Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability

On Friday, March 28, 2014 05:48:29 AM Shrdlu wrote: > Why? Personally, I think it's fine. It only happens (at > most) every six months (and sometimes more like a year). I think it's fine too. As I'm sure you know, if you're a Cisco customer, you can subscribe to their internal notification serv

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

On Thursday, March 27, 2014 11:27:26 PM Randy Bush wrote: > e.g. the database working group covers what you think of > as whois and the routing registry. the wg developed the > darned irr definition and continues to evolve it. > consequence? the irr is actively used in two regions in > the worl

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

I, for one, would not want to start having to pay RIPE-level fees. ARIN fees are a much better deal than RIPE fees. Owen On Mar 27, 2014, at 3:10 PM, Cb B wrote: > On Mar 27, 2014 3:03 PM, "John Curran" wrote: >> >> And I would welcome discussion of how ARIN (and nanog) can be more like > RI

Re: IPv6 Security

On Mar 27, 2014, at 1:55 PM, Karl Auer wrote: > On Thu, 2014-03-27 at 05:34 -0700, Owen DeLong wrote: >> What do you think “Link Layer Address” (RFC 3315, Section 9.1 Type 3) >> is? From RFC-3315 Section 9.4, it seems pretty clear that is exactly what >> this is intended to be. True, it includes

Re: why IPv6 isn't ready for prime time, SMTP edition

On Mar 27, 2014, at 1:38 PM, Brandon Ross wrote: > On Thu, 27 Mar 2014, Owen DeLong wrote: > >> On Mar 27, 2014, at 11:15 AM, Barry Shein wrote: >> >> Please explain in detail where the fraud potential comes in. > > Spammer uses his botnet of zombie machines to send email from each of them t

Re: why IPv6 isn't ready for prime time, SMTP edition

On March 27, 2014 at 12:14 o...@delong.com (Owen DeLong) wrote: > > On Mar 27, 2014, at 11:15 AM, Barry Shein wrote: > > > > > On March 26, 2014 at 22:25 o...@delong.com (Owen DeLong) wrote: > >> > >> Actually, a variant on that that might be acceptable? Make e-postage a > >> deposit

Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability

On 3/28/2014 12:57 AM, Randy Bush wrote: Alexander Neilson wrote: I wonder if they should be invited to only post a single message with the titles and links to the alerts so that people can follow it up. i would prefer that the header be in blue, the titles in green, and the urls in magenta, i

Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability

On 3/27/2014 11:57 PM, Randy Bush wrote: Alexander Neilson wrote: I wonder if they should be invited to only post a single message with the titles and links to the alerts so that people can follow it up. i would prefer that the header be in blue, the titles in green, and the urls in magenta,

Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability

Alexander Neilson wrote: > I wonder if they should be invited to only post a single message with > the titles and links to the alerts so that people can follow it up. i would prefer that the header be in blue, the titles in green, and the urls in magenta, in comic sans, of course randy

Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability

On 3/27/2014 7:44 PM, Alexander Neilson wrote: I wonder if they should be invited to only post a single message with the titles and links to the alerts so that people can follow it up. Why? Personally, I think it's fine. It only happens (at most) every six months (and sometimes more like a year

Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability

I wonder if they should be invited to only post a single message with the titles and links to the alerts so that people can follow it up. They should also include a link to their own list that they send the full alerts to. That way there could be some headline alerting to people that there is

Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability

On 3/27/2014 4:07 PM, Matt Palmer wrote: On Wed, Mar 26, 2014 at 10:52:42AM -0600, kendrick eastes wrote: The Full-disclosure mailing list was recently... retired, I guess cisco thought NANOG was the next best place. Nope, they've been sending these things here for as long as I can remember. I

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

On Mar 28, 2014, at 6:42 AM, Randy Bush wrote: > ... > i purposefully phrased it a bit differently, how can arin engage, get > real participation from, and serve its community, the operators. i was > stealing examples from ripe. > > but, for concrete action, how about a half day session at the n

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

On Fri, Mar 28, 2014 at 02:04:30AM +, John Curran wrote: > Internet routing registries are a fine example; one could argue that > it should be integrated with the number resource registry, but we also > have examples of independent routing registries in active use (and I > can see some potent

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

On Mar 28, 2014, at 6:04 AM, Randy Bush wrote: > i will refrain from characterizing the ppml list. needless to say, i do > not subscribe. > > my point is that what arin does should be of interest to nanog > subscribers. in theory, the ops are the arin community, the registry > serves operations

Re: IPv6 isn't SMTP

On 3/27/2014 6:51 AM, Blake Hudson wrote: The primary issues I see with SMTP as a protocol related to the lack of authentication and authorization. Take, for instance, the fact that the SMTP protocol requires a mail from: and rcpt to: address (more or less for authentication and authorization pur

Re: why IPv6 isn't ready for prime time, SMTP edition

>What if Google, Apple, Sony or some other household brand, sold a TV with >local mail capabilities, instead of pushing >everyone to use their hosted services? It would suck, because real users check their mail from their desktops, their laptops, and their phones. Your TV would not have the soph

Why IPv6 isn't ready for prime time :-)

NANOG arguments on IPv6 SMTP spam filtering. Deutsche Telecom discusses IPv4->IPv6 migration: https://ripe67.ripe.net/presentations/131-ripe2-2.pdf Facebook goes public with their IPv4->IPv6 migration: http://www.internetsociety.org/deploy360/blog/2014/03/facebooks-extremely-impressive-internal

Re: IPv6 isn't SMTP

On Mar 27, 2014, at 12:16 PM, Blake Hudson wrote: > It's entirely likely that a spammer would try to get a hold of a key due to > its value or that someone you've done business with would share keys with a > "business" partner . But ideally you'd authorize each sender with a unique > key (or

Re: IPv6 isn't SMTP

On March 27, 2014 at 14:16 bl...@ispn.net (Blake Hudson) wrote: > > Barry Shein wrote the following on 3/27/2014 2:06 PM: > > > > > > I suppose the obvious question is: What's to stop a spammer from > > putting a totally legitimate key into their spam? > > > It's entirely likely that a sp

Re: Access Lists for Subscriber facing ports?

two think that are simple, enforce bcp38 and ntp packet sizes rndy

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

nanog is a separable game. it is currently very confused between form and substance, making committees for everything. like the bcop thing. two organizations, nanog and isoc, forming organizational structures to create a document store. the ops' doc store is ripe's because the ripe wgs produced

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

On Mar 27, 2014 3:03 PM, "John Curran" wrote: > > And I would welcome discussion of how ARIN (and nanog) can be more like RIPE - that is very much up to this community and its participation far more than ARIN.. > > /John > How about we fold ARIN into RIPE? Why not? I agree with all of Randy's poi

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

hi john, >> i think your attemt to move the discussion to the arin ppml list >> exemplifies one core of the problem. > I offered ppml out of respect to the nanog subscribers, that is all... i will refrain from characterizing the ppml list. needless to say, i do not subscribe. my point is that w

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

And I would welcome discussion of how ARIN (and nanog) can be more like RIPE - that is very much up to this community and its participation far more than ARIN.. /John > On Mar 28, 2014, at 5:27 AM, Randy Bush wrote: > > john, > > i think your attemt to move the discussion to the arin ppml li

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

> On Mar 28, 2014, at 5:27 AM, "Randy Bush" wrote: > > john, > > i think your attemt to move the discussion to the arin ppml list > exemplifies one core of the problem. Randy - I offered ppml out of respect to the nanog subscribers, that is all... /John > > > > and this is aside from d

Re: ARIN board accountability to network operators (was: RE: [arin-ppml] [arin-discuss] Term Limit Proposal)

john, i think your attemt to move the discussion to the arin ppml list exemplifies one core of the problem. this is not about address policy, but arin thinks of itelf as a regulator not a registry. contrast with the ripe community and the ncc, which is not nirvana but is a hell of a lot better.

Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability

On Wed, Mar 26, 2014 at 10:52:42AM -0600, kendrick eastes wrote: > The Full-disclosure mailing list was recently... retired, I guess cisco > thought NANOG was the next best place. Nope, they've been sending these things here for as long as I can remember. I have NFI why -- probably hubris, thinki

Re: IPv6 Security

On Thu, 2014-03-27 at 05:34 -0700, Owen DeLong wrote: > What do you think “Link Layer Address” (RFC 3315, Section 9.1 Type 3) > is? From RFC-3315 Section 9.4, it seems pretty clear that is exactly what > this is intended to be. True, it includes an additional 16 bits of media type, > but I don’t se

Re: why IPv6 isn't ready for prime time, SMTP edition

On Thu, 27 Mar 2014, Owen DeLong wrote: On Mar 27, 2014, at 11:15 AM, Barry Shein wrote: Please explain in detail where the fraud potential comes in. Spammer uses his botnet of zombie machines to send email from each of them to his own domain using the user's legitimate email address as Fro

Re: Link Layer Filtering not supported on popular equipment?

On Thursday, March 27, 2014 06:42:12 PM Michael Loftis wrote: > Similar issues with ACLs. There are some options in > Cisco (not certain if any of dell's products have this) > that basically keep ports from talking to eachother, but > allow them to talk to the upstream port (usually a > router t

Re: Remote Hands Spokane, WA?

I know a guy that lives out that way if you'd like me to bring him in. -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN > On Mar 27, 2014, at 15:11, "Aaron C. de Bruyn" wrote: > > Anyone available for remote hands (installing memory) in Spokane, WA on a > Thursday during business hours?

Re: IPv6 isn't SMTP

Barry Shein wrote the following on 3/26/2014 11:24 PM: Some will blanche at this but the entire spam problem basically arose from the crap security in Windows systems, particularly prior to maybe XP/SP2. Not sure where all that leads us, however. Better security at those major exploitation poi

Re: why IPv6 isn't ready for prime time, SMTP edition

On Mar 27, 2014, at 11:15 AM, Barry Shein wrote: > > On March 26, 2014 at 22:25 o...@delong.com (Owen DeLong) wrote: >> >> Actually, a variant on that that might be acceptable… Make e-postage a >> deposit-based thing. If the recipient has previously white-listed you or >> marks your particul

Re: IPv6 isn't SMTP

Barry Shein wrote the following on 3/27/2014 2:06 PM: I suppose the obvious question is: What's to stop a spammer from putting a totally legitimate key into their spam? It's entirely likely that a spammer would try to get a hold of a key due to its value or that someone you've done business

Remote Hands Spokane, WA?

Anyone available for remote hands (installing memory) in Spokane, WA on a Thursday during business hours? -A

Re: IPv6 isn't SMTP

On March 27, 2014 at 08:51 bl...@ispn.net (Blake Hudson) wrote: > > > The primary issues I see with SMTP as a protocol related to the lack of > authentication and authorization. Take, for instance, the fact that the > SMTP protocol requires a mail from: and rcpt to: address (more or less >

Education Committee Update

Hi folks, I would like to provide a brief update from the NANOG Education Committee. We have filled several of the open committee positions but are still looking for more volunteers. We need a Director of Instruction and several more "Members at Large." Please contact Betty or myself if you ar

Re: why IPv6 isn't ready for prime time, SMTP edition

Scott, You are exactly right, in the current environment the things I'm suggesting seem unrealistic. My point is that it doesn't have to work the way it does today, with the webmail providers, the mail originators and the spam warriors all scratching each others' backs. There has been a LOT o

Re: why IPv6 isn't ready for prime time, SMTP edition

On March 26, 2014 at 22:25 o...@delong.com (Owen DeLong) wrote: > > Actually, a variant on that that might be acceptable? Make e-postage a > deposit-based thing. If the recipient has previously white-listed you or > marks your particular message as ?desired?, then you get your postage back.

Re: Switchport Counters - Take two

I have no experience with a Nexus 4001i, seems this could be counting up due to frames of no interest, wrong VLAN, Spanning tree, other. Not by chance on a IBM BladeCenter? The "input discard" count

Re: IPv6 Security [Was: Re: misunderstanding scale]

On 3/27/2014 12:19 PM, Luke S. Crawford wrote: This is a very common problem for dedicated hosting providers (and why I give my dedicated hosts a vlan and a routed subnet, wasting IPv4.) Implement what some DSL access providers do. Unnumbered interfaces with /32 routing to the vlan. The last

Former 360/Ledcor employees from the NW

I am looking for some fiber in the PNW coastal area and for that field tech that knows where all the skeletons and vaults might be buried. I know Ledcor installed it, 360-networks bought it and then Zayo now owns it but cannot find it on their maps. ryan

Re: misunderstanding scale

On March 26, 2014 at 22:17 o...@delong.com (Owen DeLong) wrote: > > Then the spammers will grab /48s instead of /64s. Lather, rinse, repeat. Hang on, do spammers "grab" address blocks? Ok, I'm sure it happens, this is not an existence proof. But is that really a significant characterization

Re: IPv6 Security [Was: Re: misunderstanding scale]

It might make sense to just give everyone their own vlan and their own /64; that would, of course, bring its own problems and complexities (namely that I've gotta have the capability to deal with more customers than I can have native vlans - not impossible to get around, but significant ad

Re: IPv6 Security [Was: Re: misunderstanding scale]

On 03/26/2014 11:14 PM, Owen DeLong wrote: Why not just use private VLAN layer 2 controls for the privacy you describe? The technology I know of is what cisco calls 'protected ports' - My understanding is that those simply mean you can't pass traffic to or from other 'protected ports' - I

Re:

It is actually a 4001i for an IBM Blade Chassis. Sorry for that. So in this setup, port a would be a trunk with multiple vlans connection back to a 6509. port b would be a switch port in access mode that connects to an IBM blade in the chassis. Not sure that this situation fits either of tho

Re:

On 3/27/14, rw...@ropeguru.com wrote: > So I certainly admit I am a basic networking guy and in the past have not > had to get into the nitty gritty of port statistics. > > I am trying to understand some statistics off a switch port in a Nexus > 4001i. Good luck. I couldn't find anything for a n

Switchport Counters - Take two

Apologies to everyone for the original email with no subject. I am having some senior email moments today. Anyway So I certainly admit I am a basic networking guy and in the past have not had to get into the nitty gritty of port statistics. I am trying to understand some statistics off a

Re: Link Layer Filtering not supported on popular equipment?

On Wed, Mar 26, 2014 at 9:08 AM, hasser css wrote: > Is there any common equipment that doesn't support this kind of filtering? > I have no access to the switches where I work (I am just a CS agent at a > smaller service provider), but my boss tells me that they do not support > doing this... howe

Re: IPv6 Security

> > DHCPv6 as defined in RFC 3315 does not offer client MAC address at all > > (thus making the job more difficult for a number of organizations). > > Yes it does… > > What do you think “Link Layer Address” (RFC 3315, Section 9.1 Type 3) > is? From RFC-3315 Section 9.4, it seems pretty clear that

Re: WISP or other options

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 27/03/14 14:04, Dustin Jurman wrote: > There are plenty of Microwave products that produce that type of > bandwidth and more, LOS and NLOS. I do not know if there is a > WISPA counterpart in Scotland but you may want to reach out to > WISPA to see

RE: Switchport Counters

Sent from my Verizon Wireless 4G LTE smartphone Original message From: rw...@ropeguru.com Date:03/27/2014 11:52 AM (GMT-05:00) To: nanog@nanog.org Subject:

[no subject]

So I certainly admit I am a basic networking guy and in the past have not had to get into the nitty gritty of port statistics. I am trying to understand some statistics off a switch port in a Nexus 4001i. All TX and RX counters look normal except on the TX side, I am showing 1107597  input disca

Re: WKBIs, was why IPv6 isn't ready for prime time, SMTP edition

>Actually, a variant on that that might be acceptable� Make e-postage a >deposit-based thing. If the recipient has >previously white-listed you or marks your particular message as �desired�, >then you get your postage back. If not, >then your postage is put into the recipients e-postage account t

Re: [mailop] IPv6 DNSBL

On Thu, Mar 27, 2014 at 9:21 AM, David Hofstee wrote: > There must be a good reason for people to get of their asses and start > implementing things like DMARC. All the banks (!$%^) I talk to do not have > any reason to implement it swiftly (they turn on p=none and then all progress > stops). F

Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability

For anyone who was subscribed to the old full-disclosure list ... Fydor of nmap has brought it back to life. Infolink @ http://insecure.org/news/fulldisclosure/ Subscribe @ http://nmap.org/mailman/listinfo/fulldisclosure On Mar 26, 2014, at 10:52 AM, kendrick eastes wrote: > The Full-disclos

Re: why IPv6 isn't ready for prime time, SMTP edition

Ergo, ad hominem. Please quit doing that. As a side note I happen to run my own mail server without spam filters -- it works for me. I might not be the norm, but then again, is there really a norm? (A norm that transcends SMTP RFC reach, that is -- I know a lot of people who run a lot of mail sy

Re: IPv6 isn't SMTP

On 03/26/2014 08:12 PM, Jimmy Hess wrote: As far as i'm concerned if you can force the spammer to use their own IP range, that they can setup RDNS for, then you have practically won, for all intents and purposes, as it makes blacklisting feasible, once again! Spammers can jump through

Re: Link Layer Filtering not supported on popular equipment?

On Mar 26, 2014, at 11:08 PM, hasser css wrote: > Any insight? I don't know about Dell switches, but Cisco switches have DHCP Snooping, IP Source Guard, PACLs, VACLs, and so forth at layer-2. --- Roland Dobbins //

Re: IPv6 isn't SMTP

mailbox@[IPv6:2001:12:34:56::78:ab:cd] You aren't allowed to use :: to abbreviate one zero hexadectet according to RFC 5952. http://www.rfc-editor.org/errata_search.php?eid=2467 Oh, look at that. I wonder how many people realized that it made an incompatible change to RFC 4291 four years ag

Re: IPv6 isn't SMTP

Hi, On Thu, Mar 27, 2014 at 01:52:27PM +, Tony Finch wrote: > John Levine wrote: > > > > There are also some odd things in the spec. For example, according to > > RFC 5321 this is not a syntactically valid e-mail address: > > > > mailbox@[IPv6:2001:12:34:56::78:ab:cd] > > You aren't allowed

RE: WISP or other options

There are plenty of Microwave products that produce that type of bandwidth and more, LOS and NLOS. I do not know if there is a WISPA counterpart in Scotland but you may want to reach out to WISPA to see if they know of an organization. You can also reach out to Cambium to see whom their partn

Re: IPv6 isn't SMTP

Owen DeLong wrote: > > Two errors, actually… As an RFC-821 address, it should be user@[IP]:port > in both cases (user@[192.0.2.1]:25 and user@[2001:db8::1]:25). You have never been able to specify a port number in an email address. Tony. -- f.anthony.n.finchhttp://dotat.at/ Lundy, Fastnet:

Re: WISP or other options

On 27 March 2014 05:09, Warren Bailey < wbai...@satelliteintelligencegroup.com> wrote: > I think the real problem here is the event is for 2 days and he requires > a metric shxt ton of data (for wireless anyways..). Sure you could get all > kinds of COOL solutions together, but do you think the (

Re: WISP or other options

I think the AF5 should be legal over here, at least, the lower bands are license free up to 1W transmit power. Not used the AF5 at all yet, it's quite new, and the only AF24 experience I have is only ~1000m worth of distance so comparatively easy to make work. Either way you latched onto the poin

Re: WISP or other options

Pay someone to worry about all this stuff, MaxWiFi has a good reputation in the UK at least. Stuff like the Ubiquiti Networks AirFiber can be good for getting from A-B over "relatively short" distances if you've identified another place which has really good connectivity which you can use, and if

Looking for 2M service in CA

Hi all, Apologies if this is the incorrect forum for this request, first time posting to the group! I work for an ISP in Australia and we have a requirement to deliver a service to a client site in CA. I'm not familiar with the American market but I'd be interested in chatting with providers who

Re: Cisco Security Advisory: Cisco IOS Software SSL VPN Denial of Service Vulnerability

The Full-disclosure mailing list was recently... retired, I guess cisco thought NANOG was the next best place. On Wed, Mar 26, 2014 at 10:45 AM, rw...@ropeguru.com wrote: > > Is this normal for the list to diretly get Cisco security advisories or > something new. First time I have seen these. >

Link Layer Filtering not supported on popular equipment?

Is there any common equipment that doesn't support this kind of filtering? I have no access to the switches where I work (I am just a CS agent at a smaller service provider), but my boss tells me that they do not support doing this... however, I do not believe this at all. I think that all the swit

Re: why IPv6 isn't ready for prime time, SMTP edition

This is totally ignoring a few facts. A: That the overwhelming majority of users don't have the slightest idea what an MTA is, why they would want one, or how to install/configure one. ISP/ESP hosted email is prevalent only partially to do with technical reasons and a lot to do with technical

Re: IPv6 isn't SMTP

John Levine wrote: > > There are also some odd things in the spec. For example, according to > RFC 5321 this is not a syntactically valid e-mail address: > > mailbox@[IPv6:2001:12:34:56::78:ab:cd] You aren't allowed to use :: to abbreviate one zero hexadectet according to RFC 5952. http://www.r

Re: IPv6 isn't SMTP

Jimmy Hess wrote the following on 3/26/2014 7:12 PM: The problem is with SMTP and is probably best addressed in the application layer through updates to SMTP or required bolt-ons (e.g SPF or similar); it was just simpler SPF is useful, but not a complete solution. I'm curious w

Re: misunderstanding scale

On 2014-03-26, Owen DeLong sent: > Then the spammers will grab /48s instead of /64s. Lather, rinse, repeat. > > Admittedly, /48s are only 65,536 RBL entries per, but I still > think that address-based reputations are a losing battle in an > IPv6 world unless we provide some way for providers to h

Re: Access Lists for Subscriber facing ports?

On 03/27/2014 05:44 AM, Shawn L wrote: With all of the new worms / denial of service / exploits, etc. that are coming out, I'm wondering what others are using for access-lists on residential subscriber-facing ports. We've always taken the stance of 'allow unless there is a compelling reason not

RE: [mailop] IPv6 DNSBL

>> I suggest reputation on the reply-to domain also (if authenticated of >> course). No more running to other IPs / ESPs if you are a bad boy. You can >> integrate it in browsers and show it there too (watch out; don't enter your >> email address here because they will spam you or have spam evad

Access Lists for Subscriber facing ports?

With all of the new worms / denial of service / exploits, etc. that are coming out, I'm wondering what others are using for access-lists on residential subscriber-facing ports. We've always taken the stance of 'allow unless there is a compelling reason not to', but with everything that is coming o

Re: IPv6 isn't SMTP

On Mar 27, 2014, at 3:24 AM, Franck Martin wrote: > > On Mar 26, 2014, at 11:26 PM, Owen DeLong wrote: > >> >> On Mar 26, 2014, at 8:12 PM, Robert Drake wrote: >> >>> >>> On 3/26/2014 10:16 PM, Franck Martin wrote: and user@2001:db8::1.25 with user@192.0.2.1:25. Who had the goo

Re: [mailop] IPv6 DNSBL

On Mar 27, 2014, at 2:37 AM, David Hofstee wrote: > I suggest reputation on the reply-to domain also (if authenticated of > course). No more running to other IPs / ESPs if you are a bad boy. You can > integrate it in browsers and show it there too (watch out; don't enter your > email address

Re: IPv6 Security

On Mar 27, 2014, at 12:52 AM, sth...@nethelp.no wrote: >>> No, it is LESS robust, because the client identifier changes when the >>> SOFTWARE changes. Around here, software changes MUCH more often than >>> hardware. Heck, even a dual-boot scenario breaks the client >>> identifier stability. Wo

Re: IPv6 isn't SMTP

On Mar 26, 2014, at 11:26 PM, Owen DeLong wrote: > > On Mar 26, 2014, at 8:12 PM, Robert Drake wrote: > >> >> On 3/26/2014 10:16 PM, Franck Martin wrote: >>> >>> and user@2001:db8::1.25 with user@192.0.2.1:25. Who had the good idea to >>> use : for IPv6 addresses while this is the separato

Re: WISP or other options

On Thu, Mar 27, 2014 at 05:09:05AM +, Warren Bailey wrote: > It's not 802.11 and it doesn't act that way. Actually most of the installations I've seen -- and my day job is working with community networks around Scotland that have built all manner of strange things -- the problems most often ha

Re: WISP or other options

On Thu, Mar 27, 2014 at 12:02:30AM -0400, Miles Fidelman wrote: > Laser link, and pray for clear weather? You'll have to pray really hard around here, especially in South Queensferry down by the water... We actually have an FSO link between two tall buildings in South Edinburgh. Only about 500m.

Re: WISP or other options

On Thu, Mar 27, 2014 at 03:35:20AM +, Warren Bailey wrote: > > You are screwed for LOS microwave, 60mbps on a microwave hope requires > real life engineering to function correctly. Well now, really. Yes it needs engineering, but nothing spectacularly difficult. The upper bound on distance the

Re: WISP or other options

On Wed, Mar 26, 2014 at 10:30:27PM -0500, Nick wrote: > > Does any have contacts in Edinburgh Scotland who can provide WISP > service at the Hopetoun House and Dundas Castle. I would like to > have 20-60mpbs to for 2 days of services. There is a *chance* that we (http://hubs.net.uk/) can help. Ou

RE: [mailop] IPv6 DNSBL

I suggest reputation on the reply-to domain also (if authenticated of course). No more running to other IPs / ESPs if you are a bad boy. You can integrate it in browsers and show it there too (watch out; don't enter your email address here because they will spam you or have spam evading practice

Re: why IPv6 isn't ready for prime time, SMTP edition

Subject: Re: why IPv6 isn't ready for prime time, SMTP edition Date: Wed, Mar 26, 2014 at 03:35:48PM -0400 Quoting John R. Levine (jo...@iecc.com): > >>It must be nice to live in world where there is so little spam and > >>other mail abuse that you don't have to do any of the anti-abuse > >>things

Re: IPv6 Security

> It is reality. DHCPv6 needs to take reality into account. > One modest attempt to do so is dhcpy6d at https://dhcpy6d.ifw-dresden.de. Still work in progress and might not fit into every environment but helps some others. Regards -- Henri Wahl IT Department Leibniz-Institut fuer Festkoerper-

Re: why IPv6 isn't ready for prime time, SMTP edition

On Thursday, March 27, 2014 09:48:09 AM Jim Popovitch wrote: > > But a significant portion of it routes through London :-) > > *cough *cough co.tz to co.za, etc., etc. Perhaps, but that does not mean it's all served by South African ISP's. The London trombone is a separate issue. Mark. s

Re: IPv6 Security

> > No, it is LESS robust, because the client identifier changes when the > > SOFTWARE changes. Around here, software changes MUCH more often than > > hardware. Heck, even a dual-boot scenario breaks the client > > identifier stability. Worse yet, DHCPv6 has created a scenario where > > a client

Re: misunderstanding scale

On Thu, Mar 27, 2014 at 6:17 AM, Owen DeLong wrote: > > It only takes a single entry if you do not store /128s but that /64. Yes, > > RBL lookups do not currently know how to handle this, but there are a > > couple of good proposals around on how to do it. > > Then the spammers will grab /48s in

Re: why IPv6 isn't ready for prime time, SMTP edition

On Thu, Mar 27, 2014 at 3:38 AM, Mark Tinka wrote: > > Not all of 41/8 is served by South Africa :-). > But a significant portion of it routes through London :-) *cough *cough co.tz to co.za, etc., etc. -Jim P.

Re: why IPv6 isn't ready for prime time, SMTP edition

On Wednesday, March 26, 2014 08:26:14 PM Lamar Owen wrote: > You don't. Their upstream(s) in South Africa would bill > them for outgoing e-mail. Not all of 41/8 is served by South Africa :-). Mark. signature.asc Description: This is a digitally signed message part.