Re: Non-GPS derived timing sources (was Re: NTp sources that workin a datacenter)
--On 06/01/2003 11:57:21 PM -0400 Sean Donelan wrote: On Sun, 1 Jun 2003, Marshall Eubanks wrote: Every major time service and most national standards labs maintain a set of clocks of comparable accuracy - US, UK, France, Germany, Russia, Japan, Australia, etc., so there is no shortage of timing info to compare it with. Actually my question wasn't so much about other national standards labs, but that almost every major Internet backbone worldwide seems to trace their time source to GPS. Maybe not that surprising for US/North American providers, but even non-american backbones seem to use GPS. To be clear, I'm not talking about individuals syncing things to lots of different clocks. Clock.ORG has lots of clock sources around the world. I'm talking about what network providers use. It was just one of those midnight projects a month or so ago, when I noticed my carefully balanced selection of tickers had slowly over the last few years all changed from other time sources to GPS. Probably not critical, but national standards labs have accidentily flipped the wrong switch in the past and done strange things to their time broadcasts. Yes, lots of people noticed, and it was fixed quickly. NTP has all this great logic for sanity checking time sources, but if they all come from the same origin, what happens? Sean, digging back through some old mail. This is one of those like asking where we would get water after the reservoir dam broke and flooded the town. The planes on GPS instrument approach are going to be much less happy than you are. How about those satellites that use GPS for attitude awareness. Or the rail anticollision systems that are now GPS based. If GPS time gets screwed, internet time is the least of our worries. Some of us remember the false ticker that caused the introduction of the NTP protection code. I don't think that anyone will ever build code like the fuzzball that stopped routing when the time got confused (although I guess I really shouldn't say that.) As for GPS jamming, it's easy to do on a local basis but hard to do on a widespread basis (unless you own the satellites.) For the accuracies that most people care about, dropping one stratum won't be the end of the world. Not too many people care about the microseconds (except us time geeks.) As for why everyone is switching to GPS time: it's cheap, it's much more accurate that anything else and it's available everywhere you can see a reasonable amount of the sky with no service charge. Other than that I can't see why people would do it. jerry
DNS announcement question
I have a question about the way DNS records are announced/handled. Thank you in advance for any insight into this, and I hope this isn't too far off topic for discussion here. Background: - I have a domain whose MX and DNS is handled by registrar ABC and I am moving that domain to registrar XYZ. - I have verified (via dig) the proper config on the new registrar. - This has nothing to do with donotcall.gov ;) Questions: 1) How does one registrar 'win out' over a second registrar when updating root servers? 2) How can I verify that the domain will be properly 'announced' to the root servers by the new registrar? -Jim P.
Re: DNS announcement question
You may wish to read up on domain names and DNS, you can probably google something up or heres the RFCs http://www.ietf.org/rfc/rfc1034.txt http://www.ietf.org/rfc/rfc1035.txt Your questions are off the mark somewhat, you must whois the domain to check you have the correct DNS servers the query (dig) the domain on that DNS to check its resolving what you want it to. On Sat, 28 Jun 2003, Jim Popovitch wrote: I have a question about the way DNS records are announced/handled. Thank you in advance for any insight into this, and I hope this isn't too far off topic for discussion here. Background: - I have a domain whose MX and DNS is handled by registrar ABC and I am moving that domain to registrar XYZ. - I have verified (via dig) the proper config on the new registrar. You are mixing the registrar and DNS functions, you need whois to determine the registrar's settings Questions: 1) How does one registrar 'win out' over a second registrar when updating root servers? Its a hierarchy, the root/gtld will have a set of authoratitive DNS servers for the domain, theres no propogation etc. So the answer is the DNS go to whatever the registrar has set the DNS servers to be 2) How can I verify that the domain will be properly 'announced' to the root servers by the new registrar? whois Steve -Jim P.
Re: DNS announcement question
On Sat, 28 Jun 2003, Stephen J. Wilcox wrote: 2) How can I verify that the domain will be properly 'announced' to the root servers by the new registrar? whois Well, kinda sorta. By far, most of the time whois is correct. However, this is gauranteed to tell you the actual situation: dig -t ns domain @a.gtld-servers.net Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
Re: DNS announcement question
On Sat, 28 Jun 2003, Andy Dills wrote: On Sat, 28 Jun 2003, Stephen J. Wilcox wrote: 2) How can I verify that the domain will be properly 'announced' to the root servers by the new registrar? whois Well, kinda sorta. By far, most of the time whois is correct. However, this is gauranteed to tell you the actual situation: dig -t ns domain @a.gtld-servers.net Granted :) I read the question in future tense, Ie I have requested this change, I dont see it yet, can I check they have altered the domain DNS servers hence you'd need whois
RE: DNS announcement question (take 2)
OK, I seem to have missed identifying a finer point. Both registrars (old and new) also host the DNS records for the domain (actually several domains). My question is which registrar (both are fully configured) will ultimately win at the root server, and how is this determined? The mail and web servers are up and running, and their IP addresses are not going to change. I just want to guarantee that when the account on registrar ABC is fully removed that registrar XYZ will begin DNS announcements to the root servers. Thank you for the responses so far, as well as the pointers to additional info/faq/rfc/etc. -Jim P. -Original Message- From: Jim Popovitch Sent: Saturday, 28 June, 2003 12:09 To: [EMAIL PROTECTED] Subject: DNS announcement question I have a question about the way DNS records are announced/handled. Thank you in advance for any insight into this, and I hope this isn't too far off topic for discussion here. Background: - I have a domain whose MX and DNS is handled by registrar ABC and I am moving that domain to registrar XYZ. - I have verified (via dig) the proper config on the new registrar. - This has nothing to do with donotcall.gov ;) Questions: 1) How does one registrar 'win out' over a second registrar when updating root servers? 2) How can I verify that the domain will be properly 'announced' to the root servers by the new registrar? -Jim P.
Re: DNS announcement question
On Saturday 28 June 2003, at 12:08, Jim Popovitch wrote: Questions: 1) How does one registrar 'win out' over a second registrar when updating root servers? It's important not to confuse registry services (in which a central registry of names and metadata is maintained by various authorised parties) and name service. They are related, but different. This confuses people, because single companies frequently provide both registry services and nameserver services. Here's a registry answer to your question: In the ICANN-model registry/registrar/registrant structure (which is used for most gTLDs and also, to varying degrees of approximation, by various ccTLDs) a single domain is sponsored by a single registrar. Only the sponsoring registrar is able to influence the way that the delegation for the domain is published in the registry's zone. The process of changing the sponsoring registrar is called a transfer operation, and is performed by either the losing or winning registrar at the request of the registrant. Here's a nameserver answer to your question: The parent (superordinate) zone will contain a delegation to a set of nameservers which corresponds to your domain name. The nameservers specified therein will be used by recursive resolvers to locate nameservers which are authoritative for your zone, in order to resolve queries which fall within your domain. Other nameservers may purport to speak authoritatively for your zone, but unless the delegation in the parent zone includes them in the NS set, a recursive lookup will not find them. 2) How can I verify that the domain will be properly 'announced' to the root servers by the new registrar? Here's a registry answer to this question: Find some way of querying the registry in question for your domain (for com/net domains, you might try using whois against whois.crsnic.net; in general, for registry zone $z you can take advantage of Centergate's very useful whois-servers.net domain and try a whois query against $z.whois-servers.net). You should see some indication of the sponsoring registrar, and other metadata which you can verify. [EMAIL PROTECTED] whois -h org.whois-servers.net isc.org ... tedious legal rambling... Domain ID:D2338103-LROR Domain Name:ISC.ORG Created On:04-Apr-1994 04:00:00 UTC Last Updated On:05-Mar-2002 02:24:11 UTC Expiration Date:05-Apr-2004 04:00:00 UTC ... etc, etc Here's a nameserver answer to your question: Check the parent zone for the delegation, and ensure that your domain has been delegated to the right nameservers. To do that, find a nameserver which is authoritative for the parent zone and send it a query for a name under your domain. For added credit, don't request recursion when you send the query. [EMAIL PROTECTED] dig ns org. ; DiG 8.3 ns org. ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 4 ;; flags: qr rd ra; QUERY: 1, ANSWER: 9, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; org, type = NS, class = IN ;; ANSWER SECTION: org.5d23h59m51s IN NS L7.NSTLD.COM. org.5d23h59m51s IN NS M5.NSTLD.COM. org.5d23h59m51s IN NS A7.NSTLD.COM. org.5d23h59m51s IN NS C5.NSTLD.COM. org.5d23h59m51s IN NS E5.NSTLD.COM. org.5d23h59m51s IN NS F7.NSTLD.COM. org.5d23h59m51s IN NS G7.NSTLD.COM. org.5d23h59m51s IN NS I5.NSTLD.COM. org.5d23h59m51s IN NS J5.NSTLD.COM. ;; Total query time: 2 msec ;; FROM: buffoon.automagic.org to SERVER: default -- 127.0.0.1 ;; WHEN: Sat Jun 28 13:13:53 2003 ;; MSG SIZE sent: 21 rcvd: 183 [EMAIL PROTECTED] dig @l7.nstld.com isc.org SOA +norecurse ; DiG 8.3 @l7.nstld.com isc.org SOA +norecurse ; (1 server found) ;; res options: init defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 28750 ;; flags: qr; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 0 ;; QUERY SECTION: ;; isc.org, type = SOA, class = IN ;; AUTHORITY SECTION: isc.org.2D IN NSNS-EXT.VIX.COM. isc.org.2D IN NSNS1.GNAC.COM. ;; Total query time: 16 msec ;; FROM: buffoon.automagic.org to SERVER: l7.nstld.com 192.41.162.36 ;; WHEN: Sat Jun 28 13:14:05 2003 ;; MSG SIZE sent: 25 rcvd: 76 [EMAIL PROTECTED] If the DNS speak in this message scares you, then either don't worry about it or buy and digest the Cricket book (DNS and BIND, ISBN 0596001584). It's very readable and easy to follow, even with little or no prior knowledge of the DNS. Joe
RE: DNS announcement question (take 2)
On Sat, 28 Jun 2003, Jim Popovitch wrote: OK, I seem to have missed identifying a finer point. You need to reread/do that google, you're mistaken in your understanding on what is happening.. Both registrars (old and new) also host the DNS records for the domain (actually several domains). My question is which registrar (both are fully configured) will ultimately win at the root server, and how is this determined? There is no 'win' it is whichever set of DNS servers are configured on that domain which is why I say do a whois on it and you will see. The only time your old registrar can do something similar to 'winning' is if they keep old records on their network and users local to their network (customers) use their DNS with their wrong data, that is the only time tho and most ISPs run different DNS servers for domain hosting to the ones customers use so this scenario wouldnt occur at all The mail and web servers are up and running, and their IP addresses are not going to change. I just want to guarantee that when the account on registrar ABC is fully removed that registrar XYZ will begin DNS announcements to the root servers. Ensure the whois reports the new DNS servers and ensure the new DNS servers give the correct response! Steve Thank you for the responses so far, as well as the pointers to additional info/faq/rfc/etc. -Jim P. -Original Message- From: Jim Popovitch Sent: Saturday, 28 June, 2003 12:09 To: [EMAIL PROTECTED] Subject: DNS announcement question I have a question about the way DNS records are announced/handled. Thank you in advance for any insight into this, and I hope this isn't too far off topic for discussion here. Background: - I have a domain whose MX and DNS is handled by registrar ABC and I am moving that domain to registrar XYZ. - I have verified (via dig) the proper config on the new registrar. - This has nothing to do with donotcall.gov ;) Questions: 1) How does one registrar 'win out' over a second registrar when updating root servers? 2) How can I verify that the domain will be properly 'announced' to the root servers by the new registrar? -Jim P.
has anyone notice this ?
howdy folks, just wondering has anyone noticed http access issue (the page cannot be displayed) on time warner network ? i literally have to try 5 to 6 times to get to the page. i believe this problem just started a week or so back. i've even talked to few other people on socal.rr.com network and they are experiencing similar problems. is this socal.rr.com related or other regions are expediting same problems too. time warner's network status page shows everything is okay. regards, /vicky
Re: announcing ix-chicago - Chicago area Internet exchange list
Thanks, John. I appreciate it. As participants at AADS, StarLight, and StarTAP, I feel that this will be a significant enhancement to communication among th participants. Now, if we can just convince the AADS management to use the list... -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634
Re: has anyone notice this ?
On Sat, 28 Jun 2003, Vicky Rode wrote: just wondering has anyone noticed http access issue (the page cannot be displayed) on time warner network ? i literally have to try 5 to 6 times to get to the page. i believe this problem just started a week or so back. It would be easier to troubleshoot if you used a browser that returned a meaningful error message. The page could not be found could be just about anything. DNS, routing, broken link, etc. Also, you don't indicate if you're a Time Warner customer trying to reach web sites elsewhere or a non-customer trying to reach sites on the Time Warner network. Your IP address or ISP's network and the URL of the site you're trying to reach, for example. i've even talked to few other people on socal.rr.com network and they are experiencing similar problems. is this socal.rr.com related or other regions are expediting same problems too. time warner's network status page shows everything is okay. It really depends on the nature of the failure. More information is needed. Have you queried the Time Warner support staff? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Over three million computers 0wned?
http://www.vnunet.com/News/1141901 Trustcorps claims it has scientific and anecdotal resaerch supporting its conclusion that over three million computers are owned by malicious groups. On the other hand, Information Risk Management questioned how any one person could own hundreds of computers at any one time. And systems are often not owned by a single group, but exploited by multiple groups Like most statistics, the truth is probably a little harder to find, and a little bit scarier. The FBI estimates a car is stolen every 27 seconds somewhere in the US. In 2000, FBI Uniform Crime Report statistics showed that 1,165,559 cars were stolen; with an estimated value of $7.8 Billion. Police apprehend less than 15% of all auto thieves. Unfortunately this computer crime doesn't fit the FBI crime reporting statistics well. Vandalism of Property? Is the cracking of computers happening more or less often than car theft?
Re: Over three million computers 0wned?
Hey, Sean. ] Trustcorps claims it has scientific and anecdotal resaerch supporting its ] conclusion that over three million computers are owned by malicious ] groups. Interesting. ] On the other hand, Information Risk Management questioned how any one ] person could own hundreds of computers at any one time. And systems are ] often not owned by a single group, but exploited by multiple groups How could one person own hundreds of computers at any one time? Since several individuals own thousands, tens of thousands, and even (low) hundreds of thousands of systems at any one time, I suppose the reason they don't own hundreds is because that isn't enough. :/ ] Like most statistics, the truth is probably a little harder to find, and ] a little bit scarier. Indeed. Thanks, Rob. -- Rob Thomas http://www.cymru.com ASSERT(coffee != empty);
RE: has anyone notice this ?
Hi Jay, see comments in-line: -Original Message- From: Jay Hennigan [mailto:[EMAIL PROTECTED] Sent: Saturday, June 28, 2003 4:09 PM To: Vicky Rode Cc: [EMAIL PROTECTED] Subject: Re: has anyone notice this ? On Sat, 28 Jun 2003, Vicky Rode wrote: just wondering has anyone noticed http access issue (the page cannot be displayed) on time warner network ? i literally have to try 5 to 6 times to get to the page. i believe this problem just started a week or so back. It would be easier to troubleshoot if you used a browser that returned a meaningful error message. The page could not be found could be just about anything. DNS, routing, broken link, etc. --- vickyr i even tried the same thing under linux---mozilla and i get site name not found which i believe is less meaningful than ie :) Also, you don't indicate if you're a Time Warner customer trying to reach web sites elsewhere or a non-customer trying to reach sites on the Time Warner network. Your IP address or ISP's network and the URL of the site you're trying to reach, for example. - vickyr i'm a time warner end-user trying to access outside world which could be anything. i've even talked to few other people on socal.rr.com network and they are experiencing similar problems. is this socal.rr.com related or other regions are expediting same problems too. time warner's network status page shows everything is okay. It really depends on the nature of the failure. More information is needed. Have you queried the Time Warner support staff? --- vickyr yes i have and they think it could be the cable modem box and have issued a replacement. i sure hope they have a good stock because vickyr i know whole bunch of people who are having similar problems. maybe its time to buy some 3com stocks :) regards, /vicky -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: has anyone notice this ?
quote who=Vicky Rode vickyr i'm a time warner end-user trying to access outside world which could be anything. [SNIP] vickyr yes i have and they think it could be the cable modem box and have issued a replacement. i sure hope they have a good stock because i know whole bunch of people who are having similar problems. maybe its time to buy some 3com stocks :) A twisted or crumpled up ethernet cable can sometimes impede the flow of ones and zeros. Often looping up extra slack in your cat-5 can prove catastrophic for the free flow of electrons down the pipe. Ahh...Saturday (PDT)... -davidu David A. Ulevitch -- http://david.ulevitch.com http://everydns.net -+- http://communitycolo.net Campus Box 6957 + Washington University in St. Louis
RE: DNS announcement question (take 2)
Sounds like you might need to increase the local preference on the new registrar. OK, back to being serious, they don't announce to the root server. The registered nameservers (belonging to the registrar in your case, but in many other cases belonging to an ISP/NSP/WHP) answer queries made by the resolvers of millions of happy end viewers. The TLD servers (a level below the root servers) will at some point begin referring questions about your domain name(s) to the new nameservers (belonging to the new registrar). Some of those resolvers out and about the Internet will have cached the reference to the old nameservers for 1-2 days, but will eventually forget that and be told to ask the new nameservers. Try the O'Reilly book on DNS and BIND; the mud will become clear as spring water. Pete Templin IP Network Engineer Tex-Link Communications [EMAIL PROTECTED] (210) 892-4183 -Original Message- From: Jim Popovitch [mailto:[EMAIL PROTECTED] Sent: Saturday, June 28, 2003 12:18 PM To: [EMAIL PROTECTED] Subject: RE: DNS announcement question (take 2) OK, I seem to have missed identifying a finer point. Both registrars (old and new) also host the DNS records for the domain (actually several domains). My question is which registrar (both are fully configured) will ultimately win at the root server, and how is this determined? The mail and web servers are up and running, and their IP addresses are not going to change. I just want to guarantee that when the account on registrar ABC is fully removed that registrar XYZ will begin DNS announcements to the root servers. Thank you for the responses so far, as well as the pointers to additional info/faq/rfc/etc. -Jim P. -Original Message- From: Jim Popovitch Sent: Saturday, 28 June, 2003 12:09 To: [EMAIL PROTECTED] Subject: DNS announcement question I have a question about the way DNS records are announced/handled. Thank you in advance for any insight into this, and I hope this isn't too far off topic for discussion here. Background: - I have a domain whose MX and DNS is handled by registrar ABC and I am moving that domain to registrar XYZ. - I have verified (via dig) the proper config on the new registrar. - This has nothing to do with donotcall.gov ;) Questions: 1) How does one registrar 'win out' over a second registrar when updating root servers? 2) How can I verify that the domain will be properly 'announced' to the root servers by the new registrar? -Jim P.
RE: Over three million computers 0wned?
It would be interesting to know if the FBI or any other group can characterize how many computers are 0wn3d per minute. Then, of those computers, how many remain 0wn3d indefinitely? Marc Trustcorps claims it has scientific and anecdotal resaerch supporting its conclusion that over three million computers are owned by malicious groups. The FBI estimates a car is stolen every 27 seconds somewhere in the US. In 2000, FBI Uniform Crime Report statistics showed that 1,165,559 cars were stolen; with an estimated value of $7.8 Billion. Police apprehend less than 15% of all auto thieves.
RE: has anyone notice this ?
Hi David, i'm just couple feet away from my box. i'm currently using wireless and even tried wired with same results. the fact others are experiencing similar problems makes me believe the problem could be on time warner end, possible caching issue. regards, /vicky -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of David A. Ulevitch Sent: Saturday, June 28, 2003 6:03 PM To: [EMAIL PROTECTED] Subject: RE: has anyone notice this ? quote who=Vicky Rode vickyr i'm a time warner end-user trying to access outside world which could be anything. [SNIP] vickyr yes i have and they think it could be the cable modem box and have issued a replacement. i sure hope they have a good stock because i know whole bunch of people who are having similar problems. maybe its time to buy some 3com stocks :) A twisted or crumpled up ethernet cable can sometimes impede the flow of ones and zeros. Often looping up extra slack in your cat-5 can prove catastrophic for the free flow of electrons down the pipe. Ahh...Saturday (PDT)... -davidu David A. Ulevitch -- http://david.ulevitch.com http://everydns.net -+- http://communitycolo.net Campus Box 6957 + Washington University in St. Louis
Re: Over three million computers 0wned?
Sean Donelan wrote: http://www.vnunet.com/News/1141901 Trustcorps claims it has scientific and anecdotal resaerch supporting its conclusion that over three million computers are owned by malicious groups. Well, it isn't as if that article really had many of the details that were meaningful. I decided to go right to the source (www.trustcorps.com) and see what they had to say. Beyond seeing that they were yet another web site that looks great iff you are using IE, I found almost NO substance. I visited the Press Room, and the News items, and even the archives thereof. Nothing there (at least not those claims). Ok, so maybe they haven't put it on their web site yet. Still, I suppose someone made those claims, and I think they deserve a little examination. On the other hand, Information Risk Management questioned how any one person could own hundreds of computers at any one time. And systems are often not owned by a single group, but exploited by multiple groups Well, no one here is truly defining what owned implies. I know what a ruckus it kicked up here on NANOG when the first truly distributed denial of service hit eBAy (or was it Yahoo???). No matter. That was no where near three million computers, but it certainly didn't require a lot of control to qualify as control, or a lot of ownership to qualify as owned. I'm amused at the thought that so-called hacker groups are in any way coordinated, or working together, other than a few here and there (and more for monetary gain than fame and glory). Three million? Sure, I believe, if you stretch the definition thin enough, that three million is quite believable. Organized in any way? Nonsense. Sheer, utter, mind-numbing nonsense. If it weren't for the tremendous amount of software out there that makes it EASY to take over machines (and I include every single default install of every single OS that enables anything more than port 22), if it weren't for the stunning array of folk who think that expediency is valuable, and ethics malleable, if it weren't for the vast populace that just wants pabulum, and padded cells, none of this would be possible. Trust me. The only bad guys that are organized are the ones who are after $$$, and they have absolutely no need to control three million computers. One or two is plenty, and for just long enough. The idea that there is a vast underground of pimply-faced teenagers just waiting to control the world would be laughable, were it not for the continued commercial assaults that insist it is so. Unfortunately this computer crime doesn't fit the FBI crime reporting statistics well. Vandalism of Property? Is the cracking of computers happening more or less often than car theft? Car theft is clear. Someone takes your car, and then you don't have it. When someone compromises your computer(s), what do you lose? What do they gain? It's a very unclear question. -- I apologize; I take it all back. MS Exchange is RFC-compliant. See RFC 1925, point three. http://www.faqs.org/rfcs/rfc1925.html
Re: Over three million computers 0wned?
Even if 3mil machines are actively and currently compromised, of all reachable hosts on the Internet, it would not be unreasonable to assume that %80 or more are vulnerable to remote compromise in some way. That number is speculative, but most estimates from consutling firms are much higher. (Based on hundreds if not thousands of penetration tests against corporate networks with a %90+ success rate). So of all possible 0wnable machines (including those without basic anti-virus protection) I would personally speculate that the 3mil is a pretty low estimate. What these sort of stats mean is that ultimately, the Internet is not in a state in which security controls can easily be added, mostly because of the high degree of autonomy and relatively low level of sophistication of each host and user on the network. The other reality of this is that even if hackers aren't directly in control of that most machines, it would not be inaccurate to say that due to the intrinsic risks in being connected, users aren't really in control of their systems either. Security tools are the same as any other software in that they are controls that you add to a system to optimize it and extract value from it. These studies show that there is still lots of room for optimization (read: buy their software) and the implication that there is value in those optimizations. So yeah, buy more software. ;) -- Jamie.Reid, CISSP, [EMAIL PROTECTED] Senior Security Specialist, Information Protection Centre Corporate Security, MBS 416 327 2324 Sean Donelan [EMAIL PROTECTED] 06/28/03 07:09pm http://www.vnunet.com/News/1141901 Trustcorps claims it has scientific and anecdotal resaerch supporting its conclusion that over three million computers are owned by malicious groups. On the other hand, Information Risk Management questioned how any one person could own hundreds of computers at any one time. And systems are often not owned by a single group, but exploited by multiple groups Like most statistics, the truth is probably a little harder to find, and a little bit scarier. The FBI estimates a car is stolen every 27 seconds somewhere in the US. In 2000, FBI Uniform Crime Report statistics showed that 1,165,559 cars were stolen; with an estimated value of $7.8 Billion. Police apprehend less than 15% of all auto thieves. Unfortunately this computer crime doesn't fit the FBI crime reporting statistics well. Vandalism of Property? Is the cracking of computers happening more or less often than car theft? !DOCTYPE HTML PUBLIC -//W3C//DTD HTML 4.0 Transitional//EN HTMLHEAD META http-equiv=Content-Type content=text/html; charset=iso-8859-1 META content=MSHTML 6.00.2800.1106 name=GENERATOR/HEAD BODY style=MARGIN-TOP: 2px; FONT: 8pt Tahoma; MARGIN-LEFT: 2px DIVFONT size=1/FONTnbsp;/DIV DIVFONT size=1Even ifnbsp;3mil machines are actively and currently compromised, /FONT/DIV DIVFONT size=1of all reachable hosts on the Internet, /FONTFONT size=1it would not be unreasonable/FONT/DIV DIVFONT size=1to assume that %80 or more are vulnerable to remote compromise /FONT/DIV DIVFONT size=1in some way.nbsp; That number is speculative, but most estimates from /FONT/DIV DIVFONT size=1consutling firms are much higher. (Based on hundreds if not/FONT/DIV DIVFONT size=1thousands of penetration tests against corporate networks with /FONT/DIV DIVFONT size=1a %90+ success rate). /FONT/DIV DIVFONT size=1/FONTnbsp;/DIV DIVFONT size=1So of all possible 0wnable machines (including those without basic /FONT/DIV DIVFONT size=1anti-virus protection)nbsp;I would personally speculate that /FONTFONT size=1the 3mil is /FONT/DIV DIVFONT size=1a pretty low estimate. /FONT/DIV DIVFONT size=1/FONTnbsp;/DIV DIVFONT size=1What these sort of stats mean is that ultimately, the Internet is not /FONT/DIV DIVFONT size=1in a state in which security controls can easily be added, mostly because/FONT/DIV DIVFONT size=1of the high degree of autonomy and relatively low level of sophistication/FONT/DIV DIVFONT size=1of each host and user on the network. The other reality of this is that /FONT/DIV DIVFONT size=1even if hackers aren't directly in control of that most machines, it would/FONT/DIV DIVFONT size=1not be inaccurate to say that due to the intrinsic risks in being connected, /FONT/DIV DIVFONT size=1users aren't really in control of their systems either.nbsp; /FONT/DIV DIVFONT size=1/FONTnbsp;/DIV DIVFONT size=1Security tools are the same as any other software in that they are controls/FONT/DIV DIVFONT size=1that you add to a system to optimize it and extract value from it. These studies/FONT/DIV DIVFONT size=1show that there is still lots of room for optimization (read: buy their software) /FONT/DIV DIVFONT size=1and the implication that there is value in those optimizations.nbsp; /FONT/DIV DIVFONT size=1/FONTnbsp;/DIV DIVFONT size=1So yeah, buy more software. ;)/FONT/DIV DIVBRnbsp;/DIV DIVnbsp;/DIV DIV--BRJamie.Reid, CISSP, A
RE: has anyone notice this ?
Have you tried using DNS servers other than the ones supplied by your ISPs DHCP server? Todd -- | -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of | Vicky Rode | Sent: Saturday, June 28, 2003 9:57 PM | To: David A. Ulevitch; [EMAIL PROTECTED] | Subject: RE: has anyone notice this ? | | | Hi David, | | i'm just couple feet away from my box. i'm currently using wireless and | even | tried wired with same results. the fact others are experiencing similar | problems makes me believe the problem could be on time warner end, | possible | caching issue. | | | | regards, | /vicky | | | | -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of | David A. Ulevitch | Sent: Saturday, June 28, 2003 6:03 PM | To: [EMAIL PROTECTED] | Subject: RE: has anyone notice this ? | | | | | quote who=Vicky Rode | vickyr i'm a time warner end-user trying to access outside world | which could be anything. | | [SNIP] | | vickyr yes i have and they think it could be the cable modem box | and have issued a replacement. i sure hope they have a good stock | because i know whole bunch of people who are having similar problems. | maybe its time to buy some 3com stocks :) | | A twisted or crumpled up ethernet cable can sometimes impede the flow of | ones and zeros. Often looping up extra slack in your cat-5 can prove | catastrophic for the free flow of electrons down the pipe. | | Ahh...Saturday (PDT)... | | -davidu | | |David A. Ulevitch -- http://david.ulevitch.com | http://everydns.net -+- http://communitycolo.net | Campus Box 6957 + Washington University in St. Louis | | |
Re: Over three million computers 0wned?
On Sat, 28 Jun 2003 19:04:25 PDT, Etaoin Shrdlu [EMAIL PROTECTED] said: I include every single default install of every single OS that enables anything more than port 22), Speaking of which, a heads-up... Jay Dyson was reporting on the [EMAIL PROTECTED] mailing list that he's seeing an upswing in scans for ssh. There's no big spike over on incidents.org, but there was a comparative quiet for the last few weeks and higher activity last 2-3 days pgp0.pgp Description: PGP signature
RE: has anyone notice this ?
On Sat, 28 Jun 2003, Vicky Rode wrote: It would be easier to troubleshoot if you used a browser that returned a meaningful error message. The page could not be found could be just about anything. DNS, routing, broken link, etc. --- vickyr i even tried the same thing under linux---mozilla and i get site name not found which i believe is less meaningful than ie :) No such domain is the Mozilla response. This points to a DNS issue, which is more useful than Page could not be displayed. What does dig give you for the domain? How about dig with a different name server specified? Also, you don't indicate if you're a Time Warner customer trying to reach web sites elsewhere or a non-customer trying to reach sites on the Time Warner network. Your IP address or ISP's network and the URL of the site you're trying to reach, for example. - vickyr i'm a time warner end-user trying to access outside world which could be anything. Nag their tech support. Have you queried the Time Warner support staff? --- vickyr yes i have and they think it could be the cable modem box and have issued a replacement. i sure hope they have a good stock because vickyr i know whole bunch of people who are having similar problems. It's those Warner Brothers Acme brand modems. Same outfit that makes all of Wile E.s stuff. It's probably also an Acme nameserver. Seriously, you should use some other tools such as name lookup to find the IP address of the site in question. If it fails with their default resolvers, try a different resolver. Then see if you can get to the site (or a default site on the same server) by IP address, use traceroute, etc. maybe its time to buy some 3com stocks :) If a whole bunch of people are having the same issue and they're all on Time Warner in your neck of the woods, it probably isn't the cable modem hardware. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Newbie network upgrade question, apologies in advance to NANOG
NANOG: This message was posted originally on the isp-bgp list, and I was told that it should have been posted on one of the network operator lists or a Cisco list if I really wanted advice on Cisco equipment from veteran network operators who have used this equipment extensively in the past for this application. Please, forgive me if this is not appropriate, but I hope that you will consider it appropriate and not flame me for my ignorance Mary Grace! *** Thank you most graciously for the incredible knowledge that God has given you, and to everyone that has responded so generously to this message that we posted this past week, regarding routers for T3 circuits! I am thankful to you all for sharing your knowledge in response to such a newbie question that I was almost ashamed to ask of you. Since the last email, Mother Superior has talked to our generous contributor from the company who is a T3 circuit provider, and explained this list's advice regarding how it was such a mismatch between a T3 in one port and a T1 in the other and how BGP isn't really designed to perform well in a multi-homed situation with such a large difference in bandwidth between the two ports. Thanks to your advice, and the wisdom of our MS, the provider has agreed to donate to our small teaching seminary and convent TWO DS3/T3 45 Mb/s point-to-point HDLC circuits, homed into two different exchange points in two different major cities (NAPs). So, is it still true that we do not need anything more powerful than a 4500 or 4700 to run this system? I believe that is true if we take default routes advertised by the upstream on both sides, and the two diverse-path circuits ARE being advertised out of the same upstream AS, but is it still true if we were nuts enough to want to take full routes anyway from this same provider? And why would we even want to take full routes? It is true that, despite the gracious gift of the two DS3 circuits, we don't have much money to buy a router and so we want to find our what Cisco part numbers are needed for whichever model will support two DS3/T3 and one or two 100base ethernet connections into our internal IP space. Thanks again, and may God bless you all in many rich ways :-) Your most thankful and humble servant before God, Mary Grace At 03:45 PM 6/24/03 -0700, Mike wrote: Yeah, but 3600's are at least 3-4x more expensive than a 4500 or 4700. Mike On Wed, 18 Jun 2003, Brian Thoman wrote: :| Date: Wed, 18 Jun 2003 10:48:26 -0400 :| From: Brian Thoman [EMAIL PROTECTED] :| Reply-To: [EMAIL PROTECTED] :| To: [EMAIL PROTECTED] :| Subject: [isp-bgp] Re: Newbie Cisco upgrade question, :| apologies in advance:-) :| :| Wouldn't a 3640 or 3660 off of eBay do the same trick? We ran two DS3's off a 3640 for a while with maxed out RAM. It worked for us. :| :| -- Original Message -- :| From: Mike [EMAIL PROTECTED] :| Reply-To: [EMAIL PROTECTED] :| Date: Tue, 17 Jun 2003 00:18:40 -0700 (PDT) :| :| If you're looking for really inexpensive, and don't need full routes, get :| a 4500/4700 and put a HSSI card in it. With an external CSU, and cable, :| you could probably get the whole package for $600-750 on ebay. :| :| Otherwise, I would suggest looking at a 7100 series (7120 or 7140) with a :| built in DS-3 port (or two). Those can be had for dirt cheap on ebay. They :| have all the processing power of a comparable 7200, but they're a :| smaller form factor and don't have as many port adapter slots (which it :| doesn't sound like you need, anyhow). :| :| Mike :| :| :| On Mon, 16 Jun 2003, E.B. Dreger wrote: :| :| :| Date: Mon, 16 Jun 2003 21:54:12 + (GMT) :| :| From: E.B. Dreger [EMAIL PROTECTED] :| :| Reply-To: [EMAIL PROTECTED] :| :| To: [EMAIL PROTECTED] :| :| Subject: [isp-bgp] Re: Newbie Cisco upgrade question, :| :| apologies in advance :-) :| :| :| :| MG Date: Sat, 14 Jun 2003 20:43:03 -0400 :| :| MG From: Mary Grace :| :| :| :| :| :| MG Our tiny little non-profit religious network has been using a pair of T1 :| :| MG lines running BGP4 for multihoming to two diverse-path upstream ASNs for :| :| MG many years now. We have our own portable IP address space and ASN (of :| :| MG course), and have just decided to install our first DS3, because a new :| :| :| :| I think that's the first tiny little non-profit religious :| :| network I've ever heard of that had/needed that kind of :| :| bandwidth. You could run a moderate ISP using that... :| :| :| :| :| :| MG upstream is offerring us $30 per month per meg port for a full :| :| MG HDLC-encapsulated point-to-point DS3 (yippee!). :| :| MG :| :| MG Our quandary is where to go to ask people with lots of clue on BGP4/eBGP to :| :| MG tell us what the least expensive Cisco router we must buy to replace the :| :| MG tired little 2600 series we currently have. The router, which need not be :| :| MG as race-car fast as a 7206VXR