Get 'em while they're hot: https://reports.energy.gov/
---Rob
I have been asked to find out what DNSBLs are in use so my employer can see
what the incidence of its being blacklisted is and how much impact this is
likely to have had on their business.
What DNSBLs are being used by the various agencies represented on NANOG and
how much weighting do you
Bonjour,
I am a student doing my Masters thesis. My query is that
1. what is the way to predict how a traffic will be arriving in router, by
having a statistical information of the length of the bursts and the
silence. (are there any papers which have worked on it)
2. Is it
On Thu, 20 Nov 2003 00:27:20 +0100, Magnus Eriksson wrote
Will it help to throw a bigger box at the problem?
Would help to know what box you're using if you want to know whether a larger
box would help.
--
This message has been scanned for viruses and dangerous content by
MailScanner, and is
Does this mean that your employer is a spam operator?
T
- Original Message -
From: Paul S. Brown [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Thursday, November 20, 2003 7:16 AM
Subject: RBLs in use
I have been asked to find out what DNSBLs are in use so my employer can
see
what
All of these cute references to vendor c and vendor n go by the wayside
when we slip and say Nortel or refer to CEF. :)
IMHO, if you aren't breaking an NDA, you might as well name names. If you
are breaking an NDA, using initials won't screen you from legal jeopardy...
- Daniel Golding
On
Nope,
Just an ISP with normal ISP type operational spam problems. I'm trying to
quantify how often we actually appear on RBL, but I want to get some idea of
how much credence to give to appearing on any given list.
For example something like the old Dorkslayers lists should be ignored because
I run the Abusive Hosts Blocking List (http://www.ahbl.org). We list
everything from spam sources, to spam supporters, open proxies, open relays,
drones, etc.
Its in use on all of the mail servers I help administrate (which includes
several fortune 500 companies, half a dozen regional ISPs, and
Paul S. Brown writes on 11/20/2003 10:51 AM:
For example something like the old Dorkslayers lists should be ignored because
they would blacklist you if you sneezed at the wrong time, however MAPS is
probably a good list.
You need a fairly wide coverage of BLs.
# Open proxies -
Hey all,
This one is a weird one. I apologize if this is a bit off topic.
As everyone is probably aware, the Cisco 6500/7600 line is unable to
provide per-vlan I/O statistics on routed interfaces (ie, a show int vlan
xxx has meaningless numbers in the I/O and error fields at the end).
MIB
I am a student doing my Masters thesis. My query is that
Someone doing graduate studies in networking should really
do some basic research before asking questions on a mailing
list. Normally, you start by reviewing the literature.
If you had done that you would have discovered that your
At 06:27 PM 11/19/2003, Magnus Eriksson wrote:
The last 2 days I've been fighting against the Nachi ICMP onslaght on a customer
network.
Have you tried rate-limiting or blocking ICMP echo/echo/reply messages?
Worm traffic will typically follow the default route to the FW for prefixes that are
Suresh Ramasubramanian wrote:
You need a fairly wide coverage of BLs.
# Open proxies - http://opm.blitzed.org and
http://proxies.blackholes.easynet.nl
I would add the SORBS http and SORBS socks lists to this.
# Open relays - http://www.ordb.org
I'd add VISI to that too.
# Dialup and DSL/cable
This is because in 1996 you were likely not dealing with 'Switch
Routers'; today's 'routers' perform some form of flow switching/caching,
meaning once the traffic enters the VLAN routed interface and an
appropriate path is found it is sent down the the Layer 2 fabric. This
can be circumvented
On 11/20/2003 at 10:51 AM, Paul S. Brown [EMAIL PROTECTED] wrote:
Nope,
Just an ISP with normal ISP type operational spam problems. I'm trying to
quantify how often we actually appear on RBL, but I want to get some idea of
how much credence to give to appearing on any given list.
For
and then there's the granddaddy of them all, MAPS. see www.mail-abuse.org.
--
Paul Vixie
Brian Bruns wrote:
I run the Abusive Hosts Blocking List (http://www.ahbl.org). We list
everything from spam sources, to spam supporters, open proxies, open relays,
drones, etc.
Its in use on all of the mail servers I help administrate (which includes
several fortune 500 companies, half a dozen
Kai Schlichting [EMAIL PROTECTED] writes:
BT have (quite rightly) been repeatedly blocked by DNSBL's and private
lists as a result of their poor record in handling abuse incidents (whether
that's by intent or negligence by way of a colossal management failure is
another debate entirely).
Greetings.
Another independent ISP operator and I have noticed a pretty significant
increase in traffic to and from our broadband (DSL) subscribers since
August. It's been a fairly steady uptick, at least in my case, resulting
in a doubling of overall average traffic to/from these folks since
icmp followed by port 135 connection attempts? nachi or welchia...
flow logs are highly useful in understanding gross behavioral changes in
user usage patterns.
joelja
On Thu, 20 Nov 2003, Jared B. Reimer wrote:
Greetings.
Another independent ISP operator and I have noticed a pretty
On Thursday, November 20, 2003 10:00 PM, Jared B. Reimer
[EMAIL PROTECTED]
wrote:
Greetings.
Another independent ISP operator and I have noticed a pretty significant
increase in traffic to and from our broadband (DSL) subscribers since
August. It's been a fairly steady uptick, at least in
At 04:28 PM 20/11/2003, Steven M. Bellovin wrote:
At the IETF Plenary, Bernard Aboba showed a graph of spam, with a
marked uptick since SoBig.F in August. My guess is worm-deposited spam
relays, though Joel's guess of Nachi or Welchia can't be ruled out,
either, without flow data.
I would say
Jared B. Reimer wrote:
Greetings.
Another independent ISP operator and I have noticed a pretty
significant increase in traffic to and from our broadband (DSL)
subscribers since August. It's been a fairly steady uptick, at least
in my case, resulting in a doubling of overall average traffic
: Another independent ISP operator and I have noticed a pretty significant
: increase in traffic to and from our broadband (DSL) subscribers since
: August. It's been a fairly steady uptick, at least in my case, resulting
: in a doubling of overall average traffic to/from these folks since
I have been trying for weeks to get in touch with someone who will respond
with something other than a form letter at Verizon. Can someone please
contact me off-list? My company (Modwest) is being unilaterally blocked.
I can't even send mail to abuse, postmaster, etc. from an @modwest.com
On Fri, 21 Nov 2003, Suresh Ramasubramanian wrote:
If the guy is asking for DNSBLs to use, and you have some good ones in
mind, help him, I'd say.
Here Here Suresh, you're on the money!
If they (BT) really have that big of a problem, one could look at this as
a sign that they want to see what
Suresh Ramasubramanian wrote:
Kai Schlichting [EMAIL PROTECTED] writes:
BT have (quite rightly) been repeatedly blocked by DNSBL's and private
lists as a result of their poor record in handling abuse incidents (whether
that's by intent or negligence by way of a colossal management failure is
If you want to bill accurately, bill off the Layer 2 ports; that's what
is always churning the traffic. I've not looked at the accuracy on a
scientific level, but I've never found what I believed to be a serious
discrepency when billing/polling the physical ports.
The reporting of the Layer 2
On Thu, 20 Nov 2003, Anthony Cennami wrote:
If you want to bill accurately, bill off the Layer 2 ports; that's what
is always churning the traffic. I've not looked at the accuracy on a
scientific level, but I've never found what I believed to be a serious
discrepency when billing/polling
On Thu, 20 Nov 2003, Gert Doering wrote:
This is all nice and shiny, but having shortcuts doesn't mean the L2
fabric can't export the resulting numbers up to the L3 brain.
They just botched it. Counters and Cisco boxes seem to be fundamentally
incompatible.
I was under the impression that
I'm gonna post this back publically because it will be of interest to
all (I hope)...
Jasper van Beusekom wrote:
Mat:
Noone is exempt from listing in SORBS, but proven whitehats don't get
blocked.
Do you have many such contacts?
I have a few (less than 50)
Would it be something to
This too is a discussion argued a number of times previously.
Personally, I prefer the architecture where one port belongs to one
VLAN; this is obviously not appropriate in all situations, but it is in
mine.
Nothing in this world is free, and the bandwidth that a customer uses
across my
Steven M. Bellovin writes on 11/20/2003 4:28 PM:
At the IETF Plenary, Bernard Aboba showed a graph of spam, with a
marked uptick since SoBig.F in August. My guess is worm-deposited spam
relays, though Joel's guess of Nachi or Welchia can't be ruled out,
either, without flow data.
A ballpark
While on the subject of dnsbls, I would like to bounce an idea off the
list. I would like to find out of there anything in existance like this
and if there would be interest in an implementation. I must admit that I
have not checked every single dnsbl, but as far as I could tell, there
doesnt
34 matches
Mail list logo