Re: google.com outage?
On Sat, 07 May 2005 19:37:01 -0400 Jonathan M. Slivko [EMAIL PROTECTED] wrote: Hmmm did anyone hear anything about a Google outage that's been going on for the past 20 minutes or so? It appears to be DNS related (ns1-ns4.google.com didn't have a record of www.google.com or www.gmail.com). I can't find any articles on the net about it and was wondering if anyone heard anything. haven't heard anything, but i saw it. www.google.com got changed to a CNAME to www.l.google.com, which wasn't there, and news.google.com got changed to a CNAME to news.l.google.com, which wasn't there. they're there now. not sure what the story is, though. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security F=ma : it's not just a good idea, it's the law
Re: EFF whitepaper
On Mon, 15 Nov 2004 10:07:20 -0500 Peering [EMAIL PROTECTED] wrote: From personal experience, whether you check that you want further mailings from MoveOn.org or not, they send them to you anytime you send anything (petitions, letters, etc) from their website. They're also not that great about taking you off when you complain (I have had to complain 2-3 times per incident). For this reason, no matter how I feel about the subject, I won't go through them anymore. Hopefully one of their contacts is listening, because their mail policy is really obnoxious. deja vu all over again. i had this conversation (about unconfirmed mailings) with a staffer at the dean campaign earlier this year. the general feeling i got was that they don't clearly understand the problem, and are much more concerned about creating a barrier to entry than worrying about creating a barrier to mail abuse. sigh, richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: People being removed from the list and such
On Mon, 18 Oct 2004 19:31:37 -0700 (PDT) Bill Woodcock [EMAIL PROTECTED] wrote: Oh, god, I hate myself for doing this, but: Two wrongs doesn't make a right. We can't solve the problem of off-topic postings by adding gratuitous administrative off-topic postings. although one is inclined to wonder if there actually is a venue for discussion these offtopic administrative questions. i have a couple that are now approaching several years old that i've refrained from asking because i've been warned about offtopic postings a couple of times, and have been concerned about whether i was going to cross the offtopic threshold by bringing up the subject of what the offtopic threshold really was and how it was judged. richard (anticipating that this may be my last nanog posting for some time to come) -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Any Kine NOGs? Re: European Nanog?
On Tue, 14 Sep 2004, Philip Smith wrote: NANOG, AfNOG, SANOG, JANOG, EOF, APOPS, SGNOG, NZNOG, NordNOG, SwiNOG, PACNOG every time i see this list, it makes me want to tell NOG NOG jokes. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: 30 Gmail Invites
On Sat, 11 Sep 2004 22:33:40 -0400 Chris Brenton [EMAIL PROTECTED] wrote: On Sat, 2004-09-11 at 22:26, Paul Vixie wrote: i still can't understand why anyone would want a gmail account, free or not. But..but..but..it's special. You have to be invited. ;-) well, i think at this point everyone on nanog can consider themselves invited. now can we please stop this? aarrgghh, richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Spammers Skirt IP Authentication Attempts
On Mon, 6 Sep 2004 22:55:07 +0200 Niels Bakker [EMAIL PROTECTED] wrote: This tells a slightly different story regarding EarthLink's commitment to adapting Sender ID, though: http://www.imc.org/ietf-mxcomp/mail-archive/msg04258.html as a general rule, you will find that the M$ license agreement for Sender ID functions as a poison pill in the context of GPL, BSD, and Apache style licensing. the restrictions on redistribution are completely incompatible with traditional open source redistribution policies. i will be very curious to see what the IETF does or does not do to resolve this issue. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: 292 cellular towers out of service due to generator failure
On Mon, 6 Sep 2004 15:47:12 -0700 Randy Bush [EMAIL PROTECTED] wrote: Due to a generator failure, 292 Sprint wireless towers in Polk, Pasco, Hillsborough, Pinellas, Manatee, Hardee, Sarasota and Charlotte counties were disrupted. There is no estimated time for restoration of power to the Sprint switch serving the towers. i assume this is florida? that would be correct. i grew up in Pinellas County, and recognize all the county names. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: 2511 line break
On Tue, 27 Jul 2004 09:22:25 -1000 Randy Bush [EMAIL PROTECTED] wrote: There is also an infinite supply of idiots and mediocre network engineers. Breaking up stuff is easier than making it robust Ettore Bugatti, maker of the finest cars of his day, was once asked why his cars had less than perfect brakes. He replied something like, Any fool can make a car stop. It takes a genius to make a car go. interesting. back when i was doing a lot of performance driving stuff (mostly bmw club race track schools), i made the following observation: you can tell someone has become an intermediate driver because they start regularly trashing their brakes. you can tell someone has become an advanced driver when they learn how to go even faster while not trashing their brakes. cheers, richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Critters
On Fri, 9 Jul 2004 09:51:16 -0400 (EDT) David Lesher [EMAIL PROTECTED] wrote: .with a special added treat. Unlike the smaller German Cockroach; the American one aka palmetto bug: a) Is noisy as all hell as they walk along your ceiling. b) When provoked, these bastards FLY at you. and they stink when you stomp on them. richard (grew up in st. pete fl) -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004 12:27:43 -0400 Hannigan, Martin [EMAIL PROTECTED] wrote: Why would the other side(new provider) violate ARIN policy and route the space? The court order doesn't apply to ARIN, or the new provider. I'd say it would be a violation of the agreement, but I'm not a lawyer. Just a thought. i suspect this will turn out to be a non-issue, even of the new provider routes the blocks and nac.net strictly obeys the requirements of the TRO. the blocks broken out of the aggregates are probably (i haven't looked) likely to be dropped by filters at many large providers, which will seriously limit their utility. so i think both nac.net and the new provider should do the obvious TRO compliant things while nac.net hashes it out in court. the customer will likely discover somewhere down the line that they've shot themselves in the foot, as they won't be able to afford to sue _everyone_ who is dropping their announcements as part of normal filter policy going back many years. i don't think anyone should be changing policies in response to this. let it play out in court. for most ISPs, change nothing seems like the smart response. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Can a Customer take their IP's with them? (Court says yes!)
On Tue, 29 Jun 2004 13:32:30 -0400 (EDT) Jon Lewis [EMAIL PROTECTED] wrote: So, how do your filters tell the difference between these broken out NAC routes through a new provider and multihomed customer routes with the primary provider's connection down? i've played this game from the multi-homed customer side before. you get your second provider to route the smaller space, and you expect the small announcements to be dropped by some ISPs and depend on the aggregate from your first provider to cover your bases there. it only works as long as the first provider continues to provide transit. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Attn MCI/UUNet - Massive abuse from your network
On Sat, 26 Jun 2004 10:50:12 -0700 (PDT) Tom (UnitedLayer) [EMAIL PROTECTED] wrote: The big deal is that spam complaining/etc is not operational content, and there are several other lists to handle that sort of thing. but then, individuals get 1 free shot at saying things that are in some cases not true about spamhaus, and Steve is prohibited from attempting to correct them. hardly seems fair, richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Can a customer take IP's with them?
On Wed, 23 Jun 2004 11:53:27 -0400 (EDT) Krzysztof Adamski [EMAIL PROTECTED] wrote: Since this customer has it's own space now, and as long as it is as large as the NAC space, they can do a simple 1-to-1 NAT at the border. This should minimise the hardship to them drastically. er, right. as long as the customer in question never needs to talk to whoever NAC reassigns the space to. i had a customer once who had, for no reason they could ever clearly explain, arbitrarily used ericson's IP space for their own internal network. as long as they didn't need to talk to ericson they were ok (yes, they used NAT at the border, but we needed to see their internal IP address space, which made for some serious annoyance.) richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Can a customer take IP's with them?
On Wed, 23 Jun 2004 19:06:54 + (GMT) Edward B. Dreger [EMAIL PROTECTED] wrote: RW Date: Wed, 23 Jun 2004 13:35:06 -0400 (EDT) RW From: Richard Welty RW i had a customer once who had, for no reason they could RW ever clearly explain, arbitrarily used ericson's IP space for RW their own internal network. Only one customer? we were a small outsourced network monitoring/management business (since bought by someone else, several years ago now.) another way to look at it is that at one point in time, 25% of our customer base was using improper ip address space (not our fault, we knew better. legacy is a bitch.) It gets annoying after a while. when you're trying to do SNMP, it gets beyond annoying, it seriously cramps your network engineering style. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Can a customer take IP's with them?
On Wed, 23 Jun 2004 14:36:56 -0700 David Schwartz [EMAIL PROTECTED] wrote: For instance, if what you say were true, all an ISP would have to do in order to sell their IP space is to create a contract stating that they are doing so. Exactly. If they did that, a court would likely enjoin them from making any action to interfere with the customer's use of those IP addresses. A court would likely find the contract binding upon the parties that entered into it. there's a word for selling something that you don't own. richard (i've got that bridge around here some where, anyone want to buy it?) -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Can a customer take IP's with them?
On Wed, 23 Jun 2004 16:00:15 -0700 David Schwartz [EMAIL PROTECTED] wrote: Why? Nobody cares who owns the IPs, just whether or not the ISP allows the customer to continue using them, which the ISP certainly has the ability to do. although the IP address block becomes damaged goods, as there are more than a few ISPs that will ignore any announcement that's broken out of an aggregate. if your /24 is broken out of TWD space, sure, people will listen, but if you've got a /21 that was given to you by NAC, and you're not a NAC customer any more, then i somehow suspect you'll have trouble reaching verio space, just to name one. additionally, how is the ISP to account to ARIN for this block should they go back for more space? there is a widely accepted understanding of how this is all supposed to work, and if the ex-NAC customer succeeds in gaining this TRO, and it becomes a pattern across the industry, then everybody's connectivity, router tables, and support budget will likely suffer. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Can a customer take IP's with them?
On Wed, 23 Jun 2004 17:25:45 -0700 David Schwartz [EMAIL PROTECTED] wrote: The reason I'm pointing out which strategies are unlikely to work is not because I hope they won't work but because I want him to make sure to emphasize the strongest possible arguments. IMO, these are: you omit argument 4: a TRO against nacs.net has no effect on the behavior of providers such as verio who won't honor the advertisement of the subnet in BGP. the customer would have to, one-by-one i think, go after everybody with the relatively common policy of ignoring such advertisements (isn't sprint one of these? that'd be a pretty big hunk of internet to be disconnected from. sprint having no contractual relationship with the idiot, er, customer in question, it'd be hard for the customer to get anywhere there.) in other words, by itself the requested TRO incompletely solves the problem, making it fairly pointless. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Can a customer take IP's with them?
On Wed, 23 Jun 2004 18:40:06 -0700 David Schwartz [EMAIL PROTECTED] wrote: a TRO against nacs.net has no effect on the behavior of providers such as verio who won't honor the advertisement of the subnet in BGP. the customer would have to, one-by-one i think, go after everybody with the relatively common policy of ignoring such advertisements (isn't sprint one of these? that'd be a pretty big hunk of internet to be disconnected from. sprint having no contractual relationship with the idiot, er, customer in question, it'd be hard for the customer to get anywhere there.) in other words, by itself the requested TRO incompletely solves the problem, making it fairly pointless. We don't know enough about the specifics to know if this argument works or not. There are two obvious cases where it doesn't: 1) The block in question is large enough (or located in legacy space) such that most/all providers will listen to it anyway. maybe. many filtering policies against legacy space are pretty severe (e.g., filter at /16 for legacy B space.) you'd have to have a block of /20 or larger for modern allocations. 2) The customer's new provider meets with their old provider directly and the new block is inside a larger block the original provider will continue to advertise. (This is a very common case if both providers are large.) It's worth pointing out, however, that if case 2 applies and case 1 doesn't, then the ISP will still be providing a level of actual packet carrying service to the customer. bt. if the ISPs have sensible policy implementations at the border, nobody will be be providing free transit because of accidents of adjacency. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Even you can be hacked
On Fri, 11 Jun 2004 17:51:00 -0400 (EDT) Scott McGrath [EMAIL PROTECTED] wrote: But wouldn't an interocitor with electron sorter option give you much more reliable packet delivery... that works fine until someone reverse the polarity of the neutron flow. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: What HTTP exploit?
On Sun, 30 May 2004 15:43:58 -0500 John Palmer (NANOG Acct) [EMAIL PROTECTED] wrote: Can anyone identify this http exploit? Seen in the apache logs: foo.bar.com - - [30/May/2004:02:45:28 -0400] SEARCH /\x90\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\ x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb 1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\ xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1\x02\xb1 etc - and it goes on for about 1200 bytes. Been getting an annoying number of these in my httpd logs today - it botches up my log analyser program. i just installed the following in my apache configs to get rid of it: # control logging SetEnvIf Request_URI ^/default.ida? dontlog SetEnvIf Request_Method SEARCH dontlog and then later on... CustomLog /var/log/httpd/access_log combined env=!dontlog between the two of them, they were consuming an absurd amount of space in my /var/log partitions. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Spamcop
On Tue, 11 May 2004 12:00:14 -0700 (PDT) Gregory Hicks [EMAIL PROTECTED] wrote: I'm guessing here, but it was probably because the *.rr.com addresses originate a LOT of spam and someone has a procmail filter that automatically refers any mail from that domain to spamcop... Or it could be that someone didn't like what you wrote and reported it .. Dunno. Remember, I said that I'm **guessing**. here's another guess: someone wants off of nanog, lost or didn't understand the unsubscribe instructions and is submitting nanog email to spamcop to try and get off. it's a guess, but it has happened before with other lists. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Question about obtaining ASN #
On Thu, 6 May 2004 13:02:11 -0700 Vish Yelsangikar [EMAIL PROTECTED] wrote: We are in the middle of a major project that will be rolled out in the next 3-4 months. With this project, I will be multihoming my network. To get ready for this project, I recently applied for an AS# for my company with ARIN and I was denied because I don't have a multihomed network and dont intend to be one in the next 30 days. Is there any other way to obtain AS#? I dont want to wait until 11th hour to get the AS#. Any suggestions are appreciated. i think you only need to wait until 30 days before, not 11 hours before. ARIN in my experience responds with reasonable promptness to ASN requests, and assuming your paperwork is in order, you really are worrying unnecessarily. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Mailserver requirements
On Mon, 05 Apr 2004 23:32:08 +0200 Arnold Nipper [EMAIL PROTECTED] wrote: On 05.04.2004 23:18 Mike Walter wrote: I am surprised you don't have problems sending to AOL as well. They don't accept email from servers that do not have reverse addresses. I don't accept email from severs without reverse addressing. of course this server does have a reverse mapping. But this reverse mapped doamin does not have an MX record. yes, and that's what's wacky. there is no requirement in the RFCs that i'm aware of that mail senders have MX records pointing back at them. there's not even a requirement for MX records for a domain, the SMTP RFCs clearly indicate that in the absense of an MX record, an A record will suffice. for that matter, if i were running a very very large mail farm with high volume in one or both directions, separating the inbound mail handlers (MX hosts) from the outbound mail relays would be something that i'd seriously consider doing as part of the architecture. this would interact very badly with the mail rejection strategy outlined in the original post in this thread. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Mailserver requirements
On Mon, 05 Apr 2004 20:03:58 -0400 Jeff Workman [EMAIL PROTECTED] wrote: --On Monday, April 05, 2004 5:48 PM -0400 Richard Welty [EMAIL PROTECTED] wrote: for that matter, if i were running a very very large mail farm with high volume in one or both directions, separating the inbound mail handlers (MX hosts) from the outbound mail relays would be something that i'd seriously consider doing as part of the architecture. this would interact very badly with the mail rejection strategy outlined in the original post in this thread. While I think it's pretty anal-retentive to require a mail sender to have a valid MX record, I don't see what would be so hard about setting up MX records for this scenario: snip Or am I missing something? yes. what's hard about it is getting every single mail server on the public internet to suddenly be set up this way so that they can talk to one single mail server with a novel policy. ain't going to happen. false positive city. cheers, richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Spam with no purpose?
On Wed, 31 Mar 2004 22:18:03 -0500 Deepak Jain [EMAIL PROTECTED] wrote: Can someone explain to me (publicly or privately) why someone would send spam with no product to sell, no position to pitch, nothing except text designed to get by a spam filter -- without even HTML to KNOW it got by a spam filter.. For example: From: Joe Legitimate [EMAIL PROTECTED] To: Deepak Jain [EMAIL PROTECTED] Subject: [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] [dictionary word] --- EOM --- I don't understand why one would waste the time, if its a test, why would it get out in public? I would like to think I am being naive, but I just don't see the upside unless it were particularly targeted at me or my mailserver to determine our response or response time, etc. just out of curiosity, do you happen to use a mail reader which normally only shows you the text portion of a mime message? there's quite a lot of spam which has attempts at busting bayesian filters in the text section, and the spam payload is in the html section. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: disabling SMTP
On Mon, 29 Mar 2004 07:20:47 -0500 Rob Nelson [EMAIL PROTECTED] wrote: Richard Welty wrote: when smtp fixup is on (default on many older pixes, i gather that there may be some improvements on newer pixes), the smtp banner is mostly obscured by * characters. the intent is a classic security by obscurity play, to hide the type and verison of the MTA behind the pix. Okay, so this is a problem when an SMTP server is hosted behind the PIX? yes. I thought the fixup statements were for outbound connections, and with it on right now I get the full banner from SMTP servers. I don't host an SMTP server myself, so can't check that. nope, they mangle inbound connections too. in addition to the banner obscuration, i (and others) have seen patterns of intermittant, arbitrary disconnections of SMTP sessions when fixup is turned on. this is harder to diagnose, though, because there is a TCP bug in some variants of Outlook that causes similar behavior. those of us running exim as an MTA a couple of revs back had to patch our installs to work around the Outlook TCP bug. i believe that patch is now permanently part of exim, as it is unlikely that the Outlook bug will ever entirely go away. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: disabling SMTP
On Sun, 28 Mar 2004 08:59:40 -0500 Rob Nelson [EMAIL PROTECTED] wrote: yes. there are a lot of pix firewalls out there with smtp fixup turned on, effectively disabling ESMTP (not to mention sporadically breaking traditional SMTP.) Could you elaborate on this? I use PIX firewalls all over the place and don't seem to have a problem with SMTP or ESMTP. then you must have smtp fixup disabled. when smtp fixup is on (default on many older pixes, i gather that there may be some improvements on newer pixes), the smtp banner is mostly obscured by * characters. the intent is a classic security by obscurity play, to hide the type and verison of the MTA behind the pix. the problem is two fold: 1) it obscures so much of the banner that any ESMTP advertisement in the banner is hidden, so the SMTP client doesn't know that it can EHLO. for standards compliant MTAs, the result is a default to the minimal SMTP standard mode of operation, and options such as SMTP over TLS are never negotiated even when both the SMTP client and server are ready to go. 2) it turns out that the * obscurity ploy is badly done, and while it hides enough of the banner to break ESMTP, it doesn't hide enough of the banner to reliably obscure the MTA in use. even if security by obscurity were a good idea (i, and many others, maintain that it is not), broken security by obscurity is annoying beyond belief. on more than one occasion, i've had clients ask me to investigate why they're having obscure problems with email transactions. in many cases, i've found that telneting to port 25 on the SMTP server end has produced the wall of asterisks, and that having them turn off smtp fixup on the pix invariably cures the problem. it's sufficiently frequent that it's generally the first thing i check for these days (it's also first because ruling it in or out is very quick.) richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: disabling SMTP
On Sun, 28 Mar 2004 10:22:44 -0500 (EST) Richard Welty [EMAIL PROTECTED] wrote: i should add that i think that this proposal is a bad idea for any number of reasons, but this cisco pix thing is very concrete so i just wanted to get it out there. before i write an extended explanation of why i don't like this idea much, i'd very much like to hear some of the motivation behind the proposal. i don't see where a client that gives EHLO and then doesn't negotiate any options is any different from a client that gives HELO, so i just don't see what refusing to accept email from HELO clients is supposed to buy you. on the server side, i don't see what refusing to send email when you don't see ESMTP in the banner accomplishes either. in either case, such a policy would only last until a VP figures out that you're responsible for his inability to exchange email with his mistress. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: disabling SMTP
On Sat, 27 Mar 2004 20:27:03 -0600 Eric A. Hall [EMAIL PROTECTED] wrote: I'm wondering if the installed base of legitimate messaging systems has migrated to ESMTP so as to get away with disabling plain-old SMTP except for internal devices. Anybody got any data or observations on this? yes. there are a lot of pix firewalls out there with smtp fixup turned on, effectively disabling ESMTP (not to mention sporadically breaking traditional SMTP.) richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Information Warfare
On Sat, 06 Mar 2004 10:11:16 -0600 Laurence F. Sheldon, Jr. [EMAIL PROTECTED] wrote: Richard A Steenbergen wrote: Information Warfare? Given the state of the industry, what we need is Information Welfare. I'd say so! SDI/starwars was several Presidents back, as I recall. i was working on some government defense type projects (not SDI) back when SDI was the big rage. we all thought that the SDI was DoD contractor welfare at the time (mostly because it reduced the funds available to us non-SDI types.) richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: dealing with w32/bagle
On Fri, 05 Mar 2004 11:23:37 -0500 [EMAIL PROTECTED] wrote: I might want to send you a file, but you probably don't want to give me a userid on the machine you'll receive it on, and I probably don't want to give you a userid on my laptop Somewhat limits the options for the general case. yes, ultimately you end up falling back on http or some traditional form of ftp, but for intermediate cases, i've had good luck using rssh in chroot mode at customer sites where there is a need to provide carefully constrained, secure access. rssh: http://www.pizzashack.org/rssh/index.shtml richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: SPAM Prevention/Blacklists
On Wed, 3 Mar 2004 17:45:59 -0500 Patrick W.Gilmore [EMAIL PROTECTED] wrote: On Mar 3, 2004, at 4:23 PM, Brandon Shiers wrote: Just a real quick question for the folks on the Nanog list: We are using the following RBL's on our MTA right now: Spamhaus (sbl-xbl) DSBL NJABL (dynablock) Of the ones above, I only use spamhaus, combined with opm.blitzed.org relays.visi.com i use the same ones as Patrick, but i also use the cbl (a component of the spamhaus xbl, perhaps the only one at the present time, but that could change.) one thing i do is use opm.blitzed.org and cbl.abuseat.org at connect time. hosts on these lists are pretty much guaranteed to be open proxies or compromised hosts, so listening to them at all is a waste of time. no need to wait until after RCPT TO: to 5xx, i just drop the connection. Also, I like sender verification, but that's me. i used it for some time, and reluctantly shut it down. blocked a lot of email abuse, but too many false positives for my taste. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: SPAM Prevention/Blacklists
On Wed, 3 Mar 2004 18:35:27 -0500 Patrick W.Gilmore [EMAIL PROTECTED] wrote: On Mar 3, 2004, at 6:00 PM, Richard Welty wrote: Of the ones above, I only use spamhaus, combined with opm.blitzed.org relays.visi.com i use the same ones as Patrick, but i also use the cbl (a component of the spamhaus xbl, perhaps the only one at the present time, but that could change.) Mind if I ask why you don't use the sbl-xbl? keep in mind that the sbl is the combination of sbl classic with the xbl, where the xbl is currently a feed of the cbl that may at a later date incorporate additional lists or data. i use the original sbl at RCPT TO: time. by separating them, i can use the cbl portion at connect time. it's a bit of flexibility that i like. at some future date, when the xbl diverges from the cbl i'll look at the differences and decide what to do about it. BTW: I also use haebeas bogons, but not really sure you would call haebeas a blacklist. :) i've used habeas in the past, but don't at the present time. one thing i do is use opm.blitzed.org and cbl.abuseat.org at connect time. hosts on these lists are pretty much guaranteed to be open proxies or compromised hosts, so listening to them at all is a waste of time. no need to wait until after RCPT TO: to 5xx, i just drop the connection. I love opm.blitzed. I haven't tried cbl.abuseat.org. I'll have to check it out. well, given that you use the sbl-xbl, you already are using the cbl. high rejection from abusive hosts, vanishingly small false positives. i love it. i like doing at connect time even better, fewer of my resources consumed by abusive hosts that way. Also, I like sender verification, but that's me. i used it for some time, and reluctantly shut it down. blocked a lot of email abuse, but too many false positives for my taste. Could you go into more detail? ... Maybe I have others I just don't know about? How many people send legit e-mail with return addresses which are bogus? the main problem is systems where the admin has foolishly started rejecting MAIL FROM: to cut down spam. i tried to whitelist such systems, but couldn't keep up. when i did finally drop sender verify, a suprising number of my mailing list subscribers came forward, relieved that they could send mail to the lists again. (the system that i set up with sender verify handles a number of confirmed opt-in mailing lists, mostly about cars). once i realized that the false positive problem was so much higher than i expected, i decided not to turn it back on. there are other cogent arguments against sender verify, but it was the false positive problem that drove my own decision. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Unbelievable Spam.
On Mon, 2 Feb 2004 15:01:19 -0600 Ejay Hire [EMAIL PROTECTED] wrote: It's just wrong in my opinion, and exacerbated by the fact that it was spammend to our abuse account. Their /24 just fell off of my piece of the internet. Have I just been blind to this all along, or are the spammers getting bolder? this is actually a somewhat well known situation, it appears that there are two warring groups of spammers joe-jobbing each other (and if you look at the from addresses, you may see them trying to get various ISP and anti-spammer mail boxes pounded by angry responses.) i've got a whole collection of them. been getting them for months. it's also somewhat offtopic for this list. i suggest that followups be off list, unless they can be typed into IOS. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Strange 192.168. UDP/138 Traffic
On Thu, 29 Jan 2004 12:24:15 -0600 Darrell Kristof [EMAIL PROTECTED] wrote: Hi everyone: I'm having some strange traffic show up on my PIX. Looking at the show conn I have many many machines attempting to make outbound UDP/138 connections to 192.168.x.x addresses. We don't have any 192.168.x.x addresses inside the company. This is blocked at our Internet router, so it's not going out, but still would like to know what this is. 138 is NETBIOS (an MS protocol). look for windows clients that have somehow gotten it in their head that they need to make a NETBIOS connection to the cited RFC1918 space. could this be a side effect of one of the current generation of viruses? richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Out of office/vacation messages
On Thu, 25 Dec 2003 14:18:46 -0600 Laurence F. Sheldon, Jr. [EMAIL PROTECTED] wrote: Mark Prior wrote: Why do so many supposedly clueful people have their vacation message system respond to mailing list email? Now I'll get to see who also doesn't keep a list of addresses that have already been sent the out of office message :-) Among the ones I found when I looked into the question with some rigor a few years ago were that mailing list traffic often no longer has a useful precedence value that was used to screen such mail. nanog has a clear Precedence: bulk line in the header which is the defacto standard for handling this, so that can't be it. i think it's basically clueless IT staffs trying to reinvent a wheel that's been invented, usually badly, billions and billions of times over the past 30 or so years. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: Cisco GSR logging issue
just a quick note to say thanks to those who have responded, off list and on. i've got some useful stuff, but haven't had time to sort through and reply to everything. i'll likely be putting up a web site on safe ways to configure logging on various types of routers so that you can trap the data needed for AUP/TOS enforcement against proxy hijackers and other network abusers w/o accidentally bringing down your network. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Cisco GSR logging issue
i'm working with some folks to try and develop evidence about proxy hijackers on or transiting their networks. i have useful notes about doing this with non-GSR Cisco routers, but right at the moment all i have for the GSRs is a note indicating that netflow is needed. i have no personal experience with the GSRs and am looking for one of two things: 1) someone experienced in capturing this stuff on a GSR or 2) a pointer to a cisco oriented list where i can get 1) above. thanks in advance, richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: SPAM from own customers
On Tue, 2 Dec 2003 14:32:16 -0500 Brian Bruns [EMAIL PROTECTED] wrote: SMTP AUTH is becoming risky if its not carefully setup and monitored. I can name one big time spammer who has warmed up to cracking weak passwords on e-mail systems that do SMTP AUTH. Means you'd have to filter your outbound mail servers port 25 from anyone not inside your network or a trusted source. not just weak passwords, but there are also obvious default, admin, and guest accounts on some SMTP servers which are sitting there, easily guessed, and they are indeed being taken advantage of. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: Anit-Virus help for all of us??????
On Mon, 24 Nov 2003 16:25:36 -0500 Suresh Ramasubramanian [EMAIL PROTECTED] wrote: Gerardo Gregory writes on 11/24/2003 4:20 PM: NAT is not a security feature, neither does it provide any real security, just one to one translations. PAT fall into the same It is not a cure all and I never said it was one. It cuts the risk down a little, is all. Dan Senie called me on this one once, and he was right. 1-to-1 NAT is not much of a security feature. Port NAT (PNAT) does, *as a side effect*, provide a measure of meaningful security. as Dan pointed out to me, the code required to implement PNAT is nearly identical to the code required to provide a state keeping firewall similar to what might be done with OpenBSD's PF or Linux's IPTables packages. it doesn't provide the additional useful features of such firewalls, but it does do the minimum. now the consumer PNAT appliances have other issues, and of course PNAT often breaks protocols that make end to end assumptions (which is why i don't like it), but the not a security feature thing is not really accurate. the security feature is a side effect, and wasn't the original intent of PNAT, but that doesn't mean it's not there. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: Datacenter Spec's
On Sat, 8 Nov 2003 15:56:05 -0800 Dan Lockwood [EMAIL PROTECTED] wrote: Try here too: http://www.averillpark.net/datacenter/ oh great. now i'm going to have to make another pass through looking for dead links. my earlier post on this subject didn't seem to get through. in addition to my somewhat scattershot website (no time to work on it unti after i find a job), there is also the datacenter mailing list, which is low volume and has some extremely experienced and knowledgable people on it. send to [EMAIL PROTECTED] to join it. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: Sabotage investigation of fiber cuts in Northwest
On Mon, 3 Nov 2003 07:27:49 -0800 (PST) David Raistrick [EMAIL PROTECTED] wrote: On Mon, 3 Nov 2003, Owen DeLong wrote: Maybe I'm missing something, but, if you have the bolt cutters, I don't see why you need the key to an adjacent lock or any of the locks. If you want to put the chain back together, you'll need to open one of the locks, or add another lock in it's place. This assumes a legit need to remove someones lock. If you just want to get in, boltcutters will usually do it. it's a terrible security mechanism regardless. suppose i want reliable unauthorized access. i determine the make and style of lock in common use, buy a bunch, buy a bolt cutter. go cut out links at each facility i wish to compromise and install my own locks right along side the legit ones. how long do you think it'll take anyone to notice the extra locks? cheers, richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: [arin-announce] IPv4 Address Space (fwd)
On Wed, 29 Oct 2003 03:14:20 -0800 Avleen Vig [EMAIL PROTECTED] wrote: On Wed, Oct 29, 2003 at 11:03:11AM +, Simon Lockhart wrote: No. Anything that relies on knowing which host it is talking to by looking at the source address of packets breaks. Plenty of UDP based apps work over NAT. Indeed, and IPSec tunnels are frequently done between routers on networks, rather than individual hosts on networks (at least in most multi-site enterprises i've seen). this is true, but incomplete. there are numerous deployment strategies for IPSec, some of which work around NAT, some of which can be coerced to work through NAT, and most of which don't work around or through NAT. businesses deploying IPSec often lack the flexibility to pick and choose, especially in extranet deployments where two independent business are deploying a tunnel with mismatched equipment and limited choices. it's particularly bad when one end is a 800 lb gorilla with all the high cards, forcing a particular set of parameters on the small business on the other end. i've consulted for small businesses on the wrong end of that stick, and it's no fun at all. you ought to try it some time before you casually toss off a statement like the one quoted above. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: data request on Sitefinder
On Mon, 20 Oct 2003 13:31:41 -0400 Kee Hinckley [EMAIL PROTECTED] wrote: More importantly--Verisign needs to deploy alternate servers so it's actually possible to test software against the changes they propose to make. Otherwise we're just running around guessing what the behavior is going to be. But fundamentally the problem is this. i maintain that there is a different problem that is fundamental. Verisign is clearly expecting the operations community to incur costs so that they can make their (estimated) $100M a year. what's wrong with this picture? richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: data request on Sitefinder
On Mon, 20 Oct 2003 14:19:36 -0400 William Allen Simpson [EMAIL PROTECTED] wrote: Since Postfix is run by a lot more enterprises than BIND, let's double that number! How about, until all the W95 and W98 and W2K servers are updated if verisgn thinks this ought to get done faster, i think they should volunteer to pay the costs, don't you? richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: data request on Sitefinder
On Mon, 20 Oct 2003 16:31:45 -0400 Steven M. Bellovin [EMAIL PROTECTED] wrote: A number of people havce responded that they don't want to be forced to pay for a change that will benefit Verisign. That's a policy issue I'm trying to avoid here. I'm looking for pure technical answers -- how much lead time do you need to make such changes safely? may i suggest another operational issue then? how does verisign plan to identify and notify all affected parties when changes are proposed? for example, in the current case, how do they plan to identify every party running postfix and inform them that they need to upgrade their MTA? this seems non-trivial to me. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[3]: data request on Sitefinder
On Mon, 20 Oct 2003 17:15:23 -0400 Howard C. Berkowitz [EMAIL PROTECTED] wrote: At 5:04 PM -0400 10/20/03, Richard Welty wrote: may i suggest another operational issue then? how does verisign plan to identify and notify all affected parties when changes are proposed? for example, in the current case, how do they plan to identify every party running postfix and inform them that they need to upgrade their MTA? this seems non-trivial to me. Purely from an operational standpoint, it would be a mark of efficiency to have a central repository of who is running what. That would mean that notifications would only be sent to those that need them, and also would provide objective information to determine how many organizations would be affected by a change. In other words, something that actually would be useful. i maintain that building this list is phenomenonally difficult. the set of people running mail servers is substantially larger than the set of people who read nanog, run backbones, run regional ISPs, etc., etc. i don't disagree that it would be useful, but how are you going to build it without actively probing mail servers across the internet? and it can't possibly ever be complete, with PIX firewalls obscuring SMTP banners and sysadmins depending on security-by-obscurity who change their banners to elminate MTA identification. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[4]: data request on Sitefinder
On Mon, 20 Oct 2003 20:06:50 -0400 Howard C. Berkowitz [EMAIL PROTECTED] wrote: I would suggest, however, that the number of people that do read these lists run mail servers with more end users than the small system administrators that do not. true, but this can be interpreted as they're small and clueless, so screw 'em, a position which i find unattractive. The absence of a list such as I've described, the difficulty of creating of which you point out, makes it more unlikely to me that an organization can really assess the effects of unilateral design changes, especially when that assessment is shrouded in commercial secrecy. agreed. richard (nine out of ten experts hand selected by Verisign agree...) -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[4]: data request on Sitefinder
On Mon, 20 Oct 2003 16:55:32 -0700 todd glassey [EMAIL PROTECTED] wrote: Do they (Verisign) have any legal reason to??? - is there anything between them and ANY of their clients that requires them to inform them before any changes to protocol facilities are made - I think not. i'd say that their client is the Department of Commerce. when the wildcard is inserted in the .com and .net zones, it affects many third parties who are not direct clients of Verisign, some of whom are users of .org or other tlds that verisign doesn't handle, so they in fact have no contractual relationship with Verisign or with a Versign client. what i had in mind, though, was that Verisign has apparently indicated that they will give somewhere around 60 days (plus/minus) notice of any future changes of this sort. Steve is attempting to collect data which constitutes technical input about the appropriateness of the interval. what i am suggesting is that the sum total of people who courtesy dictates ought to be notified is basically anyone who runs any sort of internet server. i picked mail servers because Verisign themselves identified the postfix MTA as an issue. after that, there's still the nagging issue of notification interval. many are thinking in terms of their own, often large and busy ISP or backbone operation. there are many, though, in the Enterprise or SMB spaces who are at risk of being left twisting in the wind (They're small and clueless, screw 'em). cost is without question an operational issue. how fast an affected entity (ISP, NSP, Enterprise, SMB) can adapt may be directly related to available manpower or funding. i maintain that it is very difficult to separate the funding issue from the time issue, given that Verisign apparently proposes to give the community 60 or 90 days notice of potentially significant changes to the infrastructure, affecting unpredicatable numbers of entities in ways unknown, and impossible to cost out in advance. for all the flaws of the IETF, it is infinitely preferable to this scenario. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
internet consumers forum?
_please reply offlist_ i've sent some time (at least 20 minutes) considering that while there are forums for operators and engineers to discuss issues (nanog, ietf, others too numerous to mention), there aren't really forums for informed consumers of internet services to exchange notes (or for uninformed consumers to become informed.) if anyone knows of such, please let me know. otherwise, i'm considering starting an unmoderated but carefully monitored mailing list for business oriented discussion from the viewpoint of consumers. i'd probably want to tie this in with the development of FAQs and tutorials targeted at business consumers of internet services. again, comments offlist, please. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[3]: williams spamhaus blacklist
On Thu, 25 Sep 2003 12:50:58 +0200 Hank Nussbacher [EMAIL PROTECTED] wrote: AS3339 has a zero tolerance for spamming. ... None the less, here is a recent email extract I received from someone: ... Hank, I am not a Spamhaus.org representative in any shape or form. I do not claim to speak for Spamhaus.org in any capacity. The University of xx is, however, a customer (i.e. as of this morning, we block e-mails from IP addresses listed on Spamhaus SBL). ... Basically, we are being told if we don't drop the customer, our corporate MXes will be blocked. I would not call this an extreme case, but it would appear that overzealous anti-spammers are perhaps going a bit overboard. i'd say that's more than a little bit of a reach. they admit right up front that they don't speak for spamhaus (steve linford can speak for spamhaus, and he's apparently reading this thread on nanog.) a spamhaus customer can hardly threaten a spamhaus listing, only spamhaus investigators can do that. what you're describing doesn't sound like a situation that would get you onto spamhaus. this spamhaus customer is talking through their hat. additionally, to the best of my knowledge, spamhaus listing and escalation procedures differ from the ones you described. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: williams spamhaus blacklist
On Wed, 24 Sep 2003 16:28:52 -0700 Scott Granados [EMAIL PROTECTED] wrote: Even though this is off topic, I'd have to say that this seems very odd from SpamHaus. They never seemed to isolate entire ranges but seemed more specific. I can also say they were very fast to remove issues once the spammers were removed and were also quite helpful. I wonder does this strategy demonstrate some sort of change or is it just a one off? disclaimer: i do not speak for spamhaus. i have used the sbl for many years, found it effective, and believe that steve linford and his crew are honestly trying to do a good job with a difficult project. now, to answer your question. spamhaus normally is extremely focused. they keep detailed records that explain why they have chosen to block specific ranges. they are oriented towards spammers of fixed address, that is, they don't chase open relays, they don't chase abused proxies, or anything of that sort. there are other lists that perform those functions. the blacklisting of ISP ranges is very rare, it only occurs perhaps once a year, in extreme cases. several years ago, the sbl listed sprint's coporate mail servers during a period when sprint was providing connectivity for many spamhausen. sprint responded by appointing a new head of abuse, and giving him the power to terminate spammers. sprint's corporate mail servers were delisted, and their network is now fairly clean. we don't jokingly call their service sprintpink any more. it takes a lot to get your ISP's corporate mail servers listed on the sbl. wcg's problems must be pretty severe. in another message, Leo Bicknell refered to Eddy Marin crew as (i think) alleged spammers. there's nothing alleged about it. the Eddy Marin spam gang in Boca Raton is one of the nastiest bunches of vile spamming slime you will ever see. this is all extremely well documented. go see the spamhaus site for documentation, it's all there. cheers, richard (the scary thing is that spamming may be the closest thing to a legitimate business that Eddy Marin has ever been involved in.) -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: monkeys.dom UPL being DDOSed to death
On Tue, 23 Sep 2003 18:12:11 -0400 (EDT) [EMAIL PROTECTED] wrote: These will, of course, get out of date and out of sync almost immediately. one wonders how many private blocking lists still have the old aegis netblocks in them. i make it a point to date entries in my lists and periodically purge older entries that don't seem to be active spam sources anymore, but most do not, i'm afraid. if the well run BLs are run underground or shutdown, this will ultimately lead to exactly what jon fears -- an IP space full of random, unusable superfund sites. cheers, richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
relays.osirusoft.com
although this has to do with spam, i think folks will agree that there's operational content here: relays.osirusoft.com is down, it's history, stop using it. it is currently returning 127.0.0.2 for everything, so if you're using it, you won't receive this, but at least those who don't use it will know what to say when the issue comes up. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: relays.osirusoft.com
On Tue, 26 Aug 2003 20:59:22 -0400 (EDT) Mark Jeftovic [EMAIL PROTECTED] wrote: Returning 127.0.0.2 on everything would indeed be an ugly way to bow out, but its been done before. Another RBL went out the same way previously, can't remember which one (was it orbz?) it was more complicated than that. orbs went away without a clean shutdown plan, and one of the secondary DNS operators started answering with 127.0.0.2 to try and get people to stop querying his server. it worked, although with non-trivial pain attached. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: relays.osirusoft.com
On Wed, 27 Aug 2003 13:36:54 -0400 Nathan J. Mehl [EMAIL PROTECTED] wrote: In the immortal words of Richard Welty ([EMAIL PROTECTED]): On Tue, 26 Aug 2003 15:25:46 -0700 (PDT) Gary E. Miller [EMAIL PROTECTED] wrote: returning 127.0.0.2 for everything would be an ugly way to bow out. yes, but it's been done before. And oddly enough, it was a terrible idea the first time, and hasn't gotten any better in the intervening months. I suppose going down in a blaze of glory might be appealing in the sleep-deprived haze of the tail end of a multi-week DDOS attack, but PLEASE. hey, i agree, i'm just the messenger here. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: relays.osirusoft.com
On Tue, 26 Aug 2003 15:25:46 -0700 (PDT) Gary E. Miller [EMAIL PROTECTED] wrote: returning 127.0.0.2 for everything would be an ugly way to bow out. yes, but it's been done before. I am just seeing timeouts for XXX.relays.osirusoft.com now. there has been a heavy DOS in progress against a couple of prominent anti-spammers for a week or so now, Joe Jared/Osirusoft is one of them. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: Power outage in North East
On Thu, 14 Aug 2003 16:30:49 -0400 Damian Gerow [EMAIL PROTECTED] wrote: Thus spake Joel Perez ([EMAIL PROTECTED]) [14/08/03 16:27]: Has anyone heard of a big Power outage in the North east? I just got a call from one of my tech's in the GBLX bldg in Newark, NJ at 1085 raymond and they are telling him that they lost power! But I also got a call from ATT in NY that they also lost Power! It looks like a rather large power outage -- we're in South Western Ontario, Canada, and power is out in Waterloo, Cambridge, Guelph, Hespler, and (I'm pretty sure) London as well. Can't say about Toronto. latest word (on cnn.com) is that the niagara-mohawk grid (upstate NY and parts of canada) overloaded and went down. i lost power here twice over a period of about 15 minutes (here being on NYSEG, east of Albany NY, which is joined to Ni-Mo at the hip.) it's back up, but i suspect it'll be shaky for a while. all the burning transformers, etc., are all probably side effects of the major power outage. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Forwarded message: NANOG - Outage Summary
forwarded (with permission) for someone who can't post to nanog: -- Forwarded message -- From: Ben Venzke [EMAIL PROTECTED] Date: Thu, 14 Aug 2003 18:56:00 -0400 Subject: NANOG - Outage Summary To: Richard Welty NE Outages - v2.9 The cause appears to be an overload of the Niagara-Mohawk grid which then caused cascading failures. Outage started around 1600 EST List of areas without power that I'm aware of. Sporadic impact in Maine, Tennessee, Illinois - Ben Venzke AIRPORTS WITHOUT POWER: Cleveland Detroit Kennedy LaGuardia Newark Ottawa Toronto Outage Areas: US CONNECTICUT: Bridgeport Fairfield Counties Hartford Stanford MASSACHUSETTS: Boston (sporadic) Pittsfield Springfield MICHIGAN: Ann Arbor Detroit Lansing NEW JERSEY (everywhere north of New Brunswick): East Rutherford Nanuet Newark Seacaucus NEW YORK: Albany Buffalo NYC (including City Hall and Wall Street, subways down) Plattsburg Rochester Syracuse Utica OHIO: Akron Ashland Cleveland Medina Toledo PENNSYLVANIA (NW parts): Erie Oil City Philadelphia Titusville VERMONT (southern areas) Burlington CANADA: Toronto Ottawa (Ottawa - Pembroke - North Bay corridor) Windsor, Ontario Waterloo, Ontario Cambridge, Ontario Guelph, Ontario Hespler, Ontario End of message --- -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: Power outage in North East
On Thu, 14 Aug 2003 15:24:00 -0700 Randy Bush [EMAIL PROTECTED] wrote: perhaps we should wait for the dust to settle a bit? but guessing is so much fun... this, from a NERC spokesperson, is about as authoritative as you're likely to get right now. NERC does know their business when it comes to this stuff. The North American Electric Reliability Council, an industry group responsible for monitoring the integrity of the system, said the power outages were widespread and appear to be centered around Lake Erie, although they are affecting the entire eastern interconnection. We do not know the cause at present but will continue to evaluate the situation, said Ellen Vancko, speaking for the council. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re: When Security Guards Attack (was: clearblue part deux)
On Tue, 5 Aug 2003 11:03:56 -0700 John Kinsella [EMAIL PROTECTED] wrote: On August 2 at 2:22 p.m. PDT, the on-duty guard mistakenly opened the protective cover and pressed the Emergency Power Off (EPO) button when he tried to silence the door audible alarm. I gotta remember that one. back when i was a contracter at GE RD, once a new electrician came into our work area and told us that the lisp machines in our machine room were running on emergency power and he was going to fix it for us. we weren't quite quick enough to stop him from hitting the button labeled emergency power off. in retrospect, it's funny, but at the time we were leaning towards killing him right then and there. cheers, richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Java, PHP, PostgreSQL, Unix, Linux, IP Network Engineering, Security
Re[2]: National Do Not Call Registry has opened
On Mon, 30 Jun 2003 17:03:08 +0100 Roland Perry [EMAIL PROTECTED] wrote: In message [EMAIL PROTECTED], Tomas Daniska [EMAIL PROTECTED] writes quote A: No. Placing your number on the National Do Not Call Registry will stop most, but not all, telemarketing calls. Some businesses are exempt from the national registry and still can call you even if you place your number on it. Exempt businesses include: long-distance phone companies airlines banks and credit unions; and the business of insurance, to the extent that it is regulated by state law. All the above text has now disappeared from their site ! this is looking kind of off topic, but... most of those extemptions existed because the industries in question were being regulated by a different commission. said commission had the authority to buy into the do not call list. they have done so, and so the extemptions have mostly gone away. i think politicians can still pester you for money at dinner time, though. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: Looking for advice on datacenter electrical/generator
On Sat, 5 Apr 2003 17:47:33 + (GMT) E.B. Dreger [EMAIL PROTECTED] wrote: DL Date: Fri, 4 Apr 2003 21:26:25 -0500 (EST) DL From: David Lesher DL D) Diesel engines, err Diesel-fueled piston engines, be they DL 2 or 4-cycle, need frequent oil changes. I thought it was the exact opposite. Diesel fuel has much better lubricity than LPG/CNG/gasoline. diesels need frequent oil filter changes because they load the oil up with soot. the oil itself can last a long time. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[4]: Looking for advice on datacenter electrical/generator
On Sat, 5 Apr 2003 12:14:32 -0800 Dan Lockwood [EMAIL PROTECTED] wrote: Assuming the genset was running under load, how often would the oil filter need to be changed? Are there any other issues that would need to be addressed in a sustained power outage? As far as genset maintenance that is. i suggest you get that info from an engineer for the outfit that supplies your generator. my familiarity with diesel maintenence is with transportation applications, and i'm not even going to attempt to guess at how to map milage intervals to the generator application (i bet locomotive guidelines might be relevant, as modern diesel locomotives are really generator sets anyway.) if you do try and go with extended runs between oil changes, at intervals take samples and have professional analysis done. this is standard practice for large truck fleets and other transportation and industrial applications. you can run a long time on the oil, but you need the analysis to correctly recognize when the jig is up. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: Looking for advice on datacenter electrical/generator
On Fri, 4 Apr 2003 19:48:17 -0500 Leo Bicknell [EMAIL PROTECTED] wrote: So, IMHO, natural gas is good for smaller applications (probably under 250Kw), in areas where the gas is stable so you don't have to do on site storage. Otherwise Diesel is probably cheaper (both in genset cost and fuel cost), and easier to obtain. this is the gist of what i learned a couple of years back. when i asked the PE at the vendor (a Cat reseller) about gas vs. diesel, he showed me that for the size generator we were looking at, diesel was a much better bet on the economics alone. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: Looking for advice on datacenter electrical/generator
On Thu, 3 Apr 2003 10:57:35 -0500 (EST) David Lesher [EMAIL PROTECTED] wrote: Further gotcha's: Diesel fuel is a Petri dish. Weird bugs grow in it. [Call Tom Ridge!] If you don't have the right additives, your filters SHALL clog on same when you most need same. additionally, in cold climates, diesel fuel can and will gel if it isn't the right mix. the fuel delivered in the summer may not have the right additives. some vendors of diesel fuel do a better job with their winter mix than others. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: State Super-DMCA Too True
On Sun, 30 Mar 2003 13:13:24 -0800 (PST) Dan Hollis [EMAIL PROTECTED] wrote: On Sun, 30 Mar 2003, Jack Bates wrote: enough to scare people into not breaking them. However, history has shown that we instead make it a criminal offense and use that as the way to scare people into doing what is right to begin with. Since when should breaking an ISP's TOS incur a heavier prison term than a guy who beats his wife? i've been holding my tongue, but i'm quite frankly concerned that numerous corporate interests (MPAA, RIAA, etc.) are trying hard to get certain things criminalized that are dealt with perfectly well already in civil contract law. an ISP can permit or ban NAT as they see fit, per their TOS. no need for this to be criminal. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re: Verizon mail server on MAPS RSS list
On Thu, 27 Mar 2003 13:40:00 -0700 Josh Gentry [EMAIL PROTECTED] wrote: We've got customers trying to receive email from people using Verizon for Internet acess, and we are rejecting that mail because out013pub.verizon.net [206.46.170.44] is on the MAPS RSS list. Can't pull up the MAPS RSS website at the moment to check why. Anyone know contact info for Verizon for this kind of issue? maps RSS is open relays. try the abuse.net relay tester on the BL'd IP and see what it turns up, http://www.abuse.net/relay.html richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: Verizon mail server on MAPS RSS list
On Thu, 27 Mar 2003 13:24:06 -0800 (PST) Jay Hennigan [EMAIL PROTECTED] wrote: Verizon allows anyone who forges an @verizon.net From: address to relay through their servers. This behavior is intentional. ah. then they will find it challenging to get off of anybody's open relay list. richard (just fixed one of those types of open relay at a customer's site) -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: Network monitoring/IDS rant - What's hot what's not?
On Tue, 25 Feb 2003, Christopher J. Wolff wrote: I'm rapidly coming to the conclusion that any software Computer Associates publishes is designed for the criminally insane. i've generally thought of CA as as the old software rest home, the place where it goes to die. cheers, richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: Network monitoring/IDS rant - What's hot what's not?
On Wed, 26 Feb 2003, Pete Kruckenberg wrote: On Wed, 26 Feb 2003, Christopher L. Morrow wrote: CA-Unicenter/OVW/Tivoli are not IDS systems... (traditionally) but they can normally monitor the heck out of 'decent' sized networks (less than 500 components was my last experience with OVW atleast, tivoli and CA we never got working correctly with less than 1 metric butt ton of LOE to keep it running) What are the options and recommendations for networks 500 components? i've done this sort of stuff successfully with Aprisma Spectrum. issues: 1) it's not cheap. on the other hand, Aprisma did used to have a service provider oriented pay-per-number-of-notes-monitored pricing plan, which is how we did it back when i was running a Spectrum based NMS shop. 2) it runs only on W2K and Solaris, and for large installations, runs much better on Solaris. sizing depends on number of nodes being monitored. enough RAM is important. multiple spindles with well chosen file system partitioning, and 2 CPUs, also make a difference. 3) getting it to run well requires experience. some default settings are not very suitable for monitoring large WANs, and it is definitely not set up and forget it software. 4) apropos to 3, budget for training. one or two smart guys who've been through class can handle it (no need for Aprisma Professional services.) 5) reporting used to be clumsy, although are were some add-ons available to improve this. 6) the database used to be a proprietary network database based on the old VistaDB. they've been migrating towards MySQL, although the migration isn't complete yet. archived polling data does go into MySQL, but the database of monitored nodes was still in the proprietary database the last time i looked at this. note also that there are a bunch of up-and-coming NMS systems that may or may not be better than Spectrum. the last time i did an evaluation, Spectrum was the best in the cost-no-object model, but that was a while ago. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re: OT: 111 8th Ave. Parking
On Sat, 8 Feb 2003 15:01:48 -0500 (EST) Charles Sprickman [EMAIL PROTECTED] wrote: Any advice? Any secret spots? I've been there exactly once and I didn't see any good spots. Looking to go in this weekend, but would love hints for weekday travel as well. it's been a while, but i used to park in the lot underneath the building. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: 13,000 Bank of America ATM's taken out by virus.
On Sat, 25 Jan 2003 20:33:24 -0500 Vinny Abello [EMAIL PROTECTED] wrote: I know of a bank whose consultants are blithering idiots. i had a small local bank as a client at a network monitoring company i used to be involved in. we usually refered to their IT staff (in private) as larry, moe and curly. the only reason their frame network between branches worked at all was because they turned the whole thing over to us. they didn't have a clue, not a single one between the three of them. it really is that bad. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: att.net email issues?
On Fri, 24 Jan 2003 19:16:55 -0500 (EST) Sean Donelan [EMAIL PROTECTED] wrote: Doesn't anyone else find it funny when people scream that ISPs should block ports and shoot people with misconfigured systems; yet when an ISP actually does enforce even a modest requirement; people start screaming how unfair or stupid that ISP is for doing that. this isn't that simple. if folks had been enforcing something like this all along, then most everyone would have working rDNS and everything would be hunky dory. unfortunately, it didn't work this way. lots of people have broken or non-existent rDNS. some years ago, because of the correlation between no rDNS and spam, i tried a similar measure. the false positive rate was pretty impressive. my experiment only lasted a couple of days before i decided that it was unacceptably high. i don't think things are any better today. maybe att's decision will somehow make the net a better place if they stick to it. i won't bet against this. however, the transition period will be more painful than i think they realize. or perhaps they do realize how painful it will be and don't care. personally, i'd be happier if they'd focus on abuse problems on their own network. they don't seem to be doing much of a job of turfing spammers among their customer base. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re: Wireless insecurity at NANOG meetings
On Mon, 23 Sep 2002 14:52:41 +0100 Simon Lockhart [EMAIL PROTECTED] wrote: Someone sat in the hotel lobby with a powerful laptop isn't going to cause anyone to look twice, at a NANOG conference. ok, i think we need to talk about the actual threats at a nanog conference. 1) some otherwise harmless person gets free internet access for a couple of days. BFD. 2) some hacker uses free, untraceable access to do something nasty. hmmm. 3) some attendee gets hacked because they have security problems with their laptop. sounds like a personal problem to me. 4) some spammer parks nearby and sends out a lot of spam. so block port 25 outbound, don't offer mail servers, anyone who wants to send email can bloody well tunnel back to their home systems using ssh or ipsec. are there others i've missed? do we really care about anything other than 2, as the others have remedies or are else apparently unimportant? turning up WEP would keep the riffraff out. is that actually necessary or important? richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re: IP address fee??
On Thu, 5 Sep 2002 13:49:25 -0400 Derek Samford [EMAIL PROTECTED] wrote: Haha. Mighty good question. No good answer. From: Richard A Steenbergen [mailto:[EMAIL PROTECTED]] Why in this day and age, 9 years after the invention of CIDR, are we still refering to class C's? about 2 years ago, interviewing fresh graduates for jobs, i found that they were still being taught classful networking at many colleges. it was a fairly depresssing discovery. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re: Vulnerbilities of Interconnection
On Thu, 05 Sep 2002 12:04:16 -0700 William B. Norton [EMAIL PROTECTED] wrote: Terrorists in cement trucks? Again, it seems more likely and more technically effective to attack internally than physically. Focus again here on the cost/benefit analysis from both the provider and disrupter perspective and you will see what I mean. reflecting on my experiences in such facilities... usually all i've ever needed to do at the door is sign in after proving that i work for a company that has colo space. my boxes of equipment have never been inspected. therefore, to attack many colo facilities, it is sufficient to sign contracts that i never intend to honor and then carry boxes of stuff up that has nothing to do with colo. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: your mail
On Wed, 21 Aug 2002 00:32:24 -0400 (EDT) David Lesher [EMAIL PROTECTED] wrote: Unnamed Administration sources reported that N. Richard Solis said: If you haven't worked in an environment where you had to turn in your cellphone and pager at the front desk, show a badge to a camera around every corner, and get your office keys from a vending machine you dont know what real security looks like. You missed the places w/ real security. That's where the very polite Marine Security Guard with the 870 shotgun asks to see your badge again... or you're standing in the parking lot, and suddenly find yourself surrounded by men in suits carrying mac-10s. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re: EPOs in critical facilities
On Wed, 21 Aug 2002 17:28:48 -0400 (EDT) Sean Donelan [EMAIL PROTECTED] wrote: On Wed, 21 Aug 2002, Deepak Jain wrote: We have seen disgruntled Union members hit the EPO in data centers in Union-friendly cities. Not pretty outcome, no matter how much redundancy you have. I believe the Uptime Institute has some statistics showing EPO problems are one of the top five reasons for critical facility outages. i've seen poorly trained, inexperienced electricians hit EPOs for totally bogus reasons. putting a big red EPO button in front of them is like dangling a shiney object in front of some people i know. once at GE RD, we had an electrician announce that the room was running on emergency power, so he had to turn the emergency power off. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: Notes on the Internet for Bell Heads
On Fri, 12 Jul 2002 14:51:34 -0400 Sandy Harris [EMAIL PROTECTED] wrote: Padlipsky's Elements of Networking Style may be the funiest technical book ever written. It is a really vicious critique of the whole OSI approach, written mid-80s. Some chapters are also available as RFCs, I think 871-875. yes, 871 is a personal favorite of mine; i've photocopied it and passed it out in classes i've taught. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
email problems
apologies in advance for this somewhat off topic posting. back in may, a number of you contacted me indicating that there were problems with email that i was sending out (for example, some of you are getting no visible From: or To:) one of the authors of my email client wishes to investigate; if anyone can supply complete copies of such an email (including _complete_ headers), i'd appreciate it. obviously, send them directly to me, not to the entire nanog list. problems have been reported both with some versions of M$ Outlook and Netscape mail. thanks in advance, richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: Bet on with my boss
On Fri, 21 Jun 2002 12:42:23 -0700 Scott Francis [EMAIL PROTECTED] wrote: On Fri, Jun 21, 2002 at 03:37:56PM -0400, [EMAIL PROTECTED] said: How important is the phone to you? I mean, given some situation that arises, can we solve it without the phones? If the network is down, the phone is critical. For any complicated problem, the phone is also critical. and in particular, one point that the inexperienced often overlook, but probably 99% of the readership of this list is familiar with, is that a modem in a remote equipment cabinet is a good thing, as when you blow a router config and it stops talking to the network, dialing into it via said modem is the only quick path to saving your job. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[3]: SPEWS?
On Thu, 20 Jun 2002 20:39:58 -0400 (EDT) Steven J. Sobol [EMAIL PROTECTED] wrote: Although Paetec is now being implicated in some TCPA violations over on the junkfax mailing list, so I'm no longer convinced they're whitehat. i never claimed they were white hat. i have some direct personal experience them, and believe that at best, they're deeply confused. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: DDOS attacks and Large ISPs doing NAT?
On Thu, 2 May 2002 15:40:57 -0400 Bradley Dunn [EMAIL PROTECTED] wrote: Some vendors bundle firewall functionality with NAT functionality, just as some vendors bundle SNA with IP. some vendors actually sell NAT devices that say firewall on the outside of the box. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[2]: bulk email
On Mon, 22 Apr 2002 09:32:04 -0400 (EDT) David Lesher [EMAIL PROTECTED] wrote: Likely insufficient. Save your hide by getting verification on every entry; i.e: 1) Get request. 2) Send email to alleged requester. 3) Do nothing unless/until you get back a confirming yes, I do want reply. and log and save everything. if there's a web form, then log the ip address that the request came from. provide enough infrastructure that when you get a complaint, you can rapidly provide the records. and the urban legend thing is incorrect. AOL has in some cases had mailing list providers sign agreements governing their behavior. that's the only one i know of, but there could be others. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security
Re[4]: Metromedia Fiber warns of possible bankruptcy :-(
On Tue, 19 Mar 2002 16:58:46 -0500 Deepak Jain [EMAIL PROTECTED] wrote: Since they are defaulting on a $975B note to Verizon, and since they have been saying Verizon does lease dark fiber from them, it would be the easiest thing in the world for Verizon to take control of MFNX. The real question is will they merge it with Genuity? 1) $975B seems a tad large 2) it was my understanding that Genuity was spun off when GTE merged with BA, a requirement imposed by the regulators. richard -- Richard Welty [EMAIL PROTECTED] Averill Park Networking 518-573-7592 Unix, Linux, IP Network Engineering, Security