On Thursday, March 11, 2004 2:43 AM [EST], Jay Hennigan [EMAIL PROTECTED] wrote:
On the other hand, they could become immensely popular, reaching the
critical mass when one of them detects what is interpreted as an attack
from a network protected by another. Grab the popcorn and watch as
for irc channel == group of nonrelated self-serving script kiddies?
He was banned from #nanog, not #trelane
who gives a rat's a**? please take all this back to alt.chat.jr.high.
randy
On Thursday, March 11, 2004 3:05 AM [EST], Brian Bruns [EMAIL PROTECTED]
wrote:
Sounds like efnet channel wars on a much more interesting scale.
Like I've said in previous posts - do we really want these people having
tools like this? Doesn't this make them the equivelant of 'script
My mom likes the idea, she thinks it'll help her get her hotmail faster.
(shrugs)
Brian Bruns wrote:
On Thursday, March 11, 2004 3:05 AM [EST], Brian Bruns [EMAIL PROTECTED]
wrote:
Sounds like efnet channel wars on a much more interesting scale.
Like I've said in previous posts - do we
The first allocation out of 84/8 has happened. It is *now* high time to
check whether you see the pilot prefixes 84.192/16 and 84.255.248/21.
If you do not see both of these prefixes it is extremely likely that you
will have a connectivity problem very shortly. We also suggest that you
check
http://www.symbiot.com/media/iwROE.pdf
The Symbiot whitepaper on their service describes a process with a
little more imagination and use than simply flooding attacking nodes
with packets. It describes a process which appears to require human
intervention through an Operations Center to aid in
On Thu, 11 Mar 2004, Baldwin, James wrote:
I applaud the idea of a outsourced department that will manage the
denial of service, and hordes of script kiddie (nod to Ranum) problems
that plague modern networks. Anything that keeps me from being
distracted from more interesting lines of
The Symbiot whitepaper on their service describes a process with a
little more imagination
Like hooking it up to DARPA Grand Challenge winners?
http://abcnews.go.com/sections/SciTech/WorldNewsTonight/robot_race_darpa_040310-1.html
I applaud the idea of a outsourced department that will
At 09:43 AM 11-03-04 +, Brandon Butterworth wrote:
The Symbiot whitepaper on their service describes a process with a
little more imagination
Like hooking it up to DARPA Grand Challenge winners?
http://abcnews.go.com/sections/SciTech/WorldNewsTonight/robot_race_darpa_040310-1.html
They
I wonder, are they planning to launch these DDoS attacks from
compromised hosts belonging to unwitting accomplices like the
bad guys do?
Could they be the people behind NetSky? We know now that Bagle
and MyDoom come from spammer gangs but I haven't heard if anyone
has identified a motive behind
Hi,
We recently installed 10GE interface on GSR boxes (Engine4+).
I are experiencing a SNMP counter issue with 802.1q VLAN.
We were used to have counters by 802.1q VLAN on GSR on 1GE, but it looks
to be broken for 10GE subinterfaces.
Counters are available by SNMP, but are buggy on Inbound.
At 02:25 AM 3/11/2004, Gregory Taylor wrote:
After reading that article, if this product really is capable of 'counter
striking DDoS attacks', my assumption is that it will fire packets back at
the nodes attacking it. Doing such an attack would not be neither
feasible or legal. You would
On Thu, 11 Mar 2004, Petri Helenius wrote:
Gregory Taylor wrote:
Oh yes, lets not forget the fact that if enough sites have this
'firewall' and one of them gets attacked by other sites using this
firewall it'll create a nuclear fission sized chain reaction of
looping Denial of
On Thu, 11 Mar 2004 03:21:29 EST, Brian Bruns [EMAIL PROTECTED] said:
So, and who thinks that this is a good idea? :)
What's the going rate per megabyte for transit traffic? :)
pgp0.pgp
Description: PGP signature
Pendergrass, Greg wrote:
I can see now that it's only a matter of time before some nut writes The
Art of War in the Internet. I read the whitepaper, it goes on a lot about
how defensive policies are ineffective but doesn't really say why active
response has never been tried:
Ask, and ye
I can see now that it's only a matter of time before some nut writes The
Art of War in the Internet. I read the whitepaper, it goes on a lot about
how defensive policies are ineffective but doesn't really say why active
response has never been tried:
A. Most of the time dDOS traffic is from
On 10.03 20:55, Steven M. Bellovin wrote:
The phrase seriously bad idea comes to mind. Other phrases include
illegal, collateral damage, and stupid.
Those plus escalation of agression and uncontrollable feedback loop.
Daniel Karrenberg
PS: I will spare you the re-run of a recent
On another list we've been having multihoming discussions again and I
wanted to get some fresh opinions from you.
For the past few years it has been fairly common for non-ISPs to
multihome to different providers for additional redundancy in case a
single provider has problems. I know this is
On Thu, Mar 11, 2004 at 09:04:57AM -0700, John Neiberger wrote:
For the past few years it has been fairly common for non-ISPs to
multihome to different providers for additional redundancy in case a
single provider has problems. I know this is frowned upon now,
especially since it helped
On Thu, 11 Mar 2004, John Neiberger wrote:
On another list we've been having multihoming discussions again and I
wanted to get some fresh opinions from you.
For the past few years it has been fairly common for non-ISPs to
multihome to different providers for additional redundancy in case a
On 11.03.2004 17:04 John Neiberger wrote:
What is the prevailing wisdom now? At what point do you feel that it is
justified for a non-ISP to multihome to multiple providers?
IMHO you do not need a justification. If you think multiple links to the
same provider don't buy you what you need (e.g.
John Neiberger wrote:
I see a few upsides to this, but are there any real downsides?
Connecting to single AS makes you physically resilient but logically
dependent on single entity, be that a provisioning system, routing
protocol instance, etc. Depending on your requirements, the option of
Daniel Roesen [EMAIL PROTECTED] 3/11/04 9:13:04 AM
On Thu, Mar 11, 2004 at 09:04:57AM -0700, John Neiberger wrote:
For the past few years it has been fairly common for non-ISPs to
multihome to different providers for additional redundancy in case
a
single provider has problems. I know this
By The Art of War on the Internet I didn't mean information warfare,
that's been with us as long as there's been information and the internet is
certainly going to be a major part of that. What I am against is anyone
trying to popularize the idea of the internet as a battleground where one
uses
At what point do you feel that it is
: justified for a non-ISP to multihome to multiple providers?
If the business model allows for the downtime caused by putting all your
internet connectivity in one bucket.
james
Thanks to everyone who has responded so far. I'm glad that I got some
opinions here before I proceeded. I also participate in another list
that has some fairly experienced people on it. They prevailing opinion
there was that multihoming to multiple providers was overrated and
largely unnecessary,
Look at it this way:
If Multi-homing to ensure maximum reliabilty was not a good thing:
why would XYZ isp do it?
Take this example:
Remember last year (or year before?) when MCI had the routing issue
on the east coast? I had a friend that had 2 T-1's to MCI, he lost all reachability
for over 5
On Thu, 11 Mar 2004, Gregory Taylor wrote:
Mutli-homing a non-ISP network or system on multiple carriers is a good
way to maintain independent links to the internet by means of different
peering, uplinks, over-all routing and reliability. My network on NAIS
is currently multi-homed
PH Date: Thu, 11 Mar 2004 18:21:03 +0200
PH From: Petri Helenius
PH Depending on your requirements, the option of having somebody
PH redistribute all their BGP routes into ISIS or OSPF might not
PH worth looking forward to.
Couldn't quite parse this, but it sounds scary.
Eddy
--
EverQuick
JN Date: Thu, 11 Mar 2004 10:10:17 -0700
JN From: John Neiberger
JN My current opinion is that since we can't accept much
JN downtime in the case of a single provider failure, it's
JN probably not wise to put all of our eggs in Sprint's basket
JN even if all circuits are geographically diverse.
JN My current opinion is that since we can't accept much
JN downtime in the case of a single provider failure, it's
JN probably not wise to put all of our eggs in Sprint's basket
JN even if all circuits are geographically diverse.
Use multiple border routers. Keep your IGP lean and nimble.
There is another thing - if you are multi-homed, and want to switch
providers, it is pretty seamless and painless - no renumbering, no
loss of connection, etc., as you always have a redundant path.
On Thursday, March 11, 2004, at 12:34 PM, Pekka Savola wrote:
On Thu, 11 Mar 2004, Gregory
We're starting project to create opensource software help ISPs to provision
network services and track information related to that afterwards. This would
include allocation of ip addresses and database of such allocations, database
of circuits and network devices, administration and
On Thu, 11 Mar 2004, Marshall Eubanks wrote:
There is another thing - if you are multi-homed, and want to switch
providers, it is pretty seamless and painless - no renumbering, no
loss of connection, etc., as you always have a redundant path.
Sure -- though many ISPs will probably let you
John Neiberger wrote:
On another list we've been having multihoming discussions again and I
wanted to get some fresh opinions from you.
Whilst the topic's under discussion may I present myself as a lightning
rod :) by asking:
(a) Has anyone here used any of the 'basement multi-homing in a
E.B. Dreger wrote:
PH Date: Thu, 11 Mar 2004 18:21:03 +0200
PH From: Petri Helenius
PH Depending on your requirements, the option of having somebody
PH redistribute all their BGP routes into ISIS or OSPF might not
PH worth looking forward to.
Couldn't quite parse this, but it sounds scary.
You might want to change the name. IPal is a commercial product available
from Internet Associates LLC. (www.internetassociatesllc.com).
- Dennis
On Thu, Mar 11, 2004 at 11:17:12AM -0800, william(at)elan.net wrote:
We're starting project to create opensource software help ISPs to
Whilst the topic's under discussion may I present myself as a
lightning
rod :) by asking:
(a) Has anyone here used any of the 'basement multi-homing in a box'
products such as Checkpoint's ISP Redundancy feature?
http://www.checkpoint.com/products/connect/vpn-1_isp_redundancy.html
(The 'VPN-1'
Wow, I had no idea somebody already used this name for same product...
Hold on everybody from signup up then, we'll talk about the name first
among the group. I'll repost when new name is ready.
On Thu, 11 Mar 2004, Dennis Boylan wrote:
You might want to change the name. IPal is a
Fortunately people with less clue usually have less bandwidth.
Don't be so sure that people with no clue don't have bandwidth, large
companies with enourmouse resources sometimes end up with really clueless
people at the top and similarly clueless network techs.
Most Universities have
Eric Gauthier wrote:
Most Universities have a large clueless.. um, I mean, student population
sitting on 10 or 100 meg switched ports and several hundred meg's to the
Internet
You mis-spelled faculty, researcher, and staff populations.
Today's students (as well as non-trivial portions of
John Neiberger wrote:
Whilst the topic's under discussion may I present myself as a
lightning
rod :) by asking:
(a) Has anyone here used any of the 'basement multi-homing in a box'
products such as Checkpoint's ISP Redundancy feature?
Jay Ford wrote:
[snip]
Many/most of my external connectivity problems are provider-related rather
than circuit-related. Having two circuits to a single provider doesn't help
when that provider is broken. I'm not saying that multi-ISP BGP-based
multi-homing is risk-free, but I don't see
Mmm. A firewall that lands you immediately in hot water with your
ISP and possibly in a courtroom, yourself. Hot.
Legality aside...
I don't imagine it would be too hard to filter these retaliatory
packets, either. I expect that this would be more wad-blowing
than cataclysm after the initial
Two words (well...one hyphenated-reference):
spoofed-source
bah,
--ra
--
k. rachael treu, CISSP [EMAIL PROTECTED]
..quis costodiet ipsos custodes?..
On Wed, Mar 10, 2004 at 11:50:56PM -0800, Gregory Taylor said something to the effect
of:
Oh yes, lets not forget the fact that if
John
As already stated by lots of folks on the list, this is largely a business
decision rather than a technical one. However, there are some more useful
thoughts:
1. Is the decision to multi-home consistent with your other redundancy plans?
For example, why go through all the trouble of
On Thu, Mar 11, 2004 at 03:21:29AM -0500, Brian Bruns said something to the effect of:
On Thursday, March 11, 2004 3:05 AM [EST], Brian Bruns [EMAIL PROTECTED]
wrote:
..snip snip..
How the hell could a company put something like this out, and expect not to
get themselves sued to the moon
On Thu, Mar 11, 2004 at 03:21:29AM -0500, Brian Bruns said something to the effect of:
On Thursday, March 11, 2004 3:05 AM [EST], Brian Bruns [EMAIL PROTECTED]
wrote:
..snip snip..
How the hell could a company put something like this out, and expect not to
get themselves sued to the moon
Yes, lets allow the kiddies who already get away with as little work as
they can in order to produce the most destruction they can, the ability
to use these 'Security Systems' as a new tool for DoS attacks against
their enemies.
Scenerio:
Lets say my name is: l33th4x0r
I want to attack
-Original Message-
From: Gregory Taylor [mailto:[EMAIL PROTECTED]
Sent: Thursday, March 11, 2004 3:55 PM
To: Rachael Treu
Cc: [EMAIL PROTECTED]
Subject: Re: Counter DoS
Yes, lets allow the kiddies who already get away with as little work as
they can in order to produce the most
If you wanted to do that, wouldn't the firewall just need
directed-broadcast left open or emulate similar behavior, or even
turning ip unreachables back on?
Flooding pipes accidentally is easy enough. Now people are selling
products to do it deliberately.
Yeesh.
I saw a license plate this
On Thu, Mar 11, 2004 at 04:10:04PM -0500, Deepak Jain said something to the effect of:
If you wanted to do that, wouldn't the firewall just need
directed-broadcast left open or emulate similar behavior, or even
turning ip unreachables back on?
Exactly my point in using the word amplifier
Drew,
While I believe something should be done, the fact is that two
wrongs do not make a right. If I hit you, is it ok for you to hit me
right back? This kind of retaliation takes the internet community into
a grade school playground fight. What needs to be done, although easier
said
Deepak Jain wrote:
If you wanted to do that, wouldn't the firewall just need
directed-broadcast left open or emulate similar behavior, or even
turning ip unreachables back on?
Flooding pipes accidentally is easy enough. Now people are selling
products to do it deliberately.
Maybe there is
Petri Helenius wrote:
Maybe there is a lesson to be learned from many RBL operators. To make
sure, just send packets to the whole /24 or /16 you got an attack
packet from.
Which RBL operators flood /24's or /16's? What do they flood them
with?
--
Requiescas in pace o email
On Thu, 11 Mar 2004, Laurence F. Sheldon, Jr. wrote:
Petri Helenius wrote:
Maybe there is a lesson to be learned from many RBL operators. To make
sure, just send packets to the whole /24 or /16 you got an attack
packet from.
Which RBL operators flood /24's or /16's? What do they
william(at)elan.net wrote:
On Thu, 11 Mar 2004, Laurence F. Sheldon, Jr. wrote:
Petri Helenius wrote:
Maybe there is a lesson to be learned from many RBL operators. To make
sure, just send packets to the whole /24 or /16 you got an attack
packet from.
Which RBL operators flood /24's or
On Thursday, March 11, 2004 6:16 PM [EST], william(at)elan.net
[EMAIL PROTECTED] wrote:
Which RBL operators flood /24's or /16's? What do they flood them
with?
I think he meant that RBLs sometimes include entire /24 in RBL list when
only one or two ips are at fault and some would go even
One aspect of the problem with DoS attacks and warlike responses to these
attacks is that the younger generation is getting their computer science
training via gaming and hacking. Many high schools in the U.S. are so
financially strapped that they can't afford to teach programming,
networking,
Get involved with your local high schools. Sponsor user groups at the
high school. Offer to teach some mini courses.
The teenage crowd needs our help learning best practices and ethics.
The hacking problem is multi-faceted, of course, and this is just one
facet of a partial solution, but
PH Date: Thu, 11 Mar 2004 20:31:52 +0200
PH From: Petri Helenius
PH I´m refering to the most popular way of causing an IGP
PH meltdown. Obviously there are other ways, like software
PH defects to make your IGP go mad. But when your upstream´s IGP
PH does that, you want to have provider B to
VA Date: Thu, 11 Mar 2004 08:12:04 -0500
VA From: Vinny Abello
VA Plus imagine an attack originates behind one of these devices
VA for some reason attacking another device. It'll just create a
VA massive loop. :) That would be interesting.
I wonder if it pays attention to the evil bit? ;)
On Thu, Mar 11, 2004 at 05:17:35PM -0500, Deepak Jain wrote:
Just like the blackhole community routes, certain /32's (only, nothing
shorter) can be exported from the customer to the backbone to be
blackholed at the edges. The twist, is that instead of limited the
customer announcement to
Is anybody automating router/switch configs in any manner
other then telnet scripts or Ciscoworks? I am just trying to get some ideas.
Thanks
Jason
I have received almost 200 different spam messages from domains hosted by this
provider from russain domains attempting to sell pharmacueticals and other unsolicited
services that I do not want tekmailer.com and moosq.com are 2 of the primary
abusers from this hosting company
-Henry
Message
On Thursday, March 11, 2004 10:11 PM [EST], Henry Linneweh
[EMAIL PROTECTED] wrote:
I have received almost 200 different spam messages from domains hosted by
this provider from russain domains attempting to sell pharmacueticals and
other unsolicited services that I do not want tekmailer.com
Henry Linneweh writes on 3/12/2004 8:41 AM:
I have received almost 200 different spam messages from domains
hosted by this provider from russain domains attempting to sell
pharmacueticals and other unsolicited services that I do not want
tekmailer.com and moosq.com are 2 of the primary abusers
On Fri, 12 Mar 2004, Suresh Ramasubramanian wrote:
Henry Linneweh writes on 3/12/2004 8:41 AM:
I have received almost 200 different spam messages from domains
hosted by this provider from russain domains attempting to sell
pharmacueticals and other unsolicited services that I do not
On (11/03/04 20:50), Jason Graun wrote:
Is anybody automating router/switch configs in any manner other then telnet
scripts or Ciscoworks? I am just trying to get some ideas.
lexicon/netclarity - www.network-clarity.com - young, only cisco
ios/catos devices right now, easy to tailor to your
There are similar boxes from FatPipe and Radware (and others) that
promise the same thing. I've done some light research on them and while
I can see some positives, I don't prefer them to our current solution.
Then again, I don't have any practical experience with them and I hope
someone who has
On Thu, 11 Mar 2004 20:50:57 -0600, Jason Graun [EMAIL PROTECTED] said:
Is anybody automating router/switch configs in any manner other then
telnet scripts or Ciscoworks? I am just trying to get some ideas.
are you talking about access routers or backbone/core/peering routers?
- for
Aditya writes on 3/12/2004 9:41 AM:
On Thu, 11 Mar 2004 20:50:57 -0600, Jason Graun [EMAIL PROTECTED] said:
Is anybody automating router/switch configs in any manner other then
telnet scripts or Ciscoworks? I am just trying to get some ideas.
are you talking about access routers or
the thing is though, by allowing any /32's... what prevents
/all/ customers from abusing it by curiosity of what would
happen? :)
the fact that you are allowing any /32's (up to 100 or whatever
max prefix lim. you set) is like giving a can of worms to your
On Fri, 12 Mar 2004, Suresh Ramasubramanian wrote:
Wholesalebandwidth = Scott Richter.
http://groups.google.com/groups?q=scott+richter+wholesalebandwidth
You can safely nullroute 69.6.0.0/18
You can say that again. He's a strong third on my list:
http://mrtg.snark.net/nullstats.cgi
74 matches
Mail list logo