Re: Interesting new dns failures
On May 22, 2007, at 2:16 PM, Gadi Evron wrote: On Tue, 22 May 2007, David Ulevitch wrote: These questions, and more (but I'm biased to DNS), can be solved at the edge for those who want them. It's decentralized there. It's done the right way there. It's also doable in a safe and fail-open kind of way. This is what I'm talking about. Agreed. Gadi, What is the downside of a "preview" of zones being published by a TLD? Previews could be on a 12 or 24 hour cycle. This would enable defenses at the edge by disabling fast-flux outright. There could be exceptions, of course. When millions of domains are in rapid flux daily, few protective schemes are able to sustain or afford the dispersion of raw threat information. In addition, these raw updates arrive too late at that. A "preview" would not change how the core works, only how fast changes occur, while also dramatically reducing the amount data required for comprehensive protections at the edge. This would be a policy change at the core that enables defenses at the edge. -Doug
Re: ISP CALEA compliance
I do have a volunteer from EFF... I had mentioned that both VeriSign and Neustar have people that are fluent in the technical and general legal issues as well as the legal aspects. It would seem to make more sense to solicit one of those organizations since NANOG is about operations, and not politics. The EFF is a political organization and these are not topics that make sense for NANOG, IMHO, the list, the program, or a BoF. Having the EFF explain CALEA at NANOG is like asking the Sierra Club to identify good sites for oil wells in forests. Best, -M<
Re: Slate Podcast on Estonian DOS atatck
On Wed, May 23, 2007 at 03:06:58PM -0400, Sean Donelan wrote: > > On Wed, 23 May 2007, Bill Woodcock wrote: > > > http://www.slate.com/id/2166749/fr/podcast/ > > > >Downloading it now. > > > >John Markoff just called me for the NYT piece. Odd that it's just hitting > >the news now, two weeks later. > > I wonder, does this mean Estonia is now more likely to act/re-act to its > own homegrown miscreants which attack systems in other countries after > seeing the impact it had in their own country? Or is this going to remain > a case of the "bad guys" are always in some other country, not mine. I just now got from a 6 hours beer fest with ISP/CERT/military/etc. guys who have been working on these attacks on Estonian infrastructure for the past 3 weeks here in Tallinn.. so if I make less sense than usual, please forgive me. Beer good. Sitting with these folks for the past week, I got so impressed with the abuse handling work they are doing that even I, who had a very negative opinion of Estonia and cyber-crime, completely changed my mind. Their CERT is *extremely* responsive, their ISPs are all talking and cooperating on abuse and security (and drinking beer). Things are very different from what they were even just a year ago. Even their Police force is clued. If anyone has issues in Estonia, I'd strongly urge you to contact the Estonian CERT at www.cert.ee, and you most likely won't get disappointed. A lot of good people over here. Gadi.
Re: ISP CALEA compliance
On May 23, 2007, at 1:14 PM, Randy Bush wrote: I do have a volunteer from EFF... excellent! steve, can we get this in? Unfortunately, not in the general session. We've filled the available time, and it looks like we will be running until 12:30 Monday and Tuesday, and 13:00 Wednesday. There might be room for a BOF, but I won't know for sure until I actually lay out the agenda later today. Steve
Re: ISP CALEA compliance
> I do have a volunteer from EFF... excellent! steve, can we get this in? randy
Re: ISP CALEA compliance
On Wed, 23 May 2007 16:02:35 -0400 Jared Mauch <[EMAIL PROTECTED]> wrote: > > On Wed, May 23, 2007 at 07:08:21PM +, Chris L. Morrow wrote: > > > > > > On Wed, 23 May 2007, Joe Abley wrote: > > > > > > > Oh! That was a really old message I just replied to. Mail got > > > kidnapped in a rogue barracuda, it seems, and someone just paid > > > the ransom. Sorry about the noise :-) > > > > don't swim with them and bait... Was there a final disposition on > > this? (I suppose maybe the agenda might show it too? though I don't > > see it currently there...) > > I was unable to get someone from DoJ CALEA Impl. Unit to > attend this upcoming NANOG. They said they had folks available the > next week but obviously that wouldn't work :(. I do have a volunteer from EFF... --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: ISP CALEA compliance
On Wed, May 23, 2007 at 07:08:21PM +, Chris L. Morrow wrote: > > > On Wed, 23 May 2007, Joe Abley wrote: > > > > Oh! That was a really old message I just replied to. Mail got > > kidnapped in a rogue barracuda, it seems, and someone just paid the > > ransom. Sorry about the noise :-) > > don't swim with them and bait... Was there a final disposition on this? (I > suppose maybe the agenda might show it too? though I don't see it > currently there...) I was unable to get someone from DoJ CALEA Impl. Unit to attend this upcoming NANOG. They said they had folks available the next week but obviously that wouldn't work :(. I asked them to consider presenting at the upcoming ABQ NANOG. - Jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Slate Podcast on Estonian DOS atatck
-- [EMAIL PROTECTED] wrote: From: Sean Donelan <[EMAIL PROTECTED]> On Wed, 23 May 2007, Bill Woodcock wrote: >> http://www.slate.com/id/2166749/fr/podcast/ > John Markoff just called me for the NYT piece. Odd that it's just hitting > the news now, two weeks later. I wonder, does this mean Estonia is now more likely to act/re-act to its own homegrown miscreants which attack systems in other countries after seeing the impact it had in their own country? Or is this going to remain a case of the "bad guys" are always in some other country, not mine. - That's a rhetorical question with a bit of tongue-in-cheek, yes? scott
Re: Slate Podcast on Estonian DOS atatck
On Wed, 23 May 2007, Sean Donelan wrote: > I wonder, does this mean Estonia is now more likely to act/re-act to its > own homegrown miscreants which attack systems in other countries after > seeing the impact it had in their own country? Or is this going to remain > a case of the "bad guys" are always in some other country, not mine. By "bad guys" do you mean the bots, or the C&C? I think in non-state-actor attacks, prosecution of C&C has been reasonably good. It's the botnets that I worry about. All those people still paying Microsoft to make their machines zombies. :-/ -Bill
Re: ISP CALEA compliance
On Wed, 23 May 2007, Joe Abley wrote: > Oh! That was a really old message I just replied to. Mail got > kidnapped in a rogue barracuda, it seems, and someone just paid the > ransom. Sorry about the noise :-) don't swim with them and bait... Was there a final disposition on this? (I suppose maybe the agenda might show it too? though I don't see it currently there...)
Re: Slate Podcast on Estonian DOS atatck
On Wed, 23 May 2007, Bill Woodcock wrote: > http://www.slate.com/id/2166749/fr/podcast/ Downloading it now. John Markoff just called me for the NYT piece. Odd that it's just hitting the news now, two weeks later. I wonder, does this mean Estonia is now more likely to act/re-act to its own homegrown miscreants which attack systems in other countries after seeing the impact it had in their own country? Or is this going to remain a case of the "bad guys" are always in some other country, not mine.
Re: Slate Podcast on Estonian DOS atatck
> > http://www.slate.com/id/2166749/fr/podcast/ > > Downloading it now. > > John Markoff just called me for the NYT piece. Odd that it's just hitting > the news now, two weeks later. http://www.washingtonpost.com/wp-dyn/content/article/2007/05/18/AR2007051802122.html?referrer=emailarticle -Bill
Re: ISP CALEA compliance
On 23-May-2007, at 14:56, Joe Abley wrote: On 11-May-2007, at 13:55, Chris L. Morrow wrote: On Fri, 11 May 2007, Jared Mauch wrote: If there is interest, perhaps I can make a call to DoJ and see if someone can present on CALEA at nanog in a few weeks? (incase the PC can accomodate them). that seems like a great idea, atleast a lightning talk would be nice. From the sounds of things, a tutorial would be better. Oh! That was a really old message I just replied to. Mail got kidnapped in a rogue barracuda, it seems, and someone just paid the ransom. Sorry about the noise :-) Joe
Re: Slate Podcast on Estonian DOS atatck
> http://www.slate.com/id/2166749/fr/podcast/ Downloading it now. John Markoff just called me for the NYT piece. Odd that it's just hitting the news now, two weeks later. -Bill
Re: ISP CALEA compliance
On 11-May-2007, at 13:55, Chris L. Morrow wrote: On Fri, 11 May 2007, Jared Mauch wrote: If there is interest, perhaps I can make a call to DoJ and see if someone can present on CALEA at nanog in a few weeks? (incase the PC can accomodate them). that seems like a great idea, atleast a lightning talk would be nice. From the sounds of things, a tutorial would be better. Joe
Re: Interesting new dns failures
On Tue, 22 May 2007, David Ulevitch wrote: Putting that aside, what do you think nobody should try at the edge? People should try putting the intelligence that we have into software and hardware. Why can't we put Gadi into an edge device? Um, where you gonna find a 48U chassis? :-) -Hank
Slate Podcast on Estonian DOS atatck
http://www.slate.com/id/2166749/fr/podcast/ TV
