And AFAIK not all kilometers of cables lie on the ocean floor; if the
ocean has high depth on a given part of the cable route, the cable
simply floats on the water on that run. It's just a matter of having
enough pressure to lift it up.
and for the difficult parts, they pump helium in and get
On 2 feb 2008, at 11:42, Thomas Kühne wrote:
I took a DMOZ[1] dump
What's a DMOZ dump?
33.4% of all services that advertised IPv6 failed to deliver or in
other words the IPv6 failure rate is ten times the NS failure rate.
failing to deliver is not necessarily a failure condition, in my
[EMAIL PROTECTED] (Ben Butler) writes:
...
This hopefully will ensure a relatively protected router that is only
accessible from the edge routers we want and also secured to only accept
filtered announcements for black holing and in consequence enable the
system to be trusted similar to
Really? What cable is that?!
-Original Message-
From: Rubens Kuhl Jr. [EMAIL PROTECTED]
Sent: 02 February 2008 11:33
To: nanog@merit.edu
Subject: Re: Another cablecut - sri lanka to suez Re: Sicily to Egypt undersea
cable disruption
NEW YORK (AP) -- The lines that tie the globe
$quoted_author = Scott Francis ;
maybe there's a lot more overlap in shipping lanes and cable runs than
I thought ...
In confined waters like the Suez, Red Sea et. al. there is a lot of overlap.
Which makes three cables cuts in that area during bad weather not such a
stretch of the
Date: Fri, 1 Feb 2008 14:21:00 -0800
From: Scott Francis [EMAIL PROTECTED]
Subject: Re: Another cablecut - sri lanka to suez Re: Sicily to Egypt
undersea cable disruption
On Feb 1, 2008 6:37 AM, Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
Gentlemen,
This is my last comment on this subject.
Paranoia is not a virtue. And security establishments are notorious for
exaggerating threats (Soviet Union's economy and hence ability to wage war was
half of what the CIA estimated). They are interest groups just like the rest of
us ...
Hi,
I was not proposing he Null routing of the attack source in the other
ISPs network but the destination in my network being Null routed as a
destination from your network out.
This has no danger to the other network as it is my network that is
going to be my IP space that is blackholed in
On Sat, 2 Feb 2008, Roland Dobbins wrote:
There are always corner-cases like the Tamil Tiger incident, and people don't
always act rationally even in the context of their own perceived (as opposed
to actual) self-interest, but I just don't see any terrorist groups nor any
governments involved
You could achieve the exact same result simply by not advertising the
network to your peers, or by advertising a bogus route (prefixing a
known bogon AS for the addresses you want null-routed). I realize you
would have to subnet/deaggregate your netblocks, and therefore could
wind up with a
On Feb 2, 2008, at 1:16 PM, Ben Butler wrote:
So, given we all now understand each other - why is no one doing the
above?
Some folks are doing this, just not via some third-party
route servers. For example, either via customer peering
sessions, or other BGP interconnections between peers.
On Feb 2, 2008 3:39 PM, Tomas L. Byrnes [EMAIL PROTECTED] wrote:
The bigger issue with all these approaches is that they run afoul of a
patent applied for by ATT:
http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2Sect2=HITOFFp=1u
I was not proposing he Null routing of the attack source in the other
ISPs network but the destination in my network being Null routed as a
destination from your network out.
i explained why this is bad -- it lowers the attacker's costs in what
amounts to an economics war. they can get a web
destination-based blackhole routing for mitigation *effectively
completes the attack*, which is often times undesirable. Inter-domain
source-based blackhole routing is pretty much a non-option.
That is why I put Completing the Attack in my subject line - and didnt
attempt to sujest this as an
Hi,
i explained why this is bad -- it lowers the attacker's costs in what
amounts to an economics war. they can get a web site taken down by its
own provider just by attacking it. they need fewer resources for their
attack once they know the provider's going to blackhole the victim.
I
If you're trying to do it on a /32 basis, I doubt you'd find too many
border router operators interested in accepting a route that small, but
I may be wrong.
Well then they wouldn't be peering with this route reflector in the
first place.
-Original Message-
From: Tomas L. Byrnes
On Saturday February 2 2008, Iljitsch van Beijnum wrote:
On 2 feb 2008, at 11:42, Thomas Kühne wrote:
I took a DMOZ[1] dump
What's a DMOZ dump?
DMOZ: http://www.dmoz.org/about.html
# The Open Directory Project is the largest, most comprehensive human-edited
# directory of the Web. It is
Thomas Kühne wrote:
On Saturday February 2 2008, Iljitsch van Beijnum wrote:
On 2 feb 2008, at 11:42, Thomas Kühne wrote:
I took a DMOZ[1] dump
What's a DMOZ dump?
DMOZ: http://www.dmoz.org/about.html
# The Open Directory Project is the largest, most comprehensive human-edited
# directory
While I am not sure I fully understand your suggestion, I don't think it
would be that hard to set up manually.
Sure it would require asking the individual peers for their black hole
communities, but of they don't have one they are unlikely to honor the
infrastructure you describe anyway.
Assume
On Feb 3, 2008, at 4:50 AM, Paul Ferguson wrote:
We (Trend Micro) do something similar to this -- a black-hole BGP
feed of known botnet CCs, such that the CC channel is effectively
black-holed.
What's the trigger (pardon the pun, heh) and process for removing IPs
from the blackhole list
Hi,
Agreed, but when you have 100 peers that is still a fair bit of work.
I know technically how to do it and am doing this with transits but then
there are only seven of those. It is not a question of how or can, but
should / is it valuable / constructive?
The starting point in the thought
On Feb 2, 2008 6:24 PM, Thomas Kühne [EMAIL PROTECTED] wrote:
Another factor is that with IPv4, you need to be pragmatic, because if
you don't, you have no connectivity. With IPv6, you can impose
arbitrary restrictions as much as you want, because IPv4 makes sure
there is always fallback
ATT has no reason to pull their application, what needs to happen is
that the publisher of the prior art contact the USPTO.
If ATT willingly failed to note the prior art in their app, that may be
a problem, but it isn't their duty to report ALL prior art, just the
stuff they know about.
IANAL,
It was with great sadness that I read about the un-timely death of my friend
and colleague Jeanette in a plane crash in Maine. Jeanette died flying, which
was one of the activities she loved to do. I meet her before she started flying
and when she moved back to California she took up flying. We
On Feb 2, 2008 11:40 PM, Tomas L. Byrnes [EMAIL PROTECTED] wrote:
ATT has no reason to pull their application, what needs to happen is
that the publisher of the prior art contact the USPTO.
If ATT willingly failed to note the prior art in their app, that may be
a problem, but it isn't their
hh no!
info on where to send, e.g. brother george's current address etc, please?
randy
I see your point, but I think maintaining the box for the control session
would also require a decent amount of work.
Presumably, since you must all adhere to some quasi-standard to communicate
with the control peer, you could probably also agree on creating a standard
BGP community (ie. 64666:666
Well then they wouldn't be peering with this route reflector
Well then, the utility is probably close to 0, isn't it?
I doubt most of the sources of DDOS traffic, especially those without
ingress source filtering, are going to peer with your route reflector.
What's their economic incentive to
28 matches
Mail list logo
