RE: spamcop.net?
As of this writing, theyre back up, albeit slowlythanks everyone who looked into this. Marc macronet.net At 19:54 3/3/03 -0700, you wrote: I cant get to them either and others cant as well. Multiple Image Corporation - www.multipleimage.com Hosting plans starting at only $4.95 per month -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of blitz Sent: Monday, March 03, 2003 7:41 PM To: [EMAIL PROTECTED] Subject: spamcop.net? Anyone having trouble getting to/ know of any issues with spamcop.net today? They seemed to have dropped off the radar from me... No pings No traceroute but they still show registered at 216.127.43.89 Tnx Marc macronet.net
Re: BGP to doom us all
U it's nice to be able to change routing information in a timely fashion without needing intensive therapy afterward. The idea isn't inherently bad, but I'd not want the current ARIN acting as a route registry. How would you feel about ARIN being the root of a registry hierarchy that works similar to the DNS? In that case, ARIN would not necessarily hold the route information, they would just be at the top of the search hierarchy just like the root name servers are at the top of the DNS hierarchy. ARIN would authoritatively identify the leaseholder of an address block and give you a pointer to that leaseholder's LDAP server where you could query for whatever info they have available. This could include route registry info. --Michael Dillon
Re: BGP to doom us all
On dinsdag, maa 4, 2003, at 10:26 Europe/Amsterdam, [EMAIL PROTECTED] wrote: How would you feel about ARIN being the root of a registry hierarchy that works similar to the DNS? In that case, ARIN would not necessarily hold the route information, they would just be at the top of the search hierarchy just like the root name servers are at the top of the DNS hierarchy. ARIN would authoritatively identify the leaseholder of an address block and give you a pointer to that leaseholder's LDAP server where you could query for whatever info they have available. So how are you going to reach the leaseholder's LDAP server if you're in the middle of checking their prefix to see if it's worthy of being included in your routing table?
Why replicate the DNS?
How would you feel about ARIN being the root of a registry hierarchy that works similar to the DNS? In that case, ARIN would not necessarily hold the route information, they would just be at the top of the search hierarchy just like the root name servers are at the top of the DNS hierarchy. ARIN would authoritatively identify the leaseholder of an address block and give you a pointer to that leaseholder's LDAP server where you could query for whatever info they have available. This could include route registry info. I don't know that the other RIRs would be willing to promote ARIN to the position once held by the IANA as the arbitor of all IP address space. That said, why replicate the DNS? Once this improved IP address registry catches on, then I would expect the root to move up to IANA but for now, IANA has delegated large chunks of address space to ARIN to administer. In any case, I don't want to replicate the DNS. It works just fine as it is and I want to leave it alone. I especially don't want to expand the role of the DNS by adding features to it. LDAP is a more general purpose directory protocol. It's expandable and there are lots of tools available to work with it. If you want to integrate your directory to the DNS you simply use your domain name as base of your hierarchy. But there is no reason why we couldn't integrate it to the IP address allocation hierarchy as well. The easiest way to start this is to come up with a standard LDAP schema to replace rwhois and move forward from there. I'm not suggesting that we all start running LDAP servers instead of DNS, but some people may find it useful to integrate the two even tighter using something like ldapdns http://www.nimh.org/code/ldapdns/ or ldap2dns http://ldap2dns.tiscover.com/ --Michael Dillon
Re: BGP to doom us all
On 28.02 18:13, Barry Raveendran Greene wrote: Now - show me an operational environment on the Internet were this authorization chain is _working_ today. RIRs and RADB do not count. As you mention before, those databases and keeping them up to date are a pulling teeth exercise. ... My opinion is that lazy operational practices are the single biggest threat to the Internet. What's the point of building security and robustness into a system when people choose not to turn it on? RIRs do count and the infrastructure to set up the chain is there. Address assignment and allocation is a quite formal and well recorded process these days. The address *allocationassignment* databases are in good shape for about the last 8 years. The fact that they are not in good shape for assignments from the good old days is true. But this is being actively worked on and one should not blow it up out of proportion. Deploying technologies like SBGP would of course provide additional incentives to record allocations and assignments and the resulting signing of certs even better. Daniel
Re: spamcop.net?
Thus spake Martin Hannigan [EMAIL PROTECTED] Not for nothing, but there's so much time wasted with all these diversified spam systems. Many of these systems have been shown to falsely flag non-spamming sites, and the more reliable ones unfortunately don't catch a majority of spammers. This leads to a system where administrators (or users) can locally tune preferences for the level of paranoia they wish to suffer from. This would not be possible if there were only one model or provider. I've been reading about Barry Shein's proposals and I have to say I am on board with a centralized -single- system based on his young, but intelligent, model. If there were any single, centralized organization I trusted to do my thinking for me, I'd agree. This is also the same problem that PKI faces. S Stephen Sprunk God does not play dice. --Albert Einstein CCIE #3723 God is an inveterate gambler, and He throws the K5SSSdice at every possible opportunity. --Stephen Hawking
Re: spamcop.net?
The only disadvantage I see, is a single point of failure, and a point for concentration of attacks. Marc At 13:14 3/4/03 -0600, you wrote: Thus spake Martin Hannigan [EMAIL PROTECTED] Not for nothing, but there's so much time wasted with all these diversified spam systems. Many of these systems have been shown to falsely flag non-spamming sites, and the more reliable ones unfortunately don't catch a majority of spammers. This leads to a system where administrators (or users) can locally tune preferences for the level of paranoia they wish to suffer from. This would not be possible if there were only one model or provider. I've been reading about Barry Shein's proposals and I have to say I am on board with a centralized -single- system based on his young, but intelligent, model. If there were any single, centralized organization I trusted to do my thinking for me, I'd agree. This is also the same problem that PKI faces. S Stephen Sprunk God does not play dice. --Albert Einstein CCIE #3723 God is an inveterate gambler, and He throws the K5SSSdice at every possible opportunity. --Stephen Hawking
Re: spamcop.net?
Thus spake Martin Hannigan [EMAIL PROTECTED] Not for nothing, but there's so much time wasted with all these diversified spam systems. Many of these systems have been shown to falsely flag non-spamming sites, and the more reliable ones unfortunately don't catch a majority of spammers. So true. We have a colo client who is a domain name registrar that (curiously) parks expired domains on their servers here... basically saying this domain available (with something of a whowas database showing the last domain holder.) Last I checked over 500,000 expired domains are parked there. Anyway, if I had a buck for every time some spammer used one of these expired domains for a bogus unsubscribe URL or From: address I would be able to retire by now. Quite comfortably. I have thousands of auto-generated complaints from Spamcop, pointing to these domains as being spamvertised... and a /25 seemingly forever blacklisted by spews due to this 'false flag' situation. Yes, I have plead my case on news.admin.net-abuse.email ... but as we all know due process is not involved when on trial by spews. I have a semi-auto reply now to explain the situation to Spamcop subscribers, but I doubt any of them read it, and I know no attempt is made to verify or prevent this event from repeating ad infinitum. -- Chuck Goolsbee V.P. Technical Operations _ digital.forest Phone: +1-877-720-0483, x2001 where Internet solutions grow Int'l: +1-425-483-0483 19515 North Creek ParkwayFax: +1-425-482-6871 Suite 208 http://www.forest.net Bothell, WA 98011email: [EMAIL PROTECTED]
nntp peering question
Just a brief question. For people wishing to nntp peer, is the usenet peering page still used as a resource or is that out of date? Thanks
Re: spamcop.net?
On Tue, Mar 04, 2003 at 02:52:06PM -0500, blitz wrote: The only disadvantage I see, is a single point of failure, and a point for concentration of attacks. Marc Also, it centralizes POWER! There are many different lists with different policies and criteria. Some are based on technically verifiable issues (I can prove that x.y.z.q is a promiscuous relay), some are based on the attitude of the owner of the domain name or netblock, some on past record. You can pick and choose which one(s) meet the needs of your network and operation. Using these lists is a policy question for the network, and I would not like some external, probably unaccountable single point of policy. At 13:14 3/4/03 -0600, you wrote: Thus spake Martin Hannigan [EMAIL PROTECTED] Not for nothing, but there's so much time wasted with all these diversified spam systems. Many of these systems have been shown to falsely flag non-spamming sites, and the more reliable ones unfortunately don't catch a majority of spammers. This leads to a system where administrators (or users) can locally tune preferences for the level of paranoia they wish to suffer from. This would not be possible if there were only one model or provider. I've been reading about Barry Shein's proposals and I have to say I am on board with a centralized -single- system based on his young, but intelligent, model. If there were any single, centralized organization I trusted to do my thinking for me, I'd agree. This is also the same problem that PKI faces. S Stephen Sprunk God does not play dice. --Albert Einstein CCIE #3723 God is an inveterate gambler, and He throws the K5SSSdice at every possible opportunity. --Stephen Hawking -- -=[L]=-
Re: spamcop.net?
Bravo, Lou! Anyway, one of the *virtues* of the Net has always been its anarchic and chaotic nature. Trying to set things into neat, regimented lines will get us back to the OSI way of doing things. I revile spammers, hate spam, and throw out tons of it; but I'd hate regimentation and central authority yet more. Peter --- Peter H. Salus Chief Knowledge Officer, Matrix NetSystems Ste. 3005001 Plaza on the LakeAustin, TX 78746 +1 512 697-0613 ---
Re: spamcop.net?
[EMAIL PROTECTED] (Martin Hannigan) writes: I applaud RBL, spamcop, etc., but without funding and consolidation, it's another waste of offensive time that could be spent on a far more effective defense. i had no idea that MAPS was unfunded. do tell. -- Paul Vixie