As some of you have seen from sessions today, hijacking of ips has been
noticed by many. I want to give report of what the current situation is as
I've been monitoring known hijacked ip ranges and active use of those.
The active list is included later in this email and is available online at
htt
On 20 Oct 2003, at 21:12, John Brown (CV) wrote:
Interested data point
Those ASNs have all been assigned by the respective RIR (and LIR, in
one case) to ISC for use as part of ISC's ongoing effort to distribute
the F root nameserver globally.
Each of the anycast instances of F is designed to
todd glassey wrote:
Richard -
Do they (Verisign) have any legal reason to??? - is there anything between
them and ANY of their clients that requires them to inform them before any
changes to protocol facilities are made - I think not.
To inform? Not yet, although I have the feeling that this will
Hi,
We are getting a LOT of web requests containing what mostly looks like
giberish.
[Mon Oct 20 21:13:42 2003] [error] [client 172.133.3.204] request
failed: erroneous characters after protocol string:
\xb8\xcf\xc235\x9f\xc4\x1c\xebj\xd7\xc5\x8e\xe9d>\xfdMe\xed\x16\xca\xd51\xcfReF\x82\xa3qi\x
Interested data point
23707
23708
23709
23710 APNIC ASN's
23711
23712
23713
25572 RIPE ASN's
27318
27319
27320 ARIN ASN's
27321
27322
30122
30123
30124
30124
30124
30124
30124 ARIN ASN's
30124
30130
30131
30132
30133
30134
On Mon, 20 Oct 2003 16:55:32 -0700 todd glassey <[EMAIL PROTECTED]> wrote:
> Do they (Verisign) have any legal reason to??? - is there anything between
> them and ANY of their clients that requires them to inform them before any
> changes to protocol facilities are made - I think not.
i'd say th
At 2:35 PM -0700 10/20/03, Henry Linneweh wrote:
I see serious troubles ahead, imagine a client of a client who has
lets say 3,000+ servers on-line and new list of clients is added and
there is a typo and all 3,000 servers are redirected with 10's of
thousands of clients, each with the potential to
On Mon, 20 Oct 2003 20:06:50 -0400 "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote:
> I would suggest, however, that the number of people that do read
> these lists run mail servers with more end users than the small
> system administrators that do not.
true, but this can be interpreted as "the
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have just cut a keyring with the 34 keys sent in for tonight's key
party, which you will find at:
http://www.isc.org/misc/nanog29.pgp
http://www.isc.org/misc/nanog29.txt (ASCII-armoured version)
Fingerprints are below, and will also be available
On Mon, 20 Oct 2003 17:15:23 -0400 "Howard C. Berkowitz"
<[EMAIL PROTECTED]> wrote:
At 5:04 PM -0400 10/20/03, Richard Welty wrote:
>may i suggest another operational issue then?
>how does verisign plan to identify and notify all affected parties
>when changes
>are proposed?
>for example,
Richard -
Do they (Verisign) have any legal reason to??? - is there anything between
them and ANY of their clients that requires them to inform them before any
changes to protocol facilities are made - I think not.
Todd
- Original Message -
From: "Richard Welty" <[EMAIL PROTECTED]>
To:
"Steven M. Bellovin" wrote:
>
> A number of people havce responded that they don't want to be forced to
> pay for a change that will benefit Verisign. That's a policy issue I'm
> trying to avoid here. I'm looking for pure technical answers -- how
> much lead time do you need to make such change
On Mon, 20 Oct 2003, Laurence F. Sheldon, Jr. wrote:
> Bret Baptist wrote:
> > The NANOG mailing list has been renamed to VOTDG. This stands for Verisign
> > Off Topic Discussion Group.
> Good plan--nothing about DNS is an operational issue either.
no no you misunderstood... What is offtopic is
Bret Baptist wrote:
>
> The NANOG mailing list has been renamed to VOTDG. This stands for Verisign
> Off Topic Discussion Group.
Good plan--nothing about DNS is an operational issue either.
The NANOG mailing list has been renamed to VOTDG. This stands for Verisign
Off Topic Discussion Group.
--
Bret Baptist
Systems and Technical Support Specialist
[EMAIL PROTECTED]
Internet Exposure, Inc.
http://www.iexposure.com
(612)676-1946 x17
Web Development-Web Marketing-ISP Services
---
-BEGIN PGP SIGNED MESSAGE-Hash: SHA1
Oh boy, well first and foremost the root servers and database areowned by the public because they were paid for from the TAX-BASE.
Second and foremost the technology to redirect web pages and ips isnot new or innovative, kiddies used to do it on
On Mon, 20 Oct 2003 17:15:23 -0400 "Howard C. Berkowitz" <[EMAIL PROTECTED]> wrote:
> At 5:04 PM -0400 10/20/03, Richard Welty wrote:
> >may i suggest another operational issue then?
> >how does verisign plan to identify and notify all affected parties
> >when changes
> >are proposed?
> >for ex
> A number of people havce responded that they don't want to be forced to
> pay for a change that will benefit Verisign. That's a policy issue I'm
> trying to avoid here. I'm looking for pure technical answers -- how
> much lead time do you need to make such changes safely?
You can't s
At 5:09 PM -0400 10/20/03, [EMAIL PROTECTED] wrote:
On Mon, 20 Oct 2003 16:31:45 EDT, "Steven M. Bellovin"
<[EMAIL PROTECTED]> said:
A number of people havce responded that they don't want to be forced to
pay for a change that will benefit Verisign. That's a policy issue I'm
trying to avoid h
At 5:04 PM -0400 10/20/03, Richard Welty wrote:
On Mon, 20 Oct 2003 16:31:45 -0400 "Steven M. Bellovin"
<[EMAIL PROTECTED]> wrote:
A number of people havce responded that they don't want to be forced to
pay for a change that will benefit Verisign. That's a policy issue I'm
trying to avoid her
On Mon, 20 Oct 2003 16:31:45 EDT, "Steven M. Bellovin" <[EMAIL PROTECTED]> said:
>
> A number of people havce responded that they don't want to be forced to
> pay for a change that will benefit Verisign. That's a policy issue I'm
> trying to avoid here. I'm looking for pure technical answers
On Mon, 20 Oct 2003 16:31:45 -0400 "Steven M. Bellovin" <[EMAIL PROTECTED]> wrote:
> A number of people havce responded that they don't want to be forced to
> pay for a change that will benefit Verisign. That's a policy issue I'm
> trying to avoid here. I'm looking for pure technical answers
On 10/20/2003 at 16:31:45 -0400, Steven M. Bellovin said:
>
> A number of people havce responded that they don't want to be forced to
> pay for a change that will benefit Verisign. That's a policy issue I'm
> trying to avoid here. I'm looking for pure technical answers -- how
> much lead tim
> From the "Technical Adviser" column in today's
> Wall Street Journal:
>
> So, what kind of tips do the tipsters give you?
> Here's a typical one: Before you type in a Web
> address in your browser, in nearly all cases
> you don't need the "www " part; you'll be taken
> where you want to go witho
Trouble Grows at the Internet's Root
By Kevin Murphy
http://www.cbronline.com/latestnews/165c8acb5f79bb5780256dc50018bddd
Answering concerns presented here (did not have time before while
preparing to leave for nanog conference)
> At 12:12 PM 17-10-03 -0700, [EMAIL PROTECTED] wrote:
>
> It would appear you are not checking whois.nic.mil for allocations as
> well. All the US DOD/DISA stuff is registered there an
A number of people havce responded that they don't want to be forced to
pay for a change that will benefit Verisign. That's a policy issue I'm
trying to avoid here. I'm looking for pure technical answers -- how
much lead time do you need to make such changes safely?
--Steve
Drew,
Yes and quoting from their pages:
Current System Issues:
Status Last Updated: 1:00PM PDT
Incident start time: 8:00AM PDT
Description of incident: Very heavy Monday morning load on all Postini
mail serv
Yes, they never responded to any of our emails when we had issues
a couple of weeks ago.
john brown
chagres technologies, inc
On Mon, Oct 20, 2003 at 03:41:19PM -0400, Drew Weaver wrote:
> Hi, is anyone else having a very difficult time reaching
> Postini?
>
>
>
> Thanks,
>
> -
On 13 Oct 2003 20:15:22 +0700, [EMAIL PROTECTED] wrote:
>Hi. This is the qmail-send program at asianet.co.th.
>I'm afraid I wasn't able to deliver your message to the following addresses.
>This is a permanent error; I've given up. Sorry it didn't work out.
>
><[EMAIL PROTECTED]>:
I have mail for
Hi, is anyone else having a very difficult time
reaching Postini?
Thanks,
-Drew
Hank,
On Mon, Oct 20, 2003 at 05:55:18PM +0200, Hank Nussbacher wrote:
> At 01:28 PM 20-10-03 -0200, Frederico A C Neves wrote:
>
> >Hank,
> >
> >These whois servers uses an output format "based" on RPSL with added
> >extensions for organizations and dns delegation status.
>
> Can you point me
In message <[EMAIL PROTECTED]>, "Ray Bellis" writes:
>
>Has it occurred to anyone else that the side effects of Verisign's
>wildcard record might have been very much reduced if the wildcard had
>only worked if the address being resolved actually started 'www.' ?
>
>Not that I ever want to see Veri
NANOG folks,
If you're attending NANOG29 and looking for something to do this
evening (Monday) in Chicago, you're welcome to join us to see Pat
McCurdy play tonight at a place called Beat Kitchen.
The show starts at 10PM - $5 cover. It'd be good to get there ~9PM.
Pat usually plays a mix of hi
On Mon, 20 Oct 2003 14:19:36 -0400 William Allen Simpson <[EMAIL PROTECTED]> wrote:
> Since Postfix is run by a lot more enterprises than BIND, let's double
> that number! How about, until all the W95 and W98 and W2K servers are
> updated
if verisgn thinks this ought to get done faster, i
At 10:57 AM -0700 10/20/03, Owen DeLong wrote:
OK... I've been lurking for a while.
I think the definition IAB intended to express concern about was:
Backbones (transit providers) deploying [permanent] filtration on their
connections with other ISPs.
I would like to propose the following terminol
I said 90 days myself - 30 of investigation and 30 to plan and then 30 to
clean-up whatever messes the act causes.
Todd
- Original Message -
From: "Owen DeLong" <[EMAIL PROTECTED]>
To: "Steve Bellovin" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Sent: Monday, October 20, 2003 11:02 AM
Subj
Steve Bellovin wrote:
>
> ... We heard this morning that Postfix is an application that
> will need to be changed to handle the proposed new version of
> Sitefinder's MX record. Of course, it's generally considered a good
> idea to test sofware before deploying it.
>
> So -- how much notice wou
On Mon, 20 Oct 2003 13:31:41 -0400 Kee Hinckley <[EMAIL PROTECTED]> wrote:
> More importantly--Verisign needs to deploy alternate servers so it's
> actually possible to test software against the changes they propose
> to make. Otherwise we're just running around guessing what the
> behavior is
I like John Currans proposed timeline of Length of Verisign Contract+1 day.
However, absent that, I think that 12 months to the operational community
and
24 months to the enterprise community is probably a reasonable starting
point
as long as they are willing to accept delays if a significant po
OK... I've been lurking for a while.
I think the definition IAB intended to express concern about was:
Backbones (transit providers) deploying [permanent] filtration on their
connections with other ISPs.
I would like to propose the following terminology definitions FOR THIS
EMAIL message
and ask
At 10:59 AM -0400 10/20/03, Steve Bellovin wrote:
So -- how much notice would the operator community want before
deploying new software? What about for enterprises? (We all know that
stuff *can* be deployed more quickly in emergency circumstances. We
also know the problems that that can lead to,
-BEGIN PGP SIGNED MESSAGE-
Howard C. Berkowitz wrote:
> Given that this functionality does exist in web browsers, there's
> the flavor of monopolistic competition that may be vulnerable to
> antitrust action.
Verisign is indeed being monopolistic here.
But you still have a choice of di
> "Geo" == Geo <[EMAIL PROTECTED]> writes:
Geo> Got something really weird going on and I need a bit of help
Geo> from someone who is really good with dns.
Geo> Domain elby.ch
Geo> seems to resolve from some DNS servers but not from others. Can
Geo> you see anything that might break d
Has it occurred to anyone else that the side effects of Verisign's
wildcard record might have been very much reduced if the wildcard had
only worked if the address being resolved actually started 'www.' ?
Not that I ever want to see Verisign's abomination resurrected, of
course...
Ray
--
Ray B
> > ... would really mean that the internet is yet another
> > commercial thing controlled by one single entity.
>
> Look at the interview with Verisign's CEO at
> http://news.com.com/2008-7347-5092590.html?tag=nefd_gutspro, and I
> think you'll see that your "what it would really mean" is exac
On Mon, 20 Oct 2003, Tom (UnitedLayer) wrote:
> On Mon, 20 Oct 2003 [EMAIL PROTECTED] wrote:
> > Northern California, would mean SF Bay Area or not?
>
> The Bay Area is NorCal...
Certainly is in the way this term is used by everyone (geographically bay
area is in the center of california state,
>So -- how much notice would the operator community want before
>deploying new software? What about for enterprises? (We all know that
>stuff *can* be deployed more quickly in emergency circumstances. We
>also know the problems that that can lead to, which is why we generally
>want testing
On Mon, 20 Oct 2003 [EMAIL PROTECTED] wrote:
> Northern California, would mean SF Bay Area or not?
The Bay Area is NorCal...
> Or did you mean real "Northern" part of California (i.e. around Shasta)?
I believe the technical term is "boonies" but thats a minor detail :)
The name servers for the domain elby.ch do not reverse resolve.
For example: ns1.elbyns.de resolves to 62.116.130.76, but 62.116.130.76
does not resolve back ns1.elbyns.de.
It's not clear through the RIPE Whois search (this IP block is within a RIPE
range) who does name service for the IP bloc
Jeroen - and Howard -
- Original Message -
From: "Howard C. Berkowitz" <[EMAIL PROTECTED]>
> >
> >*if* Verisign gets it through that the installed base has
> >to bend over because they introduce such a thing it would
> >be a very bad thing for the internet as a whole and it would
> >real
Eh?
I don't see a delegation to tulku.nic.ar. anywhere down the delegation
chain.
. says ch nameservers are:
NS.APNIC.NET. 2D IN A 203.37.255.97
DOMREG.NIC.ch. 2D IN A 130.59.1.80
MERAPI.SWITCH.ch. 2D IN A 130.59.211.10
DNS.PRINCETON.EDU. 2
Northern California, would mean SF Bay Area or not?
Or did you mean real "Northern" part of California (i.e. around Shasta)?
On Mon, 20 Oct 2003, Dan Lockwood wrote:
>
> Although I fail to have one of the stickers, if there is anyone at the
> meeting that is operating in the northern Californi
Geo. wrote:
Got something really weird going on and I need a bit of help from someone
who is really good with dns.
Domain elby.ch
FWIW, this is often a good site to use when troubleshooting such issues:
http://dnsreport.com/
At 11:56 AM 20-10-03 -0400, Geo. wrote:
Got something really weird going on and I need a bit of help from someone
who is really good with dns.
Domain elby.ch
See:
http://www.dnsreport.com/tools/dnsreport.ch?domain=elby.ch
There is a warning for parent servers:
Your NS records APPEAR to be:
ns2.e
Although I fail to have one of the stickers, if there is anyone at the
meeting that is operating in the northern California area and would like
to discuss peering please send me a message off-list. I'm interested to
learn what other operations are in the area.
Thanks!
Dan Lockwood
At 01:28 PM 20-10-03 -0200, Frederico A C Neves wrote:
Hank,
These whois servers uses an output format "based" on RPSL with added
extensions for organizations and dns delegation status.
Can you point me to documentation on the extensions? Any plan on RFCing?
The whois server at the .BR regist
Got something really weird going on and I need a bit of help from someone
who is really good with dns.
Domain elby.ch
seems to resolve from some DNS servers but not from others. Can you see
anything that might break dns resolution for this domain? Specifically it
appears NT4 dns servers with Sec
At 5:22 PM +0200 10/20/03, Jeroen Massar wrote:
Ahem, so Verisign wants to change the complete working of the
internet with the currently installed base because they want
to gather all the typo's??? Are they going to pay us the money
for upgrading/verification/checking/testing etc?
Fix the Webbro
Hank,
These whois servers uses an output format "based" on RPSL with added
extensions for organizations and dns delegation status.
The whois server at the .BR registry (also the NIR for Brazil) doesn't
provide country information because it's implicit as it only provide
information for Brazil.
-BEGIN PGP SIGNED MESSAGE-
Steve Bellovin wrote:
> The session this morning ran out of time, so I didn't get to ask my
> question.
>
> Verisign's review panel has identified a number of problems
> -- I won't
> argue if they're minor or not -- that are addressable with software
> cha
The session this morning ran out of time, so I didn't get to ask my
question.
Verisign's review panel has identified a number of problems -- I won't
argue if they're minor or not -- that are addressable with software
changes. We heard this morning that Postfix is an application that
will nee
On Mon, 20 Oct 2003, David Lesher wrote:
> Solutions, the Herndon-based registrar of Internet addresses,
> for $100 million in a deal that will allow VeriSign to retain
> exclusive control of the valuable .com and .net database.
And NetSlow is now offering free domain transfers -
http://www.netw
On Mon, Oct 20, 2003 at 05:00:58AM -0700,
[EMAIL PROTECTED] <[EMAIL PROTECTED]> wrote
a message of 35 lines which said:
> then there is the idea of "permanent" deployment ...
> little is permanent in networking. the hard problem
> is when vendors put filters in silicon. :(
>>> prudent/paranoid folk over the years have persuaded me that
>>> it makes the best sense to only run those applications/services
>>> that I need to and shut off everything else - until/unless there
>>> is a demonstrated need for it.
>> very true for a host, even somewhat true for a site. ver
>
> > prudent/paranoid folk over the years have persuaded me that
> > it makes the best sense to only run those applications/services
> > that I need to and shut off everything else - until/unless there
> > is a demonstrated need for it.
>
> very true for a host, even somewhat true for a site.
66 matches
Mail list logo