Re: UUNet Offer New Protection Against DDoS
When I first saw this post I thought that MCI/UU.Net implemented some DDOS BGP community strings like CW implemented a month ago. If only all of my upstreams would have this type of BGP Community string my life would be made easier. Here is the customer release letter from from CW dated Januray 23, 2004: Dear Customer, If you have received this email, you are either a direct customer of AS3561, (i.e. you have registered a route object for a customer of AS3561), or are listed in the maintainer of a customer of AS3561. AS3561 has implemented a blackhole/DDoS community string based solution to aid customers in the mitigation of DoS attacks. If you are currently running BGP with us, you will be able to use this feature. If you advertise a prefix (route) to us with the community string 3561:666, we will NULL route or 'blackhole' all traffic destined to that prefix. The prefixes accepted are based on the current prefix-list generated for you. Instead of doing exact match filtering, we will accept any prefix (more specific) within your address block(s). e.g. if you have 192.168.0.0/16 registered, we will accept 192.168.0.0/16 upto /32 as long as the 3561:666 community string is attached. Please ensure you are configured to send community strings and understand the impact of errant advertisements. Diligence should be used when administrating this feature. Once the prefix is received and propagated within AS3561, all traffic destined to the prefix will be discarded and the blackholing of traffic will continue as long as DDoS community string is being advertised. Neither Cable Wireless nor AS3561 will be held liable or responsible for customers who errantly advertise prefixes with the blackhole community string. If you wish to utilize this feature, you can verify our acceptance of the advertised prefix by querying the AS3561 route server located at http://lg.cw.net. Please remember, we require you to complete a priority one incident report at http://www.security.cw.net (Report an Incident) and include details of the attack. An email describing further details of the attack can be sent to [EMAIL PROTECTED], please include the incident report number in the subject to assist in the tracking and documentation of the incident. This will ensure the attack is properly administrated handled by our Security and Legal Groups. --- John Obi [EMAIL PROTECTED] wrote: Hello Nanogers! I'm happy to see this, and I hope CW, Verio, and Level3 ..etc will do the same! MCI/WorldCom Monday unveiled a new service level agreement (SLA) to help IP services customers thwart and defend against Internet viruses and threats. http://informationweek.securitypipeline.com/news/18201396 It's the right time before it's too late! Regards, -J - Do you Yahoo!? Yahoo! Search - Find what youre looking for faster.
Cox.Net Contact
If there is a Cox.Net contact on this list please contact me off-list. I have an issue where I cannot get to my MCI IPs from Cox's backbone. Thanks! Andy Ellifson
Re: Pitfalls of annoucing /24s
I have a /24 allocated to my by XO Communications in Phoenix, AZ (67.X.X.0/24). I am currently announcing it to Verio in Europe. A friend of mine that is an XO customer in Phoenix with BGP to XO can get to that address block within XO's network. But on the flip side. I also have a /22 from ATT (12.X.X.0/22). When I announce that network block to Verio in Europe (and nowhere else), only certain places get to the Europe location. Networks that prefer ATT go to ATT's network and die since the route isn't there. I don't know if I am missing something but it think it may have to do with how the network's peering/filter schemes work. I may just be walking around the problem since I am a transit customer of Verio and they normally filter. -Andy --- Phil Rosenthal [EMAIL PROTECTED] wrote: On Oct 15, 2003, at 5:24 PM, H. Michael Smith, Jr. wrote: What about the /24's that many ISPs (especially tier 2-3) are assigning to multi-homed customers? What about an IX or critical infrastructure providers that may be issued a /24 from ARIN (Policy 2001-3)? As long as it's provider assigned, and your provider announces the supernet that the /24 is from, it will still work. If you announce PI space out of the old class A space in /24's, many networks wont be able to reach you.
Re: Wired mag article on spammers playing traceroute games with trojaned boxes
Oops... Try this again... And as soon as you call law enforcement what happends? The spammer is located offshore. Then what? --- Hank Nussbacher [EMAIL PROTECTED] wrote: On Thu, 9 Oct 2003, Suresh Ramasubramanian wrote: * Follow the money - find out the spammer / the guy who he spams for, from payment information etc.Sic law enforcement on them. srs I think we can all safely assume that the people behind this are most probably on NANOG or reading the archives and are now aware of your idea :-) -Hank
Re: Wired mag article on spammers playing traceroute games with trojaned boxes
And as soon as you call law enforcement what happends? The spammer --- Hank Nussbacher [EMAIL PROTECTED] wrote: On Thu, 9 Oct 2003, Suresh Ramasubramanian wrote: * Follow the money - find out the spammer / the guy who he spams for, from payment information etc.Sic law enforcement on them. srs I think we can all safely assume that the people behind this are most probably on NANOG or reading the archives and are now aware of your idea :-) -Hank
Re: Converting from telco Major-V, Major-H coordinates to Lat Long
I came across this one while writing dial-peers for a VoIP network that went outside the North American Numbering Plan: http://www.numberingplans.com They sell a complete database for 249 (or 49/month subscription) but also have a free tool to look up individual numbers. -Andy --- Jared Mauch [EMAIL PROTECTED] wrote: On Tue, Sep 30, 2003 at 10:55:30AM -0400, Eric Germann wrote: I've contemplated a project to make an independent VH database and I'm looking for input as to whether anyone would care. We currently maintain a searchable db of NPA/NXX info at http://www.cctec.com - Search - Search for info on NPA/NXX I also have something similar here: http://puck.nether.net/npa-nxx/ I wrote some code to take the Rate Center Name + State info and lookup the lat/long and then translate it into VH coordinates. For one-off's and approximation of inter-CO distance, it will probably work. The premise is close is better than nothing. I'll also add a public lat/long - VH convertor to the mix. For unknown CO's, we'd look for input from the community. Thoughts from the group? Are you importing the nanpa data? that's where I am getting my data from. There is a link off of my page to the NANPA data which can be imported fairly easily. - Jared -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stewart, William C (Bill), RTSLS Sent: Monday, September 29, 2003 3:55 PM To: Claudio Gutiérrez Cc: [EMAIL PROTECTED] Subject: RE: Converting from telco Major-V, Major-H coordinates to Lat Long From: Claudio Gutiérrez [mailto:[EMAIL PROTECTED] I think http://datec.web.att.com/faqs/telecom.htm is an internal ATT webserver Arrgh..You're correct, and I should have noticed. It's the 1996 FAQ for Telecom Digest, Message-ID: [EMAIL PROTECTED] TELECOM Digest - Frequently Asked Questions - v.7 17 December 1995 from newsgroup comp.dcom.telecom.tech It's still in v.8 - http://www.teletechnics.co.nz/reference/telecom/telecom_faq.html -- Jared Mauch | pgp key available via finger from [EMAIL PROTECTED] clue++; | http://puck.nether.net/~jared/ My statements are only mine.
Re: AOL Proxy Servers not connecting via https - resolved
Actually a /12. But the value of 172.16.0.0 0.15.255.255 has been burned into my head for some reason... ---snip--- Page 4 3 Private Address Space The Internet Assigned Numbers Authority (IANA) has reserved the following three blocks of the IP address space for private internets: 10.0.0.0- 10.255.255.255 (10/8 prefix) 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) ---snip--- --- Ron da Silva [EMAIL PROTECTED] wrote: On Thu, Sep 25, 2003 at 06:11:23PM -0400, Brian Bruns wrote: This might be helpful to people setting up ACLs and the like: http://webmaster.info.aol.com/proxyinfo.html I think the point that Mike was making is that RFC1918 space is 172.16.0.0/20 not a /8. -ron
Go Daddy vs Verisign over Site Finder
Go Daddy is at it again. They filed suit against Verisign accusing Verisign of misuse of their registry position with their Site Finder service. Let's hope they win this lawsuit too! https://www.godaddy.com/gdshop/pressreleases/NR-GoDaddysuesVerisign9-22.pdf?isc=se=%2Bfrom%5Fapp=
Qwest.Net/USWest.Net SWIP Contact for 63.224.0.0/13?
Can a Qwest.Net/USWest.Net person that can remove an ARIN SWIP within the IP Block of 63.224.0.0/13 please contact me off list? I'm having problems getting an entry removed since I no longer have those IP addresses and the related service. Thanks! Andy Ellifson
Re: Cross-country shipping of large network/computer gear?
A counter-to-counter shipment on a passenger airline is a thing of the past (at least from my experiences going directly to the passenger airlines). After Sept 11 the FAA has required that passenger airlines only accept shipments from known shippers (unless this has changed in the last 14 months). What does this mean? You need to setup an account with the airline (may of them will setup the account and still be able to bill to a credit card). You also need to become a known shipper by having their courier/employee visit your location and verify that you are a known shipper. Once this occurs you can do passenger airline counter-to-counter shipments at will. Setup time takes 7-10 days from what I remember. If anybody has counter-to-counter on their disaster recovery plans you may want to get setup as a known shipper. I went through the process with United's Cargo division http://www.unitedcargo.com. I used them as a backup to America West Airlines as I am located in Phoenix, AZ. -Andy --- Robert E. Seastrom [EMAIL PROTECTED] wrote: N. Richard Solis [EMAIL PROTECTED] writes: FedEx will be your best bet. Trust me. FedEx Heavy = pay a surcharge for heavy boxes, get it moved by a 120 pound delivery person with a handtruck rather than a pallet jack or other appropriate freight handling equipment... and dropped off the truck. My experience is a 40% damage rate when shipping Cisco 7507 and 7513 routers via FedEx Heavy. Here are some pictures from back when I was at AboveNet: http://www.seastrom.com/fedex/ You COULD do a counter to counter shipment via an airline cargo desk. That MIGHT be cheaper but you will still have to transport it from your spot to their pickup and back again on the other side. Counter-to-counter is the *last* way you would want to ship that sort of thing (handled as luggage on a flight, beat to hell by baggage handlers, and you get to retrieve it from baggage claim in an airport and schlep it all the way to your car). Far better (if you have access to trucks on both ends) is to ship it air freight. As you enter your favorite airport, follow the signs to Air Cargo, not the signs to the passenger terminal. When you find a place with a lot of places for 18-wheelers to back up to loading docks, and relatively few places for cars to park, you've found the right place. Matthew doesn't mention specific terminus points for the shipment, but based on whois information I'll make a wild guess that NYC is one end. JFK appears to be the big United installation (vs LGA and EWR), per info on www.unitedcargo.com - I tend to prefer them because of their long hours for pickup and delivery at IAD, which makes life convenient for me. :) If you need door-to-door service, there are numerous air freight forwarders who can handle palletized equipment and move it around the country/world in a timely fashion (and really, if you're talking about 300+ pounds of rackmount equipment, that's how you want to move it anyway). Two companies that I've used and been quite happy with the results are Cavalier International and Eagle Global Logistics. You may recognize Eagle's logo from stickers on previous shipments that you've gotten from major manufacturers who have stuff manufactured in the Far East. The Pros Know. http://www.eaglegl.com/ http://www.cavalier-intl.com/ ---Rob
Re: Latest analysis of MSBLAST
Since MSFT's servers are burried for the download of this patch, does anybody have a mirror NANOG people can use for this? I'm looking for the Windows 2k patch specifically. Its URL is this: http://microsoft.com/downloads/details.aspx?FamilyId=C8B8A846-F541-4C15-8C9F-220354449117displaylang=en --- Huopio Kauto [EMAIL PROTECTED] wrote: from F-Secure is here: http://www.f-secure.com/v-descs/msblast.shtml --Kauto Kauto Huopio - [EMAIL PROTECTED] Information Security Adviser / CERT-FI -coordinator Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax. +358-9-6966515 CERT-FI duty desk +358-9-6966510 / http://www.cert.fi
Re: Hollywood plot: Attack critical infrastructure while President is in town
I really hope that no major fiber routes travel through Crawford, TX... ...but a quick search on Google shows that when George W. Bush became president they built fiber services to the ranch... Superior-Essex claims that one of its customers is the United States Secret Service in Crawford, TX Hmmm... Image the resale possibilities of the Crawford Ranch after the presidency? Data Center in Crawford, TX anyone? -Andy --- Stewart, William C (Bill), RTSLS [EMAIL PROTECTED] wrote: As Vadim said, it's about display of power. However, I'm not worried about terrorists attacking infrastructure under the cover of Presidential No-Fly Zones; I'm more worried about backhoe drivers named Bubba who didn't call the Call Before You Dig number and weren't noticed by cable route overflights because they were grounded while Bush gets his hair cut. On the other hand, that's what diverse cable routes and rapid restoration systems are for, and even with air patrolling of cable routes, there's the occasional Bubba who's checked with the call-before-you-dig people (so the air patrols don't stop him) and makes a mistake about where to dig...
Google Crawler
We are a domain registrar and we host/park over 750,000 domain names. Every now and then the Google Crawler decides to bury the machines that host our 'parked' domain pages. We use robots.txt but that doesn't help under these circumstances. I have tried sending a message to Google using their web site. They don't have a NOC entry on puck.nether.net either. Our only alternative right now is to block the crawler at the router level. Does anbody have a contact at Google or is anyone at Google listening? Thanks! Andy Ellifson
RE: Google Crawler
Thank you! --- Mike Damm [EMAIL PROTECTED] wrote: http://www.google.com/bot.html for issues with the crawler. mailto:[EMAIL PROTECTED] will get you a human bean to talk to. Normally when there is a problem with their robot, they are pretty responsive. -Mike --- Michael Damm, MIS Department, Irwin Research Development V: 509.457.5080 x298 F: 509.577.0301 E: [EMAIL PROTECTED] -Original Message- From: Andy Ellifson [mailto:[EMAIL PROTECTED]] Sent: Friday, January 03, 2003 8:45 AM To: [EMAIL PROTECTED] Subject: Google Crawler We are a domain registrar and we host/park over 750,000 domain names. Every now and then the Google Crawler decides to bury the machines that host our 'parked' domain pages. We use robots.txt but that doesn't help under these circumstances. I have tried sending a message to Google using their web site. They don't have a NOC entry on puck.nether.net either. Our only alternative right now is to block the crawler at the router level. Does anbody have a contact at Google or is anyone at Google listening? Thanks! Andy Ellifson
Re: Nanog broken?
--- Ejay Hire [EMAIL PROTECTED] wrote: Hi all. I haven't seen any posts this morning, is the list broken or did everyone take a day off?
Re: CW east coast flap this afternoon?
CW is moving any customers that are not directly connected to a CW owned node to New Edge. I am a CW T-1 Customer in the Phoenix, AZ market on the N3 network and we will not be moving anywhere. --- Jonathan Disher [EMAIL PROTECTED] wrote: On Wed, 13 Nov 2002, Peter Salus wrote: CW is divesting itself of a lot of real estate these days. It struck a deal with Primus concerning its voice customers (last week), now its DSL customers to New Edge. New Edge is also getting their non-enterprise (i.e. T1, frac DS3) customers. We got our first strong-arm letter on October 11th threatening disconnection if we didn't sign a migration authorization. Yesterday we got notice that our T1's get shut off on December 31st. Moreover, the BBC reports today that CW is cutting 3500 jobs worldwide and also announced heavy losses. CW announced that it was cutting 23 of its 42 data centres around the world. (The losses this past year exceed $6.5 Billion.) This doesn't surprise me. Exodus lost their shirts buying GlobalCenter. Then CW bought Exodus. Granted, it's not the only reason for losing money. But it's undoubtedly a big contributor. -j
Cisco Catalyst DOS Risk
http://www.theregister.co.uk/content/55/27690.html
Sunspot Activity Radio Blackouts
For anyone that operates a wireless network or a copper based network: Official Space Weather Advisory issued by NOAA Space Environment Center Boulder, Colorado, USA SPACE WEATHER ADVISORY BULLETIN #02- 2 2002 July 23 at 12:00 p.m. MDT (2002 July 23 1800 UTC) ( CORRECTED ) MAJOR SUNSPOT ACTITVITY A major sunspot region has rotated onto the visible face of the sun. This region, designated as Region 39 by NOAA Space Environment Center forecasters, is believed to have been the source of three large coronal mass ejections on the far side of the sun beginning on July 16. This region will rotate across the visible side of the sun over the next two weeks and is expected to produce more solar activity. Since appearing on the visible side yesterday (July 22) this region has already produced a major flare at 6:35 pm Mountain Daylight Time (MDT) on July 22 (0035, July 23 UTC). Radio blackouts reached category R3 (Strong) on the NOAA space weather scales. In response to the major flare, a geomagnetic storm is possible and is expected to begin between 8:00 pm MDT on July 23 and 8 am MDT on July 24 (0200 - 1400, July 24 UTC). The geomagnetic storm may reach category G2 (moderate) levels on the NOAA space weather scales. Category R3 radio blackouts result in widespread HF radio communication outages on the dayside of the Earth and can also degrade low frequency navigation signals. Category G2 geomagnetic storms can lead to minor problems with electrical power systems, spacecraft operations, communications systems, and some navigational systems. Aurora Borealis / Australis (northern / southern lights) may be seen down into the mid latitudes (New York, Madison, Boise, Vladivostok, Rome, Tasmania, Wellington - NZ, Puerto Montt - Chile) Data used to provide space weather services are contributed by NOAA, USAF, NASA, NSF, USGS, the International Space Environment Services and other observatories, universities, and institutions. For more information, including email services, see SEC's Space Weather Advisories Web site http://sec.noaa.gov/advisories or (303) 497-5127. The NOAA Public Affairs contact is Barbara McGehan at [EMAIL PROTECTED] or (303) 497-6288.
Re: Train Derailment near Milwaukee (Washingon County)
http://www.jsonline.com/news/ozwash/jul02/59094.asp Associated Press Last Updated: July 15, 2002 Allenton - A 70-car freight train carrying hazardous materials derailed Monday afternoon, causing a fire and sending 16 cars off the track in Washington County. The Canadian National freight derailed about 2:30 p.m. on Wildlife Road near County Trunk K about a mile west of U.S. 41, said Washington County Sgt. Jill Raffay. They are having a hard time getting up to evaluate what happened because of the fire that is going on, Raffay said. There were no reported injuries. Some of the 16 cars were carrying hazardous materials, she said, but the type of materials was not immediately known. The ones on fire were not the ones with hazardous material. At least four fire departments were on the scene and a hazardous materials team from Milwaukee was on the way, Raffay said. Some side roads were closed due to the accident, but no major highways were shut down, she said. There are some houses in the area but no one has been evacuated, Raffay said. Raffay did not know the train's destination or origin. It was probably going northbound because the engine stopped in Allenton, she said. A more complete version of this story will appear online later tonight and in the Milwaukee Journal Sentinel in the morning. --- Matt Levine [EMAIL PROTECTED] wrote: Anybody know if there's any fiber runs affected? Regards, Matt -- Matt Levine @Home: [EMAIL PROTECTED] @Work: [EMAIL PROTECTED] ICQ : 17080004 AIM : exile GPG : http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x6C0D04CF The Trouble with doing anything right the first time is that nobody appreciates how difficult it was. -BIX