To: nanog@nanog.org
Subject: RE: Update to BCP-38?
On Tuesday, 8 October, 2019 11:03, William Herrin wrote:
>Limiting the server banner so it doesn't tell an adversary the exact OS-
>specific binary you're using has a near-zero cost and forces an adversary
>to expend more effort
On Tue, 8 Oct 2019 13:59:58 +, Mark Collins
may have written:
> Not everyone attacking your systems is going to have the skills or
> knowledge to get in though - simple tricks (like hiding what web server
> you use) can prevent casual attacks from script kiddies and others who
> aren't
On Tue, Oct 08, 2019 at 10:03:16AM -0700, William Herrin wrote:
> Limiting the server banner so it doesn't tell an adversary the exact
> OS-specific binary you're using has a near-zero cost and forces an
> adversary to expend more effort searching for a vulnerability.
Why would they bother
thod (2) instead.
--
The fact that there's a Highway to Hell but only a Stairway to Heaven
says a lot about anticipated traffic volume.
>-Original Message-
>From: Mark Collins
>Sent: Tuesday, 8 October, 2019 12:17
>To: Keith Medcalf ; nanog@nanog.org
>Subject: Re: Upda
On Tue, 08 Oct 2019 11:53:33 -0600, "Keith Medcalf" said:
> So while the cost of doing the thing may be near-zero, it is not zero.
And in fact, there's more than just the costs of doing it. There's also the
costs
of having done it.
Obfuscating your OpenSSH versions is a *really* good way to
On Tuesday, 8 October, 2019 11:03, William Herrin wrote:
>Limiting the server banner so it doesn't tell an adversary the exact OS-
>specific binary you're using has a near-zero cost and forces an adversary
>to expend more effort searching for a vulnerability. It doesn't magically
>protect you
On Tue, Oct 8, 2019 at 6:51 AM Rich Kulawiec wrote:
> On Tue, Oct 08, 2019 at 01:35:16PM +0100, Mike Meredith via NANOG wrote:
> > You've ignored step 1 - identifying critical information that needs
> > protecting. It makes sense to protect information that needs protecting
and
> > don't lose
>Not everyone attacking your systems is going to have the skills or
>knowledge to get in though - simple tricks (like hiding what web server
>you use) can prevent casual attacks from script kiddies and others who
>aren't committed to targeting you, freeing your security teams to focus
>on the
on the serious threats.
Mark
-Original Message-
From: NANOG On Behalf Of Rich Kulawiec
Sent: 08 October 2019 14:51
To: nanog@nanog.org
Subject: Re: Update to BCP-38?
On Tue, Oct 08, 2019 at 01:35:16PM +0100, Mike Meredith via NANOG wrote:
> You've ignored step 1 - identifying critical informat
On Tue, Oct 08, 2019 at 01:35:16PM +0100, Mike Meredith via NANOG wrote:
> You've ignored step 1 - identifying critical information that needs
> protecting. It makes sense to protect information that needs protecting and
> don't lose sleep over information that doesn't need protecting. Not many of
As an Evil Firewall Administrator™, I have an interest in this area ...
On Fri, 4 Oct 2019 15:05:29 -0700, William Herrin may have
written:
> On Thu, Oct 3, 2019 at 2:28 PM Keith Medcalf wrote
> > Anyone who says something like that is not a "security geek". They are
> > a "security poser",
- Original Message -
> From: "Stephen Satchell"
> On 10/3/19 10:13 PM, Fred Baker wrote:
>> There is one thing in 1122/1123 and 1812 that is not in those kinds
>> of documents that I miss; that is essentially "why". Going through
>> 1122/1123 and 1812, you'll ind several sections that
On Friday, 4 October, 2019 16:05, William Herrin wrote:
>On Thu, Oct 3, 2019 at 2:28 PM Keith Medcalf wrote:
>> On Thursday, 3 October, 2019 11:50, Fred Baker
>> wrote:
>>> A security geek would be all over me - "too many clues!".
>> Anyone who says something like that is not a "security
On Sat, 05 Oct 2019 07:01:58 +0900, Masataka Ohta said:
> One of a stupidity, among many, of IPv6 is that it assumes
> links have millions or billions of mostly immobile hosts
Can somebody hand me a match? There's a straw man argument
that needs to be set afire here.
pgp1MMtG4U3Ba.pgp
On Thu, Oct 3, 2019 at 2:28 PM Keith Medcalf wrote
> On Thursday, 3 October, 2019 11:50, Fred Baker
> wrote:
> > A security geek would be all over me - "too many clues!".
>
> Anyone who says something like that is not a "security geek". They are a
> "security poser", interested primarily in
Mark Andrews wrote:
Look at CableLabs specifications. There is also RFC 7084, Basic
Requirements for IPv6 Customer Edge Routers which CableLabs
reference.
One of a stupidity, among many, of IPv6 is that it assumes
links have millions or billions of mostly immobile hosts
and define very large
Look at CableLabs specifications. There is also RFC 7084, Basic Requirements
for IPv6 Customer Edge Routers which CableLabs reference.
Also RFC 8585, Requirements for IPv6 Customer Edge Routers to Support
IPv4-as-a-Service
Mark
> On 5 Oct 2019, at 12:00 am, Stephen Satchell wrote:
>
> On
On 10/3/19 10:13 PM, Fred Baker wrote:
> There is one thing in 1122/1123 and 1812 that is not in those kinds
> of documents that I miss; that is essentially "why". Going through
> 1122/1123 and 1812, you'll ind several sections that say "we require
> X", and follow that with a "discussion" section
On Oct 3, 2019, at 3:15 PM, Stephen Satchell wrote:
> You still need a IPv6 version of RFC 1812.
If we were to start with the current draft, I would probably want to start
over, and have people involved from multiple operators.
That said, let me give you some background on RFC 1812. The
Valdis Kletnieks wrote:
I suppose you never considered that in the 11 years intervening, we decided
that maybe things should be done differently.
I never considered?
I even know that it is called second system syndrome.
Do you?
Masataka Ohta
On Fri, 04 Oct 2019 08:20:22 +0900, Masataka Ohta said:
> As for requirements for IPv6 routers, how do you think about the
> following requirement by rfc4443?
3 Internet Control Message Protocol (ICMPv6) for the Internet Protocol
Version 6 (IPv6) Specification. A. Conta, S. Deering, M.
Stephen Satchell wrote:
You still need a IPv6 version of RFC 1812. Make it as clean as
possible. Use an ax instead of a XACTO knife on the current draft.
What is the minimum necessary things that a generic IPv6 router MUST do?
As for requirements for IPv6 routers, how do you think about the
On 10/3/19 2:07 PM, Mark Andrews wrote:
> Now IPv6 examples are nice but getting several 1000’s people to read draft
> that
> just add addresses in the range 2001:DB8::/32 instead of 11.0.0.0/8,
> 12.0.0.0/8
> and 204.69.207.0/24, then to get the RFC editor to publish it is quite frankly
> is a
On Thu, 03 Oct 2019 15:28:30 -0600, "Keith Medcalf" said:
> On Thursday, 3 October, 2019 11:50, Fred Baker
> wrote:
> > A security geek would be all over me - "too many clues!".
> Anyone who says something like that is not a "security geek". They are a
> "security poser", interested primarily
On Thursday, 3 October, 2019 11:50, Fred Baker wrote:
> A security geek would be all over me - "too many clues!".
Anyone who says something like that is not a "security geek". They are a
"security poser", interested primarily in "security by obscurity" and "security
theatre", and have no
> On 4 Oct 2019, at 12:10 am, Marco Davids (Private) via NANOG
> wrote:
>
>
> On 03/10/2019 15:51, Stephen Satchell wrote:
>
>> For a start, *add* IPv6 examples in parallel with the IPv4 examples.
>
> 1000 times +1
>
> We need (much) more IPv6 examples!
Have you read BCP-38? Is there
On Oct 3, 2019, at 12:30 PM, Stephen Satchell wrote:
>
> On 10/3/19 8:22 AM, Fred Baker wrote:
>> And on lists like this, I am told that there is no deployment - that
>> nobody wants it, and anyone that disagrees with that assessment has
>> lost his or her mind. That all leaves me wondering
Sent from my iPad
> On Oct 3, 2019, at 12:14 PM, Stephen Satchell wrote:
>
> On 10/3/19 8:42 AM, Fred Baker wrote:
>>
>>
On Oct 3, 2019, at 9:51 AM, Stephen Satchell wrote:
>>>
>>> Someone else mentioned that "IPv6 has been around for 25 years, and why
>>> is it taking so long for
On 10/3/19 8:22 AM, Fred Baker wrote:
> Speaking as v6ops chair and the editor of record for 1812.
> draft-ietf-v6ops-ipv6rtr-reqs kind of fell apart; it was intended to be
> an 1812-like document and adopted as such, but many of the
> "requirements" that came out of it were specific to the
On 10/3/19 8:42 AM, Fred Baker wrote:
>
>
>> On Oct 3, 2019, at 9:51 AM, Stephen Satchell wrote:
>>
>> Someone else mentioned that "IPv6 has been around for 25 years, and why
>> is it taking so long for everyone to adopt it?" I present as evidence
>> the lack of a formally-released
> On Oct 3, 2019, at 9:51 AM, Stephen Satchell wrote:
>
> Someone else mentioned that "IPv6 has been around for 25 years, and why
> is it taking so long for everyone to adopt it?" I present as evidence
> the lack of a formally-released requirements RFC for IPv6. It suggests
> that the
On Oct 3, 2019, at 9:51 AM, Stephen Satchell wrote:
> It appears that the only parallel paper for IPv6 is
> draft-ietf-v6ops-ipv6rtr-reqs-04, _Requirements for IPv6 Routers_, which
> currently carries a copyright of 2018. It's a shame that this document
> is still in limbo; witness this quote:
On 03/10/2019 15:51, Stephen Satchell wrote:
> For a start, *add* IPv6 examples in parallel with the IPv4 examples.
1000 times +1
We need (much) more IPv6 examples!
--
Marco
(pushing for IPv6 examples since 2007 or so
like in: https://youtu.be/OLEizGPoB5w?t=30)
On 10/2/19 9:51 PM, Mark Andrews wrote:
> What part of BCP-38 do you think needs to be updated to support IPv6?
>
> Changing the examples to use IPv6 documentation prefixes instead of IPv4
> documentation prefixes?
For a start, *add* IPv6 examples in parallel with the IPv4 examples. As
RFCs are
What part of BCP-38 do you think needs to be updated to support IPv6?
Changing the examples to use IPv6 documentation prefixes instead of IPv4
documentation prefixes?
Mark
> On 3 Oct 2019, at 1:20 pm, Stephen Satchell wrote:
>
> Is anyone working on an update to include IPv6?
--
Mark
35 matches
Mail list logo
