On Jan 12, 2011, at 9:21 AM, George Bonser wrote:
>>
>> I'd eat a hat if a vendor didn't implement a PAT equivalent. It's
>> demanded too much. There is money for it, so it will be there.
>>
>>
>> Jack
>
> Yeah, I think you are right. But in really thinking about it, I wonder
> why. The whol
On Aug 11, 2011, at 6:43 AM, Babak Pasdar wrote:
> Hello NANOG Group,
>
> I am curious if anyone has any experiences positive or negative with Juniper
> MX-80s. Our recent experience with Juniper has not been great both in terms
> of new product offerings (SRX) and software bugs in the recent
On Apr 7, 2012, at 4:41 PM, TR Shaw wrote:
>
> As for SORBS, most competent mail admins dropped its use a long time ago. I
> thought when Proofpoint took it over things would change (I actually thought
> they would dump the SORBS name because of bad karma) but it hasn't happened.
Out of curio
On Nov 6, 2012, at 4:33 AM, Seth Mos wrote:
> Hi,
>
> Since about a week or so it's become impossible to reach wp.com content over
> IPv6.
>
> IPv4 content does work fine, using the IPv6 literal returns a 404 which is
> small enough to fit in a smaller 1480 byte MTU.
>
> I have another test s
Check your inboxes :)
--
bk
esembles extortion).
There are some quality "free" services, such as Spamhaus (speaking
personally), but they're few and far between.
I've had better luck convincing customers (or customers of customers)
to stop using the poorly-maintained legacy DNSBLs than I've had
g
On Oct 9, 2008, at 6:37 AM, Michienne Dixon wrote:
I too think C-R spam 'prevention' is the lazy-mans approach at
filtering
spam. People can easily create their own whitelists based on their
maillogs or mailhistory.
Unfortunately, I feel the majority of the solutions offered cater
to the
On Nov 11, 2008, at 7:52 PM, mike wrote:
Since 11/5, my spam load has dropped from about 400,000 attempts
per day to less than 40,000 ! And most of this I had noted was
comming from what looked like compromised web hosts - eg: same host/
domain name representing 10 or 20 addresses in any
On Dec 5, 2008, at 12:51 PM, Skywing wrote:
McColo hosted the command and control servers for spam botnets and
didn't originate spam directly, at least primarily, according to my
understanding.
- S
That is correct. Srizbi and Rustok, primarily.
--
bk
On Jan 2, 2009, at 3:29 PM, Joe Greco wrote:
* Joe Greco:
It seems that part of the proposed solution is to get people to
move from
MD5-signed to SHA1-signed. There will be a certain amount of
resistance.
What I was suggesting was the use of the revocation mechanism as
part of
the "stick
On Jan 4, 2009, at 12:05 PM, Joe Greco wrote:
The opinions on whether or not it is necessary to replace certs
seems to
vary depending on whose opinion you're listening to, but a
relatively safe
rule of thumb for this sort of security issue is to take the path
that is
most likely to avoid r
On Jan 23, 2009, at 12:20 PM, Luke Sheldrick wrote:
Looks to me like the target has moved, anyone else seeing similar?
Jan 23 20:19:08 LND02 named[9611]: client 63.217.28.226#39489: view
external: query (cache) './NS/IN' denied
Jan 23 20:19:09 LND02 named[9611]: client 63.217.28.226#20558: vie
On Jan 23, 2009, at 12:20 PM, Luke Sheldrick wrote:
Looks to me like the target has moved, anyone else seeing similar?
It's switched again. The new target is 206.71.158.30 .
Over night it cycled through several different IPs (testing the
waters?), and finally started on this one around 1
Caveat: my PERL is _terrible_.
http://www.smtps.net/pub/dns-amp-watch.pl
This assumes you're using BIND. My logs roll on the hour, so I run it
from cron at 1 minute before the hour. Depending on how long it takes
to process your logs, you might need to tweak.
--
bk
CA cert: http://www.
On Jan 24, 2009, at 7:00 PM, Frank Bulk wrote:
-Original Message-
From: Brian Keefer [mailto:ch...@smtps.net]
Caveat: my PERL is _terrible_.
http://www.smtps.net/pub/dns-amp-watch.pl
I would not recommend sucking in your dns log into array, rather,
read line
by line and iterate
There's another new IP: 67.192.144.0 .
Initially (around 2AM Pacific) the query rate was 1 per second, but is
now down significantly.
--
bk
and just now it changed to 64.57.246.146. Interestingly, the IP
changed within minutes of me posting to NANOG.
--
bk
On Jan 27, 2009, at 6:34 AM, Brian Keefer wrote:
There's another new IP: 67.192.144.0 .
Initially (around 2AM Pacific) the query rate was 1 per second, but
is now
On Feb 19, 2009, at 12:30 PM, Bill Nash wrote:
Having carped, I'm obligated to offer a solution:
The technical discussion is certainly interesting to a small subset
of NANOG participants, I'm sure (I do find it interesting, I
promise), but I'm thinking this conversation is better elsewhere,
On Feb 24, 2009, at 6:27 PM, Micheal Patterson wrote:
This may be old news, but I've not been in the list for quite some
time. At any rate, is anyone else having issues with Yahoo
blocking / deferring legitimate emails?
My situation is that I host our corporate mx'ers on my network, one
On Feb 25, 2009, at 1:08 PM, Zaid Ali wrote:
There is also the issue of weather the user trusts the opt out link,
I have been in discussions where data shows that most users don't
generally trust it.
Zaid
Nor should they. Anyone who actually researches this stuff knows that
the vast m
On Feb 26, 2009, at 6:59 AM, John Levine wrote:
Nor should they. Anyone who actually researches this stuff knows
that
the vast majority of "unsub" links simply confirm you as a live
target
who will click on random links sent to them through e-mail.
That's the conventional wisdom, not con
On Feb 26, 2009, at 8:28 AM, John R. Levine wrote:
This also pre-dates organized crime becoming heavily involved, and
pre-dates the obsession with browser exploits. Back then a lot of
spam was sent by semi-legitimate marketers from the US. These days
all the bad guys are out to get you to
On Feb 26, 2009, at 5:08 PM, J.D. Falk wrote:
Blocking an entire site just because one John Doe user clicked a
button
they don't even understand just does not make sense.
You're right -- but Yahoo! has a sufficiently large userbase that
they can count multiple complaints before blocking an
ports{$port} = 1;
+if ($data =~ /^[1-9]/) {
+chomp($data);
+my ($ip, $port, $txid) = split "-", $data;
+print " $ip:$port TXID=$txid\n";
+ $ports{$port} = 1;
+}
}
Thanks to Michael for the tool, though!
Brian Keefer
Sr. Systems Engineer
www.Proofpoint.com
"Defend email. Protect data."
On Jan 6, 2010, at 6:51 AM, Brian Johnson wrote:
> Like Roland, I've been doing
> this for over a decade as well, and I have seen some pretty strange
> things, even a statefull firewall in front of servers with IPS actually
> work.
>
What do you mean by "work"? If you mean "all three pieces
On Jan 6, 2010, at 11:29 AM, Brian Johnson wrote:
> If your point is given unlimited inbound bandwidth that a stateful
> firewall will fail (not work correctly), I can say that about any piece
> of equipment. And even if it does fail, does it matter if your
> connection is full of useless traf
I haven't tested the code myself, but no reason to think it doesn't work.
Consider this your "exploits are in the wild" notice.
--
bk
On Jan 10, 2010, at 5:40 PM, George Bonser wrote:
> And I don't believe anyone is necessarily advocating exposing individual
> servers directly to the internet either.
Actually, some of us are.
> There are other devices that
> can handle isolation of the servers and protect them against such th
On Jan 11, 2010, at 8:18 AM, Patrick W. Gilmore wrote:
> people using SORBS stop using SORBS.
>
> --
> TTFN,
> patrick
Usually that's the easiest path. All it takes is asking the site using SORBS
to do a few Google searches.
There are much better options out there than SORBS. Why anyone t
On Jan 12, 2010, at 10:31 AM, Jed Smith wrote:
>
> Given the first few replies I received, allow me to clarify, now that I've
> ... apparently angered the anti-spam crowd:
>
I wouldn't say that necessarily accurate. I could be considered part of the
"anti-spam crowd", seeing as that's my line
On Jan 12, 2010, at 10:48 AM, Dave Martin wrote:
> On Tue, Jan 12, 2010 at 11:51:47AM -0500, Jed Smith wrote:
>> On Jan 11, 2010, at 11:11 AM, Jon Lewis wrote:
>> The vibe I got from a number of administrators I talked to about it was "why
>> would a standards document assume an IPv4/IPv6 unicast
On Jan 12, 2010, at 1:09 PM, Rich Kulawiec wrote:
> On Tue, Jan 12, 2010 at 10:48:31AM -0800, Brian Keefer wrote:
>> I wouldn't say that necessarily accurate. I could be considered
>> part of the "anti-spam crowd", seeing as that's my line of work.
>
&g
>>> Andrew
>>>
>>> Security consultant
>>
>> CITATION NEEDED
>>
>
>
> You can goto Full-disclosure mailing list
> http://www.grok.org.uk/full-disclosure/ ...
> Andrew
>
> Security consultant
For "clarity and transparency" you were banned from that list for trolling
under the persona "n3td
On Mar 5, 2010, at 1:33 PM, Zachary Frederick wrote:
> We have been having a problem emailing to a customer whose server is hosted
> by The Planet (http://www.theplanet.com/). Our mail server is hosted in-house
> on a comcast business connection.
>
> IP address of our server is: 173.13.45.23
>
On Mar 24, 2011, at 7:09 AM, Harald Koch wrote:
> On 3/23/2011 11:05 PM, Martin Millnert wrote:
>> To my surprise, I did not see a mention in this community of the
>> latest proof of the complete failure of the SSL CA model to actually
>> do what it is supposed to: provide security, rather than a
35 matches
Mail list logo
