I would agree that for some application protocols this would be useful++.
Letting layer 7 generate layer 3 responses though is, imvho, a bad idea (tm)
from an architectural perspective. Beyond that, in Linux (and I would
imagine a few other OSes) ICMP is in-kernel, which lowers the practicability
Sean Donelan wrote:
The difference being campus machines are null routed rather than
disconnected, and they are not reconnected until checked and clean.
And once again, the question: how do you know the machines have been
checked and cleaned before they are reconnected? Do you take the
custo
On Mon, 6 Oct 2003 [EMAIL PROTECTED] wrote:
> My favorite:
>
> "ntp-1.vt.edu is portscanning me very slowly with source port 123"
>
> The really sad ones are the ones who 3 days earlier dropped me a note to tell
> me they'll using our NTP server.
Due to the propensity of people to configu
> The difference being campus machines are null routed rather than
> disconnected, and they are not reconnected until checked and clean.
And once again, the question: how do you know the machines have been
checked and cleaned before they are reconnected? Do you take the
customers word, or do you
Robert Boyle [10/6/2003 9:42 AM] :
What gets me is the moron admins who track down every "attack" they see.
"Attacks" such as ICMP echo requests, Port 80 connections, etc. If they
get huge logs that's one thing, but for four pings from a windows box or
a mistyped IP address in a URL and they ar
On Mon, 06 Oct 2003 00:12:07 EDT, Robert Boyle <[EMAIL PROTECTED]> said:
> What gets me is the moron admins who track down every "attack" they see.
> "Attacks" such as ICMP echo requests, Port 80 connections, etc. If they get
> huge logs that's one thing, but for four pings from a windows box o
At 12:57 AM 10/5/2003, you wrote:
At 2:11 AM + 10/5/03, Suresh Ramasubramanian wrote:
For more fun, consider that you are [EMAIL PROTECTED], and get those
It's the anti-virus ones that drive me nuts. "Someone in your domain sent
us a virus which always forges the from line, but we're going t
On Sun, 5 Oct 2003, David A. Ulevitch wrote:
> > How many times did you disable the same user's network access because
> > they didn't actually fix their computer but told you it was fixed?
>
> Just once, if they weren't patched they were automatically turned down
> again. (automated, not human pr
Suresh Ramasubramanian wrote:
Matthew Sullivan [06/10/03 11:38 +1000]:
Third time their account is deleted.
I am yet to have one that has reached the third time - 85k users here.
Let me guess - that'd mostly be dialup users, right? Or maybe simply email
users? Not (say) T1 and larger us
On Mon, 06 Oct 2003 02:43:48 -, Suresh Ramasubramanian said:
>
> Matthew Sullivan [06/10/03 11:38 +1000]:
> > Third time their account is deleted.
> >
> > I am yet to have one that has reached the third time - 85k users here.
>
> Let me guess - that'd mostly be dialup users, right? Or maybe
Matthew Sullivan [06/10/03 11:38 +1000]:
> Third time their account is deleted.
>
> I am yet to have one that has reached the third time - 85k users here.
Let me guess - that'd mostly be dialup users, right? Or maybe simply email
users? Not (say) T1 and larger users?
--
srs (postmaster|sure
On Sun, 05 Oct 2003 20:29:20 EDT, Brian Bruns <[EMAIL PROTECTED]> said:
> world. Thats *20* minutes.
>
> Why does it take NetSol 24/48/72 hours to do the same thing?
I guess it depends on whether your business model involves accepting money
for doing a good job in resolving existent host names
Suresh Ramasubramanian wrote:
Sean Donelan [05/10/03 17:44 -0400]:
What happens a few hours later when you start getting complaints again
about the same customer? Do you turn the connection off again. And
Sure, turn it off again. And again.
Sooner or later, it will dawn on the customer
Bill,
>> Is anyone aware of a South America NOG? or do they mainly use nanog?
>
>There was an operator's meeting in Argentina recently, unfortunately
>scheduled at exactly the same time as the APNIC meeting. Primarily talk
>about IXes, was my impression. I don't know how many attendees.
> Is anyone aware of a South America NOG? or do they mainly use nanog?
There was an operator's meeting in Argentina recently, unfortunately
scheduled at exactly the same time as the APNIC meeting. Primarily talk
about IXes, was my impression. I don't know how many attendees.
Is anyone aware of a South America NOG? or do they mainly use nanog?
Pascal
Heres an interesting question Matt, maybe you can provide me with a
worthwhile answer.
Last night, I finally got around to registering a .org domain for my use.
It took only 20 minutes from the time which I registered it, gave it my DNS
servers, and paid for it, to when it was resolveable everywh
* [EMAIL PROTECTED] (Piotr KUCHARSKI) [Sat 04 Oct 2003, 20:51 CEST]:
[..]
> do arbitrary changes to them. Marking "com" and "net" as delegation-only
> is not harming anything. (At least until ICANN changes its mind.)
According to this mail:
http://gnso.icann.org/mailing-lists/archives/registrars
On Sun, 5 Oct 2003, Jamie Reid wrote:
> While we were fighting blaster/nachi and others, we relied heavily on
> IDS's to generate alerts for the worms, then we disabled their network
> access and called them. Generic viruses are not an ISP's problem, but
> a worm is something that affects the pr
Sean Donelan [05/10/03 17:44 -0400]:
> What happens a few hours later when you start getting complaints again
> about the same customer? Do you turn the connection off again. And
Sure, turn it off again. And again.
Sooner or later, it will dawn on the customer that no, his system is not
fixed
While we were fighting blaster/nachi and others, we relied heavily on IDS's to generate
alerts for the worms, then we disabled their network access and called them. Generic
viruses are not an ISP's problem, but a worm is something that affects the prviders
infrastructure, and is therefore a netw
On Sun, 5 Oct 2003, Suresh Ramasubramanian wrote:
> > So from an ISPs point of view, is there a way for the ISP to quickly
> > tell the customer if the particular computer is fixed without unduly
>
> Isolate his IP and have all outbound http redirected to a page that
> says "please call [escalated
Sean Donelan [05/10/03 16:49 -0400]:
> There are some differences between private networks and public networks.
> In a company, the company is the "owner" of the PCs and employees (in the
Very true - and that was the context I mentioned this in.
> So from an ISPs point of view, is there a way fo
On Sun, 5 Oct 2003, Suresh Ramasubramanian wrote:
> Kee Hinckley [05/10/03 00:57 -0400]:
> > Bringing this back to the more relevant topic. Is there something
> > that ISPs could do to notify users and get in their face more without
> > shutting off their connection? Perhaps a custom piece of
>
James Cowie wrote:
> On Friday, we noted with some interest the appearance of more
> than six hundred deaggregated /24s into the global routing
> tables. More unusually, they're still in there this morning.
>
> AS6198 (BellSouth Miami) seems to have been patiently injecting
> them over the
On Friday, we noted with some interest the appearance of more
than six hundred deaggregated /24s into the global routing
tables. More unusually, they're still in there this morning.
AS6198 (BellSouth Miami) seems to have been patiently injecting
them over the course of several hours, betwe
26 matches
Mail list logo