Re: speaking of lynn...
On Sat, 13 Aug 2005 06:08:22 +0200, Gadi Evron said: > Cisco's lawyers are sending out cease-and-desist notices to Web sites ... > I guess that answers the question of the lgality of the matter? All it answers is the question "Do Cisco's lawyers think they can get away with it?" The question of its legality won't be resolved till some judge issues a ruling on the question that withstands appeals.. pgpJcsd1dTfVK.pgp Description: PGP signature
Re: botnet reporting by AS - what about you?
I can understand that -- right on. :-) One must understand that this whole thing is a moving target, and perhaps the reporting features are just now maturing (now Gadi, don't make a liar out of me). Insofar as as detection methodologies, I'll have to defer to Gadi to elaboarate (illustrate?) them for a wide audience. Cheers! - ferg p.s. For what it's worth, I got a bit bloody last month neutralizing a pertty large Pertibot infection in a client network -- it was, at that point, new and undetectable by most AV vendor ID mechanisms. Like I said, moving target, etc. "Hannigan, Martin" <[EMAIL PROTECTED]> wrote: I was on it and unsubscribed. They wouldn't disclose the collection or validation process at that time. This made it useless for the most part as its hard to act on someones word without some idea of how they are getting their data and avoiding collateral damage. I'm not saying there aren't valid zombies on it, but my criteria for a list that identifies rogues includes trust. I have lists I felt were more trustworthy than DA. Things may have changed. Martin -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: botnet reporting by AS - what about you?
On Sat, 13 Aug 2005, Hannigan, Martin wrote: > > I was on it and unsubscribed. They wouldn't disclose the collection or > validation process at that time. This made it useless for the most part > as its hard to act on someones word without some idea of how they are > getting their data and avoiding collateral damage. > this was part of my point ;( It's hard to call up a customer and say: "someone told me that you were bad, could you stop please?" normally they hangup after saying something uncooth and about 'you are crazy'... :( I may be crazy, but most of the abuse folks aren't. there has to be complete info in the complaint: 1) logs 2) timestamps 3) timezones they should be in some structured (see inch-wg/rid for some almost-standards-based examples) text-based format that is easily parsable by machines.
Re: botnet reporting by AS - what about you?
Title: Re: botnet reporting by AS - what about you? I was on it and unsubscribed. They wouldn't disclose the collection or validation process at that time. This made it useless for the most part as its hard to act on someones word without some idea of how they are getting their data and avoiding collateral damage. I'm not saying there aren't valid zombies on it, but my criteria for a list that identifies rogues includes trust. I have lists I felt were more trustworthy than DA. Things may have changed. Martin -Original Message- From: Christopher L. Morrow [mailto:[EMAIL PROTECTED]] Sent: Fri Aug 12 23:56:53 2005 To: Fergie (Paul Ferguson) Cc: nanog@merit.edu Subject: Re: botnet reporting by AS - what about you? On Sat, 13 Aug 2005, Fergie (Paul Ferguson) wrote: > Chris, > > I can assure you that the Drone Army project is not run that > way, and is quite useful, effective, etc. > > The folks behind the DA Project are certainly professionals... > ...and the infromation is quite useable, parse-able, and genuine. cool, among the 800k+ complaints we see a month (yes, 800k) there are quite a few completely useless ones :( Anything sent in as a complaint has to have complete and useful information, else it's hard/impossible to action properly. It'd help if the format it was sent in was also machine parseable :) With 800k+ complaints/month I'm not sure people want to spend time figuring each one out, a script/machine should be doing as much as possible. > > - ferg > > -- "Christopher L. Morrow" <[EMAIL PROTECTED]> wrote: > > perhaps we could back up and ask: > > 1) why are you not using the arin/ripe/apnic/japnic/krnic/lacnic poc's for > these asn's? certainly some are not up to date, but there are a large > number that are... > 2) what is this for again? > 3) are you planning on sending something to these poc's? > 4) what are you planning on sending to them? > 5) how often should they expect to see something, and from 'whom'? > 6) looked at the INCH working group in IETF, thought about using some of > these evolving standards for your alerts/messags/missives? > 7) please don't send in bmp files of traceroutes (make the info you send > in complete and usable... 'I saw a bot on ip 12' is not useable, as an > fyi) > > -Chris > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > [EMAIL PROTECTED] or [EMAIL PROTECTED] > ferg's tech blog: http://fergdawg.blogspot.com/ >
Re: botnet reporting by AS - what about you?
Good suggestions for Gadi. ,-) - ferg -- "Christopher L. Morrow" <[EMAIL PROTECTED]> wrote: cool, among the 800k+ complaints we see a month (yes, 800k) there are quite a few completely useless ones :( Anything sent in as a complaint has to have complete and useful information, else it's hard/impossible to action properly. It'd help if the format it was sent in was also machine parseable :) With 800k+ complaints/month I'm not sure people want to spend time figuring each one out, a script/machine should be doing as much as possible. -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: botnet reporting by AS - what about you?
On Sat, 13 Aug 2005, Fergie (Paul Ferguson) wrote: > Chris, > > I can assure you that the Drone Army project is not run that > way, and is quite useful, effective, etc. > > The folks behind the DA Project are certainly professionals... > ...and the infromation is quite useable, parse-able, and genuine. cool, among the 800k+ complaints we see a month (yes, 800k) there are quite a few completely useless ones :( Anything sent in as a complaint has to have complete and useful information, else it's hard/impossible to action properly. It'd help if the format it was sent in was also machine parseable :) With 800k+ complaints/month I'm not sure people want to spend time figuring each one out, a script/machine should be doing as much as possible. > > - ferg > > -- "Christopher L. Morrow" <[EMAIL PROTECTED]> wrote: > > perhaps we could back up and ask: > > 1) why are you not using the arin/ripe/apnic/japnic/krnic/lacnic poc's for > these asn's? certainly some are not up to date, but there are a large > number that are... > 2) what is this for again? > 3) are you planning on sending something to these poc's? > 4) what are you planning on sending to them? > 5) how often should they expect to see something, and from 'whom'? > 6) looked at the INCH working group in IETF, thought about using some of > these evolving standards for your alerts/messags/missives? > 7) please don't send in bmp files of traceroutes (make the info you send > in complete and usable... 'I saw a bot on ip 12' is not useable, as an > fyi) > > -Chris > > -- > "Fergie", a.k.a. Paul Ferguson > Engineering Architecture for the Internet > [EMAIL PROTECTED] or [EMAIL PROTECTED] > ferg's tech blog: http://fergdawg.blogspot.com/ >
Re: botnet reporting by AS - what about you?
Chris, I can assure you that the Drone Army project is not run that way, and is quite useful, effective, etc. The folks behind the DA Project are certainly professionals... ...and the infromation is quite useable, parse-able, and genuine. - ferg -- "Christopher L. Morrow" <[EMAIL PROTECTED]> wrote: perhaps we could back up and ask: 1) why are you not using the arin/ripe/apnic/japnic/krnic/lacnic poc's for these asn's? certainly some are not up to date, but there are a large number that are... 2) what is this for again? 3) are you planning on sending something to these poc's? 4) what are you planning on sending to them? 5) how often should they expect to see something, and from 'whom'? 6) looked at the INCH working group in IETF, thought about using some of these evolving standards for your alerts/messags/missives? 7) please don't send in bmp files of traceroutes (make the info you send in complete and usable... 'I saw a bot on ip 12' is not useable, as an fyi) -Chris -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: botnet reporting by AS - what about you?
On Fri, 12 Aug 2005, Hannigan, Martin wrote: > > Translation: > > This isn't a contact list for hundreds of asn's. perhaps we could back up and ask: 1) why are you not using the arin/ripe/apnic/japnic/krnic/lacnic poc's for these asn's? certainly some are not up to date, but there are a large number that are... 2) what is this for again? 3) are you planning on sending something to these poc's? 4) what are you planning on sending to them? 5) how often should they expect to see something, and from 'whom'? 6) looked at the INCH working group in IETF, thought about using some of these evolving standards for your alerts/messags/missives? 7) please don't send in bmp files of traceroutes (make the info you send in complete and usable... 'I saw a bot on ip 12' is not useable, as an fyi) -Chris > > > > -Original Message- > From: Gadi Evron [mailto:[EMAIL PROTECTED] > Sent: Fri Aug 12 22:43:47 2005 > To: Richard A Steenbergen > Cc: nanog list > Subject: Re: botnet reporting by AS - what about you? > > > What happened to replies off-list? Anyway, good point about actual > ASN's, so here goes. > > > Do you mean to tell me you can't find contact info for ANY of those ISPs > > on your own (like those ALTERNET guys, they're hard to track down)? Are > > you trying to start a service for notifing ISPs when they have drones > > behind them or something? Surely you don't expect to obtain a > > comprehensive list by posting a list of AS names and half chopped off > > descriptions to NANOG, without even including the AS numbers? > > We have contacts and listing, but we are trying to re-build, update and > cover everything. > > New list with AS numbers below, as requested. > > If your AS is not listed and you are interested, drop me a note. > > > I'd personally love more reporting services that will actually disclose > > information to the ISPs who can actually take action to help straighten > > out their customers. We have far too many people who sit around wringing > > their hands about how horrible the botnets are, but who won't tell anyone > > who can do anything about it out of a paranoid sense of "security". I'm > > not sure this is the best way to go about that though. :) > > > > We are open for suggestions and this is not the *only* course of action > we take. > :) > > Thanks, > > Gadi. > > 17 PURDUE - Purdue University > 25 UCB - University of California > 27 UMDNET - University of Marylan > 81 CONCERT - MCNC Center of Commu > 137 ASGARR GARR Italian academic a > 174 COGENT Cogent/PSI > 209 ASN-QWEST - Qwest > 210 WEST-NET-WEST - Utah Education > 217 UMN-AGS-NET-AS - University of > 224 UNINETT UNINETT The Norwegian > 237 MERIT-AS-14 - Merit Network In > 239 UTORONTO-AS - University of To > 286 KPN KPN Internet Backbone AS > 376 RISQ-AS - Reseau Interordinate > 553 BELWUE Landeshochschulnetz Bad > 577 BACOM - Bell Advanced Communic > 680 DFN-IP service G-WiN > 701 ALTERNET-AS - UUNET Technologi > 702 AS702 MCI EMEA - Commercial IP > 721 DLA-ASNBLOCK-AS - DoD Network > 766 REDIRIS RedIRIS Autonomous Sys > 786 JANET The JANET IP Service > 790 EUNETFI EUnet Finland > 812 ROGERS-CABLE - Rogers Cable In > 813 UUNET-AS1 - UUNET Technologies > 852 ASN852 - Telus Advanced Commun > 1109University of Salzburg > 1113TUGNET Technische Universitaet > 1221ASN-TELSTRA Telstra Pty Ltd > 1239SPRINTLINK - Sprint > 1249FIVE-COLLEGES-AS - Five Colleg > 1267ASN-INFOSTRADA Infostrada S.p. > 1653SUNET SUNET Swedish University > 1659ERX-TANET-ASN1 Tiawan Academic > 1668AOL-ATDN - AOL Transit Data Ne > 1680NetVision Ltd. > 1767IHETSDATANET - Indiana Higher > 1781KAIST-DAEJEON-AS-KR Korea Adva > 1784GNAPS - Global NAPs Networks > 1785USLEC-ASN-1785 - USLEC Corp. > 1955HBONE-AS HUNGARNET > 2042ERX-JARING Malaysian institute > 2108CARNET-AS Croatian Academic an > 2116ASN-CATCHCOM Catch Communicati > 2119TELENOR-NEXTEL Telenor Interne > 2259FR-U-STRASBOURG FR > 2381WISCNET1-AS - University of Wi > 2501JPNIC-ASBLOCK-AP JPNIC > 2514JPNIC-ASBLOCK-AP JPNIC > 2527JPNIC-ASBLOCK-AP JPNIC > 2614ROEDUNET Romanian Education Ne > 2637GEORGIA-TECH - Georgia Institu > 2764AAPT AAPT Limited > 2828XO-AS15 - XO Communications > 2852CESNET2 Czech National Researc > 2856BT-UK-AS BTnet UK Regional net > 2907ERX-SINET-AS National Center f > 2914VERIO - Verio Inc. > 3064AFFINITY-FTL - Affinity Intern > 3112OARNET-AS-1 - OARnet > 3212TRIERA Triera Internet > 3215AS3215 France Telecom Transpac > 3240SEKTORNET Sektornet DK Minist > 3246TDCSONG TDC Song > 3248SIL-AT SILVER:SERVER GmbH > 3257TISCALI-BACKBONE Tiscali Intl > 3265XS4ALL-NL XS4ALL > 3269ASN-IBSNAZ TELECOM ITALIA > 3292TDC TDC Data Networks > 3301TELIANET-SWEDEN TeliaNet Swede > 3304SCA
speaking of lynn...
Cisco flaw presentation spreads across the Web FBI Investigation... New copies of Michael Lynn's presentation on the Cisco router operating system flaw are springing up faster than the lawyers can take them down Cisco's lawyers are sending out cease-and-desist notices to Web sites that have published a controversial presentation by ex-Internet Security Systems (ISS) employee Michael Lynn that exposes the potential dangers of a flaw in the network giant's router operating system.The presentation, which was due to be given by Lynn at the Defcon conference in Las Vegas last week, was cancelled after legal threats from Cisco and ISS. The parties resolved the matter on Thursday last week. -- I guess that answers the question of the lgality of the matter? Gadi.
Re: botnet reporting by AS - what about you?
Title: Re: botnet reporting by AS - what about you? Translation: This isn't a contact list for hundreds of asn's. -Original Message- From: Gadi Evron [mailto:[EMAIL PROTECTED]] Sent: Fri Aug 12 22:43:47 2005 To: Richard A Steenbergen Cc: nanog list Subject: Re: botnet reporting by AS - what about you? What happened to replies off-list? Anyway, good point about actual ASN's, so here goes. > Do you mean to tell me you can't find contact info for ANY of those ISPs > on your own (like those ALTERNET guys, they're hard to track down)? Are > you trying to start a service for notifing ISPs when they have drones > behind them or something? Surely you don't expect to obtain a > comprehensive list by posting a list of AS names and half chopped off > descriptions to NANOG, without even including the AS numbers? We have contacts and listing, but we are trying to re-build, update and cover everything. New list with AS numbers below, as requested. If your AS is not listed and you are interested, drop me a note. > I'd personally love more reporting services that will actually disclose > information to the ISPs who can actually take action to help straighten > out their customers. We have far too many people who sit around wringing > their hands about how horrible the botnets are, but who won't tell anyone > who can do anything about it out of a paranoid sense of "security". I'm > not sure this is the best way to go about that though. :) > We are open for suggestions and this is not the *only* course of action we take. :) Thanks, Gadi. 17 PURDUE - Purdue University 25 UCB - University of California 27 UMDNET - University of Marylan 81 CONCERT - MCNC Center of Commu 137 ASGARR GARR Italian academic a 174 COGENT Cogent/PSI 209 ASN-QWEST - Qwest 210 WEST-NET-WEST - Utah Education 217 UMN-AGS-NET-AS - University of 224 UNINETT UNINETT The Norwegian 237 MERIT-AS-14 - Merit Network In 239 UTORONTO-AS - University of To 286 KPN KPN Internet Backbone AS 376 RISQ-AS - Reseau Interordinate 553 BELWUE Landeshochschulnetz Bad 577 BACOM - Bell Advanced Communic 680 DFN-IP service G-WiN 701 ALTERNET-AS - UUNET Technologi 702 AS702 MCI EMEA - Commercial IP 721 DLA-ASNBLOCK-AS - DoD Network 766 REDIRIS RedIRIS Autonomous Sys 786 JANET The JANET IP Service 790 EUNETFI EUnet Finland 812 ROGERS-CABLE - Rogers Cable In 813 UUNET-AS1 - UUNET Technologies 852 ASN852 - Telus Advanced Commun 1109 University of Salzburg 1113 TUGNET Technische Universitaet 1221 ASN-TELSTRA Telstra Pty Ltd 1239 SPRINTLINK - Sprint 1249 FIVE-COLLEGES-AS - Five Colleg 1267 ASN-INFOSTRADA Infostrada S.p. 1653 SUNET SUNET Swedish University 1659 ERX-TANET-ASN1 Tiawan Academic 1668 AOL-ATDN - AOL Transit Data Ne 1680 NetVision Ltd. 1767 IHETSDATANET - Indiana Higher 1781 KAIST-DAEJEON-AS-KR Korea Adva 1784 GNAPS - Global NAPs Networks 1785 USLEC-ASN-1785 - USLEC Corp. 1955 HBONE-AS HUNGARNET 2042 ERX-JARING Malaysian institute 2108 CARNET-AS Croatian Academic an 2116 ASN-CATCHCOM Catch Communicati 2119 TELENOR-NEXTEL Telenor Interne 2259 FR-U-STRASBOURG FR 2381 WISCNET1-AS - University of Wi 2501 JPNIC-ASBLOCK-AP JPNIC 2514 JPNIC-ASBLOCK-AP JPNIC 2527 JPNIC-ASBLOCK-AP JPNIC 2614 ROEDUNET Romanian Education Ne 2637 GEORGIA-TECH - Georgia Institu 2764 AAPT AAPT Limited 2828 XO-AS15 - XO Communications 2852 CESNET2 Czech National Researc 2856 BT-UK-AS BTnet UK Regional net 2907 ERX-SINET-AS National Center f 2914 VERIO - Verio Inc. 3064 AFFINITY-FTL - Affinity Intern 3112 OARNET-AS-1 - OARnet 3212 TRIERA Triera Internet 3215 AS3215 France Telecom Transpac 3240 SEKTORNET Sektornet DK Minist 3246 TDCSONG TDC Song 3248 SIL-AT SILVER:SERVER GmbH 3257 TISCALI-BACKBONE Tiscali Intl 3265 XS4ALL-NL XS4ALL 3269 ASN-IBSNAZ TELECOM ITALIA 3292 TDC TDC Data Networks 3301 TELIANET-SWEDEN TeliaNet Swede 3304 SCARLET Scarlet Belgium 3307 BANETELE-NORWAY BaneTele AS (f 3313 INET-AS I.NET S.p.A. 3320 DTAG Deutsche Telekom AG 3323 NTUA National Technical Univer 3344 KEWLIO-DOT-NET Kewlio.net Limi 3352 TELEFONICA-DATA-ESPANA Interne 3356 LEVEL3 Level 3 Communications 3462 HINET Data Communication Busin 3491 BTN-ASN - Beyond The Network A 3561 SAVVIS - Savvis 3602 SPRINT-CA-AS - Sprint Canada I 3659 CLAREMONT - The Claremont Coll 3701 NERONET - Oregon Joint Graduat 3741 AFRINIC African Network Inform 3758 ERX-SINGNET SingNet 3786 ERX-DACOMNET DACOM Corporation 3801 MISNET - Mikrotec Internet Ser 4134 CHINANET-BACKBONE No.31 Jin-ro 4148 ACTCOM ACTCOM - Active Communi 4230 Embratel 4314 I-55-INTERNET-SERVICES-INC - I 4323 TWTC - Time Warner Telecom 4355 ERMS-EARTHLNK - EARTHLINK INC 4364 IGLOU - IgLou Internet Service 4436
Re: botnet reporting by AS - what about you?
On Fri, 12 Aug 2005, Richard A Steenbergen wrote: > > On Fri, Aug 12, 2005 at 08:41:52PM +0200, Gadi Evron wrote: > > > > Hello. The drone armies research and mitigation mailing list is moving > > its reporting mechanism to the next level. > > > > If you have updated contact information for any of the below AS owners, > > please contact me _off-list_. > > > > Thanks, > > > > Gadi. > > > ... > > Do you mean to tell me you can't find contact info for ANY of those ISPs > on your own (like those ALTERNET guys, they're hard to track down)? Are quit telling them our secrets... afterall, it's not like the abuse@ contacts aren't in the RIR/whois data. > you trying to start a service for notifing ISPs when they have drones > behind them or something? Surely you don't expect to obtain a > comprehensive list by posting a list of AS names and half chopped off > descriptions to NANOG, without even including the AS numbers? > helpful isn't it?? does eveyrone have just 1 asn to worry about?
Re: botnet reporting by AS - what about you?
What happened to replies off-list? Anyway, good point about actual ASN's, so here goes. Do you mean to tell me you can't find contact info for ANY of those ISPs on your own (like those ALTERNET guys, they're hard to track down)? Are you trying to start a service for notifing ISPs when they have drones behind them or something? Surely you don't expect to obtain a comprehensive list by posting a list of AS names and half chopped off descriptions to NANOG, without even including the AS numbers? We have contacts and listing, but we are trying to re-build, update and cover everything. New list with AS numbers below, as requested. If your AS is not listed and you are interested, drop me a note. I'd personally love more reporting services that will actually disclose information to the ISPs who can actually take action to help straighten out their customers. We have far too many people who sit around wringing their hands about how horrible the botnets are, but who won't tell anyone who can do anything about it out of a paranoid sense of "security". I'm not sure this is the best way to go about that though. :) We are open for suggestions and this is not the *only* course of action we take. :) Thanks, Gadi. 17 PURDUE - Purdue University 25 UCB - University of California 27 UMDNET - University of Marylan 81 CONCERT - MCNC Center of Commu 137 ASGARR GARR Italian academic a 174 COGENT Cogent/PSI 209 ASN-QWEST - Qwest 210 WEST-NET-WEST - Utah Education 217 UMN-AGS-NET-AS - University of 224 UNINETT UNINETT The Norwegian 237 MERIT-AS-14 - Merit Network In 239 UTORONTO-AS - University of To 286 KPN KPN Internet Backbone AS 376 RISQ-AS - Reseau Interordinate 553 BELWUE Landeshochschulnetz Bad 577 BACOM - Bell Advanced Communic 680 DFN-IP service G-WiN 701 ALTERNET-AS - UUNET Technologi 702 AS702 MCI EMEA - Commercial IP 721 DLA-ASNBLOCK-AS - DoD Network 766 REDIRIS RedIRIS Autonomous Sys 786 JANET The JANET IP Service 790 EUNETFI EUnet Finland 812 ROGERS-CABLE - Rogers Cable In 813 UUNET-AS1 - UUNET Technologies 852 ASN852 - Telus Advanced Commun 1109University of Salzburg 1113TUGNET Technische Universitaet 1221ASN-TELSTRA Telstra Pty Ltd 1239SPRINTLINK - Sprint 1249FIVE-COLLEGES-AS - Five Colleg 1267ASN-INFOSTRADA Infostrada S.p. 1653SUNET SUNET Swedish University 1659ERX-TANET-ASN1 Tiawan Academic 1668AOL-ATDN - AOL Transit Data Ne 1680NetVision Ltd. 1767IHETSDATANET - Indiana Higher 1781KAIST-DAEJEON-AS-KR Korea Adva 1784GNAPS - Global NAPs Networks 1785USLEC-ASN-1785 - USLEC Corp. 1955HBONE-AS HUNGARNET 2042ERX-JARING Malaysian institute 2108CARNET-AS Croatian Academic an 2116ASN-CATCHCOM Catch Communicati 2119TELENOR-NEXTEL Telenor Interne 2259FR-U-STRASBOURG FR 2381WISCNET1-AS - University of Wi 2501JPNIC-ASBLOCK-AP JPNIC 2514JPNIC-ASBLOCK-AP JPNIC 2527JPNIC-ASBLOCK-AP JPNIC 2614ROEDUNET Romanian Education Ne 2637GEORGIA-TECH - Georgia Institu 2764AAPT AAPT Limited 2828XO-AS15 - XO Communications 2852CESNET2 Czech National Researc 2856BT-UK-AS BTnet UK Regional net 2907ERX-SINET-AS National Center f 2914VERIO - Verio Inc. 3064AFFINITY-FTL - Affinity Intern 3112OARNET-AS-1 - OARnet 3212TRIERA Triera Internet 3215AS3215 France Telecom Transpac 3240SEKTORNET Sektornet DK Minist 3246TDCSONG TDC Song 3248SIL-AT SILVER:SERVER GmbH 3257TISCALI-BACKBONE Tiscali Intl 3265XS4ALL-NL XS4ALL 3269ASN-IBSNAZ TELECOM ITALIA 3292TDC TDC Data Networks 3301TELIANET-SWEDEN TeliaNet Swede 3304SCARLET Scarlet Belgium 3307BANETELE-NORWAY BaneTele AS (f 3313INET-AS I.NET S.p.A. 3320DTAG Deutsche Telekom AG 3323NTUA National Technical Univer 3344KEWLIO-DOT-NET Kewlio.net Limi 3352TELEFONICA-DATA-ESPANA Interne 3356LEVEL3 Level 3 Communications 3462HINET Data Communication Busin 3491BTN-ASN - Beyond The Network A 3561SAVVIS - Savvis 3602SPRINT-CA-AS - Sprint Canada I 3659CLAREMONT - The Claremont Coll 3701NERONET - Oregon Joint Graduat 3741AFRINIC African Network Inform 3758ERX-SINGNET SingNet 3786ERX-DACOMNET DACOM Corporation 3801MISNET - Mikrotec Internet Ser 4134CHINANET-BACKBONE No.31 Jin-ro 4148ACTCOM ACTCOM - Active Communi 4230Embratel 4314I-55-INTERNET-SERVICES-INC - I 4323TWTC - Time Warner Telecom 4355ERMS-EARTHLNK - EARTHLINK INC 4364IGLOU - IgLou Internet Service 4436AS-NLAYER - nLayer Communicati 4513Globix Corporation 4589EASYNET Easynet Group Plc 4618INET-TH-AS Internet Thailand C 4628ASN-PACIFIC-INTERNET-IX Pacifi 4637REACH Reach Network Border AS 4645ASN-HKNET-AP HKNet Co. Ltd 4670HYUNDAI-KR Shinbiro 4685ASAHI-NET Asahi Net 4713OCN NTT Communications Corpora 4725
Re: UUNET connectivity in Minneapolis, MN
[ Charset ISO-8859-1 unsupported, converting... ] > > > > > During the Northridge earthquake (the one during the > world series in sf.ba.ca.us) there was a BUNCH of > disruption of the infrastructure, drives were shaken > til they crashed, power wend down all over the area, > Telco lines got knocked down, underground vaults got > flooded, and data centers went off line. > Sorry.. wrong earthquake.. The Loma Prieta quake of 10/17/1989 occured during the opening game of the World Series, featuring the San Francisco Giants, and the Oakland Athletics in an all SF Bay area series. The epicenter was in the Santa Cruz mountains, in the vicinity of Mt Loma Prieta. Commercial power was lost to much of the bay area. The Northridge quake occured on 1/17/1994, in southern California. The epicenter was located in the San Fernando Valley, 20 miles NW of Los Angeles. As far as I recall, network disruption was minimal following the Northridge quake, with a few sites offline {due to a machine room flooding at UCLA?} -- Welcome My Son, Welcome To The Machine -- Bob Vaughan | techie @ tantivy.net | | P.O. Box 19792, Stanford, Ca 94309 | -- I am Me, I am only Me, And no one else is Me, What could be simpler? --
Re: Cisco crapaganda
Hi Rich, > A. If open publication of the full source code of XYZ would render it > insecure, then XYZ is _already_ insecure. i like that way of looking at it.. > B. In analyzing any attack, it's prudent to presume that the attackers have > the full source code of every piece of software involved. [1] sure, or even a snippet would be sufficient to find and exploit a hole > It's time to level the playing field. It's time for all the vendors to > publish ALL the source code so that we at least have the same information as > our adversaries. thats going to be a leap too far, its not an issue of security its a question of property and value > [1] Either because it leaked (discarded computer equipment, backup tapes, source code is much wider distributed than people might think, its possible to be a contractor (individual or company) or for example in MS's case a partner and get source code supplied under NDA > what's the dollar value on the open market of, oh, let's say, the full source > code to one of Cisco's popular routers? Maybe $100K? $250K? Maybe more, > considering what it might facilitate? naww. $0. pre IOS-12 versions are in circulation already, 12.something was partially leaked a year or two ago, and i'm sure other bits can be picked up. who would be willing to pay? not companies, thats illegal. blackhats? maybe, but they can juts grab the circulating bootlegs > Whatever that number is, that's the amount that prospective attackers may be > presumed to be willing to spend to get it. And whether they spend it on R&D, > or paying someone who's already done the R&D, or just cutting to the chase and > paying off someone with access to it, doesn't really matter: if they're > willing to spend to the money, they _will_ get it. wonder why they dont already have it, maybe they do... Steve
Re: Cisco crapaganda
On Tue, Aug 09, 2005 at 04:11:45PM +0100, [EMAIL PROTECTED] wrote: > There really is no such thing as closed source. I've been saying this for years, and I'm sure you and I aren't the only ones. Corrallaries: A. If open publication of the full source code of XYZ would render it insecure, then XYZ is _already_ insecure. B. In analyzing any attack, it's prudent to presume that the attackers have the full source code of every piece of software involved. [1] C. It's not secure until everyone knows exactly how it works and it's still secure. D. Any piece of source code which hasn't been subjected to widespread peer review should be presumed untrustworthy-- because it not only hasn't been shown to be otherwise, the attempt hasn't even been made. (Note that the contrapositive isn't true -- peer review is only a necessary condition, not a sufficient one.) More bluntly: the closed-source, "faith-based" approach to security doesn't cut it. The attacks we're confronting are being launched (in many cases) by people who *already have the source code*, and who thus enjoy an enormous advantage over the defenders. It's time to level the playing field. It's time for all the vendors to publish ALL the source code so that we at least have the same information as our adversaries. Because relying on the supposed "secrecy" of source code is relying on a fantasy. ---Rsk [1] Either because it leaked (discarded computer equipment, backup tapes, etc.), was stolen from outside (network break-in, physical break-in), was stolen from inside (payoffs) or other means. Borrowing heavily from Bruce Schneier's analysis of what it'd be worth to buy an election: what's the dollar value on the open market of, oh, let's say, the full source code to one of Cisco's popular routers? Maybe $100K? $250K? Maybe more, considering what it might facilitate? Whatever that number is, that's the amount that prospective attackers may be presumed to be willing to spend to get it. And whether they spend it on R&D, or paying someone who's already done the R&D, or just cutting to the chase and paying off someone with access to it, doesn't really matter: if they're willing to spend to the money, they _will_ get it.
Re: botnet reporting by AS - what about you?
I'd personally love more reporting services that will actually disclose information to the ISPs who can actually take action to help straighten out their customers. We have far too many people who sit around wringing their hands about how horrible the botnets are, but who won't tell anyone who can do anything about it out of a paranoid sense of "security". I'm not sure this is the best way to go about that though. :) ok. I'm working on the following service and would like to know if there is interest to participate. just drop a not off list if you want to play. I've been producing daily reports for about 60 ASes in a report via email. It is taking significant cycles to produce and I could only hand another 60 or so networks. Since this won't scale for me I've decided to do near real-time reports over jabber the idea is to publish reports in the following style: anti phishing reports go to the Domain Registrar and AS manager for the IP space hosting the phish site. botnets, virus infectors, open proxies etc the IP manager get notified. spamertisements, spam senders will notify the registrar the reports are text, human readable RFC-822 style headers. I should have the signup page done next week, i should publish it in this notice but I'm just looking for feedback if doing the above is something the community would participate in. I'd like something that scales and what I've done thus far just won't scale. comments (flames?) please. -rick
Re: botnet reporting by AS - what about you?
On Fri, Aug 12, 2005 at 08:41:52PM +0200, Gadi Evron wrote: > > Hello. The drone armies research and mitigation mailing list is moving > its reporting mechanism to the next level. > > If you have updated contact information for any of the below AS owners, > please contact me _off-list_. > > Thanks, > > Gadi. > ... Do you mean to tell me you can't find contact info for ANY of those ISPs on your own (like those ALTERNET guys, they're hard to track down)? Are you trying to start a service for notifing ISPs when they have drones behind them or something? Surely you don't expect to obtain a comprehensive list by posting a list of AS names and half chopped off descriptions to NANOG, without even including the AS numbers? I'd personally love more reporting services that will actually disclose information to the ISPs who can actually take action to help straighten out their customers. We have far too many people who sit around wringing their hands about how horrible the botnets are, but who won't tell anyone who can do anything about it out of a paranoid sense of "security". I'm not sure this is the best way to go about that though. :) -- Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Holy Grail
On Fri, 12 Aug 2005 19:57:35 +0200, Gadi Evron said: > > Cisco is just busy having the same cow that everybody else had on the x86 > > platform when Solar Designer wrote "Smashing the Stack for fun and profit", > > because this is basically "Smashing the IOS stack for fun and profit" > > Wasn't that Aleph1? It was so long ago that history became legend, and legend became myth, and Cisco is just now catching up.. ;) pgpj8XZUrOdGN.pgp Description: PGP signature
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to [EMAIL PROTECTED] If you have any comments please contact Philip Smith <[EMAIL PROTECTED]>. Routing Table Report 04:00 +10GMT Sat 13 Aug, 2005 Analysis Summary BGP routing table entries examined: 167995 Prefixes after maximum aggregation: 96653 Unique aggregates announced to Internet: 81488 Total ASes present in the Internet Routing Table: 20273 Origin-only ASes present in the Internet Routing Table: 17669 Origin ASes announcing only one prefix:8344 Transit ASes present in the Internet Routing Table:2604 Transit-only ASes present in the Internet Routing Table: 74 Average AS path length visible in the Internet Routing Table: 4.5 Max AS path length visible: 26 Prefixes from unregistered ASNs in the Routing Table:23 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space: 13 Number of addresses announced to Internet: 1403683221 Equivalent to 83 /8s, 170 /16s and 129 /24s Percentage of available address space announced: 37.9 Percentage of allocated address space announced: 57.0 Percentage of available address space allocated: 66.4 Total number of prefixes smaller than registry allocations: 79603 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:34867 Total APNIC prefixes after maximum aggregation: 15760 Prefixes being announced from the APNIC address blocks: 32728 Unique aggregates announced from the APNIC address blocks:16456 APNIC Region origin ASes present in the Internet Routing Table:2330 APNIC Region origin ASes announcing only one prefix:689 APNIC Region transit ASes present in the Internet Routing Table:345 Average APNIC Region AS path length visible:4.5 Max APNIC Region AS path length visible: 18 Number of APNIC addresses announced to Internet: 192817280 Equivalent to 11 /8s, 126 /16s and 40 /24s Percentage of available APNIC address space announced: 71.6 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911 APNIC Address Blocks 58/7, 60/7, 124/7, 126/8, 202/7, 210/7, 218/7, 220/7 and 222/8 ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes: 89765 Total ARIN prefixes after maximum aggregation:54780 Prefixes being announced from the ARIN address blocks:70157 Unique aggregates announced from the ARIN address blocks: 26041 ARIN Region origin ASes present in the Internet Routing Table:10138 ARIN Region origin ASes announcing only one prefix:3737 ARIN Region transit ASes present in the Internet Routing Table: 940 Average ARIN Region AS path length visible: 4.3 Max ARIN Region AS path length visible: 20 Number of ARIN addresses announced to Internet: 257546005 Equivalent to 15 /8s, 89 /16s and 215 /24s Percentage of available ARIN address space announced: 64.0 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153 3354-4607, 4865-5119, 5632-6655, 6912-7466 7723-8191, 10240-12287, 13312-15359, 16384-17407 18432-20479, 21504-23551, 25600-26591, 26624-27647, 29696-30719, 31744-33791 35840-36863 ARIN Address Blocks24/8, 63/8, 64/6, 68/7, 70/6, 74/7, 76/8, 198/7, 204/6, 208/7 and 216/8 RIPE Region Analysis Summary Prefixes being announced by RIPE Region ASes: 32477 Total RIPE prefixes after maximum aggregation:22163 Prefixes being announced from the RIPE address blocks:29468 Unique aggregates announced from the RIPE address blocks: 19819 RIPE Region origin ASes present in the Internet Routing Table: 6975 RIPE Region origin ASes announcing only one prefix:3684 RIPE Region transit ASes present in the Internet Routing Table:1147 Average RIPE Region AS path length visible: 5.2 Max RIPE Region AS path length visible: 26 Number of RIPE addresses announced to In
Re: Fwd: Re: Dst. ports 33438, 33437 (64.95.255.255) [data393]
That is the product/technology they got from their acquisition of netVmg, one of the companies in the so-called "route optimization" space (see also Routescience, Proficient Networks, Sockeye Networks). Sockeye was also acquired by Internap. And then later, RouteScience was picked up by Avaya. I eval'd all except for netVmg and went with RouteScience. Cisco also has a similar feature/functionality called Optimized Exit Routing (OER). -- matthew zeier - "Curiosity is a willing, a proud, an eager confession of ignorance." - Leonard Rubenstein
botnet reporting by AS - what about you?
Hello. The drone armies research and mitigation mailing list is moving its reporting mechanism to the next level. If you have updated contact information for any of the below AS owners, please contact me _off-list_. Thanks, Gadi. 3MENATWORK - 3menatwork.com AAPT AAPT Limited ABACUS-NET-AS - Abacus America ACTCOM ACTCOM - Active Communi ADELPHIA-AS2 - Adelphia AFFINITY-FTL - Affinity Intern AFRINIC African Network Inform AIRBAND-PHOENIX - airBand Comm AITNET - Advanced Internet Tec Albacom Autonomous System Alestra ALICE Alice Networks ALLHOSTSHOP - ALLHOSTSHOP.COM ALTERNET-AS - UUNET Technologi AMEN AMEN Network AMIS-NET AMIS.NET Autonomous S AMNET-AU-AP Amnet IT Services AOL-ATDN - AOL Transit Data Ne APOL-AS Asia Pacific On-line S ARAGON DE CABLE ARUBA-ASN Aruba.it Network AS R Cable y Telecomunicacione AS12593 ISP UkrCom AS13680 Hostway Corporation Ta AS15440 MicroLink Lietuva Auto AS15589 Eutelia S.p.A. Backbon AS31400 AS31400.NET BACKBONE AS3215 France Telecom Transpac AS702 MCI EMEA - Commercial IP ASGARR GARR Italian academic a ASKONKUK KONKUK UNIVERSITY AS-LLIX - Liberty Lake Interne ASN852 - Telus Advanced Commun ASN-ATLANET Atlanet Autonomous ASN-BDDSL Bulldog Communicatio ASN-BNS Blixernetservices S.r. ASN-CARRIER66 carrier66.net Ne ASN-CATCHCOM Catch Communicati ASN-FOUR-U 4u-Networks Limited ASN-HKNET-AP HKNet Co. Ltd ASN-IBSNAZ TELECOM ITALIA ASN-INFOSTRADA Infostrada S.p. ASN-INNERHOST - Interland AS-NLAYER - nLayer Communicati ASN-LOUDPACKET - LoudPacket In ASN-NA-MSG-01 - Managed Soluti ASN-NERIM Nerim -- xDSL Intern ASN-NETHOLDING Autonomous Syst ASN-PACIFIC-INTERNET-IX Pacifi ASN-QWEST - Qwest ASN-TELENERGO EXATEL S.A. Auto ASN-TELSTRA Telstra Pty Ltd ASN-THEPLANET - ThePlanet.com ASVT-NETWORK RusSDO Autonomous Athens University of Economics ATHOME-BENELUX-BV AtHome Benel ATL-CBEYOND - CBEYOND COMMUNIC ATMAN ATMAN Autonomous System ATMLINK - ATMLINK ATRIVO-AS - Atrivo ATT-INTERNET3 - AT&T WorldNet ATT-INTERNET4 - AT&T WorldNet AUGUST-ASN - August Associates AUNA_TELECOM-AS AUNA Autonomou B2 B2 Bredband AB (publ) BACOM - Bell Advanced Communic BAKINTER-AS Bakinternet ISP A BANETELE-NORWAY BaneTele AS (f BATI-ATL - BellSouth Network S BATI-MIA - BellSouth Network S BELLSOUTH-NET-BLK - BellSouth. BELLSOUTH-NET-BLK2 - Bellsouth BENESOL-AS Belgian Network Sol BEN-LOMAND-TEL - Ben Lomand Te BESTWEB - BestWeb Corporation BEZEQ-INTERNATIONAL-AS Bezeqin BJGY srit corp. beijing. BSOCOM BSO Communication Netwo BTN-ASN - Beyond The Network A BT-UK-AS BTnet UK Regional net BURSTFIRE-EU Burstfire Network CABLECOM Cablecom GmbH CABLEINET Telewest Broadband CABLE-NET-1 - Cablevision Syst CABLEVISION S.A. CAIRNSNET-AS-AP CairnsNet Pty CARI - California Regional Int CARNET-AS Croatian Academic an CARPATHIA-HOSTING - Carpathia CASEMAISP-AS N.V. Casema CBCZ CZECHBONE AS CCCH-AS2 - Comcast Cable Commu CCCH-AS4 - Comcast Cable Commu CCINET-2 - Cox Communications CESNET2 Czech National Researc CHARTER-16787 - Charter Commun CHARTER-NET-HKY-NC - Charter C CHARTER-STL - CHARTER COMMUNIC CHINA169-BACKBONE CNCGROUP Chi CHINANET-BACKBONE No.31 Jin-ro CHOICEONECOM - Choice One Comm CHONBUK-AS Chonbuk National Un CIT-FOONET - CREATIVE INTERNET CLAREMONT - The Claremont Coll CMNET-GD Guangdong Mobile Comm CNUNET-AS-KR Chungnam National COGENT Cogent/PSI COLT COLT Telecommunications COMCOR-AS AS for Moscow Teleco Compania de Telecomunicaciones Computer Service Teleinformáti CONNECTPLUS-AP Singapore Telec COULOMB-AS AS for Coulomb CRNC - CRNC CRNET CHINA RAILWAY Internet(C CRONON-AS Cronon AG CTIHK-AS-AP City Telecom (H.K. CWRU-AS-1 - Case Western Reser CYBERCITY Cybercity A/S DACOM-PUBNETPLUS-AS-KR DACOM P DADA S.p.a. DALNET - DALnet DATA393 - Data393 Inc. DATAPIPE - DataPipe DATATELECOM Data Telecom Auton DCI-AS DCI Autonomous System DEMON-NL Demon Netherlands Th DFN-IP service G-WiN DGCSYSTEMS DGC Systems AB Auto DIALOG-AS DIALOG-NET Autonomuo DIGITAL-FOREST-NW - digital.fo DINET-AS Digital Network JSC DION KDDI CORPORATION DISNW1 - State Of Arkansas De DKOM Telekom Austria Applicati DLA-ASNBLOCK-AS - DoD Network DLS-LITH - DLS Computer Servic DNEO-OSP1 - Comcast Cable Comm DNEO-OSP4 - Comcast Cable Comm DNEO-OSP7 - Comcast Cable Comm DOCKNET - dock.net DOMENESHOP Domeneshop AS DONOBI - Donobi Inc. DREAMNET-C-S-I - DreamNet Comm DTAG Deutsche Telekom AG DXTNET Beijing Dian-Xin-Tong N EASEFUL-HK Easeful Strategic L EASYNET Easynet Group Plc EASYNEWS - Easynews Inc. EDELTACOM-SUW-300 - e^deltacom ELENDER-AS ELENDER-AS ELITE-NET - Elite.Net ELIX - Electric Lightwave Inc ELNK-CHARTER-CONN - Earthlink Embratel ENERGIS-AS Energis UK ENERGIT-AS ENERG.IT SpA Enertel N.V. ENTERNET-LIBERCOM-AS Enternet EPLANET-AS ePLANET SPA ERMS-EARTHLNK - EARTHLINK INC ERX-DACOMNET DACOM Corporation ERX-JARING Malaysian institute ERX-SINET-AS National Center f ERX-SINGNET SingNet ERX-TANET-ASN1 Tiawan Academic ESPIRECOMM - e.spire Communica ETHRN - Ethr.Net LLC EUNETFI EUnet Finland EUROCONNEX-AS Euroconnex Netwo Euro
Re: UUNET connectivity in Minneapolis, MN
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 So I am standing in a datacenter fiddling with some fiber and listening to an electrician explaining to the datacenter owner how he has just finished auditing all of the backup power systems and that the transfer switch will work this time (unlike the last 3 times). This is making me a little nervous, but I keep quiet (unusual for me)... Electrician starts walking out of the DC, looks at the (glowing) Big Red Button (marked "Emergency Power Off") and says "Hey, why ya'll running on emergency power?" and presses BRB. Lights go dark, disks spin down, Warren takes his business elsewhere! This is the same DC that had large basement mounted generators in a windowless building in NYC. Weeks before the above incident they had tried to test the generator (one of the failed transfer switch incidents), but apparently no one knew that there were manual flues at the top of the exhausts Carbon monoxide, building evacuated... Warren On Aug 12, 2005, at 8:27 AM, [EMAIL PROTECTED] wrote: On Fri, 12 Aug 2005 06:50:47 CDT, "James D. Butt" said: Unless there is some sort of crazy story related to why a service provider could not keep the lights on, this should have not been an issue with proper operations and engineering. So a while ago, we're in the middle of some major construction to put in infrastructure for a supercomputer. Meanwhile, as an unrelated project we installed a new diesel backup generator to replace an older generator that was undersized for our current systems, and take several hours of downtime on a Saturday to wire the beast in. The next Friday, some contractors are moving the entrance to our machine room about 30 feet to the right, so you don't walk into the middle of the supercomputer. Worker A starts moving a small red switch unit from its location next to where the door used to be to its new location next to where the door was going to be. Unfortunately, he did it before double- checking with Worker B that the small red switch was disarmed... Ka-blammo, a Halon dump... and of course that's interlocked with the power, so once the Halon stopped hissing, it was *very* quiet in there. Moral: It only takes one guy with a screwdriver. -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.4 (Darwin) iD8DBQFC/NVFHSkNr4ucEScRAkc9AKCnwraT9DztjAConsyuBZ7wDs/bJACgyrWR e2zcwlIffPxhTKfFJWm3T3A= =qDyJ -END PGP SIGNATURE-
Re: Holy Grail
[EMAIL PROTECTED] wrote: On Fri, 12 Aug 2005 12:33:40 EDT, "J. Oquendo" said: their equipment. If it's IPv6 based only, and not that big of a threat, then they should see no problem with the information being released. The specific exploit was IPv6 only. The concept that IOS is a sane operating system, and that given a vulnerability, you just need to do X and Y and Z in a fairly mechanical fashion to make a full blown exploit, is IOS-only. Cisco is just busy having the same cow that everybody else had on the x86 platform when Solar Designer wrote "Smashing the Stack for fun and profit", because this is basically "Smashing the IOS stack for fun and profit" Wasn't that Aleph1?
Re: Holy Grail
On Fri, 12 Aug 2005 12:33:40 EDT, "J. Oquendo" said: > their equipment. If it's IPv6 based only, and not that big of a threat, > then they should see no problem with the information being released. The specific exploit was IPv6 only. The concept that IOS is a sane operating system, and that given a vulnerability, you just need to do X and Y and Z in a fairly mechanical fashion to make a full blown exploit, is IOS-only. Cisco is just busy having the same cow that everybody else had on the x86 platform when Solar Designer wrote "Smashing the Stack for fun and profit", because this is basically "Smashing the IOS stack for fun and profit" pgpDO0NjrVdQN.pgp Description: PGP signature
Re: Way OT: RE: @Home's 119 domain names up for sale
Hi, With apologies to the topic fairies .. Crist Clark wrote: It matters how you look at income taxes (figures never lie, but liars figure). The top 3% of earners pay about 40% of all income taxes. The top 1/12% pay about 10% of the taxes. Why do the super rich guys want a flat tax? And the other obvious problem, you pay a lot of taxes, probably more than you realize, besides income tax. The top few percent will pay a lower _percentage_ of their income to the government in tax than a middle earner would (a high earner will typically save more, or in other words their marginal propensity to save is higher) - they are also able to save more and afford better accountants who will help them avoid paying tax ! In the UK, income tax is hugely regressive - a middle earner may end up paying 51% of some proportion of their income in direct tax alone (combining NHIS contributions and income tax) - this then falls to 41% (combined) when the NHIS contributions hit a certain level. The tax burden on high earners is further reduced when one considers that indirect sales tax in the UK is 17.5%. -a
Re: Holy Grail
Saying that this is IPv6 only is misleading. The point of Mike's talk was to show that buffer overflows do more than DOS or reset a Cisco box, but they can actually be exploited like most things we learn about every Patch Tuesday. In the example he used in the talk, he showed off an exploit that took advantage of a buffer overflow in the IPv6 code, but patching that one bug does not mean you'll never see this type of exploit again. Yes, any vendor big or small should realize that if they try to hide things instead of fixing them and owning up, it's just a matter of time until we find it for ourselves, and maybe next time the researcher will be a black hat, also playing secret like Cisco. Imagine the PR bruise that will cause. John On Fri, Aug 12, 2005 at 12:33:40PM -0400, J. Oquendo wrote: > > > Purpose for posting it was, after reading it, there is not enough in my > opinion to warrant a nuclear lock down on this information. I did this to > sort of prove a point to those in the industry: "Stop letting vendors sell > you short." As an engineer they've (Cisco) shortchanged clients using > their equipment. If it's IPv6 based only, and not that big of a threat, > then they should see no problem with the information being released. > > Before anyone decides to send in legal hounds, take note this is > searchable via Google... 5 minutes tops with over 100+ sites listing the > PDF. Sorry Cisco. > > On Fri, 12 Aug 2005, Gadi Evron wrote: > > > J. Oquendo wrote: > > > > > > www.infiltrated.net/cisco/holygrail.pdf > > > > I find it rather funny, really. > > > > Back in defcon, everybody was trading the presentation quietly and eagerly. > > > > Then every kiddie started asking if anyone wants it. > > > > Then we all got URL's to download it from. > > > > Then there was another pass of "psst, want the Lynn presentation?" > > > > And eventually, there was a CD placed on every table at defcon with the > > presentation. > > > > Seeing big-time secret-handshake groups take this with a whisper and a > > "if I know you, email me and I might share it" was a bit silly. > > > > Once again every Bad Guy in town had it and the Good Guys didn't want to > > share under different excuses, some good, some sad. > > > > I find that sharing the presentation openly on NANOG is a bit of a bad > > move because of how some may perceive it and you, but it has become > > completely silly not to do it. So I ask that people reserve judgment.. I > > was very tempted to do it myself. > > > > Gadi. > > > > > > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > J. Oquendo > GPG Key ID 0x97B43D89 > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 > > To conquer the enemy without resorting to war is the most > desirable. The highest form of generalship is to conquer > the enemy by strategy." - Sun Tzu
Re: Holy Grail
Purpose for posting it was, after reading it, there is not enough in my opinion to warrant a nuclear lock down on this information. I did this to sort of prove a point to those in the industry: "Stop letting vendors sell you short." As an engineer they've (Cisco) shortchanged clients using their equipment. If it's IPv6 based only, and not that big of a threat, then they should see no problem with the information being released. Before anyone decides to send in legal hounds, take note this is searchable via Google... 5 minutes tops with over 100+ sites listing the PDF. Sorry Cisco. On Fri, 12 Aug 2005, Gadi Evron wrote: > J. Oquendo wrote: > > > > www.infiltrated.net/cisco/holygrail.pdf > > I find it rather funny, really. > > Back in defcon, everybody was trading the presentation quietly and eagerly. > > Then every kiddie started asking if anyone wants it. > > Then we all got URL's to download it from. > > Then there was another pass of "psst, want the Lynn presentation?" > > And eventually, there was a CD placed on every table at defcon with the > presentation. > > Seeing big-time secret-handshake groups take this with a whisper and a > "if I know you, email me and I might share it" was a bit silly. > > Once again every Bad Guy in town had it and the Good Guys didn't want to > share under different excuses, some good, some sad. > > I find that sharing the presentation openly on NANOG is a bit of a bad > move because of how some may perceive it and you, but it has become > completely silly not to do it. So I ask that people reserve judgment.. I > was very tempted to do it myself. > > Gadi. > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 To conquer the enemy without resorting to war is the most desirable. The highest form of generalship is to conquer the enemy by strategy." - Sun Tzu
Re: Michael Lynn's presentation
J. Oquendo wrote: www.infiltrated.net/cisco/holygrail.pdf I find it rather funny, really. Back in defcon, everybody was trading the presentation quietly and eagerly. Then every kiddie started asking if anyone wants it. Then we all got URL's to download it from. Then there was another pass of "psst, want the Lynn presentation?" And eventually, there was a CD placed on every table at defcon with the presentation. Seeing big-time secret-handshake groups take this with a whisper and a "if I know you, email me and I might share it" was a bit silly. Once again every Bad Guy in town had it and the Good Guys didn't want to share under different excuses, some good, some sad. I find that sharing the presentation openly on NANOG is a bit of a bad move because of how some may perceive it and you, but it has become completely silly not to do it. So I ask that people reserve judgment.. I was very tempted to do it myself. Gadi.
Michael Lynn's presentation
www.infiltrated.net/cisco/holygrail.pdf =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89 To conquer the enemy without resorting to war is the most desirable. The highest form of generalship is to conquer the enemy by strategy." - Sun Tzu
Re: UUNET connectivity in Minneapolis, MN
On Fri, 12 Aug 2005 06:50:47 CDT, "James D. Butt" said: > Unless there is some sort of crazy story related to why a service provider > could not keep the lights on, this should have not been an issue with > proper operations and engineering. So a while ago, we're in the middle of some major construction to put in infrastructure for a supercomputer. Meanwhile, as an unrelated project we installed a new diesel backup generator to replace an older generator that was undersized for our current systems, and take several hours of downtime on a Saturday to wire the beast in. The next Friday, some contractors are moving the entrance to our machine room about 30 feet to the right, so you don't walk into the middle of the supercomputer. Worker A starts moving a small red switch unit from its location next to where the door used to be to its new location next to where the door was going to be. Unfortunately, he did it before double-checking with Worker B that the small red switch was disarmed... Ka-blammo, a Halon dump... and of course that's interlocked with the power, so once the Halon stopped hissing, it was *very* quiet in there. Moral: It only takes one guy with a screwdriver. pgp0RjP3GJTEP.pgp Description: PGP signature
RE: UUNET connectivity in Minneapolis, MN
-Original Message- From: [EMAIL PROTECTED] On Behalf Of James D. Butt > Unless there is some sort of crazy story related > to why a service provider > could not keep the lights on, this should have not > been an issue with > proper operations and engineering. 6 stories from the trenches Once a back hoe decided to punch through a high pressure natural gas main, right outside our offices. The fire department had us shut down ANYTHING that MIGHT make a spark. No nothing was able to run. It did not matter that we had uspes and such, all went dark for hours. During the Northridge earthquake (the one during the world series in sf.ba.ca.us) there was a BUNCH of disruption of the infrastructure, drives were shaken til they crashed, power wend down all over the area, Telco lines got knocked down, underground vaults got flooded, and data centers went off line. When ISDN was king(or ya get a t-1), I worked for an ISP in the bay area that was one of the few to have SOME connectivity when mae-w went down. We had a t-1 that went ânorthâ to another exchange point, and even though that little guy had %50+ packet loss, it kept chugging. We were one of the few ispâs that had ANY net connection, most of the people went in through their local MAE , (that was in the days before connecting to a MAE required that you be connected to several other MAEâs) Once while working for a startup in SF, I pushed for upses and backup power gen sets for our rack of boxes, and I was told that we were "in the middle of the finintial district of SF, that bart/the cable cars ran near by, and that a big huge sub station with in rock throwing distance of our building, not to mention a power plant a couple miles away. There was no reason for us to invest in backup gen sets, or hours of ups timeâ¦. I asked what the procedure was if we lost power for an extended period of time, and I was told, âwe go homeâ weâ¦â¦ the power went off to the entire SF region, and I was able to shut down the equipment with out to much trouble, cause my laptop was plugged into a ups (at my desk) and the critical servers were on a ups, as well as the hub I was on. After I verified that we were stil up at our co-lo (via my CDPD modem) I stated the facts to my boss, and told him that I was following his established procedure for extended power loss. I was on my way home. (boss=not happy) A backup generator failed at a co-lo because of algae in the diesel fuel. Another time a valve broke in the buildings HVAC system sending pink gooey water under the door , and into the machine room. There are reasons why a bunch of 9âs piled together, weird stuff does happen. This is nanog, each âold timerâ has a few dozen of these events they can relate. The first 2 ya realy canât prepare for other than for all your stuff to be mirrored âsome place elseâ, the rest are preventable, but they were still rare. ( back to an operational slant) Get a microwave t-2 and shoot it over to some other building, get a freaking cable modem as a backup, or find another way to get your lines out. If having things work is important to you, YOU should make sure it happens! If people are preventing you from doing your job (having servers up and reachable) CYA, and point it out in the post mortem. -charles Curse the dark, or light a match. You decide, it's your dark. Valdis.Kletnieks in NANOG
Re: UUNET connectivity in Minneapolis, MN
> Unless there is some sort of crazy story related to why a service provider > could not keep the lights on, this should have not been an issue with > proper operations and engineering. I'll let others tell you about the rat that caused a short circuit when Stanford attempted to switch to backup power. Or the time that fire crews told staff to evacuate a Wiltel colo near San Jose because of a backhoe that broke a gas pipe. The staff were prevented from starting their backup generators after power to the neighborhood was cut. In my opinion, the only way to solve this problem is to locate colos and PoPs in clusters within a city and deliver resilient DC power to these clusters from a central redundant generator plant. The generator plants, transmission lines and clusters can be engineered for resiliency. And then the highly flammable and dangerous quantities of fuel can be localized in a generator plant where they can be kept a safe distance from residential and office buildings. Unfortunately, to do this sort of thing requires vision which is something that has been lacking in the network operations field of late. --Michael Dillon
RE: UUNET connectivity in Minneapolis, MN
Yes that is an exception... not what happened in this case You can come up with a lot of valid exceptions... There are many reasons why a Tier 1 provider does not stick all its eggs in multi-tenant buildings... smart things can be done with site selection. I am not saying ever customer needs to keep their network like this... but the really bug guys at the core of their network yes. JD On Fri, 12 Aug 2005, Geo. wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James D. Butt Unless there is some sort of crazy story related to why a service provider could not keep the lights on, this should have not been an issue with proper operations and engineering. The building where one of our nodes sites got hit with an electrical fire in the basement one day, the fire department shut off all electrical to the whole building including the big diesel generators sitting outside the back of the building so all we had was battery power until that ran out 6 hours later. How do you prepare for that? Geo. George Roettger Netlink Services
Re: After Hours Install of OC3
On Fri, 12 Aug 2005, Greenhagen, Robin wrote: Does anyone else require HICAP loop installs to be after hours? What experiences have you had (good or bad) with getting the carriers to do their work during off-peak hours for a reasonable fee? We've done off-hours turnups before, at my previous job with a decent-sized ISP. Some would come back with an off-hours turnup fee which we would turn around beat up our sales rep for, and they would usually reduce or waive it. Most of the fees were pretty low, like $500 or so. $5-$10k seems exorbitant for what amounts to a 'no shutdown', doing some basic acceptance testing and maybe, at the edge of the envelope, turning up a BGP session and testing that, too :-) I'd suggest talking to your sales rep to see if the "Free Install" promo extended to off-hours activations, or better yet, beat your sales rep up and see what happens... We did off-hours turnups for our customers if they requested it. jms
RE: UUNET connectivity in Minneapolis, MN
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of James D. Butt > Unless there is some sort of crazy story related to why a service provider > could not keep the lights on, this should have not been an issue with > proper operations and engineering. The building where one of our nodes sites got hit with an electrical fire in the basement one day, the fire department shut off all electrical to the whole building including the big diesel generators sitting outside the back of the building so all we had was battery power until that ran out 6 hours later. How do you prepare for that? Geo. George Roettger Netlink Services
The Cidr Report
This report has been generated at Fri Aug 12 21:45:46 2005 AEST. The report analyses the BGP Routing Table of an AS4637 (Reach) router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org/as4637 for a current version of this report. Recent Table History Date PrefixesCIDR Agg 05-08-05163780 110959 06-08-05163711 110985 07-08-05163800 110971 08-08-05163743 110924 09-08-05163673 111008 10-08-05163695 78 11-08-05164021 111239 12-08-05164092 71 AS Summary 20168 Number of ASes in routing system 8351 Number of ASes announcing only one prefix 1499 Largest number of prefixes announced by an AS AS7018 : ATT-INTERNET4 - AT&T WorldNet Services 90497024 Largest address span announced by an AS (/32s) AS721 : DLA-ASNBLOCK-AS - DoD Network Information Center Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 12Aug05 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 163985 315285432.2% All ASes AS4323 1142 226 91680.2% TWTC - Time Warner Telecom AS18566 8348 82699.0% COVAD - Covad Communications AS4134 953 232 72175.7% CHINANET-BACKBONE No.31,Jin-rong Street AS27364 554 22 53296.0% ACS-INTERNET - Armstrong Cable Services AS7018 1499 970 52935.3% ATT-INTERNET4 - AT&T WorldNet Services AS721 1081 558 52348.4% DLA-ASNBLOCK-AS - DoD Network Information Center AS22773 514 28 48694.6% CCINET-2 - Cox Communications Inc. AS6197 934 517 41744.6% BATI-ATL - BellSouth Network Solutions, Inc AS3602 550 148 40273.1% SPRINT-CA-AS - Sprint Canada Inc. AS6467 440 78 36282.3% ESPIRECOMM - e.spire Communications, Inc. AS17676 464 104 36077.6% JPNIC-JP-ASN-BLOCK Japan Network Information Center AS9583 749 442 30741.0% SIFY-AS-IN Sify Limited AS4766 579 281 29851.5% KIXS-AS-KR Korea Telecom AS9929 326 46 28085.9% CNCNET-CN China Netcom Corp. AS14654 2889 27996.9% WAYPORT - Wayport AS15270 317 44 27386.1% AS-PAETEC-NET - PaeTec.net -a division of PaeTecCommunications, Inc. AS5668 501 233 26853.5% AS-5668 - CenturyTel Internet Holdings, Inc. AS6167 329 66 26379.9% CELLCO-PART - Cellco Partnership AS812263 20 24392.4% ROGERS-CABLE - Rogers Cable Inc. AS23126 266 25 24190.6% KMCTELCOM-DIA - KMC Telecom, Inc. AS11456 313 73 24076.7% NUVOX - NuVox Communications, Inc. AS1239 860 624 23627.4% SPRINTLINK - Sprint AS2386 889 655 23426.3% INS-AS - AT&T Data Communications Services AS17488 297 68 22977.1% HATHWAY-NET-AP Hathway IP Over Cable Internet AS9498 341 113 22866.9% BBIL-AP BHARTI BT INTERNET LTD. AS7545 516 289 22744.0% TPG-INTERNET-AP TPG Internet Pty Ltd AS6198 467 244 22347.8% BATI-MIA - BellSouth Network Solutions, Inc AS19916 370 148 22260.0% ASTRUM-0001 - OLM LLC AS9304 251 45 20682.1% HUTCHISON-AS-AP Hutchison Global Communications AS6140 413 213 20048.4% IMPSAT-USA - ImpSat Total 17300 65291077162.3% Top 30 total Possible Bogu
Re: UUNET connectivity in Minneapolis, MN
I certainly understand why utility power goes out and that is the reason why MCI loosing power confuses me. I am pretty sure that someone at MCI also realizes why the blackout happens and how fragile things are. It is irresponsible for a Tier 1 infrastructure provider to not be able to generate their own and have large chunks of their network fail do to the inability to power it. I bet you every SBC CO in the affected area was still pushing power out to customer prems. Unless there is some sort of crazy story related to why a service provider could not keep the lights on, this should have not been an issue with proper operations and engineering. JD On Fri, 12 Aug 2005 [EMAIL PROTECTED] wrote: Not sure I understand how on earth something like this happens... power is not that confusing to make sure it does not stop working. Is that so? Have you read the report on the Northeast blackout of 2003? https://reports.energy.gov/ --Michael Dillon
Re: UUNET connectivity in Minneapolis, MN
> Not sure I understand how on earth something like this happens... power is > not that confusing to make sure it does not stop working. Is that so? Have you read the report on the Northeast blackout of 2003? https://reports.energy.gov/ --Michael Dillon
After Hours Install of OC3
One of our incumbent LECs (who's initials begin with SBC) botched a mid-day installation of an additional GIGAMAN drop at our primary DC earlier this year. Whatever they did, it dropped all of our fiber plant with SBC. The outages caused were PAINFULL and expensive from an SLA (to our customers) perspective. Well, we were in process over the past 3-4 months to get a new Sprint OC3 installed, and I put a request in for after hours delivery of the SBC OC3 loop since it will ride the same fiber plant as the previously botched install. After 2 weeks of arguing amongst themselves, they came back with a $5100-$10,000 estimate to install the loop after hours. The loop was previously on a "Free Install" promo with our Sprint agreement, so I was a bit alarmed at that estimate. Our facilities are already in place, and we have had lit OC3 drops previously, so no new gear or strands will be required... Does anyone else require HICAP loop installs to be after hours? What experiences have you had (good or bad) with getting the carriers to do their work during off-peak hours for a reasonable fee? Thanks, Robin Greenhagen GSI