Re: possible rsync validation dos vuln

> On Oct 29, 2021, at 5:26 PM, Nick Hilliard wrote: > > Because this didn't happen, we now get to look forward to a weekend of > elevated risk, followed by people upending their calendars to handle > un-coordinated upgrades on monday morning. That only happens if the team has the time to

Re: uPRF strict more

uRPF Strict mode was always suppose a widget for source address validation (SAV). Just like DHCP Lease Query (DOCSIS), the TR-69 ACLs, general ACLs, and other vendor specific widgets. Like all widgets, there are places where it works and other place were it does not. The key principle is to

Re: DDoS attack with blackmail

DDoS Attack Preparation Workbook https://www.senki.org/ddos-attack-preparation-workbook/ > On May 20, 2021, at 12:26 PM, Baldur Norddahl > wrote: > > Hello > > We got attacked by a group that calls

New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

Hello Fellow NANOGer, If you have not already seen it, experiences it, or read about it, working to head off another reflection DOS vector. This time it is memcached on port 11211 UDP & TCP. There are active exploits using these ports. Reflection attacks and the memcached is not new. We know

Re: Security release scheduling

> > Hi Harlan, The general principle is look out for the major network lock downs. Some times that is overlap with holidays. Other times it is over financial close months. My personal $.02 is to avoid major vulnerability disclosures in December, during Lunar New Year weeks, during Ramadan,

Re: Security release scheduling

> On Sep 29, 2015, at 3:57 PM, Harlan Stenn <st...@nwtime.org> wrote: > > Good info, Barry - thanks! > > I appreciate your offer, too! Here is a brain dump: https://www.linkedin.com/pulse/5-principles-vulnerability-disclosure-barry-greene For the people who are no

Re: large BCP38 compliance testing

On Oct 2, 2014, at 6:23 PM, Jérôme Nicolle jer...@ceriz.fr wrote: Le 02/10/2014 12:28, Nick Hilliard a écrit : It would probably be more productive to pressurise transit providers to enforce bcp38 on their customer links. This. But let me ask you, how many transit provider actually

Re: BGPMON Alert Questions

Agreed - focus on the fix. Then take a deep breath and figure out what happened. BTW - Indosat is down hard. Cannot call into their network (cell phone). I've got my team reaching in to their buddies to help. On Apr 3, 2014, at 7:22 AM, Randy Bush ra...@psg.com wrote: note joels careful use

Re: BGPMON Alert Questions

Hi Team, Confirmation from my team talking directly to Indosat - self inflected with a bad update during a maintenance window. Nothing malicious or intentional. Barry signature.asc Description: Message signed with OpenPGP using GPGMail

Re: DNS Changer items

On Aug 15, 2012, at 1:52 PM, Randy Bush ra...@psg.com wrote: It also sounds like RIPE did a big screw you to the Dutch police for trying to interfere. no, they caved. No, they did not cave. Court orders through the Dutch courts are integrated in their processes. It was coordinated with

DNSChanger Prefixes are re-allocated and advertised ...

Hi Team, FYI - Two prefixes from the DNS Changer/Rover Digital take down have been re-allocated. One of the prefixes - 85.255.112.0/20 - was advertised Friday morning. There is a blog post with some of the details here: Beware! DNS Changer’s IP Blocks are re-allocated and advertised! -

Re: Automatic attack alert to ISPs

Shadowserver.org has a public benefit notification service. Sent from my iPad On Jun 22, 2012, at 2:46 PM, Yang Xiang xiang...@csnet1.cs.tsinghua.edu.cn wrote: Argus can alert prefix hijacking, in realtime. http://tli.tl/argus Hope to be useful to you. BR. 在 2012年6月22日星期五，Ganbold

Re: Penetration Test Assistance

Hi Tim, A _good_ pen test team would not need a network diagram. Their first round of penetration test would have them build their own network diagram from their analysis of your network. Barry On Jun 5, 2012, at 7:52 AM, Green, Timothy wrote: Howdy all, I'm a Security Manager of a

Re: need help about bgd and ospf

Hi Deric, I would strongly suggest that you watch a couple of the NANOG tutorials on routing. The would help you answer these and other questions. Go to this page - http://www.nanog.org/meetings/archive/ - pick a meeting and find the BGP tutorial. There are a few taught each year. Barry

Re: Weekend Gedankenexperiment - The Kill Switch

The Internet is not immune to the law, as you should well know. In fact, the Internet seems to be a legal proving ground these days, so word to the wise. And, the US National Communication Service (http://www.ncs.gov/index.html) technically has the ability to order all US telecommunications

RE: IPv6 Advertisements

This assumes a single machine scanning, not a botnet of 1000 or even the 1.5m the dutch gov't collected 2 yrs ago. Again, a sane discussion is in order. Scanning isn't AS EASY, but it certainly is still feasible, With 1.5 million hosts it will only take 3500 years... for a