Re: ???
On Mon, 17 Jun 2002 01:31:56 -0400, blitz wrote: Anyone else getting the group msgs in duplicate like I am? I think so, it doesn't seem to happen majorly frequently but sometimes I'll read some messages one day and then the next day I'll check my mail and the messages will be there again marked as new. Maybe its something worth keeping an eye on and tracking...From now on instead of deleting I'll move to a separate folder and check for duplicates just in case... -- O- cw, [EMAIL PROTECTED] on 18/06/2002 Part man, part monkey. Baby that's me
RE: Qwest leaking routes?
Humble suggestion would be to block the advert of RFC 1918 addresses at your peering points. Jeff Harper, VCE, CNEP IEEE#: 40306184 Manager of Network Engineering Verizon Internet Services [AS 6541/AS 6976] 214.513.6791 | [EMAIL PROTECTED] -Original Message- From: Vinny Abello [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 10:47 AM To: [EMAIL PROTECTED] Subject: Qwest leaking routes? Has anyone else noticed that Qwest appears to be leaking routes to 10.0.0.0/8?? BGP routing table entry for 10.0.0.0/8, version 1073573 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer 1784 209 216.182.0.65 (metric 5803520) from 216.182.0.65 (216.182.0.65) Origin IGP, localpref 90, valid, internal, best Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN
Re: Qwest leaking routes?
I assume you contacted these folks? http://puck.nether.net/netops/nocs.cgi?qwest and they did not respond for some period of time.. - Jared On Tue, Jun 18, 2002 at 11:47:13AM -0400, Vinny Abello wrote: Has anyone else noticed that Qwest appears to be leaking routes to 10.0.0.0/8?? BGP routing table entry for 10.0.0.0/8, version 1073573 Paths: (1 available, best #1, table Default-IP-Routing-Table) Not advertised to any peer 1784 209 216.182.0.65 (metric 5803520) from 216.182.0.65 (216.182.0.65) Origin IGP, localpref 90, valid, internal, best Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Fwd: FOUND VIRUS IN MAIL
I could not get this virus to execute on my BSD box, the binary must be corrupt. Clearly this person did not study their target audience. Regards, James On 17 Jun 2002, Larry Rosenman wrote: Fair Warning -Forwarded Message- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: FOUND VIRUS IN MAIL from [EMAIL PROTECTED] Date: 17 Jun 2002 22:48:16 -0500 A virus was found in an email from: [EMAIL PROTECTED] The message was addressed to: - [EMAIL PROTECTED] The message has been quarantined as: /var/virusmails/virus-20020617-224816-21028 Here is the output of the scanner: Scanning /var/amavis/amavis-milter-4Oa4l925/parts/* Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-1.txt Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-2.html Scanning file /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe /var/amavis/amavis-milter-4Oa4l925/parts/msg-21028-3.exe Found the DDoS-Slack trojan !!! Summary report on /var/amavis/amavis-milter-4Oa4l925/parts/* File(s) Total files: ... 3 Clean: . 2 Possibly Infected: . 1 Here are the headers: - BEGIN HEADERS - Received: by trapdoor.merit.edu (Postfix) id 0FA7F9124E; Mon, 17 Jun 2002 23:46:02 -0400 (EDT) Delivered-To: [EMAIL PROTECTED] Received: by trapdoor.merit.edu (Postfix, from userid 56) id B621F9124F; Mon, 17 Jun 2002 23:46:01 -0400 (EDT) Delivered-To: [EMAIL PROTECTED] Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id A61099124E for [EMAIL PROTECTED]; Mon, 17 Jun 2002 23:45:58 -0400 (EDT) Received: by segue.merit.edu (Postfix) id 8CCEA5DE57; Mon, 17 Jun 2002 23:45:58 -0400 (EDT) Delivered-To: [EMAIL PROTECTED] Received: from web21109.mail.yahoo.com (web21109.mail.yahoo.com [216.136.227.111]) by segue.merit.edu (Postfix) with SMTP id D92105DE52 for [EMAIL PROTECTED]; Mon, 17 Jun 2002 23:45:57 -0400 (EDT) Message-ID: [EMAIL PROTECTED] Received: from [68.36.89.121] by web21109.mail.yahoo.com via HTTP; Mon, 17 Jun 2002 20:45:56 PDT Date: Mon, 17 Jun 2002 20:45:56 -0700 (PDT) From: jim bruer [EMAIL PROTECTED] Subject: ConfigMaker Beta To: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: multipart/mixed; boundary=0-340633384-1024371956=:50295 Sender: [EMAIL PROTECTED] Precedence: bulk Errors-To: [EMAIL PROTECTED] X-Loop: nanog -- END HEADERS -- -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: XO
At 12:46 6/18/02 -0400, you wrote: On Mon, 17 Jun 2002, Martin Hannigan wrote: The difference is XO will be fine, Adelphia will be bought by EVIL, or potentially liquidated. They're talking about selling out to Charter. The deal with Charter fell through a week ago.Adelphia's so dirty, no one wants to touch them...guess we'll wait for the fire sale.
Re: XO
On Tue, 18 Jun 2002, blitz wrote: The difference is XO will be fine, Adelphia will be bought by EVIL, or potentially liquidated. They're talking about selling out to Charter. The deal with Charter fell through a week ago.Adelphia's so dirty, no one wants to touch them...guess we'll wait for the fire sale. Hey, cool. That means the only broadband access available in Mentor on the Lake will continue to be SBC DSL. Adelphia was supposed to upgrade and have cablemodem access launched here in the fall. :P~~ -- Steve Sobol, CTO JustThe.net LLC, Mentor On The Lake, OH 888.480.4NET - I do my best work with one of my cockatiels sitting on each shoulder - 6/4/02:A USA TODAY poll found that 80% of Catholics advocated a zero-tolerance stance towards abusive priests. The fact that 20% didn't, scares me...
Re: Viri capture...
Are you suggesting us as end users should reprogram every OS and Email client rather than run a virus checker? Because I know I for one dont have time to rewrite them all! And will leave that to their creators safe in the knowledge that my virus checker will stop inbound.. Unfortunately those of us in the real world have users on our networks who are not technically competent and because of choices of software have to use the vulnerable clients and we need virus checkers! Steve On Tue, 18 Jun 2002, Greg A. Woods wrote: [ On Tuesday, June 18, 2002 at 03:17:07 (-0400), blitz wrote: ] Subject: Viri capture... Anti-viri worked here as wellfile captured, and destroyed... backdoor bot indeed... Your anti-virus software can only work if you are lame enough to continue to run software that remains vulnerable to known exploits. If you fix your software instead of wasting time and money on an silly virus catcher then maybe you'd also do some preventative maintenance that would block even new and as-yet unknown exploits from occuring. Virus and worm catchers are not vaccines or wormicides. They're barely equivalent to antibiotics. They only attempt to repair a problem _after_ it raises its ugly head. html And speaking of vulnerable software Please DO NOT EVER send HTML, rich text, or otherwise stylized e-mail, especially not to me or to any public mailing list. Not all mail readers will recognize such formats. HTML in particular is a potential security threat and many firewalls filter it entirely -- especially since CERT and Microsoft recently anounced a very major flaw in the HTML rendering engine used in all Microsoft products. Please send all your messages as plain text only.
Re: remember the diameter of the internet?
Hi Brett, Are you asking _why_ there are so many hops between yourself and the guy across town? Jane brett watson wrote: i sit behind cox-cable service at home, and in troubleshooting why my connectivity is *so* horrible, i find the following traceroute. does anyone do any sane routing anymore? does diameter matter (we used to talk about it a long, long while ago). i guess i'm just old and crusty but this seems to violate so many natural laws. i find in more random testing that i seem to be a minimum of 15 hops from anything, and it's not just the # of hops, it's the *paths* i travel. bouncing between two cities several times, on several different provider networks, from one border to the other. wow. -b traceroute www.caida.org 1 10.113.128.130 unavailable 2 68.2.6.25 10 ip68-2-6-25.ph.ph.cox.net 3 68.2.0.26 40 ip68-2-0-26.ph.ph.cox.net 4 68.2.0.18 50 ip68-2-0-18.ph.ph.cox.net 5 68.2.0.10 20 ip68-2-0-10.ph.ph.cox.net 6 68.2.0.70 10 ip68-2-0-70.ph.ph.cox.net 7 68.2.14.13 10 chnddsrc02-gew0303.rd.ph.cox.net 8 68.1.0.168 20 chndbbrc02-pos0101.rd.ph.cox.net 9 68.1.0.146 30 dllsbbrc01-pos0102.rd.dl.cox.net 10 12.119.145.125 40 unavailable 11 12.123.17.5430 gbr6-p30.dlstx.ip.att.net 12 12.122.5.86 51 gbr4-p90.dlstx.ip.att.net 13 12.122.2.11480 gbr2-p30.kszmo.ip.att.net 14 12.122.1.93 50 gbr1-p60.kszmo.ip.att.net 15 12.122.2.42 70 gbr4-p40.sl9mo.ip.att.net 16 12.122.2.20560 gbr3-p40.cgcil.ip.att.net 17 12.123.5.14560 ggr1-p360.cgcil.ip.att.net 18 207.88.50.253 90 unavailable 19 64.220.0.18980 ge5-3-1.RAR1.Chicago-IL.us.xo.net 20 65.106.1.86 70 p0-0-0-0.RAR2.Chicago-IL.us.xo.net 21 65.106.0.34 60 p1-0-0.RAR1.Dallas-TX.us.xo.net 22 65.106.0.14120 p6-0-0.RAR2.LA-CA.us.xo.net 23 64.220.0.99 80 ge1-0.dist1.lax-ca.us.xo.net 24 206.111.14.238 211 a2-0d2.dist1.sdg-ca.us.xo.net 25 209.31.222.150 80 unavailable 26 198.17.46.56 140 pinot.sdsc.edu 27 192.172.226.123 91 cider.caida.org begin:vcard n:Pawlukiewicz;Jane tel;cell:703 517-2591 tel;fax:703 289-5814 tel;work:703 289-5307 x-mozilla-html:FALSE org:Booz Allen Hamilton;Visit us on the Internet: a href=http://boozallen.com;BoozOnline/a adr:;; version:2.1 email;internet:[EMAIL PROTECTED] title:Senior Consultant fn:Jane Pawlukiewicz end:vcard
Re: remember the diameter of the internet?
On Tue, 2002-06-18 at 12:34, brett watson wrote: no, just lamenting the passing of an era. an era where we engineers cooperated, and just fixed the problems as they occured. and we didn't do things like this. Keep in mind the reason why the era passed. During that era, you had top level, blue sky engineers. Now the field has been saturated by a lot of less than desirable engineers out there (not calling you one at all) that ruined it for us all...
Re: remember the diameter of the internet?
bw Date: Tue, 18 Jun 2002 10:34:10 -0700 bw From: brett watson bw no, just lamenting the passing of an era. an era where we bw engineers cooperated, and just fixed the problems as they bw occured. and we didn't do things like this. bw turn on the sarcasm tone, and re-read my post. this could bw win the prize on Latenight with David Letterman, Stupid IP bw Routing Tricks. Does the first person to create a knight's tour traceroute on their network win a prize? ;-) Eddy -- Brotsman Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
ATTBI refuses to do reverse DNS?
A client of mine just discovered that he could no longer do ftp transfers to my machine. His IP address had changed to one in 12.240.20 and there is no reverse DNS for that block. His previous assignment was in a totally different block which did have reverse DNS. Calls to ATTBI got the answer that they are not obligated to provide reverse DNS and have no plans to do so. My servers refuse connections when there is no reverse lookup. Is this common? -- I suppose I could set up a bogus reverse for him, but, feh... -=[L]=-
Re: remember the diameter of the internet?
At 07:28 PM 6/18/2002 +0100, Stephen J. Wilcox wrote: Path is one of the last things to be checked BGP first checks all kinds of network admin defined things such as local prefs etc which ought to be properly set by the admins to ensure traffic is going the best way (which should include local interconnects rather than last resort transits). Then all things being well BGP can make choices on path! So, you're advocating that the admin do all of the optimization manually for all destinations by setting preferences? Mathew On Tue, 18 Jun 2002, Mathew Lodge wrote: At 01:33 PM 6/18/2002 -0400, Pawlukiewicz Jane wrote: Are you asking _why_ there are so many hops between yourself and the guy across town? He's not, but answer is that BGP's key metric is AS path length. This can have very little to do with the optimality (expressed as efficient use of resources) of the actual packet path. Cheers, Mathew Jane brett watson wrote: i sit behind cox-cable service at home, and in troubleshooting why my connectivity is *so* horrible, i find the following traceroute. does anyone do any sane routing anymore? does diameter matter (we used to talk about it a long, long while ago). i guess i'm just old and crusty but this seems to violate so many natural laws. i find in more random testing that i seem to be a minimum of 15 hops from anything, and it's not just the # of hops, it's the *paths* i travel. bouncing between two cities several times, on several different provider networks, from one border to the other. wow. -b traceroute www.caida.org 1 10.113.128.130 unavailable 2 68.2.6.25 10 ip68-2-6-25.ph.ph.cox.net 3 68.2.0.26 40 ip68-2-0-26.ph.ph.cox.net 4 68.2.0.18 50 ip68-2-0-18.ph.ph.cox.net 5 68.2.0.10 20 ip68-2-0-10.ph.ph.cox.net 6 68.2.0.70 10 ip68-2-0-70.ph.ph.cox.net 7 68.2.14.13 10 chnddsrc02-gew0303.rd.ph.cox.net 8 68.1.0.168 20 chndbbrc02-pos0101.rd.ph.cox.net 9 68.1.0.146 30 dllsbbrc01-pos0102.rd.dl.cox.net 10 12.119.145.125 40 unavailable 11 12.123.17.5430 gbr6-p30.dlstx.ip.att.net 12 12.122.5.86 51 gbr4-p90.dlstx.ip.att.net 13 12.122.2.11480 gbr2-p30.kszmo.ip.att.net 14 12.122.1.93 50 gbr1-p60.kszmo.ip.att.net 15 12.122.2.42 70 gbr4-p40.sl9mo.ip.att.net 16 12.122.2.20560 gbr3-p40.cgcil.ip.att.net 17 12.123.5.14560 ggr1-p360.cgcil.ip.att.net 18 207.88.50.253 90 unavailable 19 64.220.0.18980 ge5-3-1.RAR1.Chicago-IL.us.xo.net 20 65.106.1.86 70 p0-0-0-0.RAR2.Chicago-IL.us.xo.net 21 65.106.0.34 60 p1-0-0.RAR1.Dallas-TX.us.xo.net 22 65.106.0.14120 p6-0-0.RAR2.LA-CA.us.xo.net 23 64.220.0.99 80 ge1-0.dist1.lax-ca.us.xo.net 24 206.111.14.238 211 a2-0d2.dist1.sdg-ca.us.xo.net 25 209.31.222.150 80 unavailable 26 198.17.46.56 140 pinot.sdsc.edu 27 192.172.226.123 91 cider.caida.org | Mathew Lodge | [EMAIL PROTECTED] | | Director, Product Management | Ph: +1 408 789 4068 | | CPLANE, Inc. | http://www.cplane.com |
Re: ATTBI refuses to do reverse DNS?
--On Tuesday, June 18, 2002 11:30 AM -0700 Lou Katz [EMAIL PROTECTED] wrote: A client of mine just discovered that he could no longer do ftp transfers to my machine. His IP address had changed to one in 12.240.20 and there is no reverse DNS for that block. His previous assignment was in a totally different block which did have reverse DNS. Calls to ATTBI got the answer that they are not obligated to provide reverse DNS and have no plans to do so. My servers refuse connections when there is no reverse lookup. Is this common? yes, i've had similar problems with cox both when i had cox@work business service, and now that i have cox@home residential service. this feeds right into the thread that branched off my post about network diameter in which people are talking about clue factor. these networks spring up overnight, built by people who are missing some of the fundamental knowledge about how all this stuff works. and we're stuck with it as end users. -b
Re: remember the diameter of the internet?
On Tue, Jun 18, 2002 at 06:39:45PM +, E.B. Dreger wrote: That's what happened here. Rather than transitting the traffic via a last resort across town/state, the higher local-pref of a local peer won. Geography requirements for peers aren't inherently bad. There's a point where things get extreme, but it would be nice to see nationals peer in the south as well. If one has peering requirements, at least set them to reach a positive goal... BGP twiddling cannot fix a broke-ass network design. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Re: remember the diameter of the internet?
SJW Date: Tue, 18 Jun 2002 19:38:40 +0100 (BST) SJW From: Stephen J. Wilcox SJW in the below example its unclear what causes the path to be SJW the way it is but it doesnt look optimum in terms of ip hops SJW altho it presumably is only 2 or 3 AS hops I dub it... eOLPF. SJW i'm saying that AS hops give no indication of the network SJW size and there is some manual intervention to improve BGPs SJW short sight BGP might be good enough if there were enough peering points. But peering is a business decision, and perhaps vulnerable to an inverse tragedy of the commons approach. How little can you get away with before customers leave? Why peer when you hopefully can force a sale here or there? Wars of attrition can be interesting. Eddy -- Brotsman Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Off-topic - 802.1Q
Sorry for the off-topic request, but can anyone point me to a copy of the 802.1Q spec? Jeff -- Enter any 11-digit prime number to continue.. -- Jeffrey L. Oliver Email: [EMAIL PROTECTED] Network AnalystWeb: http://telecom.uleth.ca Telecommunications Unit The University of Lethbridge Cell: 403.315.4461 4401 University Drive Lethbridge, AlbertaTel: 403.329.5162 Canada, T1K3M4 Fax: 403.382.7108 --
RE: ATTBI refuses to do reverse DNS?
As an ATTBI customer at home (only [reasonably priced] high speed available in the area), the recent network/service changes being rolled out have a high negative pressure coefficient. Haven't tried FTP lately, will have to see if it still works on 'my' network tonight! I do know their USENET feed has gotten 'interesting' in the last week. Lots of 'there is no such group' with lots of new, mainly full of 'local' spam groups and significant numbers of 'no new articles' for days in normally high traffic hierarchies. Almost seems like their services are now being admin'd in China or something. Just my 2ยข. The delete key is your friend. -Al -Original Message- From: Lou Katz [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 18, 2002 11:31 AM To: [EMAIL PROTECTED] Subject: ATTBI refuses to do reverse DNS? A client of mine just discovered that he could no longer do ftp transfers to my machine. His IP address had changed to one in 12.240.20 and there is no reverse DNS for that block. His previous assignment was in a totally different block which did have reverse DNS. Calls to ATTBI got the answer that they are not obligated to provide reverse DNS and have no plans to do so. My servers refuse connections when there is no reverse lookup. Is this common? -- I suppose I could set up a bogus reverse for him, but, feh... -=[L]=-
Re: Viri capture...
[ On Tuesday, June 18, 2002 at 18:30:33 (+0100), Stephen J. Wilcox wrote: ] Subject: Re: Viri capture... Are you suggesting us as end users should reprogram every OS and Email client rather than run a virus checker? Alternatives are not rare, difficult to use, or more limited in any significaant way. Even patches are not lacking, though in this case patching over such fundamental design flaws has proven time and time again to be fallible. -- Greg A. Woods +1 416 218-0098; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED]; VE3TCP; Secrets of the Weird [EMAIL PROTECTED]
Re: remember the diameter of the internet?
Broke-ass is that a new technical term? I like it:) On Tue, 18 Jun 2002, Richard A Steenbergen wrote: On Tue, Jun 18, 2002 at 06:39:45PM +, E.B. Dreger wrote: That's what happened here. Rather than transitting the traffic via a last resort across town/state, the higher local-pref of a local peer won. Geography requirements for peers aren't inherently bad. There's a point where things get extreme, but it would be nice to see nationals peer in the south as well. If one has peering requirements, at least set them to reach a positive goal... BGP twiddling cannot fix a broke-ass network design.
Re: remember the diameter of the internet?
VA Date: Tue, 18 Jun 2002 11:52:41 -0700 (PDT) VA From: Vadim Antonov VA Regarding the diameter of the Internet - I'm still trying to VA figure out why the hell anyone would want to have edge VA routers (instead of dumb TDMs) if not for inability of IOS to VA support large numbers of virtual interfaces. Reasons I hear: 1. It's more expensive. Unh? Take a six-port router filled with dual [chan-]DS3 cards. 12 x 45 = 540 Mbps max. Real traffic probably makes it to 200 Mbps on a regular basis. A router like a 7206VXR can't be fed any more cards. Now let's take a switch. Feed it the same line cards, run frame, and convert frame cells to 802.1q-tagged GigE (native big MTU) to feed to the router. Dumb switch is cheaper than router. Backhaul two GigE (redundancy) links to the router. Scales much better. One could even have a much bigger switch, yet small dual-GigE core router. 2. It's wasteful. Just how much Internet traffic is local? We're not talking telephones, here. A little traffic _might_ go switch--router--switch. But just how much does that backhaul cost? Aggregate as cheaply as possible... TDM was great when we didn't have the CPU power to build a big enough packet-switched network. But I think that time has passed. All IMHO, of course. VA Same story goes for clusters of backbone routers. Because meshes (messes?) of cables are cool? ;-) Short of a big enough router not existing... I don't know. Eddy -- Brotsman Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
NANOG meeting stats
Greetings - here's some info about the last NANOG meeting. = NANOG 25 June 9-11 Richmond Hill, Ontario, Canada Host: Group Telecom Total Attendees: 509 (up from 425 at NANOG24) Speakers:39 (3 panels) Countries represented: 17 Wireless card loans: 52 Typical # of ethernet users: 33 Largest simultaneous # of wireless users: 400 Concurrent multicast viewers:~20 to 30 Unique multicast viewers:~50 to 100 Concurrent RealMedia viewers:up to 85 Multicast broadcast: University of Oregon, Cisco Squid, DNS, DHCP: Packet Pushers Meeting coordination: Merit Sponsors: Avici, Extreme, Group Telecom, Juniper, OPNET, Pluris, Redback, Riverstone, RouteScience
Re: ATTBI refuses to do reverse DNS?
GAH! Sorry, bad typo. On Tue, 18 Jun 2002, Robert A. Hayden wrote: Most providers provide some kind for forward/reverse mapping, including ATTBI. Often, however, they do provide customized reverse mapping (ie, ^^ do not myhost.mydomain.com). That may be where the disconnect. I believe that ATTBI has a script that auto-generates forward/reverse mappings on a regular basis. You client may be just in a waiting period before the problem corrects itselft.
Re: ATTBI refuses to do reverse DNS?
In the referenced message, Daniel Senie said: At 02:30 PM 6/18/02, Lou Katz wrote: snip Is this common? I have a CDPD card which has a fixed address. It's from Verizon Wireless. There's no INADDR. There seems to be a lack of understanding and clue all around on INADDR, which is the motivation for the above-mentioned draft. Having something to point network operators and server operators to would, IMO, help. The lack of clue tends to be on the providing in-addr side of things. I think it is a great thing to refuse connections from ips without in-addr, in the same way it is great to refuse mail from domains that don't provide postmaster addresses. It is a means through which one can influence the laziness of others. Simply disregarding what others do, only legitimizes the laziness, and continues us along the road of everyone doing the absolute minimum. Simply accepting the connections seems to be a path of least resistance which befits a pointy-hair more than an engineer. -- I suppose I could set up a bogus reverse for him, but, feh... Either you set up something, or you can make your server not care about reverse, or lose the customer. You neglect to include the option of the customer changing to an ISP that provides in-addr.
Re: ATTBI refuses to do reverse DNS?
Thus spake Stephen Griffin [EMAIL PROTECTED] The lack of clue tends to be on the providing in-addr side of things. I think it is a great thing to refuse connections from ips without in-addr, in the same way it is great to refuse mail from domains that don't provide postmaster addresses. On first reading, I thought that was sarcasm. Now I realize you're serious. It is a means through which one can influence the laziness of others. Simply disregarding what others do, only legitimizes the laziness, and continues us along the road of everyone doing the absolute minimum. ... You neglect to include the option of the customer changing to an ISP that provides in-addr. So, if you ran Amazon.com, you wouldn't accept money from customers of clueless ISPs? Sadly, even that level of coercion wouldn't be anywhere near enough to motivate most ISPs. And your (non-)customers will be caught in the crossfire. S
RE: remember the diameter of the internet?
On Tue, 18 Jun 2002, Martin, Christian wrote: Regarding the diameter of the Internet - I'm still trying to figure out why the hell anyone would want to have edge routers (instead of dumb TDMs) if not for inability of IOS to support large numbers of virtual interfaces. Same story goes for clusters of backbone routers. When ANY router becomes as reliable as a dumb TDM device, then maybe we can begin collapsing the POP topology. However, the very nature of the Internet almost prevents this reliability from being achieved (having a shared control and data plane seems to be the primary culprit). Uhm. Actually, control data planes are rather separate inside modern routers. What is flaky is router software. That's what you get when your router vendor sells you 1001 way of screwing up your routing :) There are routers out there today that can single-handedly replace entire POPs at a fraction of the rack, power, and operational cost. Hasn't happened, tho. I know two boxes like that - one is broken-as-designed, with copper distributed fabric; another (courtesy of VCs who managed to lose nearly entire engineering team mid-way but hired a bunch of marketers long before there was anything to ship) is still in beta. I don't like wasting ports for redundant n^2 or log(n^2) interconnect either, but router and reliability mix like oil and water... Actually, not. A router is a hell of a lot simpler than a Class-5 switch, particularly if you don't do ATM, FR, X.25, MPLS, QoS, multicast, IPv6, blah, blah, blah. Demonstrably (proof by existence), those switches can be made reasonably reliable. So can be routers. It's the fabled computer tech culture of be crappy, ship fast, pile features sky high, test after you ship aka OFRV's Micro$oft envy, which is the root evil. --vadim
Re: Adeklphia update
On Tue, Jun 18, 2002 at 05:30:50PM -0400, blitz wrote: Adelphia announced price increases today 90 cents a month for cable TV, bringing the package to about $39. a month in Buffalo, and $41. outside. Also they increased the powerlink cablemodem $2.00 a month. (this is the second increase this year) How do I configure my cablemodem for this? --msa
ICANN requirement for information refreshing?
I just received an email from Verisign customer service requesting I refresh my information: on an active domain that doesn't expire until 2004. My concern is that the request specifically stated ICANN required them to do this. On searching the ICANN-Verisign contract at the ICANN site, I could find no requirement for refreshing. I'm concerned this may be a covert marketing activity, since the web page for refreshing very easily could have led me into buying services from Verisign. This seems to be of operational interest to service providers hosting domains, if Verisign/Netsol can confuse people into shifting their service to them. Am I completely off base here? Is there some ICANN requirement I've missed?
Re: ICANN requirement for information refreshing?
At 07:09 PM 6/18/2002 -0400, Howard C. Berkowitz wrote: On searching the ICANN-Verisign contract at the ICANN site, I could find no requirement for refreshing. I'm concerned this may be a covert marketing activity, since the web page for refreshing very easily could have led me into buying services from Verisign. This seems to be of operational interest to service providers hosting domains, if Verisign/Netsol can confuse people into shifting their service to them. (from ICANN Registrar Accreditation Agreement - http://www.icann.org/registrars/ra-agreement-17may01.htm): 3.4.1 During the Term of this Agreement, Registrar shall maintain its own electronic database, as updated from time to time, containing data for each active Registered Name sponsored by it within each TLD for which it is accredited. The data for each such registration shall include the elements listed in Subsections 3.3.1.1 through 3.3.1.8; the name and (where available) postal address, e-mail address, voice telephone number, and fax number of the billing contact; and any other Registry Data that Registrar has submitted to the Registry Operator or placed in the Registry Database under Subsection 3.2. I guess you could consider that email as an attempt to maintain their database. That being said, the email I received contains a link which sends me to their homepage. Not very helpful if you're clueless about such matters. -- jb
39/8 ?
I'm receiving routes for 39.0.0.0/8 which is odd as IANA states this is a reserved block, as does arin but theres a route in radb .. I cant find AS4554 either and the rDNS doesnt exist in in-addr.arpa Whats this all about then? Steve *i39.0.0.0 62.24.192.1 7765100 0 6461 4554 ? [whois.radb.net] route: 39.0.0.0/8 descr: Exchange Point Networks PO 12317 Marina del Rey, CA. 90295 US origin:AS4554 mnt-by:MNT-EPNET changed: [EMAIL PROTECTED] 20020401 source:ARIN [whois.arin.net] IANA (RESERVED-39A) Internet Assigned Numbers Authority 4676 Admiralty Way, Suite 330 Marina del Rey, CA 90292-6695 US Netname: RESERVED-39A Netblock: 39.0.0.0 - 39.255.255.255 Coordinator: Internet Corporation for Assigned Names and Numbers (IANA-ARIN) [EMAIL PROTECTED] (310) 823-9358 Domain System inverse mapping provided by: FLAG.EP.NET 198.32.4.13 DOT.EP.NET 198.32.2.10
Re: remember the diameter of the internet?
Thus spake Vadim Antonov [EMAIL PROTECTED] Actually, not. A router is a hell of a lot simpler than a Class-5 switch, particularly if you don't do ATM, FR, X.25, MPLS, QoS, multicast, IPv6, blah, blah, blah. The data plane is remarkably easier. The control plane is arguable. And without ATM, FR, MPLS, QOS, multicast, etc. nobody will be buying your router. Demonstrably (proof by existence), those switches can be made reasonably reliable. So can be routers. It's the fabled computer tech culture of be crappy, ship fast, pile features sky high, test after you ship aka OFRV's Micro$oft envy, which is the root evil. The question is actually whether anyone would pay the cost of a perfect router. People complain that today's routers are too expensive, and most vendors are going bankrupt or giving up. Many of those were marketing to the featureless and reliable niche. S
BGP communities usage for route origin, entry point
This started off as me being curious as to why a UUNet engineer I was talking to told me he could not understand why a network would support a feature such as BGP communities for identifying the origin of a route/network entry point. I tried to explain to him the advantage of being able to quickly identify where a route originates from (geographically), type of interconnect, type of peer (in this case I use peer for any BGP peer, customer or transit). I explained that it could be usefull for debugging and gaining more background info (route analysis is one of my favorite tasks) and some of the major and minor networks do provide such a feature/service. Still the engineer could not understand why and only saw this as a security issue, well I guess when you work for a network that does not provide any public looking glass or route server it's not really a surprise /rant This triggered a thought, do many people actually use BGP communities to pinpoint a route origination point/type, and if so for what purpose (debugging, analysis, other) Thomas PS: If UUNet do actually support this feature please tell me who I should contact.
Re: ATTBI refuses to do reverse DNS?
On Tue, Jun 18, 2002 at 04:54:54PM -0500, Stephen Sprunk wrote: Thus spake Stephen Griffin [EMAIL PROTECTED] The lack of clue tends to be on the providing in-addr side of things. I think it is a great thing to refuse connections from ips without in-addr, in the same way it is great to refuse mail from domains that don't provide postmaster addresses. On first reading, I thought that was sarcasm. Now I realize you're serious. I've found that filtering out mail from people that have no reverse dns tends to typically point to a) open-relays, b) spam, c) lack of working abuse/postmaster. It is a means through which one can influence the laziness of others. Simply disregarding what others do, only legitimizes the laziness, and continues us along the road of everyone doing the absolute minimum. ... You neglect to include the option of the customer changing to an ISP that provides in-addr. So, if you ran Amazon.com, you wouldn't accept money from customers of clueless ISPs? You can't do it on the store side, but you can do it on the residental customer side, or at least give those messages a higher level of attention in any overall spam score for a message. Sadly, even that level of coercion wouldn't be anywhere near enough to motivate most ISPs. And your (non-)customers will be caught in the crossfire. Anyone that sends e-mail to me from a host/server with no reverse dns I will not see. It is not rejected w/ 400/500 series code as I know some people do. it goes to it's own 'spam' folder. I have found that some companies (american express) for example can not seem to make their systems have reverse dns, and they suffer from the lack of a working postmaster/hostmaster address too. It just means i read that folder once every few days and periodically send e-mail to people i know that have hit the filter or other legit folks. - jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: BGP communities usage for route origin, entry point
TK Date: Tue, 18 Jun 2002 20:13:50 -0400 TK From: Thomas Kernen TK This triggered a thought, do many people actually use BGP TK communities to pinpoint a route origination point/type, and TK if so for what purpose (debugging, analysis, other) Analysis and mild tuning. Perhaps I'm strange, but this is one of thing things that I consider pre-sale when working with a provider with which I'm unfamiliar. It's not a deal-breaker, but is something to which I pay attention. Note that this is most significant for Web content providers, for obvious reasons. Several providers tag internally, although some do not disclose their tags. Granularity and detail vary widely. (Compare CW with GBLX, for example.) Eddy -- Brotsman Dreger, Inc. - EverQuick Internet Division Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 (785) 865-5885 Lawrence and [inter]national Phone: +1 (316) 794-8922 Wichita ~ Date: Mon, 21 May 2001 11:23:58 + (GMT) From: A Trap [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Please ignore this portion of my mail signature. These last few lines are a trap for address-harvesting spambots. Do NOT send mail to [EMAIL PROTECTED], or you are likely to be blocked.
Re: ATTBI refuses to do reverse DNS?
And it will continue to work that way. That is the quality work of the people who spend many man-hours putting together such a system that is robust enough that when i decide that when you send me e-mail (not via a list) from a host that has no reverse dns, i can easily flag that for further scrutiny. What you are missing here is that, while yes, you can send e-mail from root@[1.2.3.4] to people, they may say hmm, e-mail from an ip address is not typical of the people that i communicate with, and therefore treat it differntly. just like policy-routing but for your mailbox. it is a good reflection of provider clue(tm). even if they have rev-192.168.0.1.example.com. as their reverse dns, it's slightly more responsible (imho) than nothing/nxdomain. - jared On Tue, Jun 18, 2002 at 05:48:29PM -0700, Patrick Thomas wrote: Hi - what if I don't _want_ a domain name ? Last time I checked all of the standard Internet protocols worked just fine with just an IP - thank you for imposing your own sense of expediency and convenience on me and then arbitrarily breaking the network for me when I choose not to participate. --PT On Tue, 18 Jun 2002, Jared Mauch wrote: On Tue, Jun 18, 2002 at 04:54:54PM -0500, Stephen Sprunk wrote: Thus spake Stephen Griffin [EMAIL PROTECTED] The lack of clue tends to be on the providing in-addr side of things. I think it is a great thing to refuse connections from ips without in-addr, in the same way it is great to refuse mail from domains that don't provide postmaster addresses. On first reading, I thought that was sarcasm. Now I realize you're serious. I've found that filtering out mail from people that have no reverse dns tends to typically point to a) open-relays, b) spam, c) lack of working abuse/postmaster. It is a means through which one can influence the laziness of others. Simply disregarding what others do, only legitimizes the laziness, and continues us along the road of everyone doing the absolute minimum. ... You neglect to include the option of the customer changing to an ISP that provides in-addr. So, if you ran Amazon.com, you wouldn't accept money from customers of clueless ISPs? You can't do it on the store side, but you can do it on the residental customer side, or at least give those messages a higher level of attention in any overall spam score for a message. Sadly, even that level of coercion wouldn't be anywhere near enough to motivate most ISPs. And your (non-)customers will be caught in the crossfire. Anyone that sends e-mail to me from a host/server with no reverse dns I will not see. It is not rejected w/ 400/500 series code as I know some people do. it goes to it's own 'spam' folder. I have found that some companies (american express) for example can not seem to make their systems have reverse dns, and they suffer from the lack of a working postmaster/hostmaster address too. It just means i read that folder once every few days and periodically send e-mail to people i know that have hit the filter or other legit folks. - jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine. -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
D.C. area based ISP's unite
FYI: o ISPs Form DC-based Organization To Battle Large Telecom Firms Washington, DC -- About 200 Internet service providers (ISPs) from around the country have formed a new organization based in Washington DC that will battle against what they call monopolistic local telephone companies regarding the future deployment of broadband. The new DC-based organization, called The BroadNet Alliance, plans to lobby the federal government on behalf of smaller ISPs. How America chooses to deploy broadband is one of the most central policy issues of our time. Though there are many voices on the traditional long distance, cable and local telephone sides, the country's independent broadband providers have lacked a clear voice in the debate, said Maura Colleton, Executive Director of BroadNet. http://www.newsalert.com/bin/story?StoryId=Cpq6WqbWbrenuvtaYoqFQ
Re: ATTBI refuses to do reverse DNS?
[ On Tuesday, June 18, 2002 at 17:47:10 (-0400), Daniel Senie wrote: ] Subject: Re: ATTBI refuses to do reverse DNS? While I believe people SHOULD be providing INADDR service, the people hurt by refusing connections are rarely the ones who have any influence. On the contrary! The people who are supposedly hurt here are those who ultimately have the most influence. In the end they can vote with their wallets even if they can't edit the appropriate zone files directly. (And the whole idea behind DNS trust really revolves around having two different parties agree on the mapping, not in simply allowing the user to edit their own reverse DNS!) Just as Network Address Translation is not a security solution, neither is checking INADDR. I don't think anyone has said that DNS consistency is a security solution. You keep confusing these concepts I think. It's only one tiny part of the picture. Fully consistent DNS only increases the level of trust you can have in the hostnames used. Since hostnames are supposed to be more stable than IP addresses, you _want_ to have more trust in the hostnames, but with current protocols you cannot unless there is full consistency between forward and reverse lookups. Now if you check INADDR over Secure DNS, you might start having some level of information to trust. We can only hope, but I'll believe it when I see it. -- Greg A. Woods +1 416 218-0098; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED]; VE3TCP; Secrets of the Weird [EMAIL PROTECTED]
Re: ATTBI refuses to do reverse DNS?
[ On Tuesday, June 18, 2002 at 16:54:54 (-0500), Stephen Sprunk wrote: ] Subject: Re: ATTBI refuses to do reverse DNS? So, if you ran Amazon.com, you wouldn't accept money from customers of clueless ISPs? Luckily Amazon.com and sites like it, and more importantly their customers, have the assurance of credit card banks to back up their transactions -- they don't really need any of this pesky Internet security B.S. to secure their transactions. -- Greg A. Woods +1 416 218-0098; [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Planix, Inc. [EMAIL PROTECTED]; VE3TCP; Secrets of the Weird [EMAIL PROTECTED]
Re: Adeklphia update
On Tue, 18 Jun 2002, blitz wrote: Adelphia announced price increases today 90 cents a month for cable TV, bringing the package to about $39. a month in Buffalo, and $41. outside. Also they increased the powerlink cablemodem $2.00 a month. (this is the second increase this year) Gee, someone finally figured out they can't offer it at a loss...
Re: Adeklphia update
quote who=Martin Hannigan On Tue, 18 Jun 2002, blitz wrote: Adelphia announced price increases today 90 cents a month for cable TV, bringing the package to about $39. a month in Buffalo, and $41. outside. Also they increased the powerlink cablemodem $2.00 a month. (this is the second increase this year) Gee, someone finally figured out they can't offer it at a loss... For the second time this year no less! ;-) -davidu -- Never doubt that a small group of thoughtful citizens can change the world. Indeed, it is the only thing that ever has. --Margaret Mead
RE: D.C. area based ISP's unite
Its interesting that an organization of ISPs has a press release before the website is up. :) DJ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Irwin Lazar Sent: Tuesday, June 18, 2002 10:22 PM To: '[EMAIL PROTECTED]' Subject: D.C. area based ISP's unite FYI: o ISPs Form DC-based Organization To Battle Large Telecom Firms Washington, DC -- About 200 Internet service providers (ISPs) from around the country have formed a new organization based in Washington DC that will battle against what they call monopolistic local telephone companies regarding the future deployment of broadband. The new DC-based organization, called The BroadNet Alliance, plans to lobby the federal government on behalf of smaller ISPs. How America chooses to deploy broadband is one of the most central policy issues of our time. Though there are many voices on the traditional long distance, cable and local telephone sides, the country's independent broadband providers have lacked a clear voice in the debate, said Maura Colleton, Executive Director of BroadNet. http://www.newsalert.com/bin/story?StoryId=Cpq6WqbWbrenuvtaYoqFQ
