Neutral Colo - Las Vegas, NV
Title: Neutral Colo - Las Vegas, NV Hi, Can anyone tell me if there are any carrier neutral data centers in Las Vegas, NV? Thanks. -Charlie
Re: Unflattering comments about ISPs and DDOS
Or why don't they just create the $0 flash video or html step by step instructions? Why doesn't the dummy series create "Comcast for dummies", as they have for AOL users. On Mon, 6 Dec 2004 21:45:30 -0500, D. Campbell MacInnes <[EMAIL PROTECTED]> wrote: > > > > > > > > > "reconfigure their mail programs to point at Comcast's servers, and > > > each phone call to the help desk costs $9." > > > > > > And they couldn't spend say: > > > > $1.00 per CD with a vb script or instructions on doing this > > > > $100.00 (far fetched price) to have an interactive > > step-by-step flash video created to show their customers > > > > $1000.00 (far fetched price) to set up some VXML based number > > with a "Press 1 to RTFM... Press 2 to RTFM again" > > > > Even at an uber high charge (800/866 toll) of say $4.00 per > > call, they could still implement the changes save tons of > > money, and tons of aspirin when their headaches go away. > > Maybe someone here can draft up a $10,000,000.00 pitch it to > > them become an instant millionaire and save Comcast some > > money at the same time. > > > > > > Speaking as someone who has run a (admittedly small) help/support desk, > I can say in no uncertain terms that you would be astounded at the > number of customers who will ignore every single one of these solutions > and fight their way through to a live person simply because "that > couldn't possibly have anything to do with MY problem". > > Not saying Comcast is right to not do it (though I'm also not saying > they SHOULD do it), but I am saying that their figures, while likely > somewhat inflated, probably aren't nearly as inflated as some might > think they are. > > ++ > D. Campbell MacInnes > > -- Joshua Brady
Re: Unflattering comments about ISPs and DDOS
On 12/06/04, "Blake L. Smith - XtremeBandwidth.com, Inc." <[EMAIL PROTECTED]> wrote: > Since Comcast allows spamming (doesn't do anything to stop it) people > should start spamming the phones at the help desk and let them know > about the spam on their network. Although - two wrongs don't make a > right. Also, that's been tried before (first instance I can remember being AGIS, circa 1996-1997), and has never had any appreciable direct effect. Other tactics still work better. -- J.D. Falk okay, what's next? <[EMAIL PROTECTED]>
RE: Unflattering comments about ISPs and DDOS
> > > "reconfigure their mail programs to point at Comcast's servers, and > > each phone call to the help desk costs $9." > > > And they couldn't spend say: > > $1.00 per CD with a vb script or instructions on doing this > > $100.00 (far fetched price) to have an interactive > step-by-step flash video created to show their customers > > $1000.00 (far fetched price) to set up some VXML based number > with a "Press 1 to RTFM... Press 2 to RTFM again" > > Even at an uber high charge (800/866 toll) of say $4.00 per > call, they could still implement the changes save tons of > money, and tons of aspirin when their headaches go away. > Maybe someone here can draft up a $10,000,000.00 pitch it to > them become an instant millionaire and save Comcast some > money at the same time. > > Speaking as someone who has run a (admittedly small) help/support desk, I can say in no uncertain terms that you would be astounded at the number of customers who will ignore every single one of these solutions and fight their way through to a live person simply because "that couldn't possibly have anything to do with MY problem". Not saying Comcast is right to not do it (though I'm also not saying they SHOULD do it), but I am saying that their figures, while likely somewhat inflated, probably aren't nearly as inflated as some might think they are. ++ D. Campbell MacInnes
RE: Unflattering comments about ISPs and DDOS
> "reconfigure their mail programs to point at Comcast's > servers, and each phone call to the help desk costs $9." And they couldn't spend say: $1.00 per CD with a vb script or instructions on doing this $100.00 (far fetched price) to have an interactive step-by-step flash video created to show their customers $1000.00 (far fetched price) to set up some VXML based number with a "Press 1 to RTFM... Press 2 to RTFM again" Even at an uber high charge (800/866 toll) of say $4.00 per call, they could still implement the changes save tons of money, and tons of aspirin when their headaches go away. Maybe someone here can draft up a $10,000,000.00 pitch it to them become an instant millionaire and save Comcast some money at the same time. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x51F9D78D sil @ politrix . orghttp://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net "How can we account for our present situation unless we believe that men high in this government are concerting to deliver us to disaster?" Joseph McCarthy "America's Retreat from Victory"
RE: Unflattering comments about ISPs and DDOS
Since Comcast allows spamming (doesn't do anything to stop it) people should start spamming the phones at the help desk and let them know about the spam on their network. Although - two wrongs don't make a right. Best Wishes, Blake L. Smith XtremeBandwidth.com, Inc. 949-330-6400 Office 949-606-7100 Fax www.XtremeBandwidth.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rich Kulawiec Sent: Monday, December 06, 2004 4:19 PM To: [EMAIL PROTECTED] Subject: Re: Unflattering comments about ISPs and DDOS On Mon, Dec 06, 2004 at 04:56:49PM +, [EMAIL PROTECTED] wrote: > And if enough people clean up the bots on their network, > then a case can be made for depeering (or severely damping) > networks that don't clean up their act. Agreed. But few, if any, will "clean up their act". For instance, consider: http://news.com.com/2102-1034_3-5218178.html which is a news story discussing the enormous number of spam-spewing zombies on Comcast's network and which says (in part): "Based on my conversations last week, Comcast's network engineers would like to be more aggressive. But the marketing department shot down a ban on port 25 because of its circa $58 million price tag--so high partially because some subscribers would have to be told how to reconfigure their mail programs to point at Comcast's servers, and each phone call to the help desk costs $9." Since Comcast has elected not to pay that hypothetical $58 million dollar price tag, see if you can guess who is. Those costs (whatever they are) don't just evaporate into nothingness merely because Comcast isn't picking up the tab. Please note that since then, they've begun doing *some* port-25 blocking: http://news.com.com/2102-1038_3-5230615.html But I can't find any evidence that they're doing anything other than reactively blocking port 25 connections based on some usage threshold. And of course that's purely symptomatic treatment for the problem-of-the-moment: it doesn't cure the disease, doesn't un-zombie the zombies and thus it lets them do anything/everything else they want. ---Rsk
Re: Unflattering comments about ISPs and DDOS
> > "Based on my conversations last week, Comcast's network engineers > > would like to be more aggressive. But the marketing department > > shot down a ban on port 25 because of its circa $58 million price ... > > Thats quite ok, if theyre unwilling to filter port 25 on their end, we > are more than happy to filter port 25 on our end. Many have already done > this. right, me too, but a surprising number of my friends strangely believe that their ~1Mbit/sec home dsl connection (which 100millions of less-clued people have) should be able to originate e-mail the same way their ~1Mbit/sec work DS-1 line (which only a few million had, and most of those cluefully) did. therefore, while i reject e-mail from dsl on a wholesale basis, i have to whitelist certain friends on a retail basis -- which is madness without end. far better for the cable and dsl providers to kill off outbound smtp by default and then re-enable it when a customer waves the right clue-flag. [off-topic: lots of you/us have proposed global whitelists to solve this kind of thing, but nobody has yet figured out how a scalable community can have a single definition of "that which is good"... so don't start that thread again just because it seems desireable (which it is) and technically easy (also).] -- Paul Vixie
Re: LG close to MCI Japan anyone?
Suresh Ramasubramanian wrote: I'm currently searching for a looking glass close to AS703 in Japan. Unfortunately, JPIX doesn't offer one (would have been to easy anyway). http://lg01.colo01.bbtower.ad.jp/ http://bgp4.jp/ http://neptune.dti.ad.jp/ixp2-lg.html (The Looking Glass Wiki at bgp4.net can be handy sometimes.)
Re: Bangladesh gets itself an IXP
Majid Farid wrote: Also http://www.pie.net.pk/ for Pakistan. You sure it is an open peering point rather than a government mandated interconnection for (say) filtering or monitoring purposes, or to make the job of the incumbent telco there easier? Just asking if anybody knows, as the exchange website doesnt seem to have any details beyond a looking glass and a password protected smoke ping page. -- suresh ramasubramanian [EMAIL PROTECTED] gpg # EDEDEFB9 manager, security & antispam operations, outblaze limited
Re: Unflattering comments about ISPs and DDOS
On Mon, 6 Dec 2004, Rich Kulawiec wrote: > "Based on my conversations last week, Comcast's network engineers > would like to be more aggressive. But the marketing department > shot down a ban on port 25 because of its circa $58 million price > tag--so high partially because some subscribers would have to be > told how to reconfigure their mail programs to point at Comcast's > servers, and each phone call to the help desk costs $9." Thats quite ok, if theyre unwilling to filter port 25 on their end, we are more than happy to filter port 25 on our end. Many have already done this. -Dan
Re: Unflattering comments about ISPs and DDOS
On Mon, Dec 06, 2004 at 04:56:49PM +, [EMAIL PROTECTED] wrote: > And if enough people clean up the bots on their network, > then a case can be made for depeering (or severely damping) > networks that don't clean up their act. Agreed. But few, if any, will "clean up their act". For instance, consider: http://news.com.com/2102-1034_3-5218178.html which is a news story discussing the enormous number of spam-spewing zombies on Comcast's network and which says (in part): "Based on my conversations last week, Comcast's network engineers would like to be more aggressive. But the marketing department shot down a ban on port 25 because of its circa $58 million price tag--so high partially because some subscribers would have to be told how to reconfigure their mail programs to point at Comcast's servers, and each phone call to the help desk costs $9." Since Comcast has elected not to pay that hypothetical $58 million dollar price tag, see if you can guess who is. Those costs (whatever they are) don't just evaporate into nothingness merely because Comcast isn't picking up the tab. Please note that since then, they've begun doing *some* port-25 blocking: http://news.com.com/2102-1038_3-5230615.html But I can't find any evidence that they're doing anything other than reactively blocking port 25 connections based on some usage threshold. And of course that's purely symptomatic treatment for the problem-of-the-moment: it doesn't cure the disease, doesn't un-zombie the zombies and thus it lets them do anything/everything else they want. ---Rsk
Re: Sprint security contact
I had a couple of requests outside the list to pass on any information I found. The puck.nether.net phone number is correct. To get to the NOC it is option #3. Option #2 is for trouble/ticketing. There's additional information given between each option, so it takes a while to hear that one. On Mon, 6 Dec 2004, Erond wrote: :> :> :>One of our customers is currently undergoing a ~30Mbs DDoS to a single IP. :>We've BGP blackholed them within our network, but they are still beating up :>on our upstream links. :> :>UUNET has blocked them internally, but I'm getting bounced around within :>Sprint to have their NOC/security group work on it. I started with our :>contact information and also the puck.nether.net info. :> :>If there is a Sprint security person on list, please contact me. If :>somebody has a direct Sprint NOC/Security contact, please pass it along. :> :>Thanks, :>Rick :> :>
RE: Bangladesh gets itself an IXP
Also http://www.pie.net.pk/ for Pakistan. -- Majid. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Suresh Ramasubramanian Sent: Monday, December 06, 2004 8:56 AM To: [EMAIL PROTECTED] Subject: Bangladesh gets itself an IXP http://www.bdix.net looks quite good to me. Open peering, with over 10 local ISPs peering there. What a change from the joke that is NIXI (www.nixi.org) in India .. srs (depressed)
Sprint security contact
One of our customers is currently undergoing a ~30Mbs DDoS to a single IP. We've BGP blackholed them within our network, but they are still beating up on our upstream links. UUNET has blocked them internally, but I'm getting bounced around within Sprint to have their NOC/security group work on it. I started with our contact information and also the puck.nether.net info. If there is a Sprint security person on list, please contact me. If somebody has a direct Sprint NOC/Security contact, please pass it along. Thanks, Rick
RE: Blocking worms/ddos for customer for free?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 > -Original Message- > From: Kim Onnel [mailto:[EMAIL PROTECTED] > Posted At: Monday, December 06, 2004 11:46 AM > Posted To: NANOG > Conversation: Blocking worms/ddos for customer for free? > Subject: Blocking worms/ddos for customer for free? > > > > Hello, > > Currently, on our ingress, we block spoofed packets, common > worms/trojans ports. > > We do that for all of our customers(residential DSL, Dial-up, > Corporate DSL, and the data center hosted websites/servers), > however, > > For me there are 2 ways to look at it, > if i leave these worms to come in, they would consume our > bandwidth and CPU, and on the other hand, it looks like we're > giving a free service, which in a way uses up our resources, > > Its the same for DDoS, if i stop it for a customer, i'm > giving him a free a service, if i dont, its gonna wreck my network. > > Personally, i block the illegitimate packets out of my > network(egress) but thats because i owe this to the internet > community, even if i am not getting paid for it. > > I would like to know other providers policy about this? > Blocking spoofed packets (inbound and outbound) is certainly a good thing and, in my opinion should be done by providers across the board. Blocking worms/trojan/whatever ports starts to get a little more difficult. Mainly due to the fact that they often times use ports and protocols that are valid and blocking them breaks things that are required. At the risk of starting the whole "Microsoft stuff should be banned from the Internet rant" I'll use the example of ports 135-139. Some people block those ports and don't get too much grief from their customer base. Others that try to block them find that at least some portion of the customer base complains because they have something that relies on those ports to work. This leads many to choose the path of least resistance and not filter. The other challenge with filtering is that it can consume resources, in some cases more quickly than not filtering at all. If traffic levels are high enough filtering can melt down your router more quickly than not filtering. This obviously depends on a number of things and we are seeing vendors produce routers that can filter at line rate without impacting performance or just plain falling over. Those routers can be very expensive however and if someone isn't paying for that additional service it can be hard to justify upgrading to a new line card that runs an easy six figures just to become your customer's free firewall. Those two things said, we don't believe that we are our customer's firewall unless specifically contracted to perform that task. That insures that we are compensated for the resources consumed and that we all agree on what is or is not valid traffic. All to often we have found that valid traffic for one person is not valid traffic for another so "firewall rules" will vary from one customer to the next. DDOS inbound to your customer may or may not wreck your network and what looks like a DDOS attack can be valid traffic for some customers. I know that we handle it on a case-by-case basis with good customer communication before we take action, assuming it isn't wrecking the rest of our network. If it is wrecking our network then we subscribe to the "Sacrifice the one to save the many" philosophy and will stop the attack. DDOS outbound from your network is again something that you need to double check to insure that it really is a DDOS attack. In our case if we see something that we strongly believe to be an outbound attack or can verify as an outbound attack then we'll take action. Anomolous traffic gets investigated to see if it is an attack or if it is valid. That, to us, is just part of being a good net citizen and making sure our customers don't ruin someone else's day. Regards, Chad - Chad E Skidmore One Eighty Networks, Inc. http://www.go180.net 509-688-8180 -BEGIN PGP SIGNATURE- Version: PGP 8.1 iQA/AwUBQbS/XU2RUJ5udBnvEQKY9ACdEDqM/PMlkKCokIgduKfQnvkHf3cAoN2B 40u2sItiQQdZ/xVChcXO1oTP =E0NF -END PGP SIGNATURE-
Re: Blocking worms/ddos for customer for free?
We have bogon filters in place to filter ingress traffic from our upstreams. As for blocking worms and other nasties our views have changed with the increasingly hostile climate... In the past we have taken the approach that a "service provider" should do exactly that - provide service. Since we didn't offer a managed firewall service it was the responsiblity of our customers to protect themselves and others from their infected machines. At the risk of pouring gas on the fire, I think we're all aware of how well this works in the face of Blaster, Nachi, Code Red, and others. As it stands now, we attempt to block this type of traffic before it enters our network where possible. Not because we want to protect the 65 year-old retired school teacher who just signed up for his first DSL account with no firewall, no antivirus software, etc. Our focus is strictly to protect our access and distribution routers from having to deal with the flood of unnecessary collateral traffic associated with Grandpa** and his new fandangled internet thingy. -- It's not easy juggling a pregnant wife and a troubled child, but somehow I still manage to squeeze in 8 hours of TV a day. - Homer Simpson Daniel Evans On Mon, 6 Dec 2004 21:46:04 +0200 Kim Onnel <[EMAIL PROTECTED]> wrote: > > Hello, > > Currently, on our ingress, we block spoofed packets, common worms/trojans > ports. > > We do that for all of our customers(residential DSL, Dial-up, > Corporate DSL, and the data center hosted websites/servers), however, > > For me there are 2 ways to look at it, > if i leave these worms to come in, they would consume our bandwidth > and CPU, and on the other hand, it looks like we're giving a free > service, which in a way uses up our resources, > > Its the same for DDoS, if i stop it for a customer, i'm giving him a > free a service, if i dont, its gonna wreck my network. > > Personally, i block the illegitimate packets out of my network(egress) > but thats because i owe this to the internet community, even if i am > not getting paid for it. > > I would like to know other providers policy about this?
Blocking worms/ddos for customer for free?
Hello, Currently, on our ingress, we block spoofed packets, common worms/trojans ports. We do that for all of our customers(residential DSL, Dial-up, Corporate DSL, and the data center hosted websites/servers), however, For me there are 2 ways to look at it, if i leave these worms to come in, they would consume our bandwidth and CPU, and on the other hand, it looks like we're giving a free service, which in a way uses up our resources, Its the same for DDoS, if i stop it for a customer, i'm giving him a free a service, if i dont, its gonna wreck my network. Personally, i block the illegitimate packets out of my network(egress) but thats because i owe this to the internet community, even if i am not getting paid for it. I would like to know other providers policy about this?
Re: 16-bit ASN kludge
Sorry... I was talking about Eds proposal... I hadn't noticed the shift to an entirely different proposal by John. I think Eds proposal (which I proposed some modification to) has merit. I think Johns alternative is far less desirable and agree with your concerns about it. Owen --On Monday, December 6, 2004 1:32 PM -0500 [EMAIL PROTECTED] wrote: On Mon, 06 Dec 2004 10:14:12 PST, Owen DeLong said: The proposal wasn't for "parallel" ASN space. The proposal was to have a range of ASNs for leaf-networks and a range for transit networks, allowing transit networks to make more rational (possibly automated) decisions about route aggregation. That may be sane, but that's not how I read John's actual proposal: On Fri, 03 Dec 2004 16:36:39 -0600, John Dupuy said: Along these lines, one could leave the transit AS networks alone if a parallel 16 bit ASN space were created. Essentially, any non-transit network would have it's non-public ASN retranslated NAT-style by upstream transit network border routers. Only the border routers would have to be changed. They would have to differentiate between public ASN X and non-public ASN X (same number) based on the which side of the router the ASN was learned from. I don't see anything about ranges, but an entire parallel 16 bit space. And John's definitely talking about them possibly having a 1312 on both sides, because it matters which side you hear about it from. Conversely, if it matters which side you hear about it from, it also matters which side you announce it on.. which was my point. -- If it wasn't crypto-signed, it probably didn't come from me. pgpVsB6eWn3Qd.pgp Description: PGP signature
Re: 16-bit ASN kludge
On Mon, 06 Dec 2004 10:14:12 PST, Owen DeLong said: > The proposal wasn't for "parallel" ASN space. The proposal was to have > a range of ASNs for leaf-networks and a range for transit networks, allowing > transit networks to make more rational (possibly automated) decisions about > route aggregation. That may be sane, but that's not how I read John's actual proposal: On Fri, 03 Dec 2004 16:36:39 -0600, John Dupuy said: > Along these lines, one could leave the transit AS networks alone if a > parallel 16 bit ASN space were created. Essentially, any non-transit > network would have it's non-public ASN retranslated NAT-style by upstream > transit network border routers. Only the border routers would have to be > changed. They would have to differentiate between public ASN X and > non-public ASN X (same number) based on the which side of the router the > ASN was learned from. I don't see anything about ranges, but an entire parallel 16 bit space. And John's definitely talking about them possibly having a 1312 on both sides, because it matters which side you hear about it from. Conversely, if it matters which side you hear about it from, it also matters which side you announce it on.. which was my point. pgpZH4s7Q1BWX.pgp Description: PGP signature
Re: Bogon filtering (don't ban me)
On Dec 6, 2004, at 6:30 AM, [EMAIL PROTECTED] wrote: The point is that the bogon feed doesn't need to be hooked directly into your routers. This is what Patrick Gilmore does, i.e. he takes the bogon feed into a managenment system, generates an ACL and then periodically applies the ACL to his routers. Presumably that ACL gets checked by a clueful person before it goes out. Just to be clear, I did not say that is what I did, or any organization I work for did. It was just a possible suggestion, not a requirement or a statement of fact. I'm just interested in cleaning up the cruft on the 'Net. Useless deaggregates, bogons, spoofed source, etc. You know, the things YOU can do with YOUR network and YOUR customers so _I_ do not have to deal with it. Given how much time and effort has been spent on things like "filtering on allocation boundaries" because some big networks do not want to take some /24s when little guys multi-home, you would think everyone would get behind this and push really hard. Just seems like a much bigger win with far fewer religious questions. But, of course, that wouldn't be nearly as fun. :) -- TTFN, patrick
Re: 16-bit ASN kludge
The proposal was that transit ASNs would begin with 12 leading 0 bits and non-transit ASNs would not. As such, 1312 would not be a non-transit ASN. The proposal wasn't for "parallel" ASN space. The proposal was to have a range of ASNs for leaf-networks and a range for transit networks, allowing transit networks to make more rational (possibly automated) decisions about route aggregation. Owen --On Monday, December 6, 2004 12:54 PM -0500 [EMAIL PROTECTED] wrote: On Fri, 03 Dec 2004 15:23:55 PST, Owen DeLong said: I don't see non-transit ASN leakage as any greater issue than current private ASN leakage. If somebody leaks a private ASN, we can tell that it's a private ASN by inspection. If somebody is using '1312' inside their parallel ASN space and accidentally leaks it, it's a bit harder to diagnose. And if somebody is leaking 1312, I'll be quite put out... ;) -- If it wasn't crypto-signed, it probably didn't come from me. pgp7pO3W3pDw3.pgp Description: PGP signature
RE: Bogon filtering (don't ban me)
Just thinking out loud, but is there any reason that this route-server methodology couldn't be applied to other 'undesirable' destinations, such as the world's top spammers, phishing web sites, etc? Maybe break them up into different communities, so subscribers can pick which ones they want to filter. Sounds like a good idea, though with the administrative overhead of managing such a project, as much as I'd like to see something like that offered for free, it would most likely have to be a subscription based service. You're also talking a hell of a lot more information in your routing table, since at this point we're talking some pretty granular routes. I mean if people complain about 150K+ routes now?
Re: 16-bit ASN kludge
On Fri, 03 Dec 2004 15:23:55 PST, Owen DeLong said: > I don't see non-transit ASN leakage as any greater issue than current > private ASN leakage. If somebody leaks a private ASN, we can tell that it's a private ASN by inspection. If somebody is using '1312' inside their parallel ASN space and accidentally leaks it, it's a bit harder to diagnose. And if somebody is leaking 1312, I'll be quite put out... ;) pgpGlwVXtqAlO.pgp Description: PGP signature
Unflattering comments about ISPs and DDOS
This article in ZDNET UK entitled "WIth ISPs like this, who needs enemies?" http://comment.zdnet.co.uk/andrewdonoghue/0,39027004,39175983,00.htm contains some rather unflattering comments about ISPs who don't help customers deal with DDOS attacks. The head of security technology for a major ISP named in the article said: "Why should ISPs do something? It's very much as if people want something for nothing. This noise is superfluous and silly." The thinking is this. There are two operational problems here, one big and one small. The big one is when your customer is the target of DDoS. The small one is when your customers originate the DDoS. I think the writer is telling us to treat these as two sides of the same problem. If management buys into this view then it would make the business case for the operational effort needed to clean up botnets. And if enough people clean up the bots on their network, then a case can be made for depeering (or severely damping) networks that don't clean up their act. --Michael Dillon
Re: [OT] Re: Banned on NANOG
--- Alex Bligh <[EMAIL PROTECTED]> wrote: > --On 04 December 2004 17:35 + Paul Vixie > <[EMAIL PROTECTED]> wrote: > > > third and last, there are a number of principles > > up for grabs right now, and the folks who want to > > grab them aren't universal in their motives or > > goals. some folks think that rules are bad. > > others think that susan is bad or that merit is > > bad. some say that rules are ok if the community > > has visibility and ultimate control. > > I'd add: if people don't like NANOG, demand a full > refund for your year's membership. Then go set up > your own mail-server and work out your own > moderation policies. If you do a better job, you'll > win clueful subscribers. It isn't we don't like NANOG, it's obvious we all do or we wouldn't be here. It's we don't want the clueful folks eliminated. It reduces the S of the list and has little effect on N. There is very little chance someone's going to start a new NOG list and get the quality of folks that're here. Folks have too much time invested here. The question is, as Paul proposed, how can we get the community more visibility into the process of banishment and more control over who is banned? How long are randy and the other cluefolks banned for? (no I don't expect an answer...) __ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com
Re: Banned on NANOG
On Mon, 6 Dec 2004, Hannigan, Martin wrote: You expect? Bill, nothing personal, but your S:N is 0:6 at this point. Not one single op post ever. No meeting attendance. Not one answered technical question. How about earning a few stripes before making demands of NANOG? Srh may be in need of a config change, but she's one of us. Show some respect. Actually, that's incorrect. I've been in the underside of network ops for years. Just because you've personally never seen me, just as I was unaware of who Susan was, makes neither of us nonexistant. I'm as much a user of this list as you are, and if you look carefully, you'll see some posts with my name in them, because I was having an offlist conversation with someone who posted a chunk of it back. I can appreciate what you're saying, but on the same token, this list is as much a tool to do my job as any code or policy I've ever written. To paraphrase the Vix, what I've said doesn't matter, it's what I'm saying that's important. If you'd *prefer* I keep my cantankerous carcass in the public light, I guess I could make some posts. But given my posting habits and bad people skills, I think it's best that I don't, and I'm perfectly fine to lurk. Those on the list who do know me and work/have worked with me would probably agree with me. As I said before, I'm not a routing engineer, nor representative of a large provider. I do, however, work for a reasonably large network traffic consumer and have to be aware of external conditions and issues, as well as developing technologies, legislation, and trends. I have no idea what you do, other than that shiny domain on your email address, but I'm not going to make the assumption that you're useless and have no place here, simply because I don't know you personally. I don't think my expectation for a response for adjustment of the charter to make moderation, well, moderate, is unreasonable. We're all professionals here, aren't we? As for my S/N ratio, not a single post I've made yet has been offtopic, and apply directly to the lists functional operation, if you want to nitpick. I just want it fixed before all the clue leaks out. - billn
Re: Banned on NANOG
You expect? Bill, nothing personal, but your S:N is 0:6 at this point. Not one single op post ever. No meeting attendance. Not one answered technical question. How about earning a few stripes before making demands of NANOG? Srh may be in need of a config change, but she's one of us. Show some respect. /plonk -M --- Martin Hannigan [EMAIL PROTECTED] Verisign, Inc. -Original Message- From: [EMAIL PROTECTED] <[EMAIL PROTECTED]> To: J.D. Falk <[EMAIL PROTECTED]> CC: my network has a second name, it's n-a-n-o-g <[EMAIL PROTECTED]> Sent: Sun Dec 05 00:09:58 2004 Subject: Re: Banned on NANOG On Sat, 4 Dec 2004, J.D. Falk wrote: > On 12/04/04, Patrick W Gilmore <[EMAIL PROTECTED]> wrote: > >> I also think that makes it nearly impossible to run a good, informative >> list. Certainly FAR more difficult than just leaving the list >> completely unmoderated. I do not believe anyone here would argue those >> points either (besides, obviously, the moderator herself). > > ...who has been silent during this whole debate, which only > serves to feed the flames (and the flamers) as we all make wild > guesses regarding motive and intent. My last email contained an explicit request for a responst. I expect to see one. - billn
Bangladesh gets itself an IXP
http://www.bdix.net looks quite good to me. Open peering, with over 10 local ISPs peering there. What a change from the joke that is NIXI (www.nixi.org) in India .. srs (depressed)
Re: LG close to MCI Japan anyone?
Elmar K. Bins wrote: I'm currently searching for a looking glass close to AS703 in Japan. Unfortunately, JPIX doesn't offer one (would have been to easy anyway). http://neptune.dti.ad.jp/
LG close to MCI Japan anyone?
Hi there, I'm currently searching for a looking glass close to AS703 in Japan. Unfortunately, JPIX doesn't offer one (would have been to easy anyway). Any pointers? Yours, Elmar. PS: Whoever maintains traceroute.org and is on the list: Very many of the listed RS and LGs are offline and some have been for quite a while.
Re: Bogon filtering (don't ban me)
> The whole point that started this discussion is that bogon filtering is > HARMFUL a good part of the time. This may be so, but there are things that you can do with an up to date bogon feed other than filtering. That's why I suggested that BGP may not be the best form for the feed but for some reason LDAP is feared by people who don't run mailservers or large LANs. For instance, if you reflect all incoming BGP announcements into a management system then that system could compare them with an up-to-date bogin feed and alert the ops staff when questionable announcements are seen. Or it could trigger additional data collection to be used in network forensics. The point is that the bogon feed doesn't need to be hooked directly into your routers. This is what Patrick Gilmore does, i.e. he takes the bogon feed into a managenment system, generates an ACL and then periodically applies the ACL to his routers. Presumably that ACL gets checked by a clueful person before it goes out. Perhaps what we really need here is a BCP document that describes the ways in which a bogon feed can be integrated into network operations. If you do RPF, then maybe it's not needed for blocking traffic but you still might like to know who is trying to announce these bogon blocks to you. --Michael Dillon
