Re: panix hijack press
Thornton wrote: a user can lock a domain..they can login to the control panel for there registrar and select registrar lock, registrar-lock, or lock and i am sure there are other registrars that word it even differently. once you select that it effectively locks your domain so it cant be transfered. Erm... please tell me where GANDI does this?... I'd love to know (I'm sure there are others without locking facilities as well) Regards, Mat (and I am aware that locking was available to panix.com)
Re: Regarding panix.com
Steve Sobol wrote: Matthew Sullivan wrote: What sort of support would you give a not-for-profit Org such as SORBS.net or an Org such as Spamhaus.org if our domains were hijacked maliciously (or not)? Shouldn't matter, should it? No, that was my point. Regards, Mat
Re: Registrar and registry backend processes.
On Tue, Jan 18, 2005 at 05:08:18AM +0100, Lionel Elie Mamane [EMAIL PROTECTED] wrote a message of 61 lines which said: Further, these options are not documented anywhere, In the man page of GNU whois :-) When querying \fIwhois.denic.de\fP for domain names, the program will automatically add the flags \fI-T dn,ace -C US-ASCII\fP. .P Remember that the whois protocol is a mess. May be IRIS will fix that.
RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
Hi, Hank. ] How would this scale for say 200K routers? 2M? -Hank Dave Deitrich of Team Cymru will be presenting on this very topic at the next NANOG. Short answer: We're ready when you are. :) Thanks, Rob. -- Rob Thomas http://www.cymru.com Shaving with Occam's razor since 1999.
The Cidr Report
This report has been generated at Fri Jan 21 21:44:23 2005 AEST. The report analyses the BGP Routing Table of an AS4637 (Reach) router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org/as4637 for a current version of this report. Recent Table History Date PrefixesCIDR Agg 14-01-05149708 103062 15-01-05149634 103087 16-01-05149549 103118 17-01-05149515 103257 18-01-05149701 103146 19-01-05149753 103186 20-01-05149979 103368 21-01-05150315 103512 AS Summary 18735 Number of ASes in routing system 7671 Number of ASes announcing only one prefix 1430 Largest number of prefixes announced by an AS AS7018 : ATTW ATT WorldNet Services 90147072 Largest address span announced by an AS (/32s) AS721 : DNIC DoD Network Information Center Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 21Jan05 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 15 1034984761331.5% All ASes AS18566 7657 75899.1% CVAD Covad Communications AS4134 834 200 63476.0% CHINANET-BACKBONE No.31,Jin-rong Street AS4323 825 232 59371.9% TWTC Time Warner Telecom AS721 1100 595 50545.9% DNIC DoD Network Information Center AS27364 460 34 42692.6% ARMC Armstrong Cable Services AS22773 429 19 41095.6% CXA Cox Communications Inc. AS6197 829 452 37745.5% BNS-14 BellSouth Network Solutions, Inc AS7018 1430 1085 34524.1% ATTW ATT WorldNet Services AS6478 486 146 34070.0% ATTW ATT WorldNet Services AS9929 342 35 30789.8% CNCNET-CN China Netcom Corp. AS1239 919 613 30633.3% SPRN Sprint AS17676 391 89 30277.2% JPNIC-JP-ASN-BLOCK Japan Network Information Center AS22909 418 125 29370.1% CMCS Comcast Cable Communications, Inc. AS4766 560 278 28250.4% KIXS-AS-KR Korea Telecom AS21502 2763 27398.9% ASN-NUMERICABLE NUMERICABLE is a cabled network in France, AS14654 2637 25697.3% WAYPOR-3 Wayport AS9443 366 121 24566.9% INTERNETPRIMUS-AS-AP Primus Telecommunications AS6140 377 134 24364.5% IMPSA ImpSat AS4355 300 64 23678.7% ERSD EARTHLINK, INC AS9583 572 340 23240.6% SIFY-AS-IN Sify Limited AS25844 242 16 22693.4% SASMFL-2 Skadden, Arps, Slate, Meagher Flom LLP AS2386 848 626 22226.2% ADCS-1 ATT Data Communications Services AS6198 446 224 22249.8% BNS-14 BellSouth Network Solutions, Inc AS15270 245 32 21386.9% PDP-14 PaeTec.net -a division of PaeTecCommunications, Inc. AS3602 302 106 19664.9% SPCA Sprint Canada Inc. AS5668 429 235 19445.2% CIH-12 CenturyTel Internet Holdings, Inc. AS1580 197 13 18493.4% DNIC DoD Network Information Center AS6517 304 121 18360.2% YIPS Yipes Communications, Inc. AS19632 1919 18295.3% Metropolis Intercom AS9498 234 54 18076.9% BBIL-AP BHARTI BT INTERNET LTD. Total 15380 6015 936560.9% Top 30 total Possible Bogus Routes 24.246.0.0/17AS7018 ATTW ATT WorldNet Services 24.246.38.0/24 AS25994 NPGCAB NPG Cable, INC 24.246.128.0/18 AS7018 ATTW ATT WorldNet Services 64.17.32.0/24AS5024 BRIDGE-75 BridgeNet, LC 64.17.33.0/24AS5024 BRIDGE-75 BridgeNet, LC 64.17.37.0/24AS5024 BRIDGE-75 BridgeNet, LC 64.46.27.0/24AS8674 NETNOD-IX Netnod Internet
RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
As someone who used to do a great deal of managed network services, I can certainly attest to that. - ferg -- Christopher L. Morrow [EMAIL PROTECTED] wrote: On Thu, 20 Jan 2005, James Laszko wrote: Well, if the router CAN run BGP, the feed from Cymru is only about 84 prefixes - not a lot of memory tied up there, is there? my point was that not all managed routers, the majority actually, can't and don't run BGP. their code doesn't even support bgp... -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED]
RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
Well, if the router CAN run BGP, the feed from Cymru is only about 84 prefixes - not a lot of memory tied up there, is there? Not a very wise solution. If hundreds of thousands of routers take this feed from Cymru, then it won't be long before someone attacks Cymru in order to control the feed. And given the upsurge in criminal activity related to network abuse, the danger to Cymru is not just from network exploits. The principals could find themselves looking at a gun barrel in their face with their families held hostage. It is very unwise to push people towards creating a new single point of failure (or single attack point) in the Internet. my point was that not all managed routers, the majority actually, can't and don't run BGP. their code doesn't even support bgp... Thankfully this is true. However, the majority of managed routers are managed by servers/workstations which *ARE* capable of running BGP as well as scripts to compare ACLS and alert staff when inconsistencies are discovered. The prudent course of action is to encourage people to take the Cymru feed into their *management systems* and use that feed to vet their current ACLs or BGP filters. This extra layer of indirection actually strengthens the system and protects Cymru from becoming too important. --Michael Dillon
Re: Registrar and registry backend processes.
At 10:32 AM +0100 1/21/05, Stephane Bortzmeyer wrote: Remember that the whois protocol is a mess. May be IRIS will fix that. For those concerned with IRIS, please take time to review the documents listed at the bottom of this page: http://www.ietf.org/html.charters/crisp-charter.html RFCs 3981, 3982, 3983 represent the review of the entire IETF (tacitly by most). Although these are permanent documents, it is never too late to read and comment on them. Revisions happen. The document for the RIR's (ARIN, et.al.) hasn't completed its review, it can be seen at: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-areg-09.txt and there's a related draft at: http://www.ietf.org/internet-drafts/draft-ietf-crisp-iris-areg-urires-00.txt It's never too late to comment on a protocol, although it maybe too late to comment on a document. ;) -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar A noble spirit embiggens the smallest man. - Jebediah Springfield
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to [EMAIL PROTECTED] If you have any comments please contact Philip Smith [EMAIL PROTECTED]. Routing Table Report 04:00 +10GMT Sat 22 Jan, 2005 Analysis Summary BGP routing table entries examined: 155157 Prefixes after maximum aggregation: 90262 Unique aggregates announced to Internet: 74120 Total ASes present in the Internet Routing Table: 18844 Origin-only ASes present in the Internet Routing Table: 16362 Origin ASes announcing only one prefix:7675 Transit ASes present in the Internet Routing Table:2482 Transit-only ASes present in the Internet Routing Table: 78 Average AS path length visible in the Internet Routing Table: 4.5 Max AS path length visible: 19 Prefixes from unregistered ASNs in the Routing Table: 5 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space: 16 Number of addresses announced to Internet: 1368386088 Equivalent to 81 /8s, 143 /16s and 234 /24s Percentage of available address space announced: 36.9 Percentage of allocated address space announced: 59.7 Percentage of available address space allocated: 61.9 Total number of prefixes smaller than registry allocations: 72674 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:30684 Total APNIC prefixes after maximum aggregation: 14870 Prefixes being announced from the APNIC address blocks: 28712 Unique aggregates announced from the APNIC address blocks:14618 APNIC Region origin ASes present in the Internet Routing Table:2188 APNIC Region origin ASes announcing only one prefix:647 APNIC Region transit ASes present in the Internet Routing Table:325 Average APNIC Region AS path length visible:4.4 Max APNIC Region AS path length visible: 16 Number of APNIC addresses announced to Internet: 171804544 Equivalent to 10 /8s, 61 /16s and 135 /24s Percentage of available APNIC address space announced: 78.4 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 23552-24575 APNIC Address Blocks 58/7, 60/7, 202/7, 210/7, 218/7, 220/7 and 222/8 ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes: 87123 Total ARIN prefixes after maximum aggregation:52178 Prefixes being announced from the ARIN address blocks:65773 Unique aggregates announced from the ARIN address blocks: 24084 ARIN Region origin ASes present in the Internet Routing Table: 9824 ARIN Region origin ASes announcing only one prefix:3546 ARIN Region transit ASes present in the Internet Routing Table: 970 Average ARIN Region AS path length visible: 4.3 Max ARIN Region AS path length visible: 16 Number of ARIN addresses announced to Internet: 239481856 Equivalent to 14 /8s, 70 /16s and 52 /24s Percentage of available ARIN address space announced: 71.4 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 2138-2584, 2615-2772, 2823-2829, 2880-3153 3354-4607, 4865-5119, 5632-6655, 6912-7466 7723-8191, 10240-12287, 13312-15359, 16384-17407 18432-20479, 21504-23551, 25600-26591, 26624-27647,29695-30719, 31744-33791 ARIN Address Blocks24/8, 63/8, 64/6, 68/7, 70/7, 72/8, 198/7, 204/6, 208/7 and 216/8 RIPE Region Analysis Summary Prefixes being announced by RIPE Region ASes: 29208 Total RIPE prefixes after maximum aggregation:20133 Prefixes being announced from the RIPE address blocks:26177 Unique aggregates announced from the RIPE address blocks: 17156 RIPE Region origin ASes present in the Internet Routing Table: 6248 RIPE Region origin ASes announcing only one prefix:3338 RIPE Region transit ASes present in the Internet Routing Table:1060 Average RIPE Region AS path length visible: 5.1 Max RIPE Region AS path length visible: 19 Number of RIPE addresses announced to Internet: 185679936 Equivalent to 11 /8s, 17 /16s and 64 /24s Percentage
INOC-DBA setup help?
If this is OT, my apologies. Trying to setup an INOC-DBA account after it was mentioned here a couple weeks back. I'm stuck after setting up a user account waiting for the organization's admin (me) to approve it. [EMAIL PROTECTED] hasn't responded to any of my emails but I don't know how active that address is. Is this still a live service? If it's simply a matter of waiting more than four some weeks and I'm not patient enough, let me know :) - mz -- matthew zeier - Curiosity is a willing, a proud, an eager confession of ignorance. - Leonard Rubenstein
GSLB advice
We're looking to dip our toes into the global server load balancing arena and I'd like to get your advice on the following: 1) For those of you running a GLSB solution do you perform this 'in house' or is it outsourced? 2) If running in-house, what gear do you use and how satisfied with it have you been? Thanks group, Matt
Re: INOC-DBA setup help?
Hi folks since i am the current operator, feel free to write directly to me if you don't get a response in 36-48 hours. [EMAIL PROTECTED] hasn't responded to any of my emails but I don't know how active that address is. Is this still a live service? If it's simply a thanks -- gaurab /+9779851038080
Re: INOC-DBA setup help?
On Jan 21, 2005, at 1:14 PM, matthew zeier wrote: If this is OT, my apologies. Trying to setup an INOC-DBA account after it was mentioned here a couple weeks back. I'm stuck after setting up a user account waiting for the organization's admin (me) to approve it. [EMAIL PROTECTED] hasn't responded to any of my emails but I don't know how active that address is. Is this still a live service? If it's simply a matter of waiting more than four some weeks and I'm not patient enough, let me know :) I haven't had a problem dealing with [EMAIL PROTECTED] but there's also a mailing list linked off the inoc-dba documentation page which would be more ontopic than nanog.
Re: GSLB advice
Hi Matt - We use F5 (3DNS) equipment to do this for our customers. On Fri, 21 Jan 2005 10:17:20 -0800 Matt Bazan [EMAIL PROTECTED] wrote: We're looking to dip our toes into the global server load balancing arena and I'd like to get your advice on the following: 1) For those of you running a GLSB solution do you perform this 'in house' or is it outsourced? 2) If running in-house, what gear do you use and how satisfied with it have you been? Thanks group, Matt ** Richard J. Sears Vice President American Internet Services [EMAIL PROTECTED] http://www.adnc.com 858.576.4272 - Phone 858.427.2401 - Fax INOC-DBA - 6130 I fly because it releases my mind from the tyranny of petty things . . Work like you don't need the money, love like you've never been hurt and dance like you do when nobody's watching.
Major AboveNet problems?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anyone have any details on what is going on with AboveNet? Evidently something major but our support contacts didn't have a lot of details, said there'd be something out later this afternoon about it. Wondering if others are experiencing problems with them. - -- ~ /\ ~ \ / ASCII RIBBON CAMPAIGN ~ XAGAINST HTML MAIL ~ / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB8U0/25hr1at2zS8RApGYAJ9DosyIFlaCoR/vjWj4QYJyYhcVkQCgj6Db y16tFmLYkDM/jep4Ug9t1Vs= =i27H -END PGP SIGNATURE-
Re: Major AboveNet problems?
On Jan 21, 2005, at 10:43 AM, Chris A. Epler wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anyone have any details on what is going on with AboveNet? Evidently something major but our support contacts didn't have a lot of details, said there'd be something out later this afternoon about it. Wondering if others are experiencing problems with them. We received this totally ambiguous and non-specific message this morning: Dear Valued Customer, We are currently experiencing network connectivity issues. These issues began at 04:00am (EST). We are investigating the cause and will continue to keep you updated as to the progress and resolution of this event. If you have any further questions or concerns, please feel free to call the AboveNet 24x7 NMC. The number to call is as follows: 1 (877) 226- 8363 or 1 (877) ABOVENET or locally at (408) 350- 6673 or internationally at 001 (408)350-6673. Thank you, AboveNet Client Services Note: If you wish to be removed from the CNS (Customer Notification List), please respond to this email with Remove as the subject. I ignored it since our connectivity from multiple points all seem pretty reasonable... -davidu
Re: Major AboveNet problems?
On Fri, 21 Jan 2005, David A.Ulevitch wrote: We received this totally ambiguous and non-specific message this morning: We got the same thing. According to Cricket BGP update graphs, we had some AboveNet route flapping at about 3:15AM and again from about 4:00-4:30AM EST. There were some much smaller bursts of updates around 11:15AM...but I haven't noticed any connectivity issues. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: GSLB advice
On Fri, 21 Jan 2005 10:17:20 -0800, Matt Bazan [EMAIL PROTECTED] wrote: We're looking to dip our toes into the global server load balancing arena and I'd like to get your advice on the following: 1) For those of you running a GLSB solution do you perform this 'in house' or is it outsourced? I storngly recommend F5's 3DNS product, but then I'm an F5 engineer, so I may be somewhat biased. ;) That being said, if you have any specific questions about 3DNS or wide-area load balancing in general, feel free to contact me offlist. -- Bjorn Townsend | [EMAIL PROTECTED]
Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
On Fri, Jan 21, 2005 at 09:01:13AM +0200, Hank Nussbacher wrote: On Thu, 20 Jan 2005, James Laszko wrote: Well, if the router CAN run BGP, the feed from Cymru is only about 84 prefixes - not a lot of memory tied up there, is there? I am *not* talking about the leaf - rather the core. I am curious what resources are needed to manage 200K BGP peers other than 200K IP addresses. Is there an IOS limit on the number of BGP peers? Memory? -Hank I can't comment on that, but it strikes me that it might be a fairly non-optimal solution, for the simple reason that we're talking about a small, low-delta, highly-distributed feed where session state is going to eat most of your CPU and memory, but any *one* session is unlikely to really need much except keepalives. And, of course, no need to actually route anything. Sounds like an excellent thing to throw commodity (OK, probably rackmount, but still) PC hardware at (potentially in clusters, I haven't looked into what the memory/CPU load of sessions boil down to on recent versions of BGP-capable software that runs on such). -- *** Joel Aelwyn System Administrator - lightbearer.com [EMAIL PROTECTED] http://users.lightbearer.com/lucifer/ signature.asc Description: Digital signature
Re: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19
On Thu, 20 Jan 2005 20:16:14 +0530, Suresh Ramasubramanian [EMAIL PROTECTED] wrote: Analogies suck, but look at (for example) Norton AntiVirus. You pay for a year of virus definition updates. Then when the year runs out, Symantec is not going to give you a single new virus definition even if there's a new worm around that dwarfs Sobig, Klez and all the other viruses put together ... I can see brand C following a similar strategy with their bogon updates. The problem with this analogy is that the failure modes are opposite. Once something is a virus, it stays a virus, so keeping it in your virus file forever is fine; all you miss are the new viruses. But once something is a bogon, it doesn't stay a bogon; it eventually will get used, unless the Great IPv6 Revolution catches up with us first. A slightly more conservative approaches is to not list the next couple of address blocks as bogons, but that just means that problems will occur six months later when everybody's forgotten to update them. Thanks; Bill Note that this isn't my regular email account - It's still experimental so far. And Google probably logs and indexes everything you send it.
FW: Graphing Peering
Additional information on MAC accounting from Hakan Lindholm... (specifically, the SNMPv2c object to pull 64bit MAC accounting counters) - Dan -- Forwarded Message From: Hakan Lindholm [EMAIL PROTECTED] Date: Fri, 21 Jan 2005 20:36:45 +0100 (CET) To: Daniel Golding [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], andrew matthews [EMAIL PROTECTED] Subject: Re: Graphing Peering I'm not registerred to post on nanog. You may send this info in, with or without quoting me.. On Thu, 20 Jan 2005, Daniel Golding wrote: Andrew, The 32 bit counters are a significant problem when using gigabit ethernet public peering interfaces. Needless to say, MAC accounting was not designed for gigabit speeds. Frequent polling is, sadly the only solution. If you write your own scripts, make sure to account for counter wrapping. What about the .1.3.6.1.4.1.9.9.84.1.2.3.1.2 tree? Remeber to use SNMPv2c. We use the following to generate some MRTG config: while (!$session-{ErrorStr} and $$vars[0]-tag eq ipNetToMediaNetAddress){ if ($type eq dynamic) { @mac = split(/:/, $mac); $decmac = join('.', hex $mac[0], hex $mac[1], hex $mac[2], hex $mac[3], hex $mac[4], hex $mac[5]); ($iname, @junk) = gethostbyaddr( pack( C4, split( \\., $ip )), AF_INET ); if (-z $iname) {$iname = $ip}; if (!defined($peers{$ip})) {$peers{$ip} = no BGP peer}; $ifi = $ix{$router}[1]; print \n; print Target\[$ip\]: 1.3.6.1.4.1.9.9.84.1.2.3.1.2.$ifi.1.$decmac\1.3.6.1.4.1.9.9.84.1.2.3.1.2.$i fi.2.$decmac:[EMAIL PROTECTED]:2\n, MaxBytes\[$ip\]: 2500\n, Title\[$ip\]: $ix{$router}[0]: $peers{$ip}\n, PageTop\[$ip\]: H1$ix{$router}[0]: $peers{$ip}/H1\n, \tIP: $ip, DNS: , $iname, \n; } ($ip,$mac,$type) = $session-getnext($vars); }; (This is only part of the script. You should make it work in your environment quite easy though.) - Dan on 1/20/05 9:45 AM, [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: On Wed, 2005-01-19 at 22:41, andrew matthews wrote: Another problem you might run into is counter wrapping. When polling every 5 minutes, some counters may wrap. (there is no 64 bit counter for the mac-address accounting). So you have to run it in short timeframes, causing more cpu utilization. Talking about Cisco, see above. There is such counters. But all in all, mac-accounting and Netflow source-as give you a very good overview of your network flows. Yes indeed. /H -- End of Forwarded Message
RE: Major AboveNet problems?
I saw the Above.Net issue and noticed that Glbx is taking an emergency maintenance window for tomorrow morning to upgrade router software on ALL routers (nice). I wonder if this is related since both networks use Juniper. If anyone has info to share, it would be on-topic I think :) -Scott Bethke -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris A. Epler Sent: Friday, January 21, 2005 1:43 PM To: nanog@merit.edu Subject: Major AboveNet problems? -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Anyone have any details on what is going on with AboveNet? Evidently something major but our support contacts didn't have a lot of details, said there'd be something out later this afternoon about it. Wondering if others are experiencing problems with them. - -- ~ /\ ~ \ / ASCII RIBBON CAMPAIGN ~ XAGAINST HTML MAIL ~ / \ -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.6 (GNU/Linux) iD8DBQFB8U0/25hr1at2zS8RApGYAJ9DosyIFlaCoR/vjWj4QYJyYhcVkQCgj6Db y16tFmLYkDM/jep4Ug9t1Vs= =i27H -END PGP SIGNATURE-
radius question
hi: are authentication packets between routers and radius servers encrypted or clear-text? Thanks dave_au __ Do you Yahoo!? Meet the all-new My Yahoo! - Try it today! http://my.yahoo.com
Re: radius question
At 06:14 PM 1/21/2005, you wrote: are authentication packets between routers and radius servers encrypted or clear-text? All clear text, but passwords are sent as an MD5 hash which is the result of a shared secret on both the radius server and the router. -Robert Tellurian Networks - The Ultimate Internet Connection http://www.tellurian.com | 888-TELLURIAN | 973-300-9211 Well done is better than well said. - Benjamin Franklin
Re: broke Inktomi floods?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 in-line: Suresh Ramasubramanian wrote: | Vicky Rode [EMAIL PROTECTED] wrote: | | |not sure if spiders falls under spam or ddos bracket when they |repeatedly start hammering one's network. you could possible report to |spamcop (*grin*) to get a quicker response. spamcom hasn't been accurate |in some instances :-) | | | Er.. just what would you report to spamcop, and what would spamcop do with your | reports? - -- that's why i asked, this type of behavior falls under what abuse terms? | | |do you remember this incident, http://www.cs.wisc.edu/~plonka/netgear-sntp/ | | | Not very new .. broken apps which keep hammering on a resource for some reason | are a fairly regular feature of the internet. - - doesn't mean that it shouldn't be blocked/reported. regards, /vicky | | srs | -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB8a1ipbZvCIJx1bcRAmOrAKCnCHmj72VsJIec/CsA0JBjkbGdCACgi9BB N20N5nuLVPFN5+bYVF3k7pY= =BwbD -END PGP SIGNATURE-
Multi-Router Looking Glass (MRLG) Version 5.1.0 has been released
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The latest release of the Multi-Router Looking Glass (MRLG) is now available at: ftp://ftp.enterzone.net/looking-glass/CURRENT/ You can see it in action at http://www.ip-guru.com/mrlg/ There are patches available to patch from version 4.3.0 to 5.0.0 and then from 5.0.0 to 5.1.0. If you are running a version of MRLG prior to 4.3.0 it is extremely important that you upgrade. Some of the updates are listed below. Multi-Router Looking Glass Version 5.1.0 Tue Jan 18 08:40:30 EST 2005 Multi-Router Looking Glass allows network administrators to execute commands on multiple routers via a nice web interface. Changes for version 5.1.0 * Implemented Net::SSH::Perl routines to allow SSH access to routers. * Added debug routines to code to aid in debugging config file when adding a new router. * Changed code to set $login_user to 'no_login_user_defined' if 'login_user' is not set in config file. *Change required by SSH routines. * Changed code to set $login_pass to 'no_login_pass_defined' if 'login_pass' is not set in config file. *Change required by SSH routines. * Cleaned up code to allow easier modification/debugging. * Added 'use_ssh' config parameter to config file to tell MRLG to use SSH. * Added 'use_port' config parameter to config file to tell MRLG to use a specific port for all connections to a specific router. If you're configuring MRLG for Cisco routers, you'll appreciate this one as it will make your config file much shorter! * Added 'debug' config parameter to config file to tell MRLG to output debug information for a specific router. * Added $::writable_directory config parameter to config file to tell MRLG where to store the known_hosts file that is created by Net::SSH::Perl when an SSH connection is used. Changes for version 5.0.0 * Integrated patch supplied by Jeff Barrow to support username/password authentication for devices that require a username to log in. * Upgraded code to use Net::Telnet::Cisco. * Added a few !-- -- tags for Google-bait so I can look and see how many people are running my code. Please leave these in place. I get a kick out of seeing all of the different networks that use this code. * More features coming soon - IE; SSH support! -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFB8bS1NnFN6q2MXL4RAkDrAJ4swg36K/fwqwPdQX1sBn3fy/wmiQCfTNYx Stz8zj7j+He6LzV8eH/rEHo= =aJow -END PGP SIGNATURE-
Re: broke Inktomi floods?
On Fri, 21 Jan 2005 17:33:22 -0800, Vicky Rode [EMAIL PROTECTED] wrote: that's why i asked, this type of behavior falls under what abuse terms? doesn't mean that it shouldn't be blocked/reported. Block - you have enable on your routers and can do everything from access list 101 deny to something fancier like NBAR to block just these queries. -- Suresh Ramasubramanian ([EMAIL PROTECTED])