>It's also important that one avoid:
>
>* The faulty assumption there is but one problem
>* Incorrectly-formed causal relationships (NANOG-L has some
> examples of these)
>* Making too many changes in one iteration
>* Attempting to tackle a system with more unknowns than are
> absolutely necessa
> >It's also important that one avoid:
> >
> >* The faulty assumption there is but one problem
Here's an interesting example that I came across
several years ago. It was in an office with lots
of PCs plugged into RJ45 10baseT ports near each desk.
One PC had lost connectivity.
I came and checked
>* The faulty assumption there is but one problem
>* Incorrectly-formed causal relationships
Mythology.
Some may recall the adventures of the CTO who ran a sweep of an net 10.*
in a rather modest machine room somewhere in Maine, resulting in memory
exhaustion (arp table) in the router, which res
Depending on the Yahoo you get...66.218.71.198
traceroute to 66.218.71.198 (66.218.71.198), 30 hops max, 38 byte
packets
1 ge-0-3-0-7-1q-4crn-bzn.mt.core.cutthroatcom.net (209.137.232.209)
0.398 ms 0.297 ms 0.315 ms
2 fe-0-0-0-rf-45m-silo-bzn.mt.core.cutthroatcom.net (209.137.235.194)
0.81
warning. this is about humans rather than about IOS configs. hit D now.
> >> Also, an "easy fix" like this may lower the pressure on the parties
> >> who are really responsible for allowing this to happen: the makers
> >> of insecure software / insecure operational procedures (banks!) and
> >>
On Mon Jun 28, 2004 at 04:47:21PM +, Paul Vixie wrote:
> if it's easier for you to BGP-blackhole these bad sources and the only
> reason you don't is because you think it would be unfair, then you're
> part of the problem and you're helping to make the problem worse.
It's wholy unfair to the
> On Sat, 26 Jun 2004 11:19:16 -0400, "Jon R. Kibler" <[EMAIL PROTECTED]> said:
> Greetings,
> Anyone know anything about IP 128.232.0.31? # host 128.232.0.31
> 31.0.232.128.in-addr.arpa domain name pointer
> dns-probe.srg.cl.cam.ac.uk.
[...]
> Anyone know anything about this IP?
Keep going, th
On Sun, 27 Jun 2004, Scott Call wrote:
> On the the things the article mentioned is that ISP/NSPs are shutting off
> access to the web site in russia where the malware is being downloaded
> from.
>
> Now we've done this in the past when a known target of a DDOS was upcoming
> or a known websi
On Jun 28, 2004, at 1:56 PM, Stephen J. Wilcox wrote:
Personally - bad.
Another personal response (edited from my response to the LINX paper):
Fighting "phishing" web sites is a necessary and important task. Of
course, part of why it is necessary is because end users are ignorant,
untrained, and
Simon Lockhart wrote:
It's wholy unfair to the innocent parties affected by the blacklisting.
i.e. the collateral damage.
You´ll get burned anyway in a bad neighborhood because of the bandwidth
consumed by the crap.
Say a phising site is "hosted" by geocities. Should geocities IP addresses
be
[In the message entitled "Re: BGP list of phishing sites?" on Jun 28, 18:43, Simon
Lockhart writes:]
>
> On Mon Jun 28, 2004 at 04:47:21PM +, Paul Vixie wrote:
> > if it's easier for you to BGP-blackhole these bad sources and the only
> > reason you don't is because you think it would be unf
While it is often great sport to poke at MS, did you consider that this
might have nothing to do with classfullness or CIDR? I believe you will find
that 0 & -1 are invalid for whatever netmask the windows stack is given. You
might also find that some 'features' are mitigation for exploits that
ex
On Mon, 28 Jun 2004, Patrick W Gilmore wrote:
> Unfortunately, I worry that this cure is worse than the disease.
> Filtering IP addresses are not the right way to attack these sites -
> the move too quickly and there is too much danger of collateral damage.
I think part of the point of this bl
On Jun 28, 2004, at 2:43 PM, Dan Hollis wrote:
On Mon, 28 Jun 2004, Patrick W Gilmore wrote:
Unfortunately, I worry that this cure is worse than the disease.
Filtering IP addresses are not the right way to attack these sites -
the move too quickly and there is too much danger of collateral
damage.
On Mon, 28 Jun 2004, Dan Hollis wrote:
> When a provider hosts a phishing site for _weeks on end_ and does
> _nothing_ despite being notified repeatedly, sometimes a blacklist is the
> only cluebat strong enough to get through the provider's thick skull.
there are other reasons aside from 'lam
Is anybody experiencing issues with Sprint in Ls Vegas?
Do you Yahoo!?
New and Improved Yahoo! Mail - 100MB free storage!
--On 28 June 2004 18:43 +0100 Simon Lockhart <[EMAIL PROTECTED]>
wrote:
It's wholy unfair to the innocent parties affected by the blacklisting.
i.e. the collateral damage.
Say a phising site is "hosted" by geocities. Should geocities IP addresses
be added to the blacklist?
What if it made it ont
Has anybody seen an interuption in service in Las
Vegas with Sprint or Savvis
__
Do you Yahoo!?
Take Yahoo! Mail with you! Get it on your mobile phone.
http://mobile.yahoo.com/maildemo
> > It's wholy unfair to the innocent parties affected by the blacklisting.
> > i.e. the collateral damage.
maybe so. but it'll happen anyway, because victims often have no recourse
that won't inflict collateral damage. the aggregate microscopic damage of
this kind is becoming measurable and "s
Some are making this too hard.
Of the lists I know of they only blackhole KNOWN active attacking or
victim sites (bot controllers, know malware download locations etc) not
porn/kiddie porn/pr/choose-who-you-hate-sites ... clients (infected
pc's)
are usually not included but could make it on the li
PWG> Date: Mon, 28 Jun 2004 15:04:59 -0400
PWG> From: Patrick W Gilmore
PWG> If the blacklist is only for sites which are weeks, or even
PWG> a couple days old, that probably would remove most of the
PWG> objections. (I _think_ - I have not considered all the
PWG> ramifications, but it sounds li
Hi Donald,
the bogon feed is not supposed to be causing any form of disruption, the
purpose of a phishing bgp feed is to disrupt the IP address.. thats a major
difference and has a lot of implications.
Steve
On Mon, 28 Jun 2004, Smith, Donald wrote:
> Some are making this too hard.
> Of the
I agree phishing bgp feed would disrupt the ip address
to all ISP's that listened to the bgp server involved.
I was addressing a specific issue with listening to such
a server and that is the loss of control issue. Sorry if that wasn't
clear.
So would ISP's block an phishing site if it was prov
On Mon Jun 28, 2004 at 03:12:12PM -0600, Smith, Donald wrote:
> So would ISP's block an phishing site if it was proven
> to be a phishing site and reported by their customers?
Would you block access to a kiddie porn site? Do you block access to "warez"
sites? Both are illegal. I'm not convinced
On 28-jun-04, at 18:47, Paul Vixie wrote:
the root cause of network abuse is humans and human behaviour, not
hardware or software or corporations or corporate behaviour. if most
people weren't sheep-like, they would pay some attention to the results
of their actions and inactions.
It's easy to bla
On Jun 28, 2004, at 6:24 PM, Iljitsch van Beijnum wrote:
On 28-jun-04, at 18:47, Paul Vixie wrote:
the root cause of network abuse is humans and human behaviour, not
hardware or software or corporations or corporate behaviour. if most
people weren't sheep-like, they would pay some attention to the
On Mon, Jun 28, 2004 at 11:41:50AM -0700, Tony Hain wrote:
>
> While it is often great sport to poke at MS, did you consider that this
> might have nothing to do with classfullness or CIDR? I believe you will find
> that 0 & -1 are invalid for whatever netmask the windows stack is given. You
So
Hi,
We met a strange problem with Catalyst 4006 when provideing leased line service to one
of our customers.
Catalyst4006 Customer's firewall ---Customer's Intranet
The customer is allocated a Class C address block 192.168.5/24. And , they conn
It is possible that this issue is being cause by the customer's firewall as
well. Every Ethernet cable has two ends. :) I would check and see if the
customer's firewall log says anything. I believe doing a shut/no shut on
the Cat 4006 causes the Ethernet link to 'flap' on the port, causing the
Joe Shen wrote:
The customer is allocated a Class C address block 192.168.5/24. And , they connect their network to our
network by using a firewall. The Interface on Cata4006 is set up as "no switchport", and inter-connecting
subnet is configured between Cata4006 and firewall interface(10.10.1.
Please read -- this is lengthy, and important to the industry as a whole.
We ask for, and solicit, comments, letters of support, etc., for our
position. We are looking for people to take a position on this, and come
forward, perhaps even to provide an affidavit or certification. Something
along t
Of course, this is only possible with NAT at the customer edge.
Otherwise, it expands the size of the global routing system
exponentially.
- ferg
-- Alex Rubenstein <[EMAIL PROTECTED]> wrote:
As you can see, this TRO has widespread effects, and is something that
everyone in the industry coul
BTW, in which state did this occur? Any additional pointers?
Thanks,
- ferg
-- Alex Rubenstein <[EMAIL PROTECTED]> wrote:
Please read -- this is lengthy, and important to the industry as a
whole. We ask for, and solicit, comments, letters of support, etc.,
for our position. We are looking for
Some things you can look into:
> firewall interface(10.10.1.122/30).
> ip route 192.168.5.0 255.255.255.0 10.10.1.124
Is that the firewall interface is 10.10.1.122, or is it 10.10.1.124?
10.10.1.122 is a host address in the 10.10.1.120/30 subnet.
10.10.1.124 is a /30 network. Eithe
The action is taking place in the Superior Court of State New Jersey.
Please contact me offlist if you are interested in helping further.
On Tue, 29 Jun 2004, Fergie (Paul Ferguson) wrote:
>
> BTW, in which state did this occur? Any additional pointers?
>
> Thanks,
>
> - ferg
>
> -- Alex Rube
> > the root cause of network abuse is humans and human behaviour, not
> > hardware or software or corporations or corporate behaviour. if most
> > people weren't sheep-like, they would pay some attention to the results
> > of their actions and inactions.
>
> It's easy to blame the user, and usu
http://www.pfir.org/meltdown
-Hank
On Monday, 2004-06-28 at 20:41 MST, Greg Schwimer <[EMAIL PROTECTED]>
wrote:
> Some things you can look into:
>
> > firewall interface(10.10.1.122/30).
> > ip route 192.168.5.0 255.255.255.0 10.10.1.124
>
> Is that the firewall interface is 10.10.1.122, or is it 10.10.1.124?
> 10.10.1.122 is a
AR> Date: Mon, 28 Jun 2004 23:42:26 -0400 (Eastern Standard Time)
AR> From: Alex Rubenstein
AR> The action is taking place in the Superior Court of State New
AR> Jersey.
If the Court considers it a state matter, and lacks the ability
to regulate interstate commerce, does that mean out-of-state I
strange stuff they smoke down there in socal
What you really should try is to have ARIN provide "friend of the court"
brief and to explain to judge policies and rules in regards to ip space,
so you need to have your laywer get in touch with ARIN's lawyer. You can
probably even force them to provide a statement or testimony (if they
don'
On Jun 29, 2004, at 12:36 AM, Edward B. Dreger wrote:
If the Court considers it a state matter, and lacks the ability
to regulate interstate commerce, does that mean out-of-state ISPs
recognizing ARIN's authority are not required to listen to the
announcements?
Who cares what the court thinks? Are
On Mon, 28 Jun 2004, Alex Rubenstein wrote:
> There has been a Temporary Restraining Order (TRO) issued by state court
> that customers may take non-portable IP space with them when they leave
> their provider. Important to realize: THIS TEMPORARY RESTRAINING ORDER HAS
> BEEN GRANTED, AND IS CURR
What about asking the police to check the judge for drug abuse? There's
more than enough evidence. Or argue that someone with an IQ below zero
should not be a judge, but this might fail as most of them are former
attorneys; I have more respect for common criminals than I have for most
attorneys: t
On Jun 29, 2004, at 12:44 AM, Patrick W Gilmore wrote:
Of course, if you just happen to uphold INTERNET STANDARDS and only
accept routes from where they should originate, I'll buy you a drink
at the next NANOG for being a good netizien. :)
P.S. That was a serious offer to any and all ISPs.
Yes, I
Regardless, this is not a telephony issue ("Can I take my cell
number with me?"), as the courts as seem disposed to diagnose
these days, but rather, a technical one insofar as the IP routing
table efficiency.
"Friends of the court" won't work here unless the technical
implications are presented
On Jun 29, 2004, at 12:48 AM, Michel Py wrote:
In short: drop the monkey on ARIN's back. The issue that non-portable
blocks are indeed non-portable is ARIN's to deal with, and partly why
we
are giving money to them.
I wonder why ARIN, or even more importantly, ICANN has not jumped all
over this.
> I wonder why ARIN, or even more importantly, ICANN has not jumped all
> over this. Seems to me if IP space is not "owned" or something close
> to it by ICANN, they have lost a cornerstone of their power.
We have been in contact with both ARIN and ICANN about this issue. We
encourage all netwo
I'm sorry I made a mistake the subnet between catalyst4006 and customer's firewall is
10.10.1.213/30, Catalyst4006's interface address is 10.10.1.213, firewall's interface
address is 10.10.1.214.
Sorry.
Joe
On Mon, 28 Jun 2004 21:24 , Tony Rall <[EMAIL PROTECTED]> sent:
On Monday, 2
On Tue, 29 Jun 2004, Florian Weimer wrote:
> * Alex Rubenstein:
>
> > b) customer is exercising the right not to renew the business agreement,
> > and is leaving NAC voluntarily.
>
> The customer probably has a different opinion on this particular
> topic, doesn't he?
No. This is a clear situ
50 matches
Mail list logo