from:"Joseph Snyder"

Re: The state of TACACS+

2014-12-29 Thread joseph . snyder

Change the root when any senior person leaves.  It shouldn't be known to a 
large set of staff members.  During the bubble burst rifs we were changing them 
on 40k+ devices every week.  Make sure you verify the pass before disconnecting 
the login acct making the change.  Also make sure you understand the AAA 
process well when trying to do this so that you don't lock yourself out.

On December 29, 2014 10:32:51 AM EST, Colton Conor colton.co...@gmail.com 
wrote:
Scott,

Thanks for the response. How do you make sure the failsafe and/or root
password that is stored in the device incase remote auth fails can't be
accessed without having several employees engaged? Are there any
mechanisms
for doing so?

My fear would be we would hire an outsourced tech. After a certain
amount
of time we would have to let this part timer go, and would disabled his
or
her username and password in TACAS. However, if that tech still knows
the
root password they could still remotely login to our network and cause
havoc. The thought of having to change the root password on hundreds of
devices doesn't sound appealing either every time an employee is let
go. To
make matters worse we are using an outsourced firm for some network
management, so the case of hiring and firing is fairly consistent.

On Mon, Dec 29, 2014 at 9:22 AM, Scott Helms khe...@zcorum.com wrote:

 Colton,

 Yes, that's the 'normal' way of setting it up.  Basically you still
have
 to configure a root user, but that user name and password is kept
locked up
 and only accessed in case of catastrophic failure of the remote
 authentication system.  An important note is to make sure that the
fail
 safe password can't be accessed without having several people engaged
so it
 can't be used without many people knowing.


 Scott Helms
 Vice President of Technology
 ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms
 

 On Mon, Dec 29, 2014 at 10:15 AM, Colton Conor
colton.co...@gmail.com
 wrote:

 We are able to implement TACAS+. It is my understanding this a
fairly old
 protocol, so are you saying there are numerous bugs that still need
to be
 fixed?

 A question I have is TACAS+ is usually hosted on a server, and
networking
 devices are configured to reach out to the server for
authentication. My
 question is what happens if the device can't reach the server if the
 devices network connection is offline? Our goal with TACAS+ is to
not have
 any default/saved passwords. Every employee will have their own
username
 and password. That way if an employee gets hired/fired, we can
enable or
 disable their account. We are trying to avoid having any
organization wide
 or network wide default username or password. Is this possible? Do
the
 devices keep of log of the last successful username/password
combinations
 that worked incase the device goes offline?

 On Sun, Dec 28, 2014 at 5:02 PM, Robert Drake rdr...@direcpath.com
 wrote:

  Picking back up where this left off last year, because I
apparently only
  work on TACACS during the holidays :)
 
 
  On 12/30/2013 7:28 PM, Jimmy Hess wrote:
 
  Even 5 seconds extra for each command may hinder operators, to
the
 extent
  it would be intolerable; shell commands should run almost
  instantaneously  this is not a GUI, with an hourglass.  
Real-time
  responsiveness in a shell is crucial --- which remote auth should
not
  change.   Sometimes operators paste a  buffer with a fair number
of
  commands,  not expecting a second delay between each command --- 
a
  repeated delay, may also break a pasted sequence.
 
  It is very possible for two of three auth servers to be
unreachable,
 in
  case of a network break, but that isn't necessary.  The
response
  timeout  might be 5 seconds,  but in reality, there are cases
where
 you
  would wait  longer,  and that is tragic,   since there are some
obvious
  alternative approaches that would have had results  that would be
more
  'friendly'  to the interactive user.
 
  (Like remembering which server is working for a while,   or
remembering
  that all servers are down -- for a while,  and having a  50ms 
timeout,
with all servers queried in parallel,  instead of a 5 seconds
 timeout)
 
  I think this needs to be part of the specification.
 
  I'm sure the reason they didn't do parallel queries was because of
both
  network and CPU load back when the protocol was drafted.  But it
might
 be
  good to have local caching of authentication so that can happen
even
 when
  servers are down or slow.  Authorization could be updated to send
the
  permissions to the router for local handling. Then if the server
dies
 while
  a session is open only accounting would be affected.
 
  That does increase the vendors/implementors work but it might be
doable
 in
  phases and with partial support with the clients and servers
negotiating
  what is possible.  The biggest drawback to making things like this
 better
  is you don't gain

Re: Andros Island Connectivity?

2013-04-30 Thread joseph . snyder

Doesn't cable Bahamas sell in andros

Warren Bailey wbai...@satelliteintelligencegroup.com wrote:

I suggested VSAT. Probably the quickest and cheapest.


Sent from my T-Mobile 4G LTE Device



 Original message 
From: Mike Lyon mike.l...@gmail.com
Date: 04/30/2013 1:35 PM (GMT-08:00)
To: Aaron C. de Bruyn aa...@heyaaron.com,memb...@wispa.org
Cc: NANOG mailing list nanog@nanog.org
Subject: Re: Andros Island Connectivity?


Aaron,

Cross-posting this over to the WISPA list to see if there are any
Wireless
ISPs over there that can help you.

-Mike



On Tue, Apr 30, 2013 at 1:28 PM, Aaron C. de Bruyn
aa...@heyaaron.comwrote:

 I just had a client drop an interesting requirement on me.

 They are on Andros Island (Bahamas) for about a year.  I'm working on
 getting an exact address from the adminisphere above me, but all I've
been
 told so far is they are 'near the naval base'.

 They just called and said We need internet access yesterday.

 None of the people on-site are technical, and all their data is
accessed
 via RDP on a server in the United States.

 Having never been there, I have no idea if it's like downtown San
Francisco
 where the internet grows on trees, or if it's like the Sahara desert
which
 might require dragging your own fiber in on camelback...

 Does anyone have pointers on who to talk to or how I can get them
internet
 access?

 -A




--
Mike Lyon
408-621-4826
mike.l...@gmail.com

http://www.linkedin.com/in/mlyon

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: Typical additional latency for CGN?

2012-10-08 Thread joseph . snyder

Owen DeLong o...@delong.com wrote:


On Oct 7, 2012, at 3:18 PM, Cameron Byrne cb.li...@gmail.com wrote:

 On Oct 7, 2012 1:48 PM, Tom Limoncelli t...@whatexit.org wrote:
 
 Have there been studies on how much latency CGN adds to a typical
 internet user?   I'd also be interested in anecdotes.
 
 
 Anecdote. Sub-millasecond, with full load. (gigs and gigs) . CGN does
not
 meaningfully add latency. CGN is not enough of a factor to impact
happy
 eyeballs in a way that improves ipv6 use.
 
 I've seen theoretical predictions but by now we should have
 measurements from early-world deployments.
 
 
 Most mobile providers have been doing what is commonly called cgn for
5 to
 10 years. CGN is not a new concept or implementation for mobile.
 

True, but, as we have discussed before, mobile users, especially in the
US,
have dramatically lowered expectations of internet access from their
mobile
devices vs. what they expect from a household ISP.

We expect half the services we want to be crippled by mobile carriers
because
they don't like competition. We file lawsuits when that happens on our
terrestrial connections.

Owen

Except now you have to do mediation, since class action lawsuits are now null 
and void. :)
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

RE: guys != gender neutral

2012-09-29 Thread joseph . snyder

Intention is everything, words are only part of it.  If you can't determine 
intention and you get upset then it is you that has the problem.  Ask or let it 
go and assume the best intentions.  The world be a lot better off if we all did 
this.

Lorell Hathcock lor...@hathcock.org wrote:

We may not all be guys.  We may not all be gals.  But we are definitely
all
CLOWNS.  This is a substitution that should be acceptable to all and it
really works.

Sales-clown.  Yep!
Mail-clown.  Yep!
Fire-clown. Yep!
Police-clown.  Yep!
Congress-clown.  Yep!  Yep!

-Original Message-
From: Landon Stewart [mailto:lstew...@superb.net] 
Sent: Thursday, September 27, 2012 3:56 PM
To: Owen DeLong
Cc: nanog@nanog.org
Subject: Re: guys != gender neutral

On 27 September 2012 11:34, Owen DeLong o...@delong.com wrote:

 When did people stop being an acceptable gender-neutral substitute 
 for {guys,gals}?

 Owen


Using the word 'people' is good but I like to say 'humans'.

What's up humans?
Can I get you humans to drink?

This rarely offends anyone.

--
Landon Stewart lstew...@superb.net
Sr. Administrator
Systems Engineering
Superb Internet Corp - 888-354-6128 x 4199 Web hosting and more Ahead
of
the Rest: http://www.superbhosting.net

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: IPv6 Ignorance

2012-09-17 Thread joseph . snyder

I agree with the way you are looking at it.  I know it sounds impressive to 
talk about hosts, but in ipv6 all that matters is how many subnets do I have 
and how clean are my aggregation levels to avoid large wastes of subnets.  Host 
addressing is not an issue or concern.  So to talk about 128 bits instead of 
the reality of the 64 is silly.


Owen DeLong o...@delong.com wrote:


On Sep 16, 2012, at 20:23 , Randy Bush ra...@psg.com wrote:

 [ yes, there are a lot of idiots out there.  this is not new.  but ]
 
 We are totally convinced that the factors that made IPv4 run out of
 addresses will remanifest themselves once again and likely sooner
than
 a lot of us might expect given the Reccomendations for Best
 Practice deployment.
 
 while i am not totally convinced, i am certainly concerned.  we are
 doing many of the same things all over again.  remember when rip
forced
 a homogenous, often classful, mask length in a network and we chewed
 through /24s?  think /64 in ipv6, except it's half the bits not 1/4
of
 them.  remember when we gave out As and Bs willy nilly?  look at the
 giant swaths of v6 we give out today in the hopes that someone will
 deploy it.
 
 and don't bs me with how humongous the v6 address space is.  we once
 though 32 bits was humongous.
 
 randy

We thought 32 bits was humongous in the context of a research project
that would connect universities, research institutions and some
military
installations.

In that context, 32 bits would still be humongous.

Our estimation of humongous didn't change, the usage of the network
changed dramatically. The experiment escaped from the laboratory
and took on a life of its own. Once that happened, the realization that
32 bits wasn't enough was very nearly immediate.

The IPv6 address space offers 61 bits of network numbers each of which
holds up to 64 bits worth of hosts. Obviously you never want to fill
one
of those subnets (nor could you with any available hardware), but it
means
that you don't have to waste time thinking about rightsizing network
assignments.

I won't say we will never run out of IPv6 address space, but I will say
that I'll be surprised if IPv6 doesn't hit a different limit first.

Guess what... If it turns out that our current behavior with respect to
IPv6
addresses is ill-advised, then, we have 6+ more copies of the current
IPv6 address space where we can try different allocation strategies.

Rather than fretting about the perils of using the protocol as
intended,
let's deploy it, get a working end-to-end internet and see where we
stand.

Owen

-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: using reserved IPv6 space

2012-07-14 Thread joseph . snyder

If it is a hostile lab environment, then pre decide on the address space to be 
used by the company and auto include that into all production routers policies 
to drop it like a hot potatoes covered in lava.

Brandon Ross br...@pobox.com wrote:

On Fri, 13 Jul 2012, Owen DeLong wrote:

 On Jul 13, 2012, at 4:24 PM, Randy Bush wrote:

 keep life simple. use global ipv6 space.

 randy

 Though it is rare, this is one time when I absolutely agree with Randy.

It's even more rare for me to agree with Randy AND Owen at the same time.

-- 
Brandon Ross Yahoo  AIM: BrandonNRoss
+1-404-635-6667 ICQ: 2269442
Schedule a meeting: https://tungle.me/bross Skype: brandonross

Re: job screening question

2012-07-06 Thread joseph . snyder

I agree. Let the person talk do a few probing questions based off what they 
say. If you yourself have any value you should be able to tell if they have a 
chance.

Also I would prefer someone who says I don't know for sure but maybe something 
along these lines, and then wants to know the right answer. Passion is also 
important, if you are willing to hire someone who is in it for just a paycheck, 
save yourself the headache and get a contractor.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Matthew Palmer mpal...@hezmatt.org wrote:

On Thu, Jul 05, 2012 at 11:04:05PM -0400, Robert E. Seastrom wrote:
 Diogo Montagner diogo.montag...@gmail.com writes:
  For screening questions (for 1st level filtering), IMO, the questions
  has to be straight to the point, for example:
 
  1) What is the LSA number for an external route in OSPF?
 
  This can have two answer: 5 or 7. So, I will accept if the candidate
  answer 5, 7 or 5 and 7. Later on (the next level of the interview), a
  techinical interviewer will chech if the candidate understand the
  differences of LSA 5 and 7.
 
 Frankly, this feels a bit like asking what the 9th byte in an IP
 header is used for (it's TTL, but who's, uh, counting?) -- That's why
 God gave us packet analyzers should be counted as an acceptable
 answer. If not, you'll find yourself skipping over plenty of
 extremely well qualified candidates in favor of those who have crammed
 recently for some sort of exam in hopes of compensating for their
 short CV.

Ugh, I know someone (thankfully no longer a current colleague) who ardently
*defends* his use of questions like what does the -M option to ps do? on
the basis that any senior person who knows what they're doing should know
all the options to ps!. No, you useless tit, anyone who knows what they're
doing should know how to read a bloody manpage.

Trivia tests get you hiring people who know trivia. Knowing trivia has it's
productivity benefits, but if you can't apply it, it's useless.

- Matt

-- 
Politics and religion are just like software and hardware. They all suck,
the documentation is provably incorrect, and all the vendors tell lies.
-- Andrew Dalgleish, in the Monastery

Re: ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!

2012-06-17 Thread joseph . snyder

It's about time and cost. If it's an emergency situation, trying to guess who 
might own the address waste time to get confirmation, if it is a complete 
guessing game. Then a warrant has to be gotten. You need to know who to put on 
the warrant to make a request.

Cameron Byrne cb.li...@gmail.com wrote:

But whois info is really the linchpin for LEAs trying to find criminals?

I find that very hard to believe.

CB

Re: Dear Linkedin,

2012-06-09 Thread joseph . snyder

My biggest problem still is the multiple computer issue.  I am on at least 3-5 
physical computers and 1-20 virtual machines, and 2 cellphones a day.  I 
honestly do not want to store a database of passwords encrypted or not on an 
open service.  

As I have never had a virus or malware on any of my computers in the last 20 
something years I trust my local machine/network more.  The problem is it 
creates a distribution problem that is painful and tedious to deal with.  

So I stick with 10-15 long reasonably secure passwords that get used for stuff 
that just doesn't matter because there is an assumed no security (facebook, 
linkedin, whatever, and honestly who cares if this stupid stuff is hacked, its 
really just to avoid the hassle it would cause) and 1 unique password per 
critical sites (bank, benefits, financials).  I store them on a local 3x3 
levels of encrypted virtual drives with (2) 32-48 remembered passwords to 
access them just in case I forget any. 

Then I lock the 2 passwords up in a safe in a sealed envelope just in case 
something happens to me.

 If you are cautious on what and where you use them you honestly only need to 
change the criticals once a year or if there is a security event, heck outside 
of the bank account, I almost never login to any of the other accounts except 
to change the password.

And for all other internet stuff, who cares, the assumption is it will be 
hacked, don't put stuff on the open internet that you don't want the entire 
world to know.

Re: Quad-A records in Network Solutions ?

2012-03-28 Thread Joseph Snyder

I agree, but in a big company it generally would cost at least 10s of thousands 
of dollars just for training alone. The time away from the phones that would 
have to be covered would exceed that. Let's say you had 8000 phone staff and 
they were getting $10/be and training took an hour. That is 80k coverage 
expenses alone. For a large company I would expect a project budget of at least 
250k minimal. And probably more if the company exceeds 50,000 employees.

Arturo Servin arturo.ser...@gmail.com wrote:


Another reason to not use them.

Seriusly, if they cannot expend some thousands of dollars (because it 
shouldn't be more than that) in touching code, (hopefully) testing that code, 
deploying it, training customer support staff to answer questions, updating 
documentation, etc. I cannot take them as a serious provider for my names.

Regards,
.as

On 28 Mar 2012, at 21:16, John T. Yocum wrote:

 
 
 On 3/28/2012 12:13 PM, Carlos Martinez-Cagnazzo wrote:
 I'm not convinced. What you mention is real, but the code they need is
 little more than a regular expression that can be found on Google and a
 20-line script for testing lames. And a couple of weeks of testing, and
 I think I'm exaggerating.
 
 If they don't want to offer support for it, they can just put up some
 disclaimer.
 
 regards,
 
 Carlos
 
 
 On 3/28/12 3:55 PM, David Conrad wrote:
 On Mar 28, 2012, at 11:47 AM, Carlos Martinez-Cagnazzo wrote:
 I'm not a fan of conspiracy theories, but, c'mon. For a provisioning
 system, an  record is just a fragging string, just like any other
 DNS record. How difficult to support can it be ?
 
 Of course it is more than a string. It requires touching code, (hopefully) 
 testing that code, deploying it, training customer support staff to answer 
 questions, updating documentation, etc. Presumably Netsol did the 
 cost/benefit analysis and decided the potential increase in revenue 
 generated by the vast hordes of people demanding IPv6 (or the potential 
 lost in revenue as the vast hordes transfer away) didn't justify the 
 expense. Simple business decision.
 
 Regards,
 -drc
 
 
 
 
 That's assuming their system is sanely or logically designed. It could be a 
 total disaster of code, which makes adding such a feature a major pain.
 
 --John

Re: Muni Fiber

2012-03-25 Thread Joseph Snyder

Hmm even most urban environments aren't worth deploying in or are probably 
marginal profit. So I would expect 30-45% of population of the US to not be 
worth or marginally worth deploying. I am assuming most urban less than 250k 
and probably spread out. Not to mention to provide transit without services to 
residential is a margins game to begin with and without at least a 20-30% take 
rate it probably isn't worth the cost of l3 infrastructure. On the other hand 
for actual dense urban environments it makes perfect sense as long as the are 
willing to maintain it.

I see the possibilities, but have a gut feeling it would become a political 
mess and unreliable, not to mention cost us more than we pay now.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Leo Bicknell bickn...@ufp.org wrote:

In a message written on Sun, Mar 25, 2012 at 05:29:04PM +0100, Nick Hilliard 
wrote:
 most of the expense of laying fibre is associated with ducting + wayleave.
 Once you have that in place, blowing new fibre is relatively inexpensive.
 So rather than amortising the cost according to the lifetime of the fibre,
 it makes much more sense to amortise over the lifetime of the ducting.

Maybe.

In rural deployments it's much more likely the fiber is aerial,
it's far cheaper to attach to existing poles with few cables on
them than it is to bury the fiber.

Even in urban areas where buried duct is the norm, being able to
use old ducts varies a lot with the geography and how active the
area is to other development. I've seen plenty of ducts where it
had been cut and repaired several times before use that running a
new cable through it was impossible and it simply had to be replaced.
In other locations 20 years later a new cable goes through like
butter.

But I think it's all a bit of a tangent; when talking about
_residential_ fiber it's prudent to run 2-6 strands to every home
day one, and then, well, there's basically never a point in running
more. The chance of blowing more fiber down the duct later is near
zero. It's also why I'm not a fan of *PON schemes, eliminate the
splitter and run a single star topology. 20 years from now Petabit
optics will look different than today's GigE in some way, but I'll
bet money they are tuned to run on single mode fiber. They may not
like the splitters and the like though. By doing a star back to a
wiring center you enable all technologies. GPON today, direct GigE
or 10GE where necessary, and all future technologies.

-- 
Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/

Re: last mile, regulatory incentives, etc (was: att fiber, et al)

2012-03-24 Thread Joseph Snyder

Any details on how much this cost, maybe I just missed it in the article. 40k. 
It sounds interesting but in the US this would only make sense in cities and 
most people don't live in MDUs. Where I live a lot of peoples driveways are a 
mile or two long.

Marcel Plug marcelp...@gmail.com wrote:

This article from arstechnica is right on topic. Its about how the
city of Amsterdam built an open-access fibre network. It seems to me
this is the right way to do it, or at least very close to the right
way..

http://arstechnica.com/tech-policy/news/2010/03/how-amsterdam-was-wired-for-open-access-fiber.ars

-Marcel

On Fri, Mar 23, 2012 at 11:35 PM, valdis.kletni...@vt.edu wrote:
 On Fri, 23 Mar 2012 14:18:26 -1000, Michael Painter said:

 The indication of above average or below average is based on a comparison 
 of the actual test result to the current NTIA
 definition of broadband which is 768 kbps download and 200 kbps upload. Any 
 test result above the NTIA definition is
 considered above average, and any result below is considered below average.

 That's the national definition of broadband that we're stuck with.  To show
 how totally cooked the books are, consider that when they compute percent of
 people with access to residential broadband, they do it on a per-county basis
 - and if even *one* subscriber in one corner of the county has broadband, the
 entire county counts.

Re: last mile, regulatory incentives, etc (was: att fiber, et al)

2012-03-24 Thread Joseph Snyder

Lol too early in the morning, that much for so few, but if you are going to
govt fund copper replacement, it's probably the way to go. Not sure how costly
that would be in the US since even in the cities there are a lot of duplexes.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Joseph Snyder joseph.sny...@gmail.com wrote:

Any details on how much this cost, maybe I just missed it in the article. 40k.
It sounds interesting but in the US this would only make sense in cities and
most people don't live in MDUs. Where I live a lot of peoples driveways are a
mile or two long.

Marcel Plug marcelp...@gmail.com wrote:

This article from arstechnica is right on topic. Its about how the
city of Amsterdam built an open-access fibre network. It seems to me
this is the right way to do it, or at least very close to the right
way..

http://arstechnica.com/tech-policy/news/2010/03/how-amsterdam-was-wired-for-open-access-fiber.ars

-Marcel

On Fri, Mar 23, 2012 at 11:35 PM, valdis.kletni...@vt.edu wrote:
On Fri, 23 Mar 2012 14:18:26 -1000, Michael Painter said:

The indication of above average or below average is based on a comparison
of the actual test result to the current NTIA
definition of broadband which is 768 kbps download and 200 kbps upload. Any
test result above the NTIA definition is
considered above average, and any result below is considered below average.

That's the national definition of broadband that we're stuck with. To show
how totally cooked the books are, consider that when they compute percent of
people with access to residential broadband, they do it on a per-county basis
- and if even *one* subscriber in one corner of the county has broadband, the
entire county counts.

Re: last mile, regulatory incentives, etc (was: att fiber, et al)

2012-03-24 Thread Joseph Snyder

For those who didn't Google it.

http://www.ftthcouncil.org/en/knowledge-center/case-studies/amsterdam-city-fiber-project-analysis
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Joseph Snyder joseph.sny...@gmail.com wrote:

Marcel Plug marcelp...@gmail.com wrote:

http://arstechnica.com/tech-policy/news/2010/03/how-amsterdam-was-wired-for-open-access-fiber.ars

-Marcel

On Fri, Mar 23, 2012 at 11:35 PM, valdis.kletni...@vt.edu wrote:
On Fri, 23 Mar 2012 14:18:26 -1000, Michael Painter said:

Re: last mile, regulatory incentives, etc (was: att fiber, et al)

2012-03-24 Thread Joseph Snyder

USF is more of a free for all get ISPs to build in 80% of the locations that
nobody would build in their right mind vs a mini monopoly model for l2 that I
equate this with.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Owen DeLong o...@delong.com wrote:

We've been funding it for years without getting it because of the stupid way in
which it has been funded.

I suggest you look into USF in more detail.

Owen

On Mar 24, 2012, at 6:06 AM, Joseph Snyder wrote:

Lol too early in the morning, that much for so few, but if you are going to
govt fund copper replacement, it's probably the way to go. Not sure how
costly that would be in the US since even in the cities there are a lot of
duplexes.
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Joseph Snyder joseph.sny...@gmail.com wrote:

Any details on how much this cost, maybe I just missed it in the article.
40k. It sounds interesting but in the US this would only make sense in cities
and most people don't live in MDUs. Where I live a lot of peoples driveways
are a mile or two long.

Marcel Plug marcelp...@gmail.com wrote:

http://arstechnica.com/tech-policy/news/2010/03/how-amsterdam-was-wired-for-open-access-fiber.ars

-Marcel

On Fri, Mar 23, 2012 at 11:35 PM, valdis.kletni...@vt.edu wrote:
On Fri, 23 Mar 2012 14:18:26 -1000, Michael Painter said:

That's the national definition of broadband that we're stuck with. To show
how totally cooked the books are, consider that when they compute percent of
people with access to residential broadband, they do it on a per-county
basis
- and if even *one* subscriber in one corner of the county has broadband, the
entire county counts.

Re: Verizon FiOS - is BGP an option?

2012-03-14 Thread Joseph Snyder

I will just say no on all parts of this current part of the conversation and 
leave it at that.

- j

Curtis Maurand cmaur...@xyonet.com wrote:

On 3/14/2012 9:00 PM, Robert E. Seastrom wrote:
 Christopher Morrowmorrowc.li...@gmail.com writes:

 On Wed, Mar 14, 2012 at 8:14 PM, Robert E. Seastromr...@seastrom.com wrote:
 Faisal Imtiazfai...@snappydsl.net writes:

 I am not familiar with VZ's FIOS network...
 however I suspect that if they are using a Redback at the Headend, it
 would allow you to have a 'bridge' network with secure arp
 settings. (it's a feature that we have seen on Redback's...)
 AFAIK Verizon does not use Redback/Ericsson stuff for FIOS and never has.

 A cursory survey of two (older, BPON, Tellabs) builds found ethernet
 OUI 00:90:1a, i.e. Juniper ERX.
 yes, all edge boxes for FIOS are ERX... better support for CALEA there
 was one of the major drivers.
 So it was _one_ of the drivers, but was it a more major driver than
 for the love of God, not Redback!? :)

the last I knew, Verizon was an Alcatel house for switching and Alcatel 
managed to get tcp/ip into their switching gear. so I'm left to wonder.

--C

Re: Megaupload.com seized

2012-01-22 Thread Joseph Snyder

I would disagree, to me I would guess that the court would interpret the 
disabling of access or removal to refer to the material and not the url. The 
url is just a reference to the material in question. If you build a bashing 
system that does not let you comply with the law, that becomes your problem, 
not the courts. If you show good faith explain the issue and propose a 
reasonable timeline to resolve the issue or show financial hardship and appeal 
to the court for more time, then you can avoid, a lot of headaches.

Nick B n...@pelagiris.org wrote:

I just made the brain melting mistake of trying to read the DMCA. The text
which jumps out at me is:

`(2) EXCEPTION- Paragraph (1) shall not apply with respect to material
residing at the direction of a subscriber of the service provider on a
system or network controlled or operated by or for the service provider
that is removed, or to which access is disabled by the service provider,
pursuant to a notice provided under subsection (c)(1)(C), unless the
service provider--


`(A) takes reasonable steps promptly to notify the subscriber that it
has removed or disabled access to the material;


`(B) upon receipt of a counter notification described in paragraph (3),
promptly provides the person who provided the notification
under subsection
(c)(1)(C) with a copy of the counter notification, and
informs that person
that it will replace the removed material or cease disabling
access to it
in 10 business days; and


`(C) replaces the removed material and ceases disabling access to it not
less than 10, nor more than 14, business days following receipt of the
counter notice, unless its designated agent first receives
notice from the
person who submitted the notification under subsection
(c)(1)(C) that such
person has filed an action seeking a court order to restrain
the subscriber
from engaging in infringing activity relating to the material on the
service provider's system or network.



I'm about 90% sure that in a fair court, it would be concluded that
disabling the reported URL qualifies as disabling access to the material.
The court might then issue an injunction to, in the future, disable *all*
*possible* access to the material, but that's not the current text of the
law. YMMV
Nick B

On Sun, Jan 22, 2012 at 11:58 AM, Roland Perry 
li...@internetpolicyagency.com wrote:

 In article 596B74B410EE6B4CA8A30C3AF1A15**5ea09c8c...@rwc-mbx1.corp.**
 seven.com596b74b410ee6b4ca8a30c3af1a155ea09c8c...@rwc-mbx1.corp.seven.com,
 George Bonser gbon...@seven.com writes

 The problem is going to be the thousands of people who have now lost
 their legitimate files, research data, personal recordings, etc. that
 they were using Megaupload to share.


 But that's an operational risk of using any commercial entity as a
 filestore. Thousands of people lost[1] a lot of work when 
 fotopic.netcollapsed:
 http://en.wikipedia.org/wiki/**Fotopic.nethttp://en.wikipedia.org/wiki/Fotopic.net;

 [1] As it's getting on for a year since an apparent rescue attempt, and
 nothing has emerged, this seems a reasonable assumption.
 --
 Roland Perry

Re: VZ FiOS DNS issues:

2012-01-22 Thread Joseph Snyder

Try a full rebind on your cpe or power cycle, whichever is easier. This seems 
to have worked for a few on the forums.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

James Laszko jam...@mythostech.com wrote:


On Jan 22, 2012, at 8:11 AM, Jamie Bowden ja...@photon.com wrote:

 
 Any Verizon techs around today? I don't know why you can't pass DNS traffic 
 this morning, but it's the second time in as many weeks as it has been an 
 issue, and it's rather annoying (Google is the example, but the exact same 
 failure happens using any destination, on VZ's own or any other public DNS 
 servers, phone support are of course, useless):

Have a look at:

http://forums.verizon.com/t5/FiOS-Internet/DNS-issues-in-SoCal/td-p/393781/page/11

Are you by chance in So Cal? VZ has been having some serious pot holes on their 
information super highway of late.


Regards,


James Laszko
Mythos Technology Inc


 
 C:\Users\jamietracert -d 71.252.0.12
 
 Tracing route to 71.252.0.12 over a maximum of 30 hops
 
 1 1 ms 1 ms 1 ms 192.168.2.254
 2 1 ms 1 ms 1 ms 192.168.1.1
 3 8 ms 9 ms 13 ms 96.231.199.1
 4 14 ms 9 ms 9 ms 130.81.183.118
 5 9 ms 9 ms 9 ms 130.81.151.232
 6 9 ms 9 ms * 130.81.20.19
 7 11 ms 9 ms 9 ms 71.252.0.12
 
 Trace complete.
 
 C:\Users\jamienslookup www.google.com 71.252.0.12
 Server: nsrest01.verizon.net
 Address: 71.252.0.12
 
 DNS request timed out.
 timeout was 2 seconds.
 DNS request timed out.
 timeout was 2 seconds.
 DNS request timed out.
 timeout was 2 seconds.
 DNS request timed out.
 timeout was 2 seconds.
 *** Request to nsrest01.verizon.net timed-out
 
 C:\Users\jamietracert -d 8.8.8.8
 
 Tracing route to 8.8.8.8 over a maximum of 30 hops
 
 1 1 ms 1 ms 1 ms 192.168.2.254
 2 1 ms 1 ms 1 ms 192.168.1.1
 3 7 ms 8 ms 9 ms 96.231.199.1
 4 8 ms 9 ms 8 ms 130.81.183.118
 5 9 ms 28 ms 10 ms 130.81.22.56
 6 8 ms 9 ms 9 ms 152.63.36.237
 7 20 ms 19 ms 19 ms 152.63.0.153
 8 21 ms 18 ms 18 ms 152.63.21.73
 9 41 ms 47 ms 49 ms 152.179.72.66
 10 17 ms 18 ms 19 ms 209.85.255.68
 11 * * * Request timed out.
 12 * * * Request timed out.
 13 22 ms 19 ms 19 ms 72.14.236.200
 14 20 ms 31 ms 18 ms 216.239.49.145
 15 18 ms 19 ms 19 ms 8.8.8.8
 
 Trace complete.
 
 C:\Users\jamienslookup www.google.com 8.8.8.8
 Server: google-public-dns-a.google.com
 Address: 8.8.8.8
 
 DNS request timed out.
 timeout was 2 seconds.
 DNS request timed out.
 timeout was 2 seconds.
 DNS request timed out.
 timeout was 2 seconds.
 DNS request timed out.
 timeout was 2 seconds.
 *** Request to google-public-dns-a.google.com timed-out
 
 C:\Users\jamie

Re: Inaccessible network from Verizon, accessible elsewhere.

2011-12-11 Thread Joseph Snyder

I believe 130.81 is blocked. Traceroute to your gateway address.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

NetSecGuy netsec...@gmail.com wrote:

I should have included reverse traces to begin with. No firewall on VPS.

Trace from the VPS to a router close to me.

traceroute to 130.81.199.4 (130.81.199.4), 64 hops max, 40 byte packets
1 106.187.33.2 (106.187.33.2) 1 ms 0 ms 0 ms
2 124.215.199.121 (124.215.199.121) 6 ms 1 ms 13 ms
3 59.128.4.121 (59.128.4.121) 2 ms otejbb204.kddnet.ad.jp
(124.215.194.177) 2 ms 2 ms
4 lajbb001.kddnet.ad.jp (203.181.100.14) 126 ms 100 ms
lajbb002.kddnet.ad.jp (203.181.100.22) 162 ms
5 ix-la1.kddnet.ad.jp (59.128.2.70) 108 ms ix-la1.kddnet.ad.jp
(59.128.2.178) 102 ms 102 ms
6 lap-brdr-03.inet.qwest.net (63.146.26.69) 99 ms 101 ms 99 ms
7 63.146.26.210 (63.146.26.210) 99 ms 101 ms 99 ms
8 0.ae3.XL3.LAX15.ALTER.NET (152.63.113.186) 102 ms 102 ms 101 ms
9 * * *
10 * * *

Tracer from VPS to a router close to my other location, not Verizon.

traceroute to 4.59.244.49 (4.59.244.49), 64 hops max, 40 byte packets
1 106.187.33.2 (106.187.33.2) 1 ms 1 ms 1 ms
2 124.215.199.121 (124.215.199.121) 9 ms 1 ms 1 ms
3 59.128.4.121 (59.128.4.121) 2 ms otejbb204.kddnet.ad.jp
(124.215.194.177) 9 ms 59.128.4.121 (59.128.4.121) 2 ms
4 lajbb001.kddnet.ad.jp (203.181.100.18) 108 ms
lajbb002.kddnet.ad.jp (203.181.100.22) 101 ms 101 ms
5 ix-la2.kddnet.ad.jp (59.128.2.102) 116 ms 116 ms
ix-la2.kddnet.ad.jp (59.128.2.186) 125 ms
6 xe-11-3-0.edge2.LosAngeles9.Level3.net (4.53.228.13) 111 ms 101 ms 101 ms
7 vlan70.csw2.LosAngeles1.Level3.net (4.69.144.126) 110 ms
vlan90.csw4.LosAngeles1.Level3.net (4.69.144.254) 108 ms
vlan60.csw1.LosAngeles1.Level3.net (4.69.144.62) 103 ms
8 ae-63-63.ebr3.LosAngeles1.Level3.net (4.69.137.33) 110 ms 117 ms
ae-73-73.ebr3.LosAngeles1.Level3.net (4.69.137.37) 108 ms
9 ae-4-4.ebr4.Washington1.Level3.net (4.69.132.82) 178 ms 180 ms 166 ms
10 ae-64-64.csw1.Washington1.Level3.net (4.69.134.178) 174 ms 166 ms 166 ms
11 ae-62-62.ebr2.Washington1.Level3.net (4.69.134.145) 172 ms 165 ms 172 ms
12 ae-8-8.car2.Baltimore1.Level3.net (4.69.134.106) 181 ms 174 ms 174 ms
13 ae-11-11.car1.Baltimore1.Level3.net (4.69.134.109) 181 ms * 174 ms

RE: Inaccessible network from Verizon, accessible elsewhere.

2011-12-11 Thread Joseph Snyder

I hope it's not an outdated martian problem firewall or route filter. For the 
Traceroute from linode to FiOS, Traceroute to the FiOS gateway address.
-- 
Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Network IP Dog network.ip...@gmail.com wrote:

From 90701 - Artesia, CA. FIOS

No Go here too!!!



C:\WINDOWS\system32tracert 106.187.34.1

Tracing route to gw-li377.linode.com [106.187.34.1]
over a maximum of 30 hops:

1 22 ms 34 ms 1 ms Tomato [192.168.100.1]
2 49 ms 1 ms 1 ms Verizon [192.168.1.1]
3 36 ms 6 ms 6 ms L100.LSANCA-VFTTP-114.verizon-gni.net
[173.58.21
1.1]
4 24 ms 9 ms 9 ms G0-9-1-4.LSANCA-LCR-21.verizon-gni.net
[130.81.1
85.72]
5 24 ms 9 ms 8 ms so-4-1-0-0.LAX01-BB-RTR1.verizon-gni.net
[130.81
.151.246]
6 24 ms 9 ms 8 ms 0.ae1.BR3.LAX15.ALTER.NET [152.63.2.129]
7 38 ms 8 ms 8 ms ae6.edge1.LosAngeles9.level3.net
[4.68.62.169]
8 25 ms 10 ms 10 ms 63.146.26.70
9 24 ms 9 ms 8 ms lajbb001.kddnet.ad.jp [59.128.2.173]
10 24 ms 9 ms 8 ms lajbb001.kddnet.ad.jp [59.128.2.181]
11 140 ms 110 ms 108 ms otejbb203.kddnet.ad.jp [203.181.100.9]
12 140 ms 124 ms 111 ms cm-fcu203.kddnet.ad.jp [124.215.194.164]
13 * * * Request timed out.
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * * Request timed out.
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request timed out.
24 * ^C
C:\WINDOWS\system32tracert 106.187.34.33

Tracing route to li377-33.members.linode.com [106.187.34.33]
over a maximum of 30 hops:

1 22 ms 1 ms 1 ms Tomato [192.168.100.1]
2 31 ms 1 ms 1 ms Verizon [192.168.1.1]
3 51 ms 10 ms 11 ms L100.LSANCA-VFTTP-114.verizon-gni.net
[173.58.21
1.1]
4 42 ms 9 ms 33 ms G0-9-1-4.LSANCA-LCR-21.verizon-gni.net
[130.81.1
85.72]
5 40 ms 15 ms 9 ms so-4-1-0-0.LAX01-BB-RTR1.verizon-gni.net
[130.81
.151.246]
6 31 ms 8 ms 8 ms 0.ae1.BR3.LAX15.ALTER.NET [152.63.2.129]
7 61 ms 10 ms 16 ms lap-brdr-03.inet.qwest.net [63.146.26.209]
8 31 ms 10 ms 10 ms 63.146.26.70
9 31 ms 9 ms 9 ms lajbb001.kddnet.ad.jp [59.128.2.173]
10 31 ms 9 ms 8 ms lajbb001.kddnet.ad.jp [59.128.2.181]
11 125 ms 118 ms 109 ms otejbb203.kddnet.ad.jp [203.181.100.9]
12 156 ms 111 ms 143 ms 124.215.199.122
13 126 ms 112 ms 137 ms 124.215.199.122
14 * * * Request timed out.
15 * * * Request timed out.
16 * * * Request timed out.
17 * * ^C
C:\WINDOWS\system32


E = 4:32  Cheers!!!

-Original Message-
From: Lee [mailto:ler...@gmail.com] 
Sent: Sunday, December 11, 2011 6:44 AM
To: NetSecGuy
Cc: nanog@nanog.org
Subject: Re: Inaccessible network from Verizon, accessible elsewhere.

On 12/10/11, NetSecGuy netsec...@gmail.com wrote:
 I have a Linode VPS in Japan that I can't access from Verizon FIOS,
 but can access from other locations. I'm not sure who to blame.

I can't get to 106.187.34.33 or 106.187.34.1 using Verizon FIOS

C:\tracert 106.187.34.33

Tracing route to li377-33.members.linode.com [106.187.34.33]
over a maximum of 30 hops:
[.. snip ..]
5 23 ms 4 ms 4 ms
so-14-0-0-0.RES-BB-RTR2.verizon-gni.net [130.81.22.56]
6 73 ms 6 ms 7 ms 0.ae2.BR2.IAD8.ALTER.NET [152.63.34.73]
7 8 ms 6 ms 7 ms dcp-brdr-03.inet.qwest.net [63.146.26.105]
8 8 ms 9 ms 9 ms sl-crs1-dc-0-1-0-0.sprintlink.net
[144.232.19.229]
9 28 ms 26 ms 44 ms sl-crs1-dc-0-5-3-0.sprintlink.net
[144.232.24.37]
10 177 ms 176 ms 177 ms lajbb001.kddnet.ad.jp [59.128.2.173]
11 43 ms 41 ms 42 ms sl-crs1-oma-0-9-2-0.sprintlink.net
[144.232.2.177]
12 291 ms * 301 ms cm-fcu203.kddnet.ad.jp [124.215.194.164]
13 286 ms 279 ms 282 ms 124.215.199.122
14 81 ms 81 ms 82 ms sl-crs1-sj-0-5-3-0.sprintlink.net
[144.232.20.99]
15 88 ms 86 ms 87 ms sl-st20-pa-9-0-0.sprintlink.net
[144.232.8.108]
16 405 ms 406 ms 399 ms 144.223.243.126
17 364 ms 386 ms 406 ms pajbb001.kddnet.ad.jp [111.87.3.41]
18 * * * Request timed out.
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * ^C

C:\tracert 106.187.34.1

Tracing route to gw-li377.linode.com [106.187.34.1]
over a maximum of 30 hops:
[.. snip ..]
5 5 ms 24 ms 24 ms so-3-1-0-0.RES-BB-RTR2.verizon-gni.net
[130.81.151.232]
6 7 ms 7 ms 7 ms 0.ae2.BR2.IAD8.ALTER.NET [152.63.34.73]
7 8 ms 7 ms 7 ms dcp-brdr-03.inet.qwest.net [63.146.26.105]
8 84 ms 84 ms 84 ms lap-brdr-03.inet.qwest.net [67.14.22.78]
9 171 ms 174 ms 176 ms 63.146.26.70
10 178 ms 177 ms 177 ms lajbb001.kddnet.ad.jp [59.128.2.173]
11 283 ms 284 ms 284 ms otejbb203.kddnet.ad.jp [203.181.100.9]
12 289 ms 287 ms 287 ms cm-fcu203.kddnet.ad.jp [124.215.194.164]
13 * * * Request timed out.
14 83 ms 81 ms 82 ms sl-crs1-sj-0-12-0-1.sprintlink.net
[144.232.9.224]
15 * * * Request timed out.
16 403 ms 407 ms 404 ms 144.223.243.126
17 * * * Request timed out.
18 501 ms 499 ms 501 ms
otejbb203.kddnet.ad.jp.100.181.203.in-addr.arpa [203.181.100.137]
19 * * * Request timed out.
20 * * * Request timed out.
21 * * * Request timed out.
22 * * * Request timed out.
23 * * * Request

Re: The state of TACACS+

Re: Andros Island Connectivity?

Re: Typical additional latency for CGN?

RE: guys != gender neutral

Re: IPv6 Ignorance

Re: using reserved IPv6 space

Re: job screening question

Re: ZOMG: IPv6 a plot to stymie FBI !!!11!ONE!

Re: Dear Linkedin,

Re: Quad-A records in Network Solutions ?

Re: Muni Fiber

Re: last mile, regulatory incentives, etc (was: att fiber, et al)

Re: last mile, regulatory incentives, etc (was: att fiber, et al)

Re: last mile, regulatory incentives, etc (was: att fiber, et al)

Re: last mile, regulatory incentives, etc (was: att fiber, et al)

Re: Verizon FiOS - is BGP an option?

Re: Megaupload.com seized

Re: VZ FiOS DNS issues:

Re: Inaccessible network from Verizon, accessible elsewhere.

RE: Inaccessible network from Verizon, accessible elsewhere.

20 matches

Site Navigation

Mail list logo

Footer information