Re: Consumer Grade - IPV6 Enabled Router Firewalls.
On 11/12/2009, at 1:14 PM, Owen DeLong wrote: You don't need UPnP if you'r not doing NAT. You kinda do if you're using a stateful firewall with a deny everything that shouldn't be accepted policy. UPnP (or something like it) would have to tell the firewall what should be accepted. - mark -- Mark Newton Email: new...@internode.com.au (W) Network Engineer Email: new...@atdot.dotat.org (H) Internode Pty Ltd Desk: +61-8-82282999 Network Man - Anagram of Mark Newton Mobile: +61-416-202-223
Is there anyone from ASPEWS on this list?
Hi, ASPEWS is listing 216.83.32.0/20 as being associated with the whole Atrivo incident of 2008. My memory does not recall 216.83.32.0/20 being involved, nor the provider that belongs to. So it'd be cool if I could you know, talk to someone who has involvement with that, because frankly, I do not see why it is listed as having any involvement with Atrivo. Also, the fact that Atrivo is *dead* and this stuff is still listed means that anyone who gets those blocks from ARIN next are basically screwed. Which kind of sucks. William
About IPv6 performance
Dear all: I've been searching the web for tests or reports about how performance in current IP boxes (core routers, BRAS, edge routers...) is impacted when enabling IPv6, but haven't been able to find anything useful, but a couple of reports dated in 2002 and 2004: http://www.lightreading.com/document.asp?doc_id=63606 http://www.ipv6-tf.com.pt/documentos/geral/bii_v6_interop.pdf I already assume some impacts in memory for IPv6 prefixes, or CPU usage... but don't clearly see other impacts (number of sessions...). I know performance will mainly depend on which service structure is selected (PPPoE, DHCPv6...), but... could anybody point to a report that deals with all these issues? Thank you, David Pérez.
Re: About IPv6 performance
On Dec 11, 2009, at 3:59 PM, David Pérez wrote: could anybody point to a report that deals with all these issues? Also be sure to pay attention to IPv4/IPv6 feature parity gaps. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
Re: More ASN collissions
* Rene Wilhelm: AS3745 is not a duplicate ASN assignment either. Like AS35868 the entry at whois.ripe.net is a user created object in the RIPE routing registry, not an assignment by RIPE NCC. How can you tell one from the other? Is the lack of an org: attribute reliable? -- Florian Weimerfwei...@bfk.de BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
Mark Newton wrote, on 2009-12-11 03:09: You kinda do if you're using a stateful firewall with a deny everything that shouldn't be accepted policy. UPnP (or something like it) would have to tell the firewall what should be accepted. That's putting the firewall at the mercy of viruses, worms, etc. The firewall shouldn't trust anything else to tell it what is good and bad traffic. Simon -- DNS64 open-source -- http://ecdysis.viagenie.ca STUN/TURN server-- http://numb.viagenie.ca vCard 4.0 -- http://www.vcarddav.org
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
On Fri, 11 Dec 2009 07:41:59 EST, Simon Perreault said: Mark Newton wrote, on 2009-12-11 03:09: You kinda do if you're using a stateful firewall with a deny everything that shouldn't be accepted policy. UPnP (or something like it) would have to tell the firewall what should be accepted. That's putting the firewall at the mercy of viruses, worms, etc. The firewall shouldn't trust anything else to tell it what is good and bad traffic. What you suggest? Manual configuration? We *know* that if a worm puts up a popup that says Enable port 33493 on your firewall for naked pics of.. that port 33493 will get opened anyhow, so we may as well automate the process and save everybody the effort. Redesigning the security so that human intervention is required isn't worth the effort, because the black hats are much better at convincing people to do something than the white hats are at teaching them why they shouldn't do it. Probably because we don't teach with naked pics of... pgpuopTCoZnJe.pgp Description: PGP signature
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
valdis.kletni...@vt.edu wrote, on 2009-12-11 08:06: On Fri, 11 Dec 2009 07:41:59 EST, Simon Perreault said: Mark Newton wrote, on 2009-12-11 03:09: You kinda do if you're using a stateful firewall with a deny everything that shouldn't be accepted policy. UPnP (or something like it) would have to tell the firewall what should be accepted. That's putting the firewall at the mercy of viruses, worms, etc. The firewall shouldn't trust anything else to tell it what is good and bad traffic. What you suggest? That depends on the circumstances. UPnP is fine in some circumstances and wrong in others. We *know* that if a worm puts up a popup that says Enable port 33493 on your firewall for naked pics of.. that port 33493 will get opened anyhow, so we may as well automate the process and save everybody the effort. Not if the victim doesn't have rights on the firewall (e.g. enterprise). Simon -- DNS64 open-source -- http://ecdysis.viagenie.ca STUN/TURN server-- http://numb.viagenie.ca vCard 4.0 -- http://www.vcarddav.org
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
Joe Greco wrote, on 2009-12-11 08:36: Everyone knows a NAT gateway isn't really a firewall, except more or less accidentally. There's no good way to provide a hardware firewall in an average residential environment that is not a disaster waiting to happen. If you make it smart (i.e. UPnP) then it will of course autoconfigure itself for an appropriate virus. However, your average home user often doesn't change their $FOOGEAR password from the default of 1234, and it is reasonable to assume that at some point, viruses will ship with some minimal knowledge of how to manually fix their networking environment. Or better yet? Runs a password cracker until it figures it out, since the admin interfaces on these things are rarely hardened. If you actually /do/ a really good firewall, then of course users find it hard to use and your company takes a support hit, maybe gets a bad reputation, etc. There's no winning. Agreed. We have thus come to the conclusion that there shouldn't be a NAT-like firewall in IPv6 home routers. Thanks, Simon -- DNS64 open-source -- http://ecdysis.viagenie.ca STUN/TURN server-- http://numb.viagenie.ca vCard 4.0 -- http://www.vcarddav.org
Re: news from Google
Um, yeah. Them there micro$loth folks is W more privacy oriented than them google rascals. Well, we still have hope that bing logs are stored in windows servers making them more difficult to access or even retain after the seasonal color of the screen of death. The article is not worse than some messages being circulated on other lists citing privacy concerns because of Chrome dns-prefetch where evil Google will not only know where you go or what you are looking for, they will also know your intentions when with your mouse you hover over a link (according to Roskind there may be some cases where chrome sends a query when you do so). Ohhh well ... Cheers Jorge
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
On Fri, 11 Dec 2009, Simon Perreault wrote: We have thus come to the conclusion that there shouldn't be a NAT-like firewall in IPv6 home routers. No, the conclusion is that for IPv6 there should be something that behaves much like current IPv4 NAT boxes, ie do stateful firewalling and only let internal computers initiate conenctions outgoing, do protocol sniffing for allowing incoming new connections, and use some uPNP like method to do temporary firewall openings. This is the social contract of the current home gateway ecosystem, and intiially IPv6 devices need to replicate this. Last I checked, this was the conclusion of multiple IPv6 related IETF working groups, check out homegate and v6ops WGs for instance. -- Mikael Abrahamssonemail: swm...@swm.pp.se
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
Once upon a time, Joe Greco jgr...@ns.sol.net said: Everyone knows a NAT gateway isn't really a firewall, except more or less accidentally. There's no good way to provide a hardware firewall in an average residential environment that is not a disaster waiting to happen. I don't think hardware vs. software makes a real firewall. A NAT gateway has to have all the basic functionality of a stateful firewall, plus packet mangling. Typical home NAT gateways don't have all the configurability of an SSG or such, but the same basic functionality is there. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
Once upon a time, Joe Greco jgr...@ns.sol.net said: Everyone knows a NAT gateway isn't really a firewall, except more or less accidentally. There's no good way to provide a hardware firewall in an average residential environment that is not a disaster waiting to happen. I don't think hardware vs. software makes a real firewall. A NAT gateway has to have all the basic functionality of a stateful firewall, plus packet mangling. Typical home NAT gateways don't have all the configurability of an SSG or such, but the same basic functionality is there. You can blow away the firmware of your NAT gateway and load something like DD-WRT. This gives you a hardware firewall (an external hardware device that acts as a deliberate firewall; i.e. you can firewall 1.2.3.4 from 5.6.7.8). It is not filtering packets in silicon, which is an alternate definition for hardware firewall that many in this group could use, but in common usage, it is the distinctness from the protected host(s) and the ability to implement typical firewalling rules and methods, with or _without_ NAT, that makes it a hardware firewall. Your existing NAT gateway firmware may well be based on Linux and may have portions implemented by a Linux firewalling subsystem, but in most cases, you cannot really drill down to any significant level of detail, and quite frequently the main anti-forwarding protection offered is simply the difficulty in surmounting the artificial barrier created by the NAT addressing discontinuity. While this might technically count as the same basic functionality, functionality that cannot be accessed or used might as well not be there for the purposes of this discussion. So I'll pass on considering your average NAT gateway as a hardware firewall. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: news from Google
Another one for the collection http://www.circleid.com/posts/dot_google_before_christmas/ Cheers Jorge
RE: Is there anyone from ASPEWS on this list?
Also, the fact that Atrivo is *dead* and this
stuff is still listed means that anyone who gets
those blocks from ARIN next are basically screwed
Why would you say Atrivo is dead?
r...@localhost --- {~} nslookup www.googleadservices.com 85.255.114.83
Server: 85.255.114.83
Address:85.255.114.83#53
Name: www.googleadservices.com
Address: 67.210.14.113
r...@localhost --- {~}
r...@localhost --- {~} nslookup www.googleadservices.com 8.8.4.4
Server: 8.8.4.4
Address:8.8.4.4#53
Non-authoritative answer:
www.googleadservices.comcanonical name = adservices.google.com.
adservices.google.com canonical name = adservices.l.google.com.
Name: adservices.l.google.com
Address: 74.125.19.96
Regards,
Alex Lanstein
FireEye, Inc.
From: William Pitcock [neno...@systeminplace.net]
Sent: Friday, December 11, 2009 3:36 AM
To: nanog@nanog.org
Subject: Is there anyone from ASPEWS on this list?
Hi,
ASPEWS is listing 216.83.32.0/20 as being associated with the whole
Atrivo incident of 2008. My memory does not recall 216.83.32.0/20 being
involved, nor the provider that belongs to.
So it'd be cool if I could you know, talk to someone who has involvement
with that, because frankly, I do not see why it is listed as having any
involvement with Atrivo. Also, the fact that Atrivo is *dead* and this
stuff is still listed means that anyone who gets those blocks from ARIN
next are basically screwed. Which kind of sucks.
William
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.apnic.net. If you have any comments please contact Philip Smith p...@cisco.com. Routing Table Report 04:00 +10GMT Sat 12 Dec, 2009 Report Website: http://thyme.apnic.net Detailed Analysis: http://thyme.apnic.net/current/ Analysis Summary BGP routing table entries examined: 306287 Prefixes after maximum aggregation: 142533 Deaggregation factor: 2.15 Unique aggregates announced to Internet: 150582 Total ASes present in the Internet Routing Table: 32907 Prefixes per ASN: 9.31 Origin-only ASes present in the Internet Routing Table: 28575 Origin ASes announcing only one prefix: 13946 Transit ASes present in the Internet Routing Table:4332 Transit-only ASes present in the Internet Routing Table: 99 Average AS path length visible in the Internet Routing Table: 3.6 Max AS path length visible: 24 Max AS path prepend of ASN (12026) 22 Prefixes from unregistered ASNs in the Routing Table: 994 Unregistered ASNs in the Routing Table: 135 Number of 32-bit ASNs allocated by the RIRs:351 Prefixes from 32-bit ASNs in the Routing Table: 301 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space:162 Number of addresses announced to Internet: 2160649728 Equivalent to 128 /8s, 200 /16s and 230 /24s Percentage of available address space announced: 58.3 Percentage of allocated address space announced: 66.1 Percentage of available address space allocated: 88.2 Percentage of address space in use by end-sites: 80.3 Total number of prefixes smaller than registry allocations: 147120 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:73696 Total APNIC prefixes after maximum aggregation: 25498 APNIC Deaggregation factor:2.89 Prefixes being announced from the APNIC address blocks: 70372 Unique aggregates announced from the APNIC address blocks:31050 APNIC Region origin ASes present in the Internet Routing Table:3895 APNIC Prefixes per ASN: 18.07 APNIC Region origin ASes announcing only one prefix: 1062 APNIC Region transit ASes present in the Internet Routing Table:607 Average APNIC Region AS path length visible:3.6 Max APNIC Region AS path length visible: 23 Number of APNIC addresses announced to Internet: 483880224 Equivalent to 28 /8s, 215 /16s and 109 /24s Percentage of available APNIC address space announced: 80.1 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079 55296-56319, 131072-132095 APNIC Address Blocks43/8, 58/8, 59/8, 60/8, 61/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:128493 Total ARIN prefixes after maximum aggregation:67389 ARIN Deaggregation factor: 1.91 Prefixes being announced from the ARIN address blocks: 103031 Unique aggregates announced from the ARIN address blocks: 38828 ARIN Region origin ASes present in the Internet Routing Table:13397 ARIN Prefixes per ASN: 7.69 ARIN Region origin ASes announcing only one prefix:5182 ARIN Region transit ASes present in the Internet Routing Table:1322 Average ARIN Region AS path length visible: 3.3 Max ARIN Region AS path length visible: 24 Number of ARIN addresses announced to Internet: 733616416 Equivalent to 43 /8s, 186 /16s and 25 /24s Percentage of available ARIN address space announced:
RE: Is there anyone from ASPEWS on this list?
On Fri, 2009-12-11 at 09:55 -0800, Alex Lanstein wrote:
Also, the fact that Atrivo is *dead* and this
stuff is still listed means that anyone who gets
those blocks from ARIN next are basically screwed
Why would you say Atrivo is dead?
r...@localhost --- {~} nslookup www.googleadservices.com 85.255.114.83
Server: 85.255.114.83
Address:85.255.114.83#53
Name: www.googleadservices.com
Address: 67.210.14.113
That is Cernal, and it is hosted in Russia now.
Cernal and Atrivo are two different entities, Atrivo used to host
Cernal, but now they have different hosting arrangements.
Can people get a clue and understand this very critical difference?
Thanks.
William
Re: news from Google
Scott Weeks wrote: --- m...@sizone.org wrote: From: Ken Chase m...@sizone.org topically related, it's actually news from Mozilla: http://www.computerworld.com/s/article/9142106/Mozilla_exec_suggests_Firefox_users_move_to_Bing_cites_Google_privacy_stance?source=rss_news from the horse's mouth, as it were. So, how bout that DNS. Um, yeah. Them there micro$loth folks is W more privacy oriented than them google rascals. It's better than the maybe you shouldn't be doing things you don't want people to know about statement. That right there gives me some insight on where Google wants to go in the future with privacy. ~Seth
Re: news from Google
Microsoft just wants your cash, but Google wants your personal information so they can sell it over and over again. The entire Google business model is at odds with notions of personal privacy, so it's not even a question of the occasional excess on their part. Schmidt did what Michael Kinsey calls a gaffe: when a politician accidentally tells the truth. On 12/11/2009 12:36 PM, Seth Mattinen wrote: Scott Weeks wrote: --- m...@sizone.org wrote: From: Ken Chase m...@sizone.org topically related, it's actually news from Mozilla: http://www.computerworld.com/s/article/9142106/Mozilla_exec_suggests_Firefox_users_move_to_Bing_cites_Google_privacy_stance?source=rss_news from the horse's mouth, as it were. So, how bout that DNS. Um, yeah. Them there micro$loth folks is W more privacy oriented than them google rascals. It's better than the maybe you shouldn't be doing things you don't want people to know about statement. That right there gives me some insight on where Google wants to go in the future with privacy. ~Seth -- Richard Bennett Research Fellow Information Technology and Innovation Foundation Washington, DC
Google Privacy (was Re: news from Google)
Richard Bennett wrote: Microsoft just wants your cash, but Google wants your personal information so they can sell it over and over again. The entire Google business model is at odds with notions of personal privacy, so it's not even a question of the occasional excess on their part. Schmidt did what Michael Kinsey calls a gaffe: when a politician accidentally tells the truth. Completely agree. I have always tried to tell people as much with Google, and they'd just point to the privacy policy, but now there's a juicy quote from the top of the food chain to counter with. Policy can (and will) change. ~Seth
Re: news from Google
On Fri, 11 Dec 2009, Seth Mattinen wrote: It's better than the maybe you shouldn't be doing things you don't want people to know about statement. That right there gives me some insight on where Google wants to go in the future with privacy. At least Google seems to be honest about it. What does Bing say they keep about you when you search, not logged into your Passport account? IP + searches, date and time? And what do they actually do? What about Yahoo, now that they will use Bing? Or even AltaVista? How do we know the difference between the reality of what they do versus their Privacy Policy? If you aren't breaking the law, the government won't be looking for your data, and won't ask Google/Yahoo/Bing/AltaVista or other search companies for your data. If you ARE breaking the law, and you live in the US, you gotta be careful about what you do on the Internet, 'cause it all gets logged differently in different places. I find it REALLY HARD TO BELIEVE that NO OTHER SEARCH ENGINE COMPANY is retaining search data with IP address and maybe even account ID for a period of time. Not even Netflix, who thought they scrubbed the Netflix Prize Dataset, was able to rid the data of your personal information. http://www.cs.utexas.edu/~shmat/netflix-faq.html We're living in a world where every web request writes to a log file. Those log files live for days, weeks, years, even decades, and depend on the admins running the site, not the Privacy Policy. If you've ever visited my site, I've kept those logs for 10 years. Your IP, your browser, all that crap. This is the internet. You are logged at almost every action you take, somewhere. It's easy to archive those logs, and hard to cull them of personally identifiable information. Because disk is cheap, we tend to horde data, not delete it. I'd like to see an independent source compare Mozilla's Privacy Policy to their actual practices, and see if they are truly leaders in personal privacy or just being hypocritical. And even if they do keep to their Privacy Policy, they provide a useful service, and I'm not breaking the law (that I know of). They can have my IP, what I search, what AddOns I've added, my crash signatures. At least I know what they have and that they will follow US Law and give it to authorities when properly requested. You don't get to have Privacy on the Internet. It's a fallacy. You have to work really hard to truly have privacy on the 'net. And lie a lot. Beckman --- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ ---
Re: news from Google
Peter Beckman wrote: On Fri, 11 Dec 2009, Seth Mattinen wrote: It's better than the maybe you shouldn't be doing things you don't want people to know about statement. That right there gives me some insight on where Google wants to go in the future with privacy. At least Google seems to be honest about it. What does Bing say they keep about you when you search, not logged into your Passport account? IP + searches, date and time? And what do they actually do? What about Yahoo, now that they will use Bing? Or even AltaVista? How do we know the difference between the reality of what they do versus their Privacy Policy? We want your money versus we want your life. If you aren't breaking the law, the government won't be looking for your data, and won't ask Google/Yahoo/Bing/AltaVista or other search companies for your data. If you ARE breaking the law, and you live in the US, you gotta be careful about what you do on the Internet, 'cause it all gets logged differently in different places. We are all likely breaking some law on a daily basis. I find it REALLY HARD TO BELIEVE that NO OTHER SEARCH ENGINE COMPANY is retaining search data with IP address and maybe even account ID for a period of time. Not even Netflix, who thought they scrubbed the Netflix Prize Dataset, was able to rid the data of your personal information. http://www.cs.utexas.edu/~shmat/netflix-faq.html We're living in a world where every web request writes to a log file. Those log files live for days, weeks, years, even decades, and depend on the admins running the site, not the Privacy Policy. If you've ever visited my site, I've kept those logs for 10 years. Your IP, your browser, all that crap. This is the internet. You are logged at almost every action you take, somewhere. It's easy to archive those logs, and hard to cull them of personally identifiable information. Because disk is cheap, we tend to horde data, not delete it. I'd like to see an independent source compare Mozilla's Privacy Policy to their actual practices, and see if they are truly leaders in personal privacy or just being hypocritical. And even if they do keep to their Privacy Policy, they provide a useful service, and I'm not breaking the law (that I know of). They can have my IP, what I search, what AddOns I've added, my crash signatures. At least I know what they have and that they will follow US Law and give it to authorities when properly requested. You don't get to have Privacy on the Internet. It's a fallacy. You have to work really hard to truly have privacy on the 'net. And lie a lot. Here's a pretty common line that Microsoft has that Google completely omits (or that I can't find): We do not sell, rent, or lease our customer lists to third parties. ~Seth
Re: news from Google
--- rich...@bennett.com wrote: From: Richard Bennett rich...@bennett.com Microsoft just wants your cash, but Google wants your personal information so they can sell it over and over again. The entire Google --- You need to study up on your corporate competition tactics more... scott
Re: news from Google
--- beck...@angryox.com wrote: From: Peter Beckman beck...@angryox.com At least Google seems to be honest about it. -- Yeah, trust them... --- What does Bing say they keep about you when you search, not logged into your Passport account? IP + searches, date and time? And what do they actually do? --- NOW you're getting warm. What IS the difference in what a corp says they do and what they actually do? --- What about Yahoo, now that they will use Bing? Or even AltaVista? How do we know the difference between the reality of what they do versus their Privacy Policy? Yahoo and Altavista are one and the same. Excite is owned by www.iac.com who own many other companies that collect and make money from knowing what you do. Webcrawler is owned by InfoSpace (www.infospaceinc.com). They are ALL making money doing the same thing. -- You don't get to have Privacy on the Internet. It's a fallacy. You have to work really hard to truly have privacy on the 'net. And lie a lot. -- Yes, you have to work hard and (one last time :-) DBS. Use your sniffers at home to see what's talking to what; manage your cookies; force your ISPs machinery to change your DHCP-assigned address a lot; use SSH tunnels, blah, blah, blah. In FF goto Tools, 'Options', 'Privacy', and select: Accept cookies from sites'; 'Accept third-party cookies'; 'Keep until: ask me every time just to get a taste. Be sure to click on 'Show Details' when the flood of cookies comes and pay attention to the details. Don't go to sites that bork when you use these settings any longer. Also, look in 'Show cookies' and 'Exceptions'. Funny how M$ won't let you do that in IE AFAICT. scott
Re: news from Google
On Fri, 11 Dec 2009, Seth Mattinen wrote: We want your money versus we want your life. I don't pay any of those search engines -- they make money off of advertising. Huh, just like Google. And to think that none of the search engines are taking that data and trying to build better products or services is naive. We are all likely breaking some law on a daily basis. Now this I agree with. There are so many laws, so many unenforced, that it is hard to know all of them, and to know which ones (in which state, city, local, or country!) you are breaking. You have the choice to be more private -- pay cash for everything, wear a hood or a mask to avoid being caught on camera, no EZpass, no bank account, no credit card, no cell phone, no phone at all, no Internet access. But that's kinda difficult to do, given that most of us have jobs and income based solely on this medium. The ease of logging and the human justifcation of hording that data pretty much prevents you from having a private life. Trust me, what you search on Google is much less valuable than your cell phone records, credit card statements and EZpass records. Your search records are just icing on the cake to the proscecutor. Here's a pretty common line that Microsoft has that Google completely omits (or that I can't find): We do not sell, rent, or lease our customer lists to third parties. Have you opted out of your credit card company from doing so? Do you feel as comfortable with your Credit Card company as you do with Google? Do you feel MORE comfortable with Microsoft managing your Credit Card? C'mon. Your personal information is so easily gotten right now it's silly for anyone to think that knowing Microsoft won't sell their customer lists will somehow protect you. Beckman --- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ ---
Re: news from Google
In FF goto Tools, 'Options', 'Privacy', and select: Accept cookies from sites'; 'Accept third-party cookies'; 'Keep until: ask me every time just to get a taste. Be sure to click on 'Show Details' when the flood of cookies comes and pay attention to the details. Don't go to sites that bork when you use these settings any longer. Also, look in 'Show cookies' and 'Exceptions'. Funny how M$ won't let you do that in IE AFAICT. Let's not forget about Flash LSOs and the nasty companies that offer services to replace your cookies if they're deleted. FF has BetterPrivacy for that. Only caveat is it drives websites like BoA and eBay bonkers .. they want to verify you every time you re-visit. Cheers, Michael Holstein Cleveland State University
Re: news from Google
On Fri, Dec 11, 2009 at 1:07 PM, Seth Mattinen se...@rollernet.us wrote: Peter Beckman wrote: Snip Here's a pretty common line that Microsoft has that Google completely omits (or that I can't find): We do not sell, rent, or lease our customer lists to third parties. ~Seth You aren't Bing's customer, you are a user. The line you quote, even if they follow it, would not prohibit them from selling any and all information they get from your searches. *yahoo* is Bing's customer. -- http://neon-buddha.net
BGP Update Report
BGP Update Report Interval: 03-Dec-09 -to- 10-Dec-09 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS845229130 1.0% 24.1 -- TEDATA TEDATA 2 - AS432327436 0.9% 6.2 -- TWTC - tw telecom holdings, inc. 3 - AS638926286 0.9% 6.2 -- BELLSOUTH-NET-BLK - BellSouth.net Inc. 4 - AS815120654 0.7% 12.9 -- Uninet S.A. de C.V. 5 - AS764318283 0.6% 39.5 -- VNN-AS-AP Vietnam Posts and Telecommunications (VNPT) 6 - AS35805 17304 0.6% 33.1 -- UTG-AS United Telecom AS 7 - AS17488 15302 0.5% 10.4 -- HATHWAY-NET-AP Hathway IP Over Cable Internet 8 - AS919814136 0.5% 29.9 -- KAZTELECOM-AS Kazakhtelecom Corporate Sales Administration 9 - AS20115 14112 0.5% 9.2 -- CHARTER-NET-HKY-NC - Charter Communications 10 - AS580013579 0.5% 71.1 -- DNIC-ASBLK-05800-06055 - DoD Network Information Center 11 - AS29049 13359 0.5% 45.9 -- DELTA-TELECOM-AS Delta Telecom LTD. 12 - AS14420 13323 0.5% 36.3 -- CORPORACION NACIONAL DE TELECOMUNICACIONES CNT S.A. 13 - AS17974 12481 0.4% 14.1 -- TELKOMNET-AS2-AP PT Telekomunikasi Indonesia 14 - AS982912150 0.4% 14.1 -- BSNL-NIB National Internet Backbone 15 - AS701812045 0.4% 7.5 -- ATT-INTERNET4 - ATT WorldNet Services 16 - AS773811978 0.4% 27.8 -- Telecomunicacoes da Bahia S.A. 17 - AS178511964 0.4% 6.7 -- AS-PAETEC-NET - PaeTec Communications, Inc. 18 - AS476611550 0.4% 6.0 -- KIXS-AS-KR Korea Telecom 19 - AS28477 10785 0.4%1198.3 -- Universidad Autonoma del Esstado de Morelos 20 - AS11492 10696 0.4% 9.3 -- CABLEONE - CABLE ONE, INC. TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS487542926 0.1%2926.0 -- SOBIS-AS SC SOBIS SOLUTIONS SRL 2 - AS393841696 0.1%1696.0 -- GUILAN-UNIV-AS University of Guilan AS System 3 - AS370354186 0.1%1395.3 -- MIC-AS 4 - AS28477 10785 0.4%1198.3 -- Universidad Autonoma del Esstado de Morelos 5 - AS362391173 0.0%1173.0 -- EXIGEN-CANADA - Exigen Canada 6 - AS41155 0.0% 533.0 -- Konecta, S. de R.L. de C.V. 7 - AS142511680 0.1% 840.0 -- MLSLI - Multiple Lising Service of Long Island, Inc. 8 - AS41368 705 0.0% 705.0 -- TVALMANSA-ASN TV ALMANSA, Servicios de Comunicacion 9 - AS229191368 0.1% 684.0 -- PCCNET - Portland Community College 10 - AS127326412 0.2% 582.9 -- bbTT GmbH 11 - AS33648 984 0.0% 492.0 -- ELEPHANT - ColoFlorida / Elephant Outlook 12 - AS39803 956 0.0% 478.0 -- UTI-AS SC UTI COMMUNICATIONS SYSTEMS SRL 13 - AS6009 421 0.0% 421.0 -- DNIC-ASBLK-05800-06055 - DoD Network Information Center 14 - AS281501239 0.0% 413.0 -- 15 - AS37786 688 0.0% 344.0 -- 16 - AS682210455 0.4% 316.8 -- SUPERONLINE-AS SuperOnline autonomous system 17 - AS43818 307 0.0% 307.0 -- MELLAT-AS bankmellat 18 - AS28052 303 0.0% 303.0 -- Arte Radiotelevisivo Argentino 19 - AS3944 767 0.0% 255.7 -- PARTAN-LAB - Partan Partan 20 - AS275631245 0.0% 249.0 -- SCANA - SCANA COMMUNICATIONS INC TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 200.13.36.0/2410689 0.4% AS28477 -- Universidad Autonoma del Esstado de Morelos 2 - 212.42.236.0/245694 0.2% AS12732 -- bbTT GmbH 3 - 203.162.118.128/ 4515 0.1% AS7643 -- VNN-AS-AP Vietnam Posts and Telecommunications (VNPT) 4 - 89.144.140.0/244233 0.1% AS39308 -- ASK-AS Andishe Sabz Khazar Autonomous System AS39384 -- GUILAN-UNIV-AS University of Guilan AS System 5 - 41.222.179.0/244150 0.1% AS37035 -- MIC-AS 6 - 143.138.107.0/24 3116 0.1% AS747 -- TAEGU-AS - Headquarters, USAISC 7 - 91.212.23.0/24 2926 0.1% AS48754 -- SOBIS-AS SC SOBIS SOLUTIONS SRL 8 - 222.255.186.0/25 2846 0.1% AS7643 -- VNN-AS-AP Vietnam Posts and Telecommunications (VNPT) 9 - 202.177.223.0/24 2430 0.1% AS17819 -- ASN-EQUINIX-AP Equinix Asia Pacific 12 - 192.12.120.0/242190 0.1% AS5691 -- MITRE-AS-5 - The MITRE Corporation 13 - 202.167.247.0/24 1803 0.1% AS17819 -- ASN-EQUINIX-AP Equinix Asia Pacific 14 - 212.253.13.0/241739 0.1% AS6822 -- SUPERONLINE-AS SuperOnline autonomous system 15 - 212.253.7.0/24 1739 0.1% AS6822 -- SUPERONLINE-AS SuperOnline autonomous system 16 - 212.253.6.0/24 1738 0.1% AS6822 --
The Cidr Report
This report has been generated at Fri Dec 11 21:11:26 2009 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
04-12-09310737 192817
05-12-09310870 192536
06-12-09310697 192398
07-12-09310614 191838
08-12-09310880 190765
09-12-09310972 191617
10-12-09310912 192007
11-12-09311684 190374
AS Summary
33116 Number of ASes in routing system
14097 Number of ASes announcing only one prefix
4367 Largest number of prefixes announced by an AS
AS4323 : TWTC - tw telecom holdings, inc.
92609472 Largest address span announced by an AS (/32s)
AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 11Dec09 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 308693 190327 11836638.3% All ASes
AS6389 4232 318 391492.5% BELLSOUTH-NET-BLK -
BellSouth.net Inc.
AS4323 4367 1944 242355.5% TWTC - tw telecom holdings,
inc.
AS1785 1791 345 144680.7% AS-PAETEC-NET - PaeTec
Communications, Inc.
AS4766 1780 474 130673.4% KIXS-AS-KR Korea Telecom
AS17488 1458 311 114778.7% HATHWAY-NET-AP Hathway IP Over
Cable Internet
AS22773 1123 71 105293.7% ASN-CXA-ALL-CCI-22773-RDC -
Cox Communications Inc.
AS8151 1586 659 92758.4% Uninet S.A. de C.V.
AS4755 1278 391 88769.4% TATACOMM-AS TATA
Communications formerly VSNL
is Leading ISP
AS19262 1044 236 80877.4% VZGNI-TRANSIT - Verizon
Internet Services Inc.
AS8452 946 263 68372.2% TEDATA TEDATA
AS18101 992 326 66667.1% RIL-IDC Reliance Infocom Ltd
Internet Data Centre,
AS10620 1002 338 66466.3% TV Cable S.A.
AS6478 1169 532 63754.5% ATT-INTERNET3 - ATT WorldNet
Services
AS18566 1059 444 61558.1% COVAD - Covad Communications
Co.
AS3356 1203 622 58148.3% LEVEL3 Level 3 Communications
AS24560 809 232 57771.3% AIRTELBROADBAND-AS-AP Bharti
Airtel Ltd., Telemedia
Services
AS4808 764 196 56874.3% CHINA169-BJ CNCGROUP IP
network China169 Beijing
Province Network
AS4134 1012 449 56355.6% CHINANET-BACKBONE
No.31,Jin-rong Street
AS4804 633 70 56388.9% MPX-AS Microplex PTY LTD
AS7303 665 103 56284.5% Telecom Argentina S.A.
AS7018 1588 1032 55635.0% ATT-INTERNET4 - ATT WorldNet
Services
AS17908 765 240 52568.6% TCISL Tata Communications
AS11492 1145 632 51344.8% CABLEONE - CABLE ONE, INC.
AS4780 634 139 49578.1% SEEDNET Digital United Inc.
AS22047 545 50 49590.8% VTR BANDA ANCHA S.A.
AS28573 821 351 47057.2% NET Servicos de Comunicao S.A.
AS9443 532 79 45385.2% INTERNETPRIMUS-AS-AP Primus
Telecommunications
AS5668 786 344 44256.2% AS-5668 - CenturyTel Internet
Holdings, Inc.
AS17676 564 129 43577.1% GIGAINFRA Softbank BB Corp.
AS35805 465 47 41889.9% UTG-AS United Telecom AS
Total 36758113672539169.1% Top 30 total
Possible Bogus Routes
41.223.92.0/22 AS36936 CELTEL-GABON Celtel Gabon Internet Service
41.223.188.0/24 AS22351 INTELSAT Intelsat Global BGP Routing Policy
Re: news from Google
If you aren't breaking the law, the government won't be looking for your data, and won't ask Google/Yahoo/Bing/AltaVista or other search companies for your data. That's an extremely naive view of how governments operate. To put it mildly. Steinar Haug, Nethelp consulting, sth...@nethelp.no
Re: news from Google
On Fri, 11 Dec 2009, Scott Weeks wrote: --- beck...@angryox.com wrote: From: Peter Beckman beck...@angryox.com At least Google seems to be honest about it. -- Yeah, trust them... I said seems. It's hard to verify if ANY company follows what is said in their Privacy Policy. --- What does Bing say they keep about you when you search, not logged into your Passport account? IP + searches, date and time? And what do they actually do? --- NOW you're getting warm. What IS the difference in what a corp says they do and what they actually do? Who knows? Since they won't let you check (then again, I never asked if I could), how do you know what they are really doing with the data you know they might have? --- What about Yahoo, now that they will use Bing? Or even AltaVista? How do we know the difference between the reality of what they do versus their Privacy Policy? Yahoo and Altavista are one and the same. Excite is owned by www.iac.com who own many other companies that collect and make money from knowing what you do. Webcrawler is owned by InfoSpace (www.infospaceinc.com). They are ALL making money doing the same thing. I don't see that trend slowing. So when you search on AltaVista, assuming AltaVista uses Yahoo and Yahoo using Bing, does AV, Yahoo! AND Microsoft (via Bing) all get a copy of that single search request and thusly your data? I'm guessing the 3 companies have different privacy policies that each apply to that data separately... makes your head spin. -- You don't get to have Privacy on the Internet. It's a fallacy. You have to work really hard to truly have privacy on the 'net. And lie a lot. -- Yes, you have to work hard and (one last time :-) DBS. Use your sniffers at home to see what's talking to what; manage your cookies; force your ISPs machinery to change your DHCP-assigned address a lot; use SSH tunnels, blah, blah, blah. That's a lot of work, more overhead than many are willing to put in. Maybe someday I'll eat my words, but I'm just not paranoid enough to work that hard to avoid search engines or other companies to log my use of their service. I'm more worried about all the data at the doctor's office, the federal government, credit card and reporting companies, phone companies, etc. and I'm not doing much about that either. In FF goto Tools, 'Options', 'Privacy', and select: Accept cookies from sites'; 'Accept third-party cookies'; 'Keep until: ask me every time just to get a taste. Be sure to click on 'Show Details' when the flood of cookies comes and pay attention to the details. Don't go to sites that bork when you use these settings any longer. Also, look in 'Show cookies' and 'Exceptions'. Funny how M$ won't let you do that in IE AFAICT. Using a combo of Ad Blocker Plus and NoScript in Firefox helps reduce that significantly, without all the popups. But yeah, it's hard to use the Internet and not get tracked by a bunch of different entities you know nothing about. Which gives further proof that my earlier statement rings true: You don't get to have Privacy on the Internet. It's a fallacy. You have to work really hard to truly have privacy on the 'net. And lie a lot. Beckman --- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ ---
Re: news from Google
If you aren't breaking the law, the government won't be looking for your data, and won't ask Google/Yahoo/Bing/AltaVista or other search companies for your data. Welcome to China, host country of IETF 79, the first IETF meeting that will break the record of VPN tunnels ... Also, what law ? what government ? Ask Yahoo about what happened in France about some collectible items, ask Dow Jones for distributing news in Australia that some guy didn't like, ask Google about providing search results that famous people don't want to see everywhere. On the other hand, name it Google, Yahoo, Bing, or whatever, their biz model is to make money based on information they collect about you (even in an abstract form) or that put through your throat as advertisement, but keep in mind that most of the time there is only one source for such information: You ;-) If you don't like it, get isolated, (I was going to say move to Mars but it won't work since it's already on Google's master plan and Vint's interplanetary network vision) move to Wassila and enjoy fishing alone. My .02 Jorge
Re: news from Google
On Fri, 11 Dec 2009, sth...@nethelp.no wrote: If you aren't breaking the law, the government won't be looking for your data, and won't ask Google/Yahoo/Bing/AltaVista or other search companies for your data. That's an extremely naive view of how governments operate. To put it mildly. That may be. But the government has a lot better data than what did Peter Beckman search for online in the last 12 years? Could it help them build a case against me? Sure. Should I be more careful about using search engines? Probably. I know there is TORbutton (easily turn on and off TOR) and tor-proxy.net plugins for Firefox, but is there a plugin that will use a user-defined proxy for certain user-defined sites/URLs (such as Google, Bing, etc) and allow one to surf directly on all other URLs? Or even a NoScript (whitelist) type deal that sends everything via a proxy except for those sites you decide to trust? That'd be handy to avoid this privacy stuff. Getting offtopic. You simply need to assume that every company who you reveal even small pieces of your identity or online persona will sell, reveal, badly secure or misuse the information you provide. I think this assumption is realistic, and that you need to be aware of it. Google is simply telling you what all the other companies already do -- archive their data, which you generated, and which can be used to identify you and against you in a court of law. I'm shocked that really smart people like Asa Dotzler are shocked by what Eric Schmidt said, what I assumed was simply common knowledge - that there is no real privacy on the internet. Beckman --- Peter Beckman Internet Guy beck...@angryox.com http://www.angryox.com/ ---
Re: news from Google
Here's a pretty common line that Microsoft has that Google completely omits (or that I can't find): We do not sell, rent, or lease our customer lists to third parties. LRMAO Or they just acquire the third party to keep it in house ...
Re: news from Google
Peter Beckman wrote: I'm shocked that really smart people like Asa Dotzler are shocked by what Eric Schmidt said, what I assumed was simply common knowledge - that there is no real privacy on the internet. On the Sprint 3G network... If [the handset uses] the [WAP] Media Access Gateway, we have the URL history for 24 months ... We don't store it because law enforcement asks us to store it, we store it because when we launched 3G in 2001 or so, we thought we were going to bill by the megabyte ... but ultimately, that's why we store the data ... It's because marketing wants to rifle through the data. http://www.infoworld.com/d/adventures-in-it/cell-phone-subterfuge-produces-nation-270-million-spies-090
Re: Is there anyone from ASPEWS on this list?
ASPEWS is listing 216.83.32.0/20 as being associated with the whole Atrivo incident of 2008. My memory does not recall 216.83.32.0/20 being involved, nor the provider that belongs to. Since nobody but the occasional highly vocal GWL uses ASPEWS, it's hard to see why one would care, but if you want to find ASPEWS, crank up your favorite usenet program, post a question to nanae, and watch the vitriol roll in. There might be a comment from ASPEWS in there. R's, John
Re: news from Google
Jorge Amodio wrote: LRMAO Coming from a gmail user... ~Seth
Re: news from Google
Peter Beckman wrote: Using a combo of Ad Blocker Plus and NoScript in Firefox helps reduce that significantly, without all the popups. But yeah, it's hard to use the Internet and not get tracked by a bunch of different entities you know nothing about. Which gives further proof that my earlier statement rings true: You don't get to have Privacy on the Internet. It's a fallacy. You have to work really hard to truly have privacy on the 'net. And lie a lot. I'm not naive enough to think all privacy policies reflect what a company is actually doing, but I'm surprised that people think Google protects their privacy at the same time they practically admitting they're selling your digital soul to whoever will pay for it. Hell, all you gmail users on this list right now are feeding the machine with all our data. The part that gets me: everyone seems happy with this. ~Seth
Re: news from Google
LRMAO Coming from a gmail user... Yes, and very satisfied with their service (not happy with the line wraps though and plain text formatting), very convenient to receive messages from e-mail lists and a more efficient way to deal with spam and other nuisances. I've to admit that actually MSFT online privacy notice (which it is not clear if it's equal to their privacy policy) includes the statement you mentioned in your message, but you forgot to include the rest ... From http://privacy.microsoft.com/en-us/default.mspx : (short version, if you want all the yada yada you need to click on Additional Details) Personal Information - When you register for certain Microsoft services, we will ask you to provide personal information. - The information we collect may be combined with information obtained from other Microsoft services and other companies. - We use cookies and other technologies to keep track of your interactions with our sites and services to offer a personalized experience. Uses of Information -We use the information we collect to provide the services you request. Our services may include the display of personalized content and advertising. - We use your information to inform you of other products or services offered by Microsoft and its affiliates, and to send you relevant survey invitations related to Microsoft services. - We do not sell, rent, or lease our customer lists to third parties. In order to help provide our services, we occasionally provide information to other companies that work on our behalf. And then there is another section that is related to Your Choices, but nowhere (and I'm not saying that others provide this option either) says you opt to keep all the information Microsoft collects about you private and not shared with affiliates (very vague term) or other companies working on their behalf (ie the telemarketers bothering you at home in the middle of your favorite football game to sell something you don't need). Every single provider that collects information about you tries to find the way to monetize it and make some extra bucks. Cheers Jorge
RE: Is there anyone from ASPEWS on this list?
William Pitcock wrote:
Cernal and Atrivo are two different entities, Atrivo used to host
Cernal, but now they have different hosting arrangements.
I now understand the original point you were trying to make about Atrivo. I
disagree with your premise that it is actually a different entity than Cernel,
but am not trying to debate that on this list for various reasons.
Acting under my (incorrect or correct) assumption that they are in fact the
same entity, I made my post to show that the boys were back.
That is, for a decent amount of time, parts of 85.255.112.0/20 were not being
advertised, and hence the dns hijacking pointing selected http traffic to
67.210.0.0/20 wasn't happening.
My point was that it (fairly) recently started being advertised again, and it
was the same old song and dance wrt dns/http hijacking/fraud.
Regards,
Alex Lanstein
FireEye, Inc.
From: William Pitcock [neno...@systeminplace.net]
Sent: Friday, December 11, 2009 3:35 PM
To: Alex Lanstein
Cc: nanog@nanog.org
Subject: RE: Is there anyone from ASPEWS on this list?
On Fri, 2009-12-11 at 09:55 -0800, Alex Lanstein wrote:
Also, the fact that Atrivo is *dead* and this
stuff is still listed means that anyone who gets
those blocks from ARIN next are basically screwed
Why would you say Atrivo is dead?
r...@localhost --- {~} nslookup www.googleadservices.com 85.255.114.83
Server: 85.255.114.83
Address:85.255.114.83#53
Name: www.googleadservices.com
Address: 67.210.14.113
That is Cernal, and it is hosted in Russia now.
Cernal and Atrivo are two different entities, Atrivo used to host
Cernal, but now they have different hosting arrangements.
Can people get a clue and understand this very critical difference?
Thanks.
William
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
RE: Is there anyone from ASPEWS on this list?
On Fri, 2009-12-11 at 17:25 -0800, Alex Lanstein wrote: William Pitcock wrote: Cernal and Atrivo are two different entities, Atrivo used to host Cernal, but now they have different hosting arrangements. I now understand the original point you were trying to make about Atrivo. I disagree with your premise that it is actually a different entity than Cernel, but am not trying to debate that on this list for various reasons. Then why did you make the post? Acting under my (incorrect or correct) assumption that they are in fact the same entity, I made my post to show that the boys were back. They are separate entities, and Cernal hosts with other providers, and did so while Atrivo existed as well. Infact, read below for some poignant analysis on this fact. That is, for a decent amount of time, parts of 85.255.112.0/20 were not being advertised, and hence the dns hijacking pointing selected http traffic to 67.210.0.0/20 wasn't happening. My point was that it (fairly) recently started being advertised again, and it was the same old song and dance wrt dns/http hijacking/fraud. That doesn't surprise me, but I see it coming from Amazon EC2. Infact, traceroutes end at 67.210.14.1, which is a router servicing the EC2 cloud. 85.255.112.0/20 appears to be announced by Bandcon / Internet-Path in the NYC area. I believe that Amazon EC2's NYC cloud uses these providers, but not 100% sure on that one. Regardless, Amazon EC2 is not Atrivo, at all, period, and if you believe that it is, you're bloody crazy. William
Re: news from Google
Seth Mattinen wrote: Hell, all you gmail users on this list right now are feeding the machine with all our data. The part that gets me: everyone seems happy with this. This list has public archives that are already crawled and archived by Google. For example: http://www.merit.edu/mail.archives/nanog/threads.html http://seclists.org/nanog/2009/Dec/434 Subscribing to the list with a gmail account doesn't change anything about what Google knows about the list or list members. The part that gets me is that you don't already understand this. jc
Re: Is there anyone from ASPEWS on this list?
On Fri, 2009-12-11 at 23:39 +, John Levine wrote: ASPEWS is listing 216.83.32.0/20 as being associated with the whole Atrivo incident of 2008. My memory does not recall 216.83.32.0/20 being involved, nor the provider that belongs to. Since nobody but the occasional highly vocal GWL uses ASPEWS, it's hard to see why one would care, but if you want to find ASPEWS, crank up your favorite usenet program, post a question to nanae, and watch the vitriol roll in. There might be a comment from ASPEWS in there. Well, I just want to reach SORBS to clear up some confusion regarding what ranges of mine are dynamic (e.g. none of them, but they seem to think otherwise). Unfortunately, e-mail to SORBS bounces due to ethr.net being listed in ASPEWS as being part of Atrivo. I think it is kind of fail that RBL people do not have e-mail based contact addresses. Snoozenet is unpleasant to deal with. William
Re: news from Google
This list has public archives that are already crawled and archived by Google. For example: http://www.merit.edu/mail.archives/nanog/threads.html http://seclists.org/nanog/2009/Dec/434 Subscribing to the list with a gmail account doesn't change anything about what Google knows about the list or list members. Indeed. BTW I'm impressed about how fast particularly the messages archived by insecure.org show up on the search results. Jorge
Re: Is there anyone from ASPEWS on this list?
So write to her from a gmail account. APEWS is pretty kooky, and I'm kind of surprised if SORBS is using it. On Fri, 2009-12-11 at 23:39 +, John Levine wrote: ASPEWS is listing 216.83.32.0/20 as being associated with the whole Atrivo incident of 2008. My memory does not recall 216.83.32.0/20 being involved, nor the provider that belongs to. Since nobody but the occasional highly vocal GWL uses ASPEWS, it's hard to see why one would care, but if you want to find ASPEWS, crank up your favorite usenet program, post a question to nanae, and watch the vitriol roll in. There might be a comment from ASPEWS in there. Well, I just want to reach SORBS to clear up some confusion regarding what ranges of mine are dynamic (e.g. none of them, but they seem to think otherwise). Unfortunately, e-mail to SORBS bounces due to ethr.net being listed in ASPEWS as being part of Atrivo. I think it is kind of fail that RBL people do not have e-mail based contact addresses. Snoozenet is unpleasant to deal with. William Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor More Wiener schnitzel, please, said Tom, revealingly.
Re: news from Google
JC Dill wrote: The part that gets me is that you don't already understand this. Can you please be nice? I didn't throw personal attacks at you. ~Seth
Re: news from Google
JC Dill wrote: Seth Mattinen wrote: Hell, all you gmail users on this list right now are feeding the machine with all our data. The part that gets me: everyone seems happy with this. This list has public archives that are already crawled and archived by Google. For example: http://www.merit.edu/mail.archives/nanog/threads.html http://seclists.org/nanog/2009/Dec/434 Subscribing to the list with a gmail account doesn't change anything about what Google knows about the list or list members. Those URL's don't seem to include google.com in them. Maybe I'm misreading them. Crawlers can be excluded with robots.txt if so chosen by the site owner so long as google respects said file. Some lists also respect a no archive header that some people choose to include with their messages. Preventing my email to gmail from entering their vast database of whatever they track doesn't have any such control features that I'm aware of. If there are, I'll stand corrected. ~Seth
Re: Is there anyone from ASPEWS on this list?
William Pitcock wrote: On Fri, 2009-12-11 at 23:39 +, John Levine wrote: ASPEWS is listing 216.83.32.0/20 as being associated with the whole Atrivo incident of 2008. My memory does not recall 216.83.32.0/20 being involved, nor the provider that belongs to. Since nobody but the occasional highly vocal GWL uses ASPEWS, it's hard to see why one would care, but if you want to find ASPEWS, crank up your favorite usenet program, post a question to nanae, and watch the vitriol roll in. There might be a comment from ASPEWS in there. Well, I just want to reach SORBS to clear up some confusion regarding what ranges of mine are dynamic (e.g. none of them, but they seem to think otherwise). Unfortunately, e-mail to SORBS bounces due to ethr.net being listed in ASPEWS as being part of Atrivo. You should still be able to submit a ticket to SORBS, no? I was always under the impression that it was open a ticket and wait or you are moved to the back of the line with SORBS. ~Seth
Re: Is there anyone from ASPEWS on this list?
On Fri, 11 Dec 2009 18:48:35 -0800 Seth Mattinen se...@rollernet.us wrote: William Pitcock wrote: On Fri, 2009-12-11 at 23:39 +, John Levine wrote: ASPEWS is listing 216.83.32.0/20 as being associated with the whole Atrivo incident of 2008. My memory does not recall 216.83.32.0/20 being involved, nor the provider that belongs to. Since nobody but the occasional highly vocal GWL uses ASPEWS, it's hard to see why one would care, but if you want to find ASPEWS, crank up your favorite usenet program, post a question to nanae, and watch the vitriol roll in. There might be a comment from ASPEWS in there. Well, I just want to reach SORBS to clear up some confusion regarding what ranges of mine are dynamic (e.g. none of them, but they seem to think otherwise). Unfortunately, e-mail to SORBS bounces due to ethr.net being listed in ASPEWS as being part of Atrivo. You should still be able to submit a ticket to SORBS, no? I was always under the impression that it was open a ticket and wait or you are moved to the back of the line with SORBS. More like pay our ransom or FOAD. Why I never use them -- John
Re: news from Google
This list has public archives that are already crawled and archived by Google. For example: http://www.merit.edu/mail.archives/nanog/threads.html http://seclists.org/nanog/2009/Dec/434 Subscribing to the list with a gmail account doesn't change anything about what Google knows about the list or list members. Those URL's don't seem to include google.com in them. Maybe I'm misreading them. Crawlers can be excluded with robots.txt if so chosen by the site owner so long as google respects said file. Some lists also respect a no archive header that some people choose to include with their messages. http://www.google.com/search?hl=enrlz=1C1CHNU_enUS355US353q=%22Preventing+my+email+to+gmail+from+entering%22aq=foq=aqi=
Re: news from Google
Jorge Amodio wrote: http://www.google.com/search?hl=enrlz=1C1CHNU_enUS355US353q=%22Preventing+my+email+to+gmail+from+entering%22aq=foq=aqi= I didn't get any results from that link. ~Seth
Re: news from Google
Seth Mattinen wrote: JC Dill wrote: Seth Mattinen wrote: Hell, all you gmail users on this list right now are feeding the machine with all our data. The part that gets me: everyone seems happy with this. This list has public archives that are already crawled and archived by Google. For example: http://www.merit.edu/mail.archives/nanog/threads.html http://seclists.org/nanog/2009/Dec/434 Subscribing to the list with a gmail account doesn't change anything about what Google knows about the list or list members. Those URL's don't seem to include google.com in them. Maybe I'm misreading them. I *found* them by searching with Google. I found the second link by searching for a unique phrase from your email: http://www.google.com/search?q=nanog+%22feeding+the+machine A mere 1 hour after you emailed it to the NANOG list, Google web search has that email archived from the website on seclists.org. Crawlers can be excluded with robots.txt if so chosen by the site owner so long as google respects said file. Google does respect that file, but you are counting on other subscribers respecting the site owner's wishes regarding web archives. In my experience, this has become a futile fight. If the list doesn't have a web accessible archive, it's likely one of the list's subscribers might start their own archive or have it archived with one of the many archive sites e.g. gmane. Some lists also respect a no archive header that some people choose to include with their messages. If you are emailing a publicly archived mailing list that you know is web archived and likely spidered by Google, a no archive header is mostly useless. When someone replies to your email (as I'm doing now) your quoted text in the reply will be archived, preserving what you posted to the list. At best, the no archive header merely messes up threading. The no archive header idea never really worked in the first place - witness all the old usenet server posts that ended up on dejagoogle even when the posts had no archive headers. Preventing my email to gmail from entering their vast database of whatever they track doesn't have any such control features that I'm aware of. Preventing any email you send to anyone from being leaked out to the public is something you have no control of. I.e. the CRU hacked email controversy. If you don't want what you write to be posted on or archived on the internet and findable with web searches, don't use the internet to write or transmit it. Even then, you are at risk of someone scanning and posting what you write. As a NANOG subscriber you should be clueful enough to know all of this already. So what's the big issue here? jc
Re: news from Google
JC Dill wrote: Seth Mattinen wrote: snipped What I mean was that everyone seems happy with the whole don't do anything you don't want anyone knowing thing, then this tangent started. There must be things you don't want people to know that have nothing to do with a potential issue with law enforcement, no? Companies that use gmail must not want trade secrets or IP to be considered fair game for everyone to know? ~Seth
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
Joe Greco wrote: Everyone knows a NAT gateway isn't really a firewall, except more or less accidentally. There's no good way to provide a hardware firewall in an average residential environment that is not a disaster waiting to happen. Gotta love it. A proven technology, successfully implemented on millions of residential firewalls isn't really a firewall, but rather a disaster waiting to happen. Make you wonder what disaster and when exactly it's going to happen? Simon Perreault wrote: We have thus come to the conclusion that there shouldn't be a NAT-like firewall in IPv6 home routers. And that, in a nutshell, is why IPv6 is not going to become widely feasible any time soon. Whether or not there should be NAT in IPv6 is a purely rhetorical argument. The markets have spoken, and they demand NAT. Is there a natophobe in the house who thinks there shouldn't be stateful inspection in IPv6? If not then could you explain what overhead NAT requires that stateful inspection hasn't already taken care of? Far from the issue some try to make it out to be, NAT is really just a component of stateful inspection. If you're going to implement statefulness there is no technical downside to implementing NAT as well. No downside, plenty of upsides, no brainer... Roger Marquis
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
On Fri, 11 Dec 2009, Roger Marquis wrote: Joe Greco wrote: Everyone knows a NAT gateway isn't really a firewall, except more or less accidentally. There's no good way to provide a hardware firewall in an average residential environment that is not a disaster waiting to happen. Gotta love it. A proven technology, successfully implemented on millions of residential firewalls isn't really a firewall, but rather a disaster waiting to happen. Make you wonder what disaster and when exactly it's going to happen? Simon Perreault wrote: We have thus come to the conclusion that there shouldn't be a NAT-like firewall in IPv6 home routers. And that, in a nutshell, is why IPv6 is not going to become widely feasible any time soon. Whether or not there should be NAT in IPv6 is a purely rhetorical argument. The markets have spoken, and they demand NAT. Is there a natophobe in the house who thinks there shouldn't be stateful inspection in IPv6? If not then could you explain what overhead NAT requires that stateful inspection hasn't already taken care of? Far from the issue some try to make it out to be, NAT is really just a component of stateful inspection. If you're going to implement statefulness there is no technical downside to implementing NAT as well. No downside, plenty of upsides, no brainer... Nobodoy thinks that statefull firewall is not necessary for IPv6. If you want to particiapte the discussion then comment the IETF v6ops document: http://www.ietf.org/id/draft-ietf-v6ops-cpe-simple-security-08.txt Best Regards, Janos Mohacsi
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
On 11/12/2009, at 11:56 PM, Simon Perreault wrote: We *know* that if a worm puts up a popup that says Enable port 33493 on your firewall for naked pics of.. that port 33493 will get opened anyhow, so we may as well automate the process and save everybody the effort. Not if the victim doesn't have rights on the firewall (e.g. enterprise). Would you be using Consumer Grade - IPV6 Enabled Router Firewalls in the enterprise? 'cos if you would, I think I might have entered the wrong thread :) - mark -- Mark Newton Email: new...@internode.com.au (W) Network Engineer Email: new...@atdot.dotat.org (H) Internode Pty Ltd Desk: +61-8-82282999 Network Man - Anagram of Mark Newton Mobile: +61-416-202-223
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
On 12/12/2009, at 12:11 AM, Simon Perreault wrote: We have thus come to the conclusion that there shouldn't be a NAT-like firewall in IPv6 home routers. Eh? What does NAT have to do with anything? We already know that IPv6 residential firewalls won't do NAT, so why bring it into this discussion at all? Some of us are trying to formulate and offer real-life IPv6 services to our marketplaces before IPv4 runs out, and the vendors simply aren't interested in being there to help us out. Pointless distractions about orthogonal issues that don't matter (e.g., NAT) don't help at all. FWIW, I asked Fred Baker about this at the IPv6 Forum meeting in Australia this week. He'd just handled another question about the memory requirements required for burgeoning routing table growth by saying that if routers need extra RAM then routers with extra RAM will appear on the market, because if you're prepared to pay money for it, we'll try to sell it to you. So I asked, I'm prepared to pay money for IPv6-capable ADSL2+ CPE. Are you prepared to sell it to me? and he said, Yes, just not with our firmware. Which I thought was a bit of a cop-out, given that it was one of our customers who developed the IPv6 openwrt support in the first place, with zero support from Fred's employer, after we'd spent two years hassling them about their lack of action. ... and this is in the same week when, in the context of IPv6, someone else asked me how many units of their gear we'd ship (Zero. You don't have a product with the features we need so we'll use one of your competitors instead. Lets revisit this when you're prepared to have a conversation that doesn't include `lack of market demand' as a reason for not doing it.) Argh. Disillusionment, much? - mark -- Mark Newton Email: new...@internode.com.au (W) Network Engineer Email: new...@atdot.dotat.org (H) Internode Pty Ltd Desk: +61-8-82282999 Network Man - Anagram of Mark Newton Mobile: +61-416-202-223
Re: Consumer Grade - IPV6 Enabled Router Firewalls.
On 12/12/2009, at 4:15 PM, Roger Marquis wrote: Is there a natophobe in the house who thinks there shouldn't be stateful inspection in IPv6? If not then could you explain what overhead NAT requires that stateful inspection hasn't already taken care of? I handwave past all that by pointing out (as you have) that stateful inspection is just a subset of NAT, where the inside address and the outside address happen to be the same. (in the same way that the SHIM6 middleware boxes which were proposed but never built were /also/ just subsets of NAT, with the translation rules controlled by the SHIM6 protocol layers on the hosts... but we weren't allowed to call them NAT gateways, because IPv6 isn't supposed to have any NAT in it :) - mark -- Mark Newton Email: new...@internode.com.au (W) Network Engineer Email: new...@atdot.dotat.org (H) Internode Pty Ltd Desk: +61-8-82282999 Network Man - Anagram of Mark Newton Mobile: +61-416-202-223
