Slashdot Mirror

FCC Report and Order 96-102 - Dubbing it the Unlicensed National Information Infrastructure (U-NII) band, a recently issued FCC Report and Order opened up a hefty 300 MHz of bandwidth to all comers, with an unusually small number of strings attached (see www.fcc.gov). To put things in perspective, this is 2.5 times the total bandwidth allocated to Personal Communication Services (PC S), which brought in over 20 billion dollars at auction. That this much spectrum could be doled out for nothing is a fairly strong indication that spectrum scarcity is largely a political illusion--a fact likely to come back to haunt those deep-pocket real estate speculators who thought they were buying the last vacant lots in town. This seemingly inconsistent approach to spectrum management has kindled an interesting debate among advocates of spectrum privatization, not to mention continued wailing by die-hard statists who still believe the airwaves belong to "the people."

taken from this article

Second, administrators that attempted to block the AIM service by blocking the default port of TCP/20379 were in for a shock. The AIM client/server model is extremely versatile and doesn't pay any attention to WKS (Well Known Services); the login server allows connections from every TCP port under the sun, including the ports that are likely permitted for business reasons: TCP/21 (ftp), TCP/80 (http), and TCP/443 (https). While we would never do something nasty like run nmap against login.oscar.aol.com, we think you'd be surprised if you knew just how many AIM-open ports there are.

AIM also runs over proxy; and the client has an "auto-configure" button that makes it really easy for Nancy in Human Resources to bypass your perimeter security. In a nutshell, AIM's a slippery little devil and just about impossible to block unless you're using a perimeter device with content inspection capabilities. We can expect more user toys to start exhibiting these perimeter-security-bypassing traits, which means that you will not know what applications are actually in use on the network layer, since the port number will become meaningless.

Remember when the RIAA did their experiment with those kids downloading a ton of music before the Grammys, well those same kids said they got most of their content with AIM. Shutting down everything except HTTP/SMTP/POP may not even cut it nowadays

External audits are good because they bring in experts who focus on finding vulnerabilities in your network. These experts will come armed with a variety of vulnerability assessment tools to perform their audit. The only problem is that it will almost always happen less frequently than vulnerabilities are discovered, so this should only be 1 part of the overall solution.

You should adopt this practice internally, because if the tools are set up to check for vulnerabilities, you can be much more proactive about finding them than simply by scheduling consultants to come every few weeks, months, year. There are a variety of tools available, both freely and commercially.

A good tool will be updated frequently, check a lot of bugs, including the most critical (SANS Top 20, BugTraq, CERT.

Free Tools
SATAN -- Security Administrator Tool for Analyzing Networks
SAINT -- Security Administrator's Integrated Network Tool -- based on SATAN, GNU
SARA -- Security Auditor's Research Assistant -- similar to SATAN/SAINT check the Freshmeat page
NESSUS -- another free tool

Commercial Tools
ISS has a variety of tools avaiable depending on your needs
NeXpose -- try the free demo, great ui, demo only lets you assess 1 IP at a time though :( Here is a review
A Networking Computing article on Vulnerability Assessment tools. Reviews many of the major vendors (so I won't list them all). Includes some of the free tools.
Here is another overview of security tools to get you started.

Speeds for Bluetooth spec out at under 1 Mbps, depending on range, obstacles, etc. At an average speed of 750 Kbps, could you watch an MPEG-4 encoded video clip at a decent resolution on a handheld? (Hmmm...that OQO has Bluetooth built in.) Check out the specs on Bluetooth.

We are just reviewers,
And the vendors, without fail,
Try to tear down our resistance,
With an avalanche of vapor,
Such are promises.
All lies and jest,
Still we only hear what we need to hear,
And we decide who's best.
...
Lie, lie, lie.
Gosh they vendors, how they lie.
See them cry,
Lie lie lie lie lie lie lie lie lie

Sig: What Happened To The Censorware Project (censorware.org)

Apple is a Hardware/Software company. In order to stay in business and pay their engineers, they need to make a profit. What advantage for them is there to release a linux port or open source the codecs? If they release great software on other platforms, there is no advantage of buying a brand new iMac or G4.

They've released the Streaming Server open source, because they believe that their bread butter right now is with consumer products. So if you want access to great free software solutions such as Quicktime, iMovie, iDVD, iTunes, iPhoto and the best UNIX desktop platform, the next time you buy a new computer, buy a shiny new Apple. And for all of you Linux fanactics, you can always dual boot Mac OS X/Yellow Dog Linux. And for the few of you out there that need Windows applications, buy a g4, and run Virtual PC.

"I know I'm going to get flamed for writing this, but Apple Computer's Mac OS X 10.1 is what Linux-on-the-desktop people crave: a Unix-based OS with an interface even a novice can handle."
- http://www.networkcomputing.com/1224/1224sp1.html

6 Common Myths About Apple

...of the article was the software ratings compared with the user survey:

What is the most important aspect of a video stream?
Low Bandwidth 27%
Quality 73%

Video Quality Report Card:
QuickTime 4.1
Real 3.7
WMP 2.5

In what format do you provide content to your users?
QuickTime 22%
Real 31%
WMP 42%

In other words, with quality being the most important factor, WMP wins - despite being the lowest quality of all. (Both QuickTime and Windows Media solutions are free) Hmmm... sounds like other familiar Microsoftian stories.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

On the other hand, UnixWorld has one of the most unbiased articles comparing Apache and IIS. Basically there are pros and cons to both servers (one being IIS's built-in support for SSL, compared to a pay addon for Apache). Use what fits your needs. Apache isn't necessarily "better" overall, unless of course, you want to spread FUD.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

I think several (highly modded) contributors to this discussion are confusing
the concepts of information bandwidth and frequency bandwidth. Ultra-wideband
refers to the bandwidth in the frequency domain, which is only indirectly
connected to the concept of information bandwidth, in that a wide band in
the frequency domain translates to narrow pulse in the time domain. Coding
techniques also strongly affect the ultimate information bandwidth of the
system. UWB is nothing like IEEE 802.11b,
which operates in the narrow 2.4 GHz - 2.483 GHz band.

I have been working on a project for US Army STRICOM,
in which we are using 8 UWB devices manufactured by
Time Domain Inc. to perform position location. These devices
operate at 1.9 GHz center frequency with a 2 GHz bandwidth,
which translates to a 500 ps pulsewidth.
We have a short conference paper on UWB simulation, accepted for presentation
to the 2002 IEEE Antenna and PropagationSociety Symposium,
which you can access
here. Speaking in general and rather simplistic terms, the information
bandwidth of such a system would depend of the time frame over which you
will allocate these 500 ps slots to listen for the transmission of 1 bit
of information. For example, if we choose a 5 ns time frame, then we
could theoretically obtain 200 Mb/s information bandwidth, while (ideally)
allowing for 10 channels of operation. Of course, the previous analysis
neglects the need for redundancy, and you may want to choose a time slot
over which to listen for a pulse different than the pulsewidth itself, but
I think the discussion gives one a good idea about how to relate information
bandwidth to frequency domain bandwidth in a simple communication system.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

An article by Michael J. DeMaria over at networkcomputing.com.

Even in our own office, I wish we could kill multicasting. We make games here, and in the evening, a lot of groups of guys are playing games that spew enough multicast packets to bring our 100mbit network to its knees. (Yes, we're using switches, not hubs.)

You need switches that support IGMP spoofing, then. If the traffic really is multicast, and not broadcast, IGMP spoofing is what you're looking for.

<KARMA-WHORING>
Take a look here-- it's a pretty decent article on IP multicast (not really technical-- just buzz-laden). Some rudimentary technical information is in here.
&lt/KARMA-WHORING>

I just got in from a busy day and what do I find but a little Snort action on ole Slashdot...

So, I've got a few comments about the comments:

Snort signatures and the quality thereof. Anyone who complains about the quality of Snort signatures is a lazy bastard, they're open source and easy to modify, if you find that much wrong with them make the appropriate changes and mail them back to me or Brian Caswell, our own official Snort Rules Nazi. Just because we write Snort sigs doesn't mean you have to use them, the original concept behind Snort and the rules files that came with the distro was that the users could look at examples of how to write them and develop their own set for the site they were protecting. This has gotten way out of hand over the past three years and has blossomed into the approximately 1300 rules we have now. The quality isn't always the best, but we're working on it (and if you've been tracking them over the past 6 months they've gotten much better.

Performance. People from ISS talking about the superior performance of their solution is laughable, it's been shown repeatedly in third party IDS roundups that Snort performs on par with or better than almost all of the other commercially available NIDS solutions out there. In fact, I know of one large entertainment company that sank a decent chunk of money into hardware that's running Snort at OC-12 speeds on their network successfully with no packet loss at all. Moral of the story? IDS performance is tied directly to the configuration and horsepower of the sensor hardware. No big revelations there. The fact of the matter is that's Snort's capabilities and performance keep increasing as we continue to develop it. We're also about to revisit some major architectural components of the system as we begin development on Snort 2.0 this month, but that's a different topic...

Love Snort but need a commercial company to back it? Check out Sourcefire, a company that I founded this year precisely to do that. We are selling network IDS appliances complete with a web-based GUI, data analysis console, and full blown configuration management system built in. We're also working on a Management Console appliance that will allow you to deploy and manage a distributed Snort NIDS infrastructure and manage all the data that comes out of the system and perform multi-sensor correlation.

Rapid response. When the shit hits the fan on the Internet, Snort is usually the leader in getting out new sigs to the user community. Case in point, the W32/Voyager MS SQL worm that recently came out, we were the first with sigs to pick it up.

So in the end, Snort gives you speed and accuracy (in that I mean you can identify specific exploits very precisely), has an active development and user community and is flexible to meet users needs. I think that this is a really good combo for most people's needs. Now that Sourcefire is out there, I think that the needs of "pro" users can be satisfied as well as those of the open source world.

On the other hand I might be biased, as I did write the thing... ;)

-Marty

Any IDS vendor that is using a smartbits to test their NIDS should be flogged and then shot in the kneecap.

Why? Because a smartbits doesn't generate "real" application traffic. They don't do ftp, http, smtp, h.323, etc. So what point is there in using it to test/benchmark the throughput of a NIDS which needs to look into these protocols? None- which is why a smartbits is used to test routers, switches and things of that nature- not NIDS or firewalls.

Fact is I've used both ISS and Snort, and frankly they both suck. Both false positive up the wazoo. Only now that ISS is integrating the technology from NetIce are they able to have decent accuracy- and even then they've got a long way to go.

Not to mention trying to compare NetIce to Snort is like apples and oranges. NetIce does protocol analysis and snort is mostly signature based. Anyone in the industry who is honest will tell you that sigs will detect more attacks but require more processing time than PA. The
recent test by Network Computing is a good indication of this. (NetICE found 5/9, snort 8/9, Dragon, another sig based system found 9/9 attacks)

Is VoIP secure?

Measuring VoIP for Jitter and Loss

VoIP Invasion Are You Ready For It? (long!!!)

As for thinking your gonna reach around the globe, sure you can in theory, provided all PBX's and routers are configured properly, there aren't any bottlenecks along the route, etc. Pretty hard thing to do for under 175 US dollars when Fortune 500's spend tens of thousands on PBX equipment and can't get it right ;\

hellraiser&iexcl

There are three main issues of VoIP security. One is authentication: Is the party who answered the call the intended destination? Another is nonrepudiation: Once a destination accepts a call, is there anything in place that prohibits it from denying receipt of the connection? Finally, there's privacy: Is the call content secure? Authentication and nonrepudiation are important.

Without gateway-to-gateway encryption, VoIP packets are vulnerable to sniffingng. All it takes to intrude is one IP packet monitor sniffing somewhere on the network, watching for VoIP packets and storing them on a hard drive for playback later on.

In addition to commercial devices for monitoring and troubleshooting IP traffic streams, sniffers are available as free software and most come with source code (or as source code) that can be easily modified for tapping.

It's kind of like the early days of cordless phones. It took a while for users of those to realize they were being tapped. FCC regulations prohibiting the sale of the scanners that pick up certain bands allocated to wireless telephony didn't provide much of a barrier. And the information necessary to modify common scanner models was widely available. Later, the same became true with regard to analog cell phones.

IP packet monitors are much like those scanners. Few of the commercially available devices snoop VoIP streams right out of the box. Neither can most of the free software tools available enable VoIP snooping without modification. But either can become a fully automated, programmable VoIP tap. Why aren't VoIP calls encrypted? Because on-the-fly encryption and decryption takes time, and time is at an utter premium in a VoIP connection. The overall latency of a VoIP call must be less than 250 mSec to approximate toll quality. Add milliseconds, and the perceived quality of the call drops. For an industry still working for broad acceptance, call quality is paramount.

Even though encryption is a component of the H.323v2 standard, it's likely to be one of the last features implemented. Although each involves different skills and technologies, the same blackguards who'll tap your PSTN lines are the ones who'll sniff VoIP links. Any data that can be stolen from analog conversations is at risk in a digital link too. The difference, generally, is that analog lines can be tapped only one at a time, VoIP lines can be tapped by a whole T-span or more at once. There's also no real way to detect a VoIP tap, except by locating an unauthorized system on the network.

Internal snooping is easier and more likely than an outside tap, unless your network can be compromised at some outside point.

But the most important thing to remember is that VoIP calls can be tapped. Until you have gateways that encrypt the call end to end, treat VoIP calls as "unsecure" - especially if they leave your private network. And any calls passing through the 'Net should be regarded as no more secure than a CB radio conversation.

Good article on VoIP... RFP: VoIP invasion, are you ready for it?

Be advised, the article is over 10+ pages long, and it gets boring

view the source Luke!

here is a java configuration utility for the Apple Airport so that you can use any system running java 1.2 to configure the access point. this should also work with the RG1000.

the Apple Airport runs slightly less than $300 while the RG1000 runs a bit more than that.

both of these have Lucent silver cards inside them so they support antennas and what not. they can also be upgraded to Lucent gold cards rather trivialy.

I like the lucent cards as they are support on Mac, FreeBSD, Linux, Windows 95/98, Windows NT, and Windows CE.

what I have found to be the main difference between cheap 802.11b cards and their expensive brethren is antenna sensitivity. the more you pay, the better the built in antenna is.

here is a decent article comparing 802.11b solutions.

Grimlaf

I can get DSL at my house, but since I'm on the fringes distance-wise, it'd be slow. And I don't want to give any more money than I have to so SBC.

I can get a cable modem, but we're familiar with the problems that presents. And I don't want to give money to AT&T.

Services like Ricochet provide ISDN speeds for under $100 a month. The portability is great if you have a laptop and travel. And if you move frequently, you don't have to wait around for a new install and pay the setup charges...just take your modem with you and you're set.

Network Computing has a good review of Ricochet.

You could easily be 10 years old and rather precocious, I suppose, so:

1) Yep, but you need to learn how to configure it first. You can read about the basics here if you like. Invest in a Linux book, though. I recommend one by O'Reilly.

2) Sure, if you spend a few weeks hashing out a concept for a business, learning how to use Apache, building a website and physically provisioning it. What kind of business do you want to start?

3) Yep, it's a shell. What's beneath it is the actual nuts, bolts, and gears of the operating system, which is called the kernel. How do you get there? Well, if you mean "how do you change how it works," by fiddling with all those nifty files with .rc extensions, the configuration files for all those kernel modules. Again, get a good Linux book which will do a much better job of explaining this than any of us could.

Or, you could be a troll. But then, I've only wasted a minute or so of my time on you, which is really not much skin off my nose.

Love, 'Kruzr

Email me.
Don't trust anyone over 90000.

I was flipping through an issue of Network Computing from last month, and saw this link to their review of terminal emulators.

YMMV, IANAL, FYI, etc.

While I was never sure about the office java thing, I think it was just a rumor, but could have been true.

Oh, there certainly was a "Corel Office for Java". I found an old review of it here for anyone who cares. From what I remember of the development version I tried, it was an impressive Java application but a next-to-useless office suite. It's now residing in the "where are they now?" file, next to Microsoft Bob.

Of course, people actually downloading the whole human genome probable wouldn't worry about this, but couldn't they use a better compression format than .zip? I bet using bzip2 or rar would shave a couple of hundred MBs off of that 753MB file. Also, the differences in compression techniques would be interesting to see on a large group of files mainly consisting of G, A, C, and T. -- demiurge You find a file that appears important and obliterate it from memory!!! Score one for the downtrodden hacker!

• G -- 00
• A -- 01
• T -- 10
• C -- 11

This would only work for the .fa files, but .fa files can contain "N"s also. If you just want to browse the Genome, look through the pieces directory. .

disks, tape, cds... they all have a relatively short lifespan. picture storing data in mice, just feed them and keep them warm. ev en if th e parents die the children will have the artificial chromosomes... (that is unless they recombine, in which case all of your documents or whatever are worthless....)

full BGP4 routing so all those pipes are used at all times, not just when one fails.

Here is an article describing what BGP4 (Border Gateware Protocol) is and why you need it.

Here is a link to a Network Computing article talking about WebSphere specifically but has links to older NC articles comparing several different Java application servers including WebLogic and Enhydra. These articles may be a bit outdated, but are still informative.

There is a good review of Tarantella at Network Computing.

Tarantella offers a new twist on thin-client computing, and it packs extraordinary
Web-based functionality. Developed by SCO, Tarantella lets users access and run
applications hosted on Windows NT Terminal Server, Unix X Window servers and legacy
mainframes with little more than a Java-enabled Web browser.

The original summary pointed to the second page of the article, here is a link to the first page. Network Computing Is It Time for Linux .

Hope this helps make the article flow a bit better.

Has an embedded space in it. Use this instead