Re: Problems sending mail to yahoo?
On Thu, Apr 10, 2008 at 12:23:24PM -0600, Chris Stone wrote: > > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA512 > > Matt Baldwin wrote: > > mostly. It feels like a poorly implemented spam prevention system. > > Doing some Google searches will turn up some more background on the > > issue. We've been telling our users that Yahoo mail is problematic > > and if they can to switch away from using them as their private email > > or hosted email. > > Maybe we all should do the same to them until they quit spewing out all the > Nigerian scams and the like that I've been seeing from their servers lately! Naaah. I hear that Microsoft is going to buy Yahoo!, so this problem will go away once Yahoo! mail gets folded into Microsoft hotmail, whereupon things will get soo much better!
Re: cooling door
Perhaps this is apropos: Linkname: Slashdot | Iceland Woos Data Centers As Power Costs Soar URL: http://hardware.slashdot.org/hardware/08/03/29/2331218.shtml On Sat, Mar 29, 2008 at 23:29:18PM -0400, Robert Boyle wrote: > > At 02:11 PM 3/29/2008, Alex Pilosov wrote: > >Can someone please, pretty please with sugar on top, explain the point > >behind high power density? > > More equipment in your existing space means more revenue and more profit. > > >Raw real estate is cheap (basically, nearly free). Increasing power > >density per sqft will *not* decrease cost, beyond 100W/sqft, the real > >estate costs are a tiny portion of total cost. Moving enough air to cool > >400 (or, in your case, 2000) watts per square foot is *hard*. > > It depends on where you are located, but I understand what you are > saying. However, the space is the cheap part. Installing the > electrical power, switchgear, ATS gear, Gensets, UPS units, power > distribution, cable/fiber distribution, connectivity to the > datacenter, core and distribution routers/switches are all basically > stepped incremental costs. If you can leverage the existing floor > infrastructure then you maximize the return on your investment. > > >I've started to recently price things as "cost per square amp". (That is, > >1A power, conditioned, delivered to the customer rack and cooled). Space > >is really irrelevant - to me, as colo provider, whether I have 100A going > >into a single rack or 5 racks, is irrelevant. In fact, my *costs* > >(including real estate) are likely to be lower when the load is spread > >over 5 racks. Similarly, to a customer, all they care about is getting > >their gear online, and can care less whether it needs to be in 1 rack or > >in 5 racks. > > I don't disagree with what you have written above, but if you can get > 100A into all 5 racks (and cool it!), then you have five times the > revenue with the same fixed infrastructure costs (with the exception > of a bit more power, GenSet, UPS and cooling, but the rest of my > costs stay the same.) -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Verizon has been listening to nanog.
On Wed, Oct 24, 2007 at 08:29:54AM -0400, Joe Maimon wrote: > > On 10/23/07, Leo Bicknell <[EMAIL PROTECTED]> wrote: > > > >>http://www.usatoday.com/tech/news/2007-10-23-verizon-fios-plan_N.htm > >> > >>20 Mbps down, 20 Mbps up, fully symmetrical for $65. > > > > > > That's pretty sweet, now all they have to do is start laying the fiber > > over here... > > And stop ripping out copper. Now that I've gotten caught up on my inbox, perhaps this apropos article will be viewed as more timely for this list than my earlier outburst: http://www.beskerming.com/commentary/2007/10/24/292/PhD_Student_Claims_200x_Improvement_for_Copper_Broadband (there's also a link in the article WRT to the Verizon issue of copper XOR fiber.) -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Internet access in Japan (was Re: BitTorrent swarms have a deadly bite on broadband nets)
On Tue, Oct 23, 2007 at 09:20:49AM -0400, Leo Bicknell wrote: > Why are no major us builders installing FTTH today? Greenfield should > be the easiest, and major builders like Pulte, Centex and the like > should be eager to offer it; but don't. Well, Verizon seems to be making heavy bets on replacing significant chunks of old copper plant with FTTH. Here's a recent FiOS announcement: Linkname: Verizon discovers symmetry, offers 20/20 symmetrical FiOS service URL: http://arstechnica.com/news.ars/post/20071023-verizon-discovers-symmetry-offers-2020-symmetrical-fios-service.html -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Collocation Access
On Mon, Oct 23, 2006 at 14:26:53PM -0500, Stasiniewicz, Adam wrote: > That is true for strip card (credit card style) and simple prox cards. > But what I have been seeing more often is that companies are using the > smart card and wireless smart card variety for high security areas. So > instead of having a card that will always return the same value (making > it easy to duplicate) the smart cards will use good old fashion PKI to > mutually authenticate the card to the reader and the reader to the card. > This way, the card won't give out its security information until the > card reader is verified to be a legit member of the security system. In However, speaking of smart (non-simple-proximity) card security: Linkname: Researchers See Privacy Pitfalls in No-Swipe Credit Cards - New York Times URL: http://www.nytimes.com/2006/10/23/business/23card.html?ex=1319256000&en=5ecec83b0ac06bd8&ei=5088&partner=rssnyt&emc=rss >> -Original Message- >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of >> Warren Kumari >> Sent: Monday, October 23, 2006 1:34 PM [ mild snippage ] >> These are trivial to clone -- all you need is a reader hooked up to a PC >> and you can read the number off the card. You can then buy a batch of -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Spam filtering bcps [was Re: Open Letter to D-Link about their NTP vandalism]
On Wed, Apr 12, 2006 at 12:03:51PM -0400, Joe Maimon wrote: > Matthew Black wrote: > > > there's no bandwidth savings from silently dropping the message > > versus providing a 550 rejection. In the best of all worlds, > > it would be nice to give feedback. No system is perfect and a > > false-positive rate of less than one in a million "220" accepted > > messages seems pretty small. > > Let me ask you this simple question: > > If you know at close of DATA whether you are going to actually perform > final delivery, what does it cost you to follow standards and issue a > 550 instead of a 220 and discard it? > > If you use a 550, a real live person sending an email that somehow gets > FP will actually benefit. In today's world, at least with the spamtorrent I see at my clients, that's just untrue. If your filtering is set up well, and you mark an e-mail as SPAM, it almost certainly is (yes, I'll certainly concede FP's exist, but again, it almost certainly doesn't matter that much in that teensy number of occurrences); and 99-plus-percent of spam is emitted from spambots who don't give a $expletive about return status one way or another. If you're worrying about "no-status" in the context of FP's, then your filtering isn't set up well, which really means you've got larger problems. > I am with Suresh on this, just like in the past threads. Search the archive. Though not contradicting what I just wrote, so am I. However, header-forged and multi-chained spam from firehose-like spambots don't play by any of our rules; all they do is blast away in a largely one-way transaction (guess which direction!). A 550 now-a-days has nowhere to "go" (and those "commercial" akak "legit") spamhouses don't wash their lists even on 550's. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: What do we mean when we say "competition?"
On Sat, Nov 26, 2005 at 07:53:32AM -0500, Robert E.Seastrom wrote: > Henry Yen <[EMAIL PROTECTED]> writes: > > In (at least) the Long Island, NY market, Verizon FTTH/FIOS installers > > physically cut and decommission the copper upon fiber install. > > Bye-bye DSL competition. Since they won't bring back the copper > > even you don't like the FIOS service, it's permanent. ISTR that > > the fiber doesn't carry the same restrictions on Verizon as copper > > did, which is a big incentive (for them) to roll out FIOS that way. > > My understanding is that there is a fairly small number of pots > circuits (2?) that they can bring in over the B-PON, and that moreover > ISDN BRI and hicap (eg. repeatered or HDSL DS1 service) are entirely > incompatible. In this market, it's four. > In Virginia, there's anecdotal evidence that suggests that they'll > leave the copper upon request, and won't even try to remove it if you > still need it for service. > > Guess you know what to do. :) Complain louder? I have more than four POTS lines, and Verizon's response was "then you can't have FIOS" (even after offering them to pay for an additional phone line on top of the FIOS service). There's anecdotal evidence in this market that they will absolutely refuse to do FIOS unless the existing copper is cut (in my case, since they can't do that, they simply refuse to allow FIOS). Ironic, as the FIOS OC-12 runs through my backyard, about 45 feet from the house... -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: What do we mean when we say "competition?"
On Wed, Nov 16, 2005 at 08:58:45AM -0800, David Barak wrote:
[ snip ]
> Anecdote: A co-worker is getting Verizon FTTH, and
> they have to dig about a 3/4 mile trench to his house
> (he's rural). He's not being charged for the
> installation, even though it'll be several years
> before it pays for itself. It's hard to see that as
> an example of a {big | evil} monopoly which is hurting
> consumers.
In (at least) the Long Island, NY market, Verizon FTTH/FIOS installers
physically cut and decommission the copper upon fiber install.
Bye-bye DSL competition. Since they won't bring back the copper
even you don't like the FIOS service, it's permanent. ISTR that
the fiber doesn't carry the same restrictions on Verizon as copper
did, which is a big incentive (for them) to roll out FIOS that way.
--
Henry Yen Aegis Information Systems, Inc.
<[EMAIL PROTECTED]>Hicksville, New York
Re: Cogent move without renumbering (was: Cogent/Level 3 depeering)
> >> * [EMAIL PROTECTED] (Deepak Jain) [Fri 07 Oct 2005, 02:29 CEST]: > >> > >>> I think Cogent's offer of providing free transit to all single homed > >>> Level3 customers is particularly clever and being underpublicized. For educational purposes, could someone elaborate on how this would work? If you're a Level3 customer with Level3 PA space (assumed, since you're already assumed to be single-homed, and therefore very unlikely to need PI or BGP) and move to a Cogent circuit with Cogent PA space, then you'd be able to once again reach Cogent's view of the 'net, but then lose Level3's view of the 'net. If, on the other hand, you move to a Cogent circuit, but keep your Level3 PA space, wouldn't that at least require Cogent to announce all of these "recircuited" customers' Level3 blocks? This could stop working if Level3 filters those announcements, again resulting in non-reachability for existing Level3 downstreams? Or, on the other hand, is Cogent's offer not exclusive of maintaining the customer's existing Level3 circuit as well, in which case the customer will probably incur more pain with juggling two circuits while not speaking BGP in the first place? Or, is there another hand? Thanks. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: UNITED.COM (United Airlines) has been down for days! Any info on this?
On Thu, Sep 01, 2005 at 11:10:45AM -0700, Grant A. Kirkwood wrote: > > John Palmer wrote: > > > >The United Airlines website appears to be down and has been down for days. > > > >Is this a network issue or are they out of business?? > > > > > Neither.. just systematic and ongoing web development incompetency. > > http://www.flyertalk.com/forum/showthread.php?t=467617 > > http://www.flyertalk.com/forum/showthread.php?t=467121 > > http://www.flyertalk.com/forum/showthread.php?t=468034 > > etc This problem (or its close relative) was discussed on nanog less than three months ago: http://www.merit.edu/mail.archives/nanog/2005-06/msg00034.html -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: MPLS or Site2Site VPN
(sorry for the continuing top-post) Speaking of Hub-and-Spokes, what about Frame Relay (from a single provider that covers all your states)? I imagine that it's probably run over their own backbone using MPLS anyway. On Tue, Aug 30, 2005 at 05:00:56AM +0300, Kim Onnel wrote: > > What about doing the VPN onver the internet, with IPSec tunnels > terminated in a hub and spoke model, i dont know price wise, but it > would work fine. > > On 8/29/05, Todd Reed <[EMAIL PROTECTED]> wrote: > > > > I'm looking at connecting 15+ multi-state locations together to start > > forming a private corporate network. The sites are small with 25-30 > > devices. I want to avoid direct-T1's due to cost, therefore I'm looking for > > alternatives. I know I can do site-to-site VPN, but I've also heard a lot > > about MPLS and from what I've read, it may be a good option. Over the next > > year, we will be adding 5-10 more sites, so expansion is important. I'm not > > planning to do voice, but it may be an option in 2-3 years. If anyone has > > any suggestions on their experiences, I would greatly appreciate it. > > > > Thanks, > > > > Todd -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: New N.Y. Law Targets Hidden Net LD Tolls
On Sat, Aug 20, 2005 at 09:25:27AM -0500, Robert Bonomi wrote: > 1-800-800, at least, has been in use for a number of years. > and I'm pretty sure I've seen 1-800-900 numbers. here's a fairly big one: uunet public tech support 1-800-900-0241. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: power strip with individually monitorable outlet current
On Tue, Aug 09, 2005 at 04:37:04AM -0700, Mike Leber wrote: > On Sun, 7 Aug 2005, Justin Kreger wrote: > > At the now defunct redundant.com we used baytech strips with the ds-3 > > (not the circuit) modules to snmp enable the strips. We were able to > > control each port, and monitor load on each port. > > > > http://www.baytech.net/ > > I had moderate success with this suggestion. Their technical support said > the only product they had that does this is the 4 outlet RPC5 or RPC6 > (ethernet version vs serial version). Unfortunately, it costs $644 each > (lowest price I've found so far) and accomplishes it's individual > monitoring by replicating power in and power out plus an ethernet port 4 > times. Still, if it's the only one out there I guess they win (although > at $150 per outlet, ouch, that goes over my $4000 budget for this). > > http://www.baytech.net/products/prodlist.php?show=RPC5 well, you can save a bunch on a used one ($125 -- buy-it-now!): eBay: BAYTECH DS4-RPC REMOTE POWER w/DS72 & DS74 DAC MODULES (item 5797338782) does western telematic make anything that might fit your needs? -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: NETGEAR in the core...
On Sat, Jul 30, 2005 at 10:11:28AM -0400, Robert Boyle wrote: > >I'm interested in people's experiences with consumer-grade routers > >functioning in non-NAT mode; that is to say, running PPPoE to the ISP > >and routing a /29 or a /28. A sane filtering language and stateful > >firewall that can operate in non-NAT mode is a plus. > http://www.cyberguard.com/products/firewall/SG_Family/ I think linux runs inside those. Vendor-supplied, yes, but if the OP wants to avoid linux altogether... No personal experience, but could a LinkSys/WRT45g with custom linux load be even cheaper? Can a cisco 1600 run PPPoE? -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
On a lighter note (for DataCenter operators)...
http ://www.jebba.net/ gallery/view_album.php?set_albumName=Cheap-Data-Center&page=1 (Beware the ./ effect) -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: United.com having DNS issues?
On Thu, Jun 02, 2005 at 12:21:21PM -0400, Henry Yen wrote: > On Thu, Jun 02, 2005 at 04:03:17AM +, Christopher L. Morrow wrote: > > On Wed, 1 Jun 2005, Henry Yen wrote: > > > On Thu, Jun 02, 2005 at 02:56:20AM +, Christopher L. Morrow wrote: > > > > Not horribly on topic, but perhaps there is a united.com person > > > > listening: > > > > > > > > www.united.com's NS servers are - > > > > dns01.uls-prod.com. > > > > dns02.uls-prod.com. > > > > > > whois and "dig +trace" show that www.united.com's servers are now: > > > dc1lbs1.uls-prod.com > > > dc2lbs1.uls-prod.com > > > > > > maybe the dns changes were recently made and are still "in-flight"... > > > (ducks) > > > > i don't think so, the united.com domain was those two earlier today, with > > www.united.com NS from dns01/02.uls-prod.com ... though I've seen this > > situation change some throughout the day as well with the dcXlbs1 boxes in > > the mix as well. Asking direcly from dns01/02 gets you records for SOME > > things but not others and servfail 'often' for www.united.com. > > > > Someone else pointed out that this is not a 'new' situation and has been > > the case for about 3-4 weeks so far... their POC's on the domains: > > > > united.com > > ual.com > > uls-prod.com > > > > are all invalid/dead/not-answering... perhaps someone will be watching > > nanog, perhaps they will continue to be busted :( Oh well. maybe it was still on-the-fly after all. whois united.com now shows dcXlbs1 as the name servers, and a flush of the local nameserver here now has www.united.com resolving properly. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: United.com having DNS issues?
On Thu, Jun 02, 2005 at 04:03:17AM +, Christopher L. Morrow wrote: > On Wed, 1 Jun 2005, Henry Yen wrote: > > On Thu, Jun 02, 2005 at 02:56:20AM +, Christopher L. Morrow wrote: > > > Not horribly on topic, but perhaps there is a united.com person listening: > > > > > > www.united.com's NS servers are - > > > dns01.uls-prod.com. > > > dns02.uls-prod.com. > > > > whois and "dig +trace" show that www.united.com's servers are now: > > dc1lbs1.uls-prod.com > > dc2lbs1.uls-prod.com > > > > maybe the dns changes were recently made and are still "in-flight"... > > (ducks) > > i don't think so, the united.com domain was those two earlier today, with > www.united.com NS from dns01/02.uls-prod.com ... though I've seen this > situation change some throughout the day as well with the dcXlbs1 boxes in > the mix as well. Asking direcly from dns01/02 gets you records for SOME > things but not others and servfail 'often' for www.united.com. > > Someone else pointed out that this is not a 'new' situation and has been > the case for about 3-4 weeks so far... their POC's on the domains: > > united.com > ual.com > uls-prod.com > > are all invalid/dead/not-answering... perhaps someone will be watching > nanog, perhaps they will continue to be busted :( Oh well. yeah, ok, the situation appears slightly more messed up than originally surmised. the dcXlbs1 boxes are the ones pointed to by the root. unfortunately, they think the dns0X boxes are the nameservers (though that doesn't matter if you don't ask dcXlbs1 for NS records). also of note is the SOA serial number is 20050503 (four weeks ago). also interesting is that the whois/registry for uls-prod.com says that it's expired. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: United.com having DNS issues?
On Thu, Jun 02, 2005 at 02:56:20AM +, Christopher L. Morrow wrote: > Not horribly on topic, but perhaps there is a united.com person listening: > > www.united.com's NS servers are - > dns01.uls-prod.com. > dns02.uls-prod.com. whois and "dig +trace" show that www.united.com's servers are now: dc1lbs1.uls-prod.com dc2lbs1.uls-prod.com maybe the dns changes were recently made and are still "in-flight"... (ducks) -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
panix.com recovery in progress
The latest shell host motd's: . Hijack recovery underway (elr) Sun Jan 16 17:43:28 2005 . .Recovery is underway from the panix.com domain hijack. . .The root name servers now have the correct information, as does the .WHOIS registry. Portions of the Internet will still not be able to .see panix.com until their name servers expire the false data. More .info soon. . . panix.net status update (elr) Sun Jan 16 16:06:41 2005 . .As some of our customers have noticed, there have been a few problems .with using panix.net as a substitute for panix.com. We've fixed most .of them: . .* if you change your return address to [EMAIL PROTECTED], it now works. .Previously, it was getting re-written back to [EMAIL PROTECTED] Customers .may need to do this to send mail to domains that use "Sender Address .Verifcation" since the fake panix.com mail servers don't seem to be .accepting mail right now. . .* The URL "http://www.panix.net/~USERNAME"; automatically redirects to .panix.com/~USERNAME. You can get around this by appending a / to the URL: . . http://www.panix.net/~USERNAME/ . .* Addresses of the form [EMAIL PROTECTED] are working now. . .Of course, we're still working around the clock to solve the underlying .problem with the hijacked domain. Also 'dig +trace panix.com. ns': ; <<>> DiG 9.2.4rc6 <<>> +trace panix.com. ns ;; global options: printcmd . 489907 IN NS K.ROOT-SERVERS.NET. . 489907 IN NS L.ROOT-SERVERS.NET. . 489907 IN NS M.ROOT-SERVERS.NET. . 489907 IN NS A.ROOT-SERVERS.NET. . 489907 IN NS B.ROOT-SERVERS.NET. . 489907 IN NS C.ROOT-SERVERS.NET. . 489907 IN NS D.ROOT-SERVERS.NET. . 489907 IN NS E.ROOT-SERVERS.NET. . 489907 IN NS F.ROOT-SERVERS.NET. . 489907 IN NS G.ROOT-SERVERS.NET. . 489907 IN NS H.ROOT-SERVERS.NET. . 489907 IN NS I.ROOT-SERVERS.NET. . 489907 IN NS J.ROOT-SERVERS.NET. ;; Received 292 bytes from 216.234.161.25#53(216.234.161.25) in 3 ms com.172800 IN NS a.gtld-servers.net. com.172800 IN NS g.gtld-servers.net. com.172800 IN NS h.gtld-servers.net. com.172800 IN NS c.gtld-servers.net. com.172800 IN NS i.gtld-servers.net. com.172800 IN NS b.gtld-servers.net. com.172800 IN NS d.gtld-servers.net. com.172800 IN NS l.gtld-servers.net. com.172800 IN NS f.gtld-servers.net. com.172800 IN NS j.gtld-servers.net. com.172800 IN NS k.gtld-servers.net. com.172800 IN NS e.gtld-servers.net. com.172800 IN NS m.gtld-servers.net. ;; Received 499 bytes from 193.0.14.129#53(K.ROOT-SERVERS.NET) in 143 ms panix.com. 172800 IN NS ns1.access.net. panix.com. 172800 IN NS ns2.access.net. ;; Received 105 bytes from 192.5.6.30#53(a.gtld-servers.net) in 57 ms -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: panix.com hijacked
On Sat, Jan 15, 2005 at 10:50:49AM -0500, Perry E. Metzger wrote: > Panix is highly screwed by this -- their users are all off the air, > and they can't really wait for an appeals process to complete in order > to get everything back together again. from panix shell hosts motd: . panix.net usable as panix.com (marcotte) Sat Jan 15 10:44:57 2005 . .Until we resolve the issue of the domain "panix.com", we have set up .the domain "panix.net" to include the same names and addresses as ."panix.com". . .You may use this as a temporary solution for access to mail, webpages, .etc. Wherever you would use "panix.com", you can replace it with ."panix.net". -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: What kind of cable is this?
On Sun, Nov 07, 2004 at 12:05:15PM -0800, Jonathan Nichols wrote:
>
> http://homepage.mac.com/smurphy/PhotoAlbum28.html
>
> Guy I know in Canada came across a 7200 foot spool of what appears to be
> single-strand fibreoptic cable.
>
> He's trying to find out its properties, UV rating, etc. Any information
> available would be great.
>
> I Googled for the part numbers (so did he) and came up empty. Siecor
> appears to be "Corning Cable Systems" now and their website was
> unhelpful, to say the least.
interestingly, i found one on ebay, with specs listed as:
SIECOR MM Fiber Optic Cable 7000 ft (2199m) spool NEW
* You are bidding on a new 7000+ feet (2100+ m) spool of SIECOR
LANscape multimode fiber optic cable.
* P/N 001N31-31107-0B.
* OFNR UL, CSA listed FT4.
* Measured attenuation: 850nm - 3.66 dB/km, 1300nm - 0.72 dB/km.
* Bandwith: 850nm - 272 MHz km, 1300nm - 564 MHz km.
* Nominal refractive index: 1.4980.
* 100/140 micron.
the link is: http://cgi.ebay.com/ws/eBayISAPI.dll?
ViewItem&category=64046&item=5729360631&rd=1
--
Henry Yen Aegis Information Systems, Inc.
Senior Systems Programmer Hicksville, New York
Re: domain isn't registred, but does exist in root-servers?
Isn't netsol now updating the com/zone nameservers in "real time" (5-minutely
intervals or some such)? WHOIS is presumably still only updating twice
per day. If so, then this phisher registered the domain just hours to
minutes ago. FWIW "sedgq.com" has a SOA sequence of 2004102301 ("today").
On Sun, Oct 24, 2004 at 12:47:46PM +0200, [EMAIL PROTECTED] wrote:
>
> just wondering about the following:
>
> there is no whois-info for sedgq.com
> (response: No match for "SEDGQ.COM".)
>
> but, host sedgq.com
> sedgq.com has address 66.218.79.155
> sedgq.com has address 66.218.79.147
> sedgq.com has address 66.218.79.148
> sedgq.com has address 66.218.79.149
>
> how can this be?
> i mean, afaik a domein needs to be registred before its 'known'
>
> this because of an email i received like:
[ snip phish e-mail ]
--
Henry Yen Aegis Information Systems, Inc.
Senior Systems Programmer Hicksville, New York
level3 security operations contact?
Is there a Level3 Security Operations contact listening? Your reporting script is returning a ticket value of [null]. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Verizon IP's and ARIN Records
On Tue, Jun 08, 2004 at 02:47:00AM -0400, Pete wrote: > > On Mon, 7 Jun 2004, Dennis Dayman wrote: > > > ARIN has dropped all registry information for 206.46.0.0 - 255.255.0.0. > > > This range includes our residential and business mail customers. We are > > > aware of the issue and are addressing this NOW to have our ARIN records > > > re-published again. We are not sure why this has happened at this time. > > > Any sender verification that checks for PTR records will fail on outbound > > > mail from Verizon Online. > > > -- > > > Dennis Dayman > > > Verizon Internet Services Operations > > > Security and Legal Compliance > > > -- > > ARIN is cracking down on IP Space that is or has been issued (legally) and > have been found to have the contact records "out of date" or the e-mail > addresses either don't work or their are mailboxes full and so on. You will > see more and more of these allocations being removed for failing to act on > network issue via their stated ARIN information. I received endless spam from hosts on other verizon networks, e.g. (the following generated: Tue Jun 8 05:01:33 EDT 2004): NetRange: 206.124.64.0 - 206.124.64.255 CIDR: 206.124.64.0/24 NetName:GTENET-CSD-DNS1 NetHandle: NET-206-124-64-0-2 Parent: NET-206-124-64-0-1 NetType:Reassigned NameServer: BIGGUY.GTE.NET NameServer: OTHERGUY.GTE.NET Comment: RegDate:1999-02-24 Updated:1999-02-24 OrgAbuseHandle: VOH1-ARIN OrgAbuseName: Hostmaster, Verizon Online OrgAbusePhone: +1-800-927-3000 OrgAbuseEmail: [EMAIL PROTECTED] E-mail sent to this listed contact bounced and/or was undeliverable. I sent notifications of this breakage to every other directly related and listed contact, and was met with complete silence. I tried dozens of times. For months and months. One of the non-responders was a contact associated with GTE.NET, [EMAIL PROTECTED], AKA CA546-ARIN, for example. I also inquired of ARIN about its policy regarding Invalid Contacts. They merely pointed out that it is not their responsibility to police such issues, but merely mark them, i.e. (the following generated: Tue Jun 8 05:02:55 EDT 2004): Name: Hostmaster, Verizon Online Handle: VOH1-ARIN Company: Address:Verizon Online Address:5525 MacArthur Ste 320 City: Irving StateProv: TX PostalCode: 75038 Country:US Comment:The information for POC handle VOH1-ARIN has been reported to Comment:be invalid. ARIN has attempted to obtain updated data, but has Comment:been unsuccessful. To provide current contact information, Comment:please e-mail [EMAIL PROTECTED] RegDate:2002-02-21 Updated:2003-06-03 Phone: +1-800-927-3000 (Office) Email: [EMAIL PROTECTED] The coincidence that the last-updated date is "06/03/2003" is remarkable. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Lsass.exe causing shutdown in IE.
On Sat, May 01, 2004 at 03:09:12AM -0500, Ejay Hire wrote: > We're starting to take calls from users about an LSASS.EXE error causing > XP to do the 60 seconds till forced reboot, and the normal blaster > mitigation and turning on the ICF isn't fixing it. I've been able to > reproduce it on one machine locally. Is anyone else seeing it? Sasser (windows) worm. http://isc.sans.org/diary.php?date=2004-04-30 -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
On Mon, Apr 19, 2004 at 08:50:34AM +0300, Petri Helenius wrote:
> > Let's face it -- this shouldn't have to be the ISP's problem.
> > Microsoft needs to quit rushing out new OS releases without properly
> > straining them and stress testing to find as many holes as they can.
> > They need to start cracking down on themselves and really start
> > worrying about securing their OS and patching it as much as possible
> > before throwing it to market.
>
> It´s very challenging to say that the world´s most profitable company
> should do anything significantly different.
s/most profitable company/convicted (and continuing) OS\&browser monopolist/
Still feel the same?
> Putting out releases and
> letting marketing to address security concerns brings in billions. Not
> putting out release will make less money.
Forcing OEM pre-loads is where they get most of their money. Maybe
if they spent less on money-losing ventures like X-Box and WebTV,
and maybe if they spent their R&D $Billions more wisely, and further
if they spent less time and money knifing others' babies and put
more genuine effort into it...
> This is not that they would not be "trying their best". There is just a
> very justifiable business decision between what we would like the best
> to be and what it needs to be to keep their money machine running.
Well, if they would just admit as such ("Keep the Money Machine Running!"),
instead of offering endless platitudes and excuses (and FUD) and
press releases about how much $money they are donating (yeah, right)
to libraries and schools and ...
--
Henry Yen Aegis Information Systems, Inc.
Senior Systems Programmer Hicksville, New York
Re: Windows updates and dial up users
On Mon, Sep 22, 2003 at 10:02:57AM -0700, Owen DeLong wrote: > > Ok then different idea, assuming that we're all agreed its MS's > > responsibility to ensure users are patched promptly and without extra > > cost to the end user. > > The problem is that while we agree, Micr0$0ft does not. They feel they > should > have no "responsibility" whatsoever to the end user beyond cheerfully > refunding > their money if they decide to stop using Windows. Microsoft does not issue refunds if you stop using Windows, whether or not you were satisfied with the XPerience. My interactions with Microsoft have never been "cheerful", which is a state mostly reserved for New Product Launch(tm) parties and advertisements. Nor can one readily obtain a refund from an OEM, even if you never use Windows and reject the EULA (http://windowsrefund.net/index2.php). -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: routing issue?
On Fri, Sep 19, 2003 at 04:15:20AM -0400, [EMAIL PROTECTED] wrote: > > Can anyone reach the 38.221.129/24 range?I'm seeing this announced as > a /24 by L3, but looks like it should be a /8 from Cogent(PSI). > Just looking for another viewpoint. tnx. from uunet: traceroute to 38.221.129.1 (38.221.129.1), 30 hops max, 38 byte packets 6 POS7-0.BR1.NYC9.ALTER.NET (152.63.18.221) 6.436 ms 6.135 ms 6.355 ms 7 204.6.134.170 (204.6.134.170) 6.767 ms 6.508 ms 6.351 ms 8 p14-0.core01.jfk01.atlas.psi.net (154.54.1.197) 6.634 ms 9.730 ms 10.325 ms 9 p12-0.core01.jfk02.atlas.cogentco.com (66.28.4.10) 7.470 ms 7.191 ms 6.894 ms 10 p4-0.core02.dca01.atlas.cogentco.com (66.28.4.81) 13.017 ms 12.913 ms 12.816 ms 11 p14-0.core01.atl01.atlas.cogentco.com (66.28.4.161) 25.800 ms 42.129 ms 26.144 ms 12 g0-2.na01.b000447-0.atl01.atlas.cogentco.com (66.250.11.78) 26.008 ms 26.219 ms 25.916 ms 13 38.221.129.1 (38.221.129.1) 24.880 ms 24.784 ms 24.889 ms -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: route to behosting.com
On Wed, Sep 17, 2003 at 07:37:12AM -0700, Lou Katz wrote: > Actually, me bad. It is the nameservers they use for > their clients: > ns5.behosting.com 208.56.139.155 > ns6.behosting.com 208.56.138.142 maybe call up alabanza and see what's up? from RIS: . No update is found in the database for 20030915. . Updates between 2003-09-16 00:00:00Z and 2003-09-16 23:59:59Z . . _ . . Type Prefix Time Peer Next HOP MED Origin AS path Community RRC ID . W 208.56.0.0/16 2003-09-16 17:05:30Z 198.32.200.125 0 0 IGP 0 Not configured MAE-West . . Updates between 2003-09-17 00:00:00Z and 2003-09-17 23:59:59Z . . _ . . Type Prefix Time Peer Next HOP MED Origin AS path Community RRC ID . A 208.56.0.0/16 2003-09-17 23:48:57Z 198.32.200.50 198.32.200.50 0 IGP 6066 701 7018 11022 Not configured MAE-West . W 208.56.0.0/16 2003-09-17 23:51:19Z 198.32.200.50 0 0 IGP 0 Not configured MAE-West 208.56.0.0 is: . OrgName:Alabanza, Inc. . OrgID: ALAB . Address:10 E. Baltimore St. Suite 1300 . City: Baltimore . StateProv: MD . PostalCode: 21244 . Country:US . . NetRange: 208.56.0.0 - 208.56.255.255 . CIDR: 208.56.0.0/16 . NetName:ALABANZA-BALT-3 . NetHandle: NET-208-56-0-0-1 . Parent: NET-208-0-0-0-0 . NameServer: NS.ALABANZA.COM . NameServer: NS2.ALABANZA.COM . Comment:ADDRESSES WITHIN THIS BLOCK ARE NON-PORTABLE . RegDate:1999-08-27 . Updated:2000-05-15 . . TechHandle: TC12-ARIN . TechName: Cunningham, Thomas . TechPhone: +1-410-779-1400 . TechEmail: [EMAIL PROTECTED] . . # ARIN WHOIS database, last updated 2003-09-16 19:15 -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Route failures to behosting.com
On Wed, Sep 17, 2003 at 09:29:57AM -0400, Brian Bruns wrote: > Attempts to access behosting.com were successful from several different > locations, which included ameritech and sprint. I'm not going to include > traceroutes here (if you would like them, I can email them to you > privately). What ISPs are you using to try and get to them? behosting.com/www.behosting.com (aka 216.121.96.160) also accessible without problem from sprint and uunet. > - Original Message - > From: "Lou Katz" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > Sent: Wednesday, September 17, 2003 9:23 PM > Subject: Route failures to behosting.com > > > I am unable to reach them via several different ISPs. It looks > > to my naive eyes like routes to them have vanished. Can anyone > > shed any light on this? -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Contact for UniNet S.A. de C.V. (NETBLK-UNINET-NETBLK-12)
On Fri, May 24, 2002 at 11:59:58AM -0700, Dan Hollis wrote: > Does anyone have a real contact for UniNet S.A. de C.V. > (NETBLK-UNINET-NETBLK-12) ? > The email address registered bounces "mailbox full". hmm. how 'bout "[EMAIL PROTECTED]"? or (digging a bit here), _perhaps_ [EMAIL PROTECTED] -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: Routers vs. PC's for routing - was list problems?
On Thu, May 23, 2002 at 09:38:18AM +, E.B. Dreger wrote: > BSD enforces append-only when running proper securelevel. AFAIK, > Linux lacks this attribute, and root can disable the so-called > "immutable" attrib. i think that modern linuxes have both of these capabilities, but they need to be compiled into the kernel (they're actually called "capabilities", as in capability.h), so they're cumbersome to use. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: list problems?
On Thu, May 23, 2002 at 03:00:20AM -0400, Patrick W. Gilmore wrote: > At 02:42 PM 5/23/2002 -0400, Henry Yen wrote: > >On Thu, May 23, 2002 at 06:22:50AM -0700, Rachel K. Warren wrote: > >> Of course, there are exceptions to every rule - I've had managers and > >> executive officers in the same companies I worked at who did not have > >> degrees. But more often than not, the degree was there. > > > >i was once taught that causation and correlation are different. > > Stating as fact a causation simply because of a correlation (e.g. degrees > == promotion) is probably not a good idea without other evidence. However, > lacking evidence or hypotheses to the contrary, it is not unreasonable to > tentatively assume a causation given a strong correlation. i don't disagree, but the your specific observation seems too broad for me. i've long deleted the original post, but ISTR that the OP's interest was in getting a network/engineering/related job, and the degree (no pun intended) to which having a formal college education might contribute toward that goal, at least in the short run. assuming that the companies to which this post refers are those which are in that situation (hiring good network people), the fact that the managers and executives at those companies "more often than not" had a degree is not necessarily more than a correlation. it doesn't speak to the issue of whether or not they are/were good network people. for instance, perhaps a degree is more useful to managers and executive officers than to network engineers. or perhaps people who get degrees strive more for those management positions than people who don't. or perhaps those companies tend to hire people with degrees more often than not, and this post shows that, but it doesn't necessarily relate to network engineering (i.e. maybe it's a less-than-useful holdover hiring practice, which is what many offshoots of this thread are discussing); perhaps the OP would be just as happy to be hired in a non-network-engineering- oriented position, but that's not the impression i got. > Assuming correlation and causation are completely unrelated is probably > worse, since if there is a cause / effect relationship, correlation is > bound to show up. yes, but i didn't assume that. :) > Given that we *do* have other evidence (e.g. HR department which ask for > degrees when hiring & promoting), why would it be wrong to make a leap such > that "a degree will help more than it will hurt". yes, i think it would be wrong. the "evidence" presented above is one person's experience, based on observations of "executive officers and managers" at places where she has worked. you could certainly say that a college degree will more likely than not lead to a position as an executive officer or manager (not necessarily network-related), especially if you tend to try to work for companies such as those quoted above. the "hurt" part presumably refers to the time (5+ per cent of your life), as well as the ten-thousands of dollars expenditure. > As one person said, all else being equal (as it frequently is), a degree > (or certification) is a great way to differentiate yourself. Especially to > the non-technical (like CFOs and HR departments). i think it makes a bigger difference when one is young. i tend to believe that the differentiation lessens over time. as well, the opportunity to seriously and formally study computing/networking is "relatively" recent. > The interesting thing about this long (and sometimes interesting) thread > which keeps appearing here every year or two is that people without degrees > seem to have value experience only, while people with degrees have a > relatively high opinion of experience and degrees. it would be interesting to see the age distribution of these two groups. > IOW: The people who have been to college tend like it, those who have not, > do not. > > Of course, that is just a correlation, and not even a 100% correlation at that. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: list problems?
On Thu, May 23, 2002 at 06:22:50AM -0700, Rachel K. Warren wrote: [ snip ] > Of course, there are exceptions to every rule - I've had managers and > executive officers in the same companies I worked at who did not have > degrees. But more often than not, the degree was there. i was once taught that causation and correlation are different. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: "portscans" (was Re: Arbor Networks DoS defense product)
On Sat, May 18, 2002 at 01:48:27AM -0700, Scott Francis wrote: [ snip ] > On Sat, May 18, 2002 at 04:10:53AM +, [EMAIL PROTECTED] said: [ more snip ] > > By all means if you are under attack, filter and protect yourself. > > > > However a "portscan" is not an attack. > > Precursor to an attack, certainly. As you mentioned earlier, forewarned is > forearmed. If I find myself being scanned, as a responsible network operator > I will contact the operator of the block in question, and if things are not > cleared up to my satisfaction, I will take proactive measures to protect > myself from the attacks that are sure to come by whatever means seem > appropriate and necessary to me. somewhat OT, but this was an interesting article from the NYTimes: Linkname: Museum's Cyberpeeping Artwork Has Its Plug Pulled URL: http://www.nytimes.com/2002/05/13/arts/design/13ARTS.html "An Internet-based artwork in an exhibition at the New Museum of Contemporary Art was taken offline on Friday because the work was conducting surveillance of outside computers." "The work in question is "Minds of Concern: Breaking News," created by Knowbotic Research, a group of digital artists in Switzerland. The piece is part of "Open Source Art Hack," an exhibition at the New Museum that runs through June 30. The work can be viewed as an installation in the museum's SoHo galleries or online at newmuseum.org." "The dispute calls attention to one of the very points the piece is intended to make. Because the lines between public and private control of the Internet are not yet clearly defined, what artists want to do may be perfectly legal, but that does not mean they will be allowed do it." -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: [Q] BGP filtering policies
On Tue, Apr 09, 2002 at 07:00:28AM -0700, Sean M. Doran wrote: > | UUNet suggested that any problems encountered > | as a result of this allocation could probably solved by e-mailing > | any NSP whose traffic interchange with us might be negatively > | affected (unlikely, to be sure, but still...), and would then > | change their filter (I'm unconvinced of this scenario). > > Try offering some money to such NSPs -- it probably doesn't have to > be much, and of course you would be receiving substantial benefit... Wouldn't it be more sensible to leverage the funds and instead offer the money to UUNet, to swap for a class C space block? If that were an option, we'd probably do it. I don't think that it is. -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: [Q] BGP filtering policies
On Tue, Apr 09, 2002 at 02:34:44AM -0500, Borchers, Mark wrote: > http://www.arin.net/statistics/index.html#ipv4issued2002 The CIDR section is the part you're referring to? http://www.arin.net/statistics/index.html#cidr which indicates /20. > Unfortunately, this doesn't help in your case. My company also > has /14's from the traditional class A space. I know of only one > case in two years where a customer reported a problem arising > from holding a small assignment out of these blocks, which was > ultimately corrected by renumbering the customer, a solution which > does not scale well. I don't exactly anticipate this ever happening. My observation is that the scaling will happen in the router area, i.e. as more and more smaller blocks get announced out of the class A/class B space, the ability of routers to hold more routes will tend to relax the typical filtering policies as time goes on. In other words, by the time we might encounter a problem, it'll no longer be a problem. Your comment about renumbering is most apropos; if it's not a problem for uunet to assign in swamp space now (i.e. "pre-renumbering"), then this also disappears as an issue later. > Worst case, however, unless your UUNet connection goes down, you'll It happens more frequently than you might expect. > still be able to reach most places via your other transit and peering > (since /24 is the closest thing to a "universal" allowed prefix length) > and will have full reachability via UUNet. IMHO, accepting up to /24 > in any of the space listed on the above URL is good service provider > practice. > > > -Original Message- > > From: Henry Yen [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, April 09, 2002 2:11 PM > > Subject: [Q] BGP filtering policies > > > > We were recently assigned a /22 from UUNet in conjunction with some > > transit we're buying from them. The space is inside their superblock, > > 65.242.0.0/14. We are concerned that our route announcement of this > > block would be filtered out by some other providers, as it's not > > class C/swamp space (or even class B space for that matter). > > Verio's current policy, for one, indicates that this would be so. > > > > This is of particular concern to us as our little network encompasses > > several physical partially-meshed locations, with a mix of varying > > bandwidths both upstream as well as intra-location. Traffic > > Engineering > > is what we think is a reasonable (business) approach to address our > > flexibility needs, and so we're trying to move to address > > space(s) that > > would be least likely to be BGP filtered. > > > > We've asked for a different block from UUNet but the request didn't > > meet with success; UUNet suggested that any problems encountered > > as a result of this allocation could probably solved by e-mailing > > any NSP whose traffic interchange with us might be negatively > > affected (unlikely, to be sure, but still...), and would then > > change their filter (I'm unconvinced of this scenario). > > > > I briefly browsed the NANOG archives, and didn't see this > > issue discussed > > recently. Have the BGP filtering policies for "most" ISP/NSP's been > > relaxed to the level of "accept /24's from class A > > (ARIN-allocated) space"? > > Am I mis-reading Verio's posted policy? Is there anyone from UUNet > > who might choose to comment? Is there something else I'm > > misunderstanding? -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Re: BGP filtering policies, UU, and you
On Tue, Apr 09, 2002 at 12:29:46PM -0700, David Barak wrote: > There's no real problem with your current space. > Assume for the minute that each of your offices has a > UU T1. You announce the chunks of your /22 through For the time being, only one uunet transit link. > your various T1s, and that announcement (along with > the UU/14) is passed along to UU customers and peers. > Verio will ignore the /22, but will direct traffic to > UU because they will accept the /14. so no problem That part I am clear about. > there. The only possible issue is this: This part is the part that concerns me, as it is specifically our scenario: > assume one T1 to UU and one to . (make that one uunet link and more-than-one , as well as both private links as well as over-the-'net tunnels interconnecting some of our sites.) > UU T1 goes down, therefore /22 withdrawn there, /22 > announcement through becomes only route. > Verio ignores this, and directs traffic to UU (via the > /14), and UU will then direct traffic to > because UU has very liberal routing policies. So in Uh, what's "very liberal routing policies" mean? (And which uunet URL details this?) I assume you mean that uunet will accept announcements for its own blocks (and specifics, not aggregates) from other ; that is, I also advertise this uunet block on my other link, and they'll accept and propagate it (right?). And uunet will accept this route of their own block from ? If this works as laid out, then uunet would realize that the uunet link is down and send traffic over to the other . > the worst case, you could get some sub-optimal > routing, but nothing particularly bad, and Verio is No, not particularly bad, but not as good as it could be "if only" the block were allocated in class C space to begin with. > the only substantive ISP who still uses these filters > (AFAIK). I know this is NAnog, but we have important correspondents in Europe and Japan. > The bigger issue in that case would be getting the UU > line up faster :) Unfortunately, the vast majority of failure modes for our sites end up being dependent on the ILEC. It's not a pretty picture. > Henry Yen wrote: > We were recently assigned a /22 from UUNet in > conjunction with some > transit we're buying from them. The space is inside > their superblock, > 65.242.0.0/14. We are concerned that our route > announcement of this > block would be filtered out by some other providers, > as it's not > class C/swamp space (or even class B space for that > matter). > Verio's current policy, for one, indicates that this > would be so. > > This is of particular concern to us as our little > network encompasses > several physical partially-meshed locations, with a > mix of varying > bandwidths both upstream as well as intra-location. > Traffic Engineering > is what we think is a reasonable (business) approach > to address our > flexibility needs, and so we're trying to move to > address space(s) that > would be least likely to be BGP filtered. > > We've asked for a different block from UUNet but the > request didn't > meet with success; UUNet suggested that any problems > encountered > as a result of this allocation could probably solved > by e-mailing > any NSP whose traffic interchange with us might be > negatively > affected (unlikely, to be sure, but still...), and > would then > change their filter (I'm unconvinced of this > scenario). > > I briefly browsed the NANOG archives, and didn't see > this issue discussed > recently. Have the BGP filtering policies for "most" > ISP/NSP's been > relaxed to the level of "accept /24's from class A > (ARIN-allocated) space"? > Am I mis-reading Verio's posted policy? Is there > anyone from UUNet > who might choose to comment? Is there something else > I'm misunderstanding? -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
[Q] BGP filtering policies
We were recently assigned a /22 from UUNet in conjunction with some transit we're buying from them. The space is inside their superblock, 65.242.0.0/14. We are concerned that our route announcement of this block would be filtered out by some other providers, as it's not class C/swamp space (or even class B space for that matter). Verio's current policy, for one, indicates that this would be so. This is of particular concern to us as our little network encompasses several physical partially-meshed locations, with a mix of varying bandwidths both upstream as well as intra-location. Traffic Engineering is what we think is a reasonable (business) approach to address our flexibility needs, and so we're trying to move to address space(s) that would be least likely to be BGP filtered. We've asked for a different block from UUNet but the request didn't meet with success; UUNet suggested that any problems encountered as a result of this allocation could probably solved by e-mailing any NSP whose traffic interchange with us might be negatively affected (unlikely, to be sure, but still...), and would then change their filter (I'm unconvinced of this scenario). I briefly browsed the NANOG archives, and didn't see this issue discussed recently. Have the BGP filtering policies for "most" ISP/NSP's been relaxed to the level of "accept /24's from class A (ARIN-allocated) space"? Am I mis-reading Verio's posted policy? Is there anyone from UUNet who might choose to comment? Is there something else I'm misunderstanding? -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
