Re: Spamhaus flags any IP announced by our ASN as a criminal
> Date: Mon, 20 Mar 2023 14:15:08 -0700 > From: Randy Bush > Subject: Re: Spamhaus flags any IP announced by our ASN as a criminal network > (...) > > we reject automagically on spamhaus, mail-abuse.org, and sorbs. really > appreciate their services. > > randy > Sorbs? Really? *doh* #m
Re: SMS Gateway
> From: Leonardo Arena> To: Graham Johnston > Cc: "'nanog@nanog.org'" > > Il giorno lun, 14/09/2015 alle 14.53 +, Graham Johnston ha scritto: > > Today we use a product from MultiTech Systems call MultiModem iSMS to > send SMS text messages from our monitoring system to our on call staff. > This is a 2G product and we need to replace it soon. I know there are more > generic cellular modems that can do texting if you are willing to put in > the effort, the product we use currently though has a simple HTTP based > API specifically to send SMS. Is anybody out there using something similar > that can work on 3G or 4G networks? > > > > Here we use SMSTools (http://smstools3.kekekasvi.com/) on a Linux box > with a Multitech Serial/USB modem. It takes formatted text files from a > spooling directory. It never let us down since some years. +1 for smstools. and I'd add playsms.org grab yourself a compatible USB 3G stick which you can switch to a modem. eg a HUAWEI E1762 should work. You might want to look into a device with an antenna plug so you can put the antenne out of your cabinet for better reception. martin
Re: Windows 10 Release
From: Joe Greco jgr...@ns.sol.net Subject: Re: Windows 10 Release You can download an ISO and burn it to install... Guessing if your upgrading multiple machines, that would be the way to go... You don't even need to burn it to install. Just mount the ISO and run setup.exe I've searched, but have not found anything about it: Are you allowed to redistribute the .iso to the open public? If yes, this might save some smaller networks some bandwidth. Martin
RE: Windows 10 Release
From: STARNES, CURTIS [mailto:curtis.star...@granburyisd.org] https://www.microsoft.com/en-us/software-download/windows10 is the download URL. This site launches the Download Tool so the ISO can be downloaded from Microsoft. Yeah, I know. But is it allowed to redistribute the .iso File(s)? Might help to save downloading some GB ... martin
help with CF card on Catalyst 6500 with Sup720
Hi, can anyone provide a dd-image from a CF card from a Catalyst 6500 with Sup720, please. We have a refurbished 6500 w/ Sup720-3BXL with an old rommon which is not able to format a CF card. (various other methods with formatting FAT16 on Linux etc. did not work; google search only pointed to format within a running system, but we do not have such a system nearby) IOS image is already present. any help appreciated. thanks, martin
RE: Need trusted NTP Sources
I'm trying to help a company I work for to pass an audit, and we've been told we need trusted NTP sources (RedHat doesn't cut it). Being located in Nigeria, Africa, I'm not very knowledgeable about trusted sources therein. Please can anyone help with sources that wouldn't mind letting us sync from them? given that you trust the US-government (well, ...) you might use your own stratum 1 server using a Raspberry Pi with GPS. here is a well done how-to: http://open.konspyre.org/blog/2012/10/18/raspberry-pi-time-server/ I still need some spare time to get it running, all parts are here, but within my office location I have a bad GPS signal reception, so I have to do it at home. So build your own stratum 1 server (maybe a second one with DCF77 or whatever you can use for redundancy), off from these servers build 2 or more stratum 2 timeservers for redistribution to offload your stratum 1 servers. http://clepsydratime.com/Products/Time-Server-NTS3000 is a cool alternative. They are located in Poland, IIRC. And this box sells for less than 2,000 euros (this price is 2 years old). And it gives you GPS (USA), Glonass (Russia) and DCF77 (land based). One of the best Timeservers are sold by meinberg.de just my 2 euro-cents. #m
RE: carrier comparison
My questions are: - Will we be sacrificing quality if we spring for Cogent? (yesterday's Cogent/Verizon thread provided some cold chills for my spine) Jehova! Popcorn! :-) We used Cogent for some time. We dropped them, but not for poor quality (au contraire) but for other more complex reasons. IMHO, Cogent is far better than many say (any many of them only from 'knowledge' from word of mouth), Cogent has some oddities that you have to deal with, yust like with almost all other transit providers. Having said that: I don't want to be single homed again. hth, martin
Mikrotik Cloud Core Router and BGP real life experiences?
Hi, looking at the specs of Mikrotik Cloud Core Routers it seems to be to good to be true [1] having so much bang for the bucks. So virtually all smaller ISPs would drop their CISCO gear for Mikrotik Routerboards. We are using a handful of Mikrotik boxes, but on a much lower network level (splitting networks; low end router behind ADSL modem, ...). We're happy with them. So I am asking for real life experience and not lab values with Mikrotik Cloud Core Routers and BGP. How good can they handle full tables and a bunch of peering sessions? How good does the box react when adding filters (during attacks)? Reloading the table? etc. etc. I am looking for _real_ _life_ values compared to a CISCO NPE-G2. Please tell me/us from your first hand experience. Thanks! greetings, Martin [1] If something sounds too good to be true, it probably is.
RE: Mikrotik Cloud Core Router and BGP real life experiences?
Thanks, estimated traffic levels are at about half a gig, but at least 50 megs of UDP (VoIP) in both directions. one thing is that I haven't found a solution for redundant power supply. #m -Original Message- From: Geraint Jones [mailto:gera...@koding.com] Sent: Friday, December 27, 2013 10:03 AM To: Martin Hotze Cc: nanog@nanog.org Subject: Re: Mikrotik Cloud Core Router and BGP real life experiences? I am going to be deploying 4 as edge routers in the next few weeks, each will have 1 or 2 full tables plus partial IX tables. So I should have some empirical info soon. They will be doing eBGP to upstreams and iBGP/OSPF internally. I went with the 16gb RAM models. However these boxes are basically Linux running on top of tilera CPUs, in terms of throughput as long as everything stays on the fastpath they have no issues doing wire speed on all ports, however the moment you add a firewall rule or the like they drop to 1.5gbps. On 27/12/2013, at 9:47 pm, Martin Hotze m.ho...@hotze.com wrote: (...)
RE: Mikrotik Cloud Core Router and BGP real life experiences?
On 27/12/2013, at 10:13 pm, Martin Hotze m.ho...@hotze.com wrote: Thanks, estimated traffic levels are at about half a gig, but at least 50 megs of UDP (VoIP) in both directions. one thing is that I haven't found a solution for redundant power supply. Buy 2 :) on 3am I only want to read the notification and know what to do first in the morning. And not jump out and bring the spare into production. #m
Re: Help me make sense of these traceroutes please
From: Jeroen Massar jer...@massar.ch To: s...@circlenet.us, nanog@nanog.org Subject: Re: Help me make sense of these traceroutes please On 2013-12-25 00:16, Sam Moats wrote: Hello Nanog community, I would like to enlist your help with understanding this latency I'm seeing. You are likely seeing the effects of asymmetric routing. . .. or the effect of passing traffic through NSA infrastructure. SCNR, #m
Re: Trivium
Date: Mon, 19 Aug 2013 11:11:23 -0400 From: Patrick W. Gilmore patr...@ianai.net Subject: Re: Trivium On Aug 19, 2013, at 10:42 , Blake Dunlap iki...@gmail.com wrote: Without Google, how do you know where anything even *is*? Pretending that wasn't a troll, I wonder how much of the traffic these days is things like AppleTV, Roku, OS updates, iThing/Android 'Apps', etc. that do not require a user to type www.bing.com into the Google search box[*] so they can find the web page. we're running a wifi hotspot system with about 1,000 users daily. The top 10 domains on the firewall stats (content filter) are apple and f*cebook domains. So when you plan filtering out apple and/or f*cebook you might also shut down the hotspot, because for most users the 'net' then seems to be br0ken. [*] I've actually see someone type www.yahoo.com into the Google search box, then use Yahoo! to search for something. Don't ask Never type google into google because you can break the Internet! http://www.youtube.com/watch?v=OqxLmLUT-qc ^^^ damn, another google domain ... :-) #m
NANOG - csi reset request (was: RE: NANOG Digest, Vol 63, Issue 45)
to be fair: cloudmark did its best to contact me and it seems that we've been able to resolve the issue. thanks! as a side note: it might be a good idea to have some sort of lookup-tool on the website or an email notification to the netblock owner. thanks again (and also to the people off-list), martin Date: Wed, 10 Apr 2013 03:43:57 + From: Martin Hotze m.ho...@hotze.com To: nanog@nanog.org nanog@nanog.org Cc: bwilli...@cloudmark.com bwilli...@cloudmark.com Subject: RE: NANOG Digest, Vol 63, Issue 45 Message-ID: f02a0931e2e6254680832d6a24940c2ded1...@hx01.srv.hotze.com Content-Type: text/plain; charset=us-ascii Bryan, nope, it didn't make it through to my inbox . I try to contact you through other channels. Martin Date: Wed, 10 Apr 2013 02:41:42 + From: Bryan Williams bwilli...@cloudmark.com To: nanog@nanog.org nanog@nanog.org Subject: NANOG - csi reset request Message-ID: cd8a4959.62cfa%bwilli...@cloudmark.com Content-Type: text/plain; charset=us-ascii Martin, I sent you this email from our corporate email, and haven't heard back. Did you receive this? Regards, Bryan Williams Sr. Solutions Architect Cloudmark, Inc From: Bryan Williams bwilli...@cloudmark.commailto:bwilli...@cloudmark.com Date: Tuesday, April 9, 2013 12:58 PM To: m.ho...@hotze.commailto:m.ho...@hotze.com m.ho...@hotze.commailto:m.ho...@hotze.com Subject: NANOG - csi reset request I searched through the recent requests, and couldn't find any with your email address as the contact email. Can you give me the IP you tried to unblock? Or, try it again and let us know that you did it so we can watch. If there's a bug, we'd like to fix it. Regards, Bryan Williams Sr. Solutions Architect
cloudmark?
Hi, rant it seems that many large providers are using cloudmark services. As far as I can tell: their policy is unclear, they can hardly be reached, mails to support are bouncing (delayed, then bounce). yes, the mailserver from one of our customers was blocked and this was OK and rightful, because they had a problem (cracked account). After the problem was resolved we started removing their IPv4 address from blacklists and almost all lists removed the ban immediately. cloudmark CSI service (reset request form) wants a form to be filled ... and they claim that they send out an email ... but it doesn't make its way to my inbox (no, no filters ...) and support can't be reached. Where are the good old times when the 'net was controlled by techs and not by lawyers? I can't recommend cloudmark. /rant greetings, martin
Re: cloudmark?
Date: Tue, 09 Apr 2013 10:31:08 -0400 From: Chris Conn cc...@b2b2c.ca To: nanog@nanog.org Subject: Re: cloudmark? Message-ID: 5164262c.3070...@b2b2c.ca Content-Type: text/plain; charset=ISO-8859-1; format=flowed On 2013-04-09 10:27, Chris Conn wrote: (...) Your experience does not mirror mine at all. I have less than 30 good for you. :-) minutes of wait time for any support case, and they are few and far between. Reliability is high and FP rate is low. I have no idea what your reference to lawyers pertains to, however the only issue we have ever had was for them to take our money when we renewed for the umpteenth time. We are not a paying cloudmark customer. We just want to get one of our IPv4 address off of their list. #m
RE: NANOG Digest, Vol 63, Issue 45
Bryan, nope, it didn't make it through to my inbox . I try to contact you through other channels. Martin Date: Wed, 10 Apr 2013 02:41:42 + From: Bryan Williams bwilli...@cloudmark.com To: nanog@nanog.org nanog@nanog.org Subject: NANOG - csi reset request Message-ID: cd8a4959.62cfa%bwilli...@cloudmark.com Content-Type: text/plain; charset=us-ascii Martin, I sent you this email from our corporate email, and haven't heard back. Did you receive this? Regards, Bryan Williams Sr. Solutions Architect Cloudmark, Inc From: Bryan Williams bwilli...@cloudmark.commailto:bwilli...@cloudmark.com Date: Tuesday, April 9, 2013 12:58 PM To: m.ho...@hotze.commailto:m.ho...@hotze.com m.ho...@hotze.commailto:m.ho...@hotze.com Subject: NANOG - csi reset request I searched through the recent requests, and couldn't find any with your email address as the contact email. Can you give me the IP you tried to unblock? Or, try it again and let us know that you did it so we can watch. If there's a bug, we'd like to fix it. Regards, Bryan Williams Sr. Solutions Architect
RE: enterprise 802.11
Hi, the wireless itself is not the big problem, most of your devices (Mac) will be the problem (BTDTGNS). And my wild guess is that mobile phones will also be mostly iphones, plus some ipads. ZyXEL has good WLAN controllers, as does LANCOM. Both have very good products for the money. No need - IMHO - to look into $isco. As for the iOS problem, read on here: http://www.net.princeton.edu/apple-ios/ios41-allows-lease-to-expire-keeps-using-IP-address.html #m -Original Message- Date: Sun, 15 Jan 2012 11:30:46 -0800 From: Ken King kk...@yammer-inc.com To: nanog@nanog.org Subject: enterprise 802.11 Message-ID: 36170983-eaa1-4bdd-b0af-5b045fd53...@yammer-inc.com Content-Type: text/plain; charset=us-ascii I need to choose a wireless solution for a new office. up to 600 devices will connect. most devices are mac books and mobile phones. we can see hundreds of access points in close proximity to our new office space. what are the thoughts these days on the best enterprise solution/vendor? Thanks for your replies. Ken King
RE: enterprise 802.11
a WLAN controller will help you detect rogue APs, rescan the area and also changing frequencies/channels in use (depending on configuration, etc.). but this will not replace a site survey. :) and it will not prevent you from having Macs on your network. #m From: Anurag Bhatia [mailto:m...@anuragbhatia.com] Sent: Monday, January 16, 2012 4:44 PM To: Martin Hotze Cc: nanog@nanog.org Subject: Re: enterprise 802.11 (...) You need to do a bit of site survey to get idea of how many AP's you really need. Remember it's open spectrum and running different bands from adjacent AP's, you get really high capacity. With more AP's you can eventually re-use lot of spectrum running them at low power till an extent it doesn't effect coverage. (...)
Re: The stupidity of trying to fix DHCPv6
From: Iljitsch van Beijnum iljit...@muada.com Subject: Re: The stupidity of trying to fix DHCPv6 To: Tim Chown t...@ecs.soton.ac.uk Cc: NANOG list nanog@nanog.org (...) Not saying that Apple is perfect, but at least their IPv6-related bugs don't ruin the day for others on the LAN. Let them (Apple) finally (*dooohhh*) fix the 2.4GHz/DHCP bug on the iPad ... Those §$%§$!§!%$§$%-censored didn't make my day, really. :-( #m
Re: Microsoft's participation in World IPv6 day
Date: Fri, 3 Jun 2011 09:13:31 -0700 From: Owen DeLong o...@delong.com Subject: Re: Microsoft's participation in World IPv6 day To: fredrik danerklint fredan-na...@fredan.se Cc: nanog@nanog.org On Jun 3, 2011, at 5:27 AM, fredrik danerklint wrote: The problem is not all on Microsoft at this case. For example; I've bought a ZyXEL P-2612HNU-F1(which has 802.11n Wireless ADSL 2+ 4-port gateway 2 SIP 2 USB 3G Backup) in december 2010. It basiclly has everything in it. (...) What they (ZyXEL) are saying to me (for not haveing IPv6 at this moment) is that they don't have the skills to implement IPv6 in their current products. I would let them know that they are overdue for developing this skill set and better get cracking if I were their customer. well, directly from their (ZyXEL) US homepage you will be directed to: http://us.zyxel.com/info/ipv6/ with at least some information. #m
RE: Public Wireless access (ticket / token / schedule based)
-Original Message- From: Bill Lewis ble...@hottopic.com Date: Mon, 27 Dec 2010 12:15:55 To: nanog@nanog.org Subject: Public Wireless access (ticket / token / schedule based) What is everyone using for enterprise grade wireless authentication for simple public access (i.e. users that are non-employee that need internet access (non-PCI) while in your building). Obviously I will hang this off a DMZ switch outside of my private LAN. Looking for something vendor driven, don't have time for anything home grown or unsupported / community based. either more or less out of the box: ZyXEL Hotspot http://shorl.com/vesakyfremaho or a Mikrotik Routerboard (w/IPv6) http://www.mikrotik.com/testdocs/ros/2.9/ip/hotspot.php #m
Re: The scale of streaming video on the Internet.
Date: Fri, 3 Dec 2010 10:47:44 -0500 From: William Herrin b...@herrin.us Subject: Re: The scale of streaming video on the Internet. To: Owen DeLong o...@delong.com Cc: nanog@nanog.org (...) But there's a third mechanism worth considering as well: the caching proxy. IMHO it is a waste of bandwidth to use IP/network-based infrastructure for stuff like unidirectional data - like distributing a movie (on demand or scheduled). In this case nothing beats a satellite transponder and a dish, also cost-wise. #m
RE: Low end, cool CPE.
Date: Thu, 11 Nov 2010 17:41:00 -0800 From: Leo Bicknell bickn...@ufp.org Subject: Low end, cool CPE. I've run into a number of low end CPE situations lately where I haven't found anything that does what I want, but I have to believe it is out there. I'm hoping NANOG can help. (...) What is the state of the art, and who has it? Hi, you might want to check out a Mikrotik [1] Routerboard [2]. Most if not all of your requirements are possible and you can scale up, depending on situation/bandwidth/etc. #m [1] www.mikrotik.com [2] www.routerboard.com
Re: NTP Server
Date: Sun, 24 Oct 2010 14:18:18 -0400 From: David Andersen d...@cs.cmu.edu Subject: Re: NTP Server (...) If you find yourself needing really precise time with good guarantees, you're not just talking about buying one GPS unit -- you can easily go down a rathole of finding multiple units with good holdover And you have to trust one single source: the US military. Having my network outside the US and having read NOTAMs (notice to airmen) while preparing a flight stating that due to military ops the GPS signal was screwed up in that area I would not rely on GPS as my single NTP source for my network. #m
RE: NANOG Digest, Vol 32, Issue 25
-Original Message- Message: 3 Date: Wed, 8 Sep 2010 10:24:38 + From: Nathan Eisenberg nat...@atlasnetworks.us Subject: RE: yahoo crawlers hammering us To: nanog@nanog.org nanog@nanog.org Message-ID: 8c26a4fdae599041a13eb499117d3c28164ac...@ex-mb- 1.corp.atlasnetworks.us Customers don't want to deliver their content to search engines? That seems silly. I have a private website; I don't want the site to be listed or content found via a search engine. I want to be able to give the URL out to friends etc. but I don't want all of the world hotlink or whatever - sure, I can password protect the site, but for now I have a ton of rewrite conditions in place. #m
RE: NOC Automation / Best Practices
-Original Message- Date: Wed, 08 Sep 2010 08:54:20 -0700 From: Charles N Wyble char...@knownelement.com Subject: NOC Automation / Best Practices To: nanog@nanog.org NOGGERS, (...) The way I see it, an ounce of prevention is worth a pound of cure. Along those lines, I'm putting in some mitigation techniques are as follows (hopefully this will reduce the number of incidents and therefore calls to the abuse desk). I would appreciate any feedback folks can give me. A) Force any outbound mail through my SMTP server with AV/spam filtering. B) Force HTTP traffic through a SQUID proxy with SNORT/ClamAV running (several other WISPs are doing this with fairly substantial bandwidth savings. However I realize that many sites aren't cache friendly. Anyone know of a good way to check for that? Look at HTTP headers?). Do the bandwidth savings/security checking outweigh the increased support calls due to broken web sites? C) Force DNS to go through my server. I hope to reduce DNS hijacking attacks this way. Thanks! For either A, B or C you won't get my business, let alone a combination of all 3. *wah!* There is too much FORCE here. :-) #m
RE: Re: IPv6 Glue Records at Dotster / Domain.com
Date: Sat, 4 Sep 2010 11:17:36 -0400 From: Jared Mauch ja...@puck.nether.net Subject: Re: IPv6 Glue Records at Dotster / Domain.com Opensrs also suffers from lack of v6 glue disease. Last I saw on their forums it said coming soon for about a year. IBTD. We register our domains with them (Tucows/OpenSRS) and we got the entry, but you have to contact support and it is done manually. Check my domain hotze.com for proving it. #m hotze.com / AS8596
RE: Re: SORBS on autopilot?
Oh well, there's an approach where one splits users into residential and business, meaning that residential is only downloading, surfing, ... without need of providing any services back to the 'net. At least with IPv6 one has to rethink this position as there finally is end-to-end communication and everybody with a limited upload bandwidth can multicast his content to half of the world (crossing fingers). inetnum: 82.150.208.0 - 82.150.208.255 netname: AT-HOTZE-NET descr: hotze.com GmbH descr: DSL wholesale country: AT Our position is that we sell internet access at the IP level, a pure IP pipe - nothing less and nothing more. The customer can have his own PTR-record with a name matching his domain, he can set up a server or not. All IPs are static (no need to hassle with DHCP pools, matching IP to timedate to user for law enforcment). Every customer is served the same according to his service plan. And we don't make any decisions wether the customer is residential or business - simple as that. I won't feel happy with an ISP who wants to make this decision for me. greetings, martin AS8596 / hotze.com GmbH / Austria -Original Message- Date: Tue, 12 Jan 2010 12:42:58 -0500 From: Steven Champeon scham...@hesketh.com Subject: Re: SORBS on autopilot? To: nanog@nanog.org (...) just to pick a few. At the very least, customer-assigned blocks ought to have a SWIP and a comment showing whether they're dynamic or static, residential or business class, and so forth. A surprising example, given the paucity of such examples in the .pl TLD, is dialog.net.pl, which does exactly that: inetnum:87.105.24.0 - 87.105.24.255 netname:DIALOGNET descr: Static Broadband Services descr: Telefonia Dialog S.A. - Dialog Telecom country:PL inetnum:62.87.215.0 - 62.87.215.255 netname:DIALOGNET descr: Dynamic Broadband Services descr: Telefonia Dialog S.A. - Dialog Telecom country:PL So, if the Poles (well, some Poles) can do it, why can't we simply end the endless back and forth over why SORBS is evil, and start adopting sane and clear naming conventions for PTRs? Given how easy it is to modify a $GENERATE statement, I should think you've spent far more energy on arguing about why you're being wronged than it would have taken to fix your problem.