Re: who offers cheap (personal) 1U colo?
Andrew Dorsett wrote: On Mon, 15 Mar 2004, Suresh Ramasubramanian wrote: Andrew Dorsett [3/15/2004 9:52 AM] : Well whats wrong with you setting up a small router and using one IP? The crap I hear most of the time is that they want to only issue one ip per Nothing particularly wrong with it as long as there's some mechanism to zero in on rooted / abused machines there. Exactly my point! But so many universities and small ISPs are against it with a vengance. Like I keep saying, they are sharing one wall portal. I know go to that keystone, find the hub and then go "Who's is this?" Tell them to clean up their machine because its infected and give them what I knowie: it was ip blah blah or sorry I can't tell you anything because it was coming through your NAT box and all I see is a single IP. Personally, shhh don't tell certain people who I know are lurking on this list :) But I ran a NAT box with 4 machines at one point. An XP box for my general use, an SGI box for development, a linux box for development, and another linux box acting as my ftp server. Andrew Something else I just remembered: Connecting so much equipment in our dorms creates a fire hazard. The are only two or three outlets (what I've been told) in a room shared by two or three students. Add to the computer equipment a TV, stereo, DVD player, alarm clocks, cordless phones, etc., etc., etc. and you have the makings for newspaper headlines. Hasn't happened yet to my knowledge, but it could and students don't consider these things. Ken
Re: Packet Kiddies Invade NANOG
On Sun, Mar 14, 2004 at 10:43:29PM -0600, Gregory Taylor wrote: > > Matthew (yes I know it is you), The personal information you > have posted regarding my phone number is me. However, the > slanderous material and obvious hate/flame statements you made > against me are absolutely false. For the record, I've been in-transit between the cold state of Minnesota to the semi-warm state of Texas for the past two days via car, Without internet access. If I wanted to post the urls in this thread I would have no issues doing it without hiding behind an anonymous email account. As for the accusations made being false, I know nothing about them. I do recall the 2 or 3 times you've attacked me by the direct, or indirect request of Andrew Kirch (trelane). -- Matthew S. HallacyFUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Re: who offers cheap (personal) 1U colo?
Laurence F. Sheldon, Jr. wrote: Suresh Ramasubramanian wrote: And what is wrong with setting up a hub or something in a dormroom? I find it quite convenient to leave both my PC and a laptop running on my desk, for various reasons (too many open terminals and windows is one of them ...) I've been trying to figure out what is wrong with that too. At my ex-employers, on of the things they did right is encourage study groups, and with multi-occupant suites, several stations (including one or more printers, plotters, and such) was normal. Most of the residence halls had hubs or small switches available for check-out. Is it the contention that each student should only use one pencil? If you have 300 students and 500 pencils, then the answer is yes. If everyone grabbed 3 pencils, you'd run out pretty quick. There are only so many addresses available in the DHCP pool. The smarter students put a NAT box on their port so they can run their desktop, laptop, XBox and have a place their friend can plug in. Ken
Re: Load Balancing Multiple DS3s (outgoing) on a 7500
On Mar 13, 2004, at 4:57 PM, Stephen J. Wilcox wrote: He'll be okie. It's just a little difficult for BGP to "load balance" outbound bits when the bulk of the Internet these days is 2 AS hops away from each of four upstreams. Not impossible, but it doesn't happen by default either. I used to do this ages ago, I did it by setting MEDs on the incoming BGP prefixes, in my route-maps I arbitrarily gave some nets (/8s or smaller) lower med on one feed and higher on the others to influence path selection. I shy away from anything but the gentlest of tweaks so I personally wouldnt mess with as-path, localpref, weight etc Yeah, probably a good idea not to use Weights, but not sure about AS_PATH. Nothing wrong with a prepend here or there, IMHO. :) But also nothing wrong with setting the MEDs if you like. Just be fore to have "always compare MED" on, or MEDs between multiple providers are not useful (which you obviously had set or this wouldn't work). I kinda like setting the origin code. No one pays attention to it, but it is in the selection criteria. that way you can use MEDs from the same provider and still influence routes between providers. -- TTFN, patrick
Re: who offers cheap (personal) 1U colo?
[EMAIL PROTECTED] (Jeff McAdams) writes: > No, you're presenting a false dichotomy. A provider can provide a > first-rate abuse desk, and still be price competitive. It can be done. > It requires a fair amount of clue level in the ISP, but it most > definitely can be done. at scale, with things as they now are, i simply don't believe this. with a 1:1 ratio (daily customers to onduty clues), it is never going to be possible to contact every customer out of band (by phone, that is) when they need to be told how to de-virus their win/xp box. not for $30/month. you can fiddle with the ratio -- 800:1 may work -- and you might be able to hire clues very cheaply for a while -- but not at scale. i'd love to be proved wrong on this point. -- Paul Vixie
Re: who offers cheap (personal) 1U colo?
[EMAIL PROTECTED] ("Christopher L. Morrow") writes:
> > > It has very little to do with the quality of the ISP's abuse desk.
> >
> > long term, it does. my sister is in sbc-dsl territory and before i
> > linuxed her and tunneled her, ...
>
> As was pointed out to me by a co-worker: "Linux is not anymore inherently
> secure than anyother OS."
your co-worker needs to spend a few thanksgiving holidays the way i spent
my last one, and then i'll listen to what he's got to say.
> The difference really comes in the administration of the pee cee. So,
> would upgrading joe-random-user to Linux really make things better for
> them? (or us?) That is not clear at all at this point.
it makes a number of things easier, like tunnelling. the fact that no
viruses are being crafted for it is apparently (according to bill gates
in a recent interview) not an indication of software quality but rather
market size. whatever.
> Certianly the point central to your arguement is that with the right
> abuse-desk to customer ratio AND the right customer base, things could be
> kept clean for smtp/web/ftp/blah 'hosting'. This is most certainly the
> case...
righto.
> I look forward to seeing your list of providers and prices :)
naturally everybody has their own units of measure, so it's proving
difficult to regularize it. perhaps another beer will help.
--
Paul Vixie
Re: Race to the bottom (was Re: who offers cheap (personal) 1U colo?)
> ... What you seem to be asking for is how can an individual obtain > independent IP address space which various block lists won't block for > $50/month. s/which various block lists won't block /whose reputation can be reasonably defended / > ... And once you find such a thing, how to prevent "bad people" from > taking advantage for your discovery. see above. -- Paul Vixie
Re: Fw: Packet Kiddies Invade NANOG
I was talking more along the lines of disclosing personal information without permission, slander is another one as well... Josh - Original Message - From: <[EMAIL PROTECTED]> To: "Joshua Brady" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Sunday, March 14, 2004 9:48 PM Subject: Re: Fw: Packet Kiddies Invade NANOG
Re: who offers cheap (personal) 1U colo?
> > If anyone on the east coast also thinks this is something worth putting > together (either for-profit or as a co-op situation), feel free to contact > me directly. This is currently being organized in the IAD area: http://lists.gotroot.com/mailman/listinfo/dcccp We've done a similar setup as a non-profit in SFO/SJC). http://www.communitycolo.net/ It's not for everyone, but it is more than adequate for most people's needs. With some more networking volunteers (as opposed to systems people) we could probably become a lot more robust than we already are. We are currently using 8 cabinets at Hurricane Electric off a 100mbit feed with a bunch of Cisco 1900 and 2900 series switches. Email's to me offlist for anyone interested in knowing more. -davidu David A. Ulevitch - Founder, EveryDNS.Net Washington University in St. Louis http://david.ulevitch.com -- http://everydns.net
Re: who offers cheap (personal) 1U colo?
On Sat, 13 Mar 2004, Paul Vixie wrote: > if you know of a place that offers 1U/month for $50/month with some kind of > bandwidth limitations (moderate peak, low average), and a strong abuse desk > (including repossessing the 1U server upon proof of abuse or neglect), please > send me e-mail with a url and some details. i'll summarize it all online > and report the aggregation URL back to this mailing list. I've always wanted to enter a "niche market" like this. I've never had a boss that saw this as big enough to break even. This really is a small enough endeavour for a few people to start up. Here in NYC, you can get some decent co-lo at a "Tier 1" for $650/mo. and bandwidth at $150/MB with no commit. And that's at a very nice facility. I'm sure that others know of even better deals, but I think that's a fair market price for a facility/name that everyone knows and trusts. If anyone on the east coast also thinks this is something worth putting together (either for-profit or as a co-op situation), feel free to contact me directly. Thanks, Charles
Re: who offers cheap (personal) 1U colo?
On Mon, 15 Mar 2004, Suresh Ramasubramanian wrote: > Andrew Dorsett [3/15/2004 9:52 AM] : > > > Well whats wrong with you setting up a small router and using one IP? The > > crap I hear most of the time is that they want to only issue one ip per > > Nothing particularly wrong with it as long as there's some mechanism to > zero in on rooted / abused machines there. Exactly my point! But so many universities and small ISPs are against it with a vengance. Like I keep saying, they are sharing one wall portal. I know go to that keystone, find the hub and then go "Who's is this?" Tell them to clean up their machine because its infected and give them what I knowie: it was ip blah blah or sorry I can't tell you anything because it was coming through your NAT box and all I see is a single IP. Personally, shhh don't tell certain people who I know are lurking on this list :) But I ran a NAT box with 4 machines at one point. An XP box for my general use, an SGI box for development, a linux box for development, and another linux box acting as my ftp server. Andrew --- <[EMAIL PROTECTED]> http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate "Learn from the mistakes of others. You won't live long enough to make all of them yourself."
Re: who offers cheap (personal) 1U colo?
On Sun, 14 Mar 2004, David A. Ulevitch wrote: > Has it been a while since you've been on a resnet? They're bad, but most > all "ResNet's" I know of are now implementing some sort of MAC/DHCP combo > at the very least. The thing to remember is that all rooms are locked until someone is issued a key. So you have someone to blame if the port becomes hot in a dorm room. The public portals are another story and should require some sort of registration. The university I've been hounding for a while now had a problem...They didn't require you to authenticate yourself only when your mac changed, they required you to do it everytime the link status changed on your port. Problems with this are a many... 1. I have a laptop, I turn it off and on a lot...That's quite a bit of logging in and with it being web based with SSL now it makes it even harder for me to automate the login process. 2. Everytime they rebooted a switch, the switch powered off, etc...I'd have to relogin. This would always catch me when I had left my machine online during the day to retreive something remotely while at work. (I can't take a laptop to work with me...but I can download from the net) I go back to my statement time and time again...Who cares if there are 6 people in the room, I issue an honor system referral to ALL parties in the room and let the justice system sort out who was at fault. If they need more information, I'll assign a senior engineer to investigate and pull logs and check machines. Often times the naughty student will fess to their dirty work without requiring the extra work. Less hassle for the general population and less questions when the newbies can't figure out how to login to access the Internet. This login thing can also be extended to colleges who require VPNs for wireless...Way to kill the battery on my ipaq doing all the calculations. Plus it creates major setup complications for the general newbie and I often wonder if its worth the hassle when most universities should worry about the much worse problems like students who are sharing illegal warez. In a corporate environment with confidential data flying around...There better be a VPN on that wireless or one day you are going to have fun explaining to your boss why your new top secret cookie recipe is on IRC. :) I know I'm shooting in the wrong forest but I think some of the practices of universities and supporting small ISPs really needs to be discussed. Some of the IT management folks just don't have a clue because they have never provided carrier class services. As shown with the small ISP who tried to stick hundreds of users behind a small, underpowered firewall...*sigh* I seriously investigated satellite based net access until I found the regulation prohibiting dishes from being outside the window. Andrew --- <[EMAIL PROTECTED]> http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate "Learn from the mistakes of others. You won't live long enough to make all of them yourself."
Re: Packet Kiddies Invade NANOG
Matthew (yes I know it is you), The personal information you have posted regarding my phone number is me. However, the slanderous material and obvious hate/flame statements you made against me are absolutely false. I have not attacked any Internet Service Provider or IRC server in several years. I am and have been retired from the underground for a long while now, despite the constant comments made to the contrary by people who do not represent me in any manner. I admit publically to everyone who may read this posting, that I have made some very stupid decisions in the past and I had hurt alot of people in the process. Despite my attempts to justify my actions, the fact is two wrongs do not make a right. XWB is my dad's personal sole propietership. Not once has anyone involved with XWB ever attempted to represent that business as anything more than a Sole propietership that does web development work for non-profit organizations and small businesses. My father works very hard and your attempt at attacking his character was uncalled for and unnecessary. I do not know what your problem with me is, Matthew, but whatever they are, you need to leave them off of NANOG and the phone calls to my house are not appreciated either. I hope you realize that posting personal information about people, such as phone numbers, addresses, and any other such stuff to a public forum without the consent of the person to whom that information belongs to, is illegal. It is a felony in fact. Your unfounded truthless statements about myself and my father's business are a felony as well and if I wanted to take action, could end in a civil lawsuit against you for libel and slander. Will I take that approach? Probably not, mostly because the people on this list, minus certain people, are for the most part mature, intelligent adults who do not care to take part in flame wars, nor do they listen to slanderous statements made by someone who obviously has some kind of jealousy towards someone to the point that he has to make public unprovoked attacks against that person's character. The people who matter on this list will most likely ignore this thread and what not. Good luck in whatever future endeavor you may take. And this is my only and last response to this thread. Greg -- Original Message -- From: <[EMAIL PROTECTED]> Date: Sun, 14 Mar 2004 14:37:38 -0800 > >Greg, > >Let me spell it out crystal clear so you can understand. Are you, or >are you not, the Gregory >Taylor referenced in the URL's I sent below? > >Albert P. >(signing his real name so Susan won't remove him from the list) > >>maturity in its purest form. >> >>-- Original Message -- >>From: <[EMAIL PROTECTED]> >>Date: Sat, 13 Mar 2004 17:17:42 -0800 >> >>> >>>I've noticed a number of shining stars in the network engineering >>industry >>>have graced us >>>with their presence and infinite wisdom in the past few days, including >>>Gregory Taylor. I >>>can't help but wonder if this is the same who launched multi-gigabit >>>DDoS attacks against >>>IRC servers and major ISP's recently: >>> >>>http://www.geocities.com/osek_owned/ >>>http://www.urbandictionary.com/define.php?term=osek >>> >>>Coincidence? You decide. Better yet, call his mother at 1-253- >>475-1227, >>> and let her know >>>you don't approve of his hacking activities. If enough of us put >>the >>>pressure on, it's possible >>>he'll be grounded, and his computer priviledges will be revoked. >> It's >>>happened before, it can >>>happen again. >>> >>>For those of you wondering, "Xpert Web Builders" (XWB.COM) is bogus. >>> They don't operate a >>>network, they're a sole proprietorship tech support and web dev >>group, >>> run by some clue- >>>challenged kids who don't even have the cashflow needed to invest >>in >>>a post-paid cellular >>>phone. >>> >>>Then there's Andrew Kirch, aka "trelane", who just published a >>fascinating >>>(albeit highly >>>technically inaccurate, and bearing little or no basis in reality) >>> >>>whitepaper on the "script kiddie culture": >>> >>>http://software.newsforge.com/software/04/02/28/0130209.shtml >>> >>>Only problem is, he hangs out on EFNet in #sigdie, a channel known >>in >>>security circles as a >>>place where large-scale DDoS attacks, usually involving 1000's >>of >>>drone nets or otherwise compromised machines, are coordinated. >> Takes >>>one to know one, I >>>guess. The fun doesn't stop there: he's publicly admitted to helping >>> >>>packet IRC servers before! >>> >>>I'm still working on building a rap sheet on Kirch's friend, Brian >>Bruns, >>> and their "Summit >>>Open Source Development Group" (which, by all accounts, is a >>>legitimate-looking front for their not-so-legitimate activities). >> If >>>anyone has any info, mail >>>me privately, and I'll summarize. >>> >>> >>> >>>Concerned about your privacy? Follow this link
Re: who offers cheap (personal) 1U colo?
Andrew Dorsett [3/15/2004 9:52 AM] : Well whats wrong with you setting up a small router and using one IP? The crap I hear most of the time is that they want to only issue one ip per Nothing particularly wrong with it as long as there's some mechanism to zero in on rooted / abused machines there. srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: who offers cheap (personal) 1U colo?
On Mon, 15 Mar 2004, Suresh Ramasubramanian wrote: > And what is wrong with setting up a hub or something in a dormroom? I > find it quite convenient to leave both my PC and a laptop running on my > desk, for various reasons (too many open terminals and windows is one of > them ...) Well whats wrong with you setting up a small router and using one IP? The crap I hear most of the time is that they want to only issue one ip per student unless you pay for more. The other thing is that at a very technical university like ours, a lot of engineers will opt for multiple machines thus much more address space required if only using a hub. The other argument is that they want to make sure they have plenty of capacity by knowing how many users they have and hopefully not multiple machines that they don't know about behind a firewall. Again, more BS because geez each wall portal can spit out 10/100 regardless of how many machines are behind it. Lets not even get into what OS's can really use outta those respective pipes, thats another story. :) Look outside of the university to the small college ISPs. They even actively hunt for cable/dsl routers and turn off ports if they think they have found them. Don't want students cheating their service by wiring up the whole apartment to one cable modem. What a ripoffAnd why ? Because most college students have no clue and are willing to accept it. Plus some apartment complexes have contracts with specific providers that provides a monopoly situation. I miss the good ol days when I worked for the ISP I had access throughAt least then I could remove myself from the restrictions...Guess when I finally move to MD for work I'll have to make friends with someone at Comcast. ;-) Andrew --- <[EMAIL PROTECTED]> http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate "Learn from the mistakes of others. You won't live long enough to make all of them yourself."
Re: who offers cheap (personal) 1U colo?
> And what is wrong with setting up a hub or something in a dormroom? I > find it quite convenient to leave both my PC and a laptop running on my > desk, for various reasons (too many open terminals and windows is one of > them ...) Our ResNet doesn't forbid that in the AUP (yet). They provide the network connection to the person and tie it to a MAC address. If the student can figure out the rest and not abuse it, more power to them. When they complain about not being able to use the network dorm printers they don't get much support though...those are the breaks. I'm not sure if this policy applies to non-resnet users (depts., faculty, staff, etc), but for most issues, the resnet case is the one that matters. -davidu David A. Ulevitch - Founder, EveryDNS.Net Washington University in St. Louis http://david.ulevitch.com -- http://everydns.net
RE: who offers cheap (personal) 1U colo?
> -Original Message- > From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED] > Sent: March 14, 2004 10:16 PM > To: Andrew Dorsett > Cc: Vivien M.; 'North American Noise and Off-topic Gripes' > Subject: Re: who offers cheap (personal) 1U colo? > > And what is wrong with setting up a hub or something in a > dormroom? I > find it quite convenient to leave both my PC and a laptop > running on my > desk, for various reasons (too many open terminals and > windows is one of > them ...) Nothing wrong with it as far as I'm concerned, but IT departments in post-secondary institutions seem/seemed to have a problem with it, for some reason. Perhaps they just figure that two machines means increased potential for abuse (since presumably two people could use the port simultaneously)? Vivien P.S. I do the same thing you do... -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic Network Services, Inc. http://www.dyndns.org/
Re: who offers cheap (personal) 1U colo?
Suresh Ramasubramanian wrote: And what is wrong with setting up a hub or something in a dormroom? I find it quite convenient to leave both my PC and a laptop running on my desk, for various reasons (too many open terminals and windows is one of them ...) I've been trying to figure out what is wrong with that too. At my ex-employers, on of the things they did right is encourage study groups, and with multi-occupant suites, several stations (including one or more printers, plotters, and such) was normal. Most of the residence halls had hubs or small switches available for check-out. Is it the contention that each student should only use one pencil? -- Requiescas in pace o email
Race to the bottom (was Re: who offers cheap (personal) 1U colo?)
On Sun, 14 Mar 2004, Paul Vixie wrote: > Some do. However, without a server that can be impounded and then sold > on E-Bay, there's no reason to think that the provider will have less > abuse volume from such customers than they would have from SMTP AUTH > customers or DSL customers or what-have-you. "Show me the sheet-metal." > I've seen vmware, freebsd jails, linux lvm's. Unless the provider asks > for a USD$1000 deposit against bad behaviour, refundable with interest > after the first year... I don't expect the address space to have a good > enough reputation that *I* would want to be in that neighborhood. The residual value of sheet-metal continues to drop :-) Its not unusual for the cost of disposing of the equipment to be more than the unpaid bills. People who buy cheap, personal colo seem to be equally cheap when it comes to equipment they put in the colo. That assumes the equipment doesn't have other UCC liens on it already. Dell Leasing or Sun Leasing don't care if you use their equipment for abuse. They still expect their money or the equipment back. Many colo providers could tell you stories about problem customers that vanish without a trace. The "collateral value" of the equipment isn't much. > One power user acting alone can sign up for a $50/month 1U personal colo. But first, a well backed company builds the colo, buys the upstream bandwidth, obtain independent ARIN addresses and highly paid support folks to support a single power user paying $50/month. Yep, a race to the bottom exists in the colo space too. > Only a well backed company can solve the "no decent DSL in Sacramento" > problem. (And such a company would most likely be sucked into the "race > to the bottom" by price-competition, so it's a risk at best unless you're > first in a market that's unattractive to larger players.) I assume you are aware that DSL transport is available without Internet access. Ghetto colo providers could terminate DSL transport on their network. Then you would have an IP address of the Ghetto colo provider. You can also terminate DSL transport on your company network. Heck you don't even need to send IP across DSL, you can use it for IPX, Appletak, DECNET, or many other packet protocols. It doesn't sound like colo or a replacement for your cable modem or DSL line would actually meet all your requirements. What you seem to be asking for is how can an individual obtain independent IP address space which various block lists won't block for $50/month. And once you find such a thing, how to prevent "bad people" from taking advantage for your discovery.
Re: your mail
> > This is a topic I get very soap-boxish about. I have too many problems > > with providers who don't understand the college student market. I can > > think of one university who requires students to login through a web > > portal before giving them a routable address. This is such a waste of > > time for both parties. Sure it makes tracking down the abusers much > > easier, but is it worth the time and effort to manage? This is a very > > legitimate idea for public portals in common areas, but not in dorm > rooms. I've been offline for a few days and I'm catching up, so I might be taking this one out of context. If so, I'm sure I'll be flamed appropriately. The University that I work for has one of these "go to a web page and authenticate to get a valid IP" though, admittedly, we only make them authenticate once. What does it take to manage? Just the up front work to put the system in place (which wasn't much). For the small inconvenience of logging in once and the extremely small overhead in maintaining the system, we've found a log of uses. Two examples come to mind. We have the ability to automate the forwarding of DMCA violation notices because we know what human was responsible for the "offense" that occured a few weeks/months back. We also have the ability to contact a human when their system is infected instead of merely shutting their port, waiting for them to call, and hoping that our help desk correlates the "my computer isn't working" with the "this port is shut for a security incident". We might know what dorm room the computer is in, but our rooms sometimes have four people with four to six computers and almost none of our students use their land-line, opting for a cell phone that's not listed in the campus directory... Anyway, knowing what room the computer is in really doesn't provide us much help unless we want someone to walk over there. With a username, we can at least send them an email or put them on a "watch" list for when they call Eric :)
Re: who offers cheap (personal) 1U colo?
> Experiment ... go to a college dorm that's wired, plug your laptop or PC > in, start using the net. > Nine times out of ten you wont' be challenged and you'll be > allowed to use the network. Has it been a while since you've been on a resnet? They're bad, but most all "ResNet's" I know of are now implementing some sort of MAC/DHCP combo at the very least. That might have been true a couple years ago but recent DMCA notices and Worm activity have /forced/ (often by their upstream) ResNet's to clean up their act. I don't think our ResNet is a shining example of excellence by any stretch but they know who is registered behind each port/ip/mac address which gives you a pretty good idea of who is on your network. I won't comment on what leaves the ResNet on port 25 and what leaves the network with no prayer of ever routing back. *cough* That's a whole 'nother issue for them to deal with, and at some point soon, I think they will. -davidu (speaking only for himself) David A. Ulevitch - Founder, EveryDNS.Net Washington University in St. Louis http://david.ulevitch.com -- http://everydns.net
Re: who offers cheap (personal) 1U colo?
Andrew Dorsett [3/15/2004 8:26 AM] : That's protected by port security. Just limit them to one mac address per port. So only the last machine transmitting will get the reply. Works quite well, shut me down for a few days a few years ago when it was first turned on. Most common or garden wireless APs / broadband routers will let you clone the mac address, so this is not exactly difficult to get around And what is wrong with setting up a hub or something in a dormroom? I find it quite convenient to leave both my PC and a laptop running on my desk, for various reasons (too many open terminals and windows is one of them ...) srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: "waste of time"
On Sun, 14 Mar 2004 23:00:01 +0700, "Dr. Jeffrey Race" <[EMAIL PROTECTED]> said: > > On Sun, 14 Mar 2004 08:55:09 -0700 (MST), guy wrote: > >I can think of one university who requires students to login through a web > >> portal before giving them a routable address. This is such a waste of > >> time for both parties. > > Translation: > > "It is too much trouble for us to keep the kids from throwing trash > out the dorm windows, so we'll just let the public pay for cleaning > up our mess every morning." No - go back and re-read what he said. He specifically stated that since we already *know* what port of what switch the user is on, and we know that the other end of the wire is in a specific dorm room, there's no real additional gain in making them authenticate. So a better analogy is "We don't need to go knock on every door on the floor, because we already know the trash is coming out the 3rd window from the end" If it's not a waste of time in that case, it's not a waste of time to do the same thing for *every* user, even if we "already know" what office the cable terminates in. Just out of curiosity, does your site policy require you to authenticate on your office port before you can get out to the rest of the world? (I don't know about your wiring, but our average dorm room wiring is more physically secure (being inside walls and all that) than the cat5 that runs to the docking station I'm on - at least the last 40 feet or so is semi-exposed and easily accessible in the cabling chase at the bottom of the cubicle walls)... (For the record, our general policy is that if we already know where the other end of the wire is, we don't require authentication, but things like the modem pool require a userid/password, and the wireless won't DCHP unless you've registered your MAC address. Yes, I know they're spoofable. Yes, we recognize the issues.. :) Now re-run the whole cost-benefit ratio, and consider that the *biggest* issue for security is *legitimate users* who happen to have acquired some sort of malware on their machine.. pgp0.pgp Description: PGP signature
RE: who offers cheap (personal) 1U colo?
On Sun, 14 Mar 2004, Vivien M. wrote: > credibly argue "But I never read this AUP". The web-based DHCP registration > system prevents that. Ok, I'll give that one to you. :) Got me there hehehe Though now we are making the AUP a part of the freshman orientation session so there are no excuses. Plus they agree to it when they place the installation cd in their drive (if they use the installation cd which many don't) > A) It prevents students (or at least, all but the most clueful) from taking > multiple IPs and having hubs and such in their rooms That's protected by port security. Just limit them to one mac address per port. So only the last machine transmitting will get the reply. Works quite well, shut me down for a few days a few years ago when it was first turned on. > B) It makes it very easy to track what MAC address/IP address is which > person, as you yourself admitted. Sure, this system requires a bit of effort > to set up initially (though I think open source implementations are easily > available), but afterwards, you don't need to have your most clueful network > engineer dig through to try and figure out which room is what IP. If you > lower the clue level required to operate an abuse desk, I would argue you > improve its efficiency in many cases... See this is not something that requires a clueful engineer. Only requires the clueful engineer to create a script that does it all automatically. In fact I've seen the web interface to the whole system. VERY nice. Even tracks changes, so I can tell if the user pulled the cables, swapped ports, did bad stuff and then swapped them back to place the blame on the roommate. I can enter the IP in question and time period and it will then tell me the mac address in question, then it will automatically look up the cable database to return the room, and then it will return the names of the individuals living in the rooms. I argue that the username system has significant problems which can lead to denial of service. What happens when your radius box goes offline? This is what caused me to turn against the offending university. Their authentication box wouldn't stay online and so I'd have to cross my fingers after a reboot to hope that I could get back on the network. > C) It avoids issues of changing ports. Let's say I'm in room 101, and my > friend Bob is in room 102. I take my laptop to Bob's room and plug it into > the network and go and do something dumb... If you hunt down my MAC address > to a particular port, it looks like Bob is the AUP violator. If you have a > registration system, you know that this MAC address belongs to me, not Bob. True true that can happen, but again if I log changes I can tell that someone unplugged their computer and so when Bob gets turned in the judicial system will be able to question what occured...They know it may not be him thats guilty but hopefully he will turn in the offender. > Oh, and what about wireless networks? I have my nice 802.11b card, how do > you propose to track that without MAC registration (or hackish VPN systems, > which are also deployed in some campuses)? As for wireless, well yeah we require you to register the mac off your wireless nic. Only macs that are in the database are allowed access. Sure you can spoof someone elses legitmate mac, but thats a different story. At least I have someone I can blame and let him try to deny it through the judicial system. Andrew --- <[EMAIL PROTECTED]> http://www.andrewsworld.net/ ICQ: 2895251 Cisco Certified Network Associate "Learn from the mistakes of others. You won't live long enough to make all of them yourself."
Re: Fw: Packet Kiddies Invade NANOG
On Sun, 14 Mar 2004 18:48:37 EST, Joshua Brady <[EMAIL PROTECTED]> said: > Even if he is, what you did and said was slanderous, beyond a normal NANOG > flamewar. > Oh please do Susan what he did was already illegal. Contrary to the list charter, quite probably. Illegal? Unclear. It's bordering on the whole slander/libel thing, but in general, truth is an absolute defense against a slander or libel charge. What the actual truth of the matter is, I neither know, nor have any real desire to investigate. pgp0.pgp Description: PGP signature
RE: who offers cheap (personal) 1U colo?
On Sun, 14 Mar 2004, Tim Wilde wrote: : > I have actually. I see an awful lot of services for incoming SMTP : > filtering of spam/viruses, or just to hold the mail while you are offline, : > but haven't seen outgoing SMTP services - which is why I asked :-) : : As I posted earlier in this thread, DynDNS.org's outgoing SMTP service : (available on port 25 and several others as well): : : http://www.dyndns.org/services/mailhop/outbound/ : : Some others I know of off-hand: : : http://www.no-ip.com/services.php/mail/smtp : http://www.smtp.com/ http://www.pobox.com/ - All accounts come with free (but must be enabled in the web admin interface) SASL-authenticated outbound SMTP. "See this mail's headers." I don't mean to rain on Tim's parade, but it's comparably priced ($15/yr). So pick which service provides the pair of things you need: SMTP and dynamic DNS (dyndns.org), or SMTP and aliasing (pobox.com). -- -- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Re: who offers cheap (personal) 1U colo?
--On Sunday, March 14, 2004 19:14 -0600 Stephen Sprunk <[EMAIL PROTECTED]> wrote: Students have an existing legal relationship with the school; they can be required to accept the AUP in writing at some point during the enrollment process. Experiment ... go to a college dorm that's wired, plug your laptop or PC in, start using the net. Assumption here of course is you're not a student there. Nine times out of ten you wont' be challenged and you'll be allowed to use the network. Students also often have friends over that use their systems. Thus you can't assume that every user is a student or faculty. -- Undocumented Features quote of the moment... "It's not the one bullet with your name on it that you have to worry about; it's the twenty thousand-odd rounds labeled `occupant.'" --Murphy's Laws of Combat
Re: who offers cheap (personal) 1U colo?
Stephen Sprunk wrote: Thus spake "Vivien M." <[EMAIL PROTECTED]> Actually, you're forgetting what I think is the biggest reason for doing this: before the user registers via the web-based DHCP thing, they are shown the AUP and have to say they agree to it. If you just leave straight IP connections available in rooms, and people violate the AUP, they can QUITE credibly argue "But I never read this AUP". The web-based DHCP registration system prevents that. Students have an existing legal relationship with the school; they can be required to accept the AUP in writing at some point during the enrollment process. It all comes down to how you view the people on your network--students, faculty, administrators, subscribers, whatever. If they are "customers" you take one set of views and one way of solving problems. If you see them as "lusers", to take another. -- Requiescas in pace o email
Re: who offers cheap (personal) 1U colo?
On Sun, 14 Mar 2004, Stephen Sprunk wrote: > Students have an existing legal relationship with the school; they can be > required to accept the AUP in writing at some point during the enrollment > process. They may have legal relationship with the school but internet service can be considered to be an added service that there is not available until you actually ask for it. This is like parking - there are always some rules and regulations for when you use school garage (usually written on the wall or available from parking attendent), if you dont use the garage and park your car somewhere else (or don't have car at all), you don't have to bother with parking rules. Same for internet access - students don't have to use school internet access, they can buy internet access from some other ISP or they might not have a computer at all. But if they use internet access, they accept rules regarding it - i.e. AUP. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: who offers cheap (personal) 1U colo?
Thus spake "Vivien M." <[EMAIL PROTECTED]> > Actually, you're forgetting what I think is the biggest reason for doing > this: before the user registers via the web-based DHCP thing, they > are shown the AUP and have to say they agree to it. If you just leave > straight IP connections available in rooms, and people violate the AUP, > they can QUITE credibly argue "But I never read this AUP". The > web-based DHCP registration system prevents that. Students have an existing legal relationship with the school; they can be required to accept the AUP in writing at some point during the enrollment process. > Other advantages would be > A) It prevents students (or at least, all but the most clueful) from taking > multiple IPs and having hubs and such in their rooms There's nothing inherently wrong with that. > B) It makes it very easy to track what MAC address/IP address is which > person, as you yourself admitted. Sure, this system requires a bit of effort > to set up initially (though I think open source implementations are easily > available), but afterwards, you don't need to have your most clueful network > engineer dig through to try and figure out which room is what IP. If you > lower the clue level required to operate an abuse desk, I would argue you > improve its efficiency in many cases... Tracking an IP address to a particular switch port via ARP and bridging tables is straightforward; however this relies on detailed cabling plant data. > C) It avoids issues of changing ports. Let's say I'm in room 101, and my > friend Bob is in room 102. I take my laptop to Bob's room and plug it > into the network and go and do something dumb... If you hunt down my > MAC address to a particular port, it looks like Bob is the AUP violator. > If you have a registration system, you know that this MAC address > belongs to me, not Bob. Or, if you use 802.1x, you can skip the MAC registration and identify the user directly each time he logs in. > Oh, and what about wireless networks? I have my nice 802.11b card, > how do you propose to track that without MAC registration (or hackish > VPN systems, which are also deployed in some campuses)? 802.1x S Stephen Sprunk"Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin
Re: who offers cheap (personal) 1U colo?
Thus spake "Christopher L. Morrow" <[EMAIL PROTECTED]> > On Sat, 13 Mar 2004, Stephen Sprunk wrote: > > So DOCSIS has a technical limitation which may or may not apply. This is > > reasonable justification for limiting upstream bandwidth, not for specifying > > that users can't run servers. If users can run servers effectively in the > > limited available upstream bandwidth, then there is no _technical_ reason to > > prevent them. > > how are 'servers' (smtp/web/ftp/imap) different than the existing P2P > apps? Wouldn't a cable provider, if the decision was based on upstream > bandwidth sharing alone, care MORE about P2P than 'servers' ? I don't know how common this is, but my ISP's AUP considers P2P apps to be "servers" and thus banned. I don't use file-sharing apps so this doesn't really affect me, but I'm betting my SIP phone is technically a violation too. S Stephen Sprunk"Stupid people surround themselves with smart CCIE #3723 people. Smart people surround themselves with K5SSS smart people who disagree with them." --Aaron Sorkin
Re: who offers cheap (personal) 1U colo?
On Sun, 14 Mar 2004, Christopher L. Morrow wrote: > > What do you think spews wants? My experience with them has been that > > that's pretty much the only thing that will satisfy them. I have had > > That's funny since we've cleaned up several over the years, yet they are > still listed... and in some cases the listings have expanded. :( Spews > does not provide a decent path to get listings remoevd, and they don't > seem to remove listings if you do show the change. You might want to post to NANAE (or better to new "clean" newsgroup news.admin.net-abuse.blocklisting) and actually say that that such and such customer has been disconnected and or such and such ip block is no longer in use them). Most blacklist administors dont really check on each and every listing every month (although they probably should to keep good lists, but spamhaus maybe the only ones who do it and even with them I'm not sure). In fact one of the reasons I think that some blacklist operators have bad impression on UUNET is that you don't inform what you do and they think you do nothing, while in fact I'm sure its not the case. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: who offers cheap (personal) 1U colo?
On Sun, 14 Mar 2004 [EMAIL PROTECTED] wrote: > > On Sun, 14 Mar 2004, Christopher L. Morrow wrote: > > > There are several blacklists that clearly want more from the ISP than an > > explanation that the offendors are being/were removed... one good example > > is 'spews'. > > What do you think spews wants? My experience with them has been that > that's pretty much the only thing that will satisfy them. I have had That's funny since we've cleaned up several over the years, yet they are still listed... and in some cases the listings have expanded. :( Spews does not provide a decent path to get listings remoevd, and they don't seem to remove listings if you do show the change.
Fw: Packet Kiddies Invade NANOG
- Original Message - From: "Joshua Brady" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Sunday, March 14, 2004 6:44 PM Subject: Re: Packet Kiddies Invade NANOG > > > > > Greg, > > > > Let me spell it out crystal clear so you can understand. Are you, or > > are you not, the Gregory > > Taylor referenced in the URL's I sent below? > > Even if he is, what you did and said was slanderous, beyond a normal NANOG > flamewar. > > > Albert P. > > (signing his real name so Susan won't remove him from the list) > > Oh please do Susan what he did was already illegal. > > > > "Albert P." > > > > Can you take this off-list so we don't have to hear a play school convo? > > Thanks, > > Josh >
Re: who offers cheap (personal) 1U colo?
On Sun, 14 Mar 2004, Christopher L. Morrow wrote: > There are several blacklists that clearly want more from the ISP than an > explanation that the offendors are being/were removed... one good example > is 'spews'. What do you think spews wants? My experience with them has been that that's pretty much the only thing that will satisfy them. I have had customer IPs in spews, and got them removed. "I've" also been collateral damage (at a consulting client's site), which sucks, but that's the stick spews wields. In most cases, that's encouragement enough for a provider to clean up their network or keep it from becoming a mess. Sometimes it's not. > As was pointed out to me by a co-worker: "Linux is not anymore inherently > secure than anyother OS." The difference really comes in the > administration of the pee cee. So, would upgrading joe-random-user to > Linux really make things better for them? (or us?) That is not clear at > all at this point. That's an argument for another list...but the short answer is no, giving JRU who knows nothing about Linux a default install, especially a popular one, say Red Hat, is not much, if any, better. They won't maintain it. It will be hacked. At least it probably won't be done with and then participate in email viruses. -- Jon Lewis [EMAIL PROTECTED]| I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: who offers cheap (personal) 1U colo?
On Sun, 14 Mar 2004, Bohdan Tashchuk wrote: > Question: Why can't a provider sell virtual PC colocation, instead of > physical PC colocation? Several do. We nearly bought a failing one that was doing alot of this with a commercial Linux virtualization product. > So instead of 40 physical machines per rack, why can't it be 80 or 160 > or even more virtual machines, running on 40 physical Linux boxes? I > think the economics could shift significantly under those circumstances. During the short time we managed their network and systems, I had to poke around on a couple of the virtual machines to fix customer issues. I don't remember how many virtual machines they ran per physical machine, but IIRC, they were all P4's with several GB of RAM. Each customer got root and their own IPs on what appeared to them to be a dedicated server. IIRC, Paul was suggesting part of the value in the $50/month colo deal was that customers were motivated to be good else you keep their server or ebay it. You lose that with the virtual private server model...but does anyone actually have in their contract/AUP that AUP violators will forfeit their hardware? We've kicked some spammer colo customers where I'd love to have had such a clause. I only know of one case where we did that...and it was for non-payment. The customer's hardware was worth less than their balance, so they chose to simply write us off. Being located in another country, it wasn't worth the effort to try extracting $ from them. -- Jon Lewis [EMAIL PROTECTED]| I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
RE: who offers cheap (personal) 1U colo?
On Sun, 14 Mar 2004, Brian Bruns wrote: > I have actually. I see an awful lot of services for incoming SMTP > filtering of spam/viruses, or just to hold the mail while you are offline, > but haven't seen outgoing SMTP services - which is why I asked :-) As I posted earlier in this thread, DynDNS.org's outgoing SMTP service (available on port 25 and several others as well): http://www.dyndns.org/services/mailhop/outbound/ Some others I know of off-hand: http://www.no-ip.com/services.php/mail/smtp http://www.smtp.com/ -- Tim Wilde [EMAIL PROTECTED] Systems Administrator Dynamic Network Services, Inc. http://www.dyndns.org/
RE: who offers cheap (personal) 1U colo?
On Sun, March 14, 2004 5:45 pm, Vivien M. said: > > Have you been looking at providers in the right industry? Such services > are > usually offered as addons by people who sell DNS services (especially > dynamic DNS) and other such things designed to make it easier for people > to > run their own servers. They do exist, and as was pointed out earlier in > this > discussion, cost much less than the 1U colo alternative. We do it, and I > know at least one or two others in our industry do... > I have actually. I see an awful lot of services for incoming SMTP filtering of spam/viruses, or just to hold the mail while you are offline, but haven't seen outgoing SMTP services - which is why I asked :-) -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org
RE: who offers cheap (personal) 1U colo?
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Brian Bruns > Sent: March 14, 2004 5:19 PM > To: [EMAIL PROTECTED] > Subject: Re: who offers cheap (personal) 1U colo? > > > Hm, are there companies out there that offer outbound SMTP > services (for people who are blocked, or which need a mail > server thats not blacklisted because their provider isn't > dealing with spam problems)? I never really looked into too > much, but I haven't seen it offered on provider's sites outright. Have you been looking at providers in the right industry? Such services are usually offered as addons by people who sell DNS services (especially dynamic DNS) and other such things designed to make it easier for people to run their own servers. They do exist, and as was pointed out earlier in this discussion, cost much less than the 1U colo alternative. We do it, and I know at least one or two others in our industry do... Vivien -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic Network Services, Inc. http://www.dyndns.org/
Re: Packet Kiddies Invade NANOG
Greg, Let me spell it out crystal clear so you can understand. Are you, or are you not, the Gregory Taylor referenced in the URL's I sent below? Albert P. (signing his real name so Susan won't remove him from the list) >maturity in its purest form. > >-- Original Message -- >From: <[EMAIL PROTECTED]> >Date: Sat, 13 Mar 2004 17:17:42 -0800 > >> >>I've noticed a number of shining stars in the network engineering >industry >>have graced us >>with their presence and infinite wisdom in the past few days, including >>Gregory Taylor. I >>can't help but wonder if this is the same who launched multi-gigabit >>DDoS attacks against >>IRC servers and major ISP's recently: >> >>http://www.geocities.com/osek_owned/ >>http://www.urbandictionary.com/define.php?term=osek >> >>Coincidence? You decide. Better yet, call his mother at 1-253- >475-1227, >> and let her know >>you don't approve of his hacking activities. If enough of us put >the >>pressure on, it's possible >>he'll be grounded, and his computer priviledges will be revoked. > It's >>happened before, it can >>happen again. >> >>For those of you wondering, "Xpert Web Builders" (XWB.COM) is bogus. >> They don't operate a >>network, they're a sole proprietorship tech support and web dev >group, >> run by some clue- >>challenged kids who don't even have the cashflow needed to invest >in >>a post-paid cellular >>phone. >> >>Then there's Andrew Kirch, aka "trelane", who just published a >fascinating >>(albeit highly >>technically inaccurate, and bearing little or no basis in reality) >> >>whitepaper on the "script kiddie culture": >> >>http://software.newsforge.com/software/04/02/28/0130209.shtml >> >>Only problem is, he hangs out on EFNet in #sigdie, a channel known >in >>security circles as a >>place where large-scale DDoS attacks, usually involving 1000's >of >>drone nets or otherwise compromised machines, are coordinated. > Takes >>one to know one, I >>guess. The fun doesn't stop there: he's publicly admitted to helping >> >>packet IRC servers before! >> >>I'm still working on building a rap sheet on Kirch's friend, Brian >Bruns, >> and their "Summit >>Open Source Development Group" (which, by all accounts, is a >>legitimate-looking front for their not-so-legitimate activities). > If >>anyone has any info, mail >>me privately, and I'll summarize. >> >> >> >>Concerned about your privacy? Follow this link to get >>FREE encrypted email: https://www.hushmail.com/?l=2 >> >>Free, ultra-private instant messaging with Hush Messenger >>https://www.hushmail.com/services.php?subloc=messenger&l=434 >> >>Promote security and make money with the Hushmail Affiliate Program: >> >>https://www.hushmail.com/about.php?subloc=affiliate&l=427 >> > > Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Free, ultra-private instant messaging with Hush Messenger https://www.hushmail.com/services.php?subloc=messenger&l=434 Promote security and make money with the Hushmail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427
Re: who offers cheap (personal) 1U colo?
On Sunday, March 14, 2004 4:58 PM [EST], Janet Sullivan <[EMAIL PROTECTED]> wrote: > > My cable modem provider filters port 25, so I can't run my own SMTP > server. Their mail servers suck. Yes, I could pay for a business class > cable modem connection and they'd unblock the port... but I'd likely > still be filtered. > > Guess who is having a dedicated 1U set up right now? ;-) > > I think Paul is right, there is a small niche market for this. Hm, are there companies out there that offer outbound SMTP services (for people who are blocked, or which need a mail server thats not blacklisted because their provider isn't dealing with spam problems)? I never really looked into too much, but I haven't seen it offered on provider's sites outright. I was considering setting up a service like this (we have 2-3 outbound mail relay servers that are sitting idle because we don't need them yet), but wasn't sure how interested people would be. Like, say, setup a service that offers people the ability to send outbound mail through based on IP ACLs, possibly SMTP AUTH, TLS/SSL certs, and other things which could authenticate the sender, and have it accept SMTP on various other non-25 ports. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: who offers cheap (personal) 1U colo?
Paul Vixie wrote: every time i tell somebody that they shouldn't bother trying to send e-mail from their dsl or cablemodem ip address due to the unlikelihood of a well staffed and well trained and empowered abuse desk defending the reputation of that address space, i also say "buy a 1U and put it someplace with a real abuse desk, and use your dsl or cablemodem to tunnel to that place." My cable modem provider filters port 25, so I can't run my own SMTP server. Their mail servers suck. Yes, I could pay for a business class cable modem connection and they'd unblock the port... but I'd likely still be filtered. Guess who is having a dedicated 1U set up right now? ;-) I think Paul is right, there is a small niche market for this.
Re: who offers cheap (personal) 1U colo?
Christopher L. Morrow wrote: how are 'servers' (smtp/web/ftp/imap) different than the existing P2P apps? Wouldn't a cable provider, if the decision was based on upstream bandwidth sharing alone, care MORE about P2P than 'servers' ? But the decision is a business decision, because you can make "businesses" pay more for something that can run servers. And it´s harder to kludge smtp/http/etc. to work where servers are not permitted as p2p works by default. Pete
Re: who offers cheap (personal) 1U colo?
On Sun, 14 Mar 2004, Paul Vixie wrote: > > [EMAIL PROTECTED] (Sean Donelan) writes: > > > If the block list operators think it is a "dialup" range, they > > pre-emptively block all the addresses in the range. > > providers who refuse to enter the "race to the bottom" can get their > dialup blocks delisted from any blackhole list operator i know of, > just by demonstrating clue and conviction. There are several blacklists that clearly want more from the ISP than an explanation that the offendors are being/were removed... one good example is 'spews'. > > > It has very little to do with the quality of the ISP's abuse desk. > > long term, it does. my sister is in sbc-dsl territory and before i > linuxed her and tunneled her, i had a terrible time getting e-mail from > her. the /24 that her nat/dsl box got by dhcp had a dozen open proxies > in it. sbc's abuse desk sure as hell didn't want to hear from me about > it and the owners of the infected pee cee's wouldn't've wanted to hear > from me even if i'd had some way to identify them and offer them a free > linux upgrade if they'd just open their front door and lead me to their > pee cee. As was pointed out to me by a co-worker: "Linux is not anymore inherently secure than anyother OS." The difference really comes in the administration of the pee cee. So, would upgrading joe-random-user to Linux really make things better for them? (or us?) That is not clear at all at this point. Certianly the point central to your arguement is that with the right abuse-desk to customer ratio AND the right customer base, things could be kept clean for smtp/web/ftp/blah 'hosting'. This is most certainly the case... I look forward to seeing your list of providers and prices :) --Chris (formerly [EMAIL PROTECTED]) ### ## UUNET Technologies, Inc. ## ## Manager ## ## Customer Router Security Engineering Team ## ## (W)703-886-3823 (C)703-338-7319 ## ###
Re: who offers cheap (personal) 1U colo?
On Sat, 13 Mar 2004, Stephen Sprunk wrote: > Thus spake "Steven M. Bellovin" <[EMAIL PROTECTED]> > > filter, and the upstream repeaters are fed by a low-pass filter. If > > too many people are fielding home servers, it affects everyone. > > So DOCSIS has a technical limitation which may or may not apply. This is > reasonable justification for limiting upstream bandwidth, not for specifying > that users can't run servers. If users can run servers effectively in the > limited available upstream bandwidth, then there is no _technical_ reason to > prevent them. how are 'servers' (smtp/web/ftp/imap) different than the existing P2P apps? Wouldn't a cable provider, if the decision was based on upstream bandwidth sharing alone, care MORE about P2P than 'servers' ? > > Other last-mile technologies provide symmetric bandwidth yet providers still > prohibit servers; this is clearly a business issue, not a technical one. > Correct, or so it would seem... the cable modem providers can charge you more for a 'business class' service, which allows 'servers' to be hosted. --Chris (formerly [EMAIL PROTECTED]) ### ## UUNET Technologies, Inc. ## ## Manager ## ## Customer Router Security Engineering Team ## ## (W)703-886-3823 (C)703-338-7319 ## ###
Re: who offers cheap (personal) 1U colo?
On Sun, Mar 14, 2004 at 01:29:29AM -0500, Andrew Dorsett wrote: > This is a topic I get very soap-boxish about. I have too many problems > with providers who don't understand the college student market. I can > think of one university who requires students to login through a web > portal before giving them a routable address. This is such a waste of > time for both parties. Sure it makes tracking down the abusers much > easier, but is it worth the time and effort to manage? This is a very In the UK it certainly does. To absolve ourselves of liability for misuse 'net access must be from an 'identifiable' user. This is part of our institution-wide security policy. > legitimate idea for public portals in common areas, but not in dorm rooms. > In a dorm room situation or an apartment situation, you again know the > physical port the DHCP request came in on. You then know which room that > port is connected to and you therefore have a general idea of who the > abuser is. So whats the big deal if you turn off the ports to the room > until the users complain and the problem is resolved? That's all very well if you have switches which can do DHCP option 82 but most educational institutions have strict budgets to work to, which may involve reuse of older kit which was previously used for core academic purposes. > I guess this requires very detailed cable map databases and is something > some providers are relunctant to develop. Scary thought. I'd say having a login system which identifies the user is considerably less difficult than maintaining a very extensive database of cable patches which will inevitably get out of date (think replacement of dead switches...) within a very short timeframe. It's much easier to index an abuse report from an IP directly to a username, there's less room for argument and error. Functionally, this is the way most broadband access networks are run anyway, username/password gets you the PPPoA or PPPoE session. W
Re: who offers cheap (personal) 1U colo?
Paul Vixie wrote: >>>it would be marketing suicide to offer a different dsl-dhcp ip address >>>to people willing to pay enough to budget for an abuse desk. >>You're wrong here. It can be done, and it can be done profitably. > Looks like you didn't read what you quoted. I know it can be done profitably > but I also know that offering two price-levels of DSL, one with an abuse desk > capable of calling you and telling you your XP box has been rooted and talking > you through Windows Update; the other with a tailgate warranty -- this would > be "marketing suicide" since the irresponsibility of the latter would become > intolerable if it were thusly highlighted. No, you're presenting a false dichotomy. A provider can provide a first-rate abuse desk, and still be price competitive. It can be done. It requires a fair amount of clue level in the ISP, but it most definitely can be done. -- Jeff McAdams "He who laughs last, thinks slowest." -- anonymous signature.asc Description: OpenPGP digital signature
Re: who offers cheap (personal) 1U colo?
(Three replies here.) [EMAIL PROTECTED] (Bohdan Tashchuk) writes: > ... > Question: Why can't a provider sell virtual PC colocation, instead of > physical PC colocation? Some do. However, without a server that can be impounded and then sold on E-Bay, there's no reason to think that the provider will have less abuse volume from such customers than they would have from SMTP AUTH customers or DSL customers or what-have-you. "Show me the sheet-metal." I've seen vmware, freebsd jails, linux lvm's. Unless the provider asks for a USD$1000 deposit against bad behaviour, refundable with interest after the first year... I don't expect the address space to have a good enough reputation that *I* would want to be in that neighborhood. [EMAIL PROTECTED] (Jim Popovitch) writes: > Here to: http://www.interland.com/shared/, and for less than $50 per > month. I have had nothing but excellent experience with them. InterLand has essentially got no abuse desk. My complaints to them about their customers mostly go unanswered. Blackholing them here has been my only recourse. Maybe you'd want to live in that kind of neighborhood, but not I. (Tell me an address block and I'll show you my lartomatic records.) [EMAIL PROTECTED] (Jeff McAdams) writes: > I'm sorry, Paul, but the "$50/month 1U colo business" that you keep > going on about is, at best, a niche market. It is not, and will not be, > a substitute for DSL/Cable. I'm not presenting it as a substitute for DSL/Cable. I'm sure that many thousands of BSD-aware or Linux-aware power users will continue to love the price-performance ratio of DSL/Cable a lot more than they loved their modems. However, I'm calling a spade a spade -- DSL/Cable is usually just a replacement for a modem, and you'd better plan on having "someplace real" on the other side of that "modem" to have as your full time "living space". > At best, it will be in addition to DSL/Cable, which means an extra > expense for customers, which means that it will never be more than a > niche. I think we're in a same-planet-different-worlds scenario here. Because less than 1% of the internet population is capable of administering their own 1U (or virtual machine or whatever) running BSD or Linux, this whole thing is already a niche, irrespective of costs. (I'd've thought that was obvious.) > Other's have said, and they are absolutely right, that there is no real > technical difference between a DSL line with a static IP, and a colo box. And others were wrong, when they said that. See George Herbert's excellent "Message-Id: <[EMAIL PROTECTED]>" for a fine rebuttal. > There are ISPs out there that are providing clueful DSL service, > including allowing servers on it, with aggressive abuse response, at > competitive price points. It can be, and is being, done. Its rare, yes, > but it can be found. In a minority of markets, that's true, and I hope that more such appear. > So, the argument that we need to all start selling "$50/month 1U colo > boxes" because responsible DSL service can't be done is bogus. One power user acting alone can sign up for a $50/month 1U personal colo. Only a well backed company can solve the "no decent DSL in Sacramento" problem. (And such a company would most likely be sucked into the "race to the bottom" by price-competition, so it's a risk at best unless you're first in a market that's unattractive to larger players.) > > it would be marketing suicide to offer a different dsl-dhcp ip address > > to people willing to pay enough to budget for an abuse desk. > > You're wrong here. It can be done, and it can be done profitably. Looks like you didn't read what you quoted. I know it can be done profitably but I also know that offering two price-levels of DSL, one with an abuse desk capable of calling you and telling you your XP box has been rooted and talking you through Windows Update; the other with a tailgate warranty -- this would be "marketing suicide" since the irresponsibility of the latter would become intolerable if it were thusly highlighted. -- Paul Vixie
The College Student Market
Andrew Dorsett wrote: On Sun, 14 Mar 2004, Sean Donelan wrote: A student in a college dorm room with an uncontrolled DHCP address may not be able to run a server, even though they have more than enough symetric Gig-ethernet bandwidth and you know what dorm it is physically located because all student servers look alike. On the other hand, a mobile This is a topic I get very soap-boxish about. I have too many problems with providers who don't understand the college student market. I can think of one university who requires students to login through a web portal before giving them a routable address. This is such a waste of time for both parties. Sure it makes tracking down the abusers much easier, but is it worth the time and effort to manage? This is a very legitimate idea for public portals in common areas, but not in dorm rooms. In a dorm room situation or an apartment situation, you again know the physical port the DHCP request came in on. You then know which room that port is connected to and you therefore have a general idea of who the abuser is. So whats the big deal if you turn off the ports to the room until the users complain and the problem is resolved? I guess this requires very detailed cable map databases and is something some providers are relunctant to develop. Scary thought. Andrew I'm curious about the concept of "College Student Market". We have several thousand students in our dorms who only have two choices for Internet service - our dedicated Ethernet or their dial-up (which they would have to pay for). We firewall them, packet shape them and don't pay much attention when they saturate their router. Housing has a choice to use campus services or go outside for Internet service - a much more expensive choice considering the amount they pay the campus. We respond to complaints about abusers on the ResNet by first disabling the port. This is considered a strike against the resident for an AUP violation. In theory, three strikes and they're out. After we upgrade the ResNet equipment, we're planning on 802.1x authentication on the port. I'm toying with suggesting certificates so we can simply revoke a cert if someone is a serious abuser which could (in theory) deny their workstation (laptop in most cases) access to the campus network. The problem with this idea is the amount of overhead required to manage the certificate infrastructure. As to the question of "is it worth the time and effort to manage", I think yes. When the SQL Slammer worm hit last year, I put blocks at the border and blocks between subnets to contain the problem as best I could for two reasons (well, could be more but this is all I'm going to point out): 1 - Maintaining the usability of the campus network. 2 - Protecting the Internet in general from us. How many ISP's care about either? How many won't do either because it would affect their bottom line? Back to the original topic. We have a fairly good cable map. We can track DHCP and can even black hole a MAC address so it can't get an address. Why would we want a user to authenticate to the network? It adds accountability and a little more paranoia that if they do something they shouldn't, they'll get caught and we'll turn them off. Remember: If you ask a student about their Internet access, you'll hear that it's free and they shouldn't be restricted as to what they can do. Ken
RE: who offers cheap (personal) 1U colo?
> -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > Behalf Of Andrew Dorsett > Sent: March 14, 2004 1:29 AM > To: North American Noise and Off-topic Gripes > Subject: Re: who offers cheap (personal) 1U colo? > > > This is a topic I get very soap-boxish about. I have too > many problems with providers who don't understand the college > student market. I can think of one university who requires > students to login through a web portal before giving them a > routable address. This is such a waste of time for both > parties. Sure it makes tracking down the abusers much > easier, but is it worth the time and effort to manage? This > is a very legitimate idea for public portals in common areas, > but not in dorm rooms. In a dorm room situation or an > apartment situation, you again know the physical port the > DHCP request came in on. You then know which room that port > is connected to and you therefore have a general idea of who > the abuser is. So whats the big deal if you turn off the > ports to the room until the users complain and the problem is > resolved? Actually, you're forgetting what I think is the biggest reason for doing this: before the user registers via the web-based DHCP thing, they are shown the AUP and have to say they agree to it. If you just leave straight IP connections available in rooms, and people violate the AUP, they can QUITE credibly argue "But I never read this AUP". The web-based DHCP registration system prevents that. Other advantages would be A) It prevents students (or at least, all but the most clueful) from taking multiple IPs and having hubs and such in their rooms B) It makes it very easy to track what MAC address/IP address is which person, as you yourself admitted. Sure, this system requires a bit of effort to set up initially (though I think open source implementations are easily available), but afterwards, you don't need to have your most clueful network engineer dig through to try and figure out which room is what IP. If you lower the clue level required to operate an abuse desk, I would argue you improve its efficiency in many cases... C) It avoids issues of changing ports. Let's say I'm in room 101, and my friend Bob is in room 102. I take my laptop to Bob's room and plug it into the network and go and do something dumb... If you hunt down my MAC address to a particular port, it looks like Bob is the AUP violator. If you have a registration system, you know that this MAC address belongs to me, not Bob. Oh, and what about wireless networks? I have my nice 802.11b card, how do you propose to track that without MAC registration (or hackish VPN systems, which are also deployed in some campuses)? [Note: most of the argument above assumes that people are not clueful enough to change their MAC address, of course... And I would argue that most college students are too busy getting drunk or saturating networks with P2P software to figure this out] Vivien -- Vivien M. [EMAIL PROTECTED] Assistant System Administrator Dynamic Network Services, Inc. http://www.dyndns.org/
RE: who offers cheap (personal) 1U colo?
I don't think you find ANY significant provider that does not have network blocks listed in block lists. -Original Message- From: Bob Snyder [mailto:[EMAIL PROTECTED] Sent: Sunday, March 14, 2004 11:51 AM To: [EMAIL PROTECTED] Subject: Re: who offers cheap (personal) 1U colo? netadm wrote: >http://www.serverpronto.com > > > Given the thread was started for people who want to get a server for mail clear of blocklists, why would I want to use a provider on a number of blocklists per http://www.openrbl.org/, including a SBL/ROKSO listing? Bob
Re: who offers cheap (personal) 1U colo?
netadm wrote: http://www.serverpronto.com Given the thread was started for people who want to get a server for mail clear of blocklists, why would I want to use a provider on a number of blocklists per http://www.openrbl.org/, including a SBL/ROKSO listing? Bob
"waste of time"
On Sun, 14 Mar 2004 08:55:09 -0700 (MST), guy wrote: >I can think of one university who requires students to login through a web >> portal before giving them a routable address. This is such a waste of >> time for both parties. Translation: "It is too much trouble for us to keep the kids from throwing trash out the dorm windows, so we'll just let the public pay for cleaning up our mess every morning."
[no subject]
On Sun, 14 Mar 2004, Andrew Dorsett wrote: > > This is a topic I get very soap-boxish about. I have too many problems > with providers who don't understand the college student market. I can > think of one university who requires students to login through a web > portal before giving them a routable address. This is such a waste of > time for both parties. Sure it makes tracking down the abusers much > easier, but is it worth the time and effort to manage? This is a very > legitimate idea for public portals in common areas, but not in dorm rooms. Andrew, Doing this is an effective way to introduce an AUP policy to the students. Something to the effect of, "By clicking here, you agree not to do X Y and Z" and other provisions that will not be read by 99.9% of the students/renters. However, by doing this, if need be at a future time, shutting off service for AUP violations is much easier. Guy
Re: Counter DoS
On Sun, 14 Mar 2004, Petri Helenius wrote: > With the amount of clue present, it´s unlikely that the upstream bandwidth in > US or most of Europe will grow substantially over the next five years. Heh, thats the kind of quote that comes back to haunt you 5 years down the line :) Steve
Re: who offers cheap (personal) 1U colo?
Paul Vixie wrote: > [EMAIL PROTECTED] (Sean Donelan) writes: >>If the block list operators think it is a "dialup" range, they >>pre-emptively block all the addresses in the range. > that's because at $30/month there's no budget for a "dialup" provider > to call their worm-infested customers one at a time and talk them > through "Windows Update", and the "free" "antivirus" software they > include on their customer cdroms is crippleware or adware or both. > providers who refuse to enter the "race to the bottom" can get their > dialup blocks delisted from any blackhole list operator i know of, > just by demonstrating clue and conviction. You're naive on this. There are enough of these blacklists, and many of them are totally unresponsive to an ISP's assertions (and empirical evidence) of aggressive handling of abuse. I know because I've tried to do this. An ISP *cannot* effectively change the status of these IP blocks...even with empirical evidence of dealing with abuse. It just doesn't happen. >>... But large DSL or cable address ranges, even if the addresses are >>statically assigned to specific customers, are pre-emptively blocked. > there's a sound statistical basis for this. and a strong abuse desk > (which would show up as higher-than-$30/month-fees) would change those > statistics and improve the reputation of that "kind" of address space. But you were just arguing above that it wasn't a statistical situation, and that a provider to get unlisted from these blacklists. Now you're arguing that its a statistical thing, therefore it *doesn't* have to do with the empirical actions of the ISP. This second argument is the correct one, FWIW. Its statistical, and an individual ISP effectively cannot influence their listings on the blacklists. > rather, i think that your employer and other dsl providers ought to get > into the $50/month 1U colo business and market this to their power users > and budget for a strong abuse desk for the small amounts of address space > used by that function. (and if you do, please send me the URL and details.) I'm sorry, Paul, but the "$50/month 1U colo business" that you keep going on about is, at best, a niche market. It is not, and will not be, a substitute for DSL/Cable. At best, it will be in addition to DSL/Cable, which means an extra expense for customers, which means that it will never be more than a niche. Other's have said, and they are absolutely right, that there is no real technical difference between a DSL line with a static IP, and a colo box. There are ISPs out there that are providing clueful DSL service, including allowing servers on it, with aggressive abuse response, at competitive price points. It can be, and is being, done. Its rare, yes, but it can be found. So, the argument that we need to all start selling "$50/month 1U colo boxes" because responsible DSL service can't be done is bogus. > it would be marketing suicide to offer a different dsl-dhcp ip address > to people willing to pay enough to budget for an abuse desk. You're wrong here. It can be done, and it can be done profitably. -- Jeff McAdams "He who laughs last, thinks slowest." -- anonymous signature.asc Description: OpenPGP digital signature
RE: who offers cheap (personal) 1U colo?
http://www.serverpronto.com -Original Message- From: Todd Vierling [mailto:[EMAIL PROTECTED] Sent: Sunday, March 14, 2004 8:56 AM To: Simon Lockhart Cc: [EMAIL PROTECTED] Subject: Re: who offers cheap (personal) 1U colo? On Sun, 14 Mar 2004, Simon Lockhart wrote: : If someone can point me to Virtual Solaris Machine, then I'd willingly offer : that as a service (the colo I help run as a "hobby" is Sun only). : : The reason people are doing it on Linux is that it's available. (And, in the : case of LVM, free) mmm, NetBSD. Runs on all of x86, amd64, and sparc64 hardware, and runs Linux and Solaris binaries (for the appropriate processor type). RAIDframe is free and included in the base system too. 8-) -- -- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Re: who offers cheap (personal) 1U colo?
On Sun, 14 Mar 2004, Simon Lockhart wrote: : If someone can point me to Virtual Solaris Machine, then I'd willingly offer : that as a service (the colo I help run as a "hobby" is Sun only). : : The reason people are doing it on Linux is that it's available. (And, in the : case of LVM, free) mmm, NetBSD. Runs on all of x86, amd64, and sparc64 hardware, and runs Linux and Solaris binaries (for the appropriate processor type). RAIDframe is free and included in the base system too. 8-) -- -- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
Re: who offers cheap (personal) 1U colo?
Why shouldn't an individual be able to operated a server on their DSL or cable modem connection? Because DSL and cable moden networks have evolved into lowest-cost, widest-reach service networks designed to allow anyone with $30 access to a relatively fat pipe. As a result those networks have turned into rich sources of net garbage, and most clueful network operators have taken to defending themselves against this torrent of silliness. So, I suppose that the question is not so much of one being "allowed" to run a server on an xDSL or cable link, but of the real world effectiveness of doing so. Why prevent people from running servers on DSL and cable modem connections, yet say they could run an identical server in a colo? Why is one unsafe, and the other is considered Ok? Nothing is 100% safe, but I'd much rather accept unrestricted traffic from a network with 1000 customers and 2 geek engineers than from a network with 1,000,000 customers and 25 engineers on staff wading through mountains of abuse reports. At least at the smaller, more "geek intensive" level, there is a greater ability to deal with mischief in a timely and decisive fashion. -- Drew Linsalata The Gotham Bus Company, Inc. Colocation and Dedicated Access Solutions http://www.gothambus.com
Re: who offers cheap (personal) 1U colo?
On Sun, 2004-03-14 at 06:31, Simon Lockhart wrote: > On Sun Mar 14, 2004 at 02:42:20AM -0800, Bohdan Tashchuk wrote: > > Is some hosting company already doing this? > > http://www.bytemark-hosting.co.uk/ Here to: http://www.interland.com/shared/, and for less than $50 per month. I have had nothing but excellent experience with them. -Jim P.
Re: Counter DoS
Joel Jaeggli wrote: When pricing structures and deployment of broadband in the US approaches that of Korea and Japan, I think you'll find that that isn't the case in the US anymore. If you have two items, travelling at different speeds and the one ahead goes faster, they never approach each other but the distance grows. Both go forward though. So I fail to see the problem. Most US broadband or semi-broadband users are on infrastructure which cannot be reasonably upgraded to the bandwidth offered in South Korea without forklift upgrades and digging up the streets. With the amount of clue present, it´s unlikely that the upstream bandwidth in US or most of Europe will grow substantially over the next five years. Pete
Re: who offers cheap (personal) 1U colo?
On Sun Mar 14, 2004 at 01:48:44PM +0200, Petri Helenius wrote: > Any which would offer operating systems where the source is not full of > four letter words and license being questionable with some bowing to the > legal action already? Or is it just fashionable to restrict an operation > to Linux? If someone can point me to Virtual Solaris Machine, then I'd willingly offer that as a service (the colo I help run as a "hobby" is Sun only). The reason people are doing it on Linux is that it's available. (And, in the case of LVM, free) Simon
Re: who offers cheap (personal) 1U colo?
Simon Lockhart wrote: On Sun Mar 14, 2004 at 02:42:20AM -0800, Bohdan Tashchuk wrote: Is some hosting company already doing this? http://www.bytemark-hosting.co.uk/ Simon Any which would offer operating systems where the source is not full of four letter words and license being questionable with some bowing to the legal action already? Or is it just fashionable to restrict an operation to Linux? Pete
Re: who offers cheap (personal) 1U colo?
On Sun Mar 14, 2004 at 02:42:20AM -0800, Bohdan Tashchuk wrote: > Is some hosting company already doing this? http://www.bytemark-hosting.co.uk/ Simon -- Simon Lockhart | Tel: +44 (0)1628 407720 (x(01)37720) | Si fractum Technology Manager | Fax: +44 (0)1628 407701 (x(01)37701) | non sit, noli BBC Internet Ops | Email: [EMAIL PROTECTED]| id reficere BBC Technology, Maiden House, Vanwall Road, Maidenhead. SL6 4UB. UK
Re: who offers cheap (personal) 1U colo?
> $50/month at 40U rentable is $2000/rack/month if it's full. > after paying for 60A of power and 50Mbits/sec of transit > and whatever the rack rents for, the provider's gross margin > will be between 25% and 50%, out of which they have to pay > salaries. as a standalone business this makes no sense, but > at scale or as part of another business, $50/month @1U is > just about right. I've only seen a few comments on the business aspect of this, so I'd like to throw my two cents in. Given: at least certain Linux distributions are free to copy Given: the various BSD distributions are all free to copy Given: vmware workstation is a relatively low-cost product Given: Linux and BSD run in virtual machines on Vmware on Linux Question: Why can't a provider sell virtual PC colocation, instead of physical PC colocation? So instead of 40 physical machines per rack, why can't it be 80 or 160 or even more virtual machines, running on 40 physical Linux boxes? I think the economics could shift significantly under those circumstances. For personal colo the virtual CPU would probably be idle at least 99% of the time. My home servers usually are. Which means that when hosting 4 typical virtual machines a real CPU would still be mostly idling. Also a small IDE drive now is about 120 GB. Divide that by 4 and each colo still has 30 GB of disk space, more than enough for most needs. The hardware cost per "machine" certainly goes down, and other than the vmware licenses the OS software is "free", either BSD licensed free or GPL licensed "free". Either is good enough for this purpose. Is some hosting company already doing this?
Re: who offers cheap (personal) 1U colo?
On Sun, Mar 14, 2004 at 12:10:01AM -0800, George William Herbert wrote: > I do not know that there are several racks full of people > like me, even in the SF Bay area, but I would be willing > to bet that the answer is yes. What would be nice is someone who charges you for bandwidth, not for data transfered. There's an excellent company in the UK who do exactly this: www.mailbox.net.uk for ~UKP65 a month you can get 256kb/s in 2U. Something needs to be developed along these lines: 256kb/s sustained = ~80gbyte month transfered. The current bandwidth limit should be calculated such that based on how much I've used since the start of the month, my bw cap would go up or down to keep me on the average to end at 80gbyte. Example: If I only use 128k/s sustained for 15 days (total 20Gb), for the last 15 days I should be allowed to use ~384kb/s so that I end exactly at my allotted 80Gb, no more. Now *that* would be useful. -- Avleen Vig Systems Administrator Personal: www.silverwraith.com EFnet:irc.mindspring.com (Earthlink user access only)
Re: who offers cheap (personal) 1U colo?
There are other good reasons to colo a server rather than have it at home: 1) Colo facility easier to get generator and *real* UPS lifetime for at affordable rates. 2) Colo facility upstream networking not subject to the whims of increasingly incompetent broadband providers. 3) Colo facility can have redundant networking a lot cheaper than home users (and simpler... trying to get BGP fed up a DSL link of any budget, to have truly redundant networking at home, isn't possible that I know of, and is increasingly difficult with full budget T-1s unless you know someone). And last but not least: 4) Proper quality servers make more noise than I want in my office at home. I have been paying order of $200/month for reasonably high end home internet since the days when that was Netcom and a 14.4k dialup modem and a Class C, though I now get much more bandwidth. Due to service level declines I have been looking into redundant connectivity. But the options suck. Precisely as Paul points out, me taking my Sun V100 and sticking it in someone else's rack, were it $50/month, would be an *excellent* solution for me on all levels. I do not know that there are several racks full of people like me, even in the SF Bay area, but I would be willing to bet that the answer is yes. -george william herbert [EMAIL PROTECTED]
