You may have to request that the phone company provide dial-tone with no service (no inbound and no local/LD calls). I assume there could be an install charge if there is no pre-existing wiring. I don't know if this will work in all areas, but it's worth a shot, right? This should be something that the phone company can provide (freely or cheaply) is my point.
You are welcome to your opinion, but it sounds like you are neither an operator nor a scientist.
The problem I see with your statements is that you are advocating solving poorly designed system and application problems with network-aware bloat.
You say: build a better box I say: write cleaner code
I'm not advocating Cisco, nor am I advocating completely "dumb" network devices (but I am advocating a "dumb" core). And I agree with you - caching is important.
The network is weakest at the edges. We need to simplify the edge, but also empower it. We need the `most bang for the buck', so to speak. Mesh networking provides the current/future infrastructure for this. IPv6 provides the infrastructure for this. Anycast networking makes for a better caching mechanism (and scales). Multicasting applications and keeping "local traffic local" will buy us near-infinite amounts of bandwidth and bring most applications fully on-demand.
Complex networks like Intel's approach will bring us headaches, bloat, and "solutions to problems that will introduce new (possibly worse) problems".
Finally, with a specific focus on SPAM and Worms, I have only this to say: "Security is a process, not a product". If you want to stop SPAM and Worms, remove the writers from their chairs. I know that this takes a lot of time and effort. But what takes less time and effort is to clean up your code and respond to secure code issues in a timely fashion.
I implemented a VoIP solution for a huge office. All calls are made via digital (PRI), and can fail back to analog (FXO ports on POTS lines).
I have one POTS with no service attached to a red phone in the kitchen / open area with a big 911 sticker on it. I told the on-site IT person (as well as the managers) that in case of emergency: to use the red phone. The nicest part about it is that this phone requires no electricity from the electrical company and will run even when the power is out.
Mind you, that this phone has no service. It still has dial-tone. You can call the phone company (Verizon) by dialing "0", you can call Verizon's repair by dialing "511", and you can obviously dial "911". There is no cost to dial these three numbers usually.
the Internet doesn't need more bandwidth today. have you heard of the fiber glut? the Internet2 did just that - added more bandwidth. do you know what the result was? neither do they. they couldn't write any applications that took advantage of more bandwidth that were seen as `important' or `innovative'.
the Internet needs smarter users. the Internet needs less corporate and government hands trying to change it to their desires.
IPv6 does help. Muticast helps more. Anycast helps as well. Mesh networking is certainly a short-term step we can take to get to better run networks (and with "more" bandwidth in the "last mile", which is where we really need it).
But those networking technologies do nothing if there are no applications to take advantage of them. We need a replacement for the web browser and email client. I see the IM client and Googlebar taking over your operating system. What do you see?
Intel seems to think that networks need to get smarter. But networks need to get dumber (i.e. more simple). Systems need to be more like OpenBSD and less like [bloated] Linux or Windows. Applications need to be smaller and more precise.
As everything becomes more and more embedded, we need to strip functionality that we don't use anymore and build applications to what we do, not what we did five (or ten, or twenty) years ago.
Open-source has always strived to provide less bloated and overall better quality software. This comes from the Unix mentality. Intel does not yet understand this approach to computing. Intel provided a hardware architecture that rivaled IBM for monolithic and for lack of innovation and growth. This is mostly thanks to Microsoft and the users of Microsoft products.
We in the open-source world and of the Unix generation have never had severe problems with viruses. We learned from the mistakes of the [original] Internet worm, and we haven't made those same mistakes again. We don't neet smart networks. We need streamlined networks, systems, and applications. Small progams with single purposes: to do one thing well.
http://www.nextelbroadband.com/ is using Mobile-Fi (IEEE 802.20). This technology is superior to WiMax in many ways. First of all, Mobile-Fi actually provides mobility today, while 802.16e will probably never provide realisitic mobility. And Mobile-Fi is very low-latency when compared to WiMax, WiFi, and 3G/3.5G/4G networks.
The primary benefit of WiMax is in the architecture. It lends itself to be very flexible. The person who mentioned it as a replacement for LMDS/MMDS and other wireless technologies is correct. The people making comparisons to ATM and Iridium are mostly incorrect.
If WiMax components become cheap, mass-marketed, and ubiquitous -- that is a good thing for everyone. Since Intel, Alcatel, and Siemens are behind the WiMax movement, there stands a good chance of this. Nokia got out of the WiMax alliance, so maybe they know something that the others do not (and maybe it's Mobile-Fi or 4G).
The WiMax POP architecture is where the true power is. Being able to mix/match licensed and unlicensed spectrum via antennas, while using the same "Access Point" electronic components for cost reasons makes complete sense. A WISP could easily build a survivable backhaul wireless network across a city, while providing the best-effort CPE/customer networks a few miles here and there on the same device.
The paper makes a note that some of this information is available on publically accessible (i.e. telnet) route-servers like those found on traceroute.org. You could list and see the source ports on the routers themselves and then attack them.
BGP depends on IBGP (internal) as well in-between ASes (external). That means you could attack IBGP as long as it had a public IP, or if you had a route to it.
Some BGP sessions would come back up automagically (some might require a manual reset (in Cisco IOS this is known as "clear ip bgp "). However, the attack could just bring them down again (every 4 minutes). BGP dampening would take effect depending on how it is configured upstream or downstream of your router(s). This would cause parts of the Internet to stay down for a long time (at least hours). Attackers could then concentrate on other targets during that time.
OSPF and BGP are not comparable. They work together. Often, BGP requires OSPF (for building a table of valid next-hops) -- but once BGP is used -- there is generally no replacement for it. OSPF would carry routes from router addresses (point-to-point links), and BGP would carry customer and ISP routes. BGP on the Internet carries the necessary 130k routes to allow the Internet to work. OSPF can only carry about 10k routes, and it hurts to even do that. IOW, OSPF does not scale to large networks such as the Internet, but BGP does.
There are many workarounds to this problem, most are identified in the advisory. People who lag behind the times could get hit [hard?] with this vulnerability, so it's always good to check and make sure your network is up to spec.
Even educated gun advocates will tell you that you'll get shot yourself if all you do is talk a big line. If you pull out a gun, you better be well-prepared to use it, and you better use it fast in the face of danger.
All this talk about killing/pwning/beating spammers is all a lie to cover up the fact that nobody wants to do anything about it. It's all talk and no action. These "would-be" killers aren't going to hurt anyone. It's their way of saying "this is somebody else's problem, but if I were to get involved, I would kill spammers, but since I don't kill people, I'll just do nothing".
Thanks to all those people out there that do nothing but threats! You're really helping! NOT!!
Maybe 99%. More people should be reading all of these documents.
If every Linux and Windows machine ran Postfix with CRM114 by default (and with manpages and documentation), this would help. Maybe a new anti-spam Linux distribution is needed. MacOSX ships with Postfix, but not CRM114.
Do you have any idea how many open-relays still exist? Why does SMTP software allow '*' open-relays in the first place? Do you know how many proxy servers are out there on the Internet? How many SOCKS4&5 proxies that just allow any SMTP to be bounced? How many are seemingly closed but available with the CONNECT method? Let's close some of our holes, and prevent software from opening them in the first place.
Also - know your enemy. Why haven't people dissected the software these creeps are using. The majority of spam comes from a program called DarkMailer or DM. Let's reverse engineer this application and figure out how it works, so our defenses can be built around the enemy's weapons and not just generalizations about spam.
Finally, let's set some ethics and procedures about how to deal with spammers. Too many is the case that people just want to beat their heads in with baseball bats or delete all their files on all their computers. This activity is not productive. It's my firm belief that if you take away their tools and educate them, less spam will be out there. You make it a war -- and that's what you'll get. Passion drives creativity and efficiency.
If Slashdot launched an article like that, then the flames would come from miles.
"If it's not broken, don't try to fix it" is the old adage that comes to mind. But no where does that talk about *improving* things, just keeping them the same way they are.
It's our fault. As geeks, we need to write more articles on why broadband will improve people's lives. We need to make the migration process easy for people. People need incentives, and sometimes hand-holding. Some things just take time.
I used Ricochet on the freeway once going 90mph and announced that I had just blew past a Subaru WRX (which just came out in the US) on IRC. If we went up to 95mph, the connection would drop. This was the 128Kbps Ricochet.
Nextel claims SLA's of typical max bw at 3Mbps and RTT of under 100ms (but the technology behind Mobile-Fi, Flash-OFDM, is capable of what I described). Note: Nextel's numbers are the way they are because they probably plan on oversubcribing their network (much like Cable modem providers do). Oversubscription is the network user's (and ultimately the network provider's) worst enemy, but it makes the bean counters happy and we all know that they run the real show (the big man has got to have more green in his pocket).
The rollout and tons of information is available
here.
Most people are willing to pay $80/month for unlimited data on 3G networks (The BEST I've received on VZ's 1xRTT network was 111Kbps and way above 200ms RTT... maybe even 250ms, but 300ms and 400ms is common). I pay $45/month for unlimited on VZ, but that requires a $30/month voice plan (but at least I get the best of both worlds since I need a cell phone anyways). So I pay $75/month and get 400 Anytime minutes + Unlimited on-net VZ, nights, and weekends *AND* unlimited 1xRTT data. I think their 1xEV-DO pricing is the same as 1xRTT, but they don't offer it yet in the Bay Area.
I would use Mobile-Fi over WiFi anyday, and even WiMAX (out at the end of this year) may not solve the problems that Mobile-Fi does today. However, that doesn't mean I don't like 802.11g or the upcoming 802.11h and 802.16e standards. They all have their uses -- but if I had to pick one technology for personal use -- I'd choose Mobile-Fi (802.20).
I'm a huge VZ and FON fan, especially their very succesful 3 year+ 1xRTT networks (which is faster than the Cingular and AT&T EDGE networks, which just rolled out 1-2 months ago).
The 1xEV-DO rollouts in NYC, DC, and SD sound truly amazing for VZ and FON.
However, I see Nextel on the horizon about to kill dead the 2.5G, 3G, and maybe even 4G networks with their new technology, Mobile-Fi (IEEE 802.20). They are in beta with it in the RTP, NC area. This stuff is up to 16Mbps with an round-trip latency of 35ms (I think they are even going to put SLA's on it) and you can use it at speeds of up to 200mph. The equipment provider is Novini.
I miss Ricochet in the SF/Bay Area, but it's never coming back at this point ;
The Internet was a government project that was mostly built/run by a corporation (BBN). Now, thanks to the Internet, educational institutions, governments, and corporations don't write Operating Systems anymore.... *WE DO*.
I would be willing to bet that over 80% of the readers and posters of Slashdot have contributed to open-source software in some "hard" way, even if it's just documentation. And 100% have contributed in "soft" ways, i.e. education of the masses, media attention, installing Linux on a friend's computer, etc.
At least somebody at Stanford has clue enough to notice that a bunch of machines got owned. They were also smart enough to write something up and get the attention of the WashingtonPost and Slashdot.
What nobody really wants to say is that this is true everywhere in the IT industry:
- The people that wrote up a security report, notified admins/users of an intrusion on their system or network, and got the attention of the WashingtonPost and Slashdot get paid X(*) dollars per year. They never get any credit for their discoveries and they won't be getting raises this year. - The executives and mid-level managers of Sun Microsystems, RedHat, Microsoft and the administration, staff, and higher-ups at Stanford, etc get paid Y(**) dollars per year. They will get all the credit for cleaning up this mess and will likely get raises this year. They'll also probably get the real media attention.
* ** Note that Y > X by such a significant amount that if the X payees knew the Y number, they would likely vomit and then quit their jobs
You gave 5 definitions, I gave one. My definition is the definition that has been used to describe the security bug process for as long as I've known the industry (12+ years). What security terminology hasn't been twisted and marketed?
Maybe my Linux/Minix analogy was bad, but I'm sticking by the definition for "zero-day". It means that the bug was a bug out of the door since it was written, only to be discovered now (days/weeks, but usually months or years later). If I were to extend the definition at all, there is some assumption that the bug finder is not the original writer.
A zero-day exploit (not necessarily and also usually not written by the same person or team who found the zero-day bug) would then mean that the exploit affects every version of code that has been released. It has nothing to do with the timing of the release (at least in my world, using my definition).
Putting an official time on a "found bug" is impossible. No one really knows, and to argue or claim you or someone else did is an invalid argument. It reminds me of fights between my sister and I when we were 4 and 8 years old... "I found it first. No I did. No I did. Infinity!!!".
Remote buffer overflows are not as big as many people say they are.
Computer systems are more likely to get compromised in the following two ways:
1) Poor choice of passwords. This is a vendor implementation problem. Computers and programs should not allow people to choose bad passwords. There should NOT be a setting to make this optional. If passwords aren't secure, why require them in the first place? 2) Exploiting a trust relationship of some kind. This is generally a protocol design problem, that quickly becomes a vendor implementation problem once found. If Microsoft stopped using old protocol/security technology to share files, print things, and authenticate users -- and adopted a SANE model where ports weren't open and available for the whole world to take over -- then we wouldn't have the remote buffer overflows, worms, or any of the big problems we have today in the security world. Patch management would mean "new features, less bugs" and not "save my computer from the worm of the week".
This guy doesn't even know the meaning of zero-day. Zero-day means that the programming bug has existed since the software was written. That means that if you discover a bug in Linux 2.6.x kernel, that bug has been around since the Minix days! It has nothing to do with being "elite" -- that's all the kiddie mumbo-jumbo.
Security "experts" (have you ever met any? oh really?) are confusing topics here. This is the same argument I've seen time and time again in the security world. Here are a few examples: 1) chroot environments 2) stack protectors
In the case of chroot environments, people were wanting to protect 99.9% of remote attacks because "kiddies" used remote buffer overflows as the primary method of breaking into computers. What happened? Somebody figured out ways of breaking out of chroot environments. It wasn't difficult. Now, kiddies and damn near everyone can read about how to break out of chroot environments. They don't protect anything when the technique/knowledge of how to break them is so widely available.
In the case of stack protectors, people again wanted to protect against 99.9% of the attacks. In this example, it's more clear because new attacks became available because of the protection methods. Buffer overflows were 99.9% of the attacks back in the day. When stack protectors started popping on the scene, tons of papers and research went into heap overflows, format string holes, shared library injection, et al. Now, buffer overflows represent maybe 60-80% of the exploits out there. Since the other methods are now well-known, stack protectors are not anywhere near full-proof, and becoming less so by the day.
Exploits are found in the wild. Anyone with ASM or C knowledge can find them, however some attacks require different ways of thinking and different coded implementations. There are many attacks against HTTP, for example, that require no knowledge of ASM or C. Anyone with the desire to find an exploit in almost any computer PROGRAM or line of code (and how many lines of code are there?).... will find one. Give a person a 6-pack of jolt and a box of Cap'N Crunch cereal, and that person will break code for fun or for profit.
Slowing down patches just makes the real hacker's results worth more. And software bugs (which what security holes are) can cause mass hysteria and even human death. Why delay a patch to a fix that could cause events such as historical software-related disasters? I see delaying patches as Armageddon. Who's with me on this?
Unispeed Netlogger and the Niksun NetVCR are probably the only good commercial sniffers available. A second prize goes to Sourcefire and others that have security-specific sniffer/NIDS systems. A third prize goes to Internap FCP (formerly NetVMG) for Internet/BGP-specific packet capture systems.
I've tried nearly every sniffer (open-source or commercial) that has been available for the past 10 or so years.
Having the right tools for the right job is so important. Here's my list of good vs. bad in the packet capture world:
Good:
1) Running 'tcpdump -vvens0 -w file.cap' will basically give anyone anything they need, period
2) arpwatch, just to have a nice list of MAC2IP's
3) argus (already mentioned here)
4) snort (although I suggest the commercial Sourcefire instead). However, `unified logging' in snort (e.g. mudpit or barnyard), along with cerebus and logtopcap can scale snort to large-installations
5) ourmon is the best pcap visualization tool out there. it's BPF+RRDTool, so it basically rules
6) After you gzip the pcap file, scp it to your Windows/Linux desktop and run Ethereal to analyze in-depth
7) NAI SnifferPro "Expert" mode is sometimes useful instead of Ethereal. However, it's not worth the money even if you have money to burn
8) tcptrace is VERY useful to run on your saved tcpdump pcap files
9) Bro, ngrep, and dsniff are well-written, albeit somewhat security-specific
10) iftop and tcpdstat ala ddittrich's preso's
Bad:
1) SnifferPro, Network Observer, Fluke, et al
2) ntop (although their website is very cool for info on packet capture)
3) ntop look-a-likes like darkstat
4) pastmon doesn't really work yet, but looks promising
5) Cisco Netflow and SPAN ports. I highly recommend Internap FCP, argus, or Bro instead of Netflow. I also highly recommend NetOptics port aggregator taps over SPAN ports, however SPAN is better than nothing
A lot of people were confusing packet creation with packet capture. For more information on packet creation, see packetfoo [PDF]
I agree with you, and everyone should take these valid points:
1) Viacom's scrolling message urging viewers to contact DishNetwork to get their programming back on air is a desperate move showing that Viacom will go to great lengths (i.e. extortion) to get more money from both DishNetwork and DishNetwork's customers.
2) Dish/Echostar is dedicated to their customers and [theoretically] will give out free HBO/CINE/SHO in exchange for the Viacom content. This would be a clear PR win for Dish/Echostar and HBO/Cinemax/Showtime. DishNetwork's customers would likely prefer this compromise. It would also cause Viacom to lose 8% of their viewers to the monsters of content (i.e. HBO) during the most critical time (April/May and the signal of summer). I watch MTV/MTV2/VH1 and Comedy Central almost exclusively, but I'll happily trade the new season of Sopranos for all that mediocre content. I also don't consider MTV/MTV2/VH1 a big loss compared to say, FUSE, which I could not live without.
Also - to follow up to other posters on this thread:
* DishNetwork is better than DTV. Any Google search will reveal this.
* Any satelitte is better than any cable. Same idea
* Kids that complain about missing Dora/Spongebob (great shows BTW) should learn to understand and cope with partial content outages like these. There are important business and life lessons to be learned from this Echostar+Viacom battle.
* Those in need of the Viacom content should seek ideal competitors (e.g. VOOM, 4DTV, "Bud" big-dishes) instead of suggesting DTV or the cable company. Two wrongs don't make a right. If more people supported things like Free-To-Air (FTA) programming, we wouldn't be discussing this situation at all. And you would see a lot less talk about stealing content, as well. A big win for everyone. That's the Internet and Slashdot way, no?
Slashdot Mirror
You may have to request that the phone company provide dial-tone with no service (no inbound and no local/LD calls). I assume there could be an install charge if there is no pre-existing wiring. I don't know if this will work in all areas, but it's worth a shot, right? This should be something that the phone company can provide (freely or cheaply) is my point.
You are welcome to your opinion, but it sounds like you are neither an operator nor a scientist.
The problem I see with your statements is that you are advocating solving poorly designed system and application problems with network-aware bloat.
You say: build a better box
I say: write cleaner code
I'm not advocating Cisco, nor am I advocating completely "dumb" network devices (but I am advocating a "dumb" core). And I agree with you - caching is important.
The network is weakest at the edges. We need to simplify the edge, but also empower it. We need the `most bang for the buck', so to speak. Mesh networking provides the current/future infrastructure for this. IPv6 provides the infrastructure for this. Anycast networking makes for a better caching mechanism (and scales). Multicasting applications and keeping "local traffic local" will buy us near-infinite amounts of bandwidth and bring most applications fully on-demand.
Complex networks like Intel's approach will bring us headaches, bloat, and "solutions to problems that will introduce new (possibly worse) problems".
Finally, with a specific focus on SPAM and Worms, I have only this to say: "Security is a process, not a product". If you want to stop SPAM and Worms, remove the writers from their chairs. I know that this takes a lot of time and effort. But what takes less time and effort is to clean up your code and respond to secure code issues in a timely fashion.
I implemented a VoIP solution for a huge office. All calls are made via digital (PRI), and can fail back to analog (FXO ports on POTS lines).
I have one POTS with no service attached to a red phone in the kitchen / open area with a big 911 sticker on it. I told the on-site IT person (as well as the managers) that in case of emergency: to use the red phone. The nicest part about it is that this phone requires no electricity from the electrical company and will run even when the power is out.
Mind you, that this phone has no service. It still has dial-tone. You can call the phone company (Verizon) by dialing "0", you can call Verizon's repair by dialing "511", and you can obviously dial "911". There is no cost to dial these three numbers usually.
Ok sure... i'll differentiate. These are just examples. I hope you get the general idea!
Good open-source:
Linux (OpenEmbedded)
BSD (OpenBSD on PowerPC)
Web server (thttpd)
So-so open-source:
Linux (Gentoo)
BSD (FreeBSD on AMD/Intel)
Web server (Apache)
Bad open-source:
Linux (RedHat)
BSD (NetBSD on a mainframe)
Web server (AOLsever)
You would think Intel would be using Juniper routers. If I were Intel I'd be more worried about Xilinx or MIPS Technologies...
the Internet doesn't need more bandwidth today. have you heard of the fiber glut? the Internet2 did just that - added more bandwidth. do you know what the result was? neither do they. they couldn't write any applications that took advantage of more bandwidth that were seen as `important' or `innovative'.
the Internet needs smarter users. the Internet needs less corporate and government hands trying to change it to their desires.
IPv6 does help. Muticast helps more. Anycast helps as well. Mesh networking is certainly a short-term step we can take to get to better run networks (and with "more" bandwidth in the "last mile", which is where we really need it).
But those networking technologies do nothing if there are no applications to take advantage of them. We need a replacement for the web browser and email client. I see the IM client and Googlebar taking over your operating system. What do you see?
Intel seems to think that networks need to get smarter. But networks need to get dumber (i.e. more simple). Systems need to be more like OpenBSD and less like [bloated] Linux or Windows. Applications need to be smaller and more precise.
As everything becomes more and more embedded, we need to strip functionality that we don't use anymore and build applications to what we do, not what we did five (or ten, or twenty) years ago.
Open-source has always strived to provide less bloated and overall better quality software. This comes from the Unix mentality. Intel does not yet understand this approach to computing. Intel provided a hardware architecture that rivaled IBM for monolithic and for lack of innovation and growth. This is mostly thanks to Microsoft and the users of Microsoft products.
We in the open-source world and of the Unix generation have never had severe problems with viruses. We learned from the mistakes of the [original] Internet worm, and we haven't made those same mistakes again. We don't neet smart networks. We need streamlined networks, systems, and applications. Small progams with single purposes: to do one thing well.
Information and communication are shared between people, not processes or computers.
The primary benefit of WiMax is in the architecture. It lends itself to be very flexible. The person who mentioned it as a replacement for LMDS/MMDS and other wireless technologies is correct. The people making comparisons to ATM and Iridium are mostly incorrect.
If WiMax components become cheap, mass-marketed, and ubiquitous -- that is a good thing for everyone. Since Intel, Alcatel, and Siemens are behind the WiMax movement, there stands a good chance of this. Nokia got out of the WiMax alliance, so maybe they know something that the others do not (and maybe it's Mobile-Fi or 4G).
The WiMax POP architecture is where the true power is. Being able to mix/match licensed and unlicensed spectrum via antennas, while using the same "Access Point" electronic components for cost reasons makes complete sense. A WISP could easily build a survivable backhaul wireless network across a city, while providing the best-effort CPE/customer networks a few miles here and there on the same device.
The paper makes a note that some of this information is available on publically accessible (i.e. telnet) route-servers like those found on traceroute.org. You could list and see the source ports on the routers themselves and then attack them.
BGP depends on IBGP (internal) as well in-between ASes (external). That means you could attack IBGP as long as it had a public IP, or if you had a route to it.
Some BGP sessions would come back up automagically (some might require a manual reset (in Cisco IOS this is known as "clear ip bgp "). However, the attack could just bring them down again (every 4 minutes). BGP dampening would take effect depending on how it is configured upstream or downstream of your router(s). This would cause parts of the Internet to stay down for a long time (at least hours). Attackers could then concentrate on other targets during that time.
OSPF and BGP are not comparable. They work together. Often, BGP requires OSPF (for building a table of valid next-hops) -- but once BGP is used -- there is generally no replacement for it. OSPF would carry routes from router addresses (point-to-point links), and BGP would carry customer and ISP routes. BGP on the Internet carries the necessary 130k routes to allow the Internet to work. OSPF can only carry about 10k routes, and it hurts to even do that. IOW, OSPF does not scale to large networks such as the Internet, but BGP does.
There are many workarounds to this problem, most are identified in the advisory. People who lag behind the times could get hit [hard?] with this vulnerability, so it's always good to check and make sure your network is up to spec.
When I actually see you beat up a spammer with a baseball bat or delete all the files on his/her computer, then I'll concede to yours.
Even educated gun advocates will tell you that you'll get shot yourself if all you do is talk a big line. If you pull out a gun, you better be well-prepared to use it, and you better use it fast in the face of danger.
All this talk about killing/pwning/beating spammers is all a lie to cover up the fact that nobody wants to do anything about it. It's all talk and no action. These "would-be" killers aren't going to hurt anyone. It's their way of saying "this is somebody else's problem, but if I were to get involved, I would kill spammers, but since I don't kill people, I'll just do nothing".
Thanks to all those people out there that do nothing but threats! You're really helping! NOT!!
If every Linux and Windows machine ran Postfix with CRM114 by default (and with manpages and documentation), this would help. Maybe a new anti-spam Linux distribution is needed. MacOSX ships with Postfix, but not CRM114.
Do you have any idea how many open-relays still exist? Why does SMTP software allow '*' open-relays in the first place? Do you know how many proxy servers are out there on the Internet? How many SOCKS4&5 proxies that just allow any SMTP to be bounced? How many are seemingly closed but available with the CONNECT method? Let's close some of our holes, and prevent software from opening them in the first place.
Also - know your enemy. Why haven't people dissected the software these creeps are using. The majority of spam comes from a program called DarkMailer or DM. Let's reverse engineer this application and figure out how it works, so our defenses can be built around the enemy's weapons and not just generalizations about spam.
Finally, let's set some ethics and procedures about how to deal with spammers. Too many is the case that people just want to beat their heads in with baseball bats or delete all their files on all their computers. This activity is not productive. It's my firm belief that if you take away their tools and educate them, less spam will be out there. You make it a war -- and that's what you'll get. Passion drives creativity and efficiency.
If Slashdot launched an article like that, then the flames would come from miles.
"If it's not broken, don't try to fix it" is the old adage that comes to mind. But no where does that talk about *improving* things, just keeping them the same way they are.
It's our fault. As geeks, we need to write more articles on why broadband will improve people's lives. We need to make the migration process easy for people. People need incentives, and sometimes hand-holding. Some things just take time.
Nextel claims SLA's of typical max bw at 3Mbps and RTT of under 100ms (but the technology behind Mobile-Fi, Flash-OFDM, is capable of what I described). Note: Nextel's numbers are the way they are because they probably plan on oversubcribing their network (much like Cable modem providers do). Oversubscription is the network user's (and ultimately the network provider's) worst enemy, but it makes the bean counters happy and we all know that they run the real show (the big man has got to have more green in his pocket).
The rollout and tons of information is available here.
Most people are willing to pay $80/month for unlimited data on 3G networks (The BEST I've received on VZ's 1xRTT network was 111Kbps and way above 200ms RTT... maybe even 250ms, but 300ms and 400ms is common). I pay $45/month for unlimited on VZ, but that requires a $30/month voice plan (but at least I get the best of both worlds since I need a cell phone anyways). So I pay $75/month and get 400 Anytime minutes + Unlimited on-net VZ, nights, and weekends *AND* unlimited 1xRTT data. I think their 1xEV-DO pricing is the same as 1xRTT, but they don't offer it yet in the Bay Area.
I would use Mobile-Fi over WiFi anyday, and even WiMAX (out at the end of this year) may not solve the problems that Mobile-Fi does today. However, that doesn't mean I don't like 802.11g or the upcoming 802.11h and 802.16e standards. They all have their uses -- but if I had to pick one technology for personal use -- I'd choose Mobile-Fi (802.20).
I'm a huge VZ and FON fan, especially their very succesful 3 year+ 1xRTT networks (which is faster than the Cingular and AT&T EDGE networks, which just rolled out 1-2 months ago).
The 1xEV-DO rollouts in NYC, DC, and SD sound truly amazing for VZ and FON.
However, I see Nextel on the horizon about to kill dead the 2.5G, 3G, and maybe even 4G networks with their new technology, Mobile-Fi (IEEE 802.20). They are in beta with it in the RTP, NC area. This stuff is up to 16Mbps with an round-trip latency of 35ms (I think they are even going to put SLA's on it) and you can use it at speeds of up to 200mph. The equipment provider is Novini.
I miss Ricochet in the SF/Bay Area, but it's never coming back at this point ;
The Internet was a government project that was mostly built/run by a corporation (BBN). Now, thanks to the Internet, educational institutions, governments, and corporations don't write Operating Systems anymore.... *WE DO*.
I would be willing to bet that over 80% of the readers and posters of Slashdot have contributed to open-source software in some "hard" way, even if it's just documentation. And 100% have contributed in "soft" ways, i.e. education of the masses, media attention, installing Linux on a friend's computer, etc.
At least somebody at Stanford has clue enough to notice that a bunch of machines got owned. They were also smart enough to write something up and get the attention of the WashingtonPost and Slashdot.
What nobody really wants to say is that this is true everywhere in the IT industry:
- The people that wrote up a security report, notified admins/users of an intrusion on their system or network, and got the attention of the WashingtonPost and Slashdot get paid X(*) dollars per year. They never get any credit for their discoveries and they won't be getting raises this year.
- The executives and mid-level managers of Sun Microsystems, RedHat, Microsoft and the administration, staff, and higher-ups at Stanford, etc get paid Y(**) dollars per year. They will get all the credit for cleaning up this mess and will likely get raises this year. They'll also probably get the real media attention.
*
** Note that Y > X by such a significant amount that if the X payees knew the Y number, they would likely vomit and then quit their jobs
Isn't this old news... like circa 1952?
You gave 5 definitions, I gave one. My definition is the definition that has been used to describe the security bug process for as long as I've known the industry (12+ years). What security terminology hasn't been twisted and marketed?
Maybe my Linux/Minix analogy was bad, but I'm sticking by the definition for "zero-day". It means that the bug was a bug out of the door since it was written, only to be discovered now (days/weeks, but usually months or years later). If I were to extend the definition at all, there is some assumption that the bug finder is not the original writer.
A zero-day exploit (not necessarily and also usually not written by the same person or team who found the zero-day bug) would then mean that the exploit affects every version of code that has been released. It has nothing to do with the timing of the release (at least in my world, using my definition).
Putting an official time on a "found bug" is impossible. No one really knows, and to argue or claim you or someone else did is an invalid argument. It reminds me of fights between my sister and I when we were 4 and 8 years old... "I found it first. No I did. No I did. Infinity!!!".
Remote buffer overflows are not as big as many people say they are.
Computer systems are more likely to get compromised in the following two ways:
1) Poor choice of passwords. This is a vendor implementation problem. Computers and programs should not allow people to choose bad passwords. There should NOT be a setting to make this optional. If passwords aren't secure, why require them in the first place?
2) Exploiting a trust relationship of some kind. This is generally a protocol design problem, that quickly becomes a vendor implementation problem once found. If Microsoft stopped using old protocol/security technology to share files, print things, and authenticate users -- and adopted a SANE model where ports weren't open and available for the whole world to take over -- then we wouldn't have the remote buffer overflows, worms, or any of the big problems we have today in the security world. Patch management would mean "new features, less bugs" and not "save my computer from the worm of the week".
This guy doesn't even know the meaning of zero-day. Zero-day means that the programming bug has existed since the software was written. That means that if you discover a bug in Linux 2.6.x kernel, that bug has been around since the Minix days! It has nothing to do with being "elite" -- that's all the kiddie mumbo-jumbo.
Security "experts" (have you ever met any? oh really?) are confusing topics here. This is the same argument I've seen time and time again in the security world. Here are a few examples:
1) chroot environments
2) stack protectors
In the case of chroot environments, people were wanting to protect 99.9% of remote attacks because "kiddies" used remote buffer overflows as the primary method of breaking into computers. What happened? Somebody figured out ways of breaking out of chroot environments. It wasn't difficult. Now, kiddies and damn near everyone can read about how to break out of chroot environments. They don't protect anything when the technique/knowledge of how to break them is so widely available.
In the case of stack protectors, people again wanted to protect against 99.9% of the attacks. In this example, it's more clear because new attacks became available because of the protection methods. Buffer overflows were 99.9% of the attacks back in the day. When stack protectors started popping on the scene, tons of papers and research went into heap overflows, format string holes, shared library injection, et al. Now, buffer overflows represent maybe 60-80% of the exploits out there. Since the other methods are now well-known, stack protectors are not anywhere near full-proof, and becoming less so by the day.
Exploits are found in the wild. Anyone with ASM or C knowledge can find them, however some attacks require different ways of thinking and different coded implementations. There are many attacks against HTTP, for example, that require no knowledge of ASM or C. Anyone with the desire to find an exploit in almost any computer PROGRAM or line of code (and how many lines of code are there?).... will find one. Give a person a 6-pack of jolt and a box of Cap'N Crunch cereal, and that person will break code for fun or for profit.
Slowing down patches just makes the real hacker's results worth more. And software bugs (which what security holes are) can cause mass hysteria and even human death. Why delay a patch to a fix that could cause events such as historical software-related disasters? I see delaying patches as Armageddon. Who's with me on this?
I've tried nearly every sniffer (open-source or commercial) that has been available for the past 10 or so years.
Having the right tools for the right job is so important. Here's my list of good vs. bad in the packet capture world:
Good:
1) Running 'tcpdump -vvens0 -w file.cap' will basically give anyone anything they need, period
2) arpwatch, just to have a nice list of MAC2IP's
3) argus (already mentioned here)
4) snort (although I suggest the commercial Sourcefire instead). However, `unified logging' in snort (e.g. mudpit or barnyard), along with cerebus and logtopcap can scale snort to large-installations
5) ourmon is the best pcap visualization tool out there. it's BPF+RRDTool, so it basically rules
6) After you gzip the pcap file, scp it to your Windows/Linux desktop and run Ethereal to analyze in-depth
7) NAI SnifferPro "Expert" mode is sometimes useful instead of Ethereal. However, it's not worth the money even if you have money to burn
8) tcptrace is VERY useful to run on your saved tcpdump pcap files
9) Bro, ngrep, and dsniff are well-written, albeit somewhat security-specific
10) iftop and tcpdstat ala ddittrich's preso's
Bad:
1) SnifferPro, Network Observer, Fluke, et al
2) ntop (although their website is very cool for info on packet capture)
3) ntop look-a-likes like darkstat
4) pastmon doesn't really work yet, but looks promising
5) Cisco Netflow and SPAN ports. I highly recommend Internap FCP, argus, or Bro instead of Netflow. I also highly recommend NetOptics port aggregator taps over SPAN ports, however SPAN is better than nothing
A lot of people were confusing packet creation with packet capture. For more information on packet creation, see packetfoo [PDF]
1) Viacom's scrolling message urging viewers to contact DishNetwork to get their programming back on air is a desperate move showing that Viacom will go to great lengths (i.e. extortion) to get more money from both DishNetwork and DishNetwork's customers.
2) Dish/Echostar is dedicated to their customers and [theoretically] will give out free HBO/CINE/SHO in exchange for the Viacom content. This would be a clear PR win for Dish/Echostar and HBO/Cinemax/Showtime. DishNetwork's customers would likely prefer this compromise. It would also cause Viacom to lose 8% of their viewers to the monsters of content (i.e. HBO) during the most critical time (April/May and the signal of summer). I watch MTV/MTV2/VH1 and Comedy Central almost exclusively, but I'll happily trade the new season of Sopranos for all that mediocre content. I also don't consider MTV/MTV2/VH1 a big loss compared to say, FUSE, which I could not live without.
Also - to follow up to other posters on this thread:
* DishNetwork is better than DTV. Any Google search will reveal this.
* Any satelitte is better than any cable. Same idea
* Kids that complain about missing Dora/Spongebob (great shows BTW) should learn to understand and cope with partial content outages like these. There are important business and life lessons to be learned from this Echostar+Viacom battle.
* Those in need of the Viacom content should seek ideal competitors (e.g. VOOM, 4DTV, "Bud" big-dishes) instead of suggesting DTV or the cable company. Two wrongs don't make a right. If more people supported things like Free-To-Air (FTA) programming, we wouldn't be discussing this situation at all. And you would see a lot less talk about stealing content, as well. A big win for everyone. That's the Internet and Slashdot way, no?