Hi.
We see the need for a mailing list, where we can send snort signatures
that are not for public release, and have the ISP's and other
responsible parties run these sigs and come back with results.
This will be a sub-list of the drone armies research and mitigation
mailing list, as well as for
So, this highlights some good operational practices in networking and
DNS-applications, but doesn't answer how 1918 is 'different' or
'special'
than any other ip address. I think what I was driving at is that
putting
these proposed road blocks in bind is akin to the 'cisco auto secure'
This report has been generated at Fri Apr 8 21:44:57 2005 AEST.
The report analyses the BGP Routing Table of an AS4637 (Reach) router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/as4637 for a current version of this report.
Recent Table
On Friday 08 Apr 2005 11:00 am, [EMAIL PROTECTED] wrote:
Which leads me to the question: Why are RFC 1918 addresses defined
in a document rather than in an authoritative protocol feed which
people can use to configure devices?
Because they don't change terribly often.
Indeed the ones in
On Apr 8, 2005 6:51 PM, Howard, W. Lee [EMAIL PROTECTED] wrote:
- Because abuse@ went to a 24x7 team, with an auto-responder, and
(on advice of counsel and for scalability reasons) we did not reply
to every complaint with a description of the action taken, it was
assumed no action was taken.
To all,
I am using AS prepending to favor one ISP over
another, in a BGP multihomed/multiISP scenario. Why
does the ISP receiving the prepends fail to add my
network into their routing table? Is this a feature
of BGP, or have I gone too far with 3 prepend
statements.
Thx
Philip
Do they not have your routes present in their table *at all* or do they
just not point them to you?
If they have them but via another route, it may be that the shorter path
for them is via the ISP you're not prepending. Though unless they've got
free transit it would seem pretty dense not to use
On Apr 8, 2005, at 10:28 AM, Philip Lavine wrote:
I am using AS prepending to favor one ISP over
another, in a BGP multihomed/multiISP scenario. Why
does the ISP receiving the prepends fail to add my
network into their routing table? Is this a feature
of BGP, or have I gone too far with 3 prepend
On Fri, 8 Apr 2005, Philip Lavine wrote:
I am using AS prepending to favor one ISP over
another, in a BGP multihomed/multiISP scenario. Why
does the ISP receiving the prepends fail to add my
network into their routing table? Is this a feature
of BGP, or have I gone too far with 3 prepend
Update:
I am prepending my AS 3 times to the un-preferred ISP.
Both ISP's are my peers. The un-preferred ISP claims
the see my advertisement yet they do not add it to
their routing table (suggests filtering??). They claim
all the filtering they are doing is based on the
networks I told them over
On Friday 08 April 2005 16:04, Philip Lavine wrote:
I am prepending my AS 3 times to the un-preferred ISP.
Both ISP's are my peers. The un-preferred ISP claims
the see my advertisement yet they do not add it to
their routing table (suggests filtering??). They claim
all the filtering they are
On Fri, 8 Apr 2005, Philip Lavine wrote:
I am prepending my AS 3 times to the un-preferred ISP.
Both ISP's are my peers.
Ok...I just wanted to be sure you weren't prepending their ASN in which
case loop detection would stop them from accepting your routes.
The un-preferred ISP claims the
Philip Lavine wrote:
Update:
I am prepending my AS 3 times to the un-preferred ISP.
Both ISP's are my peers. The un-preferred ISP claims
the see my advertisement yet they do not add it to
their routing table (suggests filtering??). They claim
all the filtering they are doing is based on the
Update 2:
More info. When I have tested the failover by pulling
the plug on the preferred ISP, I do not see my network
in looking glass. Secondly, the backup provider has
told me the the route is not in the (rib).
Philip
--- Mark Kasten [EMAIL PROTECTED] wrote:
offlist
fwiw, it's in the
On Friday 08 April 2005 17:05, Philip Lavine wrote:
More info. When I have tested the failover by pulling
the plug on the preferred ISP, I do not see my network
in looking glass. Secondly, the backup provider has
told me the the route is not in the (rib).
In that case your only course of
--- Philip Lavine [EMAIL PROTECTED] wrote:
Update 2:
More info. When I have tested the failover by
pulling
the plug on the preferred ISP, I do not see my
network
in looking glass. Secondly, the backup provider has
told me the the route is not in the (rib).
Philip
Have you
anyone got any figures for how much port 0 traffic is around?
For F-root, queries with UDP source port 0 make up about 0.001% of
the traffic. Or 4500 queries yesterday.
I'm not seeing any source port 0 queries at ISC's AS112 node or their TLD
server.
Duane W.
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to [EMAIL PROTECTED]
If you have any comments please contact Philip Smith [EMAIL PROTECTED].
Routing Table Report 04:00 +10GMT Sat 09 Apr, 2005
On Fri, 8 Apr 2005, Simon Waters wrote:
Whilst we are on dross that turns up at DNS servers, how about traffic for
port 0, surely this could be killed at the routing level as well, anyone got
any figures for how much port 0 traffic is around? My understanding is it is
mostly either scanning,
I've decided to take Randy's (and a few others) advice
and, instead of polluting the list with tech news
snippets, post them to a blog. So in my spare time,
I'll post stuff there instead of to the list... pointer
in my .sig below.
Can I get a Hallelujah?! :-)
- ferg
--
Fergie, a.k.a. Paul
I've decided to take Randy's (and a few others) advice
and, instead of polluting the list with tech news
snippets, post them to a blog. So in my spare time,
I'll post stuff there instead of to the list... pointer
in my .sig below.
Can I get a Hallelujah?! :-)
- ferg
--
Fergie, a.k.a.
Can I get a Hallelujah?! :-)
from here, you get one hallelujah and one sporadic reader.
fwiw, i read two other blogs
http://www.intel-dump.com/
http://www.talkingpointsmemo.com/
both political
randy
Wha happen?
Routing Table Report 04:00 +10GMT Sat 09 Apr, 2005
Analysis Summary
BGP routing table entries examined: 139674
Prefixes after maximum aggregation: 83474
Unique aggregates announced to Internet:
On Fri, 08 Apr 2005 16:48:53 EDT, Joe Loiacono said:
Wha happen?
Routing Table Report 04:00 +10GMT Sat 09 Apr, 2005
Total ASes present in the Internet Routing Table: 17729
Routing Table Report 04:00 +10GMT Sat 02 Apr, 2005
Total ASes present in the Internet Routing
Hello.
I have an pre alpha version of the compromised host tracking system
ready, and I need some guinea pigs. This is based on my earlier AOL
scomp complaint work. If you would like to receive a daily html summary
email of the this is spam complaints for your ip space, please reply.
The
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
[EMAIL PROTECTED]
Sent: Friday, April 08, 2005 2:00 PM
To: Joe Loiacono
Cc: [EMAIL PROTECTED]
Subject: Re: Weekly Routing Table Report
On Fri, 08 Apr 2005 16:48:53 EDT, Joe Loiacono said:
Wha happen?
On Thu, 7 Apr 2005, Eric A. Hall wrote:
If folks were used to just adding forwarder entries to named.boot,
yes, since they'd also have to remember to undelegate authority
for the relevant rfc1918 address space now too. If somebody setup
a network using a subset of the address space
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://software.newsforge.com/article.pl?sid=05/04/06/197203from=rss
Just wondering how many have transitioned to djbdns from bind and if so
any feedback.
regards,
/vicky
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using
[EMAIL PROTECTED] (Vicky Rode) writes:
http://software.newsforge.com/article.pl?sid=05/04/06/197203from=rss
i'm struck by the persistent rumours repeated by this text:
Those who have been concerned with the number of security
vulnerabilities found in the BIND server through
(attribution removed due to my freeform quoting to make a point)
...from the ones DJB has complained about...
And there we have the reason alot of us don't use DJB softwares. :)
On Apr 8, 2005 4:55 PM, Vicky Rode [EMAIL PROTECTED] wrote:
http://software.newsforge.com/article.pl?sid=05/04/06/197203from=rss
Just wondering how many have transitioned to djbdns from bind and if so
any feedback.
regards,
/vicky
I used to use djbdns on my laptop for testing things,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
thanks for the insight to all who responded.
regards,
/vicky
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.2.5 (MingW32)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
On 4/9/2005 1:50 AM +0100, Paul Vixie wrote:
Count Server Software
[snip some list]
One could also put together a list based on:
- Security holes.
- Amount of code
- Bloatness
- Seperation of functionality
- # of seconds it takes to load huge amounts of zones
In the end, it all comes down to
fnordmaradns/fnord
:-)
On April 8, 2005 05:43 pm, Niek wrote:
On 4/9/2005 1:50 AM +0100, Paul Vixie wrote:
Count Server Software
[snip some list]
One could also put together a list based on:
- Security holes.
- Amount of code
- Bloatness
- Seperation of functionality
- # of
[EMAIL PROTECTED] (Niek) writes:
One could also put together a list based on:
- Security holes.
in BIND9-- zero so far.
- Amount of code
in BIND9--
% find . -name '*.[chyl]' -print | xargs wc -l | awk '{X+=$1} END {print X}'
687674
- Bloatness
in BIND9-- none.
- Seperation of
-Original Message-
From: Vicky Rode [mailto:[EMAIL PROTECTED]
Sent: Friday, April 8, 2005 10:55 PM
To: nanog@merit.edu
Subject: djbdns: An alternative to BIND
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
http://software.newsforge.com/article.pl?sid=05/04/06/197203from=rss
Just
On Fri, 8 Apr 2005, Eric Brunner-Williams wrote:
makes as much sense as turning nanog into a web-access only
mail sink. i liked your news items. and sean's. i wouldn't have known to
go look at the iraqi network operator/nic situation if news about the
hack on
Vicky - Thou shalt not post about DJB software to a mailing list Vixie
reads regularly. I take it you didn't listen in bible study class..
I had a play with DJBDNS after using BIND for years. Here's why I
switched back:
- No AXFR support
- No TCP support
- I was forced to use DJBs naming
On 4/9/2005 3:46 AM +0100, Nathan Ward wrote:
I had a play with DJBDNS after using BIND for years. Here's why I
switched back:
- No AXFR support
It supports this.
- No TCP support
It supports this.
- I was forced to use DJBs naming conventions for zones
If you administer 2-3 domains, sure it's an
On Apr 9, 2005 7:26 AM, Niek [EMAIL PROTECTED] wrote:
On 4/9/2005 3:46 AM +0100, Nathan Ward wrote:
I had a play with DJBDNS after using BIND for years. Here's why I
switched back:
- No AXFR support
It supports this.
No IXFR, no automatic notification of bind slaves (you get to run a
On 4/9/2005 4:03 AM +0100, Suresh Ramasubramanian wrote:
No IXFR, no automatic notification of bind slaves (you get to run a
separate notify script) ...
No RFC requires a specfic system of notification.
Seperate notify scripts are ok, rsync is even better!
Oh wait, does bind support rsync ?
But
On Apr 9, 2005 7:47 AM, Niek [EMAIL PROTECTED] wrote:
Oh yes, patch, patch ... welcome to patching hell if you run qmail or
any other djb ware :)
Yeah we tech folk hate patching.
I like it - as long as I dont have to spend all my time on it.
Take qmail for instance - or at least netqmail
neither has ever had bugs or security problems, they were stopped
by the flying pigs. the same pigs who made them both completely
rfc-of-the-week compliant. the same pigs who made them both so
easy to set up and use. as a rare truthful router vendor hack
once said we suck less. what a
On Sat, 9 Apr 2005, Niek wrote:
On 4/9/2005 3:46 AM +0100, Nathan Ward wrote:
- I was forced to use DJBs naming conventions for zones
If you administer 2-3 domains, sure it's an hassle, if not, put code-monkeys
to work. Most script people I know love the tinydns zone structure in
On Fri, 8 Apr 2005, Sean Donelan wrote:
On Fri, 8 Apr 2005, Simon Waters wrote:
Whilst we are on dross that turns up at DNS servers, how about traffic for
port 0, surely this could be killed at the routing level as well, anyone got
any figures for how much port 0 traffic is around? My
woody wrote and the usual kids-ranting-at-each-other and so i'm back again:
No IXFR, no automatic notification of bind slaves (you get to run a
separate notify script) ...
No RFC requires a specfic system of notification.
true enough, RFC1996 (thanks again randy!) isn't actually required
oddly enough, i still consider this on-topic, even though it has more to
do with sysadmin than netops.
[EMAIL PROTECTED] (Adam McKenna) writes:
Try writing a script to parse BIND zone files.
why on earth would i want to do that? BIND might be storing it in SQL or
BerkeleyDB or some other
On 4/8/2005 6:19 PM, just me wrote:
I don't really want to speak for anyone else here, but it always
appeared to me that the problem Vix keeps mentioning is queries
with 1918 SOURCE ADDRESSES, not 1918-space queries.
This thread, like every nanog thread, has completely lost focus of
On Fri, 08 Apr 2005 23:50:51 -, Paul Vixie said:
OK. So one of them is a Honda Civic, and one is an M3. And I really don't
care which is which, because:
Count Server Software Version
2673 BIND 4.9.3 -- 4.9.11
Gaak. :)
Some of us are obviously still walking barefoot down unpaved
I'd like to make a list for the BGP4.net wiki of books that are thought
highly of by the network community. What books stand out for you as
being excellent? If you could only own 5 network related books, what
would they be?
Feel free to reply to me offlist - I'll post a summary after a few
Hi Folks,
Sorry about that, something seems to have broken when the script was run
earlier on today. The table in the view I use was 140k prefixes then,
and is now back up to the normal 159k again.
philip
--
Joe Loiacono said the following on 09/04/2005 06:48:
Wha happen?
Routing Table Report
51 matches
Mail list logo
