Re: SHA1 collisions proven possisble

Git prefixes blobs with its own data. You're not going to break git with a SHA-1 binary collision. However, svn is very vulnerable to breaking. On Thu, Feb 23, 2017 at 3:11 PM, J. Hellenthal wrote: > It's actually pretty serious in Git and the banking markets where there

Re: Updating Geolocation of /24 within corporate /16

If you have a peering session with Google or one of their cache boxes, you can set a GeoIP publishing endpoint using their online portal at isp.google.com. That's only for Google though. -richard On Fri, Feb 10, 2017 at 3:19 AM, David Sotnick wrote: > Hi Tyler, > > I

Re: "Defensive" BGP hijacking?

This behavior is never defensible nor acceptable. In addition to being in the wrong with BGP hijacking a prefix, it appears that Mr. Townsend had the wrong target, too. We've been attacked a few dozen times by this botnet, and they could never muster anything near 200 gbps worth of traffic. They

Re: Google GeoIP issue

If you have peering relationship with Google, you can use the isp.google.com portal to self-publish geo information on your netblocks. At least you can in theory. By their own admission, they have never checked the self-published URL that I configured over a month ago. YMMV. -richard On Thu,

Re: de-peering for security sake

Purposefully hosting an "inflammatory" site that the Russians or Chinese object to is a valid way to get your AS null routed inside those countries. Same goes for Turkey, India, Australia... Solves the DDoS and malware problem inside their borders, not yours. On Dec 25, 2015 4:43 AM, "Max Tulyev"

Re: Experience on Wanguard for 'anti' DDOS solutions

We've tried their products off an on for the past 3-4 years. Here are my impressions: * UI stuck in 1999. Can't click zoom, drill down, etc. * Inflexible UI. Want a bandwidth graph with only egress or ingress? Too bad. * Inexpensive. I don't like that it's licensed yearly, but it's not too much

Re: A case against vendor-locking optical modules

I've found the best method of dealing with vendors like this is to treat them the same way they treat you. If they won't listen to technical arguments and act like stubborn children, then I act the same way. Threaten to take your ball and go home. Or buy everything used or from grey market

Re: real-time traffic engineering/management solutions

I'll wholeheartedly endorse Noction's IRP. It works really well, and Noction is very quick to respond to both bugs and feature requests. -richard On Wed, Jun 4, 2014 at 9:14 AM, James Bensley jwbens...@gmail.com wrote: I haven't used it and have no experiance with it, I've simply seen it

Re: Fwd: Serious bug in ubiquitous OpenSSL library: Heartbleed

The updated CentOS openssl binaries haven't patched the underlying bug, but they have disabled the heartbeat functionality. By doing so, they've disabled the attack vector. Once upstream releases a fix, they will re-enable the heartbeat function with the working patch. And yes, don't forget to

Re: out of band management gear

We're really pleased with the Perle IOLAN line. They even have a gigabit port without a $10k price tag. Amazing! It really dumbfounds me why so many vendors are still putting 10/100 Ethernet ports on their OOB management (looking at you OpenGear). Especially a PITA today since many switchports

Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds

Probably not a bug, but par for their technical prowess. The SpamTeq website includes your account number and password in every URI. I'm not sure I'd trust a company that does something as terrible as that to practice good coding elsewhere and not cause major damage with their data feeds.

Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds

We're also interested in using their BGP feeds, but their website ( spamhaustech.com) doesn't give much confidence about their technical prowess. Trying to get a simple quote for BGP feeds is...interesting. -richard On Thu, Jan 9, 2014 at 9:25 AM, ISP Services na...@isp-services.nl wrote: Hi,

Re: NANOG 59 - Monday presentations on YouTube

On Tue, Oct 8, 2013 at 2:57 PM, ML m...@kenweb.org wrote: Kudos to whomever made this happen so quickly +1 on that. Great stuff in here. Though the Better Than Best Practices...DNS Amplification Attacks video isn't working for me. It says the video is still processing and has been for a few

Re: Evaluating Tier 1 Internet providers

On Tue, Aug 27, 2013 at 12:14 PM, Joe Abley jab...@hopcount.ca wrote: I would add: - response you can expect when you call one day and say our 10GE is maxed out with inbound traffic from apparently everywhere, it has been going on for an hour, please help That was good for a laugh. If

Comcast security NOC/contact

Can someone from Comcast please contact me over what appears to be an ill-conceived nullroute or block regarding one of our content IP's. This issue is limited only to Comcast and only to a single IP. Please contact me to get this resolved. I'm guessing that someone wanted us offline but couldn't

Re: Comcast security NOC/contact

Several people responded to me off list. Thanks! -richard On Sun, Aug 18, 2013 at 6:43 PM, Richard Hesse richard.he...@weebly.comwrote: Can someone from Comcast please contact me over what appears to be an ill-conceived nullroute or block regarding one of our content IP's. This issue