--On Wednesday, December 3, 2003 10:53 PM -0500 [EMAIL PROTECTED]
wrote:
On Wed, 03 Dec 2003 15:57:37 PST, Owen DeLong [EMAIL PROTECTED] said:
around. (In fact, I'm hard pressed to imagine how a Frag needed packet
for an invalid session could do much of anything).
You can use a forged 'frag
Looking for advice.
I would like to know if there are standard or widely used file formats
to represent the following information:
* intradomain topology (including IGP costs, bandwidths, delays, SRLG)
* BGP peerings
* traffic matrices
Thanks in advance
Bruno
--
CSE Dept. UCL,
On Wed, 2003-12-03 at 22:09, Jamie Reid wrote:
This was a problem when filtering Nachi while it pinged networks
to their knees.
I think the problem was exasperated by the fact that some ISP's
responded by blocking _all_ ICMP. Its bad enough that this killed their
own ability to see if their
On 4 Dec 2003, at 11:02, Sean Donelan wrote:
Toll charges do encourage PBX owners and cordless phone makers to
improve
the security of their products?
I think exploits on PBXes which result in multi-thousand dollar
fradulent toll charges being racked up are so common as to not even be
At 09:53 PM 03/12/2003, Jamie Reid wrote:
The other thing that worries me is that those who rely on
their ISP to scan
for viruses, a false sense of security can come into play.
In the case of
these types of email viruses, the user might think the file
is OK because
it was
If ISPs charged customers $0.01/email message, would it cure spam or
would the spammers just continue to use third-party victims to spam and
there would be lots of news stories about grandmothers and orphans getting
huge ISP bills? IANAL, but many spammers are already breaking a law by
Sean Donelan [EMAIL PROTECTED] wrote:
Did news stories about this get other people in New Zealand to fix their
computers, apply patches, use anti-virus? Or were were lots of stories
about the evil telco ruining grandmothers and orphans? and the telco
eventually waived the charges?
probably
All,
I'm in the process of morphing my company into generalized corporate email
outsource agency. The sales pitch: the average (1000+ user) company is
finding it difficult-to-impossible to run their own email server. Just do
away with the problem, and give it to me.
The last couple of months
It takes a good combination of both ISP and end user to fight spam, I have a tool
in this editor for reading msg that allows me to tag a spammer and block the '
[EMAIL PROTECTED] that gets by the isp scan tool.
Common sense, in these times shows you to not open emails from strangers
especially
Title: RE: MTU path discovery and IPSec
On Wed, 03 Dec 2003 16:05:39 GMT, [EMAIL PROTECTED] said:
1) I assume MTU path discovery has to been in enabled on
each router in the path in order for it work correctly?!
Actually, no. All that's required is that:
You also need an OS that
[EMAIL PROTECTED] wrote:
...
It's not the reverse DNS itself that is meaningful. It is the
fact that the SMTP server operator with proper IN PTR records
probably has the cooperation of their ISP.
This is a broken model. People that are buying high level services should
expect those to be
On Thu, 4 Dec 2003, Tony Hain wrote:
This is a broken model. People that are buying high level services should
expect those to be delivered correctly, but those who are buying bit
transport should not be required to obtain additional services to become
fully functional. It is nice to
Chris Lewis writes on 12/4/2003 2:24 PM:
As I understand it, they blacklist if an IP with no rDNS generates some
threshold of complaints. Not just no rDNS by itself.
That is a good way to go.
A simple no rDNS rule causes too much trouble with our overseas
customers. I'm sure AOL discarded
On Thu, 04 Dec 2003 09:52:10 PST, Henry Linneweh [EMAIL PROTECTED] said:
Common sense, in these times shows you to not open emails from strangers
especially with *.zip files unless they are coming from a known party based on
some kind of dialog prior to it being sent and received.
Common
Hi,
I'm evaluating IP address management software. Looking for the
following:
1) Pointers to online reviews.
2) Views on what is the absolute best package out there.
3) Views on useful free software if it's worth considering.
4) Contact info of sales persons of commerical software.
5)
On Wednesday, 2003-12-03 at 09:38 PST, David Sinn [EMAIL PROTECTED] wrote:
Given the nastiness of ICMP DDoS attacks of late, it might be better to
hit
the server and client admin's with the clue bat about not using PMTU
discovery (which also extends to the writers of the App's and OS's).
Today at 15:08 (-0500), [EMAIL PROTECTED] wrote:
Date: Thu, 04 Dec 2003 15:08:04 -0500
From: [EMAIL PROTECTED]
To: Henry Linneweh [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: Re: new nasty email virus trick to bypass scanners
On Thu, 04 Dec 2003 09:52:10 PST, Henry Linneweh [EMAIL
Tony Rall wrote:
On Wednesday, 2003-12-03 at 09:38 PST, David Sinn [EMAIL PROTECTED] wrote:
snipped
(And note that frag 1 often is not the first fragment to arrive at
downstream nodes. In my example in (1), frequently frag 2 will reach
places before frag 1 does (if any router along
Common sense, in these times shows you to not open emails from
strangers
especially with *.zip files unless they are coming from a known party
based on
some kind of dialog prior to it being sent and received.
Common sense always loses when fighting against the promise of dancing
Adam McKenna wrote:
On Wed, Dec 03, 2003 at 09:53:37AM -0800, Adam McKenna wrote:
On Wed, Dec 03, 2003 at 09:48:44AM -0800, Randy Bush wrote:
How can delegating in-addr.arpa on a per-ip basis be any different or worse
than delegating it using an rfc2317 scheme?
consider the
On Thu, Dec 04, 2003 at 02:04:54PM -0800, Crist Clark wrote:
$ dig 3.2.1.in-addr.arpa soa
$ dig 42.3.2.1.in-addr.arpa soa
This email contains approximately the same information as Randy's did. Yes,
the SOA's will be different. That is what is intended. The nameserver that
is
Suresh Ramasubramanian wrote:
A simple no rDNS rule causes too much trouble with our overseas
customers. I'm sure AOL discarded that idea for the same reason.
Yup. The model can be extended to if no rDNS, and if spamtrap hits or
other spammish behavior noted from more than X IPs per /24, then
Petri Helenius writes on 12/4/2003 5:36 PM:
Yup. The model can be extended to if no rDNS, and if spamtrap hits or
other spammish behavior noted from more than X IPs per /24, then block
the /24.
And why would blocking the /24 be appropriate instead of matching the
registry?
I would refer you
Suresh Ramasubramanian wrote:
Petri Helenius writes on 12/4/2003 5:36 PM:
And why would blocking the /24 be appropriate instead of matching the
registry?
I would refer you to the huge number of netblocks out there that stay
at /16 or larger size, with the upstream not SWIP'ing or otherwise
On Thu, 04 Dec 2003 16:40:45 EST, Joe Maimon [EMAIL PROTECTED] said:
I agree with all I have snipped.
I was wondering would it not be wiser for fraggers to frag in half
instead of just the overflow?
There's 2 cases here:
1) This is the final frag on the path - if PMTUD is in use, we want
Adi Linden wrote:
I am not talking about sending bills for some outrageous amount due to
excess bandwidth used. Instead cut off when a certain bandwidth threshold
has been exceeded. If the bandwidth was used purposely and legitametly,
buy more bandwidth, otherwise fix your PC.
This only
On Fri, 5 Dec 2003, Petri Helenius wrote:
And I refer you to the blocks which are properly registered down
to the /29 level and you are saying that if you are a good citizen
collateral damage is recommended regardless because antispammers
are either lazy or technically incompetent or
On Thu, Dec 04, 2003 at 05:54:42PM -0500, [EMAIL PROTECTED] wrote:
On Thu, 04 Dec 2003 16:40:45 EST, Joe Maimon [EMAIL PROTECTED] said:
I was wondering would it not be wiser for fraggers to frag in half
instead of just the overflow?
There's 2 cases here:
1) This is the final frag on
Petri Helenius writes on 12/4/2003 5:46 PM:
And I refer you to the blocks which are properly registered down to the
/29 level and
you are saying that if you are a good citizen collateral damage is
recommended
regardless because antispammers are either lazy or technically incompetent
or like
Barney Wolff wrote:
On Thu, Dec 04, 2003 at 05:54:42PM -0500, [EMAIL PROTECTED] wrote:
On Thu, 04 Dec 2003 16:40:45 EST, Joe Maimon [EMAIL PROTECTED] said:
I was wondering would it not be wiser for fraggers to frag in half
instead of just the overflow?
There's 2 cases here:
1)
On Thu, 04 Dec 2003 18:03:38 EST, Barney Wolff said:
That's not how PMTUD works. If DF is set, you discard the packet and
report back with ICMP. If DF is not set, you frag the packet - but
that's not PMTUD, because no report ever goes back to the sender.
Oh, so we compute ONE number if DF
just me wrote:
On Fri, 5 Dec 2003, Petri Helenius wrote:
And I refer you to the blocks which are properly registered down
to the /29 level and you are saying that if you are a good citizen
collateral damage is recommended regardless because antispammers
are either lazy or
[EMAIL PROTECTED] wrote:
I've looked at past threads on NANOG concerning this topic and
see only bits/pieces of what I am looking for. Hoping to obtain a
more comprehensive set of data.
There's a web seminar coming up at http://www.vaticor.com next week. It
seems like it will answer a lot of
On Thu, Dec 04, 2003 at 04:59:59PM -0800, Crist Clark wrote:
$ORIGIN 168.50.204.in-addr.arpa.
$GENERATE 0-15 $ NS a.ns.$
$GENERATE 0-15 a.ns.$ A 204.50.168.2
Is any harder than,
$ORIGIN 168.50.204.in-addr.arpa.
$GENERATE 0-15 CNAME $.0/28
0/28NS
Joe Maimon wrote:
Tony Rall wrote:
On Wednesday, 2003-12-03 at 09:38 PST, David Sinn [EMAIL PROTECTED] wrote:
snipped
(And note that frag 1 often is not the first fragment to arrive at
downstream nodes. In my example in (1), frequently frag 2 will reach
places before frag 1
[EMAIL PROTECTED] wrote:
On Thu, 04 Dec 2003 18:03:38 EST, Barney Wolff said:
That's not how PMTUD works. If DF is set, you discard the packet and
report back with ICMP. If DF is not set, you frag the packet - but
that's not PMTUD, because no report ever goes back to the sender.
Oh,
Crist Clark wrote:
Joe Maimon wrote:
Tony Rall wrote:
On Wednesday, 2003-12-03 at 09:38 PST, David Sinn [EMAIL PROTECTED] wrote:
snipped
(And note that frag 1 often is not the first fragment to arrive at
downstream nodes. In my example in (1), frequently frag 2 will
Crist Clark wrote:
Joe Maimon wrote:
Tony Rall wrote:
On Wednesday, 2003-12-03 at 09:38 PST, David Sinn [EMAIL PROTECTED] wrote:
snipped
(And note that frag 1 often is not the first fragment to arrive at
downstream nodes. In my example in (1), frequently frag 2 will reach
So, an interesting thing happened to me yesterday.
I run OpenBSD's https.openbsd.org site. Of course, we have an
SSL Site certificate for this site. When we first started the site,
(about 6 years ago) we got a site certificate from Thawte. Back in
these days they were based in
Thanks everyone here on this list who helped track down this!
We just published a (hopefully more or less final) Diary on
this topic at http://isc.sans.org/diary.html (see below for text).
As it turns out, at least one particular version of the software
distributed by PopAdStop.com did include a
Laurence F. Sheldon, Jr. wrote:
Crist Clark wrote:
Joe Maimon wrote:
Tony Rall wrote:
On Wednesday, 2003-12-03 at 09:38 PST, David Sinn [EMAIL PROTECTED] wrote:
snipped
(And note that frag 1 often is not the first fragment to arrive at
downstream nodes. In my
On Thu, 4 Dec 2003, Tony Hain wrote:
Can you explain to the less hyperbolic among us, why I should be
obligated to exchange packets with a provider who hosts abusive
customers.
Disclaimer: I am not a lawyer.
That said, IMHO you are free to do what you want as an individual, but
On Thu, 04 Dec 2003 17:22:23 PST, Crist Clark said:
Excerise for the reader:
Devise an algorthm that will take an arbitrarily sized packet 20-65535
octets and an arbitrarily sized MTU, 576 octets, and split the
packet into the minimum number of n fragments where each fragment is
(1) less
Greetings NANOG,
If anyone has experience with Sonet OC3 between a Cisco MGX and a Lucent
5ESS (preferably with APS configured) can you please contact me off-list.
I am also interested in anyone having problems with Cisco CSG (Content
Services Gateway) and the units hanging all of the
I need to speak with someone at RR about blocking issues.
Apparently they've decided to block mail from Apache.org and some of our
other customers without any notice to UL.
I've followed their instructions and e-mailed the listed addresses,
I've waited quite a while (over 24 hours) and have yet
45 matches
Mail list logo