On Tuesday 21 Feb 2006 06:41, you wrote:
I've seen more than one estimate that most computers *are* infected by at
least one piece of malware/spyware/etc, (including numbers as high as 90%)
I've seen 95% quoted - certainly my experience if you go looking for malware
in recent Windows desktop
Oh geez, here we go again... Search the archives and read
until you're content. It's a non-thread. This horse isn't
only dead, it's not even a grease spot on the road any more.
Are you saying that the problem of spreading worms
and botnets is fading? Where do you get your data on
this?
I
How do you get the unwashed masses of ISPs
to join the choir so you can preach to them?
Why not just bypass them and go direct to the unwashed
masses of end users? Offer them a free windows
infection blocker program that imposes the quarantine
itself locally on the user's machine. This
On Tue 21 Feb 2006 (04:15 +0200), Gadi Evron wrote:
Christopher L. Morrow wrote:
it's also not just a 'i got infected over the net' problem... where is
that sean when you need his nifty stats :) Something about no matter what
you filter grandpa-jones will find a way to click on the nekkid
Simon Waters wrote:
I've seen 95% quoted - certainly my experience if you go looking for malware
in recent Windows desktop machines using IE and Outlook it is pretty much a
certainty you'll find it. Most of these tools I was using didn't detect the
Sony Rootkit, or other malware, so this will
[EMAIL PROTECTED] wrote:
How do you get the unwashed masses of ISPs
to join the choir so you can preach to them?
Why not just bypass them and go direct to the unwashed
masses of end users? Offer them a free windows
infection blocker program that imposes the quarantine
itself locally on the
At 12:26 PM +0100 2/21/06, Jim Segrave wrote:
The philosophical discussion aside (latest one can be found under zotob
port 445 nanog on Google), presenting some new technologies that shows
this *can* be done changes the picture.
http://www.quarantainenet.nl/
From the web site: Only a
Offer them a free windows
infection blocker program that imposes the quarantine
itself locally on the user's machine. This program
would use stealth techniques to hide itself in the
user's machine, just like viruses do.
As the defense is local to the user's machine, the attacker can
How do you differentiate this infection from the ones
they've been preached to to avoid?
The same way that people currently differentiate
bad software from good software before they install
something on their machines.
--Michael Dillon
On 2/21/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Why not just bypass them and go direct to the unwashed
masses of end users? Offer them a free windows
infection blocker program that imposes the quarantine
itself locally on the user's machine. This program
would use stealth techniques
[EMAIL PROTECTED] wrote:
If AV software can protect itself this way, why
would anyone build an infection blocker using
any less protection?
AV software can *try* and protect itself in this and other ways, but
that is OT to NANOG. I don't mind discussing it in private though if
software
When enough
votes have been collected, the registry sends the
shutdown signal to the end user, thus triggering the
blocker program to quarantine the user.
Isn't there a risk of DoS though? What's to prevent someone from
spoofing those signals and shutting down other users?
The
At 7:45 AM -0500 2/21/06, John Curran wrote:
From the web site: Only a selected set of web sites will remain available,
for example Microsoft update and the websites of several anti-virus software
companies. The quarantine server tells users what is going on and how this
problem can be
On Tue, 21 Feb 2006, Gadi Evron wrote:
Hi Simon, this is indeed a Windows problem due to Microsoft being a
mono-culture in our desktop world. Still, there are botnets constructed from
other OS's as well. Also, CC servers are mostly *nix machines.
Does 'mostly *nix' hold true of the
On Tue 21 Feb 2006 (08:45 -0500), John Curran wrote:
At 7:45 AM -0500 2/21/06, John Curran wrote:
From the web site: Only a selected set of web sites will remain available,
for example Microsoft update and the websites of several anti-virus software
companies. The quarantine server
On Tue, 21 Feb 2006, [EMAIL PROTECTED] wrote:
Why not just bypass them and go direct to the unwashed
masses of end users? Offer them a free windows
infection blocker program that imposes the quarantine
itself locally on the user's machine. This program
Offering them free software won't
On 2/21/06, Bill Nash [EMAIL PROTECTED] wrote:
If you're talking about a compulsory software solution, why not, as an
ISP, go back to authenticated activity? Distribute PPPOE clients mated
with common anti-spyware/anti-viral tools. Pull down and update signatures
*every time* the user logs
On Tue, 21 Feb 2006 13:05:35 GMT, [EMAIL PROTECTED] said:
How do you differentiate this infection from the ones
they've been preached to to avoid?
The same way that people currently differentiate
bad software from good software before they install
something on their machines.
If
On Tue, 21 Feb 2006 10:42:20 EST, Jason Frisvold said:
On 2/21/06, Bill Nash [EMAIL PROTECTED] wrote:
If you're talking about a compulsory software solution, why not, as an
ISP, go back to authenticated activity? Distribute PPPOE clients mated
with common anti-spyware/anti-viral tools.
No, just $24/month (or whatever it is now) for the whole service. You
go to a keyword and it does a web based installation widget. It is
free as long as you remain a subscriber.
I'm not familiar with how this works in AOL land.. Does the end-user
need to subscribe to anything other than
On Tuesday 21 February 2006 10:26, Jason Frisvold wrote:
On 2/21/06, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:
Oddly enough, AOL and several other large providers seem to have no
problems advertising some variant on 'free A/V software'.
Key words there.. Large Provider .. I don't think
On Tue, 21 Feb 2006, [EMAIL PROTECTED] wrote:
If you're talking about a compulsory software solution, why not, as an
ISP, go back to authenticated activity? Distribute PPPOE clients mated
with common anti-spyware/anti-viral tools. Pull down and update signatures
*every time* the user logs in,
On Tue, 21 Feb 2006, Jason Frisvold wrote:
On 2/21/06, Bill Nash [EMAIL PROTECTED] wrote:
If you're talking about a compulsory software solution, why not, as an
ISP, go back to authenticated activity? Distribute PPPOE clients mated
with common anti-spyware/anti-viral tools. Pull down and
On 2/21/06, Bill Nash [EMAIL PROTECTED] wrote:
Big deal. You're talking about volume licensing at that point, and
offering vendors an opportunity to compete to get on every desktop in your
customer base. That's a big stick to negotiate with, especially if you're
an Earthlink or AOL.
Agreed.
On Tue, Feb 21, 2006 at 07:17:38AM +0200, Gadi Evron wrote:
[EMAIL PROTECTED] wrote:
On Mon, 2006-02-20 at 23:40:48 +0200, Gadi Evron proclaimed...
[snip]
I'll update on these as I find out more on: http://blogs.securiteam.com
This write-up can be found here:
last week i became unable to send mail to verizon users:
Diagnostic-Code: X-Postfix; host relay.verizon.net[206.46.232.11] said:
550 You are not allowed to send mail:sv18pub.verizon.net
(in reply to MAIL FROM command)
(the above was from me trying to ask [EMAIL
QED: ATT/SBC also does this for their DSL subscribers...
- ferg
-- Larry Smith [EMAIL PROTECTED] wrote:
The problem with discussing AOL and large provider in the same sentence is
that the complete AOL (connection, desktop, tools, etc) function are AOL
controlled (walled garden) so they have
last week i became unable to send mail to verizon users:
Diagnostic-Code: X-Postfix; host relay.verizon.net[206.46.232.11] said:
550 You are not allowed to send mail:sv18pub.verizon.net
(in reply to MAIL FROM command)
(the above was from me trying to ask [EMAIL
i'd hate to think that i've simply sent too many why-are-you-spamming-me
complaints and have been blacklisted.
Now, can someone forward this to Paul? I am pleasantly residening
in his killfile, according to his last response to my email.
are you suggesting that paul might be hoist by his own
- Original Message Follows -
From: [EMAIL PROTECTED]
Oh geez, here we go again... Search the archives and
read until you're content. It's a non-thread. This
horse isn't only dead, it's not even a grease spot on
the road any more.
Are you saying that the problem of spreading
I've also heard a variety of comments about difficulties in getting
Cisco MLPPP working in MPLS environments, mostly in the past year when
our product development people weren't buried in more serious problems
(:--) I've got the vague impression that it was more buggy for N2
than N=2. There are
First, I'm not on the mail team, so I can't help you directly.
Second, your best bet is to attempt contact thru the following web form:
www.verizon.net/whitelist
- Wayne
___
Wayne Gustavus, CCIE #7426
IP
Since PPP doesn't have any way to identify different PVC from physical
circuit,
MLPPP can not be used for sub-interface required field.
For example, if you want to use different VLAN id with dot1q or Frame
Relay DLCI,
you can not use it with MPLS.
Since our customer requires to use multiple
Overall, MLPPP may work fine with MPLS as long as you have single
virtual circuit from each physical circuit.
Such as T1 channel from Channelized DS3...
But you have to use sub-interface (logical interface) other than
sub-channel from channeliezed circuit,
you may have some problem.
If you
I looked at some of these models back in ~2000, but the dotcom boom
ended and I didn't get laid off from my day job, so I didn't go
trolling for venture capitalists, and my employer sold off their cable
companies - since then, the market economics have changed a lot, and
routers have started to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bill Nash wrote:
On Tue, 21 Feb 2006, [EMAIL PROTECTED] wrote:
Why not just bypass them and go direct to the unwashed
masses of end users? Offer them a free windows
infection blocker program that imposes the quarantine
itself locally on the
No, but I have forwaded this to the abuse team I used to work in. Some of
them are also on Z.
Normally this is because the MAIL FROM: failed or rejected sender
verfication.
-Dennis
Second, your best bet is to attempt contact thru the
following web form:
www.verizon.net/whitelist
Good one Wayne! Wasn't that only for all those who were blocked
last Christmas even other than ARIN IP space? ;)
I sent an email to the mail team and CC'd Paul.
Good to see you bud!
-Dennis
On 2/22/06, Dennis Dayman [EMAIL PROTECTED] wrote:
No, but I have forwaded this to the abuse team I used to work in. Some of
them are also on Z.
Normally this is because the MAIL FROM: failed or rejected sender
verfication.
Which probably means Paul is blocking whatever server Verizon is
39 matches
Mail list logo
