Streaming: Where are the Slides?
I was curious if it was possible to ask the excellent videographers at the NANOG conference to re-enable the slides over the Real Audio videostream. The slides were visible yesterday, but today they are not. Much of what the speakers say refer to the slides. More importantly it's much more useful using the video channel to see the slides than to seeing images of the speaker. Thanks for anything that can be done about this before the tutorials are over, and thanks for the awesome streaming job. Video and audio has been coming in great in Florida. pj __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com
(fwd) Re: Arbor Networks DoS defense product
Forgot to include nanog - Forwarded message from PJ [EMAIL PROTECTED] - Date: Wed, 15 May 2002 17:50:01 -0700 From: PJ [EMAIL PROTECTED] Subject: Re: Arbor Networks DoS defense product To: Clayton Fiske [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] Reply-To: PJ [EMAIL PROTECTED] User-Agent: Mutt/1.3.25i On Wed, 15 May 2002, Clayton Fiske wrote: On Wed, May 15, 2002 at 05:22:39PM -0700, PJ wrote: Are you now operating under the premise that scans != anything but the prelude to an attack? Sorry if I missed it earlier in the thread, but I would hate to think any legitimate scanning of a network or host would result in a false positive. Even more, I would hate to see the advocation of a hostile reaction to what, so far, is not considered a crime. So you can think of a perfectly legitimate reason to scan someone else's netblocks on specific TCP ports? -c Has no one ever tested firewall rules from external networks? The fact remains is that a scan != an attack. PJ -- The worst thing one can do is not to try, to be aware of what one wants and not give in to it, to spend years in silent hurt wondering if something could have materialized -- and never knowing. -- David Viscott
Re: Arbor Networks DoS defense product
On Wed, 15 May 2002, Johannes B. Ullrich wrote: Even more, I would hate to see the advocation of a hostile reaction to what, so far, is not considered a crime. I agree. Scanning is no crime. But blocking isn't a crime either. Agreed. But this blocking still will do no good. My previous questions still stand. What about timing? What about breaking up segements of the network to be scanned by different hosts? How many hits on the linemines constitute blocking? Are you blocking hosts or networks? Either way, what about dynamic ips? What about scans done from different networks other than that which the supposed attacker is originating from. Universitys, unsecured wireless lans, etc. PJ -- Art is a lie which makes us realize the truth. -- Picasso
Re: Arbor Networks DoS defense product
On Wed, 15 May 2002, Clayton Fiske wrote: On Wed, May 15, 2002 at 06:04:40PM -0700, PJ wrote: Sorry for not including nanog in the reply. What about MAPS? They routinely scan netblocks without consent. Does this tool differenciate between local and non-local scanning? Scanning is The tool in question may not even exist yet. There is no preset definition of how it has to work. Perhaps it can be evolved enough to where it only triggers when an exploit is attempted, rather than just on a TCP connection. Granted. However, if it's not yet in existance, these are good questions to be asked now instead of later, no? I would feel much better about it if it was triggered by an exploit, instead of a connection. still not a crime and it will still do nothing to deter anyone with hostile intentions. This is just a bandaid to avoid taking proper security precautions. I can take all the proper security precautions and it doesn't stop third party network A from being exploited and later used to attack me. The point of this is that it will help identify a specific host which is scanning many blocks belonging to many different networks. If they hit several landmines in my network, I might be concerned. If they hit landmines in my network and 6 others to which I have no affiliation, the net as a whole might want to know about it. Granted. However, the suggestion to place said host/network into some sort of BGP black hole, has it's problems. The community has a whole already has an idea of which networks have an greater precentage of attacks originating from it, an alert is fine, a pre-emptive strike in the absence of an actual attack is not. I don't think anyone said this was intended to take the place of security on their own networks. But I don't see how that aspect makes this a bad tool on its own either way. Yes, that was perhaps an implication made on my part. However, there are still concerns with the idea that have yet to be addressed. PJ -- Art is a lie which makes us realize the truth. -- Picasso
Re: portscan?
On Mon, 06 May 2002, blitz wrote: I know theres knowledgable opinion on this list on this topic. Besides Gibson's (www.grc.com) port scan and www.DSLreports.com port scanning tools, is there any others you folks have found that are reliable and don't breed spam? TIA Marc Shell account on an outside box + NMAP? http://www.insecure.org/nmap/ If you're looking for a web-based public utility, http://www.linux-sec.net/Audit/nmap.test.gwif.html has a lot of links to check out. PJ -- The best prophet of the future is the past.
