Hi,
On 7 Jun 2010, at 23:02, Joel M Snyder joel.sny...@opus1.com wrote:
On 6/7/10 11:51 PM:
Has anyone ever heard of a multi-homed enterprise not running bgp with
either of 2 providers, but instead, each provider statically routes a block
to their common customer and also each originates
Hi,
This morning there was an ethernet loop problem on DECIX, causing many
BGP sessions to flap throughout the entire platform.
While this can happen, I am myself facing with BGP convergence
problems on our DECIX router (SUP720-3BXL with IOS SXI3).
De DECIX loop has been solved two hours ago,
Dear Andy
This morning there was an ethernet loop problem on DECIX, causing many
BGP sessions to flap throughout the entire platform.
While this can happen, I am myself facing with BGP convergence
problems on our DECIX router (SUP720-3BXL with IOS SXI3).
De DECIX loop has been solved two hours
I finally decided to shut down all peerings and brought them back one by one.
Everything is stable again, but I don't like the way I had to deal
with it since it will most likely happen again when DECIX or an other
IX we're at is having issues.
I've seen a few BGP convergence discussions on
[Apologies for duplicates]
APNIC 30 - Call for Papers
The APNIC 30 Program Committee is now seeking presentations for APNIC
30 to be held at Gold
On Jun 8, 2010, at 10:27 AM, Andy B. wrote:
I finally decided to shut down all peerings and brought them back one by one.
Everything is stable again, but I don't like the way I had to deal
with it since it will most likely happen again when DECIX or an other
IX we're at is having issues.
On Tue, Jun 8, 2010 at 7:27 AM, Andy B. globic...@gmail.com wrote:
I finally decided to shut down all peerings and brought them back one by one.
Everything is stable again, but I don't like the way I had to deal
with it since it will most likely happen again when DECIX or an other
IX we're at
On Tue, Jun 08, 2010 at 12:22:04PM -0400, Jared Mauch wrote:
The Cisco 7600 and 6500 platforms are getting fairly old and have
underpowered cpus these days.
Starting in SXH the control plane did not scale quite as well as in
SXF. This got better in SXI, but is not back on par with SXF
From the NetSec mailing list...
At http://www.timesonline.co.uk/tol/news/world/article7144856.ece
June 6, 2010
Nato warns of strike against cyber attackers
Michael Smith and Peter Warren
NATO is considering the use of military force against enemies who launch
cyber attacks on its member
Jorge Amodio wrote:
So NANOGer's, what will be the game plan when something like this
happens, will you be joining NATO and pulling fiber. I wonder when all
types of warm-fuzzy filtering will be drafted into networking: Thou
shall re-read RFC4953 lest you want Predator strikes on your NAP
[In the message entitled Re: Nato warns of strike against cyber attackers on
Jun 8, 16:03, J. Oquendo writes:]
All humor aside, I'm curious to know what can anyone truly do at the end
of the day if say a botnet was used to instigate a situation. Surely
someone would have to say something to
None of this needs to be done for free. There needs to be a security
fee charged _all_ customers, which would fund the abuse desk.
With more than 100,000,000 compromised computers out there, it's really
time for us to step up to the plate, and make this happen.
Or you should send the bill
Brielle Bruns wrote:
Problem is, there's no financial penalties for providers who ignore
abuse coming from their network.
DNSbl lists work only because after a while, providers can't ignore
their customer complaints and exodus when they dig deep into the
bottom line.
We've got several
On 6/8/2010 15:44, J. Oquendo wrote:
Brielle Bruns wrote:
Problem is, there's no financial penalties for providers who ignore
abuse coming from their network.
DNSbl lists work only because after a while, providers can't ignore
their customer complaints and exodus when they dig deep into the
So let's say a cyber-attack originates from Chinese script kiddie.
Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark,
Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia,
Lithuania, Luxembourg, Netherlands, Norway, Poland, Portugal, Romania,
Slovakia, Slovenia,
On 6/8/10 3:08 PM, Peter Boone wrote:
So let's say a cyber-attack originates from Chinese script kiddie.
Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark,
Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia,
Lithuania, Luxembourg, Netherlands, Norway, Poland,
On 2010-06-08 13:03, J. Oquendo wrote:
Jorge Amodio wrote:
All humor aside, I'm curious to know what can anyone truly do at the end
of the day if say a botnet was used to instigate a situation. Surely
someone would have to say something to the tune of better now than
never to implement BCP
On Jun 8, 2010, at 5:15 13PM, Brielle Bruns wrote:
On 6/8/10 3:08 PM, Peter Boone wrote:
So let's say a cyber-attack originates from Chinese script kiddie.
Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark,
Estonia, France, Germany, Greece, Hungary, Iceland, Italy,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Jun 8, 2010 at 1:30 PM, Brielle Bruns br...@2mbit.com wrote:
On 6/8/10 2:12 PM, Dave Rand wrote:
It's really way, way past time for us to actually deal with compromised
computers on our networks. Abuse desks need to have the power to
The Cisco 7600 and 6500 platforms are getting fairly old and have
underpowered cpus these days.
the hamsters in them were never well fed, ever. though i have never run
one, too yucchhy, i have measured receiving a research feed from one.
over ten minutes for a full table while a router takes
On 6/8/10 10:07 PM, J. Oquendo wrote:
So NANOGer's, what will be the game plan when something like this
happens, will you be joining NATO and pulling fiber. I wonder when all
types of warm-fuzzy filtering will be drafted into networking: Thou
shall re-read RFC4953 lest you want Predator strikes
On 6/9/10 12:50 AM, Marshall Eubanks wrote:
What any of this has to do with configuring routers escapes me.
I think Jay is worried about steps operators may have to take during
such an eventuality of an attack, not to mention the collateral damage
to the Internet infrastructure if DDoS is
Have no fear geolocation is here, you are not in peril. It will be a
surgical strike. If Google and others are willing to assist, they will know
exactly where to send the JDAM.
Chrome now collects data from your wireless card if you let it. When you are
asked where you are, Chrome then also
Military reply doesn't have to mean bombs and guns. There is nothing
keeping it form mean offensive cyber counter attacks. This would mean
manage the battlefields :)
On Tue, Jun 8, 2010 at 7:46 PM, Gadi Evron g...@linuxbox.org wrote:
On 6/9/10 12:50 AM, Marshall Eubanks wrote:
What any of
So let's say a cyber-attack originates from Chinese script kiddie.
Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark,
Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia,
Lithuania, Luxembourg, Netherlands, Norway, Poland, Portugal, Romania,
Slovakia,
[In the message entitled Re: Nato warns of strike against cyber attackers on
Jun 8, 14:30, Brielle Bruns writes:]
Legit customers get caught in the cross-fire, and they suffer - but at
the same time, those legit customers are the only ones that will be able
to force a change on said
Perhaps a government operated black-hole list, run by same friendly folks
that run the no-fly list, with a law that says no US ISP can send packets to
or accept packets from any IP on the list.
Now that would be some real fun to watch! :)
On Tue, Jun 8, 2010 at 8:27 PM, Dave Rand d...@bungi.com
Changes the meaning of guns a blazing
Bryan
On Jun 8, 2010, at 8:31 PM, jim deleskie deles...@gmail.com wrote:
Military reply doesn't have to mean bombs and guns. There is nothing
keeping it form mean offensive cyber counter attacks. This would mean
manage the battlefields :)
On Tue,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Jun 8, 2010 at 5:45 PM, Dorn Hetzel dhet...@gmail.com wrote:
Perhaps a government operated black-hole list, run by same friendly folks
that run the no-fly list, with a law that says no US ISP can send packets
to or accept packets from any
off and on list feedback welcome.
I'd personally like to get an idea of how many people are:
1) using the new Team Cymru BOGON lists *via BGP*
2) use the new v4 list
3) use the v6 list
4) monitor the Cymru BGP session as diligently as they would a
peer/provider session
5) attempted the BOGON
On Tue, 08 Jun 2010 19:23:17 CDT, Jorge Amodio said:
So let's say a cyber-attack originates from Chinese script kiddie.
Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark,
Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia,
Lithuania, Luxembourg,
We're using it...;)
Please see inline...
Paul
1) using the new Team Cymru BOGON lists *via BGP*
Yes
2) use the new v4 list
Yes
3) use the v6 list
Yes
4) monitor the Cymru BGP session as diligently as they would a
peer/provider session
Spot check it - in the several years we've used the
Actually I was thinking of my neighbor's noisy dog and what a predator
strike to his house would do. :)
-Original Message-
From: valdis.kletni...@vt.edu [mailto:valdis.kletni...@vt.edu]
Sent: Tuesday, June 08, 2010 8:32 PM
To: Jorge Amodio
Cc: na...@merit.edu
Subject: Re: Nato warns of
* globic...@gmail.com (Andy B.) [Tue 08 Jun 2010, 16:28 CEST]:
I finally decided to shut down all peerings and brought them back
one by one.
Sadly that's often the way it has to be done, modulo mild tweaks.
Everything is stable again, but I don't like the way I had to deal
with it since it
Dave,
I realize your fond of punishing all of us to subsidize the ignorant, but I
would rather see those with compromised machines pay the bill for letting their
machines get compromised than have to subsidize their ignorant or worse
behavior.
Owen
Sent from my iPad
On Jun 8, 2010, at 1:12
Lots of finger pointing.
Lots of discussion about who should pay, and so forth.
How about we just take responsibility for our own part. Don't malicious
traffic in or out.?
If it can't move, it will die.
--
Somebody should have said:
A democracy is two wolves and a lamb voting on what to have
[In the message entitled Re: Nato warns of strike against cyber attackers on
Jun 8, 13:33, Owen DeLong writes:]
I realize your fond of punishing all of us to subsidize the ignorant, =
but I would rather see those with compromised machines pay the bill for =
letting their machines get
Sent from my iToilet
why you will penalize with fees the end customer that may not know
that her system has been compromised because what she pays to Joe
Antivirus/Security/Firewall/Crapware is not effective against Billy
the nerd insecure code programmer ?
No doubt ISPs can do something, but
On Tue, 08 Jun 2010 22:01:35 CDT, Jorge Amodio said:
On the other hand think as the Internet being a vast ocean where the
bad guys keep dumping garbage, you can't control or filter the
currents that are constantly changing and you neither can inspect
every water molecule, then what do you do
Jorge Amodio wrote:
None of this needs to be done for free. There needs to be a security
fee charged _all_ customers, which would fund the abuse desk.
With more than 100,000,000 compromised computers out there, it's really
time for us to step up to the plate, and make this happen.
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Jun 8, 2010 at 8:59 PM, JC Dill jcdill.li...@gmail.com wrote:
I'm still truly amazed that no one has sic'd a lawyer on Microsoft for
creating an attractive nuisance - an operating system that is too
easily hacked and used to attack
Dave Rand wrote:
I'm fond of getting the issues addressed by getting the ISPs to be involved
with the problem. If that means users get charged clean up fees instead
of a security fee, that's fine.
I urge all my competitors to do that.
The problem isn't that this is a bad idea, the problem
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Jun 8, 2010 at 9:06 PM, JC Dill jcdill.li...@gmail.com wrote:
Dave Rand wrote:
I'm fond of getting the issues addressed by getting the ISPs to be
involved
with the problem. If that means users get charged clean up fees
instead
of a
Problem is there's no financial liability for producing massively exploitable
software.
No financial penalty for operating a compromised system.
No penalty for ignoring abuse complaints.
Etc.
Imagine how fast things would change in Redmond if Micr0$0ft had to pay the
cleanup costs for
On 6/8/2010 23:22, Paul Ferguson wrote:
Again, you can all continue to dance around and ignore the problem chance
the probability that the U.S. Government will step in and force you to do
it.
Pick your poison.
Or the world government will (note misspelled NATO in the Subject:).
--
On Jun 9, 2010, at 12:26 AM, Steven Bellovin wrote:
Problem is there's no financial liability for producing massively
exploitable software.
No financial penalty for operating a compromised system.
No penalty for ignoring abuse complaints.
Etc.
Imagine how fast things would change in
[In the message entitled Re: Nato warns of strike against cyber attackers on
Jun 9, 0:26, Steven Bellovin writes:]
A liability scheme, with penalties on users and vendors, is certainly =
worth considering. Such a scheme would also have side-effects -- think =
of the effect on open source
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Jun 8, 2010 at 9:36 PM, Patrick W. Gilmore patr...@ianai.net
wrote:
But it is not -just- market share. There are a lot more Windows Mobile
compromises, viruses, etc., than iOS, Symbian, and RIM. I think
combined. Yet Windows Mobile has
Hi,
On Tue, Jun 8, 2010 at 6:50 AM, Dale Cornman bstym...@gmail.com wrote:
Has anyone ever heard of a multi-homed enterprise not running bgp with
either of 2 providers, but instead, each provider statically routes a block
to their common customer and also each originates this block in BGP?
On 09-Jun-2010, at 12:36 PM, Patrick W. Gilmore wrote:
On Jun 9, 2010, at 12:26 AM, Steven Bellovin wrote:
Problem is there's no financial liability for producing massively
exploitable software.
No financial penalty for operating a compromised system.
No penalty for ignoring abuse
At 15:07 08/06/2010 -0400, J. Oquendo wrote:
At http://www.timesonline.co.uk/tol/news/world/article7144856.ece
A report by Albright¹s group said that a cyber attack on the critical
infrastructure of a Nato country could equate to an armed attack,
justifying
retaliation.
Eneken Tikk, a
I'm all for that, but, point is that people who fail to meet that standard are
currently getting a free ride. IMHO, they should pay and they should have
the recourse of being (at least partially) reimbursed by their at-fault software
vendors for contributory negligence.
Owen
On Jun 8, 2010, at
On Jun 8, 2010, at 8:01 PM, Jorge Amodio wrote:
Sent from my iToilet
why you will penalize with fees the end customer that may not know
that her system has been compromised because what she pays to Joe
Antivirus/Security/Firewall/Crapware is not effective against Billy
the nerd insecure
On Jun 8, 2010, at 9:06 PM, JC Dill wrote:
Dave Rand wrote:
I'm fond of getting the issues addressed by getting the ISPs to be involved
with the problem. If that means users get charged clean up fees instead
of a security fee, that's fine.
I urge all my competitors to do that.
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tue, Jun 8, 2010 at 10:22 PM, Owen DeLong o...@delong.com wrote:
Please, be for real -- the criminals go after the entrenched majority.
If it were any other OS, the story would be the same.
If this were true, the criminals would be all over
On Jun 3, 2010, at 10:39 AM, Jay Hennigan wrote:
Within less than 36 hours, you've gone from being tired of people coming
back months later (as if it had all been over and done a long time
ago) to It's been a very a small number of weeks (give them more time).
This is total nonsense. The
On Jun 4, 2010, at 7:24 AM, Rich Kulawiec wrote:
But I'll comment that from my outsider's view back here in the
cheap seats, what has happened is indistinguishable from a coup.
There is the lack of information about what really happened;
there is the nebulous citation of alleged problems whose
Having served my maximum 4 years on the PC, I would characterize my own
experience with interaction between the respective parties SC PC and
merit as congruent with that of Dan's. I would observe that over my now
13 year involvement with nanog that the community revolt that produced
the
On 6/8/10 3:25 PM, Jo Rhett wrote:
No, I'm not on the SC. I'm just here to ridicule...
+--+
| PLEASE |
| DO NOT |
| FEED THE |
| TROLL |
+--+
| |
| |
.\|.||/..
--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impulse Internet Service
On 6/8/10 3:25 PM, Jo Rhett wrote: and wrote and wrote and wrote
No, I'm not on the SC. I'm just here to ridicule...
+--+
| PLEASE |
| DO NOT |
| FEED THE |
| TROLL |
+--+
| |
| |
.\|.||/..
but, with no data from our fearless [0] leadership, what
60 matches
Mail list logo