Neil J. McRae wrote:
A number of explosion incidents have happened in London affecting
the tube causing website and mobile phone saturation and some
localised issues with the PSTN. From here we are able to route
calls ok and networks seems a little busier, The BBC and Sky TV
websites are very
Fergie (Paul Ferguson) wrote:
I know this is off-topic, but the "engineer's engineer"
died early today, ironically, on the 36th anniversaty of
the Apollo 11 lunar landing (20 July, 1969).
http://www.cnn.com/2005/SHOWBIZ/TV/07/20/obit.doohan.ap/index.html
So long, Mr. Scott. You'll be missed.
J. Oquendo wrote:
www.infiltrated.net/cisco/holygrail.pdf
I find it rather funny, really.
Back in defcon, everybody was trading the presentation quietly and eagerly.
Then every kiddie started asking if anyone wants it.
Then we all got URL's to download it from.
Then there was another pass
[EMAIL PROTECTED] wrote:
On Fri, 12 Aug 2005 12:33:40 EDT, "J. Oquendo" said:
their equipment. If it's IPv6 based only, and not that big of a threat,
then they should see no problem with the information being released.
The specific exploit was IPv6 only. The concept that IOS is a sane ope
Hello. The drone armies research and mitigation mailing list is moving
its reporting mechanism to the next level.
If you have updated contact information for any of the below AS owners,
please contact me _off-list_.
Thanks,
Gadi.
3MENATWORK - 3menatwork.com
AAPT AAPT Limited
ABACU
What happened to replies off-list? Anyway, good point about actual
ASN's, so here goes.
Do you mean to tell me you can't find contact info for ANY of those ISPs
on your own (like those ALTERNET guys, they're hard to track down)? Are
you trying to start a service for notifing ISPs when they h
Cisco flaw presentation spreads across the Web
FBI Investigation...
New copies of Michael Lynn's presentation on the Cisco router operating
system flaw are springing up faster than the lawyers can take them down
Cisco's lawyers are sending out cease-and-desist notices to Web sites
that have pu
.
Credit for gathering the data and compiling the statistics from our
group efforts should go to the Statistics Project lead:
Prof. Randal Vaughn <[EMAIL PROTECTED]>
--
Gadi Evron,
Israeli Government CERT Manager,
Tehila, Ministry of Finance.
[EMAIL PROTECTED]
Office: +972-2-5317890
Fax:
Hi guys.
Zotob, once infected, connects the machine to a botnet C&C (command &
control) server.
Due to the extremely rapid spread of these worms, here is the C&C
servers information that has been confirmed so far:
62.193.233.52:8080
84.244.7.62:8080
204.13.171.157:8080
62.193.233.4:8080
ASN
I heard from several different big ISP's that to stop the spread of the
worm they now block tcp/445. I suppose it works.
Gadi.
Michael Grinnell wrote:
We haven't seen it yet on our network, but I was hoping somebody might
have a text dump or packet capture of the C&C traffic that they would
be willing to send me so I can tune our IDS to recognize it.I
already have exploit rules loaded, just wanted to see if th
Randy Bush wrote:
I'm not nearly confident enough to decide on behalf of almost
billion other people how they should benefit from the Internet
and how not to.
thanks for that!
Indeed. Also see
http://www.iab.org/documents/docs/2003-10-18-edge-filters.html
as i just replied to a private m
MARLON BORBA wrote:
Going further I think IL-CERT is doing a great service to the Internet
community. Their alerts allow to responsible network admins to investigate and
to preserve their networks clean of debris like spyware and trojans.
Do what you want with your networks, but PLEASE keep t
Michael Grinnell wrote:
We haven't seen it yet on our network, but I was hoping somebody might
have a text dump or packet capture of the C&C traffic that they would
be willing to send me so I can tune our IDS to recognize it.I
already have exploit rules loaded, just wanted to see if th
[snip arguments]
Do not become the internet firewall for your large customer base... it's
bad.
Okay, so please allow me to alter the argument a bit.
Say we agreed on:
1. Security is THEIR (customers') problems, not yours.
2. You are not the Internet's firewall.
That would mean you would st
and again I point to the above rules. What your network can't handle
'scanning wise' is completely different from what the network I work on
can handle.
If your network is being jeopardized by some level of scanning they fix
that, but that is a local decision. Blindly stating "large isps filter
Randy Bush wrote:
Surely we realize that this discussion is not concerning the oft
repeated "Internet's Firewall" debate.
Its about containing a potential worm/virus outbreak. Call it a network
wide quarantine.
surely you realize that this discussion is not about civil rights
and the constit
Personally, I see doing business in China about as logical as, say, giving
430 6th graders laptops with Internet access, and expecting them to pay
attention in the classroom... Oh, and cutting the sports programs to
afford those laptops. Man, if someone had given me a laptop in 6th grade,
I wo
Bob Arthurs wrote:
I should add that my original statement pertains to (obviously) the
Chinese *government* alone! I am concerned about the repression that the
Chinese people experience, and the basic freedoms that they lack.
As far as 'China hate' is concerned- this definately doesn't app
we need to start getting prepared to better
defending the Internet as an International Infrastructure.
As I am sure that this will be an interesting discussion, I am also sure
this will eventually derail to a pointless argument over an un-related
matter, here on NANOG.
I'd appreciat
Here's something from bugtraq on it.
Gadi.
--- Begin Message ---
today news on SecurityLab.ru (only in russian):
http://www.securitylab.ru/news/240415.php
* break CRC on CISCO IOS
* Desgin Mechanism of cross-platform worm for IOS device.
* Run IRC server on 2600 CISCO.
* Found more vul
I'm curious as to why people think that the problem isn't being addressed?
Can you be any more cryptic?
:)
So, how isn't it being addressed?
The idea of Critical Infrastructure gets addressed in many countries.
Some of them do not include ISP's in the equation as they are a private
business. Some day, but can't force ISP's to cooperate.
Whatever gets done and re-done is local, whether by ISP or
Subnetwork specific worms? I only want to take down as1,
as2 and as3, for example, rather than a large-scale
'internet killer' outage.
Almost a year ago we had a crisis in Israel where something caused ONLY
Israeli ISP clients to stop being able to use their DSL connections, and
on the SAME
Do you mean to imply that it was a router code worm or a
normal worm? A "Warhol Worm" in a logically localized area
(an AS or three) utilizing router exploitations would be
spectacularly fast.
Sorry for not explaining.. my point with the IL story was to show of a
threat, not necessarily rela
RFC2827 came out in May 2000.
And that's something I will drink to every day. What has happened with
it since?
Based on its deployment history, where providers just have to act locally,
I suspect that a requirement that providers act globally will result in either:
a) I'll be collecting a
both in the US and abroad. We will update you as we proceed and when we
are done.
If you run an incident response team that can handle Internet abuse and
would like to take part, please contact us as well.
Thank you for your help.
Gadi Evron.
To report a Rita Phishing Scam to the MWP Call to Arms Rita Task Force,
please contact:
US-CERT at [EMAIL PROTECTED]
OR
SANS ISC at [EMAIL PROTECTED]
Gadi.
http://controlsystemssecurity.inl.gov/
Gadi.
In case you missed it, Steve Linford of Spamhaus, posted to the NANAE
newsgroup indicating he had been contacted by the FBI who also want to
follow up with any Rita Scams ASAP. Instructions are please forward any
scams that arrive in mail to your local Spamhaus volenteer. (IF you
don't know
Please, can't we just solve this with a little sanity, and stop these back
and forth pissing match threads and off-topic posts?
I honestly believe that the issue of the TAGS is secondary and once
again this list is dragged into a long unrelated thread. I feel that
Paul got fed up with how th
Hannigan, Martin wrote:
Maybe we should do some statistical analysis and see who the
one person
who starts most of these pi??ing contests, as you call them, is? The
results may be interesting.
Maybe we should do some statistical analysis of the prolific off topic
posters and ego posters a
Cat Okita wrote:
Could the thieving donkey be so kind as to stop cross-posting?
I am not on nanog-futures, and this interests all of us as a community.
If I get a reply to a mailing list I am on, cross-posted to another
list. I reply to the one I am on.
I don't see why people keep insisting
Steven M. Bellovin wrote:
Will the list moderators please declare this topic closed? Two days
ago, someone asked me "is this NANOG or Slashdot?" -- and it hasn't
gotten any better.
I don't think anyone is learning anything new at this point.
If the moderators don't say something, could ever
Other solution: disable IPv4 SSH and enable the IPv6 one, no scanning on
that plane ;)
Yet.
--
My blog: http://blogs.securiteam.com/?author=6
"The third principle of sentient life is the capacity for self-sacrifice
--- the conscious ability to override evolution and self-preservation
for a
Jeroen Massar wrote:
Gadi Evron wrote:
Other solution: disable IPv4 SSH and enable the IPv6 one, no scanning on
that plane ;)
Yet.
Enjoy scanning, even I and I guess the rest of this list will be long
time retired and sipping pina coladas and other good stuff (hot
chocolate milk with
By setting up a fake AP, you can launch active attacks. Sure, people
won't get the right certificate -- and they're not going to notice,
especially if the (unencrypted) initial web splash page says something
like "For added security, all SSL connections from this hotspot will
use Starbucks-b
[EMAIL PROTECTED] wrote:
* [EMAIL PROTECTED] (Stephen J. Wilcox) [Mon 21 Nov
2005, 16:07 CET]:
On Mon, 21 Nov 2005, Patrick W. Gilmore wrote:
Why would you even need to set up an AP? Why not just sit
and sniff
traffic? Gets you the _exact_ same information.
man in the middle is eas
You could see this type of "physical" electronic warfare also employed
in Iraq with the US Gov't bombing the center of GSM-blocking signal
generators.
GPS. Nor GSM.. but I suppose it woudl work the same way.
--
My blog: http://blogs.securiteam.com/?author=6
"The third principle of sentient
Leaving the politics aside, it's a lot harder than it seems. After an
active attack at a security conference a few years ago, a prof had some
of his grad students investigate it. Multipath, variable signal
attenuation, and the like make it very, very hard. (If it worked, the
idea was to em
To quote a science fiction story I'm fond of, "efficiency depends on
what you want to effish".
--Steven M. Bellovin, http://www.cs.columbia.edu/~smb
Sci-fi injection!
(marking another beer owed)
Gadi.
Daniel Roesen wrote:
On Wed, Dec 21, 2005 at 02:30:18PM -0600, Albert Meyer wrote:
I'd like to see a useful #nanog where network operators could chat.
That channel does exist but is not NANOG-related. Some #nanog folks who
do want to finally chat on-topic hang out there. Quote from one of t
Fergie (Paul Ferguson) wrote:
"Lycos Europe appeared to have pulled a controversial
anti-spam screensaver program from its site on Friday,
after coming under fire from both security experts and
the spammers themselves."
http://www.infoworld.com/article/04/12/03/HNlycospullsscreensaver_1.html
Okay.
--- Begin Message ---
Hello all,
while doing some experiments with dig using a .fm domain I made a small
typo. Much to my surprise the whole fm zone was transferable by anyone.
It's obvious this is a fabulous source for dictionary spammers who just
mail to generic addresses at as much domains as
Hi guys. I figured I might as well ping, as I do once a year on
different forums since `96, and send some information here asking for help.
The following drone army seems to be on the move, switching binary and
relay server, which is why I allow myself to post it openly.
Anyone seeing any conne
It appears like many of us will be very busy this month, on the network
front.
The linux kernel has two published vulnerabilities (one for IGMP -
http://isec.pl/vulnerabilities/isec-0018-igmp.txt).
MS released one for DHCP (http://go.microsoft.com/fwlink/?LinkId=36664)
and last but not least -
Hank Nussbacher wrote:
http://www.cnn.com/2004/LAW/12/18/spam.lawsuit.ap/index.html
What a nice present for the holiday season :-)
-Hank
Indeed! If it will hold after the appeal.
Thing is, the spammers are not there to be found for paying, so they
might not exist for appealing. Meaning this might
there are some million-bot drone armies out there. with enough attackers
I've heard that claim before, but I've yet to be convinced that those
making it were doing more than speculating. It is not unreasonable to
believe there are millions of bot drones, but that is not the same as
an army unde
Botnets are a new phenomenon. [ Gadi!?]
hehe, I won't take the bait on that one Martin. :)
I suppose that back in the days when it was "new" they weren't really
called "armies", and _hackers_ would actually set up "real" bots on
pwned boxes. Today we see less and less actual eggdrops/energymechs
Botnets aren't new. They've been prototyped on various IRC networks for
years. It started with hordes of linked eggdrop bots for Death Star
style privmsg/notice flood attacks on single users (1998? 1999?). When
For history's sake, most people name BO and netbus as the "original"
remote control
william(at)elan.net wrote:
Can somebody also share good definition of "BOT" and "BOTNET" for glossary
and description of 2-4 lines? Should I also list it as synonymous with
Zombie (bot being more hacker-oriented use and zombie being more toward
spammer-oriented use)?
I'd let others define a "bot
"bot": derivative of "robot". An application on an infected computer
used for orchestrated attacks or for distributed generation of spam,
often distributed in or with viruses or other malware. Similar to
"zombie", which is an older usage specific to distributed denial of
service attacks.
I bel
cw wrote:
Does anyone have any more detail on exactly what this thing does after
it gets into a system?
Check *any* AV web site.
The cgi platform for a company I use has been hit and the effect is
not just limited to phpBB, it seems to get into the server and then go
through everything it can wr
Dan Hollis wrote:
On Tue, 21 Dec 2004, Fergie (Paul Ferguson) wrote:
These people don't waste much time when a new exploit
found, do they? Geez.
http://isc.sans.org/diary.php?date=2004-12-21
Its exploiting a bug in old versions of phpbb, it's not using the recent
php exploit.
-Dan
It isn't very
I received several notices today from fellow ISP's, originally from an
Israeli ISP's security information sharing mailing list, that several
large Israeli ISP's experience an outbreak that cause tech support lines
to overflow.
Basically, this malware appears to change dialer configuration for
Fergie (Paul Ferguson) wrote:
These people don't waste much time when a new exploit
found, do they? Geez.
http://isc.sans.org/diary.php?date=2004-12-21
As a friend of mine just said.. good times!
http://www.google.com/search?q=NeverEverNoSanity
Gadi.
Hi.
We are in the process of forming a new drone army research and
mitigation mailing list.
Unlike other resources (which we don't come to compete with), this list
will bring together anti virus researchers/reverse engineers, network
admins and others who may be able to contribute.
AV research
Cheung, Rick wrote:
Hi. Anyone notice an increase of TCP Syns to port 11768, and 445
across random internet IPs? I googled the port, and found a similar posting
here:
http://www.trustedmatrix.org/portal/forum_viewtopic.php?7.954
We located the source on our network, updated DATs, an
Until today, I considered this to be a real and relevant threat,
although rather low in my matrix.
As someone I know said today, now that kiddies saw how much "fun" this
is, I am sure they will attempt this again.
The question that comes to mind is - what do you do to be prepared?
I suppose tha
http://www.theage.com.au/articles/2005/01/17/1105810810053.html
&&
http://www.smh.com.au/articles/2005/01/17/1105810810053.html
Gadi.
MAN") at lurhq always comes
up with the answers.
--
Gadi Evron,
Information Security Manager, Project Tehila -
Israeli Government Internet Security.
Ministry of Finance, Israel.
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Office: +972-2-5317890
Fax: +972-2-5317801
http://www.tehila.gov.il
Nils Ketelsen wrote:
We see a lot of requests of the following format in our proxy logs:
1105979310.010 240001 10.3.12.211 TCP_MISS/504
1458 GET http://84.120.14.236:25204/2005/1/17/11/23/32/ - NONE/- text/html
1105979314.020 240009 10.3.12.211 TCP_MISS/504
1458 GET http://67.171.84.104:25238/2005/
I still have no clue what is causing this, but I am pretty clueless when
it comes to Windows PCs anyway, and as you might have guessed: The PCs
making these connections are windows machines.
Continuing our off-list discussion for this on-list comment...
Without a reboot, try to connect the outgoin
Nevertheless the total number of accessed addresses was still
1000 (over all hosts). So I think we might have in fact 1000 Addresses
that are contacted/attacked. The complete list of contacted addresses can
be found here:
http://steering-group.net/~nils/ips.txt
More to the point - how about the I
http://www.theregister.co.uk/2005/01/17/panix_domain_hijack/
Gadi.
Nils Ketelsen wrote:
I still have no clue what is causing this, but I am pretty clueless when
it comes to Windows PCs anyway, and as you might have guessed: The PCs
making these connections are windows machines.
http://www.lurhq.com/baba.html
Thanks go to Joe Stewart from lurhq.
--
Gadi Evron
http://www.lurhq.com/baba.html
Thanks go to Joe Stewart from lurhq.
Further, please note this is the older variant. According to Joe the B
variant was released Jan/12.
Gadi.
.
FYI if you haven't seen this yet.
Gadi.
--- Begin Message ---
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Cisco Security Advisory: Vulnerability in Cisco IOS Embedded Call
Processing Solutions
Revision 1.0
For Public Release 2005 January 19 1500 UTC
+-
over there? I can't seem to be able to reach them and
this is becoming a real annoyance.
Anyone else observing this?
--
Gadi Evron,
Information Security Manager, Project Tehila -
Israeli Government Internet Security.
Ministry of Finance, Israel.
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Office: +972
All Inktomi/Yahoo crawling is done from 68.142.248.0/22; the whois
entry for that block says to report issues to [EMAIL PROTECTED]
Have you tried alerting them to the problems yet?
If yes, and if you didn't receive a response, please forward me the mail
that you sent, and I'll see to it that the r
t;[EMAIL PROTECTED]>
Gadi Evron (as specified below)
--
Gadi Evron,
Information Security Manager, Project Tehila -
Israeli Government Internet Security.
Ministry of Finance, Israel.
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Office: +972-2-5317890
Fax: +972-2-5317801
http://www.tehila.gov.il
The opinions, v
[EMAIL PROTECTED] wrote:
CNET reports
http://news.com.com/Zombie+trick+expected+to+send+spam+sky-high/2100-7349_3-5560664.html?tag=cd.top
that botnets are now routing their mail traffic through the local
ISP's mail servers rather than trying their own port 25
connections.
Both on ASRG and here on
Did you actially read the article? This was about drones sending out via
its ISP mailserver. Blocking outbound 25 doesnt help a bit here. In
general sure, good ide, and also start using submission for example. But
in this contect its silly.
No, it is relevant or I wouldn't have mentioned it.
Al
If a pro cannot clean it out safely, then i cannot imagine our typical
homeuser would be able to... and with some luck he installs a firewall
and antivirus next time, after reinstalling his system for the 4th or
5th time.
You may want to check out some AT (Anti-Trojan) software such as The
Cle
You will never be sure you have picked up all, only the known ones. For
a compromised system, unless running tripwire or something, reinstall!
You can never be sure, that's why it's a backdoor/Trojan horse.
Its a nice start, but it also tell people i am safe, and they dont know
Yes, it is. AV pr
This is no POC, we have seen this happen many many times. Perhaps some
Wrong, and I will tell you why in a second.
drone networks are a little 'behind' but in general, they are perfectly
able to do this. Even with some static lists for some large ISPs
mailservers they can perfectly initiate it
Hello
I am a bit concerned that blocking any port at all preventing abuse of
the affected service will make the abusers go through other services
instead. Port 139/445 is already blocked by several isps due to
excessive abuse or I believe they call it 'a security measurement'. Even
port 23 ha
[EMAIL PROTECTED] wrote:
On Mon, Feb 07, 2005 at 10:46:28AM -0800, Joel Jaeggli wrote:
I put up an isma mpeg-4 recording from the NANOG 33 "Coordinating NANOG:
Input From the Community" session up to supplement the m3 recording...
Both are here:
ftp://limestone.uoregon.edu/pub/videolab/video/nan
Stephen J. Wilcox wrote:
Hi,
you probably didnt think of this but it might not be a good idea to publish a
list of 3000 computers than can be infected/taken over for further nastiness.
if you can privately send me a list of Ip addresses (no need to sort) i can
assist you to distribute this infor
Bill Nash wrote:
Various persons put forth some amount of effort to, graciously, give
other operators a heads up to the ongoing/potential abuse of their
networks, and you're concerned about topical relevance? Why aren't you,
Aside to if botnet issues were discussed here, it would flood the list
Why is it a bad idea then? Because not all of us are Bill Nash who won't
pwn a user.
The same can easily be said for ANY public forum.
Yes.
Ketil Froyn wrote:
http://www.albany.edu/~ja6447/hacked_bots8.txt
Isn't it a good idea to collect the IP addresses rather than the ptr
name? For instance, if I were an evil person in control of the ptr
record of my own IP, I could easily make the name something like
1-2-3-4.dsl.verizon.net, and if
PTR records are just as pointless as A records...
in a secured DNS heirarchy, this is less of an issue
We are not quite there yet, are we?
since you have to spoof the entire delegation chain.
so either trust the DNS (both forward and reverse)
or not. For fo
Adam Jacob Muller wrote:
Not possible with most modern IRCD's since they check forward and
reverse dns.
So for example if your address is:
1.2.3.4
and that resolves to:
1-2-3-4.dsl.verizon.net
the ircd make sure that:
1-2-3-4.dsl.verizon.net
resolves back to
1.2.3.4
it's a simple
I wouldn't collect the contents of an A record, if that's what you mean.
I meant that it would be better to collect the IP of whoever is
connected to the irc server directly, eliminating the entire, possibly
misleading, step of DNS lookups. Faking that IP is more difficult.
Agreed.
I always store
First, the NANOG list will now be moderated by a volunteer group that
includes Marty Hannigan, Steve Gibbard, and Chris Malayter. Many thanks
to these folks for taking on this role in upholding the list's AUP.
Just a small comment from someone looking from the outside of the NANOG
political m
Speaking only for myself (and certainly not for Merit):
The NANOG Reform group (http://www.nanog-reform.org), which has already
gone on record supporting an open and democratic NANOG, was asked for
volunteers. I think all three of us are looking at this as a temporary
assignment until the broader
something has to be arbitrary in the absence of a government, its a chicken and
egg. i think you're looking for problems that arent there - do you or anyone
have issue with the progress thus far? if not the question is moot.
My question was answered. The current "government" which was not "chose
Scott Weeks wrote:
On Thu, 17 Feb 2005, Gadi Evron wrote:
: want to see at this headache of a position, or we do it openly on the
Yes, publically. Please.
Publically - on NANOG itself, please.
Dave O'Shea wrote:
They do have people in an LA office, as I got a call
from one of them when I had a BGP session to them go
down due to a max-prefix which had been exceeded.
I guess if you have three times the population of the
US, you're going to have one or two "black hats".
Undoubtedly.
It woul
Yo Vladis!
Those of us who have *enough* trouble keeping our own broadband users
zombie-free should be glad we're not the Korean CIRT staff. *THEY* got
handed an entire *COUNTRY* full of clueless users on high-speed connections.
Indeed, KrCERT is doing a very good job at cluing KR. They are very g
It appears that they do not share your view, by reading nanog-futures.
The new mailing list administration has already demonstrated that it had
zero credibility:
Yesterday, I posted something that displeased Martin Hanningan and was
told that I needed his permission. As I was browsing the archive,
tBot, actual SDbots,
etc.).
Contact information:
Hank Nussbacher <[EMAIL PROTECTED]>
Gadi Evron (as specified below)
--
Gadi Evron,
Information Security Manager, Project Tehila -
Israeli Government Internet Security.
Ministry of Finance, Israel.
[EMAIL PROTECTED]
[EMAIL PROTECTED]
Office: +972-2
From http://www.us.sorbs.net/faq/spamdb.shtml
"Third and finally, if you are really not a spammer, or you are truly reformed,
de-listing is relatively easy. You donate US$50 to a charity or trust approved by, and
not connected with, SORBS for each spam received relating to the listing (This is k
Sean Donelan wrote:
Routers, IP phones, VPN, etc are starting to get reasonable support
for certificates. So network operators may need some PKI as part
of their infrastructure (rather than the traditional application-layer
PKI such as Web/SSL).
But there seems to be only two choices for Public Ke
[snip]
organization. Also I didn't say it, but I'm not looking to identify
natural people.
[snip]
The Cisco IOS CA and Microsoft CA have the advantage of being
integrated with a lot of each vendor's products. Once set up,
both try to simplfy on-going maintenance as long as you use
their products.
John Levine wrote:
I thought everyone ran an ssh server on port 443 by now. It's
the easiest way to get through these overbearing firewalls.
Inbound:
Agreed. As we all know, applications running on web servers are the
easiest way to get into an organization. Run as many routers and
fire
help them in the future (especially the
attacked eCommerce sites and the hosting service providers).
* By previous requests here is an explanation of what "ASN" is, by Joe
St Sauver:
http://darkwing.uoregon.edu/~joe/one-pager-asn.pdf
--
Gadi Evron,
Information Security Manager,
Daniel Golding wrote:
Forgive me for being skeptical, but...
I would prefer you being skeptical. Please don't take my word on any of
this.
How do you come up with these? Are these the direct upstream ISPs of the
These are the digested results from the reports sent to the malicious
websites and p
Daniel Golding wrote:
Gadi,
This report isn't terribly useful without the IP addresses (or URLs) in
question. How could an ISP start investigating and/or null routing these
addresses without having the list?
I suppose I'm skeptical because some of those ASNs are not big content
hosters. Some are tr
1 - 100 of 451 matches
Mail list logo
