is any active working group persuing this matter seriously?
-rgds
Alok
- Original Message -
From: alok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Saturday, November 02, 2002 4:26 AM
Subject: Re: ICANN Targets DDoS Attacks
The first, dropping broadcasts destined
yes. this is a topic of active discussion within
the RSSAC.
is any active working group persuing this matter seriously?
-rgds
Alok
- Original Message -
From: alok [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Saturday, November 02, 2002
- a very small percentage cud be blocked if u were willing to link
this to BGP learnt networks..at least those are complete networks, not
subnetted
ofcourse its a very small portion, mebbe u cud ask guys to send more
specific BGP routes from now
I am assuming you mean 'mark /32's
Andre'
From your protocol decode:
Your unrestricted 64k Bchannel call connected on B1. It would appear
that your network connection was ok. I would check the configuration on
each end of the link
since your interface went to the up state. and after it went to up it
had an invalid call
On Mon, 04 Nov 2002 12:32:06 EST, Joe Baptista said:
If the roots are once again under attack - how will the root server
operators be contacted by a frustrated isp who can't resolve.
The chances of a frustrated isp being unable to resolve things during a DDoS
attack and the root operators not
I know that this list would not quite cover my topic, but please excuse
me...
We are a small ISP company based in South Africa and I am looking at
alternative ISP's in several other countries around the world to provide
our clients with International hosting solutions for their customer base
I didn't say that MD5 would solve the configuration problems, but
that the fact that just mis-configuration errors can cause lots of
damage should clue people into the fact that the protocol has
vulnerabilities to deliberate attack.
Every protocol is vulnerable if the principals are
If the roots are once again under attack - how will the root server
operators be contacted by a frustrated isp who can't resolve.
as valdis points out, 12 operators getting e-mail from 12,000 frustrated isp's
is probably not the best way to do this kind of notification. as to who the
root
Yes, but... A protocol in which principal A's misconfiguration can
seriously harm principle B is more broken than one in which it
cannot. That's why the protocol for crossing a busy street includes
In addition to the light status, look for actual moving vehicles.
That way, you don't get run
-BEGIN PGP SIGNED MESSAGE-
Hash: MD5
Hello Gawie,
Monday, November 4, 2002, 1:08:25 PM, you wrote:
GMH Could someone suggest alternative ISP's where we could host our client's
GMH existing web sites (as a mirror) ?
Your best bet is to pose this question to the ISP-Webhosting list:
Can someone from point-click consulting andor globalcrossing contact me
off list please.
Thanks
Scott
Hi,
{ this is one snappy mailing list :o) }..
I meant, where can I find the people bouncing ideas on this topic
-rgds
Alok
- Original Message -
From: [EMAIL PROTECTED]
To: David Conrad [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]; alok [EMAIL PROTECTED];
[EMAIL PROTECTED]; [EMAIL
On Mon, 4 Nov 2002, Eric Anderson wrote:
Time for a new metaphor, methinks.
There's one. Defensive networking :)
--vadim
- a very small percentage cud be blocked if u were willing to link
this to BGP learnt networks..at least those are complete networks, not
subnetted
ofcourse its a very small portion, mebbe u cud ask guys to send more
specific BGP routes from now
I am assuming you mean 'mark
On Wed, Oct 30, 2002 at 03:44:12PM +, [EMAIL PROTECTED] wrote:
Therefore, would it be a reasonable suggestion to ask router vendors to
source address filtering in as an option[1] on the interface and then move
it to being the default setting[2] after a period of time?
Cannot be
On Wed, 30 Oct 2002 [EMAIL PROTECTED] wrote:
RPF checking can only go so far. You would need RPF checking down to the
host level and I haven't heard anyone discuss that yet.
Is this a reason not to do what we can now?
-Hank
Let's start with getting it going in the right direction, at
On Sun, 2002-11-03 at 23:28, blitz wrote:
Seeing a ton of them mostly from South America rite now.
Yes, we are seeing a lot of udp/137 scanning activity also.
--
Mike Jackson [EMAIL PROTECTED]
TSCNet
I have been seeing quite alot from CN over the last several days.
On 4 Nov 2002, Mike Jackson wrote:
On Sun, 2002-11-03 at 23:28, blitz wrote:
Seeing a ton of them mostly from South America rite now.
Yes, we are seeing a lot of udp/137 scanning activity also.
On Wed, 30 Oct 2002, Charles D Hammonds wrote:
analogy games are fun, but it boils down to this... If I know the real
source of an attack, I can stop it within minutes. I'm sure that my
customers appreciate that fact. Noone will ever completely stop attacks, the
point is to minimize
On Mon, 4 Nov 2002 [EMAIL PROTECTED] wrote:
What about the other large isps? What would it take for you to do
something? Chris is gracious enough to show up and participate, at
least even if it does mean he has to wear nomex.
I'm in favor of source address filtering at the edges.
I'm opposed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
*PLEASE NOTE*
This is an important Informational Message to the internet community:
November 5, 2002, the IP address for J.root-servers.net will
change in the authoritative NS set for dot. The change will
be reflected in zone serial #
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
*PLEASE NOTE*
This is an important Informational Message to the internet community:
November 5, 2002, the IP address for J.root-servers.net will
change in the authoritative NS set for dot. The change will
be reflected in zone serial #
Please note that
ftp.internic.net:/doamin/named.root
Should read
ftp.internic.net:/domain/named.root
Both will work though.
Sorry about that.. Not enough coffee today.
JC
-Original Message-
From: [EMAIL PROTECTED] [mailto:owner-nanog;merit.edu] On
Behalf Of John Crain
Sent:
At 06:18 PM 11/4/2002, Sean Donelan wrote:
On Mon, 4 Nov 2002 [EMAIL PROTECTED] wrote:
What about the other large isps? What would it take for you to do
something? Chris is gracious enough to show up and participate, at
least even if it does mean he has to wear nomex.
I'm in favor of source
On Mon, 4 Nov 2002, John Crain wrote:
This WILL require a change to your root hints file. The new
[...]
Both the new and old j.root-servers.net IP space will provide
answers in parallel for the foreseeable future.
Since its been 5 years since the hints/cache boot file has changed,
it may be
On Mon, 4 Nov 2002 [EMAIL PROTECTED] wrote:
What about the other large isps? What would it take for you to do
something? Chris is gracious enough to show up and participate, at
least even if it does mean he has to wear nomex.
I'm in favor of source address filtering at the edges.
Here
Hi,
Is there a site on the Internet that actually has a up-to-date list of
all IP subnet allocations that will show me who actually owns the IP
range ?
Gawie J Marais
Technical Member
inX - Internet eXchange SA
Tel: +27 11 956 6935
Fax: +27 11 956 6851
Mail: [EMAIL PROTECTED]
Web:
Hi,
This is a long shot, but I'm hoping someone can help me out here...
I was wondering if it would be possible to purchase an entire Class C
address range for use in Germany. I have a Infrastructure company based
in south africa that is looking to connect some 80 sites throughout
Germany onto
depends which RIR its assigned to... radb is a good place to get all entries tho
www.iana.org
www.ripe.net
www.arin.net
www.apnic.net
www.radb.net
On Tue, 5 Nov 2002, Gawie Marais (Home) wrote:
Hi,
Is there a site on the Internet that actually has a up-to-date list of
all IP subnet
Speak to whatever ISP you intend to connect them into in Germany and they can
assign you IPs to your requirement providing you can justify it.
Steve
On Tue, 5 Nov 2002, Gawie Marais (Home) wrote:
Hi,
This is a long shot, but I'm hoping someone can help me out here...
I was wondering
Gawie,
what do you mean by ... onto the Internet? If you just want to enable each site with
Internet go for http://www.ripe.net/ripencc/mem-services/general/indices/DE.html and
pick one (or more) of the ISPs offering services in Germany. Otherwise pls explain in
more detail.
Regards, Arnold
On Mon, 4 Nov 2002 [EMAIL PROTECTED] wrote:
The only equipment I'm heard here which has serious issues related to
feature availability is the 12000 (which was never a particularly good
aggregation device to begin with). RPF works fine on 7200, 7500, and
6500, from my experience. I've not used
I was wondering if it would be possible to purchase an entire Class C
address range for use in Germany
http://ripe.net
randy
I believe that updating your hints file is a good idea, but
your internet isn't going to die if you don't do it right away.
BIND and other decent reslovers will always load the current copy
of the Root Zone from any reachable root server. That data will
take precidence over the data in the
I'm opposed to some of the suggestions where to put source address
filters, especially placing them in non-edge locations. E.g. requiring
address filters at US border crossings is a *bad* idea, worthy of an
official visit from the bad idea fairy.
What is bad about filtering facing
Is there a standardized depository of information where lists of which AS´s
are present
in which exchange(s)? RADB does not really cut it since it only lists the
participants
of the interconnect, not really identifying the facility. Obviously I´m aware
that most
IXn list their participants on a
At 12:59 AM 11/5/2002, Sean Donelan wrote:
Since its been 5 years since the hints/cache boot file has changed,
it may be useful to remind people an immediate change to your
local configuration files is not required. You don't need to
slashdot internic.net tomorrow morning trying to download the
$author = alok ;
makes sense on the edge/aggregation but if you do it further up in
the network.there maybe some cases where we have assymetric routing,
where the path of uplink is never the path the same as the downlink
hence the suggestion of reachable-via any rather then route to
Hi
see inline :o),
- Original Message -
From: Martin [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Tuesday, November 05, 2002 12:59 PM
Subject: Re: Where is the edge of the Internet?
$author = alok ;
makes sense on the edge/aggregation but if you do it further up in
the
39 matches
Mail list logo