I just called my local Clear Channel station, B93.1, and they said they know about the ban, but they aren't affected by it (yet). The DJ said they've even got two of the banned songs I rattled off, "Bad Day" and "Ironic," coming up in the playlist already.
If you're going to spend that kind of money, might as well go with Cisco which actually lists for $595 (if you don't need to use the box for VPN, even though it comes with DES for free). Same cost as the 3Com for a PIX 501 w/3DES, $695.
Plus, Cisco's TAC is the top of the line tech support in the world. When is the last time you heard someone rave about 3Com? 3Com's tech support is a nightmare.
</technical holy-war>
Hmm, I seemed to have ranted and raved a bit. Well, I had 3 customers yesterday all have unexplained problems with their 3Com OfficeConnect ISDN routers. Power-cycling didn't fix it, but after a few hours, before PacBell could check the ISDN lines, they all just started working again. One of the customers couldn't recall his password. Guess how easy 3Com's site is to navigate for technical support? Might as well search on Google than use their own internal search engine.
Being a Cisco guy myself, I'd have to say if money isn't an issue, and security is the main idea, go with Cisco's PIX Firewall. It's actually not that bad if you compare it to their higher end gear (small office 506 is $2K, 515R is at least $3K, and it goes up real fast from there). Plus, you can run IPSEC and connect to anything else running the same (or even PPTP/L2TP). The thing I like is that all of the PIX line runs the same code, so anything you can do on a big ISP-size 535 you can do on 501. Plus, the new 6.0(1) code adds the ability to load the new PDM code (PIX Device Manager) which is a Java-based SSL web interface to allow easier programming in an interface very simular to Checkpoint's Firewall-1, etc.
Any Cisco security engineer-wannabees should really consider this option, since it's a cheap way to practice with the exact same interface as the high-end gear.
"Performance
The Cisco PIX 501 Firewall provides competitive performance in a compact form-factor:
* 10 Mbps cleartext firewall throughput
* 6 Mbps DES VPN throughput
* 3 Mbps 3DES VPN throughput
* Supports 3,500 concurrent connections
* Supports up to 5 VPN/IKE peers concurrently
Oh, and compared to some of the "Cable/DSL" routers out there like Linksys, this is a huge step up. You can do NAT/PNAT from multiple external pools to specific internal ranges, or even port redirection so that multiple global addresses forwards different ports to multiple internal servers, or one-to-one static NATing if you require, or even "NAT 0" (internal and external addresses are the same) but still firewalled. Built-in DHCP, basically everything and anything you could want or expect from a firewall middle-box is here.
The only thing even remotely close to grey that they did was the one time they guessed the subnet to try and connect. That was the only "questionable" activity.
The rest is the equivalent to using a scanner to look for police/emergency/ham radio conversations. All they did was look for traffic and see if the networks were talking plain text and/or advertising SSID and/or requiring WEP.
I'd assume you mean SMTP that is going to be coming from LAN-based servers and out the router to the internet. Unless a user is using SMTP (and not tunneling in first), the access point isn't going to send any of that traffic via 802.11b, so nothing to sniff. Unless the traffic is to/from a wireless card (or between two bridges), it's not going to be transmitted. The access point is a bridge, and sniffing on one side of a bridge with all the nodes on the LAN side is nearly pointless (you get to new learn mac and ip addresses from broadcasts, but that's it).
Not your site, but another insecure site, but from your ip space. I think the worst thing aspects would be someone spamming via your access point. Then your netblock gets blacklisted and/or your ISP gets mad.
If you want to run a "free" access point, you still need to be responsible. Put the access point in your dmz and have your outside router filter SMTP (tcp/25) outbound except from your legitimate internal SMTP servers. Your normal users should be using a VPN/tunnel to the inside of your network for email anyway.
That's the biggest service I can think of you'd want to stop some jerk from messing with. Can anyone else think of other services beyond just stuff that would hog the bandwidth (which could be anything)?
My bet is that it will result in the same sort of thing that happened to 3Com with the USR, CoreBuilder, and other companies they bought and then had to split off to preserve their core units.
My guess is that it will split things into two or three groups: High-end server and workstations, medium and/or low-end desktop/laptop PCs.
That, or they'll turn into a huge behemoth, which seems unlikely to happen, but always possible.
Call me crazy, but when I do buy my Tivo (after I break down and get cable), I'll just get the product lifetime subscription version. Two years of service and you break even vs. the monthly payment, and I'm guessing I'd keep it twice as long.
WAP11 - Wireless AP - $195.95 (180.95 after rebate)
BEFW11S4 - Router + 4-port switch + Wireless AP - $224.95 ($199 after rebate)
I don't know why someone would by the WAP-only model since it's only $20 more (after rebate) for the version with a Router+4-port switch. If you had the BEFSR41, just sell it to a buddy for $50, buy the BEFW11S4 for $199 (after rebate), and you end up saving $30 (plus your friend gets a good deal on the BEFSR41... Unless you've got some special router already and don't want to sell it).
I'm no expert on radio/wireless technology. However, I can tell you about my setup at home:
One Cisco Aironet 350, sitting on top of my 6ft 4 port rack. I can't see it from my laptop, but it still works. I can go into another room (with 2 cinder block walls between) and it works fine. I can go out into the yard, it works fine. I can sit in my car and drive 4 houses down and it still works (so, 3-4 cinderblock walls, a wood fence, and my car to pass through). Much past there and the link starts failing pretty fast, but then I'm getting outside of the distance specs anyway.
I do know that metal and certain thicknesses of materials affect it, direct line of sight isn't needed from the client to the access-point.
Now, perhaps this story is focusing specifically on long-range, and for that, I'm sure line of sight plays a much bigger role in affecting the signal, and I'm sure the type of antanae matters as well.
In addition to the comments other have made about not carrying a balance, I'll add:
Have you tried to do anything lately without a credit card? Order an airline ticket, buy something online, reserve a hotel room, rent a car.
Yes, there are ways around some of it, but it's a *major* hassle.
Re:Another soon to be victum of the music industry
on
Ethernet MP3 Player
·
· Score: 1
Why do people just assume that MP3 == illegally downloaded music? Granted, now most technical folks prefer Ogg for licensing reasons, but the masses could care less.
My point is, mp3 format doesn't mean a pirated version. My Wife and I ripped all our CDs about a year ago and put them in one of our storage sheds out back.
Worst case, if these new CDs that "break" mp3 encoding come out, you can always rip them in analog mode (sucks, true, but it would still work).
Business operations relying on xDSL connection?
on
Code Red Refunds?
·
· Score: 1
Anyone stupid enough to base their business on xDSL without some form of backup needs to just suck it up when access is down. xDSL is not meant for reliable connectivity (even most ISPs say so, I know PBI does). If you want that, pay the price and get a fractional or full T1. Hell, if you're doing hosting off of an xDSL line that is going to lose you money if it goes down, co-locate it. If you're just complaining because your internal users couldn't get outside access, have backup ISDN if nothing else.
US$5K worth of business lost? Get real. If it cost you that much money, spend some proactively to be prepared. What if your xDSL modem fried and you couldn't get a replacement ASAP?
I recall when I got my ADSL that it had statements stating that they wouldn't be held liable for any revenue lost, etc., from loss of service. Qwest has something simular:
Actual speeds you experience may vary due to line or weather conditions or other factors out of the control of Qwest
Code Red would fit "other factors out of the control of Qwest."
Regarding the keystroke-timing guessing, just use Nagle's algorithm. It holds on to keystrokes a set amount and sends them together (the algorithm is based on the average gaps between keystrokes). Then 2-3 keystrokes get grouped in the same packet, and I'd guess the keystroke-timing attack should be thwarted.
Cisco routers support it (service nagle), and I'd guess there is a way to have sshd, etc. support it as well. Of course, Cisco routers/PIX firewall only support sshv1, but it's better than plaintext, and inbound management sessions should be limited by IP addresses anyway.
I'll be going off on a tangent here, but it's relavent in regards to advertising in general. Here's what I want to see as a consumer and I think the increased benefits for both the consumer and advertiser make it worth the while.
I'd like a way to fill out a universal advertisement interest topic list. It would consist of thing such as the following:
Ads I don't ever want to see. My list would include the following:
Feminin protection products - It's not my decision, and when I go to buy more for my Wife, I bring a cut-out from the box with the label/level I need so I don't screw it up.
Birth control and/or pregnancy tests - I've had a vasectomy
Credit cards - I have too many (just use them for work/online/pay-it-off-in-a-month purchases), I don't need more. BTW: I love my Linuxfund Penguin card, which is my "work expenses" card. The Chase Toys 'R' Us card is great for 1% in gift certificates.
Car commercials - I've got a Caravan for the family and kids, and a nice little '91 Toyota Tercel to serve commute car when I have to go on site (I mostly work remote).
Golf - I hate golf. Although oddly enough I enjoyed the Legend of Beggar Vance, but I like good movie making.
Constipation / Depends / Hemeroids / Atheletes foot, etc. - I don't have any such problems.
Bail bond commercials - one local UPN channel which has Voyager and M*A*S*H on each night seems to have a ton of these
Items I want to see
Movie trailers / New video releases
Anything technical related, even if I hate the product/company (MS, SBC, etc.), I still want to know what's getting promoted and new
Home/garden stuff
Intelligent kid toys relavent to my children's ages (1 & 3), no pokemon-type crap
Books - Just about anything that doesn't have the subject on my "I don't want to see" list is welcome.
Travel - I love seeing tourist commercials
All the items that I don't put on my "Don't want to see" or "Would like to see" lists are fair game (but I want an easy way to know what they fall under to block them)
Ok, so that's my list . I'm sure we all would have our own, and they'd change from time to time. In addition to this sort of thing, I wouldn't mind having the sites I visit / shows I watch known. Of course, you'd better have a clue as to what that means. I may visit a site and see it's crap and close it, and if anything, that should count as a *negative* viewing, not a "hit". Same with TV. I'd love it if real 99% accurate ratings were known.
My point with this isn't that I want ads. However, at this point, they appear to be a necessary evil for both TV and websites. If I have to see them, I'd prefer seeing things that interest me. I wouldn't even mind having my interest/info shared with my mailing address (although, without my name), as that costs the advertiser money and I usually sort through it on my way driving so it's lost time anyway.
Regarding 4 layers, they're in reference to the DoD model, for which TCP/IP was first defined, pre-OSI. Of course, you're right that they they used the wrong names for the layers (using the OSI layer names), whereas the correct DOD names are Process (OSI 5-7), Host-to-Host (OSI Transport layer 4), Internet (OSI Network layer 3), and Network (OSI 1-2).
The only reason I can recall this so well is having to teach Network+ classes.
Slashdot should add a checkbox for "Yes, I've read the article linked to" that adds +1 to your score, and -1 if you check "No." Of course, since it's just on the poster's honesty it's virtually worthless.
We've a PC just for video capture from cable or VCR and output back to our SVIDEO TV or VCR. Of course, it's holed up in another room on top of my rack and we access it with VNC to control video playback (the house has CAT5 drops everywhere and 802.11 wireless). We also use the box for mp3 output to our stereos, including an ourdoor set of speakers. We've even got a serial hookup out by the BBQ so I can bring out an old dumb terminal and folks can search and add songs to the queue. Next thing is to add an old PC out there to rip songs from CDs so folks can add music they've brought with them.
I'll admit, at the moment I'm the only one I know to have gone this far, but I've got a number of co-workers that have done either the video capture thing or the mp3 output to stereo. Yes, we're "geeks," but as soon as it's put together in an easy to install and use packages, folks will buy it, if it's marketed right.
What's the most likely thing to fail in an older computer? Probably the power supply or CPU fan, with the cause being dust build-up. If the fans are maintained and not clogged with dust, what's next in line? I'd have to say it's the hard drive.
20GB drives direct from the manufacturer for $109. I'm thinking someone could pick up 8GB drives for at least half that, and fix the "useless" computers without hard drives. Or just use NIC boot ROMs and have diskless workstations. Far from worthless without a harddrive.
Dvorak for Right-Handed would probably be better, and it's included with Win32 products. No need to go buy a product when you've got it bundled already;-)
Avi Freeman has some decent stuff on BGP for free: http://www.netaxs.com/~freedman/bgp.html. If you really want to get down and dirty, get Halibi's Internet Routing Architectures, the BGP Bible.
Slashdot Mirror
I just called my local Clear Channel station, B93.1, and they said they know about the ban, but they aren't affected by it (yet). The DJ said they've even got two of the banned songs I rattled off, "Bad Day" and "Ironic," coming up in the playlist already.
If you're going to spend that kind of money, might as well go with Cisco which actually lists for $595 (if you don't need to use the box for VPN, even though it comes with DES for free). Same cost as the 3Com for a PIX 501 w/3DES, $695.
Plus, Cisco's TAC is the top of the line tech support in the world. When is the last time you heard someone rave about 3Com? 3Com's tech support is a nightmare.
My comments elsewhere.
</technical holy-war>
Hmm, I seemed to have ranted and raved a bit. Well, I had 3 customers yesterday all have unexplained problems with their 3Com OfficeConnect ISDN routers. Power-cycling didn't fix it, but after a few hours, before PacBell could check the ISDN lines, they all just started working again. One of the customers couldn't recall his password. Guess how easy 3Com's site is to navigate for technical support? Might as well search on Google than use their own internal search engine.
Being a Cisco guy myself, I'd have to say if money isn't an issue, and security is the main idea, go with Cisco's PIX Firewall. It's actually not that bad if you compare it to their higher end gear (small office 506 is $2K, 515R is at least $3K, and it goes up real fast from there). Plus, you can run IPSEC and connect to anything else running the same (or even PPTP/L2TP). The thing I like is that all of the PIX line runs the same code, so anything you can do on a big ISP-size 535 you can do on 501. Plus, the new 6.0(1) code adds the ability to load the new PDM code (PIX Device Manager) which is a Java-based SSL web interface to allow easier programming in an interface very simular to Checkpoint's Firewall-1, etc.
Any Cisco security engineer-wannabees should really consider this option, since it's a cheap way to practice with the exact same interface as the high-end gear.
"Performance
The Cisco PIX 501 Firewall provides competitive performance in a compact form-factor:
* 10 Mbps cleartext firewall throughput
* 6 Mbps DES VPN throughput
* 3 Mbps 3DES VPN throughput
* Supports 3,500 concurrent connections
* Supports up to 5 VPN/IKE peers concurrently
PIX 501 10 User/DES Bundle, PIX-501-BUN-K8, $595
PIX 501 10 User/3DES Bundle, PIX-501-BUN-K9, $695
"
Oh, and compared to some of the "Cable/DSL" routers out there like Linksys, this is a huge step up. You can do NAT/PNAT from multiple external pools to specific internal ranges, or even port redirection so that multiple global addresses forwards different ports to multiple internal servers, or one-to-one static NATing if you require, or even "NAT 0" (internal and external addresses are the same) but still firewalled. Built-in DHCP, basically everything and anything you could want or expect from a firewall middle-box is here.
http://cisco.com/go/pix
The only thing even remotely close to grey that they did was the one time they guessed the subnet to try and connect. That was the only "questionable" activity.
The rest is the equivalent to using a scanner to look for police/emergency/ham radio conversations. All they did was look for traffic and see if the networks were talking plain text and/or advertising SSID and/or requiring WEP.
I'd assume you mean SMTP that is going to be coming from LAN-based servers and out the router to the internet. Unless a user is using SMTP (and not tunneling in first), the access point isn't going to send any of that traffic via 802.11b, so nothing to sniff. Unless the traffic is to/from a wireless card (or between two bridges), it's not going to be transmitted. The access point is a bridge, and sniffing on one side of a bridge with all the nodes on the LAN side is nearly pointless (you get to new learn mac and ip addresses from broadcasts, but that's it).
Not your site, but another insecure site, but from your ip space. I think the worst thing aspects would be someone spamming via your access point. Then your netblock gets blacklisted and/or your ISP gets mad.
If you want to run a "free" access point, you still need to be responsible. Put the access point in your dmz and have your outside router filter SMTP (tcp/25) outbound except from your legitimate internal SMTP servers. Your normal users should be using a VPN/tunnel to the inside of your network for email anyway.
That's the biggest service I can think of you'd want to stop some jerk from messing with. Can anyone else think of other services beyond just stuff that would hog the bandwidth (which could be anything)?
My bet is that it will result in the same sort of thing that happened to 3Com with the USR, CoreBuilder, and other companies they bought and then had to split off to preserve their core units.
My guess is that it will split things into two or three groups: High-end server and workstations, medium and/or low-end desktop/laptop PCs.
That, or they'll turn into a huge behemoth, which seems unlikely to happen, but always possible.
Buy Tivo
Monthly$9.95
Product lifetime**$249.00
Call me crazy, but when I do buy my Tivo (after I break down and get cable), I'll just get the product lifetime subscription version. Two years of service and you break even vs. the monthly payment, and I'm guessing I'd keep it twice as long.
BEFSR41 - Router + 4-port switch - $99.95 ($84.95 after rebate)
WAP11 - Wireless AP - $195.95 (180.95 after rebate)
BEFW11S4 - Router + 4-port switch + Wireless AP - $224.95 ($199 after rebate)
I don't know why someone would by the WAP-only model since it's only $20 more (after rebate) for the version with a Router+4-port switch. If you had the BEFSR41, just sell it to a buddy for $50, buy the BEFW11S4 for $199 (after rebate), and you end up saving $30 (plus your friend gets a good deal on the BEFSR41... Unless you've got some special router already and don't want to sell it).
I'm no expert on radio/wireless technology. However, I can tell you about my setup at home:
One Cisco Aironet 350, sitting on top of my 6ft 4 port rack. I can't see it from my laptop, but it still works. I can go into another room (with 2 cinder block walls between) and it works fine. I can go out into the yard, it works fine. I can sit in my car and drive 4 houses down and it still works (so, 3-4 cinderblock walls, a wood fence, and my car to pass through). Much past there and the link starts failing pretty fast, but then I'm getting outside of the distance specs anyway.
I do know that metal and certain thicknesses of materials affect it, direct line of sight isn't needed from the client to the access-point.
Now, perhaps this story is focusing specifically on long-range, and for that, I'm sure line of sight plays a much bigger role in affecting the signal, and I'm sure the type of antanae matters as well.
In addition to the comments other have made about not carrying a balance, I'll add:
Have you tried to do anything lately without a credit card? Order an airline ticket, buy something online, reserve a hotel room, rent a car.
Yes, there are ways around some of it, but it's a *major* hassle.
Why do people just assume that MP3 == illegally downloaded music? Granted, now most technical folks prefer Ogg for licensing reasons, but the masses could care less.
My point is, mp3 format doesn't mean a pirated version. My Wife and I ripped all our CDs about a year ago and put them in one of our storage sheds out back.
Worst case, if these new CDs that "break" mp3 encoding come out, you can always rip them in analog mode (sucks, true, but it would still work).
Anyone stupid enough to base their business on xDSL without some form of backup needs to just suck it up when access is down. xDSL is not meant for reliable connectivity (even most ISPs say so, I know PBI does). If you want that, pay the price and get a fractional or full T1. Hell, if you're doing hosting off of an xDSL line that is going to lose you money if it goes down, co-locate it. If you're just complaining because your internal users couldn't get outside access, have backup ISDN if nothing else.
US$5K worth of business lost? Get real. If it cost you that much money, spend some proactively to be prepared. What if your xDSL modem fried and you couldn't get a replacement ASAP? I recall when I got my ADSL that it had statements stating that they wouldn't be held liable for any revenue lost, etc., from loss of service. Qwest has something simular:
Actual speeds you experience may vary due to line or weather conditions or other factors out of the control of Qwest
Code Red would fit "other factors out of the control of Qwest."
Regarding the keystroke-timing guessing, just use Nagle's algorithm. It holds on to keystrokes a set amount and sends them together (the algorithm is based on the average gaps between keystrokes). Then 2-3 keystrokes get grouped in the same packet, and I'd guess the keystroke-timing attack should be thwarted.
Cisco routers support it (service nagle), and I'd guess there is a way to have sshd, etc. support it as well. Of course, Cisco routers/PIX firewall only support sshv1, but it's better than plaintext, and inbound management sessions should be limited by IP addresses anyway.
I'll be going off on a tangent here, but it's relavent in regards to advertising in general. Here's what I want to see as a consumer and I think the increased benefits for both the consumer and advertiser make it worth the while.
I'd like a way to fill out a universal advertisement interest topic list. It would consist of thing such as the following:
Ok, so that's my list . I'm sure we all would have our own, and they'd change from time to time. In addition to this sort of thing, I wouldn't mind having the sites I visit / shows I watch known. Of course, you'd better have a clue as to what that means. I may visit a site and see it's crap and close it, and if anything, that should count as a *negative* viewing, not a "hit". Same with TV. I'd love it if real 99% accurate ratings were known.
My point with this isn't that I want ads. However, at this point, they appear to be a necessary evil for both TV and websites. If I have to see them, I'd prefer seeing things that interest me. I wouldn't even mind having my interest/info shared with my mailing address (although, without my name), as that costs the advertiser money and I usually sort through it on my way driving so it's lost time anyway.
CodeRedII uses default.ida?XXXXX so one should use:
grep 'default.ida?' access_log | mail -s 'APACHE' redalert@dshield.org
No doubt just some test box someone fired up, but hard to believe that Microsoft wouldn't apply their own security patches to their own boxes:
[Sat Aug 4 18:48:37 2001] [error] [client 207.46.117.98] File does not exist: /home/httpd/html/default.ida
$ whois 207.46.117.98@whois.arin.net
[whois.arin.net]
Microsoft (NETBLK-MICROSOFT-GLOBAL-NET)
One Redmond Way
Redmond, WA 98052
US
Netname: MICROSOFT-GLOBAL-NET
Netblock: 207.46.0.0 - 207.46.255.255
Regarding 4 layers, they're in reference to the DoD model, for which TCP/IP was first defined, pre-OSI. Of course, you're right that they they used the wrong names for the layers (using the OSI layer names), whereas the correct DOD names are Process (OSI 5-7), Host-to-Host (OSI Transport layer 4), Internet (OSI Network layer 3), and Network (OSI 1-2).
The only reason I can recall this so well is having to teach Network+ classes.
http://packetderm.cotse.com/CIE/Topics/16.htm
Slashdot should add a checkbox for "Yes, I've read the article linked to" that adds +1 to your score, and -1 if you check "No." Of course, since it's just on the poster's honesty it's virtually worthless.
http://jason.artoo.net/2001-06-04/Rack_3_sm.png
I'll admit, at the moment I'm the only one I know to have gone this far, but I've got a number of co-workers that have done either the video capture thing or the mp3 output to stereo. Yes, we're "geeks," but as soon as it's put together in an easy to install and use packages, folks will buy it, if it's marketed right.
What's the most likely thing to fail in an older computer? Probably the power supply or CPU fan, with the cause being dust build-up. If the fans are maintained and not clogged with dust, what's next in line? I'd have to say it's the hard drive.
20GB drives direct from the manufacturer for $109. I'm thinking someone could pick up 8GB drives for at least half that, and fix the "useless" computers without hard drives. Or just use NIC boot ROMs and have diskless workstations. Far from worthless without a harddrive.
http://www.maxtordirect.com/searchresults.asp?sear ch_id=6
Dvorak for Right-Handed would probably be better, and it's included with Win32 products. No need to go buy a product when you've got it bundled already ;-)
Uhm, especially since there is no CTRL or ALT keys.
Avi Freeman has some decent stuff on BGP for free: http://www.netaxs.com/~freedman/bgp.html. If you really want to get down and dirty, get Halibi's Internet Routing Architectures, the BGP Bible.
Read up at ICANN, who decide these things. Yes, trademarks hold sway with domain names.