Anyone from NeuLeve.bizl listening?
Given that there are no phone numbers anywhere on the NeuLevel (.biz registrar) site and email to [EMAIL PROTECTED] is going unanswered, I'll ask here. If anyone has real contact info for these folks, or anyone from NeuLevel is listening, please drop me a note off-list. A cracker/spammer has decided to list one of our customer servers as a secondary nameserver for a bunch of spam domains and we're getting hammered with spam complaints that really have nothing to with us. Thanks! -- Drew Linsalata The Gotham Bus Company, Inc. Colocation and Dedicated Access Solutions http://www.gothambus.com
Re: Anyone from NeuLeve.bizl listening?
Drew Linsalata writes on 12/11/2003 10:03 AM: If anyone has real contact info for these folks, or anyone from NeuLevel is listening, please drop me a note off-list. A cracker/spammer has decided to list one of our customer servers as a secondary nameserver for a bunch of spam domains and we're getting hammered with spam complaints that really have nothing to with us. For now - I'd suggest that you make that server authoritative for all the spammer domains pointing at it, and set their MX and A records to 127.0.0.1 with a really long TTL (like a year or two). And set up a website on that host saying this is a forgery, it is not us srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: Anyone from NeuLevel.biz listening?
I've been a victim to that... I'm not certain you'll be able to convince domain registry to delete that name server from that domain - I could not (but this with Verisign and their techs could not even undertand what the issue is and getting to knowledgable people there is surprisingly difficult) My suggestion is to deal with it like with joe-job or some other spam that directly lists your domain (like in From header) and possibly set automated reply that you have nothing to do with what is going on as automated reply. And obviously dns server should answer NXDOMAIN which would main it has negative value for the spammer. On Thu, 11 Dec 2003, Drew Linsalata wrote: Given that there are no phone numbers anywhere on the NeuLevel (.biz registrar) site and email to [EMAIL PROTECTED] is going unanswered, I'll ask here. If anyone has real contact info for these folks, or anyone from NeuLevel is listening, please drop me a note off-list. A cracker/spammer has decided to list one of our customer servers as a secondary nameserver for a bunch of spam domains and we're getting hammered with spam complaints that really have nothing to with us. Thanks!
Re: Anyone from NeuLeve.bizl listening?
#Drew Linsalata writes on 12/11/2003 10:03 AM: # #If anyone has real contact info for these folks, or anyone from NeuLevel #is listening, please drop me a note off-list. A cracker/spammer has #decided to list one of our customer servers as a secondary nameserver #for a bunch of spam domains and we're getting hammered with spam #complaints that really have nothing to with us. Speaking of NeuLevel, I believe the problems with .biz domains and incorrect registration data are more general in nature than just this one example, a point I attempt to make in an invited guest commentary for Syllabus.com: The Curious Correlation Between .biz Domains, Bad Whois Data, and Spam http://www.syllabus.com/news_article.asp?id=9618typeid=153 And as noted in the NeuLevel quote in that article, if you've got a problem with a particular .biz domain registration, you really need to get that problem fixed by the particular .biz registrar who did that domain's registration. Regards, Joe
Re: Anyone from NeuLeve.bizl listening?
As a number of folks have mentioned, there was a typo in the URL I just provided; the corrected URL is: http://www.syllabus.com/news_article.asp?id=8618typeid=153 Sorry about that, Joe
Re: Anyone from NeuLeve.bizl listening?
On 12/11/2003 9:31 AM, Joe St Sauver wrote: Speaking of NeuLevel, I believe the problems with .biz domains and incorrect registration data are more general in nature than just this one example, a point I attempt to make in an invited guest commentary for Syllabus.com: That's been my observation as well. NeuLevel does not enforce their ToS and spammers have taken advantage of the situation accordingly. NeuStar (one of NueLevel's parents) is quickly having the exact same problem with the .us registry, for the exact same reasons. The most-useful of the recent additions to my spam filters is to flatly reject mail containing URIs that point to .biz or .us domains. Not something most of us can do, but it sure works for me. -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
DS3 questions.
We have a scenario where we have a DS3 at a Customer location that they want to use for both Data/PRI(voice) They need 8 Voice PRIs and they want to use the remainder of the DS3 for data. If we channelize this DS3, my question is, is it possible to use the unused portion of the DS3 as a fractional DS3, or would we have to terminate the rest as single T1s? Thanks, -Drew
RE: DS3 questions.
Title: Message With a box like the Adtran Atlas you'd be able to give them the PRI's and hand the rest off as a DS-3 or HSSI. -Dave -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Drew WeaverSent: Thursday, December 11, 2003 11:59 AMTo: '[EMAIL PROTECTED]'Subject: DS3 questions. We have a scenario where we have a DS3 at a Customer location that they want to use for both Data/PRI(voice) They need 8 Voice PRIs and they want to use the remainder of the DS3 for data. If we channelize this DS3, my question is, is it possible to use the unused portion of the DS3 as a fractional DS3, or would we have to terminate the rest as single T1s? Thanks, -Drew IMPORTANT: The information contained in this email and/or its attachments is confidential. If you are not the intended recipient, please notify the sender immediately by reply and immediately delete this message and all its attachments. Any review, use, reproduction, disclosure or dissemination of this message or any attachment by an unintended recipient is strictly prohibited. Neither this message nor any attachment is intended as or should be construed as an offer, solicitation or recommendation to buy or sell any security or other financial instrument. Neither the sender, his or her employer nor any of their respective affiliates makes any warranties as to the completeness or accuracy of any of the information contained herein or that this message or any of its attachments is free of viruses.
Re: DS3 questions.
Drew Weaver wrote: We have a scenario where we have a DS3 at a Customer location that they want to use for both Data/PRI(voice) They need 8 Voice PRIs and they want to use the remainder of the DS3 for data. If we channelize this DS3, my question is, is it possible to use the unused portion of the DS3 as a fractional DS3, or would we have to terminate the rest as single T1s? We just went through this here. The Adtran T3SU-300 with two DSX-1 cards will do exactly what you want to do. Each DSX card peels off 4 DS-1s, leaving you with approximately 33 Mbps of bandwidth on the built-in HSSI port. Only drawback is that you need HSSI cards in the routers on both ends to handle the IP part. If you need any details or help with the setup, give me a shout. Been there, done that. -- Drew Linsalata The Gotham Bus Company, Inc. Colocation and Dedicated Access Solutions http://www.gothambus.com
Re: DS3 questions.
Hi Drew, We have several customer we do this with using DS3s. On our end we use an Adtran 830 DACS (pretty inexpensive). We use the T3SU at the customers end with various cards (depending on how much voice they want. We break out the voice channels and then run a HSSI connection to a router as a fractional DS3. In our case, we originate the dialtone at our facility with PRIs. then pipe then to the different customer locations that terminate via DS3s and CT3s at our facility, but you could easily do it with a point-to-pint DS3 and some Adtran equipment. I would suggest giving Adtran a call as they have a great pre-sales engineering department. And no I don't work for Adtran :-) Hope this helps. On Thu, 11 Dec 2003 11:58:48 -0500 Drew Weaver [EMAIL PROTECTED] wrote: We have a scenario where we have a DS3 at a Customer location that they want to use for both Data/PRI(voice) They need 8 Voice PRIs and they want to use the remainder of the DS3 for data. If we channelize this DS3, my question is, is it possible to use the unused portion of the DS3 as a fractional DS3, or would we have to terminate the rest as single T1s? Thanks, -Drew ** Richard J. Sears Vice President American Digital Network [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Re: Anyone from NeuLeve.biz listening?
flatly reject mail containing URIs that point to .biz or .us domains. Hopefully not including RFC-1480 locality .us domains. http://texasonline.state.tx.us -bryan bradsby The Internet is totally out of control, impossible to map accurately, and being used far beyond its original intentions. So far, so good. -- Dr. Dobb's Journal, May 1993
Microsoft Probes Flaw That Could Help Fraudsters Create Fake Web Sites
Did anyone else see this? http://www.secunia.com/internet_explorer_address_bar_spoofing_test http://news.google.com/url?ntc=0M4C0q=http://www.informationweek.com/story/ showArticle.jhtml%3FarticleID%3D16700218
Re: Microsoft Probes Flaw That Could Help Fraudsters Create Fake Web Sites
On Thu, 11 Dec 2003 16:32:32 EST, Mike Tomasura [EMAIL PROTECTED] said: Did anyone else see this? http://www.secunia.com/internet_explorer_address_bar_spoofing_test http://news.google.com/url?ntc=0M4C0q=http://www.informationweek.com/story/ showArticle.jhtml%3FarticleID%3D16700218 Pick one ore more of the following, as appropriate: a) Been there. Done that. Got the TShirt. b) IE Hole found, Death of Internet Predicted. Film at 11. c) *yawn*. Move along. Nothing to see. d) You're new around here, aren't you? pgp0.pgp Description: PGP signature
Re: Microsoft Probes Flaw That Could Help Fraudsters Create Fake Web Sites
On Thu, 11 Dec 2003, Mike Tomasura wrote: Did anyone else see this? http://www.secunia.com/internet_explorer_address_bar_spoofing_test OMG! Holes in internet explorer?!?!!? Seriously... There's a reason I use Mozilla instead...
Re: AS Path Loops in practice ?
In a message written on Thu, Dec 11, 2003 at 11:07:03PM +, Stephen J. Wilcox wrote: Perhaps I'm missing something having not done this myself but why arent the customers just using private ASNs? That would also remove the 'must default' clause. Not enough, customers already use them internally, other things use them (eg, route servers), easier to talk customers through configs on the phone, allows customers who have IP space but not an ASN to announce to the Internet without the provider having to announce directly. I'll bet there are more I can't remember. -- Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [EMAIL PROTECTED], www.tmbg.org pgp0.pgp Description: PGP signature
Re: Anyone from NeuLeve.bizl listening?
I can see a couple of obvious approaches for getting Neulevel's attention - Their web site lists two Registry Relationship Managers, one with popup contact info Ivor Sequeira - Senior Manager, European, African, and Middle Eastern Regions 571-434-5776 [EMAIL PROTECTED] (That appears to be +1-571-434-5776 ...) - Their whois entry for neulevel.biz lists +1.5714345757 as their phone number, fax +1.5714345758, and snailmail address list. http://www.whois.biz/whois.cgi?TLD=bizWHOIS_QUERY=neulevel.bizTYPE=DOMAINSearch=Submit+Query - They've got a snailmail address, you've got a lawyer and Fedex, they've got a Nasty Letter Since the requests to use your DNS server were bogus, you could probably file a John Doe suit and do discovery on Neulevel, but a Nasty Letter is probably enough. - They've got an online trademark dispute process. It's got pointers to ICANN dispute resolution mechanisms, which are more likely to get their attention than random email. Their entry point is [EMAIL PROTECTED] Normally, if somebody registers that annoying-little-spammer.com has nameserver 1.2.3.4, you'd be using this to complain that you own the name annoying-little-spammer.com, but you could try using it to complain that you own 1.2.3.4, and maybe even contend that since the registrant falsely listed you as the nameserver for the domain, that it's theft of service and you ought to be awarded ownership of the name. - You might also drop a note to ICANN about the lack of a phone number on their web site and the lack of email responsiveness. - Personally I like the suggestion that someone had that you start serving DNS for the fake names, either pointing to 127.0.0.3 or to a CNAME pointing to Annoying-spammers-forged-their-DNS-again.com, which is some disposable address block on which you run a web site and stub email server explaining that it's not your fault.
Former WorldCom C.E.O. John Sidgmore Dies at 52
(From the New York Times) WASHINGTON (AP) -- John Sidgmore, the WorldComexecutive who helped reveal the accounting troubles that led to the biggest bankruptcy filing in U.S. history, died Thursday at 52. He died of complications associated with acute pancreatitis, said B. Jay Cooper, a family spokesman. http://www.nytimes.com/aponline/business/AP-Obit-Sidgmore.html
Re: Anyone from NeuLeve.bizl listening?
Stewart, William C (Bill), RTSLS writes on 12/11/2003 8:37 PM: - Personally I like the suggestion that someone had that you start serving DNS for the fake names, either pointing to 127.0.0.3 or to a CNAME pointing to Annoying-spammers-forged-their-DNS-again.com, which is some disposable address block on which you run a web site and stub email server explaining that it's not your fault. That was my idea. And I would not recommend the or option about setting a clever sounding DNS record annoying-spammers-forged-dns. A lot of skript kiddies are out there with limited to zero email header reading / DNS skills, who still know just enough to download and launch rootkits and DoS attacks. This is an old and time honored tradition to deal with lusers anyway, kind of like the warez.* ftp servers (though one of the more popular of these, warez.slashdot.org, seems to have found itself a non-localhost IP some months back) :( And more to the point, you don't waste your bandwidth dealing with DNS queries and bounced email hitting your customer's server. srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: AS Path Loops in practice ?
On Thu, Dec 11, 2003 at 11:07:03PM +, Stephen J. Wilcox wrote: Perhaps I'm missing something having not done this myself but why arent the customers just using private ASNs? That would also remove the 'must default' clause. What if you have more customers than there are private ASNs? Think about things like 2547-style VPNs, etc. What if you want to propogate those customers' BGP announcements to the world? Which hardware vendors support a strip-private-ASN feature? Did they always do so? If every such customer uses a private ASN, every other default-free customer must accept routes from the ISP that contain private ASNs in the as-path. Which of your default-free customers might be filtering those prefixes? It makes it a little more difficult for the ISP to filter prefixes with private ASNs in the path; those from some customers must be honored; those from other customers and from peers should be dropped. The ones that were supposed to be honored should be passed along to other BGP-speaking customers but not to peers. This is obviously not an insurmountable problem, but it does add a lot of config complexity. Private-ASN collisions (i.e., when one customer uses one ASN to talk to the ISP and another ASN internally which the provider assigns to a different customer) will cause problems. You WILL hear this from a customer: I want to use ASN X for this purpose because that's what my consultant said. Repeat, but s/a customer/another customer/. Etc. --Jeff
Re: AS Path Loops in practice ?
--- Stephen J. Wilcox [EMAIL PROTECTED] wrote: Most (all) large ISP's have a customer ASN. This allows a customer to connect in multiple places, run BGP, and get something approximating real redundancy to that carrier. However, rather than allocate one ASN to each customer, all customers use the same customer ASN. Yes, that means they must default to the provider (and/or have the provider provide a default route) to reach the other customers using this technique. Perhaps I'm missing something having not done this myself but why arent the customers just using private ASNs? That would also remove the 'must default' clause. Steve 1) It would only remove the must default clause if the provider either stripped (or overrode) the local-as, or if all of the private ASNs were unique. That is a big headache. 2) Private ASNs are not, per RFC1918, supposed to be connected to the Internet, in much the same way that private IP space is not supposed to be connected to the Internet. This can also be solved by stripping/overriding. 3) One advantage of using a public, albeit common, customer ASN is that if a customer has RIR-allocated space, those IPs will make it onto the global table, and will not suffer the filtering which may be present for the provider's own routes. = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? New Yahoo! Photos - easier uploading and sharing. http://photos.yahoo.com/
Re: Anyone from NeuLeve.bizl listening?
Looks sane to me once I resolved the name Dns resolved neulevel.biz to 209.173.53.163 [IPv4 whois information on 209.173.53.163 ][Query Origin: Main Whois Query ][whois.arin.net] OrgName: NeuStar, Inc. OrgID: NEUSAddress: 45980 Center Oak PlazaAddress: Network Operations CenterCity: SterlingStateProv: VAPostalCode: 20166Country: US NetRange: 209.173.48.0 - 209.173.63.255 CIDR: 209.173.48.0/20 NetName: NEUSTAR-BLK1NetHandle: NET-209-173-48-0-1Parent: NET-209-0-0-0-0NetType: Direct AllocationNameServer: OAK.NEUSTAR.COMNameServer: PINE.NEUSTAR.COMComment: RegDate: 2001-03-21Updated: 2001-09-06 TechHandle: MT635-ARINTechName: Thomas, Mark TechPhone: +1-312-928-4610TechEmail: [EMAIL PROTECTED] OrgTechHandle: NETWO336-ARINOrgTechName: Network Engineering OrgTechPhone: +1-866-638-6622OrgTechEmail: [EMAIL PROTECTED] # ARIN WHOIS database, last updated 2003-12-11 19:15# Enter ? for additional hints on searching ARIN's WHOIS database."Stewart, William C (Bill), RTSLS" [EMAIL PROTECTED] wrote: I can see a couple of obvious approaches for getting Neulevel's attention- Their web site lists two Registry Relationship Managers, one with popup contact infoIvor Sequeira - Senior Manager, European, African, and Middle Eastern Regions571-434-5776 [EMAIL PROTECTED](That appears to be +1-571-434-5776 ...)- Their whois entry for neulevel.biz lists+1.5714345757 as their phone number, fax +1.5714345758,and snailmail address list.http://www.whois.biz/whois.cgi?TLD=bizWHOIS_QUERY=neulevel.bizTYPE=DOMAINSearch=Submit+Query- They've got a snailmail address, you've got a lawyer and Fedex, they've got a Nasty Letter Since the requests to useyour DNS server were bogus, you could probably file a John Doe suitand do discovery on Neulevel, but a Nasty Letter is probably enough.- They've got an online trademark dispute process.It's got pointers to ICANN dispute resolution mechanisms,which are more likely to get their attention than random email.Their entry point is [EMAIL PROTECTED]Normally, if somebody registers that annoying-little-spammer.com has nameserver 1.2.3.4,you'd be using this to complain that you own the nameannoying-little-spammer.com, but you could try using itto complain that you own 1.2.3.4, and maybe even contend thatsince the registrant falsely listed you as the nameserver for the domain,that it's theft of service and you ought to be awarded ownership of the name.- You might also drop a note to ICANN about the lack of a phone numberon their web site and the lack of email responsiveness.- Personally I like the suggestion that someone had that youstart serving DNS for the fake names, either pointing to 127.0.0.3or to a CNAME pointing to Annoying-spammers-forged-their-DNS-again.com,which is some disposable address block on which you run a web site and stub email server explaining that it's not your fault.
