Re: Comment spammers chewing blogger bandwidth like crazy
On Tuesday 16 January 2007 03:06, Jason Frisvold wrote:
>
> The argument there is that those users don't deserve to comment if
> they can't keep their computers clean, but let's get real.. Some of
> this stuff is getting pretty advanced and it's getting tougher for
> general users to keep their computers clean.
I'd have said it was getting easier to keep computers clean. Back in the late
1980's I use to have my own DOS boot disk, with bootsector antivirus tools,
so that any PC I used on my University I could be sure was clean. Doesn't
mean there aren't more computers, with less clueful users, these days.
> I think a far better system is something along the lines of a SURBL
> with word filtering. I believe that Akismet does something along
> these lines.
This is the same issue as the email spam issue. Identify by source, or
content. Just as content filters are error prone with email spam, they will
be error prone with other types of content.
I think either approach is viable, as long as the poster has an immediate
method of redress. ("My IP is clean" works, and scales, "this URL is safe"
works but doesn't scale, "this post" is safe is viable). In each case you
need to make sure the redress is protected from abuse, so some sort of
CAPTCHA is inevitable.
> > There is such a black listing service already, but again, reliability is
> > an issue.
>
> Reliability is always an issue with blacklists as they are run as
> independent entities. There is always someone who has a problem with
> how an individual blacklist is run...
That is easily solved with one's feet. Not as if there is a shortage of
blacklists for various purposes.
Re: Comment spammers chewing blogger bandwidth like crazy
Frisvold: How does this make his assumption incorrect? Spam is spam and DNSBLs will likely be very effective when it comes to stopping comment spam. There are, of course, some severe problems with using a DNSBL as a blocklist for comments... But there's a major problem here... A DNSBL is a source blocklist. Since the current trend in spam (comment and smtp) is to use botnets, then by blocking the bots, you also block the users who would make meaningful comments. Especially as bots are usually found in customer dynamic-IP pools. Assigning a value for relative spamminess by country would work up to a point (Italy, Ukraine, we mean you) but the false positive rate is unacceptable. Anyway, very anti-Internet and hardly appropriate for a blog whose declared mission is pan-European opinion.. The argument there is that those users don't deserve to comment if they can't keep their computers clean, but let's get real.. Some of this stuff is getting pretty advanced and it's getting tougher for general users to keep their computers clean. I think a far better system is something along the lines of a SURBL with word filtering. I believe that Akismet does something along these lines. We had a word filter plus lookups of bsb.spamlookup.net. Our experience in the last few months was not good - the rate of false positives was high (essentially all genuines had to be individually approved, and worse, rather than into a queue they usually went into the spamtrap) and the rate of false negatives was nontrivial. We have recently implemented Akismet. It's a major improvement - the false positives have been nearly eliminated and the false negatives down to a couple a week. Multi-layered defence is a "must" - for example, most comments spam is very self-similar, so you could run a Bayesian filter comparing the stuff rejected by the blocklist with the content of the trap in order to sort between "spam" and "hold for approval". Mind you, some of the Bayesian-beating techniques used for SMTP spam are now showing up in comments - for example, delivering the beneficiary link and a paragraph of news scraped from news.bbc.co.uk, which is a lot like a real (but dull:-)) comment. Perhaps a better filter might be on the links they contain (some domains come up again, and again, and again). Then again, once you're doing anything like that, it's already hit your server and is costing cycles if nothing else. In the future, someone will lose the vote through being mistaken for a spambot. Alex
Re: AFP article on Taiwan cable repair effort
On Sun 14 Jan 2007 (01:51 -0800), Bill Woodcock wrote: > > > http://news.yahoo.com/s/afp/20070112/tc_afp/asiaquakeinternet_070112170621 > > A few numbers to help understand the scale of the effort being applied. Is it just me or is this article a migraine inducing mix of metric and English measures? down to about 4,000 metres (2.5 miles), ... 100 metres (yards) long ... waiting for 30 to 40 mile-an-hour winds (48 to 64 kilometres- an-hour) to die down... The winds have stirred up 10 to 12 metre waves Today's fibre optic cables are just 21 millimetres in diameter The grapnel is a metal tool about 18 by 24 inches (46 by 61 centimetres) ... Arrgh... -- Jim Segrave [EMAIL PROTECTED]
Re: AFP article on Taiwan cable repair effort
Hi, Nice flash animation from alcatel how submarine cables get laid and repaired: http://www1.alcatel-lucent.com/submarine/products/marine/index.htm bye, ingo
Re: AFP article on Taiwan cable repair effort
On 1/16/07, Ingo Flaschberger <[EMAIL PROTECTED]> wrote: Hi, Nice flash animation from alcatel how submarine cables get laid and repaired: http://www1.alcatel-lucent.com/submarine/products/marine/index.htm bye, ingo Thanks for the link, which brought me to the page http://www1.alcatel-lucent.com/submarine/vessels/index.htm where their vessels are decribed. Their specs bring up something (at to least to me) of interest. The popular story is always "in the 90-ties so much submarine (trans-Atlantic & -Pacific fiber was laid that it will take decades to fill it up. And the bust of 2000 seemed proof enough. However, from the specs of Alcatel's 5 vessels one learns that 4 of them are effectively from 2002 (!). So did Alcatel some anti-cyclic investing - or did they know more than others? grtz d -- Each day, one day is added to our past, and thus one day subtracted from our future. That is why the future ought to be simpler than the past. Why is it then, that we always wrestle with the future? --Nico Baken
Re: AFP article on Taiwan cable repair effort
> Date: Tue, 16 Jan 2007 15:04:17 +0100 > From: "D.H. van der Woude" <[EMAIL PROTECTED]> > To: NANOG@merit.edu > Subject: Re: AFP article on Taiwan cable repair effort > > Thanks for the link, which brought me to the page > http://www1.alcatel-lucent.com/submarine/vessels/index.htm > where their vessels are decribed. > > Their specs bring up something (at to least to me) of interest. > The popular story is always "in the 90-ties so much submarine > (trans-Atlantic & -Pacific fiber was laid that it will take decades > to fill it up. And the bust of 2000 seemed proof enough. > > However, from the specs of Alcatel's 5 vessels one learns > that 4 of them are effectively from 2002 (!). > > So did Alcatel some anti-cyclic investing - or did they know > more than others? 1) Any idea how long it takes to manufacture one of those vessels? Any idea how long in advance of start of manufacture that the 'firm order' had to be placed? 2) Were they additions to Alcatel's fleet, or _replacements_? 3) With all that additional cable 'in place', the amount of maintenance required goes up proportionately.
Re: Network end users to pull down 2 gigabytes a day, continuously?
On Tue, Jan 16, 2007 at 11:53:25AM +1300, Richard Naylor wrote: [...] > I don't see many obstacles for content and neither do other broadcasters. > The broadcast world is changing. Late last year ABC or NBC (sorry brain > fade) announced the lay off of 700 News staff, saying news is no longer > king. Was it ever? Allegedly Murdoch's Sky only launched their Sky News channel so they could claim to be a reputable broadcaster.
oracle net ops contact
Hello! Could anybody from AS794 (Oracle) NOC contact me out of the list? I see routing issue inside AS794. Thanks. -- Dmitry Kiselev
what happens when you put a typo in a DNSBL server?
A number of ISPs use njabl.org as a DNS BL server. However, starting jan 2 a new domain exists "njalb.org" which is serving A records for anything queried against it's DNS server. (note the difference: njaBL vs njaLB). Previous to this date a misconfigured ISP was just not being protected by the BL. Now, it's potentially dropping all mail from anyone because of the typo. # dig +short mail.merit.edu a 198.108.1.11 # dig +short 11.1.108.198.combined.njabl.org # dig +short 11.1.108.198.combined.njalb.org 64.20.43.107 66.45.232.66 66.45.232.75 66.45.237.187 I know of at least one ISP that is likely dropping mail from everyone... -- "In the bathtub of history the truth is harder to hold than the soap, and much more difficult to find." -- Terry Pratchett
Re: what happens when you put a typo in a DNSBL server?
Let's all hope they don't think of the possibilities *too* quickly. On 1/16/07, Wes Hardaker <[EMAIL PROTECTED]> wrote: A number of ISPs use njabl.org as a DNS BL server. However, starting jan 2 a new domain exists "njalb.org" which is serving A records for anything queried against it's DNS server. (note the difference: njaBL vs njaLB). Previous to this date a misconfigured ISP was just not being protected by the BL. Now, it's potentially dropping all mail from anyone because of the typo. # dig +short mail.merit.edu a 198.108.1.11 # dig +short 11.1.108.198.combined.njabl.org # dig +short 11.1.108.198.combined.njalb.org 64.20.43.107 66.45.232.66 66.45.232.75 66.45.237.187 I know of at least one ISP that is likely dropping mail from everyone... -- "In the bathtub of history the truth is harder to hold than the soap, and much more difficult to find." -- Terry Pratchett
Re: Comment spammers chewing blogger bandwidth like crazy
On 1/16/07, Simon Waters <[EMAIL PROTECTED]> wrote:
This is the same issue as the email spam issue. Identify by source, or
content. Just as content filters are error prone with email spam, they will
be error prone with other types of content.
Agreed, but the average end-user has not been subjected to the long,
arduous, usually fruitless task of requesting their IP be removed from
a DNSBL. So what's the alternative? Popping up a page to allow them
to be removed from the list? While this may work, getting an IP
removed generally takes days, if not weeks. By that time, any comment
they wanted to post would be irrelevant.
You could mark that particular comment as moderated and check it by
hand, but then the spammers will adapt and "go through the motions"
with every comment, making moderation difficult if not impossible.
I think either approach is viable, as long as the poster has an immediate
method of redress. ("My IP is clean" works, and scales, "this URL is safe"
works but doesn't scale, "this post" is safe is viable). In each case you
need to make sure the redress is protected from abuse, so some sort of
CAPTCHA is inevitable.
Hrm.. captchas have their own set of problems. Accessibility,
confusion, etc. Not that they don't work, but if you make the captcha
readable enough for humans, then it's inevitable that an OCR program
will be able to identify it as well. There has been some progress
with alternative captchas that require some thought on the user end,
but in the end it becomes frustrating.
--
Jason 'XenoPhage' Frisvold
[EMAIL PROTECTED]
http://blog.godshell.com
Re: AFP article on Taiwan cable repair effort
Jim Segrave wrote: > On Sun 14 Jan 2007 (01:51 -0800), Bill Woodcock wrote: >> >> http://news.yahoo.com/s/afp/20070112/tc_afp/asiaquakeinternet_070112170621 >> >> A few numbers to help understand the scale of the effort being applied. > > Is it just me or is this article a migraine inducing mix of metric and > English measures? you're lucky they also didn't use nautical miles and fathoms (1.829 meters in si units)... > down to about 4,000 metres (2.5 miles), ... > > 100 metres (yards) long ... > > waiting for 30 to 40 mile-an-hour winds (48 to 64 kilometres- an-hour) > to die down... > > The winds have stirred up 10 to 12 metre waves > > Today's fibre optic cables are just 21 millimetres in diameter > > The grapnel is a metal tool about 18 by 24 inches (46 by 61 > centimetres) ... > > Arrgh... >
nanog@merit.edu
I have a cage at an AT&T hosting facility in NY. Every few weeks I end up with horrendous VPN problems to another site I have on MCI's network in Maryland, as well as to a partners site, in the same area, also on MCI. mtr -s 800 to either site shows 10% packet loss on the hop from: 12.122.105.45 -> 192.205.34.50 Both of these appear to be AT&T routers (I say appear to be because I am relying on the netblock information from ARIN- reverse DNS for routers seems to be uncool). Does anyone else run into this problem? Smaller pings show far fewer (if any) issues and other traffic is passable- but it kills my VPN's. -Don
Re: what happens when you put a typo in a DNSBL server?
> Previous to this date a misconfigured ISP was just not being >protected by the BL. Now, it's potentially dropping all mail from >anyone because of the typo. If only. I am constantly amazed at the bozos who misconfigure their DNSBL lookups and don't notice. Many people are just sure that abuse.net is a blacklist, and no matter what I do (try looking up 2.0.0.127.abuse.net) they keep hammering on it. I also see lookups to names with http// in them and just about any other idiotic mistake you can imagine, again no set of responses seems to get their attention. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://www.johnlevine.com, Mayor "More Wiener schnitzel, please", said Tom, revealingly.
Opentransit route-server
Hello, After few days experiencing problems, we have upgraded the hardware for our route-server. telnet://route-server.opentransit.net ipv6: 2001:688:0:3:4::5 Comments are welcome Thanks German Martinez
Re: what happens when you put a typo in a DNSBL server?
On Tue, 16 Jan 2007, Wes Hardaker wrote: > > > A number of ISPs use njabl.org as a DNS BL server. However, starting > jan 2 a new domain exists "njalb.org" which is serving A records for > anything queried against it's DNS server. (note the difference: njaBL > vs njaLB). Previous to this date a misconfigured ISP was just not > being protected by the BL. Now, it's potentially dropping all mail > from anyone because of the typo. > > # dig +short mail.merit.edu a > 198.108.1.11 > > # dig +short 11.1.108.198.combined.njabl.org > > # dig +short 11.1.108.198.combined.njalb.org > 64.20.43.107 > 66.45.232.66 > 66.45.232.75 > 66.45.237.187 right, these are those pesky njiix.net 'dns servers' that send the same 4 A's for any request. I suspect their zone config is: * IN A 64.20.43.107 IN A 66.45.232.66 IN A 66.45.232.75 IN A 66.45.237.187 in the root.zone file :(
Re: what happens when you put a typo in a DNSBL server?
On 16 Jan 2007, at 17:36, Wes Hardaker wrote: A number of ISPs use njabl.org as a DNS BL server. However, starting jan 2 a new domain exists "njalb.org" which is serving A records for anything queried against it's DNS server. This is a common problem affecting Spamhaus and others as well; domain squatters register every variation of our domains and place wildcard DNS on them. We get quite a few complaints from users that we're blocking them and when investigated we find some postmaster has fat-fingered an entry in his spam filter and instead of "spamhaus.org" has entered a domain squatter's variation, such as one of these: ;; Query: 1.2.3.4.spamhuas.org ,type = ANY , class = ANY ^^ ;; ANSWERS: 1.2.3.4.spamhuas.org3600IN A 64.20.49.210 1.2.3.4.spamhuas.org3600IN A 64.20.33.115 1.2.3.4.spamhuas.org3600IN A 64.20.33.131 1.2.3.4.spamhuas.org3600IN A 64.20.33.4 ;; Query: 1.2.3.4.spamhauz.org ,type = ANY , class = ANY ^ ;; ANSWERS: 1.2.3.4.spamhauz.org3600IN A 64.20.33.131 1.2.3.4.spamhauz.org3600IN A 64.20.49.210 1.2.3.4.spamhauz.org3600IN A 64.20.33.4 1.2.3.4.spamhauz.org3600IN A 64.20.33.115 Steve Linford The Spamhaus Project http://www.spamhaus.org
nanog@merit.edu
I have had similar issues with AT&T in NY. They have peering issues with MCI killing random access to random websites, (www.netflix.com, www.netbank.com). I trouble shot it with AT&T a couple week ago and they killed a bad link. It fixed my problem. Last I knew the link was still down and they were looking to repair it this week. -Matt On Jan 16, 2007, at 12:44 PM, Donald Stahl wrote: I have a cage at an AT&T hosting facility in NY. Every few weeks I end up with horrendous VPN problems to another site I have on MCI's network in Maryland, as well as to a partners site, in the same area, also on MCI. mtr -s 800 to either site shows 10% packet loss on the hop from: 12.122.105.45 -> 192.205.34.50 Both of these appear to be AT&T routers (I say appear to be because I am relying on the netblock information from ARIN- reverse DNS for routers seems to be uncool). Does anyone else run into this problem? Smaller pings show far fewer (if any) issues and other traffic is passable- but it kills my VPN's. -Don -- Matthew S. Crocker President Crocker Communications, Inc. Internet Division PO BOX 710 Greenfield, MA 01302-0710 http://www.crocker.com
Re: AFP article on Taiwan cable repair effort
Joel Jaeggli <[EMAIL PROTECTED]> writes: >> Is it just me or is this article a migraine inducing mix of metric and >> English measures? > > you're lucky they also didn't use nautical miles and fathoms (1.829 > meters in si units)... Leagues... mustn't forget leagues. ---rob
Re: what happens when you put a typo in a DNSBL server?
> "JL" == John Levine <[EMAIL PROTECTED]> writes: >> Previous to this date a misconfigured ISP was just not being >> protected by the BL. Now, it's potentially dropping all mail from >> anyone because of the typo. JL> If only. I am constantly amazed at the bozos who misconfigure their JL> DNSBL lookups and don't notice. Part of the problem is that the protocol is designed to overlay an existing protocol without providing a valid positive response. In this case, lame ISP configures a typo and goes for ages without noticing that it didn't help them at all because every query was getting a NXDOMAIN back and they didn't check the traffic. Had this been a real protocol you would have gotten back a 404 like message instead! Shoe-horning DNS (or any protocol) into a solution works well only if you don't make mistakes. And we know that never happens. In the end, you don't get error messages when you misconfigure a DNSBL. That's an architectural issue with how DNSBLs work in the first place. -- "In the bathtub of history the truth is harder to hold than the soap, and much more difficult to find." -- Terry Pratchett
Re: AFP article on Taiwan cable repair effort
Furlongs per fortnight. On Jan 16, 2007, at 3:46 PM, Robert E. Seastrom wrote: Joel Jaeggli <[EMAIL PROTECTED]> writes: Is it just me or is this article a migraine inducing mix of metric and English measures? you're lucky they also didn't use nautical miles and fathoms (1.829 meters in si units)... Leagues... mustn't forget leagues. ---rob
Ams-ix issues?
Anyone aware of any issues as of right now? Seems I may have lost connectivity at amsix
Re: Ams-ix issues?
All sessions up here (29686). I dont see even a single flap within the last 30 mins and we peer with quite many. Cant ping your ip tho: [EMAIL PROTECTED]> ping 195.69.144.113 PING 195.69.144.113 (195.69.144.113): 56 data bytes ^C --- 195.69.144.113 ping statistics --- 12 packets transmitted, 0 packets received, 100% packet loss Regards, Jonas On Tue, 2007-01-16 at 22:52, Christian Koch wrote: > Anyone aware of any issues as of right now? Seems I may have lost > connectivity at amsix
Re: Ams-ix issues?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jonas Frey wrote:
| All sessions up here (29686). I dont see even a single flap within the
| last 30 mins and we peer with quite many.
|
| Cant ping your ip tho:
|
| [EMAIL PROTECTED]> ping 195.69.144.113
| PING 195.69.144.113 (195.69.144.113): 56 data bytes
| ^C
| --- 195.69.144.113 ping statistics ---
| 12 packets transmitted, 0 packets received, 100% packet loss
|
| Regards,
| Jonas
|
| On Tue, 2007-01-16 at 22:52, Christian Koch wrote:
|
|>Anyone aware of any issues as of right now? Seems I may have lost
|>connectivity at amsix
|
|
PING 195.69.144.113 (195.69.144.113) from 192.168.48.226 : 56(84) bytes of data.
- --- 195.69.144.113 ping statistics ---
7 packets transmitted, 0 received, 100% loss, time 6014ms
| /usr/sbin/traceroute 195.69.144.113
traceroute to 195.69.144.113 (195.69.144.113), 30 hops max, 40 byte packets
~ 1 krzach.peter-dambier.de (192.168.48.2) 2.960 ms 3.165 ms 3.774 ms
~ 2 MANX45-erx (217.0.116.41) 53.313 ms 64.280 ms 82.398 ms
~ 3 217.0.66.234(H!) 76.091 ms * *
From
host_look("84.171.231.46","echnaton.serveftp.com","1420551982").
host_name("84.171.231.46","p54ABE72E.dip.t-dialin.net").
Cheers
Peter and Karin
- --
Peter and Karin Dambier
Cesidian Root - Radice Cesidiana
Rimbacher-Strasse 16
D-69509 Moerlenbach-Bonsweiher
+49(6209)795-816 (Telekom)
+49(6252)750-308 (VoIP: sipgate.de)
mail: [EMAIL PROTECTED]
mail: [EMAIL PROTECTED]
http://iason.site.voila.fr/
https://sourceforge.net/projects/iason/
http://www.cesidianroot.com/
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.7 (GNU/Linux)
iD8DBQFFrVAFPGG/Vycj6zYRAtw2AJ9nHhjJoB/TpWyukaz4fOXZhAU8mACfTi48
k8cs0YpDJubWE6klh+CbSPY=
=pbdZ
-END PGP SIGNATURE-
Re: Ams-ix issues?
On 16-Jan-2007, at 16:52, Christian Koch wrote: Anyone aware of any issues as of right now? Seems I may have lost connectivity at amsix The [EMAIL PROTECTED] list is probably a better place to find signs of widespread problems (and since I've heard no noise on that list today, I would say the chance of there being widespread problems right now is low). Joe
Re: what happens when you put a typo in a DNSBL server?
JL> If only. I am constantly amazed at the bozos who misconfigure their JL> DNSBL lookups and don't notice. Part of the problem is that the protocol is designed to overlay an existing protocol without providing a valid positive response. In this case, lame ISP configures a typo and goes for ages without noticing that it didn't help them at all because every query was getting a NXDOMAIN back Uh, not quite. Try looking up 2.0.0.127.abuse.net, and then explain to me why people keep hammering on it. Regards, John Levine, [EMAIL PROTECTED], Primary Perpetrator of "The Internet for Dummies", Information Superhighwayman wanna-be, http://johnlevine.com, Mayor "I dropped the toothpaste", said Tom, crestfallenly.
