RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
How many PC's and components are 'Made in China'? In the dark ages, I worked for Williams Electronics. We made Arcade Games *blush*. Once we found our custom chip was reverse engineered in Taiwan, and they were shipping knockoffs six weeks after we started shipping the real product. If true, these are not script kiddie type threats. I hate to say it, but 911 is an example that the unthinkable isn't. Bruce Williams "A healthy paranoia is the beginning of sound operations policy" > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > blitz > Sent: Thursday, April 25, 2002 3:33 PM > To: [EMAIL PROTECTED] > Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S. > > > > I put nothing past them, of course theyre not alone, as we > all must assume > by now. > Theyve threatened to nuke LA if we interfere with their plans to take > Tiawan by force, and smile and say, kill 300 million of us, > do us a favor. > Kinda hard to deal with an enemy like that. > > At 18:01 4/25/02 -0400, you wrote: > > > >Is it really hard to believe that the Chinese government > would actively fund > >cyberterrorism? > > > >Deepak Jain > >AiNET > >
RE: The Myth of Five 9's Reliability (fwd)
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Art Houle > Sent: Wednesday, April 24, 2002 1:52 PM > To: Pete Kruckenberg > Cc: [EMAIL PROTECTED] > Subject: Re: The Myth of Five 9's Reliability (fwd) > > > > > How to calculate uptime and get 5 9s > > -do not include any outage less than 20 minutes. > -only include down lines that are actually reported by customers. > -when possible fix the line and report 'no trouble found'. > These can all accomplished with one simple and elegant system policy rule. It also has the advantage of "tuneability". If you hold off determining if there is an interruption of service for X minutes, then NO interruptions of service shorter than X minutes exist, since the service is functional when tested. Also, a call center that first "routes" tickets to the "appropriate area" can deliver 99.99 with little effort. ( in fact, the LESS effort/clue, the BETTER the rating ! ) BTW - One of my best friends growing up ( and we took EE together ) grandfather was the V.P. in charge of AT&T's LongLines division while a lot of the "wire was pulled". From what he said of his grandfather's remarks, they didn't think about five 9's. The question was how much spare/redundant capacity did you have, both for dependability and to support the countries growth. Not exactly "this quarter's profit" thinking -sigh-. Bruce Williams "Two is not equal to three, even for large values of two"
RE: [OT]Microsoft makes networked software 'illegal' on XPunless youpay them..
I was thinking ISP provided PPPOE DSL modem software, DSLAM 'devices' - come to think about it , really ANY non-Microsoft networking device/software combination you might use that "uses, accesses or executes on" the box... but who cares? - hasn't stopped or slowed one packet yet :-) > -Original Message- > From: Scott Call [mailto:[EMAIL PROTECTED]] > Sent: Sunday, April 21, 2002 10:34 AM > To: Benjamin P. Grubin > Cc: 'Richard Forno'; [EMAIL PROTECTED]; 'Nanog (E-mail)' > Subject: RE: [OT]Microsoft makes networked software 'illegal' on > XPunless you pay them.. > > > Programs made "illegal" by this license: > > VNC > PCAnywhere > Apache (CGI) > IIS (CGI) <-- Weird, ain't it? > etc... > > It could conceivably be applied to dedicated Quake servers > and the like as > well. > > Easy way to solve problem, don't run Wndows VMSNT2kXP :) > > Apologies for the non-op content, back to your regularly scheduled noc > pinging. > > -S > > > On Sun, 21 Apr 2002, Benjamin P. Grubin wrote: > > > > > Err--I think you guys are reading too much into this. The > license (to > > me, and IANAL), seems to indicate that the workstation > cannot be used as > > a server unless you purchase server licenses. It strikes me that > > language very similar to this has been in the workstation > products since > > NT4. > > > > I do, OTOH, think that the legal ramifications sounds quite > far-reaching > > since the language is so broad. > > > > > -Original Message- > > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On > > > Behalf Of Richard Forno > > > Sent: Sunday, April 21, 2002 9:22 AM > > > To: [EMAIL PROTECTED]; Nanog (E-mail) > > > Subject: Re: [OT]Microsoft makes networked software 'illegal' > > > on XPunless you pay them... > > > > > > > > > > > > That's funny. > > > > > > Yet another case of someone - either a company through > licensing and > > > litigation, or a government through legislation - trying to > > > effect both > > > software quality. > > > > > > Forget the fact that such tools may be exploitable - if > > > you're a computer > > > criminal, the fact you're violating a software license clause > > > probably isn't > > > going to deter you from your actions, much like how 'drug > > > crimes using a > > > gun' probably doesn't deter many drug criminals, either. > > > > > > Instead of addressing the technical problem - eg, poor > > > software development > > > and flaws in how the software works - we're once again seeing it > > > legislated/litigated away (I'm thinking of Adobe E-Reader, > > > DeCSS, etc here). > > > Talk about burying your head in the sand, which appears to be > > > the status > > > quo, even in today's environment of security hysteria where > > > we 'need to do > > > more'. > > > > > > From what I see here in DC, nobody's REALLY interested in > addressing > > > security long term, as it will rock the boat too much; so we > > > continue seeing > > > little goofy ways to look like security is being addressed > > > when in reality, > > > security ISN'T being addressed. > > > > > > rf > > > infowarrior.org > > > windows-free since 1999 :) > > > > > > > > > > From: Bruce Williams <[EMAIL PROTECTED]> > > > > From > > > > > > > http://www.infoworld.com/articles/op/xml/02/03/18/020318oplivi > > ngston.xml > > > > > > Microsoft's XP license agreement says, "Except as > otherwise permitted > > by > > > the NetMeeting, Remote Assistance, and Remote Desktop features > > described > > > below, you may not use the Product to permit any Device to use, > > access, > > > display, or run other executable software residing on the > Workstation > > > Computer, nor may you permit any Device to use, access, > display, or > > run the > > > Product or Product's user interface, unless the Device > has a separate > > > license for the Product." > > > > > > I guess this improves security > > > > > > bye, > > > Bruce Williams > > > "Asking the wrong questions is the leading cause of wrong answers" > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > -- > Scott CallRouter Geek, ATGi, home of $6.95 Prime Rib > "Credo Quia Absurdum" (I believe it, because it is absurd.) > >
[OT]Microsoft makes networked software 'illegal' on XP unless you paythem...
From http://www.infoworld.com/articles/op/xml/02/03/18/020318oplivingston.xml Microsoft's XP license agreement says, "Except as otherwise permitted by the NetMeeting, Remote Assistance, and Remote Desktop features described below, you may not use the Product to permit any Device to use, access, display, or run other executable software residing on the Workstation Computer, nor may you permit any Device to use, access, display, or run the Product or Product's user interface, unless the Device has a separate license for the Product." I guess this improves security bye, Bruce Williams "Asking the wrong questions is the leading cause of wrong answers"
RE: is your host or dhcp server sending dns dynamic updates forrfc1918?
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > [EMAIL PROTECTED] > Sent: Friday, April 19, 2002 6:39 AM > To: Greg Maxwell > Cc: [EMAIL PROTECTED] > Subject: Re: is your host or dhcp server sending dns dynamic > updates for > rfc1918? > > > On Fri, 19 Apr 2002 09:03:51 EDT, Greg Maxwell > <[EMAIL PROTECTED]> said: > > > Does anyone already have a SNORT signature to match on > these updates to > > aid in tracking down which hosts behind a NAT are guilty > for generating > > this garbage? > > The problem is that the sites that are the big offenders are > probably not > the sort of sites that would run Snort. > > Now, think about it - one /32 popped of *30K* of these in 4 hours - > and a 'dig -x' shows it to apparently be a DSL line. So we're seeing > 2 or 3 DCHP events *PER SECOND* behind that NAT. Either they've got > a bunch of machines doing the Reboot Shuffle and have bigger problems, > or they're big enough that 2-3 DHCP per second is reasonable (at which > point you have to wonder how they're THAT big, and depending on a DSL > line.. ;) > I had a dynamic-dns client on my home ADSL system that was generating requests at that rate a few months ago - I read logs and fixed it, don't remember how... so this DOES happen ( and to people who do not read logs.. ) Bruce Williams Benchmarks: Engineering wants to see how fast they can get the wheels to spin on a car. Operations wants to know how fast the car will go. These are different.
RE: references on non-central authority network protocols
How does this route? The TSP ( traveling salesman problem ) model seems better than geo based models. Possibly a dynamic public/private key - the host provides part, the routers adds a wrapper of based on it's public key, and routes based on a dynamic traveling salesman solution using current network metrics. Blue Sky! "Current network metrics" - the gnutella type P2P have a ping problem keeping this info current enough, this is the heart of the P2P network problem. They are evolving to the use of dynamic assignment of "super peers" with other hosts as "leaf nodes" based on bandwidth to lessen this problem. If anyone wants to email me offlist, I will give a number of references to really good work in this area. Bruce Williams Benchmarks: Engineering wants to see how fast they can get the wheels to spin on a car. Operations wants to know how fast the car will go. These are different. > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Tony Hain > Sent: Monday, April 15, 2002 11:40 AM > To: Stephen Sprunk; Scott A Crosby > Cc: Patrick Thomas; [EMAIL PROTECTED] > Subject: RE: references on non-central authority network protocols > > > > Stephen Sprunk wrote: > > Interesting idea though. Perhaps someone will write an i-d > > on autonomous > > numbering for IPv6. > > RFC 3041 & http://www.tml.hut.fi/~pnr/publications/cam2001.pdf > > > Jasper Wallace wrote: > > Location - either distribute all the addresses evenly over > > the planet or try > > to map to population density. > > > > (the higher your density of sites, the more accurate your > > coordinates need > > to be). > > > > you could aggregate addresses by doing something like: > > > > 2 hemispheres > > > > 36 'triangular' chunks spaced every 10 degrees latitude. > > > > then split up in longditudernal stripes. > > http://www.ietf.org/internet-drafts/draft-hain-ipv6-pi-addr-02.txt > > > > > but i think you'd be better allocation on the basis of > > population density. > > > > How exactly you'd make the social and economic changes to get > > to a system > > like this vs, the telcos/isps we have now is probably more > > trouble than it's > > worth ;-P > > > > http://www.ietf.org/internet-drafts/draft-hain-ipv6-pi-addr-use-02.txt > > > Tony > > >
Korean server security?
"April 15 A Korean company is offering $100,000 in a 48-hour hacking competition, to be run this week. Korea Digital Works (KDWorks) will launch the competition, which will involve gaining root access to a server, on April 16 at 11 a.m. Korean Standard Time." Bruce Willians Anything not worth doing is not worth doing well - Elias Schwartz
RE: references on non-central authority network protocols
Uh, let's see - you submask k_public to route, hmm... either you have 32 bit encription or you have IP1024... IP1024 - THAT would solve address space limits, but imagine the BGP prefix updates... Bruce Williams "Two is not equal to three, even for large values of two" > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of > Scott A Crosby > Sent: Saturday, April 13, 2002 6:45 PM > To: Stephen Sprunk > Cc: Patrick Thomas; [EMAIL PROTECTED] > Subject: Re: references on non-central authority network protocols > > > > On Sat, 13 Apr 2002, Stephen Sprunk wrote: > > > > > Thus spake "Patrick Thomas" <[EMAIL PROTECTED]> > > > I am looking for any and all research (and perhaps your > > > comments), references, etc. regarding replacements for the > > > TCP/IP protocol that do not require centralized authority > > > structures (central authority to assign network numbers). > > > > Please explain how you think any protocol could support > non-trivial numbers > > of users without some arbiter to prevent address collisions. > > Rolling off the top of my head, I think its doable. The > general trick is > to make it hard to forge packets with arbitrary addresses (by using > authentication). > > Assume each host has an public and private key pair by some > conventional > algorithm (RSA, or other). The private key is never disclosed. > > K_public, K_private. > > Let H be a collision resistant hash function, and SIGN do a digital > signature that may be verified by anyone who knows K_public. > > Then, each host is given an address of: > > k_public > > Now, annotate each packet with sufficient information to authenticate > that the packet came from the host k_public. > > SIGN(H(k_public || BODY)) || k_public || BODY > > (Note: hosts could be given addresses of H(k_public) for shorter > addresses. Another enhancement would be to annotate the packet with a > counter to help catch replay attacks.) > > Anyways, I think this fits the bill, you cannot create an arbitrary > k_public of your choice. If you could, then you could break > the public key > cryptosystem (or the cryptographic hash). > > The only way to create a valid signature is to know > k_private. Packets are > not accepted unless they come with a valid signature, so > knowing k_public > does not tell one how to create packets. > > -- > > A variant of this could be made where just the network is > assigned with > this scheme, the host isn't. IE, hosts are assigned addresses of: > > k_public || hostaddr > > Which isn't robust against malicious hosts in the same > network, but thats > fixable with a heirarchial scheme. > > -- > > This is off the top of my head, so I probably made a stupid > mistake.. But > I'm pretty sure some variation of this scheme would work. > > Scott > >
