Re: Who broke .org?
On Thu, Jul 01, 2004 at 11:12:31PM -0400, Joe Maimon wrote: Come to think about it, there was a thread here a while back about this very thing. root server robustness and all that. What number/timeframe reported .org hiccup does this make? It's at least the 2nd. Last big one was 10/16/2003. I lost mail as a result of this, so I'm not happy (nothing looks worse than a prospective employer trying to mail you and getting bounces due to the domain disappearing from the internet). I don't think I'm happy having .org run by folks with this as their motto: Technology so advanced, even we don't understand it!(R). Can't we just go back to non-anycast, please? -j
Re: Who broke .org?
On Fri, Jul 02, 2004 at 02:38:12PM -0400, Patrick W Gilmore wrote: On Jul 2, 2004, at 2:32 PM, Jeff Wasilko wrote: Can't we just go back to non-anycast, please? You mean like the roots Er, wait a second Now, if you suggest a combination, that might be reasonable. (I don't run .org, I just think a blanket statement anycast is bad is, well, bad.) I'd be totally happy to see a combination, too. It's just pretty obvious that the current solution isn't reliable over the long-haul. -j
Heads-up: ATT apparently going to whitelist-only inbound mail
- Forwarded message - Return-Path: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] (added by [EMAIL PROTECTED]) Content-Disposition: inline Content-Transfer-Encoding: binary Content-Type: text/plain MIME-Version: 1.0 X-Mailer: MIME::Lite 2.102 (B2.12; Q2.03) Date: Tue, 21 Oct 2003 20:21:50 UT Subject: *** ACTION: IP Address of Outbound SMTP Server Requested (Updated 10/21/03) From: [EMAIL PROTECTED] ATT Business Partners Customers ATT has received many of the requested IP addresses in response to an e-mail originally broadcast yesterday to our business partners and clients. However, we have also received many concerned responses to the original request. This 2nd e-mail is to let you know that this is a legitimate ATT request asking for your cooperation, which will let us improve the service that ATT offers you and that our partnership requires. We have provided a toll-free number below to help you confirm the legitimacy of this request. We have assembled the distribution list for this e-mail by looking up the administrative contacts for each of the known e-mail domains we currently exchange e-mail with, referencing WHOIS and other such services available via the Internet. What ATT is asking is for you to help ATT to restrict incoming mail to just our known and trusted sources (e.g., business partners, clients and customers). Therefore, we need to know which IP address(es) are used by your outbound e-mail service so we can selectively permit them. Please send this information to the following e-mail address ([EMAIL PROTECTED]). If you need assistance determining what these IP addresses are, please contact your company's administrative e-mail server support / network administration personnel. We regret that ATT is burdening you with this request, but our ATT security team is advising that we take this step to help safeguard our e-mail systems, which ultimately will help us serve you better. Please contact us with any concerns or questions: ATT Security Help Desk 1-800-456-4230, prompt 4 (8am - 10pm est) Thank you for your prompt attention to this matter. We appreciate your cooperation. Sincerely, Brian Williams, IP Network Services Tim Scholl - District Manager, IP Network Services Kevin O'Connell - Division Manager, Information Technology Services Engineering Bill O'Hern - Division Manager, Network Security - Original Message (Sent Monday, 10/20/03) - ATT has an urgent situation with our anti-spam list. In order to continue to allow email to ATT you need to provide the IP addresses of all your outbound email gateways. If you do not respond immediately, your access may not continue. The required information should be sent to [EMAIL PROTECTED] - End forwarded message -
Re: possible ORG problems, maybe?
On Thu, Oct 16, 2003 at 12:05:25AM -0400, Joe Abley wrote: I think I'm seeing problems performing recursive queries for names under ORG against tld[12].ultradns.net at the moment, which is causing resolvers without cached data to behave as if domains don't exist. It's not trivial to tell whether this is just a local problem, since all the authoritative nameservers for ORG are anycast instances (i.e. I might just be unlucky in that my local tld[12].ultradns.net nodes are behaving unexpectedly). Is anybody else seeing issues? Yes. My personal system's in the .org domain, and I just had outbound mail bounced claiming: Domain of sender address [EMAIL PROTECTED] does not exist My nameservers are very diverse, so I'm wondering what's going on with .org this week. I'll be happy to provide details to interested parties. -j
Re: Finding ASN from IP address
On Thu, Oct 09, 2003 at 09:49:32AM -0700, Avleen Vig wrote: I want to create a mapping of IP addresses to ASN, for a specific like of IP addresses. Eg: 1.2.3.4 12.34.56.78 etc, gathered from my system logs. What is the best way of doing this? Team Cymru is offering a IP to ASN Whois service: * Fellow networkers, Team Cymru is happy to announce the availability of a public whois server dedicated to mapping IP numbers to ASNs, located at whois.cymru.com. You can find the link to this tool at: http://www.cymru.com/BGP/whois.html This link has been added to our main BGP data page available at: http://www.cymru.com/BGP/index.html We have also extended the functionality of this daemon to support BULK IP submissions for those who wish to further optimize their queries with netcat. Following is a quick overview of how to use it: $ whois -h whois.cymru.com IP Where IP is replaced by the IP you'd like to map, like so: $ whois -h whois.cymru.com 4.2.2.1 ASN | IP | Name 3356 | 4.2.2.1 | LEVEL3 Level 3 Communications You can also include port information, and/or timestamps in your queries. Be sure to include quotes around your queries, or the daemon will interpret your request as multiple lines: $ whois -h whois.cymru.com 4.2.2.1 -0600 GMT ASN | IP | Info | Name 3356 | 4.2.2.1 | -0600 GMT | LEVEL3 Level 3 Communications For instructions on how to submit BULK queries via netcat, simply issue the following command: $ whois -h whois.cymru.com help We hope you find this tool useful. Stay tuned for more features! If you have any comments or suggestions as to how we might improve this service, feel free to let us know! Thanks, Steve, for Team Cymru http://www.cymru.com -- Stephen Gill
VeriSign responds to complaints via press release
- Forwarded message from Dave Farber [EMAIL PROTECTED] - If this was Microsoft issuing a statement like this we would really go through the roof. Since when in the Internet do we talk with technical people AFTER the fact and AFTER the disruption. In other words BULL. Can we sue them for email disruption? Dave Delivered-To: [EMAIL PROTECTED] Date: Wed, 17 Sep 2003 19:27:49 -0400 From: Wingfield, Nick [EMAIL PROTECTED] Subject: VeriSign update To: '[EMAIL PROTECTED]' [EMAIL PROTECTED] Dave, In case it's of interest to IP... Nick =WSJ: VeriSign Responds To Complaints About New Service Dow Jones News Service via Dow Jones By Nick Wingfield Of THE WALL STREET JOURNAL SAN FRANCISCO (Dow Jones)--VeriSign Inc. (VRSN), responding to an outpouring of complaints about a new service that exploits the typing errors users make when surfing the Web, said it plans to work with technologists to remedy disruptions the service has caused to some Internet applications like e-mail. At the same time, the VeriSign service triggered a huge increase in the amount of traffic flowing to the Mountain View, Calif., company's Web site, a portion of which may be the result of a hacker attack against the company, VeriSign said. (This story and related background material are available on the Journal's Web site, WSJ.com.) VeriSign on Monday introduced the service, dubbed Site Finder, which steers users who attempt to reach nonexistent Web addresses to a site operated by VeriSign. The company is able to take control of the traffic because it operates the master list, or registry, for all Internet addresses ending in .com and .net. VeriSign said it designed Site Finder as a navigational aid for Web users. It also receives revenue from the additional traffic through relationships with Overture Services Inc. (OVER) and Yahoo Inc.'s (YHOO) Inktomi, which guide users to Web sites. The new VeriSign service infuriated many network operators, though, who say it has disrupted the functioning of e-mail and other applications. Among the complaints about the VeriSign service is that it hurts the ability of Internet service providers to block spam sent from Internet addresses that don't exist - a common technique normally used to stem the flow of junk e-mail. Internet service providers and software groups have developed patches that prevent the VeriSign service from working on their networks. In a statement Tuesday, VeriSign said it would release technical information on its Web site that would help network operators adapt their software so they could block unwanted e-mail again. In the course of implementation, various users asked us to modify the service to accommodate anti-spam applications, the company said in the statement. Because VeriSign strongly supports appropriate technical measures designed to reduce unwanted spam, we are reaching out to users and the community to make appropriate adjustments to the service. We remain committed to ensuring that Site Finder improves Web navigation and the user experience, VeriSign added. Despite the controversy, VeriSign's efforts to nab control of typo-prone Internet users appears to be having a sizable impact on the volumes of users visiting its site. Traffic to the company's Web site on Tuesday skyrocketed to about 1.3 million visitors from an average of about 100,000 visitors on the previous four Tuesdays, according to measurement firm ComScore Networks Inc. Some of that may have been due to malicious - not typo - traffic. A VeriSign spokesman said the company experienced a denial of service attack on its Web site on Tuesday, in which hackers use computers to bombard Web sites with traffic in hopes of overloading them. The attack appeared to subside by Wednesday, the spokesman said. A ComScore spokesman said it's very unlikely that a denial of service attack on VeriSign had a significant impact on the ComScore traffic figures.
Re: Heads up -- potential problems in 3.7, too? [Fwd: OpenSSH Security Advisory: buffer.adv]
On Tue, Sep 16, 2003 at 08:58:13PM -0400, [EMAIL PROTECTED] wrote: I hope you mean OpenSSH 3.7p1 ? No, there was a 2nd release today: ftp://ftp.openbsd.org/pub/OpenBSD/OpenSSH/portable/openssh-3.7.1p1.tar.gz
Re: rfc1918 ignorant (fwd)
On Wed, Jul 23, 2003 at 06:03:13PM -0400, Daniel Senie wrote: At 02:11 PM 7/23/2003, Dave Temkin wrote: 2003 7:07 AM:] Comcast and many others seem to blithely ignore this for convenience sake. (It's not like they need a huge amount of space to give private addresses to these links.) ARIN required cable operators to use RFC 1918 space for the management agents of the bridge cable modems that have been rolled out to the millions of residential cable modem customers. Doing so obviously requires a 1918 address on the cable router, but Cisco's implementation requires that address to be the primary interface address. There is also a publicly routable secondary which in fact is the gateway address to the customer, but isn't the address returned in a traceroute. Cisco has by far the lead in market share of the first gen Docsis cable modem router market so any trace to a cable modem customer is going to show this. When MediaOne (remember them?) deployed the cable modems here (LanCity stuff, originally), traceroutes did NOT show the 10/8 address from the router at the head end. ATT bought MediaOne, and now we've got Comcast. The service quality has stayed low, and the price has jumped quite a bit, and somewhere along the line a change happened and the 10/8 address of the router did start showing up. Now it's possible the router in the head end got changed and that was the cause. I really don't know. That's exactly what happened. The Lancity equipment were bridges, so you never saw them in traceroutes. The head-end bridges were aggregated into switches which were connected to routers. The Cisco uBR is a router, so you see the cable interface (which is typically rfc1918 space) showing up in traceroutes from the CPE out. Note that you don't see it on traceroutes towards the CPE since you see the 'internet facing' interface on the uBR. -j
NJ: Red alert? Stay home, await word
http://www.southjerseynews.com/issues/march/m031603e.htm If the nation escalates to red alert, which is the highest in the color-coded readiness against terror, you will be assumed by authorities to be the enemy if you so much as venture outside your home, the state's anti-terror czar says. ...
Re: uunet
On Sun, Jan 19, 2003 at 10:26:16PM +, Tim Thorne wrote: Dave Howe [EMAIL PROTECTED] wrote: there then followed a short conversation that amounted to that - given that $mydomain was working fine, they would *not* look at the problem for $contractorsdomain unless $contractor contacted them about it. I found postmaster@contractorsdomain worked fine, so managed to get *that* guy to get uunet to fix the problem (and it was literally a thirty second fix). You can hardly expect an ISP to change an MX record on the opinion (right or wrong) of a third party. It could be someone trying a little Correct me if I'm wrong, but the original poster wasn't trying to get UUnet to change an MX record. Rather, the uunet-provided MX host for the domain was not set up to 'relay' mail for that domain, and the original poster was trying to get UUnet to fix their MTA config. -j
Re: Popular trouble ticket management system for IP NOC
On Tue, Sep 24, 2002 at 09:37:39AM +0800, Yu Ning wrote: Hi all, Thanks for all your kindly reply. I'm currently evaluating HP Service Desk, and CA Unicenter service desk. Remedy seems have no Chinese contact. RT seems too non-commercial :-) I suspect Best Practical Solutions (the RT developers) would be happy to take your money for a support contract (They're at http://bestpractical.com/ ). I think if you drop them a note you'd be suprised how many large organizations are using RT -j
Re: Echo
On Fri, Aug 16, 2002 at 12:38:26PM -0400, Martin Hannigan wrote: Looks like the echo mail reflectors at PSI are now gone. Must've happened today as I use these frequently. [EMAIL PROTECTED] on Fri, 16 Aug 2002 12:29:41 -0400 [EMAIL PROTECTED] still works -j
Re: Buffett bailout of WorldCom raises questions of influence
On Fri, Jul 12, 2002 at 11:28:15AM -0400, Bradley Dunn wrote: http://www.usatoday.com/money/columns/maney.htm Anyone who fears a Microsoft entry into telecoms would do well to study its foray into cable investments. They made our life at RoadRunner rather difficult. -j