Are you wanting hardened devices for an outside cabinet install (if it's
going outside then you'd better want hardened devices) or is this for an
internal environmentally-sound install? What's your definition of "long
distance"? 1800ft, 10km, 20km, 40km, 70, 80, 110? Assuming SMF, do you
n
Dorn Hetzel wrote:
Of course, my chemistry is a little rusty, so I'm not sure about the
prospects for a non-toxic, non-flammable, non-conductive substance with
workable fluid flow and heat transfer properties :)
Mineral oil? I'm not sure about the non-flammable part though. Not all
oils bu
Joel Snyder wrote:
>>> Also I'd love to hear recommendatios for "budget" 10GE
>>> routers. The "budget" router would be used to hook up
>>> client networks through one 10GE interface and connect
>>> to different transit providers through two 10GE
>>> interfaces.
If you don't need BGP-ish
Ang Kah Yik wrote:
However, considering the number of mobile workers out there who send
email via their laptops to corporate SMTP servers, won't blocking
outbound SMTP affect them?
After all, there are also those who frequently move from place to place
so they're going to have to keep chan
Adrian Chadd wrote:
Does anyone have any handy links to actual raw data and papers about this?
I'm sure we've all got our own personal datapoints to support automated
network probes but I'd prefer to stuff something slightly more concrete
and official(!) into the Wiki.
SANS ISC might have som
Dave Pooser wrote:
I can understand the logic of dropping the port, but theres some
additional thought involved when looking at Port 22 - maybe i'm not
well-read enough, but the bots I've seen that are doing SSH scans, etc,
are not usually on Windows systems. I can figure them working on Linux,
It varies widely. I see some extremely slow scans (1 SYN every 2-5
minutes). This is what someone on the SANS ISC page mentioned I believe.
I've also seen scans last for up to 10 minutes. The consistency of the
speeds made me think that perhaps the scanning computer was on a slow link.
T
Mark Foster wrote:
Port 22 outbound? And 23? Telnet and SSH _outbound_ cause that much of
a concern? I can only assume it's to stop clients exploited boxen being
used to anonymise further telnet/ssh attempts - but have to admit this
discussion is the first i've heard of it being done 'en ma
Scott Weeks wrote:
We need to take this off-line. All long timers are groaning, rolling their
eyes and putting this in their kill file.
Are the long-timers groaning and ignoring this thread? I certainly hope
not. It's threads like these that need the benefit of their experience
the most.
Scott Weeks wrote:
fire + gasoline = religious argument on this issue that we've had *many* times
in the past... ;-)
I wore my flame-retardent tidy whiteys today though so I'm prepared. :-)
I can understand the problem from both camps. As a tech-savvy user I
don't want my provider to fil
[EMAIL PROTECTED] wrote:
On Fri, 07 Mar 2008 13:55:05 CST, Justin Shore said:
I'm assuming everyone uses uRPF at all their edges already so that
eliminates the need for specific ACEs with ingress/egress network
verification checks.
You're new here, aren't you? :)
Hopef
This question will probably get lost in the Friday afternoon lull but
we'll give it a try anyway.
What kind of customer-facing filtering do you do (ingress and egress)?
This of course is dependent on the type of customer, so lets assume
we're talking about an average residential customer.
Martin Hannigan wrote:
> Scans are really a dime a dozen and noise that buries good data on
> real problems. Be careful!
>
>
>
> On 3/6/08, Justin Shore <[EMAIL PROTECTED]> wrote:
>> Rich Sena wrote:
>>> Anyone seeing anything similar - trying to determine if th
Rich Sena wrote:
Anyone seeing anything similar - trying to determine if this is spoofed
etc...
I haven't picked up any SSH or telnet scans from that network. That's
what I'm looking for at the moment. The amount of scans we're getting
are quite impressive at times. I wish there was an
Christopher Morrow wrote:
On Sun, Feb 24, 2008 at 8:42 PM, Patrick W. Gilmore <[EMAIL PROTECTED]> wrote:
except that even the 'good guys' make mistakes. Belt + suspenders
please... is it really that hard for a network service provider to
have a prefix-list on their customer bgp sessions?? L3 doe
Jeroen Massar wrote:
* PHAS: A Prefix Hijack Alert System
http://irl.cs.ucla.edu/papers/originChange.pdf
(A live/direct BGP-feed version of this would be neat)
Does PHAS still work? I tried to submit a request to subscribe a few
weeks ago and never heard back from their automated system.
Justin Shore wrote:
The ASN I'm referring to is that of the Russian Business Network. A
Google search should turn up plenty of info for those that haven't heard
of them.
Thanks for the replies. They were along the lines of what I was
expecting (as-path ACL filtering & route
I'm sure all of us have parts of the Internet that we block for one
reason or another. I have existing methods for null routing traffic
from annoying hosts and subnets on our border routers today (I'm still
working on a network blackhole). However I've never tackled the problem
by targeting
2 for those who want updates.
Justin
Justin Shore wrote:
L3 dropped us at 13:30CST. I've been told that whatever happened took
out everything from KC to Wichita to Little Rock to Houston. No word on
the cause and no ETA yet. They're handing us 37 routes which is a far
cry f
L3 dropped us at 13:30CST. I've been told that whatever happened took
out everything from KC to Wichita to Little Rock to Houston. No word on
the cause and no ETA yet. They're handing us 37 routes which is a far
cry from the roughly 237,000 we'd normally get. I recognize 3 of the
routes t
ane manner? I'm assuming
matching 0.0.0.0/0 ge 24 would be sufficient unless there are some
exceptions like perhaps the root servers.
Thanks
Justin
Justin Shore wrote:
Are any other L3 customers seeing the large number of /25 and smaller
routes from L3?
Are any other L3 customers seeing the large number of /25 and smaller
routes from L3? I'm seeing almost 2500 of these routes in 4/8, some but
not as many in 8/8 and still more in L3's non-US allocations. Looking
at the AS paths for a handful of those specific networks I only see them
via ou
On Wed, 24 Sep 2003 [EMAIL PROTECTED] wrote:
> Customers who use blacklists compiled by vengeance-oriented folk deserve
> what they get: No email.
>
> Suggested solutions:
> a) whitelist williams
> b) stop using SBLs similar to spamhaus.
>
> It is a question of trust: Do you trust spamhaus to
On Wed, 24 Sep 2003, Kee Hinckley wrote:
> With the possible exception of the new California law, I've yet to
> see any case in which the benefit from nailing a spammer (in terms of
> damages, or even reduced attacks) comes even close to covering the
> amount of time it took to find and pursue
On Wed, 24 Sep 2003, Stephen J. Wilcox wrote:
> The one that they're doing on my own domain which I mentioned on list some
> months ago is still going strong with many Mbs of bounces per day.. I think its
> fair to say there is very little you can do as tracking the source is almost
> impossib
On Wed, 24 Sep 2003, Mark Segal wrote:
>
>
> I think some RBLs might get better responses from the ISPs when they stop
> taking "collateral damage gets the abuse department's attention" attitudes..
> Some RBLs cause many providers a LOT of headaches, so it is not surprising
> that when it is th
On Wed, 24 Sep 2003, Joel Perez wrote:
>
> Great,
> Just Great. Wasn't there a post a while back that listed what providers
> are SPAM friendly? My fingers are getting tired trying to create ACL's
> lists to block ranges of IP's without compromising my service. I wish
> the power's up above woul
On Wed, 24 Sep 2003, Stephen L Johnson wrote:
> Please forgive my ignorance, but what is a "joe-job"?
I dug up some links for you.
http://www.spamfaq.net/terminology.shtml#joe_job
http://www.techtv.com/news/culture/story/0,24195,3415219,00.html
http://catb.org/~esr/jargon/html/J/joe-job.html
ht
On Wed, 24 Sep 2003 [EMAIL PROTECTED] wrote:
> Perhaps, but it also seems like moving an RBL onto a P2P network would
> making poisoning the RBL far too easy...
That's what I was getting ready to suggest. As it stands now we have at
least somewhat of an assurance that the zone we're working wi
I thought ya'll might be interested to hear that yet another DNS blacklist
has been taken down out of fear of the DDoS attacks that took down
Osirusoft, Monkeys.com, and the OpenRBL. Blackholes.compu.net suffered a
joe-job earlier this week. Apparently the joe-jobbing was enough to
convince some
On Tue, 23 Sep 2003, John Payne wrote:
> Anyone want to offer hardware, colo, bandwidth and a bgp session for a
> dnsbl anycast solution?
At the very least it could be some excellent PR for a provider to have.
Justin
On Tue, 23 Sep 2003, Mike Tancsa wrote:
> The credit cards in our case were legit. They were different numbers, but
> they were not stolen.
That would make a difference. The credit card companies probably wouldn't
care if you told them that the cards were being used by their customer for
ill
On Mon, 22 Sep 2003, Stephane Bortzmeyer wrote:
>
> On Mon, Sep 22, 2003 at 12:23:35AM -0500,
> Justin Shore <[EMAIL PROTECTED]> wrote
> a message of 20 lines which said:
>
> > > What software is available/recommended for NOC contact
> > > manageme
On Sun, 21 Sep 2003, Pete Kruckenberg wrote:
> What software is available/recommended for NOC contact
> management?
I've used Nagios (formerly NetSaint) in the past and have been very
impressed with it.
http://www.nagios.org/
It of course has a bit of a learing curve but it's not bad at all.
On Sun, 21 Sep 2003, Mike Tancsa wrote:
> Yes, this is all too familiar. Luckily it was not so acute for us. The
> porn company in question was using legit credit cards and we knew where
> they were located. We too got to the point where I had to contemplate
> blocking dialups with no ANI a
On Sat, 20 Sep 2003, Sean Donelan wrote:
> It costs service providers more (cpu/ram/equipment) to filter a
> connection. And even more for every exception. Should service providers
> charge customers with filtering less (even though it costs more), and
> customers without filtering more (even tho
On Sat, 20 Sep 2003, Margie wrote:
> Very little spam coming off dialups and other dynamically assigned,
> "residential" type connections has anything to do with open relays.
> The vast majority of it is related to open proxies (which the machine
> owners do not realize they are running) and mach
On Fri, 19 Sep 2003, Matthew Kaufman wrote:
>
> I agree entirely with this. You shouldn't call yourself an ISP unless you
> can transport the whole Internet, including those "bad Microsoft ports",
> between the world and your customers.
I disagree. In my opinion a NSP shouldn't filter traffic
On Thu, 18 Sep 2003, Todd Vierling wrote:
>
> On Thu, 18 Sep 2003 [EMAIL PROTECTED] wrote:
>
> : Without a question: PS/2 style keyboard and mouse connectors. Impossible
> : to tell from each other,
>
> And this part is somewhat funny, too, because the PS/2 connector layout is
> capable of h
On Thu, 18 Sep 2003, David Barak wrote:
>
>
> --- Matt <[EMAIL PROTECTED]> wrote:
> > I've got a couple others in my head from 3Com and a
> > couple of others,
> > but I thought I'd get the ball rolling. So, what do
> > you think?
> >
>
> Personally my issues are console-cable related: is
>
On Wed, 17 Sep 2003 [EMAIL PROTECTED] wrote:
>
> > On Wed, 17 Sep 2003, [ISO-8859-1] Mathias Körber wrote:
> >
> > > > If we take a step back, we could say that the whole Verisign incident
> > > > demonstrated pretty clearly that the fundamental DNS premise of having no
> > > > more than one ro
hey are important to someone
>
> -Original Message-
> From: Justin Shore [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, September 17, 2003 12:53 PM
> To: Sean Donelan
> Cc: [EMAIL PROTECTED]
> Subject: Re: Sabotage not backhoes: More cable cuts
>
>
>
> On Sun, 14 S
On Sun, 14 Sep 2003, Sean Donelan wrote:
>
> Someone climbed a 15-foot tower in Southern Arizona cutting a fiber optic
> cable used by Broadwing and Tucson Electric Power. This was within five
> feet of the 138,000-volt power line. The site was also guarded by barbed
> wire.
At least it's jus
On Mon, 15 Sep 2003, Christopher X. Candreva wrote:
>
> On Mon, 15 Sep 2003, Vadim Antonov wrote:
>
> > I'm going to hack my BIND so it'll discard wildcard RRs in TLDs, as a
> > matter of reducing the flood of advertising junk reaching my desktop.
>
> Please share your hack !
I've implemented
I submitted ebay.com to rfc-ignorant.org for this RFC violation almost a
year ago (which they of course accepted):
http://www.rfc-ignorant.org/tools/detail.php?domain=ebay.com&submitted=1029353643&table=abuse
Companies like this could simply care less. If you don't run a mail
system with "cust
On Fri, 1 Aug 2003, Crist Clark wrote:
> And for this crowd, I should point out that blocking 135/udp blocks
> DCE-RPC which is used rather heavily by HP OpenView by default.
>
> You may hear some shrieks of pain should you chose to block 135/udp.
I bidirectionally blocked all NetBIOS ports (tc
On Sun, 22 Jun 2003, Sean Donelan wrote:
>
> Its been a few years since I looked at network discovery and mapping
> tools. Openview/et al did the job, but was always a pain to move all
> the boxes to the right spots on the resulting maps.
>
> Has network discovery and mapping improved for medi
On Wed, 18 Jun 2003, Miles Fidelman wrote:
> It occurs to me that a lot of people on this list might have that sort of
> quantitative data - so... any comments?
You might find this useful.
http://zebulon.miester.org/spam/
Justin
On Thu, 19 Jun 2003, Jay Hennigan wrote:
>
> On Wed, 18 Jun 2003, Lars Higham wrote:
>
> > Joe,
> >
> > While I agree with all of your points individually, I would say that
> > only one of them doesn't work for 'following the money'. This one being
> > the pump-and-dump. Everything else invol
On Sat, 31 May 2003, John Brown wrote:
>
> >
> > Why does 65/8 generate almost as many queries as 24/8?
>
> because there are lots of cable and DSL users in those
> prefix's
>
> My cable at home is net-65
My SBC DSL that this email is coming from is in 65.
Justin
On Sat, 31 May 2003, Stephen J. Wilcox wrote:
> Hi,
> seems some spammers are using one of my personal domains as the from field in
> their emails, the local-part being random so I cant easily block it.
>
> Has anyone any advice on tracking them down and making them stop?
>
> All I get are t
On Sat, 31 May 2003 [EMAIL PROTECTED] wrote:
>
> On Sat, 31 May 2003, Mr. James W. Laferriere wrote:
>
> > > White listing comes with any blacklist. The blacklists in particular
> > > being discussed were the @dynamics, like the PDL and dynablock at
> > > easynet. Both lists quite clearly state
52 matches
Mail list logo