weebly.com contact
Anyone from weebly.com on here that can contact me off list about a possibly phishing site being hosted with you? Thanks,Robert Webb
Re: Comcast business IPv6 vs rbldnsd & PSBL
To clarify, you cannot rent AND have static IP's. You can rent your own modem ofr business service when using dynamic IP's. Robert Webb On Tue, 29 Nov 2016 15:07:52 -0500 Jared Mauchwrote: Can't do that with the business service. Oh well, to have choices. Jared Mauch On Nov 29, 2016, at 2:40 PM, Randy Bush wrote: i am running my own (why rent at silly costs) dpc3008 and wfm. randy
Re: USDA IT Contacts?
The very last POC was updated in 2015, but also out of Fort Collins. On Fri, 11 Nov 2016 12:59:16 -0600 Josh Reynoldswrote: Just looking at that info... hasn't been updated since 2005 and is listed as being at Ft Collins. So I'll be complaining to some people on Monday :) On Fri, Nov 11, 2016 at 8:23 AM, Herriage, James L. wrote: POCs here: uda.gov = 162.79.29.12 https://whois.arin.net/rest/net/NET-162-79-0-0-1/pft?s=162.79.29.12 Thanks, Lee -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Charles Gagnon Sent: Thursday, November 10, 2016 4:20 PM To: nanog@nanog.org Subject: USDA IT Contacts? *EXTERNAL EMAIL: EVALUATE* Would anyone have information about IT contacts within the US Government? Some of our IP ranges seem to be blocked from access to some government web servers (discovered on http://www.usda.gov - we get a odd "access denied" page there - traces point to the same IP at akamaitechnologies.com). I have NO idea who to discuss this with. I could not even find a "Contact Us" to use on their website. Regards, -- Charles Gagnon http://unixrealm.com
Re: Comcast DNS Contact
Thanks to everyone who helped me offlist. This was resolved quickly. Robert On Mon, 16 May 2016 12:35:16 -0400 rw...@ropeguru.com wrote: Can one of the Comcast DNS guru's contact me reference an issue with a .gov resolution? Robert
Re: Comcast DNS Contact
Yes, it was... On Mon, 16 May 2016 23:16:34 -0400 Christopher Morrowwrote: On Mon, May 16, 2016 at 12:35 PM, wrote: Can one of the Comcast DNS guru's contact me reference an issue with a .gov resolution? Robert out of curiosity, is the .gov problem related to dnssec perhaps?
Comcast DNS Contact
Can one of the Comcast DNS guru's contact me reference an issue with a .gov resolution? Robert
Re: comcast business service
Biggest unknown at this point is your upstream SNR. If there is noise ingress somewhere in the plant, then your upstream could be having all kinds of issues. Robert On Fri, 21 Feb 2014 05:23:07 -0500 shawn wilson ag4ve...@gmail.com wrote: Works: Downstream Channel Downstream Frequency52500 Hz56100 Hz56700 Hz57300 Hz57900 Hz Lock StatusLockedLockedLockedLockedLocked Modulation256 QAM256 QAM256 QAM256 QAM256 QAM Symbol Rate5.360537 Msym/sec5.360537 Msym/sec5.360537 Msym/sec5.360537 Msym/sec5.360537 Msym/sec Downstream Power 2.2 dBmV 3.8 dBmV 3.0 dBmV 2.9 dBmV 2.9 dBmV SNR41.2 dBmV40.8 dBmV40.5 dBmV40.9 dBmV41.0 dBmV Upstream Channel Upstream Frequency3600 Hz2940 Hz2280 Hz0 Hz Lock StatusLockedLockedLockedNot Locked ModulationATDMAATDMAATDMAUnknown Symbol Rate5120 sym/sec5120 sym/sec5120 sym/sec0 sym/sec Upstream Power46.2 dBmV46.2 dBmV46.2 dBmV0 dBmV --- 8.8.8.8 ping statistics --- 10 packets transmitted, 10 received, 0% packet loss, time 9013ms rtt min/avg/max/mdev = 23.066/27.049/35.627/4.825 ms Not working: Downstream Channel Downstream Frequency52500 Hz56100 Hz56700 Hz57300 Hz57900 Hz Lock StatusLockedLockedLockedLockedLocked Modulation256 QAM256 QAM256 QAM256 QAM256 QAM Symbol Rate5.360537 Msym/sec5.360537 Msym/sec5.360537 Msym/sec5.360537 Msym/sec5.360537 Msym/sec Downstream Power 2.2 dBmV 3.8 dBmV 2.9 dBmV 2.8 dBmV 2.9 dBmV SNR41.4 dBmV40.8 dBmV40.4 dBmV41.0 dBmV41.3 dBmV Upstream Channel Upstream Frequency3600 Hz2940 Hz2280 Hz0 Hz Lock StatusLockedLockedLockedNot Locked ModulationATDMAATDMAATDMAUnknown Symbol Rate5120 sym/sec5120 sym/sec5120 sym/sec0 sym/sec Upstream Power46.5 dBmV46.5 dBmV46.5 dBmV0 dBmV --- 8.8.8.8 ping statistics --- 233 packets transmitted, 232 received, 0% packet loss, time 232884ms rtt min/avg/max/mdev = 23.431/1918.702/8758.161/2017.033 ms, pipe 9 I'm not seeing any big difference in SNR (and only slight differences in upstream power) and everything else seems to be the same. Though, since db is logarithmic, .3 might be enough to matter? On Thu, Feb 20, 2014 at 4:14 PM, Dan Shoop sh...@iwiring.net wrote: On Feb 20, 2014, at 4:08 AM, shawn wilson ag4ve...@gmail.com wrote: A while ago I got Comcast's business service. Semi-idle connections are get dropped (I haven't really diagnosed this - I just no that it isn't the client or server but some network in between). However the second and most obvious issue is that intermittently, the service will grind to a halt: --- 8.8.8.8 ping statistics --- 37 packets transmitted, 34 received, 8% packet loss, time 36263ms rtt min/avg/max/mdev = 398.821/5989.160/14407.055/3808.068 ms, pipe 15 After a modem reboot, it goes normal: --- 8.8.8.8 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3003ms rtt min/avg/max/mdev = 23.181/23.920/24.298/0.474 ms This seems to happen about once or twice a day. I can't attribute it to any type of traffic or number of connections. All of the rest of the network equipment is the same and the behavior persists when a computer is plugged directly into the modem. I called Comcast and they said they didn't see anything even when I was experiencing ridiculous ping times. I tend to think it's an issue with the 'modem' but I'm not sure what the issue might be or how to reproduce it when asked to if I tell them to look at it. I’ve seen this happen before with various cable ISPs. I’d concur with the poster suggesting intermittent noise on the cable segment as a likely culprit. Also if you have a cable modem that binds multiple channels for higher bandwidth this can also be problematic, especially with the noise. Signals will look good to the NOC but it’s not the signal “level that’s the issue it’s the signal to noise level. Noise has to be measured locally and techs don’t always check SNL. Also check to see if the packets aren’t actually being dropped but just taking longer than ping is looking for. Also check for out of sequence packets returned. These can indicate flapping of a bonded circuit or the bonded circuit experiencing noise. Try seeing if you disconnect everything and get a straight run to the demarc, with a know and tested out good cable, if the problem doesn’t ever occur. This could indicate noise on the cable in your premise. But I’ve experienced this same problem with noise coming through the demarc. I’ve also seen levels too hot beyond the demarc causing similar problems too. HTH. -d - Dan Shoop sh...@iwiring.net 1-646-402-5293 (GoogleVoice)
RE: looking for a tool...
I suggest wireshark also. Not realtime for throughput, but will open pcap files and you can then get the throughput metrics. Sent from my Verizon Wireless 4G LTE smartphone Original message From: Jonathan Hall jh...@futuresouth.us Date:02/04/2014 8:49 AM (GMT-05:00) To: Mike mike-na...@tiedyenetworks.com,nanog@nanog.org Subject: Re: looking for a tool...
Re: turning on comcast v6
On Mon, 9 Dec 2013 11:19:18 -0500 Christopher Morrow morrowc.li...@gmail.com wrote: On Mon, Dec 9, 2013 at 11:08 AM, Randy Bush ra...@psg.com wrote: do you see PD from your modem? or RA's? still trying to educate the opwnwrt (attitude adjustment on netgear 3800). root@wrt-biwa:~# opkg update Downloading http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages//Packages.gz. Inflating http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages//Packages.gz. Updated list of available packages in /var/opkg-lists/attitude_adjustment. root@wrt-biwa:~# opkg install luci-proto-ipv6 Unknown package 'luci-proto-ipv6'. Collected errors: * opkg_install_cmd: Cannot install package luci-proto-ipv6. root@wrt-biwa:~# opkg install ipv6-support Unknown package 'ipv6-support'. Collected errors: * opkg_install_cmd: Cannot install package ipv6-support. sigh yea, so my 'saga' started with: 1) dlink 615 doesn't like dhcp-pd ... and is flat broken for v6 a) gets v6 addr on WAN from arris-RA b) gets PD alloction from arris, does RA's to LAN c) sets default-gw for v6 on the LAN side to something unreachable d) manually resetting default-gw ... gets me zippy... can't ping either side of the dlink, nor the arris :( e) dlink's v6 code (for that platform) is just boarked, badly. 2) oh! dd-wrt does this platform too, and v6 a) install dd-wrrt b) fiddle-fart around with v6 configs c) oh.. dhcp-pd is one of the things dd-wrt didn't implement :( d) oh, their 'v6 support' is really only 'v6 tunnel support' e) boned. basically ... this is much harder to do than it shoudl be :( and yes, I can probably do something like plug in my raspberry-pi and make that a 'router' but come on... in 2013 I have to home-brew something to get a protocol developed and engineered in 2000 to work? :( (this raised itself above my level of 'fixed in a weekend' project, so my comcast v6 lays fallow... NOTE: this is NOT comcast's fault, in my eyes.) -chris I feel your pain. I am on the Comcast Business trial and have tried pfsense and now trying monowall. I followed all the different instructions I could find for pfsense 2.1 and while I could pull the WAN IP, I never could get a LAN ip nor could I get an ip on any of my computers. I am now in the process of trying m0n0wall and have gotten IP's on the WAN, LAN, and on my workstation. Can ping from my workstation to my m0n0wall LAN and WAN IP's but nothing will route out to the net. It should really be easier than this. Robert
Re: turning on comcast v6
Oh, I agree. If I plug the Netgear box directly into my network, everything works great. I really believe it is a pFsene/m0n0wall issue. Robert On Mon, 9 Dec 2013 11:44:14 -0500 Jared Mauch ja...@puck.nether.net wrote: I have no issues with the comcast business netgear box and normal ra+dhcpv6. Not trying anything fancy as when I do, I spend too much time doing tech support for my family. Flat lan makes it work. Jared Mauch On Dec 9, 2013, at 11:32 AM, rw...@ropeguru.com wrote: I feel your pain. I am on the Comcast Business trial and have tried pfsense and now trying monowall. I followed all the different instructions I could find for pfsense 2.1 and while I could pull the WAN IP, I never could get a LAN ip nor could I get an ip on any of my computers.
Re: Email Server and DNS
Thanks to everyone for all the tips and info. I think I have compiled plenty of info to get this done. I will probably start with some of the basics and see how things go. THen as needed start putting in some additional features as I see how things progress. Robert On Fri, 8 Nov 2013 07:37:40 -0500 Rich Kulawiec r...@gsp.org wrote: I suggest moving this to mailop, where it arguably belongs. But I'm going to follow up on a few points, anyway. First, I forgot to mention two other highly effective mail system defense methods: geoblocking and passive OS fingerprinting. Geoblocking: A mail server for a local construction business in Arizona is unlikely to require mail from Poland, Peru or Pakistan. So there's no reason to go with a default-permit model: use default-deny and only allow mail from places where legitimate mail might originate. (In this case, perhaps: the US, Mexico, and Canada.) Use the ranges from ipdeny.com. This will stop an astonishing amount of spam (and other SMTP-borne abuse) cold. And it can be done at the MTA or in the firewall: which is better depends on circumstances. Obviously this doesn't work for everyone. Obviously this (like everything else) runs the risk of false positives -- but it's easy to mitigate that. Obviously it does require understanding the patterns in your mail traffic, but any competent mail system admin has long since performed detailed statistical analysis and has a pretty good idea what the characteristics of their incoming mail stream look like. Passive OS fingerprinting: regard anything originating from an OS that fingerprints as Windows as dubious, at best. Possible actions vary: graylisting (more precisely, graylisting regardless of previous traffic) is one good option. Utilizing this in concert with geoblocking (above) works beautifully, e.g., I'm in Arizona and something in Portugal that fingerprints as Windows is trying to send me SMTP traffic: the probability approaches unity that this is spam. When combined with rDNS information, this becomes a highly efficient mechanism with a FP rate that's ridiculously low. (In other words, if that same system has rDNS that looks like 123-45-67-8.example.com then it either really is a bot or it's a mail system run by someone with no clue.) A few short points and one long one in response: On Sun, Nov 03, 2013 at 12:00:23PM -0600, Jimmy Hess wrote: The RFC contains a MUST NOT in regards to verifying the HELO name matches. So, the HELO can use any hostname --- as long as the hostname forward resolves to something; it should resolve to the IP address of one of your mail servers.Some mail servers provide service for many domains, and have many DNS names that could be placed in a HELO. All true. But none of this argues against using the canonical hostname in the HELO. It's the simplest, easiest option (and quite often the one that software will pick by default). SPF is worthless crap: don't bother. Use a real MTA, e.g., postfix I do not believe that is the consensus of the community -- or the working groups behind the SPF-related RFCs. I'm well aware it's not the consensus. It's my opinion. Clue #1 that SPF is crap should have been its grandiose self-promoting announcement (Spam as a technical problem is solved by SPF). Clue #2 should have been the observation that -- by far -- the most prolific early adopters were spammers. When your enemy latches on to your new weapon much faster than you do, that should be a tipoff that maybe it's not what you hope it is. Clue #3 is available to anyone who deploys a sufficiently large and diverse set of spamtraps for several years and analyzes the data that arrives: SPF presence/absence or contents have no statistically useful anti-spam value in a properly-designed mail defense architecture. Don't believe me? Okay. Fine. Set up a few thousand spamtraps, gather data for 3-5 years, see for yourself. So yes, it's standardized; so what? So is (sort of) DNS forgery, see http://tools.ietf.org/html/draft-livingood-dns-redirect-03 for example. That's also crap, it just happens to be well-documented crap. So: if you feel you must use something, use DKIM, which I think shows vastly more promise. Just don't expect it to be a panacea, because the current miserable state of security at *all* levels undercuts it badly. Not DKIM's fault, really, but it does impact its usefulness in the real world. Message quarantines are great; they are helpful for mitigating the false positives of overly-agressive filters. This one I'll spend more time on. Quarantines are a worst practice in mail systems engineering. Here are some assorted reasons why, briefly: - One of the fundamental principles of mail system defense is that you should make your mistakes early, consistently, and loudly. (And you WILL make mistakes. Everyone does.) The point of doing this is that it enables all concerned, including you,
Email Server and DNS
So I figured a little break from the NSA was in order. I am looking for some info on current practice for an email server and SMTP delivery. It has been a while since I have had to setup an email server and I have been tasked with setting up a small one for a friend. My question centers around the server sending outgoing email and the current practices requirements for other servers to accept email Things like rDNS, SPF records, etc... I am pretty much set on the issue of incoming spam and virus. Probably overkill but it is checked at the Sophos UTM firewall and at the email server itself. Thanks, Robert