Is it really so hard to setup egress filtering on your networks? Seriously, if people started allowing their email servers, and only their email servers to send email, then we could eliminate zombies. This is a 2 line entry into an access list on your border router. (heck, be a good net neighbor if your at it. If you're a corporation, do you really need port 135 leaving your network?) This would force Spammers to stop using zombified company machines, and home users on broadband to send hundreds of thousands of emails a minute. (not to mention checking your logs quickly tells you wich machines might be infected and need a visit from a tech)
Honestly, the thing that gets me is that most firewalls block incoming, but allow all outgoing traffic. Why? Do you want the next virus to hit and email out as an attachment your word documents? They might have trade secrets, or your budget numbers, etc. Do they want an inside machine setting up a "hole" in the firewall to a IRC server? once they establish the connection from the inside, most firewalls will then ignore the stream. Force spammers to use real mail servers so that they can be appropriately blocked.
I have never had someone give me an intelligent reason on why outgoing port 25 should not be blocked. I've heard the argument about people running email on their broadband connections. (I do, and route outgoing through my ISP's SMTP relay server)
and if you had stayed with carrier pigions, you wouldn't have to deal with fiber optic cable cuts either.. Face it, all new technology is never as good as the old when it first comes out. VOIP is nowhere near standard telephones for emergency, but way, way far ahead on capability. The fact that local PUC's have given phone companies legal monopolies over areas because they promise this kind of capability is one reason they are ahead. (BTW, any VOIP consultant worth more than $0.50/hour should be requiring at least 1 POTS line per building, just for this reason..)
In northern Oregon last week, my friends lost all long distance, internet, (except cable internet) cell phones, and every thing that goes with it. (like ATM's, Visa machines, Bank branches, etc) The reason? A rodent ate through a fiber cable, killing the main line out of town. The backups lines didn't work either, they are "investigating" that... If they had carrier pigeons, they would have been fine.. Or the post office..
Actually, the downloads are only for new installs. The upgrade servers are not counted. There was an article here on slashdot talking about that, but I'm too lazy to look it up. It was when firefox released version 1.0.
Funny how the "Conservatives" are bashing the "liberals" (and what the hell makes someone one of these groups or another, as if we couldn't be in both) about how they are just "building strawmen" as you so eloquently put it, when they were the ones trying to impeach Clinton for "Lying" when he said he did not have sex with Monica Lewinsky. He never did have Sex with her.. He got a BJ. But that little Technicality was a Big lie, Unlike "Iraq has WMD that they intend to use, and are acquiring nuclear materials" and "She wasn't really covert, she worked a desk job, so the law didn't apply"
Not really, perhaps he just wants to get rid of "Rouge" access points. My polices say that IT installs and maintains all networking equipment. This is to ensure uniformity, and most importantly security. If I see a SSID of "linksys" with no security, or bad security, that is a point of entry onto "my network." Maybe the employee threw it up because his laptop card doesn't do 802.1x authentication over 802.11g, or maybe he just isn't close enough to one of the other AP's in the office, and wants to "roam." Maybe its a guy sitting in a van in the parking lot, sniffing password attempts, or trying to lure people to use him as their gateway to grab confidential information. Either way, it is a security risk, and needs to be removed.
Remember that the network it is plugged into is the businesses, not the individuals, and the business dictates what is done with it. They have every right to disconnect it. They might not be able to confiscate it, and keep it, but they can certainly disconnect it, unplug it, and tell the employee to never, ever bring it back in.
Airespace was recently purchased by Cisco. I just bought some of the equipment, and it is damn sweet.. One note about the location pinpointing though.. (see below for the poor mans fix..)
By default it tells you that AP X detects an access Point. It tries to connect as a client, and ping spots on your network. This tells you if its on your network or not.. If you feel mean, you can flood it and shut it down.. (DOS attack built in!) However, if you want the precision mapping, you have to pay a very, very large chunk of change.. I have seen a demo, and it is pretty sweet to watch it pinpoint the exact location of a rouge AP. Keep in mind that this uses triangulation. You need more than one of your Cisco AP's to be able to see this rouge to get it pinpointed.
(Poor/Evil BOFH Fix) I would connect through the access point, note my IP, see if I could Ping the network.. Then, check the IP/Mac address, and find what port on my switches it is coming from. Disable the port. (if you have a nicely labeled patch panel, you could walk to the switch, and see exactly where the port is..) Wait for someone to complain about no network activity...
while I appreciate your humor, this actually could be usefull in classrooms. Think keyboarding class.. Blank out all keys, and make them learn to actually touch type. Or, switch it to DVORAK, and make them learn a different style of typing...
They are taking security vuln's for redhat EL 3, or suse 9.1, and comparing them to MS Windows. That is not fair. Now if they compared them to Windows, Office, sharepoint, IIS, Office, Project, all Microsoft games, SQL server, etc.. then it would probably be a little more fair. Linux DISTRIBUTIONS are a little more than an OPERATING SYSTEM.
Small corallary to this: Use ghost on your servers.. If your running windows servers, be sure to put the main install on a small "C" drive, and all the data on a different drive. Make a ghost image of the C drive any time there is a major change to it. (or once every month or so, in case of patches). Then, if there are problems, you can reghost the C drive, leaving the Data on the other drives intact. Or, in the case of nasty problems, ghost the C drive, and dump the data partitions back from tape.
Why are we still using a BIOS on the motherboard patterned after the designs of 20 years ago. None of my computers come with serial, parrellel, or PS2 ports, and no more ISA.. so why are we still using old hacked together BIOS? Sun and Mac have been off of standard BIOS's for years...
I think a handy thing for my web site would be to mark on the google map our location, and let someone type in their own address.. hit the submit button, and give them directions to our location.. is this possible?
True, but the majority of people in my town do not use the train. It is unprofitable to run this way. Notice how the big airlines work... They go to-from big cities. While the smaller communities would be inconvieniced, they are already used to having to drive to an airport. I don't think the train should stop in my town. There are not enough people to support it, and I'm tired of seeing tax dollars go to heavily subsidize Amtrak with all of their unprofitable stops.
There are two problems with this in the US. Problem number 1, is that our passenger train system, Amtrak, does not own its own tracks. It is forced to "borrow" time on freight tracks, meaning it often sits and waits while freight trains go by. There is one train route that goes from LA to seattle, (i think there are actually 2-3 trains that run that route). Most of the tracks are through rural areas, just one track, not two. This means that train has to pull over on side spurs and let other trains by that are coming the other direction. The other problem is a politcial one. Amtrak seems to want to stop at any city that has over 500 people living in it. From my city, (Klamath Falls, Right on the oregon/California boarder) it takes me 4-5 hours to drive to Portland, Amtrak takes 9 hours, mostly because it has something like 6 stops, at about 30 minutes a stop. If Amtrak could offer "expres" trains on the west coast, such as only hitting the big cities, like LA, San Fransicso, Portland, and Seattle, it would be much, much nicer.
This has been going on for decades. Its called the Selective Service. In the united states, all males between 18 and 30 something must register with the selective service. You must notify them when you move. I have had my college Financial Aid held up, because I had forgotten to tell the SS that I had moved. Once I faxed in my new address, I got my refund check. This is not orweilian, you dimwit, this is in case we need another draft!. Orewellian is usally a term to describe the effect of "Big brother is watching you" This is not the case. This is the case of "Big brother knows where you live, and who you are." Perhaps you could protest the IRS, wich carries much more information, as well as your states DMV, your medical insurance company, etc.
All Dell desktops come by default without a floppy drive. You have to pay an extra $13 for one when you configure it. And all their laptops, if you purchase a floppy drive, come as a USB attachment. It is slowly happening
If your going to keep my on hold and listening to music, please dear god stop interupting the songs every 15-20 seconds with an automated voice giving me a sales pitch, or thanking me for being a customer, or assuring me a tech is working on the problem. Let me listen to the damn music uninterrupted while I wait.
On the plus side, one tech support line, ( I think it was 3com) had a voice at the start of the hold cue that said, Press 1 for classical music, Press 2 for Jazz, Press 3 for classic rock.... That was pretty nice
remeber that work on the stealth fighter started in the early 80's. We saw it in action for the first time (officially), in the Panama Invasion. The SR-71 was developed in the 70's, and is retired.. Kinda makes you wonder what they were working on in the 90's, and early 00's doesn't it...
Slashdot Mirror
Got to admit, this is an interesting argument I have not heard before, thank you.
Honestly, the thing that gets me is that most firewalls block incoming, but allow all outgoing traffic. Why? Do you want the next virus to hit and email out as an attachment your word documents? They might have trade secrets, or your budget numbers, etc. Do they want an inside machine setting up a "hole" in the firewall to a IRC server? once they establish the connection from the inside, most firewalls will then ignore the stream. Force spammers to use real mail servers so that they can be appropriately blocked.
I have never had someone give me an intelligent reason on why outgoing port 25 should not be blocked. I've heard the argument about people running email on their broadband connections. (I do, and route outgoing through my ISP's SMTP relay server)
Take a look at Oracle Colaboration Suite.. Calendar, Files, and Email, all stored in a big ass Oracle Database.
The torrent from there site is here
In northern Oregon last week, my friends lost all long distance, internet, (except cable internet) cell phones, and every thing that goes with it. (like ATM's, Visa machines, Bank branches, etc) The reason? A rodent ate through a fiber cable, killing the main line out of town. The backups lines didn't work either, they are "investigating" that... If they had carrier pigeons, they would have been fine.. Or the post office..
Actually, the downloads are only for new installs. The upgrade servers are not counted. There was an article here on slashdot talking about that, but I'm too lazy to look it up. It was when firefox released version 1.0.
Funny how the "Conservatives" are bashing the "liberals" (and what the hell makes someone one of these groups or another, as if we couldn't be in both) about how they are just "building strawmen" as you so eloquently put it, when they were the ones trying to impeach Clinton for "Lying" when he said he did not have sex with Monica Lewinsky. He never did have Sex with her.. He got a BJ. But that little Technicality was a Big lie, Unlike "Iraq has WMD that they intend to use, and are acquiring nuclear materials" and "She wasn't really covert, she worked a desk job, so the law didn't apply"
Remember that the network it is plugged into is the businesses, not the individuals, and the business dictates what is done with it. They have every right to disconnect it. They might not be able to confiscate it, and keep it, but they can certainly disconnect it, unplug it, and tell the employee to never, ever bring it back in.
By default it tells you that AP X detects an access Point. It tries to connect as a client, and ping spots on your network. This tells you if its on your network or not.. If you feel mean, you can flood it and shut it down.. (DOS attack built in!) However, if you want the precision mapping, you have to pay a very, very large chunk of change.. I have seen a demo, and it is pretty sweet to watch it pinpoint the exact location of a rouge AP. Keep in mind that this uses triangulation. You need more than one of your Cisco AP's to be able to see this rouge to get it pinpointed.
(Poor/Evil BOFH Fix) I would connect through the access point, note my IP, see if I could Ping the network.. Then, check the IP/Mac address, and find what port on my switches it is coming from. Disable the port. (if you have a nicely labeled patch panel, you could walk to the switch, and see exactly where the port is..) Wait for someone to complain about no network activity...
while I appreciate your humor, this actually could be usefull in classrooms. Think keyboarding class.. Blank out all keys, and make them learn to actually touch type. Or, switch it to DVORAK, and make them learn a different style of typing...
They are taking security vuln's for redhat EL 3, or suse 9.1, and comparing them to MS Windows. That is not fair. Now if they compared them to Windows, Office, sharepoint, IIS, Office, Project, all Microsoft games, SQL server, etc.. then it would probably be a little more fair. Linux DISTRIBUTIONS are a little more than an OPERATING SYSTEM.
Didn't redhat just release the new fedora directory server, based off of netscapes code?
Small corallary to this: Use ghost on your servers.. If your running windows servers, be sure to put the main install on a small "C" drive, and all the data on a different drive. Make a ghost image of the C drive any time there is a major change to it. (or once every month or so, in case of patches). Then, if there are problems, you can reghost the C drive, leaving the Data on the other drives intact. Or, in the case of nasty problems, ghost the C drive, and dump the data partitions back from tape.
That is not a spoiler, it is a summary.. It would only be a spoiler if people actually read the articles....
*Do you sit there and watch the waiter run your credit card at the resturaunt?
*When was the last time you ran a credit report?
I find it shocking how many companies I don't know have my credit information. I find it very, very shocking that my dogs freaking VET wants my SSN..
Why are we still using a BIOS on the motherboard patterned after the designs of 20 years ago. None of my computers come with serial, parrellel, or PS2 ports, and no more ISA.. so why are we still using old hacked together BIOS? Sun and Mac have been off of standard BIOS's for years...
I think a handy thing for my web site would be to mark on the google map our location, and let someone type in their own address.. hit the submit button, and give them directions to our location.. is this possible?
True, but the majority of people in my town do not use the train. It is unprofitable to run this way. Notice how the big airlines work... They go to-from big cities. While the smaller communities would be inconvieniced, they are already used to having to drive to an airport. I don't think the train should stop in my town. There are not enough people to support it, and I'm tired of seeing tax dollars go to heavily subsidize Amtrak with all of their unprofitable stops.
Already getting slow...
Try the coralized link
There are two problems with this in the US. Problem number 1, is that our passenger train system, Amtrak, does not own its own tracks. It is forced to "borrow" time on freight tracks, meaning it often sits and waits while freight trains go by. There is one train route that goes from LA to seattle, (i think there are actually 2-3 trains that run that route). Most of the tracks are through rural areas, just one track, not two. This means that train has to pull over on side spurs and let other trains by that are coming the other direction. The other problem is a politcial one. Amtrak seems to want to stop at any city that has over 500 people living in it. From my city, (Klamath Falls, Right on the oregon/California boarder) it takes me 4-5 hours to drive to Portland, Amtrak takes 9 hours, mostly because it has something like 6 stops, at about 30 minutes a stop. If Amtrak could offer "expres" trains on the west coast, such as only hitting the big cities, like LA, San Fransicso, Portland, and Seattle, it would be much, much nicer.
This has been going on for decades. Its called the Selective Service. In the united states, all males between 18 and 30 something must register with the selective service. You must notify them when you move. I have had my college Financial Aid held up, because I had forgotten to tell the SS that I had moved. Once I faxed in my new address, I got my refund check. This is not orweilian, you dimwit, this is in case we need another draft!. Orewellian is usally a term to describe the effect of "Big brother is watching you" This is not the case. This is the case of "Big brother knows where you live, and who you are." Perhaps you could protest the IRS, wich carries much more information, as well as your states DMV, your medical insurance company, etc.
All Dell desktops come by default without a floppy drive. You have to pay an extra $13 for one when you configure it. And all their laptops, if you purchase a floppy drive, come as a USB attachment. It is slowly happening
If your going to keep my on hold and listening to music, please dear god stop interupting the songs every 15-20 seconds with an automated voice giving me a sales pitch, or thanking me for being a customer, or assuring me a tech is working on the problem. Let me listen to the damn music uninterrupted while I wait.
On the plus side, one tech support line, ( I think it was 3com) had a voice at the start of the hold cue that said, Press 1 for classical music, Press 2 for Jazz, Press 3 for classic rock.... That was pretty nice
No, .mp3 is dying, not dead, its right there with apple, BSD, and our civil rights.. (only 1 seems to be true..)
remeber that work on the stealth fighter started in the early 80's. We saw it in action for the first time (officially), in the Panama Invasion. The SR-71 was developed in the 70's, and is retired.. Kinda makes you wonder what they were working on in the 90's, and early 00's doesn't it...