RE: amazonaws.com?

On Tue, 27 May 2008, [EMAIL PROTECTED] wrote: > > But a more advanced intelligence will wonder why we have to have an SMTP > server architecture that invites attacks. Why, by definition, do SMTP > servers have to accept connections from all comers, by default? We have > shown that other architectur

RE: amazonaws.com?

> I don't see how, in your preferred replacement email > architecture, a provider would be able to avoid policing > their users to prevent spam in the way that you complain is > so burdensome. To begin with, mail could only enter such a system through port 587 or through a rogue operator signi

Re: AT&T BGP blackholing

On Wed, May 28, 2008 at 12:08 AM, Philip L. <[EMAIL PROTECTED]> wrote: > Does anyone have information or a contact at AT&T with regards to setting up > BGP blackholing with them? I see that the question has been asked in the > past but there was no definitive answer, at least none that I could fin

RE: Hurricane season starts June 1: Carriers harden networks

> The official spokespeople don't mention it, but there is also > a tendency for local officials to divert fuel delivery trucks > for their use instead of maintaining communication facilities. How much fuel can you legally carry in drums inside the trucks that your company already has with your

RE: IOS Rookit: the sky isn't falling (yet)

> So let's see - if you had a billion CPUs in your botnet, and > each one could go at a billion to the second, you still need > 2**69 seconds or 449,235,776,528,695 years. Not bad - only > 10,000 times the amount of time this planet has been around, > so yeah, that's the way they'll attack all

Re: AT&T BGP blackholing

I'll have to check I have a doc from AT&T at work from when I just set up a BGP session with them about 2 weeks ago. I don't remember if there was a blackhole community or not listed. The doc does list some community strings. I was surprised, they were pretty responsive, now I will find out h

Re: Hurricane season starts June 1: Carriers harden networks

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jared Mauch wrote: > > On May 27, 2008, at 6:47 PM, Jerry Dixon wrote: > >> Jared nailed it on the head. It is absolutely critical to get to know >> who >> your State JFO POC is, State EOC POC, and have the National Communication >> Systems Hotline

RE: amazonaws.com?

On Wed, 28 May 2008, [EMAIL PROTECTED] wrote: > > > I don't see how, in your preferred replacement email > > architecture, a provider would be able to avoid policing > > their users to prevent spam in the way that you complain is > > so burdensome. > > To begin with, mail could only enter such a sy

Re: amazonaws.com?

Has Amazon given an official statement on this? It would be nice to get someone from within Amazon to give us their official view on this. It would be even more appropriate for the other cloud infrastructures to join in, and or have some sort of RFC to do with SMTP access within the "cloud." I fors

Re: amazonaws.com?

On May 28, 2008, at 9:03 AM, Sargun Dhillon wrote: Has Amazon given an official statement on this? It would be nice to get someone from within Amazon to give us their official view on this. It would be even more appropriate for the other cloud infrastructures to join in, and or have some sort

Re: amazonaws.com?

Well the thing that differentiates "the cloud" is that there is an infinite amount of resources, the ability to have anonymous access, and the infinite amount of identities. Basically Amazon has allocated a /18, /19, and /17 to EC2. The chances of getting the same IP between two instances amongst t

RE: amazonaws.com?

That's somewhat ironic of a sentiment you referred to there, given that the conception that one should have to hand over one's SSN for "verification" to anyone who asks for it is the kind of thing that many of these spammers/phishers thrive on in the first place... (I assume that you are not ac

Re: amazonaws.com?

I would think that simply requiring some appropriate amount of irrevocable funds (wire transfer, etc) for a deposit that will be forfeited in the case of usage in violation of AUP/contract/etc would be both sufficient and not excessive for allowing port 25 access, etc. On Wed, May 28, 2008 at 1:01

Re: amazonaws.com?

On 5/28/08, Skywing <[EMAIL PROTECTED]> wrote: > > That's somewhat ironic of a sentiment you referred to there, given that the > conception that one should have to hand over one's SSN for "verification" to > anyone who asks for it is the kind of thing that many of these > spammers/phishers thrive o

Re: amazonaws.com?

On 28 May 2008, at 16:34, Sargun Dhillon wrote: Well the thing that differentiates "the cloud" is that there is an infinite amount of resources, the ability to have anonymous access, and the infinite amount of identities. That sounds great. Presumably in addition to the above the sun is

Re: Hurricane season starts June 1: Carriers harden networks

On Tue, May 27, 2008 at 06:58:47PM -0400, Jared Mauch wrote: > I think there's something else to make note of. > > NCS wants to make sure that a number of the ISPs and critical > infrastructure operators have WPS/GETS available to the people who > rightly need them. If you're not

Re: amazonaws.com?

On Wed, May 28, 2008 at 12:01:30PM -0500, Skywing wrote: > That's somewhat ironic of a sentiment you referred to there, given > that the conception that one should have to hand over one's SSN for > "verification" to anyone who asks for it is the kind of thing that > many of these spammers/phishers

New ID: Special Use IPv4 Addresses

http://www.ietf.org/internet-drafts/draft-iana-rfc3330bis-01.txt Other than a formatting error in the header ("IPv4 Multicast Guidelines") instead of ("Special Use IPv4 Addresses"), the only significant change appears to be removing the "Reserved" status of the old Classfull boundary networks.

RE: amazonaws.com?

> I think the straightforward fix is for Amazon to put some > practical mail guidelines together for their environment Has anyone making these suggestions ever thought to look at the Amazon Web Services agreement that governs these EC2 customers?

Network meltdowns anywhere in US?

Hi, Sorry, would have posted this elsewhere, but I can't get to alot of places... I originally started chasing not being able to get to 71.74.56.243 (RR Mail server). I then found out neither L3 nor my other connection saw it in the table. I checked a few other router servers, so

Re: Network meltdowns anywhere in US?

On Wed, May 28, 2008 at 4:05 PM, Tuc at T-B-O-H.NET <[EMAIL PROTECTED]> wrote: > Hi, > >Sorry, would have posted this elsewhere, but I can't get > to alot of places... > >I originally started chasing not being able to get to > 71.74.56.243 (RR Mail server). I then found out neither

Re: Network meltdowns anywhere in US?

> On Wed, May 28, 2008 at 4:05 PM, Tuc at T-B-O-H.NET <[EMAIL PROTECTED]> wrote: > > > Hi, > > > >Sorry, would have posted this elsewhere, but I can't get > > to alot of places... > > > >I originally started chasing not being able to get to > > 71.74.56.243 (RR Mail server). I then

Re: amazonaws.com?

On Wed, May 28, 2008 at 9:14 AM, Steve Atkins <[EMAIL PROTECTED]> wrote: > > On May 28, 2008, at 9:03 AM, Sargun Dhillon wrote: > >> Has Amazon given an official statement on this? It would be nice to get >> someone from within Amazon to give us their official view on this. It >> would be even more

Re: amazonaws.com?

On Wed, 28 May 2008, Dorn Hetzel wrote: I would think that simply requiring some appropriate amount of irrevocable funds (wire transfer, etc) for a deposit that will be forfeited in the case of usage in violation of AUP/contract/etc would be both sufficient and not excessive for allowing port 25

Re: Network meltdowns anywhere in US?

> On Wed, May 28, 2008 at 4:05 PM, Tuc at T-B-O-H.NET <[EMAIL PROTECTED]> wrote: > > > Hi, > > > >Sorry, would have posted this elsewhere, but I can't get > > to alot of places... > > > >I originally started chasing not being able to get to > > 71.74.56.243 (RR Mail server). I then

Re: amazonaws.com?

On May 28, 2008 at 21:43 [EMAIL PROTECTED] (Peter Beckman) wrote: > On Wed, 28 May 2008, Dorn Hetzel wrote: > > > I would think that simply requiring some appropriate amount of irrevocable > > funds (wire transfer, etc) for a deposit that will be forfeited in the case > > of usage in violati

Re: amazonaws.com?

On Wed, 28 May 2008, Barry Shein wrote: On May 28, 2008 at 21:43 [EMAIL PROTECTED] (Peter Beckman) wrote: > On Wed, 28 May 2008, Dorn Hetzel wrote: > > > I would think that simply requiring some appropriate amount of irrevocable > > funds (wire transfer, etc) for a deposit that will be forfeited

Re: IOS Rookit: the sky isn't falling (yet)

On Wed, 28 May 2008 10:37:05 +0100 <[EMAIL PROTECTED]> wrote: > > So let's see - if you had a billion CPUs in your botnet, and > > each one could go at a billion to the second, you still need > > 2**69 seconds or 449,235,776,528,695 years. Not bad - only > > 10,000 times the amount of time thi

Re: Network meltdowns anywhere in US?

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Tuc at T-B-O-H wrote: >> On Wed, May 28, 2008 at 4:05 PM, Tuc at T-B-O-H.NET <[EMAIL PROTECTED]> >> wrote: >> >>> Hi, >>> >>>Sorry, would have posted this elsewhere, but I can't get >>> to alot of places... >>> >>>I originally started

Re: IOS Rookit: the sky isn't falling (yet)

On Thu, 29 May 2008, Steven M. Bellovin wrote: On Wed, 28 May 2008 10:37:05 +0100 <[EMAIL PROTECTED]> wrote: So let's see - if you had a billion CPUs in your botnet, and each one could go at a billion to the second, you still need 2**69 seconds or 449,235,776,528,695 years. Not bad - only 10,0