The universal service requirement is governmental protection for the incumbent. Wrong answer again. The reason the majority of natural monopolies were established was the prolifiration of non-compatible systems. Or are you suggesting that the requirement for universal service is natural, rather than regulatory? One day an analyst after being impressed by the action in the trading room of what is currently known as Exxon asked his guide a question: - Are they hedging or speculating? His guide answered: Yes Monopolies (there is nothing natural about them) are normal only when they are socially established and maintained. Wrong answer. Natural monopoly is a term, which is a subject to definition accepted in economics, and not the interpretation offered by politicians. Socially esablished and maintained is a falacy subject to the interpretation offered by politicians, not accepted by economics. Thank you governmental economic planners for the frameworks in which each one of them has evolved. As always, you know best! Yes, in this case I clearly know better that those who started by whining about how government should let them service everywhere breaking natural monopolies, and later continued to whine that they did not understand the pricing models as their companies went belly up. Currently they are whining that the natural monopolies are to blame for their mistakes. It is, again, economics 101. It is supply and demand. Nothing more and nothing less. Availability of peering is subject to it. So is survival of companies using RED. Alex
RE: Exodus/CW Depeering
Did I miss something or did my email get subscribed to the wrong list somewhere?! Steve (no wise words.. except maybe never eat yellow snow.. worth remembering, could save your life one day..) On Tue, 26 Mar 2002, Sean M. Doran wrote: Three men are portrayed sipping a ladle filled from a vat of vinegar. One makes a sour face, because the de-peering policy flies in the face of what is proper and conventional -- abandoning the ancient ritual of zero-fee peering for small networks runs contrary to Confucianism. Another makes a bitter face, because the de-peering reminds him that the world is full of desires and disappointments and that there is an unending wheel of pain for small ISPs, that interferes with their transcendence into a state of sustainable profitability. This change in Exodus's peering policy runs contrary to Buddhism. The third is happy, jovial and smiling. Does he work for CW? Does he work for CW's competitors? Does he work for a government regulatory body? Is he a lawyer? Or perhaps he just accepts that changes in policies are the way of the world, and that fighting against them is futile -- it is better to uncloud one's mind and realize for that those working in harmony with the circumstances of peering politics, what people perceive as negative may in fact be positive. Sourness and bitterness come from the interfering and unappreciateve mind. This peering policy, change to a Taoist, is sweet, especially if one is a Taoist pundit, prognosticator, contract litigation lawyer or telecommunications regulator! Sean.
Re: Exodus/CW Depeering
Date: Tue, 26 Mar 2002 19:58:40 -0500 From: Richard A Steenbergen [EMAIL PROTECTED] In my experience, the odds of any given path sucking are far greater than the odds of that path going away. Therefore I would rather have one path which doesn't suck than two paths which may. ! route-map blah 100 match suckage high set local-pref 10 ! route-map blah 110 match suckage medium set local-pref 20 ! ! put rest of route map entries here Eddy Brotsman Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichita/(Inter)national Phone: +1 (785) 865-5885 Lawrence -- Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: Exodus/CW Depeering
At 07:58 PM 3/26/2002 -0500, Richard A Steenbergen wrote: On Tue, Mar 26, 2002 at 07:31:52PM -0500, Patrick W. Gilmore wrote: Are we talking AS_Path attributes here? If so, all this means is that now we don't announce OTHER BACKBONE routes to CW/EXODUS, which we probably weren't doing anyway. Actually, it also mean a reduction in the possible paths presented to my router for computation. Some would say this is a good thing. Me, I like having multiple choices / redundancy. Better to have two ways to get to EXDS than one. IMHO, of course. In my experience, the odds of any given path sucking are far greater than the odds of that path going away. Therefore I would rather have one path which doesn't suck than two paths which may. So would I. Doubt anyone would rather have two sucky paths than one good one. However, in my experience, I would rather have to chose between me - EXDS and me - upstream - EXDS, than be forced to use me - upstream - CW. Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras -- TTFN, patrick
FW: How to get better security people
Somehow eTrade's following response didn't make it to the list. I think it's important enough to resubmit it given the erroneous info posted earlier. -Jim P. -Original Message- From: David Rickling [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 6:02 PM To: 'LeBlanc, Jason'; 'Jim Popovitch'; 'Sean Donelan'; [EMAIL PROTECTED] Subject: RE: How to get better security people E*TRADE Financial has it's full complement of System and Network Security people still employed. The Director and Sr. Manager of the group have been with the Company for nearly five years and the average length of time within the group is 2 + years. E*TRADE Financial is dedicated to protecting it's customer assets and holds security is a core value for all associates. David Rickling Lead Network Engineer Network Architecture Integrations E*Trade Financial This e-mail is the property of E*TRADE Group, Inc. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify the sender by e-mail at [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] and telephone at (650)-331-5269. Please delete and destroy any copies of this e-mail. E*TRADE Group, Inc. 4500 Bohannon Drive Menlo, California 94025 -Original Message- From: LeBlanc, Jason [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 11:25 AM To: 'Jim Popovitch'; LeBlanc, Jason; 'Sean Donelan'; [EMAIL PROTECTED] Subject: RE: How to get better security people What eBay does as a business is of little consequence to me, as a network engineer, though it seems they make pretty good decisions based on things I've seen in three years here. That fact came from someone who worked for them in Atlanta, was merely an idle comment meant to share a bit of information. The tone of your reply is a bit off. -Original Message- From: Jim Popovitch [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 26, 2002 11:06 AM To: LeBlanc, Jason; 'Sean Donelan'; [EMAIL PROTECTED] Subject: RE: How to get better security people -Original Message- From: LeBlanc, Jason [EMAIL PROTECTED] On that note, Etrade layed off their entire net sec team a few months back. I don't trade there no more. ;) Let me guess, eBay is moving into securities trading next Your facts about eTrade are wrong, very wrong. -Jim P.
Re: FW: How to get better security people
On 03/26/02, Jim Popovitch [EMAIL PROTECTED] wrote: Somehow eTrade's following response didn't make it to the list. I think it's important enough to resubmit it given the erroneous info posted earlier. [ . . . ] This e-mail is the property of E*TRADE Group, Inc. It is intended only for the person or entity to which it is addressed and may contain information that is privileged, confidential, or otherwise protected from disclosure. Distribution or copying of this e-mail or the information contained herein by anyone other than the intended recipient is prohibited. If you have received this e-mail in error, please immediately notify the sender by e-mail at [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] and telephone at (650)-331-5269. Please delete and destroy any copies of this e-mail. *chuckle* -- J.D. Falk incekt once I typed sendmail -jd [EMAIL PROTECTED] and my hair turned blue.