* David Ulevitch <[EMAIL PROTECTED]> [2008-04-16 19:18]:
> What else are operators doing to get the pages out when things go wonky?
a UMTS/3G card, that just attaches a usb controller (ohci) and a
usb-serial converter behind it (ubsa), and a "modem" behind that takes
AT commands. the commands ar
Barry Shein <[EMAIL PROTECTED]> wrote on 05/28/2008 11:08:56 PM:
> I'm still curious what a typical $ sale is on one of these cloud
> compute clusters, in orders of magnitude, $1, $10, $100, $1000, ...?
Not sure what a typical sale looks like, but
Single virtual instance: ~ $72/month
from AWS:
iBGPlay is a free tool that graphically displays and animates BGP routing
announcements (http://www.ibgplay.org). iBGPlay will be presented at NANOG43 on
June 3, 2008.
For those that are familiar with BGPlay (http://bgplay.routeviews.org/bgplay/,
http://www.ris.ripe.net/bgplay):
- iBGPlay offe
There is a really huge difference in the ease with which payment from a
credit card can be reversed if fraudulent, and the amount of effort
necessary to reverse a wire transfer. I won't go so far as to say that
reversing a wire transfer is impossible, but I would claim it's many orders
of magnitude
On Wed, May 28, 2008 at 11:08 PM, Barry Shein <[EMAIL PROTECTED]> wrote:
> I am a big, big fan of assessing charges for AUP abuse and making some
> realistic attempt to try to make sure it's collectible, and otherwise
> make some attempt to know who you're doing business with.
Just out of curiosi
Dorn Hetzel wrote:
There is a really huge difference in the ease with which payment from a
credit card can be reversed if fraudulent, and the amount of effort
necessary to reverse a wire transfer. I won't go so far as to say that
reversing a wire transfer is impossible, but I would claim it's man
The financial services world felt the same pre-9/11. Since then FINRA and SEC
regulations enforce "Know Your Customer" rules that require extensive record
keeping. The regulations now are quite burdensome. Given that usage of "cloud"
resources could be used for DDOS and other illegal activities,
The conversation shifted to breaking MD5 because it was mentioned that one
way to prevent the installation of cracked IOS images was to include some
sort of DRM or trusted computing chip in new hardware, and have Cisco sign
their IOS images (supposedly even the boot EEPROM). This wouldn't be DRM i
Oh, come on... Businesses buy services every day that have to be paid for
by methods like wire transfer. We're not talking about making it the only
payment method, just the method for deposits for "risky" services. I wonder
what percentage of Amazon E2C customers even want outbound port 25 acces
Yeah, there was a day when anyone could buy a pickup truck full of ammonium
nitrate fertilizer from a random feed store and not attract any attention at
all, now, maybe not. Just like port 25, it has plenty of legitimate uses,
and some more problematic ones.
On Thu, May 29, 2008 at 9:14 AM, Matth
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 29 May 2008, Fred Reimer wrote:
>plaintext (the IOS code) and the hash. It is not trivial to be able to
>make changes in the code and maintain the same hash value, but there has
>been at least limited success in doing so.
Has there? My unde
On Thu, 29 May 2008 09:18:07 -0400
"Fred Reimer" <[EMAIL PROTECTED]> wrote:
> So the only easy way to attack this is the MD5 hash. We have a know
> plaintext (the IOS code) and the hash. It is not trivial to be able
> to make changes in the code and maintain the same hash value, but
> there has
Dorn Hetzel wrote:
Yeah, there was a day when anyone could buy a pickup truck full of
ammonium nitrate fertilizer from a random feed store and not attract any
attention at all, now, maybe not. Just like port 25, it has plenty of
legitimate uses, and some more problematic ones.
Equating port
On May 29, 2008, at 9:37 AM, Jim Wise wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 29 May 2008, Fred Reimer wrote:
plaintext (the IOS code) and the hash. It is not trivial to be
able to
make changes in the code and maintain the same hash value, but
there has
been at leas
This is not a crypto form, so we shouldn't get deep into the MD5 collision
debate, but I didn't say HOW there has been limited success. Sorry if the
wording of my message was not clear and implied that all you would need were
the plaintext and the hash.
Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS
The code would presumably be run upon boot from a non-flashable source,
which would run the boot ROM code through a check on the crypto chip and
only execute it if it passed. You would not put the code that checks the
boot ROM on the boot ROM. The new crypto chip would presumably have the
initial
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Thu, 29 May 2008, Fred Reimer wrote:
>The code would presumably be run upon boot from a non-flashable source,
>which would run the boot ROM code through a check on the crypto chip and
>only execute it if it passed. You would not put the code that
New keys, to be stored on the crypto chip, would presumably be delivered in
a separately signed package using a master key that would not change
(embedded within the chip). Maybe Cisco even doesn't have this key, and
would need to send a revocation or new public key to be stored on the chip
to the
On May 28, 2008 at 23:53 [EMAIL PROTECTED] (Peter Beckman) wrote:
>
> Getting someone to fax their ID in takes extra time and resources, and
> means it might be hours before you get your account "approved," and for
> some service providers, part of the value of the service is the immedi
On Thu, 29 May 2008, Dorn Hetzel wrote:
There is a really huge difference in the ease with which payment from a
credit card can be reversed if fraudulent, and the amount of effort
necessary to reverse a wire transfer. A mere "court subpoena" wouldn't
even be remotely sufficient. The person wanti
On May 29, 2008 at 09:07 [EMAIL PROTECTED] (Al Iverson) wrote:
> On Wed, May 28, 2008 at 11:08 PM, Barry Shein <[EMAIL PROTECTED]> wrote:
>
> > I am a big, big fan of assessing charges for AUP abuse and making some
> > realistic attempt to try to make sure it's collectible, and otherwise
> >
On May 29, 2008 at 06:08 [EMAIL PROTECTED] (Joel Jaeggli) wrote:
>
> To paraphrase one of my colleagues from the user interaction world:
>
> "The key to offering a compelling service is minimising
> transaction hassles."
>
> I encourage all my competitors to implement inconveni
On May 29, 2008 at 06:46 [EMAIL PROTECTED] (Joel Jaeggli) wrote:
> Dorn Hetzel wrote:
> > Yeah, there was a day when anyone could buy a pickup truck full of
> > ammonium nitrate fertilizer from a random feed store and not attract any
> > attention at all, now, maybe not. Just like port 25,
Peter Beckman <[EMAIL PROTECTED]> writes:
> If you are taking card-not-present credit card transactions over the
...snip "hard to charge fradulent customers" and also "verifying customer
identity annoys the customer"... points-
The goal here is to give abuse a negative expected return.
One w
Barry Shein wrote:
On May 29, 2008 at 06:46 [EMAIL PROTECTED] (Joel Jaeggli) wrote:
> Dorn Hetzel wrote:
> > Yeah, there was a day when anyone could buy a pickup truck full of
> > ammonium nitrate fertilizer from a random feed store and not attract any
> > attention at all, now, maybe not.
On Thu, 29 May 2008, Luke S Crawford wrote:
Peter Beckman <[EMAIL PROTECTED]> writes:
If you are taking card-not-present credit card transactions over the
...snip "hard to charge fradulent customers" and also "verifying customer
identity annoys the customer"... points-
The goal here is to
What I really, really, (really), don't understand is what is this
perverse urge to argue incessantly that spam and related do little or
no harm, are of little consequence, and nothing can be done about it
anyhow? You'd think we were discussing ways to prevent hurricanes (and
some won't even accept
Forwarding this email on behalf of APNIC...
New IPv4 allocation for APNIC (112/8 and 113/8)
Dear colleagues
The information in this announcement is
Update to below (sorry for top-post, but not everone needs to read the
original post).
Thanks in part to the pro-bono efforts of two very good attorneys: Nachman
Yaakov Ziskind, ([EMAIL PROTECTED]) (nanog list member who kindly
emailed me when I sent this to the list) and my father in law, L
In article
<[EMAIL PROTECTED]
.net>, [EMAIL PROTECTED] writes
The official spokespeople don't mention it, but there is also
a tendency for local officials to divert fuel delivery trucks
for their use instead of maintaining communication facilities.
How much fuel can you legally carry in drums
Peter Beckman <[EMAIL PROTECTED]> writes:
...snip "use snort" suggestion
> This is what I think we should ALL be doing -- monitoring our own network
> to make sure we aren't the source, via customers, of the spam or DOS
> attacks. All outbound email from your own network should be scann
Barry Shein wrote:
What I really, really, (really), don't understand is what is this
perverse urge to argue incessantly that spam and related do little or
no harm, are of little consequence, and nothing can be done about it
anyhow? You'd think we were discussing ways to prevent hurricanes (and
so
Dear NANOG Community--
We are looking forward to seeing those who plan to attend NANOG43 at the
New York Marriott at the Brooklyn Bridge in Brooklyn on Sunday.
We expect excellent attendance, with almost 400 registered attendees to
date.
Some important highlights for those still considering at
Link change?
http://www.ietf.org/internet-drafts/draft-iana-rfc3330bis-02.txt
On Wed, May 28, 2008 at 3:12 PM, Sean Donelan <[EMAIL PROTECTED]> wrote:
>
> http://www.ietf.org/internet-drafts/draft-iana-rfc3330bis-01.txt
>
> Other than a formatting error in the header ("IPv4 Multicast Guidelines"
I'm getting "connection refused" from Comcast's POP3
servers, mail.comcast.net. Related to this?
http://www.theregister.co.uk/2008/05/29/comcast_domain_hijacked/
Oh, NetSol... Comcast Let the finger pointing begin.
--
Crist J. Clark
[EMAIL PROTECTED]
Gl
The header was corrected an hour or so after my original message, and
a revised internet-draft (02) was published.
On Thu, 29 May 2008, Jonathan Heinlein wrote:
Link change?
http://www.ietf.org/internet-drafts/draft-iana-rfc3330bis-02.txt
On Wed, May 28, 2008 at 3:12 PM, Sean Donelan <[EMA
On 27 May 2008, at 22:18, Sean Donelan wrote:
The official spokespeople don't mention it, but there is also a
tendency for local officials to divert fuel delivery trucks for
their use instead
of maintaining communication facilities.
Some years ago we managed to get the UK government e
On 27 May 2008, at 16:33, Robert Bonomi wrote:
From [EMAIL PROTECTED] Mon May 26 21:16:58 2008
Date: Tue, 27 May 2008 07:46:26 +0530
From: "Suresh Ramasubramanian" <[EMAIL PROTECTED]>
To: "Colin Alston" <[EMAIL PROTECTED]>
Subject: Re: amazonaws.com?
Cc: [EMAIL PROTECTED]
On Tue, May 27, 2008
[EMAIL PROTECTED] (Ian Mason) writes:
> On 27 May 2008, at 16:33, Robert Bonomi wrote:
>
> > Amazon _might_ 'get a clue' if enough providers walled off the EC2
> > space, and they found difficulty selling cycles to people who couldn't
> > access the machines to set up their compute applications.
Hi,
Another case of getting much better help via NANOG than through a NOC.
Turns out there was an issue, and it subsequently was fixed in a
relatively small timeframe. Atleast a /20 of RR was not visible inside of L3,
I'm not sure if it was more.
Thanks again to those pe
On Thu, May 29, 2008 at 10:03 PM, Barry Shein <[EMAIL PROTECTED]> wrote:
> The most common fee is a $50 per incident charge for spam complaints
> after a stern warning or two which depends on frequency, a few per day
> is very different than one or two per month, and what to do with those
> phony A
41 matches
Mail list logo
