I'm about as offended from this post as I was when Canter & Siegel happened.
The inevitable forced realization that the our little world is indeed filled
with evil, evil people that want to abuse it (or in this case, those
associated with its operation) for their own ventures.
I suppose we've all
debate on efnet, so i thought it
appropriate to ask here. Feel free to respond privately (and I will post
summaries to the list), or direct.
In any case, for the benefit of all, I will post in any case my/our
findings.
Thanks in advance,
jamie rishaw
On Tue, Apr 15, 2008 at 2:31 AM, Phil Regnauld <[EMAIL PROTECTED]> wrote:
> jamie (j) writes:
> > `
> > device, and by 'device' i mean router and/or switch) configuration
> > management (and (ideally) compliance-auditing_and_assurance) software.
> >
&
n having (IE, keeping them for
more than a few weeks), they couldn't get it approved, and felt just
doing it would be too suspicious while people were watching.
Tongue FIRMLY in cheek,
Jamie
If you are one of these famous John's, who helped make Onyx such a resounding
success, drop me a line, eh? ;)
We now return you to your normally schedualed NANOGing.
Jamie
On 9/1/05, John Palmer <[EMAIL PROTECTED]> wrote:
The United Airlines website appears to be down and has been
down for days.
Is this a network issue or are they out of
business??
Works fine for me. What testing have you done and what exactly are you seeing?
Jamie
ot;yes" answers. Why is one
> right and the other wrong?
Heard of a little thing called 'spam'?
Jamie
> --
> Chris Adams <[EMAIL PROTECTED]>
> Systems and Network Administrator - HiWAAY Internet Services
> I don't speak for anybody but myself - that's enough trouble.
n have quite undesired
implications. The question was why was one ok, and the other not. The
answer is because of spam.
Jamie
OK, I normally try to avoid doing this, but could someone in Fast.net's
NOC please drop me an email about a job you guys have posted there? Or
just plain have a contact there they would be willing to set me up with?
:)
Thanks if you can help!
Jamie
I've found that country of origin is less relevant than route/subnet and ASN, as there
is a link between the address and the people in a position to actually respond to the
problem.
I'd be interested in knowing how linking aggregated attack information to country of
origin is actually valuable
Even if 3mil machines are actively and currently compromised,
of all reachable hosts on the Internet, it would not be unreasonable
to assume that %80 or more are vulnerable to remote compromise
in some way. That number is speculative, but most estimates from
consutling firms are much higher. (
I wonder if this could just be solved by selling fraud insurance?
It could be another ridiculous bank surcharge or service, but would
negate the need for byzantine technology infrastructures to support it.
All that user end security devices do is put more non-repudiable
onus on the user, so th
While we were fighting blaster/nachi and others, we relied heavily on IDS's to generate
alerts for the worms, then we disabled their network access and called them. Generic
viruses are not an ISP's problem, but a worm is something that affects the prviders
infrastructure, and is therefore a netw
4: 19916*- 1/2/2 (171) (DF)
Restarting named does not help.
These host are located on several different ISP networks.
Forward lookups function properly.
Stumped...
Any help or suggestions would be greatly appreciated. Thanks.
-jamie
I'm not sure whether shadenfreude is the right word, however, it seems that,
regarding a previous conversation about cutting off users infected with viruses,
ATT has decided that putting a bit of stick about is the right thing to do.
It will be very interesting to see how this works out, as it
I must have missed the thread on this, but is there a good summary available
of exactly _how_ these netblocks are getting hijacked?
Are they taking advantage of sloppy redistribution configurations, 0wning
routers, spoofing OSPF updates, taking advantage of default static
routes, or is there so
It would be useful if these sites allowed you to query them with CIDR ranges to
see if your site had originated any traffic that triggered their sensor arrays. The
IDS community never seems to have wrapped its collective head around routing
information. Looking up single IP addrs is just cosmet
While I can't give you a fixed cost, I can confidently say that the value or
cost/benefit over time resembled
a bathtub curve. It starts high, drops sharply close to zero, then climbs slowly over
time as the infection
rate dissipates while a fixed mitigation strategy is applied, with diminishi
Personal view:
This was a problem when filtering Nachi while it pinged networks
to their knees.
Sometimes I wonder if there is any legitimate reason to allow
pings from users at all. If the user really needed to use
ping, that is, if they were in a position to do anything about the
results of
I have been looking for a tool that will visualize traceroute data in
a graph. Skitter looks ideal, but its availability is quite limited.
I have tried Netmap (netmap.sourceforge.net) and have been
mucking about with Graphviz (graphviz.org) in general.
However, the problem of building a map fr
While acknowledging that I am falling for a troll does not excuse the act
itself, I would like to float an idea I think is useful.
If you look at security as control, then you can measure it as the ratio of
controls to features. That is, for N in/egress points there are X active policy
enforce
We have built an experimental system that aggregates IDS alerts by
sorting them into subnets, then associating them with routes from
the a view of the global BGP table, and in turn associates them with
their ASN. From there, we can create lists of security events as they
are related to the netwo
If you have a look at
http://vil.nai.com/vil/content/v_101083.htm
There is a list of IP addresses that are nameservers which
are hard-coded into the worm. It spreads by e-mail (currently)
and thus it can be blocked using anti-virus filters.
My concern is that these addrs are all for nameser
On 4/3/06, Stephane Bortzmeyer <[EMAIL PROTECTED]> wrote:
>
> On Sat, Apr 01, 2006 at 04:51:09PM -0600,
> Chris Adams <[EMAIL PROTECTED]> wrote
> a message of 17 lines which said:
>
> > unixshell.com claims more service (RAM, disk, monthly transfer) for less
> > per month:
> >
> > http://www.uni
I'd just like to point out Paul, that while we may rely on police to
handle crimes in the real world, we still lock our doors.
Jamie Bowden
--
"It was half way to Rivendell when the drugs began to take hold"
Hunter S Tolkien "Fear and Loathing in Barad Dur"
Iain Bowen <[EMAIL PROTECTED]>
te that you left a word out above. He's agreeing that even if
you do have permission, you shouldn't announce space from another
provider.
Jamie Bowden
--
"It was half way to Rivendell when the drugs began to take hold"
Hunter S Tolkien "Fear and Loathing in Barad Dur"
Iain Bowen <[EMAIL PROTECTED]>
Haven't you been paying attention? There's a whole thread dedicated to
why Australia's horridly expensive.
Jamie Bowden
--
"It was half way to Rivendell when the drugs began to take hold"
Hunter S Tolkien "Fear and Loathing in Barad Dur"
Iain Bowen <[EM
-Original Message-
From: Adrian Chadd [mailto:[EMAIL PROTECTED]
Sent: Wednesday, October 10, 2007 7:07 AM
To: Jamie Bowden
Cc: nanog@merit.edu
Subject: Re: wanted: offshore hosting
On Wed, Oct 10, 2007, Jamie Bowden wrote:
>
> Haven't you been paying attention? There'
p of usage per
month. As a result, customers misled by the company's claims, enrolled
in its Unlimited plans, only to have their accounts abruptly terminated
for excessive use, leaving them without internet services and unable to
obtain refunds."
Jamie Bowden
--
"It was half way t
Some of you probably already know, but this just hit my inbox:
From: Jun Murai <[EMAIL PROTECTED]>
Dear Friends,
I am regretful to pass along the sad news that Itojun (Dr. Junichiro
Hagino) passed away on October 29, 2007. He was 37 years old. The WIDE
community would like to send our condolenc
Just a more likely one.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Adrian Chadd
Sent: Thursday, November 22, 2007 7:45 AM
To: Suresh Ramasubramanian
Cc: nanog@merit.edu
Subject: Re: unwise filtering policy from cox.net
On Thu, Nov 22, 2007, Suresh
ally a nifty idea...
"Hey, you there, use potential gateways in the following order!"
It has the same utility and simplicity that MX records do.
Jamie
be very interesting.
Thanks for your time.
Jamie
Ttcp will give you what you're looking for, but it's not something you
can run in the background and forget. You have to bring it up on both
ends, and while it's running, it won't even pretend to try and be
friendly about bandwidth usage. It'll give you a summary after it has
finished transferri
MS, Apple, Linux, *BSD are ALL dual stack out of the box currently. The
core is IPv6/dual stack capable, even if it's not enabled everywhere,
and a large chunk of Asia and Europe are running IPv6 right now. The US
Govt. is under mandate to transition to v6 by the end of the year. The
only bits
s/recently/ever/
I'd be happy if I could tell Gmail to delete anything in a non Roman
character set. I don't read Hebrew, Arabic, Kanji, Hangul, Cyrillic, or
any of the other various character sets I get spam in.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Be
For about the last two weeks, you've had something broken in your
internal routing (here's a traceroute from my house in Reston to a
server in TX, just as a sample):
Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.
C:\Documents and Settings\jam
I'd check with a Lawyer, but that statute contains an "or", not an
"and".
Jamie Bowden
--
"It was half way to Rivendell when the drugs began to take hold"
Hunter S Tolkien "Fear and Loathing in Barad Dur"
Iain Bowen <[EMAIL PROTECTED]>
&g
> can't argue with
> > their success, but i guess i am ready to quibble over their manners.
> >
>
> Hi Paul, just curious, someone over at UltraDNS called and told me my
> own bind server is dropping
> 20% of queries. Can you please explain to me how did they log into my
> systems?
Sendmail.
Jamie
ts.com/forum/remark,17368208
>
> --
> | Jeremy Chadwick jdc at parodius.com |
> | Parodius Networkinghttp://www.parodius.com/ |
> | UNIX Systems Administrator Mountain View, CA, USA |
> | Making life hard for others
side, I suspect that one wrong move by a backhoe
along the Dulles Toll Road would screw about half the east coast.
Jamie Bowden
--
"It was half way to Rivendell when the drugs began to take hold"
Hunter S Tolkien "Fear and Loathing in Barad Dur"
Iain Bowen <[EMAIL PROTECTED]>
Virginia Power replaced our meter over the summer with a new one that
has wireless on it. The meter reader just drives a truck past the
houses and grabs the data without him/her ever leaving the truck. I
have no idea what protocol they're using, or if it's even remotely
secure.
Ja
y default, but it's not
difficult to do.
Apparently Vista does do IPv6 by default out of the box, but I don't
have a Vista system to play with yet to confirm this.
Jamie Bowden
--
"It was half way to Rivendell when the drugs began to take hold"
Hunter S Tolkien "Fear and Loathing in Barad Dur"
Iain Bowen <[EMAIL PROTECTED]>
s/our exchanges/our urban exchanges/
And even then, not so much. I have cable or nothing, and I live in
Fairfax Co. 41k line feet from my house to the exchange. In rural
areas, most of the population far outside of DSL range.
Jamie Bowden
--
"It was half way to Rivendell when the
Verizon.
Jamie Bowden
--
"It was half way to Rivendell when the drugs began to take hold"
Hunter S Tolkien "Fear and Loathing in Barad Dur"
Iain Bowen <[EMAIL PROTECTED]>
> -Original Message-
> From: Frank Bulk [mailto:[EMAIL PROTECTED]
> Sent: Th
An even more cynical way would be to say that most antivirus
companies aren't in the business of analyzing viruses - they are in
the business of selling antivirus software.
I believe that is the fundamental problem.
Jamie
--
Jamie C. Pole
[EMAIL PROTECTED]
http://www.jcpa.com
In
rk
engineers and security professionals...
It's a terrible thing when the most "competent" assessment of an attack
comes from a "company spokesperson", rather than someone just a little more
technical...
Oh, well...
Jamie
- Original Message -
From: "dies&q
BSOLUTELY
NOTHING to complain about.
WOW! How quickly these threads go off-topic... :-)
Jamie
--
Jamie C. Pole [EMAIL PROTECTED]
Principal Consultant
J.C. Pole & Associates, Inc.
Information Security / Information Warfare / Information Forensics
Comprehensive Law Enforcement & Litigation Support
--
that they have not
been hacked is pure fantasy. Even in Australia.
Jamie
--
Jamie C. Pole
Founder & Principal Consultant
J.C. Pole & Associates, Inc.
Office: 203-338-0901Fax: 203-576-1355
Cell: 203-395-7737 Email: [EMAIL PROTECTED]
Purveyors of global threat managem
49 matches
Mail list logo
