Yes, unallocated (at least according to ARIN's whois db) but not
unannounced - obviously our network can get to the space or else I
wouldn't be having a spam problem with them! I'm actually seeing this
/20 as advertised through Savvis from AS40430
It seems to me like the best solution might
On Tue, 27 Oct 2009 10:41:46 -0500
Jack Bates wrote:
> Jeroen Massar wrote:
> > But yes, the network stack itself is a different question, then again,
> > you can just route a /64 into the loopback device and let your apache
> > listen there... (which also allows you to do easy-failover as you ca
Brian Johnson wrote:
>> Last time I checked, and this may have changed, the limit in Linux was
>> around 4096.
>
> So in this circumstance you could route a /116 to the server. COOL!
These days what we might at one point have refered to as a host or
server may actually be a hardware container wi
Seen it before - but mostly for malware rather than for spam. And
certainly not long enough / persistent enough for a full fledged spam
campaign (4..5 days rather than a day or two at the most when people
start noticing and dropping the bogus announcement)
On Wed, Oct 28, 2009 at 6:57 AM, Jon Lew
Unallocated doesn't mean non-routed. All a spammer needs is a
willing/non-filtering provider doing BGP with them, and they can announce
any space they like, send out some spam, and then pull the announcement.
Next morning, when you see the spam and try to figure out who to send
complaints to,
On 28/10/2009, at 2:20 PM, Church, Charles wrote:
This is puzzling me. If it's from non-announced space, at some
point some router should report no route to it. How is the TCP
handshake performed to allow a sync to turn into spam?
Unallocated is not the same as unannounced.
This is puzzling me. If it's from non-announced space, at some point some
router should report no route to it. How is the TCP handshake performed to
allow a sync to turn into spam?
Chuck
Chuck Church
Network Planning Engineer, CCIE #8776
Harris Information Technology Services
DOD Programs
121
On 28/10/2009, at 2:00 PM, Suresh Ramasubramanian wrote:
Having been postmastering at various places for about a decade, I have
seen that too - yes. But cymru style filtering means its kind of out
of fashion now.
Sure, if the prefix is within something that cymru call a bogon.
If it's within
On Tue, 27 Oct 2009, Leslie wrote:
I failed to mention we're seeing this from an unallocated /20 whose parent /8
is allocated to ARIN (and is partially in use)
What /20 would that be? If you're sure it's unallocated, and see nothing
but spam from it, block it at your border.
--
Having been postmastering at various places for about a decade, I have
seen that too - yes. But cymru style filtering means its kind of out
of fashion now.
Though - a lot of the cases I've seen have been
1. Out of date whois client and the IP's been allocated after the
whois client came out (wit
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Suresh Ramasubramanian wrote:
> If the /20 is being routed, and announced - chances are it IS allocated.
Don't bet on it. This is one of the oldest spammer tricks in the book. I worked
with ISPs as far back as the late 90s trying to track down poache
What /20 would this be, and can you blame an out of date whois client
or whois db for it?
If the /20 is being routed, and announced - chances are it IS allocated.
On Wed, Oct 28, 2009 at 5:40 AM, Leslie wrote:
> I failed to mention we're seeing this from an unallocated /20 whose parent
> /8 is a
Thanks Steve.
I Know that ALTDB is free, they do a great job for free, I don't complain about
the delay! :)
I'm just checking if there are some outage or similar issue.
I sure will see the donation question close.
Thanks
> -Original Message-
> From: Steve Rubin [mailto:s...@tch.org]
>
Leslie wrote:
First off, I'm not certain if unallocated space in blocks less than a /8
is properly called bogon, so pardon my terminology if I'm incorrect.
Bogon is probably the correct term for any IP space that doesn't belong
on the public Internet because it is reserved, unallocated, etc.
I haven't used cacti in a while, but does it let you combine several
RRD files in to one graph? If so that's useful for power stuff,
because you're likely to want to graph an aggregate of several things
across different devices - for example a+b power of a server, or
aggregate power usage f
On 28/10/2009, at 12:57 PM, Leslie wrote:
First off, I'm not certain if unallocated space in blocks less than
a /8 is properly called bogon, so pardon my terminology if I'm
incorrect.
We're seeing a decent chunk of spam coming from an unallocated block
of address space. We use CYMRU's gr
I failed to mention we're seeing this from an unallocated /20 whose
parent /8 is allocated to ARIN (and is partially in use)
Leslie
Leslie wrote:
First off, I'm not certain if unallocated space in blocks less than a /8
is properly called bogon, so pardon my terminology if I'm incorrect.
We'r
First off, I'm not certain if unallocated space in blocks less than a /8
is properly called bogon, so pardon my terminology if I'm incorrect.
We're seeing a decent chunk of spam coming from an unallocated block of
address space. We use CYMRU's great list of /8 bogon space to prevent
completel
Cacti is a cracking bit of software, but I found this difficult to
integrate and customize to what we required.
I ended up writing our own, custom pollers, Database backend, web frontend
and rrd to generate the graphing.
We were quoted something like £50k for something awfully similar..
C
To expand on this from a programmers perspective, usually at the kernel/network
stack level, a "patricia" radix-style trie is used for fast ipv6 lookups.
The benefit of the patricia trie being that if you only have a difference
keylength of 8 bits (/120) then the ip lookup only takes 8 steps in
On Oct 27, 2009, at 7:25 AM, Renato Frederick wrote:
Hello
I'm having some problems to send a new record to ALTDB by using mail.
Old records work OK and I can update.
Someone here at nanog is having same issues? Is there any ALTDB
admins here?
Thanks!
ALTDB is free and you get what
On Tue, Oct 27, 2009 at 02:05:36PM +, Michael Dillon wrote:
> But, when IPv6 is a bit more common, there is no need for virtual
> hosters to share
> a single IP address between several sites. They may as well use a
> unique IPv6 address
> for every single site, even if they are all on the same
Option 5 sounds like it fits the bill to me. After all, what HE said was
basically "take the site down or else" to which they backed down but then wound
up turning service down anyway.
It is truly disappointing to see HE evolve in this way. I hope that their
management decides to change the w
Mayfirst / Peoplelink did not get any notice that service would be turned down
prior to it happening.
Hurricane has had a really bad history of handling copyright complaints. The
situation for example resulting in mayfirst's circuit being turned down had
nothing at all to do with copyright and
Is anyone seeing duplicate packets coming out of Level 3 on the West Coast of
the US ?, we are seeing major issues routing across their network with horrible
results to our end points with what looks to be duplicate packets and or split
routes.
Anyone on the list with level 3 ?? if so please c
> -Original Message-
> From: Ray Soucy [mailto:r...@maine.edu]
> Sent: Tuesday, October 27, 2009 9:45 AM
> To: Jeffrey Ollie
> Cc: North American Network Operators Group
> Subject: Re: IPv6 could change things - Was: DMCA takedowns of
networks
>
> > But do the commonly-used operating syste
On Tue, Oct 27, 2009 at 10:25:31AM -0400, Renato Frederick wrote:
> Hello
>
> I'm having some problems to send a new record to ALTDB by using mail.
> Old records work OK and I can update.
> Someone here at nanog is having same issues? Is there any ALTDB admins here?
> Thanks!
>
I recently submi
Once upon a time, Jeffrey Ollie said:
> But do the commonly-used operating systems support adding hundreds or
> thousands of addresses to an interface, and what would the performance
> implications be?
I've got Linux (and even Windows) boxes with several hundred IPs bound
today; I don't see why I
> But do the commonly-used operating systems support adding hundreds or
> thousands of addresses to an interface, and what would the performance
> implications be?
>
> Jeff Ollie
Last time I checked, and this may have changed, the limit in Linux was
around 4096.
In practice though, you also have
Jeroen Massar wrote:
But yes, the network stack itself is a different question, then again,
you can just route a /64 into the loopback device and let your apache
listen there... (which also allows you to do easy-failover as you can
move that complete /64 to a different box ;)
You are still com
On Tue, Oct 27, 2009, Jeroen Massar wrote:
> But yes, the network stack itself is a different question, then again,
> you can just route a /64 into the loopback device and let your apache
> listen there... (which also allows you to do easy-failover as you can
> move that complete /64 to a differen
Jeffrey Ollie wrote:
[..]
> But do the commonly-used operating systems support adding hundreds or
> thousands of addresses to an interface, and what would the performance
> implications be?
Remember that IP addresses are 128bits, while hostnames (the ones for
the "Host:" header in the HTTP query)
Hello
I'm having some problems to send a new record to ALTDB by using mail.
Old records work OK and I can update.
Someone here at nanog is having same issues? Is there any ALTDB admins here?
Thanks!
On Tue, Oct 27, 2009 at 9:05 AM, Michael Dillon
wrote:
>
> But, when IPv6 is a bit more common, there is no need for virtual
> hosters to share
> a single IP address between several sites. They may as well use a
> unique IPv6 address
> for every single site, even if they are all on the same serve
Michael Dillon wrote:
[..]
> [..] The
> side effect of this is
> that it makes the network operator's tool sharper, and able to knock
> down single sites
> with a /32 ACL.
You actually mean a /128 in the case of IPv6, the /32 would be the
complete ISP...
> For a hosting provider, I would think th
> Not sure how much I believe of the article and its lack of detail and
> chopped quotes...but did HE really disconnect an entire downstream network
> over a DMCA notice, or did they null route a /32 that was used by a customer
> to host hundreds of virtual web sites?
Since the tools at a network
> I have a client in the US looking to connect up an office in China and I'm
> wondering what type of connections are avilable and wether IPSEC VPNs can be
> established through the 'Great firewall of China'.
If you want an IP-MPLS VPN, BT has PoPs in Beijing, Guangzhou,
Shanghai and Hong Kong.
Ch
37 matches
Mail list logo