RE: Re: SORBS on autopilot?
Oh well, there's an approach where one splits users into residential and business, meaning that residential is only downloading, surfing, ... without need of providing any services back to the 'net. At least with IPv6 one has to rethink this position as there finally is end-to-end communication and everybody with a limited upload bandwidth can multicast his content to half of the world (crossing fingers). inetnum: 82.150.208.0 - 82.150.208.255 netname: AT-HOTZE-NET descr: hotze.com GmbH descr: DSL wholesale country: AT Our position is that we sell internet access at the IP level, a pure IP pipe - nothing less and nothing more. The customer can have his own PTR-record with a name matching his domain, he can set up a server or not. All IPs are static (no need to hassle with DHCP pools, matching IP to timedate to user for law enforcment). Every customer is served the same according to his service plan. And we don't make any decisions wether the customer is residential or business - simple as that. I won't feel happy with an ISP who wants to make this decision for me. greetings, martin AS8596 / hotze.com GmbH / Austria -Original Message- Date: Tue, 12 Jan 2010 12:42:58 -0500 From: Steven Champeon scham...@hesketh.com Subject: Re: SORBS on autopilot? To: nanog@nanog.org (...) just to pick a few. At the very least, customer-assigned blocks ought to have a SWIP and a comment showing whether they're dynamic or static, residential or business class, and so forth. A surprising example, given the paucity of such examples in the .pl TLD, is dialog.net.pl, which does exactly that: inetnum:87.105.24.0 - 87.105.24.255 netname:DIALOGNET descr: Static Broadband Services descr: Telefonia Dialog S.A. - Dialog Telecom country:PL inetnum:62.87.215.0 - 62.87.215.255 netname:DIALOGNET descr: Dynamic Broadband Services descr: Telefonia Dialog S.A. - Dialog Telecom country:PL So, if the Poles (well, some Poles) can do it, why can't we simply end the endless back and forth over why SORBS is evil, and start adopting sane and clear naming conventions for PTRs? Given how easy it is to modify a $GENERATE statement, I should think you've spent far more energy on arguing about why you're being wronged than it would have taken to fix your problem.
Re: Senderbase contact
I will forward your email to the admin them of senderbase. -Dennis On Jan 12, 2010, at 10:36 AM, Drew Weaver wrote: Any Senderbase contacts on list? I am having problems getting some questions answered through normal channels. thanks, -Drew
SORBS contact
Hello, I did try to reach someone at SORBS using their contact forms on the website. Somehow no action was taken and I also didn't get a response. Could someone from SORBS contact me? I need an issue to be resolved. With kind regards, Mark Scholten SinnerG BV
Re: SORBS on autopilot?
On Tue, Jan 12, 2010 at 11:11:13AM -0800, Michael Thomas wrote: Blocking generic and residential addresses is the single most effective thing we've ever done to reduce spam. Really? You mean that if you stopped doing this you'd have trillions, or quadrillions of spams per day instead now? I'm skeptical. The original statement is accurate, and becomes nearly an absolute if qualified with the addition of ...from zombies. This is common knowledge among everyone with sufficient $clue in the field, and has been for most of the past decade. Remaining research/discussion/debate is now focused on how best to enumerate such space, either by PTR or by allocation. Given that the zombie population continues to monotonically increase with no sign that the trend will reverse, and given that precious few owner/operators of such space have taken appropriate, timely and effective actions to staunch the flow of outbound abuse from the zombies within their operations, it seems reasonable that this tactic will remain extremely useful into the forseeable future. Once again, I direct those interested to the spam-l list (and its archives) where copious discussion on these points may be found, and is much more on-topic than here on NANOG. ---Rsk
RE: I don't need no stinking firewall!
-Original Message- From: Bruce Curtis [mailto:bruce.cur...@ndsu.edu] Sent: Tuesday, January 12, 2010 5:14 PM To: NANOG list Subject: Re: I don't need no stinking firewall! SNIP IMO you're better off making sure only the services you intend to provide are listening, and that those services are hardened appropriately for public exposure. OK. This is obvious to anyone with experience in these things. But I also believe in a layered approach. It never hurts to add more layers to prevent human error or even internal breaches as the different systems are under the control of different equipment (servers, routers, switches, security devices). It's like two supports holding up something without knowing if the other one is doing its job. Both need to pull the full weight in case the other fails. I disagree. Never is pretty absolute. If that were true there would be no limit to the number of layers. I'm with you, but you get my sentiment without being too literal. :) Realistically I have experienced the harm from having firewalls in the network path. I've experienced harm from routers in the network path. If you use the tool correctly and with full knowledge of its limitations, then you will be able to avoid harm and add functionality/security/value... whatever the goal is. I have witnessed too many video sessions that either couldn't be started or had the sessions dropped prematurely because of firewalls. So putting a firewall that can't handle your traffic in your network path sounds like a bad idea FOR YOU. :) When the worms were infecting machines a couple of years ago our network was robust and stable and I identified and blocked infected machines quickly. Other universities shut down their residence halls or large portions of their network because their firewalls rolled over and died otherwise from all of the scanning from inside their network. I remember hearing about this type of thing. I'm sorry for this learning lesson, but that doesn't mean that firewalls are bad or that stateful inspection is bad. It means that it was a bad choice for your environment. I have talked to universities who consider the firewall the canary of the network world, its the first box in the network to cease functioning when there is a problem. I think this type of assertion is just folly. I would say that some universities (full of all those really smart people ;) should be able to discern that a monkey wrench was being used to do the job of a hammer, or vice versa. The problem was not the tool, but the person who used the wrong tool for the job at hand. Others have already mentioned the troubleshooting nightmares that firewalls generate, I would consider that a harm also. I've had one of those troubleshooting nightmares before. It was due to MY IGNORANCE of what I was doing. The firewall is not causing the nightmare. Ignorance is. My last statement on this thread is that if you use a tool in the wrong way, you will either break the tool, or the item you are using it on. If you don't know how to use a tool, learn before you try. If you try first, you will learn later (Here comes that nightmare) how the tool does/doesn't work. Specific examples of failure are not failures of the device, but failures of the implementer(s) to correctly use the tool with the obvious exception of vendors not being truthful about the tools capabilities. Please no more examples of specific failures of firewalls. We all know that they were designed by Satan himself to destroy our networks and bring about the Antichrist. ;) - Brian CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, copying, use, disclosure, or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. Thank you.
Re: I don't need no stinking firewall!
Lots of interesting technical information in this thread. Mixed with a healthy dose of religion/politics :-) I suspect that most people are going to keep doing what they are doing. In our environment, at the transport level, we have moved from stateful towards stateless, as it has proved to be operationally simpler and more resilient. At the same time some of our application people have seen the need to put their servers behind stateful Layer 7 firewalls (I say why stop at Layer 7?) Here is a thought experiment: Replace all the routers on the Internet with stateful firewalls. What happens? Replace all the stateful firewalls on the Internet with stateless packet filters. What is the result? -- Tim: Sent from Brooklyn, NY, United States
ICSI Netalyzr launch #2
Folks, you may recall that last June we released a beta version of Netalyzr, a Java applet you can run by surfing to netalyzr.icsi.berkeley.edu (or to netalyzr.com). It measures a bunch of the properties of an end user's network access, particularly looking for transparent modifications (e.g., hidden proxies or blocking), connectivity restrictions, DNS modifications, and some security issues (e.g., whether the DNS resolver is vulnerable to the Kaminsky attack). You can see a sample report at: http://netalyzr.icsi.berkeley.edu/restore/id=example-session That launch was fairly successful (~50K users). Since then we've been working on a bunch of improvements, and today we've gone out of beta with an updated version, so you may be hearing about reports your customers have gotten from it. Also, as Netalyzr forms the foundation for a large-scale measurement study of the Internet's edge, to the degree that you pass along the word so that more people run it, that would be highly helpful with us gathering comprehensive data for the project. Thanks, Vern Vern Paxson Associate Professor EECS Department 737 Soda Hall - MC 1776 University of California Berkeley, CA, USA 94720-1776 +1 510 643-4209 v...@eecs.berkeley.edu
cable provider problems yesterday around 1pm EST?
Is anyone aware of any routing problems with any cable providers yesterday around 1pm EST? Thanks! -- Rich
Re: more news from Google
On Jan 13, 2010, at 2:18 AM, Benjamin Billon wrote: Seems logical, after all. Considering the (bad) performances of Google search engine in China compared to Chinese competitors, and considering the fact that wouldn't change a bit in the future, closing offices wouldn't be a bad thing. That doesn't mean closing RD centers. Baidu has ~63%, Google has ~31%. Q4 2009 was Google's best Q in China ever. While I admit that 31% is not the market share Google usually enjoys, it certainly is not horrible. Most companies would love to have 1/3 of a market as big and growing as China. Oh, and I prefer Google over Baidu when I'm in China (which is frequently). Their results are better, and I can get some in English. :) -- TTFN, patrick Le 13/01/2010 06:24, Ken Chase a écrit : I must say I'll have to take a step back from my previous position/postings having read this article. I just can't figure out their /ANGLE/. :)/cynic http://googleblog.blogspot.com/2010/01/new-approach-to-china.html Well played, google? /kc
Re: more news from Google
On Jan 13, 2010, at 2:05 AM, Stefan Fouant wrote: I for one would be really happy to see them follow through with this. I was very disappointed when they agreed to censor search results, although I can understand why they did so from a business standpoint... it seemed to go against the google mantra of do no evil... I'm skeptical if they'll go through with it... According to their spokesperson, they have already stopped censoring. That sounds a bit iffy to me. It's one thing to say we want to stop censoring, and will pull out if you don't let us, and we are breaking the law, nah, nah, nah. You don't like the law, don't do biz in that country. But blatantly breaking a law is bad joo-joo. -- TTFN, patrick -Original Message- From: Ken Chase [mailto:m...@sizone.org] Sent: Wednesday, January 13, 2010 12:24 AM To: nanog@nanog.org Subject: more news from Google I must say I'll have to take a step back from my previous position/postings having read this article. I just can't figure out their /ANGLE/. :) /cynic http://googleblog.blogspot.com/2010/01/new-approach-to-china.html Well played, google? /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: more news from Google
* Patrick W. Gilmore: You don't like the law, don't do biz in that country. But blatantly breaking a law is bad joo-joo. I think we all consider their approach to copyright law refreshing and useful, so there are certainly laws worth breaking. 8-)
Re: cable provider problems yesterday around 1pm EST?
Rich Casto expunged (richca...@gmail.com): Is anyone aware of any routing problems with any cable providers yesterday around 1pm EST? Thanks! I dare you to be more vague -Steve
Re: cable provider problems yesterday around 1pm EST?
On Wed, Jan 13, 2010 at 8:23 AM, Steve Meuse sme...@mara.org wrote: Rich Casto expunged (richca...@gmail.com): Is anyone aware of any routing problems with any cable providers yesterday around 1pm EST? Thanks! I dare you to be more vague -Steve Has anyone had any problems this past week. Y'know...'problems'...? Matt
Re: cable provider problems yesterday around 1pm EST?
Were there any problems on the internet at 1 PM EST yesterday :) But honestly which provider and in what area? On Wed, Jan 13, 2010 at 11:23 AM, Steve Meuse sme...@mara.org wrote: Rich Casto expunged (richca...@gmail.com): Is anyone aware of any routing problems with any cable providers yesterday around 1pm EST? Thanks! I dare you to be more vague -Steve
Re: BGP testbed tools
2010/1/12 Łukasz Bromirski luk...@bromirski.net: On 2010-01-12 21:27, Ben Jencks wrote: This is obviously a rookie question, but I haven't found anything by searching. I'm looking to set up a small testbed to simulate our internal network topology, and I want to have a realistic BGP table from the fake upstream routers. Ideally what I'd like to do is dump the BGP table from our production routers, strip the immediate neighbor AS, and load the table into Quagga or OpenBGPD to advertise. I'm running into two problems: how do you dump BGP tables in a machine-parseable format from IOS, and how do you make the route server advertise the routes as they were in the original table, including the full AS-path, communities, etc? If Quagga/OpenBGPD aren't the right tools, I'm happy to use something else. Use libbgpdump from ris.ripe.net to get raw data from http://data.ris.ripe.net/ (you're looking for newest bview file), and dump them using bgpdump to something easily to parse. Then using bgpsimple (from googlecode) simulate a peer with specific number of prefixes advertised - up to the limit of the contents of the file. You can spoof next-hop, AS, etc. As for the attribute manipulation, fire up a couple of VMWare/VirtualBox/vimage instances with quagga/openbgpd to accept the prefixes from bgpsimple and mangle them in some manner. Thanks everyone. bgpsimple ended up being the tool I wanted, and I just used the RIPE data. If I was more adventurous I would have hooked Quagga up with a BGP session to the production routers and generated my own dumps, but the RIPE data was good enough for now. -Ben
Re: more news from Google
On Jan 13, 2010, at 11:14 AM, Patrick W. Gilmore wrote: On Jan 13, 2010, at 2:05 AM, Stefan Fouant wrote: I for one would be really happy to see them follow through with this. I was very disappointed when they agreed to censor search results, although I can understand why they did so from a business standpoint... it seemed to go against the google mantra of do no evil... I'm skeptical if they'll go through with it... According to their spokesperson, they have already stopped censoring. That sounds a bit iffy to me. It's one thing to say we want to stop censoring, and will pull out if you don't let us, and we are breaking the law, nah, nah, nah. I assume that this is coupled with the message that they will pull out of China. http://news.bbc.co.uk/2/hi/business/8455712.stm I think it is the modern corporate equivalent of recalling your ambassador. Regards Marshall You don't like the law, don't do biz in that country. But blatantly breaking a law is bad joo-joo. -- TTFN, patrick -Original Message- From: Ken Chase [mailto:m...@sizone.org] Sent: Wednesday, January 13, 2010 12:24 AM To: nanog@nanog.org Subject: more news from Google I must say I'll have to take a step back from my previous position/postings having read this article. I just can't figure out their /ANGLE/. :) /cynic http://googleblog.blogspot.com/2010/01/new-approach-to-china.html Well played, google? /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: SORBS on autopilot?
On Wed, 13 Jan 2010 09:07:28 +0100, Martin Hotze said: ... without need of providing any services back to the 'net. At least with IPv6 one has to rethink this position as there finally is end-to-end communication as we finally *return to* end-to-end communication. An important distinction. pgpZ7GTcaqP2S.pgp Description: PGP signature
Re: cable provider problems yesterday around 1pm EST?
We experienced connectivity loss from both our Level 3 and ATT connections to our telecommuter population who primarily use the following cable providers: Time-Warner (RoadRunner), Cox, and Comcast. Our ATT circuits go into NYC and our Level 3 goes into Newark, NJ. -- Rich On Wed, Jan 13, 2010 at 11:29 AM, Ronald Cotoni seti...@gmail.com wrote: Were there any problems on the internet at 1 PM EST yesterday :) But honestly which provider and in what area? On Wed, Jan 13, 2010 at 11:23 AM, Steve Meuse sme...@mara.org wrote: Rich Casto expunged (richca...@gmail.com): Is anyone aware of any routing problems with any cable providers yesterday around 1pm EST? Thanks! I dare you to be more vague -Steve
Re: more news from Google
On Wed, Jan 13, 2010 at 17:14, Patrick W. Gilmore patr...@ianai.net wrote: On Jan 13, 2010, at 2:05 AM, Stefan Fouant wrote: I for one would be really happy to see them follow through with this. I was very disappointed when they agreed to censor search results, although I can understand why they did so from a business standpoint... it seemed to go against the google mantra of do no evil... I'm skeptical if they'll go through with it... According to their spokesperson, they have already stopped censoring. They probably haven't yet http://images.google.cn/images?hl=zh-CNum=1sa=1q=tiananmen+square+protestbtnG=Google+搜索aq=0oq=tianstart=0 http://images.google.com/images?hl=frsource=hpq=tiananmen+square+protestbtnG=Recherche+d%27imagesgbv=2aq=1oq=tian
Re: more news from Google
Jérôme Fleury wrote: On Wed, Jan 13, 2010 at 17:14, Patrick W. Gilmore patr...@ianai.net wrote: On Jan 13, 2010, at 2:05 AM, Stefan Fouant wrote: I for one would be really happy to see them follow through with this. I was very disappointed when they agreed to censor search results, although I can understand why they did so from a business standpoint... it seemed to go against the google mantra of do no evil... I'm skeptical if they'll go through with it... According to their spokesperson, they have already stopped censoring. They probably haven't yet http://images.google.cn/images?hl=zh-CNum=1sa=1q=tiananmen+square+protestbtnG=Google+搜索aq=0oq=tianstart=0 http://images.google.com/images?hl=frsource=hpq=tiananmen+square+protestbtnG=Recherche+d%27imagesgbv=2aq=1oq=tian I'm thinking they have. http://images.google.cn/images?hl=zh-CNum=1sa=1q=falun+gongbtnG=Google+%E6%90%9C%E7%B4%A2aq=foq=start=0
Re: more news from Google
You don't like the law, don't do biz in that country. But blatantly breaking a law is bad joo-joo. OT. Please don't say joo-joo every time the TechCrunch folks see that they get diarrhea Cheers Jorge PS what about all the property and copyright laws being supposedly broken over there ?
Re: more news from Google
On Jan 13, 2010, at 12:01 PM, Jorge Amodio wrote: You don't like the law, don't do biz in that country. But blatantly breaking a law is bad joo-joo. OT. Please don't say joo-joo every time the TechCrunch folks see that they get diarrhea That is a horrible name for a product. Just saying.
RE: more news from Google
You don't like the law, don't do biz in that country. But blatantly breaking a law is bad joo-joo. Is it? http://images.google.cn/images?hl=zh-CNum=1sa=1q=civil+disobedience -- TTFN, patrick -Original Message- From: Ken Chase [mailto:m...@sizone.org] Sent: Wednesday, January 13, 2010 12:24 AM To: nanog@nanog.org Subject: more news from Google I must say I'll have to take a step back from my previous position/postings having read this article. I just can't figure out their /ANGLE/. :) /cynic http://googleblog.blogspot.com/2010/01/new-approach-to-china.html Well played, google? /kc -- Ken Chase - k...@heavycomputing.ca - +1 416 897 6284 - Toronto CANADA Heavy Computing - Clued bandwidth, colocation and managed linux VPS @151 Front St. W.
Re: SORBS on autopilot?
On Jan 12, 2010, at 1:09 PM, Rich Kulawiec wrote: On Tue, Jan 12, 2010 at 10:48:31AM -0800, Brian Keefer wrote: I wouldn't say that necessarily accurate. I could be considered part of the anti-spam crowd, seeing as that's my line of work. I think DULs are a really dumb way to block spam. Making a binary decision off of information that's wrong as often as it's right it's a great way to create collateral damage and just generally cause more headaches for everyone. I've done a little bit of work in the anti-spam area as well (starting around 1983) and I can tell you that your viewpoint about DULs is roughly half a decade out of date. Well not to drag this into a meta-thread, but you're not the only one with experience. I've been doing this for well over a decade too, so have a great many of my colleagues, not only at my employer, but at competing companies. I can tell you that your view on this is far from universal. Parties who believe blanket blocking of IP space (sounds very 1999 to me, I was there, I did that stuff) is the best thing ever tend to not have access to high-quality reputation services and/or content-based analysis. See Joel Snyder's comments. BTW I'm not talking about anything Open Source. There are lots of ways to block a lot of spam, but most of the perceived low-cost ways block a non-trivial amount of wanted mail. Call it whatever you like, the fact remains that most organizations that value e-mail as a communication medium do care about missing those wanted messages. If it was as simple as blocking dynamic IP pools and spammy .TLDs, organizations would be doing that instead of paying $$$ for sophisticated services software. That's the last I'll say on blanketing vs. intelligent blocking for this thread. PS We agree on quite a few subjects, just not this one. -- bk
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
On January 12, 2010 at 23:03 valdis.kletni...@vt.edu (valdis.kletni...@vt.edu) wrote: On Tue, 12 Jan 2010 17:50:37 PST, Bill Stewart said: A password recovery method I've found very frustrating is to use the serial number or similar value that's on a label on the bottom of the equipment. Related pet peeve: Inventory and asset control people that stick a sticker on hardware and then expect to be able to scan the barcode at a later date. Works fine if the barcode sticker actually ends up facing the front or the back of the rack. But occasionally, the sticker ends up stuck on an empty space on the printed circuit board of a upgrade blade that's plugged into a chassis... Sounds like RFID FTW! Actually, I have no idea if it'd work, maybe someone else does. Seems like it'd be nice to be able to just wand a rack and poof out comes a list of everything in it. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
That would be excellent for both the administrator, and anyone walking down the row with a wand in their pocket. On Wed, Jan 13, 2010 at 12:21 PM, Barry Shein b...@world.std.com wrote: On January 12, 2010 at 23:03 valdis.kletni...@vt.edu (valdis.kletni...@vt.edu) wrote: On Tue, 12 Jan 2010 17:50:37 PST, Bill Stewart said: A password recovery method I've found very frustrating is to use the serial number or similar value that's on a label on the bottom of the equipment. Related pet peeve: Inventory and asset control people that stick a sticker on hardware and then expect to be able to scan the barcode at a later date. Works fine if the barcode sticker actually ends up facing the front or the back of the rack. But occasionally, the sticker ends up stuck on an empty space on the printed circuit board of a upgrade blade that's plugged into a chassis... Sounds like RFID FTW! Actually, I have no idea if it'd work, maybe someone else does. Seems like it'd be nice to be able to just wand a rack and poof out comes a list of everything in it. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD | Dial-Up: US, PR, Canada Software Tool Die | Public Access Internet | SINCE 1989 *oo* -- LITTLE GIRL: But which cookie will you eat FIRST? COOKIE MONSTER: Me think you have misconception of cookie-eating process.
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
On Wed, 13 Jan 2010 12:55:00 EST, Matt Simmons said: That would be excellent for both the administrator, and anyone walking down the row with a wand in their pocket. Barry's right, for at least some scenarios. If I have an unauthorized somebody walking down the row with a wand in their pocket, the fact they have a wand in their pocket is the least of my problems. It's of course different if your biggest competitor is colo'd in the same room, two cages over. pgpbqSKCsFMLN.pgp Description: PGP signature
RE: Default Passwords for World Wide Packets/Lightning Edge Equipment
-Original Message- From: Matt Simmons [mailto:standalone.sysad...@gmail.com] Sent: Wednesday, January 13, 2010 9:55 AM To: Barry Shein Cc: nanog@nanog.org; Bill Stewart Subject: Re: Default Passwords for World Wide Packets/Lightning Edge Equipment That would be excellent for both the administrator, and anyone walking down the row with a wand in their pocket. I'm not sure there's an attack vector utilizing inventory ID numbers. Even if there is, they can just as easily scan a barcode or read a label from that distance, so I'm not sure there's a huge difference. Best Regards, Nathan Eisenberg
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
Barry's right, for at least some scenarios. If I have an unauthorized somebody walking down the row with a wand in their pocket, the fact they have a wand in their pocket is the least of my problems. Encrypt the data?
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
There seem to be a lot of misconceptions about RFID tags. I'm hardly an expert but I do know this much: RFID tags are generic, you don't put data into them unique to your application. All they are is a range of long serial numbers guaranteed to be globally unique, like ethernet macs more or less. You get an RFID tag, associate it with a piece of equipment, enter the tag serial number and other info INTO YOUR OWN INVENTORY DATABASE, and stick it on the equipment. Then you can later use a wand which can retrieve the RFID tag number at some distance, a few feet, think: supermarket checkout. The big advantage of RFIDs is that you don't need line of sight access like you do with bar codes, they use RF, radio frequency. Think: anti-shoplifting tags, most of them are basically RFID tags tho older ones don't have a unique id which is why they had to be physically removed or disabled. More modern anti-shoplifting systems wand the tag id (possibly via an externally printed bar code because point of sale (POS) systems aren't quite there yet) into the POS system so the anti-shoplifting exit system can look it up to see if the item has been paid for. A system which also used these to track equipment being removed from an area or building would be a relatively straightforward plus. It may not stop someone but it might know exactly what time it passed out the door to help with any investigation, or in a more secure environment one might have to mark the RFID tag as authorized to go out the door via some security process, or at least associate its leaving with a security badge or whatever id is used. It's much better than sliced bread for some apps except that they make for really lousy BLTs. On January 13, 2010 at 11:23 lyn...@orthanc.ca (Lyndon Nerenberg (VE6BBM/VE7TFX)) wrote: Barry's right, for at least some scenarios. If I have an unauthorized somebody walking down the row with a wand in their pocket, the fact they have a wand in their pocket is the least of my problems. Encrypt the data? -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
RFID tags are generic, you don't put data into them unique to your application. Field programmable RFID-like tags do exist. They aren't common, but they're out there.
Re: more news from Google
On 13.01.2010 06:24, Ken Chase wrote: I must say I'll have to take a step back from my previous position/postings having read this article. I just can't figure out their /ANGLE/. :)/cynic http://googleblog.blogspot.com/2010/01/new-approach-to-china.html Well played, google? /kc From the article: Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. I have orders of magnitude fewer users than gmail does, and often look at their mailboxes (with their consent, of course), but I still couldn't tell you the political position of any of them (apart from the politicians). The ability to automatically discern users' political positions from their inbox is not one that any email provider reasonably needs. Anthony -- | Anthony Uk| dataway GmbH | Tel. +41 44 299 9988 | | u...@dataway.ch | Hohlstrasse 216 | Fax +41 44 299 9989 | | PGP key ID 10DE1D2C | CH-8021 Zuerich | http://www.dataway.ch |
RFID in datacenter (was Re: Default Passwords for World Wide Packets/Lightning Edge Equipment)
On Wed, 13 Jan 2010, Barry Shein wrote: The big advantage of RFIDs is that you don't need line of sight access like you do with bar codes, they use RF, radio frequency. Which is also a big disadvantage in a datacenter. Ever tried to use a radio in one? The RF noise generated by digital equipment seriously erodes signal quality. Considering the relatively weak signal returned from RFID tags, I'd be surprised if you'd get any kind of useful range. Has anybody tried it out?
Re: more news from Google
On 2010-01-13, at 11:31, Anthony Uk wrote: The ability to automatically discern users' political positions from their inbox is not one that any email provider reasonably needs. It's arguably something that gmail users consent to when they give Google rights to index and process their mail, though. Joe
Re: RFID in datacenter (was Re: Default Passwords for World Wide Packets/Lightning Edge Equipment)
On Wed, Jan 13, 2010 at 01:51:41PM -0500, George Imburgia wrote: On Wed, 13 Jan 2010, Barry Shein wrote: The big advantage of RFIDs is that you don't need line of sight access like you do with bar codes, they use RF, radio frequency. Which is also a big disadvantage in a datacenter. Ever tried to use a radio in one? The RF noise generated by digital equipment seriously erodes signal quality. Considering the relatively weak signal returned from RFID tags, I'd be surprised if you'd get any kind of useful range. Has anybody tried it out?
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
On Jan 13, 2010, at 1:45 PM, Barry Shein wrote: There seem to be a lot of misconceptions about RFID tags. I'm hardly an expert but I do know this much: RFID tags are generic, you don't put data into them unique to your application. Part of the original (or at least early) context for this thread was recovery of default passwords. If the password is F(ser#), it's only learnable if you know both F() and ser#. The vendor knows F() -- who knows ser#? If it's in an RFID tag, or is DBlookup(tag#,vendor_db), being able to read this admittedly-arbitrary number may indeed be a threat. --Steve Bellovin, http://www.cs.columbia.edu/~smb
RE: RFID in datacenter (was Re: Default Passwords for World WidePackets/Lightning Edge Equipment)
I have something akin to experience in this arena at least as it applies to the ambient RF environment and the security of the data transferred. As a matter of fact the two usually go hand in hand. The issue that I usually see is how to protect your new drivers license / passport / ID badge (with embedded RFID) from someone stopping next to you at a subway station with an RFID reader hidden in their briefcase, although densely populated CoLo's wouldn't be much different. The preferred standard is usually the FIPS 201 standard and is deployed at 13.56Mhz which ensures you have to be pretty darn near the transceiver to get a read but also makes the problem of ambient (RF) noise pretty much a non-issue. The issue arises in tags placed so close together that they are in the read field at the same time causing multiple emitters in the same channel. Recent implementations have a built in collision avoidance mechanism that eliminates the issue entirely in my testing (understanding channel contention for this exercise is at most dozens of transmitters, and wouldn't scale up to anything larger). These same recent implementations use 3DES to secure the open-air channel, reducing prevalence of man-in-the-middle type attacks. Finally, it is common now to retrieve the encrypted contents of the RFID tags and require that a CA hierarchy validate both sides of the transaction prior to decryption which can contain 4K in the data sectors or more. Brandon L. -Original Message- From: George Imburgia [mailto:na...@armorfirewall.com] Sent: Wednesday, January 13, 2010 12:52 PM Cc: nanog@nanog.org Subject: RFID in datacenter (was Re: Default Passwords for World WidePackets/Lightning Edge Equipment) On Wed, 13 Jan 2010, Barry Shein wrote: The big advantage of RFIDs is that you don't need line of sight access like you do with bar codes, they use RF, radio frequency. Which is also a big disadvantage in a datacenter. Ever tried to use a radio in one? The RF noise generated by digital equipment seriously erodes signal quality. Considering the relatively weak signal returned from RFID tags, I'd be surprised if you'd get any kind of useful range. Has anybody tried it out? I have something akin to experience in this arena at least as it applies to the ambient RF environment and the security of the data transferred. As a matter of fact the two usually go hand in hand. The issue that I usually see is how to protect your new drivers license / passport / ID badge (with embedded RFID) from someone stopping next to you at a subway station with an RFID reader hidden in their briefcase, although densely populated CoLo's wouldn't be much different. The preferred standard is usually the FIPS 201 and is deployed at 13.56Mhz which ensures you have to be pretty darn near the transceiver to get a read but also makes the problem of ambient (RF) noise pretty much a non-issue. The issue arises in tags placed so close together that they are in the read field at the same time causing multiple emitters in the same channel. Recent implementations have a built-in collision avoidance mechanism that eliminates the issue entirely in my testing (understanding channel contention for this exercise is at most dozens of transmitters, and wouldn't scale up to anything larger). These same recent implementations use 3DES to secure the open-air channel, reducing prevalence of man-in-the-middle type attacks. Finally, it is common now to retrieve the encrypted contents of the RFID tags and require that a CA hierarchy validate both sides of the transaction prior to decryption which can contain 4K in the data sectors or more. Brandon L.
Re: RFID in datacenter (was Re: Default Passwords for World Wide Packets/Lightning Edge Equipment)
On Wed, Jan 13, 2010 at 12:51 PM, George Imburgia na...@armorfirewall.comwrote: On Wed, 13 Jan 2010, Barry Shein wrote: The big advantage of RFIDs is that you don't need line of sight access like you do with bar codes, they use RF, radio frequency. Which is also a big disadvantage in a datacenter. Ever tried to use a radio in one? The RF noise generated by digital equipment seriously erodes signal quality. Considering the relatively weak signal returned from RFID tags, I'd be surprised if you'd get any kind of useful range. Has anybody tried it out? FYI: Looked into this in my previous job-project, and bookmarked this as a positive record of such: http://www.datacenterknowledge.com/archives/2008/11/03/rfid-in-the-data-center/I think it works. ***Stefan Mititelu http://twitter.com/netfortius http://www.linkedin.com/in/netfortius
RE: Default Passwords for World Wide Packets/Lightning Edge Equipment
Not if you change the default password like any sane admin does... -Original Message- From: Steven Bellovin [mailto:s...@cs.columbia.edu] Sent: Wednesday, January 13, 2010 11:26 AM To: Barry Shein Cc: nanog@nanog.org; nonobvi...@gmail.com Subject: Re: Default Passwords for World Wide Packets/Lightning Edge Equipment On Jan 13, 2010, at 1:45 PM, Barry Shein wrote: There seem to be a lot of misconceptions about RFID tags. I'm hardly an expert but I do know this much: RFID tags are generic, you don't put data into them unique to your application. Part of the original (or at least early) context for this thread was recovery of default passwords. If the password is F(ser#), it's only learnable if you know both F() and ser#. The vendor knows F() -- who knows ser#? If it's in an RFID tag, or is DBlookup(tag#,vendor_db), being able to read this admittedly-arbitrary number may indeed be a threat. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
Steven Bellovin wrote: On Jan 13, 2010, at 1:45 PM, Barry Shein wrote: There seem to be a lot of misconceptions about RFID tags. I'm hardly an expert but I do know this much: RFID tags are generic, you don't put data into them unique to your application. Not true, the simplest rfid tags are energized and play back whatever string is embedded, passive tags, however, plenty of device that fall under the moniker rfid are at a minimum field programmable. Moreover when you get beyond passive tags, the devices can be found with full on java stacks, challenge response system, fips certified crypto engines, flash for stored value etc. Part of the original (or at least early) context for this thread was recovery of default passwords. If the password is F(ser#), it's only learnable if you know both F() and ser#. The vendor knows F() -- who knows ser#? If it's in an RFID tag, or is DBlookup(tag#,vendor_db), being able to read this admittedly-arbitrary number may indeed be a threat. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: more news from Google
You should most likely read their terms of service and that would actually answer this instead of guessing. Also, if your reading your own employee's email, that is most likely perfectly legal. On Wed, Jan 13, 2010 at 2:22 PM, Joe Abley jab...@hopcount.ca wrote: On 2010-01-13, at 11:31, Anthony Uk wrote: The ability to automatically discern users' political positions from their inbox is not one that any email provider reasonably needs. It's arguably something that gmail users consent to when they give Google rights to index and process their mail, though. Joe
Re: more news from Google
On 2010-01-13, at 14:51, Ronald Cotoni wrote: You should most likely read their terms of service and that would actually answer this instead of guessing. I've read the terms of service. I may be interpreting them incorrectly, sure, but I'm not guessing. If your comment was not directed at me, but was a more general recommendation for all people who might guess rather than read, then sure, I agree. Joe
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
On Wed, 13 Jan 2010 11:23:59 MST, Lyndon Nerenberg (VE6BBM/VE7TFX) said: Barry's right, for at least some scenarios. If I have an unauthorized somebody walking down the row with a wand in their pocket, the fact they have a wand in their pocket is the least of my problems. Encrypt the data? That's a possible solution to the wand, which is the least of my problems. My *big* problem at that point is I have an unauthorized person in my server room. ;) pgp6fIGjrrDm2.pgp Description: PGP signature
Re: cable provider problems yesterday around 1pm EST?
On 1/13/2010 7:44 AM, Rich Casto wrote: Is anyone aware of any routing problems with any cable providers yesterday around 1pm EST? Thanks! -- Rich I experienced significant packet loss and dropped connections (possibly caused by that) at about that time yesterday. My ISP is Charter Cable. -J
Re: more news from Google
On Wed, 13 Jan 2010 17:31:44 +0100, Anthony Uk said: Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. I have orders of magnitude fewer users than gmail does, and often look at their mailboxes (with their consent, of course), but I still couldn't tell you the political position of any of them (apart from the politicians). If you can tell the political position of the politicians by looking at their mailboxes, you can probably tell the political position of a suspected human rights activist by looking at their mailbox. Remember - the Chinese government doesn't care about the users who's political position can't be identified. They care about the ones that *can* be identified as having an inconvenient viewpoint... pgpZaom88uMW8.pgp Description: PGP signature
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
On Jan 13, 2010, at 2:47 PM, Nathan Eisenberg wrote: Not if you change the default password like any sane admin does... This is from the OP: I have recently inherited the management of an undocumented network (failed FTTH provider) which utilizes World Wide Packets' LightningEdge 427 (16 port GBIC switch) and 311v (24/4 port Ethernet/GBIC switch) switches. ... Does anyone know the default passwords for World Wide Packets 427 and 311v switches? Lots of gear has a button/jumper/pop_the_CMOS battery/other_physical_presence_magic to reset things to factory state, including the default pw. The threat went on to why default passwords are bad, to passwords on the bottom of the device, to RFIDs because the devices of interest to this community are racked and stacked -- and back to theme #2: default passwords are bad... --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
On Wed, 2010-01-13 at 15:12 -0500, Steven Bellovin wrote: Lots of gear has a button/jumper/pop_the_CMOS battery/other_physical_presence_magic to reset things to factory state, including the default pw. The threat went on to why default passwords are bad, to passwords on the bottom of the device, to RFIDs because the devices of interest to this community are racked and stacked -- and back to theme #2: default passwords are bad... And somewhere in the dim and distant past (Jan 6th), Nathan announced that he'd sorted out his original problem and now had the defaults. What a peculiar bunch we are. And this from the group lauded as anonymously and peacefully co-existing to hold the Internet together, eh? Graeme
Re: more news from Google
In a message written on Wed, Jan 13, 2010 at 05:31:44PM +0100, Anthony Uk wrote: I have orders of magnitude fewer users than gmail does, and often look at their mailboxes (with their consent, of course), but I still couldn't tell you the political position of any of them (apart from the politicians). It's not clear to me you have to read any e-mail to figure out that help_us_free_ti...@gmail.com might be someone who's taking a political position. A search company may also, say, look for e-mail addresses listed on the web sites that must be censored, and when it's the same list being hacked, draw a conclusion. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpY2kA8M05h8.pgp Description: PGP signature
RE: Default Passwords for World Wide Packets/Lightning Edge Equipment
From: Graeme Fowler [mailto:gra...@graemef.net] And somewhere in the dim and distant past (Jan 6th), Nathan announced that he'd sorted out his original problem and now had the defaults. What a peculiar bunch we are. And this from the group lauded as anonymously and peacefully co-existing to hold the Internet together, eh? Graeme I think the impulse to challenge and question assertions probably tends to be a common personality feature in (good) network admins. The resulting conversations are often lively, oddly passionate arguments - but I firmly believe that there is a friendly nature behind it all. Nathan
RE: more news from Google
-Original Message- From: Leo Bicknell [mailto:bickn...@ufp.org] Sent: Wednesday, January 13, 2010 12:49 PM To: nanog@nanog.org Subject: Re: more news from Google It's not clear to me you have to read any e-mail to figure out that help_us_free_ti...@gmail.com might be someone who's taking a political position. A search company may also, say, look for e-mail addresses listed on the web sites that must be censored, and when it's the same list being hacked, draw a conclusion. It's also possible that far less questionable means are being utilized. Perhaps there are a sufficient number of pro-free-speech'ers at Google.cn (which is presumably largely composed of Chinese nationals) that are privy to such information. It only takes one guy going hey! I know some of these email addresses!... Nathan
Re: more news from Google
Joe Abley wrote: On 2010-01-13, at 11:31, Anthony Uk wrote: The ability to automatically discern users' political positions from their inbox is not one that any email provider reasonably needs. It's arguably something that gmail users consent to when they give Google rights to index and process their mail, though. Or... Maybe account X is attacked, and it is registered to somebody named Liu Xiaobo, and Liu Xiaobo turns out to be a prominent human rights activist. After some investigation, it turns out accounts belonging to people whose names match known human rights activists were attacked and those that don't, weren't. Sure, assuming Google is being Sinister Santa Claus (brings gifts ostensibly from the goodness of their hearts, but mysteriously knows what you want, knows when you've been sleeping, knows when you're awake, etc) through data mining makes a good story, but it isn't the obvious conclusion.
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
On Wed, 13 Jan 2010 12:50:03 PST, Nathan Eisenberg said: I think the impulse to challenge and question assertions probably tends to be a common personality feature in (good) network admins. Something to keep in mind is that this list is, by and large, comprised of people who are paid large sums of money for their ability to have meaningful conversations with inanimate objects made of melted sand. You gotta expect their people skills will be different. :) pgprXek07GxSS.pgp Description: PGP signature
Re: more news from Google
valdis.kletni...@vt.edu wrote: On Wed, 13 Jan 2010 17:31:44 +0100, Anthony Uk said: Second, we have evidence to suggest that a primary goal of the attackers was accessing the Gmail accounts of Chinese human rights activists. I have orders of magnitude fewer users than gmail does, and often look at their mailboxes (with their consent, of course), but I still couldn't tell you the political position of any of them (apart from the politicians). If you can tell the political position of the politicians by looking at their mailboxes, you can probably tell the political position of a suspected human rights activist by looking at their mailbox. Remember - the Chinese government doesn't care about the users who's political position can't be identified. They care about the ones that *can* be identified as having an inconvenient viewpoint... you can probably also simply compare the usernames with the search term blacklist that the government provides you...
Re: more news from Google
On Jan 13, 2010, at 5:26 PM, mshel...@cox.net wrote: From a single detection of one hostile email you can often expand the picture to many mail recipients. A little open source research identifies the common community the recipients belong to. It's pretty straight forward. The magic phrase is traffic analysis -- look at the accounts of known targets of interest, and see the usernames, IP addresses, etc., of their correspondents. Recurse as needed. --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: Default Passwords for World Wide Packets/Lightning Edge Equipment
On Wed, Jan 13, 2010 at 12:55:00PM -0500, Matt Simmons wrote: That would be excellent for both the administrator, and anyone walking down the row with a wand in their pocket. So... someone has a list of the barcodes on all my equipment. ONOES! Without access to the asset database that backs it, I'm not sure what damage they're going to do. It's not as though one of my core switches is going to try and get through airport security with it. - Matt
Re: I don't need no stinking firewall!
Tim Durack wrote: Replace all the routers on the Internet with stateful firewalls. What happens? the same thing that happened with flow-cached routers, they melt, you go out of business, the end.
RE: more news from Google
-Original Message- From: Ken Chase [mailto:m...@sizone.org] Sent: Wednesday, January 13, 2010 12:24 AM To: nanog@nanog.org Subject: more news from Google I must say I'll have to take a step back from my previous position/postings having read this article. I just can't figure out their /ANGLE/. :) /cynic http://googleblog.blogspot.com/2010/01/new-approach-to-china.html Well played, google? Interesting radio piece re:Google in China this evening on NPR's radio program All Things Considered. http://www.npr.org/templates/story/story.php?storyId=122540813 Stefan Fouant, CISSP, JNCIE-M/T www.shortestpathfirst.net GPG Key ID: 0xB5E3803D
Re: more news from Google
On Jan 13, 2010, at 5:26 PM, mshel...@cox.net wrote: From a single detection of one hostile email you can often expand the picture to many mail recipients. A little open source research identifies the common community the recipients belong to. It's pretty straight forward. The magic phrase is traffic analysis -- look at the accounts of known targets of interest, and see the usernames, IP addresses, etc., of their correspondents. Recurse as needed. This could, however, go beyond traffic analysis. What happens when China slaps Google by taking over google.cn and places a web site that appears to be Google there? This then leads to the interesting question of exactly what sort of things were taken from Google (which is what I guess based on corporate infrastructure [...] theft of intellectual property). Is it completely outside the realm of possibility that China might have stolen sufficient technology to replicate resources such as Google search and mail? Or things such as SSL certificates? I keep thinking about it, and it seems to me like Google decided it was better to cry fire now... before Chinese citizens ended up submitting searches to Google.cn and having them intercepted and analyzed by the Chinese government. There are, of course, numerous possibilities as to what's really going on, but whatever it is, I get the distinct feeling that we're getting a carefully spun story. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Anyone having issues updating RADB tonight?
Anyone having issues updating RADB tonight? I am getting 403 message from URL to web form. No response from two updates I submitted this evening via email. I noticed a few other URL's are also giving a 403 message. http://www.radb.net/cgi-bin/radb/irr-web.cgi http://www.radb.net/faq.html http://www.radb.net/emailupdates.html
RE: Anyone having issues updating RADB tonight?
Looks like someone messed up permissions on the directories and/or files. Even the images for the buttons don't appear to work.. http://www.radb.net/images/navbar_bottom_off_02.jpg 403 permission denied... Game over. :o -Joe -Original Message- From: courtneysm...@comcast.net [mailto:courtneysm...@comcast.net] Sent: Wednesday, January 13, 2010 10:51 PM To: nanog@nanog.org Subject: Anyone having issues updating RADB tonight? Anyone having issues updating RADB tonight? I am getting 403 message from URL to web form. No response from two updates I submitted this evening via email. I noticed a few other URL's are also giving a 403 message. http://www.radb.net/cgi-bin/radb/irr-web.cgi http://www.radb.net/faq.html http://www.radb.net/emailupdates.html
Re: I don't need no stinking firewall!
On Jan 10, 2010, at 1:32 AM, Dobbins, Roland wrote: On Jan 10, 2010, at 1:22 PM, harbor235 wrote: Again, a firewall has it's place just like any other device in the network, defense in depth is a prudent philosophy to reduce the chances of compromise, it does not eliminate it nor does any architecture you can think of, period Bah, I was trying not to get sucked into the roaring vortex of this thread, but I think that folks are ignoring one of the primary benefits of firewalls: Quite simply, its this: I can now place a checkbox in the Is there a firewall? column of the insert random acronym here audit. While it may be fun to rail against the stupidity, after the Nth time that you have had the This is in no way going to help improves security and will actually decrease it argument, you realize that, if you want to get real work done, you need to choose your battles. In may cases the auditor knows that the firewall may not make thing better, and may make them worse, but he has a set of guidelines that the contracting company he is working for dictates, and he needs to see the widget to sign on the dotted line. I have had auditors cheerfully point out that the way that their specific requirement is worded, a commodity CPE device plugged into port somewhere will fully satisfy their requirements and did I know that BestBuy has them on sale this week? W What a ridiculous statement - of course it does. *The place of the stateful firewall is in front of clients, not servers*. I'm not going to continue the unequal contest of pitting real-world operational experience against Confused Information Systems Security Professional brainwashing. One can spout all the buzzwords and catchphrases one wishes, but at the end of the day, it's all dead wrong - and anyone naive enough to fall for it is setting himself up for a world of hurt. --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken smime.p7s Description: S/MIME cryptographic signature
Re: I don't need no stinking firewall!
On Jan 14, 2010, at 12:37 PM, Warren Kumari wrote: I can now place a checkbox in the Is there a firewall? column of the insert random acronym here audit. mod_security is your friend. ; --- Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com Injustice is relatively easy to bear; what stings is justice. -- H.L. Mencken
RE: Anyone having issues updating RADB tonight?
My update completed eventually. Not sure if the delay had any relation to the URL issues. Sorry for top post. Haven't figured how to put inline when using my Droid. Joe Blanchard jbfixu...@gmail.com wrote: Looks like someone messed up permissions on the directories and/or files. Even the images for the buttons don't appear to work.. http://www.radb.net/images/navbar_bottom_off_02.jpg 403 permission denied... Game over. :o -Joe -Original Message- From: courtneysm...@comcast.net [mailto:courtneysm...@comcast.net] Sent: Wednesday, January 13, 2010 10:51 PM To: nanog@nanog.org Subject: Anyone having issues updating RADB tonight? Anyone having issues updating RADB tonight? I am getting 403 message from URL to web form. No response from two updates I submitted this evening via email. I noticed a few other URL's are also giving a 403 message. http://www.radb.net/cgi-bin/radb/irr-web.cgi http://www.radb.net/faq.html http://www.radb.net/emailupdates.html
Re: Anyone having issues updating RADB tonight?
Updates completing is fine for everyone but Level 3. Switched to a new data center and both they and I updated our records and Level 3 still hasn't picked up the updates and its been 9 days. Sigh - Original Message - From: Courtney Smith courtneysm...@comcast.net To: nanog@nanog.org Sent: Thursday, January 14, 2010 12:00 AM Subject: RE: Anyone having issues updating RADB tonight? My update completed eventually. Not sure if the delay had any relation to the URL issues. Sorry for top post. Haven't figured how to put inline when using my Droid. Joe Blanchard jbfixu...@gmail.com wrote: Looks like someone messed up permissions on the directories and/or files. Even the images for the buttons don't appear to work.. http://www.radb.net/images/navbar_bottom_off_02.jpg 403 permission denied... Game over. :o -Joe -Original Message- From: courtneysm...@comcast.net [mailto:courtneysm...@comcast.net] Sent: Wednesday, January 13, 2010 10:51 PM To: nanog@nanog.org Subject: Anyone having issues updating RADB tonight? Anyone having issues updating RADB tonight? I am getting 403 message from URL to web form. No response from two updates I submitted this evening via email. I noticed a few other URL's are also giving a 403 message. http://www.radb.net/cgi-bin/radb/irr-web.cgi http://www.radb.net/faq.html http://www.radb.net/emailupdates.html