Two things more important than NANOG....
Sorry for the interruption, but I couldn't let these two anniversaries pass without bringing them to your attention. http://fergdawg.blogspot.com/2005/10/in-memoriam-abha-ahuja.html [and] http://fergdawg.blogspot.com/2005/10/belatedly-october-16-1998-rip-jon.html I'll crawl back under my rock now... Cheers, - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Crews Survey Rita's Damage
Reuters: [snip] Joe Chandler, spokesman for BellSouth Corp., said about 560,000 customers were without service, mainly in northern Louisiana and northern Mississippi. He said crews already were out in areas that weren't severely flooded. A lot of these lines are affected by loss of power, Chandler said. Once power is restored, you'll see our outages go down. San Antonio-based SBC Communications Inc. said on its Web site that its core network in Texas is fully functional, with the exception of a small central office in Sabine Pass, near hard-hit Port Arthur. Mark Siegel of Cingular Wireless said that well over half of our sites are up in Texas and Louisiana. [snip] http://news.yahoo.com/news?tmpl=storyu=/ap/20050925/ap_on_bi_ge/rita_phones_hk3 ... and record high temperatures in this part of the country today -- it's 107 F in Austin today... - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
[fergie-spew] RE: FW: Crews Survey Rita's Damages
The post I presented was directly on-topic: http://www.merit.edu/mail.archives/nanog/msg11872.html The issue you decided to comment on was a one-line rider about the excessive heat in cetral Texas today. While the latter may have well been off-topic, the general premise of the post was most certainly directly on-topic. - ferg -- Hannigan, Martin [EMAIL PROTECTED] wrote: All I am asking is that you tag the post so I can filter out the followups. -M
Re: [fergie-spew] RE: FW: Crews Survey Rita's Damages
I take issue with what you folks think is relative. It's _clearly_ unbalanced, unfair, and biased. I'm in the process of turning back up a major portion of the state network over the next couple of days hete in texas, and reports of network status is somehow not on-topic? I'm thinking that NANOG is just completely FUBAR'd... You guys can have your boys club. As for the rest of the readership, I'm Sorry you are ending up with a mailing list that is ruled by a select few, who have decided that they wish to control the content of operations. What a damned shame. Good bye, - ferg -- Randy Bush [EMAIL PROTECTED] wrote: paul, begging the point of whether news about telco, not internet, circuits and wireless is ot for nanog, i think all martin was asking is a subject: tag for for your news posts, as he seems to have a brain-dead mua (which is highly popular for some reason) with very limited filtering capabilities. i don't think he meant it as a personal attack; i assume you would know one if he did:-). randy -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
EV1Servers Hunkers Down for Hurricane Rita
Via Netcraft: [snip] With one of history's most powerful hurricanes bearing down on the Houston/Galveston area, EV1Servers is taking steps to protect the more than 1 million web sites hosted in its Houston data centers. CEO Robert Marsh says the company has more than 10,000 gallons of diesel fuel on site, and has procured an extra generator in case grid power is unavailable for an extended period. We anticipate that the coming storm will have no impact on our operations, Marsh said in a message to customers. However, we are prepared to deal with any eventuality. [snip] http://news.netcraft.com/archives/2005/09/22/ev1servers_hunkers_down_for_hurricane_rita.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Hurricane Rita targeting Texas Gulf Coast
This looks really bad, folks. - ferg (in Austin, TX) [snip] 000 WTNT63 KNHC 212351 TCUAT3 HURRICANE RITA TROPICAL CYCLONE UPDATE NWS TPC/NATIONAL HURRICANE CENTER MIAMI FL 650 PM CDT WED SEP 21 2005 ...RITA BECOMES THE THIRD MOST INTENSE HURRICANE ON RECORD... DROPSONDE DATA FROM AN AIR FORCE RESERVE UNIT RECONNAISSANCE AIRCRAFT AT 623 PM CDT...2323Z...INDICATED THE CENTRAL PRESSURE HAS FALLEN TO BELOW 899 MB...OR 26.55 INCHES. THE DROPSONDE INSTRUMENT MEASURED 32 KT/35 MPH WINDS AT THE SURFACE...WHICH MEANS IT LIKELY DID NOT RECORD THE LOWEST PRESSURE IN THE EYE OF RITA. THE CENTRAL PRESSURE IS PROBABLY AT LEAST AS LOW AS 898 MB...AND PERHAPS EVEN LOWER. FOR OFFICIAL PURPOSES... A PRESSURE OF 898 MB IS ASSUMED... WHICH NOW MAKES RITA THE THIRD MOST INTENSE HURRICANE IN TERMS OF PRESSURE IN THE ATLANTIC BASIN. SOME ADDITIONAL DEEPENING AND INTENSIFICATION IS POSSIBLE FOR THE NEXT 12 HOURS OR SO. RITA CURRENTLY RANKS BEHIND HURRICANE GILBERT IN 1988 WITH 888 MB AND THE 1935 LABOR DAY HURRICANE WITH 892 MB. [snip] http://www.nhc.noaa.gov/text/refresh/MIATCUAT3+shtml/211955.shtml - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Minneapolis: 2 reports of tornado touchdowns
I'm kind of surprised that there has been no metion of network outages in Minneapolis, despite tornado(es) touching down there tonight and power outages: http://www.startribune.com/stories/127/5628282.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Google seeks GoogleNet bids?
It may have something to do with the possibility that GoogleNet will need an infrastructure to tie together it's WiFi offering: http://www.washingtonpost.com/wp-dyn/content/article/2005/09/20/AR2005092000348.html - ferg -- [EMAIL PROTECTED] wrote: I'm kind of surprised that I hadn't seem mention of it here before now, but Om Malik points out in his blog that Google is reviewing bids for it's natioal DWDM network: http://gigaom.com/2005/09/19/google-asks-for-googlenet-bids/ There seems to be a trend whereby anyone who can aggregate sufficient traffic to warrant their own IP network is doing so and offloading the so-called public Internet. In the case of Google it is reminiscent of the way the television networks aggregated broadcast content way back in the 60's. Ten years ago, the idea that there could be a public Internet which anyone could use for any purpose was rather new. Is this concept now on the decline? --Michael Dillon -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
tli back in start-up mode...
http://www.businessweek.com/technology/content/sep2005/tc20050920_0054_tc024.htm :-) - ferg p.s. BTW, good luck, Tony.
Re: router worms and International Infrastructure
If only there was a marked improvement in _this_ issue alone, it would be a vastly enormous step in the right direction... - ferg -- [EMAIL PROTECTED] wrote: [...] Keep in mind that the problem isn't the providers that already do altruistic things like BCP38, actually reading their abuse@ mailbox, and dealing with zombied users. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: [afnog] ARIN to allocate from 74/8 75/8
May be? Is. Routing and forwarding _is_ a known policy issue in virtually all ASNs. - ferg -- Todd Underwood [EMAIL PROTECTED] wrote: [...] routing and firewalling may be orthogonal. obviously, without routing there is no forwarding and *many* people filtered announcements within 69/8. i acknowledge that many people also accepted the route and filtered traffic. my point was (as should have been clear) that the right place to *start* is routing. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Google seeks GoogleNet bids?
I'm kind of surprised that I hadn't seem mention of it here before now, but Om Malik points out in his blog that Google is reviewing bids for it's natioal DWDM network: http://gigaom.com/2005/09/19/google-asks-for-googlenet-bids/ - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: PBR needing to hit the cpu?
What I think we're talking about here is not really policy- based routing but policy-based forwarding, right? If so, then any nin-FIFO scheme would have to to be kicked up to the CPU, right? - ferg ps. I heard you left Cisco again. ;-) -- Tony Li [EMAIL PROTECTED] wrote: On Sep 17, 2005, at 8:57 PM, David Hubbard wrote: Just curious, do most vendors' hardware need to hit the cpu when doing policy-based routing? I found one of my border routers' cpu's on the bad end of a DDoS but once I turned off a not necessarily required setup to force some outbound traffic to take a specific outbound link via PBR, the DDoS traffic was no longer an issue. It was only about 200 Mbit so I hadn't expected it to be an issue but apparently it was; I was surprised when support told me the PBR was making traffic hit the cpu. That's not at all surprising. PBR would be pretty hard to push into a hardware forwarding path. Not impossible, but certainly challenging. Tony
Re: commonly blocked ISP ports
A couple of decent barometers: http://www.dshield.org/topports.php and: http://www.mynetwatchman.com/default.asp - ferg -- Luke Parrish [EMAIL PROTECTED] wrote: Not quite looking for tips to manage my network and ACL's or if should or should not be blocking, more looking for actual ports that other ISP's are blocking and why. For example: port 5 worm 2.5 port 67 virus 8.2 At 03:12 PM 9/14/2005, [EMAIL PROTECTED] wrote: On Wed, 14 Sep 2005 14:42:56 CDT, Luke Parrish said: We have a list, some reactive and some proactive, however we need to remove ports that are no longer a threat and add new ones as they are published. All ports that are open are threats, at least potentially. What you *should* be doing is: a) When you block a new port due to a current exploit, log the fact. b) Work with customers/users to make sure they're patched, and that new machines are patched before they go live. c) When probing for the port stops (which it never does), or some sufficient number of downstream boxes are patched and safe, remove the block. Either that, or block the world, and open ports on request. Remember - *you* are the only one on this list who really knows if a given port is a threat anymore (And that's totally skipping all the noise about corporate firewalls versus ISP firewalls and different expectations regarding security/transparency...) Luke Parrish Centurytel Internet Operations 318-330-6661 -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Computer systems blamed for feeble hurricane response?
This is the first I've heard of this... Via The Inquirer: [snip] REPORTERS at the Wall Street Journal said they have seen documents which show that a swift response by the US federal government to Hurricane Katrina was hampered because FEMA computer servers crashed. Michael Brown, FEMA's head, resigned yesterday after being recalled by the Department of Homeland Security to Washington DC. Attempts by agencies to spur the Federal Emergency Management Agency into urgent action were met with bouncing emails, the Journal said. It quoted a Department of Health official as saying every email it had sent to FEMA staff bounced. They need a better internet provider during disasters, the Journal quoted her or him as saying. A number of US agencies made desperate calls to the Department of Homeland Security and to Congresswomen and men, the article claimed. [Subscription required.] The newspaper did not say which computer systems FEMA uses. [snip] http://www.theinquirer.net/?article=26125 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
OMB: No new money for IPv6 [Was: Re: Multi-6]
Although I know you're speaking metaphorically, to top it off, see SUBJ: line. http://www.fcw.com/article90779-09-13-05-Web Upgrade to v6 by 2008 -- no new money. - ferg -- Tony Li [EMAIL PROTECTED] wrote: Moore's Law has not, and does not apply to routers. Thus, costs are going up non-trivially. Tony -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: LA power outage?
It's also interesting to note that, at least by some estimates, the brief power outage in L.A. yesterday took down more networks than Hurrucane Katrina: http://www.techweb.com/showArticle.jhtml?articleID=170702966 Of course, So. California is pretty network-dense, but what does that say about the level of seriousness that network operators place on their uptime? - ferg -- Steve Sobol [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] wrote: On Mon, 12 Sep 2005 21:21:59 -, Reeves, Rob said: We've been told by our field tech in LA that One Wilshire had lost power for a bit, but it is now restored. I don't know the duration of the outage, but our equipment there is on DC and did not go down. So - who in LA is going to be telling Santa they want a new data-center sized diesel UPS genset for Christmas? ;) More like, which manager is telling Santa they want a new, clue-imbued employee for Christmas? I'm not too close to the story and I don't live in Los Angeles (I live and work 55-65 miles northeast of downtown), but it seems to me that the problem could have been avoided with a little more caution on the part of the person who cut the wires. -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: [EMAIL PROTECTED] Snail: 22674 Motnocab Road, Apple Valley, CA 92307 -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: LA power outage?
william(at)elan.net [EMAIL PROTECTED] wrote: I think there is a difference as to network going down for 3 hours and network going down for 3 months... Semantics. :-) BTW - care to speculate what will happen if cat5 hurricane hits LA? :) Or maybe we should be thinking of 8+ earthquake No -- I wouldn't want to be accused of instigating an off-topic thread. ,-) - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: LA power outage?
CNN is reporting that power is starting to be restored to some areas afected by the outage. - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
China Telecom Blocking Skype
Okay, don't get too excited. I'm not trying to incite the whole off-topic thread that was going here earlier regarding ethical issues regarding China content, etc, However, on the issue of services denial (thinking back to the discussion of various ISP's around the world blocking various service, e.g. Vonage, other VoIP traffic, etc.), I have to say that I think I see a lot of hypocritical folks out there that, well... you can see the issue. Via Red Herring: [snip] China Telecom, Chinas largest telecommunications carrier, has begun blocking VoIP calls in an effort to stanch the massive loss of revenue it could sustain if a substantial percentage of that countrys 100 million Internet users switch their long-distance calling to Skype. Reuters cited media reports and Internet postings as the source of its information that the former monopoly carrier has begun blocking Internet users from accessing Skypes voice services in the city of Shenzhen. The news service also cites a report in the Shanghai Daily that China Telecom plans to block Skypes service throughout the country, eventually. News reports said the carrier, which owns a large broadband network and controls a large network of ISPs, has created a blacklist of Skype users in Shenzhen and threatened punitive action against those who try to circumvent the carriers Skype blocks. [snip] http://www.redherring.com/article.aspx?a=13516 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: OT - Vint Cerf joins Google
Cool. That kind of goes hand-in-hand with Vint's Galactic Internet theme. :-) - ferg -- [EMAIL PROTECTED] (Suresh Ramasubramanian) wrote: For once I'll do a Fergie http://www.google.com/press/pressrel/vintcerf.html Vint's now Chief Internet Evangelist at GOOG srs -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Cisco CSS SSL bypass vulnerability...
I ahdn't seen a notification on this yet, except via FrSIRT. Thought some of you might be interested in this... This time it's: Cisco Content Services Switches SSL Authentication Bypass Issue http://www.cisco.com/warp/public/707/cisco-sn-20050908-css.shtml - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Very funny: While Bush fiddles, New Orleans dies
If anyone hasn't figured it out yet, I didn't send this crap to the list... - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: While Bush fiddles, New Orleans dies
I absolutely am _not_ responsible in any way, shape, or form, for those messages. While some of my posts skirt the ever-changing topicality of the list, you have to admit -- I always send directly from my webmail account (wouldn't dream of sending from my corporate account :-) - ferg -- Robert E.Seastrom [EMAIL PROTECTED] wrote: Stephen J. Wilcox [EMAIL PROTECTED] writes: wheres the ops in this? dont get me wrong, i'm sympathetic with new orleans and also definitely not a bush supporter but this is verging on incitement and i dont see the point of the post to here My guess: someone who doesn't like Paul (and there are plenty of people who have groused privately about his prolific posting of current news stories) is trying to make him look bad (or doing a savage parody, depending on how you look at it) by abusing the http://www.tribuneinteractive.com/ mail someone this story feature. Look at the headers... it was obviously sent by tribuneinteractive, and it's pretty unlike Paul to do something like this. So that's my hypothesis anyway. We'll wait till Paul is awake to be able to confirm or deny it. ---Rob -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: OT: Yahoo- apparently now an extension of the Chinese govt secret police....
This is not shaping up to be a very good month for Yahoo! all the way around -- at least PR-wise: http://techdirt.com/articles/20050907/0246214_F.shtml - ferg -- Bob Arthurs [EMAIL PROTECTED] wrote: Way OT, but very interesting- don't know if anyone saw this article about Yahoo collaborating with the Chinese government's police (from the BBC): http://news.bbc.co.uk/1/hi/world/asia-pacific/4221538.stm If this is true, I for one will stop using Yahoo- I have spent alot of time in Asia myself, and I am very aware of the nature of the Chinese secret police. But if the article is true, I guess Yahoo doesn't care about the opinion of the regular consumer when they can curry favor with a repressive regime by informing on people. So, if you email friends in China from a Yahoo account, you have been warned! -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Buh bye
Hey, that's a good one. :-) And while we're doing real work to shut down phishers, here's another cartoon for the list: http://isc.sans.org/diary.php?storyid=650 - ferg -- Randy Bush [EMAIL PROTECTED] wrote: o but we do need to leave this list clear for fergie's 20 postings a day on what's happening in austin, the url of some cartoon, what you can read in the ny times, and so forth :-)/2 -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Update on Wireless Katrina Response
On Friday, the FCC held a conference call with wireless internet service providers and representatives of tech companies including Intel, Cisco, and Vonage -- the goal was to urgently coordinate private and public sector resources to get communication systems up again in areas devastated by Katrina. http://www.boingboing.net/2005/09/05/update_on_wireless_k.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Katrina impact on US internet backbone -- analysis
I'd be interested in what the curmudgeons on the list think about this: http://www.boingboing.net/2005/09/04/katrina_impact_on_us.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Katrina impact on Internet2 backbone -- analysis
Okay, they changed it on me. Flame away. http://www.boingboing.net/2005/09/04/katrina_impact_on_ab.html - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: I'd be interested in what the curmudgeons on the list think about this: http://www.boingboing.net/2005/09/04/katrina_impact_on_us.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Phones, Computers Coming to Astrodome
An AP newswire article by Matt Slagle, via Yahoo! News, reports that: [snip] Thousands of Hurricane Katrina refugees packing into Houston's Astrodome are getting electronic access to the outside world. Corporations, volunteers and nonprofit agencies continued working Friday to install telephones and Internet-enabled computers inside the sprawling former sports stadium in one of many efforts aimed at bringing communications technologies to hurricane victims. Astrodome refugees, displaced from the Superdome in New Orleans, were getting 10 minutes blocks of time to make free local and long distance calls. Many of them haven't heard from friends or family nor have they been able to let loved ones know they're safe since Katrina ravaged their hometown on Monday. [snip] http://news.yahoo.com/news?tmpl=storyu=/ap/20050902/ap_on_hi_te/katrina_tech_donations - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Red Cross working to restore communications at shelters
FCW.com: [snip] The American Red Cross is doing everything it can to restore communications with its 300 shelters in the region devastated by Hurricane Katrina, the agencys chief information officer said Friday. The agency is making progress but this disaster is on a scale weve never seen before, said Steve Cooper, the Red Crosss CIO and the former CIO at the Homeland Security Department. We have to plan that New Orleans as a city really wont exist for the next six months, Cooper said. Biloxi, Miss., is just as hard hit, he noted. The Red Cross created a task force on Sept. 1 with several of its private-sector partners, including Microsoft, Cisco Systems and Cingular, Cooper said. These companies flew in personnel to provide satellite connectivity to all Red Cross shelters in the disaster area, he said. [snip] http://www.fcw.com/article90642-09-02-05-Web - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
FCC COORDINATING TECH AID FOR KATRINA DISASTER
http://www.boingboing.net/2005/09/02/fcc_coordinating_tec.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
FAMILY LINKING AVAILABLE VIA WWW.REDCROSS.ORG
Via The American Red Cross. [snip] The American Red Cross, with support of the worldwide Red Cross and Red Crescent Movement, is launching a Web site to help assist family members who are seeking news about loved ones living in the path of Hurricane Katrina. Visit the Family Links Registry via www.redcross.org to register yourself, a missing relative or view the existing list of registrants. Evacuees wishing to inform loved ones of their location can register their name by clicking on Family Links Registry on www.redcross.org. Concerned loved ones can register the names of their loved ones and view the list of those already posted. Due to the extent of the damage and the number of people displaced, concerned friends and family members are encouraged to visit the site daily to consult the list, as it will be updated continuously. A toll-free hotline is being established for those who do not have internet access. [snip] http://www.redcross.org/pressrelease/0,1077,0_314_4521,00.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
BellSouth Updates Impact of Hurricane Katrina
For what it's worth. [snip] ATLANTA, Sept. 2 /PRNewswire-FirstCall/ -- BellSouth (NYSE: BLS) announced the following update on the impacts of Hurricane Katrina on its operations: Louisiana: - BellSouth currently has about 1.03 million lines impacted in Louisiana, representing 54.2% of the state's more than 1.9 million access lines. Coastal Alabama/Mississippi - BellSouth currently has about 438,000 lines impacted in Mississippi, representing 39.8% of Mississippi's more than 1.1 million access lines. - BellSouth currently has about 93,000 lines impacted in Alabama, representing 5.5% of the state's more than 1.7 million access lines. Our restoration efforts are ongoing and we have made good progress, said Bill Smith, BellSouth Chief Technology Officer. While our forces are actively restoring service in many parts of Alabama, Louisiana and Mississippi, we continue to experience difficulty accessing many areas most impacted by the storm. For example, access is difficult in flooded areas in New Orleans as well as coastal areas due to downed trees and bridge and road damage. We estimate that there are 750,000 customer lines in these most heavily-damaged areas. Also, strike teams are actively repairing facilities that will aid in the restoration of wireless services that are key to rescue efforts in the New Orleans area, he noted. BellSouth is still assessing the full impact on the network and its customers' operations, and as a result, it is too early to project the total magnitude of destruction caused by Hurricane Katrina. BellSouth is currently surveying those areas where it has access and has begun restoration work. The number of lines affected will continue to fluctuate until the area stabilizes and all surveys have completed. BellSouth has about 13,000 employees in Louisiana, Mississippi and Alabama -- and approximately 7,600 of these are in the hardest hit areas affected by the storm. To aid its employees, BellSouth has set up BellSouth tent cities in Baton Rouge, La. and Gulfport, Miss. These cities will provide BellSouth employees and their families with necessities such as food, shelter, clothing, and employee assistance programs. This information is accurate only as of the date and time indicated below and is likely to change as power is restored, flood waters recede and other developments occur. Although we will use commercially reasonable efforts to provide updated information on a regular basis, this information will not be updated in real-time. [snip] http://www.prnewswire.com/cgi-bin/stories.pl?ACCT=109STORY=/www/story/09-02-2005/0004099606EDATE= - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
RE: trying to move web site for New Orleans schools
Good advice. The miscreants have already been busy in that regard... - ferg -- Hannigan, Martin [EMAIL PROTECTED] wrote: Outside the NANOG charter, but given the current circumstances, this seemed to be a reasonable forum for suggestions on solving this problem. I suggest everyone move with caution on making any unauthenticated changes on the fly for anyone claiming to be impacted by the storm. I know we all feel badly, but this is a good opportunity for miscreants, phishers, and scammers to wreak havoc. -M -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
P2P Darknets to eclipse bandwidth management?
Interesting article, and something I think that will certainly becaome an issue for ISPs. Is this a real issue ISPs are thinking about? Via The Register: [snip] Encrypted P2P networks will soon make bandwidth management based on deep packet inspection obsolete, says Staselog, a Finnish appliance outfit. Around 80 per cent of all traffic in the Internet is already P2P. This traffic will increase 1,000-fold in the next five years and most of it will be encrypted P2P, according to a study by Staselog and researchers at Finnish Universities. [snip] http://www.theregister.co.uk/2005/09/01/darknets_fox_traffic_manage_tech/ Overlooking the point that this kind of smells like a pitch for Staselog, I'd be curious to hear of this is an issue on ISP bandwidth management radar... or already is... - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
New Orleans Cops Use Single Radio Channel
An AP newswire article by Bruce Myerson, via Yahoo! News, reports that: [snip] By Thursday, nearly 10,000 satellite-based wireless phones had poured into the hurricane zone to coordinate relief efforts by federal disaster personnel and Red Cross workers, said service providers Globalstar LLC and Iridium Satellite LLC. [snip] http://news.yahoo.com/news?tmpl=storyu=/ap/20050902/ap_on_hi_te/katrina_telecom - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Yahoo! -- A Phisher-friendly hosting domain?
That's good, however, I regret that the issue had to be aired here because it didn't get attention it deserved through proper channels and elsewhere... - ferg -- Florian Weimer [EMAIL PROTECTED] wrote: But it caught my eye that SOMEBODY at Yahoo! ought to be reviewing domain names like bankofthewestupdate.com Registrars should as well, but this is not the way the Internet works. Sometimes, this is a good thing, sometimes, it's not. It seems that the A RR has been pulled around 2005-08-30 21:00 UTC, so this particular issue has already been resolved. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Cisco as a First Responder?
Interestingly enough, there's an article on MSNBC: http://www.msnbc.msn.com/id/9131498/ ...that talks about all of the gee whiz tech stuff that is getting deployed to assist in the aftermath of Katrina: [snip] Among the first high-tech responders was Cisco Systems, which is setting up mobile communication kits and wiki-based networks to deal with Katrina's information overload. Just wanted you to know that we will have 'feet on the wet street,' Cisco's Lori Bush reported in a posting to fellow members of the National Institute for Urban Search and Rescue. Some of the equipment, like the Cisco kits, can fit into a search-and-rescue effort instantly. Other gadgets are being put into service on the fly, in hopes of boosting the communication systems currently being used. And still others aren't yet ready for prime time but will be tested in real-world conditions. [snip] - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Boing Boing: Clearinghouse for Katrina tech assistance contacts
Since gripes here on the list about opsts regarding the Hurricane Katrina aftermath issues, I just wanted to point out that Bong Boing has seemingly become the clearinghouse for much tech info on efforts to provide some sort tech and communications assistance in the Gulf Coast region. So, I'd stay tuned over on Boing Boing if you want to stay in the loop on that particular issue: http://boingboing.net/ - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
August 2005: Drone Army Botnet CC listing
Keeping is step with Gadi's language from last month: Below is a periodic public report from the Drone Army(DA)/Botnet Research and mitigation mailing list. For this report it should be noted that we base our analysis on the data we have accumulated from various sources. According to our analysis of information we have conducted thus far, we are now publishing our regular reports, with some additional information, which may vary from time to time, as needed. As of this July 2005, any responsible party that wishes to receive information about botnet CC's in their net space can contact us and be added to our notification list. The principle contact is Paul Ferguson (Fergie). - ferg Special appreciation is due to Staminus who took quick action to resolve the suspect CCs of the last report and rapidly resolved all of the suspect CCs which appeared during this current survey. AS responsible Parties ranked by top 10 open unresolved suspect CCs: ASN Responsible Party Total Open 30058 FDCSERVERS - FDCservers.net LL 123 43 21840 SAGONET-TPA - Sago Networks 53 26 13680 AS13680 Hostway Corporation Ta 23 23 15083 INFOLINK-MIA-US - Infolink Inf 37 21 6461MFNX MFN - Metromedia Fiber Ne 28 17 8560SCHLUND-AS Schlund + Partner A 26 17 30083 SERVER4YOU - Server4You Inc.37 16 13237 LAMBDANET-AS European Backbone 15 12 9800UNICOM CHINA UNICOM 14 11 27645 ASN-NA-MSG-01 - Managed Soluti 18 11 Historical Report ranked by past suspect CCs mapping into the AS: ASN Responsible Party Total OpenPercent Resolved 14742 INTERNAP-BLOCK-4 - Internap Ne 142 2 99% 14744 30058 FDCSERVERS - FDCservers.net LL 123 43 65% 10913 INTERNAP-BLK - Internap Networ 84 0 100% 25761 STAMINUS-COMM - Staminus Commu 58 0 100% 21840 SAGONET-TPA - Sago Networks 53 26 51% 3356LEVEL3 Level 3 Communications 43 5 88% 21844 THEPLANET-AS - THE PLANET 38 5 87% 30083 SERVER4YOU - Server4You Inc.37 16 57% 15083 INFOLINK-MIA-US - Infolink Inf 37 21 43% 11739 DIGITAL-FOREST-NW - digital.fo 29 0 100% 16237 NXS Nxs Internet BV 29 0 100% The report summary includes a Percent Resolved Column in order to recognize the mitigation efforts of the AS Responsible Parties. The Opens Unresolved column represents the number of unique CC which reported as open to the survey's connection attempts and which have neither been investigated nor cleared by the Responsible Party (to the extent of our knowledge). The Total mapping count may include multiple names mapping to a single IP within an AS. We count each mapping count as a unique CC. Stats for the DA group compiled by: Randal Vaughn Professor Information Systems Baylor University Randy_Vaughn (at) Baylor.edu -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
RE: August 2005: Drone Army Botnet CC listing
Yes. And thanks. - ferg -- Hannigan, Martin [EMAIL PROTECTED] wrote: 30058 FDCSERVERS - FDCservers.net LL 123 43 21840 SAGONET-TPA - Sago Networks 53 26 Much better. And no IL-CERT. :-) Is it safe to say the resolutions, at least in these two cases, are because of others mitigation activities i.e. snatching back the RR's, shutting off the domain, black holes, etc? -M -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Phone networks struggle in Hurricane Katrina's wake
Via Reuters. [snip] Telephone companies struggled to restore service and measure the damage to their networks in Louisiana and Mississippi on Tuesday after Hurricane Katrina cut power and triggered severe flooding. A spokesman for BellSouth Corp., the largest local telephone company in the region, said while the company estimated about 53,000 lines were out in the two states, the actual numbers were likely to be higher. Cingular Wireless and Sprint Nextel Corp. said cellular service in the area had been affected as well. All three companies said power losses were the main threat to further service failures, but that flooding was hampering their efforts to reach network equipment. Entergy Corp. reported more than a million customers without power in Louisiana and Mississippi, and warned customers to expect a long and difficult restoration that could take weeks. New Orleans Mayor Ray Nagin told television station WWL that 80 percent of the city was under water, and authorities declared martial law in some areas. [snip] http://go.reuters.com/newsArticle.jhtml?type=technologyNewsstoryID=9512696 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Phone networks struggle in Hurricane Katrina's wake
And via Slashdot: [snip] In this age of cheap commoditized consumer electronics and advanced mobile technology, why can't all the people of a city make contact during an emergency? Cell phone circuits filled up during 9/11 attacks and in the wake of hurricane Katrina very few victims can make contact with their families, despite the fact that they have all those mobile phones. The Red Cross is looking to deploy satellite equipment From the article: to restore communications in affected areas. Katrina made landfall in Louisiana early this morning with sustained winds of 145 mph, but veered just enough to the east to spare New Orleans a direct blow. Even so, flooding, power outages and heavy damage to structures were reported throughout the region. The Red Cross tomorrow expects to begin deploying a host of systems it will need, including satellite telephones, portable satellite dishes, specially equipped communications trucks, high- and low-band radio systems, and generator-powered wireless computer networks, said Jason Wiltrout, a Red Cross network engineer. [snip] http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,104250,00.html - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: Via Reuters. [snip] Telephone companies struggled to restore service and measure the damage to their networks in Louisiana and Mississippi on Tuesday after Hurricane Katrina cut power and triggered severe flooding. A spokesman for BellSouth Corp., the largest local telephone company in the region, said while the company estimated about 53,000 lines were out in the two states, the actual numbers were likely to be higher. Cingular Wireless and Sprint Nextel Corp. said cellular service in the area had been affected as well. All three companies said power losses were the main threat to further service failures, but that flooding was hampering their efforts to reach network equipment. Entergy Corp. reported more than a million customers without power in Louisiana and Mississippi, and warned customers to expect a long and difficult restoration that could take weeks. New Orleans Mayor Ray Nagin told television station WWL that 80 percent of the city was under water, and authorities declared martial law in some areas. [snip] http://go.reuters.com/newsArticle.jhtml?type=technologyNewsstoryID=9512696 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Phone networks struggle in Hurricane Katrina's wake
Me? I personally never trade my POTS for VoIP... - ferg -- Iljitsch van Beijnum [EMAIL PROTECTED] wrote: On 30-aug-2005, at 22:08, Fergie (Paul Ferguson) wrote: In this age of cheap commoditized consumer electronics and advanced mobile technology, why can't all the people of a city make contact during an emergency? Simple: it's too expensive. Keep this in mind when trading in your POTS service for VoIP service over the internet. Discounting the local loop which is often the same in both cases, POTS is extremely reliable while VoIP over the public internet, well, isn't. But apparently people that switch to VoIP don't mind the reduced likelihood of being able to make calls during the next large scale emergency.
Donate [Was Re: Phone networks struggle in Hurricane Katrina's wake]
Apologies for the multiple posts, but I think this is important enough to warrant a follow-up. I send out a public challenge to each and every one of you reading this to make a donation to the American Red Cross, if for nothing else, think of it as a small effort to assist the Red Cross in their efforts to establish emergency communications in the region. Of course, the donation will go towards all assistance efforts in the wake of Katrina, so rationalize it however you will. :-) http://www.redcross.org/ Click and donate. - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: And via Slashdot: [snip] In this age of cheap commoditized consumer electronics and advanced mobile technology, why can't all the people of a city make contact during an emergency? Cell phone circuits filled up during 9/11 attacks and in the wake of hurricane Katrina very few victims can make contact with their families, despite the fact that they have all those mobile phones. The Red Cross is looking to deploy satellite equipment From the article: to restore communications in affected areas. Katrina made landfall in Louisiana early this morning with sustained winds of 145 mph, but veered just enough to the east to spare New Orleans a direct blow. Even so, flooding, power outages and heavy damage to structures were reported throughout the region. The Red Cross tomorrow expects to begin deploying a host of systems it will need, including satellite telephones, portable satellite dishes, specially equipped communications trucks, high- and low-band radio systems, and generator-powered wireless computer networks, said Jason Wiltrout, a Red Cross network engineer. [snip] http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,104250,00.html - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: Via Reuters. [snip] Telephone companies struggled to restore service and measure the damage to their networks in Louisiana and Mississippi on Tuesday after Hurricane Katrina cut power and triggered severe flooding. A spokesman for BellSouth Corp., the largest local telephone company in the region, said while the company estimated about 53,000 lines were out in the two states, the actual numbers were likely to be higher. Cingular Wireless and Sprint Nextel Corp. said cellular service in the area had been affected as well. All three companies said power losses were the main threat to further service failures, but that flooding was hampering their efforts to reach network equipment. Entergy Corp. reported more than a million customers without power in Louisiana and Mississippi, and warned customers to expect a long and difficult restoration that could take weeks. New Orleans Mayor Ray Nagin told television station WWL that 80 percent of the city was under water, and authorities declared martial law in some areas. [snip] http://go.reuters.com/newsArticle.jhtml?type=technologyNewsstoryID=9512696 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Phone networks struggle in Hurricane Katrina's wake
I'll file that comment where it belongs -- in file 13. If a major catastrophe, albeit more human than network-related (although lots of network-related issues here, too), isn't on-topic, than I fail to see what is. - ferg -- Richard A Steenbergen [EMAIL PROTECTED] wrote: Did I miss the memo announcing the Slashdot commentary section had been extended to the NANOG mailing list? It is one thing to expand on a story with useful insights, but this entire thread is just restating the obvious for the sake of hearing your own voice (or the digital equivalent thereof). If I wanted to read the uninformed reactions of random people to random news stories wondering why cell phone circuits fill up during natural disasters I would go to slashdot and click Read More This stuff doesn't even come close to being NANOG worthy, let alone on-topic or appropriate. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Yahoo! -- A Phisher-friendly hosting domain?
This would probably be better posted to NSP-SEC, but since I'm not subscribed (and have tried at least once), I'll share it here. For what it's worth, I'm involved in several security and anti-malware, anti-botnet, etc. group efforts, and I personally think that this particlar situation has gained enough badness status as to warrant wider public disclosure. A colleague alerted me to this earlier today (with permission to reprint): [snip] My attention was drawn earlier today to yet another phishing site on Yahoo! - we're already finding extreme porn and other disreputable sites moving there now that their abuse dept has been dismantled and reassembled in Oregon, apparently with all staff-under-training. But it caught my eye that SOMEBODY at Yahoo! ought to be reviewing domain names like bankofthewestupdate.com when they are set up on their servers, if only for reasons of due diligence ... otherwise Bank of the West might possibly have grounds for a lawsuit against Yahoo! ? Have any banks ever threatened to litigate against ISPs? If ever there was an incident calling out to be made a test case ... [snip] Details can be found here: http://www.spamhaus.org/sbl/sbl.lasso?query=SBL31214 Also: [snip] The fact that very many phishers, 419s, and spamming pornographers are flocking to Yahoo is the result of changes that Yahoo have made to their abuse processing. Also, as they run ClamAV on all mail to their new abuse desk in Oregon, any reports to them that contain evidence of phishing incidents are automatically rejected by the ClamAV filtering - so it is difficult to know exactly HOW Yahoo! could have been expected to take action on these cases. (Yahoo! have been told about the situation by several respected individuals but from the reactions it seems that they do not care.) [snip] A more interesting link can be found here: http://www.spamhaus.org/sbl/listings.lasso?isp=yahoo.com This is somewhat disturbing. - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Phone networks struggle in Hurricane Katrina's wake
You get high marks for your crumudgeon level. However, if I have to point it out and lead you to it like a child, then so be it. If I was mistaken in thinking that the referenced article: Red Cross looks to IT for post-Katrina recovery http://www.computerworld.com/securitytopics/security/recovery/story/0,10801,104250,00.html ..would perhaps elicit some operational suggestions from the peanut gallery on how to perhaps assist in this effort, or prhaps contribute to the BellSouth issues, etc., then mea culpa. Sniping certainly accomplishes nothing. - ferg -- Richard A Steenbergen [EMAIL PROTECTED] wrote: On Wed, Aug 31, 2005 at 01:22:13AM +, Fergie (Paul Ferguson) wrote: I'll file that comment where it belongs -- in file 13. If a major catastrophe, albeit more human than network-related (although lots of network-related issues here, too), isn't on-topic, than I fail to see what is. North American Network Operations perhaps? Talking about the impact to networks is on-topic, talking about steps being taken to protect or restore networks is on-topic, talking about networking infrastructure as it relates to the public communications infrastructure is on-topic during an event like this. Replying to idiotic slashdot articles asking really stupid questions is not on topic. Telling the entire NANOG reader base that you like your POTS line and will never switch to VoIP is not on topic. Technically speaking a human tragedy isn't even on topic. Like I said, it might be different if there was some actual insight being provided here. If someone was talking about some specific data relating to the reliability of the infrastructure or otherwise something OPERATIONAL to talk about that would be one thing, but this is not operational, this is simply chatter. Chatter has its place, that is why people read Slashdot and watch the news, but replacing an operational mailing list with the slashdot commentary section and seeing what happens is not my or anyone else's idea of a good time. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Phone networks struggle in Hurricane Katrina's wake
Wrong Paul. - ferg p.s. I'm doing a blog already. I also run a few networks. It's all relative. Feel free to experiment at will! ;-) - ferg -- Randy Bush [EMAIL PROTECTED] wrote: I'll file that comment where it belongs -- in file 13. manners, paul If a major catastrophe, albeit more human than network-related (although lots of network-related issues here, too), isn't on-topic, than I fail to see what is. operational material maybe? nah, i'm just a confused lurker, haven't seen any of it here for a while. the steering committee has been discussing the idea of a nanog blog. of course it would be directed to operational content and not your daily pointer to some cartoon etc. but, in the spirit of an open group, we are very interested to hear what the community thinks of this. but please let's discuss it over on [EMAIL PROTECTED] HINT! randy -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Katrina could inundate New Orleans
Wow. It doesn't look good for New Orleans and surrounding area. Just curious what measures ISP's in the area may have been going through in preparation for this (what appears to be huge) hurricane. - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
FCC grants 30-day extension in VoIP 911 ruling
FYI: A Reuters newswire article, via Yahoo! News, reports that: [snip] The U.S. Federal Communications Commission said on Friday it was extending by 30 days a deadline for Internet telephone companies to tell customers about 911 emergency calling or shut off their service. [snip] http://news.yahoo.com/news?tmpl=storyu=/nm/20050826/wr_nm/telecoms_voip_dc - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: A useful oversimplification for network surveillance?
Actually, re-reading your original message, netflow would certainly be helpful in analysis, trending, etc. (along with something along the lines of MRTG) -- and IDS is only helpful after the fact, per se. - ferg -- Howard C. Berkowitz [EMAIL PROTECTED] wrote: At 3:30 PM + 8/25/05, Fergie (Paul Ferguson) wrote: Howard, I'd most certainly use an IDS (i.e. SNORT) for this instead of netflow My concern is scalability, remembering I'm talking about the surveillance level. My preliminary sense is that SNORT is great in a sinkhole, but isn't as scalable as a reasonable NetFlow export. -- Howard C. Berkowitz [EMAIL PROTECTED] wrote: NetFlow is the key to analyzing traffic patterns outside the router, looking for DDoS signatures when known, and for traffic anomalies that may become DDoS.
Re: A useful oversimplification for network surveillance?
Also, this seems like a good time to mention a couple of additionl resources on trending specific TCP and UDP port probes (if you haven't already seen them): http://www.dshield.org/ http://www.mynetwatchman.com/ - ferg -- sjk [EMAIL PROTECTED] wrote: We are an ISP - we look for specific trending data to help pinpoint new potential virus and malware which can adversley effect transit links or equiptment. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Completely off-topic: Sprint Nextel's new logo ....
http://www.engadget.com/entry/1234000243055975/ - ferg
Maybe the IETF Won't Publish SPF and Sender-ID as Experimental RFCs Af ter All
John Levine writes over on CircleID: [snip] Yesterday, the IESG, the group that approves RFCs for publication received an appeal from Julian Mehnle to not to publish the Sender-ID spec as an experimental RFC due to technical defects. IESG members' responses were sympathetic to his concerns, so I'd say that a Sender-ID RFC has hit a roadblock. The problem is simple: Although Sender-ID defines a new record type, called SPF 2.0, it also says that in the absence of a 2.0 record, it uses the older SPF1 record. Since SPF and Sender-ID can use the same records, if you publish an SPF record, you can't tell whether people are using it for SPF or Sender-ID. [snip] http://www.circleid.com/article/1178_0_1_0_C/ - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Rolling blackouts strike Southern Calif. (again)
Forget about cyber-terror threats to the national power grid -- just leave it to the keepers of the Volt. [snip] Sweltering heat and the loss of a key transmission line Thursday forced power officials in Southern California to impose rolling blackouts, leaving as many as half a million people without power for about half an hour, officials said. The California Independent System Operator, which operates the states electric grid, declared a transmission emergency at 3:57 p.m., said ISO spokeswoman Stephanie McCorkle. [snip] http://www.msnbc.msn.com/id/9078840/ I'd be interested to hear if there were any noticeable residual issues. - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: ISP's In Uproar Over Verizon-MCI Merger
Amen, brother. ;-) - ferg -- Chris Boyd [EMAIL PROTECTED] wrote: For those outside the state or the US, Texas has some very odd political traditions and laws that are beyond explanation in email. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Looming VoIP service deadline: Some Internet Phone Customers May Be C ut
An AP newswirearticle, Yahoo! News: [snip] Providers of Internet-based phone services may be forced next week to cut off tens of thousands of customers who haven't formally acknowledged that they understand the problems they may encounter dialing 911 in an emergency. The Federal Communications Commission had set the Monday deadline as an interim safeguard while providers of Internet calling, also known as VoIP for Voice over Internet Protocol, rush to comply with an FCC order requiring full emergency 911 capabilities by late November. [snip] http://news.yahoo.com/news?tmpl=storyu=/ap/20050824/ap_on_hi_te/internet_phones_e911 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
ISP's In Uproar Over Verizon-MCI Merger
Dan Neel writes in CRN.com: [snip] The California ISP Association (CISPA) claims the merger of Verizon Communications and MCI will threaten ISP business models. CISPA represents more than 180 ISPs. Mike Jackman, executive director of the Sacramento, Calif.-based organization, said the multibillion-dollar Verizon-MCI merger, announced in February, will run many pure-play ISPs out of business or force them to diversify their offerings--possibly into more value-added services that could compete with those provided by VARs and system integrators. Verizon and MCI expect to close their merger by the end of the year. Another blockbuster telecommunications merger--between SBC Communications and ATT--also is slated to close by the end of this year or in early 2006. Spurring the CISPA complaint is an Aug. 5 Federal Communications Commission decision to reclassify DSL service as an information service instead of a telecom service, which Jackman said frees phone companies like Verizon from regulations requiring them to share bandwidth with ISPs. The FCC has placed a one-year grace period on enforcement of the change, he added. [snip] http://www.crn.com/sections/breakingnews/breakingnews.jhtml;jsessionid=P4TBQHJM0MMKYQSNDBESKHA?articleId=169600170 Sorry for the long URL. - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: ISP's In Uproar Over Verizon-MCI Merger
..and life is probably going to get a lot more interesting for service providers. All today, we have leaders in the field with completely opposite views of the word: U.S. Broadband Policy Exists -- And Works, Claims NTIA's Gallagher http://www.advancedippipeline.com/169600336 [and] Nortel chief: U.S. needs new broadband vision http://www.infoworld.com/article/05/08/23/HNnortelchief_1.html And just to make life more fun, it looks like there's an effort afoot to get VoIP consumers to pay (read: tax) into the USF: New taxes could slam Net phone users http://news.com.com/New+taxes+could+slam+Net+phone+users/2100-7352_3-5842237.html So, aren't you glad that life isn't boring? ;-) - ferg -- Gary E. Miller [EMAIL PROTECTED] wrote: You forget the third choice the ATT taught us so well before the big breakup: Less broadband at higher prices. Just look at how hard it has been to get Qwest to fulfill their promises of more broadband outside of the cities in return for less state control over prices. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Cisco Security Advisories: IDS related
This may affect several folks: SSL Certificate Validation Vulnerability in IDS Management Software http://www.cisco.com/en/US/products/hw/vpndevc/ps4077/products_security_advisory09186a00804fa92e.shtml Cisco Intrusion Prevention System Vulnerable to Privilege Escalation http://www.cisco.com/en/US/products/sw/secursw/ps2113/products_security_advisory09186a00804fa93b.shtml FYI, - ferg ps. A couple of new bots surfaced over the weekend, too :-/ -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
RE: Semi-on-topic: Light that travels faster than the speed of light?
Well, I would imagine that the faster you can ship the bits, the faster anything can happen -- including BGP convergence and botnet attacks (too!). :-) Yeah, I realize that the possibility to actually speed up light via the optical transmission systems may be a long ways off (or simply impossible in practicality!), but I thought this was interesting. - ferg -- Buhrmaster, Gary [EMAIL PROTECTED] wrote: To make this operational, will this speed up BGP convergence? (note that there is a difference between group velocity and phase velocity. The posters of 300,000 Kilometers Per Second. It's Not Just a Good Idea, It's the Law! are still valid). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fergie (Paul Ferguson) Sent: Saturday, August 20, 2005 10:40 AM To: nanog@merit.edu Subject: Semi-on-topic: Light that travels faster than the speed of light? Man, I knew I should've gotten in on the ground floor in any effort to speed up light -- someone's going to be rich beyond their wildest dreams. :-) (Thanks to a post over at Slashdot) the Science Blog reports that: [snip] A team of researchers from the Ecole Polytechnique Fédérale de Lausanne (EPFL) has successfully demonstrated, for the first time, that it is possible to control the speed of light - both slowing it down and speeding it up - in an optical fiber, using off-the-shelf instrumentation in normal environmental conditions. Their results, to be published in the August 22 issue of Applied Physics Letters, could have implications that range from optical computing to the fiber-optic telecommunications industry. [snip] http://www.scienceblog.com/light.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Cisco - ZOTOB and WORM_RBOT.CBQ Mitigation Recommendations
I have seen this firsthand -- the botnet DoS attacks have begun, and with a furor. I saw an extraordinarily large network brough to it's knees today by an IRCbot.es Dos. I felt like Nero -- fiddling while Rome burned. Cisco - ZOTOB and WORM_RBOT.CBQ Mitigation Recommendations http://www.uniras.gov.uk/niscc/docs/br-20050819-00710.html?lang=en Be afraid. -- ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Operational: Wiltel Peering with MCI problems around D.C
Would this be affecting MIT, too? I've been noticing some very odd connectivity issues between here (Austin) and the CSAIL at MIT - ferg -- Rich Emmings [EMAIL PROTECTED] wrote: Anyone else (Wiltel customers especially) running into an operational issue around D.C. with partial connectivity It would seem MCI and Wiltel around D.C. have a 'informal' peering relationship and it's been errored right now for about 39 hours with a half-duplex route announcement. This has been effecting us with some loss of connectivity that's not there when we test same sites from other ISP clouds. Since it's informal, the help desk system at one or both ands may be having problem entering a ticket w/o an account number for the circuit. The usual channels are not producting results, and we're starting to get engineers on the lower end of the evoluationary food chain and finger pointing between wgc mci that's not helping. Tried a pch, haven't heard yet. ... 5 nycmny2wcx2-pos0-0-oc192.wcg.net (64.200.68.157) 5.786 ms 6.510 ms 6.114 ms 6 hrndva1wcx2-pos1-0-oc192.wcg.net (64.200.210.178) 12.029 ms 11.883 ms 11.582 ms 7 washdc5lcx1-pos5-0.wcg.net (64.200.240.194) 12.840 ms 12.559 ms 12.887 ms ...traffic dies -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: OT? Device to limit simultaneous connections per host?
WFQ/wRED? :-) - ferg -- David Hubbard [EMAIL PROTECTED] wrote: Hello everyone, I'm curious if anyone knows of a device that can throttle or limit a remote host's simultaneous connections or requests per second for web traffic on a per-IP basis. So I don't want to say web server X can only have 100 simultaneous connections and 10 requests per second. I want to say that for any given IP connecting to web server X, any one IP can have no more than 5 open connections and should be throttled if it starts making more than ten requests per second. If it could even be url-aware in that it could only apply the rules to specific types of web requests, that would be even better. The motivation here is to find a piece of equipment that can protect compute-intensive, database-driven websites from overly aggressive proxies, firewalls, search engines, etc. which like to hammer a given site with 50+ simultaneous requests against pages that could potentially need a few seconds of processing time per request. I've looked at a Packeteer PacketShaper running in reverse of what it normally would, trying to throttle and shape requests against the server rather than optimizing traffic for a low speed link like it was designed, but that didn't really work out as it could not have the policies applied on a per remote IP basis. Thanks, David
Re: What application runs on port 8094?
Hi Joe, A quick Google search renders: Cisco SSG TCP Redirect http://www.cisco.com/en/US/products/hw/routers/ps133/products_configuration_guide_chapter09186a00804d46e6.html ...but it apparently runs on tcp/8094, so no idea here. 4662 sounds like eDonkey2000, a P2P application, but... http://www.iana.org/assignments/port-numbers says: oms 4662/tcp OrbitNet Message Service oms 4662/udp OrbitNet Message Service # Roy Davies [EMAIL PROTECTED] August 2005 - ferg -- Joe Shen [EMAIL PROTECTED] wrote: Hi, Using netflow based monitor tool, I noticed there is a lot of traffic on 8094/UDP and 4662/TCP( both exceed 1Gbps, and exist all the time) What application use that port? Is there any P2P application use UDP as transportation protocol? thanks in advance. Joe -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
New N.Y. Law Targets Hidden Net LD Tolls
Must be fun days in NY State with Eliot Spitzer as AG. Lots of (mumble) war on cyber (mumble) crime (mumble) national security (mumble) :-) Actually, I kind of like the guy for taking some disreputable companies to task An AP newswire article by Michael Gormley, via Yahoo! News, reveals that: [snip] A new law that's apparently the first in the nation threatens to penalize Internet service providers that fail to warn users that some dial-up numbers can ring up enormous long-distance phone bills even though they appear local. A long distance call even within the same area code can cost 8 to 12 cents a minute, adding up to hundreds, even thousands of dollars a month. Companies face fines of up to $500 for each offense, and consumers could pursue civil action claiming an unfair business practice. The National Conference of State Legislatures said it knows of no similar law elsewhere. [snip] http://news.yahoo.com/news?tmpl=storyu=/ap/20050818/ap_on_hi_te/techbits_isp_charges - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Microsoft Ships Zotob Worm Removal Tool
Ryan Naraine writes in eWeek: [snip] Microsoft Corp. late Wednesday shipped an update to its malware removal tool to detect and delete the fast-spreading Zotob worm family. Microsoft typically updates the free utility once a monthon Patch Tuesdaybut with at least a dozen Zotob variants squirming through unpatched Windows 2000 systems, the company added detections for 10 mutants to help with the cleanup process. The new version of the Malicious Software Removal Tool will now zap the following worms: Zotob.A, Zotob.B, Zotob.C, Zotob.D, Zotob.E, Bobax.O, Esbot.A, Rbot.MA, Rbot.MB and Rbot.MC. [snip] Article: http://www.eweek.com/article2/0,1759,1849456,00.asp Updated Malicious Software Removal Tool: http://www.microsoft.com/security/malwareremove/default.mspx - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: zotob - blocking tcp/445
Oh,no -- not the Where will it end? defense. I should just go ahead and invoke Godwin's Law now and put us all out of thread misery... - ferg -- routerg [EMAIL PROTECTED] wrote: Where will the filtering end? Is your NSP/ISP responsible for filtering virii, spam, phishing? I'm not saying it wouldn't be nice, but considering the types of attacks we see coupled with the fact that many enterprise customers are service providers themselves, providing service to yet other service providers, it is very difficult to take their decission making power away. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
CNN: Worm strikes down Windows 2000 systems at multiple news organizat
Via CNN. [snip] A computer worm shut down computer systems running the Windows 2000 operating system across the United States on Tuesday, hitting computers at CNN, ABC and The New York Times. Around 5 p.m. computers began crashing at CNN facilities in New York and Atlanta. ABC said its problems began in New York about 1:30 p.m. The Caterpillar Co. in Peoria, Illinois also was reportedly affected. David Perry of Trend Micro said that the attack seems to have been triggered by a new worm, called worm--rbot.ebq. He said the symptoms -- computers repeatedly shutting down and rebooting -- was consistent with that virus. Johannes Ullrich, director of the Sans Institute, a network security firm in Jacksonville, Florida, said the outage also may have been caused by the Zotob worm, which was released last weekend. It will connect to a control server to ask for instructions. It scans network neighborhoods and tries to infect them, as well, Ullrich said. Several versions of the worm have been released, some as late as Tuesday, he said. [snip] http://www.cnn.com/2005/TECH/internet/08/16/computer.worm/index.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
MS05-039 Worm in the wild
From the SANS Internet Storm Center: [snip] Starting around 11:30 UTC, we've received several reports on a new worm variant that makes use of MS05-039 to spread. If you're not patched yet, this is your last call. F-Secure named the critter Zotob.A,http://www.f-secure.com/weblog/ We've also received a submission of a binary called pnpsrv.exe, which is recognized by ClamAV as Trojan.Spybot-123. Another reader has contributed evidence that a successful exploit by Zotob.A (or variant) The worm will download the main payload from the infecting machine. Once a machine is infected, it will become an ftp server itself. It will scan for open port 445/tcp. Once it finds a system with port 445 listening, it will try to use the PnP exploit to download and execute the main payload via ftp. Important facts so far: - Patch MS05-039 will protect you - Windows XP SP2 and Windows 2003 can not be exploited by this worm, as the worm does not use a valid logon. - Blocking port 445 will protect you (but watch for internal infected systems) - The FTP server does not run on port 21. It appears to pick a random high port. [snip] http://isc.sans.org/diary.php?date=2005-08-14 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: botnet reporting by AS - what about you?
Chris, I can assure you that the Drone Army project is not run that way, and is quite useful, effective, etc. The folks behind the DA Project are certainly professionals... ...and the infromation is quite useable, parse-able, and genuine. - ferg -- Christopher L. Morrow [EMAIL PROTECTED] wrote: perhaps we could back up and ask: 1) why are you not using the arin/ripe/apnic/japnic/krnic/lacnic poc's for these asn's? certainly some are not up to date, but there are a large number that are... 2) what is this for again? 3) are you planning on sending something to these poc's? 4) what are you planning on sending to them? 5) how often should they expect to see something, and from 'whom'? 6) looked at the INCH working group in IETF, thought about using some of these evolving standards for your alerts/messags/missives? 7) please don't send in bmp files of traceroutes (make the info you send in complete and usable... 'I saw a bot on ip 12' is not useable, as an fyi) -Chris -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: botnet reporting by AS - what about you?
Good suggestions for Gadi. ,-) - ferg -- Christopher L. Morrow [EMAIL PROTECTED] wrote: cool, among the 800k+ complaints we see a month (yes, 800k) there are quite a few completely useless ones :( Anything sent in as a complaint has to have complete and useful information, else it's hard/impossible to action properly. It'd help if the format it was sent in was also machine parseable :) With 800k+ complaints/month I'm not sure people want to spend time figuring each one out, a script/machine should be doing as much as possible. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: botnet reporting by AS - what about you?
I can understand that -- right on. :-) One must understand that this whole thing is a moving target, and perhaps the reporting features are just now maturing (now Gadi, don't make a liar out of me). Insofar as as detection methodologies, I'll have to defer to Gadi to elaboarate (illustrate?) them for a wide audience. Cheers! - ferg p.s. For what it's worth, I got a bit bloody last month neutralizing a pertty large Pertibot infection in a client network -- it was, at that point, new and undetectable by most AV vendor ID mechanisms. Like I said, moving target, etc. Hannigan, Martin [EMAIL PROTECTED] wrote: I was on it and unsubscribed. They wouldn't disclose the collection or validation process at that time. This made it useless for the most part as its hard to act on someones word without some idea of how they are getting their data and avoiding collateral damage. I'm not saying there aren't valid zombies on it, but my criteria for a list that identifies rogues includes trust. I have lists I felt were more trustworthy than DA. Things may have changed. Martin -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Fwd: Re: Dst. ports 33438, 33437 (64.95.255.255) [data393]
The following is some dialogue that I posted to the DShield.org list last night, trying to figure out why I was seeing these odd traceroute probes in my firewall logs at home. I post it here for two reasons: [1] Does anyone have any experience with InterNAP's FCP-500 product? I was looking for some additional technical info beyond what is on their web site. Contact me off-list, of course. And, [2] Just thought some of you might be interested. :-) - ferg -- Forwarded Message -- Just as an FYI follow-up to last night's e-mails from me to on the list [subject line above], I received this from InterNAP this morning. Though I'd share... - feeg -- Forwarded Message -- We have received the following notice regarding trace route traffic originating from our network, so I thought I would give respond to give you a bit of piece of mind. The packets you are seeing are actually a very GOOD thing. Our datacenter employs a technology which tunes BGP routing tables for outbound traffic to provide the highest performing route path. On average, this shaves 35-40ms off the round-trip time for network performance. The device which performs these operations is called an Internap FCP-500. You can view more information at http://www.internap.com/products/route-optimization.htm Chances are, your public IP address was part of communication with our datacenter. Since over 10,000 web sites are hosted in our center, it is a very likely case that you accessed a web site, which then triggered the performance platform to probe round-trip times via traditional trace route and ping protocols. Once you communicate with the datacenter for the first time, the device will continue to probe the pathway for performance data periodically, and adjust routes accordingly. The end result is, a better performing experience since the packets take the best performing pathway through the Internet from the datacenter to the end user. Regards, Susan Cook Susan Cook | AUP Enforcement [contact info elided] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Posted At: Wednesday, August 10, 2005 9:46 PM Posted To: Data393 Abuse Conversation: [ABUSE] Re: [Dshield] Dst. ports 33438, 33437 (64.95.255.255) [data393] Subject: [ABUSE] Re: [Dshield] Dst. ports 33438, 33437 (64.95.255.255) [data393] Internap has received an abuse complaint related to the possible distribution of unsolicited e-mail (spam) or a possible security violation from you or one of your customers. We are forwarding the complaint to you so that you may take appropriate measures to address the issue. The purpose of this message is to inform you of a complaint we have received as if you had received the complaint directly. We have not verified the accuracy of the complaint nor is this an accusation that the said incident has occurred. Internap will not embark upon any punitive action regarding spam or security complaints without explicitly and formally contacting you regarding a clear, verified complaint, or a pattern of abuse. Please refer to http://www.internap.com/about/policies.html for general questions regarding Internap's stance on spam or abuse. Please direct any questions regarding this specific issue to [EMAIL PROTECTED] -- Forwarded message -- From: Fergie (Paul Ferguson) removed@netzero.net Date: Thu, 11 Aug 2005 03:39:43 GMT To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Subject: Re: [Dshield] Dst. ports 33438, 33437 ...and, now I see an adjacent port as well: 2005-08-10 21:21:48 -05:00 877446811 64.94.45.10 14484 67.64.90.x 33436 udp 64.94.45.10 -- fcp-2.chg.pnap.net Hmmm. OrgName: Internap Network Services OrgID: PNAP Address: 250 Williams Street Address: Suite E100 City: Atlanta StateProv: GA PostalCode: 30303 Country: US NetRange: 64.94.0.0 - 64.95.255.255 CIDR: 64.94.0.0/15 NetName: PNAP-05-2000 NetHandle: NET-64-94-0-0-1 Parent: NET-64-0-0-0-0 NetType: Direct Allocation NameServer: NS1.PNAP.NET NameServer: NS2.PNAP.NET Comment: ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE RegDate: 2000-06-05 Updated: 2002-06-17 TechHandle: INO3-ARIN TechName: InterNap Network Operations Center TechPhone: +1-877-843-4662 TechEmail: [EMAIL PROTECTED] OrgAbuseHandle: IAC3-ARIN OrgAbuseName: Internap Abuse Contact OrgAbusePhone: +1-206-256-9500 OrgAbuseEmail: [EMAIL PROTECTED] OrgTechHandle: INO3-ARIN OrgTechName: InterNap Network Operations Center OrgTechPhone: +1-877-843-4662 OrgTechEmail: [EMAIL PROTECTED] # ARIN WHOIS database, last updated 2005-08-10 19:10 # Enter ? for additional hints on searching ARIN's WHOIS database. Tracing to: 64.94.45.10 1 legacy26-0.default.csail.mit.edu (18.26.0.1) [AS3] 0 ms 0 ms 0 ms 2 kalgan.trantor.csail.mit.edu (128.30.0.245) [AS40] 0 ms 0 ms 0 ms 3 B24-RTR-2-CSAIL.MIT.EDU (18.4.7.1) [AS3] 90 ms 96 ms 2 ms 4 EXTERNAL-RTR-2
@Home's 119 domain names up for sale
I know this is horribly off-topic, but seeing a reference to @Home kind made me a little nostalgic. :-) [snip] Apparently former high-speed Internet provider [EMAIL PROTECTED] once felt likewise. But At Home Liquidating Trust, successor to the once high-flying Internet darling [EMAIL PROTECTED], said Wednesday it is selling the former broadband company's 119 domain names. [snip] http://news.com.com/ExciteHomes+119+domain+names+up+for+sale/2100-1030_3-5826807.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Long walk off a short PIER revisited [Was: Re: IPv6 Address Planning]
Perhaps it's time to revisit PIER? Hey, it's only been ten (10) years, but perhaps it's worth consideration? Remember this: http://www.merit.edu/mail.archives/nanog/1995-08/msg00239.html [and] http://www.isi.edu/div7/pier/papers.html I think my name is on a few of those papers... ;-) - ferg -- [EMAIL PROTECTED] wrote: On Wed, Aug 10, 2005 at 09:26:08PM +0200, Iljitsch van Beijnum wrote: On 10-aug-2005, at 19:32, [EMAIL PROTECTED] wrote: so renumbering out of a /56 into a /48 is harder than renumbering out of a /124 into a /112 how? Having a /60 or a /48 is better than a /56 or a /48 because: we are not talking better/worse, we are talking the issues with renumbering... and the only credible argument you make is... 1. Most people who are going to encounter the problem realize that a / 60 isn't enough and go for the /48 immediately 2. Going from a /60 to a /48 would happen earlier than from a /56 to a /48 so there is less to renumber. less to renumber. which argues that folks should be given just the amount of space they need, not more. right? :) renumbering - regardless of version is hard... Not hard, inconvenient. inconvient/hard ... regardless of versioning (v4 or v6) it is not trival to renumber a network that is managable. primarly becuase application developers insist that the IP address is the nodes persistant identifier, Disagree. There are two issues: the DNS and access restrictions and similar based on IP addresses. The DNS can be fixed with some searching and replacing and/or dynamic DNS updates, but using literal IP addresses, especially in filters and such, isn't easy to solve because there are no reasonable alternatives in many cases. ok, you disagree. clearly we do not have the same understanding of global networks, end-system configuration and maintaince, and the demand for reliable, auditable logs. renumbering hosts is a breese in either version of predominate IP protocol, DHCP is your friend. That friend will kill all your sessions when you get a new address. Sniff. Tear. your DOA w/ IPv6 as well and IPv4 in a renumbering event. You want to maintain session awareness over a renumbering event? IPv6 is not going to help. You need HIP. DHCP implementations in IPv6 aren't ready for prime time either. that statement could be made of so many applications. Or if you want less robust functionality and semantic overload, you can use the RA/ND stuff in IPv6. How is that less robust and does it imply a semantic overload? DHCP is a protocol that has a long interoperability history. RA/ND does not. DHCP has many fine host configuration features .. some of which are being added to the RA/ND suite. Hence my claim of less robust. Semantic overload... hum... I want my router to route. infrastructure services should come from service boxes... in much the same way i want the police to direct traffic, not do my produce shopping, then take the goods home and prepare my meals. The police should do police work, routers should route. YMMV of course. Some people LIKE running their router, RA/ND, DHCP, and DNS, NTP, and WEB server off a single platform. Or due to cost constraints they bundle-up... I'm of the opinion that functional seperation is a good thing in the provisioning of network services. - regardless, renumbering from one address range to another is painful - CIDR -might- be helpful, but artifical constraints e.g /64 only serve to confuse. I agree. All boundaries between different parts of the address must be flexible. That includes the boundary at the end of the address. But I guess we have to save something for IPv7. IPv7, IPv8, and IPv9 are all registered w/ the IANA. then IPX is a Novell trademark so i think the next step would have to be IPv11.. --bill -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Weird traffic from data393.net [AS29863]?
Sent e-mails, etc. Anyone else seen BGP probe traffic claiming to be from Savvis? - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
FCC Bans VoIP Services Blocking
Via Red Herring: [snip] While much of the reaction to Fridays U.S. Federal Communications Commission ruling has been focused on ISPs, a policy statement issued as part of the commissions deregulation of DSL services could add much-needed legal protection for VoIP carriers such as Vonage and Skype. The FCC issued a statement that it does not want the newly freed DSL providers and cable operators to use their total control of their networks to interfere with the access rights of direct competitors such as VoIP providers. A policy statement does not have the legal teeth of a rule, but it does put telecommunications carriers and cable operators on notice that there are still aspects of broadband services delivery in which the FCC reserves the right to meddle. We need a watchful eye to ensure that network providers do not become Internet gatekeepers, with the ability to dictate who can use the Internet and for what purpose, said Michael J. Copps, one of two democrats on the FCC panel. Consumers do not want to be told that they cannot use their DSL line for VoIP, for streaming video, to access a particular news web site, or to play on a particular companys game machine. [snip] http://www.redherring.com/article.aspx?a=13071 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Cisco mulls buying Nokia?
I had to check the date to make sure it wasn't really April 1st A Reuters newswire article, via Yahoo! News, reports that: [snip] Cisco Systems Inc. is considering buying the world's top mobile handset maker Nokia in a bid to gain its wireless infrastructure technology, the Business newspaper reported on Sunday. The paper, which did not reveal the source of its information, said U.S.-based Cisco had traditionally concentrated on acquisitions of niche technology players, but its Chief Executive John Chambers is believed to be interested in merging with a wireless infrastructure company. Nokia has been identified as the most likely target, the paper said. Cisco, the largest maker of Internet equipment, is worth around $123 billion, while Nokia's market value is around $71 billion. The paper said Cisco's mainstay networking market was fast changing with the convergence of fixed-line and wireless networks, and Cisco needed a merger to acquire the technology to create intelligent wireless applications, which Finnish-based Nokia could provide. Cisco was not immediately available for comment. A Nokia spokeswoman in Helsinki declined to comment. [snip] http://news.yahoo.com/s/nm/20050807/bs_nm/telecoms_cisco_nokia_dc - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Cisco mulls buying Nokia?
Voice over WiFi? - ferg -- Rachael Treu Gomes [EMAIL PROTECTED] wrote: Strange... Explicit reference to how this would enable Cisco to gain purchase into the wireless space, but no mention of the impact on the popularity of Nokia platforms with a competing firewall vendor, Check Point. Any thoughts on VoIP? ymmv, --ra -- rachael treu gomes [EMAIL PROTECTED] ..quis custodiet ipsos custodes?.. (this email has been brought to you by the letters 'v' and 'i'.)
FCC Issues Rule Allowing FBI to Dictate Wiretap-Friendly Design for In ternet Services
Via the EFF website. [snip] Today the Federal Communications Commission (FCC) issued a release announcing its new rule expanding the reach of the Communications Assistance to Law Enforcement Act (CALEA). The ruling is a reinterpretation of the scope of CALEA and will force Internet broadband providers and certain voice-over-IP (VoIP) providers to build backdoors into their networks that make it easier for law enforcement to wiretap them. The Electronic Frontier Foundation (EFF) has argued against this expansion of CALEA in several rounds of comments to the FCC on its proposed rule. CALEA, a law passed in the early 1990s, mandated that all telephone providers build tappability into their networks, but expressly ruled out information services like broadband. Under the new ruling from the FCC, this tappability now extends to Internet broadband providers as well. Practically, what this means is that the government will be asking broadband providers - as well as companies that manufacture devices used for broadband communications to build insecure backdoors into their networks, imperiling the privacy and security of citizens on the Internet. It also hobbles technical innovation by forcing companies involved in broadband to redesign their products to meet government requirements. Expanding CALEA to the Internet is contrary to the statute and is a fundamentally flawed public policy, said Kurt Opsahl, EFF staff attorney. This misguided tech mandate endangers the privacy of innocent people, stifles innovation and risks the functionality of the Internet as a forum for free and open expression. [snip] http://www.eff.org/news/archives/2005_08.php#003876 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: FCC Issues Rule Allowing FBI to Dictate Wiretap-Friendly Design fo r In ternet Services
I realize that CALEA is primarily geared towards traditional wiretapping (esp. pen register), but given the machinations of other organaizations (which have also mobilzed law enforcement) such as the MPAA and the RIAA, one might also surmise that this also seems to be desired for not just VoIP services - ferg -- sjk [EMAIL PROTECTED] wrote: We all pay the bill with higher equipment costs, the maintenance of configurations, and possible storage costs. CALEA was bound to include VoIP services - given the definition telecom carrier in the act; however, as I recall -- and I may be wrong -- when CALEA was first passed the carriers were given tax breaks and subsidies to implement changes. Is such financial help being offered today? --sjk -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
FCC puts DSL on same footing as cable service
Marguerite Reardon writes in the C|Net News Broadband Blog: [snip] The Federal Communications Commission on Friday did away with old rules that require phone companies to share their infrastructure with Internet service providers. The new framework puts DSL service in line with cable modem services. Recently, the U.S. Supreme Court upheld the FCC's interpretation of cable modem service as an information service, which means it isn't required to share its infrastructure with competitors. The new rules could hurt ISPs such as EarthLink, which will be forced to negotiate wholesale deals with existing DSL providers. But DSL providers won't get off scott free. DSL providers will still be required to comply with wire tapping rules and disability requirements. And DSL providers will still contribute to the Universal Service Fund, at least for the next 270 days until the FCC can figure out another way to keep USF funded. [snip] http://news.com.com/2061-10785_3-5820294.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
OMB details milestones to move to IPv6
Apparently, the OMB has release a memo outlining it's IPv6 migration plans. From an article in GCN.com: [snip] Agencies may have until June 30, 2008, to transition to Internet Protocol Version 6, but the planning starts now. The Office of Management and Budget has released a memo [.pdf] that gives agencies until Nov. 15 to assign an official to coordinate the move to the new protocol and complete an inventory of existing routers, switches and hardware firewalls. [snip] http://www.gcn.com/vol1_no1/daily-updates/36579-1.html The OMB memo: http://www.whitehouse.gov/omb/memoranda/fy2005/m05-22.pdf - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
FCC expected to officially propose DSL deregulation on Thursday
United States Federal Communications Commission Chairman Kevin Martin is expected to officially propose the deregulation of DSL services from telecommunications carriers on Thursday. http://www.redherring.com/article.aspx?a=13022 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Problems at Microsoft?
Completely unrelated, but apparently Vonage is also having some problems this morning: http://gigaom.com/2005/08/03/massive-vonage-outage/ - ferg -- Richard A Steenbergen [EMAIL PROTECTED] wrote: On Wed, Aug 03, 2005 at 10:44:40AM -0400, Drew Weaver wrote: Hi there, we've had a few complaints about connectivity issues to Microsoft, is anyone else seeing a problem? Usually I get between 2-3MBps when I download from them, at the moment I get 8k/sec downloading http://download.microsoft.com/download/b/6/2/b624b535-644a-41e1-9727-812 dcd6bad87/E3SP1ENG.EXE (service pack 1 for exchange 03) from Both my network, and a monitoring server we have in chicago. Anyone else seen this? Seeing this from several locations. For all the locations I am looking from, it appears that their CDN service (Savvis footprint.net) has gone insane. From SBC on the west coast, it is going to what looks for all the world to be a cable modem in Korea: 19 catv09634.usr.hananet.net (210.180.96.34) 292.576 ms 218.396 ms 242.135 ms From a cable modem in Seattle behind broadwing, it is going to this, behind SBC in southern California: 1662 ms 61ms 50 ms Savvis-CDN-IAF1075825.cust-rtr.pacbell.net [69.108.147.58] From the northern VA area: 7 cdn-colo.Frankfurtfrx.savvis.net (208.174.60.2) 90.626 ms 90.722 ms 90.661 ms Makes you wonder if they'll be switching back to Akamai soon. :) -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
FCC delays meeting 'til Friday....
[snip] The Federal Communications Commission delayed its monthly meeting as its chairman worked Wednesday to build support for relaxing rules governing high-speed Internet services offered by phone companies. The meeting, scheduled for Thursday, was pushed back to Friday. [snip] http://news.yahoo.com/news?tmpl=storyu=/ap/20050803/ap_on_go_ot/fcc_broadband - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: an economics lesson for the FCC chairman Re: FCC delays meeting 't il Friday....
Gordon, You should know better -- the edge, economically, always wins. This is where the money is. And this _is_ a busines, no longer a science experiment. But this eventual discussion does not belong here... - ferg -- Gordon Cook [EMAIL PROTECTED] wrote: But John Seely Brown, ex ceo of xerox parc doesn't believe it. He and john Hagel have a new book saying that capabilities for wealth creation are found at the edge. (The title is The Only Sustainable Edge.) If these guys are right, and i think they are, then edge based community owned and operated networks are the only way forward. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by pa cket filter
Philip, This sounds very much like a bully -- 2 /16's are a major problem, as opposed to a single /8? Where is the major heartburn in this particlualr case? I could understand if here were lots of farctured annnounced space (granted: I haven't checked this yet), but what's up with that? - ferg -- Philip Smith [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] said the following on 4/8/05 12:03: FWIW, if you don't announce your aggregate, do not be surprised if you experience continued disconnectivity to many parts of the Internet. Some SPs notice that SoftbankBB have received 126/8, so will likely filter as such. Leaking sub-prefixes may be fine for traffic engineering, but this generally only works best if you include a covering aggregate. Try including your /8 announcement and see if this improves reachability for you. Out of curiosity, why pick on a /16 for traffic engineering? Most people tend to analyse traffic flows and pick the appropriate address space size as a subdivision. Or do you have 256 links to upstream ISPs and need that level of fine-tuning? best wishes, philip
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by pa cket filter
Mea culpa: I meant a few /16's as opposed to 2... No flames, it's too late... - ferg -- Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: Philip, This sounds very much like a bully -- 2 /16's are a major problem, as opposed to a single /8? Where is the major heartburn in this particlualr case? I could understand if here were lots of farctured annnounced space (granted: I haven't checked this yet), but what's up with that? - ferg -- Philip Smith [EMAIL PROTECTED] wrote: [EMAIL PROTECTED] said the following on 4/8/05 12:03: FWIW, if you don't announce your aggregate, do not be surprised if you experience continued disconnectivity to many parts of the Internet. Some SPs notice that SoftbankBB have received 126/8, so will likely filter as such. Leaking sub-prefixes may be fine for traffic engineering, but this generally only works best if you include a covering aggregate. Try including your /8 announcement and see if this improves reachability for you. Out of curiosity, why pick on a /16 for traffic engineering? Most people tend to analyse traffic flows and pick the appropriate address space size as a subdivision. Or do you have 256 links to upstream ISPs and need that level of fine-tuning? best wishes, philip
Telecoms Struggle As FCC e911 Compliance Deadline Nears
Operationally relevent, methinks. W. David Gardner writes in TechWeb News: [snip] In the race to meet FCC emergency 911 (e911) requirements, two firms log some progress, while another seeks a waiver. Under pressure to meet the FCC mandate to activate 911 service by the end of the year, Vonage and Telecommunication Systems (TCS) said Tuesday they will send VoIP E911 kits to provide vital communication information to thousands of Public Safety Answering Points (PSAPs) beginning in mid-August. At the same time, Nextel has informed the FCC that it would seek a waiver from the FCC mandate that 95 percent of handsets be in compliance with location pinpointing regulations by Dec. 31, the Reuters news agency reported Monday. Nextel said 70 percent of its customers phone will be in compliance by the deadline, but it could take as much as two more years for the FCC goal to be fully met. [snip] http://www.techweb.com/wire/networking/167100209 - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Cisco gate and Meet the Fed at Defcon....
No one ever said the Internet wasn't chock full of contradictions. One one hand, we have what some are now calling Cisco gate: http://news.com.com/Hackers+rally+behind+Cisco+flaw+finder/2100-1002_3-5812044.html ...and on the other hand, we have the DOD Cyber Crime Center folks at Defcon looking to hire people: http://news.com.com/2061-10789_3-5812102.html Wow, what a world, huh? ;-) - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Boing Boing: Mike Lynn presentation mirrors and legal fund
Over on Boing Boing: [snip] You-all have come through with many, many mirrors for Mike Lynn's controversial Black Hat presentation in which he quit his job, described critical vulnerabilities in Cisco equipment and got sued by his employer, the candyasses at ISS. See the end of the post for lots of links -- the paranoid among you can verify mirrors via this MD-5 hash: 559942447c88086fa1304c38f9d0242c. There's a legal-defense fund for Lynn that's gearing up now. Paypal your donations to [EMAIL PROTECTED] Money that is collected and not used will be donated to EFF. [snip] http://www.boingboing.net/2005/07/30/mike_lynn_presentati.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Cisco Security Advisory: IPv6 Crafted Packet Vulnerability
Got v6? - ferg [snip] Summary Cisco Internetwork Operating System (IOS®) Software is vulnerable to a Denial of Service (DoS) and potentially an arbitrary code execution attack from a specifically crafted IPv6 packet. The packet must be sent from a local network segment. Only devices that have been explicitly configured to process IPv6 traffic are affected. Upon successful exploitation, the device may reload or be open to further exploitation. Cisco has made free software available to address this vulnerability for all affected customers. This advisory will be posted at: http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml [snip] -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Boing Boing: Michael Lynn's controversial Cisco security presentation
Over on Boing Boing: [snip] Here's a PDF that purports to be Michael Lynn's presentation on Cisco's critical vulnerabilities (The Holy Grail: Cisco IOS Shellcode And Exploitation Techniques), delivered at last week's Black Hat conference. Lynn's employer, ISS, wouldn't let him deliver the talk (they'd been leant on by Cisco), so Lynn quit his job, walked onstage and delivered it anyway. (See yesterday's post and Scheneier's take for more). 1.9MB PDF Link [snip] http://www.boingboing.net/2005/07/29/michael_lynns_contro.html I think these guys better prepare for the slashdot effect... :-) - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
RE: Boing Boing: Michael Lynn's controversial Cisco security presentat ion
Now the FBI is investigating Lynn for criminal wrongdoing? Kim Zetter writes in Wired News this morning that: [snip] The FBI is investigating a computer security researcher for criminal conduct after he revealed that critical systems supporting the internet and many networks have a serious software flaw that could allow someone to crash or take control of the routers. [and] The FBI declined to discuss the case. [snip] http://www.wired.com/news/politics/0,1283,68356,00.html - ferg Over on Boing Boing: [snip] Here's a PDF that purports to be Michael Lynn's presentation on Cisco's critical vulnerabilities (The Holy Grail: Cisco IOS Shellcode And Exploitation Techniques), delivered at last week's Black Hat conference. Lynn's employer, ISS, wouldn't let him deliver the talk (they'd been leant on by Cisco), so Lynn quit his job, walked onstage and delivered it anyway. (See yesterday's post and Scheneier's take for more). 1.9MB PDF Link [snip] http://www.boingboing.net/2005/07/29/michael_lynns_contro.html
eWeek: Cisco Comes Clean on Extent of IOS Flaw
http://www.eweek.com/article2/0,1759,1841669,00.asp - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: eWeek: Cisco Comes Clean on Extent of IOS Flaw
As an aside, I like John Murrell's headline in Good Morning, Silicon Valley best of all -- Cisco patches security researcher vulnerability http://blogs.siliconvalley.com/gmsv/2005/07/cisco_patches_s.html ;-) - ferg -- Saku Ytti [EMAIL PROTECTED] wrote: I guess someone has to yell wolf every now and then to interest people in maintaining their systems. -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/