On Jun 28, 2007, at 11:44 AM, Steven M. Bellovin wrote:
Whatever -- it
exists as a reasonably stable design; starting over would cost us 15
more years that we just don't have.)
Are you saying we (collectively) would take yet *another* 15 years to
come up with another and/or better design?
On Jun 28, 2007, at 12:21 PM, Justin Scott wrote:
Good afternoon, is there anyone on the list from Cox communications?
Many of our customers that use Cox in Arizona (Phoenix and Tucson
specifically, 68.15.190.16 is one of the sources) are having trouble
reaching our network in Tampa, FL
On Jun 4, 2007, at 9:51 PM, Donald Stahl wrote:
A SI firewall ruleset equivalent to PAT is a single rule on a
CheckPoint firewall (as an example):
Src: Internal - Dst: Any - Action: Allow
Done.
Done indeed! Botnet operators *love* this policy. This type of policy
is probably worse
On Feb 11, 2007, at 10:58 AM, Chris L. Morrow wrote:
perhaps next time the news folks could
ask someone who runs a network what the problems are that face network
operators?
they did ask one, you must have missed this from the article:
Verisign, the American firm which provides the
On Sep 25, 2006, at 9:04 PM, Jeff Kell wrote:
Well, a prefix hijack either means a router has been pwned, as I
suggested,
or a router is (as Governor Tarkin put it) far too trusting of
its peers.
And anyhow, I was speaking of BGP flaps in the context of botnets
- has anybody
seen an
If anyone is interested in attending a 1-day pre-nanog (June 2)
workshop for dns-operations, details can be found at the URL below.
http://public.oarci.net/dns-operations/workshop-2006
-b
On Feb 24, 2006, at 11:30 AM, Ejay Hire wrote:
It may be coincidental, but TXT and ANY queries for this
zone were the ones used in the multi-gigabit reflected dns
DDOS against us earlier this month.
this would be a fine thread to discuss on dns-operations, which a
bunch of you here have
On Feb 24, 2006, at 11:47 AM, Randy Bush wrote:
this would be a fine thread to discuss on dns-operations, which a
bunch of you here have already joined.
http://lists.oarci.net/mailman/listinfo/
i joined but have never seen a message on that list. and this
discussion seems useful. maybe we
On Nov 11, 2005, at 2:50 PM, [EMAIL PROTECTED] wrote:
we clustered the engineers into the IETF terminal
room
since we're reminiscing, we did this at dallas ietf in 1995, i think
it was (yes, http://merit.edu/mail.archives/nanog/2000-11/
msg00222.html). we had hit a timer bug in
On Wednesday 14 September 2005 15:41, Luke Parrish wrote:
Not quite looking for tips to manage my network and ACL's or if
should or
should not be blocking, more looking for actual ports that other
ISP's are
blocking and why.
seems to me this is the wrong question... a default
seems to me this is the wrong question... a default security
posture (network or system, isp or enterprise or any type of
entity) should be: if it's not explicitly allowed, it's denied.
apologies, i see the original poster was talking about a
*backbone*... my mind was on
On Sep 12, 2005, at 1:32 PM, Jared Mauch wrote: there's also a blurb on yahoo news of an outage http://news.yahoo.com/s/ap/20050912/ap_on_re_us/la_power_outage AM radio news is reporting a "wrong cable cut" by the department of water and power folks... they're saying "no ties to
On 3/15/05 3:11 AM, Ziggy David Lubowa [EMAIL PROTECTED] wrote:
On Tue, 15 Mar 2005 17:51:32 +0800 (CST), Joe Shen wrote
Yes. Can I do this on a Linux box without having to
install Zebra BGP on it?
Doesnt look like you have to, below is the link to the tarball
1) their backbones currently work - changing them
into something which may or may not work better is a
non-trivial operation, and risks the network.
i would disagree. their backbone tend to reach scaling problems, hence the
need for bleeding/leading edge technologies. that's been my
First, yes I know I should call ATT but I want to know if anyone else sees
this problem:
I have a customer that is multi-homed to ATT and WCOM. They accept
default via BGP from both providers and announce a handful of prefixes to
both providers.
Given that they receive default, it's just the
The router at route-server.ip.att.net shows about 25 10.0.0.0/8
prefixes, most showing up over 4 weeks ago.
Odd. I didn't see this when looking at att's looking glass via web
browser. I was looking for some smaller prefixes though and didn't just
look for 10/8 :-/
-b
RFC1918 addresses are unpredictable on any network other than your own.
You shouldn't make assumptions about them. Anyone may use them for any
purpose on their network. If you send packets into their network using
RFC1918 addresses, you get whatever you get. If you require certaintity
its
Wasn't it established that they did infact not leak it but just routed it
inside their own network?
Sorry, shouldn't have said leaked.
i wish you were right. i wish you were even close to right. but we've
been
attacked many times over the years by some extremely smart adolescent
psychopaths -- where adolescence is a state of mind in this case, rather
than of years -- and i wish very much that they would either stop being
On Wednesday, Mar 19, 2003, at 12:28 America/Phoenix, Sean Donelan
wrote:
On Wed, 19 Mar 2003, German Martinez wrote:
Anybody here seeing problems with AS7018 ?
...
...
If you report it to ATT, they seem to get it fixed; but then
the problems re-appear a few days later. I'm guessing that
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
Behalf Of David Diaz
Sent: Monday, January 06, 2003 5:24 PM
To: [EMAIL PROTECTED]
Subject: Re: DWDM interconnects
Actually I forgot to mention. Since we have different frequencies
for the lasers, you and
hate to break up the peering thread but i'm wondering if anyone has
experience/knowledge of Empirix tools? i worked with them back when they
were known as midnight networks but they focused on protocol conformance
testing at the time (mid-90s). they're corporate history has no mention
of
--On Tuesday, June 18, 2002 11:30 AM -0700 Lou Katz [EMAIL PROTECTED] wrote:
A client of mine just discovered that he could no longer do ftp
transfers to my machine. His IP address had changed to one in
12.240.20 and there is no reverse DNS for that block. His
previous assignment was in a
- Original Message -
From: Pawlukiewicz Jane [EMAIL PROTECTED]
To: Marc Pierrat [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Thursday, June 06, 2002 10:02 AM
Subject: Re: Diagnostic Tools
No. But I was thinking of something more robust. And I think it depends
on what level you
24 matches
Mail list logo