geoff has a quite good article on antonymous systems, usage, ... at
http://www.potaroo.net/ispcol/2005-08/as.html.
randy
Thank you very much Randy for an introduction of JANOG.
We're really delighted to have you as a presenter here in
JANOG Meeting !!
Regards,
MAEMURA Akinori, JANOG Committee
In message [EMAIL PROTECTED]
janog
Randy Bush [EMAIL PROTECTED] wrote:
|
| janog/fukuoka is in the last day of
geoff has a quite good article on antonymous systems, usage, ... at
http://www.potaroo.net/ispcol/2005-08/as.html.
geoff,
why not assume
o all speakers will not transition at the same time, but
o before the first 0: is issued/used that all will
transition?
i would think this is
* John Neiberger:
Protect thyself how? For DDoS protection to work, the nasty traffic
must be stopped before it gets to my access circuits. Once it gets
close enough for me to do anything about it directly it's too late.
It depends. Quite a few DoS attacks are not based on bandwidth
On Fri, 29 Jul 2005, Randy Bush wrote:
Geoff,
Of the 32,557 assigned AS numbers, some 19,859 are advertised, while
12,698 have been allocated in the past, but are not currently advertised
in the BGP routing table.
I would have liked to see how well the RIRs are at recovering unused
ASNs, if at
On 29/07/05, Florian Weimer [EMAIL PROTECTED] wrote:
Anyway, you should examine *why* you (or your customers) are attacked,
and address that. Everything else is likely cost-effective. Of
course, this might mean you have to do without some revenue if you
have customers that are DoS magnets
* Suresh Ramasubramanian:
On 29/07/05, Florian Weimer [EMAIL PROTECTED] wrote:
Anyway, you should examine *why* you (or your customers) are attacked,
and address that. Everything else is likely cost-effective. Of
course, this might mean you have to do without some revenue if you
have
Suresh Ramasubramanian wrote:
Not allowing your users to run eggdrop or other irc bots on the shells
you give them, and generally not hosting irc stuff would definitely
help there.
Filtering anything else than port 80 and maybe 53 would allow them to
experience the Internet in safe and
On 29/07/05, Petri Helenius [EMAIL PROTECTED] wrote:
Filtering anything else than port 80 and maybe 53 would allow them to
experience the Internet in safe and controlled manner!
Petri, if someone has to actually ask on nanog about ddos mitigation
tools, he is much better off not having irc
Hank,
At 09:13 29/07/2005, Hank Nussbacher wrote:
Of the 32,557 assigned AS numbers, some 19,859 are advertised, while
12,698 have been allocated in the past, but are not currently advertised
in the BGP routing table.
I would have liked to see how well the RIRs are at recovering unused
ASNs,
On Fri, 29 Jul 2005, Henk Uijterwaal wrote:
While this looks like a lot, it does not really solve any problem. Geoff's
numbers show that the pool will expire in 5 years. Our estimate is a
When discussed a few years back, I was told that this was already solved
by 32bit AS numbers
Henk Uijterwaal wrote:
While this looks like a lot, it does not really solve any problem.
Geoff's numbers show that the pool will expire in 5 years. Our
estimate is a little bit longer, but not that much. 2010-2005 is 5
years, if the trend that 20% never appears continues and all these
ASN
While this looks like a lot, it does not really solve any problem. Geoff's
numbers show that the pool will expire in 5 years. Our estimate is a
When discussed a few years back, I was told that this was already solved
by 32bit AS numbers (ASx:x).
you may want to read the referenced
On Fri, 29 Jul 2005, Randy Bush wrote:
you may want to read the referenced article
http://www.potaroo.net/ispcol/2005-08/as.html
The article states it's not fixed. I guess what I was told back then was
false, considering
http://en.wikipedia.org/wiki/Autonomous_system_(Internet) states:
The article states it's not fixed.
that seems to agree with at least one of my routers
rtr42#conf t
Enter configuration commands, one per line. End with CNTL/Z.
rtr42(config)#router bgp 0:3130
^
% Invalid input detected at '^' marker.
my point was
://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml.
Affected Products
=
Vulnerable Products
This issue affects all Cisco devices running any unfixed version of Cisco IOS
code that supports, and is configured for, IPv6. A device which supports IPv6
must have the interfaces
On Fri, 29 Jul 2005, Fergie (Paul Ferguson) wrote:
Hey, Dan...
What's that they say abou 800 lb. Gorillas...
:-)
- ferg
-- Daniel Golding [EMAIL PROTECTED] wrote:
Cisco's conduct in this case may or may not be improper - we'll have to wait
for a little more information. From a
This report has been generated at Fri Jul 29 21:45:47 2005 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table
://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml
[snip]
--
Fergie, a.k.a. Paul Ferguson
Engineering Architecture for the Internet
[EMAIL PROTECTED] or [EMAIL PROTECTED]
ferg's tech blog: http://fergdawg.blogspot.com/
Over on Boing Boing:
[snip]
Here's a PDF that purports to be Michael Lynn's presentation on Cisco's
critical vulnerabilities (The Holy Grail: Cisco IOS Shellcode And Exploitation
Techniques), delivered at last week's Black Hat conference. Lynn's employer,
ISS, wouldn't let him deliver the
Would this not be a great way to infect thousands of
network operations systems due to a PDF exploit? It
is like free beer to many network operators, they
just *have* to consume it. One could take control
of the network by taking control of the systems
of the people operating it and silently
Now the FBI is investigating Lynn for criminal wrongdoing?
Kim Zetter writes in Wired News this morning that:
[snip]
The FBI is investigating a computer security researcher for criminal conduct
after he revealed that critical systems supporting the internet and many
networks have a serious
Remind me why I bother with information security when industry and the
government seems to want to ensure things can be pwn3d as easily as
possible...
On 7/29/05, Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote:
Now the FBI is investigating Lynn for criminal wrongdoing?
Kim Zetter writes
On 7/29/05 12:56 PM, John C. A. Bambenek [EMAIL PROTECTED] wrote:
Remind me why I bother with information security when industry and the
government seems to want to ensure things can be pwn3d as easily as
possible...
If the digital pearl harbor does come to pass, this won't be
On Fri, Jul 29, 2005 at 08:56:40AM -0700, Buhrmaster, Gary wrote:
I know, I am just being paranoid. There has never
been an exploitable PDF exploit. Oh, wait, there
has been :-)
Ah, yes; but does it affect xpdf?
Cheers,
-- jra
--
Jay R. Ashworth
On Fri, Jul 29, 2005 at 01:01:42AM +, Christopher L. Morrow wrote:
could they be unpatched because no one has sent out a notice saying
versions before X have known vulnerabilities. upgrade now to one
of the following: ...?
or... cause new IOS won't run on them.
Indeed - Cisco's
At 2:19 PM + 2005-07-29, Fergie (Paul Ferguson) wrote:
http://www.boingboing.net/2005/07/29/michael_lynns_contro.html
I think these guys better prepare for the slashdot effect...
The guys at cryptome.org have a long history of archiving
documents that others in the business have
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to [EMAIL PROTECTED]
If you have any comments please contact Philip Smith [EMAIL PROTECTED].
Routing Table Report 04:00 +10GMT Sat 30 Jul, 2005
--- John Forrister [EMAIL PROTECTED] wrote:
Indeed - Cisco's hardware, especially the older,
smaller boxes, tended
to be really solid once you got them running. I was
just pondering a
few minutes ago on how many 2500's I configured
installed in 1996 1997
are still running today, on
On 7/29/05, David Barak [EMAIL PROTECTED] wrote:
--- John Forrister [EMAIL PROTECTED] wrote:
Indeed - Cisco's hardware, especially the older,
smaller boxes, tended
to be really solid once you got them running. I was
just pondering a
few minutes ago on how many 2500's I
And quite honestly, we can probably be pretty safe in assuming they will not
be running IPv6 (current exploit) or SNMP (older exploits) or BGP (other
exploits) or SSH (even other exploits) on that box. :) (the 1601 or the
2500's)
But, in the advisory that Cisco put out, it did mention free
http://www.eweek.com/article2/0,1759,1841669,00.asp
- ferg
--
Fergie, a.k.a. Paul Ferguson
Engineering Architecture for the Internet
[EMAIL PROTECTED] or [EMAIL PROTECTED]
ferg's tech blog: http://fergdawg.blogspot.com/
--- Scott Morris [EMAIL PROTECTED] wrote:
And quite honestly, we can probably be pretty safe
in assuming they will not
be running IPv6 (current exploit) or SNMP (older
exploits) or BGP (other
exploits) or SSH (even other exploits) on that box.
:) (the 1601 or the
2500's)
Let's see
Scott Morris wrote:
And quite honestly, we can probably be pretty safe in assuming they will not
be running IPv6 (current exploit) or SNMP (older exploits) or BGP (other
exploits) or SSH (even other exploits) on that box. :) (the 1601 or the
2500's)
If a worm writer wanted to cause chaos,
Fergie (Paul Ferguson) wrote:
http://www.eweek.com/article2/0,1759,1841669,00.asp
Cisco still seems to be spinning it, though. The important part of
Lynn's presentation wasn't the IPv6 exploit, but how future exploits can
be used to execute arbitrary code on Cisco equipment. By making a
On Fri, 29 Jul 2005, Fergie (Paul Ferguson) wrote:
http://www.eweek.com/article2/0,1759,1841669,00.asp
Like I said, PR disaster.
As more information comes out, the levels of misbehavior on behalf of
Cisco and ISS are reaching comical levels. I mean really, someone at ISS
filed a _criminal
http://www.eweek.com/article2/0,1759,1841669,00.asp
Cisco still seems to be spinning it, though. The important part of
Lynn's presentation wasn't the IPv6 exploit, but how future exploits can
be used to execute arbitrary code on Cisco equipment. By making a big
deal about the IPv6
On Fri, 2005-07-29 at 19:06, Daniel Golding wrote:
I hope the leadership at Cisco reflects on this incident and will utilize
different tactics the next time this happens. Similarly, I hope the
cybersecurity folks in our governments realize that, while a strong
relationship with vendors is
The *best* exploit is the one alluded to in the presentation.
Overwrite the nvram/firmware to prevent booting (or, perhaps,
adjust the voltages to damaging levels and do a smoke test).
If you could do it to all GSR linecards, think of the RMA
costs to Cisco (not to mention the fact that Cisco
Buhrmaster, Gary wrote:
The *best* exploit is the one alluded to in the presentation.
Overwrite the nvram/firmware to prevent booting (or, perhaps,
adjust the voltages to damaging levels and do a smoke test).
If you could do it to all GSR linecards, think of the RMA
costs to Cisco (not to
As an aside, I like John Murrell's headline in Good Morning,
Silicon Valley best of all --
Cisco patches security researcher vulnerability
http://blogs.siliconvalley.com/gmsv/2005/07/cisco_patches_s.html
;-)
- ferg
-- Saku Ytti [EMAIL PROTECTED] wrote:
I guess someone has to yell wolf every
I just happened to see this :
Last month, a company called Internet Security Systems (ISS) issued an alert
to warn users that Cisco's VoIP offering had a security flaw that would allow
just that. According to the company, this implementation flaw in Cisco's Call
Manager, which handles call
On Fri, 29 Jul 2005, Fergie (Paul Ferguson) wrote:
As an aside, I like John Murrell's headline in Good Morning,
Silicon Valley best of all --
Cisco patches security researcher vulnerability
http://blogs.siliconvalley.com/gmsv/2005/07/cisco_patches_s.html
cisco's firewalls are made of lawyers
Someone on another list was wondering if this IPv6 exploit might have
something to do with the NANOG thread from a few days ago titled 6to4
routes disappeared from most of North America.
http://www.merit.edu/mail.archives/nanog/msg09747.html
Is there any reason to think that these might be
Once upon a time, Janet Sullivan [EMAIL PROTECTED] said:
If a worm writer wanted to cause chaos, they wouldn't target 2500s, but
7200s, 7600s, GSRs, etc.
Right. And if they wanted to cause chaos on computers, they'd ignore
business desktops and home computers and target large server farms.
On Fri, 29 Jul 2005 17:26:45 CDT, Chris Adams said:
Once upon a time, Janet Sullivan [EMAIL PROTECTED] said:
If a worm writer wanted to cause chaos, they wouldn't target 2500s, but
7200s, 7600s, GSRs, etc.
Right. And if they wanted to cause chaos on computers, they'd ignore
business
Petri Helenius wrote:
Fortunately destructive worms don't usually get too wide distribution
because they don't survive long.
That assumes that the worm must discover exploitable hosts. What if
those hosts have already been identified through other means previously?
A nation, terrorist
http://www.tomsnetworking.com/Sections-article131.php
Chuck ChurchLead Design EngineerCCIE #8776,
MCNE, MCSENetco Government Services - Design Implementation
Team1210 N. Parker Rd.Greenville, SC 29609Home office:
864-335-9473Cell: 864-266-3978[EMAIL PROTECTED]PGP key:
At 6:44 PM +0200 2005-07-29, Brad Knowles wrote:
At 2:19 PM + 2005-07-29, Fergie (Paul Ferguson) wrote:
http://www.boingboing.net/2005/07/29/michael_lynns_contro.html
I think these guys better prepare for the slashdot effect...
BTW, the original slides are supposed to be at
At 7:29 PM -0500 2005-07-29, Church, Chuck wrote:
http://www.tomsnetworking.com/Sections-article131.php
Check the top slide at
http://www.tomsnetworking.com/Sections-article131-page4.php, then
look the PDFs that have been made available. Has anyone else found
the kick-em-in-the-nuts
On Fri, 29 Jul 2005 13:11:57 CDT, Russell Smoak said:
All,
These recipients received an email from Austin Mckinley as Cisco Systems.
This messasge was sent in complete error and includes intellectual
property of ISS and Cisco Systems. Please delete and do not distrbute
the information
On Fri, 29 Jul 2005, John Neiberger wrote:
Someone on another list was wondering if this IPv6 exploit might have
something to do with the NANOG thread from a few days ago titled 6to4
routes disappeared from most of North America.
http://www.merit.edu/mail.archives/nanog/msg09747.html
Is
On Sat, 30 Jul 2005, Brad Knowles wrote:
BTW, the original slides are supposed to be at
http://www.infowarrior.org/users/rforno/lynn-cisco.pdf. However,
what's there now is currently a place-holder, although it does tell
you that if you're looking for the original PDF file that you can
At 11:20 PM 7/29/2005, you wrote:
Naah. My money's on laziness; it's usually the case. 8-)
Never attribute to laziness that which can be explained by incompetence. :)
R
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
Well
Sorry, but its a traditional part of the product model for
telecommunications equipment. PBX's, routers, pretty much everything -
support contract required. Sure, you could have it a different way, but
you
would have to be willing to pay significantly more up front to pay for
that
ongoing
On Sat, 30 Jul 2005 00:48:13 EDT, Geo. said:
What ongoing support, just put the fixes on an ftp site. Cisco's problem is
they aren't patches, they are full versions. If they created an exe file
that attached via tcp/ip to the router and just changed the bits that needed
The ability to connect
* Brad Knowles:
This makes me a little suspicious that the slides we have are
not the real ones.
The dates embedded in the PDF file indeed suggest that they were
edited afterwards.
57 matches
Mail list logo