at 1:24 AM
Subject: Re: NYT covers China cyberthreat
On Tue, Feb 26, 2013 at 8:39 AM, Kyle Creyts kyle.cre...@gmail.com wrote:
I think it is safe to say that finding a foothold inside of the United
States from which to perform/proxy an attack is not the hardest thing
in the world. I don't
On Thu, Feb 21, 2013 at 11:47:44AM -0600, Naslund, Steve wrote:
[a number of very good points ]
Geoblocking, like passive OS fingerprinting (another technique that
reduces attack surface as measured along one axis but can be defeated
by a reasonably clueful attacker), doesn't really solve
I think it is safe to say that finding a foothold inside of the United
States from which to perform/proxy an attack is not the hardest thing
in the world. I don't understand why everyone expects that major
corporations and diligent operators blocking certain countries'
prefixes will help. That
On Tue, Feb 26, 2013 at 8:39 AM, Kyle Creyts kyle.cre...@gmail.com wrote:
I think it is safe to say that finding a foothold inside of the United
States from which to perform/proxy an attack is not the hardest thing
in the world. I don't understand why everyone expects that major
corporations
On 21 February 2013 21:58, Jack Bates jba...@brightok.net wrote:
...
The A-team doesn't get caught and detailed. The purpose of the other teams
is to detect easy targets, handle easy jobs, and create lots of noise for
the A-team to hide in. Hacking has always had a lot in common with magic.
- Original Message -
From: valdis.kletni...@vt.edu
To: Suresh Ramasubramanian ops.li...@gmail.com
Cc: nanog@nanog.org
Sent: Thursday, February 21, 2013 5:54 PM
Subject: Re: NYT covers China cyberthreat
And since it's Wacky Friday somewhere:
http://arstechnica.com/security/2013/02/how
::This all seems to be noobie stuff. There's nothing technically cool
::to see here
You mean the report or the activity?
You seem upset that they are using M$ only(target and source). They steal
data!!! From whom to steal? From a guru that spend minimum 8 hours a day in
from of *nix?
Why to
The focus on platform here is ridiculous; can someone explain how
platform of attacker or target is extremely relevant? Since when did
people fail to see that we have plenty of inter-platform tools and
services, and plenty of tools for either platform built with the
express purpose of interaction
On 21-Feb-13 04:25, Kyle Creyts wrote:
For another example of this, an acquaintance once told me about the process
of getting internationally standardized technologies approved for deployment
in China; the process that was described to me involved giving China the
standards-based spec that
Scott Weeks wrote:
Be sure to read the source:
intelreport.mandiant.com/Mandiant_APT1_Report.pdf
Anybody happen to notice that the report sounds awfully like the
scenario laid out in Tom Clancy's latest book, Threat Vector?
--
In theory, there is no difference between theory and
On Thu, Feb 21, 2013 at 01:34:13AM +, Warren Bailey wrote:
I can't help but wonder what would happen if US Corporations simply
blocked all inbound Chinese traffic. Sure it would hurt their business,
but imagine what the Chinese people would do in response.
Would it hurt their business?
On 2/21/2013 12:03 AM, Scott Weeks wrote:
I would sure be interested in hearing about hands-on operational
experiences with encryptors. Recent experiences have left me
with a sour taste in my mouth. blech!
scott
Agreed. I've generally skipped the line side and stuck with L3 side
On Thu, Feb 21, 2013 at 11:23 AM, Jack Bates jba...@brightok.net wrote:
On 2/21/2013 12:03 AM, Scott Weeks wrote:
I would sure be interested in hearing about hands-on operational
experiences with encryptors. Recent experiences have left me
with a sour taste in my mouth. blech!
scott
...@brightok.net
Cc: nanog@nanog.org
Subject: Re: Network security on multiple levels (was Re: NYT covers China
cyberthreat)
On Thu, Feb 21, 2013 at 11:23 AM, Jack Bates jba...@brightok.net wrote:
On 2/21/2013 12:03 AM, Scott Weeks wrote:
I would sure be interested in hearing about hands-on operational
with them is. Remember Doctor Strangelove,
what good is a doomsday bomb if you don't tell anyone about it ?!?!?
Steven Naslund
-Original Message-
From: Rich Kulawiec [mailto:r...@gsp.org]
Sent: Thursday, February 21, 2013 10:00 AM
To: nanog@nanog.org
Subject: Re: NYT covers China
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
:: This all seems to be noobie stuff. There's nothing technically cool
:: to see here
You mean the report or the activity?
The activity.
You seem upset that they are using M$ only(target and
source).
Scott Weeks wrote:
--- calin.chior...@secdisk.net wrote:
You seem upset that they are using M$ only(target and
source).
I'm not upset. I'm pointing out what Steven Bellovin said
in just a few words: This strongly suggests that it's not
their A-team...
This is a technical mailing list where
--- kyle.cre...@gmail.com wrote:
From: Kyle Creyts kyle.cre...@gmail.com
The focus on platform here is ridiculous; can someone explain how
platform of attacker or target is extremely relevant? Since when did
--
It implies their skillset. Here's
On Feb 20, 2013, at 9:07 PM, Steven Bellovin s...@cs.columbia.edu wrote:
On Feb 20, 2013, at 1:33 PM, valdis.kletni...@vt.edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable. you
can bet that they are all
On 2/21/2013 12:17 PM, Scott Weeks wrote:
I'm not upset. I'm pointing out what Steven Bellovin said
in just a few words: This strongly suggests that it's not
their A-team...
The A-team doesn't get caught and detailed. The purpose of the other
teams is to detect easy targets, handle easy
And so their bush league by itself was responsible for all the penetrations
that mandiant says they did? Which shows that they don't have to be
particularly smart, just a bit smarter than their average spear phish or
other attack's victim.
On Friday, February 22, 2013, Jack Bates wrote:
On
On Thu, Feb 21, 2013 at 3:58 PM, Jack Bates jba...@brightok.net wrote:
The A-team doesn't get caught and detailed
no, the A-team has BA Baraccus... he pities the fool who gets caught
and detailed... the last thing BA detailed was his black van.
On Fri, 22 Feb 2013 06:11:21 +0530, Suresh Ramasubramanian said:
And so their bush league by itself was responsible for all the penetrations
that mandiant says they did? Which shows that they don't have to be
particularly smart, just a bit smarter than their average spear phish or
other
Be sure to read the source:
intelreport.mandiant.com/Mandiant_APT1_Report.pdf
I'm only part way through, but I find it hard to believe that
only micro$loth computers are used as the attack OS. Maybe I
haven't gotten far enough through report to find the part
where they use the *nix boxes?
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
snipped
:: when all tools are available for windows os, you just have to compile them.
sniped out the rest
-
They're not all available for m$.
scott
They are when you have a college full of programmers.
From my Android phone on T-Mobile. The first nationwide 4G network.
Original message
From: Scott Weeks sur...@mauigateway.com
Date: 02/20/2013 12:23 AM (GMT-08:00)
To: nanog@nanog.org
Subject: Re: NYT covers China
I'm only part way through, but I find it hard to believe that
only micro$loth computers are used as the attack OS. Maybe I
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
snipped
:: when all tools are available for windows os, you just have to compile
Date: 02/20/2013 12:36 AM (GMT-08:00)
To: Warren Bailey wbai...@satelliteintelligencegroup.com
Cc: sur...@mauigateway.com,nanog@nanog.org
Subject: Re: NYT covers China cyberthreat
IMO, if we stick to the document and they are organized in military style, then
a person who collect information
Part of the entire 'chinese l337 hxx0r spy' 1st complex is apparently the
local equivalent of a community college, where the passing out assignment
is probably something on the lines of 'get me a dump of the dalai lama's
email'.
--srs (htc one x)
On 20-Feb-2013 2:08 PM, Scott Weeks
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
IMO, if we stick to the document and they are organized in military
style, then a person who collect information, should focus only on
that particular phase. That person is an operator, he or she should
not
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
It was just an example :-) to point out the scale of developers vs operators.
You'd be surprised at how much better brains are than brawn on these things...
Part of the entire 'chinese l337 hxx0r spy' 1st complex is apparently
the local equivalent of a community college, where the passing out
assignment is probably something on the lines of 'get me a dump of the
dalai lama's email'.
american education is behind in many things. this is but one.
covers China cyberthreat
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
It was just an example :-) to point out the scale of developers vs operators.
You'd be surprised at how much better brains are than
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
It was just an example :-) to point out the scale of developers
vs operators.
:: You'd be surprised at how much better brains are than brawn
:: on these things...
.
Original message
From: Zaid Ali Kahn z...@zaidali.com
Date: 02/19/2013 10:44 PM (GMT-08:00)
To: Kyle Creyts kyle.cre...@gmail.com
Cc: nanog@nanog.org
Subject: Re: NYT covers China cyberthreat
We have done our part to China as well along with other countries in state
sponsored hacking
If I didn't miss any part of the report, no *nix is mentioned.
I'm a *nix fan, but why they (when I say they, I mean an attacker, not
necessary the one in this document) should complicate their life, when all
tools are available for windows os, you just have to compile them.
Cheers,
Calin
: NYT covers China cyberthreat
--- calin.chior...@secdisk.net wrote:
From: calin.chiorean calin.chior...@secdisk.net
snipped
:: when all tools are available for windows os, you just have to compile
them.
sniped out the rest
Date: 02/20/2013 12:36 AM (GMT-08:00)
To: Warren Bailey wbai...@satelliteintelligencegroup.com
Cc: sur...@mauigateway.com,nanog@nanog.org
Subject: Re: NYT covers China cyberthreat
IMO, if we stick to the document and they are organized in military style,
then a person
This is a improvement over some russian spies, that have the passwords
written down in a piece of paper.
http://www.networkworld.com/news/2010/063010-russian-spy-ring.html?hpg1=bn
One of the technical issues the ring faced was described by one suspect
in a message to Moscow reporting on a
- Original Message -
From: Warren Bailey wbai...@satelliteintelligencegroup.com
We as Americans have plenty of things we have done halfass.. I hope an
Internet kill switch doesn't end up being one of them. Build your own
private networks, you can't get rooted if someone can't knock.
- Original Message -
From: Randy Bush ra...@psg.com
Part of the entire 'chinese l337 hxx0r spy' 1st complex is
apparently
the local equivalent of a community college, where the passing out
assignment is probably something on the lines of 'get me a dump of
the dalai lama's
If you are doing DS0 splitting on the DACS, you'll see that on the other
end (it's not like channelized CAS ds1's or PRI's are difficult to look at
now) assuming you have access to that. If the DACS is an issue, buy the
DACS and lock it up. I was on a .mil project that used old school Coastcom
DI
On Wed, Feb 20, 2013 at 9:13 AM, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Warren Bailey wbai...@satelliteintelligencegroup.com
We as Americans have plenty of things we have done halfass.. I hope an
Internet kill switch doesn't end up being one of them. Build
From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com]
If you are doing DS0 splitting on the DACS, you'll see that on the
other
end (it's not like channelized CAS ds1's or PRI's are difficult to look
at
now) assuming you have access to that. If the DACS is an issue, buy the
( Well I'm sure that there is a few hundrends of paper on this subject )
I have a few ideas but it involve:
.Dark Fiber;
. All devices at FIPS 140 level;
. Tonnes of resin;
. Wire mesh;
. Fiber DB monitoring;
. Cable Shield monitoring;
I did not approach the inline encryption units on purpose. Obviously
anything that leaves .mil land not riding something blessed by DISA is
going to have something like a KG on both ends. Generally Satellite
systems use TRANSEC, though in our line of work it's an extremely
expensive add-on to an
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable. you
can bet that they are all snooping and attacking eachother, the united
states no less than the rest. news at eleven.
The scary part is that so many things got hacked
On Wed, 20 Feb 2013, Jay Ashworth wrote:
Well, Warren, I once had a discussion with someone about whether dedicated
DS-1 to tie your SCADA network together were secure enough and they asked
me:
Does it run through a DACS? Where can you program the DACS from?
See thread: nanog impossible
Many DACS have provision for monitoring circuits and feeding the data
off to a third circuit in an undetectable manner.
The DACS question wasn't about DACS owned by the people using the
circuit, it was about DACS inside the circuit provider. When you buy a
DS1 that goes through more than one CO
- Original Message -
From: Owen DeLong o...@delong.com
Many DACS have provision for monitoring circuits and feeding the
data off to a third circuit in an undetectable manner.
The DACS question wasn't about DACS owned by the people using the
circuit, it was about DACS inside the
Isn't this a strong argument to deploy and operate a network independent
of the traditional switch circuit provider space?
On 2/20/13 11:22 AM, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Owen DeLong o...@delong.com
Many DACS have provision for monitoring circuits
--- valdis.kletni...@vt.edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable. you
can bet that they are all snooping and attacking eachother, the united
states no less than the rest. news at eleven.
The scary
If you have that option, I suppose that would be one way to solve it.
I, rather, see it as a reason to:
1. Cryptographically secure links that may be carrying private
data.
2. Rotate cryptographic keys (relatively) often on such links.
YMMV, but I think encryption is a
--- On Wed, 2/20/13, Jay Ashworth j...@baylink.com wrote:
- Original Message -
From: Owen DeLong o...@delong.com
The DACS question wasn't about DACS owned by the people
using the
circuit, it was about DACS inside the circuit provider.
When you buy a
DS1 that goes through more
On 2/20/2013 1:05 PM, Jon Lewis wrote:
See thread: nanog impossible circuit
Even your leased lines can have packets copied off or injected into
them, apparently so easily it can be done by accident.
This is especially true with pseudo-wire and mpls. Most of my equipment
can filter based
--- valdis.kletni...@vt.edu wrote:
The scary part is that so many things got hacked by a bunch of people
who made the totally noob mistake of launching all their attacks from
the same place
This all seems to be noobie stuff. There's nothing
Net net - what we have here is, so far, relatively low tech exploits with a
huge element of brute force, and the only innovation being in the delivery
mechanism - very well crafted spear phishes
They don't particularly need to hide in a location where they're literally
bulletproof (considering
Ramasubramanian ops.li...@gmail.com
Date: 02/20/2013 5:22 PM (GMT-08:00)
To: sur...@mauigateway.com
Cc: nanog@nanog.org
Subject: Re: NYT covers China cyberthreat
Net net - what we have here is, so far, relatively low tech exploits with a
huge element of brute force, and the only innovation being
On Feb 20, 2013, at 3:20 PM, Jack Bates jba...@brightok.net wrote:
On 2/20/2013 1:05 PM, Jon Lewis wrote:
See thread: nanog impossible circuit
Even your leased lines can have packets copied off or injected into them,
apparently so easily it can be done by accident.
This is
Failure to understand reality is not reality's fault.
On February 20, 2013 at 09:10 calin.chior...@secdisk.net (calin.chiorean) wrote:
If I didn't miss any part of the report, no *nix is mentioned.
I'm a *nix fan, but why they (when I say they, I mean an attacker, not
necessary the
On Feb 20, 2013, at 1:33 PM, valdis.kletni...@vt.edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable. you
can bet that they are all snooping and attacking eachother, the united
states no less than the rest. news
Very true. The objection is more that the exploits are aimed at civilian
rather than (or, more accurately, as well as) military / government /
beltway targets.
Which makes the alleged chinese strategy rather more like financing jehadis
to suicide bomb and shoot up hotels and train stations,
--- s...@cs.columbia.edu wrote:
From: Steven Bellovin s...@cs.columbia.edu
An amazing percentage of private lines are pseudowires, and neither you nor
your telco salesdroid can know or tell; even the real circuits are routed
through DACS, ATM switches, and the like. This is what link
When you really look at human behavior the thing that remains the same is core
motives. The competition makes sense in that it is human nature to aggresse for
resources. We are challenged in the fact that we 'want' to belong among the
other five. This will never change but.
What is really
The only spanking that has been going on nanog lately is Jay using his
email to keep us up to date on current news. I am going to call it a
night, and look for a SCUD fired from Florida in the morning. ;)
On 2/20/13 11:29 PM, Richard Porter rich...@pedantictheory.com wrote:
When you really
On Thursday, February 21, 2013, Warren Bailey wrote:
The only spanking that has been going on nanog lately is Jay using his
email to keep us up to date on current news. I am going to call it a
night, and look for a SCUD fired from Florida in the morning. ;)
Nanog setting their list server up
quite a bit of coverage lately from the media.
http://online.wsj.com/article/SB10001424127887323764804578313101135258708.html
http://www.bbc.co.uk/news/world-asia-pacific-21505803
http://www.npr.org/2013/02/19/172373133/report-links-cyber-attacks-on-u-s-to-chinas-military
boys and girls, all the cyber-capable countries are cyber-culpable. you
can bet that they are all snooping and attacking eachother, the united
states no less than the rest. news at eleven.
randy
We have done our part to China as well along with other countries in state
sponsored hacking. This is more of news amusement rather than news worthy.
Question here should be how much of this is another effort to get a kill
switch type bill back.
Zaid
On Feb 19, 2013, at 10:10 PM, Kyle Creyts
/2013 10:44 PM (GMT-08:00)
To: Kyle Creyts kyle.cre...@gmail.com
Cc: nanog@nanog.org
Subject: Re: NYT covers China cyberthreat
We have done our part to China as well along with other countries in state
sponsored hacking. This is more of news amusement rather than news worthy.
Question here should
70 matches
Mail list logo