Once they have had a chance to look at the other hats, the players must simultaneously guess the color of their own hats or pass.
They have to guess without knowledge of the other guesses. Without communication the problem becomes a lot harder. Everything I've thought of gets caught by the rules.
Re:The patent seems to be on a security mechanism.
on
Cisco Patents NAT RFC?
·
· Score: 1
Isn't there a difference between encrypting IP headers & screening packets (such as state, port filtering, etc.)? If the IP headers are encrypted you can't do much screening.
One could argue that any NAT system screens packets with an adaptive algorithm. They keep state. They must keep state so that they can translate the inbound packets.
There isn't anything "private" about the locked or unlocked state of your car door as with many cars it can be ascertained just by looking, but if I'm at the shopping mall and I see a guy testing car door handles, I'm going to tell mall security.
And what about the person trying keys in all those car doors? I doubt he's just checking to make sure no one else can get into them.
ICS uses a different cache engine than Border Manager. Last I heard they wanted to move them to the same engine. ICS has a special file system for more performance. Border Manager doesn't have anything like that (yet).
Video streams shouldn't be random. This may not always hold true, but most times a single stream should be laid down contiguously.
Running more than one stream off the same set of disks will cause the access patterns to go to crap & the throughput to go out the window. Doing multiple streams will probably need a stripe set per stream.
Editing compressed video streams is fairly I/O intensive. Trying to deal with uncompressed streams is *not* going to be cheap.
While most of the large ISPs can't do this due to complexity/multi-homing small addr spaces can do it. If we could get people to do this in front of dial-in racks it would be a good start (note: I do not & have not worked at an ISP so I might be talking out of my ass). As a reseller we install small frame-relay circuits for our clients which even the small routers can certainly handle ingress/egress filtering on.
While the big providers probably can't do much, the smaller people (the ones who don't have the staff/knowledge/desire to do it) should & probably can do the filtering. I don't think any circuit I have seen here has had any filtering on it. Won't stop attacks, but I know that any attack coming from my network will be traced back to me in short order.
As a side note, it's amazing the number of junk packets that silently get dropped at the border. Also lucky that I have a big enough router in the middle (small company, not much traffic) that I can do ingress/egress on all my segments.
Losing the US would certainly have an impact on Bermuda. Yes, very small, but would bother some of us. I believe all our links are via this US (could be wrong). We have links to other places, but I'm not sure if they support just phone or data as well. They are putting in some to other links places such as Europe & South America. Not sure when those will be available for data.
Quicktime Pro won't let you export it. Quicktime won't let you save/export. Other programs have severe problems opening it. They can't or crash. I can get a copy onto MiniDV, the problem is I don't have a firewire card to get it back onto the PC.
1. There are a lot of insecure systems out there. These can & will be abused by people. As broadband access becomes more widespread this problem is only going to get worse.
2. Egress filtering needs to be implemented at the lowest service providers. Most people implement filters on all their inbound connections, but most people forget the outbound. Just allowing only packets from your network would eliminate spoofed packets. At least this way a DDoS would be traceable.
Hard drives are a lot more sensitive than than MD. Dropping an MD player won't damage the disks. My first gen MD walkman can take more abuse than most devices. I wouldn't want to think what would happen to a hard drive if I treated it like that.
Actually there have been quite a few reports on Bugtraq about distributed DoS tools lately. That fact that we don't hear about machines being comprimised is because most SAs won't have a clue that it happened. This could be a lot more than 50 machines. Spoofing it to make it seem like fewer machines is trivial.
I would suggest having a look through some of the recent Bugtraq archives. These can be found at SecurityFocus. Have a look at some of the problems found in IE lately. This is & has been a problem for a long time. Here's a Hotmail example. There are postings regarding similar problems with most of the web based email services. Active scripting causes more problems than javascript.
It has been recommended that you disable all scripting for security reasons for a while now. It's very good practice.
Thank you!! That just gave me a really good laugh. Supporting both NT & Netware it was really funny reading some of their claims about Netware. I suppose by now we should all know not to believe anything the vendors say.
Actually I have had good experiences with Groupwise for email & Border Manager for internet access. Netware can be a lot more than just file & print. Shame most people haven't seen what it is capable of.
2. If it is a new vulnerability notify the vendor responsible.
3. Wait an appropriate amount of time (opinions vary on this part). If the vendor fails to respond post the info & the exploit if you have one to Bugtraq or similar list.
4. If the vendor does release a patch/notice release your details as well.
At no point should leaking it to the press to make a fuss be an issue. Full disclosure is a good thing, but in the appropriate forums. Some vendors are very cooperative & release patches (or at least a notification) very rapidly. Others never get around to addressing security holes.
Not 5 words, 5 groups of 5 characters each. Also those 25 letters might not be the final message. You'll probably have to do some work on them after finding them.
@Home may not scan their customers, but their customers (Road Runner's as well) certainly like to scan other people. Of course, this just leads back to lack of response from their abuse staff.
Slashdot Mirror
Not quite. To quote:
Once they have had a chance to look at the other hats, the players must simultaneously guess the color of their own hats or pass.
They have to guess without knowledge of the other guesses. Without communication the problem becomes a lot harder. Everything I've thought of gets caught by the rules.
Isn't there a difference between encrypting IP headers & screening packets (such as state, port filtering, etc.)? If the IP headers are encrypted you can't do much screening.
One could argue that any NAT system screens packets with an adaptive algorithm. They keep state. They must keep state so that they can translate the inbound packets.
Still have a few people using 3.x for various, strange reasons.
And what about the person trying keys in all those car doors? I doubt he's just checking to make sure no one else can get into them.
ICS uses a different cache engine than Border Manager. Last I heard they wanted to move them to the same engine. ICS has a special file system for more performance. Border Manager doesn't have anything like that (yet).
Video streams shouldn't be random. This may not always hold true, but most times a single stream should be laid down contiguously.
Running more than one stream off the same set of disks will cause the access patterns to go to crap & the throughput to go out the window. Doing multiple streams will probably need a stripe set per stream.
Editing compressed video streams is fairly I/O intensive. Trying to deal with uncompressed streams is *not* going to be cheap.
The Novell ICS & Border Manager are actually two seperate products. The ICS is a dedicated cache box.
While most of the large ISPs can't do this due to complexity/multi-homing small addr spaces can do it. If we could get people to do this in front of dial-in racks it would be a good start (note: I do not & have not worked at an ISP so I might be talking out of my ass). As a reseller we install small frame-relay circuits for our clients which even the small routers can certainly handle ingress/egress filtering on.
While the big providers probably can't do much, the smaller people (the ones who don't have the staff/knowledge/desire to do it) should & probably can do the filtering. I don't think any circuit I have seen here has had any filtering on it. Won't stop attacks, but I know that any attack coming from my network will be traced back to me in short order.
As a side note, it's amazing the number of junk packets that silently get dropped at the border. Also lucky that I have a big enough router in the middle (small company, not much traffic) that I can do ingress/egress on all my segments.
Losing the US would certainly have an impact on Bermuda. Yes, very small, but would bother some of us. I believe all our links are via this US (could be wrong). We have links to other places, but I'm not sure if they support just phone or data as well. They are putting in some to other links places such as Europe & South America. Not sure when those will be available for data.
A fix for it is here.
Same thought occurred to me. Anything close to a mention of this is the cryptic message on Rain Forest Puppy's web page.
Quicktime Pro won't let you export it. Quicktime won't let you save/export. Other programs have severe problems opening it. They can't or crash. I can get a copy onto MiniDV, the problem is I don't have a firewire card to get it back onto the PC.
These attacks show two things:
1. There are a lot of insecure systems out there. These can & will be abused by people. As broadband access becomes more widespread this problem is only going to get worse.
2. Egress filtering needs to be implemented at the lowest service providers. Most people implement filters on all their inbound connections, but most people forget the outbound. Just allowing only packets from your network would eliminate spoofed packets. At least this way a DDoS would be traceable.
Major problems like this need to be addressed.
Hard drives are a lot more sensitive than than MD. Dropping an MD player won't damage the disks. My first gen MD walkman can take more abuse than most devices. I wouldn't want to think what would happen to a hard drive if I treated it like that.
Display Properties -> Effects -> Use transition effects
Actually there have been quite a few reports on Bugtraq about distributed DoS tools lately. That fact that we don't hear about machines being comprimised is because most SAs won't have a clue that it happened. This could be a lot more than 50 machines. Spoofing it to make it seem like fewer machines is trivial.
I would suggest having a look through some of the recent Bugtraq archives. These can be found at SecurityFocus. Have a look at some of the problems found in IE lately. This is & has been a problem for a long time. Here's a Hotmail example. There are postings regarding similar problems with most of the web based email services. Active scripting causes more problems than javascript.
It has been recommended that you disable all scripting for security reasons for a while now. It's very good practice.
Posting had been removed as of 18:12 AST.
Thank you!! That just gave me a really good laugh. Supporting both NT & Netware it was really funny reading some of their claims about Netware. I suppose by now we should all know not to believe anything the vendors say.
Actually I have had good experiences with Groupwise for email & Border Manager for internet access. Netware can be a lot more than just file & print. Shame most people haven't seen what it is capable of.
1. Check if it has already been found. Security Focus & the Bugtraq archives are a good place to start.
2. If it is a new vulnerability notify the vendor responsible.
3. Wait an appropriate amount of time (opinions vary on this part). If the vendor fails to respond post the info & the exploit if you have one to Bugtraq or similar list.
4. If the vendor does release a patch/notice release your details as well.
At no point should leaking it to the press to make a fuss be an issue. Full disclosure is a good thing, but in the appropriate forums. Some vendors are very cooperative & release patches (or at least a notification) very rapidly. Others never get around to addressing security holes.
Nope. It's the ones modified on the 17th of Dec. that are important. Compare job6.gif (dated 17th Dec.) & job6_old.gif (dated 27th of Oct.)
Not 5 words, 5 groups of 5 characters each. Also those 25 letters might not be the final message. You'll probably have to do some work on them after finding them.
@Home may not scan their customers, but their customers (Road Runner's as well) certainly like to scan other people. Of course, this just leads back to lack of response from their abuse staff.