On Wed, Oct 17, 2012 at 09:45:09PM -0500, Jimmy Hess wrote:
> On 10/16/12, Randy Bush wrote:
> >> First off, I'm using djbdns internally and it doesn't support
> >> records. So we really aren't using it internally.
> > if the clutch in my car is broken, should i stop using vehicles?
> > dump
> Doesn't really matter who gets what, because no one is going to route
> anything larger than a /8 anyway, particularly the RIR allocations. Just
> kinda fun to think about :-)
>
> -Randy
>
>
How about when HP/Compay/DEC buys Apple or the other way around ? ;-)
They could do so in theory anyw
On 01/25/2011 11:06 PM, Owen DeLong wrote:
>
>
>> "640k ought to be enough for anyone."
>>
> If IPv4 is like 640k, then, IPv6 is like having 47,223,664,828,696,452,136,959
> terabytes of RAM. I'd argue that while 640k was short sighted, I think it is
> unlikely we will see machines with much more t
Hello Carlos,
On 01/30/2011 02:57 PM, Carlos Martinez-Cagnazzo wrote:
> What I just don´t get if, we as a society, have created institutions
> we trust with our *money* (AKA banks), why there can´t be institutions
> we trust with our crypto keys. I know that banks sometimes fail, and
> yes, probab
On 01/15/2011 11:06 PM, Stephen Davis wrote:
>> I'm a full supported for getting rid of NAT when deploying IPv6, but
>> have to say the alternative is not all that great either.
>>
>> Because what do people want, they want privacy, so they use the
>> IPv6 privacy extensions. Which are enabled by de
On 01/15/2011 03:01 PM, Joel Jaeggli wrote:
> On 1/15/11 1:24 PM, Leen Besselink wrote:
>
>> I'm a full supported for getting rid of NAT when deploying IPv6, but
>> have to say the alternative is not all that great either.
>>
>> Because what do people want,
On 01/15/2011 02:01 AM, George Bonser wrote:
>
>> From: William Herrin
>> Sent: Friday, January 14, 2011 4:11 PM
>> To: nanog@nanog.org
>> Subject: Re: Is NAT can provide some kind of protection?
>>
>> On Fri, Jan 14, 2011 at 2:43 PM, Owen DeLong wrote:
>>> Ah, but, the point here is that NAT act
On 01/09/2011 07:46 AM, Matthew Kaufman wrote:
> On 1/8/2011 3:16 AM, Leen Besselink wrote:
>>
>> Hello Mr. Kaufman,
>>
>> In the upcoming years, we will have no IPv6 in some places and badly
>> performing IPv4 (CGN, etc.) with working IPv6 in others.
> Right.
On 01/07/2011 03:57 AM, Matthew Kaufman wrote:
> On 1/6/2011 6:34 PM, Joel Jaeggli wrote:
>> On 1/6/11 5:48 PM, Owen DeLong wrote:
>>> Doesn't all of this become moot if Skype just develops a dual-stack
>>> capable client
>>> and servers?
>> Really, only some fraction of the supernodes and the logi
gress/2010/Fahrplan/events/3957.en.html
A video and slides should show up on the list soon:
http://media.ccc.de/tags/27c3.html
(because of audio transcoding issues some videos are not online right
now, if you ask me nicely I could mail a link for the video from before
they took it down)
Have a nice day,
Leen Besselink.
On 12/01/2010 10:41 PM, Randy Bush wrote:
> the more i think about this, the more i am inclined to consider a second
> trusted root not (easily) attackable by the usg, who owns the root now,
> or the acta vigilantes. as dissent becomes less tolerated, let alone
> supported, we may want to attempt
>> And once you get these things in place you never know where it will end...
> That, OTOH, is true.
>
Actually, we do.
Every time a country creates a list, even though you wouldn't expect it
from these respectable countries, politicians and policemen with their
good intentions, somehow things e
On 11/02/2010 01:26 PM, Tim Franklin wrote:
>> About the only hack I can see that *might* make sense would be that
>> home CPE does NOT honour the upstream lifetimes if upstream
>> connectivity is lost, but instead keeps the prefix alive on very
>> short lifetimes until upstream connectivity return
On 10/21/2010 09:25 PM, George Bonser wrote:
>> However, consider the fact that there will be v6 only hosts popping up
>> after IANA/RIR/ISP exhaustion. There will be new entrants in the
> public
>> internet space that cannot obtain v4 addresses and will be reachable
>> via v6
>> only ...
> Yep, y
On 10/07/2010 04:16 PM, Sven Olaf Kamphuis wrote:
> you just give contacts for the passwords with which you have received
> a new one.
>
Hi Sven/others,
This very much sounds like TMDA:
http://tmda.net/
http://en.wikipedia.org/wiki/Tagged_Message_Delivery_Agent
Where by each person that needs t
On 09/12/2010 08:42 AM, Antonio Querubin wrote:
> On Sat, 11 Sep 2010, Jared Mauch wrote:
>
>> I would be careful actually using teredo, as some of them (eg:
>> Microsoft) have swaths of native IPv6 networks that are unreachable.
>
> While I would agree in principle, in practice we have little cont
On 08/28/2010 01:52 PM, Thomas Mangin wrote:
> My point was not about crafted bgp message to test border cases - this is
> what one would expect in a regression suite.
> It is about the use of a fuzzer to corrupt packet when you then do not know
> if the router is then behaving correctly or not.
On 08/28/2010 11:39 AM, Saku Ytti wrote:
> On (2010-08-28 18:20 +0900), Randy Bush wrote:
>
>
>> a bgp regression suite would not have caught this as it was not a
>> repeat. but it sure would be useful to implementors.
>>
> Naturally 'proving' that non-trivial software works is practically
On 08/21/2010 02:08 AM, Brandon Ross wrote:
On Fri, 20 Aug 2010, Ricky Beam wrote:
I think it's almost universally disabled (by default) everywhere in
IPv4 purely for security (traffic interception.)
Okay, I'll ask again. Exactly how does disabling ICMP redirects on my
router prevent traffi
On 08/19/2010 07:58 PM, Joakim Aronius wrote:
* Joel Jaeggli (joe...@bogus.com) wrote:
manual configuration of ip address name mappings seems like a rather low
priority for the average home user...
I don't expect that will be a big activity in the future either, more
devices means less manu
On 07/28/2010 02:21 AM, valdis.kletni...@vt.edu wrote:
That plus the phrase "restarting the Internet" is more than a little bit
misleading.
If you think that is misleading, you would want to see this article:
http://www.metro.co.uk/news/836210-brit-given-a-key-to-unlock-the-internet
By
Eventually ARIN (or someone else will do it for them) may create a site
you can register your address and know that it really is unique
among participating registrants. Random is fine, unique is better.
Such a site would be the seed for when (if) we come up with the tech
for everyone to have PI
On Wed, Apr 21, 2010 at 10:05:34AM -0400, Mike Walter wrote:
> We have had very good luck with using port 587 and requiring the users
> to authenticate to send email from outside our network.
>
> Inside customers, we have not changed to force port 587 and
> authentication for email clients, but t
On Wed, Apr 21, 2010 at 10:49:07AM -0300, Claudio Lapidus wrote:
> Hello all,
>
Hello Claudio,
> At our ISP operation, we are seeing increasing levels of traffic in our
> outgoing MTA's, presumably due to spammers abusing some of our subscribers'
> accounts. In fact, we are seeing connections fr
On 04/20/2010 09:31 PM, Roger Marquis wrote:
Jack Bates wrote:
.01%? heh. NAT can break xbox, ps3, certain pc games, screw with various
programs that dislike multiple connections from a single IP, and the
crap load of vpn clients that appear on the network and do not support
nat traversal (eithe
On 04/19/2010 07:45 PM, Bill Bogstad wrote:
On Mon, Apr 19, 2010 at 1:14 PM, Mohacsi Janos wrote:
On Mon, 19 Apr 2010, Bill Bogstad wrote:
On Mon, Apr 19, 2010 at 12:10 PM, Frank Bulk - iName.com
wrote:
Don't forget the home gateway aspect -- it's a huge gaping hole in
On 04/03/2010 07:39 PM, valdis.kletni...@vt.edu wrote:
On Sat, 03 Apr 2010 08:06:44 EDT, Jeffrey Lyon said:
For small companies the cost of moving to IPv6 is far too great,
especially when we rely on certain DDoS mitigation gear that does not
yet have an IPv6 equivalent.
So? How man
On 04/01/2010 12:55 AM, Charles N Wyble wrote:
Hopefully this e-mail is considered operational content :)
The recent thread on the new linkys kit and ipv6 support got me
thinking about CPE choice.
What good off the shelf solutions are out there? Should one buy the
high end d-link/linksys/n
On 03/02/2010 11:46 PM, Richard Barnes wrote:
Care to explain what that could possibly be? (I simply don't see an
upside to making it easy to censor the internet by national identity).
Maintenance of "GeoIP"-databases becomes easier and less error-prone ?
Possible less out of date becau
Not comparing this to the former-DDR or Chinese situation (please refer
to my tin-foil remark above) a per-country specific prefix is not
necessarily a bad thing and may even have an upside.
Care to explain what that could possibly be? (I simply don't see an
upside to making it easy to c
On 01/29/2010 08:30 PM, Robert D. Scott wrote:
Looks like an internal problem to BoA. The redirect works, and I get an
immediate reply. The https redirect page appears boinked. Even with a -k
curl took over 30 seconds to get the page, and the browser would have timed
out.
Hi,
Just noticed
Keith Medcalf wrote:
>> ... Dont know what web 2.0 is but the new portal is a web based
>> object management system complete
>> with "recommended" changes and inconsistency lists.
>> We just added prefix allocation check with backend information
>> from PCH (prefix checker tool).
>
> Web 2.0 is m
> It's worth noting that despite higher voltages here there aren't more
> deaths or injuries - but maybe it's because people take it more
> seriously. Admittedly no one I know is nuts enough to use body parts
> for "liveness testing".
>
(sorry for being kinda late in this discussion)
I've never
mike wrote:
> Well,
>
>Our operation uses linux everywhere and we have our own in house tiny
> embedded flavor with all the tools and things that make it suited for
> use in big and small boxes as many kinds of router and general packet
> flipping appliance. I have confidence built on long ter
Ray Burkholder wrote:
>> In scaling upward. How would a linux router even if a kernel guru were
>> to tweak and compile an optimized build, compare to a 7600/RSP720CXL or
>> a Juniper PIC in ASIC? At some point packets/sec becomes a limitation I
>> would think.
>>
>
> Is anyone building linux/bsd-
William Warren wrote:
> On 2/19/2009 9:37 AM, Ryan Harden wrote:
> While you could probably build a linux router that is just as fast as a
> real hardware router, you're always going to run into the moving pieces
> part of the equation.
>
> In almost all scenarios, moving parts are more prone to f
Raymond Dijkxhoorn wrote:
> Hi!
>
Hi,
>>> networks with visitors have shown a serious problem with rouge RAs
>
>> Does that get better with RAs from the good routers turned off?
>>
>> Aria Stewart
>> aredri...@nbtsc.org
>
> Is there something like RA filtering on switches yet, so end users can
Mark Andrews wrote:
>> >> (or just pre-populate the DNS with DHCP-2001-9A98-D247-{5more}.ISP.com
>> >> and be
>> >> done with it like many places do for IPv4)
> >
> > Which still leaves the problem of how does the machine get its
> > name in a trusted manner.
> >
I don't know about that,
> - Original Message -
> From: "aljuhani"
> Subject: Re: Tightened DNS security question re: DNS amplification
> attacks.
> To: "nanog"
>
> Well the RBLs, in using dns queries, is another form of legal DDoS attacks,
> mainly when the
> suddenly cease to respond or re-configure t
39 matches
Mail list logo
