Re: P2P Darknets to eclipse bandwidth management?
Fergie (Paul Ferguson) wrote: Overlooking the point that this kind of smells like a pitch for Staselog, I'd be curious to hear of this is an issue on ISP bandwidth management radar... or already is... I've been asked this question repeatedly almost as long as we've had the traffic engineering / classification capabilities in our product. The great change towards encrypted p2p protocols has always been "just moments away" for the last three years. In this time we've seen the predominant p2p protocol to change from Kazaa to eDonkey, from eDonkey to DirectConnect and from there, to BitTorrent. The fraction of traffic classified as "other" has been 2-4% of total since we shipped. Obviously the fact that the world has not changed in the past is no proof that it will not in the future. If it does towards increased privacy and encryption, I'm all for the change. Pete
Re: the right list to use for talking about nanog is nanog-futures
> the [EMAIL PROTECTED] mailing list is broken. this has been fixed. apologies. randy
Vonage Contacts?
If anyone from Vonage is on NANOG could you please drop me an e-mail off-list? Thank You, Mike
Re: TIA-942 Datacenter Standardization
On Thu, Sep 01, 2005 at 10:54:26PM +1200, Simon Lyall wrote: > also "The Practice of System and Network Administration" by Limoncelli and > Hogan has a few pointers as well but on a smaller scale and it feels a > little old at times. Tom tells me he's prepping a seconfd edition for late 96; anyone who has comments on the first edition should codify them and ship them to him now. Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth & AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 "NPR has a lot in common with Nascar... we both turn to the left." - Peter Sagal, on Wait Wait, Don't Tell Me!
New Orleans Cops Use Single Radio Channel
An AP newswire article by Bruce Myerson, via Yahoo! News, reports that: [snip] By Thursday, nearly 10,000 satellite-based wireless phones had poured into the hurricane zone to coordinate relief efforts by federal disaster personnel and Red Cross workers, said service providers Globalstar LLC and Iridium Satellite LLC. [snip] http://news.yahoo.com/news?tmpl=story&u=/ap/20050902/ap_on_hi_te/katrina_telecom - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: DirectNIC requests BellSouth help.
--On September 1, 2005 8:20:12 PM + Paul Vixie <[EMAIL PROTECTED]> wrote: directnic's nameservers appear to have been botchified during some kind of hurried attempt to mirror them outside of new orleans. <...> good eyes paul, been in contact with people over there and it's getting fixed. i hadn't been following nanog but i'm floating in the IRC stuff (since I'm also freenode staff...). Mike B. relays back thanks that the problem is being fixed. (sorry if this is duplicate information!) this is going to make directnic's customers, or any zone served by these two nameservers, harder to reach than they strictly need to be. can someone from directnic contact someone at verisign, or vice versa, and get this straightened out? -- Paul Vixie -- "Genius might be described as a supreme capacity for getting its possessors into trouble of all kinds." -- Samuel Butler
RE: Bell South or Telcove help needed in NOLA
I made the offer to DirectNIC directly (no pun), and now here publicly.. if anyone distressed folks in the New Orleans need any resources, please feel free to contact me. We will do whatever we can to accomodate any needs. On Thu, 1 Sep 2005, Hannigan, Martin wrote: "If anyone who works for or has connections with Bell South or Telcove is reading this, tell us what it's going to take to get those OC3s back up and running. We will try to coordinate and make it happen." If I were DirectNIC, I'd be making arrangements to operate from a place other than New Orleans for the time being. -M< -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
RE: August 2005: Drone Army Botnet C&C listing
On Wed, 31 Aug 2005, Hannigan, Martin wrote: > > > > > 30058 FDCSERVERS - FDCservers.net LL 123 43 > > 21840 SAGONET-TPA - Sago Networks 53 26 > > > > Much better. And no IL-CERT. :-) > > Is it safe to say the resolutions, at least in these two > cases, are because of others mitigation activities i.e. > snatching back the RR's, shutting off the domain, black > holes, etc? Does the full report (where does one find that anyway?) have what the supposed resolution is/was?
P2P Darknets to eclipse bandwidth management?
Interesting article, and something I think that will certainly becaome an issue for ISPs. Is this a real issue ISPs are thinking about? Via The Register: [snip] Encrypted P2P networks will soon make bandwidth management based on deep packet inspection obsolete, says Staselog, a Finnish appliance outfit. Around 80 per cent of all traffic in the Internet is already P2P. This traffic will increase 1,000-fold in the next five years and most of it will be encrypted P2P, according to a study by Staselog and researchers at Finnish Universities. [snip] http://www.theregister.co.uk/2005/09/01/darknets_fox_traffic_manage_tech/ Overlooking the point that this kind of smells like a pitch for Staselog, I'd be curious to hear of this is an issue on ISP bandwidth management radar... or already is... - ferg -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
BellSouth: 180 Central Offices on Generator Power, 870,000 Lines Out
BellSouth is concentrating on repairing major cables, ensuring telephone switching centers continue to have back-up power until commercial power can be restored, as well as getting communications established for emergency personnel, city and government officials and hospitals. COX has not begun making an assessment, but did announce it was suspending billing for residential and commercial customers in New Orleans.
Re: DirectNIC requests BellSouth help.
directnic's nameservers appear to have been botchified during some kind of hurried attempt to mirror them outside of new orleans. according to the .COM servers: ns0.directnic.com. 2D IN A 204.251.10.100 ns1.directnic.com. 2D IN A 66.115.160.187 according to the .100 server shown above: ns0.directnic.com. 1D IN A 204.251.10.100 ns1.directnic.com. 1D IN A 66.115.130.188 according to the .187 server shown above: ns0.directnic.com. 1D IN A 204.251.10.100 ns1.directnic.com. 1D IN A 66.115.130.188 according to the .188 server shown: ;; res_nsend: Connection refused this is going to make directnic's customers, or any zone served by these two nameservers, harder to reach than they strictly need to be. can someone from directnic contact someone at verisign, or vice versa, and get this straightened out? -- Paul Vixie
Re: redcross.org certificate problems with Akamai
On Thu, Sep 01, 2005 at 03:47:30PM -0400, Hannigan, Martin wrote: > > The donations page is Akamaized, and the certificate says > > "a248.e.akamai.net" instead of "www.redcross.org". > > > > I have the certificate signature available off-line. > > Which part of the transaction does this occur at? Do you have a > specific URL? All of the VeriSign security seals are reporting > known and trusted host and the certs are matching. > > They appear to be outsourcing their payment processing to > Convio. It's all matching up. I clicked on the "Donate NOW" box on the front page, and it happened during the redirect. I didn't get to see that they'd switched to Convio at that point, because I wanted to keep the detail around, and because hanging on that dialog suspends *all* of firefox's threads. I finally released it, and I see that it's working OK now; I also see that they switched that processing to Convio, and perhaps I got caught in an out-of-phase moment. I suppose I know better than to assume it's really broken until it breaks three times in fifteen minutes (my own rule, ironically). Sorry, all. Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer+-Internetworking--+--+ RFC 2100 Ashworth & Associates | Best Practices Wiki | |'87 e24 St Petersburg FL USAhttp://bestpractices.wikicities.com+1 727 647 1274 If you can read this... thank a system administrator. Or two. --me
Re: Katrina: directNIC Stays Online - Blog + Images
On Thu, 1 Sep 2005, Todd Vierling wrote: On Thu, 1 Sep 2005, Dan Hollis wrote: There are other reasons too. People have been following NOPD police scanners and posting news that the mainstream media refuse to cover: http://www.freerepublic.com/focus/news/1474267/posts If you're going to post a URL on *that* site (for other NANOG'ers, it's a highly politically charged site), I am obliged to exercise equal time. Louisiana forum: http://www.democraticunderground.com/discuss/duboard.php?az=show_topics&forum=155 listen to the police scanner yourself. -Dan
Re: now it's really serious in New Orleans
On Thu, Sep 01, 2005 at 01:13:48PM -0400, Christopher Woodfield wrote: > While I'm not in a position to do this myself, as much as I would > like to, I'm wondering if any of the relief organizations that are > mobilizing down there are in need of volunteer IT/networking clue and > hands setting up C&C infrastructure and whatnot. If anyone knows who > the appropriate folks to contact if you're in a position to help out, > even if it's just over the long weekend, I would recommend posting here. I have noticed that the Red Cross is now looking for any vaguely disciplined people whom to train and send down there. There is also a Red Cross IT group. Let me see ... the answer I'm given is, go to your local Red Cross Chapter, sign up to be in the Disaster Services Human Resources (DSHR) program, tell them your only skill is in IT [because 95% of the people going down there RIGHT NOW will be doing Mass Care]. And hope that the ARC DS people who know whom to contact about this haven't already left for Mississippi. [I used to have a contact in the Regional Headquarters, but there isn't a Regional Headquarters any more, and he's probably down in the thick of things right now.] -- Joe Yao --- This message is not an official statement of OSIS Center policies.
Re: Katrina: directNIC Stays Online - Blog + Images
On Thu, 1 Sep 2005, Dan Hollis wrote: > There are other reasons too. People have been following NOPD police scanners > and posting news that the mainstream media refuse to cover: > > http://www.freerepublic.com/focus/news/1474267/posts If you're going to post a URL on *that* site (for other NANOG'ers, it's a highly politically charged site), I am obliged to exercise equal time. Louisiana forum: http://www.democraticunderground.com/discuss/duboard.php?az=show_topics&forum=155 -- -- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Re: DirectNIC requests BellSouth help.
On Thu, 1 Sep 2005, Adam 'Starblazer' Romberg wrote: > "If anyone who works for or has connections with Bell South or Telcove > is reading this, tell us what it's going to take to get those OC3s > back up and running. We will try to coordinate and make it happen. " > > http://www.livejournal.com/users/interdictor/39993.html Do they have a TSP number issued by the US Government for emergency restoration? No? Then they are probably in the back of the line after federal, state and local emergency telecommunication needs.
RE: redcross.org certificate problems with Akamai
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of > Jay R. Ashworth > Sent: Thursday, September 01, 2005 3:12 PM > To: nanog@merit.edu > Subject: Ops: redcross.org certificate problems with Akamai > > > > The donations page is Akamaized, and the certificate says > "a248.e.akamai.net" instead of "www.redcross.org". > > I have the certificate signature available off-line. Which part of the transaction does this occur at? Do you have a specific URL? All of the VeriSign security seals are reporting known and trusted host and the certs are matching. They appear to be outsourcing their payment processing to Convio. It's all matching up. -M<
Ops: redcross.org certificate problems with Akamai
The donations page is Akamaized, and the certificate says "a248.e.akamai.net" instead of "www.redcross.org". I have the certificate signature available off-line. Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth & AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 "NPR has a lot in common with Nascar... we both turn to the left." - Peter Sagal, on Wait Wait, Don't Tell Me!
RE: Bell South or Telcove help needed in NOLA
> "If anyone who works for or has connections with Bell South > or Telcove is > reading this, tell us what it's going to take to get those > OC3s back up > and running. We will try to coordinate and make it happen." If I were DirectNIC, I'd be making arrangements to operate from a place other than New Orleans for the time being. -M<
RE: UNITED.COM (United Airlines) has been down for days! Any info on this?
Henry Yen wrote: > > On Thu, Sep 01, 2005 at 11:10:45AM -0700, Grant A. Kirkwood wrote: > > > > John Palmer wrote: > > > > > >The United Airlines website appears to be down and has > been down for days. > > > > > >Is this a network issue or are they out of business?? > > > > > > > > > Neither.. just systematic and ongoing web development incompetency. > > > > http://www.flyertalk.com/forum/showthread.php?t=467617 > > > > http://www.flyertalk.com/forum/showthread.php?t=467121 > > > > http://www.flyertalk.com/forum/showthread.php?t=468034 > > > > etc > > This problem (or its close relative) was discussed on nanog > less than three months ago: >http://www.merit.edu/mail.archives/nanog/2005-06/msg00034.html Their problems go far, far beyond just DNS. They have had consistent problems for well over a year. Basic stuff--- like booking a ticket. It's no wonder they can't get out of bankruptcy.
DirectNIC requests BellSouth help.
Straight from the source: "If anyone who works for or has connections with Bell South or Telcove is reading this, tell us what it's going to take to get those OC3s back up and running. We will try to coordinate and make it happen. " http://www.livejournal.com/users/interdictor/39993.html Adam 'Starblazer' Romberg Store Line: 920-738-9032 System Administrator Direct Line: 920-968-7713 ExtremePC LLC-=- http://www.extremepcgaming.net
Bell South or Telcove help needed in NOLA
passing a message: "If anyone who works for or has connections with Bell South or Telcove is reading this, tell us what it's going to take to get those OC3s back up and running. We will try to coordinate and make it happen." http://www.livejournal.com/users/interdictor/ Lucy E. Lynch Academic User Services Computing CenterUniversity of Oregon llynch @darkwing.uoregon.edu (541) 346-1774
Re: UNITED.COM (United Airlines) has been down for days! Any info on this?
On Thu, Sep 01, 2005 at 11:10:45AM -0700, Grant A. Kirkwood wrote: > > John Palmer wrote: > > > >The United Airlines website appears to be down and has been down for days. > > > >Is this a network issue or are they out of business?? > > > > > Neither.. just systematic and ongoing web development incompetency. > > http://www.flyertalk.com/forum/showthread.php?t=467617 > > http://www.flyertalk.com/forum/showthread.php?t=467121 > > http://www.flyertalk.com/forum/showthread.php?t=468034 > > etc This problem (or its close relative) was discussed on nanog less than three months ago: http://www.merit.edu/mail.archives/nanog/2005-06/msg00034.html -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Bell South or Telcove contacts.
The guys over at http://www.directnic.com/ are looking for contacts to find out what it will take to get a few oc3's back up. http://www.livejournal.com/users/interdictor/ If anyone who works for or has connections with Bell South or Telcove is reading this, tell us what it's going to take to get those OC3s back up and running. We will try to coordinate and make it happen. just passing the information over. Hoping someone from those companies reads nanog :) Thanks
ATTN: Bell South of Telcove
Sent on behalf of the guys over at InterNIC. They probably have better things to do, but it's the least I can do to help. [snip] If anyone who works for or has connections with Bell South or Telcove is reading this, tell us what it's going to take to get those OC3s back up and running. We will try to coordinate and make it happen. [/snip] Apparently they are down to one upstream provider. (as predicted they would loose them earlier on the list) Also: [snip] Huge convoy of fuel and generator engineer types affiliated with Bell South just moved down the street toward their building. That's where 2 of our OC3s that went down are at Bell's main. [/snip] Best of luck to everyone. -- Regards, Chris Gilbert
Re: UNITED.COM (United Airlines) has been down for days! Any info on this?
On 9/1/05, John Palmer <[EMAIL PROTECTED]> wrote: The United Airlines website appears to be down and has been down for days. Is this a network issue or are they out of business?? Works fine for me. What testing have you done and what exactly are you seeing? Jamie
RE: UNITED.COM (United Airlines) has been down for days! Any info on this?
John Palmer wrote: > >The United Airlines website appears to be down and has been down for days. > >Is this a network issue or are they out of business?? > Neither.. just systematic and ongoing web development incompetency. http://www.flyertalk.com/forum/showthread.php?t=467617 http://www.flyertalk.com/forum/showthread.php?t=467121 http://www.flyertalk.com/forum/showthread.php?t=468034 etc
RE: UNITED.COM (United Airlines) has been down for days! Any info on this?
Works fine for me. *shrug* www.ual.com also forwards appropriately. Scott From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of John PalmerSent: Thursday, September 01, 2005 1:55 PMTo: nanog@merit.eduSubject: UNITED.COM (United Airlines) has been down for days! Any info on this? The United Airlines website appears to be down and has been down for days. Is this a network issue or are they out of business??
Re: UNITED.COM (United Airlines) has been down for days! Any info on this?
On Thu, 2005-09-01 at 12:54:42 -0500, John Palmer proclaimed... > >The United Airlines website appears to be down and has been down for >days. Plug your computer back into the network. It works fine here from several AS's
UNITED.COM (United Airlines) has been down for days! Any info on this?
The United Airlines website appears to be down and has been down for days. Is this a network issue or are they out of business??
OT: Attn Federal NS/EP types
If there's anyone in black sunglasses reading this positioned sufficiently high to do any good, please go read http://www.livejournal.com/users/interdictor/39438.html?mode=reply (Please do not reply on list to this posting. Anyone who feels the need to yell at me, please do it off-list.) Cheers, -- jra -- Jay R. Ashworth[EMAIL PROTECTED] Designer Baylink RFC 2100 Ashworth & AssociatesThe Things I Think'87 e24 St Petersburg FL USA http://baylink.pitas.com +1 727 647 1274 "NPR has a lot in common with Nascar... we both turn to the left." - Peter Sagal, on Wait Wait, Don't Tell Me!
Re: Replacing PSTN with VoIP wise? Was Re: Phone networks struggle in Hurricane Katrina's wake
On Thu, 01 Sep 2005 08:48:04 +0300, Petri Helenius said: > [EMAIL PROTECTED] wrote: > > >It's clearly possible to find telco engineers with 5/10/15 years experience > >in > >running PSTN (might even find somebody with 40-50 years? :). It's possible > >to > >find network engineers with lots of BGP experience. Where do you find a > >senior > >engineer with 5+ years experience in enterprise-scale VoIP deployment? > Deployable enterprise VoIP products existed in 1998. So it would be > somebody who was there doing it back then? Goes 5+ with a margin. Yes, but I hear that both of the guys who actually *DEPLOYED* anything enterprise-wide in 1998 are happily employed and not available. pgpQYgDKA7sWw.pgp Description: PGP signature
nanog-futures list
It's back - thanks to the Steering Committee for prompting us to get the list going again. There's no need for action if you're already subscribed; for others there's subscription info here: http://www.nanog.org/email.html
Re: now it's really serious in New Orleans
While I'm not in a position to do this myself, as much as I would like to, I'm wondering if any of the relief organizations that are mobilizing down there are in need of volunteer IT/networking clue and hands setting up C&C infrastructure and whatnot. If anyone knows who the appropriate folks to contact if you're in a position to help out, even if it's just over the long weekend, I would recommend posting here. -C On Aug 31, 2005, at 1:38 AM, Andrew D Kirch wrote: On Tue, 2005-08-30 at 18:07 -0700, Fred Heutte wrote: In an running on WWL TV right now, Mayor Ray Nagin says that a planned sandbag drop to stop the levee breach near pump #6 at the 17th St. Canal didn't happen and the pump has failed, so the probability is that the "bowl will now be filled," meaning water will flood the majority of the city including the Garden District, French Quarter and CBD. If unabated the water will go to the level of Lake Pontchartrain, about 3 feet ASL, which means, for example, 9 feet of water on St Charles Street. The mayor called the missed opportunity a "blunder" and said this would unfold over the next 12-15 hours. Now it's time to really worry. fh While we're off topic, the Red Cross needs blood donations. It wont keep networks up, but hopefully it will keep people in need alive. For more information/ to locate the nearest Red Cross. Please visit https://www.givelife.org for the location of the nearest blood drive. -- Andrew D Kirch | Abusive Hosts Blocking List | www.ahbl.org Security Admin | Summit Open Source Development Group | www.sosdg.org Key At http://www.2mbit.com/~trelane/trelane.asc Key fingerprint = 4106 3338 1F17 1E6F 8FB2 8DFA 1331 7E25 C406 C8D2
Re: Katrina: directNIC Stays Online - Blog + Images
At 2:13 AM -0700 9/1/05, Dan Hollis wrote: >Some rescue services are refusing to enter due to armed thugs roaming the >streets with ak47 assault rifles, carjacking, mugging and murdering people. >... >Does not sound like a place any sane person would choose to go to. I don't >think "risking your life to protect your employer's property" is on the job >description... While there aren't a lot of systems that are worth the risk, they definitely do exist - think air traffic control, hospital power generation, emergency dispatch, and relief effort coordination. Companies suffer when they're offline, but in the above cases, people can die. The good news is these systems are usually better equipped and protected than the local data center... /John
Re: Replacing PSTN with VoIP wise? Was Re: Phone networks struggle in Hurricane Katrina's wake
[EMAIL PROTECTED] wrote: But then, people don't really care about this, as cell is in the exact same boat and huge numbers of people rely on just their cell phone and no longer have a fixed line (in Europe at least). I have read accounts that suggest that cellphone subscribers from New Orleans only have one way service. In other words, if you left New Orleans with your cellphone then you can make outgoing calls but no-one can call you. I don't know how widespread this is, but knowing that there has to be an SS7 switch in New Orleans directing those incoming calls to your new location, I can imaging that loss of such a switch would create problems. It is sometimes the case in disasters that people from inside can call out but that people from outside can't call in because the circuits into the disaster area become overloaded. This would hold true especially in the case where many people in the disaster area have no access to working phones, so those with working phones can easily get a free outbound circuit - meanwhile frantic friends and family clog up the incoming circuits trying to reach phones that are out of service or people who simply aren't near the phone and who can't answer but those calls still tie up circuits each time they are attempted. I've had several reports that cell phone users who can't make *or* receive calls are successfully sending *and* receiving SMS. It could be that the problem is one of not enough cell channels and working phone circuits for all the phone calls people want to make, but that the SMS channel is not overloaded and thus SMS traffic can zip on thru (when the cell has power and can reach a working cell tower). jc
Re: now it's really serious in New Orleans
On Wed, Aug 31, 2005 at 12:38:24AM -0500, Andrew D Kirch wrote: ... > While we're off topic, the Red Cross needs blood donations. It wont > keep networks up, but hopefully it will keep people in need alive. For > more information/ to locate the nearest Red Cross. Please visit > https://www.givelife.org for the location of the nearest blood drive. Or call 1-800-give-life if you happen to remember this only after logging out. With apologies to on-topic purists present. -- Joe Yao --- This message is not an official statement of OSIS Center policies.
Re: trying to move web site for New Orleans schools
On Thursday 01 Sep 2005 3:59 pm, Stephen J. Wilcox wrote: > > get the school to contact netsol, they can authorize it without the > sysadmin... Note also the mail server for the domain used is up and running. So the schools representatives may have an easier time getting the email changes by speaking to their email provider (who they may have to talk to anyway). Usually if you control the email address, you can get all sorts of lost passwords, or authorisations sorted.
RE: trying to move web site for New Orleans schools
Good advice. The miscreants have already been busy in that regard... - ferg -- "Hannigan, Martin" <[EMAIL PROTECTED]> wrote: > > Outside the NANOG charter, but given the current > circumstances, this seemed > to be a reasonable forum for suggestions on solving this problem. I suggest everyone move with caution on making any unauthenticated changes on the fly for anyone claiming to be impacted by the storm. I know we all feel badly, but this is a good opportunity for miscreants, phishers, and scammers to wreak havoc. -M< -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
RE: trying to move web site for New Orleans schools
> > Outside the NANOG charter, but given the current > circumstances, this seemed > to be a reasonable forum for suggestions on solving this problem. I suggest everyone move with caution on making any unauthenticated changes on the fly for anyone claiming to be impacted by the storm. I know we all feel badly, but this is a good opportunity for miscreants, phishers, and scammers to wreak havoc. -M<
Re: trying to move web site for New Orleans schools
get the school to contact netsol, they can authorize it without the sysadmin... On Thu, 1 Sep 2005, Mark Boolootian wrote: > > > Outside the NANOG charter, but given the current circumstances, this seemed > to be a reasonable forum for suggestions on solving this problem. > > --- > > Subject: Web aid > Date: Thu, 01 Sep 2005 09:05:22 -0500 > >From: Paul Tatarsky <[EMAIL PROTECTED]> > > > This is something that until a few minutes ago I never even > considered as part of this whole Hurricane fallout. > > I got a call from a high school friend who lived in New Orleans. > He's in Florida now. > > There is a emerging need to use the web to help scattered folks > get status from schools, businesses, etc. Many many servers are gone. > People are at relatives homes and are trying to use the Internet > to get status. > > They want to swing DNS for their kids school to a new server but > cannot contact their sysadmin who has the accounts at Network Solutions. > Does anybody have an idea how to solve that? > > But, I'm starting to setup a template BSD machine to provide basic > web vhosts and squirrel mail. We're going to start with his kids > school. > > Here's all that is currently left electronically: > > http://64.233.167.104/search?q=cache:009iQtpHviwJ:www.stuarthall.org/+&hl=en&lr=&strip=1 > > > Paul Tatarsky[EMAIL PROTECTED] > Sysadmin Consultant(608) 441-7365 > http://www.tatarsky.com/ > >
trying to move web site for New Orleans schools
Outside the NANOG charter, but given the current circumstances, this seemed to be a reasonable forum for suggestions on solving this problem. --- Subject: Web aid Date: Thu, 01 Sep 2005 09:05:22 -0500 >From: Paul Tatarsky <[EMAIL PROTECTED]> This is something that until a few minutes ago I never even considered as part of this whole Hurricane fallout. I got a call from a high school friend who lived in New Orleans. He's in Florida now. There is a emerging need to use the web to help scattered folks get status from schools, businesses, etc. Many many servers are gone. People are at relatives homes and are trying to use the Internet to get status. They want to swing DNS for their kids school to a new server but cannot contact their sysadmin who has the accounts at Network Solutions. Does anybody have an idea how to solve that? But, I'm starting to setup a template BSD machine to provide basic web vhosts and squirrel mail. We're going to start with his kids school. Here's all that is currently left electronically: http://64.233.167.104/search?q=cache:009iQtpHviwJ:www.stuarthall.org/+&hl=en&lr=&strip=1 Paul Tatarsky[EMAIL PROTECTED] Sysadmin Consultant (608) 441-7365 http://www.tatarsky.com/
Re: This fall in LA
http://www.arin.net/ARIN-XVI/ipv6_workshop.html https://www.merit.edu/nanog/registration.form.html Does anyone besides me notice that there is no venue listed on either page? Ah, good point. The v6 workshop will be held at the meeting hotel, the Hilton Los Angeles/Universal City.
Re: Has someone in Asia exploited Cisco
Offhand, I would be tempted to say it is the activity of a not
exceedingly competent attacker trying to exploit a very old bug. The
sender is probing for the HTTP Authentication Bypass Issue from June 27
2001.
Original Advisory
http://www.cisco.com/warp/public/707/IOS-httplevel-pub.html
Malicious request: http:///level/16/exec/
Analyze the timing and source of log events to determine if it is an
automated issue.
Robert Guess
Assistant Professor, Information Systems Technology
Tidewater Community College
(757) 822-5022
() ascii ribbon campaign
/\ against html email
>>> "J. Oquendo" <[EMAIL PROTECTED]> 09/01/05 9:07 AM >>>
After doing some logfile analysis briefly yesterday, I noticed what
seems
to be some form of bot, worm, something, searching for what could seems
to
point to a Cisco exploitation of sorts. (http://tinyurl.com/df9d8)
All the hosts who've tried searching for the string are coming from
APNIC.
So I'm wondering... Has someone taken Michael Lynn's paper "Holy
Grail"
and produced a "DaVinci Code" to exploit the flaws Lynn spoke of...
Code snippet below is of "cisco_scanner.c" which searches for the same
particular /level/16/exec/-///pwd string however the code can be
modified
(obviously) and a search turns up less than one page of results on
Google.
Author's page seems to be gone like the wind... Anyhow.
# grep "/level/16/exec/-///" access_log |awk '{print $1,"\t\t"$7}'
58.236.50.75/level/16/exec/-///pwd
221.141.168.137 /level/16/exec/-///pwd
221.138.93.31 /level/16/exec/-///pwd
218.53.244.16 /level/16/exec/-///pwd
222.232.84.34 /level/16/exec/-///pwd
222.238.128.14 /level/16/exec/-///pwd
218.50.74.189 /level/16/exec/-///pwd
218.239.26.42 /level/16/exec/-///pwd
218.232.83.18 /level/16/exec/-///pwd
211.208.254.67 /level/16/exec/-///pwd
whois.apnic.net $ABOVE_HOSTS
Code snippet...
/*
Multi-thread Cisco HTTP vulnerable scanner v0.2
by Inode
*/
#define HTTP_REQUEST "GET /level/16/exec/-///pwd HTTP/1.0\n\n"
So now I have yet another mod_security rule added ;)
SecFilterSelective THE_REQUEST "/level/16"
"redirect:http://www.cisco.com";
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x97B43D89
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89
It is much easier to suggest solutions when you know nothing
about the problem. -- Niklaus Wirth
Has someone in Asia exploited Cisco
After doing some logfile analysis briefly yesterday, I noticed what seems
to be some form of bot, worm, something, searching for what could seems to
point to a Cisco exploitation of sorts. (http://tinyurl.com/df9d8)
All the hosts who've tried searching for the string are coming from APNIC.
So I'm wondering... Has someone taken Michael Lynn's paper "Holy Grail"
and produced a "DaVinci Code" to exploit the flaws Lynn spoke of...
Code snippet below is of "cisco_scanner.c" which searches for the same
particular /level/16/exec/-///pwd string however the code can be modified
(obviously) and a search turns up less than one page of results on Google.
Author's page seems to be gone like the wind... Anyhow.
# grep "/level/16/exec/-///" access_log |awk '{print $1,"\t\t"$7}'
58.236.50.75/level/16/exec/-///pwd
221.141.168.137 /level/16/exec/-///pwd
221.138.93.31 /level/16/exec/-///pwd
218.53.244.16 /level/16/exec/-///pwd
222.232.84.34 /level/16/exec/-///pwd
222.238.128.14 /level/16/exec/-///pwd
218.50.74.189 /level/16/exec/-///pwd
218.239.26.42 /level/16/exec/-///pwd
218.232.83.18 /level/16/exec/-///pwd
211.208.254.67 /level/16/exec/-///pwd
whois.apnic.net $ABOVE_HOSTS
Code snippet...
/*
Multi-thread Cisco HTTP vulnerable scanner v0.2
by Inode
*/
#define HTTP_REQUEST "GET /level/16/exec/-///pwd HTTP/1.0\n\n"
So now I have yet another mod_security rule added ;)
SecFilterSelective THE_REQUEST "/level/16" "redirect:http://www.cisco.com";
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x97B43D89
http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x97B43D89
It is much easier to suggest solutions when you know nothing
about the problem. -- Niklaus Wirth
Re: TIA-942 Datacenter Standardization
On Wed, 31 Aug 2005, Deepak Jain wrote: > Its more of a document I'd expect to spend a ridiculous some of money to > have a consultant produce, not someone who should know better. Great > college guide book to discuss "issues" though. Are there other documents/books that people would instead recomend? I found this recently but I've not started reading it (it's on my safari bookshelf): Build the Best Data Center Facility for Your Business By Douglas Alger ISBN: 1-58705-182-6 also "The Practice of System and Network Administration" by Limoncelli and Hogan has a few pointers as well but on a smaller scale and it feels a little old at times. -- Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT.
Re: Replacing PSTN with VoIP wise? Was Re: Phone networks struggle in Hurricane Katrina's wake
> But then, people don't really care about this, as cell is in the > exact same boat and huge numbers of people rely on just their cell > phone and no longer have a fixed line (in Europe at least). I have read accounts that suggest that cellphone subscribers from New Orleans only have one way service. In other words, if you left New Orleans with your cellphone then you can make outgoing calls but no-one can call you. I don't know how widespread this is, but knowing that there has to be an SS7 switch in New Orleans directing those incoming calls to your new location, I can imaging that loss of such a switch would create problems. A similar problem would be created if a web server relied on DNS that was only hosted on servers in New Orleans. --Michael Dillon
Re: Katrina: directNIC Stays Online - Blog + Images
On Thu, 1 Sep 2005, Simon Waters wrote: I think the issue is not staying at home or work, but rather deciding whetehr or not to follow advice to evacuate an area, where you risk becoming a liability for other rescue and recovery workers. There are other reasons too. People have been following NOPD police scanners and posting news that the mainstream media refuse to cover: http://www.freerepublic.com/focus/news/1474267/posts Some rescue services are refusing to enter due to armed thugs roaming the streets with ak47 assault rifles, carjacking, mugging and murdering people. Law enforcement officials have been captured on videotape participating in the looting. Does not sound like a place any sane person would choose to go to. I don't think "risking your life to protect your employer's property" is on the job description... -Dan
Re: Katrina: directNIC Stays Online - Blog + Images
On Wednesday 31 Aug 2005 5:34 pm, Peter wrote: > Simon Waters <[EMAIL PROTECTED]> wrote: > [...] > > > I guess there may be a need for some updates of DNS services due to > > the incident itself, or similar elsewhere, but in almost all cases > > this can be overridden further up the chain of DNS authority. > > I live just a mile down the road from the ISP I work at. > > Given the choice of sitting at home (no power, probably no roof), or > hiding in the NOC (warm, internal room with no windows, has a shower > and cooking facilities) and being *paid* for it, I'll "heroically" man > the ship (as opposed to cowardly hiding at work). I think the issue is not staying at home or work, but rather deciding whetehr or not to follow advice to evacuate an area, where you risk becoming a liability for other rescue and recovery workers. I understand the need for handling some telecommunications differently from other services. But certainly in the Carribean, companies like C&W have established hurricane procedures, and will deploy staff (like the Red Cross did) in key areas close to the affected areas ready to step in and repair stuff without undue risk to their own employees and contractors. For organisations like registrars there are plans in place for the loss of key organisations (mostly intended for business failure rather than catastrophic failure). Obviously easy to comment with hindsight from a nice comfortable location.
