Re: qwest outage?
Daniel wrote: > Anyone currently aware of a Qwest outage? My qwest sites are down, even > qwest.com <http://qwest.com> > > daniel Nope. traceroute www.qwest.com traceroute to www.qwest.com (155.70.40.252), 30 hops max, 40 byte packets 1 192.168.255.1 (192.168.255.1) 0.287 ms 0.232 ms 0.332 ms 2 stayton2-stinger-gw.wvi.com (67.43.68.1) 7.627 ms 7.986 ms 7.097 ms 3 wvi-gw.wvi.com (204.119.27.254) 7.637 ms 8.202 ms 7.607 ms 4 69.59.218.105 (69.59.218.105) 8.889 ms 9.814 ms 8.926 ms 5 sst-6509-gi13-p2p-peak.silverstartelecom.com (12.111.189.105) 22.849 ms 20.245 ms 16.434 ms 6 sst-m10-fe002-p2p-6509-fa347.silverstartelecom.com (12.111.189.233) 10.069 ms 10.456 ms 9.801 ms 7 12.118.177.73 (12.118.177.73) 10.369 ms 11.057 ms 9.951 ms 8 gr1.st6wa.ip.att.net (12.123.44.122) 33.398 ms 32.790 ms 32.975 ms 9 tbr1.st6wa.ip.att.net (12.122.12.157) 37.985 ms 38.693 ms 37.595 ms 10 tbr2.sffca.ip.att.net (12.122.12.113) 33.806 ms 34.252 ms 34.272 ms 11 ggr2.sffca.ip.att.net (12.123.13.185) 32.995 ms 32.302 ms 32.994 ms 12 * * * (nothing after this, but I can bring up Qwest.com just fine.) -- Jeff Shultz
Re: Internet access in Japan (was Re: BitTorrent swarms have a deadly bite on broadband nets)
David Andersen wrote: http://www.washingtonpost.com/wp-dyn/content/article/2007/08/28/AR2007082801990.html Followed by a recent explosion in fiber-to-the-home buildout by NTT. "About 8.8 million Japanese homes have fiber lines -- roughly nine times the number in the United States." -- particularly impressive when you count that in per-capita terms. Nice article. Makes you wish... For the days when AT&T ran all the phones? I don't think so...
Re: issues with qwest
Philip Lavine wrote: Is anybody having issues with qwest? Always - but probably not in the fashion you presumably mean. What sort of issues? I can probably traceroute through them and all that stuff if you provide more info. -- Jeff Shultz
Re: ISP CALEA compliance
Jason Frisvold wrote: On 5/10/07, Jared Mauch <[EMAIL PROTECTED]> wrote: If you're not offering VoIP services, your life may be easier as you will only need to intercept the data. Depending on your environment you could do this with something like port-mirroring, or something more advanced. There are a number of folks that offer TTP (Trusted third-provider) services. Verisign comes to mind. But using a TTP doesn't mean you can hide behind them. Compliance is ultimately your (the company that gets the subponea) responsibility. Here's a question that's come up around here. Does a CALEA intercept include "hairpining" or is it *only* traffic leaving your network? I'm of the opinion that a CALEA intercept request includes every bit of traffic being sent or received by the targeted individual, but there is strong opposition here that thinks only internet-related traffic counts. - Jared (IANAL!) That would be something best brought up with a CALEA lawyer or one of the Trusted Third Party companies for an answer. I suspect that you probably ought to have the capability of getting both ends of the "conversation" (incoming & outgoing) as the warrant may be written that way. -- Jeff Shultz
Re: On-going Internet Emergency and Domain Names (kill this thread)
Patrick Giagnocavo wrote: On Mar 31, 2007, at 11:57 PM, Gadi Evron wrote: You do realize this post is not about Microsoft or IE 0days, right? Your words made it clear that it was. Generalizing from "Windows 0day" to "coordinate shutdown of DNS for evil domain in a timely fashion" is just obfuscating that the only reason to do so is because Windows is the way it is. As I see it, the problem at hand is the current Windows 0day. What Gadi is doing is concentrating on a tactic it is using to justify solving what he sees as a more general problem (DNS abuse) that could be used by an exploit to any operating system. By solving it, this could mitigate future problems. We're looking at the alligators surrounding us. Gadi is trying to convince us to help him in draining the swamp (which may indeed be a positive thing in the long run). Does that sound about right? -- Jeff Shultz
Re: On-going Internet Emergency and Domain Names
So, is there a list of domains that we could null-route if we could convince our DNS managers to set us up as the SOA for those domains on our local DNS servers - thus protecting our own customers somewhat? I won't discount the assertion that there is some sort of emergency occurring. I would however, like to see a bit of a reference to where we can learn more about what is going on (I assume this is the javascript exploit I heard about a couple days ago). Thanks. Fergie wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Gadi Evron <[EMAIL PROTECTED]> wrote: There is a current on-going Internet emergency: a critical 0day vulnerability currently exploited in the wild threatens numerous desktop systems which are being compromised and turned into bots, and the domain names hosting it are a significant part of the reason why this attack has not yet been mitigated. This incident is currenly being handled by several operational groups. ...and before people starting bashing Gadi for being off-topic, etc., I'll side with him on the fact that this particular issue appears to be quite serious. Please check the facts regarding this issue before firing up your flame-throwers -- this weekend could prove to be a quite horrible one. - - ferg -BEGIN PGP SIGNATURE- Version: PGP Desktop 9.6.0 (Build 214) wj8DBQFGDcayq1pz9mNUZTMRAj48AKCVdw3bZ63ryIAI6f/NSbABZR10VACg3iZf thCHKv5hpQ6Dqrq+iY4j1J8= =MoWp -END PGP SIGNATURE- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ -- Jeff Shultz
Re: [funsec] Not so fast, broadband providers tell big users (fwd)
Alexander Harrowell wrote: On 3/13/07, Todd Vierling <[EMAIL PROTECTED]> wrote: Critical mass is approaching. There's only so long that North American consumers can be held back from bandwidth-hogging applications and downloads while parts of the world have long since upgraded to 10Mbit/s bidirectional (and beyond) consumer-grade access speeds. Both cable and DSL providers are about to have a very loud wake-up call, and from here, I see absolutely zero uptake of newer technology and infrastructure to offset the inevitable. 768 ain't broadband. Buy Cisco, Alcatel, and Akamai stock! It certainly is - just ask the CALEA folks and as for who is pushing the bandwidth curve, for the most part it seems to be gamers in search of the ever shrinking ping time. I suspect they make up most of our >1536kb/sec download customers. What "parts of the world" have long since upgraded to those speeds - and how do they compare size-wise to the USA? We've got an awful lot of legacy infrastructure that would need to be overcome. I will happily agree that it would be nice to have higher upload speeds than DSL generally provides nowadays. What are cable upload speeds like? -- Jeff Shultz
Re: broadband routers security issues
This is why we specify our DSL modems configured as transparent bridged (routing optional) and when they go out the door they're already set up as inaccessible from the outside, even if the customer enables routing (I've seen one case in 5 years where the customer has done this without calling us for help first). Of course, I've discovered that we're also a bit unusual in that we use RFC 1483 Bridged mode and static IPs instead of PPPoE and DHCP for all our DSL connections. We wouldn't accept this sort of default open accessability from Linksys, D-link, Netgear, etc... - why should we accept it on our DSL/cable modems? Gadi Evron wrote: Hi guys. A guy named Sid recently wrote on securiteam (where I write as well) on an accidental discovery he made on the security of his home broadband router with its default settings. Apparently, he started by discovering he had port 23 open (which was telnet for the router rather than for him - we have all been there before). -- Jeff Shultz
Re: AS41961 not seen in many networks
Qwest appears not show it (traceroute dies at the first IP in their network) and Cogent and LambdaNET show a jump from 90ms to 170ms between their networks (in two different places depending on IP tracerouted) - but it does go through. -- Jeff Shultz
Re: Comcast Routing Issues: Northern NJ: Random Failures
Joseph S D Yao wrote: On Wed, Jan 03, 2007 at 03:04:17PM -0800, Payam wrote: Should have said... "I wasn't aware that the Internet was a Male ... that needed cleaning of the pipes" and see what they would have said! hahah either way... go comcast go! -Payam I'm sorry, you'll have to explain that one to me. No... that falls under TMI. Way TMI. -- Jeff Shultz
Re: today's Wash Post Business section
[EMAIL PROTECTED] wrote: On Thu, 21 Dec 2006 05:59:21 CST, Robert Bonomi said: How many people have a search engine as their 'home page' in their web browser? How many end-user types _don't_know_ about anything other than a web-browser/ mail-client for Internet access? And what percent of our operational issues are caused by that mindset? (Hint - how much smaller would the spam problem be if end users actually looked at their cable or DSL modem and wondered why the Tx/Rx lights were on steady even though nothing was apparently happening?) Google and Yahoo (and their toolbars) have replaced the address line. Which can lead to some confusion when you think the customer has just gone to your homepage, but instead has gone to the Google search page for the URL... and then you just hope your homepage is the first hit on it. What blows my mind is that from what I've seen the default install of IE7 doesn't include the Menu Bar displayed. :( -- Jeff Shultz
Re: MCI < - > Savvis in Chicago
From a Cogent link from Oregon: 7 v3490.mpd01.sjc03.atlas.cogentco.com (154.54.6.82) 18.385 ms 18.314 ms 18.809 ms 8 g6-0-0.core01.sjc03.atlas.cogentco.com (154.54.6.86) 19.347 ms 18.610 ms 18.175 ms 9 POS4-3.BR5.SAC1.ALTER.NET (204.255.174.209) 21.230 ms 21.989 ms 22.036 ms 10 0.so-2-1-0.XL1.SAC1.ALTER.NET (152.63.52.226) 22.185 ms 21.792 ms 21.888 ms 11 0.so-6-0-0.XL1.CHI6.ALTER.NET (152.63.64.202) 72.864 ms 63.310 ms 63.610 ms 12 POS6-0.GW6.CHI6.ALTER.NET (152.63.68.97) 67.207 ms 63.123 ms 63.336 ms 13 netlogic-gw.customer.alter.net (157.130.101.2) 63.872 ms 63.857 ms 63.425 ms 14 206-80-93-67.chi.netlogic.net (206.80.93.67) 63.792 ms 65.463 ms 63.194 ms Wallace Keith wrote: Similar- Boston to Chicago MCI- seeing high latency 6 3 ms 3 ms 3 ms 544.at-5-0-0.xr1.bos4.alter.net [152.63.24.222] 7 3 ms 3 ms 3 ms 0.so-4-0-0.xl1.bos4.alter.net [152.63.16.121] 891 ms95 ms95 ms 0.so-7-0-0.XL1.CHI6.ALTER.NET [152.63.65.161] 993 ms95 ms 92 ms pos6-0.gw6.chi6.alter.net [152.63.68.97] 1094 ms81 ms 83 ms netlogic-gw.customer.alter.net [157.130.101.2] 1187 ms 80 ms89 ms 206-80-93-67.chi.netlogic.net [206.80.93.67] Trace complete. H:\> -- Jeff Shultz Tech Support: 24/7/365 Stayton: 503-769-3331 Salem: 503-390-7000 [EMAIL PROTECTED]
Re: CO fire St. Johns Newfoundland
Fergie wrote: Bet it wasn't bizarre as the the fire tonight at Ft. Meade: http://www.msnbc.msn.com/id/15354940/ - ferg Hmmm. If it's the building I'm thinking of, it's in the oldest part of the base and well separated from the NSA compound.
Re: Broadband ISPs taxed for "generating light energy"
Joseph S D Yao wrote: On Wed, Oct 11, 2006 at 11:36:03AM -0700, Gregory Hicks wrote: ... My wife (Korean) tole me yesterday that the past weekend was "Chusok" (or Korean 'Thanksgiving' - Actually, the Harvest Festival)... So maybe India has something similar...? ... But why would the Harvest Festival be the Trickster Day? And next I expect to see a made-up etymology why Korean "Chusok" is so like Hebrew "Succoth". You don't remember the Korean general on M*A*S*H toasting with "L'chaim"? ...as we swerve ever further off topic. -- Jeff Shultz
Re: AOL Lameness
Along the lines of "a picture is worth...etc.." an actual example of an e-mail that is sent out generating that error would be very useful. I'm guessing that, from the page at the URL provided, AOL has decided that banning dotted quads from e-mails will cut down on the spam and phishing scams. They very well might be right. Mike Lyon wrote: OK, I should clarify this. The description that is on that link I put in my original e-mail doesn't actually describe what is happening, but that is the error they spit back at me. What really is happening is that the url that is in my e-mail and when you reolve it to an IP, if you do a reverse lookup on that IP, it comes back with a generic DNS entry that my colo provider has assigned to it. So the issue seems to be that the reverse DNS entry and the domain name don't match. But this isn't really an issue, a lot of providers do it this way. But why is AOL being lame with this? -Mike On 10/2/06, Matt Baldwin <[EMAIL PROTECTED]> wrote: Yes, I'm noticing this too. Very lame indeed. Doing a quick Google on it in the Groups it seems that it was a feature that was enabled earlier this year. My guess is they turned it off, then turned it back on. Anyone from AOL care to explain this behavior and what should be communicated to the end-user? Thanks. -matt On 10/2/06, Mike Lyon <[EMAIL PROTECTED]> wrote: > > Is anyone else noticing new AOL lameness that when you send an e-mail > to an AOL user and if the e-mail has a URL in it but the reverse > lookup of that url doesn't come back to that domain name that AOL's > postmaster rejects it and gives you this URL: > http://postmaster.info.aol.com/errors/554hvuip.html > > This has to be new policty for them because it never rejected them before... > > Ugh. > > -Mike > -- Jeff Shultz
Re: West Coast Fiber Cut?
Randy Bush wrote: as reported on outages mailing list. you will find the specifics as you catch up on your nanog reading randy Hard to argue that it ain't operational... fortunately we don't seem to be seeing any problems due to it here in the central Willamette Valley, OR. -- Jeff Shultz
Re: Armed Forces Information Service.
Niels Bakker wrote: * [EMAIL PROTECTED] (Ryan Bays) [Thu 28 Sep 2006, 15:37 CEST]: Greetings, Could someone responsible for the armed forces information service please contact me off list. Thanks. Best Regards, Ryan Bays Angelo State University If you're looking for a way to keep those pesky recruiters off-campus, other forums may be more applicable HTH HAND -- Niels. Considering that Goodfellow Air Force Base is located about 3-5 miles from the Angelo State campus (I was stationed there for 5 miserable months)I doubt this is a problem. I doubt he wants AFIS though - they're basically a news service, not an internet one. If it is who he wants though, he should try this: http://www.defenselink.mil/ I suspect however he's looking for the Defense Information Systems Network (DISN) and might be best served by going here: http://www.disa.mil/main/prodsol/data.html Supposedly there is a www.nic.mil as well, but it doesn't seem to be accessible from my location currently. -- Jeff Shultz
Re: Who wants to be in charge of the Internet today?
Sean Donelan wrote: The Business Roundtable, composed of the CEOs of 160 large U.S. companies, said neither the government nor the private sector has a coordinated plan to respond to an attack, natural disaster or other disruption of the Internet. While individual government agencies and companies have their own emergency plans in place, little coordination exists between the groups, according to the study. "It's a matter of more clearly defining who has responsibility," said Edward Rust Jr., CEO of State Farm Mutual Automobile Insurance Co., who leads the Roundtable's Internet-security effort. [...] Thus explainith why CEOs should not be responsible for this. I wonder if their CIOs or other techies have ever tried to explain the concept of a "CERT" to them. -- Jeff Shultz
Re: WSJ: Big tech firms seeking power
David Lesher wrote: Speaking on Deep Background, the Press Secretary whispered: I wonder just how much power it takes to cool 450,000 servers. . KwH = $111,000 /month in cooling. I don't know the area; but gather it's hydro territory? How about water-source heat pumps? It's lots easier to cool 25C air into say 10-15C water than into 30C outside air. Open loop water source systems do have their issues [algae, etc] but can save a lot of power The Dalles, OR is on the Columbia River just upriver of Portland by 80 miles or so. It has a large dam spanning what used to be Celilo Falls in it's front yard. Hydro territory doesn't even begin to define it... :-) "Eco-freak" territory also doesn't begin to define it, so the idea of piping water off the Columbia and returning it even 1/2 degree warmer is a non-starter. I'm amazed they let them put up tall cooling towers in "the historic, scenic Columbia River Gorge" (sorry, old political battle flashback)
Re: Open Letter to D-Link about their NTP vandalism
Rubens Kuhl Jr. wrote: It still would require him to answer the DNS requests. Only way to addres that is everybody outside DIX declare gps.dix.de as www.dlink.com in their resolvers. Oh, I see two things here - the first is that he's in charge of his DNS, which he probably isn't. DIX likely is, but that's minor. They'll probably support him in this. The second is that I was concatenating this letter and the also referenced Netgear letter, where they were doing refs by IP address instead of DNS like the D-Link is. Combine both of them - reject outside the DIX DNS requests outside the service area (or send them to a DLink CNAME as mentioned) and as a backup reject/redirect all NTP from outside to the gps.dix.de IP address at the edge. Belt and Suspenders as such. As for the bogus NTP data idea... how many people buying a consumer grade router like this even have a clue what NTP is, much less notice what it's doing to that box over in the corner? It won't affect their computer, therefore they won't care. It's just buzzwords on the box. -- Jeff Shultz
Re: Open Letter to D-Link about their NTP vandalism
Rubens Kuhl Jr. wrote: GPS.dix.dk service is described as: DK Denmark GPS.dix.dk (192.38.7.240) Location: Lyngby, Denmark Geographic Coordinates: 55:47:03.36N, 12:03:21.48E Synchronization: NTP V4 GPS with OCXO timebase Service Area: Networks BGP-announced on the DIX Access Policy: open access to servers, please, no client use Contacts: Poul-Henning Kamp ([EMAIL PROTECTED]) Note: timestamps better than +/-5 usec. I think he should use dns views to answer the queries to gps.dix.dk and either: ( a ) answer 127.0.0.1 to all queries from outside his service area ( b ) answer a D-Link IP address to all queries from outside his service area (which could lead to getting their attention; dunno if from their engineers or from their lawyers). Neither of which would solve the problem of his bandwidth being used by these, although (b) might actually serve to get their attention. Perhaps as a thanks to him for the public service he provides the DIX, all of the users at DIX could set their external routers to reject incoming NTP packets from networks other than their own? Or even combine that with (b), although it might be more effective if it targeted, oh, www.dlink.com instead of an IP address. Then at least it would not be taking up internal DIX bandwidth capacity. By no means am I encouraging legally actionable activity, however, and as noted, (b) just might be. -- Jeff Shultz
Re: Fed Bill Would Restrict Web Server Logs
Mark Borchers wrote: Strange thing is that we have exact the opposite here in Europe. There is a new bill that has been passed that forces us to keep al logs (mail and web) for at least 1 or 2 years. Vriendelijke groeten, Frank Louwers That is far scarier. Which hard drive vendor wrote that law? They're the only people who will benefit from it. -- Jeff Shultz
Re: The Backhoe: A Real Cyberthreat?
Jerry Pasker wrote: While it is always fun to call the government stupid, or anyone else for that matter, there is a little more to the story. - For one you do not need a backhoe to cut fiber - Two, fiber carries a lot more than Internet traffic - cell phone, 911, financial tranactions, etc. etc. - Three, while it is very unlikely terrorists would only attack telecom infrastructure, a case can be made for a telecom attack that amplifies a primary conventional attack. The loss of communications would complicate things quite a bit. I'll agree it is very far fethced you could hatch an attack plan from FCC outage reports, but I would not call worrying about attacks on telecommunications infrastructure stupid. Enough sobriety though, please return to the flaming. I agree with you on all points except the one you didn't make. :-) The point is: What's more damaging? Being open with the maps to EVERYONE can see where the problem areas are so they can design around them? (or chose not to) or pulling the maps, and reports, and sticking our heads in the sand, and hoping that security through obscurity works. The people who have the problem areas should already know about them and be designing around them. I'm sure that Sprint, for example, knows very well where backhoes have gone through it's fiber. Although it sounds like they may not know where all their fiber is... Joe Schmuck down on 2nd Street doesn't need to know about the problem areas and his input would likely be unwelcome. And no security or amount of redundancy is likely to be perfect - and these companies are in business to make money after all. Obscurity is not the entire answer. But it should be part of it. -- Jeff Shultz
Re: Cogent/Level 3 depeering
Alex Rubenstein wrote: 2. Level 3's assault method is to drop peering with Cogent, in hopes this will force Cogent to purchase transit to them in some fashion (does Level 3 have an inflated idea of their own worth?), also forcing them to raise prices and hopefully (for Level 3) returning some stability to the market. I think I'd bet that if L3 depeered Cogent, the last place cogent would go to buy transit to L3 would be L3. I'm not making value judgements on anything that has happened - both sides think that either tactically or strategically what they are doing is for the best. But when I said "purchase transit to them in some fashion" that allowed buying it from a third party as well - as long as it reaches L3 eventually. -- Jeff Shultz Network Technician Willamette Valley Internet Customer Service: 9am-5pm Weekdays Stayton: 503-767-1984 Salem: 503-399-1984 [EMAIL PROTECTED] Tech Support: 24/7/365 Stayton: 503-769-3331 Salem: 503-390-7000 [EMAIL PROTECTED]
Re: Cogent/Level 3 depeering
Simon Lockhart wrote: Yes, it could have - I'm led to believe that one of the parties does purchase transit. However, moving all that traffic over transit rather than peering would cost them a significant amount of money - and as they're running their transit service at extremely low cost, they probably would find it hard to fund the use of transit to reach the other party. Simon Okay, here is how I see this war... which seems to be the proper term for it. 1. Level 3 is probably annoyed at Cogent for doing the extremely low cost transit thing, thus putting price pressures on other providers - including them. So they declared war. 2. Level 3's assault method is to drop peering with Cogent, in hopes this will force Cogent to purchase transit to them in some fashion (does Level 3 have an inflated idea of their own worth?), also forcing them to raise prices and hopefully (for Level 3) returning some stability to the market. 3. Cogent's counter-attack is to instead offer free transit to all single homed Level 3 customers instead, effectively stealing them (and their revenue) from Level 3... and lowering the value of Level 3 service some amount as well. 4. Next move, if they choose to make one, is Level 3's. Fun. I think I'll stay in the trenches. -- Jeff Shultz
Re: Cogent/Level 3 depeering
John Payne wrote: If nobody filtered BGP at all (in or out), you would have the state you are expecting. However, you would have both a capacity problem, and an economic failure, as you may well end up with cogent trying to send all (much) of it's level3 destined traffic through a customer's connection with much smaller pipes... or overloading it's connectivity to one of its other peers. The economic failure comes because now you're expecting a third party to transit packets between cogent and level3 without being paid for it (and some of those connections are metered). Okay. I always figured that the difference between peering and transit was that you paid for one and not the other. I had no idea that when you bought transit from someone, you weren't automatically buying transit to _all_ of that providers other connections. Interesting. Balkanization of the Internet anyone? As one other commenter hinted at, it does sound like a recipe for encouraging multi-homing, even at the lowest levels. How many ASN's can the system handle currently? -- Jeff Shultz
Re: Cogent/Level 3 depeering
Matthew Crocker wrote: I opened a billing/support ticket with Cogent. I'm not planning on paying my bill or continuing the contract if they cannot provide full BGP tables and full Internet transport (barring outages). Luckily I have 2 other providers so I can still reach Level 3. I'm curious where in your contract you think Cogent guaranteed you connectivity to Level 3? Undereducated rant to follow... While I realize that the "nuke survivable" thing is probably an old wives tale, it seems ridiculous that "the Internet" can't adjust by routing any packets that used to go directly from Cogent to Level 3 though some 3rd (and) 4th (and) 5th set of providers that are connected in some fashion to both... Level 3 and Cogent can't be operating in a vacuums - if we can get to Kevin Bacon in 6 degrees, Level 3 and Cogent should be able to get to each other in under 30 hops through other providers. And why isn't this apparently happening automatically? Pardon the density of my brain matter here, but I thought that was what BGP was all about? I welcome any education the group wishes to drop on me in this matter. -- Jeff Shultz
Re: New N.Y. Law Targets Hidden Net LD Tolls
John Levine wrote: That's why some states (e.g. Texas) require that all toll calls be dialed as 1+ _regardless of area code_, and local calls cannot be dialed as 1+. If you dial a number wrong, you get a message telling you how to do it properly (and why). In some places that "solution" is _not_practical_. As in where the same three digit sequence is in use as a C.O. 'prefix', *and* as an areacode. (an where, in some 'perverse' situations, the foreign area-code is a 'non-toll' call, yet the bare prefix within the areacode is a toll call. Oh, it works technically, local is 10D, toll is 1+10D, but since they don't have permissive dialing, Texans have to memorize lists of local prefixes in order to be able to use their phones. Way to go. I agree that life would be simpler if there were some straightforward way to ask telcos whether a call from a->b was local or toll. R's, John Part of the problem is EAS (Extended Area Service), where for a flat rate (anywhere from $3-$13 that I've seen) your "local calling area" is greatly increased. The problem is that if you don't get the flat rate plan, it's a toll charge... all without having to dial the 1- (everything here is already 10D). Fortunately we are part of a local phone company, so checking on the EAS status of customers and making sure they get the appropriate numbers is easy. But we still make mistakes - and I'm sure it's very easy for other ISPs to give a new customer a number that's just in the "big city" next door (around 5-10 miles away), but is an EAS toll call. Personally I think they ought to make flat rate EAS mandatory and just roll the cost into the phone bill. -- Jeff Shultz
Re: How many backbones here are filtering the makelovenotspam screensaver site?
Mikael Abrahamsson wrote: On Thu, 2 Dec 2004, Suresh Ramasubramanian wrote: [EMAIL PROTECTED] 07:01:16 [~]$ dnsname 213.115.182.123 ua-213-115-182-123.cust.bredbandsbolaget.se Hosted on a cablemodem? Tch, tch, how the mighty have fallen Bredbandsbolaget sells ADSL (8 / 1 meg), ADSL2+ (24/1), VDSL (11/10) and 10/100 ethernet, never cable. They are running ADSL2+? Any idea what DSLAM/modems they are using? I'm afraid that my Swedish is insufficient (iow "non-existant") for working my way through their website, if the answer is even there.
Re: Mega DOS tomorrow?
[EMAIL PROTECTED] wrote: On Wed, 25 Aug 2004 14:53:44 EDT, Andy Dills said: So, slashdot is linking to some news sites that are reporting that Aleksandr Gostev from Kapersky Labs in Russia has predicted that a large chunk of the net will be shut down tomorrow. And here's the *real* reason why: XP2 SP2 goes on AU tomorrow... http://www.neowin.net/comments.php?id=23613&category=main Might be interesting to see how much of a traffic blip this causes. The Home Version has been up for a week or so now, hasn't it? It'll be more interesting to see how many businesses temporarily go out of business as they go around disabling the firewall on all of their XP Pro systems... -- Jeff Shultz Network Technician Willamette Valley Internet
Re: WashingtonPost computer security stories
Joe Johnson wrote: This was a great product, and the closest thing I have seen to a really easy Linux. I picked up an Lindows box for a friend that didn't have much for a PC budget, and played with it for a little while. It was really the only version I would ever consider replacing my Windows box with. BTW, what versions of Linux does everyone consider the easiest? I've tried a few I would try in certain places, but which do you all think is the easiest? Joe Johnson I don't know about "easiest" but I have a soft spot in my heart (and probably my head) for Mandrake Linux. On the spyware topic... it doesn't take spyware to take a connection down weirdly. I have one in the shop today that does connect - you can ping - but neither IE nor any other graphical app (it's WinXP Media Center Ed.) could see the internet connection. Ended up being Norton Internet Security's firewall - it was installed, but shouldn't have been running. No icon in the taskbar but uninstalling it did the trick. I've had similar experiences with Zonealarm in the past as well. -- Jeff Shultz Network Technician Willamette Valley Internet
Re: 2511 line break
** Reply to message from "Stephen J. Wilcox" <[EMAIL PROTECTED]> on Wed, 28 Jul 2004 00:50:19 +0100 (BST) > On Tue, 27 Jul 2004, Richard Welty wrote: > > > you can tell someone has become an intermediate driver because > > they start regularly trashing their brakes. > > > > you can tell someone has become an advanced driver when they > > learn how to go even faster while not trashing their brakes. > > brakes?? o thats what that other pedal is for.. Na - that's the clutch. -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Google?
** Reply to message from "Marco Davids (SARA)" <[EMAIL PROTECTED]> on Mon, 26 Jul 2004 17:28:00 +0200 > Google seems to fail on every search containing the word 'mail' ? > -- > Marco Davids > SARA High Performance Networking - Amsterdam Not for me: http://www.google.com/search?q=mail&sourceid=firefox&start=0&start=0&ie=utf-8&oe=utf-8 Results 1 - 10 of about 318,000,000 for mail [definition]. (0.27 seconds) News results for mail - View today's top stories E-mail turns the Smith and Spencer rivalry into a personal ... - Telegraph.co.uk - Jul 24, 2004 Mail on Sunday - The Scotsman - Jul 24, 2004 Web-based e-mail serves individuals better than corporations - Newsday - Jul 24, 2004 Mail.com Full e-mail address Password Member Login Select Site: Mail.com Mail.com Beta Forgot Your Password? Click here to sign up: ... Copyright 2004 mail.com Corp. ... www.mail.com/ - 10k - Cached - Similar pages - Stock quotes: EASY Yahoo! Mail - The best web-based email! Yahoo! Mail helps me stay in touch. New to Yahoo!? Get a free Yahoo! Mail account ? it's a breeze to stay connected and manage your busy life. ... mail.yahoo.com/ - 24k - Cached - Similar pages Sign-in Access Error Free web-based e-mail. 2MB e-mail storage, signatures, stationery, HTML compatible. www.hotmail.com/ - 11k - Cached - Similar pages -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: T1 short-haul vs. long-haul
One word of caution on that - we had a customer who got 4 separate 1M/1.5M ADSL circuits - all to the same DSLAM. Ended up that the telco had only provisioned that DSLAM with a single T1, and was apparently unable to upgrade that, negating any advantage to the multiple DSL's. It was a remote DSLAM, not in a CO, btw. If you don't have a point to point circuit, make sure the upstream has sufficient bandwidth to support what you are ordering. ** Reply to message from "Jon R. Kibler" <[EMAIL PROTECTED]> on Wed, 21 Jul 2004 12:44:46 -0400 > Andre: > > If your distance for the short-haul is less than 10 miles or so > (line-of-sight), I would go wireless. Reasons: >a) you can get 10-30MBps on wireless vs. 1.4Mbps for T1. >b) if you already have an antenna or other high-point, you can own > the wireless network for about what the Telco would charge for a T-1 > over about a year. > > If you really want a wire circuit, for long-haul or short-haul, > consider multiple xDSL connections. For example, under the current > pricing we are seeing, we can install 8 ADSL circuits for about what > one T-1 would cost. With 8 ADSLs, you would be getting >10 Mbps inbound > and 2.8Mbps outbound -- equivalent to 8 inbound T-1s and 2 outbound > T-1s for the same price as a single T-1. > > Just some thoughts. > > Jon Kibler > -- > Jon R. Kibler > Chief Technical Officer > A.S.E.T., Inc. > Charleston, SC USA > (843) 849-8214 -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Spyware becomes increasingly malicious
** Reply to message from "Alexei Roudnev" <[EMAIL PROTECTED]> on Wed, 14 Jul 2004 22:52:07 -0700 > > May be, idea was that people read 'license', click button (I agree) and > follow it - never write a code which violates this license? But it is not > true - 99.99% people do not read it and behave as a common sense is saying > not as [EMAIL PROTECTED] MS lawers fictioned... They see a wall wih a gates - and > they go > thru this gates, no matter what is written on the posters around (except, as > I said, if they see an angry dog next to the gate). /On the other hand, they > knows that coffee is hot and waterfall is dangerous and dogs can bite -:)/. > You must design yous system for this behavior, not for people who _read a > license_. This licenses are good only for 2 goals - (1) use them as a toalet > tissue; (2) in case of serious violation allows to suite user if he is in > USA... -- they do not change people behavior even a bit. Unfortunately, > Internet is not in USA, so even if we will have 100 strict laws prohibiting > spyware, it will not help to fight this pests and pets... System must > defend itself. > For awhile there, one of the top tech support issues we had to deal with was new - and automatically implemented - "feature" in Outlook Express that blocked a person from running or saving something that Microsoft considered a "dangerous file attachment." Such dangerous file attachments included .jpg, .pdf and music files. Oddly enough, it didn't seem to include .doc or .xls files. You know, the ones that actually can contain macro viruses. Because of Microsoft's ham-handed and "all or nothing" attempt at security many people now don't trust or ignore any warning messages they may receive - they simply want to view their file attachments. -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: OT: Re: Critters
** Reply to message from "Tom (UnitedLayer)" <[EMAIL PROTECTED]> on Mon, 12 Jul 2004 12:31:07 -0700 (PDT) > On Mon, 12 Jul 2004, Jeff Cole wrote: > > Marshall Eubanks wrote: > > > Reliance Infocomm is installing 80,000 km of fiber in India. I wonder if > > > they have any tiger stories. > > > > Oh no. You find lions only in Kenya > > Lions and Tigers and Bears, oh my! > Err wait, which way to OZ again? Follow the yellow brick road, follow the yellow brick road hmmm, yellow. Does that mean it's a crossover? -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Attn MCI/UUNet - Massive abuse from your network
** Reply to message from [EMAIL PROTECTED] on Fri, 25 Jun 2004 17:12:45 +0100 > Remember, that packet switched networking > originated with the desire to build a telecom > network that could survive massive destruction > on the scale of a nuclear war, but continue to > function. If we apply that kind of thinking to > planning network deployment then there should be > little extra risk from terrorist knowing where > the vulnerable points are. Spread the risk > by spreading the vulnerable points. I thought the old "nuclear survivable" argument was killed off years ago - I seem to rember it being refuted in "Where Wizards Stay Up Late." Packet switched networking originated with a desire to see if it would work And you are welcome to assume the expense of spreading the vulnerable points. -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Attn MCI/UUNet - Massive abuse from your network
** Reply to message from Brad Knowles <[EMAIL PROTECTED]> on Fri, 25 Jun 2004 18:14:43 +0200 > At 8:44 AM -0700 2004-06-25, Jeff Shultz wrote: > > > At least if someone in this "clearing house" sells it to the > > terrorists, they will have had to work for it a bit, instead of having > > us hand it to them on a silver platter, as the FCC seems to want. > > Not true. If the information is forced to be completely in the > open, then everyone knows it's not insecure and no one depends on the > fact that it was supposed to be kept secret. This is a case where > you are more secure the more open the information is -- indeed, as we > are in most cases, which is why we have the age-old security mantra > of "security through obscurity is not secure". > Do you realize that the basic element of security, the password, is based on the entire premise you just dismissed? And yet we still use them - and depend on the fact that they are supposed to be kept secret. The problem with being totally open about infrastructure is that there are some vulnerabilities that simply cannot or will not be fixed - wires sometimes have to run across bridges, redundant pumping stations are too expensive... in these cases is it not better to hide where these vulnerabilities are? The problem with your point is that even if the information is forced to be completely in the open, that is no guarantee that it will be fixed, and people _do_ depend on this stuff, regardless of its reliability or security. Do you really think that if we publish all the insecurities of the Internet infrastructure that anyone is gonna stop using it, or business, government, and private citizens are going to quit depending on it? Security through obscurity is not secure - but sometimes it's all you have. -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Attn MCI/UUNet - Massive abuse from your network
Has anyone noticed that the DHS plan is probably closer to the current status of things than the FCC one is? AFAIK, Currently this information _isn't_ required to be publicly reported. The FCC wants it to be. DHS would prefer that it be semi-public at best - just like Michael Dillion wants. Three options: 1. Status quo - no gov't reporting requirements 2. FCC proposal - completely public reporting requirements 3. DHS proposal - limited access reporting requirements Food for thought: Could an analyst, looking at outage reports over a period of time, build a schematic that would demonstrate that if you took out n points, you'd kill x% of data traffic in and out of $pickyourmetropolitanarea? If this analyst were working for Bin Ladin Some ad hoc terrorists, in a country crawling with US troops, with a communications infrastructure nowhere as advanced as the USA just managed to coordinate a multiple bomb attack simultaneously. What could they do here with the right information? Should we hand them this information freely? At least if someone in this "clearing house" sells it to the terrorists, they will have had to work for it a bit, instead of having us hand it to them on a silver platter, as the FCC seems to want. Let the flames continue. ** Reply to message from Scott McGrath <[EMAIL PROTECTED]> on Fri, 25 Jun 2004 11:22:51 -0400 (EDT) > Well said sir! > > Scott C. McGrath > > On Fri, 25 Jun 2004 [EMAIL PROTECTED] wrote: > > > > > > From the AOL theft article: > > > "The revelations come as AOL and other Internet providers have > > > ramped up their efforts to track down the purveyors of spam, which > > > has grown into a maddening scourge that costs consumers and > > > businesses billions of dollars a year." > > > > Interesting. An insider at a network operator steals > > a copy of some interesting operational data and sells > > it to a 3rd party with an interest in doing nasty things > > with said data. > > > > And if Homeland Security really does require all outages > > to be reported to a clearing house where only network > > operations insiders can get access to it, then what? > > Will someone sell this to a terrorist organization? > > > > Better to leave all this information semi-public as > > it is now so that we all know it is NOT acceptable > > to build insecure infrastructure or to leave infrastructure > > in an insecure state. Fear of a terrorist attack is > > a much stronger motive for doing the right thing > > than a government order to file secret reports to > > a secret bureaucratic agency. > > > > --Michael Dillon > > -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Unplugging spamming PCs
And all the spammers move to China where the FBI, DHS and police have no authority. Oh wait - you say they already have? ** Reply to message from "Larry Pingree" <[EMAIL PROTECTED]> on Thu, 24 Jun 2004 11:17:37 -0700 > Hi Joe, > > If only those who are approved email senders are allowed to be > accepted, this allows police, FBI, or DHS to go after only those who are > registered and abusing it. It's for the same purpose that we administer > car registrations, so that at the end of the day, someone is responsible > for the car. In this case, someone can be responsible for the domain and > mail server. In its current state, we are left way in the open. I don't > disagree that government control is un-desirable, but remember, at least > in my mind, even though it may be undesirable, it may be a necessary > action. Anyone know why we have to get a drivers license? How about a > passport? What about a SSN? All of these things are ways in which we > can have accountability. Without accountability we will remain in > anarchy. All that government does is bridge a gap when corporations, > which only do things for profit, will not collaborate on an appropriate > solution to a problem, even though one exists. > > -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Homeland Security now wants to restrict outage notifications
I think you (and possibly The Register) are overreacting. The DHS is doing what it is paid to do: Look for the worst case scenario, predict the damage. And the reporting requirements that the DHS is arguing against _aren't even in effect yet._ ** Reply to message from Scott McGrath <[EMAIL PROTECTED]> on Thu, 24 Jun 2004 14:05:56 -0400 (EDT) > I did read the article and having worked for gov't agencies twice in my > career a proposal like the one floated by DHS is just the camel's nose. > > I should hope the carriers oppose this. > > Now a call comes into our ops center "I cant reach my experiment at > Stanford". Ops looks up the outages Oh yeah there's a fiber cut affecting > service we will let you know when it's fixed. They check it's fixed they > call the customer telling them to try it now. > > Under the proposed regime "We know its dead do not know why or when it > will be fixed because it' classified information" This makes for > absolutely wonderful customer service and it protects public safety how?. > > > > Scott C. McGrath > > On Thu, 24 Jun 2004, Tad Grosvenor wrote: > > > Did you read the article? The DHS is urging that the FCC drop the proposal > > to require outage reporting for "significant outages." This isn't the DHS > > saying that outage notifications should be muted. The article also > > mentions: "Telecom companies are generally against the proposed new > > reporting requirements, arguing that the industry's voluntary efforts are > > sufficient." > > > > -Tad > > > > > > > > -Original Message- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > > Scott McGrath > > Sent: Thursday, June 24, 2004 12:58 PM > > To: [EMAIL PROTECTED] > > Subject: Homeland Security now wants to restrict outage notifications > > > > > > > > See > > > > http://www.theregister.co.uk/2004/06/24/network_outages/ > > > > for the gory details. The Sean Gorman debacle was just the beginning > > this country is becoming more like the Soviet Union under Stalin every > > passing day in its xenophobic paranoia all we need now is a new version of > > the NKVD to enforce the homeland security directives. > > > > Scott C. McGrath > > > > -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Interesting Occurrence
** Reply to message from [EMAIL PROTECTED] on Mon, 21 Jun 2004 12:44:50 -0500 > Okay... Here is a new one for me. Got a call from my dad saying he left > his PC on last night connected to his broadband. He went to log in this > morning and noticed a new ID in his user list - IWAP_WWW. He immediately > deleted is and called me. I had him ensure his critical updates we all > applied - they were. I had him ensure his antivirus was up to date - it > was (Norton Antivirus 2004). He is running XP Home. > > I searched the antivirus sites and elsewhere for references. Any idea if > there is a new vulnerability that has not been publicly released? Any > clues? > > Regards, > Brent Out of curiosity, was he running any sort of (including the XP one) of firewall software? -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: [Fwd: [IP] Feds: VoIP a potential haven for terrorists]
** Reply to message from Randy Bush <[EMAIL PROTECTED]> on Fri, 18 Jun 2004 14:30:13 -0700 > > I admit to having some sympathy for the FBI... they're in the middle of > > getting ripped up, down and sideways over failures over Sept 11 and > > other things, > > yep. try http://www.caedefensefund.org/overview.html Hmmm, but they aren't biased, are they? Any cites that aren't from the defendants? I'm not saying they aren't right, but that does appear a bit one-sided. -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: [Fwd: [IP] Feds: VoIP a potential haven for terrorists]
** Reply to message from Scott Weeks <[EMAIL PROTECTED]> on Fri, 18 Jun 2004 09:30:03 -1000 (HST) > On Fri, 18 Jun 2004, Suresh Ramasubramanian wrote: > > : Feds: VoIP a potential haven for terrorists > : By Declan McCullagh > > : The Senate's action comes as the FCC considers a request submitted in > : March by the FBI. If the request is approved, all broadband Internet > : providers--including companies using cable and digital subscriber line > : technology--will be required to rewire their networks to support easy > : wiretapping by police. > > > Anyone know yet if they've they said who would have to pay for it, and > what they specifically mean by "broadband Internet providers"? > > scott Pay for it? If I remember from CALEA, the providers pay for it (and eventually their customers), and as for "broadband Internet providers"... I'm guessing anyone who offers end user customers a circuit bigger than 53.333k. I admit to having some sympathy for the FBI... they're in the middle of getting ripped up, down and sideways over failures over Sept 11 and other things, and yet when they ask for more surveilance capabilities, they get ripped up, down and sideways for asking... -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Verisign vs. ICANN
I'm having fun figuring out how altering BIND (since I assume that is the basis of their arguements) rises to the level of conspiracy... IANAL, obviously. ** Reply to message from Bob Martin <[EMAIL PROTECTED]> on Thu, 17 Jun 2004 16:54:20 -0500 > Anything I/we can do to help the cause? > > Bob Martin > > Quoted from different thread: > > > >(note that verisign has amended their complaint against icann (since the > >court dismissed the first one) and i'm now named as a co-conspirator. if > >you reply to this message, there's a good chance of your e-mail appearing > >in court filings at some point.) > > -- Paul Vixie -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Even you can be hacked
** Reply to message from Richard Welty <[EMAIL PROTECTED]> on Fri, 11 Jun 2004 18:33:00 -0400 (EDT) > On Fri, 11 Jun 2004 17:51:00 -0400 (EDT) Scott McGrath <[EMAIL PROTECTED]> wrote: > > But wouldn't an interocitor with electron sorter option give you much more > > reliable packet delivery... > > that works fine until someone reverse the polarity of the neutron flow. And I thought this thread had a whiff of unreality when Randy announced that the internet would follow Henry's wishes, and Laurence thanked him for it -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Even you can be hacked
** Reply to message from Crist Clark <[EMAIL PROTECTED]> on Thu, 10 Jun 2004 14:54:07 -0700 > > It would be great if there always was a negligent party, but there is > not always one. If Widgets Inc.'s otherwise ultra-secure web server gets > 0wn3d by a 0-day, there is no negligence[0]. Who eats it, Widgets Inc. > or the ISP? > Just out of curiosity, what was the last 0-Day (not that I've heard of any, really) that made itself obvious by chewing up tons of bandwidth? Most of the nasty worms seem to be the ones that either do some efficient social engineering, or exploit a hole MS patched 6 months ago. In any case, I expect it would be negotiated on a case by case basis. But Widgets Inc. would operating from a position of weakness. Regardless of the circumstances, their systems did use the bandwidth. > So how about this analogy: Someone breaks into my house and spends a few > hours on the phone to Hong Kong. Who eats the bill, me or my LD carrier? > Neither of us was negligent. Depends on how nice your LD carrier is - with a police report they might cut you some slack. Otherwise... how many parents have been stuck with the bills for their teenage kids $200+ SMS bills? -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Even you can be hacked
** Reply to message from "Laurence F. Sheldon, Jr." <[EMAIL PROTECTED]> on Thu, 10 Jun 2004 13:06:43 -0500 > Jeff Shultz wrote: > > > > But ultimately, _you_ are responsible for your own systems. > > Even if the water company is sending me 85% TriChlorEthane? > > Right. Got it. The victim is always responsible. > > There you have it folks. A. Straw man B. Apple/Kumquat arguement Who is the victim here? The user who's computer was infected due to their own lack of responsibilty (and was not fixed... remember that part, _was_not_fixed_), or the ISP who isn't going to get a rebate on their upstream bandwidth bill that was in turn inflated by that customer. -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Even you can be hacked
** Reply to message from "Laurence F. Sheldon, Jr." <[EMAIL PROTECTED]> on Thu, 10 Jun 2004 12:39:41 -0500 > Sean Donelan wrote: > > > Does the water company fix your toilet if it leaks water? Or do you call > > a plumber? > > On the other hand, if the water company was sending pollutants in the > water you bought, there was a perceived responsibility upon the water > company. > > Now, which broken metaphor (leaky toilet, pollutant contaminated > stream) best fits the problem at hand? > > Take all the time you need, we will wait. That's an easy one. Leaky toilet - a properly maintained toilet doesn't leak and waste water, no matter what is in the inflow. If you want to drink from your toilet, that's your problem. We offer spam and virus filtering. We block many of the popular worm access ports at the edge and core (which can be a real pain). We offer a CD full of firewall, AV, and anti-spyware programs for the asking. But ultimately, _you_ are responsible for your own systems. -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: IT security people sleep well
** Reply to message from Eric Kuhnke <[EMAIL PROTECTED]> on Thu, 03 Jun 2004 13:16:44 -0700 > > The part about Telnet is truly scary... Among people who have "clue", > the biggest reason I have heard to continue running ssh1 is for > emergency access via hand-held smartphones or other pocket sized > devices. The Handspring Treo 180 and similar keyboarded cellphone-pda > devices don't have the CPU power necessary for a SSH2 key exchange, > unless I'm drastically mistaken about the FPU abilities of a 33 MHz > Motorola Dragonball... I wonder if they asked the people using Telnet if they were using over the internet - or inside a corporate intranet, shielded from the outside? -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: Lots of big web sites broken...SPOF
Maybe someone at the NOC kicked out a cable celebrating Avi's finish at the WSOP? (gotta tie the two threads together here...) ** Reply to message from Scott Weeks <[EMAIL PROTECTED]> on Mon, 24 May 2004 05:15:27 -1000 (HST) > Did they say what it was? I'd have a hard time believing it was a DoS, > given their architecture... > > scott > > > On Mon, 24 May 2004, cisco wrote: > > : > : looks like they are recovering now, akamai noc said its resolved. > : > : > : -- > : Simar > : [EMAIL PROTECTED] > : > : -- Jeff Shultz A railfan pulls up to a RR crossing hoping that there will be a train.
Re: FW: Worms versus Bots
** Reply to message from Chris Adams <[EMAIL PROTECTED]> on Fri, 7 May 2004 09:45:36 -0500 > Once upon a time, Alexei Roudnev <[EMAIL PROTECTED]> said: > > Any simple NAT (PNAT, to be correct) box decrease a chance of infection by > > last worms to 0. Just 0.%. > > The problem is that Joe User (or his kid) wants to run some random P2P > program without having to reconfigure NAT port mappings, so they have > all inbound connections mapped to a static internal IP. When the worms > come knocking, the connections go right through and the static IP system > gets infected, which then infects the Mom's computer, etc.; then you > have 2+ times as much worm traffic sourced from that single public IP > because there are multiple computers scanning. If Joe (L)User or his kid sets up his NAT that way... well, quite honestly he gets what he deserves. Protecting against active, deliberate stupidty is probably more than my job description coveres. I do get paid to clean up the mess afterwards however. And in at least one case I have set it up for a customer that they are behind a NAT that they can't reconfigure - 3 strikes and I was out of patience. But I suggest that in my experience the above sort of thing is relatively rare. > > NAT does help if you just put necessary port mappings in place (and only > for "secure" protocols). I don't know about that last part - do you consider http and ftp to be secure protocols? -- Jeff Shultz A railfan pulls up to a grade crossing hoping that there will be a train.
Re: What percentage of the Internet Traffic is junk?
So instead of trying to determine what percentage of internet traffic is junk, why don't we set up categories (I saw someone make a start at it a couple of messages back) and figure out what percentage of traffic fits under each category. We can come up with our own opinions as to which of those categories is junk. So I guess we would start with stuff that stands as a major category: e-mail, nntp, ftp, telnet, ssh, web... and then you start doing a lot of subcategorizations. I imagine it would start looking like a hierarchical org chart. ** Reply to message from Mike Damm <[EMAIL PROTECTED]> on Wed, 5 May 2004 11:51:19 -0700 > Very very very near to, but not quite 100%. Since almost all of the traffic > on the Internet isn't sourced by or destined for me, I consider it junk. > > Also remember that to a packet kid, that insane flood of packets destined > for his target is the most important traffic in the world. And to a spammer, > the very mailings that are making him millions are more important than > pictures of someone's grandkids. > > I guess my point is junk is a very relative term. A study would need to > first be done to identify what junk actually is, then measuring it is > trivial. > > -Mike > > -Original Message- > From: William B. Norton [mailto:[EMAIL PROTECTED] > Sent: Wednesday, May 05, 2004 11:21 AM > To: [EMAIL PROTECTED] > Subject: What percentage of the Internet Traffic is junk? > > > With all the spam, infected e-mails, DOS attacks, ultimately blackholed > traffic, etc. I wonder if there has been a study that quantifies > > What percentage of the Internet traffic is junk? > > Bill -- Jeff Shultz A railfan pulls up to a grade crossing hoping that there will be a train.
Re: "Network Card Theft Causes Internet Outage"
I admit, my first reaction was, "Maybe they should interview anyone that just brought in an empty router chassis and now has DS3's running..." (gotta keep a hot spare after all) ** Reply to message from "Stephen Sprunk" <[EMAIL PROTECTED]> on Tue, 4 May 2004 09:37:10 -0500 > Thus spake "Andy Dills" <[EMAIL PROTECTED]> > > Just in case any of you don't read slashdot: > > > > http://www.eweek.com/article2/0,1759,1583347,00.asp > > > > "Law enforcement officials said four DS-3 cards were reported missing from > > a Manhattan co-location facility owned by Verizon Communications Inc. The > > theft at 240 E. 38th St. occurred just after 10:30 p.m. on Sunday and is > > being investigated by New York City Police and members of the joint > > terrorism task force, according to NYPD spokesman Lt. Brian Burke. " > > One must wonder why the headline is "Network Card Theft Causes Internet > Outage" instead of "Carrier Sercurity Negligence Causes Internet Outage". > > S > > Stephen Sprunk"Stupid people surround themselves with smart > CCIE #3723 people. Smart people surround themselves with > K5SSS smart people who disagree with them." --Aaron Sorkin -- Jeff Shultz A railfan pulls up to a grade crossing hoping that there will be a train.
Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
** Reply to message from "Jonathan M. Slivko" <[EMAIL PROTECTED]> on Mon, 19 Apr 2004 13:57:43 -0400 (GMT-04:00) > -Original Message- > From: "Jeff Shultz, WIllamette Valley Internet" <[EMAIL PROTECTED]> > Sent: Apr 19, 2004 1:39 PM > To: "'[EMAIL PROTECTED]'" <[EMAIL PROTECTED]> > Subject: Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT) > > >I can burn a CD from ISO in about 5 minutes - how about you? > >I'm talking about XP users who haven't even updated as far as SP1. > >Win98 users who have never run an update in their life... > >Win2k users are usually the most patched up that I've seen - because > >that went into mostly business environments. > > > >This would at least get them up to the level of the playing field, > >where the routine updates are not as much of a hassle. Sure, you'll > >get the little old ladies and gentlemen who will drop by every month > >for their service pack fix, but that's just customer service. > > Doesn't Windows XP automatically do this by default currently? No, but it will ask you if you want to configure automatic updates. That's still not going to do much for the dialup user who has to download SP1. And we're also talking about the majority of customers who don't have WinXP - and won't be getting it. > If not, > it's something that Microsoft should consider setting to "ON" > automatically to help defend the users from hackers, and in the same > turn, help defend the ISP's network from being maliciously attacked or > used for illegitimate purposes. Then you come up against the "I don't want MS messing with my machine without my permission!" bunch. Who, incidentally, have a valid point. Turning the firewall on by default in SP2 is going to have... interesting results I imagine. Esp. in company environments that use Netbios over TCP/IP. I assume it will firewall 137-140/445 by default. >However - I do think that Windows needs > some more improvements in the area of security (which UNIX/Linux > already has). However - to Microsoft's credit, they seem to be doing a > rather nice job of actually beefing up their security practices. Now, > if only they could figure out how to make Outlook/Outlook Express more > security-concious because as of the time of this writing, the Outlook > Express/Outlook defaults are extremely unsafe. > > Does anyone have/care to post a URL that explains how to set Outlook > Express/Outlook to be more secure? > That's easy. In Outlook Express: Tools-->Options-->Read. Check the box "Read all messages in plain text" You've just massively improved OE's security. Outlook doesn't do this yet, does it? I haven't dug through Office 2003 much yet. -- Jeff Shultz Network Technician Willamette Valley Internet
Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
** Reply to message from Drew Weaver <[EMAIL PROTECTED]> on Mon, 19 Apr 2004 13:42:53 -0400 > -- Jeff said -- > > > Patches either need to be of a size that a dialup user doesn't have to > be dialed in for 24 hours to download and install them. Or .iso's > should be available for ISP's to download, turn into CD's and > distribute as appropriate. Wouldn't that be nice for a dialup user - > getting Windows Update on a CD-ROM from their ISP? > > To which I reply: > > It is somewhat unreasonable to think that ISPs should be responsible > for the security of its users' systems on a systematic basis. Responsible? No. Able to assist in maintaining that security (and thus that of the ISP's network)? Yes. >Another reason > the idea of a 'CD with updates' most likely wouldn't be effective is because > by the time the ISP produced the CD, the user got the CD, and installed it, > the patches would most likely not be the most recent available. I can burn a CD from ISO in about 5 minutes - how about you? I'm talking about XP users who haven't even updated as far as SP1. Win98 users who have never run an update in their life... Win2k users are usually the most patched up that I've seen - because that went into mostly business environments. This would at least get them up to the level of the playing field, where the routine updates are not as much of a hassle. Sure, you'll get the little old ladies and gentlemen who will drop by every month for their service pack fix, but that's just customer service. > Also, do you > realize how much the 'average technical school graduate type' makes just > from acquaintances who complain that their computers are slow, by simply > removing whatever "flavor of the month backdoor spam proxy virus" Ah, now you are talking about why I happily promote Ad-Aware and Spybot. >I bet a > good number of 'tech service calls' that companies such as PC On Call and > people who service residences get could've been avoided by patching in a > reasonable time period. And your problem with the local ISP having this stuff available for their users is? > However, awhile ago we tried an idea of sending out E-Mail alerts to > our customers whenever a critical update of "Remote execution" or worse was > released. We found that most of our users were annoyed by this, a different > time we used a network sniffing tool to find a few dozen handfuls of your > average home Dial-Up users who were infected with various malicious agents > (I.e. Nimda, et cetera) and we actually contacted those users, to let them > know and again we were met with more hostility. You definitely don't have our customers then. Our usually appreciate being told that their systems are screwed up. > From this interesting pattern I would surmise that users want their > ISPs to be hands-off unless the problem that they're causing is effecting > them directly. End users on the Internet see their connectivity as a right, > and not a privilege. I remember when I was 13 (that was only 11 years ago) Some of ours are like that. Most seem to realize their limitations and are happy to know that at some level we are looking out for them. BTW, for me 13 was many more years ago than that... RTM wasn't even in college yet, I imagine. > and I signed up for my Freenet account at the Columbus Public Library (I > believe it was, ? still is? Through OSU), they really made me feel like it > was a privilege to be using the Internet, and I honored that. Dial-up, or using their systems at the library? And you weren't paying for the privilege, at least not directly. > Its just difficult to explain from a professional level what the effects > these peoples' behavior (or lack there of) is having on the rest of the > community. Think of it like people who drive monster SUV's, they can afford > the gas, and the insurance so they don't believe that the harm that these > beasts do to our environment matter, because again its their god given right > to drive them. > That's a whole 'nuther horse to kill there. -- Jeff Shultz Network Technician Willamette Valley Internet
Re: Microsoft XP SP2 (was Re: Lazy network operators - NOT)
** Reply to message from Brian Russo <[EMAIL PROTECTED]> on Mon, 19 Apr 2004 10:51:18 -0400 > As far as mainstream users.. > * Software needs to patch itself, users aren't going to do it. > * Software needs to be intuitive, people interact with computers as if > they were doing 'real' things. Things like cut and paste are easy > because they make sense... > * Software patches need to WORK and not screw up Joe User's system, > believe me they won't "understand" that software is never bug-free, > they'll instead swear off installing patches in future. > * Software needs reasonable defaults.. this doesn't necessarily mean > turning every feature off. > * Wizards and/or a choice of 'starter' confs can be great. Patches either need to be of a size that a dialup user doesn't have to be dialed in for 24 hours to download and install them. Or .iso's should be available for ISP's to download, turn into CD's and distribute as appropriate. Wouldn't that be nice for a dialup user - getting Windows Update on a CD-ROM from their ISP? -- Jeff Shultz Network Technician Willamette Valley Internet
Re: google.
** Reply to message from "Micah McNelly" <[EMAIL PROTECTED]> on Fri, 16 Apr 2004 15:08:27 -0700 > is anyone having google reachability issues? > > /m Based on a traceroute I pulled as soon as I realized it, I think Savvis had a router problem. See hops 11 through 30. <[EMAIL PROTECTED]:/etc:633>$ traceroute 216.239.53.99 traceroute to 216.239.53.99 (216.239.53.99), 30 hops max, 40 byte packets 1 wvi-gw.wvi.com (204.119.27.254) 1 ms 4 ms 1 ms 2 d1-2-0-30.a01.ptldor02.us.ra.verio.net (206.58.80.161) 5 ms 2 ms 5 ms 3 ge-1-0-0.r01.ptldor01.us.bb.verio.net (129.250.30.145) 5 ms 5 ms 5 ms 4 p4-6-1-0.r04.sttlwa01.us.bb.verio.net (129.250.3.37) 10 ms 10 ms 7 ms 5 bpr2-so-5-2-0.SeattleSwitchDesign.savvis.net (208.173.50.65) 52 ms 51 ms 52 ms 6 acr2-so-6-0-0.Seattle.savvis.net (208.172.81.186) 51 ms 51 ms 53 ms 7 dcr1-loopback.SantaClara.savvis.net (208.172.146.99) 54 ms 73 ms 53 ms 8 bhr1-pos-0-0.SantaClarasc5.savvis.net (208.172.156.74) 53 ms 56 ms 53 ms 9 csr23-ve240.SantaClarasc4.savvis.net (216.34.3.98) 80 ms 81 ms 79 ms 10 bhr1-g8-2.SantaClarasc4.savvis.net (216.34.3.97) 53 ms 61 ms 53 ms 11 * csr21-ve240.SantaClarasc4.savvis.net (216.34.3.2) 80 ms * 12 bhr1-g3-0.SantaClarasc4.savvis.net (216.34.3.17) 58 ms 53 ms 53 ms 13 * * * 14 bhr1-g3-0.SantaClarasc4.savvis.net (216.34.3.17) 53 ms 53 ms 55 ms 15 * * * 16 bhr1-g3-0.SantaClarasc4.savvis.net (216.34.3.17) 53 ms 61 ms 53 ms 17 * * csr21-ve240.SantaClarasc4.savvis.net (216.34.3.2) 81 ms 18 bhr1-g3-0.SantaClarasc4.savvis.net (216.34.3.17) 53 ms 53 ms 53 ms 19 * * csr21-ve240.SantaClarasc4.savvis.net (216.34.3.2) 82 ms 20 bhr1-g3-0.SantaClarasc4.savvis.net (216.34.3.17) 54 ms 53 ms 53 ms 21 * * * 22 bhr1-g3-0.SantaClarasc4.savvis.net (216.34.3.17) 56 ms 53 ms 53 ms 23 * * * 24 bhr1-g3-0.SantaClarasc4.savvis.net (216.34.3.17) 53 ms 53 ms 54 ms 25 * * csr21-ve240.SantaClarasc4.savvis.net (216.34.3.2) 83 ms 26 bhr1-g3-0.SantaClarasc4.savvis.net (216.34.3.17) 56 ms 53 ms 58 ms 27 * csr21-ve240.SantaClarasc4.savvis.net (216.34.3.2) 87 ms * 28 bhr1-g3-0.SantaClarasc4.savvis.net (216.34.3.17) 55 ms 53 ms 53 ms 29 * csr21-ve240.SantaClarasc4.savvis.net (216.34.3.2) 82 ms * 30 bhr1-g3-0.SantaClarasc4.savvis.net (216.34.3.17) 54 ms 53 ms 56 ms -- Jeff Shultz Network Technician Willamette Valley Internet
Re: NetAdmin + sales on NANOG like places.
** Reply to message from Gerald <[EMAIL PROTECTED]> on Wed, 17 Mar 2004 14:22:25 -0500 (EST) > On Wed, 17 Mar 2004, Jonathan M. Slivko wrote: > > > > > I look forward to talking to you soon. > > > Jonathan M. Slivko [EMAIL PROTECTED] > > Sales/Network Operations Invisible Hand Networks, Inc. > > I am currently doing a little of both sales/network admin at my company > which competes directly with Jonathan's in the NYC market. I have some ?s > about (network admins + sales people) for nanog folk: > > - As much as I sympathize with JS's desire to get his company name > and information out, is this kind of E-mail encouraged/discouraged on > NANOG? (AUP: "Blatant product marketing is unacceptable." Does this fit?) > > > > Would NANOG as a group agree (I know...you can laugh now.) that requests > made here for suggestions are more often looking for technical people that > have purchased from a company than a slightly biased sales pitch from the > company you work for? > > I'm not an anti-capitalist, but I do like to attempt to keep the SNR down > and if companies force sales hats to the networking staff this will become > much more prevalent. Jonathan this isn't intended to offend you either, so > I hope you don't take it that way. > Not that I'm any sort of PTB here (or pretty much anywhere), but I would prefer that sales pitches of the type referenced be taken off list. So if we're polling & trolling, that's my opinion. -- Jeff Shultz Loose nut behind the wheel.
Re: Cisco website www.cisco.com 403 forbidden?
** Reply to message from "Todd Mitchell - lists" <[EMAIL PROTECTED]> on Mon, 15 Mar 2004 15:23:14 -0500 > | Behalf Of Jay Hennigan > | Sent: March 15, 2004 3:19 PM > | > | Is it just me that they don't like? > > Apparently they don't like me either. On top of that, they're running > Apache 1.0--not so good. > > Todd > > -- As of 12:40 Pacific whatever time, it's working for me. Metadata says the updated the page March 12th. -- Jeff Shultz Loose nut behind the wheel.
Re: Verification required for steve@blueyonder.co.uk, protected by 0Spam.com.
This is the future of e-mail, if something better at spam suppression doesn't come along. ** Reply to message from "Stephen J. Wilcox" <[EMAIL PROTECTED]> on Mon, 8 Mar 2004 21:08:10 + (GMT) > What is this.. I've had lots and lots from [EMAIL PROTECTED] whoever he is?! > > On Mon, 8 Mar 2004, James Edwards wrote: > > > > > NO ! > > > > On Mon, 2004-03-08 at 05:52, [EMAIL PROTECTED] wrote: > > > ATTENTION! > > > A message you recently sent to a 0Spam.com user with the subject "Re: Source > > > address validation (was Re: UUNet Offer..." was not delivered because they are > > > using the 0Spam.com anti-spam service. Please click the link below to confirm > > > that this is not spam. When you confirm, this message and all future messages > > > you send will automatically be accepted. > > > > > > http://www.0spam.com/verify.cgi?user=1079785893&verify=568107 > > > > > > > > > > > > This is an automated message from 0Spam.com. > > > Please do not reply to this Email. > > > > > > Looking for a free anti-spam service? > > > Visit us at http://www.0spam.com to find out more. > > > > -- Jeff Shultz Loose nut behind the wheel.
Re: dealing with w32/bagle
** Reply to message from JC Dill <[EMAIL PROTECTED]> on Fri, 05 Mar 2004 00:11:48 -0800 > At 07:39 PM 3/4/2004, Curtis Maurand wrote: > >Too many steps. > > Once it's installed and configured, this one is drag and drop: > > <http://www.hilgraeve.com/dropchute/> > > They also have a solution for dynamic addressing: > > <http://www.hilgraeve.com/KB/KnowledgeBase/index_html?topic=DropChute&article=30002> > > >DropChute can work with and connect to dynamic IP addresses through the > >use of the address server. ldap.dropchute.com. With the address server > >available to you, you can wait for calls on the Internet using a dynamic > >IP address assigned by your Internet service provider. Your DropChute will > >post the address on the address server so others can connect to you. > > jc Looks like IM with an accent on file transfer instead of chatting - if I'm not mistaken it requires both computers to be on at the same time? Please don't forget all those dialup users out there - they still outnumber the DSL's and cablemodems of the world. This needs to be store-n-forward in some way. -- Jeff Shultz Loose nut behind the wheel.
Re: dealing with w32/bagle
** Reply to message from "Laurence F. Sheldon, Jr." <[EMAIL PROTECTED]> on Wed, 03 Mar 2004 22:04:44 -0600 > Curtis Maurand wrote: > > > > Until there's an easy way of getting a file to your friend down the > > street that's as easy as sending an email, we're stuck with this. > > There are actually several, some with features much superior to using > email as the truck. > > The problem with them is: Nobody wants to consider them. Okay, so what are several ways to share files with a friend, where you don't share any accounts or passwords, and where only your friend will be able to access them? FTP'ing to a web site is out - you either have no guarantee that they'll be the only one to be able to access the file, or you have to mess with password protected websites, not something a person is going to do to send the kids photos to Grandma. -- Jeff Shultz Loose nut behind the wheel.
Re: Possibly even yet another MS mail worm
** Reply to message from "Mike Nice" <[EMAIL PROTECTED]> on Mon, 1 Mar 2004 07:23:07 -0500 > I just received 2 copies of Bagle.F, embedded inside a password-protected > zip file. Comes right through a full virus scan undetected. > > --- > Sent: Sunday, February 29, 2004 7:04 PM > Subject: Bad girl > > > I am from Taiwan but I study in Camden, New Jersey now. I like to know > people from different places . > password for archive: 87326 Okay, from an operational standpoint, who really wants a customer who would open this as a customer in the first place? It seems like it takes some seriously stubborn stupidity to do so. I'm beginning to think that we should start charging like insurance companies do... the more dumb things you do on the network, like opening stuff like this and spreading viruses, the more we get to charge you. Of course we'd have to have someone maintain a central database of customers that have suffered "accidents" like this so they couldn't benefit from switching ISPs... too many offenses and you pay -a lot- for your internet access on a tightly firewalled ISP where you can only access stuff by proxy servers - I'm sure you all get the idea. There are of course a million different reasons this won't work, but it is a nice dream, eh? -- Jeff Shultz Loose nut behind the wheel.
Re: How relable does the Internet need to be? (Was: Re: Converged Network Threat)
** Reply to message from Petri Helenius <[EMAIL PROTECTED]> on Fri, 27 Feb 2004 21:19:48 +0200 > [EMAIL PROTECTED] wrote: > > >20 years ago, 911 was able to say "unless you're the rare beast with a cell > >phone, basing it on the physical service address that the copper runs to would > >probably work alright in 99% of the cases". > > > >Let's not make the same mistake again. > > > > > > > So all IP phones should be outside of buildings and equipped with GPS or > Galileo receivers? > > Pete Does anyone actually offer a mobile IP phone service yet? Does anyone plan to? With Vonage you have to tell them where you are located so they can set your 911 service up to the proper 911 center. With cell phones it's based on the cell it comes into. If some sort of truly mobile IP based phone comes in, I'd guess that the provider is going to have to set it up to where the local router (or associated VOIP device) "listens" to the VOIP traffic for a 911 call, intercepts it and sends it to the local 911 center - my presumption is that they'll have to have a router of some sort in the local area to handle the mobile IP traffic. The GPS idea isn't a bad one either - since I think most new cell phones are coming out with this (it's been mandated, right?) it's a cheap addition and can be used by whatever the router redirects the call to for a better determination of the call center if the phone has the info. The easier solution would probably be for the "mobile IP phone service" to set it up as a dynamic address thing, where the phone number is assigned to the MAC address and the system updates a central index of what IP address is currently serving what phone number. And by whatever "DHCP" server assigned the address, that would be used to determine the 911 center most appropriate. As for the varied emergency numbers used throughout the world and such... if you are visiting a foreign country, take the time to figure out what the local (national) emergency numbers are. Much easier than an overly complex technological solution. Or add an "emergency" button on the phone that will send a signal that the switch will read as whatever the national emergency number is. Experience here: last summer I was at Ft. Campbell, KY, and a friend and I drove on the local interstate down to Nashville - when you get on the Interstate there you are in Tennesse, then you are in Kentucky for a short period (a few miles) and then back to Tennesse. I had to call 911on my cell for an accident and was connectted to a 911 center in Tennesee... but since I was on the Kentucky stretch of freeway they had to transfer me over to the local Kentucky 911 center. No problem. I suspect that as long as the VOIP 911 thing can get you "close" to the correct 911 center, they'll be able to handle the rest of the switching needed. And realistically - that's probably a better solution than trying to come up with an overly complex technological solution. These are supposed to be phones after all, not "dumb" ELT devices. Let the OT rants begin -- Jeff Shultz Loose nut behind the wheel.
Re: Stopping open proxies and open relays
** Reply to message from Adi Linden <[EMAIL PROTECTED]> on Fri, 6 Feb 2004 23:00:12 -0600 (CST) > > > There are valid reasons not to run antivirus software, > > > > And they are? > > P90w/32MB running Win95 used for email only... or insufficient finances > to purchase anti virus software... to name a couple. > > Adi That's not a valid reason. That's an excuse. http://www.grisoft.com - AVG has a very nice free version for personal use. And they obviously have the means to afford an internet connection Next? -- Jeff Shultz Loose nut behind the wheel.
Re: Unbelievable Spam.
** Reply to message from "Ejay Hire" <[EMAIL PROTECTED]> on Mon, 2 Feb 2004 15:01:19 -0600 > Personally, I don't like spam, but I tolerate the messages > that slip through to my mailbox as a penalty for my own > laziness in not tightening down my spam rules. Today I got > one that I couldn't believe. > > --snip-- > Spam Hosting - from 20$ per mounth. > Fraud Hosting - from 30$ per mounth. > Stoln Credit Cards, Fake ID, DL's. > Spam For free only from 1.02.2004 to 5.02.2004. > --snip-- > > > It's just wrong in my opinion, and exacerbated by the fact > that it was spammend to our abuse account. Their /24 just > fell off of my piece of the internet. Have I just been > blind to this all along, or are the spammers getting bolder? > > -Ejay This is known as "Rule #3" on n.a.n-a.e... Spammers are stupid. -- Jeff Shultz Loose nut behind the wheel.
Re: Verisign CRL single point of failure
** Reply to message from "Stephen J. Wilcox" <[EMAIL PROTECTED]> on Fri, 9 Jan 2004 13:20:18 + (GMT) > > The consolidation of network power in a single company creates its own threat > > to the critical infrastructure when a single certificate expires instead of > > being randomly distributed among several different organizations. > > I'm not sure whats involved in getting your own root certs added to browser/OS > distributions but theres nothing afaik that says Verisign is the sole company > providing this, presumably anyone else can agree with MS/whoever to have their > root certs added.. ? > I'm looking at the Certificate Authorities in my copy of Mozilla 1.5. I don't think I've added any, but these are the ones that are there: ABA.ECOM, Inc AOL Time Warner Inc. AddTrust AB America Online Inc. Baltimore Digital Signature Trust Co. Entrust.net Equifax Equifax Secure Equifax Secure Inc. GTE Corporation GeoTrust Inc. GlobalSign nv-sa RSA Data Security, Inc. RSA Security Inc TC TrustCenter for Security in Data Networking Thawte Thawte Consulting Thawte Consulting cc The USERTRUST Network VISA ValiCert, Inc. VeriSign, Inc. beTrusted And in IE 6.0 there seem to be about an equal number, many of them the same. So there appear to be alternatives to VeriSign (why is it that most of these companies have two capitals in their names?). I do remember seeing someone elsewhere complaining that he'd been trying to get his root cert added to Mozilla for two years now, so it may not be all that simple. -- Jeff Shultz Loose nut behind the wheel.
Re: MS's new antispam idea
** Reply to message from "Stephen J. Wilcox" <[EMAIL PROTECTED]> on Fri, 26 Dec 2003 14:23:05 + (GMT) > http://news.bbc.co.uk/1/hi/technology/3324883.stm > > Ok so in summary you have to use a bit of CPU to solve a puzzle before it lets > you send email. > > So either this doesnt work because spammers dont actually use their own PCs to > send email or we are talking about a whole new mail protocol, either way I'm > thinking this isnt going to work and its yet another publicity stunt. > > Steve I'm sure I've heard this one before, so it's not even a new idea... hope whoever came up with it originally patented it. 8-) Then again, maybe it was MS that I heard about the first time, and the Beeb is simply late to the game here. Has anyone calculated the increased server load, the extra storage needed for the now lengthened outgoing mail queue, and the extra bandwidth required to handle all this extra back and forth puzzle thing? YahooGroups and the like would definitely be impacted. It would be interesting to see what protections will be built into the puzzle thing as well... I can see some joker setting up his server to require that the sending computer calculate PI to some ridiculous number of decimals... although that might make a good honeypot. Or, if the puzzle is open source (which would be a good thing), how soon before the spammers (or even legit MTA authors) hardcode the answers into the server software? I suppose there would have to be some random elements. It is interesting as an extension it might be nice to be able to set up a "whitelist" of trusted servers that don't have to go through the computational gyrations to send you mail - that way it would, hopefully, eventually impact the spammers more than it would impact legitimate e-mail servers. -- Jeff Shultz Loose nut behind the wheel.
Re: Anit-Virus help for all of us??????
** Reply to message from [EMAIL PROTECTED] on Mon, 24 Nov 2003 15:43:34 -0500 > On Mon, 24 Nov 2003 22:24:58 +0200, Petri Helenius said: > > > that windowsupdate provided with 10+ critical and 10+ other updates (the OS > > had Service Pack 1 installed) > > > > The box should have been labeled "donĀ“t connect this device to the > > public internet". > > Question: What speed access is needed to guarantee "mean time to download > patches" is significantly less than "mean time to probed by packet-to-0wn" > (significantly == 20x lower still gives a 5% chance of getting 0wned while > patching)? I tend to install the freebie Zonealarm before hooking those systems up to the Internet Snake-Oil they may claim, but it does seem to chop the chances of my getting wormed before getting the updates downloaded. -- Jeff Shultz Loose nut behind the wheel.
Re: Anit-Virus help for all of us??????
** Reply to message from Sean Donelan <[EMAIL PROTECTED]> on Mon, 24 Nov 2003 13:29:57 -0500 (EST) > On Mon, 24 Nov 2003, Suresh Ramasubramanian wrote: > > Most if not all computers that are sold (branded ones at least) do come > > with an antivirus + "personal firewall" (aka snake oil firewall, as > > vernon schryver keeps saying on news.admin.net-abuse.email and > > elsewhere) package, with 6 months to a year of free updates. > > If most if not all computers that are sold include antivirus + personal > firewalls, who is selling all the computers being infected with worms, > virus, malware? You know that the best AV program in the world isn't going to amount to a hill of beans if the user doesn't 1. download updates, 2. run the occasional scan [1], and 3. pay for more updates past the 1 year mark (for those for which this is a requirement). Firewalls at least tend to be a bit more hands off... and I'd like to hear more about the "snake oil" parts. Doesn't the 1/2wall that XP ships with default to "disabled?" As for Malware... right now neither firewalls nor AV programs seem to stop it's installation. Personally I wish that there was something that we could install on customer machines that would absolutely and totally block the installation of net.net stuff, to the point of deleting any installation files that have been downloaded. [1] When cleaning a customer's Nachi infected machine, I discovered that the installed copy of NAV was completely up to date - but a system scan hadn't been run since July 2002. -- Jeff Shultz Loose nut behind the wheel.
Re: VeriSign to Sell Network Solutions Business
On Thu, 16 Oct 2003 17:41:52 +0100, Ray Bellis wrote: > >> Does anyone know if this includes ALL of Network >> Solutions or just the Registrar? Does Verisign >> plan to keep the Registry or does it go along >> with the Network Solutions sale? > >According to the press release they plan to keep the registry. > >Ray Wouldn't it be funny if after they sold the Registrar biz, ICANN took the Registry away from them for contract violations? We can only hope. -- Jeff Shultz Network Support Willamette Valley Internet [EMAIL PROTECTED]
RE: more on VeriSign to revive redirect service
ICANN threatened legal action before, effectively. Are they doing anything this time? On Thu, 16 Oct 2003 08:56:47 -0700, Owen DeLong wrote: > >He's right, and we should actually take our business elsewhere. >Unfortunately, >we can't. They have a monopoly. No matter what registrar we use to >register >our domains, that registrar is paying the part of Verislime that is >inflicting >this on us to run the REGISTRY for .com and .net. > >The only way to actually vote with our feet is to get ICANN to start working >on finding an alternative registry and cancel their contract with Verislime. >This will be difficult, awkward, and, may introduce short-term instabilities >in the network. > >I suspect Verisign will not participate in an orderly hand-over of the >necessary data without a court order, in spite of the provisions in their >contract requiring them to do just that. > >Owen > > >--On Thursday, October 16, 2003 9:31 AM -0400 "McBurnett, Jim" ><[EMAIL PROTECTED]> wrote: > >> >> All, >> I hate to agree but he is right. >> With companies like godaddy out there. >> Does it make sense to pay Verislime money to fund sitefinder and our >> headaches? >> >> To change this: what else can we do to prevent this? Does the last BIND >> version truly break sitefinder? >> >> >> Later, >> Jim >> >> ->-Original Message- >> ->From: Miles Fidelman [mailto:[EMAIL PROTECTED] >> ->Sent: Thursday, October 16, 2003 9:24 AM >> ->To: nanog list >> ->Subject: Re: more on VeriSign to revive redirect service >> -> >> -> >> -> >> ->Just out of curiousity, I wonder how many domain >> ->registrations those of us >> ->on nanog represent? Contract sanctions from ICANN are one >> ->thing, taking >> ->all of our business elsewhere might also be effective at >> ->getting a point >> ->across (though it might also backfire - pushing Verisign to >> ->be even more >> ->agressive at taking advantage of their positioning). >> -> >> ->Miles >> -> >> -> >> > -- Jeff Shultz Network Support Willamette Valley Internet [EMAIL PROTECTED]
Re: Blocking servers: Comcast accidently blocks gamers
Does anyone know what ports were blocked? On Tue, 14 Oct 2003 23:14:47 -0400 (EDT), Sean Donelan wrote: > > >People use the Internet for a lot of different reasons. Its not >all client/server access. End-to-end communications occurs between >many applications. Its always interesting to watch what things >break when ISPs start filtering ports, even if it happens accidently. > >http://news.com.com/2100-1043_3-5091176.html > >A Comcast representative confirmed that the problem was with the cable >company. A routine upgrade of the software some Comcast routers use >inadvertently blocked access to certain server ports, the representative >said, adding that the problem was fixed late Monday. ISPs commonly use >port-blocking rules to restrict access to a server that may be generating >hacking attacks or other objectionable activity. -- Jeff Shultz Network Support Willamette Valley Internet [EMAIL PROTECTED]
Re: ICANN Targets DDoS Attacks
*** REPLY SEPARATOR *** On 10/29/2002 at 3:54 PM Jared Mauch wrote: >On Tue, Oct 29, 2002 at 12:48:39PM -0800, Jeff Shultz wrote: >> >> >> >> *** REPLY SEPARATOR *** >> >> On 10/29/2002 at 3:40 PM [EMAIL PROTECTED] wrote: >> >> >On Tue, 29 Oct 2002 22:25:44 +0200, Petri Helenius <[EMAIL PROTECTED]> >> said: >> > >> >> Why would you like to regulate my ability to transmit and receive >> data >> >> using ECHO and ECHO_REPLY packets? Why they are considered >> >> harmful? >> > >> >Smurf. >> > >> >> Okay. What will this do to my user's ping and traceroute times, if >> anything? I've got users who tend to panic if their latency hits 250ms >> between here and the moon (slight exaggeration, but only slight). >> >> I just love it when I've got people blaming me because the 20th hop on >> a traceroute starts returning * * * instead of times. > > that's icmp ttl expired messages. I know that, and I try to explain it to my customers... but it doesn't answer the first part of the question - what will throttling ICMP do to ping and traceroute times? My gut reaction is that it will a. slow them down and/or b. discard a lot of them making the circuit look unreliable to ping. But I don't know enough about the underlying technology to be sure of that. -- Jeff Shultz Network Support Technician Willamette Valley Internet Not speaking for anyone but myself here.
Re: ICANN Targets DDoS Attacks
*** REPLY SEPARATOR *** On 10/29/2002 at 3:40 PM [EMAIL PROTECTED] wrote: >On Tue, 29 Oct 2002 22:25:44 +0200, Petri Helenius <[EMAIL PROTECTED]> said: > >> Why would you like to regulate my ability to transmit and receive data >> using ECHO and ECHO_REPLY packets? Why they are considered >> harmful? > >Smurf. > Okay. What will this do to my user's ping and traceroute times, if anything? I've got users who tend to panic if their latency hits 250ms between here and the moon (slight exaggeration, but only slight). I just love it when I've got people blaming me because the 20th hop on a traceroute starts returning * * * instead of times. -- Jeff Shultz Network Support Technician Willamette Valley Internet Not speaking for anyone but myself here.
Re: More federal management of key components of the Internet needed
I saw in a forum on ExtremeTech (where they had an article ranting about how the internet was almost brought to it's knees)http://www.extremetech.com/article2/0,3973,646157,00.asp that after the root servers attack the gTLD's were attacked as well, taking out .biz, .info, and .gov ... can anyone verify if anything happened? *** REPLY SEPARATOR *** On 10/23/2002 at 10:05 PM Alan Hannan wrote: >> I don't understand how giving the US federal government management >control >> of key components of the Internet will make it more secure. > > It worked for airline security. -- Jeff Shultz Network Support Technician Willamette Valley Internet 503-769-3331 (Stayton) 503-390-7000 (Salem) [EMAIL PROTECTED] ...most of us have as our claim to fame the ability to talk to inanimate objects and convince them they want to listen to us. -- Valdis Kletnieks in a.s.r
Re: WP: Attack On Internet Called Largest Ever
Does that include Paul, who was quoted? (Okay Paul - here's your chance to rant about how badly they misquoted you! ) *** REPLY SEPARATOR *** On 10/22/2002 at 7:11 PM Richard A Steenbergen wrote: >On Tue, Oct 22, 2002 at 05:15:21PM -0400, Sean Donelan wrote: >> >> http://www.washingtonpost.com/wp-dyn/articles/A828-2002Oct22.html >> >> The heart of the Internet sustained its largest and most sophisticated >> attack ever, starting late Monday, according to officials at key online >> backbone organizations. > >Looked like a pretty piddly and unintelligent smurf/ping flood combo to >me. The state of the so-called "experts" saddens me more with each passing >day. > >-- >Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras >PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6) -- Jeff Shultz Network Support Technician Willamette Valley Internet Not speaking for anyone but myself here.
Re: i think terroists are going to love ipv6
*** REPLY SEPARATOR *** On 9/25/2002 at 9:04 AM Joe Baptista wrote: >hey - the chiness are a speciality of mine ;) But spelling obviously isn't. -- Jeff Shultz Network Support Technician Willamette Valley Internet 503-769-3331 (Stayton) 503-390-7000 (Salem) [EMAIL PROTECTED] ...most of us have as our claim to fame the ability to talk to inanimate objects and convince them they want to listen to us. -- Valdis Kletnieks in a.s.r
RE: Vulnerbilities of Interconnection
*** REPLY SEPARATOR *** On 9/6/2002 at 11:26 PM Brad Knowles wrote: >At 2:01 PM -0700 2002/09/06, Jeff Shultz wrote: > >> Said tube electronics were apparently more survivable against EMP >> effects. Or was that the point you were making? I think the real >> surprise was a toggle switch that Belenko said was supposed to be >> flipped only when told over the radio by higher headquarters. It >> changed the characteristics of the radar sort of a "go to war" mode >> vs. the standard training mode. > > I wouldn't be too surprised. The Patriot has a clock problem, >and can't be left turned on for an extended period of time. There >are plenty of military systems everywhere in the world that have >various operational issues that may not materially reduce their >effectiveness in their official role, but which may make them less >suitable for other roles. Actually I suspect it was an anti-jamming feature. Think about it the jammers would all be programmed based on the training mode, which presumably we would have heard before. All off the sudden this thing is broadcasting an entirely new signal... >> Coonts has an inflated idea of what an outage there would do the the >> internet... but there is a lot of other stuff fairly nearby, isn't >> there? > > What do you mean by "nearby"? Do you count the "TerraPOP"? Do >you count Langley? I thought that MAE-East was somewhere around there? I know that there is a fair amount of high-tech in that particular area. I don't know how far away Langley itself is another target was basically "The Mall" where it took out a couple of fly-by-wire Airbuses. Interesting book from a techno-thriller standpoint. Just don't confuse it with reality. -- Jeff Shultz Network Support Technician Willamette Valley Internet 503-769-3331 (Stayton) 503-390-7000 (Salem) [EMAIL PROTECTED] ...most of us have as our claim to fame the ability to talk to inanimate objects and convince them they want to listen to us. -- Valdis Kletnieks in a.s.r
RE: Vulnerbilities of Interconnection
*** REPLY SEPARATOR *** On 9/6/2002 at 1:42 PM Al Rowland wrote: >Okay, > >If we're going to go off the deep end here, how about the effect of a >small yield air burst over $importantplace? Not designed to maximize >casualties/damage but rather EMP? A large number of senior military >officials got that 'deer-in-the-headlights' look a few decades back when >a deserter supplied "Soviet state of the art" fighter turned out to have >tube based electronics. :) Said tube electronics were apparently more survivable against EMP effects. Or was that the point you were making? I think the real surprise was a toggle switch that Belenko said was supposed to be flipped only when told over the radio by higher headquarters. It changed the characteristics of the radar sort of a "go to war" mode vs. the standard training mode. An interesting, if not totally professional evaluation of something like this is in Steven Coonts book "America" where terrorists take over an American nuclear submarine armed with a new type of Tomahawk warhead - an EMP warhead. One of the early targets is AOL HQ in Reston, VA., (I almost cheered). Coonts has an inflated idea of what an outage there would do the the internet... but there is a lot of other stuff fairly nearby, isn't there? -- Jeff Shultz Network Support Technician Willamette Valley Internet 503-769-3331 (Stayton) 503-390-7000 (Salem) [EMAIL PROTECTED] ...most of us have as our claim to fame the ability to talk to inanimate objects and convince them they want to listen to us. -- Valdis Kletnieks in a.s.r
Re: IP address fee??
Possibly because that is what they are still teaching them as in school? Seriously... I'm not sure that the teachers I had for networking and systems admin had ever heard of CIDR. The textbooks hadn't. It was a nice bump in the learning curve when I hit the real world. *** REPLY SEPARATOR *** On 9/5/2002 at 1:48 PM Richard A Steenbergen wrote: >On Thu, Sep 05, 2002 at 01:36:27PM -0400, Derek Samford wrote: >> Shane, >> There is a practice on that (At least here.). Generally we >> provide a Class C to our customers at no additional charge, but we have > >Why in this day and age, 9 years after the invention of CIDR, are we still >refering to "class C"'s? > >-- >Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras >PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6) -- Jeff Shultz Network Support Technician Willamette Valley Internet 503-769-3331 (Stayton) 503-390-7000 (Salem) [EMAIL PROTECTED] ...most of us have as our claim to fame the ability to talk to inanimate objects and convince them they want to listen to us. -- Valdis Kletnieks in a.s.r