On Monday, March 24, 2014 02:41:00 AM Timothy Morizot wrote:
> The original assertion was that there are unaddressed
> security weaknesses in IPv6 itself preventing its
> adoption. At least that's the way I read it. And that
> assertion is mostly FUD.
The risks have less to do with IPv6, and more
On Monday, March 24, 2014 01:37:52 AM Timothy Morizot wrote:
> Yes. As I said, same general sorts of risks for the most
> part as in IPv4. Details differ, but same general types.
> My point was that it's mostly FUD to wave the flag of
> scary new security weaknesses with no mitigations in
> IPv6.
On Monday, March 24, 2014 01:15:27 AM Mark Andrews wrote:
> And there you go putting stricter requirements on
> printers that you don't put on laptop, servers. None of
> us would put any machines on the net if they had to meet
> your printer's requirements.
Because, at the very least, a laptop o
On Sunday, March 23, 2014 11:02:13 PM Mark Andrews wrote:
> Actually all you have stated in that printer vendors need
> to clean up their act and not that one shouldn't expect
> to be able to expose a printer to the world. It isn't
> hard to do this correctly. It also does not cost much
> on a p
On Sunday, March 23, 2014 09:35:31 PM Denis Fondras wrote:
> When speaking of IPv6 deployment, I routinely hear about
> host security. I feel like it should be stated that this
> is *in no way* an IPv6 issue. May the device be ULA,
> LLA, GUA or RFC1918-addressed, the device is at risk
> anyway.
On Sun, 23 Mar 2014 16:21:50 -0700, Paul Ferguson said:
> On the other hand, there are beaucoup enterprise networks unwilling to
> consider to moving to v6 until there are management, control,
> administrative, and security issues addressed.
The problem is that for many of those enterprises, the
On Mar 24, 2014, at 12:59 PM, Randy Bush wrote:
>> But perhaps Randy is looking for the number of /24 equivalents
>> allocated to legacy resource holders who haven't also received an IPv6
>> direct allocation or other IPv4 direct allocation under an RSA?
>
> what percentage of address space is h
> But perhaps Randy is looking for the number of /24 equivalents
> allocated to legacy resource holders who haven't also received an IPv6
> direct allocation or other IPv4 direct allocation under an RSA?
what percentage of address space is held by members and what percentage
by non-members (lrsa-o
Unless I misremember, everyone who receives a direct allocation from ARIN
and signs an RSA is automatically a member. It's not clear to me what
"owner of a /24 network" means in that context. (I don't recall if signing
an LRSA in and of itself also makes one a member, since by the time we had
signe
On Mar 24, 2014, at 12:20 PM, "Naslund, Steve" wrote:
>
> Exactly right John. I think the term "owned" is a problem here.
>
> It seems to me that the terms would correctly be "holder" or who the address
> space was issued to or "user" being the end user using that space.
We use address holder
I thought the 40% I paid in taxes covered prosecution of fraudulent
advertising.
Nick
On Mar 23, 2014 4:02 PM, "Matthew Petach" wrote:
> On Sun, Mar 23, 2014 at 12:27 PM, Niels Bakker >wrote:
>
> > * mpet...@netflight.com (Matthew Petach) [Sun 23 Mar 2014, 20:06 CET]:
> >
> > Doesn't sound too
He is definitely in the authoritative hands :)
Steve
-Original Message-
From: John Curran [mailto:jcur...@arin.net]
Sent: Sunday, March 23, 2014 11:16 PM
To: Naslund, Steve
Cc: Randy Bush; North American Network Operators' Group
Subject: Re: arin representation
Steve -
Thanks for t
No problem. One of the risks in text communication.
I guess the usefulness of the measurement would be in what the original
question is?
If we knew more about what the membership / non-membership question was about
it would be easier. I guess if we were really trying to figure out how much
Steve -
Thanks for the reminder; terminology aside, I think we have
a good understanding of Randy's request for statistics.
We'll put these together asap.
/John
> On Mar 24, 2014, at 11:58 AM, "Naslund, Steve" wrote:
>
> Sorry Randy,
>
> I was not trying to criticize your terminolog
sorry steve.
was not chasing down the tree. not clear what a useful measurement
would be.
randy
Sorry Randy,
I was not trying to criticize your terminology. I was just wondering about the
question trying to be answered here. The holder of an address space and the
end user of the address space are two really different things. The holder is
often an ARIN member or grandfathered in and an
> I think the term "owned" is a problem here.
sorry not to get your religious icons correctly. full refund below.
jeezus! get a life.
randy
>> o of the /24s in the arin region, what percentage are owned by arin
>>members?
> 1) Should we expand /16's and /8's into the corresponding number of
>/24's ?
sorry. i mean the number of /24 equivalents. so yes, expand /7-/23
> 2) In terms of categories, we could go strictly with /2
Exactly right John. I think the term "owned" is a problem here.
It seems to me that the terms would correctly be "holder" or who the address
space was issued to or "user" being the end user using that space.
Wouldn't all of the holders be ARIN members unless grandfathered in?
Steven Naslund
Ch
On Mar 23, 2014, at 6:53 PM, Randy Bush wrote:
> two questions:
>
> o of the /24s in the arin region, what percentage are owned by arin
>members?
Randy -
Happy to generate these - two questions for clarity.
1) Should we expand /16's and /8's into the corresponding number of /24's ?
Correct, there is competition to them including the local cable company (if
there is one). You just cannot get competitive access to their infrastructure.
You have to pay at least the full wholesale rate. That tends to make them the
most cost effective choice for wireline services like DSL a
Here is the legal definition of an RLEC.
http://definitions.uslegal.com/r/rural-telephone-company/
Steven Naslund
Chicago IL
-Original Message-
From: Naslund, Steve [mailto:snasl...@medline.com]
Sent: Sunday, March 23, 2014 10:16 PM
To: Frank Bulk
Cc: nanog@nanog.org
Subject: RE: Leve
I think I understand what you're saying -- you believe that RLECs that don't
have to provide UNE's are exempt from competition. I guess I don't see the
lack of that requirement meaning that there's no competition -- it just
means that the kind of competition is different.
Frank
-Original Mes
Many rural LECs are not required to provide unbundled network elements. As a
network provider you can resell their service but they are not required to
provide unbundled elements necessary to compete against them as a facilities
based provider. So, for example, in Alamo Tennessee or Northern W
Not sure which rural LECs are exempt from competition. Some areas are
effectively exempt from facilities-based (i.e. wireline) competition because
it's unaffordable, without subsidy, to build a duplicate wireline
infrastructure. There are also wireless carriers and WISPs the compete
against RLECs
I am not sure I agree with the basic premise here. NAT or Private addressing
does not equal security.
A globally routable address does not necessarily mean globally accessible.
Any enterprise that cares a wit about network security is going to have a
firewall. If you are relying on NAT to
On Mar 24, 2014, at 6:37 AM, Timothy Morizot wrote:
> You'll pardon my skepticism over claims that unspecified security weaknesses
> make it impossible to do what we have done and are continuing to
> do.
All this unfilterable ICMP makes for interesting times - I've already run
across ND storm
On Mar 23, 2014 8:44 PM, "Michael Thomas" wrote:
> It seems to me that the only thing that really matters in v6 wars for
enterprise is whether their
> content side has a v6 face. Who really cares whether they migrate away
from v4 so long as
> they make their outward facing content (eg web, etc) a
On Mar 23, 2014 8:44 PM, "Mike Hale" wrote:
> "Your attack surface has already expanded whether or not you deploy IPv6."
> Not so. If I don't enable IPv6 on my hosts, the attacker can yammer
> away via IPv6 all day long with no result.
I suppose it depends on the size of your enterprise. But in
There may not need to be competition in the capitalist sense of the word but
there needs to be some feedback loop for the consumer of a service to provide
feedback on their satisfaction with it. In the case of a government provided
service people vote at the polls. With a commercially provided
>> ... In fact, having been a service provider I can tell you that I
>> paid the LEC about $4 a month for a copper pair to your house to sell
> >DSL service at around ten times that cost. I am sure the LEC was not
>>making money at the $4 a month and I know I could not fund a build out for
>>
>> We don't know because the service provider rolls that cost up along
>> with th= e services they sell. That is my point. They are able to
> >spread the costs= out based on the profitable services they sell.
>Okay.
>> If they were not able to =
> >sell us services I am not sure they could a
"then there aren't any inherent security weaknesses preventing its
adoption by enterprises."
You're right. There's not an inherent security weakness in the
protocol. The increased risk is due to the increase in your attack
surface (IMHO).
"Your attack surface has already expanded whether or not
[]
It seems to me that the only thing that really matters in v6 wars for
enterprise is whether their
content side has a v6 face. Who really cares whether they migrate away
from v4 so long as
they make their outward facing content (eg web, etc) available over v6?
That's really the key.
Mike
On Mar 23, 2014 7:54 PM, "Mike Hale" wrote:
> "unless by few you simply mean a minority"
> Which I do.
Then that's fine. But there are numerous enterprises in that minority and
it includes some pretty large enterprises. My own enterprise organization
has more than 600 sites, 100k employees, and t
In message
, Mike Hale writes:
> "I wasn't aware that calling out FUD was derisive, but whatever."
> It's derisive because you completely dismiss a huge security issue
> that, given the state of IPv6 adoption, a great majority of companies
> are facing.
>
> Calling it FUD is completely wrong be
"unless by few you simply mean a minority"
Which I do.
"appropriately mitigating the security risks shows the claim that
there are security weaknesses in IPv6 preventing its adoption is
false."
No. It doesn't. It's not the sole reason, but it's a huge factor to consider.
"But there's nothing in
I'd simply just recommend using the route views servers, you don't
really need the graphical representation.
On 3/24/2014 午前 02:46, Damien Burke wrote:
Hello,
Are there any tools similar to the routing tab at stat.ripe.net ?
To be more specific, I'm looking for the "BGP route visibility" feat
On Mar 23, 2014 7:24 PM, "Mike Hale" wrote:
> It's derisive because you completely dismiss a huge security issue
> that, given the state of IPv6 adoption, a great majority of companies
> are facing.
The original assertion was that there are unaddressed security weaknesses
in IPv6 itself preventin
"I wasn't aware that calling out FUD was derisive, but whatever."
It's derisive because you completely dismiss a huge security issue
that, given the state of IPv6 adoption, a great majority of companies
are facing.
Calling it FUD is completely wrong because it *is* a legitimate
security issue for
Hello,
Are there any tools similar to the routing tab at stat.ripe.net ?
To be more specific, I'm looking for the "BGP route visibility" feature.
-Damien
On Mar 23, 2014 6:21 PM, "Paul Ferguson" wrote:
> Says you.
And many others. My comments were actually reiterating what I commonly see
presented today.
> On the other hand, there are beaucoup enterprise networks unwilling to
> consider to moving to v6 until there are management, control,
> admin
On Mar 23, 2014 4:45 PM, "Paul Ferguson" wrote:
> Also, neighbor discovery, for example, can be dangerous (admittedly,
> so can ARP spoofing in IPv4). And aside from the spoofable ability of
> ND, robust DHCPv6 is needed for enterprises for sheer operational
> continuity.
Yes. As I said, same gen
Not necessarily. Printers generally run unattended, printers generally are not
rebooted periodically for updates (assuring malware can continue to run),
printers generally are not updated even periodically, printers generally have
almost no logging that could be reviewed, printers are generally
On Mon, Mar 24, 2014 at 10:15:27AM +1100, Mark Andrews wrote:
>
> In message <532f60dd.3030...@foobar.org>, Nick Hilliard writes:
> > On 23/03/2014 21:02, Mark Andrews wrote:
> > > Actually all you have stated in that printer vendors need to clean
> > > up their act and not that one shouldn't expe
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 3/23/2014 3:56 PM, Timothy Morizot wrote:
> My comments represent reality. Your security posture is much worse
> in an IPv4 only configuration than if you enable and control IPv6.
Says you.
On the other hand, there are beaucoup enterprise netwo
In message <532f60dd.3030...@foobar.org>, Nick Hilliard writes:
> On 23/03/2014 21:02, Mark Andrews wrote:
> > Actually all you have stated in that printer vendors need to clean
> > up their act and not that one shouldn't expect to be able to expose
> > a printer to the world. It isn't hard to do
On Mar 23, 2014 4:45 PM, wrote:
> Yo, Tim/Scott. Seems you have not been keeping up.
>
>
http://go6.si/wp-content/uploads/2011/11/DREN-6-Slo-IPv6Summit-2011.pdf
>
> points out several unique problems w/ IPv6 and in deployments
where
> there are ZERO IPv4 equivalents. Fer
On Sat, Mar 22, 2014 at 07:57:04PM -, John Levine wrote:
> >In such a case, where you are still pushing the case for
> >IPv4, how do you envisage things will look on your side when
> >everybody else you want to talk to is either on IPv6, or
> >frantically getting it turned up? Do you reckon
On Sun, Mar 23, 2014 at 10:31:57PM +, Nick Hilliard wrote:
> On 23/03/2014 21:02, Mark Andrews wrote:
> > Actually all you have stated in that printer vendors need to clean
> > up their act and not that one shouldn't expect to be able to expose
> > a printer to the world. It isn't hard to do t
On 23/03/2014 21:02, Mark Andrews wrote:
> Actually all you have stated in that printer vendors need to clean
> up their act and not that one shouldn't expect to be able to expose
> a printer to the world. It isn't hard to do this correctly.
perish the thought - and I look forward to the day that
On Sun, Mar 23, 2014 at 04:27:16PM -0500, Timothy Morizot wrote:
> On Mar 23, 2014 11:27 AM, "Paul Ferguson" wrote:
> > Also, IPv6 introduces some serious security concerns, and until they
> > are properly addressed, they will be a serious barrier to even
> > considering it.
>
> And that is pure
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 3/23/2014 2:27 PM, Timothy Morizot wrote:
>
> On Mar 23, 2014 11:27 AM, "Paul Ferguson"
> mailto:fergdawgs...@mykolab.com>>
> wrote:
>> Also, IPv6 introduces some serious security concerns, and until
>> they are properly addressed, they will be
On Mar 23, 2014 11:27 AM, "Paul Ferguson" wrote:
> Also, IPv6 introduces some serious security concerns, and until they
> are properly addressed, they will be a serious barrier to even
> considering it.
And that is pure FUD. The sorts of security risks with IPv6 are mostly in
the same sorts of ca
In message <532f42aa.9000...@foobar.org>, Nick Hilliard writes:
> On 23/03/2014 18:39, Mark Andrews wrote:
> > As for printers directly reachable from anywhere, why not.
>
> because in practice it's an astonishingly stupid idea. Here's why:
>
> chargen / other small services
> ssh
> www
> buffe
On 23/03/2014 18:39, Mark Andrews wrote:
> As for printers directly reachable from anywhere, why not.
because in practice it's an astonishingly stupid idea. Here's why:
chargen / other small services
ssh
www
buffer overflows
open smtp relays
weak, default or non existent passwords
information le
On Sun, Mar 23, 2014 at 12:27 PM, Niels Bakker wrote:
> * mpet...@netflight.com (Matthew Petach) [Sun 23 Mar 2014, 20:06 CET]:
>
> Doesn't sound too outlandish. Mind you, I'm sure
>> it would raise costs, as that testing and validation
>> wouldn't be free. But I'm sure we'd all be willing to
>>
Hi all,
Le 23/03/2014 20:13, Mark Tinka a écrit :
> On Sunday, March 23, 2014 09:05:54 PM Cb B wrote:
>
>> i would say the more appropriate place for this policy is
>> the printer, not a firewall. For example, maybe a
>> printer should only be ULA or LLA by default.
>>
>
> I would support addi
On Sunday, March 23, 2014 09:24:35 PM Cb B wrote:
> My hope is that folks stop equating firewalls with
> security, when the first step is to secure the host,
> accountability is with the host, then layer other tools
> as needed.
I couldn't agree more.
As an example, your home PC (whose OS wasn't
* mpet...@netflight.com (Matthew Petach) [Sun 23 Mar 2014, 20:06 CET]:
Doesn't sound too outlandish. Mind you, I'm sure
it would raise costs, as that testing and validation
wouldn't be free. But I'm sure we'd all be willing to
pay an additional $10/month on our service to be
sure it could deliv
On Sun, Mar 23, 2014 at 12:13 PM, Mark Tinka wrote:
> On Sunday, March 23, 2014 09:05:54 PM Cb B wrote:
>
>> i would say the more appropriate place for this policy is
>> the printer, not a firewall. For example, maybe a
>> printer should only be ULA or LLA by default.
>>
>> i would hate for peopl
On Sunday, March 23, 2014 09:05:54 PM Cb B wrote:
> i would say the more appropriate place for this policy is
> the printer, not a firewall. For example, maybe a
> printer should only be ULA or LLA by default.
>
> i would hate for people to think that a middle box is
> required, when the best p
On Sun, Mar 23, 2014 at 11:27 AM, Philip Dorr wrote:
> On Mar 23, 2014 1:11 PM, "Mark Tinka" wrote:
>>
>> On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote:
>>
>> > I was at work last week and because I have IPv6 at both
>> > ends I could just log into the machines at home as
>> > easily a
On Sunday, March 23, 2014 08:39:51 PM Mark Andrews wrote:
> Can I suggest that you re-read what I said. I did not
> say "WILL BE REACHABLE". I said "THEORETICALLY
> REACHABLE". I also said "GLOBAL UNIQUE" address not
> "PUBLIC ADDRESS".
>
> The point is one should be able to get addresses wit
On Sun, Mar 23, 2014 at 8:06 AM, Blake Hudson wrote:
> This is exactly my point. If a subscriber can use the service for 30
> consecutive days and never achieve the "8Mbps" because the network is
> incapable by design, or by virtue of its over subscription is statistically
> impossible of deliver
On Sunday, March 23, 2014 08:35:48 PM Saku Ytti wrote:
> Or IT isn't buying the 'renumbering is easy' argument,
> for any non-trivial size company even figuring how where
> exactly can be IP addresses punched out statically would
> be expensive and long process.
> If you are pushing for customer t
On Sunday, March 23, 2014 08:30:21 PM Laszlo Hanyecz wrote:
> As far as the enterprise side of things, many of the
> people working in that area today have likely never
> known any other kind of network except the NAT kind. A
> lot of these guys say things like 'private ip' and
> 'public ip' - th
On Sunday, March 23, 2014 08:27:57 PM Philip Dorr wrote:
> That is what a firewall is for. Drop new inbound
> connections, allow related, and allow outbound. Then
> you allow specific IP/ports to have inbound traffic.
> You may also only allow outbound traffic for specific
> ports, or from you
In message <201403232009.47085.mark.ti...@seacom.mu>, Mark Tinka writes:
> On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote:
>
> > ISP's have done a good job of brain washing their
> > customers into thinking that they shouldn't be able to
> > run services from home. That all their machine
On (2014-03-23 20:09 +0200), Mark Tinka wrote:
> I expect this to change little in the enterprise space. I
> think use of ULA and NAT66 will be one of the things
> enterprises will push for, because how can a printer have a
> public IPv6 address that is reachable directly from the
> Internet,
On Mar 23, 2014, at 4:57 PM, Mark Andrews wrote:
>
>
> Basically because none of them have ever been on the Internet proper
> where they can connect to their home machines from wherever they
> are in the world directly. If you don't know what it should be
> like you don't complain when you a
On Mar 23, 2014 1:11 PM, "Mark Tinka" wrote:
>
> On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote:
>
> > I was at work last week and because I have IPv6 at both
> > ends I could just log into the machines at home as
> > easily as if I was there. When I'm stuck using a IPv4
> > only service
>
> First, there may be those that do not require IPv6 due to size. So what is
> YOUR big plan to connect all those on IPv4 to the rest of the IPv6 world
> that has dropped IPv4 addresses.
>
We'll be offering v6 standard really soon. It's growth that got in the
way both from employee bandwidth a
On Sunday, March 23, 2014 06:57:26 PM Mark Andrews wrote:
> ISP's have done a good job of brain washing their
> customers into thinking that they shouldn't be able to
> run services from home. That all their machines
> shouldn't have a globally unique address that is
> theoritically reachable from
In message <20140323051037.94159.qm...@joyce.lan>, "John Levine" writes:
> >> It will be a long time
> >> before the price of v4 rises high enough to make it
> >> worth the risk of going v6 only.
> >
> >New ISP's are born everyday.
> >
> >Some of them will be able to have a "Buy an ISP that has
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
On 3/23/2014 9:13 AM, Nick Hilliard wrote:
> yep, agreed - doing ipv6 now is a sensible business proposition.
> But it needs to be tempered with the realisation that for nearly
> all networks, ipv6 is complementary to ipv4 and not a replacement;
> n
On 23/03/2014 03:00, Doug Barton wrote:
> Hyperbole of the past doesn't negate the reality of the future. :)
the past and present hyperbole continues to grate.
> With respect I think you're ignoring some pretty important facts. Not
> the least of which is the level of pressure that's been taken o
* John Levine
> Also, although it is fashionable to say how awful CGN is, the users
> don't seem to mind it at all.
You might just be looking in the wrong places.
Try searching for "playstation nat type 3" or "xbox strict nat".
Tore
On Sunday, March 23, 2014 07:10:37 AM John Levine wrote:
> In Africa, I suppose, but here in North America, the few
> remaining ISPs that aren't part of giant cable or phone
> companies are hanging on by their teeth.
Incidentally, this doesn't apply to Africa today, because
AFRINIC still have lo
This is exactly my point. If a subscriber can use the service for 30
consecutive days and never achieve the "8Mbps" because the network is
incapable by design, or by virtue of its over subscription is
statistically impossible of delivering it, then I believe this is false
advertising. I, and mo
two questions:
o of the /24s in the arin region, what percentage are owned by arin
members?
o of the address holders in the arin region, what percentage are arin
members?
i understand that the latter will be slightly jittered because of the
database mess with multiple org ids for one
two questions:
o of the /24s in the arin region, what percentage are owned by arin
members?
o of the address holders in the arin region, what percentage are arin
members?
i understand that the latter will be slightly jittered because of the
database mess with multiple org ids for one
82 matches
Mail list logo