Re: Abuse Reporting (non-SMTP Abuse)
On Tue, Apr 15, 2008 at 3:39 AM, [EMAIL PROTECTED] wrote: http://xml.coverpages.org/iodef.html SO, is it generally accepted to use IODEF to report non-SMTP abuse (web/port scans, etc)?Everyone seems to be on the SMTP bandwagon this week, what about the miscreant customers of Internet Access Providers? -Jim P.
Re: YouTube IP Hijacking
http://www.google.com/reader/m/view/?source=mobilepackv=2.1.4rlz=1H2GGLE_eni=-3701578819353178822c=CMOjuszq3ZECn=1 On 2/24/08, Max Tulyev [EMAIL PROTECTED] wrote: I think it was NOT a typo. This was a test, much more important test for this world than last american anti-satellite missile. And if they do it again with more mind, site will became down for a weeks at least... More of that, if big national telecom operator did it and have neighbors to filter them out - it can lead to global split of the network. Of course, it should be happened early or late with THIS design of the Network. Ravi Pina wrote: Sounds more like a typo on a filter over at AS17557 than anything else. http://ca.news.yahoo.com/s/afp/080224/world/denmark_media_islam_pakistan_internet_youtube -r On Sun, Feb 24, 2008 at 12:27:29PM -0800, Sargun Dhillon wrote: As you guys probably know Youtube's IP's are being hijacked. Trace: ~ $ host youtube.com youtube.com has address 208.65.153.253 youtube.com has address 208.65.153.238 youtube.com has address 208.65.153.251 [Same /24] 701 3491 17557 64.74.137.253 (metric 1) from 66.151.144.148 (66.151.144.148) Origin IGP, metric 100, localpref 100, valid, external Community: 65010:300 Last update: Sun Feb 24 11:33:05 2008 [PST8PDT] 3491 17557 216.218.135.205 from 216.218.135.205 (216.218.252.164) Origin IGP, metric 100, localpref 100, valid, external, best Last update: Sun Feb 24 10:47:57 2008 [PST8PDT] So, it seems that youtube's ip block has been hijacked by a more specific prefix being advertised. This is a case of IP hijacking, not case of DNS poisoning, youtube engineers doing something stupid, etc. For people that don't know. The router will try to get the most specific prefix. This is by design, not by accident. This is a case of censorship on the internet. Anyways, I hope this doesn't get into a political situation, and someone stops this. What action are you going to take? Are you going to filter announcements from AS17557, or just filter that specific announcement? Considering youtube is a fairly high-traffic website I think that other operators are just going to start filtering that AS. This is a great example of global politics getting in the way of honest corporatism. This is also an example of how vulnerable the internet is, and how lax providers are in their filtering policies. I don't know how large Pakistani Telecom is, but it I bet its not large enough that PCCW should be allowing it to advertise anything. -- WBR, Max Tulyev (MT6561-RIPE, 2:463/[EMAIL PROTECTED])
Re: photo: transatlantic cables coming ashore
On Feb 8, 2008 3:38 PM, Sean Donelan [EMAIL PROTECTED] wrote: Do you think the US Embassy in Moscow really trusts the Moscow telephone company? No, but I do wonder if they open a ticket with them when the lines go down. ;-) Btw, armored cars are utilized to transport $$, and people expect every last penny to arrive at it's destination. Communications is different, nobody is wedded to 100% availability. It's a goal, but not a reality (outside of marketing speak, that is). A little loss here, a little loss there... who really really cares, at least until an anchor is involved. -Jim P.
Re: Fourth cable damaged in Middle Eest (Qatar to UAE)
On Feb 4, 2008 9:33 AM, Rod Beck [EMAIL PROTECTED] wrote: It's obviously the KGB, which wants the world to be dependent on Russia for oil :-) On a more serious note... who benefits from repairing of these lines? -Jim P.
Re: Postmaster Operator List?
On Fri, 2007-11-16 at 22:13 +0530, Suresh Ramasubramanian wrote: On Nov 16, 2007 10:04 PM, Leigh Porter [EMAIL PROTECTED] wrote: If there was, I sure would not join it. It'd be full of I cannot send mail to your domain blah blah Been to a MAAWG meeting yet? Or been on one such list? There's a lot more interesting and useful / operationally relevant stuff that goes on. rant From www.maawg.org: Your company must be a member of this organization for you to gain access to the members area of this site Ok, so it's still a good-ole-boys club. Interestingly enough, a lot of the names on the approved companies are some of the ones that can't very effectively control inbound/outbound spam from their net blocks. How long has MAAWG been in existence? Has email Abuse gotten better or worse? Perhaps if they weren't so exclusive /rant
Re: mail operators list
On Tue, 2007-10-30 at 13:09 -0400, Joe Abley wrote: On 30-Oct-2007, at 12:55, Andy Davidson wrote: I would support the creation of a mail-operators list ( agenda time for a mailops bof, since a lot of networks are small enough to mean that netops and sysops are often the same guys) if it's deemed to be offtopic on nanog-l. Mail seems to be one of those topics which is of interest to many nanog subscribers, but simultaneously annoying to many (presumably different) nanog subscribers. Given that observation, creating a [EMAIL PROTECTED] list for the discussion of e-mail operations as a bounded experiment seems like a reasonable thing to do. Excellent idea guys. -Jim P.
re: Any help for forwarding Yahoo! Mail?
On Mon, 2007-10-29 at 13:31 -0400, Tuc at T-B-O-H.NET wrote: No, they aren't in the business to teach someone who's been in the industry all his life, and run Managed Server Companies for over 11 years... Define run... you have piqued my curiosity on this issue. Please only reply to the list, not to From:/Reply-To: AND the list -Jim P.
Re: Any help for forwarding Yahoo! Mail?
On Mon, 2007-10-29 at 14:53 -0400, [EMAIL PROTECTED] wrote: On Mon, 29 Oct 2007 14:33:57 EDT, Jim Popovitch said: Please only reply to the list, not to From:/Reply-To: AND the list You could at least have set a Reply-To: so that those people who mindlessly hit 'reply' would have your desired reply destination already filled in. Requesting that people reply a particular way without bothering to specify the RFC-approved way of setting said replies is, at best, impolite. (I'd have nagged in private, but you *did* say reply to the list after all) LOL. From:/Sender: is all you need to worry about Valdis. ;-) I just totally dislike getting list traffic in both my Inbox AND list folder. -Jim P.
Re: Can P2P applications learn to play fair on networks?
On Sun, 2007-10-21 at 17:10 -0400, Daniel Senie wrote: I have Comcast business service in my office, and residential service at home. I use CentOS for some stuff, and so tried to pull a set of ISOs over BitTorrent. First few came through OK, now I can't get BitTorrent to do much of anything. I made the files I obtained available for others, but noted the streams quickly stop. I have Comcast residential service and I've been pulling down torrents all weekend (Ubuntu v7.10, etc.), with no problems. I don't think that Comcast is blocking torrent downloads, I think they are blocking a zillion Comcast customers from serving torrents to the rest of the world. It's a network operations thing... why should Comcast provide a fat pipe for the rest of the world to benefit from? Just my $.02. -Jim P.
Re: Can P2P applications learn to play fair on networks?
On Mon, 2007-10-22 at 12:55 +1300, Simon Lyall wrote: The problem is that the customers are using too much traffic for what is provisioned. Nope. Not sure where you got that from. With P2P, it's others outside the Comcast network that are over saturating the Comcast customers' bandwidth. It's basically an ebb and flow problem, 'cept there is more of one than the other. ;-) Btw, is Comcast in NZ? -Jim P.
Re: Can P2P applications learn to play fair on networks?
On Sun, 2007-10-21 at 22:45 -0400, Geo. wrote: Second, the more people on your network running fileshare network software and sharing, the less backbone bandwidth your users are going to use when downloading from a fileshare network because those on your network are going to supply full bandwidth to them. H... me wonders how you know this for fact? Last time I took the time to snoop a running torrent, I didn't get the the impression it was pulling packets from the same country as I, let alone my network neighbors. -Jim P.
Re: Sun Project Blackbox / Portable Data Center
On Wed, 2007-10-17 at 15:20 -0700, chuck goolsbee wrote: Or say, lots of processing somewhere short term - like video editing/rendering/whatever at the Olympic games. Rendering maybe, but editing needs human space... Not even rendering... streaming it back to your established production facility is cheaper in the long run then having your camera folks haul a box of servers around everywhere they go. ;-) Die thread Die! -Jim P.
Re: Question for Lucy Lynch, SC Candidate
On Tue, 2007-10-16 at 04:51 -0400, Martin Hannigan wrote: Lucy, What is your opinion on Randy Bush's latest post to the NANOG List? Are you possibly referring to the one about Abha Ahuja? -Jim P.
RE: Sun Project Blackbox / Portable Data Center
On Sat, 2007-10-13 at 17:07 -0500, Lorell Hathcock wrote: - Disaster Recovery I can see portable generators being part of DR, but not one or more portable data centers. How long would it take you to start up a second instance of all the hosts and devices you have in a data centers? Isn't the purpose of DR to recover quickly? I've seen a zillion data centers, and I've never seen two that look alike or carry the same sub systems. So the value of this idea is the case with the empty rackspace (IMHO) but then I would have to pre-fill it with all my same-kind hardware and then store it somewhere safe until I needed it, and I would want it online so that I could keep it in sync... at that point it's only benefit is that I could move it from site to site as hookup costs (data/power) fluctuate. - New Media / Web 2.0 HUH? Like everyone else I think the idea is cool... just not sure how valuable it is. Then again, CALEA brings a different perspective, the DOJ could have a thousand of these things on standby ready to park outside your offices when necessary. :rolleyes: -Jim P.
Re: mlc files formal complaint against me
On Mon, 2007-10-08 at 16:24 +0900, Randy Bush wrote: http://rip.psg.com/~randy/mlc-complaint.mbox Can't we all just get along. Look, Randy's comment was a bit gruff (although deeply humorous to quite a few folks). Considering it was made at 2AM I'd have to say that it's not as bad as I've seen from others in the past, and certainly not an outright lie. Again, I think the argument can be made, that the corrective action/inaction is consuming more resources and time than the supposed crime. -Jim P.
OT re: mlc files formal complaint against me
On Tue, 2007-10-09 at 05:54 +0900, Randy Bush wrote: Jim Popovitch wrote: On Mon, 2007-10-08 at 16:24 +0900, Randy Bush wrote: Considering it was made at 2AM i am in tokyo randy :-) well, I read your emails in Atlanta at 2am and your late-night attitude really shows through even though it's the middle of the day for you. :-) -Jim P.
Re: mlc files formal complaint against me
On Mon, 2007-10-08 at 18:46 -0400, Martin Hannigan wrote: Just so we're clear, you will continue to see requests to adapt to the AUP wrt to being on topic. If you don't like that, you can certainly seek to have me thrown off the MLC. In fact, I encourage it. :-) I think that is Randy's point... he is seeing them and no one else is, apparently. I've contributed nothing of worth to this discussion today, just some personal opinions, yet I haven't gotten a cease-or-desist nor warning email. -Jim P.
RE: Using Mobile Phone email addys for monitoring (summarization)
On Fri, 2007-09-07 at 19:54 -0400, Alex Pilosov wrote: As an experiment, I wanted to try to summarize all the answers given on this question, hope this helps someone. Suggestions given: * modem and TAP gateway ** TAP numbers at http://www.avtech.com/Support/TAP/index.htm ** Software: sendpage or qpage * Mobile phone with a serial port and AT commandset ** Software: sms-tools gnokii gsmd ** Issues: not reliable because of battery drain s/serial/usb/ to solve the power problem ;-) -Jim P.
Re: Using Mobile Phone email addys for monitoring
On Thu, 2007-09-06 at 14:12 -0700, matthew zeier wrote: Anyone else have any issues, past or present, with this kind of thing? It takes ~ 7 minutes from the time Nagios sends an email sms to ATT to the time it hits my phone. I'm using @mobile.mycingular.com because mmode.com stopped working (which results in at least two txt pages vs. the one I was used to). try using @txt.att.net ;-) -Jim P.
[EMAIL PROTECTED]
Anybody know who [EMAIL PROTECTED] is? Every post I make to nanog* I eventually get one of these blowback emails: - Return-Path: X-Original-To: [EMAIL PROTECTED] Received: from localhost (localhost.localdomain [127.0.0.1]) by mx1.domainmail.org (Postfix) with ESMTP id F16CB254202 for [EMAIL PROTECTED]; Sat, 11 Aug 2007 19:26:19 -0400 (EDT) Received: from smtp03.bis.na.blackberry.com (smtp03.bis.na.blackberry.com [216.9.248.50]) by mx1.domainmail.org (Postfix) with ESMTP id A2CB525406F for [EMAIL PROTECTED]; Sat, 11 Aug 2007 19:26:18 -0400 (EDT) Received: from bxe028.bisx.prod.on.blackberry (bxe028.bisx.prod.on.blackberry [172.20.225.47]) by srs.bis.na.blackberry.com (8.13.7 TEAMON/8.13.7) with ESMTP id l7BMeBIg023996 for [EMAIL PROTECTED]; Sat, 11 Aug 2007 23:26:11 GMT Date: Sat, 11 Aug 2007 23:26:11 GMT Message-Id: [EMAIL PROTECTED] Received: from localhostSat, 11 Aug 2007 23:26:11 + To: [EMAIL PROTECTED] From: [EMAIL PROTECTED] Subject: Delivery Status Notification(Failure) MIME-Version: 1.0 Content-Type: multipart/report; report-type=delivery-status; boundary=1980877343_1186874771_1711268214_0_bxe028.bisx.prod.on.blackberry X-Virus-Scanned: by amavisd-new (mx1.domainmail.org) Status: O X-UID: 18373 Content-Length: 842X-Keywords: --1980877343_1186874771_1711268214_0_bxe028.bisx.prod.on.blackberry Your message: To: [EMAIL PROTECTED] Subject: Re: Gwd: crypted document Sent Date: 11:10 + has not been delivered to the recipient's BlackBerry Handheld. The returned error status is GENERAL_ERROR --1980877343_1186874771_1711268214_0_bxe028.bisx.prod.on.blackberry Content-Type: message/delivery-status Reporting-MTA: DNS; bxe028.bisx.prod.on.blackberry Received-From-MTA: DNS; bxe028.bisx.prod.on.blackberry Action: Failed Status: 5.0.0 Final-Recipient: RFC822;[EMAIL PROTECTED] Action: Failed Status: 5.0.0 --1980877343_1186874771_1711268214_0_bxe028.bisx.prod.on.blackberry Content-Type: message/rfc822 x-rim-delivery-status-ref-id: [EMAIL PROTECTED] Date: Sat, 11 Aug 2007 23:23:29 -0400 Subject: No Subject Message-Id: [EMAIL PROTECTED] Mime-Version: 1.0 From: --1980877343_1186874771_1711268214_0_bxe028.bisx.prod.on.blackberry-- -Jim P.
Re: More wiki questions...
On Fri, 2007-08-10 at 16:14 -0700, Lynda wrote: I just hate politics, hurt feelings, and other stuff, so I'm asking here first. There's a nice NANOG 40 link on the front of the Wiki, but that's over. I'm thinking it ought not to disappear, but rather move off to a Prior NANOG Meetings (there's some great links to restaurants that I'd hate to see lost, and other useful stuff as well). Then there could be a NANOG 41 link instead (or perhaps a Current Meeting, which would lead off to NANOG 41 for now). Rather than being 40 specific, since this is a wiki make it NANOG Meeting and let normal wiki editing/revisions/etc. take over. Then if someone wants to see NANOG 99 they can pull out that revision and the current revision will always be for the next meeting. -Jim P.
Re: Gwd: crypted document
On Thu, 2007-08-02 at 19:16 -0700, Hex Star wrote: Why would someone in the ISP industry try to spread a virus? Ironically I suppose a ISP admin may have their own computer infected... :P Look at all the anti-spam software that uses perl yet the cpan mirror ops lists is throwing out a dozen or more PDF attachments each day now. -Jim P.
Re: Gwd: crypted document
On Thu, 2007-08-02 at 22:53 -0400, Jon Lewis wrote: On Thu, 2 Aug 2007, Hex Star wrote: Why would someone in the ISP industry try to spread a virus? Ironically I suppose a ISP admin may have their own computer infected... :P If you could read the header, the question you would have asked is, What is Chris Adams doing in Korea sending virus mail to nanog? :) It's a shame there's no test before people subscribe. For the humor impaired, obviously, some PC in Korea is infected with the latest virus and has both Chris's and the nanog list's addresses handy. I wasn't kidding about the test thing though :) Are we sure it's Chris? I could have very easily sent this email as from Jon Lewis... and mail.merit.edu would accept it an send it on through. -Jim P.
Re: 365 Main - an operators' nightmare?
On Tue, 2007-07-24 at 16:54 -0700, joe mcguckin wrote: I don't know if this is true, but it's more exciting reading than blaming it on a 'power outage'... http://valleywag.com/tech/breakdowns/a-drunk-employee-kills-all-of-the-websites-you-care-about-282021.php Think that's good? It gets better http://valleywag.com/tech/breaking/angry-mob-gathers-outside-sf-datacenter-282053.php -Jim P.
Re: 365 Main - an operators' nightmare?
On Tue, 2007-07-24 at 19:26 -0700, Rusty Hodge wrote: Think that's good? It gets better http://valleywag.com/tech/breaking/angry-mob-gathers-outside-sf- datacenter-282053.php That article states that only Colo 4 was affected. I'm in Colo 7 and it was affected as well. You're not seriously believing the disgruntled employee story are you? No. ;-) But it is otherwise believable. I've seen people hit big-red-buttons in disbelief before, doing so in anger seems very plausible. -Jim p.
Re: iPhone and Network Disruptions ...
On Sat, 2007-07-21 at 18:52 -0700, Bill Woodcock wrote: so Cisco had to do an emergency patch for some of their larger customers. or Cisco had to spend time and money getting one of their larger customers to actually apply pre-existing patches. I've see that happen all too often over the years. Never underestimate the ability of new technology to expose the weakness in older technology. -Jim P.
Re: TransAtlantic Cable Break
On Fri, 2007-06-22 at 10:59 -0400, [EMAIL PROTECTED] wrote: Oh, there *is* no *other* other side? That must be what Roderick meant.. ;) And he just happens to have an email addr that suggests he's involved with a company that sells that *other* other side. Just saying. Don't get me wrong... I believe in layers of redundancy, but at some point it becomes more of a headache than a help. -Jim P.
Re: Advice requested
On Tue, 2007-05-29 at 08:21 -0700, Matthew Black wrote: What would you do if a major US computer security firm attempted to hack your site's servers and networks? Would you tell the company or let their experts figure it out? Can you better define attempted to hack, please. -Jim P.
Re: Slightly OT: Looking for an old domain for spam collection
On Wed, 2007-03-28 at 11:24 -0700, Douglas Otis wrote: On Mar 28, 2007, at 11:08 AM, william(at)elan.net wrote: On Wed, 28 Mar 2007, Tony Finch wrote: completewhois has lists in various forms of bogon and hijacked networks. http://completewhois.com/bogons/bogons_usage.htm This list apparently does not track much of the active spoofed announcements. This is understandable, as this tracking remains a difficult task. I've been tracking that list for the past few days, and it seems to change quite a bit. I've also seen it delete 30% on day, and add it back in the next. Do bogons really change that much? -Jim P.
Re: Slightly OT: Looking for an old domain for spam collection
On Sun, 2007-04-08 at 21:59 -0700, william(at)elan.net wrote: Stupid bug but its not reproduceable every time and with little impact (ok it does open small window for abuse) except size of file (correct size of is about 117-120k). Stupid bugs severely impact automated processes. ;-) I'm trying to automate updating my firewall rules, so it's only as good, wrt bogons, as the bogon list's consistency. Here's to hoping they get it straightened out. Thanks for the info William. -Jim P.
RE: On-going Internet Emergency and Domain Names
On Sat, 2007-04-07 at 14:43 -0500, Frank Bulk wrote: One of the reasons that registrars are slow to take down sites that are paid with a credit card is because there is little financial incentive to do so. Also there is the customer numbers affect, most often seen with public companies or those seeking VC funding. Those registrars compete heavily, none of them want to have negative numbers, not even one negative number. -Jim P.
RE: PGE on data centre cooling..
On Fri, 2007-04-06 at 11:48 -0700, chuck goolsbee wrote: There's at least one datacenter in Seattle that when the customer cards in, lights up the floor to their cabinet Been a while since I've been in it, but I remember it USED to do that (fisher, internap I think?) Perhaps the infamous unescorted customer EPO button-push incident of 2005 prompted them to knock that off? :-) I was at a new (to remain unnamed) hosting site, back in the hey day when just about anybody could be hired as a new NOC manager. The CTO was giving me and some others a quick datacenter tour. As we were exiting one floor, the new NOC mgr moved passed me and commented to his new boss that putting an uncovered big red button next to the door was just too inviting... and he proceeded to push it as he asked what it does. :-) All the lights went out, the large room went quiet. The CTO cursed and rushed out to figure out what to do next. The rest of us returned to the NOC... where the monkeys were still powered up and playing games, not even aware that anything had happened. Needless to say, things changed drastically shortly thereafter. -Jim P.
Re: New domain name registry rules (was: On-going Internet Emergency and Domain Names)
On Tue, 2007-04-03 at 12:43 +0100, [EMAIL PROTECTED] wrote: Well, I think the question is, why to new domain additions have to be lumped in with all other zone changes and updated within minutes? Why can't new domain additions be treated specially and be held back for a day or two in order to prevent tasters from abusing the network. Because legit mom pop shops want to sign-up and build a website in the same way they throw a brochure together down at Kinkos. Welcome to the here and now generation. ;-) I'm not saying that I agree with immediate domain registration, but I understand why it is what it is today. Want to fix it: have ICANN regulate and fine registrars who don't screen their clientele. There are enough spam/virus/bot reports out there to see who is responsible for what. -Jim P.
Re: NOC Personel Question (Possibly OT)
On Wed, 2007-03-14 at 22:07 -0400, Justin M. Streiner wrote: On Wed, 14 Mar 2007, Todd Christell wrote: Sorry if this is OT but we are having a discussion with our HR department. We are in the process of getting a 24 X 7 NOC in place and HR has a problem with calling them NOC Specialist. What is the generally accepted title? Not sure why your HR dept would even care :) hmmm. NOC Engineer? NOC Analyst? NOC (insert generic group name here)? SOC/NOC/RNOC/ROCK/CROC/Crock? It certainly isn't specific. Of all the different customer environments I've visited, I don't ever recall 2 of them using the same syntax or signage. I would probably prefer something like Systems Engineer or Network Engineer myself, esp if the job involved trouble shooting and interacting with other professionals (besides, everyone's an engineer these days.) Otherwise, if the job is just screen watching then I think NOC Specialist would be valid. You will have cable TV in the NOC for those (Base|Foot|Basket)ball^wWeather emergencies, right? ;-) -Jim P.
Re: Comcast contact for the East Coast
On Fri, 2007-03-02 at 17:58 -0800, Ashe Canvar wrote: Could someone from Comcast please contact us ([EMAIL PROTECTED]). Customers behind Comcast on the east coast cannot get to our 216.219.126.0 prefix in Santa Barbara, CA. Comcast's peering with Cox on ashbbbrj02-ae0.0.r2.as.cox.net may be to blame. I'm presently hanging off of Comcast in Atlanta (76.17.105.x) and I can ping traceroute and ping 216.219.126.1 -Jim P. signature.asc Description: This is a digitally signed message part
Re: Interland dead?
On Tue, 2007-02-20 at 17:57 -0700, Michael Loftis wrote: Anyone know what's going on? Last year, :-), Interland dedicated hosting went to Peer1 and Interland web hosting went to/became web.com. -Jim P. signature.asc Description: This is a digitally signed message part
Re: DNS: Definitely Not Safe?
On Wed, 2007-02-14 at 18:01 +, Paul Vixie wrote: the rest of the article is equally horrific in its maltreatment and ignorance of facts. It's an article in a CxO type magazine did anyone really expect anything better? -Jim P. signature.asc Description: This is a digitally signed message part
Re: Google wants to be your Internet
On Sat, 2007-01-20 at 10:12 -0800, Mark Boolootian wrote: Cringley has a theory and it involves Google, video, and oversubscribed backbones: http://www.pbs.org/cringely/pulpit/2007/pulpit_20070119_001510.html Aren't there some Telco laws wrt cross-state, but still interlata, calls not being able to be charged as interstate? Perhaps Google wants to avoid any future federal/state regulations by providing in-state (i.e. local) access. Additionally, it makes it easier to do state and local govt business when the data is in the same state (it's not out-sourcing if it's just nextdoor...). And then there is the lobbying issue, what better way to lobby multiple states than do do significant business their in? Or perhaps I'm just daydreaming too much today ;-) -Jim P. signature.asc Description: This is a digitally signed message part
RE: FW: [cacti-announce] Cacti 0.8.6j Released (fwd)
On Thu, 2007-01-18 at 14:33 -0700, Berkman, Scott wrote: There is this Network Management theory called Out of Band Management. Which is rarely properly applied. I lost count of the data centers that block mgmt traffic from external customers, but leave internal systems (which are often sublet to all sorts of external customers) wide open to mgmt servers/devices. Unfortunately mgmt systems need access to whatever they are monitoring, so if you're monitoring customer systems then you are more than likely exposed and should take high-priority at tightening your NMS systems. I know, I work for a NMS vendor and I wouldn't sign my name certifying that our stuff is secure. It's funny how pen testing seems to avoid NMS stuff. -Jim P. signature.asc Description: This is a digitally signed message part
Re: Comcast Routing Issues: Northern NJ: Random Failures
On Sat, 2006-12-30 at 15:07 -0500, Matthew Walker wrote: So this holiday weekend, don't forget to clean your pipes. :) Pipes?!?! I thought they were Tubes? :-) -Jim P.
Re: Collocation Access
On Wed, 2006-12-27 at 09:06 -0800, Owen DeLong wrote: Savvis wants to retain your ID if they issue a cage-key to you. If they (or others) asked you to let them hold $50 cash to cover their key/lock replacement costs would you feel more comfortable? -Jim P.
Re: Collocation Access
On Wed, 2006-12-27 at 18:58 -0800, Owen DeLong wrote: On Dec 27, 2006, at 12:42 PM, Jim Popovitch wrote: On Wed, 2006-12-27 at 09:06 -0800, Owen DeLong wrote: Savvis wants to retain your ID if they issue a cage-key to you. If they (or others) asked you to let them hold $50 cash to cover their key/lock replacement costs would you feel more comfortable? -Jim P. Um, no. I would, however, be willing to have them inform the primary contact that the key had not been returned and then bill the customer appropriately for whatever remedy was chosen by the primary contact. How would they know who to bill? -Jim P.
Re: Collocation Access
On Thu, 2006-12-28 at 12:36 +0800, Adrian Chadd wrote: On Wed, Dec 27, 2006, Jim Popovitch wrote: Um, no. I would, however, be willing to have them inform the primary contact that the key had not been returned and then bill the customer appropriately for whatever remedy was chosen by the primary contact. How would they know who to bill? Um, The ID you presented but didn't have to surrender? At the risk of dragging this to the nth degree... it's already been established that the ID yahoos have no idea on what a real ID looks like vs a false ID (esp considering all the possible combinations of ID). Secondly, say that they do accept your ID as valid, what ties that to your company (please don't say your business cards). I know a guy on 5th street who can make me an ID saying I work for pretty much any letterhead I bring him. ;-) (My colocation provider actually has photos of us all on-hand and only requires drivers licence or passport to verify we are who we say we are. Names, company and photo has to match or they say no. And if we fail to return the key they know who to bill. Now, what'll happen when I decide to shave..) ;-) OK, that's a one-to-one relationship, one tech, one destination. On the other end of the spectrum are very large companies with many field techs visiting data centers all over the world who maintains the list of approved pictures and valid names and where do they keep it? -Jim P.
Re: today's Wash Post Business section
On Fri, 2006-12-22 at 11:36 +1100, Mark Andrews wrote: (Hint - how much smaller would the spam problem be if end users actually looked at their cable or DSL modem and wondered why the Tx/Rx lights were on steady even though nothing was apparently happening?) Given the amount of noise on a cable modem flickering lights mean nothing. My cable modem, and my Dad's, and my friends', flicker endlessly even though when the computers are are shutoff (OK, my wifi router is still on). The flicker isn't from outbound traffic, it's from incoming crap. -Jim P.
repair zombie machines (was: DNS - connection limit)
On Fri, 2006-12-08 at 19:56 +0200, Petri Helenius wrote: Has anyone figured out a remote but lawful way to repair zombie machines? Very interesting question. I personally believe that OS EULAs and ISP ToS guidelines provide for an ISP or an OS mfg (i.e. Microsoft) to force updates and fixes via any means. That is: if I am your customer and my PC/router/USB-Camera/whatever is throwing crap your way, crap that violates your ToS or indicates that I am out of compliance with an EULA, then I believe others have the right (and IMHO the obligation) to step in and correct things (it's what parents do for their kids everyday). So, according to me, any corrective action is lawful when dealing with customers and equipment that have violated an EULA or ToS guidelines. Just my $.02. ;-) -Jim P.
comcast routing issue question
Question: What could cause the first trace below to succeed, but the second trace to fail? $ mtr 69.61.40.35 HOST: blueLoss% Snt Last Avg Best Wrst 1. 192.168.3.1 0.0% 14.3 4.3 4.3 4.3 2. 73.62.48.10.0% 1 10.6 10.6 10.6 10.6 3. 68.86.108.25 0.0% 1 11.4 11.4 11.4 11.4 4. 68.86.106.54 0.0% 19.8 9.8 9.8 9.8 5. 68.86.106.9 0.0% 1 20.5 20.5 20.5 20.5 6. 68.86.90.121 0.0% 1 11.3 11.3 11.3 11.3 7. 68.86.84.70 0.0% 1 27.7 27.7 27.7 27.7 8. 64.213.76.77 0.0% 1 24.5 24.5 24.5 24.5 9. 208.50.254.1500.0% 1 39.4 39.4 39.4 39.4 10. 208.49.83.237 0.0% 1 46.6 46.6 46.6 46.6 11. 208.49.83.234 0.0% 1 40.7 40.7 40.7 40.7 12. 69.61.40.35 0.0% 1 43.9 43.9 43.9 43.9 $ mtr 69.61.40.34 HOST: blueLoss% Snt Last Avg Best Wrst 1. 192.168.3.1 0.0% 11.1 1.1 1.1 1.1 2. 73.62.48.10.0% 19.9 9.9 9.9 9.9 3. 68.86.108.25 0.0% 19.3 9.3 9.3 9.3 4. 68.86.106.54 0.0% 19.6 9.6 9.6 9.6 5. 68.86.106.9 0.0% 19.0 9.0 9.0 9.0 6. 68.86.90.121 0.0% 1 18.2 18.2 18.2 18.2 7. 68.86.84.70 0.0% 1 23.9 23.9 23.9 23.9 8. ??? 100.0 10.0 0.0 0.0 0.0 Taking the 69.61.40.33/28 subnet a bit further, .36 drops at 68.86.84.70 but .37 - .39 make it. .40 drops at 68.86.84.70, but .41 makes it. Crazy. -Jim P.
Re: comcast routing issue question
On Thu, 2006-11-30 at 00:06 -0500, Jim Popovitch wrote: Question: What could cause the first trace below to succeed, but the second trace to fail? $ mtr 69.61.40.35 HOST: blueLoss% Snt Last Avg Best Wrst 1. 192.168.3.1 0.0% 14.3 4.3 4.3 4.3 2. 73.62.48.10.0% 1 10.6 10.6 10.6 10.6 3. 68.86.108.25 0.0% 1 11.4 11.4 11.4 11.4 4. 68.86.106.54 0.0% 19.8 9.8 9.8 9.8 5. 68.86.106.9 0.0% 1 20.5 20.5 20.5 20.5 6. 68.86.90.121 0.0% 1 11.3 11.3 11.3 11.3 7. 68.86.84.70 0.0% 1 27.7 27.7 27.7 27.7 8. 64.213.76.77 0.0% 1 24.5 24.5 24.5 24.5 9. 208.50.254.1500.0% 1 39.4 39.4 39.4 39.4 10. 208.49.83.237 0.0% 1 46.6 46.6 46.6 46.6 11. 208.49.83.234 0.0% 1 40.7 40.7 40.7 40.7 12. 69.61.40.35 0.0% 1 43.9 43.9 43.9 43.9 $ mtr 69.61.40.34 HOST: blueLoss% Snt Last Avg Best Wrst 1. 192.168.3.1 0.0% 11.1 1.1 1.1 1.1 2. 73.62.48.10.0% 19.9 9.9 9.9 9.9 3. 68.86.108.25 0.0% 19.3 9.3 9.3 9.3 4. 68.86.106.54 0.0% 19.6 9.6 9.6 9.6 5. 68.86.106.9 0.0% 19.0 9.0 9.0 9.0 6. 68.86.90.121 0.0% 1 18.2 18.2 18.2 18.2 7. 68.86.84.70 0.0% 1 23.9 23.9 23.9 23.9 8. ??? 100.0 10.0 0.0 0.0 0.0 Taking the 69.61.40.33/28 subnet a bit further, .36 drops at 68.86.84.70 but .37 - .39 make it. .40 drops at 68.86.84.70, but .41 makes it. Crazy. Btw, the problem has now been resolved, however I'm still curious as to what scenario could have caused that. -Jim P.
Re: Yahoo Postmaster contact, please
On Fri, 2006-11-03 at 13:42 -0800, chuck goolsbee wrote: Greetings, NANOGers. I've got a mail cluster that's been spooling about 5 messages for the past week or so (with very little drain and traffic passing), and my mail admin reports that attempted contacts to the Yahoo Postmaster are not getting answered. Can someone over there drop me a line off-list, please? Welcome to a very NON-exclusive club Matt. You are not alone*. It seems as if every other mail server on the planet is having the same issue. My queues aren't as large as most reading this, I haven't seen one email to [EMAIL PROTECTED] or [EMAIL PROTECTED] delayed all day. They come in singularly, get expanded by mailinglist software, and go out in bulk. Also, my emails (from: [EMAIL PROTECTED]) haven't seen any significant delays to/from other mailinglists this week. -Jim P.
Re: advise on network security report
On Mon, 2006-10-30 at 09:21 -0800, Roland Dobbins wrote: On Oct 30, 2006, at 8:53 AM, Rick Wesson wrote: I'm expecting to post a weekly report once a month to nanog, would this be disruptive? Hmmm, a weekly report once a month, this should be interesting. :-) -Jim P.
Re: register.com down sev0?
On Sat, 2006-10-28 at 17:36 +, Chris L. Morrow wrote: So... it sorta looks like both /24's are behind something in StLouis, Missouri ( to me atleast ). My tests from 2 years ago showed the same thing, both /24s were behind the same system in Exodus' NYC DC in Manhattan (IIRC). That is what prompted me to move everything to the rcom partner side which uses eNom. -Jim P.
ICMP PathMTU (was: Re: Extreme Slowness)
On Thu, 2006-10-26 at 18:01 -0400, Elijah Savage wrote: For FYI :) I realize that ICMP is not the best way to test and it is not a true indication of slowness or the presence of a problem. Two questions for everybody...(any and all responses appreciated, even if the reply mentions botnets or hammers ;-) ) 1) What value is ICMP if everybody pretty much considers it's accuracy suspect? 2) How does ICMP's suspect nature affect Path MTU? -Jim P.
Re: register.com down sev0?
On Wed, 2006-10-25 at 18:41 -0700, Matt Ghali wrote: On Wed, 25 Oct 2006, [EMAIL PROTECTED] wrote: I'm seeing *.register.com down (including ns*) from everywhere. Just a heads-up. I'll take your word on exhaustively checking every possible address. BTW, do you mean nameservers down, webservers down, or something else? Did the Internet break? Would be interesting to see the RFO for that one, including the why we didn't have any DNS servers offsite They colo in more than a half-dozen facilities around the world. or used anycast to at least limit amount of damage. I also have information from a pretty good source that they actually do quite a bit of anycast. There are two sides to rcom, the mompop side (aka register.com) and the partner side (Rconnection, for folks with ~25+ domains registered). On the mompop side they don't have (as far as I am concerned) a highly redundant and distributed DNS system. That opinion is based on a few hours of research abt 2 years ago. Over on the partner side they outsource the DNS systems for their customers to eNom, which does use a highly redundant and distributed anycast setup. I haven't seen any problems wrt DNS for my systems today (eNom via rcom), so I can only presume the OP was referring to the mompop side of rcom. -Jim P.
RE: Collocation Access
On Tue, 2006-10-24 at 05:51 -0700, David Schwartz wrote: Florida law, Title 13 section 322.32(2), Unlawful use of license says [i]t is a misdemeanor of the second degree ... for any person ... [t]o lend his or her driver's license to any other person or knowingly permit the use thereof by another. That statute deals with someone else _using_ my license, but in no way implies that my license can't be _held_ by someone else. The title clearly states use. ;-) -Jim P.
Re: Collocation Access
On Mon, 2006-10-23 at 18:57 +0100, Roland Perry wrote: But presumably it would need to be stolen. Wouldn't the tech notice that happening... Or is there some way the colo security guy can clone it undetected? I've been in and out of several colos that require you to leave your ID (passport/DL, and business card) up at the front desk throughout your visit. This could be for hours, or even for the whole day. During that time I imagine my ID could have been photocopied, transcribed, photographed, etc, without me ever knowing. -Jim P.
Re: AOL Non-Lameness
On Mon, 2006-10-02 at 18:30 -0400, Joseph S D Yao wrote: All, this seems seriously NON-lame to me. Of course, testing and fixing the bug before it was put out there would have been less so. Testing something like this would be difficult without duplicating everyone's email into a development system (thus possibly opening AOL up to a bad public relations or security problem). I'm sure that there were some initial tests. But given the complexity of differing emails it seems to me it would be hard to robustly test in development alone. But think of this! A large company has actually admitted that it was wrong and backed out a problem! Isn't this what everyone always complains SHOULD be done? ;-) ;-) ;-) Kudos to AOL for responding quickly, and for doing this on a Monday instead of a Friday afternoon. -Jim P.
Re: Is it my imagination or are countless operations impacted today with mysql meltdowns
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Henry Linneweh wrote: Every where I go that uses MySql is hozed and I can not access the pages I too have seen this some today, however late last night (~2AM EDT) I saw it much more. Not sure what the issue is however. On a possibly related front I've seen a 400% increase in spam today, however SA and ClamAV seem to be holding most of it at bay. - -Jim P. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE8M0uMyG7U7lo69MRApStAJ9GvelNVtGg0k/kpmQmQC2ubnN6XgCZASL7 dnOOc+68/2wgfyPuMU9XMPI= =1JxV -END PGP SIGNATURE-
Re: New Laptop Polices
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Peter Cohen wrote: 2. with regard to safety of laptops, if you mean that exec's are targets of robberies, than this further lends value i suspect of keeping everything on the network and having passwords to reach the network from the laptop, etc Nothing on the laptop but pics of the kids and mp3's. all downloaded legally of course...secure computing/safeword/etc.. to reach your remote files would seem like a good idea... That sounds like good advise, however being the sibling of a former executive from the same company as the OP, I don't think that advice would, er... fly (bad pun). The problem isn't securing the data, it's educating the user... and that can't be done in the time between today and the next executives flight. Laptop security really sucks these days... this is certainly an area for a lot more focused thought. One could easily spend less than $1000 paying off baggage handlers to side-track laptops, boot them one time from a CD containing a rootkit installer, and put them on the original or next flight. Which exec would ever know what happened? - -Jim P. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE3OtnMyG7U7lo69MRAu3uAJ0Q4O2SYUiBmg9CCKcImXxDAWTijwCeLcBC SxBtOx81VtZ24nzAWfIQyMA= =upUt -END PGP SIGNATURE-
Re: New Laptop Polices
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Here's a thought most airlines offer expedited freight service (i.e. Delta Dash). One could seal their lappy up in a box, mark it accordingly, and ship to for hold at destination airport. Chances are it will arrive before they do. - -Jim P. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.2.2 (GNU/Linux) iD8DBQFE3VRNMyG7U7lo69MRAkFwAKCAgTJhjsAv+Ur7dj9pDhRy+K8JyACdHGlh XD6b2MXZElTky4R73mc+7/8= =n3mK -END PGP SIGNATURE-
Re: Anyone else lost power at Fisher Plaza this afternoon?
Michael K. Smith wrote: It was a breaker in the main bypass from city power to the generators. The breaker failed to close so the generators happily fed power to nowhere. Then, everyone's UPS failed and down we/they went. The outage lasted approximately 26 minutes. Nobody checked to make sure that at least one of the UPSs showed a status of ONLINE instead of ONBATTERY? Were there no UPSs configured to alert during continued and extended PF? Surely people didn't just trust the sound/vibration of the running generator. -Jim P.
Re: Detecting parked domains
Sean Donelan wrote: On Wed, 2 Aug 2006, Patrick W. Gilmore wrote: I have over 100 domains on my personal web server. _NONE_ of them are parked, although not all have web pages (and of the ones that do, none have ads). I tried not to attribute malice on the part of domain parking operators. I am looking for a way that you, or anyone else, could indicate a domain should not be considered in service although the name is registered and has an A record pointing to an active server so when I check that name it doesn't require a human to interpret the results. Most of the legit domain parking operators make it pretty obvious to a human looking at the web page its not an active domain name , e.g. The Future Home Of XYZ, Buy This Domain Now, etc. Unfortunately what may be obvious to a human is sometimes difficult for a dumb computer. I just want a way to make it equally obvious to a computer. As Randy points out, there is more to the Net than the Web, so the better solution should not depend on sending a query to port 80. Don't parked domains exist on a registrar owned IP? I would think a list could be built from spending some time contacting each registrar (http://www.icann.org/registrars/accredited-list.html). ;-) Or if you didn't mind over-compensating, you could at least assume that Various Registrars listed here: http://www.iana.org/assignments/ipv4-address-space will probably contain the registrar's public sites as well as hosted domains. Just my $.02 -Jim P.
Re: Hot weather and power outages continue
Robert E.Seastrom wrote: Christopher L. Morrow [EMAIL PROTECTED] writes: On Mon, 24 Jul 2006, Richard A Steenbergen wrote: Come on Sean, this very few disruptions stuff is below your usual standards. The least you can do to help us pass the time in this damn heat is to recount a few good stories about routers you could scramble eggs on. :) there is a funny story of some dial devices on fire, and still passing packets... and an equally funny story of said devices being held up in customs in a particular european country because they said TNT on the outside of their crates... I ordered a new personal PC back in March(?) from Lenovo (discount overstock offering). Everything shipped immediately but was delayed in transit, due to a Live Entity inspection hold placed on it by the US FDA. The packing list included an item identified as mouse (it was right under the item keyboard). I'm waiting for nVidia or ATI to come out with a next-gen product named Nuclear XForce or Plutonium Wonder. :-) -Jim P.
opentransfer.com contact
Anyone from opentransfer.com around? I've tried postmaster@, but got no response. I have an email issue wrt mail22.opentransfer.com, can someone please contact me offlist. TIA, -Jim P.
www.gigablast.com
Feel free to clue me in on this please... ;-) What is www.gigablast.com? And why is it constantly performing questionable queries (mostly http) across every IP that I have access to check. I get a could of thousand hits (mostly questionable non-existing URL requests) from that ip (66.154.103.75). Anyone else seeing/questioning this? Completewhois shows some listings in some RBLs, but not the more popular ones. -Jim P.
Re: www.gigablast.com
:-) Let me add something before everyone on NANOG reminds me that gigablast is a search engine. I know what they do, but what I don't understand is why are they searching my systems for URLs that haven't ever existed there before. It's as though they are doing random word searches in hopes of striking lucky. They are crawling for URLs like this: (unfortunately most people won't see these because their spam blockers will block all the exclamation points) /Hj!!lpMall /BuscaP!!gina /!!-!! /P!!ginasAbandonadas /HilfeIndex /CategoryCategory /Aktuelle!!nderungen /EfterladteSider /SystemPagesInDanishGroup /!!rvaLapok /ForSide / /!!-!!! /StartSeite /!! /Hj!!lpTilHenvisninger /!!- /ExplorerCeWiki /Xslt /P!!ginaInicial /SenesteRettelser /!! /Pr!!f!!rencesUtilisateur /WikiHomePage /HilfeZuParsern /AiutoModello /GewenstePaginas /HilfeZu!!berschriften -Jim P. Jim Popovitch wrote: Feel free to clue me in on this please... ;-) What is www.gigablast.com? And why is it constantly performing questionable queries (mostly http) across every IP that I have access to check. I get a could of thousand hits (mostly questionable non-existing URL requests) from that ip (66.154.103.75). Anyone else seeing/questioning this? Completewhois shows some listings in some RBLs, but not the more popular ones. -Jim P.
Re: www.gigablast.com
It appears that some of the queries are valid for an older site that existed in the past. That site was a wiki and some of the Giga hits are for internationalized versions of the default help/support pages. This is fine and acceptable behavior by them (IMHO). The fact that they are querying something that no longer exist is something I can deal with. The strangeness is that some of their crawling is looking for URLs with multiple exclamation points, those URLs never existed. This may be indicative of a character translation on my system or theirs. BUT, the net net is that I no longer feel a need to be concerned about them. Thanks all, -Jim P. Jim Popovitch wrote: Feel free to clue me in on this please... ;-) What is www.gigablast.com? And why is it constantly performing questionable queries (mostly http) across every IP that I have access to check. I get a could of thousand hits (mostly questionable non-existing URL requests) from that ip (66.154.103.75). Anyone else seeing/questioning this? Completewhois shows some listings in some RBLs, but not the more popular ones. -Jim P.
Re: NANOG Spam?
Joseph S D Yao wrote: I'm immoderate. But I believe that Popovitch was speaking of different mailing lists than this one. Yes that is true, at least the part about the lists. ;-) I run a mailing list discussion system for a few non-profits, it is those lists (and their admins) that I was speaking of. Apologies to all for possibly having incited this chatter. -Jim P.
Re: NANOG Spam?
William Allen Simpson wrote: The spammers have figured out how to bypass the NANOG members-only posting, in this case by pretending to be John Fraizer and sending directly to trapdoor. On our public list servers we now require admin approval of all new subscriptions as well as email verification. It takes time, but it is worth it. Additionally, the admins occassionally reply to new subscribers with questionable addresses and ask them for a bit more info (who/what/why/etc). Finally all new subscribers are automatically moderated until their first post proves them to in fact be legit and on topic. Finally, we crawled the archives of the big lists and have come up with a list of subscribers who haven't posted in over 9 months, we plan to set the mod bit on them too very soon. These are necessary steps simply because we see at least 30 requests each week for what amounts to invalid subscriptions, if those subscriptions went through unfettered then users would be upset. Even if one bogus subscription slips through, the auto-mod provides a second chance to stop them. Perhaps these are some ideas for the NANOG mailinglist admins to implement. -Jim P.
Clueful Comcast person needed
Hi, sorry for the noise.. We need a clueful Comcast person to start checking out problems in their Atlanta headends. Over on the ALE (Atlanta Linux Enthusiasts) list there are a lot of highly educated engineers all seeing the same ongoing packet loss problems at multiple points. Calls to Comcast result in us hearing that there is no knowledge of a problem and that they are more than happy to roll a truck ($$) to our doors to diagnosis. Comcast, please save yourself some money and send the right guys to the headend(s) to troubleshoot using the data in these threads: http://www.ale.org/pipermail/ale/2006-May/030809.html http://www.ale.org/pipermail/ale/2006-May/030774.html http://www.ale.org/pipermail/ale/2006-May/030837.html -Jim P.
Re: MEDIA: ICANN rejects .xxx domain
Fred Baker wrote: On May 11, 2006, at 8:42 PM, Jim Popovitch wrote: Why not just plain ole hostnames like nanog, www.nanog, mail.nanog For the same reason DNS was created in the first place. You will recall that we actually HAD a hostname file that we traded around... Let's not go backwards now ;-) Note: I didn't advocate replacing DNS with host files. I'll attempt to clarify: If X number of DNS servers can server Y number of TLDs, why can't X number of completely re-designed DNS servers handle just root domain names without a TLD. Examples: www.microsoft smtp.microsoft www.google www.yahoo mail.yahoo Why have a TLD when for most of the world: www.cnn.CO.UK is forwarded to www.cnn.COM www.microsoft.NET is forwarded to www.microsoft.COM www.google.NET is forwarded to www.google.COM etc., etc. There are very few arguments that I've heard for even having TLDs in the first place. The most common one was Businesses will use .COM, Networks will use .NET, Organizations and Garden Clubs will use .ORG. When in reality Businesses scoop up all the TLDs in their name/interest. Why does it matter if your routers and switches are in DNS as 123.company.NET vrs 123.routers.company I do understand that today's DNS system was designed with TLDs in mind, and probably couldn't just switch over night. But why can't a next-gen system be put in place that puts www.microsoft and www.google right where they go now whether you use .net, .com, .org, or probably any other TLD? -Jim P.
Re: MEDIA: ICANN rejects .xxx domain
Steve Gibbard wrote: Note that there are a lot more TLDs than just .COM, .NET, .ORG, etc. The vast majority of them are geographical rather than divided based on organizational function. For large portions of the world, the local TLD allows domain holders to get a domain paid for in local currency, for a price that's locally affordable, with local DNS servers for the TLD. For gTLDs they'd have to pay in US dollars, at prices that are set for Americans, and have them served far away on the other ends of expensive and flaky International transit connections. Elimination of TLDs would in no way mandate that people register domains from one global entity. Today we have multiple entities registering domains back to multiple authorities, why not just have one authority and allow for multiple regional registrars. TLDs just add confusion to everything, and add complexity to the back-end. Perhaps there is a better list to move this discussion to, if someone would point me in that direction I would be glad to check it out. -Jim P.
Re: MEDIA: ICANN rejects .xxx domain
David Schwartz wrote: The major problem with this is that many other governments have dangerous ideas that they'd also like to be easily able to identify and isolate as well. If the United States gets to corral porn, why can't China corral Democracy? Why can't Russia corral advocates of terrorism (which some might consider independence). I think it would be an incredibly short-sighted policy on the part of the U.S. government to restrict the Internet in the hopes of controlling things like gambling and pornography. The precedent of government isolating dangerous ideas will be adopted by many other governments and we will have no sound ideological grounds to oppose. Excellent points. I question then why we even have a need for any TLDs. Why not just plain ole hostnames like nanog, www.nanog, mail.nanog. This would make life soo much easier for many many companies that are legally forced to have to register every freaking TLD in their name just to protect IP etc. I would imagine that the US Govt would back this proposal simply because of the problems with a particular TLD for www.whitehouse. For the sake of discussion, please don't branch into an argument about scalability. ;-) -Jim P.
Re: AOL 421 errors
Matthew Black wrote: For what it's worth, I received a very nice e-mail and had an extended telephone conversation with a third-tier support manager from AOL. They do respond and that's why I placed my original post on this thread. I too received contact from AOL, and they have been extremely helpful. Thank you AOL, and thank you NANOG. -Jim P.
Re: AOL 421 errors
Matthew Black wrote:
We've noticed a surge in 421 e-mail errors from AOL.
Message soft bounced for '[EMAIL PROTECTED]', '4.3.2 - Not accepting messages
at this time ('421', [': (DYN:T1)
http://postmaster.info.aol.com/errors/421dynt1.html', 'SERVICE NOT
AVAILABLE']) []'
It seems as though they've tightened down their policies.
We're pretty good at preventing spam with our IronPort
anti-spam gateways and internal policies.
We've also subscribed to their FBL notification service.
I'm surprised at the types of messages AOL customers consider
as spam. Anything and everything: university admission acceptance
notices; instructor class assignments; photos from friends; etc.
RANT
I've been dealing with this too for 6 days now (2 of them while away on
vacation). AOL Postmasters, while very friendly and nice, have
provided me more answers than one could fit in a magic 8-ball. We've
got 334 aol.com/cs.com/netscape.net/aim.com list members who are barely
receiving email that they want to receive. We run QA lists for 2
non-profits, one technical, the other cancer related. Users post
questions, experienced users provide answers. Nothing more.
I've have had FBLs setup and been on AOL's whitelist for 2+ years now,
and I am about at my wits end with dealing with them. It is no wonder
that their user base is shrinking, and it is sad that they treat their
own customers with such broadly applied brushes. Sure there are spam
problems, but to block requested email from reaching interested users
(some of them being AOL employees themselves) is just plain wrong.
I will say this, numerous AOL postmasters have told me that they have
issues with their FBL system (I've got 2 open tickets on that alone). I
have also been told that our email should not be being blocked/delayed,
and I have open tickets on that too. But that in no way explains to me
why the have happily accepted an average of 162332 emails each month
from us for the past 3+ years and that now they don't want it. :-)
It is worth pointing out that Yahoo!, Cox, GMail, HotMail/MSN, Mail.com,
Earthlink, Verizon, and SBC Global happily receive almost similar
amounts of email from us without the need for whitelists, FBLs, etc.
What is funny is that the domains have SPF records which AOL likes, but
they don't yet have DomainKeys which Yahoo! likes. AOL could learn a
*lot* from their competition when it comes to handling email.
/RANT
-Jim P.
Re: data center space
Lincoln Dale wrote: I suggest you talk to some of the folks you work with that have to deal with synchronous replication. In the world of storage networking synchronous I/O, typically anything higher than 1 msec round-trip latency is too high. True, but 2ms latency in syncing a backup system is much better than 1 month complete loss of service due to *poor* continuity planning. We all know what the next big threats are (nuclear and/or biological), is it worth the risk that the next (and there will be) event is small enough not to affect an area 65 miles across? -Jim P.
Re: data center space
Joseph S D Yao wrote: On Tue, Apr 18, 2006 at 09:34:41AM -0700, Philip Lavine wrote: Can someone tell me if I am out of luck. I am trying to get a 10x10 cage in New Jersey (Jersey City area) but it seems everybody is at capacity. What happened? My guess (this being NJ) is an aftereffect of the 9/11/2001 disaster. By five years after, most companies who could be affected by such an outage may have relocated a continuing-operations set of machines to one or more colo data centers. I don't know why the data centers would not have expanded to meet the influx, though. Five years after 9/11 you would think that people would have located business continuity ops much further away (assuming the businesses are based in NYC) than NJ. I'm sure that regulations require them to be x miles or in another state. But all things should considered... even the capability for major catastrophic incident(s) to affect primary and (nearby) secondary sites. I think the reasons are probably due to companies/governments thinking (hoping?) that in the event of a catastrophic event the business would be able to get ppl from site A to site B. To me it is ridiculous to assume that anyone would be left at site A, or even in the vicinity of site A. And if they are still around site A after a catastrophic event, would they behave normally and could they be counted on (families, fears, trauma, etc)? I'm an employee, but in desperate times my family comes first (that is a no brainer decision that every CIO should think about). Put your major data/ops centers on different continents, or at least on different coasts. Not big enough to do that? Outsource to someone who is. Don't want to spend the money? Partner with a non-competing similar business that is strategically located away from yours. Don't do the minimum to insure your business survival, do the maximum. Disclaimer: I work for someone who provides outsourcing services including the area of business continuity. -Jim P.
Comcast + Yahoo content issue
(sorry for the interruption) Before I go and spend hours on the phone with mind-numbing low-level support kids Does anyone know about any content caching issues between Yahoo and Comcast? For the past few days I have noticed that news content on http://my.yahoo.com is 2 weeks old when viewed from Comcast's broadband network (2 different locations in Atlanta). This is not true when viewed from the same laptop via dialup or GPRS. I know that my chances are less than 5% in trying to explain this to a customer support person, so I am hoping to glean some advice here on what to do about this. Thanks, -Jim P.
Re: The Backhoe: A Real Cyberthreat?
Jerry Pasker wrote: The point is: What's more damaging? Being open with the maps to EVERYONE can see where the problem areas are so they can design around them? (or chose not to) or pulling the maps, and reports, and sticking our heads in the sand, and hoping that security through obscurity works. Let's look at this from another point of view: Should we remove all keylocks from backhoes so that everyone can have access to them? :-) I'm all for openness, but sometimes some things only need to be accessed and used by the professionals that need those things. I fully trust that the big network operators, the ones that really really do need this data, have all the info they need to plan their network expansions, etc. I don't need to see this data, even though I might want to. -Jim P.
Re: GoDaddy.com shuts down entire data center?
I want to say, from an outsider's perspective, that I whole heartily applaud GoDaddy on the actions they took and the consistent professionalism exhibited by their tech support representative. Despite obvious (and heavily edited) calls to the same agent, the consumer was informed in a professional manner of his/her avenue for resolution. No doubt remains in my mind that the caller was not caught blind by this situation. Go Daddy has a privacy policy that no doubt prohibits them from releasing details of their side of this case, however to me the recording suggests that the caller knew this was the end result, not a sudden surprise move, and they just wanted to circumvent standard proceedure. The caller's prior thought to record, what appears as a standard call to tech-support, is insightful and should be an obvious sign of his motivation. Let me explain my perspective. I am a long standing customer of data center services, and I fully appreciate network operators' efforts to stem the spread of spam and viruses. I run a few non-profit public mailing lists and the emails from my systems traverse your networks hourly. I work quikly and diligently with service providers to overcome issues where our paths cross. I have never been a Go Daddy customer, but I certainly appreciate their stand on this issue. I will probably never be a Nectartech customer after this episode. -Jim P. - Original Message From: william(at)elan.net [EMAIL PROTECTED] To: Joe McGuckin [EMAIL PROTECTED] Cc: Richard A Steenbergen [EMAIL PROTECTED]; Matt Ghali [EMAIL PROTECTED]; Elijah Savage [EMAIL PROTECTED]; NANOG nanog@merit.edu Sent: Monday, January 16, 2006 3:43:53 PM Subject: Re: GoDaddy.com shuts down entire data center? On Mon, 16 Jan 2006, Joe McGuckin wrote: Richard, On the other hand , I'm not comfortable with the idea that an organization that provides network infrastructure services under the aegis of the US Government could unilaterally revoke those services for something that is not illegal. It does not have to be illegal. All that is necessary is that customer who purchased the service beware and agree to the policies prior to making the purchase (of course, almost nobody fully reads that long agreement you get presented on the website, but that's another story...)
Re: sober.z to hit tomorrow
I'm sutting PCs down and going on vacation for a while. Seriously. :-) TIA to those of you working to protect your customers and therefore other systems as well. -Jim P. - Original Message From: Wil Schultz [EMAIL PROTECTED] To: nanog@merit.edu Sent: Thursday, January 05, 2006 1:53:09 PM Subject: sober.z to hit tomorrow Wouldn't it be fun if it contained the WMF exploit in some form? So, I'm planning on using swatch to monitor DNS requests for the known affected domains. What is everyone else planning to do? -Wil
Awful quiet?
I miss the endless debates. Is *everyone* Christmas shopping? Here's a thought to ponder With the thousands of datacenters that exist with IPv4 cores, what will it take to get them to move all of their infrastructure and customers to IPv6? Can it even be done or will they just run IPv6 to the core and proxy the rest? -Jim P.
Re: Sober
Joseph S D Yao wrote: On Fri, Dec 02, 2005 at 09:06:57PM +, Christopher L. Morrow wrote: On Fri, 2 Dec 2005, Dennis Dayman wrote: Interested, but I see many Sober postings and outages on other lists and not here...has anyone been having issues? I know the ISP's are fighting the living out of the virus. viruses in general don't bother backbone folks? besides, don't use outlook and you don't get infected? Why would anyone not trolling for viruses use MS mail products, Chris? Because they are forced or told to by their MIS department? Sometimes the blind do lead the blind...and the blind follow (who's leading?) :-) It's also worth pointing out that MS mail products generally include a lot more functionality than just email. Calendaring and workflow are in high demands. Give MIS departments a better product and they will use it. -Jim P.
Re: Wifi Security
Randy Bush wrote: As others pointed out (to me as well), for a _man in the middle_ attack (e.g. impersonating www.paypal.com) it is necessary to play ARP games or otherwise insert yourself in the flow of traffic. not really. you just need to be there first with a bogus, redirecting, dns response. I wish I had a nickel (ok, a dollar) for every bogus laptop I've seen in hotels and airports that was setup for co_presidents_club, starbucks, t-mobile AND tmobile, corporate, etc. I've often wondered if those users were really being malicious, plain stupid, or were carrying around a laptop owned by someone else. Either way, there are PLENTY of systems out there pretending to be something they aren't. I often try to connect to them and get some data, but most either won't give an IP, or if they do, they don't forward packets or respond with anything worthwhile. I run a pretty tight system, so perhaps those faux APs are trying to detect other configs (Client for MS/Netware, F/P Sharing, SNMP, WINS, IPX, etc). -Jim P.
Re: whois.register.com - exceeded maximum number of queries?
Erik Sundberg wrote: Any reason why the whois.register.com would say You have exceeded your maximum number of queries.. Tried it from 3 differnet boxes that have 3 differnent public ip address. Tried the web gui too and I get the same lookup error. This looks specific to whois.register.com. Is anyone else seeing the same thing I, being a bit larger than the average customer of Register.com, normally see the same thing if I setup a script to pull current whois data for all the domains I have registered (most on behalf of others). However I just confirmed that I get the same response from multiple locations, so it does look like whois.register.com is having some issues. You have exceeded your maximum number of queries. -Jim P.
Re: commonly blocked ISP ports
Michael Tokarev wrote: www.dshield.org, www.mynetwatchman.org ? That should be: www.mynetwatchman.COM ;-) Both are excellent resources. -Jim P.
Re: OT - Vint Cerf joins Google
On Thu, 2005-09-08 at 12:32 -0700, Steve Sobol wrote: Fergie (Paul Ferguson) wrote: That kind of goes hand-in-hand with Vint's Galactic Internet theme. Uhhh... why does a dotcom need an Internet evangelist? He meets the requirement of having a Phd. Google must have hired some regular grad/undergrad and they needed another Phd to keep their ratio up. :-) -Jim P.
Re: India cites security concerns, blocks Huawei bid to expand their indian ops
On Wed, 2005-08-17 at 17:55 -0400, Deepak Jain wrote: I assume that an Indian intelligence agency would be more concerned about things like hidden remote control or data collection services on the systems. Exactly. The Chinese version of Cisco's CALEA code with different access methods would be pretty threatening in general. Not saying that they have one, did one, or will... but its a security risk even before you show intent on the part of Huawei. Maybe the Indian gov't is going to request the source to Huawei's code? I remember Germany or Russia requesting it of Microsoft for Windows and Microsoft complied. Requesting the source code and/or having access to it is really meaningless unless you have the skill and capabilities to compile it *and* use it. There is no sure way to know that the source code in your left hand is what was used to compile the binary in your right hand. -Jim P.
Re: Fixing .com DNS glue records - who to contact?
On Tue, 2005-08-16 at 14:10 -0700, Matthew Elvey wrote: A glue record for a .com domain (nextbus.com) is wrong, and I'm running into a brick wall trying to get it fixed. The problem is that the A and PTR records for your domain servers don't match up. See the Mismatched glue section of your dnsreport. I've got the same issue with some domains hosted over at Register.com's GPN (Global Partner Network) division. GPN outsources DNS to eNom (which is an excellent thing), but the default GPN DNS settings use dnsXX.gpn.register.com which has a PTR to dns1.name-services.com. I *think* that this is OK per RFC, would really like to hear some expert opinions on this however. -Jim P. Do I need to switch to a more clueful registrar than GoDaddy**? Contact Network Solutions? Have I screwed up the domain's bind config? Everything looks right when I _dig_ around the authoritative NS*... I futzed with the record (deleted and re-added ns.nextbus.com as an authoritative NS (nameserver(s))), and the glue became correct for several days (dnsreport.com even reported all was well) AND THEN WENT BACK TO BEING BROKEN AGAIN. http://www.dnsreport.com/tools/dnsreport.ch?domain=nextbus.com currently says: ns.nextbus.com.: Parent server (f.gtld-servers.net) says A record is 64.164.28.194, but authoritative DNS server (209.204.159.20) says it is 64.142.39.200 ns.nextbus.com.: Parent server (f.gtld-servers.net) says A record is 64.164.28.194, but authoritative DNS server (64.142.88.72) says it is 64.142.39.200 ns.nextbus.com.: Parent server (f.gtld-servers.net) says A record is 64.164.28.194, but authoritative DNS server (69.9.186.104) says it is 64.142.39.200 ALSO: Since 3 of the 4 NS don't have the wrong glue, and 4 of the 4 NS are answering appropriately, and there's no NS at the IP indicated by the wrong glue, this problem shouldn't have any user-visible impact, right? I think there are many ISPs (I've found Earthlink and SBC to be guilty of this in the past) who have broken their resolver configurations so that they sometimes don't work if one, but not all of a domain's NS don't answer. Anyway, I'm getting complaints (from a gov't agency) of mail bouncing with '450 Client host rejected: cannot find your hostname' errors. TIA. This is my first post here; please be gentle. Oh, and if I do need a new registrar, I'm taking suggestions here or here: http://wiki.fastmail.fm/index.php/GoodRegistrarSearch *dig nextbus.com MX dig nextbus.com MX @ns.nextbus.com. dig nextbus.com MX @a.auth-ns.sonic.net. dig nextbus.com MX @b.auth-ns.sonic.net. dig nextbus.com MX @c.auth-ns.sonic.net. **edited to conform to normal attribution. WARNING: CC. Subject: [Fwd: Please fix this Mismatched glue problem for domain nextbus.com [Incident: 050729-000962]] Me: Go Daddy: Me: Please fix this Mismatched glue problem for domain nextbus.com: ERROR: Your nameservers report glue that is different from what the parent servers report. This will cause DNS servers to get confused; some may go to the IP provided by the parent servers, while others may get to the ones provided by your authoritative DNS servers. Problem record(s) are: ns.nextbus.com.: Parent server (m.gtld-servers.net) says A record is 64.164.28.194, but authoritative DNS server (208.201.224.11) says it is 64.142.39.200 ns.nextbus.com.: Parent server (m.gtld-servers.net) says A record is 64.164.28.194, but authoritative DNS server (208.201.224.33) says it is 64.142.39.200 The glue in the parent servers is wrong. Thank you for contacting customer support. I have tested your site and everything is resolving properly. This error message you are getting is not on our end. Please let us know if we can help you in any other way. Advertisement for GoDaddy services removed Sincerely, Beth P. GoDaddy.com Customer Service Representative Please have this issue reviewed by someone technical - someone who knows what DNS glue is, so they can understand the error in my initial email. See http://www.menandmice.com/online_docs_and_faq/glossary/glossarytoc.htm?glue.record.htm or http://www.centralnic.com/support/glossary http://www.dnsreport.com/tools/dnsreport.ch?domain=nextbus.com shows quite clearly IN RED that there is something seriously wrong. The problem exists. It is NOT my imagination. Just because you're able to bring up www.nextbus.com does NOT mean there's nothing wrong. Thank you for contacting customer support. I have looked into this situation and found that the domain name in question is not hosted with us. This being the case you may wish to speak with your hosting provider regarding the glue situation. Please let us know if we can help you in any other way. Advertisement for GoDaddy services removed https://www.godaddy.com/gdshop/hosting/landing.asp?isc=webxpf Sincerely,
Re: Fixing .com DNS glue records - who to contact?
On Tue, 2005-08-16 at 17:19 -0400, Jim Popovitch wrote: On Tue, 2005-08-16 at 14:10 -0700, Matthew Elvey wrote: A glue record for a .com domain (nextbus.com) is wrong, and I'm running into a brick wall trying to get it fixed. The problem is that the A and PTR records for your domain servers don't match up. See the Mismatched glue section of your dnsreport. Err, scratch that. I misread your post. $host 64.164.28.194 194.28.164.64.in-addr.arpa is an alias for \ 194.192.28.164.64.in-addr.arpa. 194.192.28.164.64.in-addr.arpa domain name pointer ns.nextbus.com. Is 194.192.28.164.64.in-addr.arpa valid? I've got the same issue with some domains hosted over at Register.com's GPN (Global Partner Network) division. GPN outsources DNS to eNom (which is an excellent thing), but the default GPN DNS settings use dnsXX.gpn.register.com which has a PTR to dns1.name-services.com. I *think* that this is OK per RFC, would really like to hear some expert opinions on this however. I still would like to understand this validity of this however. ;-_ -Jim P.
RE: Cisco gate - Payload Versus Vector
On Tue, 2005-08-02 at 15:29 -0700, Dan Hollis wrote: On Tue, 2 Aug 2005, Randy Bush wrote: even without stiffling the heap check via crashing_already (i.e. a 'fix' is developed for that weakness), is the 30-60 second window sufficient to do serious operational damage. i.e. what could an attacker do with a code injection with a mean life as short as 15-30 seconds? change the passwords and write to nvram, and come back later? some more that come to mind as ssh/enable pw changes wouldn't go unnoticed for too long. change snmptrap dest change snmp r/w comstrs (most monitoring would only use r/o comstrs) change ACLs on snmp access to allow public IPs change the ip address of the host that is used for tftp boots lots of things can be done in a 1/10 of the 30-60 second window. -Jim P.
Re: NANOG List Server on several BlockLists
On Tue, 2005-07-26 at 16:49 -0500, John Palmer wrote: FYI: The IP address of the mail server that sends out NANOG list messages (198.108.1.26) is once again on most of the major RBLs. I only see it on one listing and that is for dnsbl.sorbs.net. http://www.completewhois.com/cgi-bin/rbl_lookup.cgi?query=198.108.1.26 According to sorbs, the record was created Jul-26 02:31:29 2005 and spamtrap trigger email was... Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by desperado.sorbs.net (Postfix) with ESMTP id DEF0111428 for [email]; Sat, 18 Jun 2005 14:55:42 +1000 (EST) -Jim P.
Re: NANOG List Server on several BlockLists
On Tue, 2005-07-26 at 18:00 -0400, Jim Popovitch wrote: On Tue, 2005-07-26 at 16:49 -0500, John Palmer wrote: FYI: The IP address of the mail server that sends out NANOG list messages (198.108.1.26) is once again on most of the major RBLs. I only see it on one listing and that is for dnsbl.sorbs.net. http://www.completewhois.com/cgi-bin/rbl_lookup.cgi?query=198.108.1.26 According to sorbs, the record was created Jul-26 02:31:29 2005 and spamtrap trigger email was... Received: from trapdoor.merit.edu (trapdoor.merit.edu [198.108.1.26]) by desperado.sorbs.net (Postfix) with ESMTP id DEF0111428 for [email]; Sat, 18 Jun 2005 14:55:42 +1000 (EST) -Jim P. And of course for my well-intended effort I get the following terse auto-reply declaring that I am a low life with bad intentions and a bad image. Wait a minute, I don't have free-email from Yahoo!, I pay for it. ;-) -Jim P. On Tue, 2005-07-26 at 18:51 -0400, John Palmer (NANOG Acct) wrote: Hi. This is the TMDA program at adns.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. This is probably because this is an internal account that no one is supposed to be sending mail to. If you are sending it mail, you are probably a low-life, bottom feeding scum sucking spammer who will burn in hell. NO addresses at this domain EVER want to hear from you. If your account is at YAHOO.COM or one of the other free services, we are rejecting your mail because most all of the people using these services are spammers or most spammers forge non-existent addresses with these services as their return address. If you have one of these accounts, you should realize that a large percentage of the internet will reject your mail because free services attract low-lifes that usually have bad intentions and ISP engineers know this and reject such mail. You should upgrade your image on the internet by paying for a real e-mail account. Sorry, but thats just reality.
Re: NANOG List Server on several BlockLists
On Tue, 2005-07-26 at 18:52 -0400, Joseph S D Yao wrote: On Tue, 2005-07-26 at 18:51 -0400, John Palmer (NANOG Acct) wrote: Hi. This is the TMDA program at adns.net. I'm afraid I wasn't able to deliver your message to the following addresses. This is a permanent error; I've given up. Sorry it didn't work out. This is probably because this is an internal account that no one is supposed to be sending mail to. If you are sending it mail, you are probably a low-life, bottom feeding scum sucking spammer who will burn in hell. NO addresses at this domain EVER want to hear from you. If your account is at YAHOO.COM or one of the other free services, we are rejecting your mail because most all of the people using these services are spammers or most spammers forge non-existent addresses with these services as their return address. If you have one of these accounts, you should realize that a large percentage of the internet will reject your mail because free services attract low-lifes that usually have bad intentions and ISP engineers know this and reject such mail. You should upgrade your image on the internet by paying for a real e-mail account. Sorry, but thats just reality. Well, I guess he'll never see messages from you, and never realize that he is wishing you to be damned to hell. Who loses more? Yahoo does. ;-) I personally think his message is sullying them more than me. -Jim P. Classic Quote #34179: (http://www.quotationspage.com/quote/34179.html) A closed mind is a good thing to lose.
Re: AOL and mail-accepting rules
I've seen where AOL recently (past 2 weeks) will temporarily suspend accepting bulk (mailinglists) email for up to 3 hours due to suspected spam, even from whitelisted IPs. All queued email eventually flows, presumably after being verified by humans. No related SCOMP/TOS notifications are ever returned indicating that all recipients liked what they got. -Jim P. On Fri, 2005-07-22 at 08:39 -0700, Eric Louie wrote: I have a client who is experiencing problems with sending mail to AOL. I am not resposible for their email service (yet) but I'd like to know if AOL has changed their policy on anti-spam / mail receipt for their customers (RBL, SORBS, rDNS validation), or if there's a real problem with AOL inbound mail for the past 2-3 days. thanks -e-
Re: London incidents
On Wed, 2005-07-13 at 00:19 -0400, Steven J. Sobol wrote: Indeed it does, but I have to question whether the cellphone decision was well-thought-out. I really can't believe it was. Are spontaneous moments notice decisions ever well-thought-out? Take this scenario away from terrorism and apply it to a presumed pending DoS/Spam attacks of years past. I know of a few m-f (Mon - Fri, not mother f...) businesses who would shut down corp email servers on the weekend just to avoid problems. Is that a half-baked solution, sure is. Did it help, who knows? What we know is those admins slept well that weekend. :-) -Jim P. (die thread die!)
Re: London incidents
On Tue, 2005-07-12 at 19:20 +0930, Mark Newton wrote: There's been -nothing- from the Brits to say that cellphones were involved in their explosions; And DHS says they haven't made any recommendations one way or the other; And there's no reason to believe that the threat to the New York subway system is any higher than usual; And yet someone at the Port Authority has made a unilateral decision to shut off the cells, and now if there -is- a real emergency nobody can call 911. Basically it's damned if you do take action, damned if you don't. Once again we see that you can't please all the people (yes, even those not using NYC tunnels) all the time. I think the world has shown that cellphones have been used over and over to detonate explosive devices. Why wait for it to be proved again before doing something? AFAIK Emergency Only mode allows for 911 calls, just not inbound/outbound calls. Besides, the US (at least) is full of a lot of people who need to hang up the phone and start driving good again. -Jim P. (who is tired of being caught in traffic behind weaving, slowing/speeding, hand-waving and head-shaking, cellphone drivers)
Re: London incidents
--- Patrick W. Gilmore [EMAIL PROTECTED] wrote: No, it's damned if you take stupid action, damned if you do not do something you should. People in charge of our security should not be allowed to take whatever action comes to mind in the name of security. Then who should, and with data from who's mind? I suppose they (the ones in charge) could spend their time polling the audience, but that has it's price and uncertainty too. Intelligent, useful, competent decisions should be made. If they cannot make them, we should find someone who can. But they did make a decision, it is only some (majority or not, but clearly not all) that are still not convinced of the competency of their decision. (note: some will never be convinced, some will always be convinced). Billions of dollars, millions of person-hours, and more frustration than I can quantify is not a good price to pay for the infinitesimal increase in security (if any) we have received through decisions like this one. How can you accurately know this? I think you are just presuming, but you (like I) will never really truly know. We don't like spending that money, but we have no proof that not spending it is better. We can all agree that it could probably be spent wiser, but this is the US Government. I think the world has shown that cellphones have been used over and over to detonate explosive devices. Why wait for it to be proved again before doing something? AFAIK Emergency Only mode allows for 911 calls, just not inbound/outbound calls. Besides, the US (at least) is full of a lot of people who need to hang up the phone and start driving good again. Your logic is ... illogical. If you cannot see why, I will not be able to explain it to you. (But you probably feel safer knowing I can't pack a Zippo in my checked in baggage.) No, your logic is ... illogical.., and I will not show you where. ;-) As for the Emergency Only mode, the original poster said _power was cut_ to the repeaters. Could you explain to me how this allows for 911 calls please? The original poster quoted a news report, how may times have you seen technically accurate news reports? I don't know the source of the report but I do know that some people think the the whole internet is down when only it is their connection. In this case (someone saying that the port authority had shutdown cellphone access) there are so many possible interpretations that it is impossible to really know without firsthand knowledge. Speculation as to how, is just as bad as speculation as to why (which is why I jumped into this cat fight). -Jim P. (who is tired of being caught in traffic behind weaving, slowing/speeding, hand-waving and head-shaking, cellphone drivers) Not really relevant to the discussion at hand. Mom? :-) --- notice the smiley -Jim P.
Re: London incidents
--- Patrick W. Gilmore [EMAIL PROTECTED] wrote: I was not speculating. From the post: Then we have this: http://us.cnn.com/2005/US/07/11/tunnels.cell.phones.ap/index.html The Port Authority of New York and New Jersey, which runs area transit hubs, bridges and tunnels, decided last Thursday to indefinitely sever power to transmitters providing wireless service in the Holland and Lincoln tunnels, spokesman Tony Ciavolella said Monday. The Port Authority spokesman said they decided to indefinitely sever power to transmitters. The source seems reliable, knowledgeable, and specific. So you jumped into this cat fight by speculating on something when you had an authoritative source with good, specific information. Personal attacks/differences aside.. you need to read that article. It in no way is specific about any one thing. There are several tunnels in NYC, some which the article says have had power severed and some which they say have suspended mobile service (what if the reporter got them mixed up? which tunnel are you speaking to? etc., etc.). There is also quite a few other open-ended statments like who ordered the service to be shut off, and then their is the final paragraph which seems to refute your claim that some higher US government power orchestrated this whole thing (presumably to get under your skin) I stand by my claim that, in the absense of more data, speculation on why is best left to others. I am not going to second guess their every decision until such time that I have as much info as they do. I'm sure they are not perfect, so I don't expect perfection either. YMMV. -Jim P.
OT? /dev/null 5.1.1 email
disclaimer I know this is an email-only question, however the value of the feedback from NANOG is greater than elsewhere, imho. /disclaimer Should undeliverable email (5.1.1, User unknown) be directed to /dev/null rather than responded to? I was always under the impression that it was nice to respond with a polite message, however these days it seems that 95% of the polite responses are going to 5.1.1 addresses themselves. Tia, -Jim P.
Re: OT? /dev/null 5.1.1 email
On Tue, 2005-07-05 at 09:42 -1000, Randy Bush wrote: Should undeliverable email (5.1.1, User unknown) be directed to /dev/null rather than responded to? one current fashion is to try to catch it as early in the smtp receipt process as possible and reject the mail to the smtp sender. this gives the rejection to the real source as opposed to the joe job name. Thanks Randy, It just dawned on me that rejects are in fact occurring early in the receipt process on the primary MX. This is nicely done via Sendmail's virtualusers table having a complete and accurate list of who is valid for the domains handled by that MX. However, is seems the problem is over on the secondary MX (Postfix) which only has a list of legit relay domains for pMX. When pMX is back online sMX fwds it's queue, but at that point pMX rejects to sMX...who then rejects to Sender. I'm not sure how I can get away from that happening. -Jim P.
Re: OT? /dev/null 5.1.1 email
On Tue, 2005-07-05 at 10:05 -1000, Randy Bush wrote: However, is seems the problem is over on the secondary MX (Postfix) which only has a list of legit relay domains for pMX. When pMX is back online sMX fwds it's queue, but at that point pMX rejects to sMX...who then rejects to Sender. I'm not sure how I can get away from that happening. what is the purpose of having a secondary mx? The first one goes up and down more than it probably should. :-) The principle purpose of the secondary mx, in this case, is to accept email for the primary mx during periods where the primary is down, being re-configured, or loadavg 10. The primary handles a few chatty mailinglists, and other than abuse@, postmaster@, admin@, there are no real user accounts involved. My only reason for not dropping the secondary mx is that, while I am a big proponent of using your upstream SMTP server, those who deliver directly would get temporarily unavailable messages (or worse). Of course, at least on the primary, most of those that deliver directly are dropped due to DUL RBLs. -Jim P.
