On Tue, 28 Jan 2003, The New York Times wrote:
A spokesman for Microsoft, Rick Miller, confirmed that a
number of the company's machines had gone unpatched, and
that Microsoft Network services, like many others on the
Internet, experienced a significant slowdown. We, like the
rest of the
Sean,
--On 28 January 2003 03:10 -0500 Sean Donelan [EMAIL PROTECTED] wrote:
Are there practical answers that actually work in the real world with
real users and real business needs?
1. Employ clueful staff
2. Make their operating environment (procedures etc.) best able
to exploit their
at Monday, January 27, 2003 7:50 PM, [EMAIL PROTECTED] [EMAIL PROTECTED]
was seen to say:
This is not correct. VPN simply extends security policy to a different
location. A VPN user must make sure that local security policy
prevents other traffic from entering VPN connection.
This is nice in
I found out that our outgoing SMTP servers have been blocked by
the msn.com MXes. In a nasty way, too -- no SMTP error, the TCP
connection is simply closed by them immidiately after establishing it.
We're not listed on any RBL/DNSBL and have an active abuse desk.
I mailed [EMAIL PROTECTED],
ED Date: Tue, 28 Jan 2003 12:42:41 + (GMT)
ED From: E.B. Dreger
ED Sure, worm authors are to blame for their creations.
ED Software developers are to blame for bugs. Admins are to
s/Admins/Admins and their management/
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
Wow, for a minute I thought I was looking at one of our old
plots, except for the fact that the x-axis says January 2003
and not September 2001 :) :)
seeing that the etiology and effects of the two events were quite
different, perhaps eyeglasses which make them look the same are
not
From:
So far it's been visible as an apparently accidental byproduct of an
attack
with other goals. Are you willing to bet your bifocals that the same
mechanism can't be weaponized and used against the routing infrastructure
directly in the future?
Yet the question becomes the reasoning
Miquel van Smoorenburg([EMAIL PROTECTED])@2003.01.28 11:49:16 +:
I found out that our outgoing SMTP servers have been blocked by
the msn.com MXes. In a nasty way, too -- no SMTP error, the TCP
connection is simply closed by them immidiately after establishing it.
We're not listed on any
In a message written on Tue, Jan 28, 2003 at 03:10:18AM -0500, Sean Donelan wrote:
They bought finest firewalls,
A firewall is a tool, not a solution. Firewall companies advertise
much like Home Depot (Lowes, etc), everything you need to build
a house.
While anyone with 3 brain cells realizes
Not to sound to pro-MS, but if they are going to sue, they should be able to
sue ALL software makers. And what does that do to open source? Apache,
MySQL, OpenSSH, etc have all had their problems. Should we sue the nail gun
vendor because some moron shoots himself in the head with it? No. It
So far it's been visible as an apparently accidental byproduct of an
attack
with other goals. Are you willing to bet your bifocals that the same
mechanism can't be weaponized and used against the routing infrastructure
directly in the future?
Yet the question becomes the reasoning
From: Eric Germann
Not to sound to pro-MS, but if they are going to sue, they should be able
to
sue ALL software makers. And what does that do to open source? Apache,
MySQL, OpenSSH, etc have all had their problems. Should we sue the nail
gun
vendor because some moron shoots himself in
At 11:13 AM 1/28/03 -0200, Rubens Kuhl Jr. et al postulated:
| Are there practical answers that actually work in the real world with
| real users and real business needs?
Yes, the simple ones that are known for decades:
- Minimum-privilege networks (access is blocked by default, permitted to
From: [EMAIL PROTECTED]
snip
On the other hand, we also know (from private communications and from
other mailing lists.. ahem) that high rate and high src/dst diversity
of scans causes some network devices to fail (devices that cache flows, or
devices that suffer from cpu overload under such
Would it be that hard to have windows update check to see the version of SQL
server? Its sad but I know a lot of MS admins only use windows update to
check for updates because awhile ago Microsoft pushed it as the premier
method of which to update your systems.
Im just saying if they included
At 09:47 AM 28-01-03 -0600, Jack Bates wrote:
From: [EMAIL PROTECTED]
snip
On the other hand, we also know (from private communications and from
other mailing lists.. ahem) that high rate and high src/dst diversity
of scans causes some network devices to fail (devices that cache flows, or
In a message written on Tue, Jan 28, 2003 at 10:23:09AM -0500, Eric Germann wrote:
Not to sound to pro-MS, but if they are going to sue, they should be able to
sue ALL software makers. And what does that do to open source? Apache,
MySQL, OpenSSH, etc have all had their problems. Should we
[EMAIL PROTECTED] wrote:
It could be that BoA's network wasn't flooded / servers infected, but that
the ATM's do not dial BoA directly, and dial somewhere else (ie, maybe some
kind of ATM Dial Provider, nationwide wholesale, etc), and then tunnel back
to BoA to get the data. Could be
On Tue, Jan 28, 2003 at 03:34:15PM +, [EMAIL PROTECTED] wrote:
Some BGP-speaking routers (not all, by any means, but some subpopulation)
found themselves pegged at 100% CPU on Saturday. Just one example:
http://noc.ilan.net.il/stats/ILAN-CPU/new-gp-cpu.html
I wonder how
On Tue, 28 Jan 2003 10:42:05 - Alex Bligh wrote:
Sean,
--On 28 January 2003 03:10 -0500 Sean Donelan [EMAIL PROTECTED] wrote:
Are there practical answers that actually work in the real world with
real users and real business needs?
1. Employ clueful staff
2. Make
The SANS Institute [[EMAIL PROTECTED]] www.sans.org is a well respected
collection of individuals who have provided this 'pool' of knowledge and
regularly disseminate it to inquiring minds.
Ray Burkholder
-Original Message-
From: Andy Putnins [mailto:[EMAIL PROTECTED]]
Sent:
This is not correct. VPN simply extends security policy to a different
location. A VPN user must make sure that local security policy
prevents other traffic from entering VPN connection.
This is nice in theory, but in practice is simply not true. even
assuming that the most restrictive
http://noc.ilan.net.il/stats/ILAN-CPU/new-gp-cpu.html Was it not
known that under certain conditions the router would flatline? What
percautionary measures were put into place in such an event to limit
the damage?
scheduler allocate
-hc
On Tue, 28 Jan 2003 11:52:39 EST, [EMAIL PROTECTED] said:
Welcome to the world of formal security models. If in theory a VPN is
nothing more than a tool of extending the security policy of a site to a
remote location, then it does not matter what kind of things you try to
achieve with it, it
[EMAIL PROTECTED] (Eric Germann) writes:
Not to sound to pro-MS, but if they are going to sue, they should be able
to sue ALL software makers. And what does that do to open source?
Apache, MySQL, OpenSSH, etc have all had their problems. ...
Don't forget BIND, we've had our problems as
good question. anyone know the answer?
JeffH
--- Forwarded Message
Date: Tue, 28 Jan 2003 02:29:17 -0500
Subject: [IP] is it ATM or ATM Internet Attack's Disruptions
More Serious Than Many Thought Possible
From: Dave Farber [EMAIL PROTECTED]
To: ip [EMAIL PROTECTED]
- --
## On 2003-01-28 17:49 - Paul Vixie typed:
PV
PV In any case, all of these makers (including Microsoft) seem to make a very
PV good faith effort to get patches out when vulnerabilities are uncovered. I
PV wish we could have put time bombs in older BINDs to force folks to upgrade,
PV but
What do you think of OpenBSD still installing BIND4 as part of the
default base system and recommended as secure by the OpenBSD FAQ ?
(See Section 6.8.3 in http://www.openbsd.org/faq/faq6.html#DNS )
i think that bind4 was relatively easy for them to do a format string
audit on, and that
This makes it pretty clear
http://biz.yahoo.com/rb/030125/tech_virus_boa_1.html
Reuters
Bank of America ATMs Disrupted by Virus
Saturday January 25, 5:33 pm ET
SEATTLE (Reuters) - Bank of America Corp. (NYSE:BAC - News) said on
Saturday that customers at a majority of its 13,000 automatic
I'm familiar with some enforced financial institution requirements, no
where did I find transaction data of ATMs on a dedicated network to be
_required_. Is this a common industry practice, or a mandatory standard
I have not discovered?
It is a common practice. Since the alarm line is
On Monday, Jan 27, 2003, at 14:04 Asia/Katmandu, Sean Donelan wrote:
Its not just a Microsoft thing. SYSLOG opened the network port by
default, and the user has to remember to disable it for only local
logging.
You're using mixed tense in these sentences, so I can't tell whether
you think
On Tue, 28 Jan 2003, Eric Germann wrote:
Not to sound to pro-MS, but if they are going to sue, they should be able to
sue ALL software makers. And what does that do to open source?
A law can be crafted in such a way so as to create distinction between
selling for profit (and assuming
Joe Abley wrote:
You're using mixed tense in these sentences, so I can't tell whether you
think that syslog's network port is open by default on operating systems
today.
On FreeBSD, NetBSD, OpenBSD and Darwin/Mac OS X (the only xterms I
happen to have open right now) this is not the case,
Sean Donelan wrote:
Many different companies were hit hard by the Slammer worm, some with
better than average reputations for security awareness. They bought
finest firewalls, they had two-factor biometric locks on their data
centers, they installed anti-virus software, they paid for SAS70
On 1/28/03 11:57 AM, Paul Vixie [EMAIL PROTECTED] wrote:
What do you think of OpenBSD still installing BIND4 as part of the
default base system and recommended as secure by the OpenBSD FAQ ?
(See Section 6.8.3 in http://www.openbsd.org/faq/faq6.html#DNS )
i think that bind4 was
Dear NANOGers,
I have a very hands-on question:
Suppose I am a network operator for a decent-sized ISP, and I decide
that I want to divide aggregate traffic flowing through a router
toward some destination, in order to then send some of it through one
route and the remainder through another
From: Stanislav Rost
How would I be able to accomplish this division? What technologies
(even if vendor-specific) would I use?
I can think of some methods like prefix-matching classification and
ECMP, but I am still not sure exactly how the latter works in practice
(at the router level)
On Wednesday, Jan 29, 2003, at 01:25 Asia/Katmandu, Joe Abley wrote:
On FreeBSD, NetBSD, OpenBSD and Darwin/Mac OS X (the only xterms I
happen to have open right now) this is not the case, and has not been
for some time. I presume, perhaps naïvely, that other operating
systems have done
On Tue, Jan 28, 2003 at 03:10:18AM -0500, [EMAIL PROTECTED] said:
[snip]
Many different companies were hit hard by the Slammer worm, some with
better than average reputations for security awareness. They bought
finest firewalls, they had two-factor biometric locks on their data
centers, they
It can be done several ways, but the question is how are you
differentiating?
This is an incomplete list of methods for differentiating, each of
which is supported by one or more vendors or open-source solutions:
- destination address
- specific prefix matching
- prefix length
In message [EMAIL PROTECTED], Barney Wolff writes:
On Wed, Jan 29, 2003 at 03:50:34AM +0545, Joe Abley wrote:
On Wednesday, Jan 29, 2003, at 01:25 Asia/Katmandu, Joe Abley wrote:
On FreeBSD, NetBSD, OpenBSD and Darwin/Mac OS X (the only xterms I
happen to have open right now) this is not
Over the last N years, I've often been the
(Asynchronous Transfer Mode) ATM specialist for the group I'm in,
as well as occasionally doing network designs and proposals for banks.
While some banks use ATM to connect the networks that support their ATMs,
few if any come close to 1000 Asynchronous
On Wednesday, Jan 29, 2003, at 04:56 Asia/Katmandu, Steven M. Bellovin
wrote:
In message [EMAIL PROTECTED], Barney Wolff
writes:
On Wed, Jan 29, 2003 at 03:50:34AM +0545, Joe Abley wrote:
On Wednesday, Jan 29, 2003, at 01:25 Asia/Katmandu, Joe Abley wrote:
On FreeBSD, NetBSD, OpenBSD and
Take a look at a product called Path Control by RouteScience.
http://www.routescience.com/
I have seen their product in action and it is very slick. Does exactly
what you want,
plus a whole lot more and does it transparently (so if it fails you aren't
SOL) via
manipulating BGP tables and
XP has autoupdate notifications that nag you. They could make it automatic,
but then everyone would sue them if it mucked up their system.
And, MS has their HFCHECK program which checks which hotfixes should be
installed. Again, not automatic because they would like the USER to sign
off on
On Tue, Jan 28, 2003 at 07:10:52PM -0500, [EMAIL PROTECTED] said:
[snip]
As has been said, no one writes perfect software. And again, sometime, the
user has to share some responsibility. Maybe if the users get burned
enough, the problem will get solved. Either they will get fired, the
On Tue, Jan 28, 2003 at 11:22:13AM -0500, [EMAIL PROTECTED] said:
[snip]
That is, I think there is a big difference between a company the
size of Microsoft saying we've known about this problem for 6
months but didn't consider it serious so we didn't do anything
about it, and an open source
On Tue, Jan 28, 2003 at 08:53:59PM +0200, [EMAIL PROTECTED] said:
[snip]
Hi Paul,
What do you think of OpenBSD still installing BIND4 as part of the
default base system and recommended as secure by the OpenBSD FAQ ?
(See Section 6.8.3 in http://www.openbsd.org/faq/faq6.html#DNS )
OpenBSD
FWIW:
http://www.washingtonpost.com/wp-dyn/articles/A57550-2003Jan28.html
About 13,000 Bank of America cash machines had to be shut down. The
bank's ATMs sent encrypted information through the Internet, and when
the data slowed to a crawl, it stymied transactions, according to a
source, who
Somewhere in the equation, the sysadmin/enduser, whether Unix
or Windows, has to take some responsibility.
Hence I loved this:
http://www.nytimes.com/2003/01/28/technology/28SOFT.html
Worm Hits Microsoft, Which Ignored Own Advice
By JOHN SCHWARTZ
Among the
On Tue, 28 Jan 2003, Andy Putnins wrote:
This is therefore a request for all of those who possess this clue to
write down their wisdom and share it with the rest of us
I can't tell you what clue is, but I know when I don't see it. In some
cases our clients have had Code Red, Nimda, and
In message [EMAIL PROTECTED], Leo Bicknell writes:
FWIW:
http://www.washingtonpost.com/wp-dyn/articles/A57550-2003Jan28.html
About 13,000 Bank of America cash machines had to be shut down. The
bank's ATMs sent encrypted information through the Internet, and when
the data slowed to a crawl,
On Tue, Jan 28, 2003 at 08:14:17PM +0100, [EMAIL PROTECTED] said:
[snip]
restrictive measures that operate with sufficient granularity. In Unix,
traditionally this is done per-user. Regular users can do a few things,
but the super-user can do everything. If a user must do something that
On Tue, Jan 28, 2003 at 09:00:48PM -0500, [EMAIL PROTECTED] said:
In message [EMAIL PROTECTED], Scott Francis writes:
There's a difference between having the occasional bug in one's software
(Apache, OpenSSH) and having a track record of remotely exploitable
vulnerabilities in virtually
On Tue, 28 Jan 2003, Steven M. Bellovin wrote:
:They do have a lousy track record. I'm convinced, though, that
:they're sincere about wanting to improve, and they're really trying
:very hard. In fact, I hope that some other vendors follow their
:lead. My big worry isn't the micro-issues like
On Tue, 28 Jan 2003 19:10:52 EST, Eric Germann [EMAIL PROTECTED] said:
Sort of like the person who sued McD's when they dumped their own coffee in
their lap because it was too hot. Somewhere in the equation, the
sysadmin/enduser, whether Unix or Windows, has to take some responsibility.
Bad
According to Matrix Systems (http://average.miq.net/Weekly/markR.html)
there have been two additional dropouts of global Web reachability on
January 26 and January 28. These dropouts have been for few hours or so,
but nearly as large as we saw from the SQL worm. However it doesn't seem
to
Stanislav,
It depends what control mechanism you are using:
o routes learned via an IGP - ECMP would work and if it's a single
destination host, per-packet loadbalancing between the outgoing
links is your only practical choice; rest of ECMP schemes work
by
58 matches
Mail list logo