Slashdot Mirror


User: Cramer

Cramer's activity in the archive.

Stories
0
Comments
3,954
First seen
Last seen
Profile
(view on slashdot.org)

Comments · 3,954

  1. Re:As I said in a previous post... on MS SQL Server Worm Wreaking Havoc · · Score: 2, Insightful

    Slight correction: compiled access lists are a function of the software (even a the lowly 2500 can have compiled ACLs)

    The problem with ACLs on most Cisco gear is where it gets processed. On all but the most recent (and very expensive) hardware requires all the packets to pass through the RSP or NPE if an access list is applied. I forget what the conditions are for ACLs on a 75xx VIP -- everytime I've been forced to filter traffic it's been process switched through the RSP (it isn't designed to move packets -- it's designed to manage routing) If you happen to have a 7400/7600/NSE, then it's a different story; most of the things needed to filter IP traffic are PXF accelerated.

    The next time someone steps up to say "let's just filter..." cut them off at the word filter. Routers are routers; firewalls are firewalls. Routers are designed to move packets (quickly), not block them. Firewalls are designed to block packets, not move them. Switches move millions of packets per second. Routers move hundreds of thousands of packets per second. Firewalls move around 1000 packets per second.

  2. Re:Welcome to the club on 11 Digit Dialing Comes Home to New York · · Score: 1

    It's called an area code overlay. It requires *10* digit dialing, not 11. + is handled as a local call by the local phone companies. <1>++ is a long distance call that is routed to your selected long distance carrier.

    Parts of NC have overlays with 10 digit dialing. 919 has been delayed twice.

    I'm wondering if the NYT reporter is mistaken or the telcos are intentionally telling people incorrectly to dial 1+... so it's a long distance call -- different rules, different pricing structure, etc. Programming a switch for 10 digits vs. 7 isn't diffcult; yes, the tables are larger, but it's setup exactly the same. With 11 digits, the switch has to make distinctions between what is local vs. long distance; and there is no longer any indication to the caller that it's LD! (dialing the house across the street *might* be LD; you won't know until the bill arrives. But then it's too late; you cannot dispute the charge because you did make the phone call.)

  3. Re:I don't. on MIT Spam Conference Conclusions · · Score: 1

    Ok, stupid and blind :-)

    (I'd post a spamhaus URL, but some might see that as a breach of NDA... see also: user info and be inventive.)

  4. Re:Yeah, blame the ISPs... on MIT Spam Conference Conclusions · · Score: 1
    1. Anonymous Coward writes:
    • You think modern routers can't handle port 25 ACLs?
    That depends on what you concider modern. If you mean hardware designed in the last year or so, then yes, most can act as a firewall without significant performance lose; due mostly to insane computational power. However, those devices are very new (read: untested and unproven) and very expensive -- and excessively powerful for most ISPs. Unless we are talking about the top dogs who spend money faster than it can be printed, nobody is going to spend that kind of money. Plus, those high-end routers have minimum port speeds of OC3.

    How many ISPs are there in the US? the world? How many of those have the millions of dollars (or Euros) to spend on a "modern" router? And then were is the line drawn in filtering port 25; in the teirs of the internet, do we filter port 25 all the way to the likes of UUNet, Sprint, AT&T, et.al.? Are the teir1 ISPs expected to filter the links between themselves? (Note to the aged readers: yes, this is very much like UUCP.)

    (Obviously, this AC doesn't work for an ISP. I'd venture a guess he/she never has. If they did/had, they'd know every penny counts and you use exactly what is required and nothing more. How many ISPs don't prevent spoofing -- which almost every router available supports with a single, global option? [reverse-path filtering])
  5. Re:I don't. on MIT Spam Conference Conclusions · · Score: 2

    Define "valid"? While a made-up number won't pass, a stolen number certainly will. And while they are stealing, why not use stolen AOL accounts?

    The fact is, almost all ISPs have anti-spam provisions in their contracts (even SpewSpewNet.) Deleting an account is easy; they'll just signup for an other one. Fining them is easy, in theory; in practice, good luck getting a spammer to pay up. Cleaning up after the fact is difficult and time consuming.

    In retrospect, I'm gonna blame the sales people who are too stupid or too blinded by their commision check(s) to realize they are selling an OC3 to a spammer. Really, how much spam is done by dialup these days? They either use broadband or pay some nuts to spam for them.

  6. Yeah, blame the ISPs... on MIT Spam Conference Conclusions · · Score: 4, Insightful
    • I think the key problem is ISPs that do not block egress traffic on port 25
    And think a big part of the problem are the nuts who think filtering port 25 network wide is a viable option. Here are some real world numbers...

    Router #1:
    30 second input rate 21782000 bits/sec, 6210 packets/sec
    30 second output rate 12294000 bits/sec, 4651 packets/sec

    Router #2:
    30 second input rate 7543000 bits/sec, 2133 packets/sec
    30 second output rate 12182000 bits/sec, 3183 packets/sec

    (and that's business traffic at 0030ET Sunday -- it goes a lot higher during business hours.)
    Routers have a lot of work to do already without having to look for spam. Devices along the lines of a Packeteer could be used to perform in-line packet inspection, but that'll get old real fast.

    Yes, it's perfectly doable to filter dialup users either at the ppp line or the next hop router by either explicit blocks or redirection. Many ISPs already do this. (UUNet requires it, oddly enough.) But an equal many don't. Plus, there's a growing amount of broadband in the world.

    Most companies buying network connectivity and hosting their own email systems expect them to have direct control over those systems and the routing of their email in both directions. It's a simple task to set a mail server to use a "smart host", but then one is at the mercy of those controlling that server(s).

    Oh, and just how exactly will this stop them from sending spam? Exactly. Simply put, it won't. It just changes the origin of the spam and maybe speed up the response time for blocking it and dealing with the user. HOWEVER, it introduces a much larger annoyance: blacklisting of the ISP server(s) and thus hundreds or thousands of companies and/or users.

    Next I suppose the ISP should be looking at the email to judge it's spamliness? Well, I'm gonna have to play my lawyer card on that bit of stupidity. The instant an ISP begins any type of content filtering, most of the protective provision of various laws cease to apply. In the eyes of the law, this would be exactly the same as the post office opening all of your mail to determine and discard what they feel is "junk mail".

    In the end, spam is what it is because of the [censored] creatans who think they can make money by participating in any of a growing number of scams. Basically, technology cannot protect the internet from stupid people. (esp. when the standard was constructed in a "stupid people" void. I guess we've bred better idiots.)
  7. Re:What's the problem? on The End of the Free PCI Device List (Update) · · Score: 5, Informative

    Maybe you should read it again... as to the sponsorship, affiliation, or endorsement of the website by PCI-SIG

    They "request" he work through his employer (IBM) to "investigate" basically handing over the database to PCI-SIG for their own website. They didn't say anything about him retaining control, IBM having control, or IBM publishing the website. They make it very clear that they do not want him to continue hosting the listing.

    As for their claims of confusion in the marketplace, I find that very unlikely. His database has been around for a long time and no one has confused him as the PCI-SIG. This isn't the only database or listing of vendor and device IDs. Furthermore, no one can confuse these lists with an official PCI-SIG list as there isn't an official list.

  8. Re:Somewhat disappointing on The Art of Deception · · Score: 1

    Indeed! In most respects, he was the first script kiddie. He went much further than any modern day script kiddie, however. (He stole things from the telco's -- test sets, etc. He read manuals on various equipment which provide default users and passwords that most telco's never change. etc.)

    [Even today, security in the telco world is laughable... how much telco hardware has non-authenticated modems attached to them?]

  9. Re:graffiti? on Appropriate Punishment For Crackers? · · Score: 1
    • there'd be a lot less script kiddies ...
    Somehow, I doubt it. All you'd accomplish is making the "stupid" hackers smarter and thus harder to defend against.

    Now, if one were to start executing the hackers/crackers/script kiddies/et. al., then we'd see a sharp decline in activities. (at least in the short run.)
  10. Re:About PVR Guide Charges on RCA PVR Will Use Free Guide+ Program Guide · · Score: 1

    If TiVo goes away, there will be a number of alternatives available in mere hours. The people that know how like their tivo(s), aren't insanely cheap, and want TiVo, Inc. to stay around.

  11. Re:question - TV guide patent on RCA PVR Will Use Free Guide+ Program Guide · · Score: 1

    That's a GEMStar patent... it has something to do with the guide displayed as a grid (hence the TiVo "list" style.)

  12. Re:Video for you broadband folks on Inside Symantec's 'Security Center' · · Score: 1

    Ok, let's see... typed in pin number, biometric scanner, AND an RF proximity access card to open a set of double doors (that open outward (pull))

    Translation: they are both paranoid and stupid.

    However, seeing how much money they've wasting in building that office, I'm sure it's more for show than function. My only comment? "What a waste of money. I'm glad I don't buy Symantec products."

  13. Re:who still wants to crack this key? on X-Box Private Key Challenge Ended · · Score: 1

    Technically, it doesn't. But in these cases, there's "near enough" primes. The key generator selects two "reasonablly prime" numbers and then tests them to make sure they don't immediately far apart.

    (And yes, I've seen the keys fail testing a few times over the years.)

  14. Re:who still wants to crack this key? on X-Box Private Key Challenge Ended · · Score: 2

    Who says the numbers Microsoft used are true primes? There's a pretty good chance they aren't unless they used a prime number table which isn't very likely.

    (I would assume they ran genkey -rsa and asked it for a 2048 bit key.)

  15. Re:Perhaps they already broke it. on X-Box Private Key Challenge Ended · · Score: 1

    Who cares? It'll still be designed to display on a sub-800x600, 30fps, fscking TV! And don't start with the HDTV BS... 1080i is interlaced leaving 720p the best you can do -- it's a leap forward from NTSC/PAL, but still, it's not 1600x1200x32@120Hz.

  16. Re:What if... on Cryptome Log Subpoenaed · · Score: 1

    Web logs are not sufficient proof. You obviously don't know computers can be programmed to do things at specific times, and there are means of remotely using a computer.

  17. Re:If they were available... on Cryptome Log Subpoenaed · · Score: 1

    I have a few hundred 8" floppy disks. (I don't have an 8" floppy DRIVE, but...)

  18. Re:What's the big deal about show swapping? on DMCA Loophole For Peer-to-Peer TV Show Sharing? · · Score: 2, Informative

    Yes they do. It's just not at the same level as the traditional Nielsen tracking data (ages of people watching the shows, etc.) TiVo does keep statistics on what is watched (and even which commercials are skipped, viewed, or replayed); it's just "anonymous" (yes, it can be tracked back to the specific tivo, however it's not simple and tivo promises they won't try.)

  19. Re:Finally, a decent frame rate. on GeforceFX (vs. Radeon 9700 Pro) Benchmarks · · Score: 2

    I have the "professional graphics" version of that thing. It will do greater than 200Hz, just not at maximum resolution. Plus, the RAMDAC(s) on the video card is(are) not likely to be able to generate such high resolution frame rates. And you're rapidly approaching the limits of changing the actual phosphor pixels on the monitor. (We're already beyond the retenative properties of the human eyeball.)

  20. Re:Not So Complicated on Breakdown of Bandwidth Costs? · · Score: 1

    I've not seen many DS3's for 3k. 10k (+/-) is what I've seen from the big players. But, yes, bandwidth costs have dropped a great deal.

    However, I've seen very few instances where people need much more than a T1 -- or even one T1. Case in point... protocol distribution for a dorm full of kids on a Sunday night (classes don't start until Wed, btw):

    [deleted due to slashdot's fucking stupid lameness and html filters. Numbers are concidered "junk":
    Reason: Please use fewer 'junk' characters.]

  21. Re:Why 'Your Rights Online' Category on Russian Student Arrested For Revealing DirecTV Secrets · · Score: 1

    Basically, "send us 3000$ or we'll take you to court." And when you fail to pay up, they take your ass to court with you attached to it.

    I only know of one person to tell DTV to "go to hell"... he owes them 1.5M$ now.

  22. Re:holy crow...(and I don't mean Brandon Lee) on Russian Student Arrested For Revealing DirecTV Secrets · · Score: 1

    Very new and lack of details ('tho that's 100% true in light of this news.)

    It took a long time for hacked HU cards to start showing up. And it's not like a billion dollar corp. is paying someone to reverse engineer it... with an electron microscope.

  23. Re:holy crow...(and I don't mean Brandon Lee) on Russian Student Arrested For Revealing DirecTV Secrets · · Score: 1

    All new equipment is being supplied with P4 cards. Any new activations requiring an access card will get a new P4 model.

    They are actively phasing out the HU cards. All of my cards were replaced a month or two ago and the ancient Sony SAT-B2 I reactivated (circa 1997 with it's original H card :-)) got a new P4 card (I'm surprised it works) FedEx'd out because the H card could not be reactivated. (duh) [I'm very surprised they didn't destroy that old H card.]

  24. Re:Wish I could afford to buy laws like that.... on Russian Student Arrested For Revealing DirecTV Secrets · · Score: 2

    They are distributing P4 cards because the HU cards are now "commonly hackable". It's taken a while for that to happen, so I'm sure DirecTV is happy with their technology and thus, very VERY pissed when some part-time toady at their lawyer's firm walks out with the keys to the new village gates.

  25. Re:Why 'Your Rights Online' Category on Russian Student Arrested For Revealing DirecTV Secrets · · Score: 2

    I think you're missing the scope of his crime and the scale of signal theft... he isn't getting rich for leaking the documents. the web sites aren't getting rich by publishing the leaked documents. But the people and organizations that use the information in those documents to defeat the security provisions will certainly profit. (These are the same people who sell 400$ hacked "test cards".) AND the people who use the hacked cards, or various programs and "scripts" to hack their own cards, to view pr0n and PPV events are likewise profiting from the information.

    Signal theft is a very real and expensive problem. DirecTV has gone to unbeleivable lengths to hunt people down and recop some of their lost revenues... even taking the customer records from outfits selling hacking hardware. (If you've bought hardware from anyone remotely associated with DSS hacking, expect a letter from DirecTV's lawyers. They don't care what legitimate uses you may have for the hardware -- and it'sthe best place to get quality, cheap programmers.)