Change of Providers - time to migrate IP addresses

2004-09-23 Thread R. Benjamin Kessler 

Is there a generally-accepted best practice that dictates the time frame
for relinquishing address space when changing providers?

I have a client with a /24 from provider X; we've built the infrastructure
for connectivity to provider Y (with new address space from them) but still
have a few hosts that we've not migrated to the new address space.  We'll
certainly be rid of the old addresses within the next 60 days but would like
to terminate the circuit to provider X sooner than that.

I think this is a pretty typical thing but Googling hasn't turned-up too
much in the way of evidence of this.

Is this a reasonable thing to do?

I appreciate any feedback from NANOGers.

Thanks,

Ben

RE: new nasty email virus trick to bypass scanners

2003-12-04 Thread R. Benjamin Kessler 

 
   Common sense, in these times shows you to not open emails from
 strangers
   especially with *.zip files unless they are coming from a known party
 based on
   some kind of dialog prior to it being sent and received.
 
  Common sense always loses when fighting against the promise of dancing
 hampsters.
 
 Empirically speaking, common sense does not appear to
 be common at all.  ;-)
 
 
Quite so; as I always like to say:

Common sense is not a common virtue[1]

[1] Apologies to Adm. Nimitz and the Marines on Iwo Jima

RE: Fun new policy at AOL

2003-08-28 Thread R. Benjamin Kessler 

Does the IP address of your client's SMTP server have a reverse DNS entry
(PTR record) assigned to it?

It seems to be a new best practice to not accept e-mail from an IP address
that doesn't have a PTR record assigned.  Furthermore, if those PTR records
indicate anything like dial dns cable then more 'strict' policies tend
to reject them.

If you can't get your upstream to modify the PTR records to your
specifications (or delegate the block to you) then another way around this
would be to configure your client's SMTP server to forward to the provider's
smart host (e.g. a SMTP relay server with a known address and appropriate
PTR record configured to accept relay traffic from customer IP's).  Not the
most elegant but a serviceable workaround none the less.

HTH

Ben

~~
R. Benjamin Kessler
Network Engineer
CCIE #8762, CISSP, CCSE
Kessler Consulting
Email:  [EMAIL PROTECTED]
http://www.kesslerconsulting.com
Phone: 260-625-3273
 

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Susan Zeigler
Sent: Thursday, August 28, 2003 2:35 AM
To: [EMAIL PROTECTED]
Subject: Fun new policy at AOL


Sometime mid last week, one of my clients--a state chapter of a national
association--became unable to send to all of their AOL members. Assuming
it was simply that AOLs servers were inundated with infected emails, I
gave it some time. The errors were simply delay and not delivered in
time specified errors.

Well, it was still going on today. So, I went on site and upped the
logging on the server. What to my surprise did appear but a nice little
message informing us that I'm sorry, your IP is dynamically assigned
and aol doesn't accept dynamic IPs. 

WTF. This IP is NOT dynamic. The client has had it for about two years.

I just looked on their website to file a complaint and ask how they
determined what was dynamic and what was static and couldn't find a
contact email address. I did find the following statement:
AOL's mail servers will not accept connections from systems that use
dynamically assigned IP addresses.

It was on the following page:
http://postmaster.info.aol.com/standards.html

So, since I know someone from AOL does lurk on this list, what's my
recourse. Feel free to email me offlist. Thanks. 

On a side note, my client is also curious who's going to help pay the
bill that they shouldn't have needed to pay me due to AOL changing
policy and blocking them needlessly. Unless AOL is downloading the
entire routing pools from all ISPs on a daily basis, how do they know
which IPs are dynamic and which are static;) And, since static IPs can
actually be assigned out of a DHCP pool as well, even that won't work.

-- 

-- 

--
-Susan
--
Susan Zeigler |  Technical Services
[EMAIL PROTECTED]   |  Spindustry Systems
515.225.0920  |  

You cannot strengthen the weak by weakening the strong. 
-- Abraham Lincoln


 
Spindustry Systems, Inc. 
DES MOINES / CHICAGO / INDIANAPOLIS / DENVER 

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments,
is for the sole use of the intended recipient(s) and may contain
confidential information. Any unauthorized review, use, disclosure, or
distribution is prohibited. If you are not the intended recipient,
please contact the sender by reply e-mail and destroy all copies of the
original message including any attachments.