On Jun 28, 2007, at 12:21 PM, Justin Scott wrote:
Good afternoon, is there anyone on the list from Cox communications?
Many of our customers that use Cox in Arizona (Phoenix and Tucson
specifically, 68.15.190.16 is one of the sources) are having trouble
reaching our network in Tampa, FL (64.15
On Jun 28, 2007, at 11:44 AM, Steven M. Bellovin wrote:
Whatever -- it
exists as a reasonably stable design; starting over would cost us 15
more years that we just don't have.)
Are you saying we (collectively) would take yet *another* 15 years to
come up with another and/or better design?
On Jun 4, 2007, at 9:51 PM, Donald Stahl wrote:
A SI firewall ruleset equivalent to PAT is a single rule on a
CheckPoint firewall (as an example):
Src: Internal - Dst: Any - Action: Allow
Done.
Done indeed! Botnet operators *love* this policy. This type of policy
is probably worse than
On Feb 11, 2007, at 10:58 AM, Chris L. Morrow wrote:
perhaps next time the news folks could
ask someone who runs a network what the problems are that face network
operators?
they did ask one, you must have missed this from the article:
"Verisign, the American firm which provides the backbo
On Sep 25, 2006, at 9:04 PM, Jeff Kell wrote:
Well, a prefix hijack either means a router has been pwned, as I
suggested,
or a router is (as Governor Tarkin put it) "far too trusting" of
its peers.
And anyhow, I was speaking of BGP flaps in the context of botnets
- has anybody
seen a
If anyone is interested in attending a 1-day pre-nanog (June 2)
workshop for dns-operations, details can be found at the URL below.
http://public.oarci.net/dns-operations/workshop-2006
-b
On Feb 24, 2006, at 11:47 AM, Randy Bush wrote:
this would be a fine thread to discuss on dns-operations, which a
bunch of you here have already joined.
http://lists.oarci.net/mailman/listinfo/
i joined but have never seen a message on that list. and this
discussion seems useful. maybe we
On Feb 24, 2006, at 11:30 AM, Ejay Hire wrote:
It may be coincidental, but TXT and ANY queries for this
zone were the ones used in the multi-gigabit reflected dns
DDOS against us earlier this month.
this would be a fine thread to discuss on dns-operations, which a
bunch of you here have al
On Nov 11, 2005, at 2:50 PM, [EMAIL PROTECTED] wrote:
we clustered the engineers into the IETF terminal
room
since we're reminiscing, we did this at dallas ietf in 1995, i think
it was (yes, http://merit.edu/mail.archives/nanog/2000-11/
msg00222.html). we had hit a timer bug in
seems to me this is the wrong question... a default security
"posture" (network or system, isp or enterprise or any type of
entity) should be: "if it's not explicitly allowed, it's denied."
apologies, i see the original poster was talking about a
*backbone*... my mind was on campus/edge/c
On Wednesday 14 September 2005 15:41, Luke Parrish wrote:
Not quite looking for tips to manage my network and ACL's or if
should or
should not be blocking, more looking for actual ports that other
ISP's are
blocking and why.
seems to me this is the wrong question... a default securit
On Sep 12, 2005, at 1:32 PM, Jared Mauch wrote: there's also a blurb on yahoo news of an outage http://news.yahoo.com/s/ap/20050912/ap_on_re_us/la_power_outage AM radio news is reporting a "wrong cable cut" by the department of water and power folks... they're saying "no ties to terrorism"...-b
On Jun 20, 2005, at 12:44 AM, Randy Bush wrote:
June 15th: Lorenzo gives us 24 hours notice that he is going to be
using
our (a very general our here, meaning all Internet operators)
network for
performing his experiments on. (oh, and points out that hes been
doing the
same with IPv6 s
On 3/15/05 3:11 AM, "Ziggy David Lubowa" <[EMAIL PROTECTED]> wrote:
>
>
> On Tue, 15 Mar 2005 17:51:32 +0800 (CST), Joe Shen wrote
>> Yes. Can I do this on a Linux box without having to
>> install Zebra BGP on it?
>
> Doesnt look like you have to, below is the link to the tarball
>
> http:/
>> 1) their backbones currently "work" - changing them
>> into something which may or may not "work better" is a
>> non-trivial operation, and risks the network.
i would disagree. their backbone tend to reach scaling problems, hence the
need for bleeding/leading edge technologies. that's been m
>
> Wasn't it established that they did infact not leak it but just routed it
> inside their own network?
Sorry, shouldn't have said "leaked".
> RFC1918 addresses are unpredictable on any network other than your own.
> You shouldn't make assumptions about them. Anyone may use them for any
> purpose on their network. If you send packets into their network using
> RFC1918 addresses, you get whatever you get. If you require certaintity
> i
>
> The router at route-server.ip.att.net shows about 25 10.0.0.0/8
> prefixes, most showing up over 4 weeks ago.
Odd. I didn't see this when looking at at&t's looking glass via web
browser. I was looking for some smaller prefixes though and didn't just
look for 10/8 :-/
-b
First, yes I know I should call AT&T but I want to know if anyone else sees
this problem:
I have a customer that is multi-homed to AT&T and WCOM. They accept
"default" via BGP from both providers and announce a handful of prefixes to
both providers.
Given that they receive default, it's just th
>> i wish you were right. i wish you were even close to right. but we've
> been
>> attacked many times over the years by some extremely smart adolescent
>> psychopaths -- where adolescence is a state of mind in this case, rather
>> than of years -- and i wish very much that they would either sto
On Wednesday, Mar 19, 2003, at 12:28 America/Phoenix, Sean Donelan
wrote:
On Wed, 19 Mar 2003, German Martinez wrote:
Anybody here seeing problems with AS7018 ?
...
...
If you report it to AT&T, they seem to get it fixed; but then
the problems re-appear a few days later. I'm guessing that packe
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] On
> Behalf Of David Diaz
> Sent: Monday, January 06, 2003 5:24 PM
> To: [EMAIL PROTECTED]
> Subject: Re: DWDM interconnects
>
> Actually I forgot to mention. Since we have different frequencies
> for the lasers,
hate to break up the peering thread but i'm wondering if anyone has
experience/knowledge of Empirix tools? i worked with them back when they
were known as midnight networks but they focused on protocol conformance
testing at the time (mid-90s). they're "corporate history" has no mention
of
point of clarification:
i mentioned luminous and "RPT". their marketing folks call it that, it is
in fact RPR (resilient packet ring).
-b
--On Saturday, June 22, 2002 5:02 PM -0400 Ralph Doncaster
<[EMAIL PROTECTED]> wrote:
>
> What's the cheapest way to get Gig-E over OC48?
> A couple used Cerent(Cisco) boxes would work, but the $15-$20K price tag
> is too high.
last i talked to Luminous (about 7-8 months ago) they were making p
--On Tuesday, June 18, 2002 3:17 PM -0700 Vadim Antonov
<[EMAIL PROTECTED]> wrote:
>
> Demonstrably (proof by existence), those switches can be made reasonably
> reliable. So can be routers. It's the fabled computer tech culture of "be
> crappy, ship fast, pile features sky high, test after you
--On Tuesday, June 18, 2002 11:52 AM -0700 Vadim Antonov
<[EMAIL PROTECTED]> wrote:
>
> Er... back then it took 2 months to learn everything a backbone engineer
> had to know. Nowadays it's an alphabet soup of stupid techniques to
> achieve the same result - i.e. to deliver a packet from place
--On Tuesday, June 18, 2002 6:39 PM + "E.B. Dreger"
<[EMAIL PROTECTED]> wrote:
> That's what happened here. Rather than transitting the traffic
> via a "last resort" across town/state, the higher local-pref of a
> "local" peer won.
>
> Geography requirements for peers aren't inherently bad
--On Tuesday, June 18, 2002 11:30 AM -0700 Lou Katz <[EMAIL PROTECTED]> wrote:
>
> A client of mine just discovered that he could no longer do ftp
> transfers to my machine. His IP address had changed to one in
> 12.240.20 and there is no reverse DNS for that block. His
> previous assignment was
--On Tuesday, June 18, 2002 1:33 PM -0400 Pawlukiewicz Jane
<[EMAIL PROTECTED]> wrote:
> Hi Brett,
>
> Are you asking _why_ there are so many hops between yourself and the guy
> across town?
no, just lamenting the passing of an era. an era where we engineers
cooperated, and "just fixed" the
> - Original Message -
> From: "Pawlukiewicz Jane" <[EMAIL PROTECTED]>
> To: "Marc Pierrat" <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
> Sent: Thursday, June 06, 2002 10:02 AM
> Subject: Re: Diagnostic Tools
>
>
>> No. But I was thinking of something more robust. And I think it depends
>> o
in case anyone has experienced this and wants to complain...
-- Forwarded Message --
Date: Monday, March 25, 2002 12:57 AM -0500
From: Declan McCullagh <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: FC: Verisign reportedly sending deceptive domain registration bills
>
> ---
32 matches
Mail list logo