Re: IPv6

[Petri Helenius]

 
 Why not use the highest-order 32 bits of an IPv6 address for
 interdomain routing... i.e., overlay them on IPv4 addresses
 and/or a 32-bit ASN?  Yes, it smells of classful routing.  Call
 me shortsighted, but how many billion interdomain routing
 policies do we really need?
 

One word; multihoming.

Pete

Re: IPv6

[Nick Hilliard]

Andy Dills wrote:
 Am I the only one that thinks IPv6 is a minimum of ten years out
 before you see actual non-geek demand?

It will probably happen before that.  The Japanese government
requirement that all businesses be fully ipv6 compliant before 2005 is
certainly going to have a major impact on vendor ipv6 implementations,
from the core to the desktop  So while you may not get 30Mpps on your
backbone router, you're probably not going to be stuck with a white
elephant rate-limited to 200Kpps either.  One day, you may even be able
to run an ipv6-only desktop from vendor M, who knows?

From one perspective (and not necessarily the best, or even a remotely
accurate one), all it's going to take is for Microsoft and a bunch of
NAS  ADSL equipment vendors to implement stable ipv6 edge connectivity
and to prefer  over A records.  Once this happens, there will be
demand from customers by default, and this may create enough of a
business case to justify more infrastructural spending on ipv6.  This
would help those providers who have a partial ipv6 deployment in their
core, and may bootstrap the uptake process for those who haven't
bothered looking at it yet.

I'm a bit more optimistic about its take-up these days, mainly because
support from the desktop and the network edge is going to be the main
driving factor, and because this is probably going to become much more
widespread from now on.

Nick

The Cidr Report

[cidr-report]

This report has been generated at Fri Jun 13 21:46:40 2003 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.

Check http://www.cidr-report.org/as4637 for a current version of this report.

Recent Table History
Date  PrefixesCIDR Agg
06-06-03122422   87154
07-06-03122772   87221
08-06-03122836   87199
09-06-03122724   87175
10-06-03122603   87211
11-06-03122581   87288
12-06-03122787   87267
13-06-03122864   87343


AS Summary
 15267  Number of ASes in routing system
  6029  Number of ASes announcing only one prefix
  1520  Largest number of prefixes announced by an AS
AS701  : ALTERNET-AS UUNET Technologies, Inc.
  73222912  Largest address span announced by an AS (/32s)
AS568  : SUMNET-AS DISO-UNRRA


Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as 
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').

 --- 13Jun03 ---
ASnumNetsNow NetsAggr  NetGain   % Gain   Description

Table 122896873333556328.9%   All ASes

AS7132  1016  228  78877.6%   SBIS-AS SBC Internet Services
   - Southwest
AS11305  647  137  51078.8%   INTERLAND-NET1 Interland
   Incorporated
AS701   1520 1076  44429.2%   ALTERNET-AS UUNET
   Technologies, Inc.
AS7843   618  174  44471.8%   ADELPHIA-AS Adelphia Corp.
AS4323   602  179  42370.3%   TW-COMM Time Warner
   Communications, Inc.
AS7018  1341  933  40830.4%   ATT-INTERNET4 ATT WorldNet
   Services
AS3908   896  527  36941.2%   SUPERNETASBLK SuperNet, Inc.
AS4755   397   79  31880.1%   VSNL-AS Videsh Sanchar Nigam
   Ltd. Autonomous System
AS1221  1077  768  30928.7%   ASN-TELSTRA Telstra Pty Ltd
AS4355   398  111  28772.1%   ERMS-EARTHLNK EARTHLINK, INC
AS6197   493  207  28658.0%   BATI-ATL BellSouth Network
   Solutions, Inc
AS6198   468  184  28460.7%   BATI-MIA BellSouth Network
   Solutions, Inc
AS22927  298   15  28395.0%   AR-TEAR2-LACNIC TELEFONICA DE
   ARGENTINA
AS1239   956  674  28229.5%   SPRINTLINK Sprint
AS6347   364   91  27375.0%   DIAMOND SAVVIS Communications
   Corporation
AS27364  312   82  23073.7%   ACS-INTERNET Armstrong Cable
   Services
AS17676  250   24  22690.4%   GIGAINFRA XTAGE CORPORATION
AS22773  2188  21096.3%   CCINET-2 Cox Communications
   Inc. Atlanta
AS209494  302  19238.9%   ASN-QWEST Qwest
AS17557  339  159  18053.1%   PKTELECOM-AS-AP Pakistan
   Telecom
AS705509  332  17734.8%   ALTERNET-AS UUNET
   Technologies, Inc.
AS2048   259   88  17166.0%   LANET-1 State of Louisiana
AS2386   402  235  16741.5%   INS-AS ATT Data
   Communications Services
AS6327   189   24  16587.3%   SHAWFIBER Shaw Fiberlink
   Limited
AS13601  205   46  15977.6%   ASN-INNERHOST Innerhost, Inc.
AS4200   178   21  15788.2%   AGIS-NET Apex Global
   Information Services, Inc.
AS690448  293  15534.6%   MERIT-AS-27 Merit Network Inc.
AS20115  462  310  15232.9%   CHARTER-NET-HKY-NC Charter
   Communications
AS3602   226   78  14865.5%   SPRINT-CA-AS Sprint Canada
   Inc.
AS2686   256  111  14556.6%   AS2686 ATT Global Network
   Services - EMEA

Total  15838 7496 834252.7%   Top 30 total


Possible Bogus Routes

24.2.128.0/21AS6478  ATT-INTERNET3 ATT WorldNet Services
24.7.10.0/24 AS6478  ATT-INTERNET3 ATT WorldNet 

Re: IPv6

[Nick Hilliard]

 Mind that some of the major content so(u)rcerers will have to adopt
 their Bind 4.x hacks from the last century to make their DNS respond 
 to 4A queries instead of just timing out as they do today ;) 

To be fair, this is much less of a problem now than before.  Setting a
preference for quad-A is now generally feasible, whereas a year ago, it
involved daily teeth-gnashing and hair removal.

There are a pile of things to fix, including this, and ospfv3 and
core-router packet switching rates and end-user dns requests over ipv6
and stable end-user ipv6 stacks which don't bsod or panic all over the
place, and so on and so forth.  This is why the Japanese government is
so important for the uptake of ipv6 globally: it's going to force a
population of 130 million highly-wired people to use ipv6 for everyday
network connectivity, which is going to 1) wring most of these problems
out and 2) cause large vendor software systems to be made ipv6-aware. 
These are good things.

Nick

Re: anyone has netrange - cidr conversion script to share?

[Stephane Bortzmeyer]

On Wed, Jun 11, 2003 at 11:12:54PM -0700,
 [EMAIL PROTECTED] [EMAIL PROTECTED] wrote 
 a message of 12 lines which said:

  Does anyone here has a script (or perl procedure) for converting range 
 of ips (i.e. 10.0.0.0 - 10.0.2.255) into cidr (i.e. result would be 
 10.0.0.0/23,10.0.2.0/24 from the example before). 

netmask (available as a Debian package or a FreeBSD port)

~ % netmask -c 10.0.0.0:10.0.2.255 
   10.0.0.0/23
   10.0.2.0/24

RE: IPv6

[Daryl G. Jurbala]

Title: Message



I 
guess that means vendor C has no excuse on the 7200 VXR series (and I believe a 
few of the newer models). But I still don't see anthing fantastically IPv6 
happening there.

Daryl G. 
JurbalaIntrospect.net ConsultingTel: +1 215 825 8401Fax: +1 508 526 
8500http://www.introspect.netPGP Key: 
http://www.introspect.net/pgp 

  
  -Original Message-From: 
  [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, June 
  13, 2003 12:48 AMTo: 
  [EMAIL PROTECTED]Cc: 
  [EMAIL PROTECTED]Subject: Re: IPv6[.]
  Most L3 switches shipping today (e.g. the product in question) 
  have particular ethertypes and destination address 
  offsets hardcoded into their ASICs. It's not a 
  matter of supporting 128-bit addresses -- they simply doesn't understand IPv6's header any more than they do DECnet or 
  AppleTalk. 
  While allocation policies may have an effect on how IPv6 FIBs 
  are most efficiently stored, address length is a 
  fairly small part of the problem when you're talking 
  about redesigning every ASIC to handle both IPv4 and IPv6. 
  []

Re: IPv6

[bmanning]

 
 
 Andy Dills wrote:
  Am I the only one that thinks IPv6 is a minimum of ten years out
  before you see actual non-geek demand?
 
 It will probably happen before that.  The Japanese government
 requirement that all businesses be fully ipv6 compliant before 2005 is
 certainly going to have a major impact on vendor ipv6 implementations,
 from the core to the desktop  So while you may not get 30Mpps on your
 backbone router, you're probably not going to be stuck with a white
 elephant rate-limited to 200Kpps either.  One day, you may even be able
 to run an ipv6-only desktop from vendor M, who knows?
 Nick

I saw a DISA memo yesterday that mandates IPv6 compliance 
by 2008.

--bill

RE: IPv6

[David Luyer]

Daryl G. Jurbala wrote:
 I guess that means vendor C has no excuse on the 7200 VXR
 series (and I believe a few of the newer models).  But I
 still don't see anthing fantastically IPv6 happening there.

The 7206VXR (along with all 7200/7400) supports IPv6
in IOS 12.2S, 12.2T and 12.3.

12.2S is not yet the recommended IOS for ISPs using 7200
series routers, but is expected to be the recommended ISP IOS
in the future.

12.2T/12.3 are the current recommended IOS for LNSs.

The support seems to gradually increase with time.  As a
7xxx-based network, IPv6 came as a pleasant surprise when we
upgraded IOS for other reasons.

Some current significant missing items:

  NetFlow of IPv6 (...sure we can do the traffic, but can
  we bill it?!...)

  Communication by the router to IPv6 hosts for RADIUS, tacacs,
  NetFlow, etc (...ok, so we can use IPv6, just as long as it's
  not for anything our routers want to talk to...)

But for that matter, NetFlow doesn't work well with MPLS either
(in a VPDN environment, where you can't identify a virtual access
interface based on SNMP and hoping it was the same when the
traffic happened, there's no way currently to identify which VRF
the traffic occurred in and thus no way to map traffic back to
a customer when multiple VRFs contain the same IPs).

David.

Re: IPv6

[Dave Israel]

On 6/13/2003 at 07:54:01 -0700, [EMAIL PROTECTED] said:

   I saw a DISA memo yesterday that mandates IPv6 compliance 
   by 2008.

Ah, government memos.  There's been ones mandating OSI protocols,
UNIX workstations for all government employees...

Government mandates aren't going to force a protocol by themselves.
The marketplace is where v6 will be made or broken, and history shows
the marketplace has two requirements: need and painlessness.  This
might give the vendors a nudge, but it isn't going to be the reason
the Great Changeover happens.

-Dave

Re: IPv6

[bmanning]

 
 On 6/13/2003 at 07:54:01 -0700, [EMAIL PROTECTED] said:
 
  I saw a DISA memo yesterday that mandates IPv6 compliance 
  by 2008.
 
 Ah, government memos.  There's been ones mandating OSI protocols,
 UNIX workstations for all government employees...
 
 Government mandates aren't going to force a protocol by themselves.
 The marketplace is where v6 will be made or broken, and history shows
 the marketplace has two requirements: need and painlessness.  This
 might give the vendors a nudge, but it isn't going to be the reason
 the Great Changeover happens.
 
 -Dave
 

too right. (having the scars from the OSI compliance tussle)
the point being that this is one more grain added to the side of
IPv6 in my lifetime...  DISA does occasionally have some
impact on the marketplace that the rest of us play in.

speaking of which, v6 zelots and cheerleaders may find this
URL interesting: http://www.usipv6.com/

--bill

Re: IPv6

[E.B. Dreger]

PH Date: Fri, 13 Jun 2003 09:37:59 +0300
PH From: Petri Helenius


PH One word; multihoming.

How many billion different interdomain routing policies do we
really need?


Eddy
--
Brotsman  Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 (785) 865-5885 Lawrence and [inter]national
Phone: +1 (316) 794-8922 Wichita

Re: IPv6

[Jay Ford]

On Fri, 13 Jun 2003, E.B. Dreger wrote:
 PH One word; multihoming.

 How many billion different interdomain routing policies do we
 really need?

Just 1 is enough to cause trouble.  Given strict provider-based addressing,
multihoming leads to rather nasty interactions between host-based selection
of (source address, destination address)  things like the following:
   o  routing policy
   o  anti-spoofing... filtering
   o  quality of service
The IETF drafts I've read have not yet offered what I consider viable
solutions to those issues.


Jay Ford, Network Engineering Group, Information Technology Services
University of Iowa, Iowa City, IA 52242
email: [EMAIL PROTECTED], phone: 319-335-, fax: 319-335-2951

DNS resolution to Yahoo.

[Alan Sato]

So I got 2 dns servers that
resolve www.yahoo.com differently. 

Server A goes to 216.109.125.69. The Server B goes to 66.218.71.92. The 66.218.71.92 is a faster route for
me. 

How do I get Server A to resolve to 66.218.71.92?



Alan

Rescheduled: P2P file sharing national security and personal securityrisks

[Sean Donelan]

June 10, 2003

NOTICE OF RESCHEDULED FULL COMMITTEE HEARING
The Senate Committee on the Judiciary scheduled for Wednesday, June 11,
2003, at 2:00 p.m., on .The Dark Side of a Bright Idea: Could Personal
and National Security Risks Compromise the Potential of P2P File-Sharing
Networks?. has been rescheduled for Tuesday, June 17, 2003 at 2:00 p.m.
in Room 226 of the Senate Dirksen Building.

By order of the Chairman





I wonder if anyone is going to mention that Microsoft Network Neighborhood
file sharing is a form of P2P file sharing.

Re: DNS resolution to Yahoo.

[Alex Kamantauskas]

 http://www.yahoo.com/  differently.
 Server A goes to 216.109.125.69.  The Server B goes to 66.218.71.92.
 The 66.218.71.92 is a faster route for me.
 How do I get Server A to resolve to 66.218.71.92?

 Have Server A declare itself authoritative for www.yahoo.com and set up
 an A record pointing to 66.218.71.92

-- 
/ak

Re: DNS resolution to Yahoo.

[Mike]

Alex Kamantauskas wrote:

 Have Server A declare itself authoritative for www.yahoo.com and set up
 an A record pointing to 66.218.71.92
...and then be prepared to deal with a flood of customer complaints when 
yahoo renumbers and is no longer reachable from your network.

cf. http://www.amazon.com/exec/obidos/tg/detail/-/0596001584/

Re: DNS resolution to Yahoo.

[Alex Kamantauskas]

 I was just answering the question How do I get Server A to resolve to
 66.218.71.92?  The rest was up to him.

On Fri, 13 Jun 2003, Mike wrote:


 Alex Kamantauskas wrote:

 
   Have Server A declare itself authoritative for www.yahoo.com and set up
   an A record pointing to 66.218.71.92
 

 ...and then be prepared to deal with a flood of customer complaints when
 yahoo renumbers and is no longer reachable from your network.

 cf. http://www.amazon.com/exec/obidos/tg/detail/-/0596001584/





-- 
/ak

Re: Rescheduled: P2P file sharing national security and personalsecurity risks

[Richard Irving]

IMHO:

 No more, or less, than SMTP.

 It is -that- simple.

(Of course, SMTP is how China got
  Nuclear Secrets out of America :( )
FWIW: This is more tempestuous reactions at High Levels,
that would normally have been laughed off.
Except P2P's are annoying the Recording Industry execs,
 and they have $$$ on the line, so.
 $$$ has a way a bringing things to light that would
otherwise simply have been ignored
 But, for this to make it to the NS Risk Assessment groups just
demonstrates the licentious influence between the Current
Administration Policies and Money Men.
 After all, how many meetings are there going to
be assessing the risk SMTP has on National Security ?
 Or, as you mentioned, MS file sharing...

 And, remember, SMTP is -already- proven guilty of said Risk,
and a far more -probable- culprit in future compromises... !
Reality Check.

My .02c

.Richard.

  My, what interesting times we live in,
 and darn it, important people noticed me! :{
Sean Donelan wrote:
June 10, 2003

NOTICE OF RESCHEDULED FULL COMMITTEE HEARING
The Senate Committee on the Judiciary scheduled for Wednesday, June 11,
2003, at 2:00 p.m., on .The Dark Side of a Bright Idea: Could Personal
and National Security Risks Compromise the Potential of P2P File-Sharing
Networks?. has been rescheduled for Tuesday, June 17, 2003 at 2:00 p.m.
in Room 226 of the Senate Dirksen Building.
By order of the Chairman





I wonder if anyone is going to mention that Microsoft Network Neighborhood
file sharing is a form of P2P file sharing.

RE: DNS resolution to Yahoo.

[Ejay Hire]

Yahoo 
uses akamai technology (bgp path analysis) to determine what content server is 
"closest" to a given host and bases its' dns response on that data. You 
could contact Akamai and, explain your network, and see if they can make the 
necessary adjustments, or if you are large enough ask them to drop a couple of 
servers in your site. (or they maywant you to send them a BGP 
feed)

-Ejay


  -Original Message-From: Alan Sato 
  [mailto:[EMAIL PROTECTED]Sent: Friday, June 13, 2003 12:17 
  PMTo: [EMAIL PROTECTED]Subject: DNS resolution to 
  Yahoo.
  
  So I got 2 dns servers that resolve www.yahoo.com differently. 
  Server A goes to 
  216.109.125.69. The Server B goes 
  to 66.218.71.92. The 66.218.71.92 
  is a faster route for me. 
  
  How do I get Server A to resolve 
  to 66.218.71.92?
  
  Alan
  

RE: DNS resolution to Yahoo.

[Patrick W. Gilmore]

-- On Friday, June 13, 2003 13:18 -0500
-- Ejay Hire [EMAIL PROTECTED] supposedly wrote:
Yahoo uses akamai technology (bgp path analysis) to determine what
content server is closest to a given host and bases its' dns response
on that data.  You could contact Akamai and, explain your network, and
see if they can make the necessary adjustments, or if you are large
enough ask them to drop a couple of servers in your site.  (or they may
want you to send them a BGP feed)
It is a bit more complex that BGP path analysis. :)

But we are happy to work with you to make things faster / better.

Any particular reason you have a problem with multiple answers?  We do it 
intentionally for several reasons (e.g. load balancing and redundancy).  It 
is fully RFC compliant and has been working well for many years now on most 
of the large web sites on the Internet.

--
TTFN,
patrick

Re: Rescheduled: P2P file sharing national security and personalsecurity risks

[sgorman1]

Not sure what is scarier the money to influence government or the money spent on 
litigation.  The latest tactic is using a legal bit called self help.  Usually self 
help is used if someone steals your car and you find it in their driveway, you can 
trespass on their property to retrieve your property.   

The RIAA version of this is they can hack into p2p systems and spike files, tamper 
with search results, and generally wreak havoc on anything that has a copyrighted file 
on it.  Even scarier I was listening to a panel of lawyers who all thought this was a 
great idea.  

It did not seem to bother them at all that these actions would/could wreck the system 
for all the legitmate users or that the burden of proving that legit systems had been 
hacked/screwed would be on the system owner and not the RIAA.  Maybe we should set up 
tire shredders on the interstate and then check all the wrecked cars to see if they 
were stolen or carrying drugs.


- Original Message -
From: Richard Irving [EMAIL PROTECTED]
Date: Friday, June 13, 2003 2:19 pm
Subject: Re: Rescheduled: P2P file sharing national security and personal security 
risks

 
 IMHO:
 
  No more, or less, than SMTP.
 
  It is -that- simple.
 
 (Of course, SMTP is how China got
   Nuclear Secrets out of America :( )
 
 FWIW: This is more tempestuous reactions at High Levels,
 that would normally have been laughed off.
 
 Except P2P's are annoying the Recording Industry execs,
  and they have $$$ on the line, so.
 
  $$$ has a way a bringing things to light that would
 otherwise simply have been ignored
 
  But, for this to make it to the NS Risk Assessment groups just
 demonstrates the licentious influence between the Current
 Administration Policies and Money Men.
 
  After all, how many meetings are there going to
 be assessing the risk SMTP has on National Security ?
 
  Or, as you mentioned, MS file sharing...
 
  And, remember, SMTP is -already- proven guilty of said Risk,
 and a far more -probable- culprit in future compromises... !
 
 Reality Check.
 
 My .02c
 
 .Richard.
 
   My, what interesting times we live in,
  and darn it, important people noticed me! :{
 
 Sean Donelan wrote:
  
  June 10, 2003
  
  NOTICE OF RESCHEDULED FULL COMMITTEE HEARING
  The Senate Committee on the Judiciary scheduled for Wednesday, 
 June 11,
  2003, at 2:00 p.m., on .The Dark Side of a Bright Idea: Could 
 Personal and National Security Risks Compromise the Potential of 
 P2P File-Sharing
  Networks?. has been rescheduled for Tuesday, June 17, 2003 at 
 2:00 p.m.
  in Room 226 of the Senate Dirksen Building.
  
  By order of the Chairman
  
  
  
  
  
  I wonder if anyone is going to mention that Microsoft Network 
 Neighborhood file sharing is a form of P2P file sharing.
 
 
 
 

[afisnews_sender@DTIC.MIL: New Internet Protocol Version Slated ForDebut]

[Alan B. Clegg]

Since the use of IPv6 has been discussed

- Forwarded message from Press Service [EMAIL PROTECTED] -

Date: Fri, 13 Jun 2003 15:39:01 -0400
From: Press Service [EMAIL PROTECTED]
Subject: New Internet Protocol Version Slated For Debut
To: [EMAIL PROTECTED]

By Gerry J. Gilmore
American Forces Press Service

WASHINGTON, June 13, 2003 – An improved version of the Internet, featuring
enhancements that improve system security and data delivery, will be part of
DoD's integrated information-communications network, a senior U.S. defense
official said here today.

Users will realize improved service when Internet Protocol Version 6 is
incorporated across DoD systems, John Stenbit, assistant secretary of defense
for networks and information integration, remarked to reporters during a
Pentagon press conference.

DoD currently uses Version 4 of the Internet, Stenbit explained. That system,
he noted, has some flaws.

There are lots of issues that have come up with Internet Version 4, Stenbit
pointed out, noting many commercial fixes have been made to address some of
those problems.

One Version 4 fix, Stenbit said, concerns the number of Internet addresses that
can be accessed. Yet, this issue, he pointed out, isn't of particular import to
DoD.

However, DoD is concerned about the lack of information security safeguards
that are inherent in Internet Version 4, Stenbit noted.

And the department is aware of the current Internet system's lack of
dependability in delivering electronic packages of information, which,
Stenbit points out, has a negative impact on quality of service.

Today, if you send a 'packet' on the Internet, nobody is guaranteeing you that
it is going to get to the other end, Stenbit observed.

For example, he noted, sometimes Internet provider-generated video or audio
conferences may lose sight or sound during transmission. This, he explained, is
caused by Version 4 limitations.

Improvements addressing such quality of service issues are part of Internet
Version 6, Stenbit explained.

And Version 6 development has gotten far enough along so that people now
deliver hardware and software that are compatible with both standards, Stenbit
noted.

Version 6 is what we're going to be using as the standard for DoD, Stenbit
declared, noting, We're anticipating moving the department to the use of IP 6
in about 2008.

Consequently, DoD acquisition officials must begin purchasing Version 6-
compatible equipment now, Stenbit concluded.

___
NOTE:  This is a plain text version of a web page.  If your e-mail program
did not properly format this information, you may view the story at
http://www.defenselink.mil/news/Jun2003/n06132003_200306134.html
Any photos, graphics or other imagery included in the article may also
be viewed at this web page.





Visit the Defense Department's Web site for the latest news
and information about America's response to the Sept. 11, 2001,
terrorist attacks and the war against terrorism: Defend America
at http://www.DefendAmerica.mil.


Visit the Department of Defense Homeland Security Web site
at http://www.defenselink.mil/specials/homeland/ to learn more
about the Department of Defense role in homeland security.



Unsubscribe from or Subscribe to this mailing list:
http://www.defenselink.mil/news/subscribe.html



- End forwarded message -

-- 
I must study politics and war that my sons |
may have liberty to study mathematics and  |[EMAIL PROTECTED]
philosophy. -- John Adams  |


pgp0.pgp
Description: PGP signature

Re: Rescheduled: P2P file sharing national security and personalsecurity risks

[Eric A. Hall]

on 6/13/2003 1:19 PM Richard Irving wrote:

 But, for this to make it to the NS Risk Assessment groups just
 demonstrates the licentious influence between the Current
 Administration Policies and Money Men.

Uhh, this is a senate committee, not an administrative effort. And folks
like Berman (the RIAA vigilante bill) and Feinstein (the MPAA) are
Democrats. And you misused licentious.

http://news.com.com/2100-1023-954591.html shows that this kind of effort
has been going for a while.

-- 
Eric A. Hallhttp://www.ehsco.com/
Internet Core Protocols  http://www.oreilly.com/catalog/coreprot/

RE: IPv6 Services/Products

[Bulger, Tim]

That would be Maxis Communications Berhad or www.maxis.com.my ...

-Original Message-
From: Irwin Lazar [mailto:[EMAIL PROTECTED] 
Sent: Friday, June 13, 2003 6:29 AM
To: [EMAIL PROTECTED]
Subject: IPv6 Services/Products



Thanks to all who responded, below is what I've compiled so far
(vendors/service providers):

Hurricane Electric - http://www.he.net/
Maxis (IPv6 for 3G) - www.maxis.com
Equinix (IPv6 exchange for Hurricane  Japan Telecom) - www.equinix.com
BTExact (http://www.uk6x.com) NEC (IPv6 video content distribution
system with China Netcom, Asia Netcom Japan, and Sky Perfect) 6Wind
(IPv6 in China w/ BII Group) Internet Initiative Japan Inc (IIJ) - IPv6
Gateway Service Global Crossing (announce beta plans last year, haven't
been able to find anything further)

Also, ISS just released an IDS/IPS for IPv6 (the first one I believe?)

Thanks for the feedback,
Irwin

rr style scanning of non-customers

[Kuhtz, Christian]

Hey gang,



Some ISPs, such as RR, appear to be implementing
what I personally would consider quite aggressive approaches to guarding their
network by implementing "proactive" scanning of non-customers, similar
to what's described at



 http://security.rr.com/probing.htm



In this case, sending email to @rr.com appears to trigger
this scanning business (mind you, this is not about the scanning their subs
biz; I don't care to get into that in this thread). 



But, the question is.. How many people here are
doing this sort of thing? And where does this stop, short of nmapping the
entire box?



Some time ago, when Code Red first came around,
discussions raged as to how to deal with it and other infestations of customer
owned/operated equipment. And this kind of is a different slant on the
same issue. Except that it goes quite a bit further than your own
prefixes.



I'm not looking to start a flamewar, I'm
interested in a discussion or consensus discovery of how far "proactive"
tasks can/should/shouldn't go.



Regards,

Christian











*

"The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material.  Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited.  If you received this in error, please contact the sender and delete the material from all computers."

Re: rr style scanning of non-customers

[jlewis]

On Fri, 13 Jun 2003, Kuhtz, Christian wrote:

 Some ISPs, such as RR, appear to be implementing what I personally would
 consider quite aggressive approaches to guarding their network by
 implementing proactive scanning of non-customers, similar to what's
 described at
 
 http://security.rr.com/probing.htm http://security.rr.com/probing.htm 
 
 In this case, sending email to @rr.com appears to trigger this scanning
 business (mind you, this is not about the scanning their subs biz; I don't

Proactive = scanning for open systems before they come to you.
Reactive = scanning the IPs that connect to you to see if they're open.

They spell this out very clearly on the page referenced above and say that 
they're doing proactive scanning of their own network and reactive 
scanning of the rest of the internet.  Do you have any reason to believe 
they're not doing as they say?

Is it time for the monthy nanog spam debate again already? :)

Unfortunately, what they're looking for is only a small sub-set of the 
commonly used ports by various proxy software typically installed wide 
open on broadband connected systems.  If they're serious about reactive 
scanning, they ought to either update the ports tested or just ally with 
one of the various dnsbls that does this sort of testing (less/more 
effective testing would be the result).

The last time this topic came up, it was suggested by others that either 
trojan or virus software was installing/creating open proxies.  I wrote 
that off as people being overly paranoid.  I'm sorry to say that I now 
know this to be true and have seen many installations of at least one 
strain of such proxy software.
 
--
 Jon Lewis [EMAIL PROTECTED]|  I route
 System Administrator|  therefore you are
 Atlantic Net|  
_ http://www.lewis.org/~jlewis/pgp for PGP public key_