Re: How to get better security people
On Wed, 3 Apr 2002, batz wrote: Personally, I would like to see a mixture of the MAPS RBL and aris.securityfocus.com available, where emerging hostile netblocks can be blackholed for short periods of time using attack information gathered from and coroborated by a vast array of diverse sources. Have a look at SAFE (url in sig). We detect smurf amplifiers and I'm currently looking at ways to export data to companies regarding large smurf amplifiers (x250 amplification) who refuse to close after X number of warnings. I expect it will run on a free, but subscribed + authenticated basis (ie, a company subscribes and gives the IP's of their DNs servers and those servers are authorized to do lookups, but script kiddies cannot). -- Avleen Vig Work Time: Unix Systems Administrator Play Time: Network Security Officer Smurf Amplifier Finding Executive: http://www.ircnetops.org/smurf
RE: Stealth p2p network in Kazaa and Morpheus?....
And I wanted to download files, but certainly did not want to unwittingly support a CDN. Maybe everyone will simply cease using the software. It certainly would set a nice example for other corporations implementing spyware, and other unsavory features. Regards, James On Wed, 3 Apr 2002, Chris Boyd wrote: grouch Maybe ISPs and carriers can file a class action suit against these guys for something. I wanted to run a network, not manage someone else's distributed server farm. /grouch -Original Message- From: Craig Holland [SMTP:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 6:35 PM To: Nanog@Merit. Edu Subject:Stealth p2p network in Kazaa and Morpheus? This was news to me, so I'm passing it along. Sorry if it's spam. Checked the archives, and didn't see anything to this affect. watch the wrap http://story.news.yahoo.com/news?tmpl=storyu=/cn/20020402/tc_cn/stealth_p 2p _network_hides_inside_kazaa
RE: Qwest Transit
On Wed, 3 Apr 2002, Steve Sobol wrote: I wouldn't touch Qwest, based on the Enron issue, if nothing else. I am pretty sure you can make a case that other Tier1s did the same thing. This isnt unique to Qwest or Enron. Christian - i am me, i dont write/speak for them
RE: How to get better security people
In a former life as well as my current one, we had a primary Information Security officer, and myself acting as corporate firewall engineer. I found that my own role was best performed as a network security conductor of the orchestra of sysadmins who actually built and operated our Internet systems. You build a mailing list and forward interesting stuff from CERT/CIAC/Bugtraq/etc; you try to keep everyone informed, and guide them along the way with reasonably well-stated firewall guidelines (I'll do this, I won't do that with some give-and-take, and a little heartache over the purity of the architecture). And you get involved with the business as much as you can to spread the network security gospel. At some level it becomes less of a pure technical security issue, and more a social engineering challenge. Ultimately, it's all about risk management, and minimizing your risk by maximizing the knowledge flow and relationships that you build within the company. I recognized that generally I knew more about network security and IP/TCP/UDP than the people running the systems, and at some level you only get so much system security given the knowledge of the folks involved. So you back it up with as much of a secure network environment as you can negotiate v.s. the needs of the business, and make sure that the top Security dog is on the same page as you are. Ultimately you'll have an incident in spite of your best efforts -- no matter how totalitarian you are in your security policies -- and the most important thing is to educate everyone about the factors driving the security architecture. Maybe you make fundamental changes in response to the incident, or maybe you just try to educate everyone a little better, but hopefully in either case learn something along the way. dp -Original Message- From: Sean Donelan [mailto:[EMAIL PROTECTED]] Sent: Tuesday, April 02, 2002 10:18 PM To: Christopher E. Brown Cc: NANOG Subject: Re: How to get better security people On Tue, 2 Apr 2002, Christopher E. Brown wrote: I think it comes down to being able to deal creatively with a lack of total control, and find ways to limit what you cannot eliminate. Security specialists can't be everywhere, can't do everything, and can't stop every bad thing. The reality is the people who have the biggest impact on security don't have security in their job title. Instead of a neighborhood watch do we need a network watch? While we need a few people with deep security knowledge, we also need to spread a thin layer of security pixie dust throughout the entire organization. Is it really a lack of control. While some security specilists carry a big stick, on most projects security is just one of many specialities required to work together. If you are a security specialist, just getting invited to a project before its finished is a major accomplishment.
gtld-servers returning multiple A records for a NS?
When did this start? dig uunet.com @a.gtld-servers.net ; DiG 8.3 uunet.com @a.gtld-servers.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 3, ADDITIONAL: 4 ;; QUERY SECTION: ;; uunet.com, type = A, class = IN ;; AUTHORITY SECTION: uunet.com. 2D IN NSNS.UU.NET. uunet.com. 2D IN NSUUCP-GW-1.PA.DEC.com. uunet.com. 2D IN NSUUCP-GW-2.PA.DEC.com. ;; ADDITIONAL SECTION: NS.UU.NET. 2D IN A 137.39.1.3 UUCP-GW-1.PA.DEC.com. 2D IN A 16.1.0.18 UUCP-GW-1.PA.DEC.com. 2D IN A 204.123.2.18 UUCP-GW-2.PA.DEC.com. 2D IN A 16.1.0.19 Regards, Matt -- Matt Levine @Home: [EMAIL PROTECTED] @Work: [EMAIL PROTECTED] ICQ : 17080004 AIM : exile PGP : http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x6C0D04CF The Trouble with doing anything right the first time is that nobody appreciates how difficult it was. -BIX
Re: gtld-servers returning multiple A records for a NS?
Once upon a time, Matt Levine [EMAIL PROTECTED] said: When did this start? snip ;; ADDITIONAL SECTION: UUCP-GW-1.PA.DEC.com. 2D IN A 16.1.0.18 UUCP-GW-1.PA.DEC.com. 2D IN A 204.123.2.18 Apparently, about a year ago at least: $ whois host UUCP-GW-1.PA.DEC.COM@whois.networksolutions.com [whois.networksolutions.com] snip legal crap [No name] (UUCP-GW-1) Hostname: UUCP-GW-1.PA.DEC.COM Address: 16.1.0.18 204.123.2.18 System: ? running ? Coordinator: Penza, Brett (SJ4172) [EMAIL PROTECTED] ACS Auxiliaries Group 116 Roddy Avenue South Attleboro, MA 02703-7974 508-399-6400 (FAX) 508-399-6047 Record last updated on 19-Apr-2001. Database last updated on 3-Apr-2002 12:31:00 EST. $ -- Chris Adams [EMAIL PROTECTED] Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: gtld-servers returning multiple A records for a NS?
When did this start? For uucp-gw-1.pa.dec.com, when I asked them to back in 1995 or so (I forget when I dual-homed uucp-gw-1, but that's the right ballpark). Stephen
Re: Qwest Transit
Bear in mind that the financial situation at Qwest is bad. Isn't that partially due to deals with Enron on which they misrepresented sales numbers? Partially, but not primarily. The lead front page article in the Wednesday WSJ is about how badly mismanaged Qwest is. The gist of it is that US West was a sleepy RBOC with mediocre management, then Qwest which was what one might call a dot.fiber bubble company bought US West with fluffy puffy stock, then its incredibly arrogant and not very skillful management ran the company into the ground. If you don't get the Journal, the online edition allows me to mail copies of articles to individuals, so write me if you want a copy. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
Re: Qwest Transit
On 4 Apr 2002, John R. Levine wrote: Partially, but not primarily. The lead front page article in the Wednesday WSJ is about how badly mismanaged Qwest is. The gist of it is that US West was a sleepy RBOC with mediocre management, then Qwest which was what one might call a dot.fiber bubble company bought US West with fluffy puffy stock, then its incredibly arrogant and not very skillful management ran the company into the ground. I didn't see the WSJ article, but as a non-trivial Qwest Customer I can attest to the fact that there are *serious* management issues within the US West half of Qwest. They were bad before qwest took them over. I hoped Qwest would have fixed things. Now they're worse. I've been trying to get a quote for a PVC on an ATM circuit from them for 6 months now.. Customer service is going downhill. They're laying off the competent employees. They're reorganizing every week. In the last year or so I've had at least 6 sales reps. Just as we get them started on our issues they get changed. We can't talk to anyone but our reps because we're large enough that we're too important of a customer and they want us only to go through our sales engineer. We have billing issues almost 2 years old which haven't been taken of. We have circuits which were requested to be disconnected which still are active and being billed. We have a hunt group at one site which they've been trying to fix the hunting on (or at least SAYING They are trying to fix the hunt on) for at least 4 months now. And on and on and on and on. We had a conference call with our new sales rep and a couple of other people such as billing specialists, etc. It took us well over an hour just to go through all the pending stuff. We will see if they actually get anything done. I've told their management that they have something seriously broken internally that they need to fix, and they have acknowledged it. I just suspect that Qwest management trying to fix what is broken with Qwest is kinda like someone who doesn't even know how to turn on a computer trying to fix a router. As a final insult, Qwest is trying to convince the FCC to give them LATA relief (which would be a mixed blessing for us), because they are getting beat up by the competition. I say, show me ANYONE who is competing with you and we'll switch tomorrow. - Forrest W. Christian ([EMAIL PROTECTED]) AC7DE -- The Innovation Machine Ltd. P.O. Box 5749 http://www.imach.com/Helena, MT 59604 Home of PacketFlux Technogies and BackupDNS.com (406)-442-6648 -- Protect your personal freedoms - visit http://www.lp.org/
Re: solutions to the Koran spam problem
On Wed, Apr 03, 2002 at 10:07:59PM -0500, [EMAIL PROTECTED] said: [snip] I know it's indefensible in principle, but even though I have books in Korean translation, I get no real mail from Korea so the collateral damage is for me is imperceptible. The rejection message includes a It's not indefensible (I assume this policy applies to you personally, and is not being applied to your customers). I arrived at the same conclusion some time back, and just modified my procmail setup so that any mail originating from .kr that hadn't already been caught by one of my list filters got sent to /dev/null. No defense is really necessary - it's your mail, and you don't have to accept anything from anybody you don't want to. And you certainly don't have to justify it to anybody. (regardless of fumings from the pro-open relay crowd out there ...) URL which explains why I don't receive mail from Korea, with an unblocked address to which one can write to get their network off the list. Needless to say, nobody's written. The list contains all APNIC I like that feature; I'll have to incorporate it into my own setup. That takes a bit of the B out of my (admittedly) BOFH setup. :) space assigned to Korea, plus any Korean ARIN space that's come to my attention due to getting spammed from it. I like this too - filtering on IP as opposed to domains listed in mail headers would be much more effective. If you'd like to experiment with a Korea-free mail system, you're welcome to use my blocking list called korea.services.net. I announced it on a few anti-spam lists last week and it's now getting about three hits per second. You can't do zone transfers, it's running rbldns, not bind, but if you use it a lot, we can figure out a way for you to get your own copy of the data. Since it's just for me personally, I probably will just look and learn. :) In case it's not obvious, I have nothing against Korea or Koreans except that their enthusiasm for wiring the country for Internet connections has so far severely outstripped their ability to manage what they've built. Clue will eventually trickle there as well. -- Scott Francis darkuncle@ [home:] d a r k u n c l e . n e t Systems/Network Manager sfrancis@ [work:] t o n o s . c o m GPG public key 0xCB33CCA7 illum oportet crescere me autem minui msg00617/pgp0.pgp Description: PGP signature
Re: solutions to the Koran spam problem
solutions to the Koran spam problem ^ tongue in cheek ok.. let's not blame EVERYTHING on muslims /tongue in cheek marc