Still, since your post seems quite confident that this should be an easy thing to do, I humbly (and sincerely) request that you give us some suggestions on how to actually monitor such traffic.
It is in the context of the poster - (s)he has a firewall and appears to be running a web hosting company. You on the otherhand appear to be a home user, so you may not have as much latitude depending on your ISP and how much control you have over how you get online.
The first place to start is your router, since all traffic must pass through it, or a dedicated firewall immediately behind it. The simplest way to acquire traffic stats is with SNMP using a tool like MRTG which is how I do it. If you have no control over the router, then you might be able to get the same figures off the port on your switch that it connects to. I say might, because this assumes that you have a switch (likely these days) and that it supports SNMP (not quite as likely).
Falling back further; no central point of ingress/egress you can monitor and a non-managed switch/hub... OK, we need to look at the traffic on the host NICs directly, on a per host basis. That means a bandwith monitoring and logging tool; any software site will have loads (search on "bandwidth and log") and most host based firewalls can provide this information for you as well.
Maybe they just haven't received their bills, yet?"
This is going to sound harsh, but maybe they actually *look* at their logs and traffic graphs with a little more frequency than you imply that you do, noticed something was amiss and put the onus on the ISP to block it? You quadrupled your bandwidth for the month - that's one *serious* anomaly whether it's steady noise or intermittant spikes, and as such should have been red-flagged no later than day two, and that's assuming you only get a daily email from a cron. With this data you could have requested your ISP filter the traffic upstream, and made a fair claim against paying the already incurred traffic and an insistance against future traffic.
I'd think long and hard about going to court with this, because there is a pretty good chance that the ISP's lawyers are going to bring this up. If they do, then your companies' technical competence is likely to be brought into question in a big way, and in a public forum too. You might be better off writing this off as experience, setting up some better monitoring tools and moving on.
Of course, you might have some mitigating circumstances, such as... Well, actually, I can't think of any technical reasons why you couldn't spot this kind of traffic, is there one?
I'd imagine the RIAA wouldn't think too kindly of this idea - but it is kinda fun to think about:)
Sure they would. This would be right up their sreeet once they had demand^H^H^H^H negotiated an 80% fee for the "management" of the PayPal accounts. After all, musicians just want to write songs and perform, not worry about all that "management" voodoo the RIAA so kindly does for them.
It's certainly elegant, but try as I might, I can't think of a single genuine use for this other than what it is being used for; to protest against a registrar abusing its position. The best I've come up with is for a large ISP that delegates subdomains out to multiple DNS servers for its customers from a dedicated domain. Something like:
and so on, but *why* would they want to preclude the possibility of having their own hosts in the domain, or even doing what Verisign is doing in the one circumstance it's undeniably legitimate?
I am the only one to notice the author's name is "James Hunt", as in the ex F1 racing driver "Hunt the Shunt"? It's not the same guy according to the quite amusing bio at the bottom, but let's hope that they just have making things go faster in common, and not having crashes as well.;)
Heh. I can almost imagine the National Enquirer front page. "Osama bin Laden alive and well - living with Saddam Hussein on asteroid!" The picture, of course, would be the duo sitting astride the asteroid waving scimitars in the air in the style Slim Pickens in "Dr. Strangelove" as the bomb drops from the B52.
And since the Slashback didn't mention it; if you patched your SSH yesterday to version 3.7p1, then patch again to v3.7.1p1. It would appear the bug wasn't quite squashed the first time around.
PS. Don't feed the trolls! Given the recent DCOM fiasco, it's fairly obvious where this thread goes...
Exactly my view; they can't have it both ways. On the one hand they want more funding to be able to deploy the necessary personnel and hardware to detect these things in time to try and do something about it. On the other hand they don't want press sensationalism to get out of hand, which I don't really think it is, but that's just my opinion.
The gotcha is without mainstream media coverage and public opinion there is no way they are going to get additional funding. I think that the occasional bit of overwrought journalism is the cross they are just going to have to bare if they want to stay in business. Personally, given the trillions spent worldwide on "defense", I'm quite happy for a few billion to go on the effort to detect an killer asteroid in time to do something about it.
Actually the could quite easily setup their already non-standard DNS servers to simply respond with the effective equivalent of:
* IN NS screw-isc.verisign.com.
and use that to deliver their stupid A records. Of course, if they do that, then things are going to degenerate rapidly. Verisign will not back down because there is money involved, the DNS admins will not back down because of the principle of the thing.
Should this happen, then ICANN is going to have to step up to the plate, since they are the body to which Verisign is responsible, and make a decision. So, on one side we will have the Internet DNS community, the IAB and IETF, while on the other we have Verisign exceeding their mandate for a chunk of cash. It should be a no-brainer, but given ICANN's track record I certainly wouldn't put any money on which way they would make the call.
but maybe it will break existing misconfigured sites?
Perhaps, but whose fault is it that those sites are misconfigured? If this forces a few admin to experience difficulties and either correct typos or learn how to do something properly, then the Internet will be better for it.
I'll be having a play around with the patch this evening, but from what I've seen of the patch and the notes so far it looks good. I'm still working through some things, but it looks like a fairly robust way of preventing wildcarding at TLD level without causing problems for anyone except people at Verislime expecting to make a stack of cash. Good work ISC!
Actually, ISC as been smarter than that. What they have done is allow certain domains to be designated "delegation only". That means, in a nutshell, you can specify for instance ".net" and ISC will automatically return NXDOMAIN for anything other than an NS pointer at that level. This in effect will wipe out wildcarding at the TLD/GLD levels for which it is configured, and if you wished you could even extend it to block wildcarding of things like "*.uk.com".
It mentions the IBM court case and it mentions the Red Hat case. What happened to the German case that they lost pertaining to their defamation of Linux? The one that undermines their position in the IBM/Red Hat cases to the potential investors that will be reading this?
Can someone familiar with the 10-Q requirements explain whether this omission is permissable (because it was brought in Germany?) or has SCO done something else naughty?
Actually, I think the UK's problem is more marketing and pricing, rather than technically orientated, and suspect many other countries have the same problem. Sure, the coverage by area in the UK is pretty poor, but in terms of population reach it's not too bad - BT claims 80% (pinch of salt). So, for a population of 60m (to keep the numbers easy) we have 80% of that elegable for broadband, which is 48m. Great! Despite this, BT's own figures just released by Oftel show only 1,263,000 BT wholesale customers, which is just 2.6% of those capable of getting broadband via DSL. That doesn't include cable and other non-BT provisioned circuits though, but that can't add more than a couple of percentage points.
People can *get* broadband in the UK, they are either just choosing not to, don't understand the benefits, or plain do not think they require it. A survey of SMEs on broadband take up gives a few more pointers in this direction too. Those that have broadband, would recommend it and have come to rely on it heavily in 90% of cases. Yet 80% of SMEs have no plans to upgrade from dial-up access in the next 12 months, citing "lack of business case". What? When I worked at an SME (~300 computers) using ISDN access our phone costs were astronomical; we got a 256kb/s leased line for less.
The only way I can think of that explains this discrepency is that it all comes back to marketing. J.Q. Public sees the flashy ads by BT, AoL, NTL and others and thinks "Huh? Why do I want/need that?". The corporate types see these ads and see happy families around the computer and cartoon characters on the street and class it as a consumer product, and therefore irrelevent.
But then again, why complain? It's not like we need *another* huge bunch of noobs jumping on the 'net, is it? (Only half joking)
True, this is probably news to no-one, but what I find of most interest is that this is not a study by a university research team but an large US corporate. If it were a university backed team, then the MPAA would no doubt dismiss their findings with the same haste that a typical Slashdotter would dismiss a Microsoft funded report dissing Linux. After all, it's a university and the **AA's know what rabid copyright infringers their students are... The fact that this comes instead from AT&T should lend a little more credence to the report and *hopefully* cause them to at least think about their strategy some.
...seems to be whose equipment it is you are using, and more importantly, whether the airline can make any money off it. "Your cell phone? You can't use that on the plane sir - it might cause a crash, but you can use our ludicrously expensive 'AirPhone' instead." "WiFi laptop? Oh, no sir, might crash the plane, but we do plan to offer computing in our ludicrously expensive first and business class compartments real soon now!" And despite this there are plans to fly planes via PDA according to a recent Slashdot story. It's one or the other guys!
Actually, it may not just be money and the aviation industry, I suspect there is also an issue with the herd "I've been told, but did not question" mentality too. I walked into a hospital reception recently while finishing off a mobile phone call, fully intending to switch it off while actually visiting. I was asked to finish my call outside by a nurse with a mobile phone clipped to her belt, it was switched on and presumably there to receive calls. When I raised this it transpired that it was "hospital issue and therefore OK", yeah, right, whatever...
OK, that's two points, but can you even have two cru... WTF is the plural of "crux" anyway, which I guess answers *that* question.;)
I know that SMS is supposedly not as reliable as a dedicated pager, but I've done exactly was you suggested and never lost an alert. Latency was not an issue either, I don't think it ever took more than 30 seconds from SMS generation to delivery. Then again, this was in the UK and not the US, so your telco mileage may vary and having a facility to resend the SMS if the alert is not acknowledged within an arbitrary time may be a good idea in any case.
We used an old Sun Ultra 5 acting as the "base station" and Kannel to talk to a mobile phone plugged into the serial port. That's basically it. We could generate an SMS via email or directly scripting Kannel, depending on what we were trying to do, and also provided a webform for human use.
So, in effect, it's like Microsoft's "My Recent Documents", only with multiple levels of "recentness"? Sounds like a neat extension to the concept that would actually work quite well in conjunction with the vanishing seldom used menu items idea. You could have a menu with the "hot items", wait a second or two and the list expands to include the "warm" items. Add a couple of options at the top/bottom of the menu for "Search" and "Show all" and you're done.
Do you know Python? Sounds like this would be a trivial thing to implement in a Karamba varient...
These are totally meaningless figures. What is not stated *anywhere* in the article is how many of each type of server there were. Which is the better statistic out of these:
Out of 1,000,000 apples, 10,000 were hacked
Out of 10,000 oranges, 1,000 were hacked
Looks like a typical Microsoft "we're scared of Linux and need some positive press" post to me, and almost on the *very* day they announce they screwed up the DCOM patch and another worm is likely too. What a coincidence!
It's also technically inaccurate too, since the "Santa Cruz Operation" hasn't existed since they were bought up by Caldera. It's now just "The SCO Group". It might be the same staff, but it's a completely different entity in a legal respect.
As Eric Raymond has said on numerous occasions, the Linux community should be above all this kind stuff; the pinnacles of maturity, reasonableness and responsible behaviour. Regardless of your opinions of ESR, he's making sense here, and having a policy of not hiring someone who didn't *immediately* leave his job at SCO on general principles is insane. "Sorry, hun, but I'm going to have to pimp you while I look for another job or the kids are going to go hungry and the mortgage will default." Yeah, right.
If only it were that simple. According to the article the bulk of the servers are in Taiwan, what a coincidence, given the emnity in that relationship. Now if they were firewalling off the 127 top servers in China that send spam, then the rest of the world might see a benefit too, but no, they are just stopping servers mainly outside China sending email in. In short, this only stops the Chinese from receiving spam/propaganda depending on what you believe.
Of course, just because the bulk of my spam comes from China doesn't mean that the bulk of spam the Chinese get comes from there too. Maybe theirs really does come from Taiwan - any Chinese national care to comment on the demographics of your spammers?
The whole point of discovery is to cast as wide a net as possible.
Within limits apparently. I seem to recall a recent story of someone who got reprimanded for going on a "fishing trip" with a subpeona for all communication records.
I'm guessing the items about the sale of stock will not be upheld by the court.
It doesn't need to be. It's required by the SEC that executives disclose details of their share dealings since by definition they have inside information. You probably hit the nail on the head with the real target being the press though; apart from a few mutterings here and on similar sites, even the mainstream IT media seems to have missed the SCO stock dumping. That may be about to change...
Slashdot Mirror
It is in the context of the poster - (s)he has a firewall and appears to be running a web hosting company. You on the otherhand appear to be a home user, so you may not have as much latitude depending on your ISP and how much control you have over how you get online.
The first place to start is your router, since all traffic must pass through it, or a dedicated firewall immediately behind it. The simplest way to acquire traffic stats is with SNMP using a tool like MRTG which is how I do it. If you have no control over the router, then you might be able to get the same figures off the port on your switch that it connects to. I say might, because this assumes that you have a switch (likely these days) and that it supports SNMP (not quite as likely).
Falling back further; no central point of ingress/egress you can monitor and a non-managed switch/hub... OK, we need to look at the traffic on the host NICs directly, on a per host basis. That means a bandwith monitoring and logging tool; any software site will have loads (search on "bandwidth and log") and most host based firewalls can provide this information for you as well.
This is going to sound harsh, but maybe they actually *look* at their logs and traffic graphs with a little more frequency than you imply that you do, noticed something was amiss and put the onus on the ISP to block it? You quadrupled your bandwidth for the month - that's one *serious* anomaly whether it's steady noise or intermittant spikes, and as such should have been red-flagged no later than day two, and that's assuming you only get a daily email from a cron. With this data you could have requested your ISP filter the traffic upstream, and made a fair claim against paying the already incurred traffic and an insistance against future traffic.
I'd think long and hard about going to court with this, because there is a pretty good chance that the ISP's lawyers are going to bring this up. If they do, then your companies' technical competence is likely to be brought into question in a big way, and in a public forum too. You might be better off writing this off as experience, setting up some better monitoring tools and moving on.
Of course, you might have some mitigating circumstances, such as... Well, actually, I can't think of any technical reasons why you couldn't spot this kind of traffic, is there one?
Sure they would. This would be right up their sreeet once they had demand^H^H^H^H negotiated an 80% fee for the "management" of the PayPal accounts. After all, musicians just want to write songs and perform, not worry about all that "management" voodoo the RIAA so kindly does for them.
Why, yes there is! It's called ChkConfig funnily enough.
I am the only one to notice the author's name is "James Hunt", as in the ex F1 racing driver "Hunt the Shunt"? It's not the same guy according to the quite amusing bio at the bottom, but let's hope that they just have making things go faster in common, and not having crashes as well. ;)
Heh. I can almost imagine the National Enquirer front page. "Osama bin Laden alive and well - living with Saddam Hussein on asteroid!" The picture, of course, would be the duo sitting astride the asteroid waving scimitars in the air in the style Slim Pickens in "Dr. Strangelove" as the bomb drops from the B52.
PS. Don't feed the trolls! Given the recent DCOM fiasco, it's fairly obvious where this thread goes...
The gotcha is without mainstream media coverage and public opinion there is no way they are going to get additional funding. I think that the occasional bit of overwrought journalism is the cross they are just going to have to bare if they want to stay in business. Personally, given the trillions spent worldwide on "defense", I'm quite happy for a few billion to go on the effort to detect an killer asteroid in time to do something about it.
* IN NS screw-isc.verisign.com. and use that to deliver their stupid A records. Of course, if they do that, then things are going to degenerate rapidly. Verisign will not back down because there is money involved, the DNS admins will not back down because of the principle of the thing.
Should this happen, then ICANN is going to have to step up to the plate, since they are the body to which Verisign is responsible, and make a decision. So, on one side we will have the Internet DNS community, the IAB and IETF, while on the other we have Verisign exceeding their mandate for a chunk of cash. It should be a no-brainer, but given ICANN's track record I certainly wouldn't put any money on which way they would make the call.
Perhaps, but whose fault is it that those sites are misconfigured? If this forces a few admin to experience difficulties and either correct typos or learn how to do something properly, then the Internet will be better for it.
I'll be having a play around with the patch this evening, but from what I've seen of the patch and the notes so far it looks good. I'm still working through some things, but it looks like a fairly robust way of preventing wildcarding at TLD level without causing problems for anyone except people at Verislime expecting to make a stack of cash. Good work ISC!
Actually, ISC as been smarter than that. What they have done is allow certain domains to be designated "delegation only". That means, in a nutshell, you can specify for instance ".net" and ISC will automatically return NXDOMAIN for anything other than an NS pointer at that level. This in effect will wipe out wildcarding at the TLD/GLD levels for which it is configured, and if you wished you could even extend it to block wildcarding of things like "*.uk.com".
Can someone familiar with the 10-Q requirements explain whether this omission is permissable (because it was brought in Germany?) or has SCO done something else naughty?
...is that if they lose their court case with IBM and people won't buy their licenses, then they are screwed? Great! Let's go to court!
People can *get* broadband in the UK, they are either just choosing not to, don't understand the benefits, or plain do not think they require it. A survey of SMEs on broadband take up gives a few more pointers in this direction too. Those that have broadband, would recommend it and have come to rely on it heavily in 90% of cases. Yet 80% of SMEs have no plans to upgrade from dial-up access in the next 12 months, citing "lack of business case". What? When I worked at an SME (~300 computers) using ISDN access our phone costs were astronomical; we got a 256kb/s leased line for less.
The only way I can think of that explains this discrepency is that it all comes back to marketing. J.Q. Public sees the flashy ads by BT, AoL, NTL and others and thinks "Huh? Why do I want/need that?". The corporate types see these ads and see happy families around the computer and cartoon characters on the street and class it as a consumer product, and therefore irrelevent.
But then again, why complain? It's not like we need *another* huge bunch of noobs jumping on the 'net, is it? (Only half joking)
True, this is probably news to no-one, but what I find of most interest is that this is not a study by a university research team but an large US corporate. If it were a university backed team, then the MPAA would no doubt dismiss their findings with the same haste that a typical Slashdotter would dismiss a Microsoft funded report dissing Linux. After all, it's a university and the **AA's know what rabid copyright infringers their students are... The fact that this comes instead from AT&T should lend a little more credence to the report and *hopefully* cause them to at least think about their strategy some.
Actually, it may not just be money and the aviation industry, I suspect there is also an issue with the herd "I've been told, but did not question" mentality too. I walked into a hospital reception recently while finishing off a mobile phone call, fully intending to switch it off while actually visiting. I was asked to finish my call outside by a nurse with a mobile phone clipped to her belt, it was switched on and presumably there to receive calls. When I raised this it transpired that it was "hospital issue and therefore OK", yeah, right, whatever...
OK, that's two points, but can you even have two cru... WTF is the plural of "crux" anyway, which I guess answers *that* question. ;)
We used an old Sun Ultra 5 acting as the "base station" and Kannel to talk to a mobile phone plugged into the serial port. That's basically it. We could generate an SMS via email or directly scripting Kannel, depending on what we were trying to do, and also provided a webform for human use.
Do you know Python? Sounds like this would be a trivial thing to implement in a Karamba varient...
Out of 1,000,000 apples, 10,000 were hacked
Out of 10,000 oranges, 1,000 were hacked
Looks like a typical Microsoft "we're scared of Linux and need some positive press" post to me, and almost on the *very* day they announce they screwed up the DCOM patch and another worm is likely too. What a coincidence!
As Eric Raymond has said on numerous occasions, the Linux community should be above all this kind stuff; the pinnacles of maturity, reasonableness and responsible behaviour. Regardless of your opinions of ESR, he's making sense here, and having a policy of not hiring someone who didn't *immediately* leave his job at SCO on general principles is insane. "Sorry, hun, but I'm going to have to pimp you while I look for another job or the kids are going to go hungry and the mortgage will default." Yeah, right.
Of course, just because the bulk of my spam comes from China doesn't mean that the bulk of spam the Chinese get comes from there too. Maybe theirs really does come from Taiwan - any Chinese national care to comment on the demographics of your spammers?
Sorry. Hit "Submit" instead of "Preview". Fixed links (now *with* preview): Grace Hopper and Google
It was one Grace Hopper/A> who actually coined the term. One hell of an impressive Bio, to say the least, and there's a lot more on Google
Within limits apparently. I seem to recall a recent story of someone who got reprimanded for going on a "fishing trip" with a subpeona for all communication records.
I'm guessing the items about the sale of stock will not be upheld by the court.
It doesn't need to be. It's required by the SEC that executives disclose details of their share dealings since by definition they have inside information. You probably hit the nail on the head with the real target being the press though; apart from a few mutterings here and on similar sites, even the mainstream IT media seems to have missed the SCO stock dumping. That may be about to change...