On Tue, Jul 30, 2013 at 6:57 PM, Owen DeLong o...@delong.com wrote:
I believe Bill is looking for DPI on forwarded traffic and not to decapsulate
the traffic prior to inspection.
oh! dpi? just use sandvine? comcast says that the work well...
/troll
got an example item to test with too? I'm sure they'll want to see that as well.
On Tue, Jul 30, 2013 at 3:08 PM, ryanL ryan.lan...@gmail.com wrote:
the common transit point for this problem is vodafone backone:
aut-num:AS3209
as-name:VODANET
On Tue, Jul 30, 2013 at 2:13
Any experience/comments on the GTT Global eXpress service? Looks
interesting but odd. Why would I use a virtual IXP? Who participates?
Comments on-list or off-list are fine.
--
Tim:
Just a note on this thread, we got everything sorted out. There was a
little asymmetric routing going on, but the great folks at HGC was very
quick in helping us fix this.
We had some problem with HGC support at the Hutch before, but they are
great and fast now. At the other end in Johannesburg,
Before you skim past this email because you already read the Prolexic
report on it or some other article on the internet, there are 2
disturbing properties that I haven't found anywhere else online.
1) After sending abuse emails to many networks, we received many angry
replies that they monitored
Tin foil hat Wednesday, limited supplies.
Revealed: NSA program collects 'nearly everything a user does on the internet'
http://gu.com/p/3hy4h
Sent from my Mobile Device.
This looks like more a security issue with the devices, not border security
issues.
If you're seeing replies of that size, it means the devices themselves are
set up to allow public queries of their information (not secured by even
keys), which no one should be comfortable with. People should
On 7/26/13 8:32 AM, Joel M Snyder wrote:
I also don't see the problem of cold calling when it's obviously for a
service or product that I am interested in, just as I don't see the
problem of cold snail-mailing for the same services. I'm in business,
and I expect other businesses to try and
The problem isn't the people on this list leaving the public snmp
community on their devices, it's the vendors of home routers leaving it
there in their devices. Normal end users don't know or even care what snmp
is. (nor can we expect them too)
A simple scan of a large cable/dsl ISP's address
Agreed, but progressively breaking every service on the internet at the
edge because you think there might possibly be an issue just leads to bad
places.
Get better defaults sure, but don't slowly turn the internet into a cable
distribution system because they're just users. It's bad enough
On 31 July 2013 16:46, Warren Bailey
wbai...@satelliteintelligencegroup.com wrote:
Tin foil hat Wednesday, limited supplies.
Revealed: NSA program collects 'nearly everything a user does on the internet'
http://gu.com/p/3hy4h
- Have I read it correctly. Can then break into a vpn
Interesting that they are showing screen captures of a ppt file.
-Jorge
On Jul 31, 2013, at 9:46 AM, Warren Bailey
wbai...@satelliteintelligencegroup.com wrote:
Tin foil hat Wednesday, limited supplies.
Revealed: NSA program collects 'nearly everything a user does on the internet'
On Jul 31, 2013, at 10:26 AM, \tei'' oscar.vi...@gmail.com
oscar.vi...@gmail.com wrote:
- Have I read it correctly. Can then break into a vpn connection,
then leach documents that a german in pakistan is sending to his
office in germany?
I would guess that it's becasuse many VPN services
Anyone from Hilton out there? We are still having this issue. It is not a
wayport address since I looked and they are not registered under Hilton's
name.
-Grant
On Tue, Jul 16, 2013 at 1:17 PM, Grant Ridder shortdudey...@gmail.comwrote:
The requests are coming from 167.187.100.202 which is
Don't forget Theo DeRaadt's email about IPSec!
http://marc.info/?l=openbsd-techm=129236621626462
On 31 July 2013 16:50, Chris Boyd cb...@gizmopartners.com wrote:
On Jul 31, 2013, at 10:26 AM, \tei'' oscar.vi...@gmail.com
oscar.vi...@gmail.com wrote:
- Have I read it correctly. Can then
And how many people utilize a VPN for site to site? You can convince me you can
spin up an Ipsec connection, but at that point your originating gateway
changed from your way to the Internet to the VPN's way. Either.. Way.. You
still head out in clear channel Internet and get owned elsewhere. I
A relevant paper was released by the BITAG, see
http://www.bitag.org/report-snmp-ddos-attacks.php Section 7 includes
recommendations.
See also this blog post I wrote one day short of a year ago that may be of
interest:
On July 31, 2013 at 08:00 j...@west.net (Jay Hennigan) wrote:
It's surprising how people go out of their way to deny that it's a sales
call, and then start trying to sell something.
[NOTE: The anecdote is followed by some practical advice]
ANECDOTE
I had a guy call and tell the person
On Wed, Jul 31, 2013 at 09:28:50AM -0400, Tim Durack wrote:
Any experience/comments on the GTT Global eXpress service? Looks
interesting but odd. Why would I use a virtual IXP? Who participates?
Comments on-list or off-list are fine.
This was an old PacketExchange service, essentially just a
Public SNMP being exploited for 8000x amplification is a very serious
issue. It is
arguably worse than open email relays.
Not only does it expose critical information from your users
but it offers the largest possible amplified DDoS by far, likely
bigger than DNS when you take into account the
Better yet, does anyone have any Hilton contacts they could pass my info to?
-Grant
On Wed, Jul 31, 2013 at 8:54 AM, Grant Ridder shortdudey...@gmail.comwrote:
Anyone from Hilton out there? We are still having this issue. It is not
a wayport address since I looked and they are not
Write into your TOS a block for SNMP. Deal with the whiners on a case by case
basis. Problem solved.
Sent from my Mobile Device.
Original message
From: bottiger bottige...@gmail.com
Date: 07/31/2013 1:13 PM (GMT-08:00)
To: Blake Dunlap iki...@gmail.com
Cc: nanog@nanog.org
Would it be possible to add SNMP to your (collective cable labs buddies)
shapers and it would be taken care of prior to it leaving your network but
after the cmts?
Sent from my Mobile Device.
Original message
From: Livingood, Jason jason_living...@cable.comcast.com
Date:
I have BCC'd the likely appropriate Hilton contact for you on this response
so they can take a look at the NANOG emails below regarding their Internet
proxies to see if it looks like something they can assist with. They were
able to have some MTA issues corrected last time Hilton came up on the
On Aug 1, 2013, at 3:11 AM, bottiger wrote:
The most disturbing part is the lack of logging.
Flow telemetry can be of use in this instance.
---
Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com
I bet blocking all SYN packets and non related flow UDP packets to
customers would be even more effective. Why don't we do that and be done
with it instead of playing whack a mole every 3 months when someone finds
some new service that was poorly designed so that it can be used to send a
flood?
This vulnerability has been present ever since SNMP v2 was announced
back in 1993.
There is a reason why the biggest attacks these days are from
protocols that are decades old like DNS and Chargen.
People making widely spread protocols these days are aware of the
problem and are usually able to
On 7/31/2013 4:29 PM, Blake Dunlap wrote:
It works better to fix the design issues than to play whack a mole
by blocking every imaginable service to your customers that responds
to the public with data larger than a FIN. Like getting their
providers to more proactively police their spew,
On Wed, 31 Jul 2013 18:50:18 -0400, Larry Sheldon larryshel...@cox.net
wrote:
But after years of research I will tell you that there is no way to stop
an avalanche once it has been released at the source.
http://youtu.be/60loeoblu0M
Anyone can make a device and connect it to the internet.
Sounds great Jay, thanks!
On Wed, Jul 31, 2013 at 1:31 PM, Jay Moran jay+na...@tp.org wrote:
I have BCC'd the likely appropriate Hilton contact for you on this
response so they can take a look at the NANOG emails below regarding their
Internet proxies to see if it looks like something they
Chris Boyd cboyd at gizmopartners.com Wed Jul 31 15:50:09 UTC 2013
I would guess that it's becasuse many VPN services still support PPTP which
can be attacked as outlined here:
http://www.schneier.com/paper-pptpv2.html
--Chris
That link doesn't even mention the worst vulnerability in
On 7/31/13, Blake Dunlap iki...@gmail.com wrote:
I bet blocking all SYN packets and non related flow UDP packets to
customers would be even more effective. Why don't we do that and be done
with it instead of playing whack a mole every 3 months when someone finds
some new service that was
Howdy listers,
I remember reading a while back that customers of nLayer IP transit
services could send in Flowspec rules to nLayer. Anyone know if that is
true/current?
Thanks,
--
Regards,
Mark
On Jul 31, 2013, at 20:00 , Mark Tees markt...@gmail.com wrote:
I remember reading a while back that customers of nLayer IP transit
services could send in Flowspec rules to nLayer. Anyone know if that is
true/current?
Not any more.
--
TTFN,
patrick
signature.asc
Description: Message
I realize the root cause is security-oblivious designers and one level
below that, lack of BCP38.
But realistically those 2 problems are not going to be solved any time
in the next decade. I have tested 7 large hosting networks only one of
them had BCP38.
To my knowledge it is practically
On Jul 31, 2013, at 1:17 PM, Barry Shein b...@world.std.com wrote:
The usual method is to insert ringers which would be info which
points back at non-existant people with valid-looking contact
information.
If for example they called a phone number, or several, owned by ARIN
(or a service
In message CA+2UFhntL-iKdGc7Ev9UbPB-y5QkO5eA=nxffsmnmq50zuk...@mail.gmail.com
, bottiger writes:
I realize the root cause is security-oblivious designers and one level
below that, lack of BCP38.
But realistically those 2 problems are not going to be solved any time
in the next decade. I
37 matches
Mail list logo