RE: Iraqi TLD
John Neiberger wrote: Jeroen Massar [EMAIL PROTECTED] 2/23/05 10:49:47 AM On Wed, 2005-02-23 at 17:42 +, Ken Gilmour wrote: Does anyone know if the .iq tld has been reinstated yet? I believe it was disabled a couple of years ago. It is now in the hands of some US company: Isn't that pretty much true for the entire country of Iraq? :) John And infocom was shutdown by the feds for terrorism reasons. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: ler@lerctr.org US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: Warning - new trend of attempts to infect ISP users (possibly virus)
http://vil.nai.com/vil/content/v_101071.htm W32/[EMAIL PROTECTED] --On Tuesday, March 02, 2004 20:07:17 -0800 william(at)elan.net [EMAIL PROTECTED] wrote: I have just seen emails (several different kinds) pretending to be sent from 3 of my isp domains to users of those domains warning users that their email account would be disabled and asking to open a .pif attachment. I know largest ISPs probably have expierenced this but I believe what I have seen today means they are after ISPs (or possibly just after any domains with number of email addresses under them) of all sizes right at the moment. All emails we received from the same source ip - 129.59.206.187 Please check your email base for what looks like the following (in the examples I changed everything to elan.net, actually every isp domain received different example of this, only first one is exact). Example 1: --- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Email account utilization warning. Hello user of Elan.net e-mail server, Your e-mail account has been temporary disabled because of unauthorized access. For further details see the attach. Best wishes, The Elan.net team http://www.elan.net --- Example 2: --- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Warning about your e-mail account. Dear user of Elan.net mailing system, Our main mailing server will be temporary unavaible for next two days, to continue receiving mail in these days you have to configure our free auto-forwarding service. Further details can be obtained from attached file. Cheers, The Elan.net team http://www.elan.net --- Example3: --- To: [EMAIL PROTECTED] Subject: Warning about your e-mail account. From: [EMAIL PROTECTED] Dear user, the management of Elan.net mailing system wants to let you know that, Some of our clients complained about the spam (negative e-mail content) outgoing from your e-mail account. Probably, you have been infected by a proxy-relay trojan server. In order to keep your computer safe, follow the instructions. Please, read the attach for further details. The Management, The Elan.net team http://www.elan.net -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749 pgp0.pgp Description: PGP signature
Re: Distributed sniffer products
--On Wednesday, September 03, 2003 15:22:55 -0400 ravi pina [EMAIL PROTECTED] wrote: On Wed, Sep 03, 2003 at 12:05:06PM -0700, Luke Starrett said at one point in time: SSH works, but it's sometimes nice to have a persistent session that I can pick back up later (or from a different PC). Luke http://www.gnu.org/software/screen/ -r Does anyone have a *GOOD* screenrc example config? I was VERY confused by the info file. (OT, I know, but...) LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: Tier-1 without their own backbone?
--On Wednesday, August 27, 2003 15:53:44 -0500 John Palmer [EMAIL PROTECTED] wrote: I hear that Level 3 is good but do they handle small stuff like T-1? We may be looking to dual-home soon and will be looking around. Remember, Level(3) bought (at least some of) genuity/bbn. I was always impressed with the genuity folks. We just switched a DS3 to the AS3356 backbone from AS1 on Monday. Smoothest turn up I've ever had. LER - Original Message - From: Sean Crandall [EMAIL PROTECTED] To: 'Rick Ernst' [EMAIL PROTECTED]; [EMAIL PROTECTED] Sent: Wednesday, August 27, 2003 15:48 Subject: RE: Tier-1 without their own backbone? One of the providers we are looking at is Level-3. Any comments good/bad on reliability and clue? We already have UU, Sprint, and ATT. I also realize that the they suck less list changes continuously... :) I have about 5 GB of IP transit connections from Level3 across 8 markets (plus using their facilities for our backbone). Level3 has been very solid on the IP transit side. MFN/AboveNet has also been very good to us. -Sean Sean P. Crandall VP Engineering Operations MegaPath Networks Inc. 6691 Owens Drive Pleasanton, CA 94588 (925) 201-2530 (office) (925) 201-2550 (fax) -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: Patching for Cisco vulnerability
--On Friday, July 18, 2003 21:57:57 +0200 Daniel Roesen [EMAIL PROTECTED] wrote: On Fri, Jul 18, 2003 at 03:31:25PM -0400, Jared Mauch wrote: 12.0(21)S* (at least S5 and above) have broken SNMP interface counters and Cisco refuses to fix the bug in 12.0(21)S*, so people who don't Do you have a DDTS I can reference? Not handy, but from cisco-nsp Archives I've found CSCea35259 and CSCdy30984, and a reference to CSCea63754 which I can't take a look at in BugToolkit. Symptom: SNMP output octet counter stops counting traffic (except some control plane traffic it seems), with every few days jumping by weird amounts producing such funny things like 150mbps spikes on a FE interface. I've seen a box with a nicely loaded FE (30-70mbps) which took (reproducably) just about 48 hours to have this interface stop counting. If this would have been a customer interface, it would have meant reload router every two nights or lose money. This bug is supposed to be (finally) fixed in 12.0(25)S1. Given that you a) don't want to lose money and b) don't want to do two whole-network upgrades within a short time, going to 12.0(21)S7 to fix the vulnerabilty is no real option, so people are more or less forced to put their networks on bigger risk by going from 12.0(21)S* to (25)S1. I'm running 12.0(25.2)S, and it has the bug REALLY squashed. LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: Don't call registry off the map?
--On Friday, June 27, 2003 12:43:24 -0400 Steven M. Bellovin [EMAIL PROTECTED] wrote: In message [EMAIL PROTECTED], Tim Rand writes: I was able to earlier today, but the response was VERY slow. Their = server is probably pretty busy I got through to the Web site earlier, but I haven't received the confirmation emails. I'm pretty certain there's no spam filter in the way, either -- I guess the mail server is even more overloaded than the Web server... I hit the Web server between 06:00 and 07:00 CDT today, and am STILL waiting for the emails. FWIW. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: Major E-mail Delivery for FTC DNCR Launch
One of my system admins passed the following, and he does have a point: You might pass back: The range of IP addresses that this stuff will be coming from, along with an assurance that only these mails will be coming from these servers would allow us to whitelist those addresses. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: OT: Notebooks /w a serial port?
--On Friday, March 21, 2003 16:46:51 -0500 Drew Weaver [EMAIL PROTECTED] wrote: Seems like these are all but extinct, but does anyone know of a 'new' notebook that has a serial port built onto it? I've found some that have port replicators, but that can be a pain when you need to serial into a router or some other device. What do you guys use? Socketcomm has a PCMCIA serial port card. Not cheap. If you hear of something else, Please let me know. LER -Drew -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: OT: Notebooks /w a serial port?
--On Friday, March 21, 2003 13:40:17 -0800 Roy [EMAIL PROTECTED] wrote: Serial ports that plug into USB seem to be fairly cheap I guess I need to look harder.. (and does FreeBSD 4-STABLE support them? ). LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: Talked about this before
On Mon, 2002-09-09 at 09:12, William Waites wrote: Jane == Pawlukiewicz Jane [EMAIL PROTECTED] writes: Jane Quick Question, how much memory does the bgp tables actually Jane take. I'm estimating 32 mb in my plan, but I'm worried Jane that's not enough. that was 320Mb, no? ;) Here is a show ip bgp summ from a router with 2 full views and 6 iBGP peers, and a couple of customer peers with 10 routes each: BGP router identifier 209.196.121.1, local AS number 4278 BGP table version is 7175400, main routing table version 7175400 112794 network entries and 505980 paths using 33655314 bytes of memory 89941 BGP path attribute entries using 5037424 bytes of memory 44221 BGP AS-PATH entries using 1134058 bytes of memory 63070 BGP route-map cache entries using 1261400 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory Dampening enabled. 127 history paths, 118 dampened paths 223243 received paths for inbound soft reconfiguration BGP activity 219567/1719967 prefixes, 5720413/5214433 paths, scan interval 60 secs -- William Waites [EMAIL PROTECTED] finger [EMAIL PROTECTED] for PGP keys Idiosyntactix Research Laboratories http://www.irl.styx.org -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
RE: IETF SMTP Working Group Proposal at smtpng.org
What about individuals that run their own mail servers? (E.G. me).? On Wed, 2002-08-21 at 14:28, Derek Samford wrote: I really like this. A sort of IRR for mail servers. Maybe when registered it could even check if the server was an open relay, and not allow those servers to be registered until properly configured. Any thoughts? Derek -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of Mark Segal Sent: Wednesday, August 21, 2002 3:12 PM To: 'Robert Blayzor'; [EMAIL PROTECTED] Subject: RE: IETF SMTP Working Group Proposal at smtpng.org It's almost to the point to where mail servers need their own registrar, sort of the way domains are tracked now, track mail servers. Give mail server admins the option to accept mail from registered mail servers only or from any mail server. Of course there would need to be a ramp up period, like six months to a year, to make sure all of your mail servers are registered. And of course one should only be able to register mail servers if the IP space is actually SWIP to them. If the IP space is NOT SWIP, it would need to be registered by the customer ISP or via owners rwhois server. Just my $.02; for what it's worth Really good idea (no sarcasm, I actually like it).. But what stops spammers from registering their mail server?..Ie.. 1) Get a dsl account 2) Ips get swipped to you 3) Register the server 4) SPAM 5) Apologize, get a second chance 6) get booted off 7) Call the next ISP with a zero install 8) Rinse and repeat. Regards, Mark -- Mark Segal Director, Data Services Futureway Communications Inc. Tel: (905)326-1570 -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
RE: IETF SMTP Working Group Proposal at smtpng.org
On Wed, 2002-08-21 at 14:50, Robert Blayzor wrote: What about individuals that run their own mail servers? (E.G. me).? Get your mail server registered just like everyone else I suppose. If your address space is not registered to you directly, your ISP would have to do this for you. You're ISP would then handle any complaints (if any) from the registrar and coordinate it with you directly. I honestly like that idea because as a network operator, I like to know what customers are running mail servers on our network, where they are, and who owns them. Actually, it's swip'ed to me (I work for said ISP), but I also run a SMTP server on my laptop which bounces usually between two addresses (one at home, one at work), and I suppose that the work address (NOT swip'ed) would have a problem under this proposal. I DO understand the reasoning, but it is a **BIG** culture change, and would take a year or two or more to implement network wide. I think $100/year is STEEP, if it is PER SERVER, but per COMPANY/INDIVIDUAL it **might** be acceptable. (I have 3 boxes + the laptop that do SMTP regularly). Ideas given this? -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
RE: Draft of Rep. Berman's bill authorizes anti-P2P hacking
Agreed here. Has this even got a bill number yet? On Wed, 2002-07-24 at 13:15, Derek Samford wrote: I second that. If I see any of my clients having any sort of malicious activity directed at them, then there is no chance of me allowing their traffic through. I would be more than happy to send all their traffic to packet hell. Large corporations do not get any special consideration if it comes down to the stability of my network vs. receiving their traffic. Derek -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of James Thomason Sent: Wednesday, July 24, 2002 2:10 PM To: Marshall Eubanks Cc: [EMAIL PROTECTED] Subject: Re: Draft of Rep. Berman's bill authorizes anti-P2P hacking Would malicious actions on the part of copyright holders violate the AUP of most networks? Or are service providers more willing to tolerate denial of service attacks by large corporations than say, spam? If this legislation is passed, they certainly will earn Null0 on mine. Regards, James Thomason On Wed, 24 Jul 2002, Marshall Eubanks wrote: Thought this would be considered on-topic as guess who would have to clean up the resulting messes... Regards Marshall Eubanks - Forwarded message from Declan McCullagh [EMAIL PROTECTED] - From: Declan McCullagh [EMAIL PROTECTED] Subject: FC: Draft of Rep. Berman's bill authorizes anti-P2P hacking To: [EMAIL PROTECTED] Date: Tue, 23 Jul 2002 20:29:35 -0400 X-URL: http://www.mccullagh.org/ X-URL: Politech is at http://www.politechbot.com/ http://news.com.com/2100-1023-945923.html?tag=politech Could Hollywood hack your PC? By Declan McCullagh July 23, 2002, 4:45 PM PT WASHINGTON--Congress is about to consider an entertainment industry proposal that would authorize copyright holders to disable PCs used for illicit file trading. A draft bill seen by CNET News.com marks the boldest political effort to date by record labels and movie studios to disrupt peer-to-peer networks that they view as an increasingly dire threat to their bottom line. Sponsored by Reps. Howard Berman, D-Calif., and Howard Coble, R-N.C., the measure would permit copyright holders to perform nearly unchecked electronic hacking if they have a reasonable basis to believe that piracy is taking place. Berman and Coble plan to introduce the 10-page bill this week. The legislation would immunize groups such as the Motion Picture Association of America and the Recording Industry Association of America from all state and federal laws if they disable, block or otherwise impair a publicly accessible peer-to-peer network. Anyone whose computer was damaged in the process must receive the permission of the U.S. attorney general before filing a lawsuit, and a suit could be filed only if the actual monetary loss was more than $250. According to the draft, the attorney general must be given complete details about the specific technologies the copyright holder intends to use to impair the normal operation of the peer-to-peer network. Those details would remain secret and would not be divulged to the public. The draft bill doesn't specify what techniques, such as viruses, worms, denial-of-service attacks, or domain name hijacking, would be permissible. It does say that a copyright-hacker should not delete files, but it limits the right of anyone subject to an intrusion to sue if files are accidentally erased. [...] - POLITECH -- Declan McCullagh's politics and technology mailing list You may redistribute this message freely if you include this notice. To subscribe to Politech: http://www.politechbot.com/info/subscribe.html This message is archived at http://www.politechbot.com/ Declan McCullagh's photographs are at http://www.mccullagh.org/ - Like Politech? Make a donation here: http://www.politechbot.com/donate/ - - End forwarded message - -- Regards Marshall Eubanks T.M. Eubanks Multicast Technologies, Inc 10301 Democracy Lane, Suite 410 Fairfax, Virginia 22030 Phone : 703-293-9624 Fax : 703-293-9609 e-mail : [EMAIL PROTECTED] http://www.multicasttech.com Test your network for multicast : http://www.multicasttech.com/mt/ Status of Multicast on the Web : http://www.multicasttech.com/status/index.html -- Larry Rosenman http://www.lerctr.org/~ler
Re: looking glass
On Thu, 2002-07-18 at 14:00, Scott Granados wrote: What are people using for looking glass software. Is it just some simple perl code which grabs data from the router or is it more complex than that? The RANCID package includes a decedent of the Digex looking glass code. http://www.shrubbery.net/rancid/ -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: AS path fugliness?
We've had 4 crashes with chunk corruption On Wed, 2002-07-03 at 10:46, Mike Lewinski wrote: Anyone else receiving huge as-path (more than 125) causing these: Jul 3 08:23:06 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath, requested size 268 Jul 3 08:23:46 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath, requested size 270 Jul 3 08:27:45 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath, requested size 274 Jul 3 08:31:59 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath, requested size 268 Jul 3 08:41:02 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath, requested size 268 Jul 3 08:41:43 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath, requested size 270 Jul 3 08:57:56 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath, requested size 268 Jul 3 09:04:04 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath, requested size 268 Jul 3 09:10:01 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath, requested size 268 Jul 3 09:10:52 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath, requested size 270 Jul 3 09:17:40 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for aspath, requested size 268 (per http://www.cisco.com/warp/public/459/35.shtml ) It started just after local Qwest routes apparently recovered from some kind of nose-dive. We're still sorting through the tables trying to find out who, thus far longest I've found is about 20. Mike -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: Savvis? 14:00 CDT change?
On Thu, 2002-06-27 at 19:28, Larry Rosenman wrote: Around 14:00 CDT (GMT -0500), we noted most of our traffic ingress was through Savvis, not it's normal path. Turning down our BGP session with them, traffic returns to it's normal path. Anyone else seeing weird stuff from Savvis? It was cleared up around 21:00 CDT (GMT -0500). I did receive some private replies that we weren't the only ones. Thanks! -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: Fwd: WorldCom Investor News: WorldCom AnnouncesIntentiontoRestate 2001 and First Quarter 2002 Financial Statements
. The company is also exploring the sale of other wireless assets and certain South American assets. These sales will reduce losses associated with these operations and allow the company to focus on its core businesses. Paying Series D, E and F preferred stock dividends in common stock rather than cash, deferring dividends on MCI QUIPS, and discontinuing the MCI tracker dividend, saving approximately $375 million annually. Continuing discussions with our bank lenders. Creating a new position of Chief Service and Quality Officer to keep an eye focused on our customer services during this restructuring. We intend to create $2 billion a year in cash savings in addition to any cash generated from our business operations, said Sidgmore. By focusing on these steps, I am convinced WorldCom will emerge a stronger, more competitive player. About WorldCom, Inc. WorldCom, Inc. (NASDAQ: WCOM, MCIT) is a pre-eminent global communications provider for the digital generation, operating in more than 65 countries. With one of the most expansive, wholly-owned IP networks in the world, WorldCom provides innovative data and Internet services for businesses to communicate in today's market. In April 2002, WorldCom launched The Neighborhood built by MCI - the industry's first truly any-distance, all-inclusive local and long-distance offering to consumers for one fixed monthly price. Effective as of the close of regular trading on July 12, 2002, WorldCom will eliminate its tracking stock structure and have one class of common stock with the NASDAQ ticker symbol WCOM. For more information, go to http://www.worldcom.com. Forward-Looking Statements This document includes certain forward-looking statements within the meaning of the Private Securities Litigation Reform Act of 1995. These statements are based on management's current expectations and are subject to uncertainty and changes in circumstances. Actual results may differ materially from these expectations due to economic uncertainty; the effects of vigorous competition; the impact of technological change on our business, alternative technologies, and dependence on availability of transmission facilities; risks of international business; regulatory risks in the United States and internationally; contingent liabilities; uncertainties regarding the collectibility of receivables; risks associated with debt service requirements and; our financial leverage; uncertainties associated with the success of acquisitions; and the ongoing war on terrorism. More detailed information about those factors is contained in WorldCom's filings with the Securities and Exchange Commi! ssion. -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Re: ARIN IP allocation policy, ip vs. name website hosting
On Wed, 2002-06-26 at 14:22, matthew zeier wrote: I recall reading that ARIN was preferring the use of hostname based virtual websites over IP based, however I can't find that wording on ARIN's site. Anyone have points to it? I believe they withdrew that when it was pointed out that it breaks SSL badly. -- matthew zeier - In mathematics you don't understand things. You just get used to them. - Johann von Neumann -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749
Strange Bandwidth drop: 5/21 14:00 to 5/22 02:00: Any one else seeit
Looking at our graphs, we saw a very significant drop in our inbound bandwidth from Tuesday, 21/May/2002 14:00 (UTC -0500) to 22/May/2002 02:00 (UTC -0500). We can't explain it from internal sources. Did anyone else see this? Does anyone have an explanation? Thanks, LER -- Larry Rosenman http://www.lerctr.org/~ler Phone: +1 972-414-9812 E-Mail: [EMAIL PROTECTED] US Mail: 1905 Steamboat Springs Drive, Garland, TX 75044-6749