advisory to
drop just 92 byte ICMP traffic, we had other random types of traffic
dropped as well (possibly an IOS bug, but who knows).
It is cisco. There are no bugs. They are unknown features. When Cisco does
figure out what that those packets are, they will document it.
Alex
NAC is not a global intercontinental super-duper backbone, but we do the
same.
It takes some education to the customers, but after they understand why,
most are receptive.
Especially when they get DOS'ed.
On Thu, 28 Aug 2003 [EMAIL PROTECTED] wrote:
On Wed, 27 Aug 2003, [EMAIL
an order from DHS to do that or were you just asked?
(2) How did DHS managed to not know about such order?
(3) Are you going to bend over and do everything DHS politely asks
you to do?
Thanks,
Alex
anyone else been asked to rate limit by the U.S. Department of Homeland
Security?
Just about everyone with a large enough US office was asked by DHS, in a
public statement...
Isnt there a difference between we have been asked and we have been
ordered to?
Alex
.
Alex
Hello,
Did anyone recently see anyone from fast.net that does not get
confused by show ip bgp prefix output or did the bankruptcy force them
to cut payroll so much that they cannot afford anyone but a Chubb Institute
type?
Thanks,
Alex
from though, TCA '96?)
So, you can still get DSL service from your friendly neighbourhood ISP
which would use ILEC's DSLAM-in-RT.
Brave-hearted can always read the full text of triennial review at:
http://www.fcc.gov/Daily_Releases/Daily_Business/2003/db0821/FCC-03-36A1.pdf
Alex Pilosov
I'm still waiting for the discovery of its natural enemy, the Backhoeiosaur.
apl
Eric Kuhnke wrote:
http://www.msnbc.com/news/954985.asp?0dm=C12MT
Associated Press
Scientists say they have identified an ocean sponge living in the darkness of the deep sea that grows thin glass fibers capable
the path
information.
Thanks,
Alex
[1] Fiber that the company physically owns, not leases from another source,
which happen to lease it from another source in exchange for some other
fiber somewhere else where all the fiber in reality travels the same 4 pipe
for 90% of the way.
[2] Real fiber
: a rack + handoff -in their colo- is 55 days and counting.
-alex
up and *mark* the locations where you cannot dig.
The funny part is that they check only first 6 ft i.e. if your conduit is at
the 6.5', touch luck :)
Alex
into what behaves
like an non-overloaded ATM OC3 (or hightly overloaded ATM OC-12) where Yipes
is connecting to Williams, I would be all ears...
Thanks,
Alex
this from wont to should not.
The reason for that is that if one does not call call before dig, one would
be liable. If one does call and misunderstands, the survey company would be
liable. So those companies prefer to leave very clear marks.
Alex
it,
please remind me the name of the company so I can short it all the way to
zero. Thanks god that the oil people are in charge.
Alex
P.S. The problem with ethanol is the same - the total amount of energy
needed to crate useful fuel is greater than the amount of energy it
generates.
compared to what it would have been had it not
shutdown.
Alex
to section A one needs to deliver the amount nearly equal to what the
section A needs at that specific time and that is a lot of calculatins.
Alex
as long
as one does not skip the linkage between different things:
Econsumed = Econsumed_productive + Qreleased + Wreqired
Econsumed_productive is what you actually used
Qreleased is the energy released in a form of a increase/decrease heat
Wrequired is the work required to get Econsumed.
Alex
in the
competitive energy market so they scream that the government should
subsidize their more costly energy.
Alex
CNN reports that Toronto is out, also.
apl
Damian Gerow wrote:
Thus spake Joel Perez ([EMAIL PROTECTED]) [14/08/03 16:27]:
Has anyone heard of a big Power outage in the North east?
I just got a call from one of my tech's in the GBLX bldg in Newark, NJ
at 1085 raymond and they are telling him
Philadelphia, PA, including 401 North Broad
Alex
y
--
Joel Perez [EMAIL PROTECTED] | IP Engineer
http://www.ntera.net/ | Ntera
305.914.3412
From MSNBC:
Other affected cities included Buffalo, Albany and Syracuse, N.Y.;
Hartford, Conn.; Lansing and many other smaller cities in Michigan; Akron
and Toledo, Ohio; and Ottawa and Montreal in Ontario.
Washington and the federal government were not affected Neither were much
of New
Other affected cities included Buffalo, Albany and Syracuse, N.Y.;
Hartford, Conn.; Lansing and many other smaller cities in Michigan;
Akron and Toledo, Ohio; and Ottawa and Montreal in Ontario.
Washington and the federal government were not affected Neither were
much of New England -
by the provider.
Alex
Thanks in advance,
Mike
Michael Donahue
WATG
(949) 574-8500 x261
DGA Date: Thu, 31 Jul 2003 13:10:20 -0400
DGA From: David G. Andersen
DGA a) DHCP'ing everyone is just easier.
Assign unchanging IP address based on MAC address. Done/done.
And quadrupple your techsupport costs? Thanks, but no thanks.
Alex
blah blah
Dont you understand? It just does not work. I am going to Verizon. I am
canceling my account
Alex
of the request.
When you dont have alternatives, it does seem like a possible good idea.
When it costs money to add additional customers, any additional step that a
customer should make gives the customer yet another reason to switch to
someone that does not make them jump.
Alex
a customer's
son/daugter/computer-expert-from-chubb-institute-friend does something and
it breaks your lovely system you will not just increase your tech support
costs, but also will lose the customer.
Alex
addresses within a day? Two days? Three
days?
There is a higher cost to provide the static address service. Giving it for
free makes no sense. There is a much smaller cost to provide dynamic address
service, which tends to be built into the provice of the product.
Alex
were
clearly not a result of any vulnerability in Absa's Internet security.
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
Like I said, it's not going to be perfect, but it is better than blindly
spewing out evil packets.
Between me and you, ospf packets or bad stp packets are a lot more dangerous
than the whack a cisco router. Just try it.
Alex
your
way towards the edges.
Pray tell, the virus will also get BGP feeds to determine where the edges
are?
Alex
them a
little bit less sci-fi, shall we? How about it would create valid looking
OSPF packets with garbage in them? or create valid looking STP packets
Alex
Just a handful of traceroutes would give it enough information to start
at a major backbone and work back towards itself.
I guess all folks with Ph.D. at Akamai really are paid for nothing if a
virus could calculate that with a few traceroutes.
Alex
. Do not introduce yet another name
for filtering that works only in some cases. Fix the filtering code so we
can filter *anything* at *any packet rate* on *any interface* that pass *any
traffic* without bringing the router to its knees.
Alex
http://www.yahoo.com/ differently.
Server A goes to 216.109.125.69. The Server B goes to 66.218.71.92.
The 66.218.71.92 is a faster route for me.
How do I get Server A to resolve to 66.218.71.92?
Have Server A declare itself authoritative for www.yahoo.com and set up
an A record
I was just answering the question How do I get Server A to resolve to
66.218.71.92? The rest was up to him.
On Fri, 13 Jun 2003, Mike wrote:
Alex Kamantauskas wrote:
Have Server A declare itself authoritative for www.yahoo.com and set up
an A record pointing to 66.218.71.92
to the square 1.
Thank you,
Alex
issues that are manifesting themselves, or your interface with the registry
that runs gTLD is broken... If this person does exist, can you please drop
me email off list?
Thanks,
Alex
If you're running tests do you want too see results such as
192.168.22.0, 172.16.89.22, 10.129.20.222, 10.12.22.2? Wouldnt it be
easier if your test results looked like this: 1.10.1.1, 10.10.1.1,
100.10.1.1, 1.1.1.1, 10.1.1.1, 100.1.1.1, etc?
What's wrong with results that look like:
--
[-] Omae no subete no kichi wa ore no mono da. [-]
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
the same thing.
I've heard many a story of the paralleling gear causing the problem in the
first place, as well...
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
On Thu, 29 May 2003, Simon Lockhart wrote:
On Thu May 29, 2003 at 04:29:13PM -0400, Alex Rubenstein wrote:
From folks I've talked to (engineers and industry people), Powerware seems
to be known as the UPS that just works. I've yet to talk to one person who
had a powerware die on them
/etc before working on gear isn't always remembered.
If only the equipment manufacturers would stop gauging on price for
DC equipment/power supplies.
Amen!
You'd think there might actually be less components in the things :)
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency
contained herein
or that this message or any of its attachments is free of viruses.
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
grid feeds to the building; two ATS's, one per grid feed;
one generator per ATS; one UPS per ATS. Then, give each customer a power
feed from both grid feeds.
But no one, not you, not me, can do this and provide a $650/month rack
with 20 amps of power, and stay in business.
-- Alex Rubenstein
Fire at nac.net
http://www.nac.net
Alex
normal network reach ability to their servers.
Our technicians are working on restoring power to atm1.oct.nac.net and
cust3.oct.nac.net now.
UPDATE - 11:33am EDT: Power to atm1.oct.nac.net and cust3.oct.nac.net has
been restored.
Alex
-Original Message-
From: [EMAIL PROTECTED] [mailto
http://www.nac.net
Alex
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
G'd afternoon,
Can anyone with ability to do an emergency turnup of a DS1 in
Philadelphia get in touch with me off-list?
Thanks,
Alex
From: Stephen Sprunk [EMAIL PROTECTED]
Common carrier status exists for this very reason. Unfortunately, it
probably means we'll have to stop filtering things like spam and DoS,
since
filtering on content inherently violates common carrier protection -- see
the smut suit against AOL a few
If you price your product on the assumption that the average customer only
uses 5% of their bandwidth then it doesn't take many customers using 50%
or 100% of it to really spoil your economics
Personal Telco has some interesting opinions on this:
, for example?
Thanks..
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
transit from providers located in a
single place and sell it to the customers that take delivery of the IP on
their terms. Should they want to move to a peering model, they would
suddenly need to pay for people who know, understand and can deal with the
operational issues that peering presents.
Alex
are forgetting:
salaries
depreciation
leases
IRU
financing expenses
...
etc etc etc
Alex
[skip]
24 *
[dies]
[C:\]host 208.196.93.204
208.196.93.204 = ecobeauty.org
And we are supposed to take The Ultimate Diagnosis from a person who
would not think of using tcptrace, telnetting into port 80 or to see if that
was an ACL? Phlease.
Alex
telescopes.
Alex
*
cost.
Alex
lightbulbs.
Does not work, sorry.
Alex
? When in 1995 we were getting simplex IP links
over satellites up that is how we did the testing before bringing them up
on the birds.
Alex
of
cases. So again, why am I paying to someone to provide me incorrect
information?
Alex
not let you to hi-jack the session.
Alex
running
BGP, and may pay a premium for this extra.
Who cares? If the other routers are configured correctly, they wont take
tainted advertisements. If they are not configured correctly, any Super
Secure BGP wont help.
Alex
---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.459 / Virus Database: 258 - Release Date: 2/25/2003
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
.
Stateful packet filtering by C sitting between A and B is fallacy since in
order for C to make an intelligent decision it may need to know the details
of every possible communication protocol used by A and B.
Alex
Does anyone on the list know of any ISPs that bill based on average
utilization, rather than some variation of 95th percentile?
Sure. As long as your math is correct it does not matter how do you
calculate your bill.
Alex
really weird. Perhaps
they use it as a cheap load balancer?
Cheers,
Alex Lambert
[EMAIL PROTECTED]
- Original Message -
From: Stephen Milton [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Sent: Wednesday, February 05, 2003 6:47 PM
Subject: Odd DNS responses for www.neopets.com
should a real attack be mounted against
the networks used by financial services?
Alex
is far more important than anything CapEx will buy you alone.
Note it is not difficult to envisage how this attack could have been
far far worse with a few code changes...
Alex Bligh
client.
Alex
exposed POTS wires running to the wall?
If you look carefully at those wires (without flipping out mini-mart owners)
you are most likely to notice that it has either two visible POTS lines or
one cable carrying two phone lines.
Alex
to verify that we in fact can perform function that we
have been contracted by you to perform.
Still like it?
Just a thought.
Just an answer.
-Dave
Alex
Alex, although technically correct, its not practical. How many end users
vpn in from home from say a public ip on their dsl modem leaving
themselves open to attack but now also having this connection back to the
Secure inside network. Has anyone heard of any confirmed cases of this
yet
On Mon Jan 27, 2003 at 03:03:09PM -0500, [EMAIL PROTECTED] wrote:
Alex, although technically correct, its not practical. How many end users
vpn in from home from say a public ip on their dsl modem leaving
themselves open to attack but now also having this connection back
difficult than implementing a security
policy for an office with 5 computers that are connected to the Internet.
Alex
. The other designs are not only
more expensive but also less reliable (as we have seen here).
Alex
alex This is a very bad band-aid. The solution is amazingly simple -
Just to be clear, the solution to WHAT is amazingly simple?
alex make it uneconomical to have unprotected networks,
For whom to have unprotected networks? What constitutes a protected
network? How does one make
Given that the head of one of our three-letter-agencies managed to get
this sort of thing wrong, what makes you think that Joe Middle-Manager
who's more concerned about fixing a spreadsheet will get it correct?
Because it is not that difficult. A security policy of a little office
I apologize in advance for my off-topic posting. I doubt I am alone,
though, in saying that Alex Yuriev needs to slow his roll.
'D' key is your friend.
Alex, stop sending a follow-up to everything you read. If you really
have something to say, please just write a pointed email
it is
beyond me.
Alex
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
-- Forwarded message --
Date: Sat, 25 Jan 2003 01:50:34 -0500
From: Tim Yocum [EMAIL PROTECTED]
To: [EMAIL PROTECTED] [EMAIL PROTECTED
into it.
But i am on Qwest and GBLX.
-Original Message-
From: Alex Rubenstein [mailto:[EMAIL PROTECTED]]
Sent: Sat 1/25/2003 1:04 AM
To: hc
Cc: [EMAIL PROTECTED]
Subject: Re: Level3 routing issues?
I dunno about that. But, I am seeing, in the last
of which run MS SQL.
--
Blaine Kahle
[EMAIL PROTECTED]
0x178AA0E0
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
[EMAIL PROTECTED] show firewall filter proactive-filter
NameBytes Packets
mssql-drops 916252204 2267951
term NO-MSSQL {
from {
packet-length
that
they don't have a firewall in front of at least one MS SQL server on their
network. Should you really have port 1433/4 open to the world? Would you
do this with a MySql server?
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36
that the mid-2002/SP3 patches work? I haven't heard
anything difinitive on this yet.
Jack Bates
Network Engineer
BrightNet Oklahoma
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
of a vulnerability detected six months ago in Microsoft sequel
servers, used mainly by companies to store information.
Then, first tombstone:
MORE NEWS
Gates pledges better software security
HAHAHAH
(props to troy corbin for this)
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED
, to be very scary.
Comments?
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
packet
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
]http://www.isomedia.com
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
, to be very scary.
Comments?
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al Reuben --
--Net Access Corporation, 800-NET-ME-36, http://www.nac.net --
--
actually, there are some good people over there).
However, it appears that one of the 'root' boxes of this attack was at HE.
This is the third or fourth time I've seen theit netblocks mentioned as
the source of some of the first packets.
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al
While it's possible that _none_ of the vulnerable servers have _any_
'personal information', I'd venture to guess otherwise.
Agreed. And, even if it is super encrypted, who cares? Enough CPU and time
will take care of that.
-- Alex Rubenstein, AR97, K2AHR, [EMAIL PROTECTED], latency, Al
/ It
does happen transparently for most types of sockets, however the attacker
can and will disable ECN with a single syscall.
Alex
Sun's hme cards won't go full duplex even though they advertise it to
remote switch, causing immense headaches to anyone with Sun gear...
http://www.eng.auburn.edu/~rayh/solaris/solaris2-faq.html#q4.13
-alex
On Tue, 7 Jan 2003 [EMAIL PROTECTED] wrote:
Heh. Tell that to my Catalyst 3548's
IIRC, and I may be wrong, either IS-IS or CLNS (can't remember which)
can look at congestion, and EIGRP can look at load if you tweak the K
parameters.
Silly redistribution of IGP into BGP leads to flapping.
Flapping leads to dampening.
Dampening leads to suffering.
Alex
peering sessions
to control inbounds better?
Because they do not do custom anything.
Alex
- websites tend to send traffic out,
not take traffic in.
Alex
of the inbound link from others being saturated for a
company that provides mostly transit to webhosters is nill to nothing.
Alex
to deal with that would be for cogent to
provide special community that would allow me to direct cogent to prepend
several of their ASN to level3 advertisements.
Cogent doesnot do anything custom.
Alex
likely. Use them.
Alex
This is a very common situation if you have any decent amount of peering,
and/or if you are considering peering with a provider who has any
reasonable number of multihomed customers. As we've already proved in
previous nanog emails, the top 20 route-announcing
301 - 400 of 528 matches
Mail list logo