Re: [offtopic] Topicality debate [my 2 bits]
Hi Gadi, I took the effort and looked into the other postings of some of the guys. I guess they are only keyword or sender envoked bots. I have never seen any positive postings from them. Kind regards Peter and Karin Gadi Evron wrote: On Sat, 23 Sep 2006, John Underhill wrote: -Moderated Approach Create an nanogofftopic@ to give a vent to members. If a post is clearly offtopic and not announced as such, use a 'three strikes your out' approach, first warning and inviting review of list guidelines, then as a last measure cancelling list subscription. Include 'this is offtopic!' responders among offences, and maybe we can reduce some of the list noise. Hi John, thanks for the wise words. I believe our biggest problem is that on topic is not defined. Many here see different issues as operational to them while a few here always yell and scream the minute someone posts that interest. An off-topic list won't help much, if we can't decide, by poll or arbitrary choice, what actually is on-topic. That can later on be followed. Lists evolve, readerships change, and subjects of interest change. But without certain guidelines, I don't see why any crowd should be silenced or any minority with loud voices should silence them. If such a concensus/decision is reached, it will be followed to the letter with the full backing of whoever needs to back itup. Thanks, Gadi. John -- Peter and Karin Dambier Cesidian Root - Radice Cesidiana Graeffstrasse 14 D-64646 Heppenheim +49(6252)671-788 (Telekom) +49(6252)750-308 (VoIP: sipgate.de) mail: [EMAIL PROTECTED] mail: [EMAIL PROTECTED] http://iason.site.voila.fr/ https://sourceforge.net/projects/iason/ http://www.cesidianroot.com/
Re: shared hosting and attacks [FWD: [funsec] HostGator: cPanel Security Hole Exploited in Mass Hack]
On 24 Sep 2006, at 04:00, Gadi Evron wrote: [...] With thousands of sites on every server and virtual machines everywhere, all it takes is one insecure web application such as xxxBB or PHPxx for the server to be remote accessed, and for a remote connect-back shell to be installed. The rest is history. Hence why I'm rather partial to the ROT13 of a certain such application: cucOO. [...] We all (well, never say all, every, never, ever, etc.), many of us face this. What solutions have you found? Some solutions I heard used, or utilized: 1. Remote scanning of web servers. Well, I *did* at one point have a script that looked for files with any of a list of MD5 sums and chmod them 000 if it found one. Grepping for Matt Wright in Perl scripts and chmodding them is also not a bad idea :) 2. Much stronger security enforcement on servers. Actually, even bothering to use Unix user accounts rather than running everything under the Apache uid (or sometimes nobody or root!) would be a fine start. 3. Quietly patching user web applications without permission. I would like to plead the Fifth at this point. 4. JGH - Just getting hacked. This seems to be a popular enough technique, as long as the money still keeps rolling in, but not one I particularly subscribe to because the bad reputation gets round after a while. What have you encountered? What have you done, sorry, heard of someone else do, to combat this very difficult problem on your networks? Hacked accounts aren't evenly distributed over the customer base. A judiciously-applied account suspension or bollocking goes a long way.
recap of nanog-futures on on topic and proposed compromise
Basically, there is a crowd that says only network related stuff, say, trasnit ISP's (as an example, not to say them alone) would be interested in, is on topic. Others say there are other issues which are oprations related and of interest to them. We are split. A compromise has now been suggested (by me). The only thing both sides agree on is that in fact, the replies and flame wars on what is on topic or isn't, and who should speak of what, are disruptive. Thus, the compromise idea is that for now and for a predetermined period of time, we start with one small change. Debugging is done one step at a time rather than in earthshattering moves. How about we, for now, only change one thing about NANOG - the specific off topic posts that tell others to be quiet, or that they are off-topic will be disallowed. This is really a concensus and a good way to start making progress rather than escalating a conflict between people who just want to get things done and see the NANOG community as a home. I believe it's a good temporary solution which will take us ahead, to measure how things go, as well as be able to find out what we all agree on afterwards. As well as increase the value of the list almost immediately. This re-cap is from my perspective, naturally. We can keep arguing over who said what or what's on or off topic forever. Consolidating on what we all agree would be a change for the better and starting there sounds like a good idea to me. Solving this in a civil fashion just became so much more attractive. Thanks, Gadi.
Telehouse North outage?
Does anybody have details about a power outage at Telehouse North today? The first routing issues that reflected the issue appeared around 13:00BST, but I don't have any details about the cause. cheers! == A cat spends her life conflicted between a deep, passionate and profound desire for fish and an equally deep, passionate and profound desire to avoid getting wet. This is the defining metaphor of my life right now.
Re: recap of nanog-futures on on topic and proposed compromise
Gadi Evron wrote: A compromise has now been suggested (by me). The only thing both sides agree on is that in fact, the replies and flame wars on what is on topic or isn't, and who should speak of what, are disruptive. Agreed. How about we, for now, only change one thing about NANOG - the specific off topic posts that tell others to be quiet, or that they are off-topic will be disallowed. This is really a concensus and a good way to start making progress rather than escalating a conflict between people who just want to get things done and see the NANOG community as a home. Agreed. I believe it's a good temporary solution which will take us ahead, to measure how things go, as well as be able to find out what we all agree on afterwards. As well as increase the value of the list almost immediately. This re-cap is from my perspective, naturally. We can keep arguing over who said what or what's on or off topic forever. Consolidating on what we all agree would be a change for the better and starting there sounds like a good idea to me. Solving this in a civil fashion just became so much more attractive. Agreed, and I've been restraining myself for some time. I didn't hit Send on my vituperative response when that twit wrote: I'm not aware of any network of any consequence where the people who run, design, or build the infrastructure have any relationship to end user tech support call centers. Especially as I'm not aware of any Network Operator worth their salt that doesn't have regular contact with their support call centers.
Re: Telehouse North outage?
Does anybody have details about a power outage at Telehouse North today? There was no power to a fair proportion of it for around 5 minutes at approx 12:50BST brandon
Re: Telehouse North outage?
On Sun, 24 Sep 2006, Brandon Butterworth wrote: Does anybody have details about a power outage at Telehouse North today? There was no power to a fair proportion of it for around 5 minutes at approx 12:50BST brandon I have been just made aware on the nanog-futures list that outages are indeed on topic, officially. Please, let's start self-restraining and not email further on this thread unless it is: 1. More data. 2. Change of status. Flames not to /dev/null but to my private inbox or the admin's address. Not here. Don't second me, either. :) Thanks everybody, Gadi.
Topicality perceptions
One of the biggest issues with the list as I've seen from time to time from my perspective, is the definition of operations. So on a quick breakdown of the logical definition of NANOG, I derive Operations of the North American Network. The problem with this stems from far too many bastardizing their own definition of what it should be. If I'm experiencing issues on the Network in North America, where else should I look for assistance but from a group that manages (or at least portrays to manage) operations in North America? I've posted quite a few questions here and there, many have said they've made no sense. DoS attacks... Mork calling Olson come in Olson... These do affect networks... Botnets, worms and viruses... Mork calling... Get the point? How many posts have we seen on configuring a router that were multi-threaded into a long post of my config is better than yours or similar. These are off-topic but I wouldn't trade em for the world. I've learned much from them, as have I from all sorts of posts on topic or not. I can see where there would be annoyance from certain threads, but I see more annoyance from the whiners and complainers who spew the same message inserting nothing worth reading and for this I have filters in place. William Allen Simpson wrote: Especially as I'm not aware of any Network Operator worth their salt that doesn't have regular contact with their support call centers. Regular contact? As in finding the name of someone who actually has a clue? Not the contact information of some helpdesk goon who doesn't understand the output of a traceroute? As in some helpdesk goon who understands what an AS is? Getting (semi)back on topic, who decides what's on topic or not, it seems to be based on one's personal view of what is and isn't relevant. SNIP http://www.nanog.org/endsystem.html The charter of the NANOG list was written to avoid being too specific and to not preclude useful network-relevent discussion /SNIP Botnets:Relevant Viruses and worms: Relevant DoS attacks:Relevant Mail/Spam: Relevant Router configuration: Semi-Relevant If someone's misconfiguration will affect your network, then router configurations are somewhat relevant. I recall having a fiber issue a while back (http://www.irbs.net/internet/nanog/0408/0563.html) and although it was not relevant to NANOG whatsoever, who else better to ask then the experienced engineers and I was thankful for the responses I received. I also recall talking about a possible huge DoS against the BGP protocol (which COULD affect hundreds) yet the response was... You're off-topic, etc. not including the off-list responses I received. Looking back at some of the threads I see posted here, whenever I tend to see something operational that doesn't bode well with someone, I see people quick to shoot a you're off-topic response offering nothing more than wasted bandwidth. It is those quick to shoot off those responses who give me the impression that they're nothing more than lazy whiners incapable of offering assistance/solutions/tips/etc. BGP exploitation? (http://www.irbs.net/internet/nanog/0308/1018.html) was shot down and I quote: this is almost certainly not a topic for Nanog. Really? To date I have not released plenty of stupid programs capable of wrecking havoc because they serve no purpose. My intentions when I posted this was to inform others Hey did you know that X could possible break your neighboring... It was sent with hopes of working with engineers to find a resolution. I'm sure if I shot off a program to the black hat community, I would have been an ass since I didn't properly notify the powers that be (whoever these are these days). Perhaps Operations need be dissected, re-defined and re-posted on NANOG. Laptop policies? http://www.merit.edu/mail.archives/nanog/msg01619.html How is/was this relevant? So in other news, has anyone in the south experienced issues with Time Warner (South Carolina, Louisiana, etc.) experienced issues with filtering? Specifically SIP? I have tons of people with issues regarding VoIP and (not suprisingly) they happen to all be related to Time Warner. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x1383A743 How a man plays the game shows something of his character - how he loses shows all - Mr. Luckey
NANOG Thread
After recent events, may I propose the ultimate NANOG thread..NANOG User: MessageRichard A Steenbergen: Can we keep this off-topic crap off NANOG?Gadi Evron: That message is deeply relevant to us all. I can't understand what your porblme is.Sean Donelan: Fascinating, User. I suppose ISSUE would be different ifyou were running a NETWORK and using ROUTER.Christopher L. Morrow: I think you have a point, Sean, but can you try not to engage with this? ISSUE is definitely off topic.RAS: Only Auntie Jane on a crappy Windows box would have ISSUE anyway.Donelan/Evron/Morrow in chorus: But Jane is our customer.RAS/Bill Manning together: Get a clue! Valdis Kletnieks: NANOG User said:snip We had ISSUE on a DEVICE in our FACILITY back in 2004. Have you got the DATA?.Of course all this wouldn't be a problem if STANDARDS BODY had got a clue and decided to implement PROPOSAL.NANOG User: *pastes 86 hop tracert, last week's BGP update log andhalf the CIDR report*Valdis/RAS/Evron/Bill/Morrow: Couldn't you have sent that offlist? Get a clue! NANOG User: I'm sorry if I offended your refined sensibilities. Who doyou think you are?Random Lurker desperately seeking status: Bill is right. This is theNetwork Operators' list.RAS: Anyway, PROPOSAL would have been a good idea, but nobody was ever going to deploy it. We ought to go straight to IPVersionX.All: IP Version X?? Get a clue!Valdis: Only someone who thinks we ought to go back to ATM wouldsupport that Bellhead POS. From a network architecture perspective, it's plain stupid.Evron: You obviously have no idea of how the botnets would exploit that.Bill: Gadi, that's off topic.Morrow: No, it's not.Third-world ISP operator: Hello, I've got SERIOUS PROBLEM on my network in POOR COUNTRY and no money. Can anyone advise on how we canfix it? ThanksRandy Bush: I can't read your message. It's got capital letters in it.Anyway, I think we need to get back to some operational content. Fergie: Hey guys, this looks interesting - ahref="" href="http://link.to.newsstory">http://link.to.newsstoryChinese scientists teach monkey towrite technical manual/a Randy Bush: I can't read your message. It's got HTML in it.Valdis: RFCx says you can have capital letters AND links in your e-mail.Randy: I don't care.Evron: Major security alert!Morrow: Bullshit. RAS: No, that is on topic.Donelan: Probably more suited to LIST, but it certainly hasconsequences for support costs.NANOG User: Why does Sean always take RAS's side like this?Peter Dambier: It's because of the 2004 Olympics that all e-mail has to be routed to the European Commission so the SS7 signalling can bescreened for correct geopolitical routing. I can see this because mytraceroute is broken!, ,,User, I think your ISSUE could be resolved by WILDLY IMPRACTICALSOLUTION, as long as you use an alternate root server.Valdis: Peter, you're insane.Peter Dambier: The psychiatric-industrial complex denounces all victims of ICANN mind control as mentally ill! Resist the empirenow!NANOG User: Is that on topic for NANOG?All: That is on topic/That is off topic!Bill: Well, I think he's got a point about ICANN. RAS: They're nowhere near as bad as ARIN, though. I only wantedanother /8 and it took me three whole weeks!All: Swine!Donelan: ARIN's never been a problem for me.Another NANOG User: STUPID REMARK about evil state bureaucracies forcing their eurosexual communism on us. Buy guns!Evron: So who should assign IPs? ATT? Get a clue!Randy Bush: You would say that. Anyway, I think WILDLY IMPRACTICALSOLUTION is actually quite a good idea, except for the alternate root bit. Back at RESEARCH CENTRE in the 1970s, Vint Cerf and I triedsomething similar.Bill: Namedropper![EMAIL PROTECTED]: I think this thread should be moved to NANOG-FUTURES. RAS: Why isn't there a NANOG-CRAP?[EMAIL PROTECTED]: Are you sure there isn't?Morrow: Anyone else seeing high latency to TELCO in CITY?Crickets: chirping Random Lurker, still hoping one of the silverbacks will show him somelove: So, what about IPVersion Y?All: That's not operational!*thread peters out in howling clue vacuum*
Re: NANOG Thread
This inspired me: http://highclearing.com/index.php/archives/2006/04/07/4991
Re: NANOG Thread
On Sun, 24 Sep 2006, Alexander Harrowell wrote: Christopher L. Morrow: I think you have a point, Sean, but can you try not to engage with this? ISSUE is definitely off topic. I don't think I've ever asked if something was off-topic on nanog... (and 'chris' is fine, no one but my mom calls me 'christopher' anymore)
Re: icmp rpf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Kent wrote: A smaller North American network provider, with a modest North American backbone, numbers their internal routers on public IP space that they do not announce to the world. One of the largest North American network providers filters/drops ICMP messages so that they only pass those with a source IP address that appears in their routing table. As a result, traceroutes from big.net into small.net have numerous hops that time out. Traceroutes from elsewhere that go into small.net but return on big.net also have numerous hops that time out. We do all still think that traceroute is important, don't we? If so, which of these two nets is unreasonable in their actions/policies? Please note that we're not talking about RFC1918 space, or reserved IP space of any kind. Also, think about the scenario where some failure happens leaving big.net with an incomplete routing table, thus breaking traceroute when it is perhaps most needed. Thanks, -mark - -- This is yet another reason one shouldn't rely on pings traceroutes to perform reachability analysis. regards, /virendra -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFFxP+pbZvCIJx1bcRAnN8AJ0VqiwhNkxUm5MxG8p/hLptiJ1IdQCg7wIB nx2woHkYDzu1+7MBdnOZaEw= =mlPK -END PGP SIGNATURE-
Re: icmp rpf
virendra rode wrote: This is yet another reason one shouldn't rely on pings traceroutes to perform reachability analysis. So, you're in the traceroute is not important camp? (you'll note that in my email I did ask whether we think traceroute is important) Mark Smith wrote: The non-announcers, because they're also breaking PMTUD. Really? How? Remember, we're not talking about RFC1918 space, where there is a BCP that says we should filter it at the edge. We're talking about public IP space, that just doesn't happen to be announced outside of a particular AS. Thanks, -mark
Re: icmp rpf
On Sep 24, 2006, at 4:33 PM, Mark Kent wrote: Remember, we're not talking about RFC1918 space, where there is a BCP that says we should filter it at the edge. We're talking about public IP space, that just doesn't happen to be announced outside of a particular AS. If the intent is to prevent folks from reaching out and touching random network infrastructure devices directly whilst still allowing traceroute to work, iACLs and/or using IS-IS as one's IGP and null- routing the infrastructure blocks at one's various edges achieves the same effect with less potential for breakage: http://www.nanog.org/mtg-0405/mcdowell.html Note that a good infrastructure addressing plan is a prerequisite for both of these methods. --- Roland Dobbins [EMAIL PROTECTED] // 408.527.6376 voice Any information security mechanism, process, or procedure which can be consistently defeated by the successful application of a single class of attacks must be considered fatally flawed. -- The Lucy Van Pelt Principle of Secure Systems Design
Re: icmp rpf
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Mark Kent wrote: virendra rode wrote: This is yet another reason one shouldn't rely on pings traceroutes to perform reachability analysis. So, you're in the traceroute is not important camp? (you'll note that in my email I did ask whether we think traceroute is important) - I'm sure its important. All I'm saying is, icmp can get rate-limited (many times it does) which could possibly lead to packet loss and even drops while traversing hops. regards, /virendra Mark Smith wrote: The non-announcers, because they're also breaking PMTUD. Really? How? Remember, we're not talking about RFC1918 space, where there is a BCP that says we should filter it at the edge. We're talking about public IP space, that just doesn't happen to be announced outside of a particular AS. Thanks, -mark -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFFyejpbZvCIJx1bcRAsFXAKDokAbujtIiuvGDXss2Tt5U3CXElQCgkpKG UaS6MDxtWKjdbiLewujDs/Q= =qgo2 -END PGP SIGNATURE-
Re: icmp rpf
[Can we all have a moment of silence for a useful, interesting, and on-topic post?] On Sep 24, 2006, at 5:59 PM, Mark Kent wrote: A smaller North American network provider, with a modest North American backbone, numbers their internal routers on public IP space that they do not announce to the world. One of the largest North American network providers filters/drops ICMP messages so that they only pass those with a source IP address that appears in their routing table. As a result, traceroutes from big.net into small.net have numerous hops that time out. Traceroutes from elsewhere that go into small.net but return on big.net also have numerous hops that time out. We do all still think that traceroute is important, don't we? If so, which of these two nets is unreasonable in their actions/ policies? Who said either was? First: Your network, your rules. Don't expect others to play by your rules. But more importantly, there is nothing that says two perfectly reasonable, rational rules cannot create a problem when intersecting in interesting ways. But if forced, I'd say Small.Net gets my vote for needing correction. I see less wrongness in a networking running what is essentially loose RPF than a network who expects supposedly bogon- sourced packets to be forwarded. (One could argue that non-announced space is bogus.) Just remember, I would only say that if pushed. Normally I would say neither is wrong. Please note that we're not talking about RFC1918 space, or reserved IP space of any kind. Also, think about the scenario where some failure happens leaving big.net with an incomplete routing table, thus breaking traceroute when it is perhaps most needed. In such an instance, I would suggest Big.Net will have far, far larger problems than whether pings get returned from prefixes it can't reach anyway. -- TTFN, patrick
Re: recap of nanog-futures on on topic and proposed compromise
Creating consternation around boundary conditions and then proposing artificial self-serving compromises is one of the oldest games there is on mailing lists, going back pretty much to the invention of Usenet. At the risk of playing a small role in this instance, as a longtime lurker I simply point out the predictable failure pattern here. Fred Basically, there is a crowd that says only network related stuff, say, trasnit ISP's (as an example, not to say them alone) would be interested in, is on topic. Others say there are other issues which are oprations related and of interest to them. We are split. A compromise has now been suggested (by me). The only thing both sides agree on is that in fact, the replies and flame wars on what is on topic or isn't, and who should speak of what, are disruptive. Thus, the compromise idea is that for now and for a predetermined period of time, we start with one small change. Debugging is done one step at a time rather than in earthshattering moves. How about we, for now, only change one thing about NANOG - the specific off topic posts that tell others to be quiet, or that they are off-topic will be disallowed. This is really a concensus and a good way to start making progress rather than escalating a conflict between people who just want to get things done and see the NANOG community as a home. I believe it's a good temporary solution which will take us ahead, to measure how things go, as well as be able to find out what we all agree on afterwards. As well as increase the value of the list almost immediately. This re-cap is from my perspective, naturally. We can keep arguing over who said what or what's on or off topic forever. Consolidating on what we all agree would be a change for the better and starting there sounds like a good idea to me. Solving this in a civil fashion just became so much more attractive. Thanks, Gadi.
Re: recap of nanog-futures on on topic and proposed compromise
On Sun, 24 Sep 2006, Fred Heutte wrote: Creating consternation around boundary conditions and then proposing artificial self-serving compromises is one of the oldest games there is on mailing lists, going back pretty much to the invention of Usenet. At the risk of playing a small role in this instance, as a longtime lurker I simply point out the predictable failure pattern here. Please join us on NANOG-futures than and help either flame, or come up with something to move us forward. :) Gadi. Fred Basically, there is a crowd that says only network related stuff, say, trasnit ISP's (as an example, not to say them alone) would be interested in, is on topic. Others say there are other issues which are oprations related and of interest to them. We are split. A compromise has now been suggested (by me). The only thing both sides agree on is that in fact, the replies and flame wars on what is on topic or isn't, and who should speak of what, are disruptive. Thus, the compromise idea is that for now and for a predetermined period of time, we start with one small change. Debugging is done one step at a time rather than in earthshattering moves. How about we, for now, only change one thing about NANOG - the specific off topic posts that tell others to be quiet, or that they are off-topic will be disallowed. This is really a concensus and a good way to start making progress rather than escalating a conflict between people who just want to get things done and see the NANOG community as a home. I believe it's a good temporary solution which will take us ahead, to measure how things go, as well as be able to find out what we all agree on afterwards. As well as increase the value of the list almost immediately. This re-cap is from my perspective, naturally. We can keep arguing over who said what or what's on or off topic forever. Consolidating on what we all agree would be a change for the better and starting there sounds like a good idea to me. Solving this in a civil fashion just became so much more attractive. Thanks, Gadi.