> I think this is an interesting concept, but i don't know how well it will
> hold up in the long run. All the initial verification and continuous
> scanning will no doubtingly give the .secure TLD a high cost relative to
> other TLD's.
Right. But your "high cost" is relative to dime-a-dozen v
All,
Andrew Blum was interviewed on NPR's Fresh Air this week -- and gets a
lot right about the Tubes we built.
FYI, because your boss will be asking you about it:
http://m.npr.org/story/153701673?url=/2012/05/31/153701673/the-internet-a-series-of-tubes-and-then-some
-Tk
On Thu, 31 May 2012 20:11:22 -0400, Jay Ashworth said:
> routinely conduct security scans of registered sites.
This can only play out one of 2 ways:
1) They launch an nmap scan on the 13th of every month from a known fixed
address
which everybody just drops traffic, and it's pointless.
2) The w
>What will drive the price up is the lawsuits that come out of the
>woodwork when they start trying to enforce their provisions. "What? I
>have already printed my letterhead! What do you mean my busted DKIM
>service is a problem?"
History suggests that the problem will be the opposite. They will
On 05/31/2012 06:16 PM, Fred Baker wrote:
not necessarily. It can be done with a laptop that does "dig" and sends email
to the place.
What will drive the price up is the lawsuits that come out of the woodwork when they
start trying to enforce their provisions. "What? I have already printed my
On May 31, 2012, at 5:43 PM, Grant Ridder wrote:
> I think this is an interesting concept, but i don't know how well it will
> hold up in the long run. All the initial verification and continuous
> scanning will no doubtingly give the .secure TLD a high cost relative to
> other TLD's.
not neces
On 05/31/2012 05:43 PM, Grant Ridder wrote:
I think this is an interesting concept, but i don't know how well it will
hold up in the long run. All the initial verification and continuous
scanning will no doubtingly give the .secure TLD a high cost relative to
other TLD's.
Countries would neve
Does anyone have any information on a Charter outage on the West Coast?
On Thu, May 31, 2012 at 12:26:29PM +0100, Nick Hilliard wrote:
> On 31/05/2012 11:23, Daniel Suchy wrote:
> > In my experience, there're not so many service providers
> > doing that.
>
> Plenty of providers do it. IIWY, I would universally rewrite origin at
> your ingress points to be the same; o
Is Wikipedia timing out for anyone else from the Metro Boston area?
Thanks,
Sherif
Harvard Medical School | Network Operations
107 Avenue Louis Pasteur | Vanderbilt Hall Suite 021| Boston, MA, 02115
d: (617)999-6816 | c: (617)999-7818 | f: (617)998-6663
I think this is an interesting concept, but i don't know how well it will
hold up in the long run. All the initial verification and continuous
scanning will no doubtingly give the .secure TLD a high cost relative to
other TLD's.
-Grant
On Thu, May 31, 2012 at 7:29 PM, Rubens Kuhl wrote:
> On T
On Thu, May 31, 2012 at 9:19 PM, Jay Ashworth wrote:
> - Original Message -
>> From: "Jay Ashworth"
>
>> Subject: Wacky Weekend: The '.secure' gTLD
>
> I see that LWN has already spotted this; smb will no doubt be pleased to
> know that the very first reply suggests that RFC 3514 solves t
- Original Message -
> From: "Jay Ashworth"
> Subject: Wacky Weekend: The '.secure' gTLD
I see that LWN has already spotted this; smb will no doubt be pleased to
know that the very first reply suggests that RFC 3514 solves the problem
much more easily.
Cheers,
-- jra
--
Jay R. Ashwort
"The proposal comes from Alex Stamos of research firm iSec Partners, and
would appoint Artemis Internet as the gatekeeper of .secure. Artemis would
require registered domains to encrypt all web and email traffic (except for
HTTP redirects funneling connections towards the appropriate TLS-encrypt
On 31/05/2012 21:04, Keegan Holley wrote:
> If you consider not mucking with my advertisements and those of my
> customers "free love" then I hope you don't work for one of my upstreams.
> Likewise, if you consider not hijacking my traffic to drive up revenue as
> "cost". Anything to make a buck I
- Forwarded message from KheOps -
From: KheOps
Date: Thu, 31 May 2012 23:11:37 +0200
To: liberationt...@lists.stanford.edu
Subject: Re: [liberationtech] Syria blackout?
User-Agent: Mozilla/5.0 (X11; Linux i686;
rv:12.0) Gecko/20120430 Thunderbird/12.0.1
Yes, this has been confir
On Tue, May 22, 2012 at 04:00:21PM -0700, Paul Porter wrote:
> 1. How much of the carrier core and edge for AT&T, Verizon. T-Mobile, and
> Sprint are on IPv6 now?
http://mailman.nanog.org/pipermail/nanog/2010-February/018940.html
Still doesn't work. Gave up doing solicitations for native addres
Is it time to drop this yet? Three weeks old. Let's move on.
Richard Golodner
2012/5/31 Steve Meuse
>
>
> On Thu, May 31, 2012 at 12:21 PM, Keegan Holley > wrote:
>
>>
>> The internet by definition is a network of network so no one entity can
>> keep traffic segregated to their network. Modifying someone else routing
>> advertisements without their consent is just as bad
2012/5/31 Richard A Steenbergen
> On Thu, May 31, 2012 at 12:21:12PM -0400, Keegan Holley wrote:
> > The internet by definition is a network of network so no one entity
> > can keep traffic segregated to their network. Modifying someone else
> > routing advertisements without their consent is ju
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
And as a follow up on this list:
I have one report from one ISP(Sawa) that things are blocked. I am now
trying to collect more info to see if it is something implemented at
the ISP level or something at the exit points for the entire country.
These in
- Forwarded message from Andrew -
From: Andrew
Date: Thu, 31 May 2012 14:36:22 -0400
To: liberationt...@lists.stanford.edu
Subject: Re: [liberationtech] Syria blackout?
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64;
rv:12.0) Gecko/20120428 Thunderbird/12.0.1
-BEGIN PGP SIGN
- Forwarded message from Andrew Lewis -
From: Andrew Lewis
Date: Thu, 31 May 2012 14:29:05 -0400
To: Eugen Leitl , liberationt...@lists.stanford.edu
Subject: Re: [liberationtech] Syria blackout?
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:12.0)
Gecko/20120428 Thunderbird
On Thu, May 31, 2012 at 12:21 PM, Keegan Holley
wrote:
>
> The internet by definition is a network of network so no one entity can
> keep traffic segregated to their network. Modifying someone else routing
> advertisements without their consent is just as bad as filtering them in my
> opinion. D
On 31 May 2012, at 18:18, Wayne Tucker wrote:
> What's the general consensus (hah! ;) regarding the use of RFC5291 BGP
> outbound route filtering? It's worked well for me in the lab, but I have
> yet to use it in a live environment (and I don't know that most service
> providers would know what
Customers (from UAE) who have servers with us in Atlanta - one of the companies
I work for, remaining anonymus for the moment - are reporting that their
sub-customers and viewers from Syria can't access FTP or download any kind of
Flash/video/multimedia content from inside that country. Complete
In a message written on Thu, May 31, 2012 at 12:22:16PM -0500, Richard A
Steenbergen wrote:
> out of the protocol. I don't see anyone complaining when we rewrite
> someone else's MEDs, sometimes as a trick to move traffic onto your
> network (*), or even that big of a complaint when we remove an
On Thu, May 31, 2012 at 12:21:12PM -0400, Keegan Holley wrote:
> The internet by definition is a network of network so no one entity
> can keep traffic segregated to their network. Modifying someone else
> routing advertisements without their consent is just as bad as
> filtering them in my opi
What's the general consensus (hah! ;) regarding the use of RFC5291 BGP
outbound route filtering? It's worked well for me in the lab, but I have
yet to use it in a live environment (and I don't know that most service
providers would know what I was talking about if I asked for it). Does it
work gr
On (2012-05-31 08:46 -0700), David Barak wrote:
> On what precisely do you base the idea that a mandatory transitive attribute
> of a BGP prefix is a "purely advisory flag which has no real meaning"? I
> encourage you to reconsider that opinion - it's actually a useful attribute,
> much the wa
On 31/05/2012 17:11, cncr04s/Randy wrote:
> My comment was directed at government spending... no need to have such
> a angry tone about the "comment". I was only comparing to what I spend
> on my large volumes of queries and what this so called expensive stuff
> the government is running... And
>
> > Exactly how much can it cost to serve up those requests... I mean for
> > 9$ a month I have a cpu that handles 2000 *Recursive* Queries a
> > second. 900 bux could net me *200,000* a second if not more.
> > The government overspends on a lot of things.. they need some one whos
> > got the ex
On 31/05/2012 16:46, David Barak wrote:
> On what precisely do you base the idea that a mandatory transitive
> attribute of a BGP prefix is a "purely advisory flag which has no real
> meaning"?
Let's say network A uses cisco kit and injects prefixes into their ibgp
tables using network statements.
2012/5/31 David Barak
>
> From: Nick Hilliard
> >If you don't rewrite your transit providers' origin, then you are telling
> >them that they can directly influence your exit discrimination policy on
> >the basis of a purely advisory flag which has no real meaning.
>
> On what precisely do you ba
On Thu, May 31, 2012 at 10:39 AM, wrote:
> On Thu, 31 May 2012 08:14:40 -0500, "cncr04s/Randy" said:
>
>> Exactly how much can it cost to serve up those requests... I mean for
>> 9$ a month I have a cpu that handles 2000 *Recursive* Queries a
>> second. 900 bux could net me *200,000* a second if
In a message written on Thu, May 31, 2012 at 08:14:40AM -0500, cncr04s/Randy
wrote:
> Exactly how much can it cost to serve up those requests... I mean for
> 9$ a month I have a cpu that handles 2000 *Recursive* Queries a
> second. 900 bux could net me *200,000* a second if not more.
> The governm
From: Nick Hilliard
>If you don't rewrite your transit providers' origin, then you are telling
>them that they can directly influence your exit discrimination policy on
>the basis of a purely advisory flag which has no real meaning.
On what precisely do you base the idea that a mandatory tran
On Thu, 31 May 2012, cncr04s/Randy wrote:
Exactly how much can it cost to serve up those requests... I mean for
9$ a month I have a cpu that handles 2000 *Recursive* Queries a
second. 900 bux could net me *200,000* a second if not more.
The government overspends on a lot of things.. they need
On Thu, 31 May 2012 08:14:40 -0500, "cncr04s/Randy" said:
> Exactly how much can it cost to serve up those requests... I mean for
> 9$ a month I have a cpu that handles 2000 *Recursive* Queries a
> second. 900 bux could net me *200,000* a second if not more.
> The government overspends on a lot of
cncr04s/Randy wrote:
Exactly how much can it cost to serve up those requests... I mean for
9$ a month I have a cpu that handles 2000 *Recursive* Queries a
second. 900 bux could net me *200,000* a second if not more.
The government overspends on a lot of things..
Looks like you just answered you
On Thu, May 31, 2012 at 9:14 AM, cncr04s/Randy wrote:
> Exactly how much can it cost to serve up those requests... I mean for
> 9$ a month I have a cpu that handles 2000 *Recursive* Queries a
network bandwidth
people/monitoring
router(s)
redundancy
geo-local copies
you are asking the wrong ques
I have seen providers instruct their upstreams to raise local-pref to
hijack traffic. More than a few ISP's rewrite origin though. Personally I
only consider it a slightly shady practice. I think the problem with BGP
(among other things) is that there is no "blunt hammer". Now that routers
have
On 31/05/2012 12:55, David Barak wrote:
> I disagree. Origin is tremendously useful as a multi-AS weighting tool,
> and isn't the blunt hammer that AS_PATH is. The place where I've gotten
> the most benefit is large internal networks, where there may be multiple
> MPLS clouds along with sites cas
On Mon, May 28, 2012 at 2:56 PM, Florian Weimer wrote:
>
> [Dnschanger substitute server operations]
>
> > One thing is clear, Paul is able to tell a great story.
>
> PR for ISC is somewhat limited, it's often attributed to the FBI:
>
> | The effort, scheduled to begin this afternoon, is designed
I could probably gin up some cheap black market Class F's ... I'll
match and beat any advertised or unadvertised route.
http://www.rfc-editor.org/rfc/rfc1365.txt
Ted
On 05/31/12 01:52, Robert Bonomi wrote:
I considered offering 172.24.0.0/14, in an attempt at in-CIDR humor.
Can we be ar
On May 31, 2012, at 8:03 AM, sth...@nethelp.no wrote:
>> I disagree. Origin is tremendously useful as a multi-AS weighting
>> tool, and isn't the blunt hammer that AS_PATH is.
>
> If you think of AS_PATH as a blunt hammer, how would you describe
> localpref?
>
> We use AS_PATH in many cases *
> I disagree. Origin is tremendously useful as a multi-AS weighting
> tool, and isn't the blunt hammer that AS_PATH is.
If you think of AS_PATH as a blunt hammer, how would you describe
localpref?
We use AS_PATH in many cases *precisely* because we don't consider it
to be a blunt hammer...
Stei
On May 31, 2012, at 7:26 AM, Nick Hilliard wrote:
> There are many useful ways to build a
> multi-exit discrimination policy. Using origin is not one of them, in my
> opinion.
>
> The problem is that origin is ranked one place higher than MED. So if you
> don't rewrite it, you are automatical
On 31/05/2012 11:23, Daniel Suchy wrote:
> In my experience, there're not so many service providers
> doing that.
Plenty of providers do it. IIWY, I would universally rewrite origin at
your ingress points to be the same; otherwise you'll find that providers
will merely use it as a means of influe
Hello,
On Wed, 30 May 2012 21:43:41 -0500
"STARNES, CURTIS" wrote:
> I guess I will just have to settle for selling my 224.0.0.0/24 :-<
>
After checking some machines, it seems that 127.0.0.1/8 can be sold multiple
times, as it is fully re-usable.
Any bonus for that ?
Paul
signature.
Hello,
we discovered, that at least Hurricane Electric (HE, AS 6939) does
rewrite BGP origin attribute unconditionally in all routes traversing
their network. This mandatory, but probably not widely known/used
attribute should not be changed by any speaker except originating router
(RFC 4271, sect
On 05/31/12 01:52, Robert Bonomi wrote:
I considered offering 172.24.0.0/14, in an attempt at in-CIDR humor.
Can we be arrested for in-CIDR trading?
--
Mr. Flibble
King of the Potato People
Nathan Eisenberg wrote:
>
> None of these jokes are class-e.
>
I considered offering 172.24.0.0/14, in an attempt at in-CIDR humor.
53 matches
Mail list logo
