[no subject]

[sana sohail]

Hi,

I am looking for a typical percentage of external(inter-domain) routes
versus typical percentage of internal (intra-domain) routes in a core
router with couple of hundred thousand entries in the routing table.
Can anyone please help me in this?

Best Regards,
Sana Sohail

[no subject]

[Michael Balasko]

unsubscribe

[no subject]

[Jim Shankland]

[EMAIL PROTECTED] writes:

 Use GigE cards on the servers with a jumbo MTU and only buy IP network
 access from a service provider who supports jumbo MTUs end-to-end
 through their network.

I'm not sure that I see how jumbo frames help (very much).  The
principal issue here is the relatively large bandwidth-delay
product, right?  So you need large TCP send buffers on the sending
side, a large (scaled) receive window on the receiver side, and
turn on selective acknowledgement (so that you don't have to
resend the whole send buffer if a packet gets dropped).

At 45 Mb/s and 120 ms RTT, you need to be able to have ca. 700 KBytes
of data in flight; round up and call it a megabyte.

Having said that, I too have tried to configure Windows to use
a large send buffer, and failed.  (In my case, it was Windows
machines at a remote location sending to Linux machines.)
I'm not a Windows person; maybe I didn't try hard enough.  In
the event, I threw up my hands and installed a Linux proxy server
at the remote site, appropriately configured, and went home happy.

Jim Shankland

[no subject]

[Dr. Mosh]

unsubscribe

-- 
--
http://www.zeromemory.com - metal for your ears.

Subject: Found power supply at NANOG37

[Duane Wessels]

Found: HP laptop power supply left on a large round table late
tuesday night in the main hallway.  Here's hoping you have enough
juice left to read this email...

Subject: drone armies CC report - February/2006

[c2report]

Below is an automatically generated periodic public report from the
ISOTF's affiliated group DA (Drone Armies (botnets) research and
mitigation mailing list / TISF DA) with the ISOTF affiliated ASreport
project (TISF / RatOut).

For this report it should be noted that we base our analysis on the data
we have accumulated from various sources, which may be incomplete.

Any responsible party that wishes to receive reports of botnet command
and control servers on their network(s) regularly and directly, feel
free to contact us.

In the past few months we did not publish this report, allowing for
responsible parties to ask for regular reports from us on suspected
botnet CC activity on their networks. As you can see below, the
Internet drastically changed its face positively because these reports
(compared to when we started), and now a lot more so due to direct
reporting.

For purposes of this report we use the following terms:
openthe host completed the TCP handshake
closedNo activity detected
resetissued a RST

This month's survey is of 4271 unique domain with port or IP with port
suspect CCs. This list is extracted from the BBL which currently has a
historical base of 7780 reported CCs. Of the suspect CCs surveyed, 685
reported as Open, 3353 reported as closed and 572 issued resets to the
survey instrument. Of the CCs listed by domain name, 1847 are mitigated
via remapping.


Top 20 ASNes by Total suspect domains mapping to a host in the ASN.
These numbers are determined by counting the number of domains which
resolve to a host in the ASN.  We do not remove duplicates and some of
the ASNs reported have many domains mapping to a single IP.  Note the
Percent_resolved figure is calculated using only the Total and Open
counts and does not represent a mitigation effectiveness metric.

ASN Responsible Party   Total   Open Percent_Resolved
14744   PNAP Internap Network Services  91  0   100%
10913   PNAP Internap Network Services  67  0   100%
30058   FDCSE FDCservers.net LLC65  18  72%
25761   STAMIN-2 Staminus Communications58  6   90%
3356Level 3 Communications, LLC 53  0   100%
13301   UNITEDCOLO-AS Autonomous System of  52  35  33%
14779   INKT Inktomi Corporation42  0   100%
21844   THE PLANET  41  2   95%
19318   AIC-81 Albany International Corp.   40  11  73%
13749   EVRY Everyones Internet 37  5   86%
4766KIXS-AS-KR  35  2   94%
30315   Everyones Internet  31  12  61%
12182   PNAP Internap Network Services  31  0   100%
9318HANARO-AS   30  9   70%
21840   SAGONE Sago Networks30  5   83%
13790   PNAP Internap Network Services  30  0   100%
22822   LLNW Limelight Networks 29  10  66%
27595   ATRIV Atrivo27  5   81%
12832   Lycos Europe26  3   88%
3561Savvis  24  1   96%


Top 20 ASNes by number of active suspect CCs.  These counts are
determined by the number of suspect domains or IPs located within
the ASN completed a connection request.

  ASN   Responsible Party   Total   Open Percent_Resolved
13301   UNITEDCOLO-AS Autonomous System of  52  35  33%
32748   NOZON NoZone21  20  5%
30058   FDCSE FDCservers.net LLC65  18  72%
174 Cogent Communications   20  16  20%
25700   SWIFTDESK VENTURE   19  13  32%
30315   Everyones Internet  31  12  61%
4134CHINANET-BACKBONE   17  12  29%
19318   AIC-81 Albany International Corp.   40  11  73%
9121TTNet   15  11  27%
22822   LLNW Limelight Networks 29  10  66%
8972INTERGENIA-ASN intergenia autonomou 21  10  52%
15083   IIS-129 Infolink Information Servic 24  9   63%
30407   Velcom.com  12  9   25%
9318HANARO-AS   30  9   70%
20115   Charter Communications  20  9   55%
23522   CIT-FOONET  14  9   36%
16265   LEASEWEB AS 15  9   40%
3269TELECOM ITALIA  16  8   50%
8560SCHLUND-AS  19  7   63%
19166   Alpha Red, INC  14  7   50%
33569   ALLHOSTSHOP.COM 16  6   63%

On the inoc-dba subject

[Joe Maimon]

Is it really cluefull to have this paragraph?



Please make sure that your spam filters allow email from pch.net
before you sign up, since we will need to automatically verify your
email address.


Since we all know that whitelisting and blacklisting by in-band stated 
from email address is quite wrong-headed, from a clue standpoint.



Perhaps something like this?


Please make sure that your spam filters allow email sent from 
ip-addresses with a from address of pch.net before you sign up, since 
we will need to automatically verify your email address.



Where ip-addresses is the output of a dig command against the outgoing 
smtp servers sending the notifications?


In general, ML and other automated email things should have a way to 
display the bounce to the user, which would mean storing it for some 
small period of time. Otherwise it becomes rather difficult to do the 
right thing filtering wise.


(Google seems to do this for their notifications that get 45x/55x)

Joe

Re: On the inoc-dba subject

[Rubens Kuhl Jr.]

 
 Please make sure that your spam filters allow email from pch.net
 before you sign up, since we will need to automatically verify your
 email address.
 

 Since we all know that whitelisting and blacklisting by in-band stated
 from email address is quite wrong-headed, from a clue standpoint.


 Perhaps something like this?

 
 Please make sure that your spam filters allow email sent from
 ip-addresses with a from address of pch.net before you sign up, since
 we will need to automatically verify your email address.
 

 Where ip-addresses is the output of a dig command against the outgoing
 smtp servers sending the notifications?

pch.net publishes a SPF record:
v=spf1 ip4:204.61.210.70/32 mx mx:woodynet.net a:sprockets.gibbard.org
a:ghosthacked.net ~all

Besides going from soft-fail (~all) to fail (-all), they are already
giving you the tools you need to validate a MAIL FROM: claim.


Rubens

Re: On the inoc-dba subject

[Joe Maimon]

Rubens Kuhl Jr. wrote:




pch.net publishes a SPF record:
v=spf1 ip4:204.61.210.70/32 mx mx:woodynet.net a:sprockets.gibbard.org
a:ghosthacked.net ~all

Besides going from soft-fail (~all) to fail (-all), they are already
giving you the tools you need to validate a MAIL FROM: claim.


Rubens




Thats all very well and good, but advising people who do not validate 
with spf to whitelist by domain name is an over-simplification.

Re: On the inoc-dba subject

[Suresh Ramasubramanian]

On 2/6/06, Rubens Kuhl Jr. [EMAIL PROTECTED] wrote:

 pch.net publishes a SPF record:
 v=spf1 ip4:204.61.210.70/32 mx mx:woodynet.net a:sprockets.gibbard.org
 a:ghosthacked.net ~all

 Besides going from soft-fail (~all) to fail (-all), they are already
 giving you the tools you need to validate a MAIL FROM: claim.


*koff* .forwards etc cans of worms *koff*

Woody's clear enough there - make sure your filters allow email from us.

Minor but tedious details like how to do that can best be left to
individual administrators.  Probably get the job done without turning
on spf lookups.

--
Suresh Ramasubramanian ([EMAIL PROTECTED])

Re: On the inoc-dba subject

[Jon Lewis]

On Mon, 6 Feb 2006, Joe Maimon wrote:


pch.net publishes a SPF record:
v=spf1 ip4:204.61.210.70/32 mx mx:woodynet.net a:sprockets.gibbard.org
a:ghosthacked.net ~all

Besides going from soft-fail (~all) to fail (-all), they are already
giving you the tools you need to validate a MAIL FROM: claim.


Thats all very well and good, but advising people who do not validate with 
spf to whitelist by domain name is an over-simplification.


So call it additional clue-boundary to entry and be done with this silly 
thread.


Besides, the site doesn't specify how to filter/whitelist...just to make 
sure you can accept mail from pch.net.  A simple person might take that to 
mean I better allow any @pch.net from address but that's not what the 
site says.


--
 Jon Lewis   |  I route
 Senior Network Engineer |  therefore you are
 Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: On the inoc-dba subject

[Bill Woodcock]

 Advising people who do not validate with spf to 
 whitelist by domain name is an over-simplification.

In fact, we don't advise them to do either one.  The cautionary message is 
to remind the significant (~10%) portion of people who try to sign up 
using blocked email addresses why it might be that they're failing and not 
seeing any error messages from us.

Believe me, we'd much prefer people found better ways of dealing with 
spam.

-Bill

[no subject]

[Steve Feldman]

Just a reminder that proposals to present at NANOG 36 are
due this Thursday, December 15.

Send your omplete proposals, including abstract and slides,
to [EMAIL PROTECTED]

The full call for presentations is available at
  http://www.nanog.org/mtg-0602/cfp36.html

Steve Feldman
Program Committee chair

[no subject]

[Ron Muir]

unsubscribe

[no subject]

[Ron Muir]

unsubscribe
 

(no subject)

[Haseeb Budhani]

unsubscribe

Re: OT - Vint Cerf joins Google (Please change subject to what is discussed)

[james edwards]

[no subject]

[Rod Trent]

unsubscribe

Re: Subject : RE: ACL Monitoring

[Alexei Roudnev]

It's all done in CCR. It encrypts passwords (allowing you to have a few
password groups, all WEB configurable), and uses
passphrases + 3DES or public/private key encryption (or just you can enter
logi and password from the web).
idea is simple - operators have WEB access and know passphrase, but they
have not cisco logins except if they granted direct cisco access, and they
never have access on the server.

Other approach could be 'snmp, but it works on a very few OS (IOS) only (do
not work for PIX, for example).

But you are correct - CCR have all this things, such as crypt / openssl;
sudo to get access top the passphrase file
from web cgi script, passphrase input for manual config downloads, webcvs
fro history analyze, etc etc.

Of course, tacacs+ accounting is necessary for full scale change monitoring.
Unfortunately, even different Cico devices have
different accounting rules (and very different access rules, counting PIX as
most useless from this point of view - you must
grant full access for 95% of operators tasks, even to monitor VPN
associations -:)).


 
  If you anticipate doing a lot of this kind of monitoring in the future
you
  may want to take a look at the expect programming language
  http://expect.nist.gov/ , which has very simple send/expect
constructs.
  E.g. send show acl 101/r expect access-list .. etc. Perl also allows
  similar although is probably not quite as easy to pick up if you've
never
  done this kind of thing before.
 
  Essentially you'd write a quick script to telnet or ssh to the router
send
  your commands, expect a result and do something based on that result. As
I
  said, its worth the time investment and you'll find once you get the
script
  done you can just reuse it for many other tasks.

 Kind of silly to state using an expect script or any other script for
 that matter considering the assumption that, it seems he is not trusting
 someone (as mentioned in another post), so I would take it that this
 script would run from where?

 Not only that, you would go through hell configuring encrypting the
 password on an expect script for the script to decrypt, then send. Now,
 not only that, but then what? How would you configure it to monitor
 something say in real time? You would likely have to use the diff and grep
 commands for parsing, and a whole bunch of other things to get it to just
 monitor a change, not a guarantee you will find out who changed it without
 some major scripting as opposed to using accounting ala TACACS+



 spawn ssh [EMAIL PROTECTED]
 expect Password: 
 send secret\r
 expect something
 send something\r
 expect $RESPONSE_FROM_ROUTER
 spawn $WHAT_DO_YOU_SPAWN_TO_COPY_WHAT_YOU_SEE

 Expect would be worthless in my opinion. Why reinvent the kick their
 asses to accounting mode wheel.


 =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
 J. Oquendo
 GPG Key ID 0x0D99C05C
 http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x0D99C05C

 sil @ infiltrated . net http://www.infiltrated.net

 How a man plays the game shows something of his
 character - how he loses shows all - Mr. Luckey

Subject : RE: ACL Monitoring

[J. Oquendo]

On Thu, 12 May 2005, Glynn Stanton wrote:



 If you anticipate doing a lot of this kind of monitoring in the future you
 may want to take a look at the expect programming language
 http://expect.nist.gov/ , which has very simple send/expect constructs.
 E.g. send show acl 101/r expect access-list .. etc. Perl also allows
 similar although is probably not quite as easy to pick up if you've never
 done this kind of thing before.

 Essentially you'd write a quick script to telnet or ssh to the router send
 your commands, expect a result and do something based on that result. As I
 said, its worth the time investment and you'll find once you get the script
 done you can just reuse it for many other tasks.

Kind of silly to state using an expect script or any other script for
that matter considering the assumption that, it seems he is not trusting
someone (as mentioned in another post), so I would take it that this
script would run from where?

Not only that, you would go through hell configuring encrypting the
password on an expect script for the script to decrypt, then send. Now,
not only that, but then what? How would you configure it to monitor
something say in real time? You would likely have to use the diff and grep
commands for parsing, and a whole bunch of other things to get it to just
monitor a change, not a guarantee you will find out who changed it without
some major scripting as opposed to using accounting ala TACACS+



spawn ssh [EMAIL PROTECTED]
expect Password: 
send secret\r
expect something
send something\r
expect $RESPONSE_FROM_ROUTER
spawn $WHAT_DO_YOU_SPAWN_TO_COPY_WHAT_YOU_SEE

Expect would be worthless in my opinion. Why reinvent the kick their
asses to accounting mode wheel.


=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x0D99C05C
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x0D99C05C

sil @ infiltrated . net http://www.infiltrated.net

How a man plays the game shows something of his
character - how he loses shows all - Mr. Luckey

[no subject]

[Steve Sobol]

Irwin Lazar [EMAIL PROTECTED] quoted an article saying

In less than 48 hours many of us will be installing Tiger OS-X and with it a
brand new Safari browser that can read and display RSS feeds in a simple easy
to understand manner. That upgrade while great for the consumers, could come
as a big shocker for those blogs whose feeds are included as part of Safari¹s
default starter package. Infact it could be the biggest stress test for RSS
thus far!

a) that's OS-X Tiger. :p~~~

b) The Biggest Stress Test For RSS Thus Far?

Okay, let's get a handle on things here. RSS is XML over HTTP; nothing more.
As long as the HTTP infrastructure can handle the traffic, and as long as the
server can handle the big spike in HTTP requests, I see no reason why this
should be a big deal, and I see even less reason why the article cites the
event as a defining event for RSS. (It's not.)

 Some food for thought:

Just ate lunch, but thanks anyway.

--
JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638)
Steven J. Sobol, Geek In Charge / [EMAIL PROTECTED] / PGP: 0xE3AE35ED

The wisdom of a fool won't set you free
--New Order, Bizarre Love Triangle

Is there anything more to say on this subject? (was RE: Why do so few mail providers support Port 587?)

[Steve Gibbard]

I've seen this thread go on for quite a while, and have been getting lots
of when are you going to shut that thread down? types of queries.
While not particularly off-topic, a lot of the responses do look pretty
repetative.  Therefore, I'd like to suggest that, unless you have
something to say on this topic that hasn't already been said by somebody
else, somewhere in this thread, and that's so important that the thousands
of people on the NANOG list will want to see it, this thread should be
brought to an end.

This isn't a threat of censorship.  It's a request for self control.

-Steve
Speaking for myself; not for the
rest of the list administrators

On Mon, 28 Feb 2005 [EMAIL PROTECTED] wrote:


  It's time to take this thread to SPAM-L or
  some other spam oriented list.

 I strongly disagree. This thread has not been
 about spam. For the most part it has dealt with
 technical operational issues of email services
 and therefore it is right on track for this list.

 --Michael Dillon



Steve Gibbard   [EMAIL PROTECTED]
+1 415 717-7842 (cell)  http://www.gibbard.org/~scg
+1 510 528-1035 (home)

[no subject]

[J. Oquendo]

On Fri, 31 Dec 2004, Merike Kaeo wrote:


 When you start encrypting for confidentiality then:

 a) you may end up trusting your endpoints more and perform sanity
 checks other than 'deep inspection' to mitigate spoofed and unwanted
 traffic

Shouldn't mitigation on spoofing (and this argument will forever go
forward on NANOG) be done at the network level, e.g. BOGON, Best Common
Underrated Practices? If companies didn't follow them then/now using IPv4
which can already filter this what makes you think engineers will
configure their equipment to do more sanity checks.

 b) you may have a corporate policy where you need the capability to
 look at all traffic and therefore are required to use some IPsec
 intermediary device which acts as an endpoint on behalf of other
 corporate hosts (and decrypts/encrypts the traffic).

Wouldn't this render ESP obsolete. What would be the purpose of IPsec
then? What I infer from this message is that you would want some form of
hardware or software in place to be able to read this IPSec traffic. And
this to you is security? How secure would I feel knowing my provider, or
company has the ability to decrypt my encrypted data when I'm making an
online payment somewhere, how secure would any user feel with some form of
(not known at this time to even be possible) device on the line. This
statement makes little sense to me, or maybe I'm misreading it.

Let's take a look at an IPv6 packet after ESP (RFC 2406)

  
IPv6  | new* |new ext |   | orig*|orig ext |   || ESP   | ESP|
  |IP hdr| hdrs*  |ESP|IP hdr| hdrs *  |TCP|Data|Trailer|Auth|
  
  |- encrypted ---|
  |-- authenticated --|

Which portion of this IPv6 do you want this device to decrypt again? Again
I hope I misunderstood your statement.

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99

CA22 0619 DB63 F2F7 51F9 D78D
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x51F9D78D

sil @ politrix . orghttp://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net

How a man plays the game shows something of his
character - how he loses shows all - Mr. Luckey

[no subject]

[J. Oquendo]

Re: IPv6, IPSEC and deep packet inspection

On Fri, 31 Dec 2004 [EMAIL PROTECTED] wrote:



 as one who has been bit by this already - i can say amen to
 what Rob preacheth...  the hardest part is getting folks up to
 speed on IPv6 as a threat vector.  Swat teams that can neutralize
 an IPv4 based flareup in minutes/hours can take days/weeks to
 contain a v6 channel...

Supposedly the vulns associated with IPv6 are: reconnaissance, unauth'd
access, layers 3-4 spoofing, ARP and DHCP attacks, smurfs, routing
attacks, viruses andworms, translations, transistions, and tunneling
mechanisms. According to Sean Covery's IPv6 Security Threats
(http://www.seanconvery.com/SEC-2003.pdf)

I recall something with OpenBSD and IPv6 not too long ago where MTU was a
factor so I pondered: If someone created a packet generator which spoofed
source to destination using random checksums, etc, but set an MTU too
high, would the recipient drop the connection altogether? For example:

// BEGIN EXAMPLE //

USER -- HOP1 -- HOP2 -- HOP3 -- PAYSITE

USER has an established connection (IPv6 of course) with PAYSITE

ATKR sends enough spoofed packets as USER to PAYSITE with an incremented
checksum he managed to get hold of via a network analyzer, and sets a high
MTU which some router en route to PAYSITE replies to USER with a Type 2

USER gets Type 2's from either HOP1, HOP2, or HOP3

USER never gets through to PAYSITE because of ATKR's cruddy packets

// END EXAMPLE //

Wouldn't PAYSITE disconnect the session with USER. I'm thinking indeed it
would break any session for starters. ATKR could be on the same network
possibly a virus or worm set to capture some preliminary packet
information and shoot it right back upstream keeping any kind of
handshaking/transactions from occurring. I could/would do a proof of
concept but it would be worthless, hopefully those doing the protocols
though of this anyway.

NOW...

On Sat, 1 Jan 2005, Christopher L. Morrow wrote:

 Some of this 'not follow it now' is partly due to equipment problems.
 These problems should be disappearring from many larger networks as new
 gear is cycled in over the next couple of years. The option will then be
 available to the engineers that operate the networks, they will likely
 still prefer the 'closest to the end system router' make the filtering
 decision though.

I think I've mentioned this before... Why isn't it standard by default. To
which most replied about the ever changing BOGON addresses. It would be
nice to see a Trusted repository that all equipment could pass to and
from information.

 your company likely has this capability, or could have it today... They
 also likely don't want you wasting company time buying things on ebay or
 amazon... your company, in the US, likely has this in their HR/Employee
 handbook in the form of some 'corporate assets are for corporate use only'
 statement.

Indeed no one wants their resources wasted, but what about those in the
financial industries where monetary information is being sent. Surely no
one wants that information being passed. On that note of network waste,
for those who do have those types of policies, that's what content
management is for in my opinion. If it hasn't been fully implemented, than
why call the kettle black.

Once again... Happy New Year everyone... Going going gone...

Jesus Oquendo

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99

CA22 0619 DB63 F2F7 51F9 D78D
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x51F9D78D

sil @ politrix . orghttp://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net

How a man plays the game shows something of his
character - how he loses shows all - Mr. Luckey

[no subject]

[guy]

On Sun, 14 Mar 2004, Andrew Dorsett wrote:

 This is a topic I get very soap-boxish about.  I have too many problems
 with providers who don't understand the college student market.  I can
 think of one university who requires students to login through a web
 portal before giving them a routable address.  This is such a waste of
 time for both parties.  Sure it makes tracking down the abusers much
 easier, but is it worth the time and effort to manage?  This is a very
 legitimate idea for public portals in common areas, but not in dorm
rooms.

Andrew,
Doing this is an effective way to introduce an AUP policy to the
students. Something to the effect of, By clicking here, you agree not to
do X Y and Z and other provisions that will not be read by 99.9% of the
students/renters. However, by doing this, if need be at a future time,
shutting off service for AUP violations is much easier.

Guy

Subject: Re: MS is vulnerable

[J. Oquendo]

Microsoft software is inherently less safe than Linux/*BSD software.
This is because Microsoft has favored usability over security.
This is because the market has responded better to that tradeoff.
This is because your mom doesn't want to have to hire a technical
consultant to manage her IT infrastructure when all she wants to do is
get
email pictures of her grandkids.

//
/Let me see, have I got this right?
/Apple software is inherently less safe than Linux/*BSD software.
/This is because Apple has favored usability over security.
/This is because the market has responded better to that tradeoff.

/This is because your mom doesn't want to have to hire a technical
/consultant to manage her IT infrastructure when all she wants to do is get
/email pictures of her grandkids.
/
/Hmmm...
/
/The last three statements make perfect sense but that first
/one just doesn't seem right. Could it be that ease-of-use
/has nothing whatsoever to do with security?
/
/--Michael Dillon

What I gathered was

TSR80's are making a comback for their ease of use

This is because Tandy/Radio Shack is the last bastion of hope

This is perhaps because people like that retro feeling

This is because your ex girlfriend suggested you buy this (TSR80) so she
won't have to hire a technical consultant to have her pictures removed
from www.revengeworld.com or www.mobog.com being webcams and TSR's are a
no no.

J. Oquendo

=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
Quis custodiet ipsos custodes? - Juvenal

J. Oquendo
GPG Key ID 0x51F9D78D
Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D
http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x51F9D78D

sil @ politrix . orghttp://www.politrix.org
sil @ infiltrated . net http://www.infiltrated.net

[no subject]

[sandoche balakrishnan]

Bonjour,

I am a student doing my Masters thesis. My query is that

1. what is the way to predict how a traffic will be arriving in router, by 
having a statistical information of the length of the bursts and the 
silence. (are there any papers which have worked on it)

2.  Is it possible to improve the efficiency of a switching fabric if we 
know the traffic profile .

Thanks
Cordialement,
Sandoche Balakrichenan.
_
Contact brides  grooms FREE! Only on www.shaadi.com. 
http://www.shaadi.com/ptnr.php?ptnr=hmltag Register now!

Draft agenda - subject to change

[Susan Harris]

Draft Agenda
  NANOG 29 
 Oct. 19-21, Chicago

Sunday Tutorials

1:30 - 3:00 p.m.Implementing a Secure Network Infrastructure (Part I)   
  Merike Kaeo

1:30 - 3:00 p.m.Harvest BGP Troubleshooting 
  Philip Smith, Cisco

3:00 - 3:30 p.m.BREAK   

3:30 - 5:00 p.m.Deploying IP Anycast
  Kevin Miller, CMU

3:30 - 5:00 p.m.Implementing a Secure Network (Part II)

5:00 - 7:30 p.m.Dinner  

7:30 - 9:00 p.m.MPLS Applications Overview  
  Ina Minei, Juniper

7:30 - 9:00 p.m.Implementing a Secure Network (Part III)
 

Monday, October 20
--  
9:00 a.m.   Welcome, Introductions  
  Susan Harris, Merit; Ray Plzak, ARIN;
  Jordan Lowe, Server Central

9:15 a.m.   Verisign's Wildcard Record: Effects and Responses
 Mark Kosters and Matt Larson, Verisign; Suzanne Woolf, ISC

9:45 a.m.   Update on Anomalous DNS Behavior
  Duane Wessels, Packet Pushers

10:30 a.m.  BREAK   

11:00 p.m.  Panel: Watching Your Router Configurations and Detecting
Those Exciting Little Changes   
  Randy Bush, IIJ, moderator
  Henry Kilmer, Terrapin Communications; John Heasley, Verio
  Danny McPherson, Arbor

11:45 a.m.  Building a Web of Trust 
  Joe Abley, ISC

12:00 p.m.  LUNCH (on your own) 

1:30 p.m.   The Relationship Between Network Security and Spam
  Carl Hutzler and Ron da Silva, AOL Time Warner

2:00 p.m.   Panel:  Simple Router Security, What Every ISP Router
Engineer Should Know and Practice   
  Randy Bush, IIJ, moderator; Rob Thomas, Cisco/Team Cymru; 
  Neal Ziring, NSA; George Jones, MITRE

3:00 p.m.   AOL Backbone OSPF-ISIS Migration
  Vijay Gill and John Warner, AOL Time Warner

3:30 p.m.   BREAK   
 
4:00 p.m.   Research Forum

Internet Service Differentiation Using
Transport Options: The Case for Policy-aware Congestion 
Control 
  Panos Gevros, University of Cambridge

Passive Internet Health Monitoring With BGP  
  Kenneth McGrath, Dartmouth

How to Compute Accurate Traffic
Matrices for Your Network in Seconds
  Yin Zhang, Matthew Roughan, Albert Greenberg, David
  Donoho, Nick Duffield, and Carsten Lund, ATT

AutoFocus: A Tool for Automatic Traffic Analysis
  Cristian Estan, UCSD

7:30 - 9 p.m.   ISP Security and NSP-SEC BOF IV
  Barry Raveendran Greene, Cisco
  Merike Kaeo, moderators
  
PGP Key Party - Joe Abley, ISC

Tuesday, October 21
--- 
9:00 a.m.   GBIC Interface Standards Support in the Telecommunications
Industry
  Dave Wodelet, Shaw Communications

9:30 a.m.   A Systematic Approach to BGP Configuration Checking
  Nick Feamster and Hari Balakrishnan, MIT 

10:00 a.m.  BGP: Good MEDs Gone Bad!
  Danny McPherson, Arbor

10:30 a.m.  BREAK   

 
11:00 a.m.  Flawed Routers Flood University of Wisconsin Internet Time
Server  
  Dave Plonka, University of Wisconsin - Madison

11:20 a.m.  Student Desktop TV: Safe and Secure Video Over IP
  Tim Ward, Northwestern University

11:40 a.m.  The Blaster Worm: The View From 10,000 Feet 
  Jose Nazario, Arbor

12:00 p.m.  LUNCH (on your own) 

1:30 p.m.   An Overview of the Global IPv6 Routing Table
  Cathy Wittbrodt

2:00 p.m.   It's a Surprise 

2:30 p.m.   Stress Testing to Validate Router Readiness for Deployment
  Shankar Rao, Qwest; Scott Poretsky, Quarry

3:00 p.m.   Fast IP Convergence 
  Clarence Filsfils, Cisco

3:30 p.m.   Adjourn 
  Susan Harris, Merit

[no subject]

[Pascal Gloor]

Good morning/day/evening/night/whatever,

I'm working on the netlantis project which offers to the public a set of
tools regarding the global routing status. Netlantis has multiple so called
NRC (Netlantis Route Collectors) which have eBGP multihop sessions with
different ISPs around the world in order to collect their full BGP routing
table.

Netlantis is a non-commercial and independent project.

I would be very interested to have one or more RouteCollector(s) in the NA
region. Would anyone be able to sponsor this? I would need something like a
P3 = 500Mhz with at least 256Mb of RAM running FreeBSD 4.8 and its
colocation. This RouteCollector would then be dedicated to NA peers.

The sponsor will get a little text, logo and link on the Netlantis page.

for more informations see http://www.netlantis.org

Example of what netlantis can do:
http://www.netlantis.org/wwwbin/graph.pl?type=asas=15485size=nonebw=0region=all

netlantis is still looking for a main sponsor which would provide and host
the central server. If you're interested in sponsoring the main server, let
me know.


Regards,
Pascal

I need a portable /24 not attached to any sub-domain or anything else subject to attack

[Henry Linneweh]

I simply would like to borrow this /24 if you are not going to use in the near and distantfuture or ever for that matter.

It can not be attached to any subdomain and or any or part of any routing table,
this would most helpful in the development of methods to prevent ddos and dos.

Thank you very much
Henry R Linneweh

Re: I need a portable /24 not attached to any sub-domain or anythingelse subject to attack

[Jack Bates]

Henry Linneweh wrote:

I simply would like to borrow this /24 if you are not going to use in 
the near and distant future or ever for that matter.
 
It can not be attached to any subdomain and or any or part of any 
routing table,
this would most helpful in the development of methods to prevent ddos 
and dos.
 
Hmmm. Have you talked with ARIN? I hear they have IP addresses that you 
can borrow. Perhaps your provider might loan you one, or if not routing 
it, would private addressing not work?

-jack

RE: Weird email messages with re:movie and re:application in the subject line..

[McBurnett, Jim]

got it here too..
And on 30+ publicly annouced mail accounts
Hitting big.. sobig virus once again...

Jim

-Original Message-
From: Anne P. Mitchell, Esq. [mailto:[EMAIL PROTECTED]
Sent: Wednesday, June 25, 2003 11:05 PM
To: '[EMAIL PROTECTED]'
Subject: Re: Weird email messages with re:movie and re:application
in the subject line..





 New spam technique or some new virus, similar to a Melissa?  Any body
 else seeing this?

We're seeing it here too, coming to role accounts.  Our folks are 
saying virus, but haven't identified which one yet.

Anne

Sobig.E / RE: Weird email messages with re:movie and re:applicationin the subject line..

[Bryan Bradsby]

Sobig.E worm/virus

-bryan bradsby
Texas State Government Net
==
 Just in the last hour itself, I must have had at least 5 E.mails come to
 me with a certain 'zipped' file attached, from persons unknown -- who have
 received E.mails from me with the subject title in question.

Re: Weird email messages with re:movie and re:application inthe subject line..

[John Payne]

--On Wednesday, June 25, 2003 23:37 -0400 Steven M. Bellovin 
[EMAIL PROTECTED] wrote:

And I've gotten bounces from mail allegedly from me.  It's not L3's
fault; this particular worm forges From: lines on its email.
fault is debatable.  Because forgeries are now so common, particularly in 
worms, why would you send these notifications to anyone other than the 
recipient?  Let the human decide if the right thing to do is notify the 
sender.

Re: Weird email messages with re:movie and re:application in the subject line..

[Steven M. Bellovin]

In message [EMAIL PROTECTED], John Payne writes:


--On Wednesday, June 25, 2003 23:37 -0400 Steven M. Bellovin 
[EMAIL PROTECTED] wrote:

 And I've gotten bounces from mail allegedly from me.  It's not L3's
 fault; this particular worm forges From: lines on its email.

fault is debatable.  Because forgeries are now so common, particularly in 
worms, why would you send these notifications to anyone other than the 
recipient?  Let the human decide if the right thing to do is notify the 
sender.


Personally, I blame the anti-virus companies who market the software.  
They know which viruses forge From: lines; why should their alert the 
poor infected fool software send notes to folks whose addresses are 
being spoofed?


--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of Firewalls book)

Re: Weird email messages with re:movie and re:application in the subject line..

[Eric Brunner-Williams in Portland Maine]

Why? To mark-o-spam their own sodding product.

sed-script-on-web-oids-mode

Hi Steve, being a sed-script-on-web-oids, I've decided I need to tell
you about an exciting new Internet Security product, and in language
that you should be able to read, if you match our buyer model for the
ease at which we can get this push-contact converted to click-through.

More boring text follows.

/sed-script-on-web-oids-mode

Yeah. The anti- product marketeers are culpable too.

Cheers,
Eric

Weird email messages with re:movie and re:application in the subject line..

[Mark Segal]

My email box has started receiving a bunch of emails recently (earlier this
evening) with a 80k zip attachment called your_details.zip and either
re:movie and re:application from a whole bunch of other address I have
never heard of..

New spam technique or some new virus, similar to a Melissa?  Any body else
seeing this?

mark


--
Mark Segal 
Director, Network Planning
FCI Broadband 
Tel: 905-284-4070 
Fax: 416-987-4701 
http://www.fcibroadband.com

Futureway Communications Inc. is now FCI Broadband

RE: Weird email messages with re:movie and re:application in the subject line..

[Mark Segal]

That body should read ...

either re:movie and re:application  in the subject line

Sorry,
mark

--
Mark Segal 
Director, Network Planning
FCI Broadband 
Tel: 905-284-4070 
Fax: 416-987-4701 
http://www.fcibroadband.com

Futureway Communications Inc. is now FCI Broadband


-Original Message-
From: Mark Segal [mailto:[EMAIL PROTECTED] 
Sent: June 25, 2003 10:57 PM
To: '[EMAIL PROTECTED]'
Subject: Weird email messages with re:movie and re:application in the
subject line..



My email box has started receiving a bunch of emails recently (earlier this
evening) with a 80k zip attachment called your_details.zip and either
re:movie and re:application from a whole bunch of other address I have
never heard of..

New spam technique or some new virus, similar to a Melissa?  Any body else
seeing this?

mark


--
Mark Segal 
Director, Network Planning
FCI Broadband 
Tel: 905-284-4070 
Fax: 416-987-4701 
http://www.fcibroadband.com

Futureway Communications Inc. is now FCI Broadband

RE: Weird email messages with re:movie and re:application in the subject line..

[Williamson, Todd]

At least the Re: Application message is referenced here:
http://vil.nai.com/vil/content/v_100429.htm

I received several of these today.

Don't know about Re: movie.

todd

 My email box has started receiving a bunch of emails recently 
 (earlier this
 evening) with a 80k zip attachment called your_details.zip 
 and either
 re:movie and re:application from a whole bunch of other 
 address I have
 never heard of..
 
 New spam technique or some new virus, similar to a Melissa?  
 Any body else
 seeing this?
 
 mark
 
 
 --
 Mark Segal 
 Director, Network Planning
 FCI Broadband 
 Tel: 905-284-4070 
 Fax: 416-987-4701 
 http://www.fcibroadband.com
 
 Futureway Communications Inc. is now FCI Broadband
 

Re: Weird email messages with re:movie and re:application inthe subject line..

[David Diaz]

Yep coming to my nanog email addy.

My email box has started receiving a bunch of emails recently (earlier this
evening) with a 80k zip attachment called your_details.zip and either
re:movie and re:application from a whole bunch of other address I have
never heard of..
New spam technique or some new virus, similar to a Melissa?  Any body else
seeing this?
mark

--
Mark Segal
Director, Network Planning
FCI Broadband
Tel: 905-284-4070
Fax: 416-987-4701
http://www.fcibroadband.com
Futureway Communications Inc. is now FCI Broadband

Re: Weird email messages with re:movie and re:application in the subject line..

[Anne P. Mitchell, Esq.]

 New spam technique or some new virus, similar to a Melissa?  Any body
 else seeing this?

We're seeing it here too, coming to role accounts.  Our folks are 
saying virus, but haven't identified which one yet.

Anne

Re: Weird email messages with re:movie and re:application in the subject line..

[Eric Brunner-Williams in Portland Maine]

 W32/[EMAIL PROTECTED] per McAffee.

I seem to have done one better ... according to a M$ host in Level3-land,
the Unix box right in front of me sent the mail in question.

Someone at L3 needs to call home. The only L3 turd in my mail log is their
inbound...

Jun 25 18:21:11 nic-naa sm-mta[24589]: h5PMLB5U024589: from=[EMAIL PROTECTED], 
size=1711, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, 
relay=machine77.Level3.com [209.244.4.106]

Cheers,
Eric
--- Forwarded Message

Return-Path: [EMAIL PROTECTED]
Delivery-Date: Wed Jun 25 18:21:11 2003
Return-Path: [EMAIL PROTECTED]
Received: from f1ee40-19.idc1.level3.com (machine77.Level3.com [209.244.4.106])
by nic-naa.net (8.12.9/8.12.9) with ESMTP id h5PMLB5U024589
for [EMAIL PROTECTED]; Wed, 25 Jun 2003 18:21:11 -0400 (EDT)
Received: from idc1exc0001.corp.global.level3.com (localhost [127.0.0.1])
by f1ee40-19.idc1.level3.com (8.8.8p2+Sun/8.8.8) with SMTP id WAA02577
for [EMAIL PROTECTED]; Wed, 25 Jun 2003 22:21:50 GMT
Received: from idc1exc0005.corp.global.level3.com ([10.1.6.215]) by 
idc1exc0001.corp.global.level3.com with Microsoft SMTPSVC(5.0.2195.4905);
 Wed, 25 Jun 2003 16:21:49 -0600
Received: from mail pickup service by idc1exc0005.corp.global.level3.com with 
Microsoft SMTPSVC;
 Wed, 25 Jun 2003 16:21:49 -0600
thread-index: AcM7aCvRcfOY+VcOT2aAnuNoWHZmCQ==
Thread-Topic: [MailServer Notification]Alert to Sender:  File Attachment Blocked
From: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [MailServer Notification]Alert to Sender:  File Attachment Blocked
Date: Wed, 25 Jun 2003 16:21:49 -0600
Message-ID: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Exchange 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
X-OriginalArrivalTime: 25 Jun 2003 22:21:49.0631 (UTC) FILETIME=[2BF044F0:01C33B68]

ScanMail for Microsoft Exchange has blocked an attachment.

Sender = [EMAIL PROTECTED]
Recipient(s) = [EMAIL PROTECTED]
Subject = Re: Movie
Scanning time = 06/25/2003 16:21:49

Action on file blocking:
The attachment your_details.zi matches the file blocking settings. ScanMail has 
Deleted it. 

Attachment blocked due to extension match of .bat, .eml, .nws, .pif, .scr, .src, .shs, 
.vbe, .vbs, .com, or .exe.

--- End of Forwarded Message

RE: Weird email messages with re:movie and re:application in the subject line..

[Mark Segal]

Here the best link I have seen so far... Thanks to kevin day..

http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]


My guess is they might need to upgrade it to more than 55-999 infections :).

mark


--
Mark Segal 
Director, Network Planning
FCI Broadband 
Tel: 905-284-4070 
Fax: 416-987-4701 
http://www.fcibroadband.com

Futureway Communications Inc. is now FCI Broadband


-Original Message-
From: Eric Brunner-Williams in Portland Maine [mailto:[EMAIL PROTECTED] 
Sent: June 25, 2003 11:25 PM
To: Larry Rosenman
Cc: Mark Segal; '[EMAIL PROTECTED]'; [EMAIL PROTECTED]
Subject: Re: Weird email messages with re:movie and re:application in
the subject line.. 



 W32/[EMAIL PROTECTED] per McAffee.

I seem to have done one better ... according to a M$ host in Level3-land,
the Unix box right in front of me sent the mail in question.

Someone at L3 needs to call home. The only L3 turd in my mail log is their
inbound...

Jun 25 18:21:11 nic-naa sm-mta[24589]: h5PMLB5U024589:
from=[EMAIL PROTECTED], size=1711, class=0, nrcpts=1,
msgid=[EMAIL PROTECTED], proto=ESMTP,
daemon=MTA, relay=machine77.Level3.com [209.244.4.106]

Cheers,
Eric
--- Forwarded Message

Return-Path: [EMAIL PROTECTED]
Delivery-Date: Wed Jun 25 18:21:11 2003
Return-Path: [EMAIL PROTECTED]
Received: from f1ee40-19.idc1.level3.com (machine77.Level3.com
[209.244.4.106])
by nic-naa.net (8.12.9/8.12.9) with ESMTP id h5PMLB5U024589
for [EMAIL PROTECTED]; Wed, 25 Jun 2003 18:21:11 -0400 (EDT)
Received: from idc1exc0001.corp.global.level3.com (localhost [127.0.0.1])
by f1ee40-19.idc1.level3.com (8.8.8p2+Sun/8.8.8) with SMTP id
WAA02577
for [EMAIL PROTECTED]; Wed, 25 Jun 2003 22:21:50 GMT
Received: from idc1exc0005.corp.global.level3.com ([10.1.6.215]) by
idc1exc0001.corp.global.level3.com with Microsoft SMTPSVC(5.0.2195.4905);
 Wed, 25 Jun 2003 16:21:49 -0600
Received: from mail pickup service by idc1exc0005.corp.global.level3.com
with Microsoft SMTPSVC;
 Wed, 25 Jun 2003 16:21:49 -0600
thread-index: AcM7aCvRcfOY+VcOT2aAnuNoWHZmCQ==
Thread-Topic: [MailServer Notification]Alert to Sender:  File Attachment
Blocked
From: [EMAIL PROTECTED]
Sender: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: [MailServer Notification]Alert to Sender:  File Attachment Blocked
Date: Wed, 25 Jun 2003 16:21:49 -0600
Message-ID: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: text/plain;
charset=utf-8
Content-Transfer-Encoding: 7bit
X-Mailer: Microsoft CDO for Exchange 2000
Content-Class: urn:content-classes:message
Importance: normal
Priority: normal
X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300
X-OriginalArrivalTime: 25 Jun 2003 22:21:49.0631 (UTC)
FILETIME=[2BF044F0:01C33B68]

ScanMail for Microsoft Exchange has blocked an attachment.

Sender = [EMAIL PROTECTED]
Recipient(s) = [EMAIL PROTECTED]
Subject = Re: Movie
Scanning time = 06/25/2003 16:21:49

Action on file blocking:
The attachment your_details.zi matches the file blocking settings. ScanMail
has Deleted it. 

Attachment blocked due to extension match of .bat, .eml, .nws, .pif, .scr,
.src, .shs, .vbe, .vbs, .com, or .exe.

--- End of Forwarded Message

Re: Weird email messages with re:movie and re:application in the subject line..

[Steven M. Bellovin]

In message [EMAIL PROTECTED], Eric Brunner-Williams in 
Portland Maine writes:


 W32/[EMAIL PROTECTED] per McAffee.

I seem to have done one better ... according to a M$ host in Level3-land,
the Unix box right in front of me sent the mail in question.

Someone at L3 needs to call home. The only L3 turd in my mail log is their
inbound...

Jun 25 18:21:11 nic-naa sm-mta[24589]: h5PMLB5U024589: from=[EMAIL PROTECTED]
el3.com, size=1711, class=0, nrcpts=1, msgid=012d01c33b68$2bd14b40$d706010a@
corp.global.level3.com, proto=ESMTP, daemon=MTA, relay=machine77.Level3.com [
209.244.4.106]

And I've gotten bounces from mail allegedly from me.  It's not L3's 
fault; this particular worm forges From: lines on its email.

Another day, another worm.

--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of Firewalls book)

[no subject]

[Stephen Gill]

Hi Owen,
This is exactly the service Team Cymru is currently offering with the
bogon route-server project.  Specific details and instructions on how to
request access can be found at the following URL:

http://www.cymru.com/BGP/bogon-rs.html

In a nutshell, this is a reliable and secure method of ensuring your
bogon routes are kept up-to-date.  Changes to the bogon route-server are
validated by at least two other individuals.  Team Cymru validate all
changes to the bogon lists and supporting documents prior to
implementation of such changes.  That said, bogons are updated almost
immediately and at no cost to you.

This is a *FREE* offering, as such there are NO guarantees or SLAs.  The
current list of 15 peers have been quite pleased with the reliability
and service.  We are also working on adding redundant bogon
route-servers in the very near future.  If anyone is willing to donate
gear or bandwidth to the cause, please don’t hesitate to contact us.

As always, the master bogon reference page can be found here: 

http://www.cymru.com/Bogons/index.html

Feel free to send any queries, suggestions, or concerns to the entire
team at [EMAIL PROTECTED]

Thanks!
Steve, for Team Cymru.
-- 
Stephen Gill
[EMAIL PROTECTED]

-Original Message-
Date: Tue, 11 Mar 2003 08:48:07 -0800
From: Owen DeLong [EMAIL PROTECTED]
Subject: RE: 69/8...this sucks -- Centralizing filtering..
 
Thanks for your support Jim.  I've gotten mixed feedback to my proposal
here for a centralized bogon filter from the RIRs via BGP, but I will
say there's been more support than opposition.  (Most of the support has
been sent to me, not the list, while most of the opposition has been
to the list, however).
 
I know it's too late to get it into the Memphis meeting, but I think,
based
on the amount of support it has received, that I will submit a policy
proposal to ARIN in support of creating the requisite BGP feeds.  I
realize
that an ARIN policy alone won't do this (the other RIRs would have to
follow
suit), but, if ARIN adopts it, I don't think it will be too hard to get
the
other RIRs to follow.  I'm also not familiar with the policy process in
the
other RIRs.
 
I absolutely agree with you about the whois contact stuff.  I think it
might
make sense eventually to put a similar requirement for current
information 
on
the admin and tech contact, although I don't see putting the same
response
and performance strictures on them.  For now, I'm trying to address
large
issues in small enogh pieces to get rough consensus around the solution
to
each small piece.  Trying to solve the big problems all at once never
seems
to achieve rough consensus.
 
Owen

[no subject]

[Lynn Bashaw]

Does anyone on the list know of any ISPs that bill based on average
utilization, rather than some variation of 95th percentile? 

Thanks

Lynn Bashaw 
Director, Network Engineering 
Yipes Enterprise Services 
2000 S. Colorado Blvd. 
Denver, CO 80222 

[no subject]

[Bruce Robertson]

At this exact moment we bill by average, but we're considering a switch to
95%, though lately I've gotten tired of fighting with customers when they
get a bandwidth bill, so we might just do away with measured bandwidth and
go with capped across the board.

--
Bruce Robertson, President/CEO   +1-775-348-7299
Great Basin Internet Services, Inc. fax: +1-775-348-9412
http://www.greatbasin.net

[no subject]

[Ringdahl, Dwight (WebUseNet)]

 Thing is if your connection is completely full one way, it'll effect
 traffic the other way too. 

My thoughts are Cogents primary customers are sites that are looking for
very cheap bandwidth, which most likely is adult content. Therefore they
would look more like a content provider than a transit provider.

My question, being a content network, is how would AOL expect them to have a
balanced pipe? AOL is all eyeballs, and really doesn't have much content
which is useful outside of their user base. Especially if you already peer
with Time Warner in other sites.

When ISP's peer I would have thought it is to prevent having to pay transit
companies like Level3 for the bandwidth. This leads me to believe there
might be something more to this, like maybe the spam spewed from the adult
sites. Just a guess, anyone have any hard data?

Dwight

[no subject]

[Steve Bellovin]

Genuity filed for bankruptcy today as part of a deal to sell nearly all 
of its assets to Level 3.

http://biz.yahoo.com/djus/021127/1744000711_1.html

--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (Firewalls book)

[no subject]

[Harsha Narayan]

Hello,

   Are there some ISPs who filter prefixes longer than /19 or a /20?. I
thought they filtered only prefixes which are longer than /24?


Harsha.

[no subject]

[Harsha Narayan]

Hi,

   Can anyone please tell me the answer to the following question?

   How do ISPs manage the allocations they get from the RIRs? More
specifically, do they make the assignments from this sequentially or not?
Are multihoming assignments to customers amidst non-multihoming
assignments?

   I ask this because /23s and /24s seem to be scattered over a wide area
- they are not adjacent to each other.


Harsha.

Re: Stop it with putting your e-mail body in ATT attachments. Itsannoyingand no one can see your message. Dang, this subject is long.

[Rizzo Frank]

Pawlukiewicz Jane wrote:
  Good ol Frank, we can always count on you! Get a job, man.

I'm employed, but looking.  I sent a resume to Booz Allen Hamilton last 
week for the Senior Consultant position in NoVA.  Do me a favor and talk 
to HR and put in a good word for me.

Frank

[no subject]

[owner-nanog]

-Envelope-To: [EMAIL PROTECTED]
Date: Thu, 27 Jun 2002 22:08:37 + (GMT)
From: Hermann Wecke [EMAIL PROTECTED]
To: nanog [EMAIL PROTECTED]
Subject: Re: How do I log on while in flight?
In-Reply-To: [EMAIL PROTECTED]
Message-ID: [EMAIL PROTECTED]
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: [EMAIL PROTECTED]
Precedence: bulk
Errors-To: [EMAIL PROTECTED]
X-Loop: nanog


On Thu, 27 Jun 2002, David Charlap wrote:

 The GTE airfones installed in most large planes have data ports if you
 must connect a computer.  But be prepared to pay a very steep per-minute
 charge for the connection.

Expensive: US$ 2.49 per minute on United flights...

[no subject]

[Christian Malo]

I heard that UU.net is rolling Outlook at the core ...


-chris

On Thu, 25 Apr 2002, Jeff Harper wrote:


 Anyone think this is related the Klez virus?

 Jeff

  -Original Message-
  From: Steve Smith [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, April 25, 2002 10:58 AM
  To: Streiner, Justin; [EMAIL PROTECTED]
  Subject: RE: UUNET instability?
 
 
 
  Here is Memphis we are seeing the same thing. Twice this
  morning we have dropped and our BGP is freaking out.
 
  -Original Message-
  From: Streiner, Justin [mailto:[EMAIL PROTECTED]]
  Sent: Thursday, April 25, 2002 10:01 AM
  To: [EMAIL PROTECTED]
  Subject: UUNET instability?
 
 
 
  Anyone else seeing routing instability through UUNET or have
  any more details?  I saw a significant drop in my inbound and
  outbound traffic to them around 10:00AM EDT.  UUNET has a
  prompt on their phone menus about network instability, but
  didn't elaborate.  Their NOC doesn't have any more details as
  of yet that they're passing along.
 
  jms
 

[no subject]

[David Barak]

 
 

__
Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax
http://taxes.yahoo.com/

[no subject]

[Greg Pendergrass]

Sorry, you can't tell who's comment is whose on the previous mail. That
should be:

-Original Message-
From: Richard A Steenbergen [mailto:[EMAIL PROTECTED]]
Sent: Friday, March 22, 2002 11:47 AM
To: Greg Pendergrass
Cc: 'Nanog@Merit. Edu'
Subject: Re: long distance gigabit ethernet


On Fri, Mar 22, 2002 at 10:36:22AM -0500, Greg Pendergrass wrote:

 I'm looking at long-haul gigabit ethernet as a possible solution versus
 traditional SONET and I'm a little bit wary as promises made on web pages
 and white papers aren't *always* completely accurate.  I'd appreciate it
if
 you all would share your experiences with it. By long-haul I mean in the
 hundreds or thousands of miles. I need to know:

 a. Does it work properly?

 b. Who offers it in the continental US?

-I'm going to take a stab and assume that you're actually more interested
-in finding a longhaul line with GigE on the ends, and not so much how many
-miles you can get with whatever optics...

Absolutely right, I don't care what's in between as long as I have GigE at
the end. Other options include using wave (too expensive), or ethernet over
MPLS (worth considering although latency may be too high for longer that
1000 miles).

GP

[no subject]

[Tony Bates]