On Wednesday 16 April 2008 17:47, Dave Pooser wrote:
>
> > It can be useful to explain the abuse desk as being just another form
> > of marketing, another form of reputation management that happens to be
> > specific to Internet companies.
>
> Is it?
.. SNIP good points about abuse desks ..
In
ople due to the existing Spam problem there.
--
Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
se now. (How many of our troubadors
> know all of the verses since AS 7007?)
Probably someone is busy working on the new NANOG song with an
extending refrain ("AS7007, ..., AS17557, when will we ever learn?").
--
Simon.
only the
"known-careful" class, which includes... my own AS, and then whom?
--
Simon.
se. If you're an
unimportant site that nobody cares about, then DON'T DO THIS, ok? ;-)
--
Simon.
that, to restore service
to the rest of the world, and the announcements didn't propogate.
Simon
nnouncements did not seem to make it out to the
world at large.
Currently Youtube are announcing the /24 themselves - I assume this will drop
at some time once it's safe.
It was noticed that all the youtube.com DNS servers were in the affected /24.
Youtube have subsequently added a DNS s
On Thu Jan 31, 2008 at 11:35:03AM -0500, Martin Hannigan wrote:
> The distances are consistent with repeaters/op amps. And the chart
> legend notates the same.
I think you need to zoom right in and look for yellow dots, rather than red
dots.
Simon
--
Simon Lockhart | * Sun Server Colo
to not leave p2p programs running all night
or let junior hang around the wrong channels on IRC.
Usually they will get an email when they are at 80% of their limit or
something which helps more.
--
Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
average customer demand. Personally I
doubt that long term home demand will exceed 30Mb/s or 10TB per month (
around 1 HDTV channel) on average.
--
Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
Stupid typo in my last message, sorry.
> While I think this is basically a sound approach, I'm skeptical that
> *slightly* lowering prices will be sufficient to convert 80% of the
> user base from flat to unmetered pricing. [...]
"METERED pricing", of course.
--
Simon.
f charging that might be even more
acceptable. But in any case customers tend to be willing to pay a
premium for a flat rate.
--
Simon.
or the general community).
NANOG occasionally holds meetings in Canada.
> 8. Both DEC-IX and AMS-IX have member meetings each year. Not clear how
> difficult to get invited if you are not a member.
There's also the EPF (European Peering Forum) co-run by LINX, DE-CIX and AMS-IX
once a year.
Simon
cel those flights
I booked :-)
Simon
thousands of networks to every
end site I guess it probably was.
Making engineering decisions on the basis of "there is no chance" that
is risky too, especially looking 40+ years into the future.
--
Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awak
extra for their /48
which is going to add costs all around.
[1] http://www.kurzweilai.net/meme/frame.html?main=/articles/art0220.html
--
Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
know that they've got an
OC48 down, but not which one it was?
Simon
--
Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registration *
Director|* Domain & Web Hosting * Internet Consultancy *
Bogons Ltd | * http://www.bogons.net/ * Email: [EMAIL PROTECTED] *
ing a new
"flat rate, uncapped" service at a reasonable price it might be closer to
80%.
--
Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
On Friday 19 October 2007 01:03, Paul Vixie wrote:
>
> i agree that it's something BIND should do, to be
> comprehensive. if someone is excited enough about this to consider
> sponsoring the work, please contact me ([EMAIL PROTECTED]) to discuss details.
Sounds like a really bad idea to me.
Th
acenters are full or
in the wrong place. Think of a building full of people processing
insurance claims in India or a cluster delivering video on demand in each
Asian city with more than 500,000 people.
--
Simon Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all ni
f-list?
Many thanks,
Simon
t know where this whole "Must have MX record to send email" thing
came from but I would have thought domains that don't want to send email
can easily mark this fact with a simple SPF record:
v=spf1 -all
Trying to overload the MX record is pointless when there is a simple
metho
On Monday 06 August 2007 16:53, Drew Weaver wrote:
> Is it a fairly normal practice for large companies such as Yahoo!
> And Mozilla to send icmp/ping packets to DNS servers? If so, why?
Some of the DNS load balancing schemes do this, I assume to work out how far
away your server is so
NZNOG 08 - Call for Participation and Papers
The next conference of the New Zealand Network Operators' Group is to be
held in Dunedin, New Zealand between 23 January and 25 January 2008. Our
host is WIC.
NZNOG meetings provide opportunities for the exchange of technical
information an
e traffic. NNTP (server/server) and P2P
file sharing traffic are examples for this category. Both application
types (NetNews and things like BitTorrent) even have application-level
congestion responsiveness beyond what TCP itself provides: When a
given connection has bad throughput, the application will prefer
other, hopefully less congested paths.
--
Simon.
rial that criticises them.
I think complying with a voluntary censorship regime is a bad idea all around.
I'm one of James's employers customers when I'm surfing at home.
Simon
verify Enable per packet validation
lab-router(config-if)#ipv6 enable
[...]
And then chances are good that you find useful training material on
their Web sites, often not just command descriptions, but actual
deployment guides.
--
Simon.
IPv6.
Our own backbone has been dual-stack for a couple years now, but I
guess this just shows that we can't be a "major carrier" - same for
many other national "academic" backbones as well as GEANT, the
backbone that interconnects those. Same in the US with Internet2 and
the regional research/education networks.
--
Simon. (AS559)
On Friday 25 May 2007 15:40, you wrote:
>
> It's too late to put the genie back in the bottle. The only way to
> change the policy before the contract term ends is to either move ICANN
> out of US jurisdiction (to brake contract terms) or to organise a
> grass-root uprising to replace ICANNs root
nges and abuse in its history, you normally just hurt a spammer. I
dare say collateral damage probably follows some simple mathematical law like
1/f ? Hopefully before you delete something really important you most likely
delete something merely expensive, and learn to be more careful.
Simon
On Monday 21 May 2007 16:19, Tim Franklin wrote:
>
> > I wonder how the .de or .uk folks see things? Is the same true elsewhere?
>
> .co.uk generally seems to be understood by UK folks. .org.uk tends to
> cause a double-take. (The 'special' UK SLDs, like nhs.uk, are a maze of
> twisty turny thi
n, it is important to look not just at link
capacities in isolation, but also at the relation to the capacities of
the access links that they aggregate.
--
Simon.
Tony Li writes:
> On Apr 25, 2007, at 2:55 PM, Simon Leinen wrote:
>> Routing table lookups(*) are what's most relevant here, [...]
> Actually, what's most relevant here is the ability to get end-hosts
> to run at rate. Packet forwarding at line rate has been
> demon
On Thursday 26 April 2007 11:32, Stefan Schmidt wrote:
>
> I think your debugging tool is faulty, as a dig ns cnn.com
> @a.gtld-servers.net gives:
cnn.com is not www.cnn.com ;)
dig @twdns-03.ns.aol.com www.cnn.com ns
Although "doc" is very long in the tooth, at least the last version I was
us
On Thursday 26 April 2007 00:43, you wrote:
>
> A chap I know (for some reason) set his source port
> for queries to be port 53 and his DNS queries started to fail.
It was the default source port for DNS queries in some versions of BIND. And
may well still be (I don't do those versions of BIND).
er based on IPv4
addresses, IPv6 addresses, or MPLS labels. 30 Mpps at 1500-byte
packets corresponds to 360 Gb/s. So, no sweat.
Routing table lookups(*) are what's most relevant here, because the other
work in forwarding is identical between IPv4 and IPv6. Again, many
platforms are abl
cts. Even then you should only follow
normal channels and always be careful.
--
Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
at large soon. They
probably make sense in special cases, maybe for "land-speed records"
and dumb high-speed video equipment, or for server-to-server stuff
such as USENET news.
(And if anybody out there manages to access [2] or http://ndt.switch.ch/
with 9000-byte MTUs, I'd like to
r, Mail
Foundry have no financial incentive to stop providing services to these
spammers. Till companies (ISPs included) are fined for providing such
services, so it isn't profitable, we'll be spammed.
Port 25 SYN rate limiting isn't that much harder than ICMP ;)
Simon, speaking in a personal capacity, views expressed are not necessarily
those of my employers.
On Tuesday 03 April 2007 15:59, Geo. wrote:
>
> initially I thought it was a dns problem
Irrelevant lame DNS server issue reported to SOA email address.
ar, just 20% growth on what we have now.
[2] http://www.angelfire.com/tx/afira/arabic1.html
--
Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
On Friday 30 March 2007 15:33, Wil Schultz wrote:
>
> Sorry of this is off topic:
Try SPAM-L, a lot of overlap between that and this group, but it exists for
these issues, NANOG doesn't (unless you are sending so much email it
adversely affects network stability).
> On another side note, if an
they know what is being said. (Let he who is
without sin here, cast the first stone).
Thanks,
Simon
:
> [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters]
> "SackOpts"=dword:0x1 (enable SACK)
> "TcpWindowSize"=dword:0x7D000 (512000 Bytes)
> "Tcp1323Opts"=dword:0x3 (enable window scaling and timestamps)
> "GlobalMaxTcpWindowSize"=dword:0x7D000 (512000 Bytes)
> http://www.microsoft.com/technet/network/deploy/depovg/tcpip2k.mspx
--
Simon.
ot; to solve the problem. Calling people "Engineers" was a
problem since half them didn't have degrees.
--
Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
On Thursday 08 March 2007 09:51, you wrote:
>
> Works fine from most places, but the connection is immediately closed from
> work.
Hmm, seems that blogspot.com is now 6 hops closer to us, and working fine.
6 hops missing were all internal to telewest.
Apologies for the noise.
Anyone have a tool that quickly measures the reachability of websites
subdomains of blogspot.com?
Search google for "site:blogspot.com $subjectofinterest"
i.e. chess
http://susanpolgar.blogspot.com
Works fine from most places, but the connection is immediately closed from
work.
Resolves to:
On Monday 19 February 2007 13:27, you wrote:
>
> people consider this to be a Windows malware problem. I consider it to
> be an email architecture problem. We all know that you need hierarchy to
> scale networks and I submit that any email architecture without
> hierarchy is broken by design and
Cs
we blocked.
They seem to have a virulent PayPal Phish sender at 66.36.228.37 as well this
week.
Ho Hum
Simon
ch bot infested
customer is costing their ISP then people might be able to do something.
Right now AFAIK an extra 10,000 botted customers costs the average ISP no
more than a dozen heavy p2p users.
On the other hand Port 25 filtering probably is something that has low
enough negatives vs the posi
RBLs do this with about 2 days notice. Perhaps a
special value could be defined ( 127.255.255.255 ? ) to tell users that
the DNSBL is no longer in operation and shouldn't be used, standard
software can then raise an error or whatever.
--
Simon J. Lyall | Very Busy | Web: http://www.da
On Tuesday 16 January 2007 03:06, Jason Frisvold wrote:
>
> The argument there is that those users don't deserve to comment if
> they can't keep their computers clean, but let's get real.. Some of
> this stuff is getting pretty advanced and it's getting tougher for
> general users to keep their c
noticing that non-technical
people (friends and family in France) do seem to be capable of
receiving TV over IP (although not "over the Internet") - confirming
what Simon Lockhart claimed.
Of course there are still technical issues such as how to connect two
TV sets in different parts o
and antenna? Then why can't they plug in Power, TV & phone line? That's
where IPTV STBs are going...
Simon
n UK, and then again in France, and again in China, etc. What they
don't want is to sell it once, in the USA, say, and not be able to sell it
again because it's suddenly available everywhere.
Simon
tent providers don't care whether access providers like
P2P or not, just whether it works or not.
On one hand, access providers are putting in place rate limiting or blocking
of P2P (subject to discussions of how effective those are), but on the other
hand, content providers are saying that P2P is the future...
Simon
nge/CO
to get decent xDSL rate). In the UK, I'm already delivering 40+ channels over
IPTV (over inter-provider multicast, to any UK ISP that wants it).
Simon
re are a few problems with the above business model (mostly
legal) but infrastructure costs are not one of them. Plug in your own
numbers for movies and tv shows but 40 TB for each will probably be enough.
--
Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all
On Wednesday 03 January 2007 16:29, you wrote:
> On Wed, 3 Jan 2007, James Baldwin wrote:
> > Anyone else getting a 403 Forbidden when trying to access
> > http://cisco.com?
>
> Forbidden
>
> You don't have permission to access / on this server.
>
> Additionally, a 403 Forbidden error was encounte
ve much. A possible countermeasure is to not count off-peak
traffic (or not as much). Our charging scheme works like that, but
our customers are mostly large campus networks, and I don't know how
digestible this would be to retail ISP consumers.
--
Simon.
On Monday 11 December 2006 16:15, you wrote:
> > I use to slave "." which can save time on recursive DNS servers when they
have
> >a lot of dross to answer (assuming it is totally random dross).
>
> I'm not sure to understand your solution.
> You configure your name-server as a slave-root-server?
On Friday 08 December 2006 14:40, you wrote:
>
> For this reason, I would like that a DNS could response maximum to 10
> queries per second given by every single Ip address.
That may trap an email server or two.
Did you consider checking what they are looking up, and lying to them about
the TT
On Friday 08 December 2006 12:50, you wrote:
>
> CNN recently reported that 90% of all email on the internet is spam.
> http://www.cnn.com/2006/WORLD/europe/11/27/uk.spam.reut/index.html
I posted my rant a while back to save bandwidth;
http://www.circleid.com/posts/misleading_spam_data/
lucinating for having heard the report from the
IAB Routing Workshop report three times in a week :-)
Or the CIDR Report software has an R200K problem?
--
Simon.
On Thursday 02 Nov 2006 14:54, you wrote:
>
> I'm thinking for every answered message sent to abuse (non autoresponder),
> one will likely see more than 7-10 failures.
It is a self fulfilling issue. Those abuse desks who deal with the issues you
rarely end up writing to, those who don't, you
On Monday 30 Oct 2006 21:06, you wrote:
>
> Is there a postmaster from MSN/Hotmail out there? Mail from my domain to
> any of yours is being junked and randomly blackholed. No progress has been
> made yet with the normal tech support.
I previously got responses from the advertised postmaster co
On Thursday 26 Oct 2006 13:45, you wrote:
>
> Is there a similar statistic available for Mac OS X ?
Now now.
> > "Of the 4 million computers cleaned by the company's MSRT
> > (malicious software removal tool), about 50 percent (2 million)
> > contained at least one backdoor Trojan. While this i
On Wednesday 25 Oct 2006 15:59, you wrote:
>
> just guessing but:
> 1) it's 'hard'
The reason the public facing DNS is poorly set up at the majority of
institutions is the IT guy says "lets bring it in house to give us more
control, how hard can it be?".
When if they had left it with their IS
On Friday 20 Oct 2006 00:35, you wrote:
>
> Here's a visionary article related to this topic, but
> at the root server level, even more of a delicate issue,
> but with the same principles as the one we're discussing:
No this is the difference between impersonation, and service.
I think one probl
On Thursday 19 Oct 2006 13:50, you wrote:
>
> Can you suggest me any objective reason in order to invalidate this
> proposal?
Been done to death here before, assuming it is the same sort of DNS hack as
the others.
Basically if you can guarantee that all DNS servers are used exclusively for
bro
On Tuesday 17 Oct 2006 03:32, you wrote:
> 205.150.100.214
Sorry - my mistake
Saw the 205.150 prefix and confused in with 205.152, which are totally
different of course.
bellsouth.net have sorted their issue (from our perspective).
On Tuesday 17 Oct 2006 03:32, Mike Tancsa wrote:
> Anyone know whats up ? I have seen some strange routing depending on
> the payload's protocol to a site in one of their colos in Toronto.
Don't know if it is related, but we can't route email to bellsouth.net -- no
route to host. When I checked
On Tue Oct 10, 2006 at 02:40:25PM +, Fergie wrote:
> Is it April 1st already? :-)
Their reasoning is certainly barmy, but some dark-fibre customers in the
UK get charged business property taxes on the fibre.
Simon
--
Simon Lockhart | * Sun Server Colocation * ADSL * Domain Registrat
On Monday 02 Oct 2006 23:30, Joseph S D Yao wrote:
>
> All, this seems seriously NON-lame to me. Of course, testing and fixing
> the bug before it was put out there would have been less so. But think
> of this! A large company has actually admitted that it was wrong and
> backed out a problem!
On Friday 22 Sep 2006 11:39, you wrote:
>
> Is this unusual, or what? Are search engines supposed to be amongst the
> biggest user agents recorded on a typical website? How much trolling and
> indexing is considered 'too much' ?
Whenever it becomes a problem.
If you don't have enough genuine t
On Monday 18 Sep 2006 07:40, you wrote:
>
> I know the common wisdom is that putting 192.168 addresses in a public
> zonefile is right up there with kicking babies who have just had their
> candy stolen, but I'm really struggling to come up with anything more
> authoritative than "just because, no
ore-specifics (AS3303
and us :-).
IMHO Connexion by Boeing's BGP hack, while cool, is a good example of
an abomination that should have been avoided by having slightly
stronger incentives against polluting the global routing system.
Where's Sean Doran when you need him?
--
Simon (AS559).
ach ground station has a different
ISP, and the airplane's /24 is re-announced from a different origin AS
after the handoff.
It's possible that there are additional satellite/transponder changes,
but those wouldn't be visible in BGP.
--
Simon.
On Friday 08 Sep 2006 15:21, you wrote:
>
> Could anyone point me to a market-share by-country overview of broadband
> provider in Scandinavia (Denmark, Sweden, Norway, Finland, Iceland). Any
> help would be appreciated.
Ovum use to do reports on European ISP market share, I think it covered
Sca
thin 3 days (according to the message).
--
Simon J. Lyall | Very Busy | Web: http://www.darkmere.gen.nz/
"To stay awake all night adds a day to your life" - Stilgar | eMT.
viders operate openly.
Talking of "resolving" and "abusing" wrt binary newsfeeds grew old around
10 years ago. These days plenty of people run text-only feeds and leave
the full-binary feeds to the top hundred or so sites that can afford
them.
--
Simon J. Lyall | Very Busy |
NZNOG 07 - Call for Participation and Papers
The next conference of the New Zealand Network Operators' Group is to be held
in Palmerston North, New Zealand between 31 January and 2 February 2007. Our
host is Inspire.net and the venue is to be at Massey University's campus.
NZNOG meeti
On Wednesday 16 Aug 2006 01:13, Paul Jakma wrote:
> On Thu, 10 Aug 2006, Simon Waters wrote:
> > I've no doubt some captcha can be invented in ASCII, but this isn't
> > it.
>
> 'tis. It works for at least one blog platform, where I've never once
> ha
On Friday 11 Aug 2006 05:24, Hank Nussbacher wrote:
> On Thu, 10 Aug 2006, Florian Weimer wrote:
> > You should look after the automated tools (probably using a virus
> > scanner or something like this) and trigger a covert alert once they
> > are detected. If the spam sent out is of the right ki
On Thursday 10 Aug 2006 01:14, Paul Jakma wrote:
> On Thu, 10 Aug 2006, Stefan Bethke wrote:
> > Do you have any links or references?
>
> Just ask the user some basic question. E.g.:
>
> What is 2 added to 23?:
I've no doubt some captcha can be invented in ASCII, but this isn't it. AI
alr
On Wednesday 09 Aug 2006 18:28, Suresh Ramasubramanian wrote:
>
> 2. West african cities like Lagos, Nigeria, that are full of
> cybercafes that use this satellite connectivity, and have a huge
> customer base that has a largish number of 419 scam artists who sit
> around in cybercafes doing noth
On Tuesday 08 Aug 2006 15:03, you wrote:
>
> And, as usual, security is only costing you money.
To a first approximation 10% of all incoming net traffic is malware/abuse/junk
related, so if you are a residential ISP presumably 10% of outgoing bandwidth
is swallowed up this way.
So there ar
The increase in dispatch errors reported by BIND recently is explained by the
other ISC here;
http://isc.sans.org/diary.php?storyid=1538
So it looks like the error message was right, although some older versions of
BIND didn't do a good job of reporting the IP addresses involved.
My own exper
On Tuesday 01 Aug 2006 20:18, you wrote:
> Has anyone else seen an increase of the following named errors?
>
> Aug 1 01:00:09 morannon /usr/sbin/named[21279]: dispatch 0x4035bd70:
> shutting down due to TCP receive error: unexpected error
> Aug 1 01:00:09 morannon /usr/sbin/named[21279]: dispatc
On Thursday 27 Jul 2006 17:59, William Yardley wrote:
>
> Keeping in mind that they are not only a huge email provider, but also
> that their user-base is mostly not exactly tech savvy, I think Carl,
> Charles et al do a pretty good job over there.
I think Carl moved on to other things in AOL.
>
/8 and the other LACNIC ranges), we don't accept
that route. Couldn't you just announce the entire /19?
Regards,
--
Simon, AS559.
On Tuesday 25 Jul 2006 18:04, Henry Linneweh wrote:
>
> I think this operationally impact some people
>
>http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9001972
Anyone else note the irony that the domain names were registered through
domainsbyproxy.com so he is
On Thursday 13 Jul 2006 13:08, you wrote:
>
> The second part doesn't make any sense to me. It seems that having
> multiple, geographically disparate recursive name servers would be
> more likely to present an "alternative [view] of the DNS". (In fact,
> I can prove that's true in at least some
On Wednesday 12 Jul 2006 18:35, David Ulevitch wrote:
> On Jul 12, 2006, at 12:30 AM, Simon Waters wrote:
> > On Tuesday 11 Jul 2006 20:22, Daniel Golding wrote:
> >> I'm at a loss to explain why people are
> >> trying so hard to condemn something like this.
>
On Tuesday 11 Jul 2006 20:22, Daniel Golding wrote:
>
> I'm at a loss to explain why people are
> trying so hard to condemn something like this.
Experience?
On Tuesday 11 Jul 2006 13:40, you wrote:
>
> Client sites with dedicated recursers are going to be presented with a
> challenge: if their servers use the recursers, then will they set up
> a parallel set of caching forwarding recursers for desktop-to-OpenDNS
> use, or will they simply let OpenDN
On Tuesday 11 Jul 2006 07:19, Steve Sobol wrote:
>
> There's a big difference, of course, between INTENTIONALLY pointing your
> computers at DNS servers that do this kind of thing, and having it done for
> you without your knowledge and/or consent.
Yes, one way you choose who breaks your DNS, the
On Monday 03 Jul 2006 16:26, Phil Rosenthal wrote:
>
> We are very much anti-spam and I will look into Mark's issue - I'm
> looking through the tickets for abuse@ and there is no email sent in
> from [EMAIL PROTECTED] ...
I suspect he tried [EMAIL PROTECTED] which seems to be in rfc-ignorant.
On Monday 03 Jul 2006 06:16, you wrote:
>
> Forgive the relative noobishness of the question, but I've not had to deal
> with this sort of situation before. Should I be forwarding to RIPE?
I don't think RIPE will be that interested.
The address range gets connectivity from someone. I suggest re
to stuff the FP's into SSHFP DNS RR's and turn on
> verification for these records on the clients. Done.
How do you get the SSH host key fingerprint of a Cisco into SSHFP syntax?
> In combo with DNSSEC this is a (afaik ;) 100% secure way to at least get
> the finger prints right.
Exactly.
--
Simon.
1 - 100 of 347 matches
Mail list logo