Hi Johannes,
] > Anybody have a pointer to scripts to map IP to AS?
] Grab a routing table snapshot from the routeviews archive and run it
] through parse_bgp_dump from CAIDA's CoralReef package. Then use
] CAIDA::ASFinder or Net::Patricia to do the lookups.
In fact I have 2 scripts to do ju
On Thu, 20 Feb 2003, Martin Hannigan wrote:
> Is anyone running an automated Terror Alert system that's
> real time with the DHS?
CNN (or Fox, MSNBC, etc) news satellite feed (for national alerts)
Radio Shack National Weather Service Alert radio (for local alerts)
Individual states have other a
Ok,
What we really need is something like what NOAA has for space weather:
http://www.maj.com/sun/noaa.html
Currently, the weather is "active and unsettled"...
Eric :)
All of this begs the question, what specifically would you do if the alert
level went to red or yellow? Would you broadcast the change to customers,
place disaster recover teams on stand-by or stand-down, implement an
expanded ACL, etc.? Seriously, I'm interested in a response to this.
Regarding
"People who bought HIP BOOTS also shopped for:
* Duct Tape
* Jack Daniels
* Def Leppard CD's
* Clean Underwear"
on-topic: I use a plug-in for my NMS that looks for abnormalities in the
load times of various popular sites. (it's helped me spot routing problems
more than once). Looking back at hist
On Thu, Feb 20, 2003 at 08:08:58PM -0500, Richard Irving wrote:
> Yes.
>
> But, until elections 2004, the "FUD" field is hardcoded to "High".
>
> However, if there are changes to the -=actual=- dhs.gov status,
> it sends out an automatic Amazon.Com order for
> Hip Boots for all members of the
Is anyone running an automated Terror Alert system that's
real time with the DHS?
-M
I use NorthStar in my network, and actually was a developer on it for a
while. It's fairly stable, but development has somewhat stalled because of
real life issues for the primary developer.
Thanks,
Adam "Tauvix" Debus
Linux Certified Professional, Linux Certified Administrator #447641
Network A
On Thu, 20 Feb 2003, Daniel Abbey wrote:
>
> I am looking for an IP management which has flexible management
> capabilities. I need it for managing my customers IP assignments, and
> keeping stock of my IP pool.
> Do you have any suggestions?
http://www.brownkid.net/NorthStar/ looked pretty reas
Check out Georgetown in Washington DC, the exploding manhole capital of
the world. They have a lot of experience with exploding manholes, from
many different causes. The most recent incident was in the last couple of
days. There is a lot of energy in being pumped into utility lines. A
short ci
I am looking for an IP management which has flexible management
capabilities. I need it for managing my customers IP assignments, and
keeping stock of my IP pool.
Do you have any suggestions?
Here's one. I haven't used it in production, but the demo that I was
given was pretty slick. Works o
Yo Joshua!
On Thu, 20 Feb 2003, Joshua Smith wrote:
> i still get 8K plus hits against my acls per day for udp/1434...(75 in the
> time it took to write this email)
You are probably doing as much damage as good.
udp/1434 is not a reserved port. A lot of what you are blocking is legit
traffic t
On Thu, 20 Feb 2003 22:11:06 +0100, Iljitsch van Beijnum said:
> Seems to me that filtering is no longer necessary unless you have reason
> to believe your customers are going to install new vulnerable boxes or
> vulnerable software on existing boxes AND their pipe to you is so big
"new vulnerabl
Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote:
>
> On Thu, 20 Feb 2003, William Allen Simpson wrote:
>
> > Worse, it only takes 1 infected host to re-infect the entire net in
> > about 10 minutes. So, the entire 'net has to cooperate, or we'll see
> > continual re-infection.
>
> Only if peopl
I am looking for an IP management which has flexible management
capabilities. I need it for managing my customers IP assignments, and
keeping stock of my IP pool.
Do you have any suggestions?
On Thu, 20 Feb 2003, William Allen Simpson wrote:
> Anybody have a pointer to scripts to map IP to AS?
This little script works fairly well. Just feed it a file with the each
network on a seperate line. Obviously don't overload the route servers by
running it too often.
--
Simon Lyall.
On Thu, 20 Feb 2003, William Allen Simpson wrote:
> Worse, it only takes 1 infected host to re-infect the entire net in
> about 10 minutes. So, the entire 'net has to cooperate, or we'll see
> continual re-infection.
Only if people didn't fix their servers. And if they didn't, this
"reverse" de
### On Thu, 20 Feb 2003 15:25:52 -0500, [EMAIL PROTECTED] casually
### decided to expound upon [EMAIL PROTECTED] (Jake Khuon) the following
### thoughts about "Re: scripts to map IP to AS? ":
VK> Are there any recommendations for caching of the results? Do, don't, not for
VK> over 72 hours, etc?
You could just rune trace from a cisco router (or do a trace from a
looking glass). It shows the AS numbers along the path. Just pick out the
last one. It also has the advantage of telling you who is really
announcing it at this time rather then who 'should' be announcing
it.
Guessing a script co
On Thu, 20 Feb 2003 12:14:28 PST, Jake Khuon <[EMAIL PROTECTED]> said:
> Just a reminder to everyone who intends to query the IRR/RADB... Please be
> nice to the RADB whois server and don't DoS it. Open a persistant
Are there any recommendations for caching of the results? Do, don't, not for
o
### On Thu, 20 Feb 2003 09:11:02 -0800, "Martin J. Levy" <[EMAIL PROTECTED]>
### casually decided to expound upon "David G. Andersen" <[EMAIL PROTECTED]>,
### William Allen Simpson <[EMAIL PROTECTED]> the following thoughts
### about "Re: scripts to map IP to AS?":
MJV> Dave (and anyone that down
M$SQL is different from other infections mentioned, as it hits the
entire net so quickly. The only thing keeping it in bay is widespread
backbone filtering, which isn't feasible in the long term.
Just like random source addresses, the only answer is edge filtering
(preventing the bad packets
On Thu, 20 Feb 2003, William Allen Simpson wrote:
> Anybody have a pointer to scripts to map IP to AS?
Grab a routing table snapshot from the routeviews archive and run it through
parse_bgp_dump from CAIDA's CoralReef package. Then use CAIDA::ASFinder or
Net::Patricia to do the lookups.
Brad
I should have been a bit more specific. The hacked up traceroute-ng
queries the radb, not a whoisd. I've never had problems
being blocked when doing radb queries, but YMMV, of course. I also
suggest that people be nice and rate-limit their queries so that
others don't have to do it for them...
Dave (and anyone that downloads lookup_as.c),
Grab a newer version of traceroute.c -- There is a CLASSFULL piece of code within the
2.9.3 code-base used in lookup_as.c. The newer traceroute.c code removes the 192/8 &
128/8 testing. This is a cut-n-paste from the newer
traceroute-nanog-6.3.0/
Careful. Many whoisds don't appreciate automated queries & will block YOUR
ip address for sometime if you cross their max query rate threshold.
> You can use a quick perl wrapper around whois, or you
> could use this terribly ugly hacked up traceroute-ng that I
> wrote to do lookups:
>
> htt
On Thu, Feb 20, 2003 at 08:09:31AM -0500, William Allen Simpson quacked:
>
> Anybody have a pointer to scripts to map IP to AS?
>
> There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
> and I'd like to start blocking routing to those irresponsible AS's
> that haven't blocked
> >Then you'd better reach over to all of your upstream routers and just pull
> >the plug, since you are likely to see Sapphire packets from here on in, on a
> >regular basis.
>
> Better is to do the whois lookup and send pre-formatted e-mail about the
> infected server as people did after Code
> There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
> and I'd like to start blocking routing to those irresponsible AS's
> that haven't blocked their miscreant customers.
Its too early for such harsh measures. Unless you can live without
most major consumer ISPs.
I don't
At 08:07 AM 20-02-03 -0600, Alif The Terrible wrote:
On Thu, 20 Feb 2003, William Allen Simpson wrote:
> Anybody have a pointer to scripts to map IP to AS?
Google is your friend ;-)
> There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
> and I'd like to start blocking rout
On Thu, 20 Feb 2003, William Allen Simpson wrote:
> Anybody have a pointer to scripts to map IP to AS?
I suspect the easiest thing to do would be to write some code to query a
looking glass, perhaps even install your own for this
> There are still 10K-20K hosts spewing M$SQL slammer/sapph
On Thu, 20 Feb 2003, William Allen Simpson wrote:
> Anybody have a pointer to scripts to map IP to AS?
Google is your friend ;-)
> There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
> and I'd like to start blocking routing to those irresponsible AS's
> that haven't bloc
Anybody have a pointer to scripts to map IP to AS?
There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets,
and I'd like to start blocking routing to those irresponsible AS's
that haven't blocked their miscreant customers.
http://isc.sans.org/port_details.html?port=1434
--
Willi
Does anyone have a contact at msn.com that will respond to a situation
similar to this thread? Our email queries to support/abuse/etc
@msn.com have gone unanswered.
We have a class C allocated from one of our /16's that has been
blocked by MSN without any prior warning/notice from them.
Unfortu
will anyone miss it? :-)
Don't know if anyone else is seeing this, but We're having trouble getting
to/from AT&T datacenter in Phoenix from several locations. It looks like
traffic from Mountain View is getting dropped at AT&T in LA. However,
looking
at AT&T network stats, they seem to have virtually no connectivity wo
37 matches
Mail list logo
