RE: Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0)
People, and manage them appropriately. >-Original Message- >From: Sean Donelan [mailto:[EMAIL PROTECTED] >Sent: Tuesday, October 07, 2008 11:07 AM >To: [EMAIL PROTECTED] >Cc: nanog@nanog.org >Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber >counterattacksystem(Einstein 3.0) > >On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote: >> On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said: >>> What about exceeding the minimum requirements for a change. >> (I think you'll find that if somebody is actually willing to *pay* for >more >> security, there's plenty of outfits who are more than happy to make it >happen) > >What should the US Government buy for more security? And how can the US >Government make sure they actually get what they are paying? >
Re: Nanog 44 Hockey Event -- Last Call
> Date: Tue, 7 Oct 2008 21:25:26 -0700 > From: "Paul Ferguson" <[EMAIL PROTECTED]> > > Go sharks. :-) All Right! Maybe we can have a nice teal-clad group down in LA. Sharks! -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 pgpkBLloYHRZ3.pgp Description: PGP signature
Re: Nanog 44 Hockey Event -- Last Call
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Go sharks. :-) - - ferg On Tue, Oct 7, 2008 at 9:20 PM, Ralph E. Whitmore, III <[EMAIL PROTECTED]> wrote: > For those that are attending NANOG 44 and interested in catching the: > > Los Angeles Kings vs. the San Jose Sharks NHL Hockey game -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI7DYyq1pz9mNUZTMRAqFwAJ0Y072Gu3QIgJ8KafO6NsDaqe8UUACeLHEt Jxe4cJn7pulvJLt6FnHoF/o= =pk5R -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Nanog 44 Hockey Event -- Last Call
For those that are attending NANOG 44 and interested in catching the: Los Angeles Kings vs. the San Jose Sharks NHL Hockey game If you are interested in going and have not already contacted me about the game please be sure to do so Before 3PM today Wednesday Oct. 8th at either 310-856-0550. You may speak to Myself Ralph or my Assistant Nancy. Tickets are $90.50 each and we will be sitting In sections 112-114 based on the total number of people that go. Thus far we have a group of 10 people going to the game. Be sure to let me ASAP. Ralph Whitmore InterWorld Communications, Inc. 310-856-0550 M-F 9A-6P
RE: OK, who's the idiot using tcwireless.us?
The person responsible already posted about this about 4 hours ago, BTW; further speculation is obsolete. :) - S -Original Message- From: Owen DeLong [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 9:11 PM To: Christopher LILJENSTOLPE Cc: nanog@nanog.org Subject: Re: OK, who's the idiot using tcwireless.us? Active address validation, perhaps? Owen On Oct 7, 2008, at 3:05 PM, Christopher LILJENSTOLPE wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Greetings, > > I agree with Howard here, I don't think this is a mis- > configuration, but a harvest attempt. The "mailserver" is in > different messages, and I can't see how that could get misconfigured > in a honest validation server. My guess is that someone is trolling > the archives, and sending this back? Why, I have no idea, given > they already can see the sending address. > > Chris > > On 07 Oct 2008, at 13.14, [EMAIL PROTECTED] wrote: > >> Somebody on the NANOG mailing list has their mail pointing to >> tcwireless.us, >> which is throwing challenge/response mail like the following: >> >> >> Your message >> >> From: [EMAIL PROTECTED] >> To: n3td3v <[EMAIL PROTECTED]> >> Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber >> counterattack system ( >> Einstein 3.0) >> Date: 10/6/2008 >> >> has been just received by gmail.com mailserver. >> >> To prove that your message was sent by a human and not a computer, >> please >> visit the URL below and type in the alphanumeric text you will see >> in the >> image. You will be asked to do this only once for this recipient. >> >> http://mail.tcwireless.us/challenge/?folder=2008100614384085099427 >> >> Your message will be automatically deleted in a few days if you do >> not >> confirm this request. >> >> = >> DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT. >> = >> >> Note it says 'gmail.com mailserver'. Paul Ferguson reported to me >> that the one >> he saw said 'received by vt.edu mailserver'. Also note that the >> From/To >> has lost nanog@nanog.org - for both my note and Paul's (in fact, >> looking at >> Paul's actual posting and mine show nanog@nanog.org as being the >> only common >> link, thus the "must be a nanog subscriber" conclusion). >> >> Please, if you're going to use a C/R, at least learn how to >> whitelist the >> mailing lists you're on. And if you can't figure out how to do >> that, please >> do us all a favor and not try to run an operational network... > > - --- > 李柯睿 > Check my PGP key here: > http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB67593B > > > > > -BEGIN PGP SIGNATURE- > > iQEcBAEBAgAGBQJI690kAAoJEGmx2Mt/+Iw/awkH/j/goIY2MuQYfMkGVCmBVlMx > vrFACJFUdM3kFSw1KuB5l0s7U62JIuxoCMkIFuEU1xtXQzNMbmYytlkIq/oNY31q > VEaEcG6khM7oxDrbbc4TgFVHm195o1mKYhK8TMPr5WBq9RIgY+n2iWFYfi/kIR0x > R5VgKG2LUFOJr2i/400X8UGbq5DJAbStJf7FrqIWAQCsgtEVPSSp/cMrjujG4iPD > 1mH4x76q3RrrMfUpcELs/LAE55eBPMFXAUx4lk13QKVhp7xkK5lkQWlUvEOUQKmQ > zDCsj0Lu2sOPldZFszcKUQNuHQE3Bp8j3MNJ1vMBqSH2m+Gdh+Wwu3TRq8F1QaM= > =flGu > -END PGP SIGNATURE-
Re: OK, who's the idiot using tcwireless.us?
Active address validation, perhaps? Owen On Oct 7, 2008, at 3:05 PM, Christopher LILJENSTOLPE wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, I agree with Howard here, I don't think this is a mis- configuration, but a harvest attempt. The "mailserver" is in different messages, and I can't see how that could get misconfigured in a honest validation server. My guess is that someone is trolling the archives, and sending this back? Why, I have no idea, given they already can see the sending address. Chris On 07 Oct 2008, at 13.14, [EMAIL PROTECTED] wrote: Somebody on the NANOG mailing list has their mail pointing to tcwireless.us, which is throwing challenge/response mail like the following: Your message From: [EMAIL PROTECTED] To: n3td3v <[EMAIL PROTECTED]> Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system ( Einstein 3.0) Date: 10/6/2008 has been just received by gmail.com mailserver. To prove that your message was sent by a human and not a computer, please visit the URL below and type in the alphanumeric text you will see in the image. You will be asked to do this only once for this recipient. http://mail.tcwireless.us/challenge/?folder=2008100614384085099427 Your message will be automatically deleted in a few days if you do not confirm this request. = DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT. = Note it says 'gmail.com mailserver'. Paul Ferguson reported to me that the one he saw said 'received by vt.edu mailserver'. Also note that the From/To has lost nanog@nanog.org - for both my note and Paul's (in fact, looking at Paul's actual posting and mine show nanog@nanog.org as being the only common link, thus the "must be a nanog subscriber" conclusion). Please, if you're going to use a C/R, at least learn how to whitelist the mailing lists you're on. And if you can't figure out how to do that, please do us all a favor and not try to run an operational network... - --- 李柯睿 Check my PGP key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB67593B -BEGIN PGP SIGNATURE- iQEcBAEBAgAGBQJI690kAAoJEGmx2Mt/+Iw/awkH/j/goIY2MuQYfMkGVCmBVlMx vrFACJFUdM3kFSw1KuB5l0s7U62JIuxoCMkIFuEU1xtXQzNMbmYytlkIq/oNY31q VEaEcG6khM7oxDrbbc4TgFVHm195o1mKYhK8TMPr5WBq9RIgY+n2iWFYfi/kIR0x R5VgKG2LUFOJr2i/400X8UGbq5DJAbStJf7FrqIWAQCsgtEVPSSp/cMrjujG4iPD 1mH4x76q3RrrMfUpcELs/LAE55eBPMFXAUx4lk13QKVhp7xkK5lkQWlUvEOUQKmQ zDCsj0Lu2sOPldZFszcKUQNuHQE3Bp8j3MNJ1vMBqSH2m+Gdh+Wwu3TRq8F1QaM= =flGu -END PGP SIGNATURE-
Re: OK, who's the idiot using tcwireless.us?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Greetings, I agree with Howard here, I don't think this is a mis-configuration, but a harvest attempt. The "mailserver" is in different messages, and I can't see how that could get misconfigured in a honest validation server. My guess is that someone is trolling the archives, and sending this back? Why, I have no idea, given they already can see the sending address. Chris On 07 Oct 2008, at 13.14, [EMAIL PROTECTED] wrote: Somebody on the NANOG mailing list has their mail pointing to tcwireless.us, which is throwing challenge/response mail like the following: Your message From: [EMAIL PROTECTED] To: n3td3v <[EMAIL PROTECTED]> Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system ( Einstein 3.0) Date: 10/6/2008 has been just received by gmail.com mailserver. To prove that your message was sent by a human and not a computer, please visit the URL below and type in the alphanumeric text you will see in the image. You will be asked to do this only once for this recipient. http://mail.tcwireless.us/challenge/?folder=2008100614384085099427 Your message will be automatically deleted in a few days if you do not confirm this request. = DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT. = Note it says 'gmail.com mailserver'. Paul Ferguson reported to me that the one he saw said 'received by vt.edu mailserver'. Also note that the From/To has lost nanog@nanog.org - for both my note and Paul's (in fact, looking at Paul's actual posting and mine show nanog@nanog.org as being the only common link, thus the "must be a nanog subscriber" conclusion). Please, if you're going to use a C/R, at least learn how to whitelist the mailing lists you're on. And if you can't figure out how to do that, please do us all a favor and not try to run an operational network... - --- 李柯睿 Check my PGP key here: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0xCB67593B -BEGIN PGP SIGNATURE- iQEcBAEBAgAGBQJI690kAAoJEGmx2Mt/+Iw/awkH/j/goIY2MuQYfMkGVCmBVlMx vrFACJFUdM3kFSw1KuB5l0s7U62JIuxoCMkIFuEU1xtXQzNMbmYytlkIq/oNY31q VEaEcG6khM7oxDrbbc4TgFVHm195o1mKYhK8TMPr5WBq9RIgY+n2iWFYfi/kIR0x R5VgKG2LUFOJr2i/400X8UGbq5DJAbStJf7FrqIWAQCsgtEVPSSp/cMrjujG4iPD 1mH4x76q3RrrMfUpcELs/LAE55eBPMFXAUx4lk13QKVhp7xkK5lkQWlUvEOUQKmQ zDCsj0Lu2sOPldZFszcKUQNuHQE3Bp8j3MNJ1vMBqSH2m+Gdh+Wwu3TRq8F1QaM= =flGu -END PGP SIGNATURE-
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
On Tue, 7 Oct 2008, Steven M. Bellovin wrote: On Tue, 7 Oct 2008 14:07:04 -0400 (EDT) Sean Donelan <[EMAIL PROTECTED]> wrote: On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote: On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said: What about exceeding the minimum requirements for a change. (I think you'll find that if somebody is actually willing to *pay* for more security, there's plenty of outfits who are more than happy to make it happen) What should the US Government buy for more security? And how can the US Government make sure they actually get what they are paying? Right. The US government is a *huge* operation. Suppose you were the CIO or the CSO for the US government (excluding the classified stuff) -- what is the proper cybersecurity strategy? Quit. More seriously though, you are far more likely to be in charge of certifying products for acquisition, and run after the different offices, agencies and organizations for cooperation. So a first step would be to try and make yourself useful to them, and develop personal relationships with those who do want to work with you, in order to start facilitating information sharing and incident response. I'd also try and get as many logs, flows, etc. I can get and build a main monitoring system. Being in "charge" is simply not possible or practical. Following the networks is indeed the first step. Gadi. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Yahoo postmaster around?
Argghhh, the downside to migrating to new mailserver IPs is rebuilding your rep on the new IPs. Are there any Yahoo postmaster's around? Please contact me offlist, thx -mark -- Mark Jeftovic <[EMAIL PROTECTED]> Founder / President, easyDNS Technologies Inc. Company Website: http://www.easyDNS.com I ramble pointlessly from my blog: http://www.PrivateWorld.com
RE: Fwd: cnn.com - Homeland Security seeks cybercounterattacksystem(Einstein 3.0)
In patient care systems, we would convince the doctors that didn't want Linux by saying "would you like a blue screen of death to be literal?" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 6:00 PM To: [EMAIL PROTECTED] Cc: nanog@nanog.org Subject: Re: Fwd: cnn.com - Homeland Security seeks cybercounterattacksystem(Einstein 3.0) On Tue, 07 Oct 2008 14:54:33 PDT, Scott Weeks said: > http://upload.wikimedia.org/wikipedia/commons/5/57/USS_Yorktown.jpg > > was rendered unusable by a sh!++y OS? !!! To be fair, designing a system that could be dead in the water if one component bluescreened probably wasn't a wise idea either, and one totally separate from the actual choice of operating system. Even Solaris and AIX crash if sufficiently provoked. But it's no surprise that the same designers who created it with a single point of failure then turned around and implemented the critical component with likely-to-fail thechnology. "Windows NT 4.0 - the choice of unclued systems designers everywhere" :)
RE: Fwd: cnn.com - Homeland Security seeks cybercounterattacksystem(Einstein 3.0)
Ah, it's a bit worse. This is the ship that ran Windows. http://upload.wikimedia.org/wikipedia/commons/thumb/a/a1/USS_Yorktown_%28CG- 48%29%3B04014806.jpg/300px-USS_Yorktown_%28CG-48%29%3B04014806.jpg You have a picture of the World War II carrier. Now, this one, the second ship of the class, has been retired, but that's because it had old-style missile launchers that were not cost-effective to update. -Original Message- From: Scott Weeks [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 5:55 PM To: nanog@nanog.org Subject: RE: Fwd: cnn.com - Homeland Security seeks cybercounterattacksystem(Einstein 3.0) ---Original Message--- From: *Hobbit* [mailto:[EMAIL PROTECTED] We've got plenty of military toyz we could level at Redmond... --- - [EMAIL PROTECTED] wrote: - From: "Howard C. Berkowitz" <[EMAIL PROTECTED]> This one? http://www.wired.com/science/discoveries/news/1998/07/13987 This: http://upload.wikimedia.org/wikipedia/commons/5/57/USS_Yorktown.jpg was rendered unusable by a sh!++y OS? !!! BWAHAHAHAHA! GREAT link! I needed to smile as I constantly go through Micro$loth vs. *nix arguments here. :-) "Using Microsoft's Windows NT operating system in such a critical environment, some engineers said, was a bad move. " - The sky is blue, too. "Technically, Windows NT Server 4.0 is no match for any Unix operating system." - DUH!
Re: Fwd: cnn.com - Homeland Security seeks cybercounterattack system(Einstein 3.0)
Scott Weeks wrote: This: http://upload.wikimedia.org/wikipedia/commons/5/57/USS_Yorktown.jpg was rendered unusable by a sh!++y OS? !!! Um, no, that one was rendered unusable by Japanese bombs and torpedoes at Midway in 1942. This: http://en.wikipedia.org/wiki/USS_Yorktown_(CG-48) was what was taken down by Windows NT. -- Jeff Shultz
Re: Fwd: cnn.com - Homeland Security seeks cybercounterattack system(Einstein 3.0)
On Tue, 07 Oct 2008 14:54:33 PDT, Scott Weeks said: > http://upload.wikimedia.org/wikipedia/commons/5/57/USS_Yorktown.jpg > > was rendered unusable by a sh!++y OS? !!! To be fair, designing a system that could be dead in the water if one component bluescreened probably wasn't a wise idea either, and one totally separate from the actual choice of operating system. Even Solaris and AIX crash if sufficiently provoked. But it's no surprise that the same designers who created it with a single point of failure then turned around and implemented the critical component with likely-to-fail thechnology. "Windows NT 4.0 - the choice of unclued systems designers everywhere" :) pgpa3ucVeqFpT.pgp Description: PGP signature
RE: Fwd: cnn.com - Homeland Security seeks cybercounterattack system(Einstein 3.0)
---Original Message--- From: *Hobbit* [mailto:[EMAIL PROTECTED] We've got plenty of military toyz we could level at Redmond... --- - [EMAIL PROTECTED] wrote: - From: "Howard C. Berkowitz" <[EMAIL PROTECTED]> This one? http://www.wired.com/science/discoveries/news/1998/07/13987 This: http://upload.wikimedia.org/wikipedia/commons/5/57/USS_Yorktown.jpg was rendered unusable by a sh!++y OS? !!! BWAHAHAHAHA! GREAT link! I needed to smile as I constantly go through Micro$loth vs. *nix arguments here. :-) "Using Microsoft's Windows NT operating system in such a critical environment, some engineers said, was a bad move. " - The sky is blue, too. "Technically, Windows NT Server 4.0 is no match for any Unix operating system." - DUH!
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
I think I may have found a spin for the political statements: With the USA government so focused on blaming "axis of evil" countries for all its woes, perhaps the statement was really meant to say that should setup some botnet attack against our systems, the USA would retaliate by setting up a botnet attack against the own systems. Basically, if Canada were to send 6 billion mosquitoes to the USA to annoy the hell out of americans, the USA wouldn't bother attacking the mosquitoes, but would attack something valuable to canadians (like DDOS attack against the Tim Horton's web site). In other words, once they have concucted evidence that is behind a botnet attack against www.house.gov, then the USA would "attack" www.government. instead of attacking the individual computers that attack the USA.
RE: Fwd: cnn.com - Homeland Security seeks cybercounterattack system(Einstein 3.0)
This one? http://www.wired.com/science/discoveries/news/1998/07/13987 -Original Message- From: *Hobbit* [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 4:11 PM To: nanog@nanog.org Subject: Re: Fwd: cnn.com - Homeland Security seeks cybercounterattack system(Einstein 3.0) We've got plenty of military toyz we could level at Redmond... _H*
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
We've got plenty of military toyz we could level at Redmond... _H*
Re: NANOG 45 Jan 25-28 in Santo Domingo, Dominican Republic
Finally a caribbean host.. :) and great timing of the year! Tried few years ago a meeting in San Juan, PR unfortunately couldn¹t make it possible. Very well knowing how hard to satisfy certain needs of these kind of meetings, all kudos to the sponsors and merit! See ya all in santa domingo! Ohh wait, see you in la on Sunday first :-) -Mehmet From: Todd Underwood <[EMAIL PROTECTED]> Date: Tue, 7 Oct 2008 13:07:43 -0700 To: Subject: NANOG 45 Jan 25-28 in Santo Domingo, Dominican Republic NANOG45 will be held in the middle of the North American Winter in beautiful Santo Domingo in the Dominican republic on January 25-28. http://nanog.org/meetings/nanog45/ This is the first time that a NANOG has been held outside of the US or Canada and everyone involved is excited about the opportunity. It's just like Toronto in February (which was actually fantastic) but it's the Caribbean in January. :-) The Call for Presentations is already up: http://nanog.org/meetings/nanog45/callforpresent.php Presentations can be submitted at [4]http://www.nanogpc.org/ (please ignore the references to NANOG44--we'll change those references over to NANOG45 at the close of the NANOG44 conference). If you have a good idea for a presentation but need some feedback or some help developing it, please contact me and I'll be happy to either work directly with you or find someone else on the program committee to help you put together a presentation. We have already received a number of early submissions for NANOG45 so for the best chance to be accepted, please begin working on your presentations now. Thanks, Todd Underwood NANOG Program Committee Chair -- _ todd underwood +1 603 643 9300 x101 renesys corporation [EMAIL PROTECTED] http://www.renesys.com/blog smime.p7s Description: S/MIME cryptographic signature
RE: Some odd harvesting going on?
Apology to NANOG for the whitelist failing.. Fredric S. Moses Chief Technology Officer,Tri-County Times [EMAIL PROTECTED] -Original Message- From: Marshall Eubanks [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 4:29 PM To: Howard C. Berkowitz Cc: nanog@nanog.org Subject: Re: Some odd harvesting going on? I received the same message Subject : Challenge Response
Re: Some odd harvesting going on?
I received the same message Subject : Challenge Response Received: from mail.tcwireless.us ([67.108.86.20] verified) Your message ... has been just received by gmail.com mailserver. I assumed that this is a phishing scam due to the from / mailserver mismatch, which I think this confirms. Regards Marshall On Oct 7, 2008, at 4:16 PM, Howard C. Berkowitz wrote: I just received the following: Your message From: "Howard C. Berkowitz" <[EMAIL PROTECTED]> To: Subject: RE: Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0) Date: 10/7/2008 has been just received by nanog.org mailserver. To prove that your message was sent by a human and not a computer, please visit the URL below and type in the alphanumeric text you will see in the image. You will be asked to do this only once for this recipient. http://mail.tcwireless.us/challenge/?folder=2008100714452628877295 Your message will be automatically deleted in a few days if you do not confirm this request. = DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT. = I don't have an appropriately air-gapped browser to visit that link, which rather screams "scam phish". Anyone know anythig about it?
Re: OK, who's the idiot using tcwireless.us?
[EMAIL PROTECTED] wrote: Somebody on the NANOG mailing list has their mail pointing to tcwireless.us, which is throwing challenge/response mail like the following: Your message From: [EMAIL PROTECTED] To: n3td3v <[EMAIL PROTECTED]> Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system ( Einstein 3.0) Date: 10/6/2008 has been just received by gmail.com mailserver. i doubt that that person will see it, as you have yet to authenticate thyself. -- -- Chaim Rieger
Some odd harvesting going on?
I just received the following: Your message From: "Howard C. Berkowitz" <[EMAIL PROTECTED]> To: Subject: RE: Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0) Date: 10/7/2008 has been just received by nanog.org mailserver. To prove that your message was sent by a human and not a computer, please visit the URL below and type in the alphanumeric text you will see in the image. You will be asked to do this only once for this recipient. http://mail.tcwireless.us/challenge/?folder=2008100714452628877295 Your message will be automatically deleted in a few days if you do not confirm this request. = DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT. = I don't have an appropriately air-gapped browser to visit that link, which rather screams "scam phish". Anyone know anythig about it?
OK, who's the idiot using tcwireless.us?
Somebody on the NANOG mailing list has their mail pointing to tcwireless.us, which is throwing challenge/response mail like the following: Your message From: [EMAIL PROTECTED] To: n3td3v <[EMAIL PROTECTED]> Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system ( Einstein 3.0) Date: 10/6/2008 has been just received by gmail.com mailserver. To prove that your message was sent by a human and not a computer, please visit the URL below and type in the alphanumeric text you will see in the image. You will be asked to do this only once for this recipient. http://mail.tcwireless.us/challenge/?folder=2008100614384085099427 Your message will be automatically deleted in a few days if you do not confirm this request. = DO NOT REPLY TO THIS MESSAGE. NO ONE WILL RECEIVE IT. = Note it says 'gmail.com mailserver'. Paul Ferguson reported to me that the one he saw said 'received by vt.edu mailserver'. Also note that the From/To has lost nanog@nanog.org - for both my note and Paul's (in fact, looking at Paul's actual posting and mine show nanog@nanog.org as being the only common link, thus the "must be a nanog subscriber" conclusion). Please, if you're going to use a C/R, at least learn how to whitelist the mailing lists you're on. And if you can't figure out how to do that, please do us all a favor and not try to run an operational network... pgpFCeSw5IfAv.pgp Description: PGP signature
NANOG 45 Jan 25-28 in Santo Domingo, Dominican Republic
NANOG45 will be held in the middle of the North American Winter in beautiful Santo Domingo in the Dominican republic on January 25-28. http://nanog.org/meetings/nanog45/ This is the first time that a NANOG has been held outside of the US or Canada and everyone involved is excited about the opportunity. It's just like Toronto in February (which was actually fantastic) but it's the Caribbean in January. :-) The Call for Presentations is already up: http://nanog.org/meetings/nanog45/callforpresent.php Presentations can be submitted at [4]http://www.nanogpc.org/ (please ignore the references to NANOG44--we'll change those references over to NANOG45 at the close of the NANOG44 conference). If you have a good idea for a presentation but need some feedback or some help developing it, please contact me and I'll be happy to either work directly with you or find someone else on the program committee to help you put together a presentation. We have already received a number of early submissions for NANOG45 so for the best chance to be accepted, please begin working on your presentations now. Thanks, Todd Underwood NANOG Program Committee Chair -- _ todd underwood +1 603 643 9300 x101 renesys corporation [EMAIL PROTECTED] http://www.renesys.com/blog
Re: contracts and survivability of telecom sector
One special case to consider - your provider gets taken over, and the new owner regrooms the combined fiber networks, such that formerly physically diverse paths no longer are... These are lessons many learned 7 years ago... No circuit is "set and forget", including so-called "protected" services. The way long distance and international capacity is swapped/bartered/remarketed reminds me of the complaints about the current credit-default swap market (with all of the opacity!) If you care about your reliability/survivability, you have to watch all of the motions that an acquisition/transition will have on your infrastructure [not just your future needs, but your current ones]. In BK's, we've seen plenty of fiber providers hand over entrance facilities that they had previously constructed to new entities and contract back for the capacity they need. So it *looks* like the provider X build out to your facility is completely diverse from provider Y, but they are no longer diverse [with little -> no internal to the facility change]. Be careful out there... Deepak Jain AiNET
Re: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Oct 7, 2008 at 12:05 PM, Marshall Eubanks <[EMAIL PROTECTED]> wrote: > Step 0. DON"T PANIC. > Good point. Along the same line, I would like to point out this Ira Winkler article on the topic: "Not Much Genius in DHS's Einstein 3.0 Plan" http://www.internetevolution.com/author.asp?section_id=515&doc_id=165249 Especially the closing paragraph: "For everyone's protection, there should be requirements on the appropriate parties to remove offending systems from the Internet. Nobody has the right to endanger others. However, until Chertoff decides to push for this necessary measure, I recommend he pick up a few books on basic firewall security in the meantime." - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI67jzq1pz9mNUZTMRAs7FAJ4x4W5c3BziZU35R6FQvJXI5z2IZQCgrLm5 HwyiU+h4wElXQGLsN7O+Pao= =2OhO -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
J. Oquendo wrote: Too many companies and individuals rely far too heavily on a false and outdated concept of the definition of "minimum requirements" when it comes to security. They tend to think they need to implement the minimum requirements and all will be fine. This is evident in almost all security management material I read where the goal is to offer a "mininum" set of requirements to meet guidelines and regulatory controls. What about exceeding the minimum requirements for a change. What about an entirely different concept? I see a lot of network router/firewall admins make the mistake of closing certain known bad ports off. This mostly happens in a University-type situation, where it is necessary--or at least traditional--to have an open network. A network able to handle myriad new and changing protocols and services. This is the black-list approach. It is a fundamental approach to security that ends up with "minimum requirements" either met or exceeded, without any real effectiveness no matter what certain experts may claim. The acknowledged better path is using a white-list instead. Turn everything off by default. Turn off all ports on the router/firewall. Turn the ones back on that can be trusted, with as much control as you can throw in there--specifying endpoints and ports, using content inspection and ensuring protocols using higher layer proxy-type protocols. Modern firewalls can do all of this. This would lead to "maximum possible" security, regulated only by realities. Layer 9 and 10 being the biggies, although layer 1 and 2 are also important (money and politics). This would not work in an open environment with 30,000 new laptops coming in at the start of every summer, each running a different brand of Doom (pun intended). But if we are talking about a smaller number of stable networks that are meant primarily to interface with one-another and only network outside of themselves... (wait for it, not secondarily, not tertially, not even quartnearilly but instead) perhaps as the least important function, then we have something we can work with. These networks would be of Working machines. Primary purpose: work. Stability, functionality, security of data and communications Here you go, my incredibly naive take on it: 0. white list as the fundamental principle. maximum security. 1. you are starting with a mess. turn off all internetworking on a network, until it is compliant with the below. 2. separate the networks into discrete logical units (via function would be best, if realities such as location/bandwidth permit). 3. separate the workstations. 4. harden the workstations. turn off extra services. only install certain programs. make an image. shoot that image down every now and then to ensure compliance. 5. harden the networks. allow communication between networks only for certain services. specify endpoints and ports, use content inspection ensure protocol regulation. check logs for unregulated attempts to communicate between networks. 6. make sure you have adequate pc/networking/security admins to do this--and maintain it. Keeping it all up to date will be a big part of making sure it stays functional. 7. probably this should be #1 instead of #7--start with clear documentation for each of the above points, including assignation of responsibilities with job titles. --Patrick Darden
Re: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
On Oct 7, 2008, at 3:01 PM, Paul Ferguson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Oct 7, 2008 at 11:55 AM, <[EMAIL PROTECTED]> wrote: On Tue, 07 Oct 2008 14:13:08 EDT, "Steven M. Bellovin" said: Right. The US government is a *huge* operation. Suppose you were the CIO or the CSO for the US government (excluding the classified stuff) -- what is the proper cybersecurity strategy? Step 0. DON"T PANIC. Step 1: Figure out what I actually *have* already. Step 2: Baseline your traffic patterns/usage. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI67Hsq1pz9mNUZTMRAmZ8AJ4laDWWB3fwLxxoh/UPcztosaJVagCeI6fL d+wsLTa0XlDQkE5LV/vtSOo= =J9y/ -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, Oct 7, 2008 at 11:55 AM, <[EMAIL PROTECTED]> wrote: > On Tue, 07 Oct 2008 14:13:08 EDT, "Steven M. Bellovin" said: > >> Right. The US government is a *huge* operation. Suppose you were the >> CIO or the CSO for the US government (excluding the classified stuff) >> -- what is the proper cybersecurity strategy? > > Step 1: Figure out what I actually *have* already. > Step 2: Baseline your traffic patterns/usage. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFI67Hsq1pz9mNUZTMRAmZ8AJ4laDWWB3fwLxxoh/UPcztosaJVagCeI6fL d+wsLTa0XlDQkE5LV/vtSOo= =J9y/ -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
On Tue, 07 Oct 2008 13:23:20 CDT, "J. Oquendo" said: > Contractors should be held accountable for breaches in an > infrastructure. Before awarding a contract, I would do my best > to have the wording changed from "minimum requirements" to > securest implementation. Whether this securest implementation > took 5 new engineers to give a closer review, so be it. You don't want "the securest implementation". You want one that's "secure enough" while still allowing the job to get done. You also don't want to be *paying* for more security than you actually need. Note that the higher price paid to the vendor isn't the only added cost of too much security. (Consider - the *securest* firewall is a true airgap, where files are dropped on one side, and then must be manually vetted, copied to media, and physically transferred to the other side. Feel free to try to deploy a webserver in that environment - on *either* side of the airgap) pgpAqlSSDOBy4.pgp Description: PGP signature
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
On Tue, 07 Oct 2008 14:13:08 EDT, "Steven M. Bellovin" said: > Right. The US government is a *huge* operation. Suppose you were the > CIO or the CSO for the US government (excluding the classified stuff) > -- what is the proper cybersecurity strategy? Step 1: Figure out what I actually *have* already. pgpJMBzLrn9Sl.pgp Description: PGP signature
NANOG44 lightning talk -- submission open
NANOG44 is fast approaching and I hope to see many of you in LA this weekend and next week. As many of you know, Lightning talks are an important part of NANOG. They are short talks, often topical or late-breaking, accepted just prior to or at the conference. Total time is 10 minutes, including questions. Lightning talks are a perfect opportunity to add something topical to the program, or get feedback on preliminary work that is not ready for a full half-hour presentation yet. Lightning talks can be sumbitted at: https://www.nanogpc.org/lightning/ using your nanogpc.org speaker account. The only thing required is a compelling abstract and the willingness to put together some slides at the last second. The program committee will select the first talks for monday's lightning talk session on sunday night, so now is the time to submit your talk. -- _ todd underwood +1 603 643 9300 x101 renesys corporationgeneral manager babbledog [EMAIL PROTECTED] http://www.renesys.com/blog
RE: Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0)
Superficially, one difference between government and business security programs is that government has intelligence agencies that they can draw upon for threat assessment. It is a separate question if intelligence agencies accurately determine certain threats, or if politicians pay attention to accurate assessments if the assessment conflicts with ideology or generic preconceptions. Seriously, one of the major problems in convincing businesses about a need for security is that many managers, sensitive to cost, do not see a real threat. If one broadens that to continuity of operations in general, those managers whose firms have survived major disasters tend to be far more in favor of disaster recovery planning. Unfortuately, many security technologists are in the unfortunate position of the parent trying to convince a child not to touch a hot stove, when they have never been burned. In my case, that is convincing a dearly beloved cat that the stovetop is not on the feasible route from point A to point B. While some use the analogy of herding cats, that is more appropriate with technical people than top managers. In the case of the latter, the analogy may be more akin to the lion, who woke one day, and strode through his domain. Encountering an antelope, he roared, "WHO IS KING OF THE JUNGLE?" The antelope quivered and said "you, mighty lion." He next encountered a gnu (no, it's not Gnu). Again, even the tougher beast said "You are the great one." The lion walked further, and met an elephant. As he started to say "WHO IS...", the elephant wrapped his trunk around him, whopped him into several trees, juggled him on his tusks, and then threw him into a mud wallow. Scrambling to avoid an indignant hippopotamus, the lion looked at the elephant and said "Gee, your Majesty, could you chill out a little?" -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 1:40 PM To: J. Oquendo Cc: nanog@nanog.org Subject: Re: Fwd: cnn.com - Homeland Security seeks cyber counterattacksystem(Einstein 3.0) On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said: > What about exceeding the minimum requirements for a change. It's like any other field - the customer wants more than the minimum, they'll have to pay more. Almost all contractors will at least act like they're trying to meet the local building codes, because that's a minimum requirement. It's the rare contractor indeed who will throw in the upgraded appliance package and real marble flooring for free... (I think you'll find that if somebody is actually willing to *pay* for more security, there's plenty of outfits who are more than happy to make it happen)
[NANOG-announce] Program Committee Nominations
All: Just a reminder to get your Program Committee nominations into [EMAIL PROTECTED] In just a few days the Merit team will be off to LA and NANOG44. While at the meeting we have many tasks that will take us away from email for a bit. We do not want to miss any one, so please take a moment in the next day or two to get those nominations and offers to serve into us!! Thanks in advance for your consideration and support. Sincerely, Betty Burke Merit/NANOG Project Manager Merit Network Inc. ___ NANOG-announce mailing list [EMAIL PROTECTED] http://mailman.nanog.org/mailman/listinfo/nanog-announce
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
On Tue, 07 Oct 2008, Sean Donelan wrote: > On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote: > >On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said: > >>What about exceeding the minimum requirements for a change. > >(I think you'll find that if somebody is actually willing to *pay* for more > >security, there's plenty of outfits who are more than happy to make it > >happen) > > What should the US Government buy for more security? And how can the US > Government make sure they actually get what they are paying? > > I apologize for being naive. I guess 1.5 billion allocated to one state's Cybersecurity initiative *really* isn't enough to purchase the necessary load balancers, firewalls and personnel to audit the infrastructure for that one state. Quote: "These include positions funded for Cyber Security (Public Service Account); the federal Disaster Preparedness Program (Weapons of Mass Destruction) through which the agency has granted over $1.5 billion in federal grant funds across the state; " http://www.budget.state.ny.us/budgetFP/spendingReductions/agencyPlansPDF/NYSOHS_FMP.pdf So much so (not enough) they've not looked into ramping UP their budget, but ramping it DOWN. My thought would be to review the entire network as a whole, instead of the bandaid approach we've been taking, start fresh. Look at what's currently in place, audit, assess, re-do until they get it right. Contractors should be held accountable for breaches in an infrastructure. Before awarding a contract, I would do my best to have the wording changed from "minimum requirements" to securest implementation. Whether this securest implementation took 5 new engineers to give a closer review, so be it. I'd have some form of interagency strategy of tiger teams in differing realms of government and perform war games testing amongst each others' networks. The theory would be if the best of the best in government can find a hole, so will an attacker. It could be incentive based where a monthly "DefGovCon" capture the flag like training would take place to ensure that security issues are discovered internally and defended against. Teams would get prizes or recognition. Our government has so many resources at its disposal there is no real reason I can see them not protecting themselves. What I do see is shifting of blame and responsibility. Ye old "Cover Your Ass" attitude. Accountability - it goes a long way with accounts receivable and accounts payable. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, CNDA, CHFI, OSCP "Believe nothing, no matter where you read it, or who said it, no matter if I have said it, unless it agrees with your own reason and your own common sense." - Buddha http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
On Tue, 7 Oct 2008 14:07:04 -0400 (EDT) Sean Donelan <[EMAIL PROTECTED]> wrote: > On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote: > > On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said: > >> What about exceeding the minimum requirements for a change. > > (I think you'll find that if somebody is actually willing to *pay* > > for more security, there's plenty of outfits who are more than > > happy to make it happen) > > What should the US Government buy for more security? And how can the > US Government make sure they actually get what they are paying? > > Right. The US government is a *huge* operation. Suppose you were the CIO or the CSO for the US government (excluding the classified stuff) -- what is the proper cybersecurity strategy? --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote: On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said: What about exceeding the minimum requirements for a change. (I think you'll find that if somebody is actually willing to *pay* for more security, there's plenty of outfits who are more than happy to make it happen) What should the US Government buy for more security? And how can the US Government make sure they actually get what they are paying?
Re: Cogent backbone issue
I had no connectivity to Cogent (not even the web site) at 6:59 to 7:15 AM EDT from Sprint EVD0 at National Airport in (near) DC. (That was all the time I had while I was trying onboard the plane.) At the same time, Netnod in Sweden did have connectivity to Cogent. Regards Marshall On Oct 7, 2008, at 10:15 AM, Zak Thompson wrote: We started seeing issues around 6am in reston VA -Zak -Original Message- From: Eric Gauthier [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 9:33 AM To: nanog@nanog.org Subject: Cogent backbone issue Hello, Around 7:45am this morning, we started to see intermittent issues for some sites across Cogent's backbone. Their internal tracking number appears to be #800535. Does anyone have more information? Eric :)
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said: > What about exceeding the minimum requirements for a change. It's like any other field - the customer wants more than the minimum, they'll have to pay more. Almost all contractors will at least act like they're trying to meet the local building codes, because that's a minimum requirement. It's the rare contractor indeed who will throw in the upgraded appliance package and real marble flooring for free... (I think you'll find that if somebody is actually willing to *pay* for more security, there's plenty of outfits who are more than happy to make it happen) pgpjtdTK70gFm.pgp Description: PGP signature
Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
On Tue, 07 Oct 2008, Sean Donelan wrote: > On Mon, 6 Oct 2008, Buhrmaster, Gary wrote: > >The Federal Government (through its "Trusted Internet > >Connection" initiative) is trying to limit the number > >of entry points into the US Government networks. > >(As I recall from 4000 interconnects to around 50, > >where both numbers have a high percentage of politics > >in the error bar.) > > Assuming you were on an advisory panel, what advice would you give > the US Government how to protect and defend its networks and ability > to maintain service? > > Most government networks and services depend on private network operators > at some level. > > Here is my take on this, recycling something I answered in similar context earlier today. Too many companies and individuals rely far too heavily on a false and outdated concept of the definition of "minimum requirements" when it comes to security. They tend to think they need to implement the minimum requirements and all will be fine. This is evident in almost all security management material I read where the goal is to offer a "mininum" set of requirements to meet guidelines and regulatory controls. What about exceeding the minimum requirements for a change. I associate "minimum requirements" with laziness especially when it comes to security. If companies structured their business a little better, it could be more beneficial for them to speak out and capitalize on security costs instead of worrying about the ROI on implementing security technologies and practices. This whole consensus about security not "making money" is flawed and the more people stick with their confirmation and status quo biases, the more businesses will NOT dish out for security causing headaches and financial misery along the way, it's self-induced. Can't wholly blame managers, a lot has to be weighed on the organizations around the world whose wordings have been taken out of context: e.g. "Under the proposal being considered, an independent audit would ensure that their networks are secure," he explained. "This audit process would work across business sectors, and would require companies to meet a minimum standard of security competency." (http://www.net-security.org/secworld.php?id=1731) Many have taken the attitude to implement enough to meet MINIMUM standards and this seems to be enough for them. Then some wonder why systems get compromised. Concepts are taken out of context. Just because an organization makes a recommendation on what should be a "minimum", shouldn't mean companies or governments should put in solely enough to meet compliance and guidelines. Businesses and governments in this day and age should be going above and beyond to protect not only themselves, but their clients, infrastructure, investors, etc. Until then, we'll see the same, putting out *just* enough to flaunt a piece of paper: "Minimum requirements met" and nothing more. How is this security again? How is minimizing the connection points going to really stop someone from launching exploit A against a machine that hasn't been properly patched? Might stop someone from somewhere in China or so, but once an alternative entry point is found, that vulnerability is still ripe for the "hacking". =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, CNDA, CHFI, OSCP "A good district attorney can indict a ham sandwich if he wants to ... The accusations harm as much as the convictions ... they're obviously harmful or it wouldn't be news.." - John Carter wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x3AC173DB
RE: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
On Mon, 6 Oct 2008, Buhrmaster, Gary wrote: The Federal Government (through its "Trusted Internet Connection" initiative) is trying to limit the number of entry points into the US Government networks. (As I recall from 4000 interconnects to around 50, where both numbers have a high percentage of politics in the error bar.) Assuming you were on an advisory panel, what advice would you give the US Government how to protect and defend its networks and ability to maintain service? Most government networks and services depend on private network operators at some level.
Re: JANOG's English Page Update
Thank you, it is appreciated. Joel MAWATARI Masataka wrote: > Dear NANOG Colleagues, > > > We have updated JANOG (Japan Network Operators' Group) English wiki > page. > > > Recent additions include presentation titles and abstracts for the > JANOG22 meeting, which was held July 2008. > > You can view the contents via the link below. > > http://www.janog.gr.jp/en/index.php?JANOG22%20Programs > > > For us to bring better content, your comments and feedbacks are greatly > appreciated. > > > Regards, > MAWATARI Masataka, for JANOG i18n Team > >
Re: contracts and survivability of telecom sector
On Tue, 07 Oct 2008 11:00:20 BST, [EMAIL PROTECTED] said: > In general, your upstream providers' operational networks > and you, the customer connected to that operational network, > are considered to be valuable assets so if a company falls > into Chapter 11, there is a good chance that another company > will acquire the assets. At the operational level, this is > practically invisible until they start to consolidate data > centers, prune unprofitable customers, etc. One special case to consider - your provider gets taken over, and the new owner regrooms the combined fiber networks, such that formerly physically diverse paths no longer are... pgplKxLf160En.pgp Description: PGP signature
RE: Cogent backbone issue
We started seeing issues around 6am in reston VA -Zak -Original Message- From: Eric Gauthier [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 07, 2008 9:33 AM To: nanog@nanog.org Subject: Cogent backbone issue Hello, Around 7:45am this morning, we started to see intermittent issues for some sites across Cogent's backbone. Their internal tracking number appears to be #800535. Does anyone have more information? Eric :)
Cogent backbone issue
Hello, Around 7:45am this morning, we started to see intermittent issues for some sites across Cogent's backbone. Their internal tracking number appears to be #800535. Does anyone have more information? Eric :)
RE: contracts and survivability of telecom sector
> Are there any recommendations from an operational > perspective, should one or more of these or other telecom > companies have such problems? Make sure that you have more than one upstream provider, preferably three providers minimum so that if one of them is suddenly shut off, you still have resiliency. In general, your upstream providers' operational networks and you, the customer connected to that operational network, are considered to be valuable assets so if a company falls into Chapter 11, there is a good chance that another company will acquire the assets. At the operational level, this is practically invisible until they start to consolidate data centers, prune unprofitable customers, etc. But, sometimes the financial community looks at an industry and decides that there is too much capacity chasing too few dollars, and the best solution for all concerned is for one of more companies to fail hard. This happened in Europe a few years ago when KPN-Qwest bought Ebone's pan-European backbone and then promptly declared bankruptcy. The receivers sent everyone home, shut down the power to all the sites, NOC included, and auctioned off all the equipment piecemeal, except for the fibre network. That went to another company that was also building a competing pan-European fibre network and which also went through a bankruptcy process, shed all its employees, and then was reborn. Not sure what happened to the customers in that case. So this could happen in the USA, and the solution is to spread the operational risk by maintaining 3, 4 or 5 upstream relationships. Don't risk losing 100% or even 50% of your connectivity. Get it down to 33% or 25% or 20% depending on what you can afford. Having a connection to a local Internet Exchange of some sort is probably a darn good idea. If you aren't peering with your local competitors, maybe you should start to do so, and reduce the risk to your community. In smaller markets, not NFL cities, maybe you should consider using different upstreams than your competitor to reduce the risk on a community-wide basis. Also, remember that this whole crisis could blow over in a few months, and if it does, you need to be prepared for increased traffic on your network, increased customer connections, etc. That too, is a risk to evaluate. --Michael Dillon
