Re: AS41961 not seen in many networks

2007-01-04 Thread Rick Ernst 



Not seeing any of the routes, or any routes from AS41961.  UUNET, Sprint,
and AT&T connectivity.


On Thu, January 4, 2007 05:57, Sebastian Rusek wrote:
>
> Hi,
>
> Since November 2006 we announce our 3 new prefixes:
>
> 194.60.78.0/24
> 194.60.204.0/24
> 194.153.114.0/24
>
> from new AS41961.
>
> It seems that somewhere our announcements are blocked probably due to
> bogon
> lists.
>
> Our ASN is is in AS block allocated by RIPE on 13 April 2006 then somebody
> can
> have it still in as-path ACLs.
>
> Could you please check your configuration or help us to isolate the
> problem?
> --
> Sebastian Rusek, Phone: +48 71 3352352
> AXIT Polska Sp. z o.o., ul. Ruska 51b, 50-079 Wrocław, Poland
>

Re: Sprint security contact

2004-12-06 Thread Rick Ernst 


I had a couple of requests outside the list to pass on any information I
found.

The puck.nether.net phone number is correct.  To get to the NOC it is
option #3.  Option #2 is for trouble/ticketing.

There's additional information given between each option, so it takes a
while to hear that one.



On Mon, 6 Dec 2004, Erond wrote:

:>
:>
:>One of our customers is currently undergoing a ~30Mbs DDoS to a single IP.
:>We've BGP blackholed them within our network, but they are still beating up
:>on our upstream links.
:>
:>UUNET has blocked them internally, but I'm getting bounced around within
:>Sprint to have their NOC/security group work on it.  I started with our
:>contact information and also the puck.nether.net info.
:>
:>If there is a Sprint security person on list, please contact me. If
:>somebody has a direct Sprint NOC/Security contact, please pass it along.
:>
:>Thanks,
:>Rick
:>
:>

Re: Worms versus Bots

2004-05-11 Thread Rick Ernst 


While following the thread, I did a bit of Googling, then browsing 3Com's
site:

http://www.3com.com/products/en_US/detail.jsp?tab=features&pathtype=purchase&sku=3CRFW200B

On-NIC firewall w/remote management.


On Tue, 11 May 2004, Chris Woodfield wrote:

:>Simple solution...build the on-NIC firewall to not use uPnP, or at least require
:>a password before changing rulesets. :)
:>
:>Seriously, this is such a stupidly simple solution that I'm amazed no one's attempted
:>to make a product out of it yet.
:>
:>-C
:>
:>On Tue, May 11, 2004 at 12:21:29PM -0400, [EMAIL PROTECTED] wrote:
:>> On Tue, 11 May 2004 11:38:33 EDT, Chris Woodfield said:
:>>
:>> > A better solution would be a NIC with a built-in SI firewall...manageable from a 
host
:>> > app, but physically separate from the OS running on the PC.
:>>
:>> Gaak.  No. ;)
:>>
:>> What's the point of a firewall, if the first piece of malware that does manage
:>> to sneak in (via a file-sharing program, or a webpage that installs malware, or
:>> an "ooh! Shiny!" email attachment) just does the network Plug-N-Play call to
:>> tell the firewall "Shield DOWN!"?
:>>
:>
:>
:>

Re: DS-3 test equipment

2003-12-03 Thread Rick Ernst 


Replying with responses to my own post:

The overwhelming response was TTC/Acterna T-Berd with a couple of Digitial
Lightwaves thrown in, plus a hit each for Anritsu and Sunset.

Thanks for all the information.

Rick




On Tue, 2 Dec 2003, Rick Ernst wrote:

:>
:>
:>I've searched the archives and find some hits on DS-1 test gear, but I'm
:>looking for opinions/experience with DS-3 test gear.

DS-3 test equipment

2003-12-02 Thread Rick Ernst 


I've searched the archives and find some hits on DS-1 test gear, but I'm
looking for opinions/experience with DS-3 test gear.

We've started bringing up more DS-3 circuits, both directly to customers and
also for Frame/ATM/DSL aggregation.  Telco used to do all provisioning and
testing for us, but we are looking to be able to more troubleshooting
in-house.

Any recommended gear for basic functional testing (clock, loop, insert
patterns and errors)?  It would be nice if the test gear could do T-1 testing, too.

I'm seeing a fair number of hits on eBay for TTC/Acterna gear, but I don't
know what I'm looking at/for.  I've done BERT testing many lifetimes ago, but
don't have any current knowledge/experience.

Thanks,
Rick

domainmonger.com with wildcard NS?

2003-10-14 Thread Rick Ernst 


This was brought to my attention by a friend.  It looks like
ns1.domainmonger.com and ns2.domainmonger.com are doing wildcard A records for
all zones, including those that already exist.

If you go to their site and try to register a domain, it properly shows if the
domain exists or not.

I'm trying to figure out what the reasoning is behind this.

My friend alo pointed out this CERT alert, but I'm not sure how it relates:
  http://www.kb.cert.org/vuls/id/109475


Rick



---

; <<>> DiG 9.2.3rc4 <<>> @ns1.domainmonger.com www.esdfsadfsdftreet.com a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50340
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;www.esdfsadfsdftreet.com.  IN  A

;; ANSWER SECTION:
www.esdfsadfsdftreet.com. 1200  IN  A   216.52.102.86

;; AUTHORITY SECTION:
com.1200IN  NS  ns1.domainmonger.com.
com.1200IN  NS  ns2.domainmonger.com.

;; Query time: 37 msec
;; SERVER: 216.98.150.33#53(ns1.domainmonger.com)
;; WHEN: Tue Oct 14 09:59:24 2003
;; MSG SIZE  rcvd: 107

-

; <<>> DiG 9.2.3rc4 <<>> @ns2.domainmonger.com www.legendz.com a
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 40110
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 0

;; QUESTION SECTION:
;www.legendz.com.   IN  A

;; ANSWER SECTION:
www.legendz.com.1200IN  A   216.52.102.86

;; AUTHORITY SECTION:
com.1200IN  NS  ns1.domainmonger.com.
com.1200IN  NS  ns2.domainmonger.com.

;; Query time: 91 msec
;; SERVER: 216.122.4.81#53(ns2.domainmonger.com)
;; WHEN: Tue Oct 14 10:01:28 2003
;; MSG SIZE  rcvd: 98

Re: dry pair

2003-08-29 Thread Rick Ernst 


Have you tried ordering it as an "alarm circuit"?

Also, it seems like telcos are less willing to provide dry pair anymore.


On Fri, 29 Aug 2003, Austad, Jay wrote:

:>
:>Does anyone know to go about getting Qwest or a CLEC to patch through a dry
:>pair between two buildings connected to the same CO?
:>
:>When I called to order one, no one knew what I was talking about.
:>
:>-jay
:>

Tier-1 without their own backbone?

2003-08-27 Thread Rick Ernst 


We are sending out feelers for adding an additional DS-3, or possibly frac
OC-3.  One of the responses came back with "we won't be competive with
 because they don't have their own backbone.

Is there a cross-reference for provider vs network backbone, or is this just
something that we have to ask each provider for?  I "assume" that UU, Sprint,
and AT&T are self-owned backbones, but others... ?

One of the providers we are looking at is Level-3.  Any comments good/bad on
reliability and clue?  We already have UU, Sprint, and AT&T.  I also realize
that the "they suck less" list changes continuously... :)

Thanks,
Rick

Layer 5+ inspection at the border?

2003-08-25 Thread Rick Ernst 



I'm looking for a beast that is roughly a combination of Cisco NBAR and
Foundry URL inspection.

NBAR worked pretty well for CodeRed, but I'd rather have a dedicated device
rather than overloading a router with non-routing functions. I haven't used
Foundry's URL inspection, but it looks reasonable, too.

I would, however, like something that can do generic Layer 5+
inspection/alteration so things such as SMTP headers can also be inspected and
processed/blocked/altered.

I'd prefer a switching device that can replace the switches between my border
and core, but allow transparent manipulation of the packets, preferably at
wire-speed.

Any suggestions?  The idea is to have a central location that can watch for
and block 'bad payload'.  It looks like F5 may have a solution, but I'd like
comments and experiences from those that have deployed such a device.

Thanks,
Rick

Re: "The internet is slow"

2003-07-31 Thread Rick Ernst 


Packet loss within UUNET, apparently localized to the Portland (OR) area.
I've turned down our peer with them and things are looking much better.

Thanks for all the help/responses.

Rick

Re: "The internet is slow"

2003-07-31 Thread Rick Ernst 

On Thu, 31 Jul 2003, Rick Ernst wrote:

:>
:>
:>Gah.. I hate these kind of vague problems.
:>
:>I have multiple users complaining about "the internet is slow"; specifically
:>to sites such as aol, cnn, amazon.  Our support folks are also having trouble
:>getting to postini's admin pages.  Things are excruciatingly slow.


I got quite a few responses in a very short period of time.

a) DNS resolve problems - already checked, looks OK
b) traceroutes  - Multiple reports of packet loss through UUNET,
  but some look fine.  Ticket opened with UUNET.
c) overloaded routers   - CPU load looks fine. One report of high latency
  on one of our cour routers appears to be an
  anomaly.

FWIW, mtr output was the most useful for me in this case.


Thanks for the responses.

"The internet is slow"

2003-07-31 Thread Rick Ernst 


Gah.. I hate these kind of vague problems.

I have multiple users complaining about "the internet is slow"; specifically
to sites such as aol, cnn, amazon.  Our support folks are also having trouble
getting to postini's admin pages.  Things are excruciatingly slow.

I don't see any indications on router load, link utilization, bouncing routes,
etc. that jump up as obvious problems.

I tried using the lookingglass at algx.net, but I'm getting null responses for
all requests (ping, traceroute and BGP).  I'm not, however, seeing any issues
with traceroute servers getting to us.

Anybody know of anything broken anywhere? I don't think the problem is us, but
if somebody would like to respond off-list with any oddities you may see with
AS6423, and/or traceroutes to 206.103.37.166, I'd appreciate it.

Thanks,
Rick

Protecting inbound interfaces (re: Cisco exploit)

2003-07-18 Thread Rick Ernst 


Is there a way to globally protect all inbound interfaces on a router via ACL
(specifically hundreds of frame/sub-interfaces) without applying the same ACL
to each individual interface?

Is the "line vty" config only for telnet/ssh, etc. or is it the magic global
that I'm looking for?

I'd post this on inet-access but this is where the conversation is taking
place.

Thanks,
Rick

Re: AS-Tree Utility

2003-06-27 Thread Rick Ernst 


I've been asked twice off-list;  here's the implentation I found:

http://www.research.att.com/sw/tools/graphviz/


On Fri, 27 Jun 2003, steve uurtamo wrote:

:>
:>> I'm curious if anyone could point me to a utility for AS-Tree mapping from a
:>> routing table output?  I searched the archive a bit, and didn't find
:>> anything.
:>
:>you could use dot (directed graphs drawing program -- free) after a
:>little bit of sed on the route table output.  about 10 minutes of
:>work, and the output is really, really pretty.
:>
:>s.
:>

Re: AS-Tree Utility

2003-06-27 Thread Rick Ernst 



Wow.  First I've heard of this.

Repeat... "Wow" :)

I took our 3 feeds and munged that data, then started playing with "how is
so-n-so connected".  Pretty/interesting, and possibly even useful.



On Fri, 27 Jun 2003, steve uurtamo wrote:

:>
:>> I'm curious if anyone could point me to a utility for AS-Tree mapping from a
:>> routing table output?  I searched the archive a bit, and didn't find
:>> anything.
:>
:>you could use dot (directed graphs drawing program -- free) after a
:>little bit of sed on the route table output.  about 10 minutes of
:>work, and the output is really, really pretty.
:>
:>s.
:>

Re: Latency generator?

2003-06-25 Thread Rick Ernst 


FreeBSD and DUMMYNET?

On Wed, 25 Jun 2003, Temkin, David wrote:

:>Does anyone know of any free, cheap, or potentially rentable latency
:>generators?  Ideally I'd like something that just sits between two ethernet
:>devices to induce layer 2/3 latency in traffic, but am open to any
:>options...
:>
:>
:>
:>David Temkin
:>S-I-G
:>401 City Avenue
:>Bala Cynwyd, PA 19004
:>http://www.sig.com 
:>
:>
:>
:>IMPORTANT:The information contained in this email and/or its attachments is
:>confidential. If you are not the intended recipient, please notify the
:>sender immediately by reply and immediately delete this message and all its
:>attachments.  Any review, use, reproduction, disclosure or dissemination of
:>this message or any attachment by an unintended recipient is strictly
:>prohibited.  Neither this message nor any attachment is intended as or
:>should be construed as an offer, solicitation or recommendation to buy or
:>sell any security or other financial instrument.  Neither the sender, his or
:>her employer nor any of their respective affiliates makes any warranties as
:>to the completeness or accuracy of any of the information contained herein
:>or that this message or any of its attachments is free of viruses.
:>
:>
:>

69/8 revisited

2003-03-19 Thread Rick Ernst 



We were just allocated a /17 out of 69/8.  With all off the recent traffic on
69/8 reachability problems, I asked ARIN if the allocation could come from a
different block.

Their answer was basically that 69/8 (only) is where they are allocating from
and that "from reading NANOG, it appears that much of the problem has been
resolved."

I haven't seen any updated information that 69/8 is now working for people.
Is everyone just quiet about it, or have filters actually been updated making
this a non-issue?

Thanks,
Rick