weebly.com contact

[rwebb]

​Anyone from weebly.com on here that can contact me off list about a possibly 
phishing site being hosted with you?
Thanks,Robert Webb

Re: Comcast business IPv6 vs rbldnsd & PSBL

[rwebb]

To clarify, you cannot rent AND have static IP's.

You can rent your own modem ofr business service when using dynamic IP's.

Robert Webb

On Tue, 29 Nov 2016 15:07:52 -0500
 Jared Mauch  wrote:
Can't do that with the business service. Oh well, to have choices. 


Jared Mauch

On Nov 29, 2016, at 2:40 PM, Randy Bush  wrote:

i am running my own (why rent at silly costs) dpc3008 and wfm.

randy

Re: USDA IT Contacts?

[rwebb]

The very last POC was updated in 2015, but also out of Fort Collins.

On Fri, 11 Nov 2016 12:59:16 -0600
 Josh Reynolds  wrote:

Just looking at that info... hasn't been updated since 2005 and is
listed as being at Ft Collins.

So I'll be complaining to some people on Monday :)

On Fri, Nov 11, 2016 at 8:23 AM, Herriage, James L.  wrote:

POCs here:
uda.gov = 162.79.29.12
https://whois.arin.net/rest/net/NET-162-79-0-0-1/pft?s=162.79.29.12


Thanks,
Lee

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Charles Gagnon
Sent: Thursday, November 10, 2016 4:20 PM
To: nanog@nanog.org
Subject: USDA IT Contacts?

*EXTERNAL EMAIL: EVALUATE*

Would anyone have information about IT contacts within the US Government?
Some of our IP ranges seem to be blocked from access to some government web servers 
(discovered on http://www.usda.gov - we get a odd "access denied"
page there - traces point to the same IP at akamaitechnologies.com).

I have NO idea who to discuss this with. I could not even find a "Contact Us" 
to use on their website.

Regards,

--
Charles Gagnon
http://unixrealm.com

Re: Comcast DNS Contact

[rwebb]

Thanks to everyone who helped me offlist.

This was resolved quickly.

Robert


On Mon, 16 May 2016 12:35:16 -0400
 rw...@ropeguru.com wrote:

Can one of the Comcast DNS guru's contact me reference an issue with a .gov 
resolution?

Robert

Re: Comcast DNS Contact

[rwebb]

Yes, it was...


On Mon, 16 May 2016 23:16:34 -0400
 Christopher Morrow  wrote:

On Mon, May 16, 2016 at 12:35 PM,  wrote:


Can one of the Comcast DNS guru's contact me reference an issue with a

.gov resolution?


Robert


out of curiosity, is the .gov problem related to dnssec perhaps?

Comcast DNS Contact

[rwebb]

Can one of the Comcast DNS guru's contact me reference an issue with a .gov 
resolution?


Robert

Re: comcast business service

[rwebb]

Biggest unknown at this point is your upstream SNR. If there is noise 
ingress somewhere in the plant, then your upstream could be having all 
kinds of issues.



Robert

On Fri, 21 Feb 2014 05:23:07 -0500
 shawn wilson ag4ve...@gmail.com wrote:

Works:

Downstream Channel
Downstream Frequency52500 Hz56100 Hz56700 Hz57300 
Hz57900 Hz

Lock StatusLockedLockedLockedLockedLocked
Modulation256 QAM256 QAM256 QAM256 QAM256 QAM
Symbol Rate5.360537 Msym/sec5.360537 Msym/sec5.360537 
Msym/sec5.360537

Msym/sec5.360537 Msym/sec
Downstream Power 2.2 dBmV 3.8 dBmV 3.0 dBmV 2.9 dBmV 2.9 dBmV
SNR41.2 dBmV40.8 dBmV40.5 dBmV40.9 dBmV41.0 dBmV
Upstream Channel
Upstream Frequency3600 Hz2940 Hz2280 Hz0 Hz
Lock StatusLockedLockedLockedNot Locked
ModulationATDMAATDMAATDMAUnknown
Symbol Rate5120 sym/sec5120 sym/sec5120 sym/sec0 sym/sec
Upstream Power46.2 dBmV46.2 dBmV46.2 dBmV0 dBmV

--- 8.8.8.8 ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 9013ms
rtt min/avg/max/mdev = 23.066/27.049/35.627/4.825 ms

Not working:

Downstream Channel
Downstream Frequency52500 Hz56100 Hz56700 Hz57300 
Hz57900 Hz

Lock StatusLockedLockedLockedLockedLocked
Modulation256 QAM256 QAM256 QAM256 QAM256 QAM
Symbol Rate5.360537 Msym/sec5.360537 Msym/sec5.360537 
Msym/sec5.360537

Msym/sec5.360537 Msym/sec
Downstream Power 2.2 dBmV 3.8 dBmV 2.9 dBmV 2.8 dBmV 2.9 dBmV
SNR41.4 dBmV40.8 dBmV40.4 dBmV41.0 dBmV41.3 dBmV
Upstream Channel
Upstream Frequency3600 Hz2940 Hz2280 Hz0 Hz
Lock StatusLockedLockedLockedNot Locked
ModulationATDMAATDMAATDMAUnknown
Symbol Rate5120 sym/sec5120 sym/sec5120 sym/sec0 sym/sec
Upstream Power46.5 dBmV46.5 dBmV46.5 dBmV0 dBmV

--- 8.8.8.8 ping statistics ---
233 packets transmitted, 232 received, 0% packet loss, time 232884ms
rtt min/avg/max/mdev = 23.431/1918.702/8758.161/2017.033 ms, pipe 9

I'm not seeing any big difference in SNR (and only slight 
differences

in upstream power) and everything else seems to be the same. Though,
since db is logarithmic, .3 might be enough to matter?

On Thu, Feb 20, 2014 at 4:14 PM, Dan Shoop sh...@iwiring.net 
wrote:


On Feb 20, 2014, at 4:08 AM, shawn wilson ag4ve...@gmail.com 
wrote:



A while ago I got Comcast's business service. Semi-idle connections
are get dropped (I haven't really diagnosed this - I just no that it
isn't the client or server but some network in between). However the
second and most obvious issue is that intermittently, the service 
will

grind to a halt:
--- 8.8.8.8 ping statistics ---
37 packets transmitted, 34 received, 8% packet loss, time 36263ms
rtt min/avg/max/mdev = 398.821/5989.160/14407.055/3808.068 ms, pipe 
15


After a modem reboot, it goes normal:
--- 8.8.8.8 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 23.181/23.920/24.298/0.474 ms

This seems to happen about once or twice a day. I can't attribute it
to any type of traffic or number of connections. All of the rest of
the network equipment is the same and the behavior persists when a
computer is plugged directly into the modem. I called Comcast and 
they
said they didn't see anything even when I was experiencing 
ridiculous
ping times. I tend to think it's an issue with the 'modem' but I'm 
not
sure what the issue might be or how to reproduce it when asked to if 
I

tell them to look at it.


I’ve seen this happen before with various cable ISPs. I’d concur 
with the poster suggesting intermittent noise on the cable segment as 
a likely culprit. Also if you have a cable modem that binds multiple 
channels for higher bandwidth this can also be problematic, 
especially with the noise. Signals will look good to the NOC but it’s 
not the signal “level that’s the issue it’s the signal to noise 
level. Noise has to be measured locally and techs don’t always check 
SNL.


Also check to see if the packets aren’t actually being dropped but 
just taking longer than ping is looking for. Also check for out of 
sequence packets returned. These can indicate flapping of a bonded 
circuit or the bonded circuit experiencing noise. Try seeing if you 
disconnect everything and get a straight run to the demarc, with a 
know and tested out good cable, if the problem doesn’t ever occur. 
This could indicate noise on the cable in your premise. But I’ve 
experienced this same problem with noise coming through the demarc. 
I’ve also seen levels too hot beyond the demarc causing similar 
problems too.


HTH.


-d

-

Dan Shoop
sh...@iwiring.net
1-646-402-5293 (GoogleVoice)

RE: looking for a tool...

[rwebb]

I suggest wireshark also. Not realtime for throughput, but will open pcap files 
and you can then get the throughput metrics.


Sent from my Verizon Wireless 4G LTE smartphone

 Original message 
From: Jonathan Hall jh...@futuresouth.us 
Date:02/04/2014  8:49 AM  (GMT-05:00) 
To: Mike mike-na...@tiedyenetworks.com,nanog@nanog.org 
Subject: Re: looking for a tool... 

Re: turning on comcast v6

[rwebb]

On Mon, 9 Dec 2013 11:19:18 -0500
 Christopher Morrow morrowc.li...@gmail.com wrote:

On Mon, Dec 9, 2013 at 11:08 AM, Randy Bush ra...@psg.com wrote:

do you see PD from your modem? or RA's?


still trying to educate the opwnwrt (attitude adjustment on netgear
3800).

root@wrt-biwa:~# opkg update
Downloading 
http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages//Packages.gz.
Inflating 
http://downloads.openwrt.org/attitude_adjustment/12.09/ar71xx/generic/packages//Packages.gz.
Updated list of available packages in 
/var/opkg-lists/attitude_adjustment.

root@wrt-biwa:~# opkg install luci-proto-ipv6
Unknown package 'luci-proto-ipv6'.
Collected errors:
 * opkg_install_cmd: Cannot install package luci-proto-ipv6.
root@wrt-biwa:~# opkg install ipv6-support
Unknown package 'ipv6-support'.
Collected errors:
 * opkg_install_cmd: Cannot install package ipv6-support.

sigh


yea, so my 'saga' started with:
 1) dlink 615 doesn't like dhcp-pd ... and is flat broken for v6
a) gets v6 addr on WAN from arris-RA
b) gets PD alloction from arris, does RA's to LAN
c) sets default-gw for v6 on the LAN side to something 
unreachable

d) manually resetting default-gw ... gets me zippy... can't ping
either side of the dlink, nor the arris :(
 e) dlink's v6 code (for that platform) is just boarked, badly.

 2) oh! dd-wrt does this platform too, and v6
   a) install dd-wrrt
   b) fiddle-fart around with v6 configs
   c) oh.. dhcp-pd is one of the things dd-wrt didn't implement :(
   d) oh, their 'v6 support' is really only 'v6 tunnel support'
   e) boned.

basically ... this is much harder to do than it shoudl be :( and 
yes,
I can probably do something like plug in my raspberry-pi and make 
that
a 'router' but come on... in 2013 I have to home-brew something to 
get

a protocol developed and engineered in 2000 to work? :(

(this raised itself above my level of 'fixed in a weekend' project, 
so
my comcast v6 lays fallow... NOTE: this is NOT comcast's fault, in 
my

eyes.)

-chris



I feel your pain. I am on the Comcast Business trial and have tried 
pfsense and now trying monowall. I followed all the different 
instructions I could find for pfsense 2.1 and while I could pull the 
WAN IP, I never could get a LAN ip nor could I get an ip on any of my 
computers.


I am now in the process of trying m0n0wall and have gotten IP's on the 
WAN, LAN, and on my workstation. Can ping from my workstation to my 
m0n0wall LAN and WAN IP's but nothing will route out to the net.


It should really be easier than this.

Robert

Re: turning on comcast v6

[rwebb]

Oh, I agree. If I plug the Netgear box directly into my network, 
everything works great. I

really believe it is a pFsene/m0n0wall issue.

Robert

On Mon, 9 Dec 2013 11:44:14 -0500
 Jared Mauch ja...@puck.nether.net wrote:
I have no issues with the comcast business netgear box and normal 
ra+dhcpv6. Not trying anything fancy as when I do, I spend too much 
time doing tech support for my family. Flat lan makes it work. 


Jared Mauch


On Dec 9, 2013, at 11:32 AM, rw...@ropeguru.com wrote:

I feel your pain. I am on the Comcast Business trial and have tried 
pfsense and now trying monowall. I followed all the different 
instructions I could find for pfsense 2.1 and while I could pull the 
WAN IP, I never could get a LAN ip nor could I get an ip on any of my 
computers.

Re: Email Server and DNS

[rwebb]

Thanks to everyone for all the tips and info. I think I have compiled 
plenty of info to get this done. I will probably start with some of 
the basics and see how things go. THen as needed start putting in some 
additional features as I see how things progress.


Robert


On Fri, 8 Nov 2013 07:37:40 -0500
 Rich Kulawiec r...@gsp.org wrote:

I suggest moving this to mailop, where it arguably belongs.  But I'm
going to follow up on a few points, anyway.

First, I forgot to mention two other highly effective mail system
defense methods: geoblocking and passive OS fingerprinting.

Geoblocking: A mail server for a local construction business in 
Arizona
is unlikely to require mail from Poland, Peru or Pakistan.  So 
there's

no reason to go with a default-permit model: use default-deny and
only allow mail from places where legitimate mail might originate.
(In this case, perhaps: the US, Mexico, and Canada.)  Use the ranges
from ipdeny.com.  This will stop an astonishing amount of spam (and
other SMTP-borne abuse) cold.  And it can be done at the MTA or in
the firewall: which is better depends on circumstances.

Obviously this doesn't work for everyone.  Obviously this (like
everything else) runs the risk of false positives -- but it's easy
to mitigate that.  Obviously it does require understanding the
patterns in your mail traffic, but any competent mail system admin
has long since performed detailed statistical analysis and has a
pretty good idea what the characteristics of their incoming mail
stream look like.

Passive OS fingerprinting: regard anything originating from an OS
that fingerprints as Windows as dubious, at best.  Possible actions
vary: graylisting (more precisely, graylisting regardless of 
previous
traffic) is one good option.  Utilizing this in concert with 
geoblocking
(above) works beautifully, e.g., I'm in Arizona and something in 
Portugal

that fingerprints as Windows is trying to send me SMTP traffic: the
probability approaches unity that this is spam.  When combined with
rDNS information, this becomes a highly efficient mechanism with a 
FP

rate that's ridiculously low.  (In other words, if that same system
has rDNS that looks like 123-45-67-8.example.com then it either 
really

is a bot or it's a mail system run by someone with no clue.)

A few short points and one long one in response:

On Sun, Nov 03, 2013 at 12:00:23PM -0600, Jimmy Hess wrote:
The RFC contains a MUST NOT  in regards to verifying the  HELO name 
matches.
So, the HELO can use any hostname ---  as long as the hostname 
forward
resolves to something;  it should resolve to the IP address of one 
of your
mail servers.Some mail servers provide service for many domains, 
and

have many DNS names that could be placed in a HELO.


All true.  But none of this argues against using the canonical 
hostname

in the HELO.  It's the simplest, easiest option (and quite often the
one that software will pick by default).

 SPF is worthless crap: don't bother.  Use a real MTA, e.g., 
postfix



I do not believe that is the consensus of the community -- or the 
working

groups behind the SPF-related RFCs.


I'm well aware it's not the consensus.  It's my opinion.

Clue #1 that SPF is crap should have been its grandiose 
self-promoting
announcement (Spam as a technical problem is solved by SPF).  Clue 
#2

should have been the observation that -- by far -- the most prolific
early adopters were spammers.  When your enemy latches on to your
new weapon much faster than you do, that should be a tipoff that 
maybe it's
not what you hope it is.  Clue #3 is available to anyone who deploys 
a
sufficiently large and diverse set of spamtraps for several years 
and
analyzes the data that arrives: SPF presence/absence or contents 
have

no statistically useful anti-spam value in a properly-designed mail
defense architecture.  

Don't believe me?  Okay.  Fine.  Set up a few thousand spamtraps, 
gather

data for 3-5 years, see for yourself.

So yes, it's standardized; so what?  So is (sort of) DNS forgery, 
see
http://tools.ietf.org/html/draft-livingood-dns-redirect-03 for 
example.

That's also crap, it just happens to be well-documented crap.

So: if you feel you must use something, use DKIM, which I think 
shows

vastly more promise.  Just don't expect it to be a panacea, because
the current miserable state of security at *all* levels undercuts it
badly.  Not DKIM's fault, really, but it does impact its usefulness
in the real world.

Message quarantines are great;  they are helpful  for mitigating the 
false

positives of overly-agressive filters.


This one I'll spend more time on.  Quarantines are a worst practice 
in mail systems engineering.  Here are some assorted reasons why, 
briefly:


- One of the fundamental principles of mail system defense is that 
you

should make your mistakes early, consistently, and loudly.  (And you
WILL make mistakes.   Everyone does.)  The point of doing this is 
that

it enables all concerned, including you, 

Email Server and DNS

[rwebb]

So I figured a little break from the NSA was in order.

I am looking for some info on current practice for an email server and 
SMTP delivery. It has been a while since I have had to setup an email 
server and I have been tasked with setting up a small one for a 
friend. My question centers around the server sending outgoing email 
and the current practices requirements for other servers to accept 
email Things like rDNS, SPF records, etc...


I am pretty much set on the issue of incoming spam and virus. Probably 
overkill but it is checked at the Sophos UTM firewall and at the email 
server itself.


Thanks,

Robert