On 10/25/07, Paul Vixie <[EMAIL PROTECTED]> wrote:
> an economic crisis. Of course, Roberts has an agenda. He's now CEO of Anagran
> Inc., which makes a technology called flow-based routing that, Roberts claims,
> will solve all of the world's routing problems in one go."
Anyone have any experien
On 9/6/07, Rick Kunkel <[EMAIL PROTECTED]> wrote:
> Hello folks,
>
> It seems especially prevalent when MANY things are sent at once; if, for
> example, a central piece fails, and dependent pieces suddenly fail as
> well.
I'd probably recommend implementing some sort of parent/child system
to red
On 5/20/07, Roger Marquis <[EMAIL PROTECTED]> wrote:
Most of the individual nameservers do not answer queries, the ones
that do are open to recursion, and all are hosted in cable/dsl/dial-up
address space with correspondingly rfc-illegal reverse zones. Running
'host -at ns' a few times shows th
On 5/11/07, Todd Glassey <[EMAIL PROTECTED]> wrote:
Gee Steven, that's what everyone thought prior to a Federal Judge ordering
Microsoft to produce seven years of Email...
I believe that was because they knew MS *had* that email. Of course,
any missing email can probably be tossed together p
On 5/11/07, Brandon Galbraith <[EMAIL PROTECTED]> wrote:
My understanding was data you had needed to be turned over when requested,
but CALEA provides no specification/guidance on log retention.
Agreed. My understanding, to date, is that the data to be turned over
is data collected from the b
On 5/10/07, Jack Bates <[EMAIL PROTECTED]> wrote:
I think what he meant was "My DSL has been broke for 3 months now, and I haven't
not be able to use it. You can't charge me for something which wasn't working!"
Question #1 - Did you bother to call our technical support hotline?
No? Well then
On 5/10/07, Patrick Muldoon <[EMAIL PROTECTED]> wrote:
We've been under the impression that is *all* data. So for us,
things like PPPoE Sessions, just putting a tap/span port upstream of
the aggregation router will not work as you would miss any traffic
going from USER A <-> USER B, if they whe
On 5/10/07, Jared Mauch <[EMAIL PROTECTED]> wrote:
If you're not offering VoIP services, your life may be easier as
you will only need to intercept the data. Depending on your environment
you could do this with something like port-mirroring, or something
more advanced. There are a numb
Greetings,
I'm working on a system to alert when a bandwidth augmentation is
needed. I've looked at using both true averages and 95th percentile
calculations. I'm wondering what everyone else uses for this purpose?
We're talking about anything from a T1 to an OC-12 here. My guess is
that the
On 3/2/07, Roland Dobbins <[EMAIL PROTECTED]> wrote:
No one has done the digging required to answer any of these
questions, unfortunately.
Can you get a valid answer to this based on the existence of BCP38?
What I mean is, if your upstream is filtering bogons, you can't get a
good read on the
On 1/16/07, Simon Waters <[EMAIL PROTECTED]> wrote:
This is the same issue as the email spam issue. Identify by source, or
content. Just as content filters are error prone with email spam, they will
be error prone with other types of content.
Agreed, but the average end-user has not been subje
On 1/14/07, Gadi Evron <[EMAIL PROTECTED]> wrote:
Your assumption is incorrect. These DNSBLs cover spam sent in email,
indeed. Thing is, spam is spam and spammers are spammers. Meaning, they
spam in every way they can.
How does this make his assumption incorrect? Spam is spam and DNSBLs
will
On 2/23/06, Andy Davidson <[EMAIL PROTECTED]> wrote:
> And they don't care ! How is someone else telling them that they
> need a virus checker going to change anything ?
It's not. That's why services such as AOL integrate it with the
system.. Granted, the user has to initially accept it, but i
On 2/21/06, Bill Nash <[EMAIL PROTECTED]> wrote:
> Big deal. You're talking about volume licensing at that point, and
> offering vendors an opportunity to compete to get on every desktop in your
> customer base. That's a big stick to negotiate with, especially if you're
> an Earthlink or AOL.
Agr
On 2/21/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Oddly enough, AOL and several other large providers seem to have no problems
> advertising some variant on 'free A/V software'.
Key words there.. "Large Provider" .. I don't think A/V companies
have any interest whatsoever in smaller pro
On 2/21/06, Bill Nash <[EMAIL PROTECTED]> wrote:
> If you're talking about a compulsory software solution, why not, as an
> ISP, go back to authenticated activity? Distribute PPPOE clients mated
> with common anti-spyware/anti-viral tools. Pull down and update signatures
> *every time* the user lo
On 2/21/06, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> Why not just bypass them and go direct to the unwashed
> masses of end users? Offer them a free windows
> infection blocker program that imposes the quarantine
> itself locally on the user's machine. This program
> would use stealth techni
On 2/20/06, Edward W. Ray <[EMAIL PROTECTED]> wrote:
> ISPs should not police users, just like auto manufacturers should not police
> drivers. That is what driver's licenses are for.
So the state polices the drivers.. Should the state police the
internet as well? And how would that be implemen
On 2/17/06, Hyunseog Ryu <[EMAIL PROTECTED]> wrote:
> Maybe next monday I can ask for detailed info, but I wasn't on the
> meeting to discuss this in detail.
> Based on outcome of discussion with Cisco, we decided to go with MLFR
> instead of MLPPP.
Any idea if this issue is just another unfixed
On 2/6/06, Rich Sena <[EMAIL PROTECTED]> wrote:
> I'm trying to cut a few financial corners in our remote site budgets. I
*insert network crash noises here*
> have sites that are homed back to the main campus offices via ATM and
> other leased lines. These sites also currently have dedicated I
On 1/31/06, Brian Johnson <[EMAIL PROTECTED]> wrote:
>
> I've got a great idea for a new cheeseburger and want someone to
> give me a contact at McDonalds. I am too lazy to find one myself,
> and don't care about wasting any of your time.
>
> Please reply off-list.
Sorry, that idea has already
On 1/26/06, Barry Shein <[EMAIL PROTECTED]> wrote:
> What I presume is a zombie army sending out gazillions of emails to
> thousands of hosts out there (not ours) with a randomly generated
> (usually) return/source address @ our domain(s). The target addresses
> are usually also unknown so it just
On 12/27/05, Owen DeLong <[EMAIL PROTECTED]> wrote:
> Look at it another way... If the software is open source, then, there
> is no requirement for the author to maintain it as any end user has
> all the tools necessary to develop and deploy a fix. In the case of
> closed software, liability may
On 12/27/05, JC Dill <[EMAIL PROTECTED]> wrote:
> I am not a lawyer, but I believe there is a significant difference in
> the liability that ensues from knowingly selling a defective product,
> and from giving something away for free. Matt gave away FormMail for
> free. When Matt wrote FormMail
On 12/27/05, Marshall Eubanks <[EMAIL PROTECTED]> wrote:
> There was a lot of discussion about this in the music / technology /
> legal community
> at the time of the Sony root exploit CD's - which
> I and others thought fully opened Sony for liability for 2nd party
> attacks. (I.e., if a hacker
On 9/29/05, Matthew Crocker <[EMAIL PROTECTED]> wrote:
> I'm hoping someone on the list can help confirm that I'm not going
> insane.
How can you be sure it's not the other way around? You're sane and
everyone else is insane? :)
> Can someone confirm my sanity? My zone of control starts at
>
On 7/28/05, Leo Bicknell <[EMAIL PROTECTED]> wrote:
> I am not a lawyer, and so under the current DMCA and other laws it
> may well be illegal to "decompile" code.
I'm sure all the script kiddies and real hackers out there will be
sure to obey the law.. This is the bit of the DMCA I have a huge
On 7/27/05, Jeff Kell <[EMAIL PROTECTED]> wrote:
>
> Cisco's response thus far:
>
>http://www.cisco.com/en/US/about/security/intelligence/MySDN_CiscoIOS.html
>
> Jeff
More fuel on the fire... Cisco and ISS are suing Lynn now...
http://news.zdnet.co.uk/internet/security/0,39020375,3921101
On 7/6/05, Rich Kulawiec <[EMAIL PROTECTED]> wrote:
> I grow rather tired of people whining about the spam (and abuse) problem
> on the one hand...while refusing to take simple, well-known, and proven
> steps to push the consequences back on those responsible for it. While we
> may no longer be i
On 6/29/05, Christopher L. Morrow <[EMAIL PROTECTED]> wrote:
> look to the private networks luke... Seriously, many large private
> ATM/Frame networks are transitioning to MPLS networks because the ATM or
> Frame gear is/was/will-be-shortly EOL/EOS from the vendors. The costs to
> run these networ
On 6/29/05, Randy Bush <[EMAIL PROTECTED]> wrote:
> indeed! i use them often. remember when you had to go into the
> bank and wait in a queue for a teller?
Hopefully soon to be replaced with RFID machines with voice activated
commands.. :)
Speaking of which.. It's 2005.. Where's my flying c
On 6/29/05, Petri Helenius <[EMAIL PROTECTED]> wrote:
> Maybe the small fact that ATM is fading away and building new networks
> with technology going away is going to explode your operational cost in
> a few years time. Business grade IP networks will provide you with equal
> if not better perfor
On 5/31/05, Chris Ranch <[EMAIL PROTECTED]> wrote:
> I just reread the article, and realized I got it wrong. There is some
> paperwork: "The ruling came in a lawsuit by the American Civil Liberties
> Union and an Internet access firm that received a national security
> letter (NSL) from the FBI d
On 5/31/05, Chris Ranch <[EMAIL PROTECTED]> wrote:
> Looks like they want us to turn over customer info without the subpoena,
> but simply with a phone call (or whatever) from an investigator. I
> would hope that would be just for specific accounts, and not the entire
> customer list. In any eve
On 5/31/05, Fergie (Paul Ferguson) <[EMAIL PROTECTED]> wrote:
> Worth knowing how this all falls out, methinks.
>
> http://www.securitypipeline.com/163702151
Am I understanding this correctly? Are they trying to get ISP's to
release all customer information up front without any sort of legal
re
On 5/19/05, Bruce Pinsky <[EMAIL PROTECTED]> wrote:
> That last part ought to be interesting to try and implement in 120 days:
>
> "...must provide the emergency operator with the customer's callback number
> and location, regardless of whether the call is being made from the
> customer's home or
On 4/18/05, Florian Weimer <[EMAIL PROTECTED]> wrote:
> Maybe the leak wasn't in the DNS service, but some other software
> component which company policy required on each server (think of
> Tivoli, antivirus software, or CSA). Who knows? The possiblities are
> endless.
There was, at one time,
On 4/18/05, Mikael Abrahamsson <[EMAIL PROTECTED]> wrote:
> It would be very interesting in seeing the difference in DNS traffic for a
> domain if it sets TTL to let's say 600 seconds or 86400 seconds. This
> could perhaps be used as a metric in trying to figure out the impact of
> capping the TTL
On 4/18/05, Daniel Golding <[EMAIL PROTECTED]> wrote:
>
>
> Aside from individual OS behavior, doesn't this seem like very bad advice?
I think this is more of a question of who to trust. Caching, in
general, isn't a bad thing provided that TTL's are adhered to. If the
poisoning attack were to
On Tue, 1 Mar 2005 09:18:19 -0500, Nils Ketelsen
<[EMAIL PROTECTED]> wrote:
> Okay, the main difference seems to be:
>
> 1. People here trust, that mailservers on port 587 will have
> better configurations than mailservers on port 25 have today. I
> do not share this positive attitude.
I think y
On Fri, 25 Feb 2005 11:17:35 -0500, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> That's being a bit disingenuous. The discussion here hasn't been to
> open up port 587 to relay for all comers, but rather to open it up for
> authenticated use only. If spammers start using it, then it's a result
On Tue, 15 Feb 2005 21:50:23 -0500, Daniel Golding
<[EMAIL PROTECTED]> wrote:
> Thor,
>
> 587 running SMTP auth (and relaying for authenticated users) and port 25 for
> local (non relay) delivery without authentication should be the default on
> all servers.
Agreed! At the very least you get th
On Thu, 3 Feb 2005 17:36:31 -0600, Adi Linden <[EMAIL PROTECTED]> wrote:
>
> How about using SMTP AUTH and verifying the envelope MAIL FROM to match
> the actual user authenticating? This will make SPAM traceable and
> hopefully ultimately users aware that their PC is sending junk.
Ouch .. Then
On Thu, 03 Feb 2005 12:26:55 -0500, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> On Thu, 03 Feb 2005 12:16:41 EST, Jason Frisvold said:
>
> > Agreed. And depending on your service, there are different ports
> > worth blocking. For residential users, I can't
On Thu, 03 Feb 2005 17:54:28 +0200, Gadi Evron <[EMAIL PROTECTED]> wrote:
> Still, please tell me, how is not blocking un-used or un-necessary ports
> a bad thing? It is a defensive measure much like you'd add barricades
> before an attack.
Agreed. And depending on your service, there are differ
On Tue, 18 Jan 2005 08:58:32 -0500, Nils Ketelsen
<[EMAIL PROTECTED]> wrote:
>
> McAfee knows about this Virus since last week, but decided
> it was not worth an update of their regular patterns. Thank you for this
> policy of slow updates, I will see that I get a vendor that acts
> in time, I gu
Greetings,
We just received our first ARIN allocation and I'm going through the
motions to make sure we do everything right. Aside from dealing with
DNS, BGP, and rwhois (which is a nightmare to set up), it was highly
recommended that we register with an IRR. After looking a bit, I'm
wondering
On Tue, 30 Nov 2004 16:30:47 -0500 (EST), Paul Khavkine
<[EMAIL PROTECTED]> wrote:
> In a situation where a link fails and the VC needs to be rerouted.
> The VC path has allready been setup.
In the network I work with, SVC re-routes are near instantaneous...
If I break a link on purpose, I'm har
On Fri, 19 Nov 2004 15:58:03 -0500 (EST), Scott McGrath
<[EMAIL PROTECTED]> wrote:
>
>
> Several of our researchers have pointed out that sites in the .MIL TLD are
> unreachable. Did a nslookup and got a interesting result
>
>
> Back to the subject at hand is anyone else seeing the same iss
same way existing 1918 space is. For instance, as
non-routable loopback addresses for routers, switches, etc. Correct? Or is
IPv6 NAT batter suited for this in the future?
> Eric :)
--
Jason Frisvold
Penteledata
> -Original Message-
> From: Charlie Khanna - NextWeb [mailto:[EMAIL PROTECTED]
> Subject: Network Monitoring System - Recommendations?
>
> Hi - I was interested in finding out what software applications other ISPs are
> using for network monitoring? For example:
>
> 1) Overall n
Do you have ACL's restricting access to the vty's? I've seen instances where telnet
ports get locked up because of port scanning and/or attacks...
--
Jason Frisvold
Penteledata
> -Original Message-
> From: Richard J. Sears [mailto:[EMAIL PROTECTED]
> Sent: We
On Mon, 2004-06-07 at 23:06, Edward B. Dreger wrote:
> Dynamic linking might be cheating. Static linking might be
> pessimistic. Probably best to compare BSD "crunchgen" images
> with and without ssh/sshd. (2MB total for statically-linked ssh
> and sshd as I compile it.)
Ooops.. forgot that bit
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> OK.. Say you can get it into the code train for 200K. What
> do you do with all
> those routers that have only 100K or 125K of space left in
> the flash (if that),
> and the flash is NOT going to get any bigger
xplain your
> position.
I've been converted into the "secure it if you can, ensure it's not
important if you can't" way of thinking ... I would very much like to
change our ACL's to only allow telnet from our server farm (which is SSH
*ONLY*), thus allowing a little bit of security ... This would at least
bring us into the "if someone's listening, it's gotta be the NSA or CIA"
class of security... :)
> R
Jason Frisvold
Penteledata
nyone at Cisco ever consider that people
> might like to use Feature Navigator without javascript?
> What's next? Mandatory Flash Player?
I concur.. Mandatory Javascript sucks... Esp when Mozilla and Firefox
have problems viewing the pages... Cisco's site became decidedly
On Mon, 2004-05-24 at 14:53, Jason Frisvold wrote:
> All,
>
> Does anyone have some really good in-depth reading material on BGP for
> beginners? I've been handed the reigns of BGP administration for our
> network, but I would still consider myself very much a newbi
All,
Does anyone have some really good in-depth reading material on BGP for
beginners? I've been handed the reigns of BGP administration for our
network, but I would still consider myself very much a newbie to
this... Some decent how-to's and accepted standards would be great...
Thanks!
Ours dropped about 70% ... And it's been steady ever since.. we've
added a large number of modems since that time as well...
Look into 'no cable-arp' as well ... Basically, it prevents arp
broadcasts and that also had a major impact on the cpu utilization of
our CMTS
stability; we have SUBSTANTIAL improvements in IOS
> stability, especially in 12.3.5a mainline.
Heh.. *old* Cisco code scares me enough... Bleeding edge is simply
terrifying... *sigh*
> -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
> --Net Access Corp
Not sure on the MC3810 (never used one), but I know that many of the
other Cisco routers didn't do CEF on ethernet until later revisions of
code... There are other factors that kick it out of CEF as well.. I
believe ACL's and Route Maps are 2 of them..
On Tue, 2003-09-09 at 11:07, Austad, Jay wro
On Mon, 2003-09-08 at 14:56, William Devine, II wrote:
> Can anyone from these three carriers tell me if you're doing port blocking
> on the Windows file/print ports (135-139, 445 & 593) ?
> A client of ours (in the US), against our recommendation, still wants to
> connect to their Exchange server
All,
It was requested that I post this email to the Nanog list as the person
in question does not have posting ability... :)
Hello All,
We're currently looking into migrating our Cisco 72xx and 75xx routers
to Service Provider IOS and I was wondering if anyone has had any good
luck with
On Tue, 2003-08-19 at 16:12, Jack Bates wrote:
> Number one use for netflow, scan detections. I detect most users
> infected with a virus before remote networks can auto-gen a report. I
> also detect mail being sent from various customer machines. High volume
> traffic flags me so I can investig
rity Systems, Inc.
> The Power to Protect
> http://www.iss.net
> ===
>
>
> -Original Message-
> From: Jason Frisvold [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, August 13, 2003 10:50 AM
> To: Ingevaldson, Dan (ISS Atlanta)
> Cc: Stephen J. Wilcox
On Tue, 2003-08-12 at 15:01, Mike Jezierski - BOFH wrote:
> My experience seems to be that as the ISP we're blamed when the
> subscribers gets a virus, because after all it's our network that
> sent the customer the virus.
Catch 22 ... Block the virus, get accused of being a censor. Allow the
; Sent: Wednesday, August 13, 2003 10:38 AM
> To: Jason Frisvold
> Cc: [EMAIL PROTECTED]
> Subject: Re: The impending DDoS storm
>
>
>
>
> On Wed, 13 Aug 2003, Jason Frisvold wrote:
>
> > All,
> >
> > What is everyone doing, if anything, to preven
ug 2003 11:10:13 -0500
> > From: Jack Bates <[EMAIL PROTECTED]>
> > To: Jason Frisvold <[EMAIL PROTECTED]>
> > Cc: "Ingevaldson, Dan (ISS Atlanta)" <[EMAIL PROTECTED]>,
> > Stephen J. Wilcox <[EMAIL PROTECTED]>, [EMAIL PROTECTED]
>
All,
What is everyone doing, if anything, to prevent the apparent upcoming
DDoS attack against Microsoft? From what I've been reading, and what
I've been told, August 16th is the apparent start date...
We're looking for some solution to prevent wasting our network
resources trans
On Fri, 2003-08-01 at 22:16, Matt Ploessel wrote:
> http://www.microsoft.com/homepage/features/2003/denialofservice.htm
Cool... thanks for the info... Hopefully I'll be able to gather any
information I can from our infected machine here and forward it on to
the proper authorities... Anyone got
Anyone aware of an attack on www.microsoft.com? I had a customer
machine that was attacking it, looks like either a bug in Microsoft's
SP4 (coincidentally this started the day after this was installed) or
there's some new(?) worm of some sort causing this ??
Thanks!
--
-
Apparently protocol 103 does not need to have a ttl of 0 or 1 when it
hits the interface in order to cause the DoS ... Cisco has updated
their advisory to reflect this (Version 1.9 now)..
Just wanted to alert everyone...
This makes the thought of some sort of virus causing this even more
realist
heavy use, so ACL's
don't hurt as much, but still something we need to be aware of..
On Tue, 2003-07-22 at 13:58, Allan Liska wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> On 22 Jul 2003, Jason Frisvold wrote:
> >
> > Not only the "clue
On Tue, 2003-07-22 at 09:54, [EMAIL PROTECTED] wrote:
> I'm going to go out on a limb and say that at least 30% of Ciscos are installed
> in places that would, if hit with this, have NO CLUE why their router needs to be
> power cycled every 30 mins.
Not only the "clueless", but how about those
Just for fun we hit an old AGS+ router with 10.2(4) code on it..
Apparently older code is vulnerable too..
So.. everyone running AGS+'s in the core, beware.. *grin*
On Fri, 2003-07-18 at 11:34, Jason Frisvold wrote:
> Ok, update to my testing :
>
> On Fri, 2003-07-18 at 10:48,
On Fri, 2003-07-18 at 14:49, Saxon Jones wrote:
> After I upgraded my IOS this morning I've seen 13,844 input errors on
> the port; when looking at the switch the router is connected to I see
> that a very similar number of multi-cast packets (13,423).
>
> Has anyone else seen this? Is this perh
On Fri, 2003-07-18 at 15:37, Stephen J. Wilcox wrote:
> > I don't think it will ever truly go away.. there are lots of "older"
> > routers that won't be able to support the newer code, albeit small
> > routers like the 2500's, but they'll exist..
>
> Yes I have some old routers (2500s) for which
On Fri, 2003-07-18 at 14:29, Irwin Lazar wrote:
> Just out of curiosity, are folks just applying the Cisco patch or do
> you go through some sort of testing/validation process to ensure that
> the patch doesn't cause any other problems? Given typical change
> management procedures how long is taki
Just a quick credit email.. :)
I wanna make sure credit is given to the 2 guys who helped with this
testing.. Keith Pachulski and Chrus Kruslicky .. both from PTD..
:)
On Fri, 2003-07-18 at 11:34, Jason Frisvold wrote:
> Ok, update to my testing :
>
> On Fri, 2003-07-18 at 10:
For those interested, these are the packet dumps of all 4 protocols
using HPing and the release ShadowChode exploit.
I'm told you can create the necessary IDS filters from this.. we're
working on this now as well... :) I'm not an IDS expert, so I don't
have the know-how to do this... yet.. :)
Ok, update to my testing :
On Fri, 2003-07-18 at 10:48, Jason Frisvold wrote:
> Hi all,
>
> First post.. I hope this is ok ...
>
> We tested the Cisco vulnerability and I wanted to share our results
> with you ...
> Testing scenario is this :
>
>
Hi all,
First post.. I hope this is ok ...
We tested the Cisco vulnerability and I wanted to share our results
with you ...
The attack code we used is the same code that was posted to the Full
Disclosure list. Compiled on a Redhat Linux 6.2 machine.
Testing scenario i
82 matches
Mail list logo
