Re: NANOG is moderated?

[Andrew Kirch]

Interesting as very few would call me moderate!

Andrew

On Wed, Feb 21, 2018 at 7:08 PM Scott Weeks  wrote:

>
>
>
> Is NANOG now moderated?  Can the folks with the purple
> robes and wizard hats please allow me back in? :-)
>
> scott
>
>
>
> --- Begin forwarded message:
>
> From: nanog-ow...@nanog.org
> To: sur...@mauigateway.com
> Subject: Your message to NANOG awaits moderator approval
> Date: Wed, 21 Feb 2018 22:18:53 +
>
> Your mail to 'NANOG' with the subject
>
> Re: User on list from carid.com sending automated replies
>
> Is being held until the list moderator can review it for approval.
>
> The reason it is being held:
>
> Post to moderated list
>
> Either the message will get posted to the list, or you will receive
> notification of the moderator's decision.  If you would like to cancel
> this posting, please visit the following URL:
>
>
> https://mailman.nanog.org/mailman/confirm/nanog/69d14ed29585586fdcd7c404c5718aeb48f20746
>
>
>
> --
>
>
>
>
>
> MIME-Version:   1.0
> Errors-To:   nanog-boun...@nanog.org
> X-Mailman-Version:   2.1.20
> Message-ID:   
> Content-Type:   text/plain; charset="utf-8"
> Received:   from mail.nanog.org (mail.nanog.org [50.31.151.76])by
> m0116960.mta.everyone.net (EON-INBOUND) with ESMTP id
> m0116960.5a34abbb.31f472bfor ; Wed, 21 Feb 2018
> 14:18:55 -0800
>from mail.nanog.org (localhost [IPv6:::1])by mail.nanog.org (Postfix)
> with ESMTP id E5367160066for ; Wed, 21 Feb 2018
> 22:18:54 + (UTC)
> X-Eon-DM:   m0116960.ppops.net
> Subject:   Your message to NANOG awaits moderator approval
> Return-Path:   
> Sender:   "NANOG" 
> Date:   Wed, 21 Feb 2018 22:18:53 +
> Precedence:   bulk
> X-List-Administrivia:   yes
> X-Beenthere:   nanog@nanog.org
> To:   sur...@mauigateway.com
> List-ID:   North American Network Operators Group 
> Content-Transfer-Encoding:   base64
>
>
> From:   nanog-ow...@nanog.org
> SpamShield Pro Actions...Report spam & move to: Trash Approve senders
>
>
>
>
>
>

Re: list blockchain

[Andrew Kirch]

On Sun, Jan 28, 2018 at 12:52 PM John Levine  wrote:

> In article  you write:
> >why is no one exploring converting this mailing list to a blockchain?
> >major missed opportunity.  
>
> Ssshhh, we're in the quiet period before the IPO.
>
> Block chain?  We can’t get half these people to adopt IPv6.

Re: Leasing /22

[Andrew Kirch]

On Fri, Jan 19, 2018 at 4:59 PM Ryan Gard  wrote:

> We're on the hunt yet again for an additional /22 to lease, and are
> wondering what the best options are out there?
>
> Our usual suspects that we've reached out to in the past seem to be plum
> out... Any recommendations?
>
> Thanks!
>
> --
> Ryan Gard
>
Have you considered IPv6?

Re: Threads that never end (was: Waste will kill ipv6 too)

[Andrew Kirch]

Lets say the worst case scenario is that we exhaust IPv6 at a rate
MASSIVELY higher than planned.  Can't we all just do this again in like 80
years?  I don't get why anyone cares so much that this thread won't die.

Speaking of dying, I'll be dead by then anyway.

Andrew

On Sat, Dec 30, 2017 at 11:36 PM, Randy Bush  wrote:

> > If anyone wants to TL;DR
>
> moe: 2^128 is effectively infinita
> larry: we thought 2^32 was effectively infinite
> curly: we'll never need more than 640k
> thomas watson: i think there is a world market for maybe five computers
>

Re: replacing compromised biometric authenticators

[Andrew Kirch]

Since I'm not squeamish about such things, I do have tin snips and will
happily assist in revocation of compromised biometric authentication
factors.

Andrew

On Wed, Oct 11, 2017 at 5:04 PM, Ken Chase  wrote:

> (forking the thread here..)
>
> Biometrics are still the new hotness out in North America. Cologix whom I
> deal
> with in Canada has a dozen and a half odd POPs in canada/usa and I think
> has
> fingerprinting at all sites.
>
> If the current best operating practice is to avoid biometrics, why are they
> still in use out here? Has anyone gotten the message? Is anyone in North
> America
> ripping them out yet?
>
> Other factors include your country's privacy regulations for storing
> irreplaceable personal information, the burden of which might not be worth
> the security 'benefit'.
>
> /kc
>
>
> On Wed, Oct 11, 2017 at 04:46:02PM -0400, William Herrin said:
>   >On Wed, Oct 11, 2017 at 4:32 PM, J??rg Kost  wrote:
>   >
>   >> Do you guys still at least have biometric access control devices at
> your
>   >> Level3 dc? They even removed this things at our site, because there
> is no
>   >> budget for a successor for the failing unit. And to be consistent,
> they
>   >> event want to remove all biometric access devices at least across
> Germany.
>   >>
>   >
>   >Hi  J??rg,
>   >
>   >IMO, biometric was a gimmick in the first place and a bad idea when
>   >carefully considered. All authenticators can be compromised. Hence, all
>   >authenticators must be replaceable following a compromise. If one of
> your
>   >DCs' palm vein databases is lost, what's your plan for replacing that
> hand?
>   >
>   >Regards,
>   >Bill Herrin
>   >
>   >
>   >--
>   >William Herrin  her...@dirtside.com  b...@herrin.us
>   >Dirtside Systems . Web: 
>
> --
> Ken Chase - m...@sizone.org Guelph Canada
>

Spectrum web cache engineer

[Andrew Kirch]

Would a Spectrum engineer please contact me off list?  It appears you're
caching an expired certificate for https://www.icei.org.

The issue is tested/working everywhere else.

Thanks!

Andrew

Re: I'm getting these bounce messages for some bizarre reason.

[Andrew Kirch]

It's probably subspace interference caused by high levels of neutrinos.

On Wed, May 24, 2017 at 8:43 PM, Large Hadron Collider <
large.hadron.colli...@gmx.com> wrote:

> Would you on the fine mailing list be able to find out what's going on
> here?
>
>
>
>  Forwarded Message 
> Subject:Delivery Status Notification(Failure)
> Date:   Wed, 24 May 2017 19:01:29 GMT
> From:   postmas...@o2email.co.uk
> To: large.hadron.colli...@gmx.com
>
>
>
> Your message:
> To: piers.stur...@o2email.co.uk
> Subject: Re: Please run windows update now
> Sent Date: Tue May 16 18:04:19 2017 +
> has not been delivered to the recipient's BlackBerry Handheld.
>
>
>
>

Re: Spectrum/TimeWarner IPv6 routing issue

[Andrew Kirch]

I'm a Time Warner/Spectrum customer and to date haven't been able to
discern that they have any clue what IPv6 is.  If it's available please
contact me off list and tell me how to get it.

Andrew

On Tue, May 9, 2017 at 3:13 PM, Jason Pope  wrote:

> All,
>
> I apologize for doing this, but is there anyone on the list with
> Spectrum/TimeWarner that would be willing to discuss (via e-mail) an IPv6
> routing issue to a cable modem? I can't put more time in with the normal
> support gauntlet.
>
> Thanks in advance!
> Jason
>

Re: PSN (Playstation Network) security team

[Andrew Kirch]

Arrogance almost always proceeds humiliation.

Andrew

On Fri, Apr 28, 2017 at 12:39 AM, John A. Kilpatrick 
wrote:

> Which is kinda funny when you think about it.
>
> --
>John A. Kilpatrick
> j...@hypergeek.netEmail| http://www.hypergeek.net/
> john-p...@hypergeek.net  Text pages|  ICQ: 19147504
>  remember:  no obstacles/only challenges
>
> > On Apr 27, 2017, at 1:51 PM, Tony Wicks  wrote:
> >
> > snei-noc-ab...@am.sony dot com
> >
> > Good luck with that! Sony is uniquely difficult to deal with when it
> comes to the arrogance of their "security" people at PSN.
> >
> >
> >
> > -Original Message-
> > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Josh Luthman
> > Sent: Friday, 28 April 2017 7:27 AM
> > To: NANOG list 
> > Subject: PSN (Playstation Network) security team
> >
> > I'm hoping someone here can reach out to me from the department that
> deals with automatically blocking IPs.  As far as I can tell they're all in
> the same /24.  The phone support is completely worthless in this situation
> (I'm supposed to change my ISP).
> >
> > Josh Luthman
> > Office: 937-552-2340
> > Direct: 937-552-2343
> > 1100 Wayne St
> > Suite 1337
> > Troy, OH 45373
> >
>

Re: Wanted: volunteers with bandwidth/storage to help save climate data

[Andrew Kirch]

I can't for the life of me see why we'd have to deal with it in the course
of our jobs beyond calling someone and having them install more A/C.  This
is, flat-out, off topic.

Andrew

On Wed, Dec 21, 2016 at 9:15 PM, Royce Williams 
wrote:

> On Wed, Dec 21, 2016 at 3:49 PM, Ken Chase  wrote:
> > On Wed, Dec 21, 2016 at 04:41:29PM -0800, Doug Barton said:
> >  [..]
> >   >>Everyone has a line at which "I don't care what's in the pipes, I
> just
> >   >>work here" changes into something more actionable.
> >   >
> >   >Stretched far beyond any credibility. Your argument boils down to,
> "If it's
> >   >a political thing that *I* like, it's on topic."
>
> I can see why you've concluded that. My final phrasing was indeed
> ambiguous. I would have hoped that the rest of my carefully
> non-partisan post would have offset that ambiguity.
>
> > "If it's a politically-generated thing I'll have to deal with at an
> > operational level, it's on topic."
> >
> > That work?
>
> That is indeed what I was trying to say - thanks, Ken.
>
> Royce
>

Re: Need abuse/postmaster contact for AT&T to resolve IP block

[Andrew Kirch]

Gmail here, went to my Inbox.

On Wed, Aug 31, 2016 at 10:41 AM, Jay Farrell via NANOG 
wrote:

> Interestingly, your mail to the nanog list went to my spam folder, rather
> than my nanog folder (I'm using gmail or domains for my mail.) That rarely
> happens.
>
> On Tue, Aug 30, 2016 at 9:22 AM, Webhosting.net Admin <
> ad...@webhosting.net>
> wrote:
>
> > A few of our exchange IPs get blocked intermittently, but only by ATT.
> Ips
> > are clean, no issues, we’re diligent about finding and fixing these types
> > of issues as it has a large impact.
> >
> > It would be very helpful to know why the IP below got blocked so we can
> > find and fix the problem to prevent further listing. We have a few ips in
> > rotation and some have no issue. It’s a “blind” listing, so we only find
> > out about it when customers complain that they getting blocked.
> >
> > ff-ip4-mx-vip1.prodigy.net # > 5.3.0 flph399 DNSBL:ATTRBL 521< 67.215.167.170 >_is_blocked.__For_
> > information_see_http://att.net/blocks> #SMTP#
> >
> > Any info/help would be most helpful.
> >
> > Many thanks,
> >
> > Webhosting.net Postmaster
> >
> >
> >
> >
> >
> >
> >
>

Re: Leap Second planned for 2016

[Andrew Kirch]

Its a whole extra second you can spend doing something awesome. You have to
plan now!

On Friday, July 8, 2016, Javier J  wrote:

> > Time to start preparing
>
>
> Unless you are running something that can't handle leap seconds what do you
> really need to prepare for?
>
>
>
> On Thu, Jul 7, 2016 at 12:59 PM, Andrew Gallo  > wrote:
>
> > Looks like we'll have another second in 2016:
> > http://www.space.com/33361-leap-second-2016-atomic-clocks.html
> >
> >
> > Time to start preparing
> >
> >
>

Re: syslog server

[Andrew Kirch]

Journald is excellent. The binary storage format is a huge leap forward.

Andrew

On Tuesday, June 7, 2016, Grant Ridder  wrote:

> +1 for ELKK (with kafka)
> Doing several hundred GB of log per day with a dozen instances on AWS (ES
> cluster + logstash hosts + kafak cluster)
>
> -Grant
>
> On Mon, Jun 6, 2016 at 11:25 PM, >
> wrote:
>
> > On Mon, 06 Jun 2016 14:59:51 -0600, Maximino Velazquez said:
> > > What is the best syslog server  (opensource)?
> >
> > Step 0:  Define what "best" means in your environment.
> >
> > What features do you need?  Routing to a central aggregation server over
> > TLS?
> > Powerful regex-based routing?  Ingestion into a database (a la splunk or
> > Elk)
> > for data mining?  Ability to deal with insanely high message rates? Other
> > must-have or don't-care features?  License pricing? Vendor support?
> >
> > Step 1:  After figuring out what you need, make a matrix of the available
> > options and how well they fit.
> >
> > (We have in production syslog-ng, rsyslog, splunk, Elk, and probably a
> few
> > others I've forgotten, for different purposes)
> >
> >
>

Re: Monitoring system recommendation

[Andrew Kirch]

I once worked for Zenoss and still suggest them. Zenoss supports NAGIOS
plugins, and my $DAYJOB is at a Zenoss Partner who can help you achieve
your goals.  If you need some help with Zenoss feel free to contact me off
list.

Andrew

On Monday, June 6, 2016, Manuel Marín  wrote:

> Dear Nanog community
>
> We are currently planning to upgrade our monitoring system (Opsview) due to
> scalability issues and I was wondering what do you recommend for monitoring
> 5000 hosts and 35000 services. We would like to use a monitoring system
> that is compatible with the nagios plugin format, however we are not sure
> if systems like Icinga/Shinken/Op5 are the way to go.
>
> Is someone using systems like Op5 or Icinga2 for monitoring > 5000 hosts?
> Would you recommend commercial systems like Sevone, Zabbix, etc instead of
> open source ones?
>
> Your input is really appreciated it
>
> Thank you and have a great day
>
> Regards
>

Re: sub $500-750 CPE firewall for voip-centric application

[Andrew Kirch]

Both the Juniper SRX, and the Mikrotik will work.

The problem isn't firewalling, it's NAT.  NAT is evil.

Perhaps having enough IP Addresses would be a better solution?
https://www.youtube.com/watch?v=v26BAlfWBm8

On Thu, May 5, 2016 at 3:09 PM, Matt Freitag  wrote:

> I'm a huge fan of Juniper's SRX line. I use all the features you point out
> at home on my SRX210, although that product is end-of-life. A refurbished
> SRX220 lists on Amazon for about $375, and a new one for $700. Naturally
> support is extra, but I'm not sure how much.
>
> I haven't used it myself but I have seen the packet capture in action.
> It'll save any traffic you want right out to a pcap file too. I also like
> "show security flow session" - shows you the source, destination, ports,
> how long a session has been going, and number of packets and number of
> bytes transferred.
>
> Matt Freitag
> Network Engineer I
> Information Technology
> Michigan Technological University
> (906) 487-3696
> http://www.mtu.edu/
> http://www.it.mtu.edu/
>
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Nick Ellermann
> Sent: Thursday, May 5, 2016 2:51 PM
> To: Mel Beckman 
> Cc: nanog@nanog.org
> Subject: RE: sub $500-750 CPE firewall for voip-centric application
>
> Your exactly right, Mel. Dell has really turned the Sonicwall platform
> around in the past few year. We dropped it a year or two before Dell took
> them over. Back then Sonicwall was full of issues and lacked important
> features that our enterprise customers required. If you have budget, Palo
> Alto is something to look at as well, but don't overlook Sonicwall and
> FortiGate.
>
>
> Sincerely,
> Nick Ellermann - CTO & VP Cloud Services BroadAspect
>
> E: nellerm...@broadaspect.com
> P: 703-297-4639
> F: 703-996-4443
>
> THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
>
>
> -Original Message-
> From: Mel Beckman [mailto:m...@beckman.org]
> Sent: Thursday, May 05, 2016 2:49 PM
> To: Nick Ellermann 
> Cc: Ken Chase ; nanog@nanog.org
> Subject: Re: sub $500-750 CPE firewall for voip-centric application
>
> I install and support Cisco ASA, Dell SonicWall, Fortigate, and PaloAlto
> firewalls.  The best SMB devices are definitely SonicWall and Fortigate.
> SonicWalls are easier to configure, but have fewer features. Fortigate has
> many knobs and dials and a very powerful virtual router facility that can
> do amazing things. The two vendors have equivalent support in my opinion,
> although Fortigate tends to be more personal (Dell is big and you get
> random techs).
>
> Cisco ASA is overpriced and under-featured. Cisco-only shops like them,
> but mostly I think because they're Cisco-only. PaloAlto is expensive for
> what you get. Functionally they are on the same level as Fortigate, with a
> slightly more elegant GUI. But Fortigate can be configured via a USB
> cable, which is a huge advantage in the field. Legacy RS-232 serial ports
> are error-prone and slow.
>
>  -mel
>
> > On May 5, 2016, at 11:39 AM, Nick Ellermann 
> wrote:
> >
> > We have a lot of luck for smaller VOIP customers having all of their
> services run through a FortiGate 60D, or higher models. 60D is our go to
> solution for small enterprise. However, if we are the network carrier for
> a particular customer and they have a voip deployment of more than about
> 15 phones, then we deploy a dedicated voice edge gateway, which is more
> about voice support and handset management than anything.  You do need to
> disable a couple of things on the FortiGate such as SIP Session Helper and
> ALG.  We never have voice termination, origination or call quality issues
> because of the firewall.
> > FortiGate has a lot of advanced features as well as fine tuning and
> adjustment capabilities for the network engineering type and is still easy
> enough for our entry level techs to support. Most of our customers have
> heavy VPN requirements and FortiGates have great IPsec performance.  We
> leverage a lot of the network security features and have built a
> successful managed firewall service with good monitoring and analytics
> using a third-party monitoring platform and Fortinet's FortiAnaylzer
> platform.
> >
> > Worth looking at, if you haven't already. If you want to private message
> me, happy to give more info.
> >
> >
> > Sincerely,
> > Nick Ellermann - CTO & VP Cloud Services BroadAspect
> >
> > E: nellerm...@broadaspect.com
> > P: 703-297-4639
> > F: 703-996-4443
> >
> > THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY
> MATERIAL and is thus for use only by the intended recipient. If you
> received this in error, please contact the sender and delete the e-mail
> and its attachments from all computers.
> >
> >
> > -Original Message-
> > From

Would someone who works for Brighthouse please contact me offlist to resolve a connectivity issue?

[Andrew Kirch]

I can't access http://jimtest.delong.com via your Cable Modem network.

Thanks!

Andrew

Re: UDP Amplification DDoS - Help!

[Andrew Kirch]

use a CDN provider or AWS ELBs or something to absorb the attacks?

On Mon, Feb 8, 2016 at 9:55 PM, Faisal Imtiaz  wrote:
> Not quite sure what kind of info / confirmation you are looking for...
>
> There are lots of articles (do a google search) on this topic as well as 
> mitigation ...
>
> e.g.
>
> http://blog.nexusguard.com/ssdp-ddos-attacks/
>
> &
> https://tools.ietf.org/html/bcp38
>
> Regards
>
> Faisal Imtiaz
> Snappy Internet & Telecom
>
> - Original Message -
>> From: "Mitch Dyer" 
>> To: "nanog list" 
>> Sent: Monday, February 8, 2016 6:14:06 PM
>> Subject: UDP Amplification DDoS - Help!
>
>> Hello,
>>
>> Hoping someone can point me in the right direction here, even just 
>> confirming my
>> suspicions would be incredibly helpful.
>>
>> A little bit of background: I have a customer I'm working with that is
>> downstream of a 1Gb link that is experiencing multiple DDoS attacks on a 
>> daily
>> basis. Through several captures I've seen what appear to be a mixture of SSDP
>> and DNS amplification attacks (though not at the same time). The attack 
>> itself
>> seems to target the PAT address associated with a specific site, if we change
>> the PAT address for the site, the attack targets the new address at the next
>> occurance. We've tried setting up captures and logging inside the network to
>> determine if the SSDP/DNS request originate within the network but that does
>> not appear to be the case.
>>
>> We've reached out for some assistance from the upstream carrier but they've 
>> only
>> been able to enforce a 24-hour block.
>>
>> I'm hoping someone with some experience on this topic would be able to shed 
>> some
>> light on a better way to attack this or would be willing to confirm that we 
>> are
>> simply SOL without prolonged assistance from the upstream carrier.
>>
>> Thanks in advance for any insight.
>>
>> Mitch

Ongoing AT&T Wireless (LTE) IPv6 Reachability Issues

[Andrew Kirch]

I attempted to use normal channels today at AT&T (enduser support) to
address a reachability issue with AT&T Wireless to
http://jimtest.delong.com.  This left AT&T's enduser support utterly
befuddled.  Sadly, this is still the company that famously claimed
""We don't support reaching web sites over IP".
Since I'm paying for the entire Internet, and not half of it, and
enduser support is too ignorant to understand the problem, I'm
wondering if someone here can tell me when AT&T Wireless intends to
fix their LTE network since ARIN is out of IPv4 address space.

Shame on you AT&T Wireless.  Both T-Mobile and Verizon support IPv6.

Andrew

Re: Anonymous Threats

[Andrew Kirch]

I have an idea. Indianapolis Cybercrime should stop playing politics and
treat people like me who are willing to help, and were hugely successful
with respect, and not like a mob informant.
That said, post Snowden, I doubt I would go back... even with Brian Kils
bullshit.

Andrew D Kirch.


On Sunday, January 10, 2016, Eric Rogers  wrote:

> Our local community has recently had threats where the user has a
> FaceBook profile and is threatening the schools, and several surrounding
> schools, saying he is going to shoot everyone and blow them up... This
> is an investigation, but it is getting out of hand.  Several police/FBI
> raids, but yielded no results, and/or did not catch the right person.
> He/she is taunting them, local and federal.
>
>
>
> I would ASSUME he is using some sort of proxy/anonymizer such as TOR or
> something similar.  Is there any way to sniff for that type of traffic
> on my network?  I want to make sure that they are not using us as the
> source.
>
>
>
> Any thoughts on how to catch this person?  Even if it isn't us, and it
> is somewhere else I would like to put a stop to it.  Preferably off-list
> if you do respond...
>
>
>
> Thanks in advance.
>
>
>
> Eric Rogers
>
>
>
>
>
> www.pdsconnect.me
>
> (317) 831-3000 x200
>
>
>
>

Re: de-peering for security sake

[Andrew Kirch]

Speaking as a former DNSBL operator, NANOG has a poor history of
dealing with those who report abuse as well.

On Fri, Dec 25, 2015 at 4:52 PM, Mikael Abrahamsson  wrote:
> On Fri, 25 Dec 2015, Colin Johnston wrote:
>
>> why do the chinese network folks never reply and action abuse reports,
>> normal slow speed network abuse is tolerated, but not high speed deliberate
>> abuse albeit compromised machines
>
>
> This is not a chinese problem, this is a general ISP problem. Most ISPs do
> not respond to abuse reports.
>
> --
> Mikael Abrahamssonemail: swm...@swm.pp.se

Re: IPv4 shutdown in mobile

[Andrew Kirch]

I wonder if Tmobile realizes that when you sign up for a contract with
them using one of their phones as a wifi hotspot, the address of their
enterprise NAT is what's recorded by their form.  They even make you
check a button to accept their lack of security.

Not that that could result in massive fraud or anything.  Not that
massive fraud is a problem for Tmobile either come to think of it.


On Tue, Dec 22, 2015 at 1:13 PM, Owen DeLong  wrote:
> Yet until Apple gets to that IPv6-only stage, you’re refusing to support IPv6 
> for those of us
> that need it today even while we still need IPv4, too.
>
> Owen
>
>> On Dec 22, 2015, at 10:08 , Ca By  wrote:
>>
>>
>>
>> On Tuesday, December 22, 2015, Owen DeLong > > wrote:
>> Does this mean you are negligent for not supporting IPv6 on my phone on your 
>> network?
>>
>> My phone is perfectly capable of IPv6, yet because it doesn’t support your 
>> particular religion
>> about IPv4 translation, you refuse to support IPv6 on it.
>>
>> When is T-Mobile going to fix their IPv6 implementation and stop ignoring 
>> the #1 market
>> leading phone manufacturer?
>>
>> Owen
>>
>>
>> Apple has an ipv6-only plan in the link above. They have committed to remove 
>> the ipv4 dependent apps from the app store. Once the ipv4-only apps are 
>> bannished, i dont see any roadblocks for ipv6 on iPhone.
>>
>> While you say there is a religious war, i am saying Apple outlined a plan 
>> for ipv6-only and T-Mobile is likely to follow that plan from Apple.
>>
>> CB
>>
>>
>> > On Dec 22, 2015, at 04:45 , Ca By > 
>> > wrote:
>> >
>> > TL;DR version: the data shows you are negligent if your eyeball content
>> > (cdn, cloud, ...) does  not support native ipv6.
>> >
>> > With the NAT and IPv4 leasing threads lingering on, i figured it was time
>> > for an update on how the other half live
>> >
>> > More than 1/3 of North America mobile traffic to the top websites is end to
>> > end ipv6
>> > http://www.worldipv6launch.org/2015-wrapup-more-than-13-us-mobile-traffic-is-ipv6-and-still-growing/
>> >  
>> > 
>> >
>> > The trend is clearly growing, and as AT&T and Sprint catch up with T-Mobile
>> > and Verizon, the acceleration to 50% should be easily achieved.
>> > Furthermore, only one mobile carrier has iPhone dual-stacked today (afaik),
>> > but Apple has a plan for banning ipv4-only apps and has delivered the
>> > required features for having ipv6-only iphones in 2016 with these iOS 9.2
>> > features
>> >
>> > https://developer.apple.com/library/ios/documentation/NetworkingInternetWeb/Conceptual/NetworkingOverview/UnderstandingandPreparingfortheIPv6Transition/UnderstandingandPreparingfortheIPv6Transition.html
>> >  
>> > 
>> >
>> > On some mobile providers, ipv6 is already dominant and ipv4 is waning. Once
>> > iPhones updates to ipv6-only as described above, ipv4 will only be a corner
>> > case of operations.  This comes with added benefit that ipv6 is faster :
>> >
>> > https://code.facebook.com/posts/1192894270727351/ipv6-it-s-time-to-get-on-board/
>> >  
>> > 
>> >
>> > At least in mobile, the change to ipv6 has been quick and the pace is
>> > increasing -- not just on ipv6 deployment but also on ipv4 shutdown. I know
>> > many people liken ipv6 to "the boy who cried wolf", so be it, the
>> > data shows the ipv6 wolf is here.  Or perhapsin hind   sight, we will see
>> > the right metaphor was "the tortoise and the hare" or "the little engine
>> > that could"... Or even better IPv4 is John Henry.  It was the best in its
>> > time, but times have changed.
>> >
>> > CB
>>
>

Re: IPv6 Cogent vs Hurricane Electric

[Andrew Kirch]

Might I suggest cake pleas?

On Tuesday, December 1, 2015, Christopher Morrow 
wrote:

> hasn't this been the case for ~10 yrs now?
>
> On Tue, Dec 1, 2015 at 2:23 PM, Max Tulyev  > wrote:
> > Hi All,
> >
> > we got an issue today that announces from Cogent don't reach Hurricane
> > Electric. HE support said that's a feature, not a bug.
> >
> > So we have splitted Internet again?
> >
> > I have to change at least one of my uplinks because of it, which one is
> > better to drop, HE or Cogent?
>

Re: Bluehost.com

[Andrew Kirch]

remember folks, redundancy is the savior of all f***ups.

:)

On Wed, Nov 25, 2015 at 2:21 PM, JoeSox  wrote:

> I just waited 160 minutes for a tech call and the Bluehost tech told me he
> was able to confirm that it wasn't malicious activity that took down the
> datacenter but rather it was caused by a "datacenter issue".
> So my first thought is someone didn't design the topology correctly or
> something.
> Some of our emails are coming thru but Google DNS still lost all of our DNS
> zones which are hosted by Bluehost.
> At least the #bluehostdown is fun to read :/
> --
> Later, Joe
>
> On Wed, Nov 25, 2015 at 10:04 AM, Stephane Bortzmeyer 
> wrote:
>
> > On Wed, Nov 25, 2015 at 08:41:55AM -0800,
> >  JoeSox  wrote
> >  a message of 9 lines which said:
> >
> > > Anyone have the scope on the outage for Bluehost?
> > > https://twitter.com/search?q=%23bluehostdown&src=tyah
> >
> > The two name servers ns1.bluehost.com and ns2.bluehost.com are awfully
> > slow to respond:
> >
> > % check-soa -i picturemotion.com
> > ns1.bluehost.com.
> > 74.220.195.31: OK: 2012092007 (1382 ms)
> > ns2.bluehost.com.
> > 69.89.16.4: OK: 2012092007 (1388 ms)
> >
> > As a result, most clients timeout.
> >
> > May be a DoS against the name servers?
> >
> > bluehost.com itself is DNS-hosted on a completely different
> > architecture. So it works fine. But the nginx Web site replies 502
> > Gateway timeout, probably overloaded by all the clients trying to get
> > informed.
> >
> > The Twitter accounts of Bluehost do not distribute any useful
> > information.
> >
>

Re: Uptick in spam

[Andrew Kirch]

not even close to more discussing than from the original spam.  Not even
close.

On Mon, Oct 26, 2015 at 4:57 PM, Steve Mikulasik 
wrote:

> I think there might be more emails discussing the spam, than the actual
> spam itself.
>
>
> -Original Message-
> From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Ian Smith
> Sent: Monday, October 26, 2015 12:34 PM
> To: Paras 
> Cc: nanog@nanog.org
> Subject: Re: Uptick in spam
>
> Filtering *@jdlabs.fr did the trick for me.
>
> Of course, now I have to write a much more complex filter to hide all the
> complaining about NANOG spam :)
>
> Ian Smith
> 
>
> 161 South St. Hightstown, NJ
> 201-315-1316 phone
> ian.w.sm...@gmail.com
>
> On Mon, Oct 26, 2015 at 12:14 PM, Paras 
> wrote:
>
> > I see it too, there are some 517 messages in my spam folder "New message"
> >
> > Most of them get blocked, but a small fraction are still making it
> > into my inbox
> >
> >
> > On 10/25/2015 12:13 AM, anthony kasza wrote:
> >
> >> Has there been a recent uptick in crap sent to the list or is it just
> me?
> >> Is there anything that we can do to filter these messages with junk
> links?
> >>
> >> -AK
> >>
> >
> >
> >
>
>

Re: the crap mail flood and the nanog culture

[Andrew Kirch]

The unequal treatment we see here is why, so many years ago, I fought and
threatened to rhsbl .mail.  We've built the walled garden anyway, and now
we're damned for it.

On Mon, Oct 26, 2015 at 1:57 PM, Chris Knipe  wrote:

> On Mon, Oct 26, 2015 at 12:22 AM, Randy Bush  wrote:
>
> > you might think that with all the committees, boards, badges, ... that
> > there was an actual operator in the nanog resume building circle who
> > would actually do something useful about the crap mail flood now into
> > its second day.
> >
> >
>
> I'd actually like to go as far as to say that the same can be said about
> certain hosting provider's abuse departments, and RBL operators too...
>
> Yet, if ACME Nuts & Bolts with a small VPS at some random hosting provider
> sends ONE spam message, their servers are shutdown almost no questions
> asked (never mind a good number of what, hundred thousands, over a period
> of days) -sigh-
>
> It's amazing how 'fair' the playing field on the Internet has become.
>
> --
>
> Regards,
> Chris Knipe
>

Re: Does no one monitor the list on weekends?

[Andrew Kirch]

It's insane to  claim this when I sent several e-mails, and tweets to NANOG
this weekend, and even requested an offlist contact from NANOG's upstream.

On Mon, Oct 26, 2015 at 2:17 PM, Jim Mercer  wrote:

> On Sun, Oct 25, 2015 at 09:59:40PM -0400, Robert Webb wrote:
> > This spam is ridiculous!
>
> it should be noted that it has been flowing all weekend, and nobody really
> complained or even commented on it until this morning.
>
> so, yeah, maybe the list is on auto-pilot, which is totally understandable.
>
> however, all the members seemed to be on auto-pilot as well.
>
> (or maybe enjoying their weekend)
>
> --jim
>
>
> --
> Jim Mercer Reptilian Research  j...@reptiles.org+1 416 410-5633
>
> Life should not be a journey to the grave with the intention of
> arriving safely in a pretty and well preserved body, but rather
> to skid in broadside in a cloud of smoke, thoroughly used up,
> totally worn out, and loudly proclaiming "Wow! What a Ride!"
>  -- Hunter S. Thompson
>

Re: *tap tap* is this thing on?

[Andrew Kirch]

I have been getting these all weekend as well, and am well over 200.  Pings
via Twitter, and attempts to contact NANOG's upstream (SCNET) via NANOG
have gone unanswered.

On Mon, Oct 26, 2015 at 1:46 PM, Brielle Bruns  wrote:

> On 10/26/15 11:24 AM, Joe Abley wrote:
>
>> On Oct 26, 2015, at 13:10, Brielle Bruns  wrote:
>>
>> This spam flood is kinda hilarious in a way.  Any idea why no one with
>>> mod or admin privs for the mailing list has bothered to step in and deal
>>> with this?
>>>
>>
>>
>> I asked a similar question myself on another list.
>>
>> But then after a minute's reflection, the fact that we all got 200+
>> messages like this on the NANOG list and not a single other message
>> complaining about it suggests that someone did actually hit the big
>> red moderation button promptly, and just waited until Monday to sort
>> it out (which would not have been completely unreasonable, I think).
>>
>> The residual messages that tricked through after that seem likely to
>> be nothing more than outbound queues draining.
>>
>>
>> Joe
>>
>>
> I considered the same thing as you, initially.  Went back and looked at
> the raw headers though, and the early Received headers - shows the messages
> were still coming in over the course of the weekend rather then just say
> Friday night and then it was a queue purge.
>
> My filters kicked in on Sat evening once I added something to counteract
> the whitelist for nanog's mails (going through nanog servers), so I'm
> missing alot of the later spew from Sunday.
>
>
> --
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org/ http://www.ahbl.org
>

Why is NANOG not being blacklisted like any other provider that sent 500 spam messages in 3 days?

[Andrew Kirch]

All,

Myth: NANOG supposed to be the gold standard for best practices.
Fact: 500 spam messages over the weekend.

Myth:  there were no complaints and this issue was raised over the weekend
Fact: I raised it this weekend via twitter twice @NANOG, and requested
contact from SCNET (NANOG's upstream) trying to find a live person to shut
it off.

Myth: blah blah blah social media is a bad way to get ahold of netops/abuse.
Fact: Social media is an acceptable way to report abuse.  My marketing
department certainly knows how to get ahold of me when such an issue
occurs. It's 2015, and if you and everyone you know isn't watching twitter
I can't help you, because you've gone braindead.

Myth: but you could have reached out to someone else and maybe done
something to stop this quickly.
Fact: I reached out to several people at ARIN and elsewhere trying to get a
live person at NANOG to no avail.

Myth: this is acceptable because NANOG has political clout in the US and
elsewhere.
Fact: If I was still running the AHBL, NANOG would be it's own private
intranet right now.


Andrew

test

[Andrew Kirch]

test

SCNET Admin

[Andrew Kirch]

Is there an SCNET admin that follows this list?  I've gotten about a
hundred spam messages from nanog.org in the last 2 hours... perhaps you
could nullroute it until they fix it. :)

Andrew

Re: IP-Echelon Compliance

[Andrew Kirch]

Minimal? Probably 22LR.  I prefer 458SOCOM though.  As Bob Evans notes,
there may be some waiting periods, serial numbers, and background checks
involved.  :)

On Wed, Oct 14, 2015 at 8:20 AM, Randy Bush  wrote:

> >> http://www.procmail.org/
> > I wouldn't necessarily recommend that approach.  There is no
> > obligation for victims of spammers to continue providing Internet
> > services to them, including SMTP services.
>
> computers are cheap.  my time is finite and i value it highly.  what is
> the minimal action i can take to see that idiots do not take my time?
>
> randy
>

Re: DamnTest: ignore

[Andrew Kirch]

Is this the thread where I go for the high score in profanity?
You know, for testing purposes?

Owen: I think that NANOG would get huge value from syndicating my Facebook
wall, don't you?

On Fri, Sep 11, 2015 at 1:43 AM, Owen DeLong  wrote:

> Is Damn supposed to get through or is it supposed to get dammed up in the
> system?
>
> Owen
>
> > On Sep 10, 2015, at 11:43 , Josh Luthman 
> wrote:
> >
> > cogeco.com is to blame
> >
> >
> >
> > Josh Luthman
> > Office: 937-552-2340
> > Direct: 937-552-2343
> > 1100 Wayne St
> > Suite 1337
> > Troy, OH 45373
> >
> > On Thu, Sep 10, 2015 at 2:28 PM, Nathan Anderson 
> wrote:
> >
> >> On Thu, Sep 10, 2015, mikea wrote:
> >>
> >>> This post includes the word Damn.
> >>>
> >>> damn
> >>
> >> Well, dayum.
> >>
> >> -- Nathan
> >>
> >>
>
>

Re: another tilt at the Verizon FIOS IPv6 windmill

[Andrew Kirch]

I had to beat up on AT&T quite a bit, but instead of letting them "make
notes", escalate to tier-2 because you can't reach work.  Explain that you
must have IPv6 to reach work to the tier-2.  If they won't help demand to
be escalated further.  Your time on the phone costs them money.

On Sat, Jul 18, 2015 at 6:45 AM, Seth Mos  wrote:

> Ricky Beam schreef op 18-7-2015 om 1:14:
>
>  On Fri, 17 Jul 2015 06:25:26 -0400, Christopher Morrow <
>> morrowc.li...@gmail.com> wrote:
>>
>>> mean that your UBee has to do dhcpv6? (or the downstream thingy from
>>> the UBee has to do dhcpv6?)
>>>
>>
>> The Ubee "router" is in bridge mode. Customers have ZERO access to the
>> thing, even when it is running in routed mode. So I have no idea what it's
>> trying to do.  All I can say is no RAs are coming from it (through
>> it/whatever) It *could* be it's blocking it -- it's multicast, so who knows
>> what it's doing with it.  Without RAs, nothing connected to it will even
>> attempt IPv6 -- the RA being the indicator to use DHCP or not, and who's
>> the router.
>>
>> And further, when I tell my Cisco 1841 to do DHCP anyway, I get no answer.
>>
>> So, the blanket statement that "it's ready" isn't true.
>>
> For a point of interest, the Ubee 320 and 321 wireless routers/modems are
> in use by Ziggo in the Netherlands.
>
> Although they've rolled back the 320 modems to a older firmware, the 321
> is still active on their IPv6 rollout. The problems were not strictly
> related to Ipv6 perse, but the newer firmware broken Voice on these all-the
> -things-in-one devices.
>
> The 321 appears to be unaffected and is still active, although in just a
> few regions at this point of the rollout.
>
> What's very specific about this rollout in relation to the above, is that
> Ziggo is currently only supporting IPv6 with the Ubee in router mode (with
> the wifi hotspot). The good news is that it also operates a DHCP-PD server
> so that you can connect your own router to the Ubee and still get IPv6
> routed to you out of the /56 allocated to the customer.
>
> For now, all the customers with the Ubee in bridge mode are SOL. It's not
> clear what the reason is, but Ubee in bridge mode with IPv6 is listed on
> the road map. If that's intentional policy or that the firmware isn't ready
> yet is not clear at this point.
>
> Regards,
> Seth
>

Re: Broken IPv6 firmware on U-Verse 3801HGV

[Andrew Kirch]

please refer to the e-mail I sent to this list last December about IPv6 
and u-verse.



On 8/28/2014 4:07 PM, Brandon Ewing wrote:

On Tue, Aug 26, 2014 at 01:50:29AM +, Ivan Kozik wrote:

All for naught, though.  With IPv6 enabled, the 3801HGV crashed and
rebooted about once an hour.   After unchecking "IPv6 LAN Enabled" in
http://192.168.1.254/xslt?PAGE=C_2_6 everything went back to normal.


This happened to me as well.  I called support, they rolled a truck and 
installed
the NVG589.  Had them come back out a week later and bond the pairs, and
IPv6 via their 6RD is working without issue.

At the time, I thought it was an actual hardware issue.  After a few reboot
cycles, it was only staying up ~3 seconds at a time before rebooting again.

Re: Welcome to the "Marketing" mailing list

[Andrew Kirch]

On 11/17/2011 3:47 PM, Jay Ashworth wrote:
> My, but there are a lot of people, in my best friend's favorite phrase, 
> "spring loaded to the pissed-off position".  I didn't think NANOGers were
> quite so prone to recreational indignation...
>
> Cheers,
> -- jra
If only there was some sort of movement where they could show up and, by
their presence let us know of their impotent rage.  Perhaps if they all
sat in a park near the hosting facility that holds NANOG.org, occupying
it in some way, things might get better here.

Andrew

Re: looking for SixXS administtrator

[Andrew Kirch]

On 11/4/2011 10:01 AM, Jeroen Massar wrote:

I realize you're volunteers, but grow up.

good grief children these days.

Andrew

Re: Open Letters to Sixxs

[Andrew Kirch]

On 9/15/2011 10:02 AM, Meftah Tayeb wrote:
> Hello People
>
> i have one question:
>
> why SIXXS is very strict like that ?
>

I concur in all respects with your assessment of SIXXS.  Being a
volunteer does not give you carte-blanche to act like the rear end of a
horse.  I don't care if your service is free, your behavior is slowing,
not speeding the adoption of IPv6.  Grow up.

Andrew

Re: anyone from netnames / ascio on list?

[Andrew Kirch]

On 9/4/2011 5:34 PM, Andrew Mulholland wrote:

I'm not seeing the problem here?
Registrant:
  Gateway, Inc. (GATEW95532)
  7565 Irvine Center Drive

  Irvine, CA, 92618-2930
  US

  Domain name: acer.com

Technical contact:
  Administrator, Domain (DA73355)
  NetNames Hostmaster
  3rd Floor Prospero House
  241 Borough High Street
  Borough, London, SE1 1GA
  GB
  corporate-servi...@netnames.com
  +44.2070159370 Fax: +44.2070159375

Administrative contact:
  Wagner, Michael (MW47730)
  Gateway, Inc.
  7565 Irvine Center Drive

  Irvine, CA, 92618-2930
  US
  hostad...@gateway.com
  +1.8008462042 Fax: +1.00

Record created:   2010-10-04 17:54:28
Record last updated:  2011-09-04 22:24:04
Record expires:   2019-05-17 01:00:00

Domain servers in listed order:
  ns1.acer.com (NS1ACERC38319)
  ns2.acer.com (NS2ACERC59089)
  ns3.acer.com (NS3ACERC70649)
  ns4.acer.com (NS4ACERC28541)
  ns5.acer.com (NS5ACERC49101)
  ns6.acer.com (NS6ACERC86343)

Re: New Natural Disaster! 8/27/2011 Hurricane Irene

[Andrew Kirch]

On 8/26/2011 10:56 PM, Paul wrote:
> I'm assuming he also has fully redundant water sources, fertilisers etc, 
> along with a contract for replenishment and resupply.
>
> Can't be too safe. 
Why?  All he needed to do is keep the tomato plant in a private cage

New Natural Disaster! 8/27/2011 Hurricane Irene

[Andrew Kirch]

The US Airforce has sent most of the fighters from the East Coast to
Indiana, what are you doing to prepare for the storm of the next 2 days?

Ready, Set, DISCUSS!

Re: What do you do when your Home ISP is down?

[Andrew Kirch]

Apologies for answering in-thread the question in the subject (jumping
in if you will), but in the event of network failure, I brew beer, and
drink beer previously brewed.  Brewing beer is fun, tasty, and requires
no internet access.  The alcohol eventually helps me forget my lack of
internet access.

Re: NetFlix Down

[Andrew Kirch]

On 7/17/2011 6:36 PM, Scott, Robert D. wrote:
> There appears to be a login issue at Netflix. 

Streaming works here.

Andrew

_
NANOG mailing list
NANOG@nanog.org
https://mailman.nanog.org/mailman/listinfo/nanog

Re: (OT) UN declares Internet access a "human right"

[Andrew Kirch]

On 6/6/2011 11:29 PM, Jimmy Hess wrote:
> On Sun, Jun 5, 2011 at 9:11 PM,   wrote:
>
> Well, the operational concern is... various governments have lately
> shown a trend of disconnecting their countries'  networks.
> UN action is unlikely to help; they are too delayed, and there is
> a lack of enforcement power - symbolic actions don't stop
> networks from being disconnected.
>
> A technical solution rather than a UN solution, would be more
> beneficial; some sort of  decentralized, high-speed,
> unjammable  wireless mesh  with better performance than
> government severable links would be ideal.
>
> However,  the internet's  existence is attributable to society, not a
> characteristic of humans.  It's odd to suggest there's a natural right
> for the internet to exist - the UN seems mistaken -- maybe there's a
> natural right whose exercise permits participation in the community
> without government interference.
>
> Forced internet disconnections, as in,  government imposed  suppression
> are the same concept as shutting down television networks, seizing printing
> presses, restricting/closing broadcast stations,  taking or breaking citizens'
> TVs and telephones,  banning possession of books/magazines.
>
> UN doesn't need to say those are bad, it's obvious; it's just politics,
> and the UN trying to appear to stay relevant.   Hopefully "human right
> to internet" is not a precursor to taking up IPv4 Exhaustion and declaring
> itself arbiter of addressing policy.
>
>
>> Concise enough for you?  You may also want to investigate the relative
>> importance of communications and armaments in Ghandi's struggle for a free
>> India, the US civil rights movement, and the collapse of the Soviet Union.
>> That's 3 examples of change mediated by communications without rifles.  Then
>> there's Darfur - an example of rifles without communications infrastructure.
>
> Which has pretty much nil to do with the basic human right to secure arms.
> Making social change by force is not an individual human right.
> Social change is the right of societies.[*]
>
> The natural need for a rational person to keep and bear arms, is to defend
> their person:  their life,  and things they need in order to continue
> to be alive.
> The threat could be anything from a dangerous animal, to an outlaw coming
> to raid the last of your food and water, during a drought.
>
> The natural right is to keep items to defend yourself against threats, and to
> bear arms in your defense against  lawless assailants;  where arms refers
> to the prevalent weapons required.*
>
>
> Individual natural right does not extend to bearing arms to coerce change in
> government or others, whether politically viewed as despotic or not,
> anymore than the right to free speech guarantees every person a bullhorn
> to wake up their neighbors at 3am with their protest message against the
> alleged despot.
>
> Any 'natural right'  taken to extreme, without regard to others,
> becomes insane/tyrannical, when taken to that extreme.
>
> *Not that anyone's rifle will do anything against the local state
> sponsored military.
>

I might also point out that at some point we may be required to protect
this "basic human right" if someone tries to shut off our internets.

Re: (OT) Firearms Was: UN declares Internet access a "human right"

[Andrew Kirch]

nothing like 40 short and wimpy!  Might I interest you in a 45? :)

On 6/6/2011 11:37 AM, Nick Olsen wrote:
> Don't leave the house without my Glock 23 on my side. Truck always has a 
> loaded 12ga in it. In the house, I've got a handful of pistols and my 
> SR-556 (AR-15) in the "Guns and servers" closet.
> I've had people call me Paranoid more then once. My stance is "Better to 
> have it and not need it, Then need it and not have it."
> By banning guns from a community, Your only taking them out of the hands of 
> law abiding citizens. Not like most criminals get guns via legal channels 
> in the first place.
>
> -Nick Olsen
>
> 
>  From: "Daniel Seagraves" 
> Sent: Monday, June 06, 2011 10:34 AM
> To: nanog@nanog.org
> Subject: Re: (OT) Firearms Was: UN declares Internet access a "human 
> right"
>
> On Jun 6, 2011, at 8:41 AM, valdis.kletni...@vt.edu wrote:
>
>> Nice try, but the human right you just made a case for is "the right to 
> rid
>> yourself of criminals and despots".  A "fundamental right" for citizens 
> to have
>> firearms does *not* automatically follow.  Yes, despots usually need to 
> be
>> removed by force.  What Ghandi showed was that the force didn't have to 
> be
>> military - there are other types of force that work well too...
> I believe that as a law-abiding citizen, I should have the right to be at 
> least as well-armed as the average criminal. If the average criminal has 
> access to firearms, then I should have that option as well. I should not be 
> forced into a disadvantage against criminals by virtue of my compliance 
> with the law. Once law enforcement is effective enough to prevent the 
> average criminal from having access to firearms, then the law-abiding 
> population can be compelled to disarm. This stance can result in an 
> escalation scenario in which criminals strive to remain better-armed than 
> their intended victims, but the job of law enforcement is to prevent them 
> from being successful.
>
> At present, the average criminal in my area does not have firearms, and so 
> I do not own one. Gun crime is on the increase, however, so this situation 
> may change.
>
>

Re: GoDaddy abuse contact

[Andrew Kirch]

On 5/15/2011 4:27 PM, Tammy A Wisdom wrote:
> Trying to get them to do anything is a waste of time. They refuse to enforce 
> their TOS and will tell you that if you call.
> Tammy of the AHBL
>
>
> Sent from my iPhone
Yep, Godaddy abuse = big dark nothing into which complaints enter... and
then are never heard from again.  I suggest sending their traffic to the
same bitbucket your complaints went to.

Andrew

Re: Amazon diagnosis

[Andrew Kirch]

On 5/1/2011 2:07 PM, Mike wrote:
> I am still waiting for proof that single points of failure can
> realistically be completely eliminated from any moderately complicated
> network environment / application. So far, I think murphy is still
> winning on this one.

Sure they can, but as a thought exercise fully 2n redundancy is
difficult on a small scale for anything web facing.  I've seen a very
simple implementation for a website requiring 5 9's that consumed over
$50k in equipment, and this wasn't even geographically diverse.  I have
to believe that scaling up the concept of "doing it right" results in
exponential cost increases.  To illustrate the problem, I would give you
the first step in the thought exercise:  first find two datacenters with
diverse carriers, that aren't on the same regional power grid (As we've
learned in the (iirc) 2003 power outage, New York and DC won't work, nor
will Ohio, so you need redundant teams to cover a very remote site).

Re: SIXXS contact

[Andrew Kirch]

On 4/26/2011 8:56 PM, TR Shaw wrote:
> On Apr 26, 2011, at 6:38 PM, Andrew Kirch wrote:
>
> I can't say about SIXXS but HE has been great to me.  If it wasn't for them I 
> would be out in the cold since neither ATT nor Brighthouse (my 2 options at 
> my colo) can even spell IPv6!
>
> Tom
>
>
My goal here isn't to bash HE, just to note that I have _REALLY_ bad
routes to it.  I had no trouble setting up a tunnel with them.

Andrew

Re: SIXXS contact

[Andrew Kirch]

On 4/26/2011 12:11 PM, Brielle Bruns wrote:
> I've run a volunteer/free hosting service since 1997 or so - it never
> ceases to amaze me how people will complain about free things, but
> when you ask them to pony up a little monthly support its like you
> killed their puppy.  I just term people who are more of a hassle then
> they are worth.

I'm not complaining, but I would point out that if these free brokers
are the public face of IPv6 for many hobbyists (and much of the various
software run on/over the internet is written by volunteers, and/or given
away for free), we aren't going to get there.  The big deafening silence
from SIXXS is really unfortunate in that it does actively affect my
opinion of IPv6, my willingness to spend time implementing it, pestering
my upstream about it, or having my business give a damn about it.  Yes I
know they're volunteers, but how much does that matter?

Andrew

Re: SIXXS contact

[Andrew Kirch]

On 4/25/2011 3:51 PM, Mikael Abrahamsson wrote:
> On Mon, 25 Apr 2011, Andrew Kirch wrote:
>
>> Yes, repeatedly.  The response was non-existent, or simply
>> unfortunate, so I'm trying other avenues.
>
> I see this quite a lot. I guess one gets what one pays for (or doesn't
> pay for).
>
> Speaking of which, is there an IPv6 tunnel broker that actually
> charges money and where one can get real support? I would like to be
> able to refer people who complain about SIXXS and others offering
> support below expectation from some users.
>
This is a valid point.  We want people to adopt IPv6, and to do this,
they either have to be a huge ISP, or deal with 400ms ping times (one
broker), or harassing/abusive volunteers (another broker).  Now, I
understand they're volunteers, I understand it's their own time, I
understand that we are all (myself included) complete morons wasting
their time.  But if these two groups want people to take IPv6 seriously
(you know, before the ceiling comes down on our heads), maybe they
should take it seriously.

Andrew

Re: SIXXS contact

[Andrew Kirch]

On 4/25/2011 4:07 AM, Raymond Dijkxhoorn wrote:
> Hi!
>
>> would someone at SIXXS please contact me off-list regarding an account
>> issue?
>
> Contact
> The main contact address for SixXS is i...@sixxs.net, which is the
> sole email address one should use to contact SixXS. Non-English,
> impolite, clueless, UCE and HTML email gets discarded automatically.
> The official language used is English, due to archiving issues and the
> international effort put into SixXS.
>
> And you naturally trued that one before sending here, right?
>
> Bye,
> Raymond.
>
Yes, repeatedly.  The response was non-existent, or simply unfortunate,
so I'm trying other avenues.


Andrew

SIXXS contact

[Andrew Kirch]

would someone at SIXXS please contact me off-list regarding an account
issue?

Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?

[Andrew Kirch]

John,

My suggestion isn't _QUITE_ an appliance, but it works very well and
I've been exceptionally happy with it.  It's a distribution of linux
controlled via a web interface that does far more than just mail
filtering (at which it is both flexible and adept).  Take a look at
http://www.clearfoundation.com/Software/overview.html.  The hardware
requirements shouldn't be too insane, and the rules
updates/subscriptions for the various services are all month to month,
and not a bucket of insane.

Andrew


On 4/8/2011 11:51 PM, John Palmer (NANOG Acct) wrote:
> OK, its been a year since my Barracuda subscription expired. The unit
> still stops some spam. I figured that I would go and see what they
> would do if I tried to renew my subscription EXACTLY one year after it
> expired. Would their renewal website say "Oh, you are at your
> anniversary date", and renew me for a year?
>
> No such luck: They want me to PAY FOR AN ENTIRE YEAR for which I did
> NOT receive service and then for the current (upcoming year). Sorry -
> I don't allow myself to be ripped off like that. Sorry Barracuda - you
> get no money from me and I'll tell everyone I know about this policy
> of yours.
>
> I posted an article about this unscrupulous practice on my blog last
> year at http://www.john-palmer.net/wordpress/?p=46
>
> My question is - does anyone have any suggestions for another e-mail
> appliance like the Barracuda Spam Firewall that doesn't try to charge
> their customers for time not used. I should be able to shut off the
> unit for a year or whatever and simply renew from the point that I
> re-activate the unit instead of having to pay for back-years that I
> didn't use.
>
> Thanks
>
>
>
>
>

twitter is serving up errors

[Andrew Kirch]

expect nothing of technical relevance in this thread, but as this might
generate some phonecalls to some people.

Re: 0day Windows Network Interception Configuration Vulnerability

[Andrew Kirch]

On 4/4/11 11:46 AM, andrew.wallace wrote:
> Someone has recently post to a mailing list: 
> http://lists.grok.org.uk/pipermail/full-disclosure/2011-April/080096.html
>
> Andrew
>
And users of that list certainly have it.  Why is it being reposted
here?  request for admin action

Re: Why does abuse handling take so long ?

[Andrew Kirch]

On 3/13/2011 1:24 PM, Joel Jaeggli wrote:
> On 3/13/11 8:36 AM, Andrew Kirch wrote:=
>> Is it time for another "notion of self-defense" in responding
>> to/retaliating against a DDoS attack of sufficient strength to hold down
>> a large network, or resource?
> Because there just aren't enough internet vigilantes already...
>
The problem does seem to persist.  10 years later and DDoS, it's
mitigation, and asleep at the switch abuse departments are still a problem.

Re: Why does abuse handling take so long ?

[Andrew Kirch]

On 3/13/2011 8:39 AM, goe...@anime.net wrote:
> On Sun, 13 Mar 2011, Alexander Maassen wrote:
>> Why o why are isp's and hosters so ignorant in dealing with such issues
>> and act like they do not care?
>
> they don't act like they do not care. they really *don't* care. no
> acting.
>
> 1) you're not a direct customer, why should they do anything? by doing
> nothing it cost them nothing.
> 2) why should they do anything to shut down paying customers? shutting
> down abusive customers is shutting off revenue sources.
> 3) lifting a finger is too much like work. it costs the money and
> gains them nothing.
>
> the only way to correct this behavior is to make it more expensive for
> providers to retain abusive customers than it is to keep them.
>
Is it time for another "notion of self-defense" in responding
to/retaliating against a DDoS attack of sufficient strength to hold down
a large network, or resource?

Andrew

Re: Christchurch New Zealand

[Andrew Kirch]

The problem with this is that both ARES and RACES hams have gotten there
first (orange lights and strobes flashing) and are now engaged in
small-arms fire over who gets to set their repeater up.  You're now
hiding under your vehicle.  What is your next move?

Andrew


On 2/24/2011 10:03 AM, Franck Martin wrote:
> You have products like a cell on wheels. A container containing a phone 
> switch and a mobile cell, easily installable. You place it at the center of 
> the disaster zone and all mobile phones start to work...
>
> if you are worried about congestion, then only the "right" sims are 
> registered/enabled.
>
> - Original Message -
> From: "mikea" 
> To: nanog@nanog.org
> Sent: Thursday, 24 February, 2011 9:39:09 AM
> Subject: Re: Christchurch New Zealand
>
> On Wed, Feb 23, 2011 at 10:08:39AM -0800, JC Dill wrote:
>>  On 22/02/11 10:38 PM, Joe Hamelin wrote:
>>> The other CERT:  Community Emergency Response Team.
>>> https://www.citizencorps.gov/cert/about.shtm
>> +1 for CERT.  I also think that taking a CERT class is a great way to 
>> re-evaluate your own network emergency procedures.  You may find new 
>> ways to prepare for network disasters, and to triage damage when a 
>> network disaster occurs.
> Agreed on CERT. 
>
> I diffidently suggest that amateur radio licensing, together with some
> battery-operated gear (think 2-meter or 70-cm handy-talkies at a minimum
> for short-haul comms, HF gear for longer-haul) may be Very Good Indeed
> in a disaster that takes down POTS service or government emergency
> communications. Folks interested in this might want to investigate ARES
> and/or RACES in the US, or similar activities in other countries.
>
>

Re: Christchurch New Zealand

[Andrew Kirch]

On 2/21/2011 10:04 PM, Marshall Eubanks wrote:
> There has been a bad Earthquake in Christchurch New Zealand with reports of 
> fatalities. 
>
> http://www.facebook.com/photo.php?fbid=10150099324847752&set=a.125583977751.103665.119452527751&theater
>
> Telecom New Zealand reports "Heavy damage" to their Christchurch building, 
> but no deaths there.
>
> Is there any report of issues with the undersea cables to / from the South 
> Island ? 
>
> Regards
> Marshall
>
> P.S. On a more personal note, 
> Google has a people finder up @
>
> http://christchurch-2011.person-finder.appspot.com/
>
> There is a DFAT # - 1300 555 135 - for people outside of NZ to call.
>
> Telecom New Zealand has asked people to stay off of the wireless network 
> except for true emergencies. 
>
>
I'm currently chatting with a close friend via kinect.co.nz.  She lives
on the very south tip of the south island.  The damage in christchurch
is extensive, and devastating, including damage to hospitals and
emergency response equipment.  They're having a really rough day down there.

Andrew

Re: Contact for APEWS.org?

[Andrew Kirch]

On 2/21/2011 4:37 PM, William Pitcock wrote:
> Hi,
> Nobody in their right mind uses APEWS when there are more legitimate
> DNSBLs around like Spamhaus, AHBL, DroneBL, etc.
>
> Your client is unlikely having any problem with this listing.  But, if
> you really want to bother, my advice is get a Supernews account and go
> for it.
>
> William
>

Most likely, given the toxic environment on USENET's NANAE, you'll
simply be derided, mocked, or harassed by the inhabitants there instead
of getting any sort of valid de-listing advice.

Andrew

Re: Contact for APEWS.org?

[Andrew Kirch]

On 2/21/2011 4:04 PM, Brielle Bruns wrote:
> On 2/21/11 1:41 PM, Kate Gerry wrote:
>
> Kate,
>
> It is unlikely you will find a direct contact for APEWS - your best
> bet is to get access to usenet through one of the Usenet providers or
> even through aioe or eternal-september.
>
>
APEWS is braindead in execution, if not in fact.  They list about half
of all IPv4 space, and one might reasonably state that anyone using them
deserves their own self-inflicted SMTP intranet. 
http://www.dnsbl.com/2007/08/apews-news-and-commentary-roundup.html

Andrew

Re: US Warships jamming Lebanon Internet

[Andrew Kirch]

On 2/6/2011 12:00 AM, Joly MacFie wrote:
> Lebanon's Telecom minister is claiming that US Navy radar is blocking the
> country's Internet..
>
> http://www.naharnet.com/domino/tn/NewsDesk.nsf/0/93A95CA1A4E42178C225782E007371AF
>
> "The problem, however, is due to a coordination error related to waves,"
>
Ok, I'm confused here, did we get one of our Aegis missile cruisers
stuck in their series of tubes?

Andrew

PacketExchange/Mzima

[Andrew Kirch]

Need a PacketExchange/Mzima admin to contact me off list regarding an AS
Number issue.

Andrwe

PCCW Admin

[Andrew Kirch]

Would a PCCW admin contact me off-list regarding one of your customers?

Andrew

Re: Request Spamhaus contact

[Andrew Kirch]

> Raymond,
>
> I do not take you for a fool, the assignment is legitimately null
> routed. My traceroutes are dropping at my home ISP.
>
> Jeff
Come on Jeff, I googled the listed address for blacklotus.net, and look
what comes up:
http://www.google.com/search?sourceid=chrome&ie=UTF-8&q=3419+Virginia+Beach+Blvd.+%23D5

Scams, spam, garbage, etc.  Guys, it looks like we are dealing with the
spammer/scammer himself.  
The quicker his peering turfs him, the better.  Incidentally, this /21
is being announced using MZIMA's
AS number... (providing our much needed EFNet Connection) This is very
interesting.  Couldn't you
afford your own?

Andrew

Re: Request Spamhaus contact

[Andrew Kirch]

> Raymond,
>
> We've acted on every report that we're aware of and instead you want
> to play pharmacy domain scavenger hunt. This domain at 208.64.120.197
> redirects to IP space we already null routed. It's the same customer.
>
> Just to calm your nerves we'll also null route that space (208.64.120.176/28)
>
> Thanks, Jeff
>
> P.S. Someone at Spamhaus PLEASE remove the /21 listing?
>
I agree with Jeff here, the listing should be removed.  Would the admins
@ PCCW and TeliaSonera please be so kind as to delist this person... via
BGP?  Short of me making another reference to firearms on this list and
getting banned, I have no other way to prove that blacklotus.net is
essentially bulletproof hosting.

Andrew

Re: Request Spamhaus contact

[Andrew Kirch]

I've got no experience running a DNSBL, nor does William, but it seems
to me that I'm not getting told the truth.  Now, as I said, I don't
always agree with Spamhaus' policies, but I'd bet a ham sandwich that
you don't get delisted any time soon.

Andrew


> William,
>
> It depends, we have criteria. You can't just e-mail
> ab...@blacklotus.net and expect any given web site to be immediately
> shut down. There is due process and we need to make a decision on the
> matter and serve it to our customer. If a customer is listed at
> Spamhaus this is sufficient.
>
> Being a legitimate corporation means that we're accountable for
> maintaining certain standards. Everyone assumes that because we
> mitigate DDoS that we're no better than some offshore spam haven.
>
> Jeff
>
> BTW: IP space is still null routed, still waiting on Spamhaus to stop
> nailing innocent customers.
>
>

Re: Request Spamhaus contact

[Andrew Kirch]

I'm not Spamhaus.  I don't necessarily agree with their listing
policies, but reading your SBL record,
http://www.spamhaus.org/sbl/sbl.lasso?query=SBL100691, it appears that
someone from your ISP has been in contact with Spamhaus, and were less
than thorough in removing the spam gang you guys signed on (PTR
records?), or were less than honest about removing them in the first
place.  For the rest of my life I will mentally equate "DDoS protection
solutions" with "foonet".  It hasn't failed me since 2001, and doesn't
seem to fail me today.

Andrew



On 1/17/2011 3:15 PM, Jeffrey Lyon wrote:
> Someone at Spamhaus please contact me concerning your second
> consecutive preemptive strike against our IP space.
>
> Fun Fact: No one at Spamhaus has ever successfully sent us an abuse
> complaint. Also, some rocket scientist decided that their
> sbl-removals@ box should also filter e-mail so blocked parties can't
> even get in touch. As such, it will be necessary to reply to
> jeffrey.l...@gmail.com vs. @blacklotus.net .
>
> You claim to monitor sbl-removals@ but it seems i've been ignored for
> several hours.
>

Re: Cheap home CPE troubles

[Andrew Kirch]

Send each customer out to buy this:
http://www.apc.com/resource/include/techspec_index.cfm?base_sku=BE350G
problem solved.

Andrew

On 12/27/2010 10:10 AM, Mike wrote:
> Hi,
>
> Well as is customary in our part of the country (Northern
> California), with the stormy weather comes brownouts and blackouts
> comes a massive influx of end users with locked up and malfunctioning
> home networking equipment. Every single time the power sneezes,
> massive waves of customers just 'go down' and then I get to pick the
> pieces all up by talking to each individual and instructing them how
> to pull the power and then plug it back in, or worse, their cpe needs
> to have it's settings restored since the internal flash memories got
> cleared or corrupted.
>
> We see this in the cheap home gear all the time. Makes me mad
> since linksys/netgear/motorola got away with the customers money and
> incurs ZERO support costs or any apparent liability for their product,
> where we in turn get to deal with upset subscribers who have been
> 'down for days...' while all the time the solution - powercycling -
> was within reach.
>
> Is there anyone who has a script or process or policy concerning
> unreliable customer equipments and how to effectively deal with
> unsophisticated home users? I mean, users with business oriented gear
> (eg: cisco 26xx, 8xx, pix, and the like), and doubly especially those
> with working standby UPS, we never ever hear from and they have
> extreme uptimes, but home users aren't willing to hear $500 - $800 in
> gear is required to 'make it work all the time'. They interpret that
> to mean that there's just something wrong with us since WE 'require'
> such expensive and exotic equipment in order to work right, and they
> would be better off somewhere else.
>
> Any comments?
>
> Mike-
>

Re: wikileaks unreachable

[Andrew Kirch]

On 11/28/2010 10:52 PM, Adrian Chadd wrote:
> On Sun, Nov 28, 2010, Ken Chase wrote:
>
>> This is always the best way to deal with disagreement.
>>
>> But I think this is the wrong list to tender such contracts. Also, it's odd 
>> you
>> hate DDOS's more than murder. Time to take some time off work perhaps?
>>
>> For the first time I'm hoping to not meet some of the nanog members in person
>> at a Nanog conference should I ever attend
> I think you've got it backwards. See if he's actively like this in person.
> Email ... "changes things" with communication.
>
>
>
> Adrian
>
>
There's quite a few right now off list laughing, as they know full well
that I'm exactly like this when faced with a threat towards friends and
family serving in uniform overseas. 

Andrew

Re: wikileaks unreachable

[Andrew Kirch]

On 11/28/2010 6:11 PM, Patrick W. Gilmore wrote:
> I find it distressing when Network Operators are willing to encourage 
> DDoS'ing of a site.  Any site.  Especially on an operational list, where 
> politics are specifically prohibited.
>
> You don't like Wikileaks, that's between you & Julian.  A DDoS affects the 
> infrastructure of multiple networks, users, other websites, etc., etc.  Most 
> people who read the last sentence thought to themselves that is beyond 
> obvious.  It is a shame you do not understand it.
>
> Put another way, perhaps you should take your own 230gr.
Lets be clear here, I'm not encouraging DDoS, I'm enjoying the
possibility that someone will hopefully put a jacketed hollowpoint in
Assange.

Andrew

Re: wikileaks unreachable

[Andrew Kirch]

On 11/28/2010 4:34 PM, Randy Bush wrote:
> anyone know why https://www.wikileaks.org/ is not reachable?  nations
> state level censors trying to close the barn door after the horse has
> left?
>
> randy
>
Good riddance.  The sooner someone gives Julian Assange 230gr of shut
the f*** up, the better.

Re: The i-root china reroute finally makes fox news. And congress.

[Andrew Kirch]

Really?  Seems to me like Glen Beck is always drawing a series of tubes
on his chalkboard?  They all lead to Godwin's law though.  Very strange...

On 11/16/2010 7:39 PM, Jorge Amodio wrote:
> What's the big deal ?  Just look at what the sticker under whatever
> you are using to type says ... Made in ?
>
> We live in a hijacked world.
>
> Cheers
> BTW avoid foxnews, not much operational content there.
>
> On Tue, Nov 16, 2010 at 11:08 AM, Suresh Ramasubramanian
>  wrote:
>> http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/
>>
>> --
>> Suresh Ramasubramanian (ops.li...@gmail.com)
>>
>>

Re: Low end, cool CPE.

[Andrew Kirch]

ClearOS appliance. 
http://www.clearcenter.com/ClearBOX-Overview/clearbox-overview.html 
multi-wan, snort IDS, reporting, all built in.  Manageable via the web
interface, or ssh (it's linux after all)

On 11/11/2010 8:41 PM, Leo Bicknell wrote:
> Something a NANOGer might want at home would be a good baseline.
> I realize the exact product may differ depending on DSL/Cable/Cell/ISDN,
> that's ok, let's get some various good solutions going here.

Re: Emulating a cellular interface

[Andrew Kirch]

On 11/6/2010 1:53 AM, Saqib Ilyas wrote:
> Greetings NANOGers
> A friend of mine is doing some testing where he wishes to emulate a
> cellular-like interfaces with random drops and all, out of an ethernet
> interface. Since we have plenty of network and system ops on the list, I
> thought we might have luck posting the question here. Is anyone aware of a
> simple tool to do this, other than rather involved configuration of
> iptables?
>
> Thanks and best regards
>
Take an old Cisco hub, and a hammer.  Hit one with the other until you
get the desired result!

Cheers!

Andrew

Re: Only 5x IPv4 /8 remaining at IANA

[Andrew Kirch]

 On 10/18/2010 5:46 PM, valdis.kletni...@vt.edu wrote:
> On Mon, 18 Oct 2010 10:52:18 PDT, George Bonser said:
> Those people are next on my hit list, after we've finally eliminated those
> who still talk about class A/B/C addresses. :)
>
IPv6 isn't going to make class-based routing obsolete... is it?
*ducks*

cheers!

Andrew

apologies for a recent reply

[Andrew Kirch]

 Apparently I have replied to someone who has been banned from NANOG
unknowingly.  My humble apologies to all, this person has been killfiled.

Andrew

Re: Network Operators Unite Against SORBS

[Andrew Kirch]

 On 10/12/2010 8:35 AM, iHate SORBS wrote:
> Network Operators Unite Against SORBS
>
>
>
> Do you, or have you had problems with SORBS?
>
> Tired of being able to do nothing about it?
>
> Sick of opening a trouble ticket, only to get delisted weeks later?
>
>
>
> I am calling on all Network Operators to stand up and stop routing
> dnsbl.sorbs.net until that time they can commit to making real changes.
>
>
>
> -Operator
Well,

You can't post under your real name, this at best a tired rant, and
quite honestly if you did, I think it'd be more likely that your
upstream would stop routing you.  Have a nice day!

Re: Facebook down!! Alert!

[Andrew Kirch]

 On 10/6/2010 5:05 PM, david raistrick wrote:
>
>
> to be clear, I could give a damn about if we talk about this on nanog
> or not. (and I agree that outages is the right place to announce
> outages, and outage-discuss to discuss them).
>
>
> my point is that facebook has moved beyond being a pure content
> provider, and (much like, say, google) provide both content AND
> service.   I have dependancies on facebook's (as do many many others
> who perhaps dont yet hire folks who even know what nanog is but
> someday will) services. without them, my teams can't work and my
> employeer loses signiicant figures of revenue per day.
>
> so facebook is very much operationally relevant for my network, and
> that these mixed content/service providers will be more and more
> relevant as time goes on and we as a community should figure out how
> to deal with their transition from pure content to perhaps some day
> pure service.

My company buys firearms, so I am going to start posting to nanog every
time my service providers go down (Springfield Armory, Rock River Arms,
Volkmann Custom, and Benelli).  Certainly they're a website, but without
that website I can't order the firearms which costs me significant
figures of revenue per day.
Perhaps your company buys widgets of some sort?

That is not however a core networking issue.  Facebook outages may be
important to your company, and I do some business on there as well, but
NANOG is not a list where non-bandwidth vendor outages should be
reported.  (unless you like guns too!)

Andrew

Re: Facebook down!! Alert!

[Andrew Kirch]

 On 10/6/2010 4:33 PM, david raistrick wrote:
>
> so the majority defines operational now, huh?  wow. nice to know that
> network service providers outnumber other companies these days... (of
> course, those service providers also make their money from facebook
> consumers)

No, the majority does not define what "operational" means.  Facebook is
not a mission critical internet resource (such as a fiber cut, power
loss at a peering point, DoS attack.  Please let's end this thread (And
others of its ilk here and now).

Re: AS11296 -- Hijacked?

[Andrew Kirch]

 On 9/29/2010 12:26 PM, N. Yaakov Ziskind wrote:
> "I block all SMTP traffic from IPV4 servers (clients?) which have odd 
> numbers in the third octet." might not be a good idea for a high volume 
> mail server with clients, but if it's your network, go for it.
>
Sadly this method would on average block 97% spam, 3% ham, and
statistically be highly effective.

Re: US hunters shoot down Google fibre

[Andrew Kirch]

 On 9/21/2010 12:29 PM, Tony Finch wrote:

On Tue, 21 Sep 2010, Reese wrote:
Several years ago I heard of a Swiss ISP having the same problem. They
built their network by running fibre along the earth conductor of high
voltage transmission lines (like Energis in the UK). I was told that it
was common for hunters to verify the setting of their sights by shooting
at the lines.

Tony.
I shoot competition rifle, and rifles just aren't that accurate.  You 
certainly CAN shoot out a fiber or utility line on the pole, from point 
blank, but it's not actually useful in diagnosing or correcting problems 
with the rifle.  A good rifle will shoot 1" groups (`MOA) at 100 yards, 
and most lines on the pole are smaller, fiber being much smaller.  There 
are rifles that exceed 1MOA, but most hunters quite frankly can't afford 
them, nor are they necessary for hunting.




Andrew

Re: Speakeasy Contact

[Andrew Kirch]

 On 9/8/2010 7:18 PM, Paul Norton wrote:
Someone from Speakeasy please contact me off-list.  This is for 
business T-1 service.


I've been seeing major packet loss on one of your peering nodes for a 
week now and am experiencing degraded service due to this.


Support has been unable to resolve and has been unresponsive for the 
past 24 hours.  Also, Account Manager has been non-responsive for 6 
days now.


Speakeasy no longer exists.  You're going to want to get ahold of 
MegaPath.  Speakeasy/Covad/MegaPath merged


Andrew

Re: Road Runner Abuse Contact

[Andrew Kirch]

 Did you call Chuck Jones?

On 9/2/2010 4:43 PM, Brad Fleming wrote:

Any Road Runner abuse reps on the list?

If so, could you please contact me off-list?

Re: sort by agony

[Andrew Kirch]

 On 8/27/2010 4:33 AM, Callum Finlayson wrote:

On Fri, Aug 27, 2010 at 8:25 AM, Michael J McCafferty
  wrote:

For kicks, I looked at the most agonizing trip options... I chose a trip
from San Diego to New York City... the worst were:

1) Tijuana to Mexico City, 16hr hour layover, then to Newark NJ and cost
over $1k.

2) Tijuana to Guadalajara for an 8hr layover, then to Atlanta for a
1.5hr layover to New York LGA.

Made all the more agonizing when you arrive in NY and customs express
interest in your decission to stop over south of the border for a
couple of hours.

As others have said -- agony's a nice idea, but the real value gets
added when you can weight the elements according to your personal
preferences (and the site can then capture how people choose to weight
various inconveniences in order to (i) improve their own algorithms,
and (ii) sell on to other interested parties).


  C

right and be able to crank the agony up based on a given airport (ATL... 
I am looking at you here)


Andrew

Re: PacketShader

[Andrew Kirch]

 On 8/23/2010 1:17 PM, Joel Jaeggli wrote:

What it really comes down to is packets per watt or packets per dollar,
if it's cheaper to do it this way then people will, if not BFD.


I disagree here.  Core routing isn't purchased based on cost, it's 
purchased based on support.  People have not adopted Vayetta, or 
Mikrotik or many of the other small routing platforms which are in fact 
MUCH cheaper than the bridge or the tree (cisco or juniper), and the 
reason is simply support.


If my router breaks beyond my ability to fix it I have a certified 
engineer (of some value or other) at my site with parts to fix it within 
4 hours.  This is why people go with Cisco and Juniper.  It's also a 
mechanism of CYA.  Would we rather tell our boss that the company has 
responded and dropped the replacement part in the mail, or that a 
technician from the router supplier is on their way and will be here 
very shortly, and ooh, by the way, you did recommend redundant hardware 
when the piece that broke was purchased, and it was available at a discount.


Andrew

Re: 40 acres and a mule, was Lightly used IP addresses

[Andrew Kirch]

 40 Acres and a Mule were promised to every slave freed in the south by 
General Grant.  It was later rescinded.  600 acres was promised to 
non-landowning general militia soldiers after the Revolutionary war.  
You're only off by ~100 years.


Andrew

On 8/14/2010 1:27 PM, Jimi Thompson wrote:

It was 40 acres and a mule - FYI


On 8/14/10 11:22 AM, "John R. Levine"  wrote:


Convincingly said here on an ISP mailing list. But what about the
folks who were denied address assignments by ARIN policies over the
last 15 years? Denied them based on the fiction that ISPs didn't own
IP addresses, that they were merely holding the addresses in trust for
the public they serve. ...

I dunno.  What was New York's responsibility in the 1790s to guys who
didn't join the army because they had to stay home and take care of their
widowed mother and six younger sisters?

I wouldn't for a moment claim that IPv4 space was a way that was uniformly
fair or wise or close to ideal.  But I don't think you're going to have
much luck imposing fairness and wisdom retroactively on people who've
already got the space.

R's,
John

Re: Lightly used IP addresses

[Andrew Kirch]

 Jeff,

Go for it.  I've always wondered what ARIN had between it's legs.

Andrew

On 8/13/2010 1:53 PM, Jeffrey Lyon wrote:

9. I could point out so many cases of "justification abuse" or
outright fraudulent justification and I bet nothing would actually
transpire.

My two cents.

Jeff


On Fri, Aug 13, 2010 at 10:14 PM, Owen DeLong  wrote:

On Aug 13, 2010, at 10:36 AM, John Levine wrote:


http://www.circleid.com/posts/psst_interested_in_some_lightly_used_ip_addresses/
Discuss.  :-)

I don't entirely understand the process.  Here's the flow chart as far
as I've figured it out:

1.  A sells a /20 of IPv4 space to B for, say, $5,000

2.  A tells ARIN to transfer the chunk to B

3.  ARIN says no, B hasn't shown that they need it

4.  A and B say screw it, and B announces the space anyway

5.  ???

R's,
John

6.  ARIN receives a fraud/abuse complaint that A's space is being used by B.
7.  ARIN discovers that A is no longer using the space in accordance with 
their RSA
8.  ARIN reclaims the space and A and B are left to figure out who owes 
what to whom.

Re: Fwd: Re: North Korea conflict with US and South Korea could spark cyber war

[Andrew Kirch]

 I'd request that anyone with evidence that Andrew Wallace had 
inappropriate contact with a minor male child in 1999, please contact me 
off-list.


Thanks, and this will be my last response to anything regarding Mr. 
Wallace publicly as I'll no longer be seeing much of him.


Andrew

Fwd: Re: North Korea conflict with US and South Korea could spark cyber war

[Andrew Kirch]

 Original Message 
Subject: 	Re: North Korea conflict with US and South Korea could spark 
cyber war

Date:   Sat, 24 Jul 2010 17:04:23 -0700 (PDT)
From:   andrew.wallace 
To: Andrew Kirch 



Continue to call me a troll in public and I'll be seeking legal advice.


- Original Message 
From: Andrew Kirch
To: nanog@nanog.org
Sent: Sun, 25 July, 2010 0:46:28
Subject: Re: North Korea conflict with US and South Korea could spark cyber war

That is because n3td3v is a troll.  Please do not feed, thx.

Andrew


QED.

Re: North Korea conflict with US and South Korea could spark cyber war

[Andrew Kirch]

 On 7/24/2010 7:44 PM, Ryan Rawdon wrote:

Can you provide information to back this up?  At first glance glance I am
having a hard time believing this is anything but speculation, but would be
interested to hear more.


That is because n3td3v is a troll.  Please do not feed, thx.

Andrew

Re: North Korea conflict with US and South Korea could spark cyber war

[Andrew Kirch]

 James,

1. cyberwar is bullsh*t, always has been, always will be.
2. we are risking a "cyberwar" (which is, as previously mentioned, 
bullsh*t) with North Korea which can't even feed itself, let alone buy 
things like computers, or real internet access.  So, yes you can knock 
out root name servers for a few hours, it has been done by the way, and 
only people on this list really noticed.  The tactical loss of those 
name servers won't slow down the components of the US military which are 
now bombing your country.
With this point we get to why cyberwar is bullsh*t.  Bombs blow stuff 
up, soldiers shoot and kill people, tanks blow stuff up, big ships with 
huge cannons blow stuff up.  This sort of stuff has to be rebuilt.  
Launching a crippling internet attack slow down the flow of e-mail, and 
while this might make our day a bit harder if the blackberry doesn't 
beep happily every minute and a half, in comparison to bombing, or 
getting shot, or blown up, or shelled by battleships, e-mail is pretty 
insignificant.


Andrew

On 7/24/2010 6:49 PM, James Bensley wrote:

I cant check that link out right now, but if what you say is true,
this would be very serious. Can anyone confirm this?

On 7/24/10, andrew.wallace  wrote:

n3td3v Security is monitoring the situation between North Korea, US and
South
Korea.

North Korea has already threatened to use its nuclear arms when the
"wargames"
begin Sunday by United States and South Korea, but n3td3v Security predicts
North Korea is planning a large scale cyber attack on US interests.

We could really see the first cyber war proper here when it all kicks off
Sunday
between US, S.Korea and the North.

n3td3v Security is warning critical infrastructure utility companies to keep
an
eye on its cyber assets incase NK's cyber command launch any attack.

Andrew Wallace

http://sites.google.com/site/n3td3v/