I have a complete opposite issue. The people with the blocklists, private (e.g. Mimecast, Cleanmail) or public (e.g. URIBL), refuse to say which customer ended me on the blocklist.
I really want to punish the customer that put me there but they give me 0 information, no mail to abuse@, even on request. Or they say: You were on the list, but now you are not (ergo: problem solved). I disagree here: It is not solved until I got the spammert. They just don't care that valid email does not arrive. Sometimes even their customers come to me about this...
>> This is the draft agenda for the RIPE 66 meeting...
> No agenda item about defining (or refining the definition of) "abuse"?
Nope.
> I'd like to just reiterate my view that all other activities of this WG
> will be utterly fruitless until such time as a reasonable, rational, and
> generally accepted definition of "abuse" is in hand.
I genuinely don't think it will be useful to spend time on this.../snip
It also fails when setup correctly. I have seen spam reports with emails having a From: header with our domain but with other IP's then allowed by our SPF records.
I am still wondering which spammer had issues to come up with domain names that are 'easier' and 'better' for him (i.e. no or bad SPF). Puzzling.
Acces to the source code and influence in design decisions is good enough for complex stuff. Or you hire stupid people instead of smart ones which just create bad code for you (which functions just good enough for production purposes). Ba(ck)d(oor) software.
In four years I only once had a security researcher contact me about a problem. I really welcom that. On the other hand I caught dozens of wannabe's, customers and pro's who do not even bother to contact us before they scan our web application (which is not allowed in Holland). A request to our system is either valid or you are trying to do bad ****
No, you are just being complacent about current hardware. Hardware is not simple (I would not in my life try to explain a non-techie how to assemble its own system or repair it) while it can be. Have you ever tried to create your own motherboard? They make the diagrams look so simple;-)
This holds for many more industries.
BTW I agree that many more battles can be won in software. That is basically unchanged since K+R. I think that the revolution will come from compilers (because the existing code base is too large to ignore it). You don't want different functionality, you want it to use the hardware available.
There are a couple of things that you, as an AS, might want another AS do (for traffic to your AS only):
-use a blocklist of IPs, as proposed above
-use a whitelist of IPs for known good ones (e.g. logged in users)
-use a throttle for the rest (conn/s, bandwidth, etc). Allows for blackholing entirely.
That way you can let another AS do your throttling for you (so the tubes are no longer overflowing). You determine the amount of traffic that you can filter and categorize on your side. You keep adding IPs to the blacklist until the DDoS is no longer effective. One question that remains is how to keep the system (at the remote ASses) limited in size. All this should be temporarily in nature.
So notice that this is very different from a BL. I think it should be executed by the AS maintainer.
And my point is that you need a s*** load of bandwidth, in excess of 100GB, to even start having a usefull model (i.e. filter bad traffic). That is expensive.
Remember that a DDoS is either started by vigilantes such as Anonymous or by botnet operators. In the first case you probably know you could be targetted and probably have the resources to prepare. In the second case, this is what happens: You have a medium size business that is doing well. You get an email saying that you should pay 50.000 dollars in an hour. You don't. Website goes down. At first they find some weak link such as SYN which you fix. After a while, to keep the DDoS effective, the botnet operator changes method and always ends up filling your tubes. It is the botnet operators job to ensure his DDoS works and he has done it more often than you.
The only thing left is asking other network operators to filter traffic for you. Maybe our networking technology should advance to be able to counter this kind of abuse.
Because I'm good at shooting (and I want the directories also removed in one shot). I hardly ever do it without. This only bit me once when a subdirectory was a bind mount to / .
When using a function, the current situation is that you get an out-of-band (the exception) or normal (typed return value) answer. This is a lie when you functionally look at it from the outside: you now have two types; the exception or the predefined typed answer. In case of an exception there is some glue which will give you a GOTO (to the catch block). The exception type is sometimes abused to return one of many types of answers from a function.
The only option is to lose the typiness (is that a word?). Some alternatives: Provide the function with handlers for certain categories of answers. Alternative 2: Use the type of answer to switch to a block of code given a certain type of answer (as exceptions are dealt with). Drawback is you can only give one return value (you might want to return multiple differently typed answers). Alternative 3: Return a type-prioritized set of answers; can be done already but is not 'best practice' at the moment. If a certain type of answer is not dealt with: return the function until it is done (a la exceptions).
A use case I have is that we send SMS batches but some messages may fail directly. Many types of errors may come back and all should be handled differently. We now make some plumbing with 'reply-object-classes' and they suck. They have to be created, filled and read...
Maybe combine a few possibilities. And yes: we are still in the pre-industrial area regarding software development. Everything takes expensive labour.
It is not sophisticated, it is methodological. This stuff has been possible for ages and the smartphone part is not a necessary vector but just another one.
The problem is that your bank-verificator does not include all transaction-critical data (all amounts, all bankaccounts) when signing a transaction. Until then a man in the middle attack is possible. Never trust your computer.
I've seen that method used so that company firewalls don't inspect and delete documents inside the zipfile. Maybe he just never understood the reasoning of it.
It is actually a complex system if you want the ride to be as nice as possible. You want the g-force to be limited as wel as the jerk (time derivative of g-force which is what rocks you stomach) to get a nice fast ride. Without passengers you can use a different speed function which would be too uncomfortable for them. You might want to factor minimizing wear and tear in the function depending on the time of day.
Slashdot Mirror
Blue Screen of Death. It is a Windows feature, and Windows is dying.
Way ahead of you. To sum up most of it (and some more of my own), see here at MailChimp.
I have a complete opposite issue. The people with the blocklists, private (e.g. Mimecast, Cleanmail) or public (e.g. URIBL), refuse to say which customer ended me on the blocklist.
...
I really want to punish the customer that put me there but they give me 0 information, no mail to abuse@, even on request. Or they say: You were on the list, but now you are not (ergo: problem solved). I disagree here: It is not solved until I got the spammert. They just don't care that valid email does not arrive. Sometimes even their customers come to me about this
I opted to post the conclusion. Because there are all sorts of excuses to arrive at a bad conclusion.
As seen at the abuse workgroup of RIPE (and I have not seen a sane discussion):
>> This is the draft agenda for the RIPE 66 meeting...
> No agenda item about defining (or refining the definition of) "abuse"?
Nope.
> I'd like to just reiterate my view that all other activities of this WG
> will be utterly fruitless until such time as a reasonable, rational, and
> generally accepted definition of "abuse" is in hand.
I genuinely don't think it will be useful to spend time on this.../snip
The report is also about spoofing. So 'suckered' is not the right term.
definately a +1
It also fails when setup correctly. I have seen spam reports with emails having a From: header with our domain but with other IP's then allowed by our SPF records.
I am still wondering which spammer had issues to come up with domain names that are 'easier' and 'better' for him (i.e. no or bad SPF). Puzzling.
The whole OS is missing. It's stable at doing the browser thingy and a well configured office is usable.
What I was refering to was the Chinese govt, not the buyers. All they need is a complete view of the system. All they need is one fatal bug.
Acces to the source code and influence in design decisions is good enough for complex stuff. Or you hire stupid people instead of smart ones which just create bad code for you (which functions just good enough for production purposes). Ba(ck)d(oor) software.
Cities affect the weather. On warm days you often find clouds, sometimes with rain, below wind.
I would not draw conclusions about not going further with it.
In four years I only once had a security researcher contact me about a problem. I really welcom that. On the other hand I caught dozens of wannabe's, customers and pro's who do not even bother to contact us before they scan our web application (which is not allowed in Holland). A request to our system is either valid or you are trying to do bad ****
And the funny thing is that MySQL and Java are in that list of not using the TTL.
No, you are just being complacent about current hardware. Hardware is not simple (I would not in my life try to explain a non-techie how to assemble its own system or repair it) while it can be. Have you ever tried to create your own motherboard? They make the diagrams look so simple ;-)
This holds for many more industries.
BTW I agree that many more battles can be won in software. That is basically unchanged since K+R. I think that the revolution will come from compilers (because the existing code base is too large to ignore it). You don't want different functionality, you want it to use the hardware available.
There are a couple of things that you, as an AS, might want another AS do (for traffic to your AS only):
-use a blocklist of IPs, as proposed above
-use a whitelist of IPs for known good ones (e.g. logged in users)
-use a throttle for the rest (conn/s, bandwidth, etc). Allows for blackholing entirely.
That way you can let another AS do your throttling for you (so the tubes are no longer overflowing). You determine the amount of traffic that you can filter and categorize on your side. You keep adding IPs to the blacklist until the DDoS is no longer effective. One question that remains is how to keep the system (at the remote ASses) limited in size. All this should be temporarily in nature.
So notice that this is very different from a BL. I think it should be executed by the AS maintainer.
And my point is that you need a s*** load of bandwidth, in excess of 100GB, to even start having a usefull model (i.e. filter bad traffic). That is expensive.
Remember that a DDoS is either started by vigilantes such as Anonymous or by botnet operators. In the first case you probably know you could be targetted and probably have the resources to prepare. In the second case, this is what happens: You have a medium size business that is doing well. You get an email saying that you should pay 50.000 dollars in an hour. You don't. Website goes down. At first they find some weak link such as SYN which you fix. After a while, to keep the DDoS effective, the botnet operator changes method and always ends up filling your tubes. It is the botnet operators job to ensure his DDoS works and he has done it more often than you.
The only thing left is asking other network operators to filter traffic for you. Maybe our networking technology should advance to be able to counter this kind of abuse.
And what do you do when all your 10GB fibers are saturated? Nothing an apparatus will solve.
Because I'm good at shooting (and I want the directories also removed in one shot). I hardly ever do it without. This only bit me once when a subdirectory was a bind mount to / .
At least don't admit it ;-)
When using a function, the current situation is that you get an out-of-band (the exception) or normal (typed return value) answer. This is a lie when you functionally look at it from the outside: you now have two types; the exception or the predefined typed answer. In case of an exception there is some glue which will give you a GOTO (to the catch block). The exception type is sometimes abused to return one of many types of answers from a function.
The only option is to lose the typiness (is that a word?). Some alternatives: Provide the function with handlers for certain categories of answers. Alternative 2: Use the type of answer to switch to a block of code given a certain type of answer (as exceptions are dealt with). Drawback is you can only give one return value (you might want to return multiple differently typed answers). Alternative 3: Return a type-prioritized set of answers; can be done already but is not 'best practice' at the moment. If a certain type of answer is not dealt with: return the function until it is done (a la exceptions).
A use case I have is that we send SMS batches but some messages may fail directly. Many types of errors may come back and all should be handled differently. We now make some plumbing with 'reply-object-classes' and they suck. They have to be created, filled and read...
Maybe combine a few possibilities. And yes: we are still in the pre-industrial area regarding software development. Everything takes expensive labour.
It is not sophisticated, it is methodological. This stuff has been possible for ages and the smartphone part is not a necessary vector but just another one.
The problem is that your bank-verificator does not include all transaction-critical data (all amounts, all bankaccounts) when signing a transaction. Until then a man in the middle attack is possible. Never trust your computer.
I've seen that method used so that company firewalls don't inspect and delete documents inside the zipfile. Maybe he just never understood the reasoning of it.
It is actually a complex system if you want the ride to be as nice as possible. You want the g-force to be limited as wel as the jerk (time derivative of g-force which is what rocks you stomach) to get a nice fast ride. Without passengers you can use a different speed function which would be too uncomfortable for them. You might want to factor minimizing wear and tear in the function depending on the time of day.
We had a one that sorted a list by javascript. When asked, explicitly, what he would do with 1 million records he said 'the same'.