>
> Based on this problem, completewhois has stopped listing 206.46.0.0/16 as
> a bogon (and actively having it blocked through dns for those using
> bogons.dnsiplists.completewhois.com for active blocking in email), this
> exception will last 48 hours. If you're using bogon lists in firewall
>
- Original Message -
From: <[EMAIL PROTECTED]>
>
> Folks,
>
> My company is currently exploring getting on AOL's
> email spam whitelist since we do send a large amount of
> email, but it is all requested by the people that get it
> (confirmation of bill payments/financial transactions).
> Speaking on Deep Background, the Press Secretary whispered:
> >
> >
> > Hopefully we are the type of organization considered to be somewhat
> > clueful but we have yet to figure out how to get Arin to remove our swip
> > info from a former customer's netblock. It has been years, many many
> >
> > IP Permit Lists will not provide any mitigation against this
vulnerability.
> >
> > The race is on, who will find your switches first?
>
> yes, i often wondered why the permit list allows the session to connect
then
> gives you a polite message before disconnecting.
>
> anyway this is only on
If their is a Akamai Admin in the channel, please
contact me off channel
[EMAIL PROTECTED]
Peter
301-340-1533
a.>Spam is a relative issue that consumes a
fixed percentage of everyone's time. [ DONE ]
b.> Ddos, Syn, Udp and Ack Attacks are limitless
and ever consuming, there is no sure fix without blocking and even then the
blocking must be additionally carried up the upstream or peers.
What ma
> Hopefully, the appliances (e.g. MS Windows) will get better over
> time, but in the meanwhile, how do we limit the damage? The
> end-user wants email and web access, and we give him raw IP
> access and watch the fireworks...
>
> If user education is the answer, then let the user get educated
>
149.174.10.0 149.174.99.0 DDOS UDP DNS
Aol your clients are either performing a ddos attack on the following IP
addresses or they are refusing the answers. The NetFlow Output shows the
requests and the answers, what is going on here? Aol admins, if you are
there then, please call us immediately,
> >
> > So, I put these question on the floor . . .
> >
> > How is it that a small web-hosting ISP can be condemned for not
> > handling their clientele as spammers. On the otherhand
> > the "fat-dog" ISP's can blantantly state that they deny access and
> > using misleading information are not he
You might find the information in
http://www.tenereillo.com/GSLBPageOfShame.htm useful.
- Original Message -
From: "Matt Bazan" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Friday, January 21, 2005 10:17 AM
Subject: GSLB advice
We're looking to dip our toes into the global server
quot;sweet spot" (if only generally, vaguely or by
rule-of-thumb), the theoretical maximum upgrade delay that will most
reduce the risks of upgrade outages while not dramatically increasing
the risks of exploitation outages.
Ideas? Pointers?
Pete.
Robert Bonomi wrote:
OK, what am I missing?
*ASSUMPTION*:
The holder of the /16 _has_ delegated rDNS for the 32 /24s to the /19 owner.
The /19 owner can, on it's nameserver, run an "authoritative" zone for
the /16 -- with _its_ /24s listed explicitly, and a wildcard pointing
back to the rDNS na
Luke Parrish wrote:
Trying to get clarification on an issue.
Maintenance/outage window is 2:00AM to 5:00AM, during the window the
router we are working on fails and does not come back online until 8:00AM.
From a outage reporting/documentation standpoint is the outage start
time 2:00AM or 5:01AM
Philip Lavine wrote:
Update:
I am prepending my AS 3 times to the un-preferred ISP.
Both ISP's are my peers. The un-preferred ISP claims
the see my advertisement yet they do not add it to
their routing table (suggests filtering??). They claim
all the filtering they are doing is based on the
network
John van Oppen wrote:
Anyone know anything about the Fiber cut that took Cogent's Seattle POP
out of commission at about 6 PM (PST) today?
AboveNet reported a fiber cut at 1852PDT which they believe to be in the
Sacramento area. Oddly enough, we saw a regular stream of ~5000 BGP
update messag
Pekka Savola wrote:
On Mon, 23 May 2005, Tony Li wrote:
Which is EXACTLY why we need to remember that we are NOT trying to come
up with the perfect solution. We have operational issues *TODAY* that
we are trying to address.
- We have people (admittedly accidentally) advertising prefixes tha
[EMAIL PROTECTED] wrote:
This is new to me, but I haven't bought any new transit in the past 18 months
-- is
this common practice on multihomed BGP customers now? I could force things to
work
by always advertising all my prefixes out to them with the obvious downside of
living in fear of my o
Andre Oppermann wrote:
No, my proposal works as long as the customer advertizes their prefixes
via BGP, not matter how long the path or what community attributes are
set (for example NOEXPORT). No matter how they send it, as long as they
send it, it works fine. Unlike uRPF which depends on e
Jay R. Ashworth wrote:
From down here, like Dave, at the relative bottom of the food chain, I
must agree with him and Steve, though I do understand Richard's
concerns there, and they're valid ones.
The Internet needs a PA system.
Problem is, the people who are equipped to talk, and, by and l
Randy Bush wrote:
showing that ios won't crash is very difficult because the number
of versions of ios, and the amazing dependencies of things on which
blade is in which slot and what phase is the moon.
Thank you. You've provided a clean, concise counter to Lorenzo's
original claim that lon
Randy Bush wrote:
could you please give me the command to configure ios to not crash
if given advance notice?
telnet 25
helo
mail.from
mail.to
data
Be sure to sit near a terminal with OOB access to your network at XYZ
while an experiment is conducted with the Internet. Have vendor suppo
Edward B. Dreger wrote:
Considering Lorenzo's attitude, I'm sure he's taking into account the
requests for more heads up. If he tickles an IOS bug, I'd rather have
it happen in this scenario than when a less-clued individual or a
miscreant tries announcing wacky routes.
Bull. His attitude
Andre Oppermann wrote:
I have never seen any real study by the emergency response services
on how many problems they actually have other than isolated worst-
cases and a lot of political rah-rah. In the end I expect that any
technically feasible improvement to the cell phone position accuracy
i
Christopher L. Morrow wrote:
shiny side out one hopes? Seriously though, I'm not a telco/phone person,
but I was once told that the phone switch equipment does the tap
'automagically' to special ds-1 facilities inn LEA-land... which means the
cell phone can be wrapped in anything you'd like. If
Scott Weeks wrote:
I am going to be announcing two new prefixs into BGP soon
and the netgeek in me is very curious as to the length of
time it takes to show up in other parts of the world that're
logically far from Hawaii. Instead of going to
www.traceroute.org and refreshing repeatedly, I thou
Justin M. Streiner wrote:
Remember that when backbones peer with each other, they typically (and
as normally dictated by peering policies on both sides) only announce
their own routes and the routes of their downstream customers and agree
not to announce a default route to each other. They d
The Hilton website is suggesting a $13 far for bus service from LAX to
NANOG 35 and $50 for taxi. Any recommendations on where to find said
bus service, and if reservations are necessary?
See you in St. Loui^H^HLA!
pt
nstability due to multiple backbones
upgrading was ... oh crap. So I'm going to get a major PSIRT "upgrade now
or die" notice while I'm at NANOG. Good thing Monday evening is open...
Pete.
On Fri, 21 Oct 2005, Emilian Ursu wrote:
I see its completely down and several others
John Curran wrote:
Cold-potato only addresses the long-haul; there's still cost on the
receiving network even if its handed off at the closest interconnect
to the final destination(s).
And there's still revenue, as the traffic is going to customers (we all
filter our prefixes carefully, rig
Richard A Steenbergen wrote:
Pete Templin wrote:
John Curran wrote:
Cold-potato only addresses the long-haul; there's still cost on the
receiving network even if its handed off at the closest interconnect
to the final destination(s).
And there's still revenue, as the traffic i
Richard A Steenbergen wrote:
Yes with enough time and energy (or a small enough network) you *can* beat
perfect MEDs out of the system (and your customers). You can selectively
deaggregate the hell out of your network, then you can zero out all the
known aggregate blocks and regions that are
Jeff Aitken wrote:
On Wed, Nov 02, 2005 at 02:44:20PM -0600, Pete Templin wrote:
I came up with a reasonably scalable solution using communities and
route-map continue, but:
For what value of "scalable"?
For me, plenty, but a four-POP single-state network usually has
Deepak Jain wrote:
If that model doesn't work for the ISP in question, they should ask
Akamai to pull their gear.
And hopefully they'll (someday) send servers in my direction - is their
"minimum criteria" creeping upwards at the same rate as overall Internet
traffic did in the late 90s?
p
Patrick W. Gilmore wrote:
Is it a reasonable alternative to establish a BGP connection with the
provider over ethernet?
It is technical feasible, but I don't think 'reasonable'. Stub ASes
are pollution on the 'Net.
OK, let's try a similar but different scenario. Customer has ISP A,
add
(I'm not claiming to be local to Dallas, but thought I'd point this out.)
Most folks know that odd-numbered Interstate Highways run North/South.
I-35 runs through Dallas, and through Fort Worth. If you fly into DFW,
your travel will likely run along part of I-35. Here's the kicker: I-35
spl
g mail that aren't listed in the MX
records.
You can't please everybody, I guess.
Apologies to Daniel, as he would receive two copies of this message.
--
Pete Stephenson
HeyPete.com
On Wed, Mar 20, 2002 at 04:58:03PM -0800, Donn Lasher wrote:
>
> Would be nice if there was a "list" somewhere of sites that did this. Would
> sure make troubleshooting customers complaining of "unreachable web sites"
> a heck of a lot easier. (Think MLPS over 1514 byte pipes)
>
http://home.e
s sampling
and only sends header information to the collection server.
Pete.
horribly broken. I can't imagine anything
but the worst sort of spamware actually doing this.
-Pete
--
"religious fanatics are not part of my desired user base."
- [EMAIL PROTECTED]
>From the Canarie news mailing list.
I don't think I've ever experienced five 9's on any telco
service, I have always assumed I must be the one customer
experiencing down-time, and the aggregate was somehow five
9's. How is network reliability calculated to end u
works using to
identify and limit the impact of DDoS attacks?
Thanks.
Pete.
Y, and how would costs
for a pure X vendor network compare to a X+Y multivendor
network?
Thanks.
Pete.
utes to Null0. Script periodically
withdraws routes to see if the attack is over (some of these
last weeks, some only last a few seconds), to minimize the
impact on those otherwise legitimate hosts.
Has anyone tried this kind of an approach or any other type
of automated/efficient approach to dampen the "zombie" side
of the DDoS attack?
Pete.
. Unfortunately, the target is often a site that
people would like to get to, as is the reflector, so
permanent filters on the target or reflector create lots of
complaints.
> We captured several seconds of the last DDoS and came up
> with over 700 participating hosts...
Some of them probably appear to be from our network...
Pete.
nd probably are going on all the
time. One advantage we have is a close relationship with our
customers, which allows us to use tools such as IDS and
Netflow in conjunction with information about the customer
implementation to identify what is a bonafide attack.
Pete.
e the least offensive thing you
> could do, off the top of my head.
What about just blocking out-going RSTs altogether from our
borders? While this interferes with "proper" TCP
functionality, would it actually interfere enough to cause
noticeable problems? Would certainly be less of a burden on
routers than rate-limiting.
Pete.
On Wed, 1 May 2002, Pete Kruckenberg wrote:
> We experience a lot of types of attacks
> ("education/research network" = "easy hacker target").
> With DDoS incidents, it seems we are more often an
> unknowing/unwilling participant than the target, partly
> due
ll these issues inhibit
wide-spread implementation of DoS defenses?
Pete.
s too tough to detect or
defend against? The 10% I've measured on my network is
primarily reflected DDoS (reflected off my customers, to
off-net targets), which is not trivial to detect or defend
against.
Pete.
DS/NIDS on their
backbones and monitoring for DDoS attacks, to provide some
impirical data on the scope of DDoS traffic?
Pete.
;t find on vendor product
slicks (like what's the MTBF on IOS, or human-caused service
outages of various types, etc).
If someone has put together something remotely like this
that they'd care to share, that'd be incredibly helpful.
Thanks.
Pete.
You can also find the converse, the routes that /aren't/
registered (or supposed to be sending traffic), with
whois -h whois.radb.net rs-martians
Pete.
On Mon, 1 Jul 2002, Mike Batchelor wrote:
> Date: Mon, 01 Jul 2002 10:22:30 -0700
> From: Mike Batchelor <[EMAIL PROTECTED]&
On Thu, Jul 04, 2002 at 02:35:32PM -0400, Richard A Steenbergen wrote:
>
> But I'm sure there are probably more subtile ways to do it. As with all
> good vulnerabilities, it takes someone who is working on the inside to
> REALLY know how to muck things up... Fortunately the terrorists seem to be
quot;show ip mbgp" from a Sprint multicast BGP session.
Thanks.
Pete.
Thanks, I got it. And route-views will be fixed, too.
On Thu, 11 Jul 2002, Pete Kruckenberg wrote:
> Date: Thu, 11 Jul 2002 12:53:37 -0600 (MDT)
> From: Pete Kruckenberg <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: Sprint multicast route list
>
> I'm
than IPv4, the default use
is basically a replacement for existing broadcast-based
functions (ARP, DHCP, etc). IPv6 will not magically solve
multicast problems outside the local subnet. Multicast being
integrated into IPv6 will probably make it more palatable
than it is now.
Pete.
multiple
collectors without exceeding router limitations or burdening
routers unnecessarily?
Pete.
from), see the Internet2 Abilene Core Node
Router Proxy at http://loadrunner.uits.iu.edu/%7Erouterproxy/abilene/
Source code for the I2 Proxy is available from
http://tseg.uits.indiana.edu/dist
Pete.
On Thu, 18 Jul 2002, Scott Granados wrote:
> Date: Thu, 18 Jul 2002 12:00:38 -0700 (PDT)
&g
e such huge RTT's ?
>
Shockwave get access from l3 (and possibly from uunet, as well, though I
think that link was scheduled to be dropped at some point) in addition
to internap. I've forwarded this to my still-employed former cow-orkers,
who have been fighting this nastiness for nearly a week.
-Pete
The upside to this is that if you are a hacker, you can now
legitimize your activities and legally protect yourself by
spending $30 to incorporate as a record company.
On Wed, 24 Jul 2002, Marshall Eubanks wrote:
> Date: Wed, 24 Jul 2002 12:40:51 -0400
> From: Marshall Eubanks <[EMAIL PROTECTED
is always a single server.
bastet[~]$ dig +short mil ns @g.root-servers.net
PAC1.NIPR.mil.
H.ROOT-SERVERS.NET.
G.ROOT-SERVERS.NET.
CON2.NIPR.mil.
EUR2.NIPR.mil.
E.ROOT-SERVERS.NET.
PAC2.NIPR.mil.
CON1.NIPR.mil.
B.ROOT-SERVERS.NET.
A.ROOT-SERVERS.NET.
EUR1.NIPR.mil.
bastet[~]$
-Pete
labor has
worked best to "leverage" their particular strengths.
Private responses welcomed, and I'd be happy to report back
to the list if there is interest in the results.
Pete.
I'm looking for a couple of good quotes to include in the
presentation. Anyone got some good ones from some
Internet/network luminaries? Something to confirm the
importance of a generally boring topic.
Thanks.
Pete.
. It's not, as adding the secondary interface
provides a logical link between a layer 3 address and a layer 2 address,
so that ARP is not needed to find the next-(layer 3)-hop, only to find the
next layer 2 hop.
Again, let's move routing 101 to different venue.
Pete
--
Peter J. Templin,
acent routers. Wake up and stop dreaming.
Besides the fact that you're asking a layer 3 protocol to handle your
layer 2 and layer 1 issues, you're asking a layer 3 protocol to do magic
reconfiguration. Dangerous stuff, as soon as someone on that network
finds out what sort of havoc t
l notify the rest of the routers on the segment.
They are dynamic routing protocols, not dynamic gateway-creation
protocols. You're asking iBGP to create an interface. iBGP (and other
dynamic routing protocols) don't do that.
Pete
--
Peter J. Templin, Jr., CCNP, CCDP
Networking Consul
iller apps" on Internet2 (video
conferencing, digital libraries, media-rich collaboration),
which give some indication of what the future killer app
will be, seem to be equally mundane (but exciting at the
same time).
Pete.
On Thu, 14 Nov 2002 [EMAIL PROTECTED] wrote:
> On Thu, 14 Nov
regard, and as you can see, they have not yet
made an announcement see..
You are being told "lots of people have a problem". By not
seperating out the various problems combined in their
notice, or the impact of those problems, you are not being
told the whole truth.
---
Pete.
On Wed
Alexander Hagen wrote:
I bought a Riverstone Rs-3000 for BGP with a single upstream provider.
Great Deal.
Yeah, it might be a Great Deal (tm), but you're in for some surprises.
I've seen an RS-8600 (with CM3 and 512MB on board) nearly melt under
13Mbps of Nachi, to the point that I had to set t
> Hello,
>
> I just experienced my first official DDoS attack against my network.
> I never realized how helpless I was :(. I had roughly 70 mbps of
> traffic aimed at one IP. The IP wasn't even in use, I'm assuming
> someone typed the wrong IP and meant to send it somewhere else. I shut
>
>
> sbc/yahoo and them wee doing upgrades on their email
> last night could be moving things around to accomodate
>
> -Henry
>
> --- Drew Weaver <[EMAIL PROTECTED]> wrote:
> >
> > Similar issues with Yahoo on and off since about
> > 8:30am (EST).
> >
> > -Drew
> >
> > -Original Message-
>
>
> > I saw this coming two days ago but, nobody ["Called"]. Akamai's DNS was
> > failing apart and we thought that we were just being dns blackhole!
>
> No, you didn't. You saw a different problem, asked me about it, and
didn't
> send back any of the info I asked for.
>
> Don't let truth and fa
- Original Message -
From: "Patrick W.Gilmore" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Cc: "Patrick W.Gilmore" <[EMAIL PROTECTED]>
Sent: Wednesday, June 16, 2004 5:32 PM
Subject: Re: Akamai DNS Issue?
>
> On Jun 16, 2004, at 1:26 PM,
Any idea whats going on with nitrous.algx.net? It
seems as if there are no responses from the route server in the old MAE-East and
yet there are responses Ashburn and PAIX.
And what ever happened to MAE-Central and
MAE-West?
- Peter
301-340-1533
> > I think the only advantage to DOJ working this hard on LI capabilities
is that
> >it may raise public awareness of the issue, and, may help get better
cryptographic
> >technologies more widely deployed sooner. Other than that, I think it's
just a lose
> >all the way around.
>
> I'm not advoc
> >
> > They, "the DOJ" is just trying to do it's job, as they are under the
> > microscope due to the fumbles that led to the compromises by an
obviously
> > inept predecessor. Now, they are tighten the screws on everything from
> > telecoms to bank accounts; to prevent another round of fumbl
ularly sensitive to the "I got my CCNA, therefore
I know everything there is to know about troubleshooting"
perspective, and how to encourage improving troubleshooting
skills without making it insultingly basic.
Thanks for your help.
Pete.
Robert Boyle wrote:
You can travel up to 655 ft. with a T1 cable from the NTU which the
phone company will drop at your site. According to the letter of the
specs, you are supposed to use "T1 cable" two 22AWG pairs individually
shielded to prevent cross-talk. In practice, we have extended DMarcs
- Original Message -
From: "Daniel Karrenberg" <[EMAIL PROTECTED]>
To: "Paul Vixie" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Thursday, July 22, 2004 3:05 PM
Subject: Re: VeriSign's rapid DNS updates in .com/.net
>
> On 22.07 17:08, Paul Vixie wrote:
> >
> > therefore if
Hey Folks,
It appears that NSI isn't talking to the GTLD, got any ideas?
Sponsoring Registrar: Network Solutions, Inc. Registrar (R122-LRMS)
Status: INACTIVE ?
Status: OK
All the best,
Peter Schroebel
sh ip bgp 66.164.232.1
BGP routing table entry for 66.164.232.0/24, version 19268449
Paths: (3 available, best #2, table Default-IP-Routing-Table)
Not advertised to any peer
701 6389 6197
205.171.0.96 (metric 10) from 205.171.0.151 (205.171.0.151)
Origin IGP, metric 1, localpref
Hopefully enough large vendors
will allow 3rd-party optics so the threat to buy from the
other guy will be credible.
Pete.
Contact ChoiceNetworks and they can point you in the right direction, been
there too ;-)
>
> Anyone know the name/contact information of a relatively high Sr.
> manager at Verizon involved in their high-cap provisioning in the
> NY/NJ metro region? I have a dedicated t1 going on its 4th month
unity definitions,
prefix/community/ASpath filters, route maps, peer templates,
policy statements, etc?
What methodology works for you? Are there
presentations/papers/books/discussion threads that cover
this aspect of routing policy development that you would
recommend?
Thanks for your help.
Pete.
You can also look at NMIS
http://www.sins.com.au/nmis/
Pete Hoffswell 616-732-1101 (Grand Rapids, x1101)University LAN/WAN Coordinator 616-510-1198 (Mobile)IT Services [EMAIL PROTECTED
Deepak Jain wrote:
If providers start tying their customer's blackhole announcements to the
provider's upstreams' blackhole announcements in an AUTOMATIC process,
bad things are likely to happen. What happens when a customer of a
provider mistakenly advertises more routes than he should [lets s
Charlie Khanna - NextWeb wrote:
Can anyone recommend a good book on MPLS? I’m looking for something
that will illustrate network design/implementation (including possible
Cisco configs) with MPLS. Thanks!
All Cisco Press:
MPLS and VPN Architectures, CCIP edition (Pepelnjak, Guichard) is an
exc
Verio apparently had a power failure at their Houston TX POP, and has
had routing problems ever since. Anyone have any better scoop on this?
We're only receiving ~500 routes from them at this point.
pt
t; peering, odds are you're going to be burning longhaul
> circuits carrying most of it all over the world, plus
> the same longhaul carrying it all back to me.
So are any ISPs pricing transit and/or paid-peering
bandwidth (significantly) lower if purchased at an exchange
point?
Pete.
On Sat, Jan 04, 2003 at 01:40:42PM +0100, bert hubert wrote:
>
> Many do not know this yet, probably in part due to the helpful moderators of
> comp.protocols.dns.bind, the DNS operators newsgroup on usenet, who drop
> messages about PowerDNS.
>
c.p.d.b is not the DNS operator newsgroup, it's th
interconnection? Many vendors proclaim
interoperability, but does that work in the real world?
Pete.
stry? Has any effort
showed progress towards an effective ISAC or similar? Can
networks realistically collaborate on security, or do the
political and operational barriers not justify the effort?
Pete.
nose and defend and protect
themselves against security attacks.
Pete.
http://pete.kruckenberg.com/blog
onerous regulation. It's
surprising that it hasn't happened already.
Pete.
oesn't inspire
confidence.
Can technical solutions be an effective band-aid for a
complex poli-socio-economic problem like this?
Pete.
* Avleen Vig ([EMAIL PROTECTED]) [030124 23:50] writeth:
>
>It seems we have a new worm hitting Microsoft SQL server servers on port
>1434.
Affirmative. Be sure to block 1434 UDP on both the inbound and the
outbound. Infected servers are VERY NOISY.
* Clayton Fiske ([EMAIL PROTECTED]) [030125 12:55] writeth:
>
>On Sat, Jan 25, 2003 at 06:58:46AM -0500, Phil Rosenthal wrote:
>> It might be interesting if some people were to post when they received
>> their first attack packet, and where it came from, if they happened to
>> be logging.
>>
>>
>It might be interesting if some people were to post when they received
>their first attack packet, and where it came from, if they happened to
>be logging.
>
>Here is the first packet we logged:
>Jan 25 00:29:37 EST 216.66.11.120
A quick followup to my previous message. I found an earlier atte
ntation references or
off-line conversation would be appreciated.
Pete.
nce, happy customers)?
What systems/processes do you use to track all of this
information, and associate it to overall business success?
Thanks.
Pete.
1 - 100 of 146 matches
Mail list logo
