Re: TELEHOUSE America Internet Software Consortium Develop DNSF-root Server in New York Los Angeles
On Mon, 10 Feb 2003, Paul Vixie wrote: Deal Enables ISC to Mirror DNS Root Server in Additional U.S. Locations Let's hope Telehouse put them on the good generator. N+1 is no fun if the +1 can't be routed to the 5th floor when N chokes up. http://biz.yahoo.com/bw/030210/102340_1.html
Re: VoIP QOS best practices
On Mon, 10 Feb 2003, Aditya wrote: FWIW, I purchased a Cisco ATA-186 and then a 7960 on eBay (after trying out MS Messenger and finding it lacking) and they just work. I also have used the same units to get a PSTN phone number routed over IP using www.iconnecthere.com -- and you can make it work behind NAT too (but I can assure you it's easier without NAT). Vonage (vonage.com) let's you get your feet wet at $25/month. Limited outbound, but unlimited inbound and you can pick from many area codes. They supply the ATA, and you have 30 days to play. IConnectHere.com is the consumer arm of Delta3. They are OK, but they offer no help if you get stuck. Vonage is truly plug-n-play. Works fine behind NAT, doesn't require any ports to be opened to function behind a nat or firewall. Just make sure 5060/udp and 69/udp can go out and you're off and running. As others have stated, it's more fun to talk about VoIP after you've used it. I've found the voice quality equals or exceeds my POTS line. There is some echo at times when the call starts, then the magic echo-cancellation stuff seems to learn and things get better. The delay is fine, but can be a bit off-putting during a multi-person conference call between excited tech and marketing folks. But if you regularly use a cell phone, you may not even notice this, as I find the delay on my cell to be worse. What I'm guessing Bill is getting at is the common VoIP implementations out there are running UDP. Since it's in spray and pray mode, you'll be worried more about it stepping on your well-behaved TCP traffic than vice-versa. I'm running a codec that tops out around 80Kb/s on an ADSL line and I've yet to find a way to affect my voice traffic. In 6 months of using the service I've yet to have a dropped call, and I regularly make 80 minute+ calls. All in all I think there's less voodoo involved than most people imagine. It just works. Now I need to figure out how to break into my ATA so I can use it for FWD as well (the ATA ships with an md5 key and the config it fetches via tftp is encrypted)... Anyone? C I'm willing to play tech support via email if anyone has questions about getting started. Adi
VOIP on the net from your PDA?
If any of you have the Sharp Zaurus SL-5500 (or the C700 -- hi Avi!), have you tried doing VOIP over Wi-Fi and the net using tkcPhone http://www.thekompany.com/embedded/tkcphone/ or any other VOIP software? What kind of quality do you get with this? If this type of PDA phone application really does work as well as Bill's comments would indicate, then I think it will drive a lot of voice traffic onto the Internet. We really need to play around with this stuff (voice) ourselves and understand it better because there are opportunities here with all the turmoil surrounding the so-called shift to 3G cellular. Here in England, BT recently ran some TV commercials to introduce free evening and weekend calling on the cell network by showing a couple using a cellphone upstairs in the baby's room to replace the broken baby monitor by dialling into the home phone in the livingroom. This is just one example of how changing the pricing structure could radically change people's behavior in using a service. -- Michael Dillon
Re: TELEHOUSE America Internet Software Consortium Develop DNS F-root Server in New York Los Angeles
Charles Sprickman [EMAIL PROTECTED] writes: On Mon, 10 Feb 2003, Paul Vixie wrote: Deal Enables ISC to Mirror DNS Root Server in Additional U.S. Locations Let's hope Telehouse put them on the good generator. N+1 is no fun if the +1 can't be routed to the 5th floor when N chokes up. All is well if the router that announces the network is plugged into the same circuit (or if the announcement comes from a BGP speaker on the box itself). No big deal to lose a single root anyway, but this scenario would keep F working as advertised, so to speak. ---Rob
Lawful Interception in the world...
I'm trying to collect some informations on Lawfull Interception over the world... Does any country in the world require such things ? LOGS (6 months archive required) - mail header logs (all mails, in, out, relay) - pop3/imap/webmail access logs (all accounts) - dhcp/dial/adsl/gprs/whatever accounting logs (all users) RealTime - mail interception (IN,OUT,RELAY) for a certain From/To address or a certain IP. the mail has to be encrypted with PGP and sent directly to the Law enforcement as a mail attachement. Thank you for taking 2 minutes to answer to nanog or privatly, this is important. P.
Re: Lawful Interception in the world...
Pascal Gloor wrote: Does any country in the world require such things ? To put a small operational comment here [this is NANOG isn't it?], customers with Slammer worm -really- blow out internal NetFlow between themselves and the nearest filter blocking them. We had a lot of 56k modem customers with Slammer so we hadn't noticed them in terms of any throughput graphs, and their actual traffic gets blocked at various points, but before it does it has a drastic effect on the NetFlow server. So if anyone else is keeping complete NetFlows of every router in your network and wondering why they've grown so much over the past few weeks... find everything to UDP destination 1434 and get someone to contact the customer *sigh* In Australia you aren't -required- to keep anything, but anything you do happen to have/keep (eg. proxy logs, NetFlow, mail logs, RADIUS logs, etc) you are required to hand over on a proper request. And if you do happen to keep reasonable logs and co-operate with authorities where required (very rare that it's actually required), then they're unlikely to do something unkind such as take your ISP's servers as potential evidence for six months, which of course they'd be perfectly entitled to do (after months of careful analysis they may find some old logs that have been written over 100 times by carefully removing each magnetic signal to reveal traces of the one before, for example - so it's a justified but far from idea action). I've never had an unreasonable or intrusive request from the authorities, even as an example when a suspected murderer who had contacted his alleged victim(s) via the internet had left his email on the server they did not request his email as that was beyond the bounds of what they are comfortable to request (fortunately - because we would have had to consult the lawyers on the legality of releasing actual communications content; the analogy of the envelope and the contents is an often used one, in traditional mail the writing on the envelope is essentially public knowledge but the contents of the envelope are subject to strict privacy laws. NetFlow inspects packet headers - envelope. Proxy logs contain only the size and address of requests - envelope. Similarly mail logs; address, return address, size, etc - envelope details again. But mailbox contents correspond to envelope contents, so they're a much harder question). The authorities are usually quite understanding that logs are quite large, and if they have a request they must get it to us quickly to expect a useful response. And the response is has been in 100% of cases that we've identified a customer who happens to be a Net Cafe... so they get to go and try their luck on getting a Net Cafe to identify a customer from their proxy logs and customer records (yeah, sure). Note that caller ID is very special here. Specifically, the caller ID used to connect to an account must NOT be revealed to the account holder (think: account holder checks usage, finds out who did it, and goes over to go kill person responsible for large bill), and must ONLY be revealed to responsible authorities with some very specific paperwork. This is contrary to, for example, Singapore (where our parent company operates), where each customer sees the caller ID details on their online usage summary. As to extremes of lawful interception - try Singapore and China. Singapore Govt require the use of a proxy (if the proxies are all down, the internet is down), so I'd assume they also require keeping of the proxy logs. I don't know if it's still the case, but it used to be that Singapore had a banned list for the proxies and China took things to a further extreme by having an ok sites list rather than a banned list. David. -- David Luyer Phone: +61 3 9674 7525 Network Development ManagerP A C I F I CFax: +61 3 9699 8693 Pacific Internet (Australia) I N T E R N E T Mobile: +61 4 BYTE http://www.pacific.net.au/ NASDAQ: PCNTF
Re: TELEHOUSE America Internet Software Consortium Develop DNS F-root Server in New York Los Angeles
On Tuesday, Feb 11, 2003, at 07:50 Canada/Eastern, Robert E. Seastrom wrote: Charles Sprickman [EMAIL PROTECTED] writes: On Mon, 10 Feb 2003, Paul Vixie wrote: Deal Enables ISC to Mirror DNS Root Server in Additional U.S. Locations Let's hope Telehouse put them on the good generator. N+1 is no fun if the +1 can't be routed to the 5th floor when N chokes up. All is well if the router that announces the network is plugged into the same circuit (or if the announcement comes from a BGP speaker on the box itself). No big deal to lose a single root anyway, but this scenario would keep F working as advertised, so to speak. [Apologies to Suzanne for pre-empting her discussion about this.] Each F-root node is carefully designed so that most failures which could stop a nameserver answering queries are reflected in the network, both within the F-root node, and within the F-root's service area. If a nameserver within a node is not available, the node will not send it queries; if all nameservers within a node are not available, the node will stop advertising 192.5.5.0/24 to its local community of peers, who will stop sending queries to the node. The potential for global instability in (and corresponding dampening of) 192.5.5.0/24 due to some oscillatory error condition in a particular node is limited by the fact that each non-Palo Alto node advertises 192.5.5.0/24 to peers only, and precautions are taken to limit the propagation of that prefix through peer networks. Only the Palo Alto node advertises 192.5.5.0/24 for global transit. If a local F-root node withdraws service, resolvers within its catchment area will see the BGP path to the global F-root node in Palo Alto exposed and selected. The change in relative RTTs will then cause resolvers (BIND-like resolvers, anyway) to reorder their ranking of how close the 13 root servers are, and referrals to the root from the catchment of the dead node will tend towards the new closest server, which may or may not be F. Hence, a failure of a restricted-anycast node restores the usual availability of root servers -- it effectively just removes the local optimisation that the anycast node was providing. Joe
Re: VOIP on the net from your PDA?
If any of you have the Sharp Zaurus SL-5500 (or the C700 -- hi Avi!), have you tried doing VOIP over Wi-Fi and the net using tkcPhone http://www.thekompany.com/embedded/tkcphone/ or any other VOIP software? In so far as I can tell from the documentation, the 5500 has a mono-audio-in port built-in, but the C700 does not, and getting audio into it means using the CF slot, which precludes networking. Can anyone clarify that? -Bill
Re: VoIP QOS best practices
On Mon, 10 Feb 2003, Aditya wrote: FWIW, I purchased a Cisco ATA-186 and then a 7960 on eBay (after trying out MS Messenger and finding it lacking) and they just work. I also have used the same units to get a PSTN phone number routed over IP using www.iconnecthere.com -- and you can make it work behind NAT too (but I can assure you it's easier without NAT). Vonage (vonage.com) let's you get your feet wet at $25/month. Limited outbound, but unlimited inbound and you can pick from many area codes. They supply the ATA, and you have 30 days to play. IConnectHere.com is the consumer arm of Delta3. They are OK, but they offer no help if you get stuck. Vonage is truly plug-n-play. Works fine behind NAT, doesn't require any ports to be opened to function behind a nat or firewall. Just make sure 5060/udp and 69/udp can go out and you're off and running. As others have stated, it's more fun to talk about VoIP after you've used it. I've found the voice quality equals or exceeds my POTS line. There is some echo at times when the call starts, then the magic echo-cancellation stuff seems to learn and things get better. The delay is fine, but can be a bit off-putting during a multi-person conference call between excited tech and marketing folks. But if you regularly use a cell phone, you may not even notice this, as I find the delay on my cell to be worse. What I'm guessing Bill is getting at is the common VoIP implementations out there are running UDP. Since it's in spray and pray mode, you'll be worried more about it stepping on your well-behaved TCP traffic than vice-versa. I'm running a codec that tops out around 80Kb/s on an ADSL line and I've yet to find a way to affect my voice traffic. In 6 months of using the service I've yet to have a dropped call, and I regularly make 80 minute+ calls. All in all I think there's less voodoo involved than most people imagine. It just works. Now I need to figure out how to break into my ATA so I can use it for FWD as well (the ATA ships with an md5 key and the config it fetches via tftp is encrypted)... Anyone? Tough one there. I've tried, but the only thing I've been able to do is reset to factory defaults. In any case, the current ATA software (2.15) doesn't support multiple proxies; you can have two accounts, but they seem to only use one gateway/proxy (and a failover.) Any evidence to the contrary is welcome. I found the way around this is to use Asterisk (http://www.asterisk.org/) and register my iconnecthere.com account from the server. I can have as many SIP accounts registered at the server, and they all act as incoming channels that can then be routed to my ATA-186 (or to voicemail, or to an IVR, or whatever.) I've had success in the last two days in getting my analog line at the house, my INOC-DBA phone, my iconnecthere.com account, and a SIP gateway on the other side of the continent to all make calls inbound/outbound from my single ATA-186 on my desk. There are still some bugs to be worked out, but it's rapidly getting to be a locally-controlled voice system for multiple gateways. FWIW, I'll be posting a summary on the INOC-DBA list shortly on how to get it working. Now, back to the NANOG-ish content: I know a fundamental change in technology when I see it, and VOIP is an obvious winner. VOIP has been smoldering for a few years, and the sudden growth of various easy-to-implement SIP proxies and service platforms, plus the sudden drop in price of SIP hard-phones, is going to push growth tremendously. Currently, the underlying technology is UDP that moves calls around. This is all well and good until you get thousands, tens of thousands, hundreds of thousands of calls going at once. QoS is, as Bill says, not a problem right now on public networks; I've used VOIP across at least three exchange or peering sessions (in each direction, no less!) and suffered no quality loss, even at 80kbps rates. However, when a significant percentage of cable and DSL customers across the country figure this technology out, does this cause problems for those providers? Is it worthwhile for large end-user aggregators to start figuring out how they are going to offer this service locally on their own networks in order to save on transit traffic to other peers/providers? Or is this merely a tiny bump in traffic, not worth worrying about? More interestingly: what happens to the network when the first shared LD software comes into creation? Imagine 1/3 (to pick a worst-case percentage) of your customers producing and consuming (possibly) 80kbps of traffic for 5 hours a day as they offer their local analog lines to anyone who wants to make local calls to that calling area. Overseas calling I expect will show similar growth. Nobody wants to pay $.20 or even $.10 per minute to Asian nations, so as soon as Joe User figures out how this VOIP stuff works, there will be (is?) a tendency for UDP increases on
Re: VoIP QOS best practices
Indeed. I've unfortunately had many instances where a company runs 5+ VoIP calls -- in addition to data traffic -- over a 64k circuit with the line staying at 95-100% capacity 24x7. It's not easy, but it's doable. We're not running VoIP, but we did run an OC3 at 100% 24x7 for 6 months and, with custom queuing and some clever traffic shaping, no one noticed. Eric :)
Re: Lawful Interception in the world...
I'm trying to collect some informations on Lawfull Interception over the world... Does any country in the world require such things ? LOGS (6 months archive required) - mail header logs (all mails, in, out, relay) - pop3/imap/webmail access logs (all accounts) - dhcp/dial/adsl/gprs/whatever accounting logs (all users) RealTime - mail interception (IN,OUT,RELAY) for a certain From/To address or a certain IP. the mail has to be encrypted with PGP and sent directly to the Law enforcement as a mail attachement. Thank you for taking 2 minutes to answer to nanog or privatly, this is important. There are requirements to be able to do lawful interception, some countries such as Switzerland have defined the mechanism, some countries such as the UK have not yet done this. I think Germany has done this. Regards, Neil. -- Neil J. McRae - Alive and Kicking [EMAIL PROTECTED]
re: BST - BGP Scalable Transport
Hi Ron, On Mon, 2003-02-10 at 11:24, Ron da Silva wrote: Van/Cengiz/Kedar, Questions that missed the cutoff at the end of your preso: Most operators have some per-peer inbound policies. Since the next hop adjacency may move around due to chaning primaries, where do you configure the policy ? (all routers?) Yes. The entire pool of routers responsible for ebgp peers on that location needs to share the configuration information because any one of them could be the primary for that peer. Also, some of those polices include modifying attributes before forwarded the update internally via iBGP. Where does the policy get implemented? (on the NA box?) Policy is applied at the primary and the secondary routers for the ebgp peer. The bst sessions used for handling the ebgp peer and ibgp peers are different and the rest of the routers will only learn the modified routes from the primary. Cengiz
RE: Spam Cost Resources [ trustworthy ]
Do these figures take into account the number of calls you will get from sales when they realize you lost the profit equivalent of 2 to 3 large business customers? Or the legal fees incurred by shutting the customer off? Most spammers work terms into their contracts whereas if it is not fulfilled to their satisfaction or if you threaten them, you have the option of buying back the contract from them (it's not as simple as just killing their circuit and telling them to go away). There is a lot more to it than just NOC man hours, which could be very detrimental to your company. --- Michael Damm, MIS Department, Irwin Research Development V: 509.457.5080 x298 F: 509.577.0301 E: [EMAIL PROTECTED] -Original Message- From: Alif The Terrible [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 7:44 PM To: Martin Hannigan Cc: [EMAIL PROTECTED] Subject: Re: Spam Cost Resources [ trustworthy ] On Mon, 10 Feb 2003, Martin Hannigan wrote: Does anyone have a resource that they believe in when it refers to how much spam really costs Network operatos? http://www.nytimes.com/2003/02/09/magazine/09SPAM.html I'm trying to do some validation. Thanks. -M Hi Martin, I just did these numbers a little over two months ago, as justification for another head count (cheaper to have more heads as we shut down fewer people). Each complaint costs us about $3.50, and each case (more than 5 complaints get a case) costs us around $8.00. The costs associated with actually working a case varied wildly, depending on whether we shut the customer down (worst case), have to repetitively threaten to shut them down, etc... The Average case cost us $35.00 to work, but, as I said above, this takes a LOT of things into account. Please feel free to use these numbers, but strip identifying data, as the name associated with them (obviously) did not, and will not, consent to this stuff leaving the company. //Alif
Streaming dead again.
Dying at merit.demarc.cogentco.com with 3561ms figures in traceroute. How many would pay some $$$ for this to be moved in the future to a premium service provided by someone like RealMedia. Methinks the merit servers are getting crushed. I'd pony up some $$$ to virtually attend it if it were reliable. Seems a lot less reliable this time around. FWIW, if the only video shot is a long shot of a talking head wireless discussion, save the bandwidth and only stream the audio, or cut to the slides if there are some. Burning 80k to see a pixelated animation doesn't do anyone any good. Eric == Eric GermannCCTec [EMAIL PROTECTED] Van Wert OH 45801 http://www.cctec.comPh: 419 968 2640 Fax: 603 825 5893 The fact that there are actually ways of knowing and characterizing the extent of ones ignorance, while still remaining ignorant, may ultimately be more interesting and useful to people than Yarkovsky -- Jon Giorgini of NASAs Jet Propulsion Laboratory BEGIN:VCARD VERSION:2.1 N:Germann;Eric FN:Eric Germann ORG:CCTec TEL;WORK;VOICE:(419) 968-2640 TEL;WORK;FAX:(603) 825-5893 ADR;WORK:;;17780 Middle Point Road;Van Wert;OH;45891;United States of America LABEL;WORK;ENCODING=QUOTED-PRINTABLE:17780 Middle Point Road=0D=0AVan Wert, OH 45891=0D=0AUnited States of Americ= a URL: URL:http://www.cctec.com EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20010529T013421Z END:VCARD
Re: Spam Cost Resources [ trustworthy ]
It seems that it would be in the isp's interests then to not get itself into those restrictive contracts. If the customer does not like it they can go elsewhere. Mike Damm wrote: Do these figures take into account the number of calls you will get from sales when they realize you lost the profit equivalent of 2 to 3 large business customers? Or the legal fees incurred by shutting the customer off? Most spammers work terms into their contracts whereas if it is not fulfilled to their satisfaction or if you threaten them, you have the option of buying back the contract from them (it's not as simple as just killing their circuit and telling them to go away). There is a lot more to it than just NOC man hours, which could be very detrimental to your company. --- Michael Damm, MIS Department, Irwin Research Development V: 509.457.5080 x298 F: 509.577.0301 E: [EMAIL PROTECTED] -Original Message- From: Alif The Terrible [mailto:[EMAIL PROTECTED]] Sent: Monday, February 10, 2003 7:44 PM To: Martin Hannigan Cc: [EMAIL PROTECTED] Subject: Re: Spam Cost Resources [ trustworthy ] On Mon, 10 Feb 2003, Martin Hannigan wrote: Does anyone have a resource that they believe in when it refers to how much spam really costs Network operatos? http://www.nytimes.com/2003/02/09/magazine/09SPAM.html I'm trying to do some validation. Thanks. -M Hi Martin, I just did these numbers a little over two months ago, as justification for another head count (cheaper to have more heads as we shut down fewer people). Each complaint costs us about $3.50, and each case (more than 5 complaints get a case) costs us around $8.00. The costs associated with actually working a case varied wildly, depending on whether we shut the customer down (worst case), have to repetitively threaten to shut them down, etc... The Average case cost us $35.00 to work, but, as I said above, this takes a LOT of things into account. Please feel free to use these numbers, but strip identifying data, as the name associated with them (obviously) did not, and will not, consent to this stuff leaving the company. //Alif -- May God Bless you and everything you touch. My foundation verse: Isaiah 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.
Locating rogue APs
Apologies if this ends up on the list multiple times. I seem to have trouble getting this posted in a timely fashion. In general, MAC OUI designations may indicate a particular AP. IP multicast group participation may also be used by some APs. Some APs have a few unique ports open. Lastly, APs may be found with a radio on a particular default channel. All of these potentially identifying characteristics may be used to help audit the network for rogue IPs. Below is information on locating particular APs: Multicast Groups 224.0.1.40 Cisco/Aironet (newer versions) 224.0.1.76 Lucent/Avaya 224.1.0.1Cisco/Aironet You can locate who group members are by doing the following on a Cisco router: show ip igmp group group-ip-address Protocols/Ports --- Cisco/Aironet APs have two UDP ports open: 2887 and . Well known AP MAC OUIs -- f0 Samsung 00022d Lucent (Orinoco) 0002b3 Intel 00032f Global Sun Technology (Linksys) 00045a Linksys 0010e7 BreezeCom (BreezeNet) 0020d8 NetWave Technologies (BayNetworks) 003065 Apple 004005 ANI Communications 004096 Aironet 00508b Compaq 00601d Lucent (WaveLan) 0090d1 Leichu Enterprise Co. (Addtron) 00a0f8 Symbol Technologies 00e029 Standard Microsystems Corp. 080002 3Com 080046 Sony Well known AP default channels -- 4: Lucent 6: Aironet, Compaq, BreezeNet John
Re: Streaming dead again.
How many would pay some $$$ for this to be moved in the future to a premium service provided by someone like RealMedia. Methinks the merit servers are getting crushed. Methinkg Akamai might be a candidate to offer this service to nanog in the future perhaps? :) Avi? FWIW the stream is working fine for me except they're not showing the slides... -Scott
Re: Streaming dead again.
I'm not sure whom to contact, but if the person responsible for the webcasts want's to contact me off list, I can offer up some idea's. (I've got some experience pushing webcast's to 2000+) Matt On Tue, 11 Feb 2003 11:51:06 -0500 Eric Germann [EMAIL PROTECTED] wrote: Dying at merit.demarc.cogentco.com with 3561ms figures in traceroute. How many would pay some $$$ for this to be moved in the future to a premium service provided by someone like RealMedia. Methinks the merit servers are getting crushed. I'd pony up some $$$ to virtually attend it if it were reliable. Seems a lot less reliable this time around. FWIW, if the only video shot is a long shot of a talking head wireless discussion, save the bandwidth and only stream the audio, or cut to the slides if there are some. Burning 80k to see a pixelated animation doesn't do anyone any good. Eric = = Eric GermannCCTec [EMAIL PROTECTED] Van Wert OH 45801 http://www.cctec.comPh: 419 968 2640 Fax: 603 825 5893 The fact that there are actually ways of knowing and characterizing the extent of onemore interesting and useful to people than Yarkovsky -- Jon Giorgini of NASA
Re: Lawful Interception in the world...
Pascal Gloor wrote: I'm trying to collect some informations on Lawfull Interception over the world... Does any country in the world require such things ? Have a look at Jaya Baloo's talk from Hivercon and 19C3 (Lawful Interception of IP Traffic in the European Context): http://www.hivercon.com/hc02/talk-baloo.htm Nico. -- Nicolas FISCHBACH ([EMAIL PROTECTED]) http://www.securite.org/nico/ Senior Manager - IP Engineering/Security - COLT Telecom Securite.Org Team http://www.securite.org/
Re: Lawful Interception in the world...
On Tue, 11 Feb 2003, Pascal Gloor wrote: I'm trying to collect some informations on Lawfull Interception over the world... Does any country in the world require such things ? It is always best to consult a lawyer suitably licensed to give legal advice in the jurisdiction of interest. Lawyers for US ISPs should be aware of the http://www.cybercrime.gov/ web site from the Computer Crime division of the US Department of Justice. It provides a good overview of US Federal law on computer crime and suggested investigation techinques. However, they have nothing to do with National Security investigation interceptions. The American Library Association http://www.ala.org/alaorg/oif/ provides information which is a little easier for non-lawyers to read. The Electronic Frontier Foundation http://www.eff.org/ has links to numerous groups.
Re: Streaming dead again.
At 11:51 AM 2/11/2003, Eric Germann wrote: Dying at merit.demarc.cogentco.com with 3561ms figures in traceroute. How many would pay some $$$ for this to be moved in the future to a premium service provided by someone like RealMedia. Methinks the merit servers are getting crushed. Raises hand as someone who'd be willing to pay a virtual attendance fee. I'd pony up some $$$ to virtually attend it if it were reliable. Seems a lot less reliable this time around. I've tried several times to suggest a virtual attendance fee for IETF meetings as well. There seems to be significant resistance to the concept in that group, perhaps NANOG will be more receptive? For the fee, I'd expect some sort of a back-channel as well (IRC channel, email address or something so that folks who're attending virtually can ask questions of the presenter).
Streaming: Where are the Slides?
I was curious if it was possible to ask the excellent videographers at the NANOG conference to re-enable the slides over the Real Audio videostream. The slides were visible yesterday, but today they are not. Much of what the speakers say refer to the slides. More importantly it's much more useful using the video channel to see the slides than to seeing images of the speaker. Thanks for anything that can be done about this before the tutorials are over, and thanks for the awesome streaming job. Video and audio has been coming in great in Florida. pj __ Do you Yahoo!? Yahoo! Shopping - Send Flowers for Valentine's Day http://shopping.yahoo.com
Re: Streaming: Where are the Slides?
Date: Tue, 11 Feb 2003 10:28:19 -0800 (PST) From: PJ [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] I was curious if it was possible to ask the excellent videographers at the NANOG conference to re-enable the slides over the Real Audio videostream. The slides were visible yesterday, but today they are not. Much of what the speakers say refer to the slides. More importantly it's much more useful using the video channel to see the slides than to seeing images of the speaker. Thanks for anything that can be done about this before the tutorials are over, and thanks for the awesome streaming job. Video and audio has been coming in great in Florida. The slides are (almost) all available at the start of each talk in PDF. Go to http://www.nanog.org/mtg-0302/agenda.html. Select a talk that is about to begin (or has begun) and a pointer to the slides is at the end of the abstract. R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634
Re: Streaming dead again.
Eric, -- It has become appallingly obvious that our technology has exceeded our humanity. --Albert Einstein (1879-1955) On Tue, 11 Feb 2003, Eric Germann wrote: Date: Tue, 11 Feb 2003 11:51:06 -0500 From: Eric Germann [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Streaming dead again. Dying at merit.demarc.cogentco.com with 3561ms figures in traceroute. I start seeing packet loss one hop before that 10. g7.ba21.b002281-1.ord01.atlas.cogentco.com (around 10%) Could somebody from Cogent take look to see what is going on ? Thanks German
Re: Streaming: Where are the Slides?
On Tuesday, Feb 11, 2003, at 13:42 Canada/Eastern, Kevin Oberman wrote: The slides are (almost) all available at the start of each talk in PDF. Go to http://www.nanog.org/mtg-0302/agenda.html. Select a talk that is about to begin (or has begun) and a pointer to the slides is at the end of the abstract. I've been following like that, but it's not always obvious what slide is on the screen, particularly with the better speakers who talk around their slides rather than simply reading them out. I liked the mix of slides, speaker and audience that were happening yesterday. It would be much better if the output from the podium laptop was mixed directly into the video capture device, though, rather than being projected onto a screen and then captured with a camera. The latter approach makes the slides illegible in many cases. Joe
Re: Locating rogue APs
On Tue, Feb 11, 2003 at 11:27:28AM -0600, John Kristoff wrote: Apologies if this ends up on the list multiple times. I seem to have trouble getting this posted in a timely fashion. In general, MAC OUI designations may indicate a particular AP. IP multicast group participation may also be used by some APs. Some APs have a few unique ports open. Lastly, APs may be found with a radio on a particular default channel. All of these potentially identifying characteristics may be used to help audit the network for rogue IPs. Below is information on locating particular APs: Why are you posting this here? The information is somewhat incomplete/incorrect as well. Persons interested in finding rogue AP's would be much better off with a tool such as kismet that already identifies model/make of access points based on various datapoints (including the types you posted), as well as the ability to determine in where the AP is (pysically) with the use of a GPS unit. As a side benefit, it can make pretty maps. http://www.poptix.net/thehills.jpg John -- Matthew S. HallacyFUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Re: Locating rogue APs
On Tuesday, 2003-02-11 at 13:42 CST, Matthew S. Hallacy [EMAIL PROTECTED] wrote: On Tue, Feb 11, 2003 at 11:27:28AM -0600, John Kristoff wrote: In general, MAC OUI designations may indicate a particular AP. IP multicast group participation may also be used by some APs. Some APs have a few unique ports open. Lastly, APs may be found with a radio on a particular default channel. All of these potentially identifying characteristics may be used to help audit the network for rogue IPs. Why are you posting this here? The information is somewhat incomplete/incorrect as well. Persons interested in finding rogue AP's would be much better off with a tool such as kismet that already identifies model/make of access points based on various datapoints (including the types you posted), as well as the ability to determine in where the AP is (pysically) with the use of a GPS unit. It appears that kismet requires either someone to walk around the facility while running the program or that you have you have it installed on machines all over your site. Neither of those options interest me as a long term solution to rogue AP monitoring. It sounds like John is referring to using a network IDS system, maybe one per subnet, to try to infer from the wired (maybe) network traffic that an unwanted AP is connected to your wired network. Given that you may want to run such an IDS anyway, this could give you a decent start on handling rogues. Personally, I think the idea of checking radio traffic to be a more complete solution, but don't want to have to install a bunch of wireless machines all over the site to detect this. I'm really waiting for the AP vendors to incorporate a rogue detection system in the APs itself. This could solve the problem for those sites that have fully deployed APs. Tony Rall
Re: Locating rogue APs
On Tue, Feb 11, 2003 at 01:02:34PM -0700, Tony Rall wrote: It sounds like John is referring to using a network IDS system, maybe one per subnet, to try to infer from the wired (maybe) network traffic that an unwanted AP is connected to your wired network. Given that you may want Actually, the info was to meant to provide operators with very rudimentary AP tracking info that can mostly be done from the network devices. If someone has login access to a switch/router, you can use the MAC and IGMP address info to identify potential APs fairly easily at the CLI or via scripts. If there is incorrect or missing information, as I mentioned at the mic, I'd appreciate any updates. Feel free to send them to me via private email and I can send out an update if there is interest. John
OT: Re: Locating rogue APs
Sorry to waste more bandwidth on this, but there is a very good list at: http://fingerprint.unbolted.net/view.php which also includes the adapter information. Len On Tue, Feb 11, 2003 at 02:28:01PM -0600, John Kristoff wrote: [snip] Actually, the info was to meant to provide operators with very rudimentary AP tracking info that can mostly be done from the network devices. If someone has login access to a switch/router, you can use the MAC and IGMP address info to identify potential APs fairly easily at the CLI or via scripts. If there is incorrect or missing information, as I mentioned at the mic, I'd appreciate any updates. Feel free to send them to me via private email and I can send out an update if there is interest. John
Re: Streaming dead again.
How many folks are watching the multicast stream vs the unicast stream? Those watching the multicast stream really won't notice issues due to number of viewers. Perhaps the continuing degradation of the unicast stream is a bit of social engineering to get folks to move to multicast? If so, good for merit!