What about the part where the DHCP "service" talks to the DHCP server at time (lease/2) to see if the client can renew the lease? That communication is initiated on the client end.
One does not need an open "port" to send ARP traffic.
Methinks you know just enough to be dangerous but you are not aware of the full picture. For someone with a relatively low UID, that's surprising.
on a side note, we just spent a lot on an SSL VPN (in addition to our traditional VPN) solution so that any of our users that want to access our intranet from home need to go through that SSL VPN. Why did we buy this? Because we have 140,000+ employees and the _majority_ of those home users had viruses that were trying to get into our network and we had to protect our MS Win based servers (not our Linux or Solaris servers)!
Amen, brother!!
It's no longer safe to give someone a "traditional" IPsec VPN client, let them install it on their home PC and then let that PC see your entire 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16. Those days are gone now. If you open yourself up to those "unprotected" home PCs, expect a worm to crawl up that VPN pipe.
I am also a big fan of using SSL VPN as much as possible. It exposes only what is necessary to get the job done, not all 65535 ports on a given host.
Even with the IPsec tunnel feature (new in Network Connect 5.0) on our Juniper SSL VPNs, I only open the exact ports and IPs addresses that a remote system needs to see. PCs at the far end of that tunnel don't get to see every port and they sure don't get to see every host on our internal network.
The other thing I've been thinking about is to put a decent IDP (like the Juniper IDP) between our old IPsec concentrator (Cisco 3000) and our internal network to provide a layer of protection between the remote PCs and our internal network.
Before folks says "Hey, you can lock down a 3000 to the exact port and IP address for each user group!", I know that. But our solution was not rolled-out that way. Going back and "adding" security to an existing remote access solution is going to be tough. It's easier for me to do things "the right way" as I configure new connections on our SSL VPN appliances.
Another cool feature of the SSL VPN solution is that the concentrator can *require* that a certain anti-virus be installed and runnig before it will allow a user to connect. On the Juniper product, this is called "Host Checker". You can have the IVE check the remote host for a variety of conditions to make sure its security posture meets your standards before the connection is completed. Yes, the Cisco VPN client does this but not as elegantly.
I agree with your viewpoint (not having IDS systems generate blocking commands that firewalls then enforce). This can easily lead to Dos.
But, I have done a similar thing with the Honeypot feature on the Juniper IDS. If you enable the Honeypot and a remote system "touches" the Honeypot, that system gets blocked for an amount of time that you set.
This is quite handy for infected machines that scan subnets looking for other systems to infect. I would put the Honeypot address at the lowest address of the "outside" subnet. If a remote system is going to scan my entire outside subnet, starting from the bottom and working it's way up, it's going to touch the honeypot first. When the remote system touches the honeypot during the first part of its scan of my external subnet, the IDP adds that remote address to a list of IPs that are blocked.
By the time the remote system gets around to scanning the IP addresses where my externally-exposed servers really live, those incoming packets from the remote server are dropped, my servers never see them and the remote system thinks I don't have any systems exposed to the Internet.
Of course, if someone found out I was using this feature, they could spoof the source address and pretend to be a system I need to talk to and that could cause problems for my network.
But that logic employed in the grandparent post was also employed in the original Star Trek series. Kirk convinced "Nomad" that he (Nomad) was flawed and therefore it had to "sterilize" itself. While Nomad sat there at 100% CPU util, Kirk and Scotty locked the anti-gravs on Nomad, carried his metal ass to the transporter room and beamed him into Deep Space.
You post contains all the right buzzwords to make it sound like you know what you are talking about. But your focus is extremely narrow which says that you are probably not a healthcare professional.
There are treatments other than just the SSRI family that affect mood disorders . Also, just because you (or medical science) doesn't understand today how a drug benefits a patient, that doesn't keep the drug from working. See my earlier post on Depakote. It's an anti-convulsant that also happens to work on some folks who have bipolar disorder. Also take a look at Neurontin (which I also mentioned). It's a painkiller but is also being prescribed for a number of "off label" uses including treating mood disorders. Medical science can not accurately describe how Neurontin works its magic for people with mood disorders. But the patients do feel better.
Just because you don't understand how the VNS affect mood does not mean there is not a beneficial effect.
Nearly every current line of treatment that I know of has nothing to do with vagus nerve stimulation.
Just for my own entertainment, what is your medical background and what are the various lines of treatment that you are aware of?
Actually, just wanted to point out that ECT isn't anything horrifying or disturbing to watch these days.
Gotta disagree with you there. I watched a documentary a few years ago on how ECT is currently perfomed. It showed the whole treatment.
Watching the doctor shock a patient (in the head!) who was paralyzed until that one foot started twitching really turned my stomach. So, yes, it was disturbing for me to watch. And I am not usually squeamish.
I've very glad that the treatment has provided relief for you. (No sarcasm). I think you are in the minority when it comes to "successful ECT patients"
But that documentary showed the treatment and then people who's life have been made worse by ECT because it wiped-out their memories, drastically changed their personalities and made them into drones.
You know, it was less than 100 years ago that doctors through they were helping patients by pushing a sharp instrument up the patient's nose and scrambling a part of the brain. Thankfully that practice has gone away. As I said in an earlier post, I hope I live long enough to see ECT exist nowhere other than a history book.
"Current ECT treatment involves sedating the patient and basically inducing a mild seizure under a controlled environment"
Actually, ECT treatment involves giving the patient a drug which paralyzes the entire body except for one foot (which has a tourniquet on it to prevent the paralyzing drug from getting into the foot). Electrical current is applied to the patient's head until a seizure is induced in the brain. How do you know when the seizure starts? By watching the foot that is not "frozen". It starts to twitch during the seizure.
So when you say "sedated", the patient is actually paralyzed so their body doesn't move during the seizure.
Also, the use of ECT is not limited to people who are barely functional. It is sometime tried on people who are quite mobile and desperately trying to find a cure to severe depression.
I like the part where you said "ECT, done correctly,". When you are talking about paralyzing someone with a drug and then shocking their head until a seizure is caused, how can that be described as "done correctly"? If you did something like this to dogs or cats and the local police found out, you'd be in jail so fast your head would spin.
I don't see your point. It's possible with imaging technology to see chemical changes in the brain associated with certain behaviors. Severe depressives have a markedly altered brain chemistry that sets them apart from people who're just plain ol' depressed. They're even more distinguished in that the radical imbalance lasts for inordinate periods of time.
Can you post some (credible) links that mention the use of imaging technology to diagnose mood disorders? I'm pretty familiar with mood disorders and their treatment and have never heard of anyone being able to "see" a difference during a brain scan. Also, I've worked in some medical research environments so I got to see the "cutting edge" in imaging. They weren't even close to being able to diagnose mood disorders with a PET or MRI.
I'd love for this to have changed. Please supply links that describe the institution and the imaging method that was employed as a diagnostic tool.
Lawpoop, I agreed with your first post. This one is a little off the mark. If you said "There is no PET scan or any kind of thing that would tell you definately, 'this person has depression'" you would be on target.
Your post seems to apply that some forms of depression can be seen with high-priced imaging equipment while other can not. The truth is that *no* degree of depression can be seen with any imaging machine.
Lawpoop's comments are right-on-the-mark. You, AC, are the idiot. You might learn something if you re-read Lawpoop's post and listened to what he/she has to say.
It's so effective that patients often want to undergo the same treatment if their depression returns.
Unless you have first-hand experience or can provide links to reputable medical sources, I call bullshit.
Never use "ECT" and "effective" in the same sentence.
Anyone who would "agree" to ECT twice probably doesn't have enough brain left to decide what is best for themselves.
I hope I live long enough to see ECT made illegal. It's this generation's "eugenics". That practice was legal at one time. But once the Nazis adopted it, it quickly became taboo. I hope something similar happens with ECT. It would be a very good thing if the only way our grandchildren found out about ECT was in their medical history books.
From my experiences with Depakote and conversations with medical doctors, Depakote is not exactly a narrow-focused drug. It affects many areas of the brain. It is not a very selective medication.
Yes, it is an anti-convulsant. Yes, it is also an effective treatment for bipolar disorder. But I don't think that links epilepsy and bipolar disorder.
The best analogy I could come up with is: Gasoline is a decent solvent for washing paint brushes. Gasoline is also a good fuel for internal combustion engines. But dirty paint brushes and gas engines are not related.
I wouldn't use Depakote as the link that ties "epilepsy" and "bipolar disorder together".
[But there are other anti-convulsants like Neurontin that work on mood disorders as well so that may shoot a hole in my theory.]
Wow, that is a pretty lame suggestion. I can't tell if you are serious or just trolling.
If you were being serious in your post, how does your little login script handle attacks where someone gains control of the system without "logging in"?
If you want to have a bit of fun while at the meter try out this game; Turn off all electrical devices. One person then runs though the house turning on all the power they can while another counts the meters rotation for a set time. The person who can turn the meter the most wins:)
This is just plain stupid (in addition to being wasteful).
How long did it take you to figure out that "electric oven + electric clothes dryer + central air" (or whatever hi-draw appliances you have in your home) is the quickest way to make the pretty little wheel spin?
Slashdot Mirror
What about the part where the DHCP "service" talks to the DHCP server at time (lease/2) to see if the client can renew the lease? That communication is initiated on the client end.
One does not need an open "port" to send ARP traffic.
Methinks you know just enough to be dangerous but you are not aware of the full picture. For someone with a relatively low UID, that's surprising.
That's a pretty sizable collection of warm bodies.
:^)
Your company Christmas party must be visible from outer space.
on a side note, we just spent a lot on an SSL VPN (in addition to our traditional VPN) solution so that any of our users that want to access our intranet from home need to go through that SSL VPN. Why did we buy this? Because we have 140,000+ employees and the _majority_ of those home users had viruses that were trying to get into our network and we had to protect our MS Win based servers (not our Linux or Solaris servers)!
Amen, brother!!
It's no longer safe to give someone a "traditional" IPsec VPN client, let them install it on their home PC and then let that PC see your entire 10.0.0.0/8, 172.16.0.0/12 or 192.168.0.0/16. Those days are gone now. If you open yourself up to those "unprotected" home PCs, expect a worm to crawl up that VPN pipe.
I am also a big fan of using SSL VPN as much as possible. It exposes only what is necessary to get the job done, not all 65535 ports on a given host.
Even with the IPsec tunnel feature (new in Network Connect 5.0) on our Juniper SSL VPNs, I only open the exact ports and IPs addresses that a remote system needs to see. PCs at the far end of that tunnel don't get to see every port and they sure don't get to see every host on our internal network.
The other thing I've been thinking about is to put a decent IDP (like the Juniper IDP) between our old IPsec concentrator (Cisco 3000) and our internal network to provide a layer of protection between the remote PCs and our internal network.
Before folks says "Hey, you can lock down a 3000 to the exact port and IP address for each user group!", I know that. But our solution was not rolled-out that way. Going back and "adding" security to an existing remote access solution is going to be tough. It's easier for me to do things "the right way" as I configure new connections on our SSL VPN appliances.
Another cool feature of the SSL VPN solution is that the concentrator can *require* that a certain anti-virus be installed and runnig before it will allow a user to connect. On the Juniper product, this is called "Host Checker". You can have the IVE check the remote host for a variety of conditions to make sure its security posture meets your standards before the connection is completed. Yes, the Cisco VPN client does this but not as elegantly.
Holy fuck! It looks like that run-in with the speed bump broke your spell checker too!
:^)
I haven't seen that many occurances of "Axel" in print since GnR split up.
because we don't allow IPX to cross the router...
...and communicate with the 21st century.
;^)
Holy cow! I haven't seen the name "Thomas Covenant" for about 20 years. I read that series when I was in high school.
I should hunt those books down and read them again. Good stuff.
I wish I had mod points today. You'd get a point from me just for bringing back memories of some very good books.
Have you read the Thomas Covenant books recently or do you have a memory like a steel trap?
I agree with your viewpoint (not having IDS systems generate blocking commands that firewalls then enforce). This can easily lead to Dos.
But, I have done a similar thing with the Honeypot feature on the Juniper IDS. If you enable the Honeypot and a remote system "touches" the Honeypot, that system gets blocked for an amount of time that you set.
This is quite handy for infected machines that scan subnets looking for other systems to infect. I would put the Honeypot address at the lowest address of the "outside" subnet. If a remote system is going to scan my entire outside subnet, starting from the bottom and working it's way up, it's going to touch the honeypot first. When the remote system touches the honeypot during the first part of its scan of my external subnet, the IDP adds that remote address to a list of IPs that are blocked.
By the time the remote system gets around to scanning the IP addresses where my externally-exposed servers really live, those incoming packets from the remote server are dropped, my servers never see them and the remote system thinks I don't have any systems exposed to the Internet.
Of course, if someone found out I was using this feature, they could spoof the source address and pretend to be a system I need to talk to and that could cause problems for my network.
It's definitely a double-edged sword.
But that logic employed in the grandparent post was also employed in the original Star Trek series. Kirk convinced "Nomad" that he (Nomad) was flawed and therefore it had to "sterilize" itself. While Nomad sat there at 100% CPU util, Kirk and Scotty locked the anti-gravs on Nomad, carried his metal ass to the transporter room and beamed him into Deep Space.
:^)
Paradox or not, it works.
You post contains all the right buzzwords to make it sound like you know what you are talking about. But your focus is extremely narrow which says that you are probably not a healthcare professional.
There are treatments other than just the SSRI family that affect mood disorders . Also, just because you (or medical science) doesn't understand today how a drug benefits a patient, that doesn't keep the drug from working. See my earlier post on Depakote. It's an anti-convulsant that also happens to work on some folks who have bipolar disorder. Also take a look at Neurontin (which I also mentioned). It's a painkiller but is also being prescribed for a number of "off label" uses including treating mood disorders. Medical science can not accurately describe how Neurontin works its magic for people with mood disorders. But the patients do feel better.
Just because you don't understand how the VNS affect mood does not mean there is not a beneficial effect.
Nearly every current line of treatment that I know of has nothing to do with vagus nerve stimulation.
Just for my own entertainment, what is your medical background and what are the various lines of treatment that you are aware of?
Depression is not a disease. It's a state of mind
I just dropped an envelope containing a ten-spot in the mail. When it arrives at your house, GO OUT AND BUY A CLUE!
True dat, true dat.
Actually, just wanted to point out that ECT isn't anything horrifying or disturbing to watch these days.
Gotta disagree with you there. I watched a documentary a few years ago on how ECT is currently perfomed. It showed the whole treatment.
Watching the doctor shock a patient (in the head!) who was paralyzed until that one foot started twitching really turned my stomach. So, yes, it was disturbing for me to watch. And I am not usually squeamish.
I've very glad that the treatment has provided relief for you. (No sarcasm). I think you are in the minority when it comes to "successful ECT patients"
But that documentary showed the treatment and then people who's life have been made worse by ECT because it wiped-out their memories, drastically changed their personalities and made them into drones.
You know, it was less than 100 years ago that doctors through they were helping patients by pushing a sharp instrument up the patient's nose and scrambling a part of the brain. Thankfully that practice has gone away. As I said in an earlier post, I hope I live long enough to see ECT exist nowhere other than a history book.
"Current ECT treatment involves sedating the patient and basically inducing a mild seizure under a controlled environment"
Actually, ECT treatment involves giving the patient a drug which paralyzes the entire body except for one foot (which has a tourniquet on it to prevent the paralyzing drug from getting into the foot). Electrical current is applied to the patient's head until a seizure is induced in the brain. How do you know when the seizure starts? By watching the foot that is not "frozen". It starts to twitch during the seizure.
So when you say "sedated", the patient is actually paralyzed so their body doesn't move during the seizure.
Also, the use of ECT is not limited to people who are barely functional. It is sometime tried on people who are quite mobile and desperately trying to find a cure to severe depression.
I like the part where you said "ECT, done correctly,". When you are talking about paralyzing someone with a drug and then shocking their head until a seizure is caused, how can that be described as "done correctly"? If you did something like this to dogs or cats and the local police found out, you'd be in jail so fast your head would spin.
I don't see your point. It's possible with imaging technology to see chemical changes in the brain associated with certain behaviors. Severe depressives have a markedly altered brain chemistry that sets them apart from people who're just plain ol' depressed. They're even more distinguished in that the radical imbalance lasts for inordinate periods of time.
Can you post some (credible) links that mention the use of imaging technology to diagnose mood disorders? I'm pretty familiar with mood disorders and their treatment and have never heard of anyone being able to "see" a difference during a brain scan. Also, I've worked in some medical research environments so I got to see the "cutting edge" in imaging. They weren't even close to being able to diagnose mood disorders with a PET or MRI.
I'd love for this to have changed. Please supply links that describe the institution and the imaging method that was employed as a diagnostic tool.
I wish I had not posted to this discussion so that I could mod your stupid-ass comment down to minus one. Yes, I *do* have mod points today.
Lawpoop, I agreed with your first post. This one is a little off the mark. If you said "There is no PET scan or any kind of thing that would tell you definately, 'this person has depression'" you would be on target.
Your post seems to apply that some forms of depression can be seen with high-priced imaging equipment while other can not. The truth is that *no* degree of depression can be seen with any imaging machine.
Lawpoop's comments are right-on-the-mark. You, AC, are the idiot. You might learn something if you re-read Lawpoop's post and listened to what he/she has to say.
Riiiiiiiiight. Send me some links on the "medically proven."
The only thing it's proven to do is A) take money out of your wallet and B) make you more sensitive to sunlight if you consume enough.
It's so effective that patients often want to undergo the same treatment if their depression returns.
Unless you have first-hand experience or can provide links to reputable medical sources, I call bullshit.
Never use "ECT" and "effective" in the same sentence.
Anyone who would "agree" to ECT twice probably doesn't have enough brain left to decide what is best for themselves.
I hope I live long enough to see ECT made illegal. It's this generation's "eugenics". That practice was legal at one time. But once the Nazis adopted it, it quickly became taboo. I hope something similar happens with ECT. It would be a very good thing if the only way our grandchildren found out about ECT was in their medical history books.
From my experiences with Depakote and conversations with medical doctors, Depakote is not exactly a narrow-focused drug. It affects many areas of the brain. It is not a very selective medication.
Yes, it is an anti-convulsant. Yes, it is also an effective treatment for bipolar disorder. But I don't think that links epilepsy and bipolar disorder.
The best analogy I could come up with is: Gasoline is a decent solvent for washing paint brushes. Gasoline is also a good fuel for internal combustion engines. But dirty paint brushes and gas engines are not related.
I wouldn't use Depakote as the link that ties "epilepsy" and "bipolar disorder together".
[But there are other anti-convulsants like Neurontin that work on mood disorders as well so that may shoot a hole in my theory.]
...and VAXen (capitalized because it is, after all, an acronym) were never "mainframes".
Wow, that is a pretty lame suggestion. I can't tell if you are serious or just trolling.
If you were being serious in your post, how does your little login script handle attacks where someone gains control of the system without "logging in"?
-s
Curse not our fine city-by-the-lake, my friend.
;^)
:^)
Lots of people would kill to have our selection of summer festivals. Ooops, that may have been a poor choice of words given recent events....
Festa is right around the corner!
I'm an amateur financial enthusiast but I strongly suggest anyone thinks twice before buying any mutual funds in this climate.
Mr. Amateur Financial Analyst, I take it you've never heard of "Buy at the sound of cannons, sell at the sound of trumpets!"
If you want to have a bit of fun while at the meter try out this game; Turn off all electrical devices. One person then runs though the house turning on all the power they can while another counts the meters rotation for a set time. The person who can turn the meter the most wins :)
This is just plain stupid (in addition to being wasteful).
How long did it take you to figure out that "electric oven + electric clothes dryer + central air" (or whatever hi-draw appliances you have in your home) is the quickest way to make the pretty little wheel spin?