Re: Synful Knock questions...

On 16 Sep 2015, at 11:51, Paul Ferguson wrote: Please bear in mind hat the attacker *must* acquire credentials to access the box before exploitation. And must have access to the box in order to utilize said credentials - which of course, there are BCPs intended to prevent same.

Re: Synful Knock questions...

Roland Dobbins wrote on 9/16/2015 1:27 AM: On 16 Sep 2015, at 11:51, Paul Ferguson wrote: Please bear in mind hat the attacker *must* acquire credentials to access the box before exploitation. And must have access to the box in order to utilize said credentials - which of course, there

Re: Synful Knock questions...

It's unlikely the routers that got exploited were the initial entry point of the attack. The chain of events can look like this: spearfishing email with exploit laden attachment end user opens attachment, internal windows endpoint compromised malware makes outbound connection to command &

Re: Synful Knock questions...

HD Moore just posted the results of a full-Internet ZMap scan. I didn't realize that it was remotely detectable. 79 hosts total in 19 countries. https://zmap.io/synful/ Royce

RE: Re: Synful Knock questions...

That could NEVER happen. :-) --p http://www.theregister.co.uk/2015/03/18/want_to_dodge_nsa_supply_chain_taps_ask_cisco_for_a_dead_drop/ -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Blake Hudson Sent: Wednesday, September 16, 2015 8:37 AM To:

Re: Synful Knock questions...

On 16 Sep 2015, at 21:00, Michael Douglas wrote: It's unlikely the routers that got exploited were the initial entry point of the attack. I understand all that, thanks. At this point when they start messing around with routers, you're going to see activity coming from the intended internal

RE: SMS Gateway

As a retro twist on that, we still use alpha pagers with TAP. Basement level coverage on a single AA battery that lasts 3 months. The nice thing about them is that you can turn your cellphone off at night (yes, I do that), and still know that important alerts will come through the pager.

Re: Synful Knock questions...

Follow-up to my own post, Fireeye has code on github: https://github.com/fireeye/synfulknock On 2015-09-16 10:27 AM, Stephen Fulton wrote: Interesting, anyone have more details on how to construct the scan using something like nmap? -- Stephen On 2015-09-16 9:20 AM, Royce Williams wrote: HD

Re: Synful Knock questions...

Interesting, anyone have more details on how to construct the scan using something like nmap? -- Stephen On 2015-09-16 9:20 AM, Royce Williams wrote: HD Moore just posted the results of a full-Internet ZMap scan. I didn't realize that it was remotely detectable. 79 hosts total in 19

Ashburn

What the world is going on in Ashburn? Over the last two days I've seen multiple flaps from multiple carriers going through there. They generally last about two to three minutes and then everything restores.

Re: Sign-On Letter to the Court in the FCC's Net Neutrality Case

Why don't you post a copy here or a link? The message seems good; the process is broken. Beckman On Tue, 15 Sep 2015, Eric Brunner-Williams wrote: i read it, its rather good. -e On 9/12/15 12:45 PM, John Levine wrote: /*If you're willing to sign on and help today, please email me directly

Re: Ashburn

removal of nsa taps On Wed, Sep 16, 2015 at 10:34 AM, Matt Hoppes wrote: > What the world is going on in Ashburn? Over the last two days I've seen > multiple flaps from multiple carriers going through there. They generally > last about two to three minutes and then

Re: Ashburn

I heard that yesterday... I can't figure out why NTT having issues is affecting other carriers that peer in Ashburn though must be a routing table is blowing up somewhere there. On 9/16/15 11:32 AM, Justin wrote: I know NTT is having issues. We received an RFO stating there was an issue

Re: Ashburn

I know NTT is having issues. We received an RFO stating there was an issue and they were going to do software upgrades to fix. On Wed, Sep 16, 2015 at 10:34 AM, Matt Hoppes wrote: > What the world is going on in Ashburn? Over the last two days I've seen > multiple

Re: Ashburn

Or router bugs. Or even inserting new NSA taps since some of the rest have been caught. --- Keith Stokes From: NANOG on behalf of Christopher Morrow Sent: Wednesday, September 16, 2015 10:34 AM To:

Re: Ashburn

If there are ongoing issues at NTT I’m not aware of them, please contact me off-list with details. Happy to follow-up. - Jared > On Sep 16, 2015, at 11:36 AM, Matt Hoppes wrote: > > I heard that yesterday... I can't figure out why NTT having issues is > affecting

Re: Ashburn

*chuckle* I did hear rumors of a fiber cut yesterday in the area but no hard details. - Jared > On Sep 16, 2015, at 11:34 AM, Christopher Morrow > wrote: > > removal of nsa taps > > On Wed, Sep 16, 2015 at 10:34 AM, Matt Hoppes > wrote:

Re: root zone archive

On Thu, 17 Sep 2015, Joe Abley wrote: Is anybody here aware of a complete or partial archive of root zone data that is older than the set available at DNS-OARC? OARC's archive has nothing older than July 2009. I covered most of the root changes up to 2002 on a DNS timeline.

Re: root zone archive

Hi Alvin, On 17 Sep 2015, at 1:27, alvin nanog wrote: On 09/17/15 at 12:33am, Joe Abley wrote: ... I'm particularly interested in zone data that describes the build out of the original root zone NS set to nine servers in mid-1994, the renaming under the ROOT-SERVERS.NET domain and the

root zone archive

Hi all, Is anybody here aware of a complete or partial archive of root zone data that is older than the set available at DNS-OARC? OARC's archive has nothing older than July 2009. I'm particularly interested in zone data that describes the build out of the original root zone NS set to nine

Re: root zone archive

hi On 09/17/15 at 12:33am, Joe Abley wrote: ... > I'm particularly interested in zone data that describes the build out of the > original root zone NS set to nine servers in mid-1994, the renaming under > the ROOT-SERVERS.NET domain and the subsequent assignment of J, K, L and M. wouldn't that