Researchers ping through first full 'Internet census' in 25 years
I guess no one told them that someone might consider this an attack? I have set up detectors where pinging consecutive honeypot ip addresses results in the source IP address being blacklisted for a day or two. Researchers ping through first full 'Internet census' in 25 years No door-to-door canvassing here: This census involved the direction of some 3 billion pings toward 2.8 billion allocated Internet addresses from three machines over the course of two months. http://www.networkworld.com/community/node/20390?netht=101107dailynews2nladname=101107dailynews or http://tinyurl.com/37fgua The press release is located at http://www.isi.edu/news/news.php?story=178
Re: For want of a single ethernet card, an airport was lost ...
Suresh Ramasubramanian wrote: ... Well, if it is a mess of legacy equipment in there .. there's a high chance that everything is connected to a hub, and the faulty network card was flooding the network and causing collisions. ... Even more horrible thought: Maybe it was token ring
Re: Why do we use facilities with EPO's?
John C. A. Bambenek wrote: Funny story about that and the EPO we have here... ... Story #1 Many years ago, the safety department for my employer made a big stink over the fact that the EPO hadn't been tested in a couple of years. We scheduled an outage window, shut everything down. The facilities guy pressed the magic big RED button and NOTHING! Tracing the problem back, there was a blown fuse in the EPO circuit because a wire had shorted. A real safe design! Story #2 Every few years the EPO buttons would change. First they were the ones with the metal ring around the button that protects against accidental pushing. Then we would get the mushroom button because it was safer. Invariably someone would trip it and they would change them back. I think some guy made some money submitting suggestions to change the button every few years.
Hackers hit key Internet traffic computers
Its amazing how reporters has to butcher technology information to make it understood by their editors http://www.cnn.com/2007/TECH/internet/02/06/internet.attacks.ap/index.html?eref=rss_topstories
Re: broken DNS proxying at public wireless hotspots
Trent Lloyd wrote: On Sat, Feb 03, 2007 at 09:22:30PM -0800, Lasher, Donn wrote: If so, how do you configure your client operating system of choice to use the novel, un-proxied ports instead of using port 53? * Set up the profile, to your house/work/etc, of your favorite SSH client to forward port 53 local to port 53 on your remote machine. snip Same type of config works great for HTTP (with squid, and browser proxy settings) etc.. The flaw here is that DNS operates over 53(UDP), last time I checked SSH doesn't do UDP port forwarding? Cheers, Trent Looks like someone already has this exact case figured out http://zarb.org/~gc/html/udp-in-ssh-tunneling.html
Is the sky failling?
An article from CNN on IPV6 and how the US will be hurt because its falling behind http://money.cnn.com/2006/11/03/technology/fastforward_ipv6_networking.fortune/index.htm?postversion=2006110317
time.nist.gov
time.nist.gov (192.43.244.18) seems to be down. I tired it via several different paths. I can't find any notice that this is a planned event. Does anyone have any further info? Roy
Re: Broadband ISPs taxed for generating light energy
[EMAIL PROTECTED] wrote: .. Sounds reasonable to me. Since the sale of energy is usually measured in kilowatt-hours, how many kwh of energy is transmitted across the average optical fibre before it reaches the powereda mplifier in the destination switch/router? I'd like to see some hard numbers on this. The light shining down optical fibres is laser light. There exist medical devices which are powered by laser light shining through the tissues. There are also some types of satellite devices which can receive power from ground-based laser beams. The crux of this issue is the actual measurement of power transmitted which will turn out to be very small. --Michael Dillon A Cisco ZX GBIC produces a max of 4.77 dBm (or less than 4mw). 4mw corresponds to 35 watt hours in one year. However, since the customer must beam back light as part of the exchange then you must track the number of pulses in both directions and determine the difference. Some days the customer gets more energy and some days it doesn't. That should affect the tax.
Re: APC Matrix 5000 question(s)
[EMAIL PROTECTED] writes: I've had this APC Matrix 5000 with 3 XR battery packs for almost 6 years Do you have the little telephone cables connecting the battery packs properly connected? Does the UPS think is has three cells? If no to these questions, it could indicate why the UPS doesn't show bad batteries. There are also little red bad battery lights on each cell that are powered by the telephone cable. Also one other thing. There is a special procedure for resetting the bad battery lights on the cells. Its a real pain. Roy
Re: Who wants to be in charge of the Internet today?
Scott Weeks wrote: - Original Message Follows - From: Sean Donelan [EMAIL PROTECTED] The U.S. is poorly prepared for a major disruption of the Internet, according to a study that an influential group Wow! They mean the internet backbone might break? We better shore up that puppy and warn the tier 1 folks... ;-) scott The levees will break and you will be flooded. You do have an Internet evacuation plan don't you? That is where you make all your lines outbound and move your bits to higher ground.
Re: Wiltel has gone pink.
Jo Rhett wrote: This morning we have started receive an abundance of spam from Wiltel customers, pointing boldly back to websites hosted in Wiltel space. OrgAbuseHandle: WAC18-ARIN OrgAbuseName: Wiltel Abuse Contact OrgAbusePhone: +1-918-547-2000 OrgAbuseEmail: [EMAIL PROTECTED] Messages to [EMAIL PROTECTED] are being rejected. This phone number goes to their conferencing group, which doesn't know what 'abuse' is, or even what an IP network is. I went through 4 levels of management, and was informed that they no longer had an abuse team -- that this was disbanded in a recent reorganization. In short, it would appear that Wiltel is now selling pink contracts. WilTel's abuse department has long been MIA. I never even got an acknowledgment from them much less getting the problem fixed. The only difference now is that they are bouncing the messages rather than dev-nulling them They also don't believe in edge filtering.. Here are some stats for today 10 deny ip 0.0.0.0 1.255.255.255 any (111 matches) 20 deny ip 2.0.0.0 0.255.255.255 any (97 matches) 30 deny ip 5.0.0.0 0.255.255.255 any (102 matches) 40 deny ip 7.0.0.0 0.255.255.255 any (106 matches) 50 deny ip 10.0.0.0 0.255.255.255 any (6487 matches) 60 deny ip 23.0.0.0 0.255.255.255 any (120 matches) 70 deny ip 27.0.0.0 0.255.255.255 any (126 matches) 80 deny ip 31.0.0.0 0.255.255.255 any (107 matches) 90 deny ip 36.0.0.0 1.255.255.255 any (1458 matches) 100 deny ip 39.0.0.0 0.255.255.255 any (137 matches) 110 deny ip 42.0.0.0 0.255.255.255 any (127 matches) 120 deny ip 49.0.0.0 0.255.255.255 any (146 matches) 130 deny ip 50.0.0.0 0.255.255.255 any (124 matches) 140 deny ip 77.0.0.0 0.255.255.255 any (138 matches) 150 deny ip 78.0.0.0 1.255.255.255 any (243 matches) 160 deny ip 92.0.0.0 3.255.255.255 any (868 matches) 170 deny ip 96.0.0.0 15.255.255.255 any (2754 matches) 180 deny ip 112.0.0.0 7.255.255.255 any (1896 matches) 190 deny ip 120.0.0.0 0.255.255.255 any (337 matches) 200 deny ip 169.254.0.0 0.0.255.255 any (744 matches) 210 deny ip 172.16.0.0 0.15.255.255 any (827 matches) 220 deny ip 173.0.0.0 0.255.255.255 any (150 matches) 230 deny ip 174.0.0.0 1.255.255.255 any (870 matches) 240 deny ip 176.0.0.0 7.255.255.255 any (3860 matches) 250 deny ip 184.0.0.0 3.255.255.255 any (765 matches) 260 deny ip 192.0.2.0 0.0.0.255 any 270 deny ip 192.168.0.0 0.0.255.255 any (873 matches) 280 deny ip 197.0.0.0 0.255.255.255 any (127 matches) 290 deny ip 198.18.0.0 0.1.255.255 any 300 deny ip 223.0.0.0 0.255.255.255 any (121 matches) 310 deny ip 224.0.0.0 31.255.255.255 any Maybe Level3 can straighten some of it out. Roy Engehausen
Re: is this like a peering war somehow?
Michael Painter wrote: From: Doug Marschke [EMAIL PROTECTED] Subject: RE: is this like a peering war somehow? If something like the slingbox catches on www.slingmedia.com From the sling community forum: Hello before yall get to excited about verizon it looks like they are cancelling users who use too much bandwith. Unlimited NationalAccess/BroadbandAccess services cannot be used (1) for uploading, downloading or streaming of movies, music or games, (2) with server devices or with host computer applications, including, but not limited to, Web camera posts or broadcasts, automatic data feeds, Voice over IP (VoIP), automated machine-to-machine connections, or peer-to-peer (P2P) file sharing, or (3) as a substitute or backup for private lines or dedicated data connections. I believe those are the rules for Verizon Wireless and not for Verizon DSL etc. Verizon Wireless and Verizon are actually separate. Roy
DOS attack against DNS?
I just started seeing thousands of DNS queries that look like some sort of DOS attack. One log entry is below with the IP obscured. client xx.xx.xx.xx#6704: query: z.tn.co.za ANY ANY +E When you look at z.tn.co.za you see a huge TXT record. Is anyone else seeing this attack or am I the lucky one? Is this a known attack? Roy
Re: Sprint Problems?
Crist Clark wrote: Having trouble getting anything out of our Sprint rep. Rumors of fiber whack. Problems out here in San Jose, California and in Texas, Waco vicinity. Hard to say whether some of our problems over the rest of North America are related to Texas and California or more widespread. Voice and data problems. Anyone have better info on what, where, and resolution? No obvious problems here in Hollister, CA (40 mi south of San Jose). Roy
Re: Leap second reminder - Check your NTP
Kevin Day wrote: Last NTP spam: I'm by no means an NTP expert, if anyone else is, please pipe up. About 30 minutes before the leap second should have occurred, several of our systems reported xntpd[13742]: time reset 0.958385 s, which was really strange. They moved the wrong direction, and they did it early. Shortly after, those systems lost ntp association and began drifting. About 10 minutes after midnight all have regained sync. I wasn't checking things that early to see why, it's possible some of our NTP sources started disagreeing on what the correct time was, and would also match what other people have reported off-list, going back as far as 18 hours before midnight. Several public NTP sources are now indicating a leap second alarm (setting the leap bits to 11), which will cause most NTP clients to rule them out as a source. ntp-2.gw.uiuc.edu is an example: 130.126.24.44: Server dropped: Leap not in sync server 130.126.24.44, port 123 stratum 2, precision -19, leap 11, trust 000 refid [128.174.38.133], delay 0.03357, dispersion 0.00049 According to ntpdate, its clock seems to have stopped about 5 minutes before midnight, and hasn't yet recovered. Other NTP servers haven't cleared their today is a leap second day bit, which they should have by now. Some NTP implementations rule out servers that don't agree with what their master server thinks the leap second bits should be. My reading of the NTP spec says that at 00:00:00 the leap bits should have been returned to zero. Attempting to sync from one of these servers will produce a Next leap second occurs at 00:00:00.000 UTC Sun Jan 01 2006 message, but that should be harmless as long as they correct themselves a while before midnight. Still others have their clocks off by a significant amount(10+ minutes) and think they're still in sync, but since I started typing this email, they all have corrected themselves. While I can't say anything broke on our network as a result of the leap second, a good percentage of our gear lost NTP sync or had some kind of NTP problem around midnight UTC. You may want to check your NTP status at some point, in case something drifted quite a way off and won't step itself back now because the difference is too great. -- Kevin There is at least one stratum-1 server here on the West coast that my NTP says is now off by 1 second. Several stratum-2 are synced to it and are now off also. So checking servers might be a good idea Roy Engehausen
Akamai server reliability
Hi, Many moons ago, we got a set of Akamai servers. Over the years I think they replaced every one of them at least once. Last August we got a another set of servers due to a move and now two of those three servers have failed. I still have the original server that started garlic.com in production after 11+ years so I know servers can last a long time. I don't understand why Akamai failure rates are so high Is anyone else seeing high failure rates of Akamai servers at their facilities? Roy
Re: Networking Pearl Harbor in the Making
at shipping and receiving, where I got some curious looks. That evening, when we called the Cisco district manager and told him don't worry about it -- we gave them to Foundry for a credit, both my boss and I enjoyed the resulting shock and dismay. So sometimes, moving away from being a one-vendor shop can be relatively painless. Other than Cisco trying desperately to hold on to their exclusivity in this case, we didn't really have too many problems. The key was mutual trust within my organization, and the ability of each layer in it -- my network engineers, me, my boss, my CIO -- to trust the other layers and let them do their job*. -roy * No IT story is complete without an unhappy ending. A management shakeup resulted in the replacement of the CIO, who ended up replacing management with his own people. My replacement was a Cisco guy and they ended up ripping out perfectly functioning Foundry equipment to put Cisco back in there. Of course by then it wasn't my problem anymore, but I got to hear the grumblings from my guys over beers.
Re: cymru down?
On Mon, 31 Oct 2005, matthew zeier wrote: Unable to geto to www.cymru.com and 68.22.187.24 has been down for 5+ hours. Known issue? www.cymru.com resolves to 68.22.187.27 which is reachable from AS1103. Roy
Re: Bad IPv6 connectivity or why not to announce more specifics (Was: IPv6 news)
My box that gets IPv6 connectivity from Kewlio (set up via the SixXS tunnel broker) has a fairly short route which doesn't seem to go via Japan traceroute6 to time20.stupi.se (2001:440:1880:1000::20) from 2001:4bd0:202a::1, 64 hops max, 12 byte packets 1 gw-121.lon-01.gb.sixxs.net 3.484 ms 3.527 ms 3.978 ms 2 po6.712-IPv6-necromancer.sov.kewlio.net.uk 16.976 ms 4.536 ms 3.979 ms 3 sl-bb1v6-bru-t-4.sprintv6.net 55.976 ms 55.614 ms 54.972 ms 4 sl-bb1v6-sto-t-100.sprintv6.net 84.971 ms 82.604 ms 82.961 ms 5 * * * 6 2001:440:1880:1::2 97.992 ms 101.565 ms 109.964 ms 7 2001:440:1880:1::12 104.966 ms 105.651 ms 102.960 ms 8 2001:440:1880:1000::20 83.971 ms 84.650 ms 85.963 ms -bash-2.05b$ Though my other box (with connectivity via the BT Exact tunnel broker) goes via Japan... -bash-2.05b$ traceroute6 time20.stupi.se traceroute6 to time20.stupi.se (2001:440:1880:1000::20) from 2001:618:400::511d: 554, 64 hops max, 12 byte packets 1 tb-exit.ipv6.btexact.com 7.983 ms 8.759 ms 7.939 ms 2 uk6x-core-hopper-g0-2.ipv6.btexact.com 9.966 ms 7.892 ms 9.945 ms 3 ft-euro6ix-uk6x.ipv6.btexact.com 9.972 ms 9.899 ms 9.944 ms 4 Po3-2.LONBB3.London.opentransit.net 9.976 ms 9.910 ms 9.952 ms 5 So7-2-0.LONCR1.London.opentransit.net 39.963 ms 10.800 ms 8.944 ms 6 Po12-0.LONCR3.London.opentransit.net 9.975 ms 9.912 ms 9.944 ms 7 Po12-0.OAKCR2.Oakhill.opentransit.net 81.971 ms 81.858 ms 82.929 ms 8 Po5-0.PASCR3.Pastourelle.opentransit.net 141.972 ms 141.986 ms 167.906 ms 9 Po2-0.KITBB1.Kitaibaraki.opentransit.net 269.852 ms 269.712 ms 270.920 ms 10 Ge0-0-0.TKYBB4.Tokyo.opentransit.net 267.901 ms 267.842 ms Po1-3.TKYBB2.To kyo.opentransit.net 271.916 ms 11 Ge0-0-0.TKYBB4.Tokyo.opentransit.net 272.865 ms 2001:688:0:2:8::23 270.868 ms 269.056 ms 12 hitachi1.otemachi.wide.ad.jp 406.900 ms 404.830 ms 2001:688:0:2:8::23 272 .890 ms 13 hitachi1.otemachi.wide.ad.jp 408.073 ms 409.827 ms 410.849 ms 14 otm6-gate1.iij.net 257.918 ms 390.834 ms 286.880 ms 15 otm6-bb1.IIJ.Net 284.922 ms otm6-gate1.iij.net 259.766 ms 259.903 ms 16 plt001ix06.IIJ.Net 260.792 ms 263.903 ms otm6-bb0.IIJ.Net 259.808 ms 17 plt001ix06.IIJ.Net 266.909 ms plt001ix06.IIJ.Net 266.716 ms 266.728 ms 18 sl-bb1v6-rly-t-22.sprintv6.net 333.883 ms 332.888 ms plt6-gate1.IIJ.Net 2 66.886 ms 19 sl-bb1v6-rly-t-22.sprintv6.net 339.748 ms sl-s1v6-nyc-t-1000.sprintv6.net 339.852 ms 338.706 ms 20 sl-bb1v6-sto-t-102.sprintv6.net 433.779 ms sl-bb1v6-sto-t-101.sprintv6.net 435.691 ms sl-bb1v6-nyc-t-1000.sprintv6.net 342.824 ms 21 sl-bb1v6-sto-t-101.sprintv6.net 439.739 ms 2001:7f8:d:fb::34 526.720 ms 4 54.105 ms 22 2001:7f8:d:fb::34 461.876 ms 459.004 ms 459.913 ms 23 2001:440:1880:1::2 456.849 ms 2001:440:1880:1::12 454.025 ms 454.121 ms 24 2001:440:1880:1000::20 436.766 ms 434.023 ms 2001:440:1880:1::12 462.884 ms -bash-2.05b$
Re: Overview: (What If?) ccTLD Delegation Question
Roland You could also try asking the Isle of Man (.im) Guernsey Roland (.gg) and Jersey (.je) how they managed to get a ccTLD Roland without being an ISO country. They got their domains under the old rules, by being a region that the Universal Postal Union had allocated a region code to. These codes are not ISO3166 country codes, but they are reserved within ISO3166. This isn't possible under the current rules. -roy
Re: [Pr-plan] Public-Root resolution problems and UNIDT (fwd)
On Fri, 30 Sep 2005, Peter Dambier wrote: Statement of the Official Public-Root Representative Public-Root resolution problems I in my capacity as the Official Public-Root Representative and whistle-blower, asked Peter Dambier to publish to NANOG a notice that the Public-Root had fractured. Namely, the root in Ankara operated by Celep Bahadir who is also the UNIDT (www.unidt.com) representative to Turkey and the Middle East. There was an attempt by UNIDT to start a new root system called the United-Root. Attempts by Ankara to test this root on l.public-root.net at 195.214.191.125 resulted in a fracturing of the public-root network. The Ankara root injected a number of older records into the DNS resulting in false answers to queries. Ankara was also listing as root servers some DNS that pointed back to ICANN data and did not resolve the Public-Root. This was very unprofessional behavior on behalf of UNIDT resulting in a serious violation of their contractual obligations to the Public-Root. From Life of Brian, scene 7. BRIAN: Are you the Judean People's Front? REG: Fuck off! BRIAN: What? REG: Judean People's Front. We're the People's Front of Judea! Judean People's Front. Cawk. FRANCIS: Wankers. BRIAN: Can I... join your group? REG: No. Piss off. BRIAN: I didn't want to sell this stuff. It's only a job. I hate the Romans as much as anybody. PEOPLE'S FRONT OF JUDEA: S. S. Shhh. Shh. S. REG: Schtum. JUDITH: Are you sure? BRIAN: Oh, dead sure. I hate the Romans already. REG: Listen. If you really wanted to join the P.F.J., you'd have to really hate the Romans. BRIAN: I do! REG: Oh, yeah? How much? BRIAN: A lot! REG: Right. You're in. Listen. The only people we hate more than the Romans are the fucking Judean People's Front. P.F.J.: Yeah... JUDITH: Splitters. P.F.J.: Splitters... FRANCIS: And the Judean Popular People's Front. P.F.J.: Yeah. Oh, yeah. Splitters. Splitters... LORETTA: And the People's Front of Judea. P.F.J.: Yeah. Splitters. Splitters... REG: What? LORETTA: The People's Front of Judea. Splitters. REG: We're the People's Front of Judea! LORETTA: Oh. I thought we were the Popular Front. REG: People's Front! C-huh. FRANCIS: Whatever happened to the Popular Front, Reg? REG: He's over there. P.F.J.: Splitter! GOLIATH: [pant pant pant] Ooh. Ooh. I-- I think I'm about to have a... cardiac arrest. Ooh. Ooh. SPECTATOR: Absolutely dreadful. Hmm. CROWD: [cheering] REG: Yes, brother! Ha ha. What's your name? BRIAN: Brian. Brian Cohen. REG: We may have a little job for you, Brian. Roy
Life of Brian, was Re: [Pr-plan] Public-Root resolution problems and UNIDT (fwd)
On Fri, 30 Sep 2005, Peter Dambier wrote: Statement of the Official Public-Root Representative Public-Root resolution problems I in my capacity as the Official Public-Root Representative and whistle-blower, asked Peter Dambier to publish to NANOG a notice that the Public-Root had fractured. Namely, the root in Ankara operated by Celep Bahadir who is also the UNIDT (www.unidt.com) representative to Turkey and the Middle East. There was an attempt by UNIDT to start a new root system called the United-Root. Attempts by Ankara to test this root on l.public-root.net at 195.214.191.125 resulted in a fracturing of the public-root network. The Ankara root injected a number of older records into the DNS resulting in false answers to queries. Ankara was also listing as root servers some DNS that pointed back to ICANN data and did not resolve the Public-Root. This was very unprofessional behavior on behalf of UNIDT resulting in a serious violation of their contractual obligations to the Public-Root. From Life of Brian, scene 7. BRIAN: Are you the Judean People's Front? REG: F*** off! BRIAN: What? REG: Judean People's Front. We're the People's Front of Judea! Judean People's Front. Cawk. FRANCIS: Wankers. BRIAN: Can I... join your group? REG: No. P*** off. BRIAN: I didn't want to sell this stuff. It's only a job. I hate the Romans as much as anybody. PEOPLE'S FRONT OF JUDEA: S. S. Shhh. Shh. S. REG: Schtum. JUDITH: Are you sure? BRIAN: Oh, dead sure. I hate the Romans already. REG: Listen. If you really wanted to join the P.F.J., you'd have to really hate the Romans. BRIAN: I do! REG: Oh, yeah? How much? BRIAN: A lot! REG: Right. You're in. Listen. The only people we hate more than the Romans are the f*ing Judean People's Front. P.F.J.: Yeah... JUDITH: Splitters. P.F.J.: Splitters... FRANCIS: And the Judean Popular People's Front. P.F.J.: Yeah. Oh, yeah. Splitters. Splitters... LORETTA: And the People's Front of Judea. P.F.J.: Yeah. Splitters. Splitters... REG: What? LORETTA: The People's Front of Judea. Splitters. REG: We're the People's Front of Judea! LORETTA: Oh. I thought we were the Popular Front. REG: People's Front! C-huh. FRANCIS: Whatever happened to the Popular Front, Reg? REG: He's over there. P.F.J.: Splitter! GOLIATH: [pant pant pant] Ooh. Ooh. I-- I think I'm about to have a... cardiac arrest. Ooh. Ooh. SPECTATOR: Absolutely dreadful. Hmm. CROWD: [cheering] REG: Yes, brother! Ha ha. What's your name? BRIAN: Brian. Brian Cohen. REG: We may have a little job for you, Brian. Regards, Roy
Re: Paul Vixie serving ORSN
On Fri, 30 Sep 2005, Paul Vixie wrote: I don't regard this as good, but note this from the ORSN FAQ: * Has ORSN additional TLDs like .DNS, .AUTO? No. ORSN is a Legacy Root and 100% compatible with ICANN's root zone. and Furthermore, no additional (alternative) top level domains will be added to the ORSN root-servers like ORSC, NEW.NET, public-root and other networks did it. It is *not* the same as what you've been advocating. indeed, it is not. anyone who shows fealty to the universal IANA namespace can count on my support. when i read the above FAQ, i volunteered the same hour. note that this is me acting personally, and not in my capacity as an employee of ISC or any other entity. As for why it's not good -- at least one query ('dig ns .') will yield different answers, this is the other reason why i took an interest in ORSN. the trinity of ICANN/VeriSign/US-DoC has spent far more good will than they've brought in, and many folks around the world seem now to be looking for ways to take their fate in their own hands. ORSN shows fealty to the universal IANA namespace, and edits the . NS RRset of their zone only because there is no other way to accomplish their independence goals. by helping them, i can learn more about how this works out in practice. by operating a server, i can measure and contemplate the traffic. I don't get this. You pretend there is a difference between ICANN/VeriSign/US-DoC and universal IANA namespace. They are one and the same. If you trying to seperate the infrastructure from the namespace, imho the infrastructure _is_ independent. I don't see ISC nor RIPE getting approval from ICANN/VeriSign/US-DoC whenever they deploy a new any-cast instance of a root-server, and prolly because there is no such requirement. So that argument is out the door. Anyway, let me attach a response I send last year about ORSN. The stats may be a little out of date, but the general tone is still valid. Regards, Roy Date: Wed, 13 Oct 2004 13:20:50 +0200 (CEST) From: Roy Arends [EMAIL PROTECTED] To: Stephane Bortzmeyer [EMAIL PROTECTED] Cc: Yiorgos Adamopoulos [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [dns-wg] Re: ORSN-SERVERS.NET On Wed, 13 Oct 2004, Stephane Bortzmeyer wrote: On Wed, Oct 13, 2004 at 10:28:57AM +0200, Roy Arends [EMAIL PROTECTED] wrote a message of 19 lines which said: Please read RFC 2826 Please read about ORSN (http://european.nl.orsn.net/faq.php#opmode). ORSN is *not* an alternative root. I did. It is an alternative root, since it is not sanctioned nor supported by ICANN. The main reason for the ORSN is outlined in the about page at their site. IMHO, their reasons (a lesser dependency on non-european instances of authoritative root-servers, but correct me if I'm wrong) are less valid nowadays, since some of the ICANN root-server operators chose to use anycast as a viable means to spread the load on the root-zone. f.root-servers.net: 26 sites, (5 in EU, 4 in US) i.root-servers.net: 17 sites, (11 in EU, 2 in US) j.root-servers.net: 13 sites, (3 in EU, 7 in US) k.root-servers.net: 6 sites, (5 in EU and 1 in Qatar) m.root-servers.net: 3 sites, (1 in EU) The rest of roots: 11 sites in US. In total 76 instances of a root-server of which are 25 in the EU, 26 in the US, and 50 outside EU/US. And this network is growing and growing. I can recommend any organisation who has the resources (skill and infrastructure) that would like to help to spread the load of the root-servers to contact the anycast-enabled root operators (ISC, Autonomica/Nordunet, RIPE). In comparison, there are 13 ORSN servers based in europe, of which are 2 unused, and 1 has errors. I do understand the effort ORSN is trying to make. If it is to spread load and create less dependency, they are obviously not up to par with the ICANN root-server network. If they effort is merely a political protest, that is a different layer I know nothing about. Roy
Re: Paul Vixie serving ORSN
On Fri, 30 Sep 2005, Paul Vixie wrote: # It is *not* the same as what you've been advocating. # # indeed, it is not. ... # # I don't get this. You pretend there is a difference between ICANN / VeriSign # / US-DoC and universal IANA namespace. They are one and the same. you must have misread me. see http://fm.vix.com/ today. I've read it. Twice now. I'd like some help on what part I've misread ? I don't think the independence argument holds, as explained by my previous message, therefor, one of ORSN's main argument: resilience; How is the community served better by converging from a set of 75+ roots deployed worldwide to a set of 13 roots european based. Or are you trying to give US based ORSN clients better proximity :) Roy
Re: Paul Vixie serving ORSN
On Fri, 30 Sep 2005, Paul Vixie wrote: # you must have misread me. see http://fm.vix.com/ today. # # I've read it. Twice now. I'd like some help on what part I've misread ? i'm indifferent to their reasons, as long as they don't add any new TLD's... I understood that you're indifferent to _their_ reasons. I'm curious about _your_ reasons. Solely to learn and for the stats? I couldn't deduct that from fm.vix.com. Roy
Re: Anyone seen 172.15/16 lately?
172.16/12 is RFC1918 space Mark Boolootian wrote: Can anyone tell me to whom 172.15/16 is allocated? IANA says 172/8 May 93 Various Registries but checks with ARIN, RIPE, APNIC, AFRNIC, and LACNIC don't show anything. gr33tz to Team Furry!! mb --- Mark BoolootianUC Santa Cruz Dislaimer: Any operational content in this email is intentional
Re: Turkey has switched Root-Servers
On Tue, 27 Sep 2005, Peter Dambier wrote: Here is the birth of a new root-server system: What does Turkey have to do with this ? Roy
mail service with no mx (was - Re: Computer systems blamed for feeble hurricane response?)
william(at)elan Could you elaborate on how firewall will william(at)elan determine if the connection is from mail server william(at)elan or from telnet on port 25? Perhaps because most telnet clients will attempt telnet option negotiation? If so one could avoid this by using a client such as netcat... -roy
LA power outage?
Google News is your friend Major power outage hits Los Angeles http://today.reuters.com/investing/financeArticle.aspx?type=bondsNewsstoryID=URI:urn:newsml:reuters.com:20050912:MTFH66743_2005-09-12_20-24-41_N12366749:1
Re: What happened to root-server serial number?
Is the named.root file on ftp.internic.net defunct now then? Because it is dated 2004 and contains no records... -roy
Re: What happened to root-server serial number?
Roy == Roy Badami [EMAIL PROTECTED] writes: Roy Is the named.root file on ftp.internic.net defunct now then? Roy Because it is dated 2004 and contains no records... Though I don't see any records from any of the root servers...
Re: What happened to root-server serial number?
Roy Though I don't see any records from any of the root Roy servers... Sorry, I was mistaken, ignore that comment... -roy
Re: What happened to root-server serial number?
David == David Ulevitch [EMAIL PROTECTED] writes: David Nope. Not defunct. David Apples: http://www.internic.net/zones/named.root and David Oranges: http://www.internic.net/zones/root.zone Yeah, sorry, I'm being dumb. I'll go back to lurking now... -roy
Re: DSL Network Design Question
Jon Yeah. It definitely has ip classless and ip subnet-zero Jon in the config. Interesting, thanks. TBH, I really don't understand why Cisco have kept the classful support for this long... The bug you're seeing *must* be related to the code that implements classful, since in classless mode no code should be special casing octet boundaries at all, ever... Somehow I suspect no ip route-cache would fix it :-) Or perhaps even no ip cef... -roy
Re: IPv6 Address Planning
Iljitsch That's exactly the reason why the IETF has such a hard Iljitsch time moving forward: whatever way of abusing IP you can Iljitsch think of, someone is doing it today, and breaking that Iljitsch feature will gravely upset them. It's the age old Iljitsch battle between the irresistible force (progress) and the Iljitsch immovable object (users) I guess. And on that vein perhaps it's prudent for people using network prefixes longer than /64 to take care to ensure that the bit positions in the IPv6 address that should correspond to the u and g bits in the modified EUI-64 interface ID (according to RFC 3513) are both set to zero. -roy
Re: IPv6 Address Planning
Kevin Is there any known use for those bits? Not that I know of, but it seems dangerous to assume there never will be, and it's easy to avoid... -roy
Re: power strip with individually monitorable outlet current
Randy Bush wrote: The APCs (AP7901) are very nice. snmp and ftpable stats. They even do ssh! No individual per ports stats, and only to 1/10th amp. But no more popped circuit breakers from new servers. http://www.apc.com/resource/include/techspec_index.cfm?base_sku=AP7901 don't know the 7901, but i can sure vouch for the 7900 which joel recommended to me. it has saved me from using remote hands to whack a wedged server so many times. randy The 7900 is 15A while the 7901 is 20A. They are both part of a family of Rack PDUs. Roy Engehausen
Re: /8 end user assignment?
Joe Are things different in the RIPE region? Not in this part of the RIPE region (the UK). Dynamically assigned publicly routable IPv4 addresses are the norm for residential broadband services, though some providers offer static addressing as an option, I think a couple of low end services use NAT, and one small provider (that I'm aware of) offers IPv6. GPRS is invariably NATed IPv4 here, I think. As long as you're paying by the byte, it's not clear that you'd want a publicly routable address. -roy
Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter
Marlon just remember that not all networks use '126.255.255.255' Marlon as a broadcast address. there are non-broadcast networks Marlon where that address is a 'host' one. Surely the only networks on which this can be a host are: one using a /7 or shorter netmask a /31 (as per RFC3021) -roy
Re: NETGEAR in the core...
Suresh Ramasubramanian wrote: On 31/07/05, Janet Sullivan [EMAIL PROTECTED] wrote: As for linksys, the WRT54G is a neat little box, but I've never found a sveasoft or dd-wrt firmware that was rock solid. The linksys boxes sort of remind me of Windows - OK if you don't mind rebooting them once in awhile. ;-) I can recommend http://www.portless.net/menu/ewrt/ I am a fan of OpenWRT. http://www.openwrt.org I have a number of these deployed and use OpenVPN on them talking to OpenVPN running on SUSE in my facility. Seems to be very stable. Roy Engehausen
Re: Cisco and the tobacco industry
Geo Gee, it must be nice to be in the top 10% of the smart Geo people. Why don't you suggest Valdis aim for the top 5% and Geo figure out how Mr. Jeffrey I. Schiller manages to post using Geo debian PGP signed messages that don't appear as attachments? Having just taken a quick look, it appears the messages you like are just plain text with PGP markup, and the ones you don't are multipart/signed. IIRC correctly any unrecognized multipart subtype is supposed to be rendered as multipart/mixed, so you should see the message fine, though the signature will probably appear as an attachment. If you're seriously suggesting that all signing of messages should be done entirely in-band within a plain-text message then, well, I disagree... And so do Microsoft (IIRC they support S/MIME) -roy
Re: GSM gateways in the US?!?
Here is once such vendor of cellular-PSTN gateways, http://www.mobilecomms-technology.com/contractors/gsm/eurotech1/
Re: 'Call Before You Dig' Article
Curtis Doty wrote: This issue went national in March 2005 with the addition of a new N11 number for One Call notification. http://hraunfoss.fcc.gov/edocs_public/attachmatch/DOC-257293A1.pdf The new abbreviated number will be 811 and it looks like carriers are required to implement by April 2007--since it's been in the Federal Register for about a month now. http://www.access.gpo.gov/su_docs/fedreg/a050413c.html ../C But is it applicable to VOIP carriers? Roy Engehausen
Re: swamp space reachability
Marshall Eubanks wrote: ... Of course, just as new allocations to ARIN or RIPE are announced here, it may be a good idea to start announcing 2002-3 allocations as well. Regards Marshall Eubanks If they aren't on the bogon list then why announce them? Roy Engehausen
DNS Round Robin
Something I seem to have found and wonder if anyone else sees this. One of my users has been using round robin DNS to attempt to load balancing using two IP addresses. A query for www.whatever gives both addresses with a TTL of zero. One address is obviously less than the other numerically. Subsequent queries show alternating results where the first address given switches back and forth. This is the desired result. Here's where is goes weird. If I do the queries through a caching NS running bind 9.3.0, the order that the addresses is always the same with the lower one first which clearly defeats the purpose of the load balancing. If I specify rrset-order {order random;}; as an option in the caching NS then queries come back with random results. My theory is as follows. The query causes the caching NS to get the two answers but the software stores them in numerical order. The default for bind is to round-robin so it choses the first (and thus the lower IP address) as the first value. Since the TTL is zero, the software then discards the data so it never gets to select the second value in its robin robin scheme. Does this sound plausible? Has anyone else observed this? Is it a bug or a feature? Roy Engehausen
Positioning technology
GPS type technology that works indoors http://www.rosum.com/rosum_tv-gps_indoor_location_technology.html Roy Engehausen Robert Bonomi wrote: To: nanog@merit.edu Subject: Re: potpourri (Re: Clearwire May Block VoIP Competitors ) From: [EMAIL PROTECTED] Date: Fri, 1 Apr 2005 13:58:39 +0100 Why can't we have VoIP phones with built-in GPS receivers and a Because GPS doesn't work indoors.
Re: Positioning technology
Joel Jaeggli wrote: On Fri, 1 Apr 2005, Roy wrote: GPS type technology that works indoors http://www.rosum.com/rosum_tv-gps_indoor_location_technology.html the massive uhf antenna on your voip phone will be impressive. Its a great excuse to build TV and video into your VOIP phone. OR build VOIP into your TV set. Roy Engehausen
Re: Utah governor signs Net-porn bill
CNET's extract is wrong. The article states The measure, SB 260, says: Upon request by a consumer, a service provider may not transmit material from a content provider site listed on the adult content registry. Its entirely voluntary on the part of the consumer. Roy Engehausen Fergie (Paul Ferguson) wrote: C|Net: Utah's governor signed a bill on Monday that would require Internet providers to block Web sites deemed pornographic and could also target e-mail providers and search engines. http://news.com.com/Utah+governor+signs+Net-porn+bill/2100-1028_3-5629067.html?tag=nefd.top - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED]
Re: Utah considers law to mandate ISP's block harmful sites
You missed a very important line in the article: Internet providers in Utah must offer their customers a way to disable access to sites on the list or face felony charges. In other words you must provide a mechanism for a customer to opt-in to a filter. Doesn't sound illegal to force an ISP to provide a feature. Roy Christopher L. Morrow wrote: On Fri, 4 Mar 2005, Fergie (Paul Ferguson) wrote: The Utah governor is deciding whether to sign a bill that would require Internet providers to block Web sites deemed pornographic and that could also target e-mail providers and search engines. http://news.com.com/Utah+governor+weighs+antiporn+proposal/2100-1028_3-5598912.html?tag=nefd.top Someone might consider pointing them to the law from the state of PA that did similar things... Then point them at the overturning of that law.
Re: White House may make NSA the 'traffic cop' over U.S. computer networks
I think that puts HomeLand Security in the same category as Congress :-) Roy Engehausen [EMAIL PROTECTED] wrote: On Tue, 15 Feb 2005 16:44:27 EST, Brance Amussen :)_S said: The question... How soon before all AS owners passing *any* government traffic, will be required to install Homeland Security (NSA) taps? Even if the traffic is in transit to another AS.. Not all government agencies are on the NMCI. Somewhere along the line, they are going to say they need taps to maintain security *premeptive security* that is.. In the interest of Homeland Security I doubt it will be long.. Especially in light of *this* little gem: http://www.ombwatch.org/article/articleprint/2664/-1/315/ Congress Votes to Waive All Laws for Homeland Security » OMB Watch » Home » Regulatory Policy » In Congress » DHS Above the Law Published 02/10/2005 04:33 PM FOR IMMEDIATE RELEASE Contact: Robert Shull, (202) 234-8494 WASHINGTON (February 10, 2005)  The House of Representatives voted 243 to 179 today to reject an amendment that would have stripped section 102 from the ³REAL ID Act of 2005² (H.R. 418). The bill, as passed, would empower the Secretary of Homeland Security to waive any federal laws, without limit, in the course of building barriers along the nation¹s borders. This controversial, precedent-setting legislation received no hearings or extended debate prior to passage. The bill now moves to the Senate for consideration. The following is a statement by J. Robert Shull, Senior Regulatory Policy Analyst with OMB Watch. ³America is a nation founded on the rule of law, but apparently not when homeland security is involved. This is a license to waive any law, for any reason  or for no reason at all. ³If enacted, this bill would grant the Homeland Security Secretary unbridled authority to act however he sees fit, without consequence. His actions also would be exempt from judicial review, making him unaccountable to any authority. ³Laws that protect the environment, safeguard public health, ensure consumer and workplace safety, prevent unfair business practices, and ban discrimination  none of these laws, or any others, would apply to the Department of Homeland Security. ³No government agency should be above the laws that preserve America¹s democracy.²
RE: verizon.net and other email grief
While I can't speak to what Verizon is using, Both Exim and Postfix have the very same feature called address verification. Its in use at a number of ISPs. My systems reject 1000's of messages every day because of verification failures. Roy Engehausen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rich Kulawiec Sent: Friday, December 10, 2004 9:27 AM To: [EMAIL PROTECTED] Subject: Re: verizon.net and other email grief On Fri, Dec 10, 2004 at 02:43:21PM +, Simon Waters wrote: The most obvious is none of the three UK ISPs I have ready access to can connect to port 25 on relay.verizon.net. (MX for all the verizon.net email addresses). We can ping it (I'm sure it isn't singular?), but we have no more luck delivering email than contacting verizon technical staff, logs suggests we are in day 3 of this. I'm now listening to hold music at International rates - ouch. I think I can shine a little bit of light on what might be your Verizon problem. Summary: Verizon has put in place an exceedingly stupid anti-spam system which does not work, which facilitates DoS attacks, and which provides active assistance to spammers. Verizon has been told all of this, and it's been discussed on Spam-L. If there's been a response from Verizon, I haven't seen it: and AFAIK the practice continues. Anyone trying to deliver mail there might want to at least skim this to get an idea of the issues they may bump into. Please note that in places this is sketchy because it seems impossible to get Verizon to provide the information necessary to make it otherwise (or correct any errors). Details: When an incoming SMTP connection is made to one of Verizon's MX's, they allow it to proceed until the putative sender is specified, i.e. they wait for this part of the SMTP transaction: MAIL From:[EMAIL PROTECTED] Then they pause the incoming connection. And then they start up an outbound SMTP connection from somewhere else on Verizon's network, back to one of the MX's for example.com. They then attempt to verify that blah is a valid, deliverable address there. Since most people have long since disabled SMTP VRFY, they actually construct a fake message and attempt delivery with RCPT. If delivery looks like it's going to succeed, they hang up this connection (which is rude), and un-pause the incoming one, and allow it to proceed. If delivery looks like it's going to fail, then they also hang up their outbound connection (still rude), un-pause the incoming one, and reject the traffic. This also means that if the MX they try to connect to is (a) busy (b) down (c) unaware of all the deliverable addresses (d) something else, that they'll refuse the incoming message. It also means that if the address that's trying to send mail to Verizon is something like [EMAIL PROTECTED], which is the address that the people at Thule Racks emit support traffic from, but which doesn't accept traffic, that Verizon will deny the message. (Yeah, this isn't very bright on Thule's part, either.) Whoops. This is bad for a whole bunch of reasons: two of the more obvious ones are (a) it's a pathetic anti-spam measure because ANY forged address ANYWHERE will do, and (b) it doesn't scale. Add to that (c) it abuses RCPT because apparently Verizon is unwilling to use VRFY and to accept the decision of many mail server operators to disable it. Oh, and (d) the behavior of their probe systems is nearly indistinguishable from that of spam-spewing zombies, which don't obey the SMTP protocol either. [ (b) is also how it lends itself to DoS attacks. Sure, Verizon could rate-limit the rate at which they make outbound connections, but then attacker X could impose significant delay on mail from domain Y just by forging a boatload of messages purporting to be from addresses in Y to Verizon. If Verizon rate-limits their outbound connections, then any real messages from Y will be stuck in the verification queue along with a kazillion forgeries. And beyond that: other people are foolishly adopting this callback nonsense as well. Slashdot carried a note the other day about a program _designed_ to do this. This allows attacker X to forge messages from domain Y to idiots I1, I2... In, for a very large n, and then stand back as all of them simultaneously try to connect to the MX's for domain Y. General principle: any anti-spam measure that generates more junk SMTP traffic at a time when we're drowning in it is probably a bad idea. ] One thing that's not clear is whether or not Verizon caches any of this information. Doing so might help cut down on DoS attack methods that involve them, but of course it doesn't do anything about those which leverage everyone else who's doing callbacks. And this is unfortunately, not the end of it. A lot of people, including me, are blocking
RE: My yearly post about environmental monitoring devices
I was at a trade show yesterday and they had some interesting boxes for remote control. They don't meet your spec but someone might be interested. This box has serial and digital control connections but works via GPRS rather than Ethernet. Makes an interesting back door that could be independent of any other connections you have. http://www.atop.com.tw/e/product/SG6103.htm Roy Engehausen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Alex Rubenstein Sent: Wednesday, December 01, 2004 10:12 PM To: [EMAIL PROTECTED] Subject: My yearly post about environmental monitoring devices I'm sure if you peruse the archives, you'll see that I post about this about every year. The answer to your question is 'No, I haven't found what I am looking for yet.' However, the quest I am on is slightly different. I am looking for a device that meets the following criteria. a) Reasonably small. This probably wouldn't be rack mounted; it'd be wall mounted, desk mounted, celing mounted, etc. b) Powered by PoE. c) Is SNMPable over Ethernet. NOT RS232 or serial, or anything archaic like that. Not MODBUS. It's 2004, people. d) Provides Temperature and Humidity. e) Has 4 or so input contact sensors (connections to AC units, etc.) f) Has 4 or so output contact sensors. Help. -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
RE: The Cidr Report
You have jumped to the conclusion that a customer of the cable company is not multi-homed. Bad assumption. I can tell you that there are multihomed customers behind what you would normally think of as a cable company. Roy Engehausen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Christopher L. Morrow Sent: Friday, November 12, 2004 7:31 PM To: Randy Bush Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: The Cidr Report Of these listed 4 are cable companies, is there something in the cable modem networking that requires deaggregated routes beyond their borders? Is the problem that they might have seperate 'networks' for their regional parts and leak more specifics for these parts along with 'backup' routes via aggregates?
RE: Finding information about metro private line service in downtown SF
I have used PacBell's GIGAMAN service at a number of locations. Its basically managed fiber running GigE. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bill Garrison Sent: Wednesday, October 27, 2004 7:32 PM To: [EMAIL PROTECTED] Subject: Finding information about metro private line service in downtown SF Hello, I am investigating the options for linking up a new office to our (coincidentally) close datacenter in downtown San Francisco. Both locations are SOMA and within about 10 minutes walking of each other. Calling SBC provided me with a rather clueless person telling me all about ATM, Frame Relay and other options I don't want. To his credit, I believe I may have been defining what I want incorrectly. Since both areas are well within the same LATA (do people say that anymore?) I am simply looking for some sort of private line service be it fiber or copper. Who are the providers local to the area? Is there any way of finding what is in the ground around me? (I know UPN Networks is in between our offices so I am confident there is fiber or copper all around us.) What are the easiest options for this sort of thing? What kind of pricing might we be looking at? To give some perspective, we push a significant amount of bandwidth through our datacenter such that if the costs work out we would prefer a private line into our datacenter (for many reasons including cost, internet speed in the office, ability to have a backend entrance to our network for offsite backups, etc.). We would also then just setup a DSL line or T1 for emergencies/failover.[1] Please reply offlist, thanks for any insight, Bill [1]: Our alternative is too just get a T1 with a DSL for manual failover but piping into our datacenter would provide a substantial number of benefits. (this is a small office with about 10 people all of whom can handle cold-swapping to DSL if ever needed...)
Re: Finding information about metro private line service in downtown SF
Oops Forgot my Sig Roy Engehausen Roy wrote: I have used PacBell's GIGAMAN service at a number of locations. Its basically managed fiber running GigE. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Bill Garrison Sent: Wednesday, October 27, 2004 7:32 PM To: [EMAIL PROTECTED] Subject: Finding information about metro private line service in downtown SF Hello, I am investigating the options for linking up a new office to our (coincidentally) close datacenter in downtown San Francisco. Both locations are SOMA and within about 10 minutes walking of each other. Calling SBC provided me with a rather clueless person telling me all about ATM, Frame Relay and other options I don't want. To his credit, I believe I may have been defining what I want incorrectly. Since both areas are well within the same LATA (do people say that anymore?) I am simply looking for some sort of private line service be it fiber or copper. Who are the providers local to the area? Is there any way of finding what is in the ground around me? (I know UPN Networks is in between our offices so I am confident there is fiber or copper all around us.) What are the easiest options for this sort of thing? What kind of pricing might we be looking at? To give some perspective, we push a significant amount of bandwidth through our datacenter such that if the costs work out we would prefer a private line into our datacenter (for many reasons including cost, internet speed in the office, ability to have a backend entrance to our network for offsite backups, etc.). We would also then just setup a DSL line or T1 for emergencies/failover.[1] Please reply offlist, thanks for any insight, Bill [1]: Our alternative is too just get a T1 with a DSL for manual failover but piping into our datacenter would provide a substantial number of benefits. (this is a small office with about 10 people all of whom can handle cold-swapping to DSL if ever needed...)
RE: Earthquake in Northern California
Recomputed as a 5.9. Its in the Parkfield area which is fairly remote and one of the most studied segments of the San Andreas fault. http://quake.usgs.gov/research/parkfield/index.html http://quake.usgs.gov/recenteqs/Maps/Parkfield.htm As far as Internet access, there is very little. I don't think even DSL access is available in Parkfield. Roy Engehausen -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Dennis Dayman Sent: Tuesday, September 28, 2004 10:56 AM To: 'Nanog' Subject: Earthquake in Northern California 6.0 and we have had 47 small ones since the larger one... 160 miles south of SFO airport... Police and fire are reporting broken pipes and damage to streets. No idea about internet access... http://quake.wr.usgs.gov/recenteqs/Maps/120-36.htm -Dennis
RE: Email Complexes
I suggest you concentrate some resources in your abuse department. One charter IP address hit my firewall 1617 times so far today. Repeated complaints to [EMAIL PROTECTED] just get ignored. According to the local newspaper, my fellow citizens consider Charter the worst company in town. Roy -Original Message- From: [EMAIL PROTECTED] Sent: Tuesday, September 14, 2004 9:24 AM To: '[EMAIL PROTECTED]' Cc: '[EMAIL PROTECTED]' Subject: RE: Email Complexes Let me calrify, I work as a HSD Administrator for Charter Communications in their mail, news, web group. We want these accounts so that we can ensure email is going to the other complexes without a hitch. We would also monitor how long it would take email to go from our complex to the respective company's complex. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, September 14, 2004 9:18 AM To: Hosman, Ross Cc: '[EMAIL PROTECTED]' Subject: Re: Email Complexes On Tue, Sep 14, 2004 at 09:08:21AM -0500, Hosman, Ross wrote: I was wondering if anyone knew people at the following companies: AOL Yahoo Gmail MSN/Hotmail Cox Comcast Adelphia Earthlink Verizon i think most everyone knows someone at one or more of these companies. We would like accounts setup at these companies to monitor outgoing email to these complexes. If you know/are someone at one of these companies could you please contact me off list. accounts from each of these companies is easy to get. one does not need special privledges here, just the money to pay for the regular account fees. Ross Hosman HSD Administrator [EMAIL PROTECTED] 314-543-5823
RE: Campus size Wireless LAN
Not a direct answer but I can highly recommend Airaya http://www.airaya.com I have a number of their bridges operating including one of six miles. Roy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Eric Brown Sent: Wednesday, July 21, 2004 11:02 AM To: [EMAIL PROTECTED] Subject: Campus size Wireless LAN Anyone have experience with Proxim's tsunami quickbridge for wireless connectivity between buildings at line of site distances under 1 mile? It's cheaper than Cisco and looks good on paper. Looking for the good bad and ugly. Thanks in advance! -Eric
RE: xDSL hardware
COVAD does ADSL as well as SDSL, ISDL, and reach products -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Michel Py Sent: Tuesday, July 13, 2004 7:15 PM To: Charles Sprickman; [EMAIL PROTECTED] Subject: RE: xDSL hardware Charles Sprickman wrote: I found an ADSL card (WIC-1ADSL), but Covad is unable to tell us if this works with their dslams or not. I doubt it would, as the WIC-1ADSL does only ADSL, not SDSL and all the Covad I have seen so far is SDSL. However, there is a Single Port G.shdsl WAN Interface Card (WIC-1SHDSL-V2), the question is does Covad use G.SHDSL or old-style proprietary SDSL. There are some low-end Cisco routers such as the 828 that do G.SHDSL as well. I don't get why you need to be aware of the link status though, as the SDSL is your backup not your primary. If the SDSL was the primary and the backup was dial-on-demand ISDN I would understand, but not with a T1. Michel.
RE: Charter: host problem
It wouldn't matter. All of the notices I have sent to Charter were just ignored. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Hannigan, Martin Sent: Thursday, May 20, 2004 11:21 AM To: '[EMAIL PROTECTED]' Subject: Charter: host problem Charter, your abuse and security mailboxes are bouncing as unavailable. Can someone from Charter security or network please respond privately regarding a host issue at your customer TAIS in Asheville, NC? Thanks. -- Martin Hannigan (c) 617-388-2663 VeriSign(w) 703-948-7018 Network Enginer IV Operations Infrastructure [EMAIL PROTECTED]
Re: fwd: CiSCO IOS 12.* source code stolen
Babelfish translation of http://www.securitylab.ru/45221.html 15 May 2004 Leakage of the initial code CiScO IOS? As it became known SecurityLab, on 13 May, 2004, were stolen all initial codes of the operating system CISCO IOS 12.3, 12..3t, which is used in the majority of the net devices of company CISCO. The total volume of the stolen information is approximately 800Mb in the archive. According to the information available to us, the leakage of the fragments of the initial code occurred because of the breaking of the corporate network Cisco System. Representatives Cisco System thus far in no way comment on the occurred incident. Information flowed away from nobody man hearth no franz on # [EMAIL PROTECTED] IRC where it and granted the small part of the initial codes (about 2.5 mb.) as the proof. They are lined below on 100 first lines of the initial code of file ipv6_.tcp.c and ipv6_.discovery_.test.c. Information granted DHG ipv6_.discovery_.test.c - Neighbor Discovery unit tests. ipv6_.tcp.c - IP version 6 support functions for TCP At 16:21 05/15/2004, John Kinsella wrote: For those not on bugtraq...I can't hit securitylab.ru, so would be curious if anybody has more info or confirmation... John - Forwarded message from Alexander Antipo [EMAIL PROTECTED] - From: Alexander Antipo [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: CiSCO IOS 12.* source code stolen Date: Sat, 15 May 2004 22:49:50 +0400 X-Mailer: Microsoft Office Outlook, Build 11.0.5510 More information (in Russian, of course) and some little stolen code can be found here: http://www.securitylab.ru/45221.html - End forwarded message -
RE: remote reboot power strips
We use a number of both the APC Masterswitch and the WTS NPS-115 with good results. I don't think either of them have had a failure. Roy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Christopher J. Wolff Sent: Monday, April 19, 2004 8:24 AM To: 'nanog list' Subject: remote reboot power strips Hello, Last time I researched remote reboot power strips it seemed like most of the power strips were garbage. Any recommendations for a solid performer would be appreciated. Thank you. Regards, Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com
RE: Open, anonymous services and dealing with abuse
Well they accept mail at [EMAIL PROTECTED] but they certainly don't do anything about it. I have sent numerous complaints to that address with absolutely nothing happening to fix the problem. The address is a black hole. Roy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Turpin Sent: Tuesday, February 17, 2004 9:56 AM To: [EMAIL PROTECTED] Subject: Re: Open, anonymous services and dealing with abuse On Mon, 16 Feb 2004, Daniel Reed wrote: paid regularly, or their budgets are kept low, etc. Many will have RFC 2142 contacts, but appear to discard incoming mail. Some, such as Charter Communications, do not even have these mandatory addresses (mail is not accepted for [EMAIL PROTECTED]). while they do not conform to the RFC, they receive accept mail at/for [EMAIL PROTECTED] [This would be the domain w/o outsourced MX...] And on the other hand, it is the CDC that would perform an outbreak isolation, not the restaurant staff. You're talking about a concerted effort. So far, I haven't seen the levels of cooperation between providers that is required. I'm all for everyone holding hands and squashing out issues. But until you get past the isolationist mindset (you must be sick of me saying that by now) good luck... I think we're both in agreement that until * starts saying If I don't stop this today, it will hurt me tomorrow, that the cooperation required to address and stop these issues will be nil. -mark
RE: Open, anonymous services and dealing with abuse
1700+ attempts from one IP address to send mail today via one of my servers. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Nicole Sent: Tuesday, February 17, 2004 12:25 PM To: [EMAIL PROTECTED] Cc: Mark Turpin; Roy Subject: RE: Open, anonymous services and dealing with abuse Well at least they are somewhat DNS responsible in that they seperate their user IP space well. SO that it can be blocked. the really annoying ISPS's use stupid things like DSL1234.isp.com And such. Of course doing this does block those 1 in 100 people runing a server on their DSL line and not requesting a reverse DNS change. la.charter.com 550 NO Mail Accepted From DSL va.charter.com 550 NO Mail Accepted From DSL mn.charter.com 550 NO Mail Accepted From DSL ga.charter.com 550 NO Mail Accepted From DSL ct.charter.com 550 NO Mail Accepted From DSL ma.charter.com 550 NO Mail Accepted From DSL ca.charter.com 550 NO Mail Accepted From DSL wi.charter.com 550 NO Mail Accepted From DSL al.charter.com 550 NO Mail Accepted From DSL sc.charter.com 550 NO Mail Accepted From DSL tx.charter.com 550 NO Mail Accepted From DSL nc.charter.com 550 NO Mail Accepted From DSL Nicole On 17-Feb-04 Unnamed Administration sources reported Roy said : Well they accept mail at [EMAIL PROTECTED] but they certainly don't do anything about it. I have sent numerous complaints to that address with absolutely nothing happening to fix the problem. The address is a black hole. Roy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Mark Turpin Sent: Tuesday, February 17, 2004 9:56 AM To: [EMAIL PROTECTED] Subject: Re: Open, anonymous services and dealing with abuse On Mon, 16 Feb 2004, Daniel Reed wrote: paid regularly, or their budgets are kept low, etc. Many will have RFC 2142 contacts, but appear to discard incoming mail. Some, such as Charter Communications, do not even have these mandatory addresses (mail is not accepted for [EMAIL PROTECTED]). while they do not conform to the RFC, they receive accept mail at/for [EMAIL PROTECTED] [This would be the domain w/o outsourced MX...] And on the other hand, it is the CDC that would perform an outbreak isolation, not the restaurant staff. You're talking about a concerted effort. So far, I haven't seen the levels of cooperation between providers that is required. I'm all for everyone holding hands and squashing out issues. But until you get past the isolationist mindset (you must be sick of me saying that by now) good luck... I think we're both in agreement that until * starts saying If I don't stop this today, it will hurt me tomorrow, that the cooperation required to address and stop these issues will be nil. -mark -- |\ __ /| (`\ | o_o |__ ) ) // \\ - [EMAIL PROTECTED] - Powered by FreeBSD - -- Daemons will now be known as spiritual guides -Politically Correct UNIX Page Great places... http://www.nonsenseband.com - My Band http://www.picturetrail.com - Sysadmin http://www.mediatechnique.com - Sysadmin2
RE: Bandwidth Control Question
Title: Bandwidth Control Question Why waste a T3 port. Run ethernet if they are that close. Don't overlook the benefit of using the old thin-net for 200m. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Claydon, TomSent: Friday, December 19, 2003 7:26 AMTo: '[EMAIL PROTECTED]'Subject: Bandwidth Control Question Hello, A customer of ours in the next building would like 6M of Internet bandwidth from us, so we would wire a DS3 between the two buildings for connectivity. The question is: how to we control the amount of bandwidth that we give them? Could we use rate limiting to contain the bandwdith to 6M, our would we need to get external IDSU's to do that? Note: we have a Cisco 7206VXR router on our end. The customer has a Cisco 7513. Thanks, = TC -- Tom Claydon, IT/ATM Network Engineer Dobson Telephone Company phone: (405) 391-8201 cell: (405) 834-0341
RE: Bandwidth Control Question
Title: Message Wireless is fine too. I use Airaya (http://www.airaya.com). You can get a pair of radios capable of 35mbps for $999. I have them working over 6 miles -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]Sent: Friday, December 19, 2003 8:49 AMTo: [EMAIL PROTECTED]; [EMAIL PROTECTED]; [EMAIL PROTECTED]Subject: RE: Bandwidth Control Question Or wireless. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of RoySent: Friday, December 19, 2003 11:30 AMTo: Claydon, Tom; [EMAIL PROTECTED]Subject: RE: Bandwidth Control Question Why waste a T3 port. Run ethernet if they are that close. Don't overlook the benefit of using the old thin-net for 200m. -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]On Behalf Of Claydon, TomSent: Friday, December 19, 2003 7:26 AMTo: '[EMAIL PROTECTED]'Subject: Bandwidth Control Question Hello, A customer of ours in the next building would like 6M of Internet bandwidth from us, so we would wire a DS3 between the two buildings for connectivity. The question is: how to we control the amount of bandwidth that we give them? Could we use rate limiting to contain the bandwdith to 6M, our would we need to get external IDSU's to do that? Note: we have a Cisco 7206VXR router on our end. The customer has a Cisco 7513. Thanks, = TC -- Tom Claydon, IT/ATM Network Engineer Dobson Telephone Company phone: (405) 391-8201 cell: (405) 834-0341
RE: Bandwidth Control Question
Media converters are much cheaper than specialized FX cards like these. A 10Mbps converters are just $99 each and 100Mbps is $150. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Stephen Sprunk Sent: Friday, December 19, 2003 10:13 AM To: Claydon, Tom Cc: North American Noise and Off-topic Gripes Subject: Re: Bandwidth Control Question Thus spake Claydon, Tom [EMAIL PROTECTED] Yep. There's plenty of fiber between the two buildings, so we may go that route. Anyone know if there's any easy way to limit bandwidth on the PA-POS-OC3 adapters? PA-POS-OC3MM$6000/card$38.71/Mbit PA-FE-FX$3200/card$32.00/Mbit PA-2FE-FX$5000/card$25.00/Mbit Why muck with SONET unless necessary? Sounds like another job for rate limiting to me... Yes. ! policy-map 6Mb-customer class class-default police 6144 ! interface foo service-policy input 6Mb-customer service-policy output 6Mb-customer ! S Stephen Sprunk God does not play dice. --Albert Einstein CCIE #3723 God is an inveterate gambler, and He throws the K5SSSdice at every possible opportunity. --Stephen Hawking
RE: 4.5 magnitude earthquake in VA
Ho hum... 4.5 barely wakes you up. http://earthquake.usgs.gov/recenteqsUS/Maps/US2/36.38.-122.-120_frames.html See all the ones marked Pinnacles. That's one of my POPs :-) My main site is just south of Morgan Hill and we have another in Hollister. Things always bouncing here. Roy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of JC Dill Sent: Tuesday, December 09, 2003 5:54 PM To: nanog Subject: 4.5 magnitude earthquake in VA http://earthquake.usgs.gov/recenteqsww/Quakes/uscdbf.htm
RE: The Internet's Immune System
Unfortunately myNetWatchman is one of the wordt services I have seen. We can't even get them to send the reports to our abuse address. Roy -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Daniel Medina Sent: Thursday, November 13, 2003 6:40 AM To: [EMAIL PROTECTED] Subject: Re: The Internet's Immune System myNetWatchman has a work-in-progress search-by-AS http://www.mynetwatchman.com/ListIncidentbyASSummary.asp?AS=YOUR_AS_HERE Dan
Re: NOAA warning for rf communications
According to the notice Satellite and other spacecraft operations, power systems, high frequency communications, and navigation systems may experience disruptions over this two-week period. I think you will find that 802.11b and other terrestrial microwave LOS links don't meet any of those criteria and should be unaffected. Some small increase in the noise level may be detected. Chris Yarnell wrote: my office experienced 802.11b weirdness (sudden bouts of 0% signal for no apparent reason) earlier this week. i'm fully expecting more tomorrow. :) There is a high likelihood that things like 802.11, licensed and unlicensed microwave links, and certainly satellite links will sustain interference over the next few days. I assume that everyone on the list is both aware, and prepared ;-)
Re: Massive sprintlink problems?
I'm seeing this on my cable connection too. ([EMAIL PROTECTED]/pts/1:~) traceroute shell.wgops.com traceroute to shell.wgops.com (66.92.192.108), 30 hops max, 38 byte packets 1 10.65.80.1 (10.65.80.1) 7.106 ms 11.420 ms 40.080 ms 2 srp4-0.chrlncsa-rtr4.carolina.rr.com (24.93.66.110) 6.847 ms 7.323 ms 11.712 ms 3 srp4-0.chrlncsa-rtr1.carolina.rr.com (24.93.66.177) 29.755 ms 16.082 ms 45.525 ms 4 srp2-0.chrlncsa-rtr2.carolina.rr.com (24.93.66.178) 8.266 ms 34.051 ms 25.087 ms 5 son0-0-3.chrlncsa-rtr6.carolina.rr.com (24.93.64.61) 49.495 ms 25.806 ms 16.876 ms 6 pop1-cha-P4-0.atdn.net (66.185.132.45) 6.783 ms 9.692 ms 10.515 ms 7 bb2-cha-P0-2.atdn.net (66.185.132.38) 15.873 ms 8.138 ms 23.847 ms 8 bb2-atm-P6-0.atdn.net (66.185.152.30) 13.266 ms 26.131 ms 12.746 ms 9 pop1-atm-P1-0.atdn.net (66.185.147.195) 38.277 ms 10.954 ms 26.400 ms 10 sl-bb23-atl-10-2.sprintlink.net (144.232.8.209) 24.077 ms 14.744 ms 11.853 ms 11 sl-bb26-rly-14-1.sprintlink.net (144.232.20.65) 25.304 ms 57.111 ms 24.054 ms 12 sl-bb22-rly-9-0.sprintlink.net (144.232.14.173) 23.962 ms 45.089 ms 24.062 ms 13 sl-bb22-sj-10-0.sprintlink.net (144.232.20.186) 87.757 ms 112.474 ms 89.224 ms 14 sl-bb20-tok-10-0.sprintlink.net (144.232.9.243) 241.300 ms 219.623 ms 208.599 ms 15 sl-bb21-tac-8-2.sprintlink.net (144.232.19.243) 1261.167 ms 1255.433 ms 1261.609 ms 16 sl-bb22-tac-15-0.sprintlink.net (144.232.17.94) 1281.169 ms 1260.407 ms 1256.265 ms 17 sl-bb20-sea-0-0.sprintlink.net (144.232.9.150) 1272.078 ms 1292.073 ms 1379.581 ms 18 sl-gw11-sea-7-0.sprintlink.net (144.232.6.126) 1251.479 ms 1266.041 ms 1280.311 ms 19 sl-internap-88-0.sprintlink.net (144.228.95.46) 244.087 ms 264.212 ms 243.985 ms 20 border26s.ge1-1-bbnet1.sea.pnap.net (206.253.192.163) 242.164 ms 270.265 ms 253.408 ms 21 * * * 22 fe2-0.spk-2-sea.speakeasy.net (206.191.168.196) 250.064 ms 244.734 ms 248.823 ms 23 kurak.wgops.com (66.92.192.248) 295.366 ms 291.939 ms 366.895 ms 24 shell.wgops.com (66.92.192.108) 302.626 ms 298.338 ms 276.849 ms At 12:47 PM 10/1/2003 -0600, Michael Loftis wrote: Anyone else seeing this:: (1sec+ delay to my idle DSL line across sprintlink...) traceroute is definitely taking an asymmetric path, since pings and tcp connections are consistent 1sec plus RTT starting somewhere in seattle or tacoma.tok? tokyo? Anyway before I start rattling this around I wanted to see if anyone else is seeing this to/from other destinations. [EMAIL PROTECTED]:~# traceroute shell.wgops.com traceroute to shell.wgops.com (66.92.192.108), 30 hops max, 38 byte packets 1 r1 (216.129.251.1) 0.196 ms 0.230 ms 0.257 ms 2 ag125.montanavision.com (216.220.20.125) 0.447 ms 0.300 ms 0.351 ms 3 ag102.montanavision.com (216.220.20.102) 8.643 ms 13.078 ms 8.646 ms 4 sl-gw10-che-2-0-TS1.sprintlink.net (144.223.8.57) 19.749 ms 17.973 ms 19.443 ms 5 sl-bb20-che-3-0.sprintlink.net (144.232.15.145) 19.545 ms 19.301 ms 19.513 ms 6 sl-bb23-chi-6-0.sprintlink.net (144.232.19.194) 37.906 ms 37.168 ms 37.574 ms 7 sl-bb24-chi-15-0.sprintlink.net (144.232.26.101) 36.751 ms 35.515 ms 35.890 ms 8 sl-bb21-sj-8-0.sprintlink.net (144.232.20.161) 153.128 ms 133.215 ms 272.201 ms 9 sl-bb22-sj-15-0.sprintlink.net (144.232.3.162) 84.783 ms 83.089 ms 83.520 ms 10 sl-bb20-tok-10-0.sprintlink.net (144.232.9.243) 207.685 ms 208.017 ms 209.261 ms 11 sl-bb21-tac-8-2.sprintlink.net (144.232.19.243) 449.450 ms 446.199 ms 447.872 ms 12 sl-bb22-tac-15-0.sprintlink.net (144.232.17.94) 463.037 ms 1243.175 ms 444.169 ms 13 sl-bb20-sea-0-0.sprintlink.net (144.232.9.150) 1300.127 ms 1245.757 ms 1247.772 ms 14 sl-gw11-sea-7-0.sprintlink.net (144.232.6.126) 1247.891 ms 1246.780 ms 1245.041 ms 15 sl-internap-89-0.sprintlink.net (144.228.94.118) 198.635 ms 196.617 ms 196.579 ms 16 border26s.ge2-1-bbnet2.sea.pnap.net (206.253.192.227) 196.374 ms 196.691 ms 196.872 ms 17 * * ge0-0-0.brd-1-sea.speakeasy.net (206.191.168.200) 206.800 ms 18 fe2-0.spk-2-sea.speakeasy.net (206.191.168.196) 198.894 ms 197.410 ms 197.248 ms 19 kurak.wgops.com (66.92.192.248) 228.267 ms 225.835 ms 226.328 ms 20 shell.wgops.com (66.92.192.108) 226.949 ms 223.640 ms 224.977 ms -- GPG/PGP -- 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E
Re: Massive sprintlink problems?
Judging by traceroutes to livejournal.com, which is hosted at Internap, there are problems with Sprintlink after that hop to Toyko. I'm now hitting Verio instead. ([EMAIL PROTECTED]/pts/1:~) traceroute shell.wgops.com traceroute to shell.wgops.com (66.92.192.108), 30 hops max, 38 byte packets 1 10.65.80.1 (10.65.80.1) 10.362 ms 38.902 ms 9.224 ms 2 srp4-0.chrlncsa-rtr4.carolina.rr.com (24.93.66.110) 18.458 ms 6.839 ms 12.004 ms 3 srp4-0.chrlncsa-rtr1.carolina.rr.com (24.93.66.177) 7.037 ms 28.487 ms 15.410 ms 4 srp2-0.chrlncsa-rtr2.carolina.rr.com (24.93.66.178) 10.310 ms 9.481 ms 37.424 ms 5 son0-0-3.chrlncsa-rtr6.carolina.rr.com (24.93.64.61) 13.586 ms 11.723 ms 24.317 ms 6 pop1-cha-P4-0.atdn.net (66.185.132.45) 14.614 ms 31.363 ms 38.061 ms 7 bb2-cha-P0-2.atdn.net (66.185.132.38) 11.488 ms 8.203 ms 17.804 ms 8 bb2-ash-P13-0.atdn.net (66.185.152.50) 23.358 ms 24.676 ms 19.804 ms 9 pop3-ash-P1-0.atdn.net (66.185.148.211) 47.522 ms 18.185 ms 19.961 ms 10 Verio.atdn.net (66.185.140.242) 39.030 ms 49.868 ms 19.934 ms 11 p16-0-1-1.r21.nycmny01.us.bb.verio.net (129.250.5.98) 48.592 ms 40.081 ms 98.193 ms 12 p16-1-1-3.r20.sttlwa01.us.bb.verio.net (129.250.5.61) 102.310 ms 93.037 ms 111.446 ms 13 ge-0-1-0.a12.sttlwa01.us.ra.verio.net (129.250.28.20) 108.693 ms 101.358 ms 89.893 ms 14 p1-0-0-0.a12.sttlwa01.us.ce.verio.net (204.203.3.6) 107.124 ms 145.143 ms pos-0-0-1.a12.sttlwa01.us.ce.verio.net (198.104.203.66) 139.623 ms 15 border26s.ge1-1-bbnet1.sea.pnap.net (206.253.192.163) 105.869 ms 107.906 ms 103.090 ms 16 ge0-0-0.brd-1-sea.speakeasy.net (206.191.168.200) 123.558 ms * * 17 fe2-0.spk-2-sea.speakeasy.net (206.191.168.196) 119.556 ms 109.804 ms 102.145 ms 18 kurak.wgops.com (66.92.192.248) 134.806 ms 141.694 ms 164.366 ms 19 shell.wgops.com (66.92.192.108) 148.167 ms 158.066 ms 141.841 ms Quite a bit faster. At 01:09 PM 10/1/2003 -0600, Michael Loftis wrote: According to speakeasy system status page (my DSL provider at the other end there)... It seems though it's rather more widespread than what this notice makes it out to be. 09/26/03 02:18:07 PM Seattle POP Packet Loss Region : Seattle E.T.A. : (none) Services Affected : Some broadband services We are presently seeing packet loss on one of our Seattle POP's backhaul circuits caused by an unexpected increase in traffic caused by Internet worms. We will be fully upgrading this POP within the next few months and are presently investigating interim solutions to these packet loss issues. -- GPG/PGP -- 0xE736BD7E 5144 6A2D 977A 6651 DFBE 1462 E351 88B9 E736 BD7E
Re: Windows updates and dial up users
Stephen J. Wilcox said: On Sun, 21 Sep 2003 [EMAIL PROTECTED] wrote: On Sun, 21 Sep 2003 18:25:50 EDT, Sean Donelan [EMAIL PROTECTED] said: I recently put this suggestion to Microsoft and their response basically avoided the whole issue. Why wouldn't the company want to offer such a CD, assuming that's the motivation behind their stonewalling? It would cost money to produce and ship a new CD on a frequent enough basis for it to do any good. Consider that we're seeing worms within 4 weeks of the patch coming out. How many CD duplicating places are willing to take on a multi-million run with a 1-2 week turn-around, once a month, every month? Ok then different idea, assuming that we're all agreed its MS's responsibility to ensure users are patched promptly and without extra cost to the end user. Its not a problem patching on a dialup, it just takes longer, this may put people off when they see their computer tell them its going to take 3 hours to download and theyre paying per minute on the call What if MS included something in the Windows Update that gave the user the option of calling a toll-free number operated by MS for the purpose of downloading.. ? Steve Realise that this would require MS to take responsibility for putting out bad code. That's quite unlikely, IMO.
Re: VeriSign SMTP reject server updated
While 550 may be the proper answer for a domain that does not exist, it is an improper answer for a domain that does exist but that is not included in the zone for some reason. Verisign is not the owner of the domain and, as such, has no right to discard mail destined for that domain. Mail should remain in the queue of the sender. Matt Larson wrote: Folks, One piece of feedback we received multiple times after the addition of the wildcard A record to the .com/.net zones concerned snubby, our SMTP mail rejection server. This server was designed to be the most modest of SMTP implementations and supported only the most common sequence of SMTP commands. In response to this feedback, we have deployed an alternate SMTP implementation using Postfix that should address many of the concerns we've heard. Like snubby, this server rejects any mail sent to it (by returning 550 in response to any number of RCPT TO commands). We would like to state for the record that the only purpose of this server is to reject mail immediately to avoid its remaining in MTA queues throughout the Internet. We are specifically not retaining, nor do we have any intention to retain, any email addresses from these SMTP transactions. In fact, to achieve sufficient performance, all logging has been disabled. We are interested in feedback on the best way within the SMTP protocol to definitively reject mail at these servers. One alternate option we are considering is rejecting the SMTP transaction by returning a 554 response code as described in Section 3.1 of RFC 2821. Our concern is if this response effectively causes most SMTP servers to bounce the message, which is the desired reaction. We are researching common SMTP servers' handling of this response code; at least one popular server appears to requeue mail after receiving 554. Another option is remaining with the more standard SMTP sequence (returning 250 in response to HELO/EHLO), but then returning 550 in response to MAIL FROM as well as RCPT TO. I would welcome feedback on these options sent to me privately or the list; I will summarize the former. Matt -- Matt Larson [EMAIL PROTECTED] VeriSign Naming and Directory Services
Re: Route failures to behosting.com
At 09:35 PM 9/17/2003 -0400, Henry Yen wrote: On Wed, Sep 17, 2003 at 09:29:57AM -0400, Brian Bruns wrote: Attempts to access behosting.com were successful from several different locations, which included ameritech and sprint. I'm not going to include traceroutes here (if you would like them, I can email them to you privately). What ISPs are you using to try and get to them? behosting.com/www.behosting.com (aka 216.121.96.160) also accessible without problem from sprint and uunet. No problems from qwest or cw. - Original Message - From: Lou Katz [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 9:23 PM Subject: Route failures to behosting.com I am unable to reach them via several different ISPs. It looks to my naive eyes like routes to them have vanished. Can anyone shed any light on this? -- Henry Yen Aegis Information Systems, Inc. Senior Systems Programmer Hicksville, New York
Verisign's legal woes???
I am just wondering how long until some sharp lawyer sues the heck out of Verisign. While one could argue about who owns unregistered names, there is little or no question about who owns registered names. Verisign's current implementation breaks down for registered names that are not in the zone for some reason. The legal problems 1. This could be considered hijacking of the domain name 2. If the domain name is trademarked, it could be a trademark violation 3. If a registered name goes on HOLD for a day, mail service is suspended (most MTAs keep retrying when the name doesn't resolve). Under the new scheme it all bounces 4. By bouncing mail using the name, it could be the unauthorized use of a domain (that's a crime in California) If one wants to experiment, use dorkslayers.com as your test case. Its a valid paid-for active domain name with no nameservers. Might make a nice class action suit on behalf of all the owners of domain names that aren't in the zone. Could be worth a lot of legal fees.
Neeed a new RFC?
We need a peremptive strike to create our own RFC that says not to do this. Ray Wong wrote: On Tue, Sep 16, 2003 at 04:07:21PM -0600, John Neiberger wrote: http://apnews.excite.com/article/20030916/D7TJOF3G0.html -- my favorite: VeriSign spokesman Brian O'Shaughnessy said Tuesday that individual service providers were free to configure their systems so customers would bypass Site Finder. But he questioned whether releasing a patch to do so would violate Internet standards. ^^ What else is there to say? Any bets that Verisign tries to accuse ISC of being a terrorist organization once the patch comes out? At the least a spurious lawsuit seems certain.
Re: Change to .com/.net behavior
It looks like it broke. Your web server (64.94.110.11) is inoperative. How about backing out the change Matt Larson wrote: Today VeriSign is adding a wildcard A record to the .com and .net zones. The wildcard record in the .net zone was activated from 10:45AM EDT to 13:30PM EDT. The wildcard record in the .com zone is being added now. We have prepared a white paper describing VeriSign's wildcard implementation, which is available here: http://www.verisign.com/resources/gd/sitefinder/implementation.pdf .
North America not interested in IP V6
This article seems to imply that North American networks don't care about IP V6 while the rest of the world is suffering great hardship http://www.msnbc.com/news/945119.asp PS. Please don't shoot the messenger
NOC contact for he.net
I have lost my copy of the contact list for the NOCs. Can someone supply the contact ingo for he.net?
Another hijacked range???
Found this note in another mailing list. ---BeginMessage--- In article [EMAIL PROTECTED], Javier Henderson wrote: I'd get a local transit provider with good peering. I've been entirely too happy with Layer42 http://www.layer42.net interesting, given the other thread here on IP address squatting: www.layer42.net has address 166.88.4.14 OrgName:CARABINEROS DE CHILE OrgID: CDC-38 Address:2336F Walsh Ave City: Santa Clara StateProv: CA PostalCode: 95051 Country:US NetRange: 166.88.0.0 - 166.88.255.255 A few years ago that record had this street address: AMUNATEGUI 519 PISO 3 SANTIAGO CHILE why, one asks, would a provider in California be using IP addresses registered to Chilean police authorities? -- Andrew, Supernews http://www.supernews.com - individual and corporate NNTP services ---End Message---
Re: Datacenter electrical/genset
One point that I would like to make is to carefully look at your requirements. Your web site (based on your email address) indicates a county office of education. Do you really need to run off generator for several days? An extended battery UPS (like six hours or so) may be a feasible alternative and is probably less than one half the price of a generator and has the added benefit of low maintenance. In my area if PGE can't restore power in six hours or so then power loss may be the least of my worries. Dan Lockwood wrote: To throw some water on the flames that I have been receiving, I will be posting a summary of everyone's good information this weekend when I get time. It is my intention to make that information available to the community. Calling me names is childish and unnecessary. Again, thanks to those that took the time to participate.Dan LockwoodMicrosoft Certified ProfessionalCompTIA Network+ CertifiedCisco Certified Network Associate
Re: anti-spam vs network abuse
I haven not checked NJABL but some of the other other open relay testers use scenarios that are illegal (actually criminal) in California. Roy [EMAIL PROTECTED] wrote: We (Atlantic.Net) have gotten a flurry of abuse complaints from people who's systems have been scanned by 209.208.0.15 (rt.njabl.org...a DNSBL hosted on our network). I'm hoping the new PTR record will head off many complaints now. For the past 15 months, NJABL has reactively tested systems that have connected to participating SMTP servers to see if those systems are open relays. Just over a week ago, NJABL added open proxy testing to its relay testing software. The proxy testing checks for a variety of common proxy software/protocols on about 20 different ports simultaneously. This is apparently setting off some IDS/firewall alarms. We do not consider what NJABL does abuse, and we reply to all the complaints explaining that the complainant should go have a look at http://njabl.org/ and hopefully they'll understand why their system was scanned. This sort of activity is becoming more common / mainstream, so people ought to just get used to it. Road Runner is doing the same thing (according to http://sec.rr.com/probing.htm) which is pretty ironic given how their security department has gotten along with (or not) various DNSBLs in the past. BTW...in the week that NJABL has been testing for open proxies, more than 18000 have been detected, pretty much all of which are actively being abused by spammers, else mail would not have come through them. -- Jon Lewis [EMAIL PROTECTED]| I route System Administrator| therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: anti-spam vs network abuse
It isn't the probing that is illegal in California, its the unauthorized use of a domain name especially in the from address. http://law.spamcon.org/us-laws/states/ca/pc_502.shtml 9.Knowingly and without permission uses the Internet domain name of another individual, corporation, or entity in connection with the sending of one or more electronic mail messages, and Andy Dills wrote: On Fri, 28 Feb 2003, Charlie Clemmer wrote: At 03:52 PM 2/28/2003 -0500, Andy Dills wrote: Why is probing networks wrong? Depends on why you're doing the probing. If so, why outlaw the act of probing? Why not outlaw probing for the purposes of...? If you're randomly walk up to my house and check to see if the door is unlocked, you better be ready for a reaction. Same thing with unsolicited probes, in my opinion. Can I randomly walk up to your car to see if it's unlocked without getting a reaction out of you? This is different. Metaphors applying networking concepts to real world scenarios are tenuous at best. In this case, your door being unlocked cannot cause me harm. However, an unlocked proxy can. Legit probes are an attempt to mitigate network abuse, not increase it. If there was a sanctioned body who was trusted to scan for such things, maybe this wouldn't be an issue. But there's not, so it's a vigilante effort. Where this thread got started, the scenario was around if I connect to your SMTP server to attempt to relay mail, is it then right to probe me for open relays and so forth. In that case, I can see the reasoning, as I initiated the connection, so you're checking to see if I'm sane or not. The line gets drawn though as to how much probing is reasonable ... can you probe my system for ALL open ports/exploits just because I tried to send mail through you, or can you probe all machines that fit in my address range (and how do you determine my address range?) ... that's where the larger debate comes in. Actually, I think the debate starts with Paul telling Jon that Jon isn't passively scanning connection hosts, he's actively trawling for open proxies, that Paul has the logs to prove it, and that since Paul is in California, Jon has broken the law. Paul has only indicated his point of view objectively; he hasn't yet indicated he wants to do something about it (or that he personally feels that he should do something about it). I have servers hosted at shared colo facilities. If you were to scan the entire netblock for my colo provider because a different customer at the same facility tried to send mail through you, how am I to determine your cause, or determine that it was not a scan for a vulnerability? You don't have to. This is why I never understood why people care so much about probing. If you do a good job with your network, probing will have zero affect on you. All the person probing can do (regardless of their intent) is say Gee, I guess there aren't any vulnerabilities with this network. Andy Andy Dills 301-682-9972 Xecunet, LLCwww.xecu.net Dialup * Webhosting * E-Commerce * High-Speed Access
Re: huge power outage in sj
No effects here in South San Jose! Scott Granados wrote: Just a note, about ten minutes ago a big jult went through our building at 35 S. Market and we lost power entirely. It looks like 55 S market is also with out power although I assume generators have kicked in. Cause is unknown yet but there is lots of fire and police activity near by so probably a substation or something blew up.
OC-48 failure last night
There was a major OC-48 failure somewhere near Salinas, California about 2AM PDT today which resulted in loss of connectivity to a lot of the ISPS in that LATA. Anyone have any details?
Any people still with old filters?
In a recent discussion with a company that owns a /16 and has it broken down further, the statement was made that there are ISPs that filter routes at /16 in what was traditional class B space. The example cited was Verio. Verio web pages state they don't do this any more (the filter is /21). Is there anyone that still filters routes longer than /8 and /16 in the traditional Class A and B space?
Routing table in a file
Does anyone dump their copy of the routing table to a flat file regularly and make this available? I need do some queries. The web based versions don't accept modifiers like lon on the show ip bgp commands.
Pac Bell Internet down?
Traces to some PBI IP addresses seem to die at the Sprint-PBI transition.
Re: Pac Bell Internet down?
Pacbell Internet is reporting a major meltdown at the switch in the Sacramento area. Roy wrote: Traces to some PBI IP addresses seem to die at the Sprint-PBI transition.
Re: 5.2 Earthquake in Northern California
I live about 3 mi from the epicenter and our main NOC is about 9 miles. As far as I can tell, we didn't even drop a packet. Some stuff fell of the shelves and the cats panicked as expected. Reference my previous note, Broadwing called about 10 minutes after the quake and told me they had isolated the problem and expected repair within the hour. It was fixed on schedule so the phone people were BAU. John Kinsella wrote: There's something on sfgate.com about phone service being out in SJ? I couldn't call out on cingular but could receive calls. John On Mon, May 13, 2002 at 10:25:19PM -0700, Sameer R. Manek wrote: We just had a 5.2 magnitude earthquake at 10pm, it was centered SW of Gilroy, CA. Cingular's network was peaked for a few minutes after the call, presumably as everyone called friends/family. No reports of phone/power outages yet. Sameer - Sameer R. Manek Email: [EMAIL PROTECTED] What one has not experienced, one will never understand in print. --Isadora Duncan -
Phone for Broadwing NOC?
Anyone get a better phone number for the broadwing NOC? The one I used just left me on hold for 45 minutes. Their repair number says to call back during business hours. Roy Engehausen
Re: genuity - any good?
Two bad experiences for me: 1) Their BGP polices are not as good as others. They force you to register each route you want to advertise rather than allowing you to advertise any reasonable route for your prefixes. According to one of their top people, prefix-lists were unreliable new technology. We gave up and canceled the circuit. 2) Try to quit is a nightmare. We were billed for months beyond our cancellation. Roy Engehausen matthew zeier wrote: I've gotten attractive pricing from Genuity but I haven't used them in a couple years. Is there any reason I wouldn't want to use them as a third upstream OC3 provider? Thanks. - mz -- matthew zeier - In mathematics you don't understand things. You just get used to them. - John von Newmann
Re: genuity - any good?
You have hit the nail on the head. I don't argue with route filtering, just the hoops that I had to go through with Genuity as compared to my other providers. At the time, the fastest line available in my location was T1 and I was having to load balance between providers and lines by advertising small pieces out different lines. Martin, Christian wrote: I think the argument is not about route filtering - it is the implementation method. Genuity uses ip extended access-lists. Everyone else uses prefix-lists. To a purist, the former is more granular, but performs poorly because it is a linked list implementation. The later, while less granular, performs faster by using a trie. It also allows insertion without list rebuilding. Does this matter much? I'm sure there are some that have tested convergence between the two technologies, so I'd welcome comments out of curiosity. They are somewhat anal with their lists as well. If you have a /19, but you want to deaggregate for inbound BGP TE, you will need to send them EVERY route you will send. That can be 64 subnets. For a /16, it is waaayyy worse. Then again, it allows them to know exactly how many prefixes MAY be announced from their customers, which I suppose has its merits. chris -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Friday, April 12, 2002 2:08 PM To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: genuity - any good? 1) Their BGP polices are not as good as others. They force you to register each route you want to advertise rather than allowing you to advertise any reasonable route for your prefixes. According to one of their top people, prefix-lists were unreliable new technology. We gave up and canceled the circuit. Man I don't know of a provider that doesn't do this - but the fact is this is a good thing.
Re: genuity - any good?
Registering is not bad, its just not beneficial. Given that the routes I want to announce are within my assigned range, why is it a good thing to register them? If the transit provider always add entries when I ask for them, it seems to be very little benefit.. This is the case of transit so I am a customer paying money for a service. I started this subthread because I felt others would want to know about this. I made the mistake of buying transit service without asking about their BGP policies. I was hoping to help by sharing my experience. Stephen Griffin wrote: In the referenced message, Roy said: Two bad experiences for me: 1) Their BGP polices are not as good as others. They force you to register each route you want to advertise rather than allowing you to advertise any reasonable route for your prefixes. According to one of their top people, prefix-lists were unreliable new technology. We gave up and canceled the circuit. How is registering the routes you are going to announce a bad thing?