The risk in a reputation system is collusion.
On Tue, 8 Apr 2008 19:31:47 -0400 (EDT)
Sean Donelan [EMAIL PROTECTED] wrote:
Wow, civilian satellite images are getting very sharp.
http://www.hindu.com/2008/04/07/stories/2008040759181200.htm
Using satellite images of ship movements in the area, Reliance
Globalcom identified two
On Mon, 7 Apr 2008 08:24:54 -0700 (PDT)
Lucy Lynch [EMAIL PROTECTED] wrote:
On Mon, 7 Apr 2008, Bill Woodcock wrote:
On Mon, 7 Apr 2008, Glen Kent wrote:
says the solemn headline of Telegraph.
.. and we in Nanog are still discussing IPv6! ;-)
It's because we don't
On Mon, 7 Apr 2008 23:51:55 +0800 (CST)
Joe Shen [EMAIL PROTECTED] wrote:
hi,
Sharing internet access bandwidth between multiple
computers is common today.
Usually, bandwidth sharer bought a little router
with NAT/PAT function. After connecting that box to a
ADSL/LAN access
On Sat, 5 Apr 2008 01:02:24 -0400
Christopher Morrow [EMAIL PROTECTED] wrote:
On Fri, Apr 4, 2008 at 9:51 PM, Paul Vixie [EMAIL PROTECTED] wrote:
(i'd hate to think that everybody would have to buy
roberts' (anagran's) Fast Flow Technology at every node of their
network to make this
On Fri, 4 Apr 2008 17:21:41 -0400
David Diaz [EMAIL PROTECTED] wrote:
TIPS:
New York is a wonderful city, however, as with any large city travel
safely
-Do not use your iPod white ear pieces. Especially on the
subway at night
-Travel in groups or with a local
-Know where you are going
On Sun, 30 Mar 2008 13:03:18 +0800
Adrian Chadd [EMAIL PROTECTED] wrote:
Oh, and kernel hz tickers can have similar effects on network
traffic, if the application does dumb stuff. If you're (un)lucky then
you may see 1 or 2ms of delay between packet input and scheduling
processing. This
On 30 Mar 2008 21:00:25 +
Paul Vixie [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] (Buhrmaster, Gary) writes:
... feed tcp throughput equation into your favorite search
engine for a lot more references.=20
There has been a lot of work in some OS stacks
(Vista and recent linux
On Mon, 24 Mar 2008 23:13:25 -0400
Rodrick Brown [EMAIL PROTECTED] wrote:
They're a few companies that specialize in DDOS protection type
services one company that comes to mind is Prolexic and their IPN
infrastructure protection service. Prolexic will basically absorbs all
attacks filter
On Mon, 25 Feb 2008 01:49:51 -0500 (EST)
Sean Donelan [EMAIL PROTECTED] wrote:
On Mon, 25 Feb 2008, Steven M. Bellovin wrote:
How about state-of-the-art routing security?
The problem is what is the actual trust model?
Are you trusting some authority to not be malicious or never make
On Sun, 24 Feb 2008 20:42:51 -0500
Patrick W. Gilmore [EMAIL PROTECTED] wrote:
4: With state of the art security and operations.
I think we agree, but I wouldn't have said it like that.
How about state-of-the-art routing security?
Seriously -- a number of us have been warning that this
On Tue, 19 Feb 2008 06:27:52 GMT
Paul Ferguson [EMAIL PROTECTED] wrote:
And thirdly is a figure that some folks may already be aware of; the
fact that identity theft was the number one source of consumer
fraud complaints submitted to the U.S. Federal Trade Commission
in 2007.
According
On Mon, 11 Feb 2008 14:15:20 -0800
Justin Pauler - Lists [EMAIL PROTECTED] wrote:
Hello everyone...
I realize this isn't the right forum for this, so, does anyone have a
Blackberry list that has discussions much like what we do here? Even
better, that might have information or alerts for
On Thu, 7 Feb 2008 15:29:38 -0500
Jason Seemann [EMAIL PROTECTED] wrote:
Thats exactly what they want you to think!
No, it's perfectly legitimate. It's the anchor from the USS Jimmy
Carter... (Nuclear submarines do indeed have anchors; see
On Tue, 05 Feb 2008 10:11:13 -0600
Frank Coluccio [EMAIL PROTECTED] wrote:
Today's MIT Technology Review newsletter contains an article by John
Borland, aided in large part by Tim Strong of Telegeography Research,
covering the recent spate of submarine cable failures in the ME:
Analyzing
On Sun, 3 Feb 2008 22:56:39 -0500 (EST)
Sean Donelan [EMAIL PROTECTED] wrote:
Caution: upon further research it appears there may be some language
misscommunication in some of the reports; and some of the outages may
be multiple reports of the same incidents.
There's an interesting article at
http://www.nytimes.com/aponline/technology/AP-Internet-Outages-Cables.html
on cable chokepoints.
On Fri, 1 Feb 2008 14:21:00 -0800
Scott Francis [EMAIL PROTECTED] wrote:
On Feb 1, 2008 6:37 AM, Suresh Ramasubramanian [EMAIL PROTECTED]
wrote:
http://www.marketwatch.com/news/story/third-undersea-cable-reportedly-cut/story.aspx?guid={1AAB2A79-E983-4E0E-BC39-68A120DC16D9}
We had
On Fri, 1 Feb 2008 22:42:02 -
Rod Beck [EMAIL PROTECTED] wrote:
Well, when you have all these cables running through narrow straits
or converging to the same stretch of beach, it does not strike me as
at all extraordinary.
But they aren't near each other.
On Fri, 1 Feb 2008 23:07:16 -
Rod Beck [EMAIL PROTECTED] wrote:
Hi Steve,
TransAtlantic cables average three repairs a year. That's the
industry average. So given 7 high capacity cable systems, that's 21
repairs a year.
Now, not all damaged cables go out of service. In fact, most
Today's NY Times reports that the problem was caused by two
near-simultaneous cable failures:
http://www.nytimes.com/2008/01/31/business/worldbusiness/31cable.html
On Thu, 31 Jan 2008 13:20:07 -
Rod Beck [EMAIL PROTECTED] wrote:
Cables are mostly damaged by fishing in coastal areas (continental
shelf) or by deep undersea currents that erode the polyurethane
jacket that protects them. So it is crucial that the cable be buried
at least one meter and
On Thu, 17 Jan 2008 15:45:24 -0500
[EMAIL PROTECTED] wrote:
On Thu, 17 Jan 2008 09:15:30 CST, Joe Greco said:
make this a killer. That could include things such as firewall
rules/ACL's, recursion DNS server addresses, VPN adapters, VoIP
equipment with stacks too stupid to do DNS, etc.
On Thu, 17 Jan 2008 17:35:30 -0500
[EMAIL PROTECTED] wrote:
On Thu, 17 Jan 2008 21:29:37 GMT, Steven M. Bellovin said:
You don't always want to rely on the DNS for things like firewalls
and ACLs. DNS responses can be spoofed, the servers may not be
available, etc. (For some reason
On Wed, 9 Jan 2008 21:54:55 -0600
Frank Bulk - iNAME [EMAIL PROTECTED] wrote:
I'm not aware of any modern cable modems that operate at 10 Mbps.
Not that they couldn't set it at that speed, but AFAIK, they're all
10/100 ports.
Yup. I've measured 11M bps on file transfers from my office to
On Sat, 22 Dec 2007 12:29:54 +0900
Randy Bush [EMAIL PROTECTED] wrote:
simon, there are a million chances. and we are notoriously bad at
predicting any of them more than a year or so out.
In general, you're right. But we have ~60 years of experience teaching
us that *every* successful
On Fri, 21 Dec 2007 08:48:35 -0600 (CST)
Joe Greco [EMAIL PROTECTED] wrote:
I keep coming to the conclusion that an end-user can be made to work
on a /64, even though a /56 is probably a better choice.
A /56 is definitely better. Of course, I used to have 4 LANs just in
my house (wired,
On Fri, 21 Dec 2007 02:13:17 +
Greg Skinner [EMAIL PROTECTED] wrote:
Personally, I have trouble accepting some of the claims the
geotargeting companies have made, such as Quova's 99.9% to the country
level, and 95% to the US state level. ( More info at
On Tue, 18 Dec 2007 12:14:52 +0100
Iljitsch van Beijnum [EMAIL PROTECTED] wrote:
On 18 dec 2007, at 6:37, Steven M. Bellovin wrote:
In a slightly more realistic vein, a huge address space makes life
harder for scanning worms. As Angelos Keromytis, Bill Cheswick,
and I have pointed out
On Mon, 17 Dec 2007 15:29:21 -0800
Christopher Morrow [EMAIL PROTECTED] wrote:
how does it improve data security exactly?
Back in 1994, it was expected to be true because v6 would mandate
IPsec, and v6 would be deployed long before the installed base of v4
machines would be upgraded to IPsec.
On Wed, 14 Nov 2007 09:05:32 -0800
Mike Lyon [EMAIL PROTECTED] wrote:
Curious. Has anyone on the list here ever encountered issues while
traveling in EMEA accessing SSL websites back in the states while
using an ATT/Cingular GSM data card? We are seeing some issues with
this and were
On Mon, 5 Nov 2007 23:46:08 -0800
Christopher Morrow [EMAIL PROTECTED] wrote:
On 11/5/07, Eliot Lear [EMAIL PROTECTED] wrote:
Cough. So, how much is that NXDOMAIN worth to you?
So, here's the problem really... NXDOMAIN is being judged as a
'problem'. It's really only a 'problem'
Somewhat OT, but this audience will appreciate it more than most. This
item appeared in RISKS Digest.
Date: Mon, 5 Nov 2007 09:55:50 +0100
From: Stefan Alfredsson [EMAIL PROTECTED]
Subject: Cellphone in USB charger became default route
His cellphone charger was broken, so 17 year old
On Mon, 5 Nov 2007 11:17:29 -0800
David Conrad [EMAIL PROTECTED] wrote:
On Nov 5, 2007, at 8:23 AM, David Lesher wrote:
What affect will Allegedly Secure DNS have on such provider
hijackings, both of DNS and crammed-in content?
If what Verizon is doing is rewriting NXDOMAIN at their
On Sun, 4 Nov 2007 11:52:11 -0500 (EST)
Sean Donelan [EMAIL PROTECTED] wrote:
And for all the other non-Web protocols which get confused, can treat
that artificially generated crap/answers like NXDOMAIN. Yes, I know
it sounds like the evil bit; but if these folks are so convinced
people
According to
http://torrentfreak.com/comcast-throttles-bittorrent-traffic-seeding-impossible/
Comcast's blocking affects connections to non-Comcast users. This
means that they're trying to manage their upstream connections, not the
local loop.
For Comcast's own position, see
On Sun, 21 Oct 2007 13:03:11 -0400 (EDT)
Sean Donelan [EMAIL PROTECTED] wrote:
http://www.multichannel.com/article/CA6332098.html
The short answer: Badly. Based on the research, conducted by Terry
Shaw, of CableLabs, and Jim Martin, a computer science professor at
Clemson
On Mon, 8 Oct 2007 16:06:52 -0700
David Conrad [EMAIL PROTECTED] wrote:
Hi,
On Oct 8, 2007, at 2:48 PM, Scott Weeks wrote:
However, if it's less than a /24 it won't get very far as most
upstreams block prefixes longer than a /24.
I'm curious: a couple of people have indicated they
On Thu, 20 Sep 2007 14:41:16 -0500
Brandon Galbraith [EMAIL PROTECTED] wrote:
On 9/20/07, James R. Cutler [EMAIL PROTECTED] wrote:
Kerberos does not assume clock synchronization.
Kerberos requires reasonable clock synchronization.
And, as near as I can tell, clock synchronization is
On Tue, 18 Sep 2007 13:51:55 -0400
[EMAIL PROTECTED] wrote:
On Tue, 18 Sep 2007 09:27:32 PDT, Bora Akyol said:
It is not dependent on time. You'd like a protocol to be self
sufficient if at all possible.
Moving the vulnerability of one protocol to another is not highly
desirable
On Mon, 3 Sep 2007 21:21:26 -0400
Joe Abley [EMAIL PROTECTED] wrote:
On 3-Sep-2007, at 1328, [EMAIL PROTECTED] wrote:
Spurred on by a widespread belief that TCP is showing its age and
needs replacing
I don't mean to hijack this thread unnecessarily, but this seems like
an
On Sat, 18 Aug 2007 17:09:10 GMT
Paul Ferguson [EMAIL PROTECTED] wrote:
They don't even have to touch the hardware. :-)
http://www.wired.com/science/discoveries/news/2006/11/72051
Did you see what the GAO found when they audited the US-VISIT network?
The summary is at
On Mon, 06 Aug 2007 11:57:08 -0400
[EMAIL PROTECTED] wrote:
On Mon, 06 Aug 2007 11:53:15 EDT, Drew Weaver said:
Is it a fairly normal practice for large companies such as Yahoo!
And Mozilla to send icmp/ping packets to DNS servers? If so, why?
Sounds like one of the global-scale load
On Sun, 22 Jul 2007 14:56:13 -0700
Andrew Matthews [EMAIL PROTECTED] wrote:
It looks like cox is hijacking dns for irc servers.
And people wonder why I support DNSsec
--Steve Bellovin, http://www.cs.columbia.edu/~smb
On Sun, 22 Jul 2007 21:40:05 -0400
Patrick W. Gilmore [EMAIL PROTECTED] wrote:
On Jul 22, 2007, at 9:29 PM, Steven M. Bellovin wrote:
On Sun, 22 Jul 2007 14:56:13 -0700
Andrew Matthews [EMAIL PROTECTED] wrote:
It looks like cox is hijacking dns for irc servers.
And people wonder
Several people have email me privately to disagree with my statement
about DNSSEC, on various grounds. I stand by my statement, but I am
making a fair number of assumptions, some perhaps invalid. Let me be
less terse.
I'm assuming fairly universal deployment. In other words, the root
zone is
On Thu, 28 Jun 2007 13:27:15 -0400
John Curran [EMAIL PROTECTED] wrote:
At 10:16 AM -0700 6/28/07, Randy Bush wrote:
Interoperability is achieved by having public facing
servers reachable via IPv4 and IPv6.
that may be what it looks like from the view of an address allocator.
On Thu, 28 Jun 2007 12:23:30 -0700
brett watson [EMAIL PROTECTED] wrote:
On Jun 28, 2007, at 11:44 AM, Steven M. Bellovin wrote:
Whatever -- it
exists as a reasonably stable design; starting over would cost us 15
more years that we just don't have.)
Are you saying we
On Thu, 28 Jun 2007 17:46:53 -0400
[EMAIL PROTECTED] wrote:
On Thu, 28 Jun 2007 13:08:52 PDT, Bora Akyol said:
At a very low, hardware centric level, IPv6 would be a lot easier to
implement if
1) The addresses were 64 bits instead of 128 bits.
2) The extension headers architecture
On Mon, 04 Jun 2007 22:06:25 -0400
Daniel Senie [EMAIL PROTECTED] wrote:
At 09:07 PM 6/4/2007, Jason Lewis wrote:
I figured SMB would chime in...but his research says it's not so
anonymous.
http://illuminati.coralcdn.org/docs/bellovin.fnat.pdf
The traffic load on this list is rather
On Wed, 23 May 2007 16:02:35 -0400
Jared Mauch [EMAIL PROTECTED] wrote:
On Wed, May 23, 2007 at 07:08:21PM +, Chris L. Morrow wrote:
On Wed, 23 May 2007, Joe Abley wrote:
Oh! That was a really old message I just replied to. Mail got
kidnapped in a rogue barracuda, it
On Wed, 16 May 2007 09:20:48 -0400
Joe Maimon [EMAIL PROTECTED] wrote:
What should I expect?
I am seeing ~350 from a vendor provided mpls cloud to a site in
Sukhrali Chowk, Gurgaon, Haryana, India
Thanks,
Joe
What does traceroute show? I was doing some looking glass tests
recently to some
On Fri, 11 May 2007 10:42:14 -0400
Jason Frisvold [EMAIL PROTECTED] wrote:
On 5/11/07, Brandon Galbraith [EMAIL PROTECTED] wrote:
My understanding was data you had needed to be turned over when
requested, but CALEA provides no specification/guidance on log
retention.
Agreed. My
On Fri, 11 May 2007 10:52:21 -0400
William Allen Simpson [EMAIL PROTECTED] wrote:
David Lesher wrote:
Speaking on Deep Background, the Press Secretary whispered:
You work so hard to defend people that exploit children?
Interesting. We are talking LEA here and not the latest in
On Fri, 11 May 2007 12:17:04 -0400
Jared Mauch [EMAIL PROTECTED] wrote:
If there is interest, perhaps I can make a call to DoJ and
see if someone can present on CALEA at nanog in a few weeks? (incase
the PC can accomodate them).
And perhaps someone from CDT? I mean that in all
On Fri, 11 May 2007 12:47:56 -0700 (GMT-07:00)
Todd Glassey [EMAIL PROTECTED] wrote:
Gee Steven, that's what everyone thought prior to a Federal Judge
ordering Microsoft to produce seven years of Email...
We're getting off-topic here, but I'll respond.
First -- the context of the
On Thu, 10 May 2007 16:03:49 -0400
William Allen Simpson [EMAIL PROTECTED] wrote:
Congress authorized CALEA (and there is also argument about whether
the recent expansion to ISPs was authorized at all), it cannot be
required of the public until Congress *appropriates* the funds, and
they
On Sun, 06 May 2007 20:27:20 -0400
Joe Maimon [EMAIL PROTECTED] wrote:
Lincoln Dale wrote:
traceroute/tcptraceroute show packet loss and MUCH higher rtt than
the corresponding direct pings on the reported hop entries.
Is this some sort of massaging or plain just faking it? Or is
On Mon, 30 Apr 2007 16:12:16 +0100
Randy Bush [EMAIL PROTECTED] wrote:
Collector: CIXP
Prefix: 128.0.0.0/2
oh. any prefix of use is longer and hence is preferred
Right. Think of it as the world's largest packet telescope.
--Steve Bellovin,
On Tue, 24 Apr 2007 09:24:13 -0700
Jim Shankland [EMAIL PROTECTED] wrote:
(2) Getting this kind of throughput seems to depend on a fast
physical layer, plus some link-layer help (jumbo packets), plus
careful TCP tuning to deal with the large bandwidth-delay product.
The IP layer sits between
On Thu, 19 Apr 2007 12:00:53 -0400
Warren Kumari [EMAIL PROTECTED] wrote:
There was also an issue where one of the large manufacturers of
(binary) CAMs received a batch of polyimide that was contaminated
with an alpa-emitter (for some reason thorium oxide springs to mind)
and their quality
On Thu, 12 Apr 2007 11:20:18 +0200
Iljitsch van Beijnum [EMAIL PROTECTED] wrote:
Dear NANOGers,
It irks me that today, the effective MTU of the internet is 1500
bytes, while more and more equipment can handle bigger packets.
What do you guys think about a mechanism that allows hosts
On Thu, 12 Apr 2007 16:12:43 +0200
Florian Weimer [EMAIL PROTECTED] wrote:
* Steven M. Bellovin:
A few years ago, the IETF was considering various jumbogram options.
As best I recall, that was the official response from the relevant
IEEE folks: no. They're concerned with backward
On Tue, 10 Apr 2007 11:56:57 +0200
Alex Le Heux [EMAIL PROTECTED] wrote:
[Apologies for duplicate emails]
Dear Colleages,
The IANA recently allocated the IPv4 address ranges 92/8 and 93/8 to
the RIPE NCC.
The following pingable addresses are now available in these blocks:
On Fri, 30 Mar 2007 19:44:23 -0700
Jeff Shultz [EMAIL PROTECTED] wrote:
So, is there a list of domains that we could null-route if we could
convince our DNS managers to set us up as the SOA for those domains
on our local DNS servers - thus protecting our own customers somewhat?
I won't
Begin forwarded message:
Date: Fri, 09 Mar 2007 16:34:36 -0500
From: The IESG [EMAIL PROTECTED]
To: IETF-Announce ietf-announce@ietf.org
Cc: idr mailing list idr@ietf.org, idr chair
[EMAIL PROTECTED],Internet Architecture Board
iab@iab.org,RFC Editor rfc-editor@rfc-editor.org
On Sun, 4 Mar 2007 07:46:12 -0800
Barry Greene (bgreene) [EMAIL PROTECTED] wrote:
To 'globally' monitor, we have
http://www.cymru.com/BGP/robbgp-bogon.html and
http://www.cymru.com/BGP/asnbogusrep.html and
http://www.cidr-report.org/ and http://www.routeviews.org/ and
On Fri, 2 Mar 2007 15:37:01 -0600
Eric Ortega [EMAIL PROTECTED] wrote:
I think Sean raises a good point. I guess the larger picture is what
are we trying to protect and what are trying to protect that from.
Bingo.
The problem isn't with security people, it's with security people
who use
On Fri, 02 Mar 2007 21:08:58 -0500
Jim Popovitch [EMAIL PROTECTED] wrote:
On Fri, 2007-03-02 at 17:58 -0800, Ashe Canvar wrote:
Could someone from Comcast please contact us
([EMAIL PROTECTED]).
Customers behind Comcast on the east coast cannot get to our
216.219.126.0 prefix in Santa
On Thu, 01 Mar 2007 14:22:37 + (GMT)
Chris L. Morrow [EMAIL PROTECTED] wrote:
On Thu, 1 Mar 2007, Jon Lewis wrote:
On Wed, 28 Feb 2007, Eric Ortega wrote:
I'd like to thank the group for the responses and help with this
issue. I find it ironic that Randy's study actually uses
On Wed, 28 Feb 2007 19:55:37 -0800
Brian [EMAIL PROTECTED] wrote:
a small number of wifi users with a card in a laptop to get to
cellular broadband, itd be pretty easy..
You might want to check the terms of service for cellular broadband
-- it's certainly not permitted by Verizon for the
On Mon, 12 Feb 2007 15:05:45 -0500
Barry Shein [EMAIL PROTECTED] wrote:
In the late 60s I remember having an interesting conversation with
someone who did this kind of strategizing for the Dept of Civil
Defense.
His scenarios were markedly diferent from the urban folklore you'd
hear from
On Mon, 12 Feb 2007 17:12:56 -0500
Barry Shein [EMAIL PROTECTED] wrote:
Of course, but the point was the goal of that targetting. The US
public by and large believed, and seems to still believe (i.e., the TV
show Jericho) that the goal of a USSR attack was purely vindictive,
complete
On Sat, 10 Feb 2007 23:36:32 -0600
Stasiniewicz, Adam [EMAIL PROTECTED] wrote:
Another time I was do some consulting work for a NPO. I was going
over the findings of my audit and I told the IT manager that all of
his machines were missing patches. His response: we only install
service
On Sun, 11 Feb 2007 10:49:30 -0600
Dave Pooser [EMAIL PROTECTED] wrote:
He was both right and wrong -- patches do break a lot of stuff. He
was facing two problems: the probability of being off the air
because of an attack versus the probability of being off the air
because of bad
On Wed, 7 Feb 2007 10:17:34 -0800
Aaron Glenn [EMAIL PROTECTED] wrote:
On 2/7/07, Alexander Harrowell [EMAIL PROTECTED] wrote:
A caveat - Ndex 4 is usually situation normal, members bored and
discussing the relative merits of the Chicago and Kansas City cable
tie knots.
to be
On Sat, 03 Feb 2007 13:29:13 -0600
Carl Karsten [EMAIL PROTECTED] wrote:
Sure I could route dns queries out through a ssh tunnel but the
latency makes this kind of thing unusable at times. instead of an
ssh tunnel, how about simple port forwarding?
/etc/resolv.conf
nameserver
On Mon, 29 Jan 2007 19:57:24 -0500
Joseph S D Yao [EMAIL PROTECTED] wrote:
On Wed, Jan 24, 2007 at 01:48:04PM -, [EMAIL PROTECTED] wrote:
...
IPv6 makes NAT obsolete because IPv6 firewalls can provide all
the useful features of IPv4 NAT without any of the downsides.
...
IPv6
Don't include the email you're responding to then it's no longer top
posting, plus you can still read the archive easily.
It would be nice if mailing list software added the archive URL to all
email forwarded. Then people could easily say
In
According to
http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-Block.html
all of Qatar appears on the net as a single IP address. I don't know
if it's NAT or a proxy that you need to use to get out to the world,
but whatever the exact cause, it had a predictable consequence -- the
On Thu, 4 Jan 2007 00:53:23 +0100
Iljitsch van Beijnum [EMAIL PROTECTED] wrote:
On 4-jan-2007, at 0:31, Steven M. Bellovin wrote:
According to
http://www.nytimes.com/aponline/technology/AP-TechBit-Wikipedia-
Block.html all of Qatar appears on the net as a single IP address.
I wonder
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 2 Jan 2007 07:16:42 -1000
Randy Bush [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
I would be glad to run the script but I just want to verify that it
was you who sent it.
darned good point, ron. blush
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, 2 Jan 2007 12:48:29 -0500
Marshall Eubanks [EMAIL PROTECTED] wrote:
In the spirit of trust, but verify, I preferred to read the script.
As did I, when Randy sent it to me earlier for testing...
--Steve Bellovin,
On Tue, 2 Jan 2007 21:48:29 GMT
Fergie [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
They took their systems offline a few weeks ago:
http://www.fcw.com/article97160-12-19-06-Web
Right -- something's definitely going on on that part of the world.
See
On Wed, 20 Dec 2006 22:48:06 -0500
Edward Lewis [EMAIL PROTECTED] wrote:
Yeah, granted anyone looking for myspace might meet that demographic,
but how many neophytes would use Google for a IP Who Is search?
That's the listing I thought odd.
Maybe it's a script written and run by someone
On Fri, 01 Dec 2006 16:02:55 + (GMT)
Chris L. Morrow [EMAIL PROTECTED] wrote:
On Fri, 1 Dec 2006, Andy Davidson wrote:
RIPE will be accepting requests for 32-bit ASNs from 1/1/07,
according to an email to ncc-services two weeks ago. It does not
feel too early to start to
both.
The network had added to it a self-cleaning function. Think of it as
one long continuous sneeze.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Does anyone have any recommendations for Ethernet tap devices? Please
reply privately; I'll summarize if there's interest.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
attacks. Are those that large
a portion of the attacks people are seeing?
I agree that anti-spoofing is a good idea, and I've said so for a long
time. I was one of the people who insisted that ATT do it, way back
when. But I'm not convinced it's a major factor here.
--Steven M
On Thu, 26 Oct 2006 17:07:32 +0200, Florian Weimer [EMAIL PROTECTED]
wrote:
* Steven M. Bellovin:
As you note, the 20-25% figure (of addresses) has been pretty constant
for quite a while. Assuming that subverted machines are uniformly
distributed (a big assumption)
I doubt
, we had to wait close to two hours because of congestion at U.S.
Immigration. (Of course, that was the way home -- folks going into Canada
had virtually no wait, as best we could see...)
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
to be somewhere. A company-issued ID (at most)
proves that you work for some company that may or may not (a) be present
at the COLO, and (b) may or may not be there for legitimate reasons.
What's necessary here is *permission*.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
as the binary number 1010 is 10 base 10.
Surely that has to mean something! (Well, I just made it up, but it
sounds goodd)
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
FYI. This RFC was inspired by comments at the last NANOG on the
operational problems with 2385.
Begin forwarded message:
Date: Thu, 28 Sep 2006 16:54:00 -0400
From: The IESG [EMAIL PROTECTED]
To: IETF-Announce ietf-announce@ietf.org
Subject: Last Call: 'Key Change Strategies for TCP-MD5'
, and thought better of it,
even though they weren't to blame...
Somebody actually reads those???
While in general I agree with your point, this case may be different -- it
may be governed by the contract Rick has with InterNAP.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
been a popular alternative for
years.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
On Fri, 22 Sep 2006 19:29:31 -0400, Joseph S D Yao [EMAIL PROTECTED]
wrote:
Not having committed the maths to heart, I might be able to explain it a
little differently.
Well, yes, I did just teach the RSA equations to my Network Security
class
--Steven M. Bellovin
Paul, what exponent does the new key use? (I clicked on the public key
link, but I can't decode the base64 that easily...)
does, but I ended up in a maze of twisty
little indirect function calls. But almost anything is going to be better
than 3. (I'm probably going to write a BCP on that.)
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
the (proposed? built?) circum-Africa oceanic cable, with drops to
each (coastal) country? Avoid the politics and instability of depending
on a neighbor.
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
1 - 100 of 363 matches
Mail list logo