We just dealt with a vmware audit too; it was a joke. In any case, the
thing I found curious with their auditor as well as a PCI QSA (fancy
auditor), is that neither entity seemed to know IPv6 exists. The whole
time I'm thinking okay, now why aren't you investigating these same
attack vectors in
The auditors VMware sent to us were just as bad. To ensure we weren't
running "rogue" ESX(i) servers or WorkStation, they made us provide full
arp/cam tables. Then a list of the virtual machines. "Oh look, this MAC
isn't listed as one of your virtual machines". It isn't because it was
running on vi
Hello everyone!
I was wondering if anyone is using Rancid with Maipu devices? I am slightly
stuck because default clogin gives error on "terminal length 0" and widith
command in Maipu cli.
Also, I tried adding "no more" which is being executed but still overall
script is failing. Did anyone got
On Apr 26, 2014, at 12:19 PM, Deepak Jain wrote:
> Does anyone have doomsday plots of IPv6 prefixes? We are already at something
> like 20,000 prefixes there, and a surprising number of deaggregates (like
> /64s) in the global table. IIRC, a bunch of platforms will fall over at
> 128K/256K IP
On Wed, Apr 30, 2014 at 5:23 PM, Larry Sheldon wrote:
> On 4/30/2014 11:30 AM, valdis.kletni...@vt.edu wrote:
>> And in that discussion, we ascertained that what the PCI standard actually
>> says, and what you need to do in order to get unclued boneheaded auditors
>> to sign the piece of paper, ar
On 4/30/2014 11:30 AM, valdis.kletni...@vt.edu wrote:
On Wed, 30 Apr 2014 15:40:43 -, Jamie Bowden said:
You're not funny. And if you're not joking, you're wrong. We just went over
this on this very list two weeks ago.
And in that discussion, we ascertained that what the PCI standard ac
Patrick,
Le 30/04/2014 16:54, Patrick W. Gilmore a écrit :
>> It's fairly easy to punch a hole in a larger prefix, but winning
>> the reachability race while unable to propagate a more specific
>> prefix significantly increase hijacking costs.
>
> Excellent point, Jérôme.
>
> Let's make sure not
>Anybody got recommendations on how to make sure the company you engage
>for the audit ends up sending you critters that actually have a clue? (Not
>necessarily PCI, but in general)
In my previous jobs when I was doing FIPS/NIST/whatever compliance, it
ended up being the case that having a highlig
On 4/30/14, 9:30 AM, valdis.kletni...@vt.edu wrote:
> On Wed, 30 Apr 2014 15:40:43 -, Jamie Bowden said:
>
>> You're not funny. And if you're not joking, you're wrong. We just went over
>> this on this very list two weeks ago.
>
> And in that discussion, we ascertained that what the PCI sta
On Wed, 30 Apr 2014 15:40:43 -, Jamie Bowden said:
> You're not funny. And if you're not joking, you're wrong. We just went over
> this on this very list two weeks ago.
And in that discussion, we ascertained that what the PCI standard actually
says, and what you need to do in order to get u
> Behalf Of Jeff Kell
> Not to mention that PCI compliance requires you are RFC1918 (non-routed)
> at your endpoints, but I digress...
You're not funny. And if you're not joking, you're wrong. We just went over
this on this very list two weeks ago.
Jamie
On Apr 30, 2014, at 09:15 , Jérôme Nicolle wrote:
> Le 29/04/2014 04:39, valdis.kletni...@vt.edu a écrit :
> > Do we have a handle on what percent of the de-aggrs are legitimate
> > attempts at TE, and what percent are just whoopsies that should be
> > re-aggregated?
>
> Deaggs can "legitimatell
On 4/30/14, 12:00 AM, "Jeff Kell" wrote:
>Not to mention that PCI compliance requires you are RFC1918 (non-routed)
>at your endpoints, but I digress...
This is emphatically not true. All PCI compliance requires is that your
private IP addresses are not disclosed to the public, which could be
Anyone selling IP over ATM / Frame Relay in North NJ Verizon LATA 224 that
could carve a PVC real fast?
Just out of curiosity, how does removing port address translation from
the equation magically and suddenly make everything exposed, and
un-invent the firewall?
-Blake
On Tue, Apr 29, 2014 at 11:00 PM, Jeff Kell wrote:
> On 4/29/2014 11:37 PM, TheIpv6guy . wrote:
>> On Tue, Apr 29, 2014 at 7:54 P
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Le 29/04/2014 04:39, valdis.kletni...@vt.edu a écrit :
> Do we have a handle on what percent of the de-aggrs are legitimate
> attempts at TE, and what percent are just whoopsies that should be
> re-aggregated?
Deaggs can "legitimatelly" occur for a di
Security is a layered approach though. I can't recall any server or service
that runs in listening state (and reachable from public address space) that
hasn't had some type of remotely exploitable vulnerability. It's hard to
lean on operating systems and software companies to default services to
of
17 matches
Mail list logo
