IRC bots and SOPs regarding
Hi, Is there someone who can contact me off list, who might be looking for some billable consulting hours? Thanks, Eric
Re: IRC bots and SOPs regarding
Hi, Thank you to everyone who responded. I always avoid asking for help on NANOG because it leads to a flood! However, that is a great thing when you really need something fast :) Eric On 1-May-07, at 9:49 AM, Eric Frazier wrote: Hi, Is there someone who can contact me off list, who might be looking for some billable consulting hours? Thanks, Eric
Re: OT: Xen
Hi, Speaking of commercial support, I have been looking really closely at using Solaris 10 which includes Zones. I am not so much concerned about the OS games, but very much concerned about the HW % utilization issue that this could help solve. From what I have found with Solaris Zones it is VERY easy to setup and configure. The question that I got flamed on a while back for being off topic, how do you get two different DHCP addresses from difference sources on the same interface, can be solved by using Zones for example. But there has been so much press lately about Xen. And from what I read in Linux mag recently there is HW support that totally changes how efficient Xen can be. So one thing I am wondering, with Zones you can setup a new instance that is a copy of another pretty much instantly. Does Xen offer the same thing? Or do you still have to go through an install process for example? I am esp wondering about this with something like XP.. Thanks, Eric At 07:00 AM 4/3/2006, Todd Vierling wrote: On Mon, 3 Apr 2006, Chris Adams wrote: Xen is not, however, backed with extensive commercial support (XenSource is still evolving at the moment), Red Hat has announced that the next rev of their commercial OS offering, RHEL 5, will include Xen as a major component. The point is that decent commercial support is evolving and not quite Here Right Now. lacks easy integration into popular UI/control-panel products, and requires special kernels for the contained OS's (not such a big deal in practice). With the right CPUs (late model Intel only at the moment), you can run an OS unmodified with a little higher overhead. It's still some overhead because it's emulating hardware devices, but thanks to VX, it's not as bad as the classical virtualization trap hacks. Once AMD releases their counterpart version of the virtualization extensions en masse, this will probably get more steam from providers. If a Xen-instrumented kernel is available for the desired OS, that would still be preferable, of course. -- -- Todd Vierling [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Vancouver area power expert
I need to find a third party who can help us figure out *what* is at fault, even more importantly than who. Please contact me off list for details. Thanks, Eric
Re: Password Security and Distribution
Hi, That sounds like it could be useful. The major problem I have with password safe is that it is hard to do things like copy a group of passwords to another .dat file. That makes it hard to do anything put either keep several .dat files floating around for different users, aka accountants, programmers, managers.. Which leads to some of them being way out of date and people going back to the sticky note db method.. I have some of those myself I am sorry to say.. I also found this: http://jason.diamond.name/weblog/2005/04/07/cracking-my-password-safe He goes into a lot of detail on how password safe works.. He also has a link to what he did in Python.. http://jason.diamond.name/weblog/2005/10/04/pypwsafe-release-1 Thanks, Eric At 10:03 AM 1/24/2006, John Kinsella wrote: One of my guys found a package called Password Gorilla, which is basically a GUI which sits on top of Password Safe that came out of Counterpane in 2002 or so. Either allows you to organize passwords by group and machine, and the whole database is encrypted by blowfish: http://www.fpx.de/fp/Software/Gorilla/ One thing I've been thinking of from my managed service/consulting background is to have a main database which has all users/passwords for all companies in a central database (LAMP architecture), then depending on what a user has access to, a custom Password Safe database is created for them. This would handle how to distribute password changes out to admins who have varying levels of access. Sounds like about a week's worth of work - if people voiced enough interest or if somebody cared to help me out, I'd finally get motivated to write it and put it up on Sourceforge... John On Tue, Jan 24, 2006 at 11:28:23AM -0500, McLean Pickett wrote: Jeremy - I've not found a better solution than PGP. Perhaps more a formalized process for communicating password updates proactively is all you need. Ideally, distributing passwords at 3am is too late. In the past I've used small password database programs on a network share. You are then left with verbal or PGP encrypted communications to distribute a single new password to access the database versus distributing all of the changed passwords. If you're interested try http://www.anypassword.com There are others who read this list that prefer distributing passwords on paper. You can't hack into a piece of paper :) and if you have physical access to the paper then you most likely have physical access to the network equipment as well... McLean -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeremy Stinson Sent: Tuesday, January 24, 2006 10:49 AM To: nanog@merit.edu Subject: Password Security and Distribution All, Our company is starting to grow rather quickly and we are starting to have growing pains. We are in the need for a better mechanism for sharing passwords between our engineers. Most of these passwords are for our client's systems where some of them are controlling the password schemes (aka requiring shared user accounts). We have a process in which we change passwords every X days but, distributing these passwords to everyone who needs them is starting to become a challenge. Also, handing off passwords to someone who is stepping in to help out at 3am securely is not easy. I have tried to do google searches but I have not been able to find a good way or process to do this. I am wondering if anyone has any ideas on how to handle this? In other companies we have used a PGP keyring to secure a text file that contained all of these passwords and then put them onto a shared customer portal. The problem with this strategy is what happens if you are not on your computer where PGP is installed? Any suggestions will be welcomed. Thanks in advance, Jeremy
Re: WMF patch
At 01:40 AM 1/5/2006, Thomas Kuehling wrote: Hi Eric Am Mittwoch, den 04.01.2006, 08:14 -0800 schrieb Eric Frazier: Hi, I finally decided this was serious enough to do something about it sooner than the MS patch, but while this seems to be the official link to the SANS patch http://isc1.sans.org/diary.php?storyid=1010 it also is timing out. I have seen a couple of other links from googling to people who have repackaged this, but I really don't want to download something that doesn't match the SANS MD5.. Any links or suggestions? perhaps it is outdated, but as a workaround, it would be enough to unregister the DLL wich handles WMF: on the Start menu, choose Run, type regsvr32 -u %windir%\system32 \shimgvw.dll, and then click OK. For more details, visit this link: http://www.frsirt.com/english/advisories/2005/3086 Thanks Thomas, something really useful. One thing I am still curious about, I read that there were other image formats can be used in an exploit, GIF, .BMP, .JPG, .TIF can also be used, according to F-Secure. I find this a little confusing, if that dll only deals with WMF file type then the exploit must not be directly connected with that dll Or does that dll handle all of those as well? But then I found this http://www.pcworld.com/howto/article/0,aid,119993,00.asp Which makes sense. The way a lot of things I have been seeing go on about this they act like WMF is the only format of issue and that obviously is not at all true. I would have more likely ignored this if it really was only WMF files and the MS patch a week or so away. Thanks, Eric Mit freundlichen GrüÃen Thomas Kühling -- Mapsolute Gmbh - Techn. Administration - TK2325-RIPE
WMF patch
Hi, I finally decided this was serious enough to do something about it sooner than the MS patch, but while this seems to be the official link to the SANS patch http://isc1.sans.org/diary.php?storyid=1010 it also is timing out. I have seen a couple of other links from googling to people who have repackaged this, but I really don't want to download something that doesn't match the SANS MD5.. Any links or suggestions? Thanks, Eric
DHCP and aliases
Hi, I am hoping this is an ok question for this list. I believe it is. I have just never thought about doing something like this before and it is likely totally child's play to many of you guys. :) I am using a FreeBSD 4.11 IPFW firewall on a ADSL connection. I want to be able to take advantage of Static NAT So as I understand it I need this firewall machine to have another external IP that I can use to hard tie in with a local machine. But can I do this without setting up another nic? So is it possible to use DHCP to get an IP alias? In the case of our DSL provider I am guessing it would not be possible because of just having one MAC address. But I know just enough about networking to get by, so I could be totaly wrong about that. Is there a better way to allow this internal machine to have its own IP but still be firewalled? But then if I am doing this, am I really firewalling anything anyway if all of the ports are redirected to the internal machine anyway? More specifics on what I am talking about is on http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/network-natd.html under the the heading 25.8.5 Address Redirection Thanks, Eric Lead Programmer D.M. Contact Management 250.383.8267 ext 229
Re: Calculating Jitter
At 09:56 AM 6/10/2005, Fred Baker wrote: you saw marshall's comment. If you're interested in a moving average, he's pretty close. If I understood your question, though, you simply wanted to quantify the jitter in a set of samples. I should think there are two obvious definitions there. A statistician would look, I should think, at the variance of the set. Reaching for my CRC book of standard math formulae and tables, it defines the variance as the square of the standard deviation of the set, which is to say That is one thing I have never understood, if you can pretty much just look at a standard dev and see it is high, and yeah that means your numbers are flopping all over the place, then what good is the square of it? Does it just make graphing better in some way? Thanks, Eric
Re: ultradns reachability
Yes, it looks like it is starting to get back to normal since I got your email :) As far as I could tell it started around 5:30 PST and ended around 6:00 PST. Thanks, Eric At 06:01 PM 7/1/2004, Matt Ghali wrote: is anyone else seeing timeouts reaching ultradns' .org nameservers? I'm seeing seemingly random timeout failures from both sbci and uc berkeley.
Re: Dos attack?
Thanks Guy I have sent them more detailed info. Eric guy wrote: Eric, You should start with your upstream's security dept. They may have seen either this incident, a related one, or both. And they more than likely have resources at other transit providers' security depts. You pay for their service, you may as well use it, right? Guy Hi, We are getting a LOT of web requests containing what mostly looks like giberish. [Mon Oct 20 21:13:42 2003] [error] [client 172.133.3.204] request failed: erroneous characters after protocol string: \xb8\xcf\xc235\x9f\xc4\x1c\xebj\xd7\xc5\x8e\xe9d\xfdMe\xed\x16\xca\xd51\xcfReF\x82\xa3qi\x89\x832\vJ5k\x15\xa2\x0c\ x90\xed\x8bCT\xa3\xa2\x96\xd7\xe8\xa2`S#+W\xfc\xc2\xc2w*\xce\x1a\xb9\xc3\x91\x14\xb0\x9e\xfe\x14\7\xaa\xeaR\xd1\x9c \x13\x1a\xf0\x1aN\x8eklP\xdc\xc1\xe3\xb9w\xb0\x1aGt\x04|I4\xae\x06WC\x15NA\x80\xb1\xc5E~\xd59\x85+\xcc\x9e\xb8\xaf(\r \x1f\x97 But this is not the standard Microsoft worm stuff that I can tell. It is coming from numerous IP addresses and nearly took down a few of our servers until we started blocking them with the firewall. So I am trying to find out as much as I can about what is happening, but I don't really know where to start. I don't believe it is considered approperiate to send a list of IPs to this list. So where should I start? The list so far contains about 60 addresses. Thanks, Eric
Dos attack?
Hi, We are getting a LOT of web requests containing what mostly looks like giberish. [Mon Oct 20 21:13:42 2003] [error] [client 172.133.3.204] request failed: erroneous characters after protocol string: \xb8\xcf\xc235\x9f\xc4\x1c\xebj\xd7\xc5\x8e\xe9d\xfdMe\xed\x16\xca\xd51\xcfReF\x82\xa3qi\x89\x832\vJ5k\x15\xa2\x0c\x90\xed\x8bCT\xa3\xa2\x96\xd7\xe8\xa2`S#+W\xfc\xc2\xc2w*\xce\x1a\xb9\xc3\x91\x14\xb0\x9e\xfe\x14\7\xaa\xeaR\xd1\x9c\x13\x1a\xf0\x1aN\x8eklP\xdc\xc1\xe3\xb9w\xb0\x1aGt\x04|I4\xae\x06WC\x15NA\x80\xb1\xc5E~\xd59\x85+\xcc\x9e\xb8\xaf(\r\x1f\x97 But this is not the standard Microsoft worm stuff that I can tell. It is coming from numerous IP addresses and nearly took down a few of our servers until we started blocking them with the firewall. So I am trying to find out as much as I can about what is happening, but I don't really know where to start. I don't believe it is considered approperiate to send a list of IPs to this list. So where should I start? The list so far contains about 60 addresses. Thanks, Eric