On Fri, 2004-12-03 at 09:23 +0200, Hank Nussbacher wrote:
In Ciscoland its called Autosecure (IOS 12.3):
http://www.cisco.com/warp/public/cc/pd/iosw/prodlit/cas11_ds.htm
Blocks all IANA reserved IP address blocks
The actual doc:
On Fri, 3 Dec 2004, Elmar K. Bins wrote:
And while Cisco's autosecure feature looks fine in most parts (saves
a lazy overworked bum like me a lot of typing), it does not do much
good - in my opinion - when it comes to bogon filtering. I prefer
knowing what the filter looks like, and it does
On Fri, 2004-12-03 at 00:53 -0500, J. Oquendo wrote:
Considering the talk of banning going on, I was reluctant to post this,
anyhow, I wondered how many (if any) have ever thought about the aspect of
vendors deciding to implement some form of default bogon filtering on their
products. With
Hank :-)
that, nor any way of modifying the list (correct me if I'm wrong).
See pages 9, 10 and 12 of the PDF I posted. Specifically, it
sets up: ip access-list extended autosec_iana_reserved_block, and ip
access-list extended autosec_complete_bogon which you of course can
change like
Hank Nussbacher wrote:
On Fri, 3 Dec 2004, Elmar K. Bins wrote:
And while Cisco's autosecure feature looks fine in most parts (saves
a lazy overworked bum like me a lot of typing), it does not do much
good - in my opinion - when it comes to bogon filtering. I prefer
knowing what the filter looks
Mark Andrews wrote:
In article [EMAIL PROTECTED] you write:
You would put in a global wildcard that says no smtp sender here. Only
for those boxes being legitimate SMTP to outside senders you'd put in a
more specific record as shown above. You probably have to enter some dozen
to one hundred
On Thu 02 Dec 2004 (15:21 -0500), Steven Champeon wrote:
on Thu, Dec 02, 2004 at 02:56:29PM -0500, Hannigan, Martin wrote:
Possibly. What will happen if the Lycos botnet gets hijacked?
The conversations between the clients and the servers don't appear
to be keyed. If a million clients
This report has been generated at Fri Dec 3 21:40:03 2004 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table
There is one thing though which is somewhat a problem with these setups,
one has to trust the source of the filters, they are technically
controlling your network, who you talk to and who not. And this little
technical issue can be a huge political issue.
This change control issue is an
On 3-dec-04, at 10:57, Andre Oppermann wrote:
Routers would ship with the iana_reserved_block list of when they were
manufactured. If the user is stoopid enough not to be able to get his
filters from Cymru directly then he should not have any filtering at
all
because he is never going to update
December 1, 2004 -- (WEB HOST INDUSTRY REVIEW) -- Internet
security company and domain registry operator VeriSign Inc.
(verisign.com) announced on Wednesday tiat it has released
the Domain Name Industry Brief for the third quarter of
2004, noting the registration of 5.1 million new domain
names
On Fri, Dec 03, 2004 at 10:57:15AM +0100, Andre Oppermann wrote:
If you do any bogon filtering at all then do it with some automatically
updating system like an BGP bogon feed from Cymru.
How does the BGP bogon feed from cymru protect against more-specific
bogons ?
--
Cliff Albert [EMAIL
Given the discussion here on the Lycos anti-spam campaign,
it is also interesting to note that Microsoft is taking a
more direct approach to curtail spammer activity -- suing
them.
As reported on the NewsFactor Network, Microsoft has filed
seven more lawsuits against spammers, this time
Howdy. Were looking at upgrading our
border router(s) from 7500s to (something) yet undetermined. What we would like
to do is perhaps find a platform that is smart enough to not route more
outgoing traffic across a circuit than it can handle. We have 4 outgoing links
to the net at the
On 3 Dec 2004, at 08:52, Fergie (Paul Ferguson) wrote:
December 1, 2004 -- (WEB HOST INDUSTRY REVIEW) -- Internet
security company and domain registry operator VeriSign Inc.
(verisign.com) announced on Wednesday tiat it has released
the Domain Name Industry Brief for the third quarter of
2004,
Internap's(Sockeye/netVmg's)"FCP" Flow Contorl
Platform might do the trick for you-
Keith Wallace
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Sent: Friday, December 03, 2004 9:53
AMTo: [EMAIL PROTECTED]Subject: Load balancing outgoing
connections automatically.
Howdy. We're
--- J. Oquendo [EMAIL PROTECTED] wrote:
I thought about it over and over, and wonder why
this hasn't been done.
Any care to beat me with a clue stick or two. I can
understand the
arguments of not wanting a vendor to have control of
some aspect of my
business, or control over my network,
Lycos Europe appeared to have pulled a controversial
anti-spam screensaver program from its site on Friday,
after coming under fire from both security experts and
the spammers themselves.
http://www.infoworld.com/article/04/12/03/HNlycospullsscreensaver_1.html
- ferg
--
Fergie, a.k.a. Paul
Fergie (Paul Ferguson) wrote:
Lycos Europe appeared to have pulled a controversial
anti-spam screensaver program from its site on Friday,
after coming under fire from both security experts and
the spammers themselves.
http://www.infoworld.com/article/04/12/03/HNlycospullsscreensaver_1.html
Okay.
does anyone have expirience using a sniffer on a hi-capacity network
segment, that might know if there are limitations I need to worry about?
example: customers doing EMC database replication across a mpls link, and
when the capacity reaches aprox. 250 Mbp/s packets are arriving out of
sequence
Then you could also just get a connection to team cymru's bogon servers.
Works Perfectly for us. I have been peering with them from our sink
hole/black hole trigger router, for a while now, and I no longer need to
manually update the files.
More info here.
http://www.cymru.com/BGP/bogon-rs.html
I was thinking the same thing Plus, Stay Tuned
doesn't mean that they necessarily pulled the screensaver
permanently
- ferg
-- Gadi Evron [EMAIL PROTECTED] wrote:
Lycos Europe appeared to have pulled a controversial
anti-spam screensaver program from its site on Friday,
after
It probably depends more on pps than bandwidth.
At a prior job, I used FreeBSD 4.x machines to capture over 400,000 pps,
I think, on gigabit links.
You need a nic that is supported with one of the device polling drivers
to keep CPU manageable. (Intel, not yet broadcom.)
FreeBSD far surpassed
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Drew Weaver wrote:
| Howdy. We?re looking at upgrading our border router(s) from
| 7500s to (something) yet undetermined. What we would like to do is
| perhaps find a platform that is smart enough to not route more outgoing
| traffic across
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Steve Francis wrote:
|
| It probably depends more on pps than bandwidth.
| At a prior job, I used FreeBSD 4.x machines to capture over 400,000 pps,
| I think, on gigabit links.
| You need a nic that is supported with one of the device polling drivers
|
Any of IBM people on list? NOC email and phone is not good. I am trying
to get 72.1.1920.19 off their Bogon filtering for 2 weeks now without
any luck. If someone has a contact that can at least point me in the
right direction it will be much appreciated.
Regards,
Majid Farid
Telecom Ottawa
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to [EMAIL PROTECTED]
If you have any comments please contact Philip Smith [EMAIL PROTECTED].
Routing Table Report 04:00 +10GMT Sat 04 Dec, 2004
On Fri, 3 Dec 2004, Hank Nussbacher wrote:
Blocks all IANA reserved IP address blocks
The actual doc:
http://niatec.info/mediacontent/cisco/media/targets/resources_mod07/7_1_2_AutoSecure.pdf
Surprise, surprise. The examples in that document are already out of date
and filtering as bogons
It makes one wonder if an entity with as deep pockets and
adept legal staff might actually make an impact on spammers,
or if they are simply tilting at windmills.
Either way, it's a good thing. It takes resources away from Micr0$0ft's
other legal pursuits which can't possibly be a bad thing. It
On Fri, 3 Dec 2004, Hank Nussbacher wrote:
Blocks all IANA reserved IP address blocks
The actual doc:
http://niatec.info/mediacontent/cisco/media/targets/resources_mod07/7_1_2_AutoSecure.pdf
Surprise, surprise. The examples in that document are already out of date
and filtering as bogons
Drew Weaver wrote:
| Howdy. We?re looking at upgrading our border router(s)
| from 7500s to (something) yet undetermined.
I love my 7304-G100's as a nice step up from the 7500's, and short of
the GSR or J-vendor. Be sure to get the G100's and not the NSE-100 (no
PXF). Order of
On Fri, Dec 03, 2004 at 08:31:10AM -0800, nanog gonan wrote:
I ask that the methodology of bannishment be posted to
the list, so we're all aware of the consequences of
too much OT. Is it permanent banishment or a
procedure similar to the one that William suggests?
How many warnings get
On Fri, 3 Dec 2004, Lou Katz wrote:
I was puzzled by this, since I basically lurk on the list, and
have made very few postings. I replied to Susan privately that,
among other things, I had no record nor recollection of any
previous warnings, and asked politely for information regarding
these,
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, December 03, 2004 3:31 PM
To: [EMAIL PROTECTED]
Subject: Re: [OT] Re: Banned on NANOG
[snip]
This is my first post directly to the NANOG list. Ever.
I'm not sure why you chose this thread as
On 3-dec-04, at 17:08, Steve Francis wrote:
It probably depends more on pps than bandwidth.
Although if you have very high bandwidth you may run into trouble with
the PCI bus. 33 MHz 32 bit PCI can barely manage 1 Gbps, and that's
withough taking overhead into account.
At a prior job, I used
On Thu, 2 Dec 2004, Brandon Butterworth wrote:
Ethernet is cheap and trivial, drop some
code in one of these (cpu is built into the
rj45 socket)
http://www.lantronix.com/device-networking/embedded-device-servers/xport.html
Cheap is relative. These are showing about $50 each, Considering
On Fri, 3 Dec 2004, Hannigan, Martin wrote:
This is my first post directly to the NANOG list. Ever.
I'm not sure why you chose this thread as your sunshine, but
welcome.
In brief, I've never been largely concerned with where I jump into the
pool, or if my speedo matches the popular cut. Apologies
Just as a FYI to a number of people out there, I do
periodically create new lists on puck.nether.net, including a new
Force10 related list.
For those of you that are interested, you can find subscription
information here:
At the moment the screensaver does nothing. It blanks to grey and
displays the message Stay Tuned that's really about it. (Of course
it still connects to the Makelovenotspam.com site, but that isn't
really the point).
It wouldn't surprise me if the screensaver, or a modified version, went
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Friday, December 03, 2004 3:46 PM
To: [EMAIL PROTECTED]
Subject: Re: Lycos pulls anti-spam screensaver from site
At the moment the screensaver does nothing. It blanks to grey and
displays the
/lurk
All,
Right from the Horse's Mouth:
Quote:
FCC Chairman Michael K. Powell applauded the Supreme Court's move to
hear the case.
The 9th Circuit's decision would have grave consequences for the
future and availability of high-speed Internet connections in this
country, he
Date: Fri, 3 Dec 2004 10:47:08 -0500 (EST)
From: todd romero [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: using sniffer on high-bandwidth pipes
does anyone have expirience using a sniffer on a hi-capacity network
segment, that might know if there are limitations I need to worry about?
Along these lines, one could leave the transit AS networks alone if a
parallel 16 bit ASN space were created. Essentially, any non-transit
network would have it's non-public ASN retranslated NAT-style by upstream
transit network border routers. Only the border routers would have to be
changed.
I think the original proposal was to still go with 32 bit ASNs, but, adapt
a range of 32 bit ASNs for the assignment to NON-TRANSIT ASNs leaving
the entire 16 bit range reserved for TRANSIT ASNs.
I think there's merit to the idea, but, I think that it could use some
refinement. I agree there will
Hi everyone,
This is to let you know that the registration for APRICOT 2005 in Kyoto,
Japan, from 18th to 25th February 2005 is now open. APRICOT is the Asia
Pacific region's Internet operations and technology conference, and
consists of workshops, tutorials, conference, as well as the 6
On Fri, 03 Dec 2004 16:36:39 CST, John Dupuy said:
Along these lines, one could leave the transit AS networks alone if a
parallel 16 bit ASN space were created. Essentially, any non-transit
network would have it's non-public ASN retranslated NAT-style by upstream
transit network border
I think it's a good thing Microsoft is going after spammers - who cares
if they loose the money (or their freedom, heh) they earned from sending
you an email.
Best Wishes,
Blake L. Smith
XtremeBandwidth.com, Inc.
949-330-6400 Office
949-606-7100 Fax
www.XtremeBandwidth.com
-Original
I don't see non-transit ASN leakage as any greater issue than current
private ASN leakage.
However, I do see the ability to use non-transit ASNs to multihome end sites
with provider independent addresses and allow better aggregation as a good
thing. In this case, leakage would only have the same
OD Date: Fri, 03 Dec 2004 14:45:17 -0800
OD From: Owen DeLong [EMAIL PROTECTED]
OD I think the original proposal was to still go with 32 bit ASNs, but, adapt
OD a range of 32 bit ASNs for the assignment to NON-TRANSIT ASNs leaving
OD the entire 16 bit range reserved for TRANSIT ASNs.
Correct.
[EMAIL PROTECTED] (Alex Rubenstein) writes:
... I think we all agree that RAS and Randy don't fall into the above
category of having to be gotten ridden of. ...
nope.
--
Paul Vixie
I think all the meaningful parties have already pretty much agreed on
32bit ASNs in BGP4. I think that will be coded in the routers well before
any attribute-based thing for 32bit ASNs is. As such, I don't see much
point to kludging this instead of just going for it assuming a 32bit world.
Owen
Sometimes the only way to stop evil is not with good...
You must confront it with a different kind of evil.
David Twohy - The Chronicles of Riddick
Bob
Owen DeLong wrote:
It makes one wonder if an entity with as deep pockets and
adept legal staff might actually make an impact on spammers,
or if
OD Date: Fri, 03 Dec 2004 18:09:48 -0800
OD From: Owen DeLong
OD I think all the meaningful parties have already pretty much agreed on
OD 32bit ASNs in BGP4. I think that will be coded in the routers well before
OD any attribute-based thing for 32bit ASNs is. As such, I don't see much
OD point
If you want to get serious, check out endace cards... www.endace.com
Their cards offload much of the pcap processing to the specialized
nic... It is only for sniffing. They manage to do a zero copy directly
to memory... You can capture near line rate at gigabit speeds.
They are expensive, but
54 matches
Mail list logo