On Tue, 18 Dec 2007 12:14:52 +0100
Iljitsch van Beijnum [EMAIL PROTECTED] wrote:
I'd say that the huge address space makes life impossible for scanning
worms.
Perhaps for random address scanning, but certainly not for scanning
worms generally. In addition to the paper Steve Bellovin
On Mon, 03 Dec 2007 15:16:47 -0200
MARLON BORBA [EMAIL PROTECTED] wrote:
I am in search of a good book about Network Architecture and Design,
with emphasis in Quality of Service and convergent networks, to be used
as a reference. Could you please indcate your favorites?
Some might say those
On Sun, 4 Nov 2007 11:52:11 -0500 (EST)
Sean Donelan [EMAIL PROTECTED] wrote:
I just wish the IETF would acknowledge this and go ahead and define a
DNS bit for artificial DNS answers for all these address correction and
domain parking and domain tasting people to use for their keen
Web 2.0
On Thu, 25 Oct 2007 12:50:32 -0400 (EDT)
Sean Donelan [EMAIL PROTECTED] wrote:
Comcast's network is QOS DSCP enabled, as are many other large provider
networks. Enterprise customers use QOS DSCP all the time. However, the
net neutrality battles last year made it politically impossible for
On Fri, 10 Aug 2007 16:11:04 -0700
Douglas Otis [EMAIL PROTECTED] wrote:
TCP offers a means to escape UDP related issues. On the other hand,
blocking TCP may offer the necessary motivation for having these UDP
issues fixed. After all, only UDP should be required. When TCP is
On Tue, 29 May 2007 15:08:34 + (GMT)
Chris L. Morrow [EMAIL PROTECTED] wrote:
vixie had a fun discussion about anycast and dns... something about him
being sad/sorry about making everyone have to carry a /24 for f-root
everywhere. I think there is a list of 'golden prefixes' or something,
On Tue, 9 Jan 2007 13:21:38 -0500
Marshall Eubanks [EMAIL PROTECTED] wrote:
You are correct. Today, IP multicast is limited to a few small
closed networks. If we ever migrate to IPv6, this would instantly
change.
I am curious. Why do you think that ?
I could have said the same
On Fri, 8 Dec 2006 09:54:03 -0600
Dave Raskin [EMAIL PROTECTED] wrote:
Hello, I have been directed to this list by IANA when I asked the
following question:
An even better set of lists might be:
https://www1.ietf.org/mailman/listinfo/mboned
On Wed, 06 Dec 2006 09:38:10 -0800
matthew zeier [EMAIL PROTECTED] wrote:
Are there any practical issues with announcing the same route behind
different ASNs?
This is known as Multiple Origin AS of which you should be able to
find plenty of discussion and articles about. It's not uncommon
On Fri, 17 Nov 2006 00:37:18 + (GMT)
Chris L. Morrow [EMAIL PROTECTED] wrote:
the wustl.edu folks probably have a good POC for atleast netgear...
since they had to deal with the netgear 'ntp issue' 2+ years ago (and
ongoing still). There was a nanog preso about it I think as well as
many
On Thu, 7 Sep 2006 07:27:16 -0400
Mike Walter [EMAIL PROTECTED] wrote:
Sep 7 06:50:20.697 EST: %SEC-6-IPACCESSLOGP: list 166 denied tcp
69.50.222.8(25) - 69.4.74.14(2421), 4 packets
[...]
I'm not very familiar with NBAR or how to use it for CodeRed, but this
first rule:
access-list 166 deny
On Thu, 03 Aug 2006 12:22:31 -1000
Scott Weeks [EMAIL PROTECTED] wrote:
But shutting them down, that's like the police arresting
all the informants. It doesn't stop the crime, it just
eradicates all your easy leads.
What're folk's thoughts on that?
Well that's one perspective.
I
On Thu, 27 Jul 2006 12:01:19 -0500
Jeffrey Sharpe [EMAIL PROTECTED] wrote:
Does anyone know if Ultradns uses anycast? Or how to get someone at
UltraDNS or PIR to take ownership of a issue and resolve it?
Anycast, yes. If you want to shoot me an email offline, myself or
any one of the
On Mon, 10 Jul 2006 21:56:27 -0500
Jerry Pasker [EMAIL PROTECTED] wrote:
Because you fear that their routers that distribute the feed could
become own3d and used to cause a massive DoS by filtering out some
networks?
Someone in the NANOG community, I forget who now, had the sensible
On Thu, 01 Jun 2006 12:07:00 +0200
hjan [EMAIL PROTECTED] wrote:
I have read cisco's doc about cpp and i've also read the good
documentation written by John Kristoff about cpp
in wich are included some implementation example.
The cisco-nsp mailing list is probably a better place
On Fri, 26 May 2006 10:21:10 -0700
Rick Wesson [EMAIL PROTECTED] wrote:
lets see, should we be concerned? here are a few interesting tables,
the cnt column is new IP addresses we have seen in the last 5 days.
Hi Rick,
What I'd be curious to know in the numbers being thrown around if there
On Fri, 26 May 2006 11:50:21 -0700
Rick Wesson [EMAIL PROTECTED] wrote:
The longer answer is that we haven't found a reliable way to identify
dynamic blocks. Should anyone point me to an authoritative source I'd
be happy to do the analysis and provide some graphs on how dynamic
addresses
On Tue, 18 Apr 2006 16:13:12 -0400 (EDT)
Scott Tuc Ellentuch at T-B-O-H [EMAIL PROTECTED] wrote:
Is there a utility that I can use that will pull the
routes off each router (Foundry preferred), and then compare
them as best it can to see why there is such a difference?
I don't know
On Thu, 30 Mar 2006 15:56:02 -0800
Robert Sherrard [EMAIL PROTECTED] wrote:
I've got a situation in which I'd like to rate limit a few servers
that hang off of my 6590's... it appears that this can only be done
on a layer 3 interface. These servers however aren't, they simply on
a switch
On Thu, 30 Mar 2006 17:25:38 -0800
Robert Sherrard [EMAIL PROTECTED] wrote:
I'm really interested in rate limiting outbound... with many unknown
dest IP's.
That's what that example was intending to show. That is, rate limiting
traffic coming from the servers into the VLAN interface towards
On Wed, 11 Jan 2006 13:03:51 -0500
Steven M. Bellovin [EMAIL PROTECTED] wrote:
Every time IANA allocates new prefixes, we're treated to complaints
about sites that are not reachable because they're in the new space
and some places haven't updated their bogon filters. My question is
this:
On Thu, 15 Dec 2005 19:15:49 -0500 (EST)
Sean Donelan [EMAIL PROTECTED] wrote:
ATT, Global Crossing, Level3, MCI, Savvis, Sprint, etc have sold
QOS services for years. Level3 says 20% of the traffic over its
What do they mean by QoS? Is it IntServ, DiffServ, PVCs, the law of
averages or
On Fri, 16 Dec 2005 03:29:29 + (GMT)
Christopher L. Morrow [EMAIL PROTECTED] wrote:
In my experience that is easier said than done. However, you remind
me of what I think is what most who say they want QoS are really
after. DoS protection. By focusing on DoS mitigation instead of
Joe Abley is coordinating a set of PGP key signing parties throughout
the NANOG 35 meeting. I know Joe has his hands full with program and
steering committee responsibilities and could use help from others to
ensure keysignings go smoothly.
If you'll be attending any part of the meeting, have a
On Thu, 6 Oct 2005 11:54:34 +0100
[EMAIL PROTECTED] wrote:
While I realize that the nuke survivable thing is probably an old
wives tale, it seems ridiculous that the Internet can't adjust by
[...]
It's not a myth. If the Internet were running RIP instead of BGP
For the Internet, I
On Thu, 15 Sep 2005 10:29:27 +0300
Kim Onnel [EMAIL PROTECTED] wrote:
80 deny udp any any eq 1026 (3481591 matches)
If you don't already know, it might be worth looking at a detailed
breakdown of the source ports hitting that rule. It may be blocking
a good amount of DNS and NTP traffic for
On Tue, 30 Aug 2005 14:14:52 -0400 (EDT)
J. Oquendo [EMAIL PROTECTED] wrote:
Ten Commandments of the Interweb
I'm biased, but I think these are better and less contestable:
1. Thou shalt above all, maintain the integrity of the network.
2. Thou shalt have a long term strategic
On Wed, 3 Aug 2005 02:08:30 -0700 (PDT)
Bill Woodcock [EMAIL PROTECTED] wrote:
What security risk does TFTP pose that isn't also shared by HTTP?
I find it disappointing that the filtering police rarely stop to think
about their decision about what and why protocols are a security risk.
Looked
On Thu, 7 Jul 2005 12:10:46 -0500
Jason Sloderbeck [EMAIL PROTECTED] wrote:
we're not a provider of transit. I have no desire to find new peers,
so I'm not considering the offer below -- just wondering if this is a
red flag that's worth passing on.
Probably not. When I was at DePaul and
On Fri, 1 Jul 2005 12:53:53 GMT
Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote:
With all respect to Dave, and not to sound too skeptical,
but we're pretty far along in our current architecture to
fundamentally change, don't you think (emphasis on
fundamentally)?
From the article it seems
On Thu, 12 May 2005 04:15:07 -1000
Brian Russo [EMAIL PROTECTED] wrote:
Perhaps a better question is:
Is there now justification for allowing transit for ms-sql slammer
ports?
I think there always has been some justification. Here is a very
small sample of real traffic that I can assure
On Sun, 17 Apr 2005 13:28:21 +0200
Kim Onnel [EMAIL PROTECTED] wrote:
I have the ACL below applied on many network devices to block the
common worms ports,
Beware, you are guaranteed to be blocking other, legitimate things
too with some of these rules. More below.
ip access-list extended
On Sun, 17 Apr 2005 13:00:30 -0700
J.D. Falk [EMAIL PROTECTED] wrote:
deny udp any any eq 1026
Similar as before, you are going to be removing some legitimate
traffic.
Is this really true? All of the ports listed above are used by
LAN protocols that were never
On Fri, 1 Apr 2005 15:02:06 -0500
Joe Provo [EMAIL PROTECTED] wrote:
I have as much humour as the next guy, but [insert renewed call for
nanog-chat or nanog-social or whatever would keep the chitchat in a
different blasted bucket]. Heck, if this is the general bucket than
and
On Wed, 30 Mar 2005 16:50:38 +0100
Doug Legge [EMAIL PROTECTED] wrote:
What has been the general effect in the ISP/Enterprise community following
the warnings?
- Have people applied MD5?
Without question more BGP sessions suddenly became 'MD5-enabled'
across the net. It has been debated
On Sat, 12 Mar 2005 17:09:17 -0800 (PST)
Bill Nash [EMAIL PROTECTED] wrote:
As popular as instant messenger, and increasingly, voip toys, have become,
actual IRC usages represents a diminishing percentage of inter-user
chatter. Even something as simple as carving irc usage out of your
On Tue, 15 Feb 2005 16:18:01 -0500
Daniel Golding [EMAIL PROTECTED] wrote:
Why block TFTP at your borders? To keep people from loading new versions of
IOS on your routers? ;)
Fear.
Not trying to be flippant, but what's the basis for this?
In addition to what others have said. The T in
On Thu, 30 Dec 2004 01:00:22 -0500
Robert E.Seastrom [EMAIL PROTECTED] wrote:
A naive reader might think from Dan's posting that the Internet didn't
work at all before ECN was codified (experimental with RFC 2481 in
January 1999 and standards-track with RFC 3168 in September 2001).
[...]
ECN
On Thu, 30 Dec 2004 17:42:44 -0800
David Schwartz [EMAIL PROTECTED] wrote:
I, for one, do not agree. End hosts and firewalls *should* reject
all traffic they don't understand. It's precisely to prevent our
unintentional participation (as end hosts) in such 'experiments' that
we deploy
On Fri, 31 Dec 2004 01:51:01 -0500
Robert E.Seastrom [EMAIL PROTECTED] wrote:
You must not remember how SunOS 4 responded when handed icmp echo
requests with the record-route option set (passed the packet on for
the next guy to enjoy and then promptly paniced).
[...]
Now I know wide
On Mon, 20 Dec 2004 17:18:30 +
Paul Vixie [EMAIL PROTECTED] wrote:
there are some million-bot drone armies out there. with enough attackers
I've heard that claim before, but I've yet to be convinced that those
making it were doing more than speculating. It is not unreasonable to
believe
On Wed, 01 Dec 2004 08:56:23 -0800
Greg Albrecht [EMAIL PROTECTED] wrote:
are we obligated, as a user of ARIN ip space, or per some BCP, to
provide ad-hoc reverse dns to our customers with-out cost, or without
financial obligation.
I thought I saw some 'MUST' statements in an RFC about
On Sat, 27 Nov 2004 18:25:52 +0100
Iljitsch van Beijnum [EMAIL PROTECTED] wrote:
All I hear is how this company or that enterprise should qualify for
PI space. What I don't hear is what's going to happen when the routing
tables grow too large, or how to prevent this. I think just about
Not receiving any response for over a week after posting this query to
cisco-nsp I thought perhaps folks here might have some input. In my
scenario, Cisco is the likely gear involved, but even if people have
vendor neutral feedback about this I'd be interesting in hearing it.
From: John
On Wed, 20 Oct 2004 15:14:29 -0400
Hannigan, Martin [EMAIL PROTECTED] wrote:
[..]we additionally request that they resolve the RR to 127.0.0.3
before they lock out and reload the zone.
We picked 127/8 as the standard. RFC 1918 wasn't suitable
for obvious reasons.
[ I know you know this
On Tue, 5 Oct 2004 13:58:55 +0100
Jonathan McDowell [EMAIL PROTECTED] wrote:
http://www.nanog.org/pgp.html
There doesn't seem to be a lot of emphasis on identity verification
according to this page. It only says You might want to bring photo id
[...]
http://sion.quickie.net/keysigning.txt
Those of you attending NANOG 32 are encouraged to submit your public PGP
key to take part in the regular key signing event.
Even if you may not be able to attend the group PGP key signing event,
but will be at NANOG 32, you are encouraged to submit your key anyway.
You can always meet up with
On Tue, 21 Sep 2004 22:49:36 +0800 (CST)
Joe Shen [EMAIL PROTECTED] wrote:
We want to analize log from Cisco and Juniper Router
and switch periodically.
cislog on the following page is Cisco specific, but you may find it
useful:
http://aharp.ittns.northwestern.edu/software/
It is
On Thu, 1 Jul 2004 19:09:52 -0500
Erik Amundson [EMAIL PROTECTED] wrote:
I have a question regarding information on my ISP's peering relationships.
Are the speeds of some or all peering relationships public knowledge, and if
so, where can I find this? By speed, I mean bandwidth (DS3, OC3,
On Thu, 20 May 2004 21:08:43 -0700
Michael Sinatra [EMAIL PROTECTED] wrote:
I run two stratum-1 servers and a few stratum-2s and I provide time via
multicast (224.0.0.1), but I don't use it for my servers, except for
Presumably you meant 224.0.1.1.
testing and verification. I am also
On Thu, 20 May 2004 17:33:22 -0400
Jared Mauch [EMAIL PROTECTED] wrote:
I'm also wondering, how many people are using the ntp.mcast.net
messages to sync their clocks? what about providing ntp
We have had one user that I know of who was receiving time sync info
via multicast
On Thu, 6 May 2004 17:52:16 -0400
Patrick W.Gilmore [EMAIL PROTECTED] wrote:
Unfortunately, my organization was not passive until we got to see what
the threat actually was, so our numbers are not useful. Would any
traffic-carrying-organization care to discuss their numbers?
On Wed, 21 Apr 2004 21:00:55 +0100 (IST)
Paul Jakma [EMAIL PROTECTED] wrote:
risk of crypto DoS than compared to the simple BGP TCP MD5 hack. The
risk is due to MD5, not IPSec :).
I would say the risk is due to implementation. If the vendor's gear
vomits quicker due to a resource
On 19 Apr 2004 22:16:58 +
Paul Vixie [EMAIL PROTECTED] wrote:
[(*) wierd could mean streams of tcp/syn or tcp/rst, or forged source
addresses, or streams of unanswered udp, or streams of ourbound tcp/25,
or udp/137..139, or who knows what it'll be by this time next month?]
Precisely.
On Mon, 15 Mar 2004 23:17:27 -0500 (EST)
Andrew Dorsett [EMAIL PROTECTED] wrote:
I'm not referring to the time required to implement. I'm talking about
the time it takes for the user. On the user end. Lets do some simple
math. Lets say I turn on my laptop before I shower, I power it down
On Sun, 14 Mar 2004 01:29:29 -0500 (EST)
Andrew Dorsett [EMAIL PROTECTED] wrote:
This is a topic I get very soap-boxish about. I have too many problems
with providers who don't understand the college student market. I can
There are certain environments where it would be nice for people to
On 15 Mar 2004 08:01:15 -0500
Robert E. Seastrom [EMAIL PROTECTED] wrote:
Maybe NANOG needs to implement a system where you have to log
in to a web page with your NANOG meeting passcode in order to
get a usable IP address. Then, when an infected computer shows
[...]
Seconded. This is
On Tue, 17 Feb 2004 21:48:18 +
Alex Bligh [EMAIL PROTECTED] wrote:
a) Some forms of filtering, which do occasionally prevent the customer
from using their target application, are in general good, as the
operational (see, on topic) impact of *not* applying tends to be
worse than
On Mon, 26 Jan 2004 10:30:38 -0500
[EMAIL PROTECTED] wrote:
Yes, we can probably make something better than BGP. But will we
be able to understand it?
I thought this was a good measure of that question... from the current
draft-irtf-routing-reqs draft:
2.1.17 Simplicity
The
On Wed, Oct 22, 2003 at 11:23:08PM -0700, Joe Zhu wrote:
well...if it's really problem, someone will help. But if it's smart a$$
comment like this, not sure.
I'm not sure what exactly you took offense too, but if I offended
someone, particularly our international neighbors I apologize. In
my
On Wed, Oct 22, 2003 at 02:57:55PM -0400, Daniel Medina wrote:
Our main nameservers are being filtered from networks managed by
CHINANET, Data Communications Division,
China Telecom
All traffic from our nameservers (ICMP, DNS queries, etc) is being
dropped. As a result,
NANOG29 attendees,
Help make my SSH sessions more responsive, use the squid cache. :-)
http://www.nanog.org/squid.html
John
On Tue, Sep 30, 2003 at 05:22:25PM -0700, Crist Clark wrote:
Wasn't this based upon the premise that gear should not return ICMP
errors as a result of ICMP packet input as a precaution against error
loops? ie said dodgy router did the _right_ thing?
That would be disingenious. RFC1122
On Thu, 18 Sep 2003 09:53:38 -0400
Daryl G. Jurbala [EMAIL PROTECTED] wrote:
* And how about this: Cisco: PICK A BUSINESS END ON YOUR SMALL OFFICE
ROUTING EQUIPMENT. Most of my less clued customer like to help out
and rack the equipment ahead of time. And it always gets done pretty
side
On Thu, 18 Sep 2003 15:10:57 -0400 (EDT)
[EMAIL PROTECTED] wrote:
manufacturer assigned macs are guaranteed to be globally unique.
Theoretically. I didn't experience it personally, but I believe there
was at least one fairly well known event a few years back where a
manufacturer shipped cards
On Wed, 13 Aug 2003 09:10:32 +0200
Robert Raszuk [EMAIL PROTECTED] wrote:
That is fine. The amount of information to be carried is easily
extensible. So if you can help us to determine the required fields we
will be more then glad to add them.
Deploying this as a signalling protocol that is
I think its safe to post this now... the AS who asked me this now seems
to be gone. Keep in mind we're just a po' little school under the El in
Chicago and the network asking was a seemingly large Central/South
American provider who was bringing in an OC12 to AADS (compared to our
OC3). Maybe
On Thu, 26 Jun 2003 17:24:14 -0500
Jeff Bartig [EMAIL PROTECTED] wrote:
effort to promote peering at the NAP. Have you gotten any
other interest in it?
About 7 replies so far, which may not warrant it I'm not sure. It would
probably have been much more useful if we had it a few years ago.
Regardless of what many of you may think of AADS generally, are
there people who would be interested in joining an AADS mailing
list, primarily to be used for broadcasting downtime notices or
for discussing Chicago NAP specific issues.
Perhaps a mailing list for other specific exchanges may be
On Sun, Jun 22, 2003 at 09:24:58PM -0400, Sean Donelan wrote:
gaps between entities I'm interested in mapping. I want to discover
and map the connections indviduals may know about, but no one realized
how all the pieces were connected.
So far the recommendations have included
[...]
I'm
On Wed, Jun 04, 2003 at 11:41:22PM -0400, Deepak Jain wrote:
causes far more severe problems. Since RED causes packet drops, high speed
streams that get RED'd are in an immense world of pain. Further, since a
In some experience I've had RED did not cause drops. In fact, I have
some data
On Wed, Jun 04, 2003 at 06:48:01PM -0400, Dan Armstrong wrote:
More stuff to manage if we push it out to the CPE.
Push it out even further.
John
On Tue, 25 Mar 2003 09:06:01 -0500
Christian Liendo [EMAIL PROTECTED] wrote:
I am sorry if this was discussed before, but I cannot seem to find
this. I want to use source routing as a way to stop a DoS rather than
use access-lists.
If you fooled the router into thinking that the reverse path
On Wed, Mar 12, 2003 at 06:53:03AM -0600, Jack Bates wrote:
traffic going to them. My router shows the last BGP peer reset about that
[...]
I've not seen reference to it, since the customer only transits through my
network and depends on my redundancy, is it possible to hold his routes in
the
On Fri, 21 Feb 2003 17:25:46 -0500
William Allen Simpson [EMAIL PROTECTED] wrote:
I've been pretty disappointed with some of the responses on this
issue.
Maybe you won't like this one either, but here goes.
I'd be very interested in hearing how opeators feel about 'pushback'.
It may make
Apologies if this ends up on the list multiple times. I seem to
have trouble getting this posted in a timely fashion.
In general, MAC OUI designations may indicate a particular AP. IP
multicast group participation may also be used by some APs. Some
APs have a few unique ports open. Lastly,
On Tue, Feb 11, 2003 at 01:02:34PM -0700, Tony Rall wrote:
It sounds like John is referring to using a network IDS system, maybe one
per subnet, to try to infer from the wired (maybe) network traffic that an
unwanted AP is connected to your wired network. Given that you may want
Actually,
On Sat, Jan 18, 2003 at 08:58:13AM -0500, Daniel Senie wrote:
While it's nice that router vendors implemented unicast RPF to make
configuration in some cases easier, using simple ACLs isn't necessarily
hard at the edges either.
It might be nice if all router vendors were able to associate
On Thu, Jan 16, 2003 at 08:48:03PM -0500, Brad Laue wrote:
Having researched this in-depth after reading a rather cursory article
on the topic (http://grc.com/dos/drdos.htm), only two main methods come
to my mind to protect against it.
There are a few more methods, some have already mentioned
On Fri, 17 Jan 2003 18:38:08 + (GMT)
Christopher L. Morrow [EMAIL PROTECTED] wrote:
has something called Source Path Isolation Engine (SPIE). There
This would be cool to see a design/whitepaper for.. Kelly?
In addition to David's link:
http://www.ir.bbn.com/projects/SPIE/
On Sun, Dec 29, 2002 at 09:12:16PM +, Paul Vixie wrote:
per-bit revenue for high tier network owners would turn into per-port
revenue for exchange point operators. where's the market in that? how
I think you just answered your own question. Exchange point operations.
could a high tier
On Sun, 1 Dec 2002 23:03:22 -0800 (PST)
Ratul Mahajan [EMAIL PROTECTED] wrote:
speaking neighbor), you can help us by donating your bgp config files.
abstracted
or anonymized versions are ok.
Of possible general interest to the list, I had begun work over a year
ago in 'mapping' out peering
At 2:03 PM -0400 10/19/02, Sean Donelan wrote:
Stuff happens to everyone, its how you respond. Would your company
have been able to recover as quickly?
Over one weekend I was part of a team of folks involved in moving a
voice/data center for a fairly sizeable regional office across the city
Has anyone seen what may be ATM level congestion at the Chicago NAP
recently? ...or have you seen it in the recent past?
We're having trouble pinpointing a problem, which may have been
occurring for a long time, but just now really beginning to affect us
significantly. We are seeing latency on
On Tue, 27 Aug 2002 00:59:49 +0200
Jeroen Massar [EMAIL PROTECTED] wrote:
Nice rant Randy, but if you even ever wondered why the wording Mail
Relay exists you might see that if an
ISP simply forwards all outgoing tcp port 25 traffic to one of their
relays and protects that from weird spam
On Tue, 27 Aug 2002 01:54:39 +0200
Jeroen Massar [EMAIL PROTECTED] wrote:
SMTP is a protocol which is based on relaying messages from one
mailserver to another.
An endnode (especially workstations) don't need to run SMTP.
I'm not sure how to truly disable an SMTP server from running on an
On Tue, Aug 27, 2002 at 12:14:46PM +1000, Martin wrote:
but surely an MTA derives it's usefulness by running on port 25. i don't
remember reading about where in the DNS MX RR you could specify what port
the MTA would be listening on...
Surely your not a spammer looking for tips are you? :-)
On Wed, Aug 14, 2002 at 01:23:01PM -0400, Sean Donelan wrote:
4. Don't exchange routing information with external parties
And don't trust them. Use limits on the amount of prefixes you're
willing to accept. Verify routes received with some third party
(e.g. routing database).
5. Explicit
We're currently experiencing significant latency through Cogent at AADS.
I've heard they have some general latency issues, but nothing concrete
yet as to what and where. Does anyone have any details of any problems
while we're waiting for a response back from the NOC? Thanks,
John
Thanks to all those who responded. The problem appears to have
mysteriously cleared up at the moment. Mysteriously, because I haven't
yet heard official word from Cogent or other 3rd party on a definitive
cause of the degradation.
John
On Wed, Jul 10, 2002 at 07:04:38AM -0700, nanog wrote:
Subject says it all. GBLX upgraded some edge routers to a new JunOS
release (possibly 5.3 rev 24)- and now our bgp sessions continually
reset with:
Jul 10 06:58:24 MST: %BGP-3-NOTIFICATION: sent to neighbor X.X.X.X 3/3 (update
On Tue, Jul 09, 2002 at 11:16:56AM -0400, Leo Bicknell wrote:
It's a cute list. Where's ATT (with all the old Home customers)?
Where AOL? Don't see UUNet either.
UUNET supports multicast, although the quality of that experience
for me wasn't very good. Last I heard its one price to receive
On Tue, 28 May 2002 16:16:08 -0400
[EMAIL PROTECTED] wrote:
It's common enough that it's got it's own acronym. IWF - Idiot With
Firewall.
We call them OZZADs and here is how we respond:
http://condor.depaul.edu/~jkristof/technotes/incident-response.html
John
We call them OZZADs and here is how we respond:
Hmm.. 3 people have asked already What's an OZZAD? ;)
So I don't have to keep answering this, forwarded to the group:
Over Zealous Zone Alarm Dork
John
On Wed, 22 May 2002 16:40:27 -0400
Kristian P. Jackson [EMAIL PROTECTED] wrote:
network engineers, just as a bunch of network engineers are no more
qualified to program. Perhaps a bachelors in network engineering is in
order?
We actually have that - or something close to it. We are slowly
On Wed, 1 May 2002 11:00:01 -0400 (EDT)
mike harrison [EMAIL PROTECTED] wrote:
Almost? I'd say it's hands down an EXCELLENT reason. In some configs
though, the NAT'd people can still see each other and cause problems,
but it still cuts down the exposure.
As well as perpetuates the neglect
96 matches
Mail list logo
