Security is a layered approach though. I can't recall any server or service
that runs in listening state (and reachable from public address space) that
hasn't had some type of remotely exploitable vulnerability. It's hard to
lean on operating systems and software companies to default services to
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Le 29/04/2014 04:39, valdis.kletni...@vt.edu a écrit :
Do we have a handle on what percent of the de-aggrs are legitimate
attempts at TE, and what percent are just whoopsies that should be
re-aggregated?
Deaggs can legitimatelly occur for a
Just out of curiosity, how does removing port address translation from
the equation magically and suddenly make everything exposed, and
un-invent the firewall?
-Blake
On Tue, Apr 29, 2014 at 11:00 PM, Jeff Kell jeff-k...@utc.edu wrote:
On 4/29/2014 11:37 PM, TheIpv6guy . wrote:
On Tue, Apr 29,
Anyone selling IP over ATM / Frame Relay in North NJ Verizon LATA 224 that
could carve a PVC real fast?
On 4/30/14, 12:00 AM, Jeff Kell jeff-k...@utc.edu wrote:
Not to mention that PCI compliance requires you are RFC1918 (non-routed)
at your endpoints, but I digress...
This is emphatically not true. All PCI compliance requires is that your
private IP addresses are not disclosed to the public,
On Apr 30, 2014, at 09:15 , Jérôme Nicolle jer...@ceriz.fr wrote:
Le 29/04/2014 04:39, valdis.kletni...@vt.edu a écrit :
Do we have a handle on what percent of the de-aggrs are legitimate
attempts at TE, and what percent are just whoopsies that should be
re-aggregated?
Deaggs can
Behalf Of Jeff Kell
Not to mention that PCI compliance requires you are RFC1918 (non-routed)
at your endpoints, but I digress...
You're not funny. And if you're not joking, you're wrong. We just went over
this on this very list two weeks ago.
Jamie
On Wed, 30 Apr 2014 15:40:43 -, Jamie Bowden said:
You're not funny. And if you're not joking, you're wrong. We just went over
this on this very list two weeks ago.
And in that discussion, we ascertained that what the PCI standard actually
says, and what you need to do in order to get
On 4/30/14, 9:30 AM, valdis.kletni...@vt.edu wrote:
On Wed, 30 Apr 2014 15:40:43 -, Jamie Bowden said:
You're not funny. And if you're not joking, you're wrong. We just went over
this on this very list two weeks ago.
And in that discussion, we ascertained that what the PCI standard
Anybody got recommendations on how to make sure the company you engage
for the audit ends up sending you critters that actually have a clue? (Not
necessarily PCI, but in general)
In my previous jobs when I was doing FIPS/NIST/whatever compliance, it
ended up being the case that having a
Patrick,
Le 30/04/2014 16:54, Patrick W. Gilmore a écrit :
It's fairly easy to punch a hole in a larger prefix, but winning
the reachability race while unable to propagate a more specific
prefix significantly increase hijacking costs.
Excellent point, Jérôme.
Let's make sure nothing is
On 4/30/2014 11:30 AM, valdis.kletni...@vt.edu wrote:
On Wed, 30 Apr 2014 15:40:43 -, Jamie Bowden said:
You're not funny. And if you're not joking, you're wrong. We just went over
this on this very list two weeks ago.
And in that discussion, we ascertained that what the PCI standard
On Wed, Apr 30, 2014 at 5:23 PM, Larry Sheldon larryshel...@cox.net wrote:
On 4/30/2014 11:30 AM, valdis.kletni...@vt.edu wrote:
And in that discussion, we ascertained that what the PCI standard actually
says, and what you need to do in order to get unclued boneheaded auditors
to sign the
On Apr 26, 2014, at 12:19 PM, Deepak Jain dee...@ai.net wrote:
Does anyone have doomsday plots of IPv6 prefixes? We are already at something
like 20,000 prefixes there, and a surprising number of deaggregates (like
/64s) in the global table. IIRC, a bunch of platforms will fall over at
Hello everyone!
I was wondering if anyone is using Rancid with Maipu devices? I am slightly
stuck because default clogin gives error on terminal length 0 and widith
command in Maipu cli.
Also, I tried adding no more which is being executed but still overall
script is failing. Did anyone got
The auditors VMware sent to us were just as bad. To ensure we weren't
running rogue ESX(i) servers or WorkStation, they made us provide full
arp/cam tables. Then a list of the virtual machines. Oh look, this MAC
isn't listed as one of your virtual machines. It isn't because it was
running on
We just dealt with a vmware audit too; it was a joke. In any case, the
thing I found curious with their auditor as well as a PCI QSA (fancy
auditor), is that neither entity seemed to know IPv6 exists. The whole
time I'm thinking okay, now why aren't you investigating these same
attack vectors in
17 matches
Mail list logo
