Hi Peter, Mike and all those who replied me.
Thanks very much all the replies, comments and feedback. Greatly
appreciated it. Will look into it and advise my management.
Regards,
Cheeyong
On Mon, 28 Jul 2003, Peter John Hill wrote:
: --On Monday, July 28, 2003 12:16 AM -0700 Mike Lyon <[EMAIL
On Wed, Jul 30, 2003 at 12:30:25 -0400, Marshall Eubanks wrote:
> > I'd be more interested in seeing how many customer connections
> > are using IPV6.
>
> This question came up in discussions at IETF-57, without a good answer.
I count 728 /48 entries in the RIPE database. These should correspo
Ronald van der Pol wrote:
> On Wed, Jul 30, 2003 at 12:30:25 -0400, Marshall Eubanks wrote:
>
> > > I'd be more interested in seeing how many customer connections
> > > are using IPV6.
> >
> > This question came up in discussions at IETF-57, without a
> good answer.
>
> I count 728 /48 entri
On Wed, 30 Jul 2003, Christopher L. Morrow wrote:
> Sure, trace my attacks to the linux box at UW, I didn't spoof the flood
> and you can prove I did the attacking how? You can't because I and 7 other
> hackers all are fighting eachother over ownership of the poor UW student
> schlep's computer..
On Wed, 30 Jul 2003, Rob Thomas wrote:
> I've tracked 1787 DDoS attacks since 01 JAN 2003. Of that number,
> only 32 used spoofed sources. I rarely see spoofed attacks now.
Do you have any ideas as to why that is? Is it due to more providers
doing source filtering? It wouldn't make sense fo
I would say that because backdoored hosts are easily available in large
quantities, spoofing does not make sense and usually alarms various systems
more quickly than packets from legitimate addresses.
Pete
- Original Message -
From: <[EMAIL PROTECTED]>
To: "Rob Thomas" <[EMAIL PROTECTE
I tend to agree here.
I have noticed so many attacks etc coming from
APNIC as of recent that on our corp network we have an ACL
to block a number of APNIC blocks.
If there was a dynamic method to add null0 routes to
identified zombies, I think that would help.
IE. security company A provides a f
On Thu, Jul 31, 2003 at 15:04:25 +0200, Jeroen Massar wrote:
> The bad news here, or actually good news, is that many ISP's don't
> register their client /48's.
...
> Many other tunnelbrokers exist, check for example freenet6, ipv6.he.net
> and xs26, who apparently have loads of delegations, the
I take it folks havent started implementing RFC3514 yet, should solve all these
issues
Steve
On Thu, 31 Jul 2003, Petri Helenius wrote:
>
>
> I would say that because backdoored hosts are easily available in large
> quantities, spoofing does not make sense and usually alarms various syst
Ronald van der Pol [mailto:[EMAIL PROTECTED] wrote:
> On Thu, Jul 31, 2003 at 15:04:25 +0200, Jeroen Massar wrote:
>
> > The bad news here, or actually good news, is that many ISP's don't
> > register their client /48's.
> ...
> > Many other tunnelbrokers exist, check for example freenet6,
> i
> -Original Message-
> From: Jeroen Massar [mailto:[EMAIL PROTECTED]
> Ronald van der Pol wrote:
>
> > On Wed, Jul 30, 2003 at 12:30:25 -0400, Marshall Eubanks wrote:
> >
> > > > I'd be more interested in seeing how many customer connections
> > > > are using IPV6.
> > >
> > > This q
## On 2003-07-31 09:27 -0400 McBurnett, Jim typed:
MJ>
MJ> I tend to agree here.
MJ> I have noticed so many attacks etc coming from
MJ> APNIC as of recent that on our corp network we have an ACL
MJ> to block a number of APNIC blocks.
MJ> If there was a dynamic method to add null0 routes to
MJ
> Jeroen Massar wrote:
> It has a timeline (slides 47-50) showing the US falling behind
> for at least 3 years... come on US show what you are good for :)
Show me where there is money to make with IPv6 first :-) There are some
exceptions, but here v6 is somehow like ISDN: I Still Don't Need.
Mic
How about quoting the excerpt in question than telling me to pick up
a book that I would lose interest in after the first ten pages?
Where is the money in TCP/IP? We have mature, stable, network
technologies
that have proven themselves in the marketplace. TCP/IP is a toy used
by the academic community and will never amount to anything.
-- Arguments I heard against TCP/IP circa 1990.
The US military is starting to demand IPv6
On 31 Jul 2003, Paul Vixie wrote:
> the anti-nat anti-firewall pure-end-to-end crowd has always argued in
> favour of "every host for itself" but in a world with a hundred million
> unmanaged but reprogrammable devices is that really practical?
Not everything could be hidden behind a firewall,
> -Original Message-
> From: Michel Py [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 31, 2003 12:16 PM
> To: Jeroen Massar
> Cc: [EMAIL PROTECTED]
> Subject: RE: North America not interested in IP V6
>
> > Jeroen Massar wrote:
> > It has a timeline (slides 47-50) showing the US falling
On Thu, Jul 31, 2003 at 11:02:14AM -0600, Irwin Lazar quacked:
> As one person noted in response to Christian's speech. If there
> is no addressing shortage, why do I have to pay $75 a month for a
> DSL connection with a static IP address when a floating IP address
> only costs me $40 per month?
> I?ll start looking for this to happen when Microsoft manages to release
> an OS version which does not contain remote exploitable flaw before
> the boxes hit the store self.
If FreeBSD, OpenBSD, NetBSD, RedHat, Debian, SuSE were packaged and
and sold in stores, how would this be any different?
David G. Andersen wrote:
b) Why do you pay less for a flight with a saturday night stopover?
- Market segmentation. People with static addresses usually
want to do things like run servers, and are probably willing to
pay for the privilege.
And by paying for it, they subsidize the ban
Gah.. I hate these kind of vague problems.
I have multiple users complaining about "the internet is slow"; specifically
to sites such as aol, cnn, amazon. Our support folks are also having trouble
getting to postini's admin pages. Things are excruciatingly slow.
I don't see any indications on
> If FreeBSD, OpenBSD, NetBSD, RedHat, Debian, SuSE were packaged and
> and sold in stores, how would this be any different? Oh wait, They
> are packaged and sold in stores!
Just by comparing the OpenBSD security track record to the one of any Windows
release would dismiss your point.
>
> People
check your dns servers...
> What we need is a new programming paradigm, capable of actually producing
> secure (and, yes, reliable) software. C and its progeny (and "program
> now, test never" lifestyle) must go. I'm afraid it'll take laws which
> would actually make software makers to pay for bugs and security
> vulnera
>From C&W in Houston
[EMAIL PROTECTED] root]# traceroute 206.103.37.166
traceroute to 206.103.37.166 (206.103.37.166), 30 hops max, 38 byte packets
1 GB-border1 (208.128.33.1) 0.433 ms 0.295 ms 0.229 ms
2 63-137-112-213 (63.137.112.213) 1.301 ms 1.166 ms 1.363 ms
3 bar2-serial4-0-0-8.
tell ur user a gerbil got sick and the wheel isn't spinning as fast
today
On Thu, 31 Jul 2003, Petri Helenius wrote:
>
> > What we need is a new programming paradigm, capable of actually producing
> > secure (and, yes, reliable) software. C and its progeny (and "program
> > now, test never" lifestyle) must go. I'm afraid it'll take laws which
> > would actually mak
On Thu, 31 Jul 2003, Rick Ernst wrote:
:>
:>
:>Gah.. I hate these kind of vague problems.
:>
:>I have multiple users complaining about "the internet is slow"; specifically
:>to sites such as aol, cnn, amazon. Our support folks are also having trouble
:>getting to postini's admin pages. Things a
> However, since improvements are always welcome, please recommend tools
> which would allow us to progress "above and beyond" C and it's deficencies.
I've never been able to program a buffer overrun vulnerability in Modula 3,
or Perl, or any version of Lisp or Scheme. It's possible that the phy
On 7/31/2003 at 18:30:12 +, Paul Vixie said:
>
> > However, since improvements are always welcome, please recommend tools
> > which would allow us to progress "above and beyond" C and it's deficencies.
>
> I've never been able to program a buffer overrun vulnerability in
> Modula 3, or Perl,
> So by telling people to shut up you expect to make the world more secure? Right :)
No, but merely talking about the how much the vendor sucks doesn't
make them suck any less nor the users suck any more.
Packet loss within UUNET, apparently localized to the Portland (OR) area.
I've turned down our peer with them and things are looking much better.
Thanks for all the help/responses.
Rick
On Thu, 31 Jul 2003, Omachonu Ogali wrote:
>
> > So by telling people to shut up you expect to make the world more secure? Right :)
>
> No, but merely talking about the how much the vendor sucks doesn't
> make them suck any less nor the users suck any more.
In some cultures shame is a powerful
On Thu, Jul 31, 2003 at 10:58:37AM -0700, Rick Ernst wrote:
>
>
> Gah.. I hate these kind of vague problems.
Here's a helpful script:
http://cgi.cs.wisc.edu/scripts/ballard/bofhserver.pl
--Adam
On Thu, Jul 31, 2003 at 12:02:32PM -0700, Rick Ernst wrote:
>
> Packet loss within UUNET, apparently localized to the Portland (OR) area.
> I've turned down our peer with them and things are looking much better.
>
> Thanks for all the help/responses.
Shhh, next thing you know some reporter
But isn't that the purpose of NANOG?
To fix the major problems before the world knows about them.
I would much rather discuss a problem here and solve it and
tell a reported, Yes (sir,or mam) the Internet commnity worked
togather to solve the problem.. Than say, I don't it just cleared up
it'
Rebooting the Internet once a month might prevent future problems.
Power off, count to ten, then restart...Proactive Management!?
Jack
-Original Message-
From: McBurnett, Jim [mailto:[EMAIL PROTECTED]
Sent: Thursday, July 31, 2003 2:57 PM
To: Richard A Steenbergen; Rick Ernst
Cc: NANOG
I thought that procedure was patented. By who is left as an excercise
for the reader.
Pete
- Original Message -
From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, August 01, 2003 12:03 AM
Subject: RE: "The internet is slow"
Rebooting the Internet once a month might pre
On Thu, Jul 31, 2003 at 04:03:12PM -0500, [EMAIL PROTECTED] wrote:
> Rebooting the Internet once a month might prevent future problems.
>
> Power off, count to ten, then restart...Proactive Management!?
Defrag gives better results
--
Subhi S Hashwa *** [EMAIL PROTECTED]
---
When everything's
Hi, Rich.
] Do you have any ideas as to why that is?
The anti-spoofing filtering, while not ubiquitous, has had an effect.
The increase in the size of botnets is another reason. The fact that
the number of vulnerable hosts has reached commodity level is perhaps
the primary reason. The loss of
Paul Vixie said:
lots of late night pondering tonight.
the anti-nat anti-firewall pure-end-to-end crowd has always argued in
favour of "every host for itself" but in a world with a hundred million
unmanaged but reprogrammable devices is that really practical?
if *all* dsl and cablemodem plants
> I did a test about 6 months ago. almost a honeypot, but not quite.
> put a standard windows ME system on a RW IP
> put a $60 cable router in front of a similiar system.
> the ME was compromised and made into a Bot in 3 hours.
> The $60 router protected one was not compromised in the
> 2 weeks i
http://www.msnbc.com/news/946460.asp?0dm=C12MT
Do you guys think that now the DHS has announced this that
the kiddies are more likely or less likely move faster on their plans?
All I know is this is bad, it was bad enough when it only
affected certain versions of Windows running IIS
On Thu, 31 Jul 2003, Petri Helenius wrote:
> > What we need is a new programming paradigm, capable of actually producing
> > secure (and, yes, reliable) software. C and its progeny (and "program
> > now, test never" lifestyle) must go. I'm afraid it'll take laws which
> > would actually make so
> Private deployment of software written in C is very different from a
> major public release, especially so when included with source code.
you're right. when i've been involved in non-opensource products which
were written in C and then shipped as binaries, i was scared to death
about the lack
> From: Cougar [mailto:[EMAIL PROTECTED]
>
> On Thu, 31 Jul 2003, Ben Buxton wrote:
>
> > And further to this...will it be required (or wise at all)
> to register
> > individual /48 delegations when it becomes commonplace to
> allocate them
> > to standard home users?
> []
> > Plus, put
>
> There's nothing wrong with low level languages, and with the proper
> libraries, they gain some of the advantages of high level languages.
> Personally, it'll be a long time before I'm convinced that I want my
> routers running Java. (Like how I brought that almost back on topic
> in the end,
47 matches
Mail list logo
