Paul Vixie wrote:
i only use or recommend operating systems that have their own host based
firewalls. soon that will mean pf (from openbsd but available on freebsd)
pf's tables are nifty too btw :)
pfsense, which is FreeBSD + pf, also has a port of snort IDS available.
Provided the OP has
George William Herbert wrote:
And, significantly, AQ would benefit from a telecommunications
(and other things) disconnect from the West to the Middle East,
in both tactical and strategic senses.
Funny, I was thinking the same thing about the Pentagon...
Justin Scott wrote:
I suppose the problem with having an official list to query would be
getting all of the various registries to participate and keep it
regularly updated. I personally qualify this as a slight inconvenience,
but I'm not sure I would call it a flaw in the DNS system.
If we
Florian Weimer wrote:
Anyway, if you've got a customer account that was created with a stolen
credit card, and you get complaints about activity on that account from
various parties, and you still don't act, this shows a rather
significant level of carelessness. The other side of the story is
Florian Weimer wrote:
I don't know what case prompted Ferg to post his message to NANOG, but I
know that there are cases where failing to act is comparable to ignoring
the screams for help of an alleged rape victim during the alleged
crime.
I'm reminded of this story from earlier this year:
Paul Ferguson wrote:
So, back to my original question: If you alert an ISP that bad and
possibly criminal activity is taking place by one of their customer,
and they do not take corrective action (even after a year), what do
you do?
In at least one case, where I knew the offender had been
Is anyone aware of a network status page for Qwest PSTN.
We have been told they are currently experiencing a major outage and
All calls are failing out-going (which isn't true as I've made some
calls, but am seeing intermittent congestion returned on our PRIs)
I have also heard that it... Seems
Paul Vixie wrote:
@ SOA localhost hostmaster.localhost 42 3600 1800 604800 3600
Or if you're feeling really PO'd about a piece of spyware crap that got
itself installed by convincingly imitating a browser's Could not find
server error dialog:
$ORIGIN internet-optimizer.com.
$TTL
Owen DeLong wrote:
No... It is not a good idea to /dev/null it. If you /dev/null it, the
doctrine of Acquiescence by Estoppel works in their favor (essentially
latin
legalise for Silence is Consent). Instead, you should write on the
invoice
that you never agreed to purchase the items and send
Michel Py wrote:
File a complaint with the BBB of Vancouver, BC. They are known to the
BBB. Then, let their collection goons waste their time and their money,
and tell them that if they want to see it back they have to send you a
prepaid box.
Ah, excellent pointer! I see the Vancouver BBB lists
Daniel Senie wrote:
The cost of installing a surge protector is unlikely to impact your
bottom line. One successful lightning strike on the other hand will hurt
quite a bit, and probably happen at 4AM just to be more annoying.
Yes... we had a strike hit a remote mountain POP via the T1. From the
David A.Ulevitch wrote:
I'm appreciative of this change -- but fyi, they aren't the only TLD
operators doing this, there are quite a few doing near-instant changes
to their respective zones.
I just registered a new .org and it had visibility from external NS not
more than 15 minutes later (I
Erik Amundson wrote:
head
META HTTP-EQUIV=3DContent-Type CONTENT=3Dtext/html; =
charset=3Dus-ascii
meta name=3DGenerator content=3DMicrosoft Word 11
(filtered medium)
o:SmartTagType =
namespaceuri=3Durn:schemas-microsoft-com:office:smarttags
name=3DPersonName/
!--[if !mso]
style
Dr. Jeffrey Race wrote:
This endless loop situation does NOT happen to every ISP, only to those who
have not emplaced procedures to prevent serial signups of serial abusers. This is
trivially easy to do and your firm's failure to do so and to enforce this rule on your
contracting parties
Charles Sprickman wrote:
Is there any place where people with experience dealing with DDoS attacks
hang out? I'm getting very little assistance from my upstream beyond
call whomever is in charge of each IP attacking and make them stop, and
even though we null route the destination IP being
Paul Jakma wrote:
What's really scary is that the people here complaining about a certain
vendor charging extra for SSH and hence forcing them to use insecure
telnet havnt the cop-on to read that vendor's AAA documentation and
realise that the base feature set _already_ includes capability to
Crist Clark wrote:
Anyone from the real world knows that there are real and significant
costs to convert an existing infrucstructure with telnet, the
r-protocols, ftp, and all of their unencrypted, unauthenticated friends
to SSH and SSL secured connections. Yeah, maybe the software licencing
Lots of history entries, nothing usable. Been this way a while now.
route-views.oregon-ix.netsh ip bgp 192.149.252.17
BGP routing table entry for 192.149.252.0/24, version 18274110
Paths: (38 available, no best path) -
Not advertised to any peer
7660 2516 7911 701 7046 (history entry)
Sean Donelan wrote:
Other than the obvious, don't let a bot on get on your computer in
the first place, are there any opinions about the best anti-bot tools
for naive computer users? The major virus vendors seem to be having
a bit of trouble dealing with bots, frequently recommending manual
Iljitsch van Beijnum wrote:
There is also a link to a DNS checking tool. However, this tool is
pretty much useless in situations such as the one in which I found
myself, as it doesn't answer the real question: what is the TTL for the
offending DNS information.
You should have the answer to
Brian (nanog-list) wrote:
Does anyone know of a way to get a UPS to trigger a generator to start, and
to switch over to the generator power automatically or does this type of
thing just not exist?
What Patrick said.
But, on a minor note that probably won't affect your Symmetra but I'm
posting
Last June I promised here that AS13345 was working on the issues
preventing aggregation internally
Top 20 Net Decreased Routes per Originating AS
Prefixes Change ASnum AS Description
-36 91-55 AS13345 RKCI Rockynet.com, Inc
We're not done
I know that CW was supposed to close their US ops, and then it went to
re-org and became CW America or something of the sort, but does anyone
here have a clue as to their new support info? Because just a week or so
ago 800-486-9932 got me to a real human for support, and now it just
rings and
Burton, Chris wrote:
I spoke with their NOC about 3 days ago @800.663.9932.
Thanks to everyone for the fast responses... we did finally find a
functional number (the above had a recording to call 800-486- which
got the goods).
Mike
Brian Wallingford wrote:
Feb 12 16:25:07 ns1 named[3150]: socket.c:1100: unexpected error:
Hmm. A few weeks ago I started noticing some similiar messages that I
had not ever seen before:
Jan 29 18:21:52 named[658]: socket.c:1100: unexpected error:
Jan 29 18:21:52 named[658]: internal_send:
Bruce Beckwith wrote:
You should deal with a registrar for this information, since that is one
of the services they can provide for you.
Right, but in a case where my client inherited a domain from their
predecessor, and has no idea who their registrar is, I seem to be in a
catch-22 This
Geo. wrote:
Got something really weird going on and I need a bit of help from someone
who is really good with dns.
Domain elby.ch
FWIW, this is often a good site to use when troubleshooting such issues:
http://dnsreport.com/
Miles Fidelman wrote:
Just out of curiousity, I wonder how many domain registrations those of us
on nanog represent? Contract sanctions from ICANN are one thing, taking
all of our business elsewhere might also be effective at getting a point
across (though it might also backfire - pushing
http://www.iab.org/Documents/icann-vgrs-response.html
Christopher Bird wrote:
This seems strange to me since they are arriving at an IP address that
is different from mine.
That's the function of a hub, and the reason why you don't ever want to
send out sensitive information in plaintext. Your neighbor in the next
room over could run a packet
[EMAIL PROTECTED] wrote:
You appear to be excessively deaggregating your space. Perhaps they
are doing the responsible thing by filtering it?
I had a /20 from which BT was unreachable, and a /24 working just fine,
so this seems doubtful, unless they are doing it to be spiteful and
punitive
Ron Harris wrote:
I had success on several computers catching IRC Bots with SwatIT, which is
free.
http://www.lockdowncorp.com/
I would recommend that anyone who considers using Lock Down's software
be aware of the content here:
Sean Donelan wrote:
According to Wired, Symantec is now saying they sent out an alert to
their paying customers about 30 minutes (9pm PST) before the SQL
slammer worm was detected by anyone else around 9:30pm PST.
I have not seen a copy of the Symantec message.
OK, if there really was a
On 1/28/03 11:57 AM, Paul Vixie [EMAIL PROTECTED] wrote:
What do you think of OpenBSD still installing BIND4 as part of the
default base system and recommended as secure by the OpenBSD FAQ ?
(See Section 6.8.3 in http://www.openbsd.org/faq/faq6.html#DNS )
i think that bind4 was
On Tue, 28 Jan 2003, Andy Putnins wrote:
This is therefore a request for all of those who possess this clue to
write down their wisdom and share it with the rest of us
I can't tell you what clue is, but I know when I don't see it. In some
cases our clients have had Code Red, Nimda, and
See this week's UF thread:
http://ars.userfriendly.org/cartoons/?id=20021202
[EMAIL PROTECTED] wrote:
The DOS attack should be a real concern when using RFC 1918. A
distributed) smurf attack, or one of it's derivatives, can cause the
icmp echo replies to be sent to that src. address. Since the
attackers just use blocks and blocks of spoofed addresses, you could
[EMAIL PROTECTED] wrote:
You could also use RFC1918 numbers for your point-to-point /30
aggregation blocks with the customers.. But.. since that would have
effect on customer's premise equipment, it would be better to give
them globally unique space as well, who knows if your customer comes
We're seeing bad throughput via http from both IP addresses we resolve for
this host (207.46.235.150 and 207.46.235.162). Connections from three
unrelated AS all with T1 or better are giving throughput in tests with
wget around 28-64Kbps). Each has a unqiue path to MS.
One of our clients
--On Thursday, August 01, 2002 10:24 AM -0500 jnull [EMAIL PROTECTED]
wrote:
A Sun server as a host for a OpenBSD source is like writing combinations
to a bank vault on the back of your hand.
From the FAQ:
http://openbsd.org/faq/faq8.html#wwwsolaris
8.18 - Why does www.openbsd.org run
--On Tuesday, July 23, 2002 10:11 PM -0700 Andy Ellifson
[EMAIL PROTECTED] wrote:
( CORRECTED ) MAJOR SUNSPOT ACTITVITY
I passed this on to a neighbor for comment wrt 802.11b. His response
appears below:
These blackouts generally affect communications in the HF (high frequency)
John Palmer wrote:
I know this is off the current subject., but some of you are sending
these e-mail's to the list that appear as attachments and not text.
Agreed, that is annoying.
It appears to be the result of PGP signed messages, from every instance I
can see:
X-Mailer: Mulberry/2.2.0
Adam McKenna [EMAIL PROTECTED] wrote:
Just because it is the dominant MUA does not make it correct. There are
plenty of MUA's out there that have no problem displaying those messages.
Apologies in advance for perpetuating this OT flame war Anyone with MUA
replacement suggestions not
Anyone else receiving huge as-path (more than 125) causing these:
Jul 3 08:23:06 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for
aspath, requested size 268
Jul 3 08:23:46 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for
aspath, requested size 270
Jul 3 08:27:45 MDT:
- Original Message -
From: Mike Lewinski [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, July 03, 2002 9:46 AM
Subject: AS path fugliness?
Anyone else receiving huge as-path (more than 125) causing these:
Jul 3 08:23:06 MDT: %BGP-3-INSUFCHUNKS: Insufficient chunk pools for
aspath
Marshall Eubanks wrote:
I see the same from AS 16517 -
* 205.139.72.0 216.177.55.5 500 15076 701
3561 23037 {80,109,122,...
Note that our paths diverge after AS 23037
Could IMC Internet (ASN-IMC-BGP) be the source of the problem.
We've opened a ticket with
On Sun, 19 May 2002, Dan Hollis wrote:
netside has been a long time lunatic opponent of RBLs
First they came for the Communists,
and I didn't speak up,
because I wasn't a Communist.
Then they came for the Jews,
and I didn't speak up,
because I wasn't a Jew.
Then they came for the
It was probably a large packet flood to random destination ports. Some of
them happened to hit rshell. What really took out your routing procs was
likely a huge packet flood, but due to volume you may not have been able to
access normal interface counters (i.e. MRTG doesn't get any SNMP packets
48 matches
Mail list logo