On Sun, 21 Sep 2003 18:25:50 EDT, Sean Donelan <[EMAIL PROTECTED]> said:
> "I recently put this suggestion to Microsoft and their response basically
> avoided the whole issue. Why wouldn't the company want to offer such a CD,
> assuming that's the motivation behind their stonewalling?"
It would
On Fri, 19 Sep 2003 12:08:33 PDT, Scott Granados said:
> noise anyway. So that someone looking over your shoulder will still be
> there unless you've memorized the prompts on your local atm, a possibility
> granted.
Works for my dad - though he did have to call the bank once, turned out
they had
On Thu, 18 Sep 2003 16:14:39 PDT, Scott Granados said:
> Who thought it was a good idea to put braille on the drive up atms?
My dad's legally blind. That braille makes it possible for him to get cash
(either from the back seat or step out and walk up) if somebody's
giving him a ride, without hi
On Thu, 18 Sep 2003 12:08:43 EDT, Bob German <[EMAIL PROTECTED]> said:
> Can anyone point me to a set of standards that define a "Class A Data
> Center?" I'm not asking for requirements, but an actual pointer to
> standards hammered out by an organization or governing body.
"must have connectiv
On Thu, 18 Sep 2003 09:59:27 MDT, John Neiberger <[EMAIL PROTECTED]> said:
> If GeoTrust is Verisign, why do they make a big deal out of competing
> with Verisign?
And Chevy competes with Pontiac and Buick. Your point?
pgp0.pgp
Description: PGP signature
On Thu, 18 Sep 2003 00:36:05 EDT, David B Harris <[EMAIL PROTECTED]> said:
> If they don't accept anything on port 25, either by sending all packets
> to /dev/null or by responding with SYN+RST ("Connection refused"), MTAs
> everywhere will consider this a "temporary error."
They could save us a
On Wed, 17 Sep 2003 22:05:04 -, "E.B. Dreger" <[EMAIL PROTECTED]> said:
> PH> If I remember correctly, Verisign person stated in an
> PH> interview that they estimate that it will be worth up to
> PH> $100M annually.
> I'm willing to suffer that sort of burden to, uh, help make the
> Interne
On Wed, 17 Sep 2003 17:43:24 CDT, Matt <[EMAIL PROTECTED]> said:
> I've got a couple others in my head from 3Com and a couple of others,
> but I thought I'd get the ball rolling. So, what do you think?
Well.. maybe it's just still fresh in my memory and the aggravation factor
is higher because
On Wed, 17 Sep 2003 17:55:32 -, Paul Vixie <[EMAIL PROTECTED]> said:
> i'm not sure how many people inside verisign, us-DoC, and icann agree
> that COM and NET are a public trust, or that verisign is just a caretaker.
If there's a disagreement on this concept, we have *BIGGER* problems than
On Wed, 17 Sep 2003 00:38:14 EDT, Mike Tancsa <[EMAIL PROTECTED]> said:
> I trust your assessment of the DNS techs. But what about the DNS tech's
> bosses? They ordered some pretty lumpy things be done with .com and .net.
> Given that track record, whats to stop them from ordering the GTLD te
On Wed, 17 Sep 2003 04:27:05 -, Paul Vixie <[EMAIL PROTECTED]> said:
> speaking for f-root, we won't be cooperating with anything like that.
> we do not edit the zone files we serve. they come from iana, and if
> you want something different served, you'll have to talk to iana. i
> cannot s
On Tue, 16 Sep 2003 15:33:03 EDT, Richard A Steenbergen said:
> > patched, but does anybody know whether there's a problem with the
> > criscos? (as in "how do I configure my router for that?" ;-)
>
> Or better yet, the OpenSSH running on Junipers? Nothing on Juniper's site
> about a vulnerabi
On Tue, 16 Sep 2003 11:27:08 PDT, [EMAIL PROTECTED] said:
> if vt.edu wants to place a:
>
> * in a 198.82.247.53
>
> in the vt.edu zone, why should anyone complain that now vt.edu
> doesn't return NXDOMAIN for all un-delegated entries? You want
> t
On Tue, 16 Sep 2003 11:08:11 PDT, [EMAIL PROTECTED] said:
> > On Tue, 16 Sep 2003 09:59:40 PDT, [EMAIL PROTECTED] said:
> thats one aspect yes. the valdiation chain should tell
> you who signed the delegations. It won't lie.
> you will know that V'sign put that data there.
How
On Tue, 16 Sep 2003 09:59:40 PDT, [EMAIL PROTECTED] said:
> DNSsec will work properly with wildcards, regardless of where they are
> in the DNS.
Which means that a rogue DNS can lead you down the garden path and
DNSsec won't give you a clue that you're being lied to. It's the same
question as the
On Tue, 16 Sep 2003 13:31:19 EDT, Eric Gauthier said:
> it. I'm a stupid network engineer that typically leaves the money stuff up
> to my finance geek friends, but even I know that (well most of the time):
>
> Bad Press == Stock Go Down
I wish this explained SCO's stock price... ;)
pg
On Tue, 16 Sep 2003 14:31:53 +1000, Matthew Sullivan said:
> Worse than that - it's a fixed sequence of responses...
>
> $ telnet akdjflasdf.com 25
> Trying 64.94.110.11...
> Connected to akdjflasdf.com.
> Escape character is '^]'.
> 220 snubby4-wceast Snubby Mail Rejector Daemon v1.3 ready
> sdf
On Mon, 08 Sep 2003 17:01:51 BST, [EMAIL PROTECTED] said:
>
> > And getting the lead time down to 4-6 weeks would be a challenge -
> remember you
> > have to *ship* the re-mastered patch CD to every retailer and get it on
> the
> > shelves. That's going to hit your bottom line.
>
> Ever hear
On Sat, 06 Sep 2003 22:11:41 PDT, Jim Shankland said:
> Hans Reiser would argue that that reflects a limitation of the
> filesystem, rather than of qmail; and that apps should not
> have to code around such unreasonable filesystem limitations.
> And reiserfs goes to considerable effort to achieve
On Tue, 02 Sep 2003 13:34:10 PDT, David Schwartz said:
> Umm, makers of free software have to do this too. Even people who place
> software in the public domain have to do this. This has nothing to do with
> compensation and has more to do with nuisance.
Umm.. if you explicitly put it in th
On Sat, 30 Aug 2003 14:09:40 EDT, Joe Abley said:
> That won't save them when the time required to download the patch set
> is an order of magnitude greater than the mean time to infection.
This, in fact, is the single biggest thorn in our side at the moment. It's hard
to adopt a pious "patch you
On Fri, 29 Aug 2003 21:36:36 PDT, Mike Leber said:
> Perhaps paper manufacturers should be held liable until they come out with
> paper that can't be used to write down bad ideas.
Know what *really* irks me? I order blank paper, and this damned company keeps
sending me paper that's got connect-t
On Fri, 29 Aug 2003 18:43:23 PDT, Owen DeLong <[EMAIL PROTECTED]> said:
> Um...What exactly is wrong with that? There are lots of LEGAL ways to
> download music.
And Napster can be used to download non-infringing files. Look where it got them.
pgp0.pgp
Description: PGP signature
On Fri, 29 Aug 2003 21:06:24 EDT, Terry Baranski <[EMAIL PROTECTED]> said:
> This is a disturbing viewpoint. Next thing you know we'll be blaming
> ISP's for file sharing...
Well, when one of the largest providers of high-speed internet access is including
"download music" as a reason for wantin
On Fri, 29 Aug 2003 16:19:28 CDT, Jack Bates said:
> I wouldn't recommend a policy change like that for any user base over
> 10,000.
So you're saying that because you've got too many users with dumb passwords,
that's justification for not fixing it? ;)
/Valdis (and yes, we're in the middle of a
On Fri, 29 Aug 2003 14:47:50 CDT, Jack Bates said:
>
> Mikael Abrahamsson wrote:
> >
> > You switch service provider or give them a whack with the cluebat.
> >
>
> Some providers don't support auth do to the insecure passwords their
> users have. Having your server opened up to relay spam beca
On Thu, 28 Aug 2003 12:00:29 EDT, Matthew Crocker said:
> How does this sound for a new mail distribution network.
Only a few problem here:
1) Bootstrapping it - as long as you need to accept legacy SMTP because
less than 90% of the mail is being done the new way, you have a hard sell
in getting
On Wed, 27 Aug 2003 17:56:09 PDT, nanog <[EMAIL PROTECTED]> said:
> ps. Is this operational? :)
It's *NON* operational if they drop the gear. :)
pgp0.pgp
Description: PGP signature
On Tue, 26 Aug 2003 10:47:22 EDT, Drew Weaver <[EMAIL PROTECTED]> said:
> Is anyone getting hundreds of thousands of spasm a day from 218.0.0.0 like I
> am? Has anyone actually considered null routing the whole block?
>
> Is there actually any 'users' in APNIC space? Or is it all spam from korea?
On Tue, 26 Aug 2003 09:35:57 EDT, Leo Bicknell <[EMAIL PROTECTED]> said:
> the routes to where they need to go today. Any filtering system
> is going to move roughly the same data, and needs to move it roughly
> as quick (surely you don't think customers are going to wait three
> days for their
On Mon, 25 Aug 2003 13:57:44 PDT, Henry Linneweh <[EMAIL PROTECTED]> said:
> Microsoft has a task scheduler that people should learn to use to remind
> them to check update to make sure their patches are current, it is
> located in the control panel and labled Scheduled Tasks and has an
> Add Sch
On Mon, 25 Aug 2003 08:35:43 CDT, Jack Bates <[EMAIL PROTECTED]> said:
> Which is why Microsoft should issue a software equivelant of a recall.
> Systems shouldn't be sold vulnerable without at least a patch CD.
The problem is that you need to look at the sum of (lead time) + (time patch CD
spe
On Fri, 22 Aug 2003 18:41:02 -, Fergie said:
> Thanks for the heads-up, which is (in my opinion) the appropriate
> response -- anything resembling panic, scare tactics, or a
> "Charlie Foxtrot", would only contribute to the problem.
I just mentioned it so we'd all know, in case the next part
A quick heads up, if anybody hasn't heard:
At 1900GMT today, ET phones home, and picks up the next payload of
instructions. Nobody knows (yet) what they'll be, but SoBig-E erased itself,
put in a password grabber, and then installed a mail proxy for spammer use.
This one *may* just play the them
On Thu, 21 Aug 2003 10:10:12 CDT, neal rauhauser <[EMAIL PROTECTED]> said:
> No one loves me and I don't get much email from the folks who tolerate
> me. I just got back from having lunch with some guys who tolerate me and
> I found scads of messages from all over -the funniest among the bunch
On Wed, 20 Aug 2003 17:49:07 PDT, chuck goolsbee <[EMAIL PROTECTED]> said:
> majority. My nanog list mail account got joejobbed by the
> "Netscalibur" user, both as sender and receiver (supposedly from
> Valdis Kletnieks, and somebody at NetSol.) and I've neve
On Wed, 20 Aug 2003 13:45:46 EDT, Claire Kelly <[EMAIL PROTECTED]> said:
> How catty. We all start somewhere, or have you forgotten?
You *do* have to admit it's an unusual combination of skills to:
a) have enough clue to get subscribed to NANOG-post
*AND*
b) not be able to identify Windows Me
On Wed, 20 Aug 2003 10:25:28 EDT, Joe Maimon <[EMAIL PROTECTED]> said:
> Considering the amount of email traffic generated by responding to
> forged virus laden email from culprits like sobig should email virus
> scanning systems be configured to send notifications back to sender or not?
It is
On Tue, 19 Aug 2003 12:42:49 EDT, David Diaz <[EMAIL PROTECTED]> said:
> Obviously some bot has gone threw the nanog list and is now forging
> headers such that they appear to come from those addresses, and they
> are attaching viruses.
More likely, some poor lurker at the IP address listed ha
On Tue, 19 Aug 2003 12:19:28 EDT, Paul Jasa <[EMAIL PROTECTED]> said:
> A call to AT&T Worldnet confirms that AT&T Worldnet service is blocking ICMP in
> order to deal with an undefined emergency. Nothing posted on their site, nor
> any other info is available. If anyone has info related to th
On Fri, 15 Aug 2003 17:46:56 PDT, Avleen Vig said:
> To the point where it doesn't hurt my network, hurt other people, or
> cause me an increase in costs, I won't be going out of my way to defend
> MS. Frankly, it might be the only way they'll learn.
> Imaging the havok if every Windows virus trie
On Sat, 16 Aug 2003 00:25:14 +0200, Iljitsch van Beijnum said:
> It seems to me that the power guys are still living somewhere in the
> last century. Is it really impossible to absorb power spikes? We can go
> from utility to battery or the other way around in milliseconds, so it
How many kVA
On Tue, 05 Aug 2003 09:56:52 BST, [EMAIL PROTECTED] said:
> >1) What *immediate* benefits do you get if you are among the first to
> deploy?
> >(For instance, note that you can't stop accepting "plain old SMTP" till
> >everybody else deploys).
>
> You can replace complex and buggy spam filterin
On Mon, 04 Aug 2003 19:41:35 BST, Richard D G Cox <[EMAIL PROTECTED]> said:
> The immediate benefit (as sender) is that you reduce the (now ever-increasing)
> risk of your mail being rejected by filtration processes and will be trusted
> on arrival; the benefit for the recipient is of course less
On Mon, 04 Aug 2003 13:38:37 BST, [EMAIL PROTECTED] said:
> The web of trusted email servers would use a new and improved mail
> transfer protocol (NIMTP) that would only be used to exchange email
> between trusted servers. Users could continue to use authenticated SMTP to
> initiate the sendi
On Sat, 02 Aug 2003 10:46:54 +0200, Mans Nilsson said:
> - Inform them that devices found to be broken into will be sent to null0
> until proof of cleanliness has been obtained.
And then they download the patches how? (This is particularly a problem
if the customer is using a NAT to obfuscate t
On Tue, 29 Jul 2003 14:24:29 BST, [EMAIL PROTECTED] said:
> training. Part of it will come from teaching people network etiquette,
> part from teaching them that spam is not a way to make money, and part of
Ralsky apparently has a $700K house. I don't. Now explain to me again
the part about
On Sun, 27 Jul 2003 00:56:28 EDT, Len Rose <[EMAIL PROTECTED]> said:
> I humbly disagree. It is not user negligence, but rather neglgence on
> behalf of the entity's systems team, or perhaps the entity's failure
> to support their own systems team by hiring competent staff instead
> of relying
On Wed, 23 Jul 2003 13:40:03 EDT, Dave Temkin said:
> If it's being used for purely transit then your third paragraph doesn't
> apply at all. The traffic is not originating or terminating there, it is
> merely passing through.
If it shows up on a traceroute, it originated an ICMP packet.
10 * *
On Wed, 23 Jul 2003 02:12:53 BST, "Stephen J. Wilcox" <[EMAIL PROTECTED]> said:
> A bit harsh bearing in mind this address is your legitimate reply address from
> the email.. !
On the other hand, it *would* explain any e-mail based reachability issues... ;)
pgp0.pgp
Description: PGP signa
On Tue, 22 Jul 2003 17:51:20 EDT, [EMAIL PROTECTED] said:
> I guess all folks with Ph.D. at Akamai really are paid for nothing if a
> virus could calculate that with a few traceroutes.
It's actually pretty easy if you get 20K distributed zombies doing the traceroutes
and then distributing the dat
On Tue, 22 Jul 2003 17:50:17 EDT, [EMAIL PROTECTED] said:
> How many thousands of "polls" do you think a looking glass can handle
> simultaneously? I am all for the doomsday scenarios, but lets make them a
> little bit less sci-fi, shall we? How about "it would create valid looking
> OSPF packets
On Tue, 22 Jul 2003 14:58:22 -, [EMAIL PROTECTED] said:
> That is a bit paranoid, but it could happen. I have not seen anybody do
> anything that intelligent in the past couple of years. Not to say that there
> arent people out there that couldn't do that but I think many have thought of
> us
On Tue, 22 Jul 2003 10:08:42 EDT, you said:
> I see this as a make or break If someone does not upgrade,
> well think of this as a roll-coaster.
> Remember the sign? This ride is not advised for
> people with bad backs, pregnant ladies..
Someplace I have a sign:
"Your clue must be at
On Tue, 22 Jul 2003 15:40:02 +0200, Niels Bakker <[EMAIL PROTECTED]> said:
>
> * [EMAIL PROTECTED] (Adam Maloney) [Tue 22 Jul 2003, 15:33 CEST]:
> > The next worm taking advantage of the latest Windows' vulnerabilities
> > is more or less inevitable. Someone somewhere has to be writing it.
> > S
On Fri, 18 Jul 2003 12:29:30 MDT, Irwin Lazar <[EMAIL PROTECTED]> said:
> I'm trying here to gauge the length of time before this vulnerability is closed out.
The core routers have been bouncing as they upgrade all this week. A lot of places
will be putting the fixes in place during windows thi
On Thu, 17 Jul 2003 03:17:32 EDT, Brian Wallingford said:
> :at http://www.cisco.com/tacpage/sw-center/sw-ios.html
>
> I'm getting a 404 "not found" for that URL, while logged into CCO.
Hmm.. you mean Magic Rebuild Dust doesn't work on webpages? ;)
But yeah, it's *that* sort of thing that you w
On Thu, 17 Jul 2003 01:05:46 CDT, Darrell Kristof <[EMAIL PROTECTED]> said:
> If Cisco made THIS big a deal of this to not release info to the public,
> I wouldn't wait. There must be a reason. I had to push and push to get
> any info and I think they finally gave up because too many people knew.
On Mon, 14 Jul 2003 20:45:44 -0800, "W.D. McKinney" <[EMAIL PROTECTED]> said:
> Did you mean to post this on the qmail list per chance ?
> On Mon, 2003-07-14 at 08:34, John Brown wrote:
> > http://marc.theaimsgroup.com/?l=qmail&m=105452174430616&w=2
Doubtful, he's *citing* a posting from an arc
On Sat, 28 Jun 2003 19:04:25 PDT, Etaoin Shrdlu <[EMAIL PROTECTED]> said:
> I include every single default install of every single OS that enables
> anything more than port 22),
Speaking of which, a heads-up... Jay Dyson was reporting on the [EMAIL PROTECTED]
mailing list that he's seeing an ups
On Thu, 05 Jun 2003 18:47:45 PDT, Eric Anderson <[EMAIL PROTECTED]> said:
> Is this showing up as an issue for anyone? All I'm looking at is an MSNBC
> story which gives me the impression that it's a pretty low-bandwidth deal. I
t
> sounds like it requires intervention by the end user (or a syst
On Tue, 03 Jun 2003 14:13:58 CDT, "Dominic J. Eidson" <[EMAIL PROTECTED]> said:
> On the flip side, maybe there's still entirely too many people running
> vulnerable email readers...
Our virus scanners set a new one-day record yesterday by catching 105,745
copies of Sobig.C - so there's certainl
On Sat, 31 May 2003 00:54:07 EDT, Gerald said:
> 10.0.0.0/8 16,777,214 unique hosts maximum
> 192.168.0.0/16 65,534 unique hosts maximum
> 172.16.0.0/12 1,048,574 unique hosts maximum
> Total: 17,891,322 unique addresses (before further subnetting)
However, see RFC3194.
pgp0.pgp
Descr
On Fri, 30 May 2003 07:20:33 PDT, [EMAIL PROTECTED] said:
> firewall rulesets and logs. If you're running tests do you want too
> see results such as 192.168.22.0, 172.16.89.22, 10.129.20.222,
> 10.12.22.2? Wouldnt it be easier if your test results looked
> like this: 1.10.1.1, 10.10.1.1, 100
On Fri, 30 May 2003 05:49:28 PDT, [EMAIL PROTECTED] said:
> one of the things I want to do is make it much
> easier to "parse visually" my route tables.
Might want to use networks 4/8, 16/8, and 64/8 - they stand out
nicely when looking at net numbers in hex or binary. ;)
pgp0.pgp
Descrip
On Thu, 03 Apr 2003 15:58:53 CST, Gerardo Gregory said:
> I have always been under the impression (or taught at least) that an MX
> record was necessary (required) for mail exchange. I at least believed that
> this was the correct way. Recently, we implemented a new mail server at our
It's t
On Thu, 03 Apr 2003 10:31:39 EST, "Steven M. Bellovin" said:
> >Correct me if I am wrong, but isn't this against RFC current practice?
> >
>
> Yes -- see RFC 2142. But the IETF has no enforcement arm...
That would be NANOG's job (as much as it's anybody's). S...
http://www.rfc-ignorant.o
On Fri, 28 Mar 2003 13:59:02 EST, Richard Irving said:
> Sean Donelan wrote:
> > identical legislation being introduced in six different states? I suspect
> > an outside influence was involved in drafting the proposed legislation.
>
> Now, -that's- using your noodle.
>
>With just a little
On Wed, 26 Mar 2003 08:14:45 PST, [EMAIL PROTECTED] said:
>
> What are you talking about, DNS check option will work great for BIND,
> I mean if BIND can not get to the root server and thereafter to ISC, you
> don't have to worry about it getting hacked, its probably not connected to
Keep in
On Mon, 17 Mar 2003 01:31:08 EST, Jared Mauch said:
> When you get a /8, you expect it to be fully usable. The
> APNIC posture here seems to make sense to me that its an issue
> that needs to be resolved. using one of the other currently
> reserved /8's while that issue plays out seems qui
On Wed, 12 Mar 2003 21:27:51 EST, Andy Dills <[EMAIL PROTECTED]> said:
> Not be offended if somebody didn't know my gender?
Fortunately, none of the simians on the list have objected to being
classified as 'banana eaters' ;)
pgp0.pgp
Description: PGP signature
On Tue, 11 Mar 2003 18:22:14 EST, Charles Sprickman said:
> Hey, I already came up with the slashdot idea.
An excellent choice - the average slashdot reader would resent any implication
that they were using a substandard clueless ISP, and would complain in a most
vociferous manner.. ;)
pgp0
On Tue, 11 Mar 2003 14:58:10 MST, "Alec H. Peterson" said:
> How about if we all chip in to hire a bunch of out of work consultants to
> fly to the NOCs of the various backbones who are being boneheaded to
> educate them with a clue-by-four?
I suspect the problem isn't the backbones that have a
On Mon, 10 Mar 2003 16:00:01 EST, "McBurnett, Jim" said:
> > This will leave the clueless to buy a clue and
> >stimulate the economy ;-)
> Hey if it will be a great Stimulas package I bet we could get
> congressional research funding to try it. ;)
Note the obvious bootstrapping problem wi
On Sun, 09 Mar 2003 13:09:14 CST, Jack Bates said:
> There are private systems in use today like NJABL which act as centralized
private systems. Plural. Because..
> resources. I believe that it is possible to come to an agreement on a
> standardized test suit that can be used and what the variab
is that in general, the sites that are able to tell
the difference between these two situations are not the sites that either
situation is trying to detect.
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
pgp0.pgp
Description: PGP signature
27;re low on tapes to send
off-site, what are the chances that we'll still be at RED when the tapes
actually arrive from the vendor?
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
msg09240/pgp0.pgp
Description: PGP signature
On Thu, 20 Feb 2003 22:11:06 +0100, Iljitsch van Beijnum said:
> Seems to me that filtering is no longer necessary unless you have reason
> to believe your customers are going to install new vulnerable boxes or
> vulnerable software on existing boxes AND their pipe to you is so big
"new vulnerabl
o, don't, not for
over 72 hours, etc? I think most people that do an AS-enabled traceroute
are always going to be getting the same answers back for the first few hops
to *ANYWHERE* - caching at least "your local neighborhood" could dramatically
cut the number of queries
--
On Mon, 10 Feb 2003 13:02:39 EST, Charles Youse <[EMAIL PROTECTED]> said:
> That doesn't seem to make a lot of sense - is it that QoS doesn't work as advertised?
Qos is designed for dealing with "who gets preference when there's a bandwidth
shortage". Most places are having a bandwidth glut at t
So you end up penalizing sites that don't have a clue, while the clued spammers
will do this:
% ldap add abuse_contact mailbox="[EMAIL PROTECTED]"
% cat > ~abuse/.forward
/dev/null
^D
What have you won?
--
Valdis Kletniek
ome 278K connections
to other sites yesterday. Of the 3,453 domains it talked to, 123 were
willing to do STARTTLS, for a deployment rate of 3.5%.
Unfortunately, working across connections, only 0.53% used it. If the 10
busiest sites we talked to deployed STARTTLS, it would jump to some 27% of
the tr
rall performance and security
> issues?
"I'll get back to you Tuesday or when NANOG posts embarrass me" works for
peering issues, but not for security issues.
--
Valdis Kletnieks
Computer Systems Senior Engineer
On Tue, 28 Jan 2003 19:10:52 EST, Eric Germann <[EMAIL PROTECTED]> said:
> Sort of like the person who sued McD's when they dumped their own coffee in
> their lap because it was "too hot". Somewhere in the equation, the
> sysadmin/enduser, whether Unix or Windows, has to take some responsibility
N or whatever?
Remember - users do NOT care about security. Users care about finishing
whatever task THEY are busy with, which is almost never security.
--
Valdis Kletnieks
Computer Systems Senior Engineer
On Mon, 27 Jan 2003 16:00:51 EST, [EMAIL PROTECTED] said:
> It is very easy.
>
> Deny everything.
> Allow outbound port 80
Bzzt! You just let in an ActiveX exploit. Or Javascript. Or
> Allow mail server to 25
Bzzt! You just let in a new Outlook exploit.
> If you need AIM, allow AIM from w
On Mon, 27 Jan 2003 15:53:07 EST, [EMAIL PROTECTED] said:
> The amazingly simple solution is to make it uneconomical for anyone to
> maintain unprotected network (for whatever two sets uneconomical and
> unprotected are). For example, have a machine that had been broken into and
> used to attack a
On Mon, 27 Jan 2003 15:33:34 EST, [EMAIL PROTECTED] said:
>
> > > This is not correct. VPN simply extends security policy to a different
> > > location. A VPN user must make sure that local security policy prevents
> > > other traffic from entering VPN connection.
> >
> > Given that the head of
On Mon, 27 Jan 2003 14:50:22 EST, [EMAIL PROTECTED] said:
> This is not correct. VPN simply extends security policy to a different
> location. A VPN user must make sure that local security policy prevents
> other traffic from entering VPN connection.
Given that the head of one of our three-letter
e back..
Well.. it's your paycheck, not mine.
I mean.. really. if a company needs a "code green" tool to clean up after this
for their own internal stuff, the right answer isn't code green, the right
answer is outsourcing their IT to somepla
s all of it.
Ingress/egress filtering would help in some cases of a DDoS packet flood.
Ingress/egress filtering doesn't do squat when Nimda is on a burn.
--
Valdis Kletnieks
Computer Systems Senior Engineer
don't even *HAVE* a security team, and "the problem is deduced" is
a challenge for the ones that have a team that don't have a clue.
We see a *LOT* of postings here "anybody know a clueful at XYZ, we've been
DDoS'ed for 36 hours"
--
On Tue, 14 Jan 2003 20:16:31 EST, blitz <[EMAIL PROTECTED]> said:
> >http://www.theregister.co.uk/content/6/28842.html
> >
> >By Andrew Orlowski in San Francisco
> >Posted: 14/01/2003
> >
> >The RIAA is preparing to infect MP3 files in order to audit and
> >eventually disable file swapping, accor
y can't interoperate because Vendor B is a
bunch of clueless weenies - now what do you do?
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
msg07968/pgp0.pgp
Description: PGP signature
On Fri, 10 Jan 2003 17:53:11 EST, blitz said:
>
> AGREED, one end and one end only, or youre asking for a ground
> loopground the end with the best, shortest path to earth ground.in
> his case, that would prob be the telco room end, "usually" theres a decent
> ground there somewhere
On Mon, 06 Jan 2003 23:57:29 EST, David Diaz <[EMAIL PROTECTED]> said:
> At this point it's pretty clear that unless you have 1 to 1 spare
> capacity someone is going to have to see an outage. Prioritizing
> kicks in at this point. Different service levels (ie Platinum, Gold,
> Lead) kick in
On Tue, 24 Dec 2002 10:26:09 EST, Richard Forno said:
> In my last post when I said this:
> > If something's deemed 'critical' to a large segment of the population, then
> > security must NEVER outweigh conveinience. Period. Non-negotiable.
> I meant to say that security must ALWAYS outweigh convie
Stoll
was chasing?
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
msg07585/pgp0.pgp
Description: PGP signature
On Fri, 20 Dec 2002 11:31:39 MST, "Wayne E. Bouchard" said:
>
> On Fri, Dec 20, 2002 at 11:12:43AM -0500, David Lesher wrote:
> >
> > [This just jumped into the operational arena. Are you prepared
> > with the router port for John Poindexter's vacuum? What changes
> > will you need to make? What
before the fact -
the question is how many of the REST of you do?)
--
Valdis Kletnieks
Computer Systems Senior Engineer
Virginia Tech
msg07439/pgp0.pgp
Description: PGP signature
701 - 800 of 927 matches
Mail list logo