Google's Schmidt on Iran supposedly hijacking GOOG'd .dk traffic

Video at: http://edition.cnn.com/video/#/video/bestoftv/2011/12/13/erin-schmidt-on-iran.cnn Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: "general badness" AS-based reputation system

We tried to outline some of the challenges of building such a system in our NANOG52 presentation: http://www.merit.edu/networkresearch/papers/pdf/2011/NANOG52_reputation-nanog.pdf In particular see slide 4. where we tried to lay down what we think the requirements are for a socially acceptable

Re: "general badness" AS-based reputation system

On 9/26/11 2:31 AM, Jimmy Hess wrote: Sorry... what makes you think the problem with use of a AS-reputation systems is social and not technical? IP packets are not stamped with the numbers of any of the AS they transitted to reach your network. The IP protocol simply does not expose AS number i

"general badness" AS-based reputation system

Having run one of these in the past, when take-downs of C&Cs was still semi-useful, my ethos on this is problematic, however, I am as of yet undecided as to this one. An AS-based reputation system for all sorts of badness: http://bgpranking.circl.lu/ In my opinion, third-party security based

UN declares Internet access a "human right"

The title is misleading, as this is more about "denying" access. But this is still quite interesting. I don't think this has *any* operational implications, but every operator to see this was immediately worried. I figure it warrants a discussion. http://m.wired.com/threatlevel/2011/06/interne

Re: (wikileaks) Fwd: [funsec] And Google becomes a DNS..

On 12/5/10 5:50 PM, Gadi Evron wrote: I withhold comment... "discuss amongst yourselves". Found on reddit: http:/ Not sure why the URL didn't go through... http://i.imgur.com/Q5SVu.png Enjoy. Gadi.

(wikileaks) Fwd: [funsec] And Google becomes a DNS..

I withhold comment... "discuss amongst yourselves". Best, Gadi. Original Message Subject:[funsec] And Google becomes a DNS.. Date: Sun, 5 Dec 2010 17:34:50 +0200 From: Imri Goldberg To: funsec Found on reddit: http://i.imgur.com/Q5SVu.png -- Imri

Re: Who controlls the Internet?

On 7/25/10 8:24 PM, Tarig Yassin wrote: I would like to issue a question here, who controls this Internet? Vix does, who else? :) Gadi.

The Economist, cyber war issue

The upcoming issue will be about cyber war. Check out the front page image: http://sphotos.ak.fbcdn.net/hphotos-ak-snc3/hs488.snc3/26668_410367784059_6013004059_4296972_499550_n.jpg Gadi.

Finland makes broadband access a legal right

http://edition.cnn.com/2010/TECH/web/07/01/finland.broadband/index.html?hpt=T2 Interesting...

Recommendation in Australia for ISPs to force user security?

http://www.zdnet.com.au/make-zombie-code-mandatory-govt-report-339304001.htm "A government report into cybercrime has recommended that internet service providers (ISPs) force customers to use antivirus and firewall software or risk being disconnected. security Committee chair Belinda Neal sai

Re: Nato warns of strike against cyber attackers

what they have in mind. Gadi. -- Gadi Evron, http://gadievron.com/

Re: Nato warns of strike against cyber attackers

pubs/monographs/2009/RAND_MG877.pdf Gadi. -- Gadi Evron, http://gadievron.com/

Re: Books for the NOC guys...

On 4/3/10 1:52 PM, Adrian Chadd wrote: On Fri, Apr 02, 2010, Robert E. Seastrom wrote: So, what are you having your up-and-coming NOC staff read? Since I thought this was worthwhile summarising, I've dumped it on the mail topics page in the Wiki: http://nanog.cluepon.net/index.php/MailTopics

Re: [only half OT] A socio-psychological analysis of the first internetwar (Estonia)

available. Gadi. -Original Message----- From: Gadi Evron [mailto:g...@linuxbox.org] Sent: Wednesday, April 28, 2010 11:51 PM To: NANOG Subject: [only half OT] A socio-psychological analysis of the first internetwar (Estonia) Hi, In the past year I have been working in collabor

[only half OT] A socio-psychological analysis of the first internet war (Estonia)

10.1089/cyber.2009.0134 Thanks, and any comments appreciated. If on psychology, please do it off-list, though. Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: NSP-SEC

on can lead to on a list of techies. Your language leads people to treat you as a troll, although so far many folks here have been very nice in their answers, giving you the benefit of the doubt. Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: NSP-SEC

subject for you. http://www.darkreading.com/blog/archives/2009/12/security_pr_str.html Gadi. William -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: Security Guideance

, are you able to provide with a packet dump of the DoS? Might help us pinpoint the relevant botnet and/or bot. As to web server botnets, you may be interested in this 2007 article from me on the subject: http://gadievron.com/publications/GadiEvron_VBFeb07.pdf Good luck, Gadi. --

Re: Email Portability Approved by Knesset Committee

On 2/22/10 7:28 PM, Joe Abley wrote: On 2010-02-22, at 10:09, Gadi Evron wrote: The email portability bill has just been approved by the Knesset's committee for legislation, sending it on its way for the full legislation process of the Israeli parliament. While many users own a free

Re: Chuck Norris Botnet and Broadband Routers

On 2/22/10 5:17 PM, William Pitcock wrote: On Mon, 2010-02-22 at 16:21 +0200, Gadi Evron wrote: Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story

Email Portability Approved by Knesset Committee

The email portability bill has just been approved by the Knesset's committee for legislation, sending it on its way for the full legislation process of the Israeli parliament. While many users own a free email account, many in Israel still make use of their ISP's email service. According to

Chuck Norris Botnet and Broadband Routers

Last week Czech researchers released information on a new worm which exploits CPE devices (broadband routers) by means such as default passwords, constructing a large DDoS botnet. Today this story hit international news. Original Czech: http://praguemonitor.com/2010/02/16/czech-experts-uncover

lawful intercept/IOS at BlackHat DC, bypassing and recommendations

gs.iss.net/archive/blackhatlitalk.html Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: Anyone see a game changer here?

On 1/24/10 7:48 AM, Damian Menscher wrote: On Sat, Jan 23, 2010 at 9:20 PM, Gadi Evron wrote: On 1/24/10 6:37 AM, Damian Menscher wrote: So... you're taking incomplete information hyped up by "tech" reporters operating based on leaks from people tangential to an investigati

Re: Anyone see a game changer here?

On 1/24/10 7:20 AM, Gadi Evron wrote: On 1/24/10 6:37 AM, Damian Menscher wrote: So... you're taking incomplete information hyped up by "tech" reporters operating based on leaks from people tangential to an investigation as fact, and deciding that if Google doesn't tell y

Re: Anyone see a game changer here?

On 1/24/10 6:37 AM, Damian Menscher wrote: So... you're taking incomplete information hyped up by "tech" reporters operating based on leaks from people tangential to an investigation as fact, and deciding that if Google doesn't tell you the details of an ongoing criminal investigation that you'll

Re: Anyone see a game changer here?

to criticize Microsoft on security. Perhaps they have grown complacent with the PR nightmare of full disclosure a decade behind them, with most vulnerabilities now "sold" to them directly or indirectly by the security industry. Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: Anyone see a game changer here?

ber crime and cyber war is well established in law and diplomacy both. Security experts should not spread fear, and they definitely shouldn't be the ones people look to for answers on this. Thoughts? Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: more news from Google

take a lot of time. Gadi --Steve Bellovin, http://www.cs.columbia.edu/~smb -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: Anyone see a game changer here?

On 1/15/10 10:15 PM, Fred Baker wrote: On Jan 15, 2010, at 8:13 AM, Gadi Evron wrote: 1. Unlike GhostNet, which showed an interesting attack but jumped to conclusions without evidence that it was China behind them -- based on Ethos alone I'd like to think that when Google says China d

Re: Anyone see a game changer here?

On 1/15/10 5:23 PM, Sachs, Marcus Hans (Marc) wrote: The botnet concept is one of the old rules. The way the APT works and what it is used for is the new game. Perhaps for talking about, but it is far from new. Come on Marc. Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http

Re: Anyone see a game changer here?

t good analysis): http://www.darkreading.com/blog/archives/2009/03/german_intellig.html Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: Anyone see a game changer here?

On 1/15/10 4:32 PM, Sachs, Marcus Hans (Marc) wrote: The APT is the new game. Old rules, new game. I don't see why it's new just because suddenly people know what's going on around them. A bit like with botnets before 2004. Gadi. -- Gadi Evron, g...@linuxbox.o

Re: Anyone see a game changer here?

On 1/15/10 4:07 PM, Bruce Williams wrote: As if the old threat models weren't bad enough... The old threat models were simply not up to date. Gadi. Bruce -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: I got a live one! - Spam source

ible law enforcement involvement? As to the intricate web of who they are and where their resources lie, these are usually cases where the more you dig, the more you find -- ad infinitum. Me? I'd just kick them after verifying they are not victims themselves. I hope this helps,

Re: Announcement: Critical Internet Infrastructure WG is now open to public participation

Gadi Evron wrote: I can share personal examples of past uses relating to NANOG, which are public: Oh, duh! The outages mailing list is part of the ISOTF, although clearly its own entity. Gadi.

Re: Announcement: Critical Internet Infrastructure WG is now open to public participation

orted by Norman. http://isotf.org/isoi5.html ISOI 6 was hosted by the University of Texas, Dallas, and supported by Baylor University. http://isotf.org/isoi6.html ISOI 7 was hosted by Websense and ESET, and supported by Facebook and Softlayer: http://isotf.org/isoi7.html Gadi.

Re: Announcement: Critical Internet Infrastructure WG is now open to public participation

min interface a while back: http://www.reddit.com/r/reddit.com/comments/6a32u/please_enter_the_first_1178_digits_of_pi_wait/ As to if it's a joke... one way to find out. :) Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: Announcement: Critical Internet Infrastructure WG is now open to public participation

Simon Lockhart wrote: On Wed Nov 18, 2009 at 07:08:31PM +0200, Gadi Evron wrote: ISOTF Critical Internet Infrastructure WG is now open to public participation. Sorry, who is ISOTF? I tried looking on the website, but the "About ISOTF" page is blank... http://www

Announcement: Critical Internet Infrastructure WG is now open to public participation

hosted by the ISOTF, but is governed by members. Note: SCADA, network operations, and other related issues should be discussed in the appropriate forums, elsewhere. This group deals with the internet. To subscribe: http://isotf.org/mailman/listinfo/cii Gadi Evron for ISOTF-CII-WG.

Re: kaspersky anti-virus tech, with a clue?

Jim Mercer wrote: can anyone point me at a Kaspersky tech with a clue? maybe we can re-craft our login url to not offend the Kaspersky suite. Forwarding. Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: Dutch ISPs to collaborate and take responsibility for bottedclients

Eugeniu Patrascu wrote: Gadi Evron wrote: Barton F Bruce wrote: Stopping the abuse is fine, but cutting service to the point that a family using VOIP only for their phone service can't call 911 and several children burn to death could bring all sorts of undesirable regulation let alon

Re: Dutch ISPs to collaborate and take responsibility for bottedclients

Barton F Bruce wrote: Stopping the abuse is fine, but cutting service to the point that a family using VOIP only for their phone service can't call 911 and several children burn to death could bring all sorts of undesirable regulation let alone the bad press and legal expenses. While a legitima

Re: Dutch ISPs to collaborate and take responsibility for botted clients

Christopher Morrow wrote: I would also point out that Qwest does this walled-garden approach for their customers (have been for at least 5 years now? d...@qwest could clarify) and they've seen success with it. Aliant in .ca also has some fairly aggressive anti-malware works installed. There are

Dutch ISPs to collaborate and take responsibility for botted clients

The story is covered by PC mag: --- ... major Dutch ISPs have agreed to share information and establish a common set of rules for responding to users infected with malware, especially those in botnets. The agreement, called a "treaty" by locals, involves 14 ISPs covering 98% of the market.

Re: ruling: liability for providers who don't act on clients' illegal activities?

jamie wrote: FYI, This was discussed in the already-OT thread "Beware : a very bad precedent set" a week ago. Ah. I apologize. It happens. On Mon, Sep 7, 2009 at 11:59 AM, Gadi Evron <mailto:g...@linuxbox.org>> wrote: Gadi Evron wrote: Jury Exacts $32M Pe

Re: ruling: liability for providers who don't act on clients' illegal activities?

Gadi Evron wrote: Jury Exacts $32M Penalty From ISPs For Supporting Criminal Websites http://darkreading.com/securityservices/security/cybercrime/showArticle.jhtml Corrected URL: http://darkreading.com/securityservices/security/cybercrime/showArticle.jhtml;jsessionid

ruling: liability for providers who don't act on clients' illegal activities?

Jury Exacts $32M Penalty From ISPs For Supporting Criminal Websites http://darkreading.com/securityservices/security/cybercrime/showArticle.jhtml 'Landmark case' indicates that ISPs may be held liable if they know about criminal activity on their customers' Websites and fail to act A federal j

Re: DOS in progress ?

fuzzy feeling inside. Off topic, I found it hilarious how all the tweets came back to facebook and set statuses about twitter. :o) Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/

Re: Are you an "unpaid volunteer"?

ticle. Don't shoot the messenger though! And it wasn't really NANOG that did or does much of what he describes, but NANOG is a "good enough" representative name for the community of people who do, when we our definition to network operations. Gadi. -- Gadi

[Fwd: [ GLSA 200907-15 ] Nagios: Execution of arbitrary code]

While this is the Gentoo advisory, it's generic enough. Gadi. -- Gadi Evron, g...@linuxbox.org. Blog: http://gevron.livejournal.com/ --- Begin Message --- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Adv

Re: YES I'VE TRIED MANY VENUES looking for mail admin @ nist.gov

J. Oquendo wrote: (press 3) - rerouted to an APNIC block (outsourced!): "Velcome is here to en eye esh tee dish is John" "I'm having trouble with mail.." "vell have you tried reboot?" "vat vershun of vindows are you use?" *ducks http://www.youtube.com/watch?v=QpmLrz_lSuE The IT Crowd, o

Re: ftc shuts down a colo and ip provider

Christopher Morrow wrote: On Fri, Jun 5, 2009 at 1:44 AM, Deepak Jain wrote: What does it say about these providers AUP that the FTC needed to go to court to turn them off? I hate to re-start the atrivo/intercage/mccolo thread(s) but, often what happens is there just arent any real/usable com

one shot remote root for linux?

This is one of them mysterious and rare cases where a non router OS vulnerability may affect network operations. Sometimes news finds us in mysterious yet obvious ways. HD Moore (respected security researcher) set a status which I noticed on my twitter: @hdmoore reading through sctp_houdini.

Re: Malicious code just found on web server

Ingo Flaschberger wrote: Hi, I see this every day at my webservers with a lot of *outdated* *exploitable* customer websites [I love old joomla's]; but mod_security does a great job nuking sql and various other exploits. mod_security saves our collective behinds every day at nearly every very

Re: Malicious code just found on web server

Mike Lewinski wrote: Paul Ferguson wrote: Most likely SQL injection. At any given time, there are hundreds of thousands of "legitimate" websites out there that are unwittingly harboring malicious code. Most of the MS-SQL injection attacks we see write malicious javascript into the DB itsel

Re: SIP - perhaps botnet? anyone else seeing this?

Leland E. Vandervort wrote: Managed to get to the bottom of it, and it was indeed a SIP User-Agent brute-force attempt. Interestingly, though, that your mail mentions specifically verizon... the majority of the remote addresses during this brute-force attempt were also behind verizon... coincid

Re: Fiber cut in SF area

Jorge Amodio wrote: On Thu, Apr 9, 2009 at 1:20 PM, Christopher Morrow wrote: isn't there a mailing list for this sort of thing? outages@ I think it is? Jared put together long time ago seems to still be active and receiving reports about this one. Virenda Rode started the outages mailing

Re: The Confiker Virus hype and measures

Stasiniewicz, Adam wrote: So from a network operational perspective, unless the virus author decides to launch a DDOS on a single target (and one is either that network or its upstream) I predict this will have little, if any, effect. Agreed. Although being ready to answer your abuse mail t

The Confiker Virus hype and measures

Joe Blanchard wrote: Anyone have a copy of this? Would like to analyze it and understand its propagation. Thanks -Joe I'm sure someone sent you a sample by now. As to the malware itself... I haven't personally been following conficker as I've been busy with other issues (as much as possible,

Re: phishing attacks against ISPs (also with Google translations)

William Allen Simpson wrote: I've not recently seen an ISP account phish here. The last one I remember was circa 2003. It was a dictionary attack, arriving at my was@ account (long since rendered useless by spam volume and terminated). However, I don't save phish/spam anymore. I used to save

phishing attacks against ISPs (also with Google translations)

In this email message I'd like to discuss two subjects: a. Phishing against ISPs. b. Phishing in different languages against ISPs as soon as Google adds a new translation module. [My apologies to those who receive this email more than once. I am approaching several different industries on this ma

Re: wires mess thread

This came across my RSS feed today from gizmodo: http://www.reddit.com/r/technology/comments/845v3/this_data_center_has_got_its_shit_together/

Re: [ MDVSA-2009:054 ] nagios (fwd)

On Wed, 25 Feb 2009, Eric Gearhart wrote: I hate to be pedantic but is this something that should get forwarded to NANOG? I guess the relevance is justified because a lot of network folks run Nagios...? As long as network operators related vulns don't start showing up every couple of months

[ MDVSA-2009:054 ] nagios (fwd)

-- Forwarded message -- Date: Wed, 25 Feb 2009 01:05:01 +0100 From: secur...@mandriva.com Reply-To: xsecur...@mandriva.com To: bugt...@securityfocus.com Subject: [ MDVSA-2009:054 ] nagios -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 __

Re: Great outage of 1997 - Does anyone recall?

On Sun, 22 Feb 2009, Danny McPherson wrote: On Feb 22, 2009, at 10:10 PM, Christopher Morrow wrote: On Mon, Feb 23, 2009 at 12:06 AM, Paul Wall wrote: On Sun, Feb 22, 2009 at 2:57 AM, Gadi Evron wrote: What was that story with an African routes some years back, any memories anyone? I am

Re: Great outage of 1997 - Does anyone recall?

What was that story with an African routes some years back, any memories anyone? I am looking for a reference. On Sun, 22 Feb 2009, Patrick W. Gilmore wrote: On Feb 22, 2009, at 1:47 AM, Randy Bush wrote: Does anyone have the full story on this?

Re: Are we really this helpless? (Re: isprime DOS in progress)

On Fri, 23 Jan 2009, Jeffrey Lyon wrote: I respectfully disagree. Network engineers have to keep up with many tasks and preventing DoS/DDoS should be the responsibility of everyone. I see more folks worried about spam than they are actual security. Because non of us wantsto spend the next two d

RE: Cogent haiku

On Fri, 9 Jan 2009, Steve Fischer wrote: That is too funny! He cheated by adding periods :P -Original Message- From: neal rauhauser [mailto:nrauhau...@gmail.com] Sent: Friday, January 09, 2009 3:06 PM To: nanog@nanog.org Subject: Cogent haiku Cogent drops packets. Angry customers ca

Re: Cogent haiku

hehe On Fri, 9 Jan 2009, neal rauhauser wrote: Cogent drops packets. Angry customers call. Twice. Admin writes haiku.

Re: Ethical DDoS drone network

On Sun, 4 Jan 2009, kris foster wrote: On Jan 4, 2009, at 11:11 PM, Gadi Evron wrote: On Mon, 5 Jan 2009, Patrick W. Gilmore wrote: On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote: On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote: I can think of several instances where it _must_ be

Re: Ethical DDoS drone network

On Mon, 5 Jan 2009, Patrick W. Gilmore wrote: On Jan 5, 2009, at 1:33 AM, Roland Dobbins wrote: On Jan 5, 2009, at 2:08 PM, Patrick W. Gilmore wrote: You want to 'attack' yourself, I do not see any problems. And I see lots of possible benefits. This can be done internally using various traf

Re: Ethical DDoS drone network

On Sun, 4 Jan 2009, John Kristoff wrote: On Sun, 4 Jan 2009 21:06:34 -0500 "Jeffrey Lyon" wrote: Say for instance one wanted to create an "ethical botnet," how would this be done in a manner that is legal, non-abusive toward other networks, and unquestionably used for legitimate internal secur

Re: Security team successfully cracks SSL using 200 PS3's and MD5

On Fri, 2 Jan 2009, Dragos Ruiu wrote: www.win.tue.nl/hashclash/rogue-ca/; classtype: policy-violation; sid:101;) You can't really use any snort rule to detect SHA-1 certs created by a fake authority created using the MD5 issue. Yes, this is a serious matter, but it hardly has any operat

Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

On Fri, 2 Jan 2009, Joe Abley wrote: On 2009-01-02, at 09:04, Rodrick Brown wrote: A team of security researchers and academics has broken a core piece of Internet technology. They made their work public at the 25th Chaos Communication Congress in Berlin today. The team was able to create a ro

reliable IOS exploitation

FX has given a comprehensive talk about IOS exploitation (including even TCL scripts operators leave behind when they moved jobs to retain access). He has shown effective and ineffective ways of detecting compromise in IOS. Then, he has shown how reliable exploitation of IOS routers works. His

Attacking a critical Internet infrastructure

Hi folks and happy new year! I am emailing to spam about a talk about to be given at the CCC conference (25c3). I apologize for the cross-posting. At the 4th day of CCC (30th), there is an interesting as-of-yet no details disclosed talk by a couple of good people. http://events.ccc.de/congr

[USN-698-1] Nagios vulnerability (fwd)

-- Forwarded message -- Date: Mon, 22 Dec 2008 09:35:54 -0500 From: Marc Deslauriers To: ubuntu-security-annou...@lists.ubuntu.com Cc: bugt...@securityfocus.com, full-disclos...@lists.grok.org.uk Subject: [USN-698-1] Nagios vulnerability

Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...]

On Sun, 14 Dec 2008, Christopher Morrow wrote: On Sun, Dec 14, 2008 at 8:44 PM, Gadi Evron wrote: On Sun, 14 Dec 2008, Rich Kulawiec wrote: On Sat, Dec 13, 2008 at 05:51:13PM +0900, Randy Bush wrote: but you need to be much more specific about what you want from medium and smaller isps

Re: Security Intelligence [Was: Re: Netblock reassigned from Chile to US ISP...]

On Sun, 14 Dec 2008, Rich Kulawiec wrote: On Sat, Dec 13, 2008 at 05:51:13PM +0900, Randy Bush wrote: but you need to be much more specific about what you want from medium and smaller isps, and what the immediate payoffs (cf. the financial secions of the newpaper) will be to them to justify the

RE: an over-the-top data center

On Fri, 28 Nov 2008, Howard C. Berkowitz wrote: It seems that all these cases are more under the bottom than over the top. Every couple of years there is a story about some anti virus company, data center, or whatever running out of an old nuclear bunker/military base/middle of no where. I

RE: [funsec] McColo: Major Source of Online Scams andSpamsKnockedOffline (fwd)

On Fri, 14 Nov 2008, Dave Larter wrote: I would agree, a tedious drop. The image is from one of our gateways. Spam will be back. The value is that we see networks no longer willing to accept bad apples among them. There are other pros and cons, but if nothing else, it's a moral victory and ma

Re: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd)

On Wed, 12 Nov 2008, Kee Hinckley wrote: After reading this, and the (Washington Post I believe--I'm away from my laptop right now) article on this, two things are bothering me. The article expressed a good deal of frustration with the (lack of) speed with which law enforcement has been tackli

[funsec] McColo: Major Source of Online Scams and Spams Knocked Offline (fwd)

-- Forwarded message -- Date: Tue, 11 Nov 2008 18:22:42 -0800 From: Paul Ferguson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [funsec] McColo: Major Source of Online Scams and Spams Knocked Offline -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Via Security Fix. [snip]

Re: Current subscribe address for outages list?

On Wed, 29 Oct 2008, Gadi Evron wrote: actually nobody has posted any info about this other than what you just posted, no details/carrier/location etc. Jared was kind enough to take the hosting load, and the list is now hosted there. Also, following discussions on nanog-futures I

Re: Current subscribe address for outages list?

actually nobody has posted any info about this other than what you just posted, no details/carrier/location etc. Jared was kind enough to take the hosting load, and the list is now hosted there. Also, following discussions on nanog-futures I removed myself as moderator, so that we can co

[funsec] ICANN Terminates EstDomains' Registrar Accreditation (fwd)

-- Forwarded message -- Date: Tue, 28 Oct 2008 20:47:48 -0700 From: Paul Ferguson <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [funsec] ICANN Terminates EstDomains' Registrar Accreditation -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 "Dear Mr. Tsastsin, "Be advised that

Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)

On Tue, 7 Oct 2008, Steven M. Bellovin wrote: On Tue, 7 Oct 2008 14:07:04 -0400 (EDT) Sean Donelan <[EMAIL PROTECTED]> wrote: On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote: On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said: What about exceeding the minimum requirements for a change. (I think

Re: Hey ISC, thanks for providing free wifi to intercage!

On Sat, 4 Oct 2008, Suresh Ramasubramanian wrote: On Sat, Oct 4, 2008 at 6:19 AM, Gadi Evron <[EMAIL PROTECTED]> wrote: On Sat, 4 Oct 2008, Noel Butler wrote: I'll post what I want, when I want and however I want, and no self appointed net nazi is going to tell me otherwise

Re: Hey ISC, thanks for providing free wifi to intercage!

On Sat, 4 Oct 2008, Noel Butler wrote: I'll post what I want, when I want and however I want, and no self appointed net nazi is going to tell me otherwise. Ah! You mentioned the Nazis. Now we know the thread is over. :) We should mention Nazis more often to end threads here. Godwin's law to t

Re: Hey ISC, thanks for providing free wifi to intercage!

I do believe the wireless is provided for 200 Paul and everyone hosted there. But if gloating in an inflamatory fashion ... oh, fake email address. What a surprise. Gadi. On Wed, 1 Oct 2008, intercage blows wrote: * RussM ([EMAIL PROTECTED]) has joined #dronebl * RussM *pokes* nenolo

Re: Estonian Cyber Security Strategy document -- now available online

On Sat, 27 Sep 2008, Eliot Lear wrote: On 9/26/08 4:08 PM, Gadi Evron wrote: Hello. The Estonian cyber security strategy document is now available online. I must say once again the concept of a national cyber security stance is quite interesting. But not new. It's something a numb

Re: Internet Filtering Lobby ?

On Fri, 26 Sep 2008, Marshall Eubanks wrote: Does anyone know what this group is really about and how it might actually impact real networks ? Reminds me of something Fergie said at ISOI 5 just a couple of weeks ago: if only the records industry was interested in folks like Atrivo and RBN (as

Estonian Cyber Security Strategy document -- now available online

daily functioning of the Estonian economy." Those who wish to download the document: http://www.mod.gov.ee/?op=body&id=518 My contact there specified she'd be happy to answer any questions. To avoid spam of her inbox, email me for her address. Gadi Evron.

Re: DDoS from theplanet.com

On Fri, 26 Sep 2008, Term wrote: Hi, Is there anyone on this list that can give me a noc/security contact for someone at theplanet.com I have been getting a DDos from servers hosted with them for the past 60 hours and they seem to have the care factor of 0 There are some good security peo

Re: ASN 8997 again

On Thu, 25 Sep 2008, Scott Weeks wrote: -- [EMAIL PROTECTED] wrote: From: "Christopher Morrow" <[EMAIL PROTECTED]> On Thu, Sep 25, 2008 at 12:53 PM, <[EMAIL PROTECTED]> wrote: On Thu, 25 Sep 2008 11:39:44 CDT, Justin Shore said: group would be interested in knowing that whois.e

Re: Atrivo/Intercage

On Wed, 24 Sep 2008, William Pitcock wrote: No, but others have, and it isn't helpful towards resolving this problem. Ultimately, neither is forcing them off the internet. Well, in actuality, that resolves part of the problem, but I suspect that a lot of the affected cybercrime has moved to othe

Re: Renesys Blog Article [Was: Re: the Intercage mess]

On Wed, 24 Sep 2008, Paul Ferguson wrote: Just a side-note: Rensys has an interesting blog article up today on this Atrivo/Intercage "mess": http://www.renesys.com/blog/2008/09/internet_vigilantism_1.shtml FYI, I have but one comment. There is a difference between Vigilantism as it is percei

Re: the Intercage mess

On Wed, 24 Sep 2008, *Hobbit* wrote: While it's good to see some community effort going toward slapping a lid on misbehaving sources, how about a little consistency in the bigger picture? Consider this sort of scenario: An ISP allows its infrastructure to emit spam and host compromised machines

  1   2   3   >