Need I say more...?
http://www.securityfocus.com/news/9411
My thanks to those who listened and helped me. My thanks to those who
helped Spamhaus, and my thanks to anyone else who got involved with the
whole deal.
/ Mat
Wow...
Glad to see we know the real reason foonet got raided.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Matthew Sullivan
Sent: Friday, August 27, 2004 4:41 AM
To: nanog
Subject: On the back of other security posts (well some over a year ago
now
raided.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Matthew Sullivan
Sent: Friday, August 27, 2004 4:41 AM
To: nanog
Subject: On the back of other security posts (well some over a year ago
now)
Need I say more...?
http
- Original Message -
From: joe mcguckin [EMAIL PROTECTED]
To: NANOG [EMAIL PROTECTED]
Sent: Friday, August 27, 2004 1:36 PM
Subject: Re: On the back of other security posts (well some over a year ago
now)
What strikes me as interesting is the fact that someone did hundreds
On Sun, Aug 31, 2003 at 02:34:28PM -0700, [EMAIL PROTECTED] said:
[snip]
What you are saying works only so long as none of your edge connections
represent a significant portion of the internet. How do you anti-spoof,
for example, a peering link with SPRINT or UUNET? It's not realistic
to
At 02:58 PM 9/1/2003, Terry Baranski wrote:
the rest of the paper is also germane to this thread. just
fya, we keep rehashing the UNimportant part of this argument,
and never progressing. (from this, i deduce that we must be humans.)
Ok, so we seem to have a general agreement that anti-spoof
Ok, so we seem to have a general agreement that anti-spoof BGP prefix
filtering on all standard customer edge links is a worthwhile practice.
actually, we don't. what we've achieved is that gray area / middle ground
where the people who don't think it's important are mostly afraid to speak
On maandag, sep 1, 2003, at 20:58 Europe/Amsterdam, Terry Baranski
wrote:
the rest of the paper is also germane to this thread. just
fya, we keep rehashing the UNimportant part of this argument,
and never progressing. (from this, i deduce that we must be humans.)
Ok, so we seem to have a
... That depends on your definition of edge, I suppose. ...
in SAC 004 (http://www.icann.org/committees/security/sac004.txt) we see:
1 - Connection Taxonomy
1.1. The Internet is a network of networks, where the component
networks are called Autonomous Systems (AS), each having a
the rest of the paper is also germane to this thread. just
fya, we keep rehashing the UNimportant part of this argument,
and never progressing. (from this, i deduce that we must be humans.)
Ok, so we seem to have a general agreement that anti-spoof BGP prefix
filtering on all standard
[EMAIL PROTECTED] (Matthew Sullivan) writes:
..and if the perps are on this list, keep going if you want, the more
you do the more likely you'll get caught. You will not force SORBS off
the net like you have Osirusoft. I and SORBS will leave when we are
good and ready, and not because
Owen DeLong wrote:
Yet more spoofed traffic aimed at the SORBS nameservers - this time
enough to crash a core router of my upstream... Hopefully the
commercial
damage now may insite people getting damaged by these DDoSes to start
proceedings against those ISPs whom continue to show a lack of
Jack Bates wrote:
Owen DeLong wrote:
Again, I just don't see where an ISP can or should be held liable for
forwarding what appears to be a correctly formatted datagram with a
valid
destination address. This is the desired behavior and without it, the
internet stops working. The problem is
On Sat, 30 Aug 2003, Terry Baranski wrote:
Owen DeLong wrote:
The ISPs aren't who should be sued. The people running
vulnerable systems generating the DDOS traffic and the
company providing the Exploding Pinto should be sued. An
ISPs job is to forward IP traffic on a best effort
Owen DeLong wrote:
The ISPs aren't who should be sued. The people running
vulnerable systems generating the DDOS traffic and the
company providing the Exploding Pinto should be sued. An
ISPs job is to forward IP traffic on a best effort basis to
the destination address contained in the header
On 31 Aug 2003 06:51 UTC Owen DeLong [EMAIL PROTECTED] wrote:
| I define it as the port on one of my routers where the other
| end of the link is connected to a machine I don't control.
Or one that you didn't control this time yesterday ?
--
Richard Cox
That depends on your definition of edge, I suppose. I define it as the
port on one of my routers where the other end of the link is connected
to a machine I don't control. In those terms, edge filtering makes sense
in some cases and not in others. If it's a dial-up or T1 customer which is
a
As I'v said many times (so have a few others, more now than before) you
have to define the 'edge' first... My definition is: as close to the
end
system as possible. For instance the LAN segment seems like the ideal
place, its where there is the most CPU per packet, with the most simple
routing
On Sat, 30 Aug 2003, Terry Baranski wrote:
Sure, blocking spoofed traffic in the limited cases where it is feasible at
the edge would be a good thing, but, I don't see failure to do so as
negligent.
In what instances is blocking spoofed traffic at the edge not feasible?
(Spoofed as in
On Sunday, August 31, 2003 8:26 AM Stephen J. Wilcox wrote:
On Sat, 30 Aug 2003, Terry Baranski wrote:
In what instances is blocking spoofed traffic at the edge not
feasible? (Spoofed as in not sourced from one of the customer's
netblocks.)
Where the customer is not a basic end
--On Sunday, August 31, 2003 7:28 AM -0400 Matthew Crocker
[EMAIL PROTECTED] wrote:
As I'v said many times (so have a few others, more now than before) you
have to define the 'edge' first... My definition is: as close to the
end
system as possible. For instance the LAN segment seems like the
Hi All,
On the back of the latest round of security related posts, anyone notice
the 50% packet loss (as reported to me) across the USA - NZ links
around lunchtime (GMT+10) today?
Yet more spoofed traffic aimed at the SORBS nameservers - this time
enough to crash a core router of my
On Sat, Aug 30, 2003 at 08:17:39PM +1000, Matthew Sullivan wrote:
Hi All,
On the back of the latest round of security related posts, anyone notice
the 50% packet loss (as reported to me) across the USA - NZ links
around lunchtime (GMT+10) today?
Yep, easily .. we saw big routing
Yet more spoofed traffic aimed at the SORBS nameservers - this time
enough to crash a core router of my upstream... Hopefully the commercial
damage now may insite people getting damaged by these DDoSes to start
proceedings against those ISPs whom continue to show a lack of
respobsibility and
Owen DeLong wrote:
Again, I just don't see where an ISP can or should be held liable for
forwarding what appears to be a correctly formatted datagram with a valid
destination address. This is the desired behavior and without it, the
internet stops working. The problem is systems with consistent
On Sat, 30 Aug 2003 17:36 UTC Jack Bates [EMAIL PROTECTED] wrote:
| The person responsible is the bot maintainer. Finding the controller
| medium (probably irc) is the hard part, but once done, monitoring who
| controls the bots isn't near as hard.
For various values of control. In the cases
Owen DeLong wrote:
The ISPs aren't who should be sued. The people running
vulnerable systems generating the DDOS traffic and the
company providing the Exploding Pinto should be sued. An
ISPs job is to forward IP traffic on a best effort basis to
the destination address contained in
27 matches
Mail list logo
