On Sun, 6 Dec 2009, Bill Stewart wrote:
On Sun, Dec 6, 2009 at 2:56 PM, Sean Donelan wrote:
In particular, what anti-forgery/security controls should network operators
implement and check; and what anti-forgery/security controls should network
operators not implement or check?
Depends a bit o
Smokeping has SmokeTrace
http://oss.oetiker.ch/smokeping/
New in Version 2.4 (The SmokeTrace edition)
SmokeTrace: An Ajax Traceroute tool. Try the demo. SmokeTrace is written in
javascript, using the qooxdoo framework, which is responsible for all the cross
browser glory.
This may be what yo
Google has got a lot of data centers around the world, but the DNS servers
are located in some of these.
There is the list of data centers with DNS servers:
USA, Atlanta
USA, Reston,VA
USA, Seattle
USA, California
Brazil, Sao Paulo
Taiwan, Taipei City
Germany, Frankfurt/Main
Netherlands, Groninge
> The problem we face is that some people we work with can't do that
Then explain that client-side (their users, to whom they send mail) are
probably using Hotmail, et.al. and SPF will simply not allow "spoofing"
which is what they want to do, unless they either :
A) add the SPF record as previo
>>
>> now Google DNS, anything more?
>>
>> http://googlecode.blogspot.com/2009/12/introducing-google-public-dns-new-dns.html
>
Probably in support of their various Android netbooks that are in the pipe.
They'll likely come pre-configured to use GoogleDNS .. that way they
won't (accidentally) loo
On Dec 7, 2009, at 9:51 AM, Michael Holstein wrote:
>
>> The problem we face is that some people we work with can't do that
>
> Then explain that client-side (their users, to whom they send mail) are
> probably using Hotmail, et.al. and SPF will simply not allow "spoofing" which
> is what the
On Mon, Dec 7, 2009 at 11:21 PM, Michael Holstein
wrote:
>
> Personally, I think SPF is a major PITA operations-wise .. but if you've
> ever had to fill out the form to get un-blacklisted at Yahoo/AOL, that's
> one of the first things they ask .. "do you have a spfv1 record defined?".
With yahoo
>I would love to know how the marketplace wants to handle "Official Mail,"
>but I'm not expecting useful answers here.
The marketplace doesn't have a clue. We have a plenty of tools in the
toolbox, from heavyweight S/MIME to lighter weight DKIM+VBR to
proprietary Goodmail, but among the mailers
>Will be interesting to see if ISPs respond to a large scale thing like
>this taking hold by blocking UDP/TCP 53 like many now do with tcp/25
>(albeit for other reasons). Therein lies the problem with some of the
>"net neturality" arguments .. there's a big difference between "doing it
>because it
On Dec 7, 2009, at 5:29 PM, John Levine wrote:
>> Will be interesting to see if ISPs respond to a large scale thing like
>> this taking hold by blocking UDP/TCP 53 like many now do with tcp/25
>> (albeit for other reasons). Therein lies the problem with some of the
>> "net neturality" arguments .
Jared Mauch wrote:
The University of Michigan Hospitals have a guestnet wireless that is ghetto
and blocks
IMAP over SSL. Attempts to get them to correct this have fallen on deaf ears.
I can't even
VPN out to work around the sillyness, which typically works in other
hotel/guestnet scenarios.
On 12/7/09 4:00 PM, Jared Mauch wrote:
Providers to avoid: US Signal Corporation. (64.141.138.226 was my
natted IP in a Hampton Inn depsite whois/swip).
Add Air2Data (seen in Best Western in WY). 20 someodd APs, all
routerboards, all same SSID, overlapping channels, hijacking 80 and 53.
On Dec 7, 2009, at 7:23 PM, Brielle Bruns wrote:
> I'm noticing alot of these places are doing things which work perfectly with
> Windows, but not Mac, Linux, etc. Drives me bonkers, and we make sure to let
> management know we won't stay at their hotel in the future because of said
> issues.
Swisscom Eurospot - found all through europe and ruinously expensive
at like 25 euro a day, 9 euro an hour
See http://www.mcabee.org/lists/nanog/Feb-07/msg00046.html for what
goes on there .. dns proxying, and broken at that.
On Tue, Dec 8, 2009 at 6:08 AM, Jared Mauch wrote:
>
> On Dec 7, 2009,
Disclaimer: /I work for a company that provides these services./
IMHO there is no need for any sort of DNS redirection after user
authentication has taken place.
We of course redirect UDP/TCP 53 to one of our servers along with 80
(http) 443 (https) 8080, 3128 (proxy) to the local hotspot *be
You could just firewall off port 25 and leave 587 open - to save
yourself from a bunch of viruses and such.
A lot of people will use webmail anyway - from a hotel. And you avoid
getting blacklisted
The other option is to install a device that examines email flows and
allows only stuff it doesnt t
Suresh Ramasubramanian wrote:
You could just firewall off port 25 and leave 587 open - to save
yourself from a bunch of viruses and such.
A lot of people will use webmail anyway - from a hotel. And you avoid
getting blacklisted
The problem with doing that is that users don't understand it. Al
On Dec 7, 2009, at 6:00 PM, Jared Mauch wrote:
>
> On Dec 7, 2009, at 5:29 PM, John Levine wrote:
>
>>> Will be interesting to see if ISPs respond to a large scale thing like
>>> this taking hold by blocking UDP/TCP 53 like many now do with tcp/25
>>> (albeit for other reasons). Therein lies th
On Mon, Dec 07, 2009 at 09:48:25PM -0500, Steven Bellovin wrote:
>
> On Dec 7, 2009, at 6:00 PM, Jared Mauch wrote:
>
> >
> > On Dec 7, 2009, at 5:29 PM, John Levine wrote:
> >
> >>> Will be interesting to see if ISPs respond to a large scale thing like
> >>> this taking hold by blocking UDP/TC
> IMHO there is no need for any sort of DNS redirection after user
> authentication has taken place.
It may be hazardous even before user authentication has taken place.
Even given a very low TTL, client resolvers may cache answers returned
during that initial authentication.
> We of course redi
It's why I run an ssh server on 443 somewhere -- and as needed, I
ssh-tunnel http to a squid proxy, smtp, and as many IMAP/SSL connections
as I really need...
Same here. It's the most reliable way to break out of a hotel jail.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of "The
Martin Hannigan expunged (mar...@theicelandguy.com):
>
> Why did Google put an infrastructure critical application into PA space?
>
I'm not sure what the policy is now, but it seemed that when I was at L3
(losing my memory at this point) 4/8 was used as PA space and 8/8 was basically
handed o
On Dec 7, 2009, at 10:35 PM, John R. Levine wrote:
>> It's why I run an ssh server on 443 somewhere -- and as needed, I ssh-tunnel
>> http to a squid proxy, smtp, and as many IMAP/SSL connections as I really
>> need...
>
> Same here. It's the most reliable way to break out of a hotel jail.
F
On Dec 7, 2009, at 10:18 PM, Lou Katz wrote:
> On Mon, Dec 07, 2009 at 09:48:25PM -0500, Steven Bellovin wrote:
>>
>> On Dec 7, 2009, at 6:00 PM, Jared Mauch wrote:
>>
>>>
>>> On Dec 7, 2009, at 5:29 PM, John Levine wrote:
>>>
> Will be interesting to see if ISPs respond to a large scale t
In message <200912080332.nb83wkso037...@aurora.sol.net>, Joe Greco writes:
> > IMHO there is no need for any sort of DNS redirection after user
> > authentication has taken place.
>
> It may be hazardous even before user authentication has taken place.
> Even given a very low TTL, client resolve
25 matches
Mail list logo
