/ signatures? Deny all, unless flow (addresses/protocol/port) is
pre-approved / registered?
What does the technical solution look like?
Any solutions to maintain some semblance of freedom?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
And if I ever find the genius who came up with the we are not the
internet police meme ...
On Fri, Dec 10, 2010 at 12:19 AM, Suresh Ramasubramanian
ops.li...@gmail.com wrote:
Let's put it this way.
1. If you host government agencies, provide connectivity to say a
nuclear power plant
to reconsider it, given the new
security threats we all face that have outdated that meme.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Fri, Dec 10, 2010 at 6:25 AM, Brandon Kim brandon@brandontek.com wrote:
Wow, sounds like TrueCrypt it is.not a single other app was suggested!!!
Thank you gentlemen!
There's also PGP WDE (Whole Disk Encryption)
--
Suresh Ramasubramanian (ops.li...@gmail.com)
-'\
+---+ / \
| |@@@ / /|,|\ \
| |@@@ /_// /^\ \\_\
@x@@x@| | |/ WW( ( ) )WW
\/| |\| __\,,\ /,,/__
\||/ | | | jgs (__Y__)
/\/\/\/\/\/\/\/\//\/\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
--
Suresh Ramasubramanian (ops.li...@gmail.com)
to work for these
guys)...
http://www.webmetrics.com/
--
Suresh Ramasubramanian (ops.li...@gmail.com)
hands. Otherwise no.
/me waits for the knock at the door and the yell of Search warrant, we
hear you're running an uncensored BIND
--
Suresh Ramasubramanian (ops.li...@gmail.com)
referred to it seem more to be related to the routing
leaks on April 8th. Or do you have additional information?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/
--
Suresh Ramasubramanian (ops.li...@gmail.com)
something which was presented to congress
So, lessigisms like code is law aside, I guess yes, it IS political now.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
there is no obvious
indication of who made the change or for what reason, it's unlikely it was
accidental.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
using this to load balance three
satellite uplinks in Afghanistan, 2 Mbps each, but it will supposedly
handle much higher.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
Juniper srx runs JunOS.
On Sat, Oct 30, 2010 at 11:31 AM, Jeffrey Lyon
jeffrey.l...@blacklotus.net wrote:
Juniper Netscreen does, in case the OP is looking for alternatives.
Best regards, Jeff
--
Suresh Ramasubramanian (ops.li...@gmail.com)
, expect to see wifi hotspots diminish. IMO, that
classification would be a bad thing.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
DDOS mitigation, or SPF .. or more likely both.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
organizations haven't solved
the problem yet, so I'm not holding my breath waiting for that to work out...)
--
Suresh Ramasubramanian (ops.li...@gmail.com)
Mongolia
if they want to.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
.
--
Brandon Galbraith
Voice: 630.492.0464
--
Suresh Ramasubramanian (ops.li...@gmail.com)
server,
change the IPs their spam servers VPN to, and they're back in business.
When sales brought me their initial request, I really didn't believe it, but
I didn't have good enough cause to reject it.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
would likely increase a
bit. but my guess, and i mean guess, is that the limiting parameter
could well be how many bots the perps can get, not how well those bots
are blocked.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
are very much there - and if the port 25 filtering were to be
taken out, you'd at once see the increase in spam volumes.
--srs
--
Suresh Ramasubramanian (ops.li...@gmail.com)
). This work appeared in this year's IEEE Security
Privacy conference. You can take a look at it if you are interested (and
feedbacks are welcome):
http://www.eecs.umich.edu/~zhiyunq/pub/oakland10_triangular-spamming.pdf
--
Suresh Ramasubramanian (ops.li...@gmail.com)
BCP38 / RFC2827 were created specifically to address some quite
similar problems. And googling either of those two strings on nanog
will get you a lot of griping and/or reasons as to why these aren't
being more widely adopted :)
--srs
On Fri, Sep 3, 2010 at 7:47 AM, Zhiyun Qian
and of course apricot (www.apricot.net)
On Sun, Aug 22, 2010 at 7:47 PM, Marshall Eubanks t...@americafree.tv wrote:
SANOG (Southeast Asia) - http://www.sanog.org/
PACNOG (Pacific) - http://www.pacnog.org/
--
Suresh Ramasubramanian (ops.li...@gmail.com)
of this communication is strictly prohibited.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Wed, Aug 11, 2010 at 4:59 PM, Sven Olaf Kamphuis s...@cb3rob.net wrote:
hmm funny, it had the piratebay on it, the 3rd most visted .org domain in
the world, as well as number 7 or so on the list of most visted websites in
the entire world, until a few months ago.
no, that doesnt matter as
That would be rarther funny Sven, you buying IBM. Sweet dreams.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Thu, Jul 1, 2010 at 11:11 AM, Michael Painter tvhaw...@shaka.com wrote:
As randy said not too long ago, First they came for...
No. Not Randy. That was pastor martin neimoller about the nazis.
So, you just invoked godwin's law. Thread over.
thank you
suresh
army
The army guy contacts his base IT staff to bitch about his email
His base IT staff escalates the bitching up through a long and twisty channel
Then you may or may not hear a status back, or get your AS unblocked
Sit tight and wait, till then
--
Suresh Ramasubramanian (ops.li...@gmail.com)
Suresh Ramasubramanian:
Your customer contacts his contact (friend / relative / customer etc)
in the US army
The army guy contacts his base IT staff to bitch about his email
His base IT staff escalates the bitching up through a long and twisty channel
Then you may or may not hear a status back
?
We are using a hodgepodge of homegrown stuff and RT but are outgrowing
it.
What's good? What sucks?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
to be advertised through BGP like normal. (Apparently, people
like to do funky DNS stuff to make this work and sometimes don't want
to do BGP in other scenarios.)
Thanks in advance,
--
William McCall
--
Suresh Ramasubramanian (ops.li...@gmail.com)
Log and monitor all that you can. And watch for a large number of IPs
logging into an account over a day (over a set limit - even across
country - that takes into account home - blackberry - airport lounge
- airport lounge in another country - hotel - RIPE meeting venue
type scenarios).
And
to redirect them to a
special web page to tell them, they have to do something.
The main issue, it not to know which machines are hijacked, but to support
these machines.
- Original Message -
From: Suresh Ramasubramanian ops.li...@gmail.com
To: Alex Kamiru nderitua...@gmail.com
Cc
as protecting consumers...
Hell, funnily enough Susan Crawford warned at the time that the FCC
action wouldn't stand up in court the way it was done.
http://www.circleid.com/posts/comcast_vs_the_fcc_a_reply_to_susan_crawfords_article/
--srs
--
Suresh Ramasubramanian (ops.li...@gmail.com)
that are key for me are centralized management and
reporting, carrier class performance, per mailbox policy and quarantine,
and favourable licensing for an MSSP. I know Ironport is rated highly in
this space but I find its per user licensing is not favourable for a
MSSP.
--
Suresh
for it.
-suresh
2010/4/12 Alex Kamiru nderitua...@gmail.com:
Suresh,
I am more interested in option 1 and would want opinion from those with
experience on that.
-Original Message-
From: Suresh Ramasubramanian ops.li...@gmail.com
To: Alex Kamiru nderitua...@gmail.com
Cc: nanog nanog
that we as network engineers are constrained by
as well.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Mon, Apr 12, 2010 at 8:45 PM, todd glassey tglas...@earthlink.net wrote:
On 4/12/2010 7:22 AM, Suresh Ramasubramanian wrote:
The man did say carrier class .. not small webhost for four
families and dog.
yes he did Suresh ... meaning that something larger and more secure than
the off
Its nanog and not an RFQ process or I'd have asked him that too :)
On Mon, Apr 12, 2010 at 9:29 PM, Zaid Ali z...@zaidali.com wrote:
I haven't seen the man ask support for messages/hour, 3M..10M..1B ? Or maybe
I missed this question?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
on my router to do BGP, you have to ask the
fundamental question of how big your routing table will be. I don't see this
as any different. Its helpful to provide opinions when you are guided by
some data :)
--
Suresh Ramasubramanian (ops.li...@gmail.com)
.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
will
eventually
partition the Internet sufficiently to break it beyond recognition.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Wed, Apr 7, 2010 at 8:12 PM, Chris Grundemann cgrundem...@gmail.com wrote:
They are now using the phrase Open
Internetworking to describe their stance on the issue.
How very sensible of ISOC.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Sun, Apr 4, 2010 at 2:42 PM, James Bensley jwbens...@gmail.com wrote:
Also having the email account ipv3@gmail.com, thats not very useful?
He's still got to reach the heights of IPv9
--
Suresh Ramasubramanian (ops.li...@gmail.com)
married to Hogan.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Thu, Apr 1, 2010 at 8:24 PM, Mark Andrews ma...@isc.org wrote:
You only need to add PTR records for the addresses in use.
Not really the way most automated dns provisioning systems work today
.. and where would they be without $GENERATE in bind? :)
--
Suresh Ramasubramanian (ops.li
specialist, i come across
some requirement where i need to search for ...that is what all other people
do..
--
Suresh Ramasubramanian (ops.li...@gmail.com)
, network, and storage utility billings in a cloud
model abnormally high.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
recommendations on good hotels that allow smoking?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
, there was already SS7 which is, essentially a centralized
layer of indirection for phone numbers. This was necessary in order to support
--
Suresh Ramasubramanian (ops.li...@gmail.com)
positives.
Christ. You pick APEWS as a reputation filter.. and then even bother
to *count* the false positives?
That's not a list that's particularly designed to minimize FPs, to put
it very mildly.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
, however, 99.9% of the people who are blocked and who
contact
us find a BOT in their network.
Sincerely,
Dean Drako
CEO Barracuda Networks
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Thu, Feb 11, 2010 at 7:50 AM, Randy Bush ra...@psg.com wrote:
But, as a hyper-aware viewer I did detect a tone in favor of network
neutrality type arguments- and I suppose that is OK.
is this a bug or a feature
bug
--
Suresh Ramasubramanian (ops.li...@gmail.com)
, if the abuse
address is about a decade old.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
it.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
/through google and google groups.
is this accepted/supported activity on google?
if not, where might i find a contact who can cluefully respond?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
process, the
whole chain of information flow.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
. One is too many.
Automated config deployment / provisioning. And sanity checking
before deployment.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
the presence of humans in the activity.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
/index files for itself, instead of me
having to do it on each and every port change.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
zones serving up v6.
--srs
On Fri, Jan 15, 2010 at 9:20 PM, Mark Schouten ma...@bit.nl wrote:
Hi,
FYI:
http://virbl.bit.nl/index.php#ipv6
Comments on the listing method are appreciated.
Regards,
--
Suresh Ramasubramanian (ops.li...@gmail.com)
that the risk of a DDoS that exceeds your firewall's rated
capacity is extremely low? [and yes, 150k ++ connections per second
ddos is going to be massive, and relatively rare for most people]
--srs
--
Suresh Ramasubramanian (ops.li...@gmail.com)
Two more options. And for Netflow device - read that to mean Arbor or
its competitors.
5 Ditch the stateful firewall and exclusively use a netflow device
6. Outsource to a hosted DDoS mitigation service (Prolexic etc)
On Tue, Jan 5, 2010 at 8:43 AM, Suresh Ramasubramanian
ops.li...@gmail.com
reasons I won't
get into now.
4. Indeed, were equipped to handle substantially higher than 150kpps.
I'm sure Arbor is really neat but I disagree that any DDoS appliance is a
standalone solution. I don't expect an employee of the vendor themselves to
attest to this though.
--
Suresh
://www.zurich.ibm.com/aurora/
Now commercially available as
http://www-01.ibm.com/software/tivoli/products/netcool-performance-flow/
Full disclosure - I work for big blue - but not in any division that
works on Aurora / Tivoli Netcool.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Tue, Jan 5, 2010 at 10:38 AM, Dobbins, Roland rdobb...@arbor.net wrote:
Additional mitigation would be via manual or automatic RTBH or
security/abuse@ involvement with upstreams.
Automagic is generally bad, as it can be gamed.
... and manual wont scale in ddos
--
Suresh
believe you
actually meant.
fair enough.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Sun, Jan 3, 2010 at 10:24 PM, Eric Brunner-Williams
brun...@nic-naa.net wrote:
On 1/2/10 11:38 PM, Suresh Ramasubramanian wrote:
... it would be interesting if some process were developed to
deaccredit or otherwise kill off the shell registrars
Suresh, Why?
My comment was more
If our friend here is checking for spamhaus.rg he's out of luck. I am
sure he'll have better luck checking for spamhaus.ORG instead
--srs
On Thu, Dec 31, 2009 at 6:41 PM, John Peach john-na...@johnpeach.com wrote:
On Thu, 31 Dec 2009 12:28:41 +0100 (CET)
Raymond Dijkxhoorn
: eNom (116), Directi/PDR (47), Dotster
(51), and Snapnames (104). Source: http://www.knujon.com/registrars/
--
Suresh Ramasubramanian (ops.li...@gmail.com)
are not courts of law).
Wow. I always knew there existed some alternate universe where the
RBN were actually the good guys. Didn't expect to find it so fast,
and on nanog at that.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
/Mutual_Legal_Assistance_Treaty
--
Suresh Ramasubramanian (ops.li...@gmail.com)
...@dotat.at wrote:
Sounds like a snowshoe setup to me.
Tony.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
?
What would you do if a shell company (the european equivalent of a LLC
with a UPS store address) came to you with a large sized PA netblock
from out of region, and asked you to route it for them?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
details of tools,
but rather a rough taxonomy. Feel free to suggest tools you find useful.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
(or outbound) mail.
Since the RDNS domain is different, and in fact generic, which helps
avoid assisting the spammer in identifying the IP as an inbound
mail server.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
, abuse, relay, etc all seem to be
deadends.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
administrator does which is
to e-mail blockedbyearthlink@ address with the subject BLOCKED:
xxx.xxx.xxx.xxx (replace with the ip) and if it is blocked they will unblock
you. Sadly, I tried that already.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
generated by infected PCs / laptops, hacked machines etc on
your campus LAN
3. Spammers abusing your webmail and/or remote message submission service
using phished credentials.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
on most other security related issues under the sun :)
--
Suresh Ramasubramanian (ops.li...@gmail.com)
.
I'd prefer to not create a blacklist of hotels that have ghetto internet
access, but perhaps this is something we can aggregate?
I'm mostly tired of people saying the internet is http(s) only. Even had
hotels in Japan do some really nasty things...
- Jared
--
Suresh Ramasubramanian
to a mail
server before determining where to forward the connection onto (Layer 7
stuff, gets a bit tricky)
--
Suresh Ramasubramanian (ops.li...@gmail.com)
' for a list of commands
(initramfs):
--
Suresh Ramasubramanian (ops.li...@gmail.com)
Too damn early (5:23 AM) .. the box is at Sherman Oaks CA - near Los Angeles LA.
Sigh.
--Original Message--
From: Suresh Ramasubramanian
To: nanog@nanog.org
Subject: Remote hands requested near sherman oaks LA [urgent]
Sent: Dec 6, 2009 15:42
Sorry for the noise .. Got me
Remote hand found. Thank you.
On Thu, Dec 3, 2009 at 10:35 PM, Matthew Huff mh...@ox.com wrote:
We are seeing a large number of tcp connection attempts to ports known to
have security issues. The source addresses are spoofed from our address
range. They are easy to block at our border router obviously, but the number
On Fri, Dec 4, 2009 at 9:55 PM, Jeffrey Negro jne...@billtrust.com wrote:
I'm wondering if a few DNS experts out there could give me some input on
SPF record configuration. Our company sends out about 50k - 100k emails
a day, and most emails are on behalf of customers to their end users at
On Thu, Dec 3, 2009 at 12:08 AM, Chris Owen ow...@hubris.net wrote:
On Dec 2, 2009, at 12:31 PM, Rich Kulawiec wrote:
Because SenderID and SPF have no anti-spam value, and almost no
anti-forgery value. Not that this stops a *lot* of people who've drunk
the kool-aid from trying to use them
/
Falls Church, VA 22042-3004
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Wed, Nov 25, 2009 at 10:55 PM, Michael Peddemors
mich...@linuxmagic.com wrote:
Could you elaborate on what constitutes correct swip information?
Sure, you just opened the door to my opinions on this :)
Dysfunctional rwhois servers sounds more like general brokenness than
malice. The
http://gigaom.com/2009/11/22/how-video-is-changing-the-internet/
Does the FTC's question 106 hurt paid peering or not? 88 comments.
Makes real interesting reading, I must say.
srs
On Wed, Nov 25, 2009 at 8:52 AM, Russell Myba rusm...@gmail.com wrote:
Looks like of our customers has decided to turn their /24 into a nice little
space spewing machine. Doesn't seem like just one compromised host.
Reverse DNS for most of the /24 are suspicious domains. Each domain used in
29609
Office: 864-335-9473 | Cell: 864-266-3978
--
Sent using BlackBerry
--
Suresh Ramasubramanian (ops.li...@gmail.com)
You are using it the wrong way .. most of the drop list is directly
spammer controlled space used as, for example, CC for botnets.
You'd see tons of abuse and little or no smtp traffic from a lot of
those hosts.
On Thu, Oct 29, 2009 at 12:26 AM, Jason Bertoch ja...@i6ix.com wrote:
Justin Shore
What /20 would this be, and can you blame an out of date whois client
or whois db for it?
If the /20 is being routed, and announced - chances are it IS allocated.
On Wed, Oct 28, 2009 at 5:40 AM, Leslie les...@craigslist.org wrote:
I failed to mention we're seeing this from an unallocated /20
routing
On Wed, Oct 28, 2009 at 6:25 AM, Jon Kibler jon.kib...@aset.com wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Suresh Ramasubramanian wrote:
If the /20 is being routed, and announced - chances are it IS allocated.
Don't bet on it. This is one of the oldest spammer tricks
Seen it before - but mostly for malware rather than for spam. And
certainly not long enough / persistent enough for a full fledged spam
campaign (4..5 days rather than a day or two at the most when people
start noticing and dropping the bogus announcement)
On Wed, Oct 28, 2009 at 6:57 AM, Jon
301 - 400 of 509 matches
Mail list logo
