This whole article smacks of some CISSP pouring over BGP looking glass router logs and having a sophomore Eureka moment. BGP MITM is not practically possible because of the return path problem: the last router that dumped you the traffic believes you are the legitimate endpoint for that traffic and therefore is not going to forward it to the ACTUAL target once you're done doing nefarious things to it. The article tries to explain this away with the following:
"The traffic was likely examined and then returned on a “clean path” to its destination—all of this happening in the blink of an eye."
If the 'clean path' of the internet thinks Mallory is Bob, Mallory's theoretical egress 'Clean Path' will make the same assumption. Perhaps Alice's first hop AS was compromised? If so this is an isolated vendor network problem, not an 'internet at large' problem. Maybe Mallory's 'clean path' is a point to point to Bob? If so Bob's an idiot for signing a peering agreement with a known Hooligan.
This was likely a misconfigured customer router connected to an irresponsible ISP that doesn't filter the routes it accepts, just like the Pakistan/Youtube Incident. The author either doesn't understand the technical impossibility of the attack they're dreaming about or does and is willing to lose credibility in exchange for ad traffic.
There's nothing new about anything being done here. Here's what they're ooh-ing and ahh-ing over:
- Hot Aisle / Cold Aisle - Environmental Monitoring (with Netbotz, how inventive) - At-a-glance rack power load - Hard & Soft Remote reboots (LOM, web-enabled PDUs) - Physical Access Control (card based(!), no biometrics) - Run-o-the-mill remote console and IPKVM - Good cable management - Paying people to move your crap for you
I thought this was gonna be like an iris-scanning, fully Direct Current, liquid cooled, flywheel-UPSed, heat reclaming technological wonderland. Instead it's just more 'throw money at the first google hit.'
> These things are perfect for someone who needs a small, lightweight laptop to administer a network rack
The dirty secret of network engineers is that laptops without serial ports are completely useless to us, unless we want to carry around a seperate (and usually large) usb-serial adapter that decreases battery life.
I was incensed when I heard that a 24 year old political appointee was altering Nasa publications on the big bang. I was incensed when global warming was dismissed as even a possible cause for climate change. But any researcher or rational thinker should be equally as incensed at this attempt to arbitrarily close off an avenue of inquiry - it's the same tactic, only in the opposite direction, and it stinks just as much.
Seeking to politically silence ANY side of a scientific issue is a slippery slope. The above-mentioned examples are probably repulsive to most slashdotters. De-certifying climatologists would simply be turnabout - and equally as invalid as when the tactic was employed by the existing anti-science administration. Should we seek to eliminate a theory completely because it's not our theory? No. If we want to be sure that we're moving forward with a solid theoretical foundation, each theory must be tested and discarded based on merit and evidence alone. While the circumstantial evidence for global warming is strong, there will be a time in the future when we can either prove or disprove it. Should the improbable happen and human-influenced global warming be disproved, do we want to be seen as the proverbial church that silenced Galileo?
In light of this information, it is obviously the duty of every red-blooded geek to fight back by stealing free porn from any hotel which uses this system.
I pay $30 for 500 mins, free N&W and unlimited EVDO (3G, faster than EDGE) from Sprint (SERO plan). Service has been great (Philly) - the only day I've ever had service problems, my significant other had turned off the phone function without telling me. I use a treo 700wx that cost me $150 after rebate. 312mhz Xscale processor, 128MB ram, 60MB nvram, up to 4GB of flash (expandable via SD), bluetooth, 1.3mp camera, etc. PDANET allows me to wirelessly tether to my laptop or home PC should my broadband go out.
Phone: $150 Service: $30 x 12 = $360 Taxes: $6 x 12 = $72 ------------------------ 1 year total = $582
So I have a whole year of ample minutes and superior data service with a pretty nice pocketPC phone (I won't kid myself - it's no iPhone) for $17 less than the cost of the 8GB iPhone itself BEFORE taxes or accessories.
Cingular's cheapest plan on their website is $40/mo. Add $20 for unlimited data to that (assuming they won't require a blackberry type service charge) and your first year of service with the iPhone just cost you a minimum of $792 after taxes. Want SMS? $852/yr with only 200 msgs/mo. 1 year total? almost $1500.
I was drooling during the presentation - I could even stomach the price tag, but not with a provider (Cingular) who charges like $60/month plus taxes for unlimited data. This is a DATA device. Yes it's a phone, but all of the live data eye-candy is worthless if it only works within 40 feet of your house or local WAP. The $500 or $600 is only the beginning, you're going to pay FAR out the ass over the life of this phone.
My previous job was in Network Operations at a University. Our Marine Science department had a large grant-funded sensor network running in a river somewhere in South Jersey that needed to talk to their machines on campus. They did this by getting a 56k leased line dropped out to the end of a long pier, to which they connected a cisco 2500 series router (state of the art at the time). It was housed in a box with just enough ventilation to keep it soaked in condensation, but not enough to allow for adequate cooling. Because of the heat it was on a permanent shutdown/reboot loop for most of spring, summer and early fall. They were lucky if they got more than a few hours of readings per day.
The DVC-1000 is an excellent choice - reliable, low bandwidth and cheap. He would still need some kind of conference bridge to pull them all together though.
This does not have to be expensive, and it does not have to eat up the entirety of your pipes. The hardest part is going to be the 'conference bridge' (MCU) that everyone will call (a pair of offices can be point-to-point, many-to-many requires a bridge).
Software: Ekiga on Ubuntu Protocol: SIP? H.323? Whichever you can find a cheap MCU for (H.323 OpenMCU sorta works, don't know about SIP) PC Hardware: Cheap ass, last generation PCs with TV-in cards AV hardware: Cheap ass, last generation DV cameras with integrated mics and (preferably) wide angle lenses. You'll also need a tripod ( 1/8" inch headphone jack converter.
Hardware config: wire up the DV cam (audio and video) to the TV-in and MIC jacks on the PC. Software config: Configure a user to auto-login, add an Ekiga call to your session startup (call the MCU, not a site - don't know how to do fullscreen via CLI).
Errata: You probably have firewalls. Firewalls screw with videoconferencing in many ways. Besides needing to poke the necessary port holes, they will timeout sessions after a certain number of hours. PIX's are notorious for this. Additionally, your MCU and clients will need to have their session timeouts set. You may just want to cron call restarts every 12 hours or something. If you use OpenMCU, remember it will ONLY work with the crap-tastic H.261 video codec.
Alternatively you may want to look at the open source ACCESSGRID project (warning: requires multicast - hope you have good network staff) or Microsoft's ConferenceXP ('free' for the time being). Good Luck.
I was thinking the same thing. IANAEE, but in my experience I've had power supplies fail far more often than motherboards (even the good antec PSUs). If we offload switching to the mobo won't that lead to higher rates of failure for a FAR more difficult to replace component? I have enought trouble with blown caps and bad (cheap) elecrolytic mixtures as it is.
disclaimer: not my picture - found it on 4chan/G (probably nsfw) a while ago and saved it because it was so damn funny. Anyway here it is - an SD card and it's packaging (from newegg if I remember correctly).
Maybe this isn't such a bad thing. In college I felt that my best professors were the active industry participants - those that knew the current state of the art. Bloggers, as workers or enthusiastic hobbyists in their respective fields, have more insight than the average journalist who must switch between topics on a regular basis. Sure we have to use a more critical eye with blogs than we do with say, the NYT, but given the things that have been exposed primarily through blogs within the last few years I can accept that. Their popularity and citation by major news outlets shows that others feel the same way.
Slashdot Mirror
IT WAS SIX DAYS AGO
Site is hosed, Bro.
Find out how many times you can ghost dub an augmented cyberbrain before the owner becomes catatonic.
remake 2 & 3. They were garbage.
This whole article smacks of some CISSP pouring over BGP looking glass router logs and having a sophomore Eureka moment. BGP MITM is not practically possible because of the return path problem: the last router that dumped you the traffic believes you are the legitimate endpoint for that traffic and therefore is not going to forward it to the ACTUAL target once you're done doing nefarious things to it. The article tries to explain this away with the following:
"The traffic was likely examined and then returned on a “clean path” to its destination—all of this happening in the blink of an eye."
If the 'clean path' of the internet thinks Mallory is Bob, Mallory's theoretical egress 'Clean Path' will make the same assumption. Perhaps Alice's first hop AS was compromised? If so this is an isolated vendor network problem, not an 'internet at large' problem. Maybe Mallory's 'clean path' is a point to point to Bob? If so Bob's an idiot for signing a peering agreement with a known Hooligan.
This was likely a misconfigured customer router connected to an irresponsible ISP that doesn't filter the routes it accepts, just like the Pakistan/Youtube Incident. The author either doesn't understand the technical impossibility of the attack they're dreaming about or does and is willing to lose credibility in exchange for ad traffic.
Filter error: You can type more than that for your comment.
Only on Slashdot can a story about sex be primarily categorized as 'humor.'
RT doesn't scale well. We used it at Rutgers but around the 100K ticket mark it started to tank. So we rewrote it:
http://ruqueue.rutgers.edu/
Very capable.
This article sucks donkey nuts.
"Ethernet, which drops packets"
Ethernet switches Frames. It does not route packets. That's like saying a railroad track can drop a car because it doesn't like the passengers on it.
"they're trying to change Ethernet because of TCP/IP"
Your question just confuses things more because TCP segments are l4, as opposed to packets (l3) and frames (l2).
"I wonder what happens if you inform a cop that you are recording him when he pulls you over."
Beats me, but apparently it's more fun (and career-lethal) to film him without notification.
There's nothing new about anything being done here. Here's what they're ooh-ing and ahh-ing over:
- Hot Aisle / Cold Aisle
- Environmental Monitoring (with Netbotz, how inventive)
- At-a-glance rack power load
- Hard & Soft Remote reboots (LOM, web-enabled PDUs)
- Physical Access Control (card based(!), no biometrics)
- Run-o-the-mill remote console and IPKVM
- Good cable management
- Paying people to move your crap for you
I thought this was gonna be like an iris-scanning, fully Direct Current, liquid cooled, flywheel-UPSed, heat reclaming technological wonderland. Instead it's just more 'throw money at the first google hit.'
> These things are perfect for someone who needs a small, lightweight laptop to administer a network rack
The dirty secret of network engineers is that laptops without serial ports are completely useless to us, unless we want to carry around a seperate (and usually large) usb-serial adapter that decreases battery life.
Res publica non dominetur.
Because the ad placement seems to suggest so.
I was incensed when I heard that a 24 year old political appointee was altering Nasa publications on the big bang.
I was incensed when global warming was dismissed as even a possible cause for climate change.
But any researcher or rational thinker should be equally as incensed at this attempt to arbitrarily close off an avenue of inquiry - it's the same tactic, only in the opposite direction, and it stinks just as much.
Seeking to politically silence ANY side of a scientific issue is a slippery slope. The above-mentioned examples are probably repulsive to most slashdotters. De-certifying climatologists would simply be turnabout - and equally as invalid as when the tactic was employed by the existing anti-science administration. Should we seek to eliminate a theory completely because it's not our theory? No. If we want to be sure that we're moving forward with a solid theoretical foundation, each theory must be tested and discarded based on merit and evidence alone. While the circumstantial evidence for global warming is strong, there will be a time in the future when we can either prove or disprove it. Should the improbable happen and human-influenced global warming be disproved, do we want to be seen as the proverbial church that silenced Galileo?
In light of this information, it is obviously the duty of every red-blooded geek to fight back by stealing free porn from any hotel which uses this system.
Anyone can: http://forums.slickdeals.net/showthread.php?t=3853 50
I pay $30 for 500 mins, free N&W and unlimited EVDO (3G, faster than EDGE) from Sprint (SERO plan). Service has been great (Philly) - the only day I've ever had service problems, my significant other had turned off the phone function without telling me. I use a treo 700wx that cost me $150 after rebate. 312mhz Xscale processor, 128MB ram, 60MB nvram, up to 4GB of flash (expandable via SD), bluetooth, 1.3mp camera, etc. PDANET allows me to wirelessly tether to my laptop or home PC should my broadband go out.
Phone: $150
Service: $30 x 12 = $360
Taxes: $6 x 12 = $72
------------------------
1 year total = $582
So I have a whole year of ample minutes and superior data service with a pretty nice pocketPC phone (I won't kid myself - it's no iPhone) for $17 less than the cost of the 8GB iPhone itself BEFORE taxes or accessories.
Cingular's cheapest plan on their website is $40/mo. Add $20 for unlimited data to that (assuming they won't require a blackberry type service charge) and your first year of service with the iPhone just cost you a minimum of $792 after taxes. Want SMS? $852/yr with only 200 msgs/mo. 1 year total? almost $1500.
I was drooling during the presentation - I could even stomach the price tag, but not with a provider (Cingular) who charges like $60/month plus taxes for unlimited data. This is a DATA device. Yes it's a phone, but all of the live data eye-candy is worthless if it only works within 40 feet of your house or local WAP. The $500 or $600 is only the beginning, you're going to pay FAR out the ass over the life of this phone.
My previous job was in Network Operations at a University. Our Marine Science department had a large grant-funded sensor network running in a river somewhere in South Jersey that needed to talk to their machines on campus. They did this by getting a 56k leased line dropped out to the end of a long pier, to which they connected a cisco 2500 series router (state of the art at the time). It was housed in a box with just enough ventilation to keep it soaked in condensation, but not enough to allow for adequate cooling. Because of the heat it was on a permanent shutdown/reboot loop for most of spring, summer and early fall. They were lucky if they got more than a few hours of readings per day.
The DVC-1000 is an excellent choice - reliable, low bandwidth and cheap. He would still need some kind of conference bridge to pull them all together though.
This does not have to be expensive, and it does not have to eat up the entirety of your pipes. The hardest part is going to be the 'conference bridge' (MCU) that everyone will call (a pair of offices can be point-to-point, many-to-many requires a bridge).
Software: Ekiga on Ubuntu
Protocol: SIP? H.323? Whichever you can find a cheap MCU for (H.323 OpenMCU sorta works, don't know about SIP)
PC Hardware: Cheap ass, last generation PCs with TV-in cards
AV hardware: Cheap ass, last generation DV cameras with integrated mics and (preferably) wide angle lenses. You'll also need a tripod ( 1/8" inch headphone jack converter.
Hardware config: wire up the DV cam (audio and video) to the TV-in and MIC jacks on the PC.
Software config: Configure a user to auto-login, add an Ekiga call to your session startup (call the MCU, not a site - don't know how to do fullscreen via CLI).
Errata: You probably have firewalls. Firewalls screw with videoconferencing in many ways. Besides needing to poke the necessary port holes, they will timeout sessions after a certain number of hours. PIX's are notorious for this. Additionally, your MCU and clients will need to have their session timeouts set. You may just want to cron call restarts every 12 hours or something. If you use OpenMCU, remember it will ONLY work with the crap-tastic H.261 video codec.
Alternatively you may want to look at the open source ACCESSGRID project (warning: requires multicast - hope you have good network staff) or Microsoft's ConferenceXP ('free' for the time being). Good Luck.
I was thinking the same thing. IANAEE, but in my experience I've had power supplies fail far more often than motherboards (even the good antec PSUs). If we offload switching to the mobo won't that lead to higher rates of failure for a FAR more difficult to replace component? I have enought trouble with blown caps and bad (cheap) elecrolytic mixtures as it is.
disclaimer: not my picture - found it on 4chan /G (probably nsfw) a while ago and saved it because it was so damn funny. Anyway here it is - an SD card and it's packaging (from newegg if I remember correctly).
Maybe this isn't such a bad thing. In college I felt that my best professors were the active industry participants - those that knew the current state of the art. Bloggers, as workers or enthusiastic hobbyists in their respective fields, have more insight than the average journalist who must switch between topics on a regular basis. Sure we have to use a more critical eye with blogs than we do with say, the NYT, but given the things that have been exposed primarily through blogs within the last few years I can accept that. Their popularity and citation by major news outlets shows that others feel the same way.