Brian Bruns wrote:
Erm, something is definately up tonight. Message is below, for those of you
who didn't want to touch this message.
I can't get to the site listed in the message, so I have no idea what its
trying to deliver exactly.
Anyone care to comment?
SpamAssassin whacked it good -
X-Viru
Dan Hollis said:
> > federal interest site. thats automatic prison time, isnt it?
Alexei Roudnev replied:
> Of course, not - he is not from USA (more likely), the end.
> Why people believe, that this acts means ANYTHING? In
> Internet, they (acts) means NOTHING.
Unless, of course, she happens
>
> On Wed, 17 Mar 2004, Steve Linford wrote:
> > From Deep Throat, received 17/3/04, 21:10 + (GMT):
> > > Disturbing information on one of the founders of Spamhaus.org
> > > http://www.geocities.com/jackjack9872004/
> > Not just a load of BS, but posted to NANOG anonymously, through a
>
>
> And I think you have hit it right on the head...another line of defense.
> Everything I've ever read about security (network or otherwise) suggests
> that a layered approach increases effectiveness. I certainly don't trust
a
> firewall appliance as my only security device, so I also do pruden
>
> No. Quite apart from the fact that you mean "authorized", not
> "authenticated", the primary purpose of a firewall is to keep the bad
> guys away from the buggy code. Firewalls are the networks' response to
> the host security problem.
No. let's imagine, that I have 4 hosts, without ANY sec
[EMAIL PROTECTED] (TxRx Lists) writes:
> > One thing you may want to devote a bit more text to: what are typical
> > provisions for remote hands at these places?
that's one item. others are serial console access, remote power cycle,
whether an appointment/escort is required for on-site visi
Steven M. Bellovin wrote:
One thing you may want to devote a bit more text to: what are typical
provisions for remote hands at these places?
I agree, lack of interactive access to a system prior to a functional OS
being loaded always seemed like a potential problem area to me,
particularly f
FYI - if you're on windows machine DON'T TRY TO FOLLOW URL in that post
Somebody sent me a copy of the content and its vbscript that downloads an
image converts it into executable and then probably uses some bug in
microshit products to have it executed. I'm not that good with windows
scripti
Interesting, it does respond, albiet sporadically.. It contains the
usual stuff... a trojan..
It looks like a variant of Psyme.. *sigh*
-colin.
On 18/03/2004, at 4:33 PM, william(at)elan.net wrote:
Me thinks somebody has found a trapdoor in nanog mailsetup and is in
general out to get us
william(at)elan.net writes on 3/18/2004 11:03 AM:
Me thinks somebody has found a trapdoor in nanog mailsetup and is in
general out to get us ...
Have you, by any chance, heard of "bcc"? That isn't a bug, that's a
feature.
--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, ou
In message <[EMAIL PROTECTED]>, "william(a
t)elan.net" writes:
>
>
>Me thinks somebody has found a trapdoor in nanog mailsetup and is in
>general out to get us ...
>
>This one supposedely came from 203.18.63.43 (australia powerhous museum -
>phm.gov.au) and advertises page on ip 165.134.187.102
Me thinks somebody has found a trapdoor in nanog mailsetup and is in
general out to get us ...
This one supposedely came from 203.18.63.43 (australia powerhous museum -
phm.gov.au) and advertises page on ip 165.134.187.102 (saint louis
univerisity - slu.edu). "Connection refused" when I tried
In message <[EMAIL PROTECTED]>, Paul Vixie writes:
>
>http://www.vix.com/personalcolo/
>http://www.vix.com/personalcolo/
>http://www.vix.com/personalcolo/
>
>notes:
>
>(1) even in germany they call them "19 inch" racks, thus setting the clock
>back several decades.
>
>(2) i'm very interested i
http://www.vix.com/personalcolo/
http://www.vix.com/personalcolo/
http://www.vix.com/personalcolo/
notes:
(1) even in germany they call them "19 inch" racks, thus setting the clock
back several decades.
(2) i'm very interested in listing more non-US locations
(3) i'm interested in listing
Erm, something is definately up tonight. Message is below, for those of you
who didn't want to touch this message.
I can't get to the site listed in the message, so I have no idea what its
trying to deliver exactly.
Anyone care to comment?
--
Brian Bruns
The Summit Open Source Development Grou
Mailed out through an open proxy / hacked machine in some australian
museum, with a body that tries to load this html page -
http://24.84.218.164:81/641280.php
Page is hosted on a shawcable conection (probably another trojaned box)
that I can't seem to access, though the host is barely pingable
> "Sean" == Sean Donelan <[EMAIL PROTECTED]> writes:
>> Not just a load of BS, but posted to NANOG anonymously, through a
>> hijacked machine at 198.26.130.36 (The Pentagon) no less.
Sean> Has that actually been confirmed. Any machine associated with
Sean> the path could have been compr
In message <[EMAIL PROTECTED]>, Henry Linneweh
writes:
>
>--0-1103097329-1079567080=:87987
>Content-Type: text/plain; charset=us-ascii
>
>I believe under USC18 there is a section that clearly states hacking a governm
>ent computer can get you a maximum of 30 years in federal prison and a $250,00
[EMAIL PROTECTED] [17/03/04 17:34 +]:
> >The codes we use at present include:
> >127.0.0.1Listed in IADB
>
> Hmmm... listed in my /etc/hosts as well.
> Am I IADB compliant?
Am i missing something or isn't this a standard dns block / white list
implementation?
In message <[EMAIL PROTECTED]>, bill writes:
>> "the primary purpose of a firewall is to keep the bad
>> guys away from the buggy code. Firewalls are the networks' response to
>> the host security problem."
>
> a pretty good sound bite. :)
Thanks -- I've been using that line for about 10
On Wed, 17 Mar 2004, Steve Linford wrote:
> From Deep Throat, received 17/3/04, 21:10 + (GMT):
> > Disturbing information on one of the founders of Spamhaus.org
> >
> > http://www.geocities.com/jackjack9872004/
>
> Not just a load of BS, but posted to NANOG anonymously, through a
> hijacked
I believe under USC18 there is a section that clearly states hacking a government computer can get you a maximum of 30 years in federal prison and a $250,000.00 fine
Please correct me if that postscription of law has been vacated.
-Henry
Dan Hollis <[EMAIL PROTECTED]> wrote:
On Wed, 17 Mar 20
On Wed, Mar 17, 2004 at 03:01:50PM -0800, bill said something to the effect of:
> > "the primary purpose of a firewall is to keep the bad
> > guys away from the buggy code. Firewalls are the networks' response to
> > the host security problem."
>
> a pretty good sound bite. :)
>
> > Add
(On topic to nanog for a change...)
I'll be soon going through resetup of one of our primary hosting POPs
(moving to different DC and upstream provider) and as a result have
opportunity to make some changes to the configuration, etc and want to
set it up so there is standby backup available
> "the primary purpose of a firewall is to keep the bad
> guys away from the buggy code. Firewalls are the networks' response to
> the host security problem."
a pretty good sound bite. :)
> Add to that that you don't really know what's
> safe or unsafe, and that you have some service
Hi folks.
On a cisco AS5800, what are the parameters that could be tweaked to reduce
CPU utilization ?
With 360 active calls here's what i have:
NAS01-MTNDODS#sh proc cpu | exclude 0.00
CPU utilization for five seconds: 79%/17%; one minute: 81%; five minutes:
80%
PID Runtime(ms) Invoked
On Wed, 17 Mar 2004, Steve Linford wrote:
> From Deep Throat, received 17/3/04, 21:10 + (GMT):
> > Disturbing information on one of the founders of Spamhaus.org
> > http://www.geocities.com/jackjack9872004/
> Not just a load of BS, but posted to NANOG anonymously, through a
> hijacked mach
From Deep Throat, received 17/3/04, 21:10 + (GMT):
Disturbing information on one of the founders of Spamhaus.org
http://www.geocities.com/jackjack9872004/
Not just a load of BS, but posted to NANOG anonymously, through a
hijacked machine at 198.26.130.36 (The Pentagon) no less.
--
Steve
On Wednesday, March 17, 2004 5:57 PM [EST], william(at)elan.net
<[EMAIL PROTECTED]> wrote:
> I Just received this. I would like to check if others have received it
> and did it indeed come through nanog mailist:
>
>> Date: Wed, 17 Mar 2004 21:10:38 +
>> From: Deep Throat <[EMAIL PROTECTED]>
>
> > > net-co-op.org. ...
> >
> > Oh come on, what was .coop for if not this? :)
>
> People in the poultry business? :-)
chicken.coop was sought for by many, myself included.
The Director, Co-op Business Development and Member Services, National
Cooperative Business Association, and I are now
At 04:58 PM 17/03/2004, Alon Tirosh wrote:
I *think* I loaded the page in lynx before it got rate-limited, and lynx
flashed through a whole mess of fast redirects before faulting out. No
logs, unfortunately.
A safe way I find to examine potentially trojaned pages is via fetch (or wget)
fetch -o q
> From: william(at)elan.net [mailto:[EMAIL PROTECTED]
> I Just received this. I would like to check if others
> have received it and did it indeed come through nanog mailist
It came through NANOG, delivered from a Hotmail account that accepted it
from 198.26.130.36. Yes, that is a military IP,
On 17.03.2004 23:57 william(at)elan.net wrote:
And while the website was unavailable and the sender is being anonymous
(whichis against nanog list policies if this was sent through it), what I
do find worse is that they managed to do it so that [EMAIL PROTECTED] is not
added to "CC" (which if
Got it, came from nanog, originated from DISA (purportedly, anyways):
Received: from 198.26.130.36 by by13fd.bay13.hotmail.msn.com with HTTP;
Wed, 17 Mar 2004 21:10:38 GMT
#whois 198.26.130.36
OrgName:The Defense Information Systems Agency
OrgID: DISA
Address:DISA/DSSO/JCL
I Just received this. I would like to check if others have received it
and did it indeed come through nanog mailist:
> Date: Wed, 17 Mar 2004 21:10:38 +
> From: Deep Throat <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Spamhaus Exposed
>
> Disturbing information on one of the found
On Wed, 17 Mar 2004, Daniel Medina wrote:
>
> On Wed, Mar 17, 2004 at 02:01:43PM -0700, Janet Sullivan wrote:
> > Based on the response I've gotten off-list from people interested in
> > sharing our resources & know-how with each other, I've just registered
> > net-co-op.org. ...
>
> Oh come on,
Janet,
Since your note earlier today there have been just under 200 fetches of
the html.
I've written to Byron Henderson and asked him to help me with the coop
formation. He and I worked on the .coop sTLD proposal, and as I mention
I discussed member-owned colo coop with Carolyn Hoover of the NC
On Wed, Mar 17, 2004 at 09:48:30AM -0800, Kevin Oberman said something to the effect
of:
..snip snip..
> I dislike firewalls for many applications, although I have a Sonic Wall
> on my cable modem. On the whole, they lead to false belief that
> firewalls really make you safe. They also block many
On Wed, Mar 17, 2004 at 02:01:43PM -0700, Janet Sullivan wrote:
> Based on the response I've gotten off-list from people interested in
> sharing our resources & know-how with each other, I've just registered
> net-co-op.org. ...
Oh come on, what was .coop for if not this? :)
--
Daniel Medina
Disturbing information on one of the founders of Spamhaus.org
http://www.geocities.com/jackjack9872004/
_
Check out MSN PC Safety & Security to help ensure your PC is protected and
safe. http://specials.msn.com/msn/security.asp
On Wed, 2004-03-17 at 21:44, Bruce Pinsky wrote:
> Everything I've ever read about security (network or otherwise) suggests
> that a layered approach increases effectiveness. I certainly don't trust a
> firewall appliance as my only security device, so I also do prudent things
> like disable port
Based on the response I've gotten off-list from people interested in
sharing our resources & know-how with each other, I've just registered
net-co-op.org. In the next couple of days I'll set up a mailing list
and a basic web page.
Once the mailing list is set up, I'll post another message to N
> > 127.3.100.3 Accepts unverified sign-ups, gives chance to opt out
>
> > 127.3.100.5 Has opt-in confirmation mechanism
> > 127.3.100.6 Has and uses opt-in confirmation mechanism
>
> > 127.3.100.10 All mailing list mail is confirmed opt-in
>
> Hmm..
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Erik Haagsman wrote:
| On Wed, 2004-03-17 at 21:02, Petri Helenius wrote:
|
|>No, the applications should accept only authorized connections. If that
|>would be the case, there would be no need to filter at packet level.
|
|
| No, since this would be a
In message <[EMAIL PROTECTED]>, Petri Helenius writes:
>
>>
>No, the applications should accept only authorized connections. If that
>would be the case, there would be no need to filter at packet level.
>
No. Quite apart from the fact that you mean "authorized", not
"authenticated", the prima
On Wed, Mar 17, 2004 at 12:19:53PM -0500, Eric Gauthier said something to the effect
of:
>
> > > _Everyone_ (network connected) should have a firewall. My grandma should
> > > have a firewall. Nicole, holding dominion over this business network and
> > > its critical infrastructure, should _
** Reply to message from Gerald <[EMAIL PROTECTED]> on Wed, 17 Mar 2004
14:22:25 -0500 (EST)
> On Wed, 17 Mar 2004, Jonathan M. Slivko wrote:
>
>
>
> > I look forward to talking to you soon.
>
> > Jonathan M. Slivko [EMAIL PROTECTED]
> > Sales/Network Operations Invisible Ha
On Wed, 2004-03-17 at 21:02, Petri Helenius wrote:
> No, the applications should accept only authorized connections. If that
> would be the case, there would be no need to filter at packet level.
No, since this would be assuming that each application is perfect and
there's no such thing as buffe
"Firewall" refers to access control. Firewall appliances are dedicated
machines that perform firewall functions.
ACLs on many router platforms are called firewalls. Juniper calls them
"firewall filters."
My personal context was covered in a reply I sent earlier in this thread
that read:
"Fir
Guys...firewall is as generic a term as any. Saying grandma needs a
router does not mean that an M20 is interchangeable with her Linksys.
The definition of firewall[1]:
1. A fireproof wall used as a barrier to prevent the spread of fire.
2. Computer Science. Any of a number of security schemes
Rachael Treu wrote:
_Everyone_ (network connected) should have a firewall. My grandma should
have a firewall. Nicole, holding dominion over this business network and
its critical infrastructure, should _definitely_ have a firewall. ;)
No, the applications should accept only authorized conn
On Wed, Mar 17, 2004 at 02:01:59PM -0500, Matthew Silvey said something to the effect
of:
> On Wed, Mar 17, 2004 at 11:57:33AM -0600, Rachael Treu wrote:
> >
> > As for your assertion that firewalls "reduce the overall security of the
> > 'net."...can you please elaborate on that, as well? Oth
I've a core switch (cisco 5505) with 10+ VLANs configured on that and a
cisco 7204 directly connected to it. 7204 then connects to my upstream and
we run BGP. we announce two different /21 blocks and was fine until last
week.
We got new /20 IP block and we advertised it (added to 7204 config).
Ev
On Wed, 17 Mar 2004, Jonathan M. Slivko wrote:
> I look forward to talking to you soon.
> Jonathan M. Slivko [EMAIL PROTECTED]
> Sales/Network Operations Invisible Hand Networks, Inc.
I am currently doing a little of both sales/network admin at my company
which competes dire
Not _firewalling_, but access limitation. Grandma can live with PNAT
router - she do not need any firewall, if she do not grant external access
to anything. She can live with Windows _default deny_ setting. If grandma
have extra money, it is better to purchase anty-virus.
Moreover. Just for _gh
Folks,
We are now up and running at the LINX (London Internet
Exchange) and would like to invite folks at the LINX to
peer with route-views. You can get to the open CLI via
'telnet route-views.linx.routeviews.org' (of course,
nothing much there yet)
Mike Damm wrote:
That being said, I've had the idea for a couple years now of getting enough
geeky folks together to rent a rack on both coasts and populate it with a
few different operating systems and bits of gear for just the reasons
outlined in this thread.
So if you decide to put something to
Depending on your chosen vendor the ACL cost is unlikely to be $0 - if you
steal CPU cycles from packet forwarding then you incur earlier router
upgrade costs and that has a NPV cost increase associated with it. It's just
not as obvious as a invoice for a firewall.
Matt.
-Original Message--
Hello Janet/List -
First, allow me to introduce myself, my name is Jonathan M. Slivko and I
work for InvisibleHand Networks, Inc. (http://www.invisiblehand.net).
Currently, we offer colocation and bandwidth services in the New
York/New Jersey market (Telehouse and Equinix to be precise). The re
On Wed, 17 Mar 2004, Janet Sullivan wrote:
> How would this vetting process work? I'm willing to give other nanog
> folks shell accounts on my machine in return for same, but I really
> don't want to hand out accounts to packet kiddies.
Restrict it to people you've met or spoken to enough to th
I have been aching for this now for about six years. In every
professional setting I've ever been in, a need for this kind of thing
arises and my advice to my employer/client is always the same: pay the
$x per month for a colo server for your network/system engineers to use
as an outpost for eme
>
>
> On Wed, Mar 17, 2004 at 08:54:57AM -0800, bill said something to the effect of:
> > > > The best option I guess is to figure out how important it is for you to have a
> > > > firewall,
> > >
> > > _Everyone_ (network connected) should have a firewall. My grandma should
> > > have a fi
> Date: Wed, 17 Mar 2004 11:57:33 -0600
> From: Rachael Treu <[EMAIL PROTECTED]>
> Sender: [EMAIL PROTECTED]
>
>
> On Wed, Mar 17, 2004 at 08:54:57AM -0800, bill said something to the effect of:
> > > > The best option I guess is to figure out how important it is for you to have a
> > > > firew
>The codes we use at present include:
>127.0.0.1Listed in IADB
Hmmm... listed in my /etc/hosts as well.
Am I IADB compliant?
It's interesting to see how everyone tries to
reinvent LDAP on top of DNS and/or BGP instead of
just using the LDAP protocol itself. Som
Hi,
Federal agencies aren't doing enough to secure their
network systems, even as documented cyber-attacks
against the U.S. government continue to dramatically
rise, U.S. Rep. Adam Putnam (R-FL) said Thursday.
For more info check
http://www.internetnews.com/infra/article.php/3327081
Thanks,
-
> > _Everyone_ (network connected) should have a firewall. My grandma should
> > have a firewall. Nicole, holding dominion over this business network and
> > its critical infrastructure, should _definitely_ have a firewall. ;)
By "firewall", do you mean "dedicated unit that does statefull fi
>> _Everyone_ (network connected) should have a firewall.
>Why?
Every network-connected device should have a security layer.
Firewalls provide a nice modular security layer and they
are cheap compared to the devices/networks that they protect.
> When did the end2en
On Wed, Mar 17, 2004 at 08:54:57AM -0800, bill said something to the effect of:
> > > The best option I guess is to figure out how important it is for you to have a
> > > firewall,
> >
> > _Everyone_ (network connected) should have a firewall. My grandma should
> > have a firewall. Nicole, h
Stephen J. Wilcox wrote:
if the market for this is nanog and you're just looking for smtp/shell surely we
can manage this between ourselves without charge (ask your nanog buddy for a
shell as a favour).. I know I can and will do this
Well, I do have motives beyond outbound smtp.
I actually looke
Also, the pricing seems a bit whacked - are you *really* expecting
sites that
have less than 30 customers to pay $200/month? I know a *lot* of
people
who have formed collectives of 10-15 people who chip in and get a 1U at
a colo
They are not email service providers; if you are talking abo
On Wed, 17 Mar 2004 01:48:45 PST, "Anne P. Mitchell, Esq." <[EMAIL PROTECTED]> said:
> 127.3.100.3Accepts unverified sign-ups, gives chance to opt out
> 127.3.100.5Has opt-in confirmation mechanism
> 127.3.100.6Has and uses opt-in confirmation mechanism
> 127
> > The best option I guess is to figure out how important it is for you to have a
> > firewall,
>
> _Everyone_ (network connected) should have a firewall. My grandma should
> have a firewall. Nicole, holding dominion over this business network and
> its critical infrastructure, should _def
On Tue, Mar 16, 2004 at 05:01:22PM -0600, Gregory Taylor said something to the effect
of:
..snip snip..
> As discussed in a previous thread, I spoke about transparent bridging used for
> packet filtering and mangling. On a small application, that might be a good idea,
> because you get all of
Netscreen rocks. They are record-breakingly sexy devices running the gamut
as far as networks they can be configured to service and they burlier beasties
are easily worthy of deployment on a carrier class network.
However, if you're looking to drop small change on a product that will not
be requ
thanks. but I use 127.0.0.0/8 for other stuff. Hope you don't mind.
> For those interested in seeing how this has evolved, and what exactly
> this particular accreditation database provides, our query pages have
> been expanded, and include a link to the full suggested DNSL data
> response c
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Dear All,
The RIPE NCC is pleased to announce that the Routing Information
Service's (RIS) second Remote Route Collector in North America,
RRC11, is now ready to peer with members at the New York
International Internet Exchange (NYIIX). The collect
On Tue, 2004-03-16 at 21:27, Mike Turner wrote:
>
> I am currently looking for a statefull inspection firewall
> that support asymmetric routing – is there such a product?
Sounds like you are looking for an SI firewall that supports full load
balancing, not just high availability. FW-
For those interested in seeing how this has evolved, and what exactly
this particular accreditation database provides, our query pages have
been expanded, and include a link to the full suggested DNSL data
response codes.
The codes we use at present include:
127.0.0.1Listed in
Sean,
SD> ... A long-term end-to-end
SD> identifier would let me immediately drop the specific infected computer's
SD> traffic regardless of its rotating IP addresses, even if your abuse
What is to prevent rapid changes to the identifier, even more easily
than rapidly changing IP addresses?
I
On Tue, 16 Mar 2004 [EMAIL PROTECTED] wrote:
> If you are asking for stateful filtering for a firewall that sees only
> one-way conversation, it does not exist and cannot exist, by definition.
On a purely theoretical level, I'll disagree.
A stateful inspection firewall needs to know about the p
83 matches
Mail list logo