Re: net-co-op (was Re: who offers cheap (personal) 1U colo?)

[Valdis . Kletnieks]

On Wed, 17 Mar 2004 13:28:24 PST, Jay Hennigan said:

> >  Oh come on, what was .coop for if not this? :)
> 
> People in the poultry business?  :-)

Actually, a somewhat reasonable conclusion for a non-native speaker of English,
and a concern that *does* have to be addressed by many of the "plethora of TLD"
proposals that crop up every once in a while.  '.coop' probably has less mnemonic 
value on
a worldwide basis than the Mandarin characters for the capital city of China



pgp0.pgp
Description: PGP signature

Re: who offers cheap (personal) 1U colo?

[Michael . Dillon]

>Restrict it to people you've met or spoken to enough 
>to think you know them..
^
That is the problem. Password access to a members-only
looking glass can prevent temptation and grief. And
nobody needs shell access per se because we are talking
about people who have root on their own servers.

Some people have done a lot of work on locking down
the original looking-glass script. Is there a version 
of this that is generally accepted to be the best?

How useful would it be to folks to have access to
a set of looking glasses that have a few more options
than the classic one, i.e. TCP traceroute, PathChirp
one-way latency measurements, etc.? 

--Michael Dillon

Re: net-co-op (was Re: who offers cheap (personal) 1U colo?)

[Eric Brunner-Williams in Portland Maine]

> > > net-co-op.org. ...
> >
> >  Oh come on, what was .coop for if not this? :)
> 
> People in the poultry business?  :-)

chicken.coop was sought for by many, myself included.

The Director, Co-op Business Development and Member Services, National
Cooperative Business Association, and I are now playing phone tag, so
I expect to have some progress to report for a member-owned colo coop
on a daily basis.

It occurs to me that a member-owned colo coop is not necessarily
location-dependent, nor uniquely valued.

Eric

Re: net-co-op (was Re: who offers cheap (personal) 1U colo?)

[Jay Hennigan]

On Wed, 17 Mar 2004, Daniel Medina wrote:

>
> On Wed, Mar 17, 2004 at 02:01:43PM -0700, Janet Sullivan wrote:
> > Based on the response I've gotten off-list from people interested in
> > sharing our resources & know-how with each other, I've just registered
> > net-co-op.org. ...
>
>  Oh come on, what was .coop for if not this? :)

People in the poultry business?  :-)

-- 
Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED]
WestNet:  Connecting you to the planet.  805 884-6323  WB6RDV
NetLojix Communications, Inc.  -  http://www.netlojix.com/

Re: net-co-op (was Re: who offers cheap (personal) 1U colo?)

[Eric Brunner-Williams in Portland Maine]

Janet,

Since your note earlier today there have been just under 200 fetches of
the html.

I've written to Byron Henderson and asked him to help me with the coop
formation. He and I worked on the .coop sTLD proposal, and as I mention
I discussed member-owned colo coop with Carolyn Hoover of the NCBA this
week, as well as the similar idea for bloggers as a vhost user class in
Rome last week.

There are not a lot of cooperatives out there ... Mt. Xinu was employee
owned. Poptel was an employee-owned coop in the ISP and hosting markets,
including the .coop registry implementor and operator, but recently was
forced to convert to structured venture-equity ownership. There is some
bandwidth purchaser's cooperative in the South West ... 

Cheers,
Eric

Re: net-co-op (was Re: who offers cheap (personal) 1U colo?)

[Daniel Medina]

On Wed, Mar 17, 2004 at 02:01:43PM -0700, Janet Sullivan wrote:
> Based on the response I've gotten off-list from people interested in 
> sharing our resources & know-how with each other, I've just registered 
> net-co-op.org. ...

 Oh come on, what was .coop for if not this? :)

-- 
Daniel Medina

net-co-op (was Re: who offers cheap (personal) 1U colo?)

[Janet Sullivan]

Based on the response I've gotten off-list from people interested in 
sharing our resources & know-how with each other, I've just registered 
net-co-op.org.  In the next couple of days I'll set up a mailing list 
and a basic web page.

Once the mailing list is set up, I'll post another message to NANOG.  On 
the net-co-op mailing list we can hash out a basic charter agreement and 
get to know each other.

More to come...

Janet

Re: who offers cheap (personal) 1U colo?

[Janet Sullivan]

Mike Damm wrote:

That being said, I've had the idea for a couple years now of getting enough
geeky folks together to rent a rack on both coasts and populate it with a
few different operating systems and bits of gear for just the reasons
outlined in this thread.
So if you decide to put something together, I'm up for it.
I got an email from Eric Brunner-Williams who hangs out on freebsd-isp 
and nanog that really sparked my interest.  Go to

 http://wampumpeag.net/vixie-personal-1U-colo.html

At the bottom of the page it reads:

"We've started the paperwork with the NCBA to form a real 
honest-to-goodness member-owned cooperative for bloggers, and a real 
honest-to-goodness member-owned cooperative for personal 1U colo is just 
a second set of paper.

This is about as vague as a price sheet can get, but this was where we 
were headed before Paul popped the question on NANOG, and in April we'll 
be accepting member 1U units."

Re: who offers cheap (personal) 1U colo?

[Jonathan M. Slivko]

Hello Janet/List -

First, allow me to introduce myself, my name is Jonathan M. Slivko and I 
work for InvisibleHand Networks, Inc. (http://www.invisiblehand.net). 
Currently, we offer colocation and bandwidth services in the New 
York/New Jersey market (Telehouse and Equinix to be precise). The reason 
for this post is to put forth a suggestion:

InvisibleHand Networks, Inc. allows you to buy bandwidth "on demand" as 
needed without having to commit to any bandwidth level, 95th percentile 
or long term contract. We can colocate personal 1U servers at either 
facility for a set price per server and then you can purchase bandwidth 
on our "spot" market. All of our services are on month-to-month 
contracts and we can offer you some kind of discount if you buy in bulk. 
However, without having a valid consensus as to how many people would be 
interested in such a deal, I cannot/will not offer pricing on this list 
(contact me offlist if interested).

I look forward to talking to you soon.

Janet Sullivan wrote:



I have been aching for this now for about six years.  In every
professional setting I've ever been in, a need for this kind of thing
arises and my advice to my employer/client is always the same: pay the
$x per month for a colo server for your network/system engineers to use
as an outpost for emergencies, external analysis, and monitoring.


Exactly!  While route servers are great, sometimes I need the flexablity 
of an outside shell account to do troubleshooting.  I know a few other 
people at work who also keep outside shell accounts somewhere for this 
very purpose.

It seems like approaching one of the larger colo providers and
coordinating some sort of "NANOG Discount" might be one quick route.


I'm of two minds on this.  Obviously, if a group of us go to provider X 
and say we want Z amount of rack space, we can probably get a good deal. 
 On the other hand, I'm also interested in a community of like minded 
folks with servers located in diverse environments who would trade 
access with one another.  If we're all in one rack in one datacenter, 
there is more of a chance we'll all go down together.  If we have a 
diverse footprint, that is much less likely to happen.

The discount could be restricted to those who are appropriately vetted.
This program would be of value to the colo provider because of the
potential for discount recipients to direct business their way.


How would this vetting process work? I'm willing to give other nanog 
folks shell accounts on my machine in return for same, but I really 
don't want to hand out accounts to packet kiddies.

Suffice it to say, I'm interested, both to address current work-day
issues and for personal use.


I'm also interested.  I do currently have a dedicated FreeBSD server in 
Australia for personal use.  Those of us who are running our own 
personal mail & DNS servers could get together to back each other up.

--
Jonathan M. Slivko [EMAIL PROTECTED]
Sales/Network Operations   Invisible Hand Networks, Inc.
http://www.invisiblehand.net
670 Broadway, 2nd Floor, New York, NY 10012
Ph: 212-226-1422  F: 212-202-7640 M: 646-924-9211

Re: who offers cheap (personal) 1U colo?

[Stephen J. Wilcox]

On Wed, 17 Mar 2004, Janet Sullivan wrote:
> How would this vetting process work? I'm willing to give other nanog 
> folks shell accounts on my machine in return for same, but I really 
> don't want to hand out accounts to packet kiddies.

Restrict it to people you've met or spoken to enough to think you know them..

Steve

who offers cheap (personal) 1U colo?

[Janet Sullivan]

I have been aching for this now for about six years.  In every
professional setting I've ever been in, a need for this kind of thing
arises and my advice to my employer/client is always the same: pay the
$x per month for a colo server for your network/system engineers to use
as an outpost for emergencies, external analysis, and monitoring.
Exactly!  While route servers are great, sometimes I need the flexablity 
of an outside shell account to do troubleshooting.  I know a few other 
people at work who also keep outside shell accounts somewhere for this 
very purpose.

It seems like approaching one of the larger colo providers and
coordinating some sort of "NANOG Discount" might be one quick route.
I'm of two minds on this.  Obviously, if a group of us go to provider X 
and say we want Z amount of rack space, we can probably get a good deal. 
 On the other hand, I'm also interested in a community of like minded 
folks with servers located in diverse environments who would trade 
access with one another.  If we're all in one rack in one datacenter, 
there is more of a chance we'll all go down together.  If we have a 
diverse footprint, that is much less likely to happen.

The discount could be restricted to those who are appropriately vetted.
This program would be of value to the colo provider because of the
potential for discount recipients to direct business their way.
How would this vetting process work? I'm willing to give other nanog 
folks shell accounts on my machine in return for same, but I really 
don't want to hand out accounts to packet kiddies.

Suffice it to say, I'm interested, both to address current work-day
issues and for personal use.
I'm also interested.  I do currently have a dedicated FreeBSD server in 
Australia for personal use.  Those of us who are running our own 
personal mail & DNS servers could get together to back each other up.

[Fwd: Re: who offers cheap (personal) 1U colo?]

[Janet Sullivan]

Stephen J. Wilcox wrote:
if the market for this is nanog and you're just looking for smtp/shell surely we
can manage this between ourselves without charge (ask your nanog buddy for a
shell as a favour).. I know I can and will do this
Well, I do have motives beyond outbound smtp.

I actually looked at some of the mail only services, but I really want
someplace that will do IMAP and authenticated SMTP.  I want to be able
to configure how I filter spam, which I don't want to do at the MUA
level because I'll need to access mail various ways from various locations.
Besides mail, I want to be able to create and control firewall rules on
the box.  I also want to be able to setup Apache exactly like I want it,
etc.  And sometimes its nice to have shell access on a machine in a
different location for troubleshooting purposes.
However, I do like the idea of setting up a community of like minded
individuals who would be willing to do secondary MX and/or DNS for each
other, and perhaps provide basic shell accounts...  On the other hand,
I'm a little leary of giving someone I don't know access to one of my boxes.
I'm curious how a virtual colocation or dedicated server co-op could
work, with values statements on how servers must be run (secure, no
SPAM), etc.  Would there be member fees?  Would members have to
democratically vote to let new members in after some kind of vetting
process?  Would anyone even be interested in such an idea?
It would also be interesting to see what kind of monitoring tools could
be developed with a diverse set of servers in different parts of the
world... could we set up a co-op version of keynote monitoring, where we
helped monitor each other?

Re: Long-term identifiers (was Re: who offers cheap (personal) 1U colo?)

[Dave Crocker]

Sean,

SD> ...  A long-term end-to-end
SD> identifier would let me immediately drop the specific infected computer's
SD> traffic regardless of its rotating IP addresses, even if your abuse


What is to prevent rapid changes to the identifier, even more easily
than rapidly changing IP addresses?

In other words, why "trust" the identifier?  Or at least, how would
this identifier really be long term?

d/
--
 Dave Crocker 
 Brandenburg InternetWorking 
 Sunnyvale, CA  USA 

Re: who offers cheap (personal) 1U colo?

[Eric Gauthier]

> 
> In case I every get another job at a University, how do you separate
> "student areas" from "administration areas"?

When we disable the network in a particular area, if a non-student calls
then its a non-student area ;)

Eric :)

Re: who offers cheap (personal) 1U colo?

[Scott McGrath]

Painting with a broad brush the differentiation between student and
administrative networks is based on location,role and ownership A public
ethernet port in a library is a "student" network even though
"administrative" computers may be connected from time to time.  The
librarian's machine is attached to a "administrative" network.  This is a
fluid definition since the students often work on "administrative"
computers.

The real differentiator is the "student" networks are comprised of
machines the university does not own or have direct administrative control
over and securing these machines is up to the owner.

An administrative network is a network of machines owned and controlled by
the university hence the security policy is defined, implemented and
enforced by the responsible parties within the university.

Scott C. McGrath

On Tue, 16 Mar 2004, Laurence F. Sheldon, Jr. wrote:

>
> Curtis Maurand wrote:
>
> > Then anyone can walk up to the machine and get onto the network simply by
> > turning on the machine.
> >
> > The system you're looking for involve biometrics or smartcards.  Firewalls
> > between student and administration areas would be a good idea as well.
>
> It must be dreadful to work in a place where everybody is The Enemy.
>
> In case I every get another job at a University, how do you separate
> "student areas" from "administration areas"?
>
> In my limited experience, we had students in labs, classrooms, and
> offices in the Administration Building, administrators (RA'a, residents,
> offices) in the Residence Halls, all kinds of creepy people in the
> libraries, classrooms, offices, dining rooms, and recreational and
> exercise facilities.  Do you use armed guards to keep everybody in
> their proper areas?
>
> --
> Requiescas in pace o email
>
>

Re: who offers cheap (personal) 1U colo?

[Laurence F. Sheldon, Jr.]

Curtis Maurand wrote:

Then anyone can walk up to the machine and get onto the network simply by 
turning on the machine.   

The system you're looking for involve biometrics or smartcards.  Firewalls 
between student and administration areas would be a good idea as well.
It must be dreadful to work in a place where everybody is The Enemy.

In case I every get another job at a University, how do you separate
"student areas" from "administration areas"?
In my limited experience, we had students in labs, classrooms, and
offices in the Administration Building, administrators (RA'a, residents,
offices) in the Residence Halls, all kinds of creepy people in the
libraries, classrooms, offices, dining rooms, and recreational and
exercise facilities.  Do you use armed guards to keep everybody in
their proper areas?
--
Requiescas in pace o email

RE: who offers cheap (personal) 1U colo?

[Curtis Maurand]

On Mon, 15 Mar 2004, Vivien M. wrote:
> 
> You must be talking about a different Netreg system that the one everyone
> else has used. The one we're talking about involves you logging in when you
> connect with an unknown MAC - once you've used the system to match your MAC
> to your student number/login/etc, then the DHCP server will give you a real
> IP the next time you request a lease...

Then anyone can walk up to the machine and get onto the network simply by 
turning on the machine.   

The system you're looking for involve biometrics or smartcards.  Firewalls 
between student and administration areas would be a good idea as well.

Curtis

--
Curtis Maurand
mailto:[EMAIL PROTECTED]
http://www.maurand.com

RE: who offers cheap (personal) 1U colo?

[Curtis Maurand]

On Mon, 15 Mar 2004, Andrew Dorsett wrote:

> 
> On Mon, 15 Mar 2004, Vivien M. wrote:
> Yes I am... I am referring to a system which an unmentionable university
> has in place.  It requires the user to enter their username and password
> each time the link state changes before they are allowed outside of the
> local lan.  This is also similar to the new port
> authentication system on the Extreme Networks switches.  It automatically
> delves out an address to the user so they can access a login portal and
> then it reissues them a legitimate address once they have been
> authenticated.  This is a pretty slick setup for mobile users who connect
> in temporarily to public portals but it makes little sense in a fixed
> network environment of a dorm room or office.

Its the same type of system used for hotspots.

Curtis
--
Curtis Maurand
mailto:[EMAIL PROTECTED]
http://www.maurand.com

Re: who offers cheap (personal) 1U colo?

[John Kristoff]

On Mon, 15 Mar 2004 23:17:27 -0500 (EST)
Andrew Dorsett <[EMAIL PROTECTED]> wrote:

> I'm not referring to the time required to implement.  I'm talking about
> the time it takes for the user.  On the user end.  Lets do some simple
> math.  Lets say I turn on my laptop before I shower, I power it down
> during the day while I'm in class and I turn it back on when I get home in
> the evening.  This means two logins per day.  Lets say that the login

The systems I've my familiar with require only a single login per quarter,
semester or school year unless there is a manual de-registration, which is
most often due to a AUP violation or system compromise.

John

Re: who offers cheap (personal) 1U colo?

[Michael . Dillon]

>  Too bad I can't automate the web logins.

Huh!?

http://curl.haxx.se/

And then there are all those Windows macro recorder 
programs http://www.tucows.com/macros95_default.html

--Michael Dillon

network or not? Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Scott Weeks]

On Mon, 15 Mar 2004, Alexei Roudnev wrote:

First, let me say that I appreciate your s wrt the s2n ratio here.  I
don't want to indicate otherwise.  But, to get into the circle with
everyone else and shoot some marbles...  :)

: Ok - is name resoluution issue network issue or not? if it is, how can you
: answer anything without knowing, for example, of existing Windows DNS
: client with internal cache, and difference between 'ping' and 'nslookup'
: name resolution on Solaris?
:
: Is ARP problem - network one or not? if it is, how can you determine, what
: happen, if some crazy server became ARP proxy and sends wrong
: information to everyone?

Loopback plug, sniffer or some similar geek thingie.  Not the network;
hand the ticket off.  I guess it means defining what we mean by "the
network".


: For tier-2  - I agree. For real tier-3 - I can not. Those friends, who are
: excellent network engineers (much better than me, with CCIE
: and other _really good_ experience), knows Windows and Unix on a very good
: level. (of course, if some HR asks them 'where is configuration file for
: SAMBA on Solaris - no one answer, but it does not mean that they do not know
: Solaris; and you can always met religious people 'my god is MS / my god is
: Linux').

I never said a good netgeek didn't know these things.  I only said, you
don't HAVE to know them to be a good escalation network engineer for a big
ass network with specialized folks.


: Is it bad, If they (your sysadmins) understand your backbone
: infrastructure and understand such things, as MTU MTU discovery, knows
: about ACL filters (without extra details) and existing limitations? They
: are not required to know about VPN mode or T3 card configuration, but
: they must understand basic things.

This is what makes good network/system engineers on both sides of the
fence.  When the ticket is tossed over the fence, the crapwork is done.
Person that gets the ticket is happy and returns the favor when tossing a
ticket your way.  Get both sides caring about tossing tickets properly and
you gotta kick-ass team going on.  damn, i miss the days...


: Else, everything ends up in a long delays and 10 person technical
: meetings (by the phone, of course) - which is the best way of wasting
: anyone's time.

OUCH!!! The pain in my brain from absorbing that idea!! :-)

scott



:
: - Original Message -
: From: "Scott Weeks" <[EMAIL PROTECTED]>
: To: <[EMAIL PROTECTED]>
: Sent: Monday, March 15, 2004 1:32 PM
: Subject: Re: Platinum accounts for the Internet (was Re: who offers cheap
: (personal) 1U colo?)
:
:
: >
: >
: >
: > On Mon, 15 Mar 2004, Alexei Roudnev wrote:
: >
: > : I expect, that good (tier-3, to say) network engineer MUST know Windows
: and
: > : Unix (== Linux, FreeBSD etc) on tear-2 (or better) level. Else, he will
: not
: > : be able to troubleshout his _network problem_ (because they are more
: likely
: > : complex Network + System + Application + Cable problem).
: > :
: > : So, it is not a good answer.
: >
: > No true in many cases.  All I have to prove is it's not the network and
: > then I hand it off to the windows/*nix/ sysadmins.  To prove
: > it's not the network, I don't need to know the end systems in any sort of
: > detail.
: >
: > scott
: >
: >
: >
: > :
: > : - Original Message -
: > : From: "Pete Templin" <[EMAIL PROTECTED]>
: > : To: <[EMAIL PROTECTED]>
: > : Sent: Monday, March 15, 2004 7:16 AM
: > : Subject: Re: Platinum accounts for the Internet (was Re: who offers
: cheap
: > : (personal) 1U colo?)
: > :
: > :
: > : >
: > : > Laurence F. Sheldon, Jr. wrote:
: > : >
: > : > > Pete Templin wrote:
: > : > >> There's a reason I've gotten out of small ISP consulting - I don't
: do
: > : > >> Windows, and I'm getting overrun by Linux corrosion slowly.  I
: route,
: > : > >> I switch, I help with securing networks.  And I do wear a lot of
: hats
: > : > >> at my day job, but I remind them that they hired a specialist, and
: > : > >> promised lots of server support all along the way.  Granted, the
: > : > >> Windows guy is overloaded and the UNIX/Linux guy would snore in
: front
: > : > >> of his PHB...
: > : > >
: > : > > If you are in Nebraska I can help you with the Unemploy^WWorkforce
: > : > > Development paperwork.
: > : >
: > : > I didn't suggest saying "I'm not gonna do it".  I just suggested "You
: > : > hired me to deploy dynamic routing on your statically-routed network.
: > : > What prompted you to think that I could configure site-wide anti-virus
: > : > services such that no one ever reports a virus leak from our
: enterprise,
: > : > without training, time to test and develop such a critical solution,
: or
: > : > both?"
: > : >
: > : > pt
: > :
: > :
: >
:
:

RE: who offers cheap (personal) 1U colo?

[Andrew Dorsett]

On Mon, 15 Mar 2004, Vivien M. wrote:

> You must be talking about a different Netreg system that the one everyone
> else has used. The one we're talking about involves you logging in when you
> connect with an unknown MAC - once you've used the system to match your MAC
> to your student number/login/etc, then the DHCP server will give you a real
> IP the next time you request a lease...

Yes I am... I am referring to a system which an unmentionable university
has in place.  It requires the user to enter their username and password
each time the link state changes before they are allowed outside of the
local lan.  This is also similar to the new port
authentication system on the Extreme Networks switches.  It automatically
delves out an address to the user so they can access a login portal and
then it reissues them a legitimate address once they have been
authenticated.  This is a pretty slick setup for mobile users who connect
in temporarily to public portals but it makes little sense in a fixed
network environment of a dorm room or office.

Andrew
---
<[EMAIL PROTECTED]>
http://www.andrewsworld.net/
ICQ: 2895251
Cisco Certified Network Associate

"Learn from the mistakes of others. You won't live long enough to make all of them 
yourself."

RE: who offers cheap (personal) 1U colo?

[Vivien M.]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
> Behalf Of Andrew Dorsett
> Sent: March 15, 2004 11:17 PM
> To: John Kristoff
> Cc: [EMAIL PROTECTED]
> Subject: Re: who offers cheap (personal) 1U colo?
> 
> 
> 
> I'm not referring to the time required to implement.  I'm 
> talking about the time it takes for the user.  On the user 
> end.  Lets do some simple math.  Lets say I turn on my laptop 
> before I shower, I power it down during the day while I'm in 
> class and I turn it back on when I get home in the evening.  
> This means two logins per day.  Lets say that the login 
> process is very rapid and takes 30 seconds.  This is a whole 
> minute per day required to login.  Now multiply this by a 
> month and you've wasted 30 minutes of my time.  I coulda 
> spent that time watching TV or heaven forbid, doing homework. 
> :)  My big thing is that often users are the one who are 
> paying the price and spending the time.  I think either 
> system (the mac-ip lookup or the user auth) system could be 
> created in a week using C++ or perl.  This week of 
> development is nothing in the long run when compared to the 
> amount of time it now costs the users.  Come on, how many 
> users save their mail passwords so they don't have to type it 
> in everytime?  What about your dialup password?  Too bad I 
> can't automate the web logins.

You must be talking about a different Netreg system that the one everyone
else has used. The one we're talking about involves you logging in when you
connect with an unknown MAC - once you've used the system to match your MAC
to your student number/login/etc, then the DHCP server will give you a real
IP the next time you request a lease...

Vivien
-- 
Vivien M.
[EMAIL PROTECTED]
Assistant System Administrator
Dynamic Network Services, Inc.
http://www.dyndns.org/ 

Re: who offers cheap (personal) 1U colo?

[Andrew Dorsett]

On Mon, 15 Mar 2004, John Kristoff wrote:

> There are certain environments where it would be nice for people to have
> spent some time.  Working at a university would be one good experience for
> many people, particularly in this field, to have had.

I fully agree...This is the one environment where you definately can't
trust your users.  Unlike most home markets and corporate markets.  These
kids often forget they are paying for service and thus abuse it.

> > think of one university who requires students to login through a web
> > portal before giving them a routable address.  This is such a waste of
>
> In most implementations I'm familiar with, the time and effort is mostly
> spent in the initial deployment of such a system.

I'm not referring to the time required to implement.  I'm talking about
the time it takes for the user.  On the user end.  Lets do some simple
math.  Lets say I turn on my laptop before I shower, I power it down
during the day while I'm in class and I turn it back on when I get home in
the evening.  This means two logins per day.  Lets say that the login
process is very rapid and takes 30 seconds.  This is a whole minute per
day required to login.  Now multiply this by a month and you've wasted 30
minutes of my time.  I coulda spent that time watching TV or heaven
forbid, doing homework. :)  My big thing is that often users are the one
who are paying the price and spending the time.  I think either system
(the mac-ip lookup or the user auth) system could be created in a week
using C++ or perl.  This week of development is nothing in the long run
when compared to the amount of time it now costs the users.  Come on, how
many users save their mail passwords so they don't have to type it in
everytime?  What about your dialup password?  Too bad I can't automate the
web logins.

I don't know a single "normal" (not one of us NANOG folks...) user who has
not opted to save their WinXP password so they don't have to type it in
everytime they reboot the computer.

Andrew
---
<[EMAIL PROTECTED]>
http://www.andrewsworld.net/
ICQ: 2895251
Cisco Certified Network Associate

"Learn from the mistakes of others. You won't live long enough to make all of them 
yourself."

Re: who offers cheap (personal) 1U colo?

[Paul Vixie]

[EMAIL PROTECTED] writes:

> And then there's the newer high-density rackmount units like
> .  This product puts
> up to 24 server blades in a 3U chassis which basically means you can put
> 8 times as many servers in a rack.

sadly, the blade vendors don't want you to be able to buy your backplane
from source A and your blades from sources B, C, and D.  in this niche,
people often already have a 1U or have a special way of getting one (like
e-bay or office surplus), and they need plug and play at the colo level.

when there's a blade standard that integrates power, perhaps cooling
(liquid or conduction), network, and serial or other outofband console,
then we might see blade servers used for personal colo boxes.  until then
the smallest standard interface is a 1U w/ DB9, 100baseTX, and 3prong power.

> And if any of you have played with things like the Zaurus C760/C860 then
> you know where all this is headed.  $50/month today, $25/month in a year
> or two, and then in about 5 years it will be a free perk if you sign a
> two-year contract with your broadband provider.

given the number of virtual hosters i've heard from, i don't think it'll end
like that.  ultimately it'll end with something very much like multics was
planned to be.  in fact this seems more likely than a standard blade interface.
-- 
Paul Vixie

Re: who offers cheap (personal) 1U colo?

[Eric Brunner-Williams in Portland Maine]

> > I'll take "the right customer base" for $50 please Alex.
>
> which is NOT the current dsl/cable-modem user, obviously?

Correct.

> > Rick Adams and Mike O'Dell had an idea in 1987. How is this any different?
> >
> 
> mumble, mumble giant telephone company mumble mumble... In all
> seriousness, I'm not sure this is any different. Their idea, if I got it
> right, was 'ip everywhere'. Perhaps providing smaller scale 'good' colo
> with strong abuse/support is possible, just don't get greedy and get
> gigantic.

The original idea was for USENIX to fund provisioning commercial UUCP
and Usenet access. Go beyond the Federal green-stamp and .edu gardens,
which was NOT the same as going into direct competition with The Well.

It was sparse. It went beyond the then-edge of UUCP and Usenet provisioned
transport and content, but it assumed the existance of a damping function,
and at this point in time, it isn't a waste of time to mull over both of
the positions argued later by Eric Allman and Peter Honneyman.

Eric

Re: who offers cheap (personal) 1U colo?

[Paul Vixie]

> > Rick Adams and Mike O'Dell had an idea in 1987.
> > How is this any different?

actually rick had the idea by himself in 1987.  mike came a bit later.

> Their idea, if I got it right, was 'ip everywhere'.

in that most other companies still thought ISO/OSI was going to be the
commercial protocol of choice, the idea (which was "alternet", not the
original 1987 "uunet"), yes, rick's idea was "i'll bet you're all wrong
and that IP will be the way commercial data networking actually builds
out."

> Perhaps providing smaller scale 'good' colo with strong abuse/support is
> possible, just don't get greedy and get gigantic.

the greed problems don't come in with customer base size but rather
management team experience.  once you get folks running the business
who don't know the industry or the culture or the customers, they start
to think in terms of margin pressure.  a modern-uunet-sized abuse desk
should cost about $2M a year, but would add nothing to revenue, so they
don't have it.

there's no reason you couldn't fill out a 20Ksqft colo room with personal
1U boxes, as long as you were willing to spend the same or more money per
customer (on "customer care" issues) as you did when it was a half rack.
that means your margin will not grow at the same speed as your revenues,
and may actually shrink as a function of revenue growth.  that in turn
means that the founders will have to run it forever, you will not be able
to rent a CEO who graduated business school and simultaneously defend the
reputation of the colo and its IP address space.  (go figure.)

> Paul, does your list include those providers that provide the hardware
> upfront also? or is part of your deal that the equipment comes from the
> customer so they are more willing to behave?

under duress, i'm listing all three kinds (virtual, included, and BYO1U).
note that the virtuals have got me quite concerned since there's NO evidence
that a deposit is taken.  spammers are going to have a field day with them,
and i expect to have to drop them from the list, but first, we'll try it and
hope for the best.
-- 
Paul Vixie

Re: who offers cheap (personal) 1U colo?

[Christopher L. Morrow]

On Mon, 15 Mar 2004, Eric Brunner-Williams in Portland Maine wrote:

> > Certianly the point central to your arguement is that with the right
> > abuse-desk to customer ratio AND the right customer base, things could be
> > kept clean for smtp/web/ftp/blah 'hosting'.
>
> I'll take "the right customer base" for $50 please Alex.

which is NOT the current dsl/cable-modem user, obviously?

>
> > This is most certainly the
> > case... I look forward to seeing your list of providers and prices :)
>
> Rick Adams and Mike O'Dell had an idea in 1987. How is this any different?
>

mumble, mumble giant telephone company mumble mumble... In all
seriousness, I'm not sure this is any different. Their idea, if I got it
right, was 'ip everywhere'. Perhaps providing smaller scale 'good' colo
with strong abuse/support is possible, just don't get greedy and get
gigantic.

Paul, does your list include those providers that provide the hardware
upfront also? or is part of your deal that the equipment comes from the
customer so they are more willing to behave?

Re: .edueyeball LART RE: who offers cheap (personal) 1U colo?

[Valdis . Kletnieks]

On Mon, 15 Mar 2004 11:27:42 -1000, Scott Weeks <[EMAIL PROTECTED]>  said:

> Also, most .edueyeball networks have (and have always had) a VERY low
> budget for networking stuff.  As a result, generally, there is little to
> no plant map documentation, so it isn't the case of looking up the
> physical port on a map and shutting it off.

OK, maybe our network crew is more clued and better financed than most, but
we discovered long ago that although having all the plant documented is
expensive, the alternative is even more costly in the long run.


pgp0.pgp
Description: PGP signature

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Alexei Roudnev]

Is it bad, If they (your sysadmins) understand your backbone infrastructure
and understand such things, as MTU MTU discovery, knows about
ACL filters (without extra details) and existing limitations? They are not
required to know about VPN mode or T3 card configuration, but they must
understand basic things.

Else, everything ends up in a long delays and 10 person technical meetings
(by the phone, of course) - which is
the best way of wasting anyone's time.

> :
> : to pass the buck, one needs to know nothing.  what makes a great noc
> : engineer is taking ownership of the user's problem.
>
> In smaller networks, sure.  However, it's not about passing the buck in
> large networks.  It's about responsibilities.  There, if you take
> ownership of the sysadmin's part of the ticket (where there're a lot of
> sysadmins for every OS), you'll likely get =them= chopped off and
> hung on the wall as an example to others.  I would be pissed if one of the
> sysadmin folks tried to troubleshoot the backbone network instead of
> handing it off to me after clearing their part of the problem...
>
> All I need to do is clear my part and pass it to them with all helpful
> data points included in the ticket.  Any more than that and I'm stomping
> on other folks' toes.
>
> scott
>

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Alexei Roudnev]

Ok - is name resoluution issue network issue or not? if it is, how can you
answer anything without knowing, for example,
of existing Windows DNS client with internal cache, and difference between
'ping' and 'nslookup' name resolution on Solaris?

Is ARP problem - network one or not? if it is, how can you determine, what
happen, if some crazy server became ARP proxy
and sends wrong information to everyone?

For tier-2  - I agree. For real tier-3 - I can not. Those friends, who are
excellent network engineers (much better than me, with CCIE
and other _really good_ experience), knows Windows and Unix on a very good
level. (of course, if some HR asks them 'where is configuration file for
SAMBA on Solaris - no one answer, but it does not mean that they do not know
Solaris; and you can always met religious people 'my god is MS / my god is
Linux').



- Original Message - 
From: "Scott Weeks" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 15, 2004 1:32 PM
Subject: Re: Platinum accounts for the Internet (was Re: who offers cheap
(personal) 1U colo?)


>
>
>
> On Mon, 15 Mar 2004, Alexei Roudnev wrote:
>
> : I expect, that good (tier-3, to say) network engineer MUST know Windows
and
> : Unix (== Linux, FreeBSD etc) on tear-2 (or better) level. Else, he will
not
> : be able to troubleshout his _network problem_ (because they are more
likely
> : complex Network + System + Application + Cable problem).
> :
> : So, it is not a good answer.
>
> No true in many cases.  All I have to prove is it's not the network and
> then I hand it off to the windows/*nix/ sysadmins.  To prove
> it's not the network, I don't need to know the end systems in any sort of
> detail.
>
> scott
>
>
>
> :
> : - Original Message -
> : From: "Pete Templin" <[EMAIL PROTECTED]>
> : To: <[EMAIL PROTECTED]>
> : Sent: Monday, March 15, 2004 7:16 AM
> : Subject: Re: Platinum accounts for the Internet (was Re: who offers
cheap
> : (personal) 1U colo?)
> :
> :
> : >
> : > Laurence F. Sheldon, Jr. wrote:
> : >
> : > > Pete Templin wrote:
> : > >> There's a reason I've gotten out of small ISP consulting - I don't
do
> : > >> Windows, and I'm getting overrun by Linux corrosion slowly.  I
route,
> : > >> I switch, I help with securing networks.  And I do wear a lot of
hats
> : > >> at my day job, but I remind them that they hired a specialist, and
> : > >> promised lots of server support all along the way.  Granted, the
> : > >> Windows guy is overloaded and the UNIX/Linux guy would snore in
front
> : > >> of his PHB...
> : > >
> : > > If you are in Nebraska I can help you with the Unemploy^WWorkforce
> : > > Development paperwork.
> : >
> : > I didn't suggest saying "I'm not gonna do it".  I just suggested "You
> : > hired me to deploy dynamic routing on your statically-routed network.
> : > What prompted you to think that I could configure site-wide anti-virus
> : > services such that no one ever reports a virus leak from our
enterprise,
> : > without training, time to test and develop such a critical solution,
or
> : > both?"
> : >
> : > pt
> :
> :
>

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Stephen J. Wilcox]

> I find it ironic that one of the presentations at the last nanog was about
> a system kind of like that:
> http://www.nanog.org/mtg-0402/gauthier.html
> and that we had some luser on the nanog30 wireless network infected by SQL
> slammer.

Well it wouldnt be nanog without a few infections, password grabs and other 
random security breaches

> Does anyone know who that was, how/if they were located and removed from
> the network, and whether they brought an infected PC (either via stupidity
> or as a joke) or simply brought an unpatched system out from behind their
> firewall/packet filters and got infected before they got a chance to
> actually use the network?

Probably genuine error (clueless/oversight), no names.. where is Randy when you 
want him?

> After that incident, I sniffed the wireless for a little while and noticed
> slammer is alive and well out on the internet and still trying to infect
> the rest of the internet.

*jlewis in network sniffing shock!*

> We're still blocking it at our transit borders.  The one time it was
> removed (accidentally), a colo customer was infected very shortly after
> the filter's protection was lost.

yeah theres lots, we filter for several known worms on the gateway routers at 
the meetings we sponsor, i recommend nanog sponsors do the same (altho it cant 
save u from the devil within)

Steve

> 
> --
>  Jon Lewis [EMAIL PROTECTED]|  I route
>  Senior Network Engineer |  therefore you are
>  Atlantic Net|
> _ http://www.lewis.org/~jlewis/pgp for PGP public key_
> 

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[jlewis]

On Mon, 15 Mar 2004 [EMAIL PROTECTED] wrote:

> Maybe NANOG needs to implement a system where you have to log
> in to a web page with your NANOG meeting passcode in order to
> get a usable IP address. Then, when an infected computer shows
> up we will know exactly whose it was. Might even be interesting
> for a researcher to interview every infected party and figure
> out why it is happening even among a supposedly clueful group.

I find it ironic that one of the presentations at the last nanog was about
a system kind of like that:
http://www.nanog.org/mtg-0402/gauthier.html
and that we had some luser on the nanog30 wireless network infected by SQL
slammer.

Does anyone know who that was, how/if they were located and removed from
the network, and whether they brought an infected PC (either via stupidity
or as a joke) or simply brought an unpatched system out from behind their
firewall/packet filters and got infected before they got a chance to
actually use the network?

After that incident, I sniffed the wireless for a little while and noticed
slammer is alive and well out on the internet and still trying to infect
the rest of the internet.

We're still blocking it at our transit borders.  The one time it was
removed (accidentally), a colo customer was infected very shortly after
the filter's protection was lost.

--
 Jon Lewis [EMAIL PROTECTED]|  I route
 Senior Network Engineer |  therefore you are
 Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Scott Weeks]

On Mon, 15 Mar 2004, Randy Bush wrote:

: > No true in many cases.  All I have to prove is it's not the network and
: > then I hand it off to the windows/*nix/ sysadmins.  To prove
: > it's not the network, I don't need to know the end systems in any sort of
: > detail.
:
: to pass the buck, one needs to know nothing.  what makes a great noc
: engineer is taking ownership of the user's problem.

In smaller networks, sure.  However, it's not about passing the buck in
large networks.  It's about responsibilities.  There, if you take
ownership of the sysadmin's part of the ticket (where there're a lot of
sysadmins for every OS), you'll likely get =them= chopped off and
hung on the wall as an example to others.  I would be pissed if one of the
sysadmin folks tried to troubleshoot the backbone network instead of
handing it off to me after clearing their part of the problem...

All I need to do is clear my part and pass it to them with all helpful
data points included in the ticket.  Any more than that and I'm stomping
on other folks' toes.

scott

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Kelly Setzer]

On Mon, Mar 15, 2004 at 12:21:54PM -1000, Randy Bush wrote:
> 
> > No true in many cases.  All I have to prove is it's not the network and
> > then I hand it off to the windows/*nix/ sysadmins.  To prove
> > it's not the network, I don't need to know the end systems in any sort of
> > detail.
> 
> to pass the buck, one needs to know nothing.  what makes a great noc
> engineer is taking ownership of the user's problem.

The fact of the matter is, business environments today do not frequently
seek specific expertise to solve specific problems, preferring instead
to (ab)use existing employees to do more than they were hired to do with
less time, less training, and fewer resources than they need.  Similarly,
"experts" brought in from the outside are usually expected to opine
on their areas of expertise as little as possible so that they can be
similarly (ab)used to do things other than what they were contracted
to do.  While taking responsibility for solving problems is an important
quality, knowing how to effectively use your time is equally important.

On a good note, contract killers seem exempt from this trend.

Kelly

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Randy Bush]

> No true in many cases.  All I have to prove is it's not the network and
> then I hand it off to the windows/*nix/ sysadmins.  To prove
> it's not the network, I don't need to know the end systems in any sort of
> detail.

to pass the buck, one needs to know nothing.  what makes a great noc
engineer is taking ownership of the user's problem.

randy

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Scott Weeks]

On Mon, 15 Mar 2004, Alexei Roudnev wrote:

: I expect, that good (tier-3, to say) network engineer MUST know Windows and
: Unix (== Linux, FreeBSD etc) on tear-2 (or better) level. Else, he will not
: be able to troubleshout his _network problem_ (because they are more likely
: complex Network + System + Application + Cable problem).
:
: So, it is not a good answer.

No true in many cases.  All I have to prove is it's not the network and
then I hand it off to the windows/*nix/ sysadmins.  To prove
it's not the network, I don't need to know the end systems in any sort of
detail.

scott



:
: - Original Message -
: From: "Pete Templin" <[EMAIL PROTECTED]>
: To: <[EMAIL PROTECTED]>
: Sent: Monday, March 15, 2004 7:16 AM
: Subject: Re: Platinum accounts for the Internet (was Re: who offers cheap
: (personal) 1U colo?)
:
:
: >
: > Laurence F. Sheldon, Jr. wrote:
: >
: > > Pete Templin wrote:
: > >> There's a reason I've gotten out of small ISP consulting - I don't do
: > >> Windows, and I'm getting overrun by Linux corrosion slowly.  I route,
: > >> I switch, I help with securing networks.  And I do wear a lot of hats
: > >> at my day job, but I remind them that they hired a specialist, and
: > >> promised lots of server support all along the way.  Granted, the
: > >> Windows guy is overloaded and the UNIX/Linux guy would snore in front
: > >> of his PHB...
: > >
: > > If you are in Nebraska I can help you with the Unemploy^WWorkforce
: > > Development paperwork.
: >
: > I didn't suggest saying "I'm not gonna do it".  I just suggested "You
: > hired me to deploy dynamic routing on your statically-routed network.
: > What prompted you to think that I could configure site-wide anti-virus
: > services such that no one ever reports a virus leak from our enterprise,
: > without training, time to test and develop such a critical solution, or
: > both?"
: >
: > pt
:
:

.edueyeball LART RE: who offers cheap (personal) 1U colo?

[Scott Weeks]

: > This is a topic I get very soap-boxish about.  I have too
: > many problems with providers who don't understand the college
: > student market.  I can think of one university who requires
: > students to login through a web portal before giving them a
: > routable address.  This is such a waste of time for both
: > parties.  Sure it makes tracking down the abusers much
: > easier, but is it worth the time and effort to manage?  This
: > is a very legitimate idea for public portals in common areas,
: > but not in dorm rooms. In a dorm room situation or an
: > apartment situation, you again know the physical port the
: > DHCP request came in on.  You then know which room that port
: > is connected to and you therefore have a general idea of who
: > the abuser is.  So whats the big deal if you turn off the
: > ports to the room until the users complain and the problem is
: > resolved?


Since no one's mentioned it, the program everyone is referring to is
netreg:
 www.netreg.org
 www.net.cmu.edu/netreg

Also, most .edueyeball networks have (and have always had) a VERY low
budget for networking stuff.  As a result, generally, there is little to
no plant map documentation, so it isn't the case of looking up the
physical port on a map and shutting it off.  Netreg allows you to "bad
web" folks.  They can go nowhere until they call the helpdesk.  It's a
great LART.  >:-)   <=== That's an evil smile...

scott

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Alexei Roudnev]

I expect, that good (tier-3, to say) network engineer MUST know Windows and
Unix (== Linux, FreeBSD etc) on tear-2 (or better) level. Else, he will not
be able to troubleshout his _network problem_ (because they are more likely
complex Network + System + Application + Cable problem).

So, it is not a good answer.

- Original Message - 
From: "Pete Templin" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, March 15, 2004 7:16 AM
Subject: Re: Platinum accounts for the Internet (was Re: who offers cheap
(personal) 1U colo?)


>
> Laurence F. Sheldon, Jr. wrote:
>
> > Pete Templin wrote:
> >> There's a reason I've gotten out of small ISP consulting - I don't do
> >> Windows, and I'm getting overrun by Linux corrosion slowly.  I route,
> >> I switch, I help with securing networks.  And I do wear a lot of hats
> >> at my day job, but I remind them that they hired a specialist, and
> >> promised lots of server support all along the way.  Granted, the
> >> Windows guy is overloaded and the UNIX/Linux guy would snore in front
> >> of his PHB...
> >
> > If you are in Nebraska I can help you with the Unemploy^WWorkforce
> > Development paperwork.
>
> I didn't suggest saying "I'm not gonna do it".  I just suggested "You
> hired me to deploy dynamic routing on your statically-routed network.
> What prompted you to think that I could configure site-wide anti-virus
> services such that no one ever reports a virus leak from our enterprise,
> without training, time to test and develop such a critical solution, or
> both?"
>
> pt

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Pete Templin]

Laurence F. Sheldon, Jr. wrote:

Pete Templin wrote:

I didn't suggest saying "I'm not gonna do it".  I just suggested "You 
hired me to deploy dynamic routing on your statically-routed network. 
What prompted you to think that I could configure site-wide anti-virus 
services such that no one ever reports a virus leak from our 
enterprise, without training, time to test and develop such a critical 
solution, or both?"
It turns out that they can hire people with all kinds of certifications
that say thye can do all of that for a lot less than what they are
paying a "specialist".
You're right again.  But those generalists would earn a spot on the 
"don't hire these top network engineers to maintain your fleet of 
windows boxes" list projected on the screen, while the specialists 
either wouldn't be doing work outside their scope or the PHB would 
understand that it's not their specialty.

pt

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Ben Crosby]

John,

There are the beginnings of some wireless devices that are capable of
directing wireless clients to cease transmission with L2 link control
messages. These are just beginning to emerge, and unfortunately I'm
certain that with only a matter of time people will write drivers that
ignore such control messages.

The end result is that AP's can effectively address a DoS at an
invalid/penalty-boxed host on the wireless ether, and allow everyone
else to remain connected. There is a b/w penalty for the flood of
control messages. One implementation I have been researching leaves
~75% of b/w available for valid traffic. That doesn't seem too bad to
me, but I need to research real stats for how much b/w is consumed by
the worms in the first place.

Cheers,
Ben.


John> On 15 Mar 2004 08:01:15 -0500
John> "Robert E. Seastrom" <[EMAIL PROTECTED]> wrote:

>> > Maybe NANOG needs to implement a system where you have to log
>> > in to a web page with your NANOG meeting passcode in order to
>> > get a usable IP address. Then, when an infected computer shows
John> [...]
>> Seconded.  This is dirt simple to do.  If we believe in public
>> humiliation, a list of infected machines and their owners (along with
John> [...]

John> In the case of some networks and some type of malware, you might need to
John> do more than this.  For example, if a compromised host continues to spew
John> out packets without a valid IP, this still eats link capacity.  If the
John> network is relatively flat, which is often is in wireless configurations,
John> you still have a problem to solve before normal access for everyone else
John> is restored.

John> John

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[John Kristoff]

On 15 Mar 2004 08:01:15 -0500
"Robert E. Seastrom" <[EMAIL PROTECTED]> wrote:

> > Maybe NANOG needs to implement a system where you have to log
> > in to a web page with your NANOG meeting passcode in order to
> > get a usable IP address. Then, when an infected computer shows
[...]
> Seconded.  This is dirt simple to do.  If we believe in public
> humiliation, a list of infected machines and their owners (along with
[...]

In the case of some networks and some type of malware, you might need to
do more than this.  For example, if a compromised host continues to spew
out packets without a valid IP, this still eats link capacity.  If the
network is relatively flat, which is often is in wireless configurations,
you still have a problem to solve before normal access for everyone else
is restored.

John

Re: who offers cheap (personal) 1U colo?

[Janet Sullivan]

Stephen J. Wilcox wrote:
if the market for this is nanog and you're just looking for smtp/shell surely we
can manage this between ourselves without charge (ask your nanog buddy for a
shell as a favour).. I know I can and will do this
Well, I do have motives beyond outbound smtp.

I actually looked at some of the mail only services, but I really want 
someplace that will do IMAP and authenticated SMTP.  I want to be able 
to configure how I filter spam, which I don't want to do at the MUA 
level because I'll need to access mail various ways from various locations.

Besides mail, I want to be able to create and control firewall rules on 
the box.  I also want to be able to setup Apache exactly like I want it, 
etc.  And sometimes its nice to have shell access on a machine in a 
different location for troubleshooting purposes.

However, I do like the idea of setting up a community of like minded 
individuals who would be willing to do secondary MX and/or DNS for each 
other, and perhaps provide basic shell accounts...  On the other hand, 
I'm a little leary of giving someone I don't know access to one of my boxes.

I'm curious how a virtual colocation or dedicated server co-op could 
work, with values statements on how servers must be run (secure, no 
SPAM), etc.  Would there be member fees?  Would members have to 
democratically vote to let new members in after some kind of vetting 
process?  Would anyone even be interested in such an idea?

It would also be interesting to see what kind of monitoring tools could 
be developed with a diverse set of servers in different parts of the 
world... could we set up a co-op version of keynote monitoring, where we 
helped monitor each other?

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Dr. Jeffrey Race]

On Mon, 15 Mar 2004 04:57:03 -0500 (EST), Sean Donelan wrote:

>  NANOG has less than 500 attendees,
>yet has about the same number as infected computers as any other
>ad-hoc network population.

If true this is a very significant fact

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Laurence F. Sheldon, Jr.]

Pete Templin wrote:

Laurence F. Sheldon, Jr. wrote:

Pete Templin wrote:

There's a reason I've gotten out of small ISP consulting - I don't do 
Windows, and I'm getting overrun by Linux corrosion slowly.  I route, 
I switch, I help with securing networks.  And I do wear a lot of hats 
at my day job, but I remind them that they hired a specialist, and 
promised lots of server support all along the way.  Granted, the 
Windows guy is overloaded and the UNIX/Linux guy would snore in front 
of his PHB...


If you are in Nebraska I can help you with the Unemploy^WWorkforce
Development paperwork.


I didn't suggest saying "I'm not gonna do it".  I just suggested "You 
hired me to deploy dynamic routing on your statically-routed network. 
What prompted you to think that I could configure site-wide anti-virus 
services such that no one ever reports a virus leak from our enterprise, 
without training, time to test and develop such a critical solution, or 
both?"
It turns out that they can hire people with all kinds of certifications
that say thye can do all of that for a lot less than what they are
paying a "specialist".
--
Requiescas in pace o email

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Pete Templin]

Laurence F. Sheldon, Jr. wrote:

Pete Templin wrote:
There's a reason I've gotten out of small ISP consulting - I don't do 
Windows, and I'm getting overrun by Linux corrosion slowly.  I route, 
I switch, I help with securing networks.  And I do wear a lot of hats 
at my day job, but I remind them that they hired a specialist, and 
promised lots of server support all along the way.  Granted, the 
Windows guy is overloaded and the UNIX/Linux guy would snore in front 
of his PHB...
If you are in Nebraska I can help you with the Unemploy^WWorkforce
Development paperwork.
I didn't suggest saying "I'm not gonna do it".  I just suggested "You 
hired me to deploy dynamic routing on your statically-routed network. 
What prompted you to think that I could configure site-wide anti-virus 
services such that no one ever reports a virus leak from our enterprise, 
without training, time to test and develop such a critical solution, or 
both?"

pt

Re: who offers cheap (personal) 1U colo?

[Laurence F. Sheldon, Jr.]

Suresh Ramasubramanian wrote:

Laurence F. Sheldon, Jr.  [3/15/2004 7:39 PM] :

If you were willing to live in a place where an electrical overload
caused a fire (as opposed to tripping a circuit-breaker or blowing a
fuse), you have not correctly identified your worst problem, or the
the University's.
That's always there, but at least one dorm that I know of has this rule 
against running appliances in a dorm room.
A rule against running a "hotplate" or other heat-generating appliance
(or all "appliances" to avoind the arguments) makes sense.  A rule
against running power-consumers that were not in the cost-of-overhead
calculation makes sense.
Restricting (or trying to restrict) computers in today's University
environment is delusional.
--
Requiescas in pace o email

Re: who offers cheap (personal) 1U colo?

[Suresh Ramasubramanian]

Laurence F. Sheldon, Jr.  [3/15/2004 7:39 PM] :

If you were willing to live in a place where an electrical overload
caused a fire (as opposed to tripping a circuit-breaker or blowing a
fuse), you have not correctly identified your worst problem, or the
the University's.
That's always there, but at least one dorm that I know of has this rule 
against running appliances in a dorm room.

	srs

--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Laurence F. Sheldon, Jr.]

Pete Templin wrote:

 > Employee to PHB: "You hired me to provide core network engineering and
lead the level 2 network ops staff.  Tell me again why you want me to 
provide any server engineering, if you knew my strengths when you hired 
me?"

There's a reason I've gotten out of small ISP consulting - I don't do 
Windows, and I'm getting overrun by Linux corrosion slowly.  I route, I 
switch, I help with securing networks.  And I do wear a lot of hats at 
my day job, but I remind them that they hired a specialist, and promised 
lots of server support all along the way.  Granted, the Windows guy is 
overloaded and the UNIX/Linux guy would snore in front of his PHB...
If you are in Nebraska I can help you with the Unemploy^WWorkforce
Development paperwork.
--
Requiescas in pace o email

Re: who offers cheap (personal) 1U colo?

[Laurence F. Sheldon, Jr.]

Ken Diliberto wrote:

Something else I just remembered:

Connecting so much equipment in our dorms creates a fire hazard.  The 
are only two or three outlets (what I've been told) in a room shared by 
two or three students.  Add to the computer equipment a TV, stereo, DVD 
player, alarm clocks, cordless phones, etc., etc., etc. and you have the 
makings for newspaper headlines.  Hasn't happened yet to my knowledge, 
but it could and students don't consider these things.
If you were willing to live in a place where an electrical overload
caused a fire (as opposed to tripping a circuit-breaker or blowing a
fuse), you have not correctly identified your worst problem, or the
the University's.
--
Requiescas in pace o email

Re: who offers cheap (personal) 1U colo?

[John Kristoff]

On Sun, 14 Mar 2004 01:29:29 -0500 (EST)
Andrew Dorsett <[EMAIL PROTECTED]> wrote:

> This is a topic I get very soap-boxish about.  I have too many problems
> with providers who don't understand the college student market.  I can

There are certain environments where it would be nice for people to have
spent some time.  Working at a university would be one good experience for
many people, particularly in this field, to have had.

> think of one university who requires students to login through a web
> portal before giving them a routable address.  This is such a waste of
> time for both parties.  Sure it makes tracking down the abusers much
> easier, but is it worth the time and effort to manage?  This is a very

In most implementations I'm familiar with, the time and effort is mostly
spent in the initial deployment of such a system.

> legitimate idea for public portals in common areas, but not in dorm rooms.
> In a dorm room situation or an apartment situation, you again know the
> physical port the DHCP request came in on.  You then know which room that
> port is connected to and you therefore have a general idea of who the
> abuser is.  So whats the big deal if you turn off the ports to the room
> until the users complain and the problem is resolved?

As someone else mentioned, an AUP may be a reason for such a system.

In addition, these systems often allow an i.d. to be notified, restricted
or disabled and not just from a single port, but from any port where this
system is used.  Also know that some schools' dorm resident information
is not populated nor easily accessible in network connectivity records.

The portal systems are often used as a way to be proactive in testing a
dorm user's system for vulnerabilities and allowing minimal connectivity
for getting fixed up if they are.  This is often referred to as the
quarantine network.

Many institutions have tried to simply turn off a port and deal with the
problem when a user calls.  Sometimes the user moves, but even if they
don't this doesn't scale very well for widespread problems such as some
of the more common worms and viruses that infect a large population.  A
lot of institutions don't have 24x7 support to handle calls from dorm
students who are often up til midnight or later doing work.

Many systems can have the connection registration pulled, forcing a new
registration immediately.  This may be due to proactive scanning or simply
to refresh the database at the end of a school year.

> I guess this requires very detailed cable map databases and is something
> some providers are relunctant to develop.  Scary thought.

Correct, this is a problem for universities too.  Especially when many
of their cabling systems are old and have often been managed (or not) by
transient workers (e.g. student employees) over the years.

John

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Pete Templin]

Robert E. Seastrom wrote:

Seconded.  This is dirt simple to do.  If we believe in public
humiliation, a list of infected machines and their owners (along with
a suitably snarky "don't hire these top network engineers to maintain
your fleet of windows boxes" message) could be displayed on the
projection screens at the break.
Employee to PHB: "You hired me to provide core network engineering and 
lead the level 2 network ops staff.  Tell me again why you want me to 
provide any server engineering, if you knew my strengths when you hired me?"

There's a reason I've gotten out of small ISP consulting - I don't do 
Windows, and I'm getting overrun by Linux corrosion slowly.  I route, I 
switch, I help with securing networks.  And I do wear a lot of hats at 
my day job, but I remind them that they hired a specialist, and promised 
lots of server support all along the way.  Granted, the Windows guy is 
overloaded and the UNIX/Linux guy would snore in front of his PHB...

pt

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Eric Brunner-Williams in Portland Maine]

> a suitably snarky "don't hire these top network engineers to maintain
> your fleet of windows boxes" message) could be displayed on the

Is this an opt-in list? I'd like to opt-in. Now. Nu. Proto. A lifetime ago.

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Robert E. Seastrom]

[EMAIL PROTECTED] writes:

> Maybe NANOG needs to implement a system where you have to log
> in to a web page with your NANOG meeting passcode in order to
> get a usable IP address. Then, when an infected computer shows
> up we will know exactly whose it was. Might even be interesting
> for a researcher to interview every infected party and figure
> out why it is happening even among a supposedly clueful group.

Seconded.  This is dirt simple to do.  If we believe in public
humiliation, a list of infected machines and their owners (along with
a suitably snarky "don't hire these top network engineers to maintain
your fleet of windows boxes" message) could be displayed on the
projection screens at the break.

---Rob

Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Michael . Dillon]

>I expect every NANOG conference from now on will be filled with
>announcements asking people to please fix their computers because
>worms are killing the network.  NANOG has less than 500 attendees,
>yet has about the same number as infected computers as any other
>ad-hoc network population.

Maybe NANOG needs to implement a system where you have to log
in to a web page with your NANOG meeting passcode in order to
get a usable IP address. Then, when an infected computer shows
up we will know exactly whose it was. Might even be interesting
for a researcher to interview every infected party and figure
out why it is happening even among a supposedly clueful group.

--Michael Dillon

Re: Long-term identifiers (was Re: who offers cheap (personal) 1U colo?)

[Petri Helenius]

Sean Donelan wrote:

If I send an abuse complaint to an organization's mailbox on a Friday
night, will it be dealt with in the next 10 seconds?  Or sometime next
week?  If the computer reboots every 60 seconds, and gets different IP
addresses every time, a single infected computer can appear with lots of
different IP addresses which results in overblocking.  Similar things
 

Most DHCP servers are capable of assigning the same IP address to the 
same MAC address both with DHCPDISCOVER and DHCPREQUEST. It just needs 
the configuring party to want that. (with the caveat that somebody got 
to the address first, which is possible but unlikely) Since static ip 
addresses are considered a premium service, most providers opt towards 
approaches which make the IP address change more often.

Pete

Re: who offers cheap (personal) 1U colo?

[Eric Brunner-Williams in Portland Maine]

> Certianly the point central to your arguement is that with the right
> abuse-desk to customer ratio AND the right customer base, things could be
> kept clean for smtp/web/ftp/blah 'hosting'.

I'll take "the right customer base" for $50 please Alex. 

> This is most certainly the
> case... I look forward to seeing your list of providers and prices :)

Rick Adams and Mike O'Dell had an idea in 1987. How is this any different?

Eric

RE: who offers cheap (personal) 1U colo?

[Michael . Dillon]

>For most people it'd probably make much more sense to find a provider 
that
>offers some form of SMTP relay service.  It'd probably be cheaper/month,
>and they wouldn't have the trouble and expense of providing/maintaining
>a colo server.

Yep, if you aren't technically inclined that is better.

>What if the cost were only $10/month and they didn't have to maintain
>anything other than a set of usernames/passwds (SMTP Auth) or perhaps a
>list of their own IPs (relaying based on IP)?

It's starting to sound like a nice little business for a college senior
to set up using one of the colo providers from Paul's list. It would
be a lot more palatable for large providers to crack down on
unauthenticated SMTP if there were such alternatives available. Then
instead of cracking down on users they would be supporting new
small businesses. I imagine there are a lot of people doing this
already but we just don't see it because they don't have a catchy
name for themselves like "ISP".

--Michael Dillon

Re: who offers cheap (personal) 1U colo?

[Michael . Dillon]

> $50/month at 40U rentable is $2000/rack/month if it's full.

And then there's the newer high-density rackmount units
like this one http://www.rlx.com/products/serverblades/dense.php
This product puts up to 24 server blades in a 3U chassis
which basically means you can put 8 times as many servers
in a rack.

And if any of you have played with things like the 
Zaurus C760/C860 then you know where all this is headed.
$50/month today, $25/month in a year or two, and then
in about 5 years it will be a free perk if you sign 
a two-year contract with your broadband provider.

--Michael Dillon

Re: who offers cheap (personal) 1U colo?

[Stephen J. Wilcox]

Sorry this thread is huge, I hope I'm not repeating comments..

if the market for this is nanog and you're just looking for smtp/shell surely we
can manage this between ourselves without charge (ask your nanog buddy for a
shell as a favour).. I know I can and will do this

Steve

On Sun, 14 Mar 2004, Janet Sullivan wrote:

> 
> Paul Vixie wrote:
> > every time i tell somebody that they shouldn't bother trying to send e-mail
> > from their dsl or cablemodem ip address due to the unlikelihood of a well
> > staffed and well trained and empowered abuse desk defending the reputation
> > of that address space, i also say "buy a 1U and put it someplace with a real
> > abuse desk, and use your dsl or cablemodem to tunnel to that place."
> 
> My cable modem provider filters port 25, so I can't run my own SMTP 
> server.  Their mail servers suck.  Yes, I could pay for a business class 
> cable modem connection and they'd unblock the port... but I'd likely 
> still be filtered.
> 
> Guess who is having a dedicated 1U set up right now? ;-)
> 
> I think Paul is right, there is a small niche market for this.
> 
> 

Re: who offers cheap (personal) 1U colo?

[Simon Lockhart]

On Mon Mar 15, 2004 at 12:26:09PM +0200, Rafi Sadowsky wrote:
>  AFAIK that will be in Solaris 10 -
> See "N1 Grid Containers" on 
> 
>  You can get a non-supported preview for free
> (or pay 99$ for one year support)

Well, it's Zones. I downloaded the latest Solaris Express release last night
and got a simple Zones implementation running on a spare box. It certainly
looks very interesting.

Simon
-- 
Simon Lockhart |   Tel: +44 (0)1628 407720 (x(01)37720) | Si fractum 
Technology Manager |   Fax: +44 (0)1628 407701 (x(01)37701) | non sit, noli 
BBC Internet Ops   | Email: [EMAIL PROTECTED]| id reficere
BBC Technology, Maiden House, Vanwall Road, Maidenhead. SL6 4UB. UK

Re: who offers cheap (personal) 1U colo?

[Rafi Sadowsky]

## On 2004-03-14 11:58 - Simon Lockhart typed:

SL>  
SL> If someone can point me to Virtual Solaris Machine, then I'd willingly offer
SL> that as a service (the colo I help run as a "hobby" is Sun only).

 AFAIK that will be in Solaris 10 -
See "N1 Grid Containers" on 

 You can get a non-supported preview for free
(or pay 99$ for one year support)


-- 
HTH,
Rafi


SL> 
SL> The reason people are doing it on Linux is that it's available. (And, in the
SL> case of LVM, free)
SL> 
SL> Simon
SL> 

Long-term identifiers (was Re: who offers cheap (personal) 1U colo?)

[Sean Donelan]

On Sun, 14 Mar 2004, Andrew Dorsett wrote:
> In a dorm room situation or an apartment situation, you again know the
> physical port the DHCP request came in on.  You then know which room that
> port is connected to and you therefore have a general idea of who the
> abuser is.  So whats the big deal if you turn off the ports to the room
> until the users complain and the problem is resolved?

It has to do with response time.

If I send an abuse complaint to an organization's mailbox on a Friday
night, will it be dealt with in the next 10 seconds?  Or sometime next
week?  If the computer reboots every 60 seconds, and gets different IP
addresses every time, a single infected computer can appear with lots of
different IP addresses which results in overblocking.  Similar things
happen when a very large corporation has a NAT firewall, and attacks
appear to come from all over their address ranges.  A long-term end-to-end
identifier would let me immediately drop the specific infected computer's
traffic regardless of its rotating IP addresses, even if your abuse
department doesn't open until next monday to track down the user to
permanently fix it.

The other issue is assuming "abuse" is defined the same way.  If I can
uniquly identify the source, we don't have to debate whether my definition
of abuse is the same as your definition.  You might have a three-strike
policy and I have a zero-tolerance policy.  It doesn't matter if there was
an end-to-end long-term identifier.  While you are waiting for the other
strikes, I can immediately block that specific computer regardless of
what IP address it has today.

That way "reputation" could be tied to the infected computer instead of
random address ranges.

If IPsec ever gets fully deployed, then we may be able to negotiate
end-to-end identification.  The long-term end-to-end identifier does not
need to include personally identifiable information.

Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)

[Sean Donelan]

On Mon, 15 Mar 2004, Petri Helenius wrote:
> I see this as a two different processes. There are definetly some
> individuals who have no help whatsoever with their computers and need
> the abuse/helpdesk to walk them through the disinfecting process.

Gartner estimates the total cost of ownership of a PC at $450/month.  If
someone is paying $50/month, I wonder where the other $400 goes?

Is it marketing suicide in other industries have premium customer
programs.  Pay more or have a better credit rating, and you get a
platinum credit card.  Fly more or pay more and you get to sit in first
class and board the plan first.  Why not have special IP addresses
reserved for the Internet "elite?"

ISPs are desperately looking for new revenue streams.  Would you pay an
extra $50/month for "platinum-level" Internet address?  ARIN could charge
extra to certify those ISPs receiving platinum Internet addresses.  Mass
mailers already pay companies like Habeas and IronPort for "bonded"
e-mail.

Suppose we create Internet++ using 126/8 as the starting IP address block.
Only ISPs agreeing to the good code of conduct could use 126/8 addresses
assigned independently of any other IP addresses in use.  ISPs might
reserve 126/8 addresses to only a few of their most secure servers, and
a few very trusted customers.  If it was successfull, IANA could extend
the range to 125/8, 124/8 and so on


> However in my experience these are only a small fraction of the
> population with infected machines. It really solves 90%+ of the problem
> by just getting the message to the individual that they have a problem
> and they´ll find somebody to fix it for them.

Doubtful.  If you look at large samples, e.g. 10,000 infected computers,
the repair rate is essentially identical between a group told their
computers are infected and a group which wasn't told.  Perhaps more
scary, the rate of repair after being notified doesn't change whether the
group are self-described "computer experts" or "general users."

I expect every NANOG conference from now on will be filled with
announcements asking people to please fix their computers because
worms are killing the network.  NANOG has less than 500 attendees,
yet has about the same number as infected computers as any other
ad-hoc network population.

Re: who offers cheap (personal) 1U colo?

[Petri Helenius]

Paul Vixie wrote:

at scale, with things as they now are, i simply don't believe this.  with
a 1:1 ratio (daily customers to onduty clues), it is never going to be
possible to contact every customer out of band (by phone, that is) when they
need to be told how to de-virus their win/xp box.  not for $30/month.  you
can fiddle with the ratio -- 800:1 may work -- and you might be able to hire
clues very cheaply for a while -- but not at scale.
i'd love to be proved wrong on this point.
 

I see this as a two different processes. There are definetly some 
individuals who have no help whatsoever with their computers and need 
the abuse/helpdesk to walk them through the disinfecting process. 
However in my experience these are only a small fraction of the 
population with infected machines. It really solves 90%+ of the problem 
by just getting the message to the individual that they have a problem 
and they´ll find somebody to fix it for them.

Pete

Re: who offers cheap (personal) 1U colo?

[Petri Helenius]

Ken Diliberto wrote:

The smarter students put a NAT box on their port so they can run their 
desktop, laptop, XBox and have a place their friend can plug in.
NAT is evil, not smart. If the addresses run out because of legitimate 
use, more addresses should be allocated.

Pete

Re: who offers cheap (personal) 1U colo?

[Ken Diliberto]

Andrew Dorsett wrote:

On Mon, 15 Mar 2004, Suresh Ramasubramanian wrote:


Andrew Dorsett  [3/15/2004 9:52 AM] :


Well whats wrong with you setting up a small router and using one IP?  The
crap I hear most of the time is that they want to only issue one ip per
Nothing particularly wrong with it as long as there's some mechanism to
zero in on rooted / abused machines there.


Exactly my point!  But so many universities and small ISPs are against it
with a vengance.  Like I keep saying, they are sharing one wall portal. I
know go to that keystone, find the hub and then go "Who's is this?"  Tell
them to clean up their machine because its infected and give them what I
knowie: it was ip blah blah or sorry I can't tell you anything because
it was coming through your NAT box and all I see is a single IP.
Personally, shhh don't tell certain people who I know are lurking on this
list :)  But I ran a NAT box with 4 machines at one point.  An XP box for
my general use, an SGI box for development, a linux box for development,
and another linux box acting as my ftp server.
Andrew
Something else I just remembered:

Connecting so much equipment in our dorms creates a fire hazard.  The 
are only two or three outlets (what I've been told) in a room shared by 
two or three students.  Add to the computer equipment a TV, stereo, DVD 
player, alarm clocks, cordless phones, etc., etc., etc. and you have the 
makings for newspaper headlines.  Hasn't happened yet to my knowledge, 
but it could and students don't consider these things.

Ken

Re: who offers cheap (personal) 1U colo?

[Ken Diliberto]

Laurence F. Sheldon, Jr. wrote:

Suresh Ramasubramanian wrote:

And what is wrong with setting up a hub or something in a dormroom?  I 
find it quite convenient to leave both my PC and a laptop running on 
my desk, for various reasons (too many open terminals and windows is 
one of them ...)


I've been trying to figure out what is wrong with that too.

At my ex-employers, on of the things they did right is encourage
study groups, and with multi-occupant suites, several stations
(including one or more printers, plotters, and such) was normal.
Most of the residence halls had hubs or small switches available for
check-out.
Is it the contention that each student should only use one pencil?

If you have 300 students and 500 pencils, then the answer is yes.  If 
everyone grabbed 3 pencils, you'd run out pretty quick.  There are only 
so many addresses available in the DHCP pool.

The smarter students put a NAT box on their port so they can run their 
desktop, laptop, XBox and have a place their friend can plug in.

Ken

Re: who offers cheap (personal) 1U colo?

[Paul Vixie]

[EMAIL PROTECTED] (Jeff McAdams) writes:

> No, you're presenting a false dichotomy.  A provider can provide a
> first-rate abuse desk, and still be price competitive.  It can be done.
> It requires a fair amount of clue level in the ISP, but it most
> definitely can be done.

at scale, with things as they now are, i simply don't believe this.  with
a 1:1 ratio (daily customers to onduty clues), it is never going to be
possible to contact every customer out of band (by phone, that is) when they
need to be told how to de-virus their win/xp box.  not for $30/month.  you
can fiddle with the ratio -- 800:1 may work -- and you might be able to hire
clues very cheaply for a while -- but not at scale.

i'd love to be proved wrong on this point.
-- 
Paul Vixie

Re: who offers cheap (personal) 1U colo?

[Paul Vixie]

[EMAIL PROTECTED] ("Christopher L. Morrow") writes:

> > > It has very little to do with the quality of the ISP's abuse desk.
> >
> > long term, it does.  my sister is in sbc-dsl territory and before i
> > linuxed her and tunneled her, ...
> 
> As was pointed out to me by a co-worker: "Linux is not anymore inherently
> secure than anyother OS."

your co-worker needs to spend a few thanksgiving holidays the way i spent
my last one, and then i'll listen to what he's got to say.

> The difference really comes in the administration of the pee cee. So,
> would upgrading joe-random-user to Linux really make things better for
> them? (or us?) That is not clear at all at this point.

it makes a number of things easier, like tunnelling.  the fact that no
viruses are being crafted for it is apparently (according to bill gates
in a recent interview) not an indication of software quality but rather
market size.  whatever.

> Certianly the point central to your arguement is that with the right
> abuse-desk to customer ratio AND the right customer base, things could be
> kept clean for smtp/web/ftp/blah 'hosting'. This is most certainly the
> case...

righto.

> I look forward to seeing your list of providers and prices :)

naturally everybody has their own units of measure, so it's proving
difficult to regularize it.  perhaps another beer will help.
-- 
Paul Vixie

Re: Race to the bottom (was Re: who offers cheap (personal) 1U colo?)

[Paul Vixie]

> ... What you seem to be asking for is how can an individual obtain
> independent IP address space which various block lists won't block for
> $50/month.

s/which various block lists won't block
 /whose reputation can be reasonably defended
 /

> ... And once you find such a thing, how to prevent "bad people" from
> taking advantage for your discovery.

see above.
-- 
Paul Vixie

Re: who offers cheap (personal) 1U colo?

[David A. Ulevitch]

>
> If anyone on the east coast also thinks this is something worth putting
> together (either for-profit or as a co-op situation), feel free to contact
> me directly.

This is currently being organized in the IAD area:
http://lists.gotroot.com/mailman/listinfo/dcccp

We've done a similar setup as a non-profit in SFO/SJC).
http://www.communitycolo.net/

It's not for everyone, but it is more than adequate for most people's needs.

With some more networking volunteers (as opposed to systems people) we
could probably become a lot more robust than we already are.  We are
currently using 8 cabinets at Hurricane Electric off a 100mbit feed with a
bunch of Cisco 1900 and 2900 series switches.

Email's to me offlist for anyone interested in knowing more.

-davidu


  David A. Ulevitch - Founder, EveryDNS.Net
  Washington University in St. Louis
  http://david.ulevitch.com -- http://everydns.net

Re: who offers cheap (personal) 1U colo?

[Charles Sprickman]

On Sat, 13 Mar 2004, Paul Vixie wrote:

> if you know of a place that offers 1U/month for $50/month with some kind of
> bandwidth limitations (moderate peak, low average), and a strong abuse desk
> (including repossessing the 1U server upon proof of abuse or neglect), please
> send me e-mail with a url and some details.  i'll summarize it all online
> and report the aggregation URL back to this mailing list.

I've always wanted to enter a "niche market" like this.  I've never had a
boss that saw this as big enough to break even.  This really is a small
enough endeavour for a few people to start up.  Here in NYC, you can get
some decent co-lo at a "Tier 1" for $650/mo. and bandwidth at $150/MB with
no commit.  And that's at a very nice facility.  I'm sure that others know
of even better deals, but I think that's a fair market price for a
facility/name that everyone knows and trusts.

If anyone on the east coast also thinks this is something worth putting
together (either for-profit or as a co-op situation), feel free to contact
me directly.

Thanks,

Charles

Re: who offers cheap (personal) 1U colo?

[Andrew Dorsett]

On Mon, 15 Mar 2004, Suresh Ramasubramanian wrote:

> Andrew Dorsett  [3/15/2004 9:52 AM] :
>
> > Well whats wrong with you setting up a small router and using one IP?  The
> > crap I hear most of the time is that they want to only issue one ip per
>
> Nothing particularly wrong with it as long as there's some mechanism to
> zero in on rooted / abused machines there.

Exactly my point!  But so many universities and small ISPs are against it
with a vengance.  Like I keep saying, they are sharing one wall portal. I
know go to that keystone, find the hub and then go "Who's is this?"  Tell
them to clean up their machine because its infected and give them what I
knowie: it was ip blah blah or sorry I can't tell you anything because
it was coming through your NAT box and all I see is a single IP.

Personally, shhh don't tell certain people who I know are lurking on this
list :)  But I ran a NAT box with 4 machines at one point.  An XP box for
my general use, an SGI box for development, a linux box for development,
and another linux box acting as my ftp server.

Andrew
---
<[EMAIL PROTECTED]>
http://www.andrewsworld.net/
ICQ: 2895251
Cisco Certified Network Associate

"Learn from the mistakes of others. You won't live long enough to make all of them 
yourself."

Re: who offers cheap (personal) 1U colo?

[Andrew Dorsett]

On Sun, 14 Mar 2004, David A. Ulevitch wrote:

> Has it been a while since you've been on a resnet?  They're bad, but most
> all "ResNet's" I know of are now implementing some sort of MAC/DHCP combo
> at the very least.

The thing to remember is that all rooms are locked until someone is issued
a key.  So you have someone to blame if the port becomes hot in a dorm
room.  The public portals are another story and should require some sort
of registration.  The university I've been hounding for a while now had a
problem...They didn't require you to authenticate yourself only when your
mac changed, they required you to do it everytime the link status changed
on your port.  Problems with this are a many...

1. I have a laptop, I turn it off and on a lot...That's quite a bit of
logging in and with it being web based with SSL now it makes it even
harder for me to automate the login process.

2. Everytime they rebooted a switch, the switch powered off, etc...I'd
have to relogin.  This would always catch me when I had left my machine
online during the day to retreive something remotely while at work.  (I
can't take a laptop to work with me...but I can download from the net)

I go back to my statement time and time again...Who cares if there are 6
people in the room, I issue an honor system referral to ALL parties in the
room and let the justice system sort out who was at fault.  If they need
more information, I'll assign a senior engineer to investigate and pull
logs and check machines.  Often times the naughty student will fess to
their dirty work without requiring the extra work.  Less hassle for the
general population and less questions when the newbies can't figure out
how to login to access the Internet.

This login thing can also be extended to colleges who require VPNs for
wireless...Way to kill the battery on my ipaq doing all the calculations.
Plus it creates major setup complications for the general newbie and I
often wonder if its worth the hassle when most universities should worry
about the much worse problems like students who are sharing illegal warez.
In a corporate environment with confidential data flying around...There
better be a VPN on that wireless or one day you are going to have fun
explaining to your boss why your new top secret cookie recipe is on IRC.
:)

I know I'm shooting in the wrong forest but I think some of the practices
of universities and supporting small ISPs really needs to be discussed.
Some of the IT management folks just don't have a clue because they have
never provided carrier class services.  As shown with the small ISP who
tried to stick hundreds of users behind a small, underpowered
firewall...*sigh*

I seriously investigated satellite based net access until I found the
regulation prohibiting dishes from being outside the window.

Andrew
---
<[EMAIL PROTECTED]>
http://www.andrewsworld.net/
ICQ: 2895251
Cisco Certified Network Associate

"Learn from the mistakes of others. You won't live long enough to make all of them 
yourself."

Re: who offers cheap (personal) 1U colo?

[Suresh Ramasubramanian]

Andrew Dorsett  [3/15/2004 9:52 AM] :

Well whats wrong with you setting up a small router and using one IP?  The
crap I hear most of the time is that they want to only issue one ip per
Nothing particularly wrong with it as long as there's some mechanism to 
zero in on rooted / abused machines there.

	srs

--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations

Re: who offers cheap (personal) 1U colo?

[Andrew Dorsett]

On Mon, 15 Mar 2004, Suresh Ramasubramanian wrote:

> And what is wrong with setting up a hub or something in a dormroom?  I
> find it quite convenient to leave both my PC and a laptop running on my
> desk, for various reasons (too many open terminals and windows is one of
> them ...)

Well whats wrong with you setting up a small router and using one IP?  The
crap I hear most of the time is that they want to only issue one ip per
student unless you pay for more.  The other thing is that at a very
technical university like ours, a lot of engineers will opt for multiple
machines thus much more address space required if only using a hub.

The other argument is that they want to make sure they have plenty of
capacity by knowing how many users they have and hopefully not multiple
machines that they don't know about behind a firewall.  Again, more BS
because geez each wall portal can spit out 10/100 regardless of how many
machines are behind it.  Lets not even get into what OS's can really
use outta those respective pipes, thats another story. :)

Look outside of the university to the small college ISPs.  They even
actively hunt for cable/dsl routers and turn off ports if they think
they have found them.  Don't want students cheating their service by
wiring up the whole apartment to one cable modem.  What a ripoffAnd
why ?  Because most college students have no clue and are willing to
accept it.  Plus some apartment complexes have contracts with specific
providers that provides a monopoly situation.

I miss the good ol days when I worked for the ISP I had access
throughAt least then I could remove myself from the
restrictions...Guess when I finally move to MD for work I'll have to make
friends with someone at Comcast. ;-)

Andrew
---
<[EMAIL PROTECTED]>
http://www.andrewsworld.net/
ICQ: 2895251
Cisco Certified Network Associate

"Learn from the mistakes of others. You won't live long enough to make all of them 
yourself."

Re: who offers cheap (personal) 1U colo?

[David A. Ulevitch]

> And what is wrong with setting up a hub or something in a dormroom?  I
> find it quite convenient to leave both my PC and a laptop running on my
> desk, for various reasons (too many open terminals and windows is one of
> them ...)

Our ResNet doesn't forbid that in the AUP (yet).  They provide the network
connection to the person and tie it to a MAC address.  If the student can
figure out the rest and not abuse it, more power to them.

When they complain about not being able to use the network dorm printers
they don't get much support though...those are the breaks.

I'm not sure if this policy applies to non-resnet users (depts., faculty,
staff, etc), but for most issues, the resnet case is the one that matters.

-davidu


  David A. Ulevitch - Founder, EveryDNS.Net
  Washington University in St. Louis
  http://david.ulevitch.com -- http://everydns.net

RE: who offers cheap (personal) 1U colo?

[Vivien M.]

> -Original Message-
> From: Suresh Ramasubramanian [mailto:[EMAIL PROTECTED] 
> Sent: March 14, 2004 10:16 PM
> To: Andrew Dorsett
> Cc: Vivien M.; 'North American Noise and Off-topic Gripes'
> Subject: Re: who offers cheap (personal) 1U colo?
> 
> And what is wrong with setting up a hub or something in a 
> dormroom?  I 
> find it quite convenient to leave both my PC and a laptop 
> running on my 
> desk, for various reasons (too many open terminals and 
> windows is one of 
> them ...)

Nothing wrong with it as far as I'm concerned, but IT departments in
post-secondary institutions seem/seemed to have a problem with it, for some
reason. Perhaps they just figure that two machines means increased potential
for abuse (since presumably two people could use the port simultaneously)?

Vivien

P.S. I do the same thing you do...
-- 
Vivien M.
[EMAIL PROTECTED]
Assistant System Administrator
Dynamic Network Services, Inc.
http://www.dyndns.org/ 

Re: who offers cheap (personal) 1U colo?

[Laurence F. Sheldon, Jr.]

Suresh Ramasubramanian wrote:

And what is wrong with setting up a hub or something in a dormroom?  I 
find it quite convenient to leave both my PC and a laptop running on my 
desk, for various reasons (too many open terminals and windows is one of 
them ...)
I've been trying to figure out what is wrong with that too.

At my ex-employers, on of the things they did right is encourage
study groups, and with multi-occupant suites, several stations
(including one or more printers, plotters, and such) was normal.
Most of the residence halls had hubs or small switches available for
check-out.
Is it the contention that each student should only use one pencil?

--
Requiescas in pace o email

Race to the bottom (was Re: who offers cheap (personal) 1U colo?)

[Sean Donelan]

On Sun, 14 Mar 2004, Paul Vixie wrote:
> Some do.  However, without a server that can be impounded and then sold
> on E-Bay, there's no reason to think that the provider will have less
> abuse volume from such customers than they would have from SMTP AUTH
> customers or DSL customers or what-have-you.  "Show me the sheet-metal."
> I've seen vmware, freebsd jails, linux lvm's.  Unless the provider asks
> for a USD$1000 deposit against bad behaviour, refundable with interest
> after the first year... I don't expect the address space to have a good
> enough reputation that *I* would want to be in that neighborhood.

The residual value of sheet-metal continues to drop :-) Its not
unusual for the cost of disposing of the equipment to be more than the
unpaid bills.  People who buy cheap, personal colo seem to be equally
cheap when it comes to equipment they put in the colo.  That assumes
the equipment doesn't have other UCC liens on it already.  Dell Leasing
or Sun Leasing don't care if you use their equipment for abuse.  They
still expect their money or the equipment back.

Many colo providers could tell you stories about problem customers that
vanish without a trace.  The "collateral value" of the equipment isn't
much.


> One power user acting alone can sign up for a $50/month 1U personal colo.

But first, a well backed company builds the colo, buys the upstream
bandwidth, obtain independent ARIN addresses and highly paid support
folks to support a single power user paying $50/month.

Yep, a race to the bottom exists in the colo space too.

> Only a well backed company can solve the "no decent DSL in Sacramento"
> problem.  (And such a company would most likely be sucked into the "race
> to the bottom" by price-competition, so it's a risk at best unless you're
> first in a market that's unattractive to larger players.)

I assume you are aware that DSL transport is available without Internet
access.  Ghetto colo providers could terminate DSL transport on their
network.  Then you would have an IP address of the Ghetto colo provider.
You can also terminate DSL transport on your company network. Heck you
don't even need to send IP across DSL, you can use it for IPX, Appletak,
DECNET, or many other packet protocols.

It doesn't sound like colo or a replacement for your cable modem or DSL
line would actually meet all your requirements. What you seem to be
asking for is how can an individual obtain independent IP address space
which various block lists won't block for $50/month.  And once you find
such a thing, how to prevent "bad people" from taking advantage for your
discovery.

Re: who offers cheap (personal) 1U colo?

[David A. Ulevitch]

> Experiment ... go to a college dorm that's wired, plug your laptop or PC
> in, start using the net.

> Nine times out of ten you wont' be challenged and you'll be
> allowed to use the network.

Has it been a while since you've been on a resnet?  They're bad, but most
all "ResNet's" I know of are now implementing some sort of MAC/DHCP combo
at the very least.

That might have been true a couple years ago but recent DMCA notices and
Worm activity have /forced/ (often by their upstream) ResNet's to clean up
their act.

I don't think our ResNet is a shining example of excellence by any stretch
but they know who is registered behind each port/ip/mac address which
gives you a pretty good idea of who is on your network.

I won't comment on what leaves the ResNet on port 25 and what leaves the
network with no prayer of ever routing back. *cough* That's a whole
'nother issue for them to deal with, and at some point soon, I think they
will.

-davidu (speaking only for himself)


  David A. Ulevitch - Founder, EveryDNS.Net
  Washington University in St. Louis
  http://david.ulevitch.com -- http://everydns.net

Re: who offers cheap (personal) 1U colo?

[Suresh Ramasubramanian]

Andrew Dorsett  [3/15/2004 8:26 AM] :

That's protected by port security.  Just limit them to one mac address per
port.  So only the last machine transmitting will get the reply.  Works
quite well, shut me down for a few days a few years ago when it was first
turned on.
Most common or garden wireless APs / broadband routers will let you 
clone the mac address, so this is not exactly difficult to get around

And what is wrong with setting up a hub or something in a dormroom?  I 
find it quite convenient to leave both my PC and a laptop running on my 
desk, for various reasons (too many open terminals and windows is one of 
them ...)

	srs

--
srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9
manager, outblaze.com security and antispam operations

RE: who offers cheap (personal) 1U colo?

[Andrew Dorsett]

On Sun, 14 Mar 2004, Vivien M. wrote:

> credibly argue "But I never read this AUP". The web-based DHCP registration
> system prevents that.

Ok, I'll give that one to you. :)  Got me there hehehe  Though now we are
making the AUP a part of the freshman orientation session so there are no
excuses.  Plus they agree to it when they place the installation cd in
their drive (if they use the installation cd which many don't)

> A) It prevents students (or at least, all but the most clueful) from taking
> multiple IPs and having hubs and such in their rooms

That's protected by port security.  Just limit them to one mac address per
port.  So only the last machine transmitting will get the reply.  Works
quite well, shut me down for a few days a few years ago when it was first
turned on.

> B) It makes it very easy to track what MAC address/IP address is which
> person, as you yourself admitted. Sure, this system requires a bit of effort
> to set up initially (though I think open source implementations are easily
> available), but afterwards, you don't need to have your most clueful network
> engineer dig through to try and figure out which room is what IP. If you
> lower the clue level required to operate an abuse desk, I would argue you
> improve its efficiency in many cases...

See this is not something that requires a clueful engineer.  Only requires
the clueful engineer to create a script that does it all automatically.
In fact I've seen the web interface to the whole system.  VERY nice.  Even
tracks changes, so I can tell if the user pulled the cables, swapped
ports, did bad stuff and then swapped them back to place the blame on the
roommate.  I can enter the IP in question and time period and it will then
tell me the mac address in question, then it will automatically look up
the cable database to return the room, and then it will return the names
of the individuals living in the rooms.  I argue that the username system
has significant problems which can lead to denial of service.  What
happens when your radius box goes offline?  This is what caused me to turn
against the offending university.  Their authentication box wouldn't stay
online and so I'd have to cross my fingers after a reboot to hope that
I could get back on the network.

> C) It avoids issues of changing ports. Let's say I'm in room 101, and my
> friend Bob is in room 102. I take my laptop to Bob's room and plug it into
> the network and go and do something dumb... If you hunt down my MAC address
> to a particular port, it looks like Bob is the AUP violator. If you have a
> registration system, you know that this MAC address belongs to me, not Bob.

True true that can happen, but again if I log changes I can tell that
someone unplugged their computer and so when Bob gets turned in the
judicial system will be able to question what occured...They know it may
not be him thats guilty but hopefully he will turn in the offender.

> Oh, and what about wireless networks? I have my nice 802.11b card, how do
> you propose to track that without MAC registration (or hackish VPN systems,
> which are also deployed in some campuses)?

As for wireless, well yeah we require you to register the mac off your
wireless nic.  Only macs that are in the database are allowed access.
Sure you can spoof someone elses legitmate mac, but thats a different
story.  At least I have someone I can blame and let him try to deny it
through the judicial system.

Andrew
---
<[EMAIL PROTECTED]>
http://www.andrewsworld.net/
ICQ: 2895251
Cisco Certified Network Associate

"Learn from the mistakes of others. You won't live long enough to make all of them 
yourself."

RE: who offers cheap (personal) 1U colo?

[Todd Vierling]

On Sun, 14 Mar 2004, Tim Wilde wrote:

: > I have actually.  I see an awful lot of services for incoming SMTP
: > filtering of spam/viruses, or just to hold the mail while you are offline,
: > but haven't seen outgoing SMTP services - which is why I asked :-)
:
: As I posted earlier in this thread, DynDNS.org's outgoing SMTP service
: (available on port 25 and several others as well):
:
: http://www.dyndns.org/services/mailhop/outbound/
:
: Some others I know of off-hand:
:
: http://www.no-ip.com/services.php/mail/smtp
: http://www.smtp.com/

http://www.pobox.com/ - All accounts come with free (but must be enabled in
the web admin interface) SASL-authenticated outbound SMTP.  "See this mail's
headers."

I don't mean to rain on Tim's parade, but it's comparably priced ($15/yr).
So pick which service provides the pair of things you need:  SMTP and
dynamic DNS (dyndns.org), or SMTP and aliasing (pobox.com).

-- 
-- Todd Vierling <[EMAIL PROTECTED]> <[EMAIL PROTECTED]>

Re: who offers cheap (personal) 1U colo?

[Michael Loftis]

--On Sunday, March 14, 2004 19:14 -0600 Stephen Sprunk <[EMAIL PROTECTED]> 
wrote:

Students have an existing legal relationship with the school; they can be
required to accept the AUP in writing at some point during the enrollment
process.
Experiment ... go to a college dorm that's wired, plug your laptop or PC 
in, start using the net.  Assumption here of course is you're not a student 
there.  Nine times out of ten you wont' be challenged and you'll be allowed 
to use the network.  Students also often have friends over that use their 
systems.

Thus you can't assume that every user is a student or faculty.

--
Undocumented Features quote of the moment...
"It's not the one bullet with your name on it that you
have to worry about; it's the twenty thousand-odd rounds
labeled `occupant.'"
  --Murphy's Laws of Combat

Re: who offers cheap (personal) 1U colo?

[Laurence F. Sheldon, Jr.]

Stephen Sprunk wrote:

Thus spake "Vivien M." <[EMAIL PROTECTED]>

Actually, you're forgetting what I think is the biggest reason for doing
this: before the user registers via the web-based DHCP thing, they
are shown the AUP and have to say they agree to it. If you just leave
straight IP connections available in rooms, and people violate the AUP,
they can QUITE credibly argue "But I never read this AUP". The
web-based DHCP registration system prevents that.


Students have an existing legal relationship with the school; they can be
required to accept the AUP in writing at some point during the enrollment
process.
It all comes down to how you view the people on your network--students,
faculty, administrators, subscribers, whatever.  If they are
"customers" you take one set of views and one way of solving problems.
If you see them as "lusers", to take another.

--
Requiescas in pace o email

Re: who offers cheap (personal) 1U colo?

[william(at)elan.net]

On Sun, 14 Mar 2004, Stephen Sprunk wrote:

> Students have an existing legal relationship with the school; they can be
> required to accept the AUP in writing at some point during the enrollment
> process.

They may have legal relationship with the school but internet service can 
be considered to be an added service that there is not available until you 
actually ask for it. 

This is like parking - there are always some rules and regulations for 
when you use school garage (usually written on the wall or available from 
parking attendent), if you dont use the garage and park your car somewhere
else (or don't have car at all), you don't have to bother with parking rules.

Same for internet access - students don't have to use school internet access, 
they can buy internet access from some other ISP or they might not have a 
computer at all. But if they use internet access, they accept rules regarding
it - i.e. AUP.

-- 
William Leibzon
Elan Networks
[EMAIL PROTECTED]

Re: who offers cheap (personal) 1U colo?

[Stephen Sprunk]

Thus spake "Vivien M." <[EMAIL PROTECTED]>
> Actually, you're forgetting what I think is the biggest reason for doing
> this: before the user registers via the web-based DHCP thing, they
> are shown the AUP and have to say they agree to it. If you just leave
> straight IP connections available in rooms, and people violate the AUP,
> they can QUITE credibly argue "But I never read this AUP". The
> web-based DHCP registration system prevents that.

Students have an existing legal relationship with the school; they can be
required to accept the AUP in writing at some point during the enrollment
process.

> Other advantages would be
> A) It prevents students (or at least, all but the most clueful) from
taking
> multiple IPs and having hubs and such in their rooms

There's nothing inherently wrong with that.

> B) It makes it very easy to track what MAC address/IP address is which
> person, as you yourself admitted. Sure, this system requires a bit of
effort
> to set up initially (though I think open source implementations are easily
> available), but afterwards, you don't need to have your most clueful
network
> engineer dig through to try and figure out which room is what IP. If you
> lower the clue level required to operate an abuse desk, I would argue you
> improve its efficiency in many cases...

Tracking an IP address to a particular switch port via ARP and bridging
tables is straightforward; however this relies on detailed cabling plant
data.

> C) It avoids issues of changing ports. Let's say I'm in room 101, and my
> friend Bob is in room 102. I take my laptop to Bob's room and plug it
> into the network and go and do something dumb... If you hunt down my
> MAC address to a particular port, it looks like Bob is the AUP violator.
> If you have a registration system, you know that this MAC address
> belongs to me, not Bob.

Or, if you use 802.1x, you can skip the MAC registration and identify the
user directly each time he logs in.

> Oh, and what about wireless networks? I have my nice 802.11b card,
> how do you propose to track that without MAC registration (or hackish
> VPN systems, which are also deployed in some campuses)?

802.1x

S

Stephen Sprunk"Stupid people surround themselves with smart
CCIE #3723   people.  Smart people surround themselves with
K5SSS smart people who disagree with them."  --Aaron Sorkin

Re: who offers cheap (personal) 1U colo?

[Stephen Sprunk]

Thus spake "Christopher L. Morrow" <[EMAIL PROTECTED]>
> On Sat, 13 Mar 2004, Stephen Sprunk wrote:
> > So DOCSIS has a technical limitation which may or may not apply.  This
is
> > reasonable justification for limiting upstream bandwidth, not for
specifying
> > that users can't run servers.  If users can run servers effectively in
the
> > limited available upstream bandwidth, then there is no _technical_
reason to
> > prevent them.
>
> how are 'servers' (smtp/web/ftp/imap) different than the existing P2P
> apps? Wouldn't a cable provider, if the decision was based on upstream
> bandwidth sharing alone, care MORE about P2P than 'servers' ?

I don't know how common this is, but my ISP's AUP considers P2P apps to be
"servers" and thus banned.  I don't use file-sharing apps so this doesn't
really affect me, but I'm betting my SIP phone is technically a violation
too.

S

Stephen Sprunk"Stupid people surround themselves with smart
CCIE #3723   people.  Smart people surround themselves with
K5SSS smart people who disagree with them."  --Aaron Sorkin

Re: who offers cheap (personal) 1U colo?

[william(at)elan.net]

On Sun, 14 Mar 2004, Christopher L. Morrow wrote:

> > What do you think spews wants?  My experience with them has been that
> > that's pretty much the only thing that will satisfy them.  I have had
> 
> That's funny since we've cleaned up several over the years, yet they are
> still listed... and in some cases the listings have expanded. :( Spews
> does not provide a decent path to get listings remoevd, and they don't
> seem to remove listings if you do show the change.

You might want to post to NANAE (or better to new "clean" newsgroup
news.admin.net-abuse.blocklisting) and actually say that that such and such 
customer has been disconnected and or such and such ip block is no longer 
in use them). Most blacklist administors dont really check on each and every 
listing every month (although they probably should to keep good lists, but 
spamhaus maybe the only ones who do it and even with them I'm not sure).

In fact one of the reasons I think that some blacklist operators have bad 
impression on UUNET is that you don't inform what you do and they think 
you do nothing, while in fact I'm sure its not the case. 

-- 
William Leibzon
Elan Networks
[EMAIL PROTECTED]

Re: who offers cheap (personal) 1U colo?

[Christopher L. Morrow]

On Sun, 14 Mar 2004 [EMAIL PROTECTED] wrote:

>
> On Sun, 14 Mar 2004, Christopher L. Morrow wrote:
>
> > There are several blacklists that clearly want more from the ISP than an
> > explanation that the offendors are being/were removed... one good example
> > is 'spews'.
>
> What do you think spews wants?  My experience with them has been that
> that's pretty much the only thing that will satisfy them.  I have had

That's funny since we've cleaned up several over the years, yet they are
still listed... and in some cases the listings have expanded. :( Spews
does not provide a decent path to get listings remoevd, and they don't
seem to remove listings if you do show the change.

Re: who offers cheap (personal) 1U colo?

[jlewis]

On Sun, 14 Mar 2004, Christopher L. Morrow wrote:

> There are several blacklists that clearly want more from the ISP than an
> explanation that the offendors are being/were removed... one good example
> is 'spews'.

What do you think spews wants?  My experience with them has been that
that's pretty much the only thing that will satisfy them.  I have had
customer IPs in spews, and got them removed.  "I've" also been collateral
damage (at a consulting client's site), which sucks, but that's the stick
spews wields.  In most cases, that's encouragement enough for a provider
to clean up their network or keep it from becoming a mess.  Sometimes it's
not.

> As was pointed out to me by a co-worker: "Linux is not anymore inherently
> secure than anyother OS." The difference really comes in the
> administration of the pee cee. So, would upgrading joe-random-user to
> Linux really make things better for them? (or us?) That is not clear at
> all at this point.

That's an argument for another list...but the short answer is no, giving
JRU who knows nothing about Linux a default install, especially a popular
one, say Red Hat, is not much, if any, better.  They won't maintain it.
It will be hacked.  At least it probably won't be done with and then
participate in email viruses.

--
 Jon Lewis [EMAIL PROTECTED]|  I route
 Senior Network Engineer |  therefore you are
 Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

Re: who offers cheap (personal) 1U colo?

[jlewis]

On Sun, 14 Mar 2004, Bohdan Tashchuk wrote:

> Question: Why can't a provider sell virtual PC colocation, instead of
> physical PC colocation?

Several do.  We nearly bought a failing one that was doing alot of this
with a commercial Linux virtualization product.

> So instead of 40 physical machines per rack, why can't it be 80 or 160
> or even more virtual machines, running on 40 physical Linux boxes? I
> think the economics could shift significantly under those circumstances.

During the short time we managed their network and systems, I had to poke
around on a couple of the virtual machines to fix customer issues.  I
don't remember how many virtual machines they ran per physical machine,
but IIRC, they were all P4's with several GB of RAM.  Each customer got
root and their own IPs on what appeared to them to be a dedicated server.

IIRC, Paul was suggesting part of the value in the $50/month colo deal was
that customers were motivated to be good else you keep their server or
ebay it.  You lose that with the virtual private server model...but does
anyone actually have in their contract/AUP that AUP violators will forfeit
their hardware?  We've kicked some spammer colo customers where I'd love
to have had such a clause.  I only know of one case where we did
that...and it was for non-payment.  The customer's hardware was worth less
than their balance, so they chose to simply write us off.  Being located
in another country, it wasn't worth the effort to try extracting $ from
them.


--
 Jon Lewis [EMAIL PROTECTED]|  I route
 Senior Network Engineer |  therefore you are
 Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_

RE: who offers cheap (personal) 1U colo?

[Tim Wilde]

On Sun, 14 Mar 2004, Brian Bruns wrote:

> I have actually.  I see an awful lot of services for incoming SMTP
> filtering of spam/viruses, or just to hold the mail while you are offline,
> but haven't seen outgoing SMTP services - which is why I asked :-)

As I posted earlier in this thread, DynDNS.org's outgoing SMTP service
(available on port 25 and several others as well):

http://www.dyndns.org/services/mailhop/outbound/

Some others I know of off-hand:

http://www.no-ip.com/services.php/mail/smtp
http://www.smtp.com/

-- 
Tim Wilde
[EMAIL PROTECTED]
Systems Administrator
Dynamic Network Services, Inc.
http://www.dyndns.org/

RE: who offers cheap (personal) 1U colo?

[Brian Bruns]

On Sun, March 14, 2004 5:45 pm, Vivien M. said:
>
> Have you been looking at providers in the right industry? Such services
> are
> usually offered as addons by people who sell DNS services (especially
> dynamic DNS) and other such things designed to make it easier for people
> to
> run their own servers. They do exist, and as was pointed out earlier in
> this
> discussion, cost much less than the 1U colo alternative. We do it, and I
> know at least one or two others in our industry do...
>

I have actually.  I see an awful lot of services for incoming SMTP
filtering of spam/viruses, or just to hold the mail while you are offline,
but haven't seen outgoing SMTP services - which is why I asked :-)




-- 
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org

The AHBL - http://www.ahbl.org

RE: who offers cheap (personal) 1U colo?

[Vivien M.]

> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On 
> Behalf Of Brian Bruns
> Sent: March 14, 2004 5:19 PM
> To: [EMAIL PROTECTED]
> Subject: Re: who offers cheap (personal) 1U colo?
> 
> 
> Hm, are there companies out there that offer outbound SMTP 
> services (for people who are blocked, or which need a mail 
> server thats not blacklisted because their provider isn't 
> dealing with spam problems)?  I never really looked into too 
> much, but I haven't seen it offered on provider's sites outright.

Have you been looking at providers in the right industry? Such services are
usually offered as addons by people who sell DNS services (especially
dynamic DNS) and other such things designed to make it easier for people to
run their own servers. They do exist, and as was pointed out earlier in this
discussion, cost much less than the 1U colo alternative. We do it, and I
know at least one or two others in our industry do...

Vivien
-- 
Vivien M.
[EMAIL PROTECTED]
Assistant System Administrator
Dynamic Network Services, Inc.
http://www.dyndns.org/ 

Re: who offers cheap (personal) 1U colo?

[Brian Bruns]

On Sunday, March 14, 2004 4:58 PM [EST], Janet Sullivan <[EMAIL PROTECTED]>
wrote:
>
> My cable modem provider filters port 25, so I can't run my own SMTP
> server.  Their mail servers suck.  Yes, I could pay for a business class
> cable modem connection and they'd unblock the port... but I'd likely
> still be filtered.
>
> Guess who is having a dedicated 1U set up right now? ;-)
>
> I think Paul is right, there is a small niche market for this.

Hm, are there companies out there that offer outbound SMTP services (for
people who are blocked, or which need a mail server thats not blacklisted
because their provider isn't dealing with spam problems)?  I never really
looked into too much, but I haven't seen it offered on provider's sites
outright.

I was considering setting up a service like this (we have 2-3 outbound mail
relay servers that are sitting idle because we don't need them yet), but
wasn't sure how interested people would be.  Like, say, setup a service that
offers people the ability to send outbound mail through based on IP ACLs,
possibly SMTP AUTH, TLS/SSL certs, and other things which could authenticate
the sender, and have it accept SMTP on various other non-25 ports.

-- 
Brian Bruns
The Summit Open Source Development Group
Open Solutions For A Closed World / Anti-Spam Resources
http://www.sosdg.org

The Abusive Hosts Blocking List
http://www.ahbl.org

Re: who offers cheap (personal) 1U colo?

[Janet Sullivan]

Paul Vixie wrote:
every time i tell somebody that they shouldn't bother trying to send e-mail
from their dsl or cablemodem ip address due to the unlikelihood of a well
staffed and well trained and empowered abuse desk defending the reputation
of that address space, i also say "buy a 1U and put it someplace with a real
abuse desk, and use your dsl or cablemodem to tunnel to that place."
My cable modem provider filters port 25, so I can't run my own SMTP 
server.  Their mail servers suck.  Yes, I could pay for a business class 
cable modem connection and they'd unblock the port... but I'd likely 
still be filtered.

Guess who is having a dedicated 1U set up right now? ;-)

I think Paul is right, there is a small niche market for this.

Re: who offers cheap (personal) 1U colo?

[Petri Helenius]

Christopher L. Morrow wrote:

how are 'servers' (smtp/web/ftp/imap) different than the existing P2P
apps? Wouldn't a cable provider, if the decision was based on upstream
bandwidth sharing alone, care MORE about P2P than 'servers' ?
 

But the decision is a business decision, because you can make 
"businesses" pay more for something that can run servers.
And it´s harder to kludge smtp/http/etc. to work where servers are not 
permitted as p2p works by default.

Pete