Yahoo mail ops contact
Please contact me offlist, did you decide to stop accepting mail from berkeley.edu? thanks, matt ghali [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: Verizon Offering Naked DSL in Northeast...
On Mon, 18 Apr 2005, Christopher L. Morrow wrote: that'd be unfortunate, what with number portability and all, yes? Until a couple of months ago, Cingular Wireless here was still determining whether or not to bill for mobile to mobile calls based on whether the called party's NPA was one of theirs. Never overestimate a telco.. matto [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: grrr
http://rfc-ignorant.org/tools/lookup.php?domain=ebay.com it's been three years, I don't think they really give a damn. matto On Sat, 16 Apr 2005, Scott Grayban wrote: If there are any eBay admin here please fix your spoof@ abuse@ address because it is denying every spoof complaint sent to it. It constantly replies back Your email has not been delivered I dont understand why this company has to be so hard headed in abuse issues. [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: Anyone familiar with the SBC product lingo?
On Sun, 17 Apr 2005, Jay R. Ashworth wrote: So here's the 64GB/s question: If carriers are being paid to ensure physical separation between circuits for the life of the circuit, why is it that they haven't implemented change management systems (and I don't solely mean the software) to ensure they they *can* (not even that they will) manage to ensure such separation? Simple math. The cost of the occasional SLA credit and/or circuit regrooming when the customer discovers a non-diverse path where one was specified is obviously much less than the cost of tracking, maintaining ( and surely providing ) path diversity. Surely large providers have spent a lot more time and money developing processes and software that allow them to groom circuits into the least number of physical paths possible. Or at least I would, if I were paying for the facilities. matto [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
RE: Dear Linksys: Your broken WET54GS5 makes me sad.
Well, according to the release note URL I posted, this version was built on 2/24/05, when it presumably went into beta testing. The version string in the actual code says 3/3/05, which I guess is when they resolved anything discovered in testing. The first customer support email I recieved from Linksys yesterday referred to it as a beta release that they could send me if I wanted to try it. An hour or so later, I got an email from the same support person saying that it was now released as stable on the web site. My rash assumption is that I was able to provide the boot that kicked a long-overdue update that was languishing in QA out the door. But thanks for the credit in any case. matto On Tue, 12 Apr 2005, Luke Youngblood wrote: I hate to break it to you, but it's highly unlikely that someone clueful at Linksys actually read William's email, fixed the firmware, put it through quality assurance, and released it to the public, all within the space of about 24 hours... Although the IP backbone might not run without a lot of the people on this list, we're not that important :-) [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Dear Linksys: Your broken WET54GS5 makes me sad.
Dear Support staff at Linksys: This weekend I made a futile attempt to enable WPA Pre-Shared Key mode on my home wireless network. The network consists of a Linksys WRT54G router, two WET54GS5 bridges, and a pair of Apple iBooks running MacOS X. The iBooks had no problem communicating with the WRT54G in WEP PSK mode. As soon as I made the configuration changes on the router and the laptops, the link was up and consistent. I had no such success with the pair of WET54GS5 bridges. They would report WPA initialization succes, and pass traffic for several minutes. They would then mysteriously drop link and cease passing traffic. The only way to bring the link back up was to re-authenticate via the WET55GS5 web interface. I spent quite a long time making sure the bridges were seeing adequate signal, and double-checking configurations everywhere. In frustration, I googled to see if other folks had seen the problem: http://www.google.com/search?q=linksys+wet54gs5+wpa+psk It seems to me that not a single customer of yours who has purchased your WET54GS5 has been able to use WPA PSK mode. I'd like to point out that WPA is advertised as a supported feature on the packaging. This has been a known defect since the product was first offered for sale. The latest firmware (which does not fix the problem!) for the device was released ONE YEAR AGO, in April of 2004. I spoke online with a helpful support person, who let me know that Linksys is indeed aware of the problem, but does not intend to do anything about it. This is dissapointing, and reflects very poorly on your new parent company. Do you plan on remedying the problem before a class-action lawsuit is organized? thank you, Matt Ghali Your former customer [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
RE: Dear Linksys: Your broken WET54GS5 makes me sad.
It seems that it's pretty dim there. After acknowledging that the product was broken by design, they offered to replace them under warranty. Great. I wonder how Cisco feels about these jack-holes using their brand. matto On Mon, 11 Apr 2005, Roland H. Alden wrote: Mark, rest assured there is no intelligent life at Linksys. I've moved on to Netgear myself for all el-cheapo applications. It would be great if Cisco would flush Linksys and come out with a low cost line that is engineered with real Cisco DNA and a modicom of intelligent tech support. Even a decent bug database maintained by somebody that can spell TCP/IP would be a step forward. As it stands Linksys is just making Cisco look bad. I'm sure they are laughing all the way to the bank. [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: Dear Linksys: Your broken WET54GS5 makes me sad.
My apologies. Apparently I was mistaken when I thought that other network operators might be interested in saving themselves the time and money of buying a broken piece of network equipment, which the manufacturer won't support. I made a rash assumption that such behavior from a vendor might be helpful knowledge to folks who might happen to be purchasing networking hardware in the future. Apparently you think that a mailing list of network operators is an inappropriate venue. I apologize, and encourage you to continue blathering on about DNSBLs and DJB vs. Vix, both much more edifying threads. Matt Ghali On Mon, 11 Apr 2005, Matthew S. Hallacy wrote: What does your inability to get a $49 consumer device working have to do with NANOG? [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: Dear Linksys: Your broken WET54GS5 makes me sad.
yeah, I agree. this is one of the cases where they suck more and I hoped that folks would be able to use the info to make an educated guess as to who might suck less. I'm kind of crazy like that. The last time I tried to warn off unwitting consumers, I ended up spending $50k on legal fees defending myself. http://goldengatevw.com/ For some reason, it think its worth it, but most folks seem to think its off topic and stupid. I give up. matto On Mon, 11 Apr 2005, Randy Bush wrote: My apologies. Apparently I was mistaken when I thought that other network operators might be interested in saving themselves the time and money of buying a broken piece of network equipment, which the manufacturer won't support. is there any other kind of networking equipment? even the best of the vendors says we suck less. the internet is about building a scalable reliable network out of unreliable components. unfortunately, most vendors seem to have taken as license. randy [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: Dear Linksys: Your broken WET54GS5 makes me sad.
On Mon, 11 Apr 2005, just me wrote: Dear Support staff at Linksys: [blah blah blah] For those of you who emailed me privately about also running into this bug, I just got an email from Linksys support saying they released a new firmware version today(!) that resolves the problem. http://linksys.com/download/vertxt/WET54GS5-Release-Notes.txt http://linksys.com/download/firmware.asp?fwid=220 matto [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: The power of default configurations
On Thu, 7 Apr 2005, Eric A. Hall wrote: If folks were used to just adding forwarder entries to named.boot, yes, since they'd also have to remember to undelegate authority for the relevant rfc1918 address space now too. If somebody setup a network using a subset of the address space from rfc1918 space they'd have to reconfigure appropriately too. All anybody really cares about is that these queries aren't beating up the root/gtld servers, so adding a check to the referral-chasing would solve that problem and wouldn't impose additional work on the users. I don't really want to speak for anyone else here, but it always appeared to me that the problem Vix keeps mentioning is queries with 1918 SOURCE ADDRESSES, not 1918-space queries. This thread, like every nanog thread, has completely lost focus of the original issue, and devolved into some brain-damaged solution to an imagined problem. And if he doesn't find the idea of randomly balkanizing the in-addr.arpa delegation chain for random bits of space abhorrent, I sure do. matto [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: potpourri (Re: Clearwire May Block VoIP Competitors )
On Fri, 1 Apr 2005 [EMAIL PROTECTED] wrote: Why can't we have VoIP phones with built-in GPS receivers and a built-in 911 dialplan that makes the phone transmit your coordinates along with the emergency call? are you serious? if you are, why don't you ask for a pony while you're at it. [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: Intradomain DNS Anycast revisited
It has been my experience in the deployment of such anycasted dns server pods that pushing ospf from the dns server hosts introduces complexity and reduces reliability to the point that other, simpler solutions become much more attractive. You should also take a moment to take a look at your spanning tree configuration, depending on how you care configuring your switches. matto On Fri, 25 Mar 2005, Joe Shen wrote: I'm trying to set up a anycast DNS server farm for customer service. In order to improve availability, we plan to install those servers in one LAN which has the similar structure like : server-(1,3)---switch1---router-1---(outside) | | server-(2,4)---switch2---router-2---(outside) The four unix servers are all unix boxes, switch-1 switch-2 are interconnected to guarantee the availability. BIND is to be used as DNS cache server software, Quagga OSPFD is used to be routing software. According to above configuration, both routers will know multiple paths to dns cache server, while dns cache server should know two paths to outside network. Here comes my questions: 1) should each dns cache server be configured a static default route (0.0.0.0/0.0.0.0)? If server-(1,3) is configured statically to use router-1 as default router, will Quagga make it use router-2 when router-1 is not reachable? 2) If each server is configured two default router ( router-1 router-2), or each server learn route 0.0.0.0/0.0.0.0 by OSPF ( our border router inject default route into OSPF ); there should be two equal cost path to 0.0.0.0/0.0.0.0 on each DNS server, the DNS server should disperse any outgoing packets onto the two paths, will that do harm to DNS service ? 3) Is there any requirement on BIND to fit to such multipath routing situation? Joe __ Do You Yahoo!? Log on to Messenger with your mobile phone! http://sg.messenger.yahoo.com [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Proofpoint
If you are running Proofpoint appliances or software in a relatively high (25k to 30k messages per hour) traffic environment, I would love to hear from you regarding your experiences. I will summarize to the list if there is aany interest; until then, please reply to me directly. thanks much, matt ghali [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: www.nanog.org returning 403 Forbidden error?
On Mon, 7 Mar 2005, Brent Chapman wrote: Could be. There also appear to have been mail problems with the list this afternoon; my message sat in the queue at my end for 3.5 hours being repeatedly rejected or timed out by mail.merit.edu, before finally going through: Maybe it was a majordomo problem [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: Why do so few mail providers support Port 587?
On Fri, 25 Feb 2005, Frank Louwers wrote: The trick is to config port 587 in such a way that it ONLY accepts smtp-auth mail, not regular smtp. That way, virii/spam junk won't be able to use that port. What are you, stupid? The spammers have drone armies of machines with completely compromised operating systems. What makes you think that their mail credentials will be hard to obtain? matt ghali [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: Why do so few mail providers support Port 587?
On Fri, 25 Feb 2005, Christopher X. Candreva wrote: On Fri, 25 Feb 2005, just me wrote: What are you, stupid? The spammers have drone armies of machines with completely compromised operating systems. What makes you think that their mail credentials will be hard to obtain? What are you, stupid ? Run a virus scanner on your mail relay so you don't propogate any viruses. That certainly solves the problem in question, preventing compromised hosts from using their user's credentials to transmit AUTHed spam through their configured smarthost. No, wait, your comment is a total non sequitur. While AUTHed spam from zombies will be easier to detect and block, it is not the Magic Solution that many folks on this list are presenting it as. Most ISPs don't watch logs for the signs of abuse now, why would they magically change their behavior and monitor logs if they required auth? Just because there is more of an audit trail doesn't mean that it will be used. matt ghali [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: Why do so few mail providers support Port 587?
On Fri, 25 Feb 2005, Edward B. Dreger wrote: Internal users: With AUTH - correlate message with authenticated user, then forbid mail transmission for them only. I'd rather do that than slog through RADIUS logs. But, hey, maybe if I had more free time... Increasing the detail of an audit trail doesnt mean anyone will automatically use the information in an effective manner. Without auth, most ISPs could correlate abuse behavior between MTA logs and RADIUS logs, if they cared. Most don't. SMTP AUTH won't change that. matt ghali [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: Why do so few mail providers support Port 587?
On Fri, 25 Feb 2005, J.D. Falk wrote: On 02/25/05, just me [EMAIL PROTECTED] wrote: Increasing the detail of an audit trail doesnt mean anyone will automatically use the information in an effective manner. Without auth, most ISPs could correlate abuse behavior between MTA logs and RADIUS logs, if they cared. Most don't. SMTP AUTH won't change that. I don't get it, Matt. Are you trying to tell us that because some ISP's don't care, the ISP's who /do/ care /shouldn't/ move their users to doing mail submissions on port 587? Of course not- and I eat my own dog food. Come March 1, I will be flipping the switch on a large number of mail policy reforms where I work, including mandatory SMTP AUTH for all campus users. It took a lot of pushing for me to get the policy in place. I believe that in the right environment (including one that I run) the additional control and accounting will be a positive tool. What I disagree with is the constant disingenuous suggestion made here that AUTH by itself has any impact on unwanted email. When the lights are on, but nobody is home, it doesnt matter how detailed the accounting is. And it seems that theres plenty of large providers around the world where this is the case. matt ghali [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
RE: Time to check the rate limits on your mail servers
On Thu, 3 Feb 2005, Joel Perez wrote: I keep reading these articles and reports about this botnet and that botnet problem and how many user's pc's are infected. The only thing I don't see is a way to remove these bots! http://www.sun.com/software/javadesktopsystem/features.xml http://www.apple.com/macosx/ matto [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: Anycast 101
On Tue, 21 Dec 2004, Paul Vixie wrote: i've also been thinking that AXFR's known incoherency could be reduced by using some kind of in-band embargo that would bring a new zone version online synchronously on servers supporting this feature and configured to enable it for a particular zone. Or a different storage abstraction for your zone data. Flat text zone files are so 90's. How about an rdbms backend on each nameserver, with updates delivered 'reliably' by a message queue service. It sounds a lot easier than a bunch of protocol additions. matt ghali [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: verizon.net and other email grief
On Thu, 16 Dec 2004 [EMAIL PROTECTED] wrote: On Thu, 16 Dec 2004 12:24:56 PST, just me said: So the competing .org provider deploys their better solution and survives, how, exactly? Are there not a variety of other registries? It's not a registry problem. % dig org. ns and ponder all the competition. is org the sole delegation from . [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: verizon.net and other email grief
On Thu, 16 Dec 2004, Iljitsch van Beijnum wrote: And that's exactly why UltraDNS' treatment of .org is evil. I really don't understand why people with .org domains aren't complaining louder about this. Instead of re-starting this particular perennial thread, can we please just abbreviate it to an URL such as ftp://ftp.rfc-editor.org/in-notes/internet-drafts/draft-kook-anycast-is-evil-01.txt and be done with it? Look. Some folks think that $technology is a good solution for $application. Some don't. The great thing about teh internat is that differing solutions to common problems are embraced. Better solutions reap their rewards, and generally survive. I wonder how many folks perpetually arguing this point have ever actually implemented anycasted DNS service? In any case, I cry uncle. Can we just agree to disagree? matt ghali [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: verizon.net and other email grief
On Thu, 16 Dec 2004 [EMAIL PROTECTED] wrote: On Thu, 16 Dec 2004 10:33:27 PST, just me said: and be done with it? Look. Some folks think that $technology is a good solution for $application. Some don't. The great thing about teh internat is that differing solutions to common problems are embraced. Better solutions reap their rewards, and generally survive. So the competing .org provider deploys their better solution and survives, how, exactly? Are there not a variety of other registries? matt ghali [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: BIND + DLZ
I second the recommendation for PowerDNS. I built an anycasted, sql backended instant-update DNS server platform for a registrar who was interested in selling a premium dns service product. We looked long and hard at bind+dlz as well as PDNS. Both are great products, and the developer who works on the DLZ code is a great guy, but we were able to squeeze a lot more queries per second out of PDNS. matto On Wed, 1 Dec 2004, Jeroen Massar wrote: On Wed, 2004-12-01 at 20:17 +0100, Erik Haagsman wrote: And while we're on the subject...anyone know a reliable web-based admin front-end for BIND + DLZ + PostgreSQL...? Or does everybody just roll their own...? That is called PowerDNS with a bind-backend ;) Rolling your own is of course the best version as you can customize it the way you like, hook it where you want etc. Then again you can do that with PowerDNS too and with a lot of scripting basically with anything. Greets, Jeroen [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: BIND + DLZ
On Thu, 2 Dec 2004, just me wrote: I second the recommendation for PowerDNS. Dear Nanog, My apologies for not reading down the thread and seeing that the OP was looking for a way to *stop* using powerdns. My apologies also for failing once again to sign my post with my full, legal name, which is the entire purpose of this post. Love, Matt Ghali SSN 555-12-1212 [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Connectivity in Jonestown, TX
My brother is looking for 1 to 2mbps of connectivity in Jonestown, TX. He promises not to drink the kool-aid. Wireless links, licensed or unlicensed spectrum are acceptable, as well as leased line. Please reply to us off-list; I will summarize on the off chance that someone else is interested. matt ghali [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
Re: How to Blocking VoIP ( H.323) ?
On Thu, 11 Nov 2004, Robert Mathews wrote: On Thu, 11 Nov 2004, Alexei Roudnev wrote: Hmm - just introduce some jitter into your network, and add random delay to the short packets - and no VoIP in your company -:). How exactly then would anyone implement this, without screwing-up the overall performance elements in the network? :) Ask PBI, they've got the first part down at least. [EMAIL PROTECTED]darwin The only thing necessary for the triumph of evil is for good men to do nothing. - Edmund Burke
RE: remote reboot power strips
http://www.apc.com/resource/include/techspec_index.cfm?base_sku=AP7900 On Mon, 19 Apr 2004, Christopher J. Wolff wrote: That makes two votes for the Baytech. Thank you. [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Anyone from ATT here? (ATT bogus DNSBL answers)
On Mon, 19 Apr 2004 [EMAIL PROTECTED] wrote: After all, people who build DNS infrastructure intend it to be used to for generic DNS translations, not generic database lookups. Wait. What's the difference? I must have missed something. matt ghali [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Personal Co-location Registry
On Thu, 18 Mar 2004, Kelly Setzer wrote: This is relevant, if tangential, to the current discussion on 1U colo for remote ops/looking glass/etc. [...] 4) One nanog member indicated that I am an idiot. Personally, I recently priced intel server systems from a variety of major vendors including Dell, Compaq/HP, IBM, and Sun (intel-based). All of them offered (proprietary?) ethernet-based remote management. None offered serial management. ftp://ftp.software.ibm.com/pc/pccbbs/pc_servers_pdf/88p9267.pdf Take a look at page 34. http://www.sun.com/products-n-solutions/hardware/docs/html/817-2025-13/chap2.html#pgfId-17069 Idiot is a strong word. But you do seem to have some reading comprehension issues. matt ghali [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: wholesalebandwidth.com major sponsor of spammers refuses to accept email at abuse
On Fri, 12 Mar 2004, Ricardo G Patara wrote: On Thu, Mar 11, 2004 at 10:59:01PM -0800, just me wrote: | | Behind all of LACNIC's 200/8 and Iskimaro, whoever the heck they are! I'd say that it is not a wise thing to do, but it is up to you. Inside this /8 block there are a lot allocation to important networks in our region. There is also, users that send spam from these IPs, but I see this all the time from IP blocks of all over the world. It is an effective solution in my specific application, with my set of users. I have a 100% hit rate with no false positives. I am not suggesting other folks do the same unless their requirements are also the same. I certainly wouldn't do this at my day job as [EMAIL PROTECTED], for example. According to some statistics USA is one of the top in the list of spammers. Do you filter all American blocks in your network? I guess not. You wisely filter only some, like this 69.6.0.0/18. I filter the blocks that I see a 1:0 spam to ham ratio from, wherever they are located. I also try to aggregate where I can. The LACNIC blocks were a convenient place to do so. Do you filter all Asia blocks? I guess not... I certainly do filter abuseive asian networks, except for networks that my users need connectivity to, or networks that I have not seen abuse from: http://mrtg.snark.net/blacklist.cgi I think you'll see that there's no region singled out there. You might also be forgetting that the reason I singled out the LACNIC blocks, is that they are the third largest source of unwanted SMTP traffic I see. I'm sorry if my actions have offended you, because there really is nothing personal going on here, just pragmatism and a desire to prevent as much spam as possible from reaching my users. Matt Ghali speaking as [EMAIL PROTECTED] only [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: wholesalebandwidth.com major sponsor of spammers refuses to accept email at abuse
On Fri, 12 Mar 2004, Suresh Ramasubramanian wrote: Wholesalebandwidth = Scott Richter. http://groups.google.com/groups?q=scott+richter+wholesalebandwidth You can safely nullroute 69.6.0.0/18 You can say that again. He's a strong third on my list: http://mrtg.snark.net/nullstats.cgi Behind all of LACNIC's 200/8 and Iskimaro, whoever the heck they are! matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
An alternate plan for reducing spam
http://www.wired.com/news/culture/0,1284,57760,00.html [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Where can I find a list of IPs and their regions.
I think I have what you are looking for; at least for the APNIC region so far: http://mrtg.snark.net/apnic.php It updates weekly from data on the APNIC web site. matto On Mon, 9 Feb 2004, Matthew Crocker wrote: I've look at IANA but it doesn't give enough detailed information. I would like to find a list of /8 or /16s and what geographic region the exist in. I know it isn't an exact science but something close would be nice. I know 210/8 211/8 are APNIC, I likes to know stuff like 210.100/16 is Korea and 210.120/16 is China, etc. Does anyone have a list I can pull from? -Matt [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: MS is vulnerable
Your analogies suck for two reasons: 1: take a look at the huge problems apple is having with quality control and returns on the ibooks. They've finally started admitting there's a problem (after months and months of consumer outrage) http://www.apple.com/support/ibook/faq/ 2: VW build quality control and reliability sucks as well. Theres a long list of problems every Jetta owner will eventually see. Most are not covered by a recall or other warranty replacement. I can only imagine the problems the Toureg owners will be seeing in a brand new platform. Not to mention that most VW dealers are raging crooks, and VWOA does nothing to stop or discourage their theft and fraud. http://matt.ethereal.net/ggvw/ As an iBook owner, and a VW owner, I can say with authority that I'd think twice before making another Apple or VW purchase. The moral of the story is that theres always a downside, and you should take any evangelist's schpiel with a giant salt lick. matto On Thu, 29 Jan 2004, Jason Lixfeld wrote: Agreed. That's where you educate your mom on why Macs are godly, PCs running windows are evil and Linux is a little to complex still for the end user, and bluntly doesn't look as pretty out of the box. [...] (hypothetical) Buy the $12,000.00 (CDN) KIA with no snow tires, no ABS, no nothing. Drive somewhere in a snow storm, get stuck going up a hill, try to back down the hill, get sideswiped by the guy in the Touareg because he can't see your tiny little $12,000.00 KIA soap box, get flung over the guardrail, down the hill and into the valley. Pay the tow truck to come bail your ass out, pay your insurance deductible and the extra rates you are going to ensue because you just wrote off your car. Add all that up and compare that to the price of a brand new Touareg over 10 years. Guess what, your analogy just lost ground :) [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: AOL rejecting mail from IP's w/o reverse DNS ?
On Mon, 8 Dec 2003, Petri Helenius wrote: just me wrote: Can you explain to the less hyperbolic among us, why I should be obligated to exchange packets with a provider who hosts abusive customers. You, and nobody else is not. The difference is if you carpet-bomb the provider or launch a smart device to it´s intended target. I´ll leave the rest of the obvious analogies as an excersize to the reader. Pete Right. Just because a provider condones one of its customer's abusive and irrisponsible behavior, doesn't mean it would be OK for the rest of the provider's customers. You don't get it. And probably never will. Enjoy your future of Nigerian herbal viagra colonic spam. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Need Contact at RoadRunner
On 5 Dec 2003, james wrote: On Fri, 2003-12-05 at 16:05, Laurence F. Sheldon, Jr. wrote: Everything else was forged, spoofed, or unintelligble. I was probably not filtering off traffic from you (for any value of you), I was filtering off stuff with your IP address in it. I was not aware one can fake everything in the mail headers, including the sending mail server. Where have you been for the last year? The sending mail server is some chump's infected Windows box on DSL. Boy, tracking that host down is going to do a whole lot of good! Then start working on the other 9,999 hosts the same spammer is abusing as well. gg matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: AOL rejecting mail from IP's w/o reverse DNS ?
On Fri, 5 Dec 2003, Petri Helenius wrote: And I refer you to the blocks which are properly registered down to the /29 level and you are saying that if you are a good citizen collateral damage is recommended regardless because antispammers are either lazy or technically incompetent or like their ego boosted by intentional collateral damage? Pete Can you explain to the less hyperbolic among us, why I should be obligated to exchange packets with a provider who hosts abusive customers. [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: APNIC delegation change
Interstingly enough, the FTP url hasnt changed: http://ftp.apnic.net/stats/apnic/apnic-latest there are some strange differences between the http version and the ftp version. I have some automated stuff that grabs the data once a week and makes it available in an actually-human-usable format at: http://mrtg.snark.net/apnic.php matto On Tue, 2 Dec 2003, Eric Germann wrote: Just a heads up for those who use http://ftp.apnic.net/stats/apnic/apnic-latest It moved. If you have scripts that slurp APNIC ASN or IPv4 allocations, they probably broke this morning. The new correct link is at http://ftp.apnic.net/stats/apnic/new/delegated-apnic-latest == Eric GermannCCTec [EMAIL PROTECTED] Van Wert OH 45891 http://www.cctec.comPh: 419 968 2640 Fax: 603 825 5893 The fact that there are actually ways of knowing and characterizing the extent of ones ignorance, while still remaining ignorant, may ultimately be more interesting and useful to people than Yarkovsky -- Jon Giorgini of NASAs Jet Propulsion Laboratory [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Rural nework economics [was: Sabotage...]
On Mon, 3 Nov 2003, John Brown (CV) wrote: rural or not, capitalism will hinder redundancy unless the shareholders or the insurance companies say otherwise. YM, capitalism will foster redundancy? It does from where I sit.. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Summary: EU and AP colo
Many thanks to the dozens of folks who took time to offer me advice on coloing in the Asia-Pacific and EU. I've had recommendations to look at the following providers: hong kong: pbase.net, att singapore: singtel, att korea: kidc japan: jpix Joe and Bill recommeded the PAIX. Not a bad idea from a cost and logistics view, but our focus is on locating a POP to minimize query/response times for clients in that region. UK: telecomplete, merula, telehouse, telecity, redbus, att Now, to return you to the end-to-end discussion at hand.. (thanks, Christian..) matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Korea Telecom Contacts?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 A top-posted self-followup: There seems to be no way for normal humans to reach Korea Telecom. That's OK, I'd rather not colocate a critical business function with the Invisible Company anyway. So, let me change the question. Anyone know of good colo in the AP region with excellent regional connectivity? I know it's a large, discontiguous area to cover, but I'm happy with as good as it gets as an answer. Bonus question: colo in London to cover the EU region? Colt looks nice but their numbers are off the scale. thanks, matto On Wed, 22 Oct 2003, just me wrote: I'm trying to find some KT contacts. Email to the sales contacts on their web pages are vanishing, and we'd really like to colo. Any contact info would be appreciated. thanx! matto - [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (SunOS) iD8DBQE/nY0dX2fW4ErzHM0RAjivAJ466sLNf2mLJf51ldMwwF45FxxmXQCgjSmI aFQ5WY2uZXZeTzyRHnPYGoI= =JIYB -END PGP SIGNATURE-
Re: Korea Telecom Contacts?
On Mon, 27 Oct 2003, Suresh Ramasubramanian wrote: just me writes on 10/27/2003 4:24 PM: So, let me change the question. Anyone know of good colo in the AP region with excellent regional connectivity? I know it's a large, Which part of asiapac do you really want to colo in? The physical location is secondary to the quality of connectivity to the region, and the quality of the facility, in that order. For some background, I'm locating the AP node of an anycasted service. If cost were no object, I'd probably colo nodes in Australia, Tokyo, and Hong Kong (or Korea); but I get one POP for the region in the budget, so thats how it goes. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Korea Telecom Contacts?
Hi Joe- On Mon, 27 Oct 2003, Joe Abley wrote: On 27 Oct 2003, at 16:49, just me wrote: The physical location is secondary to the quality of connectivity to the region, and the quality of the facility, in that order. The pertinent questions are, I think (a) what do you mean by the region and (b) what constitutes good quality connectivity for your application? Asia Pacific is a big place. If you really mean the whole of Asia Pacific, the answer is quite possibly still Palo Alto. The region does indeed mean the whole of asia pacific. My objective is to locate the service where query-response latency will be the lowest for as many clients in the region as possible. I realize that AP is a tough area to cover; I spent three years doing ISP work in Tokyo. Like I said in my reply to Suresh, I'd love to be able to drop more than one POP in the region. F's locations in New Zealand, Hong Kong, and Seoul sound pretty ideal. Unfortunately, I only have room for one POP on the budget. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Korea Telecom Contacts?
I'm trying to find some KT contacts. Email to the sales contacts on their web pages are vanishing, and we'd really like to colo. Any contact info would be appreciated. thanx! matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Need a DNS expert
Eh? I don't see a delegation to tulku.nic.ar. anywhere down the delegation chain. . says ch nameservers are: NS.APNIC.NET. 2D IN A 203.37.255.97 DOMREG.NIC.ch. 2D IN A 130.59.1.80 MERAPI.SWITCH.ch. 2D IN A 130.59.211.10 DNS.PRINCETON.EDU. 2D IN A 128.112.129.15 RIP.PSG.COM.2D IN A 147.28.0.39 TULKU.NIC.AR. 2D IN A 200.16.97.77 CCTLD.TIX.ch. 2D IN A 194.42.48.120 all these nameservers agree that elby.ch nameservers are: elby.ch.12H IN NS ns1.elbyns.de. elby.ch.12H IN NS ns2.elbyns.de. Both these nameservers return identical data to an 'any' query type. matto On Mon, 20 Oct 2003, Hank Nussbacher wrote: At 11:56 AM 20-10-03 -0400, Geo. wrote: Got something really weird going on and I need a bit of help from someone who is really good with dns. Domain elby.ch See: http://www.dnsreport.com/tools/dnsreport.ch?domain=elby.ch There is a warning for parent servers: Your NS records APPEAR to be: ns2.elbyns.de. [62.116.162.15] [TTL=80024] ns1.elbyns.de. [62.116.130.76] [TTL=80024] NOTE: These records may be inaccurate, since the parent servers (tulku.nic.ar.) do not know the NS records for elby.ch (or give a referral to other DNS servers)! This may cause other tests not to work properly, such as the 'Nameservers on separate class C' test. This may or may not be related to your problem. -Hank seems to resolve from some DNS servers but not from others. Can you see anything that might break dns resolution for this domain? Specifically it appears NT4 dns servers with SecureResponses turned on. Please feel free to answer me offlist. Geo. [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Verisign to sell Network Solutions
On Thu, 16 Oct 2003 [EMAIL PROTECTED] wrote: So...correct me if I'm wrong here...does this mean that the registry services operations and the GTLD maintenance operations for .com/.net will be owned by different companies? Yep. Uh, actually, no. They're spinning off the registRAR operations. The registRY functions will still be retained by them. And it means that Verisign business is no longer based so much on serving customers but more on leveraging various monopoly rights that they have such as ownership of .com and ownership of the main root CAs whose certificates are bundled with Microsoft's OS. Wow. That sure seems to be a different scenario than we see today. [ yadda yadda yadda... ] matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: domainmonger.com with wildcard NS?
Some of the more pedantic registries require that nameservers for a new domain reg be up and available. In theory they are also supposed to answer auth for the new domain being registered, but I am not sure how many actually check for an SOA. Afternic used to wildcard NS records for that reason, so the practice isn't anything new. In theory this doesnt break anything, since the nameservers in question aren't providing recursive service to anyone. Any questions they see are the result of a followed delegation. So I don't see why this would cause problems anywhere. matto On Tue, 14 Oct 2003, Rick Ernst wrote: This was brought to my attention by a friend. It looks like ns1.domainmonger.com and ns2.domainmonger.com are doing wildcard A records for all zones, including those that already exist. If you go to their site and try to register a domain, it properly shows if the domain exists or not. I'm trying to figure out what the reasoning is behind this. My friend alo pointed out this CERT alert, but I'm not sure how it relates: http://www.kb.cert.org/vuls/id/109475 Rick [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: More news coverage
On Wed, 8 Oct 2003, Paul G wrote: they could try to get some legitimate traffic as , say, google or yahoo do by providing a valuable service. if it is as valuable as they claim, users will keep coming back. pg Apparently even Verisign doesn't think it's a very valuable or legitimate service- they pulled the plug yesterday, at around 13:00 PST. http://mrtg.snark.net/http-time/ It's a shame, they finally got their page load times down to the sub-ten-second range, too. gg verisign! matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
RE: cisco site down? multiple sources reporting connectivity problems
They probably upgraded the code on their { CSSes | Localdirectors }. ;-) On Mon, 6 Oct 2003, Sean McPherson wrote: And poof, that's it. No data. Try again, and I randomly get the whole page, part of the page down to the 'Feedback' line, or nothing. Same thing happens from work (ATT / Qwest) or from my cable modem at home (InsightBB.com). Mozilla/Firebird and IE (5 or 6) seem to treat it a bit differently, and so far, Galeon and Opera seem the most adept at handling it w/o spitting up when a page closes mid-stream. Sean McPherson nanog @ is the at sign seanmcpherson dotcom [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: NTP, possible solutions, and best implementation
On Thu, 2 Oct 2003, Eliot Lear wrote: [EMAIL PROTECTED] wrote: Beware the single point of failure. If all your clocks come from GPS, then GPS is the SPOF. Can you describe what would be involved to cause this sort of single point of failure to fail? Eliot - Antenna failure - Radio failure - Unforseen GPS protocol issues see: http://www.colorado.edu/geography/gcraft/notes/gps/gpseow.htm http://www.sustainableworld.com/y2kgps/gpseng/ The basic idea is that putting all your eggs in one basket is rarely a good plan. [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Inevitable Consequences--Verisign
I'm keeping track of sitefinder vs. google page load times, just for giggles. You can see the results at: http://mrtg.snark.net/http-time/ One thing thats missing is accounting for refused connections; I'll have to put a little more thought into that. matto On Wed, 24 Sep 2003, Declan McCullagh wrote: Repeated (though informal) testing over the last 90 minutes showed that at one point, about one-third of attempted HTTP connections to sitefinder took over one minute to complete or, in a few cases, failed entirely. Now only about one of every 5 or 10 connections is displaying that behavior. -Declan [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: anycast (Re: .ORG problems this evening)
On Mon, 22 Sep 2003, David G. Andersen wrote: With load balancing, traffic can get routed down a non-functional path while routing takes place over the other one - BBN did that to us once, was very entertaining). Ah yes, I'll always have a special place in my heart for those Localdirectors. *cough* In contrast, talking to a few DNS servers gives you an end-to-end test of how well the service is working. You still depend on the answers being correct, but you can intuit a lot from whether or not you actually get answers, instead of sitting around twiddling your thumbs thinking, gee, I sure wish that routing update would get sent out so I could use the 'net. Anycast isn't the only thing possibly stuck waiting for routing convergence... Let's not get carried away here. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: .ORG problems this evening
On Thu, 18 Sep 2003, Todd Vierling wrote: BGP has no way to know that an internal network problem occurred. If someone mistakenly tripped over a network cable that disconnected DNS clusters from a router, how would the router know to drop anycast advertisements? (Sure, you could run zebra on the cluster. But what about if the name server SEGVs? There's a lot of possible scenarios) I can assure you, this is a solved problem. [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: [Re: Change to .com/.net behavior]
On Mon, 15 Sep 2003, Joshua Sahala wrote: as is usually suggested on this list, do your talking with your money, pull your zones from verisign, and never do business with them again, Ah, if you own any domains in .com or .net; you are doing business with Verisign. Sorry... matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Cross-country shipping of large network/computer gear?
On 27 Aug 2003, Robert E. Seastrom wrote: N. Richard Solis [EMAIL PROTECTED] writes: FedEx will be your best bet. Trust me. FedEx Heavy = pay a surcharge for heavy boxes, get it moved by a 120 pound delivery person with a handtruck rather than a pallet jack or other appropriate freight handling equipment... and dropped off the truck. My experience is a 40% damage rate when shipping Cisco 7507 and 7513 routers via FedEx Heavy. Here are some pictures from back when I was at AboveNet: http://www.seastrom.com/fedex/ You aren't alone: http://www.16paws.com/FedEx/ matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
SBC Internet ops?
If anyone from SBCi ops is on the list, please give me a call. I have a client that's been dead in the water for 24 hours, who desperately needs some ICMP dropped on your side. Matt Ghali (650) 704-2964 [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: SBC Internet ops?
Much thanks to Eric from Tier 2 for the quick followup! On Thu, 21 Aug 2003, just me wrote: If anyone from SBCi ops is on the list, please give me a call. I have a client that's been dead in the water for 24 hours, who desperately needs some ICMP dropped on your side. Matt Ghali [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Hey netscalibur! (was: Re: Hijacked email)
On Wed, 20 Aug 2003, Christopher Chin wrote: Okie doke is Netscalibur in the house? I might assume so based on the nanog-ish return address on the received e-mail from [195.157.87.253]. This IP is sourcing Sobig.F to me, and *as* me. The received mail: From [EMAIL PROTECTED] Wed Aug 20 10:03:00 2003 Received: from KYAN ([195.157.87.253]) I got six various examples from this exact machine, until I just nullrouted Netscalibur's /16. They have been the only virus messages I've seen so far. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Email virus protection
On Wed, 20 Aug 2003, Karsten W. Rohrbach wrote: Some switched to Mac. Many UNIX users are on mutt or similar MUAs which do not bear the potential for execution of arbitrary code. http://www.cert.org/advisories/CA-1997-14.html http://www.cert.org/advisories/CA-1998-10.html Wow, the second one even mentions Mutt by name. [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Email virus protection
On Wed, 20 Aug 2003, Karsten W. Rohrbach wrote: just me([EMAIL PROTECTED])@2003.08.20 14:17:17 +: http://www.cert.org/advisories/CA-1997-14.html http://www.cert.org/advisories/CA-1998-10.html Wow, the second one even mentions Mutt by name. The more recent of those two advisories is dated August 11, 1998. What are you trying to express, by citation of those pretty outdated CERT advisories? If you are trying to imply that software does not improve in a time frame of five years, go ahead and convince me. =) It's happened before, it'll happen again. Please don't pretend that your MUA-de-jour is somehow invulnerable by design, unless you've audited every line of code yourself. On a different angle, the apparent problem of a software product being vulnerable to an exploit is not solved by deploying a - albeit well-patched - application monoculture worldwide. Risk is lowered by using more well-designed software packages out there. Diversity is the name of the game, it's nature's solution and it seems to work quite well. I completely agree. Which is why I discourage people from using Outlook Express as well as Mutt. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Email virus protection
On Thu, 21 Aug 2003, Karsten W. Rohrbach wrote: Mutt and similar MUAs are prone to misconfiguration, which makes them vulnerable to some degree, but this fact alone does not expose enough surface for implementation of an internet-wide worm attack ;-) So you are saying that all MUA's are prone to vulnerabilities through misconfiguration, and the reason for Outlook's prominence is simply its larger installed base? If so, I completely agree with you. In end-user application design, finding the right mix between security and and convenience (which tend to be mutually exclusive, in one way or the other) is a critical design decision. You get the point. Indeed. I certainly wish Outlook was shipped with more sane settings. I completely agree. Which is why I discourage people from using Outlook Express as well as Mutt. So the interesting question in context of this email thread is: what do you encourage them for? My brother has used MH for the last 20 years or so, without ill effect. However, I believe it was also vulnerable in '97 because of its inclusion of metamail functionality. I've been impressed with Ximian's Evolution, but have no false hopes for its intgrity in the face of malicious content. There certainly is no universal best mail client. If I encourage anything, its to use the client folks are most comfortable with. Regards, /k matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Anti-spam scripts
Pardon the posting from (for once) a non-blackout area, but I have a small request. I just lost a large chunk of my work to a disk failure. A couple of months ago, I mailed out a bunch of my anti-spam scripts and database schemas to someone on this list. I'd know who, but my mail was hosed, too. If that was you, would you mind mailing the info back to me? I'd be forever indebited. Sorry for the WOB. Matt Ghali [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: OT: question re. the Volume of unwanted email (fwd)
Not a lot to break; here's the script in its entirety: #!/usr/local/bin/bash grep -c mailer=local /var/log/maillog egrep -c '[EMAIL PROTECTED]|reject|njabl' /var/log/maillog A lot of mail traffic on my box is mailing lists; perhaps thats why the graphs look so smooth. matto On Thu, 19 Jun 2003, Andy Dills wrote: On Wed, 18 Jun 2003, just me wrote: For my little corner: http://mrtg.snark.net/spam/ It seems 1:1 is the norm these days, at least at my scale. How do you get your mail delivery attempts to occur so linearly? :) I think something's busted with your mrtg script... Here's the stats for one of the smtp boxes in our cluster (83% rejection rate...and it's +/- 1% across the other boxes in the cluster): Postfix log summaries for Jun 18 Grand Totals messages 396087 received 148369 delivered 0 forwarded 672 deferred (9504 deferrals) 1636 bounced 718k rejected (83%) 0 reject warnings 0 held 0 discarded (0%) Andy --- Andy Dills Xecunet, Inc. www.xecu.net 301-682-9972 --- [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: OT: question re. the Volume of unwanted email (fwd)
On Thu, 19 Jun 2003, Andy Dills wrote: Yeah, mea culpa :) Don't know why you have your graphs set up that way, unless you have no other way of reporting aggregate scores for the day... http://people.ee.ethz.ch/~oetiker/webtools/mrtg/reference.html In the absence of 'gauge' or 'absolute' options, MRTG treats variables as counters and calculates the difference between the current and the previous value and divides that by the elapsed time between the last two readings to get the value to be plotted. Sounds like you have 'gauge option set where you shouldn't...unless that is exactly how you want the graphs to behave, in which case I'll shut up and respect your right to run mrtg any way you want. :) My configuration lets me see daily totals as well as rate vs. time-of-day pretty easily. Using absolute, the only thing I'd be able to see is a running total. I like the ability to compare traffic between days, as well as see when the bulk of my mail is delivered- any anomalous traffic is pretty easy to spot. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: OT: question re. the Volume of unwanted email (fwd)
On Wed, 18 Jun 2003, Miles Fidelman wrote: It occurs to me that a lot of people on this list might have that sort of quantitative data - so... any comments? Regards, Miles Fidelman For my little corner: http://mrtg.snark.net/spam/ It seems 1:1 is the norm these days, at least at my scale. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
RE: [OT: FW: About your using mailer]
On Fri, 28 Mar 2003, Mike Damm wrote: Here was my official reply I sent to him: [smarmy email elided] Thats the email you sent to Mr. Miyoko Shioda? You might want to get in touch with Mr. JC Dill then, and ask her which bothers her more- gender assumptions or MUA snobbery. Cheers, toots. (Mr.) Matt Ghali --- Michael Damm, MIS Department, Irwin Research Development V: 509.457.5080 x298 F: 509.577.0301 E: [EMAIL PROTECTED] [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Odd DNS responses for www.neopets.com
On Wed, 5 Feb 2003, Stephen Milton wrote: Maybe it's just me, but isn't there something odd about a DNS query coming back with 78 entries for the same host? It sends back an UDP packet that gets truncated and the DNS resolver reverts to TCP to get the full list. It seems to cause problems with Windows clients and/or Windows DNS servers. Seems like overkill. neopets.com has been blatantly and furiously attempting to spam me for several months: http://mrtg.snark.net/nullstats.cgi If they lack the sense to stop trying to relay to a host that does not even ACK their SYNs after several thousand tries, I suspect their proficiency at configuring rfc-compliant DNS might be lacking as well. Shockingly, emails to abuse@verio have been incredibly useless. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Odd DNS responses for www.neopets.com
On Wed, 5 Feb 2003, Alex Lambert wrote: The 78 addresses listed here are all in one bit of a /24. In the cases I've seen, there are a few servers listed in several different locations, network- (and location-) wise. I agree that this looks really weird. Perhaps they use it as a cheap load balancer? For your routing convenience: matt@pants:~$ mysql -e 'select network, mask, owner from routes where owner=NeoPets;' spam +---+--+-+ | network | mask | owner | +---+--+-+ | 198.172.121.0 | 24 | NeoPets | +---+--+-+ Thank you verio, for returning useful information for NETBLK-A019-198-172-121-0, including NeoPets as the owner name, but returning No match for a query on NeoPets. I am absolutely positive Verio would never aid and conceal customers of theirs that are guilty of such abusive and criminal behavior. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Odd DNS responses for www.neopets.com
On Thu, 6 Feb 2003, Joe Abley wrote: On Thursday, Feb 6, 2003, at 19:19 Canada/Eastern, just me wrote: If they lack the sense to stop trying to relay to a host that does not even ACK their SYNs after several thousand tries, I suspect their proficiency at configuring rfc-compliant DNS might be lacking as well. Just out of interest, what RFC do you think has been violated in this case? I haven't chosen to delve into debugging the Odd DNS responses for www.neopets.com myself- I have no personal interest in any sort of connectivity with them. I was simply operating off the information in the Subject line of the original email. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: What could have been done differently?
On Tue, 28 Jan 2003, Scott Francis wrote: He argued instead that OSes should be redesigned to implement the principle of least privilege from the ground up, down to the architecture they run on. [...] The problem there is the same as with windowsupdate - if one can spoof the central authority, one instantly gains unrestricted access to not one, but myriad computers. [...] So far, the closest thing I've seen to this concept is the ssh administrative host model: adminhost:~root/.ssh/id_dsa.pub is copied to every targethost:~root/.ssh/authorized_keys2, such that commands can be performed network-wide from a single station. Do you even read what you write? How does a host with root access to an entire set of hosts exemplify the least privilege principle? matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: .org whois
On Wed, 29 Jan 2003, Jeff Godin wrote: The new whois server for the .ORG TLD can be found at whois.publicinterestregistry.net. Web interface for .ORG WHOIS can be found at URI:http://www.pir.org/whois/. Wed Jan 29 11:08:09 matt@pants:~$ whois -h whois.publicinterestregistry.net unibrow.org whois: whois.publicinterestregistry.net: host unknown [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: .org whois
I tried an nslookup about 20 minutes after I sent that mail, and it succeeded as well. Probably a pbi.net barf near my end as all three auth nameservers returned me the correct info. Of course, there's still the issue of the whois returning complete garbage, aside from the two nameserver entries.. matto On Wed, 29 Jan 2003, Jeff Godin wrote: On Wed, Jan 29, 2003 at 11:13:27AM -0800, just me wrote: On Wed, 29 Jan 2003, Jeff Godin wrote: The new whois server for the .ORG TLD can be found at whois.publicinterestregistry.net. Web interface for .ORG WHOIS can be found at URI:http://www.pir.org/whois/. Wed Jan 29 11:08:09 matt@pants:~$ whois -h whois.publicinterestregistry.net unibrow.org whois: whois.publicinterestregistry.net: host unknown $ whois -h whois.publicinterestregistry.net unibrow.org [whois.publicinterestregistry.net] [snip whois disclaimer] Domain ID:D59154800-LROR Domain Name:UNIBROW.ORG Created On:09-Feb-2001 06:42:45 UTC Last Updated On:05-Nov-2001 19:14:56 UTC Expiration Date:09-Feb-2003 06:42:45 UTC Sponsoring Registrar:R23-LROR Status:OK [snip registrant, admin/billing/tech POC fields] Name Server:NS1.SECONDARY.COM Name Server:NS2.SECONDARY.COM $ host whois.publicinterestregistry.net whois.publicinterestregistry.net. has address 129.33.96.137 -jeff -- Jeff Godin Network Specialist Traverse Area District Library / Traverse Community Network [EMAIL PROTECTED] [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: COM/NET informational message
Am I the only one that finds this perversion of the DNS protocol abhorrent and scary? This is straight up hijacking. On Fri, 3 Jan 2003, Verd, Brad wrote: To improve this user experience and to encourage the adoption of an application that supports IDNA, VGRS is announcing a measure intended to stimulate widespread distribution of the i-Nav plug-in. Starting on January 3, 2003, some queries to the com/net name servers that previously failed with a DNS Name Error (NXDOMAIN) response will instead return an address (A) record. Any queries for A records with at least one octet greater than decimal 127 in the second-level label will trigger this A record response. For example, a query for the A record for foo?.com, where ? represents an octet with a value greater than 127, would return an A record rather than NXDOMAIN response. The goal is to match unrecognized domain names generated by browsers attempting to resolve IDNs. Since browsers construct DNS queries for such IDNs using UTF-8 or a local encoding, and since these encodings use octets with all possible values (i.e., from 0 through 255), the presence of octets with values greater than 127 as described above can indicate a web browser's failed IDN resolution attempt. [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: PAIX
On Mon, 18 Nov 2002, David Diaz wrote: In the real world however, yes, off several dsl links Im seeing those levels to various sites, I think it's more a factor of congested peering links or traffic aggregation at a hub. People arent spending the money to upgrade links right now. I should move to whichever shangri-la you reside in; How about 4 seconds from a sfba SBC dsl link to www.pbi.net: http://snark.net/~mrtg/www.pbi.net.html Correlating data to other points on the net seems to suggest the problem isn't congested peering :) http://snark.net/~mrtg/ matto Shame on you, pacbell. [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Security Practices question
On Thu, 3 Oct 2002, Scott Francis wrote: On Wed, Oct 02, 2002 at 05:48:16PM -0700, [EMAIL PROTECTED] said: In an environment where every sysadmin is interchangable, and any one of them can be woken up at 3am to fix the random problem of the day, you tell me how to manage 'sudoers' on 4000 machines. You don't _have_ logins directly to 4000 machines. You have a central admin host (or five) with user-level accounts. Those user-level accounts can 'sudo ssh target' to accomplish things as root on the remote boxes. So you propose that a trust relationship over the network is a more secure solution? I can't believe you're advocating allowing ssh logins as root as a better idea than per-admin uid 0 accounts. Given the nature of the UNIX permissions structure, any solution is going to be lacking when scaled up large enough - but the problems involved in properly administering sudo are considerly smaller than those introduced by having mulitple uid 0 accounts (especially multiple uid 0 accounts on multiple machines). You still haven't given me a single example of what these problems are. Just hand-waving and talk about the right way is. What do you do when one (or ten) of those 'interchangeable syadmins' leaves the company? _Then_ you have a real nightmare - changing root and removing uid 0 accounts on 4000 boxes. I'd rather manage /etc/sudoers, thanks very much. Are you paying attention? If one of the admins leave, his accounts (user and UID 0) are deactivated. The password on the root account doesn't need to be changed, assuming he/she didn't know it. Where's the nightmare there? Its the same level of effort that managing the sudoers file. If thats a nightmare in your environment, I'm sorry, you've got bigger problems. In an situation where the team needs root; all per-admin UID 0 accounts add is accountability and personalized shells/environments. All of which can be handled with sudo, without giving away the keys to the castle. An open sudo configuration (which Barb is advocating in her latest post) gives away those same keys. So I don't see what the benefit here is. matto [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h
Re: Security Practices question
On Wed, 2 Oct 2002, Scott Francis wrote: Can you back up that statement in /any/ way? What exactly are your reasons why sudo is a worse solution (or even a bad idea)? In an environment where every sysadmin is interchangable, and any one of them can be woken up at 3am to fix the random problem of the day, you tell me how to manage 'sudoers' on 4000 machines. In an situation where the team needs root; all per-admin UID 0 accounts add is accountability and personalized shells/environments. Sorry to ruffle your dogma. [EMAIL PROTECTED]darwin Flowers on the razor wire/I know you're here/We are few/And far between/I was thinking about her skin/Love is a many splintered thing/Don't be afraid now/Just walk on in. #include disclaim.h