This comes from Lauren Weinstein's list and it's worth a read.
It's a bill introduced into legislation, who knows where and when
and if it will become law but, wow.
http://lauren.vortex.com/Cyber-S-2009.pdf
I'll just give you a teaser:
SEC. 9. SECURE DOMAIN NAME ADDRESSING SYSTEM.
3 (a) INGEN
On Sat, Apr 4, 2009 at 2:33 PM, Jeff Young wrote:
> This comes from Lauren Weinstein's list and it's worth a read.
> It's a bill introduced into legislation, who knows where and when
> and if it will become law but, wow.
>
> http://lauren.vortex.com/Cyber-S-2009.pdf
Relying on Lauren to hear abou
I looked at the configurations yesterday on the routers. The vty line does not
have any "transport" line below it. All the routers showing "Rlogin enabled"
have similar configuration.
What are the default services that are enabled for vty on IOS 12.4? I know
there are only telnet, SSH and Rl
On 4/3/09, Subba Rao wrote:
>
> I did see a few false positives too with Nipper. What do you think about
> Router Audit Tool (RAT) instead?
RAT is the approved IOS security audit tool at $work, so it doesn't
matter what I think about it :)
But it is fairly nice ... as long as you keep in mind it
On 4/4/09, Subba Rao wrote:
> I looked at the configurations yesterday on the routers. The vty line does
> not have any "transport" line below it. All the routers showing "Rlogin
> enabled" have similar configuration.
>
> What are the default services that are enabled for vty on IOS 12.4? I kno
Read it again. It says all government networks and any network the
president deems vital, I'd have to assume that would at least be all
of the major backbones.
What's the point of picking on the source of the information? Sure
his list is moderated and a bit self-serving, that's why you r
Suresh Ramasubramanian wrote:
On Sat, Apr 4, 2009 at 2:33 PM, Jeff Young wrote:
This comes from Lauren Weinstein's list and it's worth a read.
It's a bill introduced into legislation, who knows where and when
and if it will become law but, wow.
http://lauren.vortex.com/Cyber-S-2009.pdf
On Sat, Apr 4, 2009 at 9:47 PM, Jeff Young wrote:
> Read it again. It says all government networks and any network the
> president deems vital, I'd have to assume that would at least be all of the
> major backbones.
Deeming something vital / critical has a whole lot of extra baggage
attached to
On Fri, 3 Apr 2009, Charles Wyble wrote:
This is probably a good time to remind the uninitiated to have some
secondary DNS with a totally separate company if your DNS is that
important to you.
Preferably with a provider that announces out of multiple ASN :)
AT&T and Akami both provide good di
On Sat, Apr 4, 2009 at 2:05 PM, Peter Beckman wrote:
> On Fri, 3 Apr 2009, Charles Wyble wrote:
>
> This is probably a good time to remind the uninitiated to have some
>>> secondary DNS with a totally separate company if your DNS is that
>>> important to you.
>>>
>>
>> Preferably with a provider
* Jeff Young:
> If only we knew: to achieve a secure DNS all you need to do is
> publish a notice in the Federal Register.
In the end, this is how we got many of our (non-public-key)
cryptographic algorithms, and people seem to be quite happy about
them.
* Peter Beckman:
> I can highly recommend DNSmadeEasy.com. Inexpensive, Anycasted, always
> fast and reliable. Good for primary and/or secondary, IMO, though it is
> sage advice to use two different providers if you are super ultra serious
> about never being down.
Or put some of your DNS s
> IMHO, fate-sharing as a strategy for increasing availability is
> somewhat underrated.
from rfc 2182
3.3. A Myth Exploded
An argument is occasionally made that there is no need for the domain
name servers for a domain to be accessible if the hosts in the domain
are unreachable. This
* Randy Bush:
>> IMHO, fate-sharing as a strategy for increasing availability is
>> somewhat underrated.
>
> from rfc 2182
Randy, I didn't write, "don't keep off-site name servers". I wrote,
"keep on-site name servers, even if you pay for off-site name
service".
> 3.3. A Myth Exploded
>
> But looking back at incidents such as the Zonelabs/Abovenet issue,
> your advice is correct for the network we have today.
as that rfc is over a decade old, i am not optimistic that change is
neigh .
and it is amusing to see
;; ANSWER SECTION:
harvard.edu.10794 IN NS ns
I suggest that we wait until the actual text of S.778 actually shows
up at http://thomas.loc.gov before reacting to hyperbolic analysis of
drafts not actually assigned to the Committee on Homeland Security and
Governmental Affairs. Although I am concerned with what has been
attributed to t
* Randy Bush:
>> But looking back at incidents such as the Zonelabs/Abovenet issue,
>> your advice is correct for the network we have today.
>
> as that rfc is over a decade old, i am not optimistic that change is
> neigh .
DNSSEC obscures quite a few failures which can hit secondaries. I
think
> The problem I have with both RAT and Nipper is they're geared towards
> security and I'm more interested in verifying that the routers are
> configured correctly. What kind of tools are people using for that?
> For an example of the type of thing I'm interested in, see
> filter_audit in the pres
Wrong bill. You want S.773, not S.778. There were two bills introduced
concerning cyber security. The one that has everybody talking is S.773.
S.778 concerns the creation of the Office of National Cybersecurity Advisor
within the Executive Office of the President.
S.773
Title: A bill to ensure
Guys,
are you having problems to validate DNSEC using ISC DLV?
Regards,
--
Marcelo Gardini do Amaral
www.spin.blog.br
--
$>cd /pub
$>more beer
On Sat, Apr 4, 2009 at 11:55 PM, Marcelo Gardini do Amaral
wrote:
>
> are you having problems to validate DNSEC using ISC DLV?
Yes, I had to disable DNSSEC validation a few hours ago to get DNS
resolution operating again.
--
Jeff Ollie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Apr 4, 2009 at 9:55 PM, Marcelo Gardini do Amaral
wrote:
> Guys,
>
> are you having problems to validate DNSEC using ISC DLV?
>
No idea, but I did see another reference to this over on the OARC dns-ops
list:
https://lists.dns-oarc.net/pipe
22 matches
Mail list logo
