Subject: Re: AD and enforced password policies Date: Tue, Jan 03, 2012 at
02:16:38PM - Quoting Tim Franklin (t...@pelican.org):
There is indeed a difference between Europe (or is it only .SE?) and
USA here; no bank in Sweden lets you login without at least a client
certificate and
Subject: Re: AD and enforced password policies Date: Tue, Jan 03, 2012 at
10:58:35PM -0600 Quoting Jimmy Hess (mysi...@gmail.com):
Manual forced immediate password expiration should be in the security
admin's toolbox as a possible response to observation of questionable or
potentially
for incoming mail that is *accepted*, i.e. not stuff like
2012-01-04 00:37:28 REJECT because 118.39.80.118 listed in
rbl-plus.mail-abuse.org
2012-01-04 00:37:28 H=(nexo.es) [118.39.80.118] F=ped...@nexo.es rejected
RCPT owner-radius...@ops.ietf.org: blocked because 118.39.80.118 is in
Randy Bush (randy) writes:
7.8% is over ipv6 transport
but only 2% of outgoing deliveries are over ipv6.
what do other folk see?
What's your primary configuration ? Hub, end user system ?
Care to share the methodology ? I can run some stats, but want
to be sure
On 12/28/11 07:30 , Ryan Malayter wrote:
Except nowhere in there is the prefix length for the test indicated,
and the exact halving of forwarding rate for IPv6 leads one to believe
that there are two TCAM lookups for IPv6 (hence 64-bit prefix lookups)
versus one for IPv4.
A cam (assuming
7.8% is over ipv6 transport
but only 2% of outgoing deliveries are over ipv6.
What's your primary configuration ? Hub, end user system ?
the main smtp receiver and sender for maybe 100 users and a few
dozen mailing list of small to lower middle class size.
Care to share the methodology ? I
Am 04.01.2012 11:10, schrieb Randy Bush:
for incoming mail that is *accepted*, i.e. not stuff like
2012-01-04 00:37:28 REJECT because 118.39.80.118 listed in
rbl-plus.mail-abuse.org
2012-01-04 00:37:28 H=(nexo.es) [118.39.80.118] F=ped...@nexo.es
rejected RCPT
Hi,
I'm in the process of deploying an anycast DNS service internally. We're
on a pretty provider-like network, where we run MPLS to provide several
network overlays for different services. iBGP is used to distribute
routing information, and ISIS is used as IGP. In one of the VRFen we
would like
On Jan 4, 2012, at 5:26 AM, Randy Bush wrote:
7.8% is over ipv6 transport
but only 2% of outgoing deliveries are over ipv6.
What's your primary configuration ? Hub, end user system ?
the main smtp receiver and sender for maybe 100 users and a few
dozen mailing list of small to lower
On Wed, Jan 4, 2012 at 3:56 PM, Randy Bush ra...@psg.com wrote:
zgrep '=.*\[:' /var/spool/exim/log/main* | wc
zgrep '=' /var/spool/exim/log/main* | wc
frodo:/home/suresh# zgrep '=.*\[:' /var/log/exim4/mainlog* | wc
16673 385620 7023087
frodo:/home/suresh# zgrep '='
Received
# grep 'amavis' mail.log | grep Passed | wc -l
1411 (1189 if only counting CLEAN, post amavisd)
#grep 'amavis' mail.log | grep Passed | grep IPv6 | grep -v '::1' | wc -l
255 (253 if only counting CLEAN - so less spam in IPv6 :)
Sent
# grep 'postfix/smtp' mail.log |
Subject: anycast load balancing issue Date: Wed, Jan 04, 2012 at 01:02:55PM
+0100 Quoting Måns Nilsson (mansa...@besserwisser.org):
Trouble is, we find that (untweaked) cost and metric are such that all
nodes are equal.
s/all nodes/all nodes in my pathetically small test case/
Was no issue.
In a message written on Wed, Jan 04, 2012 at 07:18:11AM -0500, Jared Mauch
wrote:
Similar footprint, and I have something like the following on puck:
puck:~$ grep IPv6: /var/log/maillog | grep stat=Sent | wc -l
9043
puck:~$ grep stat=Sent /var/log/maillog | wc -l
110343
I have a mail
On Jan 4, 2012 4:52 AM, Måns Nilsson mansa...@besserwisser.org wrote:
Subject: anycast load balancing issue Date: Wed, Jan 04, 2012 at
01:02:55PM +0100 Quoting Måns Nilsson (mansa...@besserwisser.org):
Trouble is, we find that (untweaked) cost and metric are such that all
nodes are equal.
Randy Bush wrote, on 01/04/2012 05:10 AM:
7.8% is over ipv6 transport
but only 2% of outgoing deliveries are over ipv6.
A consequence of whitelisting?
Simon
--
DTN made easy, lean, and smart -- http://postellation.viagenie.ca
NAT64/DNS64 open-source-- http://ecdysis.viagenie.ca
On 1/4/2012 5:10 AM, Randy Bush wrote:
for incoming mail that is *accepted*, i.e. not stuff like
2012-01-04 00:37:28 REJECT because 118.39.80.118 listed in
rbl-plus.mail-abuse.org
2012-01-04 00:37:28 H=(nexo.es) [118.39.80.118] F=ped...@nexo.es
rejected RCPT
On 1/4/2012 10:46 AM, Mike Tancsa wrote:
I suspect the higher inbound values might be due to tech mailling
lists which tend to come from IPv6 enabled hosts ?
Yeah, all of my (non-internal) ipv6 mail is from such mailing lists.
-Dave
Tom,
It seems NIST recommends ESP over AH.
You can look at the following 2 emails from Manav and Sriram on the IPsecME WG:
http://www.ietf.org/mail-archive/web/ipsec/current/msg07403.html
http://www.ietf.org/mail-archive/web/ipsec/current/msg07407.html
Jack
On Mon, Jan 2, 2012 at 5:57 AM, TR
Is anyone else having trouble accessing www.nanog.org. I can ping the site but
don't get any response from HTTP requests.
--
Ron Bonica
vcard: www.bonica.org/ron/ronbonica.vcf
works for me
I was seeing the same problem, but it seems to be working now.
On Jan 4, 2012, at 11:09 AM, Andrew D Kirch wrote:
works for me
Works for me as well : I will check to see if there was some interruption
in service and report as warranted.
Betty
On Wed, Jan 4, 2012 at 11:09 AM, Andrew D Kirch trel...@trelane.net wrote:
works for me
--
Betty Burke
NewNOG/NANOG Executive Director
Office (810) 214-1218
Direct (510)
The brief problem in accessing www.nanog.org was due to numerous parallel
downloads of a large video file by a single source IP address. We have
no reason to believe it was malicious in intent, but the offender has been
blocked anyway.
Anyone from AS37986 around?
Duane W.
Le 03/01/2012 23:36, Owen DeLong a écrit :
On Dec 24, 2011, at 6:48 AM, Glen Kent wrote:
SLAAC only works with /64 - yes - but only if it runs on
Ethernet-like Interface ID's of 64bit length (RFC2464).
Ok, the last 64 bits of the 128 bit address identifies an Interface
ID which is uniquely
New issues for massive data movement
http://www.infineta.com/sites/default/files/pdf/IRG-2012-Big-Data-Big-Traffic-and-the-WAN.pdf
Henry
Hi Nanog, Owen,
I was wondering if many people are seeing horrendous latency on the free
Hurricane Electric resolvers?
Both accessing the v4 or v6 resolvers have horrendous latency. This could well
be coupled to their free nature and popularity.
So far when contacting Hurricane Electric they
From: Wessels, Duane [mailto:dwess...@verisign.com]
Sent: Wednesday, January 04, 2012 1:41 PM
Subject: Re: Trouble accessing www.nanog.org
The brief problem in accessing www.nanog.org was due to numerous
parallel
downloads of a large video file by a single source IP address. We have
no
On Wed, Jan 04, 2012 at 03:10:13PM -0500, George, Wes wrote:
From: Wessels, Duane [mailto:dwess...@verisign.com]
Sent: Wednesday, January 04, 2012 1:41 PM
Subject: Re: Trouble accessing www.nanog.org
The brief problem in accessing www.nanog.org was due to numerous
parallel
Hi!
But I was wondering if a more permanent solution for these resolvers exist.
74.82.42.42 2373 msec
2001:470:20::2 2592 msec
The google DNS server I'm using is doing swimmingly so far, OpenDNS seems ok
too.
2001:4860:4860::8844 16 msec
[root@ipv6proxy ~]# ping 74.82.42.42
PING
On Wed, Jan 4, 2012 at 3:00 PM, Seth Mos seth@dds.nl wrote:
Hi Nanog, Owen,
I was wondering if many people are seeing horrendous latency on the free
Hurricane Electric resolvers?
Both accessing the v4 or v6 resolvers have horrendous latency. This could
well be coupled to their free
On Wed, Jan 04, 2012 at 09:00:26PM +0100, Seth Mos wrote:
I was wondering if many people are seeing horrendous latency on the
free Hurricane Electric resolvers?
Looks fine to me:
(neodymium:15:27)% dig @74.82.42.42 cnn.com. A
; DiG 9.7.3 @74.82.42.42 cnn.com. A
; (1 server found)
;; global
Hi,
Just pointing out to other responding to this thread that I was referring to
the *query* response times, I said nothing about ICMP which is perfectly fine.
So please stop responding with ping response times already :-)
No, pfSense does not set these per default, they are in wide use
On Wed, Jan 04, 2012 at 09:39:39PM +0100, Seth Mos wrote:
And a similar mistake I see others respond too as well, this is
another domain with just a IPv4 record. That was not really what I was
complaining about but I was not specific enough in my email
When requesting the DNS for the
Le mercredi 04 janvier 2012 à 20:18 +, bmann...@vacation.karoshi.com
a écrit :
On Wed, Jan 04, 2012 at 03:10:13PM -0500, George, Wes wrote:
From: Wessels, Duane [mailto:dwess...@verisign.com]
Sent: Wednesday, January 04, 2012 1:41 PM
Subject: Re: Trouble accessing www.nanog.org
randal k wrote:
This is a huge point. We've had a LOT of trouble finding good network
engineers who have all of the previously mentioned soft attributes -
anything, can't setup a syslog server, doesn't understand AD much less
LDAP, etc. Imagine, an employee who can help themselves 90% of the
Say a
coder gets confused when /tmp fills up and being unaware of this thing
called a search engine and instead will virtually cry help my puter
b0rked, I stuck! and vice versa.
Hah! In my experience, this phenomenon is not unique to coders, sysadmins, or
any other specialization. People
-Original Message-
From: Michael Hallgren [mailto:m.hallg...@free.fr]
Sent: Wednesday, January 04, 2012 1:11 PM
To: bmann...@vacation.karoshi.com
Cc: Wessels, Duane; nanog@nanog.org
Subject: Re: Trouble accessing www.nanog.org
Le mercredi 04 janvier 2012 à 20:18 +,
On Jan 4, 2012, at 3:46 PM, Mark Kamichoff wrote:
On Wed, Jan 04, 2012 at 09:39:39PM +0100, Seth Mos wrote:
And a similar mistake I see others respond too as well, this is
another domain with just a IPv4 record. That was not really what I was
complaining about but I was not specific enough
Once upon a time, Ryan Rawdon r...@u13.net said:
Try random string.pfsense.org (see below) to avoid caching, since the
problem in question does not rely on the name existing. I am able to
reproduce it roughly every 3rd random string I try, definitely not every
time. I am unable to
RB == Randy Bush ra...@psg.com writes:
7.8% is over ipv6 transport
but only 2% of outgoing deliveries are over ipv6.
This is incoming only, mostly mailing lists (including a few *busy* ones):
:; zgrep -Ec 'client=[^[]+\[[^]]+:' /var/log/mail.info* |awk -F: '{i+=$NF} END
{print i}'
33966
:;
does pfsense need real dns hosting maybe?
I hear: http://puck.nether.net/dns ... works.
On Wed, Jan 4, 2012 at 6:48 PM, Chris Adams cmad...@hiwaay.net wrote:
registrar-servers.com.
On Wed, Jan 4, 2012 at 6:10 PM, Michael K. Smith - Adhost
mksm...@adhost.com wrote:
There was a single source IP with 200+ open, active http connections to a
single large media file. The single IP address was blocked. The file itself
is still available on the site.
oh! so the 200 or so
On Jan 4, 2012, at 7:36 PM, Christopher Morrow wrote:
On Wed, Jan 4, 2012 at 6:10 PM, Michael K. Smith - Adhost
mksm...@adhost.com wrote:
There was a single source IP with 200+ open, active http connections to a
single large media file. The single IP address was blocked. The file
On Wed, Jan 4, 2012 at 5:26 AM, Randy Bush ra...@psg.com wrote:
hold your nose
zgrep '=.*\[:' /var/spool/exim/log/main* | wc
zgrep '=' /var/spool/exim/log/main* | wc
and the ever failthful bc :)
err... one of 4 MX's for home email... (I'll catch the others later on)
v6 inbound: $ egrep
On Wed, Jan 4, 2012 at 10:41 PM, Michael K. Smith - Adhost
mksm...@adhost.com wrote:
Err, while we're talking about video files and nanog, why is the video
content still served off (stored content I mean) nanog.org servers?
Why not use one of the many video serving services? some of which are
going offlist
Mike
On Jan 4, 2012, at 7:47 PM, Christopher Morrow wrote:
On Wed, Jan 4, 2012 at 10:41 PM, Michael K. Smith - Adhost
mksm...@adhost.com wrote:
Err, while we're talking about video files and nanog, why is the video
content still served off (stored content I mean) nanog.org
Nathan Eisenberg wrote:
To: Jeroen van Aart jer...@mompl.net, NANOG list nanog@nanog.org
Subject: RE: Looking for a Tier 1 ISP Mentor for career advice.
Date: Wed, 4 Jan 2012 22:25:40 +
Say a
coder gets confused when /tmp fills up and being unaware of this thing
called a search
47 matches
Mail list logo
