On 20 February 2013 08:04, Warren Bailey
wrote:
> An Internet kill switch is a nightmare. We can't even figure out how to run a
> relay radio system for national emergencies.. Now we are going to assume the
> people who were owned can somehow shut off communications?
>
> We as Americans have ple
> From: Shrdlu [mailto:shr...@deaddrop.org]
> On 3/12/2013 4:16 PM, Warren Bailey wrote:
>
> > Contractors with facility clearances? I would find it hard to believe
> > dot gov would run secure circuits to a non secure facility. ;)
>
> The word "Contractor" is usually used to refer to anyone that
> From: Mike A [mailto:mi...@mikea.ath.cx]
> On Thu, Feb 21, 2013 at 04:41:42PM +, Warren Bailey wrote:
> > Not to mention, the KG units are dot government only.. For obvious
> reasons.
> Erm ... yesandno. Lots of defense contractors have one end of a secured
> circuit. Been there, installed-
On 3/12/2013 4:16 PM, Warren Bailey wrote:
Contractors with facility clearances? I would find it hard to believe
dot gov would run secure circuits to a non secure facility. ;)
The word "Contractor" is usually used to refer to anyone that has a
contract to do work with the government. Having sp
To: nanog@nanog.org
Subject: Re: Network security on multiple levels (was Re: NYT covers China
cyberthreat)
On Thu, Feb 21, 2013 at 04:41:42PM +, Warren Bailey wrote:
> Not to mention, the KG units are dot government only.. For obvious reasons.
Erm ... yesandno. Lots of defense contractor
On Thu, Feb 21, 2013 at 04:41:42PM +, Warren Bailey wrote:
> Not to mention, the KG units are dot government only.. For obvious reasons.
Erm ... yesandno. Lots of defense contractors have one end of a secured
circuit. Been there, installed-and-maintained them.
--
Mike Andrews, W5EGO
mi...@mi
Defense in Depth has been paid lipservice for too long, and now we are
witnessing the outcome.
> -- Original Message --
> From: Adele Thompson
> To: Kyle Creyts
> Cc: Derek Noggle , nanog@nanog.org
> Date: February 27, 2013 at 1:24 AM
> Subject: Re: NYT covers
On Tue, Feb 26, 2013 at 8:39 AM, Kyle Creyts wrote:
> I think it is safe to say that finding a foothold inside of the United
> States from which to perform/proxy an attack is not the hardest thing
> in the world. I don't understand why everyone expects that major
> corporations and diligent opera
I think it is safe to say that finding a foothold inside of the United
States from which to perform/proxy an attack is not the hardest thing
in the world. I don't understand why everyone expects that major
corporations and diligent operators blocking certain countries'
prefixes will help. That bein
On Thu, Feb 21, 2013 at 11:47:44AM -0600, Naslund, Steve wrote:
[a number of very good points ]
Geoblocking, like passive OS fingerprinting (another technique that
reduces attack surface as measured along one axis but can be defeated
by a reasonably clueful attacker), doesn't really solve problem
- Original Message -
From:
To: "Suresh Ramasubramanian"
Cc:
Sent: Thursday, February 21, 2013 5:54 PM
Subject: Re: NYT covers China cyberthreat
And since it's Wacky Friday somewhere:
http://arstechnica.com/security/2013/02/how-anonymous-accidentally-helped-expose-two-chinese-hackers/
On 21 February 2013 21:58, Jack Bates wrote:
...
>
> The A-team doesn't get caught and detailed. The purpose of the other teams
> is to detect easy targets, handle easy jobs, and create lots of noise for
> the A-team to hide in. Hacking has always had a lot in common with magic.
> Misdirection is
On Fri, 22 Feb 2013 06:11:21 +0530, Suresh Ramasubramanian said:
> And so their bush league by itself was responsible for all the penetrations
> that mandiant says they did? Which shows that they don't have to be
> particularly smart, just a bit smarter than their average spear phish or
> other at
On Thu, Feb 21, 2013 at 3:58 PM, Jack Bates wrote:
> The A-team doesn't get caught and detailed
no, the A-team has BA Baraccus... he pities the fool who gets caught
and detailed... the last thing BA detailed was his black van.
And so their bush league by itself was responsible for all the penetrations
that mandiant says they did? Which shows that they don't have to be
particularly smart, just a bit smarter than their average spear phish or
other attack's victim.
On Friday, February 22, 2013, Jack Bates wrote:
> On 2/2
On 2/21/2013 12:17 PM, Scott Weeks wrote:
I'm not upset. I'm pointing out what Steven Bellovin said
in just a few words: "This strongly suggests that it's not
their A-team..."
The A-team doesn't get caught and detailed. The purpose of the other
teams is to detect easy targets, handle easy
On Feb 20, 2013, at 9:07 PM, Steven Bellovin wrote:
>
> On Feb 20, 2013, at 1:33 PM, valdis.kletni...@vt.edu wrote:
>
>> On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
>>> boys and girls, all the cyber-capable countries are cyber-culpable. you
>>> can bet that they are all snooping and
--- kyle.cre...@gmail.com wrote:
From: Kyle Creyts
The focus on platform here is ridiculous; can someone explain how
platform of attacker or target is extremely relevant? Since when did
--
It implies their skillset. Here's something I just saw that
Scott Weeks wrote:
--- calin.chior...@secdisk.net wrote:
You seem "upset" that they are using M$ only(target and
source).
I'm not upset. I'm pointing out what Steven Bellovin said
in just a few words: "This strongly suggests that it's not
their A-team..."
This is a technical mailing list wh
--- calin.chior...@secdisk.net wrote:
From: "calin.chiorean"
:: This all seems to be noobie stuff. There's nothing technically cool
:: to see here
>> You mean the report or the activity?
The activity.
>> You seem "upset" that they are using M$ only(target and
>> source).
I'm not upset.
f what the
implications of messing with them is. Remember Doctor Strangelove,
"what good is a doomsday bomb if you don't tell anyone about it ?!?!?"
Steven Naslund
-Original Message-
From: Rich Kulawiec [mailto:r...@gsp.org]
Sent: Thursday, February 21, 2013 10:00 AM
: Network security on multiple levels (was Re: NYT covers China
cyberthreat)
On Thu, Feb 21, 2013 at 11:23 AM, Jack Bates wrote:
> On 2/21/2013 12:03 AM, Scott Weeks wrote:
>>
>> I would sure be interested in hearing about hands-on operational
>> experiences with encryptors. Re
On Thu, Feb 21, 2013 at 11:23 AM, Jack Bates wrote:
> On 2/21/2013 12:03 AM, Scott Weeks wrote:
>>
>> I would sure be interested in hearing about hands-on operational
>> experiences with encryptors. Recent experiences have left me
>> with a sour taste in my mouth. blech!
>>
>> scott
>>
>>
>
> Ag
On 2/21/2013 12:03 AM, Scott Weeks wrote:
I would sure be interested in hearing about hands-on operational
experiences with encryptors. Recent experiences have left me
with a sour taste in my mouth. blech!
scott
Agreed. I've generally skipped the line side and stuck with L3 side
encryptio
On Thu, Feb 21, 2013 at 01:34:13AM +, Warren Bailey wrote:
> I can't help but wonder what would happen if US Corporations simply
> blocked all inbound Chinese traffic. Sure it would hurt their business,
> but imagine what the Chinese people would do in response.
Would it hurt their business?
Scott Weeks wrote:
Be sure to read the source:
intelreport.mandiant.com/Mandiant_APT1_Report.pdf
Anybody happen to notice that the report sounds awfully like the
scenario laid out in Tom Clancy's latest book, "Threat Vector?"
--
In theory, there is no difference between theory and practic
On 21-Feb-13 04:25, Kyle Creyts wrote:
> For another example of this, an acquaintance once told me about the process
> of getting internationally standardized technologies approved for deployment
> in China; the process that was described to me involved giving China the
> standards-based spec th
The focus on platform here is ridiculous; can someone explain how
platform of attacker or target is extremely relevant? Since when did
people fail to see that we have plenty of inter-platform tools and
services, and plenty of tools for either platform built with the
express purpose of interaction w
::This all seems to be noobie stuff. There's nothing technically cool
::to see here
You mean the report or the activity?
You seem "upset" that they are using M$ only(target and source). They steal
data!!! From whom to steal? From a guru that spend minimum 8 hours a day in
from of *nix?
Why t
On Thursday, February 21, 2013, Warren Bailey wrote:
> The only spanking that has been going on nanog lately is Jay using his
> email to keep us up to date on current news. I am going to call it a
> night, and look for a SCUD fired from Florida in the morning. ;)
>
>
Nanog setting their list serve
The only spanking that has been going on nanog lately is Jay using his
email to keep us up to date on current news. I am going to call it a
night, and look for a SCUD fired from Florida in the morning. ;)
On 2/20/13 11:29 PM, "Richard Porter" wrote:
>When you really look at human behavior the
When you really look at human behavior the thing that remains the same is core
motives. The competition makes sense in that it is human nature to aggresse for
resources. We are challenged in the "fact" that we 'want' to belong among the
other five. This will never change but.
What is really
--- s...@cs.columbia.edu wrote:
From: Steven Bellovin
An amazing percentage of "private" lines are pseudowires, and neither you nor
your telco salesdroid can know or tell; even the "real" circuits are routed
through DACS, ATM switches, and the like. This is what link encryptors are
all abou
Very true. The objection is more that the exploits are aimed at civilian
rather than (or, more accurately, as well as) military / government /
beltway targets.
Which makes the alleged chinese strategy rather more like financing jehadis
to suicide bomb and shoot up hotels and train stations, rather
On Feb 20, 2013, at 1:33 PM, valdis.kletni...@vt.edu wrote:
> On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
>> boys and girls, all the cyber-capable countries are cyber-culpable. you
>> can bet that they are all snooping and attacking eachother, the united
>> states no less than the rest.
Failure to understand reality is not reality's fault.
On February 20, 2013 at 09:10 calin.chior...@secdisk.net (calin.chiorean) wrote:
>
> If I didn't miss any part of the report, no *nix is mentioned.
>
> I'm a *nix fan, but why they (when I say they, I mean an attacker, not
> necessary
On Feb 20, 2013, at 3:20 PM, Jack Bates wrote:
> On 2/20/2013 1:05 PM, Jon Lewis wrote:
>>
>> See thread: nanog impossible circuit
>>
>> Even your leased lines can have packets copied off or injected into them,
>> apparently so easily it can be done by accident.
>>
>
> This is especially tr
: Suresh Ramasubramanian
Date: 02/20/2013 5:22 PM (GMT-08:00)
To: sur...@mauigateway.com
Cc: nanog@nanog.org
Subject: Re: NYT covers China cyberthreat
Net net - what we have here is, so far, relatively low tech exploits with a
huge element of brute force, and the only innovation being in the delivery
m
Net net - what we have here is, so far, relatively low tech exploits with a
huge element of brute force, and the only innovation being in the delivery
mechanism - very well crafted spear phishes
They don't particularly need to hide in a location where they're literally
bulletproof (considering how
--- valdis.kletni...@vt.edu wrote:
The scary part is that so many things got hacked by a bunch of people
who made the totally noob mistake of launching all their attacks from
the same place
This all seems to be noobie stuff. There's nothing
On 2/20/2013 1:05 PM, Jon Lewis wrote:
See thread: nanog impossible circuit
Even your leased lines can have packets copied off or injected into
them, apparently so easily it can be done by accident.
This is especially true with pseudo-wire and mpls. Most of my equipment
can filter based m
--- On Wed, 2/20/13, Jay Ashworth wrote:
> - Original Message -
> > From: "Owen DeLong"
> > The DACS question wasn't about DACS owned by the people
> using the
> > circuit, it was about DACS inside the circuit provider.
> When you buy a
> > DS1 that goes through more than one CO in betw
If you have that option, I suppose that would be one way to solve it.
I, rather, see it as a reason to:
1. Cryptographically secure links that may be carrying private
data.
2. Rotate cryptographic keys (relatively) often on such links.
YMMV, but I think encryption is a
--- valdis.kletni...@vt.edu wrote:
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
> boys and girls, all the cyber-capable countries are cyber-culpable. you
> can bet that they are all snooping and attacking eachother, the united
> states no less than the rest. news at eleven.
The scary p
Isn't this a strong argument to deploy and operate a network independent
of the traditional switch circuit provider space?
On 2/20/13 11:22 AM, "Jay Ashworth" wrote:
>- Original Message -
>> From: "Owen DeLong"
>
>> Many DACS have provision for "monitoring" circuits and feeding the
>> d
- Original Message -
> From: "Owen DeLong"
> Many DACS have provision for "monitoring" circuits and feeding the
> data off to a third circuit in an undetectable manner.
>
> The DACS question wasn't about DACS owned by the people using the
> circuit, it was about DACS inside the circuit p
Many DACS have provision for "monitoring" circuits and feeding the data
off to a third circuit in an undetectable manner.
The DACS question wasn't about DACS owned by the people using the
circuit, it was about DACS inside the circuit provider. When you buy a
DS1 that goes through more than one CO
On Wed, 20 Feb 2013, Jay Ashworth wrote:
Well, Warren, I once had a discussion with someone about whether dedicated
DS-1 to tie your SCADA network together were "secure enough" and they asked
me:
"Does it run through a DACS? Where can you program the DACS from?"
See thread: nanog impossible c
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
> boys and girls, all the cyber-capable countries are cyber-culpable. you
> can bet that they are all snooping and attacking eachother, the united
> states no less than the rest. news at eleven.
The scary part is that so many things got hacked
I did not approach the inline encryption units on purpose. Obviously
anything that leaves .mil land not riding something blessed by DISA is
going to have something like a KG on both ends. Generally Satellite
systems use TRANSEC, though in our line of work it's an extremely
expensive add-on to an ot
( Well I'm sure that there is a few hundrends of paper on this subject )
I have a few ideas but it involve:
.Dark Fiber;
. All devices at FIPS 140 level;
. Tonnes of resin;
. Wire mesh;
. Fiber DB monitoring;
. Cable Shield monitoring;
> From: Warren Bailey [mailto:wbai...@satelliteintelligencegroup.com]
> If you are doing DS0 splitting on the DACS, you'll see that on the
> other
> end (it's not like channelized CAS ds1's or PRI's are difficult to look
> at
> now) assuming you have access to that. If the DACS is an issue, buy t
On Wed, Feb 20, 2013 at 9:13 AM, Jay Ashworth wrote:
> - Original Message -
>> From: "Warren Bailey"
>
>> We as Americans have plenty of things we have done halfass.. I hope an
>> Internet kill switch doesn't end up being one of them. Build your own
>> private networks, you can't get root
If you are doing DS0 splitting on the DACS, you'll see that on the other
end (it's not like channelized CAS ds1's or PRI's are difficult to look at
now) assuming you have access to that. If the DACS is an issue, buy the
DACS and lock it up. I was on a .mil project that used old school Coastcom
DI I
- Original Message -
> From: "Randy Bush"
> > Part of the entire 'chinese l337 hxx0r spy' 1st complex is
> > apparently
> > the local equivalent of a community college, where the passing out
> > assignment is probably something on the lines of 'get me a dump of
> > the dalai lama's email'
- Original Message -
> From: "Warren Bailey"
> We as Americans have plenty of things we have done halfass.. I hope an
> Internet kill switch doesn't end up being one of them. Build your own
> private networks, you can't get rooted if someone can't knock. Simple
> as that.
Well, Warren, I
This is a improvement over some russian spies, that have the passwords
written down in a piece of paper.
http://www.networkworld.com/news/2010/063010-russian-spy-ring.html?hpg1=bn
<>
Windows XP crapines, slowing down russian spies :D
My password at home is "don't be the low hanging fruit".
Eve
n"
> Date: 02/20/2013 12:36 AM (GMT-08:00)
> To: Warren Bailey
> Cc: sur...@mauigateway.com,nanog@nanog.org
> Subject: Re: NYT covers China cyberthreat
>
>
>
> IMO, if we stick to the document and they are organized in military style,
> then
e when you have a college full of programmers.
>
>
> From my Android phone on T-Mobile. The first nationwide 4G network.
>
>
>
> Original message
> From: Scott Weeks
> Date: 02/20/2013 12:23 AM (GMT-08:00)
> To
If I didn't miss any part of the report, no *nix is mentioned.
I'm a *nix fan, but why they (when I say they, I mean an attacker, not
necessary the one in this document) should complicate their life, when all
tools are available for windows os, you just have to compile them.
Cheers,
Calin
--
onwide 4G network.
>
>
>
> Original message
> From: Zaid Ali Kahn
> Date: 02/19/2013 10:44 PM (GMT-08:00)
> To: Kyle Creyts
> Cc: nanog@nanog.org
> Subject: Re: NYT covers China cyberthreat
>
>
> We have done our part to China as well along with other
--- calin.chior...@secdisk.net wrote:
From: "calin.chiorean"
It was just an example :-) to point out the scale of developers
vs operators.
:: You'd be surprised at how much better brains are than brawn
:: on these things... ;-)
--- wbai...@satel
Have you been to The Great Wall? That statement does not apply in the PRC.
>From my Android phone on T-Mobile. The first nationwide 4G network.
Original message
From: Scott Weeks
Date: 02/20/2013 12:54 AM (GMT-08:00)
To: nanog@nanog.org
Subject: Re: NYT covers Ch
> Part of the entire 'chinese l337 hxx0r spy' 1st complex is apparently
> the local equivalent of a community college, where the passing out
> assignment is probably something on the lines of 'get me a dump of the
> dalai lama's email'.
american education is behind in many things. this is but one
--- calin.chior...@secdisk.net wrote:
From: "calin.chiorean"
It was just an example :-) to point out the scale of developers vs operators.
You'd be surprised at how much better brains are than brawn on these things...
;-)
scott
--- calin.chior...@secdisk.net wrote:
From: "calin.chiorean"
IMO, if we stick to the document and they are organized in military
style, then a person who collect information, should focus only on
that particular phase. That person is an operator, he or she should
not be keep busy remembering
Part of the entire 'chinese l337 hxx0r spy' 1st complex is apparently the
local equivalent of a community college, where the passing out assignment
is probably something on the lines of 'get me a dump of the dalai lama's
email'.
--srs (htc one x)
On 20-Feb-2013 2:08 PM, "Scott Weeks" wrote:
>
>
: 02/20/2013 12:36 AM (GMT-08:00)
To: Warren Bailey
Cc: sur...@mauigateway.com,nanog@nanog.org
Subject: Re: NYT covers China cyberthreat
IMO, if we stick to the document and they are organized in military style, then
a person who collect information, should focus only on that particular phase.
>I'm only part way through, but I find it hard to believe that
>only micro$loth computers are used as the attack OS. Maybe I
--- calin.chior...@secdisk.net wrote:
From: "calin.chiorean"
:: when all tools are available for windows os, you just have to compile them.
They are when you have a college full of programmers.
>From my Android phone on T-Mobile. The first nationwide 4G network.
Original message
From: Scott Weeks
Date: 02/20/2013 12:23 AM (GMT-08:00)
To: nanog@nanog.org
Subject: Re: NYT covers China cyberthr
--- calin.chior...@secdisk.net wrote:
From: "calin.chiorean"
:: when all tools are available for windows os, you just have to compile them.
-
They're not all available for m$.
scott
On Wed, 20 Feb 2013 09:02:35 +0100 Scott Weeks wr
Be sure to read the source:
intelreport.mandiant.com/Mandiant_APT1_Report.pdf
I'm only part way through, but I find it hard to believe that
only micro$loth computers are used as the attack OS. Maybe I
haven't gotten far enough through report to find the part
where they use the *nix boxes?
te: 02/19/2013 10:44 PM (GMT-08:00)
To: Kyle Creyts
Cc: nanog@nanog.org
Subject: Re: NYT covers China cyberthreat
We have done our part to China as well along with other countries in state
sponsored "hacking". This is more of news amusement rather than news worthy.
Question here shou
We have done our part to China as well along with other countries in state
sponsored "hacking". This is more of news amusement rather than news worthy.
Question here should be how much of this is another effort to get a "kill
switch" type bill back.
Zaid
On Feb 19, 2013, at 10:10 PM, Kyle Cre
boys and girls, all the cyber-capable countries are cyber-culpable. you
can bet that they are all snooping and attacking eachother, the united
states no less than the rest. news at eleven.
randy
quite a bit of coverage lately from the media.
http://online.wsj.com/article/SB10001424127887323764804578313101135258708.html
http://www.bbc.co.uk/news/world-asia-pacific-21505803
http://www.npr.org/2013/02/19/172373133/report-links-cyber-attacks-on-u-s-to-chinas-military
http://www.businessweek.c
http://www.nytimes.com/2013/02/19/technology/chinas-army-is-seen-as-tied-to-hacking-against-us.html?pagewanted=all
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
77 matches
Mail list logo
