/www.telegraph.co.uk/world-news/2022/04/27/internet-multiple-cities-across-france-suspected-sabotage/
Cheers,
- ferg
--
Paul Ferguson
Tacoma, WA USA
Illegitimi non carborundum.
ea why this change was made? Is the DoD
planning on actually legitimately putting services on the space soon
instead of using it as a giant honeypot? Or maybe even selling it?
Thanks,
Rich
--
Paul Ferguson
Tacoma, WA USA
Illegitimi non carborundum.
upon that foundation, for the betterment of the Internet community as a whole.
Once Don’s family have established plans for his memorial, they will be posted
here.
Roland Dobbins
--
Paul Ferguson
Tacoma, WA USA
Illegitimi non carborundum.
anks in advance,
- - ferg
- --
Paul Ferguson
Seattle, WA USA
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAl1i4CEACgkQKJasdVTchbJVHAEA0s7Ej73VPQth2Rho4xwTnv8e
qQFJ6SB+qulM1HFHoUgA/RXAL1BFJC3wq9GsXYJ4sqLSrje/gPm1JzVMeEJMTGlQ
=r3mY
-END PGP SIGNATURE-
fit is burning
>
> through quite a bit of stolen credentials.
>
> Richard Golodner
>
> Infratection
>
It's Emotet (again).
Cheers,
- ferg
--
Paul Ferguson
Principal, Threat Intelligence
Gigamon
Seattle, WA USA
> On May 29, 2019, at 9:14 AM, Niels Bakker wrote:
>
> * fergdawgs...@mykolab.com (Paul Ferguson) [Wed 29 May 2019, 18:04 CEST]:
>> This is apparently (?) part of a wave of spoofed malspams impersonating
>> messages with ‘weaponized' attachments sent to the NANOG (North
/pipermail/nanog/2019-May/101140.html
Details:
Date: Wed, 29 May 2019 10:03:04 -0500
From: "NANOG"
To: "Paul Ferguson"
Subject: Mykolab Ref Id: I32560
X-Authenticated-Sender: s214.panelboxmanager.com
Return-Path:
Attachment: "ATTACHMENT 654860 I32560.doc"
MD5:49fbc31d
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 4/24/2019 10:07 PM, Anne P. Mitchell, Esq. wrote:
> Just ran into packetstream.io:
>
> "Sell Your Unused Bandwidth
>
> Earn passive income while you sleep
>
What could possibly go wrong? :-)
- - ferg
- --
Paul Fer
ecause you are subscribed to
>> the ARIN Announce Mailing List (arin-annou...@arin.net).
>> Unsubscribe or manage your mailing list subscription at:
>> https://lists.arin.net/mailman/listinfo/arin-announce
>> Please contact i...@arin.net if you experience any issues.
—
Paul Ferguson
Principal, Threat Intelligence
Gigamon
Seattle, Washington, USA
signature.asc
Description: Message signed with OpenPGP
d consumer’s computer gets pwned, there’s nothing
really stopping a criminal from registering any sort of domain/hostname and
pointing a DNS A record at it. In fact, that’s pretty routine. But the aspect
that it could be a DGA is a bit more difficult insofar as planning and
logistics, but no
info and how
to use it to change it or unsubscribe from a list.
[...]
- --
Paul Ferguson
ICEBRG.io, Seattle USA
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlpz4g8ACgkQKJasdVTchbIYkwD/YKFV2FP6R+Ow0o2HuiWfAD/H
+7s2kWMowu0L3rpu1ssA/j+NTaDvydw99/BHG3ZAfj8XYItxDU8zYC976kS81AvF
=Rexp
d, for a lot of personal e-mail
communications. They are very, very privacy conscious:
- --> https://kolabnow.com/feature/confidence
They are *not* free, but quite reasonable, and I am quite happy with the
m.
- - ferg
- --
Paul Ferguson
ICEBRG.io, Seattle USA
-BEGIN PGP SIGNATURE-
Ve
001. http://www.neebu.net/~khuon/abha/
>
> Sigh.
>
- --
Paul Ferguson
ICEBRG.io, Seattle USA
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlnj8i8ACgkQKJasdVTchbIlkwD/ZvveS3X+xLlanPe1VuLb88eu
WfPsP69wcm8sr+V5TpABAKBUv7+KSuo8EITlhOiq2Rp1caQl6FarxbXIi6KH1hvU
=cdBp
-END PGP SIGNATURE-
t; manage to get many domain registrars and somtimes even domain registries
> to lift a finger to help. Even some of us international law enforcement
> guys, who have badges and everything, were also told to go pound sand by
> several of the world's worst and most unhelpful registrars and regi
r!
Cheers,
- - ferg
- --
Paul Ferguson
ICEBRG.io, Seattle USA
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlgK2ukACgkQKJasdVTchbJDywD/frHeNpPnlwT1ddgh4kZyi5MJ
YkH5lbx41an0WNpg3NAA/043VNnfKK5JQ7+dCsXyx8LEno8aIoIPvIvPGsWyjY50
=HMfV
-END PGP SIGNATURE-
not much point to running an internet
> business website anymore.
>
Don't let the perfect be the enemy of the good.
- - ferg (BCP38 instigator)
- --
Paul Ferguson
ICEBRG.io, Seattle USA
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlgKunAACgkQKJasdVTchbJJCQD+N6cosKffmfTqERBJ8q3
> On Sep 26, 2016, at 7:47 AM, Stephen Satchell <l...@satchell.net> wrote:
>
> On 09/26/2016 07:11 AM, Paul Ferguson wrote:
>> No -- BCP38 only prescribes filtering outbound to ensure that no
>> packets leave your network with IP source addresses which are not
>
No -- BCP38 only prescribes filtering outbound to ensure that no packets leave
your network with IP source addresses which are not from within your legitimate
allocation.
- ferg
On September 26, 2016 7:05:49 AM PDT, Stephen Satchell
wrote:
>Is this an accurate thumbnail
use of this message, its contents or any
> attachments is prohibited. Any wrongful interception of this message is
> punishable as a Federal Crime. If you have received this message in error,
> please notify the sender immediately by telephone (800) 801-2300 or by
> electronic mail at postmas...@warnerpacific.com.
—
Paul Ferguson
ICEBRG.io
Seattle, Washington, USA
signature.asc
Description: Message signed with OpenPGP using GPGMail
alk about this,
>> the only response is to say "call your ISP and have them turn off
>> the VPN software they've added to your account". And they
>> absolutely refuse to escalate. Even if you tell them that you are
>> essentially your own ISP.
>>
>&
al" network issues
>> then we would of heard of injuries before.
>
> I think that line refers to drone operators ...
>
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PG
Be careful in your search for RATs -- in the security world it also stands for
Remote Access Trojan. :-)
- ferg
On October 29, 2015 3:06:23 PM EDT, Jesse McGraw wrote:
>Historically there was RAT (Router Audit Tool). You'll have to do some
>
>googling to see where it's
Hey!
New message, please read <http://bambooco.ru/life.php?gasg>
Paul Ferguson
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 9/30/2015 8:25 PM, Jay Ashworth wrote:
> Guessing no one cares.
Darwinism.
- - ferg
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Vers
the time to check. You would need to capture
> the MD5 from a known good image, and watch for changes.
>
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIA
.
That is sometimes more of an art than a science. :-)
- - ferg
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlXJT7EACgkQKJasdVTchbJXoQD+Mhyy7gwtMkp+mdaEUiqvwlWe
to make use. Spamhaus ever attend a NANOG meetings ?
Thank You Bob Evans CTO
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlW5DBsACgkQKJasdVTchbIznQD/ac
. Spamhaus ever attend a NANOG meetings ? Thank You
Bob Evans CTO
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlW5C
for yourself.
Alan Moore.
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlW3r+EACgkQKJasdVTchbLmuAEAhUYZUBE2KtIqoyKZmZmb2svp
NTBKe3jCyYdYOfwkr+MBAIgDqQ97YzIgsWPv
frustrating.
- - ferg
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
iF4EAREIAAYFAlWnA/oACgkQKJasdVTchbJAWAD8DhRq1QlPZlZhH8Apr66od+NU
Tz8F1bLqu6+3dymwNJEBANjyOh0jwwHhIZk1hOy
-intrusion-and-surv
eillance-items
manning bmann...@karoshi.com PO Box 12317 Marina del Rey, CA
90295 310.322.8102
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2
, I am still looking for a reaction.
Eddi:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cis
co-sa-20141008-asa
- - ferg
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE
...@gmail.com wrote:
http://www.reuters.com/article/2015/07/08/us-ual-flights-idUSKCN0PI1
IX20150708
At least, that's what I just heard on the radio. I know no other details
.
Regards Marshall Eubanks
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8
in amateur investigation: an early opinion will lead
you into confirmation bias, irrationally accepting data agreeing
with your opinions and rejecting that disproving it.
-mel beckman
On Jul 8, 2015, at 10:07 AM, Paul Ferguson
fergdawgs...@mykolab.com wrote:
NYSE: The issue we
for various applications. We fixed the router.
https://twitter.com/barronstechblog/status/618816643821633536
- - ferg
On 7/8/2015 9:36 AM, Paul Ferguson wrote:
All completely coincidental networking issues, not related to
anything malicious.
- ferg
On 7/8/2015 9:26 AM, Matthew Huff wrote
/256th of
that.
Pop history: 640k should been enough for anyone...
http://archive.wired.com/politics/law/news/1997/01/1484
- - ferg
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 7/8/2015 6:51 PM, Mel Beckman wrote:
This is where we have to excise our IPv4 fear of waste reflex.
Excise or exercise? I am partially serious.
- - ferg
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8
---BeginMessage---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Does anyone any else find it weird that the last dozen or so messages
from the list have been .eml attachments?
Or is it just me?
- - ferg
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 5/7/2015 7:23 PM, Paul Ferguson wrote:
I'm on a gazillion lists, and this is the only one which seems to
have this particularly annoying problem.
And fixed!
Apologies for the noise.
- - ferg
- --
Paul Ferguson
PGP Public Key ID
and everyone is being treated as a DMARC
encumbered sender.
I'm on a gazillion lists, and this is the only one which seems to have
this particularly annoying problem.
- - ferg
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
://www.channel4.com/news/spy-cable-revealed-how-telecoms-firm-worked-with-gchq
My question is this: Do willful actions such as these violate peering,
transit, and/or exchange agreements in any way?
Thanks,
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
Key fingerprint
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 11/21/2014 7:07 AM, Daniel Corbe wrote:
Paul Ferguson fergdawgs...@mykolab.com writes:
I'll apologize up front if this offends anyone's sensitivities as
to what is relevant for list conversation... but one sentence in
this Channel4 News
[mailto:nanog-boun...@nanog.org] On Behalf Of Paul Ferguson Sent:
Friday, November 21, 2014 7:59 AM To: NANOG Subject: Transit,
Exchange Point Agreements, and Acceptable Use?
I'll apologize up front if this offends anyone's sensitivities as
to what is relevant for list conversation... but one
2014 09:28:45 +
From: l.w...@surrey.ac.uk
To: i...@ietf.org
http://blog.bimajority.org/2014/09/05/the-network-nightmare-that-ate-my-week/
Interesting scaling concerns...
Lloyd Wood
http://about.me/lloydwood
[end]
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID
. :-)
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iF4EAREIAAYFAlQJyEYACgkQKJasdVTchbIF0QD9FFwhgIKz7ssn9olaQHhIO6rO
/~yuksem
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 9/5/2014 12:49 PM, valdis.kletni...@vt.edu wrote:
On Fri, 05 Sep 2014 12:38:13 -0700, Paul Ferguson said:
The principle questions still stand unanswered:
What is the motivation for this? What do you gain? Does it create
some large
a reference at the moment
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
iF4EAREIAAYFAlPrcJ8ACgkQKJasdVTchbINbAD9FKCQYHW2QTHrUB7NFOzJMpAx
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Apologies for replying to my own post, but... below:
On 8/13/2014 7:05 AM, Paul Ferguson wrote:
On 8/13/2014 6:52 AM, Warren Kumari wrote:
Am I overly cynical, or does this all work out perfectly for
some vendors? I'm guessing that a certain
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 8/13/2014 11:09 AM, joel jaeggli wrote:
On 8/13/14 8:55 AM, Paul Ferguson wrote:
Apologies for replying to my own post, but... below:
On 8/13/2014 7:05 AM, Paul Ferguson wrote:
p.s. I recall some IPv6 prefix growth routing projections
that ISO has a
procedure for determining which entities should be and should not be
on that list. - Jon Postel, RFC 1591
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE
,
Adam
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
Key fingerprint: 19EC 2945 FEE8 D6C8 58A1 CE53 2896 AC75 54DC 85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Interesting development.
http://techcrunch.com/2014/05/21/dyn-acquires-internet-intelligence-service-renesys/
FYI,
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version
, then call it the faster lane or the uncongested lane or
something that actually reflects bias and preferential treatment. It's
a done deal now:
http://www.washingtonpost.com/blogs/the-switch/wp/2014/05/15/fcc-approves-plan-to-allow-for-paid-priority-on-internet
FYI,
- - ferg
- --
Paul Ferguson
VP
for Flash on my Mac.
Owen
On May 15, 2014, at 10:17 AM, Paul Ferguson
fergdawgs...@mykolab.com wrote:
On 5/15/2014 10:06 AM, Ryan Brooks wrote:
It's a shame the use of 'fast lane' is ubiquitous in this
argument. If the local distribution networks would like to
actually build something fast
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlNyHw4ACgkQKJasdVTchbLwDgD/WVHo2iTapJ90l8MRcwUZ5OQ7
permission to remediate.
On Tue, May 13, 2014 at 3:33 PM, Paul Ferguson
fergdawgs...@mykolab.com mailto:fergdawgs...@mykolab.com
wrote:
I realize that New Zealand is *not* in North America (hence
NANOG), but I figure that some global providers might be interested
here.
This sounds rather
on anyone using them. Yet what the NSA's
documents show is that Americans have been engaged in precisely the
activity that the US accused the Chinese of doing.
Much more:
http://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-us-internet-routers-snowden
Enjoy!
- - ferg
- --
Paul
) OpenSSL 1.0.0 branch is
NOT vulnerable OpenSSL 0.9.8 branch is NOT vulnerable
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net
* to send mail. I migrated all of
my personal e-mail off of free webmail platforms some time ago to a
paid service (e.g. If you are not paying for a service, you are the
product.).
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE
.
It is very easy for some to forget that not everyone has a gigabit
fiber connection to their homes with ARIN assigned IPv4/IPv6 blocks
announced over BGP. Some of us actually have to make do with
(sometimes very) limited budgets and what the market is offering us
and has made available.
- --
Paul
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 3/25/2014 2:38 PM, Elizabeth Zwicky wrote:
Local policy, sure; local DMARC policy, wait what?
My goof. Apparently just local policy sans DMARC.
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN
. Most people would say
that was unreliable even before knowing you're talking about IPv6
instead of IPv4. shrug
Also, please do *not* expect folks to toss anti-spam measures out the
window just because they might move to v6.
That would be naive.
- - ferg
- --
Paul Ferguson
VP Threat
**
route-viewssho ip bgp 59.229.189.0
% Network not in table
route-views
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 3/24/2014 2:13 PM, Paul Ferguson wrote:
On 3/24/2014 1:53 PM, Christopher Morrow wrote:
On Mon, Mar 24, 2014 at 4:49 PM, greg whynott
greg.whyn...@gmail.com wrote:
59.229.189.0
$ whois -h whois.cymru.com 59.229.189.0 AS | IP
compasses. And as Randy Bush always like to
say (paraphrased), I encourage my competitors to dismiss customer
concerns over IPv6 migration.
Cheers,
- - ferg
On 3/24/2014 6:18 PM, Owen DeLong wrote:
On Mar 23, 2014, at 2:45 PM, Paul Ferguson
fergdawgs...@mykolab.com wrote:
-BEGIN PGP
) to move to IPv6 while
their IPv4 networks work just fine.
Also, IPv6 introduces some serious security concerns, and until they
are properly addressed, they will be a serious barrier to even
considering it.
$.02,
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 3/23/2014 2:27 PM, Timothy Morizot wrote:
On Mar 23, 2014 11:27 AM, Paul Ferguson
fergdawgs...@mykolab.com mailto:fergdawgs...@mykolab.com
wrote:
Also, IPv6 introduces some serious security concerns, and until
they are properly addressed
-announce/current/msg12562.html
[4] http://1net-mail.1net.org/mailman/listinfo/discuss
[5]
http://blogs.cisco.com/gov/cisco-supports-u-s-department-of-commerce-decision-to-transition-internet-management-functions/
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID
spend money with digital ocean. :)
You should too.
uhh, no. It's the 21st century. I prefer to spend my money with
those that, at a bare minimum, provide IPv6.
-Jim P.
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE
be interesting
to have a matrix of which CPEs utilize which reference
implementation. That may start giving some clues.
Has someone / is someone doing this?
- merike
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version
useful than trying to
push the tide back with a teaspoon.
Yes, udp is here to stay, and I quote Randy Bush on this, I encourage
my competitors to block udp. :-p
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG
on tracking back spoofed packets and reporting the attacks, and
securing devices.
- Jared
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http
is to deny any
spoofed traffic from abusing these services altogether. NTP is not the
only one; there is also SNMP, DNS, etc.
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/14/2014 3:00 PM, Larry Sheldon wrote:
On 2/14/2014 12:42 PM, Paul Ferguson wrote:
Taken to the logical extreme, the right thing to do is to deny
any spoofed traffic from abusing these services altogether.
Since the 1990s I have argued
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/14/2014 4:09 PM, Joe Provo wrote:
On Fri, Feb 14, 2014 at 10:42:55AM -0800, Paul Ferguson wrote:
[snip]
Taken to the logical extreme, the right thing to do is to deny
any spoofed traffic from abusing these services altogether. NTP
spoofing should be encouraged.
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net
out and script
them for automation.
Can someone suggest a way out for this within IPTables or may be
some other open source firewall?
Thanks.
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/5/2014 7:06 PM, Jimmy Hess wrote:
The last-mile is the best possible place to filter, without
breaking things.
I could not agree more. :-)
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/5/2014 7:35 PM, Mark Andrews wrote:
In message 52f2ff98.2030...@mykolab.com, Paul Ferguson writes:
On 2/5/2014 7:06 PM, Jimmy Hess wrote:
The last-mile is the best possible place to filter, without
breaking things.
I could not agree
motivate some younger, brighter, ingenious people
who have not been tilting at this for 15 years to consider new ways to
approach this problem. :-) -- Smiley!
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22
,
- - ferg
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlLxLL4ACgkQKJasdVTchbJ95AEAm5GcMZUKvy5WDjycH8f4C4Dq
7t1inFCPmGhbmo
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 2/4/2014 10:47 AM, valdis.kletni...@vt.edu wrote:
On Tue, 04 Feb 2014 10:09:02 -0800, Paul Ferguson said:
I'd like to echo Jared's sentiment here -- collectively
speaking, service providers need to figure out a way to deal with
this issue
if it is, not all of the customers
do BGP, some are just stub networks.
If we could figure out a reasonable way (i.e., one that the
customers might be willing to implement) to handle this, it'll make
BCP38 a lot more doable.
BCP84? :-)
- - ferg
- --
Paul Ferguson
VP Threat Intelligence
a lot of kicking.
$.02,
- - ferg (co-author of BCP38)
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net
with the provider, although with it being the
weekend, I have doubts it'll be a quick resolution. I'm sure its a
strange knee-jerk response to the monlist garbage. Still, stopping
time without warning is Uncool, Man.
-- Jonathan Towne
- --
Paul Ferguson
VP Threat Intelligence, IID
PGP Public Key
moved to Domain Discover almost immediately... but this seems
*wildly* over the top.
How many domains do *you* have?
Cheers,
-- jra
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http
#7880 - Network Engineering -
j...@impulse.net Impulse Internet Service -
http://www.impulse.net/ Your local telephone and internet company
- 805 884-6323 - WB6RDV
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment
of either RADb or Level3)?
Thanks in advance, --Blake
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iF4EAREIAAYFAlLW/kkACgkQKJasdVTchbJL0AD/eU
attacking (but whole
world).
That does *not* make it an unworthy goal, nor should it stop people
from encouraging it's implementation.
- - ferg (co-author of BCP38)
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.22 (MingW32)
Comment: Using GnuPG
, it is logical to make those ports default
to RA allowed while defaulting to not allowing RAs from other ports
by default.
Some people do not want switches making IP address assignments. That's
all. :-)
- - ferg
- --
Paul Ferguson
PGP Public Key ID: 0x54DC85B2
-BEGIN PGP SIGNATURE-
Version
not to include default route in the
configuration for DHCPv6, and it's long overdue.
As I’ve said before, if we’re going to bother doing it, we should just include
RIO options, but otherwise, I agree with you.
Owen
--
Paul Ferguson
PGP Public Key ID: 0x63546533
SIGNATURE-
--
Paul Ferguson
PGP Public Key ID: 0x63546533
are these Cisco devices manufactured?
- - ferg
-BEGIN PGP SIGNATURE-
Version: PGP Desktop 10.2.0 (Build 2317)
Charset: utf-8
wj8DBQFSw1z/q1pz9mNUZTMRAvbIAKCYZn3slg1wMak/nlc/hb3ZHkS29wCg3ucb
OJTl+SLgBtQDMGi+cTdDRtQ=
=VAdw
-END PGP SIGNATURE-
--
Paul Ferguson
PGP Public Key ID: 0x63546533
-
--
Paul Ferguson
PGP Public Key ID: 0x63546533
poor at first.
-BEGIN PGP SIGNATURE-
Version: PGP Desktop 10.2.0 (Build 2317)
Charset: utf-8
wj8DBQFSqhvyq1pz9mNUZTMRAiXgAKCDaQ1KmlVCjXKffz0bVmHRGpbwxgCfXEk7
tHQx8SXtY/xNFLm2L3Uu8x8=
=tTIW
-END PGP SIGNATURE-
--
Paul Ferguson
PGP Public Key ID: 0x63546533
at the
route-views data. Most recently the past two days 701 has done a large MITM of
traffic.
In other news, you can go read the other thread on this that happened already.
http://mailman.nanog.org/pipermail/nanog/2013-November/062257.html
- Jared
--
Paul Ferguson
PGP Public Key ID: 0x63546533
)
Charset: utf-8
wj8DBQFShq/fq1pz9mNUZTMRArY9AJ4xUozLVnzPsMUPTuYPpFpjm0mZswCfcT/r
H/jH8L1Hk1Ra4/CYkRF3KRc=
=kPz+
-END PGP SIGNATURE-
--
Paul Ferguson
Vice President, Threat Intelligence
IID, Tacoma, Washington USA
PGP Public Key ID: 0x63546533
IID -- Connect and Collaborate
PGP SIGNATURE-
Version: PGP Desktop 10.2.0 (Build 2317)
Charset: utf-8
wj8DBQFSXJwqq1pz9mNUZTMRAkJKAKCGLnO9qEGXv5LIKxCBiZhwf7HwHQCggksf
Fn3GhVzeKyHG5cSc7y5GXJw=
=Gtw1
-END PGP SIGNATURE-
--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington USA
wj8DBQFSVYDTq1pz9mNUZTMRArDeAJ44GjAt1uzY4++dKDmrPWhBfm3a2wCcCqGB
w6FrRdogRvpTomaMdcqO9hU=
=OMUq
-END PGP SIGNATURE-
--
Paul Ferguson
Vice President, Threat Intelligence
Internet Identity, Tacoma, Washington USA
IID -- Connect and Collaborate -- www.internetidentity.com
1 - 100 of 322 matches
Mail list logo