On 2010-01-05 03:17, Tim Eberhard wrote:
Kinda funny you state that Roland. I know of at least two very large
carriers that uses Netscreens (and soon SRX's) for their DoS/DDoS
mitigation.
You mean Juniper SRX? The biggest box is a 5800, and it can handle
up to 350k new sessions each second, up
On Thu, Jan 7, 2010 at 5:04 AM, Mike mike-na...@tiedyenetworks.com wrote:
We just had a qwest outage of about 2 mins at 1:41am pst. When I called to
report it I was told it was a 200+ emergency software upgrade due to a
security concern, and that we will get a notice later after the fact.
-Original Message-
From: Łukasz Bromirski [mailto:luk...@bromirski.net]
Sent: Saturday, January 09, 2010 6:11 AM
You mean Juniper SRX? The biggest box is a 5800, and it can handle
up to 350k new sessions each second, up to maximum of 10 million
(let's skip the fact that it's not
Paul Wall wrote:
On Thu, Jan 7, 2010 at 5:04 AM, Mike mike-na...@tiedyenetworks.com wrote:
We just had a qwest outage of about 2 mins at 1:41am pst. When I called to
report it I was told it was a 200+ emergency software upgrade due to a
security concern, and that we will get a notice later
On Jan 9, 2010, at 9:57 PM, Stefan Fouant wrote:
Firewalls do have their place in DDoS mitigation scenarios, but if used as
the ultimate solution you're asking for trouble.
In my experience, their role is to fall over and die, without exception. I
can't imagine what possible use a stateful
-Original Message-
From: Dobbins, Roland [mailto:rdobb...@arbor.net]
Sent: Saturday, January 09, 2010 10:03 AM
On Jan 9, 2010, at 9:57 PM, Stefan Fouant wrote:
Firewalls do have their place in DDoS mitigation scenarios, but if
used as
the ultimate solution you're asking for
On Sat, 09 Jan 2010 07:00:42 -0800, Mike wrote:
Qwest NEVER EVER provides SLA adjustments, no longer how long it's down
or what their own role in it being down is. They toss it from department
If they honored every SLA adjustment they would not be able to pay the current
stockholders a 6.8%
We should circle up one day, I would love to provide you with some new
experiences. There is no sense in chalk talking it, too often I also
disagree with new ideas until I see them in action.
Best regards, Jeff
On Sat, Jan 9, 2010 at 10:03 AM, Dobbins, Roland rdobb...@arbor.net wrote:
In my
On Sat, Jan 9, 2010 at 9:37 AM, Paul Wall pauldotw...@gmail.com wrote:
On Thu, Jan 7, 2010 at 5:04 AM, Mike mike-na...@tiedyenetworks.com
wrote:
We just had a qwest outage of about 2 mins at 1:41am pst. When I called
to
report it I was told it was a 200+ emergency software upgrade due to a
I think we are over looking what an enterprise class firewall accomplishes
from a security perspective and what a firewalls function is in the overall
security posture of a network.
First, statefull inspection by itself is not the only security feature of a
firewall, it is one security feature of
Some NDA's require that you must state your intent for each
communication that should be covered by the NDA. As much as everyone
would like to believe these are wothless, they are not. Applying them
globally to your email protects your legal rights. It is also
innocous.
Don't them it if you
Hi to all,
I have try to check BGP traffic behaviors related to recent VISPA ISP DDOS.
For this task I have using BGplay and I need feedback about my analysis. If
you are interested check
http://extraexploit.blogspot.com/2010/01/trying-to-analyze-vispa-isp-outage_08.html
Thank you for your
Some NDA's require that you must state your intent for each
communication that should be covered by the NDA.
I can believe that such NDAs may exist, but I'm pretty sure I didn't
sign one as a condition of subscribing to nanog. In reality,
boilerplate confidentiality notices merely document the
On Jan 10, 2010, at 12:57 AM, Jeffrey Lyon wrote:
I would love to provide you with some new experiences.
I get new experiences of this type and plenty of new ideas every day, thanks.
;
---
Roland Dobbins rdobb...@arbor.net
On Jan 10, 2010, at 5:51 AM, harbor235 wrote:
Other security features in an Enterprise Class firewall;
-Inside source based NAT, reinforces secure traffic flow by allowing
outside to inside flows based on
configured translations and allowed security policies
Terrible from an
Martin Hannigan wrote:
Some NDA's require that you must state your intent for each
communication that should be covered by the NDA. As much as everyone
would like to believe these are wothless, they are not. Applying them
globally to your email protects your legal rights. It is also
Dobbins, Roland wrote:
Firewalls do have their place in DDoS mitigation scenarios, but if used as
the ultimate solution you're asking for trouble.
In my experience, their role is to fall over and die, without
exception.
That hasn't been my experience but then I'm not selling anything that
Well, sure. So don't read the notice then.
The point is that rather than try to enforce agreements individually,
automatically slapping the notices on is not so unreasonable all
considered.
While it may be annoying, its not baseless. It certaintly isn't
useless in discovery.
YMMV.
Best,
-M
I never said otherwise. I did say that from a liability standpoint it
is reasonable to inject it and everyone who can ignore it should
simply ignore it.
Best,
-M
On 1/9/10, joel jaeggli joe...@bogus.com wrote:
Martin Hannigan wrote:
Some NDA's require that you must state your intent for
On Jan 10, 2010, at 9:03 AM, Roger Marquis wrote:
That hasn't been my experience but then I'm not selling anything that might
have a lower ROI than firewalls, in small to mid-sized installations.
I loudly evinced this position when I worked for the world's largest firewall
vendor, so that
I haven't tested the code myself, but no reason to think it doesn't work.
Consider this your exploits are in the wild notice.
--
bk
Dobbins, Roland wrote:
Firewalls are not designed to mitigate large scale DDoS, unlike
Arbors, but they do a damn good job of mitigating small scale
attacks of all kinds including DDoS.
Not been my experience at all - quite the opposite.
Ok, I'll bite. What firewalls are you referring to?
On Sat, Jan 9, 2010 at 8:09 PM, Martin Hannigan
mar...@theicelandguy.com wrote: ..
is reasonable to inject it and everyone who can ignore it should
simply ignore it.
confidentiality notices are non-innocuous for recipients who pay per
kilobyte for data service, or who are frustrated by time
On Jan 10, 2010, at 10:05 AM, Roger Marquis wrote:
Ok, I'll bite. What firewalls are you referring to?
Hardware-based commercial firewalls from the major vendors, open-source/DIY,
and anything in between. All stateful firewalls ever made, period (as
discussed previously in the thread).
On Sat, Jan 9, 2010 at 10:21 PM, Dobbins, Roland rdobb...@arbor.net wrote:
On Jan 10, 2010, at 10:05 AM, Roger Marquis wrote:
Have you noticed how easily Drupal servers go down with corrupt MyISAM
tables? How would S/RTBH and/or flow-spec protect against that?
We're talking about DDoS
And here is the direct link for anyone who's interested:
http://lists.grok.org.uk/pipermail/full-disclosure/2010-January/072340.html
- Original Message
From: Brian Keefer ch...@smtps.net
To: NANOG list nanog@nanog.org
Sent: Sun, 10 January, 2010 2:59:50
Subject: JunOS remote DoS code
On Jan 10, 2010, at 10:33 AM, Christopher Morrow wrote:
separate the portions of the pie... only let the attack break the minimal
portion of your deployment. Use the right tool in the right place.
An excellent point. A Web front-end server should be that - merely the
front-end.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi,
Martin Hannigan wrote:
On Sat, Jan 9, 2010 at 9:37 AM, Paul Wall pauldotw...@gmail.com wrote:
On Thu, Jan 7, 2010 at 5:04 AM, Mike mike-na...@tiedyenetworks.com
wrote:
We just had a qwest outage of about 2 mins at 1:41am pst. When I
The point is that rather than try to enforce agreements individually,
automatically slapping the notices on is not so unreasonable all
considered.
While it may be annoying, its not baseless. It certaintly isn't
useless in discovery.
Once again, I would be most interested in any statute or case
On Sat, Jan 9, 2010 at 6:27 PM, Martin Hannigan
mar...@theicelandguy.com wrote:
Some NDA's require that you must state your intent for each
communication that should be covered by the NDA. As much as everyone
would like to believe these are wothless, they are not. Applying them
globally to
Other security features in an Enterprise Class firewall;
-Inside source based NAT, reinforces secure traffic flow by allowing
outside to inside flows based on
configured translations and allowed security policies
Terrible from an availability perspective, troubleshooting perspective,
Dobbins, Roland wrote:
See here for a high-profile example:
http://files.me.com/roland.dobbins/k54qkv
Reads like a sales pitch to me. No apples to apples comparisons, nothing
like an ANOVA of PPS, payload sizes, and other vectors across different
types of border defenses. Your presentation
Firewalls are not designed to mitigate large scale DDoS,
Generally speaking, if it didn't being the firewall to its knees, it
wasn't a DoS. It was just sort of an annoying attempt at a DoS.
I think that more or less the definition of a DoS is one that exploits
the resource limitations of
On Jan 10, 2010, at 1:22 PM, harbor235 wrote:
Again, a firewall has it's place just like any other device in the network,
defense in depth is a prudent philosophy to reduce the chances of
compromise, it does not eliminate it nor does any architecture you can
think of, period
What a
On Sat, 9 Jan 2010, James Hess wrote:
Spam filter your inbox on /CONFIDENTIALITY NOTICE.*intended
recipient.*destroy.*copies/siand be done with it.The
individual sender normally has no control over the matter, so their
only two choices are: (a) Post with the notice, or (b) Don't post
On Jan 10, 2010, at 1:27 PM, Roger Marquis wrote:
Reads like a sales pitch to me.
My employer's products don't compete with firewalls, they *protect* them; if
anything, it's in my pecuniary interest to *encourage* firewall deployments, so
said firewalls will fall down and need protection,
On Jan 10, 2010, at 1:32 PM, Dobbins, Roland wrote:
One can spout all the buzzwords and catchphrases one wishes, but at the end
of the day, it's all dead wrong - and anyone naive enough to fall for it is
setting himself up for a world of hurt.
mike harbor...@gmail.com,
You deserve a
37 matches
Mail list logo