Hi all,
I've written a very short (about 5 pages of meat) Internet-Draft
describing the issues and operational approaches to the problems faced
with doing tunneling in the network -- as these issues kept coming up
again and again with IP-in-IP, GRE, L2TP, etc. The approaches may be
different
Hi,
I'm , but I met some questions when reading those
paper from ISC on F-root anycasting.
1. As it's descripted in J.Abley's paper, DNS server
in anycast group should be configured with a real IP
on its NIC and one or two service IP on loopback
interface(s). BIND listen on both real IP and
After some senseless Googling, I'm at a loss. I'm looking for a very
comprehensive, up-to-date example of an AUP that covers spam.
You might want to ask this question at a place like
http://www.groklaw.net/
First of all, it's a legal problem and the above blog
is a place where lawyers hang
1. Do BCP38.
http://rfc.net/bcp0038.html
Have your CFO read SAC004.
http://www.icann.org/committees/security/sac004.htm
Implement source address validity checks.
http://www.cisco.com/en/US/tech/tk828/tk363/technologies_tech_note09186a00800f67d5.shtml
2. Filter aggressively. Run a
On 11 Oct 2004, at 05:23, Joe Shen wrote:
I'm , but I met some questions when reading those
paper from ISC on F-root anycasting.
If anybody else has questions or comments about those papers, they
should feel free to send me private mail about them (since this
evidently wasn't universally
JS Date: Mon, 11 Oct 2004 17:23:19 +0800 (CST)
JS From: Joe Shen
JS 1. As it's descripted in J.Abley's paper, DNS server
JS in anycast group should be configured with a real IP
JS on its NIC and one or two service IP on loopback
Service IP addresses also are real IP addresses.
JS
SD Date: Sun, 10 Oct 2004 21:35:33 -0400 (EDT)
SD From: Sean Donelan
SD People think BCP38 means the packets could only originate
SD from you.
Were BCP38 universal, this would be true. If one receives a
packet, it's either from the supposed source or a network that
allows spoofing. If no
I think I'll change my position on BCP38. It's pointless to try
blocking spoofed source addresses because:
* It doesn't solve every single problem
* It means more effort for service providers
* It requires more CPU processing power
* Using it will generate smarter black hats.
I also think
On Mon, Oct 11, 2004 at 05:23:19PM +0800, Joe Shen wrote:
Hi,
I'm , but I met some questions when reading those
paper from ISC on F-root anycasting.
1. As it's descripted in J.Abley's paper, DNS server
in anycast group should be configured with a real IP
on its NIC and one or two
On Mon, Oct 11, 2004 at 10:51:42AM +0100, [EMAIL PROTECTED] wrote:
After some senseless Googling, I'm at a loss. I'm looking for a very
comprehensive, up-to-date example of an AUP that covers spam.
You might want to ask this question at a place like
http://www.groklaw.net/
First of
the problem is that isp security folk doing actual measurement
see very little spoofing. it's easy for the bad folk to get
real bots. and tcp bad things are more popular and desirable,
e.g. spam, ... and tcp does not work from spoofed addresses.
isp security folk have limited resources. so
On Sun, 10 Oct 2004 15:06:17 -0400, James Baldwin [EMAIL PROTECTED] wrote:
Pardon for my possibly ill informed interjection. I was under the
impression that the current wind was blowing towards filtering outbound
port 25 traffic while allowing outbound authenticated port 587 traffic?
The
RB Date: Sun, 10 Oct 2004 20:14:01 -0700
RB From: Randy Bush
RB when it solves critical problems, it'll grow more quickly.
Maybe.
* Use 25/TCP for SMTP and 587/TCP for submission
* Block outbound SMTP by default, but allow for the clueful
* Run SMTP authentication
* Let each authenticated user
BS Date: Mon, 11 Oct 2004 10:52:45 -0700
BS From: Bill Stewart
BS [T]he normal definition of Internet service is to allow
BS everything unless there's a good reason not to, as opposed to
BS deny-most firewalls.
Perhaps that's part of the problem. Has AOL's SMTP proxying and
blocking driven it
Anybody know of any prolonged outages at Microsoft (MSN messenger)today?
I'm experiencing connection difficulties as well
-rd-
Chaim Fried wrote:
Anybody know of any prolonged outages at Microsoft (MSN messenger)today?
Papal Catholicism?
Ursal defecation in forested terrain?
--
Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED]
WestNet: Connecting you to the planet. 805 884-6323 WB6RDV
NetLojix Communications, Inc. - http://www.netlojix.com/
Chaim Fried wrote:
Anybody know of any prolonged outages at Microsoft (MSN messenger)today?
Sure. It was also down for scheduled maintenance for quite a while
yesterday.
Their website also only barfs out messages like
Server Error in '/' Application.
I've been using MSN messenger all morning and it has been working fine
for me. I havnt heard of anyone having problems with it either.
On Mon, 2004-10-11 at 11:26, Chaim Fried wrote:
Anybody know of any prolonged outages at Microsoft (MSN messenger)today?
Thornton
Cierra Group
On Mon Oct 11, 2004, Jay Hennigan wrote:
Papal Catholicism?
not a good forum to make this statement.
Thanks,
German
--
Discouragement is an enemy of your perseverance. If you don't fight against
discouragement you will become pessimistic first, and lukewarm afterwards.
Be an optimist
I got some sort of announcement popup on Gaim from MSN that said they
would be going down for 5 minutes. That was this morning at about 11-ish
(Central time). Came back after 2 minutes and has been fine since.
Joe Johnson
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
On 11/10/2004 12:26 PM Chaim Fried wrote:
Anybody know of any prolonged outages at Microsoft (MSN messenger)today?
http://messenger.msn.com/Status.aspx
--
All Features. The .NET Messenger Service is temporarily unavailable.
Joe Johnson wrote:
I got some sort of announcement popup on Gaim from MSN that said they
would be going down for 5 minutes. That was this morning at about 11-ish
(Central time). Came back after 2 minutes and has been fine since.
Well...
all I can say is that it's been down all day and is still
Yeah problems were going on all day, good to know that I am not alone..
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Timo
Mohre
Sent: Monday, October 11, 2004 3:36 PM
To: [EMAIL PROTECTED]
Subject: Re: Microsoft problems?
Joe Johnson wrote:
I got
A new worm that spreads via Microsoft's instant messaging client
began badgering users Monday, several security firms said.
http://www.techweb.com/wire/security/49900742
Regards
-- amar
This message was sent using IMP, the
[EMAIL PROTECTED] wrote:
A new worm that spreads via Microsoft's instant messaging client
began badgering users Monday, several security firms said.
http://www.techweb.com/wire/security/49900742
sarcasm
ah... so it's a normal microsoft problem
/sarcasm
never the less... a slight notice
At 05:41 PM 10/11/2004, Richard A Steenbergen wrote:
On Mon, Oct 11, 2004 at 02:58:59AM +, Fergie (Paul Ferguson) wrote:
It's better than a sharp stick in the eye, I'll tell ya,
lad.
Listen to me: It's called a best current practice for a
reason -- people should do it. Not sit and around
[EMAIL PROTECTED] (Fergie (Paul Ferguson)) writes:
...
The Internet has almost becoem unusable because of this poor
state of affairs -- the dispruptors have beaten you?
Reluctantly, sadly,
...
It's not the engineers. Those who still have jobs Really Want to do the
Right Thing. However,
At 07:51 PM 10/11/2004, Richard A Steenbergen wrote:
On Mon, Oct 11, 2004 at 06:03:08PM -0400, Daniel Senie wrote:
I've removed the rest of your message, talking about which vendors do or
don't have what capabilities. While I agree it'd be nice if more vendors
offered automated tools for
Daniel Senie wrote:
One of your arguments presented was that corporate customers weren't
asking for unicast RPF, and I responded that corporate customers are not
in need of automated mechanisms to implement BCP38, since in most cases
their networks are EDGE networks, and it's quite simple to
At 08:39 AM 10/12/04 +0530, Suresh Ramasubramanian wrote:
Yes I know that multihoming customers must make sure packets going out to
the internet over a link match the route advertised out that link .. but
stupid multihoming implementations do tend to ensure that lots of people
will yell loudly,
31 matches
Mail list logo
