new operational mailing list - snort signatures for ISP's
Hi. We see the need for a mailing list, where we can send snort signatures that are not for public release, and have the ISP's and other responsible parties run these sigs and come back with results. This will be a sub-list of the drone armies research and mitigation mailing list, as well as for the malicious websites and phishing list. Example: Specific signatures for detecting botnets, that if released become useless. Any ISP (or others with a tube who want to run these snort sigs REPORT back) are invited to email me and get added if they can be vetted. There will be a kick policy for leechers. Gadi.
Re: The power of default configurations
So, this highlights some good operational practices in networking and DNS-applications, but doesn't answer how 1918 is 'different' or 'special' than any other ip address. I think what I was driving at is that putting these proposed road blocks in bind is akin to the 'cisco auto secure' features. when you attempt to solve a routing problem by addressing tricks, you're gonna pay for it forever in ever-expanding ways. this is just one of them. Hmmm... interesting. Routing is basically the dynamic exchange of address ranges and their attributes through various protocols. Normally routers do the talking, but that is only incidental. One might look at this issue and say that IETF RFC human readable documents are not the best way to communicate address ranges and their attributes, therefore RFC 1918 is fatally flawed. Similarly, the IANA page at http://www.iana.org/assignments/ipv4-address-space is also flawed because, although it is accessible via the HTTP protocol, it is clearly intended to be a human readable document no different from an RFC. But now let's turn out attention to Team Cymru's bogon project. Here we see that they are offering the dynamic exchange of address ranges and their attributes through various protocols such as DNS, RADB and BGP. Clearly this falls on the routing side of the fence. Which leads me to the question: Why are RFC 1918 addresses defined in a document rather than in an authoritative protocol feed which people can use to configure devices? Perhaps if they were defined in a protocol feed of some sort, like DNS, then device manufacturers would make their devices autoconfigure using that feed? --Michael Dillon
The Cidr Report
This report has been generated at Fri Apr 8 21:44:57 2005 AEST. The report analyses the BGP Routing Table of an AS4637 (Reach) router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org/as4637 for a current version of this report. Recent Table History Date PrefixesCIDR Agg 01-04-05155627 106634 02-04-05155490 106620 03-04-05155470 106596 04-04-05155479 106765 05-04-05155734 106188 06-04-05155419 106297 07-04-05155608 106264 08-04-05155649 106385 AS Summary 19246 Number of ASes in routing system 7854 Number of ASes announcing only one prefix 1461 Largest number of prefixes announced by an AS AS7018 : ATT-INTERNET4 - ATT WorldNet Services 90489856 Largest address span announced by an AS (/32s) AS721 : DLA-ASNBLOCK-AS - DoD Network Information Center Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 08Apr05 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 155786 1063244946231.7% All ASes AS4323 1089 225 86479.3% TWTC - Time Warner Telecom AS18566 7888 78099.0% COVAD - Covad Communications AS4134 885 213 67275.9% CHINANET-BACKBONE No.31,Jin-rong Street AS721 1119 564 55549.6% DLA-ASNBLOCK-AS - DoD Network Information Center AS7018 1461 954 50734.7% ATT-INTERNET4 - ATT WorldNet Services AS27364 504 22 48295.6% ACS-INTERNET - Armstrong Cable Services AS22773 474 23 45195.1% CCINET-2 - Cox Communications Inc. AS6197 882 469 41346.8% BATI-ATL - BellSouth Network Solutions, Inc AS3602 508 142 36672.0% SPRINT-CA-AS - Sprint Canada Inc. AS17676 427 77 35082.0% JPNIC-JP-ASN-BLOCK Japan Network Information Center AS9929 347 45 30287.0% CNCNET-CN China Netcom Corp. AS4766 572 277 29551.6% KIXS-AS-KR Korea Telecom AS6478 378 90 28876.2% ATT-INTERNET3 - ATT WorldNet Services AS9583 684 420 26438.6% SIFY-AS-IN Sify Limited AS14654 2636 25797.7% WAYPORT - Wayport AS9443 374 123 25167.1% INTERNETPRIMUS-AS-AP Primus Telecommunications AS1239 911 662 24927.3% SPRINTLINK - Sprint AS6140 383 138 24564.0% IMPSAT-USA - ImpSat AS4755 481 238 24350.5% VSNL-AS Videsh Sanchar Nigam Ltd. Autonomous System AS23126 251 13 23894.8% KMCTELCOM-DIA - KMC Telecom, Inc. AS7545 479 246 23348.6% TPG-INTERNET-AP TPG Internet Pty Ltd AS15270 263 35 22886.7% AS-PAETEC-NET - PaeTec.net -a division of PaeTecCommunications, Inc. AS6198 457 232 22549.2% BATI-MIA - BellSouth Network Solutions, Inc AS2386 842 624 21825.9% INS-AS - ATT Data Communications Services AS5668 482 267 21544.6% AS-5668 - CenturyTel Internet Holdings, Inc. AS11456 311 106 20565.9% NUVOX - NuVox Communications, Inc. AS9498 263 60 20377.2% BBIL-AP BHARTI BT INTERNET LTD. AS22909 345 150 19556.5% DNEO-OSP1 - Comcast Cable Communications, Inc. AS6167 272 78 19471.3% CELLCO-PART - Cellco Partnership AS6517 311 122 18960.8% YIPESCOM - Yipes Communications, Inc.
Re: The power of default configurations
On Friday 08 Apr 2005 11:00 am, [EMAIL PROTECTED] wrote: Which leads me to the question: Why are RFC 1918 addresses defined in a document rather than in an authoritative protocol feed which people can use to configure devices? Because they don't change terribly often. Indeed the ones in RFC1918 don't change at all. A protocol feed to deliver the same 6 integers? The discussion here seems to be muddling two issues. One is ISPs routing packets with RFC1918 source addresses. Which presumably can and should be dealt with as a routing issue, I believe there is already BCP outlining several way to deal with this traffic. This is noticable to DNS admins, as presumably most such misconfigured boxes never get an IP address for the service they actually want to use, since the enquiries are unrepliable, or at least the boxes issue more DNS queries because some of them are unrepliable. The other is packets enquiring about RFC1918 address space, which can probably be minimised by changing the default settings when DNS server packages are made. For example Debian supplies the config files with the RFC1918 zones commented out (although they are all ready to kill the traffic by removing a #). However whilst I'm sure there is a lot of dross looking up RFC1918 address space, I also believe if the volume of such enquiries became an operational issue for the Internet there are other ways of reducing the number of these queries. Whilst we are on dross that turns up at DNS servers, how about traffic for port 0, surely this could be killed at the routing level as well, anyone got any figures for how much port 0 traffic is around? My understanding is it is mostly either scanning, or broken firewalls, neither of which are terribly desirable things to have on your network, or to ship out to other peoples networks.
Re: Spam (un)blocking
On Apr 8, 2005 6:51 PM, Howard, W. Lee [EMAIL PROTECTED] wrote: - Because abuse@ went to a 24x7 team, with an auto-responder, and (on advice of counsel and for scalability reasons) we did not reply to every complaint with a description of the action taken, it was assumed no action was taken. There's no pleasing some people, and it's a shame that not everyone can take the time to understand what filtering policies they're importing. As long as the action does get taken you can reply to it .. nobody says you have to reply personally to everything Boilerplates and perl scripts exist for a particular reason, and people demanding that you tell them in great detail how you eviscerated your spamming customer, and then spread sackcloth and ashes on your head and humbly begged the antispam community for pardon [yes, seen at least some like this] are the reason srs -- Suresh Ramasubramanian ([EMAIL PROTECTED])
AS prepending
To all, I am using AS prepending to favor one ISP over another, in a BGP multihomed/multiISP scenario. Why does the ISP receiving the prepends fail to add my network into their routing table? Is this a feature of BGP, or have I gone too far with 3 prepend statements. Thx Philip __ Yahoo! Messenger Show us what our next emoticon should look like. Join the fun. http://www.advision.webevents.yahoo.com/emoticontest
Re: AS prepending
Do they not have your routes present in their table *at all* or do they just not point them to you? If they have them but via another route, it may be that the shorter path for them is via the ISP you're not prepending. Though unless they've got free transit it would seem pretty dense not to use their own network to reach their own customer. Prepending 3 ASes isn't too much, you should be fine with that, I think. Internet [EMAIL PROTECTED]@merit.edu - 08/04/2005 15:28 Sent by:[EMAIL PROTECTED] To:nanog cc: Subject:AS prepending To all, I am using AS prepending to favor one ISP over another, in a BGP multihomed/multiISP scenario. Why does the ISP receiving the prepends fail to add my network into their routing table? Is this a feature of BGP, or have I gone too far with 3 prepend statements. Thx Philip __ Yahoo! Messenger Show us what our next emoticon should look like. Join the fun. http://www.advision.webevents.yahoo.com/emoticontest This message and any attachments (the message) is intended solely for the addressees and is confidential. If you receive this message in error, please delete it and immediately notify the sender. Any use not in accord with its purpose, any dissemination or disclosure, either whole or partial, is prohibited except formal approval. The internet can not guarantee the integrity of this message. BNP PARIBAS (and its subsidiaries) shall (will) not therefore be liable for the message if modified. ** BNP Paribas Private Bank London Branch is authorised by CECEI AMF and is regulated by the Financial Services Authority for the conduct of its investment business in the United Kingdom. BNP Paribas Securities Services London Branch is authorised by CECEI AMF and is regulated by the Financial Services Authority for the conduct of its investment business in the United Kingdom. BNP Paribas Fund Services UK Limited is authorised and regulated by the Financial Services Authority.
Re: AS prepending
On Apr 8, 2005, at 10:28 AM, Philip Lavine wrote: I am using AS prepending to favor one ISP over another, in a BGP multihomed/multiISP scenario. Why does the ISP receiving the prepends fail to add my network into their routing table? Is this a feature of BGP, or have I gone too far with 3 prepend statements. If they are both transit providers, then they are broken. If they are peers, the second ISP is probably preferring the route it hears through your transit provider because there are fewer AS hops. -- TTFN, patrick
Re: AS prepending
On Fri, 8 Apr 2005, Philip Lavine wrote: I am using AS prepending to favor one ISP over another, in a BGP multihomed/multiISP scenario. Why does the ISP receiving the prepends fail to add my network into their routing table? Is this a feature of BGP, or have I gone too far with 3 prepend statements. Who's ASN are you prepending on your advertised routes? -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: AS prepending
Update: I am prepending my AS 3 times to the un-preferred ISP. Both ISP's are my peers. The un-preferred ISP claims the see my advertisement yet they do not add it to their routing table (suggests filtering??). They claim all the filtering they are doing is based on the networks I told them over the phone that I was using with that AS. Philip --- Jon Lewis [EMAIL PROTECTED] wrote: On Fri, 8 Apr 2005, Philip Lavine wrote: I am using AS prepending to favor one ISP over another, in a BGP multihomed/multiISP scenario. Why does the ISP receiving the prepends fail to add my network into their routing table? Is this a feature of BGP, or have I gone too far with 3 prepend statements. Who's ASN are you prepending on your advertised routes? -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Re: AS prepending
On Friday 08 April 2005 16:04, Philip Lavine wrote: I am prepending my AS 3 times to the un-preferred ISP. Both ISP's are my peers. The un-preferred ISP claims the see my advertisement yet they do not add it to their routing table (suggests filtering??). They claim all the filtering they are doing is based on the networks I told them over the phone that I was using with that AS. To answer your originial question: it is not normal to filter routers with the same AS prepended 3 times. However if the ISP chose such a policy they could do that. On this subject: When they say do not add it to their routing table do you know if they mean the BGP table or the IP table? i.e. if the ISP in question does a sh ip bgp route your prefix does it show in the list. Yet when they do a sh ip route your prefix it does not. If so then your ISP will be preferring a different route. Are you certain that the prefix filters this ISP is using - well sounds like they are using - are the same as the prefixes you are announcing? It could be that the prefix list is misconfigured. -- Cheers Dg
Re: AS prepending
On Fri, 8 Apr 2005, Philip Lavine wrote: I am prepending my AS 3 times to the un-preferred ISP. Both ISP's are my peers. Ok...I just wanted to be sure you weren't prepending their ASN in which case loop detection would stop them from accepting your routes. The un-preferred ISP claims the see my advertisement yet they do not add it to their routing table (suggests filtering??). They claim all the Does the un-preferred ISP actually have no route back to you, or just not the one you sent to them? Depending on how things are setup, they may prefer your preferred ISP for reaching you. If you want un-preferred ISP to reach you directly, but still be un-preferred, you may want to see if they have communities you can tag your advertisement with that would cause them to prepend your routes when propogating them to their peers. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: AS prepending
Philip Lavine wrote: Update: I am prepending my AS 3 times to the un-preferred ISP. Both ISP's are my peers. The un-preferred ISP claims the see my advertisement yet they do not add it to their routing table (suggests filtering??). They claim all the filtering they are doing is based on the networks I told them over the phone that I was using with that AS. I have heard of providers who filter on AS path, and filter in such a way that more than N prepends (for varying values of N) causes the route(s) to be rejected. This could potentially be your problem. If they do soft-reconfig in on their customer sessions, they may see the route but filter it out. pt
Re: AS prepending
Update 2: More info. When I have tested the failover by pulling the plug on the preferred ISP, I do not see my network in looking glass. Secondly, the backup provider has told me the the route is not in the (rib). Philip --- Mark Kasten [EMAIL PROTECTED] wrote: offlist fwiw, it's in the routing table (rib), not their forwarding table (fib). if they look on their side of the session, they will have the prefix in show ip bgp or show route, but it will not propogate beyond that router because their network prefers the other path with the short AS. a router doesn't forward all rib entries, only fib entries. for example: dcr4.nyr show route 141.77.0.0/16 141.77.0.0/16 *[BGP/170] 3w4d 01:53:30, MED 98, localpref 100, from 206.24.194.105 AS path: 1273 ? via so-0/0/0.1510 via so-1/1/0.10 [BGP/170] 9w3d 12:26:09, MED 128, localpref 80 AS path: 3356 1273 I to 4.68.127.205 via so-6/1/0.0 [BGP/170] 21:32:50, MED 128, localpref 80 AS path: 1239 1273 ? to 144.232.9.117 via so-3/1/0.0 on a router, one hop away: kar1.nyr show route 141.77.0.0/16 inet.0: 173067 destinations, 345433 routes (172951 active, 0 holddown, 547 hidden) Restart Complete + = Active Route, - = Last Active, * = Both 141.77.0.0/16 *[BGP/170] 3w4d 01:53:59, MED 98, localpref 100, from 206.24.194.105 AS path: 1273 ? to 208.174.228.1 via ae0.0 no evidence of the 3356_1273 or the 1239_1273 path. if i lose the direct 1273 path, then one of those paths would then be propogated as the preferred path. hth's. mark Philip Lavine wrote: Update: I am prepending my AS 3 times to the un-preferred ISP. Both ISP's are my peers. The un-preferred ISP claims the see my advertisement yet they do not add it to their routing table (suggests filtering??). They claim all the filtering they are doing is based on the networks I told them over the phone that I was using with that AS. Philip --- Jon Lewis [EMAIL PROTECTED] wrote: On Fri, 8 Apr 2005, Philip Lavine wrote: I am using AS prepending to favor one ISP over another, in a BGP multihomed/multiISP scenario. Why does the ISP receiving the prepends fail to add my network into their routing table? Is this a feature of BGP, or have I gone too far with 3 prepend statements. Who's ASN are you prepending on your advertised routes? -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_ __ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com __ Do you Yahoo!? Yahoo! Mail - 250MB free storage. Do more. Manage less. http://info.mail.yahoo.com/mail_250
Re: AS prepending
On Friday 08 April 2005 17:05, Philip Lavine wrote: More info. When I have tested the failover by pulling the plug on the preferred ISP, I do not see my network in looking glass. Secondly, the backup provider has told me the the route is not in the (rib). In that case your only course of action is to ask why the ISP is filtering your routes. I doubt anyone on this list we be able to divine why the ISP is filtering your routes. -- Cheers Dg
Re: AS prepending
--- Philip Lavine [EMAIL PROTECTED] wrote: Update 2: More info. When I have tested the failover by pulling the plug on the preferred ISP, I do not see my network in looking glass. Secondly, the backup provider has told me the the route is not in the (rib). Philip Have you verified that you're advertising the routes to them? In Cisco-speak, does sh ip bgp nei x.x.x.x adv return what you're expecting? Also, assuming that your backup ISP is either directly connected to (or one transit hop away from) your primary ISP, 3 prepends is too many for what you want. Try 1 prepend first. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com __ Yahoo! Messenger Show us what our next emoticon should look like. Join the fun. http://www.advision.webevents.yahoo.com/emoticontest
Re: The power of default configurations
anyone got any figures for how much port 0 traffic is around? For F-root, queries with UDP source port 0 make up about 0.001% of the traffic. Or 4500 queries yesterday. I'm not seeing any source port 0 queries at ISC's AS112 node or their TLD server. Duane W.
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to [EMAIL PROTECTED] If you have any comments please contact Philip Smith [EMAIL PROTECTED]. Routing Table Report 04:00 +10GMT Sat 09 Apr, 2005 Analysis Summary BGP routing table entries examined: 139674 Prefixes after maximum aggregation: 83474 Unique aggregates announced to Internet: 67116 Total ASes present in the Internet Routing Table: 17729 Origin-only ASes present in the Internet Routing Table: 15381 Origin ASes announcing only one prefix:7282 Transit ASes present in the Internet Routing Table:2348 Transit-only ASes present in the Internet Routing Table:194 Average AS path length visible in the Internet Routing Table: 4.5 Max AS path length visible: 23 Prefixes from unregistered ASNs in the Routing Table:38 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space: 13 Number of addresses announced to Internet: 1212269440 Equivalent to 72 /8s, 65 /16s and 195 /24s Percentage of available address space announced: 32.7 Percentage of allocated address space announced: 51.3 Percentage of available address space allocated: 63.7 Total number of prefixes smaller than registry allocations: 61623 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:27665 Total APNIC prefixes after maximum aggregation: 13807 Prefixes being announced from the APNIC address blocks: 25625 Unique aggregates announced from the APNIC address blocks:13601 APNIC Region origin ASes present in the Internet Routing Table:2170 APNIC Region origin ASes announcing only one prefix:672 APNIC Region transit ASes present in the Internet Routing Table:331 Average APNIC Region AS path length visible:4.5 Max APNIC Region AS path length visible: 15 Number of APNIC addresses announced to Internet: 100659328 Equivalent to 5 /8s, 255 /16s and 240 /24s Percentage of available APNIC address space announced: 37.4 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575 APNIC Address Blocks 58/7, 60/7, 124/7, 126/8, 202/7, 210/7, 218/7, 220/7 and 222/8 ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes: 79734 Total ARIN prefixes after maximum aggregation:49337 Prefixes being announced from the ARIN address blocks:61099 Unique aggregates announced from the ARIN address blocks: 21894 ARIN Region origin ASes present in the Internet Routing Table: 9396 ARIN Region origin ASes announcing only one prefix:3492 ARIN Region transit ASes present in the Internet Routing Table: 886 Average ARIN Region AS path length visible: 4.3 Max ARIN Region AS path length visible: 21 Number of ARIN addresses announced to Internet: 229050368 Equivalent to 13 /8s, 167 /16s and 8 /24s Percentage of available ARIN address space announced: 65.0 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153 3354-4607, 4865-5119, 5632-6655, 6912-7466 7723-8191, 10240-12287, 13312-15359, 16384-17407 18432-20479, 21504-23551, 25600-26591, 26624-27647, 29696-30719, 31744-33791 ARIN Address Blocks24/8, 63/8, 64/6, 68/7, 70/6, 198/7, 204/6, 208/7 and 216/8 RIPE Region Analysis Summary Prefixes being announced by RIPE Region ASes: 22768 Total RIPE prefixes after maximum aggregation:16764 Prefixes being announced from the RIPE address blocks:19187 Unique aggregates announced from the RIPE address blocks: 13327 RIPE Region origin ASes present in the Internet Routing Table: 5289 RIPE Region origin ASes announcing only one prefix:2902 RIPE Region transit ASes present in the Internet Routing Table: 966 Average RIPE Region AS path length visible: 5.1 Max RIPE Region AS path length visible: 23 Number of RIPE addresses announced to Internet: 154207424 Equivalent to 9 /8s, 49
Port 0 traffic
On Fri, 8 Apr 2005, Simon Waters wrote: Whilst we are on dross that turns up at DNS servers, how about traffic for port 0, surely this could be killed at the routing level as well, anyone got any figures for how much port 0 traffic is around? My understanding is it is mostly either scanning, or broken firewalls, neither of which are terribly desirable things to have on your network, or to ship out to other peoples networks. Or packet MTU fragmentation. Many security products mis-interpret the packet header on a fragment and display port 0 instead of port N/A. And just like people who drop all ICMP packets, if you drop all fragments, stuff breaks in weird ways. But its your network, you can break it any way you want.
Blog...
I've decided to take Randy's (and a few others) advice and, instead of polluting the list with tech news snippets, post them to a blog. So in my spare time, I'll post stuff there instead of to the list... pointer in my .sig below. Can I get a Hallelujah?! :-) - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://spaces.msn.com/members/fergdawg/
Re: Blog...
I've decided to take Randy's (and a few others) advice and, instead of polluting the list with tech news snippets, post them to a blog. So in my spare time, I'll post stuff there instead of to the list... pointer in my .sig below. Can I get a Hallelujah?! :-) - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://spaces.msn.com/members/fergdawg/ Eventually it'd be great to incorporate this into the SlashNOG server Merit's in the process of developing (actually the developer is Manish Karir of our RD staff.) Stay tuned ...
Re: Blog...
Can I get a Hallelujah?! :-) from here, you get one hallelujah and one sporadic reader. fwiw, i read two other blogs http://www.intel-dump.com/ http://www.talkingpointsmemo.com/ both political randy
Re: Weekly Routing Table Report
Wha happen? Routing Table Report 04:00 +10GMT Sat 09 Apr, 2005 Analysis Summary BGP routing table entries examined: 139674 Prefixes after maximum aggregation: 83474 Unique aggregates announced to Internet: 67116 Total ASes present in the Internet Routing Table: 17729 Origin-only ASes present in the Internet Routing Table: 15381 Origin ASes announcing only one prefix:7282 Transit ASes present in the Internet Routing Table:2348 Transit-only ASes present in the Internet Routing Table:194 Average AS path length visible in the Internet Routing Table: 4.5 Max AS path length visible: 23 Prefixes from unregistered ASNs in the Routing Table:38 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space: 13 Number of addresses announced to Internet: 1212269440 Routing Table Report 04:00 +10GMT Sat 02 Apr, 2005 Analysis Summary BGP routing table entries examined: 158858 Prefixes after maximum aggregation: 92606 Unique aggregates announced to Internet: 76314 Total ASes present in the Internet Routing Table: 19277 Origin-only ASes present in the Internet Routing Table: 16774 Origin ASes announcing only one prefix:7827 Transit ASes present in the Internet Routing Table:2503 Transit-only ASes present in the Internet Routing Table: 68 Average AS path length visible in the Internet Routing Table: 4.5 Max AS path length visible: 23 Prefixes from unregistered ASNs in the Routing Table:31 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space: 13 Number of addresses announced to Internet: 1394234240 This is a PRIVATE message. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind CSC to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose. Routing Table Analysis cscora To: [EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED], afnog@afnog.org @apnic.net cc: Sent by: Subject: Weekly Routing Table Report owner-nanog 04/08/2005 02:18 PM Please respond to pfs This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to [EMAIL PROTECTED] If you have any comments please contact Philip Smith [EMAIL PROTECTED]. Routing Table Report 04:00 +10GMT Sat 09 Apr, 2005 Analysis
Re: Weekly Routing Table Report
On Fri, 08 Apr 2005 16:48:53 EDT, Joe Loiacono said: Wha happen? Routing Table Report 04:00 +10GMT Sat 09 Apr, 2005 Total ASes present in the Internet Routing Table: 17729 Routing Table Report 04:00 +10GMT Sat 02 Apr, 2005 Total ASes present in the Internet Routing Table: 19277 This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Just guessing here, but I'd not be surprised if the explanation involved one or more of the phrases BGP Flap, temporary outage, backhoe/shark/chucklehead. 4AM local might very well be inside a maint window too... pgpjB6QopXXH6.pgp Description: PGP signature
Botted Hosts tracking, v0.01alpha
Hello. I have an pre alpha version of the compromised host tracking system ready, and I need some guinea pigs. This is based on my earlier AOL scomp complaint work. If you would like to receive a daily html summary email of the this is spam complaints for your ip space, please reply. The report includes ip, subject, and timestamp of the complaint, and is intended to be used to identify obviously infected hosts, not to respond to individual complaints. I'll need to know your Ip block, and the address you'd like the report sent to. It takes aol a while to setup the feedback loops, so there may be more features by the time it actually starts working. -ejay
RE: Weekly Routing Table Report
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, April 08, 2005 2:00 PM To: Joe Loiacono Cc: [EMAIL PROTECTED] Subject: Re: Weekly Routing Table Report On Fri, 08 Apr 2005 16:48:53 EDT, Joe Loiacono said: Wha happen? Routing Table Report 04:00 +10GMT Sat 09 Apr, 2005 Total ASes present in the Internet Routing Table: 17729 Routing Table Report 04:00 +10GMT Sat 02 Apr, 2005 Total ASes present in the Internet Routing Table: 19277 Just guessing here, but I'd not be surprised if the explanation involved one or more of the phrases BGP Flap, temporary outage, backhoe/shark/chucklehead. 4AM local might very well be inside a maint window too... I'll take Backhoe Planting for $100..'tis plantin' season y'know... /Alex K.
Re: The power of default configurations
On Thu, 7 Apr 2005, Eric A. Hall wrote: If folks were used to just adding forwarder entries to named.boot, yes, since they'd also have to remember to undelegate authority for the relevant rfc1918 address space now too. If somebody setup a network using a subset of the address space from rfc1918 space they'd have to reconfigure appropriately too. All anybody really cares about is that these queries aren't beating up the root/gtld servers, so adding a check to the referral-chasing would solve that problem and wouldn't impose additional work on the users. I don't really want to speak for anyone else here, but it always appeared to me that the problem Vix keeps mentioning is queries with 1918 SOURCE ADDRESSES, not 1918-space queries. This thread, like every nanog thread, has completely lost focus of the original issue, and devolved into some brain-damaged solution to an imagined problem. And if he doesn't find the idea of randomly balkanizing the in-addr.arpa delegation chain for random bits of space abhorrent, I sure do. matto [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
djbdns: An alternative to BIND
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://software.newsforge.com/article.pl?sid=05/04/06/197203from=rss Just wondering how many have transitioned to djbdns from bind and if so any feedback. regards, /vicky -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCVwvTpbZvCIJx1bcRAh5sAKCxu8Ab2BJUn7lH6GFQtWiRcfleEQCfbxvH mOmy510OhNffb8sSCWCckZ0= =tlMB -END PGP SIGNATURE-
Re: djbdns: An alternative to BIND
[EMAIL PROTECTED] (Vicky Rode) writes: http://software.newsforge.com/article.pl?sid=05/04/06/197203from=rss i'm struck by the persistent rumours repeated by this text: Those who have been concerned with the number of security vulnerabilities found in the BIND server through the years, ... BIND9, being a different code base from the ones DJB has complained about, has already dealt with the security vulnerabilities in BIND through the years. some day DJB and his followers should switch to the current decade when looking for things to complain about, maybe. Just wondering how many have transitioned to djbdns from bind and if so any feedback. if transition were a verb, i could point you at: http://www.isc.org/ops/ds/reports/2005-01/dist-servsoft.php (sorry about the frames, we're removing them, really), wherein it is writ: Count Server Software 77929 BIND 16000 Microsoft 2193 TinyDNS 564 PowerDNS 556 simple DNS 1038 others Count Server Software Version 36299 BIND 9.2.0rc7 -- 9.2.2-P3 20202 BIND 9.2.3rc1 -- 9.4.0a0 15396 BIND 8.3.0-RC1 -- 8.4.4 10069 Microsoft Windows 2000 3860 Microsoft Windows 2003 2673 BIND 4.9.3 -- 4.9.11 2163 TinyDNS 1.05 2053 Microsoft Windows NT4 1606 BIND 9.1.0 -- 9.1.3 1009 BIND 8.2.2-P3 -- 8.3.0-T2A ... note, that's just the servers found in this survey, and might not be representative of the full set (if there were such a thing as full in light of known horizion variability.) -- Paul Vixie
Re: djbdns: An alternative to BIND
(attribution removed due to my freeform quoting to make a point) ...from the ones DJB has complained about... And there we have the reason alot of us don't use DJB softwares. :)
Re: djbdns: An alternative to BIND
On Apr 8, 2005 4:55 PM, Vicky Rode [EMAIL PROTECTED] wrote: http://software.newsforge.com/article.pl?sid=05/04/06/197203from=rss Just wondering how many have transitioned to djbdns from bind and if so any feedback. regards, /vicky I used to use djbdns on my laptop for testing things, and then I took an afternoon, learned to write BIND zone files, and decided I should just use the BIND that comes with so many modern unixen and that powers so much of the internet anyway... Since then, I've always preferred deploying bind over djbdns. Even if it was easier to configure, the installation process for DJBDNS always really annoyed me. So that's a djbdns *to* bind transition story. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: djbdns: An alternative to BIND
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 thanks for the insight to all who responded. regards, /vicky -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.5 (MingW32) Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org iD8DBQFCVyRKpbZvCIJx1bcRArkUAKCufhrpcR1KqZ1hGJ8NRWxcOs0yWQCcC802 qhn641Q/PIGw0GKEWmPbnGU= =u65M -END PGP SIGNATURE-
Re: djbdns: An alternative to BIND
On 4/9/2005 1:50 AM +0100, Paul Vixie wrote: Count Server Software [snip some list] One could also put together a list based on: - Security holes. - Amount of code - Bloatness - Seperation of functionality - # of seconds it takes to load huge amounts of zones In the end, it all comes down to religion: Bind people don't ack djb points and vice versa. Niek Baakman --
Re: djbdns: An alternative to BIND
fnordmaradns/fnord :-) On April 8, 2005 05:43 pm, Niek wrote: On 4/9/2005 1:50 AM +0100, Paul Vixie wrote: Count Server Software [snip some list] One could also put together a list based on: - Security holes. - Amount of code - Bloatness - Seperation of functionality - # of seconds it takes to load huge amounts of zones In the end, it all comes down to religion: Bind people don't ack djb points and vice versa. Niek Baakman -- -- World Security Pros. Cutting Edge Training, Tools, and Techniques Vancouver, Canada May 4-6 2005 http://cansecwest.com pgpkey http://dragos.com/ kyxpgp
Re: djbdns: An alternative to BIND
[EMAIL PROTECTED] (Niek) writes: One could also put together a list based on: - Security holes. in BIND9-- zero so far. - Amount of code in BIND9-- % find . -name '*.[chyl]' -print | xargs wc -l | awk '{X+=$1} END {print X}' 687674 - Bloatness in BIND9-- none. - Seperation of functionality in BIND9-- you got me on this one, we have one daemon that does everything. - # of seconds it takes to load huge amounts of zones in BIND9-- you got me on this one. in BIND9.3.1-- better but not good enough, BIND9.4 will be better still. In the end, it all comes down to religion: no. Bind people don't ack djb points and vice versa. i don't ack djb's existence, not merely his points. i'm happy to ack your points, and debate them, though. -- Paul Vixie
Re: djbdns: An alternative to BIND
-Original Message- From: Vicky Rode [mailto:[EMAIL PROTECTED] Sent: Friday, April 8, 2005 10:55 PM To: nanog@merit.edu Subject: djbdns: An alternative to BIND -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://software.newsforge.com/article.pl?sid=05/04/06/197203from=rss Just wondering how many have transitioned to djbdns from bind and if so any feedback. We did that 2 years ago and it has been a nice move. Zones are much easier to transfer/build and it's a very solid DNS version. Cheers, Dee
Re: Blog...
On Fri, 8 Apr 2005, Eric Brunner-Williams wrote: makes as much sense as turning nanog into a web-access only mail sink. i liked your news items. and sean's. i wouldn't have known to go look at the iraqi network operator/nic situation if news about the hack on aljazeera/akamai-reneg and so on weren't on-list. I have to agree... Paul's been doing an excellent job of picking out the one or two things that really matter each day, and I've found it quite valuable. I think that unlike much of the administrivial chatter on the list lately, and the usual kids-ranting-at-each-other, this has been improving the signal-to-noise ratio quite a bit. -Bill
Re: djbdns: An alternative to BIND
Vicky - Thou shalt not post about DJB software to a mailing list Vixie reads regularly. I take it you didn't listen in bible study class.. I had a play with DJBDNS after using BIND for years. Here's why I switched back: - No AXFR support - No TCP support - I was forced to use DJBs naming conventions for zones - Licensing - Installation Now, it looks like some of this has changed in the past few years, but at the time I was unable to provide a bunch of services that I wanted to because of these missing features. One of the reasons I see people quoting for their transition from BIND to DJBDNS is BIND is hard to configure. Really. If you've got a good understanding of DNS (which, IMO, is required to run DJBDNS effectively), and you're finding BIND hard to configure, you'd best unsubscribe now and start looking for work elsewhere. The other one is BIND is a bigger binary than DJBDNS. So? It's the 00's kids, RAM and disk are cheaper than a hooker scraping for a fix. My licensing and installation points above are common to all DJB software. I'm a lazy bastard. I want to click a button or tap some keys and have stuff happen in a way I understand and trust. I don't want to have my hosts littered with weird arcane trash that isn't looked after by my packaging system. If DJB were to allow people to provide binary packages of his software, this point wouldn't exist. Anyway, in closing - Run BIND9. Save yourself. On 9/04/2005, at 12:19 PM, Chris Kuethe wrote: On Apr 8, 2005 4:55 PM, Vicky Rode [EMAIL PROTECTED] wrote: http://software.newsforge.com/article.pl?sid=05/04/06/197203from=rss Just wondering how many have transitioned to djbdns from bind and if so any feedback. regards, /vicky I used to use djbdns on my laptop for testing things, and then I took an afternoon, learned to write BIND zone files, and decided I should just use the BIND that comes with so many modern unixen and that powers so much of the internet anyway... Since then, I've always preferred deploying bind over djbdns. Even if it was easier to configure, the installation process for DJBDNS always really annoyed me. So that's a djbdns *to* bind transition story. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: djbdns: An alternative to BIND
On 4/9/2005 3:46 AM +0100, Nathan Ward wrote: I had a play with DJBDNS after using BIND for years. Here's why I switched back: - No AXFR support It supports this. - No TCP support It supports this. - I was forced to use DJBs naming conventions for zones If you administer 2-3 domains, sure it's an hassle, if not, put code-monkeys to work. Most script people I know love the tinydns zone structure in comparison to bind's one. - Licensing I agree here. - Installation A no-brainer. Niek Baakman --
Re: djbdns: An alternative to BIND
On Apr 9, 2005 7:26 AM, Niek [EMAIL PROTECTED] wrote: On 4/9/2005 3:46 AM +0100, Nathan Ward wrote: I had a play with DJBDNS after using BIND for years. Here's why I switched back: - No AXFR support It supports this. No IXFR, no automatic notification of bind slaves (you get to run a separate notify script) ... But yes, it is far easier to use, consumes very low amounts of memory and makes an excellent local resolver cache eoe no roundrobin DNS without a patch (as in it returns all the A records in the same order every time, whereas bind does this in a different order ...) No v6 support without a patch either Oh yes, patch, patch ... welcome to patching hell if you run qmail or any other djb ware :) --srs -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: djbdns: An alternative to BIND
On 4/9/2005 4:03 AM +0100, Suresh Ramasubramanian wrote: No IXFR, no automatic notification of bind slaves (you get to run a separate notify script) ... No RFC requires a specfic system of notification. Seperate notify scripts are ok, rsync is even better! Oh wait, does bind support rsync ? But yes, it is far easier to use, consumes very low amounts of memory and makes an excellent local resolver cache eoe no roundrobin DNS without a patch (as in it returns all the A records in the same order every time, whereas bind does this in a different order ...) Bind should patent this. No v6 support without a patch either Oh yes, patch, patch ... welcome to patching hell if you run qmail or any other djb ware :) Yeah we tech folk hate patching. As I mentioned earlier, djb - non-djb is a religion thing: rfc-wise, feature-wise (bind supports something, tinydns should too). Niek Baakman --
Re: djbdns: An alternative to BIND
On Apr 9, 2005 7:47 AM, Niek [EMAIL PROTECTED] wrote: Oh yes, patch, patch ... welcome to patching hell if you run qmail or any other djb ware :) Yeah we tech folk hate patching. I like it - as long as I dont have to spend all my time on it. Take qmail for instance - or at least netqmail that adds a set of patches to make qmail borderline modern and usable (eoe the comparison table that rates it against sendmail 8.8, exim 2.x etc) Add a couple more patches for tls, smtp auth etc, then try patching for (say) mysql or ldap support. Too many patches, none of which are guaranteed to play well with each other without some re-patching If djb would just have done what most other mta authors (especially Wietse Venema and Philip Hazel) do, and be more open to rolling contributed patches into qmail, or into other software he's written, well it'd be more usable But right now, if you are running anything other than a barebones mta, or barebones dns, if you want to spend your time doing other things than being a coding slave .. have fun running djbware --srs (who needs a barebones dns server and resolver, so installed tinydns) -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: djbdns: An alternative to BIND
neither has ever had bugs or security problems, they were stopped by the flying pigs. the same pigs who made them both completely rfc-of-the-week compliant. the same pigs who made them both so easy to set up and use. as a rare truthful router vendor hack once said we suck less. what a contenst. do you prefer emacs or vi? me? i'll take coconut. randy
Re: djbdns: An alternative to BIND
On Sat, 9 Apr 2005, Niek wrote: On 4/9/2005 3:46 AM +0100, Nathan Ward wrote: - I was forced to use DJBs naming conventions for zones If you administer 2-3 domains, sure it's an hassle, if not, put code-monkeys to work. Most script people I know love the tinydns zone structure in comparison to bind's one. because instead of MX you have . or + or - or : or something so helpfully meaningful... same for NS and A and CNAME... Yes, 1 more level of indirection is not always a good thing. -chris (not that I dislike djbdns, i just don't understand why things have to be 'different' so very much... and if bind works, why use djbdns?)
Re: Port 0 traffic
On Fri, 8 Apr 2005, Sean Donelan wrote: On Fri, 8 Apr 2005, Simon Waters wrote: Whilst we are on dross that turns up at DNS servers, how about traffic for port 0, surely this could be killed at the routing level as well, anyone got any figures for how much port 0 traffic is around? My understanding is it is mostly either scanning, or broken firewalls, neither of which are terribly desirable things to have on your network, or to ship out to other peoples networks. Or packet MTU fragmentation. Many security products mis-interpret the packet header on a fragment and display port 0 instead of port N/A. And just like people who drop all ICMP packets, if you drop all fragments, stuff breaks in weird ways. But its your network, you can break it any way you want. stepping off horsey Sean makes a good point, 'randomly' dropping traffic that 'seems bad to you' is rarely a good plan :( Hopefully people check to see if the traffic has a use and has some operational validity before just deciding to drop it? Even icmp has it's place in the world... /stepping off horsey
Re: djbdns: An alternative to BIND
woody wrote and the usual kids-ranting-at-each-other and so i'm back again: No IXFR, no automatic notification of bind slaves (you get to run a separate notify script) ... No RFC requires a specfic system of notification. true enough, RFC1996 (thanks again randy!) isn't actually required -- it's just convenient to speak the same protocol between all authority servers for a given zone. i guess sometimes that's rsync. Seperate notify scripts are ok, rsync is even better! Oh wait, does bind support rsync ? back before rsync, there was rdist. and because BIND4.8 was horrid at AXFR, i admit that i used rdist to move zones around. rsync is quite a bit better, and i know of people who use it to move zones around between BIND9 authority servers because the access control and secrecy features can use the same configuration infrastructure as their other sysadmin-related file sharing. i myself am quite comfortable with DNS I-N-D (IXFR, NOTIFY, DYNUPD) and so i move zones using IETF protocols rather than rdist/rsync/etc. but there's nothing that prevents multiple BIND servers from all thinking of themselves as masters and having their zone files managed by external programs such as rdist or rsync. ... (as in it returns all the A records in the same order every time, whereas bind does this in a different order ...) Bind should patent this. BIND's publisher is a public benefit corporation, so our only reason for filing a patent would be for defense, and we consider the prior art strong enough in the case of round-robin DNS that no defensive patent is needed. No v6 support without a patch either Oh yes, patch, patch ... welcome to patching hell if you run qmail or any other djb ware :) Yeah we tech folk hate patching. people with a lot of servers to run have to use configuration control on their operating systems and utilities and config files. if a vendor will offer patched binaries through rpm or /usr/ports or whatever then everything gets easier. djb's license precludes this kind of repackaging, is what i'm hearing. ISC uses a BSD-style license, and i personally think that anything more restrictive, even GPL or LGPL, is suboptimal. apparently DJB's license is even more restrictive than GPL, which is hard to fathom. As I mentioned earlier, djb - non-djb is a religion thing: perhaps to you it is. perhaps to DJB it is. perhaps to many, DJB is. but the arguments i'm seeing tonight for/against djbware are engineering arguments, not religious arguments. rfc-wise, feature-wise (bind supports something, tinydns should too). the people who are happy with djbware are VERY happy with it. no argument from me on that point. in http://www.circleid.com/article/774_0_1_0_C/, i wrote: ... Those are good articles. But Jacco's site at http://www.bind9.net/ is also very good, and includes all kinds of useful links. Education is good. Administrators can also look at alternatives to BIND such as DJBDNS located at http://cr.yp.to/djbdns.html. OK, so some of you were wondering why I bothered to respond to this obvious hit piece written by someone without much background in the field -- maybe the same yet-to-be-fired marketing wizard who came up with the name Internet Storm Center when the term ISC had another, much stronger, much older, meaning. I was going to Just Hit Delete -- something you should never do with spam, by the way! Until I saw the DJBDNS reference. Mr. Bernstein has what could politely be called a grudge against... well, almost everybody. His software seems to work, and it has a loyal and committed user base. But if you're going to look at alternatives to BIND, you need more options, and you need a better reason. For more options, check out Nominum's ANS and CNS products, and NLNetLabs' NSD, and Cisco's DNS/DHCP Manager, and Microsoft's Advanced Server product. (I'm sorry if I'm leaving somebody out, that's off the top of my head.) For a better reason, discard I don't want to have to learn about patches and apply them every year or two since no vendor will ever be able to guaranty this. If you want help staying patched, talk to ISC about BIND support, or talk to your operating system vendor, or talk to your ISP. Help is out there. ... -- Paul Vixie
Re: djbdns: An alternative to BIND
oddly enough, i still consider this on-topic, even though it has more to do with sysadmin than netops. [EMAIL PROTECTED] (Adam McKenna) writes: Try writing a script to parse BIND zone files. why on earth would i want to do that? BIND might be storing it in SQL or BerkeleyDB or some other DB/SDB/DBZ container. or the server might not be BIND at all. the right way to do this is in Perl if you've got it: our $zones = { }; $res-nameservers($ns); my @zone = $res-axfr($mz); foreach my $rr (@zone) { next unless $rr-type eq 'TXT'; my ($name, @words) = ($rr-name, $rr-char_str_list()); my ($attr, $value) = @words; $name =~ s/$mzp//; $zones-{$name}-{$attr} = $value; } as operators we should all strive to make our tools as robust and as independent as possible. i'm very glad that nothing i've written depends on the format of zone files. if you don't have perl, just use dig, pipe it to awk or sed or cut or whatever, and once again you'll have a server-independent format. AXFR is your friend, don't ignore it. (not that I dislike djbdns, i just don't understand why things have to be 'different' so very much... and if bind works, why use djbdns?) A Honda Civic will get you to work and back, so why buy an M3? because there might be a hill. As with many other things in the IT world, this decision boils down to several factors. Who wrote it, or how popular it is, if you are a true techie, should be close to the bottom of that list. amen. -- Paul Vixie
Re: The power of default configurations
On 4/8/2005 6:19 PM, just me wrote: I don't really want to speak for anyone else here, but it always appeared to me that the problem Vix keeps mentioning is queries with 1918 SOURCE ADDRESSES, not 1918-space queries. This thread, like every nanog thread, has completely lost focus of the original issue, and devolved into some brain-damaged solution to an imagined problem. I don't think it's a bad question. We just went through a similar talk in the zetroconf wg about local addresses. Besides, the question wasn't Paul's in the first place. | From: Sean Donelan [EMAIL PROTECTED] | To: nanog@merit.edu | Subject: The power of default configurations | Message-ID: [EMAIL PROTECTED] | | On Mon, 4 Apr 2005, Paul Vixie wrote: | adding more. oh and as long as you're considering whether to | restrict things to your LAN/campus/ISP, i'm ready to see rfc1918 | filters deployed... | | Why does BIND forward lookups for RFC1918 addresses by default? Sorry we are bothering you are mail spool. -- Eric A. Hallhttp://www.ehsco.com/ Internet Core Protocols http://www.oreilly.com/catalog/coreprot/
Re: djbdns: An alternative to BIND
On Fri, 08 Apr 2005 23:50:51 -, Paul Vixie said: OK. So one of them is a Honda Civic, and one is an M3. And I really don't care which is which, because: Count Server Software Version 2673 BIND 4.9.3 -- 4.9.11 Gaak. :) Some of us are obviously still walking barefoot down unpaved muddy streets in third world countries. It's time for *both* camps to send in the missionaries to save the poor heathen zone file's immortal souls, or at least provide safe drinking water or something.. ;) pgpNrC2UTVu7r.pgp Description: PGP signature
books every network operator should read?
I'd like to make a list for the BGP4.net wiki of books that are thought highly of by the network community. What books stand out for you as being excellent? If you could only own 5 network related books, what would they be? Feel free to reply to me offlist - I'll post a summary after a few days. Thanks! Janet
Re: Weekly Routing Table Report
Hi Folks, Sorry about that, something seems to have broken when the script was run earlier on today. The table in the view I use was 140k prefixes then, and is now back up to the normal 159k again. philip -- Joe Loiacono said the following on 09/04/2005 06:48: Wha happen? Routing Table Report 04:00 +10GMT Sat 09 Apr, 2005 Analysis Summary BGP routing table entries examined: 139674 snip