Re: [swinog] BGP Battleships
--- onit...@gmail.com wrote: From: Gregor Riepl Some good ol' fun with BGP: https://blog.benjojo.co.uk/post/bgp-battleships Please (don't?) try this at home! - How about at work? ;-) Mind if I share this with other tech mailing lists? scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] OSS/BSS
--- m.hert...@mhs.ch wrote: From: Matthias Hertzog Not really network related, but provisioning-related, which is somehow network related as well... :-) What kind of OSS/BSS systems are you using in your companies? Self-developed? Purchased? --- What size of network are you talking about? Is it an ISP network? Some tools are fine for smaller and nearly non-changing networks, but are terrible for scaling to larger and quickly changing networks. scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] RIPE database and more specific routes
: But I am concerned some people may build filters using : only exact matches, so it seems safer to have route : objects for more specifics. :: I´d suggest to create each route object for each :: announced prefix...IMHO you are very right - there are :: for sure networks out there, which will filter your :: prefixes, when you do not have a matching route object :: entry ... That seems painful when fast action is required. Say you have a /16 and someone is hijacking a /23 withing it. Before mitigating damage by announcing the two /24s you'd have to update the registry and wait for the upstream to accept it? Do you just preregister all the /24, /23, /22, etc prefix combinations in advance? scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] background migration of swisscom connection from IPv4 native to v6 + DS-Lite
--- g...@space.net wrote: From: Gert Doering To: Scott Weeks On Sun, Oct 29, 2017 at 02:53:41PM -0700, Scott Weeks wrote: > I was not around for those discussions (and not being a computer > science person, nor wanting to go on this for too long as has been > endlessly done on other lists), but it seems TLV would have allowed > 4 to be a subset of the new space. I never heard that discussed > much and that's what I meant by my comment. The point is: if you introduce a change to the packet format (and TLV would be), you are no longer compatible with IPv4. Which makes the whole "I want this to be compatible so I do not have to change infra or end points" totally moot. Worse, then you have "old IPv4" and "new IPv4" machines who might or might not be able to talk to each other, depending on which IPv4 address the "new IPv4" got (a long one or a short one) - while with IPv6, you have unmodified old IPv4 to ensure compatibility during the transition, and then you turn it off (in 10 years or so). --- I guess all ways IETF participants thought of a new address space would not have allowed backwards compatibility with IPv4? Thanks for the explanation. I appreciate it. Hopefully, others here find it interesting, too. scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] background migration of swisscom connection from IPv4 native to v6 + DS-Lite
--- g...@space.net wrote: From: Gert Doering On Sun, Oct 29, 2017 at 12:57:54PM -0700, Scott Weeks wrote: > Yeah, it's quite unfortunate that IPv4 ran out so suddenly, > barely 15 years after people were told to move towards IPv6. > --- > > > Especially after IETF made it backwards compatible and made > it so easy to switch from 4 to 6... ;-) There's no way to make "something with longer addresses" compatible without IPv4 without changing everything (routers, endpoints) - so, that argument is usually one brought forward as one of a long list of standard excuses to avoid deploying IPv6, while at the same time blaming everyone else for the problems with IPv4. --- Note the smiley face above. This one, too... :) I was not around for those discussions (and not being a computer science person, nor wanting to go on this for too long as has been endlessly done on other lists), but it seems TLV would have allowed 4 to be a subset of the new space. I never heard that discussed much and that's what I meant by my comment. scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] background migration of swisscom connection from IPv4 native to v6 + DS-Lite
--- g...@space.net wrote: From: Gert Doering Yeah, it's quite unfortunate that IPv4 ran out so suddenly, barely 15 years after people were told to move towards IPv6. --- Especially after IETF made it backwards compatible and made it so easy to switch from 4 to 6... ;-) scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Brocade MLXe: Random Linecard Reboot - anyone else?
--- rai...@ultra-secure.de wrote: From: Rainer Duffner > Am 18.09.2016 um 08:11 schrieb Fredy Kuenzler : > Friday night we observed several Brocade MLXe linecards rebooting > (several locations, i.e. Amsterdam, Frankfurt, Geneva), which > caused network instability due to flapping iBGP etc. : Coincidence? : : https://twitter.com/schneierblog/status/775783898366160896 --- "Take Down the Internet" "it feels like a large nation state...China or Russia" "I am unable to give details" "It feels like a nation's military cybercommand" etc. Seems like FUD to get viewers. 'The sky's going to fall and I can't tell you why or when, but I know it is. Trust me.' Where's the technical details so we can make an informed decision, rather than "it feels like..." scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] The Internet 40 years on
--- jer...@massar.ch wrote: From: Jeroen Massar http://m.sfgate.com/business/article/40-years-on-the-Internet-transmits-every-aspect-9187484.php For the people who like 'our history' ;) --- Hmmm, not so sure about sfgate.com's historical data. The internet first said "lo" like in 'lo and belold, I exist', but in reality it was the first three letters of "log". the whole system crashed when they typed the "g". That was 1969: http://www.lk.cs.ucla.edu/personal_history.html As far as packet radio (I'm from Hawaii, so I really like this one) Professor Norman Abramson developed ALOHAnet (packet radio) in 1970 at the University of Hawaii, which became the core idea for Robert Metcalfe's CSMA and, thus, Ethernet: https://en.wikipedia.org/wiki/Packet_radio#Aloha_and_PRNET One of my favorites is the letter from R.Z. Bachrach: http://b2b.cbsimg.net/blogs/19740305-xerox-ethernet-memo1.jpg Which he clarifies as not what everyone thinks it said: https://www.reddit.com/r/reddit.com/comments/1xz13/in_1974_xerox_parc_engineers_invented_ethernet/ All of which was before 1974. scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IPv6 Buddy Keypad
On 3/30/12 7:35 PM, Scott Weeks wrote: > --- opperm...@networx.ch wrote: > From: Andre Oppermann > > This special USB IPv6 number keypad doesn't seem to be a joke: >http://www.ipv6buddy.com > > Even includes dedicated ":" and "::" buttons. > > Somebody should buy a 10-pack and sell them at next Swinog meeting. ;-) > --- > > > It's weird, but it's not a joke. The guys over at AusNOG were checking it > out a while back: > > http://lists.ausnog.net/pipermail/ausnog/2012-January/011962.html -- -- mailing-por...@porcus.ch wrote: -- From: Will van Gulik Hmm, we even got something older : http://www.faqs.org/patents/app/20080267683 -- I wonder if it's the same guy? I couldn't find out who owns the company in web search engines. scott - - ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IPv6 Buddy Keypad
--- opperm...@networx.ch wrote: From: Andre Oppermann This special USB IPv6 number keypad doesn't seem to be a joke: http://www.ipv6buddy.com Even includes dedicated ":" and "::" buttons. Somebody should buy a 10-pack and sell them at next Swinog meeting. ;-) --- It's weird, but it's not a joke. The guys over at AusNOG were checking it out a while back: http://lists.ausnog.net/pipermail/ausnog/2012-January/011962.html scott -- -- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] RE : >4MB over copper pairs
Message d'origine De: swinog-boun...@lists.swinog.ch de la part de Reza Kordi I got a 2 pair copper and I am looking for a product to offer Ethernet connectivity at speed of 4mbps or higher. Distance is about 1km and the copper is in the same local loop. Not sure about differences in countries, but here we use Adtran's TA-5000 with the 838 at the CPE: http://www.adtran.com/web/page/portal/Adtran/group/441 scott --- --- -- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Fwd: AW: "Hackerparagraph"
On Tue, 17 Mar 2009 12:18:28 +0100, Andreas Fink wrote: > Now what does that mean? It is basically what the germans have done > under the "Hackerparagraph". It disallows software which could > potentially be used for hacking to be distributed. The result of > this was for example that in germany the WiFi tools to verify your > WiFi security dissapeared. Why? because someone COULD use it for > hacking. Hmmm, that's funny. I could use TCP, UDP or ICMP for hacking. I guess we better shut down the internet... >;-) scott === ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IRC Server dead ?
--- [EMAIL PROTECTED] wrote: at least it prooved the ML is still alive, and not so slow as some mentioned ;-) we got 3 days nanog feeling, who cares ? if someone like an idling list.. we maybe could create [EMAIL PROTECTED], and to make shure there is no accidentaly traffic setting this list to moderated this would be even helpfull for all the autoresponder fan's - I enjoyed reading it all. It put a smile on my face several times. One day, I want to do a beer event with you guys, but since it's 12,277 kilometers (7628 miles) there: http://www.timeanddate.com/worldclock/distanceresult.html?p1=103&p2=268 It'll probably be a very long time until that happens... ;-) scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] IRC Server dead ?
I can't resist. "...if it collects any marketing stats, so what, everyone is doing that..." Only from the unknowledgeable that don't control Javascript (NoScript), flash (etc.), cookies or 'stuff'. Therefore, you have skewed stats. "...There's nothing bad about companies knowing better what I might buy from them..." Yes, there is. scott --- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Content delivery system like Akamai?
There're a lot of players in that space. I used to work for a company called Digital Island that bought Sandpiper to get their Footprint CDN. This was then sold to C&W who then sold it to blah, blah and it finally ended up at Savvis. There were several lawsuits with Akamai (a Hawaiian word for smart, clever or intelligent BTW) in the US about who invented what first. Akamai came out on top from what I heard after leaving the company. http://www.savvis.net/corp/Products+Services/Content+Delivery+Network/default You should be sure to do the market research before doing anything more than a fun and interesting project. scott --- [EMAIL PROTECTED] wrote: From: Marco Fretz <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [swinog] Content delivery system like Akamai? Date: Tue, 02 Sep 2008 10:38:08 +0200 Hi everyone, I think most of you now Akamai and how they deliver 20% of total internet content traffic... This looks like a good explanation: http://research.microsoft.com/~ratul/akamai.html Has anyone tried to build a system similar to Akamai? I should be possible to build it, in a smaller way of course. Some modified named (bind) servers, Squid, etc. >From my point of view, Akamai does the right thing: Why try to have lots of peerings, good transit connnections, etc. when you can serve the content directly out of the most popular ISP networks. They don't need their own network infrastructure for content delivery services (hosting). Is here anyone interested in this topic? Anyone has time and interest to build, "research" and test a "small Akamai" hosting system? My idea is in general: - 2-3 providers (one of you?) - each ISP "donates" 2-3 servers for the project (physical or virtual) - find a modified bind and squid or rebuild it to do this Akamai-like "DNS and url magic" - write a lot of shell scripts for monitoring, etc. - test the bunch of magic with our company sites :P ... but maybe I'm just crazy and you might simply ignore this post :-) thanks, have a nice day best regards Marco ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Colocation and Internet Access in Europe and Middle East
--- [EMAIL PROTECTED] wrote: --- From: Marc Eggenberger <[EMAIL PROTECTED]> A friend of mine is looking for colocation and internet services in Zürich, London and Manama Bahrain. Do you know any providers especially Bahrain? Are there any that have the possibilities to provide managed MPLS connectivity in those areas? - For Bahrain you might ask over on MENOG. scott --- ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
RE: [swinog] Windows-Pizza
Lynx says it all: ** Bad HTML!! <...snipped stuff here...> :-) scott --- [EMAIL PROTECTED] wrote: From: "Christian Kuster (chkuster)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: RE: [swinog] Windows-Pizza Date: Mon, 26 Nov 2007 23:17:02 +0100 Depends if you are one or not... ;-) Just kidding... -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Stanislav Sinyagin Sent: Montag, 26. November 2007 22:32 To: [EMAIL PROTECTED] Subject: Re: [swinog] Windows-Pizza they called me a loser. should I sue them? - Original Message > From: Andre Timmermann <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Sent: Monday, November 26, 2007 6:43:25 PM > Subject: [swinog] Windows-Pizza > > Hi, > > anyone want a pizza? > > http://www.pizza-joker.com/ > > You just can order a pizza if you use windows internet exploiter. > If > you > dare to use another browser, you will get insulted: ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Watch your Looking Glass
--- [EMAIL PROTECTED] wrote: here's the cisco advisory: http://www.cisco.com/warp/public/707/cisco-sr-20070912-regexp.shtml -- Sounds like the same thing as the late 1990s. "sho ip bgp regexp " caused a reboot. scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
[swinog] Please Help Stop => remember swinog 14 - project DNS Blockade
Help! I've received ~10 of these so far! scott --- [EMAIL PROTECTED] wrote: From: Nik Hug <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: [swinog] remember swinog 14 - project DNS Blockade Date: Wed, 11 Jul 2007 01:17:28 +0200 Good Morning For me it was always just a question of time until they try to use (or abuse) "the list" to block "other" unwanted "content" (please note the double quote) http://thepiratebay.org/blog I don't care about a torrent tracker - but I care now even more about free speech and the risks such "tools" bring with them. Especially if they are operating without proper legal an democratic legitimation - compiled by some policemen sharing information only with services from other "free" nations ... let's bet how long it will take untill we have a similiar case here in Switzerland? Madame la juge where are you? Nik ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: AW: AW: [swinog] Route of the day
: /me also wonders when "ISP's" start to drop those : silly ICMP filters which are really far from helpful : when trying to debug issues. Use tcptraceroute instead. scott --- [EMAIL PROTECTED] wrote: From: <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Subject: AW: AW: [swinog] Route of the day Date: Fri, 6 Jul 2007 17:04:35 +0200 Jeroen I still don't see the problem. Where and when can you have such a round-trip for free? Go at the "Zuerifaescht" and you will have to pay quite a lot for a much shorter ride. ;-)) PS: As Stanislav wrote, it's still below 30 hops. Happy weekend, Günti -Ursprüngliche Nachricht- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Im Auftrag von Jeroen Massar Gesendet: Freitag, 6. Juli 2007 16:58 An: [EMAIL PROTECTED] Betreff: Re: AW: [swinog] Route of the day [EMAIL PROTECTED] wrote: > Where's the problem? > Your traffic reaches with Hop 3 already Zurich... Maybe the part where it takes another 600ms+ to actually reach the final destination in Switzerland again? :) > 22 i79zhb-005-pos4-0.bb.ip-plus.net (138.187.159.5) 654.770 ms * > i00nye-005-pos5-2.bb.ip-plus.net (138.187.159.9) 657.152 ms > 23 * * * > 24 tge3-3.bwrt1inb.bluewin.ch (195.186.0.113) 661.318 ms * * > 25 * * * > 26 * * * Instead of the 8ms to reach that same host from the other trace. /me also wonders when "ISP's" start to drop those silly ICMP filters which are really far from helpful when trying to debug issues. Greets, Jeroen ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Re: blocking ports?
: but still voting to block mail from dialup and adsl ranges On DHCP DSL ranges. I see some businesses that have a legitimate email server on statically assigned DSL ranges... scott --- [EMAIL PROTECTED] wrote: From: "Schmid" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]>, <[EMAIL PROTECTED]> Subject: Re: [swinog] Re: blocking ports? Date: Fri, 13 Apr 2007 10:32:28 +0200 isn't the most spam comming via compromized Computers ? adsl Dynamic or dialup user you should never trust them if the say the dont spam. they have to send mail the way smtp is thought for, that means send email to the smtp relay next to you. prevent him to send email via any other relay. if this would be consequent done by all ISP most of the spam would dissapear, and we could concentrate to prevent abusing other system for doing their harmfull work. Funny thing is one ISP is switching off his SMTP relay telling the client to use other smtp relay in the wild and call that a first action according to the "stop spam" campaign. another one is blocking port25 und force the user to use the ISP?s SMTP Relay and even explain this is done due to the "stop spam" campaign how to believe anything ? confused but still voting to block mail from dialup and adsl ranges ;-) -- Original Message -- From: "Scott Weeks" <[EMAIL PROTECTED]> Reply-To: [EMAIL PROTECTED], [EMAIL PROTECTED] Date: Thu, 12 Apr 2007 11:19:56 -0700 > > >Hello, > >: So if a customer proofs that he is able from a technical >: Point of view to operate an mail server in a secure manner >: and assures not to abuse email for spam then it's not >: acceptable that an ISP block anything to him. > >This is what I was saying to the guys here at my work. We just need a small >proof that the customer isn't a spammer and we open it up. However, most of >our customers are less-technical savy home folks. Did you have to prove to >your ISP that you weren't spamming? If so, how did they have you do that? > >Thanks, >scott > > >--- [EMAIL PROTECTED] wrote: > >From: Peter Bickel <[EMAIL PROTECTED]> >To: [EMAIL PROTECTED], [EMAIL PROTECTED] >Subject: Re: [swinog] Re: blocking ports? >Date: Thu, 12 Apr 2007 12:03:28 +0200 > >Scott Weeks schrieb: >> >> >> : You'd be amazed how many companies operate their own >> : mail servers, even behind dynamic addresses >> >> I'm speaking with guys in my company on an issue and part of the discussion >> has to do with me saying no one runs a mail server from behind a dynamic IP >> addresses. Other than just your experiences, does anyone have pointers to >> data on folks that do this? >> >> scott > >Hi Scott > >we do exactly this for IDV & Network Consulting. We operate our own >Mailserver >(Solaris with sendmail and iamp) in our internal Network which is >connected to >Cablecom (DHCP ;-)) In addition we have some Maschines in a hosting >environment >which have of corse fixed IP addresses which we use to relay to the outside. >All hosts use Solaris and sendmail and are protected with IPFilter with very >restrictive Rules. Incomming email is going through the external hosts and >an IPIP Tunnel directly to the internal mail server. > >We really don't want to be dependend on an ISPs email SETUP. DNS is the >same which helped me in the past a lot where several customers weren't able >to use the net everything worked for us. So if a customer proofs that he >is able from a technical Point of view to operate an mail server in a >secure manner and assures not to abuse email for spam then it's not >acceptable >that an ISP block anything to him. >> >> >> >> >> --- [EMAIL PROTECTED] wrote: >> >> From: Markus Wild <[EMAIL PROTECTED]> >> To: [EMAIL PROTECTED] >> Subject: Re: [swinog] Re: blocking ports? >> Date: Wed, 11 Apr 2007 19:26:39 +0200 >> >> Jonathan, >> >>> Sorry but I disagree with Per. ISPs have a duty to prevent email >>> Spam which is a terrible curse for us all. If they decide that >>> blocking port 25 outbound will help then they should do it. >>> >>> If you are a user, why can't you use the ISPs relay server? If you >>> are a provider you ought to have your own mail server on a fixed IP >>> address. >> >> You'd be amazed how many companies operate their own mail servers, even >> behind dynamic addresses (in which case they usually use some mailbox >> polling mechanism to feed their server from mail from the outside), bu
Re: [swinog] Re: blocking ports?
: if(windows) then block else allow? :) This would be my preference. >;-) I doubt my pointy-clickey co-workers would like that. I'm seen as weird here since I despise Micro$loth and love *nix. scott --- [EMAIL PROTECTED] wrote: From: Daniel Lorch <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [swinog] Re: blocking ports? Date: Thu, 12 Apr 2007 22:04:31 +0200 Hi > This is what I was saying to the guys here at my work. We just need a > small proof that the customer isn't a spammer and we open it up. > However, most of our customers are less-technical savy home folks. Did > you have to prove to your ISP that you weren't spamming? If so, how did > they have you do that? There is a "passive OS fingerprinting" module for iptables (see http://ippersonality.sourceforge.net/). How about treating connections differently depending on the OS they're coming from? if(windows) then block else allow? :) Or is the OS fingerprint lost through NAT? I don't know. Daniel ___ swinog mailing list [EMAIL PROTECTED] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list [EMAIL PROTECTED] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Re: blocking ports?
Hello, : So if a customer proofs that he is able from a technical : Point of view to operate an mail server in a secure manner : and assures not to abuse email for spam then it's not : acceptable that an ISP block anything to him. This is what I was saying to the guys here at my work. We just need a small proof that the customer isn't a spammer and we open it up. However, most of our customers are less-technical savy home folks. Did you have to prove to your ISP that you weren't spamming? If so, how did they have you do that? Thanks, scott --- [EMAIL PROTECTED] wrote: From: Peter Bickel <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: [swinog] Re: blocking ports? Date: Thu, 12 Apr 2007 12:03:28 +0200 Scott Weeks schrieb: > > > : You'd be amazed how many companies operate their own > : mail servers, even behind dynamic addresses > > I'm speaking with guys in my company on an issue and part of the discussion > has to do with me saying no one runs a mail server from behind a dynamic IP > addresses. Other than just your experiences, does anyone have pointers to > data on folks that do this? > > scott Hi Scott we do exactly this for IDV & Network Consulting. We operate our own Mailserver (Solaris with sendmail and iamp) in our internal Network which is connected to Cablecom (DHCP ;-)) In addition we have some Maschines in a hosting environment which have of corse fixed IP addresses which we use to relay to the outside. All hosts use Solaris and sendmail and are protected with IPFilter with very restrictive Rules. Incomming email is going through the external hosts and an IPIP Tunnel directly to the internal mail server. We really don't want to be dependend on an ISPs email SETUP. DNS is the same which helped me in the past a lot where several customers weren't able to use the net everything worked for us. So if a customer proofs that he is able from a technical Point of view to operate an mail server in a secure manner and assures not to abuse email for spam then it's not acceptable that an ISP block anything to him. > > > > > --- [EMAIL PROTECTED] wrote: > > From: Markus Wild <[EMAIL PROTECTED]> > To: [EMAIL PROTECTED] > Subject: Re: [swinog] Re: blocking ports? > Date: Wed, 11 Apr 2007 19:26:39 +0200 > > Jonathan, > >> Sorry but I disagree with Per. ISPs have a duty to prevent email >> Spam which is a terrible curse for us all. If they decide that >> blocking port 25 outbound will help then they should do it. >> >> If you are a user, why can't you use the ISPs relay server? If you >> are a provider you ought to have your own mail server on a fixed IP >> address. > > You'd be amazed how many companies operate their own mail servers, even > behind dynamic addresses (in which case they usually use some mailbox > polling mechanism to feed their server from mail from the outside), but > send outgoing mail directly with SMTP. > >> Of course, one day we need a better protocol than SMTP (*Simple* Mail >> Transfer Protocol) which was never meant as a global email solution. >> But until then we have to do something to stop people abusing it. > > But by killing the payload, not the messenger, please... > > Cheers, > Markus > ___ > swinog mailing list > [EMAIL PROTECTED] > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog > > > ___ > swinog mailing list > [EMAIL PROTECTED] > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog -- Gruss Pitsch __ Peter Bickele-mail: [EMAIL PROTECTED] IDV & Network ConsultingTelefon: +41 1 853 24 16 Gumpenwiesenstrasse 38 Fax: +41 1 853 27 04 CH-8157 Dielsdorf Mobile: +41 79 666 15 50 __ ___ swinog mailing list [EMAIL PROTECTED] http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] Re: blocking ports?
: You'd be amazed how many companies operate their own : mail servers, even behind dynamic addresses I'm speaking with guys in my company on an issue and part of the discussion has to do with me saying no one runs a mail server from behind a dynamic IP addresses. Other than just your experiences, does anyone have pointers to data on folks that do this? scott --- [EMAIL PROTECTED] wrote: From: Markus Wild <[EMAIL PROTECTED]> To: swinog@swinog.ch Subject: Re: [swinog] Re: blocking ports? Date: Wed, 11 Apr 2007 19:26:39 +0200 Jonathan, > Sorry but I disagree with Per. ISPs have a duty to prevent email > Spam which is a terrible curse for us all. If they decide that > blocking port 25 outbound will help then they should do it. > > If you are a user, why can't you use the ISPs relay server? If you > are a provider you ought to have your own mail server on a fixed IP > address. You'd be amazed how many companies operate their own mail servers, even behind dynamic addresses (in which case they usually use some mailbox polling mechanism to feed their server from mail from the outside), but send outgoing mail directly with SMTP. > Of course, one day we need a better protocol than SMTP (*Simple* Mail > Transfer Protocol) which was never meant as a global email solution. > But until then we have to do something to stop people abusing it. But by killing the payload, not the messenger, please... Cheers, Markus ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] does Econophone block port25
-From: Jeroen Massar <[EMAIL PROTECTED]>- : To avoid problems there, make a simple policy: if found : spreading a virus/spamming and having disabled the blockage: : no Internet for a week. Or a similar measure that can of : course be lifted after paying a fine. Wouldn't that make customers go to another comany for service? scott --- [EMAIL PROTECTED] wrote: From: Jeroen Massar <[EMAIL PROTECTED]> To: swinog@swinog.ch Subject: Re: [swinog] does Econophone block port25 Date: Wed, 04 Apr 2007 08:42:20 +0100 Candid Aeby wrote: > Hi > > first this is no local decision. We never liked it. I know it is unpopular > and i would prefer a better solution. Since Monday Port 25 is blocked for > Dial-Up and ADSL connections. Is that outbound from $customer -> $internet, or is that also for inbound $internet -> $customer? Having a block on port 25/tcp, 137-139/udp and some other magic virusports is acceptable on end-user IP's. BUT as long as the user of that line has the option to easily turn this off. Eg using a webinterface where they can login using their user/pass and then enable it again, that is disable the block. If that is not possible, then when a user moans about not getting "Internet connectivity" they are quite right. Users who are not the typical techy, can always use 587 as you indicated and should, in general, keep the block on. To avoid problems there, make a simple policy: if found spreading a virus/spamming and having disabled the blockage: no Internet for a week. Or a similar measure that can of course be lifted after paying a fine. Greets, Jeroen ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] JOB: Senior Network Engineer, Schlieren/ZH
--- [EMAIL PROTECTED] wrote: From: Stanislav Sinyagin <[EMAIL PROTECTED]> --- Scott Weeks <[EMAIL PROTECTED]> wrote: > Do you guys have a hard time finding folks at this level there? The market of average-level network engineers is quite large, as in 1999-2000 many CCIEs and other engineers were brought to Swizterland (including myself :-) If you're looking for someone special, this can be hard. -- Thanks for the info, I am curious what other parts of the world are like with respect to the internet and who works on it. scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] JOB: Senior Network Engineer, Schlieren/ZH
--- [EMAIL PROTECTED] wrote:-- From: Pascal Gloor <[EMAIL PROTECTED]> - Senior Network Engineer. ahem... that's a long list... I'm just wondering what the community thinks, how much should one earn in such a position with all those skills and requirements? Or, if you're the man for this position, how much do would you expect as salary? I'm just wondering about our 2006/2007 'job market status' ;-) It's not that large of a list. I have experiences in everything but the below. I am at the CCIE level eventhough I don't have the cert. I work on Juniper and Alcatel routers. However, I can speak a little Hawaiian, would that help? Just kidding. :-) I must live near the ocean as I am addicted to surfing big waves... - DOCSIS network technologies - VoIP and IP Telephony - Cisco certifications of Professional or Expert level are welcome. - Fluent German and English languages are the required. - Ability to communicate in French is very much welcome. - A valid driver license is also essential. After converting the salary range (from another email) from Swiss Francs to American Dollars, I see you're able to pay what's average here. However, I don't know how to relate the spending power of that level of salary to what it can do here, so it might be more or less value to the person. Do you guys have a hard time finding folks at this level there? scott ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
Re: [swinog] cost of class-C IP block
The term "class C" is historical. It is a /24 now days. The first octet of a "class C" IP address has to start with 110, but a /24 does not have this restriction... :-) scott - Original Message Follows - From: "Umberto Annino" <[EMAIL PROTECTED]> To: swinog@swinog.ch Subject: [swinog] cost of class-C IP block Date: Fri, 9 Dec 2005 09:19:58 +0100 (MET) > Cheers > > I need to know the approximate cost (and maybe also the > exact procedure) to get hold of a class-C IP address > block. according to RIPE, they "sell" the IP-addresses to > members only, which seem to be ISP's (don't know if an > individual can sign up as member). and according to some > search I made on google, RIPE itself doesn't charge for > the blocks, but the provider may charge the cost > (administration etc.) to the customer. > > basically, I need the IP range for a client, and they're > already attached to Swisscom for other purposes (IPSS). of > course you'll believe me that I was connected to approx. > 10 different people all over switzerland, only to hear > "the corresponding account manager will get back to you to > quote a price". that was 2 days ago, and now the line is > busy (ironically, I thought that phone companies can > manage not to have a line busy on a service center, but to > be able to tell you exact waiting time, re-route your call > to a free callcenter agent etc., but that's another > story). > > so can anyone tell me how much 255 public IP addresses > would approximately cost? > > thanks > > regards > Umbi > > -- > > http://www.bigbrotherawards.ch - privacy > ___ > swinog mailing list > swinog@lists.swinog.ch > http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog ___ swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog
