The problem here is that other types of probes raise IDS alarms on way too many
networks - the next-best method is to probe HTTP ports, but we don't want to
have to pull down thousands of web pages just to get performance stats. So,
they send a SYN, wait for the ACK, record the latency and
On Tue, May 28, 2002 at 01:05:19PM -0400, Chris Woodfield wrote:
The problem here is that other types of probes raise IDS alarms on way
too many networks - the next-best method is to probe HTTP ports, but we
don't want to have to pull down thousands of web pages just to get
performance
Also sprach E.B. Dreger
RAS be mistaken for a port scan. But for so many network admins,
RAS all they know is ICMP bad.
That'll be the day when someone calls abuse saying I'm being attacked
by ICMP unreachables! ;-)
That'll be...? Future tense? Hrmm...
--
Jeff McAdams
At 03:21 PM 28/05/2002 -0400, Jeff Mcadams wrote:
Also sprach E.B. Dreger
RAS be mistaken for a port scan. But for so many network admins,
RAS all they know is ICMP bad.
That'll be the day when someone calls abuse saying I'm being attacked
by ICMP unreachables! ;-)
That'll be...? Future
On Tue, 28 May 2002 16:01:12 EDT, Richard A Steenbergen said:
I don't know whats worse, those crappy personal firewalls that make every
packet look like a life or death assault, or the idiots who send abuse
email demanding that you do something for them or they will sue and/or
hax0r you.
]]
Sent: Tuesday, May 28, 2002 1:01 PM
To: Mike Tancsa
Cc: Jeff Mcadams; [EMAIL PROTECTED]
Subject: Re: operational: icmp echo out of control?
On Tue, May 28, 2002 at 03:36:08PM -0400, Mike Tancsa wrote:
Jeu 09 mai 2002 15:30:22, Port 3, ICMP, Destination Unreachable
Jeu 09 mai 2002
On Tue, 28 May 2002 16:16:08 -0400
[EMAIL PROTECTED] wrote:
It's common enough that it's got it's own acronym. IWF - Idiot With
Firewall.
We call them OZZADs and here is how we respond:
http://condor.depaul.edu/~jkristof/technotes/incident-response.html
John
We call them OZZADs and here is how we respond:
Hmm.. 3 people have asked already What's an OZZAD? ;)
So I don't have to keep answering this, forwarded to the group:
Over Zealous Zone Alarm Dork
John
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Mike Tancsa
Sent: Tuesday, May 28, 2002 3:36 PM
To: Jeff Mcadams
Cc: [EMAIL PROTECTED]
Subject: Re: operational: icmp echo out of control?
[deleted]
The access attempt(s) are shown below, including
On Thu, 23 May 2002, Mark Kent wrote:
I've observed that our border routers are getting pinged
5 per second, seems consistent throughout the day,
roughly 40 different sources every 15 seconds
I took a look at the varied sources and discovered that the sites
are well connected and
On Thu, May 23, 2002 at 10:05:08AM -0700, Mark Kent wrote:
I've observed that our border routers are getting pinged a fair bit.
I measured on one router and saw:
5 per second, seems consistent throughout the day,
roughly 40 different sources every 15 seconds
I took a look at the
RAS I can't speak as to what exactly Akamai is doing, but this
I should add that Akamai contacted me with minutes of my initial
post to ask for more data and they said that they are looking
into it... leaving me with the impression that what I was seeing
was not typical.
-mark
Its important to note a point entioned here that vendors are building
boxes to do this as well. I ran a 3dns pair for a while and wow the
mail that came in from people with firewalls or simply watching for
probes. F5 was opening all sorts of half opened connections and wierd
ports other
I have uploaded a PDF version of our RTT measurement study.
You can find it at:
http://idmaps.eecs.umich.edu/papers/rtt.pdf
Regards,
Amgad
Path latency doesn't change much, you can determine
this with very few probes.
. . . .
Much like web spidering, some simple common sense can
14 matches
Mail list logo
