A bad idea? Daisy-chaining modem and router with the same ip numbers
I have a practical situation that might use some advice. I am not near the equipment, so I can't manually change IP addresses on the machines, and the server does not have a GUI, so my wife can't fix it either. The question: if I take a modem that runs the LAN as 192.168.1.1, and plug into one of its ports a wireless router ALSO running as 192.168.1.1, would I bring down the Internet or cause other types of horrible harm? The background: I had a home network with a modem and a wireless router. The router plugged into one of the 4 open ports in the modem, and several computers, including a server and two desktops were connected into the router. No computer was connected to the modem. The wireless router network was 192.168.1.x. - the server and linux box had fixed addresses, outside the DHCP range. I don't remember the IP of the modem, but it was (I think) using the 10. range for the local network. I used the interface of the router to relay ports 80, 23 (or 22, the one for ssh), and some other to the server or desktop. I don't have access to do the same through the modem. Long story short, the modem needed replacing and the new modem is running on the 192.168.1.1... network. The desktops are now connected to the modem directly. The router has been reset and switched to 192.168.2.1 The fixed IP desktop is fine, because the new and old networks are the same. The wireless devices are fine, because they run on the new network and get the IP automatically assigned. But the server is out of each, as its address is 192.168.1.190 and it is connected to a router with the network 192.168.2.x So I am thinking what might happen if I change the router's network back to 192.168.1.x - would it work? Thanks in advance. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: A bad idea? Daisy-chaining modem and router with the same ip numbers
On Sat, 26 Jan 2013, Steve G. wrote: if I take a modem that runs the LAN as 192.168.1.1, and plug into one of its ports a wireless router ALSO running as 192.168.1.1, would I bring down the Internet or cause other types of horrible harm? The Internet at large wouldn't be affected, but you'd cause yourself problems. Packets from machines connected to the router which are destined for the modem would probably never get there. The fixed IP desktop is fine, because the new and old networks are the same. The wireless devices are fine, because they run on the new network and get the IP automatically assigned. But the server is out of each, as its address is 192.168.1.190 and it is connected to a router with the network 192.168.2.x So I am thinking what might happen if I change the router's network back to 192.168.1.x - would it work? You could change the router back to 192.168.1.x but the router itself cannot be set to an address that any other device has. You need to avoid address collisions. I guess you could also leave your router address as it is but set its netmask to 255.255.252.0 which would then include the 192.168.1.x network as well. This might needlessly complicate things though. If you can avoid address collisions, setting everything to the same network would work fine. If the modem can do DHCP, you could disable DHCP on the router and let the modem take care of handing out addresses. Then you could just give the router an address that won't collide (e.g. 192.168.1.254) and just get it to pass IP traffic back and forth. This is what I did here when I ran out of ethernet ports on the modem/router. HTH, Geoff. ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
[OT somewhat] DDOS attacks, where to report?
Dear Linux-IL colleagues, An associate of mine who runs a hosting service has been the victim of persistent DDOS attack, apparently from botnets that are mainly located on other countries. His Israeli service providers have responded to these attacks by cutting off his service. Is there someone in ISOC-IL or the police who will take a complaint seriously? I suggested that he file a complaint with the police, then with the copy of the complaint in-hand ask his attorney to call the service providers to demand restoration of service. Any ideas? - yba -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
On Sat, Jan 26, 2013 at 7:55 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote: Dear Linux-IL colleagues, An associate of mine who runs a hosting service has been the victim of persistent DDOS attack, apparently from botnets that are mainly located on other countries. His Israeli service providers have responded to these attacks by cutting off his service. Is there someone in ISOC-IL Don't know (even if they would, what power do they have? besides being the .il domain registration expensive monopoly) or the police who will take a complaint seriously? They most probably won't. Not to mention that even if they would, you can't police foreign countries. You need Interpol. Do you think that's gonna happen? I suggested that he file a complaint with the police, then with the copy of the complaint in-hand ask his attorney to call the service providers to demand restoration of service. Did he read his contract? Did he notice if the customer becomes a detriment to the network... clause? Does his ISP need to suffer because of his business? Bandwidth cost their money. Denial of service can cause issues to other customers, and ISP might be hurt financially via lawsuits from said customers. Will he compensate ISP for that? What needs to be the threshold? Does the ISP needs to continue giving him service if the whole ISP gets down for 4 hours, like happened last Tuesday to 012? -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
Hi Shimi, You are suggesting that there is no recourse to DDOS attacks, that Israelis are fair game for foreign attacks and it is no one's business except for the victim. The ISP does need to suffer in this case, in that the ISP has allowed an act of war to be committed through his service. I see little difference between this and the cab drivers who transport illegal workers from the Palestinian territories to jobs in Israel. We require the drivers to take some responsibility for whom they transport. I am suggesting that ISP's be charged with some level responsibility for investigating and reporting these attacks. That's in the national interest. I suspect that in the cases of large institutions, even non-governmental institutions such as banks, that there is in fact some national response, but that this protection is not currently extended to smaller players. If a rocket hit's your home you get some protection at the national level. If a DDOS attack from a hostile government attacks your business, it's not in the national interest to provide some level of protection? - yba On Sat, 26 Jan 2013, shimi wrote: Date: Sat, 26 Jan 2013 20:20:30 +0200 From: shimi linux...@shimi.net To: Jonathan Ben Avraham y...@tkos.co.il Cc: ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? On Sat, Jan 26, 2013 at 7:55 PM, Jonathan Ben Avraham y...@tkos.co.il wrote: Dear Linux-IL colleagues, An associate of mine who runs a hosting service has been the victim of persistent DDOS attack, apparently from botnets that are mainly located on other countries. His Israeli service providers have responded to these attacks by cutting off his service. Is there someone in ISOC-IL Don't know (even if they would, what power do they have? besides being the .il domain registration expensive monopoly) or the police who will take a complaint seriously? They most probably won't. Not to mention that even if they would, you can't police foreign countries. You need Interpol. Do you think that's gonna happen? I suggested that he file a complaint with the police, then with the copy of the complaint in-hand ask his attorney to call the service providers to demand restoration of service. Did he read his contract? Did he notice if the customer becomes a detriment to the network... clause? Does his ISP need to suffer because of his business? Bandwidth cost their money. Denial of service can cause issues to other customers, and ISP might be hurt financially via lawsuits from said customers. Will he compensate ISP for that? What needs to be the threshold? Does the ISP needs to continue giving him service if the whole ISP gets down for 4 hours, like happened last Tuesday to 012? -- Shimi -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
shimi wrote: What needs to be the threshold? Does the ISP needs to continue giving him service if the whole ISP gets down for 4 hours, like happened last Tuesday to 012? Interesting. I never noticed it, however for one night last week, which I have forgotten which, we had to switch from Netvision to 012 to access anything. I have lines to both and switch between them as I need performance. Usually I don't have to switch my DNS servers but this time I did. Geoff. -- Geoffrey S. Mendelson, N3OWJ/4X1GM/KBUH7245/KBUW5379 Gung Hay Fat Choy! (May the new year be prosperous). ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
The customer/the ISP can purchase specialized firewalls to defend against DOS/DDOS attacks. The subject of the attack can try to approach the local police and in some cases they will work on taking down the botnet, see for instance Dutch police, FBI and other European forces spending time on these cases. But unless your friend shows that he is taking serious steps to prevent this type of thing in the future no ISP has to allow him onto their network, there are ISPs that specialize in hosting sites that are prone to being attacked but the price is obviously accordingly. Regards, Eliyahu - אליהו 2013/1/26 Jonathan Ben Avraham y...@tkos.co.il Hi Shimi, You are suggesting that there is no recourse to DDOS attacks, that Israelis are fair game for foreign attacks and it is no one's business except for the victim. The ISP does need to suffer in this case, in that the ISP has allowed an act of war to be committed through his service. I see little difference between this and the cab drivers who transport illegal workers from the Palestinian territories to jobs in Israel. We require the drivers to take some responsibility for whom they transport. I am suggesting that ISP's be charged with some level responsibility for investigating and reporting these attacks. That's in the national interest. I suspect that in the cases of large institutions, even non-governmental institutions such as banks, that there is in fact some national response, but that this protection is not currently extended to smaller players. If a rocket hit's your home you get some protection at the national level. If a DDOS attack from a hostile government attacks your business, it's not in the national interest to provide some level of protection? - yba On Sat, 26 Jan 2013, shimi wrote: Date: Sat, 26 Jan 2013 20:20:30 +0200 From: shimi linux...@shimi.net To: Jonathan Ben Avraham y...@tkos.co.il Cc: ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? On Sat, Jan 26, 2013 at 7:55 PM, Jonathan Ben Avraham y...@tkos.co.il wrote: Dear Linux-IL colleagues, An associate of mine who runs a hosting service has been the victim of persistent DDOS attack, apparently from botnets that are mainly located on other countries. His Israeli service providers have responded to these attacks by cutting off his service. Is there someone in ISOC-IL Don't know (even if they would, what power do they have? besides being the .il domain registration expensive monopoly) or the police who will take a complaint seriously? They most probably won't. Not to mention that even if they would, you can't police foreign countries. You need Interpol. Do you think that's gonna happen? I suggested that he file a complaint with the police, then with the copy of the complaint in-hand ask his attorney to call the service providers to demand restoration of service. Did he read his contract? Did he notice if the customer becomes a detriment to the network... clause? Does his ISP need to suffer because of his business? Bandwidth cost their money. Denial of service can cause issues to other customers, and ISP might be hurt financially via lawsuits from said customers. Will he compensate ISP for that? What needs to be the threshold? Does the ISP needs to continue giving him service if the whole ISP gets down for 4 hours, like happened last Tuesday to 012? -- Shimi -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}**ooO--U--** Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
On Sat, 26 Jan 2013, E.S. Rosenberg wrote: Date: Sat, 26 Jan 2013 21:32:34 +0200 From: E.S. Rosenberg esr+linux...@g.jct.ac.il To: Jonathan Ben Avraham y...@tkos.co.il Cc: ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? The customer/the ISP can purchase specialized firewalls to defend against DOS/DDOS attacks. Hi Eliyahu, Which Israeli ISP's offer such services? Do any of them? The subject of the attack can try to approach the local police and in some cases they will work on taking down the botnet, see for instance Dutch police, FBI and other European forces spending time on these cases. Do the Israeli police actually investigate DDOS incidents originating in foreign countries? But unless your friend shows that he is taking serious steps to prevent this type of thing in the future no ISP has to allow him onto their network, there are ISPs that specialize in hosting sites that are prone to being attacked but the price is obviously accordingly. For example? - yba Regards, Eliyahu - אליהו 2013/1/26 Jonathan Ben Avraham y...@tkos.co.il Hi Shimi, You are suggesting that there is no recourse to DDOS attacks, that Israelis are fair game for foreign attacks and it is no one's business except for the victim. The ISP does need to suffer in this case, in that the ISP has allowed an act of war to be committed through his service. I see little difference between this and the cab drivers who transport illegal workers from the Palestinian territories to jobs in Israel. We require the drivers to take some responsibility for whom they transport. I am suggesting that ISP's be charged with some level responsibility for investigating and reporting these attacks. That's in the national interest. I suspect that in the cases of large institutions, even non-governmental institutions such as banks, that there is in fact some national response, but that this protection is not currently extended to smaller players. If a rocket hit's your home you get some protection at the national level. If a DDOS attack from a hostile government attacks your business, it's not in the national interest to provide some level of protection? - yba On Sat, 26 Jan 2013, shimi wrote: Date: Sat, 26 Jan 2013 20:20:30 +0200 From: shimi linux...@shimi.net To: Jonathan Ben Avraham y...@tkos.co.il Cc: ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? On Sat, Jan 26, 2013 at 7:55 PM, Jonathan Ben Avraham y...@tkos.co.il wrote: Dear Linux-IL colleagues, An associate of mine who runs a hosting service has been the victim of persistent DDOS attack, apparently from botnets that are mainly located on other countries. His Israeli service providers have responded to these attacks by cutting off his service. Is there someone in ISOC-IL Don't know (even if they would, what power do they have? besides being the .il domain registration expensive monopoly) or the police who will take a complaint seriously? They most probably won't. Not to mention that even if they would, you can't police foreign countries. You need Interpol. Do you think that's gonna happen? I suggested that he file a complaint with the police, then with the copy of the complaint in-hand ask his attorney to call the service providers to demand restoration of service. Did he read his contract? Did he notice if the customer becomes a detriment to the network... clause? Does his ISP need to suffer because of his business? Bandwidth cost their money. Denial of service can cause issues to other customers, and ISP might be hurt financially via lawsuits from said customers. Will he compensate ISP for that? What needs to be the threshold? Does the ISP needs to continue giving him service if the whole ISP gets down for 4 hours, like happened last Tuesday to 012? -- Shimi -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -___ Linux-il mailing list Linux-il@cs.huji.ac.il
Re: [OT somewhat] DDOS attacks, where to report?
On Sat, Jan 26, 2013 at 8:52 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote: Hi Shimi, You are suggesting that there is no recourse to DDOS attacks, that Israelis are fair game for foreign attacks and it is no one's business except for the victim. Hi Jonathan, Yes, I believe that's the situation. Don't confuse my response with 'what should be', rather than 'what will happen'. I'll give you some story - and while this is merely _one_ example, and while one may not conclude from a single occasion to any other event in life - I have yet to have heard in the media for an opposite case[*] - so I *suspect* that is the norm. Here's the story. As part of both my professional (for pay) and hobby (free) work, I run servers on the Internet, just like your friend. Many years ago (almost a decade), someone defaced a site I did the IT for. He didn't get in by cracking through the OS / webserver stack. It was a 'shelf-product' that ran the site, and that product had bugs. Pretty much written by a lousy programmer, and there wasn't much to do about that - code reviewing everything didn't make sense, given the size of this and the resources we had as a free website (part of the reason the platform was dumped eventually). Now, since only the specific application was sabotaged, there weren't issues of privilege escalations etc, so we had server logs. We found the relevant entries that caused the crack, learned what the attacker did, found the relevant Perl code bug, closed it, and then restored a backup. Funny thing, the IP address of the attacker was one from Netvision's static pool. To save future headache (assuming the guy will find more bugs), an iptables (or was it ipchains back then? I don't remember) rule was added to block this IP. Then, after a 'view' command for iptables - it did the natural thing and showed the reverse DNS of that IP. Apparently, Netvision on many occasions set reverse DNS for fixed IPs to the name of the customer. So I knew who was the customer. It had been a competitor of the cracked website. A copy of all the logs, with an explanation what was done, how it was then, when, from where, THE IDENTITY OF THE ATTACKER, were all compiled to a long complaint which was filed with our Israeli Police. A couple of weeks later, the police sent the site owner a letter, telling him that the case is closed, due to the lack of interest by the public. This is for something that happened completely in Israel, where they had the suspect handed to them on a plate of silver, and they did nothing. This is why I wouldn't hold my breath... [*] Exceptions I have seen were PR could be generated. Such as the Trojan Horse story: http://www.ynet.co.il/home/0,7340,L-3439,00.html ...or when the DoS is directed at the Government or one of its sub-organizations... Does your friend's case constitute one of the above? The ISP does need to suffer in this case, in that the ISP has allowed an act of war to be committed through his service. I see little difference between this and the cab drivers who transport illegal workers from the Palestinian territories to jobs in Israel. We require the drivers to take some responsibility for whom they transport. Going to take someone from a forbidden territory is not the same like being a transparent transit for something. They're not willingly doing that! Believe me, if there would be a block DDoS command on every route out there, EVERYONE would enable it. But this requires effort. Sometimes a lot of it. Sometimes beyond the capability of the ISP, simply because the vast amounts of traffic crossing their links, due to that customer. Even if you drop the traffic at your border, you still wasted International bandwidth for it, a scarce resource as it is... I am suggesting that ISP's be charged with some level responsibility for investigating and reporting these attacks. That's in the national interest. I suspect that in the cases of large institutions, even non-governmental institutions such as banks, that there is in fact some national response, but that this protection is not currently extended to smaller players. If a rocket hit's your home you get some protection at the national level. If a DDOS attack from a hostile government attacks your business, it's not in the national interest to provide some level of protection? Do you know a law that tells them they should do so at a discretion of the customer? If not, there's nothing much you can do. ISPs live on very low margins in the hosting business (for the best of my knowledge...) - what interest do they have to spend their dollars on a customer that just causes them trouble? (Seems most websites don't get DDoSed... there are reasons why people get DDoSed...) Of course, he can go for a court order (maybe through police). Let's say he has the IPs in China, Arab countries etc etc of the attackers. What's next? How will you stop the DDoS? Mind you, the DDoS comes from infected computers, and you'll
Re: [OT somewhat] DDOS attacks, where to report?
On Sat, Jan 26, 2013 at 10:00 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote: But unless your friend shows that he is taking serious steps to prevent this type of thing in the future no ISP has to allow him onto their network, there are ISPs that specialize in hosting sites that are prone to being attacked but the price is obviously accordingly. For example? http://www.prolexic.com/services-dos-and-ddos-mitigation.html Not a recommendation in any way, just an example. -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
Hi Shimi, Thanks. What I am trying to find out is if there are any Israeli ISP's that actually offer protection against DDOS attacks and if there is any stated public policy on such attacks. For example, is there a legal requirement for individuals or ISP's to report such crimes as there is with other crimes? Does the government view the liability for damages resulting from such attacks as a private responsibility like burglary or fire insurance even when the attack is committed by an enemy of the state? Is this written anywhere and is there any applicable case law? How big or persistent does a cyber attack have to be for it to be considered a public issue? Or has no one in government ever considered the question? - yba On Sat, 26 Jan 2013, shimi wrote: Date: Sat, 26 Jan 2013 22:11:24 +0200 From: shimi linux...@shimi.net To: Jonathan Ben Avraham y...@tkos.co.il Cc: E.S. Rosenberg esr+linux...@g.jct.ac.il, ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? On Sat, Jan 26, 2013 at 10:00 PM, Jonathan Ben Avraham y...@tkos.co.il wrote: But unless your friend shows that he is taking serious steps to prevent this type of thing in the future no ISP has to allow him onto their network, there are ISPs that specialize in hosting sites that are prone to being attacked but the price is obviously accordingly. For example? http://www.prolexic.com/services-dos-and-ddos-mitigation.html Not a recommendation in any way, just an example. -- Shimi -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
Why should the ISP have that responsibility? They are as far as most of us are concerned not even supposed to do DPI (deep packet inspection) and without DPI they have almost no way of telling the difference between a site that is under attack and a site that just posted something that is so popular that everyone is going there also effectively DDOS'ing... The responsibility to go to the authorities lies squarly with the victim, elthough you might expect some good citizenship from the ISP if they signal illegal activities they still have a very hard time telling the legit from the illegitimate traffic. Also ISPs in Israel don't even bother to put virus affected customers in quarantine where they are blocked from accessing the internet until they clean their computer(s), something which is fairly easy for them to implement and very much in the ISPs interest so why would they do more complicated things like dissecting attacks? (I know some of the better ISPs outside of Israel do this) As far as an example of equipment goes, tweakers.net did a review on an anti DDOS firewall appliance in 2010: http://tweakers.net/reviews/1648/riorey-rx1810-how-to-put-a-firewall-through-hell.html Such an appliance would iirc not be usefull at the ISP level since it utilizes traffic patterns Regards, Eliyahu - אליהו 2013/1/26 Jonathan Ben Avraham y...@tkos.co.il Hi Shimi, Thanks. What I am trying to find out is if there are any Israeli ISP's that actually offer protection against DDOS attacks and if there is any stated public policy on such attacks. For example, is there a legal requirement for individuals or ISP's to report such crimes as there is with other crimes? Does the government view the liability for damages resulting from such attacks as a private responsibility like burglary or fire insurance even when the attack is committed by an enemy of the state? Is this written anywhere and is there any applicable case law? How big or persistent does a cyber attack have to be for it to be considered a public issue? Or has no one in government ever considered the question? - yba On Sat, 26 Jan 2013, shimi wrote: Date: Sat, 26 Jan 2013 22:11:24 +0200 From: shimi linux...@shimi.net To: Jonathan Ben Avraham y...@tkos.co.il Cc: E.S. Rosenberg esr+linux...@g.jct.ac.il, ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? On Sat, Jan 26, 2013 at 10:00 PM, Jonathan Ben Avraham y...@tkos.co.il wrote: But unless your friend shows that he is taking serious steps to prevent this type of thing in the future no ISP has to allow him onto their network, there are ISPs that specialize in hosting sites that are prone to being attacked but the price is obviously accordingly. For example? http://www.prolexic.com/**services-dos-and-ddos-**mitigation.htmlhttp://www.prolexic.com/services-dos-and-ddos-mitigation.html Not a recommendation in any way, just an example. -- Shimi -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}**ooO--U--** Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - __**_ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/**mailman/listinfo/linux-ilhttp://mailman.cs.huji.ac.il/mailman/listinfo/linux-il ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
Hi Eliyahu, See inlines below. On Sat, 26 Jan 2013, E.S. Rosenberg wrote: Date: Sat, 26 Jan 2013 23:22:18 +0200 From: E.S. Rosenberg esr+linux...@g.jct.ac.il To: Jonathan Ben Avraham y...@tkos.co.il Cc: ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? Why should the ISP have that responsibility? They are as far as most of us are concerned not even supposed to do DPI (deep packet inspection) and without DPI they have almost no way of telling the difference between a site that is under attack and a site that just posted something that is so popular that everyone is going there also effectively DDOS'ing... Once the user reports the crime to the ISP, does the ISP then have any responsibility to report the crime, like other crimes? The responsibility to go to the authorities lies squarly with the victim, elthough you might expect some good citizenship from the ISP if they signal illegal activities they still have a very hard time telling the legit from the illegitimate traffic. This is not true in general under Israeli law, as I have found out myself from unfortunate personal experience. See http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2 Also ISPs in Israel don't even bother to put virus affected customers in quarantine where they are blocked from accessing the internet until they clean their computer(s), something which is fairly easy for them to implement and very much in the ISPs interest so why would they do more complicated things like dissecting attacks? Not necessarily analyzing attacks, just reporting them. (I know some of the better ISPs outside of Israel do this) As far as an example of equipment goes, tweakers.net did a review on an anti DDOS firewall appliance in 2010: http://tweakers.net/reviews/1648/riorey-rx1810-how-to-put-a-firewall-through-hell.html Such an appliance would iirc not be usefull at the ISP level since it utilizes traffic patterns Thanks, - yba Regards, Eliyahu - אליהו 2013/1/26 Jonathan Ben Avraham y...@tkos.co.il Hi Shimi, Thanks. What I am trying to find out is if there are any Israeli ISP's that actually offer protection against DDOS attacks and if there is any stated public policy on such attacks. For example, is there a legal requirement for individuals or ISP's to report such crimes as there is with other crimes? Does the government view the liability for damages resulting from such attacks as a private responsibility like burglary or fire insurance even when the attack is committed by an enemy of the state? Is this written anywhere and is there any applicable case law? How big or persistent does a cyber attack have to be for it to be considered a public issue? Or has no one in government ever considered the question? - yba On Sat, 26 Jan 2013, shimi wrote: Date: Sat, 26 Jan 2013 22:11:24 +0200 From: shimi linux...@shimi.net To: Jonathan Ben Avraham y...@tkos.co.il Cc: E.S. Rosenberg esr+linux...@g.jct.ac.il, ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? On Sat, Jan 26, 2013 at 10:00 PM, Jonathan Ben Avraham y...@tkos.co.il wrote: But unless your friend shows that he is taking serious steps to prevent this type of thing in the future no ISP has to allow him onto their network, there are ISPs that specialize in hosting sites that are prone to being attacked but the price is obviously accordingly. For example? http://www.prolexic.com/services-dos-and-ddos-mitigation.html Not a recommendation in any way, just an example. -- Shimi -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA ~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il -___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote: This is not true in general under Israeli law, as I have found out myself from unfortunate personal experience. See http://he.wikipedia.org/wiki/%** D7%90%D7%99_%D7%9E%D7%A0%D7%**99%D7%A2%D7%AA_%D7%A4%D7%A9%**D7%A2http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2 This law is about telling the authorities about a CRIME THAT IS GOING TO HAPPEN, that you know about, so that the authorities can stop the criminal PRIOR to the act of crime. Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to the customer (they can't possibly know. like I've already said - chances of catching the source behind a DDoS are almost nil) - I personally find it difficult to understand why you think this law is relevant on our case... Also, not even sure that this is called a crime that happens within the borders of Israel. After all, the attacker, and his 'associate' computers, are all (for the lack of better knowledge) outside the borders of Israel when this happens. Again, the Israeli police (or Government) has no jurisdiction over the whole Internet... I think it is time for me to quote from the Serenity Prayer: God, grant me the serenity to accept the things I cannot change, The courage to change the things I can, And wisdom to know the difference. Of course, I wish your friend luck if he opts to pursue this anyways, with the hope for: a) any sort of success, and b) that he won't waste so much time/money on his attempts... Good luck! -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
Trying to get any useful action from the Israeli police is futile. Get over it - you have to find other venues to address the issues. (I speak from experience of multiple personal encounters were I needed their help and didn't get it). On 27 January 2013 09:30, shimi linux...@shimi.net wrote: On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham y...@tkos.co.ilwrote: This is not true in general under Israeli law, as I have found out myself from unfortunate personal experience. See http://he.wikipedia.org/wiki/%* *D7%90%D7%99_%D7%9E%D7%A0%D7%**99%D7%A2%D7%AA_%D7%A4%D7%A9%**D7%A2http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2 This law is about telling the authorities about a CRIME THAT IS GOING TO HAPPEN, that you know about, so that the authorities can stop the criminal PRIOR to the act of crime. Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to the customer (they can't possibly know. like I've already said - chances of catching the source behind a DDoS are almost nil) - I personally find it difficult to understand why you think this law is relevant on our case... Also, not even sure that this is called a crime that happens within the borders of Israel. After all, the attacker, and his 'associate' computers, are all (for the lack of better knowledge) outside the borders of Israel when this happens. Again, the Israeli police (or Government) has no jurisdiction over the whole Internet... I think it is time for me to quote from the Serenity Prayer: God, grant me the serenity to accept the things I cannot change, The courage to change the things I can, And wisdom to know the difference. Of course, I wish your friend luck if he opts to pursue this anyways, with the hope for: a) any sort of success, and b) that he won't waste so much time/money on his attempts... Good luck! -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il -- [image: View my profile on LinkedIn] http://www.linkedin.com/in/gliderflyer ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
On Sun, 27 Jan 2013, shimi wrote: Date: Sun, 27 Jan 2013 00:30:02 +0200 From: shimi linux...@shimi.net To: Jonathan Ben Avraham y...@tkos.co.il Cc: ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham y...@tkos.co.il wrote: This is not true in general under Israeli law, as I have found out myself from unfortunate personal experience. See http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2 This law is about telling the authorities about a CRIME THAT IS GOING TO HAPPEN, that you know about, so that the authorities can stop the criminal PRIOR to the act of crime. Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to the customer (they can't possibly know. like I've already said - chances of catching the source behind a DDoS are almost nil) - I personally find it difficult to understand why you think this law is relevant on our case... Hi Shimi, This law is in fact applied to ongoing crime as well as futire crime. It's not enough that you know someone has been trafficking Ukrainain girls for two years already to exempt you from reporting it if you find out about it. Also, not even sure that this is called a crime that happens within the borders of Israel. After all, the attacker, and his 'associate' computers, are all (for the lack of better knowledge) outside the borders of Israel when this happens. Again, the Israeli police (or Government) has no jurisdiction over the whole Internet... It's is enough for the victim to be affected in Israel for it to be a crime in Israel. I think it is time for me to quote from the Serenity Prayer: God, grant me the serenity to accept the things I cannot change, The courage to change the things I can, And wisdom to know the difference. Of course, I wish your friend luck if he opts to pursue this anyways, with the hope for: a) any sort of success, and b) that he won't waste so much time/money on his attempts... I'm wondering if there isn't a public policy initiative that we should be pushing, perhaps through ISOC-IL. I mean, I'm all for prayer, that's necessary, but sometimes concrete action is required. The problem here is that some small players are getting soaked disproportionately for the county's wars. - yba Good luck! -- Shimi -- EE 77 7F 30 4A 64 2E C5 83 5F E7 49 A6 82 29 BA~. .~ Tk Open Systems =}ooO--U--Ooo{= - y...@tkos.co.il - tel: +972.2.679.5364, http://www.tkos.co.il - ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
On Sun, Jan 27, 2013 at 1:54 AM, Jonathan Ben Avraham y...@tkos.co.ilwrote: On Sun, 27 Jan 2013, shimi wrote: Date: Sun, 27 Jan 2013 00:30:02 +0200 From: shimi linux...@shimi.net To: Jonathan Ben Avraham y...@tkos.co.il Cc: ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham y...@tkos.co.il wrote: This is not true in general under Israeli law, as I have found out myself from unfortunate personal experience. See http://he.wikipedia.org/wiki/%* *D7%90%D7%99_%D7%9E%D7%A0%D7%**99%D7%A2%D7%AA_%D7%A4%D7%A9%**D7%A2http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2 This law is about telling the authorities about a CRIME THAT IS GOING TO HAPPEN, that you know about, so that the authorities can stop the criminal PRIOR to the act of crime. Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to the customer (they can't possibly know. like I've already said - chances of catching the source behind a DDoS are almost nil) - I personally find it difficult to understand why you think this law is relevant on our case... Hi Shimi, This law is in fact applied to ongoing crime as well as futire crime. It's not enough that you know someone has been trafficking Ukrainain girls for two years already to exempt you from reporting it if you find out about it. This is not an ongoing crime. Your friend server is offline, the attacker noticed and stopped bombarding. ISP is happy. That's the reason they disconnected your friend at the first place - they knew their infrastructure will no longer be attacked when they do. This is the reason why people DDoS in the first place! Because it works... Also, not even sure that this is called a crime that happens within the borders of Israel. After all, the attacker, and his 'associate' computers, are all (for the lack of better knowledge) outside the borders of Israel when this happens. Again, the Israeli police (or Government) has no jurisdiction over the whole Internet... It's is enough for the victim to be affected in Israel for it to be a crime in Israel. This may be true (I don't know our law. it was more of a quandary). Still, jurisdiction over the entire Internet, not located in Israel? That's not simple! I think it is time for me to quote from the Serenity Prayer: God, grant me the serenity to accept the things I cannot change, The courage to change the things I can, And wisdom to know the difference. Of course, I wish your friend luck if he opts to pursue this anyways, with the hope for: a) any sort of success, and b) that he won't waste so much time/money on his attempts... I'm wondering if there isn't a public policy initiative that we should be pushing, perhaps through ISOC-IL. I mean, I'm all for prayer, that's necessary, but sometimes concrete action is required. The problem here is that some small players are getting soaked disproportionately for the county's wars. I already asked and couldn't see your answer, so I will ask again: What actions do you want your government to do against the computers in China, North Korea, or Arab countries? Please elaborate. Don't just say that 'someone needs to do something' - tell us what can they do that they don't, that would help in situations like this... also tell us what should they do after they somehow made 20,000 computers clean, just to realize that in a keystroke, the attacker infected 20,000 other computers, and all what they, basically had no influence whatsoever. b.t.w. why are you so sure that those are country's wars ? Running an innocent IRC server is very likely to get you DDoS'd too. A decade ago, DALnet, the biggest IRC network users-wise (AFAIK), had been on netsplit more time than not, because someone DDoS'd them. For months. The network lost servers because ISPs that donated them didn't want the headache - their legitimate business got hurt. The network never recovered. At the top they had 100k users online globally. This second the number is 12,727 users. Israel was not a side... Your friend got DDoS'd because he got DDoS'd. The country he lives at had nothing to do with it. Unless of course he hosted specific websites that made people angry. If that was the case, it was his war, not the country's. Sof Ma'ase, Be-Machashava Techila... -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT somewhat] DDOS attacks, where to report?
Hi Shimi, The policy that I would expect is: 1. Possibly requiring licensed ISP's to offer extended anti-cyber-attack protection, for an extra price. 2. Requiring licensed ISP's to provide a specific basic level of cyber security as part of every offering. 3. Requiring reporting of cyber attacks that pass some level of damage or persistence or that can be identified as originating with a particular organization to a national information center. 4. Requiring on-line financial services and other specified services to implement specific security policies. It's clear that the country is under concerted attack. I also know that *something* is being done or at least discussed at the national level. What appears to be lacking is protection for the smaller organizations and service providers. - yba On Sun, 27 Jan 2013, shimi wrote: Date: Sun, 27 Jan 2013 08:33:50 +0200 From: shimi linux...@shimi.net To: Jonathan Ben Avraham y...@tkos.co.il Cc: ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? On Sun, Jan 27, 2013 at 1:54 AM, Jonathan Ben Avraham y...@tkos.co.il wrote: On Sun, 27 Jan 2013, shimi wrote: Date: Sun, 27 Jan 2013 00:30:02 +0200 From: shimi linux...@shimi.net To: Jonathan Ben Avraham y...@tkos.co.il Cc: ILUG linux-il@cs.huji.ac.il Subject: Re: [OT somewhat] DDOS attacks, where to report? On Sat, Jan 26, 2013 at 11:39 PM, Jonathan Ben Avraham y...@tkos.co.il wrote: This is not true in general under Israeli law, as I have found out myself from unfortunate personal experience. See http://he.wikipedia.org/wiki/%D7%90%D7%99_%D7%9E%D7%A0%D7%99%D7%A2%D7%AA_%D7%A4%D7%A9%D7%A2 This law is about telling the authorities about a CRIME THAT IS GOING TO HAPPEN, that you know about, so that the authorities can stop the criminal PRIOR to the act of crime. Unless you claim the ISP KNOWS that a DDoS will happen (in the future) to the customer (they can't possibly know. like I've already said - chances of catching the source behind a DDoS are almost nil) - I personally find it difficult to understand why you think this law is relevant on our case... Hi Shimi, This law is in fact applied to ongoing crime as well as futire crime. It's not enough that you know someone has been trafficking Ukrainain girls for two years already to exempt you from reporting it if you find out about it. This is not an ongoing crime. Your friend server is offline, the attacker noticed and stopped bombarding. ISP is happy. That's the reason they disconnected your friend at the first place - they knew their infrastructure will no longer be attacked when they do. This is the reason why people DDoS in the first place! Because it works... Also, not even sure that this is called a crime that happens within the borders of Israel. After all, the attacker, and his 'associate' computers, are all (for the lack of better knowledge) outside the borders of Israel when this happens. Again, the Israeli police (or Government) has no jurisdiction over the whole Internet... It's is enough for the victim to be affected in Israel for it to be a crime in Israel. This may be true (I don't know our law. it was more of a quandary). Still, jurisdiction over the entire Internet, not located in Israel? That's not simple! I think it is time for me to quote from the Serenity Prayer: God, grant me the serenity to accept the things I cannot change, The courage to change the things I can, And wisdom to know the difference. Of course, I wish your friend luck if he opts to pursue this anyways, with the hope for: a) any sort of success, and b) that he won't waste so much time/money on his attempts... I'm wondering if there isn't a public policy initiative that we should be pushing, perhaps through ISOC-IL. I mean, I'm all for prayer, that's necessary, but sometimes concrete action is required. The problem here is that some small players are getting soaked disproportionately for the county's wars. I already asked and couldn't see your answer, so I will ask again: What actions do you want your government to do against the computers in China, North Korea, or Arab countries? Please elaborate. Don't just say that 'someone needs to do something' - tell us what can they do that they don't, that would help in situations like this... also tell us what should they do after they somehow made 20,000 computers clean, just to realize that in a keystroke, the attacker infected 20,000 other computers, and all what they, basically had no influence whatsoever. b.t.w. why are you so sure that those are country's wars ? Running an innocent IRC server is very likely to get you DDoS'd too. A decade ago, DALnet, the biggest IRC network users-wise (AFAIK), had been on netsplit more time than not, because someone DDoS'd them. For months. The network lost servers
[OT] Troubleshooting Bezeq Int'l problems
This is not directly related to Linux but the problem is also occurring on my Linux machines. Since people here seem to be very knowledgeable about how to diagnose and document problems with ISPs I am turning to your collective wisdom for some help. We have been using Bezeq Int'l as our ISP for years (ever since Actcom was bought out). For the most part we have been satisfied even if the Linux support in the early years was not the best. We are now connected with a 20Mb DSL connection. Recently I have noticed a problem with downloading certain zip file that the zip files end up truncated. I.e. rather than downloading a zip file of 1.2 MB the download completes "successfully" but the zip file will only be 800 KB and is obviously not usable. This does not happen on all zip files and it does not seem to be connected to a particular size of zip file (i.e. larger zip files will work sometimes). I have not been able to pin point a particular characteristic of the zip file that causes it to fail. Windows XP, Windows 7 and Ubuntu all encounter the same problem. However, if I connect my laptop via my phone's 3G network I am able to download the zip file without a problem. A second symptom that has come up recently is that when I have clicked on some links, instead of going to the requested site I am shown an error page from Bezeq Int'l saying that this site is dangerous and I cannot go there. If I hit the back button and try again I am able to get to the site without a problem. Putting these two items together I have come to the theory that Bezeq Int'l has updated their firewalls / anti virus software which is somehow causing both of these issues. Has anyone else using Bezeq Int'l encountered similar problems? Other than just calling and complaining are there any tools that I can use to further trouble shoot the problem? If the support people say it is not their problem I would like to have as much support as possible to force them to deal with the issue. Thanks, -- David Suna da...@davidsconsultants.com ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: [OT] Troubleshooting Bezeq Int'l problems
On Sun, Jan 27, 2013 at 8:59 AM, David Suna da...@davidsconsultants.comwrote: This is not directly related to Linux but the problem is also occurring on my Linux machines. Since people here seem to be very knowledgeable about how to diagnose and document problems with ISPs I am turning to your collective wisdom for some help. We have been using Bezeq Int'l as our ISP for years (ever since Actcom was bought out). For the most part we have been satisfied even if the Linux support in the early years was not the best. We are now connected with a 20Mb DSL connection. Recently I have noticed a problem with downloading certain zip file that the zip files end up truncated. I.e. rather than downloading a zip file of 1.2 MB the download completes successfully but the zip file will only be 800 KB and is obviously not usable. This does not happen on all zip files and it does not seem to be connected to a particular size of zip file (i.e. larger zip files will work sometimes). I have not been able to pin point a particular characteristic of the zip file that causes it to fail. Windows XP, Windows 7 and Ubuntu all encounter the same problem. However, if I connect my laptop via my phone's 3G network I am able to download the zip file without a problem. A second symptom that has come up recently is that when I have clicked on some links, instead of going to the requested site I am shown an error page from Bezeq Int'l saying that this site is dangerous and I cannot go there. If I hit the back button and try again I am able to get to the site without a problem. Putting these two items together I have come to the theory that Bezeq Int'l has updated their firewalls / anti virus software which is somehow causing both of these issues. Has anyone else using Bezeq Int'l encountered similar problems? Other than just calling and complaining are there any tools that I can use to further trouble shoot the problem? If the support people say it is not their problem I would like to have as much support as possible to force them to deal with the issue. Do you use Bezeq Int's DNS services? If so, try switching to 8.8.8.8 and 8.8.4.4, see if it helps. -- Shimi ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il
Re: Parts of the internet keep on disappearing on me
On Thu, Jan 24, 2013 at 2:53 PM, Shachar Shemesh shac...@shemesh.bizwrote: On 01/24/2013 02:44 PM, E.S. Rosenberg wrote: When you enable timestamps they don't match so the packet is discarded, this could be due to the ISP fiddling with the packets on the way. I know what timestamp is, and what it is used for. I have not, yet, rebooted to see whether this does not happen when the problem is dormant. What I told Shimi was that I want as much information as possible, and since he seems to know a bit about it, I would like to hear it all. If you want to know it all, I never did manage to penetrate the first-line representative (What's MTR? send me Windows traceroute so I can't see the instability over time!). Arguing with customer service is like fighting the Borg. Resistance is futile... So I solved it the way I know best: If you can't change them, show them you put your money where your mouth is. Just like I did to Orange. I am waiting for the day that most people in Israel would be like that, but unfortunately, that day does not seem close :( We only care about substantially lower price to make a difference... like what was caused by Golan T. Some people not even that (still pay 100NIS/mo. for even sometimes a LIMITED cell line...) Now I am connected through another ISP (which funnily enough, uses BezeqInt for Intl' traffic, at least per traceroute, and is actually cheaper...), and the problem is gone[*]. Now you know how I knew you were there... -- Shimi [*] Of course, that may have been sheer luck. It might happen to me again one bright day in the future :) But for now, it probably simply doesn't pass through their QoS engine, probably because the ISP has a fixed bandwidth with them, and they don't really care _what_ passes on the link... ___ Linux-il mailing list Linux-il@cs.huji.ac.il http://mailman.cs.huji.ac.il/mailman/listinfo/linux-il