Re: How to tell if something is anycasted?
On Tue, 16 May 2006, David Hubbard wrote: So I'm looking at a company who offers anycasted DNS; how do I tell if it's really anycasted? Just hop on different route servers to see if I can find different AS paths and then do traceroutes to see if they suggest the packets are not ending in the same location? From my routers' perspective I don't see a difference, but then I don't think I should, correct? If they conform to the convention that the DNS root servers practice, then a dig query from several locations should suffice. Choosing an anycasted DNS root at random, you can do dig @f.root-servers.net hostname.bind chaos txt And the response should include a line like hostname.bind. 0 CH TXT pao1b.f.root-servers.org From other locations, it might be sfo2c.f.root-servers.net or somesuch. If they don't do that, then you are stuck with more ad-hoc methods like traceroutes from many different locations, or checking out AS-PATHS in Routeviews and using your intuition. -Peter -- Peter Boothe PhD Student Young man, you think you're very Computer Sciencesmart, but it's turtles all the way University of Oregondown! http://www.cs.uoregon.edu/~peter
[OT] Re: Troubles with HE's Tunnelbroker
On Tue, 2006-05-16 at 18:42 -0400, Dan Mahoney, System Admin wrote: I know at least some people here (srs?) use HE.net's tunnelbroker service. Has anyone else been experiencing issues? I have three different tunnels that I've noticed are down (to various data centers), and calling their support department (and emailing) thusfar have proved to be less than helpful. extremely shameless plug http://www.sixxs.net/pops/occaid/ /extremely shameless plug Greets, Jeroen signature.asc Description: This is a digitally signed message part
private ip addresses from ISP
Hi all Have you had this experience? Our router is running BGP and connecting to our upstream provider with /30 network. Our log reveals that there are private IP addresses reaching our router's interface that is facing our upstream ISP. How could this be possible? Should upstream ISP be blocking private IP address according to standard configuration? Could the packet be stripped and IP be converted somehow during the transition? It happens in many Tier-1 ISP though ! Thank you for your information
RE: private ip addresses from ISP
What do you mean by reaching? Two quick observations from a mis-configuration point of view: If you mean you are seeing BGP routes for those networks: Sometimes ISPs null route private addresses with static routes in their networks and they accidentally leak (redistribute) to customers/peers. There are obviously other reasons too, but you can filter stuff like that yourself. Just don't accept routes for private IP space from you upstream. If you mean you are getting traffic destined for RFC1918 space, then make sure you aren't announcing those networks to your upstreams by accident. Poor upstream configs/filters could allow stuff like that to escape to peers of the upstream. (stranger things have happened) It's not normal or necessary to see those routes or traffic. Just contact your upstream and point it out they should fix it. Ivan Groenewald [EMAIL PROTECTED] CTO Tel: 0845 345 0919 Xtraordinary Hosting, 6 The Clocktower, South Gyle, Edinburgh, EH12 9LB http://www.xtrahost.co.uk -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of adrian kok Sent: Wednesday, May 17, 2006 2:48 PM To: [EMAIL PROTECTED] Subject: private ip addresses from ISP Hi all Have you had this experience? Our router is running BGP and connecting to our upstream provider with /30 network. Our log reveals that there are private IP addresses reaching our router's interface that is facing our upstream ISP. How could this be possible? Should upstream ISP be blocking private IP address according to standard configuration? Could the packet be stripped and IP be converted somehow during the transition? It happens in many Tier-1 ISP though ! Thank you for your information
RIPE IP Anti-Spoofing Task Force (Was: private ip addresses from ISP)
On Wed, 2006-05-17 at 15:14 +0100, Ivan Groenewald wrote: [..] If you mean you are getting traffic destined for RFC1918 space, then make sure you aren't announcing those networks to your upstreams by accident. Poor upstream configs/filters could allow stuff like that to escape to peers of the upstream. (stranger things have happened) [..] On a related note, RIPE has started an IP Anti-Spoofing Task Force, see http://www.ripe.net/ripe/tf/anti-spoofing/ for more information. Greets, Jeroen -- RIPE IP Anti-Spoofing Task Force == IP source address spoofing is the practice of originating IP datagrams with source addresses other than those assigned to the host of origin. In simple words the host pretends to be some other host. This can be exploited in various ways, most notably to execute DoS amplification attacks which cause an amplifier host to send traffic to the spoofed address. There are many recommendations to prevent IP spoofing by ingress filtering, e.g. checking source addresses of IP datagrams close to the network edge. At RIPE-52 in Istanbul RIPE has established a task force that promotes deployment of ingress filtering at the network edge by raising awareness and provide indirect incentives for deployment. Document ripe-379 provides the task force charter and the initial time-line. The mailing list archive is at http://www.ripe.net/ripe/maillists/archives/spoofing-tf/2006/index.html The task force web page is at http://www.ripe.net/ripe/tf/anti-spoofing/ The task force is co-chaired by Nina Hjorth Bargisen (NINA1-RIPE) and Daniel Karrenberg (DK58). signature.asc Description: This is a digitally signed message part
Re: How to tell if something is anycasted?
well Peter, ONE root server operator has that practice. Others have different practices regarding anycast. --bill On Tue, May 16, 2006 at 11:59:54PM -0700, Peter Boothe wrote: On Tue, 16 May 2006, David Hubbard wrote: So I'm looking at a company who offers anycasted DNS; how do I tell if it's really anycasted? Just hop on different route servers to see if I can find different AS paths and then do traceroutes to see if they suggest the packets are not ending in the same location? From my routers' perspective I don't see a difference, but then I don't think I should, correct? If they conform to the convention that the DNS root servers practice, then a dig query from several locations should suffice. Choosing an anycasted DNS root at random, you can do dig @f.root-servers.net hostname.bind chaos txt And the response should include a line like hostname.bind. 0 CH TXT pao1b.f.root-servers.org From other locations, it might be sfo2c.f.root-servers.net or somesuch. If they don't do that, then you are stuck with more ad-hoc methods like traceroutes from many different locations, or checking out AS-PATHS in Routeviews and using your intuition. -Peter -- Peter Boothe PhD Student Young man, you think you're very Computer Sciencesmart, but it's turtles all the way University of Oregondown! http://www.cs.uoregon.edu/~peter
Re: Geo location to IP mapping
In article [EMAIL PROTECTED], Ashe Canvar [EMAIL PROTECTED] writes Thanks for all your replies. I came across http://www.hostip.info/use.html, which looks good, at least from a API/ ease of use prespective. I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. Only 100 miles? I entered the address of a box I have in Virginia, and it says it's in California. Well at least it got the country right.
Re: How to tell if something is anycasted?
At 10:45 AM 5/17/2006, [EMAIL PROTECTED] wrote: well Peter, ONE root server operator has that practice. Others have different practices regarding anycast. --bill And there are many, with many TLD's. (rough counts) provider/tld's UDNS 48 ISC 19 PCH 8 PSG 23 ICANN 4 UUNET 61 RIPE 87 DEC 10 NIC.FR 71 Note: There is cross servicing of TLDs counted above. Some numbers may seem low since there seems to be some bit of obfuscation. Or perhaps not and I just haven't confirmed. Some are anycasted, some appear to be physical separations, and some appear to be nested and anycasted i.e. multiple names for the same domain anycasted. I think naming is a bad choice because it's costly to the users and opens the root up to custom configuration by customers which I think is bad. Tagging the route with a community containing the ISO corresponding country could be interesting for location purposes, but of course, that's already been thought of. :) -M -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]
RE: private ip addresses from ISP
Our router is running BGP and connecting to our upstream provider with /30 network. Our log reveals that there are private IP addresses reaching our router's interface that is facing our upstream ISP. How could this be possible? Should upstream ISP be blocking private IP address according to standard configuration? Could the packet be stripped and IP be converted somehow during the transition? It happens in many Tier-1 ISP though ! Thank you for your information Do you mean: 1) You are seeing BGP routes for addresses inside private space? 2) You are seeing packets with destination IPs inside private space arriving at your interface from your ISP? 3) You are seeing packets with source IPs inside private space arriving at your interface from your ISP? If 1, feel free to filter them. You ISP probably uses them internally and is leaking them to you. Feel free to complain if you want. If 2, make sure you aren't advertising routes into RFC1918 space to your ISP. If not, you should definitely ask them what's up. If 3, that's normal. These are packets your ISP received that are addressed to you and the ISP is leaving to you the decision of whether to accept them or not. Feel free to filter them out if you wish. (It won't break anything that's not already broken.) DS
Re: How to tell if something is anycasted?
At 15:45 -0700 5/16/06, Steve Gibbard wrote: The approach I settled on was to ask lots of questions, and then do some traceroutes to verify once I knew where to look. If I knew there was supposed to be a server in location x, a looking glass near location x would probably find it for me. From my experience, passively detecting how something is assembled on the Internet has gotten harder with each passing year. Whether it is from intentional obfuscation or just evolutionary new operational practices, you can tell a lot less about a set up now that in the past. What Steve says is the right thing to do. Get off-net ask questions and then verify on-net. Not just for anycasting, for just about anything. The network is a lot less obvious that it used to be. For better or worse, depending on your point of view. -- -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- Edward Lewis+1-571-434-5468 NeuStar Nothin' more exciting than going to the printer to watch the toner drain...
Re: Proxad? (Was: Drone Armies)
Who owns/operates *.abo.wanadoo.fr? I've had enormous non-stop spam flooding from them for years. Anyone have their complete list of IP ranges they'd be willing to share? Getting kind tired of running scripts to discover them. -- -Barry Shein The World | [EMAIL PROTECTED] | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: How to tell if something is anycasted?
On Wed, 17 May 2006, Martin Hannigan wrote: And there are many, with many TLD's. (rough counts) provider/tld's UDNS 48 ISC 19 PCH 8 PSG 23 ICANN 4 UUNET 61 RIPE 87 DEC 10 NIC.FR 71 Note: There is cross servicing of TLDs counted above. Some numbers may seem low since there seems to be some bit of obfuscation. Or perhaps not and I just haven't confirmed. Some are anycasted, some appear to be physical separations, and some appear to be nested and anycasted i.e. multiple names for the same domain anycasted. I think naming is a bad choice because it's costly to the users and opens the root up to custom configuration by customers which I think is bad. Tagging the route with a community containing the ISO corresponding country could be interesting for location purposes, but of course, that's already been thought of. :) Of Marty's list above, only UltraDNS and PCH are anycast (there are several other anycast networks hosting TLDs that aren't on Marty's list). The numbers there look odd to me. My data is a six months old (I really need to rerun my script and regenerate it), but my list of /24s and the TLDs they host is at: http://www.gibbard.org/~scg/infrastructure-distribution/ranked-dns-subnets-051110 I assume that in most cases a /24 with multiple DNS server IP addresses being authoritative for TLDs is all run by one entity in a common location or set of locations. UUNet is an exception to the location assumption. -Steve
[Way OT] Re: Geo location to IP mapping
- Original Message Follows - From: Jeff Rosowski [EMAIL PROTECTED] I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. Only 100 miles? I entered the address of a box I have in Virginia, and it says it's in California. Well at least it got the country right. One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) scott
Re: [Way OT] Re: Geo location to IP mapping
On May 17, 2006, at 2:09 PM, Scott Weeks wrote: - Original Message Follows - From: Jeff Rosowski [EMAIL PROTECTED] I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. Only 100 miles? I entered the address of a box I have in Virginia, and it says it's in California. Well at least it got the country right. One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) Sometimes knowing which planet you are dealing with can be useful... Regards Marshall scott
Re: [Way OT] Re: Geo location to IP mapping
- Original Message Follows - From: Marshall Eubanks [EMAIL PROTECTED] One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) Sometimes knowing which planet you are dealing with can be useful... Sure can be: www.ipnsig.org/home.htm :-) scott
Re: [Way OT] Re: Geo location to IP mapping
Marshall Eubanks wrote: On May 17, 2006, at 2:09 PM, Scott Weeks wrote: - Original Message Follows - From: Jeff Rosowski [EMAIL PROTECTED] I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. Only 100 miles? I entered the address of a box I have in Virginia, and it says it's in California. Well at least it got the country right. One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) Sometimes knowing which planet you are dealing with can be useful... Regards Marshall scott I am shure it is the right one, but it may be the wrong universe :) Peter -- Peter and Karin Dambier Graeffstrasse 14 D-64646 Heppenheim +49(6252)671-788 (Telekom) +49(179)108-3978 (O2 Genion) +49(6252)750-308 (VoIP: sipgate.de) mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/
Re: [Way OT] Re: Geo location to IP mapping
From [EMAIL PROTECTED] Wed May 17 13:22:15 2006 Cc: nanog@merit.edu From: Marshall Eubanks [EMAIL PROTECTED] Subject: Re: [Way OT] Re: Geo location to IP mapping Date: Wed, 17 May 2006 14:21:02 -0400 To: [EMAIL PROTECTED] On May 17, 2006, at 2:09 PM, Scott Weeks wrote: - Original Message Follows - From: Jeff Rosowski [EMAIL PROTECTED] I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. Only 100 miles? I entered the address of a box I have in Virginia, and it says it's in California. Well at least it got the country right. One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) Sometimes knowing which planet you are dealing with can be useful... I find that the state is invariably correct. Although the seems to be a lot of 'uncertainty' about how to spell confusion.
Re: [Way OT] Re: Geo location to IP mapping
On Wed, 2006-05-17 at 08:09 -1000, Scott Weeks wrote: - Original Message Follows - From: Jeff Rosowski [EMAIL PROTECTED] I just tried that, says I'm 100 miles south of where I really am. That's quite a long way out in a small country like England. Only 100 miles? I entered the address of a box I have in Virginia, and it says it's in California. Well at least it got the country right. One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) Try http://www.hostip.info it is reasonable accurate in most cases and hell it is for free. It depends what you need it for of course but it is far better than nothing. 64.29.76.9, your mauigateway.com pops up correctly as Honolulu. 205.166.249.10 is guessed to be somewhere random in the US. The problem with this one is that they are still gathering data and they depend on user input, but it looks pretty accurate to what I have found out. Most of these kind of databases rely on user input though. I am quite sure that Google, using their search thing and especially Orkut has quite some info on this. Shopping Sites like Ebay and Amazon of course get their shipping info for free and thus can pretty much pinpoint the city correctly after $x percentage of customers bought from there. Problem in the end is of course when there is a huge pool and the end-users change a lot, but then the country is accurate enough already. Greets, Jeroen signature.asc Description: This is a digitally signed message part
Re: [Way OT] Re: Geo location to IP mapping
- Original Message Follows - From: Jeroen Massar [EMAIL PROTECTED] One of the geolocation thingies said my addresses were in Amsterdam. That's only 10,000 miles from Hawaii. 2500 miles more and that's exactly the opposite side of the planet... ;-) Try http://www.hostip.info it is reasonable accurate in most cases and hell it is for free. It depends what you need it for of course but it is far better than nothing. 64.29.76.9, your mauigateway.com pops up correctly as Honolulu. 205.166.249.10 is guessed to be somewhere random in the US. That's not the address space I manage. It's just my ISP. From www.hostip.info I get ... actually we haven't a clue. The IP space I manage is a /15 and is in ARIN, so it's hard to miss... scott
Re: How to tell if something is anycasted?
On 17-May-2006, at 14:11, Steve Gibbard wrote: Of Marty's list above, only UltraDNS and PCH are anycast (there are several other anycast networks hosting TLDs that aren't on Marty's list). NS-EXT.ISC.ORG is anycast within AS 3557 as described in ISC- TN-2004-1 (and http://www.nanog.org/mtg-0505/abley.cluster.html). It's a bit pedantic to be pointing that out but, well, I'm a pretty pedantic person. :-) Joe
Re: Troubles with HE's Tunnelbroker
Should be fixed now. The tunnelbroker service uses a bunch of retired 7206 routers. One of the routers ate its config. Because of the number of tunnels it uses compressed configurations, which can get corrupted if a router runs out of memory (from leaks and memory fragmentation). Tunnel broker issues should be directed to [EMAIL PROTECTED] Though it is a free service with beta level support, we are a 24 x 7 operation so last night an engineer was busy recovering the specific router from a back up. Mike. On Tue, 16 May 2006, Greg Taylor wrote: Hurricane Electric's Tunnelbroker, to my knowledge, is operated by one of their Administrators.. on his personal time. Last I knew, they didn't really have a support staff so to speak... you might want to talk to mike in the NOC at Hurricane Electric. Also, tunnels do not effect network operations of any kind and are pseudo networks, please keep discussions on-topic. Thanks. - Original Message - From: Dan Mahoney, System Admin [EMAIL PROTECTED] To: nanog@merit.edu Sent: Tuesday, May 16, 2006 3:42 PM Subject: Troubles with HE's Tunnelbroker I know at least some people here (srs?) use HE.net's tunnelbroker service. Has anyone else been experiencing issues? I have three different tunnels that I've noticed are down (to various data centers), and calling their support department (and emailing) thusfar have proved to be less than helpful. If anyone else using the service could contact me out-of-band in the interest of comparing notes, I'd greatly appreciate it. Thanks, Dan Mahoney -- Man, this is such a trip -Dan Mahoney, October 25, 1997 Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org --- +- H U R R I C A N E - E L E C T R I C -+ | Mike Leber Direct Internet Connections Voice 510 580 4100 | | Hurricane Electric Web Hosting Colocation Fax 510 580 4151 | | [EMAIL PROTECTED] http://www.he.net | +---+
Re: How to tell if something is anycasted?
On 17-May-2006, at 10:45, [EMAIL PROTECTED] wrote: well Peter, ONE root server operator has that practice. Others have different practices regarding anycast. Actually, it looks to me like all thirteen root servers answer HOSTNAME.BIND CHAOS TXT queries (J might check for trailing dots, maybe ;-) and also that F and C share a strikingly similar naming scheme. [octopus:~]% for n in a b c d e f g h i j k l m; do for echo -n trying ${n}... for dig @${n}.root-servers.net hostname.bind chaos txt +short for done trying a... ns6-aroot trying b... b3 trying c... ord1a.c.root-servers.org trying d... d-root.net.umd.edu trying e... e4.arc.nasa.gov trying f... yyz1b.f.root-servers.org trying g... g.root-servers.net trying h... H1 trying i... s1.was trying j... jns1-kr.j.root-servers.net.j.root-servers.net trying k... k2.nap trying l... l1.l.root-servers.org trying m... M-SFO-1 [octopus:~]% Joe
Re: How to tell if something is anycasted?
At 02:11 PM 5/17/2006, Steve Gibbard wrote: On Wed, 17 May 2006, Martin Hannigan wrote: And there are many, with many TLD's. (rough counts) provider/tld's UDNS 48 ISC 19 PCH 8 PSG 23 ICANN 4 UUNET 61 RIPE 87 DEC 10 NIC.FR 71 Note: There is cross servicing of TLDs counted above. Some numbers may seem low since there seems to be some bit of obfuscation. Or perhaps not and I just haven't confirmed. Some are anycasted, some appear to be physical separations, and some appear to be nested and anycasted i.e. multiple names for the same domain anycasted. I think naming is a bad choice because it's costly to the users and opens the root up to custom configuration by customers which I think is bad. Tagging the route with a community containing the ISO corresponding country could be interesting for location purposes, but of course, that's already been thought of. :) Of Marty's list above, only UltraDNS and PCH are anycast (there are several other anycast networks hosting TLDs that aren't on Marty's list). Right. They start to get smaller in numbers and less interesting. The numbers there look odd to me. My data is a six months old (I really need to rerun my script and regenerate it), but my list of /24s and the TLDs they host is at: http://www.gibbard.org/~scg/infrastructure-distribution/ranked-dns-subnets-051110 I assume that in most cases a /24 with multiple DNS server IP addresses being authoritative for TLDs is all run by one entity in a common location or set of locations. UUNet is an exception to the location assumption. The difference is that you are following the network and I'm following the operator. Thanks for sharing your data. -M -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]
Re: [Way OT] Re: Geo location to IP mapping
At 03:58 PM 5/17/2006, Scott Weeks wrote: [ SNIP ] That's not the address space I manage. It's just my ISP. From www.hostip.info I get ... actually we haven't a clue. The IP space I manage is a /15 and is in ARIN, so it's hard to miss... scott It's not really fair to baseline the credibility of any geo location discussion based on hostip.info. There are much better commercial services like Quovus, MaxMind, and Akamai. -M -- Martin Hannigan(c) 617-388-2663 Renesys Corporation(w) 617-395-8574 Member of Technical Staff Network Operations [EMAIL PROTECTED]
Re: How to tell if something is anycasted?
At 11:11 AM 5/17/2006 -0700, Steve Gibbard wrote: Of Marty's list above, only UltraDNS and PCH are anycast (there are several other anycast networks hosting TLDs that aren't on Marty's list). Just for the record. All name servers (a,b,c,d.ns.mx) of .mx are anycasted. You can see a presentation of the infrastructure here: http://www.centr.org/docs/2005/07/centr-tech14-lozano-dotmx.pdf You can also see a graphical view of the best routes of the infrastructure in the lower lower part of the image: http://docs.nicmxlabs.org.mx/bgpmaps/MX.png gus
FCC Issues Second Order Mandating Internet Wiretapping Standards
Pardon the interruption, but I thought this might be slightly interesting to the list. EPIC.org: [snip] The Federal Communications Commission (FCC) has released a second order reaffirming its decision to require that broadband and certain VoIP services be designed to make government wiretapping easier. This new order was issued despite the fact that a federal appeals court is considering a legal challenge to the FCC's initial decision to extend the Communications Assistance for Law Enforcement Act (CALEA) to the Internet. In its second order, the FCC imposed new compliance deadlines, but refused to clarify exactly what service providers must do. CDT has led the appeals court challenge, which if successful will overrule the FCC order. [snip] EPIC statement: http://www.cdt.org/headlines/891 Second FCC CALEA order: http://www.cdt.org/digi_tele/20060512calea.pdf Now, back to your regularly scheduled programming. Cheers, - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: FCC Issues Second Order Mandating Internet Wiretapping Standards
Sorry, mea culpa. Below: s/EPIC/CDT/ Thanks, - ferg -- Fergie [EMAIL PROTECTED] wrote: Pardon the interruption, but I thought this might be slightly interesting to the list. EPIC.org: [snip] The Federal Communications Commission (FCC) has released a second order reaffirming its decision to require that broadband and certain VoIP services be designed to make government wiretapping easier. This new order was issued despite the fact that a federal appeals court is considering a legal challenge to the FCC's initial decision to extend the Communications Assistance for Law Enforcement Act (CALEA) to the Internet. In its second order, the FCC imposed new compliance deadlines, but refused to clarify exactly what service providers must do. CDT has led the appeals court challenge, which if successful will overrule the FCC order. [snip] EPIC statement: http://www.cdt.org/headlines/891 Second FCC CALEA order: http://www.cdt.org/digi_tele/20060512calea.pdf Now, back to your regularly scheduled programming. Cheers, - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Renesys dissects the Bluesecurity DDoS
http://www.renesys.com/blog/2006/05/the_bluesecurity_fiasco_dont_m.shtml -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Proxad? (Was: Drone Armies)
On 5/17/06, Barry Shein [EMAIL PROTECTED] wrote: Who owns/operates *.abo.wanadoo.fr? I've had enormous non-stop spam flooding from them for years. abo is short for abonnement .. a city or district, in french that's customer dsl space, most of it dynamic consistent rDNS pattern as you can see srs -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: Proxad? (Was: Drone Armies)
On 5/18/06, Mathias Koerber [EMAIL PROTECTED] wrote: abo is short for abonnement .. a city or district, in french You may be thinking of 'arrondissement', which means district. 'Abo', however seems to refer to subscribers: I knew the word, but it was always associated in their rDNS with the names of french towns Moral - never try to translate french when you know just about enough to order your dinner / call a taxi :) thanks srs