RE: Banc of America Article

2003-01-27 Thread alex
I think you're leaving out a very viable possibility in your summary... What if BoA took a proactive approach and shut down their SQL environment (even though none of us known conclusively if they're a SQL or Oracle shop) to verify that it was in fact clean and not compromised. When you're

Re: Level3 routing issues?

2003-01-27 Thread alex
Alex, although technically correct, its not practical. How many end users vpn in from home from say a public ip on their dsl modem leaving themselves open to attack but now also having this connection back to the Secure inside network. Has anyone heard of any confirmed cases of this yet?

Re: Level3 routing issues?

2003-01-27 Thread Christopher L. Morrow
On Mon, 27 Jan 2003, Scott Granados wrote: Alex, although technically correct, its not practical. How many end users vpn in from home from say a public ip on their dsl modem leaving themselves open to attack but now also having this connection back to the Secure inside network. Has

Re: Level3 routing issues?

2003-01-27 Thread Valdis . Kletnieks
On Mon, 27 Jan 2003 14:50:22 EST, [EMAIL PROTECTED] said: This is not correct. VPN simply extends security policy to a different location. A VPN user must make sure that local security policy prevents other traffic from entering VPN connection. Given that the head of one of our

Re: Level3 routing issues?

2003-01-27 Thread Simon Lockhart
On Mon Jan 27, 2003 at 03:03:09PM -0500, [EMAIL PROTECTED] wrote: Alex, although technically correct, its not practical. How many end users vpn in from home from say a public ip on their dsl modem leaving themselves open to attack but now also having this connection back to the Secure

Re: Level3 routing issues?

2003-01-27 Thread alex
On Mon Jan 27, 2003 at 03:03:09PM -0500, [EMAIL PROTECTED] wrote: Alex, although technically correct, its not practical. How many end users vpn in from home from say a public ip on their dsl modem leaving themselves open to attack but now also having this connection back to the

Re: Level3 routing issues?

2003-01-27 Thread alex
This is not correct. VPN simply extends security policy to a different location. A VPN user must make sure that local security policy prevents other traffic from entering VPN connection. Given that the head of one of our three-letter-agencies managed to get this sort of thing wrong,

Re: Banc of America Article

2003-01-27 Thread alex
knowing absolutely nothing about how BoA ATM's work It could be that BoA's network wasn't flooded / servers infected, but that the ATM's do not dial BoA directly, and dial somewhere else (ie, maybe some kind of ATM Dial Provider, nationwide wholesale, etc), and then tunnel back to BoA to

Re: Level3 routing issues?

2003-01-27 Thread Valdis . Kletnieks
On Mon, 27 Jan 2003 15:33:34 EST, [EMAIL PROTECTED] said: This is not correct. VPN simply extends security policy to a different location. A VPN user must make sure that local security policy prevents other traffic from entering VPN connection. Given that the head of one of our

Re: att.net email issues?

2003-01-27 Thread kai
Now that the noise level (SQLSlammer) is down: It looks like ATT put the finger back into the dike on this for now: You don't really want your customer service call center get flooded by two issues at once: http://www.internet-magazine.com/news/view.asp?id=3110 On 1/24/2003 at 7:16 PM, [EMAIL

Re: Is there a line of defense against Distributed Reflective attacks?

2003-01-27 Thread alex
alex This is a very bad band-aid. The solution is amazingly simple - Just to be clear, the solution to WHAT is amazingly simple? alex make it uneconomical to have unprotected networks, For whom to have unprotected networks? What constitutes a protected network? How does one make it

Re: Level3 routing issues?

2003-01-27 Thread Barney Wolff
On Mon, Jan 27, 2003 at 08:10:15PM +, Simon Lockhart wrote: As I suspected, but I keep being told that these problems were in old style VPN clients, and stuff is much better these days. I remain unconvinced. A good VPN client (I'm familiar with Nortel) will enforce no *simultaneous*

Re: Level3 routing issues?

2003-01-27 Thread alex
Given that the head of one of our three-letter-agencies managed to get this sort of thing wrong, what makes you think that Joe Middle-Manager who's more concerned about fixing a spreadsheet will get it correct? Because it is not that difficult. A security policy of a little office

OT: alex@yuriev.com email issues?

2003-01-27 Thread Jeff S Wheeler
Dear nanog, I apologize in advance for my off-topic posting. I doubt I am alone, though, in saying that Alex Yuriev needs to slow his roll. Alex, stop sending a follow-up to everything you read. If you really have something to say, please just write a pointed email with a sensible subject and

Re: Level3 routing issues?

2003-01-27 Thread Simon Lockhart
On Mon Jan 27, 2003 at 04:00:51PM -0500, [EMAIL PROTECTED] wrote: It is very easy. Deny everything. Allow outbound port 80 Allow mail server to 25 Allow ident If you need netmeeting, allow netmeeting server to other servers. If you need AIM, allow AIM from workstations to oscar.aol.com

Re: OT: alex@yuriev.com email issues?

2003-01-27 Thread alex
I apologize in advance for my off-topic posting. I doubt I am alone, though, in saying that Alex Yuriev needs to slow his roll. 'D' key is your friend. Alex, stop sending a follow-up to everything you read. If you really have something to say, please just write a pointed email with a

Re: Is there a line of defense against Distributed Reflective attacks?

2003-01-27 Thread Jack Bates
From: [EMAIL PROTECTED] unprotected are). For example, have a machine that had been broken into and used to attack a company which lost $5M because of that attack, make whoever owns the machine was broken into pay $5M + attorney frees + punitive damages. Suddently, the unprotected (for

Re: Level3 routing issues?

2003-01-27 Thread Simon Lockhart
On Mon Jan 27, 2003 at 04:16:00PM -0500, [EMAIL PROTECTED] wrote: Again, but why does it talk to the outside world unsupervised? Your organization clearly has a border that separates its internal systems from external ones. Why not apply those restrictions on *those* borders? From inside the

Re: Is there a line of defense against Distributed Reflective attacks?

2003-01-27 Thread Valdis . Kletnieks
On Mon, 27 Jan 2003 15:53:07 EST, [EMAIL PROTECTED] said: The amazingly simple solution is to make it uneconomical for anyone to maintain unprotected network (for whatever two sets uneconomical and unprotected are). For example, have a machine that had been broken into and used to attack a

Re: Level3 routing issues?

2003-01-27 Thread Valdis . Kletnieks
On Mon, 27 Jan 2003 16:00:51 EST, [EMAIL PROTECTED] said: It is very easy. Deny everything. Allow outbound port 80 Bzzt! You just let in an ActiveX exploit. Or Javascript. Or Allow mail server to 25 Bzzt! You just let in a new Outlook exploit. If you need AIM, allow AIM from

Re: [Re: Level3 routing issues?]

2003-01-27 Thread Joshua Smith
Simon Lockhart [EMAIL PROTECTED] wrote: On Mon Jan 27, 2003 at 04:16:00PM -0500, [EMAIL PROTECTED] wrote: Again, but why does it talk to the outside world unsupervised? Your organization clearly has a border that separates its internal systems from external ones. Why not apply those

Re: Level3 routing issues?

2003-01-27 Thread David G. Andersen
On Sun, Jan 26, 2003 at 12:17:20AM -0500, Tim Griffin mooed: hc wrote: I am on Verizon-GNI via Qwest and Genuity and seeing the same problem as well. here's a plot showing the impact on BGP routing tables from seven ISPs (plotted using route-views data):

Re: Is there a line of defense against Distributed Reflective attacks?

2003-01-27 Thread E.B. Dreger
JB Date: Mon, 27 Jan 2003 15:19:25 -0600 JB From: Jack Bates JB So, if I'm reading this right, user of Vendor L doesn't like JB Vendor M. Instead of attacking Vendor M's software, the user JB just needs to make sure Vendor M's corporate servers get JB infected and cause enough damage to run

Re: Level3 routing issues?

2003-01-27 Thread alex
Deny everything. Allow outbound port 80 Bzzt! You just let in an ActiveX exploit. Or Javascript. Or And I have successfully blocked everything other than AcriveX or JavaScript or whatever else. Allow mail server to 25 Bzzt! You just let in a new Outlook exploit. It is talking

Re: Level3 routing issues?

2003-01-27 Thread cowie
here's a plot showing the impact on BGP routing tables from seven ISPs (plotted using route-views data): http://www.research.att.com/~griffin/bgp_monitor/sql_worm.html And as an interesting counterpoint to this, this graph shows the number of BGP routing updates received at MIT

Re: Level3 routing issues?

2003-01-27 Thread David G. Andersen
On Mon, Jan 27, 2003 at 06:15:33PM -0800, Randy Bush mooed: Wow, for a minute I thought I was looking at one of our old plots, except for the fact that the x-axis says January 2003 and not September 2001 :) :) seeing that the etiology and effects of the two events were quite

Re: Level3 routing issues?

2003-01-27 Thread Christopher L. Morrow
On Sat, 25 Jan 2003, Bill Woodcock wrote: On Sat, 25 Jan 2003, Mikael Abrahamsson wrote: Lots of traffic on udp port 1434 coming in here via TW Telecom and Sprint Looks like we may have a winner for DDoS of the year (so far) What kind of traffic levels are you

[barney@databus.com: NYTimes.com Article: Worm Hits Microsoft, Which Ignored Own Advice]

2003-01-27 Thread Barney Wolff
- Forwarded message from [EMAIL PROTECTED] - Date: Tue, 28 Jan 2003 00:43:09 -0500 (EST) Worm Hits Microsoft, Which Ignored Own Advice January 28, 2003 By JOHN SCHWARTZ ... A spokesman for Microsoft, Rick Miller, confirmed that a number of the company's machines had gone unpatched,