Hello Everyone.
Barry Greene and I will be hosting an ISP Security BOF at the upcoming
meeting. Please check out http://www.nanog.org/mtg-0210/securebof.html
We are soliciting input from peering coordinators who wish to participate
in this BOF.if you are one, please fill out the form be
NANOG:
Since Ethernet strings die, I give you my opinion of how to stop SPAM. We
shall let Ethernet defend for itself for now. It is doing fine w/o my help.
Mail Adminstrators need to have peering policies. Traffic Adminstrators
need to have traffic policies. Processes beget policies. Th
On Wed, 02 Oct 2002 13:29:49 -, Bob Martinez <[EMAIL PROTECTED]> said:
> server (ex.). As with PIM Snooping, Ethernet based networks can easily
> snoop this activity (authenticated traffic) and deny it at wirespeed as
> close the source as you dare go (domain). These service could easil
For those of you registered to attend NANOG 26 in
Eugene, Oregon, please note the following upcoming
deadlines:
October 5 -- hotel room block rate expires
http://www.nanog.org/mtg-0210/hotel.html
October 11 -- registration fee due
To check your payment status see:
http://www.nanog.or
Hi,
We're trying to assemble a small herd of script hackers in Eugene
in the form of a BOF.
If anybody has interesting tools they use to wrangle routers (or
interesting problems that can currently only be solved by hand, for
which automated solutions would be useful), want to drop me a line
and
reports of equinix's demise appear to have been grossly premature. see
http://biz.yahoo.com/bw/021002/20088_1.html, whose title is something like:
> Equinix Gains Strategic Investment From Singapore Technologies Telemedia
> and Creates the Largest Global Network Neutral Internet Exchange
> Serv
On Tue, Oct 01, 2002 at 02:43:41PM -0700, [EMAIL PROTECTED] said:
[snip]
> > > I have question for the security community on NANOG.
> > >
> > > What is your learned opinion of having host accounts
> > > (unix machines) with UID/GID of 0:0
> > >
> > > otherwords
> > >
> > > jmbrown_r:password:0
On Wed, Oct 02, 2002 at 11:34:38AM -0700, [EMAIL PROTECTED] said:
[snip]
> > > This is a really /really/ REALLY bad idea. I had nightmare issues dealing
> > > with a network formerly run by a 'sysadmin' who thought every user that
> > > might need to do something as root should have a uidzero acc
On Tue, Oct 01, 2002 at 02:43:41PM -0700, [EMAIL PROTECTED] said:
[snip]
> On Mon, Sep 23, 2002 at 02:44:34PM -0700, Scott Francis wrote:
> > On Sun, Sep 22, 2002 at 03:22:11PM -0700, [EMAIL PROTECTED] said:
> > >
> > > I have question for the security community on NANOG.
> > >
> > > What is you
I'm looking for carrier neutral colo in San Diego. We are a wireless isp,
and will need rooftop rights. Any advice/experiences would be
appreciated.
Specifically we are interested in thoughts on Switch and Data, and
ClearBlue.
TIA.
Steve Rude
I to join in, I want to publicly congrat Jay and the rest. There
were a lot of people throwing FUD around, nowadays it's too easy to
be negative and very counterproductive to growth and deployment.
Equinix is obviously here to stay and a safe place to do peering and
interconnections. While
On Wed, Oct 02, 2002 at 04:06:00PM -0400, [EMAIL PROTECTED] said:
> [ On Wednesday, October 2, 2002 at 11:47:12 (-0700), Scott Francis wrote: ]
> > Subject: Re: Security Practices question
> >
> > Absolutely so - which is why no account should have multiple equally valid
> > passwords, which is wh
Hats off to Jay and Bill and the entire TEAM at EQIX.
As a soon to be customer (times 2), a shareholder and a fan, I'm most
happy to hear about this deal..
All the work Bill Norton has done on peering and IX issues, the costs
in travel and time away from family and home I think have paid EQIX
On Wed, Oct 02, 2002 at 05:08:05PM -0400, [EMAIL PROTECTED] said:
> [ On Wednesday, October 2, 2002 at 13:26:15 (-0700), Scott Francis wrote: ]
> > Subject: Re: Security Practices question
> >
> > grr. Please read Barb's post about exactly why multiple aliases for the
> > UID 0 account is a Bad Id
Why would you want peering coordinators to speak at a Security BOF? I
would think that you would want network engineers who are knowledgable in
backbone security techniques to speak. The interaction of this set to the
set of peering coordinators tends to be rather weak - not nonexistant,
just not
The Equinix Team,
Congratulations on this strategic move. Way to go!
Shannon M. Lake Sr.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
Paul Vixie
Sent: Wednesday, October 02, 2002 10:02 AM
To: [EMAIL PROTECTED]
Subject: Re: Equinix to join role of
On Wed, 2 Oct 2002, dgold wrote:
> Why would you want peering coordinators to speak at a Security BOF? I
> would think that you would want network engineers who are knowledgable in
> backbone security techniques to speak. The interaction of this set to the
> set of peering coordinators tends to b
As Sean stated, it is more of an issue of who comes to NANOG. Anyone
working on security issues within ISP's is welcome to come.we WANT them
to come and participate. Sorry if it was misleading.
- merike
At 05:07 PM 10/2/2002 -0500, dgold wrote:
>Why would you want peering coordinators t
On Wed, 2 Oct 2002, Scott Francis wrote:
Can you back up that statement in /any/ way? What exactly are your reasons
why sudo is a worse solution (or even a bad idea)?
In an environment where every sysadmin is interchangable, and any one
of them can be woken up at 3am to fix the random probl
jm> Date: Wed, 2 Oct 2002 17:48:16 -0700 (PDT)
jm> From: just me
jm> In an environment where every sysadmin is interchangable, and
jm> any one of them can be woken up at 3am to fix the random
jm> problem of the day, you tell me how to manage 'sudoers' on
jm> 4000 machines.
krb5/ksu
Eddy
--
B
On Wed, 2 Oct 2002, just me wrote:
> In an environment where every sysadmin is interchangable, and any one
> of them can be woken up at 3am to fix the random problem of the day,
> you tell me how to manage 'sudoers' on 4000 machines.
>
> In an situation where the team needs root; all per-admin U
On Wed, Oct 02, 2002 at 05:48:16PM -0700, just me wrote:
>
> On Wed, 2 Oct 2002, Scott Francis wrote:
>
> Can you back up that statement in /any/ way? What exactly are your reasons
> why sudo is a worse solution (or even a bad idea)?
>
> In an environment where every sysadmin is interchang
At 05:48 PM 10/2/02 -0700, just me wrote:
>In an environment where every sysadmin is interchangable, and any one
>of them can be woken up at 3am to fix the random problem of the day,
>you tell me how to manage 'sudoers' on 4000 machines.
Sudo provides for one master sudoers file that you can cop
could use scp also. Altho not as secure you'd need null keys.
But could also have the same issues with rdist.
Joel Baker wrote:
>On Wed, Oct 02, 2002 at 05:48:16PM -0700, just me wrote:
>
>
>>On Wed, 2 Oct 2002, Scott Francis wrote:
>>
>> Can you back up that statement in /any/ way? What ex
"eddy" == E B Dreger <[EMAIL PROTECTED]> writes:
jm> Date: Wed, 2 Oct 2002 17:48:16 -0700 (PDT)
jm> From: just me
jm> In an environment where every sysadmin is interchangable, and any
jm> one of them can be woken up at 3am to fix the random problem of
jm> the day, you tell me how to manage 'su
I would like to restrict access from certain countries to content on my
network (for security and legal reasons).
So far the best algorithm I've been able to come up with is a combination
of reverse DNS and APNIC/ARIN/RIPE whois queries. I've written a perl
cgi that checks reverse DNS first, an
That's basically all Netscape & Microsoft were doing when they had to
restrict 128-bit SSL. They threw in the requirement to enter your address
& phone number, but they had no way of telling if you were entering your
address, or the one you got from doing a four11.com lookup of John Smith
in Pla
On Wed, Oct 02, 2002 at 11:21:04PM -0400, Ralph Doncaster wrote:
> Is there a more accurate method to determine the country of origin for an
> IP than the methods I've described above?
Several companies offer such services. I'd be happy to give some
pointers offlist.
On Wednesday, Oct 2, 2002, at 23:21 Canada/Eastern, Ralph Doncaster
wrote:
> I would like to restrict access from certain countries to content on my
> network (for security and legal reasons).
>
> So far the best algorithm I've been able to come up with is a
> combination
> of reverse DNS and
29 matches
Mail list logo