Hi,
Now, we face a serious problem in use following five new APNIC Class B
cidr blocks.
1. 221.112.0.0/16
2. 221.114.0.0/14 (actually, we registered 4 class B cidr Blocks to RADB )
I checked "Rob's Bogon list"
(http://www.cymru.com/Documents/bogon-list.html).
This report has been generated at Fri Feb 28 21:46:34 2003 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table
eBGP multihop carries with it the implicit possiblity
of session highjacking - in a normal (Multihop=1)
session, the router would not be able to find a
duplicate neighbor with the specified IP address
directly connected. Obviously, once you're saying
that the neighbor could be anywhere in
I haven not checked NJABL but some of the other other open relay testers use
scenarios that are illegal (actually criminal) in California.
Roy
[EMAIL PROTECTED] wrote:
We (Atlantic.Net) have gotten a flurry of abuse complaints from people
who's systems have been scanned by 209.208.0.15
For the past 15 months, NJABL has reactively tested systems that have
connected to participating SMTP servers to see if those systems are open
relays. ...
We do not consider what NJABL does abuse, ...
Jon,
If they are indeed only testing systems who connect to them, it's not
abuse,
At 12:56 PM 2/28/2003, Paul Vixie wrote:
For the past 15 months, NJABL has reactively tested systems that have
connected to participating SMTP servers to see if those systems are open
relays. ...
We do not consider what NJABL does abuse, ...
Jon,
If they are indeed only testing systems
Yo Paul!
On Fri, 28 Feb 2003, Paul Vixie wrote:
However, they scanned every address in every netblock I own, looking
for SMTP servers. That was abuse, that was illegal in California,
Could you please provide a citation from the CA law for this? Better
yet, do you have any case law?
RGDS
On Fri, 28 Feb 2003, Gary E. Miller wrote:
On Fri, 28 Feb 2003, Paul Vixie wrote:
However, they scanned every address in every netblock I own, looking
for SMTP servers. That was abuse, that was illegal in California,
Could you please provide a citation from the CA law for this?
On Fri, 28 Feb 2003, Andy Dills wrote:
Why is probing networks wrong?
Probe .mil and .gov networks and find out.
-Dan
--
[-] Omae no subete no kichi wa ore no mono da. [-]
Why is probing networks wrong?
I would agree exploiting vulnerabilities discovered from probing networks
is wrong. But I don't agree that probing is inherently wrong.
People probe networks for great reasons. Likewise, people have the ability
to prevent other people from probing their
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
Why is probing networks wrong?
Depends on why you're doing the probing.
If you're randomly walk up to my house and check to see if the door is
unlocked, you better be ready for a reaction. Same thing
On Fri, Feb 28, 2003 at 03:11:00PM -0600, Jack Bates quacked:
Should we outlaw a potentially beneficial practice due to its abuse by
criminals?
Okay. What happens if you make a mistake and overload one of my devices
costing my company money. I guarantee you, the law will look favorably
ILIGAN, Mindanao - Muslim separatist rebels blacked out the southern third
of the Philippines in overnight sabotage attacks, leaving about 18 million
people in the dark for hours, officials said Thursday.
Electricity supply was restored to most of Mindanao island by Thursday as
the government
On 2/27/2003 at 9:58 PM, [EMAIL PROTECTED] wrote:
...
NetRange: 69.6.0.0 - 69.6.63.255
CIDR: 69.6.0.0/18
NetName:WHOLE-2
NetHandle: NET-69-6-0-0-1
Parent: NET-69-0-0-0-0
NetType:Direct Allocation
NameServer: NS1.WHOLESALEBANDWIDTH.COM
NameServer:
On Fri, Feb 28, 2003 at 04:33:48PM -0500, Sean Donelan wrote:
Moro Islamic Liberation Front (MILF) guerrillas blew up at least five
steel transmission towers before midnight using improvised explosives from
mortar shells on Wednesday, knocking out from the grid the key Agus
hydro-electric
On Fri, 28 Feb 2003, Charlie Clemmer wrote:
At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
Why is probing networks wrong?
Depends on why you're doing the probing.
If so, why outlaw the act of probing? Why not outlaw probing for the
purposes of...?
If you're randomly walk up to my house
http://news.com.com/2100-1009-990608.html?tag=fd_lede1_hed
Seems the BGP will be the down fall of the internet, the sky is falling the
sky is falling
There is NO legal advice in this post.
Jack Bates wrote:(SNIPO)
Should we outlaw a potentially beneficial practice due to its abuse by
criminals?
Okay. What happens if you make a mistake and overload one of my devices
costing my company money.
That is usually a civil issue, not
Jim Deleskie wrote:
http://news.com.com/2100-1009-990608.html?tag=fd_lede1_hed
Seems the BGP will be the down fall of the internet, the sky is falling the
sky is falling
What a crock of crap. Knowing who someone is doesn't stop them from causing
intentional or unintentional problems. In
In this case, your door being unlocked cannot cause me harm. However, an
unlocked proxy can. Legit probes are an attempt to mitigate network
abuse, not increase it. If there was a sanctioned body who was trusted to
scan for such things, maybe this wouldn't be an issue. But there's not, so
Bruce,
I agree, while we all need to 'do the right thing' and only announce what
we are suppose to, we also need to maintain the right level being paranoid
to protect the networks we are responsible for.
-Jim
-Original Message-
From: Bruce Pinsky [mailto:[EMAIL PROTECTED]
Sent:
On Fri, 28 Feb 2003, Sean Donelan wrote:
:ILIGAN, Mindanao - Muslim separatist rebels blacked out the southern third
:of the Philippines in overnight sabotage attacks, leaving about 18 million
:people in the dark for hours, officials said Thursday.
So we have a bit of time to figure out how to
Jim Deleskie wrote:
Bruce,
I agree, while we all need to 'do the right thing' and only announce what
we are suppose to, we also need to maintain the right level being paranoid
to protect the networks we are responsible for.
Right. And so while authentication and encryption of routing protocol
Len Rose wrote:
Scanning is always a precursor to an attack, or to determine if any obvious
methodology can be used to attack. At least that's how it has been
historically viewed.
See my other post. MAPS assists users in closing their innocent
relay capable systems. And, FWIW, pro-active
Hi..
That's the problem, Sir! Many (I daresay the majority) of people take
my hardnosed position. I know that there are people and services with
good intentions, but I respectfully suggest that those good intentions
shall not pass my borders.
If an anti-spam mail relay testing service
Richard Irving wrote
Jack Bates wrote:(SNIPO)
Should we outlaw a potentially beneficial practice due to its abuse by
criminals?
Okay. What happens if you make a mistake and overload one of my devices
costing my company money.
That is usually a civil issue, not criminal.
Legal
i realize now that i may have misread my IDS reports from the scanning
i received from jon's blackhole list a few months ago, and that i have
no basis for my claim that he scanned every address i own. --paul
Unless you're main work computer (or personal) is a laptop or you have a
PocketPC device (with charged batteries.) Both in my case. Nope, I'm not
paranoid, just prepared. We've had two speeders take out power in our
grid in the last two years. Critical stuff is on UPS/Genset but not
everything.
On Fri, 28 Feb 2003, Bruce Pinsky wrote:
:What a crock of crap. Knowing who someone is doesn't stop them from causing
:intentional or unintentional problems. In fact, authentication is more likely
:to cause people to become complacent wrt their filtering policies. Hey I've
:authenticated
Joe St Sauver wrote:
There is NO legal advice in this post. Really!
In Oregon, see ORS 164.377(4):
Any person who knowingly and without authorization uses, accesses or
attempts to access any computer, computer system, computer network, or any
computer software, program, documentation or
Why is probing networks wrong?
i guess it's a last ditch scaling thing. i won't complain to an isp when
their customer probes my host as a result of me sending them e-mail -- but
i will drop in a local blackhole route so that i won't get any more traffic
from or to the prober's network. (if
E.B. Dreger wrote:
Actually, when one leaves honeypots and/or tarpits, getting
probed can be rather fun...
Second this !
:D
Did you ever hear of the guy who wrote a C based 'bot trap
and brought down both a big name search engine mining bot,
and a providers (major) Unix server ?
On Fri, 28 Feb 2003, Jim Deleskie wrote:
http://news.com.com/2100-1009-990608.html?tag=fd_lede1_hed
Seems the BGP will be the down fall of the internet, the sky is falling the
sky is falling
Other than pending patents and a cool name Secure BGP, you still have
the fundamental problem.
Secure Garbage(tm).
Definitely a great name for a rock band.
--
Bruce Robertson, President/CEO +1-775-348-7299
Great Basin Internet Services, Inc. fax: +1-775-348-9412
http://www.greatbasin.net
Scanning is always a precursor to an attack
this is clearly not true, as scans are done for research and
other goals.
and conversely, all attacks are not preceded by scanning.
randy
What a crock of crap. Knowing who someone is doesn't stop them
from causing intentional or unintentional problems. In fact,
authentication is more likely to cause people to become
complacent wrt their filtering policies. Hey I've authenticated
that router so it's going to only send me
http://news.com.com/2100-1009-990608.html?tag=fd_lede1_hed
actually, the article is not all that far off reality as i see it.
the exception being that the ietf has NOT been diligently pursuing
sBGP but rather a lot of the effort is going into a 3/4 hack being
pushed by vendor laziness.
randy
In message [EMAIL PROTECTED], Bruce Pinsky writes:
Jim Deleskie wrote:
http://news.com.com/2100-1009-990608.html?tag=fd_lede1_hed
Seems the BGP will be the down fall of the internet, the sky is falling the
sky is falling
What a crock of crap. Knowing who someone is doesn't stop them
Hi,
Why is it clearly untrue? Remember when researchers used
to send announcements out beforehand? I do.
Well, you're taking me too literally of course!
Len
On Fri, Feb 28, 2003 at 04:00:25PM -0800, Randy Bush wrote:
Scanning is always a precursor to an attack
this is clearly not true,
On Fri, 28 Feb 2003, Randy Bush wrote:
:actually, the article is not all that far off reality as i see it.
:the exception being that the ietf has NOT been diligently pursuing
:sBGP but rather a lot of the effort is going into a 3/4 hack being
:pushed by vendor laziness.
The comments in the
It isn't the probing that is illegal in California, its the unauthorized use of a
domain name especially in the from address.
http://law.spamcon.org/us-laws/states/ca/pc_502.shtml
9.Knowingly and without permission uses the Internet domain name
of another individual, corporation, or entity in
I think the only problem with the comments is that they
over-estimate the benefit of that level of security relative
to the overhead it requires.
crypto hardware has become cheap.
randy
On Fri, 28 Feb 2003, Steven M. Bellovin wrote:
:But -- given things like the AS7007 incident, and given the possibility
:-- probability? -- that it can happen again, can we afford to not do
:sBGP? My own opinion is that sophisticated routing attacks are the
:single biggest threat to the
On Fri, 28 Feb 2003, Randy Bush wrote:
: I think the only problem with the comments is that they
: over-estimate the benefit of that level of security relative
: to the overhead it requires.
:
:crypto hardware has become cheap.
Cheap to buy, but the time for processing each certificate will
Cheap to buy, but the time for processing each certificate will
increase with the size of the routing table, and we just end up
replicating the problem of recalculating large routing tables,
but now with certification, no?
no. you *really* may want to read up on sbgp before attempting
to
The problem that sBGP is trying to solve is *authorization*, not
identification. Briefly -- and please read the papers and the specs
before flaming -- every originating AS would have a certificate chain
rooted at their local RIR stating that they own a certain address
block. If an ISP
In message [EMAIL PROTECTED], Barry Raveendran Greene
writes:
The problem that sBGP is trying to solve is *authorization*, not
identification. Briefly -- and please read the papers and the specs
before flaming -- every originating AS would have a certificate chain
rooted at their local
Hi, NANOGers.
] However, given the recent academic popularity of attacks against routers,
Indeed! Compromised routers (generally Cisco) are routinely traded in
the underground. However, these routers are usually compromised by
taking advantage of weak passwords, e.g. cisco for access and
Hi, NANOGers.
] and conversely, all attacks are not preceded by scanning.
Very true. Most of the attack activity I monitor does not include
scanning activity or any other reconnaissance. However, those who
attack often enjoy monitoring their progress. This can be an
interesting (albeit
Indeed! Compromised routers (generally Cisco) are routinely traded in
the underground. However, these routers are usually compromised by
taking advantage of weak passwords, e.g. cisco for access and enable. :(
RCS of your router config is your friend.
mailing of the diff between
Hi, Alex.
] RCS of your router config is your friend.
Yep, agreed. Sanity checking router configurations is a very wise move.
Just so everyone knows, the miscreants generally disable all logging
capability and enact ACLs to block all ICMP, UDP, and selectively permit
telnet from their hacked
Hi, Dean.
] Assuming the router is compromised, so is the MD5 key. And presumably,
] the acls and anything else can be changed as well.
Agreed. My point was to take a few steps to avoid the compromise. :)
It isn't difficult to make things just a *bit* more difficult, and thus
avoid the pain
In article [EMAIL PROTECTED] Barry wrote:
: Now - show me an operational environment on the Internet were this authorization
: chain is _working_ today. RIRs and RADB do not count. As you mention before,
: those databases and keeping them up to date are a pulling teeth exercise.
Well, while I
On Fri, 28 Feb 2003, Roy wrote:
I haven not checked NJABL but some of the other other open relay testers use
scenarios that are illegal (actually criminal) in California.
If you mean the use of incorrect from addresses, I believe that law only
applies if the message(s) sent with someone
On Fri, 28 Feb 2003, Andy Dills wrote:
Actually, I think the debate starts with Paul telling Jon that Jon isn't
passively scanning connection hosts, he's actively trawling for open
proxies, that Paul has the logs to prove it, and that since Paul is in
California, Jon has broken the law.
He
Thank you very much, but no.
DNS (and DNSSEC) relies on working IP transport for its operation.
Now you effectively propose to make routing (and so operation of IP
transport) dependent on DNS(SEC).
Am I the only one who sees the problem?
--vadim
PS. The only sane method for routing info
56 matches
Mail list logo