Endpoint Security and Smartphones
Some time back, the FBI was heard to say in public that draw-your-passpattern security, as seen on Android smartphones and tablets, was too much for them, at least as long as you kept your screen clean of skin oil. :-) Whether or not that's true, there are apparently ways to attack even that, using just the sensors on the platform. Specifically, the accelerometers (which are actually usually just angle sensors): http://www.schneier.com/blog/archives/2013/02/guessing_smart.html If you're responsible for security, BTW (and if you're on NANOG, you probably are), Bruce Schneier should be on your daily bookmark list... even if you think he's full of crap. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
RE: Endpoint Security and Smartphones
Kind of seems to me that if I am deep enough in your mobile device to get your accelerometer data, I probably can get access to your stored data in the device. The only reason I think I would want your passcode would be to physically steal your device and then try to use it. This is one of those attacks that is probably possible but not practical. Interesting blog however. Steven Naslund -Original Message- From: Jay Ashworth [mailto:j...@baylink.com] Sent: Tuesday, February 19, 2013 9:20 AM To: NANOG Subject: Endpoint Security and Smartphones Some time back, the FBI was heard to say in public that draw-your-passpattern security, as seen on Android smartphones and tablets, was too much for them, at least as long as you kept your screen clean of skin oil. :-) Whether or not that's true, there are apparently ways to attack even that, using just the sensors on the platform. Specifically, the accelerometers (which are actually usually just angle sensors): http://www.schneier.com/blog/archives/2013/02/guessing_smart.html If you're responsible for security, BTW (and if you're on NANOG, you probably are), Bruce Schneier should be on your daily bookmark list... even if you think he's full of crap. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
RE: Endpoint Security and Smartphones
My knowledge on mobile device security is pretty limited. I am just trying to wrap my head around the value of your passcode. I suppose it would be good to know if I could get covert access to the device itself so I could see what is on it. I would however have to get some malicious code on the device to get the passcode so it would seem to be easier to put malicious code on your device that sends me whatever I need the passcode to access in the first place. I guess one of my thoughts on computer security in general is that if someone gets physical access to the device, it is history. I would not count on the passcode to be very protective because it would seem that there would be some kind of way around it through the hardware vendor, maybe not but someone would have to convince me that a backdoor does not exist. Steven Naslund -Original Message- From: Jay Ashworth [mailto:j...@baylink.com] Sent: Tuesday, February 19, 2013 10:22 AM To: Naslund, Steve Subject: Re: Endpoint Security and Smartphones - Original Message - From: Steve Naslund snasl...@medline.com Kind of seems to me that if I am deep enough in your mobile device to get your accelerometer data, I probably can get access to your stored data in the device. The only reason I think I would want your passcode would be to physically steal your device and then try to use it. This is one of those attacks that is probably possible but not practical. Interesting blog however. I dunno, Steve; think trojan horse. -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: Endpoint Security and Smartphones
Normal apps can usually get the accelerometer data without breaking device security. So you download the newest cool free Mine Birds or whatnot, and its server upload traffic eventually includes guesses at your passcode along with your game status... George William Herbert Sent from my iPhone On Feb 19, 2013, at 8:07 AM, Naslund, Steve snasl...@medline.com wrote: Kind of seems to me that if I am deep enough in your mobile device to get your accelerometer data, I probably can get access to your stored data in the device. The only reason I think I would want your passcode would be to physically steal your device and then try to use it. This is one of those attacks that is probably possible but not practical. Interesting blog however. Steven Naslund -Original Message- From: Jay Ashworth [mailto:j...@baylink.com] Sent: Tuesday, February 19, 2013 9:20 AM To: NANOG Subject: Endpoint Security and Smartphones Some time back, the FBI was heard to say in public that draw-your-passpattern security, as seen on Android smartphones and tablets, was too much for them, at least as long as you kept your screen clean of skin oil. :-) Whether or not that's true, there are apparently ways to attack even that, using just the sensors on the platform. Specifically, the accelerometers (which are actually usually just angle sensors): http://www.schneier.com/blog/archives/2013/02/guessing_smart.html If you're responsible for security, BTW (and if you're on NANOG, you probably are), Bruce Schneier should be on your daily bookmark list... even if you think he's full of crap. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
RE: Endpoint Security and Smartphones
I get that part. I guess I am just trying to figure out why having your passcode is such an advantage. I guess if you really want to physically steal (or temporarily borrow) my phone and get into it, that would be useful. I would be much more concerned about remote exploits because I have always assumed that if you physically have the device, you are going to get into it. All I count on my passcode for is to prevent me from butt dialing. I think the real value here would be if it were used as more of a general purpose key stroke grabber that could tell me remotely what you are doing with your phone. Problem with that is that the accuracy would have to be much better for that purpose. Steven Naslund -Original Message- From: George Herbert [mailto:george.herb...@gmail.com] Sent: Tuesday, February 19, 2013 10:47 AM To: Naslund, Steve Cc: NANOG; George Herbert Subject: Re: Endpoint Security and Smartphones Normal apps can usually get the accelerometer data without breaking device security. So you download the newest cool free Mine Birds or whatnot, and its server upload traffic eventually includes guesses at your passcode along with your game status... George William Herbert Sent from my iPhone On Feb 19, 2013, at 8:07 AM, Naslund, Steve snasl...@medline.com wrote: Kind of seems to me that if I am deep enough in your mobile device to get your accelerometer data, I probably can get access to your stored data in the device. The only reason I think I would want your passcode would be to physically steal your device and then try to use it. This is one of those attacks that is probably possible but not practical. Interesting blog however. Steven Naslund -Original Message- From: Jay Ashworth [mailto:j...@baylink.com] Sent: Tuesday, February 19, 2013 9:20 AM To: NANOG Subject: Endpoint Security and Smartphones Some time back, the FBI was heard to say in public that draw-your-passpattern security, as seen on Android smartphones and tablets, was too much for them, at least as long as you kept your screen clean of skin oil. :-) Whether or not that's true, there are apparently ways to attack even that, using just the sensors on the platform. Specifically, the accelerometers (which are actually usually just angle sensors): http://www.schneier.com/blog/archives/2013/02/guessing_smart.html If you're responsible for security, BTW (and if you're on NANOG, you probably are), Bruce Schneier should be on your daily bookmark list... even if you think he's full of crap. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
RE: Endpoint Security and Smartphones
Well, I guess it all goes back to my original assumption that unless you control physical access to the device there really is no security. Unless someone can prove to me that the pass code is a part of a cryptographically secure system (which is unlikely given the key length of the passcode) that guards the entire file system of the device, then it is nothing more than a lock to keep kids out and prevent butt dialing. This is no different than losing physical control of your laptop computer or desktop machine. Unless you have implemented some of the most draconian security measures including full file system encryption with a removable key store (like a smartcard or such), loss of the physical device is game over in most cases. I think this attack might have value if aimed at a single individual target with a high value reason for needing access to the phone (think CIA going after a high value target). To write an app that randomly grabs pass codes from the general public is a lot less useful because the pass code does nothing for me without the physical device. I still cannot figure out the practical value of this is other than demonstrate that having all of these sensors on your person is a security threat. Steve -Original Message- From: Jay Ashworth [mailto:j...@baylink.com] Sent: Tuesday, February 19, 2013 10:41 AM To: Naslund, Steve Subject: Re: Endpoint Security and Smartphones - Original Message - From: Steve Naslund snasl...@medline.com My knowledge on mobile device security is pretty limited. I am just trying to wrap my head around the value of your passcode. I suppose it would be good to know if I could get covert access to the device itself so I could see what is on it. I would however have to get some malicious code on the device to get the passcode so it would seem to be easier to put malicious code on your device that sends me whatever I need the passcode to access in the first place. I guess one of my thoughts on computer security in general is that if someone gets physical access to the device, it is history. I would not count on the passcode to be very protective because it would seem that there would be some kind of way around it through the hardware vendor, maybe not but someone would have to convince me that a backdoor does not exist. Well, certainly it's stored on there, but the received wisdom is that it is somewhere where apps not granted superuser by the user can't reach it, so a normal trojan couldn't get to it. It is, of course, in the FBI's best interest to lie about whether they can break this sort of security... But in fact, the point of the pass-swipe is that no, physical access is not enough -- as long as you're not the disassemble the device and put the flash memory on a scanning-tunnelling microscope class of attacker; there probably really are uses for this attack. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Anyone know of a good InfiniBand vendor in the US?
Hello NANOG, We are thinking of utilizing some InfiniBand stuff for some specific application in our data centres. We are new to InfiniBand however so we want to get some equipment and see if it does what we need. Does anyone know of a good vendor in the US? East or West coast, doesn't matter. If anyone has any good advice or information about InfiniBand that would be nice to hear too as we are totally new to it at present. -- Landon Stewart lstew...@superb.net Sr. Administrator Systems Engineering Superb Internet Corp - 888-354-6128 x 4199 Web hosting and more Ahead of the Rest: http://www.superbhosting.net
bidirectional fiber inline amps.
Due to some bundle size restrictions, we are looking at converting some runs over to use bi-directional fiber sfp's (the Cisco version is GLC-BX-D/GLC-BX-U). However a couple of our runs are farther than the spec 6.2 miles. Is anyone aware of a vendor that makes an inline bidirectional amp for this sort of application? I did some digging but either they do not exist or my google fu is weak today. __ Eric Esslinger Information Services Manager - Fayetteville Public Utilities http://www.fpu-tn.com/ (931)433-1522 ext 165 This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited.
Re: bidirectional fiber inline amps.
On Feb 19, 2013, at 3:30 PM, Eric J Esslinger wrote: Due to some bundle size restrictions, we are looking at converting some runs over to use bi-directional fiber sfp's (the Cisco version is GLC-BX-D/GLC-BX-U). However a couple of our runs are farther than the spec 6.2 miles. Is anyone aware of a vendor that makes an inline bidirectional amp for this sort of application? I did some digging but either they do not exist or my google fu is weak today. So you really just want the 20km optics: GLC-BX-U20 GLC-BX-D20 Most places also make 40km and 80km optics of the same sort. - Jared
RE: bidirectional fiber inline amps.
Didn't see those. Thanks. Idiot moment for me. __ Eric Esslinger Information Services Manager - Fayetteville Public Utilities http://www.fpu-tn.com/ (931)433-1522 ext 165 -Original Message- From: Jared Mauch [mailto:ja...@puck.nether.net] Sent: Tuesday, February 19, 2013 2:43 PM To: Eric J Esslinger Cc: 'nanog@nanog.org' Subject: Re: bidirectional fiber inline amps. On Feb 19, 2013, at 3:30 PM, Eric J Esslinger wrote: Due to some bundle size restrictions, we are looking at converting some runs over to use bi-directional fiber sfp's (the Cisco version is GLC-BX-D/GLC-BX-U). However a couple of our runs are farther than the spec 6.2 miles. Is anyone aware of a vendor that makes an inline bidirectional amp for this sort of application? I did some digging but either they do not exist or my google fu is weak today. So you really just want the 20km optics: GLC-BX-U20 GLC-BX-D20 Most places also make 40km and 80km optics of the same sort. - Jared This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited. attachment: Eric J Esslinger.vcf
Re: Anyone know of a good InfiniBand vendor in the US?
VAR or Manufacturer? Mellanox are essentially the defacto standard for IB switches and HCAs. Sent from my mobile device, so please excuse any horrible misspellings. On Feb 19, 2013, at 14:12, Landon Stewart lstew...@superb.net wrote: Hello NANOG, We are thinking of utilizing some InfiniBand stuff for some specific application in our data centres. We are new to InfiniBand however so we want to get some equipment and see if it does what we need. Does anyone know of a good vendor in the US? East or West coast, doesn't matter. If anyone has any good advice or information about InfiniBand that would be nice to hear too as we are totally new to it at present. -- Landon Stewart lstew...@superb.net Sr. Administrator Systems Engineering Superb Internet Corp - 888-354-6128 x 4199 Web hosting and more Ahead of the Rest: http://www.superbhosting.net
regarding 188.24.168.0/21
Hi list Any help will be appreciated, it seems that apple is filtering prefixes for untraceable reasons I wrote emails to apple-...@apple.com dr...@apple.com but no answer. Staring about 2 weeks ago we encountered several complaints from our customers which are using 188.24.168.0/21. The prefix is allocated to our residential customers, dynamically via pppoe. Actually they are not able to connect AppStore and associated resources like developer.apple.com from their IOS terminal phones or tablets, nor using iTunes or browser from their respective operating systems. Using tcpdump we saw that 17.154.66.17 is not responding to client request. IP 188.27.253.245.63289 17.154.66.17.443: tcp 0 Furthermore we did manage to ping hosts from 188.24.168.0/21 using a looking glass server (4.69.185.226) from LEVEL3 San Jose which seems to be last hop provider to apple network. Ping results from San Jose, CA to 188.27.248.26(188-27-248-26.rdsnet.ro) icmp_seq=0 time=188 ms statistics 1 packets transmitted, 1 packets received, 0% packet loss rtt min/avg/median/max/mdev/stddev = 188/188/188/188/0/0 ms Regards, -- Mihai NECSA network engineer @AS8708
Re: Anyone know of a good InfiniBand vendor in the US?
Hi Landon: We deliver Infiniband based servers and switches. We have been working with Infiniband for many years already. What are you looking for? Alex www.pssclabs.com On 2/19/2013 2:11 PM, Landon Stewart wrote: Hello NANOG, We are thinking of utilizing some InfiniBand stuff for some specific application in our data centres. We are new to InfiniBand however so we want to get some equipment and see if it does what we need. Does anyone know of a good vendor in the US? East or West coast, doesn't matter. If anyone has any good advice or information about InfiniBand that would be nice to hear too as we are totally new to it at present.
Re: Anyone know of a good InfiniBand vendor in the US?
Oh by vendor I mean VAR I guess. Mostly I'm also wondering how an IB network handles IPoIB and how one uses IB with a gateway to layer 3 Ethernet switches or edge routers. If anyone has any resources that provide details on how this works and how ethernet VLANs are handled I'd appreciate it. On 19 February 2013 14:37, Matt Addison matt.addi...@lists.evilgeni.uswrote: VAR or Manufacturer? Mellanox are essentially the defacto standard for IB switches and HCAs. Sent from my mobile device, so please excuse any horrible misspellings. On Feb 19, 2013, at 14:12, Landon Stewart lstew...@superb.net wrote: Hello NANOG, We are thinking of utilizing some InfiniBand stuff for some specific application in our data centres. We are new to InfiniBand however so we want to get some equipment and see if it does what we need. Does anyone know of a good vendor in the US? East or West coast, doesn't matter. If anyone has any good advice or information about InfiniBand that would be nice to hear too as we are totally new to it at present. -- Landon Stewart lstew...@superb.net Sr. Administrator Systems Engineering Superb Internet Corp - 888-354-6128 x 4199 Web hosting and more Ahead of the Rest: http://www.superbhosting.net -- Landon Stewart lstew...@superb.net Sr. Administrator Systems Engineering Superb Internet Corp - 888-354-6128 x 4199 Web hosting and more Ahead of the Rest: http://www.superbhosting.net
Re: Anyone know of a good InfiniBand vendor in the US?
On Tue, 19 Feb 2013, Landon Stewart wrote: Oh by vendor I mean VAR I guess. Mostly I'm also wondering how an IB network handles IPoIB and how one uses IB with a gateway to layer 3 Ethernet switches or edge routers. If anyone has any resources that provide details on how this works and how ethernet VLANs are handled I'd appreciate it. My limited IB experience has been that the IB switch acts much like a dumb ethernet switch, caring only about which IB hardware addresses are reachable via which port. Routing between IPoIB and IP over ethernet can be done by any host with interfaces on both networks and IP forwarding enabled. In our setups, we've used IPoIB, but with 1918 addresses and not routed beyond the IB network. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Check this out T-Mobile Launches GoSmart Prepaid Service Nationally on Phone Scoop
Check this out: http://www.phonescoop.com/articles/article.php?a=11946 This email was sent via Phone Scoop (www.phonescoop.com). The sender thought you might be interested in the page linked above.
Re: Check this out T-Mobile Launches GoSmart Prepaid Service Nationally on Phone Scoop
haha i love the header: Received: (from nobody@localhost) On Tue, Feb 19, 2013 at 7:48 PM, Jay Ashworth j...@baylink.com wrote: Check this out: http://www.phonescoop.com/articles/article.php?a=11946 This email was sent via Phone Scoop (www.phonescoop.com). The sender thought you might be interested in the page linked above.
Re: Check this out T-Mobile Launches GoSmart Prepaid Service Nationally on Phone Scoop
An email from nobody? WHAT IS THIS SORCERY?!? --JR On Tue, Feb 19, 2013 at 8:50 PM, Grant Ridder shortdudey...@gmail.comwrote: haha i love the header: Received: (from nobody@localhost) On Tue, Feb 19, 2013 at 7:48 PM, Jay Ashworth j...@baylink.com wrote: Check this out: http://www.phonescoop.com/articles/article.php?a=11946 This email was sent via Phone Scoop (www.phonescoop.com). The sender thought you might be interested in the page linked above.
Re: Check this out T-Mobile Launches GoSmart Prepaid Service Nationally on Phone Scoop
Merlin is back; especially for Jay...:-) ./Randy --- On Tue, 2/19/13, Jonathan Rogers quantumf...@gmail.com wrote: From: Jonathan Rogers quantumf...@gmail.com Subject: Re: Check this out T-Mobile Launches GoSmart Prepaid Service Nationally on Phone Scoop To: Grant Ridder shortdudey...@gmail.com Cc: nanog@nanog.org nanog@nanog.org Date: Tuesday, February 19, 2013, 5:58 PM An email from nobody? WHAT IS THIS SORCERY?!? --JR On Tue, Feb 19, 2013 at 8:50 PM, Grant Ridder shortdudey...@gmail.comwrote: haha i love the header: Received: (from nobody@localhost) On Tue, Feb 19, 2013 at 7:48 PM, Jay Ashworth j...@baylink.com wrote: Check this out: http://www.phonescoop.com/articles/article.php?a=11946 This email was sent via Phone Scoop (www.phonescoop.com). The sender thought you might be interested in the page linked above.
Re: Check this out T-Mobile Launches GoSmart Prepaid Service Nationally on Phone Scoop
All in favor of phonescoop being blacklisted from nanog? Anyone? Anyone? Buehler? On Tue, Feb 19, 2013 at 5:50 PM, Grant Ridder shortdudey...@gmail.com wrote: haha i love the header: Received: (from nobody@localhost) On Tue, Feb 19, 2013 at 7:48 PM, Jay Ashworth j...@baylink.com wrote: Check this out: http://www.phonescoop.com/articles/article.php?a=11946 This email was sent via Phone Scoop (www.phonescoop.com). The sender thought you might be interested in the page linked above. -- -george william herbert george.herb...@gmail.com
TelePacific a good choice?
Hiya, We're looking at TelePacific as a possible solution for some of our transit needs. If you have an honest experience with them, positive or negative, I'd like to hear from you. Simply email me off line with your experiences, thanks! Jeff Harper, CCIE (W) | www.well.com ip access-list extended jeff permit tcp any any eq intelligence deny tcp any any eq stupid-people
Re: TelePacific a good choice?
The lack of IPv6 implementation: http://bgp.he.net/AS14265#_asinfo should be the only feedback you need. On 2/19/13, Jeff Harper jhar...@well.com wrote: Hiya, We're looking at TelePacific as a possible solution for some of our transit needs. If you have an honest experience with them, positive or negative, I'd like to hear from you. Simply email me off line with your experiences, thanks! Jeff Harper, CCIE (W) | www.well.com ip access-list extended jeff permit tcp any any eq intelligence deny tcp any any eq stupid-people
Re: TelePacific a good choice?
I've used them at a previous employer, mainly for PRI termination but also for some transit and colo services. They were decent. Didn't have any major complaints. If IPv6 is important for you...per what Paul said, they probably wouldn't be your best choice. If IPv6 doesn't matter to you, they're good enough. On Tue, Feb 19, 2013 at 7:37 PM, Paul WALL pauldotw...@gmail.com wrote: The lack of IPv6 implementation: http://bgp.he.net/AS14265#_asinfo should be the only feedback you need. On 2/19/13, Jeff Harper jhar...@well.com wrote: Hiya, We're looking at TelePacific as a possible solution for some of our transit needs. If you have an honest experience with them, positive or negative, I'd like to hear from you. Simply email me off line with your experiences, thanks! Jeff Harper, CCIE (W) | www.well.com ip access-list extended jeff permit tcp any any eq intelligence deny tcp any any eq stupid-people -- 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
Re: switch 10G standalone TOR, core to DC
Anyone have worked with the switching vendor Quanta for their 10ge switching as TOR? [1] Their spec looked interesting and they are quiet cheap. [1] http://www.quantaqct.com/en/01_product/02_detail.php?mid=30sid=114id=116qs=63 -bn 0216331C On Tue, Feb 12, 2013 at 7:45 AM, Nick Hilliard n...@foobar.org wrote: On 12/02/2013 14:23, Piotr wrote: shared 9 MB packet buffer pool that is allocated dynamically to ports that are congested 9MB is a standard size of port buffers.. That's pretty standard for a cut-thru ToR switch of this style. Cut-thru switches generally need a lot less packet buffer space than store-n-forward switches. Also, ToR boxes tend not to have complex qos requirements. Having said that, you need to be careful deploying small-buffer boxes. If you're not careful, you will end up with bad packet loss. Nick
Re: switch 10G standalone TOR, core to DC
On Tue, Feb 19, 2013 at 8:21 PM, Bao Nguyen ngq...@gmail.com wrote: Anyone have worked with the switching vendor Quanta for their 10ge switching as TOR? [1] Their spec looked interesting and they are quiet cheap. [1] http://www.quantaqct.com/en/01_product/02_detail.php?mid=30sid=114id=116qs=63 -bn 0216331C Based on the specs, the Quanta switches look like they use Broadcom merchant silicon and should have similar performance to other switches based on the same chipset: http://blog.sflow.com/2011/12/merchant-silicon.html While many vendors use merchant silicon, there is variability in firmware, exposed features, CLI etc.
Re: NYT covers China cyberthreat
quite a bit of coverage lately from the media. http://online.wsj.com/article/SB10001424127887323764804578313101135258708.html http://www.bbc.co.uk/news/world-asia-pacific-21505803 http://www.npr.org/2013/02/19/172373133/report-links-cyber-attacks-on-u-s-to-chinas-military http://www.businessweek.com/articles/2013-02-14/a-chinese-hackers-identity-unmasked On Mon, Feb 18, 2013 at 7:23 PM, Jay Ashworth j...@baylink.com wrote: http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=all -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer
Re: NYT covers China cyberthreat
boys and girls, all the cyber-capable countries are cyber-culpable. you can bet that they are all snooping and attacking eachother, the united states no less than the rest. news at eleven. randy
Re: NYT covers China cyberthreat
We have done our part to China as well along with other countries in state sponsored hacking. This is more of news amusement rather than news worthy. Question here should be how much of this is another effort to get a kill switch type bill back. Zaid On Feb 19, 2013, at 10:10 PM, Kyle Creyts kyle.cre...@gmail.com wrote: quite a bit of coverage lately from the media. http://online.wsj.com/article/SB10001424127887323764804578313101135258708.html http://www.bbc.co.uk/news/world-asia-pacific-21505803 http://www.npr.org/2013/02/19/172373133/report-links-cyber-attacks-on-u-s-to-chinas-military http://www.businessweek.com/articles/2013-02-14/a-chinese-hackers-identity-unmasked On Mon, Feb 18, 2013 at 7:23 PM, Jay Ashworth j...@baylink.com wrote: http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=all -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer
Re: NYT covers China cyberthreat
An Internet kill switch is a nightmare. We can't even figure out how to run a relay radio system for national emergencies.. Now we are going to assume the people who were owned can somehow shut off communications? We as Americans have plenty of things we have done halfass.. I hope an Internet kill switch doesn't end up being one of them. Build your own private networks, you can't get rooted if someone can't knock. Simple as that. From my Android phone on T-Mobile. The first nationwide 4G network. Original message From: Zaid Ali Kahn z...@zaidali.com Date: 02/19/2013 10:44 PM (GMT-08:00) To: Kyle Creyts kyle.cre...@gmail.com Cc: nanog@nanog.org Subject: Re: NYT covers China cyberthreat We have done our part to China as well along with other countries in state sponsored hacking. This is more of news amusement rather than news worthy. Question here should be how much of this is another effort to get a kill switch type bill back. Zaid On Feb 19, 2013, at 10:10 PM, Kyle Creyts kyle.cre...@gmail.com wrote: quite a bit of coverage lately from the media. http://online.wsj.com/article/SB10001424127887323764804578313101135258708.html http://www.bbc.co.uk/news/world-asia-pacific-21505803 http://www.npr.org/2013/02/19/172373133/report-links-cyber-attacks-on-u-s-to-chinas-military http://www.businessweek.com/articles/2013-02-14/a-chinese-hackers-identity-unmasked On Mon, Feb 18, 2013 at 7:23 PM, Jay Ashworth j...@baylink.com wrote: http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=all -- Sent from my Android phone with K-9 Mail. Please excuse my brevity. -- Kyle Creyts Information Assurance Professional BSidesDetroit Organizer
Re: switch 10G standalone TOR, core to DC
I have fairly extensive experience with the Quanta LY2 10GE switches, and they work very well for some environments. Here are some basic impressions: - Broadcom Trident chipset - Similar performance to other Trident switches (ideally line rate, but small buffers) - Cisco-like configuration interface (similar, not the same) - Custom Linux kernel and OS - Basic look-and-feel, but so far the quality has not been a disappointment - Decent support for topologies with no Spanning-Tree - Good compatibility with SFP+ transceivers, direct connections, and optics from various sources. - Basic feature set (OSPF/RIP, but no BGP) - Somewhat limited troubleshooting and debug tools One very pleasant aspect of working with Quanta is that they are very responsive to feature requests, often working closely with customers. On the other hand, their release schedules are somewhat non-specific. I've been waiting for full MLAG support for a while (it's supposedly right around the corner). They are particularly convenient if you are putting them at the top of racks full of Quanta servers, since they have logistics and full-rack staging/shipping. I wish they had better MIB support, BGP, scriptability, and policy-based routing, but they don't. They are cheap enough, however, that you may be able to get two LY2 switches for the price of one of some of their competitors. -- Dan Sneddon On Tuesday, February 19, 2013 at 8:21 PM, Bao Nguyen wrote: Anyone have worked with the switching vendor Quanta for their 10ge switching as TOR? [1] Their spec looked interesting and they are quiet cheap. [1] http://www.quantaqct.com/en/01_product/02_detail.php?mid=30sid=114id=116qs=63 -bn 0216331C
