--On 28 April 2005 10:47 +0200 Stephane Bortzmeyer [EMAIL PROTECTED]
wrote:
This is no longer true (for several years). Corporations (Sector
members) can now join (ITU is the only UN organization which does
that). See
http://www.itu.int/cgi-bin/htsh/mm/scripts/mm.list?_search=SEC
I think Bill
--On 28 April 2005 07:06 -0400 Scott W Brim [EMAIL PROTECTED] wrote:
I think Bill is actually correct. ITU is a treaty organization. Only
members of the UN (i.e. countries). ITU-T (and ITU-R, ITU-D) are sector
organizations that telcos can join (AIUI the difference having arisen
when a meaningful
--On 12 April 2005 11:57 -0400 Gwendolynn ferch Elydyr [EMAIL PROTECTED]
wrote:
http://www.cisco.com/warp/public/707/cisco-sa-=20050412-icmp.shtml
Actually
http://www.cisco.com/warp/public/707/cisco-sa-20050412-icmp.shtml
Alex
--On 05 April 2005 10:43 +1000 Stephen Baxter
[EMAIL PROTECTED] wrote:
I was looking around for any reports, press releases or even yarns about
the issues data centres face when they are built without access to
competitive fibre optic cable.
See MFS MAE-East ad nauseam.
Alex
--On 04 April 2005 04:59 -0400 Sean Donelan [EMAIL PROTECTED] wrote:
I've saying that for several years, and then immediately get shouted
down.
Statistically, most anti-spam options (good and bad) have been brought up
many times for several years, and have been shouted down. Why would you
expect
--On 01 April 2005 10:05 -0800 Alexander Kiwerski
[EMAIL PROTECTED] wrote:
And for the record, the GPS locators currently in cell phones tend *not*
to work indoors, so even if you are lucky enough to live in an area where
E911 is plugged into your cell phone carrier's locator service, you still
--On 27 March 2005 12:59 -0800 Randy Bush [EMAIL PROTECTED] wrote:
better? i did not say better. a simple way to look at it, which
we have repeated here every year since com-priv migrated here is
a tier-1 network does not get transit prefixes from any other
network and peers with, among others,
--On 26 March 2005 23:23 +0100 Florian Weimer [EMAIL PROTECTED] wrote:
Should we monitor for evidence of hijacks (unofficial NS and SOA
records are good indicators)? Should we actively scan for
authoritative name servers which return unofficial data?
And what if you find them? I seem to remember
--On 23 March 2005 10:51 -0800 Randy Bush [EMAIL PROTECTED] wrote:
a bit more coffee made me realize that what might best occur would
be for the rir, some weeks BEFORE assigning from a new block issued
by the iana, put up a pingable for that space and announce it on
the lists so we can all test
--On 23 March 2005 11:15 -0800 Randy Bush [EMAIL PROTECTED] wrote:
at least one rir is just dying to become net police,
you don't need any mandatory aspect. Just publish which AS's have addresses
that can be pinged from old netblocks, but not from new ones. No more
net police-like than all the
--On 07 March 2005 19:34 -0800 Ashe Canvar [EMAIL PROTECTED] wrote:
My research leads me to believe that London and Amsterdam have the
most dense connectivity. Is this true ?
I'd say London has the most dense connectivity because just about every
transatlantic circuit goes through London.
--On 08 March 2005 10:07 + [EMAIL PROTECTED] wrote:
Also, when I dealt with them, I
believe their NOC was connected to the Net for external monitoring
purposes by a leased line which was frequently down.
I don't think that's true. Their NOC has always been in either one
data center or another
--On 25 February 2005 11:57 + Per Gregers Bilse
[EMAIL PROTECTED] wrote:
Quick question: If I have two E1 ports (RJ45), then will running a
straight ethernet cable between the two ports have the same affect as
plugging a ballan into each port and using a pair of coax (over a v.
short
--On 25 February 2005 09:43 -0500 Hannigan, Martin
[EMAIL PROTECTED] wrote:
Not that I know of, but I've never attempted what you
describe. Putting the baluns in the loop will destroy the
framing i.e. it's going to try and convert b8zs/ami to 802.x.
How does a balun destroy the framing (or
--On 18 February 2005 08:32 + Simon Waters [EMAIL PROTECTED] wrote:
Whilst I can appreciate that Kornet may have issues with a lot of
broadband users, but the other big Korean company seems to have it
solved. What I see is what appear to be (using whois data!) US companies
buying transit
--On 29 December 2004 17:04 -0500 Joe Abley [EMAIL PROTECTED] wrote:
But that only affects tcp traffic - it does nothing to help other
protocols.
Are there any common examples of the DF bit being set on non-TCP packets?
traceroute
Alex
--On 13 December 2004 13:18 + Sam Stickland [EMAIL PROTECTED]
wrote:
doesn't lock out traffic for such long periods of time.
Could it be that buffers and flow-control over the 14ms third party leg
are causing the rate-limiting leaky bucket to continue to overflow long
after it's full?
Or
--On 14 December 2004 10:17 + Matt Ryan [EMAIL PROTECTED]
wrote:
171 uk.zone
www.bl.uk?
All bar the 171 lines :-) (.uk itself contains some legacy including
bl.uk, govt.uk etc.).
Alex
--On 11 December 2004 12:07 -0500 Rich Kulawiec [EMAIL PROTECTED] wrote:
I don't want to turn this into a domain policy discussion,
Ditto. I'd add one thing though: allowing anonymous registration is not
necessarily the same thing as allowing all details of registration to be
publicly queryable
--On 09 December 2004 10:24 -0500 Rich Kulawiec [EMAIL PROTECTED] wrote:
The irony of all this is that spammers already have all this information
-- yet registrars have gone out of their way to make it as difficult as
possible for everyone else to get it (rate-limiting queries and so on).
They
--On 09 December 2004 18:46 +0100 Kandra Nygårds [EMAIL PROTECTED] wrote:
IE sure, there's a lot of leaked information out there (often including
personal data), that doesn't mean responsible registries should add
to it.
Such as... selling access to the data to anyone who pays? No, responsible
--On 04 December 2004 17:35 + Paul Vixie [EMAIL PROTECTED] wrote:
third and last, there are a number of principles up for grabs right now,
and the folks who want to grab them aren't universal in their motives or
goals. some folks think that rules are bad. others think that susan is
bad or
--On 25 November 2004 13:16 + [EMAIL PROTECTED] wrote:
In today's network, is there anyone left who uses 1500 byte
MTUs in their core?
I expect there are quite a few networks who will give you workable
end-to-end MTU's 1500 bytes, either because of the above or because of
peering links.
Given
--On 21 November 2004 11:59 +0200 Petri Helenius [EMAIL PROTECTED] wrote:
If we ever make contact to some other civilization out there, do they
have to run NAT?
Nah. Jim Fleming tells me they're running IPv8 (ducks)
Alex
--On 19 November 2004 09:40 -0800 Owen DeLong [EMAIL PROTECTED] wrote:
If it were true, then I would have to renumber
every time I changed telephone companies. I don't, so, obviously, there
is some solution to this problem.
But I'm not sure you'd like it applied to the internet. Firstly, in
--On 18 November 2004 14:01 -0500 Lou Laczo [EMAIL PROTECTED] wrote:
The client's mailserver is
running qmail. In almost all of the cases, the failing email has at least
one attachment and is larger than what might be considered normal.
Have you tried checking the intervening path is clean w.r.t.
--On 15 November 2004 17:24 -0800 Owen DeLong [EMAIL PROTECTED] wrote:
ASNs issued today are subject to annual renewal.
ARIN ASNs only?
Alex
--On 11 November 2004 10:46 -0800 Randy Bush [EMAIL PROTECTED] wrote:
What business issue/problem are you trying to address by
blocking VoIP?
an incumbent telco which also has the monopoly on ip might
want to prevent bypass. welcome to singapore, and remember
to try the chili crab.
Me I'm trying
--On 09 November 2004 11:09 -0500 Leo Bicknell [EMAIL PROTECTED] wrote:
I have to believe if the code can do IPv4-IPv6
NAT
I want to see IPv4-IPv4 NAT working first...
Alex
--On 28 October 2004 11:33 -0700 Gary E. Miller [EMAIL PROTECTED] wrote:
in general, we try not to make life that easy for spammers and scammers
Too late. That horse ran out the barn when Verisgn sold their whois data.
At this point keeping the data hard to get just makes it harder on
abuse
--On 15 October 2004 13:33 +0200 Iljitsch van Beijnum [EMAIL PROTECTED]
wrote:
However, the cause can also be rate limiting. Rate limiting is deadly for
TCP performance so it shouldn't be used on TCP traffic.
Add unless appropriate shaping is performed prior to the rate-limiting
with the
--On 15 October 2004 11:46 -0400 Andy Dills [EMAIL PROTECTED] wrote:
Hmm...I'd have to disagree. Are you perhaps assuming a certain threshold
(100mbps, for instance)?
I use rate limiting for some of my customers, and when correctly
configured (you _must_ use the right burst sizes), you will get
--On 15 October 2004 12:31 -0400 Andy Dills [EMAIL PROTECTED] wrote:
If the desire is to provide a simulated circuit with x bandwidth, CAR
does a great job, IFF you correctly size the burst: 1.5x/8 for the normal
burst, 3x/8 for the max burst.
The aggregate rate of the transfer is x in all the
--On 20 September 2004 07:56 -0700 Philip Lavine [EMAIL PROTECTED]
wrote:
I am having a problem witha DS3 that terminates into a
Adtran CSU (T3SU-300) and then into a 7200 with HSSI.
I can not ping with a data pattern and I
experience packet loss and errors when I pass TCP
traffic.
Adtran
--On 20 September 2004 10:50 -0700 Philip Lavine [EMAIL PROTECTED]
wrote:
More clues. It seems that everytime I ping with the
pattern the controller counter:
rx_soft_overrun_err=27473, increments.
If you admin both ends, enable scrambling.
Alex
--On 02 September 2004 16:09 -0700 John Bender [EMAIL PROTECTED]
wrote:
This would not be as problematic if dampening could be applied to a path
rather than a prefix, since an alternate could then be selected. But
since this would require modifications to core aspects of BGP (and
additional
--On 14 August 2004 22:23 +0300 Hank Nussbacher [EMAIL PROTECTED]
wrote:
Predating this is Bellwether (June 2000):
Indeed. In days of yore, when people developed at least marginally
non-obvious operational techniques, people sent email to nanog about it,
explaining the technique and their
--On 28 June 2004 18:43 +0100 Simon Lockhart [EMAIL PROTECTED]
wrote:
It's wholy unfair to the innocent parties affected by the blacklisting.
i.e. the collateral damage.
Say a phising site is hosted by geocities. Should geocities IP addresses
be added to the blacklist?
What if it made it onto
--On 21 June 2004 10:43 -0400 Randy Bush [EMAIL PROTECTED] wrote:
Why wait for Gmail when you can get max 10M messages and 1G total from
rediff.com ?
how american of us. i doubt there uas been 1G of *real content* in my
email for the last two decades.
I'm trying to work out whether in the last
--On 13 June 2004 16:15 +0100 Dave Howe [EMAIL PROTECTED] wrote:
disproof by counterexample is a valid technique.
only where the law of excluded middle holds true - that means if
everything is black white with no shades of grey.
It is quite clear if nothing else from the circularity of threads
--On 11 June 2004 14:18 -0700 Randy Bush [EMAIL PROTECTED] wrote:
the bottom line
o if you want the internet to continue to innovate, then
the end-to-end model is critical. it means that it
If there is a lesson here, seems to me it's that those innovative protocols
should be designed such
[use telnet+ACL instead of SSH]
while this protects the router such that it allows packets in only
from known addresses, it does not allow packets in only from known
MACHINES. Addresses can be spoofed. Vendor C (at least in recent
history) did/does not allow binding of the host stack only to
--On 07 June 2004 11:10 -0700 Randy Bush [EMAIL PROTECTED] wrote:
It makes more sense to funnel everything through secure gateways and
then use SSH as a second level of security to allow staff to connect
to the secure gateways from the Internet. Of course these secure
gateways are more than just
--On 07 June 2004 17:50 -0400 [EMAIL PROTECTED] wrote:
Well, either you have one per POP (and that, as Randy Bush points out, can
be quite the headache in itself), which is still a single point of
failure for that POP, or you're advocating that the routers be reachable
from the magic box at *any*
Guys,
Which Juniper router do I need to /realistically/ (i.e. I have seen it do
this in practice, not it says it will do this in the specs, which I can
read myself) cope with and filter out 1Gbps of small packet DoS, while
still carrying a full table and generally behaving like a happy beast. I
--On 23 April 2004 09:09 -0400 Patrick W.Gilmore [EMAIL PROTECTED]
wrote:
(TTL should only be decremented when _forwarding_, and I don't think
you could argue that you need to _forward_ a packet from your ingress
interface to your _loopback_ interface..)
Well, if that were the case, then you
--On 18 April 2004 03:48 +0100 Paul Jakma [EMAIL PROTECTED] wrote:
Well, let's be honest, name one good reason why you'd want IPv6
(given you have 4)?
As an IPv6 skeptic I would note that some protocols NAT extremely badly
(SIP for instance), and the bodges to fix it are costly. So if IPv6
--On 18 April 2004 02:56 -0400 Sean Donelan [EMAIL PROTECTED] wrote:
If you don't want to accept connections from indeterminate or
unauthenticated addresses, its your choice.
Whilst that may gave you some heuristic help, I'm not sure
about the language. HINFO used that way neither
--On 14 April 2004 12:17 +0300 Petri Helenius [EMAIL PROTECTED] wrote:
How many MUAs default to port 587? How many even know about 587 and give
it as an option other than fill-in-the-blank?
So until they do, treat unauthenticated port 25 connections skeptically,
and authenticated port 587
--On 09 March 2004 11:25 + [EMAIL PROTECTED] wrote:
Requiescas in pace o email
ITYM Requiescas in pace o elitterae
Alex
--On 06 March 2004 23:02 + Paul Vixie [EMAIL PROTECTED] wrote:
ok, i'll bite. why do we still do this? see the following from June
2001:
http://www.cctec.com/maillists/nanog/historical/0106/msg00681.html
Having had almost exactly that phrase in my peering contracts for
$n years, the
--On 06 March 2004 18:39 -0500 Sean Donelan [EMAIL PROTECTED] wrote:
Source address validation (or Cisco's term uRPF) is perhaps more widely
deployed than people realize. Its not 100%, but what's interesting is
despite its use, it appears to have had very little impact on DDOS or
lots of other
--On 27 February 2004 13:39 + Paul Jakma [EMAIL PROTECTED] wrote:
Sounds like a perfect job for anycast.
Because you always want to get to an E911 service in the same AS number...
(seriously, read the sip sipping w/gs)
Alex
--On 27 February 2004 14:52 + Paul Jakma [EMAIL PROTECTED] wrote:
Because you always want to get to an E911 service in the same AS
number...
You do or you dont? I dont see why anycast addresses need or need not
be restricted to same AS.
Anycast topology tends to follow AS topology, as
Sean,
Hence the reason why I want the route to cease being advertised if the box
fails.
I'm trying to avoid putting yet another server load balancer box in front
of the windows box to withdraw the route so a different working box will
be closest. It may be an oxymoron, but I'm trying to make the
Tony,
--On 17 February 2004 17:27 -0800 Tony Hain [EMAIL PROTECTED] wrote:
Clearly I misinterpreted your comments; sorry for reading other parts of
the thread into your intent. The bottom line is the lack of a -scalable-
trust infrastructure. You are arguing here that the technically inclined
--On 17 February 2004 12:17 -0800 Tony Hain [EMAIL PROTECTED] wrote:
[with apologies for rearrangement]
The Internet has value because it allows arbitrary interactions where new
applications can be developed and fostered. The centrally controlled model
would have prevented IM, web, sip
--On 17 February 2004 16:10 -0600 Chen, Weijing
[EMAIL PROTECTED] wrote:
Sound like an any to any end to end signaling/control mechanism with
authentication capabilities. Smell fishy (packet version of dial tone?)
Since when had dialtone got end-to-end signalling/control? My POTS line
doesn't
Steve,
--On 17 February 2004 17:28 -0500 Steven M. Bellovin
[EMAIL PROTECTED] wrote:
In almost all circumstances, authentication is useful for one of two
things: authorization or retribution. But who says you need
authorization to send email? Authorized by whom? On what criteria?
Authorized
--On 17 February 2004 16:19 -0800 Tony Hain [EMAIL PROTECTED] wrote:
Where they specifically form a club and agree to preclude the basement
multi-homed site from participating through prefix length filters. This
is exactly like the thread comments about preventing consumers from
running
--On 12 February 2004 18:13 -0500 [EMAIL PROTECTED] wrote:
Since when was anything sent over port 25 confidential?
Since Phil Zimmerman decided to do something about it.
Well if you are considering the plain-text of an encrypted mail,
it doesn't much matter whether port 25 is intercepted by
--On 13 February 2004 08:47 -0500 Carl Hutzler [EMAIL PROTECTED] wrote:
Is this what is commonly referred to as STARTTLS?
That would be good, but doesn't work when port 25 is blocked unless it's
STARTTLS on submission.
Alex
--On 13 February 2004 09:27 -0500 [EMAIL PROTECTED] wrote:
Y-Haw! A return to the Old West of bangbaths and pathalias.
*Not* that I think bilateral peering for SMTP is a great idea, but: a
web of trust (A trusts B, B trusts C) does not necessarily mean
the mail has to traverse the route of
--On 12 February 2004 14:07 -0800 Lou Katz [EMAIL PROTECTED] wrote:
I can locally submit to my mailserver, but if it tries to make an outbound
connection on port 25 to a client's mailserver, and that is blocked, than
all confidentiality of business or personal communication is gone.
Since when
what about port 25 blocking that is now done by many access providers?
this makes it impossible for mobile users, coming from those providers,
to access your server and do the auth.
[EMAIL PROTECTED]:~$ fgrep submission /etc/services
submission 587/tcp # submission
--On 11 February 2004 16:30 -0500 Sean Donelan [EMAIL PROTECTED] wrote:
And I applaud your effort. But does it really answer the question of who
is responsible for handling abuse of the service? If ISP's are not
responsible for abuse using port 573, they probably don't care.
I think you are
--On 11 February 2004 19:45 -0500 Sean Donelan [EMAIL PROTECTED] wrote:
The bulk of the abuse (some people estimate 2/3's) is due to compromised
computers. The owner of the computer doesn't know it is doing it.
Unfortunately, once the computer is compromised any information on that
computer is
--On 18 September 2003 10:05 -0400 Todd Vierling [EMAIL PROTECTED] wrote:
DNS site A goes down, but its BGP advertisements are still in effect.
(Their firewall still appears to be up, but DNS requests fail.) Host
site C cannot resolve ANYTHING from DNS site A, even though DNS site B is
still
is far more important than anything CapEx will buy you alone.
Note it is not difficult to envisage how this attack could have been
far far worse with a few code changes...
Alex Bligh
to suit the apps I have installed. It's a
completely automable task. Someone unfamiliar with either IP or UNIX would
find writing such a script very hard and it would take them much longer. Do
mainstraim distributions include such an automatically built script by
default? Not to my knowledge.
Alex
--On 02 December 2002 11:07 + [EMAIL PROTECTED] wrote:
I just don't see how an outside probe can determine the true topology of
a network.
You did *read* the paper?
Alex
there's only one block (or at most 2) active at a time in
most ISPs as the RIR won't issue another until utilization in existing
ones is good. However, there is of course reuse of space when customers
leave which also distributes address space.
Alex Bligh
bucket) as we used to drop other malicious traffic,
so it all got dropped at the border rather than at the CPE.
Alex Bligh
--On 29 October 2002 21:11 + Stephen J. Wilcox
[EMAIL PROTECTED] wrote:
As they say, if you dont set the rate limit too low then you wont
encounter drops under normal operation.
It would be useful if [vendor-du-jour] implemented rate-limiting
by hased corresponding IP address.
IE:
74 matches
Mail list logo