PathControl vs. Internap(hardware)

[Dave Temkin]

Has anyone done any comparisons recently?  I know that RouteScience
changed their model of not providing the hardware anymore, but I was
overall satisfied with their product when I had it before.  Has anyone
stacked the Internap (former NetVMG/Sockeye) soft against the
PathControl software?

What were your impressions if so?

Thanks,
-Dave

Philadelphia MCI/UU PoP?

[Dave Temkin]

Does anyone know the address of the Philadelphia MCI/UU (legacy?) POP?

Replies off list are fine.
Thanks,
-Dave

RouteScience PathControl vs. Radware Linkproof

[Dave Temkin]

Looking for anyone who's done a direct comparison of the two (I understand
the way they fundamentally work is completely different, however they both
try to achieve the same thing).  I'm doing my own bake-off here and I'd
like to hear others' opinions.

Direct replies are OK

Thanks,

-Dave

Re: Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today

[Dave Temkin]

On Wednesday 28 January 2004 08:37, Dave Temkin  wrote:
 So?  Had the virii been an application compiled for RedHat and
 everyone ran RedHat instead of Windows and they downloaded it using
 Evolution and double clicked on it, it would suddenly be RH's fault
 instead of MIcrosoft's?

If RedHat, by default had you running as root rather than an unprivledged
user, it sure would be.

Most Windows boxes are running with administrative privledges.  That
makes
Windows a willing accomplice.  The issue isn't that people click on
attachments, but that there are no built in safeguards from what happens
next.

--
Robin Lynn Frank | Director of Operations | Paradigm-Omega, LLC Cry
havoc,
and let slip the dogs of war! Email acceptance policy:
http://paradigm-omega.com/email_policy.php


You're the second person to say that and it's still wrong.  The virii,
once resident, opens a connection to port 25 on an open SMTP server,
whether it be the user's ISP relay or local server.  Sure, it can't
install itself into /etc/init.d, but it sure can launch itself bg instead
of fg and be running until the user either kills it or reboots the box.

Also, for reference to other people - the preview pane does *not* allow
the execution of attachments unless they're double-clicked on and
acknowledged.  Again - we're not talking about another OS or Outlook
exploit, only a stupid user exploit.


-- 
David Temkin

Re: Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today

[Dave Temkin]

: Also, for reference to other people - the preview pane does *not*
allow
: the execution of attachments unless they're double-clicked on and
: acknowledged.  Again - we're not talking about another OS or Outlook
: exploit, only a stupid user exploit.

The feature has been fixed but it **did** at one point run apps.

James Edwards
Routing and Security Administrator
[EMAIL PROTECTED]
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through Friday
505-988-9200 SIP:1(747)669-1965


Right, and at multiple points bind and sendmail allowed the execution of
code from remote systems without the system owner interacting at all.
What's that got to do with today?


-- 
David Temkin

Re: Misplaced flamewar... WAS: RE: in case nobody else noticed it, there was a mail worm released today

[Dave Temkin]

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
 james
 Sent: Wednesday, January 28, 2004 4:02 PM
 To: [EMAIL PROTECTED]
 Subject: Re: Misplaced flamewar... WAS: RE: in case nobody else noticed
 it, there was a mail worm released today



 : What's that got to do with today?


 I might be reaching here, but I understand some people never upgrade or
 patch.


True, but that happens regardless of the OS.  I'm sure if we looked really
hard we could find some ancient versions of bind  or sendmail (complete
with open relays (speak of old bad defaults...)

Contact from Google urgently needed

[Dave Temkin]

If anyone on the list is employed by Google please contact me ASAP.  I've
sent emails to [EMAIL PROTECTED] and haven't gotten a response.  There's
nothing on the NOC list for Google.

Thanks,
-Dave

Re: AOL rejecting mail from IP's w/o reverse DNS?

[Dave Temkin]

You mean like Level3?

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Steven M. Bellovin
Sent: Wednesday, December 03, 2003 2:27 PM
To: Matthew Crocker
Cc: Christopher X. Candreva; [EMAIL PROTECTED]
Subject: Re: AOL rejecting mail from IP's w/o reverse DNS ?



In message [EMAIL PROTECTED], Matthew
Crocker



AOL says the PTR record needs to be assigned.  It doesn't specify it
has to match the @domain.com in the MAIL FROM: header.  Wouldn't it be
enough to make sure every IP address you announce has a PTR and
matching A record?  Hasn't this been a requirement for MANY services
for MANY years?


Right -- and then folks will start creating wildcard PTR records...


--Steve Bellovin, http://www.research.att.com/~smb



-- 
David Temkin

Google-jacking?

[Dave Temkin]

Has anyone seen a situation on their internal networks where going to a
(non-Google) page Hijacks them and they end up with either the Google
front page or a broken link page?

This happens on machines both with the toolbar and without, and we've
seen it on machines on different networks/running different OS's.

Just curious.
Thanks,
-Dave

Re: Google-jacking?

[Dave Temkin]

FWIW, it's not a virus, it's something infrastructure related.  All of the
systems that I've seen this on have all the latest DAT's and the proxy
servers it sits behind are virus scanning as well (for both email and web)
and use alternate vendors

On Mon, 1 Dec 2003, Dave Temkin wrote:

 Has anyone seen a situation on their internal networks where going to a
 (non-Google) page Hijacks them and they end up with either the Google
 front page or a broken link page?

 This happens on machines both with the toolbar and without, and we've
 seen it on machines on different networks/running different OS's.

 Just curious.
 Thanks,
 -Dave

US LEC?

[Dave Temkin]

Does anyone have any experience in dealing with US Lec?  I'm working with
a FastNet customer who's been sold to them in FSST's bankruptcy.

We have other connectivity in the meantime.

Thx,
-Dave

Re: Carriers using CES in the wild?

[Dave Temkin]

Actually I was moreso looking to see if any of the major carriers were
doing it on the sly, ie, selling it as point-to-point TDM but instead it
was CES

Thanks,

-- 
David Temkin

On Thu, 24 Jul 2003, Jared Mauch wrote:

 On Thu, Jul 24, 2003 at 09:50:30PM -0400, Dave Temkin wrote:
 
  Is anyone aware of any carriers that are using CES as a transport method
  as private line and aren't necessarily selling it as such?  (ie, I've
  ordered a DS-3 from point A to point B, and instead of the carrier
  dropping it as standard TDM it's CES through their network...)

   What you are speaking of is most likely what juniper
 calls CCC.  L2 transport over their network.  Not too dificult to set up
 but as usual the complications come in the realm of redundancy and
 network reconvergence.

   I'd pay close attention to the SLA offered, but it
 is probally similar to what is seen in a TDM network if they
 employ mpls fast reroute .. and if you're doing IP
 over this circuit, you will probally be less likely to notice any
 problems.

   - Jared

Carriers using CES in the wild?

[Dave Temkin]

Is anyone aware of any carriers that are using CES as a transport method
as private line and aren't necessarily selling it as such?  (ie, I've
ordered a DS-3 from point A to point B, and instead of the carrier
dropping it as standard TDM it's CES through their network...)

Thanks,

-- 
David Temkin

RE: rfc1918 ignorant

[Dave Temkin]

Good point on the PMTU, you're correct and I wasn't thinking about that
(though generally that would have come from the inside router, unless one
of those routers was where the MTU limitation was).  Engineered *correctly
*I don't see an issue.

I never implied that people should remove filters for 1918, that's silly.


On Wed, 23 Jul 2003, Ben Buxton wrote:



 Uhhh...PMTU-d can break as routers will send back icmp cant-frag
 packets from those link addresses and rpf, filtering, etc will
 bring tcp connections to a standstill.

 Don't filter rfc1918? umm good luck convincing the rest of the
 net to eliminiate their filters. The basic premise of building
 public networks is that you have to work around other peoples
 policies. If it's corporate nets, then sure you can control it
 all, but not here.

 Though the PMTU-d point is arguable (what are your internal links doing
 with
 crummy MTU, for example).

 BB

 
  Is this really an issue?  So long as they're not advertising
  the space I
  see no issue with routing traffic through a 10. network as
  transit.  If
  you have no reason to reach their router directly (and after
  Cisco's last
  exploit, I'd think no one would want anyone to reach their
  router directly
  :-) ), what's the harm done?
 
  RFC1918 merely states that it shouldn't be routed on the
  global internet,
  not that it can't be used for transit space.
 
 
 
  ---
 
  Is there a site to report networks/isps that still leak
  rfc1918 space?
  By leaking I not only mean don't filter, but actually _use_ in their
  network?
 
  If someone is keeping a list, feel free to add ServerBeach.com. All
  traceroutes to servers housed there, pass by 10.10.10.3.
 
  traceroute to www.serverbeach.com
  ...
  20. 64-132-228-70.gen.twtelecom.net
  21. 10.10.10.3
  22. 66.139.72.12
 
  Kind Regards,
  Frank Louwers
 
  --
  Openminds bvbawww.openminds.be
  Tweebruggenstraat 16  -  9000 Gent  -  Belgium
   --
  David Temkin
 

RE: rfc1918 ignorant

[Dave Temkin]

Except you're making assumptions as to how that router is used.

If it's being used for purely transit then your third paragraph doesn't
apply at all.  The traffic is not originating or terminating there, it is
merely passing through.

-- 
David Temkin

On Wed, 23 Jul 2003, David Schwartz wrote:



  -Original Message-
  From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
  [EMAIL PROTECTED]
  Sent: Wednesday, July 23, 2003 6:10 AM
  To: Dave Temkin
  Cc: [EMAIL PROTECTED]
  Subject: re: rfc1918 ignorant
 
 
 
  On Wed, 23 Jul 2003, Dave Temkin wrote:
 
   Is this really an issue?  So long as they're not advertising the space I
   see no issue with routing traffic through a 10. network as transit.  If
   you have no reason to reach their router directly (and after
  Cisco's last
   exploit, I'd think no one would want anyone to reach their
  router directly
   :-) ), what's the harm done?
 
  If Frank's seeing the IP in his traceroute then the network concerned
  isn't properly filtering traffic leaving their borders as per BCP38:
 
  http://www.faqs.org/rfcs/bcp/bcp38.html

   They're not complying with RFC1918 either:

In order to use private address space, an enterprise needs to
determine which hosts do not need to have network layer connectivity
outside the enterprise in the foreseeable future and thus could be
classified as private. Such hosts will use the private address space
defined above.  Private hosts can communicate with all other hosts
inside the enterprise, both public and private. However, they cannot
have IP connectivity to any host outside of the enterprise. While not
having external (outside of the enterprise) IP connectivity private
hosts can still have access to external services via mediating
gateways (e.g., application layer gateways).

All other hosts will be public and will use globally unique address
space assigned by an Internet Registry. Public hosts can communicate
with other hosts inside the enterprise both public and private and
can have IP connectivity to public hosts outside the enterprise.
Public hosts do not have connectivity to private hosts of other
enterprises.

   and

Because private addresses have no global meaning, routing information
about private networks shall not be propagated on inter-enterprise
links, and packets with private source or destination addresses
should not be forwarded across such links. Routers in networks not
using private address space, especially those of Internet service
providers, are expected to be configured to reject (filter out)
routing information about private networks. If such a router receives
such information the rejection shall not be treated as a routing
protocol error.

Indirect references to such addresses should be contained within the
enterprise. Prominent examples of such references are DNS Resource
Records and other information referring to internal private
addresses. In particular, Internet service providers should take
measures to prevent such leakage.

   It's pretty clear that devices with network layer connectivity outside the
 etnerprise are not private and thus can't be numbered inside private IP
 space.

   DS

Re: rfc1918 ignorant

[Dave Temkin]

Needs is a tough call.  Plenty of networks block ICMP at the border and
could very well be using 1918 addressing in between and you'd have no
idea.


-- 
David Temkin

On Wed, 23 Jul 2003, Lyndon Nerenberg wrote:


 On Wednesday, July 23, 2003, at 11:40  AM, Dave Temkin wrote:
  Except you're making assumptions as to how that router is used.
 
  If it's being used for purely transit then your third paragraph doesn't
  apply at all.  The traffic is not originating or terminating there, it
  is
  merely passing through.

 When the router needs to send an ICMP packet back to the source it
 becomes an originator.

 --lyndon

Re: rfc1918 ignorant

[Dave Temkin]

Unless of course I block ICMP for the purposes of denying traceroute but
still allow DF/etc.  Then it's not broken as you say.


-- 
David Temkin

On Wed, 23 Jul 2003, Kevin Oberman wrote:

  Date: Wed, 23 Jul 2003 13:50:05 -0400 (EDT)
  From: Dave Temkin [EMAIL PROTECTED]
  Sender: [EMAIL PROTECTED]
 
 
  Needs is a tough call.  Plenty of networks block ICMP at the border and
  could very well be using 1918 addressing in between and you'd have no
  idea.

 And the network is broken.

 People persist in blocking ICMP and then complain when things don't
 work right. Even if you explain why blocking ICMP is breaking
 something, they say ICMP is evil and we have to block it. OK. they
 are broken and when things don't work, they need to tell their
 customers that they are choosing to run a network that does not work
 correctly. (Not that I expect anyone to do this.)

 I don't see anything tough about this call.

RE: rfc1918 ignorant (fwd)

[Dave Temkin]

-- Forwarded message --
Date: Wed, 23 Jul 2003 07:53:26 -1000
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: RE: rfc1918 ignorant

There's a common misconception reflected here that I wanted to correct.  I
don't have nanog-post, so I apologize if its not appropriate to reply
directly.  You may repost my comments if you'd like.

[Kevin Oberman mailto:[EMAIL PROTECTED] wrote on Wednesday, July 23,
2003 7:07 AM:]
 Comcast and many others seem to
 blithely ignore this for convenience sake. (It's not like they need a
 huge amount of space to give private addresses to these links.)

ARIN required cable operators to use RFC 1918 space for the management
agents of the bridge cable modems that have been rolled out to the millions
of residential cable modem customers.  Doing so obviously requires a 1918
address on the cable router, but Cisco's implementation requires that
address to be the primary interface address.  There is also a publicly
routable secondary which in fact is the gateway address to the customer, but
isn't the address returned in a traceroute.  Cisco has by far the lead in
market share of the first gen Docsis cable modem router market so any trace
to a cable modem customer is going to show this.

In fact, Comcast and others _do_ need a huge amount of private IP space
because of this.  We didn't blithely ignore the RFC, but didn't have a
choice in implementation.  Perhaps Cisco will improve their implementation
for the next round of CMTS development...

Filtering of RFC 1918 space by cable ISPs is of course another topic.

-Doug-

[Kevin Oberman mailto:[EMAIL PROTECTED] wrote on Wednesday, July 23,
2003 7:07 AM:]
 Date: Wed, 23 Jul 2003 08:59:18 -0400 (EDT)
 From: Dave Temkin [EMAIL PROTECTED]
 Sender: [EMAIL PROTECTED]


 Is this really an issue?  So long as they're not advertising the
 space I see no issue with routing traffic through a 10. network as
 transit. If you have no reason to reach their router directly (and
 after Cisco's last exploit, I'd think no one would want anyone to
 reach their router directly :-) ), what's the harm done?

 RFC1918 merely states that it shouldn't be routed on the global
 internet, not that it can't be used for transit space.

 That's not what is in my copy of 1918.

 In order to use private address space, an enterprise needs to
 determine which hosts do not need to have network layer connectivity
 outside the enterprise in the foreseeable future and thus could be
 classified as private. Such hosts will use the private address space
 defined above.  Private hosts can communicate with all other hosts
 inside the enterprise, both public and private. However, they cannot
 have IP connectivity to any host outside of the enterprise. While not
 having external (outside of the enterprise) IP connectivity private
 hosts can still have access to external services via mediating
 gateways (e.g., application layer gateways).

 As I read this, packets with a source address in 19298 space should
 NEVER appear outside the enterprise. Comcast and many others seem to
 blithely ignore this for convenience sake. (It's not like they need a
 huge amount of space to give private addresses to these links.)