RE: TransAtlantic Cable Break
_ From: Rod Beck [mailto:[EMAIL PROTECTED] To: Sean Donelan [mailto:[EMAIL PROTECTED], Hank Nussbacher [mailto:[EMAIL PROTECTED] Cc: nanog [mailto:[EMAIL PROTECTED] Sent: Fri, 22 Jun 2007 10:14:20 -0800 Subject: RE: TransAtlantic Cable Break Protected 10 gig waves NYC/London are extremely expensive. Say $60K or more per month. Not bad as DS3's between Alaska Seattle used to cost that much. -Dee So it usually makes sense for the Layer 3 guys to lease diversely routed 10 gig waves and do the protection themselves using MPLS or load balancing or some other protocol about which I know little ... Roderick S. Beck Hibernia Atlantic 1 Passage du Chantier, 75012 Paris http://www.hiberniaatlantic.com Wireless: 1-212-444-8829. Landline: 33-1-4346-3209 [EMAIL PROTECTED] [EMAIL PROTECTED] ``Unthinking respect for authority is the greatest enemy of truth.'' Albert Einstein. -Original Message- From: [EMAIL PROTECTED] on behalf of Sean Donelan Sent: Fri 6/22/2007 4:56 PM To: Hank Nussbacher Cc: nanog Subject: Re: TransAtlantic Cable Break On Fri, 22 Jun 2007, Hank Nussbacher wrote: Tell that to the 10 gig wave customers who lost service. Very few cable systems provide protection at the 10 gig wave level. If you don't pay the extra amount for a protected circuit, why should your circuit get protection for free when others have to pay for it? Now, if there are 10G customers with protected circuits who lost service, then hopefully they have in their contract hefty penalty clauses against the carrier. If not, then they are just plain stupid. Is paying for protected circuits actually worth it. Or are you better off just buying two circuits and using both during normal conditions. Use switching at layer 3 to the remaining circuit during abnormal conditions. Most of the time, you get twice the capacity for only twice the price instead of a protected circuit where you only get the once the capacity for twice the price. Of course, there is still the problem some facility provider will groom both your circuits on to the same cable. If you are buying pre-emptable circuits, hopefully you understand what that means.
Re: Undersea fiber cut after Taiwan earthquake - PCCW / Singtel / KT e tc connectivity disrupted
I was formerly employed by WCI Cable in Forest Grove, OR. which had the landing station for cable to Alaska, Australia, Japan, etc. It was not Alaska Northstar then, but Alaska FiberStar. -Dee - Original Message - From: Fred Heutte [mailto:[EMAIL PROTECTED] To: [EMAIL PROTECTED] Cc: [EMAIL PROTECTED], nanog@merit.edu Sent: Thu, 28 Dec 2006 17:28:36 -0900 Subject: Re: Undersea fiber cut after Taiwan earthquake - PCCW / Singtel / KT e tc connectivity disrupted There are significant cable landing sites at Pacific City and at Nedonna Beach near Rockaway, Oregon, not far from here in Portland. They connect variously to Japan, Hawaii (and Australia), Alaska and California. Quite a bit about these cable terminuses can be found at the Oregon Fishermen's Cable Committee web site. www.ofcc.com/cable_locations.htm The OFCC worked closely from the mid-1990s onward with at least three cable operators, Tyco, Alaska Northstar and Southern Cross (which has the main US-Australia loops). They have a special agreement that basically amounts to a collaborative approach to actual or potential cable snags by trawlers. The background makes for interesting reading. The Oregon Fishermen's Undersea Cable Committee Agreement (Oregon Fishermen's Agreement) is the first effort by two industries to discuss, describe and delineate their shared use of a community resource -- the ocean . . . The Oregon Fishermen's Agreement is intended to prevent damage to the fiber optic cable by releasing a Participating Fisherman from possible civil liability for ordinary negligence to WCICI/ANC/NorthStar Network under defined circumstances rather than by relying on fear and litigation. www.ofcc.com/about_ofcc.htm There's also an International Cable Protection Committee with what looks like a pretty complete listing of all active, retired and planned cable routes at: www.iscpc.org -- fh - Frank Coluccio wrote: Kidding aside, these errors are actually intentional, and the publisher makes no bones about it at the bottom of the page. See disclaimer under the South Atlantic Ocean: Cable Routes do not represent all subsea cable networks and do not reflect actual location of cables The relevant charts and or current navigation software have the cables well marked because mariners have an obligation under several international treaties (going back to 1884) not to hit them... If you have the tools to go on a fishing trip you have the tools to find the cable. If you obfuscate the location of cables I can plead ignorance when I drag it up with my achor. http://mapserver.maptech.com/mapserver/nautical_symbols/L4.html Like with back-hoeing through fiber, if you think hitting a submarine cable is bad there's plenty other stuff out there that has potentially disastrous consequences, gas lines, oil lines, well heads, high voltage power lines, and of course lots of other things that fall into the category of navigational hazards. joelja -- Joel Jaeggli Unix Consulting [EMAIL PROTECTED] GPG Key Fingerprint: 5C6E 0104 BAF0 40B0 5BD3 C38B F000 35AB B67F 56B2
RE: workhorse of the future...
We are working Juniper to build the next gen version, hopefully they listen. -Dee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of [EMAIL PROTECTED] Sent: Tuesday, January 10, 2006 1:40 PM To: [EMAIL PROTECTED] Subject: workhorse of the future... first it was the vitalinks, then the bridge gear, then proteon, then cisco AGS, then 7600VXR, then 7301s looking to find the next-gen workhorse ... looking for 4-6yr life expectancy. pointers(private are ok) are appreciated - as well as -why- you think the suggested boxen are likely candidates. --bill
Re: Clueless anti-virus products/vendors (was Re: Sober)
-Original Message- From: Daniel Senie [mailto:[EMAIL PROTECTED] Sent: Friday, December 2, 2005 11:27 AM To: [EMAIL PROTECTED] Subject: Clueless anti-virus products/vendors (was Re: Sober) At 03:12 PM 12/2/2005, Michael Loftis wrote: --On December 2, 2005 2:02:15 PM -0600 Dennis Dayman [EMAIL PROTECTED] wrote: Interested, but I see many Sober postings and outages on other lists and not here...has anyone been having issues? I know the ISP's are fighting the living out of the virus. I've been seeing a few really large bursts into our mailserver. Not sure if it's a new variant or a reoccurrence of an old strain. I put in a good number of new port 25 inbound blocks for infected systems and attempted to put up a few checks inside of our front end mail servers rather than in the virus and spam filtering (which happens later for us, so for bad surges we put a few custom rules up front early in postfix). Only stuff we're seeing is a lot of blowback from dumb mail systems that accept email, THEN scan for viruses, and ultimately decide to send a note back to the From: address in the body of the infected email. Since the From: is invariably forged, the uninvolved owner of those forged email addresses gets hammered. Can people building virus scanning devices PLEASE GET A %^*^ CLUE? This means you, Barricuda Networks, more than anyone else, but we also see this annoyance from Symantec devices, and from some AOL systems as well. It's a simple switch in the GUI of Barracuda Networks to turn of this annoyance. More operator error than Barracuda's fault, IMHO. -Dee Blasting a note back does two things: 1. It allows the worm or virus author an opportunity to implement an amplified attack on a third party using your filtering systems. 2. The bounce messages mostly include an advertisement for the filtering box's vendor. Get a clue... this is a REALLY negative advertisement for your spam virus filtering technology. If you can't manage to realize the virus laden email should perhaps be dropped, then it makes your box look poorly designed. Oh, and please delete the infected file rather than sending that along too. OK, off my soapbox. Dan
RE: Clueless anti-virus products/vendors (was Re: Sober)
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Richard Cox Sent: Friday, December 02, 2005 4:23 PM To: [EMAIL PROTECTED] Subject: Re: Clueless anti-virus products/vendors (was Re: Sober) On Sat, 03 Dec 2005 00:45:05 + W.D.McKinney [EMAIL PROTECTED] wrote: It's a simple switch in the GUI of Barracuda Networks to turn of this annoyance. More operator error than Barracuda's fault, IMHO. Not if a software upgrade from Barracuda can cause the current configuration to be silently reverted to Barracuda's defaults ... That never happened on any of our cluster. -Dee -- Richard
OT: Anyone here know what's up with inet-access.net
-Original Message- From: Mail Delivery Subsystem [mailto:127.0.0.1] Sent: None To: [EMAIL PROTECTED] Subject: Delivery Status Notification The original message was received at Mon, 10 Oct 2005 18:24:25 -0800. - The following addresses had permanent fatal errors - [EMAIL PROTECTED] (reason: while talking to mqueue.netaxs.com; 554 [EMAIL PROTECTED]: Relay access denied) Reporting-MTA: dns; burger.akwireless.net Arrival-Date: Mon, 10 Oct 2005 18:24:25 -0800 Final-Recipient: rfc822; list@inet-access.net Action: failed Status: 5.0.0 Diagnostic-Code: smtp; while talking to mqueue.netaxs.com; 554 list@inet-access.net: Relay access denied Last-Attempt-Date: Mon, 10 Oct 2005 18:24:25 -0800 ---BeginMessage--- Just wondering if the list is still working? -Dee ---End Message---
WISPA Wireless Crisis Center
Katria network help about the Wireless side is at http://www.wispa.org/ and more pointedly at http://katrina.cnt.org/wordpress/ Hope this helps, -Dee
Re: Update on Wireless Katrina Response
-Original Message- From: Fergie (Paul Ferguson) [mailto:[EMAIL PROTECTED] Sent: Monday, September 5, 2005 08:35 AM To: nanog@merit.edu Subject: Update on Wireless Katrina Response On Friday, the FCC held a conference call with wireless internet service providers and representatives of tech companies including Intel, Cisco, and Vonage -- the goal was to urgently coordinate private and public sector resources to get communication systems up again in areas devastated by Katrina. http://www.boingboing.net/2005/09/05/update_on_wireless_k.html - ferg The list at part-15.org has information on the Wisps setting up Wireless service ASAP. Also some VoIP services. -Cheers Dee
Re: 192.169.0.0
Christopher L. Morrow wrote: On Fri, 3 Jun 2005, Randy Bush wrote: more grist for your mill: TWT has a route-server (from traceroute.org's listings) note the age of this route: B192.169.0.0/16 [200/0] via 168.215.52.102, 7w0d i don't get it. this is supposed to be a good thing. am i supposed to just announce the 200+ /8s that cover the net, figuring anyone who has space will announce their longer prefix? tricky stuff sits and waits to backfire on one. so the older and lazier of us tend to play as close to the straight and narrow as we can to get the job done. So, I'm not condoning this at all, just offering a possible explanation... As was explained at one time on this list I think? Some folks will, in favor of holding a complete 150k+ routes, hold large enough covering routes internally and not most of the the smaller routes to save memory. Something like 'almost default'... it confused me and it caused me some pain so it seems like a bad thing. This seems to re-enforce that idea. (to me atleast). Perhaps someone will fix it? Where is the route leaking from TWTC in the first place? A customer or ? Apparently only 14608 sees it at route-views? Is alaska fiberstar listening tonight? a random sample of routerservers off traceroute.org shows no one else with this route... As you can see from the website http://www.alaskafiberstar.com they don't have any IP operations info available. My guess is that they out-sourced IP operations as they filed bankruptcy in 2001. figures Dee
Re: Battery Maint in LEC equipment
-Original Message- From: Sean Donelan [mailto:[EMAIL PROTECTED] Sent: Sunday, June 5, 2005 04:02 AM To: 'David Lesher' Cc: 'nanog list' Subject: Re: Battery Maint in LEC equipment On Sat, 4 Jun 2005, David Lesher wrote: Have any NANOG'ers [NANOGites? NANOGees?] run into this? Again, this is LEC owned, LEC maintained, equipmentDo you provide generator power for such in your space? Generally, the ILECs were the only ones that did this. I've had multiple CLECs (Brooks, MFS, WilTel, etc) install fibermux cabinets, none of them provided any backup batteries by default. They used local building power, and we had to make sure they were connected to our backup generator. If you wanted to pay for it, some of the CLECs would add batteries. But it wasn't part of the base package. All the ATT pops usually have nice battery and gen sets. That's what I like. Dee
Re: djbdns: An alternative to BIND
-Original Message- From: Vicky Rode [mailto:[EMAIL PROTECTED] Sent: Friday, April 8, 2005 10:55 PM To: nanog@merit.edu Subject: djbdns: An alternative to BIND -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 http://software.newsforge.com/article.pl?sid=05/04/06/197203from=rss Just wondering how many have transitioned to djbdns from bind and if so any feedback. We did that 2 years ago and it has been a nice move. Zones are much easier to transfer/build and it's a very solid DNS version. Cheers, Dee
Re: www.nanog.org returning 403 Forbidden error?
-Original Message- From: Brent Chapman [mailto:[EMAIL PROTECTED] Sent: Monday, March 7, 2005 11:58 PM To: nanog@merit.edu Subject: www.nanog.org returning 403 Forbidden error? I just tried accessing http://www.nanog.org/, and am getting back a 403 Forbidden error: Forbidden You don't have permission to access / on this server. Did somebody break the web server? Works here fine for me. Nice to see Seattle on it also! Dee
Re: Has postini been taken over?
On Thu, 2004-08-19 at 21:27, Hank Nussbacher wrote: At 10:17 PM 19-08-04 -0700, Ray Wong wrote: I am just trying to understand how postini is bypassing my anti-spam ACLs. Again, you haven't answered his question Did your ISP or some other email provider possibly sign up for Postini? How many different domain addresses forward into your account? If you accept mail from any other server for any other domain, that domain could be a postini customer. You are missing my point. I am the ISP. I have a *downstream* customer who may or may not have signed up to Postini. This *downstream* customer is bypassing my anti-spam ACLs by somehow using Postini. I am trying to figure out how Postini works. -Hank Did you just get the reply from CKM Hank ? Dee
Re: PPPoE questions
-Original Message- From: Curtis Maurand [mailto:[EMAIL PROTECTED] Sent: Thursday, July 29, 2004 10:25 PM To: 'J Sparacio' Cc: [EMAIL PROTECTED] Subject: Re: PPPoE questions Been there, done that. -- Curtis Maurand mailto:[EMAIL PROTECTED] http://www.maurand.com On Thu, 29 Jul 2004, J Sparacio wrote: There's a thing called Google.com. If you put a string in the search field, and hit search...it will return lots of websites that will probably have all the information you could want about PPPoE. Here I'll even make it easy for you to get to google. Just click here, you won't even have to put in a search string, I did that for you. Good luck! On Thu, 2004-07-29 at 16:37, Curtis Maurand wrote: Anyone know where I can go to ask a couple questions regarding PPPoE. I need to talk to someone more knowlegeable about it than I. Curtis -- Curtis Maurand mailto:[EMAIL PROTECTED] http://www.maurand.com
Re: Overflow circuit
-Original Message- From: Mailing List Subscriptions [mailto:[EMAIL PROTECTED] Sent: Saturday, March 27, 2004 08:13 AM To: [EMAIL PROTECTED] Subject: RE: Overflow circuit I have been doing VoIP over sat to northern Canada and Latin America for more than five years now, using Cisco routers with analog and digital voice ports, and also IP phones. Other than the inevitable lag due to 500+ ms RTT, the voice quality with the G.729 codec has been good. I have lost count of the number of mining operations in northern Canada that rely in VoIP over sat for communication with the civilized world. Some of the bigger operations have in excess of 500+ Cisco IP phones. Alaska has a lot connections doing VoIP over Sat also. Most of the state is served by Sat connections, being the largest state in the U.S. Dee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Alexei Roudnev Sent: Friday, March 26, 2004 11:39 PM To: Patrick Murphy; Mailing List Subscriptions; [EMAIL PROTECTED] Subject: Re: Overflow circuit VoIP over satellite? I am very sceptical about it. Better, forget such idea. You may want to look at using H.323 gatekeepers with CAC (Call Admission Control). Here is a link to a Whitepaper on this Subject. http://www.cisco.com/en/US/partner/tech/tk652/tk701/technologi es_white_paper09186a00800da467.shtml Patrick - Original Message - From: Mailing List Subscriptions [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Friday, March 26, 2004 7:54 PM Subject: Overflow circuit I am looking for advice on technique or products that can solve the following challenge ... Two private line T1's between A and B - one terrestial T1 with 200 ms RTT, the other T1 is over satellite with ~500 ms RTT. The circuits are being used for mixed VoIP (70%) and data (30%) applications. To achieve optimal voice quality, we want to route all VoIP calls over the terrestial T1 until it is full, then divert all subsequent VoIP calls over the satellite T1 (** while existing VoIP calls continue to be routed over the terrestial T1). So it looks like I need per-flow (based on protocol, src IP, dst IP, src port, dst port) routing. It looks like MPLS Traffic Engineering can do the job. Is there anything else that can it with less complexity? Ideas or recommendations? Regards, Joe
Re: Juniper pepsi
On Wed, 2004-03-03 at 14:52, Eric Kuhnke wrote: I have heard rumors of a new low-end 1U Juniper router, aimed directly at replacing the 2600/3600 series. Supposedly its code name is Pepsi... Does anyone have more info on this? :-) No, but hope so. Dee -- W.D.McKinney [EMAIL PROTECTED]
Re: dealing with w32/bagle
-Original Message- From: Dan Hollis [mailto:[EMAIL PROTECTED] Sent: Wednesday, March 3, 2004 08:24 PM To: '[EMAIL PROTECTED]' Subject: dealing with w32/bagle I am curious how network operators are dealing with the latest w32/bagle variants which seem particularly evil. Also, does anyone have tools for regexp and purging these mails from unix mailbox (not maildir) mailspool files? Eg purging these mails after the fact if they were delivered to user's mailboxes before your virus scanner got a database update. -Dan Simply put, I run a Barracuda Networks box so I don't worry. Dee
Re: How relable does the Internet need to be? (Was: Re: Converged Network Threat)
-Original Message- From: Steve Gibbard [mailto:[EMAIL PROTECTED] Sent: Thursday, February 26, 2004 12:30 AM To: [EMAIL PROTECTED] Subject: How relable does the Internet need to be? (Was: Re: Converged Network Threat) snipped So, it appears that among general infrastructure we depend on, there are probably the following reliability thresholds: Employees not being able to get to work due to snow: two to three days per year. Berkeley storm sewers: overflow two to three days per year. Residential Electricity: out two to three hours per year. Cell phone service: Somewhat better than nine fives of reliability ;) Landline phone service: I haven't noticed an outage on my home lines in a few years. Natural gas: I've never noticed an outage. How Internet service fits into that of course depends on how you're accessing the Net. The T-Mobile GPRS card I got recently seems significantly less reliable than my cell phone. My SBC DSL line is almost to the reliability level of my landline phone or natural gas service, except that the DSL router in my basement doesn't work when electric power is out. I'm probably poorly qualified to talk about the end-user experience on the networks I actually work on, even if I had permission to. Like pretty much everybody else here, I'm always interested in doing better on reliability. And, like many of my neighbors, I'd like to be able to store stuff on my basement floor. In comparison to a lot of other infrastructure we depend on, it seems to me the Internet is already doing pretty well. -Steve With BPL on the horizon and the Electric Utils looking to de-regulate in some areas, it will be interesting to watch infrastructure adapt accordingly. I think the Internet is doing pretty well save some IOS code problems from time to time, and the typical root server hicups. Dee
Re: How relable does the Internet need to be? (Was: Re: Converged Network Threat)
Thanks for pointing that out. That was the wrong way to describe my standpoint. Frequent changes in DNS across the board, including edge servers make connections seem non-working, when in reality it is a mis-configured DNS zone. So whether Dee -Original Message- From: Joe Abley [mailto:[EMAIL PROTECTED] Sent: Thursday, February 26, 2004 12:57 AM To: 'W.D.McKinney' Cc: [EMAIL PROTECTED] Subject: Re: How reliable does the Internet need to be? (Was: Re: Converged Network Threat) On 26 Feb 2004, at 08:46, W.D.McKinney wrote: I think the Internet is doing pretty well save some IOS code problems from time to time, and the typical root server hicups. I'm interested to know what you mean by typical root server hicups. I'm trying to think of an incident which left the Internet generally unable to receive answers to queries on the root zone, but I can't think of one. By typical, do you mean non-existent? Joe
Re: Anti-spam System Idea
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Sunday, February 15, 2004 01:21 AM To: 'Tim Thorpe' Cc: [EMAIL PROTECTED] Subject: RE: Anti-spam System Idea On Sat, 14 Feb 2004, Tim Thorpe wrote: If these exist then why are we still having problems? Because the spammers are creating proxies faster than any of the anti-spam people can find them. Evidence suggests, at least on the order of 10,000 new spam proxies are created and used every day by spackers (spammer/hackers). The relative insecurity of windows and ignorance of the average internet user has created an incredibly target rich environment for the spackers. Why do we let customers who have been infected flood the networks with traffic as they do? Should they not also be responsible for the security of their computers? Do we not do enough to educate? Economics, and convenience outweighing security. We're big, and slow to change. They're small and mobile. The Barracuda Networks Firewall helped us and especially recently. Realize it's an edge solution, but seems about all we can do right. Some of the users still are using other accounts are getting spacked. Dee Alaska Wireless Systems
Re: www.sco.com no longer has an DNS A record
On Sat, 2004-01-31 at 22:55, Sean Donelan wrote: On Sun, 1 Feb 2004, Adam 'Starblazer' Romberg wrote: SCO appears to have deleted the A record for www.sco.com from their DNS about 1 hour ago. I don't know how often MyDoom does the DNS lookup, so it may not stop things. As of 1:33AM CST, www.sco.com is still resolving... however their A record has a TTL of 60 seconds. I even queried ns.calderasystems.com directly and it still answers for www.sco.com and sco.com Looks like SCO has added the records back. I queried ns.calderasystems.com directly. Here is what it looked like earlier: $ORIGIN sco.com. ;www5931IN SOA ns.calderasystems.com. hostmaster.caldera.com. ( ; 2004013103 3600 900 604800 21600 );sco.com.;NXDOMAIN ;-$ ;Cr=auth [216.250.130.1] Odd it does not resolve for me. http://www.sco.com Dee -- W.D.McKinney (Dee) Alaska Wireless Systems http://www.akwireless.net (907)349-4308 Office (907)349-2226 Fax
Re: nlayer.net Abuse and Security contact
On Thu, 2003-12-18 at 08:09, John Obi wrote:
Folks,
I have sent many emails to [EMAIL PROTECTED] and
[EMAIL PROTECTED] reporting a security abuse by one
of their users but nothing done up to now.
If there is real person from nlayer.net please contact
me offline.
Thanks,
One suggestion is to use an e-mail account other than a yahoo.
That might be an issue with abuse/security folks.
Dee
-J
__
Do you Yahoo!?
New Yahoo! Photos - easier uploading and sharing.
http://photos.yahoo.com/
__
From: John Obi [EMAIL PROTECTED]
To: [EMAIL PROTECTED], [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Abuse and spamming trojans via www.darkhell.org
Date: Mon, 15 Dec 2003 22:57:36 -0800
Dear Sir/Madam,
We have known script kiddie who spreads
Download.Trojan and BAT.Trojan.
The script kiddi runs port scan and infect the users
who use WinNT, 2000 and XP via port 445 if the windows
isn't updated.
He is issuing commands to the infected PC to download
this setup file which has these trojans.
http://www.darkhell.org/sh1.exe
This host is hosting the trojan files which is in
sh1.exe
When you download this file and you have Norton
Antivirus or Mcafee with latest virus ID, your AV will
detect it directly as below:
can type: Realtime Protection Scan
Event: Virus Found!
Virus name: Download.Trojan
File: C:\WINNT\system32\Haver\Backsa.exe
Location: Quarantine
Computer: RASHID-ALKUBAIS
User: Administrator
Action taken: Clean failed : Quarantine succeeded :
Access denied
Date found: Tue Dec 16 09:23:12 2003
Scan type: Realtime Protection Scan
Event: Virus Found!
Virus name: BAT.Trojan
File: C:\WINNT\system32\Haver\ceve.bat
Location: Quarantine
Computer: RASHID-ALKUBAIS
User: Administrator
Action taken: Clean failed : Quarantine succeeded :
Access denied
Date found: Tue Dec 16 09:23:12 2003
When I got connected to his IRC server I saw this:
* Dns resolved sh1.cellfiles.org to 81.134.89.149
[07:01] * Connecting to 81.134.89.149 (6667)
-
[07:01] -irc.DarkHell.Org- *** Looking up your
hostname...
-
There are 437 users and 0 invisible on 1 servers
2 channels formed
I have 437 clients and 0 servers
-
[07:01] * Now talking in #sh1-
[07:01] [H0-3250] !pfast stop
[07:01] [H0-3250] !syn 66.90.92.202 6667 500
[07:01] [H0-3250] !pfast 44 66.90.92.202 6667
[07:02] [H0-3250] !syn 202.91.32.181 6667 500
[07:02] [H0-3250] !pfast stop
[07:02] [H0-3250] !pfast 44 202.91.32.181 6667
[07:02] [H0-3250] !syn 69.65.31.3 6667 500
[07:02] [H0-3250] !pfast stop
[07:02] [H0-3250] !pfast 44 69.65.31.3 6667
[07:02] [H0-3250] !ipscan
[07:02] [H0-3250] !syn 66.151.29.193 6667 500
-
[H0-3250] is
[EMAIL PROTECTED] * h3h3
[H0-3250] on +#sh1-
[H0-3250] using irc.DarkHell.Org DarkHell server
[H0-3250] has been idle 18secs, signed on Mon Dec 15
14:53:28
[H0-3250] End of /WHOIS list.
-
==
And he issuing these DDoS attacks against the IRC
servers around the globe and the http servers.
The traceroute to www.darkhell.org shows that it's
hosted in your network.
Show Level 3 (Baltimore, MD) Traceroute to
www.darkhell.org (69.22.169.27)
1 so-11-0.hsa2.Baltimore1.Level3.net (4.68.112.70) 0
msec
so-6-1-0.mp1.Baltimore1.Level3.net (4.68.112.65) 0
msec
so-11-0.hsa2.Baltimore1.Level3.net (4.68.112.70) 0
msec
2 so-0-1-0.bbr2.Washington1.Level3.net
(64.159.0.230) 0 msec
so-6-1-0.mp2.Baltimore1.Level3.net (4.68.112.73) 0
msec
so-0-1-0.bbr2.Washington1.Level3.net
(64.159.0.230) 0 msec
3 so-6-1-0.bbr1.Washington1.Level3.net
(64.159.0.106) 4 msec
so-7-0-0.edge1.Washington1.Level3.net
(209.244.11.14) 0 msec
so-6-1-0.bbr1.Washington1.Level3.net
(64.159.0.106) 4 msec
4 209.0.227.118 4 msec
so-6-0-0.edge1.Washington1.Level3.net
(209.244.11.10) 0 msec
209.0.227.118 4 msec
5 209.0.227.118 4 msec
pos3-1-2488M.cr2.WDC2.gblx.net (67.17.67.58)
[AS3549 {GBLX}] 4 msec
209.0.227.118 0 msec
6 so4-0-0-2488M.cr1.PAO2.gblx.net (67.17.92.241)
[AS3549 {GBLX}] 76 msec
pos3-1-2488M.cr1.WDC2.gblx.net (67.17.67.54)
[AS3549 {GBLX}] 4 msec
so4-0-0-2488M.cr1.PAO2.gblx.net (67.17.92.241)
[AS3549 {GBLX}] 76 msec
7 so4-0-0-2488M.cr1.PAO2.gblx.net (67.17.92.241)
[AS3549 {GBLX}] 76 msec
so2-0-0-2488M.ar3.PAO2.gblx.net (67.17.67.238)
[AS3549 {GBLX}] 80 msec
so4-0-0-2488M.cr1.PAO2.gblx.net (67.17.92.241)
[AS3549 {GBLX}] 76 msec
8 gblx.ge-1-0-0.cr1.pao1.nlayer.net (69.22.143.193)
[AS4474 {GVIL1}] 80 msec
so2-0-0-2488M.ar3.PAO2.gblx.net (67.17.67.238)
[AS3549 {GBLX}] 80 msec
gblx.ge-1-0-0.cr1.pao1.nlayer.net (69.22.143.193)
[AS4474 {GVIL1}] 76 msec
9 gblx.ge-1-0-0.cr1.pao1.nlayer.net (69.22.143.193)
[AS4474
OT. - The end of inet-access
Just wondering if anyone here has some info ? Any idea if the final nail is in inet-access ? Thanks W.D.McKinney (Dee)
RE: OT. - The end of inet-access
Thanks for taking the time to help me today. I am subscribed again and I apologize for sending the wrong signal to NANOG today. Operator error *again*. Dee
RE: Network integrity and non-random removal of nodes
Thanks for posting Sean. Any other papers along the same vein ? Dee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Sean Donelan Sent: Wednesday, November 20, 2002 7:17 PM To: [EMAIL PROTECTED] Subject: Network integrity and non-random removal of nodes On 20 Nov 2002, William Waites wrote: If you randomly select nodes to remove, by the time you have removed 25% of them, the network breaks up into many isolated islands. One of the key points was the nodes were removed in ranked order, not in random order. Removing the nodes in ranked order result in a linear decrease in connectivity, i.e. remove the top 1% of the core nodes removes 1% of the connections. But then the scary academic language appears the curves appear to be highly asymmetric around a critical point. That is an understatement like Houston, we have a problem. http://www.caida.org/outreach/papers/2001/OSD/ Its a very interesting paper, and I recommend anyone responsible for network integrity or reliability read it.
NIST Wireless ...
NASA has had this out for over a year. http://www.nas.nasa.gov/Groups/Networks/Projects/Wireless/index.html /Dee -- W.D.McKinney (Dee) http://3519098920
RE: route statistics
You could rebuild the source rpm to any flavour also. /Dee -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Bradley Dunn Sent: Monday, May 20, 2002 9:47 AM To: Ralph Doncaster Cc: [EMAIL PROTECTED] Subject: Re: route statistics I've been told getting the MRT sources to build is rather difficult. I may give it a shot anyway... Yeah I haven't been able to build directly from the MRT source recently. On FreeBSD building from the ports tree works fine. On Linux SuSE has an RPM at ftp://ftp.suse.com/pub/suse/i386/7.3/suse/n3/mrt.rpm that works on Linux flavors. Bradley
