Be sure to read the source:
intelreport.mandiant.com/Mandiant_APT1_Report.pdf
I'm only part way through, but I find it hard to believe that
only micro$loth computers are used as the attack OS. Maybe I
haven't gotten far enough through report to find the part
where they use the *nix boxes?
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
snipped
:: when all tools are available for windows os, you just have to compile them.
sniped out the rest
-
They're not all available for m$.
scott
They are when you have a college full of programmers.
From my Android phone on T-Mobile. The first nationwide 4G network.
Original message
From: Scott Weeks sur...@mauigateway.com
Date: 02/20/2013 12:23 AM (GMT-08:00)
To: nanog@nanog.org
Subject: Re: NYT covers China
I'm only part way through, but I find it hard to believe that
only micro$loth computers are used as the attack OS. Maybe I
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
snipped
:: when all tools are available for windows os, you just have to compile
They don't have 20 brains, they have a country full. I was in Beijing last
year, it was eye opening to the see the state of affairs there.
From my Android phone on T-Mobile. The first nationwide 4G network.
Original message
From: calin.chiorean calin.chior...@secdisk.net
Part of the entire 'chinese l337 hxx0r spy' 1st complex is apparently the
local equivalent of a community college, where the passing out assignment
is probably something on the lines of 'get me a dump of the dalai lama's
email'.
--srs (htc one x)
On 20-Feb-2013 2:08 PM, Scott Weeks
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
IMO, if we stick to the document and they are organized in military
style, then a person who collect information, should focus only on
that particular phase. That person is an operator, he or she should
not
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
It was just an example :-) to point out the scale of developers vs operators.
You'd be surprised at how much better brains are than brawn on these things...
Part of the entire 'chinese l337 hxx0r spy' 1st complex is apparently
the local equivalent of a community college, where the passing out
assignment is probably something on the lines of 'get me a dump of the
dalai lama's email'.
american education is behind in many things. this is but one.
Have you been to The Great Wall? That statement does not apply in the PRC.
From my Android phone on T-Mobile. The first nationwide 4G network.
Original message
From: Scott Weeks sur...@mauigateway.com
Date: 02/20/2013 12:54 AM (GMT-08:00)
To: nanog@nanog.org
Subject: Re: NYT
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
It was just an example :-) to point out the scale of developers
vs operators.
:: You'd be surprised at how much better brains are than brawn
:: on these things...
Don't be lulled into complacency by a private network: all it takes is one
thumb-drive or rogue AP and you have a back door. Private networks reduce but
do not eliminate attackable surface.
David Barak
Sent from a mobile device, please forgive autocorrection.
On Feb 20, 2013, at 2:04 AM,
If only there were some kind of method for Jay to publish which
addresses are actually authorized to send mail on behalf of
baylink.com (which could then be leveraged by sc1.nanog.org to turn
the recommended soft fail into a hard fail and stop this kind of
silliness cold)...
Billet:~ rs$ dig
specifications in lenght are for kids, adults use budgets :-) bx-d bx-u
form cisco have a budget of 16dBmW (max), power form -3 to -9dBm and
sensivity to -19dB. So if the fiber is under -10dB (this means roughly
10/0.25dB per km SM att) you might see the light at 40km, I have a
stable link for
If I didn't miss any part of the report, no *nix is mentioned.
I'm a *nix fan, but why they (when I say they, I mean an attacker, not
necessary the one in this document) should complicate their life, when all
tools are available for windows os, you just have to compile them.
Cheers,
Calin
IMO, if we stick to the document and they are organized in military style, then
a person who collect information, should focus only on that particular phase.
That person is an operator, he or she should not be keep busy remembering long
CLI commands. The scope is to deliver ASAP.
No matter how
::: They don't have 20 brains, they have a country full
It was just an example :-) to point out the scale of developers vs operators.
Calin
On Wed, 20 Feb 2013 09:39:24 +0100 Warren
Baileywbai...@satelliteintelligencegroup.com wrote
They don't have 20 brains, they have a
On Wed, Feb 20, 2013 at 07:59:53AM -0500, Robert E. Seastrom wrote:
If only there were some kind of method for Jay to publish which
addresses are actually authorized to send mail on behalf of [snip]
SPF is snake-oil. Here's something that works (salt to taste for
the MTA of your choice):
On 20 Feb 2013, at 5:22 PM, Rich Kulawiec r...@gsp.org wrote:
On Wed, Feb 20, 2013 at 07:59:53AM -0500, Robert E. Seastrom wrote:
If only there were some kind of method for Jay to publish which
addresses are actually authorized to send mail on behalf of [snip]
SPF is snake-oil. Here's
This is a improvement over some russian spies, that have the passwords
written down in a piece of paper.
http://www.networkworld.com/news/2010/063010-russian-spy-ring.html?hpg1=bn
One of the technical issues the ring faced was described by one suspect
in a message to Moscow reporting on a
- Original Message -
From: Warren Bailey wbai...@satelliteintelligencegroup.com
We as Americans have plenty of things we have done halfass.. I hope an
Internet kill switch doesn't end up being one of them. Build your own
private networks, you can't get rooted if someone can't knock.
- Original Message -
From: Randy Bush ra...@psg.com
Part of the entire 'chinese l337 hxx0r spy' 1st complex is
apparently
the local equivalent of a community college, where the passing out
assignment is probably something on the lines of 'get me a dump of
the dalai lama's
- Original Message -
From: JP Viljoen froztb...@froztbyte.net
[ Rich K wrote: ]
On Wed, Feb 20, 2013 at 07:59:53AM -0500, Robert E. Seastrom wrote:
If only there were some kind of method for Jay to publish which
addresses are actually authorized to send mail on behalf of [snip]
If you are doing DS0 splitting on the DACS, you'll see that on the other
end (it's not like channelized CAS ds1's or PRI's are difficult to look at
now) assuming you have access to that. If the DACS is an issue, buy the
DACS and lock it up. I was on a .mil project that used old school Coastcom
DI
On Wed, Feb 20, 2013 at 9:13 AM, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Warren Bailey wbai...@satelliteintelligencegroup.com
We as Americans have plenty of things we have done halfass.. I hope an
Internet kill switch doesn't end up being one of them. Build
From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com]
If you are doing DS0 splitting on the DACS, you'll see that on the
other
end (it's not like channelized CAS ds1's or PRI's are difficult to look
at
now) assuming you have access to that. If the DACS is an issue, buy the
( Well I'm sure that there is a few hundrends of paper on this subject )
I have a few ideas but it involve:
.Dark Fiber;
. All devices at FIPS 140 level;
. Tonnes of resin;
. Wire mesh;
. Fiber DB monitoring;
. Cable Shield monitoring;
We have a customer who used them for IP transit at an office in San
Francisco. They seemed to have issues with International peering. Traffic
to Asia / Australia seemed to be bottlenecked. This was a year ago and the
bottleneck was between TelePacific and Global Crossing at the time.
The customer
I did not approach the inline encryption units on purpose. Obviously
anything that leaves .mil land not riding something blessed by DISA is
going to have something like a KG on both ends. Generally Satellite
systems use TRANSEC, though in our line of work it's an extremely
expensive add-on to an
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable. you
can bet that they are all snooping and attacking eachother, the united
states no less than the rest. news at eleven.
The scary part is that so many things got hacked
On Wed, 20 Feb 2013, Jay Ashworth wrote:
Well, Warren, I once had a discussion with someone about whether dedicated
DS-1 to tie your SCADA network together were secure enough and they asked
me:
Does it run through a DACS? Where can you program the DACS from?
See thread: nanog impossible
Many DACS have provision for monitoring circuits and feeding the data
off to a third circuit in an undetectable manner.
The DACS question wasn't about DACS owned by the people using the
circuit, it was about DACS inside the circuit provider. When you buy a
DS1 that goes through more than one CO
- Original Message -
From: Owen DeLong o...@delong.com
Many DACS have provision for monitoring circuits and feeding the
data off to a third circuit in an undetectable manner.
The DACS question wasn't about DACS owned by the people using the
circuit, it was about DACS inside the
Isn't this a strong argument to deploy and operate a network independent
of the traditional switch circuit provider space?
On 2/20/13 11:22 AM, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Owen DeLong o...@delong.com
Many DACS have provision for monitoring circuits
--- valdis.kletni...@vt.edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable. you
can bet that they are all snooping and attacking eachother, the united
states no less than the rest. news at eleven.
The scary
If you have that option, I suppose that would be one way to solve it.
I, rather, see it as a reason to:
1. Cryptographically secure links that may be carrying private
data.
2. Rotate cryptographic keys (relatively) often on such links.
YMMV, but I think encryption is a
--- On Wed, 2/20/13, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Owen DeLong o...@delong.com
The DACS question wasn't about DACS owned by the people
using the
circuit, it was about DACS inside the circuit provider.
When you buy a
DS1 that goes through more
Might this solve the 10MB problem discussed on NANOG?
Cheers,
-- jra
http://www.phonescoop.com/articles/article.php?a=11953
This email was sent via Phone Scoop (www.phonescoop.com). The sender thought
you might be interested in the page linked above.
On 2/20/2013 1:05 PM, Jon Lewis wrote:
See thread: nanog impossible circuit
Even your leased lines can have packets copied off or injected into
them, apparently so easily it can be done by accident.
This is especially true with pseudo-wire and mpls. Most of my equipment
can filter based
Oooh. We're getting even cleverer. No, this wasn't me either.
Moderators: please put my address on moderation?
Cheers,
-- jr 'yes, this request really came from me :-)' a
- Original Message -
From: Jay Ashworth j...@baylink.com
To: nanog@nanog.org
Sent: Wednesday, February 20, 2013
IPoIB looks more like an application than a network protocol to Infiniband.
The IB fabric doesn't have a concept of broadcast, so ARP works much
differently than it does in IPv4/ethernet world - basically an all-nodes
multicast group handles the distribution of ARP messages. That said, the ib
Hi all
I am searching information about ipv6 addressallocation for /32
Any experience and advice can be shared
eg: loopback. peer to peer,
Thank you so much
how you subnet a network operator is is fairly complex topic even if the
principles are rather simple.
http://tools.ietf.org/html/rfc5375.html
includes among other things some case studies.
there's quite a lot of source material from the various nog(s) where
people have presented on their
--- valdis.kletni...@vt.edu wrote:
The scary part is that so many things got hacked by a bunch of people
who made the totally noob mistake of launching all their attacks from
the same place
This all seems to be noobie stuff. There's nothing
Net net - what we have here is, so far, relatively low tech exploits with a
huge element of brute force, and the only innovation being in the delivery
mechanism - very well crafted spear phishes
They don't particularly need to hide in a location where they're literally
bulletproof (considering
But how do we KNOW this really came from you? :)
On Wed, Feb 20, 2013 at 2:34 PM, Jay Ashworth j...@baylink.com wrote:
Oooh. We're getting even cleverer. No, this wasn't me either.
Moderators: please put my address on moderation?
Cheers,
-- jr 'yes, this request really came from me :-)'
I can't help but wonder what would happen if US Corporations simply blocked all
inbound Chinese traffic. Sure it would hurt their business, but imagine what
the Chinese people would do in response. It seems like China takes very little
seriously until it goes mainstream. This is happening right
On Feb 20, 2013, at 3:20 PM, Jack Bates jba...@brightok.net wrote:
On 2/20/2013 1:05 PM, Jon Lewis wrote:
See thread: nanog impossible circuit
Even your leased lines can have packets copied off or injected into them,
apparently so easily it can be done by accident.
This is
Failure to understand reality is not reality's fault.
On February 20, 2013 at 09:10 calin.chior...@secdisk.net (calin.chiorean) wrote:
If I didn't miss any part of the report, no *nix is mentioned.
I'm a *nix fan, but why they (when I say they, I mean an attacker, not
necessary the
That way lies madness and sweaty palms, Jason.
But mostly you know because I haven't ever aimed such robots at the list in the
18 years I've been on it.
-jra
Jason Baugher ja...@thebaughers.com wrote:
But how do we KNOW this really came from you? :)
On Wed, Feb 20, 2013 at 2:34 PM, Jay
First, if you are starting from a /32 and deciding how to carve it up from
there, you are already approaching the problem backwards.
The correct approach (general broad strokes) is to:
1. Identify your subnetting needs.
A. Infrastructure addressing
On Feb 20, 2013, at 1:33 PM, valdis.kletni...@vt.edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable. you
can bet that they are all snooping and attacking eachother, the united
states no less than the rest. news
I've hacked JRA's private key and I approve this message.
(just kidding, but someone had to say it.)
Owen
On Feb 20, 2013, at 17:52 , Jay Ashworth j...@baylink.com wrote:
That way lies madness and sweaty palms, Jason.
But mostly you know because I haven't ever aimed such robots at the list
Oh, /I'm/ the Whacky Weekend thread this week?
Thnks.
- jra
Owen DeLong o...@delong.com wrote:
I've hacked JRA's private key and I approve this message.
(just kidding, but someone had to say it.)
Owen
On Feb 20, 2013, at 17:52 , Jay Ashworth j...@baylink.com wrote:
That way lies
Very true. The objection is more that the exploits are aimed at civilian
rather than (or, more accurately, as well as) military / government /
beltway targets.
Which makes the alleged chinese strategy rather more like financing jehadis
to suicide bomb and shoot up hotels and train stations,
Check this out.
Cheers,
-- jra
http://www.phonescoop.com/articles/article.php?a=11956
This email was sent via Phone Scoop (www.phonescoop.com). The sender thought
you might be interested in the page linked above.
Anyone have visibility on Level 3 IPv6 routing? I'm unable to reach
http://fedoraproject.org by their primary and ended up having to spoof a
secondary in local DNS. Note that this is on HughesNet; multiple levels of
support have been clueless or stumped.
For the curious:
[darton@dkw-vostro ~]$
Sorry for the noise, I just looked at Level3 LG again (it returned unknown
error messages the last time I tried this). Approximating the same route,
their trace reaches fed2 and actually leaves the inter-VLAN whereas mine
stops at hop 13 here. I'm guessing the !filtered at the destination is just
--- s...@cs.columbia.edu wrote:
From: Steven Bellovin s...@cs.columbia.edu
An amazing percentage of private lines are pseudowires, and neither you nor
your telco salesdroid can know or tell; even the real circuits are routed
through DACS, ATM switches, and the like. This is what link
When you really look at human behavior the thing that remains the same is core
motives. The competition makes sense in that it is human nature to aggresse for
resources. We are challenged in the fact that we 'want' to belong among the
other five. This will never change but.
What is really
The only spanking that has been going on nanog lately is Jay using his
email to keep us up to date on current news. I am going to call it a
night, and look for a SCUD fired from Florida in the morning. ;)
On 2/20/13 11:29 PM, Richard Porter rich...@pedantictheory.com wrote:
When you really
On Thursday, February 21, 2013, Warren Bailey wrote:
The only spanking that has been going on nanog lately is Jay using his
email to keep us up to date on current news. I am going to call it a
night, and look for a SCUD fired from Florida in the morning. ;)
Nanog setting their list server up
62 matches
Mail list logo