RE: What DNS Is Not
> -Original Message- > From: bmann...@vacation.karoshi.com > [mailto:bmann...@vacation.karoshi.com] > Sent: Monday, November 09, 2009 4:32 PM > To: Patrick W. Gilmore > Cc: NANOG list > Subject: Re: What DNS Is Not ... > notbeing Paul, its rude of me to respond - yet you posted this > to a public list ... so here goes. > > Why do you find your behaviour in your domains acceptable and yet > the same behaviour in others zones to be "a Bad Thing" and should be > stopped? Ok, devils advocate argument. Is there is a difference between being a domain "owner" (Patrick wanting to wildcard the domain he has paid for), and a domain "custodian" (Verisign for the .com example) in whether wildcards are ever acceptable in the DNS responses you provide?
RE: Dan Kaminsky
> doesn't the iphone has an app to decode qr-codes similar to the one > built into almost all keitai here in japan. > > http://en.wikipedia.org/wiki/QR_Code Yep. Called iMatrix. (There are probably others too)
RE: MGE UPS Systems
> Or are you talking about Eaton's? > > http://www.eaton.com/EatonCom/SearchResults/CT_136576 History (as I recall it). Schneider Electric bought MGE late 2003 Schneider Electric bought APC late 2006 (and merges APC/MGE product line, which has overlap) Schneider Electric sold "small" MGE product line to Eaton late 2007 (these are the office/small business type UPSs, as I recall, and overlapped the APC consumer/office/small business offerings). I do not know the plans regarding how Schneider Electric will deal with the remaining overlap in the high end APC/MGE UPS business.
RE: 97.128.0.0/9 allocation to verizon wireless
> Does ARIN lack sufficient resources to vet jumbo requests? I am fairly confident ARIN followed their policies. The existing policies allow anyone (including Verizon) to make a request for (and receive) a /9 with appropriate justification. If you do not like the policies, please participate in the ARIN policy process and work to change them. Mailing lists: arin-p...@arin.net Open to the general public. Provides a forum to raise and discuss policy-related ideas and issues surrounding existing and proposed ARIN policies. The PPML list is an intrinsic part of ARIN's Policy Development Process (PDP), which details how proposed policies are handled. http://www.arin.net/mailing_lists/index.html
RE: Leap second tonight
> It's theoretically possible for leap seconds to be introduced > at the end of March and September. As I recall, NTP supports leap seconds every month, for which there is a prediction that even this would be insufficient at some point in this millennium (depending, of course, on the actual rotation speed). There have been on again/off again talks to abolish the leap second for quite a number of years. Gary
RE: an over-the-top data center
> -Original Message- > From: Steven M. Bellovin [mailto:[EMAIL PROTECTED] > Sent: Friday, November 28, 2008 5:35 AM > To: nanog@nanog.org > Subject: an over-the-top data center > > http://royal.pingdom.com/2008/11/14/the-worlds-most-super-desi > gned-data-center-fit-for-a-james-bond-villain/ > (No, I don't know if it's real or not.) One could consider purchasing the underground tunnels in downtown London that BT is selling to build a competing "over-the-top" data center. http://www.nytimes.com/2008/11/28/business/worldbusiness/28tunnel.html
RE: Advice/resources for setting up TACACS server
> Do you have any suggestions for a free tacacs server which > will run on linux ? I have so far been unable to find any > and the tacacs+ source code hasn't been updated since > around 2000 Available (and maintained) at: http://www.shrubbery.net/tac_plus/ (direct download link: ftp://ftp.shrubbery.net/pub/tac_plus) The latest was last updated end of year 2007
RE: Fwd: cnn.com - Homeland Security seeks cyber counterattack system(Einstein 3.0)
> Which is easier to shut down, an attack coming from a relatively small > number of /16s that belong to the government, or one coming from the > same number of source nodes scattered *all* over Comcast and Verizon > and BT and a few other major providers? > > Hint 1: Consider the number of entry points into your network > for the two cases, especially if you are heavily peered with one or more > of the source ISPs. The Federal Government (through its "Trusted Internet Connection" initiative) is trying to limit the number of entry points into the US Government networks. (As I recall from 4000 interconnects to around 50, where both numbers have a high percentage of politics in the error bar.)
Multiple DNS implementations vulnerable to cache poisoning
Multiple DNS implementations vulnerable to cache poisoning: http://www.kb.cert.org/vuls/id/800113 (A widely coordinated vendor announcement. As always, check with your vendor(s) for patch status.) Gary
RE: Best utilizing fat long pipes and large file transfer
> Hi, > > I'm looking for input on the best practices for sending large > files There are both commercial products (fastcopy) and various "free"(*) products (bbcp, bbftp, gridftp) that will send large files. While they can take advantage of larger windows they also have the capability of using multiple streams (dealing with the inability to tune the tcp stack). There are, of course, competitors to these products which you should look into. As always, YMWV. Some references: http://www.softlink.com/fastcopy_techie.html (Some parts of NASA seem to like fastcopy) http://nccs.gov/user-support/general-support/data-transfer/bbcp/ (Full disclosure, bbcp was written by someone who sits about 3 meters from where I am sitting, but I cannot find a nice web reference from him about the product, so I am showing a different sites documentation) http://doc.in2p3.fr/bbftp/ (One of the first to use multistream for BaBar) http://www.globus.org/grid_software/data/gridftp.php (Part of the globus toolkit. Somewhat heavier weight if all you want is file transfer.) http://fasterdata.es.net/tools.html (A reference I am surprised Kevin did not point to :-) http://www.slac.stanford.edu/grp/scs/net/talk/ggf5_jul2002/NMWG_GGF5.pdf (A few year old performance evaluation) www.triumf.ca/canarie/amsterdam-test/References/010402-ftp.ppt (Another older performance evaluation) Gary (*) Some are GPL, and some (modified) BSD licenses. Which one is "free enough" depends on some strongly held beliefs of the validator.
RE: www.Amazon.com down?
> www.amazon.com returns: > > Http/1.1 Service Unavailable > > Anyone have a URL for a network/etc status page, or info on > the outage? Been that way for a while this morning. Apparently, Amazon has fallen over, and cannot get up. http://news.cnet.com/8301-10784_3-9962010-7.html
Re: [NANOG] IOS rootkits
> I understand *why* we are worried about rootkits on > individual servers. > On essentially "closed" platforms this isn't going to be > rocket science. > It may seem odd by today's BCPs, but booting up from "golden" > images via > write-protected hardware or TFTP or similar is pretty > straightforward Since todays bootstrap codes are in EEPROM (or equivalent), if you get "root" once, you can have "root" forever. Faking file system content (and real time replacing of code) is the core of any current (good) Linux/Mac/Windows rootkit. Cisco/Juniper/Force10/whatever is just another platform to do the same if you can replace the bootstrap. Modular IOS might even make it easier to do dynamic code insertion. There are platforms (Xbox?, Tivo?, etc.) that try to do cryptographic validation of the code they are loading. Network devices are not yet doing a true cryptograhic validation as far as I know, although one could imagine that that might be a next step to protect against that specific threat (although I seem to recall that bypassing the Xbox validations only took a few months, so it is harder than it first appears to get right). Gary ___ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
Re: [NANOG] US DoD receives chunked IPv6 /13 (14x /22 but not totallyconsecutive)
> The other fun question is of course what a single > organization has to do with (2^(48-13)=) 34.359.738.368, > yes indeed, 34 billion /48's which cover 2.251.799.813.685.248 /64's > which is a number that I can't even pronounce. Perhaps the DARPA initiative regarding having each mine have its own network address (so it can communicate and hop around) is closer than we think. http://www.theregister.co.uk/2003/04/11/the_selfhealing_selfhopping_landmine/ (The animation content has moved to: http://www.darpa.mil/sto/smallunitops/shm/index.htm#) Perhaps next each round of ammo will have its own IPv6 address. ___ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
RE: DNS issues?
By answering, we are enablers. By not answering, we are unhelpful elitists. Rock, meet hard place. > we will probably never know. folk who say "the internet broke" seem > unable to actually waste their time giving us actual technical > information. this seems matched to a willingness to waste our time > guessing.