On Sun, 21 Sep 2003, Pete Kruckenberg wrote:
> What software is available/recommended for NOC contact
> management?
I've used Nagios (formerly NetSaint) in the past and have been very
impressed with it.
http://www.nagios.org/
It of course has a bit of a learing curve but it's not bad at all.
My apologies in advance for asking a rather "low-brow"
question.
What software is available/recommended for NOC contact
management?
I assume that big networks use CRM type stuff (probably
heavily customized), integrated into the OSS and other
operational systems.
What about for the rest of th
and now that Verisign is also not allowing zone file access,
another breach of their contract with ICANN, I think ICANN
should send them a Notice of Breach and Intent to Revoke Registry Status
Issue the operation of .NET to Non-Profit A
Issue the operation of .COM to Non-Profit B
Of which one sh
It's been about 2 days since ICANN requested Verisign to stop breaking.
http://www.icann.org/announcements/advisory-19sep03.htm
Recognizing the concerns about the wildcard service, ICANN has called
upon VeriSign to voluntarily suspend the service until the various
revie
http://msnbc-cnet.com.com/2100-1024_3-5079768.html?part=msnbc-cnet&tag=alert
&form=feed&subj=cnetnews
"The agency that oversees Internet domain names has asked VeriSign to
voluntarily suspend a new service that redirects Web surfers to its own site
when they seek to access unassigned Web addresse
> If it prevents network-debiliatating attacks like Blaster and friends,
> YES.
Ok I understand where you are coming from but that's a completely different
requirement than your previous post suggested, protecting the network is the
job of a network admin, protecting the applications using the
Just wait until they start accepting the mail, logging it, and then
returning it to sender.
Make one hell of an interesting way to monitor whats going on out there
Nahh, wouldn't happen, would it
Eric
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] B
On Sun, 21 Sep 2003 18:25:50 EDT, Sean Donelan <[EMAIL PROTECTED]> said:
> "I recently put this suggestion to Microsoft and their response basically
> avoided the whole issue. Why wouldn't the company want to offer such a CD,
> assuming that's the motivation behind their stonewalling?"
It would
On Sat, 20 Sep 2003, Avleen Vig wrote:
> > > We are interested in feedback on the best way within the SMTP protocol
> > > to definitively reject mail at these servers. One alternate option we
> > [snip]
>
> The correct "solution" is to remove the wildcarding.
> Until that happens, the best thin
On Sat, Sep 20, 2003 at 07:01:27PM -0400, Sean Donelan wrote:
> The problem is many "clients" act as servers for part of the transaction.
[...]
> And do we really want to discuss peer-to-peer networking, which as
> the name suggests, peer-to-peer.
The Internet has always consisted of peer-to-peer
If it prevents network-debiliatating attacks like Blaster and friends,
YES.
-bob
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Geo.
Sent: Sunday, September 21, 2003 8:15 PM
To: [EMAIL PROTECTED]
Subject: Re: Home Storage Area Network security
> Wha
> What caused me to completely cross over into the "port filtering is OK"
> camp was the fact that Microsoft themselves, in a "securing Windows NT"
> document we found a while back, recommended that due to inherent
> insecurities, NetBIOS be disabled on Internet machines. If the vendor
> says it
> > > > website: www.alt-servers.org.
> > >
> > > what a BAD idea. worse than anything else on the table or in
> > > existence today.
> >
> > Splitting the root you mean? I'm not sure there was enough info on that
> > site to come to any other conclusion, but I wanted to make sure.
>
> this is
Funny, in the earlier thread you argue against blocking ports as a means
of taking the steam out of these virii/worms. In this one, you make the
point of SMB being insecure on the Internet. Sorry if I'm replying to
thread A through thread B, but I feel they're connected.
At one point I agreed
Hi Seam
## On 2003-09-21 17:58 -0400 Sean Donelan typed:
SD>
SD> I received a few comments about file servers not serving files by default.
SD>
SD> There are a bunch of home SAN products on the market. They are designed
SD> to make it very easy for customers to set up and use a home storage
Larry Seltzer has a nice column about the difficulties of keeping up with
Windows patches if you have a dialup connection.
http://www.eweek.com/article2/0,4149,1272162,00.asp
"It occurred to me that one way to make things easier for dial-up users,
and even broadband users in many cases, would b
I received a few comments about file servers not serving files by default.
There are a bunch of home SAN products on the market. They are designed
to make it very easy for customers to set up and use a home storage area
network.
I think these are very cool products, and although some geeks like
On Sun, 21 Sep 2003, Owen DeLong wrote:
> That gets even more frightening when you look at the background of
> Verisign's
> management team. I'm not usually one to buy into conspiracy theorys, and,
> I'm not suggesting any evidence supports one here. However, these guys are
> from the governm
That may soon change. Seeing as how bad things are getting with VRSGN and ICANN
resources are being lined up to solve this problem once and for all.
- Original Message -
From: "Haesu" <[EMAIL PROTECTED]>
To: "Paul Vixie" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Sunday, September 21,
A lot of people try the alternative root servers since their existance. And I have yet
to see one that really worked to convince majority of internet to find it
authoritative...
alt-servers seems to be emotional response to the problem. No matter how hard you try,
I doubt even 20% of all ISP's
http://www.alexa.com/data/details/traffic_details?q=&url=verisign.com
[full post mirrored from Interesting People]
Date: Sat, 20 Sep 2003 18:54:28 -0400
To: [EMAIL PROTECTED]
From: Dave Farber <[EMAIL PROTECTED]>
Subject: [IP] Quantifying SiteFinder Traffic
>Delivered-To: [EMAIL PROTECTED]
>F
I have not tried this but After reading Paul Vixie's recent comments I intend to
do so.
_
Douglas Denault
[EMAIL PROTECTED]
Voice: 301-469-8766
Fax: 301-469-0601
-- Forwarded message --
Date: Wed, 17 Sep 2003 18:19:32 -0400 (EDT)
From: Damaged Industries <[EMAIL PROTECTED]>
-BEGIN PGP SIGNED MESSAGE-
Paul Vixie wrote:
> > > > website: www.alt-servers.org.
> > >
> > > what a BAD idea. worse than anything else on the table or in
> > > existence today.
> >
> > Splitting the root you mean? I'm not sure there was enough info on that
> > site to come to any oth
> > > website: www.alt-servers.org.
> >
> > what a BAD idea. worse than anything else on the table or in
> > existence today.
>
> Splitting the root you mean? I'm not sure there was enough info on that
> site to come to any other conclusion, but I wanted to make sure.
this is just dns piracy, d
On Sun, 21 Sep 2003, Paul Vixie wrote:
>
> > This sort of not-for-profit is exactly what I proposed when the VeriSign
> > discussion started. A non-technical response to a non-technical problem.
> > Since my inital email, I've recruited a few other NANOG folks and put up a
> > website: www.alt-s
> This sort of not-for-profit is exactly what I proposed when the VeriSign
> discussion started. A non-technical response to a non-technical problem.
> Since my inital email, I've recruited a few other NANOG folks and put up a
> website: www.alt-servers.org.
what a BAD idea. worse than anything
On Sat, Sep 20, 2003 at 08:31:27PM -0400, Joe Provo wrote:
>
> Wrong protocol. There should be *NO* SMTP transactions for
> non-extistant domains.
After being bit by this over the weekend I would have to agree, due to
a screwup at netSOL a companies domain I manage was resolving to their
sit
On Sun, 21 Sep 2003, Mike Tancsa wrote:
> Yes, this is all too familiar. Luckily it was not so acute for us. The
> porn company in question was using legit credit cards and we knew where
> they were located. We too got to the point where I had to contemplate
> blocking dialups with no ANI a
on 9/21/2003 12:00 PM Stephen J. Wilcox wrote:
>> At this point, I think we're on the verge of having multiple
>> (different) namespaces, which is extremely dangerous. At the same
>> time, the arguments against multiple roots are pretty much going out
>> the window.
>
> Not at all, the problem
One thing that Y2K taught us was that programmers
do some really stupid things with hard coded "this
should never occur naturally" values. The year
'99' was used to trigger all kinds of interesting
things like erasing backup tapes, destroying inventory
and worse. It is not implausible that someon
I realize this thread had gotten long, but thought I'd pitch the
following idea:
; TLD
$ORIGIN com.
* IN NS ns.wildcard.invalid.
$ORIGIN wildcard.invalid.
ns IN A1.2.3.4 ; NSI default
Make no mistake, I'd much rather have
My guess is that you haven't heard of the current issue with various
servers running SMTP AUTH. These MTAs are secure by normal
mechanisms, but are being made to relay spam anyway.
You're right. It's been a while since I was last on the front lines
of this issue.
It's hard enough to get mailserve
On Sun, 21 Sep 2003, Eric A. Hall wrote:
> on 9/21/2003 11:19 AM E.B. Dreger wrote:
>
> > Return NOERROR for one type of RR, but NXDOMAIN for another? Is
> > that valid?! Hit me with a clue-by-four if appropriate, but I
> > thought NOERROR/NXDOMAIN was returned per-host, regardless of
> > RRTY
Of course, folks realize that Verisign is now one of the largest SS7
network operators in the world. Almost all CLECs in the USA use
Verisign's SS7 network.
Verisign has become the single point of failure for almost all of the
USA's public networks (voice, data, Internet, etc).
That gets even mo
I'm seeing bulk access to .com and .net blocked at the moment. Other zones
are available from Verisigns ftp server as usual, but .net and .com are
empty (and the signature files are listing them as empty too).
Anyone heard anything from Verisign about this?
Cheers,
Steve
--
-- Steve Atkins --
on 9/21/2003 11:19 AM E.B. Dreger wrote:
> Return NOERROR for one type of RR, but NXDOMAIN for another? Is
> that valid?! Hit me with a clue-by-four if appropriate, but I
> thought NOERROR/NXDOMAIN was returned per-host, regardless of
> RRTYPE requested. Giving NXDOMAIN for MX yet returning N
SJW> Date: Sun, 21 Sep 2003 15:17:34 + (GMT)
SJW> From: Stephen J. Wilcox
SJW> That was my understanding but on checking with Paul he said
SJW> that NXDOMAIN means dont do further checks so dont look for
SJW> A...
Return NOERROR for one type of RR, but NXDOMAIN for another? Is
that valid?!
On Sun, 21 Sep 2003, Daniel Roesen wrote:
> On Sun, Sep 21, 2003 at 10:08:27AM +, Stephen J. Wilcox wrote:
> > What if you change the behaviour of the GTLD named daemons to return
> > an NXDOMAIN response to any MX queries on non-existent domains, you
> > will then take this whole debate on S
This sort of not-for-profit is exactly what I proposed when the VeriSign
discussion started. A non-technical response to a non-technical problem.
Since my inital email, I've recruited a few other NANOG folks and put up a
website: www.alt-servers.org.
-Mike
(Please excuse any formatting odditie
Yes, this is all too familiar. Luckily it was not so acute for us. The
porn company in question was using legit credit cards and we knew where
they were located. We too got to the point where I had to contemplate
blocking dialups with no ANI as I had already blocked all access from their
p
Geotrust is not Verislime, but they *are* Choicepoint.
If you don't know who Choicepoint is; well, they vacuum up
your personal data and resell it to all comers. Google on
"Choicepoint FTC" for a rundown. Sort of John Poindexer's version
of Halliburton..a private sector Big Brother.
I reg
FWIW:
To: The Department of Homeland Security
Sent (via dhs.gov site form)
Dated: 21 Sep 2003 14:24:37 -
Category:
Security Threats
Message:
Threat to the stability and predictability of the Internet infrastructure:
Verisign is solely and exclusively responsible for the maintenance
(and th
The off-topic nanog thread that won't die (where are the topic
police?...never around when you need one)...and then just when you think
it has died, some member's virus infected Microsoft Windows PC (hey is
that redundant?) replies to you with the thread's subject and no body
other than a virus at
neal rauhauser wrote:
Rather than bashing someone who is doing something positive we should
see if we can paypal him $$$ for a box of tacks so he can mine the
chairs of the tack head marketing weasels who decided this would be a
good idea ...
Could we convince Washington that this is an operat
Iljitsch van Beijnum wrote:
But someone has to. The trouble is that access to the network has
never been considered a liability, except for local ports under 1024.
(Have a look at java, for example.) I believe that the only way to
solve all this nonsense is to have a mechanism that is preferabl
On zaterdag, sep 20, 2003, at 21:36 Europe/Amsterdam, Sean Donelan
wrote:
Should any dialup, dsl, cable, wi-fi, dhcp host be able to use any
service
at any time? For example run an SMTP mailer, or leave Network
Neighborhood open for others to browse or install software on their
computers?
As so
On Sun, Sep 21, 2003 at 10:08:27AM +, Stephen J. Wilcox wrote:
> What if you change the behaviour of the GTLD named daemons to return
> an NXDOMAIN response to any MX queries on non-existent domains, you
> will then take this whole debate on SMTP out of the equation ...
MTAs fall back to the
On Sat, 20 Sep 2003, Eric A. Hall wrote:
> on 9/20/2003 1:01 PM Matt Larson wrote:
>
> > We are interested in feedback on the best way within the SMTP protocol
> > to definitively reject mail at these servers.
>
> You need to:
>
> 1) fatally reject mail for domains that are not delegated with
In article <[EMAIL PROTECTED]>,
Justin Shore <[EMAIL PROTECTED]> wrote:
>Now I'm going to get even more off-topic. It occurs to me that major
>changes to a protocol such as SMTP getting auth should justify utilizing a
>different tcp/ip port. Think about it like this. If authenticated forms
>of
On Sun, 21 Sep 2003, Petri Helenius wrote:
> > The whois database is not a replacement for a DNS query.
>
> I´m sure Verisign will come up with a XML Schema for whois information soon.
Sooner then you think!
Yesterday, the results of IETF CRISP WG "call for consensus" was announced
and the res
Kee Hinckley wrote:
Never mind that there isn't a standard format for the returned
information between providers.
The whois database is not a replacement for a DNS query.
I´m sure Verisign will come up with a XML Schema for whois information soon.
Pete
On Sat, Sep 20, 2003 at 11:23:04PM -0700, Henry Linneweh wrote:
> My view would concur with this, these are really old battles starting back in the
> netsol days and now the verisign has taken the same short sighted path.
>
> It is time that neutral party is in charge
> -Henry R Linneweh
52 matches
Mail list logo
