[Nanog-futures] Membership, was Transition update
Am I correct in noticing that as of __11_day of May 2010 the requirement of written application and paid membership dues has been instantiated for newnog? http://www.newnog.org/docs/consent-full.pdf I advocate that the previous attendance requirements for voting continue to be sufficient for membership (and voting rights) and that anyone presently qualified to vote under such terms be permitted to continue to qualify that way for $some_lengthy_period, if they wish. A sufficient rationale for me would be that to do otherwise would impose a monetary penalty, however modest, on those who attend meetings. Will the upcoming NANOG Community Meeting constitute a proper venue to vote on such an amendment to the bylaws? Or would the existing Board of Directors be so kind as to vote by a 2/3rds majority to do the same? :) I volunteer to serve on the Bylaws Committee. John Springer ___ Nanog-futures mailing list Nanog-futures@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog-futures
Re: Nato warns of strike against cyber attackers
Owen DeLong wrote: Software has been out of control for a long time and I hope that the gov't will start by ruling the not responsible for our negligence or the damage it causes clauses of software licenses invalid. The beauty of my attractive nuisance argument is that the EULA doesn't shield Microsoft from the damage their software causes to a 3rd party such as the ISP who has to deal with the botnet infections of their customers. jc
SCO UNIX Errors
Hi, Am getting the following error from my SCO UNIX box. Any idea as to what they mean. proto: 0, age: 1274191185 locks: inits: sockaddrs: DST,GATEWAY 172.16.3.12 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags :UP,GATEWAY,HOST,DONE,PMTU,PMTUMOD proto: 0, age: 1274191200 locks: inits: sockaddrs: DST,GATEWAY 172.16.3.12 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags :UP,GATEWAY,HOST,DONE,PMTU proto: 0, age: 1274191204 locks: inits: sockaddrs: DST,GATEWAY 172.16.10.3 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags :UP,GATEWAY,HOST,DONE,PMTU,PMTUMOD proto: 0, age: 1274191206 locks: inits: sockaddrs: DST,GATEWAY 172.16.3.12 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags:UP,GATEWAY,HOST,DONE,PMTU,PMTUMOD proto: 0, age: 1274191249 locks: inits: sockaddrs: DST,GATEWAY 172.16.3.12 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags:UP,GATEWAY,HOST,DONE,PMTU proto: 0, age: 1274191250 locks: inits: sockaddrs: DST,GATEWAY 172.16.10.3 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags:UP,GATEWAY,HOST,DONE,PMTU,PMTUMOD proto: 0, age: 1274191264 locks: inits: sockaddrs: DST,GATEWAY 172.16.3.12 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags:UP,GATEWAY,HOST,DONE,PMTU proto: 0, age: 1274191268 locks: inits: sockaddrs: DST,GATEWAY 172.16.10.3 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags:UP,GATEWAY,HOST,DONE,PMTU,PMTUMOD proto: 0, age: 1274191270 locks: inits: sockaddrs: DST,GATEWAY 172.16.3.12 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags:UP,GATEWAY,HOST,DONE,PMTU proto: 0, age: 1274191297 locks: inits: sockaddrs: DST,GATEWAY 172.16.10.3 172.16.1.254 Regards, Jacob
Re: SCO UNIX Errors
On Wed, 2010-06-09 at 23:40 -0700, jacob miller wrote: Hi, Am getting the following error from my SCO UNIX box. They mean use an operating system not made by crackheads. There's a reason why SCO switched from UNIX sales to Intellectual Property trolling after all. William
Re: ISP Responsibilities [WAS: Re: Nato warns of strike against cyber attackers]
On Tue, Jun 08, 2010 at 11:14:10PM -0700, Paul Ferguson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 To cut through the noise and non-relevant discussion, let's see if we can boil this down to a couple of issues: 1. Should ISPs be responsible for abuse from within their customer base? No and no. The first no being legally, the second, morally. The user is responsible for the abuse. Now, if the question had been whether the ISP should be responsible for dealing with it appropriately, then the answer would be yes. Of course, when it comes to the legal aspect, it would probably vary from country to country. No, let me rephrase that: It _does_ vary from country to country, and probably also state to state. However, to hold someone else responsible for a person's criminal activity would be just plain wrong, as long as the ISP's part in the activity is only to give their customer access to networks and services that every other customer also gets access to. 2. Should hosting providers also be held responsible for customers who abuse their services in a criminal manner? No. For several reasons. First, the hosting provider normally does not have too much control over what the customers actually do. If someone complains, or they detect something through audits or similar, that is different. But even then, there will be certain problems. How does the hosting provider know that something is, in fact, criminal? In some cases, that may be obvious, but there will be cases where the case is not so clear. If the provider might be held responsible for something their customers do, they might decide to remove legal content 'just in case'. Also, who would determine whether something is illegal or not? Tech support? The admin? I doubt that any of those are able to determine something that courts tend to spend a lot of time and resources on. I think anyone in their right mind would agree that if a provider see criminal activity, they should take action, no? Not necessarily. Again, this would of course depend on the laws in the given state or country. However, people disagree on what is considered legal or not. If everyone _had_ agreed on this, the courts would have had less work. It is the responsibility of the judicial system to determine whether someone is breaking the law or not. For commercial companies to start making that sort of judgements is, at least in my opinion, _not_ a good thing. -- Ina Faye-Lund
Re: ISP Responsibilities [WAS: Re: Nato warns of strike againstcyber attackers]
From recent article at MIT Technology Review: How ISPs Could Combat Botnets Focusing on the top 50 infected networks could eliminate half of all compromised machines. Convincing Internet service providers to pinpoint infected computers on their networks could eliminate the lion's share of zombie computers responsible for churning out spam and initiating other online threats, according to a new analysis. The researchers analyzed more than 63 billion unsolicited e-mail messages sent over a four-year period and found more than 138 million unique internet addresses linked to sending out the spam. Typically such machines have been hijacked by hackers and are corralled into a vast network of remote-controlled system known as a botnet. By correlating the Internet protocol addresses of these spam-sending machines with the networks maintained by Internet service providers, the researchers found that about two-thirds of them were located in the networks managed by the 200 largest ISPs from 40 countries. The top-50 networks responsible accounted for more than half of all compromised IP addresses. If these ISPs were to shut down, or block, the malicious machines on their networks, it could cut worldwide spam by half. Those 50 ISPs are not the [dubious] ones we hear about, says Michel van Eeten, professor of public administration at the Delft University of Technology in the Netherlands and one of the authors of a paper on the research, which will be presented next month at the Workshop on the Economics of Information Security at Harvard University. They are the ones we deal with every day, and so are more approachable and are in the reach of government. Rest here: http://www.technologyreview.com/computing/25245/
Re: Nato warns of strike against cyber attackers
This would appear to be political in nature and therefore not operational, right? Larry Sheldon larryshel...@cox.net wrote: On 6/9/2010 08:21, Joe Greco wrote: Your car emits lots of greenhouse gases. Just because it's /less/ doesn't change the fact that the Prius has an ICE. We have a Prius and a HiHy too. Did Godwin say anything about rand discussions degenerating to mythologies like gorebull warming? -- Somebody should have said: A democracy is two wolves and a lamb voting on what to have for dinner. Freedom under a constitutional republic is a well armed lamb contesting the vote. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml -- Sent from my Android phone with K-9 Mail. Please excuse my brevity.
Re: SCO UNIX Errors
The best place to ask this question is on usenet:comp.unix.sco.misc. jacob miller wrote (on Wed, Jun 09, 2010 at 11:40:27PM -0700): Hi, Am getting the following error from my SCO UNIX box. Any idea as to what they mean. proto: 0, age: 1274191185 locks: inits: sockaddrs: DST,GATEWAY 172.16.3.12 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags :UP,GATEWAY,HOST,DONE,PMTU,PMTUMOD proto: 0, age: 1274191200 locks: inits: sockaddrs: DST,GATEWAY 172.16.3.12 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags :UP,GATEWAY,HOST,DONE,PMTU proto: 0, age: 1274191204 locks: inits: sockaddrs: DST,GATEWAY 172.16.10.3 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags :UP,GATEWAY,HOST,DONE,PMTU,PMTUMOD proto: 0, age: 1274191206 locks: inits: sockaddrs: DST,GATEWAY 172.16.3.12 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags:UP,GATEWAY,HOST,DONE,PMTU,PMTUMOD proto: 0, age: 1274191249 locks: inits: sockaddrs: DST,GATEWAY 172.16.3.12 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags:UP,GATEWAY,HOST,DONE,PMTU proto: 0, age: 1274191250 locks: inits: sockaddrs: DST,GATEWAY 172.16.10.3 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags:UP,GATEWAY,HOST,DONE,PMTU,PMTUMOD proto: 0, age: 1274191264 locks: inits: sockaddrs: DST,GATEWAY 172.16.3.12 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags:UP,GATEWAY,HOST,DONE,PMTU proto: 0, age: 1274191268 locks: inits: sockaddrs: DST,GATEWAY 172.16.10.3 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags:UP,GATEWAY,HOST,DONE,PMTU,PMTUMOD proto: 0, age: 1274191270 locks: inits: sockaddrs: DST,GATEWAY 172.16.3.12 172.16.1.254 route: got message of size 120 RTM_LOSING: Kernel Suspects Partitioning: len 120, pid: 0, seq 0, errno 0, flags:UP,GATEWAY,HOST,DONE,PMTU proto: 0, age: 1274191297 locks: inits: sockaddrs: DST,GATEWAY 172.16.10.3 172.16.1.254 Regards, Jacob -- _ Nachman Yaakov Ziskind, FSPA, LLM aw...@ziskind.us Attorney and Counselor-at-Law http://ziskind.us Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants
Re: SCO UNIX Errors
On Thu, 10 Jun 2010 05:39:43 EDT, N. Yaakov Ziskind said: The best place to ask this question is on usenet:comp.unix.sco.misc. This is, of course, if you can find a still-functional usenet server. ;) pgp74dWyAu0bD.pgp Description: PGP signature
Re: Nato warns of strike against cyber attackers
Going back then to a previous question, do we want more/any regulation ? Yes. All vulnerable industries should have their use of network communications regulated. This means all power stations, electricity line operators, dam gate operators, etc. They should all be required to meet a standard of practice for secure network communications, air gap between SCADA networks and all other networks, and annual network inspections to ensure compliance. If any organization operates an infrastructure which could be vulnerable to cyberattack that would damage the country in which they operate, that organization needs to be regulated to ensure that their networks cannot be exploited for cyberattack purposes. That is the correct and measured response which does not involve the military except possibly in a security advisory role, and which is within the powers of governments. I would expect that the increased awareness of network security that resulted would pay dividends in business and home use of networks. --Michael Dillon
Re: Nato warns of strike against cyber attackers
I would expect that the increased awareness of network security that resulted would pay dividends in business and home use of networks. I'd expect a lot of nice business for audit firms with the right government connections, and another checklist with a magic acronym that has everything to do with security theatre and nothing to do with either actual security or the reality of operating a network. But perhaps I'm jaded from dealing with current auditors. Regards, Tim.
Re: Nato warns of strike against cyber attackers
On Thu, 10 Jun 2010 12:27:18 BST, Michael Dillon said: If any organization operates an infrastructure which could be vulnerable to cyberattack that would damage the country in which they operate, that organization needs to be regulated to ensure that their networks cannot be exploited for cyberattack purposes. s/cannot be/minimize the risk of/ And would damage the country is a very fuzzy concept that you really don't want to go anywhere near. Remember Microsoft arguing that a Federal judge shouldn't impose an injunction that was going to make them miss a ship date, on the grounds that the resulting delay would cause lost productivity at customer sites and harm the economy? (Mind you, I thought MS was making a good case they *should* be regulated, if their ship dates actually had that much influence.. ;) pgpw3BZV4d1P7.pgp Description: PGP signature
Re: Nato warns of strike against cyber attackers
Tim Franklin wrote: and another checklist with a magic acronym that has everything to do with security theatre and nothing to do with either actual security or the reality of operating a network. Checklists come in handy in fact if many were followed (BCP checklists, appropriate industry standard fw, system rules) the net would be a cleaner place. What I've seen by many responses are feet dragging: Ah why bother it won't do nothing to stop it... Without even trying. It all begins with one's own network. The entire concept of peering was built on trust of the peer. Would you knowingly allow someone to share your hallway without taking precautionary measures or at least a vigilant eye. What happens when you see something out of the norm, do you continue to allow them without saying anything waiting for your neighbor to speak. In doing so, how can you be assured the individual won't try to creep up on your property. // JC Dill wrote: Yes, ISPs are going to have to handle the problem. But, IMHO the root cause of the problem starts in Redmond, and ISPs should sue Redmond for the lack of suitable security in their product, rendering it an attractive nuisance and requiring ISPs to clean up after Redmond's mess. It's not fair to expect ISPs to shoulder this burden, and it's not fair to pass on the cost to customers as a blanket surcharge (and it won't work from a business standpoint) as not all customer use Microsoft's virus-vector software. And it's not really fair to expect the end customer to shoulder this burden when it's Microsoft's fault for failing to properly secure their software. But end user customers don't have the resources to sue Microsoft, and then there's that whole EULA problem. ISPs who are NOT a party to the EULA between Microsoft and the user, but who are impacted by Microsoft's shoddy security can (IMHO) make a valid claim that Microsoft created an attractive nuisance (improperly secured software), and should be held accountable for the vandal's use thereof, used to access and steal resources (bandwidth, etc.) from the ISP thru the ISP's customers infested Windows computer. // More finger pointing here. Should MS now sue Adobe for shoddy coding because Adobe's PDF reader caused a compromise (improperly secured software). Let's take it from the top down for a moment and focus on what is going on. Operating systems are insecure it doesn't matter if it was produced by a company in Redmond or hacked together on IRC. ANY operating system that is in an attacking state (dishing out malware, attacking other machines) is doing so via a network. If slash when you see it, do you shrug it off and say not my problem, its because of someone's lack of oversight in Redmond when you have the capability to stop it. ISP's don't have to handle the problem, they SHOULD handle the problem. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT It takes 20 years to build a reputation and five minutes to ruin it. If you think about that, you'll do things differently. - Warren Buffett 227C 5D35 7DCB 0893 95AA 4771 1DCE 1FD1 5CCD 6B5E http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x5CCD6B5E
Broadband Internet Technical Advisory Group
This just popped up - BITAG, the Broadband Internet Technical Advisory Group, which apparently has some Google backing. While it does not impact router configuration today, it sure does sound like they want to in the future. http://www.prnewswire.com/news-releases/initial-plans-for-broadband-internet-technical-advisory-group-announced-95950709.html http://googlepublicpolicy.blogspot.com/2010/06/broadband-internet-technical-advisory.html For some time now, we’ve been advocating for the formation of a group of technical experts to put forward their best thinking on how to manage broadband networks in ways that still preserve and promote an open Internet. We’ve worked closely with Verizon and others in the Internet sector to further develop the concept, and we’re excited by today’s announcement that the Broadband Internet Technical Advisory Group , or BITAG, has begun the process of formally launching. Regards Marshall
Re: Nato warns of strike against cyber attackers
Checklists come in handy in fact if many were followed (BCP checklists, appropriate industry standard fw, system rules) the net would be a cleaner place. Sensible checklists that actually improve matters, yes. The audit checklists I've often been subjected to, full of security theatre and things that are accepted auditor wisdom rather than contributing to the security of the network in any meaningful way, not so much. Regards, Tim.
Re: SCO UNIX Errors
valdis.kletni...@vt.edu wrote (on Thu, Jun 10, 2010 at 06:27:09AM -0400): On Thu, 10 Jun 2010 05:39:43 EDT, N. Yaakov Ziskind said: The best place to ask this question is on usenet:comp.unix.sco.misc. This is, of course, if you can find a still-functional usenet server. ;) If not, there's Google Groups, and I believe that CUSM is gated to a mailing list. I'm just saying. -- _ Nachman Yaakov Ziskind, FSPA, LLM aw...@ziskind.us Attorney and Counselor-at-Law http://ziskind.us Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants
Re: Broadband Internet Technical Advisory Group
Looks to me more like the constitution of the Net'Cartel somebody forgot to invite ICANN ? BITAG-BCP01 how to hijack the net and the standards process ... Are we evolving ? Cheers Jorge
Re: SCO UNIX Errors
William Pitcock wrote (on Thu, Jun 10, 2010 at 01:45:18AM -0500): On Wed, 2010-06-09 at 23:40 -0700, jacob miller wrote: Hi, Am getting the following error from my SCO UNIX box. They mean use an operating system not made by crackheads. There's a reason why SCO switched from UNIX sales to Intellectual Property trolling after all. William Te be pednatic, the *operating system* was not made by crackheads. The crackheads who trashed the company (hint: it started a *long* time before McBride) were always the suits. The operating system is quite solid, but a bit dated, and (with the shift to IP trolling) became more and more out of date. But the coders were really nice people, and they did some really nice things. Operational content: never let the suits run your company. :-) Or, if they do, keep your eye on the door. -- _ Nachman Yaakov Ziskind, FSPA, LLM aw...@ziskind.us Attorney and Counselor-at-Law http://ziskind.us Economic Group Pension Services http://egps.com Actuaries and Employee Benefit Consultants
Re: Nato warns of strike against cyber attackers
And would damage the country is a very fuzzy concept that you really don't want to go anywhere near. I wasn't drafting legislation; I was introducing a concept. I would expect that actual legislation would explicitly list which industries were subject to such regulation. Otherwise it might include all Internet PoPs and datacenters which would be rather dumb. --Michael Dillon
Re: Nato warns of strike against cyber attackers
J. Oquendo wrote: More finger pointing here. You say that like it's a bad thing. I'm pointing fingers at the company that has a long history of selling software with shoddy security (including releasing newer versions with restored vulnerabilities that were found and fixed years earlier), and then passing the buck on fixing the issues it causes by hiding behind their EULA. Their EULA protects Microsoft from their own customers, but it does NOT protect Microsoft from the effects the damage causes on OTHERS who are not parties to the EULA. This is where attractive nuisance comes in. ISP's don't have to handle the problem, they SHOULD handle the problem. This whole thread is about ISPs not handling the problem and allowing the problem to affect others beyond the ISP. In this case we could claim the ISP is also allowing an attractive nuisance to damage others and hold that ISP responsible for the damage that extends outside their network. However, we don't need a legal framework to solve THAT problem - we can address it with appropriate network blocks etc. (UDP-style) jc
Re: Nato warns of strike against cyber attackers
On Jun 9, 2010, at 11:05 PM, JC Dill wrote: Owen DeLong wrote: Software has been out of control for a long time and I hope that the gov't will start by ruling the not responsible for our negligence or the damage it causes clauses of software licenses invalid. The beauty of my attractive nuisance argument is that the EULA doesn't shield Microsoft from the damage their software causes to a 3rd party such as the ISP who has to deal with the botnet infections of their customers. jc Yep... Much the same as my suggestion merely involves applying the same product liability standards as every other industry faces to software. Owen
Best Practices checklists
I expect that the collected members of this list could do a good job of defining some network security practices checklists. Now that NANOG has been spun out as an independent entity, I would hate to see it become just another conference organizer. In the recent past many professions have learned how valuable a simple checklist is in preventing errors and ensuring that work adheres to a certain standard. So I am suggesting that NANOG take on the task of compiling and publishing checklists for various areas of network operations. We could have a NANOG wiki where people can publish, and work over, suggestions for checklist topics and content. Then at the conferences, a BOF-style meeting could hash out the official published versions. We could have an interesting debate on whether or not this would make a difference and whether or not NANOG should take on this role. But I hope that we are now at a point where we see that network sloppiness and insecurity are becoming such major issues that action is needed. Let's act first, and evaluate the usefulness of the work, later. --Michael Dillon
Re: Best Practices checklists
On Thu, Jun 10, 2010 at 05:05:35PM +0100, Michael Dillon wrote: I expect that the collected members of this list could do a good job of defining some network security practices checklists. Now that NANOG has been spun out as an independent entity, I would hate to see it become just another conference organizer. In the recent past many professions have learned how valuable a simple checklist is in preventing errors and ensuring that work adheres to a certain standard. So I am suggesting that NANOG take on the task of compiling and publishing checklists for various areas of network operations. We could have a NANOG wiki where people can publish, and work over, suggestions for checklist topics and content. Then at the conferences, a BOF-style meeting could hash out the official published versions. We could have an interesting debate on whether or not this would make a difference and whether or not NANOG should take on this role. But I hope that we are now at a point where we see that network sloppiness and insecurity are becoming such major issues that action is needed. Let's act first, and evaluate the usefulness of the work, later. This is in large part what Aaron is trying to organize. There is a track on this topic on Monday afternoon. Please see http://nanog.org/meetings/nanog49/abstracts.php?pt=MTU2NyZuYW5vZzQ5nm=nanog49 Thnx, Dave signature.asc Description: Digital signature
Re: Best Practices checklists
This is a good topic for nanog-futures and not the main list since it's about the organization. Kris On Jun 10, 2010, at 9:05 AM, Michael Dillon wrote: I expect that the collected members of this list could do a good job of defining some network security practices checklists. Now that NANOG has been spun out as an independent entity, I would hate to see it become just another conference organizer. In the recent past many professions have learned how valuable a simple checklist is in preventing errors and ensuring that work adheres to a certain standard. So I am suggesting that NANOG take on the task of compiling and publishing checklists for various areas of network operations. We could have a NANOG wiki where people can publish, and work over, suggestions for checklist topics and content. Then at the conferences, a BOF-style meeting could hash out the official published versions. We could have an interesting debate on whether or not this would make a difference and whether or not NANOG should take on this role. But I hope that we are now at a point where we see that network sloppiness and insecurity are becoming such major issues that action is needed. Let's act first, and evaluate the usefulness of the work, later. --Michael Dillon
Re: Nato warns of strike against cyber attackers
On 6/9/10 2:56 PM, Owen DeLong wrote: On Jun 9, 2010, at 8:26 AM, Brielle Bruns wrote: On 6/9/10 6:27 AM, Jorge Amodio wrote: Going back then to a previous question, do we want more/any regulation ? Laws and regulation exist because people can't behave civilly and be expected to respect the rights/boundries/property others. CAN-SPAM exists because the e-mail marketing business refused to self regulate and respect the wishes of consumers/administrators Which is good, because it certainly eliminated most of the SPAM. -- NOT! FDCPA exists because the debt collectors couldn't resist the temptation to harass and intimidate consumers, and behave ethically. And of course, it has caused them all to do so, now, right? -- NOT! These may not solve all problems, but it does give victims (at least in the case of debt collectors) the ability to club them in the face in court a few times to the tune of a thousand bucks or so an incident. Nothing is more satisfying then being able to offer a debt collector the option to settle for $X amount. :) Lately, the courts have been ruling that companies like LimeWire are responsible for their products being used for piracy/downloading because they knew what was going on, but were turning a blind eye. This is a positive step, IMHO, but, now companies like Apple and Micr0$0ft need to be held to similar standards. Problem is, Microsoft and Apple, though being lax in their coding practices, can't entirely help it. Open Source software has the same problems, but do you really think that we should be charging Linus every time a Linux box is owned? There comes a point where a program is so large and expansive that holes/exploits is a fact of life. Why not apply the same standards to ISPs? If it can be shown that you had knowledge of specific abuse coming from your network, but for whatever reason, opted to ignore it and turn a blind eye, then you are responsible. I agree. When I see abuse from my network or am made aware of it, I isolate and drop on my edge the IPs in question, then investigate and respond. Most times, it takes me maybe 10-15 minutes to track down the user responsible, shut off their server or host, then terminate their stupid self. Yep. A little bit of effort goes a long way. But, if you refuse to put in the effort (I'm looking at you, GoDaddy Abuse Desk), then of course the problems won't go away. Agreed. Now if only we could get certain providers to put some effort into it... -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
Re: Nato warns of strike against cyber attackers
On Thu, Jun 10, 2010 at 4:22 AM, Jorge Amodio jmamo...@gmail.com wrote: Cyber Threats Yes, But Is It Cyber War? http://www.circleid.com/posts/20100609_cyber_threats_yes_but_is_it_cyberwar/ -J Cyber war is something made up by the security industry to save it from going bankrupt because the traditional profit vectors such as virus and worm authors aren't releasing threats to the web anymore because the motivation for the hackers has changed from fun to money. You've got folks now trying to artificially ramp up cyber security as a national security agenda now to create a new profit vector now that the traditional threats don't exist anymore. How do we ramp up cyber security as a national security agenda, something the next president has to worry about? How do we get cyber security as the top headline on CNN and Fox News so that cyber security is something The White House works on? http://www.youtube.com/watch?v=FSUPTZVlkyU The response to this video was It Shouldn't Take a 9/11 to Fix Cybersecurity (But it Might) http://www.youtube.com/watch?v=cojeP3kJBugfeature=watch_response I highlighted these suspicious videos on Full-disclosure mailing list but they didn't seem to think there was anything wrong. I also sent them to MI5 via their web form but I've had no reply from them. Andrew http://sites.google.com/site/n3td3v/
Re: Nato warns of strike against cyber attackers
On Wed, Jun 09, 2010 at 16:44:38PM -0400, Barry Shein wrote: MAYBE IF [please read thru before replying because I probably cover most knee-jerk responses eventually]: d) Microsoft hadn't ignored all these basic security practices in operating systems which were completely well understood and implemented in OS after OS back to at least 1970 if not before because they saw more profit in, to use a metaphor, selling cars without safety glass in the windshields etc, consequences be damned. That's a thesis argued in Clarke's book (already mentioned here on NANOG, and slashdot and ...): Microsoft has vast resources, literally billions of dollars in cash, or liquid assets reserves. Microsoft is an incredibly successful empire built on the premise of market dominance with low-quality goods. Who wrote those lines? Steve Jobs? Linux inventor Linus Torvalds? Ralph Nader? No, the author is former White House adviser Richard A. Clarke in his new book, Cyber War: The Next Threat to National Security and What to Do About It. Clarke tries to be fair. He notes that Microsoft didn't originally intend its software for critical networks. But even his efforts at fairness are unflattering. Microsoft's original goal was to get the product out the door and at a low cost of production, he explains. http://arstechnica.com/security/news/2010/06/cyber-war-microsof t-a-weak-link-in-national-security.ars -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Upcoming Improvements to ARIN's Directory Service
On 6/10/2010 11:46, Jason Lewis wrote: I just found out that with the move to this new service that the bulk access FTP is going to be phased out. By design, there will be no way to automate the bulk download of this data. Is anyone else using the data in an environment that will be seriously impacted by this change? Apparently we're supposed to be going all Web 2.0 now. ~Seth
Re: Upcoming Improvements to ARIN's Directory Service
On Thu, Jun 10, 2010 at 2:23 PM, Seth Mattinen se...@rollernet.us wrote: On 6/10/2010 11:46, Jason Lewis wrote: I just found out that with the move to this new service that the bulk access FTP is going to be phased out. By design, there will be no way to automate the bulk download of this data. Is anyone else using the data in an environment that will be seriously impacted by this change? Apparently we're supposed to be going all Web 2.0 now. ~Seth Nothing wrong with having a nicer interface, but hopefully not at the expense of bulk data. If it's a huge issue to support FTP data transfers, they could at least provide a means through the web service to get bulk data intelligently. -- Brandon Galbraith Voice: 630.492.0464
RE: Google Issues?
Yeah, I cannot reproduce from any other location so it seems tied to our PAT address... Guess I have to actually do work. :) I suspect malware as our PAT is actually running less translations than typical. Checking with our IDS vendor. Thanks for the follow up. -Original Message- From: Rubens Kuhl [mailto:rube...@gmail.com] Sent: Thursday, June 10, 2010 12:34 PM To: Thomas Magill Cc: nanog@nanog.org Subject: Re: Google Issues? This usually indicates a heavily malware-contaminated userbase or 1-to-N NAT/PAT with a large N. Having both is what usually triggers this, but sometimes if you are strong on one, it could be enough. Rubens On Thu, Jun 10, 2010 at 4:23 PM, Thomas Magill tmag...@providecommerce.com wrote: Is anyone seeing warnings today from Google that they suspect that searches are coming from an automated source and asking to complete some captcha-type authentication to complete a search? We have had a couple of reports on this and I want to make sure it isn't a google issue. I know this isn't really an operator issue but there are enough knowledgeable people here that I thought I would ask. Thomas Magill Network Engineer Office: (858) 909-3777 Cell: (858) 869-9685 mailto:tmag...@providecommerce.com mailto:tmag...@providecommerce.com provide-commerce 4840 Eastgate Mall San Diego, CA 92121 ProFlowers http://www.proflowers.com/ | redENVELOPE http://www.redenvelope.com/ | Cherry Moon Farms http://www.cherrymoonfarms.com/ | Shari's Berries http://www.berries.com/
Re: Best Practices checklists
On Thu, 10 Jun 2010 17:05:35 BST, Michael Dillon said: I expect that the collected members of this list could do a good job of defining some network security practices checklists. Already done for some stuff: http://www.cisecurity.org You disagree with the content or choices, feel free to join in and help ;) (Full disclosure: I'll take partial blame for the Solaris, AIX, and Linux benchmark documents...) pgpBgz0cnCjjN.pgp Description: PGP signature
Google Issues?
Is anyone seeing warnings today from Google that they suspect that searches are coming from an automated source and asking to complete some captcha-type authentication to complete a search? We have had a couple of reports on this and I want to make sure it isn't a google issue. I know this isn't really an operator issue but there are enough knowledgeable people here that I thought I would ask. Thomas Magill Network Engineer Office: (858) 909-3777 Cell: (858) 869-9685 mailto:tmag...@providecommerce.com mailto:tmag...@providecommerce.com provide-commerce 4840 Eastgate Mall San Diego, CA 92121 ProFlowers http://www.proflowers.com/ | redENVELOPE http://www.redenvelope.com/ | Cherry Moon Farms http://www.cherrymoonfarms.com/ | Shari's Berries http://www.berries.com/
Re: Upcoming Improvements to ARIN's Directory Service
Apparently we're supposed to be going all Web 2.0 now. Web 2.0 can handle bulk transfers of data just fine. I wonder if this is somehow related to privacy and data protection laws. Just recently, RIPE announced that they were going to block bulk transfers as a result of data protection laws, presumably because some law has just changed. Obviously ARIN is under a different legal regime than RIPE, however data protection has recently been a hot button issue in the USA and it is possible that something similar will happen. Given the importance of case law in the USA, as opposed to legislation, I wouldn't be surprised if there was some sort of legal review going on. But again, as far as technology goes, HTTP is a superior file transfer protocol to FTP, so the move to Web 2.0 RESTful transactions over HTTP does not give any technical reason to stop bulk transfers. In fact, it may just be an oversight so you should really ask them Clearly, if nobody bothers to ask about bulk transfers, then nobody uses them and nobody cares, so shutting them down is the right thing to do. --Michael Dillon
Re: Google Issues?
This usually indicates a heavily malware-contaminated userbase or 1-to-N NAT/PAT with a large N. Having both is what usually triggers this, but sometimes if you are strong on one, it could be enough. Rubens On Thu, Jun 10, 2010 at 4:23 PM, Thomas Magill tmag...@providecommerce.com wrote: Is anyone seeing warnings today from Google that they suspect that searches are coming from an automated source and asking to complete some captcha-type authentication to complete a search? We have had a couple of reports on this and I want to make sure it isn't a google issue. I know this isn't really an operator issue but there are enough knowledgeable people here that I thought I would ask. Thomas Magill Network Engineer Office: (858) 909-3777 Cell: (858) 869-9685 mailto:tmag...@providecommerce.com mailto:tmag...@providecommerce.com provide-commerce 4840 Eastgate Mall San Diego, CA 92121 ProFlowers http://www.proflowers.com/ | redENVELOPE http://www.redenvelope.com/ | Cherry Moon Farms http://www.cherrymoonfarms.com/ | Shari's Berries http://www.berries.com/
Re: Upcoming Improvements to ARIN's Directory Service
It's very clear. I went back and forth with support, asking how to automate my bulk transfer with the new system. Me: Is the bulk data download going to be available for automated download. I can currently download the data daily from the ftp via a script. The new web page doesn't seem to support that. Support: No, there is no automation by design. I'm ok with whatever system they provide if the functionality stays the same. I don't understand what they gain by making a human login and download the file. On Thu, Jun 10, 2010 at 5:26 PM, Michael Dillon wavetos...@googlemail.com wrote: Apparently we're supposed to be going all Web 2.0 now. Web 2.0 can handle bulk transfers of data just fine. I wonder if this is somehow related to privacy and data protection laws. Just recently, RIPE announced that they were going to block bulk transfers as a result of data protection laws, presumably because some law has just changed. Obviously ARIN is under a different legal regime than RIPE, however data protection has recently been a hot button issue in the USA and it is possible that something similar will happen. Given the importance of case law in the USA, as opposed to legislation, I wouldn't be surprised if there was some sort of legal review going on. But again, as far as technology goes, HTTP is a superior file transfer protocol to FTP, so the move to Web 2.0 RESTful transactions over HTTP does not give any technical reason to stop bulk transfers. In fact, it may just be an oversight so you should really ask them Clearly, if nobody bothers to ask about bulk transfers, then nobody uses them and nobody cares, so shutting them down is the right thing to do. --Michael Dillon
Re: Nato warns of strike against cyber attackers
http://www.theatlantic.com/politics/archive/2010/06/homeland-securitys-cyber-bill-would-codify-executive-emergency-powers/57946/ http://tinyurl.com/2gyezyg -- Somebody should have said: A democracy is two wolves and a lamb voting on what to have for dinner. Freedom under a constitutional republic is a well armed lamb contesting the vote. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
huawei-nsp
I've created a new list on puck, huawei-nsp You can subscribe here: https://puck.nether.net/mailman/listinfo/huawei-nsp - Jared -- Jared Mauch | pgp key available via finger from ja...@puck.nether.net clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Upcoming Improvements to ARIN's Directory Service
I'm ok with whatever system they provide if the functionality stays the same. I don't understand what they gain by making a human login and download the file. Accountability. If versions X and Y of database got abused (breach of ToS), and only user U has downloaded such versions, gotcha. Using honeytokens on the downloaded file can be interesting to quickly connect the dots: if one of the handles on the list is comeonspammer32...@wannahaveapieceofme.com, dynamically generated to match a download session, and suddenly this account starts to get spam... Rubens
Re: Upcoming Improvements to ARIN's Directory Service
On Thu, Jun 10, 2010 at 9:56 PM, Rubens Kuhl rube...@gmail.com wrote: comeonspammer32...@wannahaveapieceofme.com, dynamically generated to match a download session, and suddenly this account starts to get spam... well... yes.. doesn't help much if the token being abused is the admin POC's phone number, however. A session-based generated token alone would not be a very robust form of accountability;it is only as good as the strength of the verification required to get an account (and the confidence that multiple accounts do not collude). A user might simply sign up twice or more using fake signup details, they can compare their different downloads, and screen out any records that changed between the several sessions. e.g. grab 3 copies of thesame file (that were obtained using 3 different logins, from 3 different countries), run a 3-way diff, strip out any lines that changed. Any session-specific token would be excluded... That is, if obtaining such a listing of e-mail addresses is even is worth it to them. Maybe it is not. Maybe the more common abuse is manual solicitation by a human being, trying to sell some high-margin product targeted at enterprises in the directory, who can easily recognize comeonspammer and stay away. I doubt the average POC is going to be duped by the pill salesmen, latest money making scam, too-good-to-be-true offer, go phish attempt, or other standardized junk mail. -- -J
