james wrote:
>
> On Fri, 2003-12-05 at 16:05, Laurence F. Sheldon, Jr. wrote:
>
> > Everything else was forged, spoofed, or unintelligble.
> >
> > I was probably not filtering off traffic from you (for any value of
> > "you"), I was filtering off stuff with your IP address in it.
>
> I was not
On Fri, 2003-12-05 at 21:20, just me wrote:
> On 5 Dec 2003, james wrote:
>
> On Fri, 2003-12-05 at 16:05, Laurence F. Sheldon, Jr. wrote:
>
> > Everything else was forged, spoofed, or unintelligble.
> >
> > I was probably not filtering off traffic from you (for any value of
> > "you")
On 5 Dec 2003, james wrote:
On Fri, 2003-12-05 at 16:05, Laurence F. Sheldon, Jr. wrote:
> Everything else was forged, spoofed, or unintelligble.
>
> I was probably not filtering off traffic from you (for any value of
> "you"), I was filtering off stuff with your IP address in it.
I
On Fri, 2003-12-05 at 16:05, Laurence F. Sheldon, Jr. wrote:
> Everything else was forged, spoofed, or unintelligble.
>
> I was probably not filtering off traffic from you (for any value of
> "you"), I was filtering off stuff with your IP address in it.
I was not aware one can fake everything
At 06:23 PM 12/5/2003 -0500, [EMAIL PROTECTED] wrote:
> 1) The Cable companies are peering (with Tier 2s and each other) in a
> *big* way
That's probably why ATDN depeered ~20 networks over last few months,
while Comcast and Charter do not peer at all.
I had not heard that. As for Comcast and Chart
[EMAIL PROTECTED] writes on 12/5/2003 7:24 PM:
did not even record whey thy blocked him. Not only should they have recorded
it but perhaps had a location where Tom could find that:
1. He's being blocked
2. Why he is being blocked with particular example of abuse that caused it
3. How long will
> 1) The Cable companies are peering (with Tier 2s and each other) in a
> *big* way
That's probably why ATDN depeered ~20 networks over last few months,
while Comcast and Charter do not peer at all.
> 2) The Large Network Savvy Content Companies are getting into peering in
> a *big* way
With tran
I have also had some blocking taking place. Mail was sent to spamblock @
rr.com two days ago without any response although we did have ticket
generation.
/m
- Original Message -
From: "Suresh Ramasubramanian" <[EMAIL PROTECTED]>
To: "Dan Ellis" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]
I think part of the problem is not only to notify but provide information
for techs at another ISP to know what kind of problem they have (and if
you block them, they may not be able to reach you to even ask).
I would remind that this thread started from Tom telling us that roadrunner
did not
As per their bounceback instructions, tried [EMAIL PROTECTED], it appears still
blocked.
--
Daniel Ellis, CTO, PenTeleData
(610)826-9293
"The only way to predict the future is to invent it."
--Alan Kay
-Original Message-
From: Sur
Dan Ellis writes on 12/5/2003 6:05 PM:
Could someone from Roadrunner please contact me – you have blocked a
large ISP’s mail server farm and are not responding to requests to
unblock. We received no notification of a block.
Thanks
--Dan
Doesn't [EMAIL PROTECTED] work?
srs
--
Daniel Ellis,
Hello,
Could someone from Roadrunner please contact me – you have
blocked a large ISP’s mail server farm and are not responding to requests
to unblock. We received no notification of a block.
Thanks
--Dan
--
Daniel Ellis, CTO, PenTeleData
(610)826-9293
"The only way
james wrote:
>
> : > I may be reaching here but I think perl scripting can do this.
> :
> : I wish. I've been experimenting with doing exactly that for years.
>
> That is what I ment by "reaching", it was not intended to be a smart a** comment.
> How about mailing to abuse/postmaster@ ? I real
On Fri, 5 Dec 2003, james wrote:
> To me the important thing is at least trying to notify.
> So the clueless miss out. Tuff. Those of us that care would like to know
> there is a problem, so we can solve it.
Thank you James, thats my point exactly :)
The people who care or have a clue will have
: > I may be reaching here but I think perl scripting can do this.
:
: I wish. I've been experimenting with doing exactly that for years.
That is what I ment by "reaching", it was not intended to be a smart a** comment.
How about mailing to abuse/postmaster@ ? I realize that the postmaster/
Hi again -
We have approval to run the Peering BOF again at the upcoming NANOG 30 in
Miami ! Appropriate attire (Hawaiian Shirts) is required ;-)
So, now my job is to draft Peering Coordinators to stand up, introduce
themselves, say a few words about their peering requirements, why you
should
james wrote:
: When you're introducing thousands of IP blocks per day, it's pretty hard
: to notify them all.
I may be reaching here but I think perl scripting can do this.
I wish. I've been experimenting with doing exactly that for years.
Problems:
- WHOIS data is often incomplete, w
On Fri, 05 Dec 2003 14:30:57 MST, james <[EMAIL PROTECTED]> said:
> : When you're introducing thousands of IP blocks per day, it's pretty hard
> : to notify them all.
> I may be reaching here but I think perl scripting can do this.
Yes, a perl script can send thousands of warning e-mails to bogu
Hi all -
Thanks to those who provided comments to the last white paper draft of "The
Evolution of the U.S. Peering Ecosystem". I've made most of the changes and
added the data points as suggested, so I am now ready to send out the
document more broadly. Lots of acknowledgements in the acknowled
On Fri, 5 Dec 2003, Laurence F. Sheldon, Jr. wrote:
> A reasonable reaction to protect own-turf is to plug up holes as
> you identify the local end of it and wait to see if anybody cares
> about it after the fire-fight.
So block a /30, not a /24
> The likelyhood of being able to contact anybody
"Tom (UnitedLayer)" wrote:
>
> So, I got an e-mail back from RR after I posted here.
> They claim to have no specific record of why we were blocked, so they
> removed it. They said it was probably DOS or a Mailbomb, both of which we
> would have squelched IMMEDIATELY.
>
> Frankly, I think that i
: When you're introducing thousands of IP blocks per day, it's pretty hard
: to notify them all.
I may be reaching here but I think perl scripting can do this.
James Edwards
Routing and Security
[EMAIL PROTECTED]
At the Santa Fe Office: Internet at Cyber Mesa
Store hours: 9-6 Monday through F
Thus spake Deepak Jain ([EMAIL PROTECTED]) [05/12/03 15:22]:
> Is there a documented process for a new CA to get their certs
> approved/added or is it a clandestine process?
AFAIK, clandestine. cacert.org has been trying to get their CA included
in Mozilla for some time now, but hasn't been abl
Tom (UnitedLayer) wrote:
Frankly, I think that its pretty poor practice to block someone and not
tell them, especially when contact information is clearly available
everywhere. We've got e-mail, various phones, and INOC-DBA, so its not
that hard to get ahold of us :)
When you're introducing thou
In message <[EMAIL PROTECTED]>, "Peter Galbavy" wr
ites:
>
>Deepak Jain wrote:
>> Is there a documented process for a new CA to get their certs
>> approved/added or is it a clandestine process?
>
>"You are in a twisty little maze of corporate back scratching, all
>political."
>
s/political/financ
So, I got an e-mail back from RR after I posted here.
They claim to have no specific record of why we were blocked, so they
removed it. They said it was probably DOS or a Mailbomb, both of which we
would have squelched IMMEDIATELY.
Frankly, I think that its pretty poor practice to block someone a
Deepak Jain wrote:
> Is there a documented process for a new CA to get their certs
> approved/added or is it a clandestine process?
"You are in a twisty little maze of corporate back scratching, all
political."
Peter
Yes, it's a cartel, and yes, actions taken by said cartel are at least partially
responsible for the pop-up happening.
Is there a documented process for a new CA to get their certs
approved/added or is it a clandestine process?
Thanks,
Deepak Jain
AiNET
[EMAIL PROTECTED] writes on 12/5/2003 1:28 PM:
The three ways to disable the popup:
1) Have the user accept a CA cert for your site. Help Desk Nightmare.
2) Have the user disable the popup. Help Desk Nightmare.
3) Get the top-level-CA cartel to accept your CA cert in the list of ones
bundled int
On Fri, 05 Dec 2003 10:14:48 PST, Mark Foster said:
> The CA does not popup a warning. It is the browser or client application
> that does this.
The three ways to disable the popup:
1) Have the user accept a CA cert for your site. Help Desk Nightmare.
2) Have the user disable the popup. Help De
[EMAIL PROTECTED] wrote:
On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said:
So what does the PKI actually buy you that using a throwaway self-signed cert
doesn't provide?
No popup box on the browser asking to accept the certificate.
"Pay us $1,000 or we'll annoy your users with popups".
The CA d
On 5 Dec 2003, at 11:55, Bob Beck wrote:
There is an expectation that URLs which do not produce "this
certificate is not trusted" messages are safe for people to use to
disclose sensitive information like credit card numbers. The average
consumer has been educated to this effect at great length
On 5 Dec 2003, at 12:20, Luca Filipozzi wrote:
On Fri, Dec 05, 2003 at 11:07:24AM -0600, Mike Hyde wrote:
Looks like someone forgot to renew there domain name and another party
decided to do it for them, with some slight changes:
host 206.108.102.93
93.102.108.206.in-addr.arpa domain name pointe
On Fri, Dec 05, 2003 at 12:29:49PM -0500, Matt Levine wrote:
> It is absolutely a lapsed domain issue. The authoritive (arpa)
> servers for the netblock in question (and several other bell blocks)
> are taz and pluto.bell-nexxia.net
My mistake; replied too hastily.
> I registered it last year (
On Fri, 05 Dec 2003 09:20:04 PST, Luca Filipozzi <[EMAIL PROTECTED]> said:
> > 93.102.108.206.in-addr.arpa domain name pointer
> > bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia.net
>
> This isn't a lapsed domain registration issue; we're not talking about A
> records. It doesn
On Dec 5, 2003, at 12:20 PM, Luca Filipozzi wrote:
On Fri, Dec 05, 2003 at 11:07:24AM -0600, Mike Hyde wrote:
Looks like someone forgot to renew there domain name and another party
decided to do it for them, with some slight changes:
host 206.108.102.93
93.102.108.206.in-addr.arpa domain name po
On Dec 5, 2003, at 12:20 PM, Luca Filipozzi wrote:
On Fri, Dec 05, 2003 at 11:07:24AM -0600, Mike Hyde wrote:
Looks like someone forgot to renew there domain name and another party
decided to do it for them, with some slight changes:
host 206.108.102.93
93.102.108.206.in-addr.arpa domain name po
ARIN has been working along with APNIC, LACNIC and RIPE NCC to provide
number resource statistics in a unified format and location. The following
changes will be made to the existing statistics reporting:
- Addition of IPv6 allocations
- Report generated daily
- Summary lines are i
On Fri, 05 Dec 2003 10:26:33 CST, Adi Linden said:
> > So what does the PKI actually buy you that using a throwaway self-signed cert
> > doesn't provide?
>
> No popup box on the browser asking to accept the certificate.
"Pay us $1,000 or we'll annoy your users with popups".
Sounds suspiciously l
On Fri, Dec 05, 2003 at 11:07:24AM -0600, Mike Hyde wrote:
> Looks like someone forgot to renew there domain name and another party
> decided to do it for them, with some slight changes:
>
> host 206.108.102.93
> 93.102.108.206.in-addr.arpa domain name pointer
> bells-network-has-lots-of-security
Looks like someone forgot to renew there domain name and another party
decided to do it for them, with some slight changes:
host 206.108.102.93
93.102.108.206.in-addr.arpa domain name pointer
bells-network-has-lots-of-security-holes-to-exploit.bell-nexxia.net
>There is an expectation that URLs which do not produce "this
>certificate is not trusted" messages are safe for people to use to
>disclose sensitive information like credit card numbers. The average
>consumer has been educated to this effect at great length by
>commerce-oriented websites and
On 5 Dec 2003, at 11:01, [EMAIL PROTECTED] wrote:
On Fri, 05 Dec 2003 09:28:05 CST, Adi Linden said:
While the ssl certificate is meant to verify the owners identity, as a
consumer I would never trust a ssl certificate for that purpose. It
does
provide a reasonable effort to keep information be
[EMAIL PROTECTED] writes on 12/5/2003 11:01 AM:
So what does the PKI actually buy you that using a throwaway self-signed cert
doesn't provide?
Less headaches handling hundreds of support tickets that basically say
"browser displayed an alert about the cert being self signed", with or
without 2
> So what does the PKI actually buy you that using a throwaway self-signed cert
> doesn't provide?
No popup box on the browser asking to accept the certificate.
Adi
On Fri, 05 Dec 2003 09:28:05 CST, Adi Linden said:
> While the ssl certificate is meant to verify the owners identity, as a
> consumer I would never trust a ssl certificate for that purpose. It does
> provide a reasonable effort to keep information between me and the server
> confidential. That'
Matt Blaze said it well some years ago: "A CA will protect you against
anyone from whom it won't take money."
--Steve Bellovin, http://www.research.att.com/~smb
>I would never trust a ssl certificate for that purpose. It does
>provide a reasonable effort to keep information between me and the server
>confidential. That's worth something, I guess.
I agree with you, I just don't think this is reasonable. If the
CA's aren't going to keep tabs on your
While the ssl certificate is meant to verify the owners identity, as a
consumer I would never trust a ssl certificate for that purpose. It does
provide a reasonable effort to keep information between me and the server
confidential. That's worth something, I guess.
Adi
>So the long and the short of it is, our CA has *LOST* the
>documents showing who we are, and wants new ones.
Wow!
Have you contacted http://www.geotrust.com about this?
I'm sure they would fly people out to Calgary to personally
inspect your identity at no charge just for a chan
>Is there any discussion on better alternatives to PMTUD such as leaving
>off DF and a new ICMP subtype, rate limited, to inform senders that
>they've been fragged and at what (call it reverse PMTUD?) ?
There is a better alternative that is already used in production.
When a router receives pac
This report has been generated at Fri Dec 5 21:47:15 2003 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table Hist
52 matches
Mail list logo