> "Not Exactly".. there is a court case (MAI Systems Corp. vs Peak
> Computer Inc
> 991 F.2d 511) holding that copying from storage media into
> computer ram *IS*
> actionable copyright infringement. A specific exemption was written into
> the copyright statutes for computer _programs_ (but *NO
> Historically, .0 and .255 have been avoided because a lot of servers
> (windows) wouldn't work using that as a host address or would flag it
> as invalid if you tried to connect to it or a myriad of other
> problems. Note that this was a limitation of the host, not anything to
> do with the net
> From my experience, a fast P4 linux box with 2 good NICs can NAT
> 45Mbps easily. I am NAT/PATing >4,000 desktops with extensive
> access control lists and no speed issues. This isn't over a 45Mb
> T3--this is over 100 Mb Ethernet.
>
> --Patrick Darden
> --ARMC, Internetworking Manager
> That doesn't make anything criminal or fraud any more than free
> samples. If a
> registrar wants to give a refund, I don't see anything wrong with that.
It is certainly fraud to take an entire pile of free samples. Domain tasting
is more like buying a plasma TV to watch the big game and then
> On Mon, 23 Jul 2007, Joe Greco wrote:
> > Intercept and inspect IRC packets. If they join a botnet
> > channel, turn on
> > a flag in the user's account. Place them in a garden (no IRC,
> > no nothing,
> > except McAfee or your favorite AV/patch set).
> Wow, you are recommending ISPs wireta
> No amount of IRC redirection is going to remove bots and fix their
> compromised computers.
>
> ... JG
Let's not confuse two different forms of IRC redirection, one which I think
is perfectly okay and one which is definitely not okay.
In the first type, the redirection is an immediate respons
> Again, whether the lock/deadbolt come as a package deal with the screen
> door or not, it is the lock/deadbolt that provide the security, not
> the screen
> door.
Wow, I don't know what to say. I've never heard of a screen door that came
with, and could not work without, a lock and deadbolt. I
> On Jun 4, 2007, at 11:32 AM, Jim Shankland wrote:
> > Owen DeLong <[EMAIL PROTECTED]> writes:
> >> There's no security gain from not having real IPs on machines.
> >> Any belief that there is results from a lack of understanding.
> > This is one of those assertions that gets repeated so often
> So we're saying that a lawsuit is an intelligent method to force someone
> else to correct something that you are simply using to avoid the
> irritation
> of manually updating things yourself???
>
> That seems to be the epitomy of laziness vs. litigousness.
>
> Scott
No, but a lawsuit may be a
> On Tue, Oct 24, 2006 at 05:51:17AM -0700, David Schwartz wrote:
> > Then you broke the law, assuming you had a Florida license and
> > you presented
> > it to the Miami facility.
> > Florida law, Title 13 section 322.32(2), "Unlawful use of license" s
> > Then you broke the law, assuming you had a Florida license and you
> > presented it to the Miami facility.
> >
> > Florida law, Title 13 section 322.32(2), "Unlawful use of license" says
> > "[i]t is a misdemeanor of the second degree ... for any person ... [t]o
> > lend his or her driver's
> In recent memory, I can think of two large collocation
> centers that retain your ID. One is in Miami and one in New York (I don't
> think I need to name names, most of you know to which I refer).
> All others
> (including AT&T) have never asked to retain my ID.
Then you broke the law, assumi
> On Mon, 2006-10-23 at 18:57 +0100, Roland Perry wrote:
> I've been in and out of several colos that require you to leave your ID
> (passport/DL, and business card) up at the front desk throughout your
> visit. This could be for hours, or even for the whole day. During that
> time I imagine m
> Joe McGuckin typed:
> >> 2) Why does ARIN believe that it can ignore a court order?
> Maybe because ARIN wasn't a party to the original proceedings
> that generated that order?
> Let's say you're eating lunch one day, minding your own business,
> and a sheriff comes up with an official lookin
[combined responses]
> You do realize that when we talk about "sending" data we are using
> language in a very loose way, right? Data isn't actually sent. When I
> "send" a packet of data, I still retain that data. If you lose it you
> have only lost your copy of it, not mine.
The pa
> Obligation to _whom_? My only obligations are to those who _pay_ me for
> access to my systems/resources. If the people who *do* pay me for use of
> my systems/resources "don't want" that cr*p, then I do 'have an
> obligation'
> to _not_ deliver that traffic.
Nonsense. You have tort
> Parked:
>A domain hosted by a middle-man for the sole purpose of generating
>revenue from pay-per-click advertising. Characterized by having no
>content of value.
>
> This definition *might* work for NANOG, but my parking friends would
> disagree with the above.
If this is
> :-) Let me add something before everyone on NANOG reminds me that
> gigablast is a search engine. I know what they do, but what I don't
> understand is why are they searching my systems for URLs that haven't
> ever existed there before. It's as though they are doing random word
> searches
John Payne wrote:
> On Jul 5, 2006, at 5:18 AM, Lincoln Dale wrote:
> > utopia would be for DNS to be enhanced in some manner such that the
> > 'end
> > user ip-address' became visible in the DNS request.
> > utopia would have NAT devices which actually updated that in-place
> > so an
> > autho
> How often do you think keys should change?
Arguably, any time someone who had access to the key is no longer
supposed
to have such access.
> I've never had anyone ask
> to change keys for about 50 session-years.
I guess the question the question is whether that's because the
> Our router is running BGP and connecting to our
> upstream provider with /30 network. Our log reveals
> that there are private IP addresses reaching our
> router's interface that is facing our upstream ISP.
> How could this be possible? Should upstream ISP be
> blocking private IP address ac
> Why?
>
> If we can coral them in it and legislate to have no porn anywhere
> else than on .xxx ... should fix the issue for the prudes out there.
The major problem with this is that many other governments have
"dangerous
ideas" that they'd also like to be easily able to identi
> I haven't seen any succinct justification for providing a
> 550 message rejection for positively-identified spam versus
> silently dropping the message. Lots of how-to instructions
> but no whys.
>
> matthew black
> california state university, long beach
Because your father may forwar
> 2) *Who*says* there is 'malicious intent' involved? I'm going to be
> travelling 'off network'(with the 'network' being defined as the one where
> I have published that I'm providing time-server services to), and I happen
> to have a recurring need for 32-bit units of a specifically
> transfo
> There have been successful cases for pedestrians that used a train
> trestle as a walk-way, where warnings were clearly displayed, and a
> fence had been put in place, but the railroad failed to ensure repair
> of the fence. The warning sign was not considered adequate. Would
> this relate to
> So... Microsoft has a monopoly on Windows and the basic OS costs
> you $299 with virtually no server capabilities.
>
> In the POSIX-style OS world, where you have multiple competitors,
> prices range from $0 to $179.
Either these products are comparable or they are not. If they are
com
> > Right, and this is appropriate. Large investments in infrastructure
> > should *not* be made if there's already adequate service. Better to
> > invest in places where there isn't.
> Is that still true if the "adequate" service is being provided at a price
> which is two to three times wh
> In any case, the bottom line is that whether through subsidy, "deal",
> or other mechanism, the "last-mile" infrastructure tends to end up being
> a monopoly or duopoly for most terrestrial forms of infrastructure.
> As such, I think we should accept that monopoly and limit the monopoly
> zone
> --On November 15, 2005 8:14:38 PM -0800 David Schwartz
> <[EMAIL PROTECTED]> wrote:
> >> --On November 15, 2005 6:28:21 AM -0800 David Barak
> >> <[EMAIL PROTECTED]> wrote:
> >> OK... Let me try this again... True competition requires
> >>
> --On November 15, 2005 6:28:21 AM -0800 David Barak
> <[EMAIL PROTECTED]> wrote:
> OK... Let me try this again... True competition requires
> that it be PRACTICAL for multiple providers to enter the
> market, including the creation of new providers to seize
> opportunities being ignored by the
> >> That is the exact problem with a [mon|du]opoly. The
> >> incumbents drive
> >> the price so low (because they own the network) that
> >> it drives out an
> >> potential competition.
> >
> > So you're complaining that the problem with lack of
> > competition is that the prices are too LOW?
> I wonder what the author would have said if major medical facilities would
> have had casualties because of the Level3/Cogentco debacle. Say a surgeon
> speaking via VoIP to another doctor about some brain surgery and the
> patient flatlines. What about a daytrader about to click on a nice size
> [EMAIL PROTECTED] ("David Schwartz") writes:
> > I think the industry simply needs to accept that it's more
> > expensive to receive traffic than to send it.
> It is? For everybody? For always? That's a BIG statement. Can
> you justify?
> Various people have stated that uneven data flows (e.g. from
> mostly-content networks to mostly-eyeball networks) is a good reason to
> not peer.
I think the industry simply needs to accept that it's more expensive to
receive traffic than to send it. So yes, Cogent sends Level 3 more
> On Wed, 05 Oct 2005 19:27:24 PDT, David Schwartz said:
> > Level 3 cut of Cogent's connectivity. Until and unless they
> > give some
> > reason that makes sense, they are no longer making the effort
> > and are not
> > part of the internet.
>
> Without making value judgments or saying what L3 / Cogent _should_
> do, I think Matthew is saying that he paid Cogent for connectivity to
> the internet. So if his GNAPS circuit dies, he does not want to be
> cut off from L3 end users. Right now, he has no such guarantee.
>
> Exactly which p
> Is Cogent filtering the prefixes they get from Verio? Or is Verio
> filtering what they send to Cogent? Does it matter?
>
> I think you have a very good point - FT is buying full transit. Cogent
> is the one without full reachability.
>
> Doesn't mean that FT didn't know this would be a prob
> SORBS -- like _any_ other blocklist -- is simply an expression of opinion.
> if you feel that "somebody" is 'wrongly' blocking mail because of a SORBS
> listing, your _first_ step should be to contact *that* party, and request
> that either (a) they stop using SORBS, or (b) that they 'whitelist
> I don't speak for BroadVoice, but this seams to be to be stupid. Why
> should the government get involved in ISPs blocking ports? If customers
> don't like it, go to a new provider, what country is this??
I'm curious how you'd feel if your local telephone company started
preventing you
> >>So, given these considerations, is everyone announcing an AS-set
> >>announcing "routes that falsely claim to have passed through another
> >>autonymous system"?
> >
> > Yes. From RFC1771:
> Ok, so if everyone announcing an AS-set is announcing "routes that
> falsely claim to have passed
> The RFC also says:
>
> > An AS_SET implies that the destinations listed in the NLRI can be
> > reached through paths that traverse at least some of the
> > constituent autonomous systems.
>
> which is exactly what we are doing.
Yes, you can cite sections of the RFC th
> David Schwartz wrote:
> >>Prepending announcements with remote AS numbers has been a well-known
> >>technique for preventing prefixes from propagating to particular ASes
> >>for a long time.
> > And therefore such use would not be considered
> &
> On 2 Mar 2005, at 22:30, David Schwartz wrote:
>
> > Please just clarify the following point: do you intend to advertise
> > paths
> > containing AS numbers belonging to other entities on the public
> > Internet
> > without the permission of the o
> Ok, I realize I might have given the wrong impression here. Sorry.
>
> So here's what we are doing: by artificially inserting ASes into the
> AS-set of an announcement, the ISP that makes the announcement can
> control where the announcement is propagated and thus discover paths
> followed by i
o possess proof of the
owner's intent to transfer, not just proof of a transfer.
David Schwartz
<[EMAIL PROTECTED]>
> > ah i was meaning tcp, afaik it sets DF on at least win2k
> All OSes that I know of do this in order to do path MTU discovery. The
> PMTUD RFC encourages implementers to detect changes in the path MTU as
> fast as possible, which they took to mean "set the DF bit on ALL
> packets". Which is u
Last post on this, I hope.
> > The argument I am taking issue with is whether or not it's
> > a mistake for a
> > firewall or end system to drop packets with reserved bits set
> > -- bits that
> > by RFC/BCP MUST be zero on transmission.
> Now I know you've not yet read BCP 60.
> David Schwartz:
> > IMO, it's negligent to configure a firewall to pass
> > traffic whose meaning is not known.
> I see. Can you suggest a firewall that supports "block all traffic not
> unencrypted and in American English"?
You misunderstand
> On Thu, 30 Dec 2004 17:42:44 -0800
> "David Schwartz" <[EMAIL PROTECTED]> wrote:
> I think you may be fearful that the use of reserved bits introduces
> a new security risk, because of something a system may do in response
> to the use of those new fields. Th
> It's not just that ECN isn't supported that is the problem, it's when
> systems by default reject packets with reserved bits set. While you
> may pan ECN, it or something else that might enhance Internet protocols
> like it in the future should typically be silently ignored by end hosts
> th
> what the world is short of is routing table
> slots, each of
> which adds universal cost to the internet for the sole benefit of
> the owner
> of the network thus made reachable.
I see this point made often, and I've never understood it. If carrying a
route only benefits the party that
> 2) 2 of your providers have violated the rules by automatically handing
> you a /24 with your leased lines as this is space you don't need and have
> no immediate intention of renumbering into.
> So, somehow its better that you announce 3 PA /24's into the global table
> instead of the 1 PI /2
> Just out of interest, why do you think 1918-style space for v6 is
> needed?
If we could assign every entity who wanted one sufficient non-routable,
globally unique space, we wouldn't need 1918-style space. There are,
however, three problems with this approach:
1) It encourages
> "The bill also permits computer software providers to
> interact with a user's computer without notice and
> consent in order to determine whether the computer
> user is authorized to use the software upon
> initialization of the software or an update of the
> software."
>
> I find this aspect
The general consensus seems to be that companies that choose to obey the
law will simply disclose everything their software does in many, many
paragraphs of legal language that few people will actually read. This will
allow them to claim they have consent for whatever it is that they do.
> So I would like some professional expert opinion to
> give her on this issue since it will effect the
> copyright inducement bill. Real benefits for
> production and professional usage of this technology.
We have no idea what the benefits of P2P are going to be or what the
technology i
> In the last couple of days, I have received complaints from customers
> not able to receive email from certain sites.
If I understand you correctly, you are saying that these sites are not able
to send mail to you. Assuming that they are diverse sites that don't have
significant simila
> On 7/12/04 12:33 PM, "Michel Py"
> <[EMAIL PROTECTED]> wrote:
> Some peering contracts specify that behaviors that endanger a
> network or its
> users allow for immediate disconnection. Its a bit of a stretch to invoke
> this for a spyware site.
I think you could find a few experts th
> On Jul 1, 2004, at 4:15 PM, William Allen Simpson wrote:
> > I was also concerned, until I read the actual pleadings.
> >
> > Although nobody's ever allowed us (AS19933) more than 1 month to
> > renumber, and we've always had to pay both providers during the time,
> > so we've always kept it a
> What I AM looking for is a commentary from the internet community,
> strictly relating to the fact that a judge has issued a TRO that forces an
> ISP (NAC) to allow a third-party, who WILL NOT be a Customer of NAC, to be
> able to use IP Space allocated to NAC. In other words, I am asking peopl
> > It's worth pointing out, however, that if case 2 applies and case 1
> > doesn't, then the ISP will still be providing a level of actual packet
> > carrying service to the customer.
> bt. if the ISPs have sensible policy implementations at the border,
> nobody will be be providing fre
> a TRO against nacs.net has no effect on the behavior of providers
> such as verio who won't honor the advertisement of the subnet
> in BGP. the customer would have to, one-by-one i think, go after
> everybody with the relatively common policy of ignoring such
> advertisements (isn't sprint one
> additionally, how is the ISP to account to ARIN for this block should
> they go back for more space?
They show ARIN a copy of the TRO. Really.
> there is a widely accepted understanding of how this is all supposed
> to work, and if the ex-NAC customer succeeds in gaining this TRO,
> a
> Not directed at anyone specifically, but has anyone noticed that on
> these lists, people tend to focus on whether or not people's analogies
> are correct, rather than trying to answer the original question?
So long as you continue to focus on the analogy as it relates to the
original
> Is this analogy really accurate? In your analogy, the person who
> initially purchases the shrimp actually *owns* the shrimp at that point.
> With IP address space, the ISP does not own the space that it allocates.
> It's really just sub-letting the space already allocated to it.
Doesn
> If you ran a museum, and you contracted for the use and display of an
> artifact, and then somehow entered into a contract to sell somebody else
> that artifact (even though you had no property rights), the original
> contract supercedes the second contract. Additionally, because there is no
>
> On Tue, 22 Jun 2004, David Schwartz wrote:
> > > In other words, customer is asking a court to rule whether or
> > > not IP space
> > > should be portable, when an industry-supported organization (ARIN) has
> > > made policy that the space is
> David,
>
> Isn't renumbering an obligation?
>
> >I wonder if their ARIN application says anything about planning to
> >renumber their existing space from NAC into the newly assigned space...
> >
> >-davidu
It's hard to see how his customer failing to meet obligations to ARIN is
going
> In other words, customer is asking a court to rule whether or not IP space
> should be portable, when an industry-supported organization (ARIN) has
> made policy that the space is in fact not portable. It can be further
> argued that the court could impose a TRO that would potentially negativel
> On Sun, 13 Jun 2004, Paul Vixie wrote:
> > > If you didn't do them, why do you think other people should?
> > so you aren't going to google for "chemical polluter business
> model", huh?
> I hope you also google for Nonpoint Source Pollution.
> ISPs don't put the pollution in the water, ISP
> Why does Webmaster put the entire risk on the customer, including warning
> that the security mechanism has inherent limitations? Shouldn't Webmaster
> be responsible if their customer suffer a loss whatsover the cause, even
> if it wasn't due to any negligence on the part of Webmaster?
This will be my last post on this issue.
In this case:
1) Almost certainly the traffic was due to a worm.
2) Almost certainly the ISP knew (or strongly suspected) the traffic was
due to a worm.
3) Quite likely, the ISP never carried most of the traffic
> This thread is quite amusing and interesting at the same time. If I read
> the original post right, Mr. Mike Bierstock was informed that he was
> generating an unusual amount of traffic, traffic he would have to
> pay for.
> He got the bill and had to deal with the consequences. What is wrong w
> > Of course, except in this case, the phone company can't
> > easily tell the
> > legitimate calls from the illegitimate ones and block only the
> > illegitimate ones. Every analogy will break down, so don't expect to be
> > able to convince people with analogies that seem so obviously righ
> At 7:07 PM -0700 2004-06-10, David Schwartz wrote:
> > Most of the people on this list see things from the ISP's
> > perspective.
> > However, step back a bit and see it from the user's perspective. Do you
> > expect to pay for phone calls you didn&#
> On Jun 10, 2004, at 10:07 PM, David Schwartz wrote:
> > It all depends upon what the agreement between the customer and the
> > ISP
> > says. It's no unreasonable for the ISP to 'insure' the customer against
> > risks he isn't able to mitigate wh
> On Jun 10, 2004, at 2:06 PM, Laurence F. Sheldon, Jr. wrote:
> The "victim" in the case Sean posted knew he had a worm, got some of
> his first bill forgiven, yet did nothing to correct it and acts
> surprised when the same thing happens the next month. YES, he is at
> fault. Anyone who thin
> On Thu, 6 May 2004 [EMAIL PROTECTED] wrote:
>
> > connectivity, not even wireless. But it does have an internal
> > 100baseTx Ethernet port that uses a non-standard connector.
> > And it also includes a router unit running off the same
> > power supply as the PC but otherwise completely indepen
> Perhaps now I'm the one being pedantic, but you're confusing "somebody"
> with the owner of the resources involved in the sending.
Look, we're the ones asking what percentage of Internet traffic is junk, so
we're the somebody. We know what we mean and can do a reasonably good job of
ex
> I'm not sure that I'd agree with this statement. What
> about the traffic from compromised sources? The pps
> floods or spam emails are not being created with the
> knowledge of the source, so it would be hard to say
> that the source "wanted" to send it.
Exactly. A great example is
> Firstly, who enforces it? The reason it "works" with cars is that
> the state
> (or province for those of us north of the border) effectively says "you
> can't drive a car without this lovely piece of paper/plastic that
> we'll give
> you" and "if we find you driving a car without the lovely pi
By the way, do we even know what we're talking about? Specifically, has
VeriSign produced a set of specifications for exactly what SiteFinder is and
does?
For example, is it guaranteed to return the same A record for all
unregistered domains? Is it guaranteed that that A record w
> Yes they broke basic auth in a URL.
>
> I am uncertain as to why it was necessary to remove this functionality.
>
> Bryan
Apparently, there were ways to use this to make one URL look like the URL
of another site. According to Microsoft, it isn't just
'[EMAIL PROTECTED]/foo', but there
> On Tue, Jan 13, 2004 at 02:01:48AM +0100, Jesper Skriver wrote:
> That would depend what is causing the CPU usage. If it is software based
> IP header lookups, you're not going to get any more peformance out of it
> by trying to do more lookups than your CPU can handle.
Surprisingly,
> > Stephen J. Wilcox wrote:
> > So either this doesnt work because spammers don't
> > actually use their own PCs to send email
> Indeed; it doesn't do any good against spammers that control large
> numbers of zombie machines; they'll just distribute the processing load
> all over the place. And
> A number of people havce responded that they don't want to be forced to
> pay for a change that will benefit Verisign. That's a policy issue I'm
> trying to avoid here. I'm looking for pure technical answers -- how
> much lead time do you need to make such changes safely?
You can't s
> > It depends upon how low a probability failure you're willing to consider
> > and how paranoid you are. For one thing, the U.S. National
> > Command Authority
> > could decide that GPS represents a threat to national security
> > and disable
> > or derate GPS temporarily or indefinitely over a
Eliot Lear writes:
> [EMAIL PROTECTED] wrote:
> > Beware the single point of failure. If all your clocks come
> > from GPS, then
> > GPS is the SPOF.
> Can you describe what would be involved to cause this sort of single
> point of failure to fail?
It depends upon how low a probabilit
> Each mailserver could keep a cryptographically verified list, the
> list is distributed via some P2P mechanism, and DoS directed at the
> 'source' of the service only interrupts updates, and only does so until
> the source slips an updated copy of the list to a few peers, and then
> the upd
> At 3:15 PM -0700 9/23/03, David Schwartz wrote:
> > How would you do this before? Does an A record for a hostname
> >mean that a
> >host with that name exists? If so, then all *.com 'hosts' now 'exist'. If
> >not, what did you mean by exist b
Lee Hinckley wrote:
> At 2:46 PM -0700 9/23/03, David Schwartz wrote:
> > He asked for the "optimal way" "to see if a given host truly
> >exists" and
> >you told him how to confirm or deny the "existance of a domain". He asked
> >
> Getting practical for a minute. What is the optimal way now to see
> if a given host truly exists?
You first have to define what you mean by 'exists'. I have a machine here
that I call 'stinky'. It's not on the Interent though. Does the 'host'
'stinky' exist?
> Assume that I can't co
> On Tue, 23 Sep 2003, Kee Hinckley wrote:
> > Getting practical for a minute. What is the optimal way now to see
> > if a given host truly exists? Assume that I can't control the DNS
> Look for a SOA record for the domain - this should be the proper way to
> check for the existance of a doma
> > I think the whole idea of getting into an escalating
> > technical war with
> > Verisign is extremely bad. Your suggestion only makes sense if
> > you expect
> > Verisign to make changes to evade technical solutions. Each
> > such change by
> > Verisign will cause more breakage. Verisign will
> I wanted to discuss the merits of the following:
> I have written a proof of concept solution to nuke a route to sitefinder.
> Code to those who care or to the list if anyone cares. Perl is
> your friend
> :)
> Basic concept: Use Net::BGP to set up a peering session with my route
> server.
> On Thu, 18 Sep 2003, Leo Bicknell wrote:
> > A truely robust anycast setup has two "addresses" (or networks, or
> > whatever), but only one per site. From the momentary outage while
> > BGP reconverges to the very real problem of the service being down
> > and the route still being announced
> > Any solution which requires uniqueness also requires a singular ultimate
> > authority.
> Not really. You can just take random numbers. If you have enough bits
> (and a good RNG) the probability of collision would be less than
> probability of an asteroid wiping the life on Earth in the nex
> > > ... shouldn't they get to decide this for themselves?
> > Returning NXDOMAIN when a domain does not exist is a basic
> > requirement. Failure to do so creates security problems. It is
> > reasonable to require your customers to fix known breakage that
> > creates security problems.
> th
> > I've implemented the official ISC Bind hack on every single one of my
> > name servers and am pushing it and the configuration changes out to my
> > customers as a *required* upgrade.
> that seems a bit extreme. shouldn't they get to decide this for
> themselves?
Returning NXDOMAIN
> > Once upon a time there was a proposal for a protocol which allowed
> > clients to
> > push a filter configuration to the edge router to both classify traffic
> > and filter
> > unneeded things.
> Nice idea. I am sure clients will figure that out. As quickly as they
> caught on to 'Windows Up
1 - 100 of 163 matches
Mail list logo
