Good day all,
I am curious if anyone is familiar with the role of LCP echo
requests in Mobile IP environments to maintain session activity. Specifically,
I am wondering does anyone have familiarity with the Cisco CSG (billing) and its
ability if any to interpret that traffic.
Thanks
At 11:36 PM +0200 2002/08/17, Brad Knowles wrote:
a very logical
algorithm would be ``n source ip adresses per /16 per minute'' which
would catch at least the badly distributed DDoS attacks and does not
impose large processing
I have some fairly popular echoes at gurus.com, the most popular of
which is [EMAIL PROTECTED] (an address that never appeared anywhere,
oddly enough, although versions like [EMAIL PROTECTED] appear in
my books.)
It remembers each message it sends, and won't send more than five
messages per
the badly distributed DDoS attacks and does not
impose large processing overhead in cycles and memory, i think.
Assuming you're talking about the transmitting relay (which would
be difficult to fake), this would be some additional protection.
i don't think that an echo service would
At 3:55 AM +0200 2002/08/17, Karsten W. Rohrbach wrote:
Also, how do you handle echoes of echoes? For example, if I
forged e-mail as being from [EMAIL PROTECTED] and addressed that to
[EMAIL PROTECTED] (or whatever), would this generate an endless loop?
X-Loop:
Hmm. If
). one would need
to have a white list for those ip adresses.
i don't think that an echo service would be this popular that it
needs to process very many messages for the same /16 in a short period
of time.
Unless someone is trying to DoS your machine. Heck, they could
just
On Fri, Aug 16, 2002 at 12:38:26PM -0400, Martin Hannigan wrote:
Looks like the echo mail reflectors at PSI are now gone.
Must've happened today as I use these frequently.
[EMAIL PROTECTED] on Fri, 16 Aug 2002 12:29:41 -0400
[EMAIL PROTECTED] still works
-j
like the echo mail reflectors at PSI are now gone.
Must've happened today as I use these frequently.
--SNARF
Your message
To: [EMAIL PROTECTED]
Subject: test foo test bar test foo test bar
Sent:Fri, 16 Aug 2002 12:29:27 -0400
did not reach the following recipient(s
Hi, Martin.
What is an echo mail reflector? Is this something I could provide?
It basically allow you to bounce mail off of the address and
returns a copy of your mail replete with headers. Useful for
testing mail configuration, latency, etc.
Someone just pinged me and said that [EMAIL
of the
Internet mail gateway system), but we didn't bother using echo
accounts at other providers. We simply set up accounts at other
sites and had them set up to forward everything they got back to a
central monitoring account.
For those systems we wanted to test against but where we
PROTECTED])@2002.08.16 19:48:10 +:
What kinds of anti-abuse protection methods have people used for
echo accounts that they have set up?
- scoreboard: one mail from one source addres in one minute time window
Yeah, but then abusers could easily generate elephantine
At 4:33 PM -0400 2002/08/16, Martin Hannigan wrote:
I'm not sure why this is such a worry since a lot of these
responders have been working for over a decade, and they've
all been just fine operating the way they are.
Most security holes are not anything to worry about -- until
At 9:43 PM +0200 2002/08/16, Karsten W. Rohrbach wrote:
- scoreboard: one mail from one source addres in one minute time window
Do you just queue messages from source addresses, so that you
don't generate more than one echo in a minute, or do you throw away
every message from
Brad Knowles([EMAIL PROTECTED])@2002.08.16 22:27:08 +:
At 9:43 PM +0200 2002/08/16, Karsten W. Rohrbach wrote:
Brad Knowles([EMAIL PROTECTED])@2002.08.16 19:48:10 +:
What kinds of anti-abuse protection methods have people used for
echo accounts that they have set up
echo in a minute, or do you throw away
every message from that source address which was generated less than
one minute ago?
please, see the other answer in this thread.
Also, how do you handle echoes of echoes? For example, if I
forged e-mail as being from [EMAIL PROTECTED
and send a FIN.
Sounds benign, but you'd be surprised how klaxons go off in response to this.
-C
Perhaps most maddening is that ICMP echo/response hardly reflects
real-world performance. (At least I don't usually tunnel my
HTTP, SMTP, and FTP packets through ICMP, but perhaps I'm just
being weird
stats. So, they send a SYN, wait for the ACK, record the
latency and send a FIN. Sounds benign, but you'd be surprised how
klaxons go off in response to this.
So what, someone sneezes on an ethernet cable and IDS alarms go off. :)
Theoretically, ICMP Echo should be less intrusive for performance
Also sprach E.B. Dreger
RAS be mistaken for a port scan. But for so many network admins,
RAS all they know is ICMP bad.
That'll be the day when someone calls abuse saying I'm being attacked
by ICMP unreachables! ;-)
That'll be...? Future tense? Hrmm...
--
Jeff McAdams
At 03:21 PM 28/05/2002 -0400, Jeff Mcadams wrote:
Also sprach E.B. Dreger
RAS be mistaken for a port scan. But for so many network admins,
RAS all they know is ICMP bad.
That'll be the day when someone calls abuse saying I'm being attacked
by ICMP unreachables! ;-)
That'll be...? Future
On Tue, 28 May 2002 16:01:12 EDT, Richard A Steenbergen said:
I don't know whats worse, those crappy personal firewalls that make every
packet look like a life or death assault, or the idiots who send abuse
email demanding that you do something for them or they will sue and/or
hax0r you.
]]
Sent: Tuesday, May 28, 2002 1:01 PM
To: Mike Tancsa
Cc: Jeff Mcadams; [EMAIL PROTECTED]
Subject: Re: operational: icmp echo out of control?
On Tue, May 28, 2002 at 03:36:08PM -0400, Mike Tancsa wrote:
Jeu 09 mai 2002 15:30:22, Port 3, ICMP, Destination Unreachable
Jeu 09 mai 2002
On Tue, 28 May 2002 16:16:08 -0400
[EMAIL PROTECTED] wrote:
It's common enough that it's got it's own acronym. IWF - Idiot With
Firewall.
We call them OZZADs and here is how we respond:
http://condor.depaul.edu/~jkristof/technotes/incident-response.html
John
We call them OZZADs and here is how we respond:
Hmm.. 3 people have asked already What's an OZZAD? ;)
So I don't have to keep answering this, forwarded to the group:
Over Zealous Zone Alarm Dork
John
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Mike Tancsa
Sent: Tuesday, May 28, 2002 3:36 PM
To: Jeff Mcadams
Cc: [EMAIL PROTECTED]
Subject: Re: operational: icmp echo out of control?
[deleted]
The access attempt(s) are shown below, including
On Thu, 23 May 2002, Mark Kent wrote:
I've observed that our border routers are getting pinged
5 per second, seems consistent throughout the day,
roughly 40 different sources every 15 seconds
I took a look at the varied sources and discovered that the sites
are well connected and
On Thu, May 23, 2002 at 10:05:08AM -0700, Mark Kent wrote:
I've observed that our border routers are getting pinged a fair bit.
I measured on one router and saw:
5 per second, seems consistent throughout the day,
roughly 40 different sources every 15 seconds
I took a look at the
RAS I can't speak as to what exactly Akamai is doing, but this
I should add that Akamai contacted me with minutes of my initial
post to ask for more data and they said that they are looking
into it... leaving me with the impression that what I was seeing
was not typical.
-mark
of probing for performance reasons is becoming
RAS increasingly common as more people jump on the optimized
RAS routing bandwagon.
Perhaps most maddening is that ICMP echo/response hardly reflects
real-world performance. (At least I don't usually tunnel my
HTTP, SMTP, and FTP packets through ICMP
I have uploaded a PDF version of our RTT measurement study.
You can find it at:
http://idmaps.eecs.umich.edu/papers/rtt.pdf
Regards,
Amgad
Path latency doesn't change much, you can determine
this with very few probes.
. . . .
Much like web spidering, some simple common sense can
29 matches
Mail list logo
