Re: Re: IRR information & BYOIP (Bring Your Own IP) with Cloud Providers

On Mon, Jan 22, 2024 at 7:39 AM kubanowy wrote: > On Jan 19, 2024, at 02:39, kubanowy wrote: > > Hi, > We have our own prefix assignment from ARIN. We have our infrastructure in > GCP (Google Cloud Platform) where we started using BYOIP functionality > (Google advertises our IPs). We followed

Re: Re: Soliciting suggestions and experiences from the community for RPKI-invalid filtering deployment

Thank you. I've heard similar feedback from several other network operators. It seems that this is one of the main reasons why some networks do not apply rov at customer interfaces. Best, Lancheng -原始邮件- 发件人: "Randy Bush" 发送时间: 2023-05-23 21:45:13 (星期二) 收件人: "Lancheng Qin" 抄送:

Re: Re[2]: RFC6598 100.64/10: to bogon or not to bogon (team-cymru et all)

Hello, > It is just that, marketing. I disagree, authoritative and accurate product description and documentation of the tools used by the public matter a lot. If a ticket lands on my desk because a third party misuses a tool, I want to point to a single authoritative source of information. >

Re: Re: Why do ROV-ASes announce some invalid route?

On Fri, Nov 11, 2022 at 8:49 AM Lukas Tribus wrote: > > On Fri, 11 Nov 2022 at 14:00, Christopher Morrow > wrote: > > Also, also, possibly the output path on the session(s) here is not > > filtering in an OV fashion. > > ROV belongs on the input path, let's not ROV on the output towards >

Re: Re: Why do ROV-ASes announce some invalid route?

On Fri, 11 Nov 2022 at 14:00, Christopher Morrow wrote: > Also, also, possibly the output path on the session(s) here is not > filtering in an OV fashion. ROV belongs on the input path, let's not ROV on the output towards customers / route collectors. Announcing bigger, ROV valid/unkown

Re: Re: Why do ROV-ASes announce some invalid route?

There are 2 sides to the bgp conversation for any ASN, and then really 4 sides. customer -> RAS -> peer (settlement-free) peer(sfp) -> RAS -> customer customer -> ras -> transit transit -> ras -> customer Depending on the RAS's capabilities or status in their journey to 'fully RAS',

Re: Re: Why do ROV-ASes announce some invalid route?

Hello Job, Thank you very much for your reply! I got that no AS can actually filter all the invalids. Yet I was trying to figure out why we couldn't see reasonable amount of withdrawals from AS6939 about invalid prefixes, as they explained how they implement ROV

RE: Re:

I run both OpenBSD + OpenBGPd + OpenBSD/OpenBGPd’s LG, and BIRD + xddxdd/bird-lg-go (on two different servers, because I value my sanity) because they do a few things differently, and neither can show me everything I want. -Adam Adam Thompson Consultant,

RE: Re: FCC proposes higher speed goals (100/20 Mbps) for USF providers

As much as I hate giving C/Bell Atlantic/Verizon praise for anything ever, my 1gb FIOS connection reliably delivers 900+mb/s in both directions any time I care to test it. Generally, if I can’t fill the pipe it’s the other end’s lack of available bandwidth. Thanks, -- Jamie From: NANOG On

Re: Re: 10 Do's + Don'ts for Visiting Québec + Register Now for N85!

It appears that Laura Smith via NANOG said: > >--- Original Message --- >On Friday, May 6th, 2022 at 13:59, J EMail <70ford...@gmail.com> wrote: > >> poutine should be on this list. > >God no !  >There are many great things about Canada and Québec but poutine most >certainly is not.

RE: RE: CGNAT scaling cost (was V6 still not supported)

for a big system?) then the port cost would start from 2x (+ common components). Eduard -Original Message- From: Jared Brown [mailto:nanog-...@mail.com] Sent: Wednesday, March 30, 2022 8:17 PM To: Vasilenko Eduard Cc: nanog@nanog.org Subject: Re: RE: CGNAT scaling cost (was V6 still

Re: RE: CGNAT scaling cost (was V6 still not supported)

Hi Eduard, Do I interpret your findings correctly, if this means that CGNAT costs scale more or less linearly with traffic growth over time? And as a corollary, that the cost of scaling CGNAT in itself isn't likely a primary driver for IPv6 adoption? - Jared Vasilenko Eduard wrote: > >

Re: Re udp port overload on ipv4 (was Re: V6 still not supported)

On 10/03/2022 21:03, Matthew Walster wrote: If that was feasible, we would likely be using SCTP by now. TCP, UDP, and ICMP are likely to be the only reliable IP protocols for the foreseeable future on the internet. (As in, inter-domain) But QUIC runs on UDP - it is not a new protocol, we are

Re: Re udp port overload on ipv4 (was Re: V6 still not supported)

On Thu, 10 Mar 2022, 19:41 Dave Taht, wrote: > I am deeply concerned by the onrushing move to udp for QUIC, > IMO, it's a fad that will die away. IMHO, QUIC should also one day become its own protocol number also, > If that was feasible, we would likely be using SCTP by now. TCP, UDP, and

Re: Re udp port overload on ipv4 (was Re: V6 still not supported)

On Thu, Mar 10, 2022 at 11:43 AM Dave Taht wrote: > I am deeply concerned by the onrushing move to udp for QUIC, with udp > the former province of voip, gaming, request/response and > videoconferencing traffic. Hi Dave, Since QUIC is without value unless it works with widely deployed NAT

Re: Re: OVH datacenter SBG2 in Strasbourg on fire 

In the 1990s, I spent long time researching and talking to people about the history of the old Automated Data Processing room code requirements. You can tell by the terminology "Automated Data Processing" the age of the original requirements. IBM helped write the original requirements in the

Re: Re: OVH datacenter SBG2 in Strasbourg on fire 

From: George Herbert ...Interesting overview of fire damage. I remember many years ago spec'ing a machine room at BU and coming to loggerheads with the VP of building and grounds. He (well, their rules) wanted low-temp sprinkler triggers, I wanted the high-temp ones (I forget but I think

Re: Re: Frontier Tampa issues

It sounds like a routing loop somewhere In the path. Trace the path thru a looking glass.-- Sent from my Android phone with mail.com Mail. Please excuse my brevity.On 1/24/21, 9:19 PM David Hubbard wrote: Yes, exactly same issue for us, and it has happened in the past a few years

Re: Re Parler

Mike Bolitho wrote: List admins, for real. This has run its course just like I said it would several days ago. It is 100% speculative, has nothing to do with network operations, and requires actual lawyers with access to the case information and witnesses to figure out what's going on. No

Re: Re Parler

On 1/14/21 4:09 PM, Mike Bolitho wrote: And now, with prejudice, I'm requesting that this thread get moderated, before anyone *else* volunteers to jump off a bridge. List admins, for real. This has run its course just like I said it would several days ago. It is 100%

Re: Re Parler

> > And now, with prejudice, I'm requesting that this thread get moderated, > before > anyone *else* volunteers to jump off a bridge. List admins, for real. This has run its course just like I said it would several days ago. It is 100% speculative, has nothing to do with network operations, and

Re: Re Parler

- Original Message - > From: "Mel Beckman" > John, > > What’s your point? Are you saying that it’s OK for an ISP to break antitrust > laws for a political cause? No, Mel. In very short, he's saying that criminal sedition and armed insurrection *are not political causes*, and I am

Re: Re Parler

John, What’s your point? Are you saying that it’s OK for an ISP to break antitrust laws for a political cause? To bring this discussion back into the realm of operational discussions, shouldn’t we be building infrastructure that has the audit and change management components needed to detect

Re: Re Parler

In article <70e9-8be1-483c-8e49-e9cda6b4a...@beckman.org> you write: >Parler also has an excellent antitrust case, as the idea that three companies >would simultaneously pull the plug on >their services for a single common customer is going to be hard to explain to >a judge. Aw, come on.

Re: Re Parler and its very underprepared attorney

> Per reporting by Katherine Long of the Seattle Times, during > that hearing Parler's attorney: > > - forgot the name of Parler's CEO > > - stated that he's unfamiliar with some of the terminology > because he's not on social media > > - admitted that he filed a day

Re: Re Parler

On Thu, Jan 14, 2021 at 11:01:19AM -0700, Keith Medcalf wrote: > This result will only come to pass if Parler wins their lawsuit (which is > likely) The first hearing in this case was held today. Per reporting by Katherine Long of the Seattle Times, during that hearing Parler's attorney:

Re: Re Parler

f > Sent: Thursday, January 14, 2021 7:01 PM > To: Mel Beckman ; adamv0...@netconsultings.com > > Cc: nanog@nanog.org > Subject: RE: Re Parler > > > On Thursday, 14 January, 2021 10:02, Mel Beckman wrote: > > >I, however, do know that this is the cont

Re: Re Parler

topic. Regards, Roderick. From: NANOG on behalf of Keith Medcalf Sent: Thursday, January 14, 2021 7:01 PM To: Mel Beckman ; adamv0...@netconsultings.com Cc: nanog@nanog.org Subject: RE: Re Parler On Thursday, 14 January, 2021 10:02, Mel Beckman wrote

RE: Re Parler

The wiki (https://en.m.wikipedia.org/wiki/Section_230) page has this > The statute in Section 230(c)(2) further provides "Good Samaritan" protection > from civil liability for operators of interactive computer services in the > removal or moderation of third-party material they deem obscene or

Re: Re Parler

On Thu, Jan 14, 2021 at 10:13 AM wrote: > (b) Termination for Cause. > (i) material breach remains uncured for a period of 30 days from receipt of > notice It's fairly clear from Amazon's communications that this is their basis for terminating Parler. They began notifying Parler in September

Re: Re Parler

    Good to here since you're either part of:         . Parler legal team;         . Amazon legal team;         . Pervue of all the communication between both corporation;     ... or just a Parler user ... is my guess. - Alain Hebertaheb...@pubnix.net

RE: Re Parler

n 6. (especially with subsection (a) which seem to provide a lot of options for interpretation and manoeuvring space) adam -Original Message- From: Mel Beckman Sent: Thursday, January 14, 2021 5:02 PM To: adamv0...@netconsultings.com Cc: Keith Medcalf ; nanog@nanog.org Subject: Re:

RE: Re Parler

On Thursday, 14 January, 2021 10:02, Mel Beckman wrote: >I, however, do know that this is the contract that was in force. Because >I read the lawsuit, and the contract, which I’ve verified is identical to >the one posted online, is included as an exhibit (although the courts >managed to get

Re: Re Parler

I, however, do know that this is the contract that was in force. Because I read the lawsuit, and the contract, which I’ve verified is identical to the one posted online, is included as an exhibit (although the courts managed to get the pages out of order). And yes, Amazon had a duty to provide

RE: Re Parler

> Medcalf > Sent: Thursday, January 14, 2021 1:06 PM > > > On Thursday, 14 January, 2021 04:53, adamv0...@netconsultings.com wrote: > > >https://aws.amazon.com/agreement/ > >7.2 Termination. > >(a) Termination for Convenience. You may terminate this Agreement for > >any reason by providing us

RE: Re Parler

On Thursday, 14 January, 2021 04:53, adamv0...@netconsultings.com wrote: >https://aws.amazon.com/agreement/ >7.2 Termination. >(a) Termination for Convenience. You may terminate this Agreement for any >reason by providing us notice and closing your account for all Services >for which we provide

RE: Re Parler

nder? Even if the product still works can you actually legally use it? Do you own it then? Etc.. adam -Original Message- From: NANOG On Behalf Of Keith Medcalf Sent: Thursday, January 14, 2021 10:08 AM To: nanog@nanog.org Subject: RE: Re Parler I thought y'all yankee doodles had this th

RE: Re Parler

I thought y'all yankee doodles had this thing called the Communication Decency Act section 230 that prevented a "service provider" from being responsible for the content of third-party's -- whether or not they were acting as a publisher; and, also the principle of law that an agreement to

Re: Re[6]: Disney+ Geolocation (again)

Original Message -- > From: "Brian Turnbow" > To: "Jeff Mansukhani" ; "Mike Hammett" < > na...@ics-il.net>; "j...@imaginenetworksllc.com" < > j...@imaginenetworksllc.com> > Cc: "nanog@nanog.org" > Sent: 11/20/2020 1

Re: Re[6]: Disney+ Geolocation (again)

Original Message -- From: "Brian Turnbow" < b.turn...@twt.it > To: "Jeff Mansukhani" < j...@mansukhani.net >; "Mike Hammett" < na...@ics-il.net >; " j...@imaginenetworksllc.com " < j...@imaginenetworksllc.com > Cc: &qu

Re: Re[4]: Disney+ Geolocation (again)

ilto:na...@ics-il.net>> Cc: "nanog@nanog.org<mailto:nanog@nanog.org>" mailto:nanog@nanog.org>> Sent: 11/16/2020 8:12:29 AM Subject: RE: Re[2]: Disney+ Geolocation (again) Hi Mike, You may want to add technical operations services team techops-servi...@disneystreamin

RE: Re[2]: Disney+ Geolocation (again)

Friday, November 13, 2020 7:25 PM To: Jeff Mansukhani Cc: Nanog@nanog.org Subject: Re: Re[2]: Disney+ Geolocation (again) I updated our page. :-) - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com From:

Re: Re[2]: Disney+ Geolocation (again)

Thanks! The page: http://thebrotherswisp.com/index.php/geo-and-vpn/ Josh Luthman 24/7 Help Desk: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Nov 13, 2020 at 1:25 PM Mike Hammett wrote: > I updated our page. :-) > > > > - > Mike Hammett > Intelligent

Re: Re[2]: Disney+ Geolocation (again)

>From my understanding, they are using each of their respective CDN's geo-blocking rules. Probably best to contact Akamai, Fastly, Limelight, etc to make sure your IP ranges are flagged as in the US. On Fri, Nov 13, 2020 at 3:24 PM Randy Bush wrote: > < advertisement > > >

Re: Re[2]: Disney+ Geolocation (again)

< advertisement > https://datatracker.ietf.org/doc/draft-ymbk-opsawg-finding-geofeeds/ there is a draft-ietf-opsawg-finding-geofeeds as soon as draft submission opens randy

Re: Re[2]: Disney+ Geolocation (again)

I updated our page. :-) - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com Midwest-IX http://www.midwest-ix.com - Original Message - From: "Jeff Mansukhani" To: "Seth Mattinen" , Nanog@nanog.org Sent: Thursday, November 12, 2020 5:49:40 PM Subject:

Re: Re: QUIC traffic throttled on AT residential {5403687}

I didn't contact you. Fuck off. On Thu, 20 Feb 2020 at 16:01, Dead.net Customer Service < d...@wmgcustomerservice.com> wrote: > Thank you for contacting Dead.net customer service. > > Our customer service team will reply to your email as soon as possible. > > Due to our current email volume,

RE: Re: Reminiscing our first internet connections (WAS) Re: akamai yesterday - what in the world was that

That was the other half of going to Extended Super Frame. Lyle talked about AMI going away below, but didn't mention what replaced it (Binary 8bit Zero Substitution for the kids on the list). I don't know about the other ILECs out there, but I don't know if Verizon will even provision a T1

RE: Re: Arista Layer3 (Colton Conor)

These boxes are available with 3 different FIB options currently.. 7280R > 1M route 7280R2 (Jericho+) > 1.3M routes 7280R2K (Jericho+) > 2M routes On top of the base FIB capabilities, EOS 4.21.3F adds FIB compression and 2-to-1 route compression features that give quite a bit of

Re: Re: Arista Layer3 (Colton Conor)

I can't comment on the direct comparison of the SLX9540, but we have 8x 7280SR deployed across our network (just migrated off all the Brocades we had) and have had amazing success with them. The number of informational or "show" commands isn't as extensive as some of the others that have been

RE: Re: using expect to log into devices

Jimmy Hess > > On Tue, Jul 24, 2018 at 9:55 PM, Scott Weeks > wrote: > > > > --- valdis.kletni...@vt.edu wrote: > > From: valdis.kletni...@vt.edu > > > > On Sun, 22 Jul 2018 00:43:35 +0200, Niels Bakker said: > > > Fine as a personal exercise, of course. The inability to download > > > modules

Re: Re: Yet another Quadruple DNS?

Is it just me, or is there a problem with the website? I get a nginx 403 Forbidden error when trying to access it. Regards, Filip > > On 29 Mar 2018 at 2:41 pm,wrote: > > > Cloudflare’s website provides some more information: https://1.1.1.1/

RE: RE: [EXT] Fwd: Re: problems sending to prodigy.net hosted email

LaBrea Tarpit http://labrea.sourceforge.net/ can do this as well, though perhaps only for IPv4. Basically it looks for unanswered ARP requests and answers them. What it does with the ensuing session data is configurable. --- The fact that there's a Highway to Hell but only a Stairway to

Re: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

It seems to me that since peer pressure hasn't worked, it's time to resort to legal means. Have a talk with your own organization's lawyers, explain to them how much time and money those folks are costing your organization, and see if there isn't something you can do in the way of billing for the

Re: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

On Wed, Feb 28, 2018 at 12:29:54AM +, Filip Hruska wrote: > OVH is one of the largest server providers in the world - of course they will > be at the top of that list. Of course not. The larger an operation, the greater its responsibility to the rest of the Internet -- because the more

Re: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

On Wed, 28 Feb 2018, Filip Hruska wrote: What exactly should they do, according to you? read and act on abuse reports. Why should people de-peer them? because they ignore abuse reports. -Dan

Re: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

On Tue, Feb 27, 2018 at 4:29 PM Filip Hruska wrote: > This is just stupid. > > OVH is one of the largest server providers in the world - of course they > will be at the top of that list. > What exactly should they do, according to you? > They should have rough norms enforced on

Re: Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks

This is just stupid. OVH is one of the largest server providers in the world - of course they will be at the top of that list. What exactly should they do, according to you? Why should people de-peer them? Regards, Filip Hruska > > On

Re: Re: Attacks from poneytelecom.eu

Quite a lot actually. Those servers are fine seedboxes. People also use them for media storage, i.e. online galleries and smaller video streaming sites. Filip > > On 4 Jan 2018 at 6:46 am,wrote: > > > AS12876 is online.net... home of the €2.99

RE: Re: Looking for help @ 60 Hudson

>On Behalf Of Seth Mattinen > >On 11/13/17 12:49, Mike Hammett wrote: >> Keep the humans out of the rack and you should be fine. >> >> Where should I send the invoice?:-P > > >It's easy to keep a rack nice if you take the time. I've spent hours >removing and replacing cables in neatly dressed

Re: Re: Favorite Speed Test Systems

I've used Visualware's My Connection Server, and the stats it gives are decent. Haven't yet updated to the latest version, which seems to be require client software installation, however. http://www.myconnectionserver.com/ Have also used Ookla's, but it seems more useful to join their

Re: Re: Autunomous system filtering?

On Fri, Nov 18, 2016 at 1:39 PM, wrote: > Consider that when we were announcing the whole /22 everything was working > correctly, then suddenly some ASs stopped to accept our prefixes. That's why > we decided to split the network and announce prefixes with different AS. >

Re: Re: Should abuse mailboxes have quotas?

Sorry about that, many networks do perform standard filtering on messages to Abuse contacts based on DNS RBLs, SPF/DMARC policy enforcement, virus scans, etc, and do send a SMTP Reject on detected spam or malware. I'll disagree, here. Sure, there are some basic considerations - but some of

Re: Re: Should abuse mailboxes have quotas?

I will admit, it's one of the faster ways I pick up on phishing campaigns against our users. So I'm not entirely against it. I'm in the camp of not replying to every report. On Thu, 27 Oct 2016 14:39:07 -0500 b...@theworld.com wrote FWIW abuse@whatever seems to be a favorite in

Re: RE: Deploying IPv6 in an ISP network [ was: Best Source for ARIN Region /24 ]

Apologies; I had looked at some of the NCC's online material and got stuck in the "it's all online these days, right?" bubble... Excuse the noise... -- Hugo h...@slabnet.com: email, xmpp/jabber also on Signal From: Shon Elliott -- Sent: 2016-01-11 - 16:34

RE: Re: Synful Knock questions...

That could NEVER happen. :-) --p http://www.theregister.co.uk/2015/03/18/want_to_dodge_nsa_supply_chain_taps_ask_cisco_for_a_dead_drop/ -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Blake Hudson Sent: Wednesday, September 16, 2015 8:37 AM To:

RE: Re: Strange traceroute result to VM in EC2, Singapore

Text or it never happened. --p -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Glen Kent Sent: Thursday, August 06, 2015 8:44 AM To: nanog@nanog.org Subject: [EXTERNAL]Re: Strange traceroute result to VM in EC2, Singapore Ooops. The attachment was dropped

Re: RE: Bright House IMAP highwater warning real?

- Tell user that they're nearly out of storage. Specify how much they've used and how much they have total. Perhaps include a percentage - Mention that they could delete email that isn't needed to recover space. - (optional but nice) Show the subject and sender of the biggest messages - (optional

RE: Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers

Subject: Re: Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers 17. Jul 2015 21:06 by will.mcderm...@sjsu.edu: Load balancers can also be used like this, while maintaining redundancy (assuming HA LB config). Terminate SSL/TLS on the LB and run plain-text

Re: Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers

17. Jul 2015 21:06 by will.mcderm...@sjsu.edu: Load balancers can also be used like this, while maintaining redundancy (assuming HA LB config). Terminate SSL/TLS on the LB and run plain-text to the application/appliance. As long as the load balancer is in an acceptable part of the

Re: Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers

Federal government lands on you like a sack of bricks if you don't provide this information through their (in)secure website. No exceptions. Sometimes you can't fire the vendor because they're not a vendor, they're a freaking regulatory agency with the power to crush you like a bug, and a 5 year

Re: Re: SEC webpages inaccessible due to Firefox blocking servers with weak DH ciphers

Weak ciphers? Old (insecure) protocol versions? Open security issues? Vendor will never provide a patch? Trash goes in the trash bin, no exceptions.

Re: Re: ARIN IPV4 Countdown

15. Jul 2015 01:33 by cmaur...@xyonet.com: Since IPV6 does not have NAT, it's going to be difficult for the layman to understand their firewall. deployment of ipv4 is pretty simple. ipv6 on the otherhand is pretty difficult at the network level. yes, all the clients get everything

Re: Re: World's Fastest Internet™ in Canadaland

On Sat, Jun 27, 2015 at 07:56:03AM +1000, Mark Andrews wrote: You don't think about the size of power lines coming into a house as they are overkill for just about anything you will do in the house. You don't think about the size of water pipes coming into a house as they are overkill for

Re: Re: World's Fastest Internet™ in Canadaland

Good points. But just like I won't take more than one shower at a time, I probably won't watch more than one Netflix stream session at a time (assuming that for myself only). Downloading a large ISO image in seconds is definitely a plus, although at the office I never reach a steady 120MB/s from

Re: Re: World's Fastest Internet™ in Canadaland

In message cajb2g-h2cccqud7_bhpoydo+beysyzpy+js2p+hj6ruk0qx...@mail.gmail.com , Rafael Possamai writes: How does one fully utilize a gigabit link for home use? For a single person it is overkill. Similar to the concept of price elasticity in economics, going from 50mbps to 1gbps doesn't

Re: Re: Whats' a good product for a high-density Wireless network setup?

Their airMAX line recently got UNII approval but not their UniFi line to my knowledge: https://community.ubnt.com/t5/airMAX-Updates-Blog/airMAX-FCC-UNII-Updates-Lower-Band-Activation-Process/ba-p/1265946 20. Jun 2015 03:36 by fai...@snappytelecom.net: FCC Cert claims different. :)

RE: Re: OPM Data Breach - Whitehouse Petition - Help Wanted

I believe, if the fruit is small enough, you could sneak some of this in through the cracks. Bull it through via sheer determination. But I understand what you mean The more official it is, the more visible it is, the more difficult it is The same for any bureaucracy, but a quantum

Re: RE: AWS Elastic IP architecture

Agree with everything in your post. -- Hugo - Original Message - From: Tony Hain alh-i...@tndh.net Sent: 2015-06-01 - 16:20 To: 'Hugo Slabbert' h...@slabnet.com, 'Matt Palmer' mpal...@hezmatt.org Subject: RE: AWS Elastic IP architecture Hugo Slabbert wrote: snip On this given point,

RE: Re: Intrusion Detection recommendations

These are all excellent tools for a dedicated knowledgeable network security person to use. The most important element being the dedicated knowledgeable network security person. --p -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jimmy Hess Sent:

RE: Re: Intrusion Detection recommendations

I believe the ASA was first developed as the PIX on Plan 9. The OS that came out of that was originally called Finesse OS, but was later renamed as PIX OS. After Cisco purchased the PIX and renamed it to the ASA, they began using a Linux kernel around PIX OS V8. --p -Original

RE: Re: Intrusion Detection recommendations

+10 The original SANS DDOS task force, and many others since, have emphasized this. Filter your Outbound! Bogons for obvious reasons, BGP3 to keep routing multipliers, non-internals to keep from being used as an amplifier network, the list goes on. Be a good network neighbor. --p

RE: Re: Checkpoint IPS

IPSes are like any security technology, they are only as good as their implementor/administrator. I've seen some installations just set up defaults and leave them that way without any maintenance nor much oversight of alarms. I've even seen some that do 0-day implementation of new signatures,

RE: Re: Checkpoint IPS

Auto-Update can cause problems. I take the stance that updates should be verified in a CERT or ISO first, before being operationalized. --p -Original Message- From: Colin Johnston [mailto:col...@gt86car.org.uk] Sent: Friday, February 06, 2015 10:46 AM To: Darden, Patrick Cc: Colin

RE: Re: Checkpoint IPS

Absolutely. Valuable humans behind the tools will always provide better benefits than what vendors may generically sell/deliver.

RE: Re: Checkpoint IPS

And when your opinion is an acknowledged universal constant, I will tip my hat to you. In the meantime, your argument is extremely soundbitey--sounds great, but stupid. --p -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Roland Dobbins Sent: Friday,

RE: Re: Checkpoint IPS

Sorry, didn't mean to imply otherwise. Had an incident back in ~2004 where an IPS signature update closed ALL network traffic. Including fix-it updates. Definitely a case where the IPS caused major difficulties for a network. --p -Original Message- From: Colin Johnston

RE: Re: Checkpoint IPS

Securing hosts/applications/services themselves is the way to protect them from compromise. Can't go wrong with defense in depth. I'd definitely throw securing routers in there, throw in firewalls, periodic internal scanning for idiot mistakes, audits, etc. I still think IPS/IDSes can be

Re: Re: Private ASNs in the wild

On Thursday, December 11, 2014 05:55:26 PM ML wrote: There are sloppy networks out there. If it was a big enough problem all you'd need is a few key networks drop those prefixes and we'd have a...slightly less sloppy Internet? Router software (speaking of Cisco and Juniper in this case) has

Re: Re: Private ASNs in the wild

Sadly, you don't have to pass any sort of clue test to peer in the default-free zone and there are plenty of organizations who simply don't filter properly. Worse yet, it's still illegal to use the bright platinum baseball bat of clue on the perpetrators. ;-) -- John Fraizer LinkedIn profile:

RE: Re: cheap laptop with 32G or 64G recommendations

If there is a cheap quad-core laptop with 64GB of ram and no huge downsides... then sign me up! I expect that will be the standard in 5 years, but right now that is a hoss. Izaac's suggestion of using the cloud is good, if you can do it. Cloud services have come a long way--fast and easy

Re: RE: Cable Company Network Upgrade

Hello Thanks for the useful tips.   We weren't told the geographical disparity of these 20 locations, but it may be wiser for each location to peer/buy transit to two or more disparate POPs rather than home them to one core location which has more single points of failure. The farest node is

Re: RE: Level 3 blames Internet slowdowns on ISPs’ refusal to upgrade networks | Ars Technica

On Sat, 22 Mar 2014, Keith Medcalf wrote: I don't see this as a technical problem, but one of business and ethics. ISP X advertises/sells customers up to 8Mbps (as an example), but when it comes to delivering that product, they've only guaranteed 512Kbps (if any) because the ISP hasn't put in

RE : Re: NSA able to compromise Cisco, Juniper, Huawei switches

+1, I fully agree. And not only concerning the domestic use by country, but also with regards to information peering with neighbors, and such.  Enjoy '14!  mh Message d'origine De : Ray Soucy r...@maine.edu Date : A : Blair Trosper blair.tros...@gmail.com Cc :

Re: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

On Thu, Jun 20, 2013 at 8:41 PM, Timothy Morizot tmori...@gmail.com wrote: On Jun 20, 2013 5:31 PM, Randy Bush ra...@psg.com wrote: and dnssec did not save us. is there anything which could have? Hmmm. DNSSEC wouldn't have prevented an outage. But from everything I've seen reported, had

Re: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

On Jun 20, 2013 7:30 PM, Rubens Kuhl rube...@gmail.com wrote: In this case of registrar compromise, DS record could have been changed alongside NS records, so DNSSEC would only have been a early warning, because uncoordinated DS change disrupts service. As soon as previous timeouts played out,

RE : Re: PRISM: NSA/FBI Internet data mining project

Yet appears a certain lack of transparency, no?  mh  Message d'origine De : Jason L. Sparks jlspa...@gmail.com Date : A : ku po cciehe...@gmail.com Cc : NANOG nanog@nanog.org Objet : Re: PRISM: NSA/FBI Internet data mining project To be fair, the reporting (initially)

Re: Re: Advisory — D-root is changing its IPv4 address on the 3rd of January.

In message 42515678-f2ce-48ce-a0e6-4211c5f0f...@puck.nether.net, Jared Mauch writes: On Dec 15, 2012, at 4:58 PM, Mark Andrews ma...@isc.org wrote: I realise that keeping the old IP functional for some time is = important for all the static configurations. But does it matter if a

Re: Re: Advisory — D-root is changing its IPv4 address

So really stupid question, and hopefully it's just me, do I need to do something on my servers? your crontab that updates your root-hints may already have caught the chang= e... That seems like a spectacularly bad idea. How do you validate the new root-hints automatically? What if

Re: Re: Advisory — D-root is changing its IPv4 address

hand waveydnssec/hand wavey On Dec 14, 2012 1:06 PM, Joe Greco jgr...@ns.sol.net wrote: So really stupid question, and hopefully it's just me, do I need to do something on my servers? your crontab that updates your root-hints may already have caught the chang= e... That seems

  1   2   3   >