something *very* strange is going on. the worldnic servers have
been giving delayed or no results for days now. and nsi is hoping
we and the wsj/nyt won't notice.
I agree 100%.
but it's probably time for us all to dump symptoms here and figure
it out as a community, as the dog with the bone
On Mon, 25 Apr 2005 22:19:51 PDT, william(at)elan.net said:
Perhaps a solution is to specifically enable ipv6 dns resolution as
preferable to ipv4 or the other way around. This could perhaps be
switch in resolv.conf or nsswitch.conf. Something like:
/etc/resolv.conf
search example.com
Have to say we see no issues here with the worldnic.com nameservers, other
than they appear to be located on the same physical network.
I think people should post queries that fail, including date/time, and full
dig output for that query from the server they used, and the version of
recursive
On Tue, 19 Apr 2005, Justin M. Streiner wrote:
If Qwest would have won the bid, then it would be up to Verizon to cry foul -
and rest assured they would. Funny how that works :-)
We may yet see that happening as it appears the bidding war is far from
over - latest news article on this issue
Suresh Ramasubramanian wrote:
I'd say fix the resolver to not try resolve v6 where there exists no
v6 connectivity
I'd say fix the broken v6 connectivity.
- Kevin
On Tue, 26 Apr 2005, Simon Waters wrote:
Have to say we see no issues here with the worldnic.com nameservers, other
than they appear to be located on the same physical network.
I think people should post queries that fail, including date/time, and full
dig output for that query from the
lots of folk sent email to me and not the list. most report
worldnic responding with tcp 53 and not udp. would love to
hear confirmation on list. can think of a number of causes,
one possible, but just a stab in the dark, would be an
intentional hack as a defense to a spoofed-ip attack.
what
At 21:34 -0700 4/25/05, Rodney Joffe wrote:
The culprit is dig.
Ahh, dig. What version? You have to be running the latest at all
times these days...so many changes...
In my experiences with v6 the problems I have come down two are:
1) Broken testing tools. (See change 1610 in the BIND CHANGES
Randy Bush [EMAIL PROTECTED] wrote:
lots of folk sent email to me and not the list. most report worldnic
responding with tcp 53 and not udp. would love to hear confirmation
on list. can think of a number of causes, one possible, but just a
stab in the dark, would be an intentional hack as a
On Tue, 26 Apr 2005, Randy Bush wrote:
lots of folk sent email to me and not the list. most report
worldnic responding with tcp 53 and not udp. would love to
hear confirmation on list. can think of a number of causes,
one possible, but just a stab in the dark, would be an
intentional
On Tue, 26 Apr 2005, Brett Frankenberger wrote:
On Tue, Apr 26, 2005 at 01:22:41PM +, Christopher L. Morrow wrote:
On Tue, 26 Apr 2005, Simon Waters wrote:
The worldnic.com and worldnic.net appear to use the MMDDVV convention
for
SOA serial numbers, and so it would
On that note, I suggest that folks from the NANOG community get involved
with CircleID. Its a great site with articles on everything from DNS and
addressing issues to domain naming and ICANN. It sometimes misses the
network operator perspective - a few articles or comments by some of the
folks
In message [EMAIL PROTECTED], Christ
opher L. Morrow writes:
On Tue, 26 Apr 2005, Randy Bush wrote:
lots of folk sent email to me and not the list. most report
worldnic responding with tcp 53 and not udp. would love to
hear confirmation on list. can think of a number of causes,
one
For any educational institutions on this list - what has been the impact on
your mail services once your ISP started blocking port 25 - what if any was
the backlash - and how difficult was it to provide alternatives ...587,465
etc ...
best regards,
_
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Paul Ryan
Sent: Tuesday, April 26, 2005 11:11 AM
To: Nanog Mailing list
Subject: FW: Port 25 - Blacklash
Importance: High
For any educational institutions on this list - what has been
the impact on
- Original Message -
From: Randy Bush [EMAIL PROTECTED]
To: Christopher L. Morrow [EMAIL PROTECTED]
Cc: nanog@merit.edu
Sent: Tuesday, April 26, 2005 16:35
Subject: Re: Problems with NS*.worldnic.com
lots of folk sent email to me and not the list. most report
worldnic responding
In the thread about ns*.worldnic.com, many people were complaining
about DNS responses/queries on TCP port 53.
At least one DoS mitigation box uses TCP53 to protect name
servers. Personally I thought this was a pretty slick trick, but it
appears to have caused a lot of problems. From the
DA Date: Sat, 23 Apr 2005 16:13:22 -0400 (EDT)
DA From: Dean Anderson
DA And it violates RFC 1546, as previously explained.
Who cares? You've railed against SMTP+AUTH because it's not a
standard. Why do you give a rat's rump about 1546?
DA Well, PPLB isn't the end of the world. But PPLB is
Date: Sun, 24 Apr 2005 02:00:48 -0400
From: [EMAIL PROTECTED]
What you seem to be missing is that the *really* smart people will be prepared
for it when it actually gets here - and will take advantage of it's lack of
arrival in the meantime.
Na the code in my lab and the
Our ISPs don't block anything, to my knowledge; but when our users'
ISPs began blocking port 25 (especially SBC DSL) we had already been
encouraging users to configure their clients to use 587.
matto
On Tue, 26 Apr 2005, Paul Ryan wrote:
For any educational institutions on this list -
Paul,
For any educational institutions on this list - what has been the impact on
your mail services once your ISP started blocking port 25 - what if any was
the backlash - and how difficult was it to provide alternatives ...587,465
etc ...
Our ISPs don't filter our traffic. If they
The fact that most people did not complain is not likely due to the
fact that they were not annoyed by the change, but rather it's easier
to simply get around it than it is to bother complaining to network
admins.
For example, about 2 months ago, comcast decided to block outgoing
port 25
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Adam Jacob Muller
Sent: Tuesday, April 26, 2005 2:18 PM
To: Eric Gauthier
Cc: Paul Ryan; Nanog Mailing list
Subject: Re: Port 25 - Blacklash
The fact that most people did not complain is not
If, by a fluke of nature, there is a person from Verizon or someone who
knows a person from Verizon that can answer a question Where does this line
go? in a former Bell Atlantic plant in Philadelphia, I would really
appreciate an off-list email.
Thanks,
Alex
* Patrick W. Gilmore:
At least one DoS mitigation box uses TCP53 to protect name
servers. Personally I thought this was a pretty slick trick, but it
appears to have caused a lot of problems. From the thread (certainly
not a scientific sampling), many people seem to be filtering port
* Martin Hannigan:
Why would an ISP block port 25 for .edu customers?
BelWue does this:
http://www.belwue.de/security/tcp25.html
On Tue, 26 Apr 2005, Florian Weimer wrote:
* Patrick W. Gilmore:
At least one DoS mitigation box uses TCP53 to protect name
servers. Personally I thought this was a pretty slick trick, but it
appears to have caused a lot of problems. From the thread (certainly
not a scientific
On Apr 26, 2005, at 2:45 PM, Florian Weimer wrote:
* Patrick W. Gilmore:
At least one DoS mitigation box uses TCP53 to protect name
servers. Personally I thought this was a pretty slick trick, but it
appears to have caused a lot of problems. From the thread (certainly
not a scientific sampling),
* Christopher L. Morrow:
its a both directions thing. Some folks dropped tcp/53 TO their AUTH
servers to protect against AXFR's from folks not their normal secondaries.
Ugh. And they didn't think something like permit tcp any any eq 53
established was necessary?
Hopefully not. Resolvers
I posted to NANOG:
Jerry Pasker [EMAIL PROTECTED] wrote:
fine. (after a few tries) I'm using BIND 9.2.4 without the eye pee
vee six stuff compiled in. Because I don't want to start something;
No discussion about me blocking port 53, ok? I got tired of gobs of
log files of script kiddies
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hi there,
Just wondering how's internet2 community/partners protecting themselves
from lawsuits of illegal use of music/movie downloads.
In general, how are they protecting themselves from malicious code
infection spreading at internet2 speed? How are
On Tue, 26 Apr 2005 21:49:24 +0300, Hank Nussbacher said:
On Tue, 26 Apr 2005, Adam Jacob Muller wrote:
Doesn't seem to be stemming the tide of emails from Comcast though:
http://www.senderbase.org/?searchBy=organizationsearchString=Comcast%20Cable
I'm not arguing about Comcast still
On Tue, 26 Apr 2005, Vicky Rode wrote:
In general, how are they protecting themselves from malicious code
infection spreading at internet2 speed? How are the devices coping up
with filters in place, if any?
What is internet2 speed? As far as I can see Internet2 is a 10G based
national network.
On Tue, 26 Apr 2005, Mikael Abrahamsson wrote:
What is internet2 speed? As far as I can see Internet2 is a 10G based
national network. What is so special about that in this day and age?
I think the difference is the average connection speeds of the end users
of the network. It's not at all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I made that up :-)
Basically I meant to say not congested as the current Internet is.
regards,
/vicky
Mikael Abrahamsson wrote:
| On Tue, 26 Apr 2005, Vicky Rode wrote:
|
|
|In general, how are they protecting themselves from malicious code
|infection
[In the message entitled Re: Port 25 - Blacklash on Apr 26, 16:30, [EMAIL
PROTECTED] writes:]
Comcast.net has 31,923 addresses listed at the moment.
Do they have 30,000 zombies, or 30,000 customers that post to popular mailing
lists? Quite possibly at least partly the latter, as
On Tue, 26 Apr 2005, Florian Weimer wrote:
* Christopher L. Morrow:
its a both directions thing. Some folks dropped tcp/53 TO their AUTH
servers to protect against AXFR's from folks not their normal secondaries.
Ugh. And they didn't think something like permit tcp any any eq 53
On Tue, Apr 26, 2005 at 02:07:15PM -0700, Vicky Rode wrote:
Basically I meant to say not congested as the current Internet is.
It is?
Regards,
Daniel
--
CLUE-RIPE -- Jabber: [EMAIL PROTECTED] -- [EMAIL PROTECTED] -- PGP: 0xA85C8AA0
Basically I meant to say not congested as the current Internet is.
cool. and your measurements of internet congestion are? cites, please.
randy
On Tue, 26 Apr 2005, Vicky Rode wrote:
Basically I meant to say not congested as the current Internet is.
If your ISP has congested links you should complain and switch if not
fixed promptly.
--
Mikael Abrahamssonemail: [EMAIL PROTECTED]
On Apr 26, 2005, at 5:17 PM, Daniel Roesen wrote:
On Tue, Apr 26, 2005 at 02:07:15PM -0700, Vicky Rode wrote:
Basically I meant to say not congested as the current Internet is.
It is?
Parts.
Other parts have better connectivity than I2 nodes.
You can't really say anything about the _entire_
On Tue, Apr 26, 2005 at 11:18:08PM +0200, Mikael Abrahamsson wrote:
On Tue, 26 Apr 2005, Vicky Rode wrote:
Basically I meant to say not congested as the current Internet is.
If your ISP has congested links you should complain and switch if not
fixed promptly.
WTF.. She asked a simple
On Tue, 26 Apr 2005 14:10:33 PDT, Dave Rand said:
[In the message entitled Re: Port 25 - Blacklash on Apr 26, 16:30, Valdis.K
[EMAIL PROTECTED] writes:]
Comcast.net has 31,923 addresses listed at the moment.
They have approximately 40,000 zombies (as mesured over all of their
ASNs, from
Do all of Comcast's markets block port 25? Is there a correlation between
spam volume and the ones that do (or don't)?
In any event the malware is already ahead of port 25 blocking and is
leveraging ISP smarthosting. SMTP-Auth is the pill to ease this pain/
- Dan
On 4/26/05 2:49 PM, Hank
[In the message entitled Re: Port 25 - Blacklash on Apr 26, 17:50, Daniel
Golding writes:]
Do all of Comcast's markets block port 25? Is there a correlation between
spam volume and the ones that do (or don't)?
No. Yes. The ones that don't block port 25 emit more spam than the
ones that
On Tue, 26 Apr 2005, Vicky Rode wrote:
Just wondering how's internet2 community/partners protecting themselves
from lawsuits of illegal use of music/movie downloads.
In general, how are they protecting themselves from malicious code
infection spreading at internet2 speed? How are the devices
Well, occasionally something really cool comes along, and you just
gotta share it. :-)
This is semi-operational, so
http://news.com.com/Sheet+could+shelter+Wi-Fi+from+eavesdroppers/2100-1029_3-5685431.html
..there. :-)
- ferg
--
Fergie, a.k.a. Paul Ferguson
Engineering Architecture for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
since you deviated from my original post...
http://www.icir.org/floyd/ccmeasure.html
regards,
/vicky
Daniel Roesen wrote:
| On Tue, Apr 26, 2005 at 02:07:15PM -0700, Vicky Rode wrote:
|
|Basically I meant to say not congested as the current Internet
NPR program: The Internet as a public utility
Talking heads (audio only)
http://www.npr.org/templates/story/story.php?storyId=4618769
A worthy listen, imo, focused primarily on municipal wireless nets. With thanks
to Tom Hertz of Fiber utilities of Iowa who posted to the Cook Report discussion
Jerry Pasker wrote:
Steve Sobol replied with:
I'm not going to enter into a long discussion with you. :)
I'm just curious why you didn't restrict AXFR to certain IPs instead.
And I'm posting back to NANOG:
I did.
And I had router ACLs doing the same thing. Allow to hosts that needed
it, deny
Prepare for the inevitable.
http://news.yahoo.com/news?tmpl=storyu=/nm/20050426/wr_nm/telecoms_voip_911_dc
- ferg
--
Fergie, a.k.a. Paul Ferguson
Engineering Architecture for the Internet
[EMAIL PROTECTED] or [EMAIL PROTECTED]
ferg's tech blog: http://fergdawg.blogspot.com/
On Tue, 26 Apr 2005, Steve Sobol wrote:
Jerry Pasker wrote:
Steve Sobol replied with:
I'm not going to enter into a long discussion with you. :)
I'm just curious why you didn't restrict AXFR to certain IPs instead.
And I had router ACLs doing the same thing. Allow to hosts that needed
I've been there -- I know how I feel about it -- but I'd love
to know how ISP operations folk feel about this.
Links here:
http://www.vnunet.com/news/1162720
...and, of course, here:
http://fergdawg.blogspot.com/2005/04/schneier-isps-should-bear-security.html
Off list, if you'd like. Or not.
On 4/27/05, Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote:
I've been there -- I know how I feel about it -- but I'd love
to know how ISP operations folk feel about this.
He's right. ISPs owe it to their users, if not to the rest of the
Internet community, to do this.
A lot of it is also
I've been there -- I know how I feel about it -- but I'd love
to know how ISP operations folk feel about this.
It means 10 different things to 10 different people. The article was
vague. Security could mean blocking a few ports, simple Proxy/NAT,
blocking port 25 (or 139... or 53.. heh heh)
I think it's absurd. I expect my water delivery company not to add
polutants in transit. I expect my water production company to provide
clean water.
This is like asking the phone company to prevent minors from hearing
swear-words on telephone calls or prevent people from being able to make
Oh, come on Jerry, you're beginning to sound like part
of the problem.
Stop being a knee-jerking crumudgeon for a moment and
thhink about what Schneier is _really_ saying.
Being vague, and obfuscating the issue with vague
answers doesn't do due diligence.
- ferg
Jerry Pasker [EMAIL
Why do ISPs owe this to their customers. I expect my ISP to deliver
packets sent to me, and, to pass along packets I send out. That is
the sum total of what I expect from my ISP, and, it's what my contract
says is supposed to happen. Where does this belief that when user A
at company Y sends a
Oh, please.
If you think that the Internet should remain an every man
for himself, wild wild west, Ok Corral, situation (not my
words, mind you), then you better get with the powers that
will steam-roll all of us if we let it -- money and marketing.
This ain't no science project anymore.
59 matches
Mail list logo