Re: Regex expression

[TR Shaw]

\d{12,}

> On Sep 25, 2017, at 9:31 AM, craig washington  
> wrote:
> 
> Hello all, not sure if this is the right place for this.
> 
> I am not the best with Regex and was looking for an expression in a Juniper 
> that will match on only so many numbers.
> 
> Meaning, I am looking at the mpls lsp statistics "show mpls lsp transit 
> statistics" and I only want to see the LSP's that have larger Bytes, for 
> instance I only want to see stuff that has at least 12 digits or longer.
> 
> 
> 
> Any help would be greatly appreciated, and if this is the wrong thing to ask 
> here, I have no qualms with that either 
> 
> 
> Thanks again.
> 



signature.asc
Description: Message signed with OpenPGP

Re: USA local SIM card

[TR Shaw]

If you are talking about Orlando/Central Florida (or anywhere in FL) now or in 
next couple of weeks be advised that coverage is still spotty for both voice 
and data due to the hurricane.

> On Sep 17, 2017, at 4:40 PM, Max Tulyev  wrote:
> 
> Nice advertising, thank you! =)
> 
> But still have open some questions I asked before:
> 
> 1. My phone is not LTE but 3G GSM/UMTS capable (all bands,
> 850/900/1700/1900/2100). Will it work? Is 3G coverage good enough in New
> York and Orlando for VoIP calls (SIP, Viber, Skype)?
> 
> 2. Is there public or private IP address? IPv6?
> 
> On 17.09.17 22:52, Jean-Francois Mezei wrote:
>> On 2017-09-17 13:07, Max Tulyev wrote:
>> 
>> 
>> AT's $45 prepaid pans and its more expemsive sibbling (I think $65)
>> allow over 6GB of data at LTE speeds, and the rest is unlimited but at
>> 2G speeds (I think).
>> 
>> 
>> The AT plans at the $45 and higher levels allows data and voice
>> roaming into Canada, as long as your usage in Canada represents less
>> than 50% of total use.
>> 
>> The AT plan allows you to remove video throttling (the T-Mobile plan
>> doesn't and has more severe net neutrality violations).
>> 
>> If you obtain a SIM card from eBay, there is a hard to find web access
>> to set it up (normal AT web site forces you to buy a SIM card which
>> AT won't deliver outside of USA).
>> 
>> https://www.att.com/prepaid/activations/#/activate.html
>> 
>> In my case, I choose AT because I tested T-Mobile a few years ago
>> along the route taken and found too many areas without service,
>> interestingly, one area where in 1998-1999, I had service with Omnipoint
>> on a 1900 only phone (Fort Edward NY).
>> 
>> Note on T-Mobile: its coverage map expects you to be on postpaid plans
>> which includes areas where you're allowed to roam on AT, but not
>> necessarily if on prepaid, so hard to tell if you will really get
>> service based on its maps.
>> 
>> Also note: AT on an iPhone gets to disable the "manual" seach for
>> available carriers, so you can't test in a town if T-Mobile would also
>> be available. You can insert you own SIM card just to scan for networks
>> and with roaming disbaled, you won't encurr any charges by home carrier.
>> 
> 

Re: US/Canada International border concerns for routing

[TR Shaw]

Bill,

What does Bell buying MTS do? Does it change your statement or will the MTS 
portion of Bell still peer locally?

Tom

> On Aug 8, 2017, at 8:10 PM, Bill Woodcock  wrote:
> 
> 
>> On Jul 20, 2017, at 7:01 AM, Hiers, David  wrote:
>> For traffic routing, is anyone constraining cross-border routing between 
>> Canada and the US?  IOW, if you are routing from Toronto to Montreal, do you 
>> have to guarantee that the path cannot go through, say, Syracuse, New York?
> 
> No.  In fact, Bell Canada / Bell Aliant and Telus guarantee that you _will_ 
> go through Chicago, Seattle, New York, or Ashburn, since none of them peer 
> anywhere in Canada at all.
> 
> Last I checked (November of last year) the best-connected commercial networks 
> (i.e. not CANARIE) in Canada were Hurricane Electric, MTS Allstream, Primus, 
> and Zip Telecom, all of which peer at three or more Canadian IXes.  So, 
> they’re capable of keeping traffic in Canada so long as the other end isn’t 
> on Bell or Telus, which only sell U.S. bandwidth to Canadians.
> 
> In November, only 27% of intra-Canadian routes stayed within Canada; 64% went 
> through the U.S.  That’s way worse than five years ago, when 60% stayed 
> within Canada, and 38% went through the U.S.
> 
> As has been pointed out, Canada has been building IXPs…  Just not as fast as 
> the rest of the world has.  They’re behind the global average growth rate, 
> and behind the U.S. growth rate, which is why the problem is getting worse.  
> Bandwidth costs are falling faster elsewhere, so they’re importing more 
> foreign bandwidth.
> 
>-Bill
> 
> 
> 
> 



signature.asc
Description: Message signed with OpenPGP

Re: Geolocation of o3b satellite end user terminals

[TR Shaw]

My limited experience is that you get the location of the gateway the traffic 
it coming out of. This is very similar to the locations returned for Motorola 
Canopy, Ubiquity and other wireless networks.  Similar to IP location for cell.

> On May 4, 2017, at 2:33 PM, Eric Kuhnke  wrote:
> 
> Since today seems like the day for IP geolocation related topics...
> 
> Does anyone have direct experience with third-party IP geolocation services
> and o3b served enterprise/ISP-type high capacity customers?
> 
> For those who are not familiar with them, o3b satellite terminals can be
> located literally anywhere in the world below 45 degrees north or south
> latitude, served from a fleet of MEO satellites. Each terminal is a twin
> pair of motorized/tracking antennas and associated modems, etc with an
> IP/Ethernet hand off to the customer.
> 
> Their gateways to the Internet are located in about a dozen places around
> the globe and ordinarily go out to the Internet through o3b's own IP
> network.

Re: ticketmaster.com 403 Forbidden

[TR Shaw]

Can get to them fine from Florida via level3.

Tom’

> On Feb 6, 2017, at 8:04 AM, Manser, Charles J  
> wrote:
> 
> List,
> 
> It seems that browsing to ticketmaster.com or any of the associated IP 
> addresses results in a 403 Forbidden for our customers today. Is anyone else 
> having this issue?
> 
> If anyone from Ticketmaster could reach out to me off-list, it would be 
> helpful.
> Charles Manser | Principal Engineer I, Network Security
> charles.man...@charter.com
> 
> E-MAIL CONFIDENTIALITY NOTICE: 
> The contents of this e-mail message and any attachments are intended solely 
> for the addressee(s) and may contain confidential and/or legally privileged 
> information. If you are not the intended recipient of this message or if this 
> message has been addressed to you in error, please immediately alert the 
> sender by reply e-mail and then delete this message and any attachments. If 
> you are not the intended recipient, you are notified that any use, 
> dissemination, distribution, copying, or storage of this message or any 
> attachment is strictly prohibited.

Re: Cloudflare, dirty networks and politricks

[TR Shaw]

> On Jul 28, 2016, at 7:30 PM, Donn Lasher via NANOG  wrote:
> 
> On 7/28/16, 10:17 AM, "NANOG on behalf of J. Oquendo" 
>  wrote:
> 
> 
>> While many are chanting: #NetworkLivesMatter, I have yet
>> to see, read, or hear about any network provider being
>> the first to set precedence by either de-peering, or
>> blocking traffic from Cloudflare. There is a lot of
>> keyboard posturing: "I am mad and I am not going to take
>> it anymore" hooplah but no one is lifting a finger to
>> do anything other than regurgitate "I am mad... This is
>> criminal."
> 
> (long discussion, was waiting for a place to jump in..)
> 
> If we want to be accurate about it, Cloudflare doesn’t host the DDoS, they 
> protect the website of seller of the product. We shouldn’t be de-peering 
> Cloud Flare over sites they protect any more than we would de-peer GoDaddy 
> over sites they host, some of which, no doubt, sell gray/black market/illegal 
> items/services.
> 
> If, on the other hand,  you can find a specific network actually generating 
> the volumes of DDoS, you should have a conversation about de-peering….
> 
> $0.02…
> 

It would be nice however if Cloudflare would announce there “freebie” ciders 
and the IP block that host their paying customers. Most of the abuse centers on 
the free clients.

Re: de-peering for security sake

[TR Shaw]

ARF (http://www.rfc-editor.org/rfc/rfc5965.txt 
, 
https://www.rfc-editor.org/rfc/rfc6650.txt) and X-ARF 
(http://www.x-arf.org/index.html ) are used 
quite alot and many, like Yahoo, only accept ARF reports on abusive emails.

you might want to read MAAWG’s BCP: 
https://www.m3aawg.org/sites/default/files/document/M3AAWG_Feedback_Reporting_Recommendation_BP-2014-02.pdf
 


Tom

> On Dec 25, 2015, at 5:12 PM, Clayton Zekelman  wrote:
> 
> Just an off the cuff thought but if the format of the abuse messages could be 
> standardized so handling them would be semi-automated somewhat like ACNS 
> notices, it might improve response.
> 
> Maybe such a format already exists and just isn't widely used.
> 
> Sent from my iPhone
> 
>> On Dec 25, 2015, at 4:52 PM, Mikael Abrahamsson  wrote:
>> 
>>> On Fri, 25 Dec 2015, Colin Johnston wrote:
>>> 
>>> why do the chinese network folks never reply and action abuse reports, 
>>> normal slow speed network abuse is tolerated, but not high speed deliberate 
>>> abuse albeit compromised machines
>> 
>> This is not a chinese problem, this is a general ISP problem. Most ISPs do 
>> not respond to abuse reports.
>> 
>> -- 
>> Mikael Abrahamssonemail: swm...@swm.pp.se

Re: SPAM: AW: important

[TR Shaw]

Strange as it has been listed in SURBL for ever since the site was cracked.

scm-70.com.wild.surbl.org has address 127.0.0.68

> On Sep 24, 2015, at 8:55 AM, Gunther Stammwitz  wrote:
> 
> This is unbelievable: 
> We have seen these kinds of spam-messages over the last weeks on different
> mail accounts and still Spamassassin & others don't recognize them.
> Isn't a topic of "Fw: important" compared with the greeting "Hey friend"
> something that must be spam?
> Now Nanog was hit which is really annoying.
> 
> Yes, this message might originate from an authenticated sender and the
> (faked) sender's domain might light spf and so on - but where is artificial
> intelligence when one needs it?
> 
> Time to charge for emails so that this channel will become too expensive for
> spammers, isn't it?
> 
> 
>> -Ursprüngliche Nachricht-
>> Von: NANOG [mailto:nanog-boun...@nanog.org] Im Auftrag von Pomposello
>> Sarah BDF HPN
>> Gesendet: Donnerstag, 24. September 2015 11:24
>> An: Brielle Bruns; nanog group; William Herrin
>> Betreff: Fw: important
>> 
>> Hey friend!
>> 
>> 
>> 
>> Important message, please visit 
>> 
>> 
>> 
>> Pomposello Sarah BDF HPN
> 
> 

Re: Any Tool to replace Peakflow CP

[TR Shaw]

Could it be GovCloud?

See 
http://defensesystems.com/articles/2014/08/21/aws-govcloud-disa-security-approval.aspx
 


Tom

> On Sep 8, 2015, at 7:17 PM, Chris Murray  wrote:
> 
> Very Happy with Kentik Detect, highly recommend it.
> 
> www.kentik.com
> 
> Cheers, Chris
> 
> On Sun, Sep 6, 2015 at 4:53 PM, Harry Hoffman  
> wrote:
>> Hi Aluisio,
>> 
>> Have you had a look at Lancope's Stealthwatch?
>> 
>> If you go that route give a shout as we've written a bunch of scripts to
>> do things like scan detection and new service alerting.
>> 
>> Cheers,
>> Harry
>> 
>> 
>> On 9/5/15 10:01 PM, Aluisio da Silva wrote:
>>> Hello,
>>> 
>>> Does anyone here have a suggestion for a tool to replace Peakflow CP from 
>>> Arbor Networks?
>>> 
>>> Please if possible you would like hear some suggestions.
>>> 
>>> Thanks.
>>> 
>>> Aluísio da Silva
>>> Coordenação de Planejamento e Engenharia
>>> CTBC
>>> (34) 3256-2471
>>> (34) 9976-0471
>>> www.ctbc.com.br
>>> 
>>> 
>>> 
>>> 
>>> Esta mensagem,incluindo seus anexos,pode conter informação confidencial 
>>> e/ou privilegiada,sendo de uso exclusivo dos destinatários. Seu conteúdo 
>>> não deve ser revelado.Caso você não seja o destinatário autorizado a 
>>> receber esta mensagem,não poderá usar,copiar ou divulgar as informações 
>>> nela contidas ou tomar qualquer ação baseada nesse e-mail,por 
>>> favor,comunique ao remetente e a elimine imediatamente.Não nos 
>>> responsabilizamos por opiniões e/ou declarações veiculadas por e-mail não 
>>> ficando obrigada ao cumprimento de qualquer condição constante deste 
>>> instrumento.
>>> 
>>> This message,including its attachments,contains and/or may contain 
>>> confidential and privileged information.If you are not the person 
>>> authorized to receive this message,you may not use,copy or disclose the 
>>> information contained therein or take any action based on this 
>>> information.If this message is received by mistake,please notify the sender 
>>> by immediately replying to this email and deleting its files.We appreciate 
>>> your cooperation.
>> 

Re: internet visualization

[TR Shaw]

Could it be GovCloud?

See 
http://defensesystems.com/articles/2014/08/21/aws-govcloud-disa-security-approval.aspx
 
>

Tom

> On Sep 8, 2015, at 7:16 PM, Jeff Shultz  wrote:
> 
> Weirdest thing I've found yet - AS7224, Amazon AS - Amazon, has 1
> indegree - AS724 - DNIC-ASBLK-00721-00726 - DoD Network Information
> Center, US.
> 
> What the heck is an Amazon (assuming it's associated with Amazon.com)
> AS doing hanging off the end of a DOD network?
> 
> Assuming I'm reading it correctly, that is.
> 
> On Sat, Sep 5, 2015 at 5:15 PM, Jared Mauch  wrote:
>> 
>> OT: hit delete, or shameless plug disclaimer
>> 
>>one of my colleagues just posted this visualiation
>> of the internet from the as_path view of 2914.  if you are on
>> a mobile, you have to physically move your device around.
>> 
>>http://as2914.net/
>> 
>>If you love it, send Job your accolades.  If you hate it,
>> see above disclaimer.  If in a country with a holiday on monday,
>> enjoy it safely.
>> 
>>- Jared
>> 
>> --
>> Jared Mauch  | pgp key available via finger from ja...@puck.nether.net
>> clue++;  | http://puck.nether.net/~jared/  My statements are only mine.
> 

Re: World's Fastest Internet™ in Canadaland

[TR Shaw]

But what about us in Northwestern Ontario who can only get dialup, if that, 
from Bell?

 On Jun 26, 2015, at 2:13 PM, Eric Dugas edu...@zerofail.com wrote:
 
 Nice try Bell.. So-Net did it two years ago, 2Gbps FTTH in Japan.
 
 Article: http://bgr.com/2013/06/13/so-net-nuro-2gbps-fiber-service/
 
 If you read Japanese: http://www.nuro.jp/hikari/
 
 Eric
 
 -Original Message-
 From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Hank Disuko
 Sent: June 26, 2015 2:04 PM
 To: NANOG
 Subject: World's Fastest Internet™ in Canadaland
 
 Bell Canada is apparently gearing up to provide the good people of Toronto 
 with the World's Fastest Internet™.
 http://www.thestar.com/news/city_hall/2015/06/25/bell-canada-to-give-toronto-worlds-fastest-internet.html
 
 

Re: Residential VSAT experiences?

[TR Shaw]

I don’t know what your location is but a wireless internet provider using 
Canopy or Ubiquity or whatever is much more preferable. Also cellular is used 
in “remote” locations with good results.

I know plenty of people in the bush” that use these alternatives over VSat.  I 
use the above over VSat when I am out on fishing trips to remote locations. 

For truly remote where there is no options other than VSat sigh you need to 
live with the latency problems for now. Iridum is currently too slow and too 
costly.  Maybe LEO or MEO in the future but not now.

I have used SSH from a transatlantic flight but the delay can weigh on you ;-)

Tom

 On Jun 22, 2015, at 8:18 PM, Alfred Olton alfredol...@gmail.com wrote:
 
 I had Hughes Net a few years back and can confirm that SSH access was
 pretty much intolerable for me.
 The delay between what I was typing, and when it would actually show up on
 the screen in the remote terminal was really annoying for me.
 As mentioned in previous responses, I think you would want a low orbit
 satellite internet provider, if you can find one for residential use.
 
 In my case, I had a land line, but was too far out for ADSL, so I ended up
 getting ISDN (*with unlimited local calling on my phone plan*).
 Of course the SSH usage experience then was much better.
 
 Al
 
 On 06/22/2015 04:04 PM, Hugo Slabbert wrote: Personally, 500-700ms of
 delay is well within distinguishable range and
 causes challenges in verbal communication.  If the speakers are both
 expecting and accustomed to delay like that (e.g. sailors that are used
 to being hundreds/thousands of miles away from anywhere and any other
 comms solution sucks anyway), it could be workable.
 
 For regular consumer/business voice applications, 100ms and lower is
 decent, but above that starts to get into various degrees of suckage.
 
 Just my 2c.
 
 --
 Hugo
 
 On Mon 2015-Jun-22 15:54:49 -0700, Mike Lyon mike.l...@gmail.com wrote:
 
 I never had good luck with VSAT and SIP. Maybe you had a better kit
 than I
 did :)
 
 -Mike
 
 
 On Mon, Jun 22, 2015 at 3:49 PM, Dovid Bender do...@telecurve.com
 wrote:
 
 Interesting that you say that about sip. We had a client that would
 use it
 for sip on ships all the time. It wasn't the best but it worked. Ping
 times
 were between 500-700ms.
 
 
 
 Regards,
 
 Dovid
 
 -Original Message-
 From: Mike Lyon mike.l...@gmail.com
 Sender: NANOG nanog-boun...@nanog.orgDate: Mon, 22 Jun 2015 15:33:43
 To: Nicholas Oasnicholas@gmail.com; NANOGnanog@nanog.org
 Subject: Re: Residential VSAT experiences?
 
 SIP will suck. VPN will suck. RDP will suck.
 
 Have you looked to see if you have any local wireless ISPs in your area?
 Hit me up offlist if you want me to check for you.
 
 -Mike
 
 
 On Mon, Jun 22, 2015 at 1:39 PM, Nicholas Oas nicholas@gmail.com
 wrote:
 
 Would anyone mind sharing with me their first-hand experiences with
 residential satellite internet?
 
 Right now I am evaluating HughesNet Gen4 and ViaSat Exede and I'm
 thinking
 specifically as a sysadmin who needs to use the uplink for work, not
 surf.
 
 What are your experiences with the following applications?
 -SSH, (specifically interactive CLI shell access)
 -RDP
 -SIP over SSL
 -IPSec Tunneling (should be a non-starter due to latency)
 -GRE Tunneling
 
 Thank you,
 
 -Nicholas
 
 
 
 
 --
 Mike Lyon
 408-621-4826
 mike.l...@gmail.com
 
 http://www.linkedin.com/in/mlyon
 
 
 
 
 --
 Mike Lyon
 408-621-4826
 mike.l...@gmail.com
 
 http://www.linkedin.com/in/mlyon

UVerse question

[TR Shaw]

Any suggestions on what to tell ATT to get IPv6 added to a current account and 
upgrade a 2wire router to 4wire with halfway decent performance and capability?

Any and all help would be appreciated.

Tom

Re: REMINDER: Leap Second

[TR Shaw]

On Jan 25, 2015, at 6:06 PM, Barney Wolff bar...@databus.com wrote:

 On Sun, Jan 25, 2015 at 02:24:52PM -0800, Stephen Satchell wrote:
 
 Today's computers don't use clocks derived from 50- or 60-hertz
 power-line frequency.  The last computer I remember seeing with such a
 clock was the IBM System/360.  The System/370 used a motor-generator set
 for the power supply, so it had to get its real-time clock time source
 another way.
 
 The 360/95 and /91 also used 400 Hz from a motor/gen.  Water cooled, too.
 One of my fondest war stories is when the power was turned off for July 4th
 weekend but the water was left on.

That made the transformers smaller/cooler and more efficient. I seem to 
remember a 195 as well but maybe it is just CRS.

Re: OT - Verizon/ATT Cell/4G Signal Booster/Repeater

[TR Shaw]

On Dec 20, 2014, at 4:58 PM, Doug Barton do...@dougbarton.us wrote:

 On 12/19/14 8:30 PM, Javier J wrote:
 Add T-mobile LTE and to that list.
 
 I need one.
 
 I'm using wifi calling on my T-mobile device now and then 'just 'cuz', and it 
 works a treat. Usually my cell coverage is excellent, but I'm sure that 
 someday I'll be in a spot where I need it, so I want to keep exercising that 
 path occasionally. :)
 
 FWIW,
 
 Doug
 
 (Usually I wouldn't bother speaking about a specific vendor, especially one 
 that's arguably off-topic, but given the historical scuzziness of most of the 
 mobile vendors, and what T-mobile is doing now to improve the situation; 
 albeit with occasionally distasteful marketing theatrics, I thought it worth 
 mentioning ...)

Doug,

Just a question on T-Mobile and wifi.  If you are traveling to a roaming 
country will wifi calls to #s back home be treated as non roaming calls?

Tom

Re: Comcast thinks it ok to install public wifi in your house

[TR Shaw]

Seems to me that they (Bright House Networks, Cox Communications, Optimum, Time 
Warner Cable and Comcast) are effectively operating a business out of your 
house and without a business license.  I am sure that this is illegal in many 
towns and many towns would like the revenue. 

In fact does this put the homeowner at risk since they are effectively 
supporting a business running out of their house?

Tom

On Dec 11, 2014, at 9:02 AM, Scott Helms khe...@zcorum.com wrote:

 All of the members of the CableWiFi consortium have been.
 
 Bright House Networks, Cox Communications, Optimum, Time Warner Cable and
 Comcast.
 
 http://www.cablewifi.com/
 
 Liberty Global, the largest MSO, also does it and this year announced an
 agreement with Comcast to allow roaming on each other's WiFi networks,
 though that is not extended to the other members of CableWiFi at this time.
 
 http://corporate.comcast.com/news-information/news-feed/comcast-and-liberty-global-announce-agreement-to-connect-u-s-and-european-wi-fi-networks
 
 
 Scott Helms
 Vice President of Technology
 ZCorum
 (678) 507-5000
 
 http://twitter.com/kscotthelms
 
 
 On Thu, Dec 11, 2014 at 8:53 AM, Ryan Pavely para...@nac.net wrote:
 
 http://bgr.com/2014/05/12/cablevision-optimum-modem-wifi-hotspots/
 
 I thought cablevision has been doing this for years.
 
 I had a higher level tech at mi casa within the last two years and he
 suggested their goal was to get enough coverage to start offering CV voip
 cell phones.  pay a little less, for not guaranteed coverage'
 
 
 
  Ryan Pavely
   Net Access
   http://www.nac.net/
 
 On 12/10/2014 9:35 PM, Jeroen van Aart wrote:
 
 Why am I not surprised?
 
 Whose fault would it be if your comcast installed public wifi would be
 abused to download illegal material or launch a botnet, to name some random
 fun one could have on your behalf. :-/
 
 (apologies if this was posted already, couldn't find an email about it on
 the list)
 
 http://www.theregister.co.uk/2014/12/10/disgruntled_
 customers_lob_sueball_at_comcast_over_public_wifi/
 
 A mother and daughter are suing Comcast claiming the cable giant's
 router in their home was offering public Wi-Fi without their permission.
 
 Comcast-supplied routers broadcast an encrypted, private wireless network
 for people at home, plus a non-encrypted network called XfinityWiFi that
 can be used by nearby subscribers. So if you're passing by a fellow user's
 home, you can lock onto their public Wi-Fi, log in using your Comcast
 username and password, and use that home's bandwidth.
 
 However, Toyer Grear, 39, and daughter Joycelyn Harris – who live
 together in Alameda County, California – say they never gave Comcast
 permission to run a public network from their home cable connection.
 
 In a lawsuit [PDF] filed in the northern district of the golden state,
 the pair accuse the ISP of breaking the Computer Fraud and Abuse Act and
 two other laws.
 
 Grear – a paralegal – and her daughter claim the Xfinity hotspot is an
 unauthorized intrusion into their private home, places a vast burden on
 electricity bills, opens them up to attacks by hackers, and degrades
 their bandwidth.
 
 Comcast does not, however, obtain the customer's authorization prior to
 engaging in this use of the customer's equipment and internet service for
 public, non-household use, the suit claims.
 
 Indeed, without obtaining its customers' authorization for this
 additional use of their equipment and resources, over which the customer
 has no control, Comcast has externalized the costs of its national Wi-Fi
 network onto its customers.
 
 The plaintiffs are seeking monetary damages for themselves and on behalf
 of all Comcast customers nation-wide in their class-action case – the
 service was rolled out to 20 million customers this year.
 
 
 

Re: How to track DNS resolution sources

[TR Shaw]

On the command line:

host spoofed.host.name.com


On Dec 3, 2014, at 11:22 AM, Notify Me notify.s...@gmail.com wrote:

 Hi!
 
 I hope I'm wording this correctly. I had a incident at a client site where
 a DNS record was being spoofed. How does one track down the IP address
 that's returning the false records ? What tool can one use?
 
 Thanks!
 
 
 
 
 -- 
 Sent from MetroMail

Re: Anyone else having trouble reaching thepiratebay.se? AS39138

[TR Shaw]

From FL I die at

xe-3-2.r02.dsdfge01.de.bb.gin.ntt.net (129.250.5.174)  172.519 ms  155.386 ms  
187.235 ms

On Nov 26, 2014, at 12:43 PM, Josh Luthman j...@imaginenetworksllc.com wrote:

 Works for me
 
 
 Josh Luthman
 Office: 937-552-2340
 Direct: 937-552-2343
 1100 Wayne St
 Suite 1337
 Troy, OH 45373
 
 On Wed, Nov 26, 2014 at 12:41 PM, Javier J jav...@advancedmachines.us
 wrote:
 
 Name:   thepiratebay.se
 Address: 194.71.107.27
 
 Its reachable from some places and not others.
 
 Is it being filtered?
 
 Is it being hijacked?
 
 Email to them bounced from google apps.
 
 Are we now officially living in a police state?
 
 mtr dies at hop 2 for me:
 
 2. l100.nwrknj-vfttp-134.verizon-gni.net  ( 173.70.26.1 )
 
 Is verizon now censoring the internet for me?
 

Re: Scotland ccTLD?

[TR Shaw]

On Sep 16, 2014, at 11:43 AM, Jay Ashworth wrote:

 - Original Message -
 From: Suresh Ramasubramanian ops.li...@gmail.com
 
 Alba was the ancient roman name for England, meaning white, because if
 the white cliffs of Dover
 
 They called Scotland Caledonia and Ireland Hibernia
 
 Ah.
 
 Scotland is named for an ancient / mythical queen named Scota so they
 should be fine with say sc
 
 Except that, alas, .sc is already assigned, to Seychelles.  Or this wouldn't
 be a thing.  :-)
 

Why not ct? 

The Scots have always embraced Caledonia.  Heck, their airline, before BA 
bought them, was called British Caledonia (a better airline than BA IMHO)

Re: Scotland ccTLD?

[TR Shaw]

On Sep 16, 2014, at 11:52 AM, TR Shaw wrote:

 
 On Sep 16, 2014, at 11:43 AM, Jay Ashworth wrote:
 
 - Original Message -
 From: Suresh Ramasubramanian ops.li...@gmail.com
 
 Alba was the ancient roman name for England, meaning white, because if
 the white cliffs of Dover
 
 They called Scotland Caledonia and Ireland Hibernia
 
 Ah.
 
 Scotland is named for an ancient / mythical queen named Scota so they
 should be fine with say sc
 
 Except that, alas, .sc is already assigned, to Seychelles.  Or this wouldn't
 be a thing.  :-)
 
 
 Why not ct? 
 
 The Scots have always embraced Caledonia.  Heck, their airline, before BA 
 bought them, was called British Caledonia (a better airline than BA IMHO)
 
 



Typo. SHould have been CE

Re: fire ants

[TR Shaw]

+1 for CO2 (But stand way back as they will go everywhere)
+1 for moth balls in the enclosure (esp prophylactically)
+1 for boric acid mixed with molasses (use externally) Also stops carpenter 
ants in poles.)

Tom


On Aug 12, 2014, at 3:07 PM, Robert Glover wrote:

 On 8/12/2014 11:52 AM, Eduardo A. Suárez wrote:
 Hi,
 
 it's not a joke. Here we have a fire ants nest in the fiber patch panel.
 Are there any DIY ways to manage that?
 
 Thanks, Eduardo.-
 
 Shop vac?
 

Re: Blocking of domain strings in iptables

[TR Shaw]

You could use RPZ but wouldn't something as simple as putting these two entries 
in a host files meet the mail?

Tom


On Feb 8, 2014, at 11:30 AM, Paul Ferguson wrote:

 Signed PGP part
 Have you looked at perhaps using DNS RPZ (Response Policy Zones)?
 
 https://dnsrpz.info/
 
 - ferg
 
 
 On 2/8/2014 12:08 AM, Anurag Bhatia wrote:
 
  Hello everyone
 
 
  I am trying to figure out the way to drop a domain name DNS
  resolution before it hits application server. I do not want to do
  domain to IP mapping and block destination IP (and source IP
  blocking is also not an option).
 
  I can see that a string like this:
 
  iptables -A INPUT -p udp -m udp --dport 53 -m string --string
  domain --algo kmp --to 65535 -j DROP
 
 
  this can block domain which includes domain.com/domain.net and
  everything in that pattern. I tried using hexadecimal string for
  value like domaincom (hexa equivalent) and firewall doesn't pics
  that at all.
 
  The only other option which I found to be working nicely is u32
  based string as something suggested on DNS amplification blog post
  here -
  http://dnsamplificationattacks.blogspot.in/2013/12/domain-dnsamplificationattackscc.html
 
 
 
 
  A string like this as suggested on above link works exactly for
  that domain
 
  iptables --insert INPUT -p udp --dport 53 -m u32 --u32
  0x280xFFDFDFDF=0x17444e53  0x2c0xDFDFDFDF=0x414d504c 
  0x300xDFDFDFDF=0x49464943  0x340xDFDFDFDF=0x4154494f 
  0x380xDFDFDFDF=0x4e415454  0x3c0xDFDFDFDF=0x41434b53 
  0x400xFFDFDFFF=0x02434300 -j DROP -m comment --comment DROP DNS
  Q dnsamplificationattacks.cc
 
 
  but here I am not sure how to create such string out and script
  them for automation.
 
 
 
  Can someone suggest a way out for this within IPTables or may be
  some other open source firewall?
 
 
  Thanks.
 
 
 
 --
 Paul Ferguson
 VP Threat Intelligence, IID
 PGP Public Key ID: 0x54DC85B2
 
 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds

[TR Shaw]

Richard I would be more than happy to get you intouch with someone who can help 
you

Technically they are very good.

Tom

On Jan 9, 2014, at 5:10 PM, Richard Hesse wrote:

 We're also interested in using their BGP feeds, but their website (
 spamhaustech.com) doesn't give much confidence about their technical
 prowess. Trying to get a simple quote for BGP feeds is...interesting.
 
 -richard
 
 
 On Thu, Jan 9, 2014 at 9:25 AM, ISP Services na...@isp-services.nl wrote:
 
 Hi,
 
 I am wondering if anyone here has experiences with the Spamhaus DROP,
 EDROP and BGPCC BGP feeds, for null routing hijacked prefixes, and prefixes
 which contain (only) mallicious users.
 
 http://www.spamhaus.org/bgpf/
 
 We currently already use a Team Cymru feed for null routing bogons. Would
 you reckon that the Spamhaus lists offer many valid additions to the Team
 Cymru feeds? Did you have any disputes about prefixes that are announced as
 malicious use by Spamhaus with customers or other ISP's?
 
 Any responses, on or off list are appreciated.
 
 Thanks,
 
 Dennis Hagens
 Network Engineer
 AS 24875
 
 
 
 

Re: Experiences with Spamhaus BGP DROP, EDROP and BGPCC BGP feeds

[TR Shaw]

Replied off list.

On Jan 9, 2014, at 5:43 PM, Bryan Socha wrote:

 I would also like that contact, i've been trying to get the same quote for 
 feed only for months.
 
 Thanks,
 Bryan
 
 

Re: Email Server and DNS

[TR Shaw]

In addition to all the other reco's below, 

1) only allow sending by your users from the submit port and only with 
authentication. There should be no client sending through the SMTP port.

2) Implement SSL on POP  IMAP if at all possible Otherwise enforce CRAM-MD5

3) Review logs esp pop and imap login failures. 

4) Turn off VRFY. 

On Nov 3, 2013, at 11:49 AM, Private Sender wrote:

 Signed PGP part
 On 11/3/2013 8:39 AM, rw...@ropeguru.com wrote:
  So I figured a little break from the NSA was in order.
  
  I am looking for some info on current practice for an email server 
  and SMTP delivery. It has been a while since I have had to setup an
  email server and I have been tasked with setting up a small one for
  a friend. My question centers around the server sending outgoing
  email and the current practices requirements for other servers to
  accept email Things like rDNS, SPF records, etc...
  
  I am pretty much set on the issue of incoming spam and virus. 
  Probably overkill but it is checked at the Sophos UTM firewall and 
  at the email server itself.
  
  Thanks,
  
  Robert
  
 
 MX, PTR, and SPF are really all you need. I would recommend you go a
 step further and use DKIM, ADSP, and DMARC. It will help keep asshat
 spammers from flaming your domain all over the internet.
 
 I use http://www.unlocktheinbox.com/ to verify my configuration.
 
 - -- 
 - -Bret Taylor
 
 



signature.asc
Description: Message signed with OpenPGP using GPGMail

Re: Happy Birthday, ARPANET!

[TR Shaw]

Yikes! First it was the PDP in the British Museum and now a Sigma.  I don't 
feel old enough for the museum...

On Oct 29, 2013, at 10:51 PM, Jay Ashworth wrote:

 The Paley Center for Media reminds us that on this day in 1969 at 2230 PST, 
 the first link was turned up between UCLAs Sigma 7 and SRIs 940.
 
 A photo of the laboratory logbook is included in the Wikipedia article:
 
 en.m.wikipedia.org/wiki/ARPANET
 
 Cheers,
 - jra
 
 -- 
 Sent from my Android phone with K-9 Mail. Please excuse my brevity.

Re: iOS 7 update traffic

[TR Shaw]

Just as a note.

On Sep 19, 2013, at 6:57 PM, Brandon Galbraith wrote:

 1) Rate limit the software update download (Us)
 
 2) Have device OS download the update in the background, and be resilient
 to failures with retries (Manufacturer)
 
Apple already does this in the iTunes update the ios device mode.

 3) Don't present the update notification to the user until the update blob
 is already cached on the device (Manufacturer)
 
Apple also already does this.  However, manual checks/updates can be done. When 
there is so much buzz on the news and given Apple customers zeal a large 
percentage manually invoke the update.

 Only in a perfect world though.
 
 
 On Thu, Sep 19, 2013 at 5:49 PM, joel jaeggli joe...@bogus.com wrote:
 
 On 9/19/13 3:29 PM, Warren Bailey wrote:
 Your software updates (you meaning a user of the Internet) should not
 affect my experience. I'm not advocating we go back to 5.25 floppies and
 never look back. I'm asking..
 
 Is there a way for a COMPUTER and PHONE manufacturer to distribute their
 software without destroying most last mile connectivity?
 
 Who else has had traffic surges like this?
 
 Flash traffic occurs, sometimes people fly planes into things, sometimes
 nuclear reactors melt down, earthquakes or hurricanes occur  or cables
 are segmented due to underwater landslides. and what infrastructure that
 is left shifts abruptly from terrestrial to sattelite or gets droppped
 on the floor. the best you can ask for on an instantanious basis is
 graceful degredation under load.
 
 this happens to not be weather.so maybe you can do something about it.
 but ultimately a certain number of bytes have to be transfered and given
 the architecture, the flash was driven by the consumer and not by
 software automation, if we want the later to control it consumer choice
 has to be taken out of the loop, which may or may not be palatable.
 
 And who else has a Nanog strike team coming in screaming buy more
 bandwidth? ;)
 
 
 Sent from my Mobile Device.
 
 
  Original message 
 From: Ryan Harden harde...@uchicago.edu
 Date: 09/19/2013 3:04 PM (GMT-08:00)
 To: Jeroen van Aart jer...@mompl.net
 Cc: nanog@nanog.org nanog@nanog.org
 Subject: Re: iOS 7 update traffic
 
 
 
 On Sep 19, 2013, at 3:11 PM, Jeroen van Aart jer...@mompl.net wrote:
 
 On 09/19/2013 12:06 PM, Ryan Harden wrote:
 As a side note, how are some of you not aware of this? This has
 happened with every single Apple OS update since the iPhone was released in
 2007.
 
 The difference is there are now a couple more million devices out
 there than there were in 2007. And in 2007 there was just the one phone,
 now you have tablets and what have you.
 
 The effect has been relatively the same regardless of how many iDevices
 there are. Network Operators have seen spikes during Apple OS releases
 since they started. The only leeway I'll give you is that the original
 iPhone only supported 802.11b. With .11n and someday .11ac, the ability for
 these devices to consume data at a faster rate is also increasing.
 
 
 This isn't a new phenomenon. I realize some of you are too cool for
 Apple
 
 Lame low ball remark, however I thought it was the opposite,
 Apple==coolness?
 
 This was in no way meant to be a lowball remark. But it doesn't take
 much searching to find people exclaiming how they have zero Apple devices
 or how they don't pay attention to Apple's iJunk. I assumed (probably
 mistakenly) that the lack of knowing this is going to happen roughly 2-3
 times a year was due to being 'too cool' to keep up with the stuff Apple
 puts out.
 
 
 Regards,
 Jeroen
 
 --
 Earthquake Magnitude: 5.3
 Date: 2013-09-19  17:25:09.350 UTC
 Location: 19km ESE of Ishikawa, Japan
 Latitude: 37.0716; Longitude: 140.6495
 Depth: 22.22 km | e-quake.org
 
 
 
 
 
 

Re: Contact at spamhaus to ASK for a DROP listing ?

[TR Shaw]

Forwarded you request to spamhaus

Tom

On Sep 20, 2013, at 8:29 AM, Carlos G Mendioroz wrote:

 Hi,
 I've seen many threads of delisting requests here, and this is NOT one.
 I happen to be tech contact for an unused allocated block that has been 
 recently hijacked. I have no means to actually route it now, so I guess the 
 best course of action is to list it in DROP. On pourpose.
 
 If anyone can help me on that, or provide advise on a better course of 
 action, I'm all ears :)
 
 TIA,
 
 -- 
 Carlos G Mendioroz  t...@acm.org
 

Re: iOS 7 update traffic

[TR Shaw]

Haven't updated my iPad yet but the iPhone update size was 1.12GB

On Sep 19, 2013, at 2:05 PM, Mikael Abrahamsson wrote:

 On Thu, 19 Sep 2013, Paul Ferguson wrote:
 
 
 Can someone please explain to a non-Apple person what the hell happened
 that started generating so much traffic? Perhaps I missed it in this
 thread, but I would be curious to know what iOS 7 implemented that
 caused this...
 
 The IOS7 upgrade is ~750 megabyte download for the phones/pods, and ~950 
 megabytes for ipad. There are quite a few devices out there times these 
 amounts to download...
 
 -- 
 Mikael Abrahamssonemail: swm...@swm.pp.se
 

Re: iOS 7 update traffic

[TR Shaw]

Major update  provides many of 5S functionality to the 5, 4S,  4

On Sep 19, 2013, at 1:58 PM, Paul Ferguson wrote:

 
 Can someone please explain to a non-Apple person what the hell happened
 that started generating so much traffic? Perhaps I missed it in this
 thread, but I would be curious to know what iOS 7 implemented that
 caused this...
 
 Thanks in adavnce,
 
 - ferg
 
 On 9/19/2013 10:23 AM, Nick Olsen wrote:
 
 We also saw a huge spike in traffic. Still pretty high today as well.
 We saw a ~60% above average hit yesterday, And we're at ~20-30% above
 average today as well.
 Being an android user, It didn't dawn on me until some of the IOS users in
 the office started jumping up and down about IOS7
 Nick Olsen
 Network Operations (855) FLSPEED  x106
 
 
 From: Justin M. Streiner strei...@cluebyfour.org
 Sent: Wednesday, September 18, 2013 6:19 PM
 To: NANOG nanog@nanog.org
 Subject: Re: iOS 7 update traffic
 
 On Wed, 18 Sep 2013, Tassos Chatzithomaoglou wrote:
 
 We also noticed an interesting spike (+ ~40%), mostly in akamai.
 The same happened on previous iOS too.
 
 I see it here, too.  At its peak, our traffic levels were roughly double
 what we would see on a normal weekday.
 
 jms
 
 Zachary McGibbon wrote on 18/9/2013 20:38:
 So iOS 7 just came out, here's the spike in our graphs going to our ISP
 here at McGill, anyone else noticing a big spike?
 
 [image: internet-sw1 - Traffic - Te0/7 - To Internet1-srp (IR Canet) -
 TenGigabitEthernet0/7]
 
 Zachary McGibbon
 
 
 
 
 
 
 
 
 
 
 -- 
 Paul Ferguson
 Vice President, Threat Intelligence
 Internet Identity, Tacoma, Washington  USA
 IID -- Connect and Collaborate -- www.internetidentity.com
 
 

Re: roadrunner takes a really long excursion

[TR Shaw]

TWT spun off from TW in 1998 or 9 if I remember. TWC ala RoadRunner is a build 
out of what was left of TW's residential footprint and services. RoadRunner 
also supports portions of old TWC plant that was sold off to Brighthouse 
Communications.

Tom
 
On Jul 11, 2013, at 5:20 PM, david raistrick wrote:

 On Thu, 11 Jul 2013, Randy Bush wrote:
 
 their xo peering.  i guess the root cause is that roadrunner is poorly
 peered.  are they not actually twt?
 
 Nope.  TWT vs TWC.
 
 
 --
 david raistrickhttp://www.netmeister.org/news/learn2quote.html
 dr...@icantclick.org   ascii ribbon campaign - stop html mail
http://www.asciiribbon.org/
 
 
 
 

Re: Andros Island Connectivity?

[TR Shaw]

Aaron are they supporting the range? If so there are options.

On Apr 30, 2013, at 4:28 PM, Aaron C. de Bruyn wrote:

 I just had a client drop an interesting requirement on me.
 
 They are on Andros Island (Bahamas) for about a year.  I'm working on
 getting an exact address from the adminisphere above me, but all I've been
 told so far is they are 'near the naval base'.
 
 They just called and said We need internet access yesterday.
 
 None of the people on-site are technical, and all their data is accessed
 via RDP on a server in the United States.
 
 Having never been there, I have no idea if it's like downtown San Francisco
 where the internet grows on trees, or if it's like the Sahara desert which
 might require dragging your own fiber in on camelback...
 
 Does anyone have pointers on who to talk to or how I can get them internet
 access?
 
 -A

Re: Andros Island Connectivity?

[TR Shaw]

Harris/CAPROCK, http://www.harriscaprock.com, provides VSAT worldwide to 
shipping, offshore platforms and remote islands.

Additionally, Andros has quite a bit of undersea fiber going to it.  The USAF 
Eastern Test Range and the Naval base there was the forcing function.  The 
range contractor, http://computersciencesraytheon.com, could probably give you 
a heads up or if I can help I can call some friends there.

Tom

On Apr 30, 2013, at 5:23 PM, Warren Bailey wrote:

 Depends.. Space segment runs from 1300 a mhz for inclined all the way to 6k a 
 month a mhz for hard to get weird stuff. We oversub to make the economics 
 work often.
 
 
 Sent from my T-Mobile 4G LTE Device
 
 
 
  Original message 
 From: Mike Hale eyeronic.des...@gmail.com
 Date: 04/30/2013 2:22 PM (GMT-08:00)
 To: Warren Bailey wbai...@satelliteintelligencegroup.com
 Cc: Mike Lyon mike.l...@gmail.com,Aaron C. de Bruyn 
 aa...@heyaaron.com,memb...@wispa.org,NANOG mailing list nanog@nanog.org
 Subject: Re: Andros Island Connectivity?
 
 
 Yeah, how many thousands is it per meg of space segment?
 
 On Tue, Apr 30, 2013 at 2:20 PM, Warren Bailey
 wbai...@satelliteintelligencegroup.com wrote:
 Says.. Who?
 
 
 Sent from my T-Mobile 4G LTE Device
 
 
 
  Original message 
 From: Mike Hale eyeronic.des...@gmail.com
 Date: 04/30/2013 2:19 PM (GMT-08:00)
 To: Warren Bailey wbai...@satelliteintelligencegroup.com
 Cc: Mike Lyon mike.l...@gmail.com,Aaron C. de Bruyn
 aa...@heyaaron.com,memb...@wispa.org,NANOG mailing list nanog@nanog.org
 Subject: Re: Andros Island Connectivity?
 
 
 It's the quickest but certainly not the cheapest.
 
 On Tue, Apr 30, 2013 at 1:56 PM, Warren Bailey
 wbai...@satelliteintelligencegroup.com wrote:
 I suggested VSAT. Probably the quickest and cheapest.
 
 
 Sent from my T-Mobile 4G LTE Device
 
 
 
  Original message 
 From: Mike Lyon mike.l...@gmail.com
 Date: 04/30/2013 1:35 PM (GMT-08:00)
 To: Aaron C. de Bruyn aa...@heyaaron.com,memb...@wispa.org
 Cc: NANOG mailing list nanog@nanog.org
 Subject: Re: Andros Island Connectivity?
 
 
 Aaron,
 
 Cross-posting this over to the WISPA list to see if there are any Wireless
 ISPs over there that can help you.
 
 -Mike
 
 
 
 On Tue, Apr 30, 2013 at 1:28 PM, Aaron C. de Bruyn
 aa...@heyaaron.comwrote:
 
 I just had a client drop an interesting requirement on me.
 
 They are on Andros Island (Bahamas) for about a year.  I'm working on
 getting an exact address from the adminisphere above me, but all I've
 been
 told so far is they are 'near the naval base'.
 
 They just called and said We need internet access yesterday.
 
 None of the people on-site are technical, and all their data is accessed
 via RDP on a server in the United States.
 
 Having never been there, I have no idea if it's like downtown San
 Francisco
 where the internet grows on trees, or if it's like the Sahara desert
 which
 might require dragging your own fiber in on camelback...
 
 Does anyone have pointers on who to talk to or how I can get them
 internet
 access?
 
 -A
 
 
 
 
 --
 Mike Lyon
 408-621-4826
 mike.l...@gmail.com
 
 http://www.linkedin.com/in/mlyon
 
 
 
 
 --
 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
 
 
 
 
 --
 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
 

Re:

[TR Shaw]

EXTERMINATE, EXTERMINATE, EXTERMINATE,...

On Dec 12, 2012, at 6:59 PM, Jaren Angerbauer wrote:

 On Tue, Dec 11, 2012 at 5:20 PM, flower tailor samba...@hotmail.com wrote:
 Delete me
 
 
 As a Dr. Who fan -- DELETE, DELETE, DELETE...
 

Anyone from ATT?

[TR Shaw]

Please contact me off list.  I have problems with our equipment  on these two 
ATT netblocks communicating between one another.

ATT Services, Inc. ATT (NET-12-0-0-0-1) 12.0.0.0 - 12.255.255.255
CFWN Pool ATTCT-NMPL20 ATTW-042909163717 (NET-12-88-176-0-1) 12.88.176.0 - 
12.88.191.255

and

NetRange:   108.192.0.0 - 108.255.255.255
CIDR:   108.192.0.0/10
OriginAS:   AS7132
NetName:SBCIS-SBIS

Re: Constant low-level attack

[TR Shaw]

On Jun 28, 2012, at 4:31 PM, Lou Katz wrote:

 The other day, I looked carefully at my auth.log (Xubuntu 11.04) and 
 discovered many lines
 of the form:
 
  Jun 28 13:13:54 localhost sshd[12654]: Bad protocol version 
 identification '\200F\001\003\001' from 94.252.177.159
 
 In the past day, I have recorded about 20,000 unique IP addresses used for 
 this type of probe.
 I doubt if this is a surprise to anyone - my question is twofold:
 
 1. Does anyone want this evergrowing list of, I assume, compromised machines?
 2. Is there anything useful to do with this info other than put the IP 
 addresses into a firewall reject table? I have done
   that and do see a certain amount of repeat hits.

Just a note that if you were running fail2ban.org you would get automatic 
updates of your firewall and share the IPs with the community and get the 
advantage of the communities detections as well.

Re: DNS poisoning at Google?

[TR Shaw]

On Jun 27, 2012, at 3:36 AM, Michael J Wise wrote:

 
 On Jun 27, 2012, at 12:06 AM, Matthew Black wrote:
 
 We found the aberrant .htaccess file and have removed it. What a mess!
 
 
 Trusting you carefully noted the date/time stamp before removing it, as 
 that's an important bit of forensics.

And done forget there is a trail on that file on your backups.

Tom

Problems getting to Verisign's whois server on IPv6

[TR Shaw]

Anyone else having problems getting to Verisign's whois server on IPv6?

$ host com.whois-servers.net
com.whois-servers.net is an alias for whois.verisign-grs.com.
whois.verisign-grs.com has address 199.7.59.74
whois.verisign-grs.com has IPv6 address 2001:503:3227:1060::74

$ traceroute6 2001:503:3227:1060::74
traceroute6 to 2001:503:3227:1060::74 (2001:503:3227:1060::74) from 
2001:470:5:4ed:cabc:c8ff:fea1:560c, 64 hops max, 12 byte packets
 1  2001:470:5:4ed:226:bbff:fe6d:426e  0.311 ms  0.374 ms  0.260 ms
 2  ipv6oitc-1.tunnel.tserv12.mia1.ipv6.he.net  21.128 ms  21.052 ms  17.389 ms
 3  gige-g2-3.core1.mia1.he.net  20.055 ms  16.198 ms  22.699 ms
 4  10gigabitethernet4-3.core1.atl1.he.net  40.166 ms  33.887 ms  32.547 ms
 5  10gigabitethernet6-4.core1.ash1.he.net  49.821 ms  45.999 ms  52.751 ms
 6  2001:504:0:2::2641:1  47.197 ms  46.748 ms  47.289 ms
 7  xe-1-2-0.r1.bb-fo.chi2.vrsn.net  65.094 ms
xe-0-2-0.r2.bb-fo.chi2.vrsn.net  66.441 ms
xe-1-2-0.r1.bb-fo.chi2.vrsn.net  66.320 ms
 8  2001:503:3227:14ff::2  66.448 ms
2001:503:3227:13ff::2  101.761 ms  86.864 ms
 9  2001:503:3227:13ff::2  69.818 ms !P
2001:503:3227:14ff::2  69.311 ms !P
2001:503:3227:13ff::2  68.662 ms !P

Re: Problems getting to Verisign's whois server on IPv6

[TR Shaw]

Nope sure can't

$  telnet -6 2001:503:3227:1060::74 whois
2001:503:3227:1060::74: nodename nor servname provided, or not known

Tom

On May 1, 2012, at 8:15 AM, Tony Tauber wrote:

 Path is not the same, but the last few replies similarly suggest 
 packet-filters (!X in my case vs. !P).
 I can get to the whois port (TCP/43):
 
 $ telnet -6 2001:503:3227:1060::74 whois
 Trying 2001:503:3227:1060::74...
 Connected to 2001:503:3227:1060::74.
 Escape character is '^]'.
 
 Can you?
 
 Tony
 
 On Tue, May 1, 2012 at 8:01 AM, TR Shaw ts...@oitc.com wrote:
 Anyone else having problems getting to Verisign's whois server on IPv6?
 
 $ host com.whois-servers.net
 com.whois-servers.net is an alias for whois.verisign-grs.com.
 whois.verisign-grs.com has address 199.7.59.74
 whois.verisign-grs.com has IPv6 address 2001:503:3227:1060::74
 
 $ traceroute6 2001:503:3227:1060::74
 traceroute6 to 2001:503:3227:1060::74 (2001:503:3227:1060::74) from 
 2001:470:5:4ed:cabc:c8ff:fea1:560c, 64 hops max, 12 byte packets
  1  2001:470:5:4ed:226:bbff:fe6d:426e  0.311 ms  0.374 ms  0.260 ms
  2  ipv6oitc-1.tunnel.tserv12.mia1.ipv6.he.net  21.128 ms  21.052 ms  17.389 
 ms
  3  gige-g2-3.core1.mia1.he.net  20.055 ms  16.198 ms  22.699 ms
  4  10gigabitethernet4-3.core1.atl1.he.net  40.166 ms  33.887 ms  32.547 ms
  5  10gigabitethernet6-4.core1.ash1.he.net  49.821 ms  45.999 ms  52.751 ms
  6  2001:504:0:2::2641:1  47.197 ms  46.748 ms  47.289 ms
  7  xe-1-2-0.r1.bb-fo.chi2.vrsn.net  65.094 ms
xe-0-2-0.r2.bb-fo.chi2.vrsn.net  66.441 ms
xe-1-2-0.r1.bb-fo.chi2.vrsn.net  66.320 ms
  8  2001:503:3227:14ff::2  66.448 ms
2001:503:3227:13ff::2  101.761 ms  86.864 ms
  9  2001:503:3227:13ff::2  69.818 ms !P
2001:503:3227:14ff::2  69.311 ms !P
2001:503:3227:13ff::2  68.662 ms !P
 
 
 

Re: The day SORBS goes away ...

[TR Shaw]

On Apr 7, 2012, at 6:35 PM, Barry Shein wrote:

 
 Something I'm considering is just limiting the max size of an email
 from Yahoo severely, enough to say I've changed my address from yahoo
 to ___.
 
 We get pounded day and night with multimegabyte (per each) spam emails
 from them.
 
 Yahoo isn't the only one but the most frequent.

As for Yahoo, the problem will probably go away on its own over time. The 
problem with companies that are in questionable/bad financial shape is that 
they defund many activities that do not seem important but actually are. These, 
such as abuse handling, will actually cause them to increase their spiral down 
by causing more customers away.

Another item of interest is that Yahoo says they will only accept ARF 
(RFC-5965) reports to abuse@  However, they reject all ARF abuse reports just 
like the plain text ones. So much for standards support

As an aside, one can not/will not/may not block all their mailservers but I 
would suggest blocking all mail that contains their shortener, y.ahoo.it.  It 
is highly abused and they don't respond to abuse reports on it either.

Its a real shame that the original high quality search engine/company that 
everyone aspired to be on has fallen so far both financially and in quality.

As for SORBS, most competent mail admins dropped its use a long time ago. I 
thought when Proofpoint took it over things would change (I actually thought 
they would dump the SORBS name because of bad karma) but it hasn't happened.

Re: OWA blocked by China

[TR Shaw]

On Mar 27, 2012, at 10:16 AM, Jim Gonzalez wrote:

 Hello, 
 
One of my customers has workers in China. There outlook web
 access is blocked by the China Firewall. I was just wondering if anyone had
 this issue ? I have not tried any work arounds as of yet just gathering info
 

Jim

Try a tunnel?

Tom

Re: LAw Enforcement Contact

[TR Shaw]

On Jan 22, 2012, at 8:19 PM, bmann...@vacation.karoshi.com wrote:

 On Sun, Jan 22, 2012 at 07:16:39PM -0600, A. Pishdadi wrote:
 Hello,
 
 We recently tracked down a botnet that attacked our network. We found the
 CC server, it has approximately 40-50 servers, consisting of mostly *nix
 machines with high speed connections, for example AWS servers or dedicated,
 attack capacity is 4-5Gb/s or more. Is there any contacts with law
 enforcement here that I can send over the info too?
 
 .
 
   Sure is.  Check with your local FBI office.
 

Do you know how responsive and effective that is out here in rural america? 
usually nada even if you can even find someone who speaks tech.

I gave my local a CC complete with location in Phoenix and details on all the 
Italian bank intercepts that were stored there (open directory) and 2 weeks 
later it was still operating.

Tom

Re: Does anybody out there use Authentication Header (AH)?

[TR Shaw]

As far as real world examples, I know of none that use AH only. All the 
operational uses I have seen in use are tunnels.

I would guess that if there are any it would be because some minimally 
technical COI rep thought that by using it it would provide some minimalist 
support of their interpretation of FISMA.

Tom 

On Jan 1, 2012, at 9:03 PM, Steven Bellovin wrote:

 Yes, I know; I'm on that list.  John Smith decided to see if 
 reality matched theory -- always a good thing to do -- and asked
 here.
 
 Btw, it's not just this time there is some support for it; AH
 was downgraded to MAY in RFC 4301 in 2005.
 
 
 On Jan 1, 2012, at 8:56 PM, Jack Kohn wrote:
 
 The __exact__ same discussion happening on IPsecME WG right now.
 
 http://www.ietf.org/mail-archive/web/ipsec/current/msg07346.html
 
 It seems there is yet another effort being made to retire AH so that
 we have less # of options to deal with. This time there is some
 support for it ..
 
 Jack
 
 On Mon, Jan 2, 2012 at 7:20 AM, Steven Bellovin s...@cs.columbia.edu wrote:
 
 On Jan 1, 2012, at 8:34 PM, TR Shaw wrote:
 
 John,
 
 Unlike AH,  ESP in transport mode does not provide integrity and 
 authentication for the entire IP packet. However,  in Tunnel Mode,  where 
 the entire original IP packet is encapsulated with a new packet header 
 added,  ESP protection is afforded to the whole inner IP packet (including 
 the inner header) while the outer header (including any outer IPv4 options 
 or IPv6 extension headers) remains unprotected.  Thus, you need AH to 
 authenticate the integrity of the outer header packet information.
 
 
 Not quite.  While the cryptographic integrity check does not cover the 
 source and destination addresses -- the really interesting part of the 
 outer header -- they're bound to the security association, and hence 
 checked separately.  Below is a note I sent to the IPsec mailing list in 
 1999.
 
 That, however, is not the question that is being asked here.  The IPsecme 
 working group has been over those issues repeatedly; your (non)-issue and 
 (slightly) more substantive issues about IPv6 have been rehashed ad 
 nauseum.  The questions on the table now are, first, are operators using 
 AH, and if so is ESP with NULL encryption an option?
 
   --Steve Bellovin, https://www.cs.columbia.edu/~smb
 
 
   One of the biggest reasons we have AH is because there _are_
   some things in the middle of the IP header that need to be
   authenticated for them to be simultaneously safe and useful.
   The biggest example of this is source routing.
 
 In my opinion -- and I've posted this before -- there's nothing in the
 IP header that's both interesting and protected.  You can't protect the
 source routing option, since the next-hop pointer changes en route.
 Appendix A of the AH draft recognizes that, and lists it as 'mutable --
 zeroed'.
 
 When you look over the list of IP header fields and options that are
 either immutable or predictable, you find that the only things that are
 really of interest are the source and destination addresses and the
 security label.  To the extent that we want to protect the addresses --
 a point that's very unclear to me -- they're bound to the security
 association.  The security label certainly should be.  If you're using
 security labels (almost no one does) and you don't have the facilities
 to bind it at key management time, use tunnel mode and be done with it.
 
   I'll admit that I've never been in the operations business, but
   I've been told that source routing is a very useful tool for
   diagnosing some classes of problems.  AH allows source routing
   to be useful again w/o opening the holes it opens.
 
 Well, yes, but not for the reason you specify.  The problem with source
 routing is that it makes address-spoofing trivial.  With AH, people
 will either verify certificate names -- the right way to do things --
 or they'll bind a certificate to the source address, and use AH to
 verify the legitimacy of it.  The route specified has nothing to do
 with it, and ESP with null encryption does the same thing.
 
 I don't like AH, either in concept or design (and in particular I don't
 like the way it commits layer violations).  Its only real use, as I see
 it, is to answer Greg Minshall's objections -- it leaves the port
 numbers in the clear, and visible in a context-independent fashion.
 With null encryption, the monitoring station has to know that that was
 selected.  But I'm very far from convinced that these issues are
 important enough to justify AH.
 
 All that notwithstanding, this is not a new issue.  We've been over
 this ground before in the working group.  Several of us, myself
 included, suggested deleting AH.  We lost.  Fine; so be it.  Let's ship
 the documents and be done with it.
 
 
 
   --Steve Bellovin, https://www.cs.columbia.edu/~smb
 
 
 
 
 
 

Re: Does anybody out there use Authentication Header (AH)?

[TR Shaw]

On Jan 1, 2012, at 7:12 PM, John Smith wrote:

 Hi,
 
 I am trying to see if there are people who use AH specially since RFC 4301 
 has a MAY for AH and a MUST for ESP-NULL. While operators may not care about 
 a MAY or a MUST in an RFC, but the IETF protocols and vendors do. So all 
 protocols that require IPsec for authentication implicitly have a MAY for AH 
 and a MUST for ESP-NULL.
 
 Given that there is hardly a difference between the two, I am trying to 
 understand the scenarios where people might want to use AH? OR is it that 
 people dont care and just use what their vendors provide them?
 
 Regards,
 John

AH provides for  connectionless integrity and data origin authentication and 
provides protection against replay attacks.  Many US Gov departments that have 
to follow NIST and do not understand what this means require it between 
internal point-to-point routers between one portion of their organization and 
another adding more expense for no increase in operational security.

If you are following NIST or DCID-63, this is required to meet certain 
integrity requirements

ESP provides confidentiality,  data origin authentication,  connectionless 
integrity,  an anti-replay service,  and limited traffic flow confidentiality.  
EG AH portion provides for the integrity requirement and the ESP encryption 
provides for the confidentiality requirement of NIST.

Think of AH that it is like just signing a PGPMail and ESP as signing and 
encrypting a PGPMail.

There are reasons for both.

Tom

Re: Does anybody out there use Authentication Header (AH)?

[TR Shaw]

John,

Unlike AH,  ESP in transport mode does not provide integrity and authentication 
for the entire IP packet. However,  in Tunnel Mode,  where the entire original 
IP packet is encapsulated with a new packet header added,  ESP protection is 
afforded to the whole inner IP packet (including the inner header) while the 
outer header (including any outer IPv4 options or IPv6 extension headers) 
remains unprotected.  Thus, you need AH to authenticate the integrity of the 
outer header packet information.

Again, just like PGPMail as I explained before,

Tom


On Jan 1, 2012, at 7:32 PM, John Smith wrote:

 Hi Tom,
 
 Thanks for the reply.
 
 Why cant we use ESP/NULL for meeting the NIST requirement? Is there something 
 extra that AH offers here?
 
 Regards, 
 John
 
 From: TR Shaw ts...@oitc.com
 To: John Smith jsmith4112...@yahoo.co.uk 
 Cc: nanog@nanog.org nanog@nanog.org 
 Sent: Monday, 2 January 2012, 5:57
 Subject: Re: Does anybody out there use Authentication Header (AH)?
 
 
 On Jan 1, 2012, at 7:12 PM, John Smith wrote:
 
  Hi,
  
  I am trying to see if there are people who use AH specially since RFC 4301 
  has a MAY for AH and a MUST for ESP-NULL. While operators may not care 
  about a MAY or a MUST in an RFC, but the IETF protocols and vendors do. So 
  all protocols that require IPsec for authentication implicitly have a MAY 
  for AH and a MUST for ESP-NULL.
  
  Given that there is hardly a difference between the two, I am trying to 
  understand the scenarios where people might want to use AH? OR is it that 
  people dont care and just use what their vendors provide them?
  
  Regards,
  John
 
 AH provides for  connectionless integrity and data origin authentication and 
 provides protection against replay attacks.  Many US Gov departments that 
 have to follow NIST and do not understand what this means require it between 
 internal point-to-point routers between one portion of their organization and 
 another adding more expense for no increase in operational security.
 
 If you are following NIST or DCID-63, this is required to meet certain 
 integrity requirements
 
 ESP provides confidentiality,  data origin authentication,  connectionless 
 integrity,  an anti-replay service,  and limited traffic flow 
 confidentiality.  EG AH portion provides for the integrity requirement and 
 the ESP encryption provides for the confidentiality requirement of NIST.
 
 Think of AH that it is like just signing a PGPMail and ESP as signing and 
 encrypting a PGPMail.
 
 There are reasons for both.
 
 Tom
 
 
 

Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmap with malware!]

[TR Shaw]

I can't believe this...

Andrew, please check the dictionary second definition of Trojan before 
proceeding.

A remote access tool is ssh, VNC and others and these are definitely not 
trojans. Get a grip.

Trojan Horse
noun noun Greek Mythology
a hollow wooden statue of a horse in which the Greeks concealed themselves in 
order to enter Troy.
• (also Trojan horse) figurative a person or thing intended secretly to 
undermine or bring about the downfall of an enemy or opponent : the rebels may 
use this peace accord as a Trojan horse to try and take over.
• (also Trojan horse) Computing a program designed to breach the security of a 
computer system while ostensibly performing some innocuous function.

Tom

On Dec 6, 2011, at 6:49 PM, andrew.wallace wrote:

 A trojan can be used for good if in the right hands as a remote access tool 
 for business use.
 
 
 Andrew
 
 
 
 From: Bryan Fields br...@bryanfields.net
 To: nanog@nanog.org nanog@nanog.org 
 Sent: Tuesday, December 6, 2011 11:24 PM
 Subject: Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmap 
 with malware!]
 
 On 12/6/2011 13:30, andrew.wallace wrote:
 It could be argued that Nmap is malware, and such software has already been 
 called to be made illegal.
 
 If I was Cnet, I would stop distributing his software altogether.
 
 Link: http://nmap.org/book/legal-issues.html
 
 If this is not trolling and you actually believe this, just wow.
 
 Nmap is just a tool, and any tool can be misused by people for criminal acts.
 It's really no different than a gun in that regard.  Both are incredibly
 useful things in the right hands, mere tools to further security.  However in
 the wrong hands they can be used to commit crimes and break other peoples
 security.
 
 -- 
 Bryan Fields
 
 727-409-1194 - Voice
 727-214-2508 - Fax
 http://bryanfields.net

Re: [outages] News item: Blackberry services down worldwide

[TR Shaw]

I have been following this thread for a while and I will have to say I am a tad 
confused.

Remote wipe has been in the iPhone since iOS3.1.3 And if your phone is locked 
it will wipe after 10 (if I remember correctly) failed unlock attempts.

My iPhone communicates completely encrypted. It is set to VPN back to our 
office.   And if we didn't wan't to do that we could could use TLS on our mail 
to keep that traffic encrypted. But encrypt all is the best approach for us.

Personally, I hate mail push. I watch folks in meetings constantly looking down 
or typing some response and never fully listening to the speakers and not fully 
engaged in the meeting. Additionally, mail push is indiscriminate and just 
interrupts my train of thought when I am working. If a communique is truly 
important whomever can iMessage,SMS,jabber/POTS me; otherwise the mail can just 
wait till I check my inbox. I understand others feel differently.  

On an iPhone today you can get push from exchange, iCloud/iMap, Gmail/GCloud, 
Yahoo, OSX Server (I believe) or set your phone the check every x minutes 
(after all what could be so important that 15 latency minutes would cause a 
catastrophe? (During many catastrophe situations sms could take hours or the 
voice cell network could be tied up and are you that close to whatever to be 
able to react). If you need instant response... script it.

As for filtering, its one of my issues about my iPhone.  However, iOS5 supports 
message flagging and a filter script back on your desktop (where Mail does 
accept/process message push via IDLE) can flag a message which will sync to 
your iPhone.

Lastly I have never liked RIM's model. It basically inculcates the idea that 
man in the middle is a good thing which it is not.

Just my 2¢

Tom


On Oct 13, 2011, at 8:49 AM, Erik Soosalu wrote:

 Any idea of when Apple's ActiveSync Implementation will close the gap
 with what BES does?
 
 Like maybe having Important message notifications? Categories? Filters?
 
 I use an iPhone, but mail handling on it is lacking.
 
 
 -Original Message-
 From: Matthew Huff [mailto:mh...@ox.com] 
 Sent: Thursday, October 13, 2011 8:44 AM
 To: 'Jamie Bowden'; 'Joe Abley'
 Cc: 'nanog@nanog.org'
 Subject: RE: [outages] News item: Blackberry services down worldwide
 
 It's called Microsoft Exchange ActiveSync :) 
 
 It works with Android, Apple and Microsoft devices. I believe both Lotus
 and Groupwise have licensed and support it as well. We have a few (but
 now, very few) blackberry users remaining. They won't let it go until we
 rip it out of their hands.
 
 
 
 
 -Original Message-
 From: Jamie Bowden [mailto:ja...@photon.com]
 Sent: Thursday, October 13, 2011 7:36 AM
 To: Joe Abley
 Cc: nanog@nanog.org
 Subject: RE: [outages] News item: Blackberry services down worldwide
 
 You are correct.  The BES uses PSKs to talk to RIM's servers, which
 then
 uses them to talk to the devices over the carrier networks.  All of
 this
 was in complete failure mode until sometime overnight when it appears
 to
 have all started flowing again.  Someday either Google or Apple will
 get
 off their rear ends and roll out an end to end encrypted service that
 plugs into corporate email/calendar/workgroup services and we can all
 gladly toss these horrid little devices in the recycle bins where they
 belong.
 
 Jamie
 
 -Original Message-
 From: Joe Abley [mailto:jab...@hopcount.ca]
 Sent: Wednesday, October 12, 2011 6:06 PM
 To: Phil Regnauld
 Cc: nanog@nanog.org
 Subject: Re: [outages] News item: Blackberry services down worldwide
 
 
 On 2011-10-12, at 18:02, Phil Regnauld wrote:
 
 Joe Abley (jabley) writes:
 
 On 2011-10-12, at 13:05, Leigh Porter wrote:
 
 Email on my iPhone is working fine.. ;-)
 
 The blackberry message service is centralised with a lot of
 processing intelligence in the core. Messaging services that use the
 core as a simple transport and shift the processing intelligence to
 the
 edge have different, less-dramatic failure modes.
 
This is not the case for corporate customers with dedicated
 servers,
AFAIU.
 
 I'm no expert, but my understanding is that at some/most/all traffic
 between handhelds and a BES, carried from the handheld device
 through
 a
 cellular network, still flows through RIM.
 
 
 Joe
 
 
 
 

Re: he.net down?

[TR Shaw]

Fine here in FL

$ ping6 www.he.net
PING6(56=40+8+8 bytes) 2001:470:5:4ed:cabc:c8ff:fea1:560c -- 2001:470:0:76::2
16 bytes from 2001:470:0:76::2, icmp_seq=0 hlim=55 time=178.017 ms

On Oct 3, 2011, at 6:39 PM, Christopher Morrow wrote:

 On Mon, Oct 3, 2011 at 6:37 PM, chris tknch...@gmail.com wrote:
 Down here as well
 
 
 ~$ ping6 www.he.net
 PING www.he.net(he.net) 56 data bytes
 64 bytes from he.net: icmp_seq=2 ttl=54 time=124 ms
 
 chris
 On Oct 3, 2011 6:36 PM, Aiden Sullivan ai...@sullivan.in wrote:
 www.he.net seems to be down on both IPv4 and IPv6 -- does anyone know what
 is
 going on?
 
 --
 Aiden
 
 
 
 

Re: insurance

[TR Shaw]

Sameo sameo plus you'll need standard liability if you have clients that come 
to your office or if you work on their site.  Usually your contract will 
dictate the minimum required.


On Sep 20, 2011, at 10:31 AM, harbor235 wrote:

 So what is the difference with EO and professional insurance?
 
 Mike
 
 On Tue, Sep 20, 2011 at 10:20 AM, Dave Ellis d...@colo4.com wrote:
 
 My wife works for an insurance Agency and handles small business lines.
 Want me to have her contact you?
 
 
 On 09/20/2011 08:00 AM, harbor235 wrote:
 
 Than you for the responses, I want to clarify that I am talking about
 professional
 laibility and not general liability insurance. Professional liability
 being
 insurance
 that covers errors or omissions while executing professional work that
 may
 adversely
 impact a business your are contracting with.
 
 thanx,
 
 Mike
 
 On Tue, Sep 20, 2011 at 7:59 AM, harbor235harbor...@gmail.com  wrote:
 
 Curious if anyone out there is acting as an independent contractor,
 consultant,  or small business,
 if so do you use professional liability insurance? What should I look out
 for and is there any good
 brokers that offer inexpensive yet reliable insurance?
 
 
 thanks as always,
 
 
 Mike
 
 

Re: Hurricane Katia

[TR Shaw]

On Sep 10, 2011, at 9:55 AM, andrew.wallace wrote:

 I'm hearing on the news wire 80mph winds will come to UK over the next 72 
 hours.
 
 Andrew


Andrew,

80 km maybe. TS force winds for Northern Scotland and Hebrides probably but I 
doubt the rest of the UK and it is only forcast to be a TS at that time

See http://www.nhc.noaa.gov/refresh/graphics_at2+shtml/102512.shtml?tswind120

Follow Katia at http://www.nhc.noaa.gov/graphics_at2.shtml?5-daynl#contents

Tom

Re: Looking for an opinion on Colo Solutions/Orlando colocation

[TR Shaw]

On Aug 21, 2011, at 2:16 PM, Graham Wooden wrote:

 Hi there,
 
 Our next POP deployment is going to be in Orlando (mainly supporting that
 CLEC client that I mentioned earlier last week).
 
 Can any one share their good/bad/ugly experiences with Colo Solutions
 there?  We had a brief conf call with their sales engineer but looking for
 real-world experiences/comments from folks that have had or currently is
 colocating hear there.
 

Graham,

You need to be in Orlando proper?  I have colo in Melbourne.

Tom

Re: Yup; the Internet is screwed up.

[TR Shaw]

When I had mine years ago I was lucky that ISDN in FL was unmetered which was 
no the case in other locales.  However it took forever to get it installed and 
working correctly. Bell South had to change out pairs and get a tech from 200 
miles away to get it installed right.  Today, the central office in my town 
doesn't even support ISDN any more.

As for cellular data being an option I don't think so give the increasing data 
caps and extra fees for overage (which is probably why the cloud might have 
big issues for mobile users)

I never liked cable as around here it slows down very noticeably when the kids 
get off school and they don't like giving out fixed IPs unless you get a 
business account.

ATTuniverse has its own issues and became only available around here last year. 
Its the only DSL option.

So I use WISP even at home just south of the space center.

Tom

On Jun 12, 2011, at 2:20 PM, Kenneth M. Chipps Ph.D. wrote:

 Sure its old and slow, but it is or at least was readily available to use
 poor country folk that cannot get DSL and so forth. The failback positions
 when all else is unavailable is analog, ISDN, or T1 from a landline,
 satellite or a WISP through the air with cellular data becoming more of an
 option.
 
 When I called ATT to order the ISDN line years ago, their answer was - Huh,
 What, Do we sell that.
 
 -Original Message-
 From: Barry Shein [mailto:b...@world.std.com] 
 Sent: Sunday, June 12, 2011 1:03 PM
 To: Jon Lewis
 Cc: NANOG list
 Subject: Re: Yup; the Internet is screwed up.
 
 
 On June 11, 2011 at 20:53 jle...@lewis.org (Jon Lewis) wrote:
 
 Have you heard the joke...ISDN = I Still Don't kNow?  For whatever
 reason,   BRI service is something the US telcos apparently never really
 wanted to   sell...perhaps because it might have cut into their T1
 business. 
 
 FWIW, ISDN is pretty old, standardized in 1988 but worked on for years
 before that.
 
 The BIG VISION of the telcos was that ISDN would carry the whole stack,
 particularly services like (business) e-mail. If you're really old you
 remember MCI Mail which was like 20c/message. They never seriously
 considered a public internet like we got when architecting ISDN.
 
 Consequently the whole thing was just too expensive to deliver as a
 last-mile connectivity-only product. They needed revenue from the rest of
 the stack to make it profitable.
 
 That said, ISDN was very cool in that it was switched which meant you
 dialed something, a lot like a POTS number. It was usually an actual POTS
 telephone number with some more digits but whatever.
 
 But it could establish a connection in about 50msec which meant you could be
 dropped, say for idle, hit a key and it'd redial and you'd never notice you
 were dropped. Try that with POTS dial-up! You could pretty much be dropped
 and redialed between keystrokes and never much notice.
 
 More importantly it meant you could have more than one ISDN ISP, like
 dial-up (or voice for that matter) just dial a different number.
 
 There was discussion, people like Sen Ed Markey of MA was interested (ca
 1992?), in trying to get the phone companies to embrace first ISDN (they
 were reluctant, I had it at home but you really had to know how to order it
 etc) and then some sort of next generation ISDN which would be faster, maybe
 10x, and so on.
 
 The attraction of DSL was, among other things, that it was nailed down to
 one and only one service provider, you couldn't just dial some other
 provider like with ISDN.
 
 This was a very important fork in the history of last-mile services, when we
 went from mostly switched (dial-up, maybe ISDN) to nailed-up single vendor
 solutions.
 
 I'd love to see some sort of switched last-mile services again, introduce
 some competition into the system, tho most likely it'd be
 (more) virtual over some low-level broadband service.
 
 
 -- 
-Barry Shein
 
 The World  | b...@theworld.com   |
 http://www.TheWorld.com
 Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR,
 Canada
 Software Tool  Die| Public Access Internet | SINCE 1989 *oo*
 
 
 
 

Re: Yup; the Internet is screwed up.

[TR Shaw]

On Jun 11, 2011, at 6:37 PM, Jeroen van Aart wrote:

 Eugen Leitl wrote:
 It definitely reduces need for moving human bodies in metal boxes
 back and forth, and reduces road wear and carbon dioxide emissions.
 
 I think a world of telecommuting employees is a utopia that will not be 
 reached in my lifetime. Most companies have proven to be unwilling to make it 
 a reality, exceptions just confirm the rule. Fiber to the premises or 
 whatever broadband solution one may implement will not change that much.
 
 Until the human factor changes...

I'm not sure where this thread is going but rural america and rural canada are 
rolling their own broadband connectivity in places.

I just helped a friend in NW Ont (in the bush) to mesh all his neighbors (the 
term neighbors is a stretch due to distance) together with the wireless mesh 
connected all the way back to where a cabin had LOS view to a canopy POP.

I know of similar grass roots wireless mesh system in the farmlands of mid 
america. Its very big in the Caribbean also.

As there become more folks around to help and kids learn networking so that 
they can help deploy in their communities, I expect that this will occur more 
and more unless carriers fill the void which I doubt.

If major carriers want eyeballs then they are missing out rolling out cheap 
wireless mesh systems. Their problem I guess is lack of huge return and even 
more lack of physical control over the mesh nodes.

Tom

Re: Yup; the Internet is screwed up.

[TR Shaw]

On Jun 10, 2011, at 7:43 PM, Jeroen van Aart wrote:

 Jay Ashworth wrote:
 Even Cracked realizes this:
  http://www.cracked.com/blog/5-reasons-internet-access-in-america-disaster
 That can't be good.
 
 ignorant?
 
 up to 10 percent of the country can't even get basic broadband
 
 I think I saw much larger numbers a few years ago when I read some hype 
 stories about how broadband access in the USA sucks. I am positively 
 surprised the gap has narrowed that much.
 
 I wonder, what's wrong with dialup through ISDN? You get speed that is about 
 the same as low end broadband I'd say. And I think it'd be available at these 
 locations where DSL is not.
 
 To quote http://en.wikipedia.org/wiki/Broadband_Internet_access#ISDN
 
 A basic rate ISDN line (known as ISDN-BRI) is an ISDN line with 2 data 
 bearer channels (DS0 - 64 kbit/s each). Using ISDN terminal adapters 
 (erroneously called modems), it is possible to bond together 2 or more 
 separate ISDN-BRI lines to reach bandwidths of 256 kbit/s or more. The ISDN 
 channel bonding technology has been used for video conference applications 
 and broadband data transmission.
 
 My low end home DSL connection has similar bandwidth.
 With regards to the writer's main gripe, if your telecommute work typically 
 consists of ssh sessions and email then even y'olde dialup will do just fine.
 
 /ignorant?

Try ordering one.  If I wanted one here I couldn't order one today. Years ago I 
had a bonded BRI serving my first server and and it took 3 months to get it 
working.  I am not sure central offices have that capability any more.  There 
was also a distance constraint from the CO (kinda like the distance issue from 
the DSLAM demark)

I have a fishing cabin out in the middle of nowhere and I get broadband via a 
small ISP that serves via Canopy coresiding on 300 ft cell towers.  This 
provides 1-20Mbps service even when the cell towers only provide Edge

Tom

Re: Interested in input on tunnels as an IPv6 transition technology

[TR Shaw]

 On Thu, May 12, 2011 at 10:52 PM, Karl Auer ka...@biplane.com.au wrote:
 Hullo all.
 
 I'm working on a talk, and would be interested to know what people think
 is good about tunnels as an IPv6 transition technology, and what people
 think is bad about tunnels.
 
 It would probably be best to let me know off-list :-) but I'm happy to
 summarise back to the list. Any references you have to useful papers,
 articles, discussions etc would also be appreciated.
 
 I'm looking for both general problems and advantages, but also
 advantages and disadvantages specific to particular tunnel types. It
 would also be helpful to know from what perspective particular things
 are good or bad, in so far as it isn't obvious. A carrier has a
 different perspective than, say, a home user, who will have a different
 perspective again to an enterprise user.
 
 Many thanks in advance for your input.

All I can say is that if it wasn't for HE tunnels I would be SOL. No provider 
here in east central Florida can even speak IPv6.  Brighthouse is clueless. ATT 
told me maybe 2012 or 2013!  So I tunnel to HE's POP in Miami.  With this I can 
test and become dual stack operational. Yes, it is not as good as a native 
connection but in my position its the only game in town.

Tom

Re: Yahoo and IPv6

[TR Shaw]

On May 9, 2011, at 11:16 AM, Arie Vayner wrote:

 Actually, I have just noticed a slightly more disturbing thing on the Yahoo
 IPv6 help page...
 
 I have IPv6 connectivity through a HE tunnel, and I can reach IPv6 services
 (the only issue is that my ISP's DNS is not IPv6 enabled), but I tried to
 run the Start IPv6 Test tool at http://help.yahoo.com/l/us/yahoo/ipv6/ and
 it says:
 We detected an issue with your IPv6 configuration. On World IPv6 Day, you
 will have issues reaching Yahoo!, as well as your other favorite web sites.
 We recommend disabling
 IPv6http://us.lrd.yahoo.com/_ylt=ArHGqIAYvt_4fpp3N3vLzmNRJ3tG/SIG=11vv8jc1f/**http%3A//help.yahoo.com/l/us/yahoo/ipv6/general/ipv6-09.html,
 or seeking assistance in order to fix your system's IPv6 configuration
 through your ISP or computer manufacturer.
 

Weird as I also use the HE tunnel and the yahoo report for me was clean.

Tom

Re: Server Cabinet

[TR Shaw]

On May 4, 2011, at 5:06 AM, James Aldridge wrote:

 On 04/05/2011 10:53, Leigh Porter wrote:
 This may be a silly question but.. How did it get in there?
 
 I'm assuming that it's not yet in there :-)
 
 I'd probably knock the wall down and fit a more reasonably sized door -
 620mm (2') seems a bit narrow for a door anyway.
 
 One could of course get a 600mm wide rack instead ...

I agree. Put the too big rack up on ebay and get a smaller one (or one you can 
get through the door.  This is gotta be cheaper than knocking down, dust 
abatement and rebuilding a wall. I am not big on cutting the rack unless you 
know a ME and a really good welder and that may still not be cheaper than sell 
and buy new.

Tom

Re: SIXXS contact

[TR Shaw]

On Apr 26, 2011, at 6:38 PM, Andrew Kirch wrote:

 On 4/26/2011 12:11 PM, Brielle Bruns wrote:
 I've run a volunteer/free hosting service since 1997 or so - it never
 ceases to amaze me how people will complain about free things, but
 when you ask them to pony up a little monthly support its like you
 killed their puppy.  I just term people who are more of a hassle then
 they are worth.
 
 I'm not complaining, but I would point out that if these free brokers
 are the public face of IPv6 for many hobbyists (and much of the various
 software run on/over the internet is written by volunteers, and/or given
 away for free), we aren't going to get there.  The big deafening silence
 from SIXXS is really unfortunate in that it does actively affect my
 opinion of IPv6, my willingness to spend time implementing it, pestering
 my upstream about it, or having my business give a damn about it.  Yes I
 know they're volunteers, but how much does that matter?

I can't say about SIXXS but HE has been great to me.  If it wasn't for them I 
would be out in the cold since neither ATT nor Brighthouse (my 2 options at my 
colo) can even spell IPv6!

Tom

Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?

[TR Shaw]

I agree.  Simple clean perl proxy.  Lots of GUI config. Can use ClamAV and 
other AV systems. Easy to deploy. Is no brainer to manage.

Comes in single and multithreaded.  Your call. I get a lot of email through the 
single thread version. Handles TLS and more.

http://sourceforge.net/projects/assp/files/


On Apr 10, 2011, at 6:07 PM, Joshua Klubi wrote:

 The best of them is A.S.S.P. and it works wonder I have deployed a couple and 
 I love it
 
 Sent from my iPhone
 
 On Apr 10, 2011, at 12:46, Elijah Savage esav...@digitalrage.org wrote:
 
 FreeBSD, Postfix, Amavisd, Spamassassin, Clamav and TLS
 
 I have seen and deployed this combination as a mail relay to exchange both 
 in and out of large organizations 35,000 plus hosting multiple domains as 
 well as small organizations. With a few scripts it is essentially self 
 containing very little maintenance.
 
 On Apr 8, 2011, at 11:51 PM, John Palmer (NANOG Acct) wrote:
 
 OK, its been a year since my Barracuda subscription expired. The unit still 
 stops some spam. I figured that I would go and see what they would do if I 
 tried to renew my subscription EXACTLY one year after it expired. Would 
 their renewal website say Oh, you are at your anniversary date, and renew 
 me for a year?
 
 No such luck: They want me to PAY FOR AN ENTIRE YEAR for which I did NOT 
 receive service and then for the current (upcoming year). Sorry - I don't 
 allow myself to be ripped off like that. Sorry Barracuda - you get no money 
 from me and I'll tell everyone I know about this policy of yours.
 
 I posted an article about this unscrupulous practice on my blog last year 
 at http://www.john-palmer.net/wordpress/?p=46
 
 My question is - does anyone have any suggestions for another e-mail 
 appliance like the Barracuda Spam Firewall that doesn't try to charge their 
 customers for time not used. I should be able to shut off the unit for a 
 year or whatever and simply renew from the point that I re-activate the 
 unit instead of having to pay for back-years that I didn't use.
 
 Thanks
 
 
 
 
 
 
 
 

Re: Barracuda Networks is at it again: Any Suggestions as to an Alternative?

[TR Shaw]

On Apr 8, 2011, at 11:51 PM, John Palmer (NANOG Acct) wrote:

 OK, its been a year since my Barracuda subscription expired. The unit still 
 stops some spam. I figured that I would go and see what they would do if I 
 tried to renew my subscription EXACTLY one year after it expired. Would their 
 renewal website say Oh, you are at your anniversary date, and renew me for 
 a year?
 
 No such luck: They want me to PAY FOR AN ENTIRE YEAR for which I did NOT 
 receive service and then for the current (upcoming year). Sorry - I don't 
 allow myself to be ripped off like that. Sorry Barracuda - you get no money 
 from me and I'll tell everyone I know about this policy of yours.
 
 I posted an article about this unscrupulous practice on my blog last year at 
 http://www.john-palmer.net/wordpress/?p=46
 
 My question is - does anyone have any suggestions for another e-mail 
 appliance like the Barracuda Spam Firewall that doesn't try to charge their 
 customers for time not used. I should be able to shut off the unit for a year 
 or whatever and simply renew from the point that I re-activate the unit 
 instead of having to pay for back-years that I didn't use.

Get a linux box or whatever and roll your own. ASSP, DSPAM, Spamassin, or other 
open source

Tom

Re: New tsunami advisory warning - Japan

[TR Shaw]

On Mar 28, 2011, at 1:03 PM, Marshall Eubanks wrote:

 
 On Mar 28, 2011, at 11:28 AM, Marshall Eubanks wrote:
 
 
 On Mar 28, 2011, at 10:57 AM, Gavin Pearce wrote:
 
 You guys forget a lot of folks on the list are working on cabling ships 
 and off shore platforms, its not all about what happens on shore in this 
 industry.
 
 
 
 Valid point ... however in deep ocean, these things are pretty 
 imperceptible. The effect on ships on the surface are nominal, and off 
 shore platforms are (generally) built with these things in mind: 
 http://www.msnbc.msn.com/id/27324535/ns/technology_and_science-innovation/
 
 
 Here is a video of the recent Japanese tsunami from a JCG ship in the the 
 open ocean. The waves (@ ~4:20 and 6:40 into the video) caused them no 
 trouble, but they were certainly not imperceptible. 
 
 
 With the video :
 
 http://www.youtube.com/watch?v=4XSBrrueVoQfeature=player_embedded#at=19
 
Didn't show much and they were near the epicenter. 

My friend was on her 44' sailboat  about halfway between Galapagos and Easter 
Island went Chile's earthquake happened which caused a 10' tsunami in the 
Galapagos. They never noticed a thing.

Tom
Tom

Re: IPv6 SEO implecations?

[TR Shaw]

On Mar 28, 2011, at 7:10 PM, Karl Auer wrote:

 On Mon, 2011-03-28 at 15:55 -0700, Owen DeLong wrote:
 If you're worried about SEO, go with native IPv6 and then deploy s
 for WWW.domain.foo.
 
 Why is native IPv6 needed? I'd have thought a tunnel would be fine, too.

So why does 

www A 127.0.0.1
www  ::1

Preclude a tunnel?  I can't get native here to my IPv6 is tunneled thru he 
(Thanks he) but that doesn't change dual DNS entires.

(Note used loopback as an example)

Tom

Re: IPv6 SEO implecations?

[TR Shaw]

On Mar 28, 2011, at 7:17 PM, Nathan Eisenberg wrote:

 Why is native IPv6 needed? I'd have thought a tunnel would be fine, too.
 
 I believe the concern is that the higher latency of a tunnel would impact SEO 
 rankings.


True but you live with what you can get acces to ;-)

Tom

Re: SORBS contact?

[TR Shaw]

On Mar 22, 2011, at 7:08 PM, Mike wrote:

 On 03/22/2011 03:58 PM, Paul Graydon wrote:
 On 03/22/2011 12:24 PM, Franck Martin wrote:
 +1
 
 They know the challenges, aware of the issues and I have seen some
 progress.
 
 I'm glad to hear that, one less extortion racket on the 'net is no bad
 thing. They might do better by rebranding though. SORBS has one heck of
 an amount of negative karma for them to get past.
 
 
 Competently managed and with even a modicum of responsiveness, SORBS could be 
 redeemed. But yeah, they should get a new name, SORBS is tainted in my book.

SORBS is tainted worldwide. You should hear the the laughing and negative 
comments about them at MAAWG and at other conferences let alone all the users 
that dumped them and all the legit ISPs that they held for ransom.

If they have gotten rid of Michelle and have gotten new management and gotten a 
new attitude they should run that up the flag pole so that everyone will know.  
And, I agree they need to rebrand if they are really dedicated to a change in 
operations.  Then, they face the long term to get back their reputation.

Re: SP's and v4 block assignments

[TR Shaw]

On Mar 18, 2011, at 6:49 PM, Owen DeLong wrote:

 
 On Mar 18, 2011, at 2:11 PM, Jeroen van Aart wrote:
 
 This is not uncommon practice. I agree with you that it's undesirable, but, 
 it's not uncommon
 among the access networks.
 
 I guess it's ok to expect a small fee when your consumer grade internet 
 connection gets a static IP. Given that many large ISPs force you to get  a 
 business account if you want a static IP, and a higher price.
 
 I think both practices are relatively despicable, but, widespread enough that 
 perhaps I am in the minority.
 Hopefully this will get better in IPv6.
 

Owen,

I doubt it will get better. Lots are into nickle and dime'ing for everyone to 
get an extra buck. Look at wireless, they charge for x Mega/giga bits per month 
from your hand help device (phone). Oh you want to tether, that will be more? 
Say what? Bits are bits but somehow tethered bits are different. Oh, its cause 
we can pretend and charge more for them

Tom

Re: What vexes VoIP users?

[TR Shaw]

On Feb 28, 2011, at 7:24 PM, Jay Ashworth wrote:

 - Original Message -
 From: Joe Greco jgr...@ns.sol.net
 
 Yeah, um, well, hate to ruin that glorious illusion of the legacy
 physical plant, but Ma Bell mostly doesn't run copper all the way
 back to a real CO with a real battery room these days when they're
 deploying new copper. So if you have a house built more than maybe
 20 years ago, yeah, you're more likely to have a pair back to the CO,
 but if you've ordered a second line, or you're in a new subdivision
 and you're far from the CO, the chances you're actually on copper back
 to the CO drops fairly quickly.
 
 Ok, sure.  But probably to an RSU, which -- as I noted to Owen just now --
 is engineered and monitored to quite a bit higher standards than I'm 
 betting Comcast or FiOS is.


Well, I have to go back to the hurricanes of 04 for a personal view of this 
higher standards.  

Cable went down because of cable cuts (expected) and because of no power backup 
longer than a short time with batteries.  CO's faired a scoch better but when 
their battery banks went dry it was over because the gensets never autostarted 
and there was no one here on the coast in central Florida to intervene.

All cell phones were toast except old Bell South. Local worked through both Cat 
3's and then LD came back later. Don't know whether it was towers with only 
short term batts or power to fiber was disrupted.  36+ hours after both Cat 3's 
all BellSouth wireless was back up but with load issues as you can imagine. 
Other carriers took days.

My home internet is wireless to my colo and then via 4 carriers out.  All but 
one carrier died after 24+ hours of outage. Colo was fine an humming.  Feedback 
later was that the problems were due to poor maintenance of generators and 
failover equipment and understanding of disasters.  

Bottom line is my VOIP worked because I had luck or at least I was proactive 
and my cell worked because I was lucky.

Today, given the margins and the amount of reinvestment and maintenance  I 
doubt that either cable or POTS would hack a disruption like this which is not 
out of the question. I doubt that they would do as good.

Tom
PS as for the comment that your mother wouldn't use VOIP, my mother in her 80's 
uses VOIP and loves it.

Re: Mac OS X 10.7, still no DHCPv6

[TR Shaw]

On Feb 27, 2011, at 1:56 AM, Mikael Abrahamsson wrote:

 On Sat, 26 Feb 2011, Joel Jaeggli wrote:
 
 On 2/26/11 9:27 PM, Mikael Abrahamsson wrote:
 On Sat, 26 Feb 2011, Joel Jaeggli wrote:
 
 On 2/26/11 9:05 PM, Randy Bush wrote:
 With copies out to developers we now have confirmation that Apple
 still hasn't included DHCPv6 in the next release of OS X.
 
 what is it about ipv6 which attracts religious nuts?
 
 you sure it's not macos (says joel from a v6 enabled mac).
 
 On a more serious note, I can on my Ubuntu machine just apt-get install
 wide-dhcpv6-client and I get dhcpv6, it'll properly put stuff in
 resolv.conf for dns-over-ipv6 transport, even though the connection
 manager knows nothing about it, at least dual stack works properly.
 
 Can one do the equivalent easy addition to OSX?
 
 You can, the actual integration issue is that network mangler (on
 ubuntu/fedora etal) and the osX airport connection manager will give up
 on a subnet on which they can't obtain an ipv4 address in prefernce to
 one where they can... this can also be worked around but it makes
 v6-only operation (Assuming that were desired, or even a good idea at
 this point) something that the majority of the users wouldn't be able to
 achive without the default behavior changing.
 
 I'm not that interested in v6 only, I'm after requiring DHCPv6 and 
 disallowing SLAAC, which clients can use IPv6 then?
 
 List afaik:
 
 Can:
 Windows Vista/Win7 (default)
 Linux (with non-default software)
 *BSD (with non-default software)
 
 Probably:
 
 OSX (with non-default software)
 
 Can't:
 
 Windows XP
 
 Don't know:
 
 Symbian
 Android
 Apple iOS
 

Mikael,

try:

http://sourceforge.net/projects/wide-dhcpv6/
http://wouter.horre.be/doc/stateless-dhcpv6-on-mac-os-x

or 

http://klub.com.pl/dhcpv6/

There are others out there. I prefer wide for now.  Works on 10.6. Haven't 
tried it on 10.5.

Tom

Re: Mac OS X 10.7, still no DHCPv6

[TR Shaw]

On Feb 27, 2011, at 6:27 AM, Randy Bush wrote:

 You're going to have to perform stateless autconfiguration in ipv6 and
 provide an ipv4 nameserver at the very minimum for a long time
 
 apple is gonna look very very st00pid on world ipv6 day.  and a bunch of
 folk are considering not turning things off after that day.

Now why would you say that, Randy?  My home is dual stacked with a IPv6 tunnel 
to HE at my router. All off the shelf. No special config. All Apple. So whats 
the beef? 

Tom

NIST and SP800-119

[TR Shaw]

Just wondering what this community thinks of NIST in general and their 
SP800-119 ( http://csrc.nist.gov/publications/nistpubs/800-119/sp800-119.pdf ) 
writeup about IPv6 in particular.

Re: My upstream ISP does not support IPv6

[TR Shaw]

On Feb 10, 2011, at 1:10 AM, Frank Bulk wrote:

 I'm not sure what you mean -- once the ISP identifies CPE that works on
 their network, couldn't early adopters who are interested in the technology
 be pointed to a short list?
 
 Frank
 
 -Original Message-
 From: Cutler James R [mailto:james.cut...@consultant.com] 
 Sent: Monday, February 07, 2011 5:00 PM
 To: NANOG list
 Subject: Re: My upstream ISP does not support IPv6
 
 All this talk about CPE is wasted until folks like ATT have someone on the
 retail interface (store, phone, or, web) who even knows what is this IPv6
 thing.  Exploring this issue with DSL providers and Uverse is like that old
 exercise with combat boots. It feels much better when I stop.


Would if att (and others) would support IPv6 (via dedicated, residential or 
even cellular).  Where I am, all contact people I have spoken to don't have a 
clue. The best I got was call back late summer and we'll know something) Their 
residential and cellular folks couldn't even spell IPv6.

Tom

Re: My upstream ISP does not support IPv6

[TR Shaw]

On Feb 10, 2011, at 1:26 AM, Owen DeLong wrote:

 The problem is conversations like this:
 
 ATT Customer Service: ATT uVerse, how can I help you?
 
 Customer: Yes, I have uVerse service and I'd like to get IPv6.
 
 ATT Customer Service: I pea vee what? Is this a prank call?
 
 Owen
 

The ATT cellular folks respond...

ATT:  ATT Wireless. My name is  and I'm here to help

User: My iPhone web browser can't reach sites like ipv6.google.com via your 
cellular network but it can over my wifi at home.

ATT: So you are having problems with your uVerse wireless connection?

... after escalating to L2 support

ATT: So we will start be reseting your iPhone and then configure it for data 
access

...after 45 minutes...

ATT: Are you sure the website is valid? Let me check that website on my 
desktop here Well, thats the problem! http://ipv6.google.com/ doesn't 
exist. I can't get to it via my desktop here at support.  You need to use www 
instead of ipv6 and everything will be fine.  Is there anything else I can help 
you with today?

Re: My upstream ISP does not support IPv6

[TR Shaw]

On Feb 10, 2011, at 10:28 AM, Cameron Byrne wrote:

 T-mobile USA has a nationwide ipv6 beta. You can google it. Regarding iphone, 
 its more an iPhone issue than anything else
 
Nope its ATT. My iPhone works fine on IPv6. I connect wifi at home and can go 
anywhere but on on ATT wireless.

Tom

Re: Looking for an IPv6 naysayer...

[TR Shaw]

On Feb 9, 2011, at 2:38 PM, Nathan Eisenberg wrote:

 according to the
 vendors selling CGNAT solutions the impact to end users is (almost)
 unnoticeable.
 
 And according to a used car salesman, this here pickup truck was only gently 
 driven by a little old lady to the shop once a week.  There's going to be a 
 lot of snake oil in the next couple years as very small ISPs struggle to 
 implement native IPv6 over those aging DSLAMs and GPON systems that don't and 
 won't support it.



LOL just try your cell phone... Mine works fine over office wifi but not over 
cellular. Its not just small ISPs; its tier1's as well.

Tom

Re: Looking for an IPv6 naysayer...

[TR Shaw]

On Feb 9, 2011, at 6:21 PM, Owen DeLong wrote:

 
 On Feb 9, 2011, at 12:50 PM, George Bonser wrote:
 
 
 I never thought it was that bad. In some 3G/wireless networks in
 Germany
 the providers use NAT and transparent HTTP-proxy. But this is only
 wireless. I'm not aware of any DSL or Cable provider NATing their
 customers.
 
 Jens
 
 Practically all broadband providers NAT their customers in the US.  If
 you look at the largest ones which are probably Comcast, Verizon, and
 ATT, you have the majority of US broadband subscribers right there.
 
 
 No.
 
 Almost none of the broadband providers in the US NAT their customers.
 
 Most of them provide a single public IP address to their residential
 customers.
 
 Most broadband customers use their own NAT to extend that single
 public IP address from the provider to multiple addresses within
 the site.
 
 This is a very very different thing from LSN with a lot less breakage.


Owen

This maybe true of all the big boys but I can tell you that rural telcos 
providing internet connectivity (personal experience in Northern MN) do and 
heavily.  They may run fiber to the house but they do LSN big time.

Tom

Re: US Warships jamming Lebanon Internet

[TR Shaw]

On Feb 8, 2011, at 6:59 AM, Denys Fedoryshchenko wrote:

 On Tuesday 08 February 2011 01:42:42 George Herbert wrote:
 On Mon, Feb 7, 2011 at 2:23 PM, Ryan Wilkins r...@deadfrog.net wrote:
 On Feb 7, 2011, at 4:06 PM, Michael Painter wrote:
 Hi Denys
 I doubt it's intentional jamming since I've had the same problem.
 Aegis radar is very high power in full radiate mode and as such creates
 problems for Low Noise Amplifiers listening at 3.4-4.2 GHz. Someone
 needs to talk to Microwave Filter Company.
 http://www.microwavefilter.com/c-band_radar_elimination.htm
 
 --Michael
 
 +1 for Microwave Filter.  They've helped me out in a couples jams before.
 They're very responsive and the products are good, too.
 
 I think people in San Diego and near Norfolk, VA have the same problems.
 
 The C-band frequencies are 2x those of the S-band (4-8 GHz for C, 2-4
 GHz for S); if the SPY-1 / SPY-1D radar is frequency hopping it may
 well step on someone's C-band links at twice the radar's basic
 frequency.  Just need a filter to remove actual S-band frequencies
 from C-band feeds.
 I try to install C-Band bandpass filter, no effect at all, so it is in-band 
 interference. Putting foil (yes i try almost everything) near LNB doesn't 
 affect interference level too.
 

It can come in from other places as well. Inductance via 
unfiltered/poorly-filtered power, poor I/F cabling as well as via other 
sources. 

Have you tried using a spectrum analyzer to characterize the signal in the 
ether and compare it to what you are seeing in your systems?

Tom

Re: US Warships jamming Lebanon Internet

[TR Shaw]

On Feb 8, 2011, at 7:34 AM, Denys Fedoryshchenko wrote:

 On Tuesday 08 February 2011 14:41:29 Adrian Chadd wrote:
 On Tue, Feb 08, 2011, Denys Fedoryshchenko wrote:
 On Tuesday 08 February 2011 14:18:59 Adrian Chadd wrote:
 On Tue, Feb 08, 2011, Denys Fedoryshchenko wrote:
 I try to install C-Band bandpass filter, no effect at all, so it is
 in-band
 
 interference. Putting foil (yes i try almost everything) near LNB
 doesn't affect interference level too.
 
 Can you get access to some kind of spectrum analyser kit to see what
 the kind of interference is?
 
 
 
 Adrian
 
 Yes, on short (few minutes) sweeps it is clean. During long time run,
 with 100 Khz resolution, if we run few hours we can catch anomalies on
 the carrier. Important note: this snapshot done on spectrum analyser in
 Europe, same transponder, and results similar, so it looks like
 interference is on transponder. Issue start to affect us at same time
 when people in Lebanon got local interference issues.
 
 Here is snapshot of carrier spectrum with anomaly:
 http//www.nuclearcat.com/PICTURES/interference.jpg
 
 And does this interference similarly screw up being able to RX data from
 the transponder whilst in Europe?
 
 (eg, if you stick a modem on RX-only in Europe (ie, no uplink) and then
 just lock onto the signal and decode whatever happens, do you suffer
 the same problem?)
 Difficult, in Europe EIRP of transponder is too low, to try.
 By the way interference almost disappeared yesterday, and it's much better 
 today.
 

BTW, here is some comments on the pict from my office mate...

It doesn't show what the sweep span is ... If it's the full transponder, could 
be narrow band carriers ... The gain slope across the pass band looks like CRAP 
... He must have a funky LNB ... If this is one carrier, then obviously there’s 
interference … If the spikes are there, it could be radar or it could be some 
type of burst TDMA junk ... I have articles talking about C Band inband 
interference in Europe somewhere ... Brian

 

Re: Web Server and Firewall Hellp

[TR Shaw]

On Feb 7, 2011, at 1:18 PM, Joshua William Klubi wrote:

 Hi,
 
 I run a web-server based on ubuntu server and the LAMP stack.
 I used Ubuntu's UFW firewall model and have enabled only Web and SSH ports.
 Namely port 80 and port 22 only.
 
 Unfortunately once a while some guys get to inject some content onto our web
 pages.
 
 Now managements are looking at getting a well proven infrastructure to
 counter that.
 But I also think i can fall on this community to help me get the right stuff
 done. Where
 i can protect the server from such attack.
 
 
 I want to know what measure i can do on the server to get it protected which
 mysql protection
 I should implement. since i can see that it might be a php or mysql
 injection that is been used.
 
 Currently I run these security measures on it.
 Ubuntu UFW
 Fail2ban
 PHP model security
 Apache security

Josh

Patch your lamps , collab env, builtin boards and everything, make sure mySQL 
has a password on it since it doesn't out of the box,  also update all 
passwords to hard ones and change all updates in the future to not use ftp 
first. Close firewall ports you are not useing and then check your logs to see 
what vulnerabilities you still have if any.

Tom

Re: Request Spamhaus contact

[TR Shaw]

I just have to chime in here besides Raymond and others data, I can attest that 
blacklotus abuse contact is worthless.  

I have tried to report abuse to blacklotus many times. My last attempt was back 
in September when I tried for a week to report Canadian Pharmacy pill spam on a 
blacklotus IP. No response from abuse (not really expected) but no takedown 
either after a week of reporting over and over again.

We don't bother to report to you any more because your abuse email appears to 
us that its /dev/null'ed

Tom

On Jan 17, 2011, at 6:55 PM, Raymond Dijkxhoorn wrote:

 Hi!
 
 1) The sites were already null routed. The problem is with Spamhaus'
 inability to contact me prior to impacting other legitimate customers.
 
 Null routed?
 
 Its up!
 
 [root@master tmp]# host www.viagra-shopping.com
 www.viagra-shopping.com has address 208.64.127.78
 
 viagra-shopping .com
 potenzmittel-at .com
 medicin-24 .com
 apothekeohnerezept .at
 
 Please take more then 2 seconds to reply and clean up your act first!
 
 Jan 17 15:20:08 CET potenzmittel-at.com: [208.64.127.87]
 
 You didnt shut down what i put in this mail. Please act now, clean it. Clean 
 more, there is zillions
 
 You seriously need to check your network first before complaining.
 
 Bye,
 Raymond.
 
 
 

Re: Request Spamhaus contact

[TR Shaw]

So the fact that you host the spamvertized pill and other spam sites makes it 
OK because the spamming email came from residential machines that were coopted? 
 

That's weird logic but maybe that's why your abuse never responded to us nor 
shuts them down.

Tom

On Jan 17, 2011, at 7:14 PM, Jeffrey Lyon wrote:

 Raymond,
 
 Spam does not make me nervous, it's a practical matter that we will
 address in due course. The null routes we have set are pretty recent
 so you may have received some spam prior to that time but I absolutely
 guarantee you that it did not come from our network, otherwise we
 would have detected it and stopped it on the spot.
 
 Thanks, Jeff
 
 
 On Mon, Jan 17, 2011 at 7:12 PM, Raymond Dijkxhoorn
 raym...@prolocation.net wrote:
 Hi!
 
 That is not in our IP space. These are the only SBL's we have outstanding:
 
 SBL101835
 208.64.127.64/27blacklotus.net
 17-Jan-2011 14:44 GMT
 Drug spam domain hosting
 
 
 SBL101662
 208.64.123.176/28   blacklotus.net
 14-Jan-2011 10:31 GMT
 Drug spam domain hosting
 
 208.64.120.186 canadian-rx-store.org
 
 I connected to 208.64.120.186 on TCP port 80 and finger-boned an HTTP
 request for http://canadian-rx-store.org/ and the server responded as
 I would expect a server configured with that name to respond.
 
 canadian-rx-store .org? Really?
 
 So they need, and will add more.
 
 NetRange:   208.64.120.0 - 208.64.127.255
 CIDR:   208.64.120.0/21
 OriginAS:   AS32421
 NetName:NET-208-64-120-0-1
 NetHandle:  NET-208-64-120-0-1
 Parent: NET-208-0-0-0-0
 NetType:Direct Allocation
 NameServer: NS1.ENTERPRISE.BLACKLOTUS.NET
 NameServer: NS2.ENTERPRISE.BLACKLOTUS.NET
 RegDate:2005-12-22
 Updated:2009-11-11
 Ref:http://whois.arin.net/rest/net/NET-208-64-120-0-1
 
 OrgName:Black Lotus Communications
 OrgId:  BLC-92
 Address:3419 Virginia Beach Blvd. #D5
 
 Thats not your IP space? Really? How come.
 
 apothekeosterreich .at - 208.64.120.197
 vertrouwdeapotheek .nl - 208.64.120.197
 
 viagra-shopping .com - 208.64.127.78
 medicin-24 .com - 208.64.127.78
 
 apothekeohnerezept .at - 208.64.127.66
 
 www.medicin-24 .com - 208.64.127.78
 www.viagra-shopping .com - 208.64.127.78
 
 This is just like 3 minutes digging in todays spamfolders.
 
 Instead of typing here, i would be rather nervous and placing null routes
 wherever i could.
 
 Bye,
 Raymond.
 
 
 
 
 
 
 -- 
 Jeffrey Lyon, Leadership Team
 jeffrey.l...@blacklotus.net | http://www.blacklotus.net
 Black Lotus Communications - AS32421
 First and Leading in DDoS Protection Solutions
 

Re: {Spam?} Re: Request Spamhaus contact

[TR Shaw]

Hmmm. Null routed?  Lets see

http://www.apothekeosterreich.at/Home.aspx
http://www.viagra-shopping.com/Home.aspx

Do I really need to show you more?

Tom

On Jan 17, 2011, at 7:38 PM, Jeffrey Lyon wrote:

 Raymond,
 
 All of this IP space is null routed. The customer has been served with
 notice to vacate. What more are you asking for?
 
 Best regards, Jeff
 
 
 On Mon, Jan 17, 2011 at 7:35 PM, Raymond Dijkxhoorn
 raym...@prolocation.net wrote:
 Hi!
 
 Actually, that was just a brain lapse. The domain didn't resolve at
 all (misspelled?) and it returned the Cox default resolution.
 
 Instead of looking at typo's or misspelled stuff, can you null route the
 rest of the abuse reports that came in? Or should we get it added on the SBL
 listing since it seems thats the only way to get your attention.
 
 apothekeosterreich .at - 208.64.120.197
 vertrouwdeapotheek .nl - 208.64.120.197
 
 viagra-shopping .com - 208.64.127.78
 medicin-24 .com - 208.64.127.78
 
 apothekeohnerezept .at - 208.64.127.66
 
 www.medicin-24 .com - 208.64.127.78
 www.viagra-shopping .com - 208.64.127.78
 
 This is just like 3 minutes digging in todays spamfolders.
 
 Instead of typing here, i would be rather nervous and placing null
 routes
 wherever i could.
 
 Bye,
 Raymond.
 
 
 
 
 -- 
 Jeffrey Lyon, Leadership Team
 jeffrey.l...@blacklotus.net | http://www.blacklotus.net
 Black Lotus Communications - AS32421
 First and Leading in DDoS Protection Solutions

Re: Request Spamhaus contact

[TR Shaw]

Actually, it does not:

$ host apothekeosterreich.at
apothekeosterreich.at has address 208.64.120.197
apothekeosterreich.at mail is handled by 10 mail.apothekeosterreich.at.
$ curl -I -L apothekeosterreich.at
HTTP/1.1 301 Moved Permanently
Cache-Control: private
Content-Length: 0
Location: http://www.apothekeosterreich.at/Home.aspx
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
Date: Tue, 18 Jan 2011 00:54:59 GMT
Connection: close

HTTP/1.1 200 OK
Cache-Control: private
Content-Length: 126574
Content-Type: text/html; charset=utf-8
Server: Microsoft-IIS/7.0
X-AspNet-Version: 4.0.30319
WL-Version: 2475.0
Set-Cookie: ASP.NET_SessionId=a3brplvgwfsdk3pd1g1zgdtj; path=/; HttpOnly
X-Powered-By: ASP.NET
Date: Tue, 18 Jan 2011 00:55:00 GMT
Connection: close

On Jan 17, 2011, at 7:33 PM, Jeffrey Lyon wrote:

 Raymond,
 
 We've acted on every report that we're aware of and instead you want
 to play pharmacy domain scavenger hunt. This domain at 208.64.120.197
 redirects to IP space we already null routed. It's the same customer.
 
 Just to calm your nerves we'll also null route that space (208.64.120.176/28)
 
 Thanks, Jeff
 
 P.S. Someone at Spamhaus PLEASE remove the /21 listing?
 
 
 
 On Mon, Jan 17, 2011 at 7:25 PM, Raymond Dijkxhoorn
 raym...@prolocation.net wrote:
 Hi!
 
 Spam does not make me nervous, it's a practical matter that we will
 address in due course. The null routes we have set are pretty recent
 so you may have received some spam prior to that time but I absolutely
 guarantee you that it did not come from our network, otherwise we
 would have detected it and stopped it on the spot.
 
 Thats not your IP space? Really? How come.
 
 apothekeosterreich .at - 208.64.120.197
 vertrouwdeapotheek .nl - 208.64.120.197
 
 viagra-shopping .com - 208.64.127.78
 medicin-24 .com - 208.64.127.78
 
 apothekeohnerezept .at - 208.64.127.66
 
 www.medicin-24 .com - 208.64.127.78
 www.viagra-shopping .com - 208.64.127.78
 
 This is just like 3 minutes digging in todays spamfolders.
 
 www.apothekeosterreich .at is still up at the mentioned ip. Instead of
 telling you are s good on terminating stuff. Can you walk over the list
 and act?
 
 I have sended in many requests for termination. You or your network dont
 respond to this at all.
 
 Its a waste of time even telling it seems.
 
 I will stop posting here, spam-l is a much better place for this. But please
 dont act like you dont know anything whats going on. You have been warned.
 You have gotten many many reports. But we dont see stuff changing.
 
 Good luck with your listing at SpamHaus.
 
 Bye,
 Raymond.
 
 
 
 
 -- 
 Jeffrey Lyon, Leadership Team
 jeffrey.l...@blacklotus.net | http://www.blacklotus.net
 Black Lotus Communications - AS32421
 First and Leading in DDoS Protection Solutions
 

Re: FAA - ASDI servers

[TR Shaw]

On Jan 4, 2011, at 11:07 PM, Christopher Morrow wrote:

 On Tue, Jan 4, 2011 at 10:50 PM, Menerick, John jmener...@netsuite.com 
 wrote:
 Every joke has a bit of truth.  For instance, until recently (last 10 
 years?), O'hare's traffic controllers relied upon vacuum tube technology to 
 perform their job.
 
 yea, I was really referring to the ATC part of the FAA I suppose...
 I'm not sure it's still true, but every time I hear it come up in
 conversation (I bet owen delong would actually know...or rs) there is
 a bit of:
 Well, we could migrate to something NOT VT based, but that'd take 3+
 years and ... we have other priorities and ... 
 
 wash/rinse/repeat... On a serious note though:
 
 http://www.fly.faa.gov/ASDI/asdi.html
 (note this is the first hit in google searches for 'adsi server faa')
 seems to have all manner of information on it about the systems in
 question. They seem to mention VPN services, I suspect there isn't v6
 access, I would have read the requirements doc, but they wanted to
 send it to me as a .doc file... uhm, this is the 21st century could we
 distribute this in some sort of cross-platform manner? like txt ? or
 pdf? (though I hesitate to suggest pdf, what with the adobe pwnage
 consistently ongoing these days)


There is a federal directive that has been in place for a number of years that 
requires IPV6 support for all new IT contracts/systems and also a directive to 
all federal agencies to support IPV6 by 2008  (See 
http://ipv6.com/articles/general/US_Government_IPv6.htm )

Tom

Anyone have a contact for CANTV.NET

[TR Shaw]

Anyone have a contact for CANTV.NET without using CANTV.NET mailserver which is 
hosed, at least for abuse, support, and ipadmin which all fail?

TIA,

Tom

Re: Wholesale DSL implementation in Canada

[TR Shaw]

On Dec 13, 2010, at 10:10 AM, James Smith wrote:

 
 We're looking at implementing a DSL private network in various provinces in 
 Canada.  There seems to be two main ways to do this: build the network 
 yourself by creating relationships with the local DSL providers (Bell, Telus, 
 MTS, etc) ; or build the network using a third-party that already has a DSL 
 infrastructure in place.  The third-party DSL infrastructure is a sure thing, 
 since they've been doing it for a while.  However, we're looking at a large 
 number of locations so the cost of implementing the DSL internally seems to 
 be more compelling.
 
 Not having implemented a DSL infrastructure before, I'm wondering if anyone 
 on NANOG has any advice on this?  What technical or political issues might we 
 run into?  What is the best choice of hardware? (Juniper or Cisco)?  Feel 
 free to contact me off-list if you'd prefer.
 
 James   

James,

You need to be sure that there is DSL coverage everywhere you are looking at.  
Just as in rural and non metropolitan US there are lots of places in Canada not 
yet serviced by DSL because they are too far from a POP and/or the 
infrastructure is not up to snuff.

Tom

Re: Mastercard problems

[TR Shaw]

So then why is there a cyber command and a cyber group part of homeland 
security charged with protection of critical infrastructure if critical 
infrastructure is the responsibility of USSS?  Looks like we have too many 
keystone cops (the AF advertises an operational Cyber Command with nothing 
really there) who might fall over one another not to mention get in the way of 
the owners of the infrastructure who probably know it better than the feds. 


On Dec 11, 2010, at 8:16 PM, Jeffrey Lyon wrote:

 The USSS has jurisdiction over all DDoS (threats to critical infrastructure).
 
 Jeff
 
 On Wed, Dec 8, 2010 at 3:30 PM, andrew.wallace
 andrew.wall...@rocketmail.com wrote:
 I would say the attack falls under the jurisdiction of the US secret service 
 since this is an attack on the financial system.
 
 Today the agency's primary investigative mission is to safeguard the 
 payment and financial systems of the United States. --- secretservice.gov
 
 
 Andrew
 
 
 - Original Message -
 From:Christopher Morrow morrowc.li...@gmail.com
 To:Jack Bates jba...@brightok.net
 Cc:nanog@nanog.org nanog@nanog.org
 Sent:Wednesday, 8 December 2010, 18:47:49
 Subject:Re: Mastercard problems
 
 
 I know that the folks involved on the MC side already have this data,
 and that the fbi is interested in it.
 
 -chris
 
 
 
 
 
 
 
 
 -- 
 Jeffrey Lyon, Leadership Team
 jeffrey.l...@blacklotus.net | http://www.blacklotus.net
 Black Lotus Communications - AS32421
 First and Leading in DDoS Protection Solutions