On Tue, Dec 21, 2004, Christopher L. Morrow wrote:
> > > problematic in one/all OS's, but by and large extended lifetimes on a
> > > live/hostile network means patches must be applied. Seems like that
> > > doesn't happen by and large.
> >
> > [waiting for an OpenVMS user to speak up]
You won't n
On Mon, 20 Dec 2004, william(at)elan.net wrote:
Try as well:
http://swatit.org/bots/index.html
-Hank
>
>
> Can somebody also share good definition of "BOT" and "BOTNET" for glossary
> and description of 2-4 lines? Should I also list it as synonymous with
> Zombie (bot being more hacker-oriented
On Tue, 21 Dec 2004 07:09:35 + (GMT), Christopher L. Morrow
<[EMAIL PROTECTED]> wrote:
>
> I'm not such a fan of the auto-acting devices, I'd rather have a person
> review the action prior to taking it Each security/network person
> should determine how best to handle that themselves tho
On Tue, 21 Dec 2004, Suresh Ramasubramanian wrote:
> On Tue, 21 Dec 2004 06:22:17 + (GMT), Christopher L. Morrow
> <[EMAIL PROTECTED]> wrote:
> > there are others of course... it's not the OS that matters in the long
> > run, it's the administration of that OS (or so it seems to me, admitted
On Tue, 21 Dec 2004 06:22:17 + (GMT), Christopher L. Morrow
<[EMAIL PROTECTED]> wrote:
> there are others of course... it's not the OS that matters in the long
> run, it's the administration of that OS (or so it seems to me, admittedly
> not a sysadmin though, anymore). Sure, initial/default i
On Sun, 19 Dec 2004, Scott Morris wrote:
>
> So when the majority of people begin using a different operating system, is
> there some reason that the majority of virus-writers or other malcontents
> wouldn't focus on the flaws there?
>
> Or are we stuck in this little bubble thinking that unix R
On Sun, 19 Dec 2004, Matthew S. Hallacy wrote:
>
> On Sat, Dec 18, 2004 at 09:14:30PM -0500, Sean Donelan wrote:
> >
> > I wouldn't rely on software firewalls. At the same store you buy your
> > computer, also buy a hardware firewall. Hopefully soon the motherboard
> > and NIC manufacturers wil
An even more important consideration is whether our current paradigm
of flap dampening actually is the behavior that we want to penalize.
If a single link bounces just once, then thanks to our mesh,
confederations, differing MRAI's etc., we can see many many changes
to the AS path, resulting i
At 09:40 PM 12/20/04 +, Fergie (Paul Ferguson) wrote:
Here's a decent pointer:
http://en.wikipedia.org/wiki/Botnet
- ferg
that is a very good pointer.
"bot": derivative of "robot". An application on an infected computer
used for orchestrated attacks or for distributed generation of spam,
often distributed in or with viruses or other malware. Similar to
"zombie", which is an older usage specific to distributed denial of
service attacks.
I bel
At 02:01 PM 12/20/04 -0800, william(at)elan.net wrote:
Can somebody also share good definition of "BOT" and "BOTNET" for glossary
and description of 2-4 lines? Should I also list it as synonymous with
Zombie (bot being more hacker-oriented use and zombie being more toward
spammer-oriented use)?
william(at)elan.net wrote:
Can somebody also share good definition of "BOT" and "BOTNET" for glossary
and description of 2-4 lines? Should I also list it as synonymous with
Zombie (bot being more hacker-oriented use and zombie being more toward
spammer-oriented use)?
I'd let others define a "bot
Here's a decent pointer:
http://en.wikipedia.org/wiki/Botnet
- ferg
-- "william(at)elan.net" <[EMAIL PROTECTED]> wrote:
Can somebody also share good definition of "BOT" and
"BOTNET" for glossary and description of 2-4 lines?
--
"Fergie", a.k.a. Paul Ferguson
Engineering Architecture for t
Can somebody also share good definition of "BOT" and "BOTNET" for glossary
and description of 2-4 lines? Should I also list it as synonymous with
Zombie (bot being more hacker-oriented use and zombie being more toward
spammer-oriented use)?
On Mon, 20 Dec 2004, Hannigan, Martin wrote:
> I've
They did sue 300 spammers, so it's possible that some of them are still around,
either as individual proprietors or as corporate entities, but they're
only responsible for
their individual spamming totals, not the whole billion.
Most of the billion dollars was in two big awards, and the other numb
> -Original Message-
> From: Gadi Evron [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 20, 2004 3:32 PM
> To: Bill Nash
> Cc: Hannigan, Martin; [EMAIL PROTECTED]
> Subject: Re: Anycast 101
>
>
> > Botnets aren't new. They've been prototyped on various IRC
> networks for
> > years.
Botnets aren't new. They've been prototyped on various IRC networks for
years. It started with hordes of linked eggdrop bots for Death Star
style privmsg/notice flood attacks on single users (1998? 1999?). When
For history's sake, most people name BO and netbus as the "original"
remote control
On Mon, 20 Dec 2004, Hannigan, Martin wrote:
Look at how the discussions surrounding SPAM have evolved. It went
from "damn abusers", to "damn software", to "where's the money coming
from?". The BotNet problem has already evolved to "where's the money".
Botnets are a new phenomenon. [ Gadi!?]
Botnet
Botnets are a new phenomenon. [ Gadi!?]
hehe, I won't take the bait on that one Martin. :)
I suppose that back in the days when it was "new" they weren't really
called "armies", and _hackers_ would actually set up "real" bots on
pwned boxes. Today we see less and less actual eggdrops/energymechs
I've received a number of emails that indicates a lot
of people are in the dark about BotNets.
John Kristoff made an excellent technical presentation
regarding BotNets at NANOG 32 in Reston.
http://www.nanog.org/mtg-0410/pdf/kristoff.pdf
I have an executive level summary I'm willing to share
> -Original Message-
> From: Bill Nash [mailto:[EMAIL PROTECTED]
> Sent: Monday, December 20, 2004 3:33 PM
> To: Hannigan, Martin
> Cc: John Kristoff; [EMAIL PROTECTED]
> Subject: RE: Anycast 101
>
>
> On Mon, 20 Dec 2004, Hannigan, Martin wrote:
> >
> >>> there are some million-bot dro
On Mon, 20 Dec 2004, Gadi Evron wrote:
>
> Hank Nussbacher wrote:
> > http://www.cnn.com/2004/LAW/12/18/spam.lawsuit.ap/index.html
> >
> > What a nice present for the holiday season :-)
> >
> > -Hank
>
> Indeed! If it will hold after the appeal.
> Thing is, the spammers are not there to be fo
On Mon, 20 Dec 2004, Hannigan, Martin wrote:
there are some million-bot drone armies out there. with
enough attackers
I know I haven't seen any 1MM+ zombie armies out there and I'm
looking for them. Why spend all that time getting 1MM bots when you
only need 100K?
Dormant reinforcements. Multiple
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> John Kristoff
> Sent: Monday, December 20, 2004 1:10 PM
> To: [EMAIL PROTECTED]
> Subject: Re: Anycast 101
>
>
>
> On Mon, 20 Dec 2004 17:18:30 +
> Paul Vixie <[EMAIL PROTECTED]> wrote:
>
> > ther
there are some million-bot drone armies out there. with enough attackers
I've heard that claim before, but I've yet to be convinced that those
making it were doing more than speculating. It is not unreasonable to
believe there are millions of bot drones, but that is not the same as
an army unde
> > Anycast is a way to make the service generally available to as
> > many end-systems as want/need the service. So is multi-homing.
> > ... long term, what is important is the view that there is a
> > common namespace, not that there are special servers.
>
> sorry, that's just t
On Mon, 20 Dec 2004 17:18:30 +
Paul Vixie <[EMAIL PROTECTED]> wrote:
> there are some million-bot drone armies out there. with enough attackers
I've heard that claim before, but I've yet to be convinced that those
making it were doing more than speculating. It is not unreasonable to
believ
> Since when bad engineering is bad to the big business?
whenever it makes your service less attractive than your competitors.
> The world is full of examples to the contrary.
yes, but only where there's a monopoly of some kind.
> > ... be vulnerable to congestion based attacks, since a congestion
> > based attack is against OPN's (other people's networks) where even
> > infinite point-source provisioning cannot help you.
>
> well, thats practically true, but not theoretically true.
> the DNS is running just
Paul Vixie wrote:
of course it will work. it just won't be particularly fast. specifically,
it won't allow tcp to discover the actual end-to-end bandwidth*delay product,
and therefore tcp won't set its window size advantageously, and some or all
of the links along the path won't run at capacity.
Hank Nussbacher wrote:
http://www.cnn.com/2004/LAW/12/18/spam.lawsuit.ap/index.html
What a nice present for the holiday season :-)
-Hank
Indeed! If it will hold after the appeal.
Thing is, the spammers are not there to be found for paying, so they
might not exist for appealing. Meaning this might
> > With that thought process, an anycast network is only as it's most
> > beefed up node. As the smaller nodes fail the one left standing will
> > be what prevents the attack, not anycast.
>
> i admit that this appears true on the surface... but if you dig into it
> you'll see that even a root
> > but at that point, the only thing anycast would buy you is ddos
> > resistance and the ability to have more than 13 physical
> > servers... which is all the
>
> Is that true? I'm failing to see how anycast helps expand a network's
> DDoS survivability. At best a dumb attacker would attack t
At 09:14 PM 12/18/04 -0500, Sean Donelan wrote:
I wouldn't rely on software firewalls. At the same store you buy your
computer, also buy a hardware firewall. Hopefully soon the motherboard
and NIC manufacturers will start including built-in hardware firewalls.
I guess my question is: why rely o
> > Apparently you also didn't get any pointers to RFCs or other
> > authoritative sources that say "each and every packet injected into
> > the internet must be delivered in sequence".
>
> er... please quote chapter/verse here.
> these are "packets" and have sequence numbers
>
> >but so far nobody has said "yes, what Iljitsch is describing should
> >work."
>
> Apparently you also didn't get any pointers to RFCs or other
> authoritative sources that say "each and every packet injected into the
> internet must be delivered in sequence".
er... please quote cha
> [Warning: I've never actually deployed an anycast DNS setup so you are
> free to ignore my message.]
i'm not ignoring you because you raised two important issues.
> > 1. There should always be non-anycast alternatives
>
> I believe there is a strong consensus about that. And therefore a
> str
I call “shenanigans” .
--- Larry Smith <[EMAIL PROTECTED]> wrote:
> On Sunday 19 December 2004 16:47, Sean Donelan wrote:
> > The really
> > scary thing is the infection rate of Home/SOHO computers with
> > AV/firewalls is higher than "naked" computers.
This flies in the face of both logic _AN
http://www.cnn.com/2004/LAW/12/18/spam.lawsuit.ap/index.html
What a nice present for the holiday season :-)
-Hank
Jerry,
> >
> > i've been wondering, since most people aren't using a
> >25xx class router for bgp anymore, and the forwarding planes
> >are able to cope more when 'bad things(tm)' happen, what the value
> >of dampening is these days.
> >
> > ie: does dampening cause more problems than it
I don't think PPLB is compatible with anycast esp. in
situation when we consider end-to-end communication
with multiple packets.
As PPLB may derive to out-of-sequence between TCP
pacekets & different DNS server destination of the
same UDP stream, it will broke anycast DNS service in
some situa
Hi,
That's what I want to discuss about. The paper gives a
very detailed explanation on anycast with OSPF_ecmp,
and what I want to know is:
is there anything not included in it but must be
considered carefully when anycast cache server farm is
to be established in MAN ?
Will there be any prob
[Warning: I've never actually deployed an anycast DNS setup so you are
free to ignore my message.]
On Mon, Dec 20, 2004 at 01:28:43PM +0100,
Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote
a message of 109 lines which said:
> 1. There should always be non-anycast alternatives
I believe there
On 18-dec-04, at 22:31, Paul Vixie wrote:
i would be interested in hearing from anybody else who thinks that
turning on pplb in a eyeball-centric isp that has multiple upstream
paths is a reasonable thing to do, even if there were no anycast
services deployed anywhere in the world.
so far, no take
Please,do not compare connections thru PNAT (DSL + Linksys) with dialup.
So, this all is incorrect - DSL providers are (in 90% cases) protected from
the very beginning by hardware (even if they never hear word FIREWALL) -
because of PNAT.
- Original Message -
From: "Suresh Ramasubramani
45 matches
Mail list logo