On Fri, May 3, 2013 at 3:33 PM, Wes Felter w...@felter.org wrote:
On 5/3/13 2:06 PM, Jay Ashworth wrote:
It occurs to me that I don't believe I've seen any discussion of the
Unexpected Consequence of pervasive HTTPS replacing HTTP for
unauthenticated
sessions, like non-logged-in users
Some links:
http://www.nanog.org/meetings/nanog45/presentations/Tuesday/Hankins_4byteASN_N45.pdf
https://tools.ietf.org/html/rfc6793
On Sun, Feb 3, 2013 at 11:15 AM, Brandon Ross br...@pobox.com wrote:
I strongly recommend that you read about and fully understand how 4-byte
ASNs work, and
See also: http://www.ipv.sx/wcit/
On Fri, Dec 14, 2012 at 2:41 PM, Randy Bush ra...@psg.com wrote:
Where MENOG list == me...@menog.net
http://www.menog.org/
On Wed, Nov 28, 2012 at 3:31 PM, Scott Weeks sur...@mauigateway.com wrote:
--- 2asx1y...@sneakemail.com wrote:
Anyone from Etisalat on list? I'm interested in some MPLS connectivity
into Dubai.
On Mon, Nov 26, 2012 at 12:15 PM, Cameron Byrne cb.li...@gmail.com wrote:
On Mon, Nov 26, 2012 at 8:27 AM, Dobbins, Roland rdobb...@arbor.net
wrote:
On Nov 26, 2012, at 10:36 PM, Cameron Byrne wrote:
Ipv6 is not important for users, it is important for network operators
who want to
I think Heather was pointing out that this would be a good time to actually
use it.
On Fri, Nov 16, 2012 at 12:55 PM, valdis.kletni...@vt.edu wrote:
On Thu, 15 Nov 2012 23:05:39 -0800, Kyle Creyts said:
Jeez, isn't RPKI supposed to solve this problem?
That would presume the existence of a
The folks that have done the most work in enabling IPv6-only end users seem
to be CERNET2 in China. To let people get to v4, they're using what they
call IVI (get it?), which is basically NAT64+DNS64.
http://tools.ietf.org/html/rfc6219
http://en.wikipedia.org/wiki/NAT64
If you don't mind running
No IPv6?
On Thu, Sep 6, 2012 at 6:46 PM, Matthew Luckie m...@caida.org wrote:
Hello,
We have been working on refreshing the data and algorithms behind CAIDA's
as-rank project. We have published AS-relationships and AS-rankings
computed for June 2012. We are currently seeking further
I think Randy meant to imply that requiring anyone that wants to
actually use the RPKI to make a legal agreement with ARIN might not be
the best way to encourage deployment.
On Wed, Sep 5, 2012 at 2:56 PM, Mark Kosters ma...@arin.net wrote:
On 9/5/12 3:26 AM, Randy Bush ra...@psg.com wrote:
This seems like an opportune time to remind people about RPKI-based
origin validation as a hijack mitigation:
http://tools.ietf.org/html/draft-ietf-sidr-pfx-validate-08
http://www.cisco.com/en/US/docs/ios-xml/ios/iproute_bgp/configuration/15-2s/irg-origin-as.pdf
I haven't run the numbers, but it
http://lmgtfy.com/?q=drupal+geo+ip
http://lmgtfy.com/?q=joomla+geo+ip
On Tue, Jun 5, 2012 at 3:19 PM, Anurag Bhatia m...@anuragbhatia.com wrote:
Hi James
Nice question. I am interested if someone can suggest some similar
extension or some code to integrate it within Joomla too.
Thanks.
i can tell more than that. rover is a system that only works at all
when everything everywhere is working well, and when changes always
come in perfect time-order,
Exactly like DNSSEC.
no. dnssec for a response only needs that response's delegation and
signing path to work, not everything
So in RPKI, partial data – so you failed to fetch one of the ROAs in the
set – can make something 'invalid' or 'unknown' that should actually be
'valid'.
http://tools.ietf.org/html/rfc6483#page-3
I wouldn't read that as saying that the RPKI requires you to have full
data in order to
ISPs in the Netherlands have had a botnet treaty in effect since
2009, which calls for blocking, user notification, and inter-ISP
information sharing.
http://ripe59.ripe.net/presentations/huijbregts-botnet-convenant.pdf
While you're in Korea, you could talk to Samsung as well about
123.32.0.0/12 (including 123.45.67.89). Closer to home, you could
also talk to ATT about 12.0.0.0/8 (12.34.56.78).
--Richard
On Sat, Feb 25, 2012 at 2:26 AM, Joel M Snyder joel.sny...@opus1.com wrote:
Normally I wouldn't say
Anyone have a clueful contact at HP? One of their proprietary DHCP
features is squatting on an IANA-registered code point.
Thanks,
--Richard
I think if we asked telstra why they didn't filter their customer some
answer like:
1) we did, we goofed, oops!
2) we don't it's too hard
3) filters? what?
I suspect in the case of 1 it's a software problem that needs more
belts/suspenders
I suspect in the case of 2 it's a problem that
FWIW: A colleague in Iran was able to connect to a server in the US
using HTTPS on a non-standard port (). It appears that the
Iranian government is not blocking TLS/HTTPS per se, but just port
443. So in principle, if there were just some HTTPS proxies using
non-standard ports, then people
So because of phishing, nobody should send messages with URLs in them?
On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin s...@cs.columbia.edu wrote:
I received the enclosed note, apparently from RIPE (and the headers check
out).
Why are you sending messages with clickable objects that I'm
In related news, the IETF working group that is writing standards for
the RPKI is having an interim meeting in San Diego just after NANOG.
They deliberately chose that place/time to make it easy for NANOG
attendees to contribute, so comments from this community are
definitely welcome.
There was some discussion of this on tools-disc...@tools.ietf.org.
There was a temporary issue that I believe has been resolved.
--Richard
On Tue, Jan 31, 2012 at 11:59 AM, Matt Taylor m...@mt.au.com wrote:
Fine for me, .au
Matt.
On 31/01/2012 9:59 PM, Sébastien Riccio wrote:
Up from
BBN has also released an initial version of their relying party
software. Core features are basically the same as the other
validators (namely, RPKI certificate validation), with
-- more fine-grained error diagnostics and
-- more robust support for the RTR protocol for distributing validated
The analogy that occurs to me is to roads. People generally have a
right of free movement, which implies that if they are capable of
using roads (e.g., if they have a car and can drive it), then they
should be generally free to do so, certain reasonable legal
constraints notwithstanding. And in
See also this:
https://labs.ripe.net/Members/denis/geolocation-prototype-for-ripe-database
Speak up if you want something similar in the ARIN or LACNIC regions.
--Richard
On Dec 5, 2011 5:19 PM, Andy Warner a...@andy.net wrote:
On Tue, Dec 6, 2011 at 2:41 AM, Victor Esposito
An attack originating from somewhere indicates the presence of either
an attacker or a compromised host. A particular density of either in
a particular geographical area would seem like an interesting data
point.
--Richard
On Wed, Nov 30, 2011 at 1:24 PM, andrew.wallace
Sounds like a good application for INRDB:
https://labs.ripe.net/Members/kistel/content-intro-inrdb-internet-number-resource-database
RIPEstat also has at least its routing history, back as far as 2006:
http://stat.ripe.net/109.190.0.0/17
On Sun, Nov 6, 2011 at 7:01 PM, Louis P
Couldn't you also advertise the /48 from all the sites, if you're
willing to sort things out over the inter-site VPNs?--Richard
On Mon, Oct 31, 2011 at 4:37 AM, Mikael Abrahamsson swm...@swm.pp.se wrote:
On Mon, 31 Oct 2011, Dmitry Cherkasov wrote:
Need your advice: is this normal to distribute
Problem for me at least has not been the MAC layer (either hotel room
or meeting room), it was that the DHCP server was not responding.
Ironically, I could still see everyone's Bonjour and SMB service
advertisements.
--Richard
On Mon, Oct 10, 2011 at 8:46 AM, Nick Hilliard n...@foobar.org
VPN traffic was also slow / bursty. So I guess there's some capacity issues
as well as layer 7 cruft.
On Oct 10, 2011 10:20 AM, Randy Carpenter rcar...@network1.net wrote:
On the hotel network, I have also seen some issues beyond getting an
address. I can usually trace just fine, but
If not short-lived, then at least self-limiting.
--Richard
On Fri, Oct 7, 2011 at 3:15 PM, Christopher Morrow
morrowc.li...@gmail.com wrote:
On Fri, Oct 7, 2011 at 3:10 PM, Arturo Servin arturo.ser...@gmail.com wrote:
I agree with Benson.
In fact, for this problem I find
And if they turn up the voltage on the fence high enough, dinner could be
cooked by the time the crew gets there!
On Sep 19, 2011 9:34 PM, Suresh Ramasubramanian ops.li...@gmail.com
wrote:
On Tue, Sep 20, 2011 at 12:20 AM, John van Oppen
jvanop...@spectrumnet.us wrote:
We had a cow br...
Your
There's an app^W^Wa Working Group for that.
http://tools.ietf.org/wg/dane/
On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones m...@mikejones.in wrote:
On 11 September 2011 16:55, Bjørn Mork bj...@mork.no wrote:
You can rewrite that: Trust is the CA business. Trust has a price. If
the CA is not
Looks like the RIS collectors are seeing it originating mostly from
STC and KACST ASNs:
http://stat.ripe.net/212.118.142.0/24
Some of the show ip bgp reports on that screen are also showing
AS8866 BTC-AS Bulgarian Telecommunication Company. Not sure what's
up with that.
--Richard
On Sat, Sep
Plus, technically, since symbolics.com was non-operational for a
while, bbn.com is the oldest .com domain in continuous operation. And
you'll notice that it has IPv6-reachable web and DNS servers :)
On Mon, Aug 8, 2011 at 11:29 AM, Peter Stockli pete...@gmail.com wrote:
Wow, BBN, the reason we
The same type that Colombia/NeuStar is doing with .co?
On Sun, Jun 19, 2011 at 2:49 PM, Chris Adams cmad...@hiwaay.net wrote:
Once upon a time, Randy Bush ra...@psg.com said:
Now I'm tempted to be the guy that gets .mail
express that temptation in dollars, and well into two commas.
Be careful what you wish for:
http://tools.ietf.org/html/draft-ymbk-aplusp
On Fri, Apr 1, 2011 at 6:47 PM, Dorn Hetzel d...@hetzel.org wrote:
I was thinking today would be a good day to write an RFC for fractional
DHCP where end-users can get issued say 1/64 of an v4 IP, say
Which is especially funny since Comodo is citing the fact that they've
had no OCSP requests for the bad certs as evidence that they haven't
been used.
--Richard
On Thu, Mar 24, 2011 at 10:53 AM, Tony Finch d...@dotat.at wrote:
Harald Koch c...@pobox.com wrote:
This story strikes me as a
What networks are the affected clients on?
On Thu, Mar 3, 2011 at 10:53 AM, Skywing skyw...@valhallalegends.com wrote:
(Apologies for the top-post.)
I've been experiencing the same. Seems like their geolocation data is busted
(since last morning at least), if I had to take a guess.
- S
Anyone care to start the IPv4 dead pool, Price is Right
style, for when the last v4 NLRI is removed from the DFZ?
That's funny, I don't care what galaxy you're from :)
So that puts your bet at more than 25,000 years?
http://en.wikipedia.org/wiki/Canis_Major_Dwarf_Galaxy
In fairness, said device can do the same sort of inspection of SLAAC
traffic. It just looks at neighbor discovery messages instead of DHCP
messages.
http://tools.ietf.org/html/draft-ietf-savi-fcfs
On Sun, Feb 27, 2011 at 2:17 PM, Leigh Porter
leigh.por...@ukbroadband.com wrote:
On 27 Feb
In fairness, said device can do the same sort of inspection of SLAAC
traffic. It just looks at neighbor discovery messages instead of DHCP
messages.
http://tools.ietf.org/html/draft-ietf-savi-fcfs
Any known (existing) or planned implementations of this?
None that you can buy off the
Looks like that's in a CEGETEL dynamic pool in France. Maybe you
should sign up for their service?
http://albatross.ripe.net/cgi-bin/rex.pl?type=allres=86.75.30.9/32stime=2010-02-17etime=2011-02-17page=holdercf=1af=1
On Fri, Feb 18, 2011 at 12:01 PM, Matlock, Kenneth L
matlo...@exempla.org
Never mind, Messrs. Cowie and Baker answered my question:
http://mailman.nanog.org/pipermail/nanog/2011-February/033181.html
Couldn't have paths through Egypt if layer 2 were cut off.
(Right?)
--Richard
On Wed, Feb 16, 2011 at 5:38 PM, Richard Barnes
richard.bar...@gmail.com wrote:
It also
This seems ironic, given the number of ISPs I've heard say There's no
customer demand.
--Richard
On Thu, Feb 3, 2011 at 10:04 PM, Franck Martin fra...@genius.com wrote:
The biggest complaint that I hear from ISPs, is that their upstream ISP does
not support IPv6 or will not provide them with
Note that the ARIN, APNIC, and RIPE lines should all basically level
out to asymptotes after they hit 1 /8 left, due to the soft run out
policies in place [1][2][3]. Either that, or just consider arriving
at 1 /8 left as depletion.
Geoff: How are your graphs dealing with these policies?
[1]
Some times they're not so anonymous :)
122.200.40.0/21 38272 UNKNOWN
http://122.200.40.5/
Sonargaon Online Limited(SOL) is the leading Internet Service
Provider in Dhaka
http://122.200.40.5/pages/contact_us.htm
40/1, Rahman Plaza
Shahid Faruk Road (4th Floor)
Jatrabari, Dhaka
It's in-band only in the sense of delivery. The worst that a
corruption of the underlying network can do to you is deny you
updates; it can't convince you that a route validates when it
shouldn't. And even denying updates to your RPKI cache isn't that
bad, since the update process doesn't really
On Mon, Jan 24, 2011 at 9:16 PM, Danny McPherson da...@tcb.net wrote:
On Jan 24, 2011, at 9:02 PM, Joe Abley wrote:
In this case the DNS delegations go directly from RIR to C; there's no
opportunity for A or B to sign intermediate zones, and hence no opportunity
for them to indicate the
Hi all,
What IPv6 prefix lengths are people accepting in BGP from
peers/customers? My employer just got a /48 allocation from ARIN, and
we're trying to figure out how to support multiple end sites out of
this (probably around 10). I was thinking about assigning a /56 per
site, but looking at
IPv6) I can scan your v6 /64 subnet, and your router will have to send
out NDP NS for every host I scan. If it requires incomplete entries
in its table, I will use them all up, and NDP learning will be broken.
Typically, this breaks not just on that interface, but on the entire
router.
Also, for a slightly more average-person-friendly view, see Iljitsch's
article in Ars Technica:
http://arstechnica.com/tech-policy/news/2011/01/2010-in-ip-addresses-225-million-down-496-million-to-go.ars
On Tue, Jan 4, 2011 at 6:29 AM, Iljitsch van Beijnum iljit...@muada.com wrote:
[
Certainly not. I was thinking more if people wanted something to pass
on to management, marketing, mother, etc
--Richard
On Tue, Jan 4, 2011 at 12:21 PM, Iljitsch van Beijnum
iljit...@muada.com wrote:
On 4 jan 2011, at 17:30, Richard Barnes wrote:
Also, for a slightly more average-person
FWIW, the same does not appear to be true of the Verizon 3G network. (Not
that anyone expected it to be.) My VZW device has a NATted v4 address and
only link-local v6.
On Dec 28, 2010 1:26 PM, Cameron Byrne cb.li...@gmail.com wrote:
On Tue, Dec 28, 2010 at 10:15 AM, valdis.kletni...@vt.edu
Other possible solution would be a DNSarchive, in
the same way there is a WebArchive. Any volunteer?
The RIPE REX tool provides something like this, at least for the reverse tree.
http://rex.ripe.net/
There is also some work in the IETF on the more general problem of
distributing early warning messages:
http://tools.ietf.org/wg/atoca
Right now, they're taking a pretty layer-7 approach (distributing CAP
in SIP messages), but part of their charter is figuring out how this
application relates to
BitTorrent have been active contributors to the IETF LEDBAT working
group, which is looking at transport protocols that back off much more
aggressively than TCP, with exactly the idea of making P2P have a
lower impact on other things at the customer edge.
http://tools.ietf.org/wg/ledbat/
On
RIPE has been developing a couple of projects to support this sort of
history searching:
Internet Resource Database (INRDB):
http://labs.ripe.net/Members/kistel/content-intro-inrdb-internet-number-resource-database
Resource EXplainer (REX):
http://rex.ripe.net/
On Tue, Sep 14, 2010 at 5:46 PM,
On Thu, Aug 26, 2010 at 6:26 AM, Daniel Migault mglt@gmail.com wrote:
Hi,
We are testing protocols on our lab platform and we would like to simulate
communication 2 types of communication :
- From terminals to service platform using a 3G (HSPA / HSPA+) Access
connection
- From
Maybe APNIC should give him 1.1.1.1 and see how he likes it!
On Fri, Jul 2, 2010 at 3:33 PM, Jess Kitchen
jess.kitc...@adjacentnetworks.net wrote:
On Fri, 2 Jul 2010, Kevin Stange wrote:
Hello,
According to Whois data, you company owns the following
IP address space:
206.220.220.0/24
Apparently the Economist has just become aware of the coming 8-bit apocalypse:
http://www.youtube.com/watch?v=yGeuiZr-u50
On Thu, Jul 1, 2010 at 9:25 AM, Gadi Evron g...@linuxbox.org wrote:
The upcoming issue will be about cyber war. Check out the front page image:
So, as periodically happens to me, what started as an idle curiosity
turned into an experiment. I took a look at a RIB snapshot from
Friday, from one of the RouteViews collectors, to see how common it is
that a block gets advertised by two different ASes, as a whole block
by one, and as a set of
I wonder how much of the de-aggregation in the routing table is
attributable to issues like this?
On Fri, Jun 25, 2010 at 9:56 AM, Eric Williams ewilli...@connectria.com wrote:
This issue has been resolved by breaking up the /22 into /24's. Thanks to
all for the advise.
Maybe next time I
OARC did a performance study of a few name servers in the context of
root zone scaling, but it should be generalizable:
http://www.ripe.net/ripe/meetings/ripe-59/presentations/wessels-root-zone.pdf
On Wed, May 5, 2010 at 4:41 PM, Donald Eastlake d3e...@gmail.com wrote:
Hi,
There are a large
... and here's the direct link to the full report:
https://www.dns-oarc.net/files/rzaia/rzaia_report.pdf
On Wed, May 5, 2010 at 4:48 PM, Richard Barnes richard.bar...@gmail.com wrote:
OARC did a performance study of a few name servers in the context of
root zone scaling, but it should
Naïve question: If you used macro expansion, wouldn't you end up
providing responses for a lot of addresses that aren't in use? Maybe
that's not a problem?
On Tue, Apr 27, 2010 at 8:47 PM, Jason 'XenoPhage' Frisvold
xenoph...@godshell.com wrote:
On Apr 27, 2010, at 8:42 PM, Mark Andrews wrote:
for a key and either find something there or fail.
On Tue, Apr 27, 2010 at 9:19 PM, Larry Sheldon larryshel...@cox.net wrote:
On 4/27/2010 19:50, Richard Barnes wrote:
Naďve question: If you used macro expansion, wouldn't you end up
providing responses for a lot of addresses that aren't in use
Presumably, if you've already got a script that's provisioning reverse
results, you could amend it to add name constraints. No idea if this
is possible with current DynDNS software, though.
--Richard
On Tue, Apr 27, 2010 at 9:10 PM, Jason 'XenoPhage' Frisvold
xenoph...@godshell.com wrote:
On
Isn't global addresses you can take with you when you change
providers kind of the definition of Provider Independent address
space? If you want to keep the same addresses when you change
providers, you just need to get a PI allocation.
--Richard
On Wed, Apr 21, 2010 at 5:47 PM, Mark Smith
+1
On Wed, Mar 31, 2010 at 12:00 AM, jim deleskie deles...@gmail.com wrote:
I'm betting more then a few of use free mail accts to keep this
separate from our work mail. If your really having that much issue,
config your mail server to drop it yourself or unsub
Seriously
-jim yes
Actually, it's 31,800 CHF == 30,170 USD.
Plus, you have to get the approval of your local government even to
submit an application.
http://www.itu.int/members/sectmem/Form.pdf
On Wed, Mar 31, 2010 at 6:15 PM, Owen DeLong o...@delong.com wrote:
On Mar 31, 2010, at 12:18 PM, David Conrad
There were a few representatives of the Internet community at the
meeting. All five RIRs were represented, as was ISOC. The notable
absence was ICANN. Of course, this sample is by no means
representative of the entire community, but it's more than None.
On Tue, Mar 30, 2010 at 7:50 PM,
Care to explain what that could possibly be? (I simply don't see an
upside to making it easy to censor the internet by national identity).
Maintenance of GeoIP-databases becomes easier and less error-prone ?
Possible less out of date because of it.
We've seen complaints about those many
Dude, think to the future -- /128s!
On Mon, Feb 22, 2010 at 3:03 PM, Hank Nussbacher h...@efes.iucc.ac.il wrote:
On Mon, 22 Feb 2010, Dorn Hetzel wrote:
I am sure the various carriers faced with the onset of Local Number
Portability and WLNP in this part of the world would have been happy to
What I've heard is that the driver is IPv4 exhaustion: Comcast is
starting to have enough subscribers that it can't address them all out
of 10/8 -- ~millions of subscribers, each with 1 IP address (e.g.,
for user data / control of the cable box).
On Thu, Jan 28, 2010 at 12:55 AM, Kevin Oberman
Team Cymru seems to put out a lot of information in their newsletters
about where bots are, e.g. this article about the locations of botnet
controllers:
http://www.team-cymru.org/ReadingRoom/Articles/botnet-cnc-tlds-and-countries.html
On Wed, Jan 27, 2010 at 6:07 PM, Steven Bellovin
To echo and earlier post, what's the operational importance of
assigning adjacent /8s? Are you hoping to aggregate them into a /7?
--Richard
On Fri, Jan 22, 2010 at 10:16 AM, William Allen Simpson
william.allen.simp...@gmail.com wrote:
Nick Hilliard wrote:
On 22/01/2010 13:54, William Allen
Would it make sense for the RIRs to just carve out the bad parts of
the blocks, instead of IANA? Under current policy, would reserving
bad bits make it more difficult for an RIR to get additional
allocations?
--Richard
On Fri, Jan 22, 2010 at 11:56 AM, Leo Vegoda leo.veg...@icann.org wrote:
On
Something that I have often wondered is how folks would feel about
publishing some sort of geo information in reverse DNS (something like
LOC records, with whatever precision you like) -- this would allow the
folks that geo stuff to automagically provide the best answer, and
because you
Just to be fair here, I appreciate that there's some additional
complexity here (not much -- I implemented a client for this yesterday
in ~80 lines of Javascript), but LOC records don't cover everything.
They're fine for stationary stuff, but not so great for anything that
moves with any frequency
79 matches
Mail list logo