I'm thinking that Citibank will cease to be a target if they give (ok,
it's a bank - sell) their subscribers a hardware token that requires
presence of the ATM card when the customer wants to use online banking
facilities... as several banks here in the Netherlands do.
This is a social
Those are apples oranges. You cannot compare bandwidth in countries
without the same fiber infrastructure as the US ( and with government
owned PTTs controlling almost all access to the US market.
Bang on!
U.S. prices reflect a mostly complete disintermediation of the telecom
industry in
Well, with the GSR (and alike) you're paying for high MTBF, large
buffers
and quick re-routing when something happens, so yes, this is a quality
issue and that's why you should care and make an informed decision.
There's more than one way to do things.
Some people manage MTBF by having more
1. ISPs use firewall to protect their DNS server;
Depends. You don't normally need a full fledged (stateful) firewall.
Normal (stateless) router access lists are just fine.
2. ACL on router may be a good solution for protecting
DNS servers, the policy could be only pass those
packets,
On Mon, 16 Aug 2004, Paul Wouters wrote:
Unfortunately, SiteFinder did not have such a destructive effect as we
had all wanted it to have. Statistics in our network showed no
significant increase in dns traffic. Especially if you compare it
against things like SoBig:
On Sun, 15 Aug 2004, Mikael Abrahamsson wrote:
As far as I know, there is no remotely exploitable hole in windows that
doesn't have a patch for it, nothing majorly in the wild anyway. I run my
fully patched XP laptop without firewall directly connected to the
internet all the time and the
On Mon, 16 Aug 2004, Mikael Abrahamsson wrote:
On Mon, 16 Aug 2004, Patrick W Gilmore wrote:
Unfortunately, I doubt any transit provider offering these prices will
tell us if they are below cost. (Someone care to prove me wrong? :-)
Cisco 12400 OC192 cards are $225k listprice.
Stephen J. Wilcox wrote:
of course, if you wait for someone to go bankrupt then buy them you can buy the
entire company and network for about that price :)
I did hear about an isp called optigate.net (coarsegold, CA) that went
bankrupt quite recently ... [at least, an ex optigate customer
Alexei Roudnev wrote:
Why don't write out a generator of credit cards / pins and flood out this
site by false information?
(I saw a few better examples, btw).
Because fighting abuse with abuse is never a good idea?
Pete
On 17 Aug 2004, at 00:46, Patrick W Gilmore wrote:
Nope. Its -INFORMATIONAL- e.g. Not a Standard.
P.S. That would be i.e.. If you are going to argue semantic points,
you should get your grammar right. =)
I think a Standard was just an example of one of the things it is
not. It is also not a
I wonder if the banks have ever considered how they have
contributed to the problem. If their pages were straight
up, no pop-up's, no JavaVirus, etc it would be far easier
to tell their customers:
==
Here is what our page
Hi,
in situation of DoS attack or situation of high
session rate;
Routers with hardware based access lists. No
problem.
What I'm not sure about ACL on router is, how to
survive DNS server under DoS/DDos attack. We suffered
from DoS attack last year, and we found the source IPs
of that
The mail originated from 68.77.56.130 (an ameritech.net DSL connection,
right now not pingable) and loads some images from www.citibank.com.
It links to http://61.128.198.51/Confirm/ - an IP address hosted by
Chinanet (transit to there supplied by Savvis from my point of view).
It's a 1 line rule
On Tue, 17 Aug 2004, Eric Kuhnke wrote:
It's a 1 line rule with mod_rewrite and apache to block
nonexistant or off-site http referers attempting to display
GIF/JPG/PNG images... Sometimes I wonder why Citibank,
Paypal and others don't do this. It would cut down on the
displayed
Nope. Its -INFORMATIONAL- e.g. Not a Standard.
P.S. That would be i.e.. If you are going to argue semantic points,
you should get your grammar right. =)
I think a Standard was just an example of one of the things it is
not. It is also not a pressure washer, a small rodent
I wonder if the banks have ever considered how they have
contributed to the problem. If their pages were straight
up, no pop-up's, no JavaVirus, etc it would be far easier
to tell their customers:
==
Here is what our page
On Tue, 17 Aug 2004 08:05:41 -0400 (EDT)
David Lesher [EMAIL PROTECTED] wrote:
| I wonder if the banks have ever considered how they have contributed
| to the problem. If their pages were straight up, no pop-up's, no
| JavaVirus, etc it would be far easier to tell their customers:
|
|
What I'm not sure about ACL on router is, how to
survive DNS server under DoS/DDos attack. We suffered
from DoS attack last year, and we found the source IPs
of that attack locate in our customers IP address
blocks. ACL on router could only filter those traffic
not meaningful to DNS server,
On Tue, 17 Aug 2004 [EMAIL PROTECTED] wrote:
Barclays also uses a memorable word in addition to
the PIN code. They repeatedly tell us that no-one
from Barclays will ever ask us to reveal this
memorable word. It's only use is for a simple
challenge-response where the website asks for
two specific
On Tue, 17 Aug 2004, Eric Kuhnke wrote:
The mail originated from 68.77.56.130 (an ameritech.net DSL connection,
right now not pingable) and loads some images from www.citibank.com.
It links to http://61.128.198.51/Confirm/ - an IP address hosted by
Chinanet (transit to there supplied by
TW Date: Tue, 17 Aug 2004 09:06:30 -0400 (EDT)
TW From: Tim Wilde
TW Because many (broken) browsers/proxies/firewalls/etc block
TW or forge referrer headers for security and they'd quadruple
TW their tech support load with all their idiot customers using
TW Norton Internet Security or other
Edward B. Dreger wrote:
Ughh. Some security products cause more trouble than they
solve. Norton Internet Security is obnoxious enough to filter
ads by nuking graphics based on pixel dimensions. (After having
to alter some sites to get around this, we have a much harder
time recommending
First - As for whether the US Transit market is healthy or unhealthy... I
am not privy to the ISP calculations that demonstrate financial viability
at these prices, so I can only go on the sentiments expressed by folks that
have done the analysis for their companies and have shared their views
Hi folks,
Could someone with the hotel location data for the 17-19 Oct NANOG please
email me? 'Reston, VA' got rejected as not specific enough for the travel
authorization. http://www.nanog.org/ http://www.arin.net/ only list
Reston, VA.
Thanks, -ren
On Aug 17, 2004, at 1:55 PM, William B. Norton wrote:
The Cost of Internet Transit in..
Commit AU SG JP HK USA
1 Mbps $720$625$490$185$125
10 Mbps $410$350$150$100$80
100 Mbps$325$210$110$80 $45
1000 Mbps
I have been hearing rumors about some SYN flood atacks on the Internet today. Anybody hear anything?
Thanks
Jason
On 17 Aug 2004, at 14:20, Patrick W Gilmore wrote:
Things are not the same everywhere. Politics, infrastructure, labor,
taxes, and a myriad of other factors make it not very useful to say
US is $30, AU is $300 and expect to draw any meaningful conclusion
by the comparison - except, of course,
On Tue, 17 Aug 2004 [EMAIL PROTECTED] wrote:
I have been hearing rumors about some SYN flood atacks on the Internet
today. Anybody hear anything?
You will need to be more specific.
There are syn flood attacks, icmp attacks, udp attacks, tcp attacks, dns
attacks, http attacks, im attacks,
On Tue, Aug 17, 2004 at 06:28:55PM +, [EMAIL PROTECTED] wrote:
I have been hearing rumors about some SYN flood atacks on the Internet
today. Anybody hear anything?
Interesting coincidence, I just heard a rumor about someone receiving spam
today. Perhaps the are connected. It might even
I suppose a more direct analogy to the Big Mac Index would be to take
some usefully-accurate measure of transit costs in each country
*real* transit costs are not discussed on nanog or other public
fora. compendia of such data are worth the cost of every pixel
on which they're printed.
Sorry I didnt take the smart ass factor into account when I posted. I have heard that AOL and other mega proxies have been sending enough SYN floods (DDoS style)to knock over Discover and Allstate. I am not talking about small amounts of normal traffic.
Jason
-- Original message
I think I also heard about some new email worm that takes advantage users that open attachments...
(Sorry, just HAD to jump on that bandwagon)
Brent
Richard A Steenbergen [EMAIL PROTECTED]
Sent by: [EMAIL PROTECTED]
08/17/2004 02:41 PM
To:[EMAIL PROTECTED]
cc:[EMAIL
One of my peers had a DOS against one of their colo customers.
Effected their/our connection to Level 3. Appx 11:05am EDT
~
Matt Taber [EMAIL PROTECTED]
WMIS Internet http://www.wmis.net
Accelerate ... It's a Speed Thing
this should be pushed to
the router. don't waste CPU cycles
on the Nameserver.
Hosts tend to be a faster writeoff cycle than routers in companies I've
worked at, therefore getting the benefit of moores law about 25% faster
than the routers. Turn on firewalling in the
On Tue, Aug 17, 2004 at 09:32:28PM +0200, [EMAIL PROTECTED] wrote:
Hosts tend to be a faster writeoff cycle than routers in companies I've
worked at, therefore getting the benefit of moores law about 25% faster
than the routers. Turn on firewalling in the host.
If you have a choice
On Tue, Aug 17, 2004 at 02:00:34PM -0400, ren wrote:
Hi folks,
Could someone with the hotel location data for the 17-19 Oct NANOG please
email me? 'Reston, VA' got rejected as not specific enough for the travel
authorization. http://www.nanog.org/ http://www.arin.net/ only list
I've had this discussion a few times with people working at cisco. The
answers I usually get has to do with how well it handles overload, ie what
happens when ports go full.
If you want to be able to do single TCP streams at 5 gigabit/s over your
long-haul 10gig network that is already
Hi all,
We would like to announce a new mailing-list:
[EMAIL PROTECTED]
This list has been created to enable owners and users of DDoS
detection and mitigation devices (*) at ISPs/NSPs to discuss
architecture and deployment, share tips, filtering templates,
experience and operational models, etc.
On Wed, 18 Aug 2004 00:14:48 +0200, Nicolas FISCHBACH said:
and which product(s) [detection and mitigation] you use AND
are willing to discuss/share experience on (no lurkers, no
marketing, no sales, etc) to:
We may ask you to prove that you actually own and operate
such devices.
Hmm... so
On Tue, 17 Aug 2004, Deepak Jain wrote:
Maybe I am wrong here, but what does the router's packet buffers have to
do with a TCP stream? Buffers would add jitter and latency to the pipe.
Have you tried running a single TCP stream over a 10 meg ethernet with a 5
megabit/s policer on the port?
William B. Norton wrote:
First - As for whether the US Transit
market is healthy or unhealthy...
Hmm. For this one topic I think I have the best explanation in the world
(tm): it's unhealthy if you bite the dust, it's healthy if one of your
competitors bites the dust :-)
It certainly
Have you tried running a single TCP stream over a 10 meg ethernet with a 5
megabit/s policer on the port? Do that, figure about what happens and
explain to the rest of the class why this single TCP stream cannot use all
of the 5 megabit/s itself.
That's entirely a different example. If we are
I'm implying that a 7600 with non-OSM doesn't have more than a few ms of
buffers making a single highspeed TCP stream go into saw-tooth performance
mode via it's congestion mechanism being triggered by packet loss instead
of via change in RTT.
Yes, the GSR/juniper with often 500+ ms buffers are
43 matches
Mail list logo