RE: Newedge Networks meltdown?
Statement from New Edge to Customers: - Edger Customers and Partners, We are experiencing major network issues with our Alcatel Network Management System (NMS). Early last evening we had degradation in our primary NMS and we switched to our secondary backup NMS as per standard procedure.We then experienced similar degradation difficulties with our backup NMS. We have worked through the night on this and we have brought in Alcatel. Much of our network is stable. We estimate about 30% of our permanent virtual circuits (PVC) for customers may have been impacted. Customer affecting symptoms can take the form of performance degradation on a circuit or an actual outage in the form of failure to sync at Layer 3. We are now back on our primary NMS and we believe we have this situation stabilized. We are rebuilding our customer PVC's and the situation should improve throughout the day. We have added extra resources in NOC and our call centers. Our Service Level Agreements (SLA) call for 99.5 % up time and we have always far surpassed these SLA targets. This is the first outage of its type in the five year history of New Edge Networks. We are deeply embarrassed by this network outage and we apologize to our customers. We will do everything possible to fix this and we will communicate on the hour as we do so. Dan Moffat CEO New Edge Networks -Original Message- From: Bubba Parker [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 09, 2004 11:10 AM To: Mark Radabaugh Cc: [EMAIL PROTECTED] Subject: Re: Newedge Networks meltdown? I had a DS3 go down with them last night, they said that a lot of their PVCs all showed active must had to be bounced to continue working, and they'd only know which ones were down if people called and told so. On Tue, Nov 09, 2004 at 07:40:36AM -0500, Mark Radabaugh wrote: > > Seems there is a major problem within NewEdge networks this morning. > From the recording on the NOC line it sounds like they lost an internal > database and PVC's at many of the switches. > > Anyone know what happened? Let the speculation begin :-) > > Mark Radabaugh > Amplex > -- Bubba Parker [EMAIL PROTECTED] CityNet LLC http://www.citynetinfo.com/
RE: Lots of big web sites broken...SPOF
Just got off the phone with their NOC. It is a system-wide problem that "looks like it may be a DOS attack". They have no ETA as to a resolution yet. -Original Message- From: Joseph Nuara [mailto:[EMAIL PROTECTED] Sent: Monday, May 24, 2004 9:09 AM To: [EMAIL PROTECTED] Subject: Re: Lots of big web sites broken...SPOF Any idea on the cause or the ETA to restoration of service? On Mon, 24 May 2004, Jon Lewis wrote: > > Ok...who turned off Akamai? :) > > Sites that use Akamai for serving their images all seem to be pretty > much broken this morning. From here, I'm seeing multiple Akamai > servers on multiple networks just not responding to HTTP. They accept > connections (some after much delay), but don't reply to requests. > > -- > Jon Lewis [EMAIL PROTECTED]| I route > Senior Network Engineer | therefore you are > Atlantic Net| > _ http://www.lewis.org/~jlewis/pgp for PGP public key_ >
RE: who offers cheap (personal) 1U colo?
I don't think you find ANY significant provider that does not have network blocks listed in block lists. -Original Message- From: Bob Snyder [mailto:[EMAIL PROTECTED] Sent: Sunday, March 14, 2004 11:51 AM To: [EMAIL PROTECTED] Subject: Re: who offers cheap (personal) 1U colo? netadm wrote: >http://www.serverpronto.com > > > Given the thread was started for people who want to get a server for mail clear of blocklists, why would I want to use a provider on a number of blocklists per http://www.openrbl.org/, including a SBL/ROKSO listing? Bob
RE: who offers cheap (personal) 1U colo?
http://www.serverpronto.com -Original Message- From: Todd Vierling [mailto:[EMAIL PROTECTED] Sent: Sunday, March 14, 2004 8:56 AM To: Simon Lockhart Cc: [EMAIL PROTECTED] Subject: Re: who offers cheap (personal) 1U colo? On Sun, 14 Mar 2004, Simon Lockhart wrote: : If someone can point me to Virtual Solaris Machine, then I'd willingly offer : that as a service (the colo I help run as a "hobby" is Sun only). : : The reason people are doing it on Linux is that it's available. (And, in the : case of LVM, free) mmm, NetBSD. Runs on all of x86, amd64, and sparc64 hardware, and runs Linux and Solaris binaries (for the appropriate processor type). RAIDframe is free and included in the base system too. 8-) -- -- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>
RE: Re[2]: williams spamhaus blacklist
>> Ehm, that was because you, infolink.com WERE the spam outfit, of >> course we block your 'entire network', it was an entire network of >> spammers with no real customers. You can pretend Infolink is an >> 'EyeEshPee' all you like Mr Leary but what we see is this, from your >> ROKSO record: >> This is exactly the problem with certain e-mail block lists (i.e. www.spamhaus.org). A few zealots who control this particular block list have made a decision based on inaccurate information. Mr. Linford has listed (in his block list) 48 /24s allocated to Infolink (yes we are a real ISP with real customers) for 2 customers we are working to terminate. In addition, as previously mentioned, Mr. Linford refuses to remove listings once we notify him of the termination. Given the above, it is imprudent for any network operator (North American or Other) to use Mr. Linford's SBL to restrict the delivery of e-mail. Dynamic block lists such as Spamcop will be much more effective at blocking spam, while allowing normal e-mail to flow as it should. Jon Ham/Infolink Network Administration Toll Free (USA) +1 877 293 2095 ext. 1422 Tel. +1 305 324 1616 ext. 1422 www.infolink.com
RE: Re[2]: williams spamhaus blacklist
>> That describes the escalation procedure of SPEWS, but is not at all >> accurate for the SBL, we do not expand listings sideways into >> customer space or block whole ISPs [*]. >> Mr. Linford's Spamhaus has recently blocked our entire ISP because of 2 entities on our network we are working to terminate (it is a bit more complicated than simply pulling the plug). In addition, we have recently requested removal of listings once we have terminated the customer in question, but received no response. We can vouch for the fact that www.spamhaus.org blocks far more than just sources of UCE. In our case, it is our entire network. -Original Message- From: Steve Linford [mailto:[EMAIL PROTECTED] Sent: Thursday, September 25, 2003 8:22 AM To: Hank Nussbacher; [EMAIL PROTECTED] Subject: Re[2]: williams spamhaus blacklist At 12:50 +0200 (GMT) 25/9/03, Hank Nussbacher wrote: > AS3339 has a zero tolerance for spamming. With just one spam > complaint we block the IP in question. We have a downstream customer > that has many cybercafes in Africa that generate http and smtp spam > and we block each complaint within 48 hours. > > None the less, here is a recent email extract I received from > someone: > > "Hank, I am not a Spamhaus.org representative in any shape or form. > I do not claim to speak for Spamhaus.org in any capacity. The > University of xx is, however, a customer (i.e. as of this > morning, we block e-mails from IP addresses listed on Spamhaus SBL). > > I am just guessing what might happen if the problem is not sorted > out. > > I am sure you already know that the standard escalation procedure for > many blocklists is first to block the single offending IP address, > then the immediate smallest block that it is contained in according > to WHOIS, then the entire block of the ISP, and if that fails to stop > the spam, then the corporate MXes of the upstream ISP may be > blocklisted." That describes the escalation procedure of SPEWS, but is not at all accurate for the SBL, we do not expand listings sideways into customer space or block whole ISPs [*]. > Basically, we are being told if we don't drop the customer, our > corporate MXes will be blocked. I would not call this an "extreme > case", but it would appear that overzealous anti-spammers are perhaps > going a bit overboard. Luckily he claimed up-front to not be speaking for Spamhaus. I can sympathize with the level of frustration of someone being bombarded in spam, however we do not run escalations for single spammers (unless the problem is chronic, but even then we'd always contact the ISP and exhaust all other avenues). [*] Although we do not list whole U.S. or European ISPs, that's not strictly true for other areas of the net the "offshore" spammers have gravitated to. We are currently leaning on China heavily and are at this moment blocking large parts of Chinanet Shanghai (online.sh.cn) ADSL netblocks, as it's the worst of the China spam problems with 120 separate SBL listings all of US-based spammers (all the usual make-penis-fast crowd) hosted mainly on Shanghai ADSL lines. Spammers like Alan Ralsky these days pump everything out via SoBig-opened proxies with everything hosted in China, all run from Detroit using VPN. The Chinese are now understanding this but it's taken some time. That escalation should resolve itself 'any moment now' too as they say they're starting the process of tracking down and kicking off the hoard of pests they've acquired these last months. -- Steve Linford The Spamhaus Project http://www.spamhaus.org
RE: Sobig.f surprise attack today
>From http://www.f-secure.com/v-descs/sobig_f.shtml - Update on 19:00 UTC When deadline for the attack was passed, one machine was still (somewhat) up. However, immediatly after the deadline, this machine (located in the USA) was totally swamped under network traffic. We've tried connecting to it, just like the virus does. We do this from three different sensors from three different machines in three different countries. We haven't been able to connect to it once. If we can't connect, neither can the viruses. So the attack failed. Whoa. We'll keep monitoring until 22:00 UTC. If we're not able to connect once, we can safely say that the attack was prevented. -Original Message- From: Andrew Kerr [mailto:[EMAIL PROTECTED] Sent: Friday, August 22, 2003 3:43 PM To: Jay Hennigan Cc: [EMAIL PROTECTED] Subject: Re: Sobig.f surprise attack today Jay Hennigan wrote: > On Fri, 22 Aug 2003, Andrew Kerr wrote: > > >>Its been posted here, and f-secure has it, but I wrote a quick script >>to keep an eye on the 20 servers and dump the output to a simple page: >> >>http://207.195.54.37/sobig.html >> >>(Updates about every 5 mins) > > > You're probing the list of NTP servers the worm uses to get the date, > not the list of hosts to which it "phones home". > A few people pointed that out. By the time this message hits the list, it should be corrected.
RE: Country of Origin for Malicious Attacks
Outside of the U.S., I'll nominate France and the Pacific Rim countries. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 11:58 AM To: [EMAIL PROTECTED] Subject: Country of Origin for Malicious Attacks I was wondering if folks had noticed any trends with malicious network attacks predominantly originating from any individual or group of countries. Any observations, comments or help would be greatly appreciated. Thanks, sean
New Trojan
Title: Message Anyone having any fallout from: http://www.eweek.com/article2/0,3959,1130765,00.asp �
