Eventhough this article wasn't specifically regarding network operations,
it does come down to the most fundamental of network operating practices.
Create policies and the procedures that enable those policies. Then
enforce them VERY strictly.
The crucial element in the password thefts
This part:
The crucial element in the password thefts that provided access
at Cisco and elsewhere was the intruder's use of a corrupted
version of a standard software program, SSH. The program is used
in many computer research centers for a variety of tasks,
ranging from
NYT:
The crucial element in the password thefts that provided access
at Cisco and elsewhere was the intruder's use of a corrupted
version of a standard software program, SSH. The program is
used in many computer research centers for a variety of tasks,
ranging from administration of
1) Get 'Cisco guard' , too expensive ?
2) Get Arbor, Stealthflow, Esphion, too expensive ?
3) Use flow-tools, ntop, Silktools and open-source Netflow collectors
analyzers
4) Apply Ingress/Egress Filtering : RFC 2827 , uRPF, Team cymru IOS template
5) Monitor CPU/Netflow table size using SNMP
6)
Quite decent suggestions
On 5/10/05, Kim Onnel [EMAIL PROTECTED] wrote:
3) Use flow-tools, ntop, Silktools and open-source Netflow collectors
analyzers
4) Apply Ingress/Egress Filtering : RFC 2827 , uRPF, Team cymru IOS template
5) Monitor CPU/Netflow table size using SNMP
6) Request a
On Tue, 10 May 2005, Kim Onnel wrote:
: 1) Get 'Cisco guard' , too expensive ?
: 2) Get Arbor, Stealthflow, Esphion, too expensive ?
: 3) Use flow-tools, ntop, Silktools and open-source Netflow collectors
: analyzers
: 4) Apply Ingress/Egress Filtering : RFC 2827 , uRPF, Team cymru IOS
Closing people's systems down from any other software installations isn't
necessarily the solution. It can delay progress in many cases, and not
everyone has IT staff that may be as up to speed as necessary.
The requirement should be more along the lines of software designed to scan
the system
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Kim Onnel
Sent: Tuesday, May 10, 2005 4:19 AM
To: Scott Weeks
Cc: nanog@merit.edu
Subject: Re: DOS attack tracing
1) Get 'Cisco guard' , too expensive ?
2) Get Arbor, Stealthflow, Esphion, too
On 5/10/05, Hannigan, Martin [EMAIL PROTECTED] wrote:
DDOS' is rather infrequent to zero for most enterprises. That DDOS
golden banana is rather yummy with sprinkles on top. Don't get me wrong,
the DDOS problem is real, but not for everyone, and not as frequently as
it's being hyped up to be.
Hannigan, Martin wrote:
Well, this is no longer about tracing DDoS I suppose..
Good advice when DDOS' are constant. If this was a first and possibly
last for awhile, it may make sense to rely on the software tools
and a good 'SOP' with the provider instead. It really depends on
the scope of the
-Original Message-
From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED]
Sent: Tuesday, May 10, 2005 8:06 AM
To: Hannigan, Martin
Cc: Kim Onnel; Scott Weeks; nanog@merit.edu
Subject: Re: DOS attack tracing
On 5/10/05, Hannigan, Martin [EMAIL PROTECTED] wrote:
DDOS' is rather
Since about 03:00 UTC this morning I've been seeing a huge increase in IN
ANY requests for msn.com.. While my name servers have not seen much, if
any, IN ANY queries in the past, now I'm seeing ~ 50 queries/second. I'll
include a tcpdump sample below.
Actually, while I was writing this post
On Monday, May 09, 2005 5:49 PM, Richard wrote:
On Mon, May 09, 2005 at 01:35:06PM -1000, Richard wrote:
We recently experienced several DOS attacks which drove
our backbone routers CPU to 100%. The routers are not
under attack, but the router just couldn't handle the
On Tuesday, May 10, 2005 5:06 AM, Suresh wrote:
On 5/10/05, Hannigan, Martin [EMAIL PROTECTED] wrote:
DDOS' is rather infrequent to zero for most enterprises. That DDOS
golden banana is rather yummy with sprinkles on top. Don't get me
wrong, the DDOS problem is real, but not for
On Tuesday 10 May 2005 12:14, Duane Wessels wrote:
One thing I've noticed that likes to generate ANY queries is Qmail...
I guess I should've stated that these are almost all some DSL customers on our
network using their assigned DNS servers, but this traffic is just completely
out of normal;
From CNN:
The FBI confirmed Tuesday the accuracy of a New York Times report that software
on routers, computers that control the Internet, were compromised last year by
a hacker who claimed that he had infiltrated systems serving U.S. military
installations, research laboratories, and NASA.
: Eventhough this article wasn't specifically regarding network operations, it
: does come down to the most fundamental of network operating practices.
: Create policies and the procedures that enable those policies. Then enforce
: them VERY strictly.
: Folks that handle sensitive info
Correcting a typo...
Yes, the 7206vxr with whatever processor really checks out
when under any kind of real flood through it. It's big
brother, the 7304-NSE100 does as well. But the 7304-NPE100
with the PXF can forward that (d)DoS very well. Even with
fairly extensive ingress
On Tue, 2005-05-10 at 10:24 -1000, Scott Weeks wrote:
Don't give folks that have access to machines that hold sensitive
info the ability to download software unless you know they're savvy
enough to do so safely.
I don't see that as root of the problem.
To me the real problem is in the
I don't know why they even sell the NSE100. You want the
NPE with the
PXF.
Chris
No, that's backward.
The NSE100 has the PXF processor.
The NPE-G100 is a software router.
Correct, of course. Thanks.
Chris
Hank Nussbacher wrote:
I really like Google. I like what they do. But lately, their security
team is a joke. I had a problem with their POP Gmail service and the
advise I got from their Gmail team was to turn off my CA EZ antivirus
and my ZApro firewall and to try again and see if the
Right... I did mention that further down in my message. And yeah -
almost impossible to get much done when the CPU is pegged. I remember
a DOS attack demo where they used 7200s for the examples - almost
wanted to yell out try pegging the CPU with lots of traffic and THEN
try to identify /
22 matches
Mail list logo