RE: Root Server DDoS Attack: What The Media Did Not Tell You
Good Morning Joe, everyone -Original Message- From: Joe Baptista [mailto:[EMAIL PROTECTED]] Sent: 25 November 2002 18:50 To: Joe Touch Cc: Paul Vixie; [EMAIL PROTECTED] Subject: Re: Root Server DDoS Attack: What The Media Did Not Tell You I always support my allegations. Proof of Hi-jacking GO HERE the email: http://www.law.miami.edu/~froomkin/articles/icann-notes.htm#F175 the event: http://www.law.miami.edu/~froomkin/articles/icann-body.htm#B175 regards Joe Baptista Having taken the time to read this document in it's entirety I don't actually see your name mentioned. So please forgive my ignorance of Internet history and please explain to us mortals not involved in running the Internet, where your involvement was. Many thanks Sean Jones
RE: Palladium (TCP/MS)
Good Morning Valdis -Original Message- From: [EMAIL PROTECTED] [mailto:Valdis.Kletnieks;vt.edu] Sent: 29 October 2002 15:39 To: Sean Jones Cc: [EMAIL PROTECTED] Subject: Re: Palladium (TCP/MS) You're close. You'd want this for multihomed servers, so a PTR query works as you'd expect. Consider this case: www.big-corp.com A 10.0.0.10 A 192.186.10.10 mail.big-corp.com A 10.0.0.10 A 172.16.23.10 Then you'd want to have PTRs as follows: 192.168.10.10 PTR www.big-corp.com 172.16.23.10 PTR mail.big-corp.com (and then the magic) 10.0.0.10 PTR www.big-corp.com PTR mail.big-corp.com If you don't have 2 PTR records for that last, you can get into the situation where a system will look up the A record for www, get the IP address, then do a PTR to sanity-check, get back only the mail. address, and get upset. Having both PTR records means that you'll be able to find one to match to the original hostname either way... Forgive my ignorance, but I thought email was handled by Mail eXchange (MX) records, thus a PTR would not be required? Thinking along a bit more, setting the routers shouldn't be a big issue, after all Cisco have been producing routers IPv6 capable for a fair while now, so surely they could incorporate multiple PTR records within the routers capability? Routers don't have anything at all to do with PTR records. What I said was that if a company wanted to block all access to Microsoft's servers, they'd have to keep continual track of all the IP addresses in use - which can be interesting if round-robin DNS or other similar things are in use. I understand where I went wrong. But I doubt that any commercial enterprise would want to block access to MS servers in RL. Regards Sean Jones
RE: Palladium (TCP/MS)
Good Afternoon again Valdis -Original Message- From: [EMAIL PROTECTED] [mailto:Valdis.Kletnieks;vt.edu] Sent: 01 November 2002 13:35 To: Sean Jones Cc: [EMAIL PROTECTED] Subject: Re: Palladium (TCP/MS) Received: from mm_w2k1.micromedical.local (mailgate.peakflowmeter.co.uk [62.49.78.214] (may be forged)) by dagger.cc.vt.edu (Mirapoint Messaging Server MOS 3.2.1-GA) with ESMTP id AUE74943; Fri, 01 Nov 2002 03:56:05 -0500 (EST) You might think about where peakflowmeter came from I cheat with Exchange 2000. I manage a number of domains, and in order to make my job simpler, I have all of these domains forwarded to one domain via my ISP, then sort them on the Exchange server. Regards Sean
RE: Palladium (TCP/MS)
Good Morning Valdis On Wed, 23 Oct 2002 09:37:44 BST, Sean Jones [EMAIL PROTECTED] said: Why is a PTR (or DNS) record with MS TCP different from the standard TCP/IP record? (Perhaps it is me in my ignorance, or lack of understanding :o) ) It's not different. Or in any case, it's not sufficiently different to cause an interoperation problem in this case. The reference to RFC2821, section 10.2 was regarding the fact that having multiple PTR records for one address *IS* legal, despite widespread belief to the contrary. The original point was that you'll need a router ACL to block a lot more than one address, and keep the list of addresses up to date. And anyhow, using a router block is a bad idea in this case. There's two cases - either you still have machines using that vendor's software, and you WANT them to reach the servers so they can update, or you don't have the software installed, in which case you don't really care if the server is reachable.. -- Valdis Kletnieks Computer Systems Senior Engineer Virginia Tech I have been cogitating on this for a little while. (Especially as I didn't want to sound thick when replying) Why would MS (or anyone for that matter) want multiple pointer records when one will suffice. My thoughts revolved around clustered servers, .net etc In short the Microsoft-verse. In reality it doesn't matter two hoots what MS do, they will still have to inter-operate with the rest of the Internet per se, unless you believe the scare mongering that with .Net MS want to make a corporate Internet which they control. (If they did ever go that way, I'd be one of the first to join Treehouse) Thinking along a bit more, setting the routers shouldn't be a big issue, after all Cisco have been producing routers IPv6 capable for a fair while now, so surely they could incorporate multiple PTR records within the routers capability? Regards Sean Jones A Boring old IT Manager for a SME
RE: FW:delete ecard email
FYI http://www.msnbc.com/news/826033.asp?cp1=1 Regards Sean Subject: Re: FW:delete ecard email Importance: High Ooops, I already opened it. I wonder what is going to happen to my machine. Is machine going to send out the similar email to other people? Ning At 12:54 PM 10/25/2002 -0400, mickey newnam wrote: Hi everyone, If you get an ecard greeting from me DO NOT OPEN it. My computer seems to have been infected with some kind of worm. Delete the email immediately. I'm sorry for the inconvience. Regards, Mickey