Re: Open, anonymous services and dealing with abuse

2004-02-17 Thread Mark Turpin 

On Tue, 17 Feb 2004, Daniel Reed wrote:

> I am not sure it will take any major coordinated effort. For many outbreak
> incidents, the CDC would respond in the U.S., other agencies would respond
> elsewhere.

To perform a traceback in the US the CDC works with hospitals,
doctors, etc. since they have the authority to do so.  Which body has
that authority within the US (and knows how to use it).  Law
enforcement comes to mind, but that doesn't scale.

Nor is this the right place to discuss that issue ;)

>
> Coincidentally enough, CNN.com just posted an article "Your PC could be a
> 'spam zombie'" .
> The provider mentioned appears to be turning off customers [unwittingly]
> involved in abuse without any major coordinated effort behind them. (And I
> am sure there other examples of providers taking such action.)

Everyone knows about/of spam.  Does everyone know about DoS?  I'm just
throwing it out there as an example, I don't really want to get in to
who should know what, etc...  These problems [as all issues] are
a topic that only those passionate few [those typically affected by
it] truly seek resolution.  I believe it is human (or maybe just
American?) nature to not care until something affects you.

alas, i'm lacking operational content, so this is my final bit of
input on the matter.

-mark

Re: Open, anonymous services and dealing with abuse

2004-02-17 Thread Mark Turpin 

On Mon, 16 Feb 2004, Daniel Reed wrote:

> paid regularly, or their budgets are kept low, etc.  Many will have RFC 2142
> contacts, but appear to discard incoming mail. Some, such as Charter
> Communications, do not even have these mandatory addresses (mail is not
> accepted for <[EMAIL PROTECTED]>).

while they do not conform to the RFC, they receive accept mail at/for
[EMAIL PROTECTED]

[This would be the domain w/o outsourced MX...]

> And on the other hand, it is the CDC that would perform an outbreak
> isolation, not the restaurant staff.

You're talking about a concerted effort.  So far, I haven't seen the
levels of cooperation between providers that is required.  I'm all for
everyone holding hands and squashing out issues.  But until you get
past the isolationist mindset (you must be sick of me saying that by
now) good luck...

I think we're both in agreement that until * starts saying "If I
don't stop this today, it will hurt me tomorrow", that the
cooperation required to address and stop these issues will be nil.

-mark

users of xacct?

2002-05-10 Thread Mark Turpin 


I'm interested to hear from those of you that might be using xacct, and your thoughts
on the product.  To keep traffic down on the list, just reply to me.

If you are providing cable modem service and using xacct I'd really like to talk to 
you.

For those of you that ask for a summary of the replies I receive, I will
pass opinions, not names.

Thanks,
-Mark

-- 
To a dog, you're one of the family. To a cat, you're one of the help.

Re: Effective ways to deal with DDoS attacks?

2002-05-02 Thread Mark Turpin 


On Thu, May 02, 2002 at 09:41:33AM -0700, LeBlanc, Jason wrote something like this:

> 
> There are some limitations as to where uRPF works, SONET only on GSRs for
> example (thanks Cisco).  I believe it will work on 65xx (SUP1A and SUP2 I
> think) regardless of interface type.  Impact should be minimal, as it simply
> does a lookup in the CEF table, if the route isn't there it discards.  Keep
> in mind this is NOT a filter, so the impact is much less, it is simply a CEF
> lookup, much more efficient than a filter.  This will get rid of a HUGE
> percentage of spoofed packets that hit your network, and would also work
> pretty well if you are the source of an attack.  There is some debate as to
> whether you must not have ANY RFC1918 space for this to work.  We're trying
> to find this out (not a priority), if I get info I'll post.
> 

hmm... either you're being extremely vague, or you misunderstand how RPF works.
http://www.cisco.com/univercd/cc/td/doc/product/software/ios121/121cgcr/secur_c/scprt5/scdrpf.htm

Its not checking cef to see if a route is there its making sure that a packet
received on an interface came in on an interface that is the best return path
to reach that packet.

thereby explaining why multihomed customers will get borked in the event of using rpf.

enjoy,
-mark
-- 
 Support your local medical examiner--die strangely.

Re: IS-IS information

2002-04-25 Thread Mark Turpin 


On Thu, Apr 25, 2002 at 06:33:25PM -0400, Randy Bush wrote something like this:
> 
> the gossip i am getting is that today is a particularly appropriate
> day to be reading the cisco is-is book
> 
> randy

no default-information originate klez.virus 
should remedy the situation.

-Mark
-- 
  Today I will create a crisis situation so I can feel really alive.

Re: IS-IS information

2002-04-25 Thread Mark Turpin 


btw the permissions were wrong. 

they are fixed now, enjoy.

-Mark
-- 
  War is peace. Freedom is slavery. Ketchup is a vegetable.

Re: IS-IS information

2002-04-25 Thread Mark Turpin 


On Thu, Apr 25, 2002 at 05:00:05PM -0400, Greg Pendergrass wrote something like this:

> implementations. Any suggestions?
> 
> Greg
> 

Greg,

Here's one document I received from Cisco.  It was useful to me.
http://gomez.charter.com/~mark/ISISintro.pdf

-Mark
-- 
   Read this tagline, or we shoot this dog.