Re: HE IPv6 tunnel inbound

Also: www.cloudflare.com (for free) Este mensaje ha sido enviado gracias al servicio BlackBerry de Movilnet -Original Message- From: Cameron Byrne Date: Wed, 13 Jun 2012 21:10:06 To: Grant Ridder Cc: Subject: Re: HE IPv6 tunnel inbound On Jun 13, 2012 8:29 PM, "Grant Ridder" wrote: >

Re: HE IPv6 tunnel inbound

On Jun 13, 2012 8:29 PM, "Grant Ridder" wrote: > > Hi, > > I have a Hurricane Electric v6 tunnel setup on an AWS (amazon web services) > instance so that i can have ipv6 connectivity. I can ping and traceroute > out of the tunnel fine, but am unable to access the tunnel from outside. > For examp

Re: HE IPv6 tunnel inbound

On Wed, Jun 13, 2012 at 11:29 PM, Grant Ridder wrote: > Hi, > > I have a Hurricane Electric v6 tunnel setup on an AWS (amazon web services) > instance so that i can have ipv6 connectivity.  I can ping and traceroute > out of the tunnel fine, but am unable to access the tunnel from outside. >  For

HE IPv6 tunnel inbound

Hi, I have a Hurricane Electric v6 tunnel setup on an AWS (amazon web services) instance so that i can have ipv6 connectivity. I can ping and traceroute out of the tunnel fine, but am unable to access the tunnel from outside. For example, i am unable to traceroute to the tunnel address outside t

Re: very confusing.

I am as amused by antispam efforts as anyone, but can we stay on list topic? George William Herbert Sent from my iPhone On Jun 13, 2012, at 19:39, Owen DeLong wrote: > > > Sent from my iPad > > On Jun 13, 2012, at 9:01 PM, Joe Greco wrote: > >>> A trick to do on mail (USPS) spammers is ta

Re: very confusing.

Sent from my iPad On Jun 13, 2012, at 9:01 PM, Joe Greco wrote: >> A trick to do on mail (USPS) spammers is take the prepaid mailing = >> envelope they often include and tape it to a brick wrapped in brown = >> paper and drop it off at the post office. They have to pay the shipping. = >> If en

RE: EBAY and AMAZON

> The problem at this point is that even with improvements in newer > Windows systems there are probably on the order of a billion systems > out there, attached to the net, and still running these deeply flawed > OS's which can be taken over by just clicking on the wrong mail > message. There hav

Re: Patch Management - Windows & RHEL/CentOS based on Date

If you're using Active Directory I think you can actually do that with the Policy Manager thingy, but i'm not really a windows guy to be sure. -R> On Wed, Jun 13, 2012 at 4:47 PM, Wade Peacock wrote: > Hi All, > > Does anyone know of a patch management system that will allow us to control > the

Re: very confusing.

> A trick to do on mail (USPS) spammers is take the prepaid mailing = > envelope they often include and tape it to a brick wrapped in brown = > paper and drop it off at the post office. They have to pay the shipping. = > If enough people do it, they go out of business. That's simply false; local p

Re: very confusing.

A trick to do on mail (USPS) spammers is take the prepaid mailing envelope they often include and tape it to a brick wrapped in brown paper and drop it off at the post office. They have to pay the shipping. If enough people do it, they go out of business. In this case, do anything you can to wa

Re: Patch Management - Windows & RHEL/CentOS based on Date

On Wed, 13 Jun 2012 23:47:24 + Wade Peacock wrote: > Does anyone know of a patch management system that will allow us to > control the roll out of patches, specifically for Windows but Linux > would be nice too, that can use a date to limit whether a patch is > rolled out. I don't know of a

Re: Patch Management - Windows & RHEL/CentOS based on Date

On 06/13/2012 01:47 PM, Wade Peacock wrote: Hi All, Does anyone know of a patch management system that will allow us to control the roll out of patches, specifically for Windows but Linux would be nice too, that can use a date to limit whether a patch is rolled out. Ie. Patch to date set to

Re: Patch Management - Windows & RHEL/CentOS based on Date

On Wed, Jun 13, 2012 at 7:47 PM, Wade Peacock wrote: > Hi All, > > Does anyone know of a patch management system that will allow us to control > the roll out of patches, specifically for Windows but Linux would be nice > too, that can use a date to limit whether a patch is rolled out. > > Ie. >

Patch Management - Windows & RHEL/CentOS based on Date

Hi All, Does anyone know of a patch management system that will allow us to control the roll out of patches, specifically for Windows but Linux would be nice too, that can use a date to limit whether a patch is rolled out. Ie. Patch to date set to2012-06-10 So all patches released up to 2

RE: Article: IPv6 host scanning attacks

On Wed, 2012-06-13 at 15:22 -0500, STARNES, CURTIS wrote: > I have a slight problem with stating that "Vast IPv6 address space > actually enables IPv6 attacks". So do I. Compared to IPv4, scanning IPv6 is much, much harder, and that is (I think) the most important thing to know. The analysis was

Re: very confusing.

On 6/13/2012 3:05 PM, Randy Bush wrote: NANOG, i strongly desire to restrain this slimeball idiot's trade. please tell me if you have any ideas on how to do so. I have plenty of ideas. Unfortunately, I am not permitted to do those things. I promise it would not be painful, though. I'm not crue

Re: very confusing.

Folks, This content is great .. for another list. I know you're not happy with receiving unsolicited mail, and yes, it's likely your addresses were scraped from either the mailing list itself or various archives that are kept, but this list is not the best place to discuss this. Please refrain f

Re: very confusing.

Don't get me wrong, I greatly dislike spam, but next thing you know it will be against the law to send packets to someone you don't have consent from... or hand out pamphlets / talk to someone on the street you don't have consent from... I figure the solution here that fits with the best interests

Re: Article: IPv6 host scanning attacks

On 06/13/2012 03:37 PM, Dave Hart wrote: >>> "published" and "available" are misleading at best. >> >> It is not. Just scroll down the page, and you'll find the whole article. >> -- it was easy to talk crap than to do that, right? > > Yes, I'm an idiot for believing what I read on that site: > >

Re: very confusing.

In message <4fd91056.3030...@foobar.org>, Nick Hilliard writes: > >> Be advised that Im following your posts and have your threating > >> messages to me. If there is an ddos or restraint of trade due to my > >> ACCIDENTAL email I'll escalate to commerce and FBI. > > 1. spam a big pile of network

Re: very confusing.

Accidental, he didn't mean to get caught :) On Wed, Jun 13, 2012 at 7:10 PM, Richard Golodner wrote: > On Thu, 2012-06-14 at 07:05 +0900, >> ACCIDENTAL email > > How can my company get six accidental emails? Not even an idiot sends > six emails by mistake. > > Spammertechnology labs is more like

Re: very confusing.

>> Be advised that Im following your posts and have your threating >> messages to me. If there is an ddos or restraint of trade due to my >> ACCIDENTAL email I'll escalate to commerce and FBI. 1. spam a big pile of network operators 2. threaten legals on aforementioned prospective customers 3. pr

Re: very confusing.

On Thu, 2012-06-14 at 07:05 +0900, > ACCIDENTAL email How can my company get six accidental emails? Not even an idiot sends six emails by mistake. Spammertechnology labs is more like it.

Re: very confusing.

NANOG, i strongly desire to restrain this slimeball idiot's trade. please tell me if you have any ideas on how to do so. --- > Be advised that Im following your posts and have your threating > messages to me. If there is an ddos or restraint of trade due to my > ACCIDENTAL email I'll escalate to

Flame virus

Hi Everyone, I realize this is not directly network related, but i thought i would pass the article along anyways. The authors of the Flame virus have started to destroy its existence. http://spectrum.ieee.org/riskfactor/telecom/security/flame-ordered-to-flame-out/?utm_source=computerwise&utm_me

RE: Article: IPv6 host scanning attacks

It seems I saw that title came through an article somewhere but I have a slight problem with stating that "Vast IPv6 address space actually enables IPv6 attacks". Going from an IPv4 32 bit address space to a IPv6 128 bit address space like you mentioned in the article would be a tedious effort

Re: LinkedIn password database compromised

Hi Everyone, I thought that i would share an IEEE article about LinkenIn and eHarmony. http://spectrum.ieee.org/riskfactor/telecom/security/linkedin-and-eharmony-hacked-8-million-passwords-taken/?utm_source=computerwise&utm_medium=email&utm_campaign=061312 -Grant On Wed, Jun 13, 2012 at 1:05 P

Re: EBAY and AMAZON

On June 13, 2012 at 18:20 daveh...@gmail.com (Dave Hart) wrote: > On Wed, Jun 13, 2012 at 5:36 PM, Barry Shein wrote: > >  > On Tue, Jun 12, 2012 at 11:44:44AM +, Jamie Bowden wrote: > >  > > While MS may be a favorite whipping boy, let's not pretend that if > > the dominant OS were Appl

Re: EBAY and AMAZON

On Wed, 13 Jun 2012 11:08:25 -0700, JC Dill said: > If both flavors were equally easy to exploit, according to your theory > above we would see more exploits on the *nix servers. Yet server-side > exploits are seen on Windows servers far more often than *nix servers, > despite the fact that more

Re: Article: IPv6 host scanning attacks

On Wed, Jun 13, 2012 at 5:42 PM, Fernando Gont wrote: > On 06/13/2012 02:28 PM, Dave Hart wrote: > >>> The aforementioned article is available at: >>> >> >>> >> "published" and "available" are

Re: EBAY and AMAZON

On Wed, Jun 13, 2012 at 5:36 PM, Barry Shein wrote: >  > On Tue, Jun 12, 2012 at 11:44:44AM +, Jamie Bowden wrote: >  > > While MS may be a favorite whipping boy, let's not pretend that if the > dominant OS were Apple or some flavor of *nix, things would be any better. > > That assumes the se

Re: Heads-up: spammer Scott Whittle/iptechlabs.com/iptechnologylabs.com hitting addresses harvested from NANOG list

On Jun 13, 2012, at 13:30 , Chris Boyd wrote: > On Jun 13, 2012, at 10:56 AM, Patrick W. Gilmore wrote: >> Is his upstream, or the upstream of his hosting provider, on NANOG or IETF? > > My sample came via GoDaddy: GoDaddy is not blind to these problems. Has anyone asked them to look into this?

Re: EBAY and AMAZON

On 13/06/12 5:17 AM, Astro Dog wrote: (Sorry for the top post. Mail client is being obnoxious.) Why? The prevalence of malware for a given OS is going to, generally, be a matter of most return for least work. If you're writing malware to steal credit card numbers, say, you're much better

Re: LinkedIn password database compromised

On 6/8/12 7:22 PM, Luke S. Crawford wrote: I haven't found any way that is as simple and as portable as using ssh that works in a web browser. The Enigform Firefox Add-on (plus mod_openpgp on Apache httpd) seems similar: http://wordpress.org/extend/plugins/wp-enigform-authentication/ Enigf

Re: Article: IPv6 host scanning attacks

On 06/13/2012 02:28 PM, Dave Hart wrote: >> The aforementioned article is available at: >> > >> > "published" and "available" are misleading at best. It is not. Just scroll down the page,

Re: EBAY and AMAZON

On June 12, 2012 at 12:33 wa...@staff.msen.com (Michael R. Wayne) wrote: > On Tue, Jun 12, 2012 at 11:44:44AM +, Jamie Bowden wrote: > > > > While MS may be a favorite whipping boy, let's not pretend that if the > > dominant OS were Apple or some flavor of *nix, things would be any bette

Re: Heads-up: spammer Scott Whittle/iptechlabs.com/iptechnologylabs.com hitting addresses harvested from NANOG list

On Jun 13, 2012, at 10:56 AM, Patrick W. Gilmore wrote: > Is his upstream, or the upstream of his hosting provider, on NANOG or IETF? My sample came via GoDaddy: Return-Path: Received: from p3plsmtps2ded01-02.prod.phx3.secureserver.net (p3plsmtps2ded01.prod.phx3.secureserver.net [208.109.80.58

Re: Article: IPv6 host scanning attacks

On Wed, Jun 13, 2012 at 6:52 AM, Fernando Gont wrote: > Folks, > > TechTarget has published an article I've authored for them, entitled > "Analysis: Vast IPv6 address space actually enables IPv6 attacks". > > The aforementioned article is available at: >

Re: IPv6 /64 links (was Re: ipv6 book recommendations?)

On Wed, 13 Jun 2012 14:47:35 +0900, Masataka Ohta said: > Dave Hart wrote: > > is inadequate for carrier NAT due to its model assuming the NAT trusts > > its clients. > > UPnP gateway configured with purely static port mapping needs > no security. > > Assuming shared global address of 131.112.32.1

Re: Heads-up: spammer Scott Whittle/iptechlabs.com/iptechnologylabs.com hitting addresses harvested from NANOG list

On Jun 13, 2012, at 10:12 , Randy Bush wrote: >> Spammer Scott Whittle has harvested not only email addresses from the >> NANOG list archives, but also Message-IDs > > and draft-...@ietf.org addresses Is his upstream, or the upstream of his hosting provider, on NANOG or IETF? Or is he using a b

Re: Whither Cometh BCP38?

On Mon, 11 Jun 2012, Mikael Abrahamsson wrote: This is for IPv4, for IPv6 we're back 10 years again with very lacking support. Amen to that. At first glance, building IPv6 ACLs/firewall rules/filters isn't much different from building IPv4 equivalents in many environments, but there are lot

Re: Heads-up: spammer Scott Whittle/iptechlabs.com/iptechnologylabs.com hitting addresses harvested from NANOG list

> Spammer Scott Whittle has harvested not only email addresses from the > NANOG list archives, but also Message-IDs and draft-...@ietf.org addresses randy

Heads up: IETF 6man poll for adoption of RA-Guard/firewalling/monitoring-related I-Ds

Folks, Just wanted to send a heads up regarding two IETF 6man wg polls that have just been started for adoption of these documents: * draft-gont-6man-oversized-header-chain-02 (Security and Interoperability Implications of Oversized IPv6 Header Chains) * draft-gont-6man-nd-extension-headers-03 (

Re: vulnerability and popularity (was: EBAY and AMAZON)

On Jun 13, 2012, at 5:33 AM, Andrew Sullivan wrote: > On Wed, Jun 13, 2012 at 07:55:37AM -0400, Rich Kulawiec wrote: > >> If popularity were the measure of relative OS security, then we would >> expect to see infection rates proportional to deployment rates > > I don't buy that premise, or at l

Re: IPv6 /64 links (was Re: ipv6 book recommendations?)

On Jun 12, 2012, at 10:47 PM, Masataka Ohta wrote: > Dave Hart wrote: > >> It is >> not transparent when you have to negotiate an inbound path for each >> service. > > I mean, for applications, global address and global port > numbers are visible. > Showing that you don't actually understand

Re: EBAY and AMAZON

On 06/13/2012 04:55 AM, Rich Kulawiec wrote: > But we don't. For example, passive OS fingerprinting of about a decade's > worth of spam-spewing botnets indicates that they are running Windows to > at least six 9's, quite possibly more -- which is a markedly higher > fraction than we would expect i

Re: vulnerability and popularity (was: EBAY and AMAZON)

- Original Message - From: Andrew Sullivan Sent: 06/13/12 07:33 AM To: nanog@nanog.org Subject: vulnerability and popularity (was: EBAY and AMAZON) On Wed, Jun 13, 2012 at 07:55:37AM -0400, Rich Kulawiec wrote: > If popularity were the measure of relative OS security, then we would > exp

Heads-up: spammer Scott Whittle/iptechlabs.com/iptechnologylabs.com hitting addresses harvested from NANOG list

Spammer Scott Whittle has harvested not only email addresses from the NANOG list archives, but also Message-IDs, and is busily trying to abuse the hell out of them. I've seen 6 (edit: 11) (edit: 14) copies so far this morning, and no doubt more are on the way. He identifies himself thusly:

Re: vulnerability and popularity (was: EBAY and AMAZON)

On 13 June 2012 13:33, Andrew Sullivan wrote: > On Wed, Jun 13, 2012 at 07:55:37AM -0400, Rich Kulawiec wrote: > > > If popularity were the measure of relative OS security, then we would > > expect to see infection rates proportional to deployment rates > > I don't buy that premise, or at least n

XO/DTAG Contact?

Looking for a technical contact within XO and/or DTAG, preferably one who can interpret a traceroute accurately :-) Please hit me up offline. Thanks, -- Tim:>

vulnerability and popularity (was: EBAY and AMAZON)

On Wed, Jun 13, 2012 at 07:55:37AM -0400, Rich Kulawiec wrote: > If popularity were the measure of relative OS security, then we would > expect to see infection rates proportional to deployment rates I don't buy that premise, or at least not without reservation. The OS market happens to be a sup

Re: EBAY and AMAZON

(Sorry for the top post. Mail client is being obnoxious.) Why? The prevalence of malware for a given OS is going to, generally, be a matter of most return for least work. If you're writing malware to steal credit card numbers, say, you're much better served writing it for Windows than you are

Re: EBAY and AMAZON

On Tue, Jun 12, 2012 at 11:44:44AM +, Jamie Bowden wrote: > While MS may be a favorite whipping boy, let's not pretend that if the > dominant OS were Apple or some flavor of *nix, things would be any better. I've heard this argument many times, and I reject it this time as I have before. If p

Article: IPv6 host scanning attacks

Folks, TechTarget has published an article I've authored for them, entitled "Analysis: Vast IPv6 address space actually enables IPv6 attacks". The aforementioned article is available at: (FW