nanog mailing list archives
Re: government eavesdropping
From: Valdis.Kletnieks () vt edu
Date: Fri, 25 Feb 2000 01:39:20 -0500
On Thu, 24 Feb 2000 23:03:44 EST, Brian Wallingford said:
Specifically, what have Merit, and presumably yourself done that any reasonably clued ISP hasn't? Aside from responsible subneting, and standard non-intrusive filtering, what can be done? It seems to me that beyond that, the burden of safeguarding data falls on the end-user.
Sorry to preach to the choir, but... ;) "reasonably clued" seems to be too much to ask from far too many ISPs. Smurf came along in what, 1996? And www.pulltheplug.com and www.netscan.org both are finding enough networks STILL vulnerable that they find it interesting to tabulate. The guys at pulltheplug.com found an x.x.131.63 address that returned 1,924 replies on a PING. Truly scary, that many hosts on a /26 ;) I truly hope that something is SERIOUSLY broken in pulltheplug's methodology, except... For bonus points, trying to 'dig' for the SOA for the PTR zone gets a 'servfail', although the x.x.130.x and x.x.132.x PTR SOA's map to the same ns.<nameremoved>.net machine. You have to get down to 53rd on pulltheplug's list before you get to under 200 replies. And the guy hasn't started on arin/ripe/apnic allocated space yet. If ISPs and users had clues, we wouldn't have as big a potential DDoS problem. Oh, and this just in: The network staff at JMU (a university up the road from us) have found an in-the-wild Windows trin00. Details at: http://www.jmu.edu/info-security/engineering/issues/wintrino.htm And there's an estimate 76M hosts on the Internet. Probably 80% of them are Windows. It's gonna be a LONG summer, guys.... Valdis Kletnieks Operating Systems Analyst Virginia Tech
Current thread:
- government eavesdropping Jeff Ogden (Feb 24)
- Re: government eavesdropping Jim Mercer (Feb 24)
- RE: government eavesdropping Roeland M.J. Meyer (Feb 24)
- Re: government eavesdropping Henry R. Linneweh (Feb 24)
- Re: government eavesdropping William Allen Simpson (Feb 24)
- Re: government eavesdropping Brian Wallingford (Feb 24)
- Re: government eavesdropping Valdis . Kletnieks (Feb 24)
- DDoS/PPark (was: Re: government eavesdropping) Ville (Feb 25)
- Re: government eavesdropping Chris Cappuccio (Feb 24)
- Re: government eavesdropping Brian Wallingford (Feb 24)
- Re: government eavesdropping Kai Schlichting (Feb 24)
- Re: government eavesdropping Ehud Gavron (Feb 24)
- Re: government eavesdropping William Allen Simpson (Feb 25)
- Re: government eavesdropping Deepak Jain (Feb 25)
- <Possible follow-ups>
- Re: government eavesdropping michael . dillon (Feb 25)
- Re: government eavesdropping michael . dillon (Feb 25)
- Re: government eavesdropping Alex Bligh (Feb 25)