Re: Phishing and BGP Blackholing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 One more thing: If anyone thinks that fast-flux hosting isn't a problem, then you haven't dealt with it. I cannot imagine inject a /32 continuously into a BGP community-set. That just sounds... insane. More: http://www.spamhaus.org/faq/answers.lass

Re: Phishing and BGP Blackholing

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Instead of quoting earlier submissions, let me just add two thoughts to this Bad Idea (tm): (1) Proxy bypasses; and (2) Fast-Flux place-shifters... These are two hard problems, by themselves, although not impossible. Having said that, injecting cand

Re: Phishing and BGP Blackholing

On Tue, 2 Jan 2007, Travis H. wrote: > On Tue, Jan 02, 2007 at 06:20:01PM -0700, Bill Nash wrote: > > The biggest challenge I can see is scrubbing phishing reports that > > aren't.. themselves.. maliciously crafted phishing attacks against a > > registry of such addresses. > > Can you rephrase

Re: Phishing and BGP Blackholing

I have to ask. The 'stock' disclaimer message says 'may'. It also says 'If you are not the intended recipient...' Key words - 'if' and 'may'. Since the post is being made to NANOG, we can assume the NANOG Audience (defined as anyone whos on the list _or_ who can read the web archive; ala; e

Re: Phishing and BGP Blackholing

[EMAIL PROTECTED] wrote: Then there's the whole trust issue - though the Team Cymru guys do an awesome job doing the bogon feed, it's rare that you have to suddenly list a new bogon at 2AM on a weekend. And there's guys that *are* doing a good job at tracking down and getting these sites mitig

Re: Phishing and BGP Blackholing

On Tue, Jan 02, 2007 at 06:20:01PM -0700, Bill Nash wrote: > The biggest challenge I can see is scrubbing phishing reports that > aren't.. themselves.. maliciously crafted phishing attacks against a > registry of such addresses. Can you rephrase that? I want to understand but I'm failing. > Li

Re: Phishing and BGP Blackholing

Le Tue, Jan 02, 2007 at 09:52:26PM -0500, [EMAIL PROTECTED] a écrit : > After you post to NANOG, it's not confidential, no matter what your legal > eagles > pretend. There has been some issue recently on a French similar mailing-list (FRnOG), an CTO of a major ISP said something vague about a tec

Re: Phishing and BGP Blackholing

On Tue, 02 Jan 2007 17:02:02 PST, "Joy, Dylan" said: > I'm curious if anyone can answer whether there has been any traction > made relative to blocking egress traffic (via BGP) on US backbones which > is destined to IP addresses used for fraudulent purposes, such as > phishing sites. > > I'm sure

Re: Phishing and BGP Blackholing

Hi. You have sent a message to the entire list that seems to be some sort of automatically generated product of the Smugotron-2000, intended to annoy a single person but is actually annoying everyone. Your mail user agent detected something you didn't like, and instead of simply deleting it,

Re: Phishing and BGP Blackholing

you have sent a message to me which seems to contain a legal warning on who can read it, or how it may be distributed, or whether it may be archived, etc. i do not accept such email. my mail user agent detected a legal notice when i was opening your mail, and automatically deleted it. so do not

Re: Phishing and BGP Blackholing

The biggest challenge I can see is scrubbing phishing reports that aren't.. themselves.. maliciously crafted phishing attacks against a registry of such addresses. Likewise, since BGP isn't application aware, when you blackhole an address that's both website and mail server, how do you inform

Phishing and BGP Blackholing

Happy New Year all, I'm curious if anyone can answer whether there has been any traction made relative to blocking egress traffic (via BGP) on US backbones which is destined to IP addresses used for fraudulent purposes, such as phishing sites. I'm sure there are several challenges to implement

Re: Regarding NDU.EDU

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Sure. That's what it is: "architectural changes". I heard the Naval War College was doing that, too. :-) http://blogs.abcnews.com/theblotter/2006/12/mystery_hacker_.html - - ferg - -- "Chris L. Morrow" <[EMAIL PROTECTED]> wrote: On Tue, 2 Jan 20

Re: Regarding NDU.EDU

On Tue, 2 Jan 2007, Steven M. Bellovin wrote: > On Tue, 2 Jan 2007 21:48:29 GMT > "Fergie" <[EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > They took their systems offline a few weeks ago: > > http://www.fcw.com/article97160-12-19-06-Web > Right -- something

Re: Regarding NDU.EDU

On Tue, 2 Jan 2007 21:48:29 GMT "Fergie" <[EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > They took their systems offline a few weeks ago: > > http://www.fcw.com/article97160-12-19-06-Web > Right -- something's definitely going on on that part of the world

Re: would you run this little script, please

Le Tue, Jan 02, 2007 at 07:04:58AM -1000, Randy Bush a écrit : Content-Description: message body text > if you have a bsd, linux , or probably cygwin machine, would you > please run the attached script once as a favor to a research > project? I did run it from several place around the world. Pleas

Re: would you run this little script, please

> I am on a NetBSD machine. What did you want from ifconfig? I am > guessing "ifconfig -a". yep. just trying to learn whence the trace originated. this was supposed to be fixed. apologies. also the ! in the mail test is reversed. also was supposed to have been fixed. and heas had a good s

Re: would you run this little script, please

On Tue, 2 Jan 2007 07:04:58 -1000 Randy Bush <[EMAIL PROTECTED]> wrote: > if you have a bsd, linux , or probably cygwin machine, would you > please run the attached script once as a favor to a research > project? I am on a NetBSD machine. What did you want from ifconfig? I am guessing "ifconfig

Re: Regarding NDU.EDU

On Tue, 2 Jan 2007, Chris L. Morrow wrote: > [EMAIL PROTECTED] > > Trying 24.248.20.30... > Connected to ip-24-248-20-30.jfsc.ndu.edu (24.248.20.30). > Escape character is '^]'. > 220 mx1.jfsc.ndu.edu ESMTP (11497e0f29573a89e48fcb5a6c1ccaca) > helo me > 250 mx1.jfsc.ndu.edu > > [ ] > > tr

Re: Regarding NDU.EDU

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 They took their systems offline a few weeks ago: http://www.fcw.com/article97160-12-19-06-Web Cheers, - - ferg - -- Robert Mathews <[EMAIL PROTECTED]> wrote: Ladies & Gentlemen: I thought to post here - that NDU.EDU' (National Defense Univers

Re: Regarding NDU.EDU

On Tue, 2 Jan 2007, Robert Mathews wrote: > > > > Ladies & Gentlemen: > > I thought to post here - that NDU.EDU' (National Defense University') MX > record and A record seems to be missing. This has been going on for > nearly TWO weeks (since before Christmas 2006)! One can reach their WEB >

Regarding NDU.EDU

Ladies & Gentlemen: I thought to post here - that NDU.EDU' (National Defense University') MX record and A record seems to be missing. This has been going on for nearly TWO weeks (since before Christmas 2006)! One can reach their WEB servers.. but, all mail to NDU is presently bouncing. Techn

Re: would you run this little script, please

* Randy Bush: >> I would be glad to run the script but I just want to verify that it >> was you who sent it. > > darned good point, ron. > > yes, it was i. Ah, thanks, I've saved your message and its signature. It could prove useful in the future for some kind of social engineering attack. 8-

Re: Security of National Infrastructure

>> Why is it that every company out there allows connections through their >> firewalls to their web and mail infrastructure from countries that they >> don't even do business in. Shouldn't it be our default to only allow US >> based IP addresses and then allow others as needed? The only case I ca

Re: DNS - connection limit (without any extra hardware)

> What is this group's name? Oh yeah. So that means you have one of > two choices ;-) Smart NANOGers have taken the time to read the NANOG charter here: http://www.nanog.org/charter.html which says... The purpose of NANOG is to provide forums in the North American region for education

Re: would you run this little script, please

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 2 Jan 2007 12:48:29 -0500 Marshall Eubanks <[EMAIL PROTECTED]> wrote: > In the spirit of "trust, but verify," I preferred to read the script. > As did I, when Randy sent it to me earlier for testing... --Steve Bellovin, http

Re: would you run this little script, please

In the spirit of "trust, but verify," I preferred to read the script. Regards Marshall On Jan 2, 2007, at 12:44 PM, Steven M. Bellovin wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 2 Jan 2007 07:16:42 -1000 Randy Bush <[EMAIL PROTECTED]> wrote: -BEGIN PGP SIGNED MESSAGE

Re: would you run this little script, please

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Tue, 2 Jan 2007 07:16:42 -1000 Randy Bush <[EMAIL PROTECTED]> wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > > I would be glad to run the script but I just want to verify that it > > was you who sent it. > > darned good point,

Re: would you run this little script, please

Run successfully on Mac OS X and Fedora Core Regards Marshall On Jan 2, 2007, at 12:04 PM, Randy Bush wrote: if you have a bsd, linux , or probably cygwin machine, would you please run the attached script once as a favor to a research project? it simply does a traceroute to a eight targets i

RE: would you run this little script, please

-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 > I would be glad to run the script but I just want to verify that it was you > who sent it. darned good point, ron. yes, it was i. randy -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.6 (FreeBSD) Comment: Processed by Mailcrypt 3.5.8

would you run this little script, please

if you have a bsd, linux , or probably cygwin machine, would you please run the attached script once as a favor to a research project? it simply does a traceroute to a eight targets in four locations around the net to see if they are reachable from your site, and, if not, where the route dies. th