-----BEGIN PGP SIGNED MESSAGE----- Howdy :) 1. Does anybody know, what happened to the International PGP-Homepage (http//www.ifi.uio.no/PGP/)? It comes up as "Link not found" (?!) Also Staales personal page (http://www.ifi.uio.no/~staalesc/) seems to be gone... 2. A friend of mine is using Linux and Elm. I recently got her to use PGP, but the poor thing does everything manually via command lines. Can anybody recommend some good front-end's available for Linux-Elm? Ciao Harka /*************************************************************/ /* This user supports FREE SPEECH ONLINE ...more info at */ /* and PRIVATE ONLINE COMMUNICATIONS! -> http://www.epic.org */ /* E-mail: harka(at)nycmetro.com (PGP-encrypted mail pref'd) */ /* PGP public key available upon request. [KeyID: 04174301] */ /* F-print: FD E4 F8 6D C1 6A 44 F5 28 9C 40 6E B8 94 78 E8 */ /*<<<<<<<<<<<<<<<<<<<<<<<<<<<<<>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>*/ /* May there be peace in this world, may all anger dissolve */ /* and may all living beings find the way to happiness... */ /*************************************************************/ ... Want to use PGP? --> http://bureau42.base.org/public/pgpsteps.txt -----BEGIN PGP SIGNATURE----- Version: 2.6.2 iQEVAgUBM2JpPTltEBIEF0MBAQGnHwf9FEKh2mDV3xLhfeCX4UG823cB34qXyEl5 zyh2OeVwN8U21H2Vq09vv0OMKR4ObLRRA6xKRtQgRsSDZUEnsWvfp+O5tD7MRlvo CWH+TbPufzYsLXs6HtGVU6i8ImvN75WY7VuE1+cyYCzscR8M2l0wGlNGdnhvPg0X HQ7EZsLbcppdq8G73jBpoviLWxWD5JjjTmEbBg2yMI8stx84WwzcYy/LGj9nTc0t J4jFUcvT4RDWwWveiGY4vHrAe2338VQARmBDpsItAaWDYbMU7TJQoJ8OF73/iYoJ tRg3S0cuUFwzvJPGpvWEsDJHOlsQGg06WjVSgRfxeNaeEK5w3bOthA== =rDLZ -----END PGP SIGNATURE----- If encryption is outlawed, only outlaws will have encryption...
At 04:29 PM 4/26/97 -0500, harka@nycmetro.com wrote:
1. Does anybody know, what happened to the International PGP-Homepage (http//www.ifi.uio.no/PGP/)? It comes up as "Link not found" (?!) Also Staales personal page (http://www.ifi.uio.no/~staalesc/) seems to be gone...
It's there now.... must have been a glitch. # Thanks; Bill # Bill Stewart, +1-415-442-2215 stewarts@ix.netcom.com # You can get PGP outside the US at ftp.ox.ac.uk/pub/crypto/pgp # (If this is a mailing list, please Cc: me on replies. Thanks.)
-----BEGIN PGP SIGNED MESSAGE----- At 10:46 AM 4/27/97 -0700, Bill Stewart wrote:
At 04:29 PM 4/26/97 -0500, harka@nycmetro.com wrote:
1. Does anybody know, what happened to the International PGP-Homepage (http//www.ifi.uio.no/PGP/)? It comes up as "Link not found" (?!) Also Staales personal page (http://www.ifi.uio.no/~staalesc/) seems to be gone...
It's there now.... must have been a glitch.
I have been noticing a problem contacting sites all over Northern and Central Europe. I mirror selected crypto sites on a local system (for personal use, not general distribution or FTP) and have noticed that I cannot get a reliable mirror off of a couple of different sites. sable.ox.ac.uk, hacktic.nl, win.tue.nl and ftp.orpht.lu have all been unreliable/unreachable the last few days. I am not certain if this is a bandwidth issue or if someone is activly interfearing with sites dealing in Unix Security/Crypto software. (ftp.funet.fi has been tempermental, but reachable. Sites in other areas have been unaffected.) Anyone have more data on this? -----BEGIN PGP SIGNATURE----- Version: 4.5 iQEVAwUBM2PI8+QCP3v30CeZAQHigQf+PjNmUdO4K6JMXOKiZZXhf7o5pB88Wqcx 4vkj5z2+jqFUZ1t+O+2LASIY7n9hWaQQDSPVmuMs1wLmnZo1fmtx2TO9WS5+Z1uN OvFDdDpLsqshKA4jz43Ch79xePDXZLWpXfA0SpmoL2Wzc9Gtc1D9/k9JdGky1UDv M7nnNY4vUpbkj7+jCguSnv6/V6/MdUIyy5pbn7DYjvLdZoPpa+D446vkAsb46UyI ucw6PMWrhZVMViDY6JrRulEOeAZ4F/4OXOT8e9JZC74+YZSUda5z2kfkxmzpQRlH d7+X4C7EXTeGjDajo3poRYYHZihO7VHV4eFX7wFZStfF2uzk5ZWfNA== =WieQ -----END PGP SIGNATURE----- --- | "Mi Tio es infermo, pero la carretera es verde!" | |"The moral PGP Diffie taught Zimmermann unites all| Disclaimer: | | mankind free in one-key-steganography-privacy!" | Ignore the man | |`finger -l alano@teleport.com` for PGP 2.6.2 key | behind the keyboard.| | http://www.ctrl-alt-del.com/~alan/ |alan@ctrl-alt-del.com|
Alan Olsen writes:
At 10:46 AM 4/27/97 -0700, Bill Stewart wrote:
At 04:29 PM 4/26/97 -0500, harka@nycmetro.com wrote:
1. Does anybody know, what happened to the International PGP-Homepage (http//www.ifi.uio.no/PGP/)? It comes up as "Link not found" (?!) Also Staales personal page (http://www.ifi.uio.no/~staalesc/) seems to be gone...
It's there now.... must have been a glitch.
I have been noticing a problem contacting sites all over Northern and Central Europe.
I mirror selected crypto sites on a local system (for personal use, not general distribution or FTP) and have noticed that I cannot get a reliable mirror off of a couple of different sites. sable.ox.ac.uk, hacktic.nl, win.tue.nl and ftp.orpht.lu have all been unreliable/unreachable the last few days. I am not certain if this is a bandwidth issue or if someone is activly interfearing with sites dealing in Unix Security/Crypto software. (ftp.funet.fi has been tempermental, but reachable. Sites in other areas have been unaffected.)
Anyone have more data on this?
Yea, it's a problem with a Sprint customer who put out a bunch of bogus routes. Since friday I have been having problems connecting to various sites, not all of them security-related. According to an article in the Mercury News (info from more technically knowledgable sources welcome): A problem at an Internet service provider in Virginia triggered a massive logjam on the Internet Friday, but the trouble was cleared up later in the day, Sprint Corp. said. A customer of MAI Network Services, a McLean, Va.-based Internet provider that is among 900 companies that buy wholesale access to the Net from Sprint, entered 10,000 duplicate routes to the Internet backbone. That caused massive access delays for an undetermined number of users, a Sprint spokes man said. I wonder how long it'll be possible for unauthenticated/unapproved people to mess around with routers. Eventually the net will become so important (because so much business involves it) that a large outage will cost a lot of important people money. They'll demand that politicians "do something" to fix it. It's a safe bet that instead of doing what hackers/software engineers/IETF members would do to solve the problem, namely re-designing things so that a single error can't bring down the whole net, they'll just pass a law requiring that anyone who wants the 'enable' password to a cisco have first passed a government-approved "Internet Administrators Class" and gotten a license. -- Eric Murray ericm@lne.com Privacy through technology! Network security and encryption consulting. PGP keyid:E03F65E5
I have been noticing a problem contacting sites all over Northern and Central Europe.
Sprint's network was somewhat overloaded due to the bogus routes redirecting traffic onto their network. I doubt the problem spread as far as Europe, at least on a widespread basis. We have about 200 sites worldwide, only a few actually connected to Sprint. We only saw intermittent failures reaching some sites for about an hour. The problem occured at about 11:30 a.m. EDT, when the routers in question began sending invalid paths. The routers were shutdown at 12:15. Re-convergence might have taken another 20 mins. or so.
A problem at an Internet service provider in Virginia triggered a massive logjam on the Internet Friday, but the trouble was cleared up later in the day, Sprint Corp. said. A customer of MAI Network Services, a McLean, Va.-based Internet provider that is among 900 companies that buy wholesale access to the Net from Sprint, entered 10,000 duplicate routes to the Internet backbone. That caused massive access delays for an undetermined number of users, a Sprint spokes man said.
FLX. ASN 7007. The Sprint router took in 72,000 bogus routes from the downstream source before it crapped out. A lot of traffic ended up being re-directed to Sprint as a result of the route problem, causing them to haul higher than normal levels of traffic.
I wonder how long it'll be possible for unauthenticated/unapproved people to mess around with routers.
Sprint probably should have been filtering routes / AS_PATH (insert debate here) from its downstreams. This is a management challenge, but Bad Things(tm) can happen if you don't.
can't bring down the whole net, they'll just pass a law requiring that anyone who wants the 'enable' password to a cisco have first passed a government-approved "Internet Administrators Class" and gotten a license.
Why are you picking on Cisco? The equipment in question was a pair of Bay Networks BLN routers. The jury is still out as to whether this was a Bay bug or a config screw-up. -r.w.
Rabid Wombat writes:
I have been noticing a problem contacting sites all over Northern and Central Europe.
Sprint's network was somewhat overloaded due to the bogus routes redirecting traffic onto their network. I doubt the problem spread as far as Europe, at least on a widespread basis. We have about 200 sites worldwide, only a few actually connected to Sprint. We only saw intermittent failures reaching some sites for about an hour.
Hmm. I saw problems friday and saturday. Saturday I was checking URLs in a book on hacking and security that I'm editing, and a number of ordinarily reachable sites were down. Traceroutes to them showed wierd routing problems, mostly routing 'loops'.
I wonder how long it'll be possible for unauthenticated/unapproved people to mess around with routers.
Sprint probably should have been filtering routes / AS_PATH (insert debate here) from its downstreams. This is a management challenge, but Bad Things(tm) can happen if you don't.
can't bring down the whole net, they'll just pass a law requiring that anyone who wants the 'enable' password to a cisco have first passed a government-approved "Internet Administrators Class" and gotten a license.
Why are you picking on Cisco? The equipment in question was a pair of Bay Networks BLN routers. The jury is still out as to whether this was a Bay bug or a config screw-up.
I'm not picking on cisco, you missed my point. In all other 'infrastructures' (i.e. phone company, roads) only officially-sanctioned people are allowed access to work on things. With the phone company, it's phone company employees & contractors, with the roads its government employees and contractors. When private extensions are added, they're restricted and compartlemtalized so that they can't affect the entire infrastructure... a private corporate phone switch's misprogramming doesn't bring down Pac Bell. OTOH, with the internet, this is not true. IP routing is complex enough that a router configurating error (or perhaps a series of them, maybe Sprint was accepting BGP sessions from someone they shouldn't have) _can_ damage major parts of the net. Engineers (like most people on this list) first thought when faced with a situation like this is to design more fail-safes into the system to prevent a clueless admin or a router with a software error from causing so much damage. But politicians, when faced with the same situation, their first reaction is "We gotta have a Law". My prediction is that if things like this keep happening, the Internet will be declared a "defense interest computer system" or something similar, and only "approved personnel" will be allowed to mess with net-connected routers. Hence mentioning the 'enable' (root) password on ciscos- I figured more people here are familiar with them since they're the most popular router and the OS's look and feel hasn't changed substantialy for the last 5 years or so. -- Eric Murray ericm@lne.com Privacy through technology! Network security and encryption consulting. PGP keyid:E03F65E5
Hmm. I saw problems friday and saturday. Saturday I was checking URLs in a book on hacking and security that I'm editing, and a number of ordinarily reachable sites were down. Traceroutes to them showed wierd routing problems, mostly routing 'loops'.
Things looked fairly stable Saturday, from my perspective. I'll sniff around. Routing loops do sound suspicious. Where were they cropping up?
I'm not picking on cisco, you missed my point.
No, just ignored it. :) Actually, there is a lot of change going on right now affecting network topology; many ortganizations are migrating away from the basics and are implementing packet shredders ^H^H^H^H^H^H^H^ ATM, higher speed circuits than they are accustomed to, running alpha code on production routers out of necessity (perceived or otherwise), etc. Very hard to "certify" that type of environment, but the exponential growth rate of the 'net has required (or resulted in) some drastic actions.
In all other 'infrastructures' (i.e. phone company, roads) only officially-sanctioned people are allowed access to work on things. With the phone company, it's phone company employees & contractors, with the roads its government employees and contractors. When private extensions are added, they're restricted and compartlemtalized so that they can't affect the entire infrastructure... a private corporate phone switch's misprogramming doesn't bring down Pac Bell.
It's the "and contractors" that is the catch-all here. That includes damn near everybody these days. Also - the voice system is still primarily a connection-switched network, not a packet-switched network. Different animal. Even so, a certain well known long distance providor managed to bring down local calling across most of the east coast 4 or 5 years ago, as a result of a software upgrade that didn't.
a situation like this is to design more fail-safes into the system to prevent a clueless admin or a router with a software error from causing so much damage.
So much damage? There have been far more severe Internet outages. There have been far more severe voice network outages, and for far greater duration. Amtrak managed to backhoe a major fiber trunk a while back, and nailed both voice and data services in the mid-atlantic region rather severely, not all that long ago. Friday was a fairly isolated and short term problem, unless you were working at Sprint. As far as engineering solutions go, the route filtering vs. AS_PATH debate has been going on for a while. Recent events should add a bit of fuel. But politicians, when faced with the same
situation, their first reaction is "We gotta have a Law".
True. But it is hard to legislate competence. Perhaps we could start with Congress as an experiment.
My prediction is that if things like this keep happening, the Internet will be declared a "defense interest computer system" or something similar,
Like NIPRnet, which was only about 20% functional for most of a day only a few weeks back as a result of ATM switch failures? The Internet is growing far too rapidly to be 100% dependable, at the moment, and no measure of legislation will fix this, certainly not in the short run. If Uncle Sam needs a reliable, fault-tolerant network, he should fix NIPRnet. If he can figure out how to do that (doubtful), maybe he'll have a qual when talking about the big picture. -r.w. ------------------------------------------- Shit happens. -------------------------------------------
On Mon, 28 Apr 1997, Rabid Wombat wrote:
Hmm. I saw problems friday and saturday. Saturday I was checking URLs in a book on hacking and security that I'm editing, and a number of ordinarily reachable sites were down. Traceroutes to them showed wierd routing problems, mostly routing 'loops'.
Things looked fairly stable Saturday, from my perspective. I'll sniff around. Routing loops do sound suspicious. Where were they cropping up?
I found the cause of my problem with connecting. It seems that those sites have started doing reverse DNS lookups (probably because of the l0pht hacks). Reverse DNS is screwed up on my domain, so I am getting dropped. (The least people can do when denying addresses from reverse DNS failure is to give a short message as to why so it can be fixed, not just drop the connection with no error message.) The thing that had me confused about the whole situation is that I was able to get in on a sporatic basis on one of the machines. Fixing the problem on my end is going to be a pain. I have to get it resolved through two different ISPs to get the gordian dns knot straightened out. Blech! Oh well...
participants (6)
-
Alan -
Alan Olsen -
Bill Stewart -
Eric Murray -
harka@nycmetro.com -
Rabid Wombat