On Thu, 9 Oct 2003, Kee Hinckley wrote:
At 10:41 PM +0300 10/9/03, Petri Helenius wrote:
With $100M annual revenue at stake, I would be willing to provide
distributed solutions
to this problem if you send me a reasonable fraction of that money.
But can you do it without breaking the
Avleen,
I want to create a mapping of IP addresses to ASN, for a specific like
of IP addresses. Eg:
1.2.3.4
12.34.56.78
etc, gathered from my system logs.
What is the best way of doing this?
I thought about something along the lines of:
install routing software (zebra?)
pass
* [EMAIL PROTECTED] (Andy Ellifson) [Fri 10 Oct 2003, 01:04 CEST]:
And as soon as you call law enforcement what happends? The spammer is
located offshore. Then what?
This hasn't stopped the FTC before. Recently it named a Dutch
national in a complaint:
Hello,
Does anyone have any experience with large scale production IPSEC
tunnel deployment, where large scale is defined as over 100 net-to-net
tunnels to different destination networks active at any time?
If so, would such person(s) mind sharing any
I think it's more complicated than prevent residential users from
hosting servers.
You're right. As soon as we begin talking about
what all ISPs should do, we are out of the realm
of technical solutions and into the realm of
psychology and politics. After all, we first have
to convince all
I mentioned before that it doesn't really make much sense with web
hosting because the port can easily be changed so it's not very effective
at all.
Stop thinking of policing the user and start
thinking of providing a security service. The
default setting of the security service might
With all due respect, we have a *problem*. End user machines on
broadband connections are being misconfigured and/or compromised in
frightening numbers. These machines are being used for everything
from IRC flooder to spam engines, to DNS servers to massive DDoS
infrastructure. If the
[EMAIL PROTECTED] writes on 10/10/2003 4:39 PM:
Why don't you come to the next NANOG in Miami
in February and give a presentation on how people
are doing these things? The trouble with a mailing
list discussion is that it wanders all over the place.
But at NANOG you could focus on the network
This report has been generated at Fri Oct 10 21:48:24 2003 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table
I've received an email offlist that this problem should be back to
pre-yesterday conditions. It looks better on our end, as it should for
all else affected I would think.
Thanks to all who replied, compared notes and emailed offlist with
suggestions or ideas.
-mark
--
Mark Jeftovic [EMAIL
I agree that Michael is right on. The social, psychological and
financial issues are in many ways more tricky than the technical issus.
However, I think there are ways to help.
But first some history
When I signed up for Cable broadband access several years ago, I was
told, And of course
Mark Jeftovic [10/10/03 08:33 -0400]:
I've received an email offlist that this problem should be back to
pre-yesterday conditions. It looks better on our end, as it should for
all else affected I would think.
Our problem looks considerably larger than pre yesterday conditions now :(
Does anyone know, either on the east coast US, London, Stockholm,
Copenhagen, Amsterdam or Helsinki transit providers which would allow
edge/handoff interface control to different traffic classes using BGP
communities?
(for example to announce DDoS destinations and/or sources with different
rr.com blocking our netblock since this morning now
5.7.1 Mail Refused - 216.220.40 - See
http://security.rr.com/mail_blocks.htm#security
Anyone else?
--
Mark Jeftovic [EMAIL PROTECTED]
Co-founder, easyDNS Technologies Inc.
ph. +1-(416)-535-8672 ext 225
fx. +1-(416)-535-0237
Has anyone seen issues with hotmail receiving emails several days after they are sent.
We are not getting bounces, just long delays in what appears to be hotmails posting to
inboxes.
Some customers have waited 2 days to see an email reach their inbox. We have tested
this from not only our
On Fri, 2003-10-10 at 08:11, Michael Heitland wrote:
Has anyone seen issues with hotmail receiving emails several days after
they are sent. We are not getting bounces, just long delays in what appears
to be hotmails posting to inboxes.
Some customers have waited 2 days to see an email
Yes, but vice versa, I have received e-mails over the last few days that
are literally weeks old
Michael Heitland
On Fri, 2003-10-10 at 08:03, Mark Jeftovic wrote:
rr.com blocking our netblock since this morning now
5.7.1 Mail Refused - 216.220.40 - See
http://security.rr.com/mail_blocks.htm#security
Anyone else?
We got hit with same last night. Still trying to determine cause. This
page does
Has anyone seen issues with hotmail receiving emails several days after
they are sent. We are not getting bounces, just long delays in what appears
to be hotmails posting to inboxes.
We've been seeing lots of server timeouts and connection resets to
hotmail.com and msn MXs over the last
Mark Jeftovic writes on 10/10/2003 7:33 PM:
rr.com blocking our netblock since this morning now
5.7.1 Mail Refused - 216.220.40 - See
http://security.rr.com/mail_blocks.htm#security
Mail them at [EMAIL PROTECTED] - RR has good people reading it.
--
srs (postmaster|suresh)@outblaze.com //
Michael Heitland writes on 10/10/2003 7:41 PM:
Has anyone seen issues with hotmail receiving emails several days
after they are sent. We are not getting bounces, just long delays in
what appears to be hotmails posting to inboxes.
Yes. Since quite some time.
--
srs
Title: Message
A colleague informed
me this morning that Alan Ralsky is doing widespread bruteforce attacks on SMTP
AUTH, and they are succeeding, mainly because it's quick, painless (for him),
and servers and IDS signatures don't generally offer protection against
them.
Could this be why
Title: Message
Tis one of the reasons why I've disabled SMTP AUTH
on all of my servers for now. I've known about this for a few weeks
now. Its not surprising. Most of the servers cracked are Exchange
servers (probably thanks to weak passwords), but I still don't feel like taking
a chance.
On Fri, 10 Oct 2003 10:59:46 -0400
Bob German [EMAIL PROTECTED] wrote:
A colleague informed me this morning that Alan Ralsky is doing
widespread bruteforce attacks on SMTP AUTH, and they are succeeding,
mainly because it's quick, painless (for him), and servers and IDS
signatures don't
Cant speak for others, but the server that was blocked for us by Yahoo! is
ACL'd by IP address. It would be very helpful if the Yahoo! folk could
post an official explanation as to what happened so we can pass it on to
our customers. e.g. a URL somewhere on Yahoo! ?
---Mike
At
Bob German writes on 10/10/2003 8:29 PM:
A colleague informed me this morning that Alan Ralsky is doing
widespread bruteforce attacks on SMTP AUTH, and they are succeeding,
mainly because it's quick, painless (for him), and servers and IDS
signatures don't generally offer protection against
Brian Bruns writes on 10/10/2003 8:42 PM:
Tis one of the reasons why I've disabled SMTP AUTH on all of my servers
for now. I've known about this for a few weeks now. Its not
surprising. Most of the servers cracked are Exchange servers (probably
thanks to weak passwords), but I still don't
Orchestream has some of this functionality for setting the tunnels up,
you can then use the corba interface to setup management with
tools like SMARTS. The other problem is managing the keys, if you
don't have a CA it will be painful if you need to change the keys. We
have had some success
He grabbed a couple of our customers' IMAIL servers, and I'm pretty sure
discovered a few weak passwords by brute force.
Bob
-Original Message-
From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED]
Sent: Friday, October 10, 2003 11:27 AM
To: Brian Bruns
Cc: Bob German; [EMAIL
Title: Message
Just FYI, I am putting together another paper as we
speak on how to secure your mail servers against this type of attack.
Should be online by this afternoon at the latest.
Ok, this is where I need to ask for your guys help
as well. If anyone here has experience with postfix
on Fri, Oct 10, 2003 at 08:47:51PM +0530, Suresh Ramasubramanian wrote:
Set up header checks in sendmail / postfix to block all mail with
Received: headers showing Ralsky IPs. PCRE header checks in postfix
would be like -
snip
Sendmail rulesets to block Ralsky:
KRalsky1 regex [EMAIL
RR has been using a lot of blocks for quite some time. Fortunately, they
were very responsive when I mailed their abuse address as indicated on that
URL. I gave them the allocation I was responsible for, asked for that
subset of addresses to be unblocked, and things were fine within the day.
MessageThis is something I sent to someone offlist. I've strpped out his
name, etc.
--
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511
- Original Message -
From: Brian
But, that requirement simply says that if at x time you query *.something
and otherwise-unmatched.something, you get the same result. It doesn't
say that if you query at *.something at x time and otherwise-unmatched
at x+5 time, you will get the same result. DNS servers can return different
On Fri, 10 Oct 2003, Suresh Ramasubramanian wrote:
Mark Jeftovic [10/10/03 08:33 -0400]:
I've received an email offlist that this problem should be back to
pre-yesterday conditions. It looks better on our end, as it should for
all else affected I would think.
Our problem looks
Out of curiousity, has anyone tried turning this over to law
enforcement? It's another form of hacking, but the money trail back
through the spammers might provide enough evidence for prosecution.
--Steve Bellovin, http://www.research.att.com/~smb
Since the topic is mysterious rejections from MTAs, I have one from
UUNet. One of our business partners has UUNet for an ISP and is using
UUNet for a tertiary MTA. Occasionally, mail ends up going to that MTA
(quite often actually, their primary gets unresponsive from time to time
and I've
There will be a brief introduction to PGP key signing presented in the
General Session at 11:15 a.m. on Monday, entitled Building a Web of
Trust.
New for NANOG 29: you will find stickers available at the checkin desk
which which you can stick on your name tag. The red dot means I sign
keys;
I am seeing lots of scanning of port 135 on my network. 66 byte long packets. Anyone have a name for this? It is less aggressive than the welchia
scans I have seen. Seems to scan at about 3000 or so flows per 5 minutes.
Thanks
Peter Hill
Network Engineer
Carnegie Mellon
On 10 Oct 2003, at 13:30, [EMAIL PROTECTED] wrote:
On Fri, 10 Oct 2003 13:20:16 EDT, you said:
Chicago. We have been scheduled to meet on Monday, June 2, after the
ISP Security and NSP-SEC BOF, at around 9pm in Salon F. If the BOF
runs
date/time/location check???
Arrgh. Monday 20 October, is
The kiddies have finally exploited the RPC SS/RPC DCOMII exploits that microsoft
patched after internal auditing. I first got word of a working exploit about a week
ago, but no real confirmation, and I put very little creedance in kiddie I hax0rz
your b0x3n! then scanning went exponentially
[the original mail I sent had the wrong date in the third paragraph;
this one has the right date. sorry about the confusion.]
There will be a brief introduction to PGP key signing presented in the
General Session at 11:15 a.m. on Monday, entitled Building a Web of
Trust.
New for NANOG 29: you
Yes, we saw this yesterday and posted to full-disclosure. Here is a sample
packet.
13:43:38.511675 xx:xx:xx:xx:xx:xx xx:xx:xx:xx:xx:xx 0800 62:
64.7.nn.yy.3512 16.181.zz.aa.135: S [tcp sum ok] 3772716186:3772716186(0)
win 65340 mss 1452,nop,nop,sackOK (DF) (ttl 127, id 63248, len 48)
0x
Date: Tue, 07 Oct 2003 23:33:45 -0700
Subject: The Earth's not slowing down fast enough to suit Motorola
Motorola reports that several GPS receivers in its Oncore line will
misdisplay the date on 28 Nov 2003 at midnight UTC. For a one-second window
the receivers will mistakenly report the
On Fri, 10 Oct 2003, Ray Wong wrote:
RR has been using a lot of blocks for quite some time. Fortunately, they
were very responsive when I mailed their abuse address as indicated on that
URL. I gave them the allocation I was responsible for, asked for that
subset of addresses to be
It seems RoadRunner is no longer deferring us or refusing our
connections... they're BOUNCING everything.
Nice.
Oct 10 16:04:28 10.0.2.42 postfix/smtp[11683]: 778A77050E:
to=[EMAIL PROTECTED], relay=flmx04.mgw.rr.com[65.32.1.50], delay=5,
status=bounced (host flmx04.mgw.rr.com[65.32.1.50]
Mail [EMAIL PROTECTED] - they are whitehat, and you'll know the
people there from spam-l.
Oh, they respond quite fast.
suresh
Mark Jeftovic writes on 10/11/2003 1:54 AM:
It seems RoadRunner is no longer deferring us or refusing our
connections... they're BOUNCING everything.
--
srs
Mark Jeftovic said:
It seems RoadRunner is no longer deferring us or refusing our
connections... they're BOUNCING everything.
That's what they did to us. No deferrals, just started 571'ing
everything. I sent a query to the spamblock mail address, received
autoreply and nothing else. We
What number did you call to talk to them?
On Fri, 10 Oct 2003, Alan Sparks wrote:
Mark Jeftovic said:
It seems RoadRunner is no longer deferring us or refusing our
connections... they're BOUNCING everything.
That's what they did to us. No deferrals, just started 571'ing
everything. I
It looks like they're taking our mail again now
On Fri, 10 Oct 2003, Mark Jeftovic wrote:
What number did you call to talk to them?
On Fri, 10 Oct 2003, Alan Sparks wrote:
Mark Jeftovic said:
It seems RoadRunner is no longer deferring us or refusing our
connections... they're
On Thursday 09 October 2003 11:30 pm, chuck goolsbee wrote:
Today our email forwarders started getting this from yahoo.com
mail handlers:
snip
Us too. And more than one ISP that I have seen (for example,
iglou.com mentioned that one of their boxes was being blocked)
Something looks
Paul S. Brown writes on 10/11/2003 3:41 AM:
As of last month Yahoo! are providing some mail services for BT Openworld in
the UK, soon to be all of their consumer mail accounts.
They've been providing mail services for SBC as well, since quite some time.
--
srs (postmaster|suresh)@outblaze.com
The TOS/AUP for most residential broadband connections already allows the ISP to shut
off service or do anything they want to the customer without prior notice. It has
been this way for at least 3 or 4 years, since the advent of @Home. Take a look at
the TOS/AUP for Comcast, Shaw Cable, MSN
-BEGIN PGP SIGNED MESSAGE-
Checking http://www.sixxs.net/tools/grh/lg/?show=bogonsfind=::/0
People might want to filter on private ASN's also
when that ASN is being used as transit...
2001:a40::/32 AS64702 is reserved (path: 15516 3257 2497 4697 2914 10109 4538 4787
64702 20646 8763
I just got on today.
Was there any large DDOS attacks today.
Any specific networks impacted?
-Original Message-
From: Jeroen Massar [mailto:[EMAIL PROTECTED]
Sent: Friday, October 10, 2003 8:16 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Reserved ASN 64702, 6to4, 2 ghosts, other
I know they CAN, but the issue is do they have the mechanisms and
operational capabilities of actually doing so? I would like to see my
cable provider making it hard to do some of the things I do. Not because
I should not be doing them, but those same holes that I exploit
(hopefully in a benign
IMHO, all consumer network access should be behind NAT.
However, the real solutions is (and unfortunately to the detriment
of many 3rd party software companies) for operating system
companies such as Microsoft to realize a system level firewall
is no longer something to be added on or configured
% Another funny one:
% 3ffe:3::/32 Subnet of 3ffe::/24 Mismatching origin ASN,
% should be 4555 (now: 29216)
welcome to more root server testing w/ IPv6.
--bill
Opinions expressed may not even be mine by the time you read them, and
certainly don't
Anyone living in Puerto Rico (if they are getting this mail, they should be
working for computer/internet related anyway) can contact me offlist please?
thanks.
Mehmet Akcin
On Fri, Oct 10, 2003 at 04:55:44PM +0300, Petri Helenius wrote:
Does anyone know, either on the east coast US, London, Stockholm,
Copenhagen, Amsterdam or Helsinki transit providers which would allow
edge/handoff interface control to different traffic classes using BGP
communities?
(for
On Fri, Oct 10, 2003 at 04:55:44PM +0300, Petri Helenius wrote:
Does anyone know, either on the east coast US, London, Stockholm,
Copenhagen, Amsterdam or Helsinki transit providers which would allow
edge/handoff interface control to different traffic classes using BGP
On Fri, 10 Oct 2003, Adam Selene wrote:
IMHO, all consumer network access should be behind NAT.
Unfortuantely there are enough protocols and applications
which don't work well behind a NAT that deploying this on
a large scale is not practical. Most gamers require incoming
connections. These
62 matches
Mail list logo