Re: ASN registry?
-BEGIN PGP SIGNED MESSAGE- try radb . they mirror: $ whois [EMAIL PROTECTED] [whois.radb.net] aut-num: AS1221 as-name: TELSTRA-AS descr: TELSTRA-AS admin-c: GIH105 tech-c:DW187 notify:[EMAIL PROTECTED] mnt-by:MAINT-AS1221 changed: [EMAIL PROTECTED] 19990506 source:RADB aut-num: AS1221 as-name: ASN-TELSTRA descr:Telstra Pty Ltd descr:Locked Bag No. 5744 descr:GPO, Canberra, ACT, 2601 country: AU admin-c: GH105-AP tech-c: DW187-AP remarks: AS assigned by the former InterNIC mnt-by: MAINT-AS1221 changed: [EMAIL PROTECTED] 2131 source: APIRR On Mon, 19 Aug 2002, Ralph Doncaster wrote: I've always used whois.arin.net to check ASN registrations, and until now it's always had information on those that I've checked. It doesn't have anything for 1221, which according to route-views.oregon-ix.net is Telstra. Is there a single complete database that has ASN assignment info? Ralph Doncaster principal, IStop.com -BEGIN PGP SIGNATURE- Version: PGPfreeware 5.0i for non-commercial use Charset: noconv iQB1AwUBPWIKklwK6AZ3LKU5AQHLZwMAmgW44X+fMGoxY+pE/msBylgSxUDRGxHC NOgYJfmF9LpR68PiH+90++pxP10GW8WCk12IgMEYu5f+Xmt6b2MUvT0yI7RZqfCa pRFj9Y/lnXzSPFj2g1m3Ahout9VzvPgk =clJQ -END PGP SIGNATURE-
Re: ASN registry?
At 10:45 AM +1000 20/8/02, Philip Smith wrote: Note that the delegation records for some of the ASNs assigned before APNIC and the RIPE NCC existed have been moved to the latter databases. Telstra is but one example. (I agree it might be more helpful if a query on whois.arin.net displayed a message saying go look at whois.apnic.net rather than saying No match.) AS1851 is correctly redirected so I suspect that someone at ARIN just forgot the pointer for AS1221. Mark.
Re: Unrecognised packets
Q.931 is built into H.323 (a VOIP call control protocol). Bellhead standards are weird. Hope this helps... --vadim On Tue, 20 Aug 2002, cw wrote: I'm not familiar with all the protocols involved, so if my searches are correct Q.931 is an ISDN control protocol. This is odd because this is coming over a lan and neither machines have any ISDN hardware or software.
Re: Unrecognised packets
On Tue, 20 Aug 2002 05:09:30 -0700 (PDT), Vadim Antonov wrote: Q.931 is built into H.323 (a VOIP call control protocol). Bellhead standards are weird. Hope this helps... It might do you see my work involves H.323 based services, however my laptop does not take any part in that and has no relevant software installed. My desktop machine does have a variety of voip equipment and software but none was activated at the time and the packets were all laptop desktop.
RE: Sniffers/Analysers
For the list archives, this seems to be a moderately objective approach to that question: http://www.networkuptime.com/columns/guide/index.html -BM -Original Message- From: Dr. Mosh [mailto:[EMAIL PROTECTED]] Sent: Monday, August 19, 2002 6:29 PM To: [EMAIL PROTECTED] Subject: Sniffers/Analysers Anyone have recommendations for LAN analysers? (besides building a box and using tcpdump) Personal experiences, recommendations, etc...? Private reply works. Thanks -- -- http://www.zeromemory.com - metal for your ears.
RE: Unrecognised packets
cw, i think the frame 5 was just misinterpreted by ethereal (probably it found some initial byte sequence that made it consider the frame this way). if you go through the decode you'll find out that the data contained in the (claimed) 'q.931' part is something really far from q.931 - most of the elements are unknown, with some weird data. just a wrong decoding teplate applied, possibly one that'd be used for decoding h.225 frames (but h.225 runs on different tcp port than 1199) hope this helps deejay -- Tomas Daniska systems engineer Tronet Computer Networks Plynarenska 5, 829 75 Bratislava, Slovakia tel: +421 2 58224111, fax: +421 2 58224199 A transistor protected by a fast-acting fuse will protect the fuse by blowing first. -Original Message- From: cw [mailto:[EMAIL PROTECTED]] Sent: 20. augusta 2002 12:48 To: [EMAIL PROTECTED] Subject: Unrecognised packets Hi there folks, sorry if you're on the securityfocus incidents list and have received another version of this but as this has protocol info I thought I might ask here. Background: Friday 9th I noticed my laptop running slowly and unstable. I assumed that applying SP3 had broken it so I reinstalled. Tue 13th I noticed logs in the firewall of my desktop which showed a prolonged scan of ports 5-50099 on my desktop machine. The scan had originated from the ip of my laptop. After a bit of thinking, I remember my desktop firewall complaining about some other packets at the time. IIRC there were packets from my laptop set at ip protocol 60 hitting my desktop. I also remember some packets set at ip protocol 0 coming from external ip addresses (not of our network). I was busy with work at the time so I blocked the packets and subsequently forgot about them. Due to my wiping the laptop before noticing the firewall logs I was unable to figure out what had happened. The thing is, now I'm starting to see some activity I'm not expecting again. Prior to last week I was running Win2K on it with SP2 (upgraded to SP3 around the same time). When I reinstalled I put WinXP on. The laptop has been running Kerio as a firewall with as many services as possible turned off. Today my firewall has picked up another packet from my laptop that was ip protocol 60 (not port 60 but protocol 60). After spotting this I loaded up ethereal and started capturing. aa.bb.cc.dd = laptop ip dd.cc.bb.aa = desktop ip I'm not familiar with all the protocols involved, so if my searches are correct Q.931 is an ISDN control protocol. This is odd because this is coming over a lan and neither machines have any ISDN hardware or software. Secondly there is the IP packets with a header length of 0. I'm not sure if these are related but the reason I include them is because the source MAC addresses are only a slight variation on that of my laptop. That is my laptop starts 00:50 whilst these packets start 45:00. The rest is the same. All these packets were captured using the host aa.bb.cc.dd (where aa.bb.cc.dd eq laptop ip) filter (details in attachment). If anyone can advise me on the purpose of these packets I would appreciate it as to the best of my knowledge they have no valid purpose. Cheers.
Fall NANOG - held jointly with ARIN
* * * * * * * * * * * * * * * * * CALL FOR PRESENTATIONS NANOG 26 GENERAL SESSION TUTORIALS SPECIAL RESEARCH/OPERATIONS FORUM October 27-29, 2002 * * * * * * * * * * * * * * * * * The North American Network Operators' Group (NANOG) will hold its 26th meeting October 27-29, 2002, in Eugene, Oregon. The meeting will be hosted by the University of Oregon and Sprint. Registration opens September 4. NANOG 26 is a special occasion - the first joint meeting with ARIN, the American Registry for Internet Numbers. ARIN manages IP numbers for North and South America, the Caribbean, and sub-Saharan Africa. NANOG will meet as usual from Sunday to Tuesday, and ARIN from Wednesday to Friday, Oct. 30 - Nov. 1. NANOG conferences provide a forum for the coordination and dissemination of technical information related to large-scale (i.e., national/international) Internet backbone networking technologies and operational practices. Meetings are held three times each year, and include two days of short presentations, plus afternoon/evening tutorial sessions and special forums. The meetings are informal, with an emphasis on relevance to current backbone engineering practices. NANOG conferences draw over 500 participants, mainly consisting of engineering staff from national service providers, and members of the research and education community. The meeting will be held at the Hilton Eugene and Conference Center. For more information about NANOG meetings, schedules, and logistics, see: http://www.nanog.org -- CALL FOR PRESENTATIONS NANOG invites presentations on backbone engineering, coordination, and research topics. Presentations should highlight issues relating to technology already deployed or soon to be deployed in core Internet backbones and exchange points. Previous meetings have included presentations on: - Backbone traffic engineering - Inter-provider security and routing protocol authentication - Routing scalability in backbone infrastructures - Security issues for the Internet core - Routing policy specification and backbone router configuration - Building large-scale measurement infrastructure - Cooperative inter-provider caching - Alternatives to hot-potato routing - Recommendations on queue management and congestion avoidance - Experience with differentiated services - Inter-domain multicast deployment - Backbone network failure analysis Tutorials have covered topics such as: - IP traffic management - BGP multihoming guide - ISP security: real world techniques - IP multicast technologies The special research/operations forum offers researchers a short time slot to present ongoing work for evaluation and feedback from the operations community. Topics include routing, network performance, statistical invited to participate. -- HOW TO PRESENT Submit a detailed abstract or outline describing the presentation in email to [EMAIL PROTECTED] The deadline for proposals is September 16, 2002. While the majority of speaking slots will be filled by September 16, a limited number of slots will be available after that date for topics that are exceptionally timely and important. Submissions will be reviewed by the NANOG Program Committee, and presenters will be notified of acceptance by September 30, 2002. NANOG also welcomes suggestions/recommendations for tutorials, panels and other presentation topics. ---
Equinix Smart Hands Service
Does any one else out there think smart hands at Equinix is a rip off? I can send a package over night to the IBX for less than what it costs to move it from the mailroom to my cage. Just curious _ Join the worlds largest e-mail service with MSN Hotmail. http://www.hotmail.com
Re: your mail
On Tue, 20 Aug 2002, Ali Jackson wrote: Does any one else out there think smart hands at Equinix is a rip off? I can send a package over night to the IBX for less than what it costs to move it from the mailroom to my cage. Just curious Uh, yes. Equinix is a rip off in general. I got kicked out of Chicago using the side door. I was sick of the stupid man trap crap and noticed they had a door that was propped open in the back that leads outside. It was much easier to back the truck up there and go in and out. The whole thing is a joke, they spent a lot of cash to look good, but there is very little substance. Nathan Stratton nathan at robotics.net http://www.robotics.net
Re: your mail
Yes. Equinix security, while it looks very tough, is very easy to social engineer. Too much fluff, need more stuff. On Tue, 20 Aug 2002, Nathan Stratton wrote: On Tue, 20 Aug 2002, Ali Jackson wrote: Does any one else out there think smart hands at Equinix is a rip off? I can send a package over night to the IBX for less than what it costs to move it from the mailroom to my cage. Just curious Uh, yes. Equinix is a rip off in general. I got kicked out of Chicago using the side door. I was sick of the stupid man trap crap and noticed they had a door that was propped open in the back that leads outside. It was much easier to back the truck up there and go in and out. The whole thing is a joke, they spent a lot of cash to look good, but there is very little substance. Nathan Stratton nathan at robotics.net http://www.robotics.net -- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben -- --Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
RE: your mail
I think that getting caught is a good indication that they take the security of the facility seriously. Some places will ban you forever if you violate their policies. The mantrap thing is there for a reason. People are always free to build out their own spaces however they wish. If you don't like their policies, don't colo there. Build your own. I like their approach of controlling access very tightly. Overkill is definitely better than underkill. My experience is that a lot of security measures that appear ridiculous or redundant actually act as a defense-in-depth strategy. Their practice of requiring a guard to leave the control booth to allow someone in instead of using a buzzer may seem stupid but serves an important but not entirely well-publicized purpose. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Paul Vixie Sent: Tuesday, August 20, 2002 2:54 PM To: [EMAIL PROTECTED] Subject: Re: your mail [EMAIL PROTECTED] (Nathan Stratton) writes: Uh, yes. Equinix is a rip off in general. I got kicked out of Chicago using the side door. I was sick of the stupid man trap crap and noticed they had a door that was propped open in the back that leads outside. It was much easier to back the truck up there and go in and out. The whole thing is a joke, they spent a lot of cash to look good, but there is very little substance. nevertheless PAIX hasn't made it to chicago yet, and equinix is quite a bit more neutral than a normal abovenet/exodus/att/qwest/ibm/uunet hosting center would be, and that makes them the only game in that town. i recommend that you work hard at helping them fix whatever it is they're doing wrong. think of your work in that regard as a public service. -- Paul Vixie
Re: your mail
There is no perfect location. Any common location has a certain level of insecurity. Im sure u could sneak in a squeeze bottle and spray equipment also. The point is, it is a relatively secure location, short of building your own facility or blding and manning it. Even many military installations are open to social engineering. Paul is absolutely right, as a good engineer and customer, put your suggestions in the suggestion box. Or access one of their people on the list. I think Bill Norton is easy to reach by email and so is their CTO. Dave At 18:54 + 8/20/02, Paul Vixie wrote: [EMAIL PROTECTED] (Nathan Stratton) writes: Uh, yes. Equinix is a rip off in general. I got kicked out of Chicago using the side door. I was sick of the stupid man trap crap and noticed they had a door that was propped open in the back that leads outside. It was much easier to back the truck up there and go in and out. The whole thing is a joke, they spent a lot of cash to look good, but there is very little substance. nevertheless PAIX hasn't made it to chicago yet, and equinix is quite a bit more neutral than a normal abovenet/exodus/att/qwest/ibm/uunet hosting center would be, and that makes them the only game in that town. i recommend that you work hard at helping them fix whatever it is they're doing wrong. think of your work in that regard as a public service. -- Paul Vixie -- David Diaz [EMAIL PROTECTED] [Email] [EMAIL PROTECTED] [Pager] Smotons (Smart Photons) trump dumb photons
RE: your mail
Equinix has show considerable interest in catering to the carrier market, and has always been very customer service oriented. Their security is generally good, and their security managers take the sort of stuff you are talking about very seriously. I have no doubt that they would take some serious action if told about a propped door. Their technical folks (Louie, Lane, etc) are sharp, and their helping hands is far above the level found at most carrier colos. In addition, they have folks like Bill Norton and Jay Adelson, folks with real service provider experience, who provide perspective to their ops folks, and who actively promote things that are good for the internet community like peering. Their Gigabit Peering Forums are at least as useful as NANOGs, sometimes quite a bit better. If you are looking for more basic, non-carrier neutral colo, it's out there - it might even be cheaper, in the very short run. However, getting lots of space in, say, Worldcom colos, may sound like a good deal, but it can cost you dearly in the long run, with incompetent or non-existing remote hands, dealing with very bad customer service, or bad security. - Daniel Golding Paul Vixie wrote [EMAIL PROTECTED] (Nathan Stratton) writes: Uh, yes. Equinix is a rip off in general. I got kicked out of Chicago using the side door. I was sick of the stupid man trap crap and noticed they had a door that was propped open in the back that leads outside. It was much easier to back the truck up there and go in and out. The whole thing is a joke, they spent a lot of cash to look good, but there is very little substance. nevertheless PAIX hasn't made it to chicago yet, and equinix is quite a bit more neutral than a normal abovenet/exodus/att/qwest/ibm/uunet hosting center would be, and that makes them the only game in that town. i recommend that you work hard at helping them fix whatever it is they're doing wrong. think of your work in that regard as a public service. -- Paul Vixie
Re: your mail
On Tue, Aug 20, 2002 at 03:08:22PM -0400, N. Richard Solis wrote: I think that getting caught is a good indication that they take the security of the facility seriously. Which is clearly exhibited by them leaving a side door propped open, or not checking or securing this door earlier --msa
Re: your mail
On Tue, Aug 20, 2002 at 02:07:49PM -0400, Nathan Stratton wrote: On Tue, 20 Aug 2002, Ali Jackson wrote: Does any one else out there think smart hands at Equinix is a rip off? I can send a package over night to the IBX for less than what it costs to move it from the mailroom to my cage. Just curious Uh, yes. Equinix is a rip off in general. I got kicked out of Chicago using the side door. I was sick of the stupid man trap crap and noticed they had a door that was propped open in the back that leads outside. It was much easier to back the truck up there and go in and out. The whole thing is a joke, they spent a lot of cash to look good, but there is very little substance. Did you try just asking if you could pull up to the loading dock? I can only speak to SJC and IAD, but since Equinix in Chicago is in the ghetto (how many blocks is it from the projects? :P) you would think it would have decent physical security. Yes if you get creative enough you can start talking about fake IDs and drugging someone and taking molds of their hands, but compared to the joke of most colo security it covers the areas where you could reasonably expect to see attacks. Personally I'm more concerned about quick and hassle free access than having to deal with a guard following me around the entire time. But I'm sure none of this matters to you, because you probably couldn't fight your urge to test the security, then got upset when they booted you for it, am I right? As for being a rip off, I suggest you price other carrier neutral colo and then come back with that. And no I don't have any vested interest in Equinix, I've even had my own bad experiences with their security (which were delt with promptly). But they're still reasonable to deal with, offer an all around excellent service, and they've done a much better job on security and other fronts than other colos. As for the original poster, remote hands service is expensive, and smart hands is usually for smart services. If all you want is hands either drag your...self down to the colo and start lifting, or hire your own $10/hr rack and stack monkeys. At any rate, this has no place on nanog. -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
RE: your mail
Does any one else out there think smart hands at Equinix is a rip off? I can send a package over night to the IBX for less than what it costs to move it from the mailroom to my cage. Just curious Uh, yes. Equinix is a rip off in general. I got kicked out of Chicago using the side door. I was sick of the stupid man trap crap and noticed they had a door that was propped open in the back that leads outside. It was much easier to back the truck up there and go in and out. The whole thing is a joke, they spent a lot of cash to look good, but there is very little substance. --- There are a few companies that spent money on bullet-resistant reception areas [the purpose has always eluded me] -- when you ask if the loading dock and all other entrances are similarly reinforced, you get the no, of course not!. I guess the thought process is: basically assume the bad guys will go through the front door and cooperate with the mantrap. Then again (bringing this back to EQIX) -- they didn't spend money on expensive signage, because no one would guess where the door is -- right? So that's more of a savings than some other companies have/had/whatever. DJ I'm curious -- did they kick you out for the day, or terminate your contract and move you out?
RE: your mail
Leaving or forcing doors to be propped open generally triggers an alarm that prompts a visit from someone in security. It is entirely possible that someone who worked at the facility informed the security staff of what they were doing because they needed to leave the door open to fetch a package or something that was going to be moved through that door. It's also entirely possible that someone working there was violating the security policy entirely. That happens as well. I would need many more fingers and toes to count the number of sleeping guards I've caught at colo sites. The point is: people do dumb things that compromise security for everyone in order to make their own lives easier. A good security plan anticipates these lapses and puts measures in place to deal with them. If you haven't worked in an environment where you had to turn in your cellphone and pager at the front desk, show a badge to a camera around every corner, and get your office keys from a vending machine you dont know what real security looks like. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Majdi S. Abbas Sent: Tuesday, August 20, 2002 3:13 PM To: N. Richard Solis Cc: [EMAIL PROTECTED] Subject: Re: your mail On Tue, Aug 20, 2002 at 03:08:22PM -0400, N. Richard Solis wrote: I think that getting caught is a good indication that they take the security of the facility seriously. Which is clearly exhibited by them leaving a side door propped open, or not checking or securing this door earlier --msa
Re: an itty bitty survey...
ssh and telnet =) [EMAIL PROTECTED] wrote: Hi all, [This may sound like a perennial question.] I'm curious as to how you configure your routers (whatever they may be). In particular, what tools do you use? Home grown? Rancid? Vendor provided? I'll summarize. Thanks in advance, Eliot
RE: your mail
On Tue, 20 Aug 2002, N. Richard Solis wrote: Leaving or forcing doors to be propped open generally triggers an alarm that prompts a visit from someone in security. It is entirely possible that someone who worked at the facility informed the security staff of what they were doing because they needed to leave the door open to fetch a package or something that was going to be moved through that door. It's also entirely possible that someone working there was violating the security policy entirely. That happens as well. I would need many more fingers and toes to count the number of sleeping guards I've caught at colo sites. Correct, I am sorry I think that is my point. There are a lot of things that they SHOULD have been doing, but they were not. I am saying they spent lots of money on a security image and not on security. They never found me using the door and that is a problem, when I let them know about their issues they rather shut me up then deal with them. The point is: people do dumb things that compromise security for everyone in order to make their own lives easier. A good security plan anticipates these lapses and puts measures in place to deal with them. If you haven't worked in an environment where you had to turn in your cellphone and pager at the front desk, show a badge to a camera around every corner, and get your office keys from a vending machine you dont know what real security looks like. I know what real security looks like, I also know what real security is. I am saying that I am willing to pay for real security, but I am not willing to page for the image of real security and go through the hassle of the image of real security when there is no real security. I don't know about all of their sights, but at least two have the security image when you walk in, but the rest of the building and other entrances have less then my house. Nathan Stratton nathan at robotics.net http://www.robotics.net
Re: your mail
Speakig of paix's and locations, I know the mfn filings have held up progress but I wondered and maybe others on this list wonder what the status of the paix nyiix interconnection might be? On 20 Aug 2002, Paul Vixie wrote: [EMAIL PROTECTED] (Nathan Stratton) writes: Uh, yes. Equinix is a rip off in general. I got kicked out of Chicago using the side door. I was sick of the stupid man trap crap and noticed they had a door that was propped open in the back that leads outside. It was much easier to back the truck up there and go in and out. The whole thing is a joke, they spent a lot of cash to look good, but there is very little substance. nevertheless PAIX hasn't made it to chicago yet, and equinix is quite a bit more neutral than a normal abovenet/exodus/att/qwest/ibm/uunet hosting center would be, and that makes them the only game in that town. i recommend that you work hard at helping them fix whatever it is they're doing wrong. think of your work in that regard as a public service.
Re: your mail
Speakig of paix's and locations, I know the mfn filings have held up progress but I wondered and maybe others on this list wonder what the status of the paix nyiix interconnection might be? until mfn finishes selling paix, there will likely be no progress on this.
Re: Major Labels v. Backbones
At 2:19 PM -0600 8/20/02, among other things Irwan Hadi wrote: BTW, if small (tier 4 - 5) ISPs can be threatened by its uplink for non compliance with the AUP (for example transmitting spam all the time), and medium ISPs (tier 3 - 4) can also be threatened by its uplink for non compliance with the AUP, then why tier 1 - 2 ISPs can't be threatened by RIAAA to comply to their AUP ? One difference is that there are business relationships between all of the upstreams and their downstreams. The contracts usually require compliance with the AUPs. If someone doesn't like an AUP they don't have to do business with that ISP and can at least try to get service somewhere else. ISPs don't have business relationships with the RIAA and don't have the option to go somewhere else if the RIAA imposes its will on backbone ISPs. -Jeff Ogden Merit
RE: your mail
Then the appropriate person to talk to is the account manager. Catching a problem yourself doesn't do anyone any good if the management of the facility (or the company) isn't involved. My experience is that a LOT of companies want to hear from customers when things go amiss. They can't always rely on their own employees to let them know when the are falling down on the job. I've gotten corrective action form people just by threatening to bring in a higher management layer. People would rather fix a problem themselves than allow their management to fix it for them. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Nathan Stratton Sent: Tuesday, August 20, 2002 5:07 PM To: N. Richard Solis Cc: Majdi S. Abbas; [EMAIL PROTECTED] Subject: RE: your mail On Tue, 20 Aug 2002, N. Richard Solis wrote: Leaving or forcing doors to be propped open generally triggers an alarm that prompts a visit from someone in security. It is entirely possible that someone who worked at the facility informed the security staff of what they were doing because they needed to leave the door open to fetch a package or something that was going to be moved through that door. It's also entirely possible that someone working there was violating the security policy entirely. That happens as well. I would need many more fingers and toes to count the number of sleeping guards I've caught at colo sites. Correct, I am sorry I think that is my point. There are a lot of things that they SHOULD have been doing, but they were not. I am saying they spent lots of money on a security image and not on security. They never found me using the door and that is a problem, when I let them know about their issues they rather shut me up then deal with them. The point is: people do dumb things that compromise security for everyone in order to make their own lives easier. A good security plan anticipates these lapses and puts measures in place to deal with them. If you haven't worked in an environment where you had to turn in your cellphone and pager at the front desk, show a badge to a camera around every corner, and get your office keys from a vending machine you dont know what real security looks like. I know what real security looks like, I also know what real security is. I am saying that I am willing to pay for real security, but I am not willing to page for the image of real security and go through the hassle of the image of real security when there is no real security. I don't know about all of their sights, but at least two have the security image when you walk in, but the rest of the building and other entrances have less then my house. Nathan Stratton nathan at robotics.net http://www.robotics.net
Re: Major Labels v. Backbones
Some ISPs seem to be taking the position that the best defense is a good offense. http://www.informationwave.net/news/20020819riaa.php IWT Bans RIAA From Accessing Its Network August 19, 2002 Information Wave Technologies has announced it will actively deny the Recording Industry Association of America (RIAA) from accessing the contents of its network. Earlier this year, the RIAA announced its new plan to access computers without owner's consent for the sake of protecting its assets. Information Wave believes this policy puts its customers at risk of unintentional damage, corporate espionage, and invasion of privacy to say the least. --bill
RE: your mail
On Tue, 20 Aug 2002, N. Richard Solis wrote: Then the appropriate person to talk to is the account manager. Catching a problem yourself doesn't do anyone any good if the management of the facility (or the company) isn't involved. That presumes there is a single account manager. With Equinix, there are no less than 5 different people I need to call depending on what I need. They've shifted account management costs back on the customer. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Asking the wrong questions is the leading cause of wrong answers \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
RE: your mail
On Tue, 20 Aug 2002, Deepak Jain wrote: I'm curious -- did they kick you out for the day, or terminate your contract and move you out? Basically they said they would ban me personally if I gave there security people a hard time about their security. I don't think they ever would terminate a contract if you were paying their sick rates. Nathan Stratton nathan at robotics.net http://www.robotics.net
RE: your mail
On Tue, 20 Aug 2002, Deepak Jain wrote: I'm curious -- did they kick you out for the day, or terminate your contract and move you out? Basically they said they would ban me personally if I gave there security people a hard time about their security. I don't think they ever would terminate a contract if you were paying their sick rates. Good contract point here - if for any reason Customer's key personnel are not able to access the facility or equipment, at Customer's option Agreement may be terminated with 30 days notice. That will make everyone a little more polite, IMO. Deepak Jain AiNET
Hovercraft for deliveries to the fifth floor loading dock (was Re:Your mail)
On Tue, 20 Aug 2002, Nathan Stratton wrote: Correct, I am sorry I think that is my point. There are a lot of things that they SHOULD have been doing, but they were not. I am saying they spent lots of money on a security image and not on security. They never found me using the door and that is a problem, when I let them know about their issues they rather shut me up then deal with them. Obviously their secret plan to shut you up failed :-) Like commercial ventures, there is a certain amount of fluff and puffery. Banks still get robbed even with that really, really thick door on the vault. Most car commercials have fine print at the bottom saying don't do this insane thing. It gives the sales people something to talk about. Stick your fingers in your ears and ignore the sales person until you want to talk about discounts. Any technically savvy person should be able to do due dilegence and determine if a facility meets his needs. The question isn't really about security, but how it compares to other facilities of a similar caliber. You could drive a tank, but its really hard to park and gets lousy gas milage. Comparing a car to a tank isn't very useful. Comparing a Volvo to a Saab might provide information to make an informed choice. Is Equinix (PAIX, MFN, NOTA, etc) less secure than NORAD? Yes. Are there things I wish they did differently? Yes. Have they ever left a door unlocked? Yes. Have they ever made a mistake? Yes. Is Equinix a clean, secure, well-run facility I would trust to house my equipment? Yes. Would I also buy insurance and consider a diverse, back up site for my equipment? Yes. Disclosure: I'm an ex-employee of Equinix.
IETF SMTP Working Group Proposal at smtpng.org
This is copy of the message sent to IETF mail list. As subject said, I'd like to organize IETF working group to define new additions to SMTP. As everyone I'm sure have seen on the last why is spam a problem and other similar threads on ietf as well as numerous similar threads on other lists and boards, there is a serious need to do something to limit amount of unsolicited email. While the roots maybe social issue I do not see why we can not work on it from technical point of view. In addition to that during last years, I'v seen real need for new features to be added into SMTP, such as ones for callback, delayed transmission, delivery notification,secure communications, etc, etc and there are in fact several drafts available on some issues. As far as anti-spam mechanisms I do not belive we should force some particular method on everyone but rather built several verification features into protocol and allow server operators to themselve choose if they want to use it. Where the features were use the email would be considered more secure and users can use that to sort out mail (as many do already with special filters). I believe its time we start working within IETF on new version of SMTP that would have more features and be more secure. I'v tried to point this out several times before on nanog and ietf hoping that someone would take the initiave but as this did not happen, I'm willing to do it now. At this point I'm proposing creation of IETF working group that would look into ways to extend SMTP. I'v created website and mailing list to discuss charter of the proposed working group at http://www.smtpng.org Those who agree with me, please subscribe to the mailing list and lets work on this futher in a kind-of BOF. I'm also looking for two co-chairs for the working group with at least one preferablly having been chair of ietf group before. I'm planning on sending final draft for working group charter in about two weeks time and right now I'm going to be contacting several people who have expressed interest in working on SMTP protocol as well as contacting IETF area director on proceeding with this. -- William Leibzon [EMAIL PROTECTED]
Re: Hovercraft for deliveries to the fifth floor loading dock (was Re: Your mail)
I am not an ex-employee of Equinix, so here's my 2 cents: When we built the IBXs, having spent a couple of years listening to you folks tell me what you want at the PAIX and elsewhere, I basically learned it was impossible to satisfy everyone. If you please one network engineer, you're going to annoy another one, and that's just the way it works. In the immortal words of Stephen Stuart, Sorry. Apparently our secret plan to shut up Nathan did fail miserably. ;) We'll have to set the hand geometry readers to electrocute him on his next appearance at the IBX. 1) Fire codes and other local ordinances interfered with my grand plan to bury you in concrete and eliminate fire exits. ;) In other words, we have no choice put to put fire exits in there, otherwise many of you would die in a fire due to the sheer size of our facilities. Fire doors don't work very well if you can't open them. In some regions, we're allowed by code to lock it shut for a delay and theoretically that's enough time to send a guard to hunt you down and remove you. In others we need to let it open, but an alarm goes off (sometimes silently, other times very loudly) to accomplish the same effect. If Nathan propped open a door and was able to enter/exit without being caught then that was a failure and one I'd like to address... In any case, yes we do have a camera watching you, and we do keep records of all that, so if you think it's a big security hole and plan on balancing that GSR on one toe into the back of your pickup so you can sell it on the street corner go ahead and try. Don't be surprised if I don't write you in jail. 2) Customers are given one point of contact they can call for anything. You know, it's that game... if you do what one person wants it annoys another... So therefore, just like engineers love to call their favorite go-getter of the day, it's ok for customers to call account reps, SEs, or even network engineers and folks like me. We don't care. However, if you want to call the ERC we figure that's fine as well. We thought everyone would want to bypass humans all together and use a web site. We were proven wrong on that front, though some of the more organized customers use the web interface regardless. So you don't HAVE to call five different people, but hell, if you want to, have a field day. (What? You mean there is flexibility? Preposterous!!!) Finally, remember the point of all this... peering points didn't take into account the physical issues associated with colo, and we tried to address them from the network engineer's perspective...paying special attention to the VERY different colocation needs for different customers. Oh yeah, and then try and duplicate it exactly in seven buildings. At 3am one day maybe even Nathan can appreciate the way we designed them... Being a colo provider is a necessary evil needed to accomplish the much more important goals of solving certain other exchange point issues. On Tue, Aug 20, 2002 at 06:50:00PM -0400, Sean Donelan wrote: On Tue, 20 Aug 2002, Nathan Stratton wrote: Correct, I am sorry I think that is my point. There are a lot of things that they SHOULD have been doing, but they were not. I am saying they spent lots of money on a security image and not on security. They never found me using the door and that is a problem, when I let them know about their issues they rather shut me up then deal with them. Obviously their secret plan to shut you up failed :-) Like commercial ventures, there is a certain amount of fluff and puffery. Banks still get robbed even with that really, really thick door on the vault. Most car commercials have fine print at the bottom saying don't do this insane thing. It gives the sales people something to talk about. Stick your fingers in your ears and ignore the sales person until you want to talk about discounts. Any technically savvy person should be able to do due dilegence and determine if a facility meets his needs. The question isn't really about security, but how it compares to other facilities of a similar caliber. You could drive a tank, but its really hard to park and gets lousy gas milage. Comparing a car to a tank isn't very useful. Comparing a Volvo to a Saab might provide information to make an informed choice. Is Equinix (PAIX, MFN, NOTA, etc) less secure than NORAD? Yes. Are there things I wish they did differently? Yes. Have they ever left a door unlocked? Yes. Have they ever made a mistake? Yes. Is Equinix a clean, secure, well-run facility I would trust to house my equipment? Yes. Would I also buy insurance and consider a diverse, back up site for my equipment? Yes. Disclosure: I'm an ex-employee of Equinix. -- [ Jay Adelson [EMAIL PROTECTED] ] [ Founder, Chief Technology Officer Work: +1-650-316-6000 ] [ Equinix, Inc., Mountain View, CA Fax: +1-650-316-6904 ]
Re: Hovercraft for deliveries to the fifth floor loading dock (wasRe: Your mail)
On Tue, 20 Aug 2002, Jay Adelson wrote: 2) Customers are given one point of contact they can call for anything. I'm your customer and I'm telling you that I haven't been and when I've specifically asked for a single point of contact I've been told that I need to contact a variety of people based on what it is I need. You know, it's that game... if you do what one person wants it annoys another... So therefore, just like engineers love to call their favorite go-getter of the day, it's ok for customers to call account reps, SEs, or even network engineers and folks like me. We don't care. Really? --- From: Christina Canady [EMAIL PROTECTED] CC: Duane MacKenzie [EMAIL PROTECTED] Subject: RE: Packing Slips Date: Fri, 2 Aug 2002 14:43:56 -0700 I believe Duane has responded regarding the packing slips. On another note, all correspondence to the IBX needs to go through me or the ERC in the future. We ask all our customers not to call or email the IBXes directly. Thank you, CC -- I invite you to take any further correspondence regarding this issue private, and look very forward to your response. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Asking the wrong questions is the leading cause of wrong answers \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/
Re: IETF SMTP Working Group Proposal at smtpng.org
On Tue, 20 Aug 2002, [EMAIL PROTECTED] wrote: This is copy of the message sent to IETF mail list. As subject said, I'd like to organize IETF working group to define new additions to SMTP. As everyone I'm sure have seen on the last why is spam a problem and other similar threads on ietf as well as numerous similar threads on other lists and boards, there is a serious need to do something to limit amount of unsolicited email. While the roots maybe social issue I do not see why we can not work on it from technical point of view. In addition to that during last years, I'v seen real need for new features to be added into SMTP, such as ones for callback, delayed transmission, delivery notification,secure communications, etc, etc and there are in fact several drafts available on some issues. As far as anti-spam mechanisms I do not belive we should force some particular method on everyone but rather built several verification features into protocol and allow server operators to themselve choose if they want to use it. Where the features were use the email would be considered more secure and users can use that to sort out mail (as many do already with special filters). William, While not trying to discourage you from your efforts, I would like to recommend that you not reinvent the wheel. The list you have presented already has some possible solutions to it which I have listed below. Delayed transmission: Are we talking about rate limiting, or delivery of specific messages at specific times? Either way this is more an MTA issue in my eyes, than a protocol issue. Rate limiting is already availible in at least one major Unix MTA. Delivery notification: Possibly a protocol issue. This is availible as a semi-standard. RFC1891 is your friend: ftp://ftp.isi.edu/in-notes/rfc1891.txt Secure communication: TLS, SSL.
Re: IETF SMTP Working Group Proposal at smtpng.org
Several (if not most) of the issues indeed have solutions available (which is BIG plus for this project), almost none have any standards and there is no wide use at all. I want standards to be defined and in a way that would encorage worldwide use of these features and in my view it means new version of the protocol (with backward compatibility). I fully understand that this will not be implemented in couple years and if this all goes though, we'll be lucky to see the features used in any serious manner in no less then 5 years. On Tue, 20 Aug 2002, [EMAIL PROTECTED] wrote: This is copy of the message sent to IETF mail list. As subject said, I'd like to organize IETF working group to define new additions to SMTP. As everyone I'm sure have seen on the last why is spam a problem and other similar threads on ietf as well as numerous similar threads on other lists and boards, there is a serious need to do something to limit amount of unsolicited email. While the roots maybe social issue I do not see why we can not work on it from technical point of view. In addition to that during last years, I'v seen real need for new features to be added into SMTP, such as ones for callback, delayed transmission, delivery notification,secure communications, etc, etc and there are in fact several drafts available on some issues. As far as anti-spam mechanisms I do not belive we should force some particular method on everyone but rather built several verification features into protocol and allow server operators to themselve choose if they want to use it. Where the features were use the email would be considered more secure and users can use that to sort out mail (as many do already with special filters). William, While not trying to discourage you from your efforts, I would like to recommend that you not reinvent the wheel. The list you have presented already has some possible solutions to it which I have listed below. Delayed transmission: Are we talking about rate limiting, or delivery of specific messages at specific times? Either way this is more an MTA issue in my eyes, than a protocol issue. Rate limiting is already availible in at least one major Unix MTA. Delivery notification: Possibly a protocol issue. This is availible as a semi-standard. RFC1891 is your friend: ftp://ftp.isi.edu/in-notes/rfc1891.txt Secure communication: TLS, SSL.
Verizon sued by RIAA ?
Anyone have confirmation about this ? Record labels today filed suit in District Court in DC against Verizon, asking that Verizon be compelled to turn over information regarding their subscribers under the pre-complaint subpoena power granted under 17 USC 512(h) of the DMCA. Regards Marshall Eubanks
Re: Hovercraft for deliveries to the fifth floor loading dock (was Re: Your mail)
Patrick, Yes, really! That's what the ERC is for. I guess the confusion is outside your email thread, which indicates as such... But yes, the single point is supposed to be the ERC. Feel free to contact me with specifics... -Jay On Tue, Aug 20, 2002 at 05:29:43PM -0700, Patrick wrote: On Tue, 20 Aug 2002, Jay Adelson wrote: 2) Customers are given one point of contact they can call for anything. I'm your customer and I'm telling you that I haven't been and when I've specifically asked for a single point of contact I've been told that I need to contact a variety of people based on what it is I need. You know, it's that game... if you do what one person wants it annoys another... So therefore, just like engineers love to call their favorite go-getter of the day, it's ok for customers to call account reps, SEs, or even network engineers and folks like me. We don't care. Really? --- From: Christina Canady [EMAIL PROTECTED] CC: Duane MacKenzie [EMAIL PROTECTED] Subject: RE: Packing Slips Date: Fri, 2 Aug 2002 14:43:56 -0700 I believe Duane has responded regarding the packing slips. On another note, all correspondence to the IBX needs to go through me or the ERC in the future. We ask all our customers not to call or email the IBXes directly. Thank you, CC -- I invite you to take any further correspondence regarding this issue private, and look very forward to your response. /\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\ Patrick Greenwell Asking the wrong questions is the leading cause of wrong answers \/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/ -- [ Jay Adelson [EMAIL PROTECTED] ] [ Founder, Chief Technology Officer Work: +1-650-316-6000 ] [ Equinix, Inc., Mountain View, CA Fax: +1-650-316-6904 ]
Shared facilities (was Re: your mail)
On Wed, 21 Aug 2002, David Lesher wrote: Unnamed Administration sources reported that N. Richard Solis said: If you haven't worked in an environment where you had to turn in your cellphone and pager at the front desk, show a badge to a camera around every corner, and get your office keys from a vending machine you dont know what real security looks like. You missed the places w/ real security. That's where the very polite Marine Security Guard with the 870 shotgun asks to see your badge again... Sigh, and in places with real security you rarely find enemies/competitors sitting in the same room. Exchange points are like the United Nations, not high security military bases. AMS-IX, Equinix, Linx/Telehouse, PAIX, etc provide a neutral facility for competitors to exchange network traffic. The facility operators provide a reasonable level of security, and try to keep the diplomats from punching each other. Its in all (most?) the competitors' self-interest to follow the rules. Let's not lose sight of the purpose of colocation/exchange points. If we start requiring you to be a US citizen and have top secret clearance in order to enter a colocation facility, we've probably decreased the usefulness of the exchange points.