No, you will continued to be serviced by t-mobile folks locked away in some far corner of customerservicelandia.
>
There's a large T-Mobile support center here in central Oregon. They even have a gym and other nice amenities for call reps. And I've talked to T-Mobile reps who are at other call centers in the US. It would be a shame if AT&T cut those jobs. It was a big deal when T-Mobile came here--it's not like there are tons of other jobs opening up.
I never watched BSG or C but from what i gather, they tried turning it into a soap and doing it on the cheap. Boys like special fx and girls like character development. The former is easy to do but expensive for what you get. The latter is cheap but harder to do in the long run. In the end, budget usually wins.
Your message is ambiguous--when you say "doing it on the cheap" are you talking about BSG, or Caprica, or both?
I never did get to watch Caprica. I've dissed cable and sat tv for awhile now. BSG, on the other hand, I watched. I would say that, regardless of how much they paid their actors, the audience saw performance above and beyond that of the typical science fiction show of late. It's interesting that some of them often lived as day actors in Vancouver, grabbing parts here and there as they could. But the performances they gave! How about the job Tricia Helfer did (hmm, I might be biased). She rocked. No, the casting for BSG was terrific.
So on to the topic of girls: never in my life have I known of a sci-fi show that lots of girls ended up liking. You're stereotyping big-time, too. Why should my maleness preclude me from wanting "character development"? Bah, rubbish man, rubbish. I even got my sister-in-law to like BSG, which she watched until the end, as did other women I know, including a romantic interest. Star Trek never had the same effect in my world:-)
Bah, add in Babylon 5, Quantum Leap, Lost In Space (cheezy-camp, but still an appropriate choice), and a few other classics, so it's not THAT repetitive.
I just happened to peruse nbc.com the other day and noticed that they have a lot of Quantum Leap episodes available for viewing. I was amazed, really--I hadn't visited a mainstream network's web site in some time. In the end, I watched some episodes of the original BSG! Hah! Born in 1972, I'm old enough to recall seeing them back when they aired. Luckily, my mom has always been a sci-fi fan. Just hearing the music tickles long-lasting pathways in my brain.
Ah, Halo, I love emacs, but never bothered to master its web browsing functions. No, for me it was lynx, and emacs was relegated to text and code editing functions. And you didn't have to be too late back in the day to end up with a uid greater than 3 digits. I signed up in 2000/2001 (can't recall precicely) and ended up with a six-digit uid:-) btw, once in awhile I still load up lynx for simple stuff, but less and less often as the weeks go by. Hmm, I'm posting this more than 12 hours after you did, so you may be the only one to see it if you manage to look!
There are other mirrors up there. why actually search for this one ?
FTFA: Now the team can eventually pin down the changing shape of the lunar orbit to the millimeter to help test Einstein’s theory of general relativity.
There might be other reflective things on the moon, but I assume that this one is somehow special. I at least *hope* that the people searching for it know what they are doing:p
There are certainly other reflectors out there on the moon, that could and have been used for measuring the moon's distance--and for some time now. I can't imagine what could be special about this one, except for the quality, perhaps? Nah. What if it's not kosher for others to shoot lasers at the reflectors that other scientists use? The article ends there and is skimpy on details.
Honestly, I have met a lot of people and they firmly believe they know everything because they went to college.
FTFY.
Probably my first off-topic post after years reading slashdot, but I must say that FTFY stuff is getting a bit tiring. It doesn't sit well with me to quote somebody's words and alter them. Better to quote honestly and explain how you think your opinion differs, which it would seem you don't disagree anyway. FTFY seems very arrogant to me--there was really nothing to fix in his post because what he said was actually true in his experience, and most reasonable people would agree with him. There's probably not one post ever submitted that couldn't be "fixed" by someone in some fashion, and then what kind of forum would it be? Just a bunch of FTFY's, over and over and over... blah! Am I being picky? hmmm
If decisions needed to be well-reasoned, virtually no politicians, journalists, CEOs or financial executives would be permitted within a mile of their workplace, advertising in its current form would be outlawed, and the Sci Fi channel would be showing Doctor Who.
And it would still be spelled "Sci Fi". Marketing drones... the hosers.
Frost bank recently sent me an update of their overdraft policies: "We will charge you a fee of up to $30 each time we pay an overdraft. There is no limit on the total fees we can charge you for overdrawing your account." the bold $30 was as they printed it and the phrase "no limit" was underlined by them. luckily i don't play Warhammer, but i wonder if this notice was related...
My friend, the management of Frost Bank sounds like a cold-hearted bunch. Luckily for them, they'll be able to take your hard-earned fees and distribute them to their various boat payments. The warmth of the Caribbean will no doubt make up for months of freezing in Manhattan--or wherever you and Frost Bank live in the world:-)
I remember having to install Trumpet or WinSocket or whatever the name was, just to add TCP/IP to Windows 3.11 so I could browse websites.
Close! Strange how memory works. Put those two together and you get "Trumpet Winsock". You just tickled a few memories: I remember I was really happy to buy Win95 so I wouldn't have to deal with Trumpet Winsock anymore. Well, and let's face it, it was an improvement to 3.11, but really I think my packard hell computer ran the older much faster than the new, but networking was easier. Thanks to the internet I found slackware linux some few months later. No more winsock.dll...:)
As for the story topic, later I found out how much a racket network solutions was with their outrageous domain registration fees, and heard about this guy Aveek Datta and ml.org, which we would provide free domain names under ml.org for anybody. Thousands and thousands signed up--clearly average people didn't want to pay $100+ for a.com name. I helped run that for awhile, and it was a worthy cause in my book. It was hard to like network solutions. I couldn't have helped if I hadn't spent hours fixing my screwups in slackware, on a side note:)
I'll not write as causticly as the AC who also replied, but I'll agree in principal.
One thing that is obvious and well-known is that it doesn't matter that you don't visit "shady" web sites to end up being subject to potential malware infection. Ad companies are letting nasty ads get through whatever controls they have in place. Serious vetting and the talent to implement it costs money, no doubt. I just found this, http://news.cnet.com/8301-27080_3-20000353-245.html
My 7 year old nephew's computer was chronically infested and he played games loaded via IE online. These free games sites have lots of ads. No windows virus scanner I tried could get rid of them. Had to use the Trinity Rescue Kit and ALL of its virus scanners to eliminate the infections on one occasion. I don't trust virus scans in windows much anymore. Oh, btw, they were letting him use an account with admin privs. I'm a years-long linux guy, and it's seriously tiring dealing with this, but I'll hazard a guess that you and others of us here are first responders for family and friends' computer issues, so won't get any sympathy:-)
Anyway, I think common sense applies. You're an experienced computer user, but why not be better safe than sorry? Your computer, your rules, certainly, but why take the chance? You have to make it as hard for the bad guys as possible, zero-day exploits and general windows vulnerabilities as common as they seem to be. I wonder if patch Tuesday will some day start a religion?
Maybe in the year 1995. I'm pretty sure they can handle having a list of ISP's mail servers and use them now. Sending from a consumer line would be quite useless anyway because 99% of email services would directly block such emails.
It may be nearly useless. That doesn't mean that botnets aren't sending email direct-to-MX. These hosts have connected to our incoming MX's in just the last couple of minutes, and I'd say it's a small sample:) But, nearly all of these connections get pretty high scores from spamassassin, and users generally don't see the resulting spam.
I'm sure he's not the only Sci-Fi author to have put these ideas into fiction. I had a great time reading his Neutronium Alchemist novels and others and seeing his description of how mind/computer interfaces could function.
I think it's a lot more realistic than Star Trek (gasp:) to imagine that future spacers will be sitting on an acceleration couch with their eyes closed--and seeing space around them as if they were outside, than to be sitting at a console with hundreds of controls, relying on the speed of electrons traveling through meat. And I loved their ability to superimpose heads-up displays onto their vision. I suppose I'm getting beyond the scope of this story...
Is there a way (on a ASA/PIX specifically) to block the outbound connections made by this worm so that you can contain the traffic to the local network and also log the hosts that are infected?
I can't say specifically how you go about firewall rules and that particular equipment, but we have an inbound ACL on our gateway cisco router that blocks incoming TCP connections on port 445, which this worm uses to try and talk to vulnerable windows boxes, AFAIK.
On our 7505 that handles our customer's DSL connections, we have an outbound rule that blocks 445. It only has 53 matches after months without a counter reset.
The ACL on our border router shows tremendous amounts of matched packets. I can't recall exactly how long ago these counters were reset, I believe around a month to a month and a half: deny tcp any any eq 445 syn (11118380 matches) permit ip any any (358140948 matches)
That's about 3% of incoming packets. Non-scientfic, sure, but it's certainly more than a little blip on the radar. Bastards.
In the time it took to preview and edit my post, the count went up to 11118552. That took about a minute.
especially when they are anonymous(or at least obfuscated) and in many cases, overseas and therefore beyond prosecution under this law
After tiring of the increasing load on our incoming mail servers running spamassassin, I undertook to spend a couple of days finding as many netblocks that ONLY have spam coming from them.
It's shocking really, that I ended up spending more than two days since there were so many spread out all over the place at various colo companies. And I'm sorry to say that what I found is that nearly all of the snowshoe spammers I found were riddled around in colos here in the US. There are a bunch of ISPs out there that seem to be making a bunch of money from snowshoe spammers, so much so that they don't mind allocating half of a damned/19 for the spammers to use and populate with randomly generated domain names. And, of course, just to make it easier for us poor and broke sysadmins, these colos don't just put them all into nice contiguous blocks of IP addresses. I've about given up complaining to the likes of GalaxyVisions, Pacific Internet Exchange, AboveNet (yes, Abovenet is these days hosting lots of snowshoe spammers--sad). The list goes on and on.
I'm up to ~375 netblocks we no longer accept SMTP connections from. The load average on our three MXs is usually about half what it used to be now.
Maybe I'm just getting old, but a 486 doesn't seem all that big a deal to me. I mean it's not as if it's a completely different architecture to that in use today.
I think we used a 486-class processor.. a Cyrix processor if I remember correctly, in our mail server here until 2002. So I agree with you.
Back in 1993, I think, I replaced my 486SX 33Mhz with a 486DX 66Mhz, and I remember paying $600 for the thing!
Nagios is great but even version 3 is by no means easy to configure. Like all too many F/OSS projects, the documentation is lacking or even incorrect in spots, and supplied examples barely scratch the surface of what the application can do.
Hmmm, I have to say I was pleasantly surprised by the documentation. We had Argus running here for monitoring for awhile and I finally got tired of its very obscure docs and its bugs. Nagios has been an entirely different experience.
And the Nagios mailing list is very well-read, it seems to me.
I've been running it and it's great - I have it monitoring a bunch of servers (email, hosting, backup, file, etc.) with custom scripts and it works great -- once it's configured.
Yes, I will admit it took a bit of time to get the hang of it. But I also remember it took a bit of time when I first tackled BIND and apache way back when! And I agree, we all sleep better at night with Nagios around (except when I hear a whoop-whoop:)
You sir, have no idea how right you are about Nagios... It spams, a lot. And depends on how well you know what you are doing, it will spam you from couple mail per hour to literally e-mail bomb you so you can't even open your e-mail client.
I'm thinking that you may be one of those that need the book.:-) The amount and frequency of alert emails is easily configurable. And I think you need a new mail client! How about trying mutt?:)
The "notification_interval" can be set to 0 so that nagios will only send one alert, period. Now, if you have a bunch of services/hosts down you will get a lot of messages unless you've taken steps to mitigate that. But isn't that better than *not* knowing your network has run home to momma?
We've been using Nagios now for months and it may be the least buggy code running on any of our machines. Rock-solid, I tell you.
Unless you're performing a DoS isn't IP spoofing very counterproductive since you cant get a response?
Usually, yes. But some things can be accomplished, like the Windows Messaging spamming coming into UDP ports 1026-1028, nearly every second of every day it's coming into our network, trying to pop-up messages onto Windows users' computers. The messages tell them their computers are infected and they need to go and download something to fix it. Well, you can guess what will happen if they do:) Oh, they are being sent with spoofed addresses appearing to come from Shaw Cable.
From our cisco's access-list counters, which was just reset yesterday: deny udp any any range 1026 1028 (8692 matches)
We've a reflexive access list that will allow UDP incoming on those ports if originated inside the network.
Lots of traffic comes from the reserved IP blocks, too. As well as spoofed local IP addresses. All sorts of nastiness. deny ip 10.0.0.0 0.255.255.255 any (4232 matches) deny ip 172.16.0.0 0.15.255.255 any (603 matches) deny ip 192.168.0.0 0.0.255.255 any (1540 matches)
The SW US experiences a monsoon season during the late summer and early fall, and the humidity can certainly shoot up. Having been there during those periods, I can attest to the powerful thunderstorms, as well.
The monsoon mostly affects northern Mexico, but can and does often spill over to Arizona and New Mexico. And, the article states:
During the 10-month test, Intel found that the machines cooled by outside air experienced humidity variations from four percent to more than 90 percent, and that it changed rapidly at times. Moreover, "the servers and the interior of the compartment became covered in a layer of dust."
Unfortunately, there is some MTA software that can't do the right thing without non-standard add-ons (qmail, I'm looking at you).
That's a patch, I think you're talking about. And applying a patch is quite easy. I won't get into applying multiple patches:)
A couple months back a customer was hit by blowback, about 1000 a day for a few days, and I've saved all of them. I see that there are bounces from every MTA I've ever heard of--a LOT of postfix servers, exim, SMTPD32 (bah), etc.
I mean, is there a point to bashing qmail so? We switched to qmail back in the '90's because it seemed bugtraq was always hollering about sendmail security holes. Bernstein's decision to allow the smtpd process as few privileges as possible was a design decision I happened to agree with very much at the time. Not only that, but it became impossible for spammers to verify that any address was real unless they wanted to use a valid and potentially traceable return path. Well, in retrospect, I suppose spammers dont have to give a shit as much now, since they have botnets at their control. They have changed everything.
That being said, we did patch our incoming MX's to reject messages outright, since we were getting so much damn spam we had to split incoming servers across multiple machines, and rejecting invalid addresses on those seemed a good thing to do.
I'm a bit dumbfounded by this. What on earth could be sad about kicking out a senator that has been proven corrupt?
Uhm, oh I don't know... maybe the part about him being corrupt?
Is this a trick question?
Sorry, but the rest of your comments did not lead me to believe you were sad he risks being convicted due to corruption, but rather you were sad Alaska would lose a powerful Senator. Really, you've complained about others' reading comprehension, but when I re-read your comments it looks to me like you didn't exactly explain yourself very well. It would seem most responders are thinking the same.
But your comments about "extreme liberals" shows a bend towards extremism yourself. You don't really give a shit who's in office as long as they are for 100% resource exploitation. Would you care to see beautiful Alaska after a hundred years of that? There must be some checks, somewhere, regardless of which "party" you belong.
And, personally, I'm damned sick and tired of Limbaugh-lemmings! Not everybody who is concerned about the environment and how we take care of the planet for our ancestors is a crazy person. I've worked on environmental cleanup jobs--the result of mining gone amok. You'd be one of those, concerned only for his immediate profit? Sure, mine all the gold and oil without care of concern for shit except how big a house and car you can obtain? Please
There is a great fear that nobody else (the up-and-comer Mark Begich for example) will be able to pull the kind of strings in Washington that Stevens was able to pull -- at least not for decades.
Ah well there's the catch. So, Alaskans don't care if they elect dumb, corrupt politicians just so long as they bring in the pork for the state? I've often wondered about the electees from Alaska. Murkowski... now there's another story. He resigns to become governor and then appoints his daughter in his place?
What about the common good of the country as a whole? Your senator does not merely pass laws that affect only Alaska, but all the other 300 million of us. And powerful, corrupt politicians like yours have been coming up with dumbass laws that affect all the US for decades. For just one fun example, how about the Unsolicited Commercial Electronic Mail Choice Act.
Our state certainly needs to rid itself of corruption. If Stevens is convicted it will be a sad day.
I'm a bit dumbfounded by this. What on earth could be sad about kicking out a senator that has been proven corrupt? Oh.. yeah, he's powerful and brings money and investment, not to mention I'm sure great parties with the oil execs at the Chalet.
I know what it's like to lose a powerful government rep. Tom Foley was speaker of the house until he was the first speaker to be unseated in ages (or maybe forever, I forget). His opponent, Nethercutt, a replublican, chided Foley for being in office so long--how does one get to be speaker otherwise?--and promised to serve only two terms. Haha. Well, that promise went out the window. Anyway, eastern Washington survived gaining a lying newbie representative, I'm sure Alaska will get over this fiasco.
Look, I agree with you to a point, at least regarding the large nationwide providers. However, there are still quite a number of smaller, local-only ISPs that are likely worth checking into. Anybody here in Bend, OR can has at least a few choices (75,000 pop).
Our situation here in Qwest land is that we really can't compete with their DSL Internet prices. Plus they are putting fiber down in the area that they say won't interface to the ATM network our customers use currently--they can only get DSL with MSN Internet. Bah!
However, we are still alive because there are a *few* discriminating indivuals out there: those who have dealt with Qwest and have nightmares and those that like to have a human answer the phone who is somewhere in the area. All our servers/routers are Linux or Cisco, and we read bugtraq, but didn't actually have to fret over this DNS issue, since we use djbdns and have for years now.
I worked in the photo labs at Johnson Space Center (Nasa Houston) back in 1972 and was told that when Apollo 11 returned, Nasa had the Lunar Receiving Laboratory set up like a Fort Dietrich style germ warfare lab.
I've heard the same. Found this written by a Judy Allton from Lockheed regarding the return of moon rocks:
In 1965 a committee of the Space Science Board reviewed the need for a lunar sample receiving laboratory and recommended a laboratory of restricted scope. This committee also raised the question of quarantine for lunar samples until they proved to be biologically harmless.
"But as plans for managing the samples developed, NASA came under pressure from space biologists and the U.S. Public Health Service to protect earth against the introduction of alien microorganisms that might exist in lunar soil. What would have been a small laboratory designed to protect lunar samples against contamination grew into an elaborate, expensive quarantine facility that greatly complicated operations on the early lunar landing missions." (Compton, 1989).
It seems like paranoia, but despite the expense and pain it's a healthy one, in my opinion. There may come a time when such restraint really does save our asses. Being in my late 30's I wonder if it will be in my lifetime, however:-) Rest of it at:
Slashdot Mirror
Give me a Soyuz capsule, or give me an eternity in this gravity well.
No, you will continued to be serviced by t-mobile folks locked away in some far corner of customerservicelandia.
>
There's a large T-Mobile support center here in central Oregon. They even have a gym and other nice amenities for call reps. And I've talked to T-Mobile reps who are at other call centers in the US. It would be a shame if AT&T cut those jobs. It was a big deal when T-Mobile came here--it's not like there are tons of other jobs opening up.
I never watched BSG or C but from what i gather, they tried turning it into a soap and doing it on the cheap. Boys like special fx and girls like character development. The former is easy to do but expensive for what you get. The latter is cheap but harder to do in the long run. In the end, budget usually wins.
Your message is ambiguous--when you say "doing it on the cheap" are you talking about BSG, or Caprica, or both?
I never did get to watch Caprica. I've dissed cable and sat tv for awhile now. BSG, on the other hand, I watched. I would say that, regardless of how much they paid their actors, the audience saw performance above and beyond that of the typical science fiction show of late. It's interesting that some of them often lived as day actors in Vancouver, grabbing parts here and there as they could. But the performances they gave! How about the job Tricia Helfer did (hmm, I might be biased). She rocked. No, the casting for BSG was terrific.
So on to the topic of girls: never in my life have I known of a sci-fi show that lots of girls ended up liking. You're stereotyping big-time, too. Why should my maleness preclude me from wanting "character development"? Bah, rubbish man, rubbish. I even got my sister-in-law to like BSG, which she watched until the end, as did other women I know, including a romantic interest. Star Trek never had the same effect in my world :-)
Bah, add in Babylon 5, Quantum Leap, Lost In Space (cheezy-camp, but still an appropriate choice), and a few other classics, so it's not THAT repetitive.
I just happened to peruse nbc.com the other day and noticed that they have a lot of Quantum Leap episodes available for viewing. I was amazed, really--I hadn't visited a mainstream network's web site in some time. In the end, I watched some episodes of the original BSG! Hah! Born in 1972, I'm old enough to recall seeing them back when they aired. Luckily, my mom has always been a sci-fi fan. Just hearing the music tickles long-lasting pathways in my brain.
Ah, Halo, I love emacs, but never bothered to master its web browsing functions. No, for me it was lynx, and emacs was relegated to text and code editing functions. And you didn't have to be too late back in the day to end up with a uid greater than 3 digits. I signed up in 2000/2001 (can't recall precicely) and ended up with a six-digit uid :-) btw, once in awhile I still load up lynx for simple stuff, but less and less often as the weeks go by. Hmm, I'm posting this more than 12 hours after you did, so you may be the only one to see it if you manage to look!
Later,
There are other mirrors up there. why actually search for this one ?
FTFA: Now the team can eventually pin down the changing shape of the lunar orbit to the millimeter to help test Einstein’s theory of general relativity.
There might be other reflective things on the moon, but I assume that this one is somehow special. I at least *hope* that the people searching for it know what they are doing :p
There are certainly other reflectors out there on the moon, that could and have been used for measuring the moon's distance--and for some time now. I can't imagine what could be special about this one, except for the quality, perhaps? Nah. What if it's not kosher for others to shoot lasers at the reflectors that other scientists use? The article ends there and is skimpy on details.
FTFY.
Probably my first off-topic post after years reading slashdot, but I must say that FTFY stuff is getting a bit tiring. It doesn't sit well with me to quote somebody's words and alter them. Better to quote honestly and explain how you think your opinion differs, which it would seem you don't disagree anyway. FTFY seems very arrogant to me--there was really nothing to fix in his post because what he said was actually true in his experience, and most reasonable people would agree with him. There's probably not one post ever submitted that couldn't be "fixed" by someone in some fashion, and then what kind of forum would it be? Just a bunch of FTFY's, over and over and over... blah! Am I being picky? hmmm
If decisions needed to be well-reasoned, virtually no politicians, journalists, CEOs or financial executives would be permitted within a mile of their workplace, advertising in its current form would be outlawed, and the Sci Fi channel would be showing Doctor Who.
And it would still be spelled "Sci Fi". Marketing drones... the hosers.
Frost bank recently sent me an update of their overdraft policies:
"We will charge you a fee of up to $30 each time we pay an overdraft.
There is no limit on the total fees we can charge you for overdrawing your account."
the bold $30 was as they printed it and the phrase "no limit" was underlined by them.
luckily i don't play Warhammer, but i wonder if this notice was related...
My friend, the management of Frost Bank sounds like a cold-hearted bunch. Luckily for them, they'll be able to take your hard-earned fees and distribute them to their various boat payments. The warmth of the Caribbean will no doubt make up for months of freezing in Manhattan--or wherever you and Frost Bank live in the world :-)
I remember having to install Trumpet or WinSocket or whatever the name was, just to add TCP/IP to Windows 3.11 so I could browse websites.
Close! Strange how memory works. Put those two together and you get "Trumpet Winsock". You just tickled a few memories: I remember I was really happy to buy Win95 so I wouldn't have to deal with Trumpet Winsock anymore. Well, and let's face it, it was an improvement to 3.11, but really I think my packard hell computer ran the older much faster than the new, but networking was easier. Thanks to the internet I found slackware linux some few months later. No more winsock.dll... :)
As for the story topic, later I found out how much a racket network solutions was with their outrageous domain registration fees, and heard about this guy Aveek Datta and ml.org, which we would provide free domain names under ml.org for anybody. Thousands and thousands signed up--clearly average people didn't want to pay $100+ for a .com name. I helped run that for awhile, and it was a worthy cause in my book. It was hard to like network solutions. I couldn't have helped if I hadn't spent hours fixing my screwups in slackware, on a side note :)
I'll not write as causticly as the AC who also replied, but I'll agree in principal.
One thing that is obvious and well-known is that it doesn't matter that you don't visit "shady" web sites to end up being subject to potential malware infection. Ad companies are letting nasty ads get through whatever controls they have in place. Serious vetting and the talent to implement it costs money, no doubt. I just found this, http://news.cnet.com/8301-27080_3-20000353-245.html
My 7 year old nephew's computer was chronically infested and he played games loaded via IE online. These free games sites have lots of ads. No windows virus scanner I tried could get rid of them. Had to use the Trinity Rescue Kit and ALL of its virus scanners to eliminate the infections on one occasion. I don't trust virus scans in windows much anymore. Oh, btw, they were letting him use an account with admin privs. I'm a years-long linux guy, and it's seriously tiring dealing with this, but I'll hazard a guess that you and others of us here are first responders for family and friends' computer issues, so won't get any sympathy :-)
Anyway, I think common sense applies. You're an experienced computer user, but why not be better safe than sorry? Your computer, your rules, certainly, but why take the chance? You have to make it as hard for the bad guys as possible, zero-day exploits and general windows vulnerabilities as common as they seem to be. I wonder if patch Tuesday will some day start a religion?
Maybe in the year 1995. I'm pretty sure they can handle having a list of ISP's mail servers and use them now. Sending from a consumer line would be quite useless anyway because 99% of email services would directly block such emails.
It may be nearly useless. That doesn't mean that botnets aren't sending email direct-to-MX. These hosts have connected to our incoming MX's in just the last couple of minutes, and I'd say it's a small sample :) But, nearly all of these connections get pretty high scores from spamassassin, and users generally don't see the resulting spam.
129-219-159-242.nat.asu.edu
s0106001d60d07529.lb.shawcable.net
79.103.93.54.dsl.dyn.forthnet.gr
adsl-074-251-208-007.sip.tys.bellsouth.net
87-205-77-134.adsl.inetia.pl
77-56-149-16.dclient.hispeed.ch
cpe-065-190-194-031.nc.res.rr.com
cablelink-173-211-215.cpe.intercable.net
host-89-231-69-81.plock.mm.pl
I'm sure he's not the only Sci-Fi author to have put these ideas into fiction. I had a great time reading his Neutronium Alchemist novels and others and seeing his description of how mind/computer interfaces could function.
I think it's a lot more realistic than Star Trek (gasp :) to imagine that future spacers will be sitting on an acceleration couch with their eyes closed--and seeing space around them as if they were outside, than to be sitting at a console with hundreds of controls, relying on the speed of electrons traveling through meat. And I loved their ability to superimpose heads-up displays onto their vision. I suppose I'm getting beyond the scope of this story...
-Aaron
Is there a way (on a ASA/PIX specifically) to block the outbound connections made by this worm so that you can contain the traffic to the local network and also log the hosts that are infected?
I can't say specifically how you go about firewall rules and that particular equipment, but we have an inbound ACL on our gateway cisco router that blocks incoming TCP connections on port 445, which this worm uses to try and talk to vulnerable windows boxes, AFAIK.
On our 7505 that handles our customer's DSL connections, we have an outbound rule that blocks 445. It only has 53 matches after months without a counter reset.
The ACL on our border router shows tremendous amounts of matched packets. I can't recall exactly how long ago these counters were reset, I believe around a month to a month and a half:
deny tcp any any eq 445 syn (11118380 matches)
permit ip any any (358140948 matches)
That's about 3% of incoming packets. Non-scientfic, sure, but it's certainly more than a little blip on the radar. Bastards.
In the time it took to preview and edit my post, the count went up to 11118552. That took about a minute.
especially when they are anonymous(or at least obfuscated) and in many cases, overseas and therefore beyond prosecution under this law
After tiring of the increasing load on our incoming mail servers running spamassassin, I undertook to spend a couple of days finding as many netblocks that ONLY have spam coming from them.
It's shocking really, that I ended up spending more than two days since there were so many spread out all over the place at various colo companies. And I'm sorry to say that what I found is that nearly all of the snowshoe spammers I found were riddled around in colos here in the US. There are a bunch of ISPs out there that seem to be making a bunch of money from snowshoe spammers, so much so that they don't mind allocating half of a damned /19 for the spammers to use and populate with randomly generated domain names. And, of course, just to make it easier for us poor and broke sysadmins, these colos don't just put them all into nice contiguous blocks of IP addresses. I've about given up complaining to the likes of GalaxyVisions, Pacific Internet Exchange, AboveNet (yes, Abovenet is these days hosting lots of snowshoe spammers--sad). The list goes on and on.
I'm up to ~375 netblocks we no longer accept SMTP connections from. The load average on our three MXs is usually about half what it used to be now.
Maybe I'm just getting old, but a 486 doesn't seem all that big a deal to me. I mean it's not as if it's a completely different architecture to that in use today.
I think we used a 486-class processor.. a Cyrix processor if I remember correctly, in our mail server here until 2002. So I agree with you.
Back in 1993, I think, I replaced my 486SX 33Mhz with a 486DX 66Mhz, and I remember paying $600 for the thing!
Nagios is great but even version 3 is by no means easy to configure. Like all too many F/OSS projects, the documentation is lacking or even incorrect in spots, and supplied examples barely scratch the surface of what the application can do.
Hmmm, I have to say I was pleasantly surprised by the documentation. We had Argus running here for monitoring for awhile and I finally got tired of its very obscure docs and its bugs. Nagios has been an entirely different experience.
And the Nagios mailing list is very well-read, it seems to me.
I've been running it and it's great - I have it monitoring a bunch of servers (email, hosting, backup, file, etc.) with custom scripts and it works great -- once it's configured.
Yes, I will admit it took a bit of time to get the hang of it. But I also remember it took a bit of time when I first tackled BIND and apache way back when! And I agree, we all sleep better at night with Nagios around (except when I hear a whoop-whoop :)
You sir, have no idea how right you are about Nagios... It spams, a lot. And depends on how well you know what you are doing, it will spam you from couple mail per hour to literally e-mail bomb you so you can't even open your e-mail client.
I'm thinking that you may be one of those that need the book. :-) The amount and frequency of alert emails is easily configurable. And I think you need a new mail client! How about trying mutt? :)
The "notification_interval" can be set to 0 so that nagios will only send one alert, period. Now, if you have a bunch of services/hosts down you will get a lot of messages unless you've taken steps to mitigate that. But isn't that better than *not* knowing your network has run home to momma?
We've been using Nagios now for months and it may be the least buggy code running on any of our machines. Rock-solid, I tell you.
regards,
Unless you're performing a DoS isn't IP spoofing very counterproductive since you cant get a response?
Usually, yes. But some things can be accomplished, like the Windows Messaging spamming coming into UDP ports 1026-1028, nearly every second of every day it's coming into our network, trying to pop-up messages onto Windows users' computers. The messages tell them their computers are infected and they need to go and download something to fix it. Well, you can guess what will happen if they do :) Oh, they are being sent with spoofed addresses appearing to come from Shaw Cable.
From our cisco's access-list counters, which was just reset yesterday:
deny udp any any range 1026 1028 (8692 matches)
We've a reflexive access list that will allow UDP incoming on those ports if originated inside the network.
Lots of traffic comes from the reserved IP blocks, too. As well as spoofed local IP addresses. All sorts of nastiness.
deny ip 10.0.0.0 0.255.255.255 any (4232 matches)
deny ip 172.16.0.0 0.15.255.255 any (603 matches)
deny ip 192.168.0.0 0.0.255.255 any (1540 matches)
-Aaron
The SW US experiences a monsoon season during the late summer and early fall, and the humidity can certainly shoot up. Having been there during those periods, I can attest to the powerful thunderstorms, as well.
The monsoon mostly affects northern Mexico, but can and does often spill over to Arizona and New Mexico. And, the article states:
During the 10-month test, Intel found that the machines cooled by outside air experienced humidity variations from four percent to more than 90 percent, and that it changed rapidly at times. Moreover, "the servers and the interior of the compartment became covered in a layer of dust."
Unfortunately, there is some MTA software that can't do the right thing without non-standard add-ons (qmail, I'm looking at you).
That's a patch, I think you're talking about. And applying a patch is quite easy. I won't get into applying multiple patches :)
A couple months back a customer was hit by blowback, about 1000 a day for a few days, and I've saved all of them. I see that there are bounces from every MTA I've ever heard of--a LOT of postfix servers, exim, SMTPD32 (bah), etc.
I mean, is there a point to bashing qmail so? We switched to qmail back in the '90's because it seemed bugtraq was always hollering about sendmail security holes. Bernstein's decision to allow the smtpd process as few privileges as possible was a design decision I happened to agree with very much at the time. Not only that, but it became impossible for spammers to verify that any address was real unless they wanted to use a valid and potentially traceable return path. Well, in retrospect, I suppose spammers dont have to give a shit as much now, since they have botnets at their control. They have changed everything.
That being said, we did patch our incoming MX's to reject messages outright, since we were getting so much damn spam we had to split incoming servers across multiple machines, and rejecting invalid addresses on those seemed a good thing to do.
-Aaron
Uhm, oh I don't know... maybe the part about him being corrupt?
Is this a trick question?
Sorry, but the rest of your comments did not lead me to believe you were sad he risks being convicted due to corruption, but rather you were sad Alaska would lose a powerful Senator. Really, you've complained about others' reading comprehension, but when I re-read your comments it looks to me like you didn't exactly explain yourself very well. It would seem most responders are thinking the same.
But your comments about "extreme liberals" shows a bend towards extremism yourself. You don't really give a shit who's in office as long as they are for 100% resource exploitation. Would you care to see beautiful Alaska after a hundred years of that? There must be some checks, somewhere, regardless of which "party" you belong.
And, personally, I'm damned sick and tired of Limbaugh-lemmings! Not everybody who is concerned about the environment and how we take care of the planet for our ancestors is a crazy person. I've worked on environmental cleanup jobs--the result of mining gone amok. You'd be one of those, concerned only for his immediate profit? Sure, mine all the gold and oil without care of concern for shit except how big a house and car you can obtain? Please
-Aaron
There is a great fear that nobody else (the up-and-comer Mark Begich for example) will be able to pull the kind of strings in Washington that Stevens was able to pull -- at least not for decades.
Ah well there's the catch. So, Alaskans don't care if they elect dumb, corrupt politicians just so long as they bring in the pork for the state? I've often wondered about the electees from Alaska. Murkowski... now there's another story. He resigns to become governor and then appoints his daughter in his place?
What about the common good of the country as a whole? Your senator does not merely pass laws that affect only Alaska, but all the other 300 million of us. And powerful, corrupt politicians like yours have been coming up with dumbass laws that affect all the US for decades. For just one fun example, how about the Unsolicited Commercial Electronic Mail Choice Act.
Our state certainly needs to rid itself of corruption. If Stevens is convicted it will be a sad day.
I'm a bit dumbfounded by this. What on earth could be sad about kicking out a senator that has been proven corrupt? Oh.. yeah, he's powerful and brings money and investment, not to mention I'm sure great parties with the oil execs at the Chalet.
I know what it's like to lose a powerful government rep. Tom Foley was speaker of the house until he was the first speaker to be unseated in ages (or maybe forever, I forget). His opponent, Nethercutt, a replublican, chided Foley for being in office so long--how does one get to be speaker otherwise?--and promised to serve only two terms. Haha. Well, that promise went out the window. Anyway, eastern Washington survived gaining a lying newbie representative, I'm sure Alaska will get over this fiasco.
-Aaron
Look, I agree with you to a point, at least regarding the large nationwide providers. However, there are still quite a number of smaller, local-only ISPs that are likely worth checking into. Anybody here in Bend, OR can has at least a few choices (75,000 pop).
Our situation here in Qwest land is that we really can't compete with their DSL Internet prices. Plus they are putting fiber down in the area that they say won't interface to the ATM network our customers use currently--they can only get DSL with MSN Internet. Bah!
However, we are still alive because there are a *few* discriminating indivuals out there: those who have dealt with Qwest and have nightmares and those that like to have a human answer the phone who is somewhere in the area. All our servers/routers are Linux or Cisco, and we read bugtraq, but didn't actually have to fret over this DNS issue, since we use djbdns and have for years now.
YMMV
Aaron
I worked in the photo labs at Johnson Space Center (Nasa Houston) back in 1972 and was told that when Apollo 11 returned, Nasa had the Lunar Receiving Laboratory set up like a Fort Dietrich style germ warfare lab.
I've heard the same. Found this written by a Judy Allton from Lockheed regarding the return of moon rocks:
In 1965 a committee of the Space Science Board reviewed the need for a lunar sample receiving laboratory and recommended a laboratory of restricted scope. This committee also raised the question of quarantine for lunar samples until they proved to be biologically harmless.
"But as plans for managing the samples developed, NASA came under pressure from space biologists and the U.S. Public Health Service to protect earth against the introduction of alien microorganisms that might exist in lunar soil. What would have been a small laboratory designed to protect lunar samples against contamination grew into an elaborate, expensive quarantine facility that greatly complicated operations on the early lunar landing missions." (Compton, 1989).
It seems like paranoia, but despite the expense and pain it's a healthy one, in my opinion. There may come a time when such restraint really does save our asses. Being in my late 30's I wonder if it will be in my lifetime, however :-) Rest of it at:
http://curator.jsc.nasa.gov/lunar/lnews/lnjul94/hist25.htm
-Aaron