[no subject]
Hi, I am looking for a typical percentage of external(inter-domain) routes versus typical percentage of internal (intra-domain) routes in a core router with couple of hundred thousand entries in the routing table. Can anyone please help me in this? Best Regards, Sana Sohail
[no subject]
unsubscribe
[no subject]
[EMAIL PROTECTED] writes: Use GigE cards on the servers with a jumbo MTU and only buy IP network access from a service provider who supports jumbo MTUs end-to-end through their network. I'm not sure that I see how jumbo frames help (very much). The principal issue here is the relatively large bandwidth-delay product, right? So you need large TCP send buffers on the sending side, a large (scaled) receive window on the receiver side, and turn on selective acknowledgement (so that you don't have to resend the whole send buffer if a packet gets dropped). At 45 Mb/s and 120 ms RTT, you need to be able to have ca. 700 KBytes of data in flight; round up and call it a megabyte. Having said that, I too have tried to configure Windows to use a large send buffer, and failed. (In my case, it was Windows machines at a remote location sending to Linux machines.) I'm not a Windows person; maybe I didn't try hard enough. In the event, I threw up my hands and installed a Linux proxy server at the remote site, appropriately configured, and went home happy. Jim Shankland
[no subject]
unsubscribe -- -- http://www.zeromemory.com - metal for your ears.
Subject: Found power supply at NANOG37
Found: HP laptop power supply left on a large round table late tuesday night in the main hallway. Here's hoping you have enough juice left to read this email...
Subject: drone armies CC report - February/2006
Below is an automatically generated periodic public report from the ISOTF's affiliated group DA (Drone Armies (botnets) research and mitigation mailing list / TISF DA) with the ISOTF affiliated ASreport project (TISF / RatOut). For this report it should be noted that we base our analysis on the data we have accumulated from various sources, which may be incomplete. Any responsible party that wishes to receive reports of botnet command and control servers on their network(s) regularly and directly, feel free to contact us. In the past few months we did not publish this report, allowing for responsible parties to ask for regular reports from us on suspected botnet CC activity on their networks. As you can see below, the Internet drastically changed its face positively because these reports (compared to when we started), and now a lot more so due to direct reporting. For purposes of this report we use the following terms: openthe host completed the TCP handshake closedNo activity detected resetissued a RST This month's survey is of 4271 unique domain with port or IP with port suspect CCs. This list is extracted from the BBL which currently has a historical base of 7780 reported CCs. Of the suspect CCs surveyed, 685 reported as Open, 3353 reported as closed and 572 issued resets to the survey instrument. Of the CCs listed by domain name, 1847 are mitigated via remapping. Top 20 ASNes by Total suspect domains mapping to a host in the ASN. These numbers are determined by counting the number of domains which resolve to a host in the ASN. We do not remove duplicates and some of the ASNs reported have many domains mapping to a single IP. Note the Percent_resolved figure is calculated using only the Total and Open counts and does not represent a mitigation effectiveness metric. ASN Responsible Party Total Open Percent_Resolved 14744 PNAP Internap Network Services 91 0 100% 10913 PNAP Internap Network Services 67 0 100% 30058 FDCSE FDCservers.net LLC65 18 72% 25761 STAMIN-2 Staminus Communications58 6 90% 3356Level 3 Communications, LLC 53 0 100% 13301 UNITEDCOLO-AS Autonomous System of 52 35 33% 14779 INKT Inktomi Corporation42 0 100% 21844 THE PLANET 41 2 95% 19318 AIC-81 Albany International Corp. 40 11 73% 13749 EVRY Everyones Internet 37 5 86% 4766KIXS-AS-KR 35 2 94% 30315 Everyones Internet 31 12 61% 12182 PNAP Internap Network Services 31 0 100% 9318HANARO-AS 30 9 70% 21840 SAGONE Sago Networks30 5 83% 13790 PNAP Internap Network Services 30 0 100% 22822 LLNW Limelight Networks 29 10 66% 27595 ATRIV Atrivo27 5 81% 12832 Lycos Europe26 3 88% 3561Savvis 24 1 96% Top 20 ASNes by number of active suspect CCs. These counts are determined by the number of suspect domains or IPs located within the ASN completed a connection request. ASN Responsible Party Total Open Percent_Resolved 13301 UNITEDCOLO-AS Autonomous System of 52 35 33% 32748 NOZON NoZone21 20 5% 30058 FDCSE FDCservers.net LLC65 18 72% 174 Cogent Communications 20 16 20% 25700 SWIFTDESK VENTURE 19 13 32% 30315 Everyones Internet 31 12 61% 4134CHINANET-BACKBONE 17 12 29% 19318 AIC-81 Albany International Corp. 40 11 73% 9121TTNet 15 11 27% 22822 LLNW Limelight Networks 29 10 66% 8972INTERGENIA-ASN intergenia autonomou 21 10 52% 15083 IIS-129 Infolink Information Servic 24 9 63% 30407 Velcom.com 12 9 25% 9318HANARO-AS 30 9 70% 20115 Charter Communications 20 9 55% 23522 CIT-FOONET 14 9 36% 16265 LEASEWEB AS 15 9 40% 3269TELECOM ITALIA 16 8 50% 8560SCHLUND-AS 19 7 63% 19166 Alpha Red, INC 14 7 50% 33569 ALLHOSTSHOP.COM 16 6 63%
On the inoc-dba subject
Is it really cluefull to have this paragraph? Please make sure that your spam filters allow email from pch.net before you sign up, since we will need to automatically verify your email address. Since we all know that whitelisting and blacklisting by in-band stated from email address is quite wrong-headed, from a clue standpoint. Perhaps something like this? Please make sure that your spam filters allow email sent from ip-addresses with a from address of pch.net before you sign up, since we will need to automatically verify your email address. Where ip-addresses is the output of a dig command against the outgoing smtp servers sending the notifications? In general, ML and other automated email things should have a way to display the bounce to the user, which would mean storing it for some small period of time. Otherwise it becomes rather difficult to do the right thing filtering wise. (Google seems to do this for their notifications that get 45x/55x) Joe
Re: On the inoc-dba subject
Please make sure that your spam filters allow email from pch.net before you sign up, since we will need to automatically verify your email address. Since we all know that whitelisting and blacklisting by in-band stated from email address is quite wrong-headed, from a clue standpoint. Perhaps something like this? Please make sure that your spam filters allow email sent from ip-addresses with a from address of pch.net before you sign up, since we will need to automatically verify your email address. Where ip-addresses is the output of a dig command against the outgoing smtp servers sending the notifications? pch.net publishes a SPF record: v=spf1 ip4:204.61.210.70/32 mx mx:woodynet.net a:sprockets.gibbard.org a:ghosthacked.net ~all Besides going from soft-fail (~all) to fail (-all), they are already giving you the tools you need to validate a MAIL FROM: claim. Rubens
Re: On the inoc-dba subject
Rubens Kuhl Jr. wrote: pch.net publishes a SPF record: v=spf1 ip4:204.61.210.70/32 mx mx:woodynet.net a:sprockets.gibbard.org a:ghosthacked.net ~all Besides going from soft-fail (~all) to fail (-all), they are already giving you the tools you need to validate a MAIL FROM: claim. Rubens Thats all very well and good, but advising people who do not validate with spf to whitelist by domain name is an over-simplification.
Re: On the inoc-dba subject
On 2/6/06, Rubens Kuhl Jr. [EMAIL PROTECTED] wrote: pch.net publishes a SPF record: v=spf1 ip4:204.61.210.70/32 mx mx:woodynet.net a:sprockets.gibbard.org a:ghosthacked.net ~all Besides going from soft-fail (~all) to fail (-all), they are already giving you the tools you need to validate a MAIL FROM: claim. *koff* .forwards etc cans of worms *koff* Woody's clear enough there - make sure your filters allow email from us. Minor but tedious details like how to do that can best be left to individual administrators. Probably get the job done without turning on spf lookups. -- Suresh Ramasubramanian ([EMAIL PROTECTED])
Re: On the inoc-dba subject
On Mon, 6 Feb 2006, Joe Maimon wrote: pch.net publishes a SPF record: v=spf1 ip4:204.61.210.70/32 mx mx:woodynet.net a:sprockets.gibbard.org a:ghosthacked.net ~all Besides going from soft-fail (~all) to fail (-all), they are already giving you the tools you need to validate a MAIL FROM: claim. Thats all very well and good, but advising people who do not validate with spf to whitelist by domain name is an over-simplification. So call it additional clue-boundary to entry and be done with this silly thread. Besides, the site doesn't specify how to filter/whitelist...just to make sure you can accept mail from pch.net. A simple person might take that to mean I better allow any @pch.net from address but that's not what the site says. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: On the inoc-dba subject
Advising people who do not validate with spf to whitelist by domain name is an over-simplification. In fact, we don't advise them to do either one. The cautionary message is to remind the significant (~10%) portion of people who try to sign up using blocked email addresses why it might be that they're failing and not seeing any error messages from us. Believe me, we'd much prefer people found better ways of dealing with spam. -Bill
[no subject]
Just a reminder that proposals to present at NANOG 36 are due this Thursday, December 15. Send your omplete proposals, including abstract and slides, to [EMAIL PROTECTED] The full call for presentations is available at http://www.nanog.org/mtg-0602/cfp36.html Steve Feldman Program Committee chair
[no subject]
unsubscribe
[no subject]
unsubscribe
(no subject)
unsubscribe
Re: OT - Vint Cerf joins Google (Please change subject to what is discussed)
[no subject]
unsubscribe
Re: Subject : RE: ACL Monitoring
It's all done in CCR. It encrypts passwords (allowing you to have a few password groups, all WEB configurable), and uses passphrases + 3DES or public/private key encryption (or just you can enter logi and password from the web). idea is simple - operators have WEB access and know passphrase, but they have not cisco logins except if they granted direct cisco access, and they never have access on the server. Other approach could be 'snmp, but it works on a very few OS (IOS) only (do not work for PIX, for example). But you are correct - CCR have all this things, such as crypt / openssl; sudo to get access top the passphrase file from web cgi script, passphrase input for manual config downloads, webcvs fro history analyze, etc etc. Of course, tacacs+ accounting is necessary for full scale change monitoring. Unfortunately, even different Cico devices have different accounting rules (and very different access rules, counting PIX as most useless from this point of view - you must grant full access for 95% of operators tasks, even to monitor VPN associations -:)). If you anticipate doing a lot of this kind of monitoring in the future you may want to take a look at the expect programming language http://expect.nist.gov/ , which has very simple send/expect constructs. E.g. send show acl 101/r expect access-list .. etc. Perl also allows similar although is probably not quite as easy to pick up if you've never done this kind of thing before. Essentially you'd write a quick script to telnet or ssh to the router send your commands, expect a result and do something based on that result. As I said, its worth the time investment and you'll find once you get the script done you can just reuse it for many other tasks. Kind of silly to state using an expect script or any other script for that matter considering the assumption that, it seems he is not trusting someone (as mentioned in another post), so I would take it that this script would run from where? Not only that, you would go through hell configuring encrypting the password on an expect script for the script to decrypt, then send. Now, not only that, but then what? How would you configure it to monitor something say in real time? You would likely have to use the diff and grep commands for parsing, and a whole bunch of other things to get it to just monitor a change, not a guarantee you will find out who changed it without some major scripting as opposed to using accounting ala TACACS+ spawn ssh [EMAIL PROTECTED] expect Password: send secret\r expect something send something\r expect $RESPONSE_FROM_ROUTER spawn $WHAT_DO_YOU_SPAWN_TO_COPY_WHAT_YOU_SEE Expect would be worthless in my opinion. Why reinvent the kick their asses to accounting mode wheel. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x0D99C05C http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x0D99C05C sil @ infiltrated . net http://www.infiltrated.net How a man plays the game shows something of his character - how he loses shows all - Mr. Luckey
Subject : RE: ACL Monitoring
On Thu, 12 May 2005, Glynn Stanton wrote: If you anticipate doing a lot of this kind of monitoring in the future you may want to take a look at the expect programming language http://expect.nist.gov/ , which has very simple send/expect constructs. E.g. send show acl 101/r expect access-list .. etc. Perl also allows similar although is probably not quite as easy to pick up if you've never done this kind of thing before. Essentially you'd write a quick script to telnet or ssh to the router send your commands, expect a result and do something based on that result. As I said, its worth the time investment and you'll find once you get the script done you can just reuse it for many other tasks. Kind of silly to state using an expect script or any other script for that matter considering the assumption that, it seems he is not trusting someone (as mentioned in another post), so I would take it that this script would run from where? Not only that, you would go through hell configuring encrypting the password on an expect script for the script to decrypt, then send. Now, not only that, but then what? How would you configure it to monitor something say in real time? You would likely have to use the diff and grep commands for parsing, and a whole bunch of other things to get it to just monitor a change, not a guarantee you will find out who changed it without some major scripting as opposed to using accounting ala TACACS+ spawn ssh [EMAIL PROTECTED] expect Password: send secret\r expect something send something\r expect $RESPONSE_FROM_ROUTER spawn $WHAT_DO_YOU_SPAWN_TO_COPY_WHAT_YOU_SEE Expect would be worthless in my opinion. Why reinvent the kick their asses to accounting mode wheel. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x0D99C05C http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x0D99C05C sil @ infiltrated . net http://www.infiltrated.net How a man plays the game shows something of his character - how he loses shows all - Mr. Luckey
[no subject]
Irwin Lazar [EMAIL PROTECTED] quoted an article saying In less than 48 hours many of us will be installing Tiger OS-X and with it a brand new Safari browser that can read and display RSS feeds in a simple easy to understand manner. That upgrade while great for the consumers, could come as a big shocker for those blogs whose feeds are included as part of Safari¹s default starter package. Infact it could be the biggest stress test for RSS thus far! a) that's OS-X Tiger. :p~~~ b) The Biggest Stress Test For RSS Thus Far? Okay, let's get a handle on things here. RSS is XML over HTTP; nothing more. As long as the HTTP infrastructure can handle the traffic, and as long as the server can handle the big spike in HTTP requests, I see no reason why this should be a big deal, and I see even less reason why the article cites the event as a defining event for RSS. (It's not.) Some food for thought: Just ate lunch, but thanks anyway. -- JustThe.net - Apple Valley, CA - http://JustThe.net/ - 888.480.4NET (4638) Steven J. Sobol, Geek In Charge / [EMAIL PROTECTED] / PGP: 0xE3AE35ED The wisdom of a fool won't set you free --New Order, Bizarre Love Triangle
Is there anything more to say on this subject? (was RE: Why do so few mail providers support Port 587?)
I've seen this thread go on for quite a while, and have been getting lots of when are you going to shut that thread down? types of queries. While not particularly off-topic, a lot of the responses do look pretty repetative. Therefore, I'd like to suggest that, unless you have something to say on this topic that hasn't already been said by somebody else, somewhere in this thread, and that's so important that the thousands of people on the NANOG list will want to see it, this thread should be brought to an end. This isn't a threat of censorship. It's a request for self control. -Steve Speaking for myself; not for the rest of the list administrators On Mon, 28 Feb 2005 [EMAIL PROTECTED] wrote: It's time to take this thread to SPAM-L or some other spam oriented list. I strongly disagree. This thread has not been about spam. For the most part it has dealt with technical operational issues of email services and therefore it is right on track for this list. --Michael Dillon Steve Gibbard [EMAIL PROTECTED] +1 415 717-7842 (cell) http://www.gibbard.org/~scg +1 510 528-1035 (home)
[no subject]
On Fri, 31 Dec 2004, Merike Kaeo wrote: When you start encrypting for confidentiality then: a) you may end up trusting your endpoints more and perform sanity checks other than 'deep inspection' to mitigate spoofed and unwanted traffic Shouldn't mitigation on spoofing (and this argument will forever go forward on NANOG) be done at the network level, e.g. BOGON, Best Common Underrated Practices? If companies didn't follow them then/now using IPv4 which can already filter this what makes you think engineers will configure their equipment to do more sanity checks. b) you may have a corporate policy where you need the capability to look at all traffic and therefore are required to use some IPsec intermediary device which acts as an endpoint on behalf of other corporate hosts (and decrypts/encrypts the traffic). Wouldn't this render ESP obsolete. What would be the purpose of IPsec then? What I infer from this message is that you would want some form of hardware or software in place to be able to read this IPSec traffic. And this to you is security? How secure would I feel knowing my provider, or company has the ability to decrypt my encrypted data when I'm making an online payment somewhere, how secure would any user feel with some form of (not known at this time to even be possible) device on the line. This statement makes little sense to me, or maybe I'm misreading it. Let's take a look at an IPv6 packet after ESP (RFC 2406) IPv6 | new* |new ext | | orig*|orig ext | || ESP | ESP| |IP hdr| hdrs* |ESP|IP hdr| hdrs * |TCP|Data|Trailer|Auth| |- encrypted ---| |-- authenticated --| Which portion of this IPv6 do you want this device to decrypt again? Again I hope I misunderstood your statement. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x51F9D78D sil @ politrix . orghttp://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net How a man plays the game shows something of his character - how he loses shows all - Mr. Luckey
[no subject]
Re: IPv6, IPSEC and deep packet inspection On Fri, 31 Dec 2004 [EMAIL PROTECTED] wrote: as one who has been bit by this already - i can say amen to what Rob preacheth... the hardest part is getting folks up to speed on IPv6 as a threat vector. Swat teams that can neutralize an IPv4 based flareup in minutes/hours can take days/weeks to contain a v6 channel... Supposedly the vulns associated with IPv6 are: reconnaissance, unauth'd access, layers 3-4 spoofing, ARP and DHCP attacks, smurfs, routing attacks, viruses andworms, translations, transistions, and tunneling mechanisms. According to Sean Covery's IPv6 Security Threats (http://www.seanconvery.com/SEC-2003.pdf) I recall something with OpenBSD and IPv6 not too long ago where MTU was a factor so I pondered: If someone created a packet generator which spoofed source to destination using random checksums, etc, but set an MTU too high, would the recipient drop the connection altogether? For example: // BEGIN EXAMPLE // USER -- HOP1 -- HOP2 -- HOP3 -- PAYSITE USER has an established connection (IPv6 of course) with PAYSITE ATKR sends enough spoofed packets as USER to PAYSITE with an incremented checksum he managed to get hold of via a network analyzer, and sets a high MTU which some router en route to PAYSITE replies to USER with a Type 2 USER gets Type 2's from either HOP1, HOP2, or HOP3 USER never gets through to PAYSITE because of ATKR's cruddy packets // END EXAMPLE // Wouldn't PAYSITE disconnect the session with USER. I'm thinking indeed it would break any session for starters. ATKR could be on the same network possibly a virus or worm set to capture some preliminary packet information and shoot it right back upstream keeping any kind of handshaking/transactions from occurring. I could/would do a proof of concept but it would be worthless, hopefully those doing the protocols though of this anyway. NOW... On Sat, 1 Jan 2005, Christopher L. Morrow wrote: Some of this 'not follow it now' is partly due to equipment problems. These problems should be disappearring from many larger networks as new gear is cycled in over the next couple of years. The option will then be available to the engineers that operate the networks, they will likely still prefer the 'closest to the end system router' make the filtering decision though. I think I've mentioned this before... Why isn't it standard by default. To which most replied about the ever changing BOGON addresses. It would be nice to see a Trusted repository that all equipment could pass to and from information. your company likely has this capability, or could have it today... They also likely don't want you wasting company time buying things on ebay or amazon... your company, in the US, likely has this in their HR/Employee handbook in the form of some 'corporate assets are for corporate use only' statement. Indeed no one wants their resources wasted, but what about those in the financial industries where monetary information is being sent. Surely no one wants that information being passed. On that note of network waste, for those who do have those types of policies, that's what content management is for in my opinion. If it hasn't been fully implemented, than why call the kettle black. Once again... Happy New Year everyone... Going going gone... Jesus Oquendo =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x51F9D78D sil @ politrix . orghttp://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net How a man plays the game shows something of his character - how he loses shows all - Mr. Luckey
[no subject]
On Sun, 14 Mar 2004, Andrew Dorsett wrote: This is a topic I get very soap-boxish about. I have too many problems with providers who don't understand the college student market. I can think of one university who requires students to login through a web portal before giving them a routable address. This is such a waste of time for both parties. Sure it makes tracking down the abusers much easier, but is it worth the time and effort to manage? This is a very legitimate idea for public portals in common areas, but not in dorm rooms. Andrew, Doing this is an effective way to introduce an AUP policy to the students. Something to the effect of, By clicking here, you agree not to do X Y and Z and other provisions that will not be read by 99.9% of the students/renters. However, by doing this, if need be at a future time, shutting off service for AUP violations is much easier. Guy
Subject: Re: MS is vulnerable
Microsoft software is inherently less safe than Linux/*BSD software. This is because Microsoft has favored usability over security. This is because the market has responded better to that tradeoff. This is because your mom doesn't want to have to hire a technical consultant to manage her IT infrastructure when all she wants to do is get email pictures of her grandkids. // /Let me see, have I got this right? /Apple software is inherently less safe than Linux/*BSD software. /This is because Apple has favored usability over security. /This is because the market has responded better to that tradeoff. /This is because your mom doesn't want to have to hire a technical /consultant to manage her IT infrastructure when all she wants to do is get /email pictures of her grandkids. / /Hmmm... / /The last three statements make perfect sense but that first /one just doesn't seem right. Could it be that ease-of-use /has nothing whatsoever to do with security? / /--Michael Dillon What I gathered was TSR80's are making a comback for their ease of use This is because Tandy/Radio Shack is the last bastion of hope This is perhaps because people like that retro feeling This is because your ex girlfriend suggested you buy this (TSR80) so she won't have to hire a technical consultant to have her pictures removed from www.revengeworld.com or www.mobog.com being webcams and TSR's are a no no. J. Oquendo =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ Quis custodiet ipsos custodes? - Juvenal J. Oquendo GPG Key ID 0x51F9D78D Fingerprint 2A48 BA18 1851 4C99 CA22 0619 DB63 F2F7 51F9 D78D http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x51F9D78D sil @ politrix . orghttp://www.politrix.org sil @ infiltrated . net http://www.infiltrated.net
[no subject]
Bonjour, I am a student doing my Masters thesis. My query is that 1. what is the way to predict how a traffic will be arriving in router, by having a statistical information of the length of the bursts and the silence. (are there any papers which have worked on it) 2. Is it possible to improve the efficiency of a switching fabric if we know the traffic profile . Thanks Cordialement, Sandoche Balakrichenan. _ Contact brides grooms FREE! Only on www.shaadi.com. http://www.shaadi.com/ptnr.php?ptnr=hmltag Register now!
Draft agenda - subject to change
Draft Agenda NANOG 29 Oct. 19-21, Chicago Sunday Tutorials 1:30 - 3:00 p.m.Implementing a Secure Network Infrastructure (Part I) Merike Kaeo 1:30 - 3:00 p.m.Harvest BGP Troubleshooting Philip Smith, Cisco 3:00 - 3:30 p.m.BREAK 3:30 - 5:00 p.m.Deploying IP Anycast Kevin Miller, CMU 3:30 - 5:00 p.m.Implementing a Secure Network (Part II) 5:00 - 7:30 p.m.Dinner 7:30 - 9:00 p.m.MPLS Applications Overview Ina Minei, Juniper 7:30 - 9:00 p.m.Implementing a Secure Network (Part III) Monday, October 20 -- 9:00 a.m. Welcome, Introductions Susan Harris, Merit; Ray Plzak, ARIN; Jordan Lowe, Server Central 9:15 a.m. Verisign's Wildcard Record: Effects and Responses Mark Kosters and Matt Larson, Verisign; Suzanne Woolf, ISC 9:45 a.m. Update on Anomalous DNS Behavior Duane Wessels, Packet Pushers 10:30 a.m. BREAK 11:00 p.m. Panel: Watching Your Router Configurations and Detecting Those Exciting Little Changes Randy Bush, IIJ, moderator Henry Kilmer, Terrapin Communications; John Heasley, Verio Danny McPherson, Arbor 11:45 a.m. Building a Web of Trust Joe Abley, ISC 12:00 p.m. LUNCH (on your own) 1:30 p.m. The Relationship Between Network Security and Spam Carl Hutzler and Ron da Silva, AOL Time Warner 2:00 p.m. Panel: Simple Router Security, What Every ISP Router Engineer Should Know and Practice Randy Bush, IIJ, moderator; Rob Thomas, Cisco/Team Cymru; Neal Ziring, NSA; George Jones, MITRE 3:00 p.m. AOL Backbone OSPF-ISIS Migration Vijay Gill and John Warner, AOL Time Warner 3:30 p.m. BREAK 4:00 p.m. Research Forum Internet Service Differentiation Using Transport Options: The Case for Policy-aware Congestion Control Panos Gevros, University of Cambridge Passive Internet Health Monitoring With BGP Kenneth McGrath, Dartmouth How to Compute Accurate Traffic Matrices for Your Network in Seconds Yin Zhang, Matthew Roughan, Albert Greenberg, David Donoho, Nick Duffield, and Carsten Lund, ATT AutoFocus: A Tool for Automatic Traffic Analysis Cristian Estan, UCSD 7:30 - 9 p.m. ISP Security and NSP-SEC BOF IV Barry Raveendran Greene, Cisco Merike Kaeo, moderators PGP Key Party - Joe Abley, ISC Tuesday, October 21 --- 9:00 a.m. GBIC Interface Standards Support in the Telecommunications Industry Dave Wodelet, Shaw Communications 9:30 a.m. A Systematic Approach to BGP Configuration Checking Nick Feamster and Hari Balakrishnan, MIT 10:00 a.m. BGP: Good MEDs Gone Bad! Danny McPherson, Arbor 10:30 a.m. BREAK 11:00 a.m. Flawed Routers Flood University of Wisconsin Internet Time Server Dave Plonka, University of Wisconsin - Madison 11:20 a.m. Student Desktop TV: Safe and Secure Video Over IP Tim Ward, Northwestern University 11:40 a.m. The Blaster Worm: The View From 10,000 Feet Jose Nazario, Arbor 12:00 p.m. LUNCH (on your own) 1:30 p.m. An Overview of the Global IPv6 Routing Table Cathy Wittbrodt 2:00 p.m. It's a Surprise 2:30 p.m. Stress Testing to Validate Router Readiness for Deployment Shankar Rao, Qwest; Scott Poretsky, Quarry 3:00 p.m. Fast IP Convergence Clarence Filsfils, Cisco 3:30 p.m. Adjourn Susan Harris, Merit
[no subject]
Good morning/day/evening/night/whatever, I'm working on the netlantis project which offers to the public a set of tools regarding the global routing status. Netlantis has multiple so called NRC (Netlantis Route Collectors) which have eBGP multihop sessions with different ISPs around the world in order to collect their full BGP routing table. Netlantis is a non-commercial and independent project. I would be very interested to have one or more RouteCollector(s) in the NA region. Would anyone be able to sponsor this? I would need something like a P3 = 500Mhz with at least 256Mb of RAM running FreeBSD 4.8 and its colocation. This RouteCollector would then be dedicated to NA peers. The sponsor will get a little text, logo and link on the Netlantis page. for more informations see http://www.netlantis.org Example of what netlantis can do: http://www.netlantis.org/wwwbin/graph.pl?type=asas=15485size=nonebw=0region=all netlantis is still looking for a main sponsor which would provide and host the central server. If you're interested in sponsoring the main server, let me know. Regards, Pascal
I need a portable /24 not attached to any sub-domain or anything else subject to attack
I simply would like to borrow this /24 if you are not going to use in the near and distantfuture or ever for that matter. It can not be attached to any subdomain and or any or part of any routing table, this would most helpful in the development of methods to prevent ddos and dos. Thank you very much Henry R Linneweh
Re: I need a portable /24 not attached to any sub-domain or anythingelse subject to attack
Henry Linneweh wrote: I simply would like to borrow this /24 if you are not going to use in the near and distant future or ever for that matter. It can not be attached to any subdomain and or any or part of any routing table, this would most helpful in the development of methods to prevent ddos and dos. Hmmm. Have you talked with ARIN? I hear they have IP addresses that you can borrow. Perhaps your provider might loan you one, or if not routing it, would private addressing not work? -jack
RE: Weird email messages with re:movie and re:application in the subject line..
got it here too.. And on 30+ publicly annouced mail accounts Hitting big.. sobig virus once again... Jim -Original Message- From: Anne P. Mitchell, Esq. [mailto:[EMAIL PROTECTED] Sent: Wednesday, June 25, 2003 11:05 PM To: '[EMAIL PROTECTED]' Subject: Re: Weird email messages with re:movie and re:application in the subject line.. New spam technique or some new virus, similar to a Melissa? Any body else seeing this? We're seeing it here too, coming to role accounts. Our folks are saying virus, but haven't identified which one yet. Anne
Sobig.E / RE: Weird email messages with re:movie and re:applicationin the subject line..
Sobig.E worm/virus -bryan bradsby Texas State Government Net == Just in the last hour itself, I must have had at least 5 E.mails come to me with a certain 'zipped' file attached, from persons unknown -- who have received E.mails from me with the subject title in question.
Re: Weird email messages with re:movie and re:application inthe subject line..
--On Wednesday, June 25, 2003 23:37 -0400 Steven M. Bellovin [EMAIL PROTECTED] wrote: And I've gotten bounces from mail allegedly from me. It's not L3's fault; this particular worm forges From: lines on its email. fault is debatable. Because forgeries are now so common, particularly in worms, why would you send these notifications to anyone other than the recipient? Let the human decide if the right thing to do is notify the sender.
Re: Weird email messages with re:movie and re:application in the subject line..
In message [EMAIL PROTECTED], John Payne writes: --On Wednesday, June 25, 2003 23:37 -0400 Steven M. Bellovin [EMAIL PROTECTED] wrote: And I've gotten bounces from mail allegedly from me. It's not L3's fault; this particular worm forges From: lines on its email. fault is debatable. Because forgeries are now so common, particularly in worms, why would you send these notifications to anyone other than the recipient? Let the human decide if the right thing to do is notify the sender. Personally, I blame the anti-virus companies who market the software. They know which viruses forge From: lines; why should their alert the poor infected fool software send notes to folks whose addresses are being spoofed? --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of Firewalls book)
Re: Weird email messages with re:movie and re:application in the subject line..
Why? To mark-o-spam their own sodding product. sed-script-on-web-oids-mode Hi Steve, being a sed-script-on-web-oids, I've decided I need to tell you about an exciting new Internet Security product, and in language that you should be able to read, if you match our buyer model for the ease at which we can get this push-contact converted to click-through. More boring text follows. /sed-script-on-web-oids-mode Yeah. The anti- product marketeers are culpable too. Cheers, Eric
Weird email messages with re:movie and re:application in the subject line..
My email box has started receiving a bunch of emails recently (earlier this evening) with a 80k zip attachment called your_details.zip and either re:movie and re:application from a whole bunch of other address I have never heard of.. New spam technique or some new virus, similar to a Melissa? Any body else seeing this? mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com Futureway Communications Inc. is now FCI Broadband
RE: Weird email messages with re:movie and re:application in the subject line..
That body should read ... either re:movie and re:application in the subject line Sorry, mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com Futureway Communications Inc. is now FCI Broadband -Original Message- From: Mark Segal [mailto:[EMAIL PROTECTED] Sent: June 25, 2003 10:57 PM To: '[EMAIL PROTECTED]' Subject: Weird email messages with re:movie and re:application in the subject line.. My email box has started receiving a bunch of emails recently (earlier this evening) with a 80k zip attachment called your_details.zip and either re:movie and re:application from a whole bunch of other address I have never heard of.. New spam technique or some new virus, similar to a Melissa? Any body else seeing this? mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com Futureway Communications Inc. is now FCI Broadband
RE: Weird email messages with re:movie and re:application in the subject line..
At least the Re: Application message is referenced here: http://vil.nai.com/vil/content/v_100429.htm I received several of these today. Don't know about Re: movie. todd My email box has started receiving a bunch of emails recently (earlier this evening) with a 80k zip attachment called your_details.zip and either re:movie and re:application from a whole bunch of other address I have never heard of.. New spam technique or some new virus, similar to a Melissa? Any body else seeing this? mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com Futureway Communications Inc. is now FCI Broadband
Re: Weird email messages with re:movie and re:application inthe subject line..
Yep coming to my nanog email addy. My email box has started receiving a bunch of emails recently (earlier this evening) with a 80k zip attachment called your_details.zip and either re:movie and re:application from a whole bunch of other address I have never heard of.. New spam technique or some new virus, similar to a Melissa? Any body else seeing this? mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com Futureway Communications Inc. is now FCI Broadband
Re: Weird email messages with re:movie and re:application in the subject line..
New spam technique or some new virus, similar to a Melissa? Any body else seeing this? We're seeing it here too, coming to role accounts. Our folks are saying virus, but haven't identified which one yet. Anne
Re: Weird email messages with re:movie and re:application in the subject line..
W32/[EMAIL PROTECTED] per McAffee. I seem to have done one better ... according to a M$ host in Level3-land, the Unix box right in front of me sent the mail in question. Someone at L3 needs to call home. The only L3 turd in my mail log is their inbound... Jun 25 18:21:11 nic-naa sm-mta[24589]: h5PMLB5U024589: from=[EMAIL PROTECTED], size=1711, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=machine77.Level3.com [209.244.4.106] Cheers, Eric --- Forwarded Message Return-Path: [EMAIL PROTECTED] Delivery-Date: Wed Jun 25 18:21:11 2003 Return-Path: [EMAIL PROTECTED] Received: from f1ee40-19.idc1.level3.com (machine77.Level3.com [209.244.4.106]) by nic-naa.net (8.12.9/8.12.9) with ESMTP id h5PMLB5U024589 for [EMAIL PROTECTED]; Wed, 25 Jun 2003 18:21:11 -0400 (EDT) Received: from idc1exc0001.corp.global.level3.com (localhost [127.0.0.1]) by f1ee40-19.idc1.level3.com (8.8.8p2+Sun/8.8.8) with SMTP id WAA02577 for [EMAIL PROTECTED]; Wed, 25 Jun 2003 22:21:50 GMT Received: from idc1exc0005.corp.global.level3.com ([10.1.6.215]) by idc1exc0001.corp.global.level3.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 25 Jun 2003 16:21:49 -0600 Received: from mail pickup service by idc1exc0005.corp.global.level3.com with Microsoft SMTPSVC; Wed, 25 Jun 2003 16:21:49 -0600 thread-index: AcM7aCvRcfOY+VcOT2aAnuNoWHZmCQ== Thread-Topic: [MailServer Notification]Alert to Sender: File Attachment Blocked From: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [MailServer Notification]Alert to Sender: File Attachment Blocked Date: Wed, 25 Jun 2003 16:21:49 -0600 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Mailer: Microsoft CDO for Exchange 2000 Content-Class: urn:content-classes:message Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300 X-OriginalArrivalTime: 25 Jun 2003 22:21:49.0631 (UTC) FILETIME=[2BF044F0:01C33B68] ScanMail for Microsoft Exchange has blocked an attachment. Sender = [EMAIL PROTECTED] Recipient(s) = [EMAIL PROTECTED] Subject = Re: Movie Scanning time = 06/25/2003 16:21:49 Action on file blocking: The attachment your_details.zi matches the file blocking settings. ScanMail has Deleted it. Attachment blocked due to extension match of .bat, .eml, .nws, .pif, .scr, .src, .shs, .vbe, .vbs, .com, or .exe. --- End of Forwarded Message
RE: Weird email messages with re:movie and re:application in the subject line..
Here the best link I have seen so far... Thanks to kevin day.. http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED] My guess is they might need to upgrade it to more than 55-999 infections :). mark -- Mark Segal Director, Network Planning FCI Broadband Tel: 905-284-4070 Fax: 416-987-4701 http://www.fcibroadband.com Futureway Communications Inc. is now FCI Broadband -Original Message- From: Eric Brunner-Williams in Portland Maine [mailto:[EMAIL PROTECTED] Sent: June 25, 2003 11:25 PM To: Larry Rosenman Cc: Mark Segal; '[EMAIL PROTECTED]'; [EMAIL PROTECTED] Subject: Re: Weird email messages with re:movie and re:application in the subject line.. W32/[EMAIL PROTECTED] per McAffee. I seem to have done one better ... according to a M$ host in Level3-land, the Unix box right in front of me sent the mail in question. Someone at L3 needs to call home. The only L3 turd in my mail log is their inbound... Jun 25 18:21:11 nic-naa sm-mta[24589]: h5PMLB5U024589: from=[EMAIL PROTECTED], size=1711, class=0, nrcpts=1, msgid=[EMAIL PROTECTED], proto=ESMTP, daemon=MTA, relay=machine77.Level3.com [209.244.4.106] Cheers, Eric --- Forwarded Message Return-Path: [EMAIL PROTECTED] Delivery-Date: Wed Jun 25 18:21:11 2003 Return-Path: [EMAIL PROTECTED] Received: from f1ee40-19.idc1.level3.com (machine77.Level3.com [209.244.4.106]) by nic-naa.net (8.12.9/8.12.9) with ESMTP id h5PMLB5U024589 for [EMAIL PROTECTED]; Wed, 25 Jun 2003 18:21:11 -0400 (EDT) Received: from idc1exc0001.corp.global.level3.com (localhost [127.0.0.1]) by f1ee40-19.idc1.level3.com (8.8.8p2+Sun/8.8.8) with SMTP id WAA02577 for [EMAIL PROTECTED]; Wed, 25 Jun 2003 22:21:50 GMT Received: from idc1exc0005.corp.global.level3.com ([10.1.6.215]) by idc1exc0001.corp.global.level3.com with Microsoft SMTPSVC(5.0.2195.4905); Wed, 25 Jun 2003 16:21:49 -0600 Received: from mail pickup service by idc1exc0005.corp.global.level3.com with Microsoft SMTPSVC; Wed, 25 Jun 2003 16:21:49 -0600 thread-index: AcM7aCvRcfOY+VcOT2aAnuNoWHZmCQ== Thread-Topic: [MailServer Notification]Alert to Sender: File Attachment Blocked From: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: [MailServer Notification]Alert to Sender: File Attachment Blocked Date: Wed, 25 Jun 2003 16:21:49 -0600 Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 7bit X-Mailer: Microsoft CDO for Exchange 2000 Content-Class: urn:content-classes:message Importance: normal Priority: normal X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4920.2300 X-OriginalArrivalTime: 25 Jun 2003 22:21:49.0631 (UTC) FILETIME=[2BF044F0:01C33B68] ScanMail for Microsoft Exchange has blocked an attachment. Sender = [EMAIL PROTECTED] Recipient(s) = [EMAIL PROTECTED] Subject = Re: Movie Scanning time = 06/25/2003 16:21:49 Action on file blocking: The attachment your_details.zi matches the file blocking settings. ScanMail has Deleted it. Attachment blocked due to extension match of .bat, .eml, .nws, .pif, .scr, .src, .shs, .vbe, .vbs, .com, or .exe. --- End of Forwarded Message
Re: Weird email messages with re:movie and re:application in the subject line..
In message [EMAIL PROTECTED], Eric Brunner-Williams in Portland Maine writes: W32/[EMAIL PROTECTED] per McAffee. I seem to have done one better ... according to a M$ host in Level3-land, the Unix box right in front of me sent the mail in question. Someone at L3 needs to call home. The only L3 turd in my mail log is their inbound... Jun 25 18:21:11 nic-naa sm-mta[24589]: h5PMLB5U024589: from=[EMAIL PROTECTED] el3.com, size=1711, class=0, nrcpts=1, msgid=012d01c33b68$2bd14b40$d706010a@ corp.global.level3.com, proto=ESMTP, daemon=MTA, relay=machine77.Level3.com [ 209.244.4.106] And I've gotten bounces from mail allegedly from me. It's not L3's fault; this particular worm forges From: lines on its email. Another day, another worm. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of Firewalls book)
[no subject]
Hi Owen, This is exactly the service Team Cymru is currently offering with the bogon route-server project. Specific details and instructions on how to request access can be found at the following URL: http://www.cymru.com/BGP/bogon-rs.html In a nutshell, this is a reliable and secure method of ensuring your bogon routes are kept up-to-date. Changes to the bogon route-server are validated by at least two other individuals. Team Cymru validate all changes to the bogon lists and supporting documents prior to implementation of such changes. That said, bogons are updated almost immediately and at no cost to you. This is a *FREE* offering, as such there are NO guarantees or SLAs. The current list of 15 peers have been quite pleased with the reliability and service. We are also working on adding redundant bogon route-servers in the very near future. If anyone is willing to donate gear or bandwidth to the cause, please dont hesitate to contact us. As always, the master bogon reference page can be found here: http://www.cymru.com/Bogons/index.html Feel free to send any queries, suggestions, or concerns to the entire team at [EMAIL PROTECTED] Thanks! Steve, for Team Cymru. -- Stephen Gill [EMAIL PROTECTED] -Original Message- Date: Tue, 11 Mar 2003 08:48:07 -0800 From: Owen DeLong [EMAIL PROTECTED] Subject: RE: 69/8...this sucks -- Centralizing filtering.. Thanks for your support Jim. I've gotten mixed feedback to my proposal here for a centralized bogon filter from the RIRs via BGP, but I will say there's been more support than opposition. (Most of the support has been sent to me, not the list, while most of the opposition has been to the list, however). I know it's too late to get it into the Memphis meeting, but I think, based on the amount of support it has received, that I will submit a policy proposal to ARIN in support of creating the requisite BGP feeds. I realize that an ARIN policy alone won't do this (the other RIRs would have to follow suit), but, if ARIN adopts it, I don't think it will be too hard to get the other RIRs to follow. I'm also not familiar with the policy process in the other RIRs. I absolutely agree with you about the whois contact stuff. I think it might make sense eventually to put a similar requirement for current information on the admin and tech contact, although I don't see putting the same response and performance strictures on them. For now, I'm trying to address large issues in small enogh pieces to get rough consensus around the solution to each small piece. Trying to solve the big problems all at once never seems to achieve rough consensus. Owen
[no subject]
Does anyone on the list know of any ISPs that bill based on average utilization, rather than some variation of 95th percentile? Thanks Lynn Bashaw Director, Network Engineering Yipes Enterprise Services 2000 S. Colorado Blvd. Denver, CO 80222
[no subject]
At this exact moment we bill by average, but we're considering a switch to 95%, though lately I've gotten tired of fighting with customers when they get a bandwidth bill, so we might just do away with measured bandwidth and go with capped across the board. -- Bruce Robertson, President/CEO +1-775-348-7299 Great Basin Internet Services, Inc. fax: +1-775-348-9412 http://www.greatbasin.net
[no subject]
Thing is if your connection is completely full one way, it'll effect traffic the other way too. My thoughts are Cogents primary customers are sites that are looking for very cheap bandwidth, which most likely is adult content. Therefore they would look more like a content provider than a transit provider. My question, being a content network, is how would AOL expect them to have a balanced pipe? AOL is all eyeballs, and really doesn't have much content which is useful outside of their user base. Especially if you already peer with Time Warner in other sites. When ISP's peer I would have thought it is to prevent having to pay transit companies like Level3 for the bandwidth. This leads me to believe there might be something more to this, like maybe the spam spewed from the adult sites. Just a guess, anyone have any hard data? Dwight
[no subject]
Genuity filed for bankruptcy today as part of a deal to sell nearly all of its assets to Level 3. http://biz.yahoo.com/djus/021127/1744000711_1.html --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (Firewalls book)
[no subject]
Hello, Are there some ISPs who filter prefixes longer than /19 or a /20?. I thought they filtered only prefixes which are longer than /24? Harsha.
[no subject]
Hi, Can anyone please tell me the answer to the following question? How do ISPs manage the allocations they get from the RIRs? More specifically, do they make the assignments from this sequentially or not? Are multihoming assignments to customers amidst non-multihoming assignments? I ask this because /23s and /24s seem to be scattered over a wide area - they are not adjacent to each other. Harsha.
Re: Stop it with putting your e-mail body in ATT attachments. Itsannoyingand no one can see your message. Dang, this subject is long.
Pawlukiewicz Jane wrote: Good ol Frank, we can always count on you! Get a job, man. I'm employed, but looking. I sent a resume to Booz Allen Hamilton last week for the Senior Consultant position in NoVA. Do me a favor and talk to HR and put in a good word for me. Frank
[no subject]
-Envelope-To: [EMAIL PROTECTED] Date: Thu, 27 Jun 2002 22:08:37 + (GMT) From: Hermann Wecke [EMAIL PROTECTED] To: nanog [EMAIL PROTECTED] Subject: Re: How do I log on while in flight? In-Reply-To: [EMAIL PROTECTED] Message-ID: [EMAIL PROTECTED] MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: [EMAIL PROTECTED] Precedence: bulk Errors-To: [EMAIL PROTECTED] X-Loop: nanog On Thu, 27 Jun 2002, David Charlap wrote: The GTE airfones installed in most large planes have data ports if you must connect a computer. But be prepared to pay a very steep per-minute charge for the connection. Expensive: US$ 2.49 per minute on United flights...
[no subject]
I heard that UU.net is rolling Outlook at the core ... -chris On Thu, 25 Apr 2002, Jeff Harper wrote: Anyone think this is related the Klez virus? Jeff -Original Message- From: Steve Smith [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 10:58 AM To: Streiner, Justin; [EMAIL PROTECTED] Subject: RE: UUNET instability? Here is Memphis we are seeing the same thing. Twice this morning we have dropped and our BGP is freaking out. -Original Message- From: Streiner, Justin [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 10:01 AM To: [EMAIL PROTECTED] Subject: UUNET instability? Anyone else seeing routing instability through UUNET or have any more details? I saw a significant drop in my inbound and outbound traffic to them around 10:00AM EDT. UUNET has a prompt on their phone menus about network instability, but didn't elaborate. Their NOC doesn't have any more details as of yet that they're passing along. jms
[no subject]
__ Do You Yahoo!? Yahoo! Tax Center - online filing with TurboTax http://taxes.yahoo.com/
[no subject]
Sorry, you can't tell who's comment is whose on the previous mail. That should be: -Original Message- From: Richard A Steenbergen [mailto:[EMAIL PROTECTED]] Sent: Friday, March 22, 2002 11:47 AM To: Greg Pendergrass Cc: 'Nanog@Merit. Edu' Subject: Re: long distance gigabit ethernet On Fri, Mar 22, 2002 at 10:36:22AM -0500, Greg Pendergrass wrote: I'm looking at long-haul gigabit ethernet as a possible solution versus traditional SONET and I'm a little bit wary as promises made on web pages and white papers aren't *always* completely accurate. I'd appreciate it if you all would share your experiences with it. By long-haul I mean in the hundreds or thousands of miles. I need to know: a. Does it work properly? b. Who offers it in the continental US? -I'm going to take a stab and assume that you're actually more interested -in finding a longhaul line with GigE on the ends, and not so much how many -miles you can get with whatever optics... Absolutely right, I don't care what's in between as long as I have GigE at the end. Other options include using wave (too expensive), or ethernet over MPLS (worth considering although latency may be too high for longer that 1000 miles). GP