SNMPSTAT monitoring system - restored on public internet (sourceforge)
May be, someone remember this system, which is used by many russian ISP and by few companies in USA, and was lost on public FTP due to disk crash (and change of my job) few years ago. Now, I posted new version (adding Cisco Configuration Repository, allowing change control and easy updates) onto sourceforget - see http://snmpstat.sourceforge.net
The Cidr Report
This report has been generated at Fri Jul 9 21:43:38 2004 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
02-07-04138157 95253
03-07-04137906 95421
04-07-04138230 95430
05-07-04138351 95418
06-07-04138246 95439
07-07-04138312 95533
08-07-04138436 95569
09-07-04138898 95503
AS Summary
17473 Number of ASes in routing system
7117 Number of ASes announcing only one prefix
1414 Largest number of prefixes announced by an AS
AS7018 : ATTW ATT WorldNet Services
54247168 Largest address span announced by an AS (/32s)
AS721 : DNIC DoD Network Information Center
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 09Jul04 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 138776955254325131.2% All ASes
AS6347 975 201 77479.4% SAVV SAVVIS Communications
Corporation
AS18566 7258 71798.9% CVAD Covad Communications
AS4134 754 160 59478.8% CHINANET-BACKBONE
No.31,Jin-rong Street
AS4323 737 206 53172.0% TWTC Time Warner Telecom
AS7018 1414 971 44331.3% ATTW ATT WorldNet Services
AS2548 548 130 41876.3% ATCW Allegiance Telecom
Companies Worldwide
AS7843 515 130 38574.8% ADELPH-13 Adelphia Corp.
AS6197 707 326 38153.9% BNS-14 BellSouth Network
Solutions, Inc
AS22909 398 30 36892.5% CMCS Comcast Cable
Communications, Inc.
AS701 1282 923 35928.0% UU UUNET Technologies, Inc.
AS9583 486 136 35072.0% SATYAMNET-AS Satyam Infoway
Ltd.,
AS27364 377 38 33989.9% ARMC Armstrong Cable Services
AS22773 383 60 32384.3% CXAB Cox Communications Inc.
Atlanta
AS1239 945 637 30832.6% SPRN Sprint
AS6467 334 33 30190.1% ACSI e.spire Communications,
Inc.
AS11172 351 55 29684.3% Servicios Alestra S.A de C.V
AS17676 339 50 28985.3% JPNIC-JP-ASN-BLOCK Japan
Network Information Center
AS9929 320 32 28890.0% CNCNET-CN China Netcom Corp.
AS6198 508 223 28556.1% BNS-14 BellSouth Network
Solutions, Inc
AS4355 381 99 28274.0% ERSD EARTHLINK, INC
AS6478 328 57 27182.6% ATTW ATT WorldNet Services
AS14654 2385 23397.9% WAYPOR-3 Wayport
AS25844 243 16 22793.4% SASMFL-2 Skadden, Arps, Slate,
Meagher Flom LLP
AS4766 486 265 22145.5% KIXS-AS-KR Korea Telecom
AS3356 890 672 21824.5% LEVEL3 Level 3 Communications
AS6140 369 157 21257.5% IMPSA ImpSat
AS9443 349 143 20659.0% INTERNETPRIMUS-AS-AP Primus
Telecommunications
AS6327 231 32 19986.1% SHAWC-2 Shaw Communications
Inc.
AS5668 380 196 18448.4% CIH-12 CenturyTel Internet
Holdings, Inc.
AS2386 406 227 17944.1% ADCS-1 ATT Data
Communications Services
Total 16399 62181018162.1% Top 30 total
Possible Bogus Routes
24.138.80.0/20 AS11260 AHSICHCL Andara High Speed Internet c/o Halifax
Cable Ltd.
24.246.0.0/17AS7018 ATTW ATT WorldNet Services
24.246.128.0/18 AS7018 ATTW ATT WorldNet Services
64.46.4.0/22 AS11711 TULARO TULAROSA COMMUNICATIONS
64.46.12.0/24AS7850 IHIGHW iHighway.net, Inc.
64.46.27.0/24AS8674 NETNOD-IX Netnod Internet Exchange Sverige AB
Re: WTF ---
On Fri, 9 Jul 2004 [EMAIL PROTECTED] wrote: stuff under the floor: wildlife: common in TX, fireants/bees/arachnids in the vaults Here in the SE USA we have a variety of cockroach we refer to as palmetto bugs. These grow to about 2 inches (5cm) in length. Any extended visit under the floor will likely include an encounter with one. not exactly under the floor: Back around 1981 I worked in a shop which had just taken delivery on an IBM 8100 system, a mini-computer about the size of a washing machine. We had an operator who weighed about 350lb (160Kg), and whenever this guy got within 10' (3m) of the thing it would crash. When the IBM FE came in, a circuit board was found to have a micro-fracture in it. Apparently whenever said operator got close enough, the floor would warp a bit, shifting the box enough to open a gap in the board. ah... the bad ol'days. :) They're over? - SLS Scott L. Stursa 850/644-2591 Network Security Officer [EMAIL PROTECTED] Academic Computing and Network Services Florida State University - No good deed goes unpunished -
Re: it appears a beaver picked it up and chewed it in half
Gaa. Beavers. Cute, but incredibly destructive. Don't get me started. - SLS (who owns lakefront property) Scott L. Stursa 850/644-2591 Network Security Officer [EMAIL PROTECTED] Academic Computing and Network Services Florida State University - No good deed goes unpunished -
Critters
Here in the SE USA we have a variety of cockroach we refer to as palmetto bugs. These grow to about 2 inches (5cm) in length. Any extended visit under the floor will likely include an encounter with one. [you mean with 1000's] ..with a special added treat. Unlike the smaller German Cockroach; the American one aka palmetto bug: a) Is noisy as all hell as they walk along your ceiling. b) When provoked, these bastards FLY at you. -- A host is a host from coast to [EMAIL PROTECTED] no one will talk to a host that's close[v].(301) 56-LINUX Unless the host (that isn't close).pob 1433 is busy, hung or dead20915-1433
Re: Critters
On Fri, 9 Jul 2004 09:51:16 -0400 (EDT) David Lesher [EMAIL PROTECTED] wrote: .with a special added treat. Unlike the smaller German Cockroach; the American one aka palmetto bug: a) Is noisy as all hell as they walk along your ceiling. b) When provoked, these bastards FLY at you. and they stink when you stomp on them. richard (grew up in st. pete fl) -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
OT: Re: Critters
a) Is noisy as all hell as they walk along your ceiling. b) When provoked, these bastards FLY at you. and they stink when you stomp on them. Don't some analog pets... you know like cats or dogs eat small things that move a lot when you breathe on them? I don't think the Nintendo or Aibo versions have that feature yet. If you are going out into the wild, bring the right sort of pet. Not the battery operated kind. DJ
Re: OT: Re: Critters
My first daughter's pet rabbit re-wired my apartment network, power and data. At SRI in Menlo Park, the squirrels were always keen for that tasty grey cable whenever it was run where they could get it. I wish I had a moose-and-cable story. Sorry.
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to [EMAIL PROTECTED] If you have any comments please contact Philip Smith [EMAIL PROTECTED]. Routing Table Report 04:00 +10GMT Sat 10 Jul, 2004 Analysis Summary BGP routing table entries examined: 142432 Prefixes after maximum aggregation: 85368 Unique aggregates announced to Internet: 68367 Total ASes present in the Internet Routing Table: 17570 Origin-only ASes present in the Internet Routing Table: 15228 Origin ASes announcing only one prefix:7144 Transit ASes present in the Internet Routing Table:2342 Transit-only ASes present in the Internet Routing Table: 75 Average AS path length visible in the Internet Routing Table: 4.8 Max AS path length visible: 26 Prefixes from unregistered ASNs in the Routing Table: 8 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space: 19 Number of addresses announced to Internet: 1301128680 Equivalent to 77 /8s, 141 /16s and 165 /24s Percentage of available address space announced: 35.1 Percentage of allocated address space announced: 57.6 Percentage of available address space allocated: 60.9 Total number of prefixes smaller than registry allocations: 65398 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:27304 Total APNIC prefixes after maximum aggregation: 14033 Prefixes being announced from the APNIC address blocks: 25525 Unique aggregates announced from the APNIC address blocks:13976 APNIC Region origin ASes present in the Internet Routing Table:2069 APNIC Region origin ASes announcing only one prefix:623 APNIC Region transit ASes present in the Internet Routing Table:333 Average APNIC Region AS path length visible:4.8 Max APNIC Region AS path length visible: 16 Number of APNIC addresses announced to Internet: 151884992 Equivalent to 9 /8s, 13 /16s and 148 /24s Percentage of available APNIC address space announced: 69.3 APNIC AS Blocks4608 - 4864, 7467 - 7722, 9216 - 10239 17408 - 18431, 23552 - 24575 APNIC Address Blocks 58/7, 60/7, 202/7, 210/7, 218/7, 220/7 and 222/8 ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes: 81553 Total ARIN prefixes after maximum aggregation:49875 Prefixes being announced from the ARIN address blocks:63350 Unique aggregates announced from the ARIN address blocks: 21888 ARIN Region origin ASes present in the Internet Routing Table: 9303 ARIN Region origin ASes announcing only one prefix:3335 ARIN Region transit ASes present in the Internet Routing Table: 909 Average ARIN Region AS path length visible: 4.6 Max ARIN Region AS path length visible: 17 Number of ARIN addresses announced to Internet: 227346464 Equivalent to 13 /8s, 141 /16s and 8 /24s Percentage of available ARIN address space announced: 75.3 ARIN AS Blocks 1 - 1876, 1902 - 2042, 2044 - 2046, 2048 - 2106 2138 - 2584, 2615 - 2772, 2823 - 2829, 2880 - 3153 3354 - 4607, 4865 - 5119, 5632 - 6655, 6912 - 7466 7723 - 8191, 10240 - 12287, 13312 - 15359 16384 - 17407, 18432 - 20479, 21504 - 23551 25600 - 26591, 26624 - 27647, 29695 - 30719 31744 - 33791 ARIN Address Blocks24/8, 63/8, 64/6, 68/7, 70/8, 198/7, 204/6, 208/7 and 216/8 RIPE Region Analysis Summary Prefixes being announced by RIPE Region ASes: 26205 Total RIPE prefixes after maximum aggregation:18548 Prefixes being announced from the RIPE address blocks:23016 Unique aggregates announced from the RIPE address blocks: 15243 RIPE Region origin ASes present in the Internet Routing Table: 5652 RIPE Region origin ASes announcing only one prefix:3051 RIPE Region transit ASes present in the Internet Routing Table: 984 Average RIPE Region AS path length visible: 5.4 Max RIPE Region AS path length visible: 26 Number of RIPE addresses announced to Internet:
VeriSign's rapid DNS updates in .com/.net
VeriSign Naming and Directory Services (VNDS) currently generates new versions of the .com/.net zones files twice per day. VNDS is scheduled to deploy on September 8, 2004 a new feature that will enable VNDS to update the .com/.net zones more frequently to reflect the registration activity of the .com/.net registrars in near real time. After the rapid DNS update is implemented, the elapsed time from registrars' add or change operations to the visibility of those adds or changes in all 13 .com/.net authoritative name servers is expected to average less than five minutes. The rapid update process will batch domain name adds and domain name changes every few seconds. The serial number in the .com/.net zones' SOA records will increase with each batch of changes applied. As described in a message to the NANOG list in January [1], these serial numbers are now based on UTC time encoded as the number of seconds since the UNIX epoch (00:00:00 GMT, 1 January 1970). VNDS will continue to publish .com/.net zone files twice per day as part of the TLD Zone File Access Program. [2] These zone files will continue to reflect the state of the .com/.net registry database at the moment zone generation begins. VNDS does not anticipate any negative consequences of deployment of rapid updates to the .com/.net zones. However, as a courtesy we are providing the Internet community with 60 days advance notice of the change to the update process. Some questions and answers about rapid updates for .com/.net are available at http://www.verisign.com/nds/naming/rapid_update/faq.html. Matt -- Matt Larson [EMAIL PROTECTED] VeriSign Naming and Directory Services [1] http://www.merit.edu/mail.archives/nanog/2004-01/msg00115.html [2] http://www.verisign.com/nds/naming/tld/
Re: VeriSign's rapid DNS updates in .com/.net
At 03:20 PM 7/9/2004, you wrote: time. After the rapid DNS update is implemented, the elapsed time from registrars' add or change operations to the visibility of those adds or changes in all 13 .com/.net authoritative name servers is expected to average less than five minutes. Very cool! Kudos! This is good news from Verisign on NANOG for a change. :) Does this also apply to domains with other registrars? From your message wording above, it appears that is the case which is great news. Does this apply to authoritative name server changes as well? Also, does this apply to customers who have had their domains suspended due to non-payment? That is always tough for our support desk to tell a customer they need to pay their bill to registrar X then wait 24-48 hours. If this will end that mess too, that's even better. -Robert Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 Good will, like a good name, is got by many actions, and lost by one. - Francis Jeffrey
Re: VeriSign's rapid DNS updates in .com/.net
Very cool! Kudos! This is good news from Verisign on NANOG for a change. :) Does this also apply to domains with other registrars? From your message wording above, it appears that is the case which is great news. Does this apply to authoritative name server changes as well? Also, does this apply to customers who have had their domains suspended due to non-payment? That is always tough for our support desk to tell a customer they need to pay their bill to registrar X then wait 24-48 hours. If this will end that mess too, that's even better. Seconded. This is very cool and something I think everyone has wanted for a long time. [Devil's Advocate Hat On] So domain hijacking can now take place in seconds in the middle of the night? [Devil's Advocate Hat Off] And you can fix hijacked domains in seconds!! DJ
Re: VeriSign's rapid DNS updates in .com/.net
On Fri, 09 Jul 2004 16:00:30 EDT, Deepak Jain said: And you can fix hijacked domains in seconds!! Devil's Advocate Hat On Or social-engineer somebody to fix a hijacked domain in seconds.. :) Hat Off pgpfKYj8Ab6Wu.pgp Description: PGP signature
Re: VeriSign's rapid DNS updates in .com/.net
On Fri, 9 Jul 2004 [EMAIL PROTECTED] wrote: On Fri, 09 Jul 2004 16:00:30 EDT, Deepak Jain said: And you can fix hijacked domains in seconds!! Devil's Advocate Hat On Or social-engineer somebody to fix a hijacked domain in seconds.. :) Hat Off all still dependent on the 'its hijackable' to begin with, right? So what changed really?
Re: VeriSign's rapid DNS updates in .com/.net
all still dependent on the 'its hijackable' to begin with, right? So what changed really? The window to be notified and respond probably just shrunk by an enormous factor. Everything is hijackable. DJ
Re: VeriSign's rapid DNS updates in .com/.net
On Fri, 9 Jul 2004, Deepak Jain wrote: all still dependent on the 'its hijackable' to begin with, right? So what changed really? The window to be notified and respond probably just shrunk by an enormous factor. Everything is hijackable. I wasn't aware you got a notification upon hijack...
Re: VeriSign's rapid DNS updates in .com/.net
The window to be notified and respond probably just shrunk by an enormous factor. Everything is hijackable. I wasn't aware you got a notification upon hijack... You may... you may not. If you don't its definitely a hijack. If you did and you were able to prevent it, its not a hijack. It really depends on the registrar I think. As far as cancelling domains purchased with jacked credit cards... Verisign doesn't get a refund from ICANN or whoever if the domain is cancelled after the first two weeks or something... so why should Verisign cancel the domain when it helps their total-domains-registered rankings and THEY had to pay for it. DJ
Re: VeriSign's rapid DNS updates in .com/.net
Verisign doesn't get a refund from ICANN ... Deepak, First, the fee to ICANN is on the order of $0.20/per, as opposed to the fee we registrars pay to VGRS, which is on the order of $6.00. Second, the fees paid by both the registries and registrars is subject to some negociations, which is presently happening with much more energy and vigor than usual, since ICANN wants to really grow its budget this year, at the expense of the ... registrars and registries. Eric Oh, I just submitted a xfr on a hijacked domain ... sigh.
ICANN Panel Pans VeriSign Search Service
For anyone who cares: A panel of experts convened by the nonprofit organization that manages the Internet's domain-name system today took aim at the company that controls the popular dot-com and dot-net domains, issuing a report concluding that a controversial search service designed to make money off Web-browser typos is a threat to the stability of the Internet and should remain offline indefinitely. Found on Yahoo! news. - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED]
Re: ICANN Panel Pans VeriSign Search Service
For anyone who cares: I'm a mammal who cares. I only just read the findings, it does go on for 85 pages. At the Registrars Constituency meeting held at the Rome ICANN meeting I spoke unkindly to the smiling-everything-is-fine dream team of Cerf and Twomey, that they took far too long to issue a cease-and-desist to VGRS for SiteFinder. That got an EAGAIN (you are wrong, we're fast enough) from Cerf, and an ENOCLUE from Twomey. For the original, look to: http://www.icann.org/committees/security/ssac-report-09jul04.pdf See also http://www.icann.org/legal/verisign-v-icann-motion-dismiss-06jul04.pdf One of VGRS's causes of action was that ICANN shouldn't have interfered with SiteFinder. Eric
RE: concern over public peering points [WAS: Peering point speed publicly available?]
A minitel - in the United States! Scott C. McGrath On Thu, 8 Jul 2004, Ian Dickinson wrote: Which almost begs the question - what's the oddest WTF?? anybody's willing to admit finding under a raised floor, or up in a ceiling or cable chase or similar location? (Feel free to change names to protect the guilty if need be:) Water -- about 8 of it... Air -- about 8 feet of it... In a comms room in a tunnel under London. Luckily for those working there, there was a ladder stored there too. The term 'raised floor' was never so apt. -- Ian Dickinson Development Engineer PIPEX [EMAIL PROTECTED] http://www.pipex.net
Re: VeriSign's rapid DNS updates in .com/.net
On Fri, 09 Jul 2004, Robert Boyle wrote: Does this also apply to domains with other registrars? I'm not sure what you mean by other registrars. VeriSign sold the Network Solutions registrar in November 2003 (although it retains a 15% ownership). The rapid updates apply to all changes from all registrars. Does this apply to authoritative name server changes as well? Do you mean, does it apply to glue records (i.e., A records for name servers) in the .com/.net zones? Yes, it does: a change to a name server's IP address will be reflected just as fast as a change to a domain's (er, zone's) NS records. Also, does this apply to customers who have had their domains suspended due to non-payment? I'm not sure what you mean here, but I think you're referring to something that's ultimately a registrar issue. A domain can be placed on hold status in the registry and its NS records will not appear in the .com/.net zones. There are several different hold statuses and they all prevent a domain's NS records from being published. It's possible a registrar could put a domain on hold for non-payment. Any changes to its name servers while it's on hold would be propagated quickly under this new system, as would changes to its hold status, so if it it was removed from hold, whatever changes that occurred while it was on hold would be visible quickly. One other issue: a few people have sent me private email asking if we're planning on changing the 48-hour TTL for NS records and A records in .com/.net. At this point we're not and the reason has a lot to do with a little-known DNS behavior called credibility. It's described in RFC 2181 (Clarifications to the DNS Specification), Section 5.4.1, although the concept pre-dates that RFC and has been in the BIND iterative resolver, for example, since version 4.9 (if memory serves). In a nutshell, DNS data has different levels of credibility or trustworthiness depending on where it's learned from. That's relevant here because the version of a zone's NS records from the zone's authoritative servers is more trustworthy than the version obtained from the zone's parent name servers. For example, the foo.com NS records received from a foo.com authoritative server are believed over the foo.com NS records received from a .com name server. Most positive responses include the zone's NS records along with the specific data requested (such as an A record). So in practice, here's what happens: - An iterative resolver chasing down, for example, A records for www.foo.com queries a .com name server and caches the foo.com NS records (with a 48-hour TTL) it receives. - The resolver then queries one of the foo.com name servers for the www.foo.com A records. - In the response the resolver receives the www.foo.com A records, along with foo.com's own version of the foo.com NS records--and this is the important part--which have the TTL set by the foo.com zone owner. - According to the credibility scale, the just-received foo.com NS records are more credible than the cached foo.com NS records from .com, so the just-received records displace the cached ones, new TTL and all. In other words, for all the iterative resolvers out there that have this credibility mechanism, the 48-hour TTL on data in .com/.net isn't particularly relevant. Matt
DNS with Akamai
Anyone noticing issues with Akamai and their DNS stuff? Just wondering because I'm seeing strange responses regarding www.foxnews.com, in that one of the Cnames a20.g.akamai.com is changing every 20 seconds, and sometimes no response at all. -Joe Blanchard
Re: DNS with Akamai
joe wrote: Anyone noticing issues with Akamai and their DNS stuff? Just wondering because I'm seeing strange responses regarding www.foxnews.com, in that one of the Cnames a20.g.akamai.com is changing every 20 seconds, and sometimes no response at all. It's really too soon to tell, but there is certainly something out there aimed right at the root servers. I saw a post from someone on full disclosure claiming that there was a 0-day exploit against bind (although the version wasn't named). There was huge activity for about four hours, but it leveled off about 20-30 minutes ago. I'm still analyzing earlier ethereal dumps, and logs, looking for the injection, or other evidence. Some of this would probably explain any anomalies you see at akamai. -- ...because as an industry we've tried to make security seem easier than it actually is. We want to make it like driving a car when it's more like flying an airplane. Chris Brenton (at 08:22 -0400 19 Apr 2004 on NANOG)
Re: DNS with Akamai
On Jul 10, 2004, at 12:20 AM, joe wrote: Anyone noticing issues with Akamai and their DNS stuff? Just wondering because I'm seeing strange responses regarding www.foxnews.com, in that one of the Cnames a20.g.akamai.com is changing every 20 seconds, and sometimes no response at all. Is it just foxnews or other sites too? There's a thread on inet-access regarding foxnews and windows 2003 nameservers.
