On Mon, 6 Oct 2003 [EMAIL PROTECTED] wrote:
My favorite:
ntp-1.vt.edu is portscanning me very slowly with source port 123
The really sad ones are the ones who 3 days earlier dropped me a note to tell
me they'll using our NTP server.
Due to the propensity of people to configure NTP
Sean Donelan wrote:
The difference being campus machines are null routed rather than
disconnected, and they are not reconnected until checked and clean.
And once again, the question: how do you know the machines have been
checked and cleaned before they are reconnected? Do you take the
I would agree that for some application protocols this would be useful++.
Letting layer 7 generate layer 3 responses though is, imvho, a bad idea (tm)
from an architectural perspective. Beyond that, in Linux (and I would
imagine a few other OSes) ICMP is in-kernel, which lowers the practicability
On Mon, 06 Oct 2003 02:11:22 EDT, Sean Donelan said:
to the client. A compliant client will cease further transmission and
send a message to the system log. See the Authentication Options page
for further information.
ntp-2.vt.edu used to be an alias for my workstation, until it got
Sean Donelan wrote:
Should other protocols include the same feature? If someone sends you
a Dynamic DNS update, could the protocol include a kiss-o'-death
packet to tell clients to go away? If someone keeps probing your
HTTP server, should HTTP include a kiss-o'-death packet to tell
On Mon, 6 Oct 2003 [EMAIL PROTECTED] wrote:
The problem with a 'kiss-o-death' packet is that it needs to be authenticated.
Otherwise, you can use spoofed packets to DoS somebody. How many lines are in
your root-DNS hints? And even if we insist on the KoD packet having the query
ID in it,
There is no data to indicate the core operation of the domain name
system or the stability of the Internet has been adversely affected,
VeriSign's Galvin said.
This means that there are no papers published or
conference presentations which detail the problems
caused by sitefinder. A
At 23:40 05/10/2003, Niels Bakker wrote:
do arbitrary changes to them. Marking com and net as delegation-only
is not harming anything. (At least until ICANN changes its mind.)
According to this mail:
http://gnso.icann.org/mailing-lists/archives/registrars/msg00532.html
... apparently it breaks
On 06.10 10:54, [EMAIL PROTECTED] wrote:
There is no data to indicate the core operation of the domain name
system or the stability of the Internet has been adversely affected,
VeriSign's Galvin said.
This means that there are no papers published or
conference presentations
Sean Donelan wrote:
Uhm, you are also aware that if the attacker can spoof the
kiss-o'-death packets; the same attacker could spoof all sorts of
other packets including the time protocol packets to change the clock
on your computer.
Yes but... there is a strong likelyhood that less paranoid
PG Date: Mon, 6 Oct 2003 11:45:11 +0100
PG From: Peter Galbavy
PG Yes but... there is a strong likelyhood that less paranoid
PG protocol implementors (not necessarily designers, just those
PG coding stuff from spec) could simplify their lives and not
PG check all the right conditions required
On Mon, Oct 06, 2003 at 12:40:42AM +0200, Niels Bakker wrote:
do arbitrary changes to them. Marking com and net as delegation-only
is not harming anything. (At least until ICANN changes its mind.)
According to this mail:
http://gnso.icann.org/mailing-lists/archives/registrars/msg00532.html
hi,
can anyone use cisco site?
[EMAIL PROTECTED] root]# telnet www.cisco.com 80
Trying 198.133.219.25...
Connected to www.cisco.com.
Escape character is '^]'.
Connection closed by foreign host.
[EMAIL PROTECTED] root]#
ezequiel.
the same here
--
deejay
-Original Message-
From: Ezequiel Carson [mailto:[EMAIL PROTECTED]
Sent: 6. októbra 2003 17:23
To: [EMAIL PROTECTED]
Subject: [nanog]: cisco site down?
hi,
can anyone use cisco site?
[EMAIL PROTECTED] root]# telnet www.cisco.com 80
it seems to be working now. uhmm strange.. it was getting Document
contains no valid data.. something like this.
ezeq,
On Mon, 2003-10-06 at 12:25, Tomas Daniska wrote:
the same here
--
deejay
-Original Message-
From: Ezequiel Carson [mailto:[EMAIL PROTECTED]
Sent:
| Ezequiel Carson
| Sent: Monday, October 06, 2003 11:23 AM
| hi,
| can anyone use cisco site?
|
|
| [EMAIL PROTECTED] root]# telnet www.cisco.com 80
| Trying 198.133.219.25...
| Connected to www.cisco.com.
| Escape character is '^]'.
| Connection closed by foreign host.
| [EMAIL
Ezequiel Carson wrote:
hi,
can anyone use cisco site?
[EMAIL PROTECTED] root]# telnet www.cisco.com 80
Trying 198.133.219.25...
Connected to www.cisco.com.
Escape character is '^]'.
Connection closed by foreign host.
[EMAIL PROTECTED] root]#
ezequiel.
doesn't work from UK either...
works just fine from BE
-Original Message-
From: Martin Hepworth [mailto:[EMAIL PROTECTED]
Sent: maandag 6 oktober 2003 17:26
Cc: [EMAIL PROTECTED]
Subject: Re: cisco site down?
Ezequiel Carson wrote:
hi,
can anyone use cisco site?
[EMAIL PROTECTED] root]#
i was using galeon 1.3.5
now it seems to be working..
On Mon, 2003-10-06 at 12:26, Martin Hepworth wrote:
Ezequiel Carson wrote:
hi,
can anyone use cisco site?
[EMAIL PROTECTED] root]# telnet www.cisco.com 80
Trying 198.133.219.25...
Connected to www.cisco.com.
Escape
Quite the opposite. It is a very carefully chosen set of words
indicating that:
1. DNS didn't stop functioning.
2. The internet did not fail to route packets because of this.
It carefully side-steps the other issues raised without looking like it
is ignoring them.
Greetings.
If there is someone from Earthlink who wouldn't mind talking about
Earthlink's experience with the Cisco 1, I would appreciate it if you
could contact me off list.
Thanks.
-Sean
Sean P. Crandall
VP Engineering Operations
MegaPath Networks Inc.
6691 Owens Drive
Pleasanton, CA
I double checked...the press release isn't dated April 1...NSI talking
about privacy while keeping a straight face?
http://www.verisign.com/corporate/news/2003/pr_20030930.html
E.B. Dreger wrote:
HTTP implementations have had vulnerabilities due to insufficient
checking. Thus HTTP is a bad idea.
SMTP implementations have had vulnerabilities due to insufficient
checking. Thus SMTP is a bad idea.
SNMP implementations have had vulnerabilities due to insufficient
Is anyone having issues sending or receiving email to comcast.net? Is there
anyone here from comcast?
Wes Vaux, CCNA, CCDA
Network Security Engineer
I'm on multiple mailing lists now with multiple persons reporting
connectivity issues to cisco.com.
Can anyone summarize what the issue is?
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Ezequiel Carson
Sent: Monday, October 06, 2003 11:41 AM
To:
PG Date: Mon, 6 Oct 2003 19:40:04 +0100
PG From: Peter Galbavy
PG No, please do not twist my words; I referrred to poor
PG implementations of good ideas. Nowhere did I say that the
PG protocol is bad as a result of poor implementations.
You warned of the hazards of poor implementation. Fine.
At 15:52 06/10/2003, Piotr KUCHARSKI wrote:
do arbitrary changes to them. Marking com and net as delegation-only
is not harming anything. (At least until ICANN changes its mind.)
According to this mail:
http://gnso.icann.org/mailing-lists/archives/registrars/msg00532.html
... apparently it
On Mon, Oct 06, 2003 at 11:54:41AM -0700, [EMAIL PROTECTED] wrote:
I'm on multiple mailing lists now with multiple persons reporting
connectivity issues to cisco.com.
Can anyone summarize what the issue is?
i see timeouts after connecting via ie5.x and lynx. if i telnet to port
80 and do a
From: Brennan_Murphy
Date: Mon Oct 06 14:56:46 2003
---
I'm on multiple mailing lists now with multiple persons reporting
connectivity issues to cisco.com.
Can anyone summarize what the issue is?
I'm currently
* [EMAIL PROTECTED] (Joel Rowbottom) [Mon 06 Oct 2003, 22:34 CEST]:
At 15:52 06/10/2003, Piotr KUCHARSKI wrote:
do arbitrary changes to them. Marking com and net as
delegation-only is not harming anything. (At least until ICANN changes
its mind.)
According to this mail:
They probably upgraded the code on their { CSSes | Localdirectors }.
;-)
On Mon, 6 Oct 2003, Sean McPherson wrote:
And poof, that's it. No data. Try again, and I randomly get the whole
page, part of the page down to the 'Feedback' line, or nothing.
Same thing happens from work (ATT /
Folks,
We've been handling a multi-vector DDoS - 40-byte spoofed SYN-flooding
towards www.cisco.com (198.133.219.25/32) as well as an HTTP-AUTH
resource-exhaustion attack, and working these issues with our
upstreams. Our apologies for any inconveniences, and our thanks to
those who've
On Mon, 6 Oct 2003 14:01:31 -0700, Roland Dobbins wrote
Folks,
We've been handling a multi-vector DDoS - 40-byte spoofed SYN-flooding
towards www.cisco.com (198.133.219.25/32) as well as an HTTP-AUTH
resource-exhaustion attack, and working these issues with our
upstreams. Our apologies
I've been in touch with ARIN on the same issue noticed at a different site.
According to ARIN, some older BIND resolvers aren't handling the referrals
that they get back from the gtld-servers for some of ARIN's name servers.
The problem started Thursday when ARIN changed the list of NS's for
On Mon, 6 Oct 2003, Allan Liska wrote:
KS The following well-remembered lines come to mind here, and excuse me if
KS you hear a slight hysterical laughter from my direction:
I don't know what your post has to do with the original topic, but if
you don't like the way NONOG is moderated,
On Mon, 06 Oct 2003 19:38:38 EDT, [EMAIL PROTECTED] said:
A handful of people (an assumption on my part) have the power /
distributed bandwidth to bring just about any internet site/network to its
knees using the distributed.net meets DoS tools they've created and
distributed to thousands,
On 6 Oct 2003 at 19:22, Allan Liska wrote:
I don't know what your post has to do with the original topic, but if
you don't like the way NONOG is moderated, please feel free to start
your own Network Operators mailing list.
As far as comparing NANOG moderation to Nazi Germany that is
First They Came for the IRC bots
and I did not speak out
because I did not run a bot.
Then They Came for the IRC servers
and I did not speak out
because I did not run an IRC server.
...skip a few years...
Then They Came for the DNSBLs
and I did not speak out
because I did not
On Mon, 06 Oct 2003 18:45:15 -0500
Laurence F. Sheldon, Jr. [EMAIL PROTECTED] wrote:
| Now we have clear evidence that there are no less than three who
| understand the threat.
If you mean the threat from those who will attack and disable sites
because they don't like what people at those sites
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
Hello Allan,
Monday, October 6, 2003, 7:22:30 PM, you wrote:
AL As far as comparing NANOG moderation to Nazi Germany that is
AL disgusting and beneath contempt.
My apologies to Kai and the list, I misread -- to some extent -- the
original meaning
On Mon, 6 Oct 2003, [EMAIL PROTECTED] wrote:
Anyone who doesn't think that's an operational issue, just wait until it
bites you on the ass.
Now we have clear evidence that there are no less than three who
understand the threat.
My first thought was that the DDoS was a means of
I'm assuming, though not certain, that Cisco would have alternative
distribution/communication/update channels in such an event, but is that
indeed the case?
My access to ftp.cisco.com is working fine whilst the website remains down..
Hi Steve,
No I do realize that what I suggested in
At 8:15 PM -0400 10/6/03, Jeffrey S. Young wrote:
It's a difficult thing for all of us when j.random users start to discover
things like personal firewall. I had one threaten me personally with
'investigation' by the FBI because my system was attempting to break
into his PC He sent it to my
On Mon, 6 Oct 2003, Peter E. Fry wrote:
Hi,
As a jew, I must admit that I also understood the point, and didn't
think of Nazi Germany, although you'd think it would evoke an immediate
emotional reaction (which it admitedly did), but that reaction did not
cloud my judgement.
I think
Take your blood pressure medicine before reading this one.
http://news.com.com/2010-1071-5086769.html
Apparently our objections stem from our lingering resentment over the
commercial use of the internet.
In case you're wondering who the author is, since neither the bio on
the page or Verisign's
As seen on /.
http://news.com.com/2010-1071-5086769.html
Mark McLaughlin, senior VP of Verislime, has an editorial on news.com
claiming that ICANN is stifling innovation and forcing the internet to
stagnate.
The PR machine is out in force and painting anyone who disagrees with
them as
Wish someone who was good with the clue-axe would take a swing at these
dolts.
We all know they are crying babies because their new method of profit was
shut down.
Now, the interesting question will be, how can we prevent them from adding
sitefinder again?
--
Brian
You know who/what this sounds like?
Microsoft.
When smacked down about IE integration and WMP integration, they screamed
bloody murder and claimed freedom of innovation. Exactly what
NetSol/Verisign is doing. Maybe they have the same PR firm?
--
Brian Bruns
The Summit
From the CANET-NEWS list, this seems relevant to network operations...
For more information on this item please visit the CANARIE CA*net 4 Optical
Internet program web site at http://www.canarie.ca/canet4/library/list.html
---
[From
The one that pisses me off more is
http://news.com.com/2100-1038_3-5087139.html?tag=nefd_top
The article makes me wonder if CNET is the press, or an outlet for press
releases. The Internet community is almost uniform in expressing outrage
for numerous REAL reasons, yet CNET says its from
An entity claiming to be Mike Tancsa ([EMAIL PROTECTED]) wrote:
:
:
: The one that pisses me off more is
:
: http://news.com.com/2100-1038_3-5087139.html?tag=nefd_top
:
Here's an interesting slip:
At the press conference Monday, VeriSign said it is convening
a panel of Internet
Translation:
In the interest in gaining more community review and comment, a discussion
list has been setup to discuss factually-based technical issues
and solutions surrounding the operational impact of wildcards in
top-level domains on Internet applications.
VeriSign technical people
At 11:15 PM -0400 10/6/03, Brian Bruns wrote:
Wish someone who was good with the clue-axe would take a swing at these
dolts.
We all know they are crying babies because their new method of profit was
shut down.
Now, the interesting question will be, how can we prevent them from adding
sitefinder
We've been handling a multi-vector DDoS - 40-byte spoofed
SYN-flooding towards www.cisco.com
Now that they've come for cisco, maybe law enforcement,
network operators, and router vendors will all get their
$h!t together and do something to put a stop to these DDoS
attacks that have
Terry Baranski [10/7/2003 6:05 AM] :
Maybe this will have the positive effect of motivating Cisco to do more
to encourage best practices such as edge anti-spoof filtering. To begin
with, Barry Green's presentations on these issues are hidden away on
his/Cisco's FTP server
On Mon, 6 Oct 2003, Mike Tancsa wrote:
The one that pisses me off more is
http://news.com.com/2100-1038_3-5087139.html?tag=nefd_top
Lewis said the company needs to make money from new services such as
SiteFinder, or it will not be able to protect the Net's critical
infrastructure. He
As the bandwidth ramps up on the access side, this problem is only going
to become more and more prevalent (as if it's not already enough of a
problem). While I don't think filtering is the silver bullet, it can
certainly help at times. I think some of the larger watch sites (eg
SANS, etc.)
Could someone with a clue from Comcast in the Atlanta, GA area please send
me an email off-list?
Thanks;
Ian
--
Ian Wilson IWCG.net
Ian()iwcg!net PO Box 304
.
(since I haven't gotten back my enrollment confirmation, it seemed
appropriate to crosspost this to NANOG. While I will address
Sitefinder, there are broader architectural and operational issues).
Let me assume, for the sake of this discussion, that Sitefinder is an
ideal tool for the Web
Well, I've been trying. I got a double opt-in that gave me a deadline
to respond of 5AM Wednesday. I replied.
No confirmation.
Tried to post (crossposted to NANOG).
Got error message telling me I was not yet on the list. Of course,
with the apparent assumption the Internet is the Web, the
I got on OK, but I used the web based confirmation method.
Maybe their mail server got flooded?
--
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511
- Original Message -
While I realize that your Perspectives area is a place where various people
are allowed to submit editorials, your publication of this particular
very skewed piece without checking some of the stated facts within it
does not meet CNet's usual standard of journalism.
In addition to Mr. McLaughlin's
62 matches
Mail list logo