they have a pretty slick NetFlow-/capture-based anomaly-detection system (somewhat called their 'DoS' product) which does a good job of macro-analysis, helping you figure out how to steer IDS in order to keep it from getting overwhelmed by a torrent of information.
He's trying to make a point - that running all this P2P crap blindly on your systems, -especially- Windows boxes, is a security nightmare.
Think about it; he's managed to get thousands upon thousands of people worldwide nervous and antsy about whether or not their boxes are in a semi-0wned condition. Why?
Because it's within the realm of possibility that something like this could be done. Not by the stupid RIAA, who can't even secure their own Web site, but by somebody a) more skilled and b) motivated to do something Really Bad, like build (and use) a gigantic DDoS network, or steal any kind of account/password info it can find, or any kind of documents which might contain proprietary information, etc.
The intellectual property aspect of filesharing aside, I personally think that anyone who runs a P2P app is asking to get burned. There simply hasn't been the kind of scrutiny turned on these things that we see on other types of apps and utilities (and we already know that the concept Gobbles is preaching about is valid due to the earlier KaZAa worm, etc.).
Dude, you so don't know what you're talking about; Cisco is the #1 supplier of layer-3 switching gear in the world:
http://www.cisco.com/en/US/products/hw/switches/ in dex.html
Nor is it true that 'Cisco equipment runs a new instance of spanning tree each time a new VLAN is created'. You have to know what you're doing, of course, but it's very easy to create a very large layer-2 spanning-tree domain with a good-sized ST diameter. With good network design principles (read more on http://www.cisco.com, attend their Networkers sessions) and an understanding of how the equipment works, this sort of problem should never occur.
on more guns and bombs and tanks and planes so that idiots like you have the freedom to whine on Slashdot about how there's not enough of my money being spent on 'basic research', instead of being too busy praying to Mecca five times daily - in between your duties as Chief Eunuch in the sultan's harem - to have much time for anything else, even if it were allowed by the religious police.
upon the structure of your data, the types of queries you'll be running, whether the database is geared more towards large numbers of people doing simple queries, or small numbers of people doing complex queries, etc.
-Very- generally speaking, your RAM and hard drive storage are far more important to your performance in this arena, coupled with your table layouts, etc. Multiple FiberChannel RAID controllers connected to big, fast RAID arrays (generally, RAID 5+1 is the 'Swiss Army knife' config for this sort of thing, but again, depends on what you're doing, and how) is key . . . . also, you may wish to consider having two separate boxes accessing that same shared storage via a SAN switch, for faliover, etc.
Finally, it may well be worth your investment in a second server with a 'warm' copy of the database synced onto it as a reporting instance . . . you can run complex queries against the reporitng instance, rather than the live copy, so as to avoid blocking issues, etc.
Bellovin came out with this a while ago. It's an interesting concept, but has the following practical drawbacks:
1. All the various vendors would have to implement it.
2. False positives. A new form of DoS would be to generate enough spoofed traffic to trigger this sort of thing -aimed at someone else-. Imagine your outrage when your l33t IRC buddies spoof your IP address block whilst attacking www.slashdot.com - no more imbecilic, outdated "Gee, whiz!" types of posts for you to read.
3. Oftentimes, rate-limiting via CAR, traffic shaping, or other methods consumes more CPU cycles on the routers than simply blocking the offending traffic (assuming this is possible, which depends upon the attack methodology).
The best way to combat DoS attacks generally is use strong platforms which process ACLs and other features in hardware (ensuring that your config allows those features to be processed in hardware; logging ACLs like a 'deny ip any any log' just won't cut it, these days), ensure you have the ability to 'draw off the poison' by sinkholing traffic headed for the destination by advertising a null route for it on a sinkhole router (this isn't always possible, it depends upon the target of the attck; you may not want to sinkhole all requests to your Web server, for example), ensure you have as good a traffic sniffing/IDS-type capability as possible, make use of Netflow tools like CAIDA cflowd/OSU flow-tools/Flowscan/Panoptiis/FLAVIO/Arbor Networks' Peakflow DoS, and know how to get in touch with the folks at your ISP(s) who can help with identifying the (even spoofed, via Netflow tracing) sources and blocking the offending traffic upstream of you.
If you're a commercial site, strongly consider a distributed Web site, hosted at different locations and using some sort of Global Server Load Balancing technology (GSLB; Cisco's Distributed Director and 4480 are two examples of this) to send people to different sites depending up their location, network topology-wise.
Reboot the server. The problem is serious if the reboot does not correct it. If this error code continues to appear, call your support representative. There is nothing you can do to correct the problem.
is pretty much the same - i.e., a bullet in the back of the head.
Some of us do actual -work- with our computers,
on
Gentoo Linux Reloaded
·
· Score: 1
instead of just sitting around all day compiling glibc or whatever.
Every Gentoo luser I know snivels weekly about how some 'ebuild' he ran totally horked up his box, so that he had to start over again from scratch. Hell, these people re-install Gentoo more times in a month than most idiot Microsoft lusers re-install Windows in a year!
Fuck that - I need to be able to actually -use- my boxen. Slackware beats Gentoo every time if you want to actually do something useful with your machine for two or more days in a row. At least until I can figure out how to get someone to pay me for continuously recompiling glibc, heh.
Slashdot Mirror
they have a pretty slick NetFlow-/capture-based anomaly-detection system (somewhat called their 'DoS' product) which does a good job of macro-analysis, helping you figure out how to steer IDS in order to keep it from getting overwhelmed by a torrent of information.
More info here.
I guess Mr. Flat (what a name!) hasn't ever heard of the LISP Machine..
Jeez.
He's trying to make a point - that running all this P2P crap blindly on your systems, -especially- Windows boxes, is a security nightmare.
Think about it; he's managed to get thousands upon thousands of people worldwide nervous and antsy about whether or not their boxes are in a semi-0wned condition. Why?
Because it's within the realm of possibility that something like this could be done. Not by the stupid RIAA, who can't even secure their own Web site, but by somebody a) more skilled and b) motivated to do something Really Bad, like build (and use) a gigantic DDoS network, or steal any kind of account/password info it can find, or any kind of documents which might contain proprietary information, etc.
The intellectual property aspect of filesharing aside, I personally think that anyone who runs a P2P app is asking to get burned. There simply hasn't been the kind of scrutiny turned on these things that we see on other types of apps and utilities (and we already know that the concept Gobbles is preaching about is valid due to the earlier KaZAa worm, etc.).
http://www.cisco.com/en/US/products/hw/modules/ps8 72/ps4025/index.html
plus a Catalyst switch at each end:
* Cisco Catalyst 2948G
* Cisco Catalyst 2980G-A
* Cisco Catalyst 2950 Series
* Cisco Catalyst 3550 Series
* Cisco Catalyst 4000/4500 Series
* Cisco Catalyst 6500 Series
to determine this is to actually read Lomborg's book, and then read what his critics say, no?
p pe r.jsp?PID=1051-157
Here's a link to some relevant stories:
http://www.techcentralstation.com/1051/indexwra
is the 'payment' part - people just don't want to pay for intangibles on the Internet.
;>
I mean, hell, would -you- play for Slashdot?
to do this with the Gimp - you people need to work on your photomanipulation skillz, werd!
much less needed Internet access.
Instead, why not look for tutorials on generating content which can be read by most everything?
See http://www.webstandards.org/learn/ for a good start!
in that situation would be Carmack's girlfriend.
};>
Then they won't have that problem.
should be whether they'll be in business next week, heh.
condoms with your company logo on the tip!
Dude, you so don't know what you're talking about; Cisco is the #1 supplier of layer-3 switching gear in the world:
/ in dex.html
http://www.cisco.com/en/US/products/hw/switches
Nor is it true that 'Cisco equipment runs a new instance of spanning tree each time a new VLAN is created'. You have to know what you're doing, of course, but it's very easy to create a very large layer-2 spanning-tree domain with a good-sized ST diameter. With good network design principles (read more on http://www.cisco.com, attend their Networkers sessions) and an understanding of how the equipment works, this sort of problem should never occur.
on more guns and bombs and tanks and planes so that idiots like you have the freedom to whine on Slashdot about how there's not enough of my money being spent on 'basic research', instead of being too busy praying to Mecca five times daily - in between your duties as Chief Eunuch in the sultan's harem - to have much time for anything else, even if it were allowed by the religious police.
just why did you feel compelled to tell us that - I mean, wouldn't we've just -know- who she is, and where's she's from, etc.?
upon the structure of your data, the types of queries you'll be running, whether the database is geared more towards large numbers of people doing simple queries, or small numbers of people doing complex queries, etc.
;>
-Very- generally speaking, your RAM and hard drive storage are far more important to your performance in this arena, coupled with your table layouts, etc. Multiple FiberChannel RAID controllers connected to big, fast RAID arrays (generally, RAID 5+1 is the 'Swiss Army knife' config for this sort of thing, but again, depends on what you're doing, and how) is key . . . . also, you may wish to consider having two separate boxes accessing that same shared storage via a SAN switch, for faliover, etc.
Finally, it may well be worth your investment in a second server with a 'warm' copy of the database synced onto it as a reporting instance . . . you can run complex queries against the reporitng instance, rather than the live copy, so as to avoid blocking issues, etc.
Better yet, do all this under Linux and Oracle.
Bellovin came out with this a while ago. It's an interesting concept, but has the following practical drawbacks:
1. All the various vendors would have to implement it.
2. False positives. A new form of DoS would be to generate enough spoofed traffic to trigger this sort of thing -aimed at someone else-. Imagine your outrage when your l33t IRC buddies spoof your IP address block whilst attacking www.slashdot.com - no more imbecilic, outdated "Gee, whiz!" types of posts for you to read.
3. Oftentimes, rate-limiting via CAR, traffic shaping, or other methods consumes more CPU cycles on the routers than simply blocking the offending traffic (assuming this is possible, which depends upon the attack methodology).
The best way to combat DoS attacks generally is use strong platforms which process ACLs and other features in hardware (ensuring that your config allows those features to be processed in hardware; logging ACLs like a 'deny ip any any log' just won't cut it, these days), ensure you have the ability to 'draw off the poison' by sinkholing traffic headed for the destination by advertising a null route for it on a sinkhole router (this isn't always possible, it depends upon the target of the attck; you may not want to sinkhole all requests to your Web server, for example), ensure you have as good a traffic sniffing/IDS-type capability as possible, make use of Netflow tools like CAIDA cflowd/OSU flow-tools/Flowscan/Panoptiis/FLAVIO/Arbor Networks' Peakflow DoS, and know how to get in touch with the folks at your ISP(s) who can help with identifying the (even spoofed, via Netflow tracing) sources and blocking the offending traffic upstream of you.
If you're a commercial site, strongly consider a distributed Web site, hosted at different locations and using some sort of Global Server Load Balancing technology (GSLB; Cisco's Distributed Director and 4480 are two examples of this) to send people to different sites depending up their location, network topology-wise.
There were a whole bunch like this:
---
SNM7204 -- FAILED TO WRITE TO DATABASE.
Reboot the server. The problem is serious if the reboot does not correct it. If this error code continues to appear, call your support representative. There is nothing you can do to correct the problem.
-----
is pretty much the same - i.e., a bullet in the back of the head.
instead of just sitting around all day compiling glibc or whatever.
Every Gentoo luser I know snivels weekly about how some 'ebuild' he ran totally horked up his box, so that he had to start over again from scratch. Hell, these people re-install Gentoo more times in a month than most idiot Microsoft lusers re-install Windows in a year!
Fuck that - I need to be able to actually -use- my boxen. Slackware beats Gentoo every time if you want to actually do something useful with your machine for two or more days in a row. At least until I can figure out how to get someone to pay me for continuously recompiling glibc, heh.
you'd join the Marines, heh.
"Gunny, what do I do with this here 'Ethernet' thing-a-ma-bob?"
"That's easy, son - if you can't eat it or f*** it, piss on it."
See http://www.isi.edu/nsnam/ns/ .
http://www.cisco.com/warp/public/cc/pd/witc/ao350a p/prodlit/a350b_ds.htm
http://www.cisco.com/pcgi-bin/Support/PSP/psp_view .pl?p=Software:Cisco_Secure_ACS_UNIX
or
http://www.gnu.org/software/radius/radius.html
or
http://www.freeradius.org/