Re: Even you can be hacked
On Thu, Jun 10, 2004, David Schwartz wrote: Take some responsibility. How does a person with a DSL line at home take responsibilty if he's away for a month? Is he supposed to hire someone? The same way I did it when I went on holiday. I turned off the DSL router. Adrian -- Adrian ChaddI'm only a fanboy if [EMAIL PROTECTED] I emailed Wesley Crusher.
RE: Even you can be hacked
It all depends upon what the agreement between the customer and the ISP says. It's no unreasonable for the ISP to 'insure' the customer against risks he isn't able to mitigate which the ISP is, even if that means shutting off his service. True, to some extent, but... If someone blows up my water line and $1,000,000 worth of water is wasted, I don't think the water company is going to expect me to pay for it. This is especially true if the water company knew about the leak, could have done something to mitigate it, and failed to do so. Even if that means shutting off my water, that's what I'd expect them to do, shut it off until someone fixes it. Interesting theory. I don't expect that. I expect the water company to tell me how to shut off my water, or, possibly offer to come out and shut off my water for a fee. I don't expect them to turn the water off just to protect me from an outrageous bill if the problem is on my portion of the line. I do expect them to shut off your line when it blows up if it is causing a pressure drop which is affecting other customers, whether you want them to or not. Most of the people on this list see things from the ISP's perspective. However, step back a bit and see it from the user's perspective. Do you expect to pay for phone calls you didn't make or do you expect the person whose deliberate conscious action caused those calls to be made? Do you expect to be responsible for patrolling your electric lines to make sure someone hasn't plugged into your outside outlets? Well, as the step-parent of two teenage daughters, both of whom have cell phones purchased for them by my wife, I routinely pay for telephone calls I didn't make with no hope of getting said teenagers to ever pay the bill. I certainly don't expect the electric company to patrol my outside electrical outlets, and, yes, when someone plugged into one of mine, I did get billed by the power company. Why should they pay for it? They delivered the electricity to me. What I did with it afterwards (in this case, giving it to someone else I didn't expect or condone) is my problem. For most classes of service, it makes the most sense to only charge the customer for the traffic he wants and have the ISP take the responsibility for dealing with attacks to the extent they can do so. This is because the customer can't afford to hire a full time person to guard his always-on DSL connection while he's away for two weeks but his ISP can. This may mean that you're disconnected until they can coordinate with you -- such is life. If the customer is sending the traffic to the ISP (the issue in this case), then the ISP has no ability to drop the traffic before it arrives at the ISP router. The ISP, in this case, acted responsibly and informed the customer of their problem. They were even gracious enough to give the customer credit for some period of time. The ISP in this case did not control the CPE, it was the customer's CPE. As such, the customer is responsible for maintaining and configuring the CPE to do any desired blocking. Just be aware, your customers may not have the same expectations you do, and you should make your understanding *very* clear to your customers in your contracts. I don't make anything for customers in contracts... We have a sales department and a legal department that do that. I make routers deliver packets, and, sometimes, I even have to make routers not deliver packets. Sometimes, I help sales and legal figure out how to explain things to customers. Once in a while, I help them clarify that in the contract. Fortunately, for the most part, I run routers, not contracts. I like it better that way. However, I will say that the customers I have dealt with on the technical level have generally expected us to deliver packets, and, expected to pay for packets we deliver according to their agreement. When they ask us to block something, we do, but, I have never had a customer expect not to pay for their infected system AFTER we told them they were spewing. YMMV, Owen -- If it wasn't crypto-signed, it probably didn't come from me. pgpI6tHlSkgsL.pgp Description: PGP signature
Re: TCP-ACK vulnerability (was RE: SSH on the router)
I saw a few hackers (in sniffers, computers and personally), but I never saw anyone doing some hack without the reasons. Usually, if you do not see a reason, it is _your_ misunderstanding. Of course, reason can be as simple as _I have MS_ or as complicated as _here is my girlfriend, and if this system went down, she will be released earlier_ -:) /most common reason was, yep, _getting IRC control_). This allows to subtract (1) from severity , for this particular case. - Original Message - From: Michel Py [EMAIL PROTECTED] To: Alexei Roudnev [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, June 10, 2004 10:11 PM Subject: RE: TCP-ACK vulnerability (was RE: SSH on the router) Alexei Roudnev wrote: Even if I (if been a hacker) scan your networks and find this switch (and you did not moved it out of routable P), I will have not any idea, what is it about, where this switch is, and have not any reason to break it... You (being a hacker) need a _reason_ to break into something? Where does this come from? Michel.
MD5 BGP performance on a VXR?
Has anyone done any concrete testing on how well a 7206VXR with an NPE-300 can handle BGP MD5? The box in question has about 25 sessions and is pushing 150Mbps, with a 75% cpu load. I'm curious to know if it's the MD5 taking all the CPU. Thanks, Ben
Re: AV/FW Adoption Sudies
More likely, the software actually leaks like a sieve, and NEITHER group has even scratched the surface.. How many leaks did the OpenBSD team find when they proactively audited their entire codebase for the first time a few years ago? This would be an indication of just how leaky an O/S might be expected to be. Remember - every single 0-day that surfaces was something the black hats found first. And 0-day exploits are only the ones that the blackhats are willing to talk about. If they keep quiet about an exploit and only use it for industrial espionage and other electronic crimes then we are unlikely to hear about it until a whitehat stumbles across the blackhat's activities. Rather like the cuckoo's egg or the recent complex exploit involving IE and the MS Help tool. Have any of your customers ever asked you for a traffic audit report showing every IP address that has ever sourced traffic to them or received traffic from them? --Michael Dillon
The Cidr Report
This report has been generated at Fri Jun 11 21:43:32 2004 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
04-06-04137884 95186
05-06-04136784 95165
06-06-04136790 95427
07-06-04137242 95750
08-06-04137787 95839
09-06-04137594 95788
10-06-04137680 95901
11-06-04137772 95814
AS Summary
17314 Number of ASes in routing system
7019 Number of ASes announcing only one prefix
1414 Largest number of prefixes announced by an AS
AS7018 : ATTW ATT WorldNet Services
64935424 Largest address span announced by an AS (/32s)
AS568 : DISOUN DISO-UNRRA
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 11Jun04 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 137806957984200830.5% All ASes
AS6347 940 160 78083.0% SAVV SAVVIS Communications
Corporation
AS4134 738 158 58078.6% CHINANET-BACKBONE
No.31,Jin-rong Street
AS18566 710 169 54176.2% CVAD Covad Communications
AS4323 736 205 53172.1% TWTC Time Warner Telecom
AS7018 1414 979 43530.8% ATTW ATT WorldNet Services
AS6197 702 321 38154.3% BNS-14 BellSouth Network
Solutions, Inc
AS7843 506 128 37874.7% ADELPH-13 Adelphia Corp.
AS701 1288 922 36628.4% UU UUNET Technologies, Inc.
AS22909 390 33 35791.5% CMCS Comcast Cable
Communications, Inc.
AS27364 376 38 33889.9% ARMC Armstrong Cable Services
AS6198 568 233 33559.0% BNS-14 BellSouth Network
Solutions, Inc
AS22773 385 61 32484.2% CXAB Cox Communications Inc.
Atlanta
AS1239 944 639 30532.3% SPRN Sprint
AS11172 354 56 29884.2% Servicios Alestra S.A de C.V
AS17676 339 50 28985.3% JPNIC-JP-ASN-BLOCK Japan
Network Information Center
AS9929 316 33 28389.6% CNCNET-CN China Netcom Corp.
AS4355 381 99 28274.0% ERSD EARTHLINK, INC
AS6478 305 48 25784.3% ATTW ATT WorldNet Services
AS6140 390 157 23359.7% IMPSA ImpSat
AS209739 507 23231.4% QWEST-4 Qwest
AS1221 849 617 23227.3% ASN-TELSTRA Telstra Pty Ltd
AS14654 2335 22897.9% WAYPOR-3 Wayport
AS25844 243 16 22793.4% SASMFL-2 Skadden, Arps, Slate,
Meagher Flom LLP
AS9583 453 228 22549.7% SATYAMNET-AS Satyam Infoway
Ltd.,
AS3356 890 675 21524.2% LEVEL3 Level 3 Communications
AS4766 476 264 21244.5% KIX Korea Internet Exchange
for 96 World Internet
Exposition
AS9443 357 155 20256.6% INTERNETPRIMUS-AS-AP Primus
Telecommunications
AS2386 431 234 19745.7% ADCS-1 ATT Data
Communications Services
AS5668 383 192 19149.9% CIH-12 CenturyTel Internet
Holdings, Inc.
AS6327 208 28 18086.5% SHAWC-2 Shaw Communications
Inc.
Total 17044 7410 963456.5% Top 30 total
Possible Bogus Routes
24.138.80.0/20 AS11260 AHSICHCL Andara High Speed Internet c/o Halifax
Cable Ltd.
24.246.0.0/17AS7018 ATTW ATT WorldNet Services
24.246.128.0/18 AS7018 ATTW ATT WorldNet Services
64.46.4.0/22 AS11711 TULARO TULAROSA COMMUNICATIONS
64.46.12.0/24AS7850 IHIGHW iHighway.net, Inc.
64.46.27.0/24AS8674 NETNOD-IX Netnod Internet Exchange Sverige AB
64.46.34.0/24AS3408
RE: MD5 BGP performance on a VXR?
Ben, My first question would be how big is your prefix list per BGP session? What is really going to task this router with 25 sessions is the BGP Scanner and BGP Router processes. To my knowledge MD5 is just for authenticating the session. I could be wrong. Tony Newell Technical Lead RTSG-BB IP Networking -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ben Buxton Sent: Friday, June 11, 2004 5:49 AM To: [EMAIL PROTECTED] Subject: MD5 BGP performance on a VXR? Has anyone done any concrete testing on how well a 7206VXR with an NPE-300 can handle BGP MD5? The box in question has about 25 sessions and is pushing 150Mbps, with a 75% cpu load. I'm curious to know if it's the MD5 taking all the CPU. Thanks, Ben * The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. 113
[OT] common list sense (Re: Even you can be hacked)
On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. wrote: Why do I have to get two and three copies of each of these? Because you havn't set a Reply-To header? Eg with the list as address? I'm on the list folks, if you send it to the list I'll get it. I don't need a copy to the list and Cc:'s until the end of time. Then set a Reply-To. Pretty simple.. regards, -- Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A warning: do not ever send email to [EMAIL PROTECTED] Fortune: Coding is easy; All you do is sit staring at a terminal until the drops of blood form on your forehead.
Re: [OnTopic] common list sense (Re: Even you can be hacked)
Paul Jakma wrote: On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. wrote: Why do I have to get two and three copies of each of these? Because you havn't set a Reply-To header? Eg with the list as address? I'm on the list folks, if you send it to the list I'll get it. I don't need a copy to the list and Cc:'s until the end of time. Then set a Reply-To. Pretty simple.. regards, Really? My responsibility to make sure you control your outbound mail. Got it. Oh. Any suggestions on how to do that using my mailer? And I'll delete the other copy you sent me for you. Where is RFC 2821 is this requirement, by the way? RFC 2822 says it is optional but seems to be less than useful in the context here. -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: Even you can be hacked
Andy Dills wrote: On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. wrote: Jeff Shultz wrote: But ultimately, _you_ are responsible for your own systems. Even if the water company is sending me 85% TriChlorEthane? Right. Got it. The victim is always responsible. There you have it folks. Change the word victim to negligent party and you're correct. Ignoring all of the analogies and metaphors, the bottom line is that ISPs are _not responsible_ for the negligence of their customers, and that ISPs are _not responsible_ for the _content_ of the packets we deliver. In fact, blocking the packets based on content would run counter to our sole responsibility: delivering the well-formed packets (ip verify unicast reverse-path) where they belong. Remember, we're service providers, not content providers. Unless your AUP or customer contract spells out security services provided (most actually go the other way and limit the liability of the service provider specifically in this event), then your customers have to pay you to secure their network (unless you feel like doing it for free), or they are responsible, period. As far as I'm concerned, that guy would have a better shot at suing Microsoft then challenging his bandwidth bill. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- How many more of these do I need, do you think? -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: [OnTopic] common list sense (Re: Even you can be hacked)
reply-to: headers are bad. the replier can be sending to the list when they intended to reply privately. hence, many of us have our MTAs strip them before we even get the mail. again, procmail is your friend # prevent dupes # :0 Wh: msgid.lock | formail -D 65536 msgid.cache randy
Re: TCP-ACK vulnerability (was RE: SSH on the router)
Private addressing/non routing of the netblock is only of limited use. I assume here the block is in the IGP.. the more customers/networks you serve the more chance of an attack coming from within. Steve On Thu, 10 Jun 2004, Alexei Roudnev wrote: Do you have any (even minimal) need to allocate globally routable IP to the VLAN1 interface? Other thing is that, even if I can find your switch, I will not have any minimal idea, that it is _your_ switch and any minimal need to break it. You can (easily) allocated all switch and router loopback IP in private network many years ago, and filtered out this network on all inbound interfaces. Even if I (if been a hacker) scan your networks and find this switch (and you did not moved it out of routable P), I will have not any idea, what is it about, where this switch is, and have not any reason to break it... - Original Message - From: Sean Donelan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Thursday, June 10, 2004 4:19 AM Subject: Re: TCP-ACK vulnerability (was RE: SSH on the router) On Wed, 9 Jun 2004, Alexei Roudnev wrote: This is minor exploit - usually you set up VLAN1 interface with IP addres, which is filterd out from outside. Moreover, there is not any good way to find switch IP - it is transparent for user's devices. Yeah, port scanners are so rare on the Internet they'll never find your IP address. Its not as if the switches have an easy to detect banner signature, and everyone uses out-of-band management for all their network equipment.
Re: [OnTopic] common list sense (Re: Even you can be hacked)
On Fri, 11 Jun 2004 11:50:26 CDT, Laurence F. Sheldon, Jr. said: Where is RFC 2821 is this requirement, by the way? RFC 2822 says it is optional but seems to be less than useful in the context here. 2821 is about the SMTP side of things. By the time the MTA is handed a list of RCPT TO's, it's waaay past time to argue about Reply-to:. (As a matter of fact, careful reading of 2821 will reveal that there's no *specific* requirement that the stuff between the DATA and final '.' even be an 822-style e-mail - I've seen blecherous things that toss an X.400 blob around in there instead...) 2822 and related would be the right place, as that's about the 822-style headers on the mail itself. As already noted by several people, Reply-To: doesn't necessarily impose the proper semantics (and before anybody pipes up, Bernstein's Mail-Followup-To: isn't perfect either, *and* there's not even an active I-D for it, much less any sort of RFC). pgpch4zAwmhkz.pgp Description: PGP signature
Re: [OnTopic] common list sense (Re: Even you can be hacked)
Paul Jakma wrote: On Fri, 11 Jun 2004, Laurence F. Sheldon, Jr. wrote: Really? My responsibility to make sure you control your outbound mail. Got it. You really think everyone on this list should remember the preference of every other poster as to whether they do or do not want a direct copy? Maybe we could have a list on a web page and everyone could check the list before replying to a post. That'd be really useful. But wait, seeing as how we've got these new-fangled computer thingies that can take care of drudgery for us, how about we provide a way to allow the poster to specify what their preference is, and then other people's computers could automatically use that preference! Oh wait: http://www.freesoft.org/CIE/RFC/822/28.htm Someone already thought of that! In *1982*. Gosh, how prescient! Or the document a little out-dated and replaced. But not your responsibility huh? (sorry if the sarcasm is a little thick, but I groan and shake my head every time someone posts to NANOG about how people should please stop including them in list replies. When I see someone who usually has a modicum of clue do same I just have to reply. :) ) Oh. Any suggestions on how to do that using my mailer? No idea, consult its documentation. I do ctrl+r in my MUA, in Netscape Communicator or Mozilla mail or Thunderbird you just add the address in a new field and click the drop down list and change the 'To' to 'Reply-To' If your mailer can not do something as simple as allow you to specify the Reply-To, I suggest you upgrade to something that is at least half-decent. And I'll delete the other copy you sent me for you. That's another option I guess. Where is RFC 2821 is this requirement, by the way? RFC 2822 says it is optional but seems to be less than useful in the context here. Yes, of course Reply-To is optional. Absence of Reply-to indicates reply should go to sender. regards, -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: [OnTopic] common list sense (Re: Even you can be hacked)
On Fri, 11 Jun 2004, Randy Bush wrote: reply-to: headers are bad. Oh, on that I agree. There are draft RFCs to specify these things better, eg seperating the concept of 'Reply-to' into one policy for list related replies and another for personal, mutt supports these drafts already[1], but there hasnt been much apparent movement in these drafts becoming standards track. (primarily because there are already similar headers defined and RFC standards tracked for NNTP readers/posters). 1. which can be annoying when dealing with mutt users. regards, -- Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A warning: do not ever send email to [EMAIL PROTECTED] Fortune: The soul would have no rainbow had the eyes no tears.
Re: MD5 BGP performance on a VXR?
sh proc cpu should be able to tell you where the load is.. i have a 7206, about 130 bgp sessions (445000 paths) .. not much cpu being used, BGP scanner is the larges with a 5% 1min average Steve On Fri, 11 Jun 2004, Ben Buxton wrote: Has anyone done any concrete testing on how well a 7206VXR with an NPE-300 can handle BGP MD5? The box in question has about 25 sessions and is pushing 150Mbps, with a 75% cpu load. I'm curious to know if it's the MD5 taking all the CPU. Thanks, Ben
Re: [OnTopic] common list sense (Re: Even you can be hacked)
On Fri, 11 Jun 2004, Laurence F. Sheldon, Jr. wrote: Really? My responsibility to make sure you control your outbound mail. Got it. You really think everyone on this list should remember the preference of every other poster as to whether they do or do not want a direct copy? Maybe we could have a list on a web page and everyone could check the list before replying to a post. That'd be really useful. But wait, seeing as how we've got these new-fangled computer thingies that can take care of drudgery for us, how about we provide a way to allow the poster to specify what their preference is, and then other people's computers could automatically use that preference! Oh wait: http://www.freesoft.org/CIE/RFC/822/28.htm Someone already thought of that! In *1982*. Gosh, how prescient! (sorry if the sarcasm is a little thick, but I groan and shake my head every time someone posts to NANOG about how people should please stop including them in list replies. When I see someone who usually has a modicum of clue do same I just have to reply. :) ) Oh. Any suggestions on how to do that using my mailer? No idea, consult its documentation. I do ctrl+r in my MUA, in Netscape Communicator or Mozilla mail or Thunderbird you just add the address in a new field and click the drop down list and change the 'To' to 'Reply-To' If your mailer can not do something as simple as allow you to specify the Reply-To, I suggest you upgrade to something that is at least half-decent. And I'll delete the other copy you sent me for you. That's another option I guess. Where is RFC 2821 is this requirement, by the way? RFC 2822 says it is optional but seems to be less than useful in the context here. Yes, of course Reply-To is optional. Absence of Reply-to indicates reply should go to sender. regards, -- Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A warning: do not ever send email to [EMAIL PROTECTED] Fortune: October 12, the Discovery. It was wonderful to find America, but it would have been more wonderful to miss it. -- Mark Twain, Pudd'nhead Wilson's Calendar
Re: [OnTopic] common list sense (Re: Even you can be hacked)
On Fri, 11 Jun 2004, Laurence F. Sheldon, Jr. wrote: Or the document a little out-dated and replaced. But not your responsibility huh? 822 might have been superceded, yes, however no newer standards track RFC has made Reply-to obsolete. My point was that Reply-to isnt something new, it's something I'd expect anyone on a network ops mailling list to know about and be able to use. (if they really wish to run the risk of other people accidently mailling private correspondence to the Reply-To address). NB: The other thing you can do is filter your email into seperate mailboxes, eg each list into a seperate folder. If you do this, the direct copy will become useful. regards, -- Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A warning: do not ever send email to [EMAIL PROTECTED] Fortune: Innovation is hard to schedule. -- Dan Fylstra
RE: Even you can be hacked
At 7:07 PM -0700 2004-06-10, David Schwartz wrote: Most of the people on this list see things from the ISP's perspective. However, step back a bit and see it from the user's perspective. Do you expect to pay for phone calls you didn't make or do you expect the person whose deliberate conscious action caused those calls to be made? Do you expect to be responsible for patrolling your electric lines to make sure someone hasn't plugged into your outside outlets? If you had a PBX in your home that was misconfigured and allowed people to dial-in and then dial back out and get free long distance, and your telephone company warned you about this weakness, forgives your first month overages due to your being hacked, and yet you still refused to fix the system, then you're toast. Under those circumstances, if someone makes $10M worth of long distance calls via your PBX, then you're going to have to pay up. Of course, except in this case, the phone company can't easily tell the legitimate calls from the illegitimate ones and block only the illegitimate ones. Every analogy will break down, so don't expect to be able to convince people with analogies that seem so obviously right to you. Nothing is exactly accurate except the actual situation itself. And, again, alomst every contract has some insurance elements to it. There will be unusual cases where it's actually possible for the utility to lose money if something unusual happens. My main point is that the understanding that seems so obviously right to you may not seem so obviously right to your customers. As for all the people who talk about turning off their DSL access when they're away from home, they're missing the point. Obviously a person could do that. We could shut off our electricity when we leave home. We could have our telephone service temporarily disabled when we go on vacation too. A person could do all of these things. My point is that it's also perfectly reasonable for a person not to do these things. Because in general an ISP has more ability to control these things and it makes very little sense for a home user to insure an ISP, it makes more sense for the ISP to insure the user. In any unfortunate situation, you can find a hundred things that anyone could have done differently that would have avoided the situation. But that is not how you establish responsibility, financial or moral. You look at people who failed to use reasonable prudence. And, of course, the ISP always (or very nearly always) insures the user against the costs of inbound attack traffic that exceeds his line rate. The more demands you make of your customers, the more you decrease the value of your very own product. Frankly, if I ruled the world, obtaining Internet access would require a serious cluefulness test and you'd take a lot more responsiblity for generated traffic. I know a lot of people on this list wish things were the same way and sometimes want it so much that they're able to convince themselves that this is the way things actually are in the real world today. But they're not, and you may find that outside your group of friends, your views are found to be very odd by the majority of 'normal' (but, admittedly, inferior) people. The arguments that seem so obviously right to you may be greeted by amusement and the analogies you think work will be found unconvincing. This is because this argument is largely about other people's expectations. DS
Re: [OnTopic] common list sense and responsibility
My last on the topic--maybe even the list. I take the responsibilty for a number of things, depending on the topic of the discussion. In the case of email conversations, particularly email converations on mailing lists, I think there are responsibilites on the author to: Delete all the baggage that has accumulated that is not relevant to the instant message, like the addresses in excess of the intended recipent or recipient-list, like the material that is not the object of the current comments, like the collection of cute .sig things that were not separated by a proper separator or not dropped by a proper mailer. (And it happens that I am reduced to using Netscape as a mailer, and to the best of my ability I have not found a way to add not-required headers to the messages.) But I'm big on responsibility and I understand that I am pretty close to alone here on that. -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to [EMAIL PROTECTED] If you have any comments please contact Philip Smith [EMAIL PROTECTED]. Routing Table Report 04:00 +10GMT Sat 12 Jun, 2004 Analysis Summary BGP routing table entries examined:140462 Prefixes after maximum aggregation: 84998 Unique aggregates announced to Internet:68154 Total ASes present in the Internet Routing Table: 17399 Origin-only ASes present in the Internet Routing Table: 15103 Origin ASes announcing only one prefix: 7028 Transit ASes present in the Internet Routing Table: 2296 Transit-only ASes present in the Internet Routing Table: 72 Average AS path length visible in the Internet Routing Table: 5.1 Max AS path length visible:26 Illegal AS announcements present in the Routing Table: 8 Non-routable prefixes present in the Routing Table: 0 Prefixes being announced from unallocated address space: 19 Number of addresses announced to Internet: 1312025340 Equivalent to 78 /8s, 51 /16s and 234 /24s Percentage of available address space announced: 35.4 Percentage of allocated address space announced: 58.1 Percentage of available address space allocated: 60.9 Total number of prefixes smaller than registry allocations: 64122 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:26841 Total APNIC prefixes after maximum aggregation: 13922 Prefixes being announced from the APNIC address blocks: 25076 Unique aggregates announced from the APNIC address blocks:14019 APNIC Region origin ASes present in the Internet Routing Table:2064 APNIC Region origin ASes announcing only one prefix:616 APNIC Region transit ASes present in the Internet Routing Table:337 Average APNIC Region AS path length visible:5.2 Max APNIC Region AS path length visible: 18 Number of APNIC addresses announced to Internet: 150026240 Equivalent to 8 /8s, 241 /16s and 56 /24s Percentage of available APNIC address space announced: 68.5 APNIC AS Blocks4608 - 4864, 7467 - 7722, 9216 - 10239 17408 - 18431, 23552 - 24575 APNIC Address Blocks 58/7, 60/7, 202/7, 210/7, 218/7, 220/7 and 222/8 ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes: 80606 Total ARIN prefixes after maximum aggregation:49793 Prefixes being announced from the ARIN address blocks:62431 Unique aggregates announced from the ARIN address blocks: 21967 ARIN Region origin ASes present in the Internet Routing Table: 9241 ARIN Region origin ASes announcing only one prefix:3287 ARIN Region transit ASes present in the Internet Routing Table: 896 Average ARIN Region AS path length visible: 4.9 Max ARIN Region AS path length visible: 17 Number of ARIN addresses announced to Internet: 225181216 Equivalent to 13 /8s, 107 /16s and 254 /24s Percentage of available ARIN address space announced: 74.6 ARIN AS Blocks 1 - 1876, 1902 - 2042, 2044 - 2046, 2048 - 2106 2138 - 2584, 2615 - 2772, 2823 - 2829, 2880 - 3153 3354 - 4607, 4865 - 5119, 5632 - 6655, 6912 - 7466 7723 - 8191, 10240 - 12287, 13312 - 15359 16384 - 17407, 18432 - 20479, 21504 - 23551 25600 - 26591, 26624 - 27647, 29695 - 30719 31744 - 33791 ARIN Address Blocks24/8, 63/8, 64/6, 68/7, 70/8, 198/7, 204/6, 208/7 and 216/8 RIPE Region Analysis Summary Prefixes being announced by RIPE Region ASes: 25755 Total RIPE prefixes after maximum aggregation:18347 Prefixes being announced from the RIPE address blocks:22551 Unique aggregates announced from the RIPE address blocks: 15075 RIPE Region origin ASes present in the Internet Routing Table: 5551 RIPE Region origin ASes announcing only one prefix:2992 RIPE Region transit ASes present in the Internet Routing Table: 951 Average RIPE Region AS path length visible: 5.9 Max RIPE Region AS path length visible: 26 Number of RIPE addresses announced to Internet: 164243456 Equivalent to 9 /8s, 202
Re: [OnTopic] common list sense (Re: Even you can be hacked)
I suspect most of us who are failing to feel Mr. Sheldon's pain on this just fail to understand the burden that's been placed on him by this problem. As an occasional poster to this and other lists, I sometimes get a few duplicate replies, which, being sent directly to me, end up in my regular mailbox instead of my NANOG folder, and thus require me to actively delete or sort through them. As an occasional issue, it seems like a natural result of sending out a message to a few thousand people. Not being all that important I often find it hard to believe that a few thousand people will want to read what I have to say, so I don't do it all that often. I can see, however, that some scaling issues would come into play here. If I have to spend a few minutes sorting out duplicate replies every few weeks after posting something to the list, it's not a big deal. Besides, if I've taken the time to write something and send it to a few thousand people, I generally want to know what people have to say about it. But, never having posted to the NANOG list eight times in less than two days, I can only imagine how the time spent dealing with duplicate replies would add up. Besides, coming up with that many things worth sending to a few thousand people, in such a short period of time, must be really time consuming. With such a busy posting schedule, should we be surprised that the time to deal with an unfathomable quantity of duplicate responses would be hard to come by? -Steve On Fri, 11 Jun 2004, Laurence F. Sheldon, Jr. wrote: Paul Jakma wrote: On Fri, 11 Jun 2004, Laurence F. Sheldon, Jr. wrote: Really? My responsibility to make sure you control your outbound mail. Got it. You really think everyone on this list should remember the preference of every other poster as to whether they do or do not want a direct copy? Maybe we could have a list on a web page and everyone could check the list before replying to a post. That'd be really useful. But wait, seeing as how we've got these new-fangled computer thingies that can take care of drudgery for us, how about we provide a way to allow the poster to specify what their preference is, and then other people's computers could automatically use that preference! Oh wait: http://www.freesoft.org/CIE/RFC/822/28.htm Someone already thought of that! In *1982*. Gosh, how prescient! Or the document a little out-dated and replaced. But not your responsibility huh? (sorry if the sarcasm is a little thick, but I groan and shake my head every time someone posts to NANOG about how people should please stop including them in list replies. When I see someone who usually has a modicum of clue do same I just have to reply. :) ) Oh. Any suggestions on how to do that using my mailer? No idea, consult its documentation. I do ctrl+r in my MUA, in Netscape Communicator or Mozilla mail or Thunderbird you just add the address in a new field and click the drop down list and change the 'To' to 'Reply-To' If your mailer can not do something as simple as allow you to specify the Reply-To, I suggest you upgrade to something that is at least half-decent. And I'll delete the other copy you sent me for you. That's another option I guess. Where is RFC 2821 is this requirement, by the way? RFC 2822 says it is optional but seems to be less than useful in the context here. Yes, of course Reply-To is optional. Absence of Reply-to indicates reply should go to sender. regards, -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: [OnTopic] common list sense (Re: Even you can be hacked)
a quick duplicate elimination in procmail is something like: :0 Whc: msgid.lock | formail -D 16384 msgid.cache :0 a: /dev/null for me it's a substantial lifestyle improvement. On Fri, 11 Jun 2004, Steve Gibbard wrote: I suspect most of us who are failing to feel Mr. Sheldon's pain on this just fail to understand the burden that's been placed on him by this problem. As an occasional poster to this and other lists, I sometimes get a few duplicate replies, which, being sent directly to me, end up in my regular mailbox instead of my NANOG folder, and thus require me to actively delete or sort through them. As an occasional issue, it seems like a natural result of sending out a message to a few thousand people. Not being all that important I often find it hard to believe that a few thousand people will want to read what I have to say, so I don't do it all that often. I can see, however, that some scaling issues would come into play here. If I have to spend a few minutes sorting out duplicate replies every few weeks after posting something to the list, it's not a big deal. Besides, if I've taken the time to write something and send it to a few thousand people, I generally want to know what people have to say about it. But, never having posted to the NANOG list eight times in less than two days, I can only imagine how the time spent dealing with duplicate replies would add up. Besides, coming up with that many things worth sending to a few thousand people, in such a short period of time, must be really time consuming. With such a busy posting schedule, should we be surprised that the time to deal with an unfathomable quantity of duplicate responses would be hard to come by? -Steve On Fri, 11 Jun 2004, Laurence F. Sheldon, Jr. wrote: Paul Jakma wrote: On Fri, 11 Jun 2004, Laurence F. Sheldon, Jr. wrote: Really? My responsibility to make sure you control your outbound mail. Got it. You really think everyone on this list should remember the preference of every other poster as to whether they do or do not want a direct copy? Maybe we could have a list on a web page and everyone could check the list before replying to a post. That'd be really useful. But wait, seeing as how we've got these new-fangled computer thingies that can take care of drudgery for us, how about we provide a way to allow the poster to specify what their preference is, and then other people's computers could automatically use that preference! Oh wait: http://www.freesoft.org/CIE/RFC/822/28.htm Someone already thought of that! In *1982*. Gosh, how prescient! Or the document a little out-dated and replaced. But not your responsibility huh? (sorry if the sarcasm is a little thick, but I groan and shake my head every time someone posts to NANOG about how people should please stop including them in list replies. When I see someone who usually has a modicum of clue do same I just have to reply. :) ) Oh. Any suggestions on how to do that using my mailer? No idea, consult its documentation. I do ctrl+r in my MUA, in Netscape Communicator or Mozilla mail or Thunderbird you just add the address in a new field and click the drop down list and change the 'To' to 'Reply-To' If your mailer can not do something as simple as allow you to specify the Reply-To, I suggest you upgrade to something that is at least half-decent. And I'll delete the other copy you sent me for you. That's another option I guess. Where is RFC 2821 is this requirement, by the way? RFC 2822 says it is optional but seems to be less than useful in the context here. Yes, of course Reply-To is optional. Absence of Reply-to indicates reply should go to sender. regards, -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/ -- -- Joel Jaeggli Unix Consulting [EMAIL PROTECTED] GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
RE: TCP-ACK vulnerability (was RE: SSH on the router)
Alexei Roudnev wrote: Of course, reason can be as simple as _I have MS_ or as complicated as _here is my girlfriend, and if this system went down, she will be released earlier_ -:) /most common reason was, yep, _getting IRC control_). Or just because I can do it. I call these lame excuses, not reasons. Michel.
Re: MD5 BGP performance on a VXR?
On Jun 11, 2004, at 8:21 AM, Newell, Tony wrote: My first question would be how big is your prefix list per BGP session? What is really going to task this router with 25 sessions is the BGP Scanner and BGP Router processes. To my knowledge MD5 is just for authenticating the session. I could be wrong. Every TCP packet in the BGP session (including HELLOs) will have to go through the MD5 process. This happens even if things like the sequence number is wrong (at least on some versions of IOS). -- TTFN, patrick
Re: [OnTopic] common list sense and responsibility
On Fri, 11 Jun 2004, Laurence F. Sheldon, Jr. wrote: But I'm big on responsibility and I understand that I am pretty close to alone here on that. You're big on responsibility...just as long as the end users aren't held responsible for their networks, right? Which network do you run again? I'm starting to think I'm talking to a kook. Here this whole time I thought you represented cox.net. Clearly not. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
Re: MD5 BGP performance on a VXR?
* Patrick W.Gilmore [EMAIL PROTECTED] [2004-06-11 20:54]: On Jun 11, 2004, at 8:21 AM, Newell, Tony wrote: My first question would be how big is your prefix list per BGP session? What is really going to task this router with 25 sessions is the BGP Scanner and BGP Router processes. To my knowledge MD5 is just for authenticating the session. I could be wrong. Every TCP packet in the BGP session (including HELLOs) will have to go through the MD5 process. there is no HELLO in bgp. and it is not really related to bgp either, it is just the common case that they're used together. with tcp md5sig, each and every packet gets a md5 signature - build from the packet header and a shared secret - added, and the receiving side - which, of course, has to have the secret for that - does the same again. if the signature in the packet and the signature the receiver calculated don't match, the packet is discarded (well, should. FreeBSD's implementation does sign outgoing packets and simply ignores signatures on incoming packets, very useful. ok, I don't know wether this has been fixed, but thanks for the laugh). This happens even if things like the sequence number is wrong (at least on some versions of IOS). I consider this Yet Another IOS Bug. -- Henning Brauer, BS Web Services, http://bsws.de [EMAIL PROTECTED] - [EMAIL PROTECTED] Unix is very simple, but it takes a genius to understand the simplicity. (Dennis Ritchie)
Re: [OnTopic] common list sense (Re: Even you can be hacked)
On Fri, 11 Jun 2004 10:52:40 PDT, Steve Gibbard said: As an occasional poster to this and other lists, I sometimes get a few duplicate replies, which, being sent directly to me, end up in my regular mailbox instead of my NANOG folder, and thus require me to actively delete or sort through them. As an occasional issue, it seems like a natural result of sending out a message to a few thousand people. Not being all that important I often find it hard to believe that a few thousand people will want to read what I have to say, so I don't do it all that often. Much more annoying are borked Out-of-Brain responders that annoy you when you post to a list because they don't understand the concept of a list. What's really sad is when an Out-of-Brain responder manages to trigger my procmail duplicate detector.. ;) pgpge2RrRnDHJ.pgp Description: PGP signature
Re: Even you can be hacked
Here are a list of very active ports that attempt to hack into peoples systesm from various parts of the world China in particular. I think unassigned ports should be dropped from routing tables unless they are registered with the host and or providers as to their legitimate use smpnameres 901/tcp SMPNAMERES smpnameres 901/udp SMPNAMERES blackjack 1025/tcpnetwork blackjack blackjack 1025/udp network blackjack cap1026/tcp Calender Access Protocol cap1026/udp Calender Access Protocol exosee 1027/tcp ExoSee exosee 1027/udp ExoSee # 1124-1154 Unassigned ssslic-mgr 1203/tcpLicense Validation ssslic-mgr 1203/udp License Validation ms-sql-s 1433/tcp Microsoft-SQL-Server ms-sql-s 1433/udp Microsoft-SQL-Server ms-sql-m 1434/tcp Microsoft-SQL-Monitor ms-sql-m 1434/udp Microsoft-SQL-Monitor # 6851-6887 Unassigned monkeycom 9898/tcp MonkeyCom monkeycom 9898/udp MonkeyCom And I need a list that shows who or what owns Dynamic and/or Private Ports -Henry --- Laurence F. Sheldon, Jr. [EMAIL PROTECTED] wrote: Andy Dills wrote: On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. wrote: Jeff Shultz wrote: But ultimately, _you_ are responsible for your own systems. Even if the water company is sending me 85% TriChlorEthane? Right. Got it. The victim is always responsible. There you have it folks. Change the word victim to negligent party and you're correct. Ignoring all of the analogies and metaphors, the bottom line is that ISPs are _not responsible_ for the negligence of their customers, and that ISPs are _not responsible_ for the _content_ of the packets we deliver. In fact, blocking the packets based on content would run counter to our sole responsibility: delivering the well-formed packets (ip verify unicast reverse-path) where they belong. Remember, we're service providers, not content providers. Unless your AUP or customer contract spells out security services provided (most actually go the other way and limit the liability of the service provider specifically in this event), then your customers have to pay you to secure their network (unless you feel like doing it for free), or they are responsible, period. As far as I'm concerned, that guy would have a better shot at suing Microsoft then challenging his bandwidth bill. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- How many more of these do I need, do you think? -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: Even you can be hacked
Henry Linneweh wrote: Here are a list of very active ports that attempt to hack into peoples systesm from various parts of the world China in particular. Thank you. I think unassigned ports should be dropped from routing tables unless they are registered with the host and or providers as to their legitimate use smpnameres 901/tcp SMPNAMERES smpnameres 901/udp SMPNAMERES blackjack 1025/tcpnetwork blackjack blackjack 1025/udp network blackjack cap1026/tcp Calender Access Protocol cap1026/udp Calender Access Protocol exosee 1027/tcp ExoSee exosee 1027/udp ExoSee # 1124-1154 Unassigned ssslic-mgr 1203/tcpLicense Validation ssslic-mgr 1203/udp License Validation ms-sql-s 1433/tcp Microsoft-SQL-Server ms-sql-s 1433/udp Microsoft-SQL-Server ms-sql-m 1434/tcp Microsoft-SQL-Monitor ms-sql-m 1434/udp Microsoft-SQL-Monitor # 6851-6887 Unassigned monkeycom 9898/tcp MonkeyCom monkeycom 9898/udp MonkeyCom And I need a list that shows who or what owns Dynamic and/or Private Ports -Henry --- Laurence F. Sheldon, Jr. [EMAIL PROTECTED] wrote: Andy Dills wrote: On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. wrote: Jeff Shultz wrote: But ultimately, _you_ are responsible for your own systems. Even if the water company is sending me 85% TriChlorEthane? Right. Got it. The victim is always responsible. There you have it folks. Change the word victim to negligent party and you're correct. Ignoring all of the analogies and metaphors, the bottom line is that ISPs are _not responsible_ for the negligence of their customers, and that ISPs are _not responsible_ for the _content_ of the packets we deliver. In fact, blocking the packets based on content would run counter to our sole responsibility: delivering the well-formed packets (ip verify unicast reverse-path) where they belong. Remember, we're service providers, not content providers. Unless your AUP or customer contract spells out security services provided (most actually go the other way and limit the liability of the service provider specifically in this event), then your customers have to pay you to secure their network (unless you feel like doing it for free), or they are responsible, period. As far as I'm concerned, that guy would have a better shot at suing Microsoft then challenging his bandwidth bill. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- How many more of these do I need, do you think? -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/ -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: Even you can be hacked
Henry Linneweh wrote: Here are a list of very active ports that attempt to hack into peoples systesm from various parts of the world China in particular. I think unassigned ports should be dropped from routing tables unless they are registered with the host and or providers as to their legitimate use smpnameres 901/tcp SMPNAMERES smpnameres 901/udp SMPNAMERES blackjack 1025/tcpnetwork blackjack blackjack 1025/udp network blackjack cap1026/tcp Calender Access Protocol cap1026/udp Calender Access Protocol exosee 1027/tcp ExoSee exosee 1027/udp ExoSee # 1124-1154 Unassigned ssslic-mgr 1203/tcpLicense Validation ssslic-mgr 1203/udp License Validation ms-sql-s 1433/tcp Microsoft-SQL-Server ms-sql-s 1433/udp Microsoft-SQL-Server ms-sql-m 1434/tcp Microsoft-SQL-Monitor ms-sql-m 1434/udp Microsoft-SQL-Monitor # 6851-6887 Unassigned monkeycom 9898/tcp MonkeyCom monkeycom 9898/udp MonkeyCom And I need a list that shows who or what owns Dynamic and/or Private Ports -Henry --- Laurence F. Sheldon, Jr. [EMAIL PROTECTED] wrote: Andy Dills wrote: On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. wrote: Jeff Shultz wrote: But ultimately, _you_ are responsible for your own systems. Even if the water company is sending me 85% TriChlorEthane? Right. Got it. The victim is always responsible. There you have it folks. Change the word victim to negligent party and you're correct. Ignoring all of the analogies and metaphors, the bottom line is that ISPs are _not responsible_ for the negligence of their customers, and that ISPs are _not responsible_ for the _content_ of the packets we deliver. In fact, blocking the packets based on content would run counter to our sole responsibility: delivering the well-formed packets (ip verify unicast reverse-path) where they belong. Remember, we're service providers, not content providers. Unless your AUP or customer contract spells out security services provided (most actually go the other way and limit the liability of the service provider specifically in this event), then your customers have to pay you to secure their network (unless you feel like doing it for free), or they are responsible, period. As far as I'm concerned, that guy would have a better shot at suing Microsoft then challenging his bandwidth bill. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- How many more of these do I need, do you think? -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/ Thanks -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: Even you can be hacked
I think unassigned ports should be dropped from routing tables your wish is the internet's comman. ports are no longer in routing tables.
Re: Even you can be hacked
Randy Bush wrote: I think unassigned ports should be dropped from routing tables your wish is the internet's comman. ports are no longer in routing tables. Thank you -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: AV/FW Adoption Studies
[unattributed wrote:] Remember - every single 0-day that surfaces was something the black hats found first. * [EMAIL PROTECTED] [Fri 11 Jun 2004, 12:29 CEST]: And 0-day exploits are only the ones that the blackhats are willing to talk about. If they keep quiet about an exploit and only use it for industrial espionage and other electronic crimes then we are unlikely to hear about it until a whitehat stumbles across the blackhat's activities. Rather like the cuckoo's egg or the recent complex exploit involving IE and the MS Help tool. This black hat vs. other shade hats is unnecessarily polarising. A security researcher may, during the normal course of his employment, find a security vulnerability. Not talking about it could be a commercial advantage (if she does security audits, the discovery could potentially be used to gain access to otherwise closed portions of a customer's network) and not necessarily a sign of an evil mind. Have any of your customers ever asked you for a traffic audit report showing every IP address that has ever sourced traffic to them or received traffic from them? Surely this would be for comparison against their own logs of what they sent and received and not because they aren't logging their own very important data traffic? -- Niels.
Re: Even you can be hacked
On Fri, 11 Jun 2004, Henry Linneweh wrote: Here are a list of very active ports that attempt to hack into peoples systesm from various parts of the world China in particular. I think unassigned ports should be dropped from routing tables unless they are registered with the host and or providers as to their legitimate use Better yet, we should hire illegal immigrants to hand deliver our packets! Or if you really wanted to get creative, you could bind the inverse multiplexer to the outflow of the negative ion generator. Just be careful not to cross your streams. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 ---
RE: Even you can be hacked
This thread is quite amusing and interesting at the same time. If I read the original post right, Mr. Mike Bierstock was informed that he was generating an unusual amount of traffic, traffic he would have to pay for. He got the bill and had to deal with the consequences. What is wrong with that? Does it matter how this traffic was generated? Adi
Re: Even you can be hacked
On Fri, 11 Jun 2004, Andy Dills wrote: On Fri, 11 Jun 2004, Henry Linneweh wrote: Here are a list of very active ports that attempt to hack into peoples systesm from various parts of the world China in particular. I think unassigned ports should be dropped from routing tables unless they are registered with the host and or providers as to their legitimate use Better yet, we should hire illegal immigrants to hand deliver our packets! Ah. A tunneling implementation. Or if you really wanted to get creative, you could bind the inverse multiplexer to the outflow of the negative ion generator. Just be careful not to cross your streams. You'll need a cold fusion generator to power that. This is starting to look like a meower thread in an unmoderated Usenet group. - SLS Scott L. Stursa 850/644-2591 Network Security Officer [EMAIL PROTECTED] Academic Computing and Network Services Florida State University - No good deed goes unpunished -
was: Even you can be hacked
Coupled with a Flux Capacitor for the ultimate in message delivery :) - Original Message - From: Scott Stursa [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 11, 2004 4:44 PM Subject: Re: Even you can be hacked Ah. A tunneling implementation. You'll need a cold fusion generator to power that.
RE: Even you can be hacked
Now you are just getting silly, we know Flux Capacitors don't work on earth. Mike Walter -Original Message- From: Matthew McGehrin [mailto:[EMAIL PROTECTED] Sent: Friday, June 11, 2004 5:00 PM To: nanog Subject: was: Even you can be hacked Coupled with a Flux Capacitor for the ultimate in message delivery :) - Original Message - From: Scott Stursa [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 11, 2004 4:44 PM Subject: Re: Even you can be hacked Ah. A tunneling implementation. You'll need a cold fusion generator to power that.
RE: Even you can be hacked
[EMAIL PROTECTED] 6/11/04 3:02:42 PM Now you are just getting silly, we know Flux Capacitors don't work on earth. Sure they do, at least the ones made since 1985. I believe I remember a DeLorean that used one. John --
RE: Even you can be hacked
Hmm, so your on earth? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike Walter Sent: Friday, June 11, 2004 5:03 PM To: nanog Subject: RE: Even you can be hacked Now you are just getting silly, we know Flux Capacitors don't work on earth. Mike Walter -Original Message- From: Matthew McGehrin [mailto:[EMAIL PROTECTED] Sent: Friday, June 11, 2004 5:00 PM To: nanog Subject: was: Even you can be hacked Coupled with a Flux Capacitor for the ultimate in message delivery :) - Original Message - From: Scott Stursa [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 11, 2004 4:44 PM Subject: Re: Even you can be hacked Ah. A tunneling implementation. You'll need a cold fusion generator to power that.
RE: Even you can be hacked
the bottom line o if you want the internet to continue to innovate, then the end-to-end model is critical. it means that it takes only X colluding end-poits to deploy an new application which might be the next killer ap which drives your business. remember, email was not part of the original spec; http was not; jabber was not; ... this is in opposition to the telco model, where billions need to be spent uprading a smart middle to do anything new. and guess who gets the profits, if any considering what the deployment did to capex and opex. o this means that the network will also transport bad things; kinda like the phone network will carry obscene calls. damned shame, but that's the price you pay for liberty. or you can ask john poindexter (aka vigilante isps) to defend liberty for you and find all sorts of very unlovely and long term consequences. o this moves the burden for security to the edges, to the site boundaries, which may not care if their users can be early adopters of the next wannabe killer ap, and to the end-points, the hosts themselves. o but there are jillions of end-points; well yes, there are jillions of telephones too. and it's gonna be hell to clean up after the fact that they were designed without security, some have 80 jillion lines of code sitting on the laptops of naive users, blah blah. you want to support a free society, then the poupulace has to be educated. ain't no magic pixie dust here. they know how to recognize and maybe even report a 'breather' when they pick up the phone. we'll they gotta recognize a bad attachment when they get the email. and the software vendors have to clean up the jillions of lines of cr^h^hsoftware they have on the end users' desktops. and they are, half out of clue and half out of the smell of liability. but it will take a while. there ain't no free lunch. randy, who is clearly thinking of lunch, or maybe just out to lunch
[OT] common list sense (Re: Even you can be hacked)
Title: [OT] common list sense (Re: Even you can be hacked) Paul Jamka [PJ] wrote: On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. [LFSJ] wrote: LFSJ I'm on the list folks, if you send it to the list I'll get it. I don't need a copy to the list and Cc:'s until the end of time. PJ Then set a Reply-To. Pretty simple. In case no one else bothered to point this out: Not everyone who *posts* to NANOG *reads* nanog via email. For example, I read it via the web archive. For those like us, any presumption about replies to the list being read by us, would be incorrect. And since no one necessarily knows the current subscription status of everyone else, it actually makes sense to copy both the sender and the list. As Randy [Bush, of course] points out, if you don't like duplicate mail, you are free to use some kind of filter. (Please don't bother replying. I am just attempting to get in the last blow before the equine perishes.) Brian
Re: Even you can be hacked
On Thu, 10 Jun 2004, Sean Donelan wrote: :Did your computer have a power switch? Did you turn it off? Or did you :continue to let it run up the bill? Yes, even the complete computer :novice can stop a computer room. Turn off your computer. If you don't :know how to fix it, take it to a repair store. : :If you leave your lights on, the electric company will send you a bill. :If you leave your faucets running, the water company will send you a bill. :If you leave your computer infected, ??? What the ISP failed to do in this case was protect their infrastructure from being abused by a worm, which would have also infected other customers from this users host. That is to say, the worm caused them an alleged $11,000 loss because they failed to do anything to prevent it, after being made aware of the situation. The ISP (I would say negligently) exposed themselves to absurd financial risk by continuing to provide service to a site which they knew to be abusing their resources. The reality of this situation is that if the bandwidth being used by the ISP was actually costing them $5000, let alone $11,000, it would have been grossly negligent from a financial perspective to allow the worm to continue consuming bandwidth. The other reality is that bandwidth is not valuable enough for the ISP to declare an $11,000 loss unless they had booked the revenue before having some evidence they would recieve it. That is, the ISP's accounting practices should be investigated if they are booking revenue that is effectively theoretical in light of the risks they knowingly accept regarding the odds of actually recieving it. The leaving lights on/faucets running simile is inaccurate, as the burden of risk was acknowledged and borne by the ISP, in not taking steps to protect their infrastructure from loss, they got burned and are sticking the blame wherever they think it will stick. Exploiting someones lack of technological sophistication to assign liability is disingenuous and possibly fraudulent. Maybe the only bandwidth simile that could be appropriate would be to a car in the 1950's, one which was unsafe at any speed. -- James Reid, CISSP
RE: Even you can be hacked
That is true, but only if they are placed in DeLorean because they filled with drugs. Mike -Original Message- From: John Neiberger [mailto:[EMAIL PROTECTED] Sent: Friday, June 11, 2004 5:10 PM To: [EMAIL PROTECTED] Subject: RE: Even you can be hacked [EMAIL PROTECTED] 6/11/04 3:02:42 PM Now you are just getting silly, we know Flux Capacitors don't work on earth. Sure they do, at least the ones made since 1985. I believe I remember a DeLorean that used one. John --
Re: Even you can be hacked
We'll agree to disagree on the majority of your post and your interpretation of the facts... However, this tidbit attracted my attention... Maybe the only bandwidth simile that could be appropriate would be to a car in the 1950's, one which was unsafe at any speed. Yes... I have long felt that Micr0$0ft was the Exploding Pinto of the information super highway (yes, I realize that's a different unsafe car, but, bear with). However, the ISP didn't sell the customer the computer. The ISP didn't install Windows on the computer or sell Windows to the customer. The ISP didn't install the malware on the computer. The ISP didn't have administrative rights to the computer. Should the ISP have shut the customer off? Probably. I certainly would have. Are there ISPs that don't? You bet... Some because they are afraid to. Have ISPs been sued for turning off abusive or abusing customers? You bet. Is it prudent for an ISP to turn someone off? Depends on how you evaluate the risks involved. Either decision you make carries some risk. Owen -- If this message was not signed with gpg key 0FE2AA3D, it's probably a forgery. pgp5t7jvt3Kmw.pgp Description: PGP signature
RE: Even you can be hacked
But wouldn't an interocitor with electron sorter option give you much more reliable packet delivery... Scott C. McGrath On Fri, 11 Jun 2004, Fisher, Shawn wrote: Hmm, so your on earth? -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mike Walter Sent: Friday, June 11, 2004 5:03 PM To: nanog Subject: RE: Even you can be hacked Now you are just getting silly, we know Flux Capacitors don't work on earth. Mike Walter -Original Message- From: Matthew McGehrin [mailto:[EMAIL PROTECTED] Sent: Friday, June 11, 2004 5:00 PM To: nanog Subject: was: Even you can be hacked Coupled with a Flux Capacitor for the ultimate in message delivery :) - Original Message - From: Scott Stursa [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, June 11, 2004 4:44 PM Subject: Re: Even you can be hacked Ah. A tunneling implementation. You'll need a cold fusion generator to power that.
RE: Even you can be hacked
Of course, except in this case, the phone company can't easily tell the legitimate calls from the illegitimate ones and block only the illegitimate ones. Every analogy will break down, so don't expect to be able to convince people with analogies that seem so obviously right to you. Nothing is exactly accurate except the actual situation itself. And how, exactly, did you expect the ISP to tell which packets you were sending were legitimate and which were from the malware running on your computer? Please enlighten me as to how I tell a customer's legitimate outbound email from his system apart from the email from the same system which is being sent not by him, but, by the malware that has infected his system? In this case, the ISP informed the customer that there was illegitimate traffic. If it's your position that the ISP can't tell the difference, then the notification that we know happened would have been impossible. Presumably they even identified the particular customer responsible for the traffic, given that they notified him about it! Since it's obvious in this case that the customer would have preferred being disconnected to having to pay for the traffic, and the ISP could certainly have disconnected him, the question becomes, why didn't they? Especially since they knew the attack traffic was creating other innocent victims. My guess is that they *were* filtering it (probably by port) and never delivered the attack traffic to its destination anyway. They probably still billed the customer because they bill for traffic over the customer's line, regardless of whether it hits their emergency or bogon filters. And, again, almost every contract has some insurance elements to it. There will be unusual cases where it's actually possible for the utility to lose money if something unusual happens. My main point is that the understanding that seems so obviously right to you may not seem so obviously right to your customers. No sane ISP will insure a usage-based customer against traffic sent by that customer's infected machines AFTER he has informed the customer of the problem. No sane ISP will allow attack traffic to continue to hit the Internet after they know it's coming from one of their customers regardless of what the customer does or does not do. So why should the customer pay for Internet traffic that their ISP likely did not (and certainly should not have) actually sent or delivered? As for all the people who talk about turning off their DSL access when they're away from home, they're missing the point. Obviously a person could do that. We could shut off our electricity when we leave home. We could have our telephone service temporarily disabled when we go on vacation too. A person could do all of these things. My point is that it's also perfectly reasonable for a person not to do these things. Because in general an ISP has more ability to control these things and it makes very little sense for a home user to insure an ISP, it makes more sense for the ISP to insure the user. I still don't understand why you insist that my ISP has (or should have) more control over what traffic my systems deliver to my internet connection than I do. This simply isn't the case, and I would be very unhappy if it were to become the case. For the classes of service I'm talking about, like home DSL, they do. They choose which ports to block and they have a responsibility to monitor their customers for machines that are causing problems for others. In this case, they actually did that and detected the problem -- good for them. But they then decided that instead of remedying the problem, they'd bill their customer for it. Maybe they blocked the attack traffic, maybe not. If so, why charge for traffic you won't deliver? If not, then that's serious negligence, no? In any unfortunate situation, you can find a hundred things that anyone could have done differently that would have avoided the situation. But that is not how you establish responsibility, financial or moral. You look at people who failed to use reasonable prudence. And you don't think that a person who is informed that their system is infected and chooses not to fix it has failed the reasonable prudence test? You think an ISP that knows that their customer is sending attack traffic but neither blocks the traffic nor shuts off the customer has failed the reasonable prudence test? And who should be more subject to a reasonable prudence test for Internet practices, a home DSL customer who may not know very much about computers, or an ISP that specializes in Internet access that has monitoring equipment a trained staff 24/7? Your customers expect you to deal with this stuff. You may or may not find their expectations reasonable, but dammit, you had better know what they are! And, of course, the ISP always
RE: Even you can be hacked
This thread is quite amusing and interesting at the same time. If I read the original post right, Mr. Mike Bierstock was informed that he was generating an unusual amount of traffic, traffic he would have to pay for. He got the bill and had to deal with the consequences. What is wrong with that? Does it matter how this traffic was generated? Well, it depends upon the contract between the customer and the ISP. It matters if the traffic was actually delivered. For example, if the traffic was attack traffic that hit the ISP's filter, is it fair to charge the customer for the traffic because it came over their line? If the ISP had an obligation to stop attack traffic from their customers from getting onto the Internet, yes, it matters if the costs are due to the ISP failing in that obligation. As I understood this example, this was traffic that the ISP knew was generated by a worm. The ISP had an obligation to stop this traffic with filters or customer disconnection. They may or may not have complied with their obligation. Either way, it's hard to see why the customer should pay for traffic the ISP did not or should not have delivered. The customer could justifiably be billed for the extra costs he imposed upon his ISP in dealing with his attack traffic, but not for the traffic itself once it was identified. As I said, at the point the ISP should not have delivered it. Doing so creates more victims, and the ISP has a greated responsibility than the customer because they have greater knowledge and control. It doesn't matter much what the contract says if the ISP wrote it and the customer didn't understand it. Ask yourself a single yes or no question -- does an ISP have a responsibility to stop worm traffic generated by their customers from getting onto the Internet once they have identified it? And is so, does it matter whether or not the customer cooperates? DS
Re: Even you can be hacked
Henry, from the email address I'm assuming youre not trolling and are therefore missing a few facts, IP!=IPX, that is.. ports arent in the routing table It is not the ports below that cause the security issues, it is the applications which are using them, you need to either fix the apps or take the apps off the Internet Nobody owns ports, they are arbitrary, some may get given a special purpose by the IANA but theres nothing to say they -have- to use those numbers.. therefore you cannot get a list of them.. and if they're dynamic or private (if I understand what you mean) then by defintion they arent static and cant be documented? Steve On Fri, 11 Jun 2004, Henry Linneweh wrote: Here are a list of very active ports that attempt to hack into peoples systesm from various parts of the world China in particular. I think unassigned ports should be dropped from routing tables unless they are registered with the host and or providers as to their legitimate use smpnameres 901/tcp SMPNAMERES smpnameres 901/udp SMPNAMERES blackjack 1025/tcpnetwork blackjack blackjack 1025/udp network blackjack cap1026/tcp Calender Access Protocol cap1026/udp Calender Access Protocol exosee 1027/tcp ExoSee exosee 1027/udp ExoSee # 1124-1154 Unassigned ssslic-mgr 1203/tcpLicense Validation ssslic-mgr 1203/udp License Validation ms-sql-s 1433/tcp Microsoft-SQL-Server ms-sql-s 1433/udp Microsoft-SQL-Server ms-sql-m 1434/tcp Microsoft-SQL-Monitor ms-sql-m 1434/udp Microsoft-SQL-Monitor # 6851-6887 Unassigned monkeycom 9898/tcp MonkeyCom monkeycom 9898/udp MonkeyCom And I need a list that shows who or what owns Dynamic and/or Private Ports -Henry --- Laurence F. Sheldon, Jr. [EMAIL PROTECTED] wrote: Andy Dills wrote: On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. wrote: Jeff Shultz wrote: But ultimately, _you_ are responsible for your own systems. Even if the water company is sending me 85% TriChlorEthane? Right. Got it. The victim is always responsible. There you have it folks. Change the word victim to negligent party and you're correct. Ignoring all of the analogies and metaphors, the bottom line is that ISPs are _not responsible_ for the negligence of their customers, and that ISPs are _not responsible_ for the _content_ of the packets we deliver. In fact, blocking the packets based on content would run counter to our sole responsibility: delivering the well-formed packets (ip verify unicast reverse-path) where they belong. Remember, we're service providers, not content providers. Unless your AUP or customer contract spells out security services provided (most actually go the other way and limit the liability of the service provider specifically in this event), then your customers have to pay you to secure their network (unless you feel like doing it for free), or they are responsible, period. As far as I'm concerned, that guy would have a better shot at suing Microsoft then challenging his bandwidth bill. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- How many more of these do I need, do you think? -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: Even you can be hacked
On Fri, 11 Jun 2004 17:51:00 -0400 (EDT) Scott McGrath [EMAIL PROTECTED] wrote: But wouldn't an interocitor with electron sorter option give you much more reliable packet delivery... that works fine until someone reverse the polarity of the neutron flow. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Even you can be hacked
** Reply to message from Richard Welty [EMAIL PROTECTED] on Fri, 11 Jun 2004 18:33:00 -0400 (EDT) On Fri, 11 Jun 2004 17:51:00 -0400 (EDT) Scott McGrath [EMAIL PROTECTED] wrote: But wouldn't an interocitor with electron sorter option give you much more reliable packet delivery... that works fine until someone reverse the polarity of the neutron flow. And I thought this thread had a whiff of unreality when Randy announced that the internet would follow Henry's wishes, and Laurence thanked him for it -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Even you can be hacked
In message [EMAIL PROTECTED], Randy Bush writes: the bottom line o if you want the internet to continue to innovate, then the end-to-end model is critical. What Randy said. (And all the rest of the post that I deleted to save a bit of bandwidth.) --Steve Bellovin, http://www.research.att.com/~smb
Re: Even you can be hacked
Richard Welty wrote: On Fri, 11 Jun 2004 17:51:00 -0400 (EDT) Scott McGrath [EMAIL PROTECTED] wrote: But wouldn't an interocitor with electron sorter option give you much more reliable packet delivery... that works fine until someone reverse the polarity of the neutron flow. And for heaven's sake, don't cross the streams! (It must be Friday.) -- Crist J. Clark [EMAIL PROTECTED] Globalstar Communications(408) 933-4387
RE: Even you can be hacked
--On 11 June 2004 14:18 -0700 Randy Bush [EMAIL PROTECTED] wrote: the bottom line o if you want the internet to continue to innovate, then the end-to-end model is critical. it means that it If there is a lesson here, seems to me it's that those innovative protocols should be designed such that it is relatively easy to prevent or at least discourage bad traffic. Because that's in the long run easier (read cheaper for those of you of a free market bent) than educating users in an ever changing environment. It would be a bit rich to criticize SMTP (for instance) as misdesigned for not bearing this in mind given the difficulty of anticipating its success at the time, but there is a lesson here for other protocols. I can think of one rather obvious one which would seem to allow delivery of junk in many similar ways to SMTP; hadn't thought of this before but we should be learning from our mistakes^Wprevious valuable experience. Alex
RE: Even you can be hacked
I can agree with that and Randy pointed out when these idea's were created and writen, security was not part of the overall plan because there were trusted parties on either end of the spectrum. I think that my intent was noble and I am glad I started a controversy, because this is an issue that needs to be addressed as we move forward with internet development and secure application development. Working for a telecomm/datacomm company gives me some insight into the problem, I am looking into it deeper from a hardware perspective, of designing a solution that goes on a board among other system's issues... Yeah I brainstorm too, and also being an end user client I think about the end result of no solution and people overwhelemed with issues that lead to no solution to people so overwhelmed they think legislating law can fix broken code. It does help when the architects give me insight to the issue and how immense it is and what to look at when I am determining the end result of any of my efforts. -henry --- Alex Bligh [EMAIL PROTECTED] wrote: --On 11 June 2004 14:18 -0700 Randy Bush [EMAIL PROTECTED] wrote: the bottom line o if you want the internet to continue to innovate, then the end-to-end model is critical. it means that it If there is a lesson here, seems to me it's that those innovative protocols should be designed such that it is relatively easy to prevent or at least discourage bad traffic. Because that's in the long run easier (read cheaper for those of you of a free market bent) than educating users in an ever changing environment. It would be a bit rich to criticize SMTP (for instance) as misdesigned for not bearing this in mind given the difficulty of anticipating its success at the time, but there is a lesson here for other protocols. I can think of one rather obvious one which would seem to allow delivery of junk in many similar ways to SMTP; hadn't thought of this before but we should be learning from our mistakes^Wprevious valuable experience. Alex
RE: Even you can be hacked
yes, we're gonna hack desperately for a decade to make up for asecure (innocent of, as contrasted with devoid of, security) application protocols and implementations. it'll take half that time for the ivtf and the vendors to realize how deeply complexity is our enemy. and until then we'll hack everywhere in our desperation. but in the long run, i don't think we can win with an active middle. the problem is that the the difference betwen good traffic and bad traffic is intent. did the sender intend to send / reveal those data? did the recipient wish to receive them? and, i don't think we can stand in the middle and judge. and there's the rub. the cute example is, as i said to you privately, that i have customers who wish to receive what is sent by what i think of as malicious folk. the recipients are security folk and net-sociometricians. so who am i to judge? some people even eat at macdonalds. randy, who enjoyed his lunch of seared ahi and asparagus
New IANA IPv6 Allocations
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 This is to inform you that the IANA has allocated the following three (3) IPv6 /23 blocks to RIPE NCC, ARIN, and APNIC respectively: 2001:4000::/23RIPE NCC Jun 04 2001:4200::/23ARIN Jun 04 2001:4400::/23APNIC Jun 04 In addition to the above allocations, it should be noted that ARIN has returned their most recently allocated IPv6 block, 2001:3C00::/23 to the IANA, which has marked that block and the one immediately following it reserved in anticipation of a possible future allocation to the RIPE NCC. IANA would like to formally thank ARIN for their willingness to operate in the best interests of the Internet community. For a full list of IANA IPv6 allocations please see: http://www.iana.org/assignments/ipv6-tla-assignments At their request, this message is being sent to the following communities: [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED] Regards, Doug - -- Doug Barton General Manager, The Internet Assigned Numbers Authority -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (FreeBSD) iD8DBQFAykOQwtDPyTesBYwRAmPrAJ9yz+QyWv8FvE9bA79N9O8H8MFb0ACeKlTE hrFfWUtIQLL4VixUtQ9psM0= =E2aq -END PGP SIGNATURE-
Points on your Internet driver's license (was RE: Even you can be hacked)
On Fri, 11 Jun 2004, David Schwartz wrote: generated by a worm. The ISP had an obligation to stop this traffic with filters or customer disconnection. They may or may not have complied with their obligation. Either way, it's hard to see why the customer should pay for traffic the ISP did not or should not have delivered. ISP's deliver properly addressed packets to their destination (the return address sometimes isn't checked). Do ISP's have obligation to stop certain packets, based on what? What does your contract say? Did you pay the ISP to provide filters? Did you include a phrase that said the ISP had to give you 30 days notice and reasonable time to cure the breach before the ISP could terminate your service? Did the contract say the ISP would block traffic generated by worms? As people regularly point out, the Internet is a dangerous place. Is it as dangerous as going to a baseball game? BOSTON, Massachusetts (AP) -- A woman who was seriously injured by a foul ball at Fenway Park has no grounds to sue because she assumed a risk by attending the baseball game, a state appeals court ruled. The Red Sox had no duty to warn the plaintiff of the obvious danger of a foul ball being hit into the stands, the court said Wednesday in blocking Jane Costa's personal injury lawsuit from going to trial. It would be much easier if evil doers followed RFC3514. Determining intent from the bits is difficult. If you call a customer up and ask Did you know your computer is generating a lot of network traffic and your bill will be very large; the customer says Ok. What should you do? Assume the customer is an idiot, and even though they said Ok, you should cut off their Internet connection anyway. If your child borrows your credit card, and makes lots of unathorized charges, you may not have to pay more than $50; but the bank can go after your son or daughter for the money. Most parents end up paying, even if they didn't authorize their children to use the credit card. If the bank sends you an ATM or debit card statement, and you fail to report unauthorized transfers on the statement after 60 days you may be responsible for unlimited loss. You can lose a lot of money if you think its other people's responsibility to protect you. You are responsible for reviewing the statement and informing the bank of unauthorized activity; not the bank. Why do so many people ignore their ISP when told about problems with their computer? My computer can't be infected, I have a firewall. Paul Vixie proposed that people should be required to use personal Co-Lo so the co-lo provider has collateral to seize when the customer fails to keep the computer secure. Would customers complain if ISPs started seizing their computers instead of sending them large bills? Should ISP's charge customers cleanup fees to encourage them to keep their computers secure? $10 or $100 or $1,000 per incident? Should it be like points on your Internet driver's license? For the first incident you have to attend 8-hour traffic school, for the second incident in 12 months you have points put on your record and your insurance rates go up. Too many points, and your Internet privileges are revoked.
Re: Points on your Internet driver's license (was RE: Even you can be hacked)
we americans do not readily accept responsibility for our [in]actions. we sue for being hit by a baseball while attending a game. we sue for spilling hot coffee on ourselves. we sue when we walki into open trenches and manholes. and we self-righteously torture, commit war crimes, and murder, at a digital distance, and expect immunity in the world opinion and courts. it's a small planet, but our culture still has the vision of the infinite resources of the frontier. so, if i can't get what i want, or if i get what i don't want, surely someone else is at fault. randy, who clearly has pontificated enough for the day
Re: Points on your Internet driver's license (was RE: Even you can be hacked)
If your child borrows your credit card, and makes lots of unathorized charges, you may not have to pay more than $50; but the bank can go after your son or daughter for the money. Most parents end up paying, even if they didn't authorize their children to use the credit card. So the credit card company calls you and asks about a bunch of suspicious charges being placed on you card. Ok, just keep on charging. Now who's to blame for these charges by your sons and daughters and the russian mafia? I sell a client a metered product (gas, water, electricity, telephone, internet data, etc). I notice unusually high consumption. I inform the client that the bill is accumulating rather quick and I suspect a problem. I have done my job. The client either tells me to stop delivery until the problem is diagnosed and resolved or tells me to continue service. Either way, the ball in in the clients court. If the client chooses continuation of service despite high consumption and subsequent huge bill he has an obligation to pay, no matter WHY the usage was to high. Our society has a screwed up sense of responsibility. Everyone else is supposed to look out for me and take care of me. If something happens to me because I do something stupid or foolish someone failed to warn me, didn't make the sign big enough, didn't sound the horn loud enough, didn't lock me up so I couldn't hurt myself. This isn't true for everybody but way too many Adi
Re: Points on your Internet driver's license (was RE: Even you can be hacked)
Scalable bandwidth is not new and is charged for, what is the issue about that? If the network is compromised and it is on the client end, that is what business insurance is for, so that everyone gets their's (payments, otherwise other types of arrangements need to be made, according to the doctrine of reasonable man -henry R Linneweh --- Adi Linden [EMAIL PROTECTED] wrote: If your child borrows your credit card, and makes lots of unathorized charges, you may not have to pay more than $50; but the bank can go after your son or daughter for the money. Most parents end up paying, even if they didn't authorize their children to use the credit card. So the credit card company calls you and asks about a bunch of suspicious charges being placed on you card. Ok, just keep on charging. Now who's to blame for these charges by your sons and daughters and the russian mafia? I sell a client a metered product (gas, water, electricity, telephone, internet data, etc). I notice unusually high consumption. I inform the client that the bill is accumulating rather quick and I suspect a problem. I have done my job. The client either tells me to stop delivery until the problem is diagnosed and resolved or tells me to continue service. Either way, the ball in in the clients court. If the client chooses continuation of service despite high consumption and subsequent huge bill he has an obligation to pay, no matter WHY the usage was to high. Our society has a screwed up sense of responsibility. Everyone else is supposed to look out for me and take care of me. If something happens to me because I do something stupid or foolish someone failed to warn me, didn't make the sign big enough, didn't sound the horn loud enough, didn't lock me up so I couldn't hurt myself. This isn't true for everybody but way too many Adi
Re: Points on your Internet driver's license (was RE: Even you can be hacked)
attending a game. we sue for spilling hot coffee on ourselves. http://lawandhelp.com/q298-2.htm Interesting reading on that whole woman sues for spilling hot coffee on herself story. Sometimes there's a LOT more to the tale. :)
RE: Even you can be hacked
This will be my last post on this issue. In this case: 1) Almost certainly the traffic was due to a worm. 2) Almost certainly the ISP knew (or strongly suspected) the traffic was due to a worm. 3) Quite likely, the ISP never carried most of the traffic to its destination. Once they knew it was worm traffic, they were probably filtering by port. 4) The ISP should not have carried the attack traffic, if they actually did. Doing so is negligent and creates additional innocent victims. Maybe they would give their customer a short time to straighten things out, but that's it. 5) An ISP should not be paid for traffic they only carried out of their own negligence. This doesn't negate the customer's responsibility to anyone but the ISP and only if the ISP is actually negligent, not just the customer. Yes, given the facts we know, it's possible that the ISP really does deserve to be paid, this traffic wasn't due to a worm, or there was no way the ISP could be sure. However, far more likely, the facts are as I state them above. So why does everyone think the ISP is almost certainly entitled to be paid? Is it because they're ISPs? Is it because it's easy to blame someone else? DS
Re: Points on your Internet driver's license (was RE: Even you can be hacked)
http://lawandhelp.com/q298-2.htm while i am no fan of macdonalds, and a good case is made for their negligence, perhaps you should follow the advice at the bottom of that web page The most important message this case has for you, the consumer, is to be aware of the potential danger posed by your early morning pick-me-up. randy
Re: Points on your Internet driver's license (was RE: Even you can be hacked)
Randy Bush wrote: http://lawandhelp.com/q298-2.htm while i am no fan of macdonalds, and a good case is made for their negligence, perhaps you should follow the advice at the bottom of that web page The most important message this case has for you, the consumer, is to be aware of the potential danger posed by your early morning pick-me-up. randy Or, go see the movie Super Size Me - you might just give up McDonald's entirely, reducing your risk of burns from their overheated coffee. :)
RE: Even you can be hacked
On Fri, 11 Jun 2004, David Schwartz wrote: So why does everyone think the ISP is almost certainly entitled to be paid? Is it because they're ISPs? Is it because it's easy to blame someone else? I notice that Webmaster's license agreement includes this clause: DISCLAIMER OF WARRANTY. The Software is provided on an AS IS basis, without warranty of any kind, including without limitation the warranties of merchantability, fitness for a particular purpose and non-infringement. The entire risk as to the quality and performance of the Software is borne by you. Should the Software prove defective, you and not WebMaster assume the entire cost of any service and repair. In addition, the security mechanism implemented by the Software has inherent limitations, and you must determine that the Software sufficiently meets your requirements. This disclaimer of warranty constitutes an essential part of the agreement. Why does Webmaster put the entire risk on the customer, including warning that the security mechanism has inherent limitations? Shouldn't Webmaster be responsible if their customer suffer a loss whatsover the cause, even if it wasn't due to any negligence on the part of Webmaster? It is the customer's responsibility to ask any specific questions about implementation or scalability or arrange for a more extensive trial prior to requesting that a permanent key be issued. Once a permanent key has been issued there are no refunds and all sales are final. Seems like Webmaster is requiring customers to be experts in Webmaster's products. Shouldn't it be Webmaster's responsibility to analyze and warn customers about every possible problem they could ever experience, secure the customer against all possible harm, and compenstate the customer for all losses?
RE: Even you can be hacked
On Fri, 11 Jun 2004, David Schwartz wrote: This will be my last post on this issue. In this case: 1) Almost certainly the traffic was due to a worm. 2) Almost certainly the ISP knew (or strongly suspected) the traffic was due to a worm. 3) Quite likely, the ISP never carried most of the traffic to its destination. Once they knew it was worm traffic, they were probably filtering by port. 4) The ISP should not have carried the attack traffic, if they actually did. Doing so is negligent and creates additional innocent victims. Maybe they would give their customer a short time to straighten things out, but that's it. Erm.. Forgive me if this is a repeat posting but from what i've seen of this thread it needs to be stated. - My ISP Provide me with Internet Services. - I get Authentication, an IP, DNS. - I get a pipe to the world. - I pay for my own bandwidth based on the plan the ISP provides me . If I have a usage limit, and I exceed it due to a worm infection, its MY problem. Noone elses. I'm responsible for the security aspect of my own personal computers. Note the list of things above. I havnt paid for a managed circuit, with warnings after unusual activity, I havnt paid for a filtering service to filter by port for traffic that might be suspicious... so how is this not cut-and-dried? The ISP provides me with service, and puts a meter on it, and they bill me by the byte, or whatever- Thats the service they're providing, im not expecting to be billed for 'certain types of traffic' - I have a pipe, i'm using that pipe, and I pay for what travels down it. Any 'overusage' or unusual spikes in bandwidth usage are mine to handle - thats part of the risk of purchasing this service. If you want the provider to give you a solution which includes circuit monitoring, content filtering and other such things - then by all means make sure thats specified in the terms of service before you sign the dotted line. This all seems so simple to me - I simply don't understand how I can blame my ISP when my Windows machine gets a trojan on it and starts spitting out emails - whether 0 day or otherwise, its my problem, because *I* decided to take the (calculated) risk of putting that box online. (in whatever state - current, or not, firewalled or not, etc..). You can mitigate that risk through various factors - firewalls, Antivirus, WindowsUpdate, Alternative OSs... these all modify or change the risks involved but my ISP hasn't been involved in the calculation of this risk - so how can they be involved in accepting the responsibility for that risk?!? Mark. (Apparently I share a name with someone else on NANOG. So i'm not him... and hes not me :))
Re: Even you can be hacked
Disclaimer: I am not a lawyer; consult yours before relying on advice from any layperson, including me. Thus spake Owen DeLong [EMAIL PROTECTED] Should the ISP have shut the customer off? Probably. I certainly would have. Are there ISPs that don't? You bet... Some because they are afraid to. Have ISPs been sued for turning off abusive or abusing customers? You bet. You can be sued for doing anything or nothing (or both). The real question is whether the plaintiff has any chance of winning, or even of getting past a pre-trial motion to dismiss. Presumably every ISP has some sort of AUP that allows the ISP to, at its discretion, shut off a customer based on suspicion of abuse. Hopefully by now they've all been updated to include in the definition of abuse a failure of the customer to secure their system(s). Even if not, I can't see a customer winning a case against an ISP who cuts them off for being infected with a worm (the activity of which would fall under abuse). Is it prudent for an ISP to turn someone off? Depends on how you evaluate the risks involved. Either decision you make carries some risk. Opening your doors for business invites all sorts of risks, including being sued for totally ridiculous and frivolous reasons. Acting as allowed under your contract with a customer does not substantially increase those risks. Fear of exercising your contractual rights means you don't have much faith in your contracts or representation. S Stephen Sprunk Those people who think they know everything CCIE #3723 are a great annoyance to those of us who do. K5SSS --Isaac Asimov
RE: Even you can be hacked
Why does Webmaster put the entire risk on the customer, including warning that the security mechanism has inherent limitations? Shouldn't Webmaster be responsible if their customer suffer a loss whatsover the cause, even if it wasn't due to any negligence on the part of Webmaster? I never argued that the ISP should be responsible for losses that weren't created by their own negligence. Seems like Webmaster is requiring customers to be experts in Webmaster's products. Shouldn't it be Webmaster's responsibility to analyze and warn customers about every possible problem they could ever experience, secure the customer against all possible harm, and compenstate the customer for all losses? I never said an ISP should compensate a customer. How about sticking to the arguments I actually *used* rather than straw men? I'm talking about a case where the provider had continuing control over the use of the item involved. I'm talking about a case where the provider knew or should have known that there was abuse that was injuring third parties. I'm talking about a case where the provider is billing the customer for the specific act of harming the third parties. When you sell software, you have no idea what someone is going to use it for. You have no ability to continue to control the product over time. You have no way to know how the customer is actually using the product. You have no ability to shut off their usage at any particular time. You have no way to know or suspect that their usage is harming third parties. Again, every analogy fails. You have to look at this particular case and the particular facts. DS
Re: Points on your Internet driver's license (was RE: Even you can be
[EMAIL PROTECTED] (Sean Donelan) writes: ... Why do so many people ignore their ISP when told about problems with their computer? My computer can't be infected, I have a firewall. in any other industry, you (the isp) would do a simple risk analysis and start treating the cause rather than the symptom. for example you might offer inbound filtering, cleanup tools and services, and you would put their computer in cyberjail when it was known to be infected, and you would certainly not offer your services without a clear idea of how to reach the customer and assist them in getting out of cyberjail -- even if it meant rolling a technician. but then you'd have to charge for all that. and in the isp business, you'd have competitors who wouldn't offer it and wouldn't charge for it, and you'd lose business or maybe even go out of business. with the unhappy result being that you just let it happen, which is bad for your customers, and bad for the rest of us on the internet, but not nearly as bad for you (the isp). for you (the isp), every possible cure is worse than the disease. but you don't seem to mind that the rest of us, and your customers, catch various diseases, as long as *you're* ok. feh. Paul Vixie proposed that people should be required to use personal Co-Lo ^^(1) so the co-lo provider has collateral to seize when the customer fails to ^^^(2) keep the computer secure. well, no. i (1) said that people who had personal co-lo boxes in better internet neighborhoods and who could just use their cable or dsl line for web browsing and for access to their personal co-lo box would have less of their e-mail rejected at the far end. and as for (2), i think that anyone who co-lo's a personal box is likely to first learn how to pay enough attention to it that it will not become a malagency for third parties, and that a co-lo operator who only had such customers would be able to charge enough to pay for some monitoring and cleanup and so on; the possibility of seizure is more for the case of deliberate abuse (like ddos'ing an irc server, or sending spam, or hosting spamvertized www) than third party abuse. see http://www.vix.com/personalcolo/ for more information about all that. and note that i'm broadening it to include smtp-auth/webdav/ftp providers who want to serve basically the same market but without dedicated iron. so if you offer that and havn't told me, then please tell me now. Would customers complain if ISPs started seizing their computers instead of sending them large bills? that's so unsequitur that i don't even know how to read it let alone answer. Should ISP's charge customers cleanup fees to encourage them to keep their computers secure? yes. $10 or $100 or $1,000 per incident? no. there should be a forfeitable deposit, plus an per-incident fee which is mostly to pay for the cost of monitoring and the cost of auditing the host to ensure that it complies with the isp's security policy before it can be reattached. the deposit can be refunded after N years of incident-free behaviour, and should be doubled after each verified incident. Should it be like points on your Internet driver's license? For the first incident you have to attend 8-hour traffic school, for the second incident in 12 months you have points put on your record and your insurance rates go up. Too many points, and your Internet privileges are revoked. alas. on the internet, nobody knows you're a dog. -- Paul Vixie
Re: Points on your Internet driver's license (was RE: Even you can be
alas. on the internet, nobody knows you're a dog. http://www.nettime.org/Lists-Archives/nettime-l-0405/msg00057.html
