http://docs.google.com/viewer?url=http://www.andrisoft.com/files/WANGuard_Platform_Comparison.pdf
--- ma...@mhtx.net wrote:
From: Major Hayden
To: nanog@nanog.org
Subject: Recommendations for DDOS detection software?
Date: Fri, 23 Apr 2010 07:49:26 -0500
Hello there,
Does anyone have any reco
This report has been generated at Fri Apr 23 21:11:46 2010 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date
BGP Update Report
Interval: 15-Apr-10 -to- 22-Apr-10 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS982917201 1.4% 28.8 -- BSNL-NIB National Internet
Backbone
2 - AS38494 1
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 23/04/2010 07:50, Steve Bertrand wrote:
> This is a no-brainer, because I know that everyone who reads this will
> visit the link. All I request is an off-list message stating if you
> could get there or not (it won't be possible to parse my weblogs
Greeting,
I am looking up some ACL rules and there are something i am not quite sure,
I know on cisco router, applying rACL will protect the router itself, no
transit traffic will hit the rACL rules or router RP. So i guess it is safe
i assume rACL only take control and management plane traffic.
- Original Message -
> From: "Leo Bicknell"
> To: "NANOG"
> Sent: Saturday, 24 April, 2010 7:33:21 AM
> Subject: Re: Connectivity to an IPv6-only site
> In a message written on Fri, Apr 23, 2010 at 01:08:30PM -0400,
> valdis.kletni...@vt.edu wrote:
> > No, the problems are probably fur
In a message written on Fri, Apr 23, 2010 at 01:08:30PM -0400,
valdis.kletni...@vt.edu wrote:
> No, the problems are probably further back in time. We first started turning
> up
> IPv6 back in 1997 or so. There's a *very* good chance that we turned it off a
> decade ago (or whenever people *firs
Owen DeLong wrote:
On Apr 23, 2010, at 10:16 AM, Matthew Kaufman wrote:
Jack Bates wrote:
Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is to *hide
internal topology*. Yes, addressing the privacy concerns that come from using
lower-64-
On Apr 23, 2010, at 10:16 AM, Matthew Kaufman wrote:
> Jack Bates wrote:
>> Matthew Kaufman wrote:
>>> But none of this does what NAT does for a big enterprise, which is to *hide
>>> internal topology*. Yes, addressing the privacy concerns that come from
>>> using lower-64-bits-derived-from-MAC
On Apr 23, 2010, at 10:34 AM, Matthew Kaufman wrote:
> Matthew Kaufman wrote:
>> Jack Bates wrote:
>>> Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is to
*hide internal topology*. Yes, addressing the privacy concerns that come
from using
> char coolcmd[] = { "echo '. ./_&. ./_'>_;. ./_" };
Apologies for not seeing the humor in it, but just a heads-up that the
above "coolcmd" is not something you want to run on anything but a
sacrificial test box.
It is an obfuscated fork() bomb (denial of service attack), and on some
boxes
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to bgp-st...@lists.apnic.net
For historical data, please see http://thyme.apnic.net.
If you have any comments please contact Philip Smith .
Routing
On 4/23/10 7:09 AM, Greg Estabrooks wrote:
>
>
> Is anyone else out there getting reports of hotmail randomly bouncing
> emails with just a message of "failed"?
>
> Over the last 2 weeks we've had a dozens of complaints of hosting
> customers spanning dozens of domains not receiving emails from
Matthew Kaufman wrote:
Jack Bates wrote:
Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is
to *hide internal topology*. Yes, addressing the privacy concerns
that come from using lower-64-bits-derived-from-MAC-address is
required, but it is also necessar
Jack Bates wrote:
Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is to
*hide internal topology*. Yes, addressing the privacy concerns that
come from using lower-64-bits-derived-from-MAC-address is required,
but it is also necessary (for some organization
On Sat, 24 Apr 2010 02:45:05 +1000, Mark Andrews said:
> Given I've been running dual stack nameservers for the last 7 years
> and never noticed any real problems I expect his problems are actually
> closer to home.
No, the problems are probably further back in time. We first started turning up
I
On 4/23/10 10:47 AM, Jared Mauch wrote:
On Apr 23, 2010, at 12:45 PM, Mark Andrews wrote:
Given I've been running dual stack nameservers for the last 7 years
and never noticed any real problems I expect his problems are actually
closer to home.
Mark
I mirror this experience, I've not seen a
On Apr 23, 2010, at 12:45 PM, Mark Andrews wrote:
> Given I've been running dual stack nameservers for the last 7 years
> and never noticed any real problems I expect his problems are actually
> closer to home.
>
> Mark
I mirror this experience, I've not seen any issues having the nameservers
On 4/23/10 3:49 AM, Dave Hart wrote:
On Fri, Apr 23, 2010 at 08:26 UTC, Steve Bertrand wrote:
- in WHOIS, I have ns1 and ns2.onlyv6.com listed as the authoritative
name servers
- both of these servers *only* have IPv6 addresses
Which seems a bit far afield from reality to me. Yes, there are
In message <5598.1272031...@localhost>, valdis.kletni...@vt.edu writes:
> On Fri, 23 Apr 2010 06:34:43 PDT, Owen DeLong said:
>
> > Bottom line, if your ISP's resolvers cannot issue queries over IPv6,
> > that is a problem that is relatively easy for them to solve. It is worth
> > putting pressur
On Thu, 22 Apr 2010 18:10:10 +1200 (MAGST)
Franck Martin wrote:
> The whole thread made me thought about this:
>
> http://www.ipinc.net/IPv4.GIF
>
> The energy that people are willing to spend to fix it (NAT, LSN), rather than
> bite the bullet is amazing.
>
Probably and sadly, they don't re
On Thu, 22 Apr 2010 10:25:43 -0500
Larry Sheldon wrote:
> On 4/22/2010 10:17, Charles Mills wrote:
> > I think he was actually quoting the movie. They always called Harvey
> > Korman's character "Hedy" and he'd always correct them with "That's
> > Hedley" in a most disapproving tone.
>
> Oh.
>
On Thu, 22 Apr 2010 07:18:18 -0400
William Herrin wrote:
> On Wed, Apr 21, 2010 at 11:31 PM, Owen DeLong wrote:
> > On Apr 21, 2010, at 3:26 PM, Roger Marquis wrote:
> >> William Herrin wrote:
> Not to take issue with either statement in particular, but I think there
> needs to be some
...
> Has nothing to do about being stupid... let's rephrase your statement
> and put a positive spin on it as such:
>
> "I've heard about IPv6, but don't know very much about it. I think that
> I should know more, but am a bit confused as to where to begin. What do
> I do first?".
>
> Then I'd sa
> > What makes you think that not using NAT exposes internal topology??
>
> Or that internal topology cannot leak out through NAT's ? I have seen
> NATed enterprises
> become massively compromised.
NAT allows people to become far too lazy. Your typical NAT allows
connections outbound, typicall
We had a customer of ours call and ask the same thing this week. They
run their own Exchange server, and they were getting delivery failed or
delayed to Hotmail account. Issues started on Monday and I as far as i
know, the issue went away yesterday.
Chris Gotstein, Sr Network
On Apr 23, 2010, at 7:43 AM, Larry Sheldon wrote:
> On 4/23/2010 03:00, Franck Martin wrote:
>> Go get an airport express, install it get your Internet then click
>> ipv6 enable box and that's it. Seriously!
>
> OK--I'll but that on the shopping list. (I'll also look around for
> something fo
On 4/23/2010 04:49, Dave Hart wrote:
> On Fri, Apr 23, 2010 at 08:26 UTC, Steve Bertrand wrote:
>> - in WHOIS, I have ns1 and ns2.onlyv6.com listed as the authoritative
>> name servers
>>
>> - both of these servers *only* have IPv6 addresses
>
> Which seems a bit far afield from reality to me. Y
On 4/23/2010 03:26, Steve Bertrand wrote:
> On 2010.04.23 03:35, Larry Sheldon wrote:
>
>> >From my PC at home (Cox in Omaha) I can't even get a nameserver that
>> knows the site.
>
> Larry... let me explain why. Although you might not understand, others
> will, and you may remember this as somet
On Apr 23, 2010, at 9:17 AM, Clue Store wrote:
But none of this does what NAT does for a big enterprise, which is
to *hide internal topology*. Yes, addressing the privacy concerns
that come from using lower-64-bits-derived-from-MAC-address is
required, but it is also necessary (for some organiz
On 4/23/2010 03:00, Franck Martin wrote:
> Go get an airport express, install it get your Internet then click
> ipv6 enable box and that's it. Seriously!
OK--I'll but that on the shopping list. (I'll also look around for
something for the wired machinery as well.
--
Somebody should have said
On 4/23/2010 02:57, Steve Bertrand wrote:
> On 2010.04.23 03:39, Larry Sheldon wrote:
>> On 4/23/2010 02:35, Larry Sheldon wrote:
>>
>>> >From my PC at home (Cox in Omaha) I can't even get a nameserver that
>>> knows the site.
>>
>> I should point out that I am really stupid about v6--I don't know
On Apr 23, 2010, at 6:17 AM, Jack Bates wrote:
> Matthew Kaufman wrote:
>> But none of this does what NAT does for a big enterprise, which is to *hide
>> internal topology*. Yes, addressing the privacy concerns that come from
>> using lower-64-bits-derived-from-MAC-address is required, but it i
Is anyone else out there getting reports of hotmail randomly bouncing
emails with just a message of "failed"?
Over the last 2 weeks we've had a dozens of complaints of hosting
customers spanning dozens of domains not receiving emails from hotmail
users. Checking our logs shows the message
On Fri, 23 Apr 2010 06:34:43 PDT, Owen DeLong said:
> Bottom line, if your ISP's resolvers cannot issue queries over IPv6,
> that is a problem that is relatively easy for them to solve. It is worth
> putting pressure on your ISP to solve that problem.
Ours are currently intentionally configured t
On Apr 23, 2010, at 5:30 AM, Andy Davidson wrote:
>
> On 23 Apr 2010, at 07:50, Steve Bertrand wrote:
>
>> http://onlyv6.com
>
> Its a shame there is not a pair of images on this site - one originated from
> a v4 only box, one a v6 only box. The img src= could point to the image with
> a qu
>
>
>
> > I'm just saying it's one valid
> > security issue with using any sort of globally unique IP address (v4
> > or v6), in that analyzing a bunch of traffic from a particular
> > netblock would allow one to build a topology map. It's easier with
> > IPv6 since you can presume most if not all
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/23/2010 06:17, Clue Store wrote:
>
>
>> But none of this does what NAT does for a big enterprise, which
>> is to *hide internal topology*. Yes, addressing the privacy
>> concerns that come from using
>> lower-64-bits-derived-from-MAC-address is r
On Apr 23, 2010, at 2:49 AM, Dave Hart wrote:
> On Fri, Apr 23, 2010 at 08:26 UTC, Steve Bertrand wrote:
>> - in WHOIS, I have ns1 and ns2.onlyv6.com listed as the authoritative
>> name servers
>>
>> - both of these servers *only* have IPv6 addresses
>
> Which seems a bit far afield from reali
On Apr 23, 2010, at 12:57 AM, Steve Bertrand wrote:
> On 2010.04.23 03:39, Larry Sheldon wrote:
>> On 4/23/2010 02:35, Larry Sheldon wrote:
>>
From my PC at home (Cox in Omaha) I can't even get a nameserver that
>>> knows the site.
>>
>> I should point out that I am really stupid about v6-
Mohacsi Janos wrote:
On Fri, 23 Apr 2010, Matthew Ford wrote:
On 23 Apr 2010, at 09:00, Franck Martin wrote:
Go get an airport express, install it get your Internet then click
ipv6 enable box and that's it. Seriously!
Hmm. Then why did I just replace my airport and my ISP to get
func
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 4/23/2010 05:42, Jared Mauch wrote:
>
> On Apr 23, 2010, at 5:49 AM, Dave Hart wrote:
>
>> On Fri, Apr 23, 2010 at 08:26 UTC, Steve Bertrand
>> wrote:
>>> - in WHOIS, I have ns1 and ns2.onlyv6.com listed as the
>>> authoritative name servers
>>>
>
Matthew Kaufman wrote:
But none of this does what NAT does for a big enterprise, which is to
*hide internal topology*. Yes, addressing the privacy concerns that come
from using lower-64-bits-derived-from-MAC-address is required, but it is
also necessary (for some organizations) to make it impos
> But none of this does what NAT does for a big enterprise, which is
> to *hide internal topology*. Yes, addressing the privacy concerns
> that come from using lower-64-bits-derived-from-MAC-address is
> required, but it is also necessary (for some organizations) to
> make it impossible to tell tha
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello Major,
You could do this easly with http://www.snort.org/ .
regards,
matthias
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
iQEcBAEBAgAGBQJL0Zg7AAoJEIZn8Rym6s4AzdI
On Apr 23, 2010, at 8:42 AM, Jared Mauch wrote:
>
> On Apr 23, 2010, at 5:49 AM, Dave Hart wrote:
>
>> On Fri, Apr 23, 2010 at 08:26 UTC, Steve Bertrand wrote:
>>> - in WHOIS, I have ns1 and ns2.onlyv6.com listed as the authoritative
>>> name servers
>>>
>>> - both of these servers *only* hav
On Apr 23, 2010, at 5:49 AM, Dave Hart wrote:
> On Fri, Apr 23, 2010 at 08:26 UTC, Steve Bertrand wrote:
>> - in WHOIS, I have ns1 and ns2.onlyv6.com listed as the authoritative
>> name servers
>>
>> - both of these servers *only* have IPv6 addresses
>
> Which seems a bit far afield from reali
On 23 Apr 2010, at 07:50, Steve Bertrand wrote:
> http://onlyv6.com
Its a shame there is not a pair of images on this site - one originated from a
v4 only box, one a v6 only box. The img src= could point to the image with a
query string that was an automatically incrementing counter. Then yo
Godzilla vs. the Smog Monster
- Original Message
From: Dave Hart
To: Tim Franklin
Cc: NANOG
Sent: Fri, April 23, 2010 12:57:47 PM
Subject: Re: Connectivity to an IPv6-only site
On Fri, Apr 23, 2010 at 11:38 UTC, Tim Franklin wrote:
> Assuming your ISP is providing your DNS. What i
1- http://onlyv6.com is not resolving .
2- why would anyone be interested in buying "bit-pipes" from you if you don't
own fiber or ports in a switch?
3- why would anyone be interested in buying ip address space if they can do it
from SP's themselfs or apply for that ripe allocation?
4- ICIN 2
On Fri, Apr 23, 2010 at 11:38 UTC, Tim Franklin wrote:
> Assuming your ISP is providing your DNS. What if I, as a new start-up
> in the IPv4-exhausted world, want to buy pure bit-pipes from my ISP,
> and be responsible for *everything* further up the stack? I don't believe
> this is entirely unc
> Which seems a bit far afield from reality to me. Yes, there are lots
> of folks with IPv6 connectivity and v4-only recursive DNS servers. I
> don't think ISPs will have problems setting aside a handful of IPv4
> addresses for authoritative DNS infrastructure to work around this
> until v6 trans
On Fri, Apr 23, 2010 at 08:26 UTC, Steve Bertrand wrote:
> - in WHOIS, I have ns1 and ns2.onlyv6.com listed as the authoritative
> name servers
>
> - both of these servers *only* have IPv6 addresses
Which seems a bit far afield from reality to me. Yes, there are lots
of folks with IPv6 connectiv
On 2010.04.23 02:50, Steve Bertrand wrote:
> http://onlyv6.com
...email me with your v6 addr/AS whether you can/can't get to that site.
I want to thank everyone thus far for all of the feedback. I've received
at least four dozen off list replies, and expect many more after the
actual North Ameri
On Fri, Apr 23, 2010 at 09:26:10AM +0200, Thomas Habets wrote:
> On Wed, 21 Apr 2010, Chris Cappuccio wrote:
> >OpenBSD post-4.7 (current) is about to get a full BGP MPLS VPN
> >implementation and has ldp working too. Yeah baby
>
> I wouldn't run MPLS with OpenBSD in production quite yet though.
On 2010.04.23 03:28, Mohacsi Janos wrote:
> Hi,
> What is your method to discover who cannot connect to your webserver?
Earlier, in haste, I mistook your "What" for 'why' the first time I read
your question.
My method to discover is very clear cut... either you can get to the
site, or you ca
On Fri, 23 Apr 2010, Matthew Ford wrote:
On 23 Apr 2010, at 09:00, Franck Martin wrote:
Go get an airport express, install it get your Internet then click ipv6 enable
box and that's it. Seriously!
Hmm. Then why did I just replace my airport and my ISP to get functioning IPv6?
Hint: 6t
On 2010.04.23 03:35, Larry Sheldon wrote:
>>From my PC at home (Cox in Omaha) I can't even get a nameserver that
> knows the site.
Larry... let me explain why. Although you might not understand, others
will, and you may remember this as something when you do use IPv6.
Believe me, nobody can reme
On Fri, 2010-04-23 at 01:04 -0500, John Palmer (NANOG Acct) wrote:
> Spam-watch.com
>From the website:
About Spam-watch - This list is meant as a replacement for the SPAM-L
list which was abruptly shut down in May 2009.
On the contrary - Spam-l.com continues on different hosting with
different mo
On 23 Apr 2010, at 09:00, Franck Martin wrote:
> Go get an airport express, install it get your Internet then click ipv6
> enable box and that's it. Seriously!
>
Hmm. Then why did I just replace my airport and my ISP to get functioning IPv6?
Hint: 6to4 != IPv6.
Mat
Go get an airport express, install it get your Internet then click
ipv6 enable box and that's it. Seriously!
Toute connaissance est une réponse à une question
On 23/04/2010, at 19:57, Steve Bertrand wrote:
On 2010.04.23 03:39, Larry Sheldon wrote:
On 4/23/2010 02:35, Larry Sheldon wrote:
On 2010.04.23 03:39, Larry Sheldon wrote:
> On 4/23/2010 02:35, Larry Sheldon wrote:
>
>> >From my PC at home (Cox in Omaha) I can't even get a nameserver that
>> knows the site.
>
> I should point out that I am really stupid about v6--I don't know if I
> should be able to find a nameserver or no
On 2010.04.23 03:28, Mohacsi Janos wrote:
> Hi,
> What is your method to discover who cannot connect to your webserver?
No. It's not *who* but *why*.
This is a personal research project. I'm trying to identify where
breakage happens when trying to connect to an IPv6-only network.
There are
On 4/23/2010 02:35, Larry Sheldon wrote:
>>From my PC at home (Cox in Omaha) I can't even get a nameserver that
> knows the site.
I should point out that I am really stupid about v6--I don't know if I
should be able to find a nameserver or not.
--
Somebody should have said:
A democracy is two
On 4/23/2010 01:50, Steve Bertrand wrote:
> This is a no-brainer, because I know that everyone who reads this will
> visit the link. All I request is an off-list message stating if you
> could get there or not (it won't be possible to parse my weblogs for
> those who can't):
>
> http://onlyv6.com
On 2010.04.23 02:50, Steve Bertrand wrote:
> This is a no-brainer, because I know that everyone who reads this will
> visit the link. All I request is an off-list message stating if you
> could get there or not (it won't be possible to parse my weblogs for
> those who can't):
>
> http://onlyv6.com
Hi,
What is your method to discover who cannot connect to your
webserver?
Regards,
Janos Mohacsi
Head of HBONE+ project
Network Engineer, Deputy Director of Network Planning and Projects
NIIF/HUNGARNET, HUNGARY
Key 70EF9882: DEC2 C685 1ED4 C95A 145F 4300 6F64 7B00 70EF 9882
On Fri,
On Wed, 21 Apr 2010, Chris Cappuccio wrote:
OpenBSD post-4.7 (current) is about to get a full BGP MPLS VPN
implementation and has ldp working too. Yeah baby
I wouldn't run MPLS with OpenBSD in production quite yet though. Until I
sent in a patch earlier this month it sent out implicit null (l
68 matches
Mail list logo