Roy Badami <[EMAIL PROTECTED]> wrote:
[...]
> Interesting, thanks. TBH, I really don't understand why Cisco have
> kept the classful support for this long...
When a friend was doing a CCNA back in 2003-ish, Cisco were still
teaching classful addressing. There was plenty of other misinformation
th
On Mon, 15 Aug 2005 [EMAIL PROTECTED] wrote:
Roy Badami <[EMAIL PROTECTED]> wrote:
[...]
Interesting, thanks. TBH, I really don't understand why Cisco have
kept the classful support for this long...
When a friend was doing a CCNA back in 2003-ish, Cisco were still
teaching classful addres
Below is a periodic public report from the drone armies / botnets
research and mitigation mailing list.
For this report it should be noted that we base our analysis on the data
we have accumulated from various sources.
According to our incomplete analysis of information we have thus far, we
now
Hi guys.
Zotob, once infected, connects the machine to a botnet C&C (command &
control) server.
Due to the extremely rapid spread of these worms, here is the C&C
servers information that has been confirmed so far:
62.193.233.52:8080
84.244.7.62:8080
204.13.171.157:8080
62.193.233.4:8080
ASN
[ SNIP ]
> Below is a periodic public report from the drone armies / botnets
> research and mitigation mailing list.
> For this report it should be noted that we base our analysis
> on the data
> we have accumulated from various sources.
>
> According to our incomplete analysis of information
We haven't seen it yet on our network, but I was hoping somebody
might have a text dump or packet capture of the C&C traffic that they
would be willing to send me so I can tune our IDS to recognize it.
I already have exploit rules loaded, just wanted to see if the C&C
traffic varied sig
I heard from several different big ISP's that to stop the spread of the
worm they now block tcp/445. I suppose it works.
Gadi.
On Aug 13, 2005, at 12:03 AM, Fergie (Paul Ferguson) wrote:
Good suggestions for Gadi. ,-)
- ferg
-- "Christopher L. Morrow" <[EMAIL PROTECTED]> wrote:
cool, among the 800k+ complaints we see a month (yes, 800k) there are
quite a few completely useless ones :( Anything sent in as a
compl
Michael Grinnell wrote:
We haven't seen it yet on our network, but I was hoping somebody might
have a text dump or packet capture of the C&C traffic that they would
be willing to send me so I can tune our IDS to recognize it.I
already have exploit rules loaded, just wanted to see if th
NetBIOS was never meant to be a WAN protocol, so no problem
in blocking it.
For example: grc.com/su-techzone1.htm
scott
- Original Message Follows -
From: Gadi Evron <[EMAIL PROTECTED]>
To: nanog list
Subject: zotob - blocking tcp/445
Date: Mon, 15 Aug 2005 21:51:43 +0200
> I heard f
On (2005-08-15 18:51 +), [EMAIL PROTECTED] wrote:
> NetBIOS was never meant to be a WAN protocol, so no problem
> in blocking it.
I'm not nearly confident enough to decide on behalf of almost
billion other people how they should benefit from the Internet
and how not to.
There are real solu
> I'm not nearly confident enough to decide on behalf of almost
> billion other people how they should benefit from the Internet
> and how not to.
thanks for that!
> There are real solutions to the problem, which include monitoring
> the end-user traffic and do traffic steering for infected host
On (2005-08-15 09:28 -1000), Randy Bush wrote:
> > There are real solutions to the problem, which include monitoring
> > the end-user traffic and do traffic steering for infected hosts
> > to a web page thats helps solving their problem.
>
> for we who are under-clued, do you have a url for sug
In message <[EMAIL PROTECTED]>, Randy Bush writes:
>
>> I'm not nearly confident enough to decide on behalf of almost
>> billion other people how they should benefit from the Internet
>> and how not to.
>
>thanks for that!
Indeed. Also see http://www.iab.org/documents/docs/2003-10-18-edge-filter
- Original Message Follows -
From: Saku Ytti <[EMAIL PROTECTED]>
To: nanog list
Subject: Re: zotob - blocking tcp/445
Date: Mon, 15 Aug 2005 22:22:10 +0300
> On (2005-08-15 18:51 +), [EMAIL PROTECTED] wrote:
>
> > NetBIOS was never meant to be a WAN protocol, so no
> > problem in blo
>>> I'm not nearly confident enough to decide on behalf of almost
>>> billion other people how they should benefit from the Internet
>>> and how not to.
>> thanks for that!
> Indeed. Also see
> http://www.iab.org/documents/docs/2003-10-18-edge-filters.html
as i just replied to a private message
The question of self promotion came back split down
the middle.
It was noted that IL CERT does a fantastic job seeing that
there are no IL networks listed. Or none that are easily
identifiable.
YMMV.
-M<
--
Martin Hannigan (c) 617-388-2663
VeriSign, Inc.
On Mon, 15 Aug 2005, [EMAIL PROTECTED] wrote:
>
>
> NetBIOS was never meant to be a WAN protocol, so no problem
> in blocking it.
rule #1: do not be the Internet's Firewall
rule #2: see rule #1
a leaf network can make any decisions they want on traffic filtering,
large ISP's should probably no
Going further I think IL-CERT is doing a great service to the Internet
community. Their alerts allow to responsible network admins to investigate and
to preserve their networks clean of debris like spyware and trojans.
Do what you want with your networks, but PLEASE keep the Internet clean.
> Going further I think IL-CERT is doing a great service to the
> Internet community. Their alerts allow to responsible network
> admins to investigate and to preserve their networks clean of
> debris like spyware and trojans.
The point is that aged data is an eternity when you're
talking
On Mon, 15 Aug 2005, MARLON BORBA wrote:
>
> Going further I think IL-CERT is doing a great service to the Internet
> community. Their alerts allow to responsible network admins to
I don't think anyone disputed the 'good work'. The dispute, as often is
the case with these sorts of reports, is '
Chris,
This isn't directed at you, just adding my 2 cents to the thread ...
On Aug 15, 2005, at 3:29 PM, Christopher L. Morrow wrote:
On Mon, 15 Aug 2005, [EMAIL PROTECTED] wrote:
NetBIOS was never meant to be a WAN protocol, so no problem
in blocking it.
rule #1: do not be the Internet's F
On 8/15/05 4:46 PM, "Randy Bush" <[EMAIL PROTECTED]> wrote:
>
I'm not nearly confident enough to decide on behalf of almost
billion other people how they should benefit from the Internet
and how not to.
>>> thanks for that!
>> Indeed. Also see
>> http://www.iab.org/documents/doc
On Mon, 15 Aug 2005, Daniel Golding wrote:
>
>
> On 8/15/05 4:46 PM, "Randy Bush" <[EMAIL PROTECTED]> wrote:
>
> >
> I'm not nearly confident enough to decide on behalf of almost
> billion other people how they should benefit from the Internet
> and how not to.
> >>> thanks for th
> While its not uncommon to run SMB/Windows file system drive mounts across
> private WANs, doing so across the Internet, on a non-encrypted tunnel, is
> the equivalent of running with scissors.
yep. agree. but, as it does not damage the track, and only opens
the runner to harm, as the track ma
> > Going further I think IL-CERT is doing a great service to the Internet
> > community. Their alerts allow to responsible network admins to
> > investigate and to preserve their networks clean of debris like spyware
> > and trojans.
>
> The point is that aged data is an eternity when you're tal
>'enterprise security folks' are probably not the issue... The fact
remains
>that lots of folks DO do this :( There are quite a few folks between
>'consumer' and 'enterprise' that do all manner of dumb things on the
>Internet (where 'dumb' is equivalent to running smb shares across the
>public n
On Mon, 15 Aug 2005, Church, Chuck wrote:
>
>
> >'enterprise security folks' are probably not the issue... The fact
> remains
> >that lots of folks DO do this :( There are quite a few folks between
> >'consumer' and 'enterprise' that do all manner of dumb things on the
> >Internet (where 'dumb'
Randy Bush wrote:
I'm not nearly confident enough to decide on behalf of almost
billion other people how they should benefit from the Internet
and how not to.
thanks for that!
Indeed. Also see
http://www.iab.org/documents/docs/2003-10-18-edge-filters.html
as i just replied to a private m
MARLON BORBA wrote:
Going further I think IL-CERT is doing a great service to the Internet
community. Their alerts allow to responsible network admins to investigate and
to preserve their networks clean of debris like spyware and trojans.
Do what you want with your networks, but PLEASE keep t
> the
> summaries are primarily useful for C&C's that are still alive
> a month later
> even though plenty of notices have been sent to the relevant
> NOC's. in
> other words it's sort of like defcon's "wall of sheep". i
> like the approach.
Wall of sheep certainly is humorous, but IL CERT
On Tue, 16 Aug 2005, Gadi Evron wrote:
>
> Randy Bush wrote:
> I'm not nearly confident enough to decide on behalf of almost
> billion other people how they should benefit from the Internet
> and how not to.
> >>>
> >>>thanks for that!
> >>
> >>Indeed. Also see
> >>http://www.iab.org
On Tue, 16 Aug 2005 [EMAIL PROTECTED] wrote:
> On Mon, 15 Aug 2005 20:05:30 MDT, Shane Amante said:
>
> > Leaf network filtering (or not) is largely solved.
>
> Ahem. :)
>
> If this was a "solved" problem, we'd not be having a thread about a zotob
> worm.
>
thank you.
On Mon, 15 Aug 2005 20:05:30 MDT, Shane Amante said:
> Leaf network filtering (or not) is largely solved.
Ahem. :)
If this was a "solved" problem, we'd not be having a thread about a zotob worm.
There's a *very* large gap between "the clued know of a range of suitable
solutions" and "the great
Michael Grinnell wrote:
We haven't seen it yet on our network, but I was hoping somebody might
have a text dump or packet capture of the C&C traffic that they would
be willing to send me so I can tune our IDS to recognize it.I
already have exploit rules loaded, just wanted to see if th
[snip arguments]
Do not become the internet firewall for your large customer base... it's
bad.
Okay, so please allow me to alter the argument a bit.
Say we agreed on:
1. Security is THEIR (customers') problems, not yours.
2. You are not the Internet's firewall.
That would mean you would st
On Aug 15, 2005, at 9:39 PM, Hannigan, Martin wrote:
the
summaries are primarily useful for C&C's that are still alive
a month later
even though plenty of notices have been sent to the relevant
NOC's. in
other words it's sort of like defcon's "wall of sheep". i
like the approach.
Wall of s
At 05:05 PM 15-08-05 -0400, Hannigan, Martin wrote:
It was noted that IL CERT does a fantastic job seeing that
there are no IL networks listed. Or none that are easily
identifiable.
It is not IL-CERT but rather peer pressure on an internal Israeli ISP
mailing list. Incidentally, there are 2
I've always been kind of conflicted with this issue. I mean, providers
blocking traffic at all.
On the one hand, I'm a corporate customer, and if I'm being DOSed or
infected, I would want to be able to call my ISP and have it blocked.
On the other hand, I truly feel that I pay my ISPs to pass t
39 matches
Mail list logo
