RE: How much longer..

At 12:53 PM 8/13/2003 -0500, Ejay Hire wrote: I don't care what defective operating system a worm uses. Yes. Lets recall that the first worm on the net was a sendmail worm, and attacked UNIX systems. I'm no friend of Windows either, but a little humility is in order. Windows is attacked because i

Re: Private port numbers?

On Wed, Aug 13, 2003 at 10:40:30PM +, Christopher L. Morrow quacked: > > what about ports that start as 'private' and are eventually ubiquitously > used on a public network? (Sean Donelan noted that 137->139 were > originally intended to be used in private networks... and they became > 'publi

Re: RPC errors

In message <[EMAIL PROTECTED]>, "Dominic J. Eidson" writes: > >On Mon, 11 Aug 2003, Jack Bates wrote: > >> Sean Donelan wrote: >> >> > http://isc.sans.org/diary.html?date=2003-08-11 >> > The worm uses the RPC DCOM vulnerability to propagate. One it finds a >> > vulnerable system, it will spawn a

Re: How much longer..

"McBurnett, Jim" <[EMAIL PROTECTED]> wrote: >OK.. >I have lurked enough on this one.. >$60 Billion plus for microsoft.. >and 600 millions lines of code. >thousands of employee programmers... Problem is, you can't engage in gunfights with 5-0, rob banks or pimp your grandmother out on a *nix. On

RE: RPC errors

Its hitting our Dial-Up customers pretty hard, basically on client side they see "Unexpected Remote Proceedure call, your computer needs to be rebooted" Then that's it. -Drew -Original Message- From: Jack Bates [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2003 4:12 PM To: NANOG

Re: How much longer..

Fred Baker wrote: > > At 12:53 PM 8/13/2003 -0500, Ejay Hire wrote: > >I don't care what defective operating system a worm uses. > > Yes. Lets recall that the first worm on the net was a sendmail worm, and > attacked UNIX systems. I'm no friend of Windows either, but a little > humility is in or

RE: The impending DDoS storm

But doesn't that mean the hacker won? If you change the DNS and a user can not get to windowsupdate, you just helped him create a better DoS than he had... J -Original Message- From: Lloyd Taylor [mailto:[EMAIL PROTECTED] Sent: Wednesday, August 13, 2003 12:26 PM To: Jack Bates Cc: [EM

Re: AOL breaking dns spoof protection

>i don't know who aol is going to be able to send responses to who won't >apply those same restrictions. NAT or "content switch" are the terms that come to mind. Pete

Re: RPC errors and latest worm

- Original Message - From: Scott Fendley <[EMAIL PROTECTED]> Date: Monday, August 11, 2003 7:49 pm Subject: Re: RPC errors and latest worm > > " * Close port 135/tcp (and if possible 135-139, 445 and > 593) ". Is there a Windows service that uses port 136, or was it included b

RE: RPC errors

The DCOM exploit that is floating around crashes the Windows RPC service when the attacker closes the connection to your system after a successful attack. Best bet is to assume any occurrence of crashing RPC services to be signs of a compromised system until proven otherwise. http://www.cert.org/

Re: Gigabit Media Converter

On Tue, 12 Aug 2003, Stephen J. Wilcox wrote: > Sounds like you need a singlemode-multimode convertor, available from various > places, cost around $600 Highly unlikely that it'll do CWDM, at least at that price. Transmode (www.transmode.se) does converters to order, they'll fix things that'l

Re: [connie.davis@mail.internetseer.com: answerpointe.cctec.com]

imiho, an archive should be just that, and as complete and unaltered as possible. if you want to solve the spam, job hunting, ... problems, there are better means than book burning. randy

Packeteer stuff?

    Specifically talking about the PacketSeeker 6500   Is it worth the money? Or are there better ways to get centralized views of network metrics?   -Drew  

RE: The impending DDoS storm

On Wed, 2003-08-13 at 10:55, Ingevaldson, Dan (ISS Atlanta) wrote: > More info: > > -Opens a raw socket and spoofs its source address It *appears* to us through current testing that the source address spoofed is always within the class of the current subnet... So, a spoofing filter that denies a

Re: RPC errors

I left an 2k box open last night without firewall. 1 Hour following boot time it was hit and manifested the svchost crashing. I haven't had a chance to dig deeper to see if any sort of infection is involved but I'm leaning towards DOS. /micah - Original Message - From: "Jack Bates" <[E

Re: How much longer..

Well, two things here.. First, UNIX has more than it's share of vulnerabilities. For those of you who can remember the "HP Bug a day" list? Or how about the numerous problems with sendmail or BIND? Sure, all these problems have been corrected as they've been discovered but I wouldn't wanna take o

Re: RPC errors

"Dominic J. Eidson" wrote: > > On Mon, 11 Aug 2003, Jack Bates wrote: > > > Sean Donelan wrote: > > > > > http://isc.sans.org/diary.html?date=2003-08-11 > > > The worm uses the RPC DCOM vulnerability to propagate. One it finds a > > > vulnerable system, it will spawn a shell and use it to downlo

Re: Latest analysis of MSBLAST

On Mon, 11 Aug 2003, Andy Ellifson wrote: > > > Since MSFT's servers are burried for the download of this patch, does > anybody have a mirror NANOG people can use for this? > > I'm looking for the Windows 2k patch specifically. > > Its URL is this: > http://microsoft.com/downloads/details.aspx?F

Re: How much longer..

On Wed, Aug 13, 2003 at 02:09:41PM -0700, [EMAIL PROTECTED] said: > On Wed, Aug 13, 2003 at 01:07:15PM -0400, [EMAIL PROTECTED] said: > > > > How much longer will people put up with the millions of > > dollars of losses in time, resources and service inflicted > > on the net by the joke vulnerab

RE: RPC errors

http://vil.nai.com/vil/content/v_100547.htm -BM -Original Message- From: Chris Reining [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2003 5:36 PM To: Sean Donelan Cc: Jack Bates; NANOG Subject: Re: RPC errors On Mon, Aug 11, 2003 at 04:17:53PM -0400, Sean Donelan wrote: > On

Re: The impending DDoS storm

Does anyone have any notion of what the Blaster worm will do if the DNS lookup for "windowsupdate.com" returns NXDOMAIN? If it handles this case by not sending any micreant love, might that not be the best way to mitigate the potential damage? --Lloyd On Wed, 13 Aug 2003, Jack Bates wrote: > D

RE: RPC errors

I just put an access list on one of our cores with some spare cpu cycles.. And 10% of the traffic looks like port 135 calls. Anyone else see this? Did I break anything legitimate? Also I still some Slammer traffic.. Mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-28

Re: Port blocking last resort in fight against virus

Mans Nilsson wrote: Subject: Re: Port blocking last resort in fight against virus Date: Tue, Aug 12, 2003 at 10:42:38PM -0400 Quoting Sean Donelan ([EMAIL PROTECTED]): I think filters/firewalls are useful. I believe every computer should have one. I have several. I just disagree on who shou

Re: testing bandwidth of big internet pipes

Subject: testing bandwidth of big internet pipes Date: Tue, Aug 05, 2003 at 06:26:17PM +0200 Quoting Arjan Lugtenberg ([EMAIL PROTECTED]): > Hi, > > We as a Dutch network provider deliver also ATM lines and other big internet pipes > for several big company's over here. > At the moment we are lo

RE: How much longer..

--- "St. Clair, James" <[EMAIL PROTECTED]> wrote: > > I've lived in the UK, and never had a license to > maintain or update the > engine. But I bet that you DO have someone maintain the engine in your car (and so do most people). > > Additionally, I could drive on the M1 or M5 at > speeds ra

Re: Microsoft to ship new versions with firewall enabled

> On the other hand, OEMs can be the Good Guys here and take the lead > ahead of Mickeysoft and firm up the loose default setting they get from > Microsoft. DELL has promised to do this... but I still don't know if > their press releases will live up to reality. If any NANOGers out there > make p

RE: How much longer..

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 >To pound it home one more time, worms that attack Microsoft products >are a bigger deal only because Microsoft has at least an order of >magnitude greater installbase than the nearest competitor. >-- >Crist J. Clark >[

RE: RPC errors

addendum: These are broadband cable users. All PCs. -Original Message- Sent: Tuesday, August 12, 2003 1:57 PM To: NANOG Subject: RE: RPC errors >Has anyone seen/heard of this virus propagating through email in any way? >We appear to have been infected on a network that is very heavily >

RE: How much longer..

On Thu, 14 Aug 2003, St. Clair, James wrote: > I've lived in the UK, and never had a license to maintain or update the > engine. See point number 2: > > 2) In order to have the car on the road, you have to have it taxed and > > have a qualified mechanic certify it for basic road worthiness.

Comcast people?

Are there any Comcast employees here? There exists an intermittent problem on your network which occurs every night at 12:04am central time. I've pinned it down to where it lies, but everytime I call your support department, I just get someone who does not understand. In fact, one lady told m

Re: [connie.davis@mail.internetseer.com: answerpointe.cctec.com]

I'd say keep it. NANOG's archives at Merit are probably more stable than many mailing list archives I've seen, but it's possible that something will happen to it in the next 5-10 years that kills it. Multiple copies of list archives aren't a bad thing, at least for relatively low volume lists lik

Re: [Microsoft to ship new versions with firewall enabled]

Sean Donelan <[EMAIL PROTECTED]> wrote: > > John Markoff reports in the New York Times that Microsoft plans to change > how it ships Windows XP due to the worm. In the future Microsoft will > ship both business and consumer verisons of Windows XP with the included > firewall enabled by default.

Re: Port blocking last resort in fight against virus

On Tue, 12 Aug 2003, Randy Bush wrote: > > Is it just me that feels that blocking a port which is known to be used > > to perform billions of scans is only proper? > > the second, and important part of the, question is whether there > are legitimate packets to that port which want to cross your bo

Re: How much longer..

Len Rose wrote: How much longer will people put up with the millions of dollars of losses in time, resources and service inflicted on the net by the joke vulnerabilities in the toy operating system known as Windows? Enough is Enough. Sure, let's just filter everything..all service providers pl

Re: Gigabit Media Converter

Sounds like you need a singlemode-multimode convertor, available from various places, cost around $600 Steve On Mon, 11 Aug 2003, Vincent J. Bono wrote: > > Anyone out ther ever see or hear tell of a device that will let you run two > GBICs back to back wthout an associated switch and all th

Re: Gigabit Media Converter

Ahh sorry I didnt realise the intention was to run the CWDM itself thro it, I thought this was for the output Ok well I'm not an optics expert but I wasnt aware multimode was capable of carrying more than a single wavelength because of interference/dispersion effects etc Steve On Tue, 12 Au

ftp.gnu.org compromised

http://ftp.gnu.org/MISSING-FILES.README

Re: RPC errors - DDoS on the 16th?

http://www.theinquirer.net/?article=10986 Has anyone else seen this claim? Somebody at F-Secure thinks the worm will begin a DDoS against windowsupdate.microsoft.com on the 16th. At 03:08 PM 8/12/2003 -0700, you wrote: >This should help some for people who are worried >

Re: Port blocking last resort in fight against virus

* [EMAIL PROTECTED] (Stephen J. Wilcox) [Wed 13 Aug 2003, 10:58 CEST]: > In your world DoS traffic would be free to roam the networks as it > pleased without being throttled sensibly at ingress? How many people are actually following RFC3514? (In other words, how do you separate DoS traffic from

Re: Port blocking last resort in fight against virus

Spoken like a true advocate! And I have had the same experience since joining OpenBSD back in 2.6 ;-) its only getting better. spamd, pf, altq, and snort all very nice. I have one desktop at home running 3.3 --current too and no complaints even with following bleeding edge. I hope OpenBSD do

Re: I can't reach MS sites

On Wed, 13 Aug 2003, Stephen Williams wrote: > in attempting to patch systems here (at U of Texas) I have noticed that > over the last two days the windowsupdate url for Microsoft has at times > not responded, or been very slow to respond. Between port scans from > the worm and the demand of peo

RE: Packeteer stuff?

If you're looking at the Packeteer to put some limits in place based on protocol, you can take a look at Cisco's NBAR, which is supported in IOS. What kind of metrics are you looking for? Netflow type info? How fat is the pipe you want to monitor/manipulate? -jay -Original Message

Re: Blaster packet rates

On Thu, Aug 14, 2003 at 10:17:16AM +0100, Pendergrass, Greg wrote: [snip] > I haven't done a long-term look at RCP and netbios traffic on the > web so I have no way to determine how much is blaster generated, > does anyone have baseline information on the amount of RCP and > netbios packets wer

RE: Port blocking last resort in fight against virus

On Tue, 2003-08-12 at 15:01, Mike Jezierski - BOFH wrote: > My experience seems to be that as the ISP we're blamed when the > subscribers gets a virus, because after all it's our network that > sent the customer the virus. Catch 22 ... Block the virus, get accused of being a censor. Allow the

RE: How much longer..

>Users, both corporate and at home, need to be taught that there is no >such thing as plug and play. For as much as I agree with the philosophy here, we must realize it is the wrong approach. Cars did not become more popular because owners had to learn how to swap more parts. Wireless phones don

Re: Port blocking last resort in fight against virus

Subject: Re: Port blocking last resort in fight against virus Date: Wed, Aug 13, 2003 at 10:14:22AM +0100 Quoting Stephen J. Wilcox ([EMAIL PROTECTED]): > What if the people running the boxes are irresponsible, perhaps even harboring > malicious intent surely, you have an AUP? Then, null0 is y

Re: Port blocking last resort in fight against virus

--On Wednesday, August 13, 2003 11:00:56 +0300 Petri Helenius <[EMAIL PROTECTED]> wrote: >>> I think filters/firewalls are useful. I believe every computer should >>> have one. > Firewalls are a patch to broken network application architechture. If > your applications would have been properly

Re: Microsoft to ship new versions with firewall enabled

On Thu, Aug 14, 2003 at 05:37:44PM +0100, Richard Cox wrote: > What I do like in the latest release of Zone Alarm Pro is that it will > stop ANY program from connecting outbound on Port 25 unless that program > has been specifically authorised to send mail. It was quite informative > to see which

Re: Port blocking last resort in fight against virus

On Wed, 13 Aug 2003, Petri Helenius wrote: > > Mans Nilsson wrote: > > >Subject: Re: Port blocking last resort in fight against virus Date: Tue, Aug 12, > >2003 at 10:42:38PM -0400 Quoting Sean Donelan ([EMAIL PROTECTED]): > > > > > > > >>I think filters/firewalls are useful. I believe eve

Blaster packet rates

Hello All, I am trying to get real figures on how much blaster scanning is going on to my network, but I don't have enough information. I am seeing 2200 packets per minute average (for TCP 135, 137-139) on my ingress points. As I'm advertising a /19 that's around .27 RCP and netbios packets per I

Re: Port blocking last resort in fight against virus

Mans Nilsson wrote: Your chosen path is a down-turning spiral of kludgey dependencies, where a host is secure only on some nets, and some nets can't cope with the load of all administrative filters (some routers tend to take port-specific filters into slow-path). That way lies madness. Secure? Wh

Re: Gigabit Media Converter

Thanks but this wont work. We have a Specific frequency (CWDM) on one side. -vb - Original Message - From: "Curtis Clan" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Monday, August 11, 2003 1:12 PM Subject: Re: Gigabit Media Converter > I believe this is what

Re: RPC errors and latest worm

According to http://isc.sans.org/diary.html?date=2003-08-11 , the worm uses the latest popular MS exploit ports, so "* Close port 135/tcp (and if possible 135-139, 445 and 593) ". It also uses TCP port and TFTP = UDP 69 to download its attack code after getting the initial bootstrap

Gigabit Media Converter

Anyone out ther ever see or hear tell of a device that will let you run two GBICs back to back wthout an associated switch and all the trimmings? Application is to convert a CWDM GBIC signal to a Multimode one. TIA, Vin

Re: Microsoft to ship new versions with firewall enabled

John Neiberger wrote: Hmm...I didn't even know XP had a built-in firewall. Any bets on how long it is before other companies with software firewall products bring suit against Microsoft for bundling a firewall in the OS? -- No clue, but I can tell you how long it will last before ISP helpdesks d

Re: Microsoft to ship new versions with firewall enabled

On Thu, 14 Aug 2003, Scott McGrath wrote: > > > No answer on that one, However Mac OS X also includes a built in firewall. yes, with fairly a simple method to add listening services to it... though it seems the 'listening service' might have to register with the OS in order to be seen in the pr

Re: Microsoft to ship new versions with firewall enabled

[Veering further off-topic] Hmm...I didn't even know XP had a built-in firewall. Any bets on how long it is before other companies with software firewall products bring suit against Microsoft for bundling a firewall in the OS? Along the vein of "I dislike Microsoft, but let's get over it" - when

Re: Port blocking last resort in fight against virus

On Wed, 13 Aug 2003, Mans Nilsson wrote: > Subject: Re: Port blocking last resort in fight against virus Date: Wed, Aug 13, > 2003 at 09:57:56AM +0100 Quoting Stephen J. Wilcox ([EMAIL PROTECTED]): > > > Sorry I see where you're coming from on this but firewalls are more than just > > patches

Re: WANTED: ISPs with DDoS defense solutions

[EMAIL PROTECTED] wrote: If the client is behind a NAT, and the spoofed source address doesn't get through, then that's OK because it means that no application in that same location behind the NAT can use spoofed addresses. Which is important given the number of NAT setups that only perform NAT

Re: Electrical Engineering Firm Recommendation

[EMAIL PROTECTED] ("Dan Lockwood") writes: > To clarify, i'm looking for electrical and control system engineering. > Thanks! > > -Original Message- > Can someone recommend an electrical engineering firm in the > middle to north part of California that has experience with NOC

Re: Server Redundancy

[EMAIL PROTECTED] ("Jason Robertson") writes: > If you go out and spend a few thousand you can also get Allied Telesyn > L2-L4 products that now support Load Balancing. Actually the rapier > 24i is about $2000 Canadian. (I'd have to check the VAR pricing) how much would i have to pay to not

RE: The impending DDoS storm

On Wed, 2003-08-13 at 10:14, Ingevaldson, Dan (ISS Atlanta) wrote: > It might be somewhat tricky to block TCP/80 going to windowsupdate.com. I agree... but then, who needs updates anyways.. *grin* > Regards, > === > Daniel Ingevaldson > Engineering Manager, X-Force R&D

Re: Port blocking last resort in fight against virus

On Tue, 12 Aug 2003, Jack Bates wrote: > > Sean Donelan wrote: > > > > http://computerworld.co.nz/webhome.nsf/UNID/BEC6DE12EC6AE16ECC256D8000192BF7!opendocument > > > > "While some end users are calling for ISPs to block certain ports relating > > to the Microsoft exploit as reported yesterday (

Re: Microsoft to ship new versions with firewall enabled

It comes standard with a firewall built in, which is not user friendly and you have to still purchase a firewall that allows user access to control what gets blocked and what does not, most intelligent people turn it off.   -HenryEdward Lewis <[EMAIL PROTECTED]> wrote: >[Veering further off-topic]

Chicago CFP Redux

Thanks to everyone who's already sent in a proposal for NANOG 29. (PS they're due Sept. 8). * * * * * * * * * * * * * * * * * CALL FOR PRESENTATIONS NANOG 29 GEN

Touchamerica

Hello, If there are any Touch America techs within reach of this email, could you please contact me off list. Thank you. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com [EMAIL PROTECTED]

RE: RPC errors

Jack, This is that RPC flaw in MicroSoft. I noticed it too.. Got about 20K in 15 hours Jim -Original Message- From: Jack Bates [mailto:[EMAIL PROTECTED] Sent: Monday, August 11, 2003 4:12 PM To: NANOG Subject: RPC errors I'm showing signs of an RPC sweep across one of my networks that

Re: Gigabit Media Converter

Omnitron also makes these, but they're probably closer to the $1000 range. http://www.omnitron-systems.com/converters/converters.htm - Original Message - From: "Stephen J Wilcox" <[EMAIL PROTECTED]> To: "Vincent J Bono" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, August 1

Re: RPC errors

Forwarded from isp-tech: Those of you having the issues of restarts, do the following: Go to Control Panel, then Administrative Tools, then Services. Under Services find the Remote Procedure Call option, and right click then go to Properties. Under Properties, go to the Recovery Tab, and you'll

RE: Private port numbers?

It's a good idea, granted, but isn't this covered by IPv6 administrative scoping? Lars -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David G. Andersen Sent: Thursday, August 14, 2003 8:33 AM To: Christopher L. Morrow Cc: Crist Clark; [EMAIL PROTECTED]

Re: Server Redundancy

On Wed, 6 Aug 2003, Gerald wrote: > > vrrp on FreeBSD is supposed to be a free solution to allow machines to > watch each other and take over IP addressing if connectivity is lost. > Depending on how remote your IP blocks are and how much control you have > over the routing equipment in between,

Re: RPC errors

On Mon, 11 Aug 2003, Jack Bates wrote: > Sean Donelan wrote: > > > http://isc.sans.org/diary.html?date=2003-08-11 > > The worm uses the RPC DCOM vulnerability to propagate. One it finds a > > vulnerable system, it will spawn a shell and use it to download the actual > > worm via tftp. > > > > The

Re: WANTED: ISPs with DDoS defense solutions

>> There are requirements one can make of vendors. > These have been made, several times :) In fact there is an IETF working > group pushing these requirments now, Mr. Bush could provide the details > that have slipped my addled brain. it is not a wg. but there is a draft being actively worked,

Network Solutions and Broken E-mail Addresses

Sometime recently Network Solutions seems to have stopped accepting "+" as a valid character in an e-mail address. Yes, I did open a ticket via their customer service people, and was given the reply that I needed to use another e-mail address. Per their web form, the only acceptable addresses ar

Re: Port blocking last resort in fight against virus

Subject: Re: Port blocking last resort in fight against virus Date: Tue, Aug 12, 2003 at 10:36:12AM -0500 Quoting Jack Bates ([EMAIL PROTECTED]): > > Is it just me that feels that blocking a port which is known to be used > to perform billions of scans is only proper? It takes time to contact,

Re: Port blocking last resort in fight against virus

Christopher L. Morrow wrote: If people want to use the network they need to take the responsibility and patch their systems. Blocking should really only be considered in very extreme circumstances when your network is being affected by the problem, or if the overall threat is such that a short ter

RE: The impending DDoS storm

Has anyone determined a method for triggering the DOS attack manually? We've attempted this by changing an infected machine's clock, however it did not work on our test box. If anyone has triggered the attack, do you have a copy of the sniffed data stream? It sounds like uRPF is going to be

Re: Port blocking last resort in fight against virus

>> the second, and important part of the, question is whether there >> are legitimate packets to that port which want to cross your border. >> for 135, i am not aware of any that should cross my site's border >> un-tunneled.

Edge 1 Networks/Williams Communications Group

After several run-ins with Edge 1 Networks [69.44.28.0/22] having their machines "hijack" victim machines on our networks infected with Jeem, and then making their spam runs, I've had it. I have reported both to Edge 1 and their parent Williams Communications Group [AS7911] with no result and

Re: AOL breaking dns spoof protection

Just for everyone's information, the issue I originally mentioned has been fixed, there was a weird NS entry loop in the aol dns but it's been corrected and seems to function normally now (for IPv4 anyway, don't know about that 4/6 issue someone mentioned). One of the guys from AOL reads the list

Re: Port blocking last resort in fight against virus

> Is it just me that feels that blocking a port which is known to be used > to perform billions of scans is only proper? the second, and important part of the, question is whether there are legitimate packets to that port which want to cross your border. for 135, i am not aware of any that shoul

Re: Complaint of the week: Ebay abuse mail (slightly OT)

On Tue, 05 Aug 2003 09:56:52 BST, [EMAIL PROTECTED] said: > >1) What *immediate* benefits do you get if you are among the first to > deploy? > >(For instance, note that you can't stop accepting "plain old SMTP" till > >everybody else deploys). > > You can replace complex and buggy spam filterin

firewall == network diaper, ranting in HTML

I've got to wonder about someone who posts a rant to nanog to begin with and I'll give you kudos for having the balls to format it in HTML as well. Below I included the text of the message sans large aqua font & other HTML 'enhancements'. I think you rather missed my point - machines with

Re: [connie.davis@mail.internetseer.com: answerpointe.cctec.com]

In the immortal words of Leo Bicknell ([EMAIL PROTECTED]): > > Has anyone else gotten one of these? Dozens, and have bitbucketed them on every single mail server I can get my hands on. > It appears they are trolling a Nanog archive on the web and sending > these out to posters. *sigh* They

Re: When Security Guards Attack (was: clearblue part deux)

Ahhh... You don't put battery backup on a kill-all switch The idea behind it is to kill-all!! (*doh*) If you ever need to press it, you do so just before the guys-with-foam run in to douse your burning UPS... Jerry ---Original Message--- From: Eric Brunner-Williams in Portlan

Re: When Security Guards Attack (was: clearblue part deux)

> You don't put battery backup on a kill-all switch > > The idea behind it is to kill-all!! (*doh*) If you ever need to press it, > you do so just before the guys-with-foam run in to douse your burning UPS... People laugh histerically when the evil bad guy in a movie has a button labeled "

Is Anyone Seeing Packet Loss To Savvis?

I'm getting ICMP timeouts to 2 destinations that on are on Savvis. Is anyone else seeing it? I don't have packet loss to anything else. Below is my ping to www.savvis.net and a customer that I have masked to protect the innocent :). MUSKET:8:36:56am/export/home/pete:ping -s www.savvis.net PING

Re: WANTED: ISPs with DDoS defense solutions

>> How would the spoofing program, or its user, be able to tell if >> it was successful? Unless I'm very confused, the definition of >> spoofing is that the return packets aren't going to come back to you. >the whole thing would have to take place during a tcp control session >which used d-h to

RE: How much longer..

>The good ole "computers as cars" metaphor. In the UK: > >1) In order to drive a car, you have to have a license. > >2) In order to have the car on the road, you have to have it taxed and >have a qualified mechanic certify it for basic road worthiness. > >Neither of these rules currently apply t

Re: Port blocking last resort in fight against virus

> > I've been looking at out traffic graphs and trying to decide if traffic > really is down 10-15% over the last 24 hours or it's just my imagination. > I would say 5-10% below where it should be taking into account seasonal variations, it´s within the error margin, but barely. Pete

Re: Gigabit Media Converter

On Mon, 11 Aug 2003, Vincent J. Bono wrote: > > Anyone out ther ever see or hear tell of a device that will let you run two > GBICs back to back wthout an associated switch and all the trimmings? > > Application is to convert a CWDM GBIC signal to a Multimode one. Vinny, Would something like

Re: a list of hosts in a RPC BOTNET, mostly 209.x.x.x,

Someone has changed the channel topic to "CLOSED, Thanks for the post to NANOG :-(" But I don't see hosts being k-lined - I imagine if IRCops took an interest in this they'd be lopping off heads. The controlling node for this problem seems to be: spaley [EMAIL PROTECTED] But th

Re: WANTED: ISPs with DDoS defense solutions

On Mon, 4 Aug 2003, Jared Mauch wrote: > For those of you that are doing IPv6 deployments, might I suggest > you also take the time to do the same?I know that Cisco has v6 u-rpf > support already. but not netflow as far as i remember. -hank > > - Jared > > --

Re: Private port numbers?

On Wed, 13 Aug 2003, Crist Clark wrote: > > Iljitsch van Beijnum wrote: > > > > Be damned if you filter, be damned if you don't. Nice choice. > > > > I think it's time that we set aside a range of port numbers for private > > use. That makes all those services that have no business escaping ou

Re: When Security Guards Attack (was: clearblue part deux)

Subject: Re: When Security Guards Attack (was: clearblue part deux) Date: Tue, Aug 05, 2003 at 03:19:42PM -0400 Quoting Eric Gauthier ([EMAIL PROTECTED]): > > People laugh histerically when the evil bad guy in a movie has a button > labeled "Emergency Power Off" that shuts everything down... Th

Re: WANTED: ISPs with DDoS defense solutions

On Tue, 5 Aug 2003, Mike Tancsa wrote: > > At 07:02 PM 05/08/2003 +, Christopher L. Morrow wrote: > >so long as you are sure they aren't spoofed, yes. > > A recent post by Rob Thomas said, "I've tracked 1787 DDoS attacks since 01 > JAN 2003. Of that number, only 32 used spoofed sources. I

The Cidr Report

This report has been generated at Fri Aug 8 21:47:44 2003 AEST. The report analyses the BGP Routing Table of an AS4637 (Reach) router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org/as4637 for a current version of this report. Recent Table Hist

Earthlink and/or o1.com in the house?

Hello folks, If Earthlink or o1.com are represented here, could you please contact me offlist? Thanks, - Christopher ==

Re: Port blocking last resort in fight against virus

On Tue, 12 Aug 2003, Sean Donelan wrote: > I think filters/firewalls are usefull. I believe every computer should > have one. I have several. I just disagree on who should control the > filters. > in your opinion who should control them? (just curious)

RE: Server Redundancy

On Wed, 6 Aug 2003, Austad, Jay wrote: > If they did that, how would they sell the CSS hardware? :) That was our concern. Cisco already had hardware to do as good or better than what ArrowPoint was doing. They would suck in the intellectual property, discontinue the CSS line, and roll out a sof

<    1   2   3   4   >