Once upon a time, Lincoln Dale <[EMAIL PROTECTED]> said:
> even with tuned TCP window sizes, make sure you don't have TCP syncookies
> enabled on either endpoint.
IIRC Linux (at least) syncookies only come into play when you are being
syn-flooded (i.e. when the kernel has to start dropping syns).
] On Behalf Of Brian
> Raaen
> Sent: Friday, 18 April 2008 7:00 AM
> To: nanog@merit.edu
> Subject: Re: Bandwidth issues in the Sprint network
>
> Some people wanted to know what I found the problem to be. I have
> discovered.
> the problem for a fact is the TCP window s
@merit.edu
Subject: Re: Cogent Router dropping packets
Cogent frequently have routing and packet loss issues. I can't imagine
VoIP over their network is all that appealing to most people. Last time
I used Cogent I had a problem approx. every month, and I purchased
transit from them.
Good luck
Cogent frequently have routing and packet loss issues. I can't imagine
VoIP over their network is all that appealing to most people. Last time
I used Cogent I had a problem approx. every month, and I purchased
transit from them.
Good luck :-)
Mike Fedyk wrote:
Thank you, the issue seems to
On Wed, 16 Apr 2008, David Ulevitch said:
What else are operators doing to get the pages out when things go wonky?
I added asterisk and a cheap X100P card to my Nagios setup. Now I
can get a voice call if things are really bad.
I started to install some text-to-speech tools also, but got
On Thu, Apr 17, 2008 at 1:00 PM, Brian Raaen <[EMAIL PROTECTED]> wrote:
> Some people wanted to know what I found the problem to be. I have discovered.
> the problem for a fact is the TCP window size on uploads. I have a Linux box
> that I changed the Window sizes to match and I still get 32k
To: Ryan Harden
Cc: nanog@merit.edu
Subject: RE: Cogent Router dropping packets
Thank you, the issue seems to be fixed now at Cogent.
ECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Ryan
Harden
Sent: Thursday, April 17, 2008 1:35 PM
To: Mike Fedyk
Cc: nanog@merit.edu
Subject: Re: Cogent Router dropping packets
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just spoke to cogent about another issue, said they only know about issues
i
Some people wanted to know what I found the problem to be. I have discovered.
the problem for a fact is the TCP window size on uploads. I have a Linux box
that I changed the Window sizes to match and I still get 32k on a upload
window and 64k on a download window. With a ping time of 50ms I h
cruft that the later has.
-Ray
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Darden, Patrick S.
Sent: Thursday, April 17, 2008 1:40 PM
To: nanog@merit.edu
Subject: RE: Google contact?
Thanks everyone! Several people from Google responded very qu
On Thu, Apr 17, 2008 at 11:40 AM, Darden, Patrick S. <[EMAIL PROTECTED]> wrote:
>
>
> Thanks everyone! Several people from Google responded very quickly, and the
> issue was resolved faster than I can believe.
> --Patrick Darden
> --ARMC
>
Proof that free gourmet lunch and dinner, plus snacks
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Just spoke to cogent about another issue, said they only know about
issues in Los Angeles. Nevertheless, 877.726.4386 or [EMAIL PROTECTED]
/Ryan
Mike Fedyk wrote:
> Hi,
>
> Some of our VoIP customers are experiencing issues using our service and it
On Thu, 17 Apr 2008, Joel Jaeggli wrote:
they have ~6% of the employees of the employees of say verizon and slightly
less than the 123 years of cruft that the later has.
Verizon is one company in name only. There are so many groups and
business units, all with their own inbound numbers and
ailto:[EMAIL PROTECTED] On Behalf Of Darden, Patrick
S.
Sent: Thursday, April 17, 2008 1:40 PM
To: nanog@merit.edu
Subject: RE: Google contact?
Thanks everyone! Several people from Google responded very quickly, and the
issue was resolved faster than I can believe.
--Patrick Darden
--ARMC
It'd be nice if more companies of their size responded that way. :)
-Ray
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Darden, Patrick
S.
Sent: Thursday, April 17, 2008 1:40 PM
To: nanog@merit.edu
Subject: RE: Google contact?
Thanks eve
Thanks everyone! Several people from Google responded very quickly, and the
issue was resolved faster than I can believe.
--Patrick Darden
--ARMC
William Herrin wrote:
On Tue, Apr 15, 2008 at 8:49 PM, Martin Hannigan <[EMAIL PROTECTED]> wrote:
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Martin,
So is marketing, yet marketing does have an impact on revenue.
It can be useful to explain the abuse desk as
David Ulevitch; nanog@merit.edu
Subject: Re: Postmaster @ vtext.com (or what are best practice to send SMS
these days)
Verizon at least, uses SS7 signaling to deliver on-network SMS. This
means they can provide delivery confirmation with their SMSes. I am not
aware of another US network that does
Have you called your ISP today?
On 4/16/08, Jake Matthews <[EMAIL PROTECTED]> wrote:
>
> I've sent repeated emails to [EMAIL PROTECTED]/com/*, no response yet.
> There is an IRC DDoS bot on EFnet actively attacking users - and has
> been for quite a while, as you can see from the signon date.
most likely this will be considered off topic even there.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Bill Nash
Sent: Wednesday, April 16, 2008 4:36 PM
To: Jake Matthews
Cc: nanog@merit.edu
Subject: Re: Anyone from Verio here?
Just going off your
Verizon at least, uses SS7 signaling to deliver on-network SMS. This
means they can provide delivery confirmation with their SMSes. I am not
aware of another US network that does this or interacts with Verizon
over SS7 for SMS exchange.
So, if you are using a phone's SMS capability on the s
Just going off your email address/domain, it occurs to me that your
problem may in fact be far to leet for the likes of nanog to handle. Have
you tried an efnet oper? They have far superior leetness, and quite likely
a little more time on their hands. One of them may also own that botnet,
so
Actually, looks like A-Z is taken and they span across all of the
available servers on EFnet.
| a ([EMAIL PROTECTED]) (British Virgin Islands)
: ircname : diane kruger
| channels : @#tcp @#ping @#nsa.gov @#london @#jupe @#dust
| server : irc.nac.net (Jews control irc, too!)
: idle : 25
On Wed, Apr 16, 2008 at 03:39:05PM -0400, Joe Abley wrote:
>
> On 16 Apr 2008, at 13:33 , Simon Waters wrote:
>
> > Ask anyone in the business "if I want a free email account who do I
> > use.." and you'll get the almost universal answer Gmail.
>
> I think amongst those not in the business the
> Subject: Re: Abuse response [Was: RE: Yahoo Mail Update]
> From: [EMAIL PROTECTED]
> Date: Wed, 16 Apr 2008 12:02:02 -0400
>
> On Wed, 16 Apr 2008 00:38:33 CDT, Chris Boyd said:
>
> > - I'd like to see an actual response beyond an autoreply saying that you
> >
On 16 Apr 2008, at 13:33 , Simon Waters wrote:
Ask anyone in the business "if I want a free email account who do I
use.." and
you'll get the almost universal answer Gmail.
I think amongst those not in the business there are regional trends,
however. Around this neck of the woods (for som
In my experience, even with TAP, sending messages to a cell phone is
spotty at best. I have folks on both uni-directional pagers via TAP or
SNPP, as well as cell phones via e-mail and TAP. There isn't a
noticeable difference in delivery time between e-mail and TAP on the phones.
Cell to Cell
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- [EMAIL PROTECTED] wrote:
> So what sort of response did you actually *want*?
Actually, I'm more concerned with alerting you that someone
inserted a nasty .js or iFrame on one of your websites and I'd
like to you to clean it up, thanks. ;-)
I'm
.
- d.
On Wed, 16 Apr 2008, Patrick Shoemaker wrote:
Date: Wed, 16 Apr 2008 13:33:40 -0400
From: Patrick Shoemaker <[EMAIL PROTECTED]>
Cc: nanog@merit.edu
Subject: Re: Postmaster @ vtext.com (or what are best practice to send SMS
these days)
My solution is to use a modem / POT
Dave Pooser wrote:
Handling the abuse desk well (or poorly) builds (or damages) the brand.
...among people who are educated among such things. Unfortunately, people
with clue are orders of magnitude short of a majority, and the rest of the
world (ie: potential customers) wouldn't know an abuse
rrick
From: [EMAIL PROTECTED] on behalf of Randy Epstein
Sent: Wed 4/16/2008 1:22 PM
To: 'David Ulevitch'; nanog@merit.edu
Subject: RE: Postmaster @ vtext.com (or what are best practice to send SMS
these days)
David Ulevitch wrote:
> What else are operators doing to
Yes, this is still a good route for those of us with old pagers
(cell/pager via e-mail have had horrendous drop rates for me, likely due
to the volume of messages). If the network issue is severe enough that
your Internet access is not working, you can still dial via a modem.
Even then things don'
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I have one of these babies
http://www.multitech.com/PRODUCTS/Families/MultiModemCDMA/
with SMS Server Tools 3 running (hacked up for CDMA, cuz they dont'
support CDMA out of the box)
$40 a month does the trick
There was a good thread about sms notifi
On Wednesday 16 April 2008 17:47, Dave Pooser wrote:
>
> > It can be useful to explain the abuse desk as being just another form
> > of marketing, another form of reputation management that happens to be
> > specific to Internet companies.
>
> Is it?
.. SNIP good points about abuse desks ..
In
If you stick with SMS messages, the weakest link will always be the carriers
SMS gateway. Since this is the last item in the chain, any upstream service
will still be handicapped by the gateway. I've worked with a variety of
carriers, and they have all had problems at one point or another with the
My solution is to use a modem / POTS line hanging off the nagios box
along with the qpage daemon to send alerts out through a TAP gateway. If
you need the specs and 800 number for Verizon's TAP gateway I can send
it offlist.
http://www.dynowski.com/blog/2006/05/19/using-nagios-with-quickpage
> It can be useful to explain the abuse desk as being just another form
> of marketing, another form of reputation management that happens to be
> specific to Internet companies.
Is it? I mean, I may know that (a hypothetical) example.com is a
pink-contract-signing batch of incompetents who spew
David Ulevitch wrote:
> What else are operators doing to get the pages out when things go wonky?
Get a pager! :) SMS is just not as reliable.
> David
Randy
On Tue, Apr 15, 2008 at 8:49 PM, Martin Hannigan <[EMAIL PROTECTED]> wrote:
> Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Martin,
So is marketing, yet marketing does have an impact on revenue.
It can be useful to explain the abuse desk as being just another form
On Wed, 16 Apr 2008 00:38:33 CDT, Chris Boyd said:
> - I'd like to see an actual response beyond an autoreply saying that you
> can't tell me who the customer is or what actions were taken.
Well, let's see. If you're reporting abuse coming from my AS, it's almost
certainly one of 2 things:
1)
esn't have
that checkbox.
If the abuse desk has already acted upon it, why not have the automated
system let me know?
Frank
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Wednesday, April 16, 2008 5:08 AM
To: nanog@merit.
On Wed, Apr 16, 2008 at 11:07:42AM +0100, [EMAIL PROTECTED] wrote:
> If people had succeeded in cleaning up the abuse problems in 1995
> when the human touch was still feasible, we would not have the
> situation that we have today. Automation is the only way to address
> the flood of abuse email,
On Tue, Apr 15, 2008 at 08:49:39PM -0400, Martin Hannigan wrote:
> Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Two points, the first of which is addressed to this and the second
of which is more of a recommended attitude.
1. There is no doubt that many operations
> So how do the little guys play in this sandbox?
3rd-party aggregation. Where do RBLs get there data?
They act as a 3rd party to aggregate data from many others.
> - It needs to be simple to use. Web forms are a non-starter.
If you have the ability to accept reports via an HTTP REST
applicati
On Tue, 2008-04-15 at 10:56 +0530, Suresh Ramasubramanian wrote:
> If you have high enough numbers of the stuff to report, do what large
> ISPs do among themselves, set up and offer an ARF'd / IODEF feedback
> loop or some other automated way to send complaints, that is machine
> parseable, and th
> Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
They're too busy spamming and phishing to respond to abuse reports?
brandon
Martin Hannigan wrote:
Yes, it is operational.
On 4/15/08, Fred Reimer <[EMAIL PROTECTED]> wrote:
But isn't this what nanog is for? It appears to be more on-topic than the
email threads. More E than S.
As well as 62.0.0.0/8 there is 88.0.0.0/8 (originated by AS13064, with
upstreams of
Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
Some of the folks that are complaining about abuse response generate
revenue addressing these issues. Give me some of that. I'll give you
a priority line to the NOC.
Disclaimer; No offense intended to security providers
On Tue, 15 Apr 2008 19:14:52 EDT, Joe Abley said:
> The downside to such a plan from the customer's perspective is that
> I'm pretty sure most of us would have been really bad helpdesk people.
> There's a lot of skill in dealing with end-users that is rarely
> reflected in the org chart or p
On 15 Apr 2008, at 11:22 , William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email
company to work a month at the abuse desk before they can assume the
duties for which they were hired.
At a long-previous employer we once toyed with the idea of having
everybod
> So, to bring this closer to nanog territory, it's a bit like
> saying that all the sales and customer support staff should
> be given enable access to your routers and encouraged to run
> them on a rotating basis, so that they understand the
> complexities of BGP and will better understand t
On Mon, Apr 14, 2008 at 9:13 PM, jamie <[EMAIL PROTECTED]> wrote:
> Gentlemen (and Ren!):;-)
>
> I'm currently investigating options w.r.t. enterprise-wide (over 250
> device, and by 'device' i mean router and/or switch) configuration
> management (and (ideally) compliance-auditing_and_ass
On Apr 15, 2008, at 11:54 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 2:04 PM, Steve Atkins <[EMAIL PROTECTED]>
wrote:
Unfortunately many of the skills required to be a competent abuse
desk
worker are quite specific to an abuse desk, and are not typically
possessed
by random techn
On Tue, Apr 15, 2008 at 2:04 PM, Steve Atkins <[EMAIL PROTECTED]> wrote:
> Unfortunately many of the skills required to be a competent abuse desk
> worker are quite specific to an abuse desk, and are not typically possessed
> by random technical staff.
Steve,
You don't, per chance, mean to su
On Tue, Apr 15, 2008 at 10:56:02AM +0530, Suresh Ramasubramanian wrote:
>
> On Tue, Apr 15, 2008 at 10:16 AM, Paul Ferguson <[EMAIL PROTECTED]> wrote:
> > As I mentioned in my presentation at NANOG 42 in San Jose, the
> > biggest barrier we face in shrinking the "time-to-exploit" window
> > wi
On Apr 15, 2008, at 10:33 AM, Rich Kulawiec wrote:
On Tue, Apr 15, 2008 at 11:22:59AM -0400, William Herrin wrote:
There's a novel idea. Require incoming senior staff at an email
company to work a month at the abuse desk before they can assume the
duties for which they were hired.
My hunch s
> > I think he was saying that Delta Telecom don't *own*
> > 62.0.0.0/8 and therefore shouldn't be advertising it.
> > Following that Telia shouldn't be accepting the route and
> > then re-announcing it to peers ...
>
> Of course! ... /8? ... Azerb
On Tue, Apr 15, 2008 at 11:22:59AM -0400, William Herrin wrote:
> There's a novel idea. Require incoming senior staff at an email
> company to work a month at the abuse desk before they can assume the
> duties for which they were hired.
>
> My hunch says that's a non-starter. It also doesn't keep
Look into Ziptie.org
We use Alterpoint's Network Authority.
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
jamie
Sent: Monday, April 14, 2008 9:13 PM
To: nanog@merit.edu
Subject: enterprise change/configuration management and compliance
software?
`
Gentlemen (and Ren!
eer
> Coleman Technologies, Inc.
> 954-298-1697
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
> > [EMAIL PROTECTED]
> > Sent: Tuesday, April 15, 2008 9:51 AM
> > To: nanog@merit.edu
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Joe Provo <[EMAIL PROTECTED]> wrote:
>It cannot be understated that even packet pushers and code grinders
who care get stranded in companies where abuse handling is deemed
by management to be a cost center that only saps resources. Paul,
you
William Herrin wrote:
Without conceding the garbage collection issue, let me ask you
directly: how do you propose to motivate qualified folks to keep
working the abuse desk?
Ask AOL?
-Jack
On Tue, Apr 15, 2008 at 10:55 AM, Marshall Eubanks
<[EMAIL PROTECTED]> wrote:
> On Apr 15, 2008, at 10:31 AM, William Herrin wrote:
> > how do you propose to motivate qualified folks to keep
> > working the abuse desk?
>
> That is a good question. (I feel sure that many actually doing the job
>
On Apr 15, 2008, at 7:31 AM, Jim Popovitch wrote:
On Tue, Apr 15, 2008 at 3:39 AM, <[EMAIL PROTECTED]> wrote:
http://xml.coverpages.org/iodef.html
SO, is it generally accepted to use IODEF to report non-SMTP abuse
(web/port scans, etc)?
Probably not, unless you're sending it to someone
Network Engineer
Coleman Technologies, Inc.
954-298-1697
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
jamie
Sent: Tuesday, April 15, 2008 9:35 AM
To: Phil Regnauld
Cc: nanog@merit.edu
Subject: Re: enterprise change/configuration management and compliance
software?
On
L PROTECTED] On Behalf Of
> [EMAIL PROTECTED]
> Sent: Tuesday, April 15, 2008 9:51 AM
> To: nanog@merit.edu
> Subject: RE: Calling TeliaSonera - time to implement prefix filtering
>
>
>
> > >> aut-num:AS29049
> > >> and *of course* they don
On Apr 15, 2008, at 10:31 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 10:00 AM, Marshall Eubanks
<[EMAIL PROTECTED]> wrote:
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
That is one place that modern antispam efforts fall apart. It's the
same problem that afflicts tech support in
On Tue, Apr 15, 2008 at 10:00 AM, Marshall Eubanks
<[EMAIL PROTECTED]> wrote:
>
> On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
> > That is one place that modern antispam efforts fall apart. It's the
> > same problem that afflicts tech support in general. The problem exists
> > for the same
On Tue, Apr 15, 2008 at 3:39 AM, <[EMAIL PROTECTED]> wrote:
>
> http://xml.coverpages.org/iodef.html
SO, is it generally accepted to use IODEF to report non-SMTP abuse
(web/port scans, etc)?Everyone seems to be on the SMTP bandwagon
this week, what about the miscreant customers of Internet
On Apr 15, 2008, at 9:43 AM, William Herrin wrote:
On Tue, Apr 15, 2008 at 8:34 AM, Rich Kulawiec <[EMAIL PROTECTED]> wrote:
- Automation is far less important than clue. Attempting to
compensate
for lack of a sufficient number of sufficiently-intelligent,
experienced,
diligent staff wit
On Tue, Apr 15, 2008 at 02:01:26PM +0100, [EMAIL PROTECTED] wrote:
> > - Automation is far less important than clue. Attempting to
> > compensate for lack of a sufficient number of sufficiently-
> > intelligent, experienced, diligent staff with automation is
> > a known-losing strategy, as anyone
> >> aut-num:AS29049
> >> and *of course* they don't own 62.0.0.0/8.
> >
> > Own!?
>
> I think he was saying that Delta Telecom don't *own*
> 62.0.0.0/8 and therefore shouldn't be advertising it.
> Following that Telia shouldn
On Tue, Apr 15, 2008 at 8:34 AM, Rich Kulawiec <[EMAIL PROTECTED]> wrote:
> - Automation is far less important than clue. Attempting to compensate
> for lack of a sufficient number of sufficiently-intelligent, experienced,
> diligent staff with automation is a known-losing strategy, as anyone
> I think he was saying that Delta Telecom don't *own* 62.0.0.0/8 and
> therefore shouldn't be advertising it. Following that Telia shouldn't be
> accepting the route and then re-announcing it to peers ...
Exactly.
Steinar Haug, Nethelp consulting, [EMAIL PROTECTED]
On Tue, Apr 15, 2008 at 2:31 AM, Phil Regnauld <[EMAIL PROTECTED]> wrote:
> jamie (j) writes:
> > `
> > device, and by 'device' i mean router and/or switch) configuration
> > management (and (ideally) compliance-auditing_and_assurance) software.
> >
> > We currently use Voyence (now EMC) and are
descr: Azerbaijan Republic
and *of course* they don't own 62.0.0.0/8.
Own!?
I think he was saying that Delta Telecom don't *own* 62.0.0.0/8 and
therefore shouldn't be advertising it. Following that Telia shouldn't be
accepting the route and then re-announcing it to pee
> - Automation is far less important than clue. Attempting to
> compensate for lack of a sufficient number of sufficiently-
> intelligent, experienced, diligent staff with automation is
> a known-losing strategy, as anyone who has ever dealt with
> an IVR system knows.
Given that most of us use
> We're currently receiving the following prefix from
> TeliaSonera on one of our IP transit links in Oslo:
> aut-num:AS29049
> as-name:Delta-Telecom-AS
> descr: Delta Telecom LTD.
> descr: International Communication Operator
> descr: Azerbaijan Republ
I largely concur with the points that Paul's making, and would
like to augment them with these:
- Automation is far less important than clue. Attempting to compensate
for lack of a sufficient number of sufficiently-intelligent, experienced,
diligent staff with automation is a known-losing strate
On Tue, Apr 15, 2008 at 12:31:33PM +0530, Suresh Ramasubramanian wrote:
>
> On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson <[EMAIL PROTECTED]> wrote:
[snip]
> > It should be simple -- not require a freeking full-blown "standard".
>
> Its a standard. And it allows automated parsing of these com
do you remember the days when some of us would only take routing table
updates
from andrew partan, because we trusted him?
that's what it's like now wrt takedowns.
do not minimize the use of malicious takedowns by twits and bad guys,
who fabricate a report
of misfeasance to get their enem
Well,
at Exodus we started talkimg about IASON.
In the long run everybody was afraid of IASON. They dared not
work on it.
Later I developed some bits and parts.
When we changed hardware in a small company (200 PCs, 20 servers
5 HP Procurve switches and two routers) IASON would discover
the swi
Frank Bulk - iNAME wrote:
Yes, internet service providers and operators don't need to listen, but I
can't see how Yahoo's e-mail and abuse handling history arises out of good
business decisions.
How would Yahoo benefit from better staffing of their abuse desk? What
do they gain, besides th
> The boilerplate is no damned use. PIRT - and you - should be
> focusing on feedback loops, and that would practically
> guarantee instant takedown, especially when the notification
> is sent by trusted parties.
>
> > Again, our success rate is somewhere in the 50% neighborhood.
>
> With
jamie (j) writes:
> `
> device, and by 'device' i mean router and/or switch) configuration
> management (and (ideally) compliance-auditing_and_assurance) software.
>
> We currently use Voyence (now EMC) and are looking into other options for
> various reasons, support being in the top-3 ...
On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson <[EMAIL PROTECTED]> wrote:
> Really.
>
> How many people are actually doing IODEF?
>
> http://www.terena.org/activities/tf-csirt/iodef/
AISI - for example - and AISI feeds the top 25 australian ISPs - takes
IODEF as an input
And MAAWG does ARF,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Suresh Ramasubramanian" <[EMAIL PROTECTED]> wrote:
>Do ARF, do IODEF etc. You will find it much easier for abuse desks
>that care to process your reports. You will also find it easier to
>feed these into nationwide incident response / alert s
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Suresh Ramasubramanian" <[EMAIL PROTECTED]> wrote:
>Do ARF, do IODEF etc. You will find it much easier for abuse desks
>that care to process your reports. You will also find it easier to
>feed these into nationwide incident response / alert s
On Tue, Apr 15, 2008 at 11:04 AM, Paul Ferguson <[EMAIL PROTECTED]> wrote:
> In fact, we have done just that -- develop a standard boilerplate
> very similar to what PIRT uses in its notification(s) to the
> stakeholders in phishing incidents.
The boilerplate is no damned use. PIRT - and you
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Suresh Ramasubramanian" <[EMAIL PROTECTED]> wrote:
>If you send reports with lots of legal boilerplate, or reports with
>long lectures on why you expect an INSTANT TAKEDOWN, and send them to
>a busy abuse queue, there is no way - and zero reaso
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Suresh Ramasubramanian" <[EMAIL PROTECTED]> wrote:
>If you send reports with lots of legal boilerplate, or reports with
>long lectures on why you expect an INSTANT TAKEDOWN, and send them to
>a busy abuse queue, there is no way - and zero reaso
On Tue, Apr 15, 2008 at 10:16 AM, Paul Ferguson <[EMAIL PROTECTED]> wrote:
> As I mentioned in my presentation at NANOG 42 in San Jose, the
> biggest barrier we face in shrinking the "time-to-exploit" window
> with regards to contacting people responsible for assisting in
> mitigating maliciou
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Paul Ferguson" <[EMAIL PROTECTED]> wrote:
>Mow, this has no bearing on the original subject (which I have now
>forgotten what it is -- oh yeah, something about Yahoo! mail), but
>it should be additional proof that the Bad Guys know how to
>mani
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- "Frank Bulk - iNAME" <[EMAIL PROTECTED]> wrote:
>72 hours to respond to e-mail sent to the abuse account? That's much too
long -- it should be at least a 4 hour response time during business hours,
and for service providers and operators large
y, April 13, 2008 4:11 PM
To: Rob Szarka
Cc: nanog@merit.edu
Subject: Re: Yahoo Mail Update
You can tell Earthlink whatever you want but it doesn't mean they need
to follow it. Please read my previous reply about business decisions.
I would agree that it is good for business to try and foll
On Mon, Apr 14, 2008 at 6:18 AM, Rich Kulawiec <[EMAIL PROTECTED]> wrote:
> On Sun, Apr 13, 2008 at 03:55:13PM -0500, Ross wrote:
> > Again I disagree with the principle that this list should be used for
> > mail operation issues but maybe I'm just in the wrong here.
>
> I don't think you're g
On Mon, Apr 14, 2008 at 3:05 PM, Stuart Henderson <[EMAIL PROTECTED]> wrote:
>
> On 2008-04-14, Christopher Morrow <[EMAIL PROTECTED]> wrote:
> > It's got some interesting implications if it's: domain.exe ... 'did
> > you mean to go to domain.exe or execute domain.exe or display
> > domain.pdf
On 2008-04-14, Christopher Morrow <[EMAIL PROTECTED]> wrote:
> It's got some interesting implications if it's: domain.exe ... 'did
> you mean to go to domain.exe or execute domain.exe or display
> domain.pdf ?' the UI folks will have a headache with that I bet... I
> could see a rule set (simplifi
On Mon, Apr 14, 2008 at 11:17 AM, <[EMAIL PROTECTED]> wrote:
> On Sun, 13 Apr 2008 17:50:25 EDT, Barry Shein said:
>
> > > So this is (yet another) fishing expidition -- as MIME types are a handy
> > > list, if any of those strings were present in a header, as in
> > > [EMAIL PROTECTED], wo
> -Original Message-
> From: Randy Bush [mailto:[EMAIL PROTECTED]
> Sent: Monday, April 14, 2008 12:56 PM
> To: Martin Hannigan
> Cc: nanog@merit.edu
> Subject: nanog volume (was: Problems sending mail to yahoo?)
>
> > Can we wrap the mail threads up
>
> actually, i am still learning fro
1 - 100 of 45663 matches
Mail list logo