Re: YouTube IP Hijacking
having built an ISP or two in pakistan, PTCL (Pakistan Telecom) is not the sole provider of bandwidth to the country, although it likely carries the bulk of traffic to the country. operationally, there are a number of jurisdictions which filter content and connectivity on a variety of basis. adjusting the BGP announcements is a fairly quick and sure way to hobble connectivity to specific content. although, it is quickly bypassed by shifting the content to other addresses and domain names. i'm sure that this was an accidental leakage, and that appropriate corrections were/are taken in due course. -- Jim Mercer[EMAIL PROTECTED]+971 55 410-5633 I'm Prime Minister of Canada, I live here and I'm going to take a leak. - Lester Pearson in 1967, during a meeting between himself and President Lyndon Johnson, whose Secret Service detail had taken over Pearson's cottage retreat. At one point, a Johnson guard asked Pearson, Who are you and where are you going?
Re: YouTube IP Hijacking
On Mon, Feb 25, 2008 at 09:13:23AM +, Alexander Harrowell wrote: Interesting that (according to Renesys) BT reconnected about 500 networks in Pakistan after the big fibre cut. I wonder if there's any data around that would tell us who filters and who doesn't? based on my experience of routing (and de-routing) my own legacy space as well as some RIPE space through PTCL, i know they have procedures in place to restrict what their customers can send to them, so it makes sense that they have a clue as to how to control what they send out. probably fat fingers, and probably fat wobbly fingers in a rush to comply with a government directive. On Mon, Feb 25, 2008 at 9:02 AM, Jim Mercer [EMAIL PROTECTED] wrote: having built an ISP or two in pakistan, PTCL (Pakistan Telecom) is not the sole provider of bandwidth to the country, although it likely carries the bulk of traffic to the country. operationally, there are a number of jurisdictions which filter content and connectivity on a variety of basis. adjusting the BGP announcements is a fairly quick and sure way to hobble connectivity to specific content. although, it is quickly bypassed by shifting the content to other addresses and domain names. i'm sure that this was an accidental leakage, and that appropriate corrections were/are taken in due course. -- Jim Mercer[EMAIL PROTECTED]+971 55 410-5633 I'm Prime Minister of Canada, I live here and I'm going to take a leak. - Lester Pearson in 1967, during a meeting between himself and President Lyndon Johnson, whose Secret Service detail had taken over Pearson's cottage retreat. At one point, a Johnson guard asked Pearson, Who are you and where are you going? -- Jim Mercer[EMAIL PROTECTED]+971 55 410-5633 I'm Prime Minister of Canada, I live here and I'm going to take a leak. - Lester Pearson in 1967, during a meeting between himself and President Lyndon Johnson, whose Secret Service detail had taken over Pearson's cottage retreat. At one point, a Johnson guard asked Pearson, Who are you and where are you going?
Re: YouTube IP Hijacking
On Mon, Feb 25, 2008 at 10:12:47AM -, [EMAIL PROTECTED] wrote: In case you hadn't noticed, there is no North American law enforcement agency and no North American courts and no North American laws outside of NAFTA. So I'm not sure what you are getting at here. Do you want to reopen NAFTA negotiations to include Internet peering? the law process within NAFTA is no more than a delay tactic used by various big business and big government to defer any real resolution to the problems. the laws of Canada, Mexico and the US are still largely seperate, and the laws of one do not necessarily follow in another. -- Jim Mercer[EMAIL PROTECTED]+971 55 410-5633 I'm Prime Minister of Canada, I live here and I'm going to take a leak. - Lester Pearson in 1967, during a meeting between himself and President Lyndon Johnson, whose Secret Service detail had taken over Pearson's cottage retreat. At one point, a Johnson guard asked Pearson, Who are you and where are you going?
Re: Sicily to Egypt undersea cable disruption
On Fri, Feb 01, 2008 at 10:56:26PM +, Steven M. Bellovin wrote: On Fri, 1 Feb 2008 22:42:02 - Rod Beck [EMAIL PROTECTED] wrote: Well, when you have all these cables running through narrow straits or converging to the same stretch of beach, it does not strike me as at all extraordinary. But they aren't near each other. http://www.nytimes.com/2008/01/31/business/worldbusiness/31cable.html says that the first two cuts were in the Mediterranean, near Marseille and Alexandria; the third was in the Persian Gulf, near Dubai (http://www.nytimes.com/aponline/technology/AP-Internet-Outages.html). beings as i live in dubai, i can also add that over the last two days there have been some quite strong winds blowing. which i supposed could be a factor in a ship dragging its anchor across a fiber path. -- Jim Mercer[EMAIL PROTECTED]+971 55 410-5633 I'm Prime Minister of Canada, I live here and I'm going to take a leak. - Lester Pearson in 1967, during a meeting between himself and President Lyndon Johnson, whose Secret Service detail had taken over Pearson's cottage retreat. At one point, a Johnson guard asked Pearson, Who are you and where are you going?
Re: Sicily to Egypt undersea cable disruption
On Thu, Jan 31, 2008 at 02:41:22AM +, Todd Underwood wrote: On Thu, Jan 31, 2008 at 01:56:42AM +, Paul Ferguson wrote: For what its worth, Todd Underwood has a very good overview of the countries affected by this outage over on the Renesys Blog here: http://www.renesys.com/blog/2008/01/mediterranean_cable_break.shtml there are some interesting findings here about who (what carriers, what countries) were critically dependant on these cable systems. we'll probably put some more effort into analyzing this situation as it develops and compare it to the taiwan outages that hit late 2006. an FYI for anyone looking to do hosting/connectivity to Dubai or the UAE: there are only two providers in the UAE, etisalat and du. while du is either completely offline, or pushing all its traffic across what appeared to be single dial-up ISDN link 8^), etisalat seems largely uneffected. (connectivity from my du connected office was barely useable, while my du connected residence was completely offline, connectivity from my etisalat connected co-lo and etisalat connected office are operating pretty much at norm, which is to say, not quite what i'd expect for north america, but quite acceptable for the region) the downside is that du is the progressive provider, while etisalat continues to filter and block various and sundry sites and facilities based on complaints from its more conservative customers (porn, dating sites, and social networking sites like facebook/etc) and techno-political bents (ie. many sites relative to VoIP and web proxies are blocked) -- Jim Mercer[EMAIL PROTECTED]+971 55 410-5633 I'm Prime Minister of Canada, I live here and I'm going to take a leak. - Lester Pearson in 1967, during a meeting between himself and President Lyndon Johnson, whose Secret Service detail had taken over Pearson's cottage retreat. At one point, a Johnson guard asked Pearson, Who are you and where are you going?
Re: Network Operator Groups Outside the US
Rod Beck wrote: I am also disappointed to see the Canadians and Irish have next to nothing despite Ireland being the European base of operations for Google, Microsoft, Amazon, and Yahoo. the Canadians tend to keep things quiet, as all their good ideas are taken by the Americans (ie. light bulb and basketball) -- Jim Mercer[EMAIL PROTECTED]+971 55 410-5633 I'm Prime Minister of Canada, I live here and I'm going to take a leak. - Lester Pearson in 1967, during a meeting between himself and President Lyndon Johnson, whose Secret Service detail had taken over Pearson's cottage retreat. At one point, a Johnson guard asked Pearson, Who are you and where are you going?
weight vs. volume (95th percentile vs transfer in M/Gbytes)
over the years, i've grown quite accustomed to feeling out pricing of bandwidth based on 95th percentile peak utilization with various minimums and potential tiers. i've always sorta viewed pricing by bytes transferred to be a consumer thing that my uncle might pay when hosting his webpages showing his matchbox collection. now i'm faced with a jurisdiction where the only providers (all 2 of them) will only give pricing in bytes transferred. they are not interested in giving me pricing based on 95th percentile, and as such i'm having a tough time budgetting for some of my applications. (pisses me off because i'm sure _they_ are paying by 995th percentile) with 95th percentile, i could always trottle down the applications or figure out what my estimated `overage might be. has anyone got a formula for comparing 95th percentile billing with bytes transferred? -- Jim Mercer[EMAIL PROTECTED]+971 55 410-5633 I'm Prime Minister of Canada, I live here and I'm going to take a leak. - Lester Pearson in 1967, during a meeting between himself and President Lyndon Johnson, whose Secret Service detail had taken over Pearson's cottage retreat. At one point, a Johnson guard asked Pearson, Who are you and where are you going?
Re: A nice description of why the Internet is slow
On Thu, Mar 08, 2007 at 07:23:37AM -0500, [EMAIL PROTECTED] wrote: http://www.ccs.uottawa.ca/connect/why-internet-slow.html ironically, it took more than 2 minutes for this URL to fully render for me. while waiting for it to pull in icons(?) or other stuff to decorate the page, i was able to read the full text. i suspect this is related to a packet-sniffer mandated by the UAE government to find and stamp out skype-phone sessions and other VoIP type activities, while not interfereing with Skype-Skype and other P2P activities. the article fails to mention delays that are introduced when Homeland Security mandates that everyone going in and out of Quickie-Mart needs to be strip searched looking for weapons of mass destruction. -- [ Jim Mercerjim@reptiles.org+971 50 436-3874 ] [ I want to live forever, or die trying.]
Re: death of the net predicted by deloitte -- film at 11
On Sun, Feb 11, 2007 at 11:14:49AM -0700, brett watson wrote: On Feb 11, 2007, at 10:58 AM, Chris L. Morrow wrote: perhaps next time the news folks could ask someone who runs a network what the problems are that face network operators? they did ask one, you must have missed this from the article: Verisign, the American firm which provides the backbone for much of the net, including domain names .com and .net,... isn't this a little like saying we are running out of voice capacity on the network because YellowPages can't find cheap paper to print their directories? surely they could have found a more relevant source. -- [ Jim Mercerjim@reptiles.org+971 50 436-3874 ] [ I want to live forever, or die trying.]
Dubai
yeah, i know, its the _north american_ network operators, but judging by the posts here, and attendance at the NANOG meetings, there is quite the international audience. looking to hook up with operations and systems administrations people in dubai. if you are out there, drop me a note. -- [ Jim Mercerjim@reptiles.org+971 50 436-3874 ] [ I want to live forever, or die trying.]
Re: Zimbabwe satellite service shutdown for non-payment
On Tue, Sep 19, 2006 at 12:00:36AM -0500, Gadi Evron wrote: On Mon, 18 Sep 2006, Sean Donelan wrote: Intelsat has shutdown the primary satellite link for Zimbabwe's state communications company for non-payment, which has affected most of the ISPs in the country. I can't really blame them. I doubt the Internet is considered critical infrastructure over there yet, i guess that would depend on who you are, i'm sure a number of aid organizations and other NGO's are quite dependent on the internet. and I doubt Intelsat would care... but this is interesting in the sense that even if you can't fault intelsat in any way... Intelsat, Inmarsat, etc. run quite a bit, and if it's a country that gets disconnected, that is a problem even if it's not their problem. i would imagine that this was a last option for intelsat, as they have been the backbone for many places, especially those away from western infrastucture for a long time. The state company TelOne acknowledged receiving a final demand for payment of its satellite arrears last month and asked the central bank to provide hard currency which has so far not been allocated. -- [ Jim Mercerjim@reptiles.org+971 50 436-3874 ] [ I want to live forever, or die trying.]
Re: Why is RFC1918 space in public DNS evil?
On Mon, Sep 18, 2006 at 03:18:07AM -0500, Gadi Evron wrote: On Mon, 18 Sep 2006, Petri Helenius wrote: Matthew Palmer wrote: I've been directed to put all of the internal hosts and such into the public DNS zone for a client. My typical policy is to have a subdomain of the zone served internally, and leave only the publically-reachable hosts in the public zone. But this client, having a large number of hosts on RFC1918 space and a VPN for external people to get to it, is pushing against this In many scenarios the VPN'd hosts will ask for the names from the public DNS anyway, so I feel your client is right and it would be better for you to go with their wishes. Putting all other issues aside, I believe you are right. Still, if VPN is the problem than it is solvable. These machines can be configured with a DNS server that knows where to go. if the hosts inside the VPN can only be accessed by hostnames served up inside the VPN, then it is more likely the users can be confident that their data is actually traversing the VPN. it works, or it don't. -- [ Jim Mercerjim@reptiles.org+971 50 436-3874 ] [ I want to live forever, or die trying.]
Re: Why is RFC1918 space in public DNS evil?
On Mon, Sep 18, 2006 at 08:36:44AM -0400, Daniel Senie wrote: At 04:33 AM 9/18/2006, Jim Mercer wrote: if the hosts inside the VPN can only be accessed by hostnames served up inside the VPN, then it is more likely the users can be confident that their data is actually traversing the VPN. it works, or it don't. Or, the user's computer is still caching information. Internet Explorer is does this, and other browsers may as well. I keep a link to a script on my Windows desktop labelled Flush DNS and wind up using it often. If the user is accessing sites across the VPN, and as another poster writes the VPN drops, packets containing juicy, private information could well leak out in places people didn't intend. As risks go, this might not be too severe in many cases, but if you were doing a security assessment for sarbox or hippa, would you consider it safe? Do the remote sites indeed have filters blocking traffic to/from RFC1918 space that don't traverse the VPN? maybe ut some null routes on the PC's for the blocks, and have them overridden when the VPN comes up. could be done as part of the install of the VPN software/config? -- [ Jim Mercerjim@reptiles.org+971 50 436-3874 ] [ I want to live forever, or die trying.]
managing mycompany.{all iso TLD + icann TLD) ?
the company i'm working for has a growing list of domains for the company and its trademarks. i'm finding that i need to deal with a variety of registries and resellers and whatnot in order to keep up. are there resellers out there that have agreements with _most_ TLD registries? i realize that i won't likely find a single reseller for all the TLD's, but i'd like to switch from using 10 baskets to 2 or three. it would be nice if they provided a control panel that we can use to administer not only the domains we have through them, but also domains that are registered elsewhere, but we want parked in a central location. -- [ Jim Mercerjim@reptiles.org+971 50 436-3874 ] [ I want to live forever, or die trying.]
Re: managing mycompany.{all iso TLD + icann TLD) ?
On Mon, Jul 24, 2006 at 12:35:26PM -0700, Doug Barton wrote: ... and registering the string in 435 TLD's just to make sure they can't is the worst kind of stupid. well, you know that, and i know that, but apparently senior management would never take our word for it. -- [ Jim Mercerjim@reptiles.org+971 50 436-3874 ] [ I want to live forever, or die trying.]
Re: MAE-WEST - 55 S Market area equipment sourcing
On Wed, May 24, 2006 at 07:54:00AM -0700, Christopher McCrory wrote: This is not in you area, but FFR in LA across the street from one wilshire, Lightsource1 has a small storefront. They stock GBICS, fiber, copper, various Cisco bits (backed by a stockpile of larger stuff). There is a phone number posted for the It's 2am and I need $part right now times. Rumor has it they will soon have free coffee and wireless. Does ACE Hardware still sell UTP/coax/fiber, ends and crimpers on the ground floor of 60 Hudson? i always thought that was cool. i was thinking of putting a vending machine in 151 Front (Toronto), selling cables and bits for outrageous prices. -- [ Jim Mercerjim@reptiles.org +1 416 410-5633 ] [ I want to live forever, or die trying.]
Re: KVM over IP suggestions?
On Mon, Aug 22, 2005 at 11:15:23AM -0400, Drew Weaver wrote: Howdy, I'm looking for a way to give our remote users access to their servers, perhaps a KVM-IP solution. What we need is support for multiple users (more than 2), with access control that limits what users can connect to what ports on the KVM switch, and would allow you BIOS level access and os-installation type control over the server, would also be nice if it worked with windows and linux/unix based systems. Any suggestions would be helpful. i haven't used it, but you might want to check out: http://www.realvnc.com/products/KVM-over-IP/ -- [ Jim Mercerjim@reptiles.org +1 416 410-5633 ] [ I want to live forever, or die trying.]
Re: SPEWS?
anybody else see the irony of posting to USENET as an anti-spam measure? USENET being one of the harvesting engines the spammers use to collect addresses. i still get spam sent to the id i only used i used when i actually still used news. -- [ Jim Mercer[EMAIL PROTECTED] +1 416 410-5633 ] [ I want to live forever, or die trying.]
Re: Sean takes a vacation somewhere sunny....
On Sun, Jun 16, 2002 at 12:38:33PM -0400, David Lesher wrote: The Spanish ministry of science and technology has asked telecommunications companies to activate a backup plan in the case of such emergencies in future. Spare fibers in the same duct ;-? RFC1149 would probably have less latency. -- [ Jim Mercer[EMAIL PROTECTED] +1 416 410-5633 ] [ I want to live forever, or die trying.]
Re: OSI's final revenge
On Sat, Jun 15, 2002 at 02:15:47AM -0400, Sean Donelan wrote: On Fri, 14 Jun 2002, Robert Mathews wrote: The National Infrastructure Protection Board's Debbie Weierman notes that her agency has been collaborating with experts from the NSA, the Federal Computer Incident Response Center, CERT, private groups, and others since March to see how widespread the ASN.1 flaw is. I'm certain the best people are working on this, but once again Steve Bellovin scooped them all nearly a decade ago. So severe are the potential ramifications of widespread ASN.1 security holes, that President Bush was personally briefed on the matter... -- http://online.securityfocus.com/news/474 can you say War on Open Standards? yikes! same article: Howard Schmidt, former Microsoft security chief and newly-appointed vice chairman of the President's Critical Infrastructure Protection Board... yep, the Critical Infrastructure needs to be overseen by the same people who brought us the Outlook Virus Launch Platform, and the Internet Information Server/Virus Incubator. -- [ Jim Mercer[EMAIL PROTECTED] +1 416 410-5633 ] [ I want to live forever, or die trying.]
Re: Off Topic: ISP's in Pakistan?
On Wed, Jun 12, 2002 at 12:24:40PM -0400, Mitchell, Dan wrote: I have a customer that is located in Pakistan and is looking for a reasonably priced connectivity option. He says he currently has a 16kbps (CIR) Frame Relay link to ATT's global FR cloud and is paying (gasp!) $1550 per month for it. Their last-mile link is Spread Spectrum radio. He also tells me that 48kbps-CIR means paying (cringe!) $4440/month. I know the NA in NANOG does not quite cover Pakistan, but if anyone has a contact over there that might be able to assist, please respond to me privately. i built an ISP in Karachi last year, and those prices don't sound out of line. you should note that any service based on public airwaves should be avoided, as the bulk of the 900Mhz/2.4Ghz space is completely in use. if you'd like, i can make an introduction to the people i work with. -- [ Jim Mercer[EMAIL PROTECTED] +1 416 410-5633 ] [ I want to live forever, or die trying.]
Re: NANOG 25 - Toronto - Any Questions?
On Tue, Apr 30, 2002 at 10:41:15PM +0100, Simon Lockhart wrote: Anyone planning on doing a budget trip to Niagara Falls to just tourist? I don't really fancy forking out $150... your best bet there would be to team up with a few other people and rent a car. niagara falls is gonna be a 2-3 hour drive from the conference depending on traffic. about half of that is city, and the other half vineyards and country. -- [ Jim Mercer[EMAIL PROTECTED] +1 416 410-5633 ] [ I want to live forever, or die trying.]
Re: [off topic]Re: NANOG costs
On Wed, Apr 10, 2002 at 04:52:58PM -0400, Douglas A. Dever wrote: Previously, Jim Mercer ([EMAIL PROTECTED]) wrote: minor quibble. on http://www.nanog.org/mtg-0206/index.html, it says: Richmond Hill, Ontario, CN i suspect it was meant as Richmond Hill, Ontario, CA. Nope, Ontario, CA would be Ontario, California to all of us in the United States. (And KONT to all you pilots.) :-) Ontario, CA would be Ontario, Canada. Ontario, CA, US would be Ontario, California. lest you forget, the ISO did designate US for your country, not that it seems to be used much. NANOG is North American , which includes a couple other countries than just them Untied States. -- [ Jim Mercer[EMAIL PROTECTED] +1 416 410-5633 ] [ I want to live forever, or die trying.]
