On 13/09/05, Scott A Crosby <[EMAIL PROTECTED]> wrote:
>
> When the number of open print servers exceeds a threshold, I predict
> that 'innovative marketers' will start using zombied toasters to send
> advertisements to all open print servers they can find.
>
> And at that point, security matter
On Mon, 12 Sep 2005 12:47:00 +0200, Iljitsch van Beijnum <[EMAIL PROTECTED]>
writes:
> On 12-sep-2005, at 2:47, [EMAIL PROTECTED] wrote:
>
>> Amazingly enough, the *single* biggest problem in trying to get Joe
>> Sixpack to secure their systems is "But I don't have anything
>> they'd be interest
On Mon, 12 Sep 2005 12:26:03 EDT, "Howard, W. Lee" said:
> Maybe I missed an intermediate post or two, but is the assertion
> here that IPv6 is more secure because it's impractical to scan such
> a large number of possible host IP addresses? Sort of like zebra
> camouflage--it's easy to see the h
On Mon, 12 Sep 2005, Howard, W. Lee wrote:
Maybe I missed an intermediate post or two, but is the assertion
here that IPv6 is more secure because it's impractical to scan such
a large number of possible host IP addresses? Sort of like zebra
camouflage--it's easy to see the herd, but hard to se
On 12-sep-2005, at 2:47, [EMAIL PROTECTED] wrote:
In other words: 0wning random appliances isn't all that interesting.
Amazingly enough, the *single* biggest problem in trying to get Joe
Sixpack to secure their systems is "But I don't have anything
they'd be
interested in..."
Security i
On 12/09/05, JORDI PALET MARTINEZ <[EMAIL PROTECTED]> wrote:
>
> And yes, having more addresses means also that every device can turn on
> end-to-end security, which is already an improvement versus today Internet
> with IPv4+NAT.
>
Jordi, as I told you at APNIC 20, end to end security and host
12 Sep 2005 08:05:51 +0530
> Para: "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
> CC: Joel Jaeggli <[EMAIL PROTECTED]>, Alan Spicer
> <[EMAIL PROTECTED]>, Steve Gibbard <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]>
> Asunto: Re: Katrina Network Damage Report
&g
On 12/09/05, JORDI PALET MARTINEZ <[EMAIL PROTECTED]> wrote:
>
> It seems to me that you're assuming that your access network will be
> multi-gigabit in order to support millions of hosts trying to scan each of
> your subnets simultaneously in order to finish in time before celebrating a
> couple
On Sun, 11 Sep 2005 23:26:20 EDT, [EMAIL PROTECTED] said:
> Given that ther's not 2**80 atoms on the planet, yes, that *would* be an =
> ouch.
D'oh!. There are 2**80 atoms. Somebody misremembered Avogadro's number. ;)
pgpcnncRYjupA.pgp
Description: PGP signature
: Suresh Ramasubramanian <[EMAIL PROTECTED]>
> Responder a: <[EMAIL PROTECTED]>
> Fecha: Mon, 12 Sep 2005 07:32:36 +0530
> Para: Joel Jaeggli <[EMAIL PROTECTED]>
> CC: Alan Spicer <[EMAIL PROTECTED]>, Steve Gibbard <[EMAIL PROTECTED]>,
> <[EMAIL
On Mon, 12 Sep 2005 08:29:03 +0530, Suresh Ramasubramanian said:
> With all due respect (!) to the v6 promotion councils out there, I
> doubt, for the same reasons you do, that there'll ever be enough v6
> capable hosts out there, toasters or not, to fill even a single /48,
> for a long time .. bu
On 12/09/05, Dave Stewart <[EMAIL PROTECTED]> wrote:
>
> Sure, with some incredible luck, you could find all those devices while
> you're scanning - just seems like some are crying that the sky is falling
> already.
>
Like I said -
> I was just assuming that people who promote v6 as the best t
Once you find a host on a /48 jump to the next one I guess. Or make
some guess on what IP addressing scheme is being followed and which
subnets of that /48 are being used [assuming that an end site like a
cellphone carrier decides to give v6 IPs to all its phone users] ...
scan from within the
On 12/09/05, [EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote:
> A /48 is 80 bits of address. 1,208,925,819,614,629,174,706,176 addresses.
> Even at a million packets/second (which even Joe Sixpack will quite likely
> notice until such time as the Linksys router you get at Walmart does 1M pps),
> that
On Mon, 12 Sep 2005 07:32:36 +0530, Suresh Ramasubramanian said:
>
> On 12/09/05, Joel Jaeggli <[EMAIL PROTECTED]> wrote:
> > Drop me a line when your botnet finishes scanning 3FFE:::/16 and moves
> > on to 2001:::
>
> It is a v6 botnet - so a correspondingly larger number of infected
> h
On 12/09/05, Joel Jaeggli <[EMAIL PROTECTED]> wrote:
> Drop me a line when your botnet finishes scanning 3FFE:::/16 and moves
> on to 2001:::
It is a v6 botnet - so a correspondingly larger number of infected
hosts, and larger botnet size
If it is your argument that scanning just won't sc
On 12/09/05, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
>
> so, not security per se, more authentication...
>
Authentication, access control, basic remote and local vulnerabltiies,
viruses .. the works
> those things are networkable now... as are these:
> light switch
On Mon, Sep 12, 2005 at 07:15:59AM +0530, Suresh Ramasubramanian wrote:
> On 12/09/05, [EMAIL PROTECTED]
> <[EMAIL PROTECTED]> wrote:
> > > Security is something that really must be taken into account now,
> > > before it starts to become a problem
> >
> > er,, not to be a naif, but what
On Mon, 12 Sep 2005, Suresh Ramasubramanian wrote:
On 12/09/05, Joel Jaeggli <[EMAIL PROTECTED]> wrote:
It doesn't scare us... ever try nmaping a /48?
one host at a time? from a single point? nope - once v6 becomes common
enough someone will just write a nice little distributed botnet to
p
On 12/09/05, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> > Security is something that really must be taken into account now,
> > before it starts to become a problem
>
> er,, not to be a naif, but what do you mean by "security"
> in this context?
Well, something like coding th
On Mon, Sep 12, 2005 at 06:25:30AM +0530, Suresh Ramasubramanian wrote:
>
> On 12/09/05, Joel Jaeggli <[EMAIL PROTECTED]> wrote:
> >
> > It doesn't scare us... ever try nmaping a /48?
> >
>
> one host at a time? from a single point? nope - once v6 becomes common
> enough someone will just writ
On 12/09/05, Joel Jaeggli <[EMAIL PROTECTED]> wrote:
>
> It doesn't scare us... ever try nmaping a /48?
>
one host at a time? from a single point? nope - once v6 becomes common
enough someone will just write a nice little distributed botnet to
propagate around it.
who wants nmap when all you n
On 11/09/05, Iljitsch van Beijnum <[EMAIL PROTECTED]> wrote:
>
> In fact, I would much rather allow access to pretty much anything
> else rather than a powerful general-purpose computer.
>
My microwave has a bigger and faster processor than the one that the
Apollo lunar modules had.
In the tim
On Sun, 11 Sep 2005 19:01:21 +0200, Iljitsch van Beijnum said:
> In other words: 0wning random appliances isn't all that interesting.
Amazingly enough, the *single* biggest problem in trying to get Joe
Sixpack to secure their systems is "But I don't have anything they'd be
interested in..."
> In
On Sun, 11 Sep 2005, Suresh Ramasubramanian wrote:
On 9/11/05, Alan Spicer <[EMAIL PROTECTED]> wrote:
love IPv6 more than you guys would ever give to a sole. Shoot I could run a
big ISP on a single 48. God bless America.
Instead, you have small end sites getting /48s from tunnel provide
On 11-sep-2005, at 20:26, Alan Spicer wrote:
some countries other than the US are severely starved for IP
addresses.
Please point me to the RIR policies that say that organizations in
the US that don't have address space get it, while the same request
from a non-US organization is denied
OTECTED])
- Original Message -
From: "Iljitsch van Beijnum" <[EMAIL PROTECTED]>
To: "NANOG list" <[EMAIL PROTECTED]>
Sent: Sunday, September 11, 2005 1:01 PM
Subject: Re: Katrina Network Damage Report
On 11-sep-2005, at 14:40, Suresh Ramasubramanian wro
On 11-sep-2005, at 14:40, Suresh Ramasubramanian wrote:
And seriously, does the main assumption of v6, that every single
toaster out there is going to become a v6 host, really not scare
anyone?
Nope. I guess people have other things that scare them... See subject.
Giving IP connectivity to
On Sep 11, 2005, at 6:52 AM, Alan Spicer wrote:
love IPv6 more than you guys would ever give to a sole. Shoot I
could run a big ISP on a single 48. God bless America.
Bring it on... Why are you so afraid?
Inability to run our networks because the design lacks essential
elements.
But fe
randy, all,
On Sun, Sep 11, 2005 at 04:11:50AM +0700, Randy Bush wrote:
> Re: From: Todd Underwood <[EMAIL PROTECTED]>
> but, the geolocation stuff is cool. could it have told us, in
> an operationally useful/timely manner, that at&t had moved from
> new jersey to spain the other day?
yes, wit
On 9/11/05, Alan Spicer <[EMAIL PROTECTED]> wrote:
>
> love IPv6 more than you guys would ever give to a sole. Shoot I could run a
>
> big ISP on a single 48. God bless America.
>
Instead, you have small end sites getting /48s from tunnel providers,
and then running maybe two or three hosts o
lt;[EMAIL PROTECTED]>
Sent: Sunday, September 11, 2005 12:35 AM
Subject: Re: Katrina Network Damage Report
On Sat, 10 Sep 2005, Todd Underwood wrote:
interesting discussion. at least we're talking about networking now.
:-)
wrt sean's comment, the only thing i can think he means by
On Sat, 10 Sep 2005, Todd Underwood wrote:
interesting discussion. at least we're talking about networking now.
:-)
wrt sean's comment, the only thing i can think he means by 'partition'
is that the networks may have power may be in some routing table but
just not the routing table of any of
Randy wrote:
>George William Herbert <[EMAIL PROTECTED]>
>> Looking at the routing tables you see failures. If a prefix
>> goes away completely and utterly, and is truly unreachable,
>> then anyone trying to see it is going to see an outage.
>
>not if a covering or more specific tells us how to
> but reachability is what it's all about. the folk here are
> paid to deliver packets. the control plane (routing) is one of
> the tools we use to achieve that end.
>
> Re: From: George William Herbert <[EMAIL PROTECTED]>
> > Looking at the routing tables you see failures. If a prefix
> > goe
Re: From: Todd Underwood <[EMAIL PROTECTED]>
to quote bobby dylan "you don't need a weatherman to know which
way the wind blows." i.e., unless you were the president, the
department of fatherland security, or fema, you probably knew
there was a major disaster ongoing in nola and surrounds. if
y
interesting discussion. at least we're talking about networking now.
:-)
wrt sean's comment, the only thing i can think he means by 'partition'
is that the networks may have power may be in some routing table but
just not the routing table of any of renesys's (or routeviews or ripe)
peers. in t
Todd Underwood wrote:
> Sean Donelan wrote:
>> Todd Underwood wrote:
>> > the general idea is: take a large peerset sending you full
>> > routes, keep every update forever, and take a reasonably long (at
>> > least a month or two) time horizon. calculate a consensus view for
>> > each prefix as
sean,
On Sat, Sep 10, 2005 at 10:18:25AM -0400, Sean Donelan wrote:
> On Sat, 10 Sep 2005, Todd Underwood wrote:
> > the general idea is: take a large peerset sending you full
> > routes, keep every update forever, and take a reasonably long (at
> > least a month or two) time horizon. calculate
On Sat, 10 Sep 2005, Todd Underwood wrote:
> the general idea is: take a large peerset sending you full
> routes, keep every update forever, and take a reasonably long (at
> least a month or two) time horizon. calculate a consensus view for
> each prefix as to whether that prefix is reachable by
randy brings up two separate questions...
On Sat, Sep 10, 2005 at 07:22:34PM +0700, Randy Bush wrote:
> but what about existence of covering or more specific prefixes?
> while aggregate inferences are likely reasonable, in general,
see? i told y'all that this would come up! yes, covering prefi
but what about existence of covering or more specific prefixes?
while aggregate inferences are likely reasonable, in general,
inferring unreachability of end interfaces by looking only at
routing data, especially multi-hop bgp data, worries me.
randy
randy,
On Sat, Sep 10, 2005 at 05:49:59PM +0700, Randy Bush wrote:
> this report repeatedly uses the term "outage." how is that
> determined/measured?
i think this is covered in the report several times, but i'm sorry if
it wasn't clear. this is based on work that we've done for a while
(some
this report repeatedly uses the term "outage." how is that
determined/measured?
randy
As promised, Renesys has released a brief paper on the effects of
Hurricane Katrina as seen from the Internet. We cover the period of
land fall in some detail and also review the recovery efforts.
http://www.renesys.com/resource_library/Renesys-Katrina-Report-9sep2005.pdf
People who are inter
45 matches
Mail list logo