Re: Confidentiality disclaimers, was: GoDaddy DDoS

On Thu, 1 Dec 2005, Jay Hennigan wrote: On Thu, 1 Dec 2005, Mark Smith wrote: [Dire threats regarding confidentiality, etc. snipped.] On Wed, 30 Nov 2005 16:18:52 -0700 "Sam Crooks" <[EMAIL PROTECTED]> wrote: This confidentiality notice almost DoS'd my MUA ! One would think that those posting

Re: a record?

Enjoy scanning, even I and I guess the rest of this list will be long time retired and sipping pina coladas and other good stuff (hot chocolate milk with whipcream and baileys anyone? :) in hawaii or some other heavenly place the day that the hardware and pipes are available to scan a single /64

Re: .iq [ was: Re: Paul Vixie serving ORSN ]

On Fri, 30 Sep 2005, Eric Brunner-Williams at a VSAT somewhere wrote: For those who care about excesses of zeal, the Elashi brothers (operators as well as sponsor delagees of .iq) of someplace in Texas, were charged with giving money to Hamas or a charity linked to Hamas, and sending a PC to Syr

Re: 209.68.1.140 (209.68.1.0 /24) blocked by bellsouth.net for SMTP

On Tue, 20 Sep 2005, Suresh Ramasubramanian wrote: Blocking is fine - happens. Postmaster and other role accounts not replying at all to email that they're sent is just not a good thing to do. speaking of which: - The following addresses had permanent fatal errors - [EMAIL PROTECT

Re: image stream routers

On Sun, 18 Sep 2005, Lincoln Dale wrote: right. what i'm pointing out is that if Imagestream routers really ARE capable of >OC12 (and perhaps multiple of them) then its unlikely its s/w-based forwarding. doesnt mean they are violating GPL to do it. look at nvidia for example. -Dan

Re: Katrina: directNIC Stays Online - Blog + Images

On Thu, 1 Sep 2005, Todd Vierling wrote: On Thu, 1 Sep 2005, Dan Hollis wrote: There are other reasons too. People have been following NOPD police scanners and posting news that the mainstream media refuse to cover: http://www.freerepublic.com/focus/news/1474267/posts If you're going to

Re: Katrina: directNIC Stays Online - Blog + Images

On Thu, 1 Sep 2005, Simon Waters wrote: I think the issue is not staying at home or work, but rather deciding whetehr or not to follow advice to evacuate an area, where you risk becoming a liability for other rescue and recovery workers. There are other reasons too. People have been following

Re: Cisco crapaganda

On Tue, 9 Aug 2005, J. Oquendo wrote: > Anyhow, sorry for the rants... The article is pseudo-worth the read > if you can filter out marketing and crapaganda. Someone made a video of cisco hard at work fixing router security holes: http://www.makezine.com/blog/archive/2005/08/video_of_ciscoi.html

RE: "Cisco gate" - Payload Versus Vector

On Tue, 2 Aug 2005, Randy Bush wrote: > even without stiffling the heap check via crashing_already (i.e. a > 'fix' is developed for that weakness), is the 30-60 second window > sufficient to do serious operational damage. i.e. what could an > attacker do with a code injection with a mean life as

Re: "Cisco gate" and "Meet the Fed" at Defcon....

On Sun, 31 Jul 2005, Fergie (Paul Ferguson) wrote: > No one ever said the Internet wasn't chock full of contradictions. > One one hand, we have what some are now calling "Cisco gate": > http://news.com.com/Hackers+rally+behind+Cisco+flaw+finder/2100-1002_3-5812044.html Alder then blasted Cisco fo

Re: More info on the Exploit from Black Hat conference

On Sun, 31 Jul 2005, Piotr KUCHARSKI wrote: > > I took pictures of the slides but may have missed one or two. Grab them > > here: http://164.106.251.250/docs/netsec/defcon13/7-27-05.zip Looks like its already gone. ISS/Cisco threat? > PS I took the liberty of mirroring it at 42.pl/lynn/ Let u

Re: Boing Boing: Michael Lynn's controversial Cisco security presentation

On Sat, 30 Jul 2005, Simon Lyall wrote: > On Sat, 30 Jul 2005, Brad Knowles wrote: > > BTW, the original slides are supposed to be at > > . However, > > what's there now is currently a place-holder, although it does tell > > you that if

Re: eWeek: Cisco Comes Clean on Extent of IOS Flaw

On Fri, 29 Jul 2005, Fergie (Paul Ferguson) wrote: > As an aside, I like John Murrell's headline in "Good Morning, > Silicon Valley" best of all -- > "Cisco patches security researcher vulnerability" > http://blogs.siliconvalley.com/gmsv/2005/07/cisco_patches_s.html cisco's firewalls are made of

Re: eWeek: Cisco Comes Clean on Extent of IOS Flaw

On Fri, 29 Jul 2005, Fergie (Paul Ferguson) wrote: > http://www.eweek.com/article2/0,1759,1841669,00.asp Like I said, PR disaster. As more information comes out, the levels of misbehavior on behalf of Cisco and ISS are reaching comical levels. I mean really, someone at ISS filed a _criminal co

Re: Cisco and the tobacco industry

On Fri, 29 Jul 2005, Fergie (Paul Ferguson) wrote: > > Hey, Dan... > > What's that they say abou 800 lb. Gorillas... > > :-) > > - ferg > > -- Daniel Golding <[EMAIL PROTECTED]> wrote: > > Cisco's conduct in this case may or may not be improper - we'll have to wait > for a little more infor

Re: Cisco IOS Exploit Cover Up

On Thu, 28 Jul 2005, Jason Frisvold wrote: > On 7/27/05, Jeff Kell <[EMAIL PROTECTED]> wrote: > > Cisco's response thus far: > > > > http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html > More fuel on the fire... Cisco and ISS are suing Lynn now... > http://news.zdnet.co

RE: Cisco IOS Exploit Cover Up

On Wed, 27 Jul 2005, Fergie (Paul Ferguson) wrote: > For what ot's worth, this story is running in the > popular trade press: > > "Cisco nixes conference session on hacking IOS router code" > http://www.networkworld.com/news/2005/072705-cisco-ios.html This is looking like a complete PR disaster

MCI billing fraud ... again

We're being hit up by MCI's billing fraud again. You'd think after the multiple settlements, the $4 billion accounting fraud and Ebbers' 25 year prison sentence that MCI would have learned something, but apparently not. Anyone have a definitive method of dealing with these clowns? Any contacts

Re: On the-record - another "off-topic" post

On Tue, 3 May 2005, Gadi Evron wrote: > Where are our brand new and shiny moderators? When you respond quoting someone can you please include the quote attribution line so our procmail filters can work properly? most of us have procmail'd dean out, but your response cutting off his name from th

Re: Schneier: ISPs should bear security burden

On Thu, 28 Apr 2005, Iljitsch van Beijnum wrote: > The problem is that the maliciousness of packets or email is largely > in the eye of the beholder. How do you propose ISPs determine which > packets the receiver wants to receive, and which they don't want to > receive? (At Mpps rates, of co

Re: Schneier: ISPs should bear security burden

On Wed, 27 Apr 2005, Owen DeLong wrote: > From that perspective, in my experience, things are better today than they > ever have been. The only thing I've seen in the past 20 years which has made any positive impact on overall internet reliability is BGP dampening. In all other cases its gotten

Re: Internet2

On Wed, 27 Apr 2005, Randy Bush wrote: > to source is still the big gap. imiho, from the ops perspective, > only sally's ecn has made any useful approach. sadly, we may be > able to judge the actual demand for e2e qos by ecn's very slow > deployment. i think this is unfortunate, as ecn is prett

Re: Schneier: ISPs should bear security burden

On Wed, 27 Apr 2005, Owen DeLong wrote: > Strangely, for all the FUD in the above paragraph, I'm just not buying it. > The internet, as near as I can tell, is functioning today at least as well > as it ever has in my 20+ years of experience working with it. You must not have used it much in those

Re: New IANA IPv4 allocation to AfriNIC (41/8)

On Wed, 13 Apr 2005, Randy Bush wrote: > > The largest part (>90%) does originate in Nigeria. The remainder comes > > from countries adjacent to Nigeria such as Togo, Senegal, etc (~6%) or > > from the Netherlands (~4%) > would love to see the cite for this, please > randy I have a collected arc

Re: SORBS Identity theft alert

On Mon, 11 Apr 2005, Bill Nash wrote: > On Sun, 10 Apr 2005, Randy Bush wrote: > >> SORBS lists Dean. I suspect this makes him angry. > > who's dean? > > the problem with feeding trolls is that they puke it up on > > the carpet. > Negative reinforcement is better than procmail. The problem

Re: potpourri (Re: Clearwire May Block VoIP Competitors )

On Fri, 1 Apr 2005, Randy Bush wrote: > > (speaking of amazon, i found that usb headsets are down to ~$34.94 > > now. yay!) > if you mean the logitech 980130-0403, $32 at newegg > why is usb better than the headset/mic jacks? because integrated or pci audio are often plagued by internal electrica

RE: Utah governor signs Net-porn bill

On Tue, 22 Mar 2005, Kathryn Kessey wrote: > ...this bill... requires the attorney general to establish and maintain a > database, called the adult content registry, of certain Internet sites > containing material harmful to minors... > ...$100,000 from the General Fund to the attorney general,

Re: sorbs.net

On Tue, 15 Mar 2005, Micah McNelly wrote: > Do you really think opinion has a place in mail delivery? Yes. My mailbox. My computer. My private property. My rules. > What if the USPS decided any magazine you subscribed to was > suddenly unfit for delivery and decided it should blocked (thrown aw

Re: Fire Code/UFC Regs?

On Sun, 13 Mar 2005, Mark Radabaugh wrote: > > Perhaps someone who knows EE can enlighten me? > OK - my considered opinion as a BSEE is: > It's a pile of BS designed to sell PDU's. > "but do not efficiently distribute the power, meaning that some > equipment may be deprived of the necessary amper

Re: ChinaNet Contacts

On Thu, 17 Feb 2005, Gadi Evron wrote: > It would still be my guess there are more black hats in the US. yahoo and hotmail come close, but it will take some real balls to top chinanet's official blackhat lying autoresponder: "In your SPAM eMail,I can't find the IP or the IP is not by my contro

RE: ChinaNet Contacts

On Thu, 17 Feb 2005, Hannigan, Martin wrote: > I wouldn't go as far as label it systemic. Both Chinese and > Korean organizations are participating in some of the behind > the scenes security/mitigation activities going on and have been > helpful. Not all. Some. Remember that chinanet was the on

Re: ChinaNet Contacts

On Thu, 17 Feb 2005, Jon R. Kibler wrote: > I know that this is a REALLY sore point, but has anyone ever > established any good working relations with anyone in CHINANET or other > China-based ISPs? >From what I understand the answer is no. People I know who have attended asia-pacific regiona

Re: broke Inktomi floods?

On Thu, 20 Jan 2005, Suresh Ramasubramanian wrote: > On Thu, 20 Jan 2005 14:30:04 +0200, Gadi Evron <[EMAIL PROTECTED]> wrote: > > Inktomi (now Yahoo!) sends it's spiders all over the Internet. Lately > > some of our systems are reporting that they open many HTTP connections > > to our web sites,

Re: panix hijack press

On Wed, 19 Jan 2005, Darrell Greenwood wrote: > customers' domains. Panix.com says its domain name was locked, and > that despite this, it was still transferred. ® I seem to recall someone saying it wasnt locked, now theyre saying it was? -Dan

Re: Smallest Transit MTU

On Thu, 30 Dec 2004, Florian Weimer wrote: > * Dan Hollis: > > Because tcp connection endpoints have to implement ECN in order to manage > > the flow. > Your wording suggests that ECN is purely an end-to-end signaling > protocol it does? where? > (and so does a lot of

Re: Smallest Transit MTU

On Wed, 29 Dec 2004, Florian Weimer wrote: > * Dan Hollis: > > On Wed, 29 Dec 2004, Jerry Pasker wrote: > >> Is there an RFC that clearly states: "The internet needs to transit > >> 1500 byte packets without fragmentation."?? > > Actually the bigger pro

Re: Smallest Transit MTU

On Wed, 29 Dec 2004, Jerry Pasker wrote: > Is there an RFC that clearly states: "The internet needs to transit > 1500 byte packets without fragmentation."?? Actually the bigger problem imo is the number of sites which block ECN http://urchin.earth.li/ecn/ Even worse are the networks which incor

Re: Sanity worm defaces websites using php bug

On Tue, 21 Dec 2004, Fergie (Paul Ferguson) wrote: > These people don't waste much time when a new exploit > found, do they? Geez. > http://isc.sans.org/diary.php?date=2004-12-21 Its exploiting a bug in old versions of phpbb, it's not using the recent php exploit. -Dan

ddos?

Anyone aware of ddos affecting savvis, level3, or qwest at the moment? -Dan

Re: Unflattering comments about ISPs and DDOS

On Mon, 6 Dec 2004, Rich Kulawiec wrote: > "Based on my conversations last week, Comcast's network engineers > would like to be more aggressive. But the marketing department > shot down a ban on port 25 because of its circa $58 million price > tag--so high partially because

Re: [OT] Re: Banned on NANOG

On Sat, 4 Dec 2004, Richard Irving wrote: > It seems controversial subjects may trigger > suppres^suspension of speech. :P > > Dissing Bush backed agendas appear to be one of the triggers. > (See current Doonesbury, this is not a limited trend, BTW ;) Indeed, my last "ban" was from a pe

Re: yahoo abuse contact please

On Tue, 12 Oct 2004, Gadi Evron wrote: > Give the guy a break, finding an abuse contact for Yahoo! is easy, > however, I doubt there are many sites that are as oblivious towards > abuse of its services and abuse reports as Yahoo! > Yahoo! seems to have made a choice to go with functionality, per

Re: BCP38 making it work, solving problems

On Mon, 11 Oct 2004, Fergie (Paul Ferguson) wrote: > I wrote it, I stand beside it. I'm sick of hearing why people > haven't implemented it yet -- it's almost five years later > and there's simply no excuse. It's sickening. it's cheaper to ignore bcp38 than to implement it. operators are reactiv

Re: APNIC Privacy of customer assignment records - implementation update

On Thu, 23 Sep 2004, Patrick W Gilmore wrote: > But that will also depend on how APNIC responds to problems. If > Network X has a customer who is a problem, and we can't find out > customer's name / e-mail / whatever, then Network X better be > responsive. If not, then APNIC better be respons

Re: Verisign vs. ICANN

eth. > On Fri, Sep 10, 2004 at 12:46:07AM -0700, Dan Hollis wrote: > > So the attorney creates an IP holding company to which the patent is > > assigned, and the company offers to license the patent to Verisign. > > When Verisign refuses, they get sued for lost revenue. >

Re: Verisign vs. ICANN

On Fri, 10 Sep 2004, Joe Rhett wrote: > On Thu, Sep 09, 2004 at 04:01:46PM -0700, Dan Hollis wrote: > > If the patent is strong enough, wouldnt some patent attorney be willing to > > defend it on a contingency basis? > > With the potential $$ in a patent violation judgemen

Re: Verisign vs. ICANN

On Fri, 10 Sep 2004, Matthew Sullivan wrote: > Dan Hollis wrote: > >On Mon, 16 Aug 2004, Andre Oppermann wrote: > >>PS: I will patent it myself to prevent Versign from doing this. > >Wouldnt it be beautiful if a bunch of people patented the hell out of > >various w

Re: Senator Diane Feinstein Wants to know about the Benefits of P2P

On Mon, 30 Aug 2004, james edwards wrote: > > Not true. For those of us who host Akamai servers, we could download SP2 > > with no problems. We did not need P2P, or MSDN. In fact, I would be very > > reluctant to trust a Windows update downloaded via P2P. > Have you heard of MD5 sum ? yep md5

Re: Senator Diane Feinstein Wants to know about the Benefits of P2P

On Mon, 30 Aug 2004, Petri Helenius wrote: > Byron L. Hicks wrote: > >Not true. For those of us who host Akamai servers, we could download SP2 > >with no problems. We did not need P2P, or MSDN. In fact, I would be very > >reluctant to trust a Windows update downloaded via P2P. > How is the p2p

Re: Verisign vs. ICANN

On Mon, 16 Aug 2004, Andre Oppermann wrote: > PS: I will patent it myself to prevent Versign from doing this. Wouldnt it be beautiful if a bunch of people patented the hell out of various ways to exploit dns wildcarding, thus preventing verisign from doing anything useful with it at all... -Da

Re: low-latency bandwidth for cheap?

On Fri, 6 Aug 2004, Arnold Nipper wrote: > On 06.08.2004 15:10 Sam Stickland wrote: > > I hear a lot of ISPs in the states are turning on interleaving by default > > these days, while in the UK I've never actually encountered it. Some ADSL > > modems have an option to disable it also. > Here in

Re: Reporting the state of an apparatus to a remote computer patented

On Wed, 4 Aug 2004, Scott Whyte wrote: > http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1=6,757,714.WKU.&OS=PN/6,757,714&RS=PN/6,757,714 Would avoiding use of XML be enough to circumvent this? -Dan

Re: sms messaging without a net?

On Tue, 3 Aug 2004, Stephen J. Wilcox wrote: > One thing to watch.. these can be temperamental and liable to be disconnected > without warning (or perhaps thats just here in the uk!) This is exactly what happened with AT&T. They shutdown their TAP gateway without warning, much to the surpise of

sms messaging without a net?

Does anyone know of a way to send SMS messages without an internet connection? Having a network monitoring system send sms pages via email very quickly runs into chicken-egg scenario. How do you email a page to let the admins know their net has gone down. :-P AT&T shut down their TAP dialup l

Re: Spyware becomes increasingly malicious

On Mon, 12 Jul 2004, Richard A Steenbergen wrote: > http://www.webhelper4u.com/CWS/cwsoriginial.html > These folks? Looks like it's all Cogent. Surely someone has contacted > Cogent about this? I'm sure someone has. The real question should be, does cogent care? http://www.spamhaus.org/sbl/lis

Re: (UPDATE) Can a Customer take their IP's with them? (Court says yes!)

On Wed, 30 Jun 2004, Sabri Berisha wrote: > And then I'm not even taking into account the fact that the UCI/Pegasus > is a well-known spammer (http://www.spews.org/html/S2649.html). I imagine NAC is pretty tired of being RBL'd. Can't blame them for being eager to rid themselves of this pest. Th

Re: BGP list of phishing sites?

On Tue, 29 Jun 2004 [EMAIL PROTECTED] wrote: > If they are notified that they are an > accessory to a crime and do not take any > action, then doesn't this make the provider > liable to criminal charges? You would think it would. But who bothers to prosecute? No one. > Did you really inform the

RE: Can a customer take IP's with them?

On Tue, 29 Jun 2004, Michel Py wrote: > > william(at)elan.net > > I've suspicions this maybe Pegasus Web Technologies (AS25653), > Good catch William! This pegasus? http://www.spews.org/html/S2649.html -Dan

Re: BGP list of phishing sites?

On Mon, 28 Jun 2004, Patrick W Gilmore wrote: > Unfortunately, I worry that this cure is worse than the disease. > Filtering IP addresses are not the right way to attack these sites - > the move too quickly and there is too much danger of collateral damage. I think part of the point of this bl

Re: Math 011 (Re: "Default" Points on your Internet "Re: Re: Re:")

On Tue, 15 Jun 2004, Edward B. Dreger wrote: > (You'd not believe how many network admins were on vacation...) Some tier1's have entire staffs permanently on vacation -Dan

RE: IT security people sleep well

On Mon, 7 Jun 2004, Michel Py wrote: > > Henning Brauer wrote: > > not seeing the problem with cleartext telnet for remote > > logins in 2004, wether ACL'd or not, is just ... oh man, > > I don't have words for this. > I have: I encourage my competitors to do it. Now you see the motivation behind

Re: Barracuda Networks Spam Firewall

On Thu, 20 May 2004, Stephen J. Wilcox wrote: > On Wed, 19 May 2004, Richard Cox wrote: > > While this is verging off our remit here, I would clarify the point > > originally made, which is that if a URL - that is, a URL cited in the > > body of a message - points to an IP physically located in Ch

Re: Barracuda Networks Spam Firewall

On Wed, 19 May 2004, James Couzens wrote: > On Tue, 2004-05-18 at 21:49, Eric A. Hall wrote: > > There's one rule that will wipe out ~90% of spam, but nobody seems to have > > written it yet. > > if URL IP addr is in China then score=100 > I beg to differ Eric A. Hall. No Eric is quite correc

Re: Winstar says there is no TCP/BGP vulnerability

Is there any way to move BGP completely out-of-band? I know multihop may be out of the question but maybe someone should write up a proposal for PTP links. :-) -Dan

Re: Ad blocking with squid

On Wed, 21 Apr 2004 [EMAIL PROTECTED] wrote: > On Mon, Apr 19, 2004 at 04:33:49PM -0400, Paul Khavkine wrote: > > Anyone doing ad blocking with Squid cache engine out there ? > This is what I've been using with Squid: > http://adzapper.sourceforge.net/ Adzapper works very well, and is highly

Re: Winstar says there is no TCP/BGP vulnerability

On Tue, 20 Apr 2004, Rodney Joffe wrote: > The only network engineer who may NOT have been aware of the building > BGP vulnerability issue over the last week has to be the engineer who is > currently on his annual vacation in Mauritius, and who refuses to take > his Blackberry, Palm, or Satellite

Re: Ordering Windows Security Update CD (was Re: Microsoft XP SP2)

On Tue, 20 Apr 2004, Sean Donelan wrote: > I do not know if Microsoft plans to refresh the CD, or make it available > through other channels. Bittorrent? :-) Does anyone have a BT iso of these CDs btw? I cant imagine microsoft objecting to its distribution... -Dan

Re: TCP RST attack (the cause of all that MD5-o-rama)

On Tue, 20 Apr 2004, Crist Clark wrote: > But it has limited effectiveness for multi-hop sessions. There is the > appeal of a solution that does not depend of the physical layout of the > BGP peers. Does MD5 open the door to cpu DOS attacks on routers though? Eg can someone craft a DOS attack to

Re: TCP RST attack (the cause of all that MD5-o-rama)

On Tue, 20 Apr 2004, Mike Tancsa wrote: > http://www.uniras.gov.uk/vuls/2004/236929/index.htm A huge round of applause for everyone not doing RPF and egress filtering where it is trivial to do so. You make everyones job that little bit harder. You know who you are. -Dan

Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)

On Mon, 19 Apr 2004, Jeff Shultz, WIllamette Valley Internet wrote: > ** Reply to message from Drew Weaver <[EMAIL PROTECTED]> on Mon, > 19 Apr 2004 13:42:53 -0400 > > However, awhile ago we tried an idea of sending out E-Mail alerts to > > our customers whenever a critical update of "Remote e

Re: Automated Copyright Notice System

On Mon, 19 Apr 2004, Sean Donelan wrote: > Someone coming up with tools to solve Paul's problems. Anyone can send an > XML formated notice to an ISP, and the user's Internet access is > automatically restricted. Spoofing? I can't wait for the first viruses to start flooding bogus acns messages

Re: google.

On Fri, 16 Apr 2004, Micah McNelly wrote: > is anyone having google reachability issues? We noticed for a while today that google was unreachable by any path except sprint. Seems ok now though. -Dan

Re: Abuse mail boxese (was Re: Lazy network operators)

On Mon, 12 Apr 2004, Richard Cox wrote: > Nothing even close to that can be said of NTL. Unfortunately. NTL put their head in the sand in the hopes their spam problem will go away. Unfortunately for NTL what will end up happening is NTL mail will go away, into global RBLs and thousands of priv

Re: Packet anonymity is the problem?

On Sat, 10 Apr 2004, Todd Vierling wrote: > Of course, the still high number of bogon routes illustrate that very few > folks (if any) really care. Worse; the registries make it trivial to steal registrations and assignments, but nigh impossible to get them back to the rightful owners. -Dan

Re: Lazy network operators

On Sat, 10 Apr 2004, Sean Donelan wrote: > Should anonymous use of the Internet be eliminated so all forms > of abuse can be tracked and dealt with? As long as there are tier1's who allow abuse as long as the checks dont bounce, this will have zero effect. exodus for example had a hands off pol

Re: Anti-Spam Router -- opinions?

On Tue, 6 Apr 2004, Petri Helenius wrote: > Dan Hollis wrote: > >On Tue, 6 Apr 2004 [EMAIL PROTECTED] wrote: > >>If you rate-limit 2 million compromised machines to 20 msgs/day each, > >>there's only 400 million spams. Total. > >this implies netwo

Re: Anti-Spam Router -- opinions?

On Tue, 6 Apr 2004 [EMAIL PROTECTED] wrote: > If you rate-limit 2 million compromised machines to 20 msgs/day each, > there's only 400 million spams. Total. this implies network operators will suddenly find a clue, something which will never happen. ever. (well, they sometimes suddenly find c

Re: Anti-Spam Router -- opinions?

On 5 Apr 2004, Paul Vixie wrote: > that's why greylisting has been so effective -- to combat it the > spammers would have to add the one thing they cannot afford: "state." > see http://www.rhyolite.com/dcc/ for how to get started. why is 'state' so hard to afford? they already have a list of e

clueful yahoo abuse contact?

Does anyone have a clueful abuse admin contact at yahoo.com? I have already tried the 'usual methods'. Eg picking up a phone and calling every publically available number for yahoo I can find, and emailing [EMAIL PROTECTED] etc. Attempts via phone result in being blown off, that unless we are

Re: Compromised Hosts?

On Sun, 21 Mar 2004, Deepak Jain wrote: > Would any broadband providers that received automated, detailed > (time/date stamp, IP information) with hosts that are being used to > attack (say as part of a DDOS attack) actually do anything about it? Most of them dont even do anything when yo

Re: Spamhaus Exposed

On Wed, 17 Mar 2004, Steve Linford wrote: > From Deep Throat, received 17/3/04, 21:10 + (GMT): > > Disturbing information on one of the founders of Spamhaus.org > > http://www.geocities.com/jackjack9872004/ > Not just a load of BS, but posted to NANOG anonymously, through a > hijacked mach

Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)

On Sun, 7 Mar 2004, Sean Donelan wrote: > This confirms my statement. You save nothing by deploying SAV on your > network. This isnt the point. The point is, why should others suffer the burden of your clients spewing bogon/spoofed/nonsense garbage at them? The effect is cumulative. If everyone

Re: Source address validation (was Re: UUNet Offer New Protection

On 7 Mar 2004, Paul Vixie wrote: > [EMAIL PROTECTED] (Sean Donelan) writes: > > > Try saying that after running a major DDoS target, with "HIT ME" your > > > forehead. No offense Sean but I'd like you to back your claim up with > > > some impirical data first. > > Has the number of DDOS attacks i

Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)

On Sun, 7 Mar 2004, Paul Vixie wrote: > don't be lulled into some kind of false sense of security by the fact > that YOU are not seeing spoofed packets TODAY. let's close the doors we > CAN close, and give attackers fewer options. sadly the prevailing thought seems to be 'we cant block every exp

Re: UUNet Offer New Protection Against DDoS

On Fri, 5 Mar 2004, Christopher L. Morrow wrote: > the packets as possible. Nebulous filtering and dropping of miniscule > amounts of traffic in the core of a large network is just a waste of > effort and false panacea. uunet does operate lots of dialup RAS though correct? any reason why urpf is

dealing with w32/bagle

I am curious how network operators are dealing with the latest w32/bagle variants which seem particularly evil. Also, does anyone have tools for regexp and purging these mails from unix mailbox (not maildir) mailspool files? Eg purging these mails after the fact if they were delivered to user'

Re: [IP] VeriSign prepares to relaunch "Site Finder" -- calls

On Tue, 24 Feb 2004, Paul Vixie wrote: > > Unlaterally forcing it upon everyone and breaking non www based apps is > > the wrong way to do it. > if you have well founded views on this topic and you have not yet shared > them with ICANN's SSAC, please do so. see . There

Re: [IP] VeriSign prepares to relaunch "Site Finder" -- calls

On Tue, 24 Feb 2004, Jason Nealis wrote: > It's a module plug-in into bind and if you prefer to try and do this in a > opt-in basis they have a client program that you download and it gets hooked > into the users browser. This is the right way to do it, end user opt in, and browser only. Unlater

Re: Any way to P-T-P Distribute the RBL lists?

On Thu, 25 Sep 2003, Jay Kline wrote: > How about publishing a list of servers, but use the PGP web of trust model to > allow updating of each other? That way there is no centralized source. If a > group of admins dont like the updates coming from a server, dont trust it any > longer. If you mak

Re: Any way to P-T-P Distribute the RBL lists?

On Thu, 25 Sep 2003, Eric A. Hall wrote: > on 9/25/2003 2:44 PM Aaron Dewell wrote: > > So why couldn't you follow this plan without the VPN and anycast? > Multiple anycast channels would make distributed attacks ineffective, > since each source would be attacking its closest target. script kiddi

Re: williams spamhaus blacklist

On Wed, 24 Sep 2003, Andy Walden wrote: > On Wed, 24 Sep 2003, Leo Bicknell wrote: > > Osama and his followers told us for years they didn't like what we > > were doing, and then escalated by flying a plane into a building > > to "get our attention". That must have been ok by the same logic. > Go

RE: Another DNS blacklist is taken down

On Wed, 24 Sep 2003 [EMAIL PROTECTED] wrote: > Perhaps, but it also seems like moving an RBL onto a P2P network would > making poisoning the RBL far too easy... nope. updates will be crypto signed, thus poisoned updates will be dropped instantaneously.

Re: monkeys.dom UPL being DDOSed to death

On Tue, 23 Sep 2003, John Payne wrote: > --On Tuesday, September 23, 2003 6:11 PM -0400 Kai Schlichting > <[EMAIL PROTECTED]> wrote: > > - BGP anycast, ideally suited for such forwarding proxies. > > Anyone here feeling very adapt with BGP anycast (I don't) for > > the purpose of running such

Re: monkeys.dom UPL being DDOSed to death

On Wed, 24 Sep 2003, Petri Helenius wrote: > Dan Hollis wrote: > >china seems hellbent on becoming a LAN. i see the same thing eventually > >happening to networks which refuse to deal with their ddos sources. > This invites the question if the hijacked PC or the hijacker in the

Re: monkeys.dom UPL being DDOSed to death

On Tue, 23 Sep 2003, Joe Abley wrote: > If transit was uniformly denied to every operator who was not equipped > to deal with DDoS tracking in a timely manner, I think 90% of the > Internet would disappear immediately. it gets worse. there are operators who *are* equipped, but refuse to deal n

Re: monkeys.dom UPL being DDOSed to death

On Tue, 23 Sep 2003, Joe St Sauver wrote: > There are absolutely *no* consequences to their security inactivity, and > because of that, none of us should be surprised that the problem is > becoming a worsening one. china seems hellbent on becoming a LAN. i see the same thing eventually happenin

Re: monkeys.dom UPL being DDOSed to death

On Tue, 23 Sep 2003, Raymond Dijkxhoorn wrote: > After Osirusoft was shut down most likely Infinite-Monkeys are doing down > also ?? Anyone SERIOUSLY interested in designing a new PTP RBL system 100% immune to DDOS, please drop me a line. By seriously, i mean those who actually want to solve

Re: Verisign Responds

On Tue, 23 Sep 2003 [EMAIL PROTECTED] wrote: > > On Tue, 23 Sep 2003 [EMAIL PROTECTED] wrote: > > > > On Mon, 22 Sep 2003, Dave Stewart wrote: > > > > > Courts are likely to support the position that Verisign has control of .net > > > > > and .com and can do pretty much anything they want with it

Re: Verisign Responds

On Tue, 23 Sep 2003 [EMAIL PROTECTED] wrote: > > On Mon, 22 Sep 2003, Dave Stewart wrote: > > > Courts are likely to support the position that Verisign has control of .net > > > and .com and can do pretty much anything they want with it. > > ISC has made root-delegation-only the default behaviour

Re: Verisign Responds

On Mon, 22 Sep 2003, Dave Stewart wrote: > Courts are likely to support the position that Verisign has control of .net > and .com and can do pretty much anything they want with it. ISC has made root-delegation-only the default behaviour in the new bind, how about drafting up an RFC making it an

  1   2   3   >