Re: dilemmas

2016-11-02 Thread Randy Bush
On Thu, 03 Nov 2016 12:03:32 +0900, Royce Williams wrote: > On Wed, Nov 2, 2016 at 6:47 PM, William Herrin wrote: >> On Wed, Nov 2, 2016 at 10:39 PM, Randy Bush wrote: >>> the sysadmins' dilemma: do you install today's critical update or >>> wait a day until the next one is out before you reboot

Re: dilemmas

2016-11-02 Thread Royce Williams
On Wed, Nov 2, 2016 at 6:47 PM, William Herrin wrote: > On Wed, Nov 2, 2016 at 10:39 PM, Randy Bush wrote: > > the sysadmins' dilemma: do you install today's critical update or wait a > > day until the next one is out before you reboot 50 servers? > > Neither. You wait for the normal patch cycle

Re: dilemmas

2016-11-02 Thread William Herrin
On Wed, Nov 2, 2016 at 10:39 PM, Randy Bush wrote: > the sysadmins' dilemma: do you install today's critical update or wait a > day until the next one is out before you reboot 50 servers? Neither. You wait for the normal patch cycle because the other six barriers to exploiting the vulnerability w

dilemmas

2016-11-02 Thread Randy Bush
the users' dilemma: do you buy a mac today, or wait six month hoping they will fix X (for your particular X)? the sysadmins' dilemma: do you install today's critical update or wait a day until the next one is out before you reboot 50 servers?

Re: Syn flood to TCP port 21 from priveleged port (80)

2016-11-02 Thread Theodore Baschak
This might be a little late on this thread, however I just saw the following news item on twitter which seemed pertinent to this story: http://www.theregister.co.uk/2016/11/02/william_hill_ddos/ I guess they're a bookie who's under DDoS? Theodore Baschak - AS395089 - Hextet Systems https://ciscod

Re: Syn flood to TCP port 21 from priveleged port (80)

2016-11-02 Thread Christian Kildau
There is some nice research regarding systems "abusable" for reflection by tcp port and the amplification factor depending on the OS: http://www.christian-rossow.de/publications/tcpamplification-woot2014.pdf And in more detail: https://www.usenix.org/system/files/conference/usenixsecurity14/sec14-

Re: Large BGP Communities beacon in the wild

2016-11-02 Thread Mark Tinka
On 27/Oct/16 08:19, Job Snijders wrote: > Please verify if you can see 192.147.168.0/24 and 2001:67c:208c::/48 Looks good for me. Both come with: unknown transitive attribute: flag 0xE0 type 0x20 length 0xC value 3CCA 0001 0001 Mark.

Re: MPLS in the campus Network?

2016-11-02 Thread Mark Tinka
On 24/Oct/16 22:13, Wayne Bouchard wrote: > If the reason for L2 transport is purely customer driven and purely > ptp, then a L2 VPN solution would be better than directly transporting > the frames. If you don't have to bridge it directly, don't. Keep the > core at layer 3 wherever possible. L2