Re: [nanog] RE: Abandoned ship anchor found at FALCON cable cut
I think in order to be consistent it has to be: subho backanchor Feel free to come up with your own, and start making up jokes like: how do you find an underseas cable? let an anchor fall and see where it lands. allan On Feb 7, 2008, at 6:21 PM, Tuc at T-B-O-H.NET wrote: Doesn't sound like sabotage to me. In fact, it sounds like bad luck. Will this now be termed "Anchor fade" in the future? Tuc
Re: Hey, SiteFinder is back, again...
I know this is just anecdotal, but I have Verizon FIOS in Northern Virginia and I have not seen sitefinder pop up. I just verified with a few sites to make sure. allan On Nov 3, 2007, at 11:40 PM, David Lesher wrote: www.consumeraffairs.com/news04/2007/11/verizon_search.html November 3, 2007 Subscribers to Verizon's high-powered fiber-optic Internet service (FiOS) are reporting that when they mistype a Web site address, they get redirected to Verizon's own search engine page -- even if they don't have Verizon's search page set as their default.
Re: Measure overall network availability
Hello Joe, Thursday, January 6, 2005, 11:23:48 PM, you wrote: JS> is there any recommended method to measure overall JS> network availability? I prefer the inverse help-desk calls method (a low number of help-desk calls means greater availability -- or that your new VOIP system is being impacted by the problems) ;). allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Re: Server mirroring
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Priyantha, For the RedHat boxes you can use rsync: http://samba.anu.edu.au/rsync/ Thursday, November 27, 2003, 4:35:21 PM, you wrote: P> As a part of business continuity plan we are going to have all our servers P> replicated in a different place to which a fiber connection is available. P> (Currently its running at 100Mb) Servers are running mostly RH Linux 7.2 to P> 8.x and couple of Win 2000 servers too. P> I'm looking for a non-expensive software solution for this task. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAP8Z3ZCkg6TAvIBeFAQH0MwP+IoPC/Xa6umjBLcli989zk7RXWwUhweJE joxzM7QODBmZTwtAb6IDa05HM9cfYN3r/3FOnKRVfJiGjxjlBWBvwYRgr9+ilMBH EoTKKC4MCmd0UB9DjsLj+uzRqzPhBRhoCX10Aq9eKRRfczCLQJrDrmhQ3cL5Ei0o AWgt8cWguO0= =Tovj -END PGP SIGNATURE-
Re: CCO/cisco.com issues.
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Allan, Monday, October 6, 2003, 7:22:30 PM, you wrote: AL> As far as comparing NANOG moderation to Nazi Germany that is AL> disgusting and beneath contempt. My apologies to Kai and the list, I misread -- to some extent -- the original meaning of the post. My comments were certainly harsher than warranted. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org http://www.hosthideout.com -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAP4IEiSkg6TAvIBeFAQG7mAQAsiNj+6O0K7LXpnXFgLDI/0135zCoSgW1 qQXXQLJ55VxofXl68YcATV6ANCNzmsOXVcztnO3u8k2WXfxWhpXqXTItdf2JMTCH i0T/VfjXDl7GTSwhBKGh2JF07qlO9r8J94qOaegvIsz9bnNpuKrd4PyUzofcWRSx W9k/4C5v23k= =ALrZ -END PGP SIGNATURE-
Re[2]: CCO/cisco.com issues.
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Kai, Monday, October 6, 2003, 6:39:49 PM, you wrote: KS> The following well-remembered lines come to mind here, and excuse me if KS> you hear a slight hysterical laughter from my direction: I don't know what your post has to do with the original topic, but if you don't like the way NONOG is moderated, please feel free to start your own Network Operators mailing list. As far as comparing NANOG moderation to Nazi Germany that is disgusting and beneath contempt. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org http://www.hosthideout.com -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAP4H5OSkg6TAvIBeFAQH71gP/XLt+Z9O+VHTUJQTNIZpyOI8ijA+HYYI+ Gbji4Z6W9KJcuUKpv5fM6Ud5PbD79yOcGpl4fMndoQnCQsT42CnXAeg9v+mj49/e e0WXAStNfxl+DC/Arr7vLi4/SkxRqHjdSEPulDTeJeHEWykDm8On/nSUyXinRsrS gxIGYyOSEYE= =PMx8 -END PGP SIGNATURE-
Re: root server owners?
On Wed, 17 Sep 2003, William Allen Simpson wrote: > > Googling around, I couldn't find a definitive list of the root-servers > owners. Any canonical method of determining which hints we should > remove? I'd like to drop them from our config files. > http://www.root-servers.org/ allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Re[2]: Alert to Phone/Pager System
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Jeffrey, Thursday, September 11, 2003, 5:50:40 PM, you wrote: JM> I may be missing something, but don't monitoring systems (ie, Nagios) JM> have the built-in ability to send out pages w/ a locally attached modem, JM> or SMS (if you setup an email forwarder). In this case the monitoring system in place, which cannot be changed, can send out an alert, but only to a single source. The current system does not have the ability to handle the additional rotation capabilities needed for this project. Thanks for all the responses I have gotten so far. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org http://www.hosthideout.com -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAP2D6Yikg6TAvIBeFAQEcxQP/SwPCAX9yeCWxUDml4si5CA4hR5SmDmMW 0w2x4GX20/Nh4Nc4rYJW1oqrWLw0Mw+fy5oPSht7IcJqzTPCJNKHvW72+Yx20nLt I10uGQ6iP/ldhdqV20vJ1d5XbU5n/3Iwq+OpaQPE8E6P8CPkFaMr79yk+vl/1TFO xn2tLDrEJ+M= =9V+V -END PGP SIGNATURE-
Alert to Phone/Pager System
I am looking for a hardware/software solution to a problem and I am hoping someone has implemented something similar: A monitoring system notices an error and sends an alert to a system (the alert can be sent over POTS or SMTP). The system recevies the alert and sends out a message (Pager/POTS/SMTP/SMS) to a group of people in a pager rotation. The 1st person is paged, if no response is received the second person is paged and so on down the line until someone responds. I looked at the Dialogic's The Communicator: http://www.dccusa.com/products.html But, it is a little pricey. I also looked at VOCP System: http://www.vocpsystem.com/ But, the desision maker is a little skittish about open source projects. Does anyone know of a happy medium between these two systems that will fill the requirements outlined above? Thanks! allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Re: Paypal off-the-air?
On Fri, 29 Aug 2003, John Ferriby wrote: > > It seems that PayPal is off-the-air. We're seeing all connections die via > uunet and sprint routes. Anyone know what's going on? > It may just have been a temporary thing, I am able to reach the site fine from here, and it traces through UUNET no problem. allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Re: www.ebay.com down?
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Richard, Thursday, August 21, 2003, 1:05:15 AM, you wrote: RG> Have not been able to search for items on www.ebay.com since RG> 8:55pm PDT 8/20/2003. RG> Do you see the same thing? It is slow, but I can to it on my Adelphia --> MFN connection at home. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org http://www.hosthideout.com -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAP0RTbCkg6TAvIBeFAQFV4wP9EC3xERnTbsia10xj1dqdB/0fT47G6HBL 98hYMxL/B+7RfmP4u9k/m9N3zFi1KgeF/o0lN2Yg6SHPBo2FYwylIVz4IijlBv5M huC/GXXOzeT+XQFMdARIIz/9Eefu72PU1+2zEjdyXbfd0Zmi1UeOCK6JPnwsDika zx7XBBUyiyI= =w5wV -END PGP SIGNATURE-
Re: Server Redundancy
On Wed, 6 Aug 2003, Gerald wrote: > > vrrp on FreeBSD is supposed to be a free solution to allow machines to > watch each other and take over IP addressing if connectivity is lost. > Depending on how remote your IP blocks are and how much control you have > over the routing equipment in between, your only choice may be a > commercial solution. > Two things to keep in mind: VRRP is not a load balancing solution, it is a failover solution and (AFAIK) VRRP only operates within-network. allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Re: Server Redundancy
On 6 Aug 2003, Jason Greenberg wrote: > > Can I have some suggestions on how to load balance servers that are on > seperate IP blocks? Is there any way to perform translation at this > level? Exclude DNS based balancing please... > Take a look at Nortel's Alteon product line, Cisco's CSS product line, or F5's BigIP Product Line. All of which have Global Server Load Balancing capability. The GSLB can be done a number of different ways on these boxes including stupid DNS tricks (not your typical round robin stuff, but still DNS) and using a BGP configuration. Hope this helps! allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Re: Cisco vulnerability and dangerous filtering techniques
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 22 Jul 2003, Jason Frisvold wrote: > > Not only the "clueless", but how about those of us who deploy older > routers sometime in the future with legitimate uses? What happens when > we "forget" that this bug exists? Now we have to go through the process > of adding a "don't forget the IPV4 Cisco Bug" clause to our procedures.. > > You don't need to add that clause as long as you maintain a set of baseline configurations. If you deploy all routers with the same code, or as close to it as possible, then you don't have to remember individual security alerts, because as you update the code on your existing routers, you should be creating a new baseline that should be installed on all newly deployed routers. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0 (GNU/Linux) iD8DBQE/HXtTvfQS9KzHT6ARAo+1AJ0WYoveQOYum6Fjqt2BgphxAIw2tACfRRTo pyJ71GMRlVYpltvuUrWsLLo= =hFp+ -END PGP SIGNATURE-
Re: IETF Web site Down ?
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Marshall, Wednesday, July 9, 2003, 11:28:04 AM, you wrote: ME> I have not been able to get to any www.ietf.org site for the last hour ME> or so, nor can I ping it (4.17.168.6) from mulitple network locations . ME> Is this maintenance, a server problem or a DOS attack ? Works for me, maybe they just don't like you ;). Try one of the mirrors: www1.ietf.org (Reston) www2.ietf.org (Natick) allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org http://www.hosthideout.com -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPww2wykg6TAvIBeFAQEI0AP6AnU28fMoOOWIwrkD19LJyzAp0H1lPnOY SwIbG4qTB4D7CWxgLpVqNq9+U+cxVmWRNoBzbd6I+CH7CP58osD0tFrWnJeGMWqY gwJh2MNcChpLDRdoa2tjBRpaE85VvCfxnj1+qdCKLn3Iypy5wuIjqswaDpvAslqA /xfI/2Au3Ho= =4YaD -END PGP SIGNATURE-
Re: Fast TCP?
On Wed, 4 Jun 2003, Mike Leber wrote: > > > Does anybody know any more about Fast TCP: > > http://story.news.yahoo.com/news?tmpl=story&cid=581&ncid=581&e=6&u=/nm/20030604/tc_nm/technology_internet_dc_3 > > Is it real? > > It it open source? > > Are there any implementations available? > Here's the white paper detailing it: http://netlab.caltech.edu/pub/papers/fast-030401.pdf Here is their home page: http://netlab.caltech.edu/FAST It doesn't look like they have production code available at this point, but it looks like it could be interesting. allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Another Data Center Fire
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Wow, second problem at a major hosting center inside a week. - From Rackshack: At just after 7 PM CST, a major transformer in the Rackshack data center parking lot exploded. At this time, it is still on fire. We have implemented our emergency response plans. Our backup generators are working as designed and a fuel truck has been dispatched. We are also bringing in 2 truck mounted generators as additional backup due to teh length of time we anticipate running on generator. LIMITED staff is working in the building at this time as a precaution. HOWEVER, our full management and administrative staff has been dispached to the facility. Please bear with us if you have reboot or restore tickets pending, we will get to them as fast as possible given the limited in building staff. Just to put the magnitude of this in perspective, we currently have 8 fire trucks, 6 vpolice cars, and two ambulances on our property and in the roadway ... this in addition to several news helicopters. Thanks for your patience. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org http://www.hosthideout.com -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPtv8nSkg6TAvIBeFAQF7ggP9FcpaaowDH9GQQ7k97BwNgHfYQSsOPzt8 XTqJIfhb4JIwoIOXClpuhia2ekTHjZMrboRMoxMJ5qMJBFlbeJIfwEOP/OSAF/r4 AbgDeN/P4dlheLF7l7ejXNUiAgfSBLfkL1yFiyZhd+OYPhyZtnIS2ljXnmRUORul yYE1C+gJY0w= =C7WN -END PGP SIGNATURE-
Re: Decent Colo Facilities
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Matt, Friday, May 30, 2003, 8:23:58 AM, you wrote: mso> Other than the fire recently at NAC in their NJ NOC. Does anyone have any mso> positive or negative feedback about NAC? mso> Also does anyone have any recommendations about a decent colo facility? Overall, NAC has a good reputation in the hosting industry and a lot of mid-sized hosting companies use the NAC data center. They have a strong staff and very resilient network (err, for the most part, stay off the DCJN ;)). As far as decent colo facilities, that is a pretty open ended question and it depends a lot on your needs. Depending on what you are trying to do: Telehouse, PAIX, and Equinix all have very good reputations. Though, of the three, Equinix is really the only one that is somewhat similar to NAC in terms of target market. Hope that helps. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org http://www.hosthideout.com -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPtdv8Skg6TAvIBeFAQEokwP6Aje+LKFj0Q91RRd7hDhVJuiHnXyWJh4z rRvke7Lz2QlEnahLGgX1X/H3lFDmA6KpaFAKXpqF7/75MXgyza/v47mnhKpCdz9Y +fADaCEIMQZwVLfQa81pdifsh+D7sCeCEulyXNO+fX4MUVxehAvR1FXKby32uhXs KzferfgYoQs= =4Uyq -END PGP SIGNATURE-
Re: fire at NAC
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Alex, Wednesday, May 28, 2003, 12:42:40 PM, you wrote: ayc> EMERGENCY NOTIFICATION from NET ACCESS CORPORATION ayc> We are still gathering information, but it appears there was a small fire in ayc> the 3rd floor DSR room, which resulted in a loss of power. Our FM-200 fire ayc> suppressant worked as planned and immediately kicked in. The entire building ayc> has been evacuated at this time and the fire department is onsite. It looks like it may not have been a fire after all: http://www.nac.net/announcements.asp?Action=View&ID=22 Maybe Alex, from NAC, can clear this up :). allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org http://www.hosthideout.com -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPtT0Pikg6TAvIBeFAQGhZwP+M7XN5wJZcStFMhq1P2RIrWVwwZdqyFYm vz1djV42BEjsyXZZUWZEAy2JNTrtm0hbMwEXPiwEhmyS/I0fMvoX+R2vwm97Qo5j m5choCvZyhalyYFAhalbouLYXJjbTbyjW0UL6z4PSWY+Cd0hRJbZFnauZr0q8i0m CAKqlKsNkU8= =3o2Y -END PGP SIGNATURE-
Re: burst.net DDoS?
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Danny, Thursday, March 27, 2003, 3:46:40 PM, you wrote: D> Hey, I've got a several domains hosted on bursts IP space and currently they are getting about 35-45% packet loss. Does anyone have any idea what is going on? I've tried calling them but to no D> avail sadly enough. According to their forum: http://forums.burst.net/showthread.php?s=3e809757b36df1541d1bd78ca8e87f45&threadid=377 They are having problems with their Sprint connection. According to the rumor mill, they are being DoS'd, yet again. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org http://www.hosthideout.com -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPoNm+ykg6TAvIBeFAQHfbAQAs3E0hZ+U8xbPxhRT7wEIbMK+isG6WxD0 L2GlX+r7sBEkwmaAj9mekkTfkF2hMdn6pOsgeSuTVlelufJ1aefIUN8+MLuZkdnF 8FJyF6HGw3JdpsRKPbtCoGWVF6BJ16qFCSW8j9igMFvVO/RzaGdlW0kzz+omGXn2 HB+UCCOTcmY= =m/kN -END PGP SIGNATURE-
Re: untied
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Randy, Monday, February 24, 2003, 12:03:30 AM, you wrote: RB> could someone else please check the dns for www.united.com? the servers RB> for united.com seem to delegate www.united.com, but the delegatee seems RB> not to return an soa. i get very confusing results. This is just a guess, but it appears that the two servers authoritative for www.united.com are load balancers: dc1lbs1.uls-prod.com dc2lbs1.uls-prod.com And it looks like you are correct: vbind.com /home/allan#dig @dc1lbs1.uls-prod.com www.united.com SOA ; <<>> DiG 9.2.1 <<>> @dc1lbs1.uls-prod.com www.united.com SOA ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 168 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.united.com.IN SOA ;; Query time: 37 msec ;; SERVER: 64.95.89.4#53(dc1lbs1.uls-prod.com) ;; WHEN: Mon Feb 24 00:52:08 2003 ;; MSG SIZE rcvd: 32 But that may be intentional... allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPlmyBSkg6TAvIBeFAQHHLQP/X91jZgjX9ghH0MaVRCbrPDb3Jl55+8u3 CE9cOHnqQBOv+XtuHdX/m2+Sqc2zIlf3puowgEafnncs4D8MlpiJhB1wh1pxB3xn yKy+0t3pgX/+1scimqbcS4t8zBh1C3mV2Y0Z1YnbSNmxflvU61sCrJHR8VxfvPLh 9o/7dzATUT0= =yasW -END PGP SIGNATURE-
Re: manhole covers
On Fri, 21 Feb 2003, Marshall Eubanks wrote: > > The interesting thing is that this happens every few weeks (at least - > sometimes multiple times per week), and generally they don't know why. > > Not in Adams Morgan. Not in Foggy Bottom. Not even > in Georgetown Heights. Only in Georgetown, Its become a local joke. > Well of course we know why, its the St. Elmo's Fire ;). allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Re: WHOIS archive
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello John, Wednesday, February 19, 2003, 10:30:36 PM, you wrote: JF> Does anyone know of a WHOIS archive? Netsol/SRS/Arin? Or for JF> that matter, any coordinated efforts to capture this information? This is a question that has been asked repeatedly, on many mailing lists, and the answer is always the same: Not as far as anyone knows. Verisign may have one, but it is not publicly available, and it would only be for the CNO TLDs. Other registries may keep historical data, but again none of it is publicly available. I have not seen any effort to collect such data, the closest thing would be http://www.archive.org/ but of course the web is not the Internet, and you may need different data. Hope this helps. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPlRQeykg6TAvIBeFAQGzqwP+KocKaZlY1kSProfgLscAV4QJydbZVvRt k3cbI4fDIn5NclNzsJIL6/+DtXIlL/zV6fdGXn/V0O5UW92AqOrrphQzhJXS24no gbxearGuCTm3kWLwVa3cG50YpKIxcnbGGiQ1dq8/MG0/3/wa8tbPUtTYZVODNgLX p4xv6MGED6E= =l2ZN -END PGP SIGNATURE-
Re: Spam. Again.. -- and blocking net blocks?
Hello Hansel, Tuesday, December 10, 2002, 3:08:20 PM, you wrote: LH> The SPEWS concept prevents an ISP from allowing spammers on some blocks LH> while trying to service legitimate customers on others. For an ISP - it is LH> either all or none over time, you support spammers and are blocked as a LH> whole (to include innocent customers). Not speaking for or against SPEWS, but couldn't this eventually work against people using the list? If I were a spammer I would keep signing up for accounts, and getting larger and larger blocks of IP Addresses added to the SPEWS list. Eventually, so many blocks would be added to the list, that it would make SPEWS worthless. Once SPEWS is worthless, people will stop using it, and the spammers win. allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Re: Suggestions for ASP colo space that will be around in 3 years?
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Steve, Tuesday, November 19, 2002, 4:40:03 PM, you wrote: SF> Our other main datacenter is in an Equinix site, so for risk management, SF> we don't want to go into any other Equinix site. SF> So anyone have any insight as to who will be around within 3 years? Promise me you won't hold me to these predictions :): Internap: http://www.internap.com Inflow:http://www.inflow.com PAIX http://www.paix.net Switch & Data: http://www.switchanddata.com/ Clear Blue:http://www.clearblue.com/ (formerly colo.com) Hope this helps. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPdrMAykg6TAvIBeFAQGrDQQAr48Cv6bXGIf3ayxcGfQRsTzyh2xg0Scj F3MPVBrhn5sCBxDJHs5210sL1qW14VkYWPysR7iBYK/BonlY+IgoSQHeOKPSaPQS sFu2s7jOEiN6Ge0nVjyO7Gb42xTmvNBAnf/8+BLw2M7w+qjpFSv5Hf/Cy3d8dh42 lsHglCVaGvk= =q4jl -END PGP SIGNATURE-
Re: Even the New York Times withholds the address
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Charles, Tuesday, November 19, 2002, 11:36:28 AM, you wrote: CS> These guys have an idea: CS> http://www.solarhost.com/ Sorry, it is still only a single power source and eventually the Sun is going to burn out. If they want my business I would expect them to have panels pointing toward multiple stars, so they have redundant connections ;). allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPdprfykg6TAvIBeFAQFe9wQAtC7UPXmzFdk8Usy1k417P9w9Me8uROa6 G7OoZ4N6UMk9Mzm7uVJBJFsqU30T9itpuBiQFOadZ4uh7RIEFoR7xwBHj05a+MLx qfMGD8t7K5jBMptHIyup7gdnG1gRnbIUzrBccybY3nPysFp3YbjIupsA1t/8l9Yr 0M2/25LQEe4= =8hzL -END PGP SIGNATURE-
Re: Alternative in Web Hosting ?
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Gawie, Monday, November 4, 2002, 1:08:25 PM, you wrote: GMH> Could someone suggest alternative ISP's where we could host our client's GMH> existing web sites (as a mirror) ? Your best bet is to pose this question to the ISP-Webhosting list: http://isp-lists.isp-planet.com/isp-webhosting/ There really is not one correct answer to your question. There are a lot of different answers depending on things like: 1. Are you interested in Windows or UNIX Hosting? 2. Do you need dedicated servers, or colocation space? 3. What is your budget like? 4. Do you need a managed solution, or will your staff manage the server/servers? Pose your question, with additional details, to the ISP-Webhosting list and I sure you will get some excellent recommendations. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPcbJ0ykg6TAvIBeFAQGFeAP9HUkmrmOYqMy+XOGR5g/xl92TrhbGe+Mp jhqB1JpNH9b2uvTQwDNG6YMrZfnoF80ktnJIIf4pnQVansZGRv4ZklEp16B48lEq F9ikKtxDdsm0noOAUL5AObNqNLUztibttd/FVkeO5fHw5DdDpXvNRNNZnJ5IEwXw 9sGBBJqRGZk= =geNI -END PGP SIGNATURE-
Re: Odd behavior
On Sat, 26 Oct 2002, Joe wrote: > > > Anyone noticing an increase in the amount of port 137 scans? > I've seen just just over 100 in the last 1 hour. When I probe the > offender I see them as MS items with their Harddrives shared wide open. > Only thing in common is they all appear to have some file called put.ini > in their root directory with a line that looks to be from a win.ini and > states brasil.pif or exe. Maybe some new virus? > It looks like the W32/Opaserv-C virus: http://www.sophos.com/virusinfo/analyses/w32opaservc.html -- Allan Liska [EMAIL PROTECTED] htt://www.allan.org
Re: www.lucent.com
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Daniel, Friday, October 18, 2002, 5:56:27 AM, you wrote: DMK> does someone know what happened to http://www.lucent.com ? DMK> Yesterday everything was fine, but now it seams like they DMK> are wiped out of the internet. No DNS resolution (unknown host ?!). Works fine for me from Qwest's backbone. And it appears to have a proper DNS entry: datacenterwire.com /home/allan#dig www.lucent.com ;; ANSWER SECTION: www.lucent.com. 3H IN CNAME ap-www.lucent.com. ap-www.lucent.com. 0S IN A 192.11.229.2 ;; AUTHORITY SECTION: ap-www.lucent.com. 3H IN NSapserver1.lucent.com. ap-www.lucent.com. 3H IN NSapserver2.lucent.com. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPa/dFSkg6TAvIBeFAQGGrQP+NSKR9paoX4X1A/ba6nXlxT3dlAGcOjAg ixOssvTyRkZj0uRzo6t4gsTx48bcj6qv3FfrgiaBaeh3KvW5qUl4RjhCSbdG+/DF to7qaJFM6j1H2qVxItIURHyRfSCshxoOBekVGkMPaFOF05PgkRYhMCFb8lgIvewZ D4romdikT0I= =BGxr -END PGP SIGNATURE-
Re: what's that smell?
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Jason, Monday, October 7, 2002, 7:14:41 PM, you wrote: JL> Hope this doesn't come across as DNS-101, but is there some way to tell JL> what DNS server one uses? Kinda like telnetting to port 80 or 25? I JL> know if it is possible, it's just as possible for them to change the JL> output, but chances are the brainiacs of the world who don't filter JL> probably aren't smart enough to change what their DNS server 'appears' JL> to be either. This will work: dig @nameserver.tld chaos txt version.bind For BIND nameservers, but it is not a standard convention so it is not supported by all nameservers, and most administrators disable the output from the command at this point: datacenterwire.com /home/allan#dig @ns1.vbind.com chaos txt version.bind ; <<>> DiG 8.3 <<>> @ns1.vbind.com chaos txt version.bind ; (1 server found) ;; res options: init recurs defnam dnsrch ;; got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 6 ;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUERY SECTION: ;; version.bind, type = TXT, class = CHAOS ;; ANSWER SECTION: VERSION.BIND. 0S CHAOS TXT"DNS, we aint got no stinkin DNS" ;; Total query time: 0 msec ;; FROM: datacenterwire.com to SERVER: ns1.vbind.com 66.150.201.103 ;; WHEN: Mon Oct 7 17:37:39 2002 ;; MSG SIZE sent: 30 rcvd: 86 allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPaIbPikg6TAvIBeFAQFFrgP/YxHLFuoYQ1xAV2lqrKjRPIbadTT2KwrS Xe0wK4Z/+oeYaK5HGXLXSMuZqRUvx1tLkZpN2j3Z5XAbKk5ALHXgtmonE4uZmxwd iOiUG4t8UlxWbrTirsWCTpl99Ugv7WP1PbtW2Dy33xS9i6aupUbIcMyqoANZOif7 sC/28CC6olE= =buSZ -END PGP SIGNATURE-
Re: Security Practices question
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello John, Sunday, September 22, 2002, 6:22:11 PM, you wrote: JMB> I have question for the security community on NANOG. JMB> What is your learned opinion of having host accounts JMB> (unix machines) with UID/GID of 0:0 I'm not sure my opinion is learned, but I would say it is a bad idea. The vast majority of users do not need all of the privileges that root access provides. The reason that *nix systems have different users and groups is to give them different levels of access. In addition, if there are specific programs that need to be run by a user which require root access and administrator can use sudo (http://www.courtesan.com/sudo/) to give faux root access, without having to divulge the root password. JMB> The argument is that way you don't hav to give out the root password, JMB> you can just nuke a users UID=0 equiv account when the leave and not JMB> have to change the real root account. That is an invalid argument for three reasons: 1. As soon as a user leaves an organization, their accounts should be deleted -- that should be SOP at all companies. If you do not allow the root account to connect directly (ie you cannot SSH to the server directly as root -- you have to connect as another user and su) when you delete the user's account they cannot gain root access. 2. You should be rotating your root password often enough that users would be accustomed to a password change. 3. The only users who should be able to gain root access to a system are those in the root wheel, at the very least accounts in the root wheel should be monitored closely and rotated in and out of the wheel as necessary. Hope this helps. allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPY5Jl3+n87oa5a9VAQHB+AQAhv2sIrAqs0HPUqYPWKxFheDk97lya1fs fS9XZ07mJ+M0Lds0PzDC8k2GL8T8hQrOaCeMckkE9+ssP5SuqVY/bZqGGsltkz79 o7/lT24BE+lpLFXVYddFQaUa9DH1i1wDtpigBxY1PJI014ZRViSS51ydz1X8RBvQ 4Zprc4g6tGo= =Y2iu -END PGP SIGNATURE-
Re: IPv6 revisited - I am building a list of IPv6 capable ISP's
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello Joe, Tuesday, September 17, 2002, 11:15:21 AM, you wrote: JB> I have tested IPv6 with the assistance if freenet6.net. It seems to work. Whewthank the gods for that. I mean the tests done by Cisco, Juniper, Sprint, AT&T, Nokia and other major backbone/routing equipment companies were not very convincing. Now that YOU have done the testing I am sure there will be a mad rush to adopt it... allan - -- Allan Liska [EMAIL PROTECTED] http://www.allan.org -BEGIN PGP SIGNATURE- Version: 2.6 iQCVAwUAPYfjO3+n87oa5a9VAQEIGQQAtSspnPRBwm8T3By/gEqCf73ff7uiqMnQ GhyFp/w/Sv4z+Fd+E7smHMoWKrYDxHZC0AxRStdoGO8sEPh/F2WF5W53gcfsqJe3 etCsEYA8rHbnt0AZ2j8uyPVhYG1TdRGEVsMlyX7lS1qaW1lsoYOFI4pMfeqtkbmy 2p/4K7wodes= =Qe8l -END PGP SIGNATURE-
Re: Secure Cabinets
Hello Andrew, Monday, August 19, 2002, 12:11:02 PM, you wrote: AD> Hey everyone, I know this is slightly off topic but I'm hoping that someone AD> from Verisign or the like will respond. I am looking for a VERY secure AD> computer cabinet to replace an open rack I have now. I'm looking for almost AD> vault like qualities. Is anyone willing to make recommendations on a vendor? You may want to take a look at the cabinets offered by Lampertz: http://www.lampertz.com/DuS.htm Some hosting companies are using them for secure hosting. allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Qwest to Restate Earnings
http://story.news.yahoo.com/news?tmpl=story&u=/ap/20020729/ap_on_bi_ge/qwest_2 Not too much of a surprise. allan -- Allan Liska [EMAIL PROTECTED]
Re: Just an FYI - Apache Worm on the loose
Hello John, Wednesday, July 10, 2002, 11:58:09 AM, you wrote: JP> Is this the same vulnerability that JP> was corrected with the 1.3.26 apache release? Yes it is. -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Re: whois.register.com working?
Hello Cho, Monday, July 01, 2002, 5:39:01 AM, you wrote: CMF> I've been trying to check out domains from whois.register.com, however, it CMF> always reports "No match for domain"!! CMF> Is it working? Do you know where I can query domains details registered in CMF> register.com? Many thanks! This is probably best posted to the isp-dns list, but the short answer to your question is that the register.com whois server only shows results for domains registered through register.com: #whois -h whois.register.com hostsec.com [snip] Organization: Allan Liska Allan Liska [snip] Registrar Name: Register.com Registrar Whois...: whois.register.com Registrar Homepage: http://www.register.com Domain Name: HOSTSEC.COM #whois -h whois.register.com allan.org No match for "allan.org". Your best bet when searching for domains is to query rs.internic.net, then query the appropriate registrar. allan -- allan [EMAIL PROTECTED] http://www.allan.org
Re: Adeklphia update
Tuesday, June 18, 2002, 5:30:50 PM, blitz wrote: b> Adelphia announced price increases today 90 cents a month for cable TV, b> bringing the package to about $39. a month in Buffalo, and $41. outside. b> Also they increased the "powerlink" cablemodem $2.00 a month. (this is the b> second increase this year) Can we assume the service will remain at the same abysmal levels ;}. allan -- allan [EMAIL PROTECTED] http://www.allan.org
Re[8]: "portscans" (was Re: Arbor Networks DoS defense product)
Hello Ralph, Sunday, May 19, 2002, 12:13:35 PM, you wrote: >> RD> I think that's pretty stupid. If I had my network admin investigate every >> RD> portscan, my staff costs would go up 10x and I'd quickly go bankrupt. >> RD> Instead we keep our servers very secure, and spend the time and effort >> RD> only when there is evidence of a break in. >> >> I didn't say investigate every portscan, I said assume every portscan >> is hostile. There is a big difference. RD> So you assume it's hostile and do what? Automatically block the source RD> IP? If you do that then you open up a bigger DOS hole. Then if someone RD> sends a bunch of SYN scans with the source address spoofed as your RD> upstream transit providers' BGP peering IP, poof! you're gone. You do the same thing you do with any attack: Log the information and take appropriate action. If you are constantly getting scanned from one netblock, you should be aware of that, the only way to be aware of it is to keep a record of all port scans. A portscan may be innocent, though I agree with those who have said previously that most posrtscans are not innocent, in which case it gets filed away into a database and forgotten. However, if the same network is continuously portscanning your network that network should be stopped. This whole process can be automated, so that it does not involve manual intervention...but don't you think a good network administrator should know what is happening to their network? And, since there is no way to distinguish an innocent portscan from one that is a precursor to an attack, wouldn't it make sense to keep track of all portscans? allan -- allan [EMAIL PROTECTED] http://www.allan.org
Re[6]: "portscans" (was Re: Arbor Networks DoS defense product)
Hello Ralph, Sunday, May 19, 2002, 11:22:08 AM, you wrote: >> If they don't give a satisfactory bank somewhere else (or offer your >> services ;)). Certainly that is a better approach than scanning to >> see what you can find out. The organization receiving the scan has >> no way of knowing what your intentions are -- and should interpret >> them as hostile. RD> I think that's pretty stupid. If I had my network admin investigate every RD> portscan, my staff costs would go up 10x and I'd quickly go bankrupt. RD> Instead we keep our servers very secure, and spend the time and effort RD> only when there is evidence of a break in. I didn't say investigate every portscan, I said assume every portscan is hostile. There is a big difference. allan -- allan [EMAIL PROTECTED] http://www.allan.org
Re[4]: "portscans" (was Re: Arbor Networks DoS defense product)
Hello Ralph, Sunday, May 19, 2002, 10:50:23 AM, you wrote: >> RD> I often like to know if a particular web server is running Unix or >> RD> Winblows. A port scanner is a useful tool in making that determination. >> >> [allan@ns1 phpdig]$ telnet www.istop.com 80 >> Trying 216.187.106.194... >> Connected to dci.doncaster.on.ca (216.187.106.194). >> Escape character is '^]'. >> HEAD / HTTP/1.0 >> >> HTTP/1.1 200 OK >> Date: Sun, 19 May 2002 01:47:57 GMT >> Server: Apache/1.3.22 (Unix) FrontPage/4.0.4.3 PHP/4.1.2 mod_fastcgi/2.2.8 RD> Sure, it works on some servers, but try it on yahoo.com, cnn.com, ... As I think Eddy already mentioned, you can try Netcraft. Of course in the cases of Yahoo and CNN you have an Akamai factor...though CNN does return some useful information: telnet www.cnn.com 80 Trying 207.25.71.20... Connected to www1.cnn.com (207.25.71.20). Escape character is '^]'. GET / HTTP/1.0 HTTP/1.1 200 OK Server: Netscape-Enterprise/4.1 Date: Sun, 19 May 2002 14:58:55 GMT Last-modified: Sun, 19 May 2002 14:58:55 GMT Expires: Sun, 19 May 2002 14:59:55 GMT Cache-control: private,max-age=60 Content-type: text/html Connection: close And, you can also try the direct approach: e-mail the webmaster and ask :). I guess the point I am trying to make is that there are ways of finding out this information without having to resort to portscans. The example of bank is a very good one. With all of the security risks involved in managing a web server, and the associated database, it seems very important to ask the bank for an explanation of the steps they have taken to secure their website, and their customer database. If they don't give a satisfactory bank somewhere else (or offer your services ;)). Certainly that is a better approach than scanning to see what you can find out. The organization receiving the scan has no way of knowing what your intentions are -- and should interpret them as hostile. allan -- allan [EMAIL PROTECTED] http://www.allan.org
Re[2]: "portscans" (was Re: Arbor Networks DoS defense product)
Hello, Saturday, May 18, 2002, 7:17:43 PM, you wrote: RD> On Sat, 18 May 2002, Scott Francis wrote: >> And why, pray tell, would some unknown and unaffiliated person be scanning my >> network to gather information or run recon if they were not planning on >> attacking? I'm not saying that you're not right, I'm just saying that so far >> I have heard no valid non-attack reasons for portscans (other than those run >> by network admins against their own networks). RD> I often like to know if a particular web server is running Unix or RD> Winblows. A port scanner is a useful tool in making that determination. [allan@ns1 phpdig]$ telnet www.istop.com 80 Trying 216.187.106.194... Connected to dci.doncaster.on.ca (216.187.106.194). Escape character is '^]'. HEAD / HTTP/1.0 HTTP/1.1 200 OK Date: Sun, 19 May 2002 01:47:57 GMT Server: Apache/1.3.22 (Unix) FrontPage/4.0.4.3 PHP/4.1.2 mod_fastcgi/2.2.8 Last-Modified: Sat, 18 May 2002 06:05:35 GMT ETag: "68807-9ff5-3ce5ef2f" Accept-Ranges: bytes Content-Length: 40949 Connection: close Content-Type: text/html Connection closed by foreign host. (make sure you hit [Enter] twice after the "HEAD / HTTP/1.0"). Gets you all of the information you need, and you don't have to do a portscan. I have a perl script that automates the task if you would like it, let me know. allan -- allan [EMAIL PROTECTED] http://www.allan.org
Re: Interconnects
On Fri, 17 May 2002, todd glassey wrote: > > I know what happens when an ISP dies, what happens when a registrar dies? > > T. I am pretty certain that the names revert to whatever entity is contracted to maintain the database for that TLD. Though most likely if a registrar were to die, another registrar would try to buy them out -- assuming it met with ICANN approval. allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
RE: Korean server security?
On Mon, 15 Apr 2002, Niedens, Travis wrote: > > A URL for the info would be nice :) > > Travis > URL for the article: http://news.com.com/2100-1001-882663.html The website for Korea Digital Works: http://www.kdworks.co.kr/ My Korean is non-existent, so I am afraid I cannot point to where the contest details are. HTH allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Re: Best provider to use ?
Hello, Saturday, April 06, 2002, 12:23:56 PM, you wrote: ihc> Out of the Tier 1s who is the best to use ? ihc> Thanks. AGIS allan -- allan [EMAIL PROTECTED] http://www.allan.org
Re: MAE-Phoenix info request
On Fri, 5 Apr 2002, Donn Lasher wrote: > > I see from the great speadsheet (ep-in-addrs) that there is mention of a > phoenix NAP. However, I can't find any info anywhere on the web / etc about > it. > > Does it exist, either a MAE or otherwise? What's the physical address? Who > is there? > According to the New Mexico Internet Exchang, there is/was a Phoenix NAP sponsored by RTD Systems & Networking (www.rtd.net). The RTD website, and the website for the Phoenix NAP mentioned on: http://www.nmix.net/links.html Is also not responding, you can try contacting RTD at the number listed in the whois information: 520.388.9000 Hope this helps...sorry I do not have any additional information. allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Re[3]: gtld-servers returning multiple A records for a NS?
Hello Paul, Thursday, April 04, 2002, 7:13:11 AM, you wrote: PT> On Thu, 4 Apr 2002, Allan Liska wrote: >> Yea, apparently in January Verisign changed their long standing policy of >> allowing only one name server to be registered per IP Address. To >> confuse matters even more, I don't think all of the registrars support >> this, and I have not seen anything official from ICANN (not that >> anyone cares what ICANN thinks). PT> I'm not certain that this is entirely accurate. Certainly, ns0.ja.net has PT> had two IP addresses for as long as I can remember (at least for the last PT> five years...) and has been happily reflected in the whois and .net zone. My apologies, I worded that badly. I meant, Verisign now allows multiple hosts to share the same IP Address, e.g.: ns1.example.com 10.10.0.1 ns2.example.com 10.10.0.1 I don't believe this was allowed prior to January. allan -- allan [EMAIL PROTECTED] http://www.allan.org
Re[2]: gtld-servers returning multiple A records for a NS?
Hello, Thursday, April 04, 2002, 3:26:18 AM, you wrote: wen> Worth is that about 4-6 months ago I started seeing multiple dns servers wen> registered for the same ip address. Plus to that neither .biz nor .info wen> dns servers are even showing on the internic root. Yea, apparently in January Verisign changed their long standing policy of allowing only one name server to be registered per IP Address. To confuse matters even more, I don't think all of the registrars support this, and I have not seen anything official from ICANN (not that anyone cares what ICANN thinks). allan -- allan [EMAIL PROTECTED] http://www.allan.org
Re: Contact at dellhost.com
Hello David, Friday, March 29, 2002, 6:37:48 PM, you wrote: DU> I'm sorry to have to resort to NANOG-L for this but I desperately DU> need to speak with a head sysadmin from dellhost.com DU> puck.nether.net shows nothing for dell.com or dellhost.com DU> Network Solutions contact info just goes into voice mail hell for DU> which there has been no response for over three weeks. DU> Email is unanswered. DU> I just need a warm bodied person to contact to resolve some DNS DU> issues they are having. (dnsadmin@ and dnstech@ all go unanswered) According to this article: http://www.internetwk.com/story/INW20010831S0011 Dellhost sold their service to Sprint, have you tried contacting Sprint support, to see if they can help you with the DNS issues, or is Dellhost run as a completely separate entity? allan -- allan [EMAIL PROTECTED] http://www.allan.org
Re: Exodus/C&W Depeering
On Tue, 26 Mar 2002, Bill Woodcock wrote: > Average path lengths increase, the consumer loses. > Not to mention Exodus customers. allan -- Allan Liska [EMAIL PROTECTED] http://www.allan.org
Yipes
Hello, Almost a year ago Ralph Los asked the following: "2. They're not funded yet, and selling WAY below cost. Does this mean that a year from now they're going to triple their prices? worse?" Yesterday they declared bankruptcy: http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2002/03/23/BU240955.DTL&type=business Ralph -- if you are still around, I hear Miss Cleo is hiring :). allan -- allan [EMAIL PROTECTED] http://www.allan.org
Slash/Nanog Vote Results
Hello, This is a follow up with the results of the off-list votes that were sent to me about the level of interest in creating a slashdot style board to accompany the nanog list. 11 Votes total +8 -3 allan -- allan [EMAIL PROTECTED] http://www.allan.org
Re[2]: CEOlink
Hello Susan, I assist in setting up Slashdot style sites all the time, and would be happy to put something together, if there is enough interest. That being said, mailing lists do not always translate well into forum sites. In fact, the result is usually an unused forum that does not server a real purpose. I'd like to see what type of interest, if any, there is in a forum style site. In order to avoid wasting bandwidth, you are welcome to reply to me private with a +/-1 and I will be happy to post the results. Thursday, March 14, 2002, 8:58:13 AM, you wrote: SH> It'd be great if we had our own Slashdot site, with sections for outage SH> reports, bulletins, and threaded discussions that were spun off from the SH> main NANOG list because they were only of interest to a small group. The SH> Slashdot source is available but the install sounds fairly complex - SH> multiple perl modules, mySQL, etc. We've thought about developing a SH> prototype at Merit, but volunteers would certainly be welcome. allan -- allan [EMAIL PROTECTED] http://www.allan.org