You don't know quite how rife that rumour is over here at the moment.
Peter,
How so unlike you to take an anti-establishment view!
Neil
I had a passing thought over the weekend regarding Thursday's cisco
vulnerability and the recent Microsoft holes.
The next worm taking advantage of the latest Windows' vulnerabilities is
more or less inevitable. Someone somewhere has to be writing it. So why
not include the cisco exploit in
* [EMAIL PROTECTED] (Adam Maloney) [Tue 22 Jul 2003, 15:33 CEST]:
The next worm taking advantage of the latest Windows' vulnerabilities
is more or less inevitable. Someone somewhere has to be writing it.
So why not include the cisco exploit in the worm payload?
Why would a worm disable a
Hi Adam,
I thought the same, and the solution is to apply the filters to all interfaces
not just the borders.
One thing about the worm idea is that if it hits routers it should burn itself
out fairly quickly as it cuts off its own access.
Another thing is it is necessary to send out probes
On Tue, 22 Jul 2003 15:40:02 +0200, Niels Bakker [EMAIL PROTECTED] said:
* [EMAIL PROTECTED] (Adam Maloney) [Tue 22 Jul 2003, 15:33 CEST]:
The next worm taking advantage of the latest Windows' vulnerabilities
is more or less inevitable. Someone somewhere has to be writing it.
So why not
EXACTLY!!
Company A fired the wrong person. DDoS internally.
Company B has a Business partner that has VPN access,
that get's infected.
Company C has a home user that uses VPN on a cable modem.
he gets infected
Virus writers will see this and use it...
What better DDoS method is
Hi,
I've recently been delegated a domain of a dead ISP which hasn't existed
in *any* form for about 5+ years. As a test, we setup an MX for it to see
what kind of mail it would get since we noted a lot of DNS lookups for it.
After going through a few hundred emails it started to look like
I've seen people put spamtraps on web pages and at the bottom of emails to
use as blacklist fodder but not a whole domain.
...
Is this done? Advisable? Experiences?
cix.net, which has been dead for a few years, gets about 50 messages a day
on its MX. the majority is spam, but there's always
That is a bit paranoid, but it could happen. I have not seen anybody do
anything that intelligent in the past couple of years. Not to say that there
arent people out there that couldn't do that but I think many have thought of
using one exploit to expose another, DDoS is the closest I have
On Tue, 22 Jul 2003 10:08:42 EDT, you said:
I see this as a make or break If someone does not upgrade,
well think of this as a roll-coaster.
Remember the sign? This ride is not advised for
people with bad backs, pregnant ladies..
Someplace I have a sign:
Your clue must be at
On Tue, 22 Jul 2003 14:58:22 -, [EMAIL PROTECTED] said:
That is a bit paranoid, but it could happen. I have not seen anybody do
anything that intelligent in the past couple of years. Not to say that there
arent people out there that couldn't do that but I think many have thought of
using
I was thinking about this the other day. The most efficient way to make
this work would be to spread using some vulnerability (like the Microsoft
DCOM vulnerability released last week), and then at a predetermined time,
start DoS'ing routers in the IP space of major providers, and then work your
Paul Vixie wrote:
therefore before you use whole-domain spamtrapping, i recommend looking VERY
carefully at the flows so that you can be sure that i isn't adjacent to
o on the qwerty keyboard, or some other such problem.
Agreed. But I'll mention a situation where it's very valuable and show
Austad, Jay wrote:
I was thinking about this the other day. The most efficient way to make
this work would be to spread using some vulnerability (like the Microsoft
DCOM vulnerability released last week), and then at a predetermined time,
start DoS'ing routers in the IP space of major providers,
Neil J. McRae wrote:
How so unlike you to take an anti-establishment view!
Not anti-establishment. I am far from an anarchist. I am anti-idiot.
Peter
Anti-idiot is not political. It's religion. At least for me it is.
Bob German
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Peter Galbavy
Sent: Tuesday, July 22, 2003 12:34 PM
To: Neil J. McRae
Cc: Richard Irving; [EMAIL PROTECTED]
Subject: Re:
On Tue, 2003-07-22 at 09:54, [EMAIL PROTECTED] wrote:
I'm going to go out on a limb and say that at least 30% of Ciscos are installed
in places that would, if hit with this, have NO CLUE why their router needs to be
power cycled every 30 mins.
Not only the clueless, but how about those of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 22 Jul 2003, Jason Frisvold wrote:
Not only the clueless, but how about those of us who deploy older
routers sometime in the future with legitimate uses? What happens when
we forget that this bug exists? Now we have to go through the
In our case we use some older routers as managment devices... Not
critical to the core unless there is some larger outage... Those
devices are old enough that they can't handle a newer rev of code...
ACL's are the only answer there..
Luckily they have very little traffic even under heavy use,
Does anyone really use the RADb ? Worth the $250 per year?
Just wondering if it worth renewing..
Im interested in an informal poll of consumer ISPs
regarding application rate-limiting. For all you folks out there managing
broadband networks to residential end-users:
Are you controlling peer-to-peer traffic in some way (i.e. rate-limiting,
blocking, etc)?
Do you have plans to
* [EMAIL PROTECTED] (Owings, Curtis L [GMG]) [Tue 22 Jul 2003, 20:10 CEST]:
I'm interested in an informal poll of consumer ISP's regarding
application rate-limiting. For all you folks out there managing
broadband networks to residential end-users:
We're asking everybody to turn off HTML when
Date: Tue, 22 Jul 2003 14:25:18 -0400 (EDT)
From: mike harrison [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
Does anyone really use the RADb ? Worth the $250 per year?
Just wondering if it worth renewing..
Registry is worth it, but you might want to think about a free DB (if
you
On Tue, 22 Jul 2003, Niels Bakker wrote:
* [EMAIL PROTECTED] (Owings, Curtis L [GMG]) [Tue 22 Jul 2003, 20:10 CEST]:
I'm interested in an informal poll of consumer ISP's regarding
application rate-limiting. For all you folks out there managing
broadband networks to residential end-users:
On Tue, 22 Jul 2003 20:13:35 +0200, Niels Bakker wrote:
We're asking everybody to turn off HTML when they post to mailing lists.
Here's some boilerplate I wrote for this purpose:
http://www.camblab.com/nugget/turnoff.txt
One other option that is worth mentioning.. If you are an Arin member
(i.e. you have an ASN) then you can use Arin's Route registry services.
These services are currently free to members.
-Ejay
-Original Message-
From: Kevin Oberman [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22,
On Tue, 22 Jul 2003, Ejay Hire wrote:
One other option that is worth mentioning.. If you are an Arin member
(i.e. you have an ASN) then you can use Arin's Route registry services.
These services are currently free to members.
Thank You! a common sense answer I had not had hit me over the
Repost in plain text... just a little too clicky on the send button
folks.
I'm interested in an informal poll of consumer ISP's regarding
application rate-limiting. For all you folks out there managing
broadband networks to residential end-users:
Are you controlling peer-to-peer traffic in
On 2003-07-22-15:01:06, Ejay Hire [EMAIL PROTECTED] wrote:
One other option that is worth mentioning.. If you are an Arin
member (i.e. you have an ASN) then you can use Arin's Route registry
services. These services are currently free to members.
Also worthy of mention is Steve Rubin's most
On Tue, 22 Jul 2003, mike harrison wrote:
On Tue, 22 Jul 2003, Ejay Hire wrote:
One other option that is worth mentioning.. If you are an Arin member
(i.e. you have an ASN) then you can use Arin's Route registry services.
These services are currently free to members.
Thank You! a
I was thinking about this the other day. The most efficient way to make
this work would be to spread using some vulnerability (like the Microsoft
DCOM vulnerability released last week), and then at a predetermined time,
start DoS'ing routers in the IP space of major providers, and then work
It could poll different looking glasses...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2003 4:01 PM
To: Austad, Jay
Cc: [EMAIL PROTECTED]
Subject: RE: Cisco vulnerability and dangerous filtering techniques
I was thinking
Just a handful of traceroutes would give it enough information to start
at a major backbone and work back towards itself.
-SW
It could poll different looking glasses...
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Tuesday, July 22, 2003 4:01 PM
Pray tell, the virus will also get BGP feeds to determine
where the edges
are?
It could poll different looking glasses...
And I could be the Pope...
How many thousands of polls do you think a looking glass can handle
simultaneously? I am all for the doomsday scenarios, but lets make
Just a handful of traceroutes would give it enough information to start
at a major backbone and work back towards itself.
I guess all folks with Ph.D. at Akamai really are paid for nothing if a
virus could calculate that with a few traceroutes.
Alex
On Tue, 22 Jul 2003 17:50:17 EDT, [EMAIL PROTECTED] said:
How many thousands of polls do you think a looking glass can handle
simultaneously? I am all for the doomsday scenarios, but lets make them a
little bit less sci-fi, shall we? How about it would create valid looking
OSPF packets with
On Tue, 22 Jul 2003 17:51:20 EDT, [EMAIL PROTECTED] said:
I guess all folks with Ph.D. at Akamai really are paid for nothing if a
virus could calculate that with a few traceroutes.
It's actually pretty easy if you get 20K distributed zombies doing the traceroutes
and then distributing the data
How many thousands of polls do you think a looking glass can handle
simultaneously? I am all for the doomsday scenarios, but lets
make them a
little bit less sci-fi, shall we? How about it would create
valid looking
OSPF packets with garbage in them? or create valid looking
STP packets
Are you controlling peer-to-peer traffic in some way (i.e.
rate-limiting, blocking, etc)?
no
Do you have plans to control peer-to-peer traffic?
no
Are you imposing other total traffic download/upload limits?
no
Additional comment: we market based on no limits and so far have
met our
Are you controlling peer-to-peer traffic in some way (i.e.
rate-limiting, blocking, etc)?
no
Do you have plans to control peer-to-peer traffic?
On Wed, 23 Jul 2003 02:12:53 BST, Stephen J. Wilcox [EMAIL PROTECTED] said:
A bit harsh bearing in mind this address is your legitimate reply address from
the email.. !
On the other hand, it *would* explain any e-mail based reachability issues... ;)
pgp0.pgp
Description: PGP signature
Looks fine to me. Where is / was it croaking for you ?
granite# telnet www.allstream.com 80
Trying 207.245.244.30...
Connected to www.allstream.com.
Escape character is '^]'.
HEAD sdfsdfsdf
!DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN
HTMLHEAD
TITLE400 Bad Request/TITLE
/HEADBODY
H1Bad
Since some p2p programs now use well known port numbers allocated to other
things eg port 80, is it even possible to block/rate limit them? And have folks
attempts at blocking caused this move to use such port numbers which imho is not
a good thing..
Steve
On Tue, 22 Jul 2003, Fletcher E
A bit harsh bearing in mind this address is your legitimate reply address from
the email.. !
On Tue, 22 Jul 2003, John Palmer (NANOG Acct) wrote:
Hi. This is the TMDA program at adns.net.
I'm afraid I wasn't able to deliver your message to the following addresses.
This is a permanent
Cannot get to sites on ATT Canada - Any news regarding the problem cause?
On Tue, Jul 22, 2003 at 05:53:45PM -0400, [EMAIL PROTECTED] wrote:
On Tue, 22 Jul 2003 17:51:20 EDT, [EMAIL PROTECTED] said:
I guess all folks with Ph.D. at Akamai really are paid for nothing if a
virus could calculate that with a few traceroutes.
It's actually pretty easy if you get
46 matches
Mail list logo