Re: Best Email Time

[David Hester]

On 12/5/06 12:00 PM, "[EMAIL PROTECTED]" <[EMAIL PROTECTED]>
wrote:

> On Tue, 05 Dec 2006 10:14:06 EST, William Allen Simpson said:
> 
>> The "study" says that "nearly 20 percent of email does not get delivered to
>> the inbox as intended, largely because it gets mistaken as spam."
> 
> Somewhere around 85% of all mail attempts to us are summarily rejected because
> the source is in some block list or other, resulting in the spam not being
> delivered to our user's inboxes as the spammer intended, largely because it
> is recognized as spam.
> 
> Statistics are what you read into them

CNN recently reported that 90% of all email on the internet is spam.
http://www.cnn.com/2006/WORLD/europe/11/27/uk.spam.reut/index.html

David Hester

Re: Best Email Time

[Simon Waters]

On Friday 08 December 2006 12:50, you wrote:
> 
> CNN recently reported that 90% of all email on the internet is spam.
> http://www.cnn.com/2006/WORLD/europe/11/27/uk.spam.reut/index.html

I posted my rant a while back to save bandwidth;

http://www.circleid.com/posts/misleading_spam_data/

DNS - connection limit (without any extra hardware)

[Luke]

Hi,
as a comsequence of a virus diffused in my customer-base, I often receive
big bursts of traffic on my DNS servers.
Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I
have a distributed tentative of denial of service.
I can't blacklist them on my DNSs, because the infected clients are too
much.

For this reason, I would like that a DNS could response maximum to 10
queries per second given by every single Ip address.
Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND
tuning, without using any hardware traffic shaper?

Thanks
Best Regards

Luke

RE: DNS - connection limit (without any extra hardware)

[Geo.]

I know this is kind of a crazy idea but how about making cleaning up all
these infected machines the priority as a solution instead of defending your
dns from your infected clients. They not only affect you, they affect the
rest of us so why should we give you a solution to your problem when you
don't appear to care about causing problems for the rest of us?

George Roettger
  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Luke
  Sent: Friday, December 08, 2006 9:41 AM
  To: [EMAIL PROTECTED]
  Subject: DNS - connection limit (without any extra hardware)


  Hi,
  as a comsequence of a virus diffused in my customer-base, I often receive
big bursts of traffic on my DNS servers.
  Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I
have a distributed tentative of denial of service.
  I can't blacklist them on my DNSs, because the infected clients are too
much.

  For this reason, I would like that a DNS could response maximum to 10
queries per second given by every single Ip address.
  Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND
tuning, without using any hardware traffic shaper?

  Thanks
  Best Regards

  Luke

How to pick a Site-Local Scope multi cast address

[Dave Raskin]

Hello, I have been directed to this list by IANA when I asked the
following question:



I am researching ways of device/machine discovery on the
network. This 
 is similar to the Discovery phase of UPnP devices, which uses the SSDP 
 protocol.
  
I have researched far enough to know that my best bet for UDP 
 multicast address group is the Site-Local Scope address range of
  
  239.255.000.000-239.255.255.255
  
 SSDP and UPnP protocols use the address 239.255.255.250
  
 My question is this:
  
  How do I pick a group address within this range and not have a
chance of colliding with some other application on the network already
using the group  address I just picked?


Do I just randomly pick an address in that range and hope for
the best? I am running on Windows and cannot assume that there is a
MADCAP server available.



Thanks in advance!

Dave Raskin
Rimage Corporation

Re: DNS - connection limit (without any extra hardware)

[Simon Waters]

On Friday 08 December 2006 14:40, you wrote:
> 
> For this reason, I would like that a DNS could response maximum to 10
> queries per second given by every single Ip address.

That may trap an email server or two.

Did you consider checking what they are looking up, and lying to them about 
the TTL/answer "127.0.0.1 for a week" maybe better than NXDOMAIN.

I use to slave "." which can save time on recursive DNS servers when they have 
a lot of dross to answer (assuming it is totally random dross).

I suspect complex rate limiting may be nearly as expensive as providing DNS 
answers with Bind9.

RE: DNS - connection limit (without any extra hardware)

[Gadi Evron]

On Fri, 8 Dec 2006, Geo. wrote:
> I know this is kind of a crazy idea but how about making cleaning up all
> these infected machines the priority as a solution instead of defending your
> dns from your infected clients. They not only affect you, they affect the
> rest of us so why should we give you a solution to your problem when you
> don't appear to care about causing problems for the rest of us?
> 
> George Roettger

Atually, reading your reply (which is the same as my own, pretty much), I
figure the guy asked a question and he has a real problem. Assuming he
doesn't want to clean them up is not nice of us.

Luke:
It is possible the DNS queries made are for non existent domains, fake
replies, perhaps even making them something in 1918 space, and they MAY
stop being not nice netizens.

Gadi.

>   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Luke
>   Sent: Friday, December 08, 2006 9:41 AM
>   To: [EMAIL PROTECTED]
>   Subject: DNS - connection limit (without any extra hardware)
> 
> 
>   Hi,
>   as a comsequence of a virus diffused in my customer-base, I often receive
> big bursts of traffic on my DNS servers.
>   Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I
> have a distributed tentative of denial of service.
>   I can't blacklist them on my DNSs, because the infected clients are too
> much.
> 
>   For this reason, I would like that a DNS could response maximum to 10
> queries per second given by every single Ip address.
>   Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND
> tuning, without using any hardware traffic shaper?
> 
>   Thanks
>   Best Regards
> 
>   Luke
> 
> 

Re: DNS - connection limit (without any extra hardware)

[Gadi Evron]

On Fri, 8 Dec 2006, Luke wrote:
> Hi,
> as a comsequence of a virus diffused in my customer-base, I often receive
> big bursts of traffic on my DNS servers.
> Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I
> have a distributed tentative of denial of service.
> I can't blacklist them on my DNSs, because the infected clients are too
> much.
> 
> For this reason, I would like that a DNS could response maximum to 10
> queries per second given by every single Ip address.
> Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND
> tuning, without using any hardware traffic shaper?
> 

"I have a bots infested network, they really task my services! How can I
make my services ignore them so that the clients start calling me and
spending my tech support budget?"

> Thanks
> Best Regards
> 
> Luke
> 

Gadi.

RE: DNS - connection limit (without any extra hardware)

[Geo.]

> Actually, reading your reply (which is the same as my own, pretty much), I
> figure the guy asked a question and he has a real problem. Assuming he
> doesn't want to clean them up is not nice of us.

Infected machines (bots) will cause a lot more than just DNS issues. Issues
like this have a way of getting worse all by themselves if not addressed.

Anyway, to play nice.. how about using a router to dampen traffic much like
icmp dampening? Would it be possible to do DNS dampening?

Geo.

Re: DNS - connection limit (without any extra hardware)

[Petri Helenius]

Geo. wrote:
I know this is kind of a crazy idea but how about making cleaning up 
all these infected machines the priority as a solution instead of 
defending your dns from your infected clients. They not only affect 
you, they affect the rest of us so why should we give you a solution 
to your problem when you don't appear to care about causing problems 
for the rest of us?



Has anyone figured out a remote but lawful way to repair zombie machines?

Pete


George Roettger

-Original Message-
*From:* [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Behalf Of *Luke
*Sent:* Friday, December 08, 2006 9:41 AM
*To:* [EMAIL PROTECTED]
*Subject:* DNS - connection limit (without any extra hardware)

Hi,
as a comsequence of a virus diffused in my customer-base, I often
receive big bursts of traffic on my DNS servers.
Unluckly, a lot of clients start to bomb my DNSs at a certain
hour, so I have a distributed tentative of denial of service.
I can't blacklist them on my DNSs, because the infected clients
are too much.

For this reason, I would like that a DNS could response maximum to
10 queries per second given by every single Ip address.
Anybody knows a solution, just using iptables/netfilter/kernel
tuning/BIND tuning, without using any hardware traffic shaper?

Thanks
Best Regards

Luke

Re: DNS - connection limit (without any extra hardware)

[Joe Abley]

On 8-Dec-2006, at 11:52, Geo. wrote:



Actually, reading your reply (which is the same as my own, pretty  
much), I
figure the guy asked a question and he has a real problem.  
Assuming he

doesn't want to clean them up is not nice of us.


Infected machines (bots) will cause a lot more than just DNS  
issues. Issues
like this have a way of getting worse all by themselves if not  
addressed.


Anyway, to play nice.. how about using a router to dampen traffic  
much like

icmp dampening? Would it be possible to do DNS dampening?


I think the trouble comes when you want to limit the request rate  
*per client source address*, rather than limiting the request rate  
across the board. That implies the retention of state, and since DNS  
transactions are brief (and since the client population is often  
large) that can add up to a lot of state to keep at an aggregation  
point like a router.


There some appliances which are designed to hold large amounts of  
state (e.g. f5's big-ip) but you're talking non-trivial dollars for  
that. Beware enterprise-scale stateful firewall devices which might  
seem like sensible solutions to this problem. They are often not  
suitable for use in front of busy DNS servers (even a few hundred new  
flows per second is a lot for some vendors, despite the apparent  
marketing headroom based on the number of kbps you need to handle).


You may find that you can install ipfw (or similar) rules on your  
nameservers themselves to do this kind of thing. Take careful note of  
what happens when the client population becomes large, though -- the  
garbage collection ought to be smooth and painless, or you'll just  
wind up swapping one worm proliferation failure mode for another.


Host-based per-client rate limits scale better if there are many  
hosts providing service, e.g. behind a load balancer or using  
something like .


As to the wider question, cleaning up the infected hosts is an  
excellent goal, but it'd certainly be nice if your DNS servers  
continued to function while you were doing so. Having every non- 
infected customer phone up screaming at once can be an unwelcome  
distraction when you already have more man hours of work to do per  
day than you have (staff * 24).



Joe

Weekly Routing Table Report

[Routing Analysis Role Account]

This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to [EMAIL PROTECTED]

For historical data, please see http://thyme.apnic.net.

If you have any comments please contact Philip Smith <[EMAIL PROTECTED]>.

Routing Table Report   04:00 +10GMT Sat 09 Dec, 2006

Analysis Summary


BGP routing table entries examined:  205342
Prefixes after maximum aggregation:  111720
Unique aggregates announced to Internet: 100595
Total ASes present in the Internet Routing Table: 23878
Origin-only ASes present in the Internet Routing Table:   20804
Origin ASes announcing only one prefix:   10054
Transit ASes present in the Internet Routing Table:3074
Transit-only ASes present in the Internet Routing Table: 78
Average AS path length visible in the Internet Routing Table:   3.6
Max AS path length visible:  29
Max AS path prepend of ASN (36728)   27
Prefixes from unregistered ASNs in the Routing Table: 1
Unregistered ASNs in the Routing Table:   2
Special use prefixes present in the Routing Table:0
Prefixes being announced from unallocated address space:  9
Number of addresses announced to Internet:   1644568620
Equivalent to 98 /8s, 6 /16s and 32 /24s
Percentage of available address space announced:   44.4
Percentage of allocated address space announced:   62.9
Percentage of available address space allocated:   70.5
Total number of prefixes smaller than registry allocations:  104160

APNIC Region Analysis Summary
-

Prefixes being announced by APNIC Region ASes:45563
Total APNIC prefixes after maximum aggregation:   18743
Prefixes being announced from the APNIC address blocks:   43141
Unique aggregates announced from the APNIC address blocks:19599
APNIC Region origin ASes present in the Internet Routing Table:2793
APNIC Region origin ASes announcing only one prefix:793
APNIC Region transit ASes present in the Internet Routing Table:416
Average APNIC Region AS path length visible:3.6
Max APNIC Region AS path length visible: 16
Number of APNIC addresses announced to Internet:  271634400
Equivalent to 16 /8s, 48 /16s and 207 /24s
Percentage of available APNIC address space announced: 84.9

APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431
(pre-ERX allocations)  23552-24575, 37888-38911
APNIC Address Blocks   58/7, 60/7, 121/8, 122/7, 124/7, 126/8, 202/7
   210/7, 218/7, 220/7 and 222/8

ARIN Region Analysis Summary


Prefixes being announced by ARIN Region ASes:101573
Total ARIN prefixes after maximum aggregation:60333
Prefixes being announced from the ARIN address blocks:74756
Unique aggregates announced from the ARIN address blocks: 28433
ARIN Region origin ASes present in the Internet Routing Table:11210
ARIN Region origin ASes announcing only one prefix:4268
ARIN Region transit ASes present in the Internet Routing Table:1032
Average ARIN Region AS path length visible: 3.4
Max ARIN Region AS path length visible:  29
Number of ARIN addresses announced to Internet:   311174400
Equivalent to 18 /8s, 140 /16s and 37 /24s
Percentage of available ARIN address space announced:  68.7

ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106
(pre-ERX allocations)  2138-2584, 2615-2772, 2823-2829, 2880-3153
   3354-4607, 4865-5119, 5632-6655, 6912-7466
   7723-8191, 10240-12287, 13312-15359, 16384-17407
   18432-20479, 21504-23551, 25600-26591,
   26624-27647, 29696-30719, 31744-33791
   35840-36863, 39936-40959
ARIN Address Blocks24/8, 63/8, 64/5, 72/6, 76/8, 96/6, 199/8, 204/6,
   208/7 and 216/8

RIPE Region Analysis Summary


Prefixes being announced by RIPE Region ASes: 42355
Total RIPE prefixes after maximum aggregation:27711
Prefixes being announced from the RIPE address blocks:39176
Unique aggregates announced from the RIPE address blocks: 26125
RIPE Region origin ASes present in the Internet Routing Table: 8877
RIPE Region origin ASes announcing only one prefix:4695
RIPE Region transit ASes present in th

Re: DNS - connection limit (without any extra hardware)

[♓]

"I have a bots infested network, they really task my services! How can I
make my services ignore them so that the clients start calling me and
spending my tech support budget?"



Or:

"I have bots on my network and as part of a multi-pronged approach to
cleaning my network while keeping the services available to those who
aren't infected, I'd like to research ways that I can minimize the
effect these bots have on the rest of my customers"

Cheers,
.pm

Re: DNS - connection limit (without any extra hardware)

[Gadi Evron]

On Fri, 8 Dec 2006, Petri Helenius wrote:
> 
> Geo. wrote:
> > I know this is kind of a crazy idea but how about making cleaning up 
> > all these infected machines the priority as a solution instead of 
> > defending your dns from your infected clients. They not only affect 
> > you, they affect the rest of us so why should we give you a solution 
> > to your problem when you don't appear to care about causing problems 
> > for the rest of us?
> >
> Has anyone figured out a remote but lawful way to repair zombie machines?

Microsoft auto-update, the telephone line, going to a different country
with a different set of rules.

Gadi.

Re: DNS - connection limit (without any extra hardware)

[Aaron Glenn]

On 12/8/06, Petri Helenius <[EMAIL PROTECTED]> wrote:


Has anyone figured out a remote but lawful way to repair zombie machines?



sure, null route the customer until they clean their hosts up

Re: DNS - connection limit (without any extra hardware)

[Scott Weeks]

--- [EMAIL PROTECTED] wrote:
From: Petri Helenius <[EMAIL PROTECTED]>


Geo. wrote:
> I know this is kind of a crazy idea but how about making cleaning up 
> all these infected machines the priority as a solution instead of 
> defending your dns from your infected clients. They not only affect 
> you, they affect the rest of us so why should we give you a solution 
> to your problem when you don't appear to care about causing problems 
> for the rest of us?
>
:: Has anyone figured out a remote but lawful way to repair 
:: zombie machines?


Lawful in which country?

scott

repair zombie machines (was: DNS - connection limit)

[Jim Popovitch]

On Fri, 2006-12-08 at 19:56 +0200, Petri Helenius wrote:
> Has anyone figured out a remote but lawful way to repair zombie machines?

Very interesting question.  I personally believe that OS EULAs and ISP
ToS guidelines provide for an ISP or an OS mfg (i.e. Microsoft) to force
updates and fixes via any means.  That is: if I am your customer and my
PC/router/USB-Camera/whatever is throwing crap your way, crap that
violates your ToS or indicates that I am out of compliance with an EULA,
then I believe others have the right (and IMHO the obligation) to step
in and correct things (it's what parents do for their kids everyday).
So, according to me, any corrective action is lawful when dealing with
customers and equipment that have violated an EULA or ToS guidelines.

Just my $.02.  ;-)

-Jim P. 

Re: DNS - connection limit (without any extra hardware)

[Fergie]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

Sorry for the top-post, but wanted to retain context here.

Also, sorry for the specific product mention, but much of is
mentioned below is something that we are doing with ICSS/BASE:

 http://www.trendmicro.com/en/products/nss/icss/evaluate/overview.htm

$.02,

- - ferg

- -- Joe Abley <[EMAIL PROTECTED]> wrote:

On 8-Dec-2006, at 11:52, Geo. wrote:

>
>> Actually, reading your reply (which is the same as my own, pretty  
>> much), I
>> figure the guy asked a question and he has a real problem.  
>> Assuming he
>> doesn't want to clean them up is not nice of us.
>
> Infected machines (bots) will cause a lot more than just DNS  
> issues. Issues
> like this have a way of getting worse all by themselves if not  
> addressed.
>
> Anyway, to play nice.. how about using a router to dampen traffic  
> much like
> icmp dampening? Would it be possible to do DNS dampening?

I think the trouble comes when you want to limit the request rate  
*per client source address*, rather than limiting the request rate  
across the board. That implies the retention of state, and since DNS  
transactions are brief (and since the client population is often  
large) that can add up to a lot of state to keep at an aggregation  
point like a router.

There some appliances which are designed to hold large amounts of  
state (e.g. f5's big-ip) but you're talking non-trivial dollars for  
that. Beware enterprise-scale stateful firewall devices which might  
seem like sensible solutions to this problem. They are often not  
suitable for use in front of busy DNS servers (even a few hundred new  
flows per second is a lot for some vendors, despite the apparent  
marketing headroom based on the number of kbps you need to handle).

You may find that you can install ipfw (or similar) rules on your  
nameservers themselves to do this kind of thing. Take careful note of  
what happens when the client population becomes large, though -- the  
garbage collection ought to be smooth and painless, or you'll just  
wind up swapping one worm proliferation failure mode for another.

Host-based per-client rate limits scale better if there are many  
hosts providing service, e.g. behind a load balancer or using  
something like .

As to the wider question, cleaning up the infected hosts is an  
excellent goal, but it'd certainly be nice if your DNS servers  
continued to function while you were doing so. Having every non- 
infected customer phone up screaming at once can be an unwelcome  
distraction when you already have more man hours of work to do per  
day than you have (staff * 24).


Joe

-BEGIN PGP SIGNATURE-
Version: PGP Desktop 9.5.1 (Build 1557)

wj8DBQFFebFQq1pz9mNUZTMRAk+xAKCg1dPMivTo6ee5Nj1I4yjVXQzvCQCgnBSI
NV3RnsEijPJcHNawWS4uWog=
=pawb
-END PGP SIGNATURE-

--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/

Whatever happened to "The Cidr Report"?

[Etaoin Shrdlu]

[EMAIL PROTECTED] wrote:


This report has been generated at Fri Nov 10 21:40:01 2006 AEST.
 

Okay, am I the only one who misses this being posted to the list? Yes, I 
know that I can go to the site for the report, but it just suddenly 
vanished (at least to me), without warning. Was I the only one still 
reading it from the mailing list? Was there an announcement, and I just 
missed it?



Please see http://www.cidr-report.org for the full report


Copies of this report are mailed to:
 nanog@merit.edu



Private replies okay, but I bet I'm not the only one for whom it just 
suddenly vanished. I like my stuff in plain text when I can get it; the 
web site is nice, but I'm not point and clicky type.


--
The Eighties:I tried being reasonable once. I didn't like it.
Cats are smarter than dogs. You can't teach eight cats to pull a sled.
Stupid is doing the same thing over and over and expecting
different results.

Re: DNS - connection limit (without any extra hardware)

[Petri Helenius]

Aaron Glenn wrote:


On 12/8/06, Petri Helenius <[EMAIL PROTECTED]> wrote:


Has anyone figured out a remote but lawful way to repair zombie 
machines?




sure, null route the customer until they clean their hosts up

My question was specifically directed towards zombies that are not local 
to the ISP.


Pete

Re: DNS - connection limit (without any extra hardware)

[Matt Ghali]

On Fri, 8 Dec 2006, Simon Waters wrote:


I suspect complex rate limiting may be nearly as expensive as providing DNS
answers with Bind9.


Indeed. It is generally accepted that it is easier to simply scale 
your service to provide adequate headroom than implement per-client 
traffic policies.


of course, you could also work on cleaning up the mess, but I will 
charitably assume you are working the problem from both directions 
simultaneously.


matto

[EMAIL PROTECTED]<
  Moral indignation is a technique to endow the idiot with dignity.
- Marshall McLuhan

RE: DNS - connection limit (without any extra hardware)

[Matt Ghali]

On Fri, 8 Dec 2006, Gadi Evron wrote:


Luke:
It is possible the DNS queries made are for non existent domains, fake
replies, perhaps even making them something in 1918 space, and they MAY
stop being not nice netizens.


Configuring your nameservers to randomly give bad answers isn't 
considered being a "nice netizen" either, the last time I checked.


[EMAIL PROTECTED]<
  Moral indignation is a technique to endow the idiot with dignity.
- Marshall McLuhan

Re: Whatever happened to "The Cidr Report"?

[Alan Spicer]

Okay, am I the only one who misses this being posted to the list?


Winters: Lieutenant Sobel does not hate Easy Company, Private Randleman. He 
just hates you. (from HBO Series: Band of Brothers #1)


According to my kept messages of Nanog List, they were coming every 7 days. 
I have them back from 6/2/2006 up to 11/3/2006. Maybe they had a script or 
job quit on them that emailed the thing.


---
Alan Spicer ([EMAIL PROTECTED]),
([EMAIL PROTECTED]), ([EMAIL PROTECTED])

DBA Alan Spicer Telcom
Computer Services, Wired/Wireless Networking,
Marine Cell/Sat/Landline Communications,
Marine Internet Access

* http://telecom.dyndns.biz/
* IPv6 http://[2001:5c0:8104::1]/
*
* 954-683-3426 Business Mobile
* 866-977-5245 Toll Free 800#
* 954-977-5245 Home Office


- Original Message - 
From: "Etaoin Shrdlu" <[EMAIL PROTECTED]>

To: 
Sent: Friday, December 08, 2006 1:43 PM
Subject: Whatever happened to "The Cidr Report"?




[EMAIL PROTECTED] wrote:


This report has been generated at Fri Nov 10 21:40:01 2006 AEST.

Okay, am I the only one who misses this being posted to the list? Yes, I 
know that I can go to the site for the report, but it just suddenly 
vanished (at least to me), without warning. Was I the only one still 
reading it from the mailing list? Was there an announcement, and I just 
missed it?



Please see http://www.cidr-report.org for the full report


Copies of this report are mailed to:
 nanog@merit.edu



Private replies okay, but I bet I'm not the only one for whom it just 
suddenly vanished. I like my stuff in plain text when I can get it; the 
web site is nice, but I'm not point and clicky type.


--
The Eighties:I tried being reasonable once. I didn't like it.
Cats are smarter than dogs. You can't teach eight cats to pull a sled.
Stupid is doing the same thing over and over and expecting
different results.





--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.15.15/579 - Release Date: 12/7/2006 
1:31 PM

Re: How to pick a Site-Local Scope multi cast address

[John Kristoff]

On Fri, 8 Dec 2006 09:54:03 -0600
"Dave Raskin" <[EMAIL PROTECTED]> wrote:

> Hello, I have been directed to this list by IANA when I asked the
> following question:

An even better set of lists might be:

  
  

There is some overlap between the two, but the former is probably
the best place to start.  Both are good lists that may be relevant
for you to hang out in as they often cover the protocol and
operational aspects you may want to follow.  Both are low volume.

>  My question is this:

First, let me say... THANK YOU!  Presuming you are a multicast app
developer, you actually asked, terrific!  Most don't and what ends
up happening is growth in the "multicast swamp", where site local
apps like the one you're presuming working with end up leaking all
over the place taking up valuable mcast router memory space and cpu
time.

Now, the bad news.

>   How do I pick a group address within this range and not have a
> chance of colliding with some other application on the network already
> using the group  address I just picked?
>   Do I just randomly pick an address in that range and hope for
> the best? I am running on Windows and cannot assume that there is a
> MADCAP server available.

You can probably never expect to find a MADCAP server.  I don't think
I've even ever heard of anyone deploying one, though I'm sure a handful
have tried, I don't think it ever got much deployment outside a select
few environments or the lab.

IP multicast addressing has been a bit of a problem to say the least.
A couple of documents to read might be:

  
  


Then perhaps follow up on mboned if you still have questions.  Some
of the people that hang out there hang out here and may have more to
say since I haven't been following closely what's going on for the
past year.  I don't think you're going to find the satisfying answer
you were looking for, but that's IP multicast for you.

John

RE: DNS - connection limit (without any extra hardware)

[Frank Bulk]

You could also look at Cloudshield.  I was following the EveryDNS issue this
weekend and this item among the regular VON press release blast jumped out
at me:
http://www.cloudshield.com/news_events/2006_Releases/EveryDNS%20FINAL.pdf
 
Regards,
 
Frank

  _  

From: Frank Bulk 
Sent: Friday, December 08, 2006 8:59 AM
To: '[EMAIL PROTECTED]'
Subject: DNS - connection limit (without any extra hardware)


Hi,
as a comsequence of a virus diffused in my customer-base, I often receive
big bursts of traffic on my DNS servers.
Unluckly, a lot of clients start to bomb my DNSs at a certain hour, so I
have a distributed tentative of denial of service. 
I can't blacklist them on my DNSs, because the infected clients are too
much.

For this reason, I would like that a DNS could response maximum to 10
queries per second given by every single Ip address.
Anybody knows a solution, just using iptables/netfilter/kernel tuning/BIND
tuning, without using any hardware traffic shaper? 

Thanks
Best Regards

Luke

Re: DNS - connection limit (without any extra hardware)

[Douglas Otis]

On Dec 8, 2006, at 6:40 AM, Luke wrote:


Hi,
as a consequence of a virus diffused in my customer-base, I often  
receive big bursts of traffic on my DNS servers. Unluckly, a lot of  
clients start to bomb my DNSs at a certain hour, so I have a  
distributed tentative of denial of service.  I can't blacklist them  
on my DNSs, because the infected clients are too much.


For this reason, I would like that a DNS could response maximum to  
10 queries per second given by every single Ip address. Anybody  
knows a solution, just using iptables/netfilter/kernel tuning/BIND  
tuning, without using any hardware traffic shaper?


One effective strategy is to make 0wning your customer's system less  
profitable.  Here is a good article by Suresh Ramasubramanian:


http://www.circleid.com/posts/ 
port_25_blocking_or_fix_smtp_and_leave_port_25_alone_for_the_sake_of_spa 
m/


Some have been successful with notification tools such as those  
offered by:


http://www.perftech.com/

Customers are directed to a free scrub that does not depend upon OS  
validation status, such as Housecall.


-Doug

Re: Whatever happened to "The Cidr Report"?

[Adam Jacob Muller]

According to my archives, the last CIDR report was badly broken:



Recent Table History
Date  PrefixesCIDR Agg
03-11-06199409  129843
04-11-06199323  129829
05-11-06199330  129854
06-11-06199273  129854
07-11-06  -1077936760  129854
08-11-06  672037797  129854
09-11-06  -1077937324  129854
10-11-06  134555024  129854



After someone noticed we got this:



Geoff Huston wrote:
When my zebra BGP daemin looses its grip on life and dies a  
horrible death the rest to the scripts wander into a strange  
twilight zone and make up numbers




There were no more CIDR reports following that, perhaps he never got  
around to fixing it?


-Adam


On Dec 8, 2006, at 4:00 PM, Alan Spicer wrote:




Okay, am I the only one who misses this being posted to the list?


Winters: Lieutenant Sobel does not hate Easy Company, Private  
Randleman. He just hates you. (from HBO Series: Band of Brothers #1)


According to my kept messages of Nanog List, they were coming every  
7 days. I have them back from 6/2/2006 up to 11/3/2006. Maybe they  
had a script or job quit on them that emailed the thing.


---
Alan Spicer ([EMAIL PROTECTED]),
([EMAIL PROTECTED]), ([EMAIL PROTECTED])

DBA Alan Spicer Telcom
Computer Services, Wired/Wireless Networking,
Marine Cell/Sat/Landline Communications,
Marine Internet Access

* http://telecom.dyndns.biz/
* IPv6 http://[2001:5c0:8104::1]/
*
* 954-683-3426 Business Mobile
* 866-977-5245 Toll Free 800#
* 954-977-5245 Home Office


- Original Message - From: "Etaoin Shrdlu"  
<[EMAIL PROTECTED]>

To: 
Sent: Friday, December 08, 2006 1:43 PM
Subject: Whatever happened to "The Cidr Report"?




[EMAIL PROTECTED] wrote:


This report has been generated at Fri Nov 10 21:40:01 2006 AEST.

Okay, am I the only one who misses this being posted to the list?  
Yes, I know that I can go to the site for the report, but it just  
suddenly vanished (at least to me), without warning. Was I the  
only one still reading it from the mailing list? Was there an  
announcement, and I just missed it?



Please see http://www.cidr-report.org for the full report


Copies of this report are mailed to:
 nanog@merit.edu



Private replies okay, but I bet I'm not the only one for whom it  
just suddenly vanished. I like my stuff in plain text when I can  
get it; the web site is nice, but I'm not point and clicky type.


--
The Eighties:I tried being reasonable once. I didn't like it.
Cats are smarter than dogs. You can't teach eight cats to pull a  
sled.

Stupid is doing the same thing over and over and expecting
different results.





--
No virus found in this incoming message.
Checked by AVG Free Edition.
Version: 7.5.432 / Virus Database: 268.15.15/579 - Release Date:  
12/7/2006 1:31 PM

BGP Update Report

[cidr-report]

BGP Update Report
Interval: 25-Nov-06 -to- 08-Dec-06 (14 days)
Observation Point: BGP Peering with AS4637

TOP 20 Unstable Origin AS
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS17974   20956  1.7%  66.3 -- TELKOMNET-AS2-AP PT 
TELEKOMUNIKASI INDONESIA
 2 - AS701817102  1.4%  10.9 -- ATT-INTERNET4 - AT&T WorldNet 
Services
 3 - AS28751   17031  1.4% 123.4 -- CAUCASUS-NET-AS Caucasus 
Network Tbilisi, Georgia
 4 - AS855 13250  1.1%  24.4 -- CANET-ASN-4 - Bell Aliant
 5 - AS238612380  1.0%  11.1 -- INS-AS - AT&T Data 
Communications Services
 6 - AS11492   11564  0.9%  15.2 -- CABLEONE - CABLE ONE
 7 - AS4134 9853  0.8%  17.8 -- CHINANET-BACKBONE 
No.31,Jin-rong Street
 8 - AS232168644  0.7%  45.0 -- RAMtelecom Telecomunicaciones 
S.A
 9 - AS4761 8518  0.7%   2.0 -- INDOSAT-INP-AP INDOSAT Internet 
Network Provider
10 - AS156118412  0.7%  75.1 -- Iranian Research Organisation
11 - AS702  8239  0.7%  11.4 -- AS702 MCI EMEA - Commercial IP 
service provider in Europe
12 - AS4775 7399  0.6% 119.3 -- GLOBE-TELECOM-AS Telecom 
Carrier  /  ISP Plus +
13 - AS184166956  0.6% 695.6 -- 
14 - AS5056 6824  0.5% 121.9 -- INS-NET-2 - Iowa Network 
Services
15 - AS239186772  0.5%  56.9 -- CBB-BGP-IBARAKI Connexion By 
Boeing Ibaraki AS
16 - AS8151 6679  0.5%   9.6 -- Uninet S.A. de C.V.
17 - AS218266500  0.5%  43.3 -- Internet Cable Plus C. A.
18 - AS126546496  0.5% 295.3 -- RIPE-NCC-RIS-AS RIPE NCC RIS 
project
19 - AS5800 6472  0.5%  84.1 -- DDN-ASNBLK - DoD Network 
Information Center
20 - AS102926431  0.5%  26.2 -- CWJ-1 - Cable & Wireless Jamaica


TOP 20 Unstable Origin AS (Updates per announced prefix)
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS382623760  0.3%3760.0 -- JIVE-247-AS-AP JIVE 247 
COMMUNICATION ENTERPRIS
 2 - AS3043 3416  0.3%3416.0 -- AMPHIB-AS - Amphibian Media 
Corporation
 3 - AS315942379  0.2%2379.0 -- FORTESS-AS Fortess LLC Network
 4 - AS392501570  0.1%1570.0 -- COLOPROVIDER-AS Colo Provider
 5 - AS4678 1981  0.2% 990.5 -- FINE CANON NETWORK 
COMMUNICATIONS INC.
 6 - AS34378 912  0.1% 912.0 -- RUG-AS Razguliay-UKRROS Group
 7 - AS3944  792  0.1% 792.0 -- PARTAN-LAB - Partan & Partan
 8 - AS7781 2204  0.2% 734.7 -- NETCONNECT - Network Connection
 9 - AS184166956  0.6% 695.6 -- 
10 - AS22263 619  0.1% 619.0 -- NAVINVEST-MARINE-SERVICES - 
Navinvest Marine Services Inc.
11 - AS146996126  0.5% 612.6 -- BTCBCI - Bloomingdale 
Communications Inc
12 - AS12408 600  0.1% 600.0 -- BIKENT-AS Bikent Ltd. 
Autonomous system
13 - AS329371172  0.1% 586.0 -- 
CAC-FOR-THE-DEAF-AND-HARD-OF-HEARING - Communication Access Center for the Deaf 
and Hard of Hearing, Inc.
14 - AS18173 581  0.1% 581.0 -- AKU-AS-PK Aga Khan University
15 - AS1206  565  0.1% 565.0 -- PSCNET-HS-AS - Pittsburgh 
Supercomputing Center
16 - AS331881074  0.1% 537.0 -- SCS-NETWORK-1 - Sono Corporate 
Suites
17 - AS12866 524  0.0% 524.0 -- SUN_EU_AS Sun Microsystems 
European AS
18 - AS15437 504  0.0% 504.0 -- ASN-KJWS KJWS Autonomous System
19 - AS41443 464  0.0% 464.0 -- SMART-TELEKOM-AS 
SMART-TELEKOM-AS
20 - AS305174088  0.3% 454.2 -- GREAT-LAKES-COMNET - Great 
Lakes Comnet, Inc.


TOP 20 Unstable Prefixes
Rank Prefix Upds % Origin AS -- AS Name
 1 - 203.177.144.0/23   5475  0.3%   AS4775  -- GLOBE-TELECOM-AS Telecom 
Carrier  /  ISP Plus +
 3 - 209.140.24.0/243416  0.2%   AS3043  -- AMPHIB-AS - Amphibian Media 
Corporation
 4 - 203.199.128.0/19   3306  0.2%   AS4755  -- VSNL-AS Videsh Sanchar Nigam 
Ltd. Autonomous System
 5 - 216.32.206.0/242518  0.2%   AS20473 -- AS-CHOOPA - Choopa, LLC
 6 - 194.242.124.0/22   2379  0.1%   AS31594 -- FORTESS-AS Fortess LLC Network
 7 - 61.0.0.0/8 1979  0.1%   AS4678  -- FINE CANON NETWORK 
COMMUNICATIONS INC.
 8 - 83.98.220.0/23 1570  0.1%   AS39250 -- COLOPROVIDER-AS Colo Provider
 9 - 83.210.35.0/24 1569  0.1%   AS23918 -- CBB-BGP-IBARAKI Connexion By 
Boeing Ibaraki AS
 AS29257 -- CBB-IE-AS Connexion by Boeing 
Ireland, Ltd.
 AS30533 -- THEBOE-30533 - The Boeing 
Company
 AS31050 -- CBB-RU-ASN Connexion by Boeing 
Eastern Europe, Ltd.
 AS33697 -- THEBOE-33697 - The Boeing 
Company
10 - 216.234.49.0/241566  0.1%   AS7781  -- NETCONNECT - Network Connection
11 - 20

The Cidr Report

[cidr-report]

This report has been generated at Sat Dec  9 14:46:53 2006 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.

Check http://www.cidr-report.org/as4637 for a current version of this report.

Recent Table History
Date  PrefixesCIDR Agg
02-12-06202294  130820
03-12-06202248  130861
04-12-06202364  130782
05-12-06202191  130975
06-12-06202520  131020
07-12-06202677  131226
08-12-06202746  131363
09-12-06202624  131366


AS Summary
 23778  Number of ASes in routing system
 10043  Number of ASes announcing only one prefix
  1520  Largest number of prefixes announced by an AS
AS7018 : ATT-INTERNET4 - AT&T WorldNet Services
  91133440  Largest address span announced by an AS (/32s)
AS721  : DISA-ASNBLK - DoD Network Information Center


Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as 
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').

 --- 09Dec06 ---
ASnumNetsNow NetsAggr  NetGain   % Gain   Description

Table 202551   1314307112135.1%   All ASes

AS4755  1059   67  99293.7%   VSNL-AS Videsh Sanchar Nigam
   Ltd. Autonomous System
AS4134  1209  283  92676.6%   CHINANET-BACKBONE
   No.31,Jin-rong Street
AS18566  981  109  87288.9%   COVAD - Covad Communications
   Co.
AS9498   891  134  75785.0%   BBIL-AP BHARTI BT INTERNET
   LTD.
AS4323  1050  299  75171.5%   TWTC - Time Warner Telecom,
   Inc.
AS22773  709   47  66293.4%   CCINET-2 - Cox Communications
   Inc.
AS19262  737  177  56076.0%   VZGNI-TRANSIT - Verizon
   Internet Services Inc.
AS7018  1520  980  54035.5%   ATT-INTERNET4 - AT&T WorldNet
   Services
AS11492  837  302  53563.9%   CABLEONE - CABLE ONE
AS721813  299  51463.2%   DISA-ASNBLK - DoD Network
   Information Center
AS6197  1020  513  50749.7%   BATI-ATL - BellSouth Network
   Solutions, Inc
AS17488  556   50  50691.0%   HATHWAY-NET-AP Hathway IP Over
   Cable Internet
AS19916  567   70  49787.7%   ASTRUM-0001 - OLM LLC
AS18101  490   27  46394.5%   RIL-IDC Reliance Infocom Ltd
   Internet Data Centre,
AS855539   87  45283.9%   CANET-ASN-4 - Bell Aliant
AS17676  501   65  43687.0%   JPNIC-JP-ASN-BLOCK Japan
   Network Information Center
AS15270  489   60  42987.7%   AS-PAETEC-NET - PaeTec.net -a
   division of
   PaeTecCommunications, Inc.
AS3602   521  107  41479.5%   AS3602-RTI - Rogers Telecom
   Inc.
AS4766   710  311  39956.2%   KIXS-AS-KR Korea Telecom
AS8151   774  396  37848.8%   Uninet S.A. de C.V.
AS2386  1109  740  36933.3%   INS-AS - AT&T Data
   Communications Services
AS4812   423   65  35884.6%   CHINANET-SH-AP China Telecom
   (Group)
AS6467   387   52  33586.6%   ESPIRECOMM - Xspedius
   Communications Co.
AS16852  377   60  31784.1%   BROADWING-FOCAL - Broadwing
   Communications, Inc.
AS6198   551  263  28852.3%   BATI-MIA - BellSouth Network
   Solutions, Inc
AS10139  301   13  28895.7%   SMARTBRO-PH-AP Smart
   Broadband, Inc.
AS16814  329   42  28787.2%   NSS S.A.
AS33588  410  126  28469.3%   BRESNAN-AS - Bresnan
   Communications, LLC.
AS6517   394  111  28371.8%   YIPESCOM - Yipes
   Communications, Inc.
AS14654  3

BGP Update Report

[cidr-report]

BGP Update Report
Interval: 24-Nov-06 -to- 07-Dec-06 (14 days)
Observation Point: BGP Peering with AS4637

TOP 20 Unstable Origin AS
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS17974   21233  1.7%  67.0 -- TELKOMNET-AS2-AP PT 
TELEKOMUNIKASI INDONESIA
 2 - AS701817136  1.4%  10.9 -- ATT-INTERNET4 - AT&T WorldNet 
Services
 3 - AS28751   16304  1.3% 118.1 -- CAUCASUS-NET-AS Caucasus 
Network Tbilisi, Georgia
 4 - AS855 13259  1.1%  24.5 -- CANET-ASN-4 - Bell Aliant
 5 - AS238612325  1.0%  11.1 -- INS-AS - AT&T Data 
Communications Services
 6 - AS11492   11336  0.9%  14.9 -- CABLEONE - CABLE ONE
 7 - AS232168673  0.7%  45.4 -- RAMtelecom Telecomunicaciones 
S.A
 8 - AS4761 8587  0.7%   2.0 -- INDOSAT-INP-AP INDOSAT Internet 
Network Provider
 9 - AS702  8453  0.7%  11.7 -- AS702 MCI EMEA - Commercial IP 
service provider in Europe
10 - AS156117855  0.6%  70.1 -- Iranian Research Organisation
11 - AS4134 7671  0.6%  13.9 -- CHINANET-BACKBONE 
No.31,Jin-rong Street
12 - AS8151 7128  0.6%  10.4 -- Uninet S.A. de C.V.
13 - AS4775 7014  0.6% 113.1 -- GLOBE-TELECOM-AS Telecom 
Carrier  /  ISP Plus +
14 - AS184166976  0.6% 697.6 -- 
15 - AS239186566  0.5%  54.7 -- CBB-BGP-IBARAKI Connexion By 
Boeing Ibaraki AS
16 - AS102926491  0.5%  26.4 -- CWJ-1 - Cable & Wireless Jamaica
17 - AS126546458  0.5% 293.5 -- RIPE-NCC-RIS-AS RIPE NCC RIS 
project
18 - AS146996276  0.5% 627.6 -- BTCBCI - Bloomingdale 
Communications Inc
19 - AS153996275  0.5% 130.7 -- WANANCHI-KE Wananchi Online 
Limited
20 - AS5800 6118  0.5%  79.5 -- DDN-ASNBLK - DoD Network 
Information Center


TOP 20 Unstable Origin AS (Updates per announced prefix)
Rank ASNUpds %  Upds/PfxAS-Name
 1 - AS382624701  0.4%4701.0 -- JIVE-247-AS-AP JIVE 247 
COMMUNICATION ENTERPRIS
 2 - AS3043 3325  0.3%3325.0 -- AMPHIB-AS - Amphibian Media 
Corporation
 3 - AS315942057  0.2%2057.0 -- FORTESS-AS Fortess LLC Network
 4 - AS392501553  0.1%1553.0 -- COLOPROVIDER-AS Colo Provider
 5 - AS7781 2415  0.2%1207.5 -- NETCONNECT - Network Connection
 6 - AS4678 1993  0.2% 996.5 -- FINE CANON NETWORK 
COMMUNICATIONS INC.
 7 - AS34378 912  0.1% 912.0 -- RUG-AS Razguliay-UKRROS Group
 8 - AS3944  803  0.1% 803.0 -- PARTAN-LAB - Partan & Partan
 9 - AS12408 740  0.1% 740.0 -- BIKENT-AS Bikent Ltd. 
Autonomous system
10 - AS184166976  0.6% 697.6 -- 
11 - AS146996276  0.5% 627.6 -- BTCBCI - Bloomingdale 
Communications Inc
12 - AS329371192  0.1% 596.0 -- 
CAC-FOR-THE-DEAF-AND-HARD-OF-HEARING - Communication Access Center for the Deaf 
and Hard of Hearing, Inc.
13 - AS22263 587  0.1% 587.0 -- NAVINVEST-MARINE-SERVICES - 
Navinvest Marine Services Inc.
14 - AS1206  567  0.1% 567.0 -- PSCNET-HS-AS - Pittsburgh 
Supercomputing Center
15 - AS331881069  0.1% 534.5 -- SCS-NETWORK-1 - Sono Corporate 
Suites
16 - AS15437 503  0.0% 503.0 -- ASN-KJWS KJWS Autonomous System
17 - AS18173 469  0.0% 469.0 -- AKU-AS-PK Aga Khan University
18 - AS305174220  0.3% 468.9 -- GREAT-LAKES-COMNET - Great 
Lakes Comnet, Inc.
19 - AS12866 460  0.0% 460.0 -- SUN_EU_AS Sun Microsystems 
European AS
20 - AS41443 457  0.0% 457.0 -- SMART-TELEKOM-AS 
SMART-TELEKOM-AS


TOP 20 Unstable Prefixes
Rank Prefix Upds % Origin AS -- AS Name
 1 - 203.177.144.0/23   5457  0.4%   AS4775  -- GLOBE-TELECOM-AS Telecom 
Carrier  /  ISP Plus +
 2 - 61.28.170.0/24 4701  0.3%   AS38262 -- JIVE-247-AS-AP JIVE 247 
COMMUNICATION ENTERPRIS
 3 - 209.140.24.0/243325  0.2%   AS3043  -- AMPHIB-AS - Amphibian Media 
Corporation
 4 - 203.199.128.0/19   3064  0.2%   AS4755  -- VSNL-AS Videsh Sanchar Nigam 
Ltd. Autonomous System
 5 - 216.32.206.0/242105  0.1%   AS20473 -- AS-CHOOPA - Choopa, LLC
 6 - 194.242.124.0/22   2057  0.1%   AS31594 -- FORTESS-AS Fortess LLC Network
 7 - 61.0.0.0/8 1991  0.1%   AS4678  -- FINE CANON NETWORK 
COMMUNICATIONS INC.
 8 - 216.234.49.0/241749  0.1%   AS7781  -- NETCONNECT - Network Connection
 9 - 83.98.220.0/23 1553  0.1%   AS39250 -- COLOPROVIDER-AS Colo Provider
10 - 83.210.35.0/24 1409  0.1%   AS23918 -- CBB-BGP-IBARAKI Connexion By 
Boeing Ibaraki AS
 AS29257 -- CBB-IE-AS Connexion by Boeing 
Ireland, Ltd.
 AS30533 -- THEBOE-30533 - The Boeing 
Company
 AS31050 -- CBB-RU-ASN Connexion by Boei

The Cidr Report

[cidr-report]

This report has been generated at Fri Dec  8 21:49:56 2006 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.

Check http://www.cidr-report.org/as4637 for a current version of this report.

Recent Table History
Date  PrefixesCIDR Agg
01-12-06202144  131097
02-12-06202294  130820
03-12-06202248  130861
04-12-06202364  130782
05-12-06202191  130975
06-12-06202520  131020
07-12-06202677  131226
08-12-06202746  131340


AS Summary
 23796  Number of ASes in routing system
 10047  Number of ASes announcing only one prefix
  1519  Largest number of prefixes announced by an AS
AS7018 : ATT-INTERNET4 - AT&T WorldNet Services
  91134208  Largest address span announced by an AS (/32s)
AS721  : DISA-ASNBLK - DoD Network Information Center


Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as 
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').

 --- 08Dec06 ---
ASnumNetsNow NetsAggr  NetGain   % Gain   Description

Table 202557   1313247123335.2%   All ASes

AS4755  1057   67  99093.7%   VSNL-AS Videsh Sanchar Nigam
   Ltd. Autonomous System
AS4134  1209  283  92676.6%   CHINANET-BACKBONE
   No.31,Jin-rong Street
AS18566  981  109  87288.9%   COVAD - Covad Communications
   Co.
AS9498   892  134  75885.0%   BBIL-AP BHARTI BT INTERNET
   LTD.
AS4323  1048  299  74971.5%   TWTC - Time Warner Telecom,
   Inc.
AS22773  709   47  66293.4%   CCINET-2 - Cox Communications
   Inc.
AS19262  737  177  56076.0%   VZGNI-TRANSIT - Verizon
   Internet Services Inc.
AS7018  1519  981  53835.4%   ATT-INTERNET4 - AT&T WorldNet
   Services
AS11492  829  309  52062.7%   CABLEONE - CABLE ONE
AS721816  298  51863.5%   DISA-ASNBLK - DoD Network
   Information Center
AS6197  1019  518  50149.2%   BATI-ATL - BellSouth Network
   Solutions, Inc
AS17488  556   57  49989.7%   HATHWAY-NET-AP Hathway IP Over
   Cable Internet
AS19916  567   70  49787.7%   ASTRUM-0001 - OLM LLC
AS18101  490   27  46394.5%   RIL-IDC Reliance Infocom Ltd
   Internet Data Centre,
AS855539   87  45283.9%   CANET-ASN-4 - Bell Aliant
AS17676  501   65  43687.0%   JPNIC-JP-ASN-BLOCK Japan
   Network Information Center
AS15270  489   60  42987.7%   AS-PAETEC-NET - PaeTec.net -a
   division of
   PaeTecCommunications, Inc.
AS3602   516  106  41079.5%   AS3602-RTI - Rogers Telecom
   Inc.
AS4766   709  311  39856.1%   KIXS-AS-KR Korea Telecom
AS8151   777  398  37948.8%   Uninet S.A. de C.V.
AS2386  1107  738  36933.3%   INS-AS - AT&T Data
   Communications Services
AS4812   423   65  35884.6%   CHINANET-SH-AP China Telecom
   (Group)
AS6467   387   52  33586.6%   ESPIRECOMM - Xspedius
   Communications Co.
AS16852  380   60  32084.2%   BROADWING-FOCAL - Broadwing
   Communications, Inc.
AS6198   551  263  28852.3%   BATI-MIA - BellSouth Network
   Solutions, Inc
AS16814  329   42  28787.2%   NSS S.A.
AS10139  299   13  28695.7%   SMARTBRO-PH-AP Smart
   Broadband, Inc.
AS33588  410  126  28469.3%   BRESNAN-AS - Bresnan
   Communications, LLC.
AS6517   394  111  28371.8%   YIPESCOM - Yipes
   Communications, Inc.
AS14654  3