RE: Hotel in Seattle area w- internet access ?
Not listed at GeekTels, I used broadband at the W in Seattle one time, nice. Jm > -Original Message- > From: Jeff Nelson [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, June 26, 2002 11:36 AM > To: Bill Woodcock; joe mcguckin > Cc: NANOG > Subject: Re: Hotel in Seattle area w- internet access ? > > > > > This is the 'classic' list: http://www.geektools.com/geektels/ > (worldwide)... but call to confirm. I've stayed at the Four > Seasons and was pleased with everything but the price. > > "Be liberal in what you accept, and conservative in what you > send." --Jon Postel > - Original Message - > From: "Bill Woodcock" <[EMAIL PROTECTED]> > To: "joe mcguckin" <[EMAIL PROTECTED]> > Cc: "NANOG" <[EMAIL PROTECTED]> > Sent: Wednesday, June 26, 2002 1:28 PM > Subject: Re: Hotel in Seattle area w- internet access ? > > > > > > > I'm leaving for Seattle this evening. Can anyone recommend a > > hotel > that has > > > internet access in the rooms? > > > > > http://www.geektools.com/geektels/showhotels.php?country=USA&s tate=Washingto n&city=Seattle > > -Bill > > <>
RE: How many protocols...
Imagine the sceanrio, customer calls ISP, " hey I cant connect to my work VPN through your connection", ISP, "Ahah, you need our business service, not the $20/m home user service, let me put you through to a business service sales person who'll be happy to take your $50/m, then you'll be able to work from home" > -Original Message- > From: Crist J. Clark [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, June 12, 2002 1:34 PM > To: Stephen Sprunk > Cc: [EMAIL PROTECTED] > Subject: Re: How many protocols... > > > > Stephen Sprunk wrote, > > Thus spake "Magnus Boden" <[EMAIL PROTECTED]> > > > I wouldn't call it an isp if they only allowed tcp, udp > and icmp. It > > > should be all ip protocols. > > > > > > There can be a maximum of 256 of them. The isp shouldn't > care what > > > the ipheader->protocol field is set to. > > > > There is at least one ISP here in the US that filters protocol 50 > > (IPsec ESP). Does that mean they're really not an ISP? > > If they are an ISP they are an aggressively clueless ISP. Why > on Earth would you block ESP? Some strange marketing ploy to > charge more to allow people to use VPNs? Ever heard of > transport mode? Does it actually cost them more to move ESP > packets than TCP/UDP/ICMP packets? Are they under some > mistaken impression ESP would be a bandwidth hog? Do they > block GRE (protocol 47)? Do they block Checkpoint's FWZ > (protocol 94)? Or any of the other zillion VPN protocols > (some which ride over TCP and UDP too)? > > Exactly which ISP does this? They deserve some public > humiliation for doing something that breathtakingly stupid to > their customers. > -- > Crist J. Clark | [EMAIL PROTECTED] >| [EMAIL PROTECTED] > http://people.freebsd.org/~cjc/| [EMAIL PROTECTED] > <>
RE: Large ISPs doing NAT?
Why do you need a public IP to do ssh? jm > -Original Message- > From: Simon Higgs [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 4:44 PM > To: Scott Francis > Cc: Peter Bierman; [EMAIL PROTECTED] > Subject: Re: Large ISPs doing NAT? > > > > At 01:20 AM 5/2/2002 -0700, Scott Francis wrote: > > >The average customer buying a "web-enabled" phone doesn't need a > >publicly-routeable IP. I challenge anybody to demonstrate why a cell > >phone needs a public IP. It's a PHONE, not a server. > > I'm not buying a phone I can't run ssh from. End of story. My > current phone > does all that and more. Why step back into the dark ages of > analog-type > services? > > > > Best Regards, > > Simon > > -- > ### >
RE: DDOS attacks and Large ISPs doing NAT?
Unless Im mistaken (entirely possible), an IP enabled phone has 2 distinct and separate "stacks", the IP stack and the "phone" stack. As I said, in a NAT'd scenario the IP stack will never see an unsolicited request and hence not respond to it. The phone side of course will ring when called. Duh. GPRS <> VoIP (yet) Jm > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 11:26 AM > To: Mansey, Jon > Cc: [EMAIL PROTECTED] > Subject: Re: DDOS attacks and Large ISPs doing NAT? > > > On Thu, 02 May 2002 11:06:33 PDT, "Mansey, Jon" said: > > > The DDOS discussion is specifically referring to a "live" syn or > > syn/ack attack from hosts that respond to connection > requests. A NAT'd > > cell phone wont, cant ever, respond to an unsolicited connection > > request. > > *RING*!! *RING*!! Oh, I'm sorry, that was the clue phone > ringing - it couldn't be your phone, since it wouldn't answer > an unsolicited connection request > > You were saying? > > (To fill in the blanks - get a trojan loaded into the > cellphone/PDA combo, and then send it a page telling it > who/what to attack). > > -- > Valdis Kletnieks > Computer Systems Senior Engineer > Virginia Tech > >
RE: DDOS attacks and Large ISPs doing NAT?
Perhaps I should s/zombie/reflector in my orginal post. Jm > -Original Message- > From: Ian Cooper [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 11:04 AM > To: [EMAIL PROTECTED] > Cc: Mansey, Jon > Subject: RE: DDOS attacks and Large ISPs doing NAT? > > > --On Thursday, May 2, 2002 10:30 -0700 "Mansey, Jon" > <[EMAIL PROTECTED]> wrote: > > > > > To merge these 2 great threads, it is the case is it not > that NAT is a > > great way to avoid DDOS problems. I don't even want to imagine what > > the billing/credit issues would be like if your always-on > phone with a > > real IP is used as a zombie in a DDOS. "Hey I didn't use all that > > traffic last monthetc etc" > > And NAT helps you stop zombie software being installed on the > always-on > device (phone) precisely how? What's to say that an infected > system (or > vandal's system) isn't going to be connected inside the NATed space? > > > I still maintain, since the last time this was on Nanog, > that real IP > > addresses should not be entrusted to the great unwashed. > > The problem isn't that they're unwashed, the problem is that > they're being > pushed software that has bugs and holes that can be exploited > (oh look, the > "bash Microsoft" thread...) > > > And as for NAT breaking applications, I think its time the > > applications wised up and worked around the NAT issues. > > And what about those applications (protocols) that already > exist and break > when NAT exists? Or applications that simply don't scale > well when NAT > exists? > > > Look, if your application is > > important enough to you as the developer, you are going to > want it to > > penetrate and work for as many ppl as possible right? > Office workers, > > home users with gateways, GPRS/GSM/3G cell users etc etc. > So you make > > it use protocols that traverse NAT without breaking. Look at the > > streaming media players out there, they try to use, in order, > > multicast (the most effcient and best quality), UDP,TCP > then HTTP. If > > it cant get a connection with any of the first protocols, it falls > > back to http, and you get your stream. > > Right, and as you move toward HTTP you end up with a stream > that becomes > more and more expensive to deliver (and receive) and it > frequently becomes > harder and harder (and takes longer) to develop that application. > > > When you look at the economics of usability of your app, I > think your > > going to want to make it work through firewalls. > > Depends where the firewall is being run as to whether you > want it to break > the application or not, but if it's possible for all great > apps to run > through firewalls how long is it going to be before "nasty" > apps do that > well? >
RE: DDOS attacks and Large ISPs doing NAT?
That would come under the heading of a virus or trojan I believe. And sure there is no reason a NAT'd cell phone couldnt participate in this type of attack. The DDOS discussion is specifically referring to a "live" syn or syn/ack attack from hosts that respond to connection requests. A NAT'd cell phone wont, cant ever, respond to an unsolicited connection request. jm > -Original Message- > From: Gary E. Miller [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 11:00 AM > To: Mansey, Jon > Cc: [EMAIL PROTECTED] > Subject: RE: DDOS attacks and Large ISPs doing NAT? > > > Yo Jon! > > On Thu, 2 May 2002, Mansey, Jon wrote: > > > To merge these 2 great threads, it is the case is it not > that NAT is a > > great way to avoid DDOS problems. I don't even want to imagine what > > the billing/credit issues would be like if your always-on > phone with a > > real IP is used as a zombie in a DDOS. "Hey I didn't use all that > > traffic last monthetc etc" > > Who says a NATed host can not be a zombie? Get the NATed > host to read an email virus. The virus then coonects to an > IRC channel that tells the zombie when to spew. > > Each phone would not spew much, but imagine you got 100M > phones to do your DDoS for you... > > RGDS > GARY > -- > - > Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701 > [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676 > >
RE: DDOS attacks and Large ISPs doing NAT?
To merge these 2 great threads, it is the case is it not that NAT is a great way to avoid DDOS problems. I don't even want to imagine what the billing/credit issues would be like if your always-on phone with a real IP is used as a zombie in a DDOS. "Hey I didn't use all that traffic last monthetc etc" I still maintain, since the last time this was on Nanog, that real IP addresses should not be entrusted to the great unwashed. And as for NAT breaking applications, I think its time the applications wised up and worked around the NAT issues. Look, if your application is important enough to you as the developer, you are going to want it to penetrate and work for as many ppl as possible right? Office workers, home users with gateways, GPRS/GSM/3G cell users etc etc. So you make it use protocols that traverse NAT without breaking. Look at the streaming media players out there, they try to use, in order, multicast (the most effcient and best quality), UDP,TCP then HTTP. If it cant get a connection with any of the first protocols, it falls back to http, and you get your stream. When you look at the economics of usability of your app, I think your going to want to make it work through firewalls. Jm > -Original Message- > From: Jake Khuon [mailto:[EMAIL PROTECTED]] > Sent: Thursday, May 02, 2002 1:51 AM > To: [EMAIL PROTECTED] > Subject: Re: Large ISPs doing NAT? > > > > ### On Thu, 2 May 2002 10:42:01 +0200, "Daniska Tomas" > <[EMAIL PROTECTED]> ### casually decided to expound upon > <[EMAIL PROTECTED]> the following ### thoughts about "RE: Large > ISPs doing NAT? ": > > DT> and what if one of the devices behind that phone would also be a > DT> personal "ip gateway router" (or how you call that)... you could > DT> recursively iterate as deep as your mail size allows you to... > > It's possible. Could it get ugly? Yes. Do we just want to > shut our eyes and say "let's not go there."... well... maybe. > I just don't think the solution is to say, "this can never > happen... we must limit all handheld devices to sitting > behind a NAT gateway." > > > DT> hope this thread will not end in a router behind a router that > DT> serves as a router seving as a router to another router which has > DT> some other routers connected... > > God forbid! We might have a network on our hands! > > > -- > /*===[ Jake Khuon <[EMAIL PROTECTED]> > ]==+ > | Packet Plumber, Network Engineers /| / [~ [~ |) | | > --- | > | for Effective Bandwidth Utilisation / |/ [_ [_ |) |_| N > E T W O R K S | > += > */ >
