Adam Selene wrote:
IMHO, all consumer network access should be behind NAT.
First of all, this would block way too many uses that currently actually
sell
the consumer network connections. "I recommend my competition to do this"
Secondly, it´s very hard, if impossible to come up with a NAT dev
On Fri, Oct 10, 2003 at 08:07:05PM -0600, Adam Selene wrote:
> IMHO, all consumer network access should be behind NAT.
-snip-
> As for plug-in "workgroup" networking (the main reason why
> everything is open by default), when you create a Workgroup,
> it should require a key for that workgroup an
On Fri, 10 Oct 2003, Adam Selene wrote:
> IMHO, all consumer network access should be behind NAT.
Unfortuantely there are enough protocols and applications
which don't work well behind a NAT that deploying this on
a large scale is not practical. Most gamers require incoming
connections. These
>
> On Fri, Oct 10, 2003 at 04:55:44PM +0300, Petri Helenius wrote:
> >
> >
> > Does anyone know, either on the east coast US, London, Stockholm,
> > Copenhagen, Amsterdam or Helsinki transit providers which would allow
> > edge/handoff interface control to different traffic classes using BGP
On Fri, Oct 10, 2003 at 04:55:44PM +0300, Petri Helenius wrote:
>
>
> Does anyone know, either on the east coast US, London, Stockholm,
> Copenhagen, Amsterdam or Helsinki transit providers which would allow
> edge/handoff interface control to different traffic classes using BGP
> communities?
Anyone living in Puerto Rico (if they are getting this mail, they should be
working for computer/internet related anyway) can contact me offlist please?
thanks.
Mehmet Akcin
% Another funny one:
% 3ffe:3::/32 Subnet of 3ffe::/24 Mismatching origin ASN,
% should be 4555 (now: 29216)
welcome to more root server testing w/ IPv6.
--bill
Opinions expressed may not even be mine by the time you read them, and
certainly don't r
IMHO, all consumer network access should be behind NAT.
However, the real solutions is (and unfortunately to the detriment
of many 3rd party software companies) for operating system
companies such as Microsoft to realize a system level firewall
is no longer something to be "added on" or configure
I know they CAN, but the issue is do they have the mechanisms and
operational capabilities of actually doing so? I would like to see my
cable provider making it hard to do some of the things I do. Not because
I should not be doing them, but those same holes that I exploit
(hopefully in a benign fa
I just got on today.
Was there any large DDOS attacks today.
Any specific networks impacted?
-Original Message-
From: Jeroen Massar [mailto:[EMAIL PROTECTED]
Sent: Friday, October 10, 2003 8:16 PM
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: Reserved ASN 64702, 6to4, 2 ghosts, other
-BEGIN PGP SIGNED MESSAGE-
Checking http://www.sixxs.net/tools/grh/lg/?show=bogons&find=::/0
People might want to filter on private ASN's also
when that ASN is being used as "transit"...
2001:a40::/32 AS64702 is reserved (path: 15516 3257 2497 4697 2914 10109 4538 4787
64702 20646 8763
The TOS/AUP for most residential broadband connections already allows the ISP to shut
off service or do anything they want to the customer without prior notice. It has
been this way for at least 3 or 4 years, since the advent of @Home. Take a look at
the TOS/AUP for Comcast, Shaw Cable, MSN D
Paul S. Brown writes on 10/11/2003 3:41 AM:
As of last month Yahoo! are providing some mail services for BT Openworld in
the UK, soon to be all of their consumer mail accounts.
They've been providing mail services for SBC as well, since quite some time.
--
srs (postmaster|suresh)@outblaze.com //
On Thursday 09 October 2003 11:30 pm, chuck goolsbee wrote:
> >>Today our email forwarders started getting this from yahoo.com
> >>mail handlers:
> >
> >
> >Us too. And more than one ISP that I have seen (for example,
> >iglou.com mentioned that one of their boxes was being blocked)
> >
> >Someth
It looks like they're taking our mail again now
On Fri, 10 Oct 2003, Mark Jeftovic wrote:
>
>
> What number did you call to talk to them?
>
> On Fri, 10 Oct 2003, Alan Sparks wrote:
>
> > Mark Jeftovic said:
> > > It seems RoadRunner is no longer deferring us or refusing our
> > > connectio
What number did you call to talk to them?
On Fri, 10 Oct 2003, Alan Sparks wrote:
> Mark Jeftovic said:
> > It seems RoadRunner is no longer deferring us or refusing our
> > connections... they're BOUNCING everything.
>
> That's what they did to us. No deferrals, just started 571'ing
> everyth
Mark Jeftovic said:
> It seems RoadRunner is no longer deferring us or refusing our
> connections... they're BOUNCING everything.
That's what they did to us. No deferrals, just started 571'ing
everything. I sent a query to the spamblock mail address, received
autoreply and nothing else. We fin
Mail [EMAIL PROTECTED] - they are whitehat, and you'll know the
people there from spam-l.
Oh, they respond quite fast.
suresh
Mark Jeftovic writes on 10/11/2003 1:54 AM:
It seems RoadRunner is no longer deferring us or refusing our
connections... they're BOUNCING everything.
--
srs (postmaste
It seems RoadRunner is no longer deferring us or refusing our
connections... they're BOUNCING everything.
Nice.
Oct 10 16:04:28 10.0.2.42 postfix/smtp[11683]: 778A77050E:
to=<[EMAIL PROTECTED]>, relay=flmx04.mgw.rr.com[65.32.1.50], delay=5,
status=bounced (host flmx04.mgw.rr.com[65.32.1.50] sai
On Fri, 10 Oct 2003, Ray Wong wrote:
> RR has been using a lot of blocks for quite some time. Fortunately, they
> were very responsive when I mailed their abuse address as indicated on that
> URL. I gave them the allocation I was responsible for, asked for that
> subset of addresses to be unblo
> Date: Tue, 07 Oct 2003 23:33:45 -0700
> Subject: The Earth's not slowing down fast enough to suit Motorola
>
> Motorola reports that several GPS receivers in its Oncore line will
> misdisplay the date on 28 Nov 2003 at midnight UTC. For a one-second window
> the receivers will mistakenly repor
Yes, we saw this yesterday and posted to full-disclosure. Here is a sample
packet.
13:43:38.511675 xx:xx:xx:xx:xx:xx xx:xx:xx:xx:xx:xx 0800 62:
64.7.nn.yy.3512 > 16.181.zz.aa.135: S [tcp sum ok] 3772716186:3772716186(0)
win 65340 (DF) (ttl 127, id 63248, len 48)
0x 4500 0030 f710 4000
[the original mail I sent had the wrong date in the third paragraph;
this one has the right date. sorry about the confusion.]
There will be a brief introduction to PGP key signing presented in the
General Session at 11:15 a.m. on Monday, entitled "Building a Web of
Trust".
New for NANOG 29: yo
The kiddies have finally exploited the RPC SS/RPC DCOMII exploits that microsoft
patched after internal auditing. I first got word of a working exploit about a week
ago, but no real confirmation, and I put very little creedance in " I hax0rz
your b0x3n!" then scanning went exponentially through
On 10 Oct 2003, at 13:30, [EMAIL PROTECTED] wrote:
On Fri, 10 Oct 2003 13:20:16 EDT, you said:
Chicago. We have been scheduled to meet on Monday, June 2, after the
ISP Security and NSP-SEC BOF, at around 9pm in Salon F. If the BOF
runs
date/time/location check???
Arrgh. Monday 20 October, is w
I am seeing lots of scanning of port 135 on my network. 66 byte long packets. Anyone have a name for this? It is less aggressive than the welchia
scans I have seen. Seems to scan at about 3000 or so flows per 5 minutes.
Thanks
Peter Hill
Network Engineer
Carnegie Mellon
There will be a brief introduction to PGP key signing presented in the
General Session at 11:15 a.m. on Monday, entitled "Building a Web of
Trust".
New for NANOG 29: you will find stickers available at the checkin desk
which which you can stick on your name tag. The red dot means "I sign
keys"
Since the topic is mysterious rejections from MTAs, I have one from
UUNet. One of our business partners has UUNet for an ISP and is using
UUNet for a tertiary MTA. Occasionally, mail ends up going to that MTA
(quite often actually, their primary gets unresponsive from time to time
and I've _never_
In a message written on Fri, Oct 10, 2003 at 11:59:56AM -0400, Scott Stursa wrote:
> They are blocking only the server where we put undergraduate accounts,
> over 60% of which have forwarding set, most frequently to Hotmail, Yahoo
> and AOL accounts. When the spam volume coming in here gets too hig
Steven M. Bellovin writes on 10/10/2003 9:37 PM:
Out of curiousity, has anyone tried turning this over to law
enforcement? It's another form of hacking, but the money trail back
through the spammers might provide enough evidence for prosecution.
--Steve Bellovin, http://www.research.att.com/
Out of curiousity, has anyone tried turning this over to law
enforcement? It's another form of hacking, but the money trail back
through the spammers might provide enough evidence for prosecution.
--Steve Bellovin, http://www.research.att.com/~smb
On Fri, 10 Oct 2003, Suresh Ramasubramanian wrote:
> Mark Jeftovic [10/10/03 08:33 -0400]:
> >
> > I've received an email offlist that this problem should be back to
> > "pre-yesterday" conditions. It looks better on our end, as it should for
> > all else affected I would think.
>
> Our problem l
But, that requirement simply says that if at x time you query *.something
and otherwise-unmatched.something, you get the same result. It doesn't
say that if you query at *.something at x time and otherwise-unmatched
at x+5 time, you will get the same result. DNS servers can return different
answe
MessageThis is something I sent to someone offlist. I've strpped out his
name, etc.
--
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511
- Original Message -
From: Brian B
RR has been using a lot of blocks for quite some time. Fortunately, they
were very responsive when I mailed their abuse address as indicated on that
URL. I gave them the allocation I was responsible for, asked for that
subset of addresses to be unblocked, and things were fine within the day.
W
on Fri, Oct 10, 2003 at 08:47:51PM +0530, Suresh Ramasubramanian wrote:
> Set up header checks in sendmail / postfix to block all mail with
> Received: headers showing Ralsky IPs. PCRE header checks in postfix
> would be like -
Sendmail rulesets to block Ralsky:
KRalsky1 regex [EMAIL PROTEC
Title: Message
Just FYI, I am putting together another paper as we
speak on how to secure your mail servers against this type of attack.
Should be online by this afternoon at the latest.
Ok, this is where I need to ask for your guys help
as well. If anyone here has experience with postfix
He grabbed a couple of our customers' IMAIL servers, and I'm pretty sure
discovered a few weak passwords by brute force.
Bob
-Original Message-
From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED]
Sent: Friday, October 10, 2003 11:27 AM
To: Brian Bruns
Cc: Bob German; [EMAIL PROTE
> Orchestream has some of this functionality for setting the tunnels up,
> you can then use the corba interface to setup management with
> tools like SMARTS. The other problem is managing the keys, if you
> don't have a CA it will be painful if you need to change the keys. We
> have had some succe
Brian Bruns writes on 10/10/2003 8:42 PM:
Tis one of the reasons why I've disabled SMTP AUTH on all of my servers
for now. I've known about this for a few weeks now. Its not
surprising. Most of the servers cracked are Exchange servers (probably
thanks to weak passwords), but I still don't fe
Bob German writes on 10/10/2003 8:29 PM:
A colleague informed me this morning that Alan Ralsky is doing
widespread bruteforce attacks on SMTP AUTH, and they are succeeding,
mainly because it's quick, painless (for him), and servers and IDS
signatures don't generally offer protection against the
Cant speak for others, but the server that was blocked for us by Yahoo! is
ACL'd by IP address. It would be very helpful if the Yahoo! folk could
post an official explanation as to what happened so we can pass it on to
our customers. e.g. a URL somewhere on Yahoo! ?
---Mike
At 10:59
On Fri, 10 Oct 2003 10:59:46 -0400
"Bob German" <[EMAIL PROTECTED]> wrote:
> A colleague informed me this morning that Alan Ralsky is doing
> widespread bruteforce attacks on SMTP AUTH, and they are succeeding,
> mainly because it's quick, painless (for him), and servers and IDS
> signatures don'
Title: Message
Tis one of the reasons why I've disabled SMTP AUTH
on all of my servers for now. I've known about this for a few weeks
now. Its not surprising. Most of the servers cracked are Exchange
servers (probably thanks to weak passwords), but I still don't feel like taking
a chance.
Title: Message
A colleague informed
me this morning that Alan Ralsky is doing widespread bruteforce attacks on SMTP
AUTH, and they are succeeding, mainly because it's quick, painless (for him),
and servers and IDS signatures don't generally offer protection against
them.
Could this be why
Michael Heitland writes on 10/10/2003 7:41 PM:
Has anyone seen issues with hotmail receiving emails several days
after they are sent. We are not getting bounces, just long delays in
what appears to be hotmails posting to inboxes.
Yes. Since quite some time.
--
srs (postmaster|suresh)@outblaze.co
Mark Jeftovic writes on 10/10/2003 7:33 PM:
rr.com blocking our netblock since this morning now
5.7.1 Mail Refused - 216.220.40 - See
http://security.rr.com/mail_blocks.htm#security
Mail them at [EMAIL PROTECTED] - RR has good people reading it.
--
srs (postmaster|suresh)@outblaze.com // gpg
>>> Has anyone seen issues with hotmail receiving emails several days after
they are sent. We are not getting bounces, just long delays in what appears
to be hotmails posting to inboxes.
>>We've been seeing lots of server timeouts and connection resets to
hotmail.com and msn MXs over the last c
On Fri, 2003-10-10 at 08:03, Mark Jeftovic wrote:
> rr.com blocking our netblock since this morning now
>
> 5.7.1 Mail Refused - 216.220.40 - See
> http://security.rr.com/mail_blocks.htm#security
>
> Anyone else?
We got hit with same last night. Still trying to determine cause. This
page
Yes, but vice versa, I have received e-mails over the last few days that
are literally weeks old
Michael Heitland
On Fri, 2003-10-10 at 08:11, Michael Heitland wrote:
>
> Has anyone seen issues with hotmail receiving emails several days after
they are sent. We are not getting bounces, just long delays in what appears
to be hotmails posting to inboxes.
>
> Some customers have waited 2 days to see an email
Has anyone seen issues with hotmail receiving emails several days after they are sent.
We are not getting bounces, just long delays in what appears to be hotmails posting to
inboxes.
Some customers have waited 2 days to see an email reach their inbox. We have tested
this from not only our doma
rr.com blocking our netblock since this morning now
5.7.1 Mail Refused - 216.220.40 - See
http://security.rr.com/mail_blocks.htm#security
Anyone else?
--
Mark Jeftovic <[EMAIL PROTECTED]>
Co-founder, easyDNS Technologies Inc.
ph. +1-(416)-535-8672 ext 225
fx. +1-(416)-535-0237
Avleen Vig wrote:
Personally I'm in favour of specific port filtering, and charging a
(small) premium ($10 a month?) for be able to run servers on residential
broadband connections.
So you are happy to pay a $10 premium for your VoIP phone if it allows
inbound
calls?
Pete
Does anyone know, either on the east coast US, London, Stockholm,
Copenhagen, Amsterdam or Helsinki transit providers which would allow
edge/handoff interface control to different traffic classes using BGP
communities?
(for example to announce DDoS destinations and/or sources with different
com
Mark Jeftovic [10/10/03 08:33 -0400]:
>
>
> I've received an email offlist that this problem should be back to
> "pre-yesterday" conditions. It looks better on our end, as it should for
> all else affected I would think.
>
Our problem looks considerably larger than pre yesterday conditions now
I agree that Michael is "right on". The social, psychological and
financial issues are in many ways more tricky than the technical issus.
However, I think there are ways to help.
But first some history
When I signed up for Cable broadband access several years ago, I was
told, "And of course
I've received an email offlist that this problem should be back to
"pre-yesterday" conditions. It looks better on our end, as it should for
all else affected I would think.
Thanks to all who replied, compared notes and emailed offlist with
suggestions or ideas.
-mark
--
Mark Jeftovic <[EMAIL
This report has been generated at Fri Oct 10 21:48:24 2003 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table Hist
[EMAIL PROTECTED] writes on 10/10/2003 4:39 PM:
Why don't you come to the next NANOG in Miami
in February and give a presentation on how people
are doing these things? The trouble with a mailing
list discussion is that it wanders all over the place.
But at NANOG you could focus on the network
oper
>With all due respect, we have a *problem*. End user machines on
>broadband connections are being misconfigured and/or compromised in
>frightening numbers. These machines are being used for everything
>from IRC flooder to spam engines, to DNS servers to massive DDoS
>infrastructure. If the ab
>I mentioned before that it doesn't really make much sense with web
>hosting because the port can easily be changed so it's not very effective
>at all.
Stop thinking of policing the user and start
thinking of providing a security service. The
default setting of the security service might
incl
>I think it's more complicated than "prevent residential users from
>hosting servers".
You're right. As soon as we begin talking about
what all ISPs should do, we are out of the realm
of technical solutions and into the realm of
psychology and politics. After all, we first have
to convince all
> Hello,
> Does anyone have any experience with large scale production IPSEC
> tunnel deployment, where large scale is defined as over 100 net-to-net
> tunnels to different destination networks active at any time?
> If so, would such person(s) mind sharing any
> quirks/platform
* [EMAIL PROTECTED] (Andy Ellifson) [Fri 10 Oct 2003, 01:04 CEST]:
>
> And as soon as you call law enforcement what happends? The spammer is
> located offshore. Then what?
This hasn't stopped the FTC before. Recently it named a Dutch
national in a complaint: http://www.ftc.gov/opa/2003/09/fyi
Avleen,
> I want to create a mapping of IP addresses to ASN, for a specific like
> of IP addresses. Eg:
> 1.2.3.4
> 12.34.56.78
>
> etc, gathered from my system logs.
>
> What is the best way of doing this?
>
> I thought about something along the lines of:
> install routing software (zebra?
On Thu, 9 Oct 2003, Kee Hinckley wrote:
> At 10:41 PM +0300 10/9/03, Petri Helenius wrote:
> >With $100M annual revenue at stake, I would be willing to provide
> >distributed solutions
> >to this problem if you send me a reasonable fraction of that money.
>
> But can you do it without breaking th
67 matches
Mail list logo