Re: google contact? why is google hosting/supporting/encouraging spammers?
I feel fairly sure in saying that most mailing list software, newsgroup software, and communication software in general, will allow you to preemptively add people to your address book, subscription lists, etc. Every router and switch out there allows forged packets through them, should we lambast the hardware manufacturers even though numerous accompanying handbooks recommend good practice configurations? Google has been very quick to deal with issues of spammers every time I have brought it up. On 02/04/10 02:56, Jim Mercer wrote: here, have some free guns. oh, by the way, its probably bad if you go around shooting people, so don't do that. it is starting too look to me like google is quite happy to host spammers. or, at best, doesn't care if spammers use them to host their services.
RE: google contact? why is google hosting/supporting/encouragingspammers?
From: David Ford [mailto:da...@blue-labs.org] I feel fairly sure in saying that most mailing list software, newsgroup software, and communication software in general, will allow you to preemptively add people to your address book, subscription lists, etc. Every router and switch out there allows forged packets through them, should we lambast the hardware manufacturers even though numerous accompanying handbooks recommend good practice configurations? Google has been very quick to deal with issues of spammers every time I have brought it up. On 02/04/10 02:56, Jim Mercer wrote: here, have some free guns. oh, by the way, its probably bad if you go around shooting people, so don't do that. it is starting too look to me like google is quite happy to host spammers. or, at best, doesn't care if spammers use them to host their services. I've found gmail is the current favored account amongst forum spammers; I have to assume they are doing nothing about abuse complaints because I find it quite unlikely that the forums I operate just happen to be the first ones that get abused by accounts signed up with gmail addresses. I report each one to their abuse address, probably goes to bit bucket. gmail is probably still 'beta' though so it's ok to let spammers use that too. David
Re: google contact? why is google hosting/supporting/encouragingspammers?
Lately I am flooded with Yahoo groups spammers and I have never gotten a response out of Yahoo. I've never got a response from Microsoft with regards to MSN or Hotmail spammers. I have gotten responses from Google and they've shut down the spammers in question. Our experience is not all encompassing While I could make noise about the above, I don't believe either entity either encourages or tolerates spammers. My experience suggests that spammer methods arrive in waves. At one time I was flooded with yahoo messenger spam bots. Before then were the ICQ bots. More recently it's Twitter bots. Technology evolves, services and APIs become available and more prevalent. Spammers discover them and flock to them. Report it and deal with it as best can.
Re: ip address management
On Thu, Feb 04, 2010 at 08:40:25AM +1030, Mark Smith wrote: On Wed, 3 Feb 2010 16:15:30 +0100 Phil Regnauld regna...@nsrc.org wrote: Nick Hilliard (nick) writes: There is a FAQ entry for ipv6 support in ipplan: One feature request that comes up from time to time is IPv6. Adding IPv6 support will require major effort but has such a limited audience. Ironically the only people that ever requested IPv6 support are either from Telcos, ISP?s or government departments, yet they are never interested in contributing resources! I deam them parasites of the Open Source world - leaching off the good will and effort of the Open Source community, yet give nothing in return. Shame. And deam is deem. q.v. http://iptrack.sourceforge.net/doku.php?id=faq I guess we're all entitled to our opinions. Yeah, sad. I think that if he didn't want commercial organisations to use his software, he shouldn't have chosen a licence that permits them to (the GPL according to the home page). If that's his attitude to possible future contributors and to IPv6, then it seems to me that iptrack has jumped the shark. It sounds far more like that's his attitude to those who keep annoying him about supporting something he doesn't care about, without actually contributing anything useful to the project. The data model used in ipplan is to enumerate all IP addresses in the working ranges. This works fine for ipv4, but obviously breaks horribly for ipv6. Political considerations aside, I suspect that this is at least some of the reason that ipplan doesn't support it. It would indeed require a very large screen and lots of memory :) Cheers, Phil -- --
Re: google contact? why is google hosting/supporting/encouraging spammers?
* David Ford: I feel fairly sure in saying that most mailing list software, newsgroup software, and communication software in general, will allow you to preemptively add people to your address book, subscription lists, etc. But most injection points are blacklisted quickly when this happens.
Re: ip address management
Hello Arnd, it would be great if you can put them back. Thank you. On Thu, Feb 4, 2010 at 3:50 AM, Arnd Vehling a...@nethead.de wrote: Hi, Pavel Dimow wrote: does anybody knows what happend with ipat? http://nethead.de/index.php/ipat http://nanog.cluepon.net/index.php/Tools_and_Resources i did take the sources offline a couple of weeks ago cause there didnt seemed to be a lot interest in the software. If you want i can put em up again or send you a download link but you should keep in mind that this is a carrier grade address management tool which requires quite some time to setup. The IP management stuff has been created ontop of the RIPE whois database, means, you will be running a complete registry server. cheers, Arnd
fiber plant management?
To those of you who currently operate large campus/metro fiber plants, what are you currently using to track the usage of that plant? By that I mean things such as: * tracking the number of free/used/unusable strands in a cable * tracking conduit utilization * tying OTDR test results/power meter readings to strands * trying as-built drawings to cable routes and plant assets like manholes, junction boxes, transition splice points, duct banks, utility poles, etc. * mapping termination bays to cables * tracking cross-connects and splice locations * grouping cable segments and cross-connects together into a path/circuit * utilization reports, etc. I've looked at one or two commercial packages, and might look at more as time permits. I haven't seen much in the open-source world, and I suspect that many places ended up rolling their own management apps to tie into existing provisioning systems, etc. It's possible that I could end up going that route as well. jms
Re: How polluted is 1/8?
On Thu, 4 Feb 2010, Nathan Ward wrote: On 4/02/2010, at 9:19 AM, Justin M. Streiner wrote: I would hope that the APNIC would opt not to assign networks that would contain 1.1.1.1 or 1.2.3.4 to customers for exactly that reason. The signal-to-noise ratio for those addresses is likely pretty high. The noise is likely contained on many internal networks for now because a corresponding route doesn't show up in the global routing table at the moment. Once that changes 1.1.1/24 and 1.2.3/24 are assigned to APNIC. Unless they release them, the general public will not get addresses in these. Yes, I did see that. What I noticed yesterday was that there were no prefixes that cover 1.1.1.1 or 1.2.3.4 being announced globally at that point. jms
Re: ip address management
On Thu, 4 Feb 2010 09:38:17 + Cian Brennan cian.bren...@redbrick.dcu.ie wrote: On Thu, Feb 04, 2010 at 08:40:25AM +1030, Mark Smith wrote: On Wed, 3 Feb 2010 16:15:30 +0100 Phil Regnauld regna...@nsrc.org wrote: Nick Hilliard (nick) writes: There is a FAQ entry for ipv6 support in ipplan: One feature request that comes up from time to time is IPv6. Adding IPv6 support will require major effort but has such a limited audience. Ironically the only people that ever requested IPv6 support are either from Telcos, ISP?s or government departments, yet they are never interested in contributing resources! I deam them parasites of the Open Source world - leaching off the good will and effort of the Open Source community, yet give nothing in return. Shame. And deam is deem. q.v. http://iptrack.sourceforge.net/doku.php?id=faq I guess we're all entitled to our opinions. Yeah, sad. I think that if he didn't want commercial organisations to use his software, he shouldn't have chosen a licence that permits them to (the GPL according to the home page). If that's his attitude to possible future contributors and to IPv6, then it seems to me that iptrack has jumped the shark. It sounds far more like that's his attitude to those who keep annoying him about supporting something he doesn't care about, without actually contributing anything useful to the project. It's fine for him to not want to spend time on people's requests - that is an accepted thing for open source software. But to call people/organisations who use his software legitimately and also make legitimate requests, under *his* chosen license leaches is disingenuous. As I said, if he didn't want commercial users to use his software, or ask for features, then he shouldn't have chosen a license that permits commercial use. Complaining about a situation he has created, by his choice of license, is puerile. The data model used in ipplan is to enumerate all IP addresses in the working ranges. This works fine for ipv4, but obviously breaks horribly for ipv6. Political considerations aside, I suspect that this is at least some of the reason that ipplan doesn't support it. It would indeed require a very large screen and lots of memory :) Cheers, Phil -- --
Re: How polluted is 1/8?
Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. - Kevin
[NANOG-announce] NANOG 48 coming up soon
Folks, NANOG 48 is less than 3 weeks away. Data Foundry and Giganews are serving as co-hosts for the meeting, February 21-24, in the great city of Austin, Texas. The Program Committee has a stimulating agenda planned and recently added more presentations to an already packed agenda: http://www.nanog.org/meetings/nanog48/agenda.php Register now and take advantage of the current rate, which increases $75 this Monday, February 8. Also, the special group rate at the Austin Hilton expires this Friday, February 5, so make your reservation soon. If your company would like to have a sponsor presence at the meeting, there are still some opportunities available. For additional meeting information and all related links, please see: http://www.nanog.org/meetings/nanog48/index.php We look forward to seeing you there. David Meyer (on behalf of the Program Committee) signature.asc Description: Digital signature ___ NANOG-announce mailing list nanog-annou...@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-announce
Re: How polluted is 1/8?
On Feb 4, 2010, at 1:27 PM, Kevin Loch wrote: Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. There was a call on the apnic list for someone to sink some of the traffic. I'd like to see someone capture the data and post pcaps/netflow analysis, and possibly just run a http server on that /24 so people can test if their network is broken. I've taken a peek at the traffic, and I don't think it's 100's of megs, but without a global view who knows. - Jared
Telx - Atlanta
Our normal contact for Telx at 56 Marietta has not responded in a couple of days, does anyone have a 24x7 contact number for Telx at 56 Marietta in Atlanta? Regards, Bill William C. Hale Sr. Network Design Engineer Windstream Communications 501.748.6526 office 501.690.0830 mobile 501.748.6487 fax william.c.h...@windstream.com *** The information contained in this message, including attachments, may contain privileged or confidential information that is intended to be delivered only to the person identified above. If you are not the intended recipient, or the person responsible for delivering this message to the intended recipient, Windstream requests that you immediately notify the sender and asks that you do not read the message or its attachments, and that you delete them without copying or sending them to anyone else.
Re: How polluted is 1/8?
I know someone who'd happily sink both the /24's in question.. if apnic's interested. On Thu, Feb 4, 2010 at 2:30 PM, Jared Mauch ja...@puck.nether.net wrote: On Feb 4, 2010, at 1:27 PM, Kevin Loch wrote: Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. There was a call on the apnic list for someone to sink some of the traffic. I'd like to see someone capture the data and post pcaps/netflow analysis, and possibly just run a http server on that /24 so people can test if their network is broken. I've taken a peek at the traffic, and I don't think it's 100's of megs, but without a global view who knows. - Jared
Re: How polluted is 1/8?
On Feb 4, 2010, at 3:14 PM, Christopher Morrow wrote: I know someone who'd happily sink both the /24's in question.. if apnic's interested. Given that it is not in the table today, just announcing it would yield both interesting traffic, and interesting data on who is filtering it. -- TTFN, patrick On Thu, Feb 4, 2010 at 2:30 PM, Jared Mauch ja...@puck.nether.net wrote: On Feb 4, 2010, at 1:27 PM, Kevin Loch wrote: Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. There was a call on the apnic list for someone to sink some of the traffic. I'd like to see someone capture the data and post pcaps/netflow analysis, and possibly just run a http server on that /24 so people can test if their network is broken. I've taken a peek at the traffic, and I don't think it's 100's of megs, but without a global view who knows. - Jared
Re: How polluted is 1/8?
On 2/4/10 2:14 PM, Christopher Morrow wrote: I know someone who'd happily sink both the /24's in question.. if apnic's interested. Ditto. On Thu, Feb 4, 2010 at 2:30 PM, Jared Mauchja...@puck.nether.net wrote: On Feb 4, 2010, at 1:27 PM, Kevin Loch wrote: Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. There was a call on the apnic list for someone to sink some of the traffic. I'd like to see someone capture the data and post pcaps/netflow analysis, and possibly just run a http server on that /24 so people can test if their network is broken. I've taken a peek at the traffic, and I don't think it's 100's of megs, but without a global view who knows. - Jared
lawful intercept/IOS at BlackHat DC, bypassing and recommendations
That peer-review is the basic purpose of my Blackhat talk and the associated paper. I plan to review Cisco’s architecture for lawful intercept and explain the approach a bad guy would take to getting access without authorization. I’ll identify several aspects of the design and implementation of the Lawful Intercept (LI) and Simple Network Management Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access to the interface, and provide recommendations for mitigating those vulnerabilities in design, implementation, and deployment. More here: http://blogs.iss.net/archive/blackhatlitalk.html Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/
Re: Need clued XO abuse contact
Just had a great interaction with Jim in XO's abuse department, who was able to immediately understand the issue and appears on his way to 'address the problem' as I write this. Way to go XO, and thanks to whomever forwarded along my original query, much appreicated
RE: Telx - Atlanta
Try this: Telx Internet Exchange (TIE) Support Phone: 404-325-2714 Email: t...@telx.com Website: http://tie.telx.com Robert D. Scott rob...@ufl.edu Senior Network Engineer 352-273-0113 Phone CNS - Network Services 352-392-2061 CNS Phone Tree University of Florida 352-392-9440 FAX Florida Lambda Rail 352-294-3571 FLR NOC Gainesville, FL 32611 321-663-0421 Cell -Original Message- From: Hale, William C [mailto:william.c.h...@windstream.com] Sent: Thursday, February 04, 2010 3:00 PM To: nanog@nanog.org Subject: Telx - Atlanta Our normal contact for Telx at 56 Marietta has not responded in a couple of days, does anyone have a 24x7 contact number for Telx at 56 Marietta in Atlanta? Regards, Bill William C. Hale Sr. Network Design Engineer Windstream Communications 501.748.6526 office 501.690.0830 mobile 501.748.6487 fax william.c.h...@windstream.com *** The information contained in this message, including attachments, may contain privileged or confidential information that is intended to be delivered only to the person identified above. If you are not the intended recipient, or the person responsible for delivering this message to the intended recipient, Windstream requests that you immediately notify the sender and asks that you do not read the message or its attachments, and that you delete them without copying or sending them to anyone else.
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Thu, Feb 4, 2010 at 3:19 PM, Gadi Evron g...@linuxbox.org wrote: That peer-review is the basic purpose of my Blackhat talk and the associated paper. I plan to review Cisco’s architecture for lawful intercept and explain the approach a bad guy would take to getting access without authorization. I’ll identify several aspects of the design and implementation of the Lawful Intercept (LI) and Simple Network Management Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access to the interface, and provide recommendations for mitigating those vulnerabilities in design, implementation, and deployment. this seems like much more work that matt blaze's work that said: Just send more than 10mbps toward what you want to sneak around... the LEA's pipe is saturated so nothing of use gets to them http://www.crypto.com/blog/calea_weaknesses/ Also, cisco publishes the fact that their intercept caps out at 15kpps per line card, so... just keep a steady 15kpps and roll on. -chris
RE: How polluted is 1/8?
14/8 isn't all they are using internally.. 1,4,5,42 and that's just the stuff that hasn't been delegated out by IANA yet. I am sure this practice is pervasive.. and it's an issue that doesn't typically come up in talks about prepping for IPv4 depletion. Maybe it will now.. FWIW, I don't believe these netblocks are completely unusable. If RIR policies permit you to get address space for private networks, it could be allocated to an organization that understands and accepts the pollution issue because they will never intend to route the space publicly. (Such a thing does exist..) +1 volunteering to sink traffic for 1.1.1.0/24 --heather -Original Message- From: Joel Jaeggli [mailto:joe...@bogus.com] Sent: Wednesday, February 03, 2010 11:09 AM To: Mirjam Kuehne Cc: nanog@nanog.org Subject: Re: How polluted is 1/8? It should be of no surprise to anyone that a number of the remaining prefixes are something of a mess(somebody ask t-mobile how they're using 14/8 internally for example). One's new ipv4 assignments are going to be of significantly lower quality than the one received a decade ago, The property is probably transitive in that the overall quality of the ipv4 unicast space is declining... The way to reduce the entropy in a system is to pump more energy in, there's always the question however of whether that's even worth it or not. joel Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. Kind Regards, Mirjam Kuehne RIPE NCC
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
(of course for any LEA that really cares they'll just order a phyiscal tap, and provision things properly)
Re: NANOG Digest, Vol 24, Issue 129
Sorry for not replying sooner. One of the goals of our IPv6 trials, as we mention on www.comcast6.net, is to exercise the technologies that are essential to extend IPv6 capable services to subscribers. This step is an important one as we plan for wide spread deployment. John On 1/28/10 7:00 AM, nanog-requ...@nanog.org nanog-requ...@nanog.org wrote: Message: 1 Date: Wed, 27 Jan 2010 21:51:11 -0600 From: William McCall william.mcc...@gmail.com Subject: Re: Comcast IPv6 Trials To: nanog@nanog.org nanog@nanog.org Message-ID: f9a8f301001271951y59b0f105j3d2299ca1f867...@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1 Saw this today too. This is a good step forward for adoption. Without going too far, what was the driving factor/selling point to moving towards this trial? -- William McCall On Wed, Jan 27, 2010 at 1:23 PM, John Jason Brzozowski john_brzozow...@cable.comcast.com wrote: Folks, I am emailing you today to share some news that we hope you will find interesting. Today we are announcing our 2010 IPv6 trial plans. ?For more information please visit the following web site: http://www.comcast6.net We have also made available a partial, dual-stack version of our portal which can be found at: http://ipv6.comcast.net Please do not hesitate to contact me via email with any questions, comments, or clarifications. If you feel that others will find this information interesting feel free to forward this message. Regards, John = John Jason Brzozowski Comcast Cable e) mailto:john_brzozow...@cable.comcast.com o) 609-377-6594 m) 484-962-0060 = = John Jason Brzozowski Comcast Cable e) mailto:john_brzozow...@cable.comcast.com o) 609-377-6594 m) 484-962-0060 w) http://www.comcast6.net =
Re: NANOG Digest, Vol 24, Issue 129
We will have follow up interactions that should help determine expertise levels. We want to make sure that our recruiting efforts do not unnecessarily exclude people. Overtime we need to make sure our trials include people with varying degrees of expertise. John On 1/28/10 7:00 AM, nanog-requ...@nanog.org nanog-requ...@nanog.org wrote: Date: Wed, 27 Jan 2010 23:07:16 -0600 From: Tony Varriale tvarri...@comcast.net Subject: Re: Comcast IPv6 Trials To: nanog@nanog.org Message-ID: 03f9dcfcab174ce8ab2b69d429aff...@flamdt01 Content-Type: text/plain; format=flowed; charset=iso-8859-1; reply-type=original - Original Message - From: John Jason Brzozowski john_brzozow...@cable.comcast.com To: Steven Bellovin s...@cs.columbia.edu Cc: nanog@nanog.org Sent: Wednesday, January 27, 2010 5:12 PM Subject: Re: Comcast IPv6 Trials Thanks. Initially it would be ideal (even preferred) to target trial subscribers with greater IPv6 awareness. The technical team will absolutely remain engaged as part of the support process. HTH, John I filled out the form but nowhere on there does it allow to brag up or differentiate yourself from the typical home user (or select which trial(s) you may be interested in). It appears the differentiators are your PC OS, gaming platform and if you have more than 1 IP. tv = John Jason Brzozowski Comcast Cable e) mailto:john_brzozow...@cable.comcast.com o) 609-377-6594 m) 484-962-0060 w) http://www.comcast6.net =
Re: How polluted is 1/8?
If it's not obvious, I've thoguht about this and made some offers to the people at APNIC/RIPE. Hoping someone moves forward with this. The note was on the apops list (iirc). - jared On Feb 4, 2010, at 3:18 PM, Tico wrote: On 2/4/10 2:14 PM, Christopher Morrow wrote: I know someone who'd happily sink both the /24's in question.. if apnic's interested. Ditto. On Thu, Feb 4, 2010 at 2:30 PM, Jared Mauchja...@puck.nether.net wrote: On Feb 4, 2010, at 1:27 PM, Kevin Loch wrote: Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. The most surprising thing in that report was that someone has an AMS-IX port at just 10 megs. It would be nice to see an actual measurement of the traffic and daily/weekly changes. A breakdown of the flow data by source ASN and source prefix (for the top 50-100 sources) would also be interesting. There was a call on the apnic list for someone to sink some of the traffic. I'd like to see someone capture the data and post pcaps/netflow analysis, and possibly just run a http server on that /24 so people can test if their network is broken. I've taken a peek at the traffic, and I don't think it's 100's of megs, but without a global view who knows. - Jared
Re: NANOG Digest, Vol 24, Issue 129
Thanks Dave. The demonstration I organized was in fact native, dual-stack over cable broadband, specifically DOCSIS. Here is a link with some additional details: http://mailman.nanog.org/pipermail/nanog-futures/2009-June/000686.html In addition to demonstrating native, dual-stack we had the pleasure to experience the following as well: http://ipv6.netflix.com http://nanog46.theplanet.com John On 1/28/10 7:00 AM, nanog-requ...@nanog.org nanog-requ...@nanog.org wrote: Date: Thu, 28 Jan 2010 09:48:46 + From: David Freedman david.freed...@uk.clara.net Subject: Re: Comcast IPv6 Trials To: nanog@nanog.org Message-ID: hjrmht$ui...@ger.gmane.org Content-Type: text/plain; charset=ISO-8859-1 John Jason Brzozowski wrote: Folks, I am emailing you today to share some news that we hope you will find interesting. Today we are announcing our 2010 IPv6 trial plans. For more information please visit the following web site: I was privileged enough to visit the Comcast DOCSIS3/IPv6 implementation demo setup at nanog46 in Philly last year, here are some pics I managed to snap: http://www.convergence.cx/cgi-bin/photview.cgi?collection=comcast6newformat=y ay Apologies for the lack of descriptions, but from what I recall, there was a CMTS setup with DOCSIS3 CMs and Laptops attached, streaming media over IPv6. Dave. = John Jason Brzozowski Comcast Cable e) mailto:john_brzozow...@cable.comcast.com o) 609-377-6594 m) 484-962-0060 w) http://www.comcast6.net =
RE: Telx - Atlanta
Thanks to all that responded, we received the information needed. Regards, Bill -Original Message- From: Hale, William C Sent: Thursday, February 04, 2010 2:00 PM To: nanog@nanog.org Subject: Telx - Atlanta Our normal contact for Telx at 56 Marietta has not responded in a couple of days, does anyone have a 24x7 contact number for Telx at 56 Marietta in Atlanta? Regards, Bill William C. Hale Sr. Network Design Engineer Windstream Communications 501.748.6526 office 501.690.0830 mobile 501.748.6487 fax william.c.h...@windstream.com *** The information contained in this message, including attachments, may contain privileged or confidential information that is intended to be delivered only to the person identified above. If you are not the intended recipient, or the person responsible for delivering this message to the intended recipient, Windstream requests that you immediately notify the sender and asks that you do not read the message or its attachments, and that you delete them without copying or sending them to anyone else. *** The information contained in this message, including attachments, may contain privileged or confidential information that is intended to be delivered only to the person identified above. If you are not the intended recipient, or the person responsible for delivering this message to the intended recipient, Windstream requests that you immediately notify the sender and asks that you do not read the message or its attachments, and that you delete them without copying or sending them to anyone else.
Re: Mitigating human error in the SP
A recent organizational change at my company has put someone in charge who is determined to make things perfect. We are a service provider, isn't a common occurrence, and the engineer in question has a pristine track record. This outage, of a high profile customer, triggered upper management to react by calling a meeting just days after. Put bluntly, we've been told Human errors are unacceptable, and they will be completely eliminated. One is too many. From experience... At one point this will become overwhelming. You'll wake up every morning dreading going to work instead of looking forward to it. Chain shot will be put in the 'blame cannon' and blasted regularly and at everyone. Update your resume and get everything in place just in case it gets to the point you can't take it anymore sooner than you expect. ;-) scott
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
Would you mind passing along a source/link on the 15kpps? I haven't seen that number yet. tv - Original Message - From: Christopher Morrow morrowc.li...@gmail.com To: Gadi Evron g...@linuxbox.org Cc: NANOG nanog@nanog.org Sent: Thursday, February 04, 2010 2:27 PM Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations On Thu, Feb 4, 2010 at 3:19 PM, Gadi Evron g...@linuxbox.org wrote: That peer-review is the basic purpose of my Blackhat talk and the associated paper. I plan to review Cisco’s architecture for lawful intercept and explain the approach a bad guy would take to getting access without authorization. I’ll identify several aspects of the design and implementation of the Lawful Intercept (LI) and Simple Network Management Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access to the interface, and provide recommendations for mitigating those vulnerabilities in design, implementation, and deployment. this seems like much more work that matt blaze's work that said: Just send more than 10mbps toward what you want to sneak around... the LEA's pipe is saturated so nothing of use gets to them http://www.crypto.com/blog/calea_weaknesses/ Also, cisco publishes the fact that their intercept caps out at 15kpps per line card, so... just keep a steady 15kpps and roll on. -chris
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On 2/4/2010 at 12:27 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Thu, Feb 4, 2010 at 3:19 PM, Gadi Evron g...@linuxbox.org wrote: That peer-review is the basic purpose of my Blackhat talk and the associated paper. I plan to review Cisco’s architecture for lawful intercept and explain the approach a bad guy would take to getting access without authorization. I’ll identify several aspects of the design and implementation of the Lawful Intercept (LI) and Simple Network Management Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access to the interface, and provide recommendations for mitigating those vulnerabilities in design, implementation, and deployment. this seems like much more work that matt blaze's work that said: Just send more than 10mbps toward what you want to sneak around... the LEA's pipe is saturated so nothing of use gets to them The Cross/XForce/IBM talk appears more to be about unauthorized access to communications via LI rather than evading them, ...there is a risk that [LI tools] could be hijacked by third parties and used to perform surveillance without authorization. Of course, this has already happened, http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Thu, Feb 4, 2010 at 5:26 PM, Crist Clark crist.cl...@globalstar.com wrote: this seems like much more work that matt blaze's work that said: Just send more than 10mbps toward what you want to sneak around... the LEA's pipe is saturated so nothing of use gets to them The Cross/XForce/IBM talk appears more to be about unauthorized access to communications via LI rather than evading them, ...there is a risk that [LI tools] could be hijacked by third parties and used to perform surveillance without authorization. Of course, this has already happened, right... plus the management (for cisco) is via snmp(v3), from (mostly) windows servers as the mediation devices (sad)... and the traffic is simply tunneled from device - mediation - lea not necessarily IPSEC'd from mediation - LEA, and udp-encapped from device - mediation server. http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005 yea, good times... that's really just re-use of the normal LEA hooks in all telco phone switch gear though... not 'calea features' in particular. -chris
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
I'm totally ignorant (most of the time), is anybody actually using SNMPv3 ? Regards
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Feb 4, 2010, at 5:42 PM, Christopher Morrow wrote: On Thu, Feb 4, 2010 at 5:26 PM, Crist Clark crist.cl...@globalstar.com wrote: this seems like much more work that matt blaze's work that said: Just send more than 10mbps toward what you want to sneak around... the LEA's pipe is saturated so nothing of use gets to them The Cross/XForce/IBM talk appears more to be about unauthorized access to communications via LI rather than evading them, ...there is a risk that [LI tools] could be hijacked by third parties and used to perform surveillance without authorization. Of course, this has already happened, right... plus the management (for cisco) is via snmp(v3), from (mostly) windows servers as the mediation devices (sad)... and the traffic is simply tunneled from device - mediation - lea not necessarily IPSEC'd from mediation - LEA, and udp-encapped from device - mediation server. http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005 yea, good times... that's really just re-use of the normal LEA hooks in all telco phone switch gear though... not 'calea features' in particular. There's a difference? CALEA is just the US goverment profile of the generic international concept of lawful intercept. I recommend http://www.spectrum.ieee.org/jul07/5280 (linked to from the Wikipedia article) as a very good reference on what is and isn't known. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Regular Expression for IPv6 addresses
Folks, My company, Dartware, have derived a regex for testing whether an IPv6 address is correct. I've posted it in my blog: http://intermapper.ning.com/profiles/blogs/a-regular-expression-for-ipv6 This has links to the regular expression, a (Perl) program that tests various correct and malformed addresses, and a Ruby implementation of the same. Hope it's useful. Rich Brownrichard.e.br...@dartware.com Dartware, LLC http://www.dartware.com 66-7 Benning Street Telephone: 603-643-9600 West Lebanon, NH 03784-3407 Fax: 603-643-2289
Re: Mitigating human error in the SP
who's side are you on? Just before answering think about the opportunities and threats before consider having sex! You just need to know how to protect yourself. Not to everyone’s taste but pregnancy can be prevented after intercourse by taking emergency contraceptive pills (EC). Other chose paracetamol- apparently is a painkiller that lowers high temperature. Provided that you take the correct dose at the right intervals, paracetamol is relatively safe. An overdose is dangerous. you might not get this .but going to bed late has an huge impact on our health. If a main issue has dependencies then the main issue has to be resolved. Hopefully, you've seen that all good things have a dark side, --- On Thu, 2/4/10, Scott Weeks sur...@mauigateway.com wrote: From: Scott Weeks sur...@mauigateway.com Subject: Re: Mitigating human error in the SP To: nanog@nanog.org Date: Thursday, February 4, 2010, 10:30 PM A recent organizational change at my company has put someone in charge who is determined to make things perfect. We are a service provider, isn't a common occurrence, and the engineer in question has a pristine track record. This outage, of a high profile customer, triggered upper management to react by calling a meeting just days after. Put bluntly, we've been told Human errors are unacceptable, and they will be completely eliminated. One is too many. From experience... At one point this will become overwhelming. You'll wake up every morning dreading going to work instead of looking forward to it. Chain shot will be put in the 'blame cannon' and blasted regularly and at everyone. Update your resume and get everything in place just in case it gets to the point you can't take it anymore sooner than you expect. ;-) scott
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron g...@linuxbox.org wrote: That peer-review is the basic purpose of my Blackhat talk and the associated paper. I plan to review Cisco’s architecture for lawful intercept and explain the approach a bad guy would take to getting access without authorization. I’ll identify several aspects of the design and implementation of the Lawful Intercept (LI) and Simple Network Management Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access to the interface, and provide recommendations for mitigating those vulnerabilities in design, implementation, and deployment. More here: http://blogs.iss.net/archive/blackhatlitalk.html Gadi. For the sake of clarity and transparency, Gadi Evron has absolutely no connection to this research whatsoever. He is famous in the security community for piggybacking off other peoples research. We are frustrated with him as much as we are annoyed. Andrew Security consultant
Re: Mitigating human error in the SP
WTF? Elaboration needed if this is supposed to be Yet Another Analogy (YAA). I recognize your email name from previous NANOG threads, so I assume it's not accidental or spam. If it is YAA, I'm on the side of the network engineer having to deal with this type of management methodology. I've seen it in telefant mgmt. scott --- isabeldi...@yahoo.com wrote: From: isabel dias isabeldi...@yahoo.com who's side are you on? Just before answering think about the opportunities and threats before consider having sex! You just need to know how to protect yourself. Not to everyone’s taste but pregnancy can be prevented after intercourse by taking emergency contraceptive pills (EC). Other chose paracetamol- apparently is a painkiller that lowers high temperature. Provided that you take the correct dose at the right intervals, paracetamol is relatively safe. An overdose is dangerous. you might not get this .but going to bed late has an huge impact on our health. If a main issue has dependencies then the main issue has to be resolved. Hopefully, you've seen that all good things have a dark side, --- On Thu, 2/4/10, Scott Weeks sur...@mauigateway.com wrote: From: Scott Weeks sur...@mauigateway.com Subject: Re: Mitigating human error in the SP To: nanog@nanog.org Date: Thursday, February 4, 2010, 10:30 PM A recent organizational change at my company has put someone in charge who is determined to make things perfect. We are a service provider, isn't a common occurrence, and the engineer in question has a pristine track record. This outage, of a high profile customer, triggered upper management to react by calling a meeting just days after. Put bluntly, we've been told Human errors are unacceptable, and they will be completely eliminated. One is too many. From experience... At one point this will become overwhelming. You'll wake up every morning dreading going to work instead of looking forward to it. Chain shot will be put in the 'blame cannon' and blasted regularly and at everyone. Update your resume and get everything in place just in case it gets to the point you can't take it anymore sooner than you expect. ;-) scott
Re: Mitigating human error in the SP
On 2/4/2010 3:30 PM, Scott Weeks wrote: A recent organizational change at my company has put someone in charge who is determined to make things perfect. We are a service provider, isn't a common occurrence, and the engineer in question has a pristine track record. This outage, of a high profile customer, triggered upper management to react by calling a meeting just days after. Put bluntly, we've been told Human errors are unacceptable, and they will be completely eliminated. One is too many. From experience... At one point this will become overwhelming. You'll wake up every morning dreading going to work instead of looking forward to it. Chain shot will be put in the 'blame cannon' and blasted regularly and at everyone. Update your resume and get everything in place just in case it gets to the point you can't take it anymore sooner than you expect. ;-) This is a golden opportunity. Prepare a pan for building the lab necessary to pre-test EVERYTHING. Cost it out. Present the cost and the plan in a public forum or widely distributed memorandum (including as a minimum everybody that was at the meeting and everybody in the chain(s) of command between you and the edict giver. -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: Mitigating human error in the SP
On 2/4/2010 5:13 PM, Larry Sheldon wrote: On 2/4/2010 3:30 PM, Scott Weeks wrote: A recent organizational change at my company has put someone in charge who is determined to make things perfect. We are a service provider, isn't a common occurrence, and the engineer in question has a pristine track record. This outage, of a high profile customer, triggered upper management to react by calling a meeting just days after. Put bluntly, we've been told Human errors are unacceptable, and they will be completely eliminated. One is too many. From experience... At one point this will become overwhelming. You'll wake up every morning dreading going to work instead of looking forward to it. Chain shot will be put in the 'blame cannon' and blasted regularly and at everyone. Update your resume and get everything in place just in case it gets to the point you can't take it anymore sooner than you expect. ;-) This is a golden opportunity. Prepare a pLan for building the lab necessary to pre-test EVERYTHING. Plan. Prepare a plan. Cost it out. Present the cost and the plan in a public forum or widely distributed memorandum (including as a minimum everybody that was at the meeting and everybody in the chain(s) of command between you and the edict giver. -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
-original message- Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations From: andrew.wallace andrew.wall...@rocketmail.com Date: 04/02/2010 11:09 pm On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron g...@linuxbox.org wrote: That peer-review is the basic purpose of my Blackhat talk and the associated paper. I plan to review Cisco’s architecture for lawful intercept and explain the approach a bad guy would take to getting access without authorization. I’ll identify several aspects of the design and implementation of the Lawful Intercept (LI) and Simple Network Management Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access to the interface, and provide recommendations for mitigating those vulnerabilities in design, implementation, and deployment. More here: http://blogs.iss.net/archive/blackhatlitalk.html Gadi. For the sake of clarity and transparency, Gadi Evron has absolutely no connection to this research whatsoever. He is famous in the security community for piggybacking off other peoples research. We are frustrated with him as much as we are annoyed. Andrew Security consultant CITATION NEEDED
Draft paper submission deadline is extended: ISP-10
Draft paper submission deadline is extended: ISP-10 The 2010 International Conference on Information Security and Privacy (ISP-10) (website: http://www.PromoteResearch.orghttp://www.promoteresearch.org/) will be held during 12-14 of July 2010 in Orlando, FL, USA. ISP is an important event in the areas of information security, privacy, cryptography and related topics. The conference will be held at the same time and location where several other major international conferences will be taking place. The conference will be held as part of 2010 multi-conference (MULTICONF-10). MULTICONF-10 will be held during July 12-14, 2010 in Orlando, Florida, USA. The primary goal of MULTICONF is to promote research and developmental activities in computer science, information technology, control engineering, and related fields. Another goal is to promote the dissemination of research to a multidisciplinary audience and to facilitate communication among researchers, developers, practitioners in different fields. The following conferences are planned to be organized as part of MULTICONF-10. - International Conference on Artificial Intelligence and Pattern Recognition (AIPR-10) - International Conference on Automation, Robotics and Control Systems (ARCS-10) http://www.promoteresearch.org/2009/2009/arcs/index.html - International Conference on Bioinformatics, Computational Biology, Genomics and Chemoinformatics (BCBGC-10) - International Conference on Computer Communications and Networks (CCN-10) http://www.promoteresearch.org/2009/eiswt/index.html - International Conference on Enterprise Information Systems and Web Technologies (EISWT-10)http://www.promoteresearch.org/2009/eiswt/index.html - International Conference on High Performance Computing Systems (HPCS-10) - International Conference on Information Security and Privacy (ISP-10) http://www.promoteresearch.org/2009/isp/index.html - International Conference on Image and Video Processing and Computer Vision (IVPCV-10) http://www.promoteresearch.org/2010/cvivp/index.html - International Conference on Software Engineering Theory and Practice (SETP-10) - International Conference on Theoretical and Mathematical Foundations of Computer Science (TMFCS-10) We invite draft paper submissions. Please see the website http://www.PromoteResearch.org http://www.promoteresearch.org/ for more details. Sincerely James Heralds Publicity committee
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Thu, Feb 4, 2010 at 11:25 PM, a.harrow...@gmail.com wrote: -original message- Subject: Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations From: andrew.wallace andrew.wall...@rocketmail.com Date: 04/02/2010 11:09 pm On Thu, Feb 4, 2010 at 8:19 PM, Gadi Evron g...@linuxbox.org wrote: That peer-review is the basic purpose of my Blackhat talk and the associated paper. I plan to review Cisco’s architecture for lawful intercept and explain the approach a bad guy would take to getting access without authorization. I’ll identify several aspects of the design and implementation of the Lawful Intercept (LI) and Simple Network Management Protocol Version 3 (SNMPv3) protocols that can be exploited to gain access to the interface, and provide recommendations for mitigating those vulnerabilities in design, implementation, and deployment. More here: http://blogs.iss.net/archive/blackhatlitalk.html Gadi. For the sake of clarity and transparency, Gadi Evron has absolutely no connection to this research whatsoever. He is famous in the security community for piggybacking off other peoples research. We are frustrated with him as much as we are annoyed. Andrew Security consultant CITATION NEEDED You can goto Full-disclosure mailing list http://www.grok.org.uk/full-disclosure/ and ask about Gadi Evron. There will be plenty folks there who will tell you he is involved in plagiarism. Andrew Security consultant
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On 04/02/10 15:58 -0800, andrew.wallace wrote: CITATION NEEDED You can goto Full-disclosure mailing list http://www.grok.org.uk/full-disclosure/ and ask about Gadi Evron. There will be plenty folks there who will tell you he is involved in plagiarism. Andrew Security consultant That's not a reference. And it reeks of security-consultant-gamesmanship. If you've had a look at Gadi's paper that he intends to present, then discuss with him where you feel he's infringing. -- Dan White
Re: Regular Expression for IPv6 addresses
Richard E. Brown wrote: Folks, My company, Dartware, have derived a regex for testing whether an IPv6 address is correct. I've posted it in my blog: http://intermapper.ning.com/profiles/blogs/a-regular-expression-for-ipv6 This has links to the regular expression, a (Perl) program that tests various correct and malformed addresses, and a Ruby implementation of the same. You know, link local addresses (fe80::/10) are quite useless without specifying the zone of that address. See section 11 of RFC4007. The only proper way of testing if an address is a valid IPv6 address is to feed it to getaddrinfo() and then use it through that API. Yes, you can make some assumptions, but it has shown that people assuming that everything stayed under 2001::/16 also got it wrong at one point in time. Thus just feed it to getaddrinfo() if you really need it. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: Regular Expression for IPv6 addresses
In message 4b6b66ff.50...@spaghetti.zurich.ibm.com, Jeroen Massar writes: Richard E. Brown wrote: Folks, =20 My company, Dartware, have derived a regex for testing whether an IPv6 address is correct. I've posted it in my blog: =20 http://intermapper.ning.com/profiles/blogs/a-regular-expression-for= -ipv6 =20 =20 This has links to the regular expression, a (Perl) program that tests various correct and malformed addresses, and a Ruby implementation of the same. You know, link local addresses (fe80::/10) are quite useless without specifying the zone of that address. See section 11 of RFC4007. The only proper way of testing if an address is a valid IPv6 address is to feed it to getaddrinfo() and then use it through that API. Yes, you can make some assumptions, but it has shown that people assuming that everything stayed under 2001::/16 also got it wrong at one point in time. Thus just feed it to getaddrinfo() if you really need it. Greets, Jeroen And now for the trick question. Is :::077.077.077.077 a legal mapped address and if it, does it match 077.077.077.077? Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: Regular Expression for IPv6 addresses
Mark Andrews wrote: [..] And now for the trick question. Is :::077.077.077.077 a legal mapped address and if it, does it match 077.077.077.077? :::0:0:0:0/96 should never ever be shown to a user, as it is confusing (is it IPv6 or IPv4?) and does not make sense at all. As such whatever one thinks of it, it is illegal in that context. Internally inside a program though using a 128bit sequence of memory is of course a great way to store both IPv6 and IPv4 addresses in one structure and that is where the :::0:0:0:0::/96 format is very useful and intended for. Of course still the representation to the user of addresses stored that way would be 77.77.77.77 (and thus an IPv4 address and not IPv6) even though internally it is written as an IPv6 address. As that usage is internal, you don't need any validation of the format as the input will be either an IPv6 or IPv4 address without any of the compatibility stuff, thus one does not need to handle it anyway. Of course, there should be only limited places where a user can enter or see IP addresses in the first place. There is this great thing called DNS which is what most people should be using. Greets, Jeroen signature.asc Description: OpenPGP digital signature
Re: Regular Expression for IPv6 addresses
In message 4b6b7185.2080...@spaghetti.zurich.ibm.com, Jeroen Massar writes: Mark Andrews wrote: [..] And now for the trick question. Is :::077.077.077.077 a legal mapped address and if it, does it match 077.077.077.077? :::0:0:0:0/96 should never ever be shown to a user, as it is confusing (is it IPv6 or IPv4?) and does not make sense at all. As such whatever one thinks of it, it is illegal in that context. Internally inside a program though using a 128bit sequence of memory is of course a great way to store both IPv6 and IPv4 addresses in one structure and that is where the :::0:0:0:0::/96 format is very useful and intended for. Of course still the representation to the user of addresses stored that way would be 77.77.77.77 (and thus an IPv4 address and not IPv6) even though internally it is written as an IPv6 address. You missed the point 077 is octal and 077.077.077.077 is 63.63.63.63 in the IPv4 address whereas it is decimal dotted quad in a mapped address *if* zero padded decimal dotted quad is legal in a IPv6 text form. As that usage is internal, you don't need any validation of the format as the input will be either an IPv6 or IPv4 address without any of the compatibility stuff, thus one does not need to handle it anyway. Of course, there should be only limited places where a user can enter or see IP addresses in the first place. There is this great thing called DNS which is what most people should be using. Greets, Jeroen --enig57675C04A65E0982D8079586 Content-Type: application/pgp-signature; name=signature.asc Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename=signature.asc -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.12 (MingW32) iEYEARECAAYFAktrcYgACgkQKaooUjM+fCPUCQCgmwJ8u2Zqi1ljQ+PVOByv45Jv OrgAn2iTiqdLdFWT5a9vlM6dUe6McqEO =OqJc -END PGP SIGNATURE- --enig57675C04A65E0982D8079586-- -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
Andrew Security consultant CITATION NEEDED You can goto Full-disclosure mailing list http://www.grok.org.uk/full-disclosure/ ... Andrew Security consultant For clarity and transparency you were banned from that list for trolling under the persona n3td3v. -- bk
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Thu, Feb 4, 2010 at 5:47 PM, Jorge Amodio jmamo...@gmail.com wrote: I'm totally ignorant (most of the time), is anybody actually using SNMPv3 ? sadly, if you are present in the US and you do ip services (public ones) and you deployed a cisco device + calea capabilites, yes you do! :( -chris
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Thu, Feb 4, 2010 at 5:49 PM, Steven Bellovin s...@cs.columbia.edu wrote: On Feb 4, 2010, at 5:42 PM, Christopher Morrow wrote: On Thu, Feb 4, 2010 at 5:26 PM, Crist Clark crist.cl...@globalstar.com wrote: this seems like much more work that matt blaze's work that said: Just send more than 10mbps toward what you want to sneak around... the LEA's pipe is saturated so nothing of use gets to them The Cross/XForce/IBM talk appears more to be about unauthorized access to communications via LI rather than evading them, ...there is a risk that [LI tools] could be hijacked by third parties and used to perform surveillance without authorization. Of course, this has already happened, right... plus the management (for cisco) is via snmp(v3), from (mostly) windows servers as the mediation devices (sad)... and the traffic is simply tunneled from device - mediation - lea not necessarily IPSEC'd from mediation - LEA, and udp-encapped from device - mediation server. http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005 yea, good times... that's really just re-use of the normal LEA hooks in all telco phone switch gear though... not 'calea features' in particular. There's a difference? CALEA is just the US goverment profile of the generic international concept of lawful intercept. hrm, I always equate 'calea' with 'ip intercept', because I (thankfully) never had to see a phone switch (dms type thingy). You are, I believe, correct in that CALEA was first 'telephone' intercept implemented in phone-switch-thingies in ~94?? and was later applied (may 2007ish?) to IP things as well. -Chris
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Feb 4, 2010, at 9:26 PM, Christopher Morrow wrote: On Thu, Feb 4, 2010 at 5:49 PM, Steven Bellovin s...@cs.columbia.edu wrote: On Feb 4, 2010, at 5:42 PM, Christopher Morrow wrote: On Thu, Feb 4, 2010 at 5:26 PM, Crist Clark crist.cl...@globalstar.com wrote: this seems like much more work that matt blaze's work that said: Just send more than 10mbps toward what you want to sneak around... the LEA's pipe is saturated so nothing of use gets to them The Cross/XForce/IBM talk appears more to be about unauthorized access to communications via LI rather than evading them, ...there is a risk that [LI tools] could be hijacked by third parties and used to perform surveillance without authorization. Of course, this has already happened, right... plus the management (for cisco) is via snmp(v3), from (mostly) windows servers as the mediation devices (sad)... and the traffic is simply tunneled from device - mediation - lea not necessarily IPSEC'd from mediation - LEA, and udp-encapped from device - mediation server. http://en.wikipedia.org/wiki/Greek_telephone_tapping_case_2004-2005 yea, good times... that's really just re-use of the normal LEA hooks in all telco phone switch gear though... not 'calea features' in particular. There's a difference? CALEA is just the US goverment profile of the generic international concept of lawful intercept. hrm, I always equate 'calea' with 'ip intercept', because I (thankfully) never had to see a phone switch (dms type thingy). You are, I believe, correct in that CALEA was first 'telephone' intercept implemented in phone-switch-thingies in ~94?? and was later applied (may 2007ish?) to IP things as well. I can make a very good case that CALEA was not just originally intended for voice, but was sold to Congress as something that didn't apply to data networks. The EFF has said it better than I could, though, so look at http://w2.eff.org/Privacy/Surveillance/20040413_EFF_CALEA_comments. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: ip address management
Brian R. Watters wrote: Please do send the dn/load link .. thanks here you go: http://nethead.de/media/files/downloads/ipat/ipadmin-tools.tar.gz http://nethead.de/media/files/downloads/ipat/modrdb.3.3.0-cvs.tar.gz In case you have questions mail me. best regards, Arnd
Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations
On Thu, Feb 04, 2010 at 09:42:24PM -0500, Steven Bellovin wrote: I can make a very good case that CALEA was not just originally intended for voice, but was sold to Congress as something that didn't apply to data networks. The EFF has said it better than I could, though, so look at http://w2.eff.org/Privacy/Surveillance/20040413_EFF_CALEA_comments. Corrected URL: http://w2.eff.org/Privacy/Surveillance/20040413_EFF_CALEA_comments.php
Re: google contact? why is google hosting/supporting/encouraging spammers?
On Thu, Feb 04, 2010 at 05:35:23PM -0600, Tony Varriale wrote: From: Jim Mercer j...@reptiles.org we have recently started getting alot of spam, out of dubai, from ecampaigners@gmail.com all of the spam comes from/through google and google groups. Not that I can point you in the correct direction, but Google Groups is a haven for spammers. In fact, I stopped using it a while ago for this reason. the issue for me is not that they are spamming groups within google groups, but that they are signing up the victim email addresses as members of the group, then using google groups to distribute the content. -- Jim Mercerj...@reptiles.org+92 336 520-4504 I'm Prime Minister of Canada, I live here and I'm going to take a leak. - Lester Pearson in 1967, during a meeting between himself and President Lyndon Johnson, whose Secret Service detail had taken over Pearson's cottage retreat. At one point, a Johnson guard asked Pearson, Who are you and where are you going?
Re: fiber plant management?
Honestly? A spreadsheet will do it. -M On 2/4/10, Justin M. Streiner strei...@cluebyfour.org wrote: To those of you who currently operate large campus/metro fiber plants, what are you currently using to track the usage of that plant? By that I mean things such as: * tracking the number of free/used/unusable strands in a cable * tracking conduit utilization * tying OTDR test results/power meter readings to strands * trying as-built drawings to cable routes and plant assets like manholes, junction boxes, transition splice points, duct banks, utility poles, etc. * mapping termination bays to cables * tracking cross-connects and splice locations * grouping cable segments and cross-connects together into a path/circuit * utilization reports, etc. I've looked at one or two commercial packages, and might look at more as time permits. I haven't seen much in the open-source world, and I suspect that many places ended up rolling their own management apps to tie into existing provisioning systems, etc. It's possible that I could end up going that route as well. jms -- Martin Hannigan mar...@theicelandguy.com p: +16178216079 Power, Network, and Costs Consulting for Iceland Datacenters and Occupants
Re: How polluted is 1/8?
Schiller, Heather A (HeatherSkanks) wrote: 14/8 isn't all they are using internally.. 1,4,5,42 and that's just the stuff that hasn't been delegated out by IANA yet. I am sure this practice is pervasive.. and it's an issue that doesn't typically come up in talks about prepping for IPv4 depletion. Maybe it will now.. FWIW, I don't believe these netblocks are completely unusable. Nor do I, people will receive assignments out of them, and route them and cope with the occasional blackhole. Those whose applications or internal numbering schemes use them will bear a not insignificant cost associated with mitigation. If RIR policies permit you to get address space for private networks, it could be allocated to an organization that understands and accepts the pollution issue because they will never intend to route the space publicly. (Such a thing does exist..) +1 volunteering to sink traffic for 1.1.1.0/24 --heather -Original Message- From: Joel Jaeggli [mailto:joe...@bogus.com] Sent: Wednesday, February 03, 2010 11:09 AM To: Mirjam Kuehne Cc: nanog@nanog.org Subject: Re: How polluted is 1/8? It should be of no surprise to anyone that a number of the remaining prefixes are something of a mess(somebody ask t-mobile how they're using 14/8 internally for example). One's new ipv4 assignments are going to be of significantly lower quality than the one received a decade ago, The property is probably transitive in that the overall quality of the ipv4 unicast space is declining... The way to reduce the entropy in a system is to pump more energy in, there's always the question however of whether that's even worth it or not. joel Mirjam Kuehne wrote: Hello, After 1/8 was allocated to APNIC last week, the RIPE NCC did some measurements to find out how polluted this block really is. See some surprising results on RIPE Labs: http://labs.ripe.net/content/pollution-18 Please also note the call for feedback at the bottom of the article. Kind Regards, Mirjam Kuehne RIPE NCC
Re: Regular Expression for IPv6 addresses
And now for the trick question. Is :::077.077.077.077 a legal mapped address and if it, does it match 077.077.077.077? :::0:0:0:0/96 should never ever be shown to a user, as it is confusing (is it IPv6 or IPv4?) and does not make sense at all. As such whatever one thinks of it, it is illegal in that context. Define user? Both Cisco and Juniper use these addresses for IPv6 L3VPNs, and the addresses are definitely visible. Cisco and Juniper examples: B2001:abcd:60:3::/64 [200/0] via :::172.16.101.204 (nexthop in vrf default), 4d10h B2001:abcd:60:4::/64 [200/0] via :::172.16.101.205 (nexthop in vrf default), 4d10h B2001:abcd:60:7::/64 [200/0] via :::172.16.1.7 (nexthop in vrf default), 6d13h :::172.16.1.1/128 *[LDP/6] 4d 11:01:30, metric 1 to 172.16.102.201 via ge-0/3/0.0, Push 313008 :::172.16.1.2/128 *[LDP/6] 1w0d 20:27:12, metric 1 to 172.16.102.201 via ge-0/3/0.0, Push 312240 :::172.16.1.3/128 *[LDP/6] 4d 11:01:30, metric 1 to 172.16.102.201 via ge-0/3/0.0, Push 313024 Steinar Haug, Nethelp consulting, sth...@nethelp.no
