Apologies for replying to myself.
>>> I wrote:
ww> C_ij A_j
ww> P_ij = lambda_i --
ww> Sum_k C_jk A_k
The first factor in the sum in should be C_ik, not C_jk. There is no
imbedded chain, nor "skew" in
> Not that it will more people the trouble of sending me more messages, but
> yes I'm aware the NSA guide states:
>
>"The goal for this guide is a simple one: improve the security provided
>by routers on US Department of Defense (DoD) operational networks."
>
> Inside the DoD, they may
I just went through this exercise. In POP a) where space is a premium, I
bought a 8 port RocketPort PCI serial card to sit in the FreeBSD firewall
that was there. ebay $50 and made the rj-11 to {rj-45|db9} cables in house
(connections to other PCs and cisco gear).
In POP b) where space is
Not that it will more people the trouble of sending me more messages, but
yes I'm aware the NSA guide states:
"The goal for this guide is a simple one: improve the security provided
by routers on US Department of Defense (DoD) operational networks."
Inside the DoD, they may want to only u
Hi,
It's been a while since I last saw this thread...
I'm looking at a few listed below and looking for comments:
Lantronix - http://www.lantronix.com/products/cs/scs820_scs1620/index.html
Looks good, can't find a price on Ingram.
Cyclades - http://www.cyclades.com/products/ts_series.php
Look
Actually damage to the "net" could be done with relative ease.
If you wanted to do some planning and a little staging work you could
affect large amounts of traffic.
Given recent press about large carriers moving their interconnects to
a well known IX type company, all you would have to do
On Fri, 6 Sep 2002, Iljitsch van Beijnum wrote:
> Ok, if I connect to their network I'll remove "ip subnet-zero" and "ip
> classless" from my configs to revert to the defaults that still reflect
> the pre-1993 state of affairs, but if they want to connect to "our"
> network, they should play nice
On Fri, 6 Sep 2002, Joe Abley wrote:
> > Actually, I would assume it to be the other way around: if you only
> > communicate with people who are active in the field who are aware of
> > all the new tricks, how are you going to learn about obsolete stuff?
> I think there is often a directed grap
On Fri, 6 Sep 2002 [EMAIL PROTECTED] wrote:
> On Fri, 06 Sep 2002 14:01:24 PDT, Jeff Shultz <[EMAIL PROTECTED]> said:
> > Coonts has an inflated idea of what an outage there would do the the
> > internet... but there is a lot of other stuff fairly nearby, isn't
> > there?
>
> *You* know that
On Fri, 06 Sep 2002 14:01:24 PDT, Jeff Shultz <[EMAIL PROTECTED]> said:
> Coonts has an inflated idea of what an outage there would do the the
> internet... but there is a lot of other stuff fairly nearby, isn't
> there?
*You* know that a hit on 60 Hudson would probably be worse (especially
con
*** REPLY SEPARATOR ***
On 9/6/2002 at 11:26 PM Brad Knowles wrote:
>At 2:01 PM -0700 2002/09/06, Jeff Shultz wrote:
>
>> Said tube electronics were apparently more survivable against EMP
>> effects. Or was that the point you were making? I think the real
>> surprise was a
At 2:01 PM -0700 2002/09/06, Jeff Shultz wrote:
> Said tube electronics were apparently more survivable against EMP
> effects. Or was that the point you were making? I think the real
> surprise was a toggle switch that Belenko said was supposed to be
> flipped only when told over the radio b
At 10:28 PM +0200 2002/09/06, Jeroen Massar wrote:
> Yes, they get returned, whoo hoo:
> 8<-
> jeroen@purgatory:~$ dig 192.122.109.193.in-addr.arpa any
That could just be your local caching nameserver. You need to
ask his nameservers the same question:
% dig @ns.dataloss.n
*** REPLY SEPARATOR ***
On 9/6/2002 at 1:42 PM Al Rowland wrote:
>Okay,
>
>If we're going to go off the deep end here, how about the effect of a
>small yield air burst over $importantplace? Not designed to maximize
>casualties/damage but rather EMP? A large number of senior m
On Friday, September 6, 2002, at 04:04 PM, Iljitsch van Beijnum wrote:
> On Fri, 6 Sep 2002, Joe Abley wrote:
>
>> How many people learn about networks from certification courses or
>> in school, anyway? It was always my impression that people learnt
>> mainly by listening to other people.
>
>
Okay,
If we're going to go off the deep end here, how about the effect of a
small yield air burst over $importantplace? Not designed to maximize
casualties/damage but rather EMP? A large number of senior military
officials got that 'deer-in-the-headlights' look a few decades back when
a deserter
Oops,
> Btw... another 'cool' DNS tool: www.
http://www.foobar.tm/dns/
"DNS Bajaj is a tool I made to help pinpoint errors when setting up
nameservers for a domain. This is still a sort of "proof of concept" and
the code is reflecting that.
Someone asked what a "bajaj" is and how it should b
Richard A Steenbergen wrote:
> On Fri, Sep 06, 2002 at 11:41:07AM -0500, Stephen Sprunk wrote:
> >
> > I'd bet most of the customers I deal with learned networking from OS
> > manuals or CCNA study books, all of which still teach classful
> > addressing as the primary method. All of the ones I
Brad Knowles wrote:
> At 4:40 PM +0200 2002/09/06, Peter van Dijk wrote:
It could be me but...
> >> o The reverse zone contains one or more A records
> >> The reverse domain "192.122.109.193.in-addr.arpa."
> contains one
> >> or more A records. A records should only be placed in
On Fri, 6 Sep 2002, Stephen Sprunk wrote:
> The point of communication is to get an idea across; if most of the people you
> communicate with don't understand slash notation, then you use terms they're
> familiar with even if they're imprecise or inaccurate.
That is a very dangerous thing to sa
On Fri, 6 Sep 2002, Joe Abley wrote:
> How many people learn about networks from certification courses or
> in school, anyway? It was always my impression that people learnt
> mainly by listening to other people.
Well, maybe, if you define "listening to people" as "reading what people
write".
[EMAIL PROTECTED] wrote:
>Lets bring this discussion to a some common ground -
>
>What kind of implact on the global internet would we see should we observe
>nearly simultaneous detonation of 500 kilogramms of high explosives at N of the
>major known interconnect facilities?
OK, what if 60 Hud
Quite a few researchers have looked at the topology of AS
interconnection. They have found that AS connectivity follows a power
law - i.e. the vast majority have a few connections while a small
minority has the majority of connections. Same as an earthquake -
most are small and not noticabl
>>> "sgorman" == <[EMAIL PROTECTED]> writes:
sgorman> Also it might be easier to calculate transition
sgorman> probabilities by summing across the rows of the adjaceny
sgorman> matrix then dividing the row components by the sum.
I'm not surethat that works. T
On Fri, 6 Sep 2002 [EMAIL PROTECTED] wrote:
> Actually I do not know how to play chess maybe *Risk*, but your point
> is well taken. The intent is not provide a public recipe for taking
> down the Internet, that would be the opposite goal of the research to
> begin with. Regardless it is diffic
On Fri, 6 Sep 2002, batz wrote:
> To a network technician, it doesn't matter whether it's terrorists or cow
> tipping teenagers causing outages, as the depth of analysis required to
> fix the problem doesn't involve speculating about the identities and
> motives of the perpetrators.
It does mat
At 5:11 PM +0200 2002/09/06, Peter van Dijk wrote:
> I am very willing to believe everything that you are saying, but *what
> part* of my configuration breaks those nameservers?
$DEITY-only-knows how older/less capable nameserver software will
deal with the issue of having a zone tha
On Fri, 06 Sep 2002 17:15:52 EDT, batz said:
> To a network technician, it doesn't matter whether it's terrorists or cow
> tipping teenagers causing outages, as the depth of analysis required to
> fix the problem doesn't involve speculating about the identities and
> motives of the perpetrators
On Fri, Sep 06, 2002 at 01:55:40PM -0400, batz wrote:
> On Fri, 6 Sep 2002, Pawlukiewicz Jane wrote:
> :would be difficult to reach. I'd have to run a model to be sure, but
> :every one of the major seven have rerouting methodologies that would
> :recover from the loss. And I don't think they exc
On Fri, 6 Sep 2002, Mike Tancsa wrote:
:How about network operators ? Would you be any more or less pissed and
:react differently at the motives as to why someone attacked your network
:?
To a network technician, it doesn't matter whether it's terrorists or cow
tipping teenagers causing ou
Actually I do not know how to play chess maybe *Risk*, but your point
is well taken. The intent is not provide a public recipe for taking
down the Internet, that would be the opposite goal of the research to
begin with. Regardless it is difficult line to tread and it is best
to err on the s
At 07:41 PM 05/09/2002 -0400, batz wrote:
>On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote:
>
>:The question is what if someone was gunning for your fiber. To date
>:cuts have been unintentional. Obviously the risk level is much higher
>:doing a phyisical attack, but the bad guys in this scenario a
On 9/6/2002 at 13:18:54 -0400, Richard A Steenbergen said:
> And half the internet's users type "u r kewl", and think that ethernet is
> a broadband connection.
>
> Just because a misconception is popular doesn't mean we should indulge it.
> :)
>
> Think of it as a public service, if you make
On Fri, Sep 06, 2002 at 11:41:07AM -0500, Stephen Sprunk wrote:
>
> I'd bet most of the customers I deal with learned networking from OS
> manuals or CCNA study books, all of which still teach classful
> addressing as the primary method. All of the ones I work with use the
> term "C" or "class
> > > > > Lets bring this discussion to a some common ground -
> > > > >
> > > > > What kind of implact on the global internet would we see should we observe
> > > > > nearly simultaneous detonation of 500 kilogramms of high explosives at N of
>the
> > > > > major known interconnect facilities?
>>> "Jane" == Pawlukiewicz Jane <[EMAIL PROTECTED]> writes:
>> Even if we were to model it, the best data we could get for
>> the "Internet" would be BGP routing tables. These are also
>> subjectve views of the rest of the net. We could take a full
>> table, map all the ASN adjac
At 12:42 PM 9/6/02 -0400, you wrote:
>Was this reply directed at me, particularly?
>
>
>Joe
Joe,
Most definitely not. I felt that the two comments I included most
closely represented the discussion and information I wanted to pass.
No offense meant, I hope none taken, apologies if th
On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote:
> Is there a general consensus that cyber/internal attacks are more
> effective/dangerous than physical attacks. Anecdotally it seems the
> largest Internet downages have been from physical cuts or failures.
I think you have a sampling bias problem.
Thus spake "Joe Abley" <[EMAIL PROTECTED]>
> On Thu, Sep 05, 2002 at 01:13:27PM -0500, Stephen Sprunk wrote:
> > Because "Cee" is easier to pronounce than "slash twenty-four". Ease of use
> > trumps open standards yet again :)
>
> Nobody was talking. "/24" is easier to type than "class C". No
>
At 10:00 AM 9/6/02 -0400, Joe Abley postulated:
On Thu, Sep 05, 2002 at 01:13:27PM -0500,
Stephen Sprunk wrote:
> Because "Cee" is easier to pronounce than "slash
twenty-four". Ease of use
> trumps open standards yet again :)
Nobody was talking. "/24" is easier to type than "class
C". No
trumps
Wow, nothing like jumping into the middle of a running discussion after
deleting all previous messages unread :)
On Fri, 6 Sep 2002, Pawlukiewicz Jane wrote:
>
> Hi Alex,
>
> [EMAIL PROTECTED] wrote:
> >
> > > >
> > > > Lets bring this discussion to a some common ground -
> > > >
> > > > What
[EMAIL PROTECTED] said:
>Taking out an a collo would more than just increase time to download porn
>for a few days.
and went on to say:
> > > Is there a general consensus that cyber/internal attacks are more
> > > effective/dangerous than physical attacks. Anecdotally it seems the
> > > larg
So after four different phone calls to Interland, and four
different hangups by the techs and a refusal to do anything
Interland, your client is being bad.
Five minute rate was very high
Folks need to take security and abuse issues seriously. The time has come
for operators to have responsi
Hi Alex,
[EMAIL PROTECTED] wrote:
>
> > >
> > > Lets bring this discussion to a some common ground -
> > >
> > > What kind of implact on the global internet would we see should we observe
> > > nearly simultaneous detonation of 500 kilogramms of high explosives at N of the
> > > major known int
Just because I'm tired of this, it's mostly due to customer work. I
learned CIDR first and foremost. I payed near no attention to Classful
addressing. I just am in the habit, in particular, of saying Class C
instead of /24. Any other block I use the CIDR notation, and then still
have to explain h
Hi,
batz wrote:
>
> On Fri, 6 Sep 2002, Pawlukiewicz Jane wrote:
>
> :would be difficult to reach. I'd have to run a model to be sure, but
> :every one of the major seven have rerouting methodologies that would
> :recover from the loss. And I don't think they exclusively peer at
>
> Even if w
On Fri, Sep 06, 2002 at 04:56:09PM +0200, Brad Knowles wrote:
[snip]
> > I am doing separate zone files. Each IP delegated to me is a separate
> > zone. Now, again, what is wrong with that?
>
> Technically, nothing -- at least, with the absolute latest
> authoritative nameservers and the
I'm guessing increased packet loss and latency :)
Oh yeah, horrible loss of life and another blow to the economy.
- Daniel Golding
> [EMAIL PROTECTED] reportedly said...
>
>
>
> Lets bring this discussion to a some common ground -
>
> What kind of implact on the global internet would we see
At 4:40 PM +0200 2002/09/06, Peter van Dijk wrote:
> I am doing separate zone files. Each IP delegated to me is a separate
> zone. Now, again, what is wrong with that?
Technically, nothing -- at least, with the absolute latest
authoritative nameservers and the absolute latest recursi
You also have the problem of cascading failures. Just because there
are redundant paths and alternate peering locations does not mean
those facilites have the bandwidth to handle all the redirected
traffic. If A gets swamped you go to B if the redrected traffic is to
much for B then you go
On Fri, 6 Sep 2002, Pawlukiewicz Jane wrote:
:would be difficult to reach. I'd have to run a model to be sure, but
:every one of the major seven have rerouting methodologies that would
:recover from the loss. And I don't think they exclusively peer at
Even if we were to model it, the best data
On Fri, Sep 06, 2002 at 04:06:40PM +0200, Brad Knowles wrote:
> At 3:32 PM +0200 2002/09/06, Brad Knowles wrote:
> >> Have a look, for example, at the reverses for 193.109.122.192/28 and
> >> let me know if you can find anything wrong with those.
[snip]
> The key phrase is "A correctly op
> What kind of implact on the global internet would we see
> should we observe
> nearly simultaneous detonation of 500 kilogramms of high
> explosives at N of the
> major known interconnect facilities?
Not knowing how much damage would result from 500kg of explosives..
What is the typical si
> >
> > Lets bring this discussion to a some common ground -
> >
> > What kind of implact on the global internet would we see should we observe
> > nearly simultaneous detonation of 500 kilogramms of high explosives at N of the
> > major known interconnect facilities?
>
> N? Well, if you defin
> I have tended as of late to avoid using the term "class
> A/B/C". Too many
> people at my job do not understand the meaning and make
> themselves look
> stupid. I have instead resorted to using mask be it a /24 or a /27 aka
> "slash 27" it seems to work well with the people who have some
> ex
Hi Alex,
[EMAIL PROTECTED] wrote:
>
> > > Is there a general consensus that cyber/internal attacks are more
> > > effective/dangerous than physical attacks. Anecdotally it seems the
> > > largest Internet downages have been from physical cuts or failures.
> >
> > It depends on what you conside
At 3:40 PM +0200 2002/09/06, Peter van Dijk wrote:
> in-addr.arpa is not special from a DNS point-of-view.
Technically, you are correct. However, this issue is as much
about how the DNS has been used historically, and general agreed-upon
principles by which the DNS should be used, a
On Fri, 2002-09-06 at 10:01, [EMAIL PROTECTED] wrote:
> What kind of implact on the global internet would we see should we observe
> nearly simultaneous detonation of 500 kilogramms of high explosives at N of the
> major known interconnect facilities?
Keep in mind that traffic in the global int
I have tended as of late to avoid using the term "class A/B/C". Too many
people at my job do not understand the meaning and make themselves look
stupid. I have instead resorted to using mask be it a /24 or a /27 aka
"slash 27" it seems to work well with the people who have some
experience. Other
At 3:32 PM +0200 2002/09/06, Brad Knowles wrote:
>> Have a look, for example, at the reverses for 193.109.122.192/28 and
>> let me know if you can find anything wrong with those.
The page you originally referenced says:
The first three records are simply there to ma
On Thu, Sep 05, 2002 at 01:13:27PM -0500, Stephen Sprunk wrote:
> Because "Cee" is easier to pronounce than "slash twenty-four". Ease of use
> trumps open standards yet again :)
Nobody was talking. "/24" is easier to type than "class C". No
trumps! Everybody loses!
How many people learn about
> > Is there a general consensus that cyber/internal attacks are more
> > effective/dangerous than physical attacks. Anecdotally it seems the
> > largest Internet downages have been from physical cuts or failures.
>
> It depends on what you consider and internet outage. Or how you define
> that
On Fri, Sep 06, 2002 at 03:32:00PM +0200, Brad Knowles wrote:
[snip]
> > Have a look, for example, at the reverses for 193.109.122.192/28 and
> > let me know if you can find anything wrong with those.
>
> Okay, so you've made 192.122.109.193.in-addr.arpa a zone
> (delegated from bit.nl wi
At 2:42 PM +0200 2002/09/06, Peter van Dijk wrote:
> That is a common misconception. Recursing resolvers couldn't care less
> if they are written according to spec (unlike old BIND versions, for
> example).
Just because something accidentally manages to work at the moment
doesn't me
On Fri, Sep 06, 2002 at 09:10:45AM -0400, [EMAIL PROTECTED] wrote:
> On Fri, 06 Sep 2002 14:42:39 +0200, Peter van Dijk <[EMAIL PROTECTED]> said:
> > That is a common misconception. Recursing resolvers couldn't care less
> > if they are written according to spec (unlike old BIND versions, for
>
Hi,
[EMAIL PROTECTED] wrote:
>
> "Again, it seems more likely and more technically effective to attack
> internally than physically. Focus again here on the cost/benefit
> analysis from both the provider and disrupter perspective and you will
> see what I mean."
>
> Is there a general consensu
On Fri, 06 Sep 2002 14:42:39 +0200, Peter van Dijk <[EMAIL PROTECTED]> said:
> That is a common misconception. Recursing resolvers couldn't care less
> if they are written according to spec (unlike old BIND versions, for
> example).
Well... way back when (18 months or so)...
On Thu, 01 Feb 200
On Fri, Sep 06, 2002 at 02:21:35PM +0200, Brad Knowles wrote:
> At 11:11 AM +0200 2002/09/06, Peter van Dijk wrote:
> > And you can do it even easier without RFC2317:
> >
> >http://homepages.tesco.net/~J.deBoynePollard/FGA/avoid-rfc-2317-delegation.html
>
> Nope. Fundamentally broken. De
At 11:11 AM +0200 2002/09/06, Peter van Dijk wrote:
> And you can do it even easier without RFC2317:
>
>http://homepages.tesco.net/~J.deBoynePollard/FGA/avoid-rfc-2317-delegation.html
Nope. Fundamentally broken. Delegations must occur at the apex of a zone.
Trying to take a
> My explanation accounts for suicide bombers in the statement: "Even
> terrorist that will die to kill will probably not die to
> inconvenience." This does not presume a western value system, either,
> as somebody suggested. Many a terrorist will gladly give their lives
> to destroy a hated en
On Thu, Sep 05, 2002 at 03:19:08PM -0400, Christian Malo wrote:
[snip]
> these days you can easily delegate reverse using CIDR with BIND ...
>
> http://www.faqs.org/rfcs/rfc2317.html
And you can do it even easier without RFC2317:
http://homepages.tesco.net/~J.deBoynePollard/FGA/avoid-rfc-2317-d
On Thu, Sep 05, 2002 at 09:58:08PM -0400, Richard Welty wrote:
[snip]
> about 2 years ago, interviewing fresh graduates for jobs, i found that they
> were still being taught classful networking at many colleges.
Only half a year ago a teacher (university, subject: networking) told
us (I'm a stud
72 matches
Mail list logo
