Re: Looking for Verizon-GNI network engineer
It has been my experience that data center engineers doing NOC support at Verizon do speak to paying customers about routing issues for premium data center services. -Henry - Original Message From: K. Scott Bethke [EMAIL PROTECTED] To: nanog@merit.edu Sent: Thursday, February 14, 2008 6:49:13 PM Subject: Looking for Verizon-GNI network engineer Sorry if this is off-topic frustration has set in. I've got what looks like a routing loop or a wedge in your network and I cant get past tier2 saying it is an internet problem. I asked to speak with an engineer directly was told Verizon engineers don't talk directly with customers. Issue going on for 4 days. $ traceroute www.tickerforum.org traceroute to www.tickerforum.org (70.169.168.7), 64 hops max, 40 byte packets 1 10.254.123.1 (10.254.123.1) 3.219 ms 1.085 ms 0.915 ms 2 L301.VFTTP-02.CLPPVA.verizon-gni.net (71.171.93.1) 6.329 ms 6.281 ms 5.036 ms 3 P2-3.LCR-02.CLPPVA.verizon-gni.net (130.81.37.194) 4.885 ms 4.091 ms 6.490 ms 4 so-7-0-0-0.PEER-RTR1.ASH.verizon-gni.net (130.81.10.94) 4.731 ms 8.248 ms 5.167 ms 5 130.81.15.238 (130.81.15.238) 5.926 ms 130.81.15.190 (130.81.15.190) 6.586 ms 9.158 ms 6 * * * 7 * * * 8 * $ traceroute www.google.com traceroute: Warning: www.google.com has multiple addresses; using 64.233.169.104 traceroute to www.l.google.com (64.233.169.104), 64 hops max, 40 byte packets 1 10.254.123.1 (10.254.123.1) 1.774 ms 1.117 ms 0.909 ms 2 L301.VFTTP-02.CLPPVA.verizon-gni.net (71.171.93.1) 5.820 ms 4.029 ms 4.861 ms 3 P2-3.LCR-01.CLPPVA.verizon-gni.net (130.81.37.192) 8.036 ms 6.346 ms 7.671 ms 4 so-6-3-1-0.BB-RTR2.RES.verizon-gni.net (130.81.29.82) 6.524 ms 8.161 ms 8.408 ms 5 * * * 6 * * * Ticket # is VAD01QVDW -Scott
Re: Network Notifcation - SMS via Verizon
I found this product of particular interest... http://www.scomobile.com/hipcheck/ -Henry - Original Message From: Bowman, Jonathan [EMAIL PROTECTED] To: nanog@merit.edu Sent: Tuesday, February 12, 2008 10:24:55 AM Subject: RE: Network Notifcation - SMS via Verizon I've used 10 digit number@vtext.com with my Verizon phone for several years now without any issues or dropped SMS messages. Obviously that's an in-band solution, but it's simple to implement and fairly (in my experience) reliable. -Jonathan -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gregory Boehnlein Sent: Friday, February 08, 2008 7:03 PM To: nanog@merit.edu Subject: Network Notifcation - SMS via Verizon Hello, We have been discussing adding a wireless SMS based option to our TAP and SMTP delivery systems. We are running Nagios. In looking at the list archives, I found the following thread: http://www.irbs.net/internet/nanog/0408/0039.html Lots of great suggestions.. In looking at the options, it seems that Gnokii seems to be a well used solution to integrate a GSM or GPRS based phone/modem for text messaging. However, I am trying to determine if anyone is doing this with Verizon right now. Our existing Cell contract is w/ Verizon and so we want to avoid the potential of lost SMS messages in hopping from say T-mobile or Cingular to Verizon. So.. anyone doing SMS notification to Verizon w/ a wireless GSM/GPRS or Cell Phone solution? If so, you want to share how you are doing it? Thanks in advance..
Re: European ISP enables IPv6 for all?
I was able to reach the japanse link which provided me with http://www.ipv6.org/howtos.html and http://www.wide.ad.jp/ -Henry - Original Message From: Steven Haigh [EMAIL PROTECTED] To: Jeroen Massar [EMAIL PROTECTED] Cc: Vassili Tchersky [EMAIL PROTECTED]; Alain Durand [EMAIL PROTECTED]; nanog@merit.edu Sent: Tuesday, December 18, 2007 1:39:01 AM Subject: Re: European ISP enables IPv6 for all? On Tue, Dec 18, 2007 at 10:09:16AM +0100, Jeroen Massar wrote: Vassili Tchersky wrote: [..] XS4All (Netherlands) is providing the same service if I correctly remember. They used to have a product called PowerDSL, which did IPv6 over PPPv6, but apparently due to changes in the infra they had to drop this. XS4all does still, since about 2001 or so, provide a tunnelbroker to their own users. Every user can simply go to the service.xs4all.nl site, and view/modify their tunnel + subnet configuration there. Only static tunnels are supported though (at least this is afaik). It's kind of interesting that from 2001ish to current day and there is still only a handful of service providers worldwide that seem to offer *any* kind of support for IPv6. After all the propaganda, is there actually any other major deployments in the IPv6 space? From the ipv6.org web site, I see Most of today's internet uses IPv4, which is now nearly twenty years old. - read as it works well! IPv4 has been remarkably resilient in spite of its age, but it is beginning to have problems. - Really? Every network I know using IPv4 still works as designed. Most importantly, there is a growing shortage of IPv4 addresses, which are needed by all new machines added to the Internet. - I'm sure there's a lot more ways around this - and I'm sure the NANOG archives have a lot of thought food there. It also adds many improvements to IPv4 in areas such as routing and network autoconfiguration. - I would really love to know what these are that DHCP etc doesn't already do. I tried to check out the FAQ at http://faq.v6.wide.ad.jp/ but it wasn't reachable - maybe it needs IPv6 connectivity? As for routing 'improvements', doesn't more address space just give us more routes to handle? IPv6 is expected to gradually replace IPv4, with the two coexisting for a number of years during a transition period. - so this 'transition period' has been, what, 7 years so far? I'm still predicting that it'll be at least another 10 years before IPv6 amounts to much... On a side note, does anyone currently have issues getting new address space where it's operationally required? I don't know anyone first hand who has yet to come across this issue... -- Steven Haigh Email: [EMAIL PROTECTED] Web: http://www.crc.id.au Phone: (03) 9001 6090 - 0412 935 897 C:\WINDOWS C:\WINDOWS\GO C:\PC\CRAWL
Re: Is it my imagination or are countless operations impacted today with mysql meltdowns
I think you are just a rude person and I have been on this list since about 1995 and there is a real problem with the lastest cpanel upgrade with mysql and it took out 1 of my server configurations, that we host peoples businesses on and I wanted to see how many other isp's were affected and what their solutions were in resolving the problem. That to me is operational impact, since it affects customers on multiple networks. -Henry - Original Message From: Jeb Bush [EMAIL PROTECTED] To: nanog@merit.edu Sent: Sunday, August 27, 2006 6:34:17 AM Subject: Re: Is it my imagination or are countless operations impacted today with mysql meltdowns On 8/27/06, Larry grunt Brower [EMAIL PROTECTED] wrote: Fergie: I happen to like the articles. I usualy dont have time to look for them myself every day. Gadi: The botnet reports can be usefull Botnet's is a very specific subject and Nanog hasn't got the time or resources to fill it. If we say yes to all Botnet subject and discussion the Nanog list would serve no other purpose and non Botnet discussion wouldn't get a look in. There should be a Botnet dedicated list to deal with Botnet issues. As for Fergie no, he was also told to get off the list for posting news articles. There is no excuse for posting news articles, we all have access to the same resources off list as he has in respect of news web sites and RSS feeds, so it really serves no purpose to turn Nanog into a wash of web links to news articles. Can we just have people posting information to Nanog that cannot be obtained elsewhere, which justifies a reason for posting. -Jeb
Is it my imagination or are countless operations impacted today with mysql meltdowns
Every where I go that uses MySql is hozed and I can not access the pages -Henry
Eurid suspends more than 74,000 .eu domain names
I think this operationally impact some people http://www.computerworld.com/action/article.do?command=viewArticleBasicarticleId=9001972 -Henry
Re: NANOG Spam?
I still comment here periodically when it is prudent to do so, I set this email account specifically for Nanog, anticipating spam -Henry sage From: Dominic J. Eidson [EMAIL PROTECTED] To: nanog@merit.edu Sent: Thursday, July 6, 2006 8:14:58 AM Subject: Re: NANOG Spam? On Thu, 6 Jul 2006, Sabri Berisha wrote: On Wed, Jul 05, 2006 at 05:20:04PM -0400, Jim Popovitch wrote: Hi, Finally, we crawled the archives of the big lists and have come up with a list of subscribers who haven't posted in over 9 months, we plan to set the mod bit on them too very soon. So people who are 'real' but lurk a loti should reply to this message so they don't get moderated :) The question would be - if you're hit by the moderation bit, and post a message that makes it past whatever moderator's criteria.. Do you then lose the moderation bit, since you how have posted within the last 9 months, and thusly have (unmoderated) access? Or maybe this is just an exercise in let's-fly-by-the-seat-of-our-pants... - d. -- Dominic J. Eidson Baruk Khazad! Khazad ai-menu! - Gimli --- http://www.the-infinite.org/
Re: DNS Based Load Balancers
There is a new player on the block that I see more and more http://www.infoblox.com/company/ -Henry - Original Message From: Paul Vixie [EMAIL PROTECTED] To: nanog@merit.edu Sent: Wednesday, July 5, 2006 11:16:39 AM Subject: Re: DNS Based Load Balancers As someone who has also deployed GSLB's with hardware applicances I would also like to know real world problems and issues people are running into today on modern GSLB implementations and not theoretical ones, as far as I can tell our GSLB deployment was very straight forward and works flawlessly. since works flawlessly could just mean that you don't have any reported problems with the technology -- no complaints from your users, no bugs logged with your vendor, etc, i have two bracketing questions. first, have you measured the improvement you got -- in terms of min/max/avg/stddev of TTFB/TTLB (time to first byte / last byte) with the appliances turned on vs. turned off? second, have you measured the dns damage your gslb might cause or contribute to, due to things not responding to unhandled QTYPES ( comes to mind) or use of abnormally low DNS TTL? i'm not as much interested in whether a technology causes no problems for its operator as whether its cost:benefit is worthwhile to the internet community. -- Paul Vixie
Re: Black Frog - the botnets keep coming
Personally as a manager I want to know the problem and then the workable solution. I just don't see that many bot nets happening anymore. From my vantage point I do see students writing bot nets more for programming skills than for malicious attacks. With several hundred million people and computers on the inter network, there will always be an aberration, caused by some social or mental or emotional defect. Workable technical solutions, not new laws or rants will make these issues, less of an issue operationally in the long run. -Henry --- Eric White hill [EMAIL PROTECTED] bay.net wrote: Gadi, one of the main issues that people take regarding this is that it seems as though whenever we turn around, you're starting another OMG! THE INTERNUT IS COMING TO AN ENDOMGNO! And you get some people jumping around, and some people get all in a frenzy over whatever the perceived issue is. The rest of us just slap our heads, roll our eyes and go Oh, great, here goes Gadi on another rant... Many people in the internet security world, sorry to say, now have a hard time believing what you are saying, and believing whatever you believe. The credibility is just not there any more. It's slipping away, because there are only so many times someone can cry FIRE! in a crowded theater before people stop believing you. Unfortunetly, that _is_ starting to happen. It really seems as though every time we turn around, you're crying Wolf again, and it's bascially getting old. Sometimes being quiet is not going to win the war. It would behoove you, however, to not cry wolf so often The fact that you believe that I cry wolf, shows just how sad the situation really is. I would say this is more of a sign of what is going on. People are starting to NOT believe you. Perhaps it is you who should change what is being said, and how you are saying it. How long before ecommerce becomes impracticle? :) Far from relevant to NANOG. Or is it? What makes you believe that e-commerce is becoming impractical? Are there that many attacks against those companies? If so, then why has the press not picked it up? The DoS against SixApart hardly made the convential (BBC, CNN, etc) news. DNS beind abused like there is no tomorrow on the operational level (not infrastructure level) and no one (almost) even noticing is obviously not operational. I run my own publically accessable DNS servers, and they aren't being abused. You're making it sound like all DNS servers everywhere are being abused, and that we should all stop using DNS. We are all techs, but the decision if for example, block ports at ISP's to stop worms isn't going to be a tech decision, much like hypocritically, ISP's these days block streaming media or P2P for extra cash. It's a business decision that will eventually save or kill the Internet, and to be honest, I see nothing wrong with it. In other words, it seems as though you are for blocking of traffic, and making the internet just another Government-mandated and Gov't-regulated environment? It seems as though that goes against Postel's ideals. From my perspective, you just want to create big huge firewall, where nothing is allowed, and everything is scrutinized. That's not what the internet is all about. That's not what it was created for. It seems as though we should perhaps no longer call it the Big Firewall of China, but perhaps, the Big Firewall of Gadi. I just am happy there are some people who hold back the tide of the war we already lost, before governments catch up. Even though you are losing credibility amongst your colleagues around the world? This isn't meant to be a personal attack against you Gadi, but a wake up call to not change your tune, but to perhaps start singing a different song...the song that actually gets things done. Stop fighting with network operators, and start working with them. That tends to get things done more quickly, and also does not burn your bridges (and credibility) in the process. I think some of the ideas you have are very good, and others not so good. Either way, you have a good start. Gadi, I'm not saying to stop doing what you are doing, but perhaps to change around how you go about doing what you are doing, and to stop alienating so many of your other colleagues. Instead of working against groups like nsp-sec and NANOG, start working with them. If you can't get vetted, then work towards getting vetted. Work towards repairing the bridges. Quite a bit of what people see is perception, and right now the perception is one of more of a panic monkey, rather than a calm, logical, We should really do this, or else bad stuff like example 1, 2, and 3, can happen, and here's the reasoning behind it. Being calm, logical, and working with other network operators tends to get things
Re: CALEA Watch: ISP's Get to Pick Up the Tab
This is nothing but a back door tax to stick your customers, who will have to pay for them being spied on in the first place, NDA not withstanding -Henry --- Fergie [EMAIL PROTECTED] wrote: Just wanted to bring your attention to an FCC decsion today that will most likely touch your operational lives in a big way. [snip] Broadband providers and Internet phone companies will have to pick up the tab for the cost of building in mandatory wiretap access for police surveillance, federal regulators ruled Wednesday. [snip] More: http://news.com.com/2100-1028_3-6067971.html Now, back to your regularly scheduled programming. Cheers, - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: Google AdSense Crash
Maintenance windows are common on most network service providers, have been for years... -Henry --- Joel Jaeggli [EMAIL PROTECTED] wrote: On Sun, 23 Apr 2006, Peter Dambier wrote: If I understand you correctly then it does not make sense reporting errors here as long as I dont have a clue. Reporting a google outage here will likely have no effect on the ETR. It is entirely likely that other people on the list will not be able to observe the same outage. People with a clue dont know I have a problem. There is no problem as long as I dont report it. It is in your interest and those of other who depend on a given service to track the availablity of that service. Whether or not mail sent to the nanog lists represents a meaningful sample of google adwords customers is left as an exercise for the reader. That saves a lot of bandwidth urgently needed for ranting :) Have a nice weekend. Cheers Peter and Karin -- -- Joel Jaeggli Unix Consulting [EMAIL PROTECTED] GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
Re: Google AdSense Crash
https://www.google.com/adsense/ is up and working on my Silicon Valley end of the network -Henry --- John Palmer (NANOG Acct) [EMAIL PROTECTED] wrote: OK - more: Don't have an answer as to why, but the website comes up with: The Google AdSense website is temporarily unavailable. Please try back later. We apologize for any inconvenience. This is a big deal and it is operational in nature. - Original Message - From: Daniel Golding [EMAIL PROTECTED] To: 'william(at)elan.net' [EMAIL PROTECTED]; 'John Palmer (NANOG Acct)' [EMAIL PROTECTED] Cc: 'nanog' nanog@merit.edu Sent: Saturday, April 22, 2006 3:58 PM Subject: RE: Google AdSense Crash -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of william(at)elan.net On Sat, 22 Apr 2006, John Palmer (NANOG Acct) wrote: Google Adsense has been down for several hours now. This is the interface that partners use to manage their advertising settings. And this is reported on nanog because...? Because this is the Internet's most profitable advertising service and ISP's will get complaints if their customers (esp. business customers) can't reach it, even on the weekend. Outage reports are operational, unlike many threads. More, please. Daniel Golding
RE: Anyone heard of INOC-DBA?
The only reference I see to this, is this non profit research org www.pch.net/inoc-dba/ and a Nanog reference page to the same thing http://www.nanog.org/mtg-0505/upadhaya.html -Henry --- Wayne Gustavus (nanog) [EMAIL PROTECTED] wrote: To chime with my own experiences, the few times I have used the INOC-DBA system for an Inter-provider issue have been quite successful. The results were much faster and much less frustrating that calling through the 'front door' of the provider's NOC. And it is fair to say that the system only gains usefulness with wider implementation among network providers and appropriate deployment of the phones within the organization. Within Verizon, I deployed the phones with our IP-NOC (yes, we have *many* NOCs, but only 1 handles IP issues), with our IP escalation team (TAC), and on my desk (footnote: my desk recently moved and haven't gotten the inoc-dba phone back up on the new net infrastructure). In light of recent purchases by VZ, if none of the above methods work, just call Chris Morrow. Just kidding Chris! :-) - Wayne -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Christopher L. Morrow Sent: Friday, February 03, 2006 4:31 PM To: Richard A Steenbergen Cc: Sean Donelan; nanog@merit.edu Subject: Re: Anyone heard of INOC-DBA? On Fri, 3 Feb 2006, Richard A Steenbergen wrote: And then of course there is that whole using the IP network to contact someone about an IP network issue thing that doesn't seem terribly well thought out... Admittedly I haven't looked at the INOC-DBA stuff in a while, there could have been some massive advancement that I'm not aware of, but I suspect that the situation is still more work needed. Existing phone systems, call centers, and engineers with cellphones, seems to be a much safer bet right now. there is no one solution... to anything except 'life' (solution == death). So, how about looking at it as a tool to use. You might have your provider's $Person_for_Problem in your cell phone, use that if you can. Use their Customer Service number or use their INOC number putting down a project that does work because it's not the holy grail isn't productive.
Re: IP Prefixes are allocated ..
I suggest this should be common across ripe, apnic and lacnic, Routing Information Service http://www.ripe.net/ris/riswhois.html that should help the current situation with services already in place -Henry --- Owen DeLong [EMAIL PROTECTED] wrote: IP prefixes are NOT allocated to AS numbers, they are allocated to Organizations just like AS numbers. Perhaps this is part of why you can't find such a list. Owen --On November 28, 2005 11:45:58 AM +0530 Glen Kent [EMAIL PROTECTED] wrote: to different Autonomous systems. Is there a central/distributed database somewhere that can tell me that this particular IP prefix (say x.y.z.w) has been given to foo AS number? I tried searching through all the WHOIS records for a domain name. I get the IP address but i dont get the AS number. Any clues on how i can get the AS number? Glen -- If this message was not signed with gpg key 0FE2AA3D, it's probably a forgery.
OT: Cisco Patches 'Black Hat' IOS Flaw
http://www.eweek.com/article2/0,1895,1881303,00.asp Apparently now all the bluster about people capable of fixing problems with the internet without a congressional mandate worked still. -Henry
Re: Regulatory intervention
Reading some of this is rather disturbing, like if we live in some kind of control freak society, where every comment is we are trying to control terrorism so we must eliminate everyones right of expression and distort every means of communication including the internet. I disagree that companies should be harmed because of elements within a given state of these United States should have any power to regulate what any corporation like google does or does not do, just because they lack any talent to compete at all and I support now more than ever this effort... Google lobbies Congress for a 'free' internet http://www.vnunet.com/vnunet/news/2143440/google-beefs-lobbying-efforts -Henry --- [EMAIL PROTECTED] wrote: On Fri, 07 Oct 2005 13:26:54 EDT, Sean Donelan said: rankings of its search results, I assume a government regulatory agency will be able to issue orders and control how Google operates its bottleneck search infrastructure to provide fair, neutral and transparent, in the government agency's opinion, of google's operations? Go to Google. Enter googlebombing. Follow the first link. Read what happened on June 2, 2005. Evaluate the chances of the government enforcing *actual* fair, neutral, and transparent operations.
Re: MCI refusing to turn up OC-3 due to katrina relief efforts?
that would be very uncharacteristic of MCI to do that, and they do have a katria team down in that area working on restoring all services. Your client would know via his sales rep what the implementation team is doing and pressures would be brought to deal with that kind of problem, I think someone is clowning you -Henry --- Drew Weaver [EMAIL PROTECTED] wrote: Howdy, has anyone heard of MCI putting orders on hold in order to help with the Katrina relief effort? We ordered an OC-3 from them about 2 months ago and they've missed the install deadline 4 times now. The reseller we're working with said that they claim that they can't turn it up due to Katrina relief efforts. The local loop is installed and the port is connected, they just cant turn the order up. Has anyone else heard this or should I assume (as usual) the reseller is BS'ing me? -Drew
Re: IOS worm clarification
Andre; Thanks for your review and language skills in this area, the article translated was even a mess on babelfish and left more questions than answers -Henry --- J. Oquendo [EMAIL PROTECTED] wrote: / From: Andrei Mikhailovsky [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [Full-disclosure] Cisco IOS hacked? Hello, Being a co-author of the Hacking Exposed Cisco Networks book and one of the co-founders of Arhont Ltd an Information Security Company that is doing the research for the book on Cisco Devices I have to make the following comments about the article in SecurityLab.ru: The russian article (http://www.securitylab.ru/news/240415.php) has been badly paraphrased from the livejournal of one of the authors/researchers of the book. As a result of this outrageously inaccurate paraphrasing of the article many confusions and misunderstandings have been circling on the security related sources and mailing lists. Some of the issues addressed in the article are true and Arhont is currently preparing a formal advisory that will be sent to PSIRT. Among the discovered issues are multiple vulnerabilities in EIGRP implementation. Also, authors have addressed the _theoretical_ aspects of an algorithm for cross-platform worm that could spread in IOS based devices. The existence of the practical implementation of such warm is a complete lie. Let me assure that there has been no development nor the desire to develop such code by the authors of the book. The theoretical methodology and algorithms will be also discussed with PSIRT at the appropriate time. In addition, there has been some minor inconsistencies of the livejournal postings that will be soon addressed and edited. If you have any comments on this topic we would be glad to address them. -- Andrei Mikhailovsky Arhont Ltd - Information Security / =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x97B43D89 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x97B43D89 Just one more time for the sake of sanity tell me why explain the gravity that drove you to this... Assemblage
Re: LA power outage?
Utility Error Blamed for L.A. Blackout http://news.yahoo.com/s/ap/20050912/ap_on_re_us/la_power_outage -Henry --- Kevin [EMAIL PROTECTED] wrote: I've been dealing with a data center outage due to this, and power just came back up a few minutes ago. Halon dumps are only fun from the outside. Kevin Kadow
Re: Any issue with www.cisco.com
I am seeing no issues here other than the initial poll Hop IP Address Host Name Sent Recv RTT Av RTT Min RTT Max RTT % Loss 168.120.139.144 adsl-68-120-139-144.dsl.snfc21.pacbell.net 1 1 1875 ms 1875 ms 1875 ms 1875 ms 0.000% 268.120.139.254 adsl-68-120-139-254.dsl.snfc21.pacbell.net 1 163 ms63 ms63 ms63 ms 0.000% 3206.171.134.131 dist2-vlan50.snfc21.pbi.net 1 163 ms63 ms63 ms63 ms 0.000% 4216.102.176.226 bb2-10g2-0.snfcca.sbcglobal.net 1 163 ms63 ms63 ms63 ms 0.000% 5151.164.190.189 bb1-p4-0.snfcca.sbcglobal.net 1 163 ms63 ms63 ms63 ms 0.000% 6151.164.242.65 core1-p14-1.crsfca.sbcglobal.net 1 178 ms78 ms78 ms78 ms 0.000% 7151.164.240.134 bb1-p1-0.crsfca.sbcglobal.net 1 178 ms78 ms78 ms78 ms 0.000% 8151.164.41.101 ex1-p3-0.eqsjca.sbcglobal.net 1 178 ms78 ms78 ms78 ms 0.000% 9151.164.250.57 ge-6-12.car4.SanJose1.Level3.net 1 178 ms78 ms78 ms78 ms 0.000% 10 4.68.123.73 ge-7-1.ipcolo1.SanJose1.Level3.net1 1 78 ms78 ms78 ms78 ms 0.000% 11 4.0.26.14p1-0.cisco.bbnplanet.net 1 178 ms78 ms78 ms78 ms 0.000% 12 128.107.239.53 sjce-dmzbb-gw1.cisco.com 1 178 ms78 ms78 ms78 ms 0.000% 13 128.107.224.69 sjck-dmzdc-gw1.cisco.com 1 178 ms78 ms78 ms78 ms 0.000% 14 198.133.219.25 www.cisco.com 1 178 ms78 ms78 ms78 ms 0.000% --- Bruce Pinsky [EMAIL PROTECTED] wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Chip Mefford wrote: Gerry Boudreaux wrote: mtr shows the packet loss in the last hop for me: 14. sjck-dmzbb-gw1.cisco.com 0.0%62 66.6 75.4 64.5 293.7 37.1 15. sjck-dmzdc-gw2.cisco.com 0.0%62 62.5 65.4 59.2 155.4 13.1 16. www.cisco.com 14.8%62 59.2 64.7 58.1 88.4 7.2 I'm seeing roughly ~25 percent packet loss, it varies. If you are relying on ping and traceroute tests to measure packet loss, then you are coming to false conclusions. ICMP responses are throttled by many, many devices including routers, load balancers, firewalls, IPS devices, etc, etc. - -- = bep -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.0 (MingW32) iD8DBQFDHdMFE1XcgMgrtyYRAsjzAKDniJ5MAj+PWxH6vgYaImbJc/9A9wCfdNCx aBMSXJIsAm4NaGvJTVUpIVg= =rKlr -END PGP SIGNATURE-
Off Topic: Suspected Zotob Worm Authors Arrested
http://www.washingtonpost.com/wp-dyn/content/article/2005/08/26/AR2005082601201.html?sub=AR That was fairly quick -Henry
Re: KVM over IP Suggestions?
Here is an article that addresses some of these very issues, naturally there is always a costing factor, because non of the sought for solutions are easy to come by. http://www.networkcomputing.com/showitem.jhtml?docid=1616f3 -Henry --- Daniel Senie [EMAIL PROTECTED] wrote: At 12:41 PM 8/22/2005, Aaron Glenn wrote: On 8/22/05, Simon Hamilton-Wilkes [EMAIL PROTECTED] wrote: They support P/S2 / USB / Sun and serial - though are a very expensive way to do serial. And (last time I looked, at least) they required an expensive, proprietary, Windows-only authentication server (DSView) in addition to the client software licenses and hardware costs. Avocent makes several products in the KVM/IP space. Not all of them are tied to Windows Server authentication. At the low end, they've got a sub-$1000 single port box that works nicely for front-ending existing KVM switches that have on-screen controls. We've used and tested 4 or 5 products in this single port space. Results have been fair, bad and ugly. I would not consider any of them to be acceptable or better. There are several issues. As someone else noted, these usually push a viewer to you over either Java or Active-X. The little Avocent uses Active-X, so I have to remember to load up IE before accessing it. Internal authentication is, in my experience, essential. After all, if you're connecting in to deal with the server that's doing your authentication, you're screwed, yes, there are likely expensive ways to avoid that situation. Serial redirection and terminal servers are an option, but only if all of your servers support that. VNC isn't an option, unless you like your terminal sessions going over unencrypted pipes or set everything up to tunnel over SSH or VPN. Solutions that use VNC direct to the target server are insufficient. If you can't talk to the BIOS of a server that's not feeling well, what's the point? Once a server is actually up, SSH into the server gets you all you need, or VNC over SSH if you must do some graphics. Mouse control: all of the KVM/IP products we've tested have had serious issues with mouse control. With Windows boxes, we generally do our best to get boxes far enough up to use RDP, and switch to that because it's much cleaner. With Linux machines we find this less of an issue as we don't run consoles in graphics mode, thus bypassing the mouse sync issue. For the original poster, if you want to have the ability to let customers at the console of their server, but not others, you're going to be stuck using expensive equipment, with the ability to handle multiple simultaneous users, or go with servers that have KVM/IP as an on-board option (Intel's is the one I'm personally familiar with. Someone else mentioned Dell has such too). We made the move to KVM/IP and APC power cycling/control equipment a few years back and have never regretted doing so. Dan
RE: Outage queries and notices (was Re: GBLX congestion in Dallas area)
I did notice A low number on the index at http://www.internettrafficreport.com/namerica.htm -Henry --- Joel Perez [EMAIL PROTECTED] wrote: [ SNIP ] I think that these things are operational and belong here. Its' the level that ras is talking about and the content. Saying MCI has a massive fiber cut impacting 230 Congress IX vs. GBLX is not doing what I demand are very different types of outage posts. My original post to the list contained nothing about any services I expect with provider xxx. I asked if anybody else saw packet loss or congestion. My follow-up posts contained the reason as to why I was posting this to the list instead of to my provider, I then took it off-list with 2 other posters and managed to get more info out of them then out of GBLX. I try not to bash anybody because I know that doesn't really resolve anything most of the time. I'd like to see the higher level stuff we used to do and have some sort of information along with it vs. i see a packet drop in XYZ. A prefix or something. That usually makes people go look. I agree, it totally slipped my mind to provide that info. I just typed up a quick post and sent it out. Im my humble opinion I think this is Nanog content and that is why I posted it. Most posters opinion of what is and what isn't appropriate content varies. I love my delete key, if I don't think it's appropriate I delete it. No harm done to me. To each his own I guess. Thanks to those that responded.
Re: IBM to offer service to bounce unwanted e-mail back to the
This software is free at http://www.alphaworks.ibm.com/tech/fairuce -henry --- Anne P. Mitchell, Esq. [EMAIL PROTECTED] wrote: On Mar 23, 2005, at 12:37 PM, RSK wrote: On Tue, Mar 22, 2005 at 10:24:37AM -0800, Andreas Ott wrote: http://money.cnn.com/2005/03/22/technology/ibm_spam/ If this write-up is accurate, It's not. From the http://www.aunty-spam.com website: IBM Not Spamming Spammers! FairUCE is About Fair Use, Not Abuse! Did you hear? IBM is spamming spammers! Its all over the Internet, and tongues are awagging! Except, it aint so. IBM is not spamming spammers. Whether you think that spamming spammers is right or wrong, IBM aint doing it, and shame on CNN for getting it so wrong, and making IBM look so irresponsible, and in league with the likes of Lycos Make Love Not Spam DOSsing Screensaver program, and the notorious Mugu Maurauder bandwidth sucking program. You cant really blame the folks who read CNNs horribly wrong piece for spreading the rumour, after all it was quite sensationalist: Spamming spammers? IBM to offer service to bounce unwanted e-mail back to the computers that sent them. March 22, 2005: 12:22 PM EST NEW YORK (CNN/Money) - IBM unveiled a service Tuesday that sends unwanted e-mails back to the spammers who sent them. The new IBM (Research) service, known as FairUCE, essentially uses a giant database to identify computers that are sending spam. E-mails coming from a computer on the spam database are sent directly back to the computer, not just the e-mail account, that sent them. Wrong, wrong, wrong. About the only thing which the article got right is that the program is called FairUCE. FairUCE, according to IBMs own FairUCE website, readily available for anyone to read (cough CNN reporters..cough), is a spam filter that stops spam by verifying sender identity instead of filtering content. Lets say that again: FairUCE is a spam filter that stops spam by verifying sender identity instead of filtering content. If FairUCE cant verify sender identity, then it goes into challenge-response mode, sending a challenge email to the sender, to which the sender must reply, to demonstrate that it is not a spambot sending the mail in question, but a real live person. Here is IBMs explanation of how the FairUCE system works: Technically, FairUCE tries to find a relationship between the envelope senders domain and the IP address of the client delivering the mail, using a series of cached DNS look-ups. For the vast majority of legitimate mail, from AOL to mailing lists to vanity domains, this is a snap. If such a relationship cannot be found, FairUCE attempts to find one by sending a user-customizable challenge/response. This alone catches 80% of UCE and very rarely challenges legitimate mail. Now, being kind, its possible that the good folks at CNN mistook the sending of the challenge for spamming the spammer (Rest at http://www.aunty-spam.com/ibm-not-spamming-spammers-fairuce-is-about- fair-use-not-abuse/) Anne
Re: Cisco moves even more to china.
The only event that is driving this, is Cisco wants to dominate the Chinese market and the only way to sell in China is to manufacture product there, using their people to manufacture, that is how the game is played there and for the chinese it makes sense, considering the government there has has around 1.3 billion people to care for. The lack of understanding here is that Americans need to be cared for to, with economy that providers us with a sense of financial security. The problem centers around jobs now being promoted for poltical purposes as jobs, when you focus on these jobs, you will discover they are not living wage jobs and certainly not jobs that provide for intelligent people staffing them. The other issue that fits into this problem, is the Bush administration gets $1.12 for every dollar earned offshore from any product, so it basically doesn't care, since it keeps the US government solvent, while the rest of us get flushed down the tubes. Making matter's worse is the fact, that executives that support the Bush administration with outsourcing offshore, are financial rewards and tax incentrives that make it attractive to do so. If you don't like the politics of what is happening to you change it in November and work to turn our country around and preserve our friendships globally in the process. My 2 cents -henry
Re: APNIC Privacy of customer assignment records - implementation update
This proposal would be harmful in tracking hack attacks, ddos attacks and other forms of annoyance, spyware tracking and things that are beyond the capability for any agency to handle because of largese Technical fiefdoms were one of the worries of the 90's now we are here and that is becoming the direction, patenting rfc's and the like are harming the very fabric of the internet and detering the ability to keep it running.I am very disappointed -Henry --- william(at)elan.net [EMAIL PROTECTED] wrote: On Thu, 23 Sep 2004, Matt Ghali wrote: On Thu, 23 Sep 2004 16:19:19 +1000, George Michaelson [EMAIL PROTECTED] wrote: This is an important announcement on the implementation of APNIC approved proposal prop-007-v001 regarding privacy of customer assignment records. The proposal document, presentation, minutes, and discussion are available at: http://www.apnic.net/docs/policy/proposals/prop-007-v001.html Does anyone else find this as offensive as I do? Yes. And worst of all similar proposal is under discussion at ARIN, see http://www.arin.net/policy/2004_6.html So if you don't want the same unaccountability problem for ARIN, join ppml mail list and let argue against it. My own view is that this will make it a lot easier for spammers to get away with their works and easier for them to move from one isp to another. At the same time reassignment information is used by me and some others for geographical mapping of ip space and this will make harm this research activity as well. So if you're involved in something similar you may want to speak up about it as well. --- William Leibzon Elan Networks [EMAIL PROTECTED]
VeriSign's antitrust suit against ICANN dismissed
http://news.com.com/VeriSign%27s+antitrust+suit+against+ICANN+dismissed/2100-1030_3-5326136.html?tag=nefd.top
Fwd: YOUR EMAIL WON THE LOTTERY - Here is another one
--- Mrs Brigit Willem [EMAIL PROTECTED] wrote: X-Apparently-To: [EMAIL PROTECTED] via 66.218.79.74; Thu, 19 Aug 2004 08:28:12 -0700 X-YahooFilteredBulk: 82.35.148.130 X-Originating-IP: [82.35.148.130] Return-Path: [EMAIL PROTECTED] Received: from 82.35.148.130 (EHLO mailapps2-int.prodigy.net) (207.115.63.126) by mta829.mail.sc5.yahoo.com with SMTP; Thu, 19 Aug 2004 08:28:12 -0700 X-Header-Overseas: Mail.from.Overseas.source.82.35.148.130 X-Originating-IP: [82.35.148.130] Received: from 24.203.20.91 (82-35-148-130.cable.ubr04.enfi.blueyonder.co.uk [82.35.148.130]) by mailapps2-int.prodigy.net (8.12.10 shim/8.12.10) with SMTP id i7JFS2pe127626 for [EMAIL PROTECTED]; Thu, 19 Aug 2004 11:28:11 -0400 Message-Id: [EMAIL PROTECTED] Received: from mail0.fatcow.com (mail0.fatcow.com [209.12.212.5]) by mx.wdl.net with ESMTP; Aug, 19 2004 4:25:00 PM -0200 From: Mrs Brigit Willem [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: YOUR EMAIL WON THE LOTTERY Sender: Mrs Brigit Willem [EMAIL PROTECTED] Mime-Version: 1.0 Content-Type: text/plain; charset=iso-8859-1 Date: Thu, 19 Aug 2004 17:28:08 +0200 X-Mailer: Microsoft Outlook Express 6.00.2462. Content-Length: 1510 FROM: THE DESK OF THE LOTTO CHANCELLOR, INTERNATIONAL PROMOTIONS/PRIZE AWARD DEPARTMENT, REF: KIY/47560460037/02. BATCH: 24/23519/YHI ATTENTION: RE/ AWARD NOTIFICATION; FINAL NOTICE We are pleased to inform you of the announcement today 15-8-2004 of winners of the REAL EXCHANGE LOTTO PROMO ,THE GLOBAL MEGA LOTTERY INT., PROGRAMS AMSTERDAM held on 26 June,2004 through computer ballot system Your company/You email,is attached to ticket number 023-5876-790-279, with serial number 3673-10 drew the lucky numbers 43-14-42-37-69-25, and consequently won the lottery in the first category You have therefore been approved for a lump sum pay out of US$800 000:00 in cash credited to file REF:KIY /47560460037/02. This is from total prize money of US$90,000,000.00 shared among the 25 i nternational winners in this category. All participants were selected through a computer ballot system drawn form 30,000 names from Australia, New Zealand, America, Europe, North America, Asia, and Africa as part of International Promotions Program, which is conducted annually. CONGRATULATIONS! Your fund is now deposited with a Finance House insured in your name. Due to the mix up of some numbers and names, we ask that you keep this award strictly from public notice until your claim has been processed and your money remitted to your account. This is part of our security protocol to avoid double claiming or unscrupulous acts by participants of this program. We hope with a part of you prize, you will participate in our end of year high stakes US$1.0 Billion Netherlands International Lottery. To begin your claim, please contact our international claim agent: Mr Tony van More email:[EMAIL PROTECTED] Tel:+31-62-00-79-843 INTERNATIONAL COORDINATOR, For due processing and remittance of your prize money to a designated account of your choice. Remember, all prize money must be claimed not later than 30th september, 2004. After this date, all funds will be returned as unclaimed. NOTE: In order to avoid unnecessary delays and complications, please remember to quote your reference and batch numbers in every one of your correspondences with your agent.Furthermore, should there be any change of your address, do inform your claim's agent as soon as possible. Congratulations again from all our staff and thank you for being part of our promotions program. Sincerely, Mrs Brigit Willem THE PROMOTIONS MANAGER,GLOBAL MEGA LOTTERY INTERNATIONAL N.B. Any breach of confidentiality on the part of the winners will result to disqualification. THANKS FOR WINNING.
Re: Phishing (Was Re: WashingtonPost computer security stories)
How strange, I received that in my email too.. -Henry --- Niels Bakker [EMAIL PROTECTED] wrote: Speaking of computers fubar'ed by spyware, I just found a particularly nice example of a phishing attempt. SpamAssassin had tagged it with the astronomical score of 136.3 thanks to SARE. The mail originated from 68.77.56.130 (an ameritech.net DSL connection, right now not pingable) and loads some images from www.citibank.com. It links to http://61.128.198.51/Confirm/ - an IP address hosted by Chinanet (transit to there supplied by Savvis from my point of view). That page does something interesting: it meta refreshes itself to Citibank's corporate homepage but also pops up a window (/Confirm/pop.php) requesting the user's card#, PIN (twice) and a new PIN. The main page being citibank probably lends some credibility to the scam. This attack won't work if your browser blocks popups, or if you remember that the padlock icon in the status bar is what tells you the status of a connection, not a 128-bit SSL or Verisign trust-e or whatever logo inside the webpage. It's disheartening to see that this website is still online after several days (I received the scam mail received Friday morning). I'm thinking that Citibank will cease to be a target if they give (ok, it's a bank - sell) their subscribers a hardware token that requires presence of the ATM card when the customer wants to use online banking facilities... as several banks here in the Netherlands do. -- Niels.
RE: BGP-based blackholing/hijacking patented in Australia?
I do miss the old days of this list, technical growth and global participation in events was exciting... -her --- Alex Bligh [EMAIL PROTECTED] wrote: --On 14 August 2004 22:23 +0300 Hank Nussbacher [EMAIL PROTECTED] wrote: Predating this is Bellwether (June 2000): Indeed. In days of yore, when people developed at least marginally non-obvious operational techniques, people sent email to nanog about it, explaining the technique and their experience (hence the NOG bit); the reception wasn't always positive, but at least the criticism was technical. I wonder what the driving factor was for the change. Alex
Re: BGP-based blackholing/hijacking patented in Australia?
One would have to conclude since it is the behavior of the present. that it shall not subside anytime soon. Ir was a wonderful time on the internet when we still had trust and respect for each other's endeaver, now we will have to collaborate to get things done with legal shields, we can all thank Washington for the mess they have created and in particular RIAA which has brought this kind of problem to everyone. -Henry --- Hank Nussbacher [EMAIL PROTECTED] wrote: At 01:41 PM 12-08-04 +0100, Stephen J. Wilcox wrote: On Thu, 12 Aug 2004, Petri Helenius wrote: We have had running code for this since early this year, so depending on the date they filed, prior art exists well documented. (blueprints obviously predate running code) everyone has gone patent crazy, every time a new concept is developed some company applies for patent. is this the future or rfcs then? No. This should be the future for patent hijacks: http://freepatentsonline.com/6293874.html -Hank Steve
RE: BGP-based blackholing/hijacking patented in Australia?
Redirecting is nothing new and has been around for years, it was never a real problem until washington and the media stuck their face into something they had no clue about, as usual. I am certain there are ways to prevent redirection and those should be applied without a congressional hearing.. -Henry --- Michel Py [EMAIL PROTECTED] wrote: Bevan Slattery wrote: Just to ease peoples concerns, the patent has nothing to do with blackholing. A brief description of the way it works can be found here: I believe that I am not the only one that is concerned precisely because it is _not_ blackholing, it is hijacking, no matter how legitimate the reason. me puts the devil's advocate suit on To say it bluntly, it smells a lot like the illegitimate offspring of an RBL and Verisign's wildcard deal. The phishing con artists redirect the unsuspecting mark to a third-party site, and this stuff also redirects the unsuspecting mark to another page: Where is the user re-routed to? If an end user is a victim of a scam and is redirected via the ScamSlam system, then the page they are redirected to is specified by the agency entering the scam data. Déjà vu: redirect the user's mistakes/stupidity to one's own business. What tells me that the agency is not the back office of the phishing scheme in the first place? Same as spyware: there is anti-spyware out there that deletes all the spyware installed by their competitors and conveniently forgets to detect or fix their own. And I also do see good opportunity for joe-jobs here: get some el-cheapo hosting on the hosting server that you want to take down, setup a fake phishing web page, then send phishing email and/or report the dummy phishing to the agency. The IP gets blacklisted and takes down thousands of web sites along with the one that bozo paid $10 one-time for. Gee, it costs less than a movie and popcorn. /me puts the devil's advocate suit on Oh BTW, good luck trying to blacklist a large zombie pool that collectively hosts the phishing page and individually send their own address and listening port in the phishing email. Why phish on a single IP when one can phish distributed? Anyway, what's the difference with blackholing? The route-map sets the next-hop to a NAT box that dynamically binds the IP addresses contained in the BGP feed (instead of setting the next-hop to a blackhole)? BFD. Trying to patent the wheel is not good for credibility, nor is using the very same stinky methods as the scam artists. Michel.
Re: BGP-based blackholing/hijacking patented in Australia?
Well if it will harm the community, would it be possible to auto copyright rfc's, so that the authors of a concept can prevent someone from sipping their effort off? Ignorance at the top doesn't mean we can't be like always leading the way.. -Henry --- Stephen J. Wilcox [EMAIL PROTECTED] wrote: On Thu, 12 Aug 2004, Petri Helenius wrote: We have had running code for this since early this year, so depending on the date they filed, prior art exists well documented. (blueprints obviously predate running code) everyone has gone patent crazy, every time a new concept is developed some company applies for patent. is this the future or rfcs then? Steve
Re: BGP-based blackholing/hijacking patented in Australia?
ok so then in the copyright let us see if can cover all variations of the original concept as belonging to the original author or author's as a test case for adaption and modificaiton to copyright law. I strongly believe in the protection of original idea's in reference to rfc's -Henry --- Stephen J. Wilcox [EMAIL PROTECTED] wrote: one issue with that might be that the patents are taken out on variations of the core idea, imho the variations are not new ideas but legally they seem to get away with it Steve On Thu, 12 Aug 2004, Henry Linneweh wrote: Well if it will harm the community, would it be possible to auto copyright rfc's, so that the authors of a concept can prevent someone from sipping their effort off? Ignorance at the top doesn't mean we can't be like always leading the way.. -Henry --- Stephen J. Wilcox [EMAIL PROTECTED] wrote: On Thu, 12 Aug 2004, Petri Helenius wrote: We have had running code for this since early this year, so depending on the date they filed, prior art exists well documented. (blueprints obviously predate running code) everyone has gone patent crazy, every time a new concept is developed some company applies for patent. is this the future or rfcs then? Steve
Re: ad.doubleclick.net missing from DNS?
While I disagree with the method of the attacker, I can understand the reasoning behind an attack on a company that is considered a spyware company, doubleclick certainly has turned up more than once on my version of spybot as a site to block. -Henry --- Sean Donelan [EMAIL PROTECTED] wrote: http://www.washingtonpost.com/wp-dyn/articles/A18735-2004Jul27.html DoubleClick spokeswoman Jennifer Blum said the attack targeted the company's domain name servers (DNS) -- machines that help direct Internet traffic -- causing severe service disruptions for all 900 of its customers. Blum said the outage was caused by a distributed denial-of-service attack, in which hackers use the firepower of thousands of hijacked computers to flood a Web site with so many bogus Web page requests that it renders the site unavailable to legitimate users. [...] The FBI is not investigating the incident because DoubleClick has not filed a report, said bureau spokeswoman Megan Baroska.
RE: VeriSign's rapid DNS updates in .com/.net
Before a big panic starts, they can restore it back to the way it was if there is an event of such proportion to totally hoze the entire network or any major portion of it, until they fix any major issue with these changes -Henry --- Sam Stickland [EMAIL PROTECTED] wrote: Well, a naive calculation, based on reducing the TTL to 15 mins from 24 hours to match Verisign's new update times, would suggest that the number of queries would increase by (24 * 60) / 15 = 96 times? (or twice that if you factor in for the Nyquist interval). Any there any resources out there there that have information on global DNS statistics? ie. the average TTL currently in use. But I guess it remains to be seen if this will have a knock on effect like that described below. Verisign are only doing this for the nameserver records at present time - it just depends on whether expection for such rapid changes gets pushed on down. Sam On Thu, 22 Jul 2004, Ray Plzak wrote: Good point! You can reduce TTLs to such a point that the servers will become preoccupied with doing something other than providing answers. Ray -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Daniel Karrenberg Sent: Thursday, July 22, 2004 3:12 AM To: Matt Larson Cc: [EMAIL PROTECTED] Subject: Re: VeriSign's rapid DNS updates in .com/.net Matt, others, I am a quite concerned about these zone update speed improvements because they are likely to result in considerable pressure to reduce TTLs **throughout the DNS** for little to no good reason. It will not be long before the marketeers will discover that they do not deliver what they (implicitly) promise to customers in case of **changes and removals** rather than just additions to a zone. Reducing TTLs across the board will be the obvious *soloution*. Yet, the DNS architecture is built around effective caching! Are we sure that the DNS as a whole will remain operational when (not if) this happens in a significant way? Can we still mitigate that trend by education of marketeers and users? Daniel
Script Injection Makes Phishing Harder to Catch
A new twise on phishing... http://www.eweek.com/article2/0,1759,1624905,00.asp -Henry
Re: China deploys Internet protocol version 9 network
China's New Generation Of Ipv9 Network Technology Ready July 2, 2004 http://www.chinatechnews.com/index.php?action=showtype=newsid=1405 Interesting development -Henry --- [EMAIL PROTECTED] wrote: On Mon, Jul 05, 2004 at 11:15:06PM -0700, John Obi wrote: Hello, Have you heard of IPv9? or it was IPv8? China's Internet technology Ipv9,which being compatible with IPv4 and IPv6,has been formally adapted and popularized into the civil and commercial sector. http://news.xinhuanet.com/english/2004-07/05/content_1572719.htm Thanks, -J IPv9 is the TUBA protocol - RFC 10xx - from the last century. :) This is a modification that uses the 10digit telephone#. Tony Hain refered to this as e164-like. Others have less complementary things to say. --bill
Re: Sipura VoIP phone adapters and DoS against name servers
Get in contact with manufacturing vender for a fix, and then tell us what they did or what they intend to do to remedy the problem. -Henry --- [EMAIL PROTECTED] wrote: Last night we configured our equipment to reject recursive DNS lookups from non-customers. This morning, soon after normal office hours began, we started receiving around 2500 DNS lookups per second more than normal to our recursive name servers. After analyzing the DNS lookups, we found that all of the extra traffic was generated from customers of a local VoIP provider which uses Sipura (SPA-2000) phone adapters. It seems that when these adapters don't receive answers to their DNS queries, they will retransmit the query once per second (until they receive an answer). Multiply by number of adapters, and you have the recipe for a nice DoS. Shades of Netgear NTP DoS (http://www.cs.wisc.edu/~plonka/netgear-sntp/) - don't vendors ever learn? Steinar Haug, Nethelp consulting, [EMAIL PROTECTED]
Appeals court deals setback to spammers
One more feather in our cap :) http://seattletimes.nwsource.com/html/businesstechnology/2001968539_spam30.html
EFF Publishes Patent Hit List
This is a very serious list, because it addresses the basic idea of being able to do business for everyone without being heald hostage by patents who work against the best interests of keeping the interent open http://www.wired.com/news/politics/0,1283,64038,00.html?tw=wn_tophead_2
Re: E-Mail Snooping Ruled Permissible
Maybe Phil Zimmerman should come forth with new toys for big boys that will be more valient an effort than pgp with less a threat to his personal liberty. We definately need some relief from constantly being criminalized enmasse for actions from citizens of other nations and from control freaks who have for years slandered us and criminalized us for actions we have not participated in. -Henry --- Steven M. Bellovin [EMAIL PROTECTED] wrote: In message [EMAIL PROTECTED], John Neiberger writes: http://wired.com/news/print/0,1294,64043,00.html Yet another reason why we should develop a system where all Internet communications can be easily encrypted, whether it's email, VoIP, or whatever. It's not like it's horribly difficult now in some cases, but it does have its difficulties when it comes to implementation on a large scale. Yes -- especially if people rely on wiretap-enabled certificates from their ISPs --Steve Bellovin, http://www.research.att.com/~smb
Re: Can a Customer take their IP's with them? (Court says yes!)
Since all NSP's, ISP's, ALEC's, BLEC's and CLEC's adhere to this accepted behavior and there are more than 100 I blieve the court would be on the side of the plaintiff under the 3rd amendment of the constitution. It is my understanding that doing otherwise will cause an administrative nightmare and harm to the standard numbering system across vast segments of the industry and would create greater security risks than at present. It would cause enconomic harm to software writen specifically towards the current system and force redistribution of software and or fixes that could be disruptive for months on end. Worse case scenario. I think this is a bad precedent, and poor judgement on the part of the defendent ISP, for the small number block they have. The long term potential harm could result in small ISP's not being able to get number blocks thus making it more difficult for small companies to gain better backbone access, from their Tier 1 host counterparts and could trigger a potentional shakeout in the industry. Have A nice day... -Henry --- Stephen J. Wilcox [EMAIL PROTECTED] wrote: Can we stop the analogies before they begin. This is not the PSTN, comparing it to the PSTN appears to be where the court is going wrong. This is the Internet. It is internationally accepted policy that IP space is issued under a kind of license that does not give ownership or transferability. It is also part of the fundemental operation of the Internet that address space remains aggregated and that customers borrow space from the provider and if they move they get given new address space by the new provider. This is agreed by IANA, the RIRs, the ISPs. Steve On Tue, 29 Jun 2004, Johnny Eriksson wrote: Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: Regardless, this is not a telephony issue (Can I take my cell number with me?), as the courts as seem disposed to diagnose these days, but rather, a technical one insofar as the IP routing table efficiency. No, this is not about taking a phone number. This is about a someone moving to a new apartment in a different part of town, and asking the court to force the owner of the old house to reassign the old street address to him. --Johnny
Re: BGP list of phishing sites? Website behind Net attack offline
http://www.news.com.au/common/story_page/0,4057,9975753%255E1702,00.html -Henry --- Scott Call [EMAIL PROTECTED] wrote: Happy Sunday nanogers... I was doing some follow up reading on the js.scob.trojan, the latest hole big enough to drive a truck through exploit for Internet Explorer. On the the things the article mentioned is that ISP/NSPs are shutting off access to the web site in russia where the malware is being downloaded from. Now we've done this in the past when a known target of a DDOS was upcoming or a known website hosted part of a malware package, and it is fairly effective in stopping the problems. So what I was curious about is would there be interest in a BGP feed (like the DNSBLs used to be) to null route known malicious sites like that? Obviously, both operational guidelines, and trust of the operator would have to be established, but I was thinking it might be useful for a few purposes: 1 IP addresses of well known sources of malicious code (like in the example above) 2 DDOS mitigation (ISP/NSP can request a null route of a prefix which will save the Internet at large as well as the NSP from the traffic flood 3 etc Since the purpose of this list would be to identify and mitigate large scale threats, things like spammers, etc would be outside of it's charter. If anyone things this is a good (or bad) idea, please let me know. Obviously it's not fully cooked yet, but I wanted to throw it out there. Thanks -Scott
RE: Attn MCI/UUNet - Massive abuse from your network
I think that is a bit irresponsible for the simple reason that MCI has many co-lo clients and any of their machines could be vulnerable, I think also that needs to addressed so that blanket statements are supported by fact and not the need to competitively break a company down in hopes the you can steal away it's customer base -Henry --- Tom (UnitedLayer) [EMAIL PROTECTED] wrote: On Fri, 25 Jun 2004, Ben Browning wrote: At 04:00 PM 6/24/2004, Hannigan, Martin wrote: [ Operations content: ] Do you know of any ISP's null routing AS701? ISPs? Not of the top of my head. I know several businesses who have, and a great many people who have blocked UUNet space from sending them email, either by using SPEWS, the SBL, or mci.blackholes.us . Do these people know how much legitimate email they're missing, for every spam message that's blocked? I noticed that from my personal mailbox (which I do filter with spam assassin), for every one legit mail that gets blocked/tagged by SPEWS, there's maybe 1-2 junkmails. Thats not a very impressive ratio...
Re: Looking Glass Wiki
I noticed that recently on Geektools also and that needs to updated and or fixed -Henry --- Janet Sullivan [EMAIL PROTECTED] wrote: Thomas Kernen wrote: Since I've been hitting a lot of looking glass sites on traceroute.org lately that no longer worked, I decided to make my own list in wiki form. FYI Traceroute.org is updated approx once a month, most of the input is based on user feedback these days since automated checking is usually rejected by a lot (most) webmasters in order to prevent automated querries so I get a lot of false positives. Also, since quite a few of these services are maintained by engineering teams they tend to go offline for hours/days/weeks/months but are valid URLs. First, let me say that traceroute.org is a wonderful site. I have no desire to pull all of it into wiki format. All I am interested in are the looking glasses and route servers. Since there are only a few hundred of these, I'll still be able to hand check them every few weeks. Also, being a wiki, users will be able to update the entries themselves. Thanks for all the hard work you to on traceroute.org. I really appreciate and use it a lot.
Re: Unplugging spamming PCs
That sentence is A joke 15000 subscribers affected Court Convicts Obscene Text Messager http://www.reuters.com/newsArticle.jhtml;jsessionid=IPQ4NZVA4P24ACRBAELCFEY?type=technologyNewsstoryID=5504916 --- [EMAIL PROTECTED] wrote: And again, much of this comes down to enforcement. When was the last time you heard of a spammer's domain being pulled? How about the last time you saw a spammer be even remotely bothered by having their domain pulled? Do you think they'll really care less about losing a mail server when they've got another dozen lined up ready and waiting? Well, just a couple of days ago I read about a Russian court in Chelyabinsk that sentenced a spammer to two years in prison. It's the first conviction under a Russian law that forbids the use of malicious software and the court felt that the spamming scripts used by this guy were malicious software. What he did was to send text messages to mobile phone subscribers of a single company by means of a web gateway. I think the main reason he was put on trial was because the mobile operator whose customers were getting the spam and whose gateway was being misused, went to the police and complained. How many ISPs in the USA go to the police and register official complaints about spammers? We have lots of smart people who can track down and identify spammers but it does no good unless the companies who suffer damage register an official police complaint. --Michael Dillon
Re: Homeland Security now wants to restrict outage notifications
Consider the source of policy makers that make these decisions, are clueless to networks and infrastructure themselves. They fail to understand any costing metrics by adding another loop of useless people to he cycle at the expense of everyone, which will in the long run be damaging to the economy of those companies who will then move those centers offshore to remove the DHS from their loop, which causes job loss and skill base destruction beyond what it already is in the US. My vote on this proposal is no and contact my gov rep and complain. -Henry --- Adam 'Starblazer' Romberg [EMAIL PROTECTED] wrote: I think you (and possibly The Register) are overreacting. With the current state of the government and it's previous legislation, I would consider that not overreacting at all... We as NANOG'ers need to make sure that we're in the clue. The issue of non-information leads for longer troubleshooting, and more irate customers. To each his own, however.. Thanks, Adam Adam 'Starblazer' Romberg Appleton: 920-738-9032 System Administrator Valley Fair: 920-968-7713 ExtremePC LLC-=- http://www.extremepcgaming.net
AOL Orders the Spam Special
And just when things looked dismal this had to happen to make it more so http://www.washingtonpost.com/wp-dyn/articles/A1898-2004Jun24.html?referrer=email -Henry
Re: S.2281 Hearing (was: Justice Dept: Wiretaps...)
if the pro-ported bad guys are so swift why would they use anything packaged anyway? They have engineers and scientific minds in their ranks that understand devices, boards and the likes and could simply create their own data centers and simply use new protocols to communicate over the public lines and not one person would know the difference, all the laws in the world would not stop them, since US law doesn't apply to anyone but US citizens and most other nations could care less about what we imagine, contrive and go into hysterics about. -Henry --- John Curran [EMAIL PROTECTED] wrote: At 12:06 AM -0400 6/20/04, Sean Donelan wrote: On Sat, 19 Jun 2004, John Curran wrote: S.2281 takes the middle of the road position in areas such as lawful intercept, universal service fund, and E911. At a high-level, those VoIP services which offer PSTN interconnection (and thereby look like traditional phone service in terms of capabilities) under S.2281 pick up the same regulatory requirements. It sounds good, if you assume there will always be a PSTN. But its like defining the Internet in terms of connecting to the ARPANET. Correct. It's a workable interim measure to continue today's practice while the edge network is transitioning to VoIP. It does not address the more colorful long-term situation that law enforcement will be in shortly with abundant, ad-hoc, encrypted p2p communications. What about Nextel's phone-to-phone talk feature which doesn't touch the PSTN? What about carriers who offer Free on-net calling, which doesn't connect to the PSTN and off-net calling to customers on the PSTN or other carriers. Will the bad guys follow the law, and only conduct their criminal activities over services connected to the PSTN? Sean - what alternative position do you propose? /John
Re: Verisign vs. ICANN
It is amazing that one psrson Paul Vixie could be so intimidating that he must be intimidated and maligned as a conspirator in order to eliminate him as a potential threat because of his knowledge. I find that pretty ironic that a billion dollar corporation is that weak. -Henry --- Patrick W Gilmore [EMAIL PROTECTED] wrote: On Jun 18, 2004, at 2:25 PM, Wayne E. Bouchard wrote: verisign's official position throughout the sitefinder launch was that users are free to disable it if they want to. they did NOT want this characterized as them shoving their sitefinder service down anybody's unwilling throat. so i don't expect any action to occur against folks who installed a BIND patch. Um, unless I really missed something during this whole episode, that was the only way TO disable it. Have the roots recurse and put a wildcard in for anything that does not resolve. Makes Paul a ... well, not a competitor, 'cause that would imply they were in competition. If the roots put in the wild card, the GTLDs cannot compete. -- TTFN, patrick
RE: Akamai DNS Issue?
sbc/yahoo and them wee doing upgrades on their email last night could be moving things around to accomodate -Henry --- Drew Weaver [EMAIL PROTECTED] wrote: Similar issues with Yahoo on and off since about 8:30am (EST). -Drew -Original Message- From: Leo Bicknell [mailto:[EMAIL PROTECTED] Sent: Tuesday, June 15, 2004 9:09 AM To: [EMAIL PROTECTED] Subject: Akamai DNS Issue? From here neither www.google.com, nor www.apple.com work. Both seem to return CNAMES to akadns.net addresses (eg, www.google.akadns.net, www.apple.com.akadns.net), and from here all of the akadns.net servers listed in whois are failing to respond. Can someone confirm from another location? Comments from Akamai? -- Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ Read TMBG List - [EMAIL PROTECTED], www.tmbg.org
Yahoo Raises Stakes in E-Mail War with Google
This is what I was talking about... http://www.reuters.com/newsArticle.jhtml;jsessionid=ROKTUY2SVUOBMCRBAELCFFA?type=internetNewsstoryID=5421215
Re: Points on your Internet driver's license (was RE: Even you can be
Wow he has changed and toned down a lot from those days -Henry --- [EMAIL PROTECTED] wrote: 8 to 10 years ago the discussions were dominated by Karl D(1), where *everything* was defined as to whether is was actionable or not. Googling for Karl Denninger and actionable only gets 30 hits but, oh the nostalgia of it all... Check out http://www.denninger.net to see that he is still alive and kicking and protesting one thing or another.
Re: Even you can be hacked
Here are a list of very active ports that attempt to hack into peoples systesm from various parts of the world China in particular. I think unassigned ports should be dropped from routing tables unless they are registered with the host and or providers as to their legitimate use smpnameres 901/tcp SMPNAMERES smpnameres 901/udp SMPNAMERES blackjack 1025/tcpnetwork blackjack blackjack 1025/udp network blackjack cap1026/tcp Calender Access Protocol cap1026/udp Calender Access Protocol exosee 1027/tcp ExoSee exosee 1027/udp ExoSee # 1124-1154 Unassigned ssslic-mgr 1203/tcpLicense Validation ssslic-mgr 1203/udp License Validation ms-sql-s 1433/tcp Microsoft-SQL-Server ms-sql-s 1433/udp Microsoft-SQL-Server ms-sql-m 1434/tcp Microsoft-SQL-Monitor ms-sql-m 1434/udp Microsoft-SQL-Monitor # 6851-6887 Unassigned monkeycom 9898/tcp MonkeyCom monkeycom 9898/udp MonkeyCom And I need a list that shows who or what owns Dynamic and/or Private Ports -Henry --- Laurence F. Sheldon, Jr. [EMAIL PROTECTED] wrote: Andy Dills wrote: On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. wrote: Jeff Shultz wrote: But ultimately, _you_ are responsible for your own systems. Even if the water company is sending me 85% TriChlorEthane? Right. Got it. The victim is always responsible. There you have it folks. Change the word victim to negligent party and you're correct. Ignoring all of the analogies and metaphors, the bottom line is that ISPs are _not responsible_ for the negligence of their customers, and that ISPs are _not responsible_ for the _content_ of the packets we deliver. In fact, blocking the packets based on content would run counter to our sole responsibility: delivering the well-formed packets (ip verify unicast reverse-path) where they belong. Remember, we're service providers, not content providers. Unless your AUP or customer contract spells out security services provided (most actually go the other way and limit the liability of the service provider specifically in this event), then your customers have to pay you to secure their network (unless you feel like doing it for free), or they are responsible, period. As far as I'm concerned, that guy would have a better shot at suing Microsoft then challenging his bandwidth bill. Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- How many more of these do I need, do you think? -- Requiescas in pace o email Ex turpi causa non oritur actio http://members.cox.net/larrysheldon/
RE: Even you can be hacked
I can agree with that and Randy pointed out when these idea's were created and writen, security was not part of the overall plan because there were trusted parties on either end of the spectrum. I think that my intent was noble and I am glad I started a controversy, because this is an issue that needs to be addressed as we move forward with internet development and secure application development. Working for a telecomm/datacomm company gives me some insight into the problem, I am looking into it deeper from a hardware perspective, of designing a solution that goes on a board among other system's issues... Yeah I brainstorm too, and also being an end user client I think about the end result of no solution and people overwhelemed with issues that lead to no solution to people so overwhelmed they think legislating law can fix broken code. It does help when the architects give me insight to the issue and how immense it is and what to look at when I am determining the end result of any of my efforts. -henry --- Alex Bligh [EMAIL PROTECTED] wrote: --On 11 June 2004 14:18 -0700 Randy Bush [EMAIL PROTECTED] wrote: the bottom line o if you want the internet to continue to innovate, then the end-to-end model is critical. it means that it If there is a lesson here, seems to me it's that those innovative protocols should be designed such that it is relatively easy to prevent or at least discourage bad traffic. Because that's in the long run easier (read cheaper for those of you of a free market bent) than educating users in an ever changing environment. It would be a bit rich to criticize SMTP (for instance) as misdesigned for not bearing this in mind given the difficulty of anticipating its success at the time, but there is a lesson here for other protocols. I can think of one rather obvious one which would seem to allow delivery of junk in many similar ways to SMTP; hadn't thought of this before but we should be learning from our mistakes^Wprevious valuable experience. Alex
Re: Points on your Internet driver's license (was RE: Even you can be hacked)
Scalable bandwidth is not new and is charged for, what is the issue about that? If the network is compromised and it is on the client end, that is what business insurance is for, so that everyone gets their's (payments, otherwise other types of arrangements need to be made, according to the doctrine of reasonable man -henry R Linneweh --- Adi Linden [EMAIL PROTECTED] wrote: If your child borrows your credit card, and makes lots of unathorized charges, you may not have to pay more than $50; but the bank can go after your son or daughter for the money. Most parents end up paying, even if they didn't authorize their children to use the credit card. So the credit card company calls you and asks about a bunch of suspicious charges being placed on you card. Ok, just keep on charging. Now who's to blame for these charges by your sons and daughters and the russian mafia? I sell a client a metered product (gas, water, electricity, telephone, internet data, etc). I notice unusually high consumption. I inform the client that the bill is accumulating rather quick and I suspect a problem. I have done my job. The client either tells me to stop delivery until the problem is diagnosed and resolved or tells me to continue service. Either way, the ball in in the clients court. If the client chooses continuation of service despite high consumption and subsequent huge bill he has an obligation to pay, no matter WHY the usage was to high. Our society has a screwed up sense of responsibility. Everyone else is supposed to look out for me and take care of me. If something happens to me because I do something stupid or foolish someone failed to warn me, didn't make the sign big enough, didn't sound the horn loud enough, didn't lock me up so I couldn't hurt myself. This isn't true for everybody but way too many Adi
Re: botnets world and the FBI
E-crime = E-crap another media driven dribbled label. There are many students, even housewives who in their spare time write botnets and other software mechanisms simply for the purpose of learning how to program, in C and C++ or even learn how to script in Perl, Python and tcl. To make a blanket statement is to condemn innocent people who have nothing to do with a limited group of people that do warez aka pirate software on irc servers when law enforcement, already has been there to make cases and arrests and prosecutions. Seeing that a dalnet luser is crying wolf, if my history has taught me correctly, that network got ddos'd out of existence over warez and battles over control over software piracy. Other networks were intelligent enough to get out of the way and make sure such events do not destroy the client base. -Nite --- [EMAIL PROTECTED] wrote: On Tue, 01 Jun 2004 17:06:20 EDT, Jamie C.Pole said: Because academics know EVERYTHING. What's that got to do with anything? (or are you making the rather rash and all-too-common generalization that everybody who posts from a .edu is an academic? Surprise - at least some sites are clued enough to keep academics in the classroom and lab, and hire people who know something about production environments to run the network and the big servers) Let's not talk about the links between financial fraud, drugs, and terrorism. Of course they're related... Right... my point is that e-crime is a *symptom* of the others - you won't be able to do anything about e-crime until the *root* problem (fraud/drugs/terrorism) is dealt with. We have had enough ill-defined 'War on Election-Year-Buzzwords' (terrorism, drugs, organized crime, illiteracy, poverty - the wars on Communism and Inflation seem to have evaporated. I've probably missed a few...). And we seem to do a very poor job of ever asking *why* people decide to blow us up, or do drugs, or be poor/homeless. I don't see any reason why we'd do any better with e-crime. And even if E-crime *is* a separate war we need to declare, where will we get the resources from? Our military has long had a policy regarding the troop strength we need, and bases it on a We can handle 3 small conflicts, or 1 large and one small, and we need to avoid being in 2 major conflicts at once type of ruleset. Take a look how many billions of dollars a month we're collectively hemorrhaging in Iraq, and ask what we'll trim to fight e-crime. ATTACHMENT part 2 application/pgp-signature
Re: netlantis news
Well between completewhois and netlantis my day is made -henry --- Pascal Gloor [EMAIL PROTECTED] wrote: Hello ppl, as you probably have noticed, netlantis is down since a while. Netlantis had critical performance problems and we decided to re-write some of the core scripts to improve the DB update. While doing this we had some new ideas about how to process the updates and much more has been re-written. There are no new features for the users, just the core-system works on a different way and all the BGP updates queuing problems will be gone. What's new then ? netlantis is running now since several weeks its own BGP daemon called (guess) nbgpd. So far it works well and has pretty nice performance (able to handle up to 500 full BGP sessions (tested up to 100)). nbgpd is dumping updates into files (per peer, per timestamp) in its own (simple) binary format. The updates are then sent to ndb (netlantis DB manager) which is a fast routing table status file updater. This also runs since several weeks. the last difficulty is to convert this ndb format for the SQL database (to handle all the web/whois/telnet queries). So far we wrote the MySQL (MyISAM format) data file properly. So? why isnt it up yet We still have a last part to finish, writing the MySQL (MyISAM format) index file. Once this step completed, netlantis will come back up! What's the difference for the lambda user?? Reliable informations! Until now, global cisco bug upgrade worldwide in the world made netlantis to go booom due to the high load of bgp updates. This will no more happen. We expect to have a delay to real-time of about 10 to 15 minutes, with few or many BGP updates, it wont matter! Well, I dont care about your internal stuff, when will it be back We expect to bring netlantis back during the next week. We will inform you then. Best Regards, Pascal Gloor _ __ ___ _ / |/ / __/_ __/ / / _ | / |/ /_ __/ _/ __/ // _/ / / / /__/ __ |// / / _/ /_\ \ /_/|_/___/ /_/ //_/ |_/_/|_/ /_/ /___/___/.org ... where all the routes meet
Buffalo Spammer sentenced to prison
http://story.news.yahoo.com/news?tmpl=storycid=1093e=2u=/pcworld/20040527/tc_pcworld/116307
Re: Cisco HFR
I'm curious here, don't photons cause a lot of reflective jitter because of their large size ?? -henry --- Mikael Abrahamsson [EMAIL PROTECTED] wrote: On Tue, 25 May 2004, Peter Lothberg wrote: You can run the same distance as you do with your 10G system. It;s mostly driven by dispersion, crosstalk and snr if you have many amps. Milage varies with span design, but is not much different than 10G (as the symbol speed is till 10G). Ah, so it's actually 4 different wavelengths within the ITU-grid alottment of one single 10G wave? Can 10G optical amplifiers be used? Yepp.. How does the fact that you need to amplify four times the photons in the same wavelength space affect things? Just needs to be taken into consideration when calculating the amount/number of amplification/amplifiers? Is this something in production or alpha/beta test with the DWDM manufacturer? -- Mikael Abrahamssonemail: [EMAIL PROTECTED]
RE: issues with AOL Time Warner
Yeah I was connected to AIM and my connection dropped like a rock and popup came up telling me I lost my connection -Henry --- Owens, Loren [EMAIL PROTECTED] wrote: South East (Central Florida specifically) is seeing major problems as well. Cfl.rr.com has stopped routing through ATDN all together and is now going out through bbnplanet and level3. Shane -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Gabriel Sent: Friday, May 21, 2004 4:18 PM Cc: '[EMAIL PROTECTED]' Subject: Re: issues with AOL Time Warner Same here... We saw all our AIM clients go down for about five minutes. Traceroutes showed lots of apparent troubles in atdn.net, also coming from the west coast. Is anyone seeing issues with AOL CNN ? -- Gabriel Cain www.dialupusa.net Senior Systems Administrator [EMAIL PROTECTED] PGP fingerprint: C0B4 C6BF 13F5 69D1 3E6B CD7C D4C8 2EA4 2B08 1C6D Technology for the sake of business.
Judge Dismisses Claim in VeriSign's ICANN Case
http://www.eweek.com/article2/0,1759,1594815,00.asp
Re: CiSCO IOS 12.* source code stolen
You do not have to steal the code, you can buy a cisco router from an equipment reseller and have all the access you want. -Henry --- Alexei Roudnev [EMAIL PROTECTED] wrote: Hmm, it's all interesting. EFnet IRC again... Does anyone have a full logs of EFnet IRC conversations? We used to participate in it 6 years ago (when fighting hackes in Russia), and it was very useful for following trends (of course, after you dump a heaps of junk). - Original Message - From: Michel Py [EMAIL PROTECTED] To: John Kinsella [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Saturday, May 15, 2004 1:45 PM Subject: RE: CiSCO IOS 12.* source code stolen Rough translation of: http://www.securitylab.ru/45221.html May, 15 2004 Leak of code CiSCO IOS source code? As it became known to SecurityLab, the source code of operating system CISCO IOS 12.3, 12.3t, which is used in the majority of Cisco network devices has been stolen on May 13, 2004. The total volume of the stolen information represents about 800MB in an archive file. According to the information available to us, the leak of fragments of the source code occurred because of a break-in into the corporate network of Cisco System. Representatives of Cisco System have not made any comments about the break-in so far. A person whose alias on [EMAIL PROTECTED] IRC is franz has given a small parts of the source code (about 2.5 Mb) as proof. Below are links to the first 100 first lines of source code of: ipv6_tcp.c: http://www.securitylab.ru/45222.html ipv6_discovery_test.c: http://www.securitylab.ru/45223.html
Re: FW: Worms versus Bots
It is amazingly simply to pull an ethernet cable out of the back of your box to update a box from a CD especially in a suspect environment where you have had many problems. I have had the displeasure of having had to go from box to box and clean each individually and while many problems were stopped by Netscreen at the door, we still had to run enterprise protection per machine as a second line of defense and separate domains in the company for greater protection between the groups. -Henry --- Eric Krichbaum [EMAIL PROTECTED] wrote: I see times more typically in the 5 - 10 second range to infection. As a test, I unprotected a machine this morning on a single T1 to get a sample. 8 seconds. If you can get in 20 minutes of downloads you're luckier than most. Eric -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of william(at)elan.net Sent: Monday, May 03, 2004 11:49 PM To: Sean Donelan Cc: Rob Thomas; NANOG Subject: Re: Worms versus Bots On Mon, 3 May 2004, Sean Donelan wrote: On Mon, 3 May 2004, Rob Thomas wrote: ] Just because a machine has a bot/worm/virus that didn't come with a ] rootkit, doesn't mean that someone else hasn't had their way with it. Agreed. Won't help. What's the first thing people do after re-installing the operating system (still have all the original CDs and keys and product activation codes and and and)? Connect to the Internet to download the patches. Time to download patches 60+ minutes. Time to infection 5 minutes. Its possible its a problem on dialup, but in our ISP office I setup new win2000 servers and first thing I do is download all the patches. I've yet to see the server get infected in the 20-30 minutes it takes to finish it (Note: I also disable IIS just in case until everything is patched..). Similarly when settting up computers for several of my relatives (all have dsl) I've yet to see any infection before all updates are installed. Additional to that many users have dsl router or similar device and many such beasts will provide NATed ip block and act like a firewall not allowing outside servers to actually connect to your home computer. On this point it would be really interested to see what percentage of users actually have these routers and if decreasing speed of infections by new virus (is there real numbers to show it decreased?) have anything to do with this rather then people being more carefull and using antivirus. Another option if you're really afraid of infection is to setup proxy that only allows access to microsoft ip block that contains windows update servers And of course, there is an even BETTER OPTION then all the above - STOP USING WINDOWS and switch to Linux or Free(Mac)BSD ! :) Patches are Microsoft's intellectual property and can not be distributed by anyone without Microsoft's permission. I don't think this is quite true. Microsoft makes available all patches as indidual .exe files. There are quite many of these updates and its really a pain to actually get all of them and install updates manually. But I've never seen written anywhere that I can not download these .exe files and distribute it inside your company or to your friends as needed to fix the problems these patches are designed for. The problem with Bots is they aren't always active. That makes them difficult to find until they do something. As opposed to what, viruses? Not at all! Many viruses have period wjhen they are active and afterwards they go into sleep mode and will not active until some other date! Additionally bot that does not immediatly become active is good thing because of you do weekly or monthly audits (any many do it like that) you may well find it this way and deal with it at your own time, rather then all over a sudden being awaken 3am and having to clean up infected system. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Netlantis tools when are they returning ???
I miss this essential toolset now that I do not have it -Henry
RE: Lsass.exe causing shutdown in IE.
W32.Sasser.Worm http://www.symantec.com/avcenter/venc/data/w32.sasser.worm.html Microsoft Windows LSASS Buffer Overrun Vulnerability http://www.symantec.com/avcenter/security/Content/10108.html Latest virus threats [EMAIL PROTECTED] Backdoor.Sdbot.Z W32.Gaobot.AFW W32.Gaobot.AFJ W32.Gaobot.AFC -Henry --- Todd Mitchell - lists [EMAIL PROTECTED] wrote: | Behalf Of Ejay Hire | Sent: May 1, 2004 4:09 PM | | We're starting to take calls from users about an LSASS.EXE | error causing | XP to do the 60 seconds till forced reboot, and the normal blaster | mitigation and turning on the ICF isn't fixing it. I've been able to | reproduce it on one machine locally. Is anyone else seeing it? This may be of interest to you: http://xforce.iss.net/xforce/alerts/id/172 Todd --
U.S. Charges 4 Under New Anti-Spam Law
Hopefully this case will have a positive outcome to send and very clear message to providers and spammers http://customwire.ap.org/dynamic/stories/I/INTERNET_SPAM?SITE=FLTAMSECTION=HOMETEMPLATE=DEFAULT
Cisco Rolls Major Patches to TCP Flaw
http://www.internetnews.com/infra/article.php/3343561 For people still in a panic -Henry
Re: Packet anonymity is the problem?
There are network equipment manufactures who offer last mile protection at the chip level which forces authentication or the packets get dropped, this has been around for about 4 years now and people should seriously look at that as a solution, fast changeable FPGA designs can accommodate such issues and can be changed on the fly long before someone has time to effectively reverse engineer them to find out how they work, they will always be behind by several years and will not he having access to source code to be able to hack anything Forced Identification for people who purchase Cisco reseller equipment and any other manufacturer of said equipment will put a dent in some of this non sense also. If there is to be security then you must look at the entire issue well beyond the ability to hack stuff. Anyway my 2 cents for the moment -Henry --- Yann Berthier [EMAIL PROTECTED] wrote: On Sun, 11 Apr 2004, Iljitsch van Beijnum wrote: Ok, then explain to me how removing bugs from the code I run prevents me from being the victim of denial of service attacks. It's the other way around in fact: if others were to run (more) secure code, there would be far less boxen used as zombies to launch ddos attacks against your infrastructure, to propagate worms, and to be used as spam relays. While it can sound a bit theorical (to hope that the others will run secure code), as the vast majority of users run OSs from one particular (major) vendor, an amelioration of said family of OSs would certainly benefit to all. Just think about all the recent network havocs caused by worms propagating on one OS platform ... - yann
New cisco exploit published in the media today
Cisco warns of new hacking toolkit http://www.infoworld.com/article/04/03/29/HNhackingtoolkit_1.html exploit location http://www.blackangels.it/ -Henry
are we streaming email or did we die
Now I am curious -Henry
Progress against spam
AOL Blocks Spammers' Web Sites http://www.washingtonpost.com/wp-dyn/articles/A9449-2004Mar19.html I think this is noteworthy and may help... -Henry
Re: US Extradition rights (was Re: Spamhaus Exposed)
This entire fiasco needs to migrate off line, please -HenryWilliam Warren [EMAIL PROTECTED] wrote: could this be taken offlist please?Dave Howe wrote: Joshua Brady wrote: The "Child" you speak of caused destruction over a network, the sameapplied for the 2 hackers here who were sent over without evenquestioning the UK. If the US Government is Satan then I suppose I amgoing to hell, because I sure as hell support it. Oh, so do I - I just think on general principles it really should require a judge in the serving country to rubberstamp it before the snatch and grab takes place - or more appropriately that the case be made to a UK judge, the child tried here and sentenced here. His actions were, after all, a criminal offence here too -- My "Foundation" verse:Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.
Re: Spamhaus Exposed
I believe under USC18 there is a section that clearly states hacking a government computer can get you a maximum of 30 years in federal prison and a $250,000.00 fine Please correct me if that postscription of law has been vacated. -Henry Dan Hollis [EMAIL PROTECTED] wrote: On Wed, 17 Mar 2004, Steve Linford wrote: From Deep Throat, received 17/3/04, 21:10 + (GMT): Disturbing information on one of the founders of Spamhaus.org http://www.geocities.com/jackjack9872004/ Not just a load of BS, but posted to NANOG anonymously, through a hijacked machine at 198.26.130.36 (The Pentagon) no less.federal interest site. thats automatic prison time, isnt it?i suspect the culprit could be prosecuted under PATRIOT, and sent away for quite a _long_ time...-Dan
Re: UPnP
That reads more like a person who is customer centric with an acceptable idea... -HenrySean Donelan [EMAIL PROTECTED] wrote: On Fri, 12 Mar 2004, James Edwards wrote: I see a lot of unicast UPnP traffic on my networks. UPnP seems like a train wreck waiting to happen, to me.Yep. Giving insecure PC's the power to change firewall settings. Doesn'tsound like the cleverest idea.I have a firewall, my computer can't be a zombie. Yes, I click on everyattachment I see and install every program any random web site offers me,but I have a firewall so my computer can't be a zombie :-(But it does demostrate that people really, really want to run theirapplications no matter how we try to stop them. Instead of blockingpeople from running their applications, can we figure out better waysfor them to run them safely?
thanks for the great response on wholesalebandwidth.com major abuser
I want to thank everyone on this for the excellant response :) -Henry"Sturgeon, Jon" [EMAIL PROTECTED] wrote: william(at)elan.net wrote: Don't forget to add 69.6.64.0/20 to your access list - they recently got this addition and quickly moved quite some number of spam servers there.Much thanks, William, I hadn't picked up on that. That netblock is nowadded to by personal blacklist.Thanks again,Jon-- --FutureSoft, Inc.12012 Wickchester Lane, Suite 600Houston, TX 77079If you no longer want to receive commercial e-mail correspondencefrom FutureSoft, you may remove your address from our records by visiting www.futuresoft.com/emailremoval.asp--
wholesalebandwidth.com major sponsor of spammers refuses to accept email at abuse
I have received almost 200 different spam messages from domains hosted by this provider from russain domains attempting to sell pharmacueticals and other unsolicited services that I do not want tekmailer.com and moosq.com are 2 of the primary abusers from this hosting company -Henry Message from yahoo.com.Unable to deliver message to the following address(es).[EMAIL PROTECTED]:69.6.21.60 does not like recipient.Remote host said: 550 5.7.1 [EMAIL PROTECTED]... Relaying deniedGiving up on 69.6.21.60.
Re: Source address validation (was Re: UUNet Offer New Protection Against DDoS)
Here is some insight on this issue What is Unicast Reverse Path Forwarding (uRPF)? Can a default route 0.0.0.0/0 be used to perform a uRPF check? http://www.cisco.com/warp/public/105/44.html#Q18 -Henry
Re: Possibly yet another MS mail worm
-BEGIN PGP SIGNED MESSAGE-Hash: SHA1 Everyday there is a new, news article on this and every day everyonepanics and eeryday some one says tell the government to make a law, it is timeto realize that no law is going to do anything for anyone soon. In the past wejust took care of the problem and we can do the same now by sharing the solutions weshared then for FREE. There are incredibily talented people in this group who lurk, I would like to see your toughts on these issues in private if you do not feel comfortable talking publicly New Netsky-D Worm Spreading Through E-Mailhttp://www.reuters.com/newsArticle.jhtml?type=technologyNewsstoryID=4469850section=news -BEGIN PGP SIGNATURE-Version: PGP 8.0.2 iQA/AwUBQEOCXMiimYc7OT3DEQJsJwCeNrz9cdP+nmzCzaR/cHJ5AlY7V50AnjIut1/Wyd4XaTrjv3YiuxJIvt0k=cf72-END PGP SIGNATURE-
Re: First Post! Annoying Debate at Work.
Consumers are not interested in certificates, they want solutions that are packaged. Front end services when people sign up for accounts should include allthe tools necessary for survive on any network you provider access to. -Henry"Patrick W.Gilmore" [EMAIL PROTECTED] wrote: On Mar 1, 2004, at 12:59 PM, Christopher Aldridge wrote: Please do not take this the wrong way, but I thought it was useful input. Perhaps not to you, but maybe to those who think that getting their MCSA will teach them all they need to know. One who thinks these exam topics cover (as you say" "all they need to know", should really investigate this certification.So we are in agreement. Some of the things you asked were extremely basic. What "things" were these?I guess I just consider things like "ethernet adaptors" and "ethernet converters" basic. Basic can be good. But it's still basic.Also, I probably attributed some of the replies to your original post in my memory. Or maybe I just misremembered your post completely. I hope you can accept my apology and end the flame war.In my defense, I did say that you should not take this personally. So I would not take this as an attack on you personally - lots of people answered took the time to answer your questions, asking not even a favor in return as payment. The people who responded helpfully to my post, will receive any help and assistance in the future from me as a fellow nanog'er; without the POINTLESS sarcasm and flaming.Got it. 'Cause the post to which I am responding is very pointFULL.And if you are implying that I will not be getting help and assistance from you (or at least not without sarcasm), well, somehow I'm just not too worried. I would take it as a note to people with certifications or going for certifications that a cert != clue. I agree here 100%. However you have also made it very clear that no_cert != clue.Really? Glad we cleared that up, 'cause lots of people were probably assuming that if you have no certification you were automatically clued :)Unless, of course, you are implying I have no certifications. Which would be a bad assumption. I have gotten several certifications over the years, some of which I actually think are useful. I just do not have any of the ones you listed.Of course, then you would also be impling I have no clue. Many people might agree with you, but since the first part (no_cert) failed, then the second part is irrelevant. (Did any of those certs have labs, or just multiple-guess tests?) Google is your friend. http://www.microsoft.com/learning/mcp/mcsa/requirements.asp http://www.cisco.com/en/US/learning/le3/le2/le0/le9/ learning_certificati on_type_home.htmlThanx, but not worth the effort. I'm never going to get a CCNA (definitely) or an MCSA (probably). Was just curious and didn't want to wade through multiple web pages. A couple people told me off-list and I was happy.Thanx for the tip, though. I'll have to remember that "google" thing :)-- TTFN,patrick
RE: First Post! Annoying Debate at Work.
You wanna know about USB read this and that doesn't take an MSCEhttp://www.usb.org/faq Andy Dills [EMAIL PROTECTED] wrote: On Mon, 1 Mar 2004, Christopher Aldridge wrote: know", should really investigate this certification. Some of the things you asked were extremely basic. What "things" were these?How about the question about whether or not a usb ethernet adapter was anethernet converter?You're the one who thinks Patrick is a nozzle for not searchinggoogle...when your question, the sole purpose of your posting, can beanswered merely by searching google.I'm sure when you look for the proper terms, such as "media converter",you'll have a lot more luck.Basically, in order for something to be an adapter, it _MUST_ be theinterface for a leaf node, such as an individual computer.In order for something to be a converter, there is an implied many-to-manyrelationship, not a one-to-many or one-to-one as with an adapter. The people who responded helpfully to my post, will receive any help and assistance in the future from me as a fellow nanog'er; without the POINTLESS sarcasm and flaming.You mean, the pointless sarcasm and flaming in response to a pointless andclueless post? I would take it as a note to people with certifications or going for certifications that a cert != clue. I agree here 100%. However you have also made it very clear that no_cert != clue.Heh, yeah, check out the tiny clue on Patrick. I mean, you've been readingfor a whole year, surely you know who the people to respect are. How darePatrick be a pretender! ;) (Did any of those certs have labs, or just multiple-guess tests?) Google is your friend. http://www.microsoft.com/learning/mcp/mcsa/requirements.asp http://www.cisco.com/en/US/learning/le3/le2/le0/le9/learning_certificati on_type_home.htmlOh, so you DO know about google. Then why are you littering and loiteringon this list? P.S. I kinda expected as much from MS, but it's sad that a cisco cert doesn't mean much any more. :( Notice mostly everyone who provided useful feedback on this agreed with my opinion on this. Common sense has nothing to do with certs. Having both isn't a bad trait however.You're right, common sense has nothing to do with certs. Thank you forproviding a concrete example.Andy---Andy DillsXecunet, Inc.www.xecu.net301-682-9972---
Re: Open, anonymous services and dealing with abuse
good while doing that add [EMAIL PROTECTED] to the list of spammers that bug people -Henry On Mon, 16 Feb 2004, Daniel Reed wrote: On 2004-02-15T17:33-0500, Sean Donelan wrote: ) The unfortunate fact is lots of people like to operate open, anonymous ) services and then expect other people to clean up after them. ) ) Why don't IRC operators require authentication of their users? ) Why don't SMTP operators require authentication of their users? Why don't HTTP operators require authentication of their users? If I'm researching testicular cancer on the web, that may involve web sites, IRC support channels, or mailing lists.If you have a read-write HTTP web site (i.e. send e-mail through web,write web blogs, etc), why don't you have authentication before permitingusers to write? This includes news web sites which let you "forward"stories by entering arbitrary addresses. mailfrom.cgi and friends is asmuch of a problem.If you want to tell everyone in the world about your new and improvedcure for testicular cancer available for the low low price of $119 bysending continious messages on unauthenticated IRC channels, mailinglists and web blogs why should the ISP pierce the veil of anonymitity theIRC operator, mailing list operator, web blog operator wanted?The operator of the anonymous service should deal with the consequencesof maintaining that anonymitity. ISPs authenticated their users. Butthat doesn't mean it is the ISP's responsibility to track down users ofanonymous services everytime there is a problem. This isn't the plot to next summer's killer Sci-Fi horror movie; this is what we are dealing with on the Internet today. In either case, the long- term public interest would probably be served more by funding agencies to track down and stop the spread of the pathogen.Restuarant operators are responsible for the safe preparation of the foodthey serve and the cleanliness of their resturants. It is not up to thehighway department to prevent sick people from visiting your restuarantor to monitor the trucks transporting food on the highway.If you want the ISP (highway department) to control it, expect them toset up inspection points on the roads they control and disrupt alltraffic. If you don't want ISPs doing this, don't ask them to enforcethings they shouldn't be doing.
Packet-based multi-service provisioning platforms [MSPP]
I am interested in problems in this area and what nanog members are part of this emerging market and are generating a profit. -Henry
Re: Happy Holiday Wishes
Merry Christmas All and Happy New Year -Henry"Braun, Mike" [EMAIL PROTECTED] wrote: To all on Nanog, Have a happy holiday season and a great new year :-) Mike Braun "MMS firstam.com" made the followingannotations on 12/24/2003 11:22:29 AM--"THIS E-MAIL MESSAGE AND ANY FILES TRANSMITTED HEREWITH, ARE INTENDED SOLELY FOR THE USE OF THE INDIVIDUAL(S) ADDRESSED AND MAY CONTAIN CONFIDENTIAL, PROPRIETARY OR PRIVILEGED INFORMATION. IF YOU ARE NOT THE ADDRESSEE INDICATED IN THIS MESSAGE (OR RESPONSIBLE FOR DELIVERY OF THIS MESSAGE TO SUCH PERSON) YOU MAY NOT REVIEW, USE, DISCLOSE OR DISTRIBUTE THIS MESSAGE OR ANY FILES TRANSMITTED HEREWITH. IF YOU RECEIVE THIS MESSAGE IN ERROR, PLEASE CONTACT THE SENDER BY REPLY E-MAIL AND DELETE THIS MESSAGE AND ALL COPIES OF IT FROM YOUR SYSTEM."==
RE: nlayer.net Abuse and Security contact
there are many irc networks you might say which one these are on. on Efnet there is a channel #dmsetup that will handle infected users andclean them if you point them in that direction... -HenryMike Damm [EMAIL PROTECTED] wrote: Some folks might want to jump on the IRC server in question and issue a/who. There appear to be some infected machines members of this list may beinterested in cleaning.Aside from the usual spew of cable/dsl I noticed:*.nyu.edu*.bu.edu*.northwestern.edu*.corp.yahoo.com*.tufts.edu*.uncwil.edu-Mike-Original Message-From: John Obi [mailto:[EMAIL PROTECTED] Sent: Thursday, December 18, 2003 9:10 AMTo: [EMAIL PROTECTED]Subject: nlayer.net Abuse and Security contactFolks,I have sent many emails to [EMAIL PROTECTED] and[EMAIL PROTECTED] reporting a security abuse by oneof their users but nothing done up to now.If there is real person from nlayer.net please contactme offline.Thanks,-J__Do you Yahoo!?New Yahoo! Photos - easier uploading and sharing.http://photos.yahoo.com/
Re: good cabling in real environments [Re: Request for submissions: messy cabling and other broken things]
Any good software out there for cable documenting and even routing and for ECO when things are changed? -Henry Alex Yuriev [EMAIL PROTECTED] wrote: How do you do good cabling in dynamic, real environments? :-)It is not that difficult *if* the money is spent in a short term to makesure that no ugly and silly stuff is crated in a longer(long) term.Strategically pre-running certain parts of the facility with cat5/fiber tominimize the "dynamic" portion of interconnect is a really good way toreduce the mess.Alex
Re: Root Authority
Trying to remember back that far is quite a task circa 1977 arpanet, the greatest authority of the time was Jon Postal since he had the uncanny ability to remember all of the things that made it work, so when he spoke it was like Moses coming down from the mountain presenting the 10 commandments and everyone agreed it was good, at that time corporate greed and scheming scamming little weasels were not part of the community, and everything was based on trust because you really were a professional and you could trust the guy on the other end of the connection to be the same as you. By precedent over the years of use,the root home-servers established their own authority and everyone agreed it was the most stable approach, and is still the most stable approach since it does not require and use of resource to point routers and switches and router servers in any other direction which would impact business globally and cause a plethora of other problems that I would want to imagine -henry"Laurence F. Sheldon, Jr." [EMAIL PROTECTED] wrote: Paul Vixie wrote: An interesting question I've dealt with a few times: From whom do the root name servers derive their authority? we (i'm speaking for f-root here) have no "authority". nobody has to listen to us, we are the most powerless bunch of folks you'll ever meet. now if you'd asked where we derive our *relevance*, i'd say the same as mr. bush and mr. kletnieks -- from all the root.cache files that point at us. and as long as we don't do anything stupid i guess (and hope) that this state of affairs will continue. (relevance trumps authority.) that having been said, f-root got its start as NS.ISC.ORG and the man who said it was ok for us to be a root name server was jon postel. i'm not sure he had any "authority" either, but folks "pointed at" him and so what he said was relevant in spite of any authority he mightn've had.I think that testimony belongs in a collection of Jon Postelcharacterizations.I long for the days when people did things simply and only becausethey were the right thing to do.Thanks for the reminder, Mr. Vixie.
Re: Anyone from NeuLeve.bizl listening?
Looks sane to me once I resolved the name Dns resolved neulevel.biz to 209.173.53.163 [IPv4 whois information on 209.173.53.163 ][Query Origin: Main Whois Query ][whois.arin.net] OrgName: NeuStar, Inc. OrgID: NEUSAddress: 45980 Center Oak PlazaAddress: Network Operations CenterCity: SterlingStateProv: VAPostalCode: 20166Country: US NetRange: 209.173.48.0 - 209.173.63.255 CIDR: 209.173.48.0/20 NetName: NEUSTAR-BLK1NetHandle: NET-209-173-48-0-1Parent: NET-209-0-0-0-0NetType: Direct AllocationNameServer: OAK.NEUSTAR.COMNameServer: PINE.NEUSTAR.COMComment: RegDate: 2001-03-21Updated: 2001-09-06 TechHandle: MT635-ARINTechName: Thomas, Mark TechPhone: +1-312-928-4610TechEmail: [EMAIL PROTECTED] OrgTechHandle: NETWO336-ARINOrgTechName: Network Engineering OrgTechPhone: +1-866-638-6622OrgTechEmail: [EMAIL PROTECTED] # ARIN WHOIS database, last updated 2003-12-11 19:15# Enter ? for additional hints on searching ARIN's WHOIS database."Stewart, William C (Bill), RTSLS" [EMAIL PROTECTED] wrote: I can see a couple of obvious approaches for getting Neulevel's attention- Their web site lists two Registry Relationship Managers, one with popup contact infoIvor Sequeira - Senior Manager, European, African, and Middle Eastern Regions571-434-5776 [EMAIL PROTECTED](That appears to be +1-571-434-5776 ...)- Their whois entry for neulevel.biz lists+1.5714345757 as their phone number, fax +1.5714345758,and snailmail address list.http://www.whois.biz/whois.cgi?TLD=bizWHOIS_QUERY=neulevel.bizTYPE=DOMAINSearch=Submit+Query- They've got a snailmail address, you've got a lawyer and Fedex, they've got a Nasty Letter Since the requests to useyour DNS server were bogus, you could probably file a John Doe suitand do discovery on Neulevel, but a Nasty Letter is probably enough.- They've got an online trademark dispute process.It's got pointers to ICANN dispute resolution mechanisms,which are more likely to get their attention than random email.Their entry point is [EMAIL PROTECTED]Normally, if somebody registers that annoying-little-spammer.com has nameserver 1.2.3.4,you'd be using this to complain that you own the nameannoying-little-spammer.com, but you could try using itto complain that you own 1.2.3.4, and maybe even contend thatsince the registrant falsely listed you as the nameserver for the domain,that it's theft of service and you ought to be awarded ownership of the name.- You might also drop a note to ICANN about the lack of a phone numberon their web site and the lack of email responsiveness.- Personally I like the suggestion that someone had that youstart serving DNS for the fake names, either pointing to 127.0.0.3or to a CNAME pointing to Annoying-spammers-forged-their-DNS-again.com,which is some disposable address block on which you run a web site and stub email server explaining that it's not your fault.
Re: Authority
This group didn't need anyones permission to form and share idea's and methods that benefits the entire industry, and it was in the time of great need when these things came to pass I see the word's law and legislation and I see people without a clue making law that only benefits those that pay them and harm the rest. The solution is withinthe community of network people, not congress or any other legislator, there are 40,000 gun laws yet people get shot every day and die. There is good fortune sometimes for those that develop these systems and tools that is a byproduct of effort, sometimes these turn into flourishing enterprises because there really is no-one that can provide support on an ongoing basis. I support good original innovation that is beneficial in the near term and the long term to the industry. -Henry[EMAIL PROTECTED] wrote: i am just curious... do you have any authority/commission from arin (oranyone else)? this is certainly not flame bait, but it is an honest question. you'revery self-righteous, and although you may have valid points (i witholdjudgement) i really want to know what gives you the right/authority to saythe things you say about others.Honest question, honest answer.You seem to be looking for a command and control hierarchy wherenone exists. This is more like a free market economy of ideasand projects. In other words, anyone can start up something andoffer it to the networking community. Projects succeed or failbased on whether they find market acceptance within the economyof ideas. Please note that this free market economy of ideas isnot the same thing as the free market economy of commerce; it justshares some of the same patterns.William is not alone here. Paul Vixie started MAPS in the same way,i.e. he had no authority to do it but just offered it to the economyof ideas. And Paul's entrepreneurial inclination have led him to doother projects in the commercial economy, some of which started lifein the economy of ideas. Rob Thomas's Cymru project is another exampleand the various route server and IRR projects are also examples. Nobodygave the IRR people the authority to manage BGP4 routes; they justthought it was a good idea and offered it in the economy of ideas.Many Internet exchange points started life in the same way and I believe there are still a lot of smaller ones that exist inthe economy of ideas, i.e. non-commercial.I may not agree with everything that William does or how he goesabout it, but I do think that his approach is worthwhile.It gives us a chance to see a prototype of something that couldbe either incorporated into ARIN or commercialized in the future.By the way, ARIN, and the IANA before it, both started life inthe economy of ideas. The only reason that ARIN is in the positionthat it now holds is that the networking community liked what theysaw and supported it. There really was no "authority" that createdARIN. There was a lot of initiative from members of the networkingcommunity who lobbied the various power brokers of the time todemonstrate that ISPs supported an address resgistry that was entirely independent from domain name registries. Once it becameclear that the only dissenters came from outside the industryand were confusing addressing and domain name issues, those groupswho felt that they had authority in the matter, blessed the plansto create ARIN, and we went ahead with it. Even here, there was nocommand and control that gave ARIN its commission. On the contrary,there was a lot of bottom-up pressure that finally coalesced andARIN was obviously the right thing to do.--Michael Dillon (one of the original members of the ARIN Advisory Council)
RE: new nasty email virus trick to bypass scanners
It takes a good combination of both ISP and end user to fight spam, I have a tool in this editor for reading msg that allows me to tag a spammer and block the ' [EMAIL PROTECTED] that gets by the isp scan tool. Common sense, in these times shows you to not open emails from strangers especially with *.zip files unless they are coming from a known party based on some kind of dialog prior to it being sent and received. -HenryPriyantha [EMAIL PROTECTED] wrote: At 09:53 PM 03/12/2003, Jamie Reid wrote: The other thing that worries me is that those who rely on their ISP to scan for viruses, a false sense of security can come into play. In the case of these types of email viruses, the user might think the file is OK because it was scanned.The AVScanner should indicate that the file couldn't scan because it ispassword protected and hence opening the file may be risky.Priyantha
Re: Anit-Virus help for all of us??????
The latest Zone Alarm Pro also invites subscribed users to participate in creating a more robust solution -HenryNiels Bakker [EMAIL PROTECTED] wrote: * [EMAIL PROTECTED] (Richard Cox) [Mon 24 Nov 2003, 20:30 CET]: The latest version of Zone Alarm Pro does stop all applications from accessing the net outbound unless specifically authorised, and it does check the executable by checksum to make sure it hasn't been changed.Right up to the moment the end user, annoyed by the continuous popups,authorises mshtml.dll - which is used by several malicious-by-designworms (including Outlook).-- Niels.
RE: Copper 10 gigabit @ 15 metres
While there are some smitherings about 10GigE, there are technical reasons and market reasons it is not really ready for prime yet, that is not to say it's not going to happen, it is just not going happen now. -HenryMikael Abrahamsson [EMAIL PROTECTED] wrote: On Wed, 5 Nov 2003, Deepak Jain wrote: There are no highly dense 10GE platforms that I can think of right now, much less cost effective ones.I usually tell vendors that they need to hit the price point GE was in 2000, which we're not even near at this time.Although, 80km capable Xenpaks and STM64/OC192 WAN PHY Xenpaks will be available Q1-2004 so there is still hope that during 2004 we'll see 10GE become quite useful and at least more price effective than SDH/SONET.Question is when we'll be able to get 10km Xenpaks below $1000 and when we'll be able to get 8 port cards for major platforms with at least 40 gig full duplex bandwidth per slot at less than $10k per card, that's when 10GbE will really start to take off.The price point for GE over Copper is really silly now with the SOHO el cheapo gig switches are closing in on $10 per port, so lets hope the uplinks will start to catch up.-- Mikael Abrahamsson email: [EMAIL PROTECTED]
RE: Copper 10 gigabit @ 15 metres
10GigE fiber will be the better choice in the long run -HenryDeepak Jain [EMAIL PROTECTED] wrote: http://www.lightreading.com/document.asp?doc_id=42956site=lightreading http://grouper.ieee.org/groups/802/3/10GBCX4/ Regarding the first URL, I am curious how many networks will be interested in using a 15 metre 10GbE solution. Even for intra-MMR xconns, it seems like the cable length limit will very quickly become an obstacle. I guess it depends what price point copper 10Gb solutions enter the market at, compared to their optical counterparts.Until the distances become reasonable, it will probably be a connection ofopportunity. Instead of nxGE you can use 1x10GE for an MMR x-connect. Thequestion is will people be converting 10GE copper to fiber to bridge thedistances and then back?There are no highly dense 10GE platforms that I can think of right now, muchless cost effective ones.DJ
RE: Copper 10 gigabit @ 15 metres
The backbone at the time of my original work that I participated in was 40Gits/in and 40Gbits/out unless that has changed 10GigE is not practical or cost effective if it is limited to local area's and provate connections. That doesn't mean from A design perspective thatA cost effective solution has already been designed, the position of the market and the cost per megabit for most companies is not there, most companies now do 2.5Gbits bi-diectioonally for 5Gbits and barely use all of that. -HenryDeepak Jain [EMAIL PROTECTED] wrote: While there are some smitherings about 10GigE, there are technical reasons and market reasons it is not really ready for prime yet, that is not to say it's not going to happen, it is just not going happen now. Some people are using it in the MAN and WAN now though.Exactly. At the EQIX/ASH GPF Telia and AOL both said they were using 10GEcross-connects for private peering. So that means at least 3-4 majornetworks are using them in production in a LAN, MAN or WAN environment.When you are aggregating lots of a GEs, there isn't really a great,cost-effective way to move all of these bits cost-effectively. nxOC48 ispretty cheap, but a little ugly if you need the bandwidth unchoked. 10GE issupposed to get there, but at a 10xGE price, not a OC192 type price.The real advantage of Copper 10G is that eventually you can deploy it to allthe existing copper [inside] plants that people have currently deployed.Just like GE, it eventually just becomes tolerant enough to use existingwiring. I would be very happy if the first boxes that came out with theselong range xenpaks were muxes that would take 10xGE - 1x10GE -- this wouldsolve the uplink problem from smaller gear in a heartbeat.Deepak JainAiNET
RE: Copper 10 gigabit @ 15 metres
Anyway before this becomes a bunch of different language, here is a page to keep you posted on 10GigE development and some of the players http://www.10gea.org/Deepak Jain [EMAIL PROTECTED] wrote: At the risk of over simplifying this. 1) Deploying anything 4x faster than what you need is not cost-effective, ever. Even deploying GE where 2xFE would work is more expensive. 2a) If (again, thinking IXes here) you are offloading most of your locally sourced traffic to peers at an IX, you may be able to use OC48 connect speeds without needing your backbone to actually pass 20+Gb/s. Everyone has a different network design, so it really depends. Guys who push can use 10GE sooner (IMO) than guys that pull because of the IX case here. b) Cable networks and networks where most of the traffic is internal or to afew large peers could benefit here too. 3a ) Anyone who doesn't have 5Gb/s of aggregate traffic probably doesn't have the peer density to send more than 2Gb/s to a single IX or peer anyway. (see #1). b) In the case where at a single point you need more than 1-2Gb/s per peer, you may want to deploy 10GE or something similar because you have sufficient capacity to handle another peering location to fail entirely for an extended period of time without (hopefully) affecting bandwidth to your peer. There are some assumptions here, so YMMV. Fortunately, no one is requiring anyone to use this, yet... Deepak Jain AiNET -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Henry LinnewehSent: Wednesday, November 05, 2003 7:03 PMTo: [EMAIL PROTECTED]; Neil J. McRaeCc: Mikael Abrahamsson; [EMAIL PROTECTED]Subject: RE: Copper 10 gigabit @ 15 metres The backbone at the time of my original work that I participated in was 40Gits/in and 40Gbits/out unless that has changed 10GigE is not practical or cost effective if it is limited to local area's and provate connections. That doesn't mean from A design perspective thatA cost effective solution has already been designed, the position of the market and the cost per megabit for most companies is not there, most companies now do 2.5Gbits bi-diectioonally for 5Gbits and barely use all of that. -HenryDeepak Jain [EMAIL PROTECTED] wrote: While there are some smitherings about 10GigE, there are technical reasons and market reasons it is not really ready for prime yet, that is not to say it's not going to happen, it is just not going happen now. Some people are using it in the MAN and WAN now though.Exactly. At the EQIX/ASH GPF Telia and AOL both said they were using 10GEcross-connects for private peering. So that means at least 3-4 majornetworks are using them in production in a LAN, MAN or WAN environment.When you are aggregating lots of a GEs, there isn't really a great,cost-effective way to move all of these bits cost-effectively. nxOC48 ispretty cheap, but a little ugly if you need the bandwidth unchoked. 10GE issupposed to get there, but at a 10xGE price, not a OC192 type price.The real advantage of Copper 10G is that eventually you can deploy it to allthe existing copper [inside] plants that people have currently deployed.Just like GE, it eventually just becomes tolerant enough to use existingwiring. I would be very happy if the first boxes that came out with theselong range xenpaks were muxes that would take 10xGE - 1x10GE -- this wouldsolve the uplink problem from smaller gear in a heartbeat.Deepak JainAiNET
Re: Sabotage investigation of fiber cuts in Northwest
Not having seen the entire cut, I would have to imagin the entirebundle was cut and the poor splicers had their hands full. -Henry"Vincent J. Bono" [EMAIL PROTECTED] wrote: The quesiton isn't so much how someone cut a fiber strand, but why the failure of a single fiber strand had such an impact on the telephone service in the region.I'd be willing to bet it wasn't a single "strand". More likely the press orwhoever got it wrong and it was an entire cable or maybe just a tube.-vb
RE: Sabotage investigation of fiber cuts in Northwest
I tend to agree, fiber rings when built out correctly have subtending rings to handle redundancy with extremely low delay times 50ms at worse -Henry"Douglas S. Peeples" [EMAIL PROTECTED] wrote: What you describe is a folded ring and is indicative of either a temporarysolution or bad network design. As a rule, phone companies and capacitysuppliers build very robust systems. Douglas S. PeeplesTechnology Assurance Labs-Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf OfBrian BrunsSent: Monday, November 03, 2003 7:39 AMTo: Henry Linneweh; Vincent J. Bono; [EMAIL PROTECTED]Cc: Sean DonelanSubject: Re: Sabotage investigation of fiber cuts in Northwest - Original Message - From: Henry LinnewehTo: Vincent J. Bono ; [EMAIL PROTECTED]Cc: Sean DonelanSent: Monday, November 03, 2003 6:02 AMSubject: Re: Sabotage investigation of fiber cuts in Northwest Not having seen the entire cut, I would have to imagin the entire bundlewas cut and the poor splicers had their hands full.From experience, I can say that its quite easy to sabatoge a fiber run.Theperfect example - a few years ago when I was a network admin, the whole NOCwhere the bulk of our T1s were went out suddenly one morning. We discoveredthat less then a block away a fiber seeking backhoe dug right through thefibers - both the primary *and* secondary fibers - because Verizon burriedthem both in the same trench rather then run them separate routes. So, thesupposed redundancy went right out the window.The phone companies really aren't helping the situation one bit by doingstuff like this.--Brian BrunsThe Summit Open Source Development GroupOpen Solutions For A Closed World / Anti-Spam Resourceshttp://www.sosdg.orgThe AHBL - http://www.ahbl.org
Re: IPv6 NAT
After having read many of these posts I realized there are chips out there now, oboard that do last mile protection at the gate level which eliminates any of this and the products can come preconfigured for this or not depends on what you want to pay for. -Henry[EMAIL PROTECTED] wrote: This does not mean we should NAT everything, since I use some of those protocols. But if every Joe User had a DLink NAT box in front of his Winbloze box, the Internet would be a safer place. And you know it.You're forgetting Rob Thomas's peripatetic presentation in Chicago.Not to mention the guy whose SSH session was outed by a keylogger.Check http://www.safer-networking.org/ for more on spyware andtrojans. If this was the only way the black hats could wreak havocthen we would be seeing a lot more of it.I think that the only thing which will make the Internet a safer placeis time and hard work. We have to put in the effort to address *ALL* theweaknesses until we've raised the bar so high that only the toughestblack hats have the time, skills and energy to break the weakest link.--Michael Dillon
Re: AOL fixing Microsoft default settings
I agree that changing one's computer is not the ISP or even the Corp IT departments job, and could compromise valuable work and or personal information for the individual user, depending on their setup, security software etc and other applications. I also would preceive that as a real threat to individual privacy for any individual in any country of the world who directly purchasedand owns their own computer. For individuals who had their machines custom built to spec with software configured to meet a certain criterion this would be an outrage and considered hacking and tampering. -HenrySean Donelan [EMAIL PROTECTED] wrote: On Tue, 28 Oct 2003, Fred Baker wrote: Personally, I don't ask my ISP or my IT department to randomly change the configuration of my computer. I am very happy for them to suggest changes, but *if* I agree, *I* want to install them when it is convenient for *me*, not when it is convenient for *them*.There is a difference. In most cases the corporate laptop is owned by thecorporation, not the employee. Shouldn't the corporate organization beable to change its own computers whenever it chooses, regardless of thedesire of its employees.On the other hand, the ISP does not own the customer's computer. Anddespite EULA which say it not sold only licensed to the customer, mostpeople view their computer as their property not the ISP's.
