Depending on how your facility is ducted, it might not cost much to try both options and measure the results. Even if you have to spend a few thousand doing so, the long term savings from choosing the best method for your site would probably be well worth the cost of testing.
tedstriker: My squadron ships out tomorrow. We're bombing the storage depots at Daiquiri at 1800 hours. We're coming in from the north, below their radar.
elainedickinson: @tedstriker: When will you be back?
tedstriker: @elainedickinson: I can't tell you that. It's classified.
The door becomes a useful indicator of your willingness to be disturbed.
Closed: Go away unless the situation is dire. I'm doing a performance review, interviewing an applicant, etc. Ajar: I'm concentrating, but if it's important, I'm available. Open: Let's talk.
You only redirect [evil-ip]/5060 UDP to the reply-bot after spotting the attack, either because people start bitching about VoIP quality or by using fail2ban or whatever to do it automatically after X registration failures from the same address. I've seen 11,000 in under 3 min., which makes the attacks easy to spot.
A different attack that really used address spoofing could cause the method I described to block legitimate traffic from a targeted site, but that would be a DoS, not a brute-force penetration attempt. The real problem is that if you have a limited bandwidth pipe, just dropping packets from [evil-ip] at the firewall doesn't help much, and by the time you've gotten your ISP (or AmazonWS) to do something about it, you're screwed.
I guess a really big-time user or VoIP provider, with multiple ISPs and a registrar server on a separate path, would be pretty much immune to these attacks, but that's above my pay grade.
I don't think so. One way to stop the attacks is to use pf/iptables to forward the offending REGISTERs to a bot that simply sends back a bogus "200 OK" response. As soon as the attacker thinks he's found an opening, the attack stops.
Sheri Fink certainly deserves recognition for her compelling story, but surely PJ over at Groklaw also deserves recognition from the mainstream media for her amazing work over the years.
I use Speakeasy at home because it Just Works. Never any port blocking, DNS games, traffic shaping. But not cheap, and since the Best Buy takeover, not quite so residential customer friendly.
Slashdot Mirror
Unless you consider "the government" to be a single company.
That's pretty much a metaphor for U.S. politics.
Remember, the story sat in the Firehose for over two hours before you read it.
All it takes is one.
If his 100A fuses are made of steel, he's probably using them as a toaster.
Strips of steel with holes in them? You're kidding, right?
Well, this should pretty much make sure the defensive patent license doesn't see much use.
I agree with you. But it's not clear whether the submitter is talking about constructing a new data center or adding containment to an old one.
Depending on how your facility is ducted, it might not cost much to try both options and measure the results. Even if you have to spend a few thousand doing so, the long term savings from choosing the best method for your site would probably be well worth the cost of testing.
And yet there's still a box for your ICQ UIN on your User Page.
I'm predicting that this will be so calamitous it'll make Y2K seem like a non-event.
I think they're trying to avoid stuff like this:
tedstriker: My squadron ships out tomorrow. We're bombing the storage depots at Daiquiri at 1800 hours. We're coming in from the north, below their radar.
elainedickinson: @tedstriker: When will you be back?
tedstriker: @elainedickinson: I can't tell you that. It's classified.
The door becomes a useful indicator of your willingness to be disturbed.
Closed: Go away unless the situation is dire. I'm doing a performance review, interviewing an applicant, etc.
Ajar: I'm concentrating, but if it's important, I'm available.
Open: Let's talk.
He's from Chicago. Of course he knows.
The SEC's report was released in response to a request by Sen. Grassley, a Republican.
True, Republicans have no shame. But Obama has yet to return the $994,795 in donations his campaign received from Goldman Sachs and its employees.
How exactly can you use CID spoofing to correct LIDB/CNAM spelling errors? Or aren't you talking about the PSTN?
Even White Sands looks iffy. Guess it'll be another day or so before deorbit. Disappointing, but nothing new.
The weather looks a bit grim for a KSC landing.
You only redirect [evil-ip]/5060 UDP to the reply-bot after spotting the attack, either because people start bitching about VoIP quality or by using fail2ban or whatever to do it automatically after X registration failures from the same address. I've seen 11,000 in under 3 min., which makes the attacks easy to spot.
A different attack that really used address spoofing could cause the method I described to block legitimate traffic from a targeted site, but that would be a DoS, not a brute-force penetration attempt. The real problem is that if you have a limited bandwidth pipe, just dropping packets from [evil-ip] at the firewall doesn't help much, and by the time you've gotten your ISP (or AmazonWS) to do something about it, you're screwed.
I guess a really big-time user or VoIP provider, with multiple ISPs and a registrar server on a separate path, would be pretty much immune to these attacks, but that's above my pay grade.
I don't think so. One way to stop the attacks is to use pf/iptables to forward the offending REGISTERs to a bot that simply sends back a bogus "200 OK" response. As soon as the attacker thinks he's found an opening, the attack stops.
True. But the $10,000 you get for a Pulitzer would be a nice add-on.
Sheri Fink certainly deserves recognition for her compelling story, but surely PJ over at Groklaw also deserves recognition from the mainstream media for her amazing work over the years.
If Bush/Cheney did it, does that somehow make what McLaughlin allegedly did okay?
No, the big question is whether he used his personal account to circumvent rules regarding communications made in his official capacity.
I use Speakeasy at home because it Just Works. Never any port blocking, DNS games, traffic shaping. But not cheap, and since the Best Buy takeover, not quite so residential customer friendly.