RE: BitTorrent is 35% of traffic ?
Cachelogic put appliances into the network that both monitor traffic (semi-deep packet inspection) and also cache P2P content to take the load of your network. While I don't think they made the figures up it's worth bearing in mind they are selling a 'solution' to the problem they highlight. For the record we have seen P2P traffic over 50% of our bandwidth utilisation - if bittorrent is the largest proportion then it could reach 35% of total bandwidth. Matt. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Deepak Jain Sent: 04 November 2004 21:09 To: [EMAIL PROTECTED] Subject: BitTorrent is 35% of traffic ? http://in.tech.yahoo.com/041103/137/2ho4i.html According to Reuters, BT is more traffic than web/other forms of traffic? I'm thinking the sampling methodology here might be a little skewed. Then again, I could be biased. Any other facts that would support this? DJ -- Live Life in Broadband www.telewest.co.uk The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Statements and opinions expressed in this e-mail may not represent those of the company. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender immediately and delete the material from any computer. ==
Re: BitTorrent is 35% of traffic ?
On Fri, 2004-11-05 at 02:12, Marshall Eubanks wrote: Reality check This week's netflow for the Internet 2 http://netflow.internet2.edu/weekly/20041025/ has BitTorrent taking up about 4.8 % of the traffic, http is 15 to 18%, and all file sharing is about 10%, down from 50% 2 years ago. Since file sharing and related uses are generally heavy traffic sources on I2, I would conclude that the Reuter's numbers are too high. Not really, Most popular bittorrent websites force you to use ports other than 6881. So netflow reports are inaccurate. My guess is that you could account a large chunk of 31.59% Unidentified to bittorrent. Regards, Bas
The Cidr Report
This report has been generated at Fri Nov 5 21:44:44 2004 AEST. The report analyses the BGP Routing Table of an AS4637 (Reach) router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org/as4637 for a current version of this report. Recent Table History Date PrefixesCIDR Agg 29-10-04147101 101511 30-10-04147048 101490 30-10-04147130 101422 01-11-04147021 101589 02-11-04147128 101682 03-11-04147367 101936 04-11-04147458 103774 05-11-04156315 103781 AS Summary 18307 Number of ASes in routing system 7463 Number of ASes announcing only one prefix 6090 Largest number of prefixes announced by an AS AS701 : UU UUNET Technologies, Inc. 81872128 Largest address span announced by an AS (/32s) AS721 : DNIC DoD Network Information Center Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 05Nov04 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 156209 1037895242033.6% All ASes AS701 6090 892 519885.4% UU UUNET Technologies, Inc. AS705 2258 1009 124955.3% UU UUNET Technologies, Inc. AS18566 7517 74499.1% CVAD Covad Communications AS4134 825 178 64778.4% CHINANET-BACKBONE No.31,Jin-rong Street AS4323 794 224 57071.8% TWTC Time Warner Telecom AS7018 1411 994 41729.6% ATTW ATT WorldNet Services AS7843 496 93 40381.2% ADELPH-13 Adelphia Corp. AS6197 807 423 38447.6% BNS-14 BellSouth Network Solutions, Inc AS22773 400 17 38395.8% CXA Cox Communications Inc. AS27364 414 35 37991.5% ARMC Armstrong Cable Services AS22909 409 66 34383.9% CMCS Comcast Cable Communications, Inc. AS15557 371 43 32888.4% LDCOMNET LDCOM NETWORKS AS6478 426 103 32375.8% ATTW ATT WorldNet Services AS1239 932 622 31033.3% SPRN Sprint AS17676 367 63 30482.8% JPNIC-JP-ASN-BLOCK Japan Network Information Center AS9929 335 33 30290.1% CNCNET-CN China Netcom Corp. AS4355 384 99 28574.2% ERSD EARTHLINK, INC AS4766 529 267 26249.5% KIXS-AS-KR Korea Telecom AS721 1012 751 26125.8% DNIC DoD Network Information Center AS14654 2606 25497.7% WAYPOR-3 Wayport AS21502 2543 25198.8% ASN-NUMERICABLE NUMERICABLE is a cabled network in France, AS9443 357 108 24969.7% INTERNETPRIMUS-AS-AP Primus Telecommunications AS6140 370 124 24666.5% IMPSA ImpSat AS25844 244 16 22893.4% SASMFL-2 Skadden, Arps, Slate, Meagher Flom LLP AS1221 805 578 22728.2% ASN-TELSTRA Telstra Pty Ltd AS2386 847 623 22426.4% ADCS-1 ATT Data Communications Services AS6198 433 221 21249.0% BNS-14 BellSouth Network Solutions, Inc AS22291 291 87 20470.1% CC04 Charter Communications AS3356 647 446 20131.1% LEVEL3 Level 3 Communications AS4814 2066 20097.1% CHINA169-BBN CNCGROUP IP network¡ªChina169 Beijing Broadband Network Total 23725 81371558865.7% Top 30 total Possible Bogus Routes 24.138.80.0/20 AS11260 AHSICHCL Andara High Speed Internet c/o Halifax Cable Ltd. 24.246.0.0/17AS7018 ATTW ATT WorldNet Services 24.246.38.0/24 AS25994 NPGCAB NPG Cable, INC 24.246.128.0/18 AS7018 ATTW ATT WorldNet Services 64.46.27.0/24AS8674 NETNOD-IX Netnod Internet Exchange Sverige AB 64.57.160.0/19 AS3561 CWU Cable Wireless USA 64.92.128.0/19 AS3561 CWU Cable Wireless USA 64.127.0.0/18AS7018 ATTW ATT WorldNet Services 64.209.192.0/18 AS3561
Re: The Cidr Report
On Nov 5, 2004, at 6:00 AM, [EMAIL PROTECTED] wrote: Recent Table History Date PrefixesCIDR Agg [...] 05-11-04156315 103781 Well, we broke 150K prefixes - and without someone deaggregating the classical B space. :) Impressive. Remember when the 'Net was supposed to have fallen over before now? Pat yourselves on the back everyone, you did the impossible. Congratulations are in order. -- TTFN, patrick
Light Reading: PIX Source Code For Sale
Black Market Offers Cisco's PIX [Firewall Source Code] NOVEMBER 05, 2004 Source code for Cisco Systems Inc.'s (Nasdaq: CSCO - message board) PIX firewall is up for sale. Too bad it's not Cisco doing the selling. An underground group known as the Source Code Collective is offering PIX version 6.3.1 for $24,000, according to a newsletter posted by the group to Usenet on Halloween. Little is known about SCC. The group debuted in July with an offer to sell source code from Enterasys Networks Inc.'s (NYSE: ETS - message board) Dragon Intrusion Defense System for $16,000 as well as Napster server and client source code for $10,000. Those prices have since gone up to $19,200 and $12,000, according to the recent newsletter. Those aren't the only companies in SCC's sights. The newsletter claims the group has virtual reams of source code to sell, but a full list is only available to previous buyers. If you are requesting something from a Fortune 100 company, there is a good chance that we might already have it, the newsletter says. SCC even takes requests, supposedly assigning a team of hackers to retrieve source code for a price. The newsletters are posted by someone calling himself Larry Hobbles with an email address registered to a South African domain. SCC originally did its selling through a Web site registered to a Ukrainian domain -- they're a very cosmopolitan crew -- but had to drop that business model, citing concerns from customers. SCC now communicates with customers through email and Usenet only. To allay concerns of authenticity, SCC is willing to sell its code in chunks, allowing the customer to verify that the product appears genuine before purchasing the whole thing. The PIX sale is Cisco's second significant source-code scandal this year. In May, hackers claimed to have stolen the code for one version of the company's Internetwork Operating System (IOS) and posted part of the bounty on a Russian Web site. A British man was arrested in September, but few other details of the investigation have emerged. (See Cisco's IOS Code 'Compromised' and Cisco Code Hacker Arrested .) Craig Matsumoto, Senior Editor, Light Reading http://www.lightreading.com/document.asp?site=lightreadingdoc_id=62317 --- [EMAIL PROTECTED]
Fwd: The Cidr Report
--- [EMAIL PROTECTED] wrote: AS701 6090 892 519885.4% UU UUNET Technologies, Inc. AS705 2258 1009 124955.3% UU UUNET Technologies, Inc. Top 20 Net Increased Routes per Originating AS Prefixes Change ASnum AS Description 4861 1224-6085 AS701 UU UUNET Technologies, Inc. 1820 437-2257 AS705 UU UUNET Technologies, Inc. 758 268-1026 AS7046UU UUNET Technologies, Inc. Any idea what happened here? Is this long-term? = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Check out the new Yahoo! Front Page. www.yahoo.com
Re: BitTorrent is 35% of traffic ?
On 11/4/04 8:12 PM, Marshall Eubanks [EMAIL PROTECTED] wrote: Reality check This week's netflow for the Internet 2 http://netflow.internet2.edu/weekly/20041025/ Yes, but, netflow (in terms of ip src/dst, protocol type, port numbers) is a poor way of classifying traffic that works in a fashion similar to what we're discussing here. P2p file sharing protocols is one instantiation.. SIP is another. The commercial tools for classifying deeper than header info a la netflow are out there already, although they may not be as slick to deploy as netflow (which brings its own challenges) by turning on knobs in software on existing routing equipment. The limitation is how motivated is the business to deploy the gear, not whether viable equipment exists for exactly that purpose.. Regards, Christian * The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. 118
Re: Network Monitoring System - Recommendations?
MIDAS looks interesting...a little confusing at first to setup but not too bad once you figure out what the various MIDASa/b/c/etc things do (Still working on that part... ;) ) http://midas-nms.sourceforge.net/ -- /\ \ / ASCII RIBBON CAMPAIGN XAGAINST HTML MAIL / \
Sweet 16 for Morris Worm....
Just ran across a reminder that at around midnight on Nov. 2, 1988, the Morris worm was released. Happy belated 16th birthday. :-) - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED]
what's a good way to annoy the hell out of somebody at chello.be?
a customer of chello.be has been repeating a dns dynamic update against my zone every four minutes since october 20. chello's abuse reporting channel is no doubt full of spam reports. their noc no doubt doesn't care about end-user problems. i nmap'd the offending box: Starting nmap 3.50 ( http://www.insecure.org/nmap/ ) at 2004-11-05 17:24 GMT Interesting ports on cable-62-205-122-245.upc.chello.be (62.205.122.245): (The 1638 ports scanned but not shown below are in state: closed) PORT STATESERVICE 9/tcp open discard 13/tcpopen daytime 21/tcpopen ftp 25/tcpopen smtp 37/tcpfiltered time 53/tcpopen domain 111/tcp open rpcbind 113/tcp filtered auth 135/tcp filtered msrpc 137/tcp filtered netbios-ns 138/tcp filtered netbios-dgm 139/tcp filtered netbios-ssn 445/tcp filtered microsoft-ds 515/tcp open printer 548/tcp open afpovertcp 1024/tcp open kdm 1025/tcp open NFS-or-IIS 1026/tcp filtered LSA-or-nterm 8009/tcp open ajp13 8080/tcp open http-proxy 1/tcp open snet-sensor-mgmt and i connected to every one of those services that i had a client for, and sent mail to the postmaster (using telnet and the @[] notation), but i think i have not done enough to set off any kind of intrusion detection systems. what's a socially acceptable way to be rude enough to make these people pay attention to me? i'm asking not just for this host -- i'm hoping there's a community standard i can follow, and recommend that others follow. the box is raw debian. in fact its hostname (according to its exim and bind) is debian. i don't think anybody's reading its postmaster mailbox. i do not think there is any evil intent in the updates they won't stop sending me, but they're filling my logs and i don't want to firewall them.
Re: what's a good way to annoy the hell out of somebody at chello.be?
we all have this kind of problem. if you're on freebsd, man ipfw. i am sure there are similar on other oss. randy
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to [EMAIL PROTECTED] If you have any comments please contact Philip Smith [EMAIL PROTECTED]. Routing Table Report 04:00 +10GMT Sat 06 Nov, 2004 Analysis Summary BGP routing table entries examined: 150267 Prefixes after maximum aggregation: 88743 Unique aggregates announced to Internet: 71812 Total ASes present in the Internet Routing Table: 18370 Origin-only ASes present in the Internet Routing Table: 15942 Origin ASes announcing only one prefix:7465 Transit ASes present in the Internet Routing Table:2428 Transit-only ASes present in the Internet Routing Table: 73 Average AS path length visible in the Internet Routing Table: 4.5 Max AS path length visible: 25 Prefixes from unregistered ASNs in the Routing Table: 8 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space: 15 Number of addresses announced to Internet: 1348239976 Equivalent to 80 /8s, 92 /16s and 130 /24s Percentage of available address space announced: 36.4 Percentage of allocated address space announced: 58.8 Percentage of available address space allocated: 61.9 Total number of prefixes smaller than registry allocations: 69113 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:29109 Total APNIC prefixes after maximum aggregation: 14393 Prefixes being announced from the APNIC address blocks: 27212 Unique aggregates announced from the APNIC address blocks:14288 APNIC Region origin ASes present in the Internet Routing Table:2160 APNIC Region origin ASes announcing only one prefix:650 APNIC Region transit ASes present in the Internet Routing Table:330 Average APNIC Region AS path length visible:4.4 Max APNIC Region AS path length visible: 15 Number of APNIC addresses announced to Internet: 165911680 Equivalent to 9 /8s, 227 /16s and 156 /24s Percentage of available APNIC address space announced: 75.7 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 23552-24575 APNIC Address Blocks 58/7, 60/7, 202/7, 210/7, 218/7, 220/7 and 222/8 ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes: 85556 Total ARIN prefixes after maximum aggregation:51860 Prefixes being announced from the ARIN address blocks:65373 Unique aggregates announced from the ARIN address blocks: 23358 ARIN Region origin ASes present in the Internet Routing Table: 9669 ARIN Region origin ASes announcing only one prefix:3474 ARIN Region transit ASes present in the Internet Routing Table: 949 Average ARIN Region AS path length visible: 4.3 Max ARIN Region AS path length visible: 16 Number of ARIN addresses announced to Internet: 234612736 Equivalent to 13 /8s, 251 /16s and 232 /24s Percentage of available ARIN address space announced: 69.9 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 2138-2584, 2615-2772, 2823-2829, 2880-3153 3354-4607, 4865-5119, 5632-6655, 6912-7466 7723-8191, 10240-12287, 13312-15359, 16384-17407 18432-20479, 21504-23551, 25600-26591, 26624-27647,29695-30719, 31744-33791 ARIN Address Blocks24/8, 63/8, 64/6, 68/7, 70/7, 72/8, 198/7, 204/6, 208/7 and 216/8 RIPE Region Analysis Summary Prefixes being announced by RIPE Region ASes: 27821 Total RIPE prefixes after maximum aggregation:19441 Prefixes being announced from the RIPE address blocks:24696 Unique aggregates announced from the RIPE address blocks: 16225 RIPE Region origin ASes present in the Internet Routing Table: 5978 RIPE Region origin ASes announcing only one prefix:3206 RIPE Region transit ASes present in the Internet Routing Table:1024 Average RIPE Region AS path length visible: 5.1 Max RIPE Region AS path length visible: 25 Number of RIPE addresses announced to Internet: 176087168 Equivalent to 10 /8s, 126 /16s and 224 /24s
rfc1978 help
Hi all Sth I want to clarify: 1/ 240.0.0.0/5 - Class E Reserved 248.0.0.0/5 - Unallocated Sometimes I got it should /4 or /5 ? 240.0.0.0/4 - Class E Reserved 248.0.0.0/4 - Unallocated 2/ Can I block it in the firewall for 255.255.255.255/32 - Broadcast? deny ip from any to 255.255.255.255/32 deny ip from 255.255.255.255/32 to any 3/ I got the following. ls it normail? why there is connection to the broadcast address tcp0 1 202.64.230.8:33397 192.168.255.255:25 SYN_SENT Deny TCP 202.64.230.8:33021 10.254.254.254:25 Deny TCP 202.64.230.8:57798 172.21.143.58:25 Thank you so much
Re: rfc1978 help
On Sat, 2004-11-06 at 02:07 +0800, adrian kok wrote: Hi all Sth I want to clarify: 1/ 240.0.0.0/5 - Class E Reserved 248.0.0.0/5 - Unallocated Sometimes I got it should /4 or /5 ? 240.0.0.0/4 - Class E Reserved 248.0.0.0/4 - Unallocated Look at the official list(tm): http://www.iana.org/assignments/ipv4-address-space 2/ Can I block it in the firewall for 255.255.255.255/32 - Broadcast? deny ip from any to 255.255.255.255/32 deny ip from 255.255.255.255/32 to any You can block anything you like 3/ I got the following. ls it normail? why there is connection to the broadcast address tcp0 1 202.64.230.8:33397 192.168.255.255:25 SYN_SENT 255.255 or anything ending in 255 doesn't need to be a broadcast interface. Welcome to the wonderful world of CIDR :) I guess you might want to take a look at: http://www.cymru.com/Bogons/index.html Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: what's a good way to annoy the hell out of somebody at chello.be?
On Fri, 05 Nov 2004 17:54:03 +, Paul Vixie [EMAIL PROTECTED] wrote: a customer of chello.be has been repeating a dns dynamic update against my zone every four minutes since october 20. chello's abuse reporting channel is no doubt full of spam reports. their noc no doubt doesn't care about end-user problems. Voice phone call to their NOC, maybe? Old-fashioned, but sometimes it helps. Alternatively, an SMTP alphabet spam against their box ought to find some email address beside the unread postmaster - but try sending mail to root first. Or just filter out their IP address.
Re: what's a good way to annoy the hell out of somebody at chello.be?
Hi, On Fri, Nov 05, 2004 at 05:54:03PM +, Paul Vixie wrote: compose a 'written-by-a-lawyer' looking letter in plain text and print it out. I bet 515/udp is open as well and most printers can handle plain ASCII. 515/tcp open printer -andreas
AOL tarpitting?
had AOL tarpitting gotten quite a bit more aggressive in the last few days? It happened to us and we signed up for their feedback loop and rerouted our mail to them via another route. The new route was tarpitted within 24 hours and absolutely nothing was communicated to us about it via the feedback loop. Does that thing actually work? Any contacts, on or off list who could advise? -mark -- Mark Jeftovic [EMAIL PROTECTED] Co-founder, easyDNS Technologies Inc. ph. +1-(416)-535-8672 ext 225 fx. +1-(416)-535-0237
Re: rfc1978 help
On Fri, 5 Nov 2004, Jeroen Massar wrote: [snip] 3/ I got the following. ls it normail? why there is connection to the broadcast address tcp0 1 202.64.230.8:33397 192.168.255.255:25 SYN_SENT 255.255 or anything ending in 255 doesn't need to be a broadcast interface. Welcome to the wonderful world of CIDR :) This is probably a bounce headed toward deliberately broken MXes - anyone else seeing a lot of this lately? (tons of domains with conspicuously common nameservers, serving up unreachable A/MX and hosing queues) J. -- Jess Kitchen ^ burstfire.net[works] _25492$ | www.burstfire.net.uk
Re: Question for WHOIS query
On this subject, is there a mirror for TW Nic whois information ? I get nothing from http://whois.twnic.net/ or a direct whois query to twnic.net. Is this just down, or is it limited to Taiwan queries ? Regards Marshall Eubanks On Thu, 4 Nov 2004 02:04:45 -0500 Patrick W Gilmore [EMAIL PROTECTED] wrote: On Nov 3, 2004, at 7:50 PM, Dan Lockwood wrote: Where can a person go to get a one stop WHOIS query for AS and prefix information instead of trying ARIN, then RIPE, etc? I kinda like: whois -h whois.geektools.com foo Works for IPs, ASes, domains, etc. Auto-detects, no need for as-foo or the like. Source is available. There is a web query at www.geektools.com, but that's silly. It does limit the number of queries a day, but you can ask them to raise the limit for you if you have legit reasons. -- TTFN, patrick P.S. Thanx Rodney team!
Re: AOL tarpitting?
At 2:26 PM -0500 11/5/04, Mark Jeftovic wrote: had AOL tarpitting gotten quite a bit more aggressive in the last few days? One of the sites I run (hosted on cihost) recently started getting bad SMTP responses from AOL. We worked around by routing AOL and Compuserver mail through a gateway that cihost claims is clean, but we haven't been able to get a clear story on why our IPs were being blocked, or how to unblock them. I had heard elsewhere that AOL is cracking down on ISPs they feel aren't keeping clean, but I don't know if that's related.
Re: rfc1978 help
On Fri, 2004-11-05 at 14:29 -0600, Todd T. Fries wrote: I've been seeing MX's resolving to 127.0.0.1 for a few months now, and planning to write some sort of envelope from checking apparatus to refuse email who's envelope from MX resolves to 127.0.0.1 (and now that you mention it), rfc1918 address space (and perhaps bogon space as well?)... Better block the internet in that case ;) I heared of BGP feeds that provide 'questionable prefixes' so that one can nicely nullroute those using that system. I still am of the opinion that only accepting verifyable PGP signed mail could slow spammers down a bit, then at least the spambot took the time of generating, distributing and letting people trust the spambots key. Maybe trow in some trust metric ala advogato!? Then again, the spambots will simply find the preconfigured key from an infected user and start using that, save passwords ole, at least one then knows the source it is coming from is really also able to sign it that way, thus most likely is the problem person, unless the virus of course redistributes the pgp keys using some nice p2p algo to other worms. (ohoh :) This would at least take away most of the virusses sending random sources. But getting everybody to do PGP-signed mail is asking the same thing as asking people to turn of sending html emails, A somewhat similar scheme does work for RIPE-db updates, but the people submitting there have probably some clue on how to configure their boxes and unfortunately we are of course talking about $lusers. Spam already lost it from virusses and the spam coming forth from misconfigured antivirus tools sending 'hi you send a virus' alike messages. Above setup should be able to work for closed communities like mailinglists where only a few number of people post, if you want to post, sign your message, mailinglist software could then verify the key and only pass it on if the member is subscribed and the signature is valid. A virus picking random addresses and sending to existing messages in the mailbox, thus having 'valid' source/dest combinations doesn't make much of chance then unless it figures out the pgp key and the password. Then again I just might be a ... http://www.rhyolite.com/anti-spam/you-might-be.html ;) BTW1: that because you quote above my complete message, my message becomes part of your signature and my mailer nicely ignores it ;) BTW2: Ooops... discussing spammy related things on NANOG Greets, Jeroen signature.asc Description: This is a digitally signed message part
Interland.net noc contact
Anyone have a contact for Interland.net's noc? I don't see them on the noc list.. (http://puck.nether.net/netops/) and the interland customer care (HA!) reps have no concept of what the word proactive means. Drop me a line off list please.. thanks. begin:vcard fn:Matt Hess n:Hess;Matt org:LiveWireNet adr;dom:;;4577 Pecos St;Denver;CO;80211 email;internet:[EMAIL PROTECTED] title:Senior Network Engineer tel;work:303-458-5667 tel;fax:303-458-5725 x-mozilla-html:FALSE url:http://www.livewirenet.com/ version:2.1 end:vcard
Re: what's a good way to annoy the hell out of somebody at chello.be?
Paul Vixie wrote: a customer of chello.be has been repeating a dns dynamic update against my zone every four minutes since october 20. chello's abuse reporting channel is no doubt full of spam reports. their noc no doubt doesn't care about end-user problems. i nmap'd the offending box: Hmmm.. Couldn't sending them [and only them] specifically bad information for your zone... say everything (*) goes to a webpage that says you REALLY need to fix this? I think most ISPs could reach their unreachable customers by forcing all their connections [http at least] to a page that starts out with your web surfing has been interrupted because we need to talk to you... please wait 60 seconds to be taken to the web page you wanted to get to. Or just call us.. And the time keeps getting longer... and longer... as more time passes without it being cleared by the noc. It seems to get my attention in hotels when they hotel does it to me [and expires my dhcp ip]. Usually that is just that I need to renew my daily IP subscription, but you get the drift. If they are requesting information from you, give them information that directs them to contact you. [I am imagining a world where every file on an FTP server becomes a README when you have violated their access rules]. Not saying its a good idea.. Just an idea. Deepak
Re: Question for WHOIS query
Marshall Eubanks [05/11/04 15:43 -0500]: On this subject, is there a mirror for TW Nic whois information ? I get nothing from http://whois.twnic.net/ or a direct whois query to twnic.net. whois.twnic.net.tw works. srs
Re: what's a good way to annoy the hell out of somebody at chello.be?
On 2004-11-05, Andreas Ott [EMAIL PROTECTED] wrote: compose a 'written-by-a-lawyer' looking letter in plain text and print it out. I bet 515/udp is open as well and most printers can handle plain ASCII. 515/tcp open printer Ron Guilmette used to notify operators of insecure machines with remote writes to syslog (that'd get logged on the console, as like as not) .. that didn't exactly win him friends or influence people (including Paul Vixie I think) some 5..6 years back :) srs