Re: HE IPv6 tunnel inbound

2012-06-13 Thread alejandroacostaalamo
Also: www.cloudflare.com (for free) Este mensaje ha sido enviado gracias al servicio BlackBerry de Movilnet -Original Message- From: Cameron Byrne Date: Wed, 13 Jun 2012 21:10:06 To: Grant Ridder Cc: Subject: Re: HE IPv6 tunnel inbound On Jun 13, 2012 8:29 PM, "Grant Ridder" wrote: >

Re: HE IPv6 tunnel inbound

2012-06-13 Thread Cameron Byrne
On Jun 13, 2012 8:29 PM, "Grant Ridder" wrote: > > Hi, > > I have a Hurricane Electric v6 tunnel setup on an AWS (amazon web services) > instance so that i can have ipv6 connectivity. I can ping and traceroute > out of the tunnel fine, but am unable to access the tunnel from outside. > For examp

Re: HE IPv6 tunnel inbound

2012-06-13 Thread Christopher Morrow
On Wed, Jun 13, 2012 at 11:29 PM, Grant Ridder wrote: > Hi, > > I have a Hurricane Electric v6 tunnel setup on an AWS (amazon web services) > instance so that i can have ipv6 connectivity.  I can ping and traceroute > out of the tunnel fine, but am unable to access the tunnel from outside. >  For

HE IPv6 tunnel inbound

2012-06-13 Thread Grant Ridder
Hi, I have a Hurricane Electric v6 tunnel setup on an AWS (amazon web services) instance so that i can have ipv6 connectivity. I can ping and traceroute out of the tunnel fine, but am unable to access the tunnel from outside. For example, i am unable to traceroute to the tunnel address outside t

Re: very confusing.

2012-06-13 Thread George Herbert
I am as amused by antispam efforts as anyone, but can we stay on list topic? George William Herbert Sent from my iPhone On Jun 13, 2012, at 19:39, Owen DeLong wrote: > > > Sent from my iPad > > On Jun 13, 2012, at 9:01 PM, Joe Greco wrote: > >>> A trick to do on mail (USPS) spammers is ta

Re: very confusing.

2012-06-13 Thread Owen DeLong
Sent from my iPad On Jun 13, 2012, at 9:01 PM, Joe Greco wrote: >> A trick to do on mail (USPS) spammers is take the prepaid mailing = >> envelope they often include and tape it to a brick wrapped in brown = >> paper and drop it off at the post office. They have to pay the shipping. = >> If en

RE: EBAY and AMAZON

2012-06-13 Thread Keith Medcalf
> The problem at this point is that even with improvements in newer > Windows systems there are probably on the order of a billion systems > out there, attached to the net, and still running these deeply flawed > OS's which can be taken over by just clicking on the wrong mail > message. There hav

Re: Patch Management - Windows & RHEL/CentOS based on Date

2012-06-13 Thread Ray Wong
If you're using Active Directory I think you can actually do that with the Policy Manager thingy, but i'm not really a windows guy to be sure. -R> On Wed, Jun 13, 2012 at 4:47 PM, Wade Peacock wrote: > Hi All, > > Does anyone know of a patch management system that will allow us to control > the

Re: very confusing.

2012-06-13 Thread Joe Greco
> A trick to do on mail (USPS) spammers is take the prepaid mailing = > envelope they often include and tape it to a brick wrapped in brown = > paper and drop it off at the post office. They have to pay the shipping. = > If enough people do it, they go out of business. That's simply false; local p

Re: very confusing.

2012-06-13 Thread Greg Ihnen
A trick to do on mail (USPS) spammers is take the prepaid mailing envelope they often include and tape it to a brick wrapped in brown paper and drop it off at the post office. They have to pay the shipping. If enough people do it, they go out of business. In this case, do anything you can to wa

Re: Patch Management - Windows & RHEL/CentOS based on Date

2012-06-13 Thread Reed Loden
On Wed, 13 Jun 2012 23:47:24 + Wade Peacock wrote: > Does anyone know of a patch management system that will allow us to > control the roll out of patches, specifically for Windows but Linux > would be nice too, that can use a date to limit whether a patch is > rolled out. I don't know of a

Re: Patch Management - Windows & RHEL/CentOS based on Date

2012-06-13 Thread Paul Graydon
On 06/13/2012 01:47 PM, Wade Peacock wrote: Hi All, Does anyone know of a patch management system that will allow us to control the roll out of patches, specifically for Windows but Linux would be nice too, that can use a date to limit whether a patch is rolled out. Ie. Patch to date set to

Re: Patch Management - Windows & RHEL/CentOS based on Date

2012-06-13 Thread Andrew Latham
On Wed, Jun 13, 2012 at 7:47 PM, Wade Peacock wrote: > Hi All, > > Does anyone know of a patch management system that will allow us to control > the roll out of patches, specifically for Windows but Linux would be nice > too, that can use a date to limit whether a patch is rolled out. > > Ie. >

Patch Management - Windows & RHEL/CentOS based on Date

2012-06-13 Thread Wade Peacock
Hi All, Does anyone know of a patch management system that will allow us to control the roll out of patches, specifically for Windows but Linux would be nice too, that can use a date to limit whether a patch is rolled out. Ie. Patch to date set to2012-06-10 So all patches released up to 2

RE: Article: IPv6 host scanning attacks

2012-06-13 Thread Karl Auer
On Wed, 2012-06-13 at 15:22 -0500, STARNES, CURTIS wrote: > I have a slight problem with stating that "Vast IPv6 address space > actually enables IPv6 attacks". So do I. Compared to IPv4, scanning IPv6 is much, much harder, and that is (I think) the most important thing to know. The analysis was

Re: very confusing.

2012-06-13 Thread Lynda
On 6/13/2012 3:05 PM, Randy Bush wrote: NANOG, i strongly desire to restrain this slimeball idiot's trade. please tell me if you have any ideas on how to do so. I have plenty of ideas. Unfortunately, I am not permitted to do those things. I promise it would not be painful, though. I'm not crue

Re: very confusing.

2012-06-13 Thread Randy Epstein
Folks, This content is great .. for another list. I know you're not happy with receiving unsolicited mail, and yes, it's likely your addresses were scraped from either the mailing list itself or various archives that are kept, but this list is not the best place to discuss this. Please refrain f

Re: very confusing.

2012-06-13 Thread Charles Morris
Don't get me wrong, I greatly dislike spam, but next thing you know it will be against the law to send packets to someone you don't have consent from... or hand out pamphlets / talk to someone on the street you don't have consent from... I figure the solution here that fits with the best interests

Re: Article: IPv6 host scanning attacks

2012-06-13 Thread Fernando Gont
On 06/13/2012 03:37 PM, Dave Hart wrote: >>> "published" and "available" are misleading at best. >> >> It is not. Just scroll down the page, and you'll find the whole article. >> -- it was easy to talk crap than to do that, right? > > Yes, I'm an idiot for believing what I read on that site: > >

Re: very confusing.

2012-06-13 Thread Mark Andrews
In message <4fd91056.3030...@foobar.org>, Nick Hilliard writes: > >> Be advised that Im following your posts and have your threating > >> messages to me. If there is an ddos or restraint of trade due to my > >> ACCIDENTAL email I'll escalate to commerce and FBI. > > 1. spam a big pile of network

Re: very confusing.

2012-06-13 Thread jim deleskie
Accidental, he didn't mean to get caught :) On Wed, Jun 13, 2012 at 7:10 PM, Richard Golodner wrote: > On Thu, 2012-06-14 at 07:05 +0900, >> ACCIDENTAL email > > How can my company get six accidental emails? Not even an idiot sends > six emails by mistake. > > Spammertechnology labs is more like

Re: very confusing.

2012-06-13 Thread Nick Hilliard
>> Be advised that Im following your posts and have your threating >> messages to me. If there is an ddos or restraint of trade due to my >> ACCIDENTAL email I'll escalate to commerce and FBI. 1. spam a big pile of network operators 2. threaten legals on aforementioned prospective customers 3. pr

Re: very confusing.

2012-06-13 Thread Richard Golodner
On Thu, 2012-06-14 at 07:05 +0900, > ACCIDENTAL email How can my company get six accidental emails? Not even an idiot sends six emails by mistake. Spammertechnology labs is more like it.

Re: very confusing.

2012-06-13 Thread Randy Bush
NANOG, i strongly desire to restrain this slimeball idiot's trade. please tell me if you have any ideas on how to do so. --- > Be advised that Im following your posts and have your threating > messages to me. If there is an ddos or restraint of trade due to my > ACCIDENTAL email I'll escalate to

Flame virus

2012-06-13 Thread Grant Ridder
Hi Everyone, I realize this is not directly network related, but i thought i would pass the article along anyways. The authors of the Flame virus have started to destroy its existence. http://spectrum.ieee.org/riskfactor/telecom/security/flame-ordered-to-flame-out/?utm_source=computerwise&utm_me

RE: Article: IPv6 host scanning attacks

2012-06-13 Thread STARNES, CURTIS
It seems I saw that title came through an article somewhere but I have a slight problem with stating that "Vast IPv6 address space actually enables IPv6 attacks". Going from an IPv4 32 bit address space to a IPv6 128 bit address space like you mentioned in the article would be a tedious effort

Re: LinkedIn password database compromised

2012-06-13 Thread Grant Ridder
Hi Everyone, I thought that i would share an IEEE article about LinkenIn and eHarmony. http://spectrum.ieee.org/riskfactor/telecom/security/linkedin-and-eharmony-hacked-8-million-passwords-taken/?utm_source=computerwise&utm_medium=email&utm_campaign=061312 -Grant On Wed, Jun 13, 2012 at 1:05 P

Re: EBAY and AMAZON

2012-06-13 Thread Barry Shein
On June 13, 2012 at 18:20 daveh...@gmail.com (Dave Hart) wrote: > On Wed, Jun 13, 2012 at 5:36 PM, Barry Shein wrote: > >  > On Tue, Jun 12, 2012 at 11:44:44AM +, Jamie Bowden wrote: > >  > > While MS may be a favorite whipping boy, let's not pretend that if > > the dominant OS were Appl

Re: EBAY and AMAZON

2012-06-13 Thread valdis . kletnieks
On Wed, 13 Jun 2012 11:08:25 -0700, JC Dill said: > If both flavors were equally easy to exploit, according to your theory > above we would see more exploits on the *nix servers. Yet server-side > exploits are seen on Windows servers far more often than *nix servers, > despite the fact that more

Re: Article: IPv6 host scanning attacks

2012-06-13 Thread Dave Hart
On Wed, Jun 13, 2012 at 5:42 PM, Fernando Gont wrote: > On 06/13/2012 02:28 PM, Dave Hart wrote: > >>> The aforementioned article is available at: >>> >> >>> >> "published" and "available" are

Re: EBAY and AMAZON

2012-06-13 Thread Dave Hart
On Wed, Jun 13, 2012 at 5:36 PM, Barry Shein wrote: >  > On Tue, Jun 12, 2012 at 11:44:44AM +, Jamie Bowden wrote: >  > > While MS may be a favorite whipping boy, let's not pretend that if the > dominant OS were Apple or some flavor of *nix, things would be any better. > > That assumes the se

Re: Heads-up: spammer Scott Whittle/iptechlabs.com/iptechnologylabs.com hitting addresses harvested from NANOG list

2012-06-13 Thread Patrick W. Gilmore
On Jun 13, 2012, at 13:30 , Chris Boyd wrote: > On Jun 13, 2012, at 10:56 AM, Patrick W. Gilmore wrote: >> Is his upstream, or the upstream of his hosting provider, on NANOG or IETF? > > My sample came via GoDaddy: GoDaddy is not blind to these problems. Has anyone asked them to look into this?

Re: EBAY and AMAZON

2012-06-13 Thread JC Dill
On 13/06/12 5:17 AM, Astro Dog wrote: (Sorry for the top post. Mail client is being obnoxious.) Why? The prevalence of malware for a given OS is going to, generally, be a matter of most return for least work. If you're writing malware to steal credit card numbers, say, you're much better

Re: LinkedIn password database compromised

2012-06-13 Thread Phil Pishioneri
On 6/8/12 7:22 PM, Luke S. Crawford wrote: I haven't found any way that is as simple and as portable as using ssh that works in a web browser. The Enigform Firefox Add-on (plus mod_openpgp on Apache httpd) seems similar: http://wordpress.org/extend/plugins/wp-enigform-authentication/ Enigf

Re: Article: IPv6 host scanning attacks

2012-06-13 Thread Fernando Gont
On 06/13/2012 02:28 PM, Dave Hart wrote: >> The aforementioned article is available at: >> > >> > "published" and "available" are misleading at best. It is not. Just scroll down the page,

Re: EBAY and AMAZON

2012-06-13 Thread Barry Shein
On June 12, 2012 at 12:33 wa...@staff.msen.com (Michael R. Wayne) wrote: > On Tue, Jun 12, 2012 at 11:44:44AM +, Jamie Bowden wrote: > > > > While MS may be a favorite whipping boy, let's not pretend that if the > > dominant OS were Apple or some flavor of *nix, things would be any bette

Re: Heads-up: spammer Scott Whittle/iptechlabs.com/iptechnologylabs.com hitting addresses harvested from NANOG list

2012-06-13 Thread Chris Boyd
On Jun 13, 2012, at 10:56 AM, Patrick W. Gilmore wrote: > Is his upstream, or the upstream of his hosting provider, on NANOG or IETF? My sample came via GoDaddy: Return-Path: Received: from p3plsmtps2ded01-02.prod.phx3.secureserver.net (p3plsmtps2ded01.prod.phx3.secureserver.net [208.109.80.58

Re: Article: IPv6 host scanning attacks

2012-06-13 Thread Dave Hart
On Wed, Jun 13, 2012 at 6:52 AM, Fernando Gont wrote: > Folks, > > TechTarget has published an article I've authored for them, entitled > "Analysis: Vast IPv6 address space actually enables IPv6 attacks". > > The aforementioned article is available at: >

Re: IPv6 /64 links (was Re: ipv6 book recommendations?)

2012-06-13 Thread valdis . kletnieks
On Wed, 13 Jun 2012 14:47:35 +0900, Masataka Ohta said: > Dave Hart wrote: > > is inadequate for carrier NAT due to its model assuming the NAT trusts > > its clients. > > UPnP gateway configured with purely static port mapping needs > no security. > > Assuming shared global address of 131.112.32.1

Re: Heads-up: spammer Scott Whittle/iptechlabs.com/iptechnologylabs.com hitting addresses harvested from NANOG list

2012-06-13 Thread Patrick W. Gilmore
On Jun 13, 2012, at 10:12 , Randy Bush wrote: >> Spammer Scott Whittle has harvested not only email addresses from the >> NANOG list archives, but also Message-IDs > > and draft-...@ietf.org addresses Is his upstream, or the upstream of his hosting provider, on NANOG or IETF? Or is he using a b

Re: Whither Cometh BCP38?

2012-06-13 Thread Justin M. Streiner
On Mon, 11 Jun 2012, Mikael Abrahamsson wrote: This is for IPv4, for IPv6 we're back 10 years again with very lacking support. Amen to that. At first glance, building IPv6 ACLs/firewall rules/filters isn't much different from building IPv4 equivalents in many environments, but there are lot

Re: Heads-up: spammer Scott Whittle/iptechlabs.com/iptechnologylabs.com hitting addresses harvested from NANOG list

2012-06-13 Thread Randy Bush
> Spammer Scott Whittle has harvested not only email addresses from the > NANOG list archives, but also Message-IDs and draft-...@ietf.org addresses randy

Heads up: IETF 6man poll for adoption of RA-Guard/firewalling/monitoring-related I-Ds

2012-06-13 Thread Fernando Gont
Folks, Just wanted to send a heads up regarding two IETF 6man wg polls that have just been started for adoption of these documents: * draft-gont-6man-oversized-header-chain-02 (Security and Interoperability Implications of Oversized IPv6 Header Chains) * draft-gont-6man-nd-extension-headers-03 (

Re: vulnerability and popularity (was: EBAY and AMAZON)

2012-06-13 Thread Owen DeLong
On Jun 13, 2012, at 5:33 AM, Andrew Sullivan wrote: > On Wed, Jun 13, 2012 at 07:55:37AM -0400, Rich Kulawiec wrote: > >> If popularity were the measure of relative OS security, then we would >> expect to see infection rates proportional to deployment rates > > I don't buy that premise, or at l

Re: IPv6 /64 links (was Re: ipv6 book recommendations?)

2012-06-13 Thread Owen DeLong
On Jun 12, 2012, at 10:47 PM, Masataka Ohta wrote: > Dave Hart wrote: > >> It is >> not transparent when you have to negotiate an inbound path for each >> service. > > I mean, for applications, global address and global port > numbers are visible. > Showing that you don't actually understand

Re: EBAY and AMAZON

2012-06-13 Thread Doug Barton
On 06/13/2012 04:55 AM, Rich Kulawiec wrote: > But we don't. For example, passive OS fingerprinting of about a decade's > worth of spam-spewing botnets indicates that they are running Windows to > at least six 9's, quite possibly more -- which is a markedly higher > fraction than we would expect i

Re: vulnerability and popularity (was: EBAY and AMAZON)

2012-06-13 Thread Astro Dog
- Original Message - From: Andrew Sullivan Sent: 06/13/12 07:33 AM To: nanog@nanog.org Subject: vulnerability and popularity (was: EBAY and AMAZON) On Wed, Jun 13, 2012 at 07:55:37AM -0400, Rich Kulawiec wrote: > If popularity were the measure of relative OS security, then we would > exp

Heads-up: spammer Scott Whittle/iptechlabs.com/iptechnologylabs.com hitting addresses harvested from NANOG list

2012-06-13 Thread Rich Kulawiec
Spammer Scott Whittle has harvested not only email addresses from the NANOG list archives, but also Message-IDs, and is busily trying to abuse the hell out of them. I've seen 6 (edit: 11) (edit: 14) copies so far this morning, and no doubt more are on the way. He identifies himself thusly:

Re: vulnerability and popularity (was: EBAY and AMAZON)

2012-06-13 Thread Aled Morris
On 13 June 2012 13:33, Andrew Sullivan wrote: > On Wed, Jun 13, 2012 at 07:55:37AM -0400, Rich Kulawiec wrote: > > > If popularity were the measure of relative OS security, then we would > > expect to see infection rates proportional to deployment rates > > I don't buy that premise, or at least n

XO/DTAG Contact?

2012-06-13 Thread Tim Durack
Looking for a technical contact within XO and/or DTAG, preferably one who can interpret a traceroute accurately :-) Please hit me up offline. Thanks, -- Tim:>

vulnerability and popularity (was: EBAY and AMAZON)

2012-06-13 Thread Andrew Sullivan
On Wed, Jun 13, 2012 at 07:55:37AM -0400, Rich Kulawiec wrote: > If popularity were the measure of relative OS security, then we would > expect to see infection rates proportional to deployment rates I don't buy that premise, or at least not without reservation. The OS market happens to be a sup

Re: EBAY and AMAZON

2012-06-13 Thread Astro Dog
(Sorry for the top post. Mail client is being obnoxious.) Why? The prevalence of malware for a given OS is going to, generally, be a matter of most return for least work. If you're writing malware to steal credit card numbers, say, you're much better served writing it for Windows than you are

Re: EBAY and AMAZON

2012-06-13 Thread Rich Kulawiec
On Tue, Jun 12, 2012 at 11:44:44AM +, Jamie Bowden wrote: > While MS may be a favorite whipping boy, let's not pretend that if the > dominant OS were Apple or some flavor of *nix, things would be any better. I've heard this argument many times, and I reject it this time as I have before. If p

Article: IPv6 host scanning attacks

2012-06-13 Thread Fernando Gont
Folks, TechTarget has published an article I've authored for them, entitled "Analysis: Vast IPv6 address space actually enables IPv6 attacks". The aforementioned article is available at: (FW