fficer for Network Solutions, and a
noted information warfare specialist. "While other companies offer only
passive defense barriers, Symbiot provides the equivalent of an active
missile defense system" ...
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
Or was there something more devious behind the surge?
The answer, said security experts, is a bit of both, with some fighting
over hacker turf thrown in for good measure
..."
On Thu, 4 Mar 2004, william(at)elan.net wrote:
> On Wed, 3 Mar 2004, Stephen J. Wilcox wrote:
>
> > Perh
e infected
machines.
And indeed previous variants of Bagle and Netsky remove evidence of
infection by their rivals
..."
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
m off-track.. its just my perception and
I'm not an expert at all with viruses...
Steve
On Tue, 2 Mar 2004, Larry Rosenman wrote:
<http://vil.nai.com/vil/content/v_101071.htm>
W32/[EMAIL PROTECTED]
--On Tuesday, March 02, 2004 20:07:17 -0800 "william(at)elan.net"
respond and have that
in their SLA. And they usually respond within 1-3 minutes and not only do
I not have to call them, but they actually call me if the link is down or
if there is serious congestion on it. Quite a a bit overzellous actually!)
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
I have just seen emails (several different kinds) pretending to be sent
from 3 of my isp domains to users of those domains warning users that
their email account would be disabled and asking to open a .pif attachment.
I know largest ISPs probably have expierenced this but I believe what I
have
ess likely to be traced
to him, but usually with server already offshore they don't care that much).
There are probably other reasons I could not immediatly think of but as
broadband penetration boom in US slows down and in other countries its just
picking up, the percentage of spam from US zombies will slowly go down.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
ent are up for renewal.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
d on that Verisign rule over these tlds ends in November 2007
On Thu, 26 Feb 2004, Roman Volf wrote:
>
> When are they up for renewal exactly?
>
> william(at)elan.net wrote:
>
> >On Thu, 26 Feb 2004, Deepak Jain wrote:
> >
> >
> >>Since no one else has
senator or
congressman; and before Verisign starts lobbying him directly) or get federal
courts to convict the people at Verisign responsible for all this mess.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
BTW - in the email it meant to be just stand DOS (Original IBM PC Operating
System based on CP/M), I automaticly write small "o" now when using this
word because of how I've used it in the last sevaral years
On Tue, 24 Feb 2004, william(at)elan.net wrote:
>
> On Tue, 2
d efforts to contact network admins, the retesting should be done and
again similar statistics provided as well as directly list of ips where
at the end the blocks were still not working.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
of ideas in this area, I'd love to know where to send them
all, I don't see any discussion on any public mailing list about S-BGP.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
On Tue, 24 Feb 2004, Michel Py wrote:
>
> William,
>
> > william(at)elan.net wrote:
> > [http://www.cymru.com/BGP/bogon-rs.html]
> > Unfortunetly this is kind-of a bgp hack and as has
> > been already mentioned it needs very carefull
> > implemention
>
prefix
> update via the routing protocol, unless you go the route of other providers
> who have implemented a strict regime for the management of configuations and
> their nightly updates. Then again, we can debate functions of the control
> plane and the desire to reduce reliance on external systems in a routing
> product.
That maybe subject for another list, like IETF IDR.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
This has been mentioned on nanog maillist before, it appears several months
after notification swisscom still has not fixed this problem (when similar
leak came from he, I think they fixed it in 48 hours!). Here are pointers
to previous thread:
http://www.merit.edu/mail.archives/nanog/2003-11
izations to urge vendors to
implement router software changes for distributed bgp filtering as has been
detailed in this draft (already mentioned quite extensively on other threads):
http://arneill-py.sacramento.ca.us/draft-py-idr-redisfilter-01.txt
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
s and this being retaliation attacks
due to mircx.com which was supposedly in return for them reporting some
other attacks to fbi which led to raiding of foonet office.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
c and to only describe this kind of filtering
in the concept with non-specific examples if possible. Do not take the
draft to be directly associated with bogon route server or any other bgp
filtering projects except that it describes how these kind of filtering
services would operate.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
I have already claled VZ about htis issue as i see it tons here
too..their response:
We only provide connectivity and we do not take actions in terms of port
filtering or blocking.
Wayne Gustavus (nanog) wrote:
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
Beh
Note - I got confused by the subject and everything myself. The routes you
have locally would not be from IBGP but just directly through IGP (i.e.
OSPF or EIGRP etc). I don't think you can really do IBGP if routers are
not configured with the same ASN.
On Fri, 20 Feb 2004, willi
Ok. The way I read this is that you're redundant as far as one of your
upstream links going down - it'd not cause complete meltdown as that
router that had that link would still be announcing that space to the
other router (over EBGP) and then to the net.
What you're worrying then is what ha
Small clarification, this was award for year 2003. But I think they are
planning on being nominated (and winning) this year as well ...
On Fri, 20 Feb 2004, Ray Bellis wrote:
>
> Seeing as this didn't appear to hit NANOG yet -
>
> Our dear friends at Verisign won the "Internet Villain" of th
this is part of the autodiag software installed by the VZ cdyou will
need to go through your remotes and uninstall that stuffe..
[EMAIL PROTECTED] wrote:
Anyone else seeing this, it started up a few weeks ago.
We have a number of home users that VPN to our corporate network who are
using Ve
ion. The cost of fixing your own
network even 50% of other ISPs did it, would in the end be smaller.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
ver - some even do it onj their networks for all
customers no matter if they got any reports or not (as preventative measure).
While there are many techs who don't like this practice it does seem that
this solution effectively removes the PC from being used as source of
spam even if it become
There are several groups working on identifying open relays, proxies, etc
and creating lists of such ips for active blocking. For example see
http://www.spamhaus.org/xbl/index.lasso
The problem is not as much actual open relays (which are now rare and
almost universlly blocked) but open proxies
Hi all -
For those of you who could not attend the BOF, here are my notes from the
Peering BOF. Comments welcome -
Peering BOF VII - NANOG 30 - Miami
2/10/2004 7PM
Moderator: William B. Norton
We were at capacity in
, and we had a tremendous increase in
spam allowed through the servers. It receded as soon as we installed
the BIND fix (as I've posted to the list at that time).
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
For those you want to kill the various p2p programs..there is a
promising project at the following address:
http://www.lowth.com/p2pwall/ftwall/
William
--
May God Bless you and everything you touch.
My "foundation" verse:
Isaiah 54:17 No weapon that is formed against thee shall pr
user.
I'm not sure this is the answer.
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
Hi all -
At this point the Peering Personals part of the Peering BOF is full -
please do not send any more RSVPs.
Since there was confusion over this point the last time, there is no need
to RSVP to *attend* the Peering BOF, only to participate in the Peering
Personals during the second half o
good fit to your own business environment. There are usually
> several ways of getting them the data which they require to do their jobs.
>
Whatever they are willing to pay for -- a good fit for the business
environment is the largest effort and highest cost, as the overhead
and ad
I don't know for certain and I'm guessing based on existing pattern (although
for 70/8 ARIN did mention at one point it will be allocated to them I think).
The pattern is that IANA tries to allocate blocks consequently to RIRs
(don't know why, its not like like RIRs would be announcing blocks as
Also as you know I have been running statistics at
http://www.completewhois.com/statistics/
(note: dont believe about "green" for 70/8, I still have not fixed collection
to ignore occasional single wrong announcements from routeviews)
Its interesting that 69/8 block is currently only 39% alloca
I do note that recent policies concerning IANA which I think we
passed on last meeting, is that ARIN and other RIRs will request ip block
6 months ahead of its projections, perhaps it would be good idea if
somebody from ARIN were to comment if this was done this time and if so,
when is it pr
It has been known for quite some time that next block to be allocated to
ARIN is 70/8 (and next one will be 71/8). It might have been nice if ARIN
were to run projections and inform community that by its projections it
will be requesting new /8 ip block in say 2 month time.
On Mon, 19 Jan 20
The patent doesn't claim to apply to domains - it claims to apply to URLs of the form
name.subdomain.domain. The mere fact that this isn't correct syntax for URLs didn't
prevent them from getting the patent, but it should make enforcing it on people who
are using *domain names* of that form muc
ften moved (but not always), however that is probably
not enough for RIRs to deny the transfer on grounds that its existing
company, plus RIRs really don't ever get into such specifics.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
Hi all -
Restrictive Peering Policies: The Great Debate
---
Monday Evening at the upcoming Peering BOF at NANOG 30 in Miami we are
trying something new: at the beginning of the Peering BOF there will be "A
Great Debate" on the topic
really aren't getting anywhere.
> Richard Cocks
So are you on Hijacked-L? I have not seen post there before before ...
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
e
that capability for the operationally challenged.
- have NANOG-approved OOO messages,
Folks running reasonable MTA/MUA don't have this problem, so why don't
you check the message headers to see what clueful folks are using,
rather than trolling the list? You can see all the message headers,
can't you?
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
BTW - By my tests it appears I'm being scanned by unix hosts between 500
to 1000 times per day! I don't know, maybe it seems a low number for some
of you, but I'm not at all happy about it.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
s blocked for next 10 minutes
(but not permanently). I don't think any legitimate traffic would be lost
in this case. (Note: definition of "legitimate" varies from network to
network and from one person to another).
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
t right there...
Any people or networks tracking this down to perhaps alert each other?
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
On Mon, 22 Dec 2003, Mike Lewinski wrote:
> Thanks, but again this seems unnecessarily complicated. Why can't your
> whois server do this for me as .com/.net are, and .org used to be?
>Domain Name: ROCKYNET.COM
>Registrar: TUCOWS, INC. <- This is all I really need
>Whois Server: whoi
63.976 ms
13 lngw2-isi-1-atm.ln.net (130.152.180.22) 64.412 ms 64.573 ms 64.646 ms
14 207.151.118.18 (207.151.118.18) 62.939 ms 63.130 ms 62.638 ms
15 * * *
16 * * *
17 * * *
18 * * *
19 * * *
20 * * *
21 * * *
22 * * *
23 207.151.118.18 (207.151.118.18) 62.773 ms !X 62.938 ms !X *
ing routeviews
data. For example when routeviews is providing dns ip->asn resolution,
what route(s) are being used there?
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
lt route improperly
appearing in there (weren't routeviews filters supposed to filter out this
kind of all-net advertisements)?
P.S. And am I correct in assuming this 0.0.0.0/0 and not 0.0.0.0/8 route?
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
Kenneth Budd expressed his frustration about not being able
to reach Comcast's blacklist management people by email
because his site was blacklisted.
It's not the first time that somebody's had that problem with some ISP.
For ISPs, it's important to make sure that abuse@ and similar
NOC addresses
I can see a couple of obvious approaches for getting Neulevel's attention
- Their web site lists two Registry Relationship Managers, one with popup contact info
Ivor Sequeira - Senior Manager, European, African, and Middle Eastern Regions
571-434-5776 [EMAIL PROTECTED]
I've been a victim to that... I'm not certain you'll be able to convince
domain registry to delete that name server from that domain - I could not
(but this with Verisign and their techs could not even undertand what the
issue is and getting to knowledgable people there is surprisingly difficul
I answered questions posed here on related inet-access mail list thread
and there is also info there on my previous post why the accusations had
had basis for it. Those who are interested may read it there or in archives
and Susan will I'm sure welcome me not taking any more of nanog resource
on
"On Wed, 10 Dec 2003, Blaxthos wrote:"
> hello,
>
> i've been reading nanog-l/inet-access for many many years (just a shadow,
> i don't post).
Hello shadow of anonymous nanog & inet-access subscriber...
I do first have to wonder if you have read newspapers or seen tv shows
like 60 minutes rece
The original notice about all this I received came through dshield announce.
I followed up the information and thereafter came upon the message on the
popadstop website, its rather interesting how they claim they did not
intend their software to send a "pop-ad" advertisement of that same softwar
At 06:23 PM 12/5/2003 -0500, [EMAIL PROTECTED] wrote:
> 1) The Cable companies are peering (with Tier 2s and each other) in a
> *big* way
That's probably why ATDN depeered ~20 networks over last few months,
while Comcast and Charter do not peer at all.
I had not heard that. As for Comcast and Chart
I think part of the problem is not only to notify but provide information
for techs at another ISP to know what kind of problem they have (and if
you block them, they may not be able to reach you to even ask).
I would remind that this thread started from Tom telling us that roadrunner
did not
Current Peering Locations:
1)
2)
3)
:
List all Planned (3-6 mos) Peering Locations:
1)
2)
3)
:
Privacy Notice: This information is made available only to me, William B.
Norton, as an individual, and will be used only for facilitating the BOF
and making up the screen behind the speakers. People in the
Hi all -
Thanks to those who provided comments to the last white paper draft of "The
Evolution of the U.S. Peering Ecosystem". I've made most of the changes and
added the data points as suggested, so I am now ready to send out the
document more broadly. Lots of acknowledgements in the acknowled
il to
William B. Norton at [EMAIL PROTECTED]:
Name: __
Title: ___
Company: ___ AS # _
In what country do you live? _
Email Address: __
We will select a set of panelists based on the answers to the questions bel
sing tools like CBQinit, MRTG/RRDTOOL,
> and a Webmin-like admin interface. The closest thing to this I've seen is
> ETINC's BWMGR, but that's a closed-source solution and is still somewhat
> expensive.
>
> -Andrew White
>
>
> On Tue, 25 Nov 2003, William Caban
hines just keep running that program all day,
leading me to host on much slower W98 machines -- contrary to the usual
instructions. So, I can personally attest to "actually WORKS reliably."
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
W
On Mon, 2003-11-24 at 17:36, William Caban wrote:
> I'm looking for a review/report on traffic/packet shapers products with
> a side-by-side comparison. Did any one has a clue where I can find one
> such report?
>
> Thanks,
> -W
--
William Caban <[EMAIL PROTECTED]>
eer
3277 13062 20485 8437 3303
194.85.4.249 from 194.85.4.249 (194.85.4.249)
Origin IGP, localpref 100, valid, external, best
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
had problems with
everything later.
Unfortunately, I cannot keep my relatives and customers from buying
new machines with XP, the worst thing I've seen yet.
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
the display, flashes a big
warning screen, and asks whether it should continue. That causes the
startled niece to go running to momma to call uncle.
Whatever we use has to be flashier than dancing hamsters
Of course, anything that happens too often will just get the OK option
selecte
I'm looking for a review/report on traffic/packet shapers products with
a side-by-side comparison. Did any one has a clue where I can find one
such report?
Thanks,
-W
--
William Caban <[EMAIL PROTECTED]>
reenter your information to be listed directly at
PIR whois (instead of as referral to their own whois) upon the transfer.
They are likely waiting to do it in bulk for multiple domains, but you can
insist they do it ASAP for your domain, send email to their support.
---
William Leibzon
Elan Networks
[EMAIL PROTECTED]
two periods of about 5 minutes each separated
by period of 5 minutes when it was partially working (some time outs still).
I think there were under DoS attack or something similar.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
While it's a more common thing to do with hosts,
there are a number of reasons you might want a router with
multiple interfaces on the same network.
- Sometimes ugly things happen during reconfigurations,
e.g. replacing two routers with one bigger one.
Load balancing is more likely to want two i
I need to give somebody contact for verio routing database to have several
of the database entries removed from there (they have beenadded without
consent of ip block administrator and he does not want them there).Who
would the be correct person to contact at verio?
--
William Leibzon
Elan
ing something similar (i.e. don't you dare imitate verisign!)
Would be interesting to see if their current advertisement (every 8 hours)
page would now be replaced with "We're so sorry that you're seeing this
page, please make sure to download our latest patch so your rout
or marketing of your own products.
In the mean time after this post, I'm off to datacenter room to look for
any belkin products I can spot, after that follow up to Fry's would be
necessary to buy replacements.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
On my active bogons list I'm also seeing
223.0.0.0/8 ## AS65333 : IANA-RSVD2 : Internet Assigned Numbers Authority
223.0.0.0 - 223.255.255.255 ## Bogon (unallocated) ip range
Would that be some kind of experiment?
On Fri, 7 Nov 2003 [EMAIL PROTECTED] wrote:
> On Fri, 07 Nov 2003 22:0
as others will be quick to
mention, S-BGP proposal still needs some work before we could begin
beta-testing it.
---
William Leibzon
Elan Networks
[EMAIL PROTECTED]
those old
companies (i.e. like earthlink is presumably doing with netcom.com), then
let me know domains and I can tell you what not to allow your customers
for emails.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
and its not too "contaminated"
yet and should be reusable fairly easily once you post on couple appropriate
mail lists that real ip block owner is now announcing it.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
ut of .com/.net root dns zone file).
For others, please note that I already told all this before to Michael or
else somebody who I'm certain he knows.
> If William would take some action and clean up the spammers on his
> network, I wouldn't need to post about it.
There are n
Chuck Goolsbee wrote that one of his clients was having problems
because miscreants have hijacked IP space that they own but
haven't actively used in a while.
While it's definitely worth submitting it to completewhois
and developing whatever paper trail it takes to give it back
to the registrars
Subtopics: Redundancy, Hunters.
On Sun, Nov 02, 2003 at 09:37:30PM -0500, Robert M. Enger wrote:
> You'd think after three previous disruptions, that Qwest would
> have enabled some form of redundancy.
If a single fiber cut takes them out, it's not _just_ Qwest's fault.
A service like 911 shou
s 75 ms
12 69.60.142.242 (69.60.142.242) 73 ms 75 ms 73 ms
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
s (from not very old postings) that this fellow
didn't exist before August, and seems only to flame on isp-planet
(and now here).
As has been noted, his company is listed as a net hijacker and a spam
friendly carrier.
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
in On Wed, 29 Oct 2003, Booth, Michael (ENG) wrote:
>
> William, they might be rejecting your post for SPAM. Take a look at the
> link below:
>
> http://groups.google.com/groups?q=dns1.elan.net&hl=en&lr=&ie=UTF-8&oe=UTF-8&safe=off&sa=N&tab=wg
> Leave content filtering to the ES, and *force* ES to filter the content.
And just to make sure we know what content filter is, this is what I
received immedialy following my previous post to nanog.
Whoever you are, that did not see my post, please at least configure your
content filter to r
se problems for customers in
completely different cities.
> Leave content filtering to the ES, and *force* ES to filter the content.
Its not content filtering, I'm not filtering only certain html traffic
(like access to porn sites), I'm filtering traffic that is causing harm to
fer to do it at the entrance to your network. Slammer virus is just
like DoS, that is why many are filtering it at the highiest possible
level as well as at all points where traffic comes in from the customers.
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
el that
can be used to demonstrate this Peering Ecosystem evolution. While not
complete or by any means precise, it does allow us to demonstrate the
affect of these disruptions in the Peering Ecosystem.
/*
William B. Norton <[EMAIL PROTECTED]> 650.315.8635
Co-Founde
l benefits. We need either applications that are
working a lot better at ipv6 or we may yet have to see ipv4 space ran out
before it becomes clear to everybody that ipv6 is a must.
---
William Leibzon
Elan Networks
[EMAIL PROTECTED]
ke him so won't do anything he
suggests, even if it's good advice.
We have another client who hosts an exchange server for a few remote users
and I finally got them to at least use PPTP when Road Runner blocked 135-139
ports (and their remote users are all @ home on RR).
william
- Or
Brian Bruns asserts that there are lots of home users
connecting to their office Exchange servers without VPNs,
and that therefore blocking the Microsoft ports was bad.
While I agree with his point that you shouldn't do it
without documenting what you are or are not blocking,
I'm really surprised
Most ISPs don't provide users with a heavy-duty client that
replaces or patches lots of the operating system's functions,
though may will offer friendly customized browsers for
users who want them, and a few misguided carriers will
provide drivers for PPPoE or other evil excuses for protocols (:-
As a followup to Steve Bellovin's note, to clarify several comments
people sent to the list, note that while AT&T's email folks decided not to take
this approach (actually they'd decided that before somebody goofed up and
sent the draft email anyway, sigh :-), it was never something that would ha
advance notice?
I wrote my first DNS implementation in 1987. I know it's still in use
on a number of old routers and dialup access boxen. My guess would be
another 16 years, or so, to clean up the entire mess.
Easier to eliminate the problem at the source!
--
William Allen Simpson
Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32
As some of you have seen from sessions today, hijacking of ips has been
noticed by many. I want to give report of what the current situation is as
I've been monitoring known hijacked ip ranges and active use of those.
The active list is included later in this email and is available online at
htt
e machine swapped out,
lather, rinse, repeat until all machines are finished.
(Since the VeriSign emergency went away, there was a lot less pressure
to divert support from the jobs they are paid to do, or work overtime.)
Really, no matter how you slice it, money is at least as important to
emoved by APNIC for not paying
their bills, quickly resolve this situation directly with APNIC (i.e. pay
their bills or otherwise force them to restore whois record).
William
> >Hello all,
> >
> >I've been working on creating bogon ip filtering system in order to stop
&g
the major version changed meantime :-)!
I'm pretty sure that's on the order of 4 years or more for operators.
Since Postfix is run by a lot more enterprises than BIND, let's double
that number! How about, until all the W95 and W98 and W2K servers are
updated
--
William Allen Simps
alifornia state, but central california is
considered to be area Beckerfield - Stockton).
The reason I asked in the first place is that as I suspected, Dan is
interested in peering locations other then bay area. In fact he answered
me that he's interested in peering locations north of Sacr
Northern California, would mean SF Bay Area or not?
Or did you mean real "Northern" part of California (i.e. around Shasta)?
On Mon, 20 Oct 2003, Dan Lockwood wrote:
>
> Although I fail to have one of the stickers, if there is anyone at the
> meeting that is operating in the northern Californi
As some noticed what is shown today for statistics does not show as announced
ip blocks that are announced as entire /8 (3/8 for example). These are
processed separately as exceptions and it'll be easier to wait until all
scripts are run in order so tomorrow statistics page will be back to norma
601 - 700 of 960 matches
Mail list logo