This is very interesting and insightful.
While the broadcasting would seem more efficient (and cheaper in many respect)
than webcasting for the live content, the former can't quite serve multiple
devices with varying form-factors with the same efficiency. The latter can.
Isn't that a key
On 6/11/13 9:39 AM, Bernhard Schmidt wrote:
Heya everyone,
we have been getting reports lately about unsecured UDP chargen servers
in our network being abused for reflection attacks with spoofed sources
http://en.wikipedia.org/wiki/Character_Generator_Protocol
| In the UDP implementation of
Brielle Bruns br...@2mbit.com wrote:
Hey,
we have been getting reports lately about unsecured UDP chargen servers
in our network being abused for reflection attacks with spoofed sources
http://en.wikipedia.org/wiki/Character_Generator_Protocol
| In the UDP implementation of the protocol,
On Jun 7, 2013, at 9:53 AM, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Michael Painter tvhaw...@shaka.com
Anyone besides jra remember the last Super Bowl?
Better this year? Worse?
I'm sure whomever is listening in would like to know as well.
Dear NANOG Community,
RIPE Programme Commitee is now seeking proposals for RIPE 67 that will take
place in Athens during 14-18 October 2013.
Please find the CFP below and note the submission deadline: 4 August.
We hope to see your contributions towards a successful programme with Plenary,
We got hit with this in September. UDP/19 became our most busiest port
overnight. Most of the systems participating were printers. We dropped it at
the border, and had no complaints or ill effects.
—-Vlad Grigorescu
Carnegie Mellon University
On Jun 11, 2013, at 11:39 AM, Bernhard Schmidt
For all that are interested in NIST's RPKI prefix/origin validation reference
implementation for Quagga (BGPSRx / QuaggaSRx),
we merged the code from Quagga 0.99.16 to be based on Quagga 0.99.22.
The code is available at http://www-x.antd.nist.gov/bgpsrx
For questions or comments don't hesitate
Hmmm. Do you not run a default deny at your border, which would catch this sort
of thing? Granted thats not always possible I suppose. Maybe block all UDP you
dont specifically need? Do you have an ids/ips? If not, look at SecurityOnion
on a SPAN port, it will provide great insight into whats
On Tue, 11 Jun 2013, Vlad Grigorescu wrote:
We got hit with this in September. UDP/19 became our most busiest port
overnight. Most of the systems participating were printers. We dropped
it at the border, and had no complaints or ill effects.
Dropping the TCP and UDP small services like echo
On Jun 11, 2013, at 10:39 AM, Bernhard Schmidt be...@birkenwald.de wrote:
This seems to be something new. There aren't a lot of systems in our
network responding to chargen, but those that do have a 15x
amplification factor and generate more traffic than we have seen with
abused open
I can just see someone spoofing a packet from victimA port 7/UDP to victimB
port 19/UDP.
--Dave
-Original Message-
From: Leo Bicknell [mailto:bickn...@ufp.org]
Sent: Tuesday, June 11, 2013 3:13 PM
To: Bernhard Schmidt
Cc: nanog@nanog.org
Subject: Re: chargen is the new DDoS tool?
On Tue, 11 Jun 2013 15:38:45 -0400, David Edelman said:
I can just see someone spoofing a packet from victimA port 7/UDP to victimB
port 19/UDP.
For a while, it was possible to spoof packets to create a TCP connection from a
machine's chargen port to its own discard port and walk away while it
On 6/11/13, Justin M. Streiner strei...@cluebyfour.org wrote:
Other than providing another DDoS vector, I'm not aware of any legitimate
reason to keep these services running and accessible. As always, YMMV.
They are useful for troubleshooting and diagnostic purposes. Just be
sure to limit
Message: 1
Date: Sun, 9 Jun 2013 18:59:16 -0400
From: Randy Fischer randy.fisc...@gmail.com
To: North American Network Operators Group nanog@nanog.org
Subject: Mechanics of CALEA taps
Message-ID:
CAGXkcm46fVFhnoHKZiACEYe5k4CV=H45Ff=zzmlz2pqyeyn...@mail.gmail.com
Content-Type:
On Jun 12, 2013, at 2:13 AM, Leo Bicknell wrote:
The number is non-zero? In 2013?
These are largely modern printers and other 'embedded' devices which are
running OS configurations apparently cribbed out of 20-year-old gopher docs.
;
Any ASA sme's out there?
--
Phil Fagan
Denver, CO
970-480-7618
On Jun 12, 2013, at 6:36 AM, Phil Fagan wrote:
Any ASA sme's out there?
Suggest you check on the cisco-nsp list.
---
Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com
Luck is the residue of
Thank you
On Tue, Jun 11, 2013 at 5:42 PM, Dobbins, Roland rdobb...@arbor.net wrote:
On Jun 12, 2013, at 6:36 AM, Phil Fagan wrote:
Any ASA sme's out there?
Suggest you check on the cisco-nsp list.
---
Roland Dobbins
On Tue, 11 Jun 2013 12:06:36 -0400, Brielle Bruns br...@2mbit.com wrote:
Are these like machines time forgot or just really bag configuration
choices?
All of the above plus very poorly managed network / network security.
(sadly a Given(tm) for anything ending dot-e-d-u.) a) why are
On Tue, Jun 11, 2013 at 07:52:02PM -0400, Ricky Beam wrote:
All of the above plus very poorly managed network / network
security. (sadly a Given(tm) for anything ending dot-e-d-u.) a) why
are *printers* given public IPs? and b) why are internet hosts
allowed to talk to them? I actually
On Tue, Jun 11, 2013 at 4:57 PM, Majdi S. Abbas m...@latt.net wrote:
I have a hard time blaming a school for this. I have an easy
time wondering why printer manufacturers are including chargen support
in firmware.
Isn't that what printer do? Generate characters? It was in the
On Tue, 11 Jun 2013 19:57:17 -0400, Majdi S. Abbas m...@latt.net wrote:
You've never worked for one, have you?
Indeed I have. Which is why I haven't for a great many years. Academics
tend to be, well, academic. That is, rather far out of touch with the
realities of running /
On 6/11/13, Majdi S. Abbas m...@latt.net wrote:
On Tue, Jun 11, 2013 at 07:52:02PM -0400, Ricky Beam wrote:
All of the above plus very poorly managed network / network
security. (sadly a Given(tm) for anything ending dot-e-d-u.) a) why
are *printers* given public IPs? and b) why are internet
On Tue, 11 Jun 2013 21:37:04 -0400, Ricky Beam said:
Indeed I have. Which is why I haven't for a great many years. Academics
tend to be, well, academic. That is, rather far out of touch with the
realities of running / securing a network.
Do you have any actual evidence that a .edu of (say)
Hi,
The IANA AS Numbers registry has been updated to reflect two changes.
LACNIC has returned the range 61440-62463 in exchange for a block
composed of two non-contiguous ranges:
61440-61951
263168-263679
Both ranges were allocated today. You can find the IANA AS Numbers
registry at:
On Tue, 11 Jun 2013 22:52:52 -0400, Jimmy Hess mysi...@gmail.com wrote:
Who really has a solid motive to make them stop working (other than a
printer manufacturer who wants to sell them more) ?
Duh, so people cannot print to them. (amungst various other creative
pranks)
From a
On Tue, 11 Jun 2013 22:55:12 -0400, valdis.kletni...@vt.edu wrote:
Do you have any actual evidence that a .edu of (say) 2K employees
is statistically *measurably* less secure than a .com of 2K employees?
We're sorta lookin' at one now. :-)
But seriously, how do you measure one's security?
I just got a bunch of bgpmon alerts that our prefixes were being
seen as announced through GBLX 3549 from bgpmon's Finland location
peer.
David
And now the announcements are withdrawn. Good times.
-Original Message-
From: David Hubbard
Sent: Wednesday, June 12, 2013 12:15 AM
To: nanog@nanog.org
Subject: Any Level 3 / GBLX things going on tonight?
I just got a bunch of bgpmon alerts that our prefixes were being
seen as
29 matches
Mail list logo