On 11/3/07, Allan Liska [EMAIL PROTECTED] wrote:
I know this is just anecdotal, but I have Verizon FIOS in Northern
Virginia and I have not seen sitefinder pop up. I just verified with a
few sites to make sure.
http://www.irbs.net/internet/nanog/0607/0139.html
oops, I was right (kinda).
On 11/5/07, Eliot Lear [EMAIL PROTECTED] wrote:
Cough. So, how much is that NXDOMAIN worth to you?
So, here's the problem really... NXDOMAIN is being judged as a
'problem'. It's really only a 'problem' for a small number of
APPLICATIONS on the Internet. One could even argue that in a
On 11/8/07, Dave Pooser [EMAIL PROTECTED] wrote:
Looks fishy. Why would a company the size of Microsoft register a
single /25? I doubt MS really owns that block.
especially since I think MS knows how to spell its own name:
descr:Microsft (China) Co.Ltd
they provider (CNC
On 11/8/07, Carl Karsten [EMAIL PROTECTED] wrote:
I do the networking in my house, and hang out with guys that do networking in
small offices that have a few T1s. Now I am talking to people about a DS3
connection for 500 laptops*, and I am bing told a p4 linux box with 2 nics
doing NAT
On 11/13/07, Rodney Joffe [EMAIL PROTECTED] wrote:
Are any of you operators utilizing VLANs to/with your transit
providers in order to isolate traffic types or services, and/or to
assist in traffic shaping before it hits your transit connections
(isolating the effects of DDoS's)?
There was
On Dec 17, 2007 10:29 AM, Sean Siler [EMAIL PROTECTED] wrote:
Thanks to all for your private replies - I have the answer now.
(It appears to be Free.fr, if you are interested.)
http://www.iliad.fr/en/presse/2007/CP_IPv6_121207_eng.pdf
I'm glad they managed to get in all the hype for v6
On Dec 17, 2007 9:59 PM, Paul Ferguson [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
- -- Steven M. Bellovin [EMAIL PROTECTED] wrote:
[re: v6 mythos]
In a slightly more realistic vein, a huge address space makes life
harder for scanning worms. As Angelos
On Dec 19, 2007 5:03 AM, Mikael Abrahamsson [EMAIL PROTECTED] wrote:
On Wed, 19 Dec 2007, Jeroen Massar wrote:
new as in We already have one, but we actually didn't really know
what we where requesting, now we need more
We got our current block in 2000 (or earlier, I don't know for sure,
On Dec 19, 2007 6:19 AM, Mohacsi Janos [EMAIL PROTECTED] wrote:
b) get a 'power users' abo, which would thus make people have
to PAY for getting more IP addresses.
They aready do it. In Hungary, if you are home user you can have 1 single
IPv4 address. If you are a business customer,
On Dec 21, 2007 6:48 AM, Joe Greco [EMAIL PROTECTED] wrote:
And I'm having some trouble envisioning a residential end user that
honestly has a need for 256 networks with sufficiently differently
policies. Or that a firewall device can't reasonably deal with those
policies even on a single
On Dec 22, 2007 1:45 AM, Mark Townsley [EMAIL PROTECTED] wrote:
Joe Greco wrote:
I'd say skip the /64 and /48. Don't do the /64, as future-proofing. A
/48 is just something I cannot see need for, given the number of addresses
available as a /56, unless the home user is actually
On Dec 22, 2007 12:23 PM, Ross Vandegrift [EMAIL PROTECTED] wrote:
On Fri, Dec 21, 2007 at 01:33:15PM -0500, Deepak Jain wrote:
For example... Within one's own network (or subnet if you will) we can
absorb all the concepts of V4 today and have lots of space available.
For example... for
On Dec 23, 2007 8:44 PM, Randy Bush [EMAIL PROTECTED] wrote:
and trying to keep 50k machines updated with proper resolvers (in the
simplest example) is easier with RA than DHCP how?
do you really mean skip RA or all of autoconf?
I think what makes sense is to use the parts of ipv6 that
On Dec 27, 2007 5:27 AM, Iljitsch van Beijnum [EMAIL PROTECTED] wrote:
With IPv4, a lot of these features are developed by vendors and
(sometimes) later standardized in the IETF or elsewhere. With IPv6,
the vendors haven't quite caught up with the IETF standardization
efforts yet, so the
On Jan 2, 2008 10:29 PM, Patrick Clochesy [EMAIL PROTECTED] wrote:
By the way... your site is down :)
which site? (merit? nanog? cogent? rtcomm? alphared? 'your site' with
3 this many involved parties leaves things a little ambiguous :(
Error Occurred While Processing Request
Error
On Jan 8, 2008 9:25 PM, yangyang. wang [EMAIL PROTECTED] wrote:
As we known, the DFZ RIB size expand rapidly. It may be resolved via router
architecture improvement, such as adding memory chips or compressing RIB. or
via changing routing and addressing scheme, which one will be the long-term
On Jan 15, 2008 2:42 PM, Rod Beck [EMAIL PROTECTED] wrote:
At the risk of incurring Mr. Pilosoft's wrath (the Putin of NANOG?), I'll
he's not a bad guy actually :) it's a rough job corralling all the
-admin folks I'm certain. Also this isn't really that off topic is it?
looking for NANOG
On Jan 15, 2008 2:02 PM, Jon Lewis [EMAIL PROTECTED] wrote:
On Tue, 15 Jan 2008, Ben Butler wrote:
I want a filter that will automatically match the shorter prefixes that
match any longer prefix, once I can match them I can drop them.
I don't want to manually configure a static prefix
On Jan 13, 2008 6:56 PM, Paul Ferguson [EMAIL PROTECTED] wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Interesting, given that TTNet sits atop this ranking:
https://nssg.trendmicro.com/nrs/reports/rank.php?page=1
I wonder if this is somehow related? ;-)
probably not... but only
On 21 Jan 2008 19:36:04 +, Paul Vixie [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED] (Tony Finch) writes:
Not to start a debate but I've used OpenDNS since last year and been
VERY happy with it
It's fine if you don't mind your DNS server lying to you.
i was told that if one
On Jan 23, 2008 2:08 PM, Randy Bush [EMAIL PROTECTED] wrote:
David Freedman wrote:
Will somebody please, please PLEASE let me know what magic process for
networksolutions are to get glue added, am on the 72nd hour of the
phone game where questions are bouncing between:
as far as
On Jan 24, 2008 10:55 AM, Matt Larson [EMAIL PROTECTED] wrote:
On Wed, 23 Jan 2008, Christopher Morrow wrote:
o netsol understands glue
REGISTRY part of NetSol here, I think David means the REGISTRAR part no?
To my knowledge, there is no registry part of Network Solutions
On Jan 29, 2008 7:14 AM, Ben Butler [EMAIL PROTECTED] wrote:
Or, to ask the question another way, would the low % of infrastructure
backbone attacks increase if the infrastructure started blocking
effectively attacks rather than completing them through null routing the
target. If the
On Jan 30, 2008 3:54 PM, Deepak Jain [EMAIL PROTECTED] wrote:
This is prior art. (Assuming your hardware has a hardware blackhole (or
you have a little router sitting on the end of a circuit)) you adjust
your route-map that would deny the entry to set a community or next-hop
pointing to
On Feb 2, 2008 3:39 PM, Tomas L. Byrnes [EMAIL PROTECTED] wrote:
The bigger issue with all these approaches is that they run afoul of a
patent applied for by ATT:
http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO2Sect2=HITOFFp=1u
On Feb 2, 2008 6:24 PM, Thomas Kühne [EMAIL PROTECTED] wrote:
Another factor is that with IPv4, you need to be pragmatic, because if
you don't, you have no connectivity. With IPv6, you can impose
arbitrary restrictions as much as you want, because IPv4 makes sure
there is always fallback
Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] On Behalf Of Christopher Morrow
Sent: Saturday, February 02, 2008 12:58 PM
To: Tomas L. Byrnes
Cc: Ben Butler; Paul Vixie; nanog@merit.edu
Subject: Re: Blackholes and IXs and Completing the Attack.
On Feb 2, 2008 3:39 PM
On Feb 3, 2008 2:53 PM, Tomas L. Byrnes [EMAIL PROTECTED] wrote:
3: Backbone routers can't reasonably filter on a bunch of /32s and also
forward traffic at wire speed.
yes they can. the size of the individual route doesn't matter to the
devices in question, the NUMBER of routes does... (as
On Feb 3, 2008 5:18 PM, Ben Butler [EMAIL PROTECTED] wrote:
Hi,
snip
your point here is that perhaps instead of this scheme one would just
advertise the max-prefix-length (/24 currently) from a 'better' place on
your network and suck all the 'bad' traffic (all traffic in point of
fact)
On Feb 6, 2008 12:11 AM, Mark Andrews [EMAIL PROTECTED] wrote:
(from me)
How does a cache-resolver know that it's time to issue a query with edns0?
cache-resolver that support EDNS0 will make EDNS0 queries
by default. They will fallback to plain DNS if the query
On Sun, Feb 24, 2008 at 8:42 PM, Patrick W. Gilmore [EMAIL PROTECTED] wrote:
2: Within a jurisdiction where North American operators have a good
chance of having the law on their side in case of any network outage
caused by the entity.
This is also a bit strange. Do your users never
On Mon, Feb 25, 2008 at 2:32 AM, Hank Nussbacher [EMAIL PROTECTED] wrote:
we've been warning that this could happen *again* - this is happening
every day - just look to:
http://cs.unm.edu/~karlinjf/IAR/prefix.php?filter=most
http://cs.unm.edu/~karlinjf/IAR/subprefix.php?filter=most
So,
On Tue, Feb 26, 2008 at 10:40 AM, hjan [EMAIL PROTECTED] wrote:
I think that they should use remote triggered blackhole filtering with
no-export community.
In this way they do the job with no impact on the rest of internet.
so, certainly this isn't a bad idea, but given as an example:
On Tue, Feb 26, 2008 at 7:17 PM, Joel Jaeggli [EMAIL PROTECTED] wrote:
John Payne wrote:
On Feb 25, 2008, at 1:22 AM, Christopher Morrow wrote:
except that even the 'good guys' make mistakes. Belt + suspenders
please... is it really that hard for a network service provider
On Mon, Mar 10, 2008 at 4:00 AM, Joe Shen [EMAIL PROTECTED] wrote:
hi,
is there any tool could measue e2e TCP connection
speed?
e.g. we want to measue the delay between the TCP SYN
and receiving SYN ACK packet.
So, all you want to know is basic RTT? Do you want to know about the
On Mon, Mar 10, 2008 at 11:01 AM, Josh Karlin [EMAIL PROTECTED] wrote:
All,
Some of you are aware of the site for network operators:
http://iar.cs.unm.edu/ which has running for two years now. The purpose of
the site is to detect and distribute network anomaly information to the
network
On Mon, Mar 10, 2008 at 7:58 PM, Ang Kah Yik [EMAIL PROTECTED] wrote:
Hi Justin (and all others on-list)
I understand your grounds for blocking outbound SMTP for your customers
(especially those on dynamic IP connections).
It probably will do good to block infected customers that are
On Tue, Mar 11, 2008 at 2:27 AM, Jo Rhett [EMAIL PROTECTED] wrote:
Justin Shore wrote:
I'm assuming everyone uses uRPF at all their edges already so that
eliminates the need for specific ACEs with ingress/egress network
verification checks.
ha. I only wish that was true.
We do
On Sun, Mar 16, 2008 at 2:07 AM, Glen Kent [EMAIL PROTECTED] wrote:
Paul,
Also: I have seen instances where a static route points to a next
hop that (inadvertently) may be redistribute-static injected into
BGP. This happens occasionally due to ad hoc configurations, back-
On Thu, Mar 20, 2008 at 1:33 PM, Steve Atkins [EMAIL PROTECTED] wrote:
He's Marlon Phillips, [EMAIL PROTECTED], I'm pretty sure, though which
particular squatter company he represents, I've no idea.
where does mapcom.net go? bizland.net ... registered through verisign
and hosted at
On Mon, Mar 31, 2008 at 11:24 AM, [EMAIL PROTECTED] wrote:
Let's make it simple and say it in plain English. The users
of services have made the decision that it is good enough
to be a user of a service hosted in a data center that is
remote from the client. Remote means in another
On Fri, Apr 4, 2008 at 9:51 PM, Paul Vixie [EMAIL PROTECTED] wrote:
(i'd hate to think that everybody would have to buy roberts' (anagran's)
Fast Flow Technology at every node of their network to make this work. that
doesn't sound inexpensive to me.
I suppose he could try to sell it...
On Mon, Apr 14, 2008 at 11:17 AM, [EMAIL PROTECTED] wrote:
On Sun, 13 Apr 2008 17:50:25 EDT, Barry Shein said:
So this is (yet another) fishing expidition -- as MIME types are a handy
list, if any of those strings were present in a header, as in
[EMAIL PROTECTED], would any
On Mon, Apr 14, 2008 at 3:05 PM, Stuart Henderson [EMAIL PROTECTED] wrote:
On 2008-04-14, Christopher Morrow [EMAIL PROTECTED] wrote:
It's got some interesting implications if it's: domain.exe ... 'did
you mean to go to domain.exe or execute domain.exe or display
domain.pdf ?' the UI
44 matches
Mail list logo
