> When an ISP buys a router does it want a worst-case guarantee about the
> router's capabilities? Or will it buy a router which can give better
> performance in the average case (it may drop some packets if the traffic
> pattern changes suddenly)? Assuming both cost the same.
Worst case guaran
Fellow networkers,
Team Cymru is happy to announce the availability of a public whois
server dedicated to mapping IP numbers to ASNs, located at
whois.cymru.com. You can find the link to this tool at:
http://www.cymru.com/BGP/whois.html
This link has been added to our main BGP data page ava
At 07:08 AM 9/25/2003, Rich Braun wrote:
But generating the
blocklist requires real-time reporting back to a central server. Even if the
server is decentralized, it will still require a relatively small handful of
accessable IP addresses.
I seem to recall a distributed server network, something c
something not very far from the discussion on this thread was proposed
last year by some researchers at columbia. for those of you who like
reading academic papers:
http://www1.cs.columbia.edu/~danr/publish/2002/Kero2002:SOS-camera.pdf
-- ratul
Aaron Dewell wrote:
On Thu, 25 Sep 2003, Eric
On Thu, 25 Sep 2003, Ron da Silva wrote:
>
> On Thu, Sep 25, 2003 at 06:11:23PM -0400, Brian Bruns wrote:
> >
> > This might be helpful to people setting up ACLs and the like:
> >
> > http://webmaster.info.aol.com/proxyinfo.html
>
> I think the point that Mike was making is that RFC1918
> spa
Folks,
bkc> lets try this again... why should a valid DNS protocol element
bkc> be made illegal in some parts of the tree and not others?
bkc> if its bad one place, why is it ok other places?
There very much _is_ an operational issue here, but it needs to be
characterize
Actually a /12. But the value of 172.16.0.0 0.15.255.255 has been
burned into my head for some reason...
---snip---
Page 4
3 Private Address Space
The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:
10.0
On Thu, Sep 25, 2003 at 06:11:23PM -0400, Brian Bruns wrote:
>
> This might be helpful to people setting up ACLs and the like:
>
> http://webmaster.info.aol.com/proxyinfo.html
I think the point that Mike was making is that RFC1918
space is 172.16.0.0/20 not a /8.
-ron
Hi,
I have this question to which I have not been able to get a conclusive
answer (I have heard different things).
When an ISP buys a router does it want a worst-case guarantee about the
router's capabilities? Or will it buy a router which can give better
performance in the average case (it m
This might be helpful to people setting up ACLs and the like:
http://webmaster.info.aol.com/proxyinfo.html
--
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.2mbit.com
ICQ: 8077511
- Original Mes
> Thus spake Leo Bicknell ([EMAIL PROTECTED]) [25/09/03 17:19]:
> I post this because 2 of the 7 offered in their message that they
> were unwilling to support my proposal on the list because they felt
> it might get them thrown off the list. That is an interesting
> chilling effect I had not exp
> --Fba/0zbH8Xs+Fj9o
> Content-Type: multipart/mixed; boundary="wac7ysb48OaltWcw"
> Content-Disposition: inline
>
>
> --wac7ysb48OaltWcw
> Content-Type: text/plain; charset=us-ascii
> Content-Disposition: inline
> Content-Transfer-Encoding: quoted-printable
>
>
> Two recent e-mails made me tak
Thus spake Leo Bicknell ([EMAIL PROTECTED]) [25/09/03 17:19]:
> Well, I've received 9 private responses to the e-mail. 7 indicate
> support for my proposal, 2 were neutral comments.
>
> I post this because 2 of the 7 offered in their message that they
> were unwilling to support my proposal on t
Is it all to 135 ? I drop lots of that at my border. Each time I traced
it back to the customer, it was some infected machine that was not being
natted for various reasons.
e.g.
Deny TCP 172.16.4.1:4616 192.100.103.4:135
We also see the odd ntp request. Is it bogon as in RFC 1918 or bogon
Jay Kline wrote:
The trick then will be to have as many different participants as possible,
and to have each participant share who it thinks the other participants are
(or explicitly are not). Then if you take out one node, the others are not
prevented from functioning.
Again, the problem is i
While cleaning the narchi virus icmp traffic.. I noticed a lot of tcp
traffic (it seems to be increasing) from spoofed address to bogon space?
Any ideas on what virus or worm this is? Is it new?
Regards,
Mark
--
Mark Segal
Director, Network Planning
FCI Broadband
Tel: 905-284-4070
Fax: 416-9
Well, I've received 9 private responses to the e-mail. 7 indicate
support for my proposal, 2 were neutral comments.
I post this because 2 of the 7 offered in their message that they
were unwilling to support my proposal on the list because they felt
it might get them thrown off the list. That i
Aaron Dewell wrote:
On Thu, 25 Sep 2003, Eric A. Hall wrote:
> > I know you all have probably already thought of this, but
> > can anyone think of a feasible way to run a RBL list that does not have
> > a single point of failure? Or any attackable entry?
>
> Easy. Have the master serve
A Clue Bat was gently swung by a friendly and clueful (semi-anonymous)
AOL NetOps guys who contacted me from my post on Nanog. Thanks Nanog,
and this sounds strange from me, but Thank's AOL. :)
And yes, it should have been obvious on my part.. a router
was configured with a 172.0.0.0/8 netmask
On Thu, 25 Sep 2003, Jay Kline wrote:
> How about publishing a list of servers, but use the PGP web of trust model to
> allow updating of each other? That way there is no centralized source. If a
> group of admins dont like the updates coming from a server, dont trust it any
> longer. If you mak
On Thu, 25 Sep 2003, Eric A. Hall wrote:
> on 9/25/2003 2:44 PM Aaron Dewell wrote:
> > So why couldn't you follow this plan without the VPN and anycast?
> Multiple anycast channels would make distributed attacks ineffective,
> since each source would be attacking its closest target.
script kiddi
On Thu, 25 Sep 2003 13:44:59 -0600 (MDT)
Aaron Dewell <[EMAIL PROTECTED]> wrote:
>On Thu, 25 Sep 2003, Eric A. Hall wrote:
> > > I know you all have probably already thought of this, but
> > > can anyone think of a feasible way to run a RBL list that does not have
> > > a single point
on 9/25/2003 2:44 PM Aaron Dewell wrote:
> So why couldn't you follow this plan without the VPN and anycast?
Multiple anycast channels would make distributed attacks ineffective,
since each source would be attacking its closest target.
VPNs can give you ~password protection for the master.
--
On Thu, 25 Sep 2003, Eric A. Hall wrote:
> > I know you all have probably already thought of this, but
> > can anyone think of a feasible way to run a RBL list that does not have
> > a single point of failure? Or any attackable entry?
>
> Easy. Have the master server only be reac
On Wed, Sep 24, 2003 at 10:30:16PM -0400, Drew Weaver wrote:
Hi,
> I know you all have probably already thought of this, but can
> anyone think of a feasible way to run a RBL list that does not have a single
> point of failure? Or any attackable entry?
>
> Disregard this if im total
on 9/24/2003 9:30 PM Drew Weaver wrote:
> I know you all have probably already thought of this, but
> can anyone think of a feasible way to run a RBL list that does not have
> a single point of failure? Or any attackable entry?
Easy. Have the master server only be reachable by repli
On 9/25/2003 at 3:04 PM, "Susan Harris" <[EMAIL PROTECTED]> wrote to me:
> This is the third time I've contacted you concerning violations of the
> NANOG list AUP. Your message below focuses on spam/blacklists, issues
> that are not considered operational and are therefore off-topic for the
> li
On 9/25/2003 at 2:19 PM, "Deepak Jain" <[EMAIL PROTECTED]> wrote:
>> But it's ok when AboveNet does it?...or actually does much worse by
>> secretly and arbitrarily blackholing various networks at will, while
>> advertising connectivity to those networks to their BGP customers and
>> peers?
>>
[at the risk of getting whacked by Sue Harris, like: what does "operational"
mean anyway when the flood of criminal activity that's been the subject of
discussion here in recent days is frustrating massive amounts of ordinary
customers/Internet users, who will turn away from the Internet in frustr
On Thu, 25 Sep 2003, Brian Bruns wrote:
> Last time I checked, SSL connections do not get proxied through the AOL
> caching servers.
> They go directly from the client.
> 172.151.135.3 is not an AOL proxy server, it is an end user IP address that
> a AOL user gets when they dial in.
> cache-rf03.
Last time I checked, SSL connections do not get proxied through the AOL
caching servers.
They go directly from the client.
172.151.135.3 is not an AOL proxy server, it is an end user IP address that
a AOL user gets when they dial in.
cache-rf03.proxy.aol.com is an AOL proxy.
-
> But it's ok when AboveNet does it?...or actually does much worse by
> secretly and arbitrarily blackholing various networks at will, while
> advertising connectivity to those networks to their BGP customers and
> peers?
>
So why keep connectivity to them? A contract term? Now that you know of t
I'm looking for a clueful person either inside of AOL's NetOps
or someone else that can help us.
Problem;
Using AOL Dial-Up, through AOL Browser or MSIE
users can connect to our web servers and our clients
web servers via normal http with no problem.
If they connect to
Title: Experience with McLeodUSA
I am looking into a point-to-point DS3 from McLeodUSA in the Dallas/Ft. Worth area and was wondering what type of experience anyone on the list has had with them? Customer service, billing, response to issues, etc.
Any information would be greatly appreciate
On Wed, 24 Sep 2003, Leo Bicknell wrote:
> What you're missing in my argument is that it doesn't matter. I
> have no idea who Eddy Marin is, nor do I care. Blocking wcg's
> corporate mail servers is not the solution. Sure, it may get
> someone's attention at wcg, but it may also harm a lot of
>Speaking of joe-jobs, what's the "proper" proceedure
> for >dealing with such? The company I work for is
> currently >undergoing an admitedly minor joe-job.
> (about 300 or so >bounces that I've seen since mid >
last week or so.)
>
> Any suggestions for dealing with this?
What domains are y
> Date: Thu, 25 Sep 2003 11:12:05 -0400 (EDT)
> From: Gerald <[EMAIL PROTECTED]>
[...snip...]
>
> Ugh...sucked in. Can we get back to network operation discussions. Someone
> make a Verisign gripe/commiserate list. I'll sign up.
[EMAIL PROTECTED] ...?
Regards,
Gregory Hicks
>
> G
>
> - Ho
On Thu, 25 Sep 2003, Rich Braun wrote:
>
> Drew Weaver <[EMAIL PROTECTED]> inquired:
> >I know you all have probably already thought of this, but can
> > anyone think of a feasible way to run a RBL list that does not have a single
> > point of failure? Or any attackable entry?
>
> Fed
>> Ehm, that was because you, infolink.com WERE the spam outfit, of
>> course we block your 'entire network', it was an entire network of
>> spammers with no real customers. You can pretend Infolink is an
>> 'EyeEshPee' all you like Mr Leary but what we see is this, from your
>> ROKSO record:
On Fri, 19 Sep 2003, Mr. James W. Laferriere wrote:
>
> Hello All ,
>
> Is there an example of a procmail filter for this bugger ?
This might be a little late, but here is one that works 100% for me:
# this is a virus. base64 encoded "ram cannot be run in DOS mo"
:0 B:
* cm
On Thu, 25 Sep 2003, David Lesher wrote:
> The way to solve the Verislime problem is straightforward,
> but not simple.
>
> Make it unprofitable for them.
...can't resist hitting reply. First there is little to no way to make
this unprofitable for them since they already have people paying
From netadm, received 25/9/03, 9:02 -0400 (GMT):
That describes the escalation procedure of SPEWS, but is not at all
accurate for the SBL, we do not expand listings sideways into
customer space or block whole ISPs [*].
Mr. Linford's Spamhaus has recently blocked our entire ISP because of 2
ent
Steven Schecter said:
>
> Has anyone noticed excessively high latency between Global Crossing and
> AT&T? From what I've gathered, the PNIs between Global Crossing and AT&T
> are completely maxed out.
I've seen the same, and was given the same reason on the GBLX->ATT peer in
SFO. It was interm
[EMAIL PROTECTED] is sending me virus infected emails.
Wes Vaux, CCNA, CCDA
Network Security Engineer,
9000 Regency Pkwy
Ste 500
Cary, NC 27511
t 919.463.6782
f 919.463.1290
Two recent e-mails made me take a new look at the Nanog AUP, and
I'd like to propose several changes to help clarify the policy.
Several recent discussions have descended into the weeds. I'll take
my share of the blame for my participation. That said, one on-list
event, and several off list eve
Drew Weaver <[EMAIL PROTECTED]> inquired:
>I know you all have probably already thought of this, but can
> anyone think of a feasible way to run a RBL list that does not have a single
> point of failure? Or any attackable entry?
Fedex. "Never underestimate the bandwidth of a station
Steven Schecter wrote:
Has anyone noticed excessively high latency between Global Crossing and
AT&T?
According to Global Crossing, the NYC peer is maxed during peak periods,
and AT&T is refusing to increase capacity. No ETA at this time
regarding a resolution to the problem, which is most cer
Dr. Race - this is the second time I have contacted you concerning a NANOG
mailing list AUP violation. Please refer to the AUP:
http://www.nanog.org/aup.html
If you again violate any terms of the AUP, we'll need to withdraw your
posting privileges from the list.
Susan Harris, Ph.D.
>> That describes the escalation procedure of SPEWS, but is not at all
>> accurate for the SBL, we do not expand listings sideways into
>> customer space or block whole ISPs [*].
>>
Mr. Linford's Spamhaus has recently blocked our entire ISP because of 2
entities on our network we are working to
Beating up the spokestech may feel good but is pointless.
The way to solve the Verislime problem is straightforward,
but not simple.
Make it unprofitable for them.
Maybe that is by political pressure [but I doubt it -- they have
big lobbying muscle..] from the Hill.
It may be by lawsu
At 12:50 +0200 (GMT) 25/9/03, Hank Nussbacher wrote:
AS3339 has a zero tolerance for spamming. With just one spam
complaint we block the IP in question. We have a downstream
customer that has many cybercafes in Africa that generate http and
smtp spam and we block each complaint within 48 hour
On Thu, 25 Sep 2003 12:50:58 +0200 Hank Nussbacher <[EMAIL PROTECTED]> wrote:
> AS3339 has a zero tolerance for spamming.
...
> None the less, here is a recent email extract I received from someone:
...
> "Hank, I am not a Spamhaus.org representative in any shape or form.
> I do not claim to spea
At 07:42 PM 24-09-03 -0400, Richard Welty wrote:
the blacklisting of ISP ranges is very rare, it only occurs perhaps once a
year, in extreme cases. several years ago, the sbl listed sprint's coporate
mail servers during a period when sprint was providing connectivity for
many spamhausen. sprint re
>And the usual US-centric view...
>Which congress person does Demon Netherlands, T-dialin, Wanadoo
>France, Tiscali etc. go to?
In the Netherlands, Germany, France, Italy and other countries
people generally know who to go to to raise an issue with
their governments. In some cases there is a dir
>> you are confused. and in any case this is off-topic. take it to
namedroppers,
>> but before you do, please read rfc's 1033, 1034, 1035, 2136, 2181, and
2317.
>Can someone please tell me how a change to a critical component of the
>Internet which has the capacity to cause harm is not an oper
On Thu, 25 Sep 2003 08:29:42 +0100, Steve Linford wrote:
>for the benefit of those providers on nanag who use our SBL system,
>rest assured we will be removing the escalation 'any minute now' as
>WCG are now in contact with us and I understand are pulling spammer
>plugs.
Elegant understatemen
Distributing an RBL list is the easy part. There are a
variety of methods in place that can provide sufficient
reliability and are sufficiently anonymous or difficult to attack,
such as Usenet and Freenet and Gnutella and probably Kazaa,
and it's not too hard to develop efficient data formats
f
(Apologies to nanog, I make a point of not discussing spam issues
here, but I feel an uncontrollable urge to respond to this one as it
concerns Spamhaus directly)
At 20:01 -0400 (GMT) 24/9/03, Leo Bicknell wrote:
In a message written on Wed, Sep 24, 2003 at 07:42:39PM -0400,
Richard Welty wrot
On Wed, 24 Sep 2003 [EMAIL PROTECTED] wrote:
> On Wed, 24 Sep 2003 13:10:43 CDT, Stephen L Johnson <[EMAIL PROTECTED]> said:
> > Please forgive my ignorance, but what is a "joe-job"?
>
> http://searchsecurity.techtarget.com/gDefinition/0,294236,sid14_gci917469,00.html
This is amusing because w
59 matches
Mail list logo