All of the arguments of whether ATT should do it or would do
it aside, my guesses are that it is either (a) the people he is
talking to really don't understand him, (b) do understand
but don't know how to get it done, or (c) ATT only does
things like that for customers buying such-and-such level
On 12/30/2007 at 8:27 PM, Gregory Hicks [EMAIL PROTECTED] wrote:
Date: Sun, 30 Dec 2007 21:42:21 -0500
From: Michael Greb [EMAIL PROTECTED]
To: nanog@merit.edu
Subject: DreamHost Contact?
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
I've attempted to contact DreamHost NOC or
On 10/22/2007 at 3:02 PM, Frank Bulk [EMAIL PROTECTED] wrote:
I wonder how quickly applications and network gear would implement
QoS
support if the major ISPs offered their subscribers two queues: a
default
queue, which handled regular internet traffic but squashed P2P, and
then a
separate
On 8/10/2007 at 11:55 AM, Patrick W. Gilmore [EMAIL PROTECTED]
wrote:
On Aug 10, 2007, at 12:46 PM, John Levine wrote:
Very interesting. We've all heard and probably all passed along
that little
bromide at one time or another. Is it possible that at one time
it was true
(even
On 5/21/2007 at 2:09 PM, Edward Lewis [EMAIL PROTECTED] wrote:
At 3:50 PM -0500 5/21/07, Gadi Evron wrote:
As to NS fastflux, I think you are right. But it may also be an issue
of
policy. Is there a reason today to allow any domain to change NSs
constantly?
Although I rarely find
On 2/12/2007 at 3:13 PM, Alexander Harrowell [EMAIL PROTECTED] wrote:
Causality? WW2=nukes, cold war=arpanet=internet, surely?
Hitler=WW2=...
Godwin!
Please?
Anyway, we all know Al Gore invented the Internet.
On 2/12/07, micky coughes [EMAIL PROTECTED] wrote:
Hmm, let's see.
Nukes =
On 1/30/2007 at 12:19 AM, [EMAIL PROTECTED] wrote:
IPv6 makes NAT obsolete because IPv6 firewalls can provide all
the useful features of IPv4 NAT without any of the downsides.
IPv6 firewalls? Where? Good ones?
Why good ones. NAT is a basic IPv4 firewall. All IPv6 needs to
We started getting these, for reasons unknown, for
some pacbell.net email addresses,
550 5.0.0 ylpvm35.prodigy.net Access Denied. To request removal, send the
complete error message, including your ip addresses, in an E-mail to [EMAIL
PROTECTED]
With great trepidation, I went ahead and
On 8/31/2006 at 8:22 AM, [EMAIL PROTECTED] wrote:
[snip]
An ISP could run a modified DNS relay that replicates all
responses to a special cache server which does not time out
the responses and which is only used to answer queries when
specified domains are unreachable on the Internet.
New plan? We used to have similar contracts with MCI
and ATT.
http://www.theonion.com/content/node/51834
--
Crist J. Clark
[EMAIL PROTECTED]
Globalstar Communications(408)
933-4387
BĀ¼information contained in this e-mail
On 6/20/2006 at 12:33 PM, Iljitsch van Beijnum [EMAIL PROTECTED] wrote:
On 20-jun-2006, at 21:23, Randy Bush wrote:
What if we agree to change the key on our BGP session, I add the new
key on my side and start sending packets using the new key, while you
don't have the new key in your
On 6/16/2006 at 2:24 PM, Alex Rubenstein [EMAIL PROTECTED] wrote:
On Fri, 16 Jun 2006, Matthew Crocker wrote:
I wonder just how much power it takes to cool 450,000 servers.
450,000 servers * 100 Watts/Server = 45,000,000 watts / 3.413
watts/BTU =
13.1 Million BTU / 12000 BTU/Ton = 1100
Barry Shein wrote:
[snip]
So if you're really expecting something as macro as 40% of the
population dropping dead I think one has to think much bigger and much
more in the realm of unexpected consequences.
Uhh... I think, I _hope_ that we are talking about 40% of your
workforce NOT SHOWING
Mike Leber wrote:
[snip]
I've had a few people say that there was some sort of conspiracy to keep
US citizens from using secure phones, however I found that laughable
because
[snip]
Because domestically the US gov't (or local LEOs) can just intercept the
calls when they hit the PSTN. They
Having trouble getting anything out of our Sprint rep. Rumors of
fiber whack. Problems out here in San Jose, California and in Texas,
Waco vicinity. Hard to say whether some of our problems over the rest
of North America are related to Texas and California or more widespread.
Voice and data
Glen Kent wrote:
Am all the more confused now :)
In pre-RFC1058 implementations the sender increments the metric, so a
directly-connected route's metric is 1 on the wire.
In post-RFC1058 implementations the receiver increments the metric, so
a directly-connected route's metric is 0 on the
Stephen Stuart wrote:
I am a little confused here. You yourself say that a valid metric
starts from 1, then how come 0 be valid for a directly connected
route. Are you saying that seeing a RIP metric of 0 on the wire is
valid?
A metric of 0 from a host would mean that the host itself is the
Christopher L. Morrow wrote:
On Thu, 2005-11-10 at 20:37 -1000, Randy Bush wrote:
btw, for another great giggle (many thanks to brian candler
for reporting it)
From the documentation for Cisco's VPN client software for
Linux:
Eric Louie wrote:
Now, one really needs to wonder why the agreement could not be reached
*prior* to the depeering on 10/5
It's not rocket science.
As people have pointed out repeatedly, this was surely not rocket science
since it wasn't a technical problem at all. It was a business conflict.
Robert Bonomi wrote:
From [EMAIL PROTECTED] Mon Oct 24 15:33:02 2005
Date: Mon, 24 Oct 2005 13:31:17 -0700
Subject: Re: What is multihoming was (design of a real routing v. endpoint id
seperation)
Stephen Sprunk wrote:
[snip]
Other people use this term in very different ways. To some
Stephen Sprunk wrote:
[snip]
Other people use this term in very different ways. To some people
it means using having multiple IP addresses bound to a single
network interface. To others it means multiple websites on one
server.
That is virtual hosting in a NANOG context. Some undereducated
We got some very weird compaints about applications hanging. Tracked
it down to reverse lookups timing out. Reverse lookups to RFC1918 space.
Looks like the IANA blackhole servers for RFC1918 are not well?
1 0.0 207.88.152.10 - 192.175.48.6 DNS C 52.143.18.172.in-addr.arpa.
Internet
;; SERVER: 192.175.48.42#53(blackhole-2.iana.org.)
;; WHEN: Fri Oct 21 23:15:49 2005
;; MSG SIZE rcvd: 162
Regards,
Peter and Karin Dambier
Crist Clark wrote:
We got some very weird compaints about applications hanging. Tracked
it down to reverse lookups timing out. Reverse lookups to RFC1918
Looks like it was ISC? And they withdrewn their routes for a bit?
For a while I got (from XO in CA),
$ host -t txt -c chaos hostname.bind 192.175.48.6
Using domain server 192.175.48.6:
hostname.bind CHAOS descriptive text black-1.sth.netnod.se
Goin' transatlantic!
Daniel Roesen wrote:
On Fri, Oct 14, 2005 at 07:27:37PM +, [EMAIL PROTECTED] wrote:
the kicker here is that the applications then need some
serious smarts to do proper source address selection.
Nope. The ULID is supposed to be static, globally unique. Just not
globally
Daniel Roesen wrote:
On Fri, Oct 14, 2005 at 01:11:18PM -0700, Crist Clark wrote:
Actually, doing multihoming and getting PI space are orthogonal in
shim6 last I knew. That is, you could get address space from your N
providers and have one of the providers, say Provider X, to be the
ULID
[EMAIL PROTECTED] wrote:
Percentage of available address space announced: 38.6
You misunderstand what IP addresse are. They have nothing
whatsoever to do with the Internet. The address space
announced on the Internet is an entirely separate issue.
IP addresses were
Peter wrote:
Crist Clark [EMAIL PROTECTED] wrote:
[...]
The problem I've seen is when an SMTP server does not accept emails
which have non-resolvable MAIL FROM domain. When the sender is a
dumb SMTP client, not an MTA, this can cause problems.
Well, that dumb SMTP client should stop
Todd Vierling wrote:
On Thu, 29 Sep 2005, John Dupuy wrote:
If you are talking about strictly http, then you are probably right. If you
are hosting any email, then this isn't the case. A live DNS but dead mail
server will cause your mail to queue up for a later resend on the originating
mail
Adam McKenna wrote:
On Tue, Sep 13, 2005 at 04:31:05PM -0700, william(at)elan.net wrote:
Telnet option negotiation is at Layer 7 after TCP connection has been
established. Firewalls typically don't operate at this level (TCP session
is Layer 4 if I remember right) and would refuse or reject
Igor Gashinsky wrote:
[snip]
Moving everything to the end-hosts is simply not a good idea imho.
But isn't that what IP is supposed to be about? Smart endpoints, dumb
network (a.k.a. the stupid network)?
--
Crist J. Clark [EMAIL PROTECTED]
Globalstar
Yet another Me too! response.
We often use pings to www.cisco.com as a Internet connectivity test
from globally dispersed sites. These are typical ploss for ICMP
pings. The most likely answer, as others have pointed out, is
throttling at the destination. The fact that so many people use
As best I can tell from ARIN documents, ISP still are supposed to SWIP
or use Rwhois for subassignments of /29 and greater. However, is this
still widely practiced these days? Especially among smaller ISPs?
I know the privacy pros and cons, so I don't seek to start those threads
again. I'm
[EMAIL PROTECTED] wrote:
Can anyone suggest, other than using Cisco's a brand of UK-compliant boxes
that effectively will perform a PSTN dial up function, so that when the
two boxes are connected, the LAN's are effectively bridged together
Basically what we want to be able to do is connect a
[I know, I know, don't feed the trolls. But some are just too
cute not to. Just this once.]
Matthew Black wrote:
It's kind of funny that people keep making these general claims as
though the money is wasted or goes to some unproductive purpose.
Personally, I don't consider subsidized housing
Steve Sobol wrote:
Crist Clark wrote:
Gratuitous-Plug=Employer
If you really want high reliability during and after a natural disaster,
satellite phones are probably your best option.
That's who I thought you worked for, but the only satellite phone
provider whose name I consistently
Sam Crooks wrote:
Didn't the US Navy buy Iridium?
Nope.
http://www.iridium.com/corp/iri_corp-story.asp?storyid=2
In December 2000, a group of private investors led by Dan Colussy
organized Iridium Satellite LLC which acquired the operating assets
of the bankrupt Iridium LLC including
Austin McKinley wrote:
But a land line? If I pick up an analog phone anywhere, I expect a dial
tone, and local calling. If I don't have access to emergency services
after a blackout/natural disaster that knocks cell towers down (think
hurricane season in Florida last year) then you'd never
Iljitsch van Beijnum wrote:
On 19-jul-2005, at 1:43, Crist Clark wrote:
[snip]
If almost none of the phishing emails I get now bother
to play these kinds of games today, how much does this really help?
And burglars also manage to get inside your house even though you lock
the door. So
Brad Knowles wrote:
At 10:31 AM +0200 2005-07-19, Iljitsch van Beijnum wrote:
And for 99% of the users out there,
4) the caching servers for their ISP/employer/other access
provider
Actually, you don't. If the DNS provides false information, the public
key crypto will catch
Isn't someone more eloquent than I going to point out that that spending
a lot of effort eliminating homographs from DNS to stop phishing is a
security measure on par with cutting cell service to underground trains
to prevent bombings? It focuses on one small vulnerability that phishers
exploit,
Iljitsch van Beijnum wrote:
On 18-jul-2005, at 23:43, Crist Clark wrote:
Isn't someone more eloquent than I going to point out that that spending
a lot of effort eliminating homographs from DNS to stop phishing is a
security measure on par with cutting cell service to underground trains
[EMAIL PROTECTED] wrote:
On Wed, 13 Jul 2005 09:26:33 +1200, Mark Foster said:
Using phone company records, researchers assessed phone use immediately
before the crash.
They found a third of calls in the 10 minutes before the crash were made on
cellphones.
And the *other* 2/3rd of the
Jay R. Ashworth wrote:
On Fri, Jul 08, 2005 at 01:15:42PM -0400, David Andersen wrote:
On Jul 8, 2005, at 12:49 PM, Jay R. Ashworth wrote:
On Thu, Jul 07, 2005 at 01:31:57PM -0700, Crist Clark wrote:
And if you still want the protection of NAT, any stateful firewall
will do
Fred Baker wrote:
[snip]
A NAT, in that context, is a stateful firewall that changes the
addresses, which means that the end station cannot use IPSEC to
ensure that it is still talking with the same system on the outside.
[snip]
No, you can't use AH, but yes, you can use IPsec through NAT.
Andre Oppermann wrote:
Fergie (Paul Ferguson) wrote:
I'd have to counter with the assumption that NATs are going
away with v6 is a rather risky assumption. Or perhaps I
misunderstood your point...
There is one thing often overlooked with regard to NAT. That is,
it has prevented many
Petri Helenius wrote:
Crist Clark wrote:
And the counter point to that argument is that the sparse population
of IPv6 space will make systematic scanning by worms an ineffective
means of propagation.
Any by connecting to one of the p2p overlay networks you'll have a few
million in-use
.
But as usual, once you penetrate the front line of help desk drones,
the real technical people are professional and helpful.
Crist Clark wrote:
It appears VerizonWireless.com has some rather aggressive mail filters.
Verizon.net's blocking of Europe, Asia, Africa... well, everything but
North America
It appears VerizonWireless.com has some rather aggressive mail filters.
Verizon.net's blocking of Europe, Asia, Africa... well, everything but
North America has made some headlines and even some lawsuits. Anyone
know if VerizonWireless.com and Verizon.net are independent operations
from an SMTP
Jim Popovitch wrote:
Wow! You can buy groceries at Kohls now? :-)
(1) Kohls is/was a regional (Wisconsin) grocery store chain[0].
(2) Please do not feed the trolls.
On Wed, 2005-05-11 at 11:08 -0700, Matt Bazan wrote:
why in the world would anyone want to purchase dsl from a private
reseller when
aljuhani wrote:
On Thu, Apr 28, 2005 at 23:42, Robert Beverly [EMAIL PROTECTED]
..snip
Yes, our SMTP greetings are valid and up to spec. Again, it's the
non-deterministic loss that we're most concerned about. If there
were a problem with the SMTP exchange, we would see our emails
always
Brad Knowles wrote:
At 3:05 PM -0700 2005-04-28, Crist Clark wrote:
http://www.albury.net.au/netstatus/derouted.html
No, it doesn't. Please read their paper. In the paper and as he stated
again in the response above, their definition of a loss requires the
message to be delivered successfully
for another thread?
On Tue, 19 Apr 2005, Crist Clark wrote:
FWIW, I did some 'dig'ing on my Comcast home service. The DHCP is handing
out 204.127.198.4 and 63.240.76.4 for DNS at the moment.
I ran a query for a name in a zone I control that has a five minute TTL
on 204.127.198.4. The first query
[EMAIL PROTECTED] wrote:
[snip]
I'll predict that if we *don't* have an attack on the power grid in the
next 10 years, it's because the attackers have come up with something else
they consider even more interesting as a target. A downed power line, even
though it may have more economic impact,
We have some Direct Internet Access (DIA) through XO. We have several
netblocks with them and would like to get the IN-ADDR.ARPA domains
for these blocks delegated to us. Should be just a couple of NS records
in the parent zone, right? No big deal, right?
After several attempts over years and
Iljitsch van Beijnum wrote:
Due to limitations in the DNS protocol, it's not possible
to increase the number of authoritative DNS servers for a zone beyond
around 13.
I believe you misspelled, Due to people who do not understand the DNS
protocol being allowed to configure firewalls...
--
Crist
Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Crist Clark writes:
Iljitsch van Beijnum wrote:
Due to limitations in the DNS protocol, it's not possible
to increase the number of authoritative DNS servers for a zone beyond
around 13.
I believe you misspelled, Due to people who do
Krzysztof Adamski wrote:
On Fri, 10 Dec 2004, Jeffrey I. Schiller wrote:
On Fri, Dec 10, 2004 at 12:26:59PM -0500, Rich Kulawiec wrote:
One thing that's not clear is whether or not Verizon caches any of
this information.
It appears that they do some amount of caching.
Owen DeLong wrote:
I have never been a fan of the registered ULAs, and have argued against
the IETF's attempts to state specific monetary values or lifetime
practice as a directive to the RIRs; but I am equally bothered by the
thought that the operator community would feel a need to fight against
Lars Erik Gullerud wrote:
On Fri, 2004-11-19 at 16:36, Stephen Sprunk wrote:
/127 prefixes are assumed for point-to-point links, and presumably an
organization will divide up a single /64 for all ptp links -- unless they
have more than 9,223,372,036,854,775,808 of them.
While that would seem
Daniel Roesen wrote:
On Fri, Nov 12, 2004 at 05:19:36PM +0100, Simon Leinen wrote:
specified the entire 128 bits... how do you specify only part of
it?
On Solaris, you would use the token option (see the extract from
man ifconfig output below). You can simply put token ::1234:5678
into
Mike Lyon wrote:
I haven't heard much lately about Flannery. Have their been any
implementations or benchmarks of the flannery Cayley-Purser algorithm
in comparison to RSA in the real world?
Non-starter.
http://mathworld.wolfram.com/Cayley-PurserAlgorithm.html
--
Crist J. Clark
Jim Popovitch wrote:
From Comcast Cable, at my home in Atlanta, I can ping 10.10.1.1
which is pong'ed from a private client network hanging somewhere off of
Insight Broadband's network in the North Central part of the US. Why on
god's green earth do network operators allow such nonsense as
Temkin, David wrote:
Can someone responsible for either security or operations of
www.cisco.com please contact me? We are seeing an issue where you may
be blocking one of our source IP addresses from accessing the website.
Hmmm... Weird. We're having a similar issue. If you are at liberty to,
Scott Call wrote:
On Mon, 30 Aug 2004, Mike Tancsa wrote:
I recall even seeing posts about people claiming this meant original
data being reconstructed from the checksum! That would be truly
amazing since I could reconstruct a 680MB ISO from just
61d38fad42b4037970338636b5e72e5a. Wow!
Gregory Hicks wrote:
Date: Mon, 30 Aug 2004 16:39:56 -0400
From: Mike Tancsa [EMAIL PROTECTED]
At 04:12 PM 30/08/2004, Dan Hollis wrote:
yep md5 made the news recently because it's been cracked:
http://techrepublic.com.com/5100-22-5314533.html
Edward B. Dreger wrote:
DAU Date: Wed, 4 Aug 2004 15:46:17 -0700
DAU From: David A. Ulevitch
DAU SPF's use of TXT records doesn't bother me so much. It's
Perhaps some other technology would like to use TXT RRs. If
something hogs an entire RRTYPE at a given scope, it really
should have its own
Jeff Shultz wrote:
** Reply to message from Brad Knowles [EMAIL PROTECTED] on Fri,
25 Jun 2004 18:14:43 +0200
At 8:44 AM -0700 2004-06-25, Jeff Shultz wrote:
At least if someone in this clearing house sells it to the
terrorists, they will have had to work for it a bit, instead of having
us hand
David Schwartz wrote:
On Tue, 22 Jun 2004, David Schwartz wrote:
[snip]
For instance, if what you say were true, all an ISP would have to do in
order to sell their IP space is to create a contract stating that they
are doing so.
Exactly. If they did that, a court would likely enjoin them
Richard Welty wrote:
On Fri, 11 Jun 2004 17:51:00 -0400 (EDT) Scott McGrath [EMAIL PROTECTED] wrote:
But wouldn't an interocitor with electron sorter option give you much more
reliable packet delivery...
that works fine until someone reverse the polarity of the neutron flow.
And for heaven's
Sean Donelan wrote:
If you leave your lights on, the electric company will send you a bill.
If the neighbor taps into your power lines after the meter...?
If you leave your faucets running, the water company will send you a bill.
If you leave your computer infected, ???
If you lose your credit
Andy Dills wrote:
On Thu, 10 Jun 2004, Laurence F. Sheldon, Jr. wrote:
Jeff Shultz wrote:
But ultimately, _you_ are responsible for your own systems.
Even if the water company is sending me 85% TriChlorEthane?
Right. Got it. The victim is always responsible.
There you have it folks.
Change
Sean Donelan wrote:
Survey: Despite dangers, IT personnel sleep well
By Bill Brenner, News Writer
27 May 2004 | SearchSecurity.com
I liked this quote,
About 43% of respondents said they're using the Secure Shell (SSH)
protocol to protect data, secure remote access, and perform network
C. Jon Larsen wrote:
[snip]
Its interesting to hear what other folks are doing. I had assumed folks
normally don't run ntpd on each and every server and that ntpdate + cron
was much preferred; maybe I am off-base.
After the last big xntpd vulnerability a few years ago, I went through
and made
Todd Vierling wrote:
A colleague asked me offlist about how to make a Sendmail secondary MX
properly return 550 for invalid recipient addresses.
[snip]
For those with an LDAP directory containing mailbox information, I'd
recommend using sendmail's built-in LDAP capabilities. I've found it
a good
David Luyer wrote:
[snip]
With ipsec, you have crypto overhead before you have any opportunity
to do the basic sanity check.
Minor point, but with IPsec, the 32-bit SPI and the 32-bit replay counter
are very low cost ways to drop the majority of traffic from a flood of
random junk with no crypto
E.B. Dreger wrote:
PG Date: Wed, 21 Apr 2004 07:45:36 +0100
PG From: Peter Galbavy
PG E.B. Dreger wrote:
PG I don't think we're even that far along. If I'm reading FreeBSD
PG 4.9 and NetBSD 1.6.2 source correctly,
PG
PG /usr/src/sys/netinet/in_pcb.c
PG
PG Should have stretched as far as
Patrick W.Gilmore wrote:
On Apr 20, 2004, at 3:24 PM, Stephen J. Wilcox wrote:
On Tue, 20 Apr 2004, James wrote:
i can see this 'attack' operational against a multihop bgp session
that's
not md5'd.
now the question is... would this also affect single-hop bgp sessions?
my understanding would
Dan Hollis wrote:
On Tue, 20 Apr 2004, Crist Clark wrote:
But it has limited effectiveness for multi-hop sessions. There is the
appeal of a solution that does not depend of the physical layout of the
BGP peers.
Does MD5 open the door to cpu DOS attacks on routers though? Eg can
someone craft
Chris Palmer wrote:
When evaluating spam solutions, the first thing I ask is, Does this
empower users? If the answer is no, it's probably the wrong solution.
Spammers are users too. You can't spell abuser without user. You
are inherently trying to diminish the power of the abuser users. No
spam
Geo. wrote:
Can anyone point me at any papers that talk about security issues raised by
private networks passing dns requests for RFC 1918 private address space out
to their ISP's dns servers?
I've never seen the whole paper on the topic. Leaking the fact that
you use 10.10.10.0/24 or whatever
Duane Wessels wrote:
The IN-ADDR.ARPA delegations for RFC1918 space are just like any
other block. You'll just end up hitting IANA's blackhole servers,
and not all that much, the cache times are one week.
In theory, yes.
In reality there are quite a few resolvers that, apparently, do not
Jay Ford wrote:
[snip]
Many/most of my external connectivity problems are provider-related rather
than circuit-related. Having two circuits to a single provider doesn't help
when that provider is broken. I'm not saying that multi-ISP BGP-based
multi-homing is risk-free, but I don't see
Laurence F. Sheldon, Jr. wrote:
Jeff Shultz wrote:
** Reply to message from Laurence F. Sheldon, Jr.
[EMAIL PROTECTED] on Wed, 03 Mar 2004 22:04:44 -0600
Curtis Maurand wrote:
Until there's an easy way of getting a file to your friend down the
street that's as easy as sending an email, we're
Sam Stickland wrote:
[EMAIL PROTECTED] wrote:
P.S. I think a solution lies in the general direction
of converting the entire world to use 112 for emergency
services and having the VoIP services set up an automated
system that rings back whenever your phone connects using
a different IP address
Brian Bruns wrote:
On Thu, February 12, 2004 4:52 pm, Brian Wallingford said:
We've been seeing the following on all of our (9.2.1) authoritative
nameservers since approximately 10am today. Googling has turned up
nothing; I'm currently trying to glean some useful netflow data. Just
wondering
Martin Hepworth wrote:
Alexei Roudnev wrote:
Checkpoint is a very strange brand. On the one hand, it is _well known
brand_, _many awards_, _editors choice_, etc etc. I know network
consultant,
who installed few hundred of them, and it works.
On the other hand, every time, when I have a deal
Rubens Kuhl Jr. wrote:
Checkpoint Firewall-1 HTTP Parsing Format String Vulnerabilities
Vendor Notification Schedule:
Vendor notified - 2/2/2004
Checkpoint patch developed and made available - 2/4/2004
ISS X-Force Advisory released - 2/4/2004
Checkpoint VPN-1/SecureClient ISAKMP Buffer Overflow
Alexei Roudnev wrote:
Please, do it:
time nmap -p 0-65535 $target
You will be surprised (and nmap will not report applications; to test a
response, multiply time at 5 ).
Yes. It will,
http://www.insecure.org/nmap/versionscan.html
--
Crist J. Clark
Matt Larson wrote:
VeriSign Naming and Directory Services will change the serial number
format and minimum value in the .com and .net zones' SOA records on
or shortly after 9 February 2004.
The current serial number format is MMDDNN. (The zones are
generated twice per day, so NN is
[EMAIL PROTECTED] wrote:
Hey, Group.
In my production network, I'm trying to do some extended traces and pings with the
record option turned on to see what route my packets take going and returning. It's
not working. If I do the extended traceroute or ping without the record option,
Adam McKenna wrote:
On Wed, Dec 03, 2003 at 09:53:37AM -0800, Adam McKenna wrote:
On Wed, Dec 03, 2003 at 09:48:44AM -0800, Randy Bush wrote:
How can delegating in-addr.arpa on a per-ip basis be any different or worse
than delegating it using an rfc2317 scheme?
consider the
Joe Maimon wrote:
Tony Rall wrote:
On Wednesday, 2003-12-03 at 09:38 PST, David Sinn [EMAIL PROTECTED] wrote:
snipped
(And note that frag 1 often is not the first fragment to arrive at
downstream nodes. In my example in (1), frequently frag 2 will reach
places before frag 1
Leo Bicknell wrote:
In a message written on Tue, Nov 11, 2003 at 08:35:34AM +, Sugar, Sylvia wrote:
I am curious to know if its possible to have a router with its two interfaces, say
configured as,
1.1.1.1/16 and 1.1.1.2/16. Theoretically, i see nothing which can stop a router
Owen DeLong wrote:
It's much the
same problem as FTP. The reason FTP doesn't BORK is because most NAT
gateways understand about the need to proxy FTP and because PASSIVE mode
FTP doesn't have the same call-setup problems.
Passive mode has the same problems that PORT FTP does. It just
Jack Bates wrote:
David Raistrick wrote:
You seem to be arguing that NAT is the only way to prevent inbound access.
While it's true that most commercial IPv4 firewalls bundle NAT with packet
filtering, the NAT is not required..and less-so with IPv6.
I think the point that was
Jeff Wasilko wrote:
What ATT is asking is for you to help ATT to restrict incoming mail
to just our known and trusted sources (e.g., business partners, clients
and customers). Therefore, we need to know which IP address(es) are
used by your outbound e-mail service so we can selectively
Chris Brenton wrote:
[snip]
True this only works for one to one NAT. Many to one NAT will still
break IPSec, even if ESP is used alone. This is a functionality issue
however (IPSec using a fixed source port of 500), rather than a
preventing packet modification to thwart man-in-the-middle
Stefan Mink wrote:
On Sat, Oct 11, 2003 at 08:28:11AM -0700, ken emery wrote:
I use IPSEC and it works fine behind NAT.
Yes, it does work, on a small scale. However what if your neighbor
wants to IPSEC to the same place (say you work at the same place).
If both of you are NAT'd
Since the topic is mysterious rejections from MTAs, I have one from
UUNet. One of our business partners has UUNet for an ISP and is using
UUNet for a tertiary MTA. Occasionally, mail ends up going to that MTA
(quite often actually, their primary gets unresponsive from time to time
and I've
1 - 100 of 121 matches
Mail list logo