Re: Customer-facing ACLs
Dave Pooser wrote: Half the Mac users? You think? I know a dozen or so sysadmins who use Macs, [raises hand...] and about a hundred users who wouldn't know SSH from PCP; I think that's probably a slightly skewed sample considering I'm a Mac geek who hangs around with Mac geeks, and I'd guess the consumer users are a larger percentage of the real-life population. I was quite surprised to see the large number of Mac laptops at NANOG 42. I didn't do a formal count but it seemed like about 1/4 to 1/3 of the laptops in use were Macs. I'd expect the number of folks who want SSH unblocked to be under 1% of a consumer broadband network, and probably closer to 0.1% or so. And again, it ought to be trivial to let your users unblock the system, either via phone call or via self-service Web page (though in the latter case you'd better use a captcha or something so the bot doesn't automatically unblock itself). I'm against the slippery slope of blocking ports by default, with the possible exception of SMTP if the provider offers a well-publicized local SMTP server. Servers that must leave ssh open to the Internet can and should consider using some form of time-out script like this one: http://www.pettingers.org/code/SSHBlack.html -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: Area Social Activity
Rod Beck wrote: I am suggesting a Certified Drinkers Event in the hotel bar Sunday evening. Any Hash House Harriers in our midst? -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: Client information?
Carl Karsten wrote: I guess yes. They might implement a non swimmers basin for the windows people and a sharks only basin for the rest of us. what is a non swimmers basin ? A toilet? Or maybe a kiddie wading pool. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: 365 Main - an operators' nightmare?
Jason J. W. Williams wrote: I believe this happened to an Internap facility in Seattle a couple of years ago: http://community.livejournal.com/lj_dev/670215.html I was told it happened in our colo facility about a month before we moved in. Some unfortunate remodeling of previous data center space had left an EPO switch in a janitor's closet. The maid knocked loose the protective covering, which of course made an alarm start screaming...so she hit the EPO to stop the noise. Did it work? (Did that stop the noise, things got real quiet?) -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: TCP congestion
Philip Lavine wrote: Can someone explain how a TCP conversation could degenerate into congestion avoidance on a long fat pipe if there is no packet/segment loss or out of order segments? Here is the situation: WAN = 9 Mbps ATM connection between NY and LA (70 ms delay) LAN = Gig Ethernet Receiver: LA server = Win2k3 Sender: NY server = Linux 2.4 Data transmission typical = bursty but never more that 50% of CIR Segment sizes = 64k to 1460k but mostly less than 100k Typical Problem Scenario: Data transmission is humming along consistently at 2 Mbps, all of a sudden transmission rates drop to nothing then pickup again after 15-20 seconds. Prior to the drop off (based on packet capture) there is usually a DUP ACK/SACK coming from the receiver followed by the Retransmits and congestion avoidence. What is strange is there is nothing prior to the drop off that would be an impetus for congestion (no high BW utilization or packet loss). Also is there any known TCP issues between linux 2.4 kernel and windows 2003 SP1? Mainly are there issues regarding the handling of SACK, DUP ACK's and Fast Retransmits. Of course we all know that this is not a application issue since developers make flawless socket code, but if it is network issue how is caused? Duplex mismatch on an intermediate ethernet segment? -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: trans-Atlantic latency?
Neal R wrote: I have a customer with IP transport from Sprint and McLeod and fiber connectivity to Sprint in the Chicago area. The person making the decisions is not a routing guy but is very sharp overall. He is currently examining the latency on trans-Atlantic links and has fixed on the idea that he needs 40ms or less to London through whatever carrier he picks. He has spoken to someone at Cogent about a point to point link. Paging Scotty, warp factor 4 please! What is a reasonable latency to see on a link of that distance? I get the impression he is shopping for something that involves dilithium crystal powered negative latency inducers, wormhole technology, or an ethernet to tachyon bridge, but its been a long time (9/14/2001, to be exact) since I've had a trans-Atlantic circuit under my care and things were different back then. The speed of light hasn't changed much. Propagation delay alone, assuming a 3000 mile straight-line path (probably on the short side) and 0.7 velocity factor in the transport medium is around 45 milliseconds round trip. Chicago to the East coast is about another 1000 miles or 15 ms, so 60ms. is probably a bit on the low side. Serialization delay depends on bit rate and packet size, easy enough to calculate. Switching delay, probably minimal. Anyone care to enlighten me on what these guys can reasonably expect on such a link? My best guess is he'd like service from Colt based on the type of customer he is trying to reach, but its a big muddle and I don't get to talk to all of the players ... -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: 96.0.0.0/6 reachability testing
Ron da Silva wrote: I'll happily send your question to my IT and legal folks. :-) -ron Point out that you're sending the language to widely disseminated and archived mailing lists, and send them this as well NOTICE: This communication may contain confidential and/or privileged information. If you are not the intended recipient, or believe that you have received this communication in error you are obligated to kill yourself and anyone else who may have read it, not necessarily in that order. So there. My disclaimer is scarier than yours. Nyaah. You started this silly nonsense. Knock it off and I will too, ok? It's worthless from a legal standpoint and is responsible for the needless suffering of billions of innocent electrons. Nobody reads it anyway. You're not actually reading this, are you? I didn't think so. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: BGP Problem on 04/16/2007
Andre Oppermann wrote: Audie Onibala wrote: Yesterday on 04/16/07 between 3:00 - 3:45 PM we had sporadic Internet problem. Our ISP's are Sprint and Qwest. Around that time there was quite a bit sunspot activity and the moon had an unusual position too. The NOC contacts of your ISP's probably may be of more specific help. But make sure to ask them for their networks SPF (sunspot protection factor). That's an important metric to qualify their network reliability. Are you sure it was sunspots? My NOC contacts were seeing substantial memory corruption due to cosmic rays. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: PGE on data centre cooling..
John Kinsella wrote: I sorta wonder why the default is lights on, actually...I used to always love walking into dark datacenters and seeing the banks of GSRs (always thought they had good Blink) and friends happily blinking away. Consider the power consumption per square foot of the gear in a typical data center, then add in the power needed to keep it cool. I suspect that the cost of energy to keep the lights on will be down in the noise. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: NOC Personel Question (Possibly OT)
Todd Christell wrote: Greetings, Sorry if this is OT but we are having a discussion with our HR department. We are in the process of getting a 24 X 7 NOC in place and HR has a problem with calling them NOC Specialist. What is the generally accepted title? This is as best I recall a direct quote. We don't care. You can call yourself Supreme Imperial Grand Poo-Bah if you want as long as our network stays up. -- Jay Hennigan - Supreme Imperial Grand Poo-Bah - CCIE #7880 Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: Request for topic death on Cold War history (was RE: Every incident is an opportunity)
Alexander Harrowell wrote: Causality? WW2=nukes, cold war=arpanet=internet, surely? Heh. We're that close to invoking Godwin's Law here. :-) On 2/12/07, *micky coughes* [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] wrote: Hmm, let's see. Nukes = cold war = arpanet = internet Yup, looks ok. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: what the heck do i do now?
Set up a nameserver there. Configure it to return 127.0.0.2 (or whatever the old MAPS reply for spam was) to all queries. Let it run for a week. See if anything changes in terms of it getting hammered. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: OT: How to stop UltraDNS sales people calling
Jeremy Chadwick wrote: On Tue, Nov 28, 2006 at 05:56:19PM -0600, Gadi Evron wrote: Okay, this was fun and I am all for OT fun. But can we please stop putting down a part of our community? Especially one which contributes to NANOG so much? We all have sale trolls to live with. I both agree and disagree. I agree that the put-downs are a bit excessive (I laughed more than once :-) ), but I disagree with the sale trolls comment. UltraDNS's sales staff *does not* have to behave like this. Agreed. When I get such calls, the first question I ask is, Is this a sales call? If I get an honest Yes, I'm somewhat more inclined to continue the conversation. If the first thing a salesperson tells me is a lie, game over. Similarly, any company that spams me selling network equipment or connectivity is clearly way beyond stupid and not one with which I would ever consider doing business. Yes, this thread is OT to a large extent, but we are network operators. Many of us have sales staff. Educating our own sales people on what not to do is a step towards noise reduction, albeit out-of-band noise as far as this forum is concerned. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: How to stop UltraDNS sales people calling
Alexander Harrowell wrote: Can I speak to so-and-so? I'm sorry I can't help. I am a counter-terrorism officer monitoring this line for reasons of national security. Can I speak to so-and-so? I'm sorry, he's in prison. He went on a shooting spree at a telemarketing call center. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: OT: How to stop UltraDNS sales people calling
Andy Davidson wrote: Hi, I am really fed up of calls from UltraDNS - we seem to get them every few days. We don't need their product. We've tried saying no, and additionally we've tried putting people on hold indefinitely, trying to be enough of a nuisance to drop off their sales call list (works with UK telcos - try it). I just had a guy on hold for 18 minutes before taking him off hold to say that we didn't want their product, and could he please stop calling. He told me he would still calling until he got through to the right person. I am the right person. It sounds like Jane Barbe is the right person. Capture their caller ID, set your asterisk dialplan to forward to (or play a recording of) the intercept announcement of your choice. Or if UltraDNS has a toll-free number, letting them eat their own excrement for a while can be fun. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: How to stop UltraDNS sales people calling
Nachman Yaakov Ziskind wrote: I have a very special voice mailbox assigned to a fictional person. Any sales calls get transferred to it. No, I don't monitor it. :-) Said fictitious person in our organization is one Ms. Helen Waite. Telemarketers and the like can all go to Helen Waite. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: problem with BGP or I am an Idiot
Philip Lavine wrote: To all, Probabaly the the latter; however here is the situation. I am advertising a rte 1.1.1.1 via BGP to the Internet via ISP_A via my location in NJ. At my other location in CA where I am advertising another rte 2.2.2.2 via BGP to the Internet via the same ISP_A. I am using the same AS for both routes. Don't do that then. For some reason on my rtr advertising the 2.2.2.2 rte I am unable to see the 1.1.1.1 rte % Network not in table. I know 1.1.1.1 rte is valid it shows up in looking glass and ISP_A has it on the peer 2.2.2.2 recevies full Internet rtes from. Further verification: I add a static rte on 2.2.2.2 rtr to 1.1.1.1 and its routable??? The reason is that a BGP router won't accept a route containing its own AS from an external peer. You can add a static route on both routers to the other network with the gateway of your ISP. A floating static default may also work. Or get a different AS for the other end. -- Jay Hennigan - CCIE #7880 - Network Engineering - [EMAIL PROTECTED] Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
Re: link between Sprint and Level3 Networks is down in Chicago
Chris L. Morrow wrote: On Thu, 9 Nov 2006, Randy Bush wrote: Whatever happened to redundancy? lost in the transition from reality to fantasy and conjecture? it's the sharp curves. also perhaps in other regions of their network they have connectivity, so it was expected to fail out of region properly? I don't mind if something breaks occasionally, stuff happens. When something breaks and lies to me via BGP claiming that all is sweetness and light, that can be a very major annoyance. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 - WB6RDV
Verizon PSTN issues?
I'll try not to be as vague as the last person... We are in Verizon (former GTE) territory in Santa Barbara, CA, LATA 740. For much of the day we have had complaints of reorder from dialup users as well as reports of reorder from people trying to call us from out of the area. I saw a note on another forum that claimed that Verizon was having nationwide issues but gave no other detail. Verizon rep hasn't returned voicemail, l-o-n-g hold time on repair, gave up. Can anyone shed any light? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 - WB6RDV
Re: UUNET issues?
Herb Leong wrote: Hi, Anyone being impacted by UUNET? Nothing unusual here, we are AS4927 connecting to AS701 in Los Angeles. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 - WB6RDV
Re: Collocation Access
Alex Rubenstein wrote: I am shocked that the ATT employee did not have an ATT ID. In our facilities, we require all visiting telcos to produce company identification, and between telcove/level 3, Verizon, MCI, and several others, we have never had an issue. I'd be a bit more suspicious that he didn't have ATT ID. He may have indeed had ATT ID. But the colo security people wanted a government ID. Company ID is relatively meaningless and trivially forged, particularly for small values of company. If I were to show up in a truck with Jay's Telco on the side, produce Jay's Telco ID, and refuse to show a driver's license or government ID I would expect datacenter security to be a bit suspicious. Why should ATT be treated any differently? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 - WB6RDV
Re: Boeing's Connexion announcement
Owen DeLong wrote: This may be a nit, but, you will _NEVER_ see AC power at any, let alone all of the seats. Seat power that works with the iGo system is DC and is not conventional 110 AC. Into which the laptop user plugs the inverter he has in his carry-on that he bought for use in the rental car, producing 115vac (240 if from Europe). Into this he plugs the laptop SMPS, into which he plugs the laptop. Horribly inefficient, but that's the way Joe Sixpack does it. He probably doesn't have much of a choice. It's a pity that laptop makers don't either design their machines to operate on a nominal 13.8 VDC or sell a relatively inexpensive and commonly available 13.8-to-[whatever DC voltage the laptop uses on whatever oddball connector they use that seems to be unique to that make and model and likely serial number and unavailable anywhere]. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 - WB6RDV
Re: Outages mailing list
Rick Kunkel wrote: I thought about cutting and pasting verbatim the notification I got from InterNAP, but then noticed the The contents of this email message are confidential and proprietary blurb at the end, and thought better of it, even though they weren't to blame... Somebody actually reads those??? NOTICE: This communication may contain confidential and/or privileged information. If you are not the intended recipient, or believe that you have received this communication in error, you are obligated to kill yourself and anyone else who may have read it. So there. My disclaimer is scarier than yours. Nyaah. You started this silly nonsense. Knock it off and I will too, ok? It's worthless from a legal standpoint, makes you look really clueless, and is a waste of CPU cycles. Nobody reads it anyway. You're not actually reading this, are you? I didn't think so. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323 - WB6RDV
Re: Tier 2 - Lease?
Robert Sherrard wrote: What make a provider a tier 2, versus a tier 1 provider... We are a tier 1 provider = I am a salesperson. They are a tier 2 provider. = I am a salesperson and they are our competitor. Is it possible to determine who a tier 2 (i.e. Cogent) leases fiber from? Ask them. They may not tell you (or know, depending on who you are talking to.) -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Re: Is your ISP Influenza-ready?
Joseph S D Yao wrote: On Tue, Apr 18, 2006 at 10:53:33AM -0700, David W. Hankins wrote: ... It's like someone intentionally optimized this function specifically to be the most pessimal. ... If you know the word pessimal [malus, pejor, pessimus = bad, worse, worst], you should know that most pessimal is redundant - perhaps allowable for emphasis - and that optimized to be pessimal is so much an oxymoron it must be deliberate. But why not just say pessimized? Oh, stop being such a pessimist. :-) -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Re: Qwest issues in western US
Janet Sullivan wrote: Anyone seeing Qwest issues in the Western US? Yes. We're not homed to them but are having issues reaching Qwest-homed sites in Chicago from California. We are multi-homed AS1, 701, 7018 -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Re: Presumed RF Interference
Randy Bush wrote: Cut the ground wire in your power cords but ground the equipment directly to a metal frame. i strongly recommend that you do this, especially in your 240vac environment. excellent solution to a lot of problems. Don't even joke about doing this, please. If there is potential on the grounding conductor, then that problem needs to be corrected as it is a safety of life issue. Even if you cut the conductor and safely ground the equipment in that one rack, you are ignoring the fact that you have very strong evidence of a serious wiring problem in the form of destroyed equipment. Say you do what you suggest, ensure that your rack is well and solidly grounded. And, you're aware that the building grounding wiring is defective. And then someone comes in (maybe you) and plugs in a piece of portable test equipment next to your nice grounded rack. And then puts one hand on the test equipment (plugged into one of the defective outlets) and the other on your well-grounded rack. Especially in the 240 volt environment. There is a serious, potentially fatal, wiring fault in that building. Get it fixed properly. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Re: Presumed RF Interference
Jon R. Kibler wrote: Greetings: [snippage] Given what I have described, would you think this is an RF interference problem? No. Many of the devices mentioned are not particularly RF sensitive. Those that are will recover when removed from the interference source unless you're talking about levels that are harmful to humans. A *PATCH PANEL* ??? Short of putting it inside a microwave oven, I can't think of a means of damaging it with RF, particularly from any distance. Google Inverse square law. If you turn the switch off and the fluorescent lights stay on, then you indeed might want to look into RFI. RF problem or not, how would you track down this problem? I'm 99.9% sure you have a grounding problem. Verify that your power and equipment grounds have no significant potential difference. Likewise your telco ground, and the metal building itself. Is the entire building fed from a single electric meter? We are to the point of bringing in a consulting EE, but I am not sure that most would be equipped to solve this problem; so, what should we look for in a potential consulting engineer? NEC grounding specification compliance, some who knows the difference between a groundED and a groundING conductor and is familiar with static and lightning protection issues. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Re: I never realized so many trains derailed until my Internet kept going out
Martin Hannigan wrote: They could've back doored the long haul, and it's possible they did on different products. The local traffic would pop back if they did depending upon network configuration since the FCP's and CO's are still up and running. Think about it, if you can make a phone call during a fiber cut, why can't you process an IP packet? (I'm discussing layer 1. I'm waiting to see the preso in Dallas to comment on anything higher :) ) Well, sometimes you can't make a phone call during a fiber cut. During the Sprint outage a couple of weeks ago the first thing we noticed were strange PSTN outages. High-and-dry and reorder for the most part with an occasional circuits busy intercept. The cut didn't have any significant effect on IP as far as we could tell (but we're not a Sprint customer). -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Re: GoDaddy.com shuts down entire data center?
outgoing spam spew. If the domain was the target of a phish, then causing it not to resolve would keep the phisher from reaping any benefit from the abuse although the spam run would likely continue, at least for a while until the phisher realizes it is in vain. Lastly, I wonder what average people - people who run businesses on hosting providers who really don't understand all this computer stuff - think about such actions. How many 100s of people have we just alienated for life to stop - er, NOT stop - a single zombie? And how many of their friends are going to hear over an over how the Internet is not a real business and no one should put any faith in it? Well, average people who run businesses on hosting providers probably should hire someone who does understand all this computer stuff to do some due diligence on the providers they are considering. If their prospective providers netblocks are repeatedly mentioned in SPEWS, Spamhaus, Spamcop, and NANAE, they may want to look elsewhere. Googling Nectartech abuse is interesting. As far back as July of last year they were battling GoDaddy over spam and abuse issues. It doesn't look like this should have been all that big of a surprise. In fact, Nectartech's predictions in post 23 of the following thread are eerily accurate. http://www.webhostingtalk.com/showthread.php?s=threadid=422612 Is this really a good thing? If steps are taken to minimize collateral damage, yes. Allowing the abuse to continue causes collateral damage to the rest of the Internet for as long as it continues. The choice often boils down to severe collateral damage to a few or raising the noise level and collateral damage to the Internet as a whole. Is cutting off ten customers of an infected customer better than allowing this customer's virus to infect tens of thousands of random hosts on the net worth it? If you're one of the tens of thousands, yes. If you're one of the ten customers, no. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Re: GoDaddy.com shuts down entire data center?
william(at)elan.net wrote: On Mon, 16 Jan 2006, Richard A Steenbergen wrote: The rest is just some random blowhard web hosting customer I disagree with this particular part. I think its quite clear that this was not random blowhard hosting customer but somebody close to nectartech owner who owner knew could get through walls put by some companies and if not annoy the hell out of them afterward and spin it around in [in]appropriate way. Precisely. It wasn't just some random blowhard web hosting customer. It was a carefully selected web hosting customer specifically chosen for his expertise at being a blowhard. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Re: Cisco, haven't we learned anything? (technician reset)
Rob Thomas wrote: Hi, NANOGers. ] On the other hand, the most common practice to hack routers today, is ] still to try and access the devices with the notoriously famous default ] login/password for Cisco devices: cisco/cisco. This is NOT a default password in the IOS. The use of cisco as the access and enable passwords is a common practice by users, but it isn't bundled in the IOS. I've heard it began in training classes, where students were taught to use cisco as the passwords. Actually, and fairly recently, this IS a default password in IOS. New out-of-box 28xx series routers have cisco/cisco installed as the default password with privilege 15 (full access). This is a recent development. To be fair, the box also has a huge default login banner urging the user to delete that username/password pair. But we all know how much attention is paid to huge, verbose banners, disclaimers, click-to-agree dialog boxes, etc. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Re: Cisco, haven't we learned anything? (technician reset)
william(at)elan.net wrote: Actually, and fairly recently, this IS a default password in IOS. New out-of-box 28xx series routers have cisco/cisco installed as the default password with privilege 15 (full access). This is a recent development. This is hardly only cisco's problem. Most office routers I've dealt with also come with default username/password and on occasions when I dealt with existing installation those passwords have rarely been changed. True. However I much prefer the old way that Cisco did it. No default passwords on the box at all. But, no remote administration at all until a password was set on the console. Now, there is a default cisco/cisco. Newbie admin creates a new user/pass, tests thinks it's secure, fails to remove the default, game over. What should really be done (BCP for manufactures ???) is have default password based on unit's serial number. Since most routers provide this information (i.e. its preset on the chip's eprom) I don't understand why its so hard to just create simple function as part of software to use this data if the password is not otherwise set. The old-school Cisco way works for me. Default is no password if you have physical access, but no remote access. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Weird PSTN issues anyone?
I'm getting reports of reorder and intercept recordings intermittently from wireless phones on multiple carriers to landlines and also landline to landline. Not enough data points to narrow it down much further and redialing seems to get through after a couple of tries. Calls originating in Dallas terminating in California. Anyone else notice the same thing? Fiber cut somewhere? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Re: Slightly OT: Redundant CPE Switching for DS3
[EMAIL PROTECTED] wrote: On Thu, Dec 22, 2005 at 12:21:55PM -0700, John Neiberger wrote: I'm curious to find out if there is a device that would allow a single DS3 to terminate on two different routers, and switch from the primary to the backup router if the primary were to fail. I've seen this for T1 circuits but I can't find anything for DS3. I'd bet you could make something workable with a DPDT coaxial relay, driving it from alarm contacts or a relay output of whatever monitoring system you might already have. The tricky part would probably be appropriately defining failure in order to get it to automatically switch at the right time without causing more problems than you started with. One probably could. More often than not it seems that the mechanism used to provide protection against hardware failure becomes more fragile than the hardware you're protecting. I've had far more issues caused by PIX failover going screwy than I've seen failed PIXen as a mild example. Can the relay and associated hardware, cables, power supply and logic be guaranteed to be substantially more reliable than the router? If not, why bother? Sometimes all of your eggs in one basket is the most sensible choice as long as you have a stainless steel basket. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Re: The Qos PipeDream [Was: RE: Two Tiered Internet]
Joe Maimon wrote: Chris Woodfield wrote: One thing to note here is that while VoIP flows are low volume on a bits-per-second basis, they push substantially more packets per kilobit than other traffic types - as much as 50pps per 82Kbps flow. And I have seen cases of older line cards approaching their pps limits when handling large numbers of VoIP flows even though there's plenty of throughput headroom. That's not something LLQ or priority queueing are going to be able to help you mitigate at all. -C In that vein, and not quite on this topic, it would be real nice if voip applications made an effort to stop abusing networks with unneccessarily large pps. VoIP by design will have high PPS per connection as opposed to data flows. At 20 ms sample rates you have 50 pps regardless of the CODEC or algorithm. Increasing the time per sample to 40 ms would cut this in half but the added latency would result in degraded quality. In addition, longer sample times would suffer much more degradation if there is packet loss. Something about intelligent edges? The payload length of voip applications often has a lot to do with rtt. Adapting payload length to the actuall average rtt could have a positive effect on pps throughput. I'm not sure why you say the payload length has much to do with RTT. Serialization delay on slow edge links could increase RTT, but this would worsen substantially with longer samples (assuming the same CODEC and compression). Payload length is a factor of the sample length and compression algorithm. More efficient compression will result in smaller payloads but overhead becomes a higher percentage of the overall flow. Only lengthier samples will reduce PPS, and the added latency in a two-way conversation will substantially reduce call quality. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] NetLojix Communications, Inc. - http://www.netlojix.com/ WestNet: Connecting you to the planet. 805 884-6323
Confidentiality disclaimers, was: GoDaddy DDoS
On Thu, 1 Dec 2005, Mark Smith wrote: [Dire threats regarding confidentiality, etc. snipped.] On Wed, 30 Nov 2005 16:18:52 -0700 Sam Crooks [EMAIL PROTECTED] wrote: This confidentiality notice almost DoS'd my MUA ! One would think that those posting here would have the clue to realize that they are sending mail to a widely read and archived mailing list, making any such confidentiality warning rather ludicrous. One would also hope that most posters here would also have the horsepower within their organization to point out the ridiculousness to whoever implemented such cruft or at least sufficient privileges on the company MTA to strip it from their own postings. This silliness started with fax cover pages before it morphed to email, but it seems to have mostly disappeared from the fax world. Has the validity of such language ever been upheld in court? NOTICE: This communication may contain confidential and/or privileged information. If you are not the intended recipient, or believe that you have received this communication in error, you are obligated to kill yourself and anyone else who may have read it, not necessarily in that order. So there. My disclaimer is scarier than yours. Nyaah. You started this silly nonsense. Knock it off and I will too, ok? It is a tragic waste of perfectly good CPU cycles, storage, and bandwidth. Nobody reads it anyway. You're not actually reading this, are you? I didn't think so. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: UltraDNS - are there any brain cells left?
On Mon, 31 Oct 2005, Matt Ghali wrote: Could you take a break from publically insulting your customers, and confirm that you have a grasp of what happens when both sides of a mirrored pair of disks die within 3 hours of each other? One replaces the disks and restores from one's backup tapes? What if you accidentally rm a critical file? Mirrored disks won't be of much help there. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: Verizon outage in Southern California?
On Tue, 18 Oct 2005, Hannigan, Martin wrote: There was a post here earlier regarding a major outage. Did you lose POTS or circuit level connectivity to customers or both? Frame-relay, SDSL, ADSL. Straight DS-1 connections are OK. Not sure about POTS. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: CAT5 surge/lightning strike protection recommendations?
On Tue, 13 Sep 2005, R.P. Aditya wrote: I have a bunch of cat5 buried about 1 ft below the surface connecting multiple buildings on a campus (short runs) and lightning strikes nearby have caused surges along one or more of the cables and burnt out switch ports. Don't do that, then. I would like to protect the switch ports -- there seem to be lots of products on the market. Anyone have recommendations (tested/practical is best :-)? Use the cat5 as a pull rope, install fiber. The APC Protectnet PNET1 and PRM24 seem quite nice and not too expensive -- if they workpros? cons? Seriously, this is a battle against Mother Nature that you aren't going to win. Differences in ground potential as well as induced currents into the UTP will continue to cause equipment failure as well as possibly kill you or someone else. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Battery Maint in LEC equipment
On Sun, 5 Jun 2005, Alex Rubenstein wrote: In NJ, Verizon, MFS, and Telcove all install batteries. We put them on our UPS and Genset anyway, however. The corollary to this question: If your data center has an adequate DC plant, will the carriers insist on installing their own batteries and rectifiers? And how many of them have redundant supplies to take advantage of an A and B feed from you? Typically, because they're the phone company, if you offer them DC, they'll insist on AC. If ou offer them AC, they'll want DC. And it seems that wherever you want the MPOE/drop they'll have some reason to install it as far away as possible. :-) -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Experiences with 911 calls and SIP
On Wed, 18 May 2005, Dan Lockwood wrote: I'm having a discussion with one of my vendors about the 911 capabilities of their SIP VoIP phone system. The vendor says that if we use an Enhanced 911 service that their phone system will transmit location information to the PSAP at the time of the call in addition to the ANI. I was under the impression that this functionality was not possible, hence all the problems that Vonage is having. Can anyone help clarify this for me? The vendor *CAN*, if they are properly connected to the selective routers and ANI/ALI database, both route the call to the correct PSAP and display the location of where you *TELL* them the phone is located. He isn't technically correct that the system transmits location information to the PSAP at the time of the call. The system transmits ANI (calling number) and the PSAP queries a regional database to obtain the location. It can take several hour sor even days to update the database if you move. In most cases, telephone service providers *MUST* maintain a toll-free number available to the PSAP operators 24/7. In the event of missing or incorrect location information, the PSAP can call the carrier who *MUST* answer with a human being[1], not an auto-attendant. That person can then tell the PSAP the current location of record. If you take your Xten laptop to Bangladesh and register your SIP phone there, don't expect the ambulance to arrive where you *ARE*, only where you told your carrier the phone was located. The same issue occurs with off-premise stations to analog PBX systems and the like. G.I.G.O. [1] I suppose that the human being could be in India and give the same level of service we've all grown to cherish from SBC and ATT... -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: Anyone familiar with the SBC product lingo?
On Thu, 14 Apr 2005, Luke Youngblood wrote: SONET simply means you are on a Sonet ring: Two redundant connections to the central office. If someone gets a little crazy with a backhoe your line is guaranteed to stay up (ask about SLAs, and make sure they will refund part of your monthly bill if you have an outage). That's why it costs over twice as much. To take advantage of this redundancy, the entrance facilities to your building must not be part of a collapsed ring where both fiber pairs are in the same conduit/bundle. Quite often this is not done right. If it requires two backhoes to take it down, it requires two backhoes to build it. In other words, for SONET redundancy to be of value to you there need to be two physically separate fiber feeds to your location that remain physically separate throughout the ring. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: Cisco to merge with Nabisco
On Fri, 1 Apr 2005, Bill Nash wrote: On Fri, 1 Apr 2005, Church, Chuck wrote: Incorrectly chosen switching path can now result in lost packets AND indigestion. Is this mitigated by activating Nabisco Express Forwarding? Yes, but this is only available with the Gastric Bypass feature set that requires a rather bloated image. Traffic shaping is required to avoid denial of service attacks as the input buffers are easily overloaded when implementing this fix. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: sorbs.net
On Wed, 16 Mar 2005 [EMAIL PROTECTED] wrote: What if the USPS decided any magazine you subscribed to was suddenly unfit for delivery and decided it should blocked (thrown away)? They don't decide. I do. This is not factually true. The USPS has a Postal Inspection Service that can intercept your mail for various reasons. Details are in 39 USC 3013. The quote below comes from a report on their activities for the year ended March 31 2004. During that period there were 21 withholding mail orders issued. OK, they decide, for extremely small values of decide. 21 withholding mail orders vs. how many trillions of items handled? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: E1 - RJ45 pinout with ethernet crossover cable
On Fri, 25 Feb 2005, Per Gregers Bilse wrote: You generally need a router or something else acting as store-and-forward. E1/T1 and other plesiochronous circuits are just that, near synchronous, and certainly not asynchronous. Things cannot be transmitted or received without clocks on both sides being in synch, which may or may not be the case if you try to hook up two arbitrary lines. Moreover, assuming both are terminated towards you, both will be driving clock for your router (terminal equipment) to pick up, and they are not going to be in phase. Then there's the issue of different options for framing and various control bits, etc. You might get lucky if you could convince one of the circuit providers to take clock from you (which would then come from the other circuit), but you would probably still need to deal with signal level, framing, and other issues (ie, have a box of sorts). All in all, an old cisco 2500 is probably the cheapest and most troublefree solution. In every case I've dealt with when setting up a back-to-back connection of T1 or E1 circuits, the appropriate crossover connection between transmit and receive (1,2 - 4,5 on 8-pin jacks, swap Tx and Rx on co-ax) and setting one side to supply internal clock and the other side to recover clock from line works just fine. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: E1 - RJ45 pinout with ethernet crossover cable
On Fri, 25 Feb 2005, Sam Stickland wrote: Quick question: If I have two E1 ports (RJ45), then will running a straight ethernet cable between the two ports have the same affect as plugging a ballan into each port and using a pair of coax (over a v. short distance). Not straight, you need to make or buy a special crossover cable unless you're going from a CSU to a terminal equipment port, in which case a straight cable will work if it has all four pairs connected. Some cheap cables sold for ethernet use only have pairs 1,2 and 3,6 wired. These will not work as T1/E1 uses 1,2 and 4,5. Likewise would using an ethernet crossover cable have the same affect as swapping the pairs round on one balland. I think you mean balun. A crossover cable for T1/E1 is pairs 1,2 and 4,5 swapped which is blue/white and green/white for 568A. Or are the pinouts different to ethernet? I tried googling but couldn't find anything (perhaps because I can't seem to spell ballan :/ ). Well, the modular jack connections are balanced and coaxial cable is unbalanced. You don't need baluns unless you're going from BALanced on one end to UNbalanced on the other (hence the name balun). Get a straight-through cable. and look at it. If the insulation on the left two pins is green when holding the contacts up and away from you, then cut off one end and reassemble it with the green and blue pairs swapped around. If orange, then swap the orange and blue. If brown, turn it over and look again. :-) Set ONE of your devices to provide clock (Internal) and the other to recover clock from the line (Network). If either of the devices is also connected to a carrier or other network by T1/E1, clocking can get more complicated and you probably want to consult a local expert on that particular equipment. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: Vonage complains about VoIP-blocking
On Tue, 15 Feb 2005, Hannigan, Martin wrote: Something else to consider. We block TFTP at our border for security reasons and we've found that this prevents Vonage from working. Would this mean that LEC's can't block TFTP? Was that a device trying to phone home and get it's configs? Cisco, Nortel, etc. phone home and get configs via tftp. Vonage doesn't need to phone home for config. The device is programmed (router) and it registers with the call manager. If you analyze the transactions it's about 89% SIP and 11% SDP. Vonage devices initiate an outbound TFTP connection back to Vonage to snarf their configs on initial connection and also (presumably) on reboot. Many, many VoIP devices do this, including Cisco phones in all major flavors. If an ISP is blocking TFTP originated by its customers at the border, this will cause numerous problems with many VoIP devices as well as numerous other things where a customer needs to initiate a TFTP session over the Internet. Filtering customer-initiated TFTP will cause problems with many legitimate applications and devices. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: [eweek article] Window of anonymity when domain exists, whois not updated yet
On Tue, 11 Jan 2005, David Barak wrote: seriously, there have been various proposals ([ADV], etc) to facilitate legit UCE, but that hasn't slowed the arms race. How would you recommend that we make it easier for legit businesses? Legit businesses do not use spam. The phrase Legit UCE is similar to Legit fraud or Legit theft. If legit businesses want to use SCE or solicited commercial email, then such email is expected to be received and welcomed by the recipient and by definition not spam. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: Okay, I'm just going to _assume_...
On Fri, 22 Oct 2004, Scott Morris wrote: I want the MP3 of the theme song to the game! ;) http://www.cisco.com/warp/public/779/edu/peterpacket2/deliverables/music/peterpacket_theme.mp3 -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: MCI problems - LA?
On Wed, 20 Oct 2004, Chris Moody wrote: just got a call from MCI, informing me of a catastrophic fiber cut in the area. The tech indicated that we have a DS3 through them that may see a considerable performance hit as they are performing the repairs. Apparently this cut affects MCI, Verizon, AOL, and several other providers which he named off. We're getting feedback that it was deliberate vandalism, fiber cut in a manhole in a railroad yard in Rialto, CA. They are making repairs now. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: why upload with adsl is faster than 100M ethernet ?
On Fri, 15 Oct 2004, Joe Shen wrote: Hi, the network path is: |-(ADSL)\ customer/ --Edge_router---...---Japan Server \-(100Methernet)-/ So, from edge_router to Japan server the path is identical. Yes. But, for ftp TCP control real end-to-end transmission speed. I attached a monitor computer to our core router along the path between customer's site and server. Monitoring computer ping customer's site by targeting both ends of ADSL line and ethernet line. The measuring is scheduled 20packet per 20seconds, we also ping each hop address along the path to server. The result shows there is no packet loss along from monitoring computer to customer site, but packet loss increase at a special hop along the path to server in japan. So, we think the bottleneck is not inside our network. And, TCP connection between customer's computer and its server should be affacted by same bottleneck. So, the uploading speed should be similar (?), but it shows so much difference! I can think of three possible things: 1. MTU over the ethernet and ADSL lines is different and there is fragmentation occuring when the ethernet link is used. Look at packet sizes with your sniffer and/or try sweeping a range of ping sizes. 2. Somewhere in the path there are parallel load-balanced paths with variable delay resulting in packets arriving out-of-order more frequently when sent over the ethernet link, due to the packets arriving more frequently in bursts when originating from the faster link. Do you have a group of load-sharing per-packet links in your core over which the traffic flows? Could also be beyond your control. Ethereal at the receiving end might show this. 3. As was previously suggested, aggresive rate-limiting or policing happening along the long-haul. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: why upload with adsl is faster than 100M ethernet ?
On Fri, 15 Oct 2004, Joe Shen wrote: Hi, I met a question with upload speed and network access speed. One of our customer lease two lines from us. One is 2Mbps ADSL line the other is 100Mbps fiber ethernet link. The customer needs to upload files to server in Japan usually. Now, the customer complaint that the upload speed of ADSL is much slower than fiber link. For a 5MB file, it takes 420 seconds with fiber link to finish uploading while the time for ADSL is 170 seconds. There is no difference in routing path between ADSL far end and fiber ethernet far end other than the access method. ( from the first acess router ). There is something wrong with both scenarios. A 5 Mbyte file is 40 megabits. With overhead, it should transfer in about one-half second over a 100 Mbps ethernet connection and somewhat less than 30 seconds on a 2Mbps connection. Look for duplex mismatch or something similar. We measured the latency between our core router and customer's computer, and find there is no packet loss between with both line while latency on ADSL is 0.3ms higher than fiber ethernet. The ADSL should be substantially higher considering just serialization delay. And, no link along the path inside our network is over burdened. That is, bottleneck locates somewhere outside our network. And there is asymetric route between our network and Japan server. Oh! There's another WAN link in the picture! What are the MTU settings? Are the packets being fragmented? Iis a firewall blocking all ICMP somewhere including path MTU discovery? But, why TCP throughput experience so much difference between ADSL acess and fiber link access? We need more details as to the entire network. Ethereal captures at both ends would be a good start. What is the connection in Japan? Note that this isn't exactly within the realm of the NA(North American) Network Operators Group, but the photons don't respect political boundaries so you may get appropriate answers here. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Microsoft problems?
Papal Catholicism? Ursal defecation in forested terrain? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: SkyCache/Cidera replacement?
On Mon, 20 Sep 2004, Rick Chavez wrote: Does anyone know of one? No but would probably be interested as a customer. Hell, has anyone even considered starting one? Possibly. For that matter, would anyone be interested or willing to pay for their services if someone did or is bandwidth so cheap that it's just not needed anymore? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Multi-link Frame Relay OR Load Balancing
On Thu, 16 Sep 2004, Bryce Enevoldson wrote: We are in the process of updating our internet connection to 8 t1's bound together. Due to price, our options have been narrowed to ATT and MCI. I have two questions: 1. Which technology is better for binding t1's: multi link frame relay (mci's) or load balancing (att's) It depends on what you mean by better. Multilink is more CPU-intensive but is nicer to such things as voice that don't deal well with packets arriving out of order. Load balancing can be per packet or per destination (or flow). Per-packet allows for aggregation of the multiple paths for a large flow between two specific points but can give voice and similar services problems with reassembly. So better will depend on the nature of your traffic. At that speed I would highly recommend a DS-3 instead of either of the above. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Mega DOS tomorrow?
On Wed, 25 Aug 2004, Andy Dills wrote: So, slashdot is linking to some news sites that are reporting that Aleksandr Gostev from Kapersky Labs in Russia has predicted that a large chunk of the net will be shut down tomorrow. FYI, Google returns 9,250 hits on the search string: imminent death of the net predicted film at 11 -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Has postini been taken over?
On Thu, 19 Aug 2004, Hank Nussbacher wrote: Lately, I am getting more and more spam coming via postini.com. See below: Received: from source ([206.190.38.111]) by exprod5mx128.postini.com ([12.158.34.245]) with SMTP; Fri, 30 Jul 2004 04:40:47 CDT Received: from psmtp.com (exprod5mx30.postini.com [12.158.34.185]) by psmtp.preferred.com (8.12.9-20030924/8.12.9) with SMTP id i6VB468i000751 Is it just spam that has Postini in its headers, or all mail to that address? Have you or a mail administrator for your domain signed up with Postini for spam filtering? If so, all mail for the domain will flow through Postini's servers. If your mailbox isn't enabled for filtering or is set to not filter, all the spam you previously got from anywhere will show Postini in the headers. For that matter, all of your mail to that address will have Postini in the headers. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: scanning e-mail [WAS: 3 Free Gmail invites]
On Thu, 19 Aug 2004, Robert Bonomi wrote: I believe your last statement is factually incorrect. I absolutely _can_ do anything I please with your e-mail you send to me. Not only that, I also believe I _may_ do it. You send me e-mail, the e-mail is now mine. Well, legally, yes, and no. I can post it publicly, You _cannot_ legally do that. copyright infringement. put it into a search engine, or deleted it, and you have no say in the matter. Might not be polite, but it certainly it not illegal. Don't like it, don't send me e-mail. (Please. :) You own the 'artifact' that is the message, the 'intellectual property rights' (i.e. copyright) remain with the author/sender. Doing thing with the message that require consent of the copyright holder are things you cannot do _without_ that consent. :) 'Private use' copying is _not_ one of those things, however. Are you saying that those ridiculous boilerplate disclaimers similar to the following that annoyingly appear tagged to email (including that sent to public mailing lists) really mean something? NOTICE: This communication may contain confidential and/or privileged information. If you are not the intended recipient, or believe that you have received this communication in error, you are obligated to kill yourself and anyone else who may have read it. So there. My disclaimer is scarier than yours. Nyaah. You started this silly nonsense. Knock it off and I will too, ok? Nobody reads it anyway. You're not actually reading this, are you? I didn't think so. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: New VOIP Peering/Interconnection Mailing List Announcement
On Fri, 14 May 2004, Daniel Golding wrote: Topics to be discussed: ENUM, TRIP, Voice Peering, QOS, BGP, SIP, VOIP Transit/Trunking, .tel, Inter-Asterisk Exchange (IAX), the ITU and anything else that may effect interconnection of VOIP and packet voice. Cool! x This is a mailing list for voice folks, peering people, network engineers, and even business guys curious about how this technology will change things. Open exchange of ideas is the goal! Great! Please feel free to forward this announcement freely. Post message: [EMAIL PROTECTED] Ooh, that sucks. Any chance of hosting it elsewhere? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: SPAM Directly from ATT Data Networking
On Wed, 14 Apr 2004, Callahan, Richard M, GVSOL wrote: Having spoken directly to her, I would like to point out that she did indeed take the time to research the FCC SPAM laws and has stuck to them. She has provided an opt-out message and assures me she takes it very seriously. If you have responded to her with a request to NOT be contacted again, you have not been. So ATT condones the sending of bulk, unsolicited commercial email and permits its employees to do so and continue to do so until the victim begs that particular employee to stop? And then another ATT salescritter can repeat the process? That's ATT's official position? How well do you think this scales? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: UPS and generator interaction?
On Tue, 30 Mar 2004, David Lesher wrote: Side thought, but not a NANOG topic. What in your data center really cares if your generator puts out 57 or 63 Hz, not 60.0? Why? Some UPSes such as the Best FerrUPS series and other voltage regulators and line conditioners that use a ferro-resonant transformer where there's an L-C tuned circuit as part of the power transformer. Other motor loads may care to some extent. Analog electric clocks will run slow or fast, no big deal. Lower freqencies are harder on marginally designed transformers which may not have enough core material. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: UPS and generator interaction?
On Mon, 29 Mar 2004, Mike Lewinski wrote: But, on a minor note that probably won't affect your Symmetra but I'm posting in case anyone else here can shed light on we had a power event this AM. The transfer switch did it's magic and all was good... Except for two new APC1400's- they failed once the batteries drained. I triple-checked that they were on the right panel, played with sensitivity, even tried daisy-chaining one off a good working 2200. Nothing I did would convince the two 1400s they had power. Once the house power was restored they came back to life and look normal. I later learned that two of our colo customers with APC1400s had the same problem :( Other models (even a couple non-essential lower-end, dumb APC 450s and 650s) didn't blink at the generator power. Check generator frequency. If it has a mechanical governor, you may need to replace it with electronic. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: net-co-op (was Re: who offers cheap (personal) 1U colo?)
On Wed, 17 Mar 2004, Daniel Medina wrote: On Wed, Mar 17, 2004 at 02:01:43PM -0700, Janet Sullivan wrote: Based on the response I've gotten off-list from people interested in sharing our resources know-how with each other, I've just registered net-co-op.org. ... Oh come on, what was .coop for if not this? :) People in the poultry business? :-) -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Cisco website www.cisco.com 403 forbidden?
Is it just me that they don't like? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Counter DoS
On Wed, 10 Mar 2004, Gregory Taylor wrote: After reading that article, if this product really is capable of 'counter striking DDoS attacks', my assumption is that it will fire packets back at the nodes attacking it. Doing such an attack would not be neither feasible or legal. You would only double the affect that the initial attack caused to begin with, plus you would be attacking hacked machines and not the culprit themselves, thus pouring gasoline all over an already blazing inferno. On the other hand, they could become immensely popular, reaching the critical mass when one of them detects what is interpreted as an attack from a network protected by another. Grab the popcorn and watch as they all bludgeon each other to death. :-) -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Lawsuit on ICANN (was: Re: A few words on VeriSign's sitefinder)
On Thu, 26 Feb 2004, Deepak Jain wrote: Since no one else has mentioned this: http://biz.yahoo.com/rc/040226/tech_verisign_2.html Looks like I need to stock up on popcorn. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
How does one reach a human being at ATT?
I have an ATT T-1 taking errors. Their trouble reporting number dumps me into the IVR from hell. It even has machines calling me back at intervals with status. The status says A test was run... No hint as to the results of the test. One of the choices is to say or hit 2 if you need further assistance. Doing so gets a response telling you to call their maintenance center which is the same machine that I used to generate the ticket in the first place. Furrfu! The telephone company doesn't have anyone to answer the telephone. Even Floyd[1] is looking pretty good at this point. Anyone have a secret number or touchtone sequence to share? Swearing at it doesn't work. This is a point-to-point circuit, not an Internet T-1. [1] http://www.sfgate.com/cgi-bin/article.cgi?file=/chronicle/archive/2003/02/21/BU227355.DTL -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
UUNet contact for security spambot?
Some well-intentioned person at UUNet, in an effort to rid the Internet of worms, viruses, and evildoers, has written a script that sends email in response to network scans. Repeatedly. Mail comes from [EMAIL PROTECTED] with a return path of [EMAIL PROTECTED]. We're getting complaints for an origin IP that neither originates on nor passes through our network. I'm not sure why UUNet or their robot assumes that we can help with the problem. Replies to the scripted mail appear to go to Dave Null. If a human at UU.Net could contact me off-list about this, it would be appreciated. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Bay area Earthquake
On Mon, 22 Dec 2003 [EMAIL PROTECTED] wrote: foxnews reporting 6.5 on the richter scale cant get more info than that http://quake.wr.usgs.gov/recenteqs/Maps/121-36.html It was quite noticable in Santa Barbara. Building swayed for a good 30 seconds, localized power failures for a few hours. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Apologies but...Verizon Postmaster?
On Fri, 21 Nov 2003, Charles Sprickman wrote: On Thu, 20 Nov 2003, Michael Loftis wrote: I have been trying for weeks to get in touch with someone who will respond with something other than a form letter at Verizon. Can someone please contact me off-list? My company (Modwest) is being unilaterally blocked. I can't even send mail to abuse, postmaster, etc. from an @modwest.com address because of the block in place without a reason and without recourse. Welcome to the club! I'm sure someone will get back to you shortly. But in the meantime, I can share my experience with this, and perhaps get some opinions on how wise their anti-spam measures are. AOL Me, too! /AOL In our case it's at the IP level. Our mailserver gets connection refused from their business mail servers at bizmailsrvcs.net. We got someone on the phone who was supposed to look into it a week or so ago. VZ was unable to tell me why we were initially blocked, but we were for a number of days. Not at the IP level, but at the envelope level; meaning that if you issued a mail from: with the domain in question, you'd get the 550 You are not allowed to send mail:sc004pub.verizon.net message. They couldn't tell us either. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Apologies but...Verizon Postmaster?
On Fri, 21 Nov 2003, Charles Sprickman wrote: On Fri, 21 Nov 2003, Jay Hennigan wrote: In our case it's at the IP level. Our mailserver gets connection refused from their business mail servers at bizmailsrvcs.net. We got someone on the phone who was supposed to look into it a week or so ago. Have a look at the logs on your primary MX. Part of their anti-spam solution seems to be a connection back to your primary MXer to check if the envelope from is valid or not. If you don't reply in the (very short) timeout period, the mail is rejected with a *permanent* failure. Hmmm... Our primary MX is Postini. And they won't even open a socket on TCP 25 so we don't get far enough to give them an envelope from. beach% telnet mta1.bizmailsrvcs.net 25 Trying 206.46.164.22... Connected to mta1.bizmailsrvcs.net. Escape character is '^]'. 421 oe-mp1.bizmailsrvcs.net connection refused from [199.201.128.19] Connection closed by foreign host. What's weird is that any random dialup or DSL can connect to them just fine. It seems like they've put our mail sender in a local blacklist but we truly hate and kill what few spammers crop up here on sight. It's a horrible design. It's useless for them on MTAs that just accept everything into the queue and work it from there (qmail, ?) and a pain to the sender if you happen to have your primary mx swamped in a spam attack when they try to query it. From what I can see, the timeout is *very* short and they do not try anything other than the primary mxer. I think it's two different issues, as ours is at a lower level. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: The Internet's Immune System
On Thu, 13 Nov 2003, Roy wrote: Unfortunately myNetWatchman is one of the wordt services I have seen. We can't even get them to send the reports to our abuse address. I've found that anything marketed starting with my is not something I would ever want to call mine. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Google down?
On Wed, 12 Nov 2003, Jim Wood wrote: Looks like google is down too ARIN and Google both work fine from AS4927. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: [Re: This may be stupid but.. ]
On Mon, 10 Nov 2003, Matt Levine wrote: So what you're saying is you want cisco to certify people's integrity? :) Bether them than Belkin. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: paging Motorola - please evacuate your ninja bots from route-views.oregon-ix.net
On Mon, 10 Nov 2003, Haesu wrote: Uhm... I think those ninja bots are in frozen-state. They probably logged off but their session may have been locked up in router vty. May be its time for route-views to go another reboot? Or someone with enable to clear line vty n and if necessary apply an access-class. Shouldn't have to reboot. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: SoCal fires
On Mon, 27 Oct 2003, John Kinsella wrote: On Mon, Oct 27, 2003 at 06:28:12PM -0500, Andy Grosser wrote: Secondly, anyone have any outage-related news for network traffic in San Diego, San Bernardino, Ventura, Orange, or LA counties? Besides SBC claiming that they can't provide support service to their DSL customers in Northern California due to the Southern California wildfires, no. I thought they were blaming that on sunspots. :-) somewhat smoky skies in Santa Barbara, much worse in Ventura. UPSes are beeping and lights flickering a bit more often than usual. Otherwise no real network impact here. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: No encapsulation command on IOS 12.2(12a) ??
On Fri, 24 Oct 2003, Roman Volf wrote: Show Version: Cisco Internetwork Operating System Software IOS (tm) 3600 Software (C3620-I-M), Version 12.2(12a), RELEASE SOFTWARE (fc1) flash image: System image file is flash:c3620-i-mz.122-12a.bin I'm trying to configure a FastEthernet sub interface for 802.1q VLANs, but theres no encapsulation command. I've googled it up for about 2 hours and have come up with nothing... the following command sequence is documented dozens of times: Any help would be appreciated. You have an IP-only image as shown by the c3620-i in the filename. For VLAN support you need at least an Plus image. Depending on your hardware this may require more RAM and/or flash. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Removal of wildcard A records from .com and .net zones
On Fri, 3 Oct 2003, Matt Larson wrote: VeriSign was directed by ICANN to suspend the Site Finder service by 0100 UTC on Sunday, October 5. This is not true. Verisign was not instructed to suspend the Site Finder service. Verisign, Google, Yahoo, Altavista, etc. were not instructed to suspend any form of site finder or search engine service. If you operate a good site finder, people will use it. Verisign WAS instructed to remove wildcard entries in .com and .net which pointed to Verisign's service (and broke several things in the process). We requested an extension from ICANN to give more notice to the community but were denied. Which community? The community to which you gave no notice before implementing it? The community which has been calling for it to go away ASAFP from the instant it appeared? We will be removing the wildcard A records from the .com and .net zones beginning at 2300 UTC on Saturday, October 4. The former behavior for these zones (returning Name Error/RCODE=3 in response to queries for nonexistent domain names) will be in place by 0100 UTC on Sunday, October. Thank you. The sooner the better. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Class A Data Center
On Thu, 18 Sep 2003 [EMAIL PROTECTED] wrote: On Thu, 18 Sep 2003 12:08:43 EDT, Bob German [EMAIL PROTECTED] said: Can anyone point me to a set of standards that define a Class A Data Center? I'm not asking for requirements, but an actual pointer to standards hammered out by an organization or governing body. must have connectivity from a Tier-1 provider? :) Both We have a Class A Data Center and We are a Tier-1 provider translate to I am a salesperson. HTH. HAND. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: blocking AS30060
On Tue, 16 Sep 2003, Will Yardley wrote: On Tue, Sep 16, 2003 at 01:04:18PM -0400, William Allen Simpson wrote: Are there any adverse side effects, that anybody can think of? One is that any mail destined for this host would probably sit in the queue for the maximum queue lifetime, generally about 4 days, before bouncing as undeliverable, rather than either being rejected immediately. On the other hand, if your routers have the CPU cycles to spare, an inbound access-list along the lines of deny tcp 64.94.110.0 0.0.0.255 eq 80 any [whatever other stuff you have] permit ip any any Will block their return traffic from tbe website (including the TCP ack) allowing them to cheerfully syn-flood DDoS themselves if enough people do this. This will kill the web traffic but allow mail. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Verisign brain damage and DNSSec.....Was:Re: What *are* they smoking?
On Tue, 16 Sep 2003 [EMAIL PROTECTED] wrote: How frikking many hacks will we need to BIND9 to work around this braindamage? One to stuff back in the NXDomain if the A record points there, another to do something with make-believe DNSsec from them. What's next? Well, you can always vote... http://www.forbes.com/2003/05/01/cx_ceointernetpoll.html Link courtesy of inet-access. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Change to .com/.net behavior
On Mon, 15 Sep 2003, Adam 'Starblazer' Romberg wrote: Looks like they pulled it now. [EMAIL PROTECTED]:/var/log$ host rarrarrarrarblah.com rarrarrarrarblah.com does not exist (Authoritative answer) They haven't implemented it on .com, only .net . -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Cross-country shipping of large network/computer gear?
On Wed, 27 Aug 2003, Matthew Zito wrote: I was wondering if anyone could provide any advice or suggestions on shipping heavy/bulky equipment (~300 pounds, about a half-rack worth of gear) on short notice cross-country? We're obviously looking to minimize cost, but realistically it can't be in transit for more than two days. Are there any companies or methods people would recommend? Thanks in advance for the help. FedEx, or Forward Air. FedEx - Door-to-door, reliable, easy to do business with. Forward Air - Terminal to terminal. You deliver it to their facility near an airport, they deliver it to a terminal near the destination airport. This means that you need guys and a truck at both ends. A bit more trouble than FedEx to do business with. You'll typically need to palletize your gear. http://www.fedex.com/ http://www.forwardair.com/ -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Sobig.f surprise attack today
On Fri, 22 Aug 2003, Owen DeLong wrote: OK... Maybe I'm smoking crack here, but, if they have the list of 20 machines, wouldn't it make more sense to replace them with honey-pots that download code to remove SOBIG instead of just disabling them? Let's use the virus against itself. At this point, I think that's a legitimate countermeasure. Start coding, you've got twelve minutes. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Sobig.f surprise attack today
On Fri, 22 Aug 2003, Andrew Kerr wrote: Its been posted here, and f-secure has it, but I wrote a quick script to keep an eye on the 20 servers and dump the output to a simple page: http://207.195.54.37/sobig.html (Updates about every 5 mins) You're probing the list of NTP servers the worm uses to get the date, not the list of hosts to which it phones home. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Did Sean Gorman's maps show the cascading vulnerability in Ohio?
On Mon, 18 Aug 2003 [EMAIL PROTECTED] wrote: The reason for that is that if one does not call call before dig, one would be liable. If one does call and misunderstands, the survey company would be liable. So those companies prefer to leave very clear marks. The way it works in California is that the digger marks the work area in white paint and submits the location to the USA hotline. The hotline distributes this to all of the utilities, which then mark the location of their underground facilities, color coded (Blue - water, Red - power, Orange - telco/cable, Yellow - gas). The digger must will take care not to damage anything marked. http://www.digalert.org/ -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: East Coast outage?
On Sat, 16 Aug 2003, Chris Adams wrote: Basic physics. To run DC at the power levels required, the wire would have to be over 100 feet in diameter IIRC. Look up the Edison vs. Tesla power arguments for all kinds of information on AC vs. DC. Edison and Tesla's arguments took place long before switching power supplies and the development of insulating materials capable of withstanding hundreds of kilovolts. The size of the conductor is a function of IR losses. Losses are a function of the resistance of the conductor and the current passing through it. By raising the voltage, the current drops proportionally for the amount of power delivered, and hence the conductor size also drops. The problem in the Edison/Tesla days was a practical way to convert high voltage DC to low voltage (120 volts or so) power for distribution to homes and businesses. 200KV light bulbs and switches are kind of impractical for home use. :-) The advantage of AC is that a simple transformer can be used to step down the voltage from transmission to distribution levels. Before high voltage semiconductors and switching supplies, high voltage DC transmission was useless as there was no practical means to convert it to the lower voltage levels useful in homes. Rotary motor-generator sets would have been the only choice. Huge, not very efficient, lots of (big) moving parts. Not trivial to maintain. AC still makes sense for distribution, but HV DC transmission lines are becoming the norm. Think about some very large SCRs and associated parts to convert to AC for distribution. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: [connie.davis@mail.internetseer.com: answerpointe.cctec.com]
On Sat, 9 Aug 2003, Eric Germann wrote: As the owner of answerpointe, I think it would be a shame to kill it because it does get a significant number of hits with legitimate searches. Stripping emails would seem to make it impossible to make inquiries of the collective knowledge of NANOG. Whether its webcrawling answerpointe or Ftp'ing the archive from MERIT, the net result is the same. You also have the sporadic people who say for whatever reason, I said something on NANOG I shouldn't have because now that I am unemployed from a dot bomb, when I try to get a job, they search the web and these stupid posts I made show up in your archive and can you remove them so I can get a job??? I explain to them the concept of an an archive. Whats the collective voice of NANOG say, keep it or kill it? It is likely that anyone who has posted to NANOG for any length of time also has his/her email address strewn throughout the 'net in numerous places where spammers troll. I'd keep it as is. Archives are a good resource and help to keep the noise ratio down. One option would be to make the archives only available to the members of the list. This gets tricky as some form of authentication would then be needed and it's difficult unless the archive and the list are under the same administrative entity. A quick google seems to indicate that internetseer are well-known and persistent spammers, and they've hit several spamtraps of ours. Giving them a static route to null0 wouldn't be a bad thing. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: Cisco IOS Vulnerability
On Thu, 17 Jul 2003, Mikael Abrahamsson wrote: IS anyone seeing this exploited in the wild? It'd be good to know if we need to do panic upgrade or can schedule it for our next maintenance window (which is during the weekend). Well, there's this from Wednesday afternoon... - Dear ATT IP Services Customer: - - Please be advised of the following: - - This is a preliminary notification to inform you that ATT IP Services - experienced an impairment that may have affected some customer traffic - on the West Coast. [The above is is a mild understatement...] - Our Network Engineers have resolved the issue and are currently - investigating the root cause. A follow-up email will be sent at - the conclusion of the investigation with more information. [Nothing received yet...] This was rumored to be a backhoe fade but the advisory refers only to IP services and there was nothing in the popular press about any major phone outage, so I have my suspicions. Usually if there's a fiber cut they say so. About this time is when all of the major backbones began flooding the net with their notices of panic upgrades. (This is being typed while watching rows and rows of !!!). -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: New Cisco Vulnerability
On Wed, 16 Jul 2003, John Payne wrote: --On Wednesday, July 16, 2003 12:50 PM -0700 Gregory Hicks [EMAIL PROTECTED] wrote: From: Vincent J. Bono [EMAIL PROTECTED] Date: Wed, 16 Jul 2003 15:17:54 -0400 Hello All, There seem to be rumors going around that there is a new major Cisco vulnerability but only the major backbones are being given fixes right now. Not 100% true... Anyone with a Catalyst 4000/5000/6000 can get it - free. See this URL for details. http://www.cisco.com/warp/public/707/cisco-sa-20030709-swtcp.shtml Different vulnerability from what I hear. I'm hearing similar rumors, and Genuity has a planned emergency maintenance tomorrow morning, and there's some major weirdness with our ATT feed over the past half hour. The rumored vulnerability is IOS, not CatOS and supposedly causes a reload, not a telnet DoS. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: has anyone notice this ?
On Sun, 29 Jun 2003, Vicky Rode wrote: If a whole bunch of people are having the same issue and they're all on Time Warner in your neck of the woods, it probably isn't the cable modem hardware. --- vickyr exactly my point. Is Time-Warner associated with Charter Communications? There's a thread on Slashdot about their name servers being hijacked to point all requests to a set of rogue proxy servers. Another thread suggests a nasty form of spyware is responsible. The rogue proxy servers are apparently a man-in-the-middle password sniffer of some type affecting at a minimum HTTP and SSH. http://ask.slashdot.org/article.pl?sid=03/06/19/2325235mode=threadtid=126 I got the above link by email from someone following this thread but not set up to post to NANOG. If true, it makes the thread more NANOG-relevant than a simple case of poor service from a cable company. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: has anyone notice this ?
On Sat, 28 Jun 2003, Vicky Rode wrote: just wondering has anyone noticed http access issue (the page cannot be displayed) on time warner network ? i literally have to try 5 to 6 times to get to the page. i believe this problem just started a week or so back. It would be easier to troubleshoot if you used a browser that returned a meaningful error message. The page could not be found could be just about anything. DNS, routing, broken link, etc. Also, you don't indicate if you're a Time Warner customer trying to reach web sites elsewhere or a non-customer trying to reach sites on the Time Warner network. Your IP address or ISP's network and the URL of the site you're trying to reach, for example. i've even talked to few other people on socal.rr.com network and they are experiencing similar problems. is this socal.rr.com related or other regions are expediting same problems too. time warner's network status page shows everything is okay. It really depends on the nature of the failure. More information is needed. Have you queried the Time Warner support staff? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: has anyone notice this ?
On Sat, 28 Jun 2003, Vicky Rode wrote: It would be easier to troubleshoot if you used a browser that returned a meaningful error message. The page could not be found could be just about anything. DNS, routing, broken link, etc. --- vickyr i even tried the same thing under linux---mozilla and i get site name not found which i believe is less meaningful than ie :) No such domain is the Mozilla response. This points to a DNS issue, which is more useful than Page could not be displayed. What does dig give you for the domain? How about dig with a different name server specified? Also, you don't indicate if you're a Time Warner customer trying to reach web sites elsewhere or a non-customer trying to reach sites on the Time Warner network. Your IP address or ISP's network and the URL of the site you're trying to reach, for example. - vickyr i'm a time warner end-user trying to access outside world which could be anything. Nag their tech support. Have you queried the Time Warner support staff? --- vickyr yes i have and they think it could be the cable modem box and have issued a replacement. i sure hope they have a good stock because vickyr i know whole bunch of people who are having similar problems. It's those Warner Brothers Acme brand modems. Same outfit that makes all of Wile E.s stuff. It's probably also an Acme nameserver. Seriously, you should use some other tools such as name lookup to find the IP address of the site in question. If it fails with their default resolvers, try a different resolver. Then see if you can get to the site (or a default site on the same server) by IP address, use traceroute, etc. maybe its time to buy some 3com stocks :) If a whole bunch of people are having the same issue and they're all on Time Warner in your neck of the woods, it probably isn't the cable modem hardware. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
RE: Spam and following the money
On Wed, 18 Jun 2003, Lars Higham wrote: Joe, While I agree with all of your points individually, I would say that only one of them doesn't work for 'following the money'. This one being the pump-and-dump. Everything else involves a sale of some sort - Send those to [EMAIL PROTECTED]. They work quietly and in the background, but they carry an impressive mallet. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: AC/AC power conversion for datacenters
On Tue, 2 Jun 2003, Matthew Zito wrote: This is marginally related to the power discussions earlier, but does anyone know of a product that steps up 120V AC to 220V AC and is reasonably datacenter-friendly? We're looking at an environment where there's no 220V available - but we only need ~7 amps so conversion could be possible to my high-school-physics mind. I've found some products that seem to be appropriate, but they're geared towards a more industrial purpose. Is there a rackmount 120-220V converter that people out there have used and would recommend? It's called a transformer. Only 7 amps at 240V is 1.68 KW. This will be rather large and heavy, typically the kind of thing more suited to a NEMA box than a rack mount. It will also consume about 14 amps from the 120V circuit, so it should be on its own breaker. You could mount such an item on a chassis with a rack panel if so inclined but doing such will not likely be in compliance with UL or electrical codes. For a more rack-friendly type of solution, some form of switching supply inverter might work instead of a transformer working at line frequency, but it will be either expensive or not have a clean sinewave output or both. These rectify the input to DC, then use a higher frequency switcher to generate AC with a smaller, lighter transformer, then electronically reconstruct a 60-Hz AC output. I can't recommend a supplier or even say for sure that such an item is available as a stock unit. For that type of power consumption, a 240-volt supply (may be 208 depending on the source feed) is your best bet. I'd question the not available statement to be sure, as if 208 or 240 isn't available, then 14 amps at 120 is probably going to be marginally available. -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
