Re: panix hijack press

[Matthew Sullivan]

Thornton wrote:
a user can lock a domain..they can login to the control panel for there
registrar and select registrar lock, registrar-lock, or lock and i am
sure there are other registrars that word it even differently. once you
select that it effectively locks your domain so it cant be transfered.
 

Erm...  please tell me where GANDI does this?...   I'd love to know 
(I'm sure there are others without locking facilities as well)

Regards,
Mat
(and I am aware that locking was available to panix.com)

Re: Regarding panix.com

[Matthew Sullivan]

Steve Sobol wrote:
Matthew Sullivan wrote:
What sort of support would you give a not-for-profit Org such as 
SORBS.net or an Org such as Spamhaus.org if our domains were hijacked 
maliciously (or not)?

Shouldn't matter, should it?
No, that was my point.
Regards,
Mat

Re: Registrar and registry backend processes.

[Stephane Bortzmeyer]

On Tue, Jan 18, 2005 at 05:08:18AM +0100,
 Lionel Elie Mamane [EMAIL PROTECTED] wrote 
 a message of 61 lines which said:

 Further, these options are not documented anywhere, 

In the man page of GNU whois :-)

When querying \fIwhois.denic.de\fP for domain names, the program will
automatically add the flags \fI-T dn,ace -C US-ASCII\fP.
.P

Remember that the whois protocol is a mess. May be IRIS will fix that.

RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19

[Rob Thomas]

Hi, Hank.

] How would this scale for say 200K routers?  2M?  -Hank

Dave Deitrich of Team Cymru will be presenting on this very
topic at the next NANOG.  Short answer:  We're ready when
you are.  :)

Thanks,
Rob.
-- 
Rob Thomas
http://www.cymru.com
Shaving with Occam's razor since 1999.

The Cidr Report

[cidr-report]

This report has been generated at Fri Jan 21 21:44:23 2005 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.

Check http://www.cidr-report.org/as4637 for a current version of this report.

Recent Table History
Date  PrefixesCIDR Agg
14-01-05149708  103062
15-01-05149634  103087
16-01-05149549  103118
17-01-05149515  103257
18-01-05149701  103146
19-01-05149753  103186
20-01-05149979  103368
21-01-05150315  103512


AS Summary
 18735  Number of ASes in routing system
  7671  Number of ASes announcing only one prefix
  1430  Largest number of prefixes announced by an AS
AS7018 : ATTW ATT WorldNet Services
  90147072  Largest address span announced by an AS (/32s)
AS721  : DNIC DoD Network Information Center


Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as 
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').

 --- 21Jan05 ---
ASnumNetsNow NetsAggr  NetGain   % Gain   Description

Table 15   1034984761331.5%   All ASes

AS18566  7657  75899.1%   CVAD Covad Communications
AS4134   834  200  63476.0%   CHINANET-BACKBONE
   No.31,Jin-rong Street
AS4323   825  232  59371.9%   TWTC Time Warner Telecom
AS721   1100  595  50545.9%   DNIC DoD Network Information
   Center
AS27364  460   34  42692.6%   ARMC Armstrong Cable Services
AS22773  429   19  41095.6%   CXA Cox Communications Inc.
AS6197   829  452  37745.5%   BNS-14 BellSouth Network
   Solutions, Inc
AS7018  1430 1085  34524.1%   ATTW ATT WorldNet Services
AS6478   486  146  34070.0%   ATTW ATT WorldNet Services
AS9929   342   35  30789.8%   CNCNET-CN China Netcom Corp.
AS1239   919  613  30633.3%   SPRN Sprint
AS17676  391   89  30277.2%   JPNIC-JP-ASN-BLOCK Japan
   Network Information Center
AS22909  418  125  29370.1%   CMCS Comcast Cable
   Communications, Inc.
AS4766   560  278  28250.4%   KIXS-AS-KR Korea Telecom
AS21502  2763  27398.9%   ASN-NUMERICABLE NUMERICABLE is
   a cabled network in France,
AS14654  2637  25697.3%   WAYPOR-3 Wayport
AS9443   366  121  24566.9%   INTERNETPRIMUS-AS-AP Primus
   Telecommunications
AS6140   377  134  24364.5%   IMPSA ImpSat
AS4355   300   64  23678.7%   ERSD EARTHLINK, INC
AS9583   572  340  23240.6%   SIFY-AS-IN Sify Limited
AS25844  242   16  22693.4%   SASMFL-2 Skadden, Arps, Slate,
   Meagher  Flom LLP
AS2386   848  626  22226.2%   ADCS-1 ATT Data
   Communications Services
AS6198   446  224  22249.8%   BNS-14 BellSouth Network
   Solutions, Inc
AS15270  245   32  21386.9%   PDP-14 PaeTec.net -a division
   of PaeTecCommunications, Inc.
AS3602   302  106  19664.9%   SPCA Sprint Canada Inc.
AS5668   429  235  19445.2%   CIH-12 CenturyTel Internet
   Holdings, Inc.
AS1580   197   13  18493.4%   DNIC DoD Network Information
   Center
AS6517   304  121  18360.2%   YIPS Yipes Communications,
   Inc.
AS19632  1919  18295.3%   Metropolis Intercom
AS9498   234   54  18076.9%   BBIL-AP BHARTI BT INTERNET
   LTD.

Total  15380 6015 936560.9%   Top 30 total


Possible Bogus Routes

24.246.0.0/17AS7018  ATTW ATT WorldNet Services
24.246.38.0/24   AS25994 NPGCAB NPG Cable, INC
24.246.128.0/18  AS7018  ATTW ATT WorldNet Services
64.17.32.0/24AS5024  BRIDGE-75 BridgeNet, LC
64.17.33.0/24AS5024  BRIDGE-75 BridgeNet, LC
64.17.37.0/24AS5024  BRIDGE-75 BridgeNet, LC
64.46.27.0/24AS8674  NETNOD-IX Netnod Internet 

RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19

[Fergie (Paul Ferguson)]

As someone who used to do a great deal of managed network
services, I can certainly attest to that.

- ferg

-- Christopher L. Morrow [EMAIL PROTECTED] wrote:

On Thu, 20 Jan 2005, James Laszko wrote:


 Well, if the router CAN run BGP, the feed from Cymru is only about 84
 prefixes - not a lot of memory tied up there, is there?


my point was that not all managed routers, the majority actually, can't
and don't run BGP. their code doesn't even support bgp...

--
Fergie, a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 [EMAIL PROTECTED] or
 [EMAIL PROTECTED]

RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19

[Michael . Dillon]

  Well, if the router CAN run BGP, the feed from Cymru is only about 84
  prefixes - not a lot of memory tied up there, is there?

Not a very wise solution. If hundreds of thousands of routers
take this feed from Cymru, then it won't be long
before someone attacks Cymru in order to control
the feed. And given the upsurge in criminal activity
related to network abuse, the danger to Cymru is not
just from network exploits. The principals could
find themselves looking at a gun barrel in their
face with their families held hostage. It is very
unwise to push people towards creating a new single
point of failure (or single attack point) in the
Internet.

 my point was that not all managed routers, the majority actually, can't
 and don't run BGP. their code doesn't even support bgp...

Thankfully this is true. However, the majority
of managed routers are managed by servers/workstations
which *ARE* capable of running BGP as well as
scripts to compare ACLS and alert staff when 
inconsistencies are discovered.

The prudent course of action is to encourage 
people to take the Cymru feed into their
*management systems* and use that feed to vet
their current ACLs or BGP filters. This extra 
layer of indirection actually strengthens the
system and protects Cymru from becoming too
important.

--Michael Dillon

Re: Registrar and registry backend processes.

[Edward Lewis]

At 10:32 AM +0100 1/21/05, Stephane Bortzmeyer wrote:
Remember that the whois protocol is a mess. May be IRIS will fix that.
For those concerned with IRIS, please take time to review the 
documents listed at the bottom of this page:
   http://www.ietf.org/html.charters/crisp-charter.html

RFCs 3981, 3982, 3983 represent the review of the entire IETF 
(tacitly by most).  Although these are permanent documents, it is 
never too late to read and comment on them.  Revisions happen.

The document for the RIR's (ARIN, et.al.) hasn't completed its 
review, it can be seen at:
  http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-areg-09.txt
and there's a related draft at:
  http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-areg-urires-00.txt

It's never too late to comment on a protocol, although it maybe too 
late to comment on a document. ;)
--
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
Edward Lewis+1-571-434-5468
NeuStar

A noble spirit embiggens the smallest man. - Jebediah Springfield

Weekly Routing Table Report

[Routing Table Analysis]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to [EMAIL PROTECTED]

If you have any comments please contact Philip Smith [EMAIL PROTECTED].

Routing Table Report   04:00 +10GMT Sat 22 Jan, 2005

Analysis Summary


BGP routing table entries examined:  155157
Prefixes after maximum aggregation:   90262
Unique aggregates announced to Internet:  74120
Total ASes present in the Internet Routing Table: 18844
Origin-only ASes present in the Internet Routing Table:   16362
Origin ASes announcing only one prefix:7675
Transit ASes present in the Internet Routing Table:2482
Transit-only ASes present in the Internet Routing Table: 78
Average AS path length visible in the Internet Routing Table:   4.5
Max AS path length visible:  19
Prefixes from unregistered ASNs in the Routing Table: 5
Special use prefixes present in the Routing Table:0
Prefixes being announced from unallocated address space: 16
Number of addresses announced to Internet:   1368386088
Equivalent to 81 /8s, 143 /16s and 234 /24s
Percentage of available address space announced:   36.9
Percentage of allocated address space announced:   59.7
Percentage of available address space allocated:   61.9
Total number of prefixes smaller than registry allocations:   72674

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:30684
Total APNIC prefixes after maximum aggregation:   14870
Prefixes being announced from the APNIC address blocks:   28712
Unique aggregates announced from the APNIC address blocks:14618
APNIC Region origin ASes present in the Internet Routing Table:2188
APNIC Region origin ASes announcing only one prefix:647
APNIC Region transit ASes present in the Internet Routing Table:325
Average APNIC Region AS path length visible:4.4
Max APNIC Region AS path length visible: 16
Number of APNIC addresses announced to Internet:  171804544
Equivalent to 10 /8s, 61 /16s and 135 /24s
Percentage of available APNIC address space announced: 78.4

APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
   23552-24575
APNIC Address Blocks   58/7, 60/7, 202/7, 210/7, 218/7, 220/7 and 222/8

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes: 87123
Total ARIN prefixes after maximum aggregation:52178
Prefixes being announced from the ARIN address blocks:65773
Unique aggregates announced from the ARIN address blocks: 24084
ARIN Region origin ASes present in the Internet Routing Table: 9824
ARIN Region origin ASes announcing only one prefix:3546
ARIN Region transit ASes present in the Internet Routing Table: 970
Average ARIN Region AS path length visible: 4.3
Max ARIN Region AS path length visible:  16
Number of ARIN addresses announced to Internet:   239481856
Equivalent to 14 /8s, 70 /16s and 52 /24s
Percentage of available ARIN address space announced:  71.4

ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106
   2138-2584, 2615-2772, 2823-2829, 2880-3153
   3354-4607, 4865-5119, 5632-6655, 6912-7466
   7723-8191, 10240-12287, 13312-15359, 16384-17407
   18432-20479, 21504-23551, 25600-26591,
   26624-27647,29695-30719, 31744-33791
ARIN Address Blocks24/8, 63/8, 64/6, 68/7, 70/7, 72/8, 198/7, 204/6,
   208/7 and 216/8

RIPE Region Analysis Summary


Prefixes being announced by RIPE Region ASes: 29208
Total RIPE prefixes after maximum aggregation:20133
Prefixes being announced from the RIPE address blocks:26177
Unique aggregates announced from the RIPE address blocks: 17156
RIPE Region origin ASes present in the Internet Routing Table: 6248
RIPE Region origin ASes announcing only one prefix:3338
RIPE Region transit ASes present in the Internet Routing Table:1060
Average RIPE Region AS path length visible: 5.1
Max RIPE Region AS path length visible:  19
Number of RIPE addresses announced to Internet:   185679936
Equivalent to 11 /8s, 17 /16s and 64 /24s
Percentage 

INOC-DBA setup help?

[matthew zeier]

If this is OT, my apologies.
Trying to setup an INOC-DBA account after it was mentioned here a couple 
weeks back.  I'm stuck after setting up a user account waiting for the 
organization's admin (me) to approve it.

[EMAIL PROTECTED] hasn't responded to any of my emails but I don't know how 
active that address is.  Is this still a live service?  If it's simply a 
matter of waiting more than four some weeks and I'm  not patient enough, let 
me know :)

- mz

--
matthew zeier - Curiosity is a willing, a proud, an eager confession
of ignorance. - Leonard Rubenstein

GSLB advice

[Matt Bazan]

We're looking to dip our toes into the global server load balancing
arena and I'd like to get your advice on the following:

1)  For those of you running a GLSB solution do you perform this 'in
house' or is it outsourced?
2)  If running in-house, what gear do you use and how satisfied with it
have you been?

Thanks group,

  Matt 

Re: INOC-DBA setup help?

[Gaurab Raj Upadhaya]

Hi folks

since i am the current operator, feel free to write directly to me if  you 
don't get a response in 36-48 hours. 

 
 [EMAIL PROTECTED] hasn't responded to any of my emails but I don't know how 
 active that address is.  Is this still a live service?  If it's simply a 


thanks


-- gaurab 


/+9779851038080

Re: INOC-DBA setup help?

[John Payne]

On Jan 21, 2005, at 1:14 PM, matthew zeier wrote:
If this is OT, my apologies.
Trying to setup an INOC-DBA account after it was mentioned here a 
couple weeks back.  I'm stuck after setting up a user account waiting 
for the organization's admin (me) to approve it.

[EMAIL PROTECTED] hasn't responded to any of my emails but I don't know 
how active that address is.  Is this still a live service?  If it's 
simply a matter of waiting more than four some weeks and I'm  not 
patient enough, let me know :)
I haven't had a problem dealing with [EMAIL PROTECTED] but there's also a 
mailing list linked off the inoc-dba documentation page which would be 
more ontopic than nanog.

Re: GSLB advice

[Richard J. Sears]

Hi Matt - 

We use F5 (3DNS) equipment to do this for our customers.


On Fri, 21 Jan 2005 10:17:20 -0800
Matt Bazan [EMAIL PROTECTED] wrote:

 
 We're looking to dip our toes into the global server load balancing
 arena and I'd like to get your advice on the following:
 
 1)  For those of you running a GLSB solution do you perform this 'in
 house' or is it outsourced?
 2)  If running in-house, what gear do you use and how satisfied with it
 have you been?
 
 Thanks group,
 
   Matt 


**
Richard J. Sears
Vice President 
American Internet Services  

[EMAIL PROTECTED]
http://www.adnc.com

858.576.4272 - Phone
858.427.2401 - Fax
INOC-DBA - 6130


I fly because it releases my mind 
from the tyranny of petty things . . 


Work like you don't need the money, love like you've
never been hurt and dance like you do when nobody's
watching.

Major AboveNet problems?

[Chris A. Epler]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anyone have any details on what is going on with AboveNet?  Evidently
something major but our support contacts didn't have a lot of details,
said there'd be something out later this afternoon about it.  Wondering
if others are experiencing problems with them.
- --
~ /\
~ \ / ASCII RIBBON CAMPAIGN
~  XAGAINST HTML MAIL
~ / \
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.6 (GNU/Linux)
iD8DBQFB8U0/25hr1at2zS8RApGYAJ9DosyIFlaCoR/vjWj4QYJyYhcVkQCgj6Db
y16tFmLYkDM/jep4Ug9t1Vs=
=i27H
-END PGP SIGNATURE-

Re: Major AboveNet problems?

[David A . Ulevitch]

On Jan 21, 2005, at 10:43 AM, Chris A. Epler wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Anyone have any details on what is going on with AboveNet?  Evidently
something major but our support contacts didn't have a lot of details,
said there'd be something out later this afternoon about it.  Wondering
if others are experiencing problems with them.
We received this totally ambiguous and non-specific message this 
morning:
Dear Valued Customer,
We are currently experiencing network
connectivity issues.  These issues began at
04:00am (EST).  We are investigating the cause
and will continue to keep you updated as to the
progress and resolution of this event.
If you have any further questions or concerns,
please feel free to call the AboveNet 24x7 NMC.
The number to call is as follows: 1 (877) 226-
8363 or 1 (877) ABOVENET or locally at (408) 350-
6673 or internationally at 001 (408)350-6673.
Thank you,
AboveNet Client Services
Note: If you wish to be removed from the CNS
(Customer Notification List), please respond to
this email with Remove as the subject.
I ignored it since our connectivity from multiple points all seem 
pretty reasonable...

-davidu

Re: Major AboveNet problems?

[Jon Lewis]

On Fri, 21 Jan 2005, David A.Ulevitch wrote:

 We received this totally ambiguous and non-specific message this
 morning:

We got the same thing.  According to Cricket BGP update graphs, we had
some AboveNet route flapping at about 3:15AM and again from about
4:00-4:30AM EST.  There were some much smaller bursts of updates around
11:15AM...but I haven't noticed any connectivity issues.

--
 Jon Lewis   |  I route
 Senior Network Engineer |  therefore you are
 Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: GSLB advice

[Bjorn Townsend]

On Fri, 21 Jan 2005 10:17:20 -0800, Matt Bazan [EMAIL PROTECTED] wrote:
 
 We're looking to dip our toes into the global server load balancing
 arena and I'd like to get your advice on the following:
 
 1)  For those of you running a GLSB solution do you perform this 'in
 house' or is it outsourced?

I storngly recommend F5's 3DNS product, but then I'm an F5 engineer,
so I may be somewhat biased. ;)

That being said, if you have any specific questions about 3DNS or
wide-area load balancing in general, feel free to contact me offlist.

-- 
Bjorn Townsend | [EMAIL PROTECTED]

Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19

[Joel Aelwyn]

On Fri, Jan 21, 2005 at 09:01:13AM +0200, Hank Nussbacher wrote:
 
 On Thu, 20 Jan 2005, James Laszko wrote:
 
  Well, if the router CAN run BGP, the feed from Cymru is only about 84
  prefixes - not a lot of memory tied up there, is there?
 
 I am *not* talking about the leaf - rather the core.  I am curious what
 resources are needed to manage 200K BGP peers other than 200K IP
 addresses.  Is there an IOS limit on the number of BGP peers?  Memory?
 
 -Hank

I can't comment on that, but it strikes me that it might be a fairly
non-optimal solution, for the simple reason that we're talking about a
small, low-delta, highly-distributed feed where session state is going
to eat most of your CPU and memory, but any *one* session is unlikely to
really need much except keepalives. And, of course, no need to actually
route anything.

Sounds like an excellent thing to throw commodity (OK, probably rackmount,
but still) PC hardware at (potentially in clusters, I haven't looked into
what the memory/CPU load of sessions boil down to on recent versions of
BGP-capable software that runs on such).
-- 
***
Joel Aelwyn  System Administrator - lightbearer.com
[EMAIL PROTECTED]  http://users.lightbearer.com/lucifer/


signature.asc
Description: Digital signature

Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19

[Bill Stewart]

On Thu, 20 Jan 2005 20:16:14 +0530, Suresh Ramasubramanian
[EMAIL PROTECTED] wrote:
 Analogies suck, but look at (for example) Norton AntiVirus.  You pay
 for a year of virus definition updates.  Then when the year runs out,
 Symantec is not going to give you a single new virus definition even
 if there's a new worm around that dwarfs Sobig, Klez and all the other
 viruses put together ...  I can see brand C following a similar
 strategy with their bogon updates.

The problem with this analogy is that the failure modes are opposite.
Once something is a virus, it stays a virus, so keeping it in your
virus file forever is fine;
all you miss are the new viruses.
But once something is a bogon, it doesn't stay a bogon; it eventually
will get used,
unless the Great IPv6 Revolution catches up with us first.
A slightly more conservative approaches is to not list the next couple
of address blocks
as bogons, but that just means that problems will occur six months
later when everybody's forgotten to update them.

 Thanks; Bill

Note that this isn't my regular email account - It's still experimental so far.
And Google probably logs and indexes everything you send it.

FW: Graphing Peering

[Daniel Golding]

Additional information on MAC accounting from Hakan Lindholm...

(specifically, the SNMPv2c object to pull 64bit MAC accounting counters)

- Dan

-- Forwarded Message
From: Hakan Lindholm [EMAIL PROTECTED]
Date: Fri, 21 Jan 2005 20:36:45 +0100 (CET)
To: Daniel Golding [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED], andrew matthews [EMAIL PROTECTED]
Subject: Re: Graphing Peering

I'm not registerred to post on nanog.
You may send this info in, with or without quoting me..

On Thu, 20 Jan 2005, Daniel Golding wrote:


 Andrew,

 The 32 bit counters are a significant problem when using gigabit ethernet
 public peering interfaces. Needless to say, MAC accounting was not designed
 for gigabit speeds. Frequent polling is, sadly the only solution. If you
 write your own scripts, make sure to account for counter wrapping.

What about the .1.3.6.1.4.1.9.9.84.1.2.3.1.2 tree?
Remeber to use SNMPv2c.

We use the following to generate some MRTG config:


while (!$session-{ErrorStr} and
$$vars[0]-tag eq ipNetToMediaNetAddress){

 if ($type eq dynamic) {

 @mac = split(/:/, $mac);
 $decmac = join('.', hex $mac[0], hex $mac[1], hex $mac[2], hex
$mac[3], hex $mac[4], hex $mac[5]);
 ($iname, @junk) = gethostbyaddr( pack( C4, split( \\., $ip )),
AF_INET );

 if (-z $iname) {$iname = $ip};
 if (!defined($peers{$ip})) {$peers{$ip} = no BGP peer};

 $ifi = $ix{$router}[1];

 print \n;
 print Target\[$ip\]:
1.3.6.1.4.1.9.9.84.1.2.3.1.2.$ifi.1.$decmac\1.3.6.1.4.1.9.9.84.1.2.3.1.2.$i
fi.2.$decmac:[EMAIL PROTECTED]:2\n,

 MaxBytes\[$ip\]: 2500\n,
 Title\[$ip\]: $ix{$router}[0]: $peers{$ip}\n,
 PageTop\[$ip\]: H1$ix{$router}[0]: $peers{$ip}/H1\n,
 \tIP: $ip, DNS: , $iname, \n;
 }
 ($ip,$mac,$type) = $session-getnext($vars);
};

(This is only part of the script.  You should make it work in your
environment quite easy though.)


 - Dan

 on 1/20/05 9:45 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote:


 On Wed, 2005-01-19 at 22:41, andrew matthews wrote:

 Another problem you might run into is counter wrapping. When polling
 every 5 minutes, some counters may wrap. (there is no 64 bit counter for
 the mac-address accounting). So you have to run it in short timeframes,
 causing more cpu utilization.

Talking about Cisco, see above.  There is such counters.


 But all in all, mac-accounting and Netflow source-as give you a very
 good overview of your network flows.

Yes indeed.

/H

-- End of Forwarded Message

RE: Major AboveNet problems?

[K. Scott Bethke]

I saw the Above.Net issue and noticed that Glbx is taking an emergency
maintenance window for tomorrow morning to upgrade router software on ALL
routers (nice).  I wonder if this is related since both networks use
Juniper.  If anyone has info to share, it would be on-topic I think :)

-Scott Bethke

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
 Chris A. Epler
 Sent: Friday, January 21, 2005 1:43 PM
 To: nanog@merit.edu
 Subject: Major AboveNet problems?
 
 
 -BEGIN PGP SIGNED MESSAGE-
 Hash: SHA1
 
 Anyone have any details on what is going on with AboveNet?  Evidently
 something major but our support contacts didn't have a lot of details,
 said there'd be something out later this afternoon about it.  Wondering
 if others are experiencing problems with them.
 
 - --
 ~ /\
 ~ \ / ASCII RIBBON CAMPAIGN
 ~  XAGAINST HTML MAIL
 ~ / \
 -BEGIN PGP SIGNATURE-
 Version: GnuPG v1.2.6 (GNU/Linux)
 
 iD8DBQFB8U0/25hr1at2zS8RApGYAJ9DosyIFlaCoR/vjWj4QYJyYhcVkQCgj6Db
 y16tFmLYkDM/jep4Ug9t1Vs=
 =i27H
 -END PGP SIGNATURE-

radius question

[snort bsd]

hi:

are authentication packets between routers and radius
servers encrypted or clear-text?

Thanks

dave_au





__ 
Do you Yahoo!? 
Meet the all-new My Yahoo! - Try it today! 
http://my.yahoo.com 
 

Re: radius question

[Robert Boyle]

At 06:14 PM 1/21/2005, you wrote:
are authentication packets between routers and radius
servers encrypted or clear-text?
All clear text, but passwords are sent as an MD5 hash which is the result 
of a shared secret on both the radius server and the router.

-Robert
Tellurian Networks - The Ultimate Internet Connection
http://www.tellurian.com | 888-TELLURIAN | 973-300-9211
Well done is better than well said. - Benjamin Franklin

Re: broke Inktomi floods?

[Vicky Rode]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
in-line:
Suresh Ramasubramanian wrote:
| Vicky Rode [EMAIL PROTECTED] wrote:
|
|
|not sure if spiders falls under spam or ddos bracket when they
|repeatedly start hammering one's network. you could possible report to
|spamcop (*grin*) to get a quicker response. spamcom hasn't been accurate
|in some instances :-)
|
|
| Er.. just what would you report to spamcop, and what would spamcop do
with your
| reports?
- --
that's why i asked, this type of behavior falls under what abuse terms?
|
|
|do you remember this incident,
http://www.cs.wisc.edu/~plonka/netgear-sntp/
|
|
| Not very new .. broken apps which keep hammering on a resource for
some reason
| are a fairly regular feature of the internet.
- -
doesn't mean that it shouldn't be blocked/reported.

regards,
/vicky
|
|   srs
|
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB8a1ipbZvCIJx1bcRAmOrAKCnCHmj72VsJIec/CsA0JBjkbGdCACgi9BB
N20N5nuLVPFN5+bYVF3k7pY=
=BwbD
-END PGP SIGNATURE-

Multi-Router Looking Glass (MRLG) Version 5.1.0 has been released

[John Fraizer]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

The latest release of the Multi-Router Looking Glass (MRLG) is now
available at: ftp://ftp.enterzone.net/looking-glass/CURRENT/
You can see it in action at http://www.ip-guru.com/mrlg/
There are patches available to patch from version 4.3.0 to 5.0.0 and
then from 5.0.0 to 5.1.0.  If you are running a version of MRLG prior to
4.3.0 it is extremely important that you upgrade.
Some of the updates are listed below.
Multi-Router Looking Glass Version 5.1.0
Tue Jan 18 08:40:30 EST 2005
Multi-Router Looking Glass allows network administrators to execute
commands on multiple routers via a nice web interface.
Changes for version 5.1.0
* Implemented Net::SSH::Perl routines to allow SSH access to routers.
* Added debug routines to code to aid in debugging config file when
adding a new router.
* Changed code to set $login_user to 'no_login_user_defined' if
'login_user' is not set in config file. *Change required by SSH routines.
* Changed code to set $login_pass to 'no_login_pass_defined' if
'login_pass' is not set in config file. *Change required by SSH routines.
* Cleaned up code to allow easier modification/debugging.
* Added 'use_ssh' config parameter to config file to tell MRLG to use SSH.
* Added 'use_port' config parameter to config file to tell MRLG to use a
specific port for all connections to a specific router.  If you're
configuring MRLG for Cisco routers, you'll appreciate this one as it
will make your config file much shorter!
* Added 'debug' config parameter to config file to tell MRLG to output
debug information for a specific router.
* Added $::writable_directory config parameter to config file to tell
MRLG where to store the known_hosts file that is created by
Net::SSH::Perl when an SSH connection is used.
Changes for version 5.0.0
* Integrated patch supplied by Jeff Barrow to support username/password
authentication for devices that require a username to log in.
* Upgraded code to use Net::Telnet::Cisco.
* Added a few !-- -- tags for Google-bait so I can look and see how
many people are running my code. Please leave these in place.  I get a
kick out of seeing all of the different networks that use this code.
* More features coming soon - IE; SSH support!

-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQFB8bS1NnFN6q2MXL4RAkDrAJ4swg36K/fwqwPdQX1sBn3fy/wmiQCfTNYx
Stz8zj7j+He6LzV8eH/rEHo=
=aJow
-END PGP SIGNATURE-

Re: broke Inktomi floods?

[Suresh Ramasubramanian]

On Fri, 21 Jan 2005 17:33:22 -0800, Vicky Rode [EMAIL PROTECTED] wrote:
 that's why i asked, this type of behavior falls under what abuse terms?
 
 doesn't mean that it shouldn't be blocked/reported.

Block - you have enable on your routers and can do everything from
access list 101 deny to something fancier like NBAR to block just
these queries.

-- 
Suresh Ramasubramanian ([EMAIL PROTECTED])