Re: ISP Responsibilities [WAS: Re: Nato warns of strike againstcyber attackers]
From recent article at MIT Technology Review: How ISPs Could Combat Botnets Focusing on the top 50 infected networks could eliminate half of all compromised machines. Convincing Internet service providers to pinpoint infected computers on their networks could eliminate the lion's share of zombie computers responsible for churning out spam and initiating other online threats, according to a new analysis. The researchers analyzed more than 63 billion unsolicited e-mail messages sent over a four-year period and found more than 138 million unique internet addresses linked to sending out the spam. Typically such machines have been hijacked by hackers and are corralled into a vast network of remote-controlled system known as a botnet. By correlating the Internet protocol addresses of these spam-sending machines with the networks maintained by Internet service providers, the researchers found that about two-thirds of them were located in the networks managed by the 200 largest ISPs from 40 countries. The top-50 networks responsible accounted for more than half of all compromised IP addresses. If these ISPs were to shut down, or block, the malicious machines on their networks, it could cut worldwide spam by half. Those 50 ISPs are not the [dubious] ones we hear about, says Michel van Eeten, professor of public administration at the Delft University of Technology in the Netherlands and one of the authors of a paper on the research, which will be presented next month at the Workshop on the Economics of Information Security at Harvard University. They are the ones we deal with every day, and so are more approachable and are in the reach of government. Rest here: http://www.technologyreview.com/computing/25245/
Feds disable movie piracy websites in raids
As randy said not too long ago, First they came for... BURBANK, Calif. (AP) -- U.S. officials on Wednesday announced a major crackdown on movie piracy that involved disabling nine websites that were offering downloads of pirated movies in some cases hours after they appeared in theaters. Officials also seized assets from 15 bank, investment and advertising accounts, and executed residential search warrants in North Carolina, New Jersey, New York and Washington. Immigration and Customs Enforcement officials worked with the U.S. Attorney for the Southern District of New York and other government agencies. The investigation involved about 100 agents in 11 states and the Netherlands. Officials wouldn't say how many people were suspected of intellectual property theft, but said the penalties could include prison time. The raids were the first actions in a new Operation In Our Sites initiative to combat Internet counterfeiting and piracy. The government only seized domain names for the sites in question, however, meaning the computers that run the sites could still be used under a different name. http://www.technologyreview.com/wire/25690/?nlid=3195a=f
Re: U.S. Plans Cyber Shield for Utilities, Companies
andrew.wallace wrote: Article: http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html My opinion: http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html#articleTabs%3Dcomments%26commentId%3D1330685 Perfect Citizen will look at large, typically older computer control systems that were often designed without Internet connectivity or security in mind. Many of those systems—which run everything from subway systems to air-traffic control networks—have since been linked to the Internet, making them more efficient but also exposing them to cyber attack. Have we all gone mad? I find it hard to understand that a nuclear power plant, air-traffic control network, or electrical grid would be 'linked' to the Internet in the interest of 'efficiency'. Air gap them all and let them apply for Inefficiency Relief from the $100 million relief fund.
Re: Copyright Enforcement DoS/DDoS Attacks
Brandon Galbraith wrote: http://www.smh.com.au/technology/technology-news/film-industry-hires-cyber-hitmen-to-take-down-internet-pirates-20100907-14ypv.html http://www.smh.com.au/technology/technology-news/film-industry-hires-cyber-hitmen-to-take-down-internet-pirates-20100907-14ypv.htmlHas anyone dealt with this in the wild? I wasn't aware DoS/DDoS attacks were suddenly legal. It's gotta' be tough reading that when you're in the slammer, eh? http://www.theregister.co.uk/2010/05/25/second_scientology_ddoser_jailed/
Re: Did Internet Founders Actually Anticipate Paid, Prioritized Traffic?
Michael Sokolov wrote: Leo Bicknell bickn...@ufp.org wrote: There really isn't a lot of choice, 2 providers, and some minor choice in how much speed you want to pay for with each one. Does that mean no CLECs like Covad or DSL.net who colocate in the ATT CO, rent unbundled dry copper pairs and take it up from there themselves? Does that mean no ISPs who buy/rent last+middle mile transport from ATT ADSL network at Layer 2 (ATM) and provide their own IP layer? MS There used to be an abundance of small ISPs, but the FCC changed all that in 2005 when they eliminated Line Sharing. The Federal Communications Commission on Friday voted to reclassify DSL broadband service, thus freeing phone companies of regulations that require them to share their infrastructure with Internet service providers. DSL will now be considered an information service instead of a telecommunications service, a distinction that puts DSL in line with the classification of cable modem services. The change in semantics was expected after the U.S. Supreme Court's ruling in the Brand X case just five weeks ago. The court's decision upheld the FCC's classification of cable modem service as an information service. Now the phone companies and the cable companies are exempt from common carrier rules that require them to share their infrastructure with Internet service providers. http://news.cnet.com/FCC-changes-DSL-classification/2100-1034_3-5820713.html
Re: Troubleshooting TCP performance tutorial
Abel Alejandro wrote: Greetings, This past week I have been trying to find the root cause of tcp performance problems of a few clients that are using a third party metro Ethernet for transport. RFC2544 tests (Layer 2) and iperf using UDP give good symmetric performance almost 100% the speed of the circuit. However all kind of TCP tests result in some kind of asymmetrical deficiency, either the upstream or downstream of the client is hugely different. The latency is not a huge factor since all the metro Ethernet connections have less than 2 ms. So the question basically if is there a good tutorial or white paper for troubleshooting tcp with emphasis of using tools like Wireshark to debug and track this kind of problems. Regards, Abel. It might be worth your while to run the analysis found here: http://netalyzr.icsi.berkeley.edu/index.html
Re: Did Internet Founders Actually Anticipate Paid,
I 'bookmarked' these folks: http://www.plus.net/?home=hometop on June 18, 2008 because they were one of the few who openly admitted to using DPI to enforce QOS. Two + years later, they're still around and apparently successful. Just glancing through the site, I could no longer find any mention of DPI, but instead they say this: http://www.plus.net/support/broadband/speed_guide/traffic_management.shtml For what it's worth...
Re: US hunters shoot down Google fibre
David DiGiacomo wrote: Instead of a rifle, how about a shotgun? It fires a nice wide spread shot pattern. I think you would be much more likely to do some damage (ie: knock fiber off a pole) with something like that. Here in New Jersey it is illegal to use a rifle to hunt deer, so typically you will find hunters using a bow/arrow or Shotgun and you will see a lot of road signs (or other abandon junk) that has been victim of a shotgun blast. ~Dave Birds like to sit on wires and assholes like to shoot them. 50 years ago I carried around the .22 slug I dug out of the lead-sheathed cable while troubleshooting the outer marker for McClellan AFB in the middle of a rainy night. --Michael
Re: Juniper SSG-140, Monitoring and control the usage of the Internet
Yasir Munir Abbasi wrote: Hi, I have a SSG-140 Juniper Firewall. I need to ask, how can I Monitor the individual IP traffic? I mean I want to see who is taking more bandwidth. Please help me out. Thanks Yasir Munir Abbasi Senior Network Engineer EMail: y...@ciklum.netmailto:y...@ciklum.net ntop? http://www.ntop.org/overview.html
Re: async serial fiber transceivers
Christopher O'Brien wrote: Greetings, I am planning on deploying a console access server on my network for 20-30 network devices including routers, wireless controllers and other devices. The design is to have one central device for all console access. Due to the geographic diversity of my campus, I will need need to carry the async serial connections over my fiber plant with long reach optics and single mode fiber. I have the fiber plant to support this design. I have been researching solutions to implement the serial part, but I am not very familiar with the vendors I am coming up with. For instance, I know Black Box Networks makes products like this but they only seem to have stand alone devices. I was hoping for something rack mountable since I will have a dense deployment of these devices. Does anyone have experience deploying a solution like this or with async serial fiber transceivers in general? I welcome any suggestions. -Chris You could try calling these folks: http://www.bb-elec.com/custom.asp http://www.bb-elec.com/SubCategory.asp?SubCategoryId=34Trail=11TrailType=Main
Re: Token ring? topic hijack: was Re: Mystery open source switching
Michael Sokolov wrote: Carlos Martinez-Cagnazzo carlosm3...@gmail.com wrote: Not only token ring. I know of some coaxial ethernets that were running as late as 2007. The network I am using to compose and post this message right now is a coaxial Ethernet. MS Thick or Thin?
Re: Level 3 Communications Issues Statement ConcerningComcast'sActions
Owen DeLong wrote: You can stream 1080p/5.1 128khz over 2mbps at high quality using codecs that were available 2 years ago. (VP6, VP7 can do this, for example). Over the 'Internet'? Why do you think http://www.vudu.com/ tells me I need 4.5Mbpps? Required Internet Speed: Customers should have at least a 1 Mbps broadband internet connection in order to enjoy the VUDU streaming service. With faster broadband connections, customers can enjoy VUDU's 720p HD and industry leading 1080p HDX format. Minimum requirements for the VUDU streaming service are as follows: SD (480p) requires 1 Mbps HD (720p) requires 2.25 Mbps HDX (1080p) requires 4.5 Mbps --Michael
Re: Level 3 Communications Issues Statement ConcerningComcast'sActions
Ben Butler wrote: Same hymn sheet, if they pay enough the cost averaging model works again and we don't have to worry about latency critical or transfer volume. The problem is that they wont pay for it. I became interested in these guys: http://www.plus.net/?home=hometop in 2008 because they were one of the first to use DPI (and admit it) to enforce their TOS. Every time I check their site (~every 8-10months), they seem to have won another award. Is 'Net Neutrality', the FCC, or something else preventing a model like this from having success in the U.S.? Or does it exixt and I just haven't heard about it? --Michael -Original Message- From: wher...@gmail.com [mailto:wher...@gmail.com] On Behalf Of William Herrin Sent: 30 November 2010 04:17 To: Ben Butler Cc: NANOG list Subject: Re: Level 3 Communications Issues Statement Concerning Comcast'sActions On Mon, Nov 29, 2010 at 10:51 PM, Ben Butler ben.but...@c2internet.net wrote: Then consumer broadband came along, the subs went down, the headline speeds went up, service delivery becomes impossible in the face of the marketing BS and here we are. Hi Ben, So you're saying: treat it like electrical service. I have a 200 amp electrical service at my house. But I don't pay for a 200 amp service, I pay for kilowatt-hours of usage. There are several problems transplanting that billing model to Internet service. The first you've already noticed - marketing activity has rendered it unsalable. But that's not the only problem. Another problem is that the price of electricity has been very stable for a very long time, as has the general character of devices which consume it. Consumers have a gut understanding of the cost of leaving the light on. But what is a byte? How much to load that web page? Watch that movie? And doesn't Moore's Law mean that 18 months from now it should cost half as much? If I can't tell whether or not I'm being ripped off, I'm probably being ripped off. A third problem is the whole regulated monopoly thing. The electric company had to be slapped down hard by the government to make its billing process fair. Anything we can do to avoid that fate is money in the bank, even if it means allowing the occasional customer to get more than he paid for. So if we can't bill you by usage, and at a consumer level we can't, then we have to find another way. Statistics and prayer isn't working out as well as we'd hoped so we're looking at double-billing schemes. Bad plan! Regards, Bill Herrin
Re: Blocking International DNS
Randy Bush wrote: the more i think about this, the more i am inclined to consider a second trusted root not (easily) attackable by the usg, who owns the root now, or the acta vigilantes. as dissent becomes less tolerated, let alone supported, we may want to attempt to ensure it in our deployments. randy Might be of interest: http://digitizor.com/2010/12/01/the-pirate-bay-co-founder-starting-a-p2p-based-dns-to-take-on-icann/
Re: The scale of streaming video on the Internet.
mikea wrote: Faster and doesn't require infrastructure (other than possibly electrical power). Those hams were throttled _way_ back, too, to about 21 words per minute; I frequently hear Morse at speeds up to about 50 wpm in the ham bands. In '56 ( I was 13 yrs old...got my General at 11), I handled traffic on PAN (Pacific Area Net) at around 30 wpm with a bug and a stick, stick being a pencil. Bug here: http://www.youtube.com/watch?v=yHz2rEiFnfwfeature=related --Michael (ex K6IYC)
Re: Want to move to all 208V for server racks
Kevin Oberman wrote: Lead-acid batteries can deliver way over 100 amps of current and a conductor across safe voltage will get hot and, if not heavy enough, will vaporize. The temperatures attained can cause major burns and, should the metal vaporize, can damage tissue so severely that fingers have been lost when the blood vessels were cauterized. While safety rules often list voltages under 50 as being safe, it is still important to exercise caution like removing rings, bracelets and the like. I can't remember what I was trying to accomplish, but when we were building a telco office, and after making sure I was completely demetalicized, I had to climb up the ladder and sit on one of the 48V 1/4x4 (2-sandwiched) copper buss-bars and lay out accross the others, everything being already 'hot'. Unnerving to be sure. I can also recall one morning at the S.P. Railroad when they called all us 'Diesel Electricians' together and showed us a wrench from graveyard shift. Most of one end was burned off, and the other end was welded to the thick, gold, wedding-band which had been cut off the guy's finger on the way to the hospital. They reiterated the mantra, 'when working with batteries, always disconnect the grounded/carbody side first'. At IBM, we had a ritual before working on -anything-. Take off rings, watches/bracelet, tie-clasp and put into pocket. Tuck tie into top opening of shirt (white) so your neck doesn't get broken when tie catches on all the spinning crap. Even after the 360/370 came along you could always tell the old hands...the guys with their tie tucked in.
Re: list archive
Randy Bush wrote: how do i find archives of this list from the '90s and early '00s? randy Partial list here: http://www.merit.edu/mail.archives/nanog/historical.html
Re: 5.7/5.8 GHz 802.11n dual polarity MIMO through office building glass, 1.5 km distance
Anonymous List User wrote: For architectural and building management reasons we cannot mount our antennas in a rooftop or outdoor location at either end. The distance between two buildings is 1.5 km, and the fresnel zone is clear. Antennas need to be located indoors at both ends and will be placed on small speaker stand tripod pointing at windows. This has been done successfully before with 2.4 GHz 802.11g equipment and a link from an office in the Westin to a nearby apartment building, but I am unsure of what effect glass will have on 5 GHz. Has anyone tried this? The goal of this link is to achieve a 10 Mbps+ full duple bridge to a building which is only serviced by ADSL2+ Telus service in a Western Canadian city. Telus' upstream speed offering do not exceed 1 Mbps. Equipment. These have been used successfully for MCS13/MCS14 50 Mbps+ bridges at 11 km distance between towers. http://ubnt.com/nanobridge http://www.ubnt.com/downloads/nb5_datasheet.pdf Imo, Ubiquiti stuff is so cheap ($95 for the 25dBi version), it's probably more cost effective to just buy it and try it rather than spending the time analyzing the glass (on both ends).
Re: Request Spamhaus contact
On 17/01/11 5:40 PM, Jeffrey Lyon wrote: I'm not a spammer. I'm an ISP asking to be removed from Spamhaus for having fixed the SBL listings set in the last 72 hours. I'm not exactally ROKSO material. Jeff http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=AS:32421 Safe Browsing Diagnostic page for AS32421 (BLCC) What happened when Google visited sites hosted on this network? Of the 837 site(s) we tested on this network over the past 90 days, 13 site(s), including, for example, temagay.com/, inndir.com/, ivbux.com/, served content that resulted in malicious software being downloaded and installed without user consent. The last time Google tested a site on this network was on 2011-01-17, and the last time suspicious content was found was on 2011-01-17. Has this network hosted sites acting as intermediaries for further malware distribution? Over the past 90 days, this network has not hosted any sites that appeared to function as intermediaries for the infection of any other sites. Has this network hosted sites that have distributed malware? Yes, this network has hosted sites that have distributed malicious software in the past 90 days. We found 2 site(s), including, for example, aresdownload.net/, xvid.com/, that infected 74 other site(s), including, for example, just4cruisers.com/, filmindirsene.tk/, skootterini.com/.
Re: help needed - state of california needs a benchmark
Mike wrote: The rub is, that they want to legislate that web based 'speedtest.com' is the ONLY and MOST AUTHORITATIVE metric that trumps all other considerations and that the provider is %100 at fault and responsible for making fraudulent claims if speedtest.com doesn't agree. speedtest.net?
Re: US Warships jamming Lebanon Internet
Martin Millnert wrote: On Sun, Feb 6, 2011 at 12:00 AM, Joly MacFie j...@punkcast.com wrote: Lebanon's Telecom minister is claiming that US Navy radar is blocking the country's Internet.. http://www.naharnet.com/domino/tn/NewsDesk.nsf/0/93A95CA1A4E42178C225782E007371AF The problem, however, is due to a coordination error related to waves, Nahhas told OTV, adding that an investigation was underway to find out whether this act is intentional or not. also at http://www.naharnet.com/domino/tn/NewsDesk.nsf/Lebanon/EFCEF203B3C315A5C225782E0020C75F Well-known problem with radars and wifi (used to live next to a (military) radar research site): http://en.wikipedia.org/wiki/Radar#Frequency_bands -- Check who uses S and C http://en.wikipedia.org/wiki/S_band Another reason to not rely on radio for your LAN/WAN in times of Aegis cruisers passing by... ;) Regards, Martin I've seen Aegis radar interfere with C-band satellite communications (3720-4180 MHz.) which is used by all kinds of services.
Re: US Warships jamming Lebanon Internet
Denys Fedoryshchenko wrote: Hi I'm sysadmin of Lebanese ISP. Almost at same time i got heavy interference on few of my C-Band carriers, and it looks like electronic warfare jamming, because i can see phase modulated, very weak signal, but it is completely breaking almost any communications on my carriers. Strange thing, that our uplink station confirm that interference is not local on my side, but on satellite carrier. If this will be confirmed, that means it is not just miscommunication between authorities about frequency usage, it will be intentional damage for Lebanese communications. Sure it can be coincidence in time or something else, but last 6 years i experience similar terrible interference only during 2006 Lebanon vs Israel war. Hi Denys I doubt it's intentional jamming since I've had the same problem. Aegis radar is very high power in full radiate mode and as such creates problems for Low Noise Amplifiers listening at 3.4-4.2 GHz. Someone needs to talk to Microwave Filter Company. http://www.microwavefilter.com/c-band_radar_elimination.htm --Michael Lebanon's Telecom minister is claiming that US Navy radar is blocking the country's Internet.. http://www.naharnet.com/domino/tn/NewsDesk.nsf/0/93A95CA1A4E42178C225782E007371AF The problem, however, is due to a coordination error related to waves, Nahhas told OTV, adding that an investigation was underway to find out whether this act is intentional or not. also at http://www.naharnet.com/domino/tn/NewsDesk.nsf/Lebanon/EFCEF203B3C315A5C225782E0020C75F
Re: Is your ASN advertising v6 prefixes?
Jack Bates wrote: On 2/10/2011 12:37 AM, Scott Weeks wrote: No, fix your site or I go elsewhere. I'm pretty sure if it's between their use of session cookies (RIPE_NCC_DB_SESSION) and you going elsewhere, they'll stick with using the session cookies for the database. They could be a little less sloppy, though. I mean RIPE_COOKIE_TEST? Really? And some of the graphs don't seem to be working right with FF (get a pretty display of them all and then they vanish and can't find them in the various menus). Jack Same exact problem with IE8, btw.
Re: US Warships jamming Lebanon Internet
de...@visp.net.lb wrote: On Tue, 08 Feb 2011 12:53:14 -0600, Jack Bates wrote: On 2/8/2011 7:41 AM, Denys Fedoryshchenko wrote: It is PLL LNB, one carrier, we are using full transponder 36 Mhz. There is almost no other users on this satellite (inclined more than 1.5 degree), and other carriers center frequency 100Mhz away. Since no one else will, I blame solar flares! Jack I am monitoring solar activity, getting info from NOAA. No correlation. Have you been able to get any assistance from the uplink/teleport noc or the satellite operator?
Re: Libya
- Original Message - From: Randy Bush ra...@psg.com To: NANOG Operators' Group nanog@nanog.org Sent: Friday, February 18, 2011 8:23 PM Subject: Libya gossip that libya is off net. any actual data? randy Scuttlebutt has it that because of 'political unrest', Formula 1 was going to move the upcoming race from Bahrain to ...umm hmm.
Re: Sunday Funnies: Using a smart phone as a diagnostic tool
Jay Ashworth wrote: Do you have a smartphone? Blackberry? iPhone? Android? Do you use it as a technical tool in your work, either for accessing devices or testing connectivity -- or something else? If so, what kind of phone, and what (if you don't mind letting on) are your magic apps for this sort of work? (My motivation? Well, um, Lee, I'm looking at buying an HTC Thunderbolt, if everyone can get their thumbs out, and I want to get a feeling for the lanscape, if you'll pardon the pun. :-) Cheers, -- jra Please get one that has a mail app that posts to these lists correctly.g
Re: Sunday Funnies: Using a smart phone as a diagnostic tool
Joel Jaeggli wrote: On 2/27/11 10:09 PM, Randy Bush wrote: I have a Droid2 with the WiFi Analyzer freebie app by Kevin Yuan. i run it on a nexus one. way coolquite useful. i just can't excuse the $600 cost of a wi-spy. http://ubnt.com/airview 2.4ghz model is more Like $50 and works nearly as well as the wi-spy. wi-spy DBx is stll about the cheapest I've seen for a 5ghz spectrum analyzer, and is worth it for that alone but the interference problem you're trying to nip in the bud is is likely in 2.4ghz anyway. but it sure would be nice to have a general rf peek at the wifi ranges. two weeks ago, in hk, we had rf interference that essentially killed the wifi, but it did not show on wifi analyzer. randy If you need some directionality (and more gain), get the AirView-EXT model and get one of these: http://www.superpass.com/SPDG11F.html Mine came without the S/S mounting plate and I just velcroed the thing to the lid of the laptop (~4x2x1 in.). I also have a higher gain omni that goes on the same velcro, so after you identify the interference, switch to the Sector ant. to get the direction if needed. --Michael
Re: so big earthquake in JP
Christopher LILJENSTOLPE wrote: Pacific tsunami warning centre has confirmed a deep ocean tsunami. Three dart bouys have detected 2 ft wave fronts. Warnings up for entire pacific basin except for Alaska/canada/us west coast. Chris Tsunami sirens just went off on Maui.
Re: The growth of municipal broadband networks
Owen DeLong wrote: On Mar 26, 2011, at 11:36 PM, Jay Ashworth wrote: - Original Message - From: Owen DeLong o...@delong.com As such, I'm sure that such a move would be vocally opposed by the current owners of the LMI who enjoy leveraging it to extort monopolistic pricing from substandard services. As I noted, yes, that's Verizontal, and they have apparently succeeded in lobbying to have it made *illegal* in several states. I don't have citations to hand, but there are a couple sites that track muni fiber; I can find some. Cheers, -- jra Laws can be changed if we can get enough momentum behind doing the right thing. Owen http://en.wikipedia.org/wiki/Regulatory_capture
Re: The growth of municipal broadband networks
Owen DeLong wrote: On Mar 27, 2011, at 12:35 AM, Michael Painter wrote: Owen DeLong wrote: On Mar 26, 2011, at 11:36 PM, Jay Ashworth wrote: - Original Message - From: Owen DeLong o...@delong.com As such, I'm sure that such a move would be vocally opposed by the current owners of the LMI who enjoy leveraging it to extort monopolistic pricing from substandard services. As I noted, yes, that's Verizontal, and they have apparently succeeded in lobbying to have it made *illegal* in several states. I don't have citations to hand, but there are a couple sites that track muni fiber; I can find some. Cheers, -- jra Laws can be changed if we can get enough momentum behind doing the right thing. Owen http://en.wikipedia.org/wiki/Regulatory_capture Yes, that's the reality we're faced with... The question is how do we overcome it and resolve the situation in the public interest. We can either work to resolve the problem, or, accept it as fait acompli and wear the yoke of corporate slavery for the rest of our lives. I, personally, prefer to look for alternatives. Owen Yeah, well, I have an Anonymous t-shirt, but clearly I'm in the minority. Maybe a 'turncoat' member of the Plutocracy, with multi-millions of $ laying around, can be persuaded to mount a Presidential campaign and try the Change We Can Believe In schtick again?...naaa. Your turn. --Michael
Re: ESR muses on, among other things, the early IETF
Jay Ashworth wrote: Those who know Fred and knew Jon personally might want to throw an oar in the water on this blog posting from last month... http://esr.ibiblio.org/?p=4591 And that's not mentioning, of course, the people who want to throw the oar *at* ESR: I know he's a polarizing individual. :-) Cheers, -- jra Ahh hell...it's Friday. http://www.theatlantic.com/international/archive/2012/10/hacktivists-advocate-meet-the-lawyer-who-defends-anonymous/263202/#
Re: Roy Bates, Prince Roy of Sealand, dies at 90.
Joly MacFie wrote: James Grimmelmann's recent write up is worth reading http://works.bepress.com/cgi/viewcontent.cgi?article=1035context=james_grimmelmann So many incredible stories in there...thanks for posting that link.
Re: Coded TCP
George Herbert wrote: Modeled with just simple FTP sessions? Ugh: they admitted to having MIT backbone packet traces to analyze, and then used that simple of a simulator... The practical benefits of the technology, known as coded TCP, were seen on a recent test run on a New York-to-Boston Acela train, notorious for poor connectivity. By increasing their available bandwidth-the amount of data that can be relayed in a given period of time-Medard and students were able to watch blip-free YouTube videos while some other passengers struggled to get online. They were asking us 'How did you do that?' and we said 'We're engineers!' she jokes. More here: http://www.technologyreview.com/news/429722/a-bandwidth-breakthrough/?utm_campaign=newslettersutm_source=newsletter-daily-allutm_medium=emailutm_content=20121023
Re: Eaton 9130 UPS feedback
Adrian wrote: We have several 5130 and 9125 models (2kVA rackmount), never given us a problem in years of service... Well, one network management card that lost its mind, reset the configuration and went on with life, but the UPS just chugged along. Biggest plus has been that they don't cook their batteries like APCs do. Adrian Now *that's* good to know...thanks!
Re: Eaton 9130 UPS feedback
Alex wrote: We have quite alot of Eaton UPS's in our network, all sorts of models. There have been no problems from what I've seen, except when you add water from a broken pipe or bad roof. We've had the once in a blue moon management card reset as Adrian said but it didn't interrupt our equipment. Thanks! I've been very disappointed with APC. I had a customer spend thousands on replacement batteries/freight for a Matrix 5000 only to have a $5 cooling fan crap out and no way to get a replacement.sigh
Re: William was raided for running a Tor exit node. Please help if you can.
Naslund, Steve wrote: 1. Running open access wireless does not make you legally an ISP and if your open wireless is used to commit a crime you could be criminally negligent if you did not take reasonable care in the eyes of the court. Related: https://www.eff.org/deeplinks/2012/07/judge-copyright-troll-cant-bully-internet-subscriber-bogus-legal-theory http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2035633
Re: William was raided for running a Tor exit node. Please help if you can.
Joakim Aronius wrote: Lets assume that some child pr0n dealer used this Tor exit node, is it not reasonable if the police wants to see if there are logs that make it possible to catch the sleazebag? Should LE ignore crime if it originates from a network which operates a Tor exit node? I am all for being anonymous on the net but I seriously believe that we still need to enforce the law when it comes to serious felonies like child pr0n, organized crime etc, we can't give them a free pass just by using Tor. I dont think it should be illegal to operate a Tor exit node but what just happened could be a consequence of doing it. Of course they might not know abot Tor and believes that it is Mr Williams that is the bad guy. /J Wouldn't Austrian LEA need possession/knowledge of this pr0n site in order to determine the exit node that was using it?
Re: William was raided for running a Tor exit node. Please help if you can.
Naslund, Steve wrote: I might be reading this the wrong way but it looked to me like the cops raided his home and the Tor server is hosted off site with an ISP. That is what is bugging me so much. The cops raided his house, not the location of the server. If they had tracked the server by its IP it would have led to the hoster, not his home. They could have gotten his address as the account holder but the ISP would have known that the Tor server was at their site not his home. The IP would not track to his residence. Something is not the full story here or I am misreading his interview. How about: Police have seen CP and have logs from Additionally, I was accused of sharing (and possibly producing) child pornography on a clearnet forum via an image hosting site that was probably tapped. Police look at IP addresses that have accessed the images for those that are within their jurisdiction. Police find an address within a block that is registered to Wiliam. Police raid William and receive an education on TOR exit nodes on servers in Poland. Maybe? Why wouldn't the IP address have led to William? --Michael
Re: William was raided for running a Tor exit node. Please help if you can.
Joel jaeggli wrote: The internet is potentially quite a useful tool for getting your message out so long as using it isn't holding a gun to your own head. While we site here with the convenient idea of some legal arbitrage which allows me to do something which isn't illegal in my own domain to facilitate something that is quite illegal elsewhere, the fact of the matter is if you run a service like this you don't get to pick and choose. In your opinion, would it make *any* kind of semse to engage in child pron AND run an exit node? Thanks, --Michael
Re: William was raided for running a Tor exit node. Please help if
Owen DeLong wrote: I strongly disagree with you. TOR exit nodes provide a vital physical infrastructure to free speech advocates who live in jurisdictions where strong forces are aligned against free speech. I'm sure most TOR exit node operators would happily provide all the details they have if presented with an appropriate subpoena. I really cherish this idea of privacy on the internet. It's a strong tool for enabling democracy and freedom of speech. [snip] Isn't William's problem because he used an IP address that was registered to him on the Polish server? If not, what am I missing? SANS has chimed in via their latest Newsbites: --TOR Operator Charged For Content Sent Through His Servers (November 29 30, 2012) An Austrian man who operated TOR servers has been charged with distributing child pornography. Authorities detected the images passing through the servers maintained by the man. Police seized 20 computers and other equipment from William Weber's home. TOR is an acronym for The Onion Router, a project developed by the US Naval Research Laboratory that allows people surf the web anonymously. It is often used by political dissidents, journalists, and law enforcement officers, and has also been used by criminals. The offending images were being distributed by a server in Poland and sent through Weber's servers. Weber operated exit servers; traffic from these nodes can be traced back to the servers' IP addresses. While the authorities became friendlier after understanding where the images came from, there is a precedent for holding TOR operators liable for content that passes through servers they operate. The Electronic Frontier Foundations acknowledges the risk that accompanies operating exit nodes and advises that it's best not to run your exit relay in your home or using your home Internet connection. http://arstechnica.com/tech-policy/2012/11/tor-operator-charged-for-child-porn-transmitted-over-his-servers/ http://www.bbc.co.uk/news/technology-20554788 http://www.zdnet.com/austrian-man-raided-for-operating-tor-exit-node-708133/ [Editor's Note (Ullrich): IMHO, the TOR operator acted like a transit ISP/NSP in this case. (Hoan): In many countries it is not illegal to run a Tor exit node. However, for anyone considering, or are already, running a Tor exit node you should familiarise yourself with the Electronic Frontier Foundation's Legal FAQ on the topic at https://www.eff.org/torchallenge/legal-faq/]
Fw: Gmail and SSL
Michael Painter wrote: Damian Menscher wrote: [Full disclosure: I work at Google, though the opinions stated below are mine alone.] snip Good luck finding another provider that enables SSL by default [1], offers 2-factor authentication [2], warns you when you're being targeted by state-sponsored attackers [3], and actually fights overly-broad subpoenas from governments [4]. I like the notification when an unusual IP address accesses your account. Thanks, --Michael
For those who may use a projector in the NOC
http://www.colorlightoutput.com/
Re: For those who may use a projector in the NOC
- Original Message - From: Eric Adler To: Michael Painter Cc: nanog@nanog.org Sent: Thursday, January 17, 2013 4:19 PM Subject: Re: For those who may use a projector in the NOC This appears to be an Epson / 3LCD marketing campaign. whois shows an admin contact at wintergroup.net. wintergroup.net (on http) is the home to a marketing agency, their client links below include Epson and 3LCD; clicking 3LCD brings up a still image showing this page. Searching for 3LCD finds this Epson page: http://global.epson.com/innovation/projection_technology/3LCD_technology/. http://3lcd.com/ has a very familiar 'feel' as well... and has an admin contact at Seiko Epson Corporation I won't get into display theory on this list (feel free to contact me if you want to discuss such) - Eric Adler Broadcast Engineer Yes, I was taken in by the adoption of CLO by the Society for Information Display http://www.sid.org/About.aspx It's so easy to drop thousands into a projector based on the specs. and end up with a shitty picture, so I think the CLO spec will help, Whole thing is being debated here: http://www.avsforum.com/t/1451895/epson-color-light-output-demo-at-ces-2013 --Michael
Re: For those who may use a projector in the NOC
- Original Message - From: Eric Adler To: Michael Painter Cc: nanog@nanog.org Sent: Thursday, January 17, 2013 4:19 PM Subject: Re: For those who may use a projector in the NOC This appears to be an Epson / 3LCD marketing campaign. snip - Eric Adler Broadcast Engineer Hi Eric In case you didn't see it at the avs forum: Obviously brightness is only one metric, but a useful one if there is any ambient light or if you're going after a large screen. You might recognize my name.it's the one on the four page document highlighted above and available at www.colorlightoutput.com I'm a product manager for 3LCD. I'm a little surprised by the comments suggesting we were trying to hide the identity of 3LCD behind the site. Clearly the site doesn't scream3LCD.it wasn't supposed to. The Hero of the site is Color Light Output. The purpose is to provide information about this new measurement methodology.not present the technical details of 3LCD. I thought the 'feedback' page fairly well spells out who was behind it. That said, I will take these comments and make adjustment so that's it's clearer who is supporting the site. Regarding the projectors selected for testing in table 2 of the document. It is true that all of these projectors are single chip models with color wheels. Why is that? As Scott points out above, an RGB 3-path projector will always have equal parts of WLO and CLO. I know already how an NEC LCD projectors is going to perform. Only single chip projectors were tested in order to better understand how each Color Wheel design impacted CLO. I do admit that the list is heavily leaning towards the biz/ed side of the projection market.that's due to the makeup of sales volumes; only about 10% of projectors are sold into home theater. I hope, regardless of the company on my business card, that you'll agree with me that providing the customer this additional data is a good thing. My aim here is to get all manufacturers to list CLO as a supported metric.
Re: Looking for success stories in Qwest/Centurylink land
- Original Message - From: valdis.kletni...@vt.edu To: Rob McEwen r...@invaluement.com Cc: nanog@nanog.org Sent: Tuesday, January 29, 2013 6:38 AM Subject: Re: Looking for success stories in Qwest/Centurylink land snip So where are all the arrests and convictions for the mortgage games and other Wall Street malfeasance that led to the financial crisis of 2008? Seems that was a tad more egregious than anything Enron did, so there should have been more arrests and convictions? http://www.rollingstone.com/politics/news/secret-and-lies-of-the-bailout-20130104
Re: NYT covers China cyberthreat
- Original Message - From: valdis.kletni...@vt.edu To: Suresh Ramasubramanian ops.li...@gmail.com Cc: nanog@nanog.org Sent: Thursday, February 21, 2013 5:54 PM Subject: Re: NYT covers China cyberthreat And since it's Wacky Friday somewhere: http://arstechnica.com/security/2013/02/how-anonymous-accidentally-helped-expose-two-chinese-hackers/
It's Friday
http://www.technologyreview.com/news/514066/what-happened-when-one-man-pinged-the-whole-internet/?utm_campaign=newslettersutm_source=newsletter-daily-allutm_medium=emailutm_content=20130426
Re: ftc shuts down a colo and ip provider
- Original Message - From: Randy Bush ra...@psg.com To: North American Network Operators Group na...@merit.edu Sent: Thursday, June 04, 2009 6:38 PM Subject: ftc shuts down a colo and ip provider http://voices.washingtonpost.com/securityfix/2009/06/ftc_sues_shuts_down_n_calif_we.html while allegedly a black hat, this is the first case i know of in which the usg has shut down an isp. nose of camel? first they came for ... randy I'm curious...what do you think should be done about webhosting providers who do harm to others? http://voices.washingtonpost.com/securityfix/pushdo.htm --Michael
Re: Eye protection in DWDM systems -- what threshold?
- Original Message - From: Kevin Loch kl...@kl.net Cc: nanog@nanog.org Sent: Tuesday, June 09, 2009 12:17 PM Subject: Re: Eye protection in DWDM systems -- what threshold? In a pinch the camera on a MacBook pro can be used to detect presence of IR light. Here's light from a 10Gbase-LR xenpak: http://www.majhost.com/gallery/kl/Macbook/macbook-laser-camera.jpg It's easier to see when previewing in real time than in the static picture but it does require careful aim. - Kevin Most 'cell phone' cameras also detect IR. Handy to verify that A/V equipment Remotes are working. --Michael
Re: [OT] Micros~1 Sysinternals
- Original Message - From: jamie rishaw j...@arpa.com To: NANOG list nanog@nanog.org Sent: Friday, June 12, 2009 6:41 PM Subject: [OT] Micros~1 Sysinternals [Off Topic] [Dont annoy the MLC by making this a thread] [MLC: *waves hand, jedi style* This post is okay.] All, I dont know the politics behind it, but whenever things like this come out, it usually means the viability is being questioned. MS has put out a survey w.r.t. Sysinternals, formerly sysinternals.combut now part of the Microsoft collective. If you use, or have used, Sysinternals tools [1] (invaluable to those with clue trying to deal with MS crap), you know its value. As SANS writes, If you are a Sysinternals user please consider taking five minutes to contribute to their future. It took me about a minute and a half. The link URL is below at #2, or *http://tinyurl.com/mvtd6d* -jamie [1] http://technet.microsoft.com/en-us/sysinternals/default.aspx [2] SURVEY LINK : *http://tinyurl.com/mvtd6d* , aka http://www.zoomerang.com/Survey/survey-intro.zgi?p=WEB229A879HFVU -- Jamie Rishaw // .com.a...@j - reverse it [Impressive C-level Title Here], arpa / arpa labs Thank you, --Michael
Re: WISP NMS recommendations
- Original Message - From: Freddie Sessler nanog...@gmail.com To: nanog@nanog.org Sent: Wednesday, June 17, 2009 6:31 PM Subject: WISP NMS recommendations Hi Folks,I am looking for recommendations on an NMS system for use in managing a multivendor wireless infrastructure. Specifically we run mostly Motorola point to point, point to multipoint(Canopy platform) and mesh radios devices We have looked at the One Point Wireless Manager but this product in our evaluation doesn't seem to be ready for prime time and also has the limitation of only being able to manage Motorola. Ideally we would have something that could be used for configuration management in a multi vendor environment as well as recieve SNMP traps about RF issues such as latency and jitter. I am curious to what other shops are using out there. If this is a top better suited to another list, my apologies and any pointers to a different list would be greatly appreciated. Thanks JT This list is quite active: http://lists.wispa.org/mailman/listinfo/wireless
Re: Using twitter as an outage notification
- Original Message - From: Frank Bulk Sent: Saturday, July 04, 2009 10:59 AM Subject: RE: Using twitter as an outage notification When the local power companies uses twitter, then maybe I'll consider using twitter for our customers. There's the temptation by some of companies to leverage the latest technology to appear cool and in tune with customers, but by far and large, when something goes down customers either do no nothing, wait, or call in. I think the best use of everyone's time is to make sure their call center/support desk has the capability to post an announcement to those that call in. And then make sure something gets posted to the website. SMS, Facebook, and Twitter fall in line after all that. Frank I thought this was interesting: Bonnie Smalley has Internet bragging rights: She has been blocked by Twitter for hand-typing too many tweets in an hour. They thought she was a computer program made to spew spam. Ms. Smalley, it turns out, is a 100 percent human customer service representative for Comcast. She is one of 10 representatives who reach out to customers through social networks, rather than waiting for them to find Comcast's support site. http://www.nytimes.com/2009/07/02/technology/personaltech/02basics.html?partner=rssemc=rss
Re: Dutch ISPs to collaborate and take responsibility for botted clients
Gadi Evron wrote: [snip] This will be an interesting phenomenon to watch. If it is successful perhaps it could work here too. Comcast is launching a trial on Thursday of a new automated service that will warn broadband customers of possible virus infections, if the computers are behaving as if they have been compromised by malware. ISPs have a helpful role to play in helping subscribers mitigate these kinds of security threats, she said. The challenge is...when users get these notices, do they understand them? Do they trust that they are real? Do they follow through to the point where they clean up their computers? http://news.cnet.com/8301-27080_3-10370996-245.html
Re: Dutch ISPs to collaborate and take responsibility
Lee wrote: If an ISP is involved with tracking down DDOS participants or something, I can understand how they'd know a system was compromised. But any kind of blocking because the ISP sees 'anomalous' traffic seems .. premature at best. SANS newsbites has this bit: On Thursday, October 8, Comcast began testing a service that alerts its broadband subscribers with pop-ups if their computers appear to be infected with malware. Among the indicative behaviors that trigger alerts are spikes in overnight traffic, suggesting the machine has been compromised and is being used to send spam. When my son comes home from college, there's a huge spike in overnight traffic from my house. With all the people advocating immediate blocking of pwned systems in this thread, I'm wondering what their criteria is for deciding that the system is compromised should be blocked. Lee Some info. here (from http://networkmanagement.comcast.net/ ): 5. Detection of Bots http://tools.ietf.org/html/draft-oreirdan-mody-bot-remediation-03 http://tools.ietf.org/html/draft-livingood-web-notification-00
Re: Speed Testing and Throughput testing
Nathan Ward wrote: On 3/11/2009, at 10:56 AM, Mark Urbach wrote: Anyone have a good solution to get accurate speed results when testing at 10/100/1000 Ethernet speeds? An NDT server?... such as: http://ndt.anl.gov:7123/
Re: news from Google
Peter Beckman wrote: I'm shocked that really smart people like Asa Dotzler are shocked by what Eric Schmidt said, what I assumed was simply common knowledge - that there is no real privacy on the internet. On the Sprint 3G network... If [the handset uses] the [WAP] Media Access Gateway, we have the URL history for 24 months ... We don't store it because law enforcement asks us to store it, we store it because when we launched 3G in 2001 or so, we thought we were going to bill by the megabyte ... but ultimately, that's why we store the data ... It's because marketing wants to rifle through the data. http://www.infoworld.com/d/adventures-in-it/cell-phone-subterfuge-produces-nation-270-million-spies-090
Re: facebook spying on us?
Steven G. Huter wrote: this August 2011 article in the Economist outlines some relevant info about the prineville, oregon FB datacenter. http://www.economist.com/node/21525237 steve Informative article...It's the climate, stupid. Got a laugh out of: The server racks are nearly silent, and their internal fans whirr almost imperceptibly. The only exceptions are network switches which, Facebook staff notes, are perversely designed by even the biggest firms to vent air out of their sides. As a result, they run loud and hot-and are openly sworn at.
Re: F.ROOT-SERVERS.NET moved to Beijing?
- Original Message - From: valdis.kletni...@vt.edu On Mon, 03 Oct 2011 11:29:43 +0530, Suresh Ramasubramanian said: 120K domains - basically cnnic seems to have finally got tired of russian No, I think Randy was referring to this sort of thing: http://www.theregister.co.uk/2011/02/18/fed_domain_seizure_slammed/ Our government has gone rogue on us, Eric Goldman, a professor at Santa Clara University School of Law, said. Our government is going into court with half-baked facts and half-baked legal theories and shutting down operations. This is exactly what we thought the government couldn't do. I'm scratching my head why we aren't' grabbing the pitchforks. ® I.C.E., our very own Gestapo-Without-Borders. Makes me proud.sigh
Re: Y'all know Google is offering public DNS services now?
Todd Underwood wrote: not bad for CDNs anymore: http://arstechnica.com/telecom/news/2011/08/opendns-and-google-working-with-cdns-on-dns-speedup.ars t Fwiw, ol' Steve Gibson has written a small (167KB), .exe, DNS Benchmark. It's easy to add 8.8.8.8 and 8.8.8.4 (or any nameserver) to the .ini file from within the program . http://www.grc.com/dns/benchmark.htm --Michael
Re: Y'all know Google is offering public DNS services now?
Michiel Klaver wrote: At 22-07-2011 20:59, Michael Painter wrote: Fwiw, ol' Steve Gibson has written a small (167KB), .exe, DNS Benchmark. It's easy to add 8.8.8.8 and 8.8.8.4 (or any nameserver) to the .ini file from within the program . http://www.grc.com/dns/benchmark.htm --Michael There's also namebench, does a lot of more tests, and runs at Mac OSX and Linux too: http://code.google.com/p/namebench/ More tests? Where's the result of the DNSSec checks? Its maintenance is suspect, since my ISP's (and most resolvers) returned something like: a.. www.anonymizer.com appears incorrect: 209.143.153.58 a.. isohunt.com appears incorrect: 208.95.172.130 a.. www.thesouthasian.org appears incorrect: sbsfe.geo.mf0.yahoodns.net a.. youporn.com appears incorrect: 173.192.24.120, 173.192.60.242, 173.192.60.245, 173.192.24.114, 173.192.24.115, 173.192.24.116, 173.192.24.117, 173.192.24.119 a.. www.stopkinderporno.com appears incorrect: 188.72.230.78 a.. wikileaks.org appears incorrect: 88.80.16.63 a.. www.lapsiporno.info appears incorrect: 89.166.50.123 a.. www.paypal.com is hijacked: 173.0.88.34, 173.0.84.2, 173.0.84.34, 173.0.88.2 a.. uddthailand.com appears incorrect: 184.173.208.195 a.. www.stormfront.org appears incorrect: 174.121.229.156 a.. motherless.com appears incorrect: 198.64.4.17, 198.64.4.16 a.. www.partypoker.com appears incorrect: ppdotcom.iivt.com a.. twitter.com appears incorrect: 199.59.149.198, 199.59.149.230, 199.59.148.10 Interesting choice of URLs. I wonder how many folks are wasting their time chasing this ominous sounding a.. www.paypal.com is hijacked: 173.0.88.34, 173.0.84.2, 173.0.84.34, 173.0.88.2 --Michael
Re: Ok; let's have the Does DNAT contribute to Security argument one more time...
Jay Ashworth wrote: - Original Message - From: Valdis Kletnieks valdis.kletni...@vt.edu On the other hand, since a firewall's job is to stop packets you don't want, One of Marcus Ranum's 5 Stupidest Security Blunders - enumerating badness. A firewall's job isn't to stop unwanted packets, it's to pass only wanted packets. From 30,000ft those are equivalent. Speaking of 30,000 ft., saw this on Dave Farber's IP list: https://plus.google.com/u/0/110897184785831382163/posts/5qsNxFEaiML
Re: Fwd: Welcome to the Marketing mailing list
Betty Burke be...@nanog.org wrote: Everyone: This was truly just a honest mistake on my part. You are all right, should not have happened and I apologize. No worries, Betty. The only ones amongst us who don't make mistakes are the ones who don't do anything. --Michael
Re: First real-world SCADA attack in US
Steven Bellovin wrote: On Nov 21, 2011, at 4:30 PM, Mark Radabaugh wrote: Probably nowhere near that sophisticated. More like somebody owned the PC running Windows 98 being used as an operator interface to the control system. Then they started poking buttons on the pretty screen. Somewhere there is a terrified 12 year old. Please don't think I am saying infrastructure security should not be improved - it really does need help. But I really doubt this was anything truly interesting. That's precisely the problem: it does appear to have been an easy attack. (My thoughts are at https://www.cs.columbia.edu/~smb/blog/2011-11/2011-11-18.html) --Steve Bellovin, https://www.cs.columbia.edu/~smb Umm hmm. And here's another one poking around: http://pastebin.com/Wx90LLum I'm not going to expose the details of the box. No damage was done to any of the machinery; I don't really like mindless vandalism. It's stupid and silly. On the other hand, so is connecting interfaces to your SCADA machinery to the Internet. I wouldn't even call this a hack, either, just to say. This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic. --Michael
Re: First real-world SCADA attack in US
andrew.wallace wrote: Here is the latest folks, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system in Springfield, Illinois. http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html Andrew And In addition, DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported. I'd bet we'll soon be hearing more from this loldhs pr0f character in .ro. --Michael
Re: First real-world SCADA attack in US
On Nov 22, 2011, at 8:08 58PM, Steven Bellovin wrote: They do state categorically that After detailed analysis, DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system of the Curran-Gardner Public Water District in Springfield, Illinois. I'm waiting to see Joe Weiss's response. See http://www.wired.com/threatlevel/2011/11/scada-hack-report-wrong/ --Steve Bellovin, https://www.cs.columbia.edu/~smb Weiss expressed frustration over the conflicting reports. Somewhat related...New broom at DHS. From SANS NewsBites Vol.13, Num.93: Good News! Yesterday, Mark Weatherford took over as Deputy Undersecretary for Cyber Security at the U.S. Department of Homeland Security. For the first time in many years, the U.S. cybersecurity program will be run by a technologist rather than by a lawyer. There are good reasons to believe that this change will herald an era of greater balance in national cybersecurity leadership between NSA and DHS.
Re: First real-world SCADA attack in US
Hal Murray wrote: Like any of the decades largest breaches this could have been avoided by following BCP's. In addition SCADA networks are easily protected via behavioral and signature based security technologies. Is there a BCP that covers security for SCADA? Note that Google for BCP SCADA finds BS-25999 Business Continuity Plan Implementation Checklist ... -- Suppose a friend of yours was a low-level geek working for either a user/operator of a SCADA system or a vendor of software/hardware for that market. If he asked you for info about security, where would you send him? (Assume he knows all about SCADA but little about networks or security.) For that matter, is there any good security info for small to medium sized businesses? Say a local store, travel agency, or doctor/dentist. I'd tell them to go here: http://www.securityfocus.com/ And subscribe to, at least, the Security Basics list and ask their question (s) there. Security-Basics This list is intended for the discussion of various security issues, all for the security beginner. It is a place to learn the ropes in a non-intimidating environment, and even a place for people who may be experts in one particular field but are looking to increase their knowledge in other areas of information security. The Security-Basics mailing list is meant to assist those responsible for securing individual systems (including their own home computer) and small LANs. This includes but is not limited to small companies, home-based businesses, and home users. This list is designed for people who are not necessarily security experts. As such, it is also an excellent resource for the beginner who wants a non-threatening place to learn the ropes.
Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmap with malware!]
- Original Message - From: valdis.kletni...@vt.edu To: nanog@nanog.org Sent: Tuesday, December 06, 2011 3:03 PM Subject: Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmap with malware!] On Tue, 06 Dec 2011 15:49:29 PST, andrew.wallace said: A trojan can be used for good if in the right hands as a remote access tool for business use. Best troll line since n3td3v got banned from full-disclosure. Well played, I've been outclassed, I'm outta here. Maybe andrew's been reading http://wikileaks.org/the-spyfiles.html ?
Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmap with malware!]
Fyodor wrote: On Mon, Dec 05, 2011 at 10:14:48PM -0800, andrew.wallace wrote: Using fruitful language and acting like a child isn't going to see you taken seriously. I'm sorry that my language offended you. But if you ever spend more than 14 years creating free software as a gift to the community, only to have it used as bait by a giant corporation to infect your users with malware, then you may understand my rage. The good news is that many users are sick and tired of having their machines hijacked by malware. Especially by CNET Download.Com, which still says on their own adware policy page: In your letters, user reviews, and polls, you told us bundled adware was unacceptable--no matter how harmless it might be. We want you to know what you're getting when you download from CNET Download.com, and no other download site can promise that. --http://www.cnet.com/2723-13403_1-461-16.html Um, what people WANT when they download Nmap is Nmap itself. Not to have their searches redirected to Bing and their home page changed to Microsoft's MSN. Speaking of which, Microsoft emailed me today. They said that they didn't know they were sponsoring CNET to trojan open source software, and that they have stopped doing it. But the trojan installer uses your Internet connection to obtain more special offers from CNET, and they immediately switched to installing a Babylon toolbar and search engine redirect instead. Then CNET removed that and are now promoting their own techtracker tool. Apparently the heat is so high that even malware vendors are refusing to have any more part in CNET's antics! But if CNET isn't stopped, the malware vendors will come crawling back eventually and CNET will be there to receive them. There have been dozens of news articles in the last day and hundreds of outraged comments on blogs, Twitter, Facebook, etc. In the midst of all this terrible PR, Download.com went in last night and quietly switched their Nmap downloads back to our real installer. At least for now. But that isn't enough--they are still infecting the installers for thousands of other packages! For example, they have currently infected the installer for a children's coloring book app: http://download.cnet.com/Kea-Coloring-Book/3000-2102_4-10360620.html Have they no shame at all??! I've created a page with the situation background, links to the news articles, and the latest updates: http://insecure.org/news/download-com-fiasco.html Feel free to share it. Together, I hope we can get Download.Com to apologize and cease this reprehensible behavior! Cheers, Fyodor No, there's no shame when money's involved. Do Unto Others as they would do unto you...sue the fsck out of them. --Michael
Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmap with malware!]
Kyle Duren wrote: http://download.cnet.com/8301-2007_4-57338809-12/a-note-from-sean-regarding-the-download.com-installer/ In case no one saw this yet. -Kyle Sean's apology for their 'mistake' rings hollow. They've had almost 4 months to implement a solution to rectify these 'mistakes', but chose to ignore it until the uproar caused by the nmap community. http://www.extremetech.com/computing/93504-download-com-wraps-downloads-in-bloatware-lies-about-motivations It's always about the Money. --Michael
Re: Misconceptions, was: IPv6 RA vs DHCPv6 - The chosen one?
Masataka Ohta wrote: Because that's the Microsoft quality. PERIOD. We knew it was a crooked game, but it was the only game in town.
Re: Monday Night Footbal -- on Google?
Darius Jahandarie wrote: On Wed, Jan 11, 2012 at 19:11, valdis.kletni...@vt.edu wrote: On Wed, 11 Jan 2012 17:41:15 EST, Jay Ashworth said: Is 'The Internet' ready to deliver live 1080p HD with very close to zero dropouts to 25-30 million viewers for 4 hours straight every week, yet? Depends how much compression you use. :) We will certainly see the next frontier of bitrate starvation. And y'all thought shoving 50 channels on a single satellite transceiver tier was bad! Not sure where/what you're talking about, but here in the U.S.A, Dish Network and DirecTV seem to put a max of 7 MPEG 4 HD channels on a *transponder*. http://www.satelliteguys.us/thelist/index.php?page=sub --Michael
Re: Monday Night Footbal -- on Google?
Jay Ashworth wrote: - Original Message - From: Michael Painter tvhaw...@shaka.com Not sure where/what you're talking about, but here in the U.S.A, Dish Network and DirecTV seem to put a max of 7 MPEG 4 HD channels on a *transponder*. http://www.satelliteguys.us/thelist/index.php?page=sub Yup; at varying bit rates; I worked for a program provider to both, and I know just how fast the price goes up if you need enough signal to handle even *slow* motion. :-) Cheers, -- jra Cool. Is information about who buys what, closely guarded? If you have seen the effects of 'starving' content with fast motion, I'd be interested in hearing what that looked like. I'm familiar with resolution vs. screen size vs. viewing distance factors, btw. Thanks, --Michael
Re: Megaupload.com seized
ja...@smithwaysecurity.com wrote: Wow, what suprised the servers were, all located offshore. Sent from my HTC Huh? 65. It was further part of the Conspiracy that the content available onMegaupload.com and Megavideo.com was provided by known and unknown members of theMega Conspiracy, including several of the defendants, who uploaded infringing copies of copyrighted works onto computer servers leased by the Mega Conspiracy in North America tofurther the reproduction and distribution of copyrighted works; in particular, copyright infringingcontent was hosted by the Conspiracy on various servers in Toronto, Canada; Los Angeles,California; and Ashburn, Virginia (the last of which is in the Eastern District of Virginia).
Re: Megaupload.com seized
Suresh Ramasubramanian wrote: It'll be interesting to see how this pans out - especially wrt any safe harbor provisions in the DMCA for providers (which do have a provision for due diligence being exercised etc). I quickly read through the indictment, but the gov't claims that when given a takedown notice, MU would only remove the *link* and not the file itself. They specifically mention some movies that were still on the site years after the notice, thus negating MU's eligibility for safe harbor. As you say, interesting for sure with the dotted i s and crossed t s.
Re: Super Sunday
Jay Ashworth wrote: What, no whacky weekend thread? NBC and the NFL are, for the first time, televising the Super Bowl and its preshow on the Internet... using a Silverlight app (so I hope you Linux people don't enjoy football). It's supposed to be available to tablets too, as a second-screen cast with selectable angles and such, but Verizontal has an exclusive on mobile, so the target page should bounce cellphones, unless a) they lie or b) they weren't smart enough to IP block the carrier ranges. http://mashable.com/2012/02/04/watch-super-bowl-xlvi-online/ It will be interesting to see how this works out. Enjoy the game. Especially if you have a Big Wall to watch it on. Cheers, -- jr 'we want pictures' a Halftime observations from 72.253.0.0/16: On Vizio 37 1080p display: Local NBC affiliate via off-air antenna= flawless 720p picture. Local NBC affiliate re-broadcast via Dish Network=flawless 1080i picture. Local NBC affiliate re-broadcast via DirecTV Network=flawless 1080i picture. On Samsung 23 1080p monitor via Dell 2.8GHz GX270 with 7Mbps down: Low resolution (appears to be less than VHS), sometimes jerky, picture.
Re: Super Sunday
Jay Ashworth wrote: - Original Message - From: Michael Painter tvhaw...@shaka.com On Vizio 37 1080p display: Local NBC affiliate via off-air antenna= flawless 720p picture. Local NBC affiliate re-broadcast via Dish Network=flawless 1080i picture. Local NBC affiliate re-broadcast via DirecTV Network=flawless 1080i picture. I don't suppose you have the MPEG bitrates on those... :-) Cheers, -- jra No, but that's my next project. I just received the ATSC dongle from AVerMedia. Getting the SuperBowl in HD (and the house-sound in sync) to all 32 displays at the sportsbar has been a challenge, but we made it with 2 hours to spare.g Best, --Michael
Re: Super Sunday
Mike Lyon wrote: Sent from my iPhone On Feb 5, 2012, at 17:24, Michael Painter tvhaw...@shaka.com wrote: Jay Ashworth wrote: - Original Message - From: Michael Painter tvhaw...@shaka.com On Vizio 37 1080p display: Local NBC affiliate via off-air antenna= flawless 720p picture. Local NBC affiliate re-broadcast via Dish Network=flawless 1080i picture. Local NBC affiliate re-broadcast via DirecTV Network=flawless 1080i picture. I don't suppose you have the MPEG bitrates on those... :-) Cheers, -- jra No, but that's my next project. I just received the ATSC dongle from AVerMedia. Getting the SuperBowl in HD (and the house-sound in sync) to all 32 displays at the sportsbar has been a challenge, but we made it with 2 hours to spare.g Best, --Michael What gear were you using for the sports bar? -mike I'm integrating the b520 modulator(s) into our exisiting 16 Ch. analog system. Works great. http://www.zeevee.com/hdbridge
Re: Super Sunday
Mike Lyon wrote: When i did a sports bar of about 24 HD TVs, i used gear from here: http://www.neoprointegrator.com/products.php Good product, good support. -mike Looks like a well designed product...Thanks! Any idea of what the 'Tahoe' costs (we have 16 sources)? --Michael
Re: Common operational misconceptions
Paul Graydon wrote: Give me someone who can already think and analyse over someone who 'knows' it all, any day. You can be qualified to the hilt but absolutely useless in the real world (I've watched CCNP and higher struggling to figure out why they can't ping a 10.0.0.0/24 address at a customers remote site, not even realising it's a private range, let alone trying to trace the path of the ping,) Hard to believe, but you're obviously serious. What are their job titles? What were they hired to accomplish? Also hard for me to understand that someone could study for CCNx and not get exposed to Private space and 1918...what am I missing? --Michael
Re: Common operational misconceptions
Paul Graydon wrote: Yes I'm serious, they were CCNP qualified, hired as a NOC engineer for an ISP Hosting company. For the company the NOC team was the top tier of customer support (3rd line+), they looked after routers, switches, firewalls, servers, leased lines, and so on. This individual was perfectly capable of regurgitating all the facts, figures and technical details you can imagine, probably pretty much the entire CCNP syllabus. What they didn't seem that capable of was actually applying that to anything. I'd bet good money that if I'd asked him at the time what the 1918 network ranges are he'd have been able to tell me. This is exactly what we're teaching kids to do these days (makes me feel so old that I've already been saying this for several years and I'm only 31) standardised tests aren't marked based on ability to apply knowledge, just the knowledge itself. Hence my view, give me someone who knows how to think over someone who is qualified to the hilt. These exam cram 'do a CCNP in a week' courses only serve to make it worse. Paul Ahh, I get you now...thanks. Took me back to '64 and the battery of tests (all day!) I was given before getting hired by IBM for the 360 rollout. I was amazed by the amount of questions of the if gear a turns ccw, what does lever b do? variety. Later I was told that -all- the testing results were important, even the psychological ones, but what they really wanted to find was the best analytical *mind*. Best, --Michael
Re: cable markers for marine environments
Lyndon Nerenberg wrote: I have a couple of wiring projects coming up on salt water-going vessels and I'm curious as to people's experiences with different types of cable marking products in a high-humidity / salt air / bilge environment None of the markers will be directly exposed to the outside elements, but quite a bit will be running below decks and will have to put up with the bilge. Anyone have any horror stories to share? My preference is for a direct printing system rather than stock card markers. --lyndon My Rhino labelmaker has printable, tubular, heat shrink cartridges in white and yellow w/black printing. --Michael
Re: Xirrus Wireless
Blake Pfankuch wrote: Thanks very much to all of the useful on and off list releases. If you want to try and gleen more info. and get some questions answered, Moonblink is having a webinar next Wednesday and I'm sure they'd love to have you attend. FREE Webinar! The Changing Role of Wi-Fi w/ Xirrus March 21, 2012 @ 10AM PST Register Today! Wi-Fi is changing. In addition to a desktop or a laptop connecting to a local AP, people have wi-fi enabled smartphones, tablets, and other devices. A new generation of wireless infrastructure is needed. Join Perry Correll, Xirrus' Director of Product Marketing, to learn how Wi-Fi is changing and how Xirrus' Wi-Fi Arrays are the only products capable of accommodating current and future wi-fi requirements. http://www.moonblinkwifi.com/pd_xirrus-wi-fi-array-hardware-xn8.cfm
Re: last mile, regulatory incentives, etc (was: att fiber, et al)
Randy Bush wrote: what a silly question. lining the telcos' pockets. american so called 'broadband' is a joke and a scam. randy Really. This is from the Governor's Hawaii Broadband Initiative speedtest website: The indication of above average or below average is based on a comparison of the actual test result to the current NTIA definition of broadband which is 768 kbps download and 200 kbps upload. Any test result above the NTIA definition is considered above average, and any result below is considered below average.
Re: last mile, regulatory incentives, etc
Paul Graydon wrote: To be fair to the initiative at least its goal is for universal access to 1Gbps by 2018, something they term 'ultra-high-speed' (not sure where that definition comes from): http://hawaii.gov/gov/broadband-policy-outline/ Paul A lofty goal to be sure, the biggest challenge of which may be to get those bits to/from where folks want them to go. RRDWDM? (Really, really, DWDM)
Re: last mile, regulatory incentives, etc (was: att fiber, et al)
- Original Message - From: valdis.kletni...@vt.edu To: Michael Painter tvhaw...@shaka.com Cc: nanog@nanog.org Sent: Friday, March 23, 2012 5:35 PM Subject: Re: last mile, regulatory incentives, etc (was: att fiber, et al) That's the national definition of broadband that we're stuck with. To show how totally cooked the books are, consider that when they compute percent of people with access to residential broadband, they do it on a per-county basis - and if even *one* subscriber in one corner of the county has broadband, the entire county counts. ~ Ummhmm. More and more lately, I'm reminded of a saying my old, now deceased, friend used to use when talking about poker in Milwaukee. We knew it was a crooked game, but it was the only game in town.
Re: uunet ends newsfeed/newsreader in US
John Levine wrote: Microsoft uses it for support of their semi-public product betas. I think they also use it for internal support. R's, John I just did a quick count and there are ~460 microsoft.public newsgroups. --Michael
Re: any sites about interent networkissue
Deric Kwok wrote: Any websites can provide about network issue http://www.internettrafficreport.com/
Wireless Liability: Liability Concerns for Operators of Unsecured Wireless Networks
As ISP safe harbor, etc., has been discussed here in the past, this paper from Rutgers may be of interest to some. http://papers.ssrn.com/sol3/papers.cfm?abstract_id=2035633
Re: job screening question
Mattias Ahnberg wrote: Its benefical to build a team of clued people with the right personality, interest and mentality to what they do rather than seek people who has taught themselves how to answer certification tests in a way they know the creator of the test expects them. :) Just came across this tidbit: Technical Terms of Computer Science #515: Certification: A business model that compresses hot air to paper, then trades it for currency.
Victory for Open WiFi
From the Electronic Frontier Foundation. https://www.eff.org/deeplinks/2012/07/judge-copyright-troll-cant-bully-internet-subscriber-bogus-legal-theory
Re: raging bulls
Eugen Leitl wrote: http://www.wired.com/business/2012/08/ff_wallstreet_trading/all/ Some interesting, network-relevant content there (but for the neutrino and drone rubbish). 'Rubbish' might be a pretty strong word when you're talking about the players in this space. My favorite from the article: But perhaps not even Einstein fully appreciated the degree to which electromagnetic waves bend in the presence of money.
Re: NANOG poll: favorite cable labeler?
Robert E. Seastrom wrote: Labeling cables is mostly what I'm interested in. The el-cheapo p-touch seems adequate to putting hostnames on machines. Thoughts? My Rhino Pro 5000 has printable, tubular, heat shrink cartridges available in white and yellow as well as the flat stuff in nylon and vinyl.
Re: Asia's Fastest Communications Cable Comes Online
Ian Henderson wrote: Vocus already operates a cable through the Sydney Harbour Tunnel but according to CEO James Spenceley the new cable is some 700 metres shorter and represents the lowest latency link available between the CBD and the ASX data centre. Why does King Lear's That way madness lies keep poppng into my head?
Re: Big Temporary Networks
Jay Ashworth wrote: is there any collected wisdom on the web already about how this has been dealt with, that I can pore over? Pointers to good archive threads? If not, do any of the people who've already done have 5 minutes to chime in on what they did and what they learned? Cheers, -- jra Jay...the WISP folks may have some thoughts. http://lists.wispa.org/mailman/listinfo/wireless
Re: Where there's a nanog thread there'll be a vendor solution ..Re: Ethical DDoS drone network
- Original Message - From: Randy Bush Sent: Monday, January 05, 2009 7:30 PM Subject: Re: Where there's a nanog thread there'll be a vendor solution ..Re: Ethical DDoS drone network I cant believe this .. http://www.iprental.com sheesh! and i thought the rirs had a monopoly on ip address rental. :) randy I watched the 'Demo Video' and the addresses shown were from ATT and Comcast space. Any idea of what space they might be from in real life or is that part of their secret sauce? Thanks, --Michael
Re: Cyber Shockwave on CNN
andrew.wallace wrote: It looks like this demo is pressing ahead for the intro of allowing the US Government to take control of private sector networks in an emergency... and wants to include smart phones into the bargin. Or at least that is my interpretation of what the demo is trying to convince us on. Cyber Shockwave Reveals Unsettling Answers --- http://www.mi2g.com/cgi/mi2g/frameset.php?pageid=http%3A//www.mi2g.com/cgi/mi2g/press/180210.php Andrew My favorite: What was most troubling to the participants was their inability to find a guilty party.
Re: Finding content in your job title
Steve Bertrand wrote: Not acceptable. I do not want this. I read and review messages and documents from people who have *much* more experience than I do every single day, and whom I respect to the n'th degree. This isn't a vote count. I am _not_ an engineer, and do not need or desire the title. Thanks anyway though ;) Steve Back at IBM ('64 to '71) we were officially called Customer Engineer. When the 'System 360' was released, it was changed to Field Engineer.s --Michael
Re: Barracuda Networks is at it again: Any Suggestions as to anAlternative?
gord wrote: I wonder if there's a filter for top-postings in list that have a bottom-posting rule? This thread is very operationally interesting to me but I've lost the plot :( http://www.nanog.org/mailinglist/listfaqs/generalfaq.php?qt=convent refers. PS: I know that some devices actually prevent bottom-posting by default. Workarounds are possible and are evident in other recent posts to this list. Additionally, may I suggest you file a bug report with your vendors or switch to a device that you can control properly :) It makes the thread very hard to follow. Why not? Please don't top post! I used to have this available for a 'signature', but, with a few exceptions, it seems to fall on blind eyes these days.sigh
Re: Top-posting (was: Barracuda Networks is at it again: AnySuggestions as to anAlternative? )
Tim Chown wrote: Well indeed, top-posting is just so much more efficient given the volumes of email most of us probably see each day. Top posting works in conversations you are having with someone, usually just one person, because you are aware of what's been said. If one comes into a conversation with many people and reads the top post, there is no reference to what that applies to unless you've been following the conversation from the beginning. I wonder if anyone actually took the time to read the relevant links on the NANOG page gord referred to? http://www.tux.org/lkml/#s3-9
Easily confused...
Was trying to determine where this 'honolulu' speedtest was hosted: Tracing route to honolulu.speedtest.net [74.209.160.12] over a maximum of 30 hops: 122 ms ** 123.87.93.224 227 ms29 ms25 ms hawaiian-telcom-inc.gigabitethernet2-17.core1.lax2.he.net [184.105.134.170] 384 ms90 ms84 ms gige-g2-17.core1.lax2.he.net [184.105.134.169] 492 ms98 ms99 ms 10gigabitethernet7-3.core1.sjc2.he.net [184.105.213.5] 5 112 ms 114 ms 112 ms 10gigabitethernet4-3.core1.sea1.he.net [72.52.92.158] 6 113 ms 113 ms 114 ms six.netriver.net [206.81.80.160] 7 113 ms 113 ms 113 ms static-74-209-160-12.lynnwood.netriver.net [74.209.160.12] Trace complete. 123.87.93.224? inetnum:123.64.0.0 - 123.95.255.255 netname:CTTNET country:CN descr: China TieTong Telecommunications Corporation