Bot reporting - best procedure?
Sure it is something I should know, but I keep hitting dead ends. What is current state on botnet reporting procedures? A minor irritation currently, but clearly well resource botnet is pestering one of our services, only a couple of thousand IP addresses in use, but I'd like to mop up as much of it as possible whilst it is only an irritation, since presumably between irritation and being off the Internet is only one command. Lots of Botnet related resources seem to have vanished from the net, or be in poor repair. RIPE provide an API for Abuse address lookup, so a potential solution exists for automaton. But I figure someone else will have written some scripts or interfaces to save me messing it up, and landing 100's of abuse desks with useless information.
RE: OT: VM slicing and dicing
Thanks for the suggestions James! One of the issues I had, (which is why I turned to NANOG) was that I wasn't entirely sure what keywords to search for!! So thank you for that. All of the criteria's you brought up are valid and I will add them to the list of things to consider. It's awfully difficult to figure out who can do what as it's just not possible to test all the different vendors out there unless you have a large RD team and a lot of time. I think we are on the same page as far as what We think I need. But just to clarify. 1) We'd like to be able to have a web portal where new or existing clients could request servers of all types: windows, linux etc... Configure what it is that they need and in some amount of time, the VM's are provisioned. They receive some kind of email confirming that their new provisioned server is available. 2) Backend - Since we haven't invested much time into the backend, we're open to all possibilities. It doesn't need to be VMware at all. Xen seems to be extremely popular. 3) Licensing - Of course this will be all unique to each vendor but the more complicated the licensing, the more it's a turn off and difficult to keep track of. Not to plug. But so far OnApp's pricing is very straightforward. 4) Multi-Tenant - Absolutely needs to support this. I don't expect anyone here to do research for me, but I assume that being a network operator, many of us would have some input and clearly I've received great feedback. I've been in touch with numerous vendors that were given to me from this thread and I can't wait to demo/try their products One question I do have for any that actually read through this entire email (haha) is about the physical network switch. Is there a case for the switch, especially in today's high density environment to go with 1GIG switches as the minimum? It seems pretty obvious but I'm wondering if it's really a necessity? Can anyone on this list argue that 10/100 will be suffice? Thanks again! Brandon Date: Mon, 15 Nov 2010 21:13:51 -0600 Subject: Re: OT: VM slicing and dicing From: mysi...@gmail.com To: brandon@brandontek.com CC: nanog@nanog.org On Tue, Nov 9, 2010 at 10:17 AM, Brandon Kim brandon@brandontek.com wrote: I'm not looking for companies that offer this service, but the actual software engines that allow you to create VM's on the fly. So a customer goes to your website and says I want Win2008 with 8gigs of RAM and 120gigs of HDD. Just like custom configuring a new PC. How about I send you some terms to search for, using your favorite search engine... Multi-Tenant Hosting Cloud ComputingIaaS / HaaS (Infrastructure as a Service)Self-Service Provisioning Because the question is so vague, I think you need more research. If you read the documentation of portal software, you should be able to tell to what extent it would be turn key Before looking too closely at any offering... some things to think about are.. How would you go about handling virtual networks and access to them? Will you want one shared network (with requisite Layer 2 security minefield), or will your portal of choice somehow decide to permission and make certain LANs available to certain users' VMs? There will be security and performance considerations that some portal software programs allow you to answer, and some do not. So you need to decide the hard requirements for security, management flexibility, UI attractiveness/ease of use, functionality for the end user, resource management, and price :) Different portals have different options, so define requirements first. A Multi-Tenant IaaS environment (meaning different users sharing pieces of metal, storage, etc) brings in some complexity. Think about how will the resources be balanced? E.g. Will you have a portal place workloads on its own, or rely on some outside system like vmware DRS. Will the portal implement and enforce resource SLAs for Network latency/loss, limit the number of VMs per NIC or per datastore, Memory, CPU and provide I/O response delay assurances, or will machines be left underutilized / overutilized, because the portal is bad at optimizing placement on physical servers, or bad at avoiding overcommit? For an IaaS provider, underutilization eventually means you are eating more kW·h than necessary, and overutilization could be immediately detrimental. The different major virtualization software vendors each have their own Self-Service Provisioning solutions, and there are some third party programs. Most are for Enterprise internal self-provisioning; Hosting providers might have special requirements like integrated user signups and billing and no license restriction against provisioning for outside users. I would expect these to be more expensive, or include monthly per-user fees. Offhand I recall Virtuozzo [perhaps the oldest?], Enomaly / Enomalism,
Opsview Error
Am getting the following error when starting opsview tarting opsview-web: Can't call method uuid on an undefined value at /usr/local/opsview-web/script/../lib/Opsview/Web.pm line 362. Compilation failed in require at script/opsview_web_server.pl line 62. Kindly assist
Re: Opsview Error
On Nov 16, 2010, at 7:04 AM, shake righa wrote: Am getting the following error when starting opsview off-topic Kindly assist Ask the OpsView support list? -- Marc
Re: Opsview Error
Will do thanks. On Tue, Nov 16, 2010 at 4:09 PM, Marc Powell li...@xodus.org wrote: On Nov 16, 2010, at 7:04 AM, shake righa wrote: Am getting the following error when starting opsview off-topic Kindly assist Ask the OpsView support list? -- Marc
The i-root china reroute finally makes fox news. And congress.
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/ -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Low end, cool CPE.
On 11/12/10 11:30 PM, Eugen Leitl wrote: On Fri, Nov 12, 2010 at 10:10:30AM -0500, Jason Lewis wrote: Everytime I'm in the market for a device like you describe, it comes down to the limitations of consumer devices. You can't get all those things in a low cost solution. I end up rolling my own. My latest system is this http://www.supermicro.com/products/system/1U/5015/SYS-5015A-PHF.cfm snip , with Endian http://endian.com/en/community/download/ and an additional dual port nic. With all the parts (HD,NIC) it's under $400. It's an atom board, so you could put whatever you wanted on it. I have a 50mbps net connection and it doesn't have any issues. Works well on GBit/s as well. I haven't measured the throughput yet, though. Should be ~500 MBit/s, assuming a single Atom core is about equivalent to a Pentium 3 at the same frequency. An atom should easily be able to forward some high fraction of a gig between two pci-e 1x connected interfaces certainly in the soho context such a box can do ipsec at farily reasonable rates as well. Regarding equivalence to a PIII an atom is a scalar rather than super scalar device. it is slower clock for clock than a pIII but there are also multicore variants and of course they run faster at loewr poper consumption rates than the equivalent PIII derived embedded processor such as the intel a800
Re: Register.com DNS outages
Anyone else get spammed from someone at Afilias? Yes, I think you were Cc:ed on the message sent to me. I find it odd that this type of advertising works. I would expect actual victims to confuse it with extortion. (I have heard that you were under attack and suffered an outage. For a small fee, we can ensure that this never happens again.) By the way, does anybody know how Afilias prices in-protocol reflective attacks which fail to make the zone unavailable? 8-/
Re: Current trends in capacity planning and oversubscription
On Nov 12, 2010, at 5:52 PM, Sean Donelan wrote: On Wed, 10 Nov 2010, Curtis, Bruce wrote: If we take our current ISP bandwidth and increase it by 50% every year for 5 years it would be about twice the 100 Mbps per 1,000 students/staff recommendation. Is 50% growth each year typical these days? In the dot-com boom days, people said 100% growth, other people have suggested 20% may be more reasonable now. We did see a lower rate of growth after the dot-com boom/bust. However the rate of growth picked up with the popularity of video streaming sites. This site mentions 40 to 50% growth last year and has references to other papers that mention similar growth rates (although some of those papers may now be several years old.) http://www.dtc.umn.edu/mints/home.php So to answer the question I would say that 40 to 50% growth is typical these days, it has been for us. I assume that it will continue for a few years but I'm less confidant speculating that it would still be 40 to 50% in 5 to 7 years. But I wouldn't bet against it either. A problem with government network capacity planning/growth forecasts is you will be stuck with whatever you choose, too high or too low, for many years because the budget cycle is so long. It would be great if there was some actual data available. But it seems more typical to benchmark/compare to do network capacity planning with other government agencies, so we end up with X-Mbps per Y,000 people. Yes, I know it depends. 1,000 people downloading data from LHC experiments will be different from an administrative school office. The difference is the people using LHC data usually have someone who can figure out network capacity planning, while the people in an administrative school office may not have anyone. So what is a reasonable network capacity for 1,000 students now and in 5 years. --- Bruce Curtis bruce.cur...@ndsu.edu Certified NetAnalyst II701-231-8527 North Dakota State University
Re: Low end, cool CPE.
On Fri, Nov 12, 2010 at 8:36 AM, Matthew Kaufman matt...@matthew.at wrote: On 11/11/2010 10:55 PM, Michael Loftis wrote: I have sort of recently gone from a little netscreen 5 to a mikrotik rb750g. Happily running for about 4 months. Way more of a power user or net admin than consumer oriented device. Fast though, loads faster than the netscreen I would recommend their products except for one thing: They have quite a few different models which experience a still-unfixed problem where the Ethernet port(s) simply go silent for 5-20 minutes and then come back all on their own (or with a reboot). Totally unacceptable, and their support forums are filled with others having the same problem *and* no confirmation of what the company is doing to fix it. And hard to debug, I'm sure, because the problem is one of those happens every other day for 4 days, then not again for 3 weeks kinds of bugs. I've never actually had that problem, and wasn't even aware of it until reading your message just now. It might be that I use the thing in a completely different manner (I've a bridge+vlan tagging setup). Being as I work from home it gets used very thoroughly so if it had had the issue I would've noticed. I'm wondering if some units are having thermal issues, seems to be a common thread/problem lately with embedded devices. Newer gen processors are starting to see thermal and PSU loads (on account of lower voltages) that haven't been dealt with much by these hardware makers. Or I could just be lucky, or my office is cooler than others. I've heard a lot of people having thermal issues with the global tech guruplug server plus wall wart units, and while the two I have do get very hot, I haven't had any crashes. But they are still way too hot for me to ever recommend them for anything. The RB750G though doesn't ever seem to warm up or anything so it's very odd that there's issues. I'm running the 4.x stable releases though too, not 5.x, I'll have to look into the forum posts on this. Good to know about!
Invitation to connect on LinkedIn
LinkedIn Celso Vianna requested to add you as a connection on LinkedIn: -- Ted, I'd like to add you to my professional network on LinkedIn. - Celso Accept invitation from Celso Vianna http://www.linkedin.com/e/-voa23o-gglgwrye-30/q0XU4EiXDUS2IbxL1NdPb3ZaZI/blk/I956566779_3/pmpxnSRJrSdvj4R5fnhv9ClRsDgZp6lQs6lzoQ5AomZIpn8_cRYVdPsSdzkSdjB9bPhEcDtJd4JQbPoPcjoVe3cNej4LrCBxbOYWrSlI/EML_comm_afe/ View invitation from Celso Vianna http://www.linkedin.com/e/-voa23o-gglgwrye-30/q0XU4EiXDUS2IbxL1NdPb3ZaZI/blk/I956566779_3/0PnPATdPoSdjoRekALqnpPbOYWrSlI/svi/ -- Why might connecting with Celso Vianna be a good idea? Have a question? Celso Vianna's network will probably have an answer: You can use LinkedIn Answers to distribute your professional questions to Celso Vianna and your extended network. You can get high-quality answers from experienced professionals. http://www.linkedin.com/e/-voa23o-gglgwrye-30/ash/inv19_ayn/ -- (c) 2010, LinkedIn Corporation
Re: Invitation to connect on LinkedIn
On 11/16/10 5:22 PM, Celso Vianna via LinkedIn wrote: LinkedIn Celso Vianna requested to add you as a connection on LinkedIn: -- O_o Dude, seriously, you've got to be kidding me. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
Re: Invitation to connect on LinkedIn
I second that. Sent from my HTC on the Now Network from Sprint! - Reply message - From: Brielle Bruns br...@2mbit.com Date: Tue, Nov 16, 2010 19:24 Subject: Invitation to connect on LinkedIn To: nanog@nanog.org On 11/16/10 5:22 PM, Celso Vianna via LinkedIn wrote: LinkedIn Celso Vianna requested to add you as a connection on LinkedIn: -- O_o Dude, seriously, you've got to be kidding me. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
Re: Invitation to connect on LinkedIn
NOW 6 degrees of seperation makes sense. On Nov 16, 2010 6:34 PM, Manolo Hernandez mherna...@comcast.net wrote: I second that. Sent from my HTC on the Now Network from Sprint! - Reply message - From: Brielle Bruns br...@2mbit.com Date: Tue, Nov 16, 2010 19:24 Subject: Invitation to connect on LinkedIn To: nanog@nanog.org On 11/16/10 5:22 PM, Celso Vianna via LinkedIn wrote: LinkedIn Celso Vianna requested to add you as a connection on LinkedIn: -- O_o Dude, seriously, you've got to be kidding me. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org / http://www.ahbl.org
Re: The i-root china reroute finally makes fox news. And congress.
What's the big deal ? Just look at what the sticker under whatever you are using to type says ... Made in ? We live in a hijacked world. Cheers BTW avoid foxnews, not much operational content there. On Tue, Nov 16, 2010 at 11:08 AM, Suresh Ramasubramanian ops.li...@gmail.com wrote: http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/ -- Suresh Ramasubramanian (ops.li...@gmail.com)
RE: OT: VM slicing and dicing
1 GiGE switches at a minimum; some vendors (e.g., arista) have low cost 48 port 1000/1 switches. Cisco's UCS system uses 8 10 GiGE uplinks where the servers (running a hypervisor kernel) plug into a chassis backplane with 2 10 GiGE connectors each, that mux 10 GiGE and 4/8/16 GiG FC over the combined 80 Gig uplinks. Think about latency, not just bandwidth. 100 Mb is 100 times slower in serialization/deserialization of bits on/off the wire. Also, do you really want the cable management issues associated with multiples of 48 copper cables from servers to top-of-rack switches? -Original Message- From: Brandon Kim [mailto:brandon@brandontek.com] Sent: Tuesday, November 16, 2010 5:04 AM To: mysi...@gmail.com Cc: nanog group Subject: RE: OT: VM slicing and dicing Thanks for the suggestions James! One of the issues I had, (which is why I turned to NANOG) was that I wasn't entirely sure what keywords to search for!! So thank you for that. All of the criteria's you brought up are valid and I will add them to the list of things to consider. It's awfully difficult to figure out who can do what as it's just not possible to test all the different vendors out there unless you have a large RD team and a lot of time. I think we are on the same page as far as what We think I need. But just to clarify. 1) We'd like to be able to have a web portal where new or existing clients could request servers of all types: windows, linux etc... Configure what it is that they need and in some amount of time, the VM's are provisioned. They receive some kind of email confirming that their new provisioned server is available. 2) Backend - Since we haven't invested much time into the backend, we're open to all possibilities. It doesn't need to be VMware at all. Xen seems to be extremely popular. 3) Licensing - Of course this will be all unique to each vendor but the more complicated the licensing, the more it's a turn off and difficult to keep track of. Not to plug. But so far OnApp's pricing is very straightforward. 4) Multi-Tenant - Absolutely needs to support this. I don't expect anyone here to do research for me, but I assume that being a network operator, many of us would have some input and clearly I've received great feedback. I've been in touch with numerous vendors that were given to me from this thread and I can't wait to demo/try their products One question I do have for any that actually read through this entire email (haha) is about the physical network switch. Is there a case for the switch, especially in today's high density environment to go with 1GIG switches as the minimum? It seems pretty obvious but I'm wondering if it's really a necessity? Can anyone on this list argue that 10/100 will be suffice? Thanks again! Brandon Date: Mon, 15 Nov 2010 21:13:51 -0600 Subject: Re: OT: VM slicing and dicing From: mysi...@gmail.com To: brandon@brandontek.com CC: nanog@nanog.org On Tue, Nov 9, 2010 at 10:17 AM, Brandon Kim brandon@brandontek.com wrote: I'm not looking for companies that offer this service, but the actual software engines that allow you to create VM's on the fly. So a customer goes to your website and says I want Win2008 with 8gigs of RAM and 120gigs of HDD. Just like custom configuring a new PC. How about I send you some terms to search for, using your favorite search engine... Multi-Tenant Hosting Cloud ComputingIaaS / HaaS (Infrastructure as a Service)Self-Service Provisioning Because the question is so vague, I think you need more research. If you read the documentation of portal software, you should be able to tell to what extent it would be turn key Before looking too closely at any offering... some things to think about are.. How would you go about handling virtual networks and access to them? Will you want one shared network (with requisite Layer 2 security minefield), or will your portal of choice somehow decide to permission and make certain LANs available to certain users' VMs? There will be security and performance considerations that some portal software programs allow you to answer, and some do not. So you need to decide the hard requirements for security, management flexibility, UI attractiveness/ease of use, functionality for the end user, resource management, and price :) Different portals have different options, so define requirements first. A Multi-Tenant IaaS environment (meaning different users sharing pieces of metal, storage, etc) brings in some complexity. Think about how will the resources be balanced? E.g. Will you have a portal place workloads on its own, or rely on some outside system like vmware DRS. Will the portal implement and enforce resource SLAs for Network latency/loss, limit the number of VMs per NIC or per datastore, Memory, CPU and provide I/O response delay assurances, or will machines be left underutilized / overutilized, because the portal is bad
Re: The i-root china reroute finally makes fox news. And congress.
On Wed, Nov 17, 2010 at 6:09 AM, Jorge Amodio jmamo...@gmail.com wrote: Cheers BTW avoid foxnews, not much operational content there. I know it, you know it .. and the problem is that operational content turning up there has a nasty way of getting political As it is, fox news is reporting something which was presented to congress So, lessigisms like code is law aside, I guess yes, it IS political now. -- Suresh Ramasubramanian (ops.li...@gmail.com)
Outage between GBLX and HE?
Hey All, Sorry to bother the list, but I'm noticing that I've got no connectivity to Hurricane Electric through GBLX from my Qwest DSL. In this case, I'm trying to get to tunnelbroker.net: ... 3 184-99-65-41.boid.qwest.net (184.99.65.41) 38.438 ms 49.250 ms 38.459 ms 4 sea-brdr-02.inet.qwest.net (67.14.41.14) 60.071 ms 53.198 ms 54.223 ms 5 te8-3-10g.ar5.sea1.gblx.net (64.208.110.141) 294.182 ms 437.842 ms * 6 * * * Testing out through the T1 which goes via twtelecom works fine, as does from co-loc in Seattle which goes through Integra. Don't suppose anyone else is noticing this as well? -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
Re: The i-root china reroute finally makes fox news. And congress.
Really? Seems to me like Glen Beck is always drawing a series of tubes on his chalkboard? They all lead to Godwin's law though. Very strange... On 11/16/2010 7:39 PM, Jorge Amodio wrote: What's the big deal ? Just look at what the sticker under whatever you are using to type says ... Made in ? We live in a hijacked world. Cheers BTW avoid foxnews, not much operational content there. On Tue, Nov 16, 2010 at 11:08 AM, Suresh Ramasubramanian ops.li...@gmail.com wrote: http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/ -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Outage between GBLX and HE?
On 11/16/10 8:32 PM, Brielle Bruns wrote: Hey All, Sorry to bother the list, but I'm noticing that I've got no connectivity to Hurricane Electric through GBLX from my Qwest DSL. In this case, I'm trying to get to tunnelbroker.net: ... 3 184-99-65-41.boid.qwest.net (184.99.65.41) 38.438 ms 49.250 ms 38.459 ms 4 sea-brdr-02.inet.qwest.net (67.14.41.14) 60.071 ms 53.198 ms 54.223 ms 5 te8-3-10g.ar5.sea1.gblx.net (64.208.110.141) 294.182 ms 437.842 ms * 6 * * * Testing out through the T1 which goes via twtelecom works fine, as does from co-loc in Seattle which goes through Integra. Don't suppose anyone else is noticing this as well? Asymmetrical routing for the win. Did a trace from HE's LG to the DSL: core1.fmt1.he.net traceroute 65.102.72.22 numeric Tracing the route to IP node from 1 to 30 hops 119 ms 1 ms1 ms 66.160.158.242 214 ms3 ms1 ms 213.248.86.53 3 1 ms1 ms1 ms 213.248.87.50 4* * * ? 5* * * ? 6* * * ? 7* * * ? IP: Errno(8) Trace Route Failed, no response from target node. # Entry cached for another 32 seconds. Since i'm taking two separate paths, I'm not sure where the problem is exactly. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
Re: Outage between GBLX and HE?
Brielle Bruns wrote: On 11/16/10 8:32 PM, Brielle Bruns wrote: Hey All, Sorry to bother the list, but I'm noticing that I've got no connectivity to Hurricane Electric through GBLX from my Qwest DSL. 7* * * ? IP: Errno(8) Trace Route Failed, no response from target node. # Entry cached for another 32 seconds. Since i'm taking two separate paths, I'm not sure where the problem is exactly. Did you reboot your computer? (running and ducking!)
Re: Outage between GBLX and HE?
Tammy A. Wisdom wrote: - Original Message - From: Mike mike-na...@tiedyenetworks.com Cc: nanog@nanog.org Sent: Tuesday, November 16, 2010 9:38:57 PM Subject: Re: Outage between GBLX and HE? Brielle Bruns wrote: On 11/16/10 8:32 PM, Brielle Bruns wrote: *snip* Did you reboot your computer? (running and ducking!) Gee so helpful. I hope you enjoyed looking like a fuckwit on nanog. are you sure that's appropriate here?
Re: Outage between GBLX and HE?
On Wed, Nov 17, 2010 at 12:00 AM, Mike mike-na...@tiedyenetworks.com wrote: Tammy A. Wisdom wrote: - Original Message - From: Mike mike-na...@tiedyenetworks.com Cc: nanog@nanog.org Sent: Tuesday, November 16, 2010 9:38:57 PM Subject: Re: Outage between GBLX and HE? Brielle Bruns wrote: On 11/16/10 8:32 PM, Brielle Bruns wrote: *snip* Did you reboot your computer? (running and ducking!) Gee so helpful. I hope you enjoyed looking like a fuckwit on nanog. are you sure that's appropriate here? I'm seeing he.net routes via GBLX peer 3549 6939 6939 Origin IGP, localpref 100, valid, external Community: 3549:4143 3549:30840 GBLX looking glass returns proper peering 1 64.214.13.1 (64.214.13.1) 135.800 ms 151.677 ms 2 Hurrican-Electric-LLC.Port-channel100.ar3.SJC2.gblx.net(64.214.174.246) 86.407 ms 76.988 ms 3 10gigabitethernet1-1.core1.fmt1.he.net (72.52.92.109) 79.397 ms 90.276 ms I'm going with reboot computer
Re: Outage between GBLX and HE?
On 11/16/10 10:07 PM, Mark Wall wrote: I'm seeing he.net routes via GBLX peer 3549 6939 6939 Origin IGP, localpref 100, valid, external Community: 3549:4143 3549:30840 GBLX looking glass returns proper peering 1 64.214.13.1 (64.214.13.1) 135.800 ms 151.677 ms 2 Hurrican-Electric-LLC.Port-channel100.ar3.SJC2.gblx.net(64.214.174.246) 86.407 ms 76.988 ms 3 10gigabitethernet1-1.core1.fmt1.he.net (72.52.92.109) 79.397 ms 90.276 ms I'm going with reboot computer :P yeah, if only it was that simple. -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
Re: The i-root china reroute finally makes fox news. And congress.
On Nov 17, 2010, at 1:08 AM, Suresh Ramasubramanian wrote: http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/ I have read the article and the list, and I'm puzzled. It's pretty clear that the root gets its records from a common source, and that the copies of them being delivered by a given root server were different. As a result, traffic intended to go place A went to place B if the TLD lookup happened to go to the particular root server in question. How did an instance of the root server find itself serving changed records? While there is no obvious indication of who made the change or for what reason, it's unlikely it was accidental. Not sure what Glenn Beck, Fox News, or Godwin's Law have to do with it. There was a technical event that resulted in misrouting of traffic, and while international concerns regarding it had political overtones, the technical event is not a political one. If it was your traffic that had been misrouted, you might have issued expressions of concern. So why respond to it with a political response? Sounds to me like one of the arguments for DNSSEC deployment...
Re: The i-root china reroute finally makes fox news. And congress.
Man in the middle rewriting of DNS query responses is the only thing I can think of. On Wed, Nov 17, 2010 at 11:47 AM, Fred Baker f...@cisco.com wrote: I have read the article and the list, and I'm puzzled. It's pretty clear that the root gets its records from a common source, and that the copies of them being delivered by a given root server were different. As a result, traffic intended to go place A went to place B if the TLD lookup happened to go to the particular root server in question. How did an instance of the root server find itself serving changed records? While there is no obvious indication of who made the change or for what reason, it's unlikely it was accidental. -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: The i-root china reroute finally makes fox news. And congress.
On Nov 16, 2010, at 8:17 PM, Fred Baker wrote: http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/ I have read the article and the list, and I'm puzzled. It's pretty clear that the root gets its records from a common source, and that the copies of them being delivered by a given root server were different. Hard to decipher what the Fox report is actually talking about, but I suspect it relates to http://www.renesys.com/blog/2010/06/two-strikes-i-root.shtml Not sure what Glenn Beck, Fox News, or Godwin's Law have to do with it. There was a technical event that resulted in misrouting of traffic, and while international concerns regarding it had political overtones, the technical event is not a political one. If it was your traffic that had been misrouted, you might have issued expressions of concern. So why respond to it with a political response? As for political vs. technical, it feels (particularly given the Fox report is sourced from a paper on US-China relations) like yet more cyber war drum beating, but that might just be me. Sounds to me like one of the arguments for DNSSEC deployment... DNSSEC would let you know something odd happened (if you're doing a DNS lookup, have validation turned on, and can tell the difference between SERVFAIL generated stub resolver timeout and a random Internet brokenness), although it doesn't really give you any tools to fix it. What really needs to be fixed is routing by rumor. Regards, -drc
