Re: Open Letter to D-Link about their NTP vandalism
On Tue, 11 Apr 2006, Simon Lyall wrote: Everyone here runs spam filters. Many times a day you tell a remote MTA you've accepted their email but you delete it instead. Explain the difference? Hold on there. What you are describing is evil and bad, and I certainly hope "everyone" does not do that. When I do not wish to accept a message, I do not accept it, rejecting with an SMTP permanent delivery failure. Don't mean to go off on a tangent, but accepting and then silently discarding mail is a terrible idea. matto [EMAIL PROTECTED]< Moral indignation is a technique to endow the idiot with dignity. - Marshall McLuhan
Re: Open Letter to D-Link about their NTP vandalism
Paul Vixie wrote: [EMAIL PROTECTED] (Simon Lyall) writes: I've said in other forums the only solution for this sort of software is to return the wrong time (by several months). The owner might actually notice then and fix the problem. that creates new liability, and isn't realistic in today's litigious world. (Suprise to read that from PV.) It is DIX resources/equipements... they are not oblige to offer reliable/secure/valide/etc services to anybody outside their clients. It like saying that blacklist services like spamcop should be liable for mail servers XYZ deleting your email. Anyway *litigious* is kinda limited our south neighbourgh... DIX is under a different legal system. Good luck to DLink lawyers trying to bend reality enought the make DLink right... and oblige DIX to offer NTP to DLink customers for free. Now if we can get this letter into Wired... -- Alain Hebert[EMAIL PROTECTED] PubNIX Inc. P.O. Box 175 Beaconsfield, Quebec H9W 5T7 tel 514-990-5911 http://www.pubnix.netfax 514-990-9443
Re: Open Letter to D-Link about their NTP vandalism
On Tue, 11 Apr 2006, Paul Vixie wrote: > [EMAIL PROTECTED] (Simon Lyall) writes: > > > I've said in other forums the only solution for this sort of software is > > to return the wrong time (by several months). The owner might actually > > notice then and fix the problem. > > that creates new liability, and isn't realistic in today's litigious world. Everyone here runs spam filters. Many times a day you tell a remote MTA you've accepted their email but you delete it instead. Explain the difference? I run a NTP server, The only place it is advertised is a list which says "To be used by people in DK exchange only" . Explain the difference between my blocking someones packets (which causes them to just resend), send a KOD ( ntp for "go away") packet (which is ignored) and telling them the time is "2001-11-11 11:11:11" every time they ask? People running RBLs change the access policy or return 127.0.0.1 for every query sometimes. People running public Mail relays or public DNS servers regularly block access or return bad results. NTP provides a method to tell people to go away (The KOD packet) , if a remote client ignores that and keeps flooding your (or your upstream filters) with many udp packets per-second what exactly is someone supposed to do? There is no contract between the Server operator and the abusing client, The client is abusing the access policy and they have ignored the automatic request to go away. -- Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT.
Re: Open Letter to D-Link about their NTP vandalism
[EMAIL PROTECTED] (Simon Lyall) writes: > I've said in other forums the only solution for this sort of software is > to return the wrong time (by several months). The owner might actually > notice then and fix the problem. that creates new liability, and isn't realistic in today's litigious world. -- Paul Vixie
Re: Open Letter to D-Link about their NTP vandalism
On Mon, 10 Apr 2006 [EMAIL PROTECTED] wrote: > One particular piece of crapware of the tucows archive variety would retry > once per second if it hadn't heard a response - but a ICMP Port Unreachable > would trigger an *immediate* query, so it would basically re-query at whatever > the RTT for the path was. I've said in other forums the only solution for this sort of software is to return the wrong time (by several months). The owner might actually notice then and fix the problem. Just not returning anything means the time still works on the querying device (especially if it uses multiple servers) and the problem will not be noticed and it will continue. -- Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/ "To stay awake all night adds a day to your life" - Stilgar | eMT.
Re: Covad issues?
Drew Linsalata wrote: Apologies for bringing this to the list, but Covad is basically a brick wall telephone and e-mail wise right now. Does anyone know of any Covad network issues, especially in the northeast US, that might be impacting customer connectivity? Never mind. A representative from the Covad NOC just replied. Thanks! -- Drew Linsalata The Gotham Bus Company, Inc. Dedicated Servers and Colocation Solutions Long Island, New York http://www.gothambus.com
Covad issues?
Apologies for bringing this to the list, but Covad is basically a brick wall telephone and e-mail wise right now. Does anyone know of any Covad network issues, especially in the northeast US, that might be impacting customer connectivity? -- Drew Linsalata The Gotham Bus Company, Inc. Dedicated Servers and Colocation Solutions Long Island, New York http://www.gothambus.com
Re: IPv6 Transit?
Hi Mat, I'm not sure what providers are already present in your area, may be will be easier if you mention some of the choices you have. In general I will say that you can rely on companies such as Global Crossing, Teleglobe, NTT/Verio, Tiscali, Sparkle/Seabone, TIWS, OpenTransit, Cable&Wireless, etc. (they are not in any specific preference order, just as they come to my mind right now). But there are many more. I'm actually trying to have a web page with a listing of all the IPv6-ready Telcos and ISPs in the world. Some information is available at http://www.ipv6tf.org/guide/organizations/services/isp.php and for IXs at http://www.ipv6tf.org/guide/organizations/services/ix.php, but not updated at the time being. The updated web page will be ready, hopefully, next week, and I will be happy to get all the people which already provides IPv6 services, contacting me with a URL to a page that describe the available services, so we can make sure they are included in that web page. Thanks in advance for your cooperation on that ! Regards, Jordi > De: Mat Sharpe <[EMAIL PROTECTED]> > Responder a: <[EMAIL PROTECTED]> > Fecha: Mon, 10 Apr 2006 16:25:09 +0100 > Para: "nanog@merit.edu" , "nanog@merit.edu" > Asunto: IPv6 Transit? > > > Hi, > > Does anyone have any info on IPv6 deployment at the Tier-1 / Tier-1.5 level? > > We are multi-homed to both Level3 and Abovenet in the UK and Level3 only > in the US. > Level3 did have a promising sounding beta program last year but that > seems to have stalled. Abovenet apparently have no schedule to deploy v6 > at the moment. > > I would like to be able to v6 enable our network but without a transit > provider that¹s going to prove a bit tricky. > > Any thoughts appreciated! > > Cheers, > Mat Sharpe > Qube Networks Ltd > > P.S. I hope I¹m not about to re-start the who is/is not a Tier-1 / > Tier-2 argument! :) > > > > ** The IPv6 Portal: http://www.ipv6tf.org Barcelona 2005 Global IPv6 Summit Slides available at: http://www.ipv6-es.com This electronic message contains information which may be privileged or confidential. The information is intended to be for the use of the individual(s) named above. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, including attached files, is prohibited.
Re: IPv6 Transit?
> Does anyone have any info on IPv6 deployment at the Tier-1 / Tier-1.5 > level? > We are multi-homed to both Level3 and Abovenet in the UK and Level3 only > in the US. > Level3 did have a promising sounding beta program last year but that > seems to have stalled. Abovenet apparently have no schedule to deploy v6 > at the moment. > I would like to be able to v6 enable our network but without a transit > provider thats going to prove a bit tricky. Hi all, The Level 3 IPv6 beta is still running. Those (peers and customers) directly connected to AS3356 who are interested should drop a mail to; [EMAIL PROTECTED] Regards, StewartB
Re: IPv6 Transit?
On Mon, 2006-04-10 at 16:25 +0100, Mat Sharpe wrote:
> Hi,
>
> Does anyone have any info on IPv6 deployment at the Tier-1 / Tier-1.5 level?
>
> We are multi-homed to both Level3 and Abovenet in the UK and Level3 only
> in the US.
The big question with IPv6, from a provider perspective, is of course:
what kind of address space do you have and if none what kind do you
require. Or otherwise put: how do you want to 'multihome' ("oh not that
discussion again" ;)
> Level3 did have a promising sounding beta program last year but that
> seems to have stalled. Abovenet apparently have no schedule to deploy v6
> at the moment.
I haven't seen a connection request from Level3 towards GRH yet, thus I
think it is indeed mostly non-existent (correct me if I am wrong ;).
I do hope for them they resolve that sooner or later though.
> I would like to be able to v6 enable our network but without a transit
> provider that’s going to prove a bit tricky.
Try to get native connectivity where possible, when not, you can always
throw a tunnel to the upstream. Do try to keep your tunnel to match up
with your existing infrastructure as closely as possible. Also see
http://ip6.de.easynet.net/ipv6-minimum-peering.txt for more details on
that subject. Doc is already becoming of age but works pretty well.
Next to that you might want to check out a list like:
http://lists.cluenet.de/mailman/listinfo/ipv6-ops
which contains a good deal of of the global IPv6 operational folks,
usually nice and quiet but when you yell you will get an answer.
> Any thoughts appreciated!
Check for yourself, who has at least some connectivity and what kind of
routes they are carrying, which can tell things about the connectivity
they provide by looking at GRH: http://www.sixxs.net/tools/grh/
I know that a number of folks at least had good experiences with amongst
others (alpha order): Cable & Wireless (1273), Easynet (4589), Global
Crossing (3549), NTT (2914), Sprint (6175), Tiscali (3257), UPC/Aorta
(6830), Verio (2914).
Most of these you can see and checkup in GRH. Of course real-life
experience can only be told by the folks actually buying their services
also a lot depends on where one is located.
> P.S. I hope I’m not about to re-start the who is/is not a Tier-1 /
> Tier-2 argument! :)
Just tie them together into the Internet and all is fine ;)
Greets,
Jeroen
signature.asc
Description: This is a digitally signed message part
IPv6 Transit?
Hi, Does anyone have any info on IPv6 deployment at the Tier-1 / Tier-1.5 level? We are multi-homed to both Level3 and Abovenet in the UK and Level3 only in the US. Level3 did have a promising sounding beta program last year but that seems to have stalled. Abovenet apparently have no schedule to deploy v6 at the moment. I would like to be able to v6 enable our network but without a transit provider that’s going to prove a bit tricky. Any thoughts appreciated! Cheers, Mat Sharpe Qube Networks Ltd P.S. I hope I’m not about to re-start the who is/is not a Tier-1 / Tier-2 argument! :)
Re: Which Cisco 7500 OS for high availability
HA like: HSRP? Or HA between 2 RSP4? HSRP should be there in 12.2.34 neal rauhauser wrote: If I'm going to do high availability with Cisco 75xx running RSP4s which OS is the best? I picked 12.2.34 as being most stable for BGP features, but I'm just starting on the HA stuff and I don't see any of the redundancy knobs in this version of the OS. -- Alain Hebert[EMAIL PROTECTED] PubNIX Inc. P.O. Box 175 Beaconsfield, Quebec H9W 5T7 tel 514-990-5911 http://www.pubnix.netfax 514-990-9443
