largescale internet blackout in indian broadband services
These people provide DSL, leased lines as well as last mile connectivity for a whole lot of Indian broadband providers, and they also run a rather popular cdma wireless phone and gsm cellphone service. srs - http://www.hindu.com/2004/09/16/stories/2004091611870300.htm Airtel and Touchtel services were shut down in Chennai at about 8.45pm IST last night due to a fire in their NOC. [...]
Re: European Nanog?
Randy Bush [15/09/04 09:11 -1000]: > this is a problem with eof, nanog, apricot, ... the actual running > and decision-making is not done by operators. it is done by the > usual well-meaning people representing operators. and, of course, At least in apricot's case, if anybody wants to help, and proves that he can help effectively, he / she is welcome to help .. it kind of boils down to "X, Y and Z are willing to roll up their sleeves and help in everything from chasing after sponsors, running a registration system etc to actually coming into the conference venue with a satchel full of access points and wiring the place up" Operators, vendors, people who represent the operator community, it doesn't really matter at all. Anyone who is willing to spare technical / organizational expertise and considerable chunks of spare time is welcome to step up to the plate and volunteer. srs (not speaking for the apricot mgmt committee here)
Re: Excessive Internet Traffic
Is that a variant of Nachi B. ? The source address may be generated. joe --- Robert Scott <[EMAIL PROTECTED]> wrote: > > The University of Central Florida has seen a sudden > jump in tcp 445 > denies. It began a little after 9:00 AM EDST. New > Worm? > > I am denying about 32 thousand packets per second. > IP Cache flow show > them well spread over a wide range of addresses, > targeted at what > apeears to be a random sample of my class B. The ACL > on our border > router is taking 21 million denies every 10 minutes. > > > 60 deny tcp any any eq 445 (346740094 matches) > > The packets are small, since I am seeing a large > nuber of packets, but > the bit count is low. > 30 second input rate 72679000 bits/sec, 41033 > packets/sec > 30 second output rate 29208000 bits/sec, 7687 > packets/sec > Input bits per second are a little above normal, > but the packet count > would normally be under 1 not 41000. > > Ideas? > > TIA > > AppleBees says "No Anheuser" > Robert Scott says "NO APPLEBEES!" > Join The Boycott! > > Robert D. Scott > Associate Director > Computer Services and Telecommunications > Network Operations > University of Central Florida > [EMAIL PROTECTED] > CSB-310 > 407-823-0662 Voice > 407-823-5476 FAX > 345-0662 Sun-Com > 877-549-5390 Pager > > __ Do You Yahoo!? Download the latest ringtones, games, and more! http://sg.mobile.yahoo.com
Re: Problem with whois.ripe.net?
On 15.09.2004 21:33 Paul Jakma wrote: > On Wed, 15 Sep 2004, Greg Schwimer wrote: > > >>Yes, I verified it. Oddly, it was preceeded by not being able to run a >>whois against whois.ripe.net for about 20 minutes from my location >>(connection timed out). Seems to be working fine now. Must be the >>gremlins. > > > Or maybe you got banned for too many connections/minute or requesting > too much data. RIPE auto-block whois queries based on both criteria, > iirc. > But then you get a notification and not only a simple timeout ... iirc Arnold
Re: Problem with whois.ripe.net?
On Wed, 15 Sep 2004, Greg Schwimer wrote: Yes, I verified it. Oddly, it was preceeded by not being able to run a whois against whois.ripe.net for about 20 minutes from my location (connection timed out). Seems to be working fine now. Must be the gremlins. Or maybe you got banned for too many connections/minute or requesting too much data. RIPE auto-block whois queries based on both criteria, iirc. regards, -- Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A Fortune: Stupidity is its own reward.
Re: European Nanog?
> I would much appreciate if EOF gets more input from "RIPE" operators. this is a problem with eof, nanog, apricot, ... the actual running and decision-making is not done by operators. it is done by the usual well-meaning people representing operators. and, of course, they are in extreme, and almost amusing, denial that there is a difference. i am not sure how foro de redes is currently operated; it used to be heavily operator run. it is interesting to note that afnog is organized and run pretty much by operators. i guess they can't afford net.bureaucrats to represent them :-). randy
Re: Problem with whois.ripe.net?
Yes, I verified it. Oddly, it was preceeded by not being able to run a whois against whois.ripe.net for about 20 minutes from my location (connection timed out). Seems to be working fine now. Must be the gremlins. Jeje wrote: --On mercredi 15 septembre 2004 11:16 -0700 Greg Schwimer <[EMAIL PROTECTED]> wrote: I'm seeing this from multiple locations. Anyone else? I get a similar response from their web whois as well. whois -h whois.ripe.net % This is the RIPE Whois secondary server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK This is what you get by default if the block you requested is not RIPE's Are you sure you're requesting a RIPE's block ? Jerome.
Re: Problem with whois.ripe.net?
On Wed, 15 Sep 2004 11:16:44 -0700 "Greg Schwimer" <[EMAIL PROTECTED]> wrote: > I'm seeing this from multiple locations. Anyone else? > I get a similar response from their web whois as well. Just now I got correct responses on (my own) RIPE assigned address block, accessing from multiple locations, and via their website. -- Richard Cox
Re: Problem with whois.ripe.net?
On Wed, 15 Sep 2004, Greg Schwimer wrote: whois -h whois.ripe.net % This is the RIPE Whois secondary server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr:The whole IPv4 address space It works for me: jwhois 193.110.157.0 -h whois.ripe.net [Querying whois.ripe.net] [whois.ripe.net] % This is the RIPE Whois secondary server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html inetnum: 193.110.157.0 - 193.110.157.255 netname: XTDNET descr:Xtended Internet country: NL admin-c: PW237-RIPE tech-c: PW237-RIPE notify: [EMAIL PROTECTED] status: ASSIGNED PI mnt-by: XTDNET-MNT mnt-by: RIPE-NCC-HM-PI-MNT mnt-lower:RIPE-NCC-HM-PI-MNT mnt-routes: XTDNET-MNT changed: [EMAIL PROTECTED] 20020219 source: RIPE [ snip the rest ]
Re: Problem with whois.ripe.net?
Odd. It's working now. Arnold Nipper wrote: On 15.09.2004 20:16 Greg Schwimer wrote: I'm seeing this from multiple locations. Anyone else? I get a similar response from their web whois as well. whois -h whois.ripe.net Everything is fine here whois -h whois.ripe.net -r -T inetnum 80.81.192.0/20 % This is the RIPE Whois secondary server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html inetnum: 80.81.192.0 - 80.81.207.255 org: ORG-DtGI1-RIPE netname: DE-CIX-20010724 descr:Provider Local Registry country: DE admin-c: AN6695-RIPE tech-c: AN6695-RIPE tech-c: GD9-RIPE notify: [EMAIL PROTECTED] status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower:DECIX-MNT mnt-routes: DECIX-MNT changed: [EMAIL PROTECTED] 20010724 changed: [EMAIL PROTECTED] 20020614 source: RIPE
Re: Problem with whois.ripe.net?
On 15.09.2004 20:16 Greg Schwimer wrote: > I'm seeing this from multiple locations. Anyone else? I get a similar > response from their web whois as well. > > whois -h whois.ripe.net > Everything is fine here whois -h whois.ripe.net -r -T inetnum 80.81.192.0/20 % This is the RIPE Whois secondary server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html inetnum: 80.81.192.0 - 80.81.207.255 org: ORG-DtGI1-RIPE netname: DE-CIX-20010724 descr:Provider Local Registry country: DE admin-c: AN6695-RIPE tech-c: AN6695-RIPE tech-c: GD9-RIPE notify: [EMAIL PROTECTED] status: ALLOCATED PA mnt-by: RIPE-NCC-HM-MNT mnt-lower:DECIX-MNT mnt-routes: DECIX-MNT changed: [EMAIL PROTECTED] 20010724 changed: [EMAIL PROTECTED] 20020614 source: RIPE
Problem with whois.ripe.net?
I'm seeing this from multiple locations. Anyone else? I get a similar response from their web whois as well. whois -h whois.ripe.net % This is the RIPE Whois secondary server. % The objects are in RPSL format. % % Rights restricted by copyright. % See http://www.ripe.net/db/copyright.html inetnum: 0.0.0.0 - 255.255.255.255 netname: IANA-BLK descr:The whole IPv4 address space country: EU # Country is really world wide org: ORG-IANA1-RIPE admin-c: IANA1-RIPE tech-c: IANA1-RIPE status: ALLOCATED UNSPECIFIED remarks: The country is really worldwide. remarks: This address space is assigned at various other places in remarks: the world and might therefore not be in the RIPE database. mnt-by: RIPE-NCC-HM-MNT mnt-lower:RIPE-NCC-HM-MNT mnt-routes: RIPE-NCC-RPSL-MNT changed: [EMAIL PROTECTED] 20010529 changed: [EMAIL PROTECTED] 20020625 changed: [EMAIL PROTECTED] 20031014 changed: [EMAIL PROTECTED] 20040422 changed: [EMAIL PROTECTED] 20040504 source: RIPE organisation: ORG-IANA1-RIPE org-name: Internet Assigned Numbers Authority org-type: IANA address: see http://www.iana.org remarks: The IANA allocates IP addresses and AS number blocks to RIRs remarks: see http://www.iana.org/ipaddress/ip-addresses.htm remarks: and http://www.iana.org/assignments/as-numbers e-mail: [EMAIL PROTECTED] admin-c: IANA1-RIPE tech-c: IANA1-RIPE mnt-ref: RIPE-NCC-HM-MNT mnt-by: RIPE-NCC-HM-MNT changed: [EMAIL PROTECTED] 20040417 source: RIPE role: Internet Assigned Numbers Authority address: see http://www.iana.org. e-mail: [EMAIL PROTECTED] admin-c: IANA1-RIPE tech-c: IANA1-RIPE nic-hdl: IANA1-RIPE remarks: For more information on IANA services remarks: go to IANA web site at http://www.iana.org. mnt-by: RIPE-NCC-MNT changed: [EMAIL PROTECTED] 20010411 source: RIPE
Re: Excessive Internet Traffic
// The packets are small, since I am seeing a large nuber of packets, but // the bit count is low. // 30 second input rate 72679000 bits/sec, 41033 packets/sec // 30 second output rate 29208000 bits/sec, 7687 packets/sec // Input bits per second are a little above normal, but the packet count // would normally be under 1 not 41000. // // Ideas? This is likely a variant of what I forsee to become the "next big pain", a variant of sdbot, of which McAfee claims there are 4000 variants. I've had to deal with quite a few (and climbing) numbers of infected users of this pain. We use a Packeteer and have listed comps sending outbound 445 garbage and I've found that almost all have been infected by one of the versions of this particular worm. Which of the 4000 versions it is eludes me. This is what I've seen so far. If you look at the machine sending the traffic out, you're likely going to see a smorgasbord of junk in c:\WINDOWS\system32 ... If you view the folder as a list, then sort by date, you're likely to find a huge amount of executables on the machine. As well as logs, TFTP information etc. You can try opening up task manager but it will be useless... So being I'm already getting more and more familiar with this pest, here is what it does: / Public Sub AVkiller() On Error Resume Next 'prefix Dim AVmonz As Variant' varz: Dim Cur As String '---||--- Dim i '---||--- AVmonz = Array("", "AVP Monitor", _ "AntiVir", _ "Vshwin", _ "F-STOPW", _ "F-Secure", _ "vettray", _ "InoculateIT", _ "Norman Virus Control", _ "navpw32", _ "Norton AntiVirus", _ "Iomon98", _ "AVG", _ "NOD32", _ "Dr.Web", _ "Amon", _ "Trend PC-cillin", _ "File Monitor", _ "Registry Monitor", _ "Registry Editor", _ "Task Manager") 'Declaration of AV shitz For i = 1 To 20 'kill'em all... Cur = AVmonz(i) 'convert to string Call TerminateTask(Cur) 'terminate task ;) Next i End Sub / Nifty huh? The virus installs itself in the registry under odd names associated with Microsoft for example, so far I've seen it installed in a Run, Run Once folder called Windows Security, Windows Update, etc. There is no removal tool for this and being it renders many virus software useless, you can either have a user reinstall Windows, or you can search the machine for instances of things created on the same date as the serv32.exe program, or one of the other ones it installs. Now... The worm seems to perhaps download 4 other programs I've always seen running in conjuction with it. wupd.exe which masquerades as "Windows Update" ftpd.exe which opens up an ftp server on the infected machine and goes around re-downloaded various other viruses and worms on the infected machine, and one which I believe tries to infect other machines perhaps a-la Blaster worm. Another program opens seems to randomly name viruses and worms once downloaded so for example, wupd.exe will probably turn into something like A032424.exe the next time around, and so on and so forth. So far I've seen students where I am either getting this via file sharing, one program which has been sticking out like a sore thumb is something called ARES. It could be also spreading, again, through some of the katrillion MS vulnerabilies and perhaps even the newly discovered "Drag and Drop" vulnerability. Drag and Drop vulnerabilities http://secunia.com/advisories/12321/ So now there is also the "bling.exe" issue which is the worm that "sniffs out passwords" (http://isc.sans.org/diary.php?date=2004-09-12), this one opens up an irc connection to dump out data to some channel. I will eventually (when I have some time) hexedit some of these to see what it does and perhaps repost more information. For a full view of what the serv32.exe does, please check out the coding at http://www.infiltrated.net/wormcode.txt which list the original URL (site down so it's Google cached) =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D sil @ politrix . orghttp://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net "How can we account for our present situation unless we believe that men high in this government are concerting to deliver us to disaster?" Joseph McCarthy "America's Retreat from Victory"
Re: Network Configuration Management Practices
>Currently we do something sort of halfway: archive the actual configs >and then run audit scripts against them, which parse the configs. Definitely >not ideal but it helps catch simpler errors. One of these days when I have >extra cycles.. (yeah, right) > > Austin There are a handful of good products on the market that do this for you, like True Control from Rendition and Device Authority from Alterpoint. We recently purchased Device Authority primarily for its auditing and compliance monitoring, but also for the ease with which we can push out mass changes to devices. It's honestly cooler than sliced bread. The downside to these applications is the price. Ouch. Regardless, now that I have Device Authority, I sure as heck would not give it back! John --
Re: Network Configuration Management Practices
On Wed, Sep 15, 2004 at 12:27:20AM -0700, Alexei Roudnev wrote: > > One more thing. We tried to review _proposed changes_ and _changed applied_. > Practice showed, that it is impossible to see errors in proposed updates, > even if 3 - 4 engineers review it (not design flaws, but syntac and > semantics errors), so we did not got many use from pre-change reviews > (except design ones). But we got extremely high profit from post-change > reviews (verifying, what really changed on the router / firewall after > maintanance window) - it allows to see some unwanted changes and avoid few > possible service disruptions. > This doesn't seem to scale too well. When you have frequent changes (i.e. many access devices) the diff load becomes unmanageably large. My ideal would be to have a network monitoring tool which compares the actual network against a configured baseline. The presumption would be that if the network matches what have been set forth as engineering rules, I don't really care what the specific settings are. Currently we do something sort of halfway: archive the actual configs and then run audit scripts against them, which parse the configs. Definitely not ideal but it helps catch simpler errors. One of these days when I have extra cycles.. (yeah, right) Austin
Re: Open-Source Network Management Tools
Claydon, Tom wrote: I'm looking for open-source alternatives for network management, such as Nagios or Big Brother. We are currently using WhatsUp Gold, and would like to move to something more flexible (and not running on a Windows platform). Something that has email/paging capabilities, and can process SNMP traps would be a plus for us as well. Recommendations? Thanks. I'll add remstats (http://remstats.sourceforge.net/release/) The big strength of it I found over other systems is it integrates monitoring and alerting (a la nagios) with visual trending, which makes it much easier to see what your alerts should be set at and if you need to start worrying. There's kind of been parallel development - the sourceforge version has some new features, another train I have has a lot of performance enhancements to allow different periods of polling; multiple snmp collectors to distribute load; parallized collections, etc.
Re: Excessive Internet Traffic
My 445 traffic is pretty normal (lots of it, not unusual tho) You're being DoS'd? Identify the dst and the ingress points, if you can work out the srces, if not speak to your upstreams for assistance in identifying and stopping the traffic. Steve On Wed, 15 Sep 2004, Robert Scott wrote: > > The University of Central Florida has seen a sudden jump in tcp 445 > denies. It began a little after 9:00 AM EDST. New Worm? > > I am denying about 32 thousand packets per second. IP Cache flow show > them well spread over a wide range of addresses, targeted at what > apeears to be a random sample of my class B. The ACL on our border > router is taking 21 million denies every 10 minutes. > > 60 deny tcp any any eq 445 (346740094 matches) > > The packets are small, since I am seeing a large nuber of packets, but > the bit count is low. > 30 second input rate 72679000 bits/sec, 41033 packets/sec > 30 second output rate 29208000 bits/sec, 7687 packets/sec > Input bits per second are a little above normal, but the packet count > would normally be under 1 not 41000. > > Ideas? > > TIA > > AppleBees says "No Anheuser" > Robert Scott says "NO APPLEBEES!" > Join The Boycott! > > Robert D. Scott > Associate Director > Computer Services and Telecommunications > Network Operations > University of Central Florida > [EMAIL PROTECTED] > CSB-310 > 407-823-0662 Voice > 407-823-5476 FAX > 345-0662 Sun-Com > 877-549-5390 Pager > >
RE: Open-Source Network Management Tools
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > I'm looking for open-source alternatives for network management, > such as Nagios or Big Brother. We are currently using WhatsUp Gold, > and would like to move to something more flexible (and not running > on a Windows platform). Something that has email/paging > capabilities, and can process SNMP traps would be a plus for us as > well. > > > Recommendations? > > Thanks. > > I'd like to expand the question by asking, what Open-Source applications do people use for SNMP Trap collecting and alarming? We're very happy with Nagios for polling, but we have a lot of optical components that send information via Traps that then needs to be culled, trimmed and analyzed. Thanks, Mike -BEGIN PGP SIGNATURE- Version: PGP 8.0.3 iQA/AwUBQUhq+Zzgx7Y34AxGEQJP6gCgh1KW5vvq2fRh4WBSik1Q7Ay31okAoIAh ZKUgPFi9PZhDpOGIAXXOIY9W =oD9A -END PGP SIGNATURE-
Re: European Nanog?
Daniel, On 15.09.2004 13:50 Daniel Karrenberg wrote: > Roland, > > you are almost right. > >>From http://www.ripe.net/ripe/meetings/ripe-49/eof-info.html : > > "The European Operators Forum (EOF) is a forum where new > technologydevelopments of interest to Internet Protocol network > operators arepresented and discussed. The EOF has no formal charter or > chair. The agenda is co-ordinated by a program committee led by Rob > Blokzijl, RIPE Chair. > this is not really consistent with http://www.ripe.net/ripe/wg/eof/index.html, It would also be more transparent if someone know of which members the program committee consist of. But this are pennies. I would much appreciate if EOF gets more input from "RIPE" operators. Have a successful RIPE 49 in Manchester, Arnold
Excessive Internet Traffic
The University of Central Florida has seen a sudden jump in tcp 445 denies. It began a little after 9:00 AM EDST. New Worm? I am denying about 32 thousand packets per second. IP Cache flow show them well spread over a wide range of addresses, targeted at what apeears to be a random sample of my class B. The ACL on our border router is taking 21 million denies every 10 minutes. 60 deny tcp any any eq 445 (346740094 matches) The packets are small, since I am seeing a large nuber of packets, but the bit count is low. 30 second input rate 72679000 bits/sec, 41033 packets/sec 30 second output rate 29208000 bits/sec, 7687 packets/sec Input bits per second are a little above normal, but the packet count would normally be under 1 not 41000. Ideas? TIA AppleBees says "No Anheuser" Robert Scott says "NO APPLEBEES!" Join The Boycott! Robert D. Scott Associate Director Computer Services and Telecommunications Network Operations University of Central Florida [EMAIL PROTECTED] CSB-310 407-823-0662 Voice 407-823-5476 FAX 345-0662 Sun-Com 877-549-5390 Pager
Re: Open-Source Network Management Tools
> On Wed, 15 Sep 2004 17:02:33 +0930, Mark Newton <[EMAIL PROTECTED]> said: Yet one more new tool "Net-Policy" undergoing a lot of development. It's designed to allow for any protocol to be used for data, but is currently concentrating on SNMP (for collection, distribution and events). It's a role/policy based system which means easier conceptual management. Highly extensible. Creating new network connection diagrams to add into the system, eg, takes very little perl coding. Screen shots available at http://net-policy.sf.net/ . -- "In the bathtub of history the truth is harder to hold than the soap, and much more difficult to find." -- Terry Pratchett
RE: Email Complexes
Folks, it's (long past) time to end this thread. It's operationally of interest to very few of us.
Re: *blocking access to rebel web sites
>> Russian Internet providers block access to Chechen rebel web site Please excuse my off-topic response. Earlier this year I was researching terror related websites and snagged the top 25 (according to Alexa, and articles mentioning these sites) "Jihad(iot)" related "terror" sites and found that of the 25 sites, 22 were running in my own backyard, America. Rather than make this already off topic post longer here is the link to the article for anyone who would like to read it. Basically, whois, nslookup information for the top sites. I didn't bother posting the other 3 since they had little relevance to someone else's "War on Terror" http://www.politrix.org/modules.php?name=News&file=article&sid=1141 As for Kavkaz... Same *foo* different day. ISP's can block all they'd like to, but it does little since my government tells me the terrorists now use crypto, proxies, and weapons of mass destruction. So most of these cmopilliterates are now hijacking mars rovers to read my GMail and plot, just what I needed. whois kavkaz.org Domain Name: KAVKAZ.ORG Registrar: NETWORK SOLUTIONS, INC. Whois Server: whois.networksolutions.com Referral URL: Name Server: ATRIVO.BASSINTER.COM Name Server: ATRIVO2.BASSINTER.COM Updated Date: 23-feb-2002 Registrant: Udug, Movladi (KAVKAZ14-DOM) 10 Bird Lane Orlando, FL 32860 US Domain Name: KAVKAZ.ORG Administrative Contact, Technical Contact: Udug, Movladi (ZWWPQJQEGI) [EMAIL PROTECTED] Udug,Movladi 10 Bird Lane Orlando, FL 32860 US +1-9745572730 123 123 1234 # whois -a 66.28.38.232 OrgName: Cogent Communications OrgID: COGC NetRange: 66.28.0.0 - 66.28.255.255 CIDR: 66.28.0.0/16 NetName: COGENT-NB- TechHandle: ZC108-ARIN TechName: Cogent Communications TechPhone: +1-877-875-4311 TechEmail: [EMAIL PROTECTED] =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D sil @ politrix . orghttp://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net "How can we account for our present situation unless we believe that men high in this government are concerting to deliver us to disaster?" Joseph McCarthy "America's Retreat from Victory"
Re: European Nanog?
On 14.09 13:23, Roland Perry wrote: > > > ... > >more to the point, who decided meeting content? essentially daniel > >karrenberg does. > > I thought it was a committee of the Workgroup chairs (apart perhaps from > the first day). Roland, you are almost right. >From http://www.ripe.net/ripe/meetings/ripe-49/eof-info.html : "The European Operators Forum (EOF) is a forum where new technologydevelopments of interest to Internet Protocol network operators arepresented and discussed. The EOF has no formal charter or chair. The agenda is co-ordinated by a program committee led by Rob Blokzijl, RIPE Chair. Participation is open to all interested parties. The EOF is normally a day and a half session that takes place prior to scheduled RIPE Working Group sessions. The Program Committee welcomes input for possible topics and can be reached at <[EMAIL PROTECTED]>. ... " All sugestions for content go to the eof-coord list. Anyone willing to contribute to putting together the EOF programme is welcome to join this list. It is an extremely informal group. Most, if not all, RIPE WG chairpeople are on the list; but it is not limited to them. The RIPE NCC currently supports me to act as a secretary and to look after the meeting/speaker logistics. Daniel
Russian ISPs block access to Chechen rebel web site
BBC Mon FS1 FsuPol kt/mjm/skh Source: Ekho Moskvy radio, Moscow, in Russian 0800 gmt 14 Sep 04 Russian Internet providers block access to Chechen rebel web site It seems that Moscow has managed to close down a Chechen separatist web site. Since this morning access to the Kavkaz-Tsentr web site and the Chechenpress page has been blocked. Yesterday the Russian Foreign Ministry demanded that Lithuania stop Kavkaz-Tsentr operating. The fact is that the separatists' server is located in the private flat of a Lithuanian MP. The Lithuanian ambassador to Russia was summoned to the Foreign Ministry yesterday. Meanwhile, Lithuanian official structures have not yet asked the service provider for Kavkaz-Tsentr to shut down the site. Ekho Moskvy was informed of this by the head of the Elneta company [Internet service provider], Rimantas Pasys. Pasys noted that at present the Kavkaz-Tsentr web site is working. It seems that access to the site is being prevented by service providers based in Russia.
Re: Email Complexes
Hi Joe, I was wondering when this question was going to be posted, so alas. I was having an issue where email (at my company) was on occassion, for various reasons, slow (i.e. messages were getting stuck either outbound or inbound). Of course by the time this was noticed the user tickets started flying in. So what I ended up doing was writting some scripts (for linux/unix) to do a test that provides a nice little webpage showing typical transaction times for email on a roundtrip basis. One of the biggest problems was that the internal email servers are MSExchange, so theres was little control I had over that portion, other than to show how long an email took to leave my Linux system, then get received back to that system. Works well if your NOC/Helpdesk doesn't mind looking at a webpage on a periodic basis, and I suppose one could modify it to do automated paging. Contact me off list if interested, I don't wish to get to OT here. Regards -Joe Blanchard - Original Message - From: "Joe Shen" <[EMAIL PROTECTED]> To: "Hosman, Ross" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Wednesday, September 15, 2004 4:29 AM Subject: RE: Email Complexes > > Hi, > > Is there any free tools or methods to measure SMTP > performance and email service quality between two > email server ? > > Is there any implementation of message track? > > thanks > > Joe > > http://sg.mobile.yahoo.com
Re: Network Configuration Management Practices
There has been some public available software for backing up Cisco router configuration. The backup is not in CVS but in plain file. Joe --- Alexei Roudnev <[EMAIL PROTECTED]> wrote: > > Hmm, there are many approaches, starting with _what > is primary_ (in Moscow's > ISP files was primary, in enterprise here configs > are primary). > > In my case, I use some hard rules: > - no matter what is primary, configurations should > be stored into CVS or > simular system, and made available (for network > engineers) on the internal > web (with restricted access); > - system should collect all changes automatically > (or update configs from > files automatically), make diffs and send change > reports. > - In any case, I must be able to see real > configuration and see all changes, > applying for last few weeks, without telnetting to > the box. > > Without such things, I am blind ( I feel myself > blind, when I come to the > new network, and they have not such things in their > system, making changes > _on live servers_ and making 'telnet' to evaluate > configuration). > > Few tools (opensource and commercial) allows to > automate this job. > > One more thing. We tried to review _proposed > changes_ and _changed applied_. > Practice showed, that it is impossible to see errors > in proposed updates, > even if 3 - 4 engineers review it (not design flaws, > but syntac and > semantics errors), so we did not got many use from > pre-change reviews > (except design ones). But we got extremely high > profit from post-change > reviews (verifying, what really changed on the > router / firewall after > maintanance window) - it allows to see some unwanted > changes and avoid few > possible service disruptions. > > > - Original Message - > From: "Scott Weeks" <[EMAIL PROTECTED]> > To: "Carl W.Kalbfleisch" <[EMAIL PROTECTED]> > Cc: <[EMAIL PROTECTED]> > Sent: Tuesday, September 14, 2004 3:08 PM > Subject: Re: Network Configuration Management > Practices > > > > > > > > > > On Tue, 14 Sep 2004, Carl W.Kalbfleisch wrote: > > > > : I am doing some independent research on Network > Configuration > > : Management Practices. I am trying to get > information from service > > : providers and enterprises on how they handle > this function. I have the > > : following specific questions: > > : > > : 1) What configuration issues most affect the > performance and > > : reliability of your network? > > > > > > Fingers... >;-) > > > > scott > > > > __ Do You Yahoo!? Download the latest ringtones, games, and more! http://sg.mobile.yahoo.com
RE: Email Complexes
Hi, Is there any free tools or methods to measure SMTP performance and email service quality between two email server ? Is there any implementation of message track? thanks Joe --- "Hosman, Ross" <[EMAIL PROTECTED]> wrote: > > I've gotten a few emails asking why we are doing > this. > > We are doing this in order to provider better > service to our Customers. > Charter need's pop3 > access at the following companies so that we can > monitor track and monitor > SMTP performance between our network and yours. > > AOL > Yahoo > Gmail > MSN/Hotmail > Cox > Comcast > Adelphia > Earthlink > Verizon > __ Do You Yahoo!? Download the latest ringtones, games, and more! http://sg.mobile.yahoo.com
Methodology for BGP policy development
I'm looking for some good material on the methodology (best practices) of moderately-complex BGP policy development. I've found no shortage of the tools (prefix lists, community list filters, route maps, etc) for *implementation* of BGP policy. Including plenty of router configuration examples. I'm looking for help with the steps before the router configuration. What is a good methodology to go from a set of (~30-50) narrative descriptions ("Propagate prefixes received from Customer Type X only to Peers Type Y") into a optimal, comprehensive set of community definitions, prefix/community/ASpath filters, route maps, peer templates, policy statements, etc? What methodology works for you? Are there presentations/papers/books/discussion threads that cover this aspect of routing policy development that you would recommend? Thanks for your help. Pete.
Re: Email Complexes
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 2004-09-15, at 00.48, Joe Abley wrote: > On 14 Sep 2004, at 17:39, Hosman, Ross wrote: > >> Ensuring that email flows freely between our mail complex and other >> top mail >> provider complexes is a support issue correct. Actually setting up the >> system to monitor and to ensure the support people get the data they >> need is >> operations/engineering. > > If getting mail from your mail complex is important to remote mail > complex A then talk to remote mail complex A and arrange something. If > remote mail complex A doesn't care, or doesn't return your mail, then > maybe mail complex A doesn't think your mail complex is worth worrying > about (or perhaps you are sufficiently notable that it's worth > blocking mail from you without generating bounce complexes). > > Unless your mail complex is sufficiently big that remote mail complex > A's customers are going to care (i.e. generate support complex load > above the noise floor) I wouldn't hold my breath complex waiting for > anybody to expend effort to help you with any of this for free. > > There isn't really any solution complex you're going to magically find > from the NANOG list complex beyond the suggestion complex that has > already been put forward (that of purchasing standard retail pop3 > mailbox complexes from the other provider complexes you're interested > in, and running text complexes between them and your mail complex.) This is just way to complex for me. - - kurtis - -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQA/AwUBQUfrZaarNKXTPFCVEQJh+wCfVVIlMV9TNIKzz3UuzeAJuzupVSkAnjW5 KFEaZxXJ5j1y4iR/P/k8OvhW =Lg2S -END PGP SIGNATURE-
Re: Open-Source Network Management Tools
On Wed, Sep 15, 2004 at 12:16:15AM -0700, Alexei Roudnev wrote: > In reality, to get best results, use some combination of few such systems. > All have string sides and weak sides. > (For example, snmpstat shows excellent network view, allowing to see exactly > what is going on, and shows good unlimited traffic patterns, such as average > packet size etc, have embedded tickets and reports, but have hardcoded set > of parameters so if you want something out of it's scope, it's not enough. > Others, such as nagual or cricket, allows to monitor everything but can not > show system overview and do not have usage reports. ) Add in Nodemap (http://nodemap.internode.on.net) as a way of gluing things together too. Provides an overview (configurable level of detail) and can be configured with hyperlinks to other places (MRTG/Cricket graphs, site descriptions, etc) - mark -- Mark Newton Email: [EMAIL PROTECTED] (W) Network Engineer Email: [EMAIL PROTECTED] (H) Internode Systems Pty Ltd Desk: +61-8-82282999 "Network Man" - Anagram of "Mark Newton" Mobile: +61-416-202-223
Re: Network Configuration Management Practices
Hmm, there are many approaches, starting with _what is primary_ (in Moscow's ISP files was primary, in enterprise here configs are primary). In my case, I use some hard rules: - no matter what is primary, configurations should be stored into CVS or simular system, and made available (for network engineers) on the internal web (with restricted access); - system should collect all changes automatically (or update configs from files automatically), make diffs and send change reports. - In any case, I must be able to see real configuration and see all changes, applying for last few weeks, without telnetting to the box. Without such things, I am blind ( I feel myself blind, when I come to the new network, and they have not such things in their system, making changes _on live servers_ and making 'telnet' to evaluate configuration). Few tools (opensource and commercial) allows to automate this job. One more thing. We tried to review _proposed changes_ and _changed applied_. Practice showed, that it is impossible to see errors in proposed updates, even if 3 - 4 engineers review it (not design flaws, but syntac and semantics errors), so we did not got many use from pre-change reviews (except design ones). But we got extremely high profit from post-change reviews (verifying, what really changed on the router / firewall after maintanance window) - it allows to see some unwanted changes and avoid few possible service disruptions. - Original Message - From: "Scott Weeks" <[EMAIL PROTECTED]> To: "Carl W.Kalbfleisch" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, September 14, 2004 3:08 PM Subject: Re: Network Configuration Management Practices > > > > On Tue, 14 Sep 2004, Carl W.Kalbfleisch wrote: > > : I am doing some independent research on Network Configuration > : Management Practices. I am trying to get information from service > : providers and enterprises on how they handle this function. I have the > : following specific questions: > : > : 1) What configuration issues most affect the performance and > : reliability of your network? > > > Fingers... >;-) > > scott >
Re: Open-Source Network Management Tools
In reality, to get best results, use some combination of few such systems. All have string sides and weak sides. (For example, snmpstat shows excellent network view, allowing to see exactly what is going on, and shows good unlimited traffic patterns, such as average packet size etc, have embedded tickets and reports, but have hardcoded set of parameters so if you want something out of it's scope, it's not enough. Others, such as nagual or cricket, allows to monitor everything but can not show system overview and do not have usage reports. ) - Original Message - From: "Lucas Iglesias" <[EMAIL PROTECTED]> To: "'Claydon, Tom'" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]> Sent: Tuesday, September 14, 2004 1:09 PM Subject: RE: Open-Source Network Management Tools > > We have been using JFFNMS (http://www.jffnms.org) for the last 2 years and > works just great. > You can monitor almost anything you'd like to via SNMP (we currently use it > to graph Traffic, Drops, Input Errors, RTT, Packet Loss, CPU, Memory, > Temperature, TCP Connections, BGP, etc). And has email/paging capabilities. > > Try it out and let me know. > > Luckas.- > > -Mensaje original- > De: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] nombre de > Claydon, Tom > Enviado el: Martes, 14 de Septiembre de 2004 04:48 p.m. > Para: [EMAIL PROTECTED] > Asunto: Open-Source Network Management Tools > > > > I'm looking for open-source alternatives for network management, such as > Nagios or Big Brother. We are currently using WhatsUp Gold, and would > like to move to something more flexible (and not running on a Windows > platform). Something that has email/paging capabilities, and can process > SNMP traps would be a plus for us as well. > > Recommendations? > > Thanks.
Re: Open-Source Network Management Tools
I use this (designed in Relcom 5 years ago, and re-newed hhere this year): http://snmpstat.sf.net (SNMP network monitoring, + Cisco configuration repository with automated change control, + ProBIND2, + many things which was not included, such as mhonacr archiving for all alerts / warnings / audits / reports, mnogosearch for document seaerch etc). In addition, we use 'cricket' for tiny router monitoring. - Original Message - From: "John Kinsella" <[EMAIL PROTECTED]> To: "Claydon, Tom" <[EMAIL PROTECTED]> Cc: <[EMAIL PROTECTED]> Sent: Tuesday, September 14, 2004 12:59 PM Subject: Re: Open-Source Network Management Tools > > On Tue, Sep 14, 2004 at 02:47:45PM -0500, Claydon, Tom wrote: > > I'm looking for open-source alternatives for network management, such as > > Nagios or Big Brother. We are currently using WhatsUp Gold, and would > > like to move to something more flexible (and not running on a Windows > > platform). Something that has email/paging capabilities, and can process > > SNMP traps would be a plus for us as well. > > Christ, WhatsUp Gold...that's giving me flashbacks! > Have you checked out... > http://www.nagios.org > http://www.bb4.org ? > :) > > I suspect what you might be looking for is something like OpenNMS, > http://www.opennms.org > > There's a few other packages out there, but IMHO they all suck in one > way or another. > > John