RE: latency (was: RE: cooling door)
... feed tcp throughput equation into your favorite search engine for a lot more references. There has been a lot of work in some OS stacks (Vista and recent linux kernels) to enable TCP auto-tuning (of one form or another), which is attempting to hide some of the worst of the TCP uglynesses from the application/end-users. I am not convinced this is always a good thing, since having the cruft exposed to the developers (in particular) means one needs to plan for errors and less than ideal cases. Gary
RE: 10GE router resource
FPGAs can be used to do both SRAM and TCAMs. All that is needed is an FPGA board with 10G or a 10G card with an FPGA on it. The Xilinx Virtex family can already do 10G, if you are into FPGA development (I seem to recall the first Xilinx FPGA that could do 10G was 4-5 years ago; forever in Moore's law). Other vendors have equivalent parts. And the Xilinx family has an available PowerPC core. I seem to recall a couple of vendors making available a (micro)Linux kernel for running on same. All the hardware you need for building your own 10G router. Just add FPGA development resources, some planar board design, and software.
RE: An Attempt at Economically Rational Pricing: Time Warner Trial
To put it another way, they do not give you a better price per minute if you go and deposit $2400 in your prepaid account. Actually, ATT did (when I last looked at at least one of their prepaid plans a year or so ago for a friend). Deposit $100, get a $20 bonus. Or something like that. Personally, I do not know how the Time Warner trial will work out (for them, for the consumer, or for other providers), but I do give them credit for experimenting with a different model. Gary
RE: An Attempt at Economically Rational Pricing: Time Warner Trial
My guess is the market will work this out. As soon as it's implemented, you'll see ATT commercials in that town slamming cable and saying how DSL is really unlimited. If I were the DSL companies, I would consider advertising with a commercial recalling the fable of the tortoise and the hare. You see a starting line, the rabbit jumps out early (8mb/s), and then crawls forward (64kb/s). The turtle starts a little slower (3mb/s), but just keeps going, beating the rabbit easily. Gary
RE: Running Application when Network Connection Detected
Ah. Sorry, guess that would be important. Win XP If you are willing to do some (dot net) scripting, look at the information at: http://msdn2.microsoft.com/en-us/library/ms700657.aspx Receiving notifications when things change Gary
Comcast Contact
Can someone clueful from comcast.net contact me offlist please? Thank you. -G
RE: BitTorrent swarms have a deadly bite on broadband nets
... Why not suck up and go with the economic solution? Seems like the easy thing is for the ISPs to come clean and admit their unlimited service is not and put in upload caps and charge for overages. Who will be the first? If there *is* competition in the marketplace, the cable company does not want to be the first to say We limit you (even if it is true, and has always been true, for some values of truth). This is not a technical problem (telling of the truth), it is a marketing issue. In case it has escaped anyone on this list, I will assert that marketings strengths have never been telling the truth, the whole truth, and nothing but the truth. I read the fine print in my broadband contract. It states that ones mileage (speed) will vary, and the download/upload speeds are maximum only (and lots of other caveats and protections for the provider; none for me, that I recall). But most people do not read the fine contract, but only see the TV advertisements for cable with the turtle, or the flyers in the mail with a cheap price for DSL (so you do not forget, order before midnight tonight!).
RE: Sun Project Blackbox / Portable Data Center
Subject: Sun Project Blackbox / Portable Data Center www.sun.com/blackbox Has anyone seen one of these things in real life? SLAC has a blackbox (which is actually white) installed, and running it packed with servers for batch computing for the high energy physics program. http://today.slac.stanford.edu/feature/2007/blackbox1.asp Of course, using shipping containers for data centers (and telco/networking) is not new, but this is a commercialized offering, rather than custom built (although these early ones are still essentially custom built). Note also that Google has (recently) patented the modular data center http://yro.slashdot.org/article.pl?sid=07/10/09/1543256from=rss Gary
RE: Question on Loosely Synchronized Router Clocks
Kerberos does not assume clock synchronization. Kerberos requires reasonable clock synchronization. To be more precise, Kerberos requires those systems for which it is providing (authentication) services to agree, within a configured (usually) 5-10 minutes. There is no requirement that those systems have to agree with anything else outside of their realm. If a particular set of servers all agree that it is currently Jan 10th, 1980, at 0913, Kerberos can be fine with that. Of course, usually, NTP (or something like that) is used to keep all the servers near UTC, but keeping clocks at UTC is not a Kerberos requirement. And, as near as I can tell, clock synchronization is not part of the Kerberos protocol. It is not, but note that some localized distributions of Kerberos clients did, indeed, ship with various time synchronization tools before they were common on platforms such as Windows and Mac, so some users may have thought that installing Kerberos meant they got clock synchronization.
RE: Thoughts on increasing MTUs on the internet
Last I heard, the IEEE won't go along, and they're the ones who standardize 802.3. A few years ago, the IETF was considering various jumbogram options. As best I recall, that was the official response from the relevant IEEE folks: no. They're concerned with backward compatibility. As I remember it, the IEEE did not say no (that is not the style of such standards bodies). Instead, they said something along the lines of We will consider any proposal that does not break (existing) standards/implementations. And, to the best of my knowledge, the smart people of the world have not yet made a proposal that meets the requirements (and I believe more than a few have tried to think the issues through). There is absolutely nothing to prevent one from implementing jumbos (if you can even agree how large that should be). It just seems that whatever one implements will likely not be an IEEE standard (unless one is smarter than the last set of smart people). Gary
Re: Colocation in the US.
Brandon Galbraith wrote: On 1/24/07, Mike Lyon [EMAIL PROTECTED] wrote: I think if someone finds a workable non-conductive cooling fluid that would probably be the best thing. I fear the first time someone is working near their power outlets and water starts squirting, flooding and electricuting everyone and everything. -Mike http://en.wikipedia.org/wiki/Mineral_oil http://www.spraycool.com/technology/index.asp
Re: Colocation in the US.
Paul Vixie wrote: i'm spec'ing datacenter space at the moment, so this is topical. at 10kW/R you'd either cool ~333W/SF at ~30sf/R, or you'd dramatically increase sf/R by requiring a lot of aisleway around every set of racks (~200sf per 4R cage) to get it down to 200W/SF, or you'd compromise on W/R. i suspect that the folks offering 10kW/R are making it up elsewhere, like 50sf/R averaged over their facility. (this makes for a nice-sounding W/R number.) i know how to cool 200W/SF but i do not know how to cool 333W/SF unless everything in the rack is liquid cooled or unless the forced air is bottom-top and the cabinet is completely enclosed and the doors are never opened while the power is on. If you have water for the racks: http://www.knuerr.com/web/en/index_e.html?products/miracel/cooltherm/cooltherm.html~mainFrame (there are other vendors too, of course) The CRAY bid for the DARPA contract also has some interesting cooling solutions as I recall, but that is a longer way out.
Re: Yahoo! Mail Servers
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Chuck! On Thu, 9 Nov 2006, chuck goolsbee wrote: I haven't heard a peep from any human being at Yahoo. +1 RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Ave., Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.3 (GNU/Linux) iD8DBQFFU7ET8KZibdeR3qURAjPXAJ0XjQbE1JChmDp5vGHmkHUWmVFm6ACgh7Dg xvQFg+MRXEn8SfO7VeP+WeU= =/luB -END PGP SIGNATURE-
Open Source NMS Software
I'm looking at depolying an open source-based NMS solution, and I'm looking at a couple products, mostly OpenNMS (http://www.opennms.org) and Zenoss (http://www.zenoss.org). I like the looks of Zenoss, but I've never really heard of it and I'm wondering if anyone has any experiences with it that they can share before I go and spend hours on an install/configuration. Is there something wrong with it, and that's why I've never heard of anyone using it? Am I just out of the loop? Even better would be someone who's used both products and could give me a quick comparison. I'd also welcome suggestions of another product (as long as it's not bb, nagios, or hobbit) that I should be looking at. Thanks, Gary Giesen
RE: wrt joao damas' DLV talk on wednesday
now that you know the whole story, perhaps you'll reevaluate your position. While I have a number of opinions on the subject (who on this list does not have opinions?), I suggest that the program committee members take this on as todo to formulate some sort of acceptable practice for future NANOG meetings. Paul has made a number of good points, as have others. Paul may be special (are we not all?), but just because he is special should not mean different expectations in behavior and actions at these meetings. Many good points have been raised. Make some choices, and stick with them for future meetings. Gary smime.p7s Description: S/MIME cryptographic signature
Re: Network graphics tools
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Howard! On Tue, Mar 21, 2006 at 09:17:44PM -0500, Howard C. Berkowitz wrote: Much of the enterprise market seems wedded to Visio as their network graphics tool, which locks them into Windows. Personally, I hate both little pictures of equipment and Cisco hockey-puck icons; I much prefer things like rectangles saying 7507 STL-1 or M160 NYC-3. I am surprised no one has mentioned Open Office 2. It's drawing function can do a lot of Visio like things. I like it a lot better than dia and it does all the network drawing that I need. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.1 (GNU/Linux) iD8DBQFEINmp8KZibdeR3qURAg2UAKCF6M1AN9CYWRvHgkPWSfjvxBrKVgCg6bJj CXgt4PcQfea+5EkKPZ4kgUk= =zmju -END PGP SIGNATURE-
Re: Cisco, haven't we learned anything? (technician reset)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Rob! On Thu, 12 Jan 2006, Rob Thomas wrote: This is NOT a default password in the IOS. Uh, wrong. Check out the doc for the Cisco AIR-AP1220. Ver 12.01T1 RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDxrGB8KZibdeR3qURAvHaAJ0Q7Lt6rkj+jQNqnsMdpJX+DfldywCgidbI qX+Hm/+94o/W4F5sN6NRuzU= =EfCd -END PGP SIGNATURE-
RE: Level3 problems
Hmmm ... I suppose I would prefer this community not be made an explicit source of information for a reporter. Implicitly, if reporters must hang off this thread, they should be able to discern impact from perspective given here. However, if questions like the one(s) asked below became standard on this thread, then soon the function of the group slants to something other than a forum to aid (each other) in the proper management of the affairs of Network Operators ... and may morph into something far less useful. No intention to scare ... -gh -Original Message- From: Alex Rubenstein [mailto:[EMAIL PROTECTED] Sent: Friday, October 21, 2005 1:43 PM To: Gary Hale Cc: [EMAIL PROTECTED]; nanog@merit.edu Subject: RE: Level3 problems Gary, I understand your statement, but I am sure the gentleman below does not. If you want a story to be done, so that the world can see how something like this can impact thousands of businesses, the best bet would be to help educate this guy so that he has something to write. Are, were you trying to scare him off from doing a story? Personally, I am quote fed up with the issues that the huge providers have and cause, yet never have anyone document it, find out about it, or do anything about it. I laud this guys effort for actually trying to do his job and expose something that needs to be exposed. I am now putting on my level-3 bullet proof jacket, and will be looking over my shoulder for the next 3 NANOGs. On Fri, 21 Oct 2005, Gary Hale wrote: Are you kidding? -gh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 21, 2005 11:03 AM To: nanog@merit.edu Subject: Re: Level3 problems I'm a reporter with InformationWeek magazine. I'm trying to get an idea of the significance of this morning's outage. Has Level 3 communicated with you about the cause of the outage? How greatly did the outage affect you or your customers? Was this an unusually large event? Thanks, [EMAIL PROTECTED] -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben Net Access Corporation, 800-NET-ME-36, http://www.nac.net
RE: Level3 problems
Not delusional ... just prefer it not be an explicit thread to all of the community ... or ... consistent w/ your observation below (ref. lurking) ... -gh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Monday, October 24, 2005 9:57 AM To: nanog@merit.edu Subject: RE: Level3 problems Hmmm ... I suppose I would prefer this community not be made an explicit source of information for a reporter. You're about 10 years too late. Reporters have been lurking on the NANOG list for at least that long. Only the newbie reporters post info requests to the lists. The pros send private emails to list members or go to a NANOG meeting and prowl the hallways. Or did you somehow think that the Internet was a secret network for the members of some private club? --Michael Dillon
RE: Level3 problems
Are you kidding? -gh -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Friday, October 21, 2005 11:03 AM To: nanog@merit.edu Subject: Re: Level3 problems I'm a reporter with InformationWeek magazine. I'm trying to get an idea of the significance of this morning's outage. Has Level 3 communicated with you about the cause of the outage? How greatly did the outage affect you or your customers? Was this an unusually large event? Thanks, [EMAIL PROTECTED]
RE: design of a real routing v. endpoint id seperation
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Neil! On Fri, 21 Oct 2005, Neil J. McRae wrote: If we all ran networks that worked as well as our customers demand... Some demand low price and some demand high availability. No way to please everyone. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDWWiP8KZibdeR3qURAlxDAKCnE8uNK36GKu5wHeuFtR9bID3LMwCeNMV5 Hrp1sFipFeyg4or0SHDv5bE= =KdkD -END PGP SIGNATURE-
Re: And Now for Something Completely Different (was Re: IPv6 news)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Fred! On Tue, 18 Oct 2005, Fred Baker wrote: But yes, communities of a rational size and density could get an address block, the relevant ISPs could all advertise it into the backbone, and the ISPs could determine among themselves how to deliver traffic to the homes, That assumes they can agree on how to get traffic to/from the world and the local IX. One of our local ISPs goes the cheap way and uses an overloaded (and therefore cost effective) link to a cheap tier 2. Another pays a premium price to have a lightly loaded link for it's customers. They will never agree on their business model, not should they have to. By forcing local ISPs to use the same routing prefix you force them to share the same routing strategy to the outside world. For semi-isolated communities this is a big issue. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDVV4g8KZibdeR3qURAuhjAKCuvsd/ZmXebyyTNkfdQ3tBbQvdmACg1OnL RE0lRoxSElVzNaZFpdYcObA= =b5O1 -END PGP SIGNATURE-
Re: IPv6 news
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Michael! On Mon, 17 Oct 2005, [EMAIL PROTECTED] wrote: Here, the suggestion is that netblocks should be allocated to cities, not to providers. Within a city, providers would get a subset of the city address block to meet their local infrastructure needs. They would interconnect with each other a local exchange points to exchange local traffic And who is going to force the ISPs to interconnect at the city level? For competitive reasons there is no peering in my city. The nearest peering points are several hundred miles away, in different directions, and even those are not shared in common by the local ISPs. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDU9eq8KZibdeR3qURAnBfAKC4ZBCUrGq9HgW80FJxIGqfbR7mowCgi4GD ykujmYnq/FPv6MA1nKdf49A= =aUG/ -END PGP SIGNATURE-
Re: ISP's In Uproar Over Verizon-MCI Merger
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Iljitsch! On Tue, 23 Aug 2005, Iljitsch van Beijnum wrote: So I guess the choice is between lots of broadband against monopoly prices or less broadband at lower prices? You forget the third choice the ATT taught us so well before the big breakup: Less broadband at higher prices. Just look at how hard it has been to get Qwest to fulfill their promises of more broadband outside of the cities in return for less state control over prices. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQFDC6K38KZibdeR3qURApARAJwJsixdlFEUAqjHJpR1WUICiKqfhQCdHkT+ i+e5xHWTrMohVirRV6pTS9Q= =5c3p -END PGP SIGNATURE-
RE: Semi-on-topic: Light that travels faster than the speed of light?
To make this operational, will this speed up BGP convergence? (note that there is a difference between group velocity and phase velocity. The posters of 300,000 Kilometers Per Second. It's Not Just a Good Idea, It's the Law! are still valid). -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fergie (Paul Ferguson) Sent: Saturday, August 20, 2005 10:40 AM To: nanog@merit.edu Subject: Semi-on-topic: Light that travels faster than the speed of light? Man, I knew I should've gotten in on the ground floor in any effort to speed up light -- someone's going to be rich beyond their wildest dreams. :-) (Thanks to a post over at Slashdot) the Science Blog reports that: [snip] A team of researchers from the Ecole Polytechnique Fédérale de Lausanne (EPFL) has successfully demonstrated, for the first time, that it is possible to control the speed of light - both slowing it down and speeding it up - in an optical fiber, using off-the-shelf instrumentation in normal environmental conditions. Their results, to be published in the August 22 issue of Applied Physics Letters, could have implications that range from optical computing to the fiber-optic telecommunications industry. [snip] http://www.scienceblog.com/light.html - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
RE: Boing Boing: Michael Lynn's controversial Cisco security presentation
Would this not be a great way to infect thousands of network operations systems due to a PDF exploit? It is like free beer to many network operators, they just *have* to consume it. One could take control of the network by taking control of the systems of the people operating it and silently watch for the passwords, names, ip addresses that will enable one to take control later. I know, I am just being paranoid. There has never been an exploitable PDF exploit. Oh, wait, there has been :-) One has to admit it would be one hell of a combined social engineering and technical exploit if it could be pulled off. Gary -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Fergie (Paul Ferguson) Sent: Friday, July 29, 2005 7:19 AM To: nanog@merit.edu Subject: Boing Boing: Michael Lynn's controversial Cisco security presentation Over on Boing Boing: [snip] Here's a PDF that purports to be Michael Lynn's presentation on Cisco's critical vulnerabilities (The Holy Grail: Cisco IOS Shellcode And Exploitation Techniques), delivered at last week's Black Hat conference. Lynn's employer, ISS, wouldn't let him deliver the talk (they'd been leant on by Cisco), so Lynn quit his job, walked onstage and delivered it anyway. (See yesterday's post and Scheneier's take for more). 1.9MB PDF Link [snip] http://www.boingboing.net/2005/07/29/michael_lynns_contro.html I think these guys better prepare for the slashdot effect... :-) - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
RE: Cisco IOS Exploit Cover Up
The *best* exploit is the one alluded to in the presentation. Overwrite the nvram/firmware to prevent booting (or, perhaps, adjust the voltages to damaging levels and do a smoke test). If you could do it to all GSR linecards, think of the RMA costs to Cisco (not to mention the fact that Cisco could not possible replace all the cards in all the GSRs across the internet in an anywhere reasonable timeframe). *THAT* is what I suspect worries Cisco. But of course I am just conjecturing... Gary -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Janet Sullivan Sent: Friday, July 29, 2005 12:44 PM To: [EMAIL PROTECTED]; nanog@merit.edu Subject: Re: Cisco IOS Exploit Cover Up Scott Morris wrote: And quite honestly, we can probably be pretty safe in assuming they will not be running IPv6 (current exploit) or SNMP (older exploits) or BGP (other exploits) or SSH (even other exploits) on that box. :) (the 1601 or the 2500's) If a worm writer wanted to cause chaos, they wouldn't target 2500s, but 7200s, 7600s, GSRs, etc. The way I see it, all that's needed is two major exploits, one known by Cisco, one not. Exploit #1 will be made public. Cisco will released fixed code. Good service providers will upgrade. The upgraded code version will be the one targeted by the second, unknown, exploit. A two-part worm can infect Windows boxen via any common method, and then use them to try the exploit against routers. A windows box can find routers to attack easily enough by doing traceroutes to various sites. Then, the windows boxen can try a limited set of exploit variants on each router. Not all routers will be affected, but some will. As for what the worm could do - well, it could report home to the worm creators that Hey, you 0wn X number of routers, or it could do something fun like erasing configs and locking out console ports. ;-) Honestly, I've been expecting something like that to happen for years now. shrug
RE: Cisco IOS Exploit Cover Up
The video *might* be available on the Washington Post later today. From http://netsec.blogspot.com/ Michael Lynn's The Holy Grail: Cisco Shellcode and Remote Execution presentation blew the doors off of Caesar's Palace Today with a full shell code exec capabilities for nearly ANY Cisco vulnerability. If your organization hasn't updated any Cisco IOS-based devices lately, the devices may be under someone else's control. The story from Michael Lynn proceed like this: He discovered clues that there was an issue being exploited when reading translated Chinese hacker sites that alluded to the issue. It was likely discovered after the theft of the Cisco Source code in May 2004 which was itself part of a larger series of intrusions. Upon further research leading to the development of working proo-of-concept code, he and his former employer ISS notified Cisco. Cisco patched the issue silently in April but never issued an advisory as to the seriousness of the issue. Cisco has since pulled all older, vulnerable versions of IOS from it's web site. After discovering that ISS was allow Lynn to present on the issue, Cisco CEO John Chambers attempted to censor the issue. When ISS stood it's ground, John Chambers requested that the US Government intervene as a matter of national security to no apparent avail. The popular press is starting to pick up on the issue now and I hear rumour that Michael's presentation MIGHT be made available in video via the Washington Post web site tomorrow. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Network Fortius Sent: Wednesday, July 27, 2005 6:39 PM To: nanog@merit.edu Subject: Re: Cisco IOS Exploit Cover Up I have been searching the net since this morning, for The Holy Grail: Cisco IOS Shellcode Remote Execution, or variations of such. This seems to be - at the moment - the most thought after torrent ... Stef Network Fortius, LLC On Jul 27, 2005, at 8:13 PM, Daniel Golding wrote: Since the talk was actually delivered - does anyone have a transcript or a torrent for audio/video? - Dan On 7/27/05 8:10 PM, Jeff Kell [EMAIL PROTECTED] wrote: Cisco's response thus far: http://www.cisco.com/en/US/about/security/intelligence/ MySDN_CiscoIOS.html Jeff
RE: Cisco IOS Exploit Cover Up
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of James Baldwin Sent: Thursday, July 28, 2005 10:36 AM To: [EMAIL PROTECTED] Cc: nanog@merit.edu Subject: Re: Cisco IOS Exploit Cover Up Lynn developed this information based on publicly available IOS images. Well, there is this long legal license agreement you have to click to agree to before you download the images (and I think it is included with the hardware you unpack too). In there somewhere you do agree not to reverse engineer the images (I actually read it all once a long time ago). As to whether that is enforceable, that is for a court to decide. There were no illegal acts committed in gaining this information nor was any proprietary information provided for its development. Reverse engineering, specifically for security testing has an exemption from the DMCA (http://cyber.law.harvard.edu/openlaw/ DVD/1201.html). As I understand it, it is still unsettled case law as to how that clause should be interpreted. It is generally considered a good idea to avoid being the test case for such lawsuits (unless you have deep pockets to afford the best lawyers money can buy, or at least better than what your opposition can buy). That being said, what information is he not supposed to have? All the information he had is available to anyone with a disassembler, an IOS image, and an understanding of PPC assembly. Perhaps, as in at least some companies interpretations of the DMCA, these are software equivalent of the crime of Possession of burglary tools? The US legal system is not as clean nor clear as one might like to hope. But the process will be followed, and we will see what happens. And if the result is bad, we can change the laws. Gary
Re: what will all you who work for private isp's be doing in a few years?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Bob! On Wed, 11 May 2005, Bob Martin wrote: It won't be long before the telco's respond by offering DSL at the same speed/price. I've heard (but don't *know*) that SBC is selling 6 down and 1 up in Houston and Dallas for $35. BendTel here is offering ADSL2 3up/8 down for $35. That sure beats cable! RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFCgl/08KZibdeR3qURAsBsAJ9/Cxej+4avZdLsc45kEiz40PXsrwCghKcw /qEPzI+83MtCBYL8c+sDb9Q= =efV+ -END PGP SIGNATURE-
Re: New IANA IPv4 allocation to AfriNIC (41/8)
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Steve! On Wed, 13 Apr 2005, Steve Meuse wrote: Personally, I believe we should give them the chance to fail before we cut them off from the rest of the world. I don't think the majority of 419 email comes from addresses actually sourced in Nigeria. Yeah, but the only thing I get from Nigeria is 419s. YMMV. So much so that my users demanded I block Nigerian IPs. Still, I'll wait until 41/8 is abused before I block it. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFCXYX48KZibdeR3qURAlDaAJ9ml/yR19/ROIZgqjxFkC9YQeucQQCgvxZo lQvvAzxcMmPdzS07gAclYrw= =d4fe -END PGP SIGNATURE-
Re: Utah considers law to mandate ISP's block harmful sites
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Michael! On Fri, 4 Mar 2005, Michael Loftis wrote: Would unplug your cable qualify as a way to disable access? In the same way the FCC allowed TV to so graciously implement the 'V-CHIP' technology? Does anyone actually know anyone that has actually used the V-Chip? In the case of content filtering I do know of businesses and libraries that pretend to do it. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFCKLhq8KZibdeR3qURAqxAAJ9inxcUpOcvtFBMKWZjVf3mfGTGZACfdZO/ Yg1go8xcSZIfo6qXseuMnXs= =1LHM -END PGP SIGNATURE-
Re: AOL scomp
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Joe! On Tue, 1 Mar 2005, Joe Maimon wrote: Apparently the ratio of valid/invalid AOL notifications is a usefull indicator on the cleanliness of the relevant network. Or it just may tell you the clue level of the recipients. I run a mail server that only sends alerts to paying customers. These customers pay several hundred dollars a year for these alerts. The subject line and body text are clearly tagged as to the sedning source. AOL users STILL report it as spam! I have tried to get AOL to whitelist our server but no luck. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFCJhJR8KZibdeR3qURAkJsAKCORAdYmHPYM3rbUEaGxFuJ6KkdUACfYVZF PIlSidJJwnYT5hoSxa1nur8= =S6CI -END PGP SIGNATURE-
Re: Big List of network owners?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Randy! On Thu, 28 Oct 2004, Randy Bush wrote: in general, we try not to make life that easy for spammers and scammers Too late. That horse ran out the barn when Verisgn sold their whois data. At this point keeping the data hard to get just makes it harder on abuse admins. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBgTuA8KZibdeR3qURAmPcAJkBi4c4szOnNXrh0GJJdpvrhf+mrwCdFtoQ ED7OtcZFcxoVkSuUhnsFOOI= =EMDd -END PGP SIGNATURE-
Re: Big List of network owners?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo John! On Thu, 28 Oct 2004, John Underhill wrote: ... but I am looking for a way to make it more reflexive, automated, and give the users a more direct course of action that releases our help desk from some of the burden.. And that is exactly why it will not happen. A lot of the registrars have gone over to the other side. Ever try to get any domain contact info out of nameking? RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBgWGE8KZibdeR3qURAhOxAJ95psP3g0yjv1Wr6vz5yPQPuCaE4gCdEP/e erE90DWlIxpcUFLljcMW98k= =dvcd -END PGP SIGNATURE-
Re: APNIC Privacy of customer assignment records - implementation update
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Matt! On Thu, 23 Sep 2004, Matt Ghali wrote: Does anyone else find this as offensive as I do? Yes, the spammers are gonna love this. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBUzJT8KZibdeR3qURAiIYAJ4/PUMHJlIAL/TO2NB1CBsGQtRzMwCgmZ4d L1CUzZEjOQm2d61XoMHv50U= =1afL -END PGP SIGNATURE-
Ivan damage...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Nanogers! Not been able to reach my machines in Jamaica. The Kingston Daily Gleaner is back up with text only pages. They report BOTH the primary and secondary submarine cables to Jamaica are severed: http://www.jamaica-gleaner.com/gleaner/20040913/lead/lead7.html RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFBRiJV8KZibdeR3qURArgoAJ91UqYc96wXd/4wKyDt2Q5o1LGkKACg2yIx MqVarfvBbZpPyMNae5WsNVc= =BCDE -END PGP SIGNATURE-
OT: We have a winner!
Here are the results of my poll, enjoy. John Kerry Kerry: 25 George W. Bush: 14 Undecided: 4 Michael Badnarik: 3 Randy Bush: 2 Harold Stassen: 1 Michael Peroutka: 1 Bill the Cat: 1 Bugs Bunny: 1
OT: Politics
Quick show of hands, of the American citizens in here (of legal voting age), how many of you will be going to the polls to cast a vote for president this November? And which candidate are you voting for? Mail me in private and I'll summarize the results on the list.
RE: Worms versus Bots
Microsoft has said Windows XP SP2 will have the firewall turned on by default, and that they have considered reissuing the installation CD's such that a new installation will have the firewall enabled to deal with just this problem. I do not know the current state of the consideration, but to me it seems reasonable that Microsoft should at least make the offer of a new CD (to anyone who has a valid XP license key?) No, many people will not request a new CD, but then many people never apply patches either. I think this is a horse and water problem. Gary -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Eric Krichbaum Sent: Monday, May 03, 2004 8:13 PM To: [EMAIL PROTECTED] Subject: FW: Worms versus Bots I see times more typically in the 5 - 10 second range to infection. As a test, I unprotected a machine this morning on a single T1 to get a sample. 8 seconds. If you can get in 20 minutes of downloads you're luckier than most. Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of william(at)elan.net Sent: Monday, May 03, 2004 11:49 PM To: Sean Donelan Cc: Rob Thomas; NANOG Subject: Re: Worms versus Bots On Mon, 3 May 2004, Sean Donelan wrote: On Mon, 3 May 2004, Rob Thomas wrote: ] Just because a machine has a bot/worm/virus that didn't come with a ] rootkit, doesn't mean that someone else hasn't had their way with it. Agreed. Won't help. What's the first thing people do after re-installing the operating system (still have all the original CDs and keys and product activation codes and and and)? Connect to the Internet to download the patches. Time to download patches 60+ minutes. Time to infection 5 minutes. Its possible its a problem on dialup, but in our ISP office I setup new win2000 servers and first thing I do is download all the patches. I've yet to see the server get infected in the 20-30 minutes it takes to finish it (Note: I also disable IIS just in case until everything is patched..). Similarly when settting up computers for several of my relatives (all have dsl) I've yet to see any infection before all updates are installed. Additional to that many users have dsl router or similar device and many such beasts will provide NATed ip block and act like a firewall not allowing outside servers to actually connect to your home computer. On this point it would be really interested to see what percentage of users actually have these routers and if decreasing speed of infections by new virus (is there real numbers to show it decreased?) have anything to do with this rather then people being more carefull and using antivirus. Another option if you're really afraid of infection is to setup proxy that only allows access to microsoft ip block that contains windows update servers And of course, there is an even BETTER OPTION then all the above - STOP USING WINDOWS and switch to Linux or Free(Mac)BSD ! :) Patches are Microsoft's intellectual property and can not be distributed by anyone without Microsoft's permission. I don't think this is quite true. Microsoft makes available all patches as indidual .exe files. There are quite many of these updates and its really a pain to actually get all of them and install updates manually. But I've never seen written anywhere that I can not download these .exe files and distribute it inside your company or to your friends as needed to fix the problems these patches are designed for. The problem with Bots is they aren't always active. That makes them difficult to find until they do something. As opposed to what, viruses? Not at all! Many viruses have period wjhen they are active and afterwards they go into sleep mode and will not active until some other date! Additionally bot that does not immediatly become active is good thing because of you do weekly or monthly audits (any many do it like that) you may well find it this way and deal with it at your own time, rather then all over a sudden being awaken 3am and having to clean up infected system. -- William Leibzon Elan Networks [EMAIL PROTECTED]
RE: Backbone IP network Economics - peering and transit
The question is too simplistic ... It is not (simply) a matter of small vs. big or being on your own network from source-to-destination. Peering is an enabler ... and gives all an opportunity to share content globally ... kinda' fundamental to the Internet consortium. Is your question, 'Since fiber is so cheap, why doesn't everyone build an autonomous, facilities-based, global Internet network that competes for narrowband/broadband pullers of data and hosting/data centers/etc. for content providers (pulled-fromers or pushers of data)? Gary -Original Message- From: Michel Py [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 10:46 PM To: Gordon Cook; [EMAIL PROTECTED] Subject: RE: Backbone IP network Economics - peering and transit Peering? Who needs peering if transit can be had for $20 per megabit per second? The smaller guys that don't buy transit buy the gigabit. Michel.
RE: Backbone IP network Economics - peering and transit
Daniel, That is way too cynical ... and does not address the question of whether building your own transport ever runs counter to the Internet as a consortium. There are business justifications that underpin peering relationships ... and they are based on understanding (or ... philosophy) Gary -Original Message- From: Daniel Golding [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 10:36 AM To: Gary Hale; Michel Py; Gordon Cook; [EMAIL PROTECTED] Subject: Re: Backbone IP network Economics - peering and transit On 4/20/04 8:45 AM, Gary Hale [EMAIL PROTECTED] wrote: The question is too simplistic ... It is not (simply) a matter of small vs. big or being on your own network from source-to-destination. Peering is an enabler ... and gives all an opportunity to share content globally ... kinda' fundamental to the Internet consortium. Is your question, 'Since fiber is so cheap, why doesn't everyone build an autonomous, facilities-based, global Internet network that competes for narrowband/broadband pullers of data and hosting/data centers/etc. for content providers (pulled-fromers or pushers of data)? Gary -Original Message- From: Michel Py [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 10:46 PM To: Gordon Cook; [EMAIL PROTECTED] Subject: RE: Backbone IP network Economics - peering and transit Peering? Who needs peering if transit can be had for $20 per megabit per second? The smaller guys that don't buy transit buy the gigabit. Michel. Gary, Peering is an enabler gives all an opportunity to share content globally fundamental to the Internet consortium This is like the greatest hits compendium collected from various failed 1990's service provider business plans :) People should be careful. Peering is a business/networking arrangement that can save them money (or not). Those who try to imbue it with philosophical significance must be viewed with skepticism. Daniel Golding Network and Telecommunications Strategies Burton Group
RE: Backbone IP network Economics - peering and transit
I disagree ... but sure do appreciate your tone ... :) Regards, Gary -Original Message- From: Daniel Golding [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 4:32 PM To: Gary Hale; Michel Py; Gordon Cook; [EMAIL PROTECTED] Subject: Re: Backbone IP network Economics - peering and transit Cynical? Gee, I hope so. Anyone who reads that sort of fluff needs to be cynical. Lack of appropriate cynicism led, in part, to the recent unpleasantness in the telecommunications industry. Words like enabling, leveraging, mindshare, b2b, e-*, i-*, et al, are considered harmful to fruitful operational discussion :) -- Daniel Golding Network and Telecommunications Strategies Burton Group On 4/20/04 2:17 PM, Gary Hale [EMAIL PROTECTED] wrote: Daniel, That is way too cynical ... and does not address the question of whether building your own transport ever runs counter to the Internet as a consortium. There are business justifications that underpin peering relationships ... and they are based on understanding (or ... philosophy) Gary -Original Message- From: Daniel Golding [mailto:[EMAIL PROTECTED] Sent: Tuesday, April 20, 2004 10:36 AM To: Gary Hale; Michel Py; Gordon Cook; [EMAIL PROTECTED] Subject: Re: Backbone IP network Economics - peering and transit On 4/20/04 8:45 AM, Gary Hale [EMAIL PROTECTED] wrote: The question is too simplistic ... It is not (simply) a matter of small vs. big or being on your own network from source-to-destination. Peering is an enabler ... and gives all an opportunity to share content globally ... kinda' fundamental to the Internet consortium. Is your question, 'Since fiber is so cheap, why doesn't everyone build an autonomous, facilities-based, global Internet network that competes for narrowband/broadband pullers of data and hosting/data centers/etc. for content providers (pulled-fromers or pushers of data)? Gary -Original Message- From: Michel Py [mailto:[EMAIL PROTECTED] Sent: Monday, April 19, 2004 10:46 PM To: Gordon Cook; [EMAIL PROTECTED] Subject: RE: Backbone IP network Economics - peering and transit Peering? Who needs peering if transit can be had for $20 per megabit per second? The smaller guys that don't buy transit buy the gigabit. Michel. Gary, Peering is an enabler gives all an opportunity to share content globally fundamental to the Internet consortium This is like the greatest hits compendium collected from various failed 1990's service provider business plans :) People should be careful. Peering is a business/networking arrangement that can save them money (or not). Those who try to imbue it with philosophical significance must be viewed with skepticism. Daniel Golding Network and Telecommunications Strategies Burton Group
RE: SPAM Directly from ATT Data Networking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yoi All! My apologies to the list for beating a dead horse. This was sent around noon today, but Merit had issues with my reverse DNS until later in the day RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 On Wed, 14 Apr 2004, Gary E. Miller wrote: So do I have to opt-out with every single ATT sales droid, and the new crop next month, or is this list ATT wide? -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAffgT8KZibdeR3qURAgJAAKCTxvnT7LjOh25pctptvSGoDXs0kwCeITV8 eflP0dH6FWEgjXbYMkHpOl0= =ro6F -END PGP SIGNATURE-
RE: SPAM Directly from ATT Data Networking
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Richard! On Wed, 14 Apr 2004, Callahan, Richard M, GVSOL wrote: She has provided an opt-out message and assures me she takes it very seriously. If you have responded to her with a request to NOT be contacted again, you have not been. So do I have to opt-out with every single ATT sales droid, and the new crop next month, or is this list ATT wide? RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAfZOs8KZibdeR3qURAox3AJ9orF8BbuBYutOSffh2DmKwbu4thQCghjad Zv146xDDpGLM+uxvPp8QXdk= =joUJ -END PGP SIGNATURE-
Re: UPS and generator interaction?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Brian! On Mon, 29 Mar 2004, Laurence F. Sheldon, Jr. wrote: Brian (nanog-list) wrote: Does anyone know of a way to get a UPS to trigger a generator to start, and to switch over to the generator power automatically or does this type of thing just not exist? Find somebody with Internet Access and a browser--go to Google.com, enter generator backup ups in the box. Otherwise stroll down to Home Depot. My HD sells a full kit, includeing generator. Then hire an electrician to install it since the code requirements are not obvious. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAaLr+8KZibdeR3qURAn2YAJ4/JP2Bix59XCBYmPA4KZMeNxca+ACfTVkq x64tzuQcW1LKy+pLAq+161Q= =gZhe -END PGP SIGNATURE-
Re: possible L3 issues
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo Keith! On Mon, 23 Feb 2004 [EMAIL PROTECTED] wrote: anyone else seeing high latency via L3 , especially the west coast ? They started blocking my ping monitors in the last 15 minutes. So my Nagios is going nuts. Otherwise TCP seem OK. Maybe they have a ping flood DoS in progress? RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAOocy8KZibdeR3qURAm+AAJsEXdmkBRTo8eVyM5ZMyLKpyaUTUwCfS9oY wHE9wFIVdDlMQH1uDcmW08c= =LHBv -END PGP SIGNATURE-
Re: L3 burp today - what happened?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Yo David! On Mon, 23 Feb 2004, David G. Andersen wrote: The failure seems to have started at 17:09 and ended at about 17:51 EST. Not over for me at 15:13 PST. Getting 38% packet loss here: so-3-3-0.edge1.SanJose1.Level3.net They are still blocking my ICMPs through their net. RGDS GARY - --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.3 (GNU/Linux) iD8DBQFAOolW8KZibdeR3qURAr4/AJ93TS38O4lWIyiEeKeYbuvsFY1glwCg2uCo WkTnWVGdP2Cu8JGPDSomwBA= =LPgS -END PGP SIGNATURE-
RE: Anycast and windows servers
Depending on the service being provided, Microsoft has their own clustering solution which will perform failover. Sometimes choosing full vendor supported technologies is the easiest path. With Windows 2003 Server they even support geographically disperses failover. Info at: http://www.microsoft.com/windows2000/technologies/clustering/default.asp Gary -Original Message- From: Daniel Senie [mailto:[EMAIL PROTECTED] Sent: Friday, February 20, 2004 6:39 AM To: Sean Donelan Cc: [EMAIL PROTECTED] Subject: Re: Anycast and windows servers At 05:43 AM 2/20/2004, you wrote: On Thu, 19 Feb 2004, Patrick W.Gilmore wrote: Honestly, I do not know about OSPF (or BGP) on Windows, however, you can just static route to the Windows box(es). Sure, if the OS hangs, the interface will stay up and the static route will still push bits at the dead box, but it will work (FSVO work). Besides, how often does Windows crash? snicker Hence the reason why I want the route to cease being advertised if the box fails. Connect the server(s) to APC MasterSwitch or equivalent hardware. Monitor the server box(es) for responsiveness. If/when it fails, the monitoring station can instruct the MasterSwitch to reboot (power cycle, really) the box. Stuff is pretty inexpensive (certainly less so than load balancers). I'm trying to avoid putting yet another server load balancer box in front of the windows box to withdraw the route so a different working box will be closest. It may be an oxymoron, but I'm trying to make the windows service (if not a particular windows box) as reliable as possible without introducing more boxes than necessary. My initial thought last night was in fact the use of load balancers. But then you need to think about redundant load balancers and so on.
RE: Increase in traffic to/from DSL subs since August?
Improperly patched machines infected with Nachi (aka Welchia) have been noted transmitting in excess of 500,000 ICMP echo requests via Class B alphabet lookups per hour. The one characteristic of Nachi that simplifies the identification of the infected machines is the fact that each of these echo requests are 92 byte pings. Any monitoring tools or packet sniffers configured to look for these 92 byte pings will greatly simplify the identification of the specific source addresses. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Suresh Ramasubramanian Sent: Thursday, November 20, 2003 9:27 PM Cc: [EMAIL PROTECTED] Subject: Re: Increase in traffic to/from DSL subs since August? Steven M. Bellovin writes on 11/20/2003 4:28 PM: At the IETF Plenary, Bernard Aboba showed a graph of spam, with a marked uptick since SoBig.F in August. My guess is worm-deposited spam relays, though Joel's guess of Nachi or Welchia can't be ruled out, either, without flow data. A ballpark estimate from a couple of friends who run small cable ISPs in India, and from a look at our mailserver log stats, says that yes, this is mostly because of open proxies and trojans infecting unpatched windows machines on broadband. Swen, MiMail and Jeem.mail.pv seem to be the worst offenders wrt spamming trojans, right now. Nachi and Welchia are almost as bad. I'd say blame can be split equally between the two. -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
RE: [arin-announce] IPv4 Address Space (fwd)
Christian: And I bet then still somebody will build an IPv6 NAT box for some bizarro reason. ftp://ftp.rfc-editor.org/in-notes/rfc2766.txt Gary Blankenship Foundry Networks (Japan)
RE: new openssh issue
According to Cisco at: http://www.cisco.com/warp/public/707/cisco-sa-20030917-openssh.shtml. this impacts CatOS, their storage router line, their HSE line, and their WLSE lines, and is not an IOS issue. Details on the web page. No fixed versions of software are available yet. Gary -Original Message- From: Avleen Vig [mailto:[EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 10:27 AM To: [EMAIL PROTECTED] Cc: Richard A Steenbergen; William Allen Simpson; [EMAIL PROTECTED] Subject: Re: new openssh issue On Tue, Sep 16, 2003 at 03:50:04PM -0400, [EMAIL PROTECTED] wrote: A posting to full-disclosure quotes Theo as saying HP and Cisco are affected, and I don't see any reason that Juniper would *NOT* be, given the common code base of the OpenSSH implementations. I'm not going to say the routers are vulnerable, but I *would* say that ACLs blocking port 22 to the router might be a good idea. Isn't this a common practice anyway? Has been anywhere sensible I've seen :-)
RE: Fun new policy at AOL
Yo All! On Thu, 28 Aug 2003, Michel Py wrote: Indeed, there are. I have numerous small customers that have either a single static IP or a /29 block from {Pacific Bell | your ISP} and that occasionally are blocked because either the block is marked as residential or the reverse lookup contains the string dsl. Maybe if PacBell (and others) actually disciplined their more out of control DSL customers then other ISPs would not feel the need to do it for them. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: relays.osirusoft.com
Yo Richard! returning 127.0.0.2 for everything would be an ugly way to bow out. I am just seeing timeouts for XXX.relays.osirusoft.com now. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 On Tue, 26 Aug 2003, Richard Welty wrote: relays.osirusoft.com is down, it's history, stop using it. it is currently returning 127.0.0.2 for everything, so if you're using it, you won't receive this, but at least those who don't use it will know what to say when the issue comes up.
RE: Sobig.f surprise attack today
http://xforce.iss.net/xforce/alerts/id/151 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Randy Neals (ORION) Sent: Friday, August 22, 2003 2:54 PM To: 'Omachonu Ogali'; 'Todd Mitchell - lists' Cc: [EMAIL PROTECTED] Subject: RE: Sobig.f surprise attack today Where does one get hold of The List to know if your on it. I've read many of the briefing/press releases put out by the anti-virus companies but they all seem to be witholding the list of master servers. -R -Original Message- Behalf Of Omachonu Ogali Sent: August 22, 2003 2:46 PM If you're responsible for any of the IPs on the list, better permanently remove them from your DHCP pools, IP assignments, dial-up pools, or anything else that assigns IP addresses, because these will be filtered and forgotten for the next 200 years.
Re: Email virus protection
Yo Jack! On Wed, 20 Aug 2003, Jack Bates wrote: The best method for protection of your network (by limiting exposure of your users to viruses) is to strip executable files. We replace the files with a small text file mentioning the filename and a brief description of why we stripped it and who to contact if they need the file. I love guys like you. All my customers once had (still have) admins that filtered and cleaned their email for them. Also added firewalls for their protection. Now they are my customers because they do not want your protections. What you are doing is certainly proper in some cases. I would hope BofA learned that lesson after the last worm attack that killed their ATM network. That also means a lot of bank employees need to also have an ISP account from me to do things they can not do with their email on the job. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: Navy Marine Corps Internet hit
Yo Scott! They better start blocking port 25 too. That has been the big problem today... RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 On Tue, 19 Aug 2003, Scott Weeks wrote: Obviously they didn't filter 135, 137-139, 445, and inbound, so I doubt we can hope that they were blocking it outbound to keep their machines from infecting other networks... scott On Tue, 19 Aug 2003, Sean Donelan wrote: : : : The new EDS managed Navy Marine Corps Intranet with 100,000 users has : become so congested by worm traffic it can not be used for useful work : today. : : http://www.nwfusion.com/news/2003/0819navy.html
AOL Mail Blocking
Anyone notice any issues that began today regarding AOL blocking mail servers? Gary Attard Director Network Operations Center Invision.com Inc. http://www.invision.net Phone: (631) 543-1000 x306 Fax: (631) 864-8896 E-Mail: [EMAIL PROTECTED]
RE: Postini's network.
There is currently an AT T OC192 down from St Louis to San Francisco (Big Pipe: OC-192=9.952 Gbps) -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Drew WeaverSent: Wednesday, July 16, 2003 4:29 PMTo: '[EMAIL PROTECTED]'Subject: Postini's network. Is anyone else having trouble reaching postini? Tracing route to coax.net.coax.mail1.psmtp.com [12.158.34.245] over a maximum of 30 hops: 1 1 ms 1 ms 1 ms gateway.cmh.ee.net [209.190.0.1] 2 1 ms 1 ms 1 ms letmeout.thenap.com [206.222.25.1] 3 1 ms 1 ms 1 ms 209.51.192.18 4 2 ms 2 ms 2 ms 66-162-176-5.gen.twtelecom.net [66.162.176.5] 5 1 ms 2 ms 2 ms dist-02-ge-3-2-0-0.clmb.twtelecom.net [66.192.24 1.213] 6 17 ms 18 ms 16 ms core-02-so-1-3-0-0.nycl.twtelecom.net [66.192.24 1.1] 7 17 ms 17 ms 18 ms 66.192.240.38 8 17 ms 17 ms 17 ms 66.192.252.246 9 18 ms 18 ms 18 ms tbr1-p011601.n54ny.ip.att.net [12.123.1.122] 10 57 ms 58 ms 58 ms tbr1-p013801.cgcil.ip.att.net [12.122.10.50] 11 * I was delivering mail to them fine until 2:35pm. Thanks, -Drew
RE: Postini's network.
AT T Master Trouble Ticket is 1537072 -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Jerry B. Altzman Sent: Wednesday, July 16, 2003 4:52 PM To: Darren Bolding Cc: 'Drew Weaver'; [EMAIL PROTECTED] Subject: Re: Postini's network. Darren Bolding wrote: There appears to have been some difficulty inside ATT's network the last few minutes. It appears to have been resolved. I don't have a master-ticket number or such yet. Try 201975 --D //jbaltz -- jerry b. altzman[EMAIL PROTECTED]+1 646 230 8750 Thank you for contributing to the heat death of the universe.
RE: National Do Not Call Registry has opened
Yo Sameer! On Fri, 27 Jun 2003, Sameer R. Manek wrote: Dealing with the bounces would be a nightmare, they've already got their handsful with the webservers and the outbound mail boxes. If you can not run a mail server/mail list properly, then you should not do so. Sounds like donotcall.gov has no knowledge of RFCs or BCPs and should not be doing this. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: Looking for advice on datacenter electrical/generator
Yo Dan! On Wed, 2 Apr 2003, Dan Lockwood wrote: He also is strongly opposed to us purchasing a natural gas generator which seemed like a shoe-in for us. I know of several cases where the San Jose fire marshall turned off natural gas as a precaution. You may wish to discuss with your local fire marshall under what conditions they will turn off the gas. Some places require auto-shutoff valves for NG as an earthquake precaution. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: anti-spam vs network abuse
Yo Paul! On Fri, 28 Feb 2003, Paul Vixie wrote: However, they scanned every address in every netblock I own, looking for SMTP servers. That was abuse, that was illegal in California, Could you please provide a citation from the CA law for this? Better yet, do you have any case law? RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: [Re: M$SQL cleanup incentives]
Yo Joshua! On Thu, 20 Feb 2003, Joshua Smith wrote: i still get 8K plus hits against my acls per day for udp/1434...(75 in the time it took to write this email) You are probably doing as much damage as good. udp/1434 is not a reserved port. A lot of what you are blocking is legit traffic that picked a random port to use for an ad-hoc use. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: New worm / port 1434?
Duplicated info.. But this is an old worm ;-( http://www.cert.org/advisories/CA-1996-01.html Pete Ashdown wrote: * Avleen Vig ([EMAIL PROTECTED]) [030124 23:50] writeth: It seems we have a new worm hitting Microsoft SQL server servers on port 1434. Affirmative. Be sure to block 1434 UDP on both the inbound and the outbound. Infected servers are VERY NOISY. -- Message scanned for viruses and dangerous content by http://www.newnet.co.uk/av/ and believed to be clean
Re: Level3 routing issues?
Appears to relate to this cert advisory http://www.cert.org/advisories/CA-1996-01.html We have it totally blocked on our network but the routers are working over time just rejecting packets. The only way to stop it is to stop MySQL or kill the hosts network connection. [EMAIL PROTECTED] wrote: It is global. 01:42:04.040462 194.87.13.21.1812 x.x.x.x.1434: rad-account-req 376 [id 1] Attr[ User User User User User User User User User User User User User User User User User User User User User User User User User User User User User User User User User [|radius] That is the traffic... On Sat, 25 Jan 2003, hc wrote: I am on Verizon-GNI via Qwest and Genuity and seeing the same problem as well. -hc Joel Perez wrote: I am also seeing increased traffic on my network. It has gotten so bad for one of my edge routers that i cant telnet into it. But i am on Qwest and GBLX. -Original Message- From: Alex Rubenstein [mailto:[EMAIL PROTECTED]] Sent: Sat 1/25/2003 1:04 AM To: hc Cc: [EMAIL PROTECTED] Subject: Re: Level3 routing issues? I dunno about that. But, I am seeing, in the last couple hours, all kinds of new traffic. like, customers who never get attacked or anything, all of a sudden: http://mrtg.nac.net/switch9.oct.nac.net/3865/switch9.oct.nac.net-3865.html We are seeing this on ports all across out network -- nearly 1/2 our ports are in delta alarm right now. Anyone else? I will dig more to look at the traffic. On Sat, 25 Jan 2003, hc wrote: Anyone seeing routing problems with Level3 at this hour? I just witnessed tons of prefixes behind level3's network withdraw. Any information on what is happening (if you know) would be great. Thanks! -hc -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net -- -- Message scanned for viruses and dangerous content by http://www.newnet.co.uk/av/ and believed to be clean
Re: number of hops != performance
In a commercial sense hops are seen as bad, points of failure(?) or 'distance from the middle of the internet'?. Who knows Traceroutes aren't great at seeing whats REALLY going on. I suspect if everyone removed all their 'hop hiding' technology traceroutes would be at least 60% longer, the latency would remain the same. Commercial sense doesn't have to make sense... If its what your competitors use to sell service, Hide your hops ;-) G Mikael Abrahamsson wrote: We have competitors that are claiming that their network is superior to ours (salesdroids to customers) because they have fewer L3 hops in their network. I see this fact pop up in customer questions all the time. I can see that L3 hops adds latency if a network is built on slow (2meg for instance) links, but at gigabit speeds, L3 hops adds microseconds in latency (if you use equipment that forward using hardware-assisted forwarding, but as far as I know there are no routers out there nowadays that doesnt). Does anyone have a nice reference I can point to to once and for all state that just because a customer has 6-8 L3 hops within our network (all at gigabit speeds or higher) that doesnt automatically mean they are getting bad performance or higher latency. Hiding the L3 hops in a MPLS core (or other L2 switching) doesnt mean customers are getting better performance since equipment today forwards just as quickly on L3 as on L2. -- Message scanned for viruses and dangerous content by http://www.newnet.co.uk/av/ and believed to be clean
RE: IPv4 country of origin
Yo Alex! On Thu, 3 Oct 2002 [EMAIL PROTECTED] wrote: Is there a more accurate method to determine the country of origin for an IP than the methods I've described above? Yes, at least three companies have databases of pretty much all /24s and above mapped up to a zip code. These DBs are a joke. I have /19's that are SWIPed to the billing office but used in remote POPs. No-one is ever gonna figure out where they really are. Except for the IPs I set RFC1712 LOC records on. I see load-balancing by geo-code do way more harm than good. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: IPv4 country of origin
Yo Bradley! On Thu, 3 Oct 2002, Bradley Dunn wrote: I would be REALLY interested to know how you measure mileage with IP. Latency triangulation. Oh really? So you can figure out how plugged the pipe is, how backed up the router is, and then measure the speed of light? Triangulate this: 204.245.220.1 RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: Traffic Threshold monitoring?
Yo Rob! On Sun, 25 Aug 2002, Rob Mitzel wrote: So my question is...what's out there that will allow us to check thresholds on traffic, and notify us if needed? I use Nagios: http://www.nagios.org. It used to be called Netsaint. If it does not do exactly what you want then you can easily right a plug-in to do it. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: IETF SMTP Working Group Proposal at smtpng.org
Yo Avleen! On Wed, 21 Aug 2002, batz wrote: Spam is very much a security problem. Spam would not exist if both MUA's and MTA's had adequate policy enforcement features on them, so that users could set granular controls on what was allowed into their mailboxes. Nice try, but not close enough. Spam is a LEGAL problem. There are many cases where spammers negotiated a service contract with out anti-spamming clauses. Then when the ISP figures out they have a bulk spammer for a custmoer they can not shut down the spammer because the spammer gets a court order to enforce the service agreement. Same goes on the other side. Many BLs have been sued, AND LOST, for putting spammers on their BLs. Put those two together and no technical solution will fix the problem. If legislatures say Pi is equal to 3 then there is not much we can do to fix it except fight the legislature. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
RE: IETF SMTP Working Group Proposal at smtpng.org
Yo Robert! How about moving this discussion to a more appropriate list? Nanog is not the place to discuss spam and we are re-inventing the wheel, badly, on nanog. Half the spam I get is from throw away AOL, netzero, earthlink, etc. accounts. Spend $10 for a new ISP account, sent 10,000 emails with MY return address which is valid and on whitelists. Do it on a long weekend and get 30k out before you get stopped. If the spammers can not run their own name servers then they will just use someone elses. Last I checked there where over 6,000 ISPs in the country. Cancel them one place and they just go to another. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 On Wed, 21 Aug 2002, Robert Blayzor wrote: Treat them sort of like SSL certs now. Charge an annual registrar fee per company, not per server. (Something like $100 a year) The more they have to go out of their way to get their spam server online, the more they would be deterred to do so. They're only going to want to change so many ISP's, go through SWIP and then change their legal name for the registrar so many times.
RE: IETF SMTP Working Group Proposal at smtpng.org
Yo Robert! On Wed, 21 Aug 2002, Robert Blayzor wrote: But mail servers need static IP's, and network operators must know about those customers that need static addresses and if there is a mail server on the end of it. Uh, no. I have seen spammers use dynamic DNS to use throw away dial-ups accounts for incoming main service. How about moving this to an approriate forum where people really know spam and mail? Nanog is for moving packets. Nanog does not usually care what is in the packet unless it is a routing protocol. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
RE: IETF SMTP Working Group Proposal at smtpng.org
Yo Robert! On Wed, 21 Aug 2002, Robert Blayzor wrote: Uh, no. I have seen spammers use dynamic DNS to use throw away dial-ups accounts for incoming main service. Right, but to run a real mail server you need a static address. Which can be registered as a valid mail server. Dynamic IP's cannot. Read what I wrote again. Do not say it is not possible, I see it every day. These people, and others will be happy to help you set it up: http://www.no-ip.com Do you own a domain name? Run your own web, mail, ftp, or any server connected your cable, dsl, or dialup connection using your personal domain name. Do some googling before posting nonsense... Doesn't mention anything about Nanog is for moving packets. An anti-spam/security discussion seems perfectly acceptable to me. From the proposed nanog FAQ: Off-Topic Questions 1. Spam 2. Local DNS [...] So take this topic to somewhere it belongs. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: PSINet/Cogent Latency
Yo Alexander! On Tue, 23 Jul 2002, Alexander Koch wrote: imagine some four routers dying or not answering queries, you will see the poll script give you timeout after timeout after timeout and with some 50 to 100 routers and the respective interfaces you see mrtg choke badly, losing data. Yep. Anything gets behind and it all gets behind. That is why we run multiple copies of MRTG. That way polling for one set of hosts does not have to wait for another set. If one set is timing out the other just keeps on as usual. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: CA Power
Yo Martin! If there is plenty of power in CA then howcum there was a stage 2 alert yesterday and a market alert today? Today's projected demand equaled available resources today If demand played out as expected there would have been big trouble in CA today. On Thu, 11 Jul 2002, Martin Hannigan wrote: Depressed economy==collapsed corrupt energy traders==power availability liars== plenty of power in CA. RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
RE: How do I log on while in flight?
Yo Scott! Several services will do what you want. They are ALL expensive. One of them is Orbcomm: http://www.orbcomm.com They have several FAA TSOed (a.k.a. certified) redios for aircraft usage. With Orbcomm you can send and receive email, weather fax, etc. Echo Flight is one reseller of Orbcomm service to small airplanes: http://www.echoflight.com There service is $10/month plus $1/email The FAA is currently funding several competing data-link projects. The idea is to force vendors to give away basic services to all airplanes and be allowed to charge for premium services like email. Details at: http://www.avweb.com/oshkosh/osh99/day5/fis/index.html Icarus has their SatTalk II phone. It allows cell phone like connections while inflight. See them at: http://www.icarusinstruments.com/ But is this really on topic for nanog? I was not going to post until I started seeing some bad answers... RGDS GARY Commercial, Instrument, SEL, N6157R --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 -Original Message- I was wondering if any of y'all could give me pointers to services I could use to log into a network during flight on a private airplane. For example a person is in flight cross-country and needs to do a videoconference, send email from his network to interested parties, or any of the normal things we do from the ground. Is this possible or would it interfere with the plane's other systems? scott
RE: How do I log on while in flight?
Yo Scott! On Thu, 27 Jun 2002, Scott Weeks wrote: Also, that the cellular network could crash if cell phones are used at altitude seems like a big security hole to me. Boeing has repeatedly stated that it is not stupid enough to make airplanes that will fail because someone in the back has an electronic device on. Ossama would love that if it were so. It is the FCC, or the individual airline that bans electronic devices, not the FAA. The FCC bans most (not all!) cell phone in flight because cell phones are line of sight. So on in-flight cell phone ties up a LOT of cell towers on the ground. Air ambulances routinely ignore this rule and I am sure a lot of people are alive today because they do. One of the airborne certified vendors of airborne cellular is AirCell: http://www.aircell.com Garmin sells the NavTalk Pilot which is a combination GPS, ground cell phone and airborne cell phone: http://www.garmin.com/products/navTalkPilot/ GTE Airfone is a ground based phone TSOed (a.k.a. certified) for in flight use in small airplanes. They are at: http://www.airfone.com Being ground based it does not have the latency problems of Sat Phones. The bad part is in only works when you are in the air. The airline bans electronic devices just to shut up the little old ladies. My favorite is please turn off you PDA for takeoff. Huh? All the On/Off sitch on the PDA does is turn off the screen... RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
Re: KPNQwest ns.eu.net server.
Yo John! On Fri, 7 Jun 2002, John Payne wrote: Don't even get me started on typos in the delegation records at the TLD servers (entered by the registrants at least) there are currently 112 domains in .com alone with at least one incorrect NS record pointing at my nameservers. There is an easy tool I use to fix that. Just put up a zone file for them on your NS that points their www to www.playboy.com. This gets action fast! RGDS GARY --- Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
RE: The market must be coming back
Chance: that want 4 X 10 GbE on each module (8 slot chassis). I expect this will be a perfect 40G throughput since I've never seen us do anything less than perfect (been working here since August). Oh phuleeese Stop drinking your own Kool-Aid(tm). To honestly suggest that Foundry, or any other vendor for that matter, never does 'anything less than perfect' is nothing less than idiotic. If Foundry does things so 'perfect' why do they have a TAC? Why do they have bugs? Why do they even need to release new software ever again? Obviously what is out now will solve every possible issue - its 'perfect' right? The only possible answer according to your logic, is to support customers who are 'doing it wrong' and need to be educated. Topic is performance. Not sugary beverages. Sorry for not making that clear. Let me reword. My bad: perfect performance on 10GbE. I believe I also mentioned our 8G per slot throughput limitation not to mislead people to think we do 10GbE non-blocking. Same limitation as the Cat6500 once it gets up to speed. Go find the nice black shirts that were passed out at Foundry's last Kool-Aid fest. You are in obvious need of one. This is NOT the place to post vendor FUD. All you are doing is making Foundry look bad, and making yourself look even worse. Didn't you pass out those shirts? Everything I posted concerning performance of 10GbE I saw for myself. All other information was publicly available and concerns operators interested in 10GbE. Many of them are unaware of their options and I wanted to bring Foundry to light. Reading NANOG you would think that the only way to spot Nimda would be NBAR and the only MPLS is Juniper. The post I replied to is a person considering 10GbE in a 6500. I've seen the performance on this at a customer site with SmartBits. The channel became a Foundry reseller because of this specific issue. Now the same configuration comes up on NANOG and I wanted the person thinking about the 6500/10GbE solution to be aware of what I saw. Perhaps the performance is faster than 4G today (My info is a month old). If I were to leave Foundry today (to make them look better) and work for another company (McDonalds?), I would have sent the same post (would you like fries with that?). You can't forget what you see. I have tested our 10GbE personally. Gary
RE: Cisco 7200 VXR with NPE-400 (was RE: The market must be coming back)
Richard: And if^H^Hwhen you run into a really fun issue, don't even think about calling Foundry TAC after hours, all you'll get is someone's house with their screaming kids in the background. Our TAC is 24/7 and has been 24/7 for years. I work in the Support Center for Japan. We have not gone 24/7 yet, but it is under investigation. Sitting 2 feet from me is a gentleman who has been working with Foundry products since '97. He has called almost every day since then and not once has had the problem you described. I did not mention to him why I was asking these questions and he is honest. Did you call the wrong number? This looks a bit personal... Gary
RE: The market must be coming back
Chris: I've been thinking about leasing some dark fiber and running one of the new 10gigE blades for the Cat 6500 chassis. Be careful here. Last I tested (at one of our channels that also resells Cisco) is that the 10GbE on the Catalyst 6500 hasn't broken 4G throughput yet. Sort of like buying a GbE interface for a 7200 (It only get's 10% throughput... Why waste the money, just buy FE!). The GSR is up to about 8G throughput nowadays from what I've seen. Foundry Networks (my company) can get a perfect clean 8G throughput on all of our chassis with management modules M2 or above (we don't support 10GbE on the legacy M1). Our NG chassis will be available later in the year for those folks that want 4 X 10 GbE on each module (8 slot chassis). I expect this will be a perfect 40G throughput since I've never seen us do anything less than perfect (been working here since August). Additionally, you would be the first customer I've heard about doing standards based 10GbE on a Catalyst. (feel free to chime in if you're doing this... Can I bring my SmartBits 600 to your site to test throughput?). Good luck! Foundry has a few references: Deployed: http://www.foundrynet.com/about/newsevents/releases/pr4_3_02.html http://www.foundrynet.com/about/newsevents/releases/pr4_2_02.html http://www.foundrynet.com/about/newsevents/releases/pr2_11_02.html Many others that we don't press release. We've got these blades running in production networks here in Japan that I'm not allowed to talk about. Also many other places. Deploying: http://www.foundrynet.com/about/newsevents/releases/pr5_8_02.html Performance: http://www.spirentcom.com/news/press.cfm?id=87 Throw in the Cisco Flamethrower GBIC and I should be good for 50 miles. Has anyone tried this? Foundry Network's Long Haul (LHB: 150 km, LHA: 70 km) Ethernet optics exceed Cisco's on GbE (ZX: 100 km). I'm sure we exceed them on the ER LAN PHY for 10GbE. We've only tested to 85 kilometers (ER). 802.3ae standard is 40 km: http://biz.yahoo.com/prnews/020508/nyw068_1.html Cisco's website says they can do the 802.3ae standard 40 km on the 1550 nm blade. I'm not sure if the optics are changeable either: http://www.cisco.com/warp/public/cc/pd/ifaa/6500ggml/ I doubt if there is a GBIC for 10GbE available. We use the same blade with changeable optics; however, I would not call the SR (300 meters), LR (10 km), and ER LAN PHY optics GBIC's... Moral of this story is that BEFORE you buy these blades from Cisco (or anybody), test them! If you don't have 10GbE SmartBits or IXIA, you can use 1GbE interfaces and wrap them around until you get 8G (no need to produced anything higher 'cause the Cat 6500 has an 8G throughput limitation). Don't test latency with this method :-). I don't believe the marketing from any company, not even my own. I test, then tell. I've personally never seen a packet drop at a steady 8G rate for up to 72 hours; however, one of our customers evaluating the 10GbE blades reported 2 64 byte packet's were dropped in a 12 hour line rate test. I suspect they had bad fiber. Gary Blankenship Systems Engineer Foundry Networks
RE: Quick Question on Industry Standard
y and emulate as best we can? Do I have the value incorrect? Is it higher or lower? Set your own standard. I doubt if you'll find the right answer on NANOG.If you want my generic answer. I'd say you want 99.999% availability from all network endpoints to network endpoints during times of network utilization. I doubt if you'll hear many complaints from users/customers at this level. Please be careful when jumping this high. You could pull a muscle (take away from another key requirement such as Cost, Manageability, Security, Reliability, et al..). Gary Blankenship Systems Engineer - Japan
Wanted: Liebert AC Unit
I realize this is not necessarily the most appropriate forum to search for a used five(5) or ten(10) ton Liebert AC Unit but it may be the most effective. I am looking for a used 5 and 10 ton unit for raised floor Data Center - anyone know of any recently closed Data Centers looking to liquidate? Gary Attard-Director of Technical Support Invision.com Inc. http://www.invision.com Phone: (631) 543-1000 x306 Fax: (631) 964-8896 E-Mail: [EMAIL PROTECTED]