On Wed, 15 Feb 2012 10:44:38 +0100, Stephane Bortzmeyer said:
Challenge taken.
RFC 2277, IETF Policy on Character Sets and Languages, section 3.1,
Protocols MUST be able to use the UTF-8 charset [...] Protocols MAY
specify, in addition, how to use other charsets [something DNS does
not do,
In message 86mx8kqpy7@seastrom.com, Robert E. Seastrom writes:
valdis.kletni...@vt.edu writes:
On Wed, 15 Feb 2012 10:44:38 +0100, Stephane Bortzmeyer said:
Challenge taken.
RFC 2277, IETF Policy on Character Sets and Languages, section 3.1,
Protocols MUST be able to use the
On 2/15/12 8:32 AM, Mark Andrews wrote:
... Before deciding to go the IDNA route, treating DNS
labels as UTF-8 was discussed, evaluated and rejected.
well, sort of. we started with idn as a wg label.
the smtp weenies opined that they'd never have a flag day and anything
other than a boot
+1 for Scrutinizer, but to be fair a lot of our former students work there.
On Mon, Feb 13, 2012 at 6:02 AM, Matt Taylor m...@mt.au.com wrote:
Scrutinizer!
On 13/02/2012, at 9:53 PM, Raphael MAUNIER rmaun...@neotelecoms.com wrote:
+1
Do it yourself :)
You can have a look at As-Stats.
Hi friends,
As some of you may know, I occasionally teach networking to college
students and I frequently encounter misconceptions about some aspect
of networking that can take a fair amount of effort to correct.
For instance, a topic that has come up on this list before is how the
inappropriate
Switching VS Bridging
Collision Domain VS Broadcast Domain
L2 in general is the layer that the new folks often misunderstand.
I once had someone ask me what a hub was. That pretty much told me how
old I was
-Hammer-
I was a normal American nerd
-Jack Herer
On 2/15/2012 2:47 PM, John
Keep the discussion on the list. I would like to know as well.
Kenneth M. Chipps Ph.D.
-Original Message-
From: John Kristoff [mailto:j...@cymru.com]
Sent: Wednesday, February 15, 2012 2:47 PM
To: nanog@nanog.org
Subject: Common operational misconceptions
Hi friends,
As some of you
On Wed, Feb 15, 2012 at 1:10 PM, Kenneth M. Chipps Ph.D.
chi...@chipps.comwrote:
Keep the discussion on the list. I would like to know as well.
Kenneth M. Chipps Ph.D.
-Original Message-
From: John Kristoff [mailto:j...@cymru.com]
Sent: Wednesday, February 15, 2012 2:47 PM
To:
On 02/15/12 14:47 -0600, John Kristoff wrote:
Hi friends,
As some of you may know, I occasionally teach networking to college
students and I frequently encounter misconceptions about some aspect
of networking that can take a fair amount of effort to correct.
For instance, a topic that has come
Autoneg. The old timers that don't trust it after a few decades of decent code.
Or those that lock one side and expect the other to adjust to that.
/Tias
15 feb 2012 kl. 21:47 skrev John Kristoff j...@cymru.com:
Hi friends,
As some of you may know, I occasionally teach networking to
Auto-neg, as someone already mentioned.
MD5 makes BGP peering sessions more secure. There was a nice recent
NANOG rant on that one.
One of my favorites from corporate america; if you run one application
on a server you can put in that apps port in the firewall and block
everything else and the
Packet loss at hop X in traceroute/mtr does not necessarily point to a
problem at hop X.
Good one.
Also, security as a whole seems to be confusing for folks. They've seen
Firewall with Harrison Ford and therefore the FW is some secret master
voodoo widget that only people from Area 51 can
DNS only uses UDP
DNS only uses 512 byte UDP packets
or maybe just..
DNS is easy
--
It's always a long day; 86400 doesn't fit into a short.
Breadth of IT experience, and depth of knowledge in the DNS.
Yours for the right price. :) http://SupersetSolutions.com/
Are there any analytic or simulation models of DNS traffic and caches?
Say I have a DNS cache that handles two different kinds of traffic,
DNSBL lookups that are almost never reused, and web page lookups that
are frequently reused. Is there a model that will predict whether
partitioning the
ICMP is bad, and should be completely blocked for security.
On Wed, Feb 15, 2012 at 02:47:15PM -0600, John Kristoff wrote:
Hi friends,
As some of you may know, I occasionally teach networking to college
students and I frequently encounter misconceptions about some aspect
of networking that
As I hadn't seen it discussed here, I'll have to assume that many
NANOGers haven't seen the latest rant from Anonymous:
To protest SOPA, Wallstreet, our irresponsible leaders and the
beloved bankers who are starving the world for their own selfish
needs out of sheer sadistic fun, On March 31, the
I really don't think Anonymous is dumb enough to forget about anycast. If
i remember right, another group tried to take down the root servers within
the past 5 or 6 years and only took out around 20 or 25.
-Grant
On Wed, Feb 15, 2012 at 4:36 PM, George Bakos gba...@alpinista.org wrote:
As I
On Feb 15, 2012, at 5:36 PM, George Bakos wrote:
As I hadn't seen it discussed here, I'll have to assume that many
NANOGers haven't seen the latest rant from Anonymous:
To protest SOPA, Wallstreet, our irresponsible leaders and the
beloved bankers who are starving the world for their own
On Feb 15, 2012, at 23:36, Chuck Anderson wrote:
security
That must be the top of the list:
Switches provide security (by traffic isolation)
DHCP provides security (by only letting in hosts we know)
MAC address filtering provides security (fill in the blanks…)
NAC provides security
NATs
On Wed, Feb 15, 2012 at 4:36 PM, Chuck Anderson c...@wpi.edu wrote:
ICMP is bad, and should be completely blocked for security.
I can't tell if this reply is to say this ought to be done or if
this is often done, and should not be.
Clarify?
-tk
They could just mess with BGP announcements. If you can't route to the root
servers they may as well not exist.
-Eric
On 16/02/2012, at 9:12 AM, Jared Mauch wrote:
On Feb 15, 2012, at 5:36 PM, George Bakos wrote:
As I hadn't seen it discussed here, I'll have to assume that many
With security in mind:
Use other VLANs other than vlan1. Disable vlan1. Disable ports (physical
and logical) that aren't in use. Encrypt your passwords in your config, etc
etc etc...
On Wed, Feb 15, 2012 at 2:49 PM, Carsten Bormann c...@tzi.org wrote:
On Feb 15, 2012, at 23:36, Chuck Anderson
On Wed, Feb 15, 2012 at 04:51:44PM -0600, Anton Kapela wrote:
On Wed, Feb 15, 2012 at 4:36 PM, Chuck Anderson c...@wpi.edu wrote:
ICMP is bad, and should be completely blocked for security.
I can't tell if this reply is to say this ought to be done or if
this is often done, and should not
In message 5f40c962-ff7e-4197-bba5-5e891104b...@puck.nether.net, Jared Mauch
writes:
On Feb 15, 2012, at 5:36 PM, George Bakos wrote:
As I hadn't seen it discussed here, I'll have to assume that many
NANOGers haven't seen the latest rant from Anonymous:
=20
To protest SOPA,
(1) Block all ICMP (obviously some are required for normal operations,
unreachables, pMTU too large/DF set, etc).
(2) Block certain ports (blindly, w/o at least established) taking out
legitimate ephemeral port usage.
(3) Local uRPF is unnecesary (or source spoofing mitigation in general)
(4)
Telco provided VPN makes communication between your sites secure.
If you can use (virtual) circuits, even better.
-- Alg
On Jan 6, 2012, at 6:15, Michael Carey wrote:
Looking for a recommendation on who to buy affordable and reputable SSL
certificates from? Symantec, Thawte, and Comodo are the names that come to
mind, just wondering if there are others folks use.
Almost everyone are basically just selling an
Just be careful with Xirrus. A little known secret is that only 3 of those
radios can be running in the 2.4ghz band at any time.
Mario Eirea
IT Department
Charter School IT
20803 Johnson Street
Pembroke Pines, FL 33029
Ph: 954-435-7827
Cell: 305-742-6524
Fax: 954-442-1762
On Wed, Feb 15, 2012 at 3:47 PM, John Kristoff j...@cymru.com wrote:
I have a handful of common misconceptions that I'd put on a top 10 list,
By your classful addressing example, it sounds like these students are
what most nanog posters would consider to be entry-level.
RFC1918 is misused a lot
Mark Andrews wrote:
Or just slave the root zone. 1 million root servers is more robust
than the hundred or so we have today
Good, I was serious to have said not thousands but millions of
servers when I proposed anycast root servers.
and given the root is signed
you can verify the answers
traceroute shows _a_ path. Your packets might have taken a different
path. ( the return traffic yet another)
labeling something backup link on the network diagram doesn't make it one.
Lee
On 2/15/12, John Kristoff j...@cymru.com wrote:
Hi friends,
As some of you may know, I occasionally
Almost everyone are basically just selling an activation with one of the SSL
certificate authorities.
I usually buy a RapidSSL (Verisign) certificate from
https://www.sslmatrix.com/ -- they seem to have some of the best
prices and the rapidssl enrollment process is very efficient (at least for
PKI is cryptographically secure.
IDN is internationalized.
IPv6 reduces router load by not allowing fragmentation.
IPv6 is operational.
Masataka Ohta
On 2012.02.15 19:23, Steve Bertrand wrote:
On 2012.02.15 15:47, John Kristoff wrote:
I have a handful of common misconceptions that I'd put on a top 10 list,
but I'd like to solicit from this community what it considers to be the
most annoying and common operational misconceptions future
ULA is the IPv6 equivalent of RFC1918
RFCs are standards (i.e. all of them, or RFC is synonymous with standard)
The words Internet and Web can be used interchangeably
Not only does NAT provide security, but it's NECESSARY for security.
Alternatively, you can't possibly be as secure without
On Wed, Feb 15, 2012 at 4:17 PM, John Levine jo...@iecc.com wrote:
Almost everyone are basically just selling an activation with one of the
SSL certificate authorities.
I usually buy a RapidSSL (Verisign) certificate from
https://www.sslmatrix.com/ -- they seem to have some of the best
prices
IPv6 is operational.
How is this a misconception? It works fine for me...
Nathan
NANOG don't need no stinkin' glossary, everybody knows what our alphabet
soup means.
Getting a file by bittorrent will always be faster and stress the network
less than downloading it by FTP or HTTP.
The best wide-area network topology is exactly the same as that used by
the Bell network of
A few for me that come to mind which haven't been covered yet.
*) Latency, jitter, etc when pinging a router means packets going
through the router suffer the same fate.
Never fails that I get a call about the latency changes that occur every
60 seconds, especially on software based
In message 4f3c2e47.80...@dougbarton.us, Doug Barton writes:
DNS only uses UDP
DNS only uses 512 byte UDP packets
or maybe just..
DNS is easy
Or that it is correct/does no harm to filter fragmented packet / icmp.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
Something that makes me crawl out of my skin is when they refer to an access
point as router.
-Mario Eirea
On Feb 15, 2012, at 3:47 PM, John Kristoff j...@cymru.com wrote:
Hi friends,
As some of you may know, I occasionally teach networking to college
students and I frequently encounter
I whole-heartedly agree with that last one.
-Grant
On Wed, Feb 15, 2012 at 8:07 PM, Mario Eirea mei...@charterschoolit.comwrote:
Something that makes me crawl out of my skin is when they refer to an
access point as router.
-Mario Eirea
On Feb 15, 2012, at 3:47 PM, John Kristoff
On 2012.02.15 19:55, Nathan Eisenberg wrote:
IPv6 is operational.
How is this a misconception? It works fine for me...
Imagine an operator who is v6 ignorant, with a home provider who
implements v6 half-assed, and tries to access a v6 site that has perhaps
v6-only accessible nameservers,
On 2012.02.15 19:19, Masataka Ohta wrote:
IPv6 is operational.
This is an intriguing statement. Any ops/eng I know who have claimed
this, actually know what they are talking about, so it is factual. I've
never heard anyone claim this in a way that could be a misconception.
I state further in
On Wed, Feb 15, 2012 at 5:49 PM, Carsten Bormann c...@tzi.org wrote:
On Feb 15, 2012, at 23:36, Chuck Anderson wrote:
security
That must be the top of the list:
as a segue to
NATs provide security
On 2/15/2012 2:40 PM, Grant Ridder wrote:
I really don't think Anonymous is dumb enough to forget about anycast.
Given their track record, it does seem advisable to take the threat seriously,
whatever taking it seriously might mean...
If
i remember right, another group tried to take
In message 4f3c6703.4050...@gmail.com, Steve Bertrand writes:
On 2012.02.15 19:55, Nathan Eisenberg wrote:
IPv6 is operational.
How is this a misconception? It works fine for me...
Imagine an operator who is v6 ignorant, with a home provider who
implements v6 half-assed, and tries to
Mark Andrews wrote:
This doesn't prove that IPv6 is not operational. All it proves is
people can misconfigure things.
How do operators configure their equipments to treat
ICMP packet too big generated against multicast and
unicast?
Note that, even if they do not enable inter-subnet
multicast
Not understanding RFC1918. Actually got read the riot act by someone
because I worked for an organization that used 10.0.0.0/8 and that was
their network and they owned it.
Chuck
2012/2/15 Masataka Ohta mo...@necom830.hpcl.titech.ac.jp
Mark Andrews wrote:
This doesn't prove that IPv6 is
Is that because of Channel Spacing ? or some other reason ?
Regards.
Faisal Imtiaz
Snappy Internet Telecom
7266 SW 48 Street
Miami, Fl 33155
Tel: 305 663 5518 x 232
Helpdesk: 305 663 5518 option 2 Email: supp...@snappydsl.net
On 2/15/2012 7:00 PM, Mario Eirea wrote:
Just be careful with
On Wed, Feb 15, 2012 at 7:50 PM, Faisal Imtiaz fai...@snappydsl.net wrote:
Is that because of Channel Spacing ? or some other reason ?
I would presume channel spacing. In FCC-land, there are only 3
non-overlapping 20 Mhz bandwidths available.
--j
Hi All,
I'm doing some research on 802.11 quality of service, congestion control,
etc. I'm trying to find some information on the Point Coordination
Function, a polling based access control method, but I'm having a hard time
finding much in the way of vendor support. I have access to some cisco
This is my guess too, i guess there is some bleed over from their antenna
arrays.
Mario Eirea
IT Department
Charter School IT
20803 Johnson Street
Pembroke Pines, FL 33029
Ph: 954-435-7827
Cell: 305-742-6524
Fax: 954-442-1762
From: Jonathan Lassoff
In message 4f3c76d5.9040...@necom830.hpcl.titech.ac.jp, Masataka Ohta writes:
Mark Andrews wrote:
This doesn't prove that IPv6 is not operational. All it proves is
people can misconfigure things.
How do operators configure their equipments to treat
ICMP packet too big generated
On 2/15/12 20:14 , Mario Eirea wrote:
This is my guess too, i guess there is some bleed over from their antenna
arrays.
Even the most directional sector antenna in the world has a back lobe...
and there there's the clients...
there's no magic bullet you simply can't do it all in one ap with
On 2012.02.15 22:12, Mark Andrews wrote:
In message4f3c6703.4050...@gmail.com, Steve Bertrand writes:
On 2012.02.15 19:55, Nathan Eisenberg wrote:
IPv6 is operational.
How is this a misconception? It works fine for me...
Imagine an operator who is v6 ignorant, with a home provider who
IS-IS is a legacy protocol that nobody uses
15.02.2012 22:47, John Kristoff kirjoitti:
Hi friends,
As some of you may know, I occasionally teach networking to college
students and I frequently encounter misconceptions about some aspect
of networking that can take a fair amount of effort to
How widespread would you say the use of IS-IS is?
Even more as to which routing protocols are used, not just in ISPs, what
percent would you give to the various ones. In other words X percent of
organizations use OSPS, Y percent use EIGRP, and so on.
-Original Message-
From: Antti
Control of ground-state pluripotency by allelic regulation of Nanog
Nature advance online publication 12 February 2012. doi:10.1038/nature10807
Authors: Yusuke Miyanari Maria-Elena Torres-Padilla
Pluripotency is established through genome-wide reprogramming during mammalian
pre-implantation
On 2/15/12 21:04 , Kenneth M. Chipps Ph.D. wrote:
How widespread would you say the use of IS-IS is?
Even more as to which routing protocols are used, not just in ISPs, what
percent would you give to the various ones. In other words X percent of
organizations use OSPS, Y percent use EIGRP, and
ISIS is used in organizations other than ISPs Any examples you can share
of some other than ISPs?
-Original Message-
From: Joel jaeggli [mailto:joe...@bogus.com]
Sent: Wednesday, February 15, 2012 11:58 PM
To: Kenneth M. Chipps Ph.D.
Cc: nanog@nanog.org
Subject: Re: Common operational
Mark Andrews wrote:
Well you need to go out of your way to get a ICMP PTB for IPv6
multicast as the default is to fragment multicast packets at the
source at network minimum mtu (RFC3542 - May 2003). That's not to
say it won't happen.
Yes, it will happen, because RFC3542 was, as was
Some recent questions from interview and lab sessions I took.
- I've allowed vlan X on trunk but still its not working? why do I have to
create it on every switch?
- any-any rules on firewall with AV enabled is better.
- ACL inboud/outbout misconcept. Always end up cutting the rope.
- BGP is for
On Thu, Feb 16, 2012 at 12:17:00AM -, John Levine wrote:
Almost everyone are basically just selling an activation with one of the
SSL certificate authorities.
I usually buy a RapidSSL (Verisign) certificate from
https://www.sslmatrix.com/ -- they seem to have some of the best
prices
On Wed, Feb 15, 2012 at 8:41 PM, Joel jaeggli joe...@bogus.com wrote:
On 2/15/12 20:14 , Mario Eirea wrote:
This is my guess too, i guess there is some bleed over from their antenna
arrays.
Even the most directional sector antenna in the world has a back lobe...
and there there's the
On Wed, Feb 15, 2012 at 6:49 PM, George Herbert
george.herb...@gmail.com wrote:
On Wed, Feb 15, 2012 at 4:17 PM, John Levine jo...@iecc.com wrote:
The problem with anything related to Verisign at the moment is that
The possibility of their root certs being compromised is nonzero.
The
On Feb 15, 2012, at 12:47 PM, John Kristoff wrote:
Hi friends,
As some of you may know, I occasionally teach networking to college
students and I frequently encounter misconceptions about some aspect
of networking that can take a fair amount of effort to correct.
For instance, a topic
On Feb 15, 2012, at 6:16 PM, Steve Bertrand wrote:
On 2012.02.15 19:55, Nathan Eisenberg wrote:
IPv6 is operational.
How is this a misconception? It works fine for me...
Imagine an operator who is v6 ignorant, with a home provider who implements
v6 half-assed, and tries to access a v6
68 matches
Mail list logo
