Re: Spamcop
JC Dill wrote: It could also simply be a mistake. The inet-access list was once reported as a spam source by a happy subscriber who was busy reporting hundreds (or thousands?) of spams and clicked /included a list post by accident. -- p.s. Please do not cc me on replies to the list. Please reply to the list only, or to me only (as you prefer) but not to both. I'm going to join the guessing game and guess that some scoring system scored on uncommon words (hierarchical), trigger words (credit), and the number of Cc: entries (I did not count the ones in the original, the complaint had a bitch-list 4 or five long, some of the responses to it have 8 or 10 Cc:'s I think--I did not count them either), the origin (Road Runner) and so on and reached the conclusion of 'spam'. Welcome to the world where email has been taken away from us. -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: Spamcop
Possible someone on the list didn't understand the content, didn't realize this was sent via a mailing lists and submitted this as a spam message to SPAMCOP. Less likely someone didn't know how to get off the mailing list and this was the result. In both cases the submitter exercised bad judgement. But the mailing list could be more helpful as well. There have been no reminders from the mailing list since I signed up which I think is a good policy for a mailing list. The mailing list only uses Precedence: bulk to mark it as a mailing list. That said, this is a case of misjudgment, albeit perhaps a premature and a hasty one. Rgds, -GSH - Original Message - From: Vicky Rode [EMAIL PROTECTED] To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 6:51 PM Subject: Spamcop Hi there, Just wondering why was my e-mail thread (Hierarchical Credit-based Queuing (HCQ): QoS) dated 5/9/2004 9:36 PM reported as a spam? Just trying to understand so that I don't repeat it. Below is a cut and paste of the reported incident. Please advice. regards, /vicky cut here -- Return-Path: [EMAIL PROTECTED] Received: from vamx01.mgw.rr.com ([24.28.193.148]) by acme-reston.va.rr.com (Post.Office MTA v3.5.3 release 223 ID# 0-59787U25L25S0V35) with SMTP id com for [EMAIL PROTECTED]; Mon, 10 May 2004 10:42:14 -0400 Received: from vmx2.spamcop.net (vmx2.spamcop.net [206.14.107.117]) by vamx01.mgw.rr.com (8.12.10/8.12.8) with ESMTP id i4AEkwhn017175 for [EMAIL PROTECTED]; Mon, 10 May 2004 10:47:01 -0400 (EDT) Received: from sc-app3.verio.ironport.com (HELO spamcop.net) (192.168.11.203) by vmx2.spamcop.net with SMTP; 10 May 2004 07:47:00 -0700 Received: from [68.13.211.63] by spamcop.net with HTTP; Mon, 10 May 2004 14:47:01 GMT From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SpamCop (24.30.181.126) id:988145978]Hierarchical Credit-based Queuing (HCQ): QoS Precedence: list Message-ID: [EMAIL PROTECTED] Date: Sun, 9 May 2004 21:36:30 -0700 (PDT) X-SpamCop-sourceip: 24.30.181.126 X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705) via http://www.spamcop.net/ v1.3.4 X-Virus-Scanned: Symantec AntiVirus Scan Engine [ SpamCop V1.3.4 ] This message is brief for your comfort. Please use links below for details. Email from 24.30.181.126 / Sun, 9 May 2004 21:36:30 -0700 (PDT) http://www.spamcop.net/w3m?i=z988145978zab5cec781dcfa15ae459c11bd03b7bef z [ Offending message ] Return-path: owner-x Envelope-to: x Delivery-date: Mon, 10 May 2004 00:39:15 -0400 Received: from [198.108.1.26] (helo=trapdoor.merit.edu) by wilma.widomaker.com with esmtp (Exim 3.36 #1) id 1BN2ZP-000Jo6-00 for x; Mon, 10 May 2004 00:39:15 -0400 Received: by trapdoor.merit.edu (Postfix) id B68EC91206; Mon, 10 May 2004 00:36:37 -0400 (EDT) Delivered-To: x Received: by trapdoor.merit.edu (Postfix, from userid 56) id 8645591243; Mon, 10 May 2004 00:36:37 -0400 (EDT) Delivered-To: x Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 50AFD91206 for x; Mon, 10 May 2004 00:36:34 -0400 (EDT) Received: by segue.merit.edu (Postfix) id 3B3955914F; Mon, 10 May 2004 00:36:34 -0400 (EDT) Delivered-To: x Received: from ms-smtp-02-eri0.socal.rr.com (ms-smtp-02-qfe0.socal.rr.com [66.75.162.134]) by segue.merit.edu (Postfix) with ESMTP id EAB7358E5D for x; Mon, 10 May 2004 00:36:33 -0400 (EDT) Received: from [192.168.2.2] (cpe-24-30-181-126.socal.rr.com [24.30.181.126]) by ms-smtp-02-eri0.socal.rr.com (8.12.10/8.12.7) with ESMTP id i4A4aUce025659 for x; Sun, 9 May 2004 21:36:30 -0700 (PDT) Message-ID: [EMAIL PROTECTED] Date: Sun, 09 May 2004 21:36:41 -0700 From: Vicky Rode [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: x Subject: Hierarchical Credit-based Queuing (HCQ): QoS X-Enigmail-Version: 0.83.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine Sender: owner-x Precedence: bulk Errors-To: [EMAIL PROTECTED] X-Loop: nanog Hi there, Just wondering if anyone out there has either implemented or looked into this queuing method for quality of service implementation. This solution is offered (hardware solution) and patented by foursticks.com. According to foursticks, HCQ achieves the efficiency and flexibility of first generation queuing systems, without the disadvantages. It compares HCQ (interesting reading) w/ Class-Based Queuing (CBQ), Random Early Discard (RED) and Weighted Random Early Discard (WRED),Weighted Fair Queuing (WFQ),Priority Queuing (PQ) Low Latency Queuing (LLQ).
MightAnyone from swbell on the list? - large name scanning from your DSL
Well as the subject says.. 4 various mail servers (4 very different companies) are being heavily name guessing scanned via various machines on the xxx.dsl.rcsntx.swbell.net network. Been going on for a few days now. All from within this block and loads of it. Reported it but no response. Nicole -- |\ __ /| (`\ | o_o |__ ) ) // \\ - [EMAIL PROTECTED] - Powered by FreeBSD - -- The term daemons is a Judeo-Christian pejorative. Such processes will now be known as spiritual guides -Politicaly Correct UNIX Page http://www.nonsenseband.com *** Spam Sucks and I get tons of it. So I have some tight spam filters. If any email to me bounces, please use your secret decoder ring and send to blabgoo at yahoo dot. com :)
Re: Spamcop
. There have been no reminders from the mailing list since I signed up which I think is a good policy for a mailing list. The mailing list only uses Precedence: bulk to mark it as a mailing list. the list is pretty active, so i would dare say that reminders are superfluous. an iq test at subscription time would probably work better to prevent situations like this in the future. Right, the reminder may have no value for the intended recipient which is the one that signed up. However, in the case of an inherited email address this may be valuable. But an IQ test would be nice. What should be the I to test for? Rgds, -GSH
Re: Spamcop
On Tue, 11 May 2004 21:23:55 -, =?iso-8859-1?Q?Gu=F0bj=F6rn_S._Hreinsson?= [EMAIL PROTECTED] said: But an IQ test would be nice. What should be the I to test for? http://ars.userfriendly.org/cartoons/?id=19991114mode=classic pgp0.pgp Description: PGP signature
Re: Spamcop
On Tue, 2004-05-11 at 16:35, Guðbjörn S. Hreinsson wrote: Possible someone on the list didn't understand the content, didn't realize this was sent via a mailing lists and submitted this as a spam message to SPAMCOP. Less likely someone didn't know how to get off the mailing list and this was the result. In both cases the submitter exercised bad judgement. But the mailing list could be more helpful as well. Further, Spamcop should implement some form of check to verify that the e-mail is in fact spam before they go pointing the finger and/or blocking mail servers. The problem of end users leveraging Spamcop to get them off of mailing lists or a simple way of DoSsing a discussion forum would become mute if some form of sanity checking was in place. Cheers, Chris
Re: Spamcop
Chris Brenton wrote: Further, Spamcop should implement some form of check to verify that the e-mail is in fact spam before they go pointing the finger and/or blocking mail servers. The problem of end users leveraging Spamcop to get them off of mailing lists or a simple way of DoSsing a discussion forum would become mute if some form of sanity checking was in place. As an ex-admin, I have some serious issues about the way Spamcop works, but this argument is similar to one that says a credit reporting company has to prove that you are a deadbeat before reporting that several companies you do business with report that you are late with payments a lot. And as an ex-admin that had some contact with mailing lists and their operation and managment I will say that the notion that people forgot that they subscribed to a list does not happen nearly as often as it is used to wriggle out from under a spam complaint. -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Re: Spamcop
On Tue, 2004-05-11 at 18:15, Laurence F. Sheldon, Jr. wrote: As an ex-admin, I have some serious issues about the way Spamcop works, but this argument is similar to one that says a credit reporting company has to prove that you are a deadbeat before reporting that several companies you do business with report that you are late with payments a lot. I would agree with your analogy if Spamcop limited automatic reporting to subset of the community. The problem is they do not. I can't call up a credit agency and get them to automatically red mark your credit report. I obviously can send pretty much anything to Spamcop, claim you are a spammer and get them to act on that. Cheers, Chris
Re: Spamcop
Chris Brenton wrote: On Tue, 2004-05-11 at 18:15, Laurence F. Sheldon, Jr. wrote: As an ex-admin, I have some serious issues about the way Spamcop works, but this argument is similar to one that says a credit reporting company has to prove that you are a deadbeat before reporting that several companies you do business with report that you are late with payments a lot. I would agree with your analogy if Spamcop limited automatic reporting to subset of the community. The problem is they do not. I can't call up a credit agency and get them to automatically red mark your credit report. I obviously can send pretty much anything to Spamcop, claim you are a spammer and get them to act on that. Actually, apparently you can--we have to (actually, my dear wife has to) take the reporting houses to task every now and again because they report, on occasion, that we are somehow connected to people who have financial difficulty. Sometimes it is people we know, but have no responsibility for, sometimes it is people whose account numbers are related numerically to ours, sometimes we never find out how they got on our report. And the act on that means report that you reported it--with your privacy protected doesn't it? -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
Looks like Cisco is now trying to patent security http://www.ietf.org/ietf/IPR/cisco-ipr-draft-ietf-tcpm-tcpsecure.txt Title: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Received: April 26, 2004 From: Robert Barr [EMAIL PROTECTED] Cisco is the owner of one or more pending patent applications relating to the subject matter of Transmission Control Protocol security considerations draft-ietf-tcpm-tcpsecure-00.txt. If technology in this document is included in a standard adopted by IETF and any claims of any Cisco patents are necessary for practicing the standard, any party will be able to obtain a license from Cisco to use any such patent claims under reasonable, non-discriminatory terms, with reciprocity, to implement and fully comply with the standard. For information contact: Robert Barr Worldwide Patent Counsel Cisco Systems 408-525-9706 [EMAIL PROTECTED]
Re: WAN transfer rates
It's worth mentioning that this proj.sunet.se/LSR2 test was done using the previous generation of Intel 10Gb PCI-X NICs, the new ones were announced last week: http://www.intel.com/network/connectivity/products/pro10GbE_SR_server_adapter.htm It uses the same controller ASIC, but is half the length and has XPAK optics. Interesting stuff regarding the 82597EX 10Gb NIC controller chip and Linux: http://www.google.com/search?q=82597EX+Linuxsourceid=mozilla-searchstart=0start=0ie=utf-8oe=utf-8 Peter Lothberg wrote: TCP is mostly a implemenation/parameter setting problem for resonable speeds, for high_speed, you can not drop packets. Have a look at proj.sunet.se/LSR2. 2 $1500 mail_order PC's, 40 router hops, almost around half of the earth. -Peter
Re: WAN transfer rates
I think the real answer is more complex, if I remember this correctly: The real transfer results depend on a lot of things, but the foremost parameter that dominates the transfer rates for a single TCP session is the duration of the session. If the session is short-lived, regardless of what the maximum window size is, the transfer rate will be abysmal unless the TCP stack is modified to guesstimate the initial window. For long lived TCP sessions, you want to have enough packets in flight to fill the bandwidth delay product of the link to get the maximum throughput. Mark Allman, Sally Floyd, and quite a few other people have published numerous papers on this topic. Essentially the answer is that the transfer rates diminish with increasing latency if and only if the sessions are short-lived. This becomes a huge problem especially on high bandwidth satellite links where some real interesting TCP hacks are employed. Now add a DNS lookup or two to the beginning of the sessions and things really start to look bad for short-duration traffic over high latency links. When you have many TCP sessions competing for the same link, then things start to look up. Regards, Bora Akyol On 11-mei-04, at 10:24, Jeff Nelson wrote: I realize that transfer rates across the Internet diminish significantly with latency, but what's the good answer for someone shrunk down to 10Mbps when the smallest pipe between them is 100Mbps and latency is 40ms?
Re: Spamcop
I would agree with your analogy if Spamcop limited automatic reporting to subset of the community. The problem is they do not. In Spamcop's defence, it seems that their systems were never designed to handle the wide variety of 'attack vectors that spam uses today. Spamcop also operates on the assumption that the user is exercising some judgement when *directly* reporting spam, which is universally the case with mailing list traffic. No matter how foolproof your system, the world creates a better fool. Thankfully, all my interactions - as a web host, network operator, and mailing list manager- with Spamcop and their staff have been professional, and productive. I for one appreciate the just the facts style of reporting, and useful mechanisms for interacting with the complainers. It is a refreshing change from the usual ALL-CAPS threats and exclamation point filled diatribes, usually mailed to the wrong [EMAIL PROTECTED] addresses. --chuck
Re: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure
What's very amusing is reading section 5 of the draft, wherein the author distributes credit to a number of parties. If Cisco were to file a patent at this point and not include those parties (including other companies), the patent validity would be at risk by reason of excluding a contributor. If Cisco does include all of those other companies in the patent, then all of them must also present the IETF with relevant IPR statements. Frankly, this is yet another PR blunder by Cisco. If they had simply said nothing or formally put their contribution into the public domain, they wouldn't look so egregiously greedy. Tony On May 11, 2004, at 3:46 PM, David Krause wrote: Looks like Cisco is now trying to patent security http://www.ietf.org/ietf/IPR/cisco-ipr-draft-ietf-tcpm-tcpsecure.txt Title: Cisco's Statement about IPR Claimed in draft-ietf-tcpm-tcpsecure Received: April 26, 2004 From: Robert Barr [EMAIL PROTECTED] Cisco is the owner of one or more pending patent applications relating to the subject matter of Transmission Control Protocol security considerations draft-ietf-tcpm-tcpsecure-00.txt. If technology in this document is included in a standard adopted by IETF and any claims of any Cisco patents are necessary for practicing the standard, any party will be able to obtain a license from Cisco to use any such patent claims under reasonable, non-discriminatory terms, with reciprocity, to implement and fully comply with the standard. For information contact: Robert Barr Worldwide Patent Counsel Cisco Systems 408-525-9706 [EMAIL PROTECTED]
Announcing BGPlay - A Tool Hosted By the RIPE NCC that Visualises BGP Updates
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Dear All, The Roma Tre University Computer Networks Research Group and the RIPE NCC are pleased to announce BGPlay, a new beta tool that can visualise BGP updates in the Routing Information Service's (RIS) database. Its animated, interactive graphical display makes it easier to interpret how BGP updates affect the routing of a specific prefix than by analysing the updates themselves. For an idea of what BGPlay can do, please visit the BGPlay web page at: http://www.ris.ripe.net/bgplay/ and click on the screenshot for an interactive help page. BGPlay was developed by the Computer Networks Research Group at Roma Tre University, and is hosted by the RIPE NCC, who provide direct access to the RIS database. Links to Respective Groups: * RIPE NCC Routing Information Service: http://www.ripe.net/ris/ * Roma Tre Computer Networks research Group: http://www.dia.uniroma3.it/~compunet/ Please note that BGPlay requires the Java browser plug-in version 1.4 or above (you can download it at http://www.java.com/en/download/ if you don't have it). If you have the Java plug-in installed, click on one of the links below for examples of BGPlay in action: 1. I.Net adds a new upstream: http://www.ris.ripe.net/cgi-bin/bgplay.cgi?prefix=194.185.0.0/16start =2004-04-08+14:02end=2004-04-08+14:04 2. Deutsche Telekom starts announcing a new network: http://www.ris.ripe.net/cgi-bin/bgplay.cgi?prefix=84.128.0.0/11start= 2004-03-16+08:07end=2004-03-16+08:10 3. A local instance of F root is leaked globally: http://www.ris.ripe.net/cgi-bin/bgplay.cgi?prefix=192.5.5.0/24start=2 004-03-17+19:30end=2004-03-18+22:00 4. An anycast prefix with multiple origin ASes: http://www.ris.ripe.net/cgi-bin/bgplay.cgi?prefix=192.88.99.0/24start =2004-04-01+03:00end=2004-04-01+20:00 For more information on BGPlay and to run queries of your own, visit the BGPlay web page at http://www.ris.ripe.net/bgplay/ Please send your comments to [EMAIL PROTECTED] and [EMAIL PROTECTED] Kind regards, Roma Tre University Computer Networks Research Group the RIS Team at RIPE NCC --- Matthew Williams (MW243-RIPE) Customer Liaison Engineer RIPE NCC - http://www.ripe.net/np/ -BEGIN PGP SIGNATURE- Version: PGP 7.0.4 iQA/AwUBQKFudcHkFbJe+GdoEQKw+wCgtKBk1x7u243SphgxdF7ozyhqYRAAoLAw 6F+ERBNpTJyWGH0Voo0qggzF =RzQH -END PGP SIGNATURE-
Re: Spamcop
Vicky Rode writes on 5/12/2004 12:21 AM: Just wondering why was my e-mail thread (Hierarchical Credit-based Queuing (HCQ): QoS) dated 5/9/2004 9:36 PM reported as a spam? Just That question is best asked of the admin of widowmaker.com, a user of which reported your nanog post to spamcop. Received: from [198.108.1.26] (helo=trapdoor.merit.edu) by wilma.widomaker.com with esmtp (Exim 3.36 #1) id 1BN2ZP-000Jo6-00 for x; Mon, 10 May 2004 00:39:15 -0400 srs -- suresh ramasubramanian [EMAIL PROTECTED] gpg EDEDEFB9 manager, security and antispam operations, outblaze ltd
WAN transfer rates
Possibly someone in this forum with a better understanding of tcp/ip can articulate this better than I I realize that transfer rates across the Internet diminish significantly with latency, but what's the good answer for someone shrunk down to 10Mbps when the smallest pipe between them is 100Mbps and latency is 40ms? Does anyone have reference to any study done in this area? I'm sure window tuning can alter this, but I'm interested in average statistics. Any reference would be appreciated. thanks, jeff
Telco alarm structured cabling standard?
Hi folks, I want to run NEBS alarm relay signals via structured cabling. Does anyone have a reference to a standard or know of the typical assignment of signals to wires? Ta, Glen -- Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936 Australian Academic Research Network www.aarnet.edu.au
Re: WAN transfer rates
I realize that transfer rates across the Internet diminish significantly with latency, but what's the good answer for someone shrunk down to 10Mbps when the smallest pipe between them is 100Mbps and latency is 40ms? Without window scaling (RFC 1323) your max transfer rate at 40ms RTT is 65535*8/0.040 = 13.1 Mbps. So slightly less than 10 Mbps isn't too unexpected. Steinar Haug, Nethelp consulting, [EMAIL PROTECTED]
Re: IPv6/IPv6 threat Comparison Paper available for review
On 11-mei-04, at 3:13, Darrin Miller wrote: http://www.cisco.com/security_services/ciag/documents/v6-v4-threats.pdf Ok, some comments: - style: Font too small / lines too long: 15 words or more per line doesn't make for the easiest reading. There is way too much in the way of This section outlines Guess what, that's why they invented headings. As they say in Hollywood: cut to the chase. Six level deep heading numbering is also not good. - ICMP: The whole bit on ICMP meanders between being just strict and being too strict. I don't see any convincing reason to filter ICMP. But given that some people want this, give them the right information. Stuff like echo / echo reply I can live without, but I really need my PMTUD in IPv4 as well as IPv6. Yes, fragmentation is possible in IPv4 in theory, but in practice the DF bit is set on most packets. In reasonable ICMP filtering you should also allow more unreachables, such as port unreachables, or be prepared to sit through lengthy timeouts. - On-link/off-link Many things that are mentioned, such as the potential for multicast mischief, or the additional uses for ICMP, really only apply on the local link, and are irrelevant elsewhere on the net. The assumption that there is a firewall on local links is bizarre. If you want to protect systems against on-link misbehavior, it makes sense to put them behind a router. IPv6 hosts are much more vulnerable to abuse from on-link attackers: these can spoof neighbor/router discovery, they can easily find addresses and even hosts without global IPv6 addresses are potentially vulnerable, especially as many filters only look at IPv4 and not IPv6. (In FreeBSD turning off IPv6 in the configuration doesn't actually turn it off so the host remains potentially vulnerable.) - Fragmentation You can't drop non-last fragments that are smaller than 1280 bytes as a host may fragment a packet into equal size parts rather than a big and a small part. Testing if you can get away with it makes no sense as new implementations come on the market all the time. If you want to do this you can probably do it at around ~600 bytes for non-last fragments as there is no legitimate need to fragment packets that are already 1280 bytes or smaller, so if this is done anyway it's probably for reasons you don't like. - Smurf I don't think you mention that in IPv6, there are no mechanisms that allow an incoming unicast packet to be turned into a broadcast or multicast packet, and as such, smurf-like attacks are impossible. - Tunneling Why only filter outbound tunneling? - Use of multiple addresses You say that RFC 3041 helps against scanning. It doesn't, as hosts also keep their EUI-64 derived addresses. In IPv6 it is required to support having multiple addresses on an interface.
Re: WAN transfer rates
On 11-mei-04, at 10:24, Jeff Nelson wrote: I realize that transfer rates across the Internet diminish significantly with latency, but what's the good answer for someone shrunk down to 10Mbps when the smallest pipe between them is 100Mbps and latency is 40ms? Does anyone have reference to any study done in this area? I'm sure window tuning can alter this, but I'm interested in average statistics. The best you can do is transfer a window size per round trip. You can see the window size with tcpdump or one of its cousins, and looking at netstat output will get you somewhere in the neighborhood too. So if your window is 16k and your RTT 25 ms, that's 16k every 25 ms. Or 16 * 1000 / 25 = 640k per second = 64 * 8 = 5 Mbps.
Re: IPv6/IPv6 threat Comparison Paper available for review
On 11-mei-04, at 11:19, [EMAIL PROTECTED] wrote: - Smurf I don't think you mention that in IPv6, there are no mechanisms that allow an incoming unicast packet to be turned into a broadcast or multicast packet, and as such, smurf-like attacks are impossible. There are cases where malicious IPv6 packet leads to IPv4 smurf attack (due to wacky IPv4 mapped address and API). i think it worthwhile to look at threats due to IPv4/v6 interaction. You can obviously craft an IPv6 packet that will be delivered to an IPv4 subnet broadcast address through 6to4 or some such, but unless the hosts that receive the subsequent broadcast (that shouldn't be generated unless v4 isn't properly administered in the first place so it's still not an IPv6 issue) reply with something, nothing is going to happen. draft-itojun-ipv6-transition-abuse-xx.txt draft-cmetz-v6ops-v4mapped-api-harmful-xx.txt draft-itojun-v6ops-v4mapped-harmful-xx.txt Yeah, yeah, everything is harmful. I don't think having IPv4-specific and IPv6-specific code in applications is the answer, though.
Re: WAN transfer rates
A nifty graph that I have found to be fairly accurate is at a little way down the page. http://www.atlantateleport.com/Services/TCP_IP_Via_Satellite/tcp_ip_via_satellite.htm And an intensive whitepaper at: http://public.lanl.gov/radiant/pubs/drs/hpdc2002.pdf Hope this helps. -v - Original Message - From: Jeff Nelson [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Tuesday, May 11, 2004 4:24 AM Subject: WAN transfer rates Possibly someone in this forum with a better understanding of tcp/ip can articulate this better than I I realize that transfer rates across the Internet diminish significantly with latency, but what's the good answer for someone shrunk down to 10Mbps when the smallest pipe between them is 100Mbps and latency is 40ms? Does anyone have reference to any study done in this area? I'm sure window tuning can alter this, but I'm interested in average statistics. Any reference would be appreciated. thanks, jeff
Re: WAN transfer rates
TCP is mostly a implemenation/parameter setting problem for resonable speeds, for high_speed, you can not drop packets. Have a look at proj.sunet.se/LSR2. 2 $1500 mail_order PC's, 40 router hops, almost around half of the earth. -Peter
Re: Worms versus Bots
I think running two separate computers is a wee bit of overkill... A better solution would be a NIC with a built-in SI firewall...manageable from a host app, but physically separate from the OS running on the PC. -C On Thu, May 06, 2004 at 09:49:37PM +0300, Petri Helenius wrote: [EMAIL PROTECTED] wrote: you can easily fit an entire router into a PC's slimline case and the router can include a complete SI Firewall capability. The PC BIOS will allow the initial SI Firewall config to be done before booting the PC. They got to it before you did; http://www.giwano.com/ Pete pgp0.pgp Description: PGP signature
Re: Worms versus Bots
On Tue, 11 May 2004 11:38:33 EDT, Chris Woodfield said: A better solution would be a NIC with a built-in SI firewall...manageable from a host app, but physically separate from the OS running on the PC. Gaak. No. ;) What's the point of a firewall, if the first piece of malware that does manage to sneak in (via a file-sharing program, or a webpage that installs malware, or an ooh! Shiny! email attachment) just does the network Plug-N-Play call to tell the firewall Shield DOWN!? pgp0.pgp Description: PGP signature
Re: Worms versus Bots
Simple solution...build the on-NIC firewall to not use uPnP, or at least require a password before changing rulesets. :) Seriously, this is such a stupidly simple solution that I'm amazed no one's attempted to make a product out of it yet. -C On Tue, May 11, 2004 at 12:21:29PM -0400, [EMAIL PROTECTED] wrote: On Tue, 11 May 2004 11:38:33 EDT, Chris Woodfield said: A better solution would be a NIC with a built-in SI firewall...manageable from a host app, but physically separate from the OS running on the PC. Gaak. No. ;) What's the point of a firewall, if the first piece of malware that does manage to sneak in (via a file-sharing program, or a webpage that installs malware, or an ooh! Shiny! email attachment) just does the network Plug-N-Play call to tell the firewall Shield DOWN!? pgp0.pgp Description: PGP signature
RE: Worms versus Bots
Uh... they have. It's called a Snapgear card :) -- Jonathan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Woodfield Sent: Tuesday, May 11, 2004 12:42 PM To: [EMAIL PROTECTED] Cc: Petri Helenius; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Worms versus Bots Simple solution...build the on-NIC firewall to not use uPnP, or at least require a password before changing rulesets. :) Seriously, this is such a stupidly simple solution that I'm amazed no one's attempted to make a product out of it yet. -C On Tue, May 11, 2004 at 12:21:29PM -0400, [EMAIL PROTECTED] wrote: On Tue, 11 May 2004 11:38:33 EDT, Chris Woodfield said: A better solution would be a NIC with a built-in SI firewall...manageable from a host app, but physically separate from the OS running on the PC. Gaak. No. ;) What's the point of a firewall, if the first piece of malware that does manage to sneak in (via a file-sharing program, or a webpage that installs malware, or an ooh! Shiny! email attachment) just does the network Plug-N-Play call to tell the firewall Shield DOWN!?
Re: Worms versus Bots
While following the thread, I did a bit of Googling, then browsing 3Com's site: http://www.3com.com/products/en_US/detail.jsp?tab=featurespathtype=purchasesku=3CRFW200B On-NIC firewall w/remote management. On Tue, 11 May 2004, Chris Woodfield wrote: :Simple solution...build the on-NIC firewall to not use uPnP, or at least require :a password before changing rulesets. :) : :Seriously, this is such a stupidly simple solution that I'm amazed no one's attempted :to make a product out of it yet. : :-C : :On Tue, May 11, 2004 at 12:21:29PM -0400, [EMAIL PROTECTED] wrote: : On Tue, 11 May 2004 11:38:33 EDT, Chris Woodfield said: : : A better solution would be a NIC with a built-in SI firewall...manageable from a host : app, but physically separate from the OS running on the PC. : : Gaak. No. ;) : : What's the point of a firewall, if the first piece of malware that does manage : to sneak in (via a file-sharing program, or a webpage that installs malware, or : an ooh! Shiny! email attachment) just does the network Plug-N-Play call to : tell the firewall Shield DOWN!? : : : :
Re: Worms versus Bots
I stand corrected, they're out there. I'm advised that 3com has a on-NIC firewall product as well. However, at $299 and $329 respectively, I don't anticipate wide adoption in the consumer market... -C On Tue, May 11, 2004 at 12:49:05PM -0400, Jonathan M. Slivko wrote: Uh... they have. It's called a Snapgear card :) -- Jonathan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Woodfield Sent: Tuesday, May 11, 2004 12:42 PM To: [EMAIL PROTECTED] Cc: Petri Helenius; [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Worms versus Bots Simple solution...build the on-NIC firewall to not use uPnP, or at least require a password before changing rulesets. :) Seriously, this is such a stupidly simple solution that I'm amazed no one's attempted to make a product out of it yet. -C On Tue, May 11, 2004 at 12:21:29PM -0400, [EMAIL PROTECTED] wrote: On Tue, 11 May 2004 11:38:33 EDT, Chris Woodfield said: A better solution would be a NIC with a built-in SI firewall...manageable from a host app, but physically separate from the OS running on the PC. Gaak. No. ;) What's the point of a firewall, if the first piece of malware that does manage to sneak in (via a file-sharing program, or a webpage that installs malware, or an ooh! Shiny! email attachment) just does the network Plug-N-Play call to tell the firewall Shield DOWN!? pgp0.pgp Description: PGP signature
Spamcop
Hi there, Just wondering why was my e-mail thread (Hierarchical Credit-based Queuing (HCQ): QoS) dated 5/9/2004 9:36 PM reported as a spam? Just trying to understand so that I don't repeat it. Below is a cut and paste of the reported incident. Please advice. regards, /vicky cut here -- Return-Path: [EMAIL PROTECTED] Received: from vamx01.mgw.rr.com ([24.28.193.148]) by acme-reston.va.rr.com (Post.Office MTA v3.5.3 release 223 ID# 0-59787U25L25S0V35) with SMTP id com for [EMAIL PROTECTED]; Mon, 10 May 2004 10:42:14 -0400 Received: from vmx2.spamcop.net (vmx2.spamcop.net [206.14.107.117]) by vamx01.mgw.rr.com (8.12.10/8.12.8) with ESMTP id i4AEkwhn017175 for [EMAIL PROTECTED]; Mon, 10 May 2004 10:47:01 -0400 (EDT) Received: from sc-app3.verio.ironport.com (HELO spamcop.net) (192.168.11.203) by vmx2.spamcop.net with SMTP; 10 May 2004 07:47:00 -0700 Received: from [68.13.211.63] by spamcop.net with HTTP; Mon, 10 May 2004 14:47:01 GMT From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SpamCop (24.30.181.126) id:988145978]Hierarchical Credit-based Queuing (HCQ): QoS Precedence: list Message-ID: [EMAIL PROTECTED] Date: Sun, 9 May 2004 21:36:30 -0700 (PDT) X-SpamCop-sourceip: 24.30.181.126 X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705) via http://www.spamcop.net/ v1.3.4 X-Virus-Scanned: Symantec AntiVirus Scan Engine [ SpamCop V1.3.4 ] This message is brief for your comfort. Please use links below for details. Email from 24.30.181.126 / Sun, 9 May 2004 21:36:30 -0700 (PDT) http://www.spamcop.net/w3m?i=z988145978zab5cec781dcfa15ae459c11bd03b7bef z [ Offending message ] Return-path: owner-x Envelope-to: x Delivery-date: Mon, 10 May 2004 00:39:15 -0400 Received: from [198.108.1.26] (helo=trapdoor.merit.edu) by wilma.widomaker.com with esmtp (Exim 3.36 #1) id 1BN2ZP-000Jo6-00 for x; Mon, 10 May 2004 00:39:15 -0400 Received: by trapdoor.merit.edu (Postfix) id B68EC91206; Mon, 10 May 2004 00:36:37 -0400 (EDT) Delivered-To: x Received: by trapdoor.merit.edu (Postfix, from userid 56) id 8645591243; Mon, 10 May 2004 00:36:37 -0400 (EDT) Delivered-To: x Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 50AFD91206 for x; Mon, 10 May 2004 00:36:34 -0400 (EDT) Received: by segue.merit.edu (Postfix) id 3B3955914F; Mon, 10 May 2004 00:36:34 -0400 (EDT) Delivered-To: x Received: from ms-smtp-02-eri0.socal.rr.com (ms-smtp-02-qfe0.socal.rr.com [66.75.162.134]) by segue.merit.edu (Postfix) with ESMTP id EAB7358E5D for x; Mon, 10 May 2004 00:36:33 -0400 (EDT) Received: from [192.168.2.2] (cpe-24-30-181-126.socal.rr.com [24.30.181.126]) by ms-smtp-02-eri0.socal.rr.com (8.12.10/8.12.7) with ESMTP id i4A4aUce025659 for x; Sun, 9 May 2004 21:36:30 -0700 (PDT) Message-ID: [EMAIL PROTECTED] Date: Sun, 09 May 2004 21:36:41 -0700 From: Vicky Rode [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: x Subject: Hierarchical Credit-based Queuing (HCQ): QoS X-Enigmail-Version: 0.83.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine Sender: owner-x Precedence: bulk Errors-To: [EMAIL PROTECTED] X-Loop: nanog Hi there, Just wondering if anyone out there has either implemented or looked into this queuing method for quality of service implementation. This solution is offered (hardware solution) and patented by foursticks.com. According to foursticks, HCQ achieves the efficiency and flexibility of first generation queuing systems, without the disadvantages. It compares HCQ (interesting reading) w/ Class-Based Queuing (CBQ), Random Early Discard (RED) and Weighted Random Early Discard (WRED),Weighted Fair Queuing (WFQ),Priority Queuing (PQ) Low Latency Queuing (LLQ). Also can anyone recommend a qos forum which I can ping as well. Any insight will be appreciated. regards, /vicky
Re: Spamcop
Date: Tue, 11 May 2004 11:51:10 -0700 From: Vicky Rode [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Spamcop Hi there, Just wondering why was my e-mail thread (Hierarchical Credit-based Queuing (HCQ): QoS) dated 5/9/2004 9:36 PM reported as a spam? Just trying to understand so that I don't repeat it. Below is a cut and paste of the reported incident. Vicky: I'm guessing here, but it was probably because the *.rr.com addresses originate a LOT of spam and someone has a procmail filter that automatically refers any mail from that domain to spamcop... Or it could be that someone didn't like what you wrote and reported it ... Dunno. Remember, I said that I'm **guessing**. Regards, Gregory Hicks Please advice. regards, /vicky cut here -- Return-Path: [EMAIL PROTECTED] Received: from vamx01.mgw.rr.com ([24.28.193.148]) by acme-reston.va.rr.com (Post.Office MTA v3.5.3 release 223 ID# 0-59787U25L25S0V35) with SMTP id com for [EMAIL PROTECTED]; Mon, 10 May 2004 10:42:14 -0400 Received: from vmx2.spamcop.net (vmx2.spamcop.net [206.14.107.117]) by vamx01.mgw.rr.com (8.12.10/8.12.8) with ESMTP id i4AEkwhn017175 for [EMAIL PROTECTED]; Mon, 10 May 2004 10:47:01 -0400 (EDT) Received: from sc-app3.verio.ironport.com (HELO spamcop.net) (192.168.11.203) by vmx2.spamcop.net with SMTP; 10 May 2004 07:47:00 -0700 Received: from [68.13.211.63] by spamcop.net with HTTP; Mon, 10 May 2004 14:47:01 GMT From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [SpamCop (24.30.181.126) id:988145978]Hierarchical Credit-based Queuing (HCQ): QoS Precedence: list Message-ID: [EMAIL PROTECTED] Date: Sun, 9 May 2004 21:36:30 -0700 (PDT) X-SpamCop-sourceip: 24.30.181.126 X-Mailer: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.0.3705) via http://www.spamcop.net/ v1.3.4 X-Virus-Scanned: Symantec AntiVirus Scan Engine [ SpamCop V1.3.4 ] This message is brief for your comfort. Please use links below for details. Email from 24.30.181.126 / Sun, 9 May 2004 21:36:30 -0700 (PDT) http://www.spamcop.net/w3m?i=z988145978zab5cec781dcfa15ae459c11bd03b7bef z [ Offending message ] Return-path: owner-x Envelope-to: x Delivery-date: Mon, 10 May 2004 00:39:15 -0400 Received: from [198.108.1.26] (helo=trapdoor.merit.edu) by wilma.widomaker.com with esmtp (Exim 3.36 #1) id 1BN2ZP-000Jo6-00 for x; Mon, 10 May 2004 00:39:15 -0400 Received: by trapdoor.merit.edu (Postfix) id B68EC91206; Mon, 10 May 2004 00:36:37 -0400 (EDT) Delivered-To: x Received: by trapdoor.merit.edu (Postfix, from userid 56) id 8645591243; Mon, 10 May 2004 00:36:37 -0400 (EDT) Delivered-To: x Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 50AFD91206 for x; Mon, 10 May 2004 00:36:34 -0400 (EDT) Received: by segue.merit.edu (Postfix) id 3B3955914F; Mon, 10 May 2004 00:36:34 -0400 (EDT) Delivered-To: x Received: from ms-smtp-02-eri0.socal.rr.com (ms-smtp-02-qfe0.socal.rr.com [66.75.162.134]) by segue.merit.edu (Postfix) with ESMTP id EAB7358E5D for x; Mon, 10 May 2004 00:36:33 -0400 (EDT) Received: from [192.168.2.2] (cpe-24-30-181-126.socal.rr.com [24.30.181.126]) by ms-smtp-02-eri0.socal.rr.com (8.12.10/8.12.7) with ESMTP id i4A4aUce025659 for x; Sun, 9 May 2004 21:36:30 -0700 (PDT) Message-ID: [EMAIL PROTECTED] Date: Sun, 09 May 2004 21:36:41 -0700 From: Vicky Rode [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] User-Agent: Mozilla Thunderbird 0.6 (Windows/20040502) X-Accept-Language: en-us, en MIME-Version: 1.0 To: x Subject: Hierarchical Credit-based Queuing (HCQ): QoS X-Enigmail-Version: 0.83.6.0 X-Enigmail-Supports: pgp-inline, pgp-mime Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Virus-Scanned: Symantec AntiVirus Scan Engine Sender: owner-x Precedence: bulk Errors-To: [EMAIL PROTECTED] X-Loop: nanog Hi there, Just wondering if anyone out there has either implemented or looked into this queuing method for quality of service implementation. This solution is offered (hardware solution) and patented by foursticks.com. According to foursticks, HCQ achieves the efficiency and flexibility of first generation queuing systems, without the disadvantages. It compares HCQ (interesting reading) w/ Class-Based Queuing (CBQ), Random Early Discard (RED) and Weighted Random Early Discard (WRED),Weighted Fair Queuing (WFQ),Priority Queuing (PQ) Low Latency Queuing (LLQ). Also can anyone recommend a qos forum which I can ping as well. Any insight will be appreciated. regards, /vicky --- Gregory Hicks
Re: Spamcop
On Tue, 11 May 2004 11:51:10 PDT, Vicky Rode said: Just wondering why was my e-mail thread (Hierarchical Credit-based Queuing (HCQ): QoS) dated 5/9/2004 9:36 PM reported as a spam? Just My guess is that somebody's automated tool saw credit-based and concluded that it was Yet Another Mortgage Spam... pgp0.pgp Description: PGP signature
Re: Spamcop
On Tue, May 11, 2004 at 12:00:14PM -0700, Gregory Hicks wrote: Just wondering why was my e-mail thread (Hierarchical Credit-based Queuing (HCQ): QoS) dated 5/9/2004 9:36 PM reported as a spam? Just trying to understand so that I don't repeat it. Below is a cut and paste of the reported incident. Vicky: I'm guessing here, but it was probably because the *.rr.com addresses originate a LOT of spam and someone has a procmail filter that automatically refers any mail from that domain to spamcop... Or it could be that someone didn't like what you wrote and reported it ... I've found that a number of people that are spamcop subscribers report messages as spam that are not when they don't know how to get removed from lists. I find this annoying and always make a note in the spamcop ticket saying they're fools when this happens. I do wish that rr.com would get a different dns naming system set up (ala comcast, using client.comcast.net or similar subdomain that does not have MX records to help with the direct-to-server SMTP problem I have with rr.com with spam..) - Jared -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: Spamcop
Hello... On Tue, 2004-05-11 at 11:51, Vicky Rode wrote: Hi there, Just wondering why was my e-mail thread (Hierarchical Credit-based Queuing (HCQ): QoS) dated 5/9/2004 9:36 PM reported as a spam? Just trying to understand so that I don't repeat it. Below is a cut and paste of the reported incident. Please advice. I think this is a violation of the SpamCop TOS. Somewhere in there is says something like, Don't report stuff you asked for like mailing lists, newsletters, etc. I can't find the link now :(, but I remember seeing it in there somewhere. regards, /vicky snip -- Christopher McCrory The guy that keeps the servers running [EMAIL PROTECTED] http://www.pricegrabber.com Let's face it, there's no Hollow Earth, no robots, and no 'mute rays.' And even if there were, waxed paper is no defense. I tried it. Only tinfoil works.
Re: Spamcop
On Tue, 11 May 2004 12:00:14 -0700 (PDT) Gregory Hicks [EMAIL PROTECTED] wrote: I'm guessing here, but it was probably because the *.rr.com addresses originate a LOT of spam and someone has a procmail filter that automatically refers any mail from that domain to spamcop... Or it could be that someone didn't like what you wrote and reported it .. Dunno. Remember, I said that I'm **guessing**. here's another guess: someone wants off of nanog, lost or didn't understand the unsubscribe instructions and is submitting nanog email to spamcop to try and get off. it's a guess, but it has happened before with other lists. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Spamcop
I got one of those during the Spring last year, when I was writing about the state of the net in Iraq. Someone used SpamCop to get my ISP's abuse desk interested in me. Not much to be said about that.
Re: Spamcop
At 12:09 PM 5/11/2004, Jared Mauch wrote: I've found that a number of people that are spamcop subscribers report messages as spam that are not when they don't know how to get removed from lists. It could also simply be a mistake. The inet-access list was once reported as a spam source by a happy subscriber who was busy reporting hundreds (or thousands?) of spams and clicked /included a list post by accident. jc -- p.s. Please do not cc me on replies to the list. Please reply to the list only, or to me only (as you prefer) but not to both.
