Re: Tor and network security/administration
On 6/17/06, Jeremy Chadwick <[EMAIL PROTECTED]> wrote: The problem I see is that this technology will be used (literally, not ideally) solely for harassment (especially via IRC). I do not see any other practical use for this technology other than that. The whole "right to privacy/anonymity" argument is legitimate, but I do not see people using* Tor for legitimate purposes. My legitimate use of Tor is because I object to companies following me around on the net. Yes, I block ads and reject cookies, too. I choose to not disclose my browsing to others. I get enough random commercial crap foisted upon me that I have no time or patience for the targetted commercial crap. To paraphrase Zimmerman's philosophy of PGP - you may be having a hot affair, or you may be doing something politically sensitive, but it's nobody's business but yours. As for an attempt at a technical control, maybe set up a box with Tor on it, get a list of exit servers and null-route them automagically. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Open Letter to D-Link about their NTP vandalism
On 4/13/06, Gregory Hicks <[EMAIL PROTECTED]> wrote: > > From the BBC "Daily news", Technology section: > > * Net clocks suffering data deluge * > Home hardware maker D-Link has been accused of denting the net's > ability to tell the time accurately. > Full story: > http://news.bbc.co.uk/go/em/-/2/hi/technology/4906138.stm In The Register's "data networking" section. I was wondering how long it was going to squawk up. D-Link accused of 'killing' time servers http://www.theregister.co.uk/2006/04/13/d-link_time_row_escelates/ -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Open Letter to D-Link about their NTP vandalism
On 4/12/06, Steve Sobol <[EMAIL PROTECTED]> wrote: > On Tue, 11 Apr 2006, Steven M. Bellovin wrote: > > By the way, since we're talking about D-Link, it's instructive to read the > > warnings on their firmware update pages. > > > > Do NOT upgrade firmware on any D-Link product over a wireless > > connection. Failure of the device may result. Use only hard-wired > > network connections. > > Cisco/Linksys says the same thing. Who here hasn't been burned at least once by changing packet filters, routes or interface configurations over the wire/air? Or maybe getting your userland and kernel out of sync on a *NIX machine? It's not really that surprising that they put that in there, other than maybe the fact that it's useful advice. And maybe it'll reduce support costs. Loading a new firmware is a risky operation - I don't know of too many consumer network widgets with a reflash safety protocol to prevent you from destroying the device with an aborted upload. Heck, that's still a pretty rare feature in pee-cees. Sure it's easy to implement such a thing, but that would cost money. I think this thread has done a good job of demonstrating that those who would choose the right (and maybe slightly more expensive up front) solution are outvoted by those who would just take a quick, cheap and easy hack. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: How do you handle client contact for network abuse/malware compaints etc.?
On 3/1/06, Nicole Harrington <[EMAIL PROTECTED]> wrote: ... > In short, how much information do you pass on to support yourself and when. We've found that a simple "we've received complaints about you and your machine. Go here (symantec, fsecure, windowsupdate, etc) and patch your machine." works pretty well. By and large, everyone replies back with "yeah, I was missing X, Y, and Z patches" or "I found such-and-such virus and disinfected it". Maybe one in a few thousand asks for logs. When the user asks for logs, we're pretty forthcoming with them. They might just have the same info in their windows/norton/whatever logs already. In short, we tell them they have a problem, give them the tools to fix it, and if asked will show them the complaint, but usually that buck stops with us. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: compromized host list available
On 7/21/05, Joseph S D Yao <[EMAIL PROTECTED]> wrote: > > On Wed, Jul 20, 2005 at 04:32:09PM -0700, Rick Wesson wrote: > > Folks, > > > > I've developed a tool to pull together a bunch of information from > > DNSRBLs and mix it with a BGP feed, the result is that upon request I > > can generate a report of all the compromised hosts on your network as > > seen by various DNSRBLs. ... > Unless you have personally verified each entry, you would do well to add > a disclaimer that DNSRBLs are not 100% reliable, eh? Well there is that, but that should be implicit in pretty much every report you get that $this or $that host is compromised. This is just a convenient offering to say "someone out there thinks one of your machines is holed. You might want to check that out." I'm good friends with some fully-automated blackholing mechanisms, and even I'm not crazy enough to just blackhole my own machines on someone else's say-so. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Administration Asks Appeals Court To Compel ISP Searches
On 5/31/05, Owen DeLong <[EMAIL PROTECTED]> wrote: > Not having received one, I have no gag order, so, I am free to tell you I > haven't received one. > > Owen This assumes that the new breed of NSL doesn't require you to deny having received an NSL when questioned, unless you want to have some nebulous obstruction of justice, yadda yadda, mail fraud charge waved at you... -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: AUP for NANOG?
On 4/14/05, Matthew Black <[EMAIL PROTECTED]> wrote: > This reminds me of the way others behaved when I entered the field > some 25 years ago. Some people were very helpful and friendly. > Others responded very arrogantly with the tone of "how stupid you > are for asking that question." I didn't know you read [EMAIL PROTECTED] or [EMAIL PROTECTED] ... :) -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: djbdns: An alternative to BIND
On Apr 8, 2005 4:55 PM, Vicky Rode <[EMAIL PROTECTED]> wrote: > > http://software.newsforge.com/article.pl?sid=05/04/06/197203&from=rss > > Just wondering how many have transitioned to djbdns from bind and if so > any feedback. > > regards, > /vicky I used to use djbdns on my laptop for testing things, and then I took an afternoon, learned to write BIND zone files, and decided I should just use the BIND that comes with so many modern unixen and that powers so much of the internet anyway... Since then, I've always preferred deploying bind over djbdns. Even if it was easier to configure, the installation process for DJBDNS always really annoyed me. So that's a djbdns *to* bind transition story. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Utah governor signs Net-porn bill
On Tue, 22 Mar 2005 12:29:09 -0600, Kathryn Kessey <[EMAIL PROTECTED]> wrote: > Seems like a more rational answer to Utah's pr0n phobia is for a certain > religious entity to publish their own net-nanny software/service for their > parishioners. Call the filtering program "SCOwl"... -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
On Thu, 20 Jan 2005 21:14:12 -0800, James Laszko <[EMAIL PROTECTED]> wrote: > ... > Why more people don't use resources like what Cymru offer is beyond > me... Not-Invented-Here syndrome? -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: large multi-site enterprises and PI prefix [Re: who gets a /32 [Re: IPV6 renumbering painless?]]
On Mon, 22 Nov 2004 20:24:15 +0200 (EET), Pekka Savola <[EMAIL PROTECTED]> wrote: > > > > On Sun, 21 Nov 2004 [EMAIL PROTECTED] wrote: > >> This seems to imply several things: > >> - when having lots of sites, you typically want to obtain local > >>Internet connectivity, because transporting all the traffic over > >>links or VPNs is a pretty heavy business > > > > this is an assertion which many have claimed is false. > > based on empericial evidence. > ... > Care to offer a couple of examples of this empirical evidence ? Well you'll have to get some kind of link unless you don't want to move packets. Leave it up to the business case to dictate your connection type. At least on the topic of backhauling traffic over the vpn, it's really no worse than having all your offices connect back to the central site in plaintext. Crypto is cheap these days. When my 133MHz home firewall can push 50Mbps down the vpn with a $70 crypto board, there's no way a simple VPN can be considered "pretty heavy business". Look at all the CPU vendors squawking about on-die crypto (to say nothing of the vendors of crypto cards). There are a number of decent vendors of VIA C3 based systems without any need for moving parts that'll give you full duplex crypto on 3 100mbit links with processor time and bus cycles to spare. /me waits for Henning to say something about openbsd and C3's... -- GDB has a 'break' feature; why doesn't it have 'fix' too?