RE: Strange behavior of Catalyst4006
I'm sorry I made a mistake the subnet between catalyst4006 and customer's firewall is 10.10.1.213/30, Catalyst4006's interface address is 10.10.1.213, firewall's interface address is 10.10.1.214. Sorry. Joe On Mon, 28 Jun 2004 21:24 , Tony Rall [EMAIL PROTECTED] sent: On Monday, 2004-06-28 at 20:41 MST, Greg Schwimer [EMAIL PROTECTED] wrote: Some things you can look into: firewall interface(10.10.1.122/30). ip route 192.168.5.0 255.255.255.0 10.10.1.124 Is that the firewall interface is 10.10.1.122, or is it 10.10.1.124? 10.10.1.122 is a host address in the 10.10.1.120/30 subnet. 10.10.1.124 is a /30 network. Either way, you're dealing with two different subnets. Oddly, it's working sometimes. On top of that, we have this discrepancy: On Monday, 2004-06-28 at 19:01 CST, Joe Shen [EMAIL PROTECTED] wrote: interface FastEthernet4/41 ip address 10.10.1.213 255.255.255.252 So the router's address isn't even on the same subnet as the firewall's. Again, it's not clear how it ever worked. Tony Rall Cool Things Happen When Mac Users Meet! Join the community in Boston this July: www.macworldexpo.com
Re: Can a customer take IP's with them?
On Tue, 29 Jun 2004, Florian Weimer wrote: * Alex Rubenstein: b) customer is exercising the right not to renew the business agreement, and is leaving NAC voluntarily. The customer probably has a different opinion on this particular topic, doesn't he? No. This is a clear situation where the customer has canceled his service with us in writing. If there's a contract dispute, it actually makes a lot of sense to issue the order you quoted. There's no harm to you (or the Internet as a whole) because the customer just appears to be another multi-homed customer of yours, provided that the prefix that is involved reaches a certain size. OTOH, if you were allowed to reassign the IP address space while the dispute is being resolved, this could severely harm the customer's business. Of course, this setup can be just temporary. If you are ordered to permanently give up that particular prefix, then you'll have reason to complain. I can't address all of the points you raise, but I can say the following: a) NAC did not terminate the customers service in any respect. The customer chose, on his own, to terminate their service with us. This fact is undisputed. Also, NAC was willing to continue the customers service (we were not forcing them out the door). b) In regards to your passage, because the customer just appears to be another multi-homed customer of yours, this is a key point. The customer *WILL NOT* be a customer of NAC any longer once they physically leave. The key point here is that the customer has gotten a TRO, which allows them to take the IP address space that is allocated to NAC with them, and NOT HAVE ANY SERVICE FROM NAC. NAC WILL NOT BE ONE OF THE NETWORKS THAT THEY ARE MULTIHOMED TO. c) In regards to the tail-end of your mail, what you propose (the temporary reassignment of space to an ex-customer) is in (as I intepret ARIN policy) direct contradiction and violation of ARIN policy. If this policy were to stand, what prevents cable modem users, or dialup users, or webhosting customers, the right to ask to take their /32 with them? Regards,
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, Jun 29, 2004 at 12:44:43AM -0400, Charles Sprickman wrote: Hi, As far as other ISPs helping out in the form of a letter to the court, what do you need beyond a well, this is one more route we need to carry that we shouldn't have to and How do I know how to properly report abuse issues regarding this block? I would go even further: if there is a dispute over the so-called ownership of a netblock, there is no party who can guerantee proper routability and technical responsability so I would probably blackhole it. As for the netblock: I just did a quick scan and here is what I found: 64.21.0.0/17 *[BGP/170] 3d 17:52:24, MED 64, localpref 210 AS path: 6320 8001 I 64.21.1.0/24 *[BGP/170] 3d 17:52:49, localpref 100 AS path: 3356 3561 6347 25702 I I'm not sure wether or not 64.21.1.0/24 is the disputed netblock, but this seems the only more specific without AS8001 in the path. -- Sabri, I route, therefore you are
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, Jun 29, 2004 at 09:43:41AM +0200, Florian Weimer wrote: Hi, As for the netblock: I just did a quick scan and here is what I found: 64.21.0.0/17 *[BGP/170] 3d 17:52:24, MED 64, localpref 210 AS path: 6320 8001 I 64.21.1.0/24 *[BGP/170] 3d 17:52:49, localpref 100 AS path: 3356 3561 6347 25702 I I don't think it's this one: route: 64.21.1.0/24 origin: AS8001 I don't see this netblock originating from AS8001 anywhere, and I am rather curious which netblock it does concern. Does anyone know? :) -- Sabri, I route, therefore you are Bescherm de digitale burgerrechten: http://www.bof.nl/donateur.html
RE: Can a customer take IP's with them?
Michel Py wrote: In short: drop the monkey on ARIN's back. The issue that non-portable blocks are indeed non-portable is ARIN's to deal with, and partly why we are giving money to them. Patrick W Gilmore wrote: I wonder why ARIN, or even more importantly, ICANN has not jumped all over this. Seems to me if IP space is not owned or something close to it by ICANN, they have lost a cornerstone of their power. Indeed, or there's something else we don't know about. b) _do_ announce the specific block routed to null0 (ARIN has delegated this space to you, if you want to announce unallocated parts of it to a blackhole it's nobody's business to tell you that you can't). DO NOT DO THIS. The TRO specifically prohibits him from doing these types of things. Breaking the TRO will have immediate and detrimental impact on Alex and NAC.Net. That remains to be seen, especially if the authority issuing the TRO has no jurisdiction over BGP routing. If you find an attorney that wants your money (easy enough) and a judge who is stupid enough to issue a TRO that I can't wear a green sock and a red sock, I will nevertheless keep wearing a green sock and a red sock and the detrimental consequences are going to be for the bozo that issued the TRO if they try to enforce it and not for me. Judges can be suspended or removed and states can be sued, to. See my previous post re: liquor the next NANOG Do you own a winery or something :-) Alex Rubenstein c) In regards to the tail-end of your mail, what you propose (the temporary reassignment of space to an ex-customer) is in (as I interpret ARIN policy) direct contradiction and violation of ARIN policy. If this policy were to stand, what prevents cable modem users, or dialup users, or webhosting customers, the right to ask to take their /32 with them? Exactly, I have one IP address with SBC (formerly Pacific Bell) at home, I'm too lazy to renumber my tunnels if I switch ISPs, so I'm going to require SBC to allow my one IP to be routed somewhere else? Ridiculous. By the way Alex, have you given some thoughts to suing the company that announces parts of your block? Should not be too difficult, if it's not portable and assigned to you. We all like customers that bring lawsuits with them, don't we? And what's the block in question so we can WHOIS it? Michel.
RE: Strange behavior of Catalyst4006
Hi Joe, It would be good to know the type (and software version) of firewall as it could be the firewall and not the switch that's the problem. For instance, there's a known bug with checkpoint and NAT where automatic arp entries disappear. If you can ping it all from the catalyst but not from the rest of your network it could be that you have a problem with your dynamic routing protocols, or with a device connected to the catalyst. Check your adjacent routers, do you have a valid route to the catalyst for the 192.168.5.7 subnet? What does a traceroute show from your NOC? -GP -Original Message- From: Joe Shen [mailto:[EMAIL PROTECTED] Sent: 29 June 2004 02:01 To: [EMAIL PROTECTED] Subject: Strange behavior of Catalyst4006 Hi, We met a strange problem with Catalyst 4006 when provideing leased line service to one of our customers. Catalyst4006 Customer's firewall ---Customer's Intranet The customer is allocated a Class C address block 192.168.5/24. And , they connect their network to our network by using a firewall. The Interface on Cata4006 is set up as no switchport, and inter-connecting subnet is configured between Cata4006 and firewall interface(10.10.1.122/30). Static route is used on Catalyst4006 to designate route to customer's intranet address. ( ip route 192.168.5.0 255.255.255.0 10.10.1.124 ). Customer setup their email server at 192.168.5.7, dns server at 192.168.5.1, web server at 192.168.5.9. At the very begining all system works fine. After sometime they said they could not acces their email/web/dns server from host outside their company's network. But, when we telnet to Cata4006, we could 'ping' 192.168.5.7, but if we move to host in NOC ping failed all the time. ( ping to server is allowed on firewall). At the same time, their intranet host could access our network. We restart ( shut; noshut) the fastethernet interface on Catalyst4006, and then servers' network access recovered. The phenomon comes up frequently, and our customer said this is a bug with catalyst4006. But, to my understanding, if this is a bug to catos, it should not only affact only three servers. But, why it could be solved by restart catalyst interface? Would you please do some help? ( I attach system info below) Joe Shen ==-= 4006#sh version Cisco Internetwork Operating System Software IOS (tm) Catalyst 4000 L3 Switch Software (cat4000-IS-M), Version 12.1(12c)EW1, EARLY DEPLOYMENT RELEASE SOFTWARE (fc1) TAC Support: http://www.cisco.com/tac Copyright (c) 1986-2002 by cisco Systems, Inc. Compiled Thu 24- Oct-02 23:05 by eaarmas Image text-base: 0x, data-base: 0x00CA7368 ROM: 12.1(12r)EW Dagobah Revision 63, Swamp Revision 24 4006-wulin uptime is 41 weeks, 12 hours, 34 minutes System returned to ROM by power-on System restarted at 05:40:46 RPC Mon Sep 15 2003 System image file is bootflash:cat4000-is-mz.121-12c.EW1.bin cisco WS-C4006 (XPC8245) processor (revision 5) with 524288K bytes of memory. Processor board ID FOX05200BRH Last reset from PowerUp 144 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s) 403K bytes of non- volatile configuration memory. Configuration register is 0x2102 4006# 4006-wulin#sh run int f4/41 Building configuration... Current configuration : 141 bytes ! interface FastEthernet4/41 no switchport ip address 10.10.1.213 255.255.255.252 duplex full speed 100 end 4006# === Cool Things Happen When Mac Users Meet! Join the community in Boston this July: www.macworldexpo.com Vodafone Group Services Limited Registered Office: Vodafone House, The Connection, Newbury, Berkshire RG14 2FN Registered in England No. 3802001 This e-mail is for the addressee(s) only. If you are not an addressee, you must not distribute, disclose, copy, use or rely on this e-mail or its contents, and you must immediately notify the sender and delete this e-mail and all copies from your system. Any unauthorised use may be unlawful. The information contained in this e-mail is confidential and may also be legally privileged.
Re: Can a customer take IP's with them?
On Tue, 29 Jun 2004, Alex Rubenstein wrote: No. This is a clear situation where the customer has canceled his service with us in writing. Ok, important point. b) In regards to your passage, because the customer just appears to be another multi-homed customer of yours, this is a key point. The customer *WILL NOT* be a customer of NAC any longer once they physically leave. The key point here is that the customer has gotten a TRO, which allows them to take the IP address space that is allocated to NAC with them, and NOT HAVE ANY SERVICE FROM NAC. NAC WILL NOT BE ONE OF THE NETWORKS THAT THEY ARE MULTIHOMED TO. This is ths real issue. The restraining order forces you to deliver services to the (ex)customer. Why? Because both the court and apparently the customer do not understand the issue. So things like handing the IP space back to ARIN, assuming it was the only customer on the /24 or you could renumber you other ones, would still be a bad idea. You can play a lot of technical games, but in general courts really dislike technical games. They don't understand them, and consider it close to being in contempt of the court. So the best option you have left is put the ignorance's cost on the people who deserve it. Invoice ex-customer an exorbitant amount of money to keep the infrastructure he needs for his IP's to remain working, *within* your facility. Being under a restraining order doesn't mean you are not entitled to be reimbursed of the costs of the result of such a restraining order. Also, it is not your problem that he can't use his IPs once he moves. He will need to pull a wire, and that happens to be very *very* expensive with NAC, and even if he doesn't want to do business with NAC, he can't use someone elses services. Send the bill. Ensure the payment expires as soon as possible. Then, even if you cannot disconenct the customer until a higher/sane court looked at the matter, you are clearly showing good faith to the courts and the customer, and might actually be awared those bills in a higher court. And talk to the EFF (Cindy Cohn), they might have had similar cases or jurispudence that matches this case closely. You might also want to talk to Robin Gros (former EFF, now IP-Justice) since she might have had similar cases happening when she was working at the EFF herself. And yes, I would also put the restraining order verbatim on a website and solicit comments on it publicly. Paul
RE: BGP list of phishing sites?
my sister called me last night to tell me that she was unable to receive mail from southwest airlines, and that her e-ticket was in limbo for some flight somewhere. i checked and sure enough southwest airlines has sent me three or messages per day that i don't want, for most days out of the last six months. since neither southwest nor their ISP was willing to take any responsibility for this unwanted e-mail, i blackholed them, and i guess that means they'll have to fax that e-ticket. or something. it's not my problem. meanwhile your sister has the hassle of getting southwest to send that fax, or changing her travel plans. i'm sure glad you're not running my isp. --mat
Re: Can a Customer take their IP's with them? (Court says yes!)
Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: Regardless, this is not a telephony issue (Can I take my cell number with me?), as the courts as seem disposed to diagnose these days, but rather, a technical one insofar as the IP routing table efficiency. No, this is not about taking a phone number. This is about a someone moving to a new apartment in a different part of town, and asking the court to force the owner of the old house to reassign the old street address to him. --Johnny
Re: BGP list of phishing sites?
None of this would be an issue, if abuse desks were: 1. Responsive 2. Responsible 3. Empowered 4. Accountable Today, they are none of the above. A lot of people on this list are opposed to increasing government regulation of the Internet industry. But how would you feel about a law which required all network operators to have an abuse department which is responsive, responsible, empowered and accountable? Now that is an area where the FCC and CRTC and Ofcom and the ACA could probably do some good for the industry. --Michael Dillon
Re: BGP list of phishing sites?
When a provider hosts a phishing site for _weeks on end_ and does _nothing_ despite being notified repeatedly, sometimes a blacklist is the only cluebat strong enough to get through the provider's thick skull. If they are notified that they are an accessory to a crime and do not take any action, then doesn't this make the provider liable to criminal charges? Did you really inform the provider's legal department of this fact or did you just send an email to some dumb droids in the abuse department? Quite frankly, I don't consider messages to the complaints/abuse department to be notice. How long does it take to find a head office fax number and draft up a legalistic looking notice document addressed to their legal department? Some people in this industry seem to want to manage it as a secret club for insiders and solve all problems of the industry in one cliquish venue. I just don't think that is an appropriate way to operate on the scale of today's Internet. --Michael Dillon
Re: Can a Customer take their IP's with them? (Court says yes!)
Can we stop the analogies before they begin. This is not the PSTN, comparing it to the PSTN appears to be where the court is going wrong. This is the Internet. It is internationally accepted policy that IP space is issued under a kind of license that does not give ownership or transferability. It is also part of the fundemental operation of the Internet that address space remains aggregated and that customers borrow space from the provider and if they move they get given new address space by the new provider. This is agreed by IANA, the RIRs, the ISPs. Steve On Tue, 29 Jun 2004, Johnny Eriksson wrote: Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: Regardless, this is not a telephony issue (Can I take my cell number with me?), as the courts as seem disposed to diagnose these days, but rather, a technical one insofar as the IP routing table efficiency. No, this is not about taking a phone number. This is about a someone moving to a new apartment in a different part of town, and asking the court to force the owner of the old house to reassign the old street address to him. --Johnny
Re: Can a Customer take their IP's with them? (Court says yes!)
Johnny Eriksson wrote: Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: Regardless, this is not a telephony issue (Can I take my cell number with me?), as the courts as seem disposed to diagnose these days, but rather, a technical one insofar as the IP routing table efficiency. No, this is not about taking a phone number. This is about a someone moving to a new apartment in a different part of town, and asking the court to force the owner of the old house to reassign the old street address to him. All the places I have ever been, the address was assigned by somebody other than the building owner, ususally as a product of legislative action. A court order can not require the paramedics from New York to respond to a call now from Juneau.
Re: The use of .0/.255 addresses.
Tony Hain [EMAIL PROTECTED] wrote: While it is often great sport to poke at MS, did you consider that this might have nothing to do with classfullness or CIDR? I believe you will find that 0 -1 are invalid for whatever netmask the windows stack is given. I think you may be confused about the problem. Let's not mask the IP addresses that I spotted this problem, but get them out into the open. (BTW, don't bother probing these addresses to retrace my steps, some hosts are now down, firewalled, or roaming the aisles of Gotts Road in ghostly torment.) On the one end of the connection, we have a Windows 2000 box with the IP address 217.169.21.28 and a Linux box with the adjacent IP address 217.169.21.29. These are on a LAN with a 255.255.255.240 netmask. In classful parlance, it is a Class C that has been subnetted. I also have a packet sniffer on the network. On the other end of the connection, we have a Linux box with the IP address 195.92.249.0. I forget the exact netmask, but it was around the /19 or /20 mark. In classful parlance, it is a Class C that has been supernetted. From the Windows box, I can ping 195.92.249.0 fine. I can't seem to ssh to that IP though. Break out the packet sniffer. I ping, and the packet sniffer shows packets leaving, and coming back ~25ms later. Good. I fire up telnet and point it at port 22. Connection refused. Packet sniffer shows no traffic. Double-checking from the Linux box, I can ping and telnet to port 22, and I get packets flowing just fine. By the way, the Windows 2000 box is stock install, with no service packs, personal firewall software, antivirus stuff, etc, etc. In other words a sitting duck :) but it does mean that the problems aren't caused by third-party software. You will note that 195.92.249.0 is not all-bits-zero or all-bits-set (0 -1) on 217.169.21.16/28. Therefore it is a perfectly valid IP address. Windows has *no* business interpreting IP addresses outside its limited view of the world. You might also find that some 'features' are mitigation for exploits that existed at one time Exactly what exploits are mitigated by blocking TCP connections, but letting ICMP through just fine? It's not as if worms can't create raw sockets and create packets (with or without the evil bit) as appropriate. (possibly long before some of the thread participants were in high school). I'm older than TCP/IP and the Internet. I'd left school well before Windows had heard of the Internet. Haven't got the Unix hacker beard yet though :) -- PGP key ID E85DC776 - finger [EMAIL PROTECTED] for full key
Re: Can a customer take IP's with them?
Alex, I think one avenue of approach will be to see if ARIN would grant you another contiguous block to replace not just what the customer got but the entire block they have polluted. If they will not, as I suspect, then you can show that the TRO while upholding the status quo is causing you harm, since the space is not something that can be replaced. -vb - Original Message - From: Alex Rubenstein [EMAIL PROTECTED] To: Florian Weimer [EMAIL PROTECTED] Cc: [EMAIL PROTECTED] Sent: Tuesday, June 29, 2004 2:47 AM Subject: Re: Can a customer take IP's with them? On Tue, 29 Jun 2004, Florian Weimer wrote: * Alex Rubenstein: b) customer is exercising the right not to renew the business agreement, and is leaving NAC voluntarily. The customer probably has a different opinion on this particular topic, doesn't he? No. This is a clear situation where the customer has canceled his service with us in writing. If there's a contract dispute, it actually makes a lot of sense to issue the order you quoted. There's no harm to you (or the Internet as a whole) because the customer just appears to be another multi-homed customer of yours, provided that the prefix that is involved reaches a certain size. OTOH, if you were allowed to reassign the IP address space while the dispute is being resolved, this could severely harm the customer's business. Of course, this setup can be just temporary. If you are ordered to permanently give up that particular prefix, then you'll have reason to complain. I can't address all of the points you raise, but I can say the following: a) NAC did not terminate the customers service in any respect. The customer chose, on his own, to terminate their service with us. This fact is undisputed. Also, NAC was willing to continue the customers service (we were not forcing them out the door). b) In regards to your passage, because the customer just appears to be another multi-homed customer of yours, this is a key point. The customer *WILL NOT* be a customer of NAC any longer once they physically leave. The key point here is that the customer has gotten a TRO, which allows them to take the IP address space that is allocated to NAC with them, and NOT HAVE ANY SERVICE FROM NAC. NAC WILL NOT BE ONE OF THE NETWORKS THAT THEY ARE MULTIHOMED TO. c) In regards to the tail-end of your mail, what you propose (the temporary reassignment of space to an ex-customer) is in (as I intepret ARIN policy) direct contradiction and violation of ARIN policy. If this policy were to stand, what prevents cable modem users, or dialup users, or webhosting customers, the right to ask to take their /32 with them? Regards,
Re: Strange behavior of Catalyst4006
Joe Shen wrote: I'm sorry I made a mistake the subnet between catalyst4006 and customer's firewall is 10.10.1.213/30, Catalyst4006's interface address is 10.10.1.213, firewall's interface address is 10.10.1.214. Have you tried enabling a monitor port on the Cat4k and sniffing what exactly is going on? -- Robert Blayzor, BOFH INOC, LLC [EMAIL PROTECTED] PGP: http://www.inoc.net/~dev/ Key fingerprint = 1E02 DABE F989 BC03 3DF5 0E93 8D02 9D0B CB1A A7B0 Esc key to reboot Universe, or any other key to continue...
Re: The use of .0/.255 addresses.
On Tue, 29 Jun 2004, Peter Corlett wrote: Tony Hain [EMAIL PROTECTED] wrote: While it is often great sport to poke at MS, did you consider that this might have nothing to do with classfullness or CIDR? I believe you will find that 0 -1 are invalid for whatever netmask the windows stack is given. I think you may be confused about the problem. Let's not mask the IP addresses that I spotted this problem, but get them out into the open. (BTW, don't bother probing these addresses to retrace my steps, some hosts are now down, firewalled, or roaming the aisles of Gotts Road in ghostly torment.) Step back.. The windows box does not have the problem IP directly connected nor does it have it specifically in its routing table, it is also not in the same classful network as the problem IP. Therefore netmasks are not involved, therefore it should not do anything other than forward it to the default. Afaik this is true of both classful and classless networking. Steve On the one end of the connection, we have a Windows 2000 box with the IP address 217.169.21.28 and a Linux box with the adjacent IP address 217.169.21.29. These are on a LAN with a 255.255.255.240 netmask. In classful parlance, it is a Class C that has been subnetted. I also have a packet sniffer on the network. On the other end of the connection, we have a Linux box with the IP address 195.92.249.0. I forget the exact netmask, but it was around the /19 or /20 mark. In classful parlance, it is a Class C that has been supernetted. From the Windows box, I can ping 195.92.249.0 fine. I can't seem to ssh to that IP though. Break out the packet sniffer. I ping, and the packet sniffer shows packets leaving, and coming back ~25ms later. Good. I fire up telnet and point it at port 22. Connection refused. Packet sniffer shows no traffic. Double-checking from the Linux box, I can ping and telnet to port 22, and I get packets flowing just fine. By the way, the Windows 2000 box is stock install, with no service packs, personal firewall software, antivirus stuff, etc, etc. In other words a sitting duck :) but it does mean that the problems aren't caused by third-party software. You will note that 195.92.249.0 is not all-bits-zero or all-bits-set (0 -1) on 217.169.21.16/28. Therefore it is a perfectly valid IP address. Windows has *no* business interpreting IP addresses outside its limited view of the world. You might also find that some 'features' are mitigation for exploits that existed at one time Exactly what exploits are mitigated by blocking TCP connections, but letting ICMP through just fine? It's not as if worms can't create raw sockets and create packets (with or without the evil bit) as appropriate. (possibly long before some of the thread participants were in high school). I'm older than TCP/IP and the Internet. I'd left school well before Windows had heard of the Internet. Haven't got the Unix hacker beard yet though :)
Re: Can a customer take IP's with them?
On Tue, 29 Jun 2004, Alex Rubenstein wrote: c) In regards to the tail-end of your mail, what you propose (the temporary reassignment of space to an ex-customer) is in (as I intepret ARIN policy) direct contradiction and violation of ARIN policy. If this policy were to stand, what prevents cable modem users, or dialup users, or webhosting customers, the right to ask to take their /32 with them? That's an unrealistic (exaggerated) end result if this case becomes precedent. Among networks that filter incoming BGP routes, AFAIK, it's common policy to ignore /24 prefixes. Announcing /32 routes into BGP would not give anywhere near the global reachability as doing the same with /24 or shorter prefixes. If the [ex-]customer is and remains multihomed (pretty likely if they got PI space), this doesn't even change the size of the global routing table. I assume we have their route now through NAC and some other provider. In a few weeks, we'll still see their route through the other provider and perhaps a new other provider. I still don't agree with what they've done. If someone figures out the IP block in question let me know. I suspect Alex can't post it without being in violation of the TRO since he knows what we'll do with it. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Can a customer take IP's with them?
VJB Date: Tue, 29 Jun 2004 07:33:28 -0400 VJB From: Vincent J. Bono VJB I think one avenue of approach will be to see if ARIN would VJB grant you another contiguous block to replace not just what VJB the customer got but the entire block they have polluted. I thought of that, too. However, that would require NAC renumbering an entire /17 because an ex-customer is too lazy to renumber a /24.[*] If NAC's ex-customer thinks renumbering a /24 is excessive, what about something two orders of magnitude larger? [*] I'm assuming Sabri's lookups yielded a correct answer. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _ DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked.
Re: Can a Customer take their IP's with them? (Court says yes!)
SB Date: Tue, 29 Jun 2004 09:34:03 +0200 SB From: Sabri Berisha [ editted ] SB As for the netblock: I just did a quick scan and here is what SB I found: SB I'm not sure wether or not 64.21.1.0/24 is the disputed SB netblock, but this seems the only more specific without SB AS8001 in the path. oregon-ix shows _8001_25702$ for that netblock. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _ DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked.
Re: Can a customer take IP's with them?
JL Date: Tue, 29 Jun 2004 08:08:03 -0400 (EDT) JL From: Jon Lewis JL If someone figures out the IP block in question let me know. I don't know the rogue netblock, but http://www.fixedorbit.com/cgi-bin/cgirange.exe?ASN=8001 may prove insightful. I believe there are people who track announcements and withdrawals; BGP history probably would prove insightful. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _ DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked.
RE: Strange behavior of Catalyst4006
Joe, If you are using NAT 0 you need to have a static translation enabled. Otherwise when the machine first comes up it arp's which creates an xlate entry on the PIX which times out when the inactivity timer runs out. This causes behavior similar to what you are experiencing Scott C. McGrath On Mon, 28 Jun 2004, Greg Schwimer wrote: Some things you can look into: firewall interface(10.10.1.122/30). ip route 192.168.5.0 255.255.255.0 10.10.1.124 Is that the firewall interface is 10.10.1.122, or is it 10.10.1.124? 10.10.1.122 is a host address in the 10.10.1.120/30 subnet. 10.10.1.124 is a /30 network. Either way, you're dealing with two different subnets. Oddly, it's working sometimes. At the very begining all system works fine. After sometime they said they could not acces their email/web/dns server from host outside their company's network... We restart ( shut; noshut) the fastethernet interface on Catalyst4006, and then servers' network access recovered. Sounds suspiciously like an IP conflict or some MAC weirdness with the firewall's or 4006's IP. Is the connection between the 4006 and the customer's firewall a basic crossover, or does the customer have a hub/switch on their side? Assuming the subnetting statement I've made above is based on erroneous info, check your arp cache/mac table when it *is* working. Write down the MAC for the customer's firewall. When it stops working, check the arp cache/mac table again. Compare the MACs to be sure they're the same. Just for giggles, clear the arp cache and see if that fixes it. If that doesn't, clear the entry from the cam table. Good luck... Greg Schwimer
Re: Can a Customer take their IP's with them? (Court says yes!)
Regardless, this is not a telephony issue (Can I take my cell number with me?), as the courts as seem disposed to diagnose these days, but rather, a technical one insofar as the IP routing table efficiency. No, this is not about taking a phone number. This is about a someone moving to a new apartment in a different part of town, and asking the court to force the owner of the old house to reassign the old street address to him. [ hey johnny! long time no see. will you be at nordnog? if so, i will press even harder to go. or, if they wish to keep the phone analogy, it needs to be made clear to the relevant court that the phone number is analogous to the domain name, and the ip space is analogous to the actual coding in the switches. the question would seem to be one of who/how best to educate the court. their issuing a tro when they are not sure makes some sense. randy
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, Jun 29, 2004 at 12:47:42AM -0400, Patrick W Gilmore wrote: On Jun 29, 2004, at 12:44 AM, Patrick W Gilmore wrote: Of course, if you just happen to uphold INTERNET STANDARDS and only accept routes from where they should originate, I'll buy you a drink at the next NANOG for being a good netizien. :) P.S. That was a serious offer to any and all ISPs. Yes, I realize I am opening myself to buying quite a few drinks, but that's the point, or at least the hope. Just let me know you are ... uhhh ... adhering to Internet standards (in private e-mail) by the end of the week to claim your drink. :) Of course, since you're doing this based on email that NAC sent, who has been enjoined from directly or indirectly preventing the customer from using their IP space, you may be opening NAC up to further liability. I'm not necessarily opposed to the idea, but it needs to be clear that you aren't doing this at NAC's request, and even so, the judge may take a dim view of NAC's involvement. Bob
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004, Bob Snyder wrote: Of course, since you're doing this based on email that NAC sent, who has been enjoined from directly or indirectly preventing the customer from using their IP space, you may be opening NAC up to further liability. Of course, using this line of reasoning, NACs original email to the list could easily be argued to be an indirect intervention. If I were the TRO holder, and my announcement started to become a new bogon, I'd be at the judges doorstep with the entire NANOG thread in my hand :-/ //Alif
Re: BGP list of phishing sites?
meanwhile your sister has the hassle of getting southwest to send that fax, or changing her travel plans. i'm sure glad you're not running my isp. if i were running your isp, paying customers would get to choose.
Re: Can a customer take IP's with them?
On Tue, 29 Jun 2004, Edward B. Dreger wrote: JL Date: Tue, 29 Jun 2004 08:08:03 -0400 (EDT) JL From: Jon Lewis JL If someone figures out the IP block in question let me know. I don't know the rogue netblock, but http://www.fixedorbit.com/cgi-bin/cgirange.exe?ASN=8001 More likely the block in question is being announced by different ASN or announced as part of large NAC space and as such will not show up directly on the above page. I've suspicions this maybe Pegasus Web Technologies (AS25653), who are probably largest NAC customer (at least based on how often their name is seen when querying rwhois.nac.net) and who got direct ARIN ip block 69.57.160.0/19 right about year ago on 6-20-2003 (but before they already had ip block 216.67.224.0/19 and afterwards they received 69.72.128.0/17 from ARIN in September 2003). In addition to all that they are using lots of other blocks which are the ones directly from NAC space, since NAC is using custom whois server, I can't quickly create exact list, but my estimate it it maybe close to /18. They are probably just lazy to work on moving out of that space, eventhough more then likely they promised to do that two years ago or more when they got first direct ARIN block. But I'm just speculating here, we'll not know for sure until we see large chunk of NAC space announced from somewhere else without having even one NAC transit route in any route server (and if its indeed comes 25653, then my guess is right). -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: Can a Customer take their IP's with them? (Court says yes!)
On Mon, Jun 28, 2004 at 09:38:12PM -0700, william(at)elan.net wrote: What you really should try is to have ARIN provide friend of the court brief and to explain to judge policies and rules in regards to ip space, so you need to have your laywer get in touch with ARIN's lawyer. You can probably even force them to provide a statement or testimony (if they don't volunterily) as part of discovery process. P.S. You might as well provide name of the customer now. Since its gone through court, its all now public info (i.e. TRO) anyway. http://www.e-gerbil.net/ras/nac-case/ -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
RE: Can a customer take IP's with them?
VJB From: Vincent J. Bono VJB I think one avenue of approach will be to see if VJB ARIN would grant you another contiguous block to VJB replace not just what the customer got but the VJB entire block they have polluted. Edward B. Dreger I thought of that, too. However, that would require NAC renumbering an entire /17 because an ex-customer is too lazy to renumber a /24.[*] If NAC's ex-customer thinks renumbering a /24 is excessive, what about something two orders of magnitude larger? Indeed, but that's not the worst part. Should this happen, it would mean that the ex-customer just got PI space for free. Then the floodgates would open and a bunch of why-not-me-too would sue their ISPs to transform their PA block into a free PI block. Michel.
RE: Can a customer take IP's with them?
william(at)elan.net I've suspicions this maybe Pegasus Web Technologies (AS25653), Good catch William!
RE: Can a customer take IP's with them?
I have assigned the ARIN General Counsel, who is an experienced litigator, the task to review and prepare the necessary filings to either intervene formally in the New Jersey case, or as an amicus. ARIN will be striving to educate the court to understand more accurately the legal and policy issues involved. Raymond A. Plzak President CEO
Re: Can a Customer take their IP's with them? (Court says yes!)
Since all NSP's, ISP's, ALEC's, BLEC's and CLEC's adhere to this accepted behavior and there are more than 100 I blieve the court would be on the side of the plaintiff under the 3rd amendment of the constitution. It is my understanding that doing otherwise will cause an administrative nightmare and harm to the standard numbering system across vast segments of the industry and would create greater security risks than at present. It would cause enconomic harm to software writen specifically towards the current system and force redistribution of software and or fixes that could be disruptive for months on end. Worse case scenario. I think this is a bad precedent, and poor judgement on the part of the defendent ISP, for the small number block they have. The long term potential harm could result in small ISP's not being able to get number blocks thus making it more difficult for small companies to gain better backbone access, from their Tier 1 host counterparts and could trigger a potentional shakeout in the industry. Have A nice day... -Henry --- Stephen J. Wilcox [EMAIL PROTECTED] wrote: Can we stop the analogies before they begin. This is not the PSTN, comparing it to the PSTN appears to be where the court is going wrong. This is the Internet. It is internationally accepted policy that IP space is issued under a kind of license that does not give ownership or transferability. It is also part of the fundemental operation of the Internet that address space remains aggregated and that customers borrow space from the provider and if they move they get given new address space by the new provider. This is agreed by IANA, the RIRs, the ISPs. Steve On Tue, 29 Jun 2004, Johnny Eriksson wrote: Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: Regardless, this is not a telephony issue (Can I take my cell number with me?), as the courts as seem disposed to diagnose these days, but rather, a technical one insofar as the IP routing table efficiency. No, this is not about taking a phone number. This is about a someone moving to a new apartment in a different part of town, and asking the court to force the owner of the old house to reassign the old street address to him. --Johnny
Re: Can a Customer take their IP's with them? (Court says yes!)
Worse case scenario. I think this is a bad precedent, and poor judgement on the part of the defendent ISP, for the small number block they have. The long term potential harm could result in small ISP's not being able to get number blocks thus making it more difficult for small companies to gain better backbone access, from their Tier 1 host counterparts and could trigger a potentional shakeout in the industry. the current social environment encourages self-interest over responsibility. as i learned when doing the verio ma of 60+ isps, think locally, act globally is the motto of the small to medium isp. as the market continues to 'mature' (think aerospace in the late '60s) the desperation of the small and the greed of the large will not lessen the pressures toward social irresponsibility. randy
Re: Can a Customer take their IP's with them? (Court says yes!)
The TRO is irrelevant, The courts made the wrong decision, did anyone actually think they would have a clue? Here is the solution: Black ball the /24 that the customer is taking with them. Black hole any AS that announces that /24 'illegally'. The courts don't need to follow the RFC or even know what the acronym stands for. The Internet should follow the RFC and should come to the defense of NAC and the Internet routing table. Any AS that picks up that customer and announces the netblock gets their entire AS routed to Null0. Pretty simple really, doesn't matter what the courts do. They don't have jurisdiction over me or any other ISP for that matter. They cant tell me what I do to my routers. The result is NAC removes the offending /24 from their announcements and follows the TRO so they don't get in trouble. The Internet heals around the courts TRO by rejecting that /24 from anyone else. The customer must change to their own IPs or they lose access completely. OrgName:Net Access Corporation OrgID: NAC Address:1719 STE RT 10E Address:Suite 111 City: Parsippany StateProv: NJ PostalCode: 07054 Country:US ReferralServer: rwhois://rwhois.nac.net:43 NetRange: 207.99.0.0 - 207.99.127.255 CIDR: 207.99.0.0/17 NetName:NAC-NETBLK01 -Matt
Re: Can a customer take IP's with them?
On Jun 29, 2004, at 11:24 AM, Ray Plzak wrote: I have assigned the ARIN General Counsel, who is an experienced litigator, the task to review and prepare the necessary filings to either intervene formally in the New Jersey case, or as an amicus. ARIN will be striving to educate the court to understand more accurately the legal and policy issues involved. I would like to publicly applaud ARIN stepping up to the plate on this. (Sorry for the AOL-ish post, but ARIN gets a lot of bad press here and I figure they deserve kudos when they Do The Right Thing.) -- TTFN, patrick
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004 11:45:40 -0400, Matthew Crocker [EMAIL PROTECTED] wrote: The TRO is irrelevant, The courts made the wrong decision, did anyone actually think they would have a clue? Here is the solution: Perhaps before proposing a solution we should make sure that all the facts are in evidence. I might suggest since at least some of the legal documents are available to you at the url below you take time to read them. http://www.e-gerbil.net/ras/nac-case/ Its not clear at all that what the courts are proposing is that the customer be allowed to keep the addresses forever, just that they have adequate time for an orderly move. Its also not clear that NAC won't receive comensatation for use of their resources. I think those people who have done service provider moves realize that without the help of their old service provider their life could well be hellish. If the requirements for the lack of IP portability are indeed purely technical and not some effort to hold onto customers then service providers have a duty to make almost any reasonable effort to make the transition as painless as possible -- Brad Passwaters -- [EMAIL PROTECTED]
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004, Matthew Crocker wrote: The TRO is irrelevant, The courts made the wrong decision, did anyone actually think they would have a clue? Actually, after reading most of the papers which Richard just made available at http://www.e-gerbil.net/ras/nac-case/ I don't see that court made an incorrect decision (it however should have been more clear enough on when TRO would end in regards to ip space). If you read through http://www.e-gerbil.net/ras/nac-case/plantiff-affidavit1.pdf you'll see that NAC was blackmailing their client because they knew they could not quickly move out and so it permitted them to charge highier fees then they did other customers. Now, I do note that is probably just one side of the story, so likely there would be another side as this progresses through court (hopefully Richard will keep the webpage current with new documents), atlthough I have to tell you what I saw mentioned so far did not show NAC or its principals in the good light at all. Now as far as TRO, its by definition temporary order, but I do wish that the temporary part was more emphasised as far as IP addresses and it was made clear that client MUST work on moving out of their existing NAC ip blocks and that space is not theirs to keep and they MUST given it to back to NAC. Now reasoanble timeframe is not exactly very precise defition (although this is what RFC2050 says I think), ARIN usually allows for 12 months as far as reasonable timeframe to renumber, personally I think this is MAX timeframe to do so and as far as TRO should be taken as last deadline, but that court must set shorter deadline and review process (like ever 3 months) to make sure client is complying and moving out or NAC space. If that is done, I would not have a problem with TRO. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: Can a Customer take their IP's with them? (Court says yes!)
On Jun 29, 2004, at 9:28 AM, Bob Snyder wrote: Of course, since you're doing this based on email that NAC sent, who has been enjoined from directly or indirectly preventing the customer from using their IP space, you may be opening NAC up to further liability. I'm not necessarily opposed to the idea, but it needs to be clear that you aren't doing this at NAC's request, and even so, the judge may take a dim view of NAC's involvement. NAC had nothing to do with this. I have a long history in this and other forums of promoting aggregation, with the notable exception of multi-homed *TRANSIT CUSTOMERS* announcing routes via BGP. Suggesting providers not accept prefixes which violates both my personal views and standard Internet doctrine is not something Alex told me to do. In fact, I applaud his discretion for not even mentioning the prefix, customer, AS, or anything else which would even HINT that he would violate the court order. In fact, I have suggested that he not do so here in this forum, and Alex has posted language from the TRO stating he is barred from doing so. IOW: This is simply another _operational_ suggestion to help make the Internet run more smoothly. -- TTFN, patrick
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, Jun 29, 2004 at 09:11:08AM -0700, william(at)elan.net wrote: Actually, after reading most of the papers which Richard just made available at http://www.e-gerbil.net/ras/nac-case/ I don't see that court made an incorrect decision (it however should have been more clear enough on when TRO would end in regards to ip space). If you read through It is very likely that Pegasus made the correct decision to protect their business, regardless what a bunch of engineers on NANOG think about the IP space question. It also seems that the TRO is about far more than IP space (i.e. the continuation of full transit services, at existing contract rates). then they did other customers. Now, I do note that is probably just one side of the story, so likely there would be another side as this progresses through court (hopefully Richard will keep the webpage current with new documents), atlthough I have to tell you what I saw mentioned so far did not show NAC or its principals in the good light at all. I would like to post the NAC response to this so that we can hear all sides of the story, but unfortunately the case was moved from the US District Court back to the NJ Superior Court, where I no longer have easy access to the documents. I would be happy to take offline submissions of the legal filings from anyone willing to waste more on this than the $0.07/page that PACER charges. :) -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
RE: Can a Customer take their IP's with them? (Court says yes!)
Why would the other side(new provider) violate ARIN policy and route the space? The court order doesn't apply to ARIN, or the new provider. I'd say it would be a violation of the agreement, but I'm not a lawyer. Just a thought. -M -- Martin Hannigan (c) 617-388-2663 VeriSign, Inc. (w) 703-948-7018 Network Engineer IV Operations Infrastructure [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Brad Passwaters Sent: Tuesday, June 29, 2004 12:02 PM To: Matthew Crocker Cc: [EMAIL PROTECTED] Subject: Re: Can a Customer take their IP's with them? (Court says yes!) On Tue, 29 Jun 2004 11:45:40 -0400, Matthew Crocker [EMAIL PROTECTED] wrote: The TRO is irrelevant, The courts made the wrong decision, did anyone actually think they would have a clue? Here is the solution: Perhaps before proposing a solution we should make sure that all the facts are in evidence. I might suggest since at least some of the legal documents are available to you at the url below you take time to read them. http://www.e-gerbil.net/ras/nac-case/ Its not clear at all that what the courts are proposing is that the customer be allowed to keep the addresses forever, just that they have adequate time for an orderly move. Its also not clear that NAC won't receive comensatation for use of their resources. I think those people who have done service provider moves realize that without the help of their old service provider their life could well be hellish. If the requirements for the lack of IP portability are indeed purely technical and not some effort to hold onto customers then service providers have a duty to make almost any reasonable effort to make the transition as painless as possible -- Brad Passwaters -- [EMAIL PROTECTED]
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, Jun 29, 2004 at 12:15:33PM -0400, Matthew Crocker wrote: Black holing is a drastic step but I think decisive action needs to be taken the Internet at large to protect the routing table. I know I would *love* to gain ownership of some of my space I have from Sprint. I'm too lazy to move out of that space but I do continue to by bandwidth from Sprint (have been doing so for 10 years now). If this holds up, maybe I'll try and sue Sprint ;) *this is a joke I'm not that irresponsible to the 'net* If you feel like having NAC held in contempt of court so that you can whine about the routing table, go right ahead. And you wonder why judges don't listen to engineers some days. Sheesh. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004, Patrick W Gilmore wrote: NAC had nothing to do with this. I have a long history in this and other forums of promoting aggregation, with the notable exception of multi-homed *TRANSIT CUSTOMERS* announcing routes via BGP. Suggesting providers not accept prefixes which violates both my personal views and standard Internet doctrine is not something Alex told me to do. To anyone considering doing something like this. Please do not resort to vigilante justice. While I agree that NAC should not have to route this IP addressing to someone else's network, the TRO is exactly that Temporary. NAC and a customer had a dispute. That dispute is before a court. The court said there would be no immediate harm to NAC to continue providing this IP addressing to their customer (NAC is still being compensated for it). If this customer tries to do something that causes NAC immediate harm, then NAC can bring that before the court. We are not to act on the courts behalf to harm another Internet provider under any circumstances. Do also understand that you are seeing one side of the case presented on NANOG. The other side has chosen not to play this out in a public forum. UCI tried to work this out with NAC. Now they are trying to work this out with a judge. Don't add NANOG and the network community to the list of people they have to reconcile with once this is over. The court has not GIVEN the IP addressing to UCI. They just forbid NAC from cutting UCI's legs out from underneath them while UCI moves. I think UCI poses some interesting questions about NAC's business practices in their case. Alex, while I think it sucks that a court had to force you to assist a customer in leaving your services, it doesn't sound like they had much choice from the TRO. I'd recommend you focus your efforts on explaining to a judge the issues that were brought up in the suit and forget about involving NANOG in your court disputes. Gerald A former customer of NAC who can sympathize with UCIs position.
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004 12:27:43 -0400, Hannigan, Martin [EMAIL PROTECTED] wrote: Why would the other side(new provider) violate ARIN policy and route the space? They would not be legaly obligated to do so by the current TRO. However note this is supposedly a temporay use of IP space. Some normal provider transtition might do end up with the same situation of routing the space. It could also be that the new provider is only used to route their new addresses while NAC in accordence with TRO continues to deliver service under the same conditons as the old agreement for the old address space. The court order doesn't apply to ARIN, or the new provider. I'd say it would be a violation of the agreement, but I'm not a lawyer. Just a thought. Did you mean it would not be a violation of the TRO? or where you saying the court counlt require others to break the currnet ARIN agreement/contact? In either case I would tend to agree but also am not a lawyer... In fact one might conclude that indeed the only way to currently prevent the customer from making a smooth transtion would be to stir up a bunch of ISP's and have *them* blackhole the customer purely on their own. Hmm what does natural and probable consequence mean again Brad
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue Jun 29, 2004 at 12:15:33PM -0400, Matthew Crocker wrote: From my understanding the customer has their own IP space allocated by ARIN and has had that space for over a year. They have already had adequate time to transition to their own space. The Internet routing table should not suffer due to the laziness of one customer. I can see if NAC kicked the customer off their network the *may* have a case. Without getting into the rights and wrongs of this case, this did flag up a couple of things that I noticed in the document: 1) They say that they are hindered in their renumbering by not being able to get a large enough block of addresses from ARIN (I forget the exact wording). Does this mean that NAC were lax with their IP allocation policy and let the customer have more addresses than ARIN policies would otherwise allow? If their new allocation is really the biggest issue, why not just go back and ask ARIN more nicely? 2) They say they have to write custom software to allow the renumbering. Is this related to them having to fit into a smaller address block? Otherwise, I don't see why there's such a big issue about having to write *new* software because of an IP renumber. Simon -- Simon Lockhart | Tel: +44 (0)1628 407720 (x(01)37720) | Si fractum Technology Manager | Fax: +44 (0)1628 407701 (x(01)37701) | non sit, noli BBC Internet Ops | Email: [EMAIL PROTECTED]| id reficere BBC Technology, Maiden House, Vanwall Road, Maidenhead. SL6 4UB. UK
Re: Can a Customer take their IP's with them? (Court says yes!)
The TRO reads to me along the lines that the customer wants protections from increased charges and fees (anything above normal rates) while they are able to move their equipment away from the co-located facilities. They do not wish to incur expenses from NAC for access to the facilities. I see nothing that would prevent NAC from charging their regular fees and expenses as long as the customer is using the IP space. I do see NAC as being restrained from re-assigning the IP space to another customer prior to the hearing on the merits of the case, and before the customer has had the opportunity to orderly move their equipment to new facilities. TROs usually have a short and finite life, lasting only until a hearing on the merits. If NAC is pursuing increased expenses, fees and other charges (above their contract rates) then perhaps the customer has a case. If that is not the case, then perhaps the court is slightly out of line. The old legal trick of moving a case from Federal Court to a state court, is a common legal tactic where friendly judges and judge shopping can take place ( Think the SCO action against IBM over the Unix/Linux debacle) It also appears there is much more to the story, from both sides, and picking one catch-all paragraph from the TRO does not really tell the story, but tends to spread FUD. Not an attorney
Re: Can a Customer take their IP's with them? (Court says yes!)
The old legal trick of moving a case from Federal Court to a state court, is a common legal tactic where friendly judges and judge shopping can take place ( Think the SCO action against IBM over the Unix/Linux debacle) It's not a trick - the requirements for removal jurisdiction within the Federal court system are rather strict. And even so, in a non-Fedreal question issue (which this clearly appears to be), Erie requires the use and application of state substantive law to decide the case. Judge shopping sounds interesting, but it's about 99.999% myth. It also appears there is much more to the story, from both sides, and picking one catch-all paragraph from the TRO does not really tell the story, but tends to spread FUD. Indeed. Reading the intial filings (which I've yet to have time to find) and the memorandum of order would be necessary before any meaningful discussion should even be considered. Not an attorney Me eithertill mid-2006 or so. -ed - [EMAIL PROTECTED]
Re: Can a Customer take their IP's with them? (Court says yes!)
If you read through http://www.e-gerbil.net/ras/nac-case/plantiff-affidavit1.pdf you'll see that NAC was blackmailing their client because they knew they could not quickly move out I think that argument is close to being bogus. The agreement doesn't say that they have to be out in 45 days: Following a mailing of a notice of an increase of base prices, customer shall have ten days from the effective date of the increase to provide NAC with a written request to terminate service. ... If customer elects to terminate, such notice shall be effective thirty days following receipt of customer's notice to terminate. So, it's 45 + 10 + 30 = 85 days. They mention 60 megawatts of power. It seems to me that the focus shouldn't be on the easy task of renumbering a /24 in 85 days (is it really just a /24?), but on moving the servers :-) There is mention of increased power charges (up to $18,000) and usage of 60Mw. Isn't $20/amp/month still a standard charge in co-lo sites? If so, $18,000 buys 900amps. With 120V service, we get (120*900)/1.67 = 65kw. 65kw over 30 twenty-four hour days is about 47Mw. So, the customer is getting a deal. -mark
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004 12:27:43 -0400 Hannigan, Martin [EMAIL PROTECTED] wrote: Why would the other side(new provider) violate ARIN policy and route the space? The court order doesn't apply to ARIN, or the new provider. I'd say it would be a violation of the agreement, but I'm not a lawyer. Just a thought. i suspect this will turn out to be a non-issue, even of the new provider routes the blocks and nac.net strictly obeys the requirements of the TRO. the blocks broken out of the aggregates are probably (i haven't looked) likely to be dropped by filters at many large providers, which will seriously limit their utility. so i think both nac.net and the new provider should do the obvious TRO compliant things while nac.net hashes it out in court. the customer will likely discover somewhere down the line that they've shot themselves in the foot, as they won't be able to afford to sue _everyone_ who is dropping their announcements as part of normal filter policy going back many years. i don't think anyone should be changing policies in response to this. let it play out in court. for most ISPs, change nothing seems like the smart response. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004, Simon Lockhart wrote: 1) They say that they are hindered in their renumbering by not being able to get a large enough block of addresses from ARIN (I forget the exact wording). Does this mean that NAC were lax with their IP allocation policy and let the customer have more addresses than ARIN policies would otherwise allow? If their new allocation is really the biggest issue, why not just go back and ask ARIN more nicely? I've seen similar claims by others before. Having gone through the procedure myself, I'd guess one of two cases. 1) Pegasus did a poor job with their ARIN-NET-ISP request and failed to convince ARIN that they were efficiently utilizing the amount of PA IP space they wanted to replace with PI and renumber into or the speed with which they intended to renumber. 2) ARIN gave Pegasus an initial allocation insufficient to cover their entire network with the understanding that Pegasus would begin renumbering and do another ARIN-NET-ISP request when they'd used up the initial allocation and returned a similar amount of IP space to NAC. I doubt anyone will comment as to which of these is closest to reality. Case 2 wouldn't surprise me at all when the space involved is much more than ARIN's minimum allocation. 2) They say they have to write custom software to allow the renumbering. Is this related to them having to fit into a smaller address block? Otherwise, I don't see why there's such a big issue about having to write *new* software because of an IP renumber. They probably either meant custom software (perhaps just shell scripts) to partially automate parts of the renumbering process, or that whatever software they use on their hosting resale systems is somewhat inflexible with IP addressing and would need to be hacked to deal with dual IP blocks during the transition. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
RE: Can a customer take IP's with them?
Bravo. - ferg -- Ray Plzak [EMAIL PROTECTED] wrote: I have assigned the ARIN General Counsel, who is an experienced litigator, the task to review and prepare the necessary filings to either intervene formally in the New Jersey case, or as an amicus. ARIN will be striving to educate the court to understand more accurately the legal and policy issues involved. Raymond A. Plzak President CEO -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED]
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004, Richard Welty wrote: i suspect this will turn out to be a non-issue, even of the new provider routes the blocks and nac.net strictly obeys the requirements of the TRO. the blocks broken out of the aggregates are probably (i haven't looked) likely to be dropped by filters at many large providers, which will seriously limit their utility. We're not talking about a /24 or longer prefix here. Based on the amount of ARIN space Pegasus has and claims they've made, I'd guess they must have somewhere in the neighborhood of a /16 worth of NAC space, probably in several blocks of /24 and shorter. So, how do your filters tell the difference between these broken out NAC routes through a new provider and multihomed customer routes with the primary provider's connection down? -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Attn MCI/UUNet - Massive abuse from your network
Steve Linford wrote: The statement by Ben Browning: I know several businesses who have, and a great many people who have blocked UUNet space from sending them email ... by using ... the SBL is false, the SBL has never blocked UUNet/MCI IP space that wasn't directly in the control of spammers. If Mr Browning does indeed know several businesses and a great many people whose UUNet/MCI IP space has been blocked by the SBL, then Mr Browning knows several spam outfits and a great many spammers. Let me rephrase: I know several businesses and a great many people who block *parts* of UUNet by the SBL and *larger* parts of it by means of SPEWS, blackholes.us, et al. Regardless, the SBL does block *some* UUNet space, much of which(according to responses here) no longer belongs to the spammers. Sorry for any confusion my poor choice of words may have caused. -- Ben Browning [EMAIL PROTECTED] The River Internet Access Co. WA Operations Manager 1-877-88-RIVER http://www.theriver.com
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, Jun 29, 2004 at 01:14:05PM -0400, Richard Welty wrote: On Tue, 29 Jun 2004 12:27:43 -0400 Hannigan, Martin [EMAIL PROTECTED] wrote: Why would the other side(new provider) violate ARIN policy and route the space? The court order doesn't apply to ARIN, or the new provider. I'd say it would be a violation of the agreement, but I'm not a lawyer. Just a thought. i suspect this will turn out to be a non-issue, even of the new provider routes the blocks and nac.net strictly obeys the requirements of the TRO. the blocks broken out of the aggregates are probably (i haven't looked) likely to be dropped by filters at many large providers, which will seriously limit their utility. I haven't really read the court decision, but there might be ways to work around this, if both providers want. Assign an IP-address to the customer out of the new providers space, dig a tunnel to the old provider, route the customers net through the tunnel. From the outside it will look like the customer is still connected to the old ISP, but the physical connection goes to the new one. Did the court actually rule, that the new provider has to announce the network via BGP to its peers or did the court rule, that the customer must be reached via his old IPs for a limited amount of time? The second option can be fullfilled without announcing PA-Space in other networks or something like this. At least if the providers REALLY want to. Yes it is not really nice, but it is just a workaround. Somebody has to think about the costs for the additional traffic (especially for the old provider), but well ... You do not get service for free. Nils
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004 13:32:30 -0400 (EDT) Jon Lewis [EMAIL PROTECTED] wrote: So, how do your filters tell the difference between these broken out NAC routes through a new provider and multihomed customer routes with the primary provider's connection down? i've played this game from the multi-homed customer side before. you get your second provider to route the smaller space, and you expect the small announcements to be dropped by some ISPs and depend on the aggregate from your first provider to cover your bases there. it only works as long as the first provider continues to provide transit. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Can a customer take their IPs with them? (Court says yes!)
In an attempt to add a little more light than heat to this issue, let me add my .02 Euros. I am not a lawyer although I've had to defend myself in court a few times, so I do know a few things. This is a temporary restraining order. These are commonly issued "ex parte" meaning at the request of one of the parties and may even be done where the other party did not even show up or was given notice. The purpose is to "preserve the status quo." The court apparently -from the description of the TRO -issued it verbatimas the plaintiff filed it.I doubt the court evenknew what half the terms on the order meant. I had trouble and I'm somewhatfamiliar with Internet networking. In the case at hand, it may be that the contract with the provider could in theory have allowed immediate repossession of the IP address space which was loaned to them in the event they changed providers. In which case, if the company that has the particular IP space, allowing them to have their address range "snatched away" from them immediately would constitute irreparable harm, since it can take up to a week for an address change to propagate throughout the Internet. A Temporary Restraining Order is intended to keep things as they are at the time it was issued, until such time as a court has the opportunity to hear evidence and to make a decision. Generally they are issued subject to the following conclusions: 1. The party asking for the order (theplaintiff, here)is quite likely to suffer irreparable harm if the relief requested by the order is not granted. 2. The party to whom the order is issued against (the defendant, here)either will not suffer harmas a result of the order or the amount of harm is minor or substantially less than that which would occur to the other party if the order isn't granted.. There are additional conditions involved, but these are the two most important. Here, allowing the customer to keep the number on a temporary basis while the court decides the issue does not necessarily harm the defending ISP and failing to do so would probably be devastating to the customer. Now, to the extent the customer has other options(such as using the number block which theyhave beenassigneddirectly) will provide the court with a reasonable solution as to why the TRO should be dissolved after the customer has some reasonable time to correct the problem, e.g. to renumber their systems and advertise the new routes to the various routers and DNS systems might require, say 7-10 days. Also, if the contract between the company and the ISP provides them sufficient protection to allow them the time necessary to renumber and reroute then the need for the TRO becomes moot. However, if the contract was silent on this point or explicitly allowed immediate repossession then the TRO may have been a valid issue in order to preserve the status quo for the time being until the issue can be sorted out. This is the basic reason such decisions are issued, so that things can remain as they are until the court can figure out who is entitled to relief. It does not necessarily mean the customer will win or even has a valid cause of action, it just simply means that it is less catastrophic to the ISP to require they not "yank" the IP addresses from the customer than it would be to allow them to do so, pending the outcome of the actual trial on the merits of the issues involved. Please excuse me if this is obvious, but I thought it might help. --Paul Robinson "Above all else... We shall go on...""...And continue!""If the lessons of history teach us anything it isthat nobody learns the lessons that history teaches us." -BEGIN GEEK CODE BLOCK-Version: 3.1GCS/P d-(-)-- s+:+++ a+ C++ UL---$ P+ L+$ !E W++$ N++ !o !K-- w+--$ O-- !M-- !V- PS+++$ PE !Y !PGP t !5 !X !R tv+ b() DI() D G e h+(+)$ r y+**(+) --END GEEK CODE BLOCK--
Re: Can a Customer take their IP's with them? (Court says yes!)
On Jun 29, 2004, at 1:44 PM, Richard Welty wrote: On Tue, 29 Jun 2004 13:32:30 -0400 (EDT) Jon Lewis [EMAIL PROTECTED] wrote: So, how do your filters tell the difference between these broken out NAC routes through a new provider and multihomed customer routes with the primary provider's connection down? i've played this game from the multi-homed customer side before. you get your second provider to route the smaller space, and you expect the small announcements to be dropped by some ISPs and depend on the aggregate from your first provider to cover your bases there. it only works as long as the first provider continues to provide transit. It works as long as the first provider: 1) Continues to announce the aggregate, which NAC obviously will, and 2) Accepts deaggregates of his own space from peers, which the TRO requires NAC to do. (Not specifically, but if NAC filters this block, the judge almost certainly will find them in contempt.) If it is Pegasus and they have a /16, the point is moot. If it is some guy with a /24 out of non-swamp space, NAC will be providing transit for them. For instance, traffic from, say, Verio will be routed to the aggregate NAC announces, and NAC will have to pass it off to the new transit provider since Verio will not see the /24. This obviously has a cost to NAC, and it could be a high cost if this traffic goes over NAC transit in any real volume. IANAL, but seems like a Very Good Reason to not make the TRO permanent. -- TTFN, patrick
Re: Can a Customer take their IP's with them? (Court says yes!)
Mark, I suspect they confused 'mega' with 'kilo'. They mention 60 megawatts of power. It seems to me that the focus shouldn't be on the easy task of renumbering a /24 in 85 days (is it really just a /24?), but on moving the servers :-) There is mention of increased power charges (up to $18,000) and usage of 60Mw. Isn't $20/amp/month still a standard charge in co-lo sites? If so, $18,000 buys 900amps. With 120V service, we get (120*900)/1.67 = 65kw. 65kw over 30 twenty-four hour days is about 47Mw. So, the customer is getting a deal. -mark -- Joe McGuckin ViaNet Communications 994 San Antonio Road Palo Alto, CA 94303 Phone: 650-213-1302 Cell: 650-207-0372 Fax: 650-969-2124
Re: Can a Customer take their IP's with them? (Court says yes!)
Alex, Not being a lawyer, this is not a legal opinion, but my opinion is: What state court issued the TRO. A TRO usually is a legal technique to allow a condition to continue or not continue until a court of competent jurisdiction can "review" the issues. Since the addresses are not "owned" by the ISP that let the "customer" use them than it is difficult to ascertain how the court can "order" the ISP to do or not do something with those addesses. As is good form on the Net I assumed that the customer had a domain that they were "assigned" as well as the acutal IP address. With a normal channge of the A record (i presume) in the DNS the "new address" that the customer will get from the new "isp" will then be utilized. The court of competent jurisdiction, which in my mind would be the appropriate Federal Court for that circuit would have to order the "old" ISP to give away a leased item from ARIN and order the "new" ISP to accept it and to advertise it. Since it is my understanding that Congress and the Executive branch have made "ARIN, etal" the custodian of the IP addresses for the public good the Federal Court would potentially have an issue with interfereing with the normal course of ARIN activity. My issues that I would ask the court about is why a State Court (I Presume) has jurisdiction on what is an interstate matter as well as the abridgement of personal property rights of the ISP and ARIN. (If I lease my car and I quit paying they come and take it back, I do not get to keep it since I have been driving it for the last few years) The customer if there is no longer a contract in places would appear to have no standing in the court and since they can get their DNS entry updated thay can keep there "address" not the IP address but the DNS address. John Lee (ISDN - It suites Dennis's needs) Alex Rubenstein wrote: Please read -- this is lengthy, and important to the industry as a whole. We ask for, and solicit, comments, letters of support, etc., for our position. We are looking for people to take a position on this, and come forward, perhaps even to provide an affidavit or certification. Something along the lines of a 'friend of the court' brief, or even comments as to why we are wrong. Read on. There has been a Temporary Restraining Order (TRO) issued by state court that customers may take non-portable IP space with them when they leave their provider. Important to realize: THIS TEMPORARY RESTRAINING ORDER HAS BEEN GRANTED, AND IS CURRENTLY IN EFFECT. THIS IS NOT SOMETHING THAT COULD HAPPEN, THIS IS SOMETHING THAT HAS HAPPENED. THERE IS AN ABILITY TO DISSOLVE IT, AND THAT IS WHAT WE ARE TRYING TO DO. This is a matter is of great importance to the entire Internet community. This type of precedent is very dangerous. If this ruling is upheld it has the potential to disrupt routing throughout the Internet, and change practices of business for any Internet Service Provider. In the TRO, the specific language that is enforced is as follows: "NAC shall permit CUSTOMER to continue utilization through any carrier or carriers of CUSTOMER's choice of any IP addresses that were utilized by, through or on behalf of CUSTOMER under the April 2003 Agreement during the term thereof (the "Prior CUSTOMER Addresses") and shall not interfere in any way with the use of the Prior CUSTOMER Addresses, including, but not limited to: (i) by reassignment of IP address space to any customer; aggregation and/or BGP announcement modifications, (ii) by directly or indirectly causing the occurrence of superseding or conflicting BGP Global Routing Table entries; filters and/or access lists, and/or (iii) by directly or indirectly causing reduced prioritization or access to and/or from the Prior CUSTOMER Addresses, (c) provide CUSTOMER with a Letter of Authorization (LOA) within seven (7) days of CUSTOMER's written request for same to the email address/ticket system ([EMAIL PROTECTED]), and (d) permit announcement of the Prior CUSTOMER Addresses to any carrier, IP transit or IP peering network." We believe this order to be in direct violation of ARIN policy and the standard contract that is signed by every entity that is given an allocation of IP space. The ARIN contract strictly states that the IP space is NOT property of the ISP and can not be sold or transferred. The IP blocks in question in this case are very clearly defined as non-portable space by ARIN. Section 9 of ARIN's standard Service Agreement clearly states: "9. NO PROPERTY RIGHTS. Applicant acknowledges and agrees that the numbering resources are not property (real, personal or intellectual) and that Applicant shall not acquire any property rights in or to any numbering resources by virtue of this Agreement or otherwise. Applicant further agrees that it will not attempt, directly or indirectly, to obtain or assert any trademark, service mark, copyright or any other form of property rights in any numbering resources in the United States or any
Re: Can a Customer take their IP's with them? (Court says yes!)
quite frankly, looking at the TRO (thanks Richard for posting them here), UCI has requested permission to use Prior UCI Addresses being part of NAC, until September 1st, 2004. i am failing to see the problem with this TRO, given that customer is simply requesting relief guarantees that their move-out operation to new facility shall go unrestricted and not interfered by NAC. granted, the actual order fell from the court doesn't specifically state 9/1/04 as the deadline (which would be the policy issues w/ IP address portability), I think we need to take a look at both side's opinions and situations before blackholing NAC-UCI leased IP space(s) out of the blue as some here on this mailing list have stated they would do so. all i can see here is that UCI, being a customer is simply interested in doing what they can do to protect their business. moving entire business operational assets between colocation facilities is not an easy task, and can be quite risky for them. yes, i would take issues if UCI is simply requesting permanent portability of the IP space administrated by NAC, but so far looking at the documents, it appears UCI seems to be requesting enough period of time to help with their transition to the new facility, including enough time for renumbering of IP addresses in the process. Page 15, 45. of http://e-gerbil.net/ras/nac-case/restraining-order.pdf my 0.02 -J On Tue, Jun 29, 2004 at 12:24:44PM -0400, Richard A Steenbergen wrote: On Tue, Jun 29, 2004 at 09:11:08AM -0700, william(at)elan.net wrote: Actually, after reading most of the papers which Richard just made available at http://www.e-gerbil.net/ras/nac-case/ I don't see that court made an incorrect decision (it however should have been more clear enough on when TRO would end in regards to ip space). If you read through It is very likely that Pegasus made the correct decision to protect their business, regardless what a bunch of engineers on NANOG think about the IP space question. It also seems that the TRO is about far more than IP space (i.e. the continuation of full transit services, at existing contract rates). then they did other customers. Now, I do note that is probably just one side of the story, so likely there would be another side as this progresses through court (hopefully Richard will keep the webpage current with new documents), atlthough I have to tell you what I saw mentioned so far did not show NAC or its principals in the good light at all. I would like to post the NAC response to this so that we can hear all sides of the story, but unfortunately the case was moved from the US District Court back to the NJ Superior Court, where I no longer have easy access to the documents. I would be happy to take offline submissions of the legal filings from anyone willing to waste more on this than the $0.07/page that PACER charges. :) -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC) -- James JunTowardEX Technologies, Inc. Technical LeadNetwork Design, Consulting, IT Outsourcing [EMAIL PROTECTED] Boston-based Colocation Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
duplicate emails?
This host appears to be resending nanog posts? : Received: from e500smtp01.nga.mil(164.214.6.120) by relay5.nga.mil via smap (V5.5) id xma020150; Tue, 29 Jun 04 10:25:13 -0400 Originally received yesterday sometime... -- Forwarded message -- Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Tue, 29 Jun 2004 14:25:46 + Received: from exim by mx-0.telecomplete.net with spam-scanned (Exim 4.22) id 1BfJYP-00065u-Li for [EMAIL PROTECTED]; Tue, 29 Jun 2004 14:25:46 + Received: from exim by mx-0.telecomplete.net with scanned-ok (Exim 4.22) id 1BfJYP-00065h-1o for [EMAIL PROTECTED]; Tue, 29 Jun 2004 14:25:45 + Received: from relay5.nga.mil ([164.214.4.61]) by mx-0.telecomplete.net with esmtp (Exim 4.22) id 1BfJYO-00065C-6w for [EMAIL PROTECTED]; Tue, 29 Jun 2004 14:25:44 + Received: by relay5.nga.mil; id KAA20159; Tue, 29 Jun 2004 10:25:38 -0400 (EDT) Received: from e500smtp01.nga.mil(164.214.6.120) by relay5.nga.mil via smap (V5.5) id xma020150; Tue, 29 Jun 04 10:25:13 -0400 Received: from relay2.nga.mil(164.214.6.52) by e1000smtp2.nima.mil via csmap id 78e94c8c_c949_11d8_9cac_0002b3c81b76_16242; Mon, 28 Jun 2004 17:24:00 -0400 (EDT) Received: by relay2.nga.mil; id RAA13558; Mon, 28 Jun 2004 17:22:36 -0400 (EDT) Received: from trapdoor.merit.edu(198.108.1.26) by relay2.nga.mil via smap (V5.5) id xma010754; Mon, 28 Jun 04 17:14:29 -0400 Received: by trapdoor.merit.edu (Postfix) id 6C1A091277; Mon, 28 Jun 2004 17:12:33 -0400 (EDT) Delivered-To: [EMAIL PROTECTED] Received: by trapdoor.merit.edu (Postfix, from userid 56) id 3590491285; Mon, 28 Jun 2004 17:12:33 -0400 (EDT) Delivered-To: [EMAIL PROTECTED] Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 2AB5D91277 for [EMAIL PROTECTED]; Mon, 28 Jun 2004 17:12:26 -0400 (EDT) Received: by segue.merit.edu (Postfix) id 568C759D1B; Mon, 28 Jun 2004 17:12:26 -0400 (EDT) Delivered-To: [EMAIL PROTECTED] Received: from uswgco34.uswest.com (uswgco34.uswest.com [199.168.32.123]) by segue.merit.edu (Postfix) with ESMTP id 21E1559C56 for [EMAIL PROTECTED]; Mon, 28 Jun 2004 17:12:26 -0400 (EDT) Received: from egate-ne2.uswc.uswest.com (egate-ne2.uswc.uswest.com [151.117.64.200]) by uswgco34.uswest.com (8/8) with ESMTP id i5SLCLSu006141; Mon, 28 Jun 2004 15:12:21 -0600 (MDT) Received: from ITDENE2KSM02.AD.QINTRA.COM (localhost [127.0.0.1]) by egate-ne2.uswc.uswest.com (8.12.10/8.12.10) with ESMTP id i5SLCKCx008243; Mon, 28 Jun 2004 16:12:20 -0500 (CDT) Received: from itdene2km08.AD.QINTRA.COM ([10.1.4.107]) by ITDENE2KSM02.AD.QINTRA.COM with Microsoft SMTPSVC(5.0.2195.5329); Mon, 28 Jun 2004 15:12:20 -0600 X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: RE: BGP list of phishing sites? Date: Mon, 28 Jun 2004 15:12:12 -0600 Message-ID: [EMAIL PROTECTED] Thread-Topic: BGP list of phishing sites? Thread-Index: AcRdUpLPcFNCkm3pQvC9Iiw2DaWELgAAelTA From: Smith, Donald [EMAIL PROTECTED] To: Stephen J. Wilcox [EMAIL PROTECTED] Cc: Scott Call [EMAIL PROTECTED], [EMAIL PROTECTED] X-OriginalArrivalTime: 28 Jun 2004 21:12:20.0544 (UTC) FILETIME=[9965D400:01C45D54] Sender: [EMAIL PROTECTED] Precedence: bulk Errors-To: [EMAIL PROTECTED] X-Loop: nanog X-Virus-Scanned: by Telecomplete X-Spam-Checker-Version: Telecomplete X-Spam-Level: X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00=-4.9 autolearn=no I agree phishing bgp feed would disrupt the ip address to all ISP's that listened to the bgp server involved. I was addressing a specific issue with listening to such a server and that is the loss of control issue. Sorry if that wasn't clear. So would ISP's block an phishing site if it was proven to be a phishing site and reported by their customers? [EMAIL PROTECTED] GCIA pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC Brian Kernighan jokingly named it the Uniplexed Information and Computing System (UNICS) as a pun on MULTICS. -Original Message- From: Stephen J. Wilcox [mailto:[EMAIL PROTECTED] Sent: Monday, June 28, 2004 2:58 PM To: Smith, Donald Cc: Scott Call; [EMAIL PROTECTED] Subject: RE: BGP list of phishing sites? Hi Donald, the bogon feed is not supposed to be causing any form of disruption, the purpose of a phishing bgp feed is to disrupt the IP address.. thats a major difference and has a lot of implications. Steve On Mon, 28 Jun 2004, Smith, Donald wrote: Some are making this too hard. Of the lists I know of they only blackhole KNOWN active attacking or victim sites (bot controllers, know malware
Re: Can a Customer take their IP's with them? (Court says yes!)
Hi James, i would agree except NAC seems to have done nothing unreasonable and are executing cancellation clauses in there contract which are pretty standard. The customer's had plenty of time to sort things and they have iether been unable to or unwilling to move out in the lengthy period given. This too isnt uncommon and the usual thing that occurs at this point is the customer negotiates with the supplier for an extension in service which they pay for. These guys seem to not want to admit they've failed to plan this move, dont want to pay for their errors and are now either panicking or trying to prove a point to NAC. Steve On Tue, 29 Jun 2004, James wrote: quite frankly, looking at the TRO (thanks Richard for posting them here), UCI has requested permission to use Prior UCI Addresses being part of NAC, until September 1st, 2004. i am failing to see the problem with this TRO, given that customer is simply requesting relief guarantees that their move-out operation to new facility shall go unrestricted and not interfered by NAC. granted, the actual order fell from the court doesn't specifically state 9/1/04 as the deadline (which would be the policy issues w/ IP address portability), I think we need to take a look at both side's opinions and situations before blackholing NAC-UCI leased IP space(s) out of the blue as some here on this mailing list have stated they would do so. all i can see here is that UCI, being a customer is simply interested in doing what they can do to protect their business. moving entire business operational assets between colocation facilities is not an easy task, and can be quite risky for them. yes, i would take issues if UCI is simply requesting permanent portability of the IP space administrated by NAC, but so far looking at the documents, it appears UCI seems to be requesting enough period of time to help with their transition to the new facility, including enough time for renumbering of IP addresses in the process. Page 15, 45. of http://e-gerbil.net/ras/nac-case/restraining-order.pdf my 0.02 -J On Tue, Jun 29, 2004 at 12:24:44PM -0400, Richard A Steenbergen wrote: On Tue, Jun 29, 2004 at 09:11:08AM -0700, william(at)elan.net wrote: Actually, after reading most of the papers which Richard just made available at http://www.e-gerbil.net/ras/nac-case/ I don't see that court made an incorrect decision (it however should have been more clear enough on when TRO would end in regards to ip space). If you read through It is very likely that Pegasus made the correct decision to protect their business, regardless what a bunch of engineers on NANOG think about the IP space question. It also seems that the TRO is about far more than IP space (i.e. the continuation of full transit services, at existing contract rates). then they did other customers. Now, I do note that is probably just one side of the story, so likely there would be another side as this progresses through court (hopefully Richard will keep the webpage current with new documents), atlthough I have to tell you what I saw mentioned so far did not show NAC or its principals in the good light at all. I would like to post the NAC response to this so that we can hear all sides of the story, but unfortunately the case was moved from the US District Court back to the NJ Superior Court, where I no longer have easy access to the documents. I would be happy to take offline submissions of the legal filings from anyone willing to waste more on this than the $0.07/page that PACER charges. :) -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Teaching/developing troubleshooting skills
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 [EMAIL PROTECTED] wrote: |It's also important that one avoid: | |* The faulty assumption there is but one problem | | | Here's an interesting example that I came across | several years ago. It was in an office with lots | of PCs plugged into RJ45 10baseT ports near each desk. | One PC had lost connectivity. | | I came and checked that the software was | installed and running. Probably did something | like ping 127.0.0.1 to satisfy myself that it | wasn't a problem on the PC itself. Then I unplugged | the cable from the RJ45 port in the wall and tried | another port. It still did not work. I swapped | in a new cable and it worked fine. | | Most people would stop right there, but I | followed up and tested the existing cable | in the lab. It worked just fine. Why did | it not work before? There must be some problem | with the switch or the wall wiring and somehow | two RJ45 ports did not work. After a bit of | poking and discussions with the employee at | that desk, it turned out that the cable lay | in a bad spot and often got caught on her foot | as she rushed off somewhere. It turns out that | the little metal pins inside the RJ45 socket | had been bent. It was just sheer luck that | swapping the cable caused contact to be made again. | And the second socket was also bent. When that | one ceased to work the employee had swapped | cables themselves. | | The real solution was to replace both sockets | and install a longer patch cable that could be | placed where feet would not get caught up in it. | | Troubleshooting is made easier by methodically | doing the work and following through. If I had | not had the lab handy I probably would have | swapped the bad cable back in to verify that | trouble accompanied the cable. But it is also | easier to troubleshoot when you have a stock of | interesting war stories in your memory to encourage | you to think outside the box. It's the blend of | creativity and methodical work practices that makes | a good troubleshooter, technical or otherwise. | You've described Closed Loop Corrective Action to the tee. It's not enough to know what the problem is, but how to correct it, and what to do to prevent it in the future. - -- = bep -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (MingW32) iD8DBQFA4c0KE1XcgMgrtyYRArh6AJ9yOTkxGOv7iloTegO/DtUENYXmygCgiNnO m6XSOg2EPejbV4ZqOHvmPO0= =AwT9 -END PGP SIGNATURE-
Re: duplicate emails?
It has been pointed out to me that other people arent seeing the dups, that these are being resent directly to my address and that its a MIL host doing it. Perhaps I dropped phrases about terrorism or porn into my posts and I'm now being targeted by eschelon ;-O Steve (hiding in basement under foil blanket) On Tue, 29 Jun 2004, Stephen J. Wilcox wrote: This host appears to be resending nanog posts? : Received: from e500smtp01.nga.mil(164.214.6.120) by relay5.nga.mil via smap (V5.5) id xma020150; Tue, 29 Jun 04 10:25:13 -0400 Originally received yesterday sometime... -- Forwarded message -- Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Tue, 29 Jun 2004 14:25:46 + Received: from exim by mx-0.telecomplete.net with spam-scanned (Exim 4.22) id 1BfJYP-00065u-Li for [EMAIL PROTECTED]; Tue, 29 Jun 2004 14:25:46 + Received: from exim by mx-0.telecomplete.net with scanned-ok (Exim 4.22) id 1BfJYP-00065h-1o for [EMAIL PROTECTED]; Tue, 29 Jun 2004 14:25:45 + Received: from relay5.nga.mil ([164.214.4.61]) by mx-0.telecomplete.net with esmtp (Exim 4.22) id 1BfJYO-00065C-6w for [EMAIL PROTECTED]; Tue, 29 Jun 2004 14:25:44 + Received: by relay5.nga.mil; id KAA20159; Tue, 29 Jun 2004 10:25:38 -0400 (EDT) Received: from e500smtp01.nga.mil(164.214.6.120) by relay5.nga.mil via smap (V5.5) id xma020150; Tue, 29 Jun 04 10:25:13 -0400 Received: from relay2.nga.mil(164.214.6.52) by e1000smtp2.nima.mil via csmap id 78e94c8c_c949_11d8_9cac_0002b3c81b76_16242; Mon, 28 Jun 2004 17:24:00 -0400 (EDT) Received: by relay2.nga.mil; id RAA13558; Mon, 28 Jun 2004 17:22:36 -0400 (EDT) Received: from trapdoor.merit.edu(198.108.1.26) by relay2.nga.mil via smap (V5.5) id xma010754; Mon, 28 Jun 04 17:14:29 -0400 Received: by trapdoor.merit.edu (Postfix) id 6C1A091277; Mon, 28 Jun 2004 17:12:33 -0400 (EDT) Delivered-To: [EMAIL PROTECTED] Received: by trapdoor.merit.edu (Postfix, from userid 56) id 3590491285; Mon, 28 Jun 2004 17:12:33 -0400 (EDT) Delivered-To: [EMAIL PROTECTED] Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 2AB5D91277 for [EMAIL PROTECTED]; Mon, 28 Jun 2004 17:12:26 -0400 (EDT) Received: by segue.merit.edu (Postfix) id 568C759D1B; Mon, 28 Jun 2004 17:12:26 -0400 (EDT) Delivered-To: [EMAIL PROTECTED] Received: from uswgco34.uswest.com (uswgco34.uswest.com [199.168.32.123]) by segue.merit.edu (Postfix) with ESMTP id 21E1559C56 for [EMAIL PROTECTED]; Mon, 28 Jun 2004 17:12:26 -0400 (EDT) Received: from egate-ne2.uswc.uswest.com (egate-ne2.uswc.uswest.com [151.117.64.200]) by uswgco34.uswest.com (8/8) with ESMTP id i5SLCLSu006141; Mon, 28 Jun 2004 15:12:21 -0600 (MDT) Received: from ITDENE2KSM02.AD.QINTRA.COM (localhost [127.0.0.1]) by egate-ne2.uswc.uswest.com (8.12.10/8.12.10) with ESMTP id i5SLCKCx008243; Mon, 28 Jun 2004 16:12:20 -0500 (CDT) Received: from itdene2km08.AD.QINTRA.COM ([10.1.4.107]) by ITDENE2KSM02.AD.QINTRA.COM with Microsoft SMTPSVC(5.0.2195.5329); Mon, 28 Jun 2004 15:12:20 -0600 X-MimeOLE: Produced By Microsoft Exchange V6.5.6944.0 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: RE: BGP list of phishing sites? Date: Mon, 28 Jun 2004 15:12:12 -0600 Message-ID: [EMAIL PROTECTED] Thread-Topic: BGP list of phishing sites? Thread-Index: AcRdUpLPcFNCkm3pQvC9Iiw2DaWELgAAelTA From: Smith, Donald [EMAIL PROTECTED] To: Stephen J. Wilcox [EMAIL PROTECTED] Cc: Scott Call [EMAIL PROTECTED], [EMAIL PROTECTED] X-OriginalArrivalTime: 28 Jun 2004 21:12:20.0544 (UTC) FILETIME=[9965D400:01C45D54] Sender: [EMAIL PROTECTED] Precedence: bulk Errors-To: [EMAIL PROTECTED] X-Loop: nanog X-Virus-Scanned: by Telecomplete X-Spam-Checker-Version: Telecomplete X-Spam-Level: X-Spam-Status: No, hits=-4.9 required=5.0 tests=BAYES_00=-4.9 autolearn=no I agree phishing bgp feed would disrupt the ip address to all ISP's that listened to the bgp server involved. I was addressing a specific issue with listening to such a server and that is the loss of control issue. Sorry if that wasn't clear. So would ISP's block an phishing site if it was proven to be a phishing site and reported by their customers? [EMAIL PROTECTED] GCIA pgpFingerPrint:9CE4 227B B9B3 601F B500 D076 43F1 0767 AF00 EDCC Brian Kernighan jokingly named it the Uniplexed Information and Computing System (UNICS) as a pun on MULTICS. -Original Message- From: Stephen J. Wilcox [mailto:[EMAIL PROTECTED] Sent: Monday, June 28, 2004 2:58 PM To: Smith, Donald Cc: Scott Call; [EMAIL PROTECTED] Subject: RE: BGP list of phishing sites? Hi
Re: Attn MCI/UUNet - Massive abuse from your network
From Ben Browning, received 29/6/04, 9:56 am -0700 (GMT): Steve Linford wrote: The statement by Ben Browning: I know several businesses who have, and a great many people who have blocked UUNet space from sending them email ... by using ... the SBL is false, the SBL has never blocked UUNet/MCI IP space that wasn't directly in the control of spammers. If Mr Browning does indeed know several businesses and a great many people whose UUNet/MCI IP space has been blocked by the SBL, then Mr Browning knows several spam outfits and a great many spammers. Let me rephrase: I know several businesses and a great many people who block *parts* of UUNet by the SBL and *larger* parts of it by means of SPEWS, blackholes.us, et al. I obviously read more into it than you meant, sorry (I though you were implying we were blocking MCI IPs above and in addition to IPs belonging to spammers, something we try hard not to do). Regardless, the SBL does block *some* UUNet space, much of which(according to responses here) no longer belongs to the spammers. That's correct. At a guess I'd say possibly even 20% of our MCI listings are stale, and we don't know which ones. Without illegally scanning the MCI IPs to see what's running there we have very little way of knowing which spammers are departed or not, because MCI/UUNet Abuse will not tell us. Unlike listings of normal providers which tend to manage themselves, MCI SBL listings continue to grow in number and are removed either because they've reached their time-out setting or because someone higher up yells and the Abuse guys get their fingers out. We see things start to happen when Christopher Morrow gets involved, but they soon revert if he's not chasing them. Vint Cerf is now aware of the situation so perhaps more might begin to move and we may soon see those MCI listings drop down, and maybe a refresh of MCI's AUP enforcement. Thanks for voicing your opinion with MCI. -- Steve Linford The Spamhaus Project http://www.spamhaus.org
RE: Can a Customer take their IP's with them? (Court says yes!)
Hi, Hi James, i would agree except NAC seems to have done nothing unreasonable and are executing cancellation clauses in there contract which are pretty standard. The customer's had plenty of time to sort things and they have iether been unable to or unwilling to move out in the lengthy period given. This too isnt uncommon and the usual thing that occurs at this point is the customer negotiates with the supplier for an extension in service which they pay for. These guys seem to not want to admit they've failed to plan this move, dont want to pay for their errors and are now either panicking or trying to prove a point to NAC. I tend to agree. Reasonable time to migrate appears to be reasonable grace period. If unreasonable planning, hard (for me) to understand need for unreasonable grace period. 'reasonable' of course in need of a defintion, but from what I see most (but perhaps not all, these days... so I may be wrong) service providers allow sufficient grace period to make the technical needs fly. I'm far from sure non-technical issues should imply extended grace period. Hrm,... My few ören (or french or canadian cents, if preferred :) mh Steve On Tue, 29 Jun 2004, James wrote: quite frankly, looking at the TRO (thanks Richard for posting them here), UCI has requested permission to use Prior UCI Addresses being part of NAC, until September 1st, 2004. i am failing to see the problem with this TRO, given that customer is simply requesting relief guarantees that their move-out operation to new facility shall go unrestricted and not interfered by NAC. granted, the actual order fell from the court doesn't specifically state 9/1/04 as the deadline (which would be the policy issues w/ IP address portability), I think we need to take a look at both side's opinions and situations before blackholing NAC-UCI leased IP space(s) out of the blue as some here on this NAC-mailing list have stated they would do so. all i can see here is that UCI, being a customer is simply interested in doing what they can do to protect their business. moving entire business operational assets between colocation facilities is not an easy task, and can be quite risky for them. yes, i would take issues if UCI is simply requesting permanent portability of the IP space administrated by NAC, but so far looking at the documents, it appears UCI seems to be requesting enough period of time to help with their transition to the new facility, including enough time for renumbering of IP addresses in the process. Page 15, 45. of http://e-gerbil.net/ras/nac-case/restraining-order.pdf my 0.02 -J On Tue, Jun 29, 2004 at 12:24:44PM -0400, Richard A Steenbergen wrote: On Tue, Jun 29, 2004 at 09:11:08AM -0700, william(at)elan.net wrote: Actually, after reading most of the papers which Richard just made available at http://www.e-gerbil.net/ras/nac-case/ I don't see that court made an incorrect decision (it however should have been more clear enough on when TRO would end in regards to ip space). If you read through It is very likely that Pegasus made the correct decision to protect their business, regardless what a bunch of engineers on NANOG think about the IP space question. It also seems that the TRO is about far more than IP space (i.e. the continuation of full transit services, at existing contract rates). then they did other customers. Now, I do note that is probably just one side of the story, so likely there would be another side as this progresses through court (hopefully Richard will keep the webpage current with new documents), atlthough I have to tell you what I saw mentioned so far did not show NAC or its principals in the good light at all. I would like to post the NAC response to this so that we can hear all sides of the story, but unfortunately the case was moved from the US District Court back to the NJ Superior Court, where I no longer have easy access to the documents. I would be happy to take offline submissions of the legal filings from anyone willing to waste more on this than the $0.07/page that PACER charges. :) -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: BGP list of phishing sites?
--- Iljitsch van Beijnum [EMAIL PROTECTED] wrote: Einstein taught as that even the simple act of observation influences our surroundings. Wouldn't it make sense to try to leverage this influence such that the future is shaped more to our liking, however small the change may be? nitpick: it wasn't Einstein, but rather Heisenberg who developed the uncertainty principle. The uncertainty principle only speaks of electrons (or other small wavicles) and describes how it's not possible to know both the position and momentum. If you're not interested in knowing both of those at the same time, the uncertainty principle does not apply. The principle has been analogized to describe larger systems and items, and is a useful but not always completely accurate metaphor. It is entirely possible to observe some things without affecting them. -David Barak -Fully RFC 1925 Compliant __ Do you Yahoo!? Yahoo! Mail Address AutoComplete - You start. We finish. http://promotions.yahoo.com/new_mail
Re: Can a Customer take their IP's with them? (Court says yes!)
joe mcguckin [EMAIL PROTECTED] wrote: I suspect they confused 'mega' with 'kilo'. No, it's just the unit got mangled through sloppy usage. It was written as 60 megawatt hours, i.e. 60,000 kWh of energy. Any ISP that drew 60MW would probably be visible from space :) -- PGP key ID E85DC776 - finger [EMAIL PROTECTED] for full key
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004, Brad Passwaters wrote: On Tue, 29 Jun 2004 21:07:32 +0100 (BST), Stephen J. Wilcox [EMAIL PROTECTED] wrote: Hi James, i would agree except NAC seems to have done nothing unreasonable and are executing cancellation clauses in there contract which are pretty standard. The customer's had plenty of time to sort things and they have iether been unable to or unwilling to move out in the lengthy period given. How do you arrive at this conclusion? Did you read the filings? This is not the customers position. Since I have only the customers filings and the judges TRO online it maybe that NAC has counter claims of their own. However The customer's unhappy.. but I dont see anything bad going on here.. The customer's wording is sloppy for a legal doc and they have silly points raised, like because nac wont accept payment by credit card they are forced to pay off their outstanding balance hence having to pay twice (one to the card one to nac) .. well duh .. thats how it works. Non-portability of IP space is well known, sure, its hard work and I wouldnt wish to do it but its normal - right? Yeah theyre upset, this story has history that we're not seeing and I'm sure for that reason NAC are playing hard ball here. But I dont think wrt the question of leaving NAC and the timescales and cancellation process involved that anything illegal or unexpected is occuring. in that case both parties would have put forth reasonable postions and the I believe the standard then would be that the judge would have to look at the harm done to both parties. In the case of the customer they present an at least passable case that this will cause them to be put out of business. Thus the judge says, Ok you keep paying NAC what you were paying them and NAC you work with them to transtion NAC can certainly challenge the TRO as indicated in the document itself Presumably the judge is unsure and doing what seems to be a sensible option.. I hope the customer is using the time well to do some renumbering pdq! This too isnt uncommon and the usual thing that occurs at this point is the customer negotiates with the supplier for an extension in service which they pay for. And they claim they did but that NAC did not negotiate in good faith. Also that as NAC has indicated a desire to purchase them may have reason not to negotiate in good faith. Maybe, happens.. again dont know the history, not sure its important.. Steve
Re: BGP list of phishing sites?
So you think it's futile to try to get software vendors to improve their products. I suppose I can go along with that to a certain degree. But how can you expect end-users to work around the brokenness in the software they use? This seems both unfair and futile. at my aforementioned sister's house, i did it by buying an off-the-shelf $99 firewall and a $79 copy of suse-9 and spending an afternoon showing her how to use them. i guess the general form of the answer is tell people to get some tech support rather than believing what their vendors say. i'm not an expert on d-link firewalls, or on linux, but i know enough to know that running MSIE and Outlook and not having a firewall was her problem. Einstein taught as that even the simple act of observation influences our surroundings. Wouldn't it make sense to try to leverage this influence such that the future is shaped more to our liking, however small the change may be? as sad as this is, the best way to accomplish that is by heaping public scorn and ridicule on sean's and chris's employers every time they whine about how folks are widely blackholing their customers. you won't convince sbc or mci, but you might convince a lurker or two. But the real issue is that this is even necessary. The biggest problem we have with IP is that it doesn't provide for a way for a receiver to avoid having to receiving unwanted packets. It would be extremely useful if we could fix that. you realize that the virtual circuit X.25/TP4 people are laughing their asses off as they read those words, don't you? It's easy to laugh if you don't have a world wide network to run. i once had the honour of taking over a network dave rand had built, which became an unprofitable dot-bomb on my watch. ouch! but it wasn't because we refused to take money from spammers, or because we disconnected folks pre-emptively when they violated their AUP. so, that's not what i meant. if you want to put enough intelligence into the network so that a receiver can avoid having to receive unwanted packets then you'll need to decide how to throttle flow solicitations or else those flow solicitations will become the new form of spam and ddos. this will require state, not just in your hosts and upstream router and provider, but globally, end to end. and if you do that you'll have bitten into the rotten apple of circuit switching and x.25 and atm that the IP folks have been saying all these years wouldn't scale and wasn't necessary. and so, the people on the other side (the losing side, in my opinion) of that argument will laugh their asses off, whether they have a world wide network to run, or not.
Re: Can a Customer take their IP's with them? (Court says yes!)
Hi James, i would agree except NAC seems to have done nothing unreasonable and are executing cancellation clauses in there contract which are pretty standard. The customer's had plenty of time to sort things and they have iether been unable to or unwilling to move out in the lengthy period given. How do you arrive at this conclusion? Did you read the filings? This is not the customers position. Since I have only the customers filings and the judges TRO online it maybe that NAC has counter claims of their own. However The customer's unhappy.. but I dont see anything bad going on here.. It is very simple - Plaintiff files a motion. Defendant tries to have it dismissed (or maybe for whatever reason decides that as the network engineers they don't care about what a court has to say and ignores it) Plaintiff shows that he has a case. Defendant is unable to convince a judge that the plaintiff is full Judge grants the TRO. Defendant waves arms on nanog-l. Moral - When a legal system is involved, use the legal system, not the nanog-l. The former provides provides ample of opportunities to deal with the issues, while the later only provides ample of opportunities to do hand waving. The customer's wording is sloppy for a legal doc and they have silly points raised, like because nac wont accept payment by credit card they are forced to pay off their outstanding balance hence having to pay twice (one to the card one to nac) .. well duh .. thats how it works. Non-portability of IP space is well known, sure, its hard work and I wouldnt wish to do it but its normal - right? The customer wording happened to be excellent - and TRO is a proof of it. The court does not care about the good of internet and portability/non-portability of IP address space because it is not the case in front of it. Presumably the judge is unsure and doing what seems to be a sensible option.. Never presume. Always file. Alex
Re: BGP list of phishing sites?
On Tue, 29 Jun 2004 [EMAIL PROTECTED] wrote: If they are notified that they are an accessory to a crime and do not take any action, then doesn't this make the provider liable to criminal charges? You would think it would. But who bothers to prosecute? No one. Did you really inform the provider's legal department of this fact or did you just send an email to some dumb droids in the abuse department? Yes and I was told they would not do anything unless they received a subpoena or law enforcement forced them to shut it down, and that if I wanted action I should talk to the police instead. Quite frankly, I don't consider messages to the complaints/abuse department to be notice. How long does it take to find a head office fax number and draft up a legalistic looking notice document addressed to their legal department? Not long, but its a waste of time because they wont do anything anyway. The only way to get their attention is with blacklists. -Dan
Re: Can a Customer take their IP's with them? (Court says yes!)
OK... I'll take the risk here... These guys look to be gross address polluters -- Here's what I found: 1. Pegasus Web Technologies is listed as AS25653 (ARIN whois) 2. route-views.oregon-ix.net has the following to say about prefixes with origin in AS25653 (only the first listed path is shown for each prefix): route-views.oregon-ix.net$ quote-regexp _25653$ | include ^...[0-9] * 64.21.40.0/24209.123.12.51 0 8001 25653 i * 64.247.26.0/24 209.123.12.51 0 8001 25653 i * 64.247.27.0/24 209.123.12.51 0 8001 25653 i * 64.247.30.0/24 209.123.12.51 0 8001 25653 i * 64.247.31.0/24 209.123.12.51 0 8001 25653 i * 64.247.34.0/24 209.123.12.51 0 8001 25653 i * 64.247.35.0/24 209.123.12.51 0 8001 25653 i * 64.247.47.0/24 209.123.12.51 0 8001 25653 i * 66.246.3.0/24209.123.12.51 0 8001 25653 i * 66.246.28.0/24 209.123.12.51 0 8001 25653 i * 66.246.32.0/24 209.123.12.51 0 8001 25653 i * 66.246.33.0/24 209.123.12.51 0 8001 25653 i * 66.246.35.0/24 209.123.12.51 0 8001 25653 i * 66.246.36.0/24 209.123.12.51 0 8001 25653 i * 66.246.37.0/24 209.123.12.51 0 8001 25653 i * 66.246.38.0/24 209.123.12.51 0 8001 25653 i * 66.246.39.0/24 209.123.12.51 0 8001 25653 i * 66.246.40.0/24 209.123.12.51 0 8001 25653 i * 66.246.41.0/24 209.123.12.51 0 8001 25653 i * 66.246.42.0/24 209.123.12.51 0 8001 25653 i * 66.246.43.0/24 209.123.12.51 0 8001 25653 i * 66.246.44.0/24 209.123.12.51 0 8001 25653 i * 66.246.49.0/24 209.123.12.51 0 8001 25653 i * 66.246.50.0/24 209.123.12.51 0 8001 25653 i * 66.246.51.0/24 209.123.12.51 0 8001 25653 i * 66.246.52.0/24 209.123.12.51 0 8001 25653 i * 66.246.53.0/24 209.123.12.51 0 8001 25653 i * 66.246.54.0/24 209.123.12.51 0 8001 25653 i * 66.246.55.0/24 209.123.12.51 0 8001 25653 i * 66.246.60.0/24 209.123.12.51 0 8001 25653 i * 66.246.62.0/24 209.123.12.51 0 8001 25653 i * 66.246.63.0/24 209.123.12.51 0 8001 25653 i * 66.246.64.0/24 209.123.12.51 0 8001 25653 i * 66.246.65.0/24 209.123.12.51 0 8001 25653 i * 66.246.74.0/24 209.123.12.51 0 8001 25653 i * 66.246.75.0/24 209.123.12.51 0 8001 25653 i * 66.246.76.0/24 209.123.12.51 0 8001 25653 i * 66.246.77.0/24 209.123.12.51 0 8001 25653 i * 66.246.78.0/24 209.123.12.51 0 8001 25653 i * 66.246.85.0/24 209.123.12.51 0 8001 25653 i * 66.246.86.0/24 209.123.12.51 0 8001 25653 i * 66.246.87.0/24 209.123.12.51 0 8001 25653 i * 66.246.88.0/24 209.123.12.51 0 8001 25653 i * 66.246.89.0/24 209.123.12.51 0 8001 25653 i * 66.246.97.0/24 209.123.12.51 0 8001 25653 i * 66.246.98.0/24 209.123.12.51 0 8001 25653 i * 66.246.106.0/24 209.123.12.51 0 8001 25653 i * 66.246.107.0/24 209.123.12.51 0 8001 25653 i * 66.246.108.0/24 209.123.12.51 0 8001 25653 i * 66.246.109.0/24 209.123.12.51 0 8001 25653 i * 66.246.110.0/24 209.123.12.51 0 8001 25653 i * 66.246.111.0/24 209.123.12.51 0 8001 25653 i * 69.9.165.0/24216.218.252.1520 6939 4436 29791 25653 i * 69.57.160.0/19 216.218.252.1520 6939 8001 25653 i * 69.72.128.0/18 216.218.252.1520 6939 8001 25653 i * 69.72.192.0/19 216.218.252.1520 6939 8001 25653 i * 69.72.224.0/19 216.218.252.1520 6939 8001 25653 i * 207.99.34.0 209.123.12.51 0 8001 25653 i * 207.99.104.0 209.123.12.51 0 8001 25653 i * 207.99.126.0 209.123.12.51 0 8001 25653 i * 209.123.49.0 209.123.12.51 0 8001 25653 i * 209.123.61.0 209.123.12.51 0 8001 25653 i * 209.123.73.0
Re: Can a Customer take their IP's with them? (Court says yes!)
These guys look to be gross address polluters -- Here's what I found: * 64.21.40.0/24209.123.12.51 0 8001 25653 i hmmm notice that all of these /24's are from ^_8001_ which peers with route-views.oregon-ix.net which may from time to time include internal iBGP prefixes that are otherwise not advertised to regular transits/peers, to their way of making to GRT. What you pasted is what route-views.oregon-ix.net sees. What I see is: * 69.9.165.0/2463.239.36.245 1923100 0 209 3549 4436 29791 25653 i * 69.57.160.0/19 63.239.36.245 1923100 0 209 701 8001 25653 i * 69.72.128.0/18 63.239.36.245 1923100 0 209 701 8001 25653 i * 69.72.192.0/19 63.239.36.245 1923100 0 209 701 8001 25653 i * 69.72.224.0/19 63.239.36.245 1923100 0 209 701 8001 25653 i * 216.67.224.0/19 63.239.36.245 1923100 0 209 701 8001 25653 i What cidr-report.org sees: 69.9.165.0/244637 4436 29791 25653 69.57.160.0/19 4637 8001 25653 69.72.128.0/17 4637 8001 25653 + Announce - aggregate of 69.72.128.0/18 (4637 8001 25653) and 69.72.192.0/18 (4637 8001 25653) 69.72.128.0/18 4637 8001 25653 - Withdrawn - aggregated with 69.72.192.0/18 (4637 8001 25653) 69.72.192.0/19 4637 8001 25653 - Withdrawn - aggregated with 69.72.224.0/19 (4637 8001 25653) 69.72.224.0/19 4637 8001 25653 - Withdrawn - aggregated with 69.72.192.0/19 (4637 8001 25653) 216.67.224.0/19 4637 8001 25653 -J -- James JunTowardEX Technologies, Inc. Technical LeadNetwork Design, Consulting, IT Outsourcing [EMAIL PROTECTED] Boston-based Colocation Bandwidth Services cell: 1(978)-394-2867 web: http://www.towardex.com , noc: www.twdx.net
(UPDATE) Can a Customer take their IP's with them? (Court says yes!)
* Alex Yuriev wrote: Judge grants the TRO. Defendant waves arms on nanog-l. Moral - When a legal system is involved, use the legal system, not the nanog-l. The former provides provides ample of opportunities to deal with the issues, while the later only provides ample of opportunities to do hand waving. I would like to make a few comments on this and other posts that have been made in response to my original post last night. First of all, there is no question that there is a contractual dispute between NAC and the Customer. There is a lengthy complaint filed by the Customer against NAC, alleging a variety of things. Next, the more important issue. While there is a dispute between NAC and the Customer, as mentioned above, I am *NOT LOOKING FOR COMMENTS ON THE ACTUAL LAWSUIT* from nanog-l. I am not waving my arms about the lawsuit, as Alex implies above. What I AM looking for is a commentary from the internet community, strictly relating to the fact that a judge has issued a TRO that forces an ISP (NAC) to allow a third-party, who WILL NOT be a Customer of NAC, to be able to use IP Space allocated to NAC. In other words, I am asking people to if they agree with my position, lawsuit or not, that non-portable IP's should not be portable between parties, especially by a state superior court ordered TRO. This issue has been misunderstood, in that there is belief by some that the Customer should be allowed some period of grace for renumbering. I want to remind people that this Customer has had ARIN allocations for over 15 months. Also, recall that Customer has terminated service with us, and we would still allow them to be a Customer of ours if they so choose. This fact is undisputed as evidenced by the filing of certain public documents. With the above being said, I solicit comments on the following certification: Those would like to make a certification on behalf of their business: http://www.nac.net/cert.pdf Those would like to make a certification on behalf of themselves: http://www.nac.net/pcert.pdf Forgetting the facts of the case, for the moment, I think we all agree with the terms of this certification. The above does not ask for anyone to form an opinion about the case. It asks Internet Operators, as a community, if portability of non portable space is bad. If you agree, I ask you to execute this certification as an amicus brief, and fax it to us at 973-590-5080. Thank you for your time on this matter, it is truly appreciated. Please do not take the above that I do not appreciate all the commentary. As I say above, my point is that I am not trying to have a trial in a public forum, but, more importantly, I am verifying that our opinion regarding IP portability is one that the community as a whole shares. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
RE: Can a customer take IP's with them?
william(at)elan.net wrote: I've suspicions this maybe Pegasus Web Technologies (AS25653), Michel Py wrote: Good catch William! Dan Hollis wrote: This pegasus? http://www.spews.org/html/S2649.html Yeah. Michel.
Re: BGP list of phishing sites?
On 29-jun-04, at 22:53, David Barak wrote: Einstein taught as that even the simple act of observation influences our surroundings. Wouldn't it make sense to try to leverage this influence such that the future is shaped more to our liking, however small the change may be? nitpick: it wasn't Einstein, but rather Heisenberg who developed the uncertainty principle. Einstein's take on this was to ridicule it somewhat: When a person such as a mouse observes the universe, does that change the state of the universe? The principle has been analogized to describe larger systems and items, and is a useful but not always completely accurate metaphor. It is entirely possible to observe some things without affecting them. Is it? If I want to look at you, I must bounce photons off of you. Similar stuff needs to happen for other types of observation. This may not have a very large effect on you, but there is _some_ effect.
Re: (UPDATE) Can a Customer take their IP's with them? (Court says yes!)
On 30-jun-04, at 1:47, Alex Rubenstein wrote: What I AM looking for is a commentary from the internet community, strictly relating to the fact that a judge has issued a TRO that forces an ISP (NAC) to allow a third-party, who WILL NOT be a Customer of NAC, to be able to use IP Space allocated to NAC. In other words, I am asking people to if they agree with my position, lawsuit or not, that non-portable IP's should not be portable between parties, especially by a state superior court ordered TRO. I think we all agree that without aggregation, there'd be no internet. We can also all agree that the state of aggregation isn't quite as good as it could be. So apparently there is some wiggle room between theory and practice. But aren't we jumping the gun by reacting to a temporary restraining order? I'm not a lawyer and I don't play one on tv, but the way I understand it is that those are issued in order to make certain that the verdict won't be moot because the damage is already done. So a TRO doesn't have any bearing on the merits of the case. And even if the court orders that the addresses must be portable, there may be reasons why this is appropriate in this specific case rather than that the court takes the position that all address space should be portable.
Re: (UPDATE) Can a Customer take their IP's with them? (Court says yes!)
On Tue, Jun 29, 2004 at 07:47:54PM -0400, Alex Rubenstein wrote: What I AM looking for is a commentary from the internet community, strictly relating to the fact that a judge has issued a TRO that forces an ISP (NAC) to allow a third-party, who WILL NOT be a Customer of NAC, to be able to use IP Space allocated to NAC. In other words, I am asking people to if they agree with my position, lawsuit or not, that non-portable IP's should not be portable between parties, especially by a state superior court ordered TRO. As I read that TRO, for the period of time the customer continues to use the IP space they will also be a customer of NAC (i.e. they will continue to pay you money for IP transit and colocation services at existing contract amounts and existing contract rates, which happen to be significantly above current market rates). I don't see a disconnection between the two. This is a completely different situation from the one you describe, which is a customer who has completed an orderly termination without an ongoing legal dispute and simply wishes to continue using their IPs for an indefinite periods of time, without paying you for it or buying any other services from you. It seems that they are only asking for the orderly continuation of services so that they can migrate their assets (both physical and virtual, servers and IPs) to new resources without disruption of their business. There are many instances in the business world where a court prohibits you from disconnecting services to a customer so that their business can continue to operate, such as during chapter 11 bankruptcy proceedings. You should really be *glad* that they ARE paying you, and especially at the rates mentioned in their affidavit, for that much longer. Or perhaps you are seeing something in this that I am not? -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: BGP list of phishing sites?
--- Iljitsch van Beijnum [EMAIL PROTECTED] wrote: The principle has been analogized to describe larger systems and items, and is a useful but not always completely accurate metaphor. It is entirely possible to observe some things without affecting them. Is it? If I want to look at you, I must bounce photons off of you. Similar stuff needs to happen for other types of observation. This may not have a very large effect on you, but there is _some_ effect. for some value of _some_, right? ;) I agree that there is an affect, but not necessarily due to the observation itself: consider a webcam. Whether I am observing you in the camera is not dependent on my interacting with you per se: the photons were already on their way from you to the lens. You could argue that those photons cause a change, but I would respond that the photons would have caused that change regardless of whether they are measured. Perhaps some beer and philosophy at the October meeting? = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Yahoo! Mail - 50x more storage than other providers! http://promotions.yahoo.com/new_mail
Re: Fwd: Please stop sending me emails
DB Date: Tue, 29 Jun 2004 20:19:24 -0700 (PDT) DB From: David Barak DB I've gotta say - this is a new one for me. I'm used [ snip ] DB --- Jason Silverglate [EMAIL PROTECTED] wrote: I find this part interesting and ironic. See: Can a customer take... thread. Eddy -- EverQuick Internet - http://www.everquick.net/ A division of Brotsman Dreger, Inc. - http://www.brotsman.com/ Bandwidth, consulting, e-commerce, hosting, and network building Phone: +1 785 865 5885 Lawrence and [inter]national Phone: +1 316 794 8922 Wichita _ DO NOT send mail to the following addresses: [EMAIL PROTECTED] -*- [EMAIL PROTECTED] -*- [EMAIL PROTECTED] Sending mail to spambait addresses is a great way to get blocked.
RE: (UPDATE) Can a Customer take their IP's with them? (Court says yes!)
What I AM looking for is a commentary from the internet community, strictly relating to the fact that a judge has issued a TRO that forces an ISP (NAC) to allow a third-party, who WILL NOT be a Customer of NAC, to be able to use IP Space allocated to NAC. In other words, I am asking people to if they agree with my position, lawsuit or not, that non-portable IP's should not be portable between parties, especially by a state superior court ordered TRO. It is at least my opinion that this is a ludicrous argument. While this would certainly cause problems if everyone did it and it isn't the norm, it's ridiculous to argue that there could never exist a situation where this might not be the best temporary solution to a legitimate dispute between parties. Consider, for example, if I'm a large customer single-homed to one ISP. They go out of business and can't continue to provide me with service with four hours notice. They want to return their block to ARIN immediately and force me to renumber in a day. So you're saying it's unreasonable for a court to order them to delay the sale for 30 days and allow me to continue using those IPs through another provider? Why?! You can't argue this in the total abstract without the context of the actual dispute between the parties and the actual effects of allowing or not allowing this on each party. If you think the judge is out of his mind, then bluntly, you are out of yours. Yes, it would be bad if everyone did this. But if we really believe that IP addresse are non-portable for purely technical reasons and not as a weapon to use against customers, then we should be very agreeable to cases where a customer wants a reasonable time to continue using the IPs. IMO, 99.9% of the time, they should also be continuing to get service from the provider, but it would be really silly to say there could never exist an exception. DS
RE: (UPDATE) Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004, David Schwartz wrote: : : : What I AM looking for is a commentary from the internet community, : strictly relating to the fact that a judge has issued a TRO that forces an : ISP (NAC) to allow a third-party, who WILL NOT be a Customer of NAC, to be : able to use IP Space allocated to NAC. In other words, I am asking people : to if they agree with my position, lawsuit or not, that non-portable IP's : should not be portable between parties, especially by a state superior : court ordered TRO. : : It is at least my opinion that this is a ludicrous argument. While this :would certainly cause problems if everyone did it and it isn't the norm, :it's ridiculous to argue that there could never exist a situation where this :might not be the best temporary solution to a legitimate dispute between :parties. : : Consider, for example, if I'm a large customer single-homed to one ISP. :They go out of business and can't continue to provide me with service with :four hours notice. Consider Randy's ealier recollection, which many should also recall. In the context of the currently publicly available documents, any further discussion is less than operationally relevant. cheers, brian
Non-Portable ip blocks become portable (was - Can a Customer take their IP's with them? )
On Tue, 29 Jun 2004, Crist Clark wrote: Also can one think of other circumstances where non-portable IPs should become portable without reallocation through ARIN? Say, *poof*, ISP goes out of business _very_ suddenly with no one buying up its assets and taking over its operations quickly. There is no way to expect all of the customers to renumber in time. Do they have to wait for ARIN to reallocate the defunct ISP's space? And once it does, if the space gets reallocated to ISP-X, do all of the customers _have to_ sign up with this ISP to hold onto their numbers for a while? Or do customers have some time to take the numbers with them to another ISP while things get ironed out? Not an ARIN example but when KPNQwest went out of business, the situation was as you desribe and it would have been difficult to everybody to quickly renumber so their PA assigned customer ip blocks with assistance of RIPE became PI blocks (at least this is how I understood it, people in europe can correct me if this is not right). So the precidents do exist, but they involve having RIR take over the block. -- William Leibzon Elan Networks [EMAIL PROTECTED]
RE: Fwd: Please stop sending me emails
Eddy, DB --- Jason Silverglate [EMAIL PROTECTED] wrote: Edward B. Dreger wrote: I find this part interesting and ironic. See: Can a customer take... thread. I can clearly see the ironic part of it, but would you mind developing what the interesting part is? I fail to see it. In other words, spammers don't pay their bills (which is not new); they try by all possible means to dump the liability on someone else (which is not new either); they whine when they get email that they don't like (where I see the irony). Please forgive my feeble mind, what's interesting about it again? Michel.
RE: Non-Portable ip blocks become portable (was - Can a Customer take their IP's with them? )
William Leibzon wrote: Not an ARIN example but when KPNQwest went out of business, the situation was as you desribe and it would have been difficult to everybody to quickly renumber so their PA assigned customer ip blocks with assistance of RIPE became PI blocks (at least this is how I understood it, people in europe can correct me if this is not right). So the precidents do exist, but they involve having RIR take over the block. You forget to mention something here: people knew. Even if you were stupid there's no way (if you were a KPNQwest customer) that you could have missed there were in trouble. But that's only for starters: when they did fold, a very large part of the staff continued to operate the network with no pay for days to keep customers up. Kudos to ex-KPNQwest network dudes. So, your ISP has been in financial trouble for a while. For the last two weeks the only reason you were up is because some dedicated people kept the network running on life support on their own time and money. If you begin your renumbering effort by the time you lose connectivity, you deserve to go out of business. Same applies to AS25653: if they're stupid enough to sign a contract that basically say they can be kicked out within 45 days _and_ not prepared to move out within 45 days or so, they're too stupid to be in the ISP business. Period. I have plenty of customers that are locked-in with IP addresses. Their upstream does not leverage the fact that they do indeed hold the customer by the balls, because said customer a) pay their bills and b) do not spam. Michel.