Re: "portscans" (was Re: Arbor Networks DoS defense product)

On Sun, May 19, 2002 at 10:03:08AM -0400, [EMAIL PROTECTED] said: > > > > rough assessment of their network security, which was important to me > > > as a customer for obvious reasons. > > > > In that case, I would not consider the scan to have come from an > > 'unaffiliated' person. I'm sure if

Re: "portscans" (was Re: Arbor Networks DoS defense product)

On Sun, May 19, 2002 at 11:32:20PM -0400, [EMAIL PROTECTED] said: > > > On Sun, 19 May 2002, Dan Hollis wrote: > > > netside has been a long time lunatic opponent of RBLs > > First they came for the Communists, > and I didn't speak up, > because I wasn't a Communist. > Then they came for the

Re: "portscans" (was Re: Arbor Networks DoS defense product)

On Sun, May 19, 2002 at 10:02:26PM -0400, [EMAIL PROTECTED] said: [snip] > > > Such technology is very dangerous if automated. > > > > And if its not? > > Quis custodiet ipsos custodes? > > Such technology is very dangerous, period. Here they go again, trying > to elevate some Internet masterr

Re: route statistics

> I'm trying to collect statistics on how many routes match certain > patterns. So far I've been using zebra, set term len 0, and then sh ip > bgp regexp, and wait for the total prefixes count at the end of the list. > I figure there must be a better way than this, but so far haven't found > one

Re: "portscans" (was Re: Arbor Networks DoS defense product)

TA> Date: Mon, 20 May 2002 0:50:58 -0400 TA> From: Tim A.Irwin TA> Wait for it... wait for it... here it comes... TA> SCORE!!! And the point is awarded to Dan! Close enough to call it a Godwin? ;-) -- Eddy Brotsman & Dreger, Inc. - EverQuick Internet Division Phone: +1 (316) 794-8922 Wichi

Re: "portscans" (was Re: Arbor Networks DoS defense product)

> > From: Mitch Halmu <[EMAIL PROTECTED]> > Date: 2002/05/19 Sun PM 11:32:20 EDT > To: Dan Hollis <[EMAIL PROTECTED]> > CC: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product) > > > > On Sun, 19 May 2002, Dan Hollis wrote: > > >

Re: "portscans" (was Re: Arbor Networks DoS defense product)

> On Sun, 19 May 2002, Dan Hollis wrote: > > > netside has been a long time lunatic opponent of RBLs > > First they came for the Communists, > and I didn't speak up, > because I wasn't a Communist. > Then they came for the Jews, > and I didn't speak up, > because I wasn't a Jew. > Then they came

Re: "portscans" (was Re: Arbor Networks DoS defense product)

On Sun, 19 May 2002, Dan Hollis wrote: > netside has been a long time lunatic opponent of RBLs First they came for the Communists, and I didn't speak up, because I wasn't a Communist. Then they came for the Jews, and I didn't speak up, because I wasn't a Jew. Then they came for the Catholics,

Re: "portscans" (was Re: Arbor Networks DoS defense product)

On Sun, 19 May 2002, Mitch Halmu wrote: > > On Sun, 19 May 2002, Greg A. Woods wrote: > > > Such technology is very dangerous if automated. > > And if its not? > Quis custodiet ipsos custodes? > Such technology is very dangerous, period. Here they go again, trying > to elevate some Internet mast

Re: "portscans" (was Re: Arbor Networks DoS defense product)

On Sun, 19 May 2002, Dan Hollis wrote: > On Sun, 19 May 2002, Greg A. Woods wrote: > > Such technology is very dangerous if automated. > > And if its not? Quis custodiet ipsos custodes? Such technology is very dangerous, period. Here they go again, trying to elevate some Internet masterrace

Peering BOF V - Call for Participants

Hi all - NANOG is only three weeks away and Monday evening at NANOG there will be another Peering BOF ; thanks to those that suggested this on the survey forms! We'll do this the same way as last time / the same way the Peering Personals ran at the last GPF: *Peering Coordinators*: Send me t

Re: Network Reliability Engineering

Try the "The Art of Testing Network Systems" ISBN: 0-471-13223-3 --- Nigel Clarke Network Security Engineer [EMAIL PROTECTED]

Re: "portscans" (was Re: Arbor Networks DoS defense product)

On Sun, 19 May 2002, Greg A. Woods wrote: > Such technology is very dangerous if automated. And if its not? -Dan -- [-] Omae no subete no kichi wa ore no mono da. [-]

Re: "portscans" (was Re: Arbor Networks DoS defense product)

[ On Sunday, May 19, 2002 at 17:45:36 (-0400), Benjamin P. Grubin wrote: ] > Subject: RE: Re[8]: "portscans" (was Re: Arbor Networks DoS defense product) > > If you separate the pointless argument about the hostility of portscans > and the viability of a distributed landmine system, this may turn

RE: Re[8]: "portscans" (was Re: Arbor Networks DoS defense product)

If you separate the pointless argument about the hostility of portscans and the viability of a distributed landmine system, this may turn out to be a useful discussion in the end. I mean--we all know portscans are hardly the ideal trigger anyhow. On top of the potential ambiguity of their inten

Re: Re[8]: "portscans" (was Re: Arbor Networks DoS defense product)

[ On Sunday, May 19, 2002 at 14:14:18 (-0400), Allan Liska wrote: ] > Subject: Re[8]: "portscans" (was Re: Arbor Networks DoS defense product) > > However, if the same > network is continuously portscanning your network that network should > be stopped. Unless you're also a tier-1 kind of provid

Re: "portscans" (was Re: Arbor Networks DoS defense product)

That's a netblock, not an IP address. Your script kiddie at home with a cable modem or ADSL connection is not going to have his IP SWIP'd or populated in his ISP's rwhois server. Try that with 206.47.27.12 for instance. That is a Sympatico ADSL customer here in Ottawa. Ralph Doncaster principa

Re: "portscans" (was Re: Arbor Networks DoS defense product)

We maintain most comprehensive whois recursive engine tool at completwhois.com So you could also try this and get more info :) [support@sokol support]$ whois -h completewhois.com 207.99.113.65 [completewhois.com] [whois.arin.net] Net Access Corporation (NETBLK-NAC-NETBLK01) 1719b Route 10

Re: "portscans" (was Re: Arbor Networks DoS defense product)

helium:~$ whois -a 207.99.113.65 Net Access Corporation (NETBLK-NAC-NETBLK01) 1719b Route 10E, Suite 111 Parsippany, NJ 07054 US Netname: NAC-NETBLK01 Netblock: 207.99.0.0 - 207.99.127.255 Maintainer: NAC Coordinator: Net Access Corporation (ZN77-ARIN) [EMAIL PROTE

RE: "portscans" (was Re: Arbor Networks DoS defense product)

> > > Before choosing an onling bank, I portscanned the networks of the > > > banks I was considering. It was the only way I could > find to get a > > > rough assessment of their network security, which was > important to > > > me as a customer for obvious reasons. > > [snip] > > I'm not

Re: "portscans" (was Re: Arbor Networks DoS defense product)

"Stephen J. Wilcox" <[EMAIL PROTECTED]> writes: > On 18 May 2002, Scott Gifford wrote: > > > > > Scott Francis <[EMAIL PROTECTED]> writes: > > > > [...] > > > > > And why, pray tell, would some unknown and unaffiliated person > > > be scanning my network to gather information or run recon if

Re[8]: "portscans" (was Re: Arbor Networks DoS defense product)

Hello Ralph, Sunday, May 19, 2002, 12:13:35 PM, you wrote: >> RD> I think that's pretty stupid. If I had my network admin investigate every >> RD> portscan, my staff costs would go up 10x and I'd quickly go bankrupt. >> RD> Instead we keep our servers very secure, and spend the time and effort

Re: "portscans" (was Re: Arbor Networks DoS defense product)

[ On Sunday, May 19, 2002 at 11:22:08 (-0400), Ralph Doncaster wrote: ] > Subject: Re: Re[4]: "portscans" (was Re: Arbor Networks DoS defense product) > > I think that's pretty stupid. If I had my network admin investigate every > portscan, my staff costs would go up 10x and I'd quickly go bankr

Re: "portscans" (was Re: Arbor Networks DoS defense product)

[ On Sunday, May 19, 2002 at 03:16:28 (-0700), Dan Hollis wrote: ] > Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product) > > On 18 May 2002, Scott Gifford wrote: > > Before choosing an onling bank, I portscanned the networks of the > > banks I was considering. It was the only w

Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product)

> > > Works for me, works from any system that has a browser. At any given time > I'm *far* more likely to have a browser running than port scanning > software, so this solution is also IMHO faster. Until today netc

Re: Re[6]: "portscans" (was Re: Arbor Networks DoS defense product)

> RD> I think that's pretty stupid. If I had my network admin investigate every > RD> portscan, my staff costs would go up 10x and I'd quickly go bankrupt. > RD> Instead we keep our servers very secure, and spend the time and effort > RD> only when there is evidence of a break in. > > I didn't

Re[6]: "portscans" (was Re: Arbor Networks DoS defense product)

Hello Ralph, Sunday, May 19, 2002, 11:22:08 AM, you wrote: >> If they don't give a satisfactory bank somewhere else (or offer your >> services ;)). Certainly that is a better approach than scanning to >> see what you can find out. The organization receiving the scan has >> no way of knowing

Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product)

On 07:50 AM 5/19/02, Ralph Doncaster wrote: > >> RD> I often like to know if a particular web server is running Unix or >> RD> Winblows. A port scanner is a useful tool in making that determination. >> >> [allan@ns1 phpdig]$ telnet www.istop.com 80 >> Trying 216.187.106.194... >> Connect

Re: Re[4]: "portscans" (was Re: Arbor Networks DoS defense product)

> If they don't give a satisfactory bank somewhere else (or offer your > services ;)). Certainly that is a better approach than scanning to > see what you can find out. The organization receiving the scan has > no way of knowing what your intentions are -- and should interpret > them as hostile

Re[4]: "portscans" (was Re: Arbor Networks DoS defense product)

Hello Ralph, Sunday, May 19, 2002, 10:50:23 AM, you wrote: >> RD> I often like to know if a particular web server is running Unix or >> RD> Winblows. A port scanner is a useful tool in making that determination. >> >> [allan@ns1 phpdig]$ telnet www.istop.com 80 >> Trying 216.187.106.194... >>

Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product)

On Sun, 19 May 2002, Ralph Doncaster wrote: > > > RD> I often like to know if a particular web server is running Unix or > > RD> Winblows. A port scanner is a useful tool in making that determination. > > > > [allan@ns1 phpdig]$ telnet www.istop.com 80 > > Trying 216.187.106.194... > > Connec

Re: Re[2]: "portscans" (was Re: Arbor Networks DoS defense product)

> RD> I often like to know if a particular web server is running Unix or > RD> Winblows. A port scanner is a useful tool in making that determination. > > [allan@ns1 phpdig]$ telnet www.istop.com 80 > Trying 216.187.106.194... > Connected to dci.doncaster.on.ca (216.187.106.194). > Escape chara

Re: PAIX (was Re: Interconnects)

> traffic. If you're going to have to negotiate bilateral agreements to > cover the bulk of your peering traffic, why not consistantly negotiate > bilateral agreements? Randy (Group Telecom) snubbed me when I asked to peer at TorIX. Group Telecom is on the AADS MLPA. AT&T Canada has a tough p

Network Physics

Does anyone on the list have experience with Network Physics? Their product looks pretty good on paper, but I have to admit i'm a little skeptical about products in this class. Does anyone have some insight or some experience with the product, good or bad? Please send replies privately. If th

Re: "portscans" (was Re: Arbor Networks DoS defense product)

> > rough assessment of their network security, which was important to me > > as a customer for obvious reasons. > > In that case, I would not consider the scan to have come from an > 'unaffiliated' person. I'm sure if the bank's network operator noticed it, > and contacted you, things would hav

Re: "portscans" (was Re: Arbor Networks DoS defense product)

> > I often like to know if a particular web server is running Unix or > > Winblows. A port scanner is a useful tool in making that determination. > > a full-blown portscan is not required here. A simple telnet to port 80 will > do the job. A simple telnet to port 80 will sometimes do the job,

Re: route statistics

On Sat, May 18, 2002 at 07:02:58PM -0400, Ralph Doncaster <[EMAIL PROTECTED]> wrote a message of 10 lines which said: > I'm trying to collect statistics on how many routes match certain > patterns. So far I've been using zebra, set term len 0, and then sh ip > bgp regexp, and wait for the to

Re: "portscans" (was Re: Arbor Networks DoS defense product)

On 18 May 2002, Scott Gifford wrote: > Before choosing an onling bank, I portscanned the networks of the > banks I was considering. It was the only way I could find to get a > rough assessment of their network security, which was important to me > as a customer for obvious reasons. So for your

Re: "portscans" (was Re: Arbor Networks DoS defense product)

On 18 May 2002, Scott Gifford wrote: > > Scott Francis <[EMAIL PROTECTED]> writes: > > [...] > > > And why, pray tell, would some unknown and unaffiliated person be scanning my > > network to gather information or run recon if they were not planning on > > attacking? I'm not saying that you'r

Re: "portscans" (was Re: Arbor Networks DoS defense product)

On Sun, May 19, 2002 at 12:12:01AM -0700, [EMAIL PROTECTED] said: [snip] > And what the critics keep missing is that it will take several landmine > hits across the internet to invoke a blackhole. Just scanning a few > individual hosts or /24s won't do it. > > There are three aims of the landmi

Re: "portscans" (was Re: Arbor Networks DoS defense product)

On Sat, May 18, 2002 at 11:46:21PM -0400, [EMAIL PROTECTED] said: > [ On Saturday, May 18, 2002 at 20:15:10 (-0700), Scott Francis wrote: ] > > Subject: Re: "portscans" (was Re: Arbor Networks DoS defense product) > > > > Apologies; my finger was a bit too quick on the 'g'. As this message came to