At 12:40 AM 10/24/2006, David Schwartz wrote:
> On Mon, 2006-10-23 at 18:57 +0100, Roland Perry wrote:
> I've been in and out of several colos that require you to leave your ID
> (passport/DL, and business card) up at the front desk throughout your
> visit. This could be for hours, or even f
> On Mon, 2006-10-23 at 18:57 +0100, Roland Perry wrote:
> I've been in and out of several colos that require you to leave your ID
> (passport/DL, and business card) up at the front desk throughout your
> visit. This could be for hours, or even for the whole day. During that
> time I imagine m
On Mon, Oct 23, 2006 at 09:13:03PM -0400, Edward Lewis wrote:
>
> At 18:48 -0400 10/23/06, Joseph S D Yao wrote:
>
> >No, because in fact you can. There is nothing magic about an
> >in-addr.arpa domain.
>
> I'd say there is some magic. Possibly.
There are conventions. There is RFC 2317. Th
On 23-Oct-2006, at 21:13, Edward Lewis wrote:
If an admin were granted the authority for a /25 worth of space,
then you can't just delegate that part of the in-addr.arpa domain.
That's the RFC Joe Abley cited.
Ah, so you smell an apex CNAME. They might be using DNAME, though :-)
Joe
At 18:48 -0400 10/23/06, Joseph S D Yao wrote:
No, because in fact you can. There is nothing magic about an
in-addr.arpa domain.
I'd say there is some magic. Possibly.
If an admin were granted the authority for a /25 worth of space, then
you can't just delegate that part of the in-addr.ar
Having some connectivity issues with multiple
customers on that network from our AS and a few
others I've found on traceroute.org; is anyone
aware of anything there? Traces in, but which
are more likely failing on the return side,
often stop at ae-1-0.c1.dfw91.twc-core.net and
paix-atl.adelphiaco
Jeroen Massar wrote:
Apparently there is still some silly [f|s]oul who has to forward NANOG
to blogger and blogger still doesn't handle multipart/signed and thus
very nicely and totally anonymously reports that it fails.
I think it's a larger issue. I don't post often, and just got a bounce
Hi,
Apparently there is still some silly [f|s]oul who has to forward NANOG
to blogger and blogger still doesn't handle multipart/signed and thus
very nicely and totally anonymously reports that it fails.
Thank you dear person who is forwarding his subscription to NANOG to his
blogger account!
Th
On Mon, Oct 23, 2006 at 06:03:22PM -0400, Tuc at T-B-O-H.NET wrote:
>
> Hi,
>
> I seem to be having a problem. Limelight has SWIP'd
> 69.28.185.0/24 to me, and I asked for IN-ADDR.ARPA control.
> I recently went to check and it seemed not to be working
> right. I sent them an email around
Tuc at T-B-O-H.NET wrote:
> Hi,
>
> I seem to be having a problem. Limelight has SWIP'd
> 69.28.185.0/24 to me, and I asked for IN-ADDR.ARPA control.
> I recently went to check and it seemed not to be working
> right. I sent them an email around 11p Eastern Sunday nite
> asking it to be fix
On Mon, Oct 23, 2006 at 01:07:56PM -0400, Alex Rubenstein wrote:
[snip]
> What I've never understood is, that, how a gov't issue ID (for the
> purposes of allowing entry) is of any use whatsoever.
No matter how easy to forge, *requiring* them raises the risk/reward
bar. Penalties for forging Q R
Tuc!
On 23-Oct-2006, at 18:03, Tuc at T-B-O-H.NET wrote:
Is there someone out there that might be able
to help me explain this to the techs there. That you
can't "subdomain" an in-addr.arpa like you do a domain
name?
RFC 2317. A zone's a zone's a zone, and zones can contain CNAMEs.
On Mon, 23 Oct 2006, Nick Thompson wrote:
It seems as though at this point there is little need for security to
maintain control of the ID, again which could possibly leave it open to
various activities already mentioned by some others.
My impression is that the requirement to leave ID at the
Hi,
I seem to be having a problem. Limelight has SWIP'd
69.28.185.0/24 to me, and I asked for IN-ADDR.ARPA control.
I recently went to check and it seemed not to be working
right. I sent them an email around 11p Eastern Sunday nite
asking it to be fixed. I even included a reference to a
Surprisingly on a recent visit to a large co-location facility I was
required to leave my ID with the security staff at the front desk in
exchange for a visitor's pass, for the entire time I was in the
facility.
Normally I would not have an issue with this, but any outside visitors
are shadowed b
On Mon, 2006-10-23 at 18:57 +0100, Roland Perry wrote:
> But presumably it would need to be stolen. Wouldn't the tech notice that
> happening... Or is there some way the colo security guy can clone it
> undetected?
I've been in and out of several colos that require you to leave your ID
(passpor
At 1:07 PM -0400 10/23/06, Alex Rubenstein wrote:
>
>What I've never understood is, that, how a gov't issue ID (for the
>purposes of allowing entry) is of any use whatsoever.
>
>It's not as if someone is doing a instand background check to know if
>the person is a criminal, or wanted, or whatever.
On Mon, Oct 23, 2006 at 03:06:57PM -0400, Marshall Eubanks wrote:
>
> I once was going to a meeting at a colo in Tysons Corner, which will
> remain nameless (but you would know it).
>
> Like most of them, it wasn't well marked, and we couldn't find it.
> Three of us wound up walking through
On Mon, Oct 23, 2006 at 14:26:53PM -0500, Stasiniewicz, Adam wrote:
> That is true for strip card (credit card style) and simple prox cards.
> But what I have been seeing more often is that companies are using the
> smart card and wireless smart card variety for high security areas. So
> instead
> Security by its nature is not fun, not productive, a drain on
> resources and time. Security is something we need only because there
> are bad things out there - nefarious activity, inadvertent neglect,
> design flaws, etc. At best you have to "put up with security," don't
> expect to enjo
Edward Lewis wrote:
But, I always thought that the purpose of most security was psychological
reassurance anyway...
Reacting to this and the story of just walking through the backdoor to
get in -
I think there's an element of self-fulfilling prophecy here. If the
Classical NANOG
On Mon, Oct 23, 2006 at 04:39:30PM -0400, Sean Donelan wrote:
>
>
> Is it enough of a problem, network operators would be interested in
> publishing some Practical Common Practices (I hesitate to call it a BCP)
> collocation facilities could follow for some common access control
> scenarios? T
In article <[EMAIL PROTECTED]>, John A.
Kilpatrick <[EMAIL PROTECTED]> writes
In fact he did have an AT&T badge which he was not allowed to hand over
either. The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
My te
Is it enough of a problem, network operators would be interested in
publishing some Practical Common Practices (I hesitate to call it a BCP)
collocation facilities could follow for some common access control
scenarios? Tenent access, pre-screened carrier, unscreened vendor, etc.
http://www.n
In article <[EMAIL PROTECTED]>, John A.
Kilpatrick <[EMAIL PROTECTED]> writes
But presumably it would need to be stolen. Wouldn't the tech notice
that happening... Or is there some way the colo security guy can
clone it undetected?
While your point is valid, arguing something like that wit
But, I always thought that the purpose of most security was psychological
reassurance anyway...
Reacting to this and the story of just walking through the backdoor to get in -
I think there's an element of self-fulfilling prophecy here. If the
legitimate "power" users of the security syste
On Oct 23, 2006, at 3:42 PM, chuck goolsbee wrote:
We've had a few customers report issues. We don't see anything too
bad from here, but Keynote scoreboard has been showing some ugly
between those two networks for the past hour or so. It has been
about a year since the last time hasn't it?
We've had a few customers report issues. We don't see anything too
bad from here, but Keynote scoreboard has been showing some ugly
between those two networks for the past hour or so. It has been about
a year since the last time hasn't it?
--chuck in seattle
That is true for strip card (credit card style) and simple prox cards.
But what I have been seeing more often is that companies are using the
smart card and wireless smart card variety for high security areas. So
instead of having a card that will always return the same value (making
it easy to d
I once was going to a meeting at a colo in Tysons Corner, which will
remain nameless (but you would know it).
Like most of them, it wasn't well marked, and we couldn't find it.
Three of us wound up walking through an open door on the loading dock
and onto the colo floor with no checks wha
On Oct 23, 2006, at 10:57 AM, Roland Perry wrote:
In article <[EMAIL PROTECTED]>, John A.
Kilpatrick <[EMAIL PROTECTED]> writes
The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
My tech said the same thing. T
On Mon, 23 Oct 2006, Steven M. Bellovin wrote:
A government-issued ID (at most) proves your identity; it says nothing
about your authorization to be somewhere.
The ID is just Authentication. Authorization and Accounting are handled
by other procedures implemented by the colo security droid
In article <[EMAIL PROTECTED]>, Brandon
Butterworth <[EMAIL PROTECTED]> writes
my passport says who I'm allowed to surrender it to and that doesn't
include colo guards yet some want to retain it whilst you're on site
"should not be passed to an unauthorised person" [1], which raises the
issu
Roland Perry wrote:
In article
<[EMAIL PROTECTED]
>, Craig Holland <[EMAIL PROTECTED]> writes
The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
Sounds to me like NSTAC ought to be worried about a scheme to accred
On Mon, 23 Oct 2006, Roland Perry wrote:
But presumably it would need to be stolen. Wouldn't the tech notice that
happening... Or is there some way the colo security guy can clone it
undetected?
While your point is valid, arguing something like that with an AT&T tech
would be like arguing w
On Mon, 23 Oct 2006 10:40:19 -0700 (PDT), "John A. Kilpatrick"
<[EMAIL PROTECTED]> wrote:
>
> On Mon, 23 Oct 2006, Craig Holland wrote:
>
> > In fact he did have an AT&T badge which he was not allowed to hand over
> > either. The fellow I chatted with at AT&T said they are not allowed to
> > h
In article <[EMAIL PROTECTED]>, John A.
Kilpatrick <[EMAIL PROTECTED]> writes
The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
My tech said the same thing. That keycard could grant central office
access
On its
In article
<[EMAIL PROTECTED]
>, Craig Holland <[EMAIL PROTECTED]> writes
The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
Sounds to me like NSTAC ought to be worried about a scheme to accredit
co-lo operator se
In article <[EMAIL PROTECTED]>, Etaoin Shrdlu
<[EMAIL PROTECTED]> writes
I used to object to our method of gathering social security numbers
(since it was on a form that anyone adding a name could see)
Now that you need a Social Security number to get a US Drivers licence
(and I doubt many t
> What I've never understood is, that, how a gov't issue ID (for the
> purposes of allowing entry) is of any use whatsoever.
>
> It's not as if someone is doing a instand background check to know if
> the person is a criminal, or wanted, or whatever. It's trivial to forge
> a gov't ID.
Welcome t
On Mon, 23 Oct 2006, Craig Holland wrote:
In fact he did have an AT&T badge which he was not allowed to hand over
either. The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security.
My tech said the same thing. That keycar
Alex Rubenstein wrote:
I am shocked that the ATT employee did not have an ATT ID.
In our facilities, we require all visiting telcos to produce company
identification, and between telcove/level 3, Verizon, MCI, and several
others, we have never had an issue.
I'd be a bit more suspicious that h
In fact he did have an AT&T badge which he was not allowed to hand over
either. The fellow I chatted with at AT&T said they are not allowed to
hand over their badge because it would compromise their security. I'm
assuming the badge was of the keycard variety. My thought was that they
could have
Alex Rubenstein wrote:
Craig Holland wrote:
Is this some new trend or have I just gotten lucky in the past?
Wouldn't someone like AT&T be better served by giving their
employees some company issued ID that they can submit to secure
facilities? I know it wouldn't be government issued, but
> (They let me in eventually with a passport. But if they're going to
> trust a foreign-issued passport as photo id, it's not really that
> obvious to me why they wouldn't trust a foreign-issued driving
> licence. It's not like they can really tell whether either of them
> are forged.)
Wh
> Is this some new trend or have I just gotten lucky in the
> past? Wouldn't someone like AT&T be better served by giving
> their employees some company issued ID that they can submit
> to secure facilities? I know it wouldn't be government
I am shocked that the ATT employee did not have a
On Mon, 23 Oct 2006, Craig Holland wrote:
Is this some new trend or have I just gotten lucky in the past?
Wouldn't someone like AT&T be better served by giving their employees
some company issued ID that they can submit to secure facilities? I
know it wouldn't be government issued, but would at
On Mon, 23 Oct 2006, Craig Holland wrote:
I just ran into something for the first time, and apparently it isn't
that uncommon. AT&T was asked to install a circuit into a collocation
facility where, like any I've been into, required them to show a
government ID. They refused claiming it was ag
In its last scheduled conference call, the NANOG SC selected a new
Programme Committee.
With twenty well-qualified new candidates, and only eight open
positions, it was a difficult decision to make. The SC, with input
from the current PC, strongly felt it necessary to form a balanced
PC
On 23-Oct-2006, at 11:54, Craig Holland wrote:
I just ran into something for the first time, and apparently it
isn’t that uncommon. AT&T was asked to install a circuit into a
collocation facility where, like any I’ve been into, required them
to show a government ID.
In a similar vein,
I just ran into something for the first time, and apparently
it isn’t that uncommon. AT&T was asked to install a circuit
into a collocation facility where, like any I’ve been into, required them
to show a government ID. They refused claiming it was against
policy. After making some calls
51 matches
Mail list logo
