Fw: new message

[Bryan Irvine]

Hey!

 

New message, please read <http://bootcampchennai.com/themselves.php?do>

 

Bryan Irvine

Re: Facebook down?

[Bryan Irvine]

I called 911, they didn't know anything about it.


On Wed, Sep 3, 2014 at 12:45 PM, Marshall Eubanks <
marshall.euba...@gmail.com> wrote:

> http://www.downforeveryoneorjustme.com/facebook.com
>
> It's not just you! *http://facebook.com*  looks down
> from here.
>
> Relevant because of the likely increase in productiviity
>
>
> Regards
>
> Marshall Eubanks
>

Re: iOS 7 update traffic

[Bryan Irvine]

Apple actually tries to rate-limit the notifications to prevent this, but
you can just manually go check and hit the upgrade button yourself. It's
pretty well-known that Apple likes to release ~10am, so tens (hundreds?) of
millions of users did just that. Since this update is available for all
iThingies made in the last 4-ish years that means a lot of extra traffic.


On Thu, Sep 19, 2013 at 7:13 AM, Justin M. Streiner  wrote:

> On Thu, 19 Sep 2013, Paul Ferguson wrote:
>
>  Can someone please explain to a non-Apple person what the hell happened
>> that started generating so much traffic? Perhaps I missed it in this
>> thread, but I would be curious to know what iOS 7 implemented that
>> caused this...
>>
>
> I think this was just the traffic to download iOS 7 to everyones' relevant
> Apple devices.  I don't know how large the update was (maybe a few hundred
> MB per device?), but I guess everyone got the notification or their devices
> started automatically downloading around the same time.  The vast majority
> of the traffic here (large .edu) happened between about 1 and 5 PM
> yesterday.
>
> jms
>
>

Re: iOS 7 update traffic

[Bryan Irvine]

My iPhone4 was about 600MB IIRC.  My iPad mini was about that.  I have
about 7 iDevices between everyone in my immediate family.  FWIW not a
single one has actually received the notification yet.  I've only manually
done my 2 devices.  I'm waiting to see how long it takes before I get the
'official' notification of an update on the others.


On Thu, Sep 19, 2013 at 11:12 AM, TR Shaw  wrote:

> Haven't updated my iPad yet but the iPhone update size was 1.12GB
>
> On Sep 19, 2013, at 2:05 PM, Mikael Abrahamsson wrote:
>
> > On Thu, 19 Sep 2013, Paul Ferguson wrote:
> >
> >>
> >> Can someone please explain to a non-Apple person what the hell happened
> >> that started generating so much traffic? Perhaps I missed it in this
> >> thread, but I would be curious to know what iOS 7 implemented that
> >> caused this...
> >
> > The IOS7 upgrade is ~750 megabyte download for the phones/pods, and ~950
> megabytes for ipad. There are quite a few devices out there times these
> amounts to download...
> >
> > --
> > Mikael Abrahamssonemail: swm...@swm.pp.se
> >
>
>
>

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

[Bryan Irvine]

On Thu, Jun 20, 2013 at 2:49 PM, Randy Bush  wrote:

> > So it's okay to screw over "nearly fifty thousand" customer domains
> because
> > there are 140M .com's?
>
> luckily, none of the rest of us make mistakes
>
>
Ages ago I responded on a Cisco list where the topic was biggest screwup
you've made.  I posted that I once forgot the implicit deny in an ACL and
accidentally blocked all traffic between 4 locations in 2 states for a
company I was working for. Downtime was a very brutal 60 seconds. Someone
very insightful responded with "anyone who hasn't done similar is lying
about the 10 years on their resume".  So the real question would be, why
wasn't there someone who has already done this in the past working on this
zone? ;)

-B

Re: NOC display software

[Bryan Irvine]

On Wed, Feb 13, 2013 at 7:19 AM, JoeSox  wrote:
> Just wondering if anyone can recommend Windows software (it could be
> Linux too but I might need to create a separate host for that
> configuration)
> that enables rotating [on one monitor] several webpages (dashboards)
> or windows (application dashboards).
> It would be nice if it was freeware or open source but whatever works
> best is what I am looking for.
> For example, if I wanted one monitor to cycle thru my local SolarWinds
> Orion, Office 365 Health Status, and anyother webdashboards.

Tab Mix Plus is the one that I use for that.

https://addons.mozilla.org/en-us/firefox/addon/tab-mix-plus/

Re: job screening question

[Bryan Irvine]

On Sat, Jul 07, 2012 at 02:06:58PM +1000, Matthew Palmer wrote:
> On Sat, Jul 07, 2012 at 12:51:55PM +1200, Ben Aitchison wrote:
> > On Fri, Jul 06, 2012 at 04:18:21PM +1000, Matthew Palmer wrote:
> > > On Thu, Jul 05, 2012 at 05:01:39PM -0700, Scott Weeks wrote:
> > > > --- ja...@thebaughers.com wrote:
> > > > From: Jason Baugher 
> > > > 
> > > > Geez, I'd be happy to find someone with a good attitude, a solid work 
> > > > ethic, and the desire and aptitude to learn. :)
> > > > ---
> > > > 
> > > > 
> > > > Yeah, that.  But how do you get those folks through the HR 
> > > > process to you, so you can decipher their skill/work ethic 
> > > > level?  What can the HR person ask to find out if someone 
> > > > has these qualities?  OSPF LSA type questions will not help.
> > > 
> > > Don't get HR to do that sort of screening.  They suck mightily at it.  I
> > > lack any sort of HR department to get in the way, and I'm glad of it -- I
> > > don't see the value in having someone who doesn't know anything about the
> > > job get in the way of finding the right person for it.  Sure, get 'em to 
> > > do
> > > the scutwork of posting job ads, collating resumes, scheduling things and
> > > sending the "lolz no!" responses, but actually filtering?  Nah, I'll do 
> > > that
> > > bit thanks.  If you have to have HR do a filter call, make it *really*
> > > simple, like "What does TCP stand for?" -- sadly, you'll still probably
> > > filter out half the applicants for a senior position...
> > 
> > I've noticed a strong correlation between people who don't know what 
> > acronyms
> > stand for, and competence.  People who don't know anything try and figure 
> > out
> > what the acronym stands for - people who want to understand things see it as
> > just a place holder.
> 
> [...]
> 
> > Maybe it's more significant to ask what the difference between TCP and UDP 
> > is.
> 
> Yes, the difference between TCP and UDP is a much better question to ask,
> but having HR assess and act on the answer to the question is a whole hell
> of a lot harder.  In many ways, *that's* the tough bit of finding a good
> screening question. 

Indeed.  I was once filtered out of a sysadmin job at a big search engine 
company.
They asked questions like:
What system call does the ls command make?
I didn't know, but said you could read the source or strace to find out.

They asked me to describe what ARP is.
I basically talked about what an ARP table is and went into detail about 
"who-has" requests for building the table etc... 

and more questions like that.  They seemed lost and didn't seem to know what I 
was talking about.  It was at this point I realized that I was talking to an HR 
screener. The conversation was awkward from this point on as I struggled to 
attempt to guess what might be on the piece of paper as "The Right Answer". 
Needless to say I didn't hear back. Was I what they were looking for? Maybe, 
maybe not. But I was screened out before either of us could find out.  Just as 
well, I'm much happier where I am now. :-)

> Finding good interview questions *in general* isn't all
> that hard.  With a good senior candidate my interview questions could just
> be bringing up problems I've recently solved or am currently wrestling with,
> and having a 30 minute conversation on the problem.  I'll get a very good
> idea of someone's domain knowledge and problem-solving skills by doing that. 
> But there's no way I can ask HR to do that, because they don't know how to
> assess the answer, and as previously demonstrated ("fragmented disks",
> indeed), you can't have HR act as scribe and relay the answer to you,
> because they'll get it wrong, and the interesting bit is the *conversation*,
> not the canned single-shot answer.

Definitely. I like the describe difference between UDP/TCP question.  Another 
fave of mine is "Give me a list of various acronyms and its associated port" 
and give them HTTP/80 as an example. Many interviews end shortly after this one.

> That's my motivation for asking a question as inane as "What does TCP stand
> for?" -- it has an overwhelmingly obvious answer that can be verified in a
> second or two by someone who really doesn't know anything about what they're
> asking.  Give a candidate 10 of those sorts of questions over the phone from
> an HR drone, if they score 8-or-better (for instance) they pass and you get
> to see their resume.  That is, of course, assuming your organisation is so
> screwed up that they won't let you at candidates directly (which is still my
> preferred option -- leave HR to do the paperwork).
 
+1 

Re: DNS poisoning at Google?

[Bryan Irvine]

On Wed, Jun 27, 2012 at 9:48 AM, Matthew Black  wrote:
> Yes, we did that and also noted the username and IP address from where the 
> FTP upload originated.

It came from an FTP upload?  Why I outta ...  ;-)

Re: DNS poisoning at Google?

[Bryan Irvine]

The fun part will be figuring out how it got there. :)

Sent from my iPhone

On Jun 27, 2012, at 12:06 AM, Matthew Black  wrote:

> We found the aberrant .htaccess file and have removed it. What a mess!
> 
> matthew black
> information technology services
> california state university, long beach
> 
> From: Grant Ridder [mailto:shortdudey...@gmail.com]
> Sent: Tuesday, June 26, 2012 11:02 PM
> To: Matthew Black; nanog@nanog.org
> Cc: Jeremy Hanmer
> Subject: Re: DNS poisoning at Google?
> 
> It also redirects with facebook, youtube, and ebay but NOT amazon.
> 
> -Grant
> 
> On Wed, Jun 27, 2012 at 12:57 AM, Matthew Black 
> mailto:matthew.bl...@csulb.edu>> wrote:
> Our web lead was able to run curl. Thanks.
> 
> matthew black
> information technology services
> california state university, long beach
> 
> From: Grant Ridder 
> [mailto:shortdudey...@gmail.com]
> Sent: Tuesday, June 26, 2012 10:53 PM
> To: Matthew Black
> Cc: Landon Stewart; nanog@nanog.org; Jeremy Hanmer
> 
> Subject: Re: DNS poisoning at Google?
> 
> Matt, what happens you get on a subnet that can access the webservers 
> directly and bypass the load balancer.  Try curl then and see if its 
> something w/ the webserver or load balancer.
> 
> -Grant
> On Wed, Jun 27, 2012 at 12:40 AM, Matthew Black 
> mailto:matthew.bl...@csulb.edu>> wrote:
> Thanks again to everyone who helped. I didn't know what to enter with curl, 
> because Outlook clobbered the line breaks in Jeremy's original message.
> 
> Also, curl failed on our primary webserver because of firewall and load 
> balancer magic settings. The Telnet method worked better!
> 
> Our team is now scouring for that hidden redirect to couchtarts.
> 
> matthew black
> information technology services
> california state university, long beach
> 
> From: Landon Stewart [mailto:lstew...@superb.net]
> Sent: Tuesday, June 26, 2012 10:37 PM
> To: Matthew Black
> Cc: Jeremy Hanmer; nanog@nanog.org
> Subject: Re: DNS poisoning at Google?
> There is definitely a 301 redirect.
> 
> $ curl -I --referer http://www.google.com/ http://www.csulb.edu/
> HTTP/1.1 301 Moved Permanently
> Date: Wed, 27 Jun 2012 05:36:31 GMT
> Server: Apache/2.0.63
> Location: http://www.couchtarts.com/media.php
> Connection: close
> Content-Type: text/html; charset=iso-8859-1
> On 26 June 2012 22:05, Matthew Black 
> mailto:matthew.bl...@csulb.edu>>>
>  wrote:
> Google Webtools reports a problem with our HOMEPAGE "/". That page is not 
> redirecting anywhere.
> They also report problems with some 48 other primary sites, none of which 
> redirect to the offending couchtarts.
> 
> matthew black
> information technology services
> california state university, long beach
> 
> 
> 
> 
> -Original Message-
> From: Jeremy Hanmer 
> [mailto:jeremy.han...@dreamhost.com>]
> Sent: Tuesday, June 26, 2012 9:58 PM
> To: Matthew Black
> Cc: 
> nanog@nanog.org>
> Subject: Re: DNS poisoning at Google?
> It's not DNS.  If you're sure there's no htaccess files in place, check your 
> content (even that stored in a database) for anything that might be altering 
> data based on referrer.  This simple test shows what I mean:
> Airy:~ user$ curl -e 'http://google.com' 
> csulb.edu  "-//IETF//DTD HTML 2.0//EN"> 
> 301 Moved Permanently
> 
> Moved Permanently
> The document has moved  href="http://www.couchtarts.com/media.php";>here.
> 
> 
> Running curl without the -e argument gives the proper site contents.
> On Jun 26, 2012, at 9:24 PM, Matthew Black 
> mailto:matthew.bl...@csulb.edu>>>
>  wrote:
> 
>> Running Apache on three Solaris webservers behind a load balancer. No MS 
>> Windows!
>> 
>> Not sure how malicious software could get between our load balancer and Unix 
>> servers. Thanks for the tip!
>> 
>> matthew black
>> information technology services
>> california state university, long beach
>> 
>> 
>> 
>> From: Landon Stewart 
>> [mailto:lstew...@superb.net>]
>> Sent: Tuesday, June 26, 2012 9:07 PM
>> To: Matthew Black
>> Cc: 
>> nanog@nanog.org>
>> Subject: Re: DNS poisoning at Google?
>> 
>> Is it possible that some malicious software is listening and injecting a 
>> redirect on the wire?  We've seen this before with a Windows machine being 
>> infected.
>> On 26 June 2012 20:53, Matthew Black 
>> mailto:matthew.bl...@csulb.edu>>

Re: EBAY and AMAZON

[Bryan Irvine]

Yup. They hope that the message contents are a coincidence and scare
you into seeing (i.e. clicking on..) what's it's about.

This happened to me a few years ago where I changed my ebay password,
and about 30 minutes later got a phishing email that my password
change failed.  So I clicked the link and re-did it.  As soon as I
clicked on the submit button I noticed that the URl I was forwarded to
was to some server in Russia.  /facepalm.

I went and sheepishly changed my ebay password AGAIN that very moment,
with a bit of awe towards the clever con I had fallen into.  Luckily I
noticed.  But how many others didn't?

-B

On Mon, Jun 11, 2012 at 11:07 AM, Scott Brim  wrote:
> I think it's a troll, trying to shock you into clicking on something.
>
> On Mon, Jun 11, 2012 at 2:05 PM, Nick Olsen  wrote:
>
>> I think it might just be coincidence. I've gotten about 10 of them and
>> haven't been to ebay or amazon in months.
>> Most of them have been for >60 dollar books.
>>
>> Nick Olsen
>> Network Operations (855) FLSPEED  x106
>>
>> 
>>  From: "Brandt, Ralph" 
>> Sent: Monday, June 11, 2012 1:28 PM
>> To: nanog@nanog.org
>> Subject: EBAY and AMAZON
>>
>> I have received bogus emails from both of the above on Friday.
>>
>> These look like I bought something that in both cases I did not buy.
>> The EBAY was a golf club for $887 and the Amazon was a novel for $82,
>> far more than I would have spent on either.
>>
>> I think I looked at the novel on Amazon and I remember the golf club
>> came up on a search with something else on Ebay.
>>
>> How this information could get to someone spoofing is a little
>> disconcerting.
>>
>> I have changed EBAY and Paypal Passwords as instructed.
>>
>> Ralph Brandt
>> Communications Engineer
>> HP Enterprise Services
>> Telephone +1 717.506.0802
>> FAX +1 717.506.4358
>> Email ralph.bra...@pateam.com
>> 5095 Ritter Rd
>> Mechanicsburg PA 17055
>>
>>
>>

Re: ipv6 book recommendations?

[Bryan Irvine]

On Tue, Jun 5, 2012 at 7:29 AM, David Hubbard
 wrote:
> Does anyone have suggestions on good books to really get
> a thorough understanding of v6, subnetting, security practices,
> etc.  Or a few books.  Just turned up dual stack with our
> peers and a test network but I'd like to be a lot more
> comfortable with it before looking at our customer network.

Network Warrior.  Sounds a bit silly since it's a bit of an overview
of lots of different things, however it's chapters on IPV6 get right
to the point and helped clear up a lot of things for me.

-B

Re: test-ipv6.com / omgipv6day.com down

[Bryan Irvine]

's/net/com'



On Mon, Jun 4, 2012 at 5:15 PM, Mark Andrews  wrote:
>
> In message , Owen DeLong 
> writes:
>> http://ipv6chicken.net
>>
>> Owen
>
> doesn't exist.
>
> ; <<>> DiG 9.9.1 <<>> ipv6chicken.net
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 5059
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;ipv6chicken.net.               IN      A
>
> ;; AUTHORITY SECTION:
> net.                    879     IN      SOA     a.gtld-servers.net. 
> nstld.verisign-grs.com. 1338855235 1800 900 604800 86400
>
> ;; Query time: 0 msec
> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> ;; WHEN: Tue Jun  5 10:14:40 2012
> ;; MSG SIZE  rcvd: 117
>
>>
>> On Jun 4, 2012, at 4:54 PM, Mark Andrews wrote:
>>
>> >
>> > What's really needed is a service that looks up a given web page
>> > over IPv6 from behind a 1280 byte MTU link and reports if all the
>> > elements load or not.   It dumps a list of elements with success/fail.
>> >
>> > This would be useful to send the idiots that block ICMPv6 PTB yet
>> > send packets bigger than 1280 bytes out too.
>> >
>> > Mark
>> > --
>> > Mark Andrews, ISC
>> > 1 Seymour St., Dundas Valley, NSW 2117, Australia
>> > PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org
>>
> --
> Mark Andrews, ISC
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742                 INTERNET: ma...@isc.org
>

Re: fiber cut in California?

[Bryan Irvine]

Yes. There was a fiber cut. Apparently a construction crew was doing some 
boring and went through some cables. 

Sent from my iPhone

On Apr 19, 2012, at 2:58 PM, Brandon Applegate  wrote:

> On Thu, 19 Apr 2012, Greg Olson wrote:
> 
>> Anyone hear of a fiber cut in California today?
>> 
> 
> I have a customer complaint about degraded performance to a site in China and 
> the path appears to exit Qwest to China Netcom in the LA area.  Also this 
> thread on outages:
> 
> https://puck.nether.net/pipermail/outages/2012-April/003844.html
> 
> I tried calling Qwest (sorry, Centurylink) NOC/support and there was a 
> preemptive recording basically saying there was a huge outage and that hold 
> times may be long.  I had to hang up before they came on to deal with some 
> other things though.
> 
> --
> Brandon Applegate - CCIE 10273
> PGP Key fingerprint:
> 8779 B023 7637 CEC8 C5C6 4052 664D 7E08 3CBB 1739
> "SH1-0151.  This is the serial number, of our orbital gun."
> 
> 
> 

Re: WW: Colo Vending Machine

[Bryan Irvine]

On Fri, Feb 17, 2012 at 10:55 AM, Leo Bicknell  wrote:
> In a message written on Fri, Feb 17, 2012 at 01:35:15PM -0500, Jay Ashworth 
> wrote:
>> Please post your top 3 favorite components/parts you'd like to see in a
>> vending machine at your colo; please be as specific as possible; don't
>> let vendor specificity scare you off.
>
> USB->Serial adapters.  Preferably selected so they are driverless on
> both OSX and Windows. :)

The trick is to look for one that works on OpenBSD.  If it works
there, it will work on Windows, Mac, and Linux.  YMMV. :-)

Re: WW: Colo Vending Machine

[Bryan Irvine]

On Fri, Feb 17, 2012 at 10:40 AM, Jonathan Lassoff  wrote:
> On Fri, Feb 17, 2012 at 10:35 AM, Jay Ashworth  wrote:
>> Please post your top 3 favorite components/parts you'd like to see in a
>> vending machine at your colo; please be as specific as possible; don't
>> let vendor specificity scare you off.
>
> This is a riot! I'd love to have something like this at facilities I'm in.
> Some useful stuff that comes to mind:
>  - Rack screws of various common sizes and threadings
>  - SFPs, GBICs, etc.
>  - Rollover cable / DE-9->8P8P adapter
>  - Screwdrivers
>  - Cross-over Ethernet, patch cables
>  - zip ties, velcro tape, etc.
>  - Label tape

HAHA!  Great list.  Add to this

Cable Tester
Thumb Drive
RJ45s
RJ45 crimper
Box knife
LED flashlights
Blank CDs/DVDs

Re: time sink 42

[Bryan Irvine]

On Thu, Feb 16, 2012 at 1:30 PM, Ricky Beam  wrote:
> On Thu, 16 Feb 2012 16:18:42 -0500, Mike Lyon  wrote:
>>
>> If they are Dell servers, you could always name each host in their BIOS so
>> it shows up on the display of the host.
>
>
> I did that with a batch of sun v20z's... when they got to the colo, no one
> knew which was which until they're powered and the service processor is
> fully booted. (a process that takes several minutes) By then, they've been
> racked in the wrong racks and in the wrong order. :-(  Of course, I've done
> that to myself as well... pull a stack of machines and forget what order
> they were in :-)

And watch for the removable faceplates.  We've been bitten before
after a server move by rebooting a server that had the correct label
but the wrong faceplate.  Now we label the faceplate as well as
underneath of it too.  :-)

-B

Re: How long is your rack?

[Bryan Irvine]

On Sun, Aug 14, 2011 at 1:49 PM, Lyndon Nerenberg (VE6BBM/VE7TFX)
 wrote:
> I hope someone will explain the operational relevance
> of this ...
>
> Sun V100         FreeBSD firewall/border gateway
> Sun V100         Plan 9 kernel porting test bed
> Sun V100         OpenBSD build/test/port box
> Intel 8-core     Solaris fileserver and zones host
> AMDx4            Random OS workstation crash box
> Epia-EK          Plan 9 terminal
> MacBook x        Snow Leopard build/test host
> Intel-mumble-ITX Win2K8.2 development host
> Supermicro XLS7A Plan 9 File server
> Supermicro XLS7A Plan 9 CPU/Auth server
> Sun V100         Oracle (blech) new-Solaris test/porting box
> Sun V100         crashbox for *BSD firewall failover tests
> Sun V100         *BSD ham radio stuff, plus Plan9 terminal
>                 kernal testing.

OK, you've piqued my interest.  What use have you found for Plan 9?

-B

Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?

[Bryan Irvine]

As do some states with automotive registration. It's a quite normal practice. 

-B

On Apr 9, 2011, at 12:19 AM, Jeffrey Lyon  wrote:

> Juniper does this also.
> 
> Jeff
> 
> On Fri, Apr 8, 2011 at 11:51 PM, John Palmer (NANOG Acct)
>  wrote:
>> OK, its been a year since my Barracuda subscription expired. The unit still
>> stops some spam. I figured that I would go and see what they would do if I
>> tried to renew my subscription EXACTLY one year after it expired. Would
>> their renewal website say "Oh, you are at your anniversary date", and renew
>> me for a year?
>> 
>> No such luck: They want me to PAY FOR AN ENTIRE YEAR for which I did NOT
>> receive service and then for the current (upcoming year). Sorry - I don't
>> allow myself to be ripped off like that. Sorry Barracuda - you get no money
>> from me and I'll tell everyone I know about this policy of yours.
>> 
>> I posted an article about this unscrupulous practice on my blog last year at
>> http://www.john-palmer.net/wordpress/?p=46
>> 
>> My question is - does anyone have any suggestions for another e-mail
>> appliance like the Barracuda Spam Firewall that doesn't try to charge their
>> customers for time not used. I should be able to shut off the unit for a
>> year or whatever and simply renew from the point that I re-activate the unit
>> instead of having to pay for back-years that I didn't use.
>> 
>> Thanks
>> 
>> 
>> 
>> 
>> 
>> 
> 
> 
> 
> -- 
> Jeffrey Lyon, Leadership Team
> jeffrey.l...@blacklotus.net | http://www.blacklotus.net
> Black Lotus Communications - AS32421
> First and Leading in DDoS Protection Solutions
> 

Re: IPv4 Address Exhaustion Effects on the Earth

[Bryan Irvine]

On Fri, Apr 1, 2011 at 8:30 PM, Robert Bonomi  wrote:
>
>> Date: Sat, 02 Apr 2011 04:18:00 +0200
>> From: Alexander Maassen 
>> Subject: Re: IPv4 Address Exhaustion Effects on the Earth
>>
>> wil,
>> maybe after all this time you got the router, it gained 7lbs of all the
>> dust in it ?
>
> Consider what happens if the carrier encounters a route reflector --
> flipping the bird??

Also how port mirrors will cause a collision and the bird will die.

Re: so big earthquake in JP

[Bryan Irvine]

On Thu, Mar 10, 2011 at 10:19 PM, Tomoya Yoshida  wrote:
> Japan had so big terrible earthquake

How big?  I see reports of Tokyo, was Kyoto affected?

Re: Alleged backdoor in OpenBSD's IPSEC implementation.

[Bryan Irvine]

On Wed, Dec 15, 2010 at 10:20 AM, Mike.  wrote:
>
> On 12/15/2010 at 9:17 AM Ben wrote:
>
> |On Wed, Dec 15, 2010 at 9:00 AM, Stefan Fouant <
> |sfou...@shortestpathfirst.net> wrote:
> |
> |> > -Original Message-
> |> > From: mikea [mailto:mi...@mikea.ath.cx]
> |> > Sent: Wednesday, December 15, 2010 8:28 AM
> |> > To: nanog@nanog.org
> |> > Subject: Re: Alleged backdoor in OpenBSD's IPSEC implementation.
> [snip]
>  =
>
>
> Another relevant comment from the OpenBSD tech mailing list:
>
>
> http://www.marc.info/?l=openbsd-tech&m=129237675106730&w=2

Also, the original sender of the email confirms he sent it. Also
mentions PF as a target in the follow-up.

http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd

Anyone know the trustworthy-ness of 'csoonline'?

-Bryan

Re: Only 5x IPv4 ... WRONG! :)

[Bryan Irvine]

> In the IPv4 world, people had to deal with the results of their own
> mistakes. In the IPv6 world, it will be your grandchildren and
> great-grandchildren who will have to deal with your mistakes and they
> will thank you for leaving them some real challenges and not trying to
> engineer away their choices.

Nah, they'll be routing their packets over facebook.

http://tools.ietf.org/html/rfc5514


-B

Re: Netflow Tool

[Bryan Irvine]

If you want yours to come with rap videos look at scrutinizer (no I've
not ever used it)

http://www.youtube.com/watch?v=uUPkGvdXDIM
http://www.youtube.com/watch?v=ilxknbKJ0Pc



On Fri, Sep 17, 2010 at 12:45 PM, Scott Berkman  wrote:
> If you want something scalable and commercial (read: with support) check out
> these guys, I have been using it for a while and it has tons of features and
> very flexible reporting (including exports to PDF, CSV, etc):
>
> http://www.netflowauditor.com/
>
> They have a free version as well with limits.
>
>        -Scott
>
> -Original Message-
> From: Mike Gatti [mailto:ekim.it...@gmail.com]
> Sent: Friday, September 17, 2010 2:50 PM
> To: nanog@nanog.org
> Subject: Netflow Tool
>
> Anyone out there using a good netflow collector that has the capability data
> to export to CSV?
> Open Source would be best, but any suggestions are welcome.
>
> Thanks,
> =+=+=+=+=+=+=+=+=+=+=+=+=
> Michael Gatti
> cell.703.347.4412
> ekim.it...@gmail.com
> =+=+=+=+=+=+=+=+=+=+=+=+=
>
>
>
>
>
>
>

Re: Monitoring Tools

[Bryan Irvine]

On Thu, Aug 19, 2010 at 7:37 AM, Scott Berkman  wrote:
> I'd recommend ZenOSS.
>
>        -Scott

+1

-B

Re: Monitoring Tool

[Bryan Irvine]

On Mon, Jun 14, 2010 at 9:49 AM, Thorsten Dahm  wrote:
> Joshua William Klubi wrote:
>>
>> I have been tasked to develop a good network for a Bank and i have also
>> been
>> tasked to get a good monitoring tool for the Bank's local network and
>> Service providers network. i would like to ask the community
>> to help recommend the best tool out there that can help me do this
>
> As others pointed out, without additional information it is hard to give you
> any recommendation.
>
> The usual suspects in the open source world would be nagios, cacti, mrtg,
> netflow, ... in case you want to have something to check it out.
>

I like Zenoss.  It's like nagios and cacti.  It also does syslog, and
the enterprise version does netflows as well.

Re: XO Communications rDNS

[Bryan Irvine]

Call their tech support line.  You can either just give them the name
you want the rDNS to have or have them delegate the range to you.

I've done both with them in the past and tech support was able to handle it.

-Bryan


On Wed, Apr 7, 2010 at 11:50 AM, Jeroen van Aart  wrote:
> I manage some IP space that's provided by an ISP but is "owned" by XO. I am
> trying to have rDNS configured but their contact email (ipad...@eng.xo.com)
> in the whois does not grace me with a response (yet).
>
> Does anyone know if there is a way to get this done or should I just not
> bother and live with it?
>
> Thanks,
> Jeroen
>
>

Re: Books for the NOC guys...

[Bryan Irvine]

On Fri, Apr 2, 2010 at 10:53 AM, Chris Adams  wrote:
> Once upon a time, Michael Thomas  said:
>> All true, but I'd still say there's a special rung in hell for bad perl.
>
> Ehh, bad perl is still more readable than good APL.  At least I can
> reformat the perl! :-)

In my experience bad perl usually consists of using system() a lot to
run shell commands and read the input. Creative well-written perl, now
there's something unreadable and unmaintainable!  :-)



-B

Re: Books for the NOC guys...

[Bryan Irvine]

On Fri, Apr 2, 2010 at 6:02 AM, Express Web Systems
 wrote:
>> So, what are you having your up-and-coming NOC staff read?
>
> While not specifically a NOC book, we find that it lays a great foundation
> to build from (if, perhaps, a bit basic in certain areas):
>
> Network Warrior by Gary A. Donahue
>
> http://www.amazon.com/Network-Warrior-Everything-need-wasnt/dp/0596101511/
>
> This is a great book with an easy to read style.
>

+1 Network Warrior.

-B

Re: YouTube AS36561 began announcing 1.0.0.0/8

[Bryan Irvine]

On Fri, Mar 12, 2010 at 1:34 PM, Kevin Loch  wrote:
> Axel Morawietz wrote:
>>
>> Am 12.03.2010 17:03, schrieb Nathan:
>>>
>>> [...] Its
>>> amazing how prolific 1.x traffic is.
>>
>> one reason might also be, that at least T-Mobile Germany uses 1.2.3.*
>> for their proxies that deliver the content to mobile phones.
>> And I'm not sure what they are doing when they are going to receive this
>> route from external. ;)
>
> If 1.0.0.0/8 has been widely used as de-facto rfc1918 for many years,
> perhaps it is time to update rfc1918 to reflect this?

Cisco has an interesting write-up on this:
http://www.cisco.com/web/about/ac123/ac147/archived_issues/ipj_10-3/103_awkward.html

Re: Need advise for a linux firewall

[Bryan Irvine]

On Thu, Mar 11, 2010 at 11:26 AM, Abdul Nazeer  wrote:
> On 03/11/2010 11:22 AM, gordon b slater wrote:
>> On Thu, 2010-03-11 at 11:00 -0500, Abdul Nazeer wrote:
>>
>>
>>> iptables, but if anyone has any other suggestion, I'd love to hear it.
>>>
>> PFsense, (being freeBSD-based, comes  under your "other" category)
>> It uses the OpenBSD-based pf firewall, with a web-based GUI for almost
>> everything (except maybe console resets). works for me in  several
>> locations, some `heavy and high`.
>>
> Looks interesting. Will give it a shot, thanks!

Great new book on pfsense as well.

http://www.reedmedia.net/books/pfsense/

Re: Problem from Comcast Network to The Planet

[Bryan Irvine]

On Fri, Mar 5, 2010 at 1:33 PM, Zachary Frederick  wrote:
> We have been having a problem emailing to a customer whose server is hosted 
> by The Planet (http://www.theplanet.com/). Our mail server is hosted in-house 
> on a comcast business connection.
>
> IP address of our server is: 173.13.45.23
>
> Customers mail server is: 69.93.203.243
>
> I cannot telnet to port 25 on their server, and they cannot telnet to port 25 
> on ours.
>
> If I try to connect to their mail server from a different network such as my 
> home internet connection, I can connect.
> We do not do any firewalling that would block this in anyway. We were able to 
> send and receive email to them when we used Qwest for our connection, before 
> we switched to Comcast.
>
> Comcast has said the problem is not on their end because it times out at The 
> Planet.
> The Planet doesn't have much interest in speaking with me, because I'm not 
> their customer.
>
> Not sure what to do at this point.

Can you hit the submission port?  (587)

-Bryan

Re: My email recived in incorrect date by hotmail

[Bryan Irvine]

On Wed, Mar 3, 2010 at 11:37 AM, Jorge Amodio  wrote:
> By the virtue of CCITT X.666 Hyperspace Transport Protocol your
> messages have been transported within different space-time
> coordinates, best guess check your PC Real Time Clock.


When working with timezones I always find it best to refer to RFC 2324
3 or 4 times, before reaching any conclusion.

-Bryan

Re: lt2p/pptp vpn concentrators

[Bryan Irvine]

I know someone who's run an OS X server VPN for years without issue.



On Wed, Mar 3, 2010 at 11:58 AM, Leslie  wrote:
> I didn't realize that os x server can run this - and pretty much anyone can
> set up os x in 5 seconds -- anyone have any horror stories?
>
> Bryan Irvine wrote:
>>
>> On Wed, Mar 3, 2010 at 11:52 AM, Leslie  wrote:
>>>
>>> Hey -
>>>
>>> We're currently looking for a small lt2p/pptp concentrator, mainly so
>>> people
>>> can connect via their iphones/androids with some vpn client to get email
>>> on
>>> the go.
>>>
>>> Does anyone have any boxes that they love/hate?
>>
>> Soekris with a copy of pfsense on it.
>>
>> -B
>

Re: lt2p/pptp vpn concentrators

[Bryan Irvine]

On Wed, Mar 3, 2010 at 11:52 AM, Leslie  wrote:
> Hey -
>
> We're currently looking for a small lt2p/pptp concentrator, mainly so people
> can connect via their iphones/androids with some vpn client to get email on
> the go.
>
> Does anyone have any boxes that they love/hate?

Soekris with a copy of pfsense on it.

-B

Re: Linux Router distro's with dual stack capability

[Bryan Irvine]

would pfsense work for you?



On Wed, Feb 10, 2010 at 4:12 PM, Blake Pfankuch  wrote:
> Anyone have some insight on a good dual stack Linux (or BSD) router distro?  
> Currently using IPCop but it lacks ipv6 support.  I've used SmoothWall 
> Express but not in some time and not sure how well it works with IPv6.  Not 
> looking for something huge, just something for the equivalent of a small 
> branch office.  Site to Site VPN support and NAT translation capability for a 
> few public IP addresses to private addresses are the only requirements.  
> Public or private responses are welcome!
>
> Thanks!
> Blake Pfankuch
> Network Engineer
>
>