Re: Abuse response [Was: RE: Yahoo Mail Update]
On Tue, 2008-04-15 at 10:56 +0530, Suresh Ramasubramanian wrote: If you have high enough numbers of the stuff to report, do what large ISPs do among themselves, set up and offer an ARF'd / IODEF feedback loop or some other automated way to send complaints, that is machine parseable, and that's sent - by prior agreement - to a specific address where the ISP can process it, and quite probably prioritize it above all the j00 hxx0r3d m3 by doing dns lookups email. So how do the little guys play in this sandbox? My log files and spam reports are just as legit as the super-secret-handshake club guys are, and I'd like to get some respect. After all, I may be the first one to report it. Please keep a few things in mind though: - It needs to be simple to use. Web forms are a non-starter. - The output from any parsers needs to be human readable. There are too many auto-whatsit formatters for us to sit down and code to every one. - I'd like to see an actual response beyond an autoreply saying that you can't tell me who the customer is or what actions were taken. - I like dealing with other small operations and edus because humans actually do read the reports, and things get done (Thanks!). I've given up sending abuse reports to large consumer ISPs and all freemail providers because I'm not a member of the club. Any response that I'm lucky enough to get generally says something like You did not include the email headers in your complaint so we are closing this incident when I reported and FTP brute force. --Chris
houston.rr.com MX fubar?
We're bouncing email to houston.rr.com due to the MX being set to localhost. [EMAIL PROTECTED]:~$ host -t mx houston.rr.com houston.rr.com mail is handled by 10 localhost. Setting the MX to 127.0.0.1 seems like an odd way to handle the switch. http://www.chron.com/disp/story.mpl/business/silverman/4842611.html --Chris
Re: Bee attack, fiber cut, 7-hour outage
On Sep 21, 2007, at 2:38 PM, Deepak Jain wrote: Anytime you talk about rural I'm impressed with 7 hours, however -- isn't SONET supposed to make this better? We had a customer hit by this, and actually saw services restored for a few minutes in just four hours, but then they went back down. --Chris
RE: Hurricane Wilma
I have a couple of customers hosted at Verio in Boca Raton. We're seeing routing issues inside Verio and no response from DNS, web and SMTP servers. --Chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of techlist Sent: Monday, October 24, 2005 9:32 AM To: nanog@merit.edu Subject: Hurricane Wilma It would be very helpful for operators to advise on any status they are seeing. Hopefully someone from the Nap Of The Americas can also provide some information. Right now XO says they are experiencing some outages. I have not see any outages from other providers but I am sure they exist. Can anyone else advise? The Southern Florida is currently without power. David Diaz
Re: Address Space ASN Allocation Process
On Sep 26, 2005, at 8:27 PM, Justin M. Streiner wrote: I would recommend they register a maintainer, AS and appropriate route objects in the RADB or one of the many IRR mirrors. Some carriers build their filters based off of IRR data. That's still not a guarantee of global routability, but keeping their records in good order is a good start. I'll second the route registry suggestion. We turned up BGP about a year ago, and found that most of our traffic got bit-bucketed by big edge networks without registering routes. If you don't want to pay RADB, you can use AltDB. --Chris
Re: ISP's In Uproar Over Verizon-MCI Merger
Apologies for this possibly off topic post, but it does touch on the future speeds and feeds of networks. What follows is my opinion, not employer's, etc, etc, etc. On Aug 23, 2005, at 4:42 PM, Randy Bush wrote: does not take much convincing in dc that what is good for big business is good for america these days. True. We've been through this in Texas recently. During our regular legislative session, we successfully fought and killed a bill that would have done much harm to local ISPs, regional WISPs operating in partnership with a city, and POTS consumers. Problem is that the cablecos and telcos came back with a somewhat under the table push during a special session that was supposed to be devoted to school funding only and passed a modified (read--written to benefit both cablecos and telcos, instead of just telcos) bill. There's lots of information from the opposition side at http://www.savemuniwireless.org/ For those outside the state or the US, Texas has some very odd political traditions and laws that are beyond explanation in email. On Aug 23, 2005, at 4:45 PM, Iljitsch van Beijnum wrote: I'm not sure that's the case, AFAIK the US holds its own. The US ranks somewhere around 10th to 14th, depending on the survey. Yes, part of that is dues to our wide open spaces. I agree that it's much more difficult and expensive to deploy broadband in US-style suburbs vs. high density apartments. But there's also a speed gap. On Aug 23, 2005, at 5:23 PM, Daniel Senie wrote: I'm not opposed to local telco and cable companies being the only players, IFF there's a must serve rule, same as there is for local telco service. There are lots of towns that have no broadband, and no chance of ever getting it unless there's a must serve rule like there was for rural telephone service. So, if we're going to put Ma-bell back together, then let's do it right and make last-mile broadband a required service just like the telcos have to provide dialtone. If we follow this course in the US, we'll be stuck with the minimum speed that can be defined as broadband. A while back, I think that was 128Kbits/sec as defined by the FCC. In the meantime, Japan, Korea, and the rest of the world are deploying cheap, fast services. Yahoo BB offers 100Mbit/sec residential service. Anyone in the US want to step up to that for $40/month? Oh, and you get VoIP too. 1 gig service coming Real Soon Now! http://www.businessweek.com/magazine/content/05_26/b3939087.htm Yes, this will make a difference. Say what you like about the dot com days, but it did change the world. Many of the companies that a good chunk of people on this list work for were started in dorm rooms with really fast always on connections. If we spread the college dorm's ResNet across the globe, how will the world look in five more years?
Re: FCC To Require 911 for VoIP
On May 1, 2005, at 6:43 PM, Sean Donelan wrote: On Sun, 1 May 2005, Chris Boyd wrote: s/zipcode/unique geographic identifier on the rough order of a square mile/ Or have the server return the SNMP location information. The network operator would then be able to configure locally meaningful information. Why do you think the ISP knows anything more precise that the information they already give in the IN-ADDR.ARPA name? Sorry--Made an ambigous network operator reference there. I meant the operator of the LAN, not the ISP. This would be a similar responsibility to what PBX admins already have to do, as others have pointed out. Less clueful and/or home users would need to have dire warnings printed in the doc and displayed on screen about configuring the correct location information, but that can easily be done in new equipment and updates to older software. Adding the information as a DHCP option sounds interesting. Maybe bears further discussion? --Chris
Re: FCC To Require 911 for VoIP
On May 1, 2005, at 11:44 AM, Jay R. Ashworth wrote: On Sun, May 01, 2005 at 04:37:40PM +, Christopher L. Morrow wrote: On Sun, 1 May 2005, Jay R. Ashworth wrote: How about an anycast address implement(ed|able) by every network provider that would return a zipcode? $ telnet 10.255.255.254 Connected 33709 Disconnected. is there a unique zipcode in shanghai? s/zipcode/unique geographic identifier on the rough order of a square mile/ Or have the server return the SNMP location information. The network operator would then be able to configure locally meaningful information. --Chris
Re: FCC To Require 911 for VoIP
On May 1, 2005, at 11:53 AM, Christopher L. Morrow wrote: so, how does this work when you dial into the internet in (or use your DSL) in newark and the termination point for L3 is in Philadelphia? That seems like more than 1sq mile... In the dial up case, you could/should know the originating number, so location can be determined from that. In the DSL case, the ATM PVC can often be mapped back to a DSLAM port and thus a wire pair with a known termination. Whether the provisioning and management systems are up to the task of providing this information quickly enough for emergency services, I don't know. --Chris
New worm?
Several machines on a resnet that I consult for have started spewing traffic--50Mbits/sec all the way up to line rate. We're working on discoing the affected machines and getting traffic characteristics. Anyone else seeing similar? --Chris
Re: New worm?
On Apr 21, 2005, at 11:24 PM, Charles Cala wrote: i've seen file sharing/p2p/spam bots set up like that. removed a few, the hard way. (un mounted the drives, set them up on another box, and cleaned them) what does the virus scan turn up? Don't know yet, as the support staff gone for the day at this time. --Chris
Re: New worm?
On Apr 22, 2005, at 12:13 AM, Christopher L. Morrow wrote: do you atleast have info about the packet types/destinations/anything-useful ? Netflow is showing a lot of 1500 byte packets, but many different destinations. It looks similar to gnutella traffic. Maybe just a lot files to share and our rate shapers are broken.
Re: Blog...
On Apr 11, 2005, at 5:10 AM, [EMAIL PROTECTED] wrote: I have to agree... Paul's been doing an excellent job of picking out the one or two things that really matter each day, His service is a real value-add and it is a good idea to incorporate some more of the latest Internet communication tools into NANOG. --Michael Dillon I agree. I like mail lists because they are self-editing. S/N on any mail list is much better than the S/N in all of blogspace. Mail lists are also a push, instead of a pull. I always go through my email since there may be something useful, interesting or important. I have to go read blogs (or RSS feeds), and that's something that usually gets put in the low priority queue. So, Paul, please keep posting your tidbits. --Chris
Re: Wired mag article on spammers playing traceroute games with trojaned boxes
On Thursday, October 9, 2003, at 10:04 AM, Suresh Ramasubramanian wrote: http://www.wired.com/news/business/0,1367,60747,00.html -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations I found one of these today, as a matter of fact. The spam was advertising an anti-spam package, of course. The domain name is vano-soft.biz, and looking up the address, I get Name:vano-soft.biz Addresses: 12.252.185.129, 131.220.108.232, 165.166.182.168, 193.165.6.97 12.229.122.9 A few minutes later, or from a different nameserver, I get Name:vano-soft.biz Addresses: 131.220.108.232, 165.166.182.168, 193.165.6.97, 12.229.122.9 12.252.185.129 This is a real Hydra. If everyone on the list looked up vano-soft.biz and removed the trojaned boxes, would we be able to kill it? --Chris
Re: News of ISC Developing BIND Patch
On Thursday, September 18, 2003, at 02:10 PM, [EMAIL PROTECTED] wrote: manufacturer assigned macs are guaranteed to be globally unique. A specific enterprise reconfiguring the mac is akin to an enterprise using RFC1918 space. I would say _supposed_ to be unique. Surely some cheapo manufacturer has recycled addresses from their old ISA card days. Back in the mainframe days, admins used to always set the MAC addresses of devices on the token rings, since the MAC address was used to bid on which node managed the ring. I have seen people fat-finger it too.
RE: National Moment of Silence
I doubt that the Kazaa servents will get shut down either. -Original Message- From: Greg Maxwell [SMTP:[EMAIL PROTECTED]] Sent: Monday, September 09, 2002 1:14 PM To: Hank Nussbacher Cc: [EMAIL PROTECTED] Subject: Re: National Moment of Silence On Mon, 9 Sep 2002, Hank Nussbacher wrote: Is anyone planning on measuring backbone loads during the National Moment of Silence at 8:46 a.m. Eastern Standard Time on 9/11? -Hank Moment of slience? backbone loads? ... When a user on a network HTTP GETs a porno, and no one polls their SNMP counters, does it make a sound?