Re: Scanning the Internet for Vulnerabilities
> On Jun 20, 2022, at 10:02 AM, Michael Butler via NANOG > wrote: > > I treat these folk with the same respect they afford me. Not once in 30 years > of having a connected network (v4 or v6) has any entity asked "is it OK if we > .. ?". Quite the opposite, I once had to endure significant frustration in contacting the organization running a system that kept emailing my abuse contacts about a historical computer I maintained, advising me that my “Insecure CISCO Router” was still accepting “dangerous" telnet connections despite the host’s banner including the text “This system is not a router; The availability of telnet access to this system is intentional.” If you are engaging in mass scanning and are not going to listen to the targets of your scanning please at least pay attention to your results.
Re: Network visibility
> On Oct 20, 2021, at 4:59 PM, Mel Beckman wrote: > > For several years we had UCSB’s IMP control panel hanging in our office as a > wall decoration (it belonged to Larry Green, one of the UCSB IMPlementors). I > still have the manuals. The actual IMP with 56Kbps modem was in a huge rack > with lifting eyes for a fork lift, and weighed about 500 lbs. Every IMP had a > unique customized host interface, which packetized bit-serial data from the > host over the host’s usually proprietary I/O bus. I know of at least one actual hardware PDP-10 (Not PDP-11) that is still connected to the public internet. Mine will be if/when I ever get it working.
Re: Never push the Big Red Button (New York City subway failure)
> On Sep 17, 2021, at 8:59 AM, Sean Donelan wrote: > > It is possible to design a data center WITHOUT using those electrical code > exceptions, and WITHOUT a "Big Red Button." > > You can check, because my data center ideas were copied by several tech > companies world-wide (you know who you are), and don't have Big Red Buttons. > All of those data centers also have water-based automatic fire sprinklers. > Both were very radical ideas at the time, which are now commonly accepted. > > In most cases, you'll need a fully licensed, Professional Engineer > specializing in Electrical Engineering to sign off on the final design. A > licensed electrician isn't enough. Nevertheless, it is possible to build a > safe, code-compliant data center WITHOUT a Big Red Button. The design also > seemed to be more reliable. What’s the gain in _not_ having one that makes it worth the sign-off and hassle? Just avoiding the possibility of accidental activation or something I’m not thinking of?
Re: Never push the Big Red Button (New York City subway failure)
> On Sep 15, 2021, at 2:20 PM, Fred Baker wrote: > > One of the many stories that came out of 9/11 was a switching center in NY > City that had a diesel generator as a power backup - which of course acted as > primary when the city power is off. After a few days of operation, it needed > to be refueled, so a truck was sent in carrying gasoline. The generator was > refueled and restarted, and - oops - diesel != gasoline. So then they needed > to bring in a new generator. > > Yup, it happens, and it happened. I distinctly remember something like this - Someone built a datacenter with large fuel storage tanks in the basement and the actual generators up on the roof, or some higher floor. It was tested several times, everything seemed to be working as expected, and life went on. Then one day the power went out, the generators came on, but after about 10 minutes the generators started to crap out. It was then discovered that they had forgotten to include the transfer pumps for getting the fuel up from the basement to the generators in the list of things powered by said generators…
Re: Never push the Big Red Button (New York City subway failure)
> On Sep 15, 2021, at 10:58 AM, Adam Thompson wrote: > > Now I'm curious... in all of the DCs and COs I've worked in - to the best of > my knowledge, I haven't personally tested this! - the EPO button does not > switch to emergency power. It turns off ALL equipment power in the space - > no lights, no klaxons, nothing. In simpler setups, the EPO is connected to > the UPS so anything plugged in to the UPS does dark instantly. In one DC I'm > familiar with, the EPO switch kills all the UPS output and uses several > relays to kill commercial power at the same time. > In some, the room lights were not covered by the EPO switch, in some they > were. Emergency exit lamps will continue to be lit, as they have internal > batteries, and are required by building/fire code. It was always my understanding EPO was to be used for “We have an electrical fire and need to remove the source RFN”, not “we need to be on the redundant power instead of city power and don’t want to wait for the automatic transfer”.
Re: DoD IP Space
> On Feb 26, 2021, at 7:50 PM, Mel Beckman wrote: > > IPv6. The protocol of the future, and always will be :) “Why be part of the solution when there’s good money to be made in prolonging the problem?”
Re: Weather Service faces Internet bandwidth shortage, proposes limiting key data
> On Dec 10, 2020, at 7:27 AM, Mel Beckman wrote: > > This is either some kind of bizarre political maneuver, or bureaucrats at NWS > need to be seriously fired and replaced with competent people who‘s tech jobs > have been waylaid by Covid. Not bizarre at all. NWS directly competes with AccuWeather. AccuWeather has plenty of lobbyists and bipartisan political support. Anything that harms NWS helps AccuWeather. This is why a former CEO of AccuWeather almost became the head of the NWS for the specific purpose of ensuring it a ceased to be a threat to AccuWeather.
Re: Reminiscing our first internet connections (WAS) Re: akamai yesterday - what in the world was that
> On Jan 24, 2020, at 5:26 PM, Ben Cannon wrote: > > I started what became 6x7 with a 64k ISDN line. And 9600 baud modems… Hayes Smartmodem here, 1200 baud. Local BBS offered PPP service. When I got my first sysadmin job, $work had a T1 and it felt like more speed than was fair…
Re: Cogent & FDCServers: Knowingly aiding and abetting fraud and theft?
> On Oct 12, 2019, at 12:22 PM, Seth Mattinen wrote: > > How exactly is it punishment that BGP needs an AS number? It’s not. I was objecting to the implication that if someone announces a prefix that has not been transferred to their ownership it is fraudulent or shady, and as a consequence I should be forced to surrender my addresses since I can’t announce them myself.
Re: Cogent & FDCServers: Knowingly aiding and abetting fraud and theft?
> On Oct 11, 2019, at 6:28 AM, Stephane Bortzmeyer wrote: > > I nitpick, but "never transferred the block" is not the same thing as > "never authorized Cogent to announce it”. This should not be just a “nitpick". AT announces our extremely legacy ARIN allocation for us because we do not qualify to have an ASN, but I absolutely did not, will not, and *have actively resisted attempts to* transfer the block to them. I would sooner have my gums tattooed than give up my address space. Having an ASN was not a requirement when we were allocated the resource, and I don’t see why we should be punished for being early adopters.
Re: IPv6 Thought Experiment
> On Oct 2, 2019, at 4:04 PM, Nick Hilliard wrote: > > Antonios Chariton wrote on 02/10/2019 17:33: >> What if, globally, and starting at January 1st, 2020, someone (imagine a >> government or similar, but with global reach) imposed an IPv4 tax. For every >> IPv4 address on the Global Internet Routing Table, you had to pay a tax. >> Let’s assume that this can be imposed, must be paid, and cannot be avoided >> using some loophole. Let’s say that this tax would be $2, and it would >> double, every 3 or 6 months. > > Interesting idea. Let's say it started off at $2 / month and doubled every 3 > months. At the end of month 12, it would be $32/month. After 5 years, we'd > be talking about just over $2 million per IP address per month, i.e. a little > over half a billion dollars per /24. What happens when v4 is gone? Surely you won’t let it end there - After all, If you have the ability and infrastructure to do this, why not tax IPv6 too? This would cut down on the number of “undesirables" on the internet by pricing it out of the reach of all but the largest megacorporations. Eventually we can reduce the internet to a few dozen authorized parties in each region and we’ll only need enough IP addresses for those. I can imagine a number of governments around the world would be very interested in this.
Re: Spamming of NANOG list members
I just got one of these and have not posted in a long time. They must be crawling archives.
Re: Comcast Support (from NANOG Digest, Vol 84, Issue 23)
On Feb 24, 2015, at 10:27 AM, Kain, Rebecca (.) bka...@ford.com wrote: Ah, Comcast support. Those people who keep calling my Ford Motor Company phone, to threaten to shut off service to my home, which I don't have (I have uverse). They keep saying they will take my Ford number off the account (which of course, I don't know the account number because I don't have an account) and then they call again, with the same threat. Real winners. And yes, I've been saving the chats with support. Is it actually Comcast calling or is it just a debt collector saying they are Comcast? We have been getting at about a call a day for the past 5+ years looking for a Fred Sepp that skipped out on a $300 water bill. Each time they say they won’t call back, each time they sell the account to someone else. They’ll probably still be looking for him in another 5 years.
Re: Marriott wifi blocking
On Oct 3, 2014, at 10:45 PM, Hugo Slabbert h...@slabnet.com wrote: Jay, Killing hotspots of completely discrete networks because $$$ is heinous. I had extended this to e.g.: It’s not just Marriott doing this; A friend of mine went to a convention near DC and found the venue was doing something like this. I don’t know if the method was the same, but he reported that any time he connected to his phone he would be disconnected “nearly immediately. He mentioned this to a con staffer and was told you had to rent internet access from the venue, it cost several hundred dollars per day. Same for electricity, about which he was told “If you have to ask how much it costs, you cannot afford it.”
Re: ARIN WHOIS for leads
On Jul 25, 2013, at 6:20 PM, Scott Weeks sur...@mauigateway.com wrote: I'd be interested in knowing who it is, so I can be sure to never buy from them. This is the way to go. Spammers and telemarketers don't do what they do for fun or malice, they do so because it's profitable. If people would stop buying from them and boycott them instead, they would stop. Anyone who buys from a spammer or telemarketer is just as guilty of perpetuating the problem as those who are building spam botnets or abusing insecure PBXes.
Re: Comcast vs. Verizon for repair methodologies
Comcast annoys me. I never have any problems with the people you get when you call in, or the tech support people, but their contractors STINK. At home the Comcast line boxes serving the apartments aren't even closed. They just sit open and fill up with rain until things crap out. The contractor eventually turns up when the packet loss hits 90% or so. We were out of service for weeks at a time. Even after I reported it Comcast corporate can't seem to get the contractor to give enough of a shit to close things up properly. It hasn't crapped out in awhile but we've had a drought. I'm sure it'll start acting up again once fall gets here. At the office we have a similar issue. They've been bombarding us with ads non-stop, even now, we get a new Comcast ad about twice a week. In mid-June we ordered a line as a backup for our other line and to replace the phone service because the budget is tight. They told us we'd have service by the end of the month. We arranged for the telco to drop Long Distance service on the lines at that time to keep the numbers live in case there was a delay in porting out. (Telco said they'd drop the service but then went ahead billed us for it anyway, but that's another story). Anyway, Comcast contractor shows up to do their pre-wire inspection and tells me they don't have service anywhere near here and it will take them a month to pull a wire here before they can start. So we wait more. Week before last the boss calls Comcast to ask where our line is. Turns out they've lost our LOA and need us to re-send it. We do. They schedule another tech and give us an install date a week later (end of last week). We wait for the tech, but he never shows. So we call Comcast to ask where the tech is. He closed the ticket without showing up, saying it would take them another 3 months to get service here. We haven't decided if we're going to wait more or just cancel the contract and eat whatever penalty is involved. I get the feeling they want us to cancel so they don't have to build out. I really can't see this ending well for us. On Aug 21, 2012, at 10:00 AM, Robert E. Seastrom r...@seastrom.com wrote: You're lucky. Verizon did a great job installing mine (ONT on the backboard I put in the basement for them, handoff on ethernet rather than MOCA, etc) but somehow never managed to get around to dispatching anyone to actually install the permanent fiber drop (despite multiple calls). Fast-forward four months. I'd narrowly avoided messing up the temporary fiber with the lawnmower (going so far as to put orange paint on the lawn myself), but no such luck when they harvested the corn next door. Yes, my fiber got cut by a combine. You can't make this stuff up. Second time around, they did in fact manage to get the fiber buried, where I wanted it even. Had to meet with the construction survey guy, who was more than happy to put the white paint where I wanted it. -r Thomas Nadeau tnad...@lucidvision.com writes: My VZ FioS install was similarly fantastic. Those guys have figured out that spending a little more time, effort and cable (cat6 in the case of VZ) goes a long, long way in keeping customers happy. --Tom On Aug 20, 2012:7:43 PM, at 7:43 PM, Randy Bush ra...@psg.com wrote: on bainbridge, i replaced centurystink dsl (756k/256k for $65/mo) with comcast (20m/4m for $50/mo). the installer was a knarly old dog, and damned competent. he cleaned up old cable on the pole and where it went underground to the house. he cleaned up the box and replaced in-house junctions. then he accidentally left 8m of coax to get from the in-wall cable outlet to my 'puter area, and rode off in his white van into the sunset. now if i could get that kind of professionalism from twt in hawaii ... randy
Re: Well Lookie Here, Barracuda Networks tries to get me to fall into their trap again...
On Dec 21, 2011, at 1:09 PM, Edward Dore wrote: On 21 Dec 2011, at 18:46, Nathan Eisenberg wrote: In fact, it's not. If you miss your renewal payment for, frex, Safari books, they actually slip your cycle date to when you renew -- since you don't *get* the service between the expire date and the renew date, I concur with his appraisal that you shouldn't be paying for it, either. If in fact, the service *kept working* for a short time when an overlooked payment was missed, it would be a different story. But, effectively, he's a new client, and should probably be treated that way. Assuming the paid service is actually *the update service*. I also disagree with your proposition that this is off-topic for NANOG, really. I've always strongly felt that this was a rather foul business practice, wherever I've seen it. The justification for it is the utterly misguided belief that, if allowed to, customers will pay for a month then cancel their subscription and 'coast' on the 'current' version of the signature for a year. This approach suffers from (at least) two fundamental flaws: 1) The entire customer base are treated as hostile. It is no surprise that they resent this. (Assumption: having resentful customers is bad) 2) Spam is, perhaps moreso than ever, a rapidly evolving threat. The effectiveness of signatures declines dramatically with time, which means that August's signatures have little value by December. [By the way, it seems to me that if they're willing to charge for valueless signatures, that represents either A) doubt as to the value of the current signatures, or B) disbelief in the decreasing value of out of date signatures.] While I realize that car insurance might not be the best analogy subject, imagine if you put your car on blocks, went off to college and allowed the insurance to lapse whilst you were there. When you return, the insurance company wants you to pay the last three years of insurance in order to reactivate your policy. That companies customers would react in the same way: they would find a new provider to do business with, rather than pay out for a valueless bit of smoke and mirrors. Nathan Eisenberg Are you turning your anti-spam appliance off whilst choosing not to pay for the maintenance? If not, then I'd argue that a better analogy would be that you don't pay for your car insurance but continue to drive your car around until you have an accident, at which point you try to take out a new policy so that you are covered. Whilst I can see the argument for the likes of signature updates, where you aren't receiving the service in the period that you haven't paid for (unless the signature update system is seriously broken), these kind of maintenance renewals for appliances normally also include software support and hardware repair/replacement. If the companies don't backdate the maintenance renewal, then you would end up with lots of companies only purchasing the maintenance on an ad-hoc basis and that will just make the renewals more expensive for those of us that actually pay attention to when our subscriptions to due to expire and how much they will cost to renew in order accurately predict cash flow. rant Besides, treating your customers like thieves and/or forcing disagreeable conditions on them is all the rage now! Everyone knows they can screw customers as hard as they like because everyone else is going to screw them just as hard, and if you aren't screwing them hard enough, well that's just wasted potential right there! Don't worry about them leaving for another provider - They all do it! I mean, look at the airlines: Company profits in the toilet, customer satisfaction so low they're trying to get Congress involved, crew pay at the lowest on record, and the salaries of the upper management is the highest in the history of the industry! Just think, if you screw your customers hard enough, YOU could be NEXT sitting on that huge pile of cash in the top of your ivory tower pissing down on the public! For example, I have a large pile of content that I have paid for but cannot access anymore because their various copy protection schemes are no longer supported or no longer run on modern machines. Next to that I have a smaller but increasingly growing stack of content I paid for but REFUSE to access due to provisions hidden in the EULA requiring me to display advertisements and/or install spyware on my computer. You can't read the EULA before purchase and you can't return the purchase for a refund if you refuse the EULA. (That's right, you can sell AD-SUPPORTED software that customers pay FULL RETAIL PRICE for! They whine and complain on the internet, but believe you me, when the next iteration comes out, they'll line up to buy it!) I could resort to illegal hacks that disable the DRM or remove the ads, but that is a federal offense and a security
Re: Cable standards question
On Nov 14, 2011, at 8:42 AM, Sam (Walter) Gailey wrote: The vendor will provide fiber connectivity between (building A) and (building B). Vendor will be responsible for all building penetrations and terminations. When installing the fiber-optic cable the vendor will follow the appropriate TIA/EIA 568 standards for fiber-optic cabling. Any suggestions or examples of language would be very appreciated. Offlist contact is probably best. Is it appropriate to just say When installing fiber-optic cable the vendor will ensure the resulting installation does not suck.? That would seem to me to be the most direct solution to the problem. I mean, standards are all well and good, but what if the standard sucks? Then you'd be up a creek. Maybe there should be a legal definition of the concept of suck, so that suckage could be contractually minimized.
Re: (OT) Firearms Was: UN declares Internet access a human right
On Jun 6, 2011, at 8:41 AM, valdis.kletni...@vt.edu wrote: Nice try, but the human right you just made a case for is the right to rid yourself of criminals and despots. A fundamental right for citizens to have firearms does *not* automatically follow. Yes, despots usually need to be removed by force. What Ghandi showed was that the force didn't have to be military - there are other types of force that work well too... I believe that as a law-abiding citizen, I should have the right to be at least as well-armed as the average criminal. If the average criminal has access to firearms, then I should have that option as well. I should not be forced into a disadvantage against criminals by virtue of my compliance with the law. Once law enforcement is effective enough to prevent the average criminal from having access to firearms, then the law-abiding population can be compelled to disarm. This stance can result in an escalation scenario in which criminals strive to remain better-armed than their intended victims, but the job of law enforcement is to prevent them from being successful. At present, the average criminal in my area does not have firearms, and so I do not own one. Gun crime is on the increase, however, so this situation may change.
Re: Post-Exhaustion-phase punishment for early adopters
On Feb 4, 2011, at 1:11 PM, Bill Woodcock wrote: No, and in fact, I believe all the RIRs will probably do a reasonably brisk business in reclamation and reallocation, albeit in ever smaller blocks. As holder of a small block, this scares and irritates me. It scares me that I might lose my autonomy and future expansion through no fault of my own, and it irritates me that the reason I may be forced to give up my address space will probably be to satisfy the internet's desperate need for more spam cannons.
Re: Post-Exhaustion-phase punishment for early adopters
On Feb 4, 2011, at 3:51 PM, Patrick W. Gilmore wrote: I'm a little confused. Sounds like the things you are talking about all fall into the if you are using your block category, so he shouldn't worry. ARIN should not reclaim a block that is in use. Unless I am confused? (Happens a lot, especially as I get older.) How many addresses do I have to be using for it to count as in use? How high will that number go in the next few months/years? We have a very old /24 direct allocation from the stone age, when we were a dialup ISP. The company still exists, we just aren't providing dialup service anymore. We still have a couple of our web-hosting customers, but for the most part we've moved on to running an unrelated web-based service. Having our own address space is nice because it means we don't have to worry about stepping on anyone's AUP, we can go multi-homed later as the usage goes up, and we don't have to worry about running out of space as the web service grows. The problem is that while we met the eligibility requirements for an ipv4 direct allocation back when we got it, the requirements have changed over time and we no longer meet the eligibility requirements for an ipv4 direct allocation. (We've shrunk quite a bit) As demand for the remaining ipv4 addresses goes up, ARIN might decide that since we're ineligible for an allocation under the current rules, we're no longer eligible to maintain the space we have, and take it away from us. As the remaining space gets smaller, I expect that the number needed to justify keeping my addresses is going to go up. I fear I'm already on thin ice.
Re: Some truth about Comcast - WikiLeaks style
On Dec 16, 2010, at 11:53 AM, Backdoor Parrot wrote: Earlier this morning a Comcast peering manager had the following things to say about the recent NANOG thread, in a public IRC channel with many witnesses: (snip) With all due respect, logs or GTFO. I can find no mention of this outside of your email. I would expect there to be quite a few mentions of such a statement made in a public IRC channel with many witnesses.
Re: Abuse@ contacts
On Dec 7, 2010, at 10:39 AM, Gavin Pearce wrote: After a weekend of heavy spam last month, we decided to fire some reports over to the abuse contacts for each relevant IP or domain - some US/Europe based, others from more obscure locations. We've not had a reply from any of the reports sent over, other than some automated bounces. Each report from us contained detailed information about IP, date, headers, spam content, relevant ranges etc ... How many of you (honestly) actively manage and respond to abuse@ contact details listed in WHOIS? Or have had any luck with abuse@ contacts in the past? Who's good and who isn't? I answer ours, and I've sent a few abuse complaints (sometimes in error...) I haven't kept count, but I'd say I get an answer at least 50% of the time.
Re: Interesting IPv6 viral video
On Oct 28, 2010, at 4:38 PM, Jack Bates wrote: On 10/28/2010 4:32 PM, Zaid Ali wrote: Yes it is. When do marketing people get it right? I actually think the fun hasn't begun yet. Wait till CNN/FOX etc makes this a big issue and claim the internet is going to come to an end then folks with clue will have to go on TV and calm the hysteria. Why would someone with clue want to calm the hysteria? I've had hysterical moments dealing with v6 transitions. Come to and end? Nah. Be a really rough ride? Unless things change, probably. Wait, if there's no transition to ipv6, the internet will end? And all our piracy and information control problems will end with it? That's just grand! Quick, pass a law against ipv6 adoption! Mandatory death penalty! Why didn't anyone think of this sooner? (NOW who says you can't put the genie back in the bottle? Stupid eggheads! :)
Re: Hey Leber - you think Melissa is going to issue that refund properly or do we need to escalate this into legal actions against HE
On Oct 12, 2010, at 10:47 AM, todd glassey wrote: Mike Leber - I have been waiting for a response from Melissa in your accounting department... I have a collection of stuffed bunnies and Hello Kitty paraphernalia, and I still think jokes about farts are funny, but even I'm not childish enough to think pulling this kind of a stunt is even remotely acceptable. Now if you'll excuse me, I have a bunch of pictures of cute kittens that need copy-pasting.
Re: What must one do to avoid Gmail's overachieving spam filtering?
On Sep 29, 2010, at 4:08 PM, Ryan Hayes wrote: Can you please not use the word retarded in a pejorative sense? The word please is probably not required, since using that word in this manner is prosecutable hate speech in some jurisdictions.
Re: Micro-allocation needed?
ATT announces ours. It just took a little bit of prodding to get the sales people to ask the appropriate technical people. We have a very old ARIN-allocated /24 but we have only one upstream, so we have no AS number of our own. On Jun 21, 2010, at 4:42 PM, Ask Bjørn Hansen wrote: On Jun 21, 2010, at 23:34, William Pitcock wrote: On Mon, 2010-06-21 at 23:32 +0200, Ask Bjørn Hansen wrote: Hi everyone, We're going to anycast a /24 for some DNS servers (and possibly another UDP based service)[1]. I see that ARIN are listing on https://www.arin.net/knowledge/ip_blocks.html the smallest allocations from each prefix. Will we have trouble getting a /24 announced if we take it from a regular /20? No, you can split up allocations as you want, provided you can prove you own them. Some providers however, won't announce anything smaller than a /24. I guess to rephrase my question: Are there (a significant number of) providers that will filter a /24 announcement from an ARIN prefix not in the list of prefixes where they allocate /24 blocks. (I take it from what you wrote that the answer is No). - ask