Re: Selective DNS replies
[EMAIL PROTECTED] (Eric A. Hall) writes: Clayton Fiske wrote: [bind question] [bind answer] this is nanog, you probably want bind-users[-request]@isc.org.
MSNBC
According to Reuters, MSNBC web site was offline for two hours Thursday morning. http://story.news.yahoo.com/news?tmpl=storyu=/nm/20020425/wr_nm/tech_msnbc_outage_dc_1 A spokesman for the site ... confirmed that the site had crashed for two hours but said the causes were still being investigated. http://www.msnbc.com/news/743492.asp The Web news site experienced a SYN attack at 7:30 a.m. ET that caused its content to be unavailable to users, according to MSNBC.com's technical production staff.
EDFA
Hello, A bit off-topic and maybe stupid question: I was told yesterday, that a Hungarian telco/ISP is experimenting with EDFAs. My friend said that the box looks like if they just brought it from a research lab (however it's a commercial product). How common is it nowadays to use EDFAs in ISP backbones? Please reply me off-list. Thanks. Andras
Cable Wireless outage NYC 11:00 AM EDT
This was going to be a question, but now it's a statement. CW had an outage in NYC around 11:00 AM this morning. 11:40 EDT and things seem to be comming back. CW NOC was returning busy for about 10 minutes, then I was on hold for 1/2 hour, and they picked up just as traffic started flowing again. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Google doing regional preferencing on results?
**If** they cache and replicate, it could be that the caches are not always identical in different places. If they are replicated, perhaps a replication cycle lagged in one of the two locations. --Steve At 5:36 PM +0100 4/26/02, Avleen Vig wrote: it gives you different results depending on where in the world you search from.
North American: Train Derailment - West of Winnipeg
From the other part of North America, and country hosting the next NANOG meeting. Fairly major Train Derailment East of Winnipeg. Many Canadian carriers affected, (This is a major 360 condo build) although most have fiber route diversity.
RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
Only half tongue in cheek, does anyone know of a consise resource pointing out the netblocks allocated to .kr, etc so I can answer my own How do I configure my router for question that Randy will inevitably bring up? == Eric GermannCCTec [EMAIL PROTECTED] Van Wert OH 45801 http://www.cctec.comPh: 419 968 2640 Fax: 603 825 5893 The fact that there are actually ways of knowing and characterizing the extent of ones ignorance, while still remaining ignorant, may ultimately be more interesting and useful to people than Yarkovsky -- Jon Giorgini of NASAs Jet Propulsion Laboratory -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Deepak Jain Sent: Friday, April 26, 2002 2:43 PM To: todd glassey; Joel Jaeggli Cc: blitz; [EMAIL PROTECTED] Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S. I'm happy to take the blame for the real problem. Exactly what am I taking the blame for? Deepak Jain AiNET -Original Message- From: todd glassey [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 9:43 AM To: Joel Jaeggli; Deepak Jain Cc: blitz; [EMAIL PROTECTED] Subject: Re: CIA Warns of Chinese Plans for Cyber-Attacks on U.S. SNIP- We're off-topic, but I'd say that cyberterrorismis far less expensive to create than invasion or nuclear weapons. And they are much easier to stop. Just turn off the routers such that China is its own sealed-in infrastructure. But if its China's money you are after then you will have to build something akin to a demarcation gateway between China and the rest of the world and then who cares what is done inside China. Or you will ultimately be held liable for your custiomer's attacks against the rest of the world... You operators still dont seem to get that YOU are the real problem here. Todd Glassey Deepak Jain AiNET -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of blitz Sent: Thursday, April 25, 2002 6:33 PM To: [EMAIL PROTECTED] Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S. I put nothing past them, of course theyre not alone, as we all must assume by now. Theyve threatened to nuke LA if we interfere with their plans to take Tiawan by force, and smile and say, kill 300 million of us, do us a favor. Kinda hard to deal with an enemy like that. At 18:01 4/25/02 -0400, you wrote: Is it really hard to believe that the Chinese government would actively fund cyberterrorism? Deepak Jain AiNET -- -- Joel Jaeggli Academic User Services [EMAIL PROTECTED] --PGP Key Fingerprint: 1DE9 8FCA 51FB 4195 B42A 9C32 A30D 121E -- In Dr. Johnson's famous dictionary patriotism is defined as the last resort of the scoundrel. With all due respect to an enlightened but inferior lexicographer I beg to submit that it is the first. -- Ambrose Bierce, The Devil's Dictionary BEGIN:VCARD VERSION:2.1 N:Germann;Eric FN:Eric Germann ORG:CCTec TEL;WORK;VOICE:(419) 968-2640 TEL;WORK;FAX:(603) 825-5893 ADR;WORK:;;17780 Middle Point Road;Van Wert;OH;45891;United States of America LABEL;WORK;ENCODING=QUOTED-PRINTABLE:17780 Middle Point Road=0D=0AVan Wert, OH 45891=0D=0AUnited States of Americ= a URL: URL:http://www.cctec.com EMAIL;PREF;INTERNET:[EMAIL PROTECTED] REV:20010529T013421Z END:VCARD
RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
First of all: Does it matter if the Chinese Govt' is launching the attack or the kid next door? Personally, I would think if the Chinese Govt' has any sense at all, they surely look into cyberwar. Which respectable government doesn't ? In my opinion the real problem/story is the uphauling state of internet security. I am running DShield.org and regularly try to talk to people that show up as 'top attackers' in our list personally on the phone. Just a quote from a guy that identified himself as MIS Department for a public interest group (from memory, not word by word): Me: I think your PC with the IP address xxx.xxx.xxx.xxx is infected with the Nimda virus and also used as an IRC proxy MIS-Dept: Are there any more number to an IP address or is this it? (later he kind of suspected that his boss's desktop may be infected. It is still scanning nicely so far.) Other identified Nimda infections included a little mortage broker/bank and an office from a large tax preparation company. And thats just Nimda, which is pretty much 'in your face' as it scans quite actively. Don't get me started on all the home PCs used for botnet, ircs proxies or whatever the backdoor d'jeur is. I don't think a government effort will change anything. Somehow, the 'net' has to find a mechanism to deal with this. The problem is way too international. I am experimenting with a 'block list' lately of netblocks that are very active scanners. (if anybody is interested: http://feeds.dshield.org/block.txt). It kind of shows the problem. Next to the all-time favorite CN networks, there is your usual mix of ATT Broadband, Chello NL, and two german universities. Anyway... How many systems are 'backdoored' at any time? My personal guess is 1 out of 1000. maybe 5000. (and thats before I had my coffee). -- --- [EMAIL PROTECTED] Join http://www.DShield.org Distributed Intrusion Detection System
KR assignments
If you go to //ftp.arin.net/pub/stats, you can pick up all three RIRs. Then grep for KR in APNIC. Voila! Peter
Further UUNet problems
UUNet is reporting a problematic OC12 in New York affecting multiple clients, with no ETR. Matt -- Matthew S. Cramer [EMAIL PROTECTED] Office: 717-396-5032 Lead Security Analyst Fax:717-396-5590 Armstrong Information Technology Services Pager: 717-305-3915 Armstrong World Industries, Inc.Cell: 717-917-7099
Re: North American: Train Derailment - West of Winnipeg
On Fri, 26 Apr 2002, Sean Donelan wrote: From the other part of North America, and country hosting the next NANOG meeting. Fairly major Train Derailment East of Winnipeg. Many Canadian carriers affected, (This is a major 360 condo build) although most have fiber route diversity. I'm curious. I think I've gone the last couple of months without hearing about any train derailments, and then between news media reports and the NANOG list I think I've heard of four this week. A quick check of news media websites didn't turn up anything on this one, but I may just not be looking at the right sites. Are train derailments common events that don't get much press coverage (or maybe that don't get much coverage unless it's a passenger train), or was this an especially bad week? -Steve Steve Gibbard [EMAIL PROTECTED]
Re: North American: Train Derailment - West of Winnipeg
Are train derailments common events that don't get much press coverage (or maybe that don't get much coverage unless it's a passenger train), or was this an especially bad week? Certainly fiber along rail right of ways was easy to install - and as a result, there's a lot of it, but trains tend to do a lot of damage when they go off track. I would imagine there's less likelihood of such damage occurring along roadways or other right-of-ways with the same amount of disruption is less? And, in this age where less fiber is going in the ground, does that mean that train derailments may become the new enemy #1, displacing the now idle backhoe's? ;)
RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S.
No. What's hard to believe is that anyone would find that surprising/newsworthy. My last post on this OT subject. Really. I promise... -Al -Original Message- From: Deepak Jain [mailto:[EMAIL PROTECTED]] Sent: Thursday, April 25, 2002 3:02 PM To: Steve Goldstein; Rowland, Alan D Cc: [EMAIL PROTECTED] Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S. Is it really hard to believe that the Chinese government would actively fund cyberterrorism? Deepak Jain AiNET -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Steve Goldstein Sent: Thursday, April 25, 2002 5:55 PM To: Rowland, Alan D Cc: [EMAIL PROTECTED] Subject: RE: CIA Warns of Chinese Plans for Cyber-Attacks on U.S. Gosh, oh golly-gee, do you really think that they would do something like that (planting a story)? ;-) --Steve At 7:16 AM -0700 4/25/02, Rowland, Alan D wrote: Someone in the CIA is looking for funding... Just my 2¢. -Al --
Re: root zone file
http://www.superroot.net/downloads.html Yeah, right. -- Bruce Robertson, President/CEO +1-775-348-7299 Great Basin Internet Services, Inc. fax: +1-775-348-9412 http://www.greatbasin.net
Re: root zone file
whoops..my mistake..:) Bruce Robertson wrote: http://www.superroot.net/downloads.html Yeah, right. -- Bruce Robertson, President/CEO +1-775-348-7299 Great Basin Internet Services, Inc.fax: +1-775-348-9412 http://www.greatbasin.net
Re: root zone file
At 05:04 PM 4/26/2002 -0400, you wrote: Anyone know where I can obtain the latest and greatest? I just tried ftp.icann.org to no avail (host not found.) which is where I used to get them. Thanks in advance Curtis For the USG/ICANN/IANA legacy root, try here: ftp://rs.internic.net/domain/named.ca For the ORSC root, try here: ftp://dns.vrx.net/pub/db.root http://dns.vrx.net/tech/rootzone/db.root Best Regards, Simon -- ###
RE: root zone file
At 05:32 PM 4/26/2002 -0400, Matt Zito wrote: Replacing the hints file with the top level zone speeds up lookups, and removes the burden from the root servers: zone . { type master; file root.db; }; However, the best way to do this is to AXFR the root zone off of the root servers (note this is the ORSC root configuration and *NOT* the ICANN root): zone . { type slave; file root.db.slave; masters{199.166.24.12; 216.13.126.116; 199.166.28.10; 204.80.125.130; 195.117.6.25; 199.166.31.3; 199.166.31.250; 199.5.157.128; 204.57.55.100; 213.196.2.97; }; }; Irrespective of whether you agree with the contents, this method is a very clean and efficient way to reduce the load on the root servers. I really don't want to start any discussions about the relative merits of the ICANN vs. ORSC vs. New.net vs. anything root zones, but I feel like I need to mention that the main zones on this page are for the ORSC root servers, not the ICANN ones. The ICANN zone file at the bottom is the hints file, not the root zone. Thanks, Matt -Original Message- From: William Warren [mailto:[EMAIL PROTECTED]] Sent: Friday, April 26, 2002 5:20 PM To: Curtis Maurand; nanog Subject: Re: root zone file Hope this helps http://www.superroot.net/downloads.html Curtis Maurand wrote: Anyone know where I can obtain the latest and greatest? I just tried ftp.icann.org to no avail (host not found.) which is where I used to get them. Thanks in advance Curtis Best Regards, Simon -- ###
Re: If you were in a government Cyber-warning center
In the past few years on NANOG, I've noticed a strong correlation between train derailments and network outages. (Not to discount the backhoe correlation in any way of course...) The question I have is this: If fiber runs are trenched into the railbed, and we know that trains go off of the tracks every now and then, what, if anything, is being done to harden the conduit? Would trenching it deeper help? Has encasing the conduit in a steel-reinforced channel been examined? Or is there something about laying conduit next to track and the accident modalities that I am just missing here? Given this week's higher frequency of rail accidents and their attendant network disruptions, it seems like the cost/benefit of looking at this issue might have shifted a bit. I can only see these right-of-ways becoming increasingly valuable over time and in our post 9/11 environment, this seems to be an area that seems especially vulnerable. Just curious... At 5:26 PM -0400 4/26/02, Sean Donelan wrote: On Fri, 26 Apr 2002, Steve Gibbard wrote: Are train derailments common events that don't get much press coverage (or maybe that don't get much coverage unless it's a passenger train), or was this an especially bad week? According to federal records and news reports, train derailments are up about 15% even if you take into account the growth in rail traffic. Regards, Chris Kilbourn Founder _ digital.forest Phone: +1-877-720-0483 where Internet solutions grow Int'l: +1-425-483-0483 19515 North Creek ParkwayFax: +1-425-482-6871 Suite 208 http://www.forest.net Bothell, WA 98011email: [EMAIL PROTECTED]
RE: Google doing regional preferencing on results?
Google appears to have the capability to georeference their index by country and possibly with even finer geographic granularity. I noticed that they are now redirecting users to country specific versions of their web page which appears to be done through the various IP address to location tools. Given that Google *seems to know* where the user is, and where the web pages are, perhaps they are now including geographic relevance in the search engine relevancy metrics. Or maybe not! These are only my observations. (I've also noticed that I have had more connection errors recently in initially connecting to the google site and this coincidently started about the time that we began being automatically redirected from the www.google.com to www.google.ca) -Randy -Original Message- From: Steve Goldstein [mailto:[EMAIL PROTECTED]] Sent: April 26, 2002 12:52 PM To: Avleen Vig Cc: [EMAIL PROTECTED] Subject: Re: Google doing regional preferencing on results? **If** they cache and replicate, it could be that the caches are not always identical in different places. If they are replicated, perhaps a replication cycle lagged in one of the two locations. --Steve At 5:36 PM +0100 4/26/02, Avleen Vig wrote: it gives you different results depending on where in the world you search from.
Re: If you were in a government Cyber-warning center
Unnamed Administration sources reported that Chris Kilbourn said: In the past few years on NANOG, I've noticed a strong correlation between train derailments and network outages. (Not to discount the backhoe correlation in any way of course...) The question I have is this: If fiber runs are trenched into the railbed, and we know that trains go off of the tracks every now and then, what, if anything, is being done to harden the conduit? Conduit? What's THAT ;-? Only exposed (bridge crossing, etc) parts are in conduit. Would trenching it deeper help? Has encasing the conduit in a steel-reinforced channel been examined? Or is there something about laying conduit next to track and the accident modalities that I am just missing here? A) There's limited right-of-way. Who are you already next to? ATT? MCI? Sprint? B) There's limited ACCESS to A). You either must shutdown the rail line or follow a rigorous safety program to ensure you don't have a piece of whatever sticking out across the track when that train goes by. C) How deep do you want it? ATT put their #5 TCC cable down 4'; no easy task. {But then, we paid for it...}. Will that help when a locomotive lands on it? If it doesn't... it's much harder to fix. D) There's limited money. -- A host is a host from coast to [EMAIL PROTECTED] no one will talk to a host that's close[v].(301) 56-LINUX Unless the host (that isn't close).pob 1433 is busy, hung or dead20915-1433
Re: If you were in a government Cyber-warning center
On Fri, Apr 26, 2002 at 08:42:21PM -0400, David Lesher wrote: C) How deep do you want it? ATT put their #5 TCC cable down 4'; no easy task. {But then, we paid for it...}. Will that help when a locomotive lands on it? If it doesn't... it's much harder to fix. The average locomotive is something above 100 tons. On anything but your usual passenger service, it's common to see at least 2, and up to 4, units on the front (often not all of them are in service or at full capacity). It's also relatively boxy, nearly flat. Flip it over, cause the front bit to go do into the dirt, and it will make a *lovely* plow. Anyone doubting this should look at aerial footage from news crews after such an accident; things often look like a road-scraper went by. 4' might be deep enough - and it might not, though I'd suspect that it will be protected from most derailments. But, as noted above... 4' costs a lot to accomplish. If the cost of a derailment-induced outage is low (latency, rerouting, a few minutes of problems while the system reacts), it probably costs a hell of a lot less than burying that many miles of cable 4' deep. Even when you run the averages. And 1' deep probably just isn't going to cut it, as it were. -- *** Joel Baker System Administrator - lightbearer.com [EMAIL PROTECTED] http://users.lightbearer.com/lucifer/
Re: root zone file
Replacing the hints file with the top level zone speeds up lookups, and removes the burden from the root servers: Only if you have an impressively broken DNS cache. The entries in the root zone (the real one) all have a TTL of 48 hours. Within about the first three seconds after you start your cache, it'll have data for com, org, net, arpa, edu, and whatever other TLDs your users use, and won't have to visit them again for two days. I looked at the stats from my DNS cache and 12 TLDs account for 95% of the lookups, with only 79 TLDs referenced at all. There just isn't much root zone data used. I really don't want to start any discussions about the relative merits of the ICANN vs. ORSC vs. New.net vs. anything root zones, ... Uh huh. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
Re: Fwd: [ISN] Hackers exploit Korea to attack global systems
Some foreign servers block access attempts whose origins are traced to Korea, implying that the country's leadership in the broadband Internet business may be marred by its negligence in upgrading lame security protection systems, the center said. No kidding. Some of us have gotten so tired of spam from Korea, both stuff relayed from the west and Korean-language spam promoting Korean web sites, combined with the complete lack of response to all abuse reports, that we've blocked all mail from Korean networks. As an experiment, I set up an RBLish blocking list at korea.services.net. It lists all the APNIC space assigned to Korea (I think, APNIC's records are sloppy) along with any ARIN space assigned to Korea that's come to my attention due to being spammed from it. It blocks a lot of spam, with very little collateral damage for me since despite having books in print in Korean in Korea, nobody ever writes to me from there. I've told people they can use it informally, and it now gets about 5 hits per second, up from 3 a few weeks ago. The blocking message points at a web page explaining why I'm blocking mail, with an unblocked address to write to me, so I get about one message a week from Korean sysadms saying I fixed my open relay, please unblock my /32 now. I write back and say it's not just them, their entire ISP is blocked due to unresponsiveness. I hope someday they'll clean up their act enough to stop blocking them, but I'm not holding my breath. Anyone's welcome to use it informally. There's no SOA and no zone transfers since it's running rbldns, not bind, but you can check dig 3.0.0.127.korea.services.net to see how it works. -- John R. Levine, IECC, POB 727, Trumansburg NY 14886 +1 607 387 6869 [EMAIL PROTECTED], Village Trustee and Sewer Commissioner, http://iecc.com/johnl, Member, Provisional board, Coalition Against Unsolicited Commercial E-mail
Re: Fwd: [ISN] Hackers exploit Korea to attack global systems
On 26 Apr 2002, John R. Levine wrote: Some foreign servers block access attempts whose origins are traced to Korea, implying that the country's leadership in the broadband Internet business may be marred by its negligence in upgrading lame security protection systems, the center said. No kidding. Some of us have gotten so tired of spam from Korea, both stuff relayed from the west and Korean-language spam promoting Korean web sites, combined with the complete lack of response to all abuse reports, that we've blocked all mail from Korean networks. It extends beyond spam. We run a fairly high-volume website for a client that has a members area. We have seen nothing but continuous DOS and password scanning attempts against the site(on the order of several thousand per second) from numerous points across Korean IP space to the point that we've begun blackholing all of it as soon as these attacks begin(several a day.) Scary stuff. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Asking the wrong questions is the leading cause of wrong answers \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
RE: If you were in a government Cyber-warning center
Conduit? What's THAT ;-? Only exposed (bridge crossing, etc) parts are in conduit. Conduit is typically used along the entire length of most railway builds I have seen. Most recent railway builds have been multi conduit projects with up to 12 x 1.5 inch HDPE conduits plowed in by rail mounted cable plow. Your correct that steel conduit is used at bridge crossing or other exposed locations. I understand that when railway routes became popular some years ago for telecom that some railway/telecom companies did some research to understand where to place the cable with respect to the rail to minimize damage in a derailment. Apparently by placing the conduit 3-4' down and relatively close to the rail (ie: 2-3' from the rail) the steel rail will act somewhat as a shield to minimize exposure of the cable in a derailment. (ie: the car has to rip up the trackage and move the dirt to get to the cable) -Randy