On Feb 25, 2014, at 12:22 PM, Staudinger, Malcolm
mstaudin...@corp.earthlink.com wrote:
Why wouldn't you just block chargen entirely? Is it actually still being used
these days for anything legitimate?
More politely stated, it’s not the responsibility of the operator to decide
what
On Wed, Feb 26, 2014 at 6:56 AM, Keegan Holley no.s...@comcast.net wrote:
More politely stated, it’s not the responsibility of the operator to
decide what belongs on the network and what doesn’t. Users can run any
services that’s not illegal or even reuse ports for other applications.
That
- Original Message -
From: Brandon Galbraith brandon.galbra...@gmail.com
On Wed, Feb 26, 2014 at 6:56 AM, Keegan Holley no.s...@comcast.net
wrote:
More politely stated, it’s not the responsibility of the operator to
decide what belongs on the network and what doesn’t. Users can run
On Wed, 26 Feb 2014 11:44:55 -0600, Brandon Galbraith said:
Blocking chargen at the edge doesn't seem to be outside of the realm of
possibilities.
What systems are (a) still have chargen enabled and (b) common enough to make
it a viable DDoS vector? Just wondering if I need to go around and
On 2/26/2014 4:22 PM, Ryan Shea wrote:
Howdy network operator cognoscenti,
I'd love to hear your creative and workable solutions for a way to track
in-line the configuration revisions you have on your cisco-like devices.
Let me clearify/frame:
You have a set of tested/approved configurations
On Feb 26, 2014, at 5:33 PM, valdis.kletni...@vt.edu wrote:
On Wed, 26 Feb 2014 11:44:55 -0600, Brandon Galbraith said:
Blocking chargen at the edge doesn't seem to be outside of the realm of
possibilities.
What systems are (a) still have chargen enabled and (b) common enough to make
it
On 2/26/2014 5:33 PM, valdis.kletni...@vt.edu wrote:
On Wed, 26 Feb 2014 11:44:55 -0600, Brandon Galbraith said:
Blocking chargen at the edge doesn't seem to be outside of the realm of
possibilities.
What systems are (a) still have chargen enabled and (b) common enough to make
it a viable
On 2/26/2014 5:37 PM, Robert Drake wrote:
Most people roll their own solution. If you're looking to do that
consider using augeas for parsing the configuration files. It can be
really useful for documenting changes, and probably to diff parts of
the config. You might also consider
On Wed, Feb 26, 2014 at 6:27 PM, Ryan Shea ryans...@google.com wrote:
Robert - all great suggestions. Big cross-vendor configuration generation
and deployment is outside the scope of what I was hoping for here. The goal
is to have the version information somehow encoded into the configuration,
Most of what I've seen are reset configs on network gear, standalone devices
(printers), and the occasional win 98 box with network addons.
We put blocks in place for ntp, SNMP for a short time to get things under
control. Chargen was so small it was easier to just alert folks directly.
HTH.
On Tue, Feb 25, 2014 at 11:22 AM, Staudinger, Malcolm
mstaudin...@corp.earthlink.com wrote:
Why wouldn't you just block chargen entirely? Is it actually still being
used these days for anything legitimate?
Long term blocking based on port number is sure to result in problems.
It's more
I only ran the scan once, but had ~130k devices respond.
is there any modern utility in chargen?
On 2/26/2014 11:03 PM, Jimmy Hess wrote:
The well known port assignments are advisory or recommended, for use by
other unknown processes. the purpose of well known port
assignments is for service location; the port number is not a sequence of
application identification bits.
The QUIC
On 2/27/2014 8:09 AM, Randy Bush wrote:
I only ran the scan once, but had ~130k devices respond.
is there any modern utility in chargen?
I know of none, maybe I'm too young.
So we could conclude we don't need that service running.
But some folk use ports for services other than the intended
On Wed, Feb 26, 2014 at 11:09 PM, Randy Bush ra...@psg.com wrote:
I only ran the scan once, but had ~130k devices respond.
is there any modern utility in chargen?
Does ne'er-do-wells hitting IRC users with DCC CHAT requests targeted to
trick the victim into connecting to port 19/tcp count
We are evaluating a piece of software called Skybox:
http://www.skyboxsecurity.com/
It's geared to security analytics, but it does allow you to
define configurations that are expected on a device, what
software version it is running, whether commands that aren't
there are, and those
16 matches
Mail list logo