Re: good networking
Despite very old recommendations, the Iraqi state provider Uruklink.net kept all of its name servers on the same subnet. Although this is recognized as a poor design, many domain name server operators worldwide do the same thing. nic1.baghdadlink.net. 2D IN A 62.145.94.1 nic2.baghdadlink.net. 2D IN A 62.145.94.2 The way how I see this that there is hardly any incentive to do proper placement of nameservers. The pain inflicted if something goes wrong is minimal unless you are a billion dollar company doing millions of online transactions. And if something goes wrong and you still fly, maybe a very tiny fraction of the population will appreciate that you did your homework. The above applies to many other good networking practises than DNS related ones. It can also be said that maybe the above addresses are carried as /32 inside the destination AS. They might not be on the same subnet. If the number of domains having DNSĀ“s in the same subnet is large, the number of domains dependent on a single AS for their DNS service is even greater. As you all well know, the usual excuse to do poor job is being too busy to do it properly and if failures come every year or two, this might just hold water. Pete
Re: how to get people to upgrade? (Re: The weak link? DNS)
so here's a proposal. we (speaking for ISC here) could add a config option (default to OFF) to make bind send some kind of registration packet at boot time, containing an e-mail address for a technical contact for that server, and perhaps its hostname as well. the destination would be configurable, and the format would be open, and we would include in the distribution a tool capable of catching these. any campus/WAN admin who wanted to run their own BIND registration system could do so. anyone who wanted to simply config their server to send registration data to ISC could do so. for data received at ISC, we'd (a) keep it completely private other than public statistics, (b) clean it of obvious trash (some people will sent registration data for [EMAIL PROTECTED] just for fun; we know that), and (c) use the contact information only in the event that a security defect discovered in that version. remember, the default would be OFF. Isn't the problem with this that in order to get the code out, people need to upgrade and you therefor risk ending up with only notifying the people that upgrade anyway? - kurtis -
Curing the BIND pain
Let's assume that BIND has a way to know when it is dangerously out of date. The mechanism used would be up to ISC and I'll admit that it would probably involve some sort of DNS records in an ISC-run domain because that's the only way that has a high likelihood of working given the number of firewalls and caching nameservers that may be between a given BIND box and ISC. Seems to me that ISC has always maintained that there are two version numbers, one 4.x and one 8.x, that are always the oldest ones you can run and still be secure against known exploits. So the info stored in the ISC DNS server really doesn't need to be more than those two version numbers. OK, now assume that we have a BIND server which has detected that it is out of date and at risk of attack. What should it do? Well, first of all, what would a human being do if if realised that it was at risk of attack and they had no means of contacting their friends or the police. A child might cry out and an adult might yell for help in case someone was near enough to hear. BIND is in a similar situation. It doesn't know if there is anyone looking after it but it is hurting, so let's make it cry out. I suggest that an appropriate technique would be for the BIND server to originate traffic on it's local subnet that would look suspicious and possibly trigger intrusion alarms. Send out some packets to the broadcast address. Do some portscanning of all addresses on the subnet. Find any open port 80 and retrieve a URL containing BIND/server/at/10.7.7.1/has/security/vulnerability, find any open port 25 and send email to postmaster containing the same message, etc. Not enough traffic to be a DoS but enough to show up in various logs in case someone is looking at some of them. Even then, this is still a string and sealing wax solution. It's situations like this that demonstrate just how primitive our supposedly high technology really is. --Michael Dillon
Re: Both Iraqi state provider Uruklink.net name servers offline
Someone has apparently hacked the Uruklink.net DNS server, and is trying to redirect visitors to a third-party 9-11 memorial site. The Uruklink.net site is still generally available via its IP address: http://62.145.94.111 Details here: http://www.pc-radio.com/uruklink-0wned.html Brian At 02:57 AM 3/27/2003, Sean Donelan wrote: Despite very old recommendations, the Iraqi state provider Uruklink.net kept all of its name servers on the same subnet. Although this is recognized as a poor design, many domain name server operators worldwide do the same thing. nic1.baghdadlink.net. 2D IN A 62.145.94.1 nic2.baghdadlink.net. 2D IN A 62.145.94.2 The nic2 (62.145.94.2) has been offline for over a week. Yesterday the remaining name server nic1 (62.145.94.1) was running an old version of bind (8.1.2). It was returning obviously bogus answers to queries. In the last 24 hours, the name server application on nic1 (62.145.94.1) went offline. The server is online (responds to pings), but neither tcp or udp port 53 responds. The name server application may have crashed, been trashed, or shutdown by the system administrator.
Re: Curing the BIND pain
In the immortal words of [EMAIL PROTECTED] ([EMAIL PROTECTED]): I suggest that an appropriate technique would be for the BIND server to originate traffic on it's local subnet that would look suspicious and possibly trigger intrusion alarms. Good lord. I'm a little stuck for a proper analogy for this. A car that helpfully starts emitting noxious smoke to let you know that it's time for a tune-up? A refridgerator that drips bleach into your vegetable drawers to remind you to replace the coolant? An answering machine that replaces the outgoing message with a stream of profanities to alert callers that the incoming message tape is full? If people are so concerned about BIND's security that they're willing to seriously consider implementing ideas like this, why are they not willing to either consider replacing BIND with DNS software that is secure by design (*cough* *cough*), or paying the ISC to produce a properly secured BIND? The solution to the Ford Pinto problem was not to recommend that people duct-tape sofa cushions and homemade warning lights to the back bumper. -n [EMAIL PROTECTED] Thus do `Snuff Movies' take their place with `Political-Correctness,' `Sex Addiction,' and `Postmodernism' as Godzillas of bogus moral panic, always threatening to crush the nation in their jaws, but never quite willing to take the final step of biting down.(--www.suck.com) http://blank.org/memory/
aljazeera.net domain owned.
Hello, aljazeera.net domain owned. Per what the Chief Editor of www.aljazeera.net told me in the phone a while ago the domain isn't in their control anymore. all the info got changed and they are wondering how did this happen. A visit to the website now would explian it all. Thanks, -Abdullah
Re: aljazeera.net domain owned.
On Thu, Mar 27, 2003 at 07:14:13PM +0300, Abdullah Ibn Hamad Al-Marri wrote: Hello, aljazeera.net domain owned. from whois.crsnic.net seems the nameservers are pointing to NSx.MYDOMAIN.COM verisign whois gives diffrent nameservers. could it be that someone hijacked the domain off verisign (and they fixed it) or what other possibilites could have happened there ? -Subhi -- Subhi S Hashwa *** [EMAIL PROTECTED] --- When everything's coming your way, you're in the wrong lane.
Re: aljazeera.net domain owned.
according to the nsi retail interface, the contacts are: jazeera space channel tv station (account holder) mj alaliaj7476 (administrative contact) (they are not one of my retail or wholesale customers, and i'm not operational as a com/net registrar, yet.) it is simple enough for them to change the .com zone ns records for their SLD. folks wanting to move the data from nanog to a web page, just sent it to me, i'll add it as an annex to my what little i know about .iq page, at nic-iq.nic-naa.net eric
Re: Curing the BIND pain
On Thu, 27 Mar 2003 [EMAIL PROTECTED] wrote: I suggest that an appropriate technique would be for the BIND server to originate traffic on it's local subnet that would look suspicious and possibly trigger intrusion alarms. Send out some packets to the broadcast address. Do some portscanning of all addresses on the subnet. Find any open port 80 and retrieve a URL containing BIND/server/at/10.7.7.1/has/security/vulnerability, find any open port 25 and send email to postmaster containing the same message, etc. Better yet, why not just have it print to console BIND INSECURE, UPGRADE, SHUTTING DOWN THE SERVER NOW and then halt? Far more likely to get noticed. Not enough traffic to be a DoS but enough to show up in various logs in case someone is looking at some of them. If you have somebody looking a firewall or IDS logs, you won't need to be told to upgrade bind. Besides, plenty of networks who do stay current on application security would miss a little pretend DOS. The best solutions I can come up with all revert to the undesired stop working solution, in effect. My favorite notion, which I didn't even suggest because of Paul's mandate that the solution not involve breaking bind, would be to return, in response to every query, the IP address of a special website that says THE VERSION OF BIND ON YOUR NAMESERVERS IS VULNERABLE or whatever, and include instructions on how to upgrade. Sure, it will break everything except http, and flood this webserver with a ridiculous amount of unwanted traffic (bgp anycast with filtering everything not destined for port 80, to help stem that a little?), but at least people will know why nothing is working, once they fire up a browser. Looming large, of course, is the fact that people would have to upgrade to get any of this security upgrade functionality. So we'd really be only partially solving a problem in which we won't see any benefit for years to come, which is usually enough impetus to kill a project these days. Andy Andy Dills 301-682-9972 Xecunet, Inc. www.xecu.net Dialup * Webhosting * E-Commerce * High-Speed Access
Re: aljazeera.net domain owned.
On Thu, 27 Mar 2003, Abdullah Ibn Hamad Al-Marri wrote: aljazeera.net domain owned. Per what the Chief Editor of www.aljazeera.net told me in the phone a while ago the domain isn't in their control anymore. all the info got changed and they are wondering how did this happen. Probably one of the usual methods. Al Jazeera forgot (or the security consultant Al Jazeera hired) to implement approriate security controls for their domain records, and someone forged a registry update. This has happened in the past to numerous other domains, such as AOL.COM, SEX.COM and others. There are several levels of security controls a domain name holder can optionally use. The default level of security is extremely low, and easily spoofed. The domain name holder must take steps to implement additional security controls. Unfortunately, relatively few domain name holders take those additional steps, leaving their domain names vulnerable to unauthorized updates. It appears Al Jazeera is learning the same lessons that other highly visible web sites, e.g. Ebay, CNN, MSNBC, Yahoo, etc, learned years ago. If Al Jazeera doesn't have the in-house expertise to maintain its service, I'm sure there are numerous consulting firms looking for business which could assist them for a moderate fee.
Verizon mail server on MAPS RSS list
We've got customers trying to receive email from people using Verizon for Internet acess, and we are rejecting that mail because out013pub.verizon.net [206.46.170.44] is on the MAPS RSS list. Can't pull up the MAPS RSS website at the moment to check why. Anyone know contact info for Verizon for this kind of issue? Thanks. Josh -- Josh Gentry (Call me Gentry.) [EMAIL PROTECTED] * [EMAIL PROTECTED] * 505-232-7992
burst.net DDoS?
Hey, I've got a several domains hosted on bursts IP space and currently they are getting about 35-45% packet loss. Does anyone have any idea what is going on? I've tried calling them but to no avail sadly enough. Cheers Danny Network Security Engineer PGP Print: C6AD B205 E3C6 38AB 0164 6604 66F5 CCFC F4ED F1E0 PGP Key: http://akasha.irt.drexel.edu/danny.asc
RE: burst.net DDoS?
I believe they dropped their ATT circuit the other day and I've heard that they're being DDoS'd over their Level3 circuit at the moment. You probably just have to sit tight until they get things resolved. Unfortunately these types of incidents are all too common with Burst/Nocster. Todd -- | -Original Message- | From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of | Danny | Sent: Thursday, March 27, 2003 3:47 PM | To: '[EMAIL PROTECTED]' | Subject: burst.net DDoS? | | | Hey, I've got a several domains hosted on bursts IP space and currently | they are getting about 35-45% packet loss. Does anyone have any idea what | is going on? I've tried calling them but to no avail sadly enough. | | Cheers | Danny | Network Security Engineer | PGP Print: C6AD B205 E3C6 38AB 0164 6604 66F5 CCFC F4ED F1E0 | PGP Key: http://akasha.irt.drexel.edu/danny.asc |
Re: Verizon mail server on MAPS RSS list
On Thu, 27 Mar 2003 13:40:00 -0700 Josh Gentry [EMAIL PROTECTED] wrote: We've got customers trying to receive email from people using Verizon for Internet acess, and we are rejecting that mail because out013pub.verizon.net [206.46.170.44] is on the MAPS RSS list. Can't pull up the MAPS RSS website at the moment to check why. Anyone know contact info for Verizon for this kind of issue? maps RSS is open relays. try the abuse.net relay tester on the BL'd IP and see what it turns up, http://www.abuse.net/relay.html richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re: burst.net DDoS?
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Danny, Thursday, March 27, 2003, 3:46:40 PM, you wrote: D Hey, I've got a several domains hosted on bursts IP space and currently they are getting about 35-45% packet loss. Does anyone have any idea what is going on? I've tried calling them but to no D avail sadly enough. According to their forum: http://forums.burst.net/showthread.php?s=3e809757b36df1541d1bd78ca8e87f45threadid=377 They are having problems with their Sprint connection. According to the rumor mill, they are being DoS'd, yet again. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org http://www.hosthideout.com -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPoNm+ykg6TAvIBeFAQHfbAQAs3E0hZ+U8xbPxhRT7wEIbMK+isG6WxD0 L2GlX+r7sBEkwmaAj9mekkTfkF2hMdn6pOsgeSuTVlelufJ1aefIUN8+MLuZkdnF 8FJyF6HGw3JdpsRKPbtCoGWVF6BJ16qFCSW8j9igMFvVO/RzaGdlW0kzz+omGXn2 HB+UCCOTcmY= =m/kN -END PGP SIGNATURE-
Re: Verizon mail server on MAPS RSS list
At 03:59 PM 3/27/2003 -0500, Richard Welty wrote: On Thu, 27 Mar 2003 13:40:00 -0700 Josh Gentry [EMAIL PROTECTED] wrote: We've got customers trying to receive email from people using Verizon for Internet acess, and we are rejecting that mail because out013pub.verizon.net [206.46.170.44] is on the MAPS RSS list. Can't pull up the MAPS RSS website at the moment to check why. Anyone know contact info for Verizon for this kind of issue? maps RSS is open relays. try the abuse.net relay tester on the BL'd IP and see what it turns up, http://www.abuse.net/relay.html Looks like that IP is on quite a few lists actually... http://rbls.org/?q=206.46.170.44 Must be a very abused Verizon mail server, possibly one of many... Vinny Abello Network Engineer Server Management [EMAIL PROTECTED] (973)300-9211 x 125 (973)940-6125 (Direct) PGP Key Fingerprint: 3BC5 9A48 FC78 03D3 82E0 E935 5325 FBCB 0100 977A Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com (888)TELLURIAN There are 10 kinds of people in the world. Those who understand binary and those that don't.
Re: aljazeera.net domain owned.
Earlier today I logged a disparity between the NSI web whois interface and the whois commandline interface outputs (http://nic-iq.nic-naa.net, bottom of page). I sent mail to two contacts inside Verisign, and at 4:30pm EST, the hijack appears to be over, at least as far as NS records are concerned.
Re: aljazeera.net domain owned.
Hmm - don't think so - although nothing is up there - www.aljazeera.net resolves to 127.0.0.1. This is from the MYDOMAIN.COM nameservers listed as the auth for this domain: ; DiG 8.2 ns aljazeera.net @b.gtld-servers.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4 ;; QUERY SECTION: ;; aljazeera.net, type = NS, class = IN ;; ANSWER SECTION: aljazeera.net. 2D IN NSNS4.MYDOMAIN.COM. aljazeera.net. 2D IN NSNS1.MYDOMAIN.COM. aljazeera.net. 2D IN NSNS2.MYDOMAIN.COM. aljazeera.net. 2D IN NSNS3.MYDOMAIN.COM. ;; ADDITIONAL SECTION: NS4.MYDOMAIN.COM. 2D IN A 63.251.83.74 NS1.MYDOMAIN.COM. 2D IN A 64.94.117.195 NS2.MYDOMAIN.COM. 2D IN A 216.52.121.228 NS3.MYDOMAIN.COM. 2D IN A 66.150.161.130 ;; Total query time: 80 msec ;; FROM: LAIR.LION to SERVER: b.gtld-servers.net 192.33.14.30 ;; WHEN: Thu Mar 27 16:38:14 2003 ;; MSG SIZE sent: 31 rcvd: 179 LAIR$ dig www.aljazeera.net @ns1.mydomain.com ; DiG 8.2 www.aljazeera.net @ns1.mydomain.com ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUERY SECTION: ;; www.aljazeera.net, type = A, class = IN ;; ANSWER SECTION: www.aljazeera.net. 2M IN A 127.0.0.1 ;; AUTHORITY SECTION: aljazeera.net. 2M IN NSns1.mydomain.com. aljazeera.net. 2M IN NSns2.mydomain.com. aljazeera.net. 2M IN NSns3.mydomain.com. aljazeera.net. 2M IN NSns4.mydomain.com. ;; ADDITIONAL SECTION: ns1.mydomain.com. 30M IN A64.94.117.195 ns2.mydomain.com. 30M IN A216.52.121.228 ns3.mydomain.com. 30M IN A66.150.161.130 ns4.mydomain.com. 30M IN A63.251.83.74 ;; Total query time: 117 msec ;; FROM: LAIR.LION to SERVER: ns1.mydomain.com 64.94.117.195 ;; WHEN: Thu Mar 27 16:38:28 2003 ;; MSG SIZE sent: 35 rcvd: 199 - Original Message - From: Eric Brunner-Williams in Portland Maine [EMAIL PROTECTED] To: Sean Donelan [EMAIL PROTECTED] Cc: Abdullah Ibn Hamad Al-Marri [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 15:30 Subject: Re: aljazeera.net domain owned. Earlier today I logged a disparity between the NSI web whois interface and the whois commandline interface outputs (http://nic-iq.nic-naa.net, bottom of page). I sent mail to two contacts inside Verisign, and at 4:30pm EST, the hijack appears to be over, at least as far as NS records are concerned.
Re[2]: Verizon mail server on MAPS RSS list
On Thu, 27 Mar 2003 13:24:06 -0800 (PST) Jay Hennigan [EMAIL PROTECTED] wrote: Verizon allows anyone who forges an @verizon.net From: address to relay through their servers. This behavior is intentional. ah. then they will find it challenging to get off of anybody's open relay list. richard (just fixed one of those types of open relay at a customer's site) -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re: aljazeera.net domain owned.
Looks like 213.30.180.218 allows unrestricted zone transfers. ls -d ALJAZEERA.NET. [[213.30.180.218]] $ORIGIN aljazeera.net. @ 15M IN SOA ns3 dnsadmin.nav-link.net. ( 2003032706 ; serial 3H ; refresh 1H ; retry 1W ; expiry 15M ) ; minimum 15M IN NS ns1sa.navlink.com. 15M IN NS ns3 15M IN MX 10 mail 15M IN A213.30.180.219 ns3 15M IN A213.30.180.218 admin 15M IN A213.30.180.219 synadmin15M IN A213.30.180.220 english 15M IN A213.30.180.219 jazad01 15M IN A213.30.180.220 wrc 15M IN A213.30.180.222 jazad02 15M IN A213.30.180.220 cm 15M IN A213.130.180.216 syndication 15M IN A213.30.180.220 jazad 15M IN A213.30.180.220 mail15M IN A64.110.61.12 www 15M IN CNAME@ bm 15M IN A213.30.180.221 www115M IN A213.30.180.219 www215M IN A213.30.180.219 ftp 15M IN CNAME@ stats 15M IN A213.30.180.222 users 15M IN A213.30.180.219 @ 15M IN SOA ns3 dnsadmin.nav-link.net. ( 2003032706 ; serial 3H ; refresh 1H ; retry 1W ; expiry 15M ) ; minimum Handy to do a quick update on any servers doing recursion. ---Mike At 03:48 PM 27/03/2003 -0600, John Palmer wrote: Hmm - don't think so - although nothing is up there - www.aljazeera.net resolves to 127.0.0.1. This is from the MYDOMAIN.COM nameservers listed as the auth for this domain: ; DiG 8.2 ns aljazeera.net @b.gtld-servers.net ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr rd; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4 ;; QUERY SECTION: ;; aljazeera.net, type = NS, class = IN ;; ANSWER SECTION: aljazeera.net. 2D IN NSNS4.MYDOMAIN.COM. aljazeera.net. 2D IN NSNS1.MYDOMAIN.COM. aljazeera.net. 2D IN NSNS2.MYDOMAIN.COM. aljazeera.net. 2D IN NSNS3.MYDOMAIN.COM. ;; ADDITIONAL SECTION: NS4.MYDOMAIN.COM. 2D IN A 63.251.83.74 NS1.MYDOMAIN.COM. 2D IN A 64.94.117.195 NS2.MYDOMAIN.COM. 2D IN A 216.52.121.228 NS3.MYDOMAIN.COM. 2D IN A 66.150.161.130 ;; Total query time: 80 msec ;; FROM: LAIR.LION to SERVER: b.gtld-servers.net 192.33.14.30 ;; WHEN: Thu Mar 27 16:38:14 2003 ;; MSG SIZE sent: 31 rcvd: 179 LAIR$ dig www.aljazeera.net @ns1.mydomain.com ; DiG 8.2 www.aljazeera.net @ns1.mydomain.com ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 4 ;; QUERY SECTION: ;; www.aljazeera.net, type = A, class = IN ;; ANSWER SECTION: www.aljazeera.net. 2M IN A 127.0.0.1 ;; AUTHORITY SECTION: aljazeera.net. 2M IN NSns1.mydomain.com. aljazeera.net. 2M IN NSns2.mydomain.com. aljazeera.net. 2M IN NSns3.mydomain.com. aljazeera.net. 2M IN NSns4.mydomain.com. ;; ADDITIONAL SECTION: ns1.mydomain.com. 30M IN A64.94.117.195 ns2.mydomain.com. 30M IN A216.52.121.228 ns3.mydomain.com. 30M IN A66.150.161.130 ns4.mydomain.com. 30M IN A63.251.83.74 ;; Total query time: 117 msec ;; FROM: LAIR.LION to SERVER: ns1.mydomain.com 64.94.117.195 ;; WHEN: Thu Mar 27 16:38:28 2003 ;; MSG SIZE sent: 35 rcvd: 199 - Original Message - From: Eric Brunner-Williams in Portland Maine [EMAIL PROTECTED] To: Sean Donelan [EMAIL PROTECTED] Cc: Abdullah Ibn Hamad Al-Marri [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Thursday, March 27, 2003 15:30 Subject: Re: aljazeera.net domain owned. Earlier today I logged a disparity between the NSI web whois interface and the whois commandline interface outputs (http://nic-iq.nic-naa.net, bottom of page). I sent mail to two contacts inside Verisign, and at 4:30pm EST, the hijack appears to be over, at least as
Re: Problems on internet today ?
On Thu, 27 Mar 2003, James-lists wrote: Are others seeing latency and slow or stalled web pages today ? I opened a ticket with my provider, who indicates they are seeing problems with many of their peers. I am seeing very increased RTT to all the points I usually trace to. The latency does start past my provider, after they hand off to others, and is not specific to one major provider. As far as I can tell, none of the providers I checked (att, cw, mfn, sprint, earthlink) is currently reporting any problems. Matrix Systems (average.miq.net) shows a long-term trend of increasing latency and packet loss, but nothing significant yet. Keynote Systems is showing a couple of pockets of problems (phoenix, dallas), but nothing systemic across providers.
Re: Problems on internet today ?
Thanks Sean. Sorry for the general fishing and vagueness of my post. Finally I have gotten some answers from my upstreams so I have a better idea of which gateways to prefer my traffic in out. James Edwards Routing and Security [EMAIL PROTECTED] At the Santa Fe Office: Internet at Cyber Mesa
Re: Verizon mail server on MAPS RSS list
On Thu, 27 Mar 2003, Josh Gentry wrote: We've got customers trying to receive email from people using Verizon for Internet acess, and we are rejecting that mail because out013pub.verizon.net [206.46.170.44] is on the MAPS RSS list. Can't pull up the MAPS RSS website at the moment to check why. Anyone know contact info for Verizon for this kind of issue? MAPS RSS is a list of open relays, no? It's a pretty good guess that the above mentioned server is therefore an open relay...and it's a correct one in this case. http://www.njabl.org/cgi-bin/lookup.cgi?query=206.46.170.44 http://openrbl.org/ip/206/46/170/44.htm If you're going to use a dnsbl, anybody's dnsbl, figure out how to whitelist first (or real soon after), because this sort of thing will happen from time to time. -- Jon Lewis [EMAIL PROTECTED]| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Verizon mail server on MAPS RSS list
[EMAIL PROTECTED] wrote: If you're going to use a dnsbl, anybody's dnsbl, figure out how to whitelist first (or real soon after), because this sort of thing will happen from time to time. Or learn how to tell people that spam is evil and under no circumstances will you accept spam from a system that sends it out in mass volume. If an AS became insecure and could start allowing anyone to setup new netbock advertisements from it, you would filter out the AS. If it was small, you might hardcode in the valid netblocks, but when it's a large AS, you tend just to shut it all down. Such is the way with smtp. -- -Jack
Iraq Telecom Facility
MSNBC just reported that 2 Iraq 'Telecom Facilities' were bombed. Anyone know if this is having further reaching effects on the PSTN/Internet in that region? Don't see a url on MSNBC or CNN yet. Jeff -- Jeffrey Meltzer Network Services Manager ICS/VillageWorld 631.218.0700 x100
Re: Problems on internet today ?
On Thu, 27 Mar 2003, James-lists wrote: Thanks Sean. Sorry for the general fishing and vagueness of my post. Finally I have gotten some answers from my upstreams so I have a better idea of which gateways to prefer my traffic in out. For completeness, I was later informed Level 3 had a fiber cut between New York City and Washington DC earlier today.