On Fri, Feb 26, 2016 at 11:04:49AM -0500, Curtis Maurand wrote:
> I run my own resolver from behind my firewall at my home. I don't
> allow incoming port 53 traffic. I realize there's not a lot of
> privacy on the net, but I don't like having my dns queries tracked
> in order to target advertisin
On Fri, Feb 26, 2016 at 08:55:20AM -0700, Keith Medcalf wrote:
>
> On Friday, 26 February, 2016 08:13, jason_living...@comcast.com said:
>
> > FWIW, Comcast's list of blocked ports is at
> > http://customer.xfinity.com/help-and-support/internet/list-of-blocked-
> > ports/. The suspensions this we
On Sat, Jan 16, 2016 at 05:43:56AM -0800, Ca By wrote:
> I see a great deal of folks on nanog clamoring to buy ddos gear. Packets
> are starting to become like spam email, where 90% are pure rubbish, and
> us good guys have to spend a lot of money and time sorting signal from
> noise.
I've said
On Thu, Dec 24, 2015 at 11:44:10PM +, Colin Johnston wrote:
> We really need to ask if China and Russia for that matter will not
> take abuse reports seriously why allow them to network to the internet ?
One could ask the exact same question about Amazon -- which, as of
the moment, is the wors
On Fri, Jan 08, 2016 at 09:11:51AM -0800, Hugo Slabbert wrote:
> ...so...you're "optimizing" the bitrate of video traffic for mobile
> by lowering it to 1.5 mbps, but don't worry: it's not "throttling".
It's not just video. Per comments on Techdirt, this also affects other
traffic being transmitt
On Sat, Dec 12, 2015 at 09:23:47AM -0800, Jim Shankland wrote:
> Also, this jumped out at me:
>
> "The problem with the recent attack is that the originating IP
> addresses were evenly distributed within the IPV4 universe," McAfee
> says. "This is virtually impossible using spoofing."
>
> Am I mi
On Wed, Nov 18, 2015 at 03:34:13PM -0800, Grant Ridder wrote:
> Any idea if this includes Instagram as well since it is a Facebook asset?
This news story:
Social networking sites closed for security reasons, says Minister
Tarana Halim
http://bdnews24.com/bangladesh/2015/11/18/so
On Tue, Oct 27, 2015 at 10:18:11AM -0400, Ian Smith wrote:
> I'm not making any argument about the relation of SPF compliance to message
> quality or spam/ham ratio. You are no doubt correct that at this point in
> the game SPF doesn't matter with respect to message quality in a larger
> context,
On Tue, Oct 27, 2015 at 09:08:00AM -0400, Ian Smith wrote:
> But it's a bit of a stretch to say that [SPF] has zero value.
No, it's not a stretch at all. It's a statistical reality. And a single
isolated case does not alter that.
You're welcome to set up your own network of spamtraps and mailbo
On Tue, Oct 27, 2015 at 08:09:00AM -0400, Ian Smith wrote:
> This is the part that's been bugging me. Doesn't the NANOG server
> implement SPF checking on inbound list mail?
Don't know, but it doesn't matter: SPF has zero anti-spam value.
(I know. I've studied this in ridiculous detail using a v
On Mon, Oct 26, 2015 at 02:48:59PM -0600, Brielle Bruns wrote:
> I get it that it is hard for large providers to be proactive about
> things going on due to the sheer size of their networks, but come
> on. That excuse only works for so long.
1. It's not hard. It's far easier for large providers t
Several points.
1. It wasn't just NANOG. A number of other mailing lists were
targeted. Whether or not all these attacks were launched by the
same entity is unknown and probably unknowable.
2. The adm...@nanog.org address appears to be unresponsive. Is
there actually anyone reading that? If s
On Wed, Oct 14, 2015 at 11:19:00AM -0700, George Herbert wrote:
> These guys are in violation of CAN-SPAM.
They're also in violation of the DMCA itself. 17 USC 512 includes
this requirement for those filing DMCA notifications:
(vi) A statement that the information in the notification is
On Wed, Oct 14, 2015 at 12:12:29PM +0200, Randy Bush wrote:
> jeezus folk!
>
> http://www.procmail.org/
I wouldn't necessarily recommend that approach. There is no obligation
for victims of spammers to continue providing Internet services to them,
including SMTP services. A much better move wou
On Tue, Oct 13, 2015 at 09:17:14AM -0500, Mike Hammett wrote:
> So even when they give an avenue to resolve the issue, people still
> complain... *sigh*
"Handing over more information" to unrepentant, chronic, systemic
spammers (who also happen to be engaged in massive abuse of the DMCA)
is not
On Fri, Oct 09, 2015 at 10:00:19PM +0200, Baldur Norddahl wrote:
> Do I just block them for spamming?
Yes, since that's what they're doing.
Consider: they're sending email. It's unsolicited (you did not ask for
it by confirmed/closed-loop subscription). And it's bulk: these are not
individual m
On Thu, Oct 01, 2015 at 09:58:49AM -0500, Roland Dobbins wrote:
> So, educating folks to the point that they understand that the
> problem space exists is The Problem, writ large.
I strongly concur with this. While there are some amazing experts out
there who provide exemplary models of how to ru
On Thu, Sep 24, 2015 at 02:55:51PM +0200, Gunther Stammwitz wrote:
> This is unbelievable:
Yes, it is. Quoting back a spammer's entire message to the entire list,
including the payload, is unbelievably stupid. It would have been
better to call this to the attention of those charged with the
car
On Thu, Sep 17, 2015 at 11:41:52AM -0400, Miles Fidelman wrote:
> Me too. Be sure to actually read the Amicus brief - it's incredibly
> well written and informative.
I've signed on as well and strongly concur with Miles' recommendation.
---rsk
On Sun, Sep 06, 2015 at 09:14:02PM +, Connor Wilkins wrote:
> Honestly.. the best method is to not let it bug you anymore. It's
> only a seething issue to you because you let it be.
Curiously enough, the same thing was said about spam 30-ish years ago.
The "ignore it and maybe it will go away"
On Fri, Sep 04, 2015 at 06:59:36PM -0400, valdis.kletni...@vt.edu wrote:
> Does anybody have a citation that legal disclaimers attached to
> publicly posted mail aren't null and void?
Disclaimers are invalid on their face because they're an attempt
to unilaterally enforce contractual terms witho
On Fri, Aug 21, 2015 at 08:18:59PM -0500, Rafael Possamai wrote:
> Quick update: I moved away from Amazon SES to a private smtp server
> provided by Chris, who is also helping moderate the list.
That's a good idea. I noticed.
> I left Amazon SES configured as a backup since the bounce rate after
It appears that this list is sending its outbound traffic via Amazon's
cloud operation.
This is a profoundly horrible idea, not through any fault of yours, but
because Amazon's cloud operation is a massive, non-stop fountain of spam
and Amazon personnel flatly refuse to lift a finger to do anythi
On Thu, Aug 13, 2015 at 08:36:24AM +0800, Phill Twiss wrote:
> You should really have captcha's configured for your mailman lists
No. In fact: hell no. Captchas have zero security value and serve only
to annoy and waste the time of legitimate users. Far less intrusive
and more effective m
On Mon, Aug 10, 2015 at 10:47:30PM -0500, Larry Sheldon wrote:
> Seems like this exact question comes up pretty frequently.
>
> Maybe NANOG should consider a repository of frequent inquiries...
Maybe AT&T and others should consider reading RFC 2142 and implementing
it properly, like every com
[ Tried this over on mailop; no response, so now trying here. ]
I've noticed that one of my servers has been unable to establish port 25
connections to hosts such as mx00.emig.gmx.net for over a week...and I'm
entirely puzzled as to why, since it only sends a trickle of traffic
to a handful of use
On Thu, Jun 18, 2015 at 11:00:00AM -0400, shawn wilson wrote:
> If the argument is that she should've shut down the network or parts of it
> - I wonder if anyone of you who run Internet providers would even shut down
> your email or web servers when, say, heartbleed came out - those services
> aren
On Fri, May 29, 2015 at 12:32:34PM -0400, Justin M. Streiner wrote:
> There are providers (banks, etc) who will disable an online account that
> has had X failed login attempts. While that's good for preventing
> $bad_guy from continuing to try to brute-force-guess the password,
> it creates a nom
On Thu, May 28, 2015 at 03:13:37PM -0400, William Herrin wrote:
> On Wed, May 27, 2015 at 1:16 AM, Octavio Alvarez
> wrote:
> > I would definitely opt-out from any kind of "secret questions" that I
> > couldn't type by myself.
> >
> > Many many sites still think this is a good idea.
>
> My first
On Wed, May 27, 2015 at 01:51:35PM -0400, Barry Shein wrote:
> Getting a copy of the database of hashes and login names is basically
> useless to an attacker.
Not any more, if the hash algorithm isn't sufficiently strong:
25-GPU cluster cracks every standard Windows password in <6
Ah...got it, this was sloppy phrasing on my part. I meant "first"
in the sense of "first rule that one should write". Depending on
the firewall type/implementation, that might be the rule that's
lexically first or last (or maybe somewhere else).
---rsk
On Wed, May 06, 2015 at 03:30:01PM -0700, Scott Weeks wrote:
> --- r...@gsp.org wrote:
> From: Rich Kulawiec
>
> The first rule in every firewall is of course
> "deny all" and subsequent rulesets permit only
> the traffic that is necessary.
> --
On Mon, May 04, 2015 at 07:55:43PM -0700, nan...@roadrunner.com wrote:
> Possibly a bit off-topic, but curious how all of you out there segment
> your networks. [snip]
I break them up by function and (when necessary) by the topology
enforced by geography. The first rule in every firewall is of
c
On Tue, Apr 28, 2015 at 12:39:12PM -0400, Barry Shein wrote:
> As more and more "legitimate" companies exploit email as a free
> resource I think we're going to need to broaden the definition of
> spam.
Absolutely not. The canonical -- and only correct -- definition
is UBE, as Suresh pointed out.
On Thu, Mar 12, 2015 at 05:33:19PM -0700, Dave Taht wrote:
> Had he lived, email and netnews would have remained usable by mere
> mortals and met the challenge of extreme growth and abuse. And ICANN,
> and for that netsol, wouldn't have become the ugly morass they became.
> Hell, even the IETF migh
On Sun, Mar 01, 2015 at 11:58:34AM -0500, Christopher Morrow wrote:
> business vs consumer edition products? (that'd be my bet)
I think these are all residential customers, as business customers
appear to use different subdomains and/or host naming conventions, e.g.:
24.7.48.153 c-24-
On Sat, Feb 28, 2015 at 08:03:28PM -0500, John R. Levine wrote:
> Well, actually, it does. Every broadband network in the US
> currently blocks outgoing port 25 connections from retail customers.
Unfortunately, that's not entirely true. (Very) recent direct-to-MX spam
from Comcast customers:
On Sat, Feb 28, 2015 at 02:48:07PM +0900, Collin Anderson wrote:
> How would this legal environment be any different than the pre-Verizon
> network neutrality rules for network management of SPAM?
SPAM, being a product of the Hormel Corporation, is not a concern in
this context. Spam, the slang t
Their own announcement:
http://postmaster-blog.aol.com/2014/04/22/aol-mail-updates-dmarc-policy-to-reject/
says that DMARC issues should be referred here:
dmarc-h...@teamaol.com
(And before anyone asks, yes, the headers on mailing list traffic
have been modified precisely as t
On Tue, Feb 24, 2015 at 06:33:08PM +0530, Suresh Ramasubramanian wrote:
> And how many users do you have, again?
So professionalism, competence, diligence, etc. are reserved for
only the operations considered large enough? Good to know.
---rsk
On Tue, Feb 24, 2015 at 03:19:06AM +0100, Fred wrote:
> Having exactly the same issue. Also never received any response from
> AOL. Quite annoying.
I've been waiting since January 26th for a response from dmarc-h...@teamaol.com,
which is their stipulated contact point for DMARC issues.
Of course
Find someone unloading 50 old, physically small desktop PCs. Buy the
lot. Drop OpenBSD and BIND on them, ship 3 to every site, run 1 or 2
live with the leftovers as on-site spares. If one breaks, wipe the disk
and send the box to recycling.
(Just checked: someone on a certain auction site is s
On Sat, Feb 14, 2015 at 12:57:29PM -0600, Jimmy Hess wrote:
> By itself, a single install of Snort/Bro is not necessarily a complete
> IDS, as it cannot inspect the contents of outgoing SSL sessions, so
> there can still be Javascript/attacks against the browser, or SQL
> injection attempts encap
On Fri, Feb 13, 2015 at 03:45:30PM -0600, Rafael Possamai wrote:
> What is the alternative then... Does he have the time to become a BSD guru
> and master ipfw and pf? Probably not feasible with all other job duties,
> unless he locks himself in his mom's basement for the next 5 years.
I know this
On Fri, Feb 13, 2015 at 02:45:46PM -0600, Rafael Possamai wrote:
> I am a huge fan of FreeBSD, but for a medium/large business I'd definitely
> use a fairly well tested security appliance like Cisco's ASA.
Closed-source software is faith-based security.
---rsk
On Sun, Feb 08, 2015 at 11:40:56AM -0200, BPNoC Group wrote:
> Firewalls are firewalls. Routers are routers. Routers should do some very
> basic filtering (stateles, ACLs, data plane protection...) and firewalls
> should do basic static routing. And things should not go far beyond that.
This is, a
On Wed, Jan 28, 2015 at 10:06:26AM -0800, Jay Hennigan wrote:
> What I don't like is that they only offer it as a cloud-based service.
One of the downsides of all such services is that the more successful
they are, the bigger a target they are. And they're a tempting target,
since successful pene
On Thu, Dec 11, 2014 at 04:33:03PM -0800, Owen DeLong wrote:
> This thread is out of control... I will attempt to summarize the
> salient points in hopes we can stop arguing about inaccurate minutiae.
I concur with this summary and will add this:
It's a pity that the resources which went into thi
On Fri, Oct 24, 2014 at 03:13:48PM -0400, Barry Shein wrote:
> Though I've no doubt someone out there imagines improving the quality
> of the database would help with spam I tend to doubt it.
It might. So would removing the farce of 'private' domain registration.
What would also help is removing
On Wed, Oct 22, 2014 at 11:30:57AM -0500, Jeffrey Ollie wrote:
> The people that like systemd (like myself) have wisely learned that
> the people that hate systemd, hate it mostly because it's different
> from what came before and don't want to change.
That's an entirely unfair characterization.
On Tue, Oct 21, 2014 at 06:17:09PM +0100, Israel G. Lugo wrote:
> The binary logs for example worry me, especially corruption issues:
As they should. Binary logs occasionally make sense in environments
where the amount of information to be logged is huge and the rate at
which it accumulates is ve
On Fri, Oct 10, 2014 at 09:48:26PM +0530, Suresh Ramasubramanian wrote:
> Call it triage. When a minuscule amount of mailing list traffic is weighed
> against huge volumes of forged spam and phish...
Triage as an abuse mitigation tactic is fine. But where that triage
needs to be applied, and whe
FYI, I migrated to Mailman 2.1.18-1 shortly after Yahoo decided to break
every mailing list on the Internet for no good reason. (It certainly
has done nothing to mitigate the ongoing flow of spam, phishing and
other abuse coming from Yahoo, which continues pretty much as it has
for many years.)
I
Restaurants worth visiting: the Waterfront Kitchen (pricey, worth it,
harbor views), The Helmand (Afghan, delicious, charming hosts),
McCormick & Schmick's (seafood, harbor views), The Black Olive (Greek),
B&O Brasserie (great cocktails too), Sotto Sopra (Italian),
Da Mimmo's (Italian)
Restaurants
On Fri, Oct 03, 2014 at 08:54:32AM +1000, Mark Andrews wrote:
> Or it will require legislation and I will assure that whatever is
> written not be liked. On the other hand everyone one in the country
> will be in the same boat.
I concur with you -- strongly. Legislation is not the answer, becaus
On Thu, Oct 02, 2014 at 02:24:18PM -0400, Brian Rak wrote:
> What about providers who knowingly allow IP spoofing, because it's
> profitable?
What about providers who knowingly host massive spam operations, because
it's profitable? As in:
http://www.spamhaus.org/statistics/networks/
We'
On Tue, Sep 16, 2014 at 09:48:45AM +0100, James Bensley wrote:
> What is the single best book you have read on networking?
Elements of Networking Style, Michael A. Padlipsky, 1984. How could anyone
*not* love a book which includes this in the foreword:
Brace yourselves. We are about to
On Fri, Sep 05, 2014 at 07:01:41PM -0400, ITechGeek wrote:
> As a replacement, you can use Amazon SES and verify single email addresses
> if you don't have access over the whole domain.
Not if you want people to accept your mail. Thanks to Amazon's policy
of (a) allowing unlimited spam and (b) ig
On Wed, Sep 03, 2014 at 10:00:17AM +0100, Isaac Adams wrote:
> As a general rule, do you all fund employees certification and if so what
> kind of levels do you try to maintain as good practice?
No and none. I see value in competence, practice, experience, education
and the inevitable bitter less
On Sun, Aug 10, 2014 at 11:25:36PM +0500, Alexander Merniy wrote:
> Move ssh to a non-standart port + fail2ban - best solution.
No, it is not.
The best solution is to enumerate the ranges from which legitimate ssh
connections will originate and firewall *everything* else. Yes, this
means (gasp!
On Fri, Jul 25, 2014 at 05:35:45PM -0700, Scott Weeks wrote:
> One day, hopefully, telecommuting really takes off [...]
It often strikes me as incredibly ironic that companies which *would
not exist* were it not for the Internet are among the most resistant
to the simple, obvious concept that tele
On Wed, Jul 23, 2014 at 03:50:40PM -0500, Blake Hudson wrote:
> I would love to see the Verizon blog response on that...
I would love to see Verizon invest the resources (both financial and
personnel) that are being deployed to update their blog, lobby Congress,
lobby the FCC, astroturf, issue pre
On Mon, Jul 21, 2014 at 08:56:41PM +, Alex Rubenstein wrote:
> I live in 07874. Out here, only 50 miles from New York City, we have a
> problem.
You also have another problem, which I'll get to in a moment.
> Verizon's network in this area is older than most people who are
> subscribed to th
On Wed, Jun 11, 2014 at 01:00:58PM -0700, goe...@anime.net wrote:
> Looks like they've finally completely blocked off their abuse mailboxes.
That's not a problem. Now that Yahoo has deployed DMARC, all the spam,
phishing, carding, stalking, kiddie porn, fraud, and other choice bits
of unpleasantn
On Mon, Apr 14, 2014 at 10:33:40AM -0700, Matthew Petach wrote:
> So, I take it you prefer a world in which there's no sender
> validation, and receiving floods of spoofed sender email
> spam is just part of the price of being on the internet?
Sender validation means NOTHING in a world with hundre
On Fri, Apr 11, 2014 at 04:03:36PM -0400, William Herrin wrote:
> If you told me they used it against the targets of the day while
> putting out the word to patch I could buy it, but intentionally
> leaving a certain bodily extension hanging in the breeze in the hopes
> of gaining more valuable dat
I'm not forwarding this to get into politics. I'm forwarding it
because of the impact on operational security. Given the recent "I hunt
sysadmins" leak, I think it's not unreasonable to suggest that everyone
on this list has probably been targeted because of their privileged
access to networks/se
On Thu, Apr 10, 2014 at 03:22:24PM -0400, Kee Hinckley wrote:
> I suspect they looked at the amount of spam they could stop [...]
Which is, to a very good first approximation, zero.
Nearly all (at least 99% and likely quite a bit more) of the spam [as
observed by my numerous spamtraps] that purpo
I agree to a large extent with your comments/observations, but I'd
like to focus on one point in particular:
On Wed, Apr 09, 2014 at 11:00:57PM -0400, Andrew Sullivan wrote:
> So, I'm trying to imagine the presentation slide on which appears the
> advice to implement the controversial adopted poli
An aside:
On Wed, Apr 09, 2014 at 05:15:59PM -0400, William Herrin wrote:
> Maybe this is a good thing - we can stop getting all the "sorry I'm
> out of the office" emails when posting to a list.
I entirely support that goal, but my preferred solution is the complete
eradication of the software (
On Wed, Apr 09, 2014 at 07:13:47AM -0800, Royce Williams wrote:
> Am I interpreting this correctly -- that Yahoo's implementation of
> DMARC is broken, such that anyone using a Yahoo address to participate
> in a mailing list is dead in the water?
Yes. It seems that Yahoo wasn't content with just
On Wed, Mar 26, 2014 at 10:07:22AM -0400, Lamar Owen wrote:
> That way? Make e-mail cost; have e-postage.
This is a FUSSP. It has been quite thoroughly debunked and may be
dismissed instantly, with prejudice.
---rsk
On Tue, Mar 25, 2014 at 10:16:37PM -0500, Jimmy Hess wrote:
> Would it make it more unique; if I suggested creation of a new distributed
> Cryptocurrency something like 'MAILCoin' [...]
This is attempt to splash a few drops of water on the people who own
the oceans. It won't work, for the same
On Tue, Mar 25, 2014 at 11:35:57PM -, John Levine wrote:
> It has nothing to do with looking down on "subscribers" and everything
> to do with practicality. When 99,9% of mail sent directly from
> consumer IP ranges is botnet spam, and I think that's a reasonable
> estimate, [...]
Data point:
On Tue, Mar 25, 2014 at 02:57:15PM -0600, Brielle Bruns wrote:
> Nothing wrong with my mail server setup, except the lack of RDNS.
> Lacking reverse should be one of many things to consider with
> rejecting e-mails, but should not be the only condition.
Lack of rDNS means either (a) there is somet
It's never appropriate to respond to abuse with abuse. Not only is
it questionable/unprofessional behavior, but -- as we've seen -- there
is a high risk that it'll exacerbate the problem, often by targeting
innocent third parties.
I understand the frustration but this is not the way.
---rsk
ipdeny.com provided a highly useful service: IP address allocations
on a per-country basis. The site's still live but all (or nearly
all) the data files are empty. The blog hasn't been updated, and
email via their contact form goes unanswered. I'd like to know if
anybody here has a clue as to wh
I suggest moving this to mailop, where it arguably belongs. But I'm
going to follow up on a few points, anyway.
First, I forgot to mention two other highly effective mail system
defense methods: geoblocking and passive OS fingerprinting.
Geoblocking: A mail server for a local construction busine
On Wed, Nov 06, 2013 at 07:31:54PM -0500, Jon Lewis wrote:
> If you know you have pro spammers on your network, the question
> isn't how much to obfuscate spam complaints you receive...it's why
> haven't you terminated the customer(s)?
Another question is "why are you relying on third parties to t
On Sun, Nov 03, 2013 at 12:39:25PM -0400, rw...@ropeguru.com wrote:
> I am looking for some info on current practice for an email server
> and SMTP delivery. It has been a while since I have had to setup an
> email server and I have been tasked with setting up a small one for
> a friend. My questio
On further reflection:
It occurs to me that if a lone researcher conducted such an intrusion
against the security and privacy of email (and its contents) (and
its users), possible outcomes might include a raid by heavily-armed
authorities, confiscation of anything that even looks like an electron
(My apologies to those of you who are also on the mailop list and
have already seen these remarks.)
This isn't particularly surprising: LinkedIn are spammers. Have been
since forever. They hit real addresses, fake addresses, mailing lists,
spamtraps, never-existed addresses, everything.
And li
On Wed, Sep 18, 2013 at 11:59:13AM -0500, John LeCoque wrote:
> I would say the first step is to find an immediate workaround for your end
> users - maybe bring up a VM on AWS or some other cloud provider to use as
> an SMTP relay while you work out the blacklist issue.
Not a good idea. It's a be
On Fri, Jul 26, 2013 at 10:42:18AM -0700, goe...@anime.net wrote:
> Because your mail servers are broken. Because you put spamfilters on
> your abuse@ mailbox, IF you even have an abuse@, which a lot of you
> don't. Because we tried calling, and your tier1 are clueless.
>
> Fix your mailservers. T
First: this is a fascinating discussion. Thank you.
Second:
On Sat, Jun 15, 2013 at 01:56:34AM -0500, Jimmy Hess wrote:
> There will be indeed be _plenty_ of ways that a low bit rate channel
> can do everything the right adversary needs.
>
> A few bits for second is plenty of data rate for se
On Thu, Jun 13, 2013 at 09:11:35PM -0400, Scott Helms wrote:
> I challenge your imagination to come up with a
> common scenario where a non targeted "I'm/they're here" that's useful to
> either the company or the Chinese government keeping in mind that you have
> no fore knowledge of where these de
On Thu, Jun 13, 2013 at 03:55:24PM -0700, Adrian wrote:
> Extraordinary claims require extra ordinary proof.
Thanks for the pointers; most enlightening. (And I say that even
before coffee has taken full effect. I'll re-read once it has.)
However, and perhaps I should have explained this in my o
On Thu, Jun 13, 2013 at 06:10:39PM +0200, Randy Bush wrote:
> we really should not be putting huawei kit into the backbone, there
> might be backdoors where they can spy on our traffic
This paper may be relevant to the topic at hand (h/t to Rob Slade):
http://www.scribd.com/doc/95282643/
On Wed, Jun 12, 2013 at 09:30:53PM -0400, valdis.kletni...@vt.edu wrote:
> Ask the ex-CEO of Qwest what happens if you try to turn down an
> offer the NSA makes you. :)
Ah, yes. This:
https://mailman.stanford.edu/pipermail/liberationtech/2013-June/008815.html
---rsk
I'm going to bypass the academic vs. non-academic security argument
because I've worked everywhere, and from a security viewpoint, there
is plenty of fail to go around.
On Tue, Jun 11, 2013 at 09:37:04PM -0400, Ricky Beam wrote:
> I run a default deny
> policy... if nothing asked for it, it doesn'
On Sat, Jun 08, 2013 at 06:23:19AM +, Dobbins, Roland wrote:
> There's another potential explanation: [snip]
*puts on evil hat, adjusts for snug fit*
Targeting the technical people who actually have their hands on the
gear might be the best choice. They don't have the power, wealth
and soapb
On Mon, Jun 03, 2013 at 09:17:46PM +0200, Alexander Maassen wrote:
> Could someone from yahoo please contact me off list please? [snip]
1. This would be better directed to the mailop list, please see:
http://chilli.nosignal.org/mailman/listinfo/mailop
2. I have yet to see any evidence th
1. The mailman-users list is here:
http://mail.python.org/mailman/listinfo/mailman-users
2. Blocking one IP address is not usually sufficient.
If you don't need email from India (or any other country for
that matter) to reach that list, then you should block the
entire country from that V
This is probably much more appropriate over on mailop; please see:
http://chilli.nosignal.org/mailman/listinfo/mailop
I don't recall offhand is any Spamcop personnel hang out there, but
it's plausible to think they might.
---rsk
On Tue, Apr 30, 2013 at 12:47:40PM -0400, Jared Mauch wrote:
> If the phishing attack is against an enterprise that is also an ISP,
> surely you can imagine a case where they might block traffic to prevent
> folks from being phished.
This is not an effective anti-phishing tactic, any more than "us
I think this would be a good time for me to quote the best thing
I've ever read on NANOG:
If you give people the means to hurt you, and they do it, and
you take no action except to continue giving them the means to
hurt you, and they take no action except to keep hurting yo
On Wed, Mar 27, 2013 at 12:30:43PM -0700, Paul Ferguson wrote:
> Consider this a call-to-arms, in all aspects. Please.
+1
No. Not enough. +10.
But...our collective track record in responding in a timely and effective
fashion to such calls is not very good. Twenty years ago we could have
kille
On Wed, Mar 27, 2013 at 11:20:54AM +, Nick Hilliard wrote:
> I'm struggling to understand why it's necessary to hard-code dns servers
> into the ip networking configuration of a portable device. By definition,
> these devices will already have dhcp enabled.
It's necessary because many operati
On Sun, Mar 10, 2013 at 12:09:03PM +, Dobbins, Roland wrote:
> First-aid kit.
Definitely yes. And let me suggest that while buying an off-the-shelf
kit will probably suffice for most uses, there is one a la carte addition
that I strongly recommend: Quikclot. It's (relatively) expensive. It'
I'll leave the rest of your comments/questions to others, but on this:
On Sat, Mar 02, 2013 at 01:58:09PM -0800, Constantine A. Murenin wrote:
> And in regards to yelp and retailmenot; why are they blocking Linode
> customers in 173.230.144.0/20? I've tried contacting both on multiple
> occasions
201 - 300 of 451 matches
Mail list logo