The Internet needs a PA system.
There is this sparsely deployed technology called multicast which would
work for this application.
Note that the original poster did use multicast for his
query. He sent one copy to nanog@merit.edu where his
email was replicated and forwarded to multiple
ICANN's announcement is at:
http://www.icann.org/announcements/announcement-08jun05.htm
See also:
http://icann.org/tlds/dotnet-reassignment/net-rfp-process-summary-08jun05.pdf
And so much for that.
Eric
Hi,
our announcement on nanog a few months ago of experiments involving BGP
updates containing large AS-sets [1] caused a few flames. Now we have an
in-depth document with results on the subject and would like to explain
what we intended to do.
We have presented our techniques at RIPE 50,
Hannigan, Martin wrote:
Yes, but last time you said you were going to use
_other peoples_ ASN's to test with and allow these
announcements beyond your borders.
Is this still the case?
The probing AS (call it Z) announces one of its prefixes to the Internet
with an AS-path that is not just
Thus, to stop its announcement from being propagated by ASes 1, 2, and
3, an AS (say AS12654) might announce one of its prefixes with an
AS-path of 12654 {1,2,3}.
won't that prevent 12654's announcements from being received by, as
opposed to propagated by, 1, 2, and 3?
randy
* Lorenzo Colitti:
So yes, the ASes inserted in the AS-set are operated by others, and yes,
the announcements are sent out to the Internet at large.
This approach is highly questionable. Any responsible ISP should kick
you off the net for announcing AS path containing ASNs without
Randy Bush wrote:
Thus, to stop its announcement from being propagated by ASes 1, 2, and
3, an AS (say AS12654) might announce one of its prefixes with an
AS-path of 12654 {1,2,3}.
won't that prevent 12654's announcements from being received by, as
opposed to propagated by, 1, 2, and 3?
On Thu, 2005-06-09 at 16:59 +0200, Florian Weimer wrote:
* Lorenzo Colitti:
So yes, the ASes inserted in the AS-set are operated by others, and yes,
the announcements are sent out to the Internet at large.
This approach is highly questionable. Any responsible ISP should kick
you off
Jeroen Massar wrote:
And it also makes clear why it didn't pop up in GRH, as when you insert
the GRH ASN 8298 it won't be announced to GRH and thus it doesn't get
detected and as quite a number of people check only there it can go
quite unnoticed in the IPv6 tables...*
Actually, we never
Howdy,
I am not sure if this is the proper place, if not Ive noticed you guys
know what to do so Ill put the fire retardant suit on now. Recently due
to growth we have seen an influx of different and interesting
types of characters ending up on our network. They like to do all sorts of
As it was already noted, you need to
be very careful about how you set your IDS up, specifically if you choose
snort.
Snort is a very powerful tool, when used correctly. Unfortunately,
when used incorrectly, it can hose your network over
completely.
My suggestion, in the case that you'll use
I'm wondering what is the best way to detect people doing these things
on my end. I realize there are methods to protect myself from people
attacking from the outside but I'm not real sure how to pinpoint who is
really being loud on the inside.
One of the best things we did was setup a
In message [EMAIL PROTECTED]
ec.com, [EMAIL PROTECTED] writes:
As it was already noted, you need to be very careful about how you set
your IDS up, specifically if you choose snort.
Snort is a very powerful tool, when used correctly. Unfortunately, when
used incorrectly, it can hose your
On 2005-06-09, at 10:59, Florian Weimer wrote:
* Lorenzo Colitti:
So yes, the ASes inserted in the AS-set are operated by others,
and yes,
the announcements are sent out to the Internet at large.
This approach is highly questionable. Any responsible ISP should kick
you off the net for
We just finished deploying a Snort IDS system
on our network. The task of doing so was well worth the effort, and quite a bit
of effort and resources were needed for our deployment. Due to the fact that we
have a sustained 5Gbps of traffic to monitor in our Tampa data center alone, a
Title: Re: Using snort to detect if your users are doing interesting things?
And when you do set up such an arrangement, depending on the number of rules you turn on, you can generate truly massive volumes of data to be analyzed by ACID or other tools. It is relatively easy to deploy snort for
On 6/9/05 12:08 PM, Steven M. Bellovin [EMAIL PROTECTED] wrote:
Also figure out what you're going to do with the output. Do you have
the resources to investigate apparent misbehavior? Remember that any
IDS will have a certain false positive rate. Even for true positives,
do you have the
My suggestion, in the case that you'll use snort, is to do some extensive
testing on a non-production network. Take the time to learn and
understand its functionality and intended purpose.
Also figure out what you're going to do with the output. Do you have
the resources to investigate
How about project Darknet and sinkholes and monitoring dark ip space,
worms and botnets usually scans blindly right and left, so there is a
good chance you will get a glimpse on infected hosts if thats what you
want, i catch infected hosts by looking at apache access logs and i see
alot of scans,
We've already tackled reputation systems, they were called web site
certificates. You have to submit to a few fairly stringent checks on
who you are, typically provide a DB id which isn't very expensive or
difficult but not all that easily defrauded w/in some reasonable
parameters (it ain't bank
On Thu, 9 Jun 2005, Barry Shein wrote:
We've already tackled reputation systems, they were called web site
certificates. You have to submit to a few fairly stringent checks on
who you are, typically provide a DB id which isn't very expensive or
difficult but not all that easily defrauded w/in
On Thu, 2005-06-09 at 13:54 -0700, william(at)elan.net wrote:
On Thu, 9 Jun 2005, Barry Shein wrote:
When somebody else looks at your activity and makes subjective judgment
(mostly based on multiple reports from users) and then lets this judgment
about your activities be available to
On Wed, Jun 08, 2005 at 07:11:21PM -0400, David Andersen wrote:
On Jun 8, 2005, at 4:46 PM, Jay R. Ashworth wrote:
On Wed, Jun 08, 2005 at 06:30:50PM +, Fergie (Paul Ferguson) wrote:
What's the matter with simply using the mailing list?
Don't reinvent the wheel.
For precisely that
Thus spake Barry Shein [EMAIL PROTECTED]
However, I'll add my voice that I believe reputation systems as an
approach to spam-prevention are neither useful nor sufficient w/o
repeating what others have said.
Agreed.
If my grandmother has a reputation for sending legitimate email, and she
On Thu, 9 Jun 2005, Stephen Sprunk wrote:
If my grandmother has a reputation for sending legitimate email,
and she inadvertently installs some spam zombie software, it is
certainly feasible (and probably trivial) for the spammer to steal
all her credentials and thus her reputation.
On 06/09/05, Stephen Sprunk [EMAIL PROTECTED] wrote:
If my grandmother has a reputation for sending legitimate email, and she
inadvertently installs some spam zombie software, it is certainly feasible
(and probably trivial) for the spammer to steal all her credentials and thus
her
26 matches
Mail list logo