Re: Please run windows update now

2017-05-15 Thread valdis . kletnieks
On Mon, 15 May 2017 16:19:37 -0700, "Aaron C. de Bruyn via NANOG" said: > Combine that with fail2ban. When one user has more than 60 writes in > 60 seconds *or* a write contains a well-known cryptolocker name (i.e. > *DECRYPT_INSTRUCT*) Oddly enough, we've seen *lots* of spammers that are *total

Re: Carrier classification

2017-05-15 Thread Randy Bush
> Putting aside the question of their importance, there is a small number > of ISPs that do no pay for transit. If you don't call them Tier 1, what > do you call them? Transit Free Providers (TFPs)? LFB, late for breakfast

Re: Carrier classification

2017-05-15 Thread joel jaeggli
On 5/15/17 10:01 PM, Ken Chase wrote: > so cogent has no routes to some amount of v6? ie no routes > to some prefixes? it's easy enough to test TestRouter Location Hostname / IP Address 2607:f8b0:4005:801::200e Go! Tue May 16 04:00:27.010 UTC % Network not in table http:/

Re: Carrier classification

2017-05-15 Thread Ken Chase
so cogent has no routes to some amount of v6? ie no routes to some prefixes? /kc On Mon, May 15, 2017 at 07:56:14PM -0700, Large Hadron Collider said: >My terminology of tiers are: > >Tier 1 - is in few or no major disputes, has no transit, and is able to >access over three nines percent

Re: Carrier classification

2017-05-15 Thread Large Hadron Collider
My terminology of tiers are: Tier 1 - is in few or no major disputes, has no transit, and is able to access over three nines percent of the internet Tier 2 - as Tier 1, but has transit. Cogent is neither on v6, and I have no clue about v4. HE is probably Tier 2 on v4, and is Tier 1 on v6. On

Re: Please run windows update now

2017-05-15 Thread Joe
Hi Scott As with any open forum you take the good with the bad. I've been on this list since 2001, you learn to dump the static and learn from the good advise. Too much information (whether good or bad) is better than none. -Joe On Mon, May 15, 2017 at 8:12 PM, Scott Weeks wrote: > > > --- na

Re: Please run windows update now

2017-05-15 Thread Joe
Hi Scott As with any open forum you take the good with the bad. I've been on this list since 2001, you learn to dump the static and learn from the good advise. Too much information (whether good or bad) is better than none. -Joe On Mon, May 15, 2017 at 8:12 PM, Scott Weeks wrote: > > > ---

Re: Carrier classification

2017-05-15 Thread Ca By
On Mon, May 15, 2017 at 6:44 PM Bradley Huffaker wrote: > On Sun, May 14, 2017 at 09:24:18AM +0200, Mark Tinka wrote: > > > > Nowadays, I'm hearing this less and less, but it's not completely gone. > > Putting aside the question of their importance, there is a small number > of ISPs that do no pa

Re: Please run windows update now

2017-05-15 Thread Jonathan Roach
Microsoft aren't stupid. They have learned lessons from the days in the 90s and early 2000s when they were a laughing stock in terms of security, and since then Windows security has improved enormously. OK, so it's not perfect, but what software is? Dirty Cow, Shellshock and Heartbleed for example

Re: Carrier classification

2017-05-15 Thread Bradley Huffaker
On Sun, May 14, 2017 at 09:24:18AM +0200, Mark Tinka wrote: > > Nowadays, I'm hearing this less and less, but it's not completely gone. Putting aside the question of their importance, there is a small number of ISPs that do no pay for transit. If you don't call them Tier 1, what do you call them?

RE: Please run windows update now

2017-05-15 Thread Scott Weeks
--- na...@incomingmta.com wrote: From: "Phillip White" ...I have been on this list for many years...Today, though, I felt the need to create the mailbox just so I could reply since your posts have been the most irritating I have ever seen on this list. --

Re: Please run windows update now

2017-05-15 Thread Aaron C. de Bruyn via NANOG
On Mon, May 15, 2017 at 2:48 PM, J. Oquendo wrote: > On Mon, 15 May 2017, b...@theworld.com wrote: >> You count the number of destructive opens in the kernel and if it >> exceeds a threshold (for example) you stop it and pop up a warning. That's basically what I did. I got tired of users consta

Re: Please run windows update now

2017-05-15 Thread J. Oquendo
On Mon, 15 May 2017, b...@theworld.com wrote: > Oh great a design review! > > Hello Valdis, I am Barry Shein. I've done decades of internals and > kernel work. > > Ever use any Windows since about Vista? It throws up those warning > pop-ups when you're about to do something it decides needs > co

Re: Please run windows update now

2017-05-15 Thread Royce Williams
On Fri, May 12, 2017 at 10:30 AM, Royce Williams wrote: > My $0.02, for people doing internal/private triage: > > - If your use of IPv4 space is sparse by routes, dump your internal > routing table and convert to summarized CIDR. > > - Feed your CIDRs to masscan [1] to scan for internal port 445

Re: Please run windows update now

2017-05-15 Thread bzs
On May 15, 2017 at 16:17 valdis.kletni...@vt.edu (valdis.kletni...@vt.edu) wrote: > On Mon, 15 May 2017 15:45:26 -0400, b...@theworld.com said: > > > So for example why does a client OS produced with that much money > > available even allow things like wholesale encryption of files without

vFlow :: IPFIX, sFlow and Netflow collector

2017-05-15 Thread Mehrdad Arshad Rad
Hi all, I just wanted to share the vFlow - IPFIX, sFlow and Netflow collector, it's scalable and reliable, written by pure Golang! It doesn't have any library dependency and works w/ Kafka and NSQ (you can write your own MQ plugin). https://github.com/VerizonDigital/vflow For more information ht

Re: Please run windows update now

2017-05-15 Thread William Waites
> On May 15, 2017, at 21:17, valdis.kletni...@vt.edu wrote: > >> So for example why does[n’t] a client OS confirm that you really >> meant to run a program on $THRESHOLD files… > How does the operating system detect that and throw a pop-up > *before* that executes? > > It's a lot harder problem

Re: Please run windows update now

2017-05-15 Thread valdis . kletnieks
On Mon, 15 May 2017 15:45:26 -0400, b...@theworld.com said: > So for example why does a client OS produced with that much money > available even allow things like wholesale encryption of files without > at least popping up one of those warnings to confirm that you really > meant to run a program o

Re: Please run windows update now

2017-05-15 Thread bzs
Since everyone else is bloviating I may as well also... The underlying problem is that Microsoft tried to produce basically one operating system for both servers and end-users and most anything in between. Putting some lipstick on them and names such as "server 2008" doesn't negate that. Ok so

RE: Please run windows update now

2017-05-15 Thread timrutherford
>> >> >> >> https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ >> Look near the bottom under Further Resources. Those are the links appear to be patche

RE: Please run windows update now

2017-05-15 Thread Eliezer Croitoru
Calling someone who uses Windows un-professional would be a "gossip" style phrase. This is a piece of software which can be tested and compared to others. Would Android be better then windows only because it is based on the Linux kernel or since it's based on the full engineering it was invested fr

Re: Question to Google

2017-05-15 Thread Christopher Morrow
On Mon, May 15, 2017 at 1:25 PM, Damian Menscher via NANOG wrote: > On Mon, May 15, 2017 at 8:07 AM, Stephane Bortzmeyer > wrote: > > > On Mon, May 15, 2017 at 07:55:41AM -0700, > > Damian Menscher wrote > > a message of 82 lines which said: > > > > > Can you point to published studies where

RE: Please run windows update now

2017-05-15 Thread Phillip White
You, sir, are to be congratulated! I have been on this list for many years - mainly to keep in the loop. Up until today the list went to a catch-all account as I have never felt the need to post. Today, though, I felt the need to create the mailbox just so I could reply since your posts have be

Re: Question to Google

2017-05-15 Thread Damian Menscher via NANOG
On Mon, May 15, 2017 at 8:07 AM, Stephane Bortzmeyer wrote: > On Mon, May 15, 2017 at 07:55:41AM -0700, > Damian Menscher wrote > a message of 82 lines which said: > > > Can you point to published studies where the root and .com server > > operators analyzed Todd's questions? > > For the root,

Re: Please run windows update now

2017-05-15 Thread Brad Knowles
On May 15, 2017, at 11:21 AM, J. Oquendo wrote: >> Not everyone licks their chops and thinks "fresh meat" when they see >> worldwide panic that results from a massive security hole like this. > > Jump in the security space, where we may gladly trade our > cats and dogs for Porsche Panameras Th

Re: Please run windows update now

2017-05-15 Thread J. Oquendo
On Mon, 15 May 2017, Brad Knowles wrote: > If Microsoft didn't open the security hole in the first place, then there > wouldn't be a need to patch it afterwards. You are very correct. Microsoft opened the hole because they had nothing better to do. Or, could it be that these things happen, akin

Re: Please run windows update now

2017-05-15 Thread Brad Knowles
On May 15, 2017, at 10:08 AM, J. Oquendo wrote: > Spot on. Shame on Microsoft for releasing patches and not > forcing the installation versus letting security managers > open up ISC^, and other nonsensical frameworks to do things > like "change/patch management" tasks. I mean, who cares if > one

Re: Please run windows update now

2017-05-15 Thread Keith Stokes
https://blogs.technet.microsoft.com/msrc/2017/05/12/customer-guidance-for-wannacrypt-attacks/ Look near the bottom under Further Resources. On May 15, 2017, at 10:44 AM, Keith Medcalf mailto:kmedc...@dessus.com>> wrote: I do not see any links to actually download the actual patches. Just a

RE: Charter engineer

2017-05-15 Thread Manser, Charles J
Mr. Carman, Did someone already reach out to you off-list? Charles Manser | Principal Engineer I, Network Security | [c] 813-422-4281 14810 Grasslands Dr, Englewood, CO 80112 -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Samual Carman Sent: Sunday, May 14,

RE: Please run windows update now

2017-05-15 Thread Keith Medcalf
I do not see any links to actually download the actual patches. Just a bunch of text drivel. -- ˙uʍop-ǝpısdn sı ɹoʇıuoɯ ɹnoʎ 'sıɥʇ pɐǝɹ uɐɔ noʎ ɟı > -Original Message- > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of > timrutherf...@c4.net > Sent: Monday, 15 May, 2017 09:23

RE: Please run windows update now

2017-05-15 Thread timrutherford
I should clarify, the link in my email below is only for windows versions that are considered unsupported. This one has links for the currently supported versions of windows https://support.microsoft.com/en-us/help/4013389/title -Original Message- From: timrutherf...@c

RE: Please run windows update now

2017-05-15 Thread timrutherford
They even released updates for XP & 2003 http://www.catalog.update.microsoft.com/search.aspx?q=4012598 -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Josh Luthman Sent: Monday, May 15, 2017 10:45 AM To: Nathan Fink Cc: nanog@nanog.org Subject: Re: Please ru

Re: Please run windows update now

2017-05-15 Thread J. Oquendo
On Mon, 15 May 2017, Brad Knowles wrote: > As much as I hate, loathe, and despise Microsoft, there's always going to be > someone/something out there that is "the worst". Eliminate the current > "worst", and there will be another one right behind them. > > I do believe that Microsoft is direct

Re: Question to Google

2017-05-15 Thread Stephane Bortzmeyer
On Mon, May 15, 2017 at 07:55:41AM -0700, Damian Menscher wrote a message of 82 lines which said: > Can you point to published studies where the root and .com server > operators analyzed Todd's questions? For the root, the most comprehensive one is probably SAC 18 A good summary is

Re: Please run windows update now

2017-05-15 Thread Brad Knowles
On May 15, 2017, at 5:37 AM, Rich Kulawiec wrote: > [1] There may be no such thing as a secure system, period. But it > would be better to deploy things that may have a fighting chance > instead of things that have long since proven to have none at all. As much as I hate, loathe, and despise Mic

Re: Question to Google

2017-05-15 Thread Damian Menscher via NANOG
On Mon, May 15, 2017 at 7:06 AM, Stephane Bortzmeyer wrote: > On Mon, May 15, 2017 at 09:20:17AM -0400, > Todd Underwood wrote > a message of 66 lines which said: > > > so implications that this is somehow related to Google dragging > > their feet are silly. > > Implying that the root name ser

Re: Please run windows update now

2017-05-15 Thread Josh Luthman
Link? I only posted it as reference to the vulnerability. Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Sat, May 13, 2017 at 2:07 AM, Nathan Fink wrote: > I show MS17-010 as already superseded in SCCM > > On Fri, May 12, 2017 at 1:44 PM, Jos

Re: Question to Google

2017-05-15 Thread Matt Mathis via NANOG
One badly configured mid sized ISP might blow search's entire failure budget. (Read the SRE book.) I have been trying for years to get somebody to do a measurement to show that properly configured dual stack generally has better user QoE than either protocol alone, largely because CGN doesn't sca

Re: Please run windows update now

2017-05-15 Thread Nathan Fink
I show MS17-010 as already superseded in SCCM On Fri, May 12, 2017 at 1:44 PM, Josh Luthman wrote: > MS17-010 > https://technet.microsoft.com/en-us/library/security/ms17-010.aspx > > > Josh Luthman > Office: 937-552-2340 > Direct: 937-552-2343 > 1100 Wayne St > Suite 1337 > Troy, OH 45373 > > On

Re: Please run windows update now

2017-05-15 Thread Jorge Amodio
With that kind of attitude and disconnect from reality I wonder who is the unprofessional moron... - Jorge (mobile) > On May 15, 2017, at 1:12 AM, Rich Kulawiec wrote: > >> On Sat, May 13, 2017 at 12:07:39AM -0500, Joe wrote: >> One word. Linux. > > Or BSD, or anything but Windows. Anyone

Re: Please run windows update now

2017-05-15 Thread Andrew Kerr
Just a note folks that while this particular ransomware is using the MS17-010 exploit to help spread, it does not rely on it. This is still a regular piece of ransomware that if someone opens the malicious file, will encrypt files. SANS has some IoCs and more information: https://isc.sans.edu/for

Re: Question to Google

2017-05-15 Thread Christopher Morrow
On Mon, May 15, 2017 at 10:06 AM, Stephane Bortzmeyer wrote: > On Mon, May 15, 2017 at 09:20:17AM -0400, > Todd Underwood wrote > a message of 66 lines which said: > > > so implications that this is somehow related to Google dragging > > their feet are silly. > > Implying that the root name se

Re: Question to Google

2017-05-15 Thread Stephane Bortzmeyer
On Mon, May 15, 2017 at 09:20:17AM -0400, Todd Underwood wrote a message of 66 lines which said: > so implications that this is somehow related to Google dragging > their feet are silly. Implying that the root name server operators, or Verisign (manager of the .com name servers) did not test

Re: Question to Google

2017-05-15 Thread Bjørn Mork
Todd Underwood writes: > On Mon, May 15, 2017 at 8:43 AM, Stephane Bortzmeyer > wrote: > >> >> There are many zones (including your isc.org) that have several name >> servers dual-stacked, and they didn't notice a problem. Furthermore, >> since the DNS is a tree, resolution of google.com requires

Re: Question to Google

2017-05-15 Thread Todd Underwood
On Mon, May 15, 2017 at 9:33 AM, Randy Bush wrote: > > it's a whacky world. as geoff said long ago, if there ever is real > money counting on v6 transport, these messes will straighten out. > totally agree. and i'd like someone else to volunteer the "real money" traffic, please. :-) t

Re: Question to Google

2017-05-15 Thread Randy Bush
> It wouldn't suprise me if the dispute between Google and Cogent was > not part of the issue. Pure speculation on my part. I could be > completely off base. here in japan, if you are using ntt bflets layer two, your layer three provider is likely to present you with a dns server which does not

Re: Question to Google

2017-05-15 Thread Todd Underwood
On Mon, May 15, 2017 at 8:43 AM, Stephane Bortzmeyer wrote: > > There are many zones (including your isc.org) that have several name > servers dual-stacked, and they didn't notice a problem. Furthermore, > since the DNS is a tree, resolution of google.com requires a proper > resolution of the roo

Re: Question to Google

2017-05-15 Thread Mark Andrews
In message <20170515124359.a3o7evaostrvm...@nic.fr>, Stephane Bortzmeyer writes : > > Unfortunately, every time we've looked at the data, the > > conclusion has been that it would cause unwarranted user > > impact. IIRC the most recent blocker was a major US ISP whose > > clients w

Re: Question to Google

2017-05-15 Thread Stephane Bortzmeyer
> Unfortunately, every time we've looked at the data, the > conclusion has been that it would cause unwarranted user > impact. IIRC the most recent blocker was a major US ISP whose > clients would experience breakage if even just one NS record > was dual-stacked. Ther

Re: Question to Google

2017-05-15 Thread Mark Andrews
In message , "Marco Davids (Pr ivate)" writes: > > Hi, > > Anyone knows why coogle.com only have IPv4-adresses on their > authoritative DNS? > > https://ip6.nl/#!google.com > > Are there any plans to fix this? > > -- > Marco Lorenzo's reply to this statement Google isn't reachable.   Th

Re: Please run windows update now

2017-05-15 Thread Randy Bush
fyi, current opinion in the security community seems to be that win10 is better secured than linuxes, bsds, ... see http://cyber-itl.org/; still pretty sparse, but getting flushed out. randy

Question to Google

2017-05-15 Thread Marco Davids (Private)
Hi, Anyone knows why coogle.com only have IPv4-adresses on their authoritative DNS? https://ip6.nl/#!google.com Are there any plans to fix this? -- Marco smime.p7s Description: S/MIME Cryptographic Signature

Re: BCP for securing IPv6 Linux end node in AWS

2017-05-15 Thread JORDI PALET MARTINEZ
Just make sure that nothing breaks PTB as it happens if you don’t pay attention to ECMP. RFC7690 1&1 in Germany has this issue since at least 18-24 months ago, so all their customers with IPv6 enabled are *broken* for anyone having a smaller MTU because tunnels or the ISP technology, etc. They

Re: BCP for securing IPv6 Linux end node in AWS

2017-05-15 Thread Rich Kulawiec
On Sun, May 14, 2017 at 09:29:45AM -0400, Eric Germann wrote: > I???ve reviewed some of the stuff out there, but apparently I???m > catching too many of the ICMP types in the rejection as routing eventually > breaks. My guess is router discovery gets broken by too tight of filters. That's a good

Re: Please run windows update now

2017-05-15 Thread Rich Kulawiec
You make some excellent points: but I grow very, very tired of having to spend my time and my energy -- note timestamp on my message -- dealing with the fallout. It should be painfully clear to everyone that there is no such thing as a secure Windows system. [1] It should have been painfully cl

Re: Please run windows update now

2017-05-15 Thread Randy Bush
> Or BSD, or anything but Windows. Anyone running Microsoft products > is quite clearly an unprofessional, unethical moron and fully deserves > all the pain they get -- including being sued into oblivion by their > customers and clients for their obvious incompetence and negligence. aside from be

Re: Please run windows update now

2017-05-15 Thread valdis . kletnieks
On Mon, 15 May 2017 02:12:27 -0400, Rich Kulawiec said: > Or BSD, or anything but Windows. Anyone running Microsoft products > is quite clearly an unprofessional, unethical moron and fully deserves > all the pain they get Tell you what. Go over to http://line6.com/software/ - You convince them