RE: PAIX Outages
> From: Alexander Koch [mailto:[EMAIL PROTECTED] [..] > As another matter I do not believe in public peering at all > when you have flows to a single peer that are ore than half > of a full GE. Been there, was not at all nice. I guess more > and more operators will have less and less public IX ports, > and the open peering coalition will start wondering at some > point... The AMSIX has a lot of 10G peers. While they just > take two ports, and the AMSIX supposedly also being redundant > (and cheap ) it is just a time- bomb. How many times did > either LINX or AMSIX had issues (actually very rare!) and we > happily overloaded our peers' interfaces at the respective > other IX... Say what you want, but public peering (yes/no) > has a lot to do with your amount of traffic, and your peers. > It depends. Thinking of reliability: FICIX over here in Finland requires all full members to join _two_ switches in physically separate locations from separate points in your own network, using redundant fiber paths. Result: a very reliable IX. In Sweden Netnod has IX facilities in five cities around the country. AFAIK most of the traffic exchange is done over public peerings in Finland and Sweden - very reliably. --Kauto
FW: Summary/minutes from sunday evening?
-Original Message- From: Matthew Petach [mailto:[EMAIL PROTECTED] Sent: Monday, January 31, 2005 11:15 AM To: Huopio Kauto Cc: [EMAIL PROTECTED] Subject: Re: Summary/minutes from sunday evening? On Mon, 31 Jan 2005 11:00:55 +0200, Huopio Kauto <[EMAIL PROTECTED]> wrote: > > So.. > > Could someone please summarize the Sunday evening meeting? Minutes anyone? > I'm not allowed to post to NANOG from this account...but if you'd like to forward this message to the list, I've included my minutes from the Sunday night session at the end of this message. Thanks! Matt > --Kauto > > Kauto Huopio - [EMAIL PROTECTED] > Information Security Adviser / CERT-FI -coordinator > Finnish Communications Regulatory Authority / CERT-FI > tel. +358-9-6966772, fax. +358-9-6966515 > CERT-FI duty desk +358-9-6966510 / http://www.cert.fi > > 2005.01.30 Coordinating NANOG--input from community Paul Vixie, moderator Betty Burke, Merit Steve Feldman, CNET Martin Hannigan, Verisign Paul Vixie, ISC Dan Golding, the Burton Group Betty Burke starts off. NANOG needs to evolve. Thanks to all who helped this effort We all recognize the need for continous change Our goals this evening: Get your input Ensure ongoing community coordination My role at Merit--Special Projects Why Merit? NANOG grew out of of NSFNET backbone services re-engineered and managed by Merit 87 -95 Merit has been joining diverse technologies and organizations nationally/regionally since late 60s Regional role: MichNet, Michigans largest ISP 525 customers (affiliates) 13 members (Michigans' 4-yr public universities) 26 peers National role: neutral organization for NANOG coordination NANOG's early years to today 94 - 95 meetings planned by Elise Gerich 95 - 98 Bill Norton takes over, begins to get outside help with agenda in 97 convenes advisor group 98 program committee formalized under Craig Labovitz 2000 Susan Harris becomes coordinator PC today: selects talks for agenda chaired by Susan Harris target is 18 members, currently at 17 Members selected by: self-nomination (volunteer) or PC nominations PC holds internal discussion, issues invitation to join Thanks to the program committee k claffy, CAIDA Keven Epperson, LEvel3 Steve Feldmen, CNET Elise Gerich, Juniper Barry Greene, Cisco Sue Hares, NextHop Susan Harris, Merit Crag Labovitz, Arbor Bill Manning, EP.NET Dave Meyer, U of O/Cisco Bill Norton, Equinix Dave O'Leary, Juniper Ted Seely, Sprint Stephen Stuart, Google Rob Thomas, Cisco/Team Cyrmru Curtis Villamizer Bill woodcock Mailing list growth evolved from NSFNET Regional-Techs list became NANOG in 1994 today: 7,919 subs, 10,000 receive mail Mailing List Moderation Sample annual volume: in 2004, 10,500 unique messsages sent to the list Moderator sent ~460 private messages since 2000 (about 2/week) 135 dealt with spam management topics loosened up on this in mid-04 29 noop (moderation review would be helpful) 67 pseudonyms (many added .sig on request) 52 foul language 46 politics 44 personal attack Neither Betty nor Susan are operators, so target may have been off on the 29 non-op moderations. 29 addresses temporarily removed since 2000 two warnings, three you're removed for 3-12 months, depending on violation People can re-subscribe upon request. Nobody has ever been denied a request to resubscribe to the list. NANOG attendance slide. Less than 100 in 1994, to peak of over 600 in 2001, back down to 400 now. Only a few registration fee increases since inception. Given hotel logistics, that's surprising, and difficult; the goal is to try to keep the cost down so people don't find it hard to manage to attend. Get creative with sponsorships to help with costs. That's it for formal information from Betty. Steve Feldman will take over talking about the program committee, and changes for the future. NANOG talk selection process Steve Feldman NANOG PC CNET Networks One of 17 Program Committee members Ancient History Originally the NANOG Chair did it all Bill Norton started informal admisory committeee in 1997 Mailing list used to coordinate Modern History Advisory committee became Program Committee in 1998 Mailing iist discussion as proposals recieved Formalized PC's talk selection process in 2004 Continuing refinements and improvement Goals Talks reflect attendees' needs Audience ISPs (transit and end-user) Content Providers Large Enterprises Research/Education Vendors Critera Relevance: operational experience Technical content (vs marketing) Quality: Slides Language Speaker (good with audience?) Timeline Call for Presentations, few months ahead CFP Deadline 6 weeks before meeting Prgram Committee Review and Rating PC Conference Call: Initial Selections (blind until this) Initial notifications 4 weeks before meeting Late Submission Review (more later) Agenda This was a short period
Summary/minutes from sunday evening?
So.. Could someone please summarize the Sunday evening meeting? Minutes anyone? --Kauto Kauto Huopio - [EMAIL PROTECTED] Information Security Adviser / CERT-FI -coordinator Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax. +358-9-6966515 CERT-FI duty desk +358-9-6966510 / http://www.cert.fi
NISCC vulnerability note, Cisco advisory on H.323 issues
Following documents are recommended reading: http://www.uniras.gov.uk/vuls/2004/006489/h323.htm http://www.cisco.com/warp/public/707/cisco-sa-20040113-h323.shtml --Kauto Kauto Huopio - [EMAIL PROTECTED] Information Security Adviser / CERT-FI -coordinator Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax. +358-9-6966515 CERT-FI duty desk +358-9-6966510 / http://www.cert.fi
RE: microsoft.com
It seems that Microsoft is Akamai'zing as we speak.. --Kauto Kauto Huopio - [EMAIL PROTECTED] Information Security Adviser / CERT-FI -coordinator Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax. +358-9-6966515 CERT-FI duty desk +358-9-6966510 / http://www.cert.fi -Original Message- From: Bryan Heitman [mailto:[EMAIL PROTECTED] Sent: Friday, August 15, 2003 8:48 AM To: [EMAIL PROTECTED] Subject: microsoft.com Several networks I have talked to are reporting they can't get to www.microsoft.com Has the virus began? anyone? Bryan
Latest analysis of MSBLAST
from F-Secure is here: http://www.f-secure.com/v-descs/msblast.shtml --Kauto Kauto Huopio - [EMAIL PROTECTED] Information Security Adviser / CERT-FI -coordinator Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax. +358-9-6966515 CERT-FI duty desk +358-9-6966510 / http://www.cert.fi
RE: companies like microsoft and telia...
>> Perhaps someone could write a bcp for an email-form that lays out the same >> information so we can make the complaints use this format and all abuse >> departments can accept using this form, to get some structure to it? >yow. i first asked that this be done in 1998, and for this very reason >among others. can anybody beat that date (with an earlier one?) this is >a hard problem but with outlook forms and sri-style ascii templates it's >quite achievable. note though that many abusebots will reject MIME >since it might contain a virus. and, there will be huge controversies >about header munging, list cleaning, complaint forwarding, and >definitions of >"abuse", "consent", "implied consent", "recourse", and "standing". >so if ``someone'' writes this up, count me as a grateful&willing >reviewer. >-- >Paul Vixie How about IODEF? Lots of CERT:s and company-internal abuse teams:s ticketing systems are going to eat it with ease - if not now, soon. --Kauto FICORA / CERT-FI
RE: OT: Increasing Cell Phone Signal inside a NOC?
In Finland, it is very usual that cell providers can bring a mini-cell (_not_ a repeater, a real cell) _in_ to the building and wire all floors and especially facilities that are below ground level. In my previous life, I got a cell provider to install an extension to the in-house antenna network to a previously unused area of the basement when we decided to build a new machine room there. Full coverage indeed. :) Well, Helsinki is a city where even the metro system has 100% coverage from all four network operators :) Just call your cell operator customer service and ask for someone who is able to talk about coverage issues. --Kauto
Re: Wireless insecurity at NANOG meetings
How about just plainly blocking the most obvious holes, that is telnet and POP? If someone wants a direct telnet connection to a route server or something similar - open a hole with a web-based tool? Ok, then you say all unencrypted www traffic with plain username/pw.. SSH'ing everything back to home base is quite useful :) --Kauto
RE: AS286 effectively no more..
>> What is the legal position of an IRU deal if the cable owner goes belly >> up? >Unless someone buys the equipment and agrees to theke the IRU:s on - they >are worthless. How about duct IRU:s? --kauto
RE: AS286 effectively no more..
> >Does anyone know what happened to the Ebone/KPNQWEST European-wide DWDM >system? I figure that if it was shut down, we would see more impact. > >Their IP network load I bet was quite easily handled by other operators >considering the huge over-capacity situation we have had the past years. Parts of the Eurorings (the KPNQwest part of the KPNQwest/Ebone network combination) seem to be semi-active - otherwise bits wouldn't flow from Qwest to Leiden in NL. But there are just KPNQwest core AS/KPN Belgium/ Luxembourg prefixes advertised on the IP side. I am worried on the networks that have swapped/IRU:ed fibers from KQ and have transmission gear co-located at KQ amp huts / major nodes, using KQ rectifiers to get DC juice to their racks. It is going to be interesting to watch if/when the still-lit remains of the Eurorings go dark on transmission level - I've understood there were couple of _very utilized_ WDM rings in KQ central european network.. What is the legal position of an IRU deal if the cable owner goes belly up? --kauto
AS286 effectively no more..
Interesting how quietly one of the powerhouses in Europe has been shut down yesterday evening. Any notes on increased latency / routing issues wrt AS286 shutdown? --kauto Kauto Huopio - [EMAIL PROTECTED] Information Security Adviser Finnish Communications Regulatory Authority / CERT-FI tel. +358-9-6966772, fax. +358-9-6966515 CERT-FI duty desk +358-9-6966510 - http://www.cert.fi