William Herrin wrote:
On Jan 15, 2008 12:51 PM, Dave Israel <[EMAIL PROTECTED]> wrote:
I think I understand what you want, and you don't want it. If you
receive a route for, say, 204.91.0.0/16, 204.91.0.0/17, and
204.91.128.0/17, you want to drop the /17s and just care ab
possible to easily achieve though?
Ben
----
*From:* Dave Israel [mailto:[EMAIL PROTECTED]
*Sent:* 15 January 2008 17:51
*To:* Ben Butler
*Cc:* nanog@merit.edu
*Subject:* Re: BGP Filtering
Ben,
I think I understand what you want, and you don't want it. If you
receive a route
Ben,
I think I understand what you want, and you don't want it. If you
receive a route for, say, 204.91.0.0/16, 204.91.0.0/17, and
204.91.128.0/17, you want to drop the /17s and just care about the /16.
But a change in topology does not generally result in a complete update
of the BGP ta
Adrian Chadd wrote:
You don't believe the killer app will be "sorry, no more IP addresses?"
I bet it won't. There are too many people willing to patch what we have
rather than toss it out and start over. As the IP addresses run ever
lower, ISPs will probably patrol usage even more and r
[EMAIL PROTECTED] wrote:
On Mon, 04 Jun 2007 11:32:39 PDT, Jim Shankland said:
*No* security gain? No protection against port scans from Bucharest?
No protection for a machine that is used in practice only on the
local, office LAN? Or to access a single, corporate Web site?
Nope. Zip. Zer
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Bora Akyol wrote:
>
> The question I asked earlier was, whether the last-mile SP networks
> can handle 24x7 100% link utilization for all of their customers. I
> don't think they can. And frankly, I don't know how they are going
> to get revenue from
Clipped for brevity...
On 1/21/2004 at 10:52:00 +, [EMAIL PROTECTED] said:
>
> >> > Uhm, that would be wrong. This is simply "security through
> obscurity".
> >> Yes, it is wrong for the _smart books_. But it works in real life.
>
> >Actually, an automated script or manual scan can find
On 1/20/2004 at 09:18:07 -0800, Alexei Roudnev said:
>
>
> >
> > Uhm, that would be wrong. This is simply "security through obscurity".
> Yes, it is wrong for the _smart books_. But it works in real life. Of
> course, it should not be the last line of defense; but it works as a first
> line ve
On 10/20/2003 at 16:31:45 -0400, Steven M. Bellovin said:
>
> A number of people havce responded that they don't want to be forced to
> pay for a change that will benefit Verisign. That's a policy issue I'm
> trying to avoid here. I'm looking for pure technical answers -- how
> much lead tim
On 8/12/2003 at 12:40:19 -0400, McBurnett, Jim said:
> who in there right mind would pass NB traffic in the wild?
That's the problem; not all customers are in their right mind. All
they know is that it was working yesterday, and not today, because you
blocked a port.
The question of port blocki
On 7/31/2003 at 18:30:12 +, Paul Vixie said:
>
> > However, since improvements are always welcome, please recommend tools
> > which would allow us to progress "above and beyond" C and it's deficencies.
>
> I've never been able to program a buffer overrun vulnerability in
> Modula 3, or Perl,
01615991
>
I'll add:
Network Security: Private Communication in a Public World
by Charlie Kaufman, Radia Perlman, Mike Speciner, Charles Kaufman
Prentice Hall PTR
ISBN: 0130460192
I have not read the 2nd Edition, but the 1st was excellent.
--
Dave Israel
Director, Data Engineering
Allegiance Telecom
On 6/13/2003 at 07:54:01 -0700, [EMAIL PROTECTED] said:
>
> I saw a DISA memo yesterday that mandates IPv6 compliance
> by 2008.
Ah, government memos. There's been ones mandating OSI protocols,
UNIX workstations for all government employees...
Government mandates aren't going to fo
On 6/12/2003 at 15:00:17 -0400, Eric Gauthier said:
>
> > >So, how does IPv6 go from the shores of Japan and the minds of geeks across
> > America to being the primary protocol
> > >used on the net?
> >
>
> Free gay porn?
>
> Eric :)
And there's the secret. As many governments and universiti
On 6/12/2003 at 13:14:30 -0400, Andy Dills said:
>
> On Thu, 12 Jun 2003, Jared Mauch wrote:
>
> > I honestly see most of the backbone providers offering
> > native IPv4 and IPv6 services in the next few years. Contact
> > your provider as you can probally get in on any beta service
> > off
On 3/28/2003 at 16:19:03 -0500, Sean Donelan said:
> On Fri, 28 Mar 2003, Dave Israel wrote:
> > I seriously doubt that, if a 12-year-old from Nebraska called the NOC
> > at AT&T and asked for a list of all their network failures in the past
> > two years, the NOC per
At the risk of starting a debate that will go nowhere and annoy
the readership...
On 3/28/2003 at 14:44:00 -0500, Sean Donelan said:
>
> I guess we'll have to wait for Allegiance customers "leak" the
> information. The leaks may not be as accurate as if the information
> came directly from All
On 3/28/2003 at 14:02:36 -0500, Sean Donelan said:
>
> On Fri, 28 Mar 2003, Dave Israel wrote:
> > I do. But I won't discuss it in this forum.
> >
> > My best advice in general, is when you have a backbone problem with
> > Allegiance, call the NOCC (866 696
uot;. I'm guessing that boston.com,
> which is also down, is affected by this...
>
> If you go to the Allegiance Telecom looking glass
> (http://nitrous.digex.net/mae/mae-lg.html) and enter an IP from their
> colo you get a "network not in table" so my guess is that t
n-Reply-To.)
> > > Lotus Notes < 6.0
> > > MIME-Tools
> > > AOL mailer
> > > dtmail
> > > Novell GroupWise
> > > foxmail
> > >
> > > regards,
> > >
> > > --
> > > Miyoko Shioda
> > > [EMAIL PROTECTED]
> > >
> >
> > --
> > Miyoko Shioda <[EMAIL PROTECTED]>
> >
>
>
>
> "Walk with me through the Universe,
> And along the way see how all of us are Connected.
> Feast the eyes of your Soul,
> On the Love that abounds.
> In all places at once, seemingly endless,
> Like your own existence."
> - Stephen Hawking -
--
Dave Israel
Senior Manager, Backbone Eng
Allegiance Telecom
On 3/26/2003 at 08:31:40 -0800, Bill Woodcock said:
>
> On 26 Mar 2003, Jeffrey C. Ollie wrote:
> > What I would like to see is somewhat of the idea in
> > reverse. The ISC would host a zone that would contain TXT records with
> > security/bug advisories for every version:
>
>
On 3/26/2003 at 15:24:18 +, Paul Vixie said:
[snip]
> so here's a proposal. we (speaking for ISC here) could add a config option
> (default to OFF) to make bind send some kind of registration packet at boot
> time, containing an e-mail address for a technical contact for that server,
> and
x27;ve found some that
> have port replicators, but that can be a pain when you need to serial into a
> router or some other device. What do you guys use?
>
> -Drew
--
Dave Israel
Senior Manager, Backbone Eng
Allegiance Telecom
On 3/7/2003 at 15:50:40 -0500, Steve Goldstein said:
> At 8:34 PM + 3/7/03, Stephen J. Wilcox wrote:
> >So whats good about this?
>
> 923 Mbps with TCP. --S
According to CNN:
"Scientists were able to get 93 percent efficiency out of their
record-setting connection because they didn't have
On 3/7/2003 at 14:57:22 -0500, Eric Germann said:
>
>
> http://www.cnn.com/2003/TECH/internet/03/07/speed.record/index.html
>
> Comments folks?
Yeah. Give me a million dollars, plus fiber from here to anywhere,
and let me muck with the TCP algorithm, and I can move a gig-e worth
of traffic, t
On 2/27/2003 at 10:44:49 -0800, Will Yardley said:
>
> On Thu, Feb 27, 2003 at 11:09:19AM -0500, [EMAIL PROTECTED] wrote:
>
> > And on a related topic (whois.ripe.net almost unreachable, along with
> > the rest of RIPE): rwhois.level3.net:4321 as been MIA or AWOL for
> > about 4 days: Level3 w
On 12/20/2002 at 13:11:56 -0500, Joe Abley said:
>
>
> On Friday, Dec 20, 2002, at 13:02 Canada/Eastern, jcvaraillon wrote:
>
> > 4Today the network 18.0.0.0/8 disappeared from the Internet, it is now
> > reachable.
> >
> > I went to different looking glass (MAE East, LINX, GRnet) and
> > 1
On 10/5/2002 at 12:30:36 +, Tim Thorne said:
> After reading all the stories about what supposedly happened does
> anyone know what really happened? Did UUNet US really do an IOS
> upgrade on a sizable proportion of their border routers in one go?
> This seems like suicide to me. What possibl
On 9/6/2002 at 13:18:54 -0400, Richard A Steenbergen said:
> And half the internet's users type "u r kewl", and think that ethernet is
> a broadband connection.
>
> Just because a misconception is popular doesn't mean we should indulge it.
> :)
>
> Think of it as a public service, if you make
[EMAIL PROTECTED] said:
>Taking out an a collo would more than just increase time to download porn
>for a few days.
and went on to say:
> > > Is there a general consensus that cyber/internal attacks are more
> > > effective/dangerous than physical attacks. Anecdotally it seems the
> > > larg
ath. I
> would think 9-11 would provide a compelling example of current terrorist
> practice.
>
> Just my 2¢
>
> Best regards,
> _
> Alan Rowland
>
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On Behalf Of
On 9/5/2002 at 16:01:02 -0400, [EMAIL PROTECTED] said:
> >
> > The thing is, the major cuts are not "attacks;" the backhoe operators
> > aren't gunning for our fiber (no matter how much it seems like they
> > are). If I wanted to disrupt traffic, intentionally and maliciously,
> > I would not d
nts may take days or months.
> > >
> > >This again is great in theory, unless you are talking about
> > someone who
> > >is planning on taking out the IX not accidently, but
> > deliberately. To
> > >illustrate this, one just needs to recall the infamous fiber cut
> > in McLean
> > >in 1999 when a backhoe not just cut Worldcom and Level(3)
> > circuits, but
> > >somehow let a cement truck to pour cement into Verizon's manhole
> > that was
> > >used by Level(3) and Worldcom.
> >
> > Terrorists in cement trucks?
> >
> > Again, it seems more likely and more technically effective to
> > attack
> > internally than physically. Focus again here on the cost/benefit
> > analysis
> > from both the provider and disrupter perspective and you will see
> > what I mean.
> >
> >
> > >Alex
> >
> >
> >
>
--
Dave Israel
Senior Manager, DNE SE
Mmmm... me too post.
I have to agree with Dan on this. The only people who ask me about
IPv6 are people who have heard something about it from some tech
magazine and want the Newest Thing. Much of its useful functionality
(except the widened address space) is available in v4, and v4 is
deploy
thread.
>
> RGDS
> GARY
> ---
> Gary E. Miller Rellim 20340 Empire Blvd, Suite E-3, Bend, OR 97701
> [EMAIL PROTECTED] Tel:+1(541)382-8588 Fax: +1(541)382-8676
>
>
--
Dave Israel
Senior Manager, DNE SE
The problem with SSL is it doesn't include certificate chain to
arbitrary authorities. However, there's a space for web of trust in
SSL, I believe, so yeah, a new verison of SSL might be just the ticket.
On 8/22/2002 at 00:02:24 +0300, Petri Helenius said:
>
> >
> > Treat them sort of like SS
3) Register the server
> 4) SPAM
> 5) Apologize, get a second chance
> 6) get booted off
> 7) Call the next ISP with a zero install
> 8) Rinse and repeat.
>
>
> Regards,
> Mark
>
> --
> Mark Segal
> Director, Data Services
> Futureway Communications Inc.
> Tel: (905)326-1570
--
Dave Israel
Senior Manager, DNE SE
On 8/21/2002 at 10:53:19 -0400, Ron da Silva said:
>
> On Wed, Aug 21, 2002 at 10:00:02AM -0400, [EMAIL PROTECTED] wrote:
> >
> > > what are the more basic problems you're trying to fix?
> >
> > I'd like to be able to publish DNS records announcing my domain's *outbound*
> > mail servers,
I'll probably get flamed for saying this, but the fact of the matter
is, if SPEWS behavior is abusive towards a network, that network does
have a limited recourse: null-route SPEWS. Thus, the more providers
they anger, the less network they can reach. Some users may complain,
but if SPEWS is a
The.net LLC, Mentor On The Lake, OH 888.480.4NET http://JustThe.net
> "In a 32-bit world, you're a 2-bit user/You've got your own newsgroup:
> alt.total.loser" - "Weird Al" Yankovic, "It's All About the Pentiums"
>
>
>
--
Dave Israel
Senior Manager, IP Backbone Engineering
approach. no-ip's problem was they presumed my permission.
> > >
> >
> > You don't even have to be in the "big idiot" league to figure out that in
> > both the "wrong" and the "right" approach as sanctioned above by a higher
> &g
41 matches
Mail list logo
