EBD Date: Wed, 21 Apr 2004 10:56:26 + (GMT)
EBD From: E.B. Dreger
EBD This is more appropriate for cisco-nsp, where it's already
EBD been covered, but the TTL 255 hack was introduced in
EBD 12.0(22)S and 12.3(7)T if memory serves me. Pretty sparse
Memory did not serve me.
s/12.0(22)S/12.0
IvB Date: Thu, 22 Apr 2004 18:03:33 +0200
IvB From: Iljitsch van Beijnum
IvB Who says BGP sessions must run over IP(v4)?
NetBEUI, anyone? No bickering over RFC1918 on WAN links... ;-)
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of Brotsman Dreger, Inc. -
RT Date: Tue, 20 Apr 2004 23:11:28 -0500 (CDT)
RT From: Rob Thomas
RT We manage well over 150 peering sessions with MD5 passwords
RT in place. This includes bogon peering, route-server peering,
CYMRU bogon (et al.) route servers are an example of where MD5 or
IPSec definitely is a good idea.
PG Date: Wed, 21 Apr 2004 07:45:36 +0100
PG From: Peter Galbavy
PG E.B. Dreger wrote:
PG I don't think we're even that far along. If I'm reading FreeBSD
PG 4.9 and NetBSD 1.6.2 source correctly,
PG
PG /usr/src/sys/netinet/in_pcb.c
PG
PG Should have stretched as far as OpenBSD then. Same
DH Date: Wed, 21 Apr 2004 02:01:56 -0700 (PDT)
DH From: Dan Hollis
DH Wouldnt anti-spoofing filters largely eliminate the need for
DH all this panic about MD5?
But that doesn't push the short-term cost onto other networks.
Eddy
--
EverQuick Internet - http://www.everquick.net/
A division of
ASR Date: Wed, 21 Apr 2004 06:44:14 -0400
ASR From: Adam Rothschild
ASR [T]he TTL hack sounds great on paper, but isn't exactly easy
ASR to implement when you consider that vendor J and others
ASR can't filter based upon TTL... yet.
This is more appropriate for cisco-nsp, where it's already
PS Date: Wed, 21 Apr 2004 14:23:38 +0300 (EEST)
PS From: Pekka Savola
PS But that doesn't push the short-term cost onto other networks.
PS
PS Not sure what you're saying. You don't need to deploy
PS anti-spoofing filters everywhere. It needs to be done by
I was being sarcastic wrt networks
IvB Date: Wed, 21 Apr 2004 15:09:15 +0200
IvB From: Iljitsch van Beijnum
IvB [T]he filters I listed in my earlier message simply filter
IvB RSTs to/from the BGP port without looking at the address
IvB fields [...] the BGP hold timer takes care of business here
IvB anyway [...]
Interesting
JK Date: Wed, 21 Apr 2004 20:51:23 -0500
JK From: John Kristoff
JK I would say the risk is due to implementation. If the
JK vendor's gear vomits quicker due to a resource consumption
JK issue in handling MD5, is this really a problem with MD5?
Theoretically MD5 and IPSec sound great.
PWG Date: Tue, 20 Apr 2004 19:24:37 -0400
PWG From: Patrick W. Gilmore
PWG Speaking of good randomization, does anyone have a good
PWG algorithm to randomize ephemeral ports? Obviously pick
PWG random number, see if port is open, if it is, repeat is not
PWG a good idea, especially on a busy
JS Date: Mon, 19 Apr 2004 10:39:10 -0700
JS From: Jeff Shultz
JS Also, do you realize how much the 'average technical school
JS graduate type' makes just from acquaintances who complain
JS that their computers are slow, by simply removing whatever
JS flavor of the month backdoor spam proxy
JA Date: Wed, 14 Apr 2004 10:07:30 -0400
JA From: Joe Abley
JA There's a slight wrinkle with that for people who want to
JA submit mail over SSL.
JA
JA Several graphical, consumer-grade mail clients let you select
JA a port for outgoing mail (SMTP) and also have a checkbox
JA for use a secure
JD Date: Wed, 14 Apr 2004 12:16:46 -0700
JD From: JC Dill
JD We need to stop whining that it's hard or expensive do to
JD the right thing and close loopholes that are abused by
JD spammers. It's much harder Aand more expensive long term to
JD NOT do the right thing.
Leave it for future
EAH Date: Mon, 12 Apr 2004 12:20:01 -0500
EAH From: Eric A. Hall
EAH today. If there was a standard that worked for this, we would
EAH certainly follow it.
EAH
EAH Standardized scripts would also be abused.
#include pki-and-trusted-peers-debate.h
Eddy
--
EverQuick Internet -
PV Date: 13 Apr 2004 06:04:04 +
PV From: Paul Vixie
PV [EMAIL PROTECTED] (Steven Champeon) writes:
PV
PV SC As of today, fully 60% of my incoming mail is spam; 30%
PV SC are bounces from accept-then-bounce servers; and we're
PV SC quickly approaching 99% spam for several of the domains
PV
Greetings,
Has anyone encountered
Mar 17 14:24:01 mail postfix/smtpd[32452]: SSL_accept
error from unknown[166.154.120.211]: -1
Mar 17 14:24:01 mail postfix/smtpd[32452]: warning: Write
failed in network_biopair_interop with errno=32:
num_write=-1,
PH Date: Thu, 11 Mar 2004 18:21:03 +0200
PH From: Petri Helenius
PH Depending on your requirements, the option of having somebody
PH redistribute all their BGP routes into ISIS or OSPF might not
PH worth looking forward to.
Couldn't quite parse this, but it sounds scary.
Eddy
--
EverQuick
JN Date: Thu, 11 Mar 2004 10:10:17 -0700
JN From: John Neiberger
JN My current opinion is that since we can't accept much
JN downtime in the case of a single provider failure, it's
JN probably not wise to put all of our eggs in Sprint's basket
JN even if all circuits are geographically diverse.
PH Date: Thu, 11 Mar 2004 20:31:52 +0200
PH From: Petri Helenius
PH I´m refering to the most popular way of causing an IGP
PH meltdown. Obviously there are other ways, like software
PH defects to make your IGP go mad. But when your upstream´s IGP
PH does that, you want to have provider B to
VA Date: Thu, 11 Mar 2004 08:12:04 -0500
VA From: Vinny Abello
VA Plus imagine an attack originates behind one of these devices
VA for some reason attacking another device. It'll just create a
VA massive loop. :) That would be interesting.
I wonder if it pays attention to the evil bit? ;)
SD Date: Sat, 6 Mar 2004 22:04:58 -0500 (EST)
SD From: Sean Donelan
SD Would you rather ISPs spend money to
SD 1. Deploying S-BGP?
SD 2. Deploying uRPF?
SD 3. Respond to incident reports?
Let's look at the big picture instead of a taking a shallow mutex
approach.
If SAV were
SD Date: Sun, 7 Mar 2004 02:13:38 -0500 (EST)
SD From: Sean Donelan
SD Has the number of DDOS attacks increased or decreased in the
SD last few years has uRPF has become more widely deployed?
Number of life guards on duty increases in the summer. So does
drowning. Therefore, having life
Looking at last week's NANOG posts: SAV... 30% of spam from
h4x0r3d boxen... bagle...
It seems the original definition and ideology of layered security
are outdated. Layered security now means:
* Do nothing at a given layer if the problem can be solved, or
partially solved, at another layer;
CJW Date: Sun, 7 Mar 2004 12:56:35 -0700
CJW From: Christopher J. Wolff
CJW My favorite idiom is; You're either part of the problem or
CJW part of the solution.
Thanks for your contribution.
CJW What's your solution?
There's no one single answer. That's the whole point. The
closest thing
SD Date: Sun, 7 Mar 2004 16:17:50 -0500 (EST)
SD From: Sean Donelan
SD SAV doesn't tell you where the packets came from. At best
SD SAV tells you where the packets didn't come from.
If SAV were universal, source addresses could not be spoofed. If
source addresses could not be spoofed...
SD
SD Date: Sun, 7 Mar 2004 17:47:09 -0500 (EST)
SD From: Sean Donelan
SD In practice, GWF's ... send reports about packets which have
SD our IP addresses, but didn't originate here. The last thing
Probably because someone else failed to implement SAV. If
$origin_net prevented spoofing your IP
CLM Date: Mon, 8 Mar 2004 01:32:51 + (GMT)
CLM From: Christopher L. Morrow
CLM in a perfect world yes[...]
CLM Until this is a default behaviour and you can't screw it up
CLM (ala directed-broadcast) this will be something we all have
CLM to deal with.
Yes. But the only way we'll get
SD Date: Sun, 7 Mar 2004 21:24:44 -0500 (EST)
SD From: Sean Donelan
SD This confirms my statement. You save nothing by deploying
SD SAV on your network. There may be some indeterminate benefit
Unless, of course, the traffic originated from your network and
it simplifies your backtrace.
RA Date: Tue, 17 Feb 2004 20:38:12 +
RA From: Rainer Atkins
RA Is it just me, or is it a clear indication that a thread is
RA ending its useful life is when people start debating the
RA merits of the analogies that have been posed rather than the
RA original subject matter of the thread?
I
SH Date: Sun, 15 Feb 2004 16:50:02 +
SH From: Sven Huster
[ editted and reformatted for clarity ]
SH The core sends to R1, which believes the best path is via R2
SH and sends it back to the core as that's the only way to reach
SH R2. Then the core again sends it to R1 and all the same
SH
SH Date: Sat, 14 Feb 2004 12:23:06 +
SH From: Sven Huster
SH We had some recent issues were it looks like the core got
SH out of sync with the border (looks more like a sw issue
SH than just convergence delay) and packets bounced back and
SH forth between them.
Yikes. I'd try to see what
SH Date: Sat, 14 Feb 2004 18:00:51 +
SH From: Sven Huster
SH The thing that happend was that the core believed that the
SH best path out is via R1, which R1 thought it was via R2. So a
SH little loop there.
So core sends to R1, which sends to R2... where does R2 send the
packets? Back to
SD Date: Sun, 8 Feb 2004 15:41:53 -0500 (EST)
SD From: Sean Donelan
SD http://www.silicon.com/software/security/0,39024655,39118228,00.htm
Not surprising. In our experience, I'm not concerned about
security, because I don't have anything really important on the
computer is all too common of an
SD Date: Sun, 8 Feb 2004 02:01:29 -0500 (EST)
SD From: Sean Donelan
SD Instead of Doubleclick tracking users with Cookies, they
SD would be able to track the unique computers from the MAC
SD address in the reverse DNS record over time.
A MAC address is six octets. Append time past Epoch when
SD Date: Sun, 8 Feb 2004 17:43:34 -0500 (EST)
SD From: Sean Donelan
SD Again, why does an ISP need to spend the money and as you
SD point out the extra hassle, to do this? ISPs already have
SD all the information they need to trace a subscriber from the
SD IP address and timestamp.
I'm not
PV Date: 08 Feb 2004 22:46:17 +
PV From: Paul Vixie
PV There is nothing wrong with a user who thinks they should not
PV have to know how to protect their computer from virus
PV infections. If we (the community who provides them service
PV and software) can't make it safe-by-default, then
PG Date: Sat, 31 Jan 2004 17:04:32 +1100 (EST)
PG From: Phillip Grasso
PG I've implemented a means of distributing the www.sco.com/32
PG or any other DDoS destination network block around my own
PG AS and blocking it by routing to null on the edge routers.
Consider also: Martini tunnels
IIRC,
Date: Thu, 29 Jan 2004 09:26:05 -0500 (EST)
From: [EMAIL PROTECTED]
This is because your mom doesn't want to have to hire a
technical consultant to manage her IT infrastructure when all
she wants to do is get email pictures of her grandkids.
Problem:
1. Even so-called easy systems are
RAS Date: Mon, 26 Jan 2004 15:35:28 -0500
RAS From: Richard A Steenbergen
RAS On Mon, Jan 26, 2004 at 10:58:49AM -0800, Sean Finn wrote:
RAS
RAS(Quiz for the list readers:
RAS What percentage of the Internet routing table does
RAS your network actually use?)
Perhaps around 25% for
SR Date: Sat, 17 Jan 2004 08:24:06 +0530
SR From: Suresh Ramasubramanian
SR AOL has, since the past several months (over a year I think)
SR set up their dynamic IP pool *.ipt.aol.com to hijack port 25
I recall seeing this in November 2002, and believe it had already
been in place for a few
DJ Date: Sat, 17 Jan 2004 14:57:19 -0500
DJ From: Deepak Jain
DJ I know most people don't take the time to hard code their
DJ MACs onto their switch ports, but it really only takes a few
DJ seconds per switch with a little cutting pasting -- as
DJ customer switches a network port, they just
Date: Wed, 14 Jan 2004 23:16:22 -0500 (EST)
From: [EMAIL PROTECTED]
You may find it interesting that both Linux and FreeBSD now
have interrupt coalescing, and www.hipac.org is building a
compiled ruleset.
grep usec_delay /sys/most/any/nic/driver/*.c
Eddy
--
Brotsman Dreger, Inc. -
R Date: Fri, 19 Dec 2003 11:05:55 -0800
R From: Roy
(CC list trimmed)
R Media converters are much cheaper than specialized FX cards
R like these. A 10Mbps converters are just $99 each and 100Mbps
R is $150.
Definitely more attractive than the work needed to prevent ground
loops when using
P Date: Thu, 27 Nov 2003 16:35:21 -0500
P From: Priyantha
P As a part of business continuity plan we are going to have all our servers
P replicated in a different place to which a fiber connection is available.
P (Currently its running at 100Mb) Servers are running mostly RH Linux 7.2 to
P 8.x
DS Date: Sat, 08 Nov 2003 00:16:11 -0500
DS From: Dave Stewart
DS Imagine that... they listened to the community.
I hate to imagine a Verisign/Belkin hybrid router. (Would that
mean that a random, HTTP request to valid FQHN would work once
every eight hours? Firmware release only after ICANN
HN Date: Tue, 4 Nov 2003 07:25:12 +0200 (IST)
HN From: Hank Nussbacher
HN They view themselves as leasing out IP address space.
HN Although they never reclaim IP address space that has long
HN since never been announced.
Perhaps if netblocks _were_ reclaimed,
1. Fewer hijackings would happen
There has been more operational and useful discussion on #nanog
today than on NANOG-L. Something is wrong with this picture.
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885 Lawrence and
Date: Fri, 31 Oct 2003 09:53:09 +
From: [EMAIL PROTECTED]
Todays Internet is much bigger, more diverse, and engineered by
people who have a lot higher skill level based on hard-won
experience.
Why do businesses keep supporting these cheerleader
analyst groups who want to treat
Date: Tue, 28 Oct 2003 21:51:01 -0500
From: [EMAIL PROTECTED]
The real problem is that we have an environment where the
malware can figure out how to disable the firewall but the user
can't.
And part of why the current Internet has so much peer-to-peer
traffic on it. ;-)
Eddy
--
JB Date: Wed, 29 Oct 2003 15:27:27 -0600
JB From: Jack Bates
JB I think the point that was being made was that NAT allows the
JB filtering of the box to be more idiot proof. Firewall rules
JB tend to be complex, which is why mistakes *do* get made and
JB systems still get compromised. NAT
BW Date: Tue, 28 Oct 2003 10:41:56 -0500
BW From: Barney Wolff
BW On Tue, Oct 28, 2003 at 09:58:20AM +0200, Hank Nussbacher wrote:
BW
BW http://www.nwfusion.com/news/2003/1027ddos.html
BW
BW Love this quote from Verisign:
BW
BW We tested Anycast for about a year...to monitor its behavior,
BW
RAS Date: Thu, 30 Oct 2003 13:08:01 -0500
RAS From: Richard A Steenbergen
RAS http://story.news.yahoo.com/news?tmpl=storycid=75e=18u=/nf/22581
RAS
RAS Plainly stated, routers no longer have a home in the core of the network.
RAS You might have found a router there five years ago, but most
SR Date: Thu, 30 Oct 2003 13:18:28 -0500
SR From: Suresh Ramasubramanian
SR What brand of switch is this guy selling? And what is he
SR smoking? Sure would be interesting to find out :)
Maybe the Yankee Group is a subsidiary of Ncatal Ventures.
Eddy
--
Brotsman Dreger, Inc. - EverQuick
DG Date: Thu, 30 Oct 2003 13:52:54 -0500
DG From: Daniel Golding
DG Lets all be thankful they are now using ASICs, though! All
DG that software based routing was making me nervous - five
DG years ago :)
Routing or forwarding?
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
MS Date: Mon, 27 Oct 2003 20:06:25 +1000
MS From: Matthew Sullivan
MS PS: Some of the worst are in the SORBS database because they
MS couldn't even work out how to secure them against simple
MS relay.
What's an open relay?
Exact quote from a local MCSE-happy consultancy. I expect
there are
Date: Sat, 18 Oct 2003 11:14:42 -0700 (PDT)
From: [EMAIL PROTECTED]
perhaps. but last I checked, it was the Internet Architecture Board
not the Internet Operations Board. So form an architectural purity
perspective, sure, don't filter (and by extention, pull out
KS Date: Fri, 17 Oct 2003 13:02:31 -0700 (PDT)
KS From: Kenny Sallee
KS to their own Site Finder site, I'm sure they can
KS redirect to other large corporations, who would
KS probably pay for that kind of service. Buy this
VeriGator? *cringe*
Eddy
--
Brotsman Dreger, Inc. - EverQuick
CW Date: Thu, 16 Oct 2003 11:19:25 -0400
CW From: Chris Woodfield
CW So...correct me if I'm wrong here...does this mean that the
CW registry services operations and the GTLD maintenance
CW operations for .com/.net will be owned by different
CW companies?
I wonder just how different they are,
KH Date: Thu, 16 Oct 2003 15:23:41 -0400
KH From: Kee Hinckley
KH Verisign is trying to move this argument into a question of what best
KH serves the end-user. They are doing this because the public
KH understands that, and because they know they can't win the question
KH of what best serves
DG Date: Wed, 08 Oct 2003 09:31:45 +0200
DG From: Daniel Golding
DG 1) In a way, its fraudulent
If not mutually agreed in advance between 65000 and 65100, yes.
This is analogous to announcing more specifics from another
provider's space.
DG 2) Some folks do BGP traffic engineering tricks
Greetings all,
Time for the kooky routing idea of the year post...
Scenario:
AS65000 is a bandwidth provider. One of their downstreams wishes
to peer with AS65100, or to multihome with AS65100 as a second
upstream. The obvious and 100% correct answer is for $downstream
to register their
PG Date: Mon, 6 Oct 2003 11:45:11 +0100
PG From: Peter Galbavy
PG Yes but... there is a strong likelyhood that less paranoid
PG protocol implementors (not necessarily designers, just those
PG coding stuff from spec) could simplify their lives and not
PG check all the right conditions required
PG Date: Mon, 6 Oct 2003 19:40:04 +0100
PG From: Peter Galbavy
PG No, please do not twist my words; I referrred to poor
PG implementations of good ideas. Nowhere did I say that the
PG protocol is bad as a result of poor implementations.
You warned of the hazards of poor implementation. Fine.
JM Date: Fri, 3 Oct 2003 16:16:29 -0400
JM From: Jared Mauch
JM I wonder if they will still present at Nanog?
JM
JM http://www.nanog.org/mtg-0310/dns.html
Perhaps they could give away limited-edition Snubby Mail Rejector
t-shirts; bonus points if the shirts include expect script or is
ML Date: Fri, 3 Oct 2003 17:50:02 -0400
ML From: Matt Larson [EMAIL PROTECTED]
ML VeriSign was directed by ICANN to suspend the Site Finder service by
ML 0100 UTC on Sunday, October 5. We requested an extension from ICANN
ML to give more notice to the community but were denied. We will be
WCS Date: Mon, 29 Sep 2003 00:05:36 -0500
WCS From: Stewart, William C (Bill), RTSLS
[ moderately snipped ]
WCS Some cable user's machine running default-configured MS apps
WCS is sending Paul dynamic DNS queries that it shouldn't,
WCS Well, default-configured Microsoft applications have an
SMB Date: Mon, 29 Sep 2003 16:10:59 -0400
SMB From: Steven M. Bellovin
SMB No, they use icmp. Or at least that's what the XP box
SMB sitting next to me does...
AFAIK, it's been that way since Win95. I recall a certain
vendor's dodgy ISDN router * * * on Windows traceroute, but
working fine
DGA Date: Mon, 22 Sep 2003 18:32:19 -0400
DGA From: David G. Andersen
DGA The whole problem with only listing two anycast servers is that
DGA you leave yourself vulnerable to other kinds of faults. Your
DGA upstream ISP fat-fingers ip route 64.94.110.11 null0 and
DGA accidentally blitzes the
SJW Date: Sun, 21 Sep 2003 15:17:34 + (GMT)
SJW From: Stephen J. Wilcox
SJW That was my understanding but on checking with Paul he said
SJW that NXDOMAIN means dont do further checks so dont look for
SJW A...
Return NOERROR for one type of RR, but NXDOMAIN for another? Is
that valid?!
KH Date: Sat, 20 Sep 2003 17:03:04 -0400
KH From: Kee Hinckley
KH The whois database is not a replacement for a DNS query.
Especially considering how Verisign whois info often lags waaay
behind what is correct. Outdated NS info, anyone?
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet
TV Date: Thu, 18 Sep 2003 10:05:15 -0400 (EDT)
TV From: Todd Vierling
TV DNS site A goes down, but its BGP advertisements are still in
TV effect.
Or are they?
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone:
TV Date: Thu, 18 Sep 2003 11:39:17 -0400 (EDT)
TV From: Todd Vierling
TV And guess what: neither of the two addresses supplied by
TV UltraDNS worked last night for some sites, because their
TV anycast configuration is not allowing DNS redundancy. It is
TV depending on every site somehow
PEF Date: Thu, 18 Sep 2003 11:02:08 -0500
PEF From: Peter E. Fry
PEF Is that the best example you can come up with? Ever use any
PEF Bay equipment...?
You have reminded me of Bay's config GUI. I shall have
nightmares tonight.
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
TV Date: Thu, 18 Sep 2003 13:01:18 -0400 (EDT)
TV From: Todd Vierling
TV BGP doesn't know when a DNS server dies. Therein lies the
TV findamental problem of using anycast as an application
TV redundancy scheme.
But it can and should. Again, seeing if the process is running
is easy; verifying
TV Date: Thu, 18 Sep 2003 12:52:29 -0400 (EDT)
TV From: Todd Vierling
TV I couldn't know for sure from some sites, but traceroutes
TV sure got there. That would imply that (at their end) the
TV advertisements were still up.
Which would be an implementation flaw, not something inherently
wrong
Date: Thu, 18 Sep 2003 13:47:01 -0400
From: Keptin Komrade Dr. BobWrench III esq.
And, I might add, in the case of a highly complex anycast
application, you will need to check not only for correctness,
but for timeliness.
In a realtime system, something that is late is considered
Date: Thu, 18 Sep 2003 10:29:06 -0700 (PDT)
From: bmanning
Ick. you really believe that BGP can or should be augmented to
understand application liveness? BGP reaching past the
And why not? BGP deals in reachability information. Perhaps it
conventionally represents interface and link
EBD Date: Thu, 18 Sep 2003 18:01:07 + (GMT)
EBD From: E.B. Dreger
EBD That's why one uses a daemon with main loop including
EBD something like:
EBD
EBDsuccess = 0 ;
EBDfor ( i = checklist ; i-callback != NULL ; i++ )
EBDsuccess = i-callback(foo) ;
EBDif ( success
TV Date: Thu, 18 Sep 2003 14:22:19 -0400 (EDT)
TV From: Todd Vierling
TV Sucks to be anyone trying to use the service whose routers
TV pick those nodes as the only ones available. That's the
TV fault of the implementor, not the client.
Yes.
TV The major issue here is that no *gTLD*,
Date: Thu, 18 Sep 2003 11:36:37 -0700 (PDT)
From: bmanning
Bill, I know you know better, so let's try more facts and less
FUD. Mmmmkay? Your above paragraph is a red herring that is
analogous to saying all multihomed services must be run on the
router itself.
yes, it does
JS Date: Mon, 15 Sep 2003 21:50:42 -0400
JS From: Joshua Sahala
JS i'm not sure if it could be cached, but i still see verisign
JS pretending to 0wn the net...
No, it's not cached. Try
dig +norec @a.gtld-servers.net '*.net.' any
to confirm.
Eddy
--
Brotsman Dreger, Inc. -
http://www.internetnews.com/bus-news/article.php/3_85721
Deja vu. If I didn't know any better, I'd think that article
were written in the past few days.
What's going to happen in another 4.5 years? Shall we have a
contest who can write the most accurate article before the next
incident
PH Date: Thu, 18 Sep 2003 00:50:18 +0300
PH From: Petri Helenius
PH If I remember correctly, Verisign person stated in an
PH interview that they estimate that it will be worth up to
PH $100M annually.
I'm willing to suffer that sort of burden to, uh, help make the
Internet a better place.
Date: Wed, 17 Sep 2003 18:39:27 -0400 (EDT)
From: [EMAIL PROTECTED]
Any solution which requires uniqueness also requires a singular
ultimate authority.
Or cooperation between multiple authorities. Of course, how
realistic is that?
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet
H Date: Wed, 17 Sep 2003 20:01:37 -0400
H From: Haesu
H omg. So VeriSign is requiring all network operations, or the
H whole internet to pretty much redo their network per their
H Recommendations to allow sitefinder?
I definitely want a piece of that $100M. ;-)
It's interesting that
TV Date: Thu, 18 Sep 2003 00:50:28 -0400 (EDT)
TV From: Todd Vierling
TV tld[12].ultradns.net, the NS for .ORG, was completely
TV unreachable for about an hour or two this evening, timing out
TV on all DNS queries. Anyone else see similar? (The hosts are
I don't recall having troubles this
CLM Date: Thu, 18 Sep 2003 05:28:05 + (GMT)
CLM From: Christopher L. Morrow
CLM Just because they hosts are on the same subnet and are
CLM apparently behind the same end device for you doesn't make
CLM them non-geographically diverse if they are really anycast
CLM pods, does it? It really
Someone mentioned earlier that Verisign could issue an official-
looking cert for an invalid domain. They accidentally issued a
cert to a Microsoft imposter.
Although it presumably would be illegal (IANAL), what's to say a
valid cert wouldn't accidentally be issued for a competitor at
the same
MD Date: Tue, 16 Sep 2003 11:07:41 -0700
MD From: Mike Damm
MD Who's up for creating a network of new gTLD servers? I'm sure
I dunno. We'd be trusting those operating the gTLD network. ;-)
MD it wouldn't be too hard to reconstruct 90% of the com/net
MD zones from publicly available data
MD
JB Date: Tue, 16 Sep 2003 12:05:04 -0600
JB From: John Brown
JB Make sure you tag the route with NO-EXPORT :)
Are you sure about this? ;-)
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone: +1 785 865 5885
JS Date: Tue, 16 Sep 2003 20:58:13 -0400 (EDT)
JS From: James Smallacombe
JS I hope you mean OpenSSH 3.7p1 ?
No. He means 3.7.1p1 -- fire up your compiler(s) again.
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
DL Date: Tue, 16 Sep 2003 21:20:08 -0400 (EDT)
DL From: David Lesher
DL Verisign Move to Mean More Spam
DL
DL Will that do for a hook?
s,to,could, and I'll bite. Gotta keep it factual.
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce,
SD Date: Wed, 17 Sep 2003 00:48:09 -0400 (EDT)
SD From: Sean Donelan
SD So, Verisign just returns a NS pointer to another name server
SD Verisign controls which then answers the queries with
SD Verisign's helpful web site.
Queries for random zones make a nice starting point.
Eddy
--
Brotsman
PWG Date: Mon, 15 Sep 2003 19:40:33 -0400
PWG From: Patrick W. Gilmore
PWG Anyone wanna patch BIND such that replies of that IP addy
PWG are replaced with NXDOMAIN? That solves the web site and
PWG the spam problem, and all others, all at once.
I'd actually go for keeping the A RR for
EBD Date: Tue, 16 Sep 2003 05:32:50 + (GMT)
EBD From: E.B. Dreger
EBD I'd actually go for keeping the A RR for '*.net.' and
EBD '*.com.' in an authoritative NS's cache. If any other A RR
s,authoritative,resolver,
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
Bandwidth
ML Date: Mon, 25 Aug 2003 15:30:01 -0400
ML From: Matt Levine
ML Except that what you are proposing would allow your customer
ML to announce 2 /16's just fine from within one of rob's bogon
ML /8's, as the 2 /16's wouldn't be in your rib.
Unless the route server processed all routes (several
Date: Mon, 4 Aug 2003 18:50:36 -0400 (EDT)
From: [EMAIL PROTECTED]
And so we should do nothing?
If a _few_ networks null-route abusers, said networks isolate
themselves. If _all_ networks cut off abusers, who becomes the
island?
Fixing the Internet is difficult. What can't be tackled
CLM Date: Sat, 2 Aug 2003 02:45:29 + (GMT)
CLM From: Christopher L. Morrow
CLM EBD Who should be held accountable for vulnerable boxen?
CLM
CLM I believe the vendor should, but my opinion matters not :)
I agree. It stinks when cutting code, knowing that _some_
competitor is slinging out
EBD Date: Sun, 3 Aug 2003 20:06:16 + (GMT)
EBD From: E.B. Dreger
EBD Sort of like deaggregating routes, helping track down and
Ugh.
s/helping/not helping/
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network building
Phone
DGA Date: Thu, 31 Jul 2003 13:10:20 -0400
DGA From: David G. Andersen
DGA a) DHCP'ing everyone is just easier.
Assign unchanging IP address based on MAC address. Done/done.
Eddy
--
Brotsman Dreger, Inc. - EverQuick Internet Division
Bandwidth, consulting, e-commerce, hosting, and network
1 - 100 of 255 matches
Mail list logo
