Al Rowland wrote:
Not to mention that fact that 99.99% of current consumer connections are
not up to the task. Standard full-screen video digital stream is ~6Mbps,
HDTV requires 19.4Mbps. Don't know many consumers with T3s. ;)
VDSL or ADSL2+ would cut it, until fiber to the curb gets the nor
On Tue, 21 Jan 2003, todd glassey wrote:
>
> Vadim - the newest form of SPAM uses the Messenger facility to place a
> pop-up in the middle of your screen without any email, pop, smtp or other
> service being involved. I apologize for the tone of the first posting, but I
> still stand by it. When
On Tue, 21 Jan 2003, todd glassey wrote:
> Vadim - the instant someone sues a Provider for sexual harassment from their
> spam epidemic you will start to see things change. The reason that No-Sane
> provider will block these ports or services is because they have been
> listening to their Networ
VA> Date: Mon, 20 Jan 2003 19:59:08 -0800 (PST)
VA> From: Vadim Antonov
VA> Well, blocking TCP SYNs is not a way to block establishment
VA> of sessions between _cooperating_ hosts.
With cooperating hosts, anything goes. Hack up the IP stack, and
have specially-crafted DNS queries carry the ISN
On Mon, 20 Jan 2003, Avleen Vig wrote:
>
> On Mon, 20 Jan 2003, Christopher L. Morrow wrote:
>
> > > I was refering specifically to end user workstations. For example home
> > > machines on dial up or broadband connections.
> > > A lot of broadband providers already prohibit running servers an
On Tue, 21 Jan 2003, Christopher L. Morrow wrote:
> > Indeed it does break that. P2P clients: Mostly transfer illegal content.
> > As much as a lot of people love using these, I'm sure most realise they're
> > on borrowed time in their current state.
> > And I'm sure that if they were gone tomorr
On Mon, 20 Jan 2003, Avleen Vig wrote:
> > Doesn't this stop kazaa/morpheus/gnutella/FTP/ > chats>? This is a problematic setup, and woudl require the cable modem
> > provider to maintain a quickly changing 'firewall' :( I understand the
> > want to do it, but I'm not sure its practical to see it
On Mon, 20 Jan 2003, Christopher L. Morrow wrote:
> > I was refering specifically to end user workstations. For example home
> > machines on dial up or broadband connections.
> > A lot of broadband providers already prohibit running servers and block
> > certain inbound ports (eg 21 and 80).
> >
On Sun, 19 Jan 2003, Avleen Vig wrote:
> On Sun, 19 Jan 2003, Christopher L. Morrow wrote:
>
> > > you could partly get around this by blocking all 'SYN' packets going to
> > > your customers :-)
> >
> > and we are hoping none are hosting webservers or mail servers or
> > right? Oh wait! I'
Hi, NANOGers.
] The rest could be handled with a simple IDS (doesn't even need
] to match patterns... just count packets going to 27374 and the like)
There is no "simple IDS" for OC48+ links. :) Counters are possible,
though adding that many ACLs can be more than burdensome on certain
code and
On Sun, 19 Jan 2003, Christopher L. Morrow wrote:
> > you could partly get around this by blocking all 'SYN' packets going to
> > your customers :-)
>
> and we are hoping none are hosting webservers or mail servers or
> right? Oh wait! I'll just make them use my datacenters, right?? or were
>
Everyone probably knows... But if not -- just a reminder that you can also
add access-list number after 'ip verify unicast reverse-path' to allow any
hosts you think that should be able to get allowed through the filter :-)
It's convenient when you are doing some mobileIP+vpn stuff in which som
On Sat, 18 Jan 2003, Avleen Vig wrote:
> On Sat, 18 Jan 2003, Christopher L. Morrow wrote:
>
> > > Eliminating spoofed addresses from the backbone, even if it were possible
> > > to do 100%, would not eliminate denial of service attacks. The DDoS attacks
> >
> > This was precisely the point of M
On Sat, 18 Jan 2003, Christopher L. Morrow wrote:
> > Eliminating spoofed addresses from the backbone, even if it were possible
> > to do 100%, would not eliminate denial of service attacks. The DDoS attacks
>
> This was precisely the point of Mr. Gill from AOL at the aforementioned
> NANOG meeti
Hi, NANOGers.
You just knew I couldn't stay out of this thread for long. ;)
] I'd note that UUNET also went through some pain to push CPE configs with
] 'good' passwds for telnet and enable, now there are tens (perhaps
] hundreds) of CPE routers with 'cisco' as the vty passwd... Don't
During
On Sat, 18 Jan 2003, Daniel Senie wrote:
> At 09:29 PM 1/17/2003, Christopher L. Morrow wrote:
> >On Fri, 17 Jan 2003, Stewart, William C (Bill), RTLSL wrote:
> >
> > >
> > >
> > >
> > > -Original Message-
> > > From: Stewart, William C (Bill), RTLSL
> > > Sent: Friday, January 17, 2003 5
On Fri, 17 Jan 2003, Stewart, William C (Bill), RTLSL wrote:
>
>
>
> -Original Message-
> From: Stewart, William C (Bill), RTLSL
> Sent: Friday, January 17, 2003 5:35 PM
> To: '[EMAIL PROTECTED]'
> Subject: Re: Is there a line of defense against Distributed Reflective
> attacks?
>
>
> Ma
17 matches
Mail list logo