Charles,
Let's add a very important line:
"Then They Came for the OC-3 or smaller connections
and I did not speak out
because I run fat OC-12 - OC-48 pipes"
which doesn't help you much today.
I've seen attacks of around a Gbit/s bandwidth. So a OC-48 is already
in danger. The OC-12 is useless. A
>We're continuing the work the issue, and would be grateful if operators
>would check for 40-byte spoofed TCP headed towards 198.133.219.25/32 and
>trace/block it as warranted. Your patience and understanding are greatly
>appreciated.
>
>Thanks!
>
>
On Mon, 6 Oct 2003, Matt wrote:
The nsp-security list coordinates the interaction between ISPs and NSPs in
near real-time. The list has helped mitigate attacks and will continue to
do so. Those interested in being members and that fulfill the
requirements should review:
https://puck.nether.n
"Stephen J. Wilcox" wrote:
> You are making assumptions.. Cisco havent said if the source was spoofed or not,
> as a recent nanog thread indicated a lot of attacks do not use spoofed addresses
> any more simply because the controllers have access to enough legitimate windows
> boxes to not care a
Stephen J. Wilcox [10/7/2003 6:06 PM] :
You are making assumptions.. Cisco havent said if the source was spoofed or not,
as a recent nanog thread indicated a lot of attacks do not use spoofed addresses
any more simply because the controllers have access to enough legitimate windows
boxes to not
On Tue, 7 Oct 2003, Suresh Ramasubramanian wrote:
> Terry Baranski [10/7/2003 6:05 AM] :
>
> > Maybe this will have the positive effect of motivating Cisco to do more
> > to encourage best practices such as edge anti-spoof filtering. To begin
> > with, Barry Green's presentations on these issue
As the bandwidth ramps up on the access side, this problem is only going
to become more and more prevalent (as if it's not already enough of a
problem). While I don't think filtering is the silver bullet, it can
certainly help at times. I think some of the larger watch sites (eg
SANS, etc.) o
Terry Baranski [10/7/2003 6:05 AM] :
Maybe this will have the positive effect of motivating Cisco to do more
to encourage best practices such as edge anti-spoof filtering. To begin
with, Barry Green's presentations on these issues are hidden away on
his/Cisco's FTP server (ftp://ftp-eng.cisco.com
>> We've been handling a multi-vector DDoS - 40-byte spoofed
>> SYN-flooding towards www.cisco.com
>
> Now that they've come for cisco, maybe law enforcement,
> network operators, and router vendors will all get their
> $h!t together and do something to put a stop to these DDoS
> attacks that
On Mon, 6 Oct 2003, Peter E. Fry wrote:
Hi,
As a jew, I must admit that I also understood the point, and didn't
think of Nazi Germany, although you'd think it would evoke an immediate
emotional reaction (which it admitedly did), but that reaction did not
cloud my judgement.
I think i
> > I'm assuming, though not certain, that Cisco would have alternative
> > distribution/communication/update channels in such an event, but is that
> > indeed the case?
>
> My access to ftp.cisco.com is working fine whilst the website remains down..
Hi Steve,
No I do realize that what I suggest
On Mon, 6 Oct 2003, [EMAIL PROTECTED] wrote:
> > > Anyone who doesn't think that's an operational issue, just wait until it
> > > bites you on the ass.
> >
> > Now we have clear evidence that there are no less than three who
> > understand the threat.
>
> My first thought was that the DDoS was a
> > Anyone who doesn't think that's an operational issue, just wait until it
> > bites you on the ass.
>
> Now we have clear evidence that there are no less than three who
> understand the threat.
My first thought was that the DDoS was a means of obscuring access to
patches for other vulnerabilit
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
Hello Allan,
Monday, October 6, 2003, 7:22:30 PM, you wrote:
AL> As far as comparing NANOG moderation to Nazi Germany that is
AL> disgusting and beneath contempt.
My apologies to Kai and the list, I misread -- to some extent -- the
original meanin
On Mon, 06 Oct 2003 18:45:15 -0500
"Laurence F. Sheldon, Jr." <[EMAIL PROTECTED]> wrote:
| Now we have clear evidence that there are no less than three who
| understand the threat.
If you mean the threat from those who will attack and disable sites
because they don't like what people at those si
> > First They Came for the IRC bots
> > and I did not speak out
> > because I did not run a bot.
> > Then They Came for the IRC servers
> > and I did not speak out
> > because I did not run an IRC server.
> > ...skip a few years...
> > Then They Came for the DNSBLs
> > and I did not speak out
>
On 6 Oct 2003 at 19:22, Allan Liska wrote:
> I don't know what your post has to do with the original topic, but if
> you don't like the way NONOG is moderated, please feel free to start
> your own Network Operators mailing list.
>
> As far as comparing NANOG moderation to Nazi Germany that is
>
On Mon, 06 Oct 2003 19:38:38 EDT, [EMAIL PROTECTED] said:
> A handful of people (an assumption on my part) have the power /
> distributed bandwidth to bring just about any internet site/network to its
> knees using the distributed.net meets DoS tools they've created and
> distributed to thousands,
[EMAIL PROTECTED] wrote:
>
> On Mon, 6 Oct 2003, Allan Liska wrote:
>
> > KS> The following well-remembered lines come to mind here, and excuse me if
> > KS> you hear a slight hysterical laughter from my direction:
> >
> > I don't know what your post has to do with the original topic, but if
> >
On Mon, 6 Oct 2003, Allan Liska wrote:
> KS> The following well-remembered lines come to mind here, and excuse me if
> KS> you hear a slight hysterical laughter from my direction:
>
> I don't know what your post has to do with the original topic, but if
> you don't like the way NONOG is moderate
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
Hello Kai,
Monday, October 6, 2003, 6:39:49 PM, you wrote:
KS> The following well-remembered lines come to mind here, and excuse me if
KS> you hear a slight hysterical laughter from my direction:
I don't know what your post has to do with the origi
On Mon, 6 Oct 2003 14:01:31 -0700, Roland Dobbins wrote
> Folks,
>
> We've been handling a multi-vector DDoS - 40-byte spoofed SYN-flooding
> towards www.cisco.com (198.133.219.25/32) as well as an HTTP-AUTH
> resource-exhaustion attack, and working these issues with our
> upstreams. Our apol
Folks,
We've been handling a multi-vector DDoS - 40-byte spoofed SYN-flooding
towards www.cisco.com (198.133.219.25/32) as well as an HTTP-AUTH
resource-exhaustion attack, and working these issues with our
upstreams. Our apologies for any inconveniences, and our thanks to
those who've assis
23 matches
Mail list logo