On Sat, 20 Dec 2008, Randy Bush wrote:
unfortunately snort does not really scale to a larger provider. and, to the
best of my poor knowledge, good open source tools to black-hole/redirect
botted users are not generally available. universities have some that are
good at campus and enterprise sc
"Brandon Galbraith" writes:
> But it's definitely not cool when my credit card company cuts off my card
> due to "abnormal charges" when I'm abroad and suddenly can't get ahold of
> customer service via their international phone number. Automation in the
> right places works wonders for both conve
On 12/20/08, Seth Mattinen wrote:
>
>
> I like automation. It has rules and follows them. The rules are posted
> ahead of time for all to see. Most of the time people are happy to see the
> automated system put a stop to some kind of potential disaster before it has
> time to cause more damage. It
Luke S Crawford wrote:
Randy Bush writes:
speaking as a small provider, I can tell you that I find running snort
against my inbound traffic does reduce the cost of running an abuse desk.
I do catch offenders before I get abuse@ complaints, sometimes.
unfortunately snort does not really scale
Randy Bush writes:
> > speaking as a small provider, I can tell you that I find running snort
> > against my inbound traffic does reduce the cost of running an abuse desk.
> > I do catch offenders before I get abuse@ complaints, sometimes.
>
> unfortunately snort does not really scale to a large
On 20/12/2008, at 4:23 PM, Randy Bush wrote:
speaking as a small provider, I can tell you that I find running
snort
against my inbound traffic does reduce the cost of running an abuse
desk.
I do catch offenders before I get abuse@ complaints, sometimes.
unfortunately snort does not really
On Dec 19, 2008, at 10:23 PM, Randy Bush allegedly wrote:
unfortunately snort does not really scale to a larger provider.
I respectfully disagree. I have very large entities with ALOT of
traffic running through Snort.
However, they are also using my company's products.
I work for Source
be specific, like "if you run X tools the payoff will be Y."
Yes. And where is the appropriate form for this?
there must be some operators' list somewhere.
> it doesn't seem like the sort of thing NANOG is for
yep. nanog is for whining about it, not doing/saying something actually
construc
Randy Bush writes:
> be specific, like "if you run X tools the payoff will be Y."
Yes. And where is the appropriate form for this?I find this
sort of thing quite interesting; and yeah, it doesn't seem like the
sort of thing NANOG is for, but most of the small ISP forms
(like webhostingtalk
On Sun, 14 Dec 2008, Christopher Morrow wrote:
On Sun, Dec 14, 2008 at 8:44 PM, Gadi Evron wrote:
On Sun, 14 Dec 2008, Rich Kulawiec wrote:
On Sat, Dec 13, 2008 at 05:51:13PM +0900, Randy Bush wrote:
but you need to be much more specific about what you want from
medium and smaller isps, and
On Fri, Dec 12, 2008 at 01:13:59PM -0600,
Frank Bulk wrote
a message of 52 lines which said:
> Is there an easy way to get past history on an IP block? Most sites
> will show you aspects of that *now*
http://www.renesys.com/blog/2008/11/for-sale-clean-lightly-used-ip.shtml
(That's just
On Sun, Dec 14, 2008 at 8:44 PM, Gadi Evron wrote:
> On Sun, 14 Dec 2008, Rich Kulawiec wrote:
>>
>> On Sat, Dec 13, 2008 at 05:51:13PM +0900, Randy Bush wrote:
>>>
>>> but you need to be much more specific about what you want from
>>> medium and smaller isps, and what the immediate payoffs (cf. t
On Sun, 14 Dec 2008, Rich Kulawiec wrote:
On Sat, Dec 13, 2008 at 05:51:13PM +0900, Randy Bush wrote:
but you need to be much more specific about what you want from
medium and smaller isps, and what the immediate payoffs (cf. the
financial secions of the newpaper) will be to them to justify the
Quick comment on e-commerce.
Consider that in many/most cases, the merchant will want to capture the
customer's address which is sent along with credit card information for
authorization. Once the merchant has received an authorization, he is
pretty much garanteed to get pad by the credit card com
On 08.12.15 05:08, Rich Kulawiec wrote:
On Sat, Dec 13, 2008 at 05:51:13PM +0900, Randy Bush wrote:
but you need to be much more specific about what you want from
medium and smaller isps, and what the immediate payoffs (cf. the
financial secions of the newpaper) will be to them to justify the co
Wow!! thats an eye opener..
On Mon, Dec 15, 2008 at 1:08 AM, Rich Kulawiec wrote:
> On Sat, Dec 13, 2008 at 05:51:13PM +0900, Randy Bush wrote:
> > but you need to be much more specific about what you want from
> > medium and smaller isps, and what the immediate payoffs (cf. the
> > financial se
On Sat, Dec 13, 2008 at 05:51:13PM +0900, Randy Bush wrote:
> but you need to be much more specific about what you want from
> medium and smaller isps, and what the immediate payoffs (cf. the
> financial secions of the newpaper) will be to them to justify the costs.
Inferior people look solely
On 13 Dec 2008, at 12:39, Steven M. Bellovin wrote:
On Fri, 12 Dec 2008 16:33:51 -0800 "Tomas L. Byrnes"
wrote:
Because anyone with half a brain blocks proxies from their e-
commerce site.
What is a proxy? A garden-variety squid server, in the DMZ of a
corporate firewall? The nasty box i
On Fri, 12 Dec 2008 16:33:51 -0800
"Tomas L. Byrnes" wrote:
> Because anyone with half a brain blocks proxies from their e-commerce
> site.
>
What is a proxy? A garden-variety squid server, in the DMZ of a
corporate firewall? The nasty box in some hotels that "helps" guests
surf the net? A so
The point I am trying to make here is that ISPs should much more engaged in
this entire process.
most of the larger isps have reasonable security teams with some good
folk. but you need to be much more specific about what you want from
medium and smaller isps, and what the immediate payoffs (
If folks think that people are not "doing" massive correlation of criminal
activity on the Internet, they would be mistaken.
engineers judge by the results. and, unfortunately, we can read them in
the ny times.
though some recent papers sure make interesting reading. just picking
on one pa
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Not in the habit of responding to my e-mail, but...
On Sat, Dec 13, 2008 at 12:29 AM, Paul Ferguson
wrote:
>
> On Sat, Dec 13, 2008 at 12:22 AM, James Hess wrote:
>
>>
>> An in-depth strategy with hundreds or thousands of factors examined
>> resul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Dec 13, 2008 at 12:22 AM, James Hess wrote:
>
> An in-depth strategy with hundreds or thousands of factors examined
> results in a smaller
> (but still present) possibility of the filter/detector being fooled.
>
> IP-based methods can be com
>> On 08.12.13 09:33, Tomas L. Byrnes wrote:
>>> anyone with half a brain blocks proxies from their e-commerce site.
>> can you know at a reasonable confidence level that it's a proxy?
> Give me an IP address (privately, of course). I can tell you if it is, with
> consult from other colleagues in t
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Dec 12, 2008 at 11:36 PM, Randy Bush wrote:
>> So having said all that, what exactly was your point? :-)
>
> bluff calling.
>
> that you can not tell us if that specific host is a proxy means that this
> is pretty much bs.
>
> that you and yo
So having said all that, what exactly was your point? :-)
bluff calling.
that you can not tell us if that specific host is a proxy means that
this is pretty much bs.
that you and your no-girls-allowed club have some list of things you
think are proxies (sure would be nice to have a definiti
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Dec 12, 2008 at 11:24 PM, Randy Bush wrote:
>> Give me an IP address (privately, of course). I can tell you if it is,
>> with
>> consult from other colleagues in the security community.
>
> 147.28.0.36
>
> and "consult with colleagues" is not
Give me an IP address (privately, of course). I can tell you if it is, with
consult from other colleagues in the security community.
147.28.0.36
and "consult with colleagues" is not something very operationally scalable.
randy
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Fri, Dec 12, 2008 at 11:12 PM, Randy Bush wrote:
> On 08.12.13 09:33, Tomas L. Byrnes wrote:
>>
>> anyone with half a brain blocks proxies from their e-commerce site.
>
> can you know at a reasonable confidence level that it's a proxy?
>
Give me
On 08.12.13 09:33, Tomas L. Byrnes wrote:
anyone with half a brain blocks proxies from their e-commerce site.
can you know at a reasonable confidence level that it's a proxy?
randy
On Fri, Dec 12, 2008 at 7:33 PM, Tomas L. Byrnes wrote:
> Because anyone with half a brain blocks proxies from their e-commerce
> site.
>
I doubt it.
-M<
Because anyone with half a brain blocks proxies from their e-commerce
site.
>-Original Message-
>From: Owen DeLong [mailto:o...@delong.com]
>Sent: Friday, December 12, 2008 3:49 PM
>To: Nathan Stratton
>Cc: nanog@nanog.org
>Subject: Re: Netblock reassigned from Chile to
b...@hopcount.ca]
>Sent: Friday, December 12, 2008 3:07 PM
>To: Martin List-Petersen
>Cc: nanog@nanog.org
>Subject: Re: Netblock reassigned from Chile to US ISP...
>
>
>On 2008-12-12, at 15:02, Martin List-Petersen wrote:
>
>> It's a misconception of some
Owen DeLong wrote:
>
> On Dec 12, 2008, at 3:14 PM, Nathan Stratton wrote:
>
>> On Fri, 12 Dec 2008, Joe Abley wrote:
>>
>>> On 2008-12-12, at 15:02, Martin List-Petersen wrote:
>>>
It's a misconception of some muppets, especially in IT related
products, that forget, that a lot or IT pr
Joe Abley wrote:
>
> On 2008-12-12, at 15:02, Martin List-Petersen wrote:
>
>> It's a misconception of some muppets, especially in IT related
>> products, that forget, that a lot or IT professionals do travel all
>> over the world and usually have a credit card in their home country.
>>
>> Pure a
On Dec 12, 2008, at 3:14 PM, Nathan Stratton wrote:
On Fri, 12 Dec 2008, Joe Abley wrote:
On 2008-12-12, at 15:02, Martin List-Petersen wrote:
It's a misconception of some muppets, especially in IT related
products, that forget, that a lot or IT professionals do travel
all over the world
On Fri, 12 Dec 2008, Joe Abley wrote:
On 2008-12-12, at 15:02, Martin List-Petersen wrote:
It's a misconception of some muppets, especially in IT related products,
that forget, that a lot or IT professionals do travel all over the world
and usually have a credit card in their home country.
On 2008-12-12, at 15:02, Martin List-Petersen wrote:
It's a misconception of some muppets, especially in IT related
products, that forget, that a lot or IT professionals do travel all
over the world and usually have a credit card in their home country.
Pure and utter nonsense.
Or perhaps
that *now*
Frank
-Original Message-
From: Robert Tarrall [mailto:tarr...@ecentral.com]
Sent: Thursday, December 11, 2008 9:45 PM
To: nanog@nanog.org
Subject: Re: Netblock reassigned from Chile to US ISP...
Martin List-Petersen wrote:
-> Contact Google.
Somebody from Google rep
On Fri, Dec 12, 2008 at 14:38, Nicolas Antoniello
wrote:
> How about US tourists in Chile trying to buy something with it's US
> based credit card? :)
It just doesn't work.
-Jim P.
l
> show you aspects of that *now*
>
> Frank
>
> -Original Message-
> From: Robert Tarrall [mailto:tarr...@ecentral.com]
> Sent: Thursday, December 11, 2008 9:45 PM
> To: nanog@nanog.org
> Subject: Re: Netblock reassigned from Chile to US ISP...
>
>
Is there an easy way to get past history on an IP block? Most sites will
show you aspects of that *now*
Frank
-Original Message-
From: Robert Tarrall [mailto:tarr...@ecentral.com]
Sent: Thursday, December 11, 2008 9:45 PM
To: nanog@nanog.org
Subject: Re: Netblock reassigned from
On Dec 11, 2008, at 10:44 PM, Robert Tarrall wrote:
...
Yeah, it's those types that I'm hoping to locate as well... Google
and Akamai were immediately noticed by the test users, and have also
responded very quickly (thanks, guys), but ideally we'd like to be
proactive and get as many of these up
try being illiterate and living in japan :)
my gripe is the significant sites that put up the kanji page, offer no
language choice, and you got there from the US url. you're trapped.
and i can not tunnel out of it via my westin or ashburn racks, as my
address blocks are registered to my home
Martin List-Petersen wrote:
-> Contact Google.
Somebody from Google replied off-list. Sounds like Google maybe
had this updated even before he looked at it.
-> Again. Akamai is helpful. Contact them.
Somebody from Akamai replied off-list and they're looking into it.
-> 3) End-user unable t
On Thu, Dec 11, 2008 at 4:00 PM, Robert Tarrall wrote:
>
> Request for help here. We have a business partner who, like us, provides
> DSL services to residential and small-business customers in the US Rocky
> Mountain region.
>
> They just got a /20 from ARIN
What is the block that ARIN allocate
Robert Tarrall wrote:
1) www.google.com is in Spanish
Contact Google.
2) Web pages are slow - am assuming this is due to folks like Akamai
sending them to content caches in Chile though I haven't tested it
myself... God knows "web pages are slow" isn't particularly specific but
I'm assumin
47 matches
Mail list logo
