On 11/15/13 13:25, Jay Ashworth wrote:
> You seem to be taking this awfully personally, though, Mike; did you
> *set* the policies and procedures I'm scoffing at?
I am NOT TAKING IT PERSONALLY DAMMIT!!!
Okay, now being serious (note clever way of avoiding using emoticons
while pointing out that
On 11/15/13 12:29, Jay Ashworth wrote:
> - Original Message -
>> From: "Michael Sinatra"
>
>> UC Berkeley installed 3 CEVs (Controlled Environment Vaults) below
>> ground on campus about 10-15 years ago. One of them houses one of the
>> two main
Hi Justin and Roy:
On 11/13/13 12:05, Justin M. Streiner wrote:
> On Wed, 13 Nov 2013, Roy hockett wrote:
>
>> Has anyone ever used a below grade vault for housing fiber cross
>> connects?
>>
>> We have to move a fiber interconnect facility due to the current
>> building being demolished. If you
On 04/29/13 15:38, Brzozowski, John wrote:
> FYI for folks that are interested:
>
> http://corporate.comcast.com/comcast-voices/comcast-launches-ipv6-for-business-customers
Great news!
Strangely, I (a Comcast Business customer at home) have noticed RAs
coming across my wire for several months no
Jeff and NANOG:
We are currently dropping the bad attribute within our network (as293)
and are working with the customer to determine the origin of the
attribute (equipment, code rev, etc.). The bad attribute should not be
leaking beyond our AS at all. If you're filtering routes from AS68, you
s
Hi Jeff (and NANOG)
This is one of our customers, and we're going to get it fixed (or worked
around) ASAP.
michael
On 11/29/12 12:44 AM, Jeff Wheeler wrote:
> I had two downstream BGP customers experience problem with an OpenBGPd bug
> tonight. Before diving into detail, I would like to link th
On 10/31/12 2:55 PM, Blair Trosper wrote:
> I guess I'll be the one to ask...what's going on over at Google? Service
> interruptions and front-end errors all over the place across what appears
> to be all services, though Gmail seems to have bounced back up. Google's
> service disruption is about
On 04/06/12 10:47, Keegan Holley wrote:
Have you tried contacting the owner of the IP? A DDOS attack from that
particular IP would be ironic.
#
# The following results may also be obtained via:
#
http://whois.arin.net/rest/nets;q=72.20.23.24?showDetails=true&showARIN=false&ext=netref2
#
Stamin
On 03/30/12 13:41, Henry Yen wrote:
uunet/vzb "will terminate its United States Newsreader and Newsfeed
services on March 31, 2012, with no plans to offer a replacement, and
any content/data remaining after that date will be unrecoverably deleted".
does anyone on NANOG have any thoughtful commen
On 03/07/12 16:10, Patrick W. Gilmore wrote:
On Mar 7, 2012, at 19:06 , Jim Cowie wrote:
As a meta-comment: this "Quick Look" style of blog is an experiment we're
trying, based on feedback that the community wanted to hear about more of these little
events as they happen. In a Quick Look, we
On 03/03/12 00:33, Mukom Akong T. wrote:
On Thu, Feb 16, 2012 at 4:46 AM, Michael Sinatra
wrote:
ULA is the IPv6 equivalent of RFC1918
Michael, could you explain this a bit more? In the sense that :
a. Anyone can use ULA pretty much as they wish without having to go to
their ISP or RIR
On 02/16/12 14:21, Chris Adams wrote:
Once upon a time, Bryan Irvine said:
And watch for the removable faceplates. We've been bitten before
after a server move by rebooting a server that had the correct label
but the wrong faceplate. Now we label the faceplate as well as
underneath of it too.
On 02/15/12 23:34, Owen DeLong wrote:
I think one of the most damaging fundamental misconceptions which is
not only rampant among students, but, also enterprise IT professionals
is the idea that NAT is a security tool and the inability to conceive of the
separation between NAT (header mutilation)
On 02/16/12 05:17, Ray Soucy wrote:
I've found starting off with some history on Ethernet (Maine loves Bob
Metcalfe) becomes a very solid base for understanding; how "Ethernet"
today is very different; starting with hubs, bridges, collisions, and
those problems, then introducing modern switching,
ULA is the IPv6 equivalent of RFC1918
RFCs are standards (i.e. all of them, or RFC is synonymous with standard)
The words "Internet" and "Web" can be used interchangeably
Not only does NAT provide "security," but it's NECESSARY for "security."
Alternatively, you can't possibly be as secure wi
On 12/23/11 13:00, Masataka Ohta wrote:
> Tomas Podermanski wrote:
>
>> It sounds good, but according to RFC 6434 ( IPv6 Node Requirements)
>> SLAAC is required,
>
> Not at all. SLAAC is required only if ND is supported, which
> is optional.
>
> Note that ND works poorly over link layers such a
On 12/23/11 12:52, Masataka Ohta wrote:
> Michael Sinatra wrote:
>
>> The only time you need to perform extra steps is when you want to run
>> DHCPv6. You need to enable the M and/or O flags and turn off the
>> 'autonomous' flag (if you don't want a host to
On 12/22/11 12:09, Tomas Podermanski wrote:
We have to use SLAAC as well because we do not have other choice. Not
all operating systems supports DHCPv6 today. But we are not happy about
it (problems with privacy extensions, security as I mentioned before).
DHCPv6 do not have to be run on a cent
On 12/22/11 16:16, Masataka Ohta wrote:
> Glen Kent wrote:
>
>> While in some environments, typically with small number of devices,
>> its indispensable. Small businesses may not want the complexity of
>> setting up a central server (for DHCP) - SLAAC works very well in such
>> environments.
>
>
On 12/21/11 12:40, Ray Soucy wrote:
I'm afraid you're about 10 years too late for this opinion to make
much difference. ;-)
We have been running IPv6 in production for several years (2008) as
well (answering this email over IPv6 now, actually) yet I have
completely different conclusions about th
On 12/20/11 12:22, Mark Andrews wrote:
In message<4ef09908.3050...@netwolves.com>, Steve Clark writes:
Hello,
I have a SIXXS ipv6 tunnel that terminates in Ashburn, Va.
I have two HE ipv6 tunnels, one terminates in Dallas the other
terminate in Ashburn. I can ping each endpoint of the tunnels t
On 12/20/11 09:31, valdis.kletni...@vt.edu wrote:
On Tue, 20 Dec 2011 17:16:06 GMT, bmann...@vacation.karoshi.com said:
the one difference is that ISC will be shipping RPZ enabled code v.
the blackhat having to hack the machine and modify the configuration.
EIther way, the bla
On 12/20/11 06:33, Jeroen Massar wrote:
On 2011-12-20 15:17 , Steve Clark wrote:
Hello,
I have a SIXXS ipv6 tunnel that terminates in Ashburn, Va.
I have two HE ipv6 tunnels, one terminates in Dallas the other
terminate in Ashburn. I can ping each endpoint of the tunnels that
terminate
in Ashbu
On 11/13/11 07:36, Jason Lewis wrote:
I don't want to start a flame war, but this article seems flawed to
me. It seems an IP is an IP.
http://www.redtigersecurity.com/security-briefings/2011/9/16/scada-vendors-use-public-routable-ip-addresses-by-default.html
I think I could announce private IP
On 11/15/11 09:15, William Herrin wrote:
On Mon, Nov 14, 2011 at 7:35 PM, Jeroen van Aart wrote:
William Herrin wrote:
If your machine is addressed with a globally routable IP, a trivial
failure of your security apparatus leaves your machine addressable
from any other host in the entire world
On Mon, 10 Oct 2011, Randy Bush wrote:
if it's wifi that's causing the trouble, the usual causes are:
is the complaint the hotel ROOM wireless? or the meeting-room?
meeting net, a-secure and a. really bad during the night, but still
bouncing up until 08:30 when i turned laptop off to partici
The thread on f-root reminded my of an anecdotal datum regarding DNSSEC
in China. I was in China back in August, staying at the Green Lake
Hotel in Kunming, Yunnan Provence. When connecting to the hotel in-room
network (there was no wireless but a wired connection), I was able to
properly val
On 09/18/11 19:41, Frank Bulk wrote:
I should have made myself more clear -- the policy amendment would make
clear that multihoming requires only one facilities-based connection and
that the other connections could be fulfilled via tunnels. This may be
heresy for some.
I don't think the policy
On 09/16/11 08:35, John Curran wrote:
On Sep 16, 2011, at 10:17 AM, Leigh Porter wrote:
-Original Message-
From: Randy Bush [mailto:ra...@psg.com]
Sent: 16 September 2011 16:05
To: John Curran
Cc: NANOG list
Subject: Re: Disappointing ARIN - A great advertisement for the USA ?
If you
On 09/12/11 17:49, Jimmy Hess wrote:
I think arin-discuss would be a better place for this than arin-ppml.
You're suggesting using ARIN's private members-only mailing list over
a public one?
That doesn't make sense, because this is a public issue, not a members issue.
PPML isn't right either, t
On 09/12/11 10:13, Always Learning wrote:
Primarily IP ranges to block and/or abuse email addresses.
https://www.arin.net/participate/mailing_lists/
Thank you. I will try it.
Oh, and there they also like to see your real name and not a junk mail
address. Just like on the RIPE mailinglis
On 06/08/11 18:32, Jared Mauch wrote:
MYTHS:
TCP/53 is only for zone transfers ICMP is a security risk/ddos
avenue Internal networks must be secured with NAT A firewall is the
only way to secure the perimiter
In fact for IPv6, ICMP is more important vs less. Firewalls
frequently harm and don'
On 06/07/11 22:00, Joly MacFie wrote:
ISOC Hong Kong has a great World IPv6 Day event - Kickstart IPv6! -
starting at 2pm HKT = 0600UTC (around an hour from now) and
running 3 and a half hours.
It will be webcast live via the ISOC Chapters Livestream Channel on the
ISOC-HK site - http://isoc.h
On Wed, 8 Jun 2011, Iljitsch van Beijnum wrote:
www.juniper.net is on IPv6
www.facebook.com has but doesn't load for me over IPv6, it does for others
though
Working great for me. Getting to it via HE.
www.level3.com works fine over v4 but shows a 404 over IPv6
Yes, I am seeing th
On 10/5/10 9:52 AM, Christopher Morrow wrote:
On Tue, Oct 5, 2010 at 12:18 PM, Tony Finch wrote:
On Tue, 5 Oct 2010, Michael Sinatra wrote:
Hence the question: How should I provision authoritative DNS servers,
given that the prefix information is provided via DNS--including the
prefix
On 10/5/10 9:18 AM, Tony Finch wrote:
On Tue, 5 Oct 2010, Michael Sinatra wrote:
Hence the question: How should I provision authoritative DNS servers,
given that the prefix information is provided via DNS--including the
prefix information for the DNS servers themselves--leading to a
chicken
Michael Sinatra, UCB; what are thoughts around best practices for
auth DNS server in ILNP world, and how do you handle updates for
locator values to the auth servers when a link changes?
A: you need
DNSsec to be running, you make updates, you check authenticity of the
update, etc. How will
On 01/24/10 18:53, Mark Andrews wrote:
In message<202705b1001241834l5b1911bat97ee2130f632f...@mail.gmail.com>, Jorge
Amodio writes:
Good point, tomorrow/today we'll start seeing what gets broken and
hopefully why.
Regards.
Jorge
I don't expect to see much until the last root server (J) switc
On 12/25/09 7:57 AM, Anton Kapela wrote:
What I'm getting at is that after following this thread for a while,
I'm not convinced any amount of process-borrowing is going to solve
problems better, faster, or even avoid them in the first place. At
best, our craft is 1/3rd as "old" (if that's someho
On 01/05/09 12:47, Randy Bush wrote:
> perhaps i am a bit slow. but could someone explain to me how trust in
> dns data transfers to trust in an http partner and other uses to which
> ssl is put?
Because I have to trust the DNS anyway. If the DNS redirects my users
to a bad site, they may not no
On 12/03/08 12:36, Larry Daberko wrote:
I am unable to resolve www.yahoo.com. Tracing DNS back from the root
servers shows that www.yahoo.com is a CNAME to www.wa1.b.yahoo.com and
there are no A records for that hostname.
Anyone have more details or a Yahoo contact? I'm unable to get to their
On 11/19/08 14:05, Jack Bates wrote:
Nathan Ward wrote:
The problem here is XPSP2/Vista assuming that non-RFC1918 =
unfiltered/unNATed for the purposes of 6to4.
Well, deeper problem is that they're using 6to4 on an end host I
suppose - it's supposed to be used on routers.
While I don't doub
On 11/18/08 9:59 AM, Jeroen Massar wrote:
Michael Sinatra wrote:
On 11/18/08 9:26 AM, Christopher Morrow wrote:
On Mon, Nov 17, 2008 at 9:02 PM, Nathan Ward <[EMAIL PROTECTED]> wrote:
I wish them good luck in reaching the DNS root servers.
They are in "critical infrastruc
On 11/18/08 9:26 AM, Christopher Morrow wrote:
On Mon, Nov 17, 2008 at 9:02 PM, Nathan Ward <[EMAIL PROTECTED]> wrote:
I wish them good luck in reaching the DNS root servers.
They are in "critical infrastructure" space, which is a single /32 with
traceroute6 to the ISC's v6 allocation(s)
On 11/17/08 14:46, [EMAIL PROTECTED] wrote:
ARIN claims they are seeing /48s routed, at least in their route tables. I
have seen some new momentum on the allocation of /32's, don't know if that
is in response to rules like this?? Would be awefully difficult for our
organization to come up wit
On 07/10/08 11:03, Jay R. Ashworth wrote:
Another test, that apparently was publicized on some dnsops list:
dig +short porttest.dns-oarc.net TXT
The "some dnsops list" is the OARC public dns-operations list, and this
posting explains the tool and briefly describes the results:
http://lists.
Mark Andrews wrote:
Authoritative only servers need hints so that NOTIFY will
work in the general case.
Presumably that's because the authoritative server will want to look up
the RDATA (hostname) of each NS record that serves a zone for which it
is authoritative. Could you avoid
Kevin Oberman wrote:
>> I agree with Iljitsch that it happens frequently, but I think I am
>> justified in expecting more than that from Microsoft. Anything less
>> would be unprofessional.
>
> And you would consider an organization that threatens someone who
> complains publicly about its obv
Nathan Anderson/FSR wrote:
> Here is a brief update on the situation:
>
> I have been in contact with someone at Microsoft's service operations
> center, who has confirmed for me that MS does in fact block _all_ ICMP
> at the edge of their network, that they are aware that this will in fact
> b
Ted Fischer wrote:
I didn't save any of my Wireshark traces, but this is what I observed
(I'm behind Charter at home but visiting my brother in NJ - Comcast
territory).
All attempts to check my e-mail (neither Charter nor Comcast) showed the
syns going out but no syn acks coming back. The
50 matches
Mail list logo
