So
Suppose I configure my email to send a Thanks, we have received your
email, we will reply shortly in office hours.. Whats the Holy Headers
so even poorly configured servers don't cause a AutoReply Storm?
Googling, I found Precedence, X-Auto-Response-Suppress,..? For
something like
On 4/11/2014 2:16 AM, Tei wrote:
So
Suppose I configure my email to send a Thanks, we have received your
email, we will reply shortly in office hours.. Whats the Holy Headers
so even poorly configured servers don't cause a AutoReply Storm?
Googling, I found Precedence,
My experience shows that when things go wrong there is usually an amplified
feedback loop between your mail server and the remote, so ensure that any
header you set is one that you drop too.
This is also why the mighty no-reply@ was thought up, which simply drops
all mail. It might be crude, but
On Fri, 11 Apr 2014, Tei wrote:
Suppose I configure my email to send a Thanks, we have received your
email, we will reply shortly in office hours.. Whats the Holy Headers
so even poorly configured servers don't cause a AutoReply Storm?
Googling, I found Precedence,
On Thu, Apr 10, 2014 at 03:22:24PM -0400, Kee Hinckley wrote:
I suspect they looked at the amount of spam they could stop [...]
Which is, to a very good first approximation, zero.
Nearly all (at least 99% and likely quite a bit more) of the spam [as
observed by my numerous spamtraps] that
http://online.wsj.com/news/articles/SB10001424052702303873604579493963847851346
Glen
Slightly sensationalistic article, tends to imply that heartbleed will
allow you to capture data-plane traffic on any piece of Cisco/Juniper kit.
Either way, as I've said before, if you're exposing *any* management
interfaces, be is ssh,netconf or https to the internet in general, you've
got
Either way, as I've said before, if you're exposing *any* management
interfaces, be is ssh,netconf or https to the internet in general, you've
got bigger issues than just heartbleed.
Sure, i agree.
VPN, on the other hand, is a totally different world of pain for this
issue.
What about
If there's anybody from Level 3 Transport available, I'd like to discuss some
bizarre results when traversing through your network, namely in Dallas, TX over
the past few months? I'm working this through your NOC as well, but figured I
would cover all avenues as this issue is pretty chronic.
Ah Ha! Thanks Nick and Trent! Well that explains the path being even at the
MPLS cloud.
JJ Stonebraker
IP Network Engineering
Grande Communications
512.878.5627
From: Trent Farrell [mailto:tfarr...@riotgames.com]
Sent: Friday, April 11, 2014 11:19 AM
To: Jack
Is there a good contact at Gmail that can take care of a persistant issue
for me?
Thanks in advance,
Dave Rand
d...@kelkea.com or d...@bungi.com
--
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG,
TRNOG, CaribNOG and the RIPE Routing Working Group.
Daily listings are sent to
So, DNSSEC is also compromised by this heartbleed bug, right?
--
-Barry Shein
The World | b...@theworld.com | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada
Software Tool Die| Public Access Internet
On 04/11/2014 11:35 AM, Barry Shein wrote:
So, DNSSEC is also compromised by this heartbleed bug, right?
There is nothing in the DNSSEC protocol that requires the Heartbeat
functionality. However whether a specific implementation of DNS software
is vulnerable or not depends on how it's
On Apr 11, 2014, at 11:35 AM, Barry Shein b...@world.std.com wrote:
So, DNSSEC is also compromised by this heartbleed bug, right?
Nope, apples and oranges.
http://www.afilias.info/webfm_send/32
The only point of intersection I can think of is an indirect one, and
unfortunately not much
ICMP 0/0
On Apr 11, 2014 1:02 PM, Dave Rand d...@bungi.com wrote:
Is there a good contact at Gmail that can take care of a persistant issue
for me?
Thanks in advance,
Dave Rand
d...@kelkea.com or d...@bungi.com
--
Once upon a time, Barry Shein b...@world.std.com said:
So, DNSSEC is also compromised by this heartbleed bug, right?
No, wrong. The OpenSSL bug involves an extension to the TLS protocol
called heartbeat (basically like a TCP or PPP keepalive).
DNSSEC does not use TLS (or any other kind of
I'm not forwarding this to get into politics. I'm forwarding it
because of the impact on operational security. Given the recent I hunt
sysadmins leak, I think it's not unreasonable to suggest that everyone
on this list has probably been targeted because of their privileged
access to
On April 11, 2014 at 11:44 do...@dougbarton.us (Doug Barton) wrote:
On 04/11/2014 11:35 AM, Barry Shein wrote:
So, DNSSEC is also compromised by this heartbleed bug, right?
There is nothing in the DNSSEC protocol that requires the Heartbeat
functionality. However whether a specific
On 11 Apr 2014, at 21:25, Chris Adams c...@cmadams.net wrote:
DNSSEC does not use TLS (or any other kind of transport encryption).
The administrative interfaces controlling the implementation might still do.
Grüße, Carsten
The U.S. National Security Agency knew for at least two years about a flaw
in the way that many websites send sensitive information, now dubbed the
Heartbleed bug, and regularly used it to gather critical intelligence,
two people familiar with the matter said.
The NSA's decision to keep the
* b...@herrin.us (William Herrin) [Fri 11 Apr 2014, 22:04 CEST]:
I call B.S. Do you have any idea how many thousands of impacted NSA
servers run by contractors hung out on the Internet with sensitive NSA
data? If you told me they used it against the targets of the day while
putting out the word
I wrote:
I'm not saying this has been happening ...
but here's the same news from a much more credible source:
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
Still anonymously sourced but at least via people whose ability to vet
* Niels Bakker (niels=na...@bakker.net) wrote:
but here's the same news from a much more credible source:
http://www.bloomberg.com/news/2014-04-11/nsa-said-to-have-used-heartbleed-bug-exposing-consumers.html
Still anonymously sourced but at least via people whose ability to
vet sources
Once upon a time, Niels Bakker niels=na...@bakker.net said:
but here's the same news from a much more credible source:
Actually, that's the same news _from the same source_ as originally
posted.
That article also has other wonderful bits like:
The Heartbleed flaw, introduced in early 2012
On Fri, Apr 11, 2014 at 04:03:36PM -0400, William Herrin wrote:
If you told me they used it against the targets of the day while
putting out the word to patch I could buy it, but intentionally
leaving a certain bodily extension hanging in the breeze in the hopes
of gaining more valuable data
On Fri, Apr 11, 2014 at 4:10 PM, Niels Bakker niels=na...@bakker.net wrote:
Please go read up on some recent and less recent history before making
judgments on what would be unusually gutsy for that group of people.
I'm not saying this has been happening but you will have to come up with a
On Fri, Apr 11, 2014 at 09:37:38PM +0200, Carsten Bormann wrote:
On 11 Apr 2014, at 21:25, Chris Adams c...@cmadams.net wrote:
DNSSEC does not use TLS (or any other kind of transport encryption).
The administrative interfaces controlling the implementation might still do.
That's not
On Fri, Apr 11, 2014 at 04:03:36PM -0400, William Herrin wrote:
The U.S. National Security Agency knew for at least two years about a flaw
in the way that many websites send sensitive information, now dubbed the
Heartbleed bug, and regularly used it to gather critical intelligence,
two
This report has been generated at Fri Apr 11 21:13:53 2014 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/2.0 for a current version of this report.
Recent Table History
BGP Update Report
Interval: 03-Apr-14 -to- 10-Apr-14 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS36998 73697 3.1% 46.4 -- SDN-MOBITEL,SD
2 - AS982972918 3.0% 78.7
On 4/11/2014 4:03 PM, William Herrin wrote:
The U.S. National Security Agency knew for at least two years about a flaw
in the way that many websites send sensitive information, now dubbed the
Heartbleed bug, and regularly used it to gather critical intelligence,
two people familiar with the
On Fri, Apr 11, 2014 at 5:56 PM, Matt Palmer mpal...@hezmatt.org wrote:
You're assuming that the NSA is a single monolithic entity. IIRC, the
offense team and the defense team don't really talk much, and they
*certainly* have very different motivations. It wouldn't surprise me at all
if the
Hi Nanog,
I have a ticket open with Level 3, with whom I have 1gig pipes in Oakland,
CA and Las Vegas, NV.
One of our users noticed very slow file transfer/media delivery from the
Bay Area to L.A., and on investigating it appears as though the peering
point between Level3 and ATT in SF was
On 4/11/2014 5:47 PM, Matt Palmer wrote:
That's not DNSSEC that's broken, then. - Matt
You're correct about that, but everything depends on your level of
paranoia.
The bug has a potential to show 64k of memory that may or may not be a
part of the TLS/SSL connection*. In that 64k their
And their Level 3 to 4 accomplished what exactly?? They were owned the
same way the own others, from the inside.
On 4/11/14, 4:27 PM, Peter Kristolaitis alte...@alter3d.ca wrote:
On 4/11/2014 4:03 PM, William Herrin wrote:
The U.S. National Security Agency knew for at least two years about a
--- mpal...@hezmatt.org wrote:
From: Matt Palmer mpal...@hezmatt.org
The interesting thing to me is that the article claims the NSA have been
using this for over two years, but 1.0.1 (the first vulnerable version)
was only released on 14 Mar 2012. That means that either:
* The NSA put it in
In message 534874d8.3050...@direcpath.com, Robert Drake writes:
On 4/11/2014 5:47 PM, Matt Palmer wrote:
That's not DNSSEC that's broken, then. - Matt
You're correct about that, but everything depends on your level of
paranoia.
The bug has a potential to show 64k of memory that may
On Sat, 12 Apr 2014 07:56:01 +1000, Matt Palmer said:
The interesting thing to me is that the article claims the NSA have been
using this for over two years, but 1.0.1 (the first vulnerable version)
was only released on 14 Mar 2012. That means that either:
* The NSA found it *amazingly*
On Fri, Apr 11, 2014 at 6:27 PM, Peter Kristolaitis alte...@alter3d.ca wrote:
I would imagine that federal contractors have to adhere to FIPS 140-2
standards (or some similar requirement) for sensitive environments, and none
of the affected OpenSSL versions were certified to any FIPS
Any comments?
-- Forwarded message --
From: Dave Farber d...@farber.net
Date: Fri, Apr 11, 2014 at 8:13 PM
Subject: [IP] Summary of what I know so far about the Linksys botnet and/or
worm
To: ip i...@listbox.com
-- Forwarded message --
From: *Brett Glass*
This should provide some background:
http://apps.fcc.gov/ecfs/document/view?id=7022026095
Drive Slow,
Paul
On Fri, Apr 11, 2014 at 6:50 PM, David Sotnick sotnickd-na...@ddv.com wrote:
Hi Nanog,
I have a ticket open with Level 3, with whom I have 1gig pipes in Oakland,
CA and Las Vegas, NV.
I'm not sure if anyone of you has access to those automated tools, but I'd
be interested in learning if any of them do catch the bug.
Frank
-Original Message-
From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu]
Sent: Friday, April 11, 2014 7:50 PM
To: Matt Palmer
Cc:
On Fri, Apr 11, 2014 at 6:03 PM, Robert Drake rdr...@direcpath.com wrote:
The bug has a potential to show 64k of memory that may or may not be a part
of the TLS/SSL connection*.
It has the potential to show various pieces of memory 64K at a time
that may be related to ANY of the data the
44 matches
Mail list logo