Re: Intellectual Property in Network Design

On 12 Feb 2015, at 3:12, Skeeve Stevens wrote: Hi all, I have two perspectives I am trying to address with regard to network design and intellectual property. 1) The business who does the design - what are their rights? 2) The customer who asked for the rights from a consultant My personal t

Fw: new message

Hey! New message, please read <http://inovateusbusinesscenter.com/head.php?fhf02> Steven M. Bellovin

Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS

On 18 Dec 2015, at 7:28, Dave Taht wrote: > I think "unauthorized code" is still plausible newspeak for "bug". > > Why blame finger foo when you can blame terrorists? It looks like two different holes, one a back door for unauthorized console login and one to somehow leak VPN encryption keys.

Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS

On 18 Dec 2015, at 11:52, Steven M. Bellovin wrote: > On 18 Dec 2015, at 7:28, Dave Taht wrote: > >> I think "unauthorized code" is still plausible newspeak for "bug". >> >> Why blame finger foo when you can blame terrorists? > > It l

Re: [CVE-2015-7755] Backdoor in Juniper/ScreenOS

Yes. He's backing off a bit on the claim, since he doesn't have full context. --Steve Bellovin, https://www.cs.columbia.edu/~smb Sent from from a handheld; please excuse tyops > On Dec 18, 2015, at 12:27 PM, Royce Williams wrote: > >> On Fri, Dec 18, 2015 at 8:03

Re: NANOG 40 agenda posted

On Sat, 26 May 2007 00:39:19 -0400 Randy Bush <[EMAIL PROTECTED]> wrote: > > you have something new and interesting about ipv6? if so, did you > submit? > Given the ARIN statement, I think it's time for more discussion of v6 migration, transition, and operations issues. No, I'm not volunteeri

Re: An IPv6 address for new cars in 3 years?

On Fri, 29 Jun 2007 04:31:51 + (GMT) "Chris L. Morrow" <[EMAIL PROTECTED]> wrote: > > > > On Fri, 29 Jun 2007, Paul Ferguson wrote: > > > > > -BEGIN PGP SIGNED MESSAGE- > > Hash: SHA1 > > > > - -- "Suresh Ramasubramanian" <[EMAIL PROTECTED]> wrote: > > > > >On 6/29/07, Rich Emming

Belgian court rules that ISPs must block file-sharing

http://www.pcworld.com/article/id,134159-c,internetlegalissues/article.html Note that this is based on their interpretation of EU law. --Steve Bellovin, http://www.cs.columbia.edu/~smb

Re: Yahoo outage summary

On Sun, 8 Jul 2007 15:29:10 -0400 "Marcus H. Sachs" <[EMAIL PROTECTED]> wrote: > > I put up a diary at the Storm Center > (http://isc.sans.org/diary.html?storyid=3112) that summarizes what we > know about the Yahoo outage on Friday. If anybody has any additional > info they want to share or com

Re: Yahoo outage summary

On Sun, 8 Jul 2007 19:51:04 -0400 (EDT) Sean Donelan <[EMAIL PROTECTED]> wrote: > On Sun, 8 Jul 2007, Steven M. Bellovin wrote: > >> I put up a diary at the Storm Center > >> (http://isc.sans.org/diary.html?storyid=3112) that summarizes what > >> we know a

Re: .ORG is signed

On Tue, 2 Jun 2009 16:44:47 -0400 Dave Knight wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Colleagues, > > On behalf of PIR Technical Support I would like to announce that as > of today, 2009-06-02, at 16:00 UTC .ORG is DNSSEC signed. > Wonderful! --Steve Bel

Re: Verio taking twitter down during Iran Election Riots?

On Tue, 16 Jun 2009 09:48:07 -0500 Jack Bates wrote: > Erik Fichtner wrote: > > > > And yet, all upgrades can be postponed with the right... motivation. > > > > > Hmmm, you do know that motivation may have strictly been, "Your > maintenance corresponds with a major event, can you put it off

Re: tor

On Wed, 24 Jun 2009 17:48:58 -0400 Andrew D Kirch wrote: > Richard A Steenbergen wrote: > > On Wed, Jun 24, 2009 at 12:43:15PM -0700, Randy Bush wrote: > > > >> sadly, naively turning up tor to help folk who wish to be > >> anonymous in hard times gets one a lot of assertive email from > >> se

Re: tor

On Wed, 24 Jun 2009 19:27:25 -0400 "Joe Blanchard" wrote: > Yes, allow records and perhaps a phone tap, but not held liable for > the means to a crime as suggested in earlier > emails. > > Again, lets get back to suitable content. We could certainly go on an > on about the legal items > but of

Tor abuse FAQs

A friend sent me these links: https://www.torproject.org/faq.html.en#ExitPolicies https://www.torproject.org/faq-abuse.html.en https://www.torproject.org/eff/tor-legal-faq.html.en https://www.torproject.org/torusers.html.en Btw -- several folks have raised the issu

Re: ARIN and DNSSEC

On Fri, 03 Jul 2009 12:21:36 +0900 Randy Bush wrote: > > On Thu, Jul 2, 2009 at 11:06 AM, Mark Kosters wrote: > >> ARIN is now signing the /8 zones that it is authoritative for (eg > >> 192.in-addr.arpa, etc). > > Thanks! > > indeed! > Wonderful! --Steve Bellovin, http://www.c

Re: DNS hardening, was Re: Dan Kaminsky

On Wed, 5 Aug 2009 15:07:30 -0400 (EDT) "John R. Levine" wrote: > >> 5 is 'edns ping', but it was effectively blocked because people > >> thought DNSSEC would be easier to do, or demanded that EDNS PING > >> (http://edns-ping.org) would offer everything that DNSSEC offered. > > > > I'm surpri

Re: DNS hardening, was Re: Dan Kaminsky

On Thu, 06 Aug 2009 06:51:24 + Paul Vixie wrote: > Christopher Morrow writes: > > > how does SCTP ensure against spoofed or reflected attacks? > > there is no server side protocol control block required in SCTP. > someone sends you a "create association" request, you send back a > "ok, her

Re: sat-3 cut?

On that note, folks might want to see http://www.nytimes.com/2009/08/10/business/global/10cable.html

Re: Ready to get your federal computer license?

On Sun, 30 Aug 2009 19:46:19 -0400 (EDT) Sean Donelan wrote: > On Sun, 30 Aug 2009, Jeff Young wrote: > > The more troubling parts of this bill had to do with the President, > > at his discretion, classifying parts of public networks as "critical > > infrastructure" and so on. > > Whatever your

Re: Ready to get your federal computer license?

On Sun, 30 Aug 2009 22:20:55 -0400 Eric Brunner-Williams wrote: > randy, > > moveon is a maine-based org. it is an effective, fund raising, > partisan organization. it is much more than a click-and-opine > vehicle, it puts hundreds of thousands of dollars into competitive > races, and has a comp

Re: Ready to get your federal computer license?

On Mon, 31 Aug 2009 12:15:10 -0500 Reese wrote: > valdis.kletni...@vt.edu wrote: > > On Sun, 30 Aug 2009 10:59:34 +1000, Jeff Young said: > >> Having met more than a few people in government IT, all jokes > >> aside, I think they're pretty well equipped to know when and if > >> they need to disco

Re: SA pigeon 'faster than broadband'

On Fri, 11 Sep 2009 09:36:34 -0400 Jeff Kell wrote: > William Allen Simpson wrote: > > > > http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/2/hi/africa/8248056.stm?ad=1 > > > > > > Update needed for RFC 1149 (1 April 1990), > > A Standard for the Transmission of IP Datagrams on Avi

Re: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)

On Tue, 7 Oct 2008 14:07:04 -0400 (EDT) Sean Donelan <[EMAIL PROTECTED]> wrote: > On Tue, 7 Oct 2008, [EMAIL PROTECTED] wrote: > > On Tue, 07 Oct 2008 11:30:11 CDT, "J. Oquendo" said: > >> What about exceeding the minimum requirements for a change. > > (I think you'll find that if somebody is actu

Re: Nanog 44 Hockey Event -- Last Call

Just no self-styled hockey moms, please...

Re: NTIA/DOC requesting comments on root DNSSEC deployment

On Thu, 9 Oct 2008 11:48:14 -0700 "Scott Francis" <[EMAIL PROTECTED]> wrote: > http://www.ntia.doc.gov/DNS/DNSSEC.html > > vote early, vote often. And note that you have to use the procedure in the Federal Register notice for you comment to count. --Steve Bellovin, http://www.c

Another driver for v6?

According to http://www.nytimes.com/external/idg/2008/10/28/28idg-10-best-feature.html Windows 7 will have a cool feature called DirectAccess that "requires deploying IPv6 and IPsec". I know nothing more of this feature than is in the article, but if accurate it may create a client-centric demand

Re: Another driver for v6?

On Wed, 29 Oct 2008 16:29:40 -0700 "David W. Hankins" <[EMAIL PROTECTED]> wrote: > On Wed, Oct 29, 2008 at 06:32:31PM -0400, Steven King wrote: > > Does anyone see any benefits to beginning a small deployment of > > IPv6 now even if its just for internal usage? > > It is almost lunacy to deploy I

Re: NTP Md5 or AutoKey?

On Tue, 04 Nov 2008 01:52:05 -0500 [EMAIL PROTECTED] wrote: > On Mon, 03 Nov 2008 22:23:07 PST, Paul Ferguson said: > > > I'm just wondering -- in globak scheme of security issue, is NTP > > security a major issue? > > The biggest problem is that you pretty much have to spoof a server > that the

an over-the-top data center

http://royal.pingdom.com/2008/11/14/the-worlds-most-super-designed-data-center-fit-for-a-james-bond-villain/ (No, I don't know if it's real or not.) --Steve Bellovin, http://www.cs.columbia.edu/~smb

Re: an over-the-top data center

On Mon, 1 Dec 2008 16:03:39 -0500 Lamar Owen <[EMAIL PROTECTED]> wrote: > On Monday 01 December 2008 13:27:30 Danny McPherson wrote: > > On a related noted, some have professed that adapting old > > ships into data centers would provide eco-friendly secure > > data center solutions. > > You mea

Re: Telecom Collapse?

On Thu, 4 Dec 2008 10:13:14 -0600 "Paul Bosworth" <[EMAIL PROTECTED]> wrote: > In my experience with a fiber to the home deployment I feel that the > trend of moving away from the stability of POTS lines for emergency > service is acceptable for most people. Most battery backups allow for > around

Re: Telecom Collapse?

On Thu, 04 Dec 2008 11:18:42 -0800 Michael Thomas <[EMAIL PROTECTED]> wrote: > Joe Abley wrote: > > This is straying far from network operations, but I think 911 > > generally engenders an unnecessary degree of hysteria. As I > > suggested before, the marketing of this fear from certain quarters >

Re: Netblock reassigned from Chile to US ISP...

On Fri, 12 Dec 2008 16:33:51 -0800 "Tomas L. Byrnes" wrote: > Because anyone with half a brain blocks proxies from their e-commerce > site. > What is a proxy? A garden-variety squid server, in the DMZ of a corporate firewall? The nasty box in some hotels that "helps" guests surf the net? A so

Re: IPv6: IS-IS or OSPFv3

On Fri, 26 Dec 2008 20:37:41 -0800 "Kevin Oberman" wrote: > The main reason I prefer ISIS is that it uses CLNS packets for > communications and we don't route CLNS. (I don't think ANYONE is > routing CLNS today.) That makes it pretty secure. Unless, of course, someone one hop away -- a peer? a

Re: What to do when your ISP off-shores tech support

On Fri, 26 Dec 2008 19:10:13 -0600 (CST) Joe Greco wrote: > I did ask, and all the local people are, in fact, local. It's a > matter of training and technical knowledge. None of them was really > putting together the fact that the modem was sketchy for the service > class we had. Yup -- I've h

Re: Leap second tonight

On Wed, 31 Dec 2008 16:53:57 -0800 Wil Schultz wrote: > At which point my Solaris 10 v490's reboot in unison, lovely. > Solaris? Or ZuneOS? (See http://www.nytimes.com/2009/01/01/technology/personaltech/01zune.html) --Steve Bellovin, http://www.cs.columbia.edu/~smb

Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

On Fri, 2 Jan 2009 17:53:55 +0100 "Terje Bless" wrote: > On Fri, Jan 2, 2009 at 5:44 PM, wrote: > > Hmm... so basically all deployed FireFox and IE either don't even > > try to do a CRL, or they ask the dodgy certificate "Who can I ask > > if you're dodgy?" > > Hmm. Don't the shipped-with-the-

Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

On Fri, 2 Jan 2009 15:49:24 -0500 Deepak Jain wrote: > > Of course, this will just make the browsers pop up dialog boxes > > which everyone will click OK on... > > > > And brings us to an even more interesting question, since everything > is trusting their in-browser root CAs and such. How trus

Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

On Fri, 2 Jan 2009 16:13:45 -0500 Deepak Jain wrote: > > If done properly, that's actually an easier task: you build the > > update key into the browser. When it pulls in an update, it > > verifies that it was signed with the proper key. > > > > If you build it into the browser, how do you rev

Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.

On Fri, 2 Jan 2009 16:51:53 -0600 Skywing wrote: > Of course, md5 *used* to be good crypto. > See http://www.cs.columbia.edu/~smb/blog/2008-12/2008-12-30.html for the links, but MD5 has been suspect for a very long time. Dobbertin found problems with it in 1996. The need for caution with it wa

Re: Security team successfully cracks SSL using 200 PS3's and MD5

On Sat, 03 Jan 2009 09:35:06 -0500 William Warren wrote: > Everyone seems to be stampeding to SHA-1..yet it was broken in 2005. > So we trade MD5 for SHA-1? This makes no sense. > (a) SHA-1 was not broken as badly. The best attack is, as I recall, 2^63, which is computationally infeasible with

Re: Security team successfully cracks SSL using 200 PS3's and MD5

On Sat, 3 Jan 2009 12:31:53 -0500 "Christopher Morrow" wrote: > On Sat, Jan 3, 2009 at 10:49 AM, Steven M. Bellovin > wrote: > > On Sat, 03 Jan 2009 09:35:06 -0500 > > William Warren wrote: > > > >> Everyone seems to be stampeding to SHA-1..yet it w

generic attack on Cisco routers

http://www.theregister.co.uk/2009/01/05/cisco_router_hijacking/ --Steve Bellovin, http://www.cs.columbia.edu/~smb

Re: BGPSEC & soBGP

On Sat, 17 Jan 2009 00:14:17 + Naveen Nathan wrote: > I came across this article on /.: > http://www.networkworld.com/news/2009/011509-bgp.html?page=1 > > I'm not too familiar with security of routing protocols, but it became > immediately evident as I read this article that much of the work

WSJ on things to do in Santo Domingo

http://online.wsj.com/article/SB123240330058595471.html -- no idea if you have to be a subscriber or not. --Steve Bellovin, http://www.cs.columbia.edu/~smb

Re: 97.128.0.0/9 allocation to verizon wireless

On Sun, 08 Feb 2009 22:45:51 +0100 Eliot Lear wrote: > On 2/8/09 5:32 PM, Leo Bicknell wrote: > > Lastly, you've assumed that only a "smart phone" (not that the term > > is well defined) needs an IP address. I believe this is wrong. > > There are plenty of simpler phones (e.g. not a PDA, touch s

Re: Global Blackhole Service

On Fri, 13 Feb 2009 16:41:41 + (WET) Nuno Vieira - nfsi telecom wrote: > Ok, however, what i am talking about is a competelly diferent thing, > and i think that my thoughts are alligned with Jens. > > We want to have a Sink-BGP-BL, based on Destination. > > Imagine, i as an ISP, host a part

Re: Happy 1234567890 everyone!

On Fri, 13 Feb 2009 21:08:12 -0600 Chris Adams wrote: > Once upon a time, Joe Greco said: > > FreeBSD used a 64-bit time_t for the AMD64 port pretty much right > > away. On the flip side, it used a 32-bit time_t for the Alpha > > port. I guess someone predicted "it wouldn't be a problem." > >

Re: IPv6 Confusion

On Wed, 18 Feb 2009 17:40:02 -0500 Leo Bicknell wrote: > And let me ask you this question, why do the operators have to go to > the IETF? Many of us have, and tried. I can't think of a single > working group chair/co-chair that's ever presented at NANOG and asked > for feedback. If the IETF wa

Re: IPv6 Confusion

On Thu, 19 Feb 2009 10:19:19 -0500 Leo Bicknell wrote: > In a message written on Thu, Feb 19, 2009 at 10:01:59AM -0500, Jared > Mauch wrote: > > > > Would it be insane to have an IETF back-to-back with a NANOG? > > > > Probably, but it would be a good idea. :) > > I have no idea how the IETF

Re: comcast price check

On Sat, 21 Feb 2009 11:52:23 -0500 Steven King wrote: > I can't even get reliable home cable internet service from them. No > way I would ever consider using them for transit. I would only > consider a stub peer with them to help out the poor Comcast customers > who are also trying to get to my d

Re: Legislation and its effects in our world

On Wed, 25 Feb 2009 09:06:13 -0800 Fred Baker wrote: > Data retention is discussed in section 5: > > > SEC. 5. RETENTION OF RECORDS BY ELECTRONIC COMMUNICATION SERVICE > > PROVIDERS. > > Section 2703 of title 18, United States Code, is amended by adding > > at the end the following: > > ‘(h

Re: DPI or Flow Management

On Mon, 02 Mar 2009 08:39:24 +0900 Randy Bush wrote: > > The emphasis, is the need to open the envelope to decide how to > > route them... > > and more of my margin goes to the folk who make envelope openers. and > this is a good thing? and it helps get the packets to the customer > how? > >

Re: Dynamic IP log retention = 0?

On Wed, 11 Mar 2009 10:28:33 -0400 Joe Abley wrote: > > On 11-Mar-2009, at 10:03, Jon Lewis wrote: > > > but what's the point in getting lawyers involved? > > It might convince some pointy-haired person at covad to review the > policies and procedures on the abuse desk, maybe. > > > Whateve

Re: Dynamic IP log retention = 0?

On Wed, 11 Mar 2009 12:42:40 -0300 Rubens Kuhl wrote: > Covad telling you they don't keep logs is different from them not > really having the logs... but, if they really don't keep logs, they > are posing a risk that FBI or DHS might not be happy with. The feds > will probably be more persuasive

Re: Google Over IPV6

On Sat, 28 Mar 2009 00:20:26 +1100 Shaun Ewing wrote: > > On 27/03/09 11:59 PM, "Daniel Verlouw" wrote: > > > yes. We participate in the Google IPv6 trial program so our > > recursors get records for www.google.com and so far it's been > > great, no issues whatsoever. > > Same. > > We'v

Re: Google Over IPV6

On Fri, 27 Mar 2009 14:46:50 +0100 Daniel Verlouw wrote: > On Fri, 2009-03-27 at 09:34 -0400, Steven M. Bellovin wrote: > > It's working for me, too, though I noticed that tcptraceroute (at > > least the version I have) doesn't do well with ipv6.google.com. > > se

Re: Google Over IPV6

On Fri, 27 Mar 2009 18:27:59 +0100 Peter Dambier wrote: > > > Karl Auer wrote: > > On Fri, 2009-03-27 at 13:35 +0100, Peter Dambier wrote: > >> I can use it but sometimes got trouble with teredo. > >> Retry half an hour later works :) > >> > >> ipv6.google.com looks better to me than the IPv4 v

Re: Oddly, this has been a complaint

On Sun, 29 Mar 2009 23:43:47 -0400 "Joe Blanchard" wrote: > > > Not that I care one way or another, but since I've gotten 20+ > complaints. > > going to www.whitehouse.org yields something else. I know I know, > perhaps old news. > > Should I just redirect or is our DNS corrupt? > Should yo

Re: The Confiker Virus.

Also see http://arstechnica.com/security/news/2009/03/new-method-for-detecting-conficker-discovered-debuted.ars

Re: Can anyone shed some light as to what is happening with Register.com?

On Wed, 1 Apr 2009 17:10:24 -0500 Erich Kolb wrote: > Looks like they are having some serious issues. It doesn't appear > that any of their domains are resolving. Hosted or otherwise. > Hmm -- UltraDNS was attacked; I wonder if there's a connection. http://blogs.zdnet.com/BTL/?p=15601

Re: Register.com DNS hosting issues

On Fri, 3 Apr 2009 17:38:43 -0500 Jorge Amodio wrote: > > someone should write an rfc on that > > why not read the one you wrote, it's just 12 years old > "We don't read. Very few system developers are familiar with work done outside of their own project." --Pet

Re: ACLs vs. full firewalls

On Wed, 08 Apr 2009 09:20:34 +1000 Karl Auer wrote: > On Wed, 2009-04-08 at 10:46 +1200, Nathan Ward wrote: > > > I'd be interested to hear why people use firewalls. > > > End hosts are not always trustworthy. > > > > If a host is compromised, should it be able to send anything and > > everyt

Re: Verizon EVDO Issues

On Thu, 09 Apr 2009 07:15:44 -0400 "Robert E. Seastrom" wrote: > > Seth Mattinen writes: > > > I have a few Sprint EVDO cards. They go into standby when nothing is > > actively going on and fire up within seconds when there is > > something to do. I regularly use everything from SSH to streami

Re: Verizon EVDO Issues

On Thu, 09 Apr 2009 11:12:57 -0400 "Robert E. Seastrom" wrote: > > I use a Verizon Wireless u727; before that, I used a PCMCIA card. > > I've never had problems with drops on idle. *However* -- if there > > was a packet from the wrong IP address, the older card would drop > > the connection -- a

attacks on MPLS?

http://www.darkreading.com/securityservices/services/data/showArticle.jhtml?articleID=216403220 --Steve Bellovin, http://www.cs.columbia.edu/~smb

Re: On a lighter note..

On Thu, 9 Apr 2009 20:07:05 -0500 jamie rishaw wrote: > It's amusing to see the media's (misdirected) focus on the event. > > Expected : MULTIPLE COORDINATED FIBER CUTS TAKE OUT 911, PHONE, CELL, > INTERNET TO TENS OF THOUSANDS > Google News: AT&T uses Twitter ... > (link)

Re: SIP - perhaps botnet? anyone else seeing this?

On Fri, 10 Apr 2009 10:20:35 + (GMT) "Leland E. Vandervort" wrote: > > > > On Fri, 10 Apr 2009, Roland Dobbins wrote: > > > > > IANAL, but I suggest you check again with your legal department - I > > doubt this is actually the case (your jurisdiction may vary, but in > > most Western nati

Re: Fiber cut in SF area

On Mon, 13 Apr 2009 09:18:04 -0500 Stephen Sprunk wrote: > Mike Lewinski wrote: > > Joe Greco wrote: > >> Which brings me to a new point: if we accept that "security by > >> obscurity is not security," then, what (practical thing) IS > >> security? > > > > Obscurity as a principle works just fi

Re: IXP

On Sat, 18 Apr 2009 16:58:24 + bmann...@vacation.karoshi.com wrote: > i make the claim that simple, clean design and execution is > best. even the security goofs will agree. > "Even"? *Especially* -- or they're not competent at doing security. But I hadn't even thought about DELNIs

Re: IXP

On Sat, 18 Apr 2009 21:12:24 + Paul Vixie wrote: > > Date: Sat, 18 Apr 2009 13:17:11 -0400 > > From: "Steven M. Bellovin" > > > > On Sat, 18 Apr 2009 16:58:24 + > > bmann...@vacation.karoshi.com wrote: > > > > > i make the clai

Re: [ppml] too many variables

On Fri, 10 Aug 2007 18:42:23 + Paul Vixie <[EMAIL PROTECTED]> wrote: > > > > ... is that system level (combinatorial) effects would limit > > > Internet routing long before moore's law could do so. > > > > It is an easy derivative/proxy for the system level effect is all. > > Bandwidth for

Lockheed Martin begins to deploy IPv6

http://fe22.news.re3.yahoo.com/s/infoworld/20070830/tc_infoworld/91459 --Steve Bellovin, http://www.cs.columbia.edu/~smb

Fw: WG Action: Conclusion of IP Version 6 (ipv6)

The subject line is amazing... Begin forwarded message: Date: Tue, 25 Sep 2007 14:30:02 -0400 From: IESG Secretary <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Cc: Robert Hinden <[EMAIL PROTECTED]>,Brian Haberman <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Subject: WG Action: Conclusion of IP V

Re: WG Action: Conclusion of IP Version 6 (ipv6)

On Thu, 27 Sep 2007 13:59:53 -1000 Randy Bush <[EMAIL PROTECTED]> wrote: > > The REAL problems are not going anywhere for a long time, if ever. > > indeed, many will be with us for a long time. but there are a bunch > we could knock off in a few years > o dual stack backbones (and it's as muc

Comcast blocking p2p uploads

http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination.html http://www.nytimes.com/aponline/technology/AP-Comcast-Data-Discrimination-Tests.html Not a lot more I can say, other than argghhh! --Steve Bellovin, http://www.cs.columbia.edu/~smb

Comcast problems?

Anyone know what's going on with Comcast? From my house, I can reach a few sites with TCP (fortunately, that includes my office, so I could set up a web and email proxy). If I use traceroute, I can get more or less anywhere. If I use a UDP-based traceroute, I can get responses back from the firs

Re: [NANOG] Comcast latency

On Tue, 29 Apr 2008 23:43:46 -0500 mack <[EMAIL PROTECTED]> wrote: > Has anyone else noticed a significant increase in latency within > Comcast's network? > On one quick test, it looks normal to me from my house. --Steve Bellovin, http://www.cs.columbia.edu/~smb ___

Re: [NANOG] OSPF minutia, and, technote publication venues

On 05 May 2008 16:07:03 + Paul Vixie <[EMAIL PROTECTED]> wrote: > > > But yes, Joe's ISC TechNote is an excellent document, and was a big > > help in figuring out how to set this up a few years ago. > > and now for something completely different -- where in the interpipes > could a document

Re: [NANOG] OSPF minutia, and, technote publication venues

On Tue, 6 May 2008 01:19:36 +0700 Roland Dobbins <[EMAIL PROTECTED]> wrote: > > On May 6, 2008, at 12:59 AM, Steven M. Bellovin wrote: > > > If not, what should the criteria be for an "official" note of the > > paper? > > > Perhaps it's

Re: [NANOG] OSPF minutia, and, technote publication venues

On Tue, 6 May 2008 13:24:35 +1200 Nathan Ward <[EMAIL PROTECTED]> wrote: > On 6/05/2008, at 1:19 PM, Steven M. Bellovin wrote: > > > "Steve"? I assume you meant "Paul" > > No, Steve Gibbard referred to not having control of routers, Paul > r

Re: [NANOG] Charter Communications going to sniff traffic foradvertising?

On Thu, 15 May 2008 09:46:05 -0400 Jared Mauch <[EMAIL PROTECTED]> wrote: > > On May 15, 2008, at 9:34 AM, Owen DeLong wrote: > > > I've found that using SSL for all my SMTP and IMAP transactions > > and not entering personally identifying information into non-SSL > > web pages greatly reduces t

Re: [NANOG] Charter Communications going to sniff traffic foradvertising?

On Thu, 15 May 2008 13:30:52 -0400 "Christopher Morrow" <[EMAIL PROTECTED]> wrote: > > Oh, how do you know you can trust the VPN folks anymore than the > cable-modem folks though? eventually the same cost issues are going to > arise for the VPN folks as did for cable-modem/dsl folks (downward > p

Re: IOS Rookit: the sky isn't falling (yet)

On Wed, 28 May 2008 10:37:05 +0100 <[EMAIL PROTECTED]> wrote: > > So let's see - if you had a billion CPUs in your botnet, and > > each one could go at a billion to the second, you still need > > 2**69 seconds or 449,235,776,528,695 years. Not bad - only > > 10,000 times the amount of time thi

Re: IOS Rookit: the sky isn't falling (yet)

On Thu, 29 May 2008 09:18:07 -0400 "Fred Reimer" <[EMAIL PROTECTED]> wrote: > So the only easy way to attack this is the MD5 hash. We have a know > plaintext (the IOS code) and the hash. It is not trivial to be able > to make changes in the code and maintain the same hash value, but > there has

Re: Types of packet modifications allowed for networks

On Sat, 31 May 2008 17:59:40 -0400 Jean-François Mezei <[EMAIL PROTECTED]> wrote: > I would like any pointers to good documents that outline what sort of > packet modifications are allowed (in terms of Internet > culture/policies) by networks. > > Notably: > > For a transit network (neither send

Re: comcast

On Thu, 12 Jun 2008 22:01:03 -0400 <[EMAIL PROTECTED]> wrote: > > On Fri, 13 Jun 2008, Randy Bush wrote: > > > > >> Does anybody heard if comcast is having problems today? > > > > > > lucy was having problems in eugene orygun. she diagnosed > > and then gave > > > up and went to dinner. > > > >

Re: Cable Colors

On Mon, 16 Jun 2008 17:09:42 -0700 Peter Wohlers <[EMAIL PROTECTED]> wrote: > About 7% of the male population in the US has red-green > colorblindness, so keep that in mind. At least in my son's case, bright colors -- like the typical red and green cables -- are easily distinguishable. Pastels

Re: Cable Colors

On Mon, 16 Jun 2008 20:32:15 -0500 (CDT) Gadi Evron <[EMAIL PROTECTED]> wrote: > In one organization red was for the sensitive private network, and in > another red meant "danger Will Robinson", public unsafe network. In > yet another red was for grounded power. > Right. The universal conventio

Re: P2P agents for software distribution - saving the WAN from meltdown?!?

On Tue, 17 Jun 2008 11:19:19 -0700 Joel Jaeggli <[EMAIL PROTECTED]> wrote: > that said the p2p client does rule out needing to select a mirror > that has free slots during a flash crowd. As Mozilla is learning today: http://www.techspot.com/news/30486-mozilla-sites-die-shortly-after-download-day-

Re: ICANN opens up Pandora's Box of new TLDs

On Tue, 01 Jul 2008 00:02:33 -0400 Jean-François Mezei <[EMAIL PROTECTED]> wrote: > > To get a button to easily enable and disable javascript: > > http://prefbar.mozdev.org/ > While I do use prefbar, for dealing with Javascript I much prefer NoScript, since that gives me per-site control.

Re: Multiple DNS implementations vulnerable to cache poisoning

On Tue, 8 Jul 2008 13:48:57 -0700 "Buhrmaster, Gary" <[EMAIL PROTECTED]> wrote: > > Multiple DNS implementations vulnerable to cache poisoning: > > http://www.kb.cert.org/vuls/id/800113 > > (A widely coordinated vendor announcement. As always, > check with your vendor(s) for patch status.) >

Re: Multiple DNS implementations vulnerable to cache poisoning

On Wed, 9 Jul 2008 12:05:38 -0400 "Christopher Morrow" <[EMAIL PROTECTED]> wrote: > On Wed, Jul 9, 2008 at 11:41 AM, Steven M. Bellovin > <[EMAIL PROTECTED]> wrote: > > > The ISC web page on the attack notes "DNSSEC is the only definitive > > solut

Re: Multiple DNS implementations vulnerable to cache poisoning

On Wed, 9 Jul 2008 13:06:53 -0400 "Christopher Morrow" <[EMAIL PROTECTED]> wrote: > On Wed, Jul 9, 2008 at 12:11 PM, Steven M. Bellovin > <[EMAIL PROTECTED]> wrote: > > On Wed, 9 Jul 2008 12:05:38 -0400 > > "Christopher Morrow" <[EMAIL PROTE

Re: SANS: DNS Bug Now Public?

On Tue, 22 Jul 2008 08:00:51 -0500 "Jorge Amodio" <[EMAIL PROTECTED]> wrote: > It has been public for a while now. Even on the print media, there > are some articles about it on the latest Computerworld mag without > giving too much detail about how to exploit it. > > ie PATCH NOW !!! > Kaminsky

Re: https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)

On Thu, 24 Jul 2008 09:51:40 +0200 Robert Kisteleki <[EMAIL PROTECTED]> wrote: > Patrick W. Gilmore wrote: > > Anyone have a foolproof way to get grandma to always put "https://"; > > in front of "www"? > > I understand this is a huge can of worms, but maybe it's time to > change the default beha

Re: Exploit for DNS Cache Poisoning - RELEASED

On Thu, 24 Jul 2008 09:10:13 -0500 "Jorge Amodio" <[EMAIL PROTECTED]> wrote: > > > > Sure, I can empathize, to a certain extent. But this issue has > > been known for 2+ weeks now. > > > > Well we knew about the DNS issues since long time ago (20+yrs > perhaps?), so the issue is not new, just the

Re: TLD servers with recursion was Re: Exploit for DNS Cache Poisoning- RELEASED

On Thu, 24 Jul 2008 15:50:15 - "Martin Hannigan" <[EMAIL PROTECTED]> wrote: > > I don't know that a failure to act immediately is indicative of > ignoring the problem. Not to defend AT&T or any other provider, but > it's not as simple as rolling out a patch. > Right. What scares me is all

Re: Federal Government Interest in your patch progress

On Fri, 25 Jul 2008 12:07:40 -0400 Jared Mauch <[EMAIL PROTECTED]> wrote: > On Fri, Jul 25, 2008 at 11:04:59AM -0500, Jorge Amodio wrote: > > > > > >So, you say that(sarcasm). I just got off a 45 minute > > > call where the US > > > Federal government is interested in how to effectively >

  1   2   >