Re: Selective DNS replies

[Paul Vixie]

[EMAIL PROTECTED] (Eric A. Hall) writes:

 Clayton Fiske wrote:
 
  [bind question]
 
 [bind answer]

this is nanog, you probably want bind-users[-request]@isc.org.

MSNBC

[BrandonButterworth]

 According to Reuters, MSNBC web site was offline for two hours Thursday
 morning.
 
 
http://story.news.yahoo.com/news?tmpl=storyu=/nm/20020425/wr_nm/tech_msnbc_outage_dc_1

 A spokesman for the site ... confirmed that the site had crashed for
 two hours but said the causes were still being investigated.


http://www.msnbc.com/news/743492.asp
 The Web news site experienced a SYN attack at 7:30
  a.m. ET that caused its content to be
  unavailable to users, according to
  MSNBC.com's technical production staff.

EDFA

[JAKO Andras]

 Hello,

A bit off-topic and maybe stupid question:

I was told yesterday, that a Hungarian telco/ISP is experimenting with
EDFAs. My friend said that the box looks like if they just brought it from
a research lab (however it's a commercial product). How common is it
nowadays to use EDFAs in ISP backbones?

Please reply me off-list. Thanks.

Andras

Cable Wireless outage NYC 11:00 AM EDT

[Christopher X. Candreva]

This was going to be a question, but now it's a statement.

CW had an outage in NYC around 11:00 AM this morning. 11:40 EDT and things
seem to be comming back.

CW NOC was returning busy for about 10 minutes, then I was on hold for 1/2
hour, and they picked up just as traffic started flowing again.


==
Chris Candreva  -- [EMAIL PROTECTED] -- (914) 967-7816
WestNet Internet Services of Westchester
http://www.westnet.com/

Re: Google doing regional preferencing on results?

[Steve Goldstein]

**If** they cache and replicate, it could be that the caches are not 
always identical in different places.  If they are replicated, 
perhaps a replication cycle lagged in one of the two locations.

  --Steve

At 5:36 PM +0100 4/26/02, Avleen Vig wrote:
it gives you different
results depending on where in the world you search from.

North American: Train Derailment - West of Winnipeg

[Sean Donelan]

From the other part of North America, and country hosting the
next NANOG meeting.

Fairly major Train Derailment East of Winnipeg.  Many Canadian carriers
affected, (This is a major 360 condo build) although most have fiber route
diversity.

RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.

[Eric Germann]

Only half tongue in cheek, does anyone know of a consise resource pointing
out the netblocks allocated to .kr, etc so I can answer my own

How do I configure my router for   question that Randy will inevitably
bring up?


==
  Eric GermannCCTec
  [EMAIL PROTECTED] Van Wert OH 45801
  http://www.cctec.comPh:  419 968 2640
  Fax: 603 825 5893

The fact that there are actually ways of knowing and characterizing the
extent of one’s ignorance, while still remaining ignorant, may ultimately be
more interesting and useful to people than Yarkovsky

  -- Jon Giorgini of NASA’s Jet Propulsion Laboratory

 -Original Message-
 From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
 Deepak Jain
 Sent: Friday, April 26, 2002 2:43 PM
 To: todd glassey; Joel Jaeggli
 Cc: blitz; [EMAIL PROTECTED]
 Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.




 I'm happy to take the blame for the real problem. Exactly what am I taking
 the blame for?

 Deepak Jain
 AiNET



 -Original Message-
 From: todd glassey [mailto:[EMAIL PROTECTED]]
 Sent: Friday, April 26, 2002 9:43 AM
 To: Joel Jaeggli; Deepak Jain
 Cc: blitz; [EMAIL PROTECTED]
 Subject: Re: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.


 SNIP-

 
   We're off-topic, but I'd say that cyberterrorismis far less
 expensive to
   create than invasion or nuclear weapons.

 And they are much easier to stop. Just turn off the routers such
 that China
 is its own sealed-in infrastructure. But if its China's money you
 are after
 then you will have to build something akin to a demarcation gateway
 between China and the rest of the world and then who cares what is done
 inside China. Or you will ultimately be held liable for your custiomer's
 attacks against the rest of the world...

 You operators still dont seem to get that YOU are the real problem here.

 Todd Glassey

  
   Deepak Jain
   AiNET
  
   -Original Message-
   From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
   blitz
   Sent: Thursday, April 25, 2002 6:33 PM
   To: [EMAIL PROTECTED]
   Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
  
  
  
   I put nothing past them, of course theyre not alone, as we all must
 assume
   by now.
   Theyve threatened to nuke LA if we interfere with their plans to take
   Tiawan by force, and smile and say, kill 300 million of us, do us a
 favor.
   Kinda hard to deal with an enemy like that.
  
   At 18:01 4/25/02 -0400, you wrote:
  
  
   Is it really hard to believe that the Chinese government
 would actively
   fund
   cyberterrorism?
   
   Deepak Jain
   AiNET
  
  
  
 
  --
 
 --
  Joel Jaeggli   Academic User Services   [EMAIL PROTECTED]
  --PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D
 121E  --
In Dr. Johnson's famous dictionary patriotism is defined as the last
resort of the scoundrel.  With all due respect to an enlightened but
inferior lexicographer I beg to submit that it is the first.
 -- Ambrose Bierce, The Devil's Dictionary
 
 
 






BEGIN:VCARD
VERSION:2.1
N:Germann;Eric
FN:Eric Germann
ORG:CCTec
TEL;WORK;VOICE:(419) 968-2640
TEL;WORK;FAX:(603) 825-5893
ADR;WORK:;;17780 Middle Point Road;Van Wert;OH;45891;United States of America
LABEL;WORK;ENCODING=QUOTED-PRINTABLE:17780 Middle Point Road=0D=0AVan Wert, OH 45891=0D=0AUnited States of Americ=
a
URL:
URL:http://www.cctec.com
EMAIL;PREF;INTERNET:[EMAIL PROTECTED]
REV:20010529T013421Z
END:VCARD

RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.

[Johannes B. Ullrich]

First of all: Does it matter if the Chinese Govt' is launching the attack
or the kid next door?

Personally, I would think if the Chinese Govt' has any sense at all, they
surely look into cyberwar. Which respectable government doesn't ?

In my opinion the real problem/story is the uphauling state of internet
security. I am running DShield.org and regularly try to talk to people
that show up as 'top attackers' in our list personally on the phone. 
Just a quote from a guy that identified himself as MIS Department for a 
public interest group (from memory, not word by word):

Me: I think your PC with the IP address xxx.xxx.xxx.xxx is infected
 with the Nimda virus and also used as an IRC proxy
MIS-Dept: Are there any more number to an IP address or is this it?

(later he kind of suspected that his boss's desktop may be infected. 
 It is still scanning nicely so far.)

Other identified Nimda infections included a little mortage broker/bank
and an office from a large tax preparation company.

And thats just Nimda, which is pretty much 'in your face' as it scans
quite actively. Don't get me started on all the home PCs used for botnet,
ircs proxies or whatever the backdoor d'jeur is.

I don't think a government effort will change anything. Somehow,
the 'net' has to find a mechanism to deal with this. The problem is
way too international. I am experimenting with a 'block list'
lately of netblocks that are very active scanners. 
(if anybody is interested: http://feeds.dshield.org/block.txt).
It kind of shows the problem. Next to the all-time favorite CN networks,
there is your usual mix of ATT Broadband, Chello NL, and two
german universities. 

 Anyway... How many systems are 'backdoored' at any time?
My personal guess is 1 out of 1000. maybe 5000.

 (and thats before I had my coffee).

-- 
---
[EMAIL PROTECTED] Join http://www.DShield.org
  Distributed Intrusion Detection System

KR assignments

[Peter Salus]

If you go to //ftp.arin.net/pub/stats,
you can pick up all three RIRs.  Then 
grep for KR in APNIC.

Voila!

Peter

Further UUNet problems

[mscramer]

UUNet is reporting a problematic OC12 in New York affecting multiple
clients, with no ETR.


Matt

-- 
Matthew S. Cramer [EMAIL PROTECTED]  Office: 717-396-5032
Lead Security Analyst   Fax:717-396-5590
Armstrong Information Technology Services   Pager:  717-305-3915
Armstrong World Industries, Inc.Cell:   717-917-7099

Re: North American: Train Derailment - West of Winnipeg

[Steve Gibbard]

On Fri, 26 Apr 2002, Sean Donelan wrote:

 From the other part of North America, and country hosting the
 next NANOG meeting.
 
 Fairly major Train Derailment East of Winnipeg.  Many Canadian carriers
 affected, (This is a major 360 condo build) although most have fiber route
 diversity.

I'm curious.  I think I've gone the last couple of months without hearing
about any train derailments, and then between news media reports and the
NANOG list I think I've heard of four this week.  A quick check of news
media websites didn't turn up anything on this one, but I may just not be
looking at the right sites.

Are train derailments common events that don't get much press coverage (or
maybe that don't get much coverage unless it's a passenger train), or was
this an especially bad week?

-Steve


Steve Gibbard   [EMAIL PROTECTED] 

Re: North American: Train Derailment - West of Winnipeg

[ben hubbard]

 Are train derailments common events that don't get much press coverage (or
 maybe that don't get much coverage unless it's a passenger train), or was
 this an especially bad week?

Certainly fiber along rail right of ways was easy to install - and as a result,
there's a lot of it, but trains tend to do a lot of damage when they go off track. I
would imagine there's less likelihood of such damage occurring along roadways or
other right-of-ways with the same amount of disruption is less?

And, in this age where less fiber is going in the ground, does that mean that train
derailments may become the new enemy #1, displacing the now idle backhoe's? ;)

RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.

[Rowland, Alan D]

No. What's hard to believe is that anyone would find that
surprising/newsworthy.

My last post on this OT subject. Really. I promise...

-Al

-Original Message-
From: Deepak Jain [mailto:[EMAIL PROTECTED]]
Sent: Thursday, April 25, 2002 3:02 PM
To: Steve Goldstein; Rowland, Alan D
Cc: [EMAIL PROTECTED]
Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.



Is it really hard to believe that the Chinese government would actively fund
cyberterrorism?

Deepak Jain
AiNET

-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
Steve Goldstein
Sent: Thursday, April 25, 2002 5:55 PM
To: Rowland, Alan D
Cc: [EMAIL PROTECTED]
Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.



Gosh, oh golly-gee, do you really think that they would do something
like that (planting a story)?

;-)

--Steve

At 7:16 AM -0700 4/25/02, Rowland, Alan  D wrote:

Someone in the CIA is looking for funding...

Just my 2¢.

-Al


--

Re: root zone file

[Bruce Robertson]

 http://www.superroot.net/downloads.html

Yeah, right.

--
Bruce Robertson, President/CEO   +1-775-348-7299
Great Basin Internet Services, Inc. fax: +1-775-348-9412
http://www.greatbasin.net

Re: root zone file

[William Warren]

whoops..my mistake..:)

Bruce Robertson wrote:

http://www.superroot.net/downloads.html


Yeah, right.

--
Bruce Robertson, President/CEO  +1-775-348-7299
Great Basin Internet Services, Inc.fax: +1-775-348-9412
http://www.greatbasin.net

Re: root zone file

[Simon Higgs]

At 05:04 PM 4/26/2002 -0400, you wrote:

Anyone know where I can obtain the latest and greatest?  I just tried
ftp.icann.org to no avail (host not found.) which is where I used to get
them.
Thanks in advance
Curtis

For the USG/ICANN/IANA legacy root, try here:
ftp://rs.internic.net/domain/named.ca

For the ORSC root, try here:
ftp://dns.vrx.net/pub/db.root
http://dns.vrx.net/tech/rootzone/db.root




Best Regards,

Simon

--
###

RE: root zone file

[Simon Higgs]

At 05:32 PM 4/26/2002 -0400, Matt Zito wrote:

Replacing the hints file with the top level zone speeds up lookups, and 
removes the burden from the root servers:

zone . {
   type master;
   file root.db;
};

However, the best way to do this is to AXFR the root zone off of the root 
servers (note this is the ORSC root configuration and *NOT* the ICANN root):

zone . {
 type slave;
 file root.db.slave;
 masters{199.166.24.12;
 216.13.126.116;
 199.166.28.10;
 204.80.125.130;
 195.117.6.25;
 199.166.31.3;
 199.166.31.250;
 199.5.157.128;
 204.57.55.100;
 213.196.2.97; };
};

Irrespective of whether you agree with the contents, this method is a very 
clean and efficient way to reduce the load on the root servers.

I really don't want to start any discussions about the relative merits of
the ICANN vs. ORSC vs. New.net vs. anything root zones, but I feel like I
need to mention that the main zones on this page are for the ORSC root
servers, not the ICANN ones.  The ICANN zone file at the bottom is the hints
file, not the root zone.

Thanks,
Matt


  -Original Message-
  From: William Warren [mailto:[EMAIL PROTECTED]]
  Sent: Friday, April 26, 2002 5:20 PM
  To: Curtis Maurand; nanog
  Subject: Re: root zone file
 
 
 
  Hope this helps
  http://www.superroot.net/downloads.html
 
  Curtis Maurand wrote:
 
  
  Anyone know where I can obtain the latest and greatest?  I just tried
  ftp.icann.org to no avail (host not found.) which is where I
  used to get
  them.
  Thanks in advance
  Curtis
  
  
  
 
 


Best Regards,

Simon

--
###

Re: If you were in a government Cyber-warning center

[Chris Kilbourn]

In the past few years on NANOG, I've noticed a strong correlation between
train derailments and network outages. (Not to discount the backhoe
correlation in any way of course...)

The question I have is this:

If fiber runs are trenched into the railbed, and we know that trains
go off of the tracks every now and then, what, if anything, is being
done to harden the conduit?

Would trenching it deeper help? Has encasing the conduit in a
steel-reinforced channel been examined? Or is there something about
laying conduit next to track and the accident modalities that I am
just missing here?

Given this week's higher frequency of rail accidents and their
attendant network disruptions, it seems like the cost/benefit of
looking at this issue might have shifted a bit.

I can only see these right-of-ways becoming increasingly valuable
over time and in our post 9/11 environment, this seems to be an
area that seems especially vulnerable.

Just curious...


At 5:26 PM -0400 4/26/02, Sean Donelan wrote:
On Fri, 26 Apr 2002, Steve Gibbard wrote:
 Are train derailments common events that don't get much press coverage (or
 maybe that don't get much coverage unless it's a passenger train), or was
 this an especially bad week?

According to federal records and news reports, train derailments are
up about 15% even if you take into account the growth in rail traffic.


Regards,

Chris Kilbourn
Founder
_
digital.forest Phone: +1-877-720-0483
where Internet solutions grow  Int'l: +1-425-483-0483
19515 North Creek ParkwayFax: +1-425-482-6871
Suite 208   http://www.forest.net
Bothell, WA 98011email: [EMAIL PROTECTED]

RE: Google doing regional preferencing on results?

[Randy Neals]

Google appears to have the capability to georeference their index by country
and possibly with even finer geographic granularity.

I noticed that they are now redirecting users to country specific versions
of their web page which appears to be done through the various IP address to
location tools.

Given that Google *seems to know* where the user is, and where the web pages
are, perhaps they are now including geographic relevance in the search
engine relevancy metrics.

Or maybe not! These are only my observations.
(I've also noticed that I have had more connection errors recently in
initially connecting to the google site and this coincidently started about
the time that we began being automatically redirected from the
www.google.com to www.google.ca)

-Randy

-Original Message-
From: Steve Goldstein [mailto:[EMAIL PROTECTED]]
Sent: April 26, 2002 12:52 PM
To: Avleen Vig
Cc: [EMAIL PROTECTED]
Subject: Re: Google doing regional preferencing on results?



**If** they cache and replicate, it could be that the caches are not 
always identical in different places.  If they are replicated, 
perhaps a replication cycle lagged in one of the two locations.

  --Steve

At 5:36 PM +0100 4/26/02, Avleen Vig wrote:
it gives you different
results depending on where in the world you search from.

Re: If you were in a government Cyber-warning center

[David Lesher]

Unnamed Administration sources reported that Chris Kilbourn said:
 
 
 In the past few years on NANOG, I've noticed a strong correlation between
 train derailments and network outages. (Not to discount the backhoe
 correlation in any way of course...)
 
 The question I have is this:
 
 If fiber runs are trenched into the railbed, and we know that trains
 go off of the tracks every now and then, what, if anything, is being
 done to harden the conduit?

Conduit? What's THAT ;-? Only exposed (bridge crossing, etc)
parts are in conduit.

 Would trenching it deeper help? Has encasing the conduit in a
 steel-reinforced channel been examined? Or is there something about
 laying conduit next to track and the accident modalities that I am
 just missing here?


A) There's limited right-of-way. Who are you already next to?
ATT? MCI? Sprint?

B) There's limited ACCESS to A). You either must shutdown the
rail line or follow a rigorous safety program to ensure you don't
have a piece of whatever sticking out across the track when that
train goes by.

C) How deep do you want it? ATT put their #5 TCC cable down 4';
no easy task. {But then, we paid for it...}. Will that help
when a locomotive lands on it? If it doesn't... it's much harder
to fix.

D) There's limited money.


-- 
A host is a host from coast to [EMAIL PROTECTED]
 no one will talk to a host that's close[v].(301) 56-LINUX
Unless the host (that isn't close).pob 1433
is busy, hung or dead20915-1433

Re: If you were in a government Cyber-warning center

[Joel Baker]

On Fri, Apr 26, 2002 at 08:42:21PM -0400, David Lesher wrote:
 
 C) How deep do you want it? ATT put their #5 TCC cable down 4';
 no easy task. {But then, we paid for it...}. Will that help
 when a locomotive lands on it? If it doesn't... it's much harder
 to fix.

The average locomotive is something above 100 tons. On anything but your
usual passenger service, it's common to see at least 2, and up to 4, units
on the front (often not all of them are in service or at full capacity).

It's also relatively boxy, nearly flat. Flip it over, cause the front bit
to go do into the dirt, and it will make a *lovely* plow. Anyone doubting
this should look at aerial footage from news crews after such an accident;
things often look like a road-scraper went by.

4' might be deep enough - and it might not, though I'd suspect that it will
be protected from most derailments. But, as noted above... 4' costs a lot
to accomplish.

If the cost of a derailment-induced outage is low (latency, rerouting, a
few minutes of problems while the system reacts), it probably costs a hell
of a lot less than burying that many miles of cable 4' deep. Even when you
run the averages. And 1' deep probably just isn't going to cut it, as it
were.
-- 
***
Joel Baker   System Administrator - lightbearer.com
[EMAIL PROTECTED]  http://users.lightbearer.com/lucifer/

Re: root zone file

[John R. Levine]

 Replacing the hints file with the top level zone speeds up lookups,
 and removes the burden from the root servers:

Only if you have an impressively broken DNS cache.  The entries in the
root zone (the real one) all have a TTL of 48 hours.  Within about the
first three seconds after you start your cache, it'll have data for
com, org, net, arpa, edu, and whatever other TLDs your users use, and
won't have to visit them again for two days.

I looked at the stats from my DNS cache and 12 TLDs account for 95% of
the lookups, with only 79 TLDs referenced at all.  There just isn't
much root zone data used.

I really don't want to start any discussions about the relative merits of
the ICANN vs. ORSC vs. New.net vs. anything root zones, ...

Uh huh.

-- 
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
[EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, 
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail

Re: Fwd: [ISN] Hackers exploit Korea to attack global systems

[John R. Levine]

Some foreign servers block access attempts whose origins are traced to
Korea, implying that the country's leadership in the broadband
Internet business may be marred by its negligence in upgrading lame
security protection systems, the center said.

No kidding.  Some of us have gotten so tired of spam from Korea, both
stuff relayed from the west and Korean-language spam promoting Korean
web sites, combined with the complete lack of response to all abuse
reports, that we've blocked all mail from Korean networks.

As an experiment, I set up an RBLish blocking list at
korea.services.net.  It lists all the APNIC space assigned to Korea (I
think, APNIC's records are sloppy) along with any ARIN space assigned
to Korea that's come to my attention due to being spammed from it.  It
blocks a lot of spam, with very little collateral damage for me since
despite having books in print in Korean in Korea, nobody ever writes
to me from there.

I've told people they can use it informally, and it now gets about 5
hits per second, up from 3 a few weeks ago.  The blocking message
points at a web page explaining why I'm blocking mail, with an
unblocked address to write to me, so I get about one message a week
from Korean sysadms saying I fixed my open relay, please unblock my
/32 now.  I write back and say it's not just them, their entire ISP
is blocked due to unresponsiveness.  I hope someday they'll clean up
their act enough to stop blocking them, but I'm not holding my breath.

Anyone's welcome to use it informally.  There's no SOA and no zone
transfers since it's running rbldns, not bind, but you can check
dig 3.0.0.127.korea.services.net to see how it works.


-- 
John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869
[EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, 
Member, Provisional board, Coalition Against Unsolicited Commercial E-mail

Re: Fwd: [ISN] Hackers exploit Korea to attack global systems

[Patrick]

On 26 Apr 2002, John R. Levine wrote:

 Some foreign servers block access attempts whose origins are traced to
 Korea, implying that the country's leadership in the broadband
 Internet business may be marred by its negligence in upgrading lame
 security protection systems, the center said.

 No kidding.  Some of us have gotten so tired of spam from Korea, both
 stuff relayed from the west and Korean-language spam promoting Korean
 web sites, combined with the complete lack of response to all abuse
 reports, that we've blocked all mail from Korean networks.

It extends beyond spam. We run a fairly high-volume website for a client
that has a members area. We have seen nothing but continuous DOS and password
scanning attempts against the site(on the order of several thousand per
second) from numerous points across Korean IP space to the point that
we've begun blackholing all of it as soon as these attacks begin(several a
day.)

Scary stuff.


/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
   Patrick Greenwell
 Asking the wrong questions is the leading cause of wrong answers
\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/

RE: If you were in a government Cyber-warning center

[Randy Neals]

Conduit? What's THAT ;-? Only exposed (bridge crossing, etc)
parts are in conduit.


Conduit is typically used along the entire length of most railway builds I
have seen.

Most recent railway builds have been multi conduit projects with up to 12 x
1.5 inch HDPE conduits plowed in by rail mounted cable plow. Your correct
that steel conduit is used at bridge crossing or other exposed locations.

I understand that when railway routes became popular some years ago for
telecom that some railway/telecom companies did some research to understand
where to place the cable with respect to the rail to minimize damage in a
derailment.

Apparently by placing the conduit 3-4' down and relatively close to the rail
(ie: 2-3' from the rail) the steel rail will act somewhat as a shield to
minimize exposure of the cable in a derailment. (ie: the car has to rip up
the trackage and move the dirt to get to the cable)

-Randy