This comes from Lauren Weinstein's list and it's worth a read.
It's a bill introduced into legislation, who knows where and when
and if it will become law but, wow.
http://lauren.vortex.com/Cyber-S-2009.pdf
I'll just give you a teaser:
SEC. 9. SECURE DOMAIN NAME ADDRESSING SYSTEM.
3 (a)
On Sat, Apr 4, 2009 at 2:33 PM, Jeff Young yo...@jsyoung.net wrote:
This comes from Lauren Weinstein's list and it's worth a read.
It's a bill introduced into legislation, who knows where and when
and if it will become law but, wow.
http://lauren.vortex.com/Cyber-S-2009.pdf
Relying on Lauren
I looked at the configurations yesterday on the routers. The vty line does not
have any transport line below it. All the routers showing Rlogin enabled
have similar configuration.
What are the default services that are enabled for vty on IOS 12.4? I know
there are only telnet, SSH and
On 4/3/09, Subba Rao castellan2004-...@yahoo.com wrote:
I did see a few false positives too with Nipper. What do you think about
Router Audit Tool (RAT) instead?
RAT is the approved IOS security audit tool at $work, so it doesn't
matter what I think about it :)
But it is fairly nice ... as
On 4/4/09, Subba Rao castellan2004-...@yahoo.com wrote:
I looked at the configurations yesterday on the routers. The vty line does
not have any transport line below it. All the routers showing Rlogin
enabled have similar configuration.
What are the default services that are enabled for vty
Read it again. It says all government networks and any network the
president deems vital, I'd have to assume that would at least be all
of the major backbones.
What's the point of picking on the source of the information? Sure
his list is moderated and a bit self-serving, that's why you
Suresh Ramasubramanian wrote:
On Sat, Apr 4, 2009 at 2:33 PM, Jeff Young yo...@jsyoung.net wrote:
This comes from Lauren Weinstein's list and it's worth a read.
It's a bill introduced into legislation, who knows where and when
and if it will become law but, wow.
On Sat, Apr 4, 2009 at 9:47 PM, Jeff Young yo...@jsyoung.net wrote:
Read it again. It says all government networks and any network the
president deems vital, I'd have to assume that would at least be all of the
major backbones.
Deeming something vital / critical has a whole lot of extra
On Fri, 3 Apr 2009, Charles Wyble wrote:
This is probably a good time to remind the uninitiated to have some
secondary DNS with a totally separate company if your DNS is that
important to you.
Preferably with a provider that announces out of multiple ASN :)
ATT and Akami both provide good
On Sat, Apr 4, 2009 at 2:05 PM, Peter Beckman beck...@angryox.com wrote:
On Fri, 3 Apr 2009, Charles Wyble wrote:
This is probably a good time to remind the uninitiated to have some
secondary DNS with a totally separate company if your DNS is that
important to you.
Preferably with a
* Jeff Young:
If only we knew: to achieve a secure DNS all you need to do is
publish a notice in the Federal Register.
In the end, this is how we got many of our (non-public-key)
cryptographic algorithms, and people seem to be quite happy about
them.
* Peter Beckman:
I can highly recommend DNSmadeEasy.com. Inexpensive, Anycasted, always
fast and reliable. Good for primary and/or secondary, IMO, though it is
sage advice to use two different providers if you are super ultra serious
about never being down.
Or put some of your DNS
IMHO, fate-sharing as a strategy for increasing availability is
somewhat underrated.
from rfc 2182
3.3. A Myth Exploded
An argument is occasionally made that there is no need for the domain
name servers for a domain to be accessible if the hosts in the domain
are unreachable. This
* Randy Bush:
IMHO, fate-sharing as a strategy for increasing availability is
somewhat underrated.
from rfc 2182
Randy, I didn't write, don't keep off-site name servers. I wrote,
keep on-site name servers, even if you pay for off-site name
service.
3.3. A Myth Exploded
+ While
But looking back at incidents such as the Zonelabs/Abovenet issue,
your advice is correct for the network we have today.
as that rfc is over a decade old, i am not optimistic that change is
neigh sigh.
and it is amusing to see
;; ANSWER SECTION:
harvard.edu.10794 IN NS
I suggest that we wait until the actual text of S.778 actually shows
up at http://thomas.loc.gov before reacting to hyperbolic analysis of
drafts not actually assigned to the Committee on Homeland Security and
Governmental Affairs. Although I am concerned with what has been
attributed to
* Randy Bush:
But looking back at incidents such as the Zonelabs/Abovenet issue,
your advice is correct for the network we have today.
as that rfc is over a decade old, i am not optimistic that change is
neigh sigh.
DNSSEC obscures quite a few failures which can hit secondaries. I
think it
The problem I have with both RAT and Nipper is they're geared towards
security and I'm more interested in verifying that the routers are
configured correctly. What kind of tools are people using for that?
For an example of the type of thing I'm interested in, see
filter_audit in the
Wrong bill. You want S.773, not S.778. There were two bills introduced
concerning cyber security. The one that has everybody talking is S.773.
S.778 concerns the creation of the Office of National Cybersecurity Advisor
within the Executive Office of the President.
S.773
Title: A bill to ensure
Guys,
are you having problems to validate DNSEC using ISC DLV?
Regards,
--
Marcelo Gardini do Amaral
www.spin.blog.br
--
$cd /pub
$more beer
On Sat, Apr 4, 2009 at 11:55 PM, Marcelo Gardini do Amaral
mgard...@gmail.com wrote:
are you having problems to validate DNSEC using ISC DLV?
Yes, I had to disable DNSSEC validation a few hours ago to get DNS
resolution operating again.
--
Jeff Ollie
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Apr 4, 2009 at 9:55 PM, Marcelo Gardini do Amaral
mgard...@gmail.com wrote:
Guys,
are you having problems to validate DNSEC using ISC DLV?
No idea, but I did see another reference to this over on the OARC dns-ops
list:
22 matches
Mail list logo
