Re: All in favor or.....

[Larry Sheldon]

On 10/28/2015 19:15, Matthew Petach wrote:

I work 8 hours a day...

...and then I work another 8.


A long time ago, in a place far, far away, the PTB determined that we 
should change from a three-team, three-8-hour shifts, 5 days a week 
("days", "evenings", and "nights" (aka "graves" or "graveyard") for 7 x 
24 coverage, to a four-team, 12 1/2 hour day 3 day week (and you know, I 
have forgotten how we covered the 7th day!).


For the 2nd-level managers like me, the reaction was "Wow!  I will only 
have to work 12-18 hours three days a week!

--
sed quis custodiet ipsos custodes? (Juvenal)

Re: speedtest vs geo-coding IP info

[Mike Hammett]

Agreed. If you have more than a /29, it needs to be SWIPed to you regardless. 
Then you have a little more authority with getting GeoIP changes made. 




- 
Mike Hammett 
Intelligent Computing Solutions 
http://www.ics-il.com 



Midwest Internet Exchange 
http://www.midwest-ix.com 


- Original Message -

From: "Josh Luthman"  
To: "Lorell Hathcock"  
Cc: "NANOG list"  
Sent: Wednesday, October 28, 2015 5:40:59 PM 
Subject: Re: speedtest vs geo-coding IP info 

Your block should be SWIP'ed irrelevant of geolocation/Speedtest server/etc 
if it's sizable. 


Josh Luthman 
Office: 937-552-2340 
Direct: 937-552-2343 
1100 Wayne St 
Suite 1337 
Troy, OH 45373 

On Wed, Oct 28, 2015 at 6:39 PM, Lorell Hathcock  
wrote: 

> All: 
> 
> 
> 
> Very helpful. Another also helped me track down that Ookla uses 
> MaxMind.com for their GeoIP data. I was able to submit a GeoIP location 
> correction request. A guy at speedtest.net suggested that MaxMind may 
> pay me no mind because my upstream ISP may need to submit the request. 
> That makes perfect sense to me, but it doesn’t hurt to try I hope. 
> 
> 
> 
> Thanks NANOG! You’re the best! 
> 
> 
> 
> -L 
> 
> 
> 
> *From:* Josh Luthman [mailto:j...@imaginenetworksllc.com] 
> *Sent:* Wednesday, October 28, 2015 4:18 PM 
> *To:* Lorell Hathcock  
> *Cc:* NANOG list  
> *Subject:* Re: speedtest vs geo-coding IP info 
> 
> 
> 
> Best resource: http://nanog.cluepon.net/index.php/GeoIP 
> 
> Been down for a good long time now 
> 
> 
> 
> This is the only copy I know of it: 
> 
> 
> http://web.archive.org/web/20130122055317/http://nanog.cluepon.net/index.php/GeoIP
>  
> 
>  
> 
> 
> 
> 
> Josh Luthman 
> Office: 937-552-2340 
> Direct: 937-552-2343 
> 1100 Wayne St 
> Suite 1337 
> Troy, OH 45373 
> 
> 
> 
> On Wed, Oct 28, 2015 at 5:06 PM,  wrote: 
> 
> Legions of NANOG: 
> 
> 
> 
> Here's an interesting problem. 
> 
> 
> 
> My customers are running speedtests from Ookla's speedtest.net site. The 
> default site is in Kansas and not in Texas where we receive our internet 
> connection. 
> 
> 
> 
> Questions: 
> 
> 1. How do I go about viewing the geo-coded data that accompanies my 
> IP 
> addresses? This is obviously a database that is kept for geo-coding 
> purposes. The whois info for the block in question traces back to a 
> superblock formerly owned by PSINet, Inc and has a Washington, DC address. 
> I conclude that the geo-coding used by speedtest.net is not from the whois 
> database. 
> 
> 2. If I pestered my carrier to SWIP the IP address block to me (as 
> they should have?) would that help me solve my problem? 
> 
> 3. Is there anything else I need to be thinking of that would help me 
> have better control of my geo-coding info? Are there third-party self sign 
> up/volunteer database which house geo-coding info? 
> 
> 
> 
> Thanks in advance! 
> 
> 
> 
> Sincerely, 
> 
> 
> 
> Lorell Hathcock 
> 
> Chief Technology Officer 
> 
> 
> 
> 
> 
> 
> SolStar Network, LLC 
> 
> Communications 
> 
> FIBER - VOIP - SECURITY - TV 
> 
> FTTH - Commercial - Residential 
> 
> Burglar - Access Control 
> 
> 956-478-5955 (cell) - 956-316-4090 (main) 
> 
>  lor...@solstarnetwork.com 
> 
>  www.SolStarNetwork.com 
> 
> TX License #B19998 
> 
> 
> 
> 
> 
> 

Re: speedtest vs geo-coding IP info

[Josh Luthman]

Your block should be SWIP'ed irrelevant of geolocation/Speedtest server/etc
if it's sizable.


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Oct 28, 2015 at 6:39 PM, Lorell Hathcock 
wrote:

> All:
>
>
>
> Very helpful.  Another also helped me track down that Ookla uses
> MaxMind.com for their GeoIP data.  I was able to submit a GeoIP location
> correction request.  A guy at speedtest.net suggested that MaxMind may
> pay me no mind because my upstream ISP may need to submit the request.
> That makes perfect sense to me, but it doesn’t hurt to try I hope.
>
>
>
> Thanks NANOG!  You’re the best!
>
>
>
> -L
>
>
>
> *From:* Josh Luthman [mailto:j...@imaginenetworksllc.com]
> *Sent:* Wednesday, October 28, 2015 4:18 PM
> *To:* Lorell Hathcock 
> *Cc:* NANOG list 
> *Subject:* Re: speedtest vs geo-coding IP info
>
>
>
> Best resource: http://nanog.cluepon.net/index.php/GeoIP
>
> Been down for a good long time now
>
>
>
> This is the only copy I know of it:
>
>
> http://web.archive.org/web/20130122055317/http://nanog.cluepon.net/index.php/GeoIP
> 
>
>
>
>
> Josh Luthman
> Office: 937-552-2340
> Direct: 937-552-2343
> 1100 Wayne St
> Suite 1337
> Troy, OH 45373
>
>
>
> On Wed, Oct 28, 2015 at 5:06 PM,  wrote:
>
> Legions of NANOG:
>
>
>
> Here's an interesting problem.
>
>
>
> My customers are running speedtests from Ookla's speedtest.net site.  The
> default site is in Kansas and not in Texas where we receive our internet
> connection.
>
>
>
> Questions:
>
> 1.   How do I go about viewing the geo-coded data that accompanies my
> IP
> addresses?  This is obviously a database that is kept for geo-coding
> purposes.  The whois info for the block in question traces back to a
> superblock formerly owned by PSINet, Inc and has a Washington, DC address.
> I conclude that the geo-coding used by speedtest.net is not from the whois
> database.
>
> 2.   If I pestered my carrier to SWIP the IP address block to me (as
> they should have?) would that help me solve my problem?
>
> 3.   Is there anything else I need to be thinking of that would help me
> have better control of my geo-coding info?  Are there third-party self sign
> up/volunteer database which house geo-coding info?
>
>
>
> Thanks in advance!
>
>
>
> Sincerely,
>
>
>
> Lorell Hathcock
>
> Chief Technology Officer
>
>
>
>
>
>
> SolStar Network, LLC
>
> Communications
>
> FIBER - VOIP - SECURITY - TV
>
> FTTH - Commercial - Residential
>
> Burglar - Access Control
>
> 956-478-5955 (cell) - 956-316-4090 (main)
>
>   lor...@solstarnetwork.com
>
>   www.SolStarNetwork.com
>
> TX License #B19998
>
>
>
>
>
>

RE: speedtest vs geo-coding IP info

[Lorell Hathcock]

All:

 

Very helpful.  Another also helped me track down that Ookla uses MaxMind.com 
for their GeoIP data.  I was able to submit a GeoIP location correction 
request.  A guy at speedtest.net suggested that MaxMind may pay me no mind 
because my upstream ISP may need to submit the request.  That makes perfect 
sense to me, but it doesn’t hurt to try I hope.

 

Thanks NANOG!  You’re the best!

 

-L

 

From: Josh Luthman [mailto:j...@imaginenetworksllc.com] 
Sent: Wednesday, October 28, 2015 4:18 PM
To: Lorell Hathcock 
Cc: NANOG list 
Subject: Re: speedtest vs geo-coding IP info

 

Best resource: http://nanog.cluepon.net/index.php/GeoIP

Been down for a good long time now

 

This is the only copy I know of it:

http://web.archive.org/web/20130122055317/http://nanog.cluepon.net/index.php/GeoIP
 

 




 

Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

 

On Wed, Oct 28, 2015 at 5:06 PM, mailto:lor...@hathcock.org> > wrote:

Legions of NANOG:



Here's an interesting problem.



My customers are running speedtests from Ookla's speedtest.net 
  site.  The
default site is in Kansas and not in Texas where we receive our internet
connection.



Questions:

1.   How do I go about viewing the geo-coded data that accompanies my IP
addresses?  This is obviously a database that is kept for geo-coding
purposes.  The whois info for the block in question traces back to a
superblock formerly owned by PSINet, Inc and has a Washington, DC address.
I conclude that the geo-coding used by speedtest.net   is 
not from the whois
database.

2.   If I pestered my carrier to SWIP the IP address block to me (as
they should have?) would that help me solve my problem?

3.   Is there anything else I need to be thinking of that would help me
have better control of my geo-coding info?  Are there third-party self sign
up/volunteer database which house geo-coding info?



Thanks in advance!



Sincerely,



Lorell Hathcock

Chief Technology Officer






SolStar Network, LLC

Communications

FIBER - VOIP - SECURITY - TV

FTTH - Commercial - Residential

Burglar - Access Control

956-478-5955   (cell) - 956-316-4090   
(main)

  > 
lor...@solstarnetwork.com  

  www.SolStarNetwork.com 
 

TX License #B19998






 

Re: Uptick in spam

[Octavio Alvarez]

On 27/10/15 05:40, Jutta Zalud wrote:
>>> But it is originating all from different IP addresses. Who knows if this
>>> is an attack to get *@jdlabs.fr blocked from NANOG and is just getting
>>> its goal accomplished.
>>
>> This is the part that's been bugging me.  Doesn't the NANOG server
>> implement SPF checking on inbound list mail?  jdlabs.fr doesn't appear to
>> have an SPF record published.  It seems to me that these messages should
>> have been dropped during the connection.

Well... an empty record is pretty much the same as "?all" anyway. The
correct interpretation from the receiving MTA is "The SPF (if it exists)
doesn't say if this is spam or not".

This could, of course, vary from implementation to implementation.

> If it does (which I don't know), it will probably check the SPF record
> of the delivering mailserver, which was not *.jdlabs.fr as far as I can
> see from the mailheaders.

And also, most of the MX records end in ~all or ?all anyway, and ?all is
the default if no "all" is defined, and the lack of jdlabs.fr SPF record
is the equivalent of being defined as "?all".

I now wonder if there is *really* a case for the ~ and ? operators in
SPF and if we could deprecate ?all and ~all, and change the default to
-all, by RFC. This would be just to make SPF useful. In its current
state it asserts nothing, and --by its definition-- it forces no work
from anybody.

Best regards.

Re: speedtest vs geo-coding IP info

[Josh Luthman]

Best resource: http://nanog.cluepon.net/index.php/GeoIP
Been down for a good long time now

This is the only copy I know of it:
http://web.archive.org/web/20130122055317/http://nanog.cluepon.net/index.php/GeoIP


Josh Luthman
Office: 937-552-2340
Direct: 937-552-2343
1100 Wayne St
Suite 1337
Troy, OH 45373

On Wed, Oct 28, 2015 at 5:06 PM,  wrote:

> Legions of NANOG:
>
>
>
> Here's an interesting problem.
>
>
>
> My customers are running speedtests from Ookla's speedtest.net site.  The
> default site is in Kansas and not in Texas where we receive our internet
> connection.
>
>
>
> Questions:
>
> 1.   How do I go about viewing the geo-coded data that accompanies my
> IP
> addresses?  This is obviously a database that is kept for geo-coding
> purposes.  The whois info for the block in question traces back to a
> superblock formerly owned by PSINet, Inc and has a Washington, DC address.
> I conclude that the geo-coding used by speedtest.net is not from the whois
> database.
>
> 2.   If I pestered my carrier to SWIP the IP address block to me (as
> they should have?) would that help me solve my problem?
>
> 3.   Is there anything else I need to be thinking of that would help me
> have better control of my geo-coding info?  Are there third-party self sign
> up/volunteer database which house geo-coding info?
>
>
>
> Thanks in advance!
>
>
>
> Sincerely,
>
>
>
> Lorell Hathcock
>
> Chief Technology Officer
>
>
>
>
>
>
> SolStar Network, LLC
>
> Communications
>
> FIBER - VOIP - SECURITY - TV
>
> FTTH - Commercial - Residential
>
> Burglar - Access Control
>
> 956-478-5955 (cell) - 956-316-4090 (main)
>
>   lor...@solstarnetwork.com
>
>   www.SolStarNetwork.com
>
> TX License #B19998
>
>
>
>
>
>

speedtest vs geo-coding IP info

[lorell]

Legions of NANOG:

 

Here's an interesting problem.

 

My customers are running speedtests from Ookla's speedtest.net site.  The
default site is in Kansas and not in Texas where we receive our internet
connection.

 

Questions:

1.   How do I go about viewing the geo-coded data that accompanies my IP
addresses?  This is obviously a database that is kept for geo-coding
purposes.  The whois info for the block in question traces back to a
superblock formerly owned by PSINet, Inc and has a Washington, DC address.
I conclude that the geo-coding used by speedtest.net is not from the whois
database.

2.   If I pestered my carrier to SWIP the IP address block to me (as
they should have?) would that help me solve my problem?

3.   Is there anything else I need to be thinking of that would help me
have better control of my geo-coding info?  Are there third-party self sign
up/volunteer database which house geo-coding info?

 

Thanks in advance!

 

Sincerely,

 

Lorell Hathcock

Chief Technology Officer

 




SolStar Network, LLC

Communications

FIBER - VOIP - SECURITY - TV

FTTH - Commercial - Residential

Burglar - Access Control

956-478-5955 (cell) - 956-316-4090 (main)

  lor...@solstarnetwork.com

  www.SolStarNetwork.com

TX License #B19998

 

 

Anyone here from Orbitz?

[Andy Ringsmuth]

Any chance someone on the list from Orbitz?

Car rentals are suddenly impossible to book. It seems there’s a session timeout 
set to essentially zero. Selecting a vehicle returns this URL:

http://www.orbitz.com/shop/home?errorId=3207

And an error of “We’ve noticed you’ve been away from this page for a while and 
your session has timed out. Please try again.”




Andy Ringsmuth
a...@newslink.com
News Link – Manager Travel, Technology & Facilities
2201 Winthrop Rd., Lincoln, NE 68502-4158
(402) 475-6397(402) 304-0083 cellular

Re: AW: Uptick in spam

[Jim Popovitch]

On Wed, Oct 28, 2015 at 3:44 AM, Octavio Alvarez
 wrote:
>
>
> On 10/27/2015 05:09 AM, Ian Smith wrote:
>>
>> On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez
>> mailto:octalna...@alvarezp.org>> wrote:
>>
>> On 26/10/15 11:38, Jürgen Jaritsch wrote:
>> 
>>
>> But it is originating all from different IP addresses. Who knows if
>> this
>> is an attack to get *@jdlabs.fr  blocked from
>> NANOG and is just getting
>> its goal accomplished.
>>
>>
>>
>> This is the part that's been bugging me.  Doesn't the NANOG server
>> implement SPF checking on inbound list mail? jdlabs.fr
>>  doesn't appear to have an SPF record published.  It
>> seems to me that these messages should have been dropped during the
>> connection.
>
>
> That doesn't stop spam from hijacked accounts.
>
> For this case, an account was compromised, apparently.

There was no account compromise, it was only oddball webservers that
were compromised and then used in a spam run where the From was set to
a nanog subscriber's email address.

> What if after 6 messages in the last 5 minutes with the same or absent
> 'In-Reply-To' moves he account to moderation mode.
>
> Easier said than implemented, though.
>

This is already under consideration, by me, for a mailman patch.
It's a good idea that has been around for a while and is well worth
having as an option.

-Jim P.

Re: spam smackdown?

[William Herrin]

On Mon, Oct 26, 2015 at 3:03 PM, Patrick W. Gilmore  wrote:
> 3) Anyone who feels this is so frickin’ bad it is unbearable, and
> knows they could do SO MUCH BETTER themselves, should
> volunteer for the Communications Committee. Otherwise,
> everyone should thank the unpaid volunteers for their gracious
> and excellent work day after day, year after year. Or just STFU.

Yes, yes, the volunteers are all wonderful people and can I get a
hip-hip-hooray. Nevertheless, before I "STFU" I would politely suggest
that volunteering to perform a function for which one is not prepared
to put in the needed effort is generally worse than not volunteering
at all. Volunteering blocks other would-be volunteers for the same
effort. Even if there are no other volunteers, it prevents the
function from being farmed out to a paid service with the appropriate
diligence and expertise.

I would urge the current volunteers to careful consider whether
they're willing and able to put in the exceptional effort and
commitment of time and availability needed to competently operate a
mailing list server on today's Internet. Failing to halt a spam flood
in a timely manner does not exhibit a reasonable level of commitment
to the task.

One simply can't walk away from a mail server for a couple of days any
more. Even volunteer efforts require the kind of monitoring and
on-call rotations we all use in our professional lives.

Regards,
Bill Herrin


-- 
William Herrin  her...@dirtside.com  b...@herrin.us
Owner, Dirtside Systems . Web: 

Re: IPligence?

[Matt Mather]

If anyone does have or obtains a contact I would appreciate a copy it too. I 
have a similar issue and I concur that they do not respond to emails.

Regards,

Matt

> On 28 Oct 2015, at 16:58, Dennis Burgess  wrote:
>
> Anyone have a contact for Ipligence, looks like a company out of Spain that 
> does geoip database work.  They have some issues with their database, and 
> can't find a way to get in contact with them.  They don't answer their 
> support e-mails.
>
> Thanks,
>
> [DennisBurgessSignature]
> www.linktechs.net - 314-735-0270 x103 - 
> dmburg...@linktechs.net
>


Matt Mather
Border Network & Transit Design Technical Lead

T:  0333 240 3348
M:  07848 026 072
E:  matt.mat...@gamma.co.uk
W:  www.gamma.co.uk

This is an email from Gamma Telecom Ltd, trading as “Gamma”. The contents of 
this email are confidential to the ordinary user of the email address to which 
it was addressed. This email is not intended to create any legal relationship. 
No one else may place any reliance upon it, or copy or forward all or any of it 
in any form (unless otherwise notified). If you receive this email in error, 
please accept our apologies, we would be obliged if you would telephone our 
postmaster on +44 (0) 808 178 9652 or email postmas...@gamma.co.uk

Gamma Telecom Limited, a company incorporated in England and Wales, with 
limited liability, with registered number 04340834, and whose registered office 
is at 5 Fleet Place London EC4M 7RD and whose principal place of business is at 
Kings House, Kings Road West, Newbury, Berkshire, RG14 5BY.

Re: *tap tap* is this thing on?

[Dovid Bender]

The reason they are the big boys is because they don't fund such operations. 
They see money before what you call obligations. Right or wrong they will sell 
a product if they think they can make it work. Making it work is all 
subjective. You say it means handling abuse complaints while they say it means 
the client being connected and able to ping the world.


--Original Message--
From: Rich Kulawiec
Sender: NANOG
To: nanog@nanog.org
Subject: Re: *tap tap* is this thing on?
Sent: Oct 27, 2015 06:30

On Mon, Oct 26, 2015 at 02:48:59PM -0600, Brielle Bruns wrote:
> I get it that it is hard for large providers to be proactive about
> things going on due to the sheer size of their networks, but come
> on. That excuse only works for so long.

1. It's not hard.  It's far easier for large providers than small ones,
although many of them flat-out lie and claim the opposite.

2. Whatever happened to "never build what you can't control?"  If you
can't stop your operation from emitting abuse, you should shut it down.
Immediately.  That's what professionals do.

3. Large providers pretend to be "leaders", but are among the worst in
terms of actually leading by example.  Just try getting a response from
them via postmaster@ or abuse@.  Of course these large operations should
individually answer *every* message to those addresses promptly, 24x7,
and initiate immediate investigation/remediation on *every* complaint.
That's baseline operational competence 101, and given their enormous
financial and personnel resources, it would require only a tiny amount
of resources.  But they don't -- and everyone else pays the price for it.

---rsk

Regards,

Dovid

IPligence?

[Dennis Burgess]

Anyone have a contact for Ipligence, looks like a company out of Spain that 
does geoip database work.  They have some issues with their database, and can't 
find a way to get in contact with them.  They don't answer their support 
e-mails.

Thanks,

[DennisBurgessSignature]
www.linktechs.net - 314-735-0270 x103 - 
dmburg...@linktechs.net

Global Crossing contact

[Jim McBurnett]

Hi folks,
Sorry to add to the noise level, but need to reach someone at level2/3 at 
Global crossing for a pathing issue.
Please contact me offlist so we can figure out where some traffic is being lost.

Thanks,
Jim


[cid:image321144.PNG@13411130.448fc74e]
   Jim McBurnett  | Senior Network Engineer
TGA Solutions
13891 Asheville Highway | Inman, SC 29349
Tel (864) 473-1200  | Support 864-708-0616

Website |  Email
  [cid:image48ea14.GIF@cce627af.4c881bf4] 
 [cid:image0cd093.GIF@9be97be4.4185bb9a] 
 
 
[cid:image334971.GIF@85a3af4d.489311ca] 
 
[cid:image6b6966.GIF@ef589bf0.4db7e941]  




[cid:image2cf82a.PNG@a3058521.419c8c19]

Re: DNSSEC broken for login.microsoftonline.com

[Tony Finch]

Bruce Curtis  wrote:

>   Drill run on one of our name servers shows that the error is
>
>   Existence denied: microsoftonline.com

No, drill just says there are no DS records which means the domain is
insecure so any problems with it should be unrelated to DNSSEC.

> [T] Existence denied: microsoftonline.com. DS
> ;; No ds record for delegation
> ;; Domain: microsoftonline.com.
> ;; No DNSKEY record found for microsoftonline.com.
> ;; No DS for login.microsoftonline.com.;; No ds record for delegation
> ;; Domain: login.microsoftonline.com.
> ;; No DNSKEY record found for login.microsoftonline.com.

Tony.
-- 
f.anthony.n.finchhttp://dotat.at/
North Utsire: Variable 4, but southeasterly 5 to 7 in southwest, perhaps gale
8 later in far southwest. Rough in southwest, otherwise slight or moderate.
Fair. Good.

Re: AW: Uptick in spam

[Octavio Alvarez]

On 10/27/2015 05:09 AM, Ian Smith wrote:

On Mon, Oct 26, 2015 at 9:40 PM, Octavio Alvarez
mailto:octalna...@alvarezp.org>> wrote:

On 26/10/15 11:38, Jürgen Jaritsch wrote:


But it is originating all from different IP addresses. Who knows if this
is an attack to get *@jdlabs.fr  blocked from
NANOG and is just getting
its goal accomplished.



This is the part that's been bugging me.  Doesn't the NANOG server
implement SPF checking on inbound list mail? jdlabs.fr
 doesn't appear to have an SPF record published.  It
seems to me that these messages should have been dropped during the
connection.


That doesn't stop spam from hijacked accounts.

For this case, an account was compromised, apparently. What if after 6 
messages in the last 5 minutes with the same or absent 'In-Reply-To' 
moves the account to moderation mode.


Easier said than implemented, though.