Nachi (was Re: New IPv4 Allocation to ARIN)

2004-01-16 Thread Michael Lewinski 


On Jan 16, 2004, at 3:31 PM, [EMAIL PROTECTED] wrote:

It's those dang Nachi-sized ICMP echo/echo-replies.  We block those at 
all
our transit points and dial-up ports.  Nachi was killing our cisco
access-servers until we did this to stop the spread.


FYI, Nachi is basically dead now from what I can tell. It was timed to 
expire in January of this year, and our flowscan graphs bear this out. 
Prior to it's self-destruction, Nachi traffic comprised about half of 
all our incoming flows. ICMP is back to pre-Nachi levels here now, and 
I have heard similiar reports elsewhere.

Stupid .org registry code change

2003-12-22 Thread Michael Lewinski 
During the recent changes to .org, whois stopped being useful for what 
I need.

 Sponsoring Registrar:R11-LROR

All I really want to know is the Registrar's name/URL to tell my client 
so they can modify their nameservers.

Does anyone have:

1) A URL to the table that will allow me to lookup a name from the 
above code (or better, a hack to whois that will do said lookup for 
me)?

2) The e-mail address  where I should my suggestion that the person who 
came up with this brilliant scheme needs to pursue a new career in a 
non-IT related field?

TIA,

Mike

Re: incorrect spam setups cause spool messes on forwarders

2003-12-01 Thread Michael Lewinski 
On Dec 1, 2003, at 11:10 AM, Randy Bush wrote:

is the following a general problem, or just one i am seeing?

note 2821 says

  450 Requested mail action not taken: mailbox unavailable
 (e.g., mailbox busy)
  550 Requested action not taken: mailbox unavailable
 (e.g., mailbox not found, no access, or command rejected
 for policy reasons)
FWIW, there are now fake smtp tarpits out there that behave this way 
(4xx deferrals of suspected spam).

http://www.benzedrine.cx/relaydb.html

The idea is to punish spammers by filling up their queues, although 
honestly I don't know of any spammers who actually *have* queues. They 
just borrow other people's of course. I'm not sold on the wisdom of 
this course.

Re: AS path fugliness?

2002-08-13 Thread Michael Lewinski 


It's back, same source as last time:

Aug 13 14:06:07  Insufficient chunk pools for aspath, requested size 268
Aug 13 14:06:11  Insufficient chunk pools for aspath, requested size 268
Aug 13 14:07:29  Insufficient chunk pools for aspath, requested size 270
Aug 13 14:09:44  Insufficient chunk pools for aspath, requested size 270
Aug 13 14:09:52  Insufficient chunk pools for aspath, requested size 268


* 205.139.72.0 208.172.167.21100  0 3561 23037 
{80,1239,1785,2379,2711,4181,4323,4513,4546,5006,5676,5778,6181,6253,6347,
6395,6453,6467,6571,6580,6993,7132,7381,7431,7633,7795,10346,10625,10674,10726,
10851,10877,10910,10937,10957,11101,11134,11169,11235,11589,11657,11853,12082,
12156,12163,12179,12180,12261,13371,13443,13488,13568,13576,13578,13641,13790,
13815,13882,13904,13919,14021,14289,14359,14381,14412,14452,14549,14564,14625,
14677,14685,14787,14793,14929,14990,15062,15215,16477,16504,16640,16707,16759,
16782,16852,17033,17060,17064,17142,17304,18548,18586,18618,18886,19024,19541,
20303,20316,20333,20357,20457,20458,21536,22184,22191,22242,22299,22319,22389,
22728,22912,23087,23181,23195,23269,23306,23365,23453,23502,23547,25639,25707,
25905,25943,26004} ?

* 205.139.73.0 208.172.167.21100  0 3561 23037 
{80,1239,1785,2379,2711,4181,4323,4513,4546,5006,5676,5778,6181,6253,6347,
6395,6453,6467,6571,6580,6993,7132,7381,7431,7633,7795,10346,10625,10674,10726,
10851,10877,10910,10937,10957,11101,11134,11169,11235,11589,11657,11853,12082,
12156,12163,12179,12180,12261,13371,13443,13488,13568,13576,13578,13641,13790,
13815,13882,13904,13919,14021,14289,14359,14381,14412,14452,14549,14564,14625,
14677,14685,14787,14793,14929,14990,15062,15215,16477,16504,16640,16707,16759,
16782,16852,17033,17060,17064,17142,17304,18548,18586,18618,18886,19024,19541,
20303,20316,20333,20357,20457,20458,21536,22184,22191,22242,22299,22319,22389,
22728,22912,23087,23181,23195,23269,23306,23365,23453,23502,23547,25639,25707,
25905,25943,26004} ?

(plus a bunch of others for the same AS)

FYI, after the Jul 03 incident I received this response from CW:

  Thank you for notifying us of the problem.  We have put a filter in 
place
  and I believe we have been in touch with our customer.
 
  Best Regards,
  Cable  Wireless US-IPGSOC

Mike