You know how easy it is to fake IRC logs?
Yes, I do. And I also know that these aren't fake. I've seen them before,
from some
respected sources in the ISP security community, and I've also seen Gregory's
manifesto sent
to the EFNet admins list admitting to having launched DDoS attacks
I was talking more along the lines of disclosing personal information
without
permission
Since when was re-pasting entries from the phonebook considered illegal?
slander is another one as well...
I suggest you read a legal dictionary, and turn to the definitions of
slander and libel. One
Matthew (yes I know it is you)
No, my name is Albert.
I have not attacked any Internet Service Provider or IRC server
in several years. I am and have been retired from the underground
for a long while now, despite the constant comments made to the contrary
by people who do not represent me in
On Mon, 15 Mar 2004, Alexei Roudnev wrote:
First, let me say that I appreciate your s wrt the s2n ratio here. I
don't want to indicate otherwise. But, to get into the circle with
everyone else and shoot some marbles... :)
: Ok - is name resoluution issue network issue or not? if it is, how
Hello,
I just thought I should chime in here.
Below you will find OseK's (Greg Taylor) manifesto sent to EFnet admins
during an event last
year where OseK was attacking most EFnet servers.
Additionally, I can tell you that Greg was attacking my network at some
point in the last year,
Sorry about the last post, my client's linewrap seems to not work properly,
I'll try again.
Hello,
I just thought I should chime in here.
Below you will find OseK's (Greg Taylor) manifesto sent to EFnet admins
during an event last
year where OseK was attacking most EFnet servers.
People should be worried about stuff like this.
Banetele is a facilities-based network operator
in Norway and these guys are directly attacking
their BGP sessions to put them off the air.
Assuming that they are not sourcing the attacks
in Banetele's AS, then you, the peer of Banetele
are
Too bad I can't automate the web logins.
Huh!?
http://curl.haxx.se/
And then there are all those Windows macro recorder
programs http://www.tucows.com/macros95_default.html
--Michael Dillon
Oops:
This Account Has Been Suspended
Please contact the billing/support department as soon as possible.
How fast is DSL? I think mine is 64k min, so 6000x64k=384Mb .. hmm, I can
transfer files currently via Gig for faster than that.
But anyway, yeah they've done a bunch of benchmarks with
On Tue, 16 Mar 2004, [EMAIL PROTECTED] wrote:
People should be worried about stuff like this. Banetele is a
facilities-based network operator in Norway and these guys are directly
attacking their BGP sessions to put them off the air.
Can anyone from Banetele/who knows Banetele confirm this
People should be worried about stuff like this. Banetele is a
facilities-based network operator in Norway and these guys are directly
attacking their BGP sessions to put them off the air.
Can anyone from Banetele/who knows Banetele confirm this attack took place?
According to the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[cc: to [EMAIL PROTECTED], maybe now it will get their
attention instead of going into /dev/null]
Hi,
Here is some operational content, instead of Packet Kiddies
trying to rape each other verbally ;)
According to Toshikazu Saito (Powerdcom):
I
On Mon, 15 Mar 2004 23:17:27 -0500 (EST)
Andrew Dorsett [EMAIL PROTECTED] wrote:
I'm not referring to the time required to implement. I'm talking about
the time it takes for the user. On the user end. Lets do some simple
math. Lets say I turn on my laptop before I shower, I power it down
[cc: to [EMAIL PROTECTED], maybe now it will get their
attention instead of going into /dev/null]
This is an odd thing to do because you don't say
what action you would like ARIN to take.
What do you think ARIN should do?
ASHandle: AS4474
Comment:The information for this ASN has been
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jordan Lowe [mailto:[EMAIL PROTECTED] wrote:
Who are you to start publicly trying to deeper people? Nlayer has a
great noc, I am a customer, and know many more. They are currently
migrating from 4474 to 4436 due to the asn issue, and its not
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
[EMAIL PROTECTED] wrote:
[cc: to [EMAIL PROTECTED], maybe now it will get their
attention instead of going into /dev/null]
This is an odd thing to do because you don't say
what action you would like ARIN to take.
What do you think ARIN should
Before you started a rant on [EMAIL PROTECTED] about this inconsistent-as
problem on an inet6 route, did you think about posting a polite,
Please, someone from nlayer, contact me off-list, message; or how
about an email to the inet6 carrier(s) from which you learnt the routes?
It seems to me
--- [EMAIL PROTECTED] wrote:
Assuming that they are not sourcing the attacks
in Banetele's AS, then you, the peer of Banetele
are delivering the packet stream that kills the
BGP session. How long before peering agreements
require ACLs in border routers so that only BGP
peering routers
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff S Wheeler wrote:
Before you started a rant on [EMAIL PROTECTED] about this
inconsistent-as problem on an inet6 route, did you think about posting a polite,
Please, someone from nlayer, contact me off-list, message; or how
about an email to
Why would nlayer be now using AS4436? It is listed as scruz.net, but as
far as I remember scruz was taken overy by DSL.NET (I think that even
included their peering agreements) and some of their ip block such as
204.139.8.0/21, 204.147.224.0/20 and others certainly seem to confirm that.
As
On Tue, 2004-03-16 at 04:59, Tom (UnitedLayer) wrote:
Are you using it for L2 only, or L2+L3?
I hear decent things about using them for L2 only, and using J or C boxes
for the L3 portion.
Yep...that's the way we do it as well, L2 on the BD6808's and L3 on J
boxes although we started out
Hi Drew -
We have 6 backbones distributed across two 7507s and we messed around
with a lot of different ways to make this happen. MEDs, Weights, manual
BGP configurations every time one of the connections would get
overloaded (even at 2am), you name it - we tried it, and in the end we
On Tue, 16 Mar 2004 04:14:01 -0800 [EMAIL PROTECTED] wrote:
According to the people I spoke to, they had not noticed such an
attack
on the date specified.
And, while not knowing the specifics of this situation, if you were being
attacked, and it hurt
your network, would you continue to piss
--On Tuesday, March 16, 2004 7:52 AM -0800 william(at)elan.net
[EMAIL PROTECTED] wrote:
Why would nlayer be now using AS4436? It is listed as scruz.net, but as
far as I remember scruz was taken overy by DSL.NET (I think that even
included their peering agreements) and some of their ip block
Can anyone point me at any papers that talk about security issues raised by
private networks passing dns requests for RFC 1918 private address space out
to their ISP's dns servers?
I'm aware of the issues involved with an ISP passing the requests on to the
root servers but was looking
Hmm, if someone (except masochists and security vendiors) still hosts
efnet... I can only send them my condoleences.
I saw sthe same dialogs 6 years ago. Nothing changes.
- Original Message -
From: Stephen J. Wilcox [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Sent:
Hmm, if someone (except masochists and security vendiors) still hosts
efnet... I can only send them my condoleences.
I saw sthe same dialogs 6 years ago. Nothing changes.
BaneTele hosts an EFnet IRC server. Caused no significant problems while
I was working at BaneTele. That's probably
so... the subject is somewhat disingenious. there is no problem with a prefix being
announced by more than one ASN. Per the original subject, this seemed to be your
gripe.
however, the thread has devolved into someone using network resources w/o
registration...
which is different.
On Tue, 16 Mar 2004, Alexei Roudnev wrote:
Hmm, if someone (except masochists and security vendiors) still hosts
efnet... I can only send them my condoleences.
I saw sthe same dialogs 6 years ago. Nothing changes.
What about undernet? A customer wants us to help him setup an undernet
IRC
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
bill [mailto:[EMAIL PROTECTED] wrote:
so... the subject is somewhat disingenious. there is no
problem with a prefix being
announced by more than one ASN.
2001:590::/32 _is_ being announced by both AS4436 *and* AS4474.
Trying to contact these
On Tue, 16 Mar 2004 [EMAIL PROTECTED] wrote:
On Tue, 16 Mar 2004, Alexei Roudnev wrote:
Hmm, if someone (except masochists and security vendiors) still hosts
efnet... I can only send them my condoleences.
I saw sthe same dialogs 6 years ago. Nothing changes.
What about undernet?
On Tue, 16 Mar 2004 11:22:55 EST, Geo. [EMAIL PROTECTED] said:
I'm aware of the issues involved with an ISP passing the requests on to the
root servers but was looking specifically for security type issues relating
to a private network passing the requests out to their ISP's dns servers.
On 16 Mar 2004, at 12:03, bill wrote:
there is no problem with a prefix being
announced by more than one ASN.
I am fairly sure that I have seen real-life issues with at least one
vendor's BGP implementation which led a valid route object with one
origin to be masked by another valid route
On 16 Mar 2004, at 12:03, bill wrote:
there is no problem with a prefix being
announced by more than one ASN.
Bill: have you done any measurement exercises to determine whether this
is, in fact, an issue? Or was your comment above based on the protocol,
rather than deployed
Geo. wrote:
Can anyone point me at any papers that talk about security issues raised by
private networks passing dns requests for RFC 1918 private address space out
to their ISP's dns servers?
I've never seen the whole paper on the topic. Leaking the fact that
you use 10.10.10.0/24 or whatever
Can anyone point me at any papers that talk about security issues raised by
private networks passing dns requests for RFC 1918 private address space out
to their ISP's dns servers?
I'm aware of the issues involved with an ISP passing the requests on to the
root servers but was looking
On Mon, 15 Mar 2004, Andrew Dorsett wrote:
On Mon, 15 Mar 2004, Vivien M. wrote:
Yes I am... I am referring to a system which an unmentionable university
has in place. It requires the user to enter their username and password
each time the link state changes before they are allowed
On 16 Mar 2004, at 13:07, Crist Clark wrote:
The IN-ADDR.ARPA delegations for RFC1918 space are just like any
other block. You'll just end up hitting IANA's blackhole servers,
and not all that much, the cache times are one week.
Also, those blackhole servers are anycast, so they might even be
On 16.03 11:22, Geo. wrote:
Can anyone point me at any papers that talk about security issues raised by
private networks passing dns requests for RFC 1918 private address space out
to their ISP's dns servers?
RFC1918
The IN-ADDR.ARPA delegations for RFC1918 space are just like any
other block. You'll just end up hitting IANA's blackhole servers,
and not all that much, the cache times are one week.
In theory, yes.
In reality there are quite a few resolvers that, apparently, do not
receive the delegation
Curtis Maurand wrote:
Then anyone can walk up to the machine and get onto the network simply by
turning on the machine.
The system you're looking for involve biometrics or smartcards. Firewalls
between student and administration areas would be a good idea as well.
It must be dreadful to
On Tue, 16 Mar 2004 10:08:28 PST, bill said:
http://www.nanog.org/mtg-0210/wessels.html
has some very good information about some of the
problems w/ leaked queries.
http://as112.net/ has some mitigation stratagies.
That mitigates the issue, but fails to deal with
Painting with a broad brush the differentiation between student and
administrative networks is based on location,role and ownership A public
ethernet port in a library is a student network even though
administrative computers may be connected from time to time. The
librarian's machine is
On Tue, Mar 16, 2004 at 09:03:21AM -0800, bill wrote:
so... the subject is somewhat disingenious. there is no problem with a
prefix being announced by more than one ASN. Per the original subject,
this seemed to be your gripe.
Using local-as to migrate sessions individually results in the
In case I every get another job at a University, how do you separate
student areas from administration areas?
When we disable the network in a particular area, if a non-student calls
then its a non-student area ;)
Eric :)
On Tue, Mar 16, 2004 at 06:12:22PM +0100, Jeroen Massar wrote:
2001:590::/32 _is_ being announced by both AS4436 *and* AS4474.
Trying to contact these ASN's to inquire why that is happening
and maybe finding out if it was an erronous configuration I
tried to find the contacts which lead to
Duane Wessels wrote:
The IN-ADDR.ARPA delegations for RFC1918 space are just like any
other block. You'll just end up hitting IANA's blackhole servers,
and not all that much, the cache times are one week.
In theory, yes.
In reality there are quite a few resolvers that, apparently, do not
I have a question and would like all of your opinions on this matter, as I research
heavily into stateful ethernet bridging, packet mangling and their advantages and
disadvantages to local and wide area network topologies.
Deployed in large volumes, what negative effects, if any, would
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Richard A Steenbergen [mailto:[EMAIL PROTECTED] wrote:
On Tue, Mar 16, 2004 at 06:12:22PM +0100, Jeroen Massar wrote:
2001:590::/32 _is_ being announced by both AS4436 *and* AS4474.
Trying to contact these ASN's to inquire why that is
I agree, however there are some implementations of this type of bridging that
'routing' would not be a good substitute for. Say mangling traffic going outbound for
compression purposes (A La Redline (Yes I know redline does proxying and not
bridging)). I guess my best question would be, is
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Richard A Steenbergen [mailto:[EMAIL PROTECTED] wrote:
On Tue, Mar 16, 2004 at 06:12:22PM +0100, Jeroen Massar wrote:
2001:590::/32 _is_ being announced by both AS4436 *and* AS4474.
Trying to contact these ASN's to inquire why that is
Hi
I am looking for a good but reasonably priced firewall for a 40 or so server
site. Some people swear by Pix, others swear at it a lot. Also I have heard
good things about Netscreen. Or any others you would recommend for protecting
servers on a busy network. Don't really need anything with
At 04:04 PM 3/16/2004, Petri Helenius wrote:
No. It´s self defending network.
It was the little girl with the really cool game! :)
R
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
Good will, like a good name, is got by many actions,
PIX firewalls are great if you configure them correctly for the application. 40 or
less servers may not require something as complex, however if the data you are
protecting is super-critical, I think a PIX might be your best solution.
Proxy firewalls (i.e. Linux, BSD or variant gateways) are
As much as I hate to follow up my own post, I suppose I was a bit too vauge
for my own good =]
We do not run any cisco gear and we are in a Class A data facility.
By proxy I did not mean to imply NAT. I cannot remember the proper term but
what I mean is full packet handeling as opposed to
If anyone on here is from the powers-that-be behind the verisignmail.com
RBL - or infact anyone from Verisign Security - could they please contact
me offlist regarding an ongoing (2 month!) issue regarding mail delivery.
Thanks, and sorry for the noise (again!).
Mark.
Depends on many aspects; performance, management, and logging
features. I personally recommend Checkpoint FW-1 Express for a smaller
site if you want easy configuration and a great logging interface;
though the pricing may not be what you are looking for. Cisco PIX is
also great but the
Sonicwall makes a great product that can run in STANDARD (Proxy) mode.
Their prices are pretty good as well, espicially if you buy them
through a reseller. We deploy many of these firewalls every year and
they are great!
Thanks,
Brandon
On Tue, 16 Mar 2004 15:07:26 -0800 (PST)
Nicole
On Tue, 16 Mar 2004 [EMAIL PROTECTED] wrote:
Hmm, if someone (except masochists and security vendiors) still hosts
efnet... I can only send them my condoleences.
I saw sthe same dialogs 6 years ago. Nothing changes.
What about undernet?
Thats even worse :)
A customer wants us to
Hello Everyone,
I am
currently looking for a statefull inspection firewall
that support asymmetric routing is there such a product? I cannot
imagine that I am the only person with redundant Internet connectivity,
that would like to put firewalls near the edge of our network. Any
On Tue, 16 Mar 2004 14:27:16 PST, Nicole [EMAIL PROTECTED] said:
From what I have heard a proxy firewall would be best?
I'll go out on a limb here and say that the actual make and model of the
firewall don't matter anywhere *near* as much as a proper understanding on the
client's part of
Hello all,
I'm trying to price and buy a network setup for a high-availability
GigE situation that requires link aggregation. In a simplistic
example, my need is to have, Host A with 2 GigE NICs (copper) that are
link aggregated with 802.3ad but each side is run to a different
switch with
On Tuesday 16 March 2004 10:08 pm, you wrote:
I'm trying to price and buy a network setup for a high-availability
GigE situation that requires link aggregation.
{SNIP}
Thanks for the reponse to far. To clarify several things based on the
feedback... For the implementation Host A side
If you are asking for stateful filtering for a firewall that sees only
one-way conversation, it does not exist and cannot exist, by definition.
If you are asking for some way for firewall A that sees only inbound
packets and firewall B that sees only outbound packets to communicate said
In message [EMAIL PROTECTED], Valdis.Kletni
[EMAIL PROTECTED] writes:
--==_Exmh_2134986584P
Content-Type: text/plain; charset=us-ascii
On Tue, 16 Mar 2004 14:27:16 PST, Nicole [EMAIL PROTECTED] said:
From what I have heard a proxy firewall would be best?
I'll go out on a limb here and say
You mean _PROTOCL HANDELING_, I believe.
I do not know, why people are paying so much attention to it. Important
questions are:
- which services are you providing for the public?
- who will handle all your SSL sessions, if any (may be, Load Balancers?
Then you do not bother about FW proxy for
I went to reply, but my e-mail client filled this in:
On Mar 16, 2004, at 9:27 PM, Mike Turner wrote:
mime-attachment
:)
Back on topic
On Mar 16, 2004, at 9:27 PM, Mike Turner wrote:
I am currently looking for a statefull inspection firewall
that support asymmetric routing is there
67 matches
Mail list logo