Re: Sagonet - Failing miserably with network security Someone needs to handle this.

2006-10-30 Thread Jordan Medlen
Customer has been nuked. -- Jordan Medlen Sago Networks On Oct 30, 2006, at 11:54 AM, Lasher, Donn wrote: Not that this is his real name, or business, but a whois on the IP yields: [whois.arin.net] Sago Networks SAGO-20030401 (NET-65-110-32-0-1

RE: [Full-disclosure] what can be done with botnet CC's?

2006-08-17 Thread Jordan Medlen
from our customers or destined to our customers. While this is not a perfect system, it is much better than idly sitting there and letting the abuse continue. --- Jordan Medlen Chief Technology Officer and Architect Sago Networks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

RE: [Full-disclosure] what can be done with botnet CC's?

2006-08-17 Thread Jordan Medlen
applied from our black hole router, which gets propagated via OSPF then eventually gets handed off to our peers using either a community or multi-hop neighbor. --- Jordan Medlen Chief Technology Officer and Architect Sago Networks -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL

RE: [Full-disclosure] what can be done with botnet CC's?

2006-08-17 Thread Jordan Medlen
: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gadi Evron Sent: Thursday, August 17, 2006 1:37 PM To: Jordan Medlen Cc: [EMAIL PROTECTED] Subject: RE: [Full-disclosure] what can be done with botnet CC's? On Thu, 17 Aug 2006, Jordan Medlen wrote: I'm sure most people on this list have

RE: [Full-disclosure] what can be done with botnet CC's?

2006-08-17 Thread Jordan Medlen
:37 PM To: Jordan Medlen Cc: [EMAIL PROTECTED] Subject: RE: [Full-disclosure] what can be done with botnet CC's? On Thu, 17 Aug 2006, Jordan Medlen wrote: I'm sure most people on this list have heard of or use snort. There is an add-on package called snortsam. This package allows automation

RE: [Full-disclosure] what can be done with botnet CC's?

2006-08-17 Thread Jordan Medlen
EDT, Jordan Medlen said: Thanks for the info. I will pass this to our abuse department to get rid of those. We are still tweaking our system and is only about 90% deployed, but after all of the efforts to deploy the system, it should pay-off many many times over. Something that would probably

RE: [Full-disclosure] what can be done with botnet CC's?

2006-08-17 Thread Jordan Medlen
CC's? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 in-line: Jordan Medlen wrote: I'm sure most people on this list have heard of or use snort. There is an add-on package called snortsam. This package allows automation of blocking traffic deemed malicious via a null route statement or ACL

RE: Using snort to detect if your users are doing interesting things?

2005-06-09 Thread Jordan Medlen
on your way to dropping your abusive traffic on your network. Good luck to you! -- Jordan Medlen Chief Network Engineer Sago Networks From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew Weaver Sent: Thursday, June 09, 2005 11:46 AM To: nanog@merit.edu Subject: Using snort