Re: Routing Loop

There's also somewhat odd data in RADB (look at the changed: line): route: 194.9.64.0/19 descr: SES-Newskies Customer Prefix origin:AS16422 remarks: SES-Newskies Customer Prefix notify:[EMAIL PROTECTED] mnt-by:MNT-NWSK changed: [EMAIL PROTECTED]

Re: EU Official: IP Is Personal

* Eric Brunner-Williams: > However, Google/DoubleClick claim they have the right to collect PII > data and disclose less than their complete data collection policy, and > in particular, claim that endpoint identifiers do not tend to identify > individuals. Further, they assert a property claim on

Re: v6 subnet size for DSL & leased line customers

* Tim Durack: > Probably why some vendors support "dhcp snooping" and "private vlans" for > IPv4 - multiple clients per subnet with isolation. The isolation is far from perfect because you don't know from which host the packet actually came. 8-(

Re: v6 subnet size for DSL & leased line customers

* Leo Bicknell: > In a message written on Tue, Dec 25, 2007 at 12:43:45AM -0500, Kevin Loch > wrote: >> RA is a shotgun. All hosts on a segment get the same gateway. I have >> no idea what a host on multiple segments with different gateways would >> do. Hosting environments can get complex

Re: v6 subnet size for DSL & leased line customers

* Joe Greco: >> Right now, we might say "wow, 256 subnets for a single end-user... >> hogwash!" and in years to come, "wow, only 256 subnets... what were we >> thinking!?" > > Well, what's the likelihood of the "only 256 subnets" problem? There's a tendency to move away from (simulated) shared

Re: European ISP enables IPv6 for all?

* Sebastian Abt: > * Florian Weimer wrote: >> Does PPPv6 still work on the T-DSL platform? 8-/ > > Yes, it does. Oh. What happened to the C10K PPPoE length field bug (CSCsd13298, if I'm not mistaken)? -- Florian Weimer<[EMAIL PROTECTED]> BFK edv-

Re: European ISP enables IPv6 for all?

* Jeroen Massar: > For a list of ISP's doing IPv6 check: > http://www.sixxs.net/faq/connectivity/?faq=native Does PPPv6 still work on the T-DSL platform? 8-/ The list would be more convincing if it contained links to product pages. -- Florian Weimer<[EMAIL PROTE

Re: Creating a crystal clear and pure Internet

* Jared Mauch: > Within the next 2 major software releases (Microsoft OS) they're > going to by default require signed binaries. This will be the only viable > solution to the malware threat. Other operating systems may follow. > (This was a WAG, based on gut feeling). The code signing C

Re: Hey, SiteFinder is back, again...

* Sean Donelan: > I just wish the IETF would acknowledge this and go ahead and define a > DNS bit for artificial DNS answers for all these "address correction" > and "domain parking" and "domain tasting" people to use for their keen > "Web 2.0" ideas. > > And for all the other non-Web protocols w

Re: Can P2P applications learn to play fair on networks?

* Adrian Chadd: > So which ISPs have contributed towards more intelligent p2p content > routing and distribution; stuff which'd play better with their > networks? Perhaps Internet2, with its DC++ hubs? 8-P I think the problem is that better "routing" (Bittorrent content is *not* routed by the p

Re: Can P2P applications learn to play fair on networks?

* Sean Donelan: > On Sun, 21 Oct 2007, Florian Weimer wrote: >>> If its not the content, why are network engineers at many university >>> networks, enterprise networks, public networks concerned about the >>> impact particular P2P protocols have on network ope

Re: Can P2P applications learn to play fair on networks?

* Eric Spaeth: > Of that group, only DSL doesn't have a common upstream bottleneck > between the subscriber and head-end. DSL has got that, too, but it's much more statically allocated and oversubscription results in different symptoms. If you've got a cable with 50 wire pairs, and you can run

Re: Can P2P applications learn to play fair on networks?

* Sean Donelan: > On Sun, 21 Oct 2007, Mikael Abrahamsson wrote: >> If your network cannot handle the traffic, don't offer the services. > > So your recommendation is that universities, enterprises and ISPs > simply stop offering all Internet service because a few particular > application protoco

Re: Can P2P applications learn to play fair on networks?

* Sean Donelan: > If its not the content, why are network engineers at many university > networks, enterprise networks, public networks concerned about the > impact particular P2P protocols have on network operations? If it was > just a single network, maybe they are evil. But when many differe

Re: 240/4

* Pekka Savola: > Do we need to classify anything (yet)? > > I say the proof is in the pudding. Once some major user decides > they'll need 240/4 for something, they'll end up knocking their > vendors' (probably dozens) and their own ops folks' doors. If there's risk that we'll see end user ass

Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?

* Steve Bertrand: >> Anyway, if you've got a customer account that was created with a stolen >> credit card, and you get complaints about activity on that account from >> various parties, and you still don't act, this shows a rather >> significant level of carelessness. > > Further to carelessn

Re: How to Handle ISPs Who Turn a Blind Eye to Criminal Activity?

* Mike Lewinski: > Florian Weimer wrote: > >> I don't know what case prompted Ferg to post his message to NANOG, but I >> know that there are cases where failing to act is comparable to ignoring >> the screams for help of an "alleged" rape victim during t

Re: Content Delivery Networks

t-specific cache only, but there's a certain installation base. -- Florian Weimer<[EMAIL PROTECTED]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99

Re: Questions about populating RIR with customer information.

* Drew Weaver: > Up until recently, we were only providing the RIR database with > information about our larger allocations /24 or larger. We have > noticed however that many anti-spam organizations such as Spamhaus, > and Fiveten will use the lack of information regarding an IP > allocation as a

Re: Port 587 vs. 25

* Patrick W. Gilmore: > IOW: ISPs have no real reason to stop port 587, they do have a reason > (whether you agree it is sufficient or not) to filter port 25. Sorry for being unclear: If I block 25/TCP to *my* *own* servers for a *customer*, I will make sure that I block 587/TCP as well. (Legiti

Re: DNS Hijacking by Cox

* Sean Donelan: > On Sun, 22 Jul 2007, William Allen Simpson wrote: >> Comcast still blocks port 25. And last week, a locally well-known person >> was blocked from sending outgoing port 25 email to their servers from her >> home Comcast service. > > MSA port 587 is only 9 years old. I guess it

Should I worry about bogus route registry entries?

Is there a blacklist of RRs which are known to deliver mostly bogus data to other RRs? -- Florian Weimer<[EMAIL PROTECTED]> BFK edv-consulting GmbH http://www.bfk.de/ Kriegsstraße 100 tel: +49-721-96201-1 D-76133 Karlsruhe fax: +49-721-96201-99

Re: Network Level Content Blocking (UK)

* Jeroen Massar: > I wonder how this solves the, from what I found out, common situation > that people rent cheap "root servers" in a country like Germany where > they VPN into and thus have full access to everything. In Germany, the legal framework for filtering transit traffic already exists,

Re: Whois and the DoD

* Hank Nussbacher: > Based on http://www.iana.org/assignments/ipv4-address-space I would > assume IANA might be interested in mandating that any organization > having IP space from them must operate an accessible whois server. For new address space, I agree. I'm not sure if it's worth the troub

Re: Broadband routers and botnets - being proactive

* Suresh Ramasubramanian: > As frequent as Gadi is with his botnet posts, insecure and wide open > CPE getting deployed across a large provider is definitely > operational. And if Gadi's examples are not scary enoug for you, there are far more relevant vulnerabilities. It seems that the organiz

Re: Question on 7.0.0.0/8

* Rene Huizinga: > Well, at least is is still somehow with the same party... Not quite. The organization formerly known as "debis" is now called "T-Systems". > Arin states 'Mercedes Benz AG', RIPE 'Daimler Chrysler'... One would > think this would/should actually be just the other way around,

Re: Question on 7.0.0.0/8

* Iljitsch van Beijnum: > Ok, I wasn't clear: the problem here is that both ARIN and RIPE claim > net 25.0.0.0/8 as "their own". This is pretty standard for European /8. 53/8 is yet another example (Germany has moved to five-digit zip codes since that entry was last updated). At a previous job

Re: Thoughts on increasing MTUs on the internet

* Steven M. Bellovin: > On Thu, 12 Apr 2007 16:12:43 +0200 > Florian Weimer <[EMAIL PROTECTED]> wrote: > >> * Steven M. Bellovin: >> >> > A few years ago, the IETF was considering various jumbogram options. >> > As best I recall, that was the offici

Re: Thoughts on increasing MTUs on the internet

* Steven M. Bellovin: > A few years ago, the IETF was considering various jumbogram options. > As best I recall, that was the official response from the relevant > IEEE folks: "no". They're concerned with backward compatibility. Gigabit ethernet has already broken backwards compatibility and i

Re: On-going Internet Emergency and Domain Names

* Paul Vixie: > since malware isn't breaking dns, and since dns not a vector per se, > the idea of changing dns in any way to try to control malware > strikes me as a way to get dns to be broken in more places more > often. Well, once more people learn about DLV (especially the NS override exten

Re: On-going Internet Emergency and Domain Names

* Fergie: > While the 0-day exploit is the ANI vulnerability, there are many, > many compromised websites (remember the MiamiDolhins.com embedded > javascript iframe redirect?) that are using similar embedded .js > redirects to malware hosted sites which fancy this exploit. > > And some of them h

Re: [cacti-announce] Cacti 0.8.6j Released (fwd)

* Ray Burkholder: > How about something like: > http://www.hdfgroup.org/whatishdf5.html I don't think they support transactional updates, which makes it hard to use for live data. (A simple crash, and you need to recover from backup.) -- Florian Weimer<[EMAIL P

Re: Google wants to be your Internet

* Rodrick Brown: > "Right now somewhat more than half of all Internet bandwidth is being > used for BitTorrent traffic, which is mainly video. Yet if you > surveyed your neighbors you'd find that few of them are BitTorrent > users. Less than 5 percent of all Internet users are presently > consumi

Re: Phishing and BGP Blackholing

* Neil J. McRae: > I didn't see the original post but the topic came > up in 2005 here in the UK as the banks here wanted to > use BGP filtering in the same light. The LINX prepared > a paper on the issues with BGP blackholing and recommended > that if the banks want to trade on the Internet that

Re: would you run this little script, please

* Randy Bush: >> I would be glad to run the script but I just want to verify that it >> was you who sent it. > > darned good point, ron. > > yes, it was i. Ah, thanks, I've saved your message and its signature. It could prove useful in the future for some kind of social engineering attack. 8-

Re: Bogon Filter - Please check for 77/8 78/8 79/8

* Jared Mauch: > My recommendation is to write a letter (in german) and fax it > over to their fax# with the urls clearly written out (eg: iana vs > their url) showing the problem with the address space. it'll likely > sufficently confuse someone that they'll be curious and research it > a

Re: The IESG Approved the Expansion of the AS Number Registry

* Chris L. Morrow: >> | 6. Transition >> | >> |The scheme described in this document allows a gradual transition >> |from 2-octet AS numbers to 4-octet AS numbers. One can upgrade one >> |Autonomous System or one BGP speaker at a time. >> >> Routers on stub ASs don't need upgrading at

Re: The IESG Approved the Expansion of the AS Number Registry

* Chris L. Morrow: > So, all of the current devices need to get upgraded before 'day one' of > 32-bit ASN use... that'll be fun :) | 6. Transition | |The scheme described in this document allows a gradual transition |from 2-octet AS numbers to 4-octet AS numbers. One can upgrade one |

Re: rbnnetwork.org

* Alexander Harrowell: >66.36.240.2 AS14361 > HOPONE-DCA c-vl102-d1.acc.dca2.hopone.net.255 > US Unix: 14:38:16.496 > 2 0 2 6 0.6 ms [+0ms] Uhm, are you a Hop One customer? In this case, it's a bit ... strange that you complain about ma

Re: BCP38 thread 93,871,738,435 + SPF

* Douglas Otis: > Spam being sent through Bot farms has already set the stage for > untraceable DNS attacks based upon SPF. In addition to taking out major > interconnects, these attacks can: > > a) inundate authoritative DNS; > > b) requests A records from anywhere; > > c) probe IP address,

Re: ICMP & PathMTU

* Jim Popovitch: > Two questions for everybody...(any and all responses appreciated, even > if the reply mentions botnets or hammers ;-) ) > > 1) What value is ICMP if everybody pretty much considers it's accuracy > suspect? The problem with ICMP-based traceroutes is that it doesn't necessarily

Re: BCP38 thread 93,871,738,435

* Steven M. Bellovin: > As you note, the 20-25% figure (of addresses) has been pretty constant > for quite a while. Assuming that subverted machines are uniformly > distributed (a big assumption) I doubt this assumption about distribution is valid. At least over here, consumer-grade ISPs (thin

HostRocket contact

Has anybody got a working HostRocket contact? They (or their customers) seem to have a larger security incident. 8-( Alternatively, someone at Time Warner Telecom who can get in touch with them would be helpful.

Re: Spain was offline

* Michael Dillon: > The volume of data cached would be so small in todays terms that > it only needs a low-end 1U (or single blade) server to handle > this. The working set is larger than you think, I fear. I've been running something like this since summer 2004, and the gigabytes pile up rath

Re: ISP wants to stop outgoing web based spam

* Hank Nussbacher: > Please show me which virus scanner scans html pages for the words like > V I A G R A, or Free M O R T G A G E, as it is going outbound. I assumed your Internet cafe example was the concrete scenario you were trying to address. There are quite a few scaners which contain sig

Re: ISP wants to stop outgoing web based spam

* Suresh Ramasubramanian: > Yes, Sean - they are. But it is far, far more productive for the > source of this abuse to be choked off. Call it the difference between > using mosquito repellant and draining a huge pool of stagnant water > just outside your home. How can I, as an ISP, stop abuse

Re: ISP wants to stop outgoing web based spam

* Hank Nussbacher: > I guess I wasn't clear enough in my first posting. I am not > interested in smtp (port 25 spam). We have that covered. I am only > interested in blocking outgoing web based spam. A user sits and sends > out spam via automated tools via Hotmail, Yahoo, Gmail, or whatever >

Re: ISP wants to stop outgoing web based spam

* Hank Nussbacher: > Back in 2002 I asked if anyone had a solution to block or rate limit > outgoing web based spam. What is web-based spam? Comment spam? Wiki defacements? Or do you want to stop spam sent via web mailers? That's their job. They know more about their customers than you, and

Re: Detecting parked domains

* Jeremy Chadwick: > On Wed, Aug 02, 2006 at 09:10:31PM +0200, Florian Weimer wrote: >> > Has anyone come up with a quick method for detecting if a domain >> > name is parked, but is not being used except displaying ads? >> >> AFAICT, the main challenge is to

Re: Detecting parked domains

* Sean Donelan: > Has anyone come up with a quick method for detecting if a domain > name is parked, but is not being used except displaying ads? AFAICT, the main challenge is to define what "parked" means in the context of your application.

Re: Net Neutrality Legislative Proposal

* Fergie: > I disagree with your statement on NAT end-points not being "publicly > accessible" -- that's certainly not true, and a myth that needs to be > finally killed. >From a security point of view, they are still accessible. From an operational point of view, they are not, at least not on

Re: Net Neutrality Legislative Proposal

* Mark Newton: > I think you're missing the point, Florian. Regardless of any > retail restrictions, the fact still remains that your local > Cable company is selling connectivity to other peoples' > autonomous systems. Then why do the ads promote their new chat service, instead the ever-gro

Re: Net Neutrality Legislative Proposal

* Mark Newton: > On Tue, Jul 11, 2006 at 09:39:50AM +0200, Florian Weimer wrote: > > > * Mark Newton: > > > On Tue, Jul 11, 2006 at 07:58:48AM +0200, Florian Weimer wrote: > > > > (I've wondered for quite some time if "net neutrality" implie

Re: Net Neutrality Legislative Proposal

* Mark Newton: > On Tue, Jul 11, 2006 at 07:58:48AM +0200, Florian Weimer wrote: > > > (I've wondered for quite some time if "net neutrality" implies that > > Ebay or Google must carry third party traffic on their corporate > > networks, by the w

Re: Sitefinder II, the sequel...

* Steven M. Bellovin: > The second is the precedent that's set -- who gets to decide what zones > are excluded from the tree? OpenDNS? Sure -- and to whom do they > listen? Are any sites to be ruled out on political grounds? > Ideological? Not today, sure, and (I assume) not by OpenDNS -- but

Re: Net Neutrality Legislative Proposal

* Seth Johnson: > (A) Internet.— The term “Internet” means the worldwide, > publicly accessible system of interconnected > computer networks that transmit data by packet > switching using the standard Internet Protocol (IP), > some

Re: Best practices inquiry: filtering 128/1

* Patrick W. Gilmore: > Actually, I take that back. Why wouldn't you just get a feed from > Cymru ?? I don't think Team Cymru offers a "feed" of what is supposed to be in the routing table. 128/1 isn't a bogon. It's not even that useful for hijacking a

Re: Fanless x86 Server Recommendations

* Mike Tancsa: >> > Many mini-itx boxes dont have 2 PCI slots. You might be better going >> > with a mini-itx solution and then use a small switch and trunk the NIC >> > to act as a VLAN router. >> >>Are there any fanless routers with proper 802.1Q support (with ingress >>VLAN tag filtering, for

Re: Fanless x86 Server Recommendations

* Mike Tancsa: > Many mini-itx boxes dont have 2 PCI slots. You might be better going > with a mini-itx solution and then use a small switch and trunk the NIC > to act as a VLAN router. Are there any fanless routers with proper 802.1Q support (with ingress VLAN tag filtering, for instance)?

Re: Interesting new spam technique - getting a lot more popular.

* Christopher L. Morrow: > is it really that hard to make your foudry/extreme/cisco l3 switch vlan > and subnet??? Is this a education thing or a laziness thing? You need those L3 switches before you can do this. Obviously, L2 gear is much cheaper, and will work equally well until it is attacke

Re: Interesting new spam technique - getting a lot more popular.

* Christopher L. Morrow: > On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote: >> >> http://thespamdiaries.blogspot.com/2006/02/new-host-cloaking-technique-used-by.html >> >> * Monitor your local network for interfaces transmitting ARP >> responses they shouldn't be. > > how about just mac sec

Re: Black Frog - the botnets keep coming

* Gadi Evron: > Ignoring is the high-road. How long are we going to cry about the > Internet being a battle-ground, the wild west, or whatever else if > we legitimize DDoS? The project needs to gather supporters before they can do any real damage. Reports exposing their nefarious practices are

Re: Black Frog - the botnets keep coming

* Gadi Evron: > http://news.google.com/news?q=black+frog > > How do we make this folly stop? Ignore it? It's an inactive Sourceforge project (with some Google forums attached), and news reports seem to be based on a Slashdot diary entry announcing it:

Re: DNS Amplification Attacks

* Peter Dambier: >> This is not true. There has been some questionable advice by a >> regulatory body, though. Most damage is done by ISPs which simply do >> not adjust the filters to the moving target and run them as-is since >> 2001 or so. Null routes tend to filter a different customer afte

Re: DNS Amplification Attacks

* Andy Davidson: > DNS looking glasses, in much the same way that we use web-form based > BGP or traceroute looking glasses today. Open resolvers are far better then looking glasses to assess the state of DNS, and we are campaigning against them. You can't have it both ways. 8-(

Re: DNS Amplification Attacks

* Peter Dambier: > In germany censoring is commonplace. You have to use foraign resolvers > to escape it. There is a lot collateral dammage too - governement has > provided the tools. This is not true. There has been some questionable advice by a regulatory body, though. Most damage is done by

Re: Security problem in PPPoE connection

* Steven M. Bellovin: > CHAP can be bidirectional. I stand corrected. However, the value of this type of authentication is rather questionable if the underlying communication channel is so horribly insecure.

Re: Security problem in PPPoE connection

* Joe Shen: > What's your method to deal with such problem? Will > CHAP in PPPoE help? AFAIK, CHAP does not authenticate the terminal server, either, so it won't stop all attacks.

Re: Security problem in PPPoE connection

* Peter Dambier: > I am connected through this one: > > Access-Concentrator: DARX41-erx > AC-Ethernet-Address: 00:90:1a:a0:01:46 > -- > > I guess dtag.de has got some 8 of them. Everybody > (almost) offering dsl in germany goes through their > infra

Re: Disaster recovery using as-prepend?

* Christopher J. Pilkington: > We have a disaster recovery site which will have a clone of the myriad > production servers. We'd like to fail over to that site > automagically. > > I'm thinking advertising the same prefix and just doing several > as-prepends. However, now I'm not sure if this i

Re: Fed Bill Would Restrict Web Server Logs

* Frank Louwers: > Strange thing is that we have exact the opposite here in Europe. There > is a new bill that has been passed that forces us to keep al logs (mail > and web) for at least 1 or 2 years. It's not a bill, it's a EU directive which still has to be implemented in national law. Nothi

Re: ml hacks for goodmail

* Randy Bush: > so, anyone working on the majordomo and mailman hacks for goodmail? > "i am sorry, but you can not subscribe to this list from an aol.com > address. don't ask us to explain, ask [EMAIL PROTECTED]" > > or am i missing something here? clue-bat if so, please. I don't expect the ex

Re: AW: Odd policy question.

* Randy Bush: >> it is a best practice to separate authoritative and recursive servers. > > why? > > e.g. a small isp has a hundred auth zones (secondaried far > away and off-net, of course) and runs cache. why should > they separate auth from cache? Some registrars require that you begin to se

Re: AW: Odd policy question.

* Jeffrey I. Schiller: > Let me attempt to bring this back to the policy question. > > Does someone have the *right* to put one of your IP addresses as an NS > record for their domain even if you do not agree? I don't think it's allowed (and it shouldn't be), but without a cluestick from legal,

Re: Is my router owned? How would I know?

>> If there is a new user account, or if the enable and access passwords >> have changed, look out! The miscreants love to scan and find routers >> with "cisco" as the access and enable passwords. > > I thought everyone sensible put ACLs on vtys. Guess I was wrong. I've seen ACL-less VTYs becaus

Re: do bogon filters still help?

* Pim van Pelt: > Hi Florian, others, > > | You should move 192.88.99.0/24 from SPECIAL to YES (although you > | shouldn't see source addresses from that prefix, no matter what the > | folks at bit.nl think). 169.254.0.0/16 should be NO (otherwise it > | wouldn't be link-local). > Hi, here's

Re: do bogon filters still help?

* william elan net: >> You should move 192.88.99.0/24 from SPECIAL to YES (although you >> shouldn't see source addresses from that prefix, no matter what the >> folks at bit.nl think). 169.254.0.0/16 should be NO (otherwise it >> wouldn't be link-local). > > I think you just explained it yourse

Re: do bogon filters still help?

* Martin Hannigan: >> You should move 192.88.99.0/24 from SPECIAL to YES (although you >> shouldn't see source addresses from that prefix, no matter what the >> folks at bit.nl think). 169.254.0.0/16 should be NO (otherwise it >> wouldn't be link-local). > Good example as to why to use authorat

Re: do bogon filters still help?

* william elan net: > For those doing similar exercise, you might want to look at rephrased > version of rfc330 listed blocks: > http://www.completewhois.com/iana-ipv4-specialuse.txt You should move 192.88.99.0/24 from SPECIAL to YES (although you shouldn't see source addresses from that prefi

Re: Compromised machines liable for damage?

* Martin Hannigan: > Dave, RIAA wins almost 100pct vs p2p'ers ir sues. Its an interesting > dichotomy. Sure, but copyright law is a bit out of proportion. Maybe you could hunt down the bad guys if they packeted you with Celine Dion

Re: Infected list

* Scott Morris: > Not to mention that many IP's may be set to one device, yet there are > multiple things NAT'd behind it. Are there any devices which perform non-static NAT and can forward significant DoS traffic? 8-) Perhaps if it's just a single flow, but this kind of DoS traffic would be ra

Re: Infected list

* Barrett G. Lyon: > Here is a list of the compromised machines used in this new botnet we > found in California. These are all web servers connected to good > bandwidth and they are attacking us, so as a nice little holiday gift > to me, please clean your network up if these are on your n

Re: The Qos PipeDream

* Sean Donelan: > AT&T, Global Crossing, Level3, MCI, Savvis, Sprint, etc have sold > QOS services for years. Level3 says 20% of the traffic over its > backbone is "better than Best-Effort." Well, are you sure these traffic classes are actually enforced at the router level? Maybe it's just a di

Re: Clueless anti-virus products/vendors

* Steven M. Bellovin: > A-V companies are in the business of analyzing viruses. Many offer analysis services, but this is done upon special request, and only if you pay extra. > They should *know* how a particular virus behaves. You don't need to know what the virus does in order to detect it

Re: Sober

* Dennis Dayman: > Interested, but I see many Sober postings and outages on other lists > and not here...has anyone been having issues? I know the ISP's are > fighting the living out of the virus. As far as I know. mainly webmail providers were affected, and their issues are traditionally not di

Re: IP Prefixes are allocated ..

* Christopher L. Morrow: >> asn.routeviews.org doesn't do longest-prefix matching, so you need a >> short Perl script to get the correct ASN, attached below. However, > > which means host -t txt will return more than one record, yes? Exactly. > so he can just scan for the longest length in th

Re: IP Prefixes are allocated ..

* Christopher L. Morrow: > he might be satisfied with: > > mail.pch.net. 86400 IN A 206.220.231.1 > > :~> host -W 6 -R 10 -t txt 1.231.220.206.asn.routeviews.org > 1.231.220.206.asn.routeviews.org text "3856" "206.220.228.0" "22" > > which is AS 3856 routing 206.220.228.0/

Re: BGP Security and PKI Hierarchies

* Valdis Kletnieks: > On Thu, 24 Nov 2005 20:26:56 +0100, Florian Weimer said: > >> Wouldn't this provide significant economic incentive towards gaining a >> high value on this metric? I'm not sure if this a good idea because >> even if you call it a &

Re: BGP Security and PKI Hierarchies

* Michael Dillon: >> > How would you feel about having the registries serve as the root of >> > a hierarchical certificate system? >> >> What about the swamp space? > > Presumably if the users of class C blocks in the swamp The class B assignments are even more interesting because some of them

Re: BGP Security and PKI Hierarchies

* Bill Woodcock: > Right. The idea was to lock down things which were in the legacy space, > unless people were prepared to undergo the full scrutiny of having them > transferred into an RIR (basically dampen the rash of hijackings), In the end, this boils down to disappropriation. Early add

Re: BGP Security and PKI Hierarchies

* Steven M. Bellovin: > Furthermore, given that a trust algebra may yield a trust value, rather > than a simple 0/1, is it reasonable to use that assessment as a BGP > preference selector? That would tie the security very deeply -- too > deeply? -- into BGP's guts. Wouldn't this provide sign

Re: BGP Security and PKI Hierarchies

* Sandy Murphy: > How would you feel about having the registries serve as the root of > a hierarchical certificate system? What about the swamp space? >>So an institution would have its "certificate" signed >>by its upstream (or one of its upstream) providers. (Don't know where that quote come

Re: cogent+ Level(3) are ok now

* John Payne: > That is something that has always confused me about ratio based > peering disputes. I don't understand them, either. However, if you define incoming traffic as "bad", it encourages depeering by the receiving side if the incoming/outgoing ratio exceeds a certain value, especial

Re: ICANN and Verisign settle over SiteFinder

* william elan net: > They get to continue to be .COM registry forever as new agreement > would extend to 2012 and then automatically extended further without > formal process as it happened recently for .NET. They also are going > to be able to increase registry fees for .COM by 7% per year whi

Re: ICANN and Verisign settle over SiteFinder

* Chris Woodfield: > Said the flowerpot: "Oh no, not again..." > > http://www.businessweek.com/ap/financialnews/D8DEL2TO7.htm? > campaign_id=apn_tech_down&chan=tc I don't understand what VeriSign receives in return for their kowtow (under the agreement, they basically waive any right to critici

Re: Level 3 RFO

* Daniel Roesen: > On Mon, Oct 24, 2005 at 01:25:23PM +0200, Florian Weimer wrote: >> >> Are there any configuration tweaks which can locally confine such an >> >> event? Something like the hard prefix limit for BGP, perhaps. >> > >> > JunOS

Re: Level 3 RFO

* Daniel Roesen: > On Sun, Oct 23, 2005 at 09:48:58PM +0200, Florian Weimer wrote: >> This isn't the first time this has happened to an ISP. 8-( > > Indeed. > >> Are there any configuration tweaks which can locally confine such an >> event? Something like the

Re: Level 3 RFO

> However, due to the number of flooded LSAs, other devices in the > Level 3 network had difficulty fully loading the OSPF tables and > processing the volume of updates. This caused abnormal conditions > within portions of the Level 3 network. Manual intervention on > specific routers was requir

Re: h-root-servers.net (Level3 Question)

* Daniel Roesen: > On Sun, Oct 23, 2005 at 11:59:15AM +0200, Peter Dambier wrote: >> I means, here in germany we cannot see h.root-servers.net > > Nonsense. There is nothing like "geopolitical routing". I wouldn't call it "geopolitical routing", "routing according to local policy" is more approp

Re: IPv6 news

* Daniel Roesen: > On Wed, Oct 12, 2005 at 11:13:12AM -1000, Randy Bush wrote: >> also to be noted is that rir statistics on who has what space are >> not in the best of shape, ripe's being particularly obfuscated. > > *raising an eyebrow* > > Would you care to elaborate on that? AFAIK, the stat

  1   2   >