Re: Cable Operator List

[jamie rishaw]

56k's for everyone!
Lets bring the #OldInternet back!

On Tue, Feb 2, 2016 at 10:03 AM, Scott Helms  wrote:

> Colton,
>
> You're only going to find very small, old, or not certified (usually still
> very small) CMTSs that only do layer 2.  All of the major vendors are doing
> layer 3 because we've found out over time that not doing it is more
> problematic.  Having said that, if you're looking for a more ONT/DSLAM type
> of install there is a new type of CMTSs that look at lot like traditional
> telco DLC/BLC deployments.
>
> https://intx15.ncta.com/wp-content/uploads/2015/05/17-Remote-PHY.pdf
>
> The remote PHY+MAC boxes are basically mini-CMTSs and they typically rely
> on something upstream handling layer 3.  The remote PHY boxes are different
> as they don't even do a complete layer 2 and instead forward DOCSIS frames
> back to a centralized CMTS/CCAP.
>
>
>
> Scott Helms
> Chief Technology Officer
> ZCorum
> (678) 507-5000
> 
> http://twitter.com/kscotthelms
> 
>
> On Tue, Feb 2, 2016 at 10:43 AM, Colton Conor 
> wrote:
>
> > Graham,
> >
> > What is DSG? Yes, I am really looking for a CMTS to perform layer 2 just
> as
> > our DSLAMs and GPON do today. All layer 3 will be upstream. I would want
> to
> > handle DHCP upstream, but have the CMTS insert Option 82 if that is a
> > feature. Not sure what specific CMTS stuff you need.
> >
> > On Tue, Feb 2, 2016 at 8:12 AM, Graham Johnston <
> johnst...@westmancom.com>
> > wrote:
> >
> > > Colton,
> > >
> > > It really depends on what features you are after.  I've demo'd one of
> the
> > > small 1/2RU C-DOCSIS CMTSs, and they certainly work.  For us though it
> > was
> > > a non-starter as we needed support for DSG and it didn't have it.  If
> all
> > > you are after is basic internet connectivity there is Pico Digital,
> > Vecima,
> > > Sumavision, as well as others.  Many of the C-DOCSIS CMTSs seem either
> > only
> > > support, or are more often meant to support layer 2 operations where
> the
> > > routing happens upstream from the CMTS.
> > >
> > > Graham Johnston
> > > Network Planner
> > > Westman Communications Group
> > > 204.717.2829
> > > johnst...@westmancom.com
> > > think green; don't print this email.
> > >
> > >
> > > -Original Message-
> > > From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Colton Conor
> > > Sent: Tuesday, February 02, 2016 8:00 AM
> > > To: Daniel Corbe
> > > Cc: NANOG
> > > Subject: Re: Cable Operator List
> > >
> > > Well, maybe NANOG's not a bad place for this post then! I would like to
> > > know more about the data-only side of CMTS systems, and who the main
> > > vendors are.
> > >
> > > We have MDU properties where there is either old inside CAT3 phone
> wire,
> > or
> > > coaxial cable. We have looked and are very familiar with the multiple
> > > technologies that work over phone lines namely VDSL2 and G.FAST.
> However,
> > > using the coaxial cable seems to be a much better solution than using
> the
> > > phone wires.
> > >
> > > So I am looking for compacts, low cost CMTS systems. Based on the
> specs,
> > I
> > > am looking for something at least DOCSIS 3.0 capable, with at least
> 16X4
> > > output. Something with the ability to upgrade to software upgrade to
> > DOCSIS
> > > 3.1 would be nice, but I doubt that would be a low cost solution.
> > >
> > > Whats out there for small operators that don't want a large chassis
> based
> > > system to feed an entire town with.
> > >
> > > So far I have found the
> > > http://picodigital.com/product-details.php?ID=miniCMTS200a which seems
> > to
> > > retail for under $5000.
> > >
> > >
> > > On Tue, Feb 2, 2016 at 7:48 AM, Daniel Corbe 
> > > wrote:
> > >
> > > >
> > > > > On Feb 2, 2016, at 8:42 AM, Colton Conor 
> > > wrote:
> > > > >
> > > > > Are there any mailing lists out there dedicated for cable/MSO type
> > > > > operators?
> > > > >
> > > >
> > > > I'm curious about this too.
> > > >
> > > > I’m not a cable operator (in that I haven’t successfully registered
> > for a
> > > > cable franchise yet) but I do operate a docsis network and I’ve
> > > > successfully negotiated the treacherous waters of obtaining and
> > providing
> > > > content to my users.
> > > >
> > > > I’m still a bit green behind the ears but I could probably offer some
> > > > measure of assistance if you have a specific question.
> > > >
> > > > -Daniel
> > > >
> > > >
> > >
> >
>



-- 
// jamie rishaw //

"*My religion is very simple. My religion is kindness."*
  -  the 14th Dalai Lama; བསྟན་འཛིན་རྒྱ་མཚོ་

Re: The Internet Is Now Officially Too Big as IP Addresses Run Out - NBC News

[jamie rishaw]

Oh, God.

Flem[bleep], /Really/ ?

I thought we all agreed to never mention his name on here again.

It just brings a dark, dark vibe...


On Thu, Jul 2, 2015 at 11:40 PM, Jay Ashworth  wrote:

> John Curran gets a quote; NBC gets the etymology of "IPv4" wrong.
>
> Just keep them away from Jim Fleming.
>
>
> http://www.nbcnews.com/news/us-news/internet-now-officially-too-big-ip-addresses-run-out-n386081
> --
> Sent from my Android phone with K-9 Mail. Please excuse my brevity.
>



-- 
// jamie rishaw //

Chess is just a game, and real people aren't pieces.  You can't assign
more value to some of them than to others... Anyone who looks on the
world as if it was a game of Chess.. deserves to lose.

Charter plant/backbone engineers?

[jamie rishaw]

I have a couple of questions re v6 and QoS'ing.
If I can get an off list "what's up" from an infrastructure type I'd really
appreciate it as neither resi nor business support seem to have a clue
about what I'm asking.

TIA,

-jamie

Re: [OT] Looking for dhs / fbi contact

[jamie rishaw]

Thanks for the off list reply. Oh, wait..
I was casting a wide net to fend off the "you got something?"ers but
without addressing your question my query stands
On Feb 26, 2015 3:43 PM, "Bill Woodcock"  wrote:

>
> > On Feb 26, 2015, at 1:16 PM, jamie rishaw  wrote:
> >
> > obviously off list, but who are we kidding ;)
>
> Uh, which?  They're unrelated agencies with completely different remits.
>
> -Bill
>
>
>
>
>

[OT] Looking for dhs / fbi contact

[jamie rishaw]

obviously off list, but who are we kidding ;)

-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

"I don't drink alcohol from that portion of the color spectrum."
  - Ron Swanson ( Nick Offerman ), "Parks and Recreation"

Re: IPv6 Default Allocation - What size allocation are you giving out

[jamie rishaw]

(PS If I wake up in the morning and find out that someone has hacked my
CatGenie litter boxes, I will hunt you down).

"NANOG:  From Cat Poo to IPv6, We've Got It Covered"

On Thu, Oct 9, 2014 at 12:09 AM, jamie rishaw  wrote:

> This makes no sense.
>
> I have two /48s routed to my house.
>
> ..to my house.
>
> The idea that anyone is giving anything less than a 64 is unreasonable and
> will lead to an exponential growth in routing tables.. it's asinine and
> very short sighted.
>
> Sure, back in the day, I had a server, a couple desktops and a BRI and wow
> who would need more than an ipv4 /28--but let's face reality here--every
> thing, every switch, every night bulb, every door, every window, every
> skylight, every temperature sensor, every tv, every device that a friend
> brings over or even any device that I allow public access to.. every cat,
> every dog, every hamster is going to be microchipped and every single unit
> is going to need to be accessible Hell, I have two ips/one each for
> each of my two cat boxes that tell me current status, c'mon.
>
> My TiVos, my game consoles, my cable boxes, my two printers.. all have
> their own address.
>
> To think in an unframed context that you know what everyone everywhere
> will need is nothing short of naive and is everything elementarily
> assumptive of (ahem) The Internet of Things.
>
> The examples I gave are just for my house.. now multiply that times a
> small, medium, large, xl, enterprise or global entity and do the math
>
> These arguments and debates make me sad. I suppose it's my own fault for
> assuming that everyone in this ML is a forward thinker.
> -j
>
> On Wed, Oct 8, 2014 at 8:18 PM, Erik Sundberg 
> wrote:
>
>> I am planning out our IPv6 deployment right now and I am trying to figure
>> out our default allocation for customer LAN blocks. So what is everyone
>> giving for a default LAN allocation for IPv6 Customers.  I guess the idea
>> of handing a customer /56 (256 /64s) or  a /48 (65,536 /64s) just makes me
>> cringe at the waste. Especially when you know 90% of customers will never
>> have more than 2 or 3 subnets. As I see it the customer can always ask for
>> more IPv6 Space.
>>
>> /64
>> /60
>> /56
>> /48
>>
>> Small Customer?
>> Medium Customer?
>> Large Customer?
>>
>> Thanks
>>
>> Erik
>>
>> 
>>
>> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents,
>> files or previous e-mail messages attached to it may contain confidential
>> information that is legally privileged. If you are not the intended
>> recipient, or a person responsible for delivering it to the intended
>> recipient, you are hereby notified that any disclosure, copying,
>> distribution or use of any of the information contained in or attached to
>> this transmission is STRICTLY PROHIBITED. If you have received this
>> transmission in error please notify the sender immediately by replying to
>> this e-mail. You must destroy the original transmission and its attachments
>> without reading or saving in any manner. Thank you.
>>
>
>
>
> --
> jamie rishaw // .com.arpa@j <- reverse it. ish.
>
> "...let's consider this world like a family and care about each other..."
>  -Malala Yousafzai
>



-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

"...let's consider this world like a family and care about each other..."
 -Malala Yousafzai

Re: IPv6 Default Allocation - What size allocation are you giving out

[jamie rishaw]

This makes no sense.

I have two /48s routed to my house.

..to my house.

The idea that anyone is giving anything less than a 64 is unreasonable and
will lead to an exponential growth in routing tables.. it's asinine and
very short sighted.

Sure, back in the day, I had a server, a couple desktops and a BRI and wow
who would need more than an ipv4 /28--but let's face reality here--every
thing, every switch, every night bulb, every door, every window, every
skylight, every temperature sensor, every tv, every device that a friend
brings over or even any device that I allow public access to.. every cat,
every dog, every hamster is going to be microchipped and every single unit
is going to need to be accessible Hell, I have two ips/one each for
each of my two cat boxes that tell me current status, c'mon.

My TiVos, my game consoles, my cable boxes, my two printers.. all have
their own address.

To think in an unframed context that you know what everyone everywhere will
need is nothing short of naive and is everything elementarily assumptive of
(ahem) The Internet of Things.

The examples I gave are just for my house.. now multiply that times a
small, medium, large, xl, enterprise or global entity and do the math

These arguments and debates make me sad. I suppose it's my own fault for
assuming that everyone in this ML is a forward thinker.
-j

On Wed, Oct 8, 2014 at 8:18 PM, Erik Sundberg 
wrote:

> I am planning out our IPv6 deployment right now and I am trying to figure
> out our default allocation for customer LAN blocks. So what is everyone
> giving for a default LAN allocation for IPv6 Customers.  I guess the idea
> of handing a customer /56 (256 /64s) or  a /48 (65,536 /64s) just makes me
> cringe at the waste. Especially when you know 90% of customers will never
> have more than 2 or 3 subnets. As I see it the customer can always ask for
> more IPv6 Space.
>
> /64
> /60
> /56
> /48
>
> Small Customer?
> Medium Customer?
> Large Customer?
>
> Thanks
>
> Erik
>
> 
>
> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files
> or previous e-mail messages attached to it may contain confidential
> information that is legally privileged. If you are not the intended
> recipient, or a person responsible for delivering it to the intended
> recipient, you are hereby notified that any disclosure, copying,
> distribution or use of any of the information contained in or attached to
> this transmission is STRICTLY PROHIBITED. If you have received this
> transmission in error please notify the sender immediately by replying to
> this e-mail. You must destroy the original transmission and its attachments
> without reading or saving in any manner. Thank you.
>



-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

"...let's consider this world like a family and care about each other..."
 -Malala Yousafzai

Moot thread: Scotland

[jamie rishaw]

Nice exercise in what-ifs, but with 90% reporting and a ten point "No,
thank you" majority, the decision to stay as one UK has clearly prevailed.
..Not that I'm up at 0240 Eastern to check on the vote of course.
Source: BBC World News.
-j

-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

"...let's consider this world like a family and care about each other..."
 -Malala Yousafzai

Re: Scotland ccTLD?

[jamie rishaw]

Do we get to bill time and materials (t&m) if they vote to secede?  I mean,
we're engineers and all but even this discussion has netted a
nonsignificant number of billable hours.

Remember, the entire secession movement is being funded by a couple of
Lottery winners.

Just sayin'.

-j

On Tue, Sep 16, 2014 at 10:26 AM, Jay Ashworth  wrote:

> I know that IANA bases its list of ccTLDs on the 3166 list.
>
> Does anyone know if the 3166 secretariat has a preliminary choice in mind?
> I see press coverage of ".scot", but of course that's not germane.
>
> I see also a suggestion, credited to Dave Eastabrook (sp?) of .ab, which
> apparently stands for Alba, which I will assume has historical significance
> (the country name in Scots Gaelic, perhaps?)
>
> What kind of timeframe would a new ccTLD for a major country roll out on?
>
> Cheers,
> -- jra
>
> --
> Jay R. Ashworth  Baylink
> j...@baylink.com
> Designer The Things I Think   RFC
> 2100
> Ashworth & Associates   http://www.bcp38.info  2000 Land
> Rover DII
> St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647
> 1274
>



-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

"...let's consider this world like a family and care about each other..."
 -Malala Yousafzai

Re: Credit to Digital Ocean for ipv6 offering

[jamie rishaw]

+1+1+1 re living room
On Jun 17, 2014 12:32 PM, "rw...@ropeguru.com"  wrote:

> On Tue, 17 Jun 2014 13:25:37 -0400
>  valdis.kletni...@vt.edu wrote:
>
>> On Tue, 17 Jun 2014 13:14:04 -0400, "rw...@ropeguru.com" said:
>>
>>  No, 8 individual IPv6 addresses.
>>>
>>
>> Wow. Harsh.  I burn more than that just in my living room.
>>
>
> I don't think that is too harsh as all 8 are assigned to a single server.
> So if I have three VPS's, I have 24 total addresses.
>

Re: rz.verisign-grs.com root zone ftp access

[jamie rishaw]

Pretty annoying (esp. to my databases) that com.zone.gz alone is >2.3 GB ... >.<

On Tue, May 27, 2014 at 6:21 PM, Blaine Fleming  wrote:
> On 5/20/14, 11:53 PM, John Levine wrote:
>> In article <537c1f17.6070...@digital-z.com> you write:
>>> On 5/20/14, 4:21 PM, Brandon Applegate wrote:
>>>> Is anyone using this and having failed login for a few days now ?  I�ve 
>>>> been mirroring the root
>>> zone(s) for years and I just started getting failures in my logs.  I 
>>> emailed an address I found on
>>> the Verisign website but so far dead air.  If anyone knows of a more 
>>> pointed email POC that would
>>> actually have clue about this that would be awesome.
>>>
>>> I have been experiencing this problem as well but have not had a chance
>>> to look into it.  It stopped working some time between May 15th and May
>>> 16th.  If you find out anything, please let me know!
>>
>> When I had problems like this a while ago, I found their support
>> people to be quite responsive.  Try writing them at
>> tldz...@verisign-grs.com or call the support number on the web site
>> 703-925-6999.
>>
>> If you're not using your password to download the .COM or .NET zones,
>> it is my impression that they will eventually turn off your password
>> because they think you're not using it.
>>
>> R's,
>> John
>>
>
> Just wanted to follow-up on this issue.  I was actively using it every
> day to fetch the .COM and .NET TLD zone files.  Sent multiple emails to
> tldz...@verisign-grs.com with no response.  Finally reached out to them
> via chat and was informed that I needed to execute a new zone file
> access agreement because they needed updated information for me.  New
> agreement has been submitted so we will see what they say this time.  If
> anyone else is still having problems then you probably need to do the same.
>
> --Blaine
>



-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

"...let's consider this world like a family and care about each other..."
 -Malala Yousafzai

Re: rz.verisign-grs.com root zone ftp access

[jamie rishaw]

Some output deleted to save spamminess:

}~/ ftp rz.verisign-grs.net
Connected to rz.verisign-grs.net.
220- Welcome to the VeriSign Global Registry Services gTLD Zone
FTP Server 
Name (rz.verisign-grs.net:jamie): [myusername]
331 Please specify the password.
Password:
230 Login successful.
ftp> ls
229 Entering Extended Passive Mode (|||31270|).
150 Here comes the directory listing. [ lots truncated ]
-rw-r--r--1 ftp  ftp  5167 May 20 16:21 arpa.zone.gz
-rw-r--r--1 ftp  ftp  2309652729 May 20 15:31 com.zone.gz
-rw-r--r--1 ftp  ftp  3107 Mar 28 14:46 named.root
-rw-r--r--1 ftp  ftp  317965345 May 20 15:23 net.zone.gz
-rw-r--r--1 ftp  ftp   550 Mar 27 15:49 root-servers.net.zone.gz
-rw-r--r--1 ftp  ftp546199 May 20 15:42 root.zone
-rw-r--r--1 ftp  ftp211133 May 20 15:42 root.zone.gz

I will email the OP a couple of contacts in the AM after I verify it's
alright to give out their info.

-jamie

All of .mil tld is down

[jamie rishaw]

At time of post..
.mil. is down.
Apparently an Anonymous "Operation Payback".

.mil nameservers are unresponsive.

Re: Odd syslog-ng problem

[jamie rishaw]

Off topic.
The issue is with the daemon, not your devices.

https://lists.balabit.hu/mailman/listinfo/syslog-ng


On Sat, May 10, 2014 at 4:24 AM, Peter Persson  wrote:
> Hey,
>
> I got a weird problem with my syslog-ng setup, im logging from alot of
> cisco machines and that works great.
> The problem is that when i "pass" this further to a shell program, some
> lines disapere.
>
> My destination looks like this
> destination hosts {
>file("/var/log/ciscorouters/$HOST.log"
>owner(root) group(root) perm(0600) dir_perm(0700) create_dirs(yes));
>program("/scripts/irc/syslog_wrapper_new.sh" template(t_irctempl));
> };
> The "/var/log/ciscorouters/$HOST.log" writes correct, but the data thats
> putted trough to "/scripts/irc/syslog_wrapper_new.sh" only get the first
> line, if it gets flooded (like 5 rows per second).
>
> Do anyone of you have any idea of what might be the problem?
>
> Regards,
> Peter



-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

"...let's consider this world like a family and care about each other..."
 -Malala Yousafzai

Re: Phase 4.

[jamie rishaw]

I can has test fore able two post too this list ??

On Thu, Apr 24, 2014 at 12:54 AM, Bryan Socha  wrote:
> Whats the big deal   If your just arin, dont panic. Akamai and
> digitalocean has been the only people aquire fair priced v4 putside
> arin.So arin is ending.   It doesnt stop anything. be smart 3 usd
> per ip is fair if dirty.  F the auct8ons they are fake and we get the ips
> lower than op3ning.
>
> Icann is the mast 8 class as real?Distribute them
> ,



-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

"Reality defeats prejudice." - Rep. Barney Frank

Re: Serious bug in ubiquitous OpenSSL library: "Heartbleed"

[jamie rishaw]

Here's the only way to keep a system safe from Internet hackers:

http://goo.gl/ZvGrXw  [google images]

-j

Re: Need trusted NTP Sources

[jamie rishaw]

PCI DSS only requires that all clocks be synchronized; It doesn't
/require/ "how".

If you have servers getting time from external sources (authenticated
always a plus) and peering with each other internally, then you comply
with PCI DSS 2.0 (3.0 has no changes to this that I'm aware of).

OTOH, I'm surprised nobody has mentioned
http://www.team-cymru.org/ReadingRoom/Templates/secure-ntp-template.html

-j

On Thu, Feb 6, 2014 at 6:53 AM, Notify Me  wrote:
> Raspberries! Not common currency here either, but let's see!
> grateful for all the input and responses, this list is amazing as usual.
>
> On Thu, Feb 6, 2014 at 1:41 PM, Aled Morris  wrote:
>> On 6 February 2014 12:30, Martin Hotze  wrote:
>>
>>> > I'm trying to help a company I work for to pass an audit, and we've
>>> > been told we need trusted NTP sources (RedHat doesn't cut it). Being
>>> > located in Nigeria, Africa,
>>>
>>  [...]
>>
>>> So build your own stratum 1 server (maybe a second one with DCF77 or
>>> whatever you can use for redundancy),
>>>
>>
>> I don't think DCF77 is going to reach Nigeria.
>>
>> Aled
>



-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

"Reality defeats prejudice." - Rep. Barney Frank

Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]

[jamie rishaw]

Don't fight it.

It's clear that implementation on a per-packet basis of RFC4824 (datagrams
over Semaphore Flag Signaling System) would have prevented this entire
situation.

Refer to sections 3.3 and 3.4.

-j

On Mon, Feb 3, 2014 at 12:23 PM, Paul Ferguson 
wrote:
>
>
> On 2/2/2014 2:17 PM, Cb B wrote:
>
> > And, i agree bcp38 would help but that was published 14 years ago.
>
> But what? Are you somehow implying that because BCP38 was
> "...published 14 years ago" (RFC2267 was initially published in 1998,
> and it was subsequently replaced by RFC2827)?

First! [?]

[jamie rishaw]

Happy New Year to all, and to all a good lawful interception.

Re: Charter Contact

[jamie rishaw]

Uh, yea, me.
I'll send you an address to forward it to.


On Sat, Dec 14, 2013 at 8:56 PM, Scott Noel-Hemming
wrote:

> Is anyone from Charter in the Walla Walla area looking for some hardware
> that was supposed to be delivered today?
>
> --
> ()  ascii ribbon campaign - against html e-mail
> /\  www.asciiribbon.org   - against proprietary attachments
>
>
>


-- 
"sharp, dry wit and brash in his dealings with contestants." - Forbes
If voting didn't matter, the GOP wouldn't make it more difficult than
buying a gun.
/* - teh jamie. ; uri -> http://about.me/jgr */

Re: BRAS

[jamie rishaw]

+1

That was my first thought as well.

"Well, I don't swing that way but I have an ex coworker or two at Playboy
that might be able to give you a pointer, no pun intended"




On Tue, Dec 10, 2013 at 11:10 PM, Larry Sheldon wrote:

> On 12/10/2013 8:21 AM, Nilesh Kahar wrote:
>
>> Which is a good BRAS product, to handle 15000 subscribers sessions with
>> full QoS & other features?
>>
>
> Victoria's Secret has some nice ones.
>
>
> --
> Requiescas in pace o email   Two identifying characteristics
> of System Administrators:
> Ex turpi causa non oritur actio  Infallibility, and the ability to
> learn from their mistakes.
>   (Adapted from Stephen Pinker)
>
>


-- 
"sharp, dry wit and brash in his dealings with contestants." - Forbes
If voting didn't matter, the GOP wouldn't make it more difficult than
buying a gun.
/* - teh jamie. ; uri -> http://about.me/jgr */

Re: blogs.cisco.com not available via IPv6

[jamie rishaw]

*Has a Rick Perry "Oops." moment*.

Thanks, Jared.

..Again. :)

-j

Re: blogs.cisco.com not available via IPv6

[jamie rishaw]

(A little late but) it's reachable for me -- Funny tho that something at
cisco is IPv6 via a v4<->v6 (2001::)  :-)

jamie


On Thu, Dec 5, 2013 at 8:16 PM, Geraint Jones  wrote:

> Its the reason deduplication makes the storage savings it does :)
> --
> Geraint Jones
>
>
>
>
> On 6/12/13 2:52 pm, "Richard Porter"  wrote:
>
> >*Sarcasm* but lawyers seem to think it is REALLY important to add that
> >load to email servers, backup servers and storage :). I wonder how much
> >extra storage those simple extra bits/bytes have taken over the years?
> >
> >~Richard
> >
> >On Dec 5, 2013, at 6:39 PM, Rogan Schlassa 
> >wrote:
> >
> >> Please dont reply back with such legal disclaimers.  It is basically
> >>SPAM
> >> and of course nonsense.
> >>
> >> The thought that you can send a email and force your companies terms on
> >>us
> >> is rediculous.
> >>
> >> If CISCO forces that in your sig then for one tell them to fuck off and
> >>two
> >> use a different email.
> >> On Dec 5, 2013 3:56 PM, "John Stuppi (jstuppi)" 
> >>wrote:
> >>
> >>> Thanks folks.  Blogs.cisco.com should be back up now for both IPv4 and
> >>>v6.
> >>>
> >>> Thanks,
> >>> John
> >>>
> >>> "We can't help everyone, but everyone can help someone."
> >>>
> >>>
> >>>
> >>>
> >>> John Stuppi, CISSP
> >>> Technical Leader
> >>> Strategic Security Research
> >>> jstu...@cisco.com
> >>> Phone: +1 732 516 5994
> >>> Mobile: 732 319 3886
> >>>
> >>> CCIE, Security - 11154
> >>> Cisco Systems
> >>> Mail Stop INJ01/2/
> >>> 111 Wood Avenue South
> >>> Iselin, New Jersey 08830
> >>> United States
> >>> Cisco.com
> >>>
> >>>
> >>>
> >>> Think before you print.
> >>> This email may contain confidential and privileged material for the
> >>>sole
> >>> use of the intended recipient. Any review, use, distribution or
> >>>disclosure
> >>> by others is strictly prohibited. If you are not the intended
> >>>recipient (or
> >>> authorized to receive for the recipient), please contact the sender by
> >>> reply email and delete all copies of this message.
> >>> For corporate legal information go to:
> >>> http://www.cisco.com/web/about/doing_business/legal/cri/index.html
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> -Original Message-
> >>> From: Jared Mauch [mailto:ja...@puck.nether.net]
> >>> Sent: Wednesday, December 04, 2013 9:23 AM
> >>> To: Henri Wahl
> >>> Cc: NANOG list
> >>> Subject: Re: blogs.cisco.com not available via IPv6
> >>>
> >>> I'm seeing it down via IPv6:
> >>>
> >>> *   Trying 2600:1407:9:295::90...
> >>> * Connected to www.cisco.com (2600:1407:9:295::90) port 80 (#0)
>  GET / HTTP/1.1
>  User-Agent: curl/7.30.0
>  Host: www.cisco.com
>  Accept: */*
> 
> >>> < HTTP/1.1 200 OK
> >>> * Server Apache is not blacklisted
> >>>
> >>>
> >>> * About to connect() to blogs.cisco.com port 80 (#0)
> >>> *   Trying 2001:4800:13c1:10::178...
> >>> ^C
> >>>
> >>> - Jared
> >>>
> >>> On Dec 4, 2013, at 8:37 AM, Henri Wahl  wrote:
> >>>
>  Hi,
>  can anybody from Cisco confirm that blogs.cisco.com
>  (2001:4800:13c1:10::178) is not available via IPv6?
>  Regards
> 
>  --
>  Henri Wahl
> 
>  IT Department
>  Leibniz-Institut fuer Festkoerper- u.
>  Werkstoffforschung Dresden
> 
>  tel: (03 51) 46 59 - 797
>  email: h.w...@ifw-dresden.de
>  http://www.ifw-dresden.de
> 
>  Nagios status monitor Nagstamon:
>  http://nagstamon.ifw-dresden.de
> 
>  DHCPv6 server dhcpy6d:
>  http://dhcpy6d.ifw-dresden.de
> 
>  IFW Dresden e.V., Helmholtzstrasse 20, D-01069 Dresden VR Dresden Nr.
>  1369
>  Vorstand: Prof. Dr. Juergen Eckert, Dr. h.c. Dipl.-Finw. Rolf Pfrengle
>  <0x1FBA0942.asc>
> >>>
> >>>
> >>>
> >>>
> >
>
>
>
>


-- 
"sharp, dry wit and brash in his dealings with contestants." - Forbes
If voting didn't matter, the GOP wouldn't make it more difficult than
buying a gun.
/* - teh jamie. ; uri -> http://about.me/jgr */

Re: NOOP and Terremark

[jamie rishaw]

I'm sorry, I should have phrased differently.

I meant: By the number of responses I've received that have been told to me
"in private," or with a "this is not public info,"...

While I certainly would not violate those restraints I do agree with you.

jamie



On Mon, Oct 28, 2013 at 6:35 AM, Dobbins, Roland  wrote:

>
> On Oct 28, 2013, at 5:27 PM, jamie rishaw  wrote:
>
> >  It's clear that we all still consider open discussions on things like
> this to be something to be kept to a small vetted community.
>
> It's not clear to me at all.
>
> Real-time discussions of specific events in order to coordinate response,
> sure - it's important to limit those communications to the
> groups/individuals who can do something useful to help in real time.
>
> General discussion of attack characteristics, defensive tactics, etc.,
> absolutely not - they must be shouted from the rooftops.
>
> ---
> Roland Dobbins  // <http://www.arbornetworks.com>
>
>   Luck is the residue of opportunity and design.
>
>-- John Milton
>
>
>


-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

*"Reality defeats prejudice."* - *Rep. Barney Frank*

NOOP and Terremark

[jamie rishaw]

1) Thank you all for responses in private re my 80Gbps thread - It's clear
that we all still consider open discussions on things like this to be
something to be kept to a small vetted community.

2) Surprised to see no threads on Terremark's epic fail w/r/t Fed-Cloud and
healthcare.gov.  News articles are of zero help since reporters have -no-
idea what the truth is and will believe anything fed to them by tech types
to get an article posted; Still curious about the actual RFO...

-jamie

80 Gbps ?

[jamie rishaw]

  I'm looking at a site named the "digital attack map" (dot com).

  There's one attack that lists an attack at some near 80 Gbps inbound.
( Clip Cap at http://screencast.com/t/M59qmJhcWSW )

  Some questions.  Maybe I've just been lucky... but,

A)  /Seriously/ ?  80 Gbps ?

B) Other than dropping routes / changing DNS and "filtering at the borders"
are there controls that operators employ that help mitigate multi-Gbps
attacks?

I understand if - by the nature of talking about it, 'we' give attackers
insight, so I'm willing to entertain private discussions; However, this
seems to be a semi appropriate place as a catalyst.

I'd be interested in a discussion, a ML, or resources that any people can
provide, via this list or off list.

-jamie
-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

*"Reality defeats prejudice."* - *Rep. Barney Frank*

NANOG Pager : Captain Zappos, white courtesy phone. Captain Zappos eng?

[jamie rishaw]

.. No, the white one.



In all seriousness - Any engs from Zappos?  Please contact me off list

TYVM

-jamie

Re: google / massive problems

[jamie rishaw]

How do I configure my router for this?


On Wed, Oct 9, 2013 at 12:52 PM, Brandon Ross  wrote:

> On Wed, 9 Oct 2013, Christopher Morrow wrote:
>
>  piling on a tad: (for consumer gmail/drive)
>> 1) existing session cookies work fine
>> 2) new sessions work fine, + 2-step auth
>>
>
> Yea, I'll pile on too.  I have 5 entities that I have gmail accounts setup
> for, plus my personal @gmail account.  I regularly keep several of them
> open at the same time, but for at lest 3 or 4 days I've been unable to stay
> logged into more than 1 at a time.  I've only used Chrome, and I'm in PHX
> at NANOG.  It's super annoying.
>
> --
> Brandon Ross  Yahoo & AIM:
>  BrandonNRoss
> +1-404-635-6667ICQ:
>  2269442
> Schedule a meeting:  https://doodle.com/brossSkype:
>  brandonross
>
>


-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

*"Reality defeats prejudice."* - *Rep. Barney Frank*

Re: nanog.org website - restored

[jamie rishaw]

Translated:


On Mon, Oct 7, 2013 at 6:24 PM, Andrew Koch  wrote:

> We believe the server is now at a stable point and all functions of the
>

"We hope that the"


> NANOG website and mailing list are restored.
>
> For those interested, we would like to share some details of this event.
> It was noticed a couple weeks ago that a lack of memory conditon[sic] was
> present on the NANOG servers in Chicago.  Temporary measures were taken
> to clear processes and restart the server, but this only temporarialy
> restored the server.
>

"Server swapped itself to death. We power cycled that bad boy"


> Working with onsite personel[sic] to upgrade the server with additional
> memory failed during the first announced maintenance.  Compatible memory
> was located and tested leading to the second maintenance when it was
> successfully installed.
>

"Added more ramz but only after remote hands wikipedia'd the right ram for
our vps"

>
> At this time we have increased the memory on the server and are at a
> stable point.
>

"Seems to work now we think"


NANOG is making plans to move the NANOG web and mail services off this
> platform to an environment that is more capable.  We will inform the
> community of any maintenance plans as we move forward.
>


"$1/mo hosting aint cutting it anymore; NANOG fees now +$99/attendee/event"



> Thank you for your understanding.
>

"closing ticket"


>
> Andrew Koch
> on behalf of the NANOG Communications Committee
>

"Got the short straw"

What happened to MERIT, A2 and the big tens rocking the mic fantastic?


j
-- 
"sharp, dry wit and brash in his dealings with contestants." - Forbes
If voting didn't matter, the GOP wouldn't make it more difficult than
buying a gun.
/* - teh jamie. ; uri -> http://about.me/jgr */

Digital Ocean

[jamie rishaw]

I've been unable to get ahold of cluebies @ digital ocean ; anyone in engr
pls contact off list

Super Space Self Storage : At The Heart of what was to become the epicenter of Silicon Valley.

[jamie rishaw]

http://www.theatlantic.com/technology/archive/13/07/not-even-silicon-valley-escapes-history/277824/


-j
-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

*"Reality defeats prejudice."* - *Rep. Barney Frank*

Re: .biz DNSSEC borked

[jamie rishaw]

confirmed

None of the 5 DNSKEY records could be validated by any of the 2 DS records
The DNSKEY RRset was not signed by any keys in the chain-of-trust


 biz has SOA record a.gtld.biz. hostmaster.neustar.biz. 12161960 900 900
604800 86400 (BOGUS (security failure)) validation failure :
no keys have a DS from 156.154.127.65 for key BIZ. while building chain of
trust


tcp: biz has SOA record a.gtld.biz. hostmaster.neustar.biz. 12161960 900
900 604800 86400 (BOGUS (security failure)) validation failure : no keys have a DS from 156.154.127.65 for key BIZ. while building
chain of trust




On Sat, Jun 22, 2013 at 1:45 PM, Andre Tomt  wrote:
>
> Seems the entire .biz tld is failing DNSSEC validation now.
> All of my DNSSEC validating resolvers are tossing all domains in .biz.
The non-signed domains too of course because trust of the tld itself cannot
be established.
>
> http://dnssec-debugger.verisignlabs.com/nic.biz
>

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

[jamie rishaw]

Data on June 20 :

  .COM. :
108,985,894 unique domains + the tld.
  -> 234,479 NSEC3/RRSIG records,
  -> 2,253,400 nameserver entries on 831,088 unique IP addresses.

.. ish.

-jamie

On Fri, Jun 21, 2013 at 5:23 PM, Barry Shein  wrote:

>
> I think we need a better measure than number of domains (in this case
> .COM), particularly vs total domains.
>
> If it was 100 domains it might seem small, unless that list began with
> facebook.com, amazon.com, google.com and g*d forbid theworld.com.
>
> --
> -Barry Shein
>
> The World  | b...@theworld.com   |
> http://www.TheWorld.com
> Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR,
> Canada
> Software Tool & Die| Public Access Internet | SINCE 1989 *oo*
>

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

[jamie rishaw]

No.

The ztomy nameservers appeared in this morning's master .COM zonefile as
/authoritative/ for the number of domains I mentioned.

It is a clear change from just a couple of days ago, when the listed
nameservers were nowhere to be seen.

I have solid data to back this up, straight from Verisign GRS (Verisign),
the authoritative registry for .COM, .NET and others.

j



On Thu, Jun 20, 2013 at 4:10 PM, Carsten Bormann  wrote:

> Wild speculation:
>
> netsol says this is a human error incurred during DDOS mitigation.
> ztomy.com is a wild-card DNS provider that seems to use prolexic.
> Now imagine someone at netsol or its DDOS service providers
> fat-fingered their DDOS-averting routing in such a way that netsol
> DNS traffic arrived at ztomy.com instead of a netsol server.
> The ztomy.com server would know how to answer the queries...
>
> I have no data to base this speculation on.
>
> Grüße, Carsten
>
>
>


-- 
Jamie Rishaw // .com.arpa@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Fwd: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

[jamie rishaw]

Wait, wait.

whois doesnt jive with dns.

.. Conspiracy Theory Hat On :

- Did someone gain access to the COM dispersion zone, or parts thereof?
- Did someone figure out how to [ insert theory here ] ?

I'm looking at domains that were solidly pointing at ztomy at 2:30AM (that
are 'recovered'  to other nameservers) that show no "updates" in `whois`
records.

Curiouser and curiouser.

Paul?

-- Forwarded message --
From: jamie rishaw 
Date: Thu, Jun 20, 2013 at 3:21 PM
Subject: Re: This is a coordinated hacking. (Was Re: Need help in flushing
DNS)
To: George Herbert 
Cc: Jared Mauch , NANOG 


It's not poisoning.  They somehow were able to modify the NS records; one
would presume, at the registrar/s.

As far as the logic of the DNS, it is functioning as designed (What's up,
Vix!) - There's another aspect of this that caused this situation.

Any Alexa or similar people on this list (Goog PR, etc)?  I'd love to bulk
submit a domain list for some analytics.  Contact me off list.



On Thu, Jun 20, 2013 at 3:14 PM, George Herbert wrote:

> Poisoning a domain's NS records with localhost will most certainly DOS the
> domain, yes.
>
> I have not yet seen the source of this; if anyone has a clue where the
> updates are coming from please post the info.
>
> Is there anything about ztomy.com that has been seen that's supicious as
> in they might be the origin?  This could be them, or could be a joe-job
> against them.  I do not want to point a finger lacking any sort of actual
> data dump of the poisoning activity...
>
>
>
>
> On Thu, Jun 20, 2013 at 1:02 PM, jamie rishaw  wrote:
>
>> I'm rechecking realtime ns1620/2620 DNS right now and, looking at the
>> output, I see an odd number of domains (that have changed) with a listed
>> nameserver of "localhost.".
>>
>> Is this some sort of tactic I'm unaware of?
>>
>>
>> On Thu, Jun 20, 2013 at 2:57 PM, Jared Mauch 
>> wrote:
>>
>> > It seems there may be a need for some sort of 'dns-health' check out
>> there
>> > that can be done in semi-realtime.
>> >
>> > I ran a report for someone earlier today on a domain doing an xref
>> against
>> > open resolver data searching for valid responses vs invalid ones.
>> >
>> > Is this of value?  Does it need to be automated?
>> >
>> > - Jared
>> >
>> > On Jun 20, 2013, at 3:53 PM, jamie rishaw  wrote:
>> >
>> > > This is most definitely a coordinated and planned attack.
>> > >
>> > > And by 'attack' I mean hijacking of domain names.
>> > >
>> > > I show as of this morning nearly fifty thousand domain names that
>> appear
>> > > suspicious.
>> > >
>> > > I'm tempted to call uscentcom and/or related agencies (which agencies,
>> > who
>> > > the hell knows, as ICE seems to have some sort of authority over
>> domains
>> > > (nearly two hundred fifty of them as I type this in COM alone and
>> another
>> > > thirty-some in NET).
>> > >
>> > > Anyone credentialed (credentialed /n/., "I know you or know of you,")
>> > > wanting data, e-mail me off-list for some TLD goodness.
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > > On Thu, Jun 20, 2013 at 12:29 PM, Phil Fagan 
>> > wrote:
>> > >
>> > >> Agree'd in these "smaller" scenario's I just wonder if in a larger
>> scale
>> > >> scenario, whatever that might look like, if its necessary. Whereby
>> many
>> > >> organizations who provide "services" are effected. Perhaps the result
>> > of a
>> > >> State led campaign topic for another day.
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> On Thu, Jun 20, 2013 at 11:25 AM, Paul Ferguson <
>> fergdawgs...@gmail.com
>> > >>> wrote:
>> > >>
>> > >>> I am betting that Netsol doesn't need any more "coordination" at the
>> > >>> moment -- their phones are probably ringing off-the-hook. There are
>> > >>> still ~400 domains still pointing to the ztomy NS:
>> > >>>
>> > >>>
>> > >>> ; <<>> DiG 9.7.3 <<>> @foohost parsonstech.com NS
>> > >>> ; (1 server found)
>> > >>> ;; global options: +cmd
>> > >&g

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

[jamie rishaw]

It's not poisoning.  They somehow were able to modify the NS records; one
would presume, at the registrar/s.

As far as the logic of the DNS, it is functioning as designed (What's up,
Vix!) - There's another aspect of this that caused this situation.

Any Alexa or similar people on this list (Goog PR, etc)?  I'd love to bulk
submit a domain list for some analytics.  Contact me off list.



On Thu, Jun 20, 2013 at 3:14 PM, George Herbert wrote:

> Poisoning a domain's NS records with localhost will most certainly DOS the
> domain, yes.
>
> I have not yet seen the source of this; if anyone has a clue where the
> updates are coming from please post the info.
>
> Is there anything about ztomy.com that has been seen that's supicious as
> in they might be the origin?  This could be them, or could be a joe-job
> against them.  I do not want to point a finger lacking any sort of actual
> data dump of the poisoning activity...
>
>
>
>
> On Thu, Jun 20, 2013 at 1:02 PM, jamie rishaw  wrote:
>
>> I'm rechecking realtime ns1620/2620 DNS right now and, looking at the
>> output, I see an odd number of domains (that have changed) with a listed
>> nameserver of "localhost.".
>>
>> Is this some sort of tactic I'm unaware of?
>>
>>
>> On Thu, Jun 20, 2013 at 2:57 PM, Jared Mauch 
>> wrote:
>>
>> > It seems there may be a need for some sort of 'dns-health' check out
>> there
>> > that can be done in semi-realtime.
>> >
>> > I ran a report for someone earlier today on a domain doing an xref
>> against
>> > open resolver data searching for valid responses vs invalid ones.
>> >
>> > Is this of value?  Does it need to be automated?
>> >
>> > - Jared
>> >
>> > On Jun 20, 2013, at 3:53 PM, jamie rishaw  wrote:
>> >
>> > > This is most definitely a coordinated and planned attack.
>> > >
>> > > And by 'attack' I mean hijacking of domain names.
>> > >
>> > > I show as of this morning nearly fifty thousand domain names that
>> appear
>> > > suspicious.
>> > >
>> > > I'm tempted to call uscentcom and/or related agencies (which agencies,
>> > who
>> > > the hell knows, as ICE seems to have some sort of authority over
>> domains
>> > > (nearly two hundred fifty of them as I type this in COM alone and
>> another
>> > > thirty-some in NET).
>> > >
>> > > Anyone credentialed (credentialed /n/., "I know you or know of you,")
>> > > wanting data, e-mail me off-list for some TLD goodness.
>> > >
>> > >
>> > >
>> > >
>> > >
>> > >
>> > > On Thu, Jun 20, 2013 at 12:29 PM, Phil Fagan 
>> > wrote:
>> > >
>> > >> Agree'd in these "smaller" scenario's I just wonder if in a larger
>> scale
>> > >> scenario, whatever that might look like, if its necessary. Whereby
>> many
>> > >> organizations who provide "services" are effected. Perhaps the result
>> > of a
>> > >> State led campaign topic for another day.
>> > >>
>> > >>
>> > >>
>> > >>
>> > >> On Thu, Jun 20, 2013 at 11:25 AM, Paul Ferguson <
>> fergdawgs...@gmail.com
>> > >>> wrote:
>> > >>
>> > >>> I am betting that Netsol doesn't need any more "coordination" at the
>> > >>> moment -- their phones are probably ringing off-the-hook. There are
>> > >>> still ~400 domains still pointing to the ztomy NS:
>> > >>>
>> > >>>
>> > >>> ; <<>> DiG 9.7.3 <<>> @foohost parsonstech.com NS
>> > >>> ; (1 server found)
>> > >>> ;; global options: +cmd
>> > >>> ;; Got answer:
>> > >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49064
>> > >>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
>> > >>>
>> > >>> ;; QUESTION SECTION:
>> > >>> ;parsonstech.com.INNS
>> > >>>
>> > >>> ;; ANSWER SECTION:
>> > >>> parsonstech.com.172800    IN    NSns2617.ztomy.com.
>> > >>> parsonstech.com.172800INNSns1617.ztomy.com.
>> > >>>
>> > >

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

[jamie rishaw]

I'm rechecking realtime ns1620/2620 DNS right now and, looking at the
output, I see an odd number of domains (that have changed) with a listed
nameserver of "localhost.".

Is this some sort of tactic I'm unaware of?


On Thu, Jun 20, 2013 at 2:57 PM, Jared Mauch  wrote:

> It seems there may be a need for some sort of 'dns-health' check out there
> that can be done in semi-realtime.
>
> I ran a report for someone earlier today on a domain doing an xref against
> open resolver data searching for valid responses vs invalid ones.
>
> Is this of value?  Does it need to be automated?
>
> - Jared
>
> On Jun 20, 2013, at 3:53 PM, jamie rishaw  wrote:
>
> > This is most definitely a coordinated and planned attack.
> >
> > And by 'attack' I mean hijacking of domain names.
> >
> > I show as of this morning nearly fifty thousand domain names that appear
> > suspicious.
> >
> > I'm tempted to call uscentcom and/or related agencies (which agencies,
> who
> > the hell knows, as ICE seems to have some sort of authority over domains
> > (nearly two hundred fifty of them as I type this in COM alone and another
> > thirty-some in NET).
> >
> > Anyone credentialed (credentialed /n/., "I know you or know of you,")
> > wanting data, e-mail me off-list for some TLD goodness.
> >
> >
> >
> >
> >
> >
> > On Thu, Jun 20, 2013 at 12:29 PM, Phil Fagan 
> wrote:
> >
> >> Agree'd in these "smaller" scenario's I just wonder if in a larger scale
> >> scenario, whatever that might look like, if its necessary. Whereby many
> >> organizations who provide "services" are effected. Perhaps the result
> of a
> >> State led campaign topic for another day.
> >>
> >>
> >>
> >>
> >> On Thu, Jun 20, 2013 at 11:25 AM, Paul Ferguson  >>> wrote:
> >>
> >>> I am betting that Netsol doesn't need any more "coordination" at the
> >>> moment -- their phones are probably ringing off-the-hook. There are
> >>> still ~400 domains still pointing to the ztomy NS:
> >>>
> >>>
> >>> ; <<>> DiG 9.7.3 <<>> @foohost parsonstech.com NS
> >>> ; (1 server found)
> >>> ;; global options: +cmd
> >>> ;; Got answer:
> >>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49064
> >>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> >>>
> >>> ;; QUESTION SECTION:
> >>> ;parsonstech.com.INNS
> >>>
> >>> ;; ANSWER SECTION:
> >>> parsonstech.com.172800INNSns2617.ztomy.com.
> >>> parsonstech.com.172800INNSns1617.ztomy.com.
> >>>
> >>> ;; Query time: 286 msec
> >>> ;; SERVER: 127.0.0.1#53(127.0.0.1)
> >>> ;; WHEN: Thu Jun 20 19:16:25 2013
> >>> ;; MSG SIZE  rcvd: 81
> >>>
> >>> - ferg
> >>>
> >>> On Thu, Jun 20, 2013 at 10:13 AM, Phil Fagan 
> >> wrote:
> >>>
> >>>> I should caveat.coordinate the "recovery" of.
> >>>>
> >>>>
> >>>> On Thu, Jun 20, 2013 at 11:10 AM, Brandon Butterworth
> >>>> wrote:
> >>>>
> >>>>>> Is there an organization that coordinates outages like this amongst
> >>> the
> >>>>>> industry?
> >>>>>
> >>>>> No, usually they are surprise outages though Anonymous have tried
> >>>>> coordinating a few
> >>>>>
> >>>>> brandon
> >>>>>
> >>>>
> >>>>
> >>>>
> >>>> --
> >>>> Phil Fagan
> >>>> Denver, CO
> >>>> 970-480-7618
> >>>
> >>>
> >>>
> >>> --
> >>> "Fergie", a.k.a. Paul Ferguson
> >>> fergdawgster(at)gmail.com
> >>>
> >>
> >>
> >>
> >> --
> >> Phil Fagan
> >> Denver, CO
> >> 970-480-7618
> >>
> >
> >
> >
> > --
> > Jamie Rishaw // .com.arpa@j <- reverse it. ish.
> > [Impressive C-level Title Here], arpa / arpa labs
>
>


-- 
Jamie Rishaw // .com.arpa@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

This is a coordinated hacking. (Was Re: Need help in flushing DNS)

[jamie rishaw]

This is most definitely a coordinated and planned attack.

And by 'attack' I mean hijacking of domain names.

I show as of this morning nearly fifty thousand domain names that appear
suspicious.

I'm tempted to call uscentcom and/or related agencies (which agencies, who
the hell knows, as ICE seems to have some sort of authority over domains
(nearly two hundred fifty of them as I type this in COM alone and another
thirty-some in NET).

Anyone credentialed (credentialed /n/., "I know you or know of you,")
wanting data, e-mail me off-list for some TLD goodness.






On Thu, Jun 20, 2013 at 12:29 PM, Phil Fagan  wrote:

> Agree'd in these "smaller" scenario's I just wonder if in a larger scale
> scenario, whatever that might look like, if its necessary. Whereby many
> organizations who provide "services" are effected. Perhaps the result of a
> State led campaign topic for another day.
>
>
>
>
> On Thu, Jun 20, 2013 at 11:25 AM, Paul Ferguson  >wrote:
>
> > I am betting that Netsol doesn't need any more "coordination" at the
> > moment -- their phones are probably ringing off-the-hook. There are
> > still ~400 domains still pointing to the ztomy NS:
> >
> >
> >  ; <<>> DiG 9.7.3 <<>> @foohost parsonstech.com NS
> >  ; (1 server found)
> >  ;; global options: +cmd
> >  ;; Got answer:
> >  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49064
> >  ;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
> >
> >  ;; QUESTION SECTION:
> >  ;parsonstech.com.INNS
> >
> >  ;; ANSWER SECTION:
> >  parsonstech.com.172800INNSns2617.ztomy.com.
> >  parsonstech.com.172800INNSns1617.ztomy.com.
> >
> >  ;; Query time: 286 msec
> >  ;; SERVER: 127.0.0.1#53(127.0.0.1)
> >  ;; WHEN: Thu Jun 20 19:16:25 2013
> >  ;; MSG SIZE  rcvd: 81
> >
> > - ferg
> >
> > On Thu, Jun 20, 2013 at 10:13 AM, Phil Fagan 
> wrote:
> >
> > > I should caveat.coordinate the "recovery" of.
> > >
> > >
> > > On Thu, Jun 20, 2013 at 11:10 AM, Brandon Butterworth
> > > wrote:
> > >
> > >> > Is there an organization that coordinates outages like this amongst
> > the
> > >> > industry?
> > >>
> > >> No, usually they are surprise outages though Anonymous have tried
> > >> coordinating a few
> > >>
> > >> brandon
> > >>
> > >
> > >
> > >
> > > --
> > > Phil Fagan
> > > Denver, CO
> > > 970-480-7618
> >
> >
> >
> > --
> > "Fergie", a.k.a. Paul Ferguson
> >  fergdawgster(at)gmail.com
> >
>
>
>
> --
> Phil Fagan
> Denver, CO
> 970-480-7618
>



-- 
Jamie Rishaw // .com.arpa@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Re: Need help in flushing DNS

[jamie rishaw]

Smileyface aside, I'm disappointed to see operators simply flushing caches
and not performing at the least a dumpdb for possible future forensic
analysis.
This is what I call the "Windows solution," - 'Oh, just reboot, and it'll
work'.

We're better than that.

(Aren't we?)



On Thu, Jun 20, 2013 at 1:02 AM, Paul Ferguson wrote:

> Hanlon's razor? Misconfiguration. Perhaps not done in malice, but I
> have no idea where the poison leaked in, or why. :-)
>
> - ferg
>
> On Wed, Jun 19, 2013 at 10:49 PM, Alex Buie 
> wrote:
>
> > Anyone have news/explanation about what's happening/happened?
> >
> >
> > On Wed, Jun 19, 2013 at 10:34 PM, Paul Ferguson  >wrote:
> >
> >> Sure enough:
> >>
> >>
> >>
> >>  ; <<>> DiG 9.7.3 <<>> @localhost yelp.com A
> >>  ; (1 server found)
> >>  ;; global options: +cmd
> >>  ;; Got answer:
> >>  ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53267
> >>  ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
> >>
> >>  ;; QUESTION SECTION:
> >>  ;yelp.com. IN A
> >>
> >>  ;; ANSWER SECTION:
> >>  yelp.com. 300 IN A 204.11.56.20
> >>
> >>  ;; Query time: 143 msec
> >>  ;; SERVER: 127.0.0.1#53(127.0.0.1)
> >>  ;; WHEN: Thu Jun 20 07:33:13 2013
> >>  ;; MSG SIZE  rcvd: 42
> >>
> >>
> >>
> >>
> >>
> >> NetRange: 204.11.56.0 - 204.11.59.255
> >> CIDR: 204.11.56.0/22
> >> OriginAS: AS40034
> >> NetName: CONFLUENCE-NETWORKS--TX3
> >> NetHandle: NET-204-11-56-0-1
> >> Parent: NET-204-0-0-0-0
> >> NetType: Direct Allocation
> >> Comment: Hosted in Austin TX.
> >> Comment: Abuse :
> >> Comment: ab...@confluence-networks.com
> >> Comment: +1-917-386-6118
> >> RegDate: 2012-09-24
> >> Updated: 2012-09-24
> >> Ref: http://whois.arin.net/rest/net/NET-204-11-56-0-1
> >>
> >> OrgName: Confluence Networks Inc
> >> OrgId: CN
> >> Address: 3rd Floor, Omar Hodge Building, Wickhams
> >> Address: Cay I, P.O. Box 362
> >> City: Road Town
> >> StateProv: Tortola
> >> PostalCode: VG1110
> >> Country: VG
> >> RegDate: 2011-04-07
> >> Updated: 2011-07-05
> >> Ref: http://whois.arin.net/rest/org/CN
> >>
> >> OrgAbuseHandle: ABUSE3065-ARIN
> >> OrgAbuseName: Abuse Admin
> >> OrgAbusePhone: +1-917-386-6118
> >> OrgAbuseEmail: ab...@confluence-networks.com
> >> OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3065-ARIN
> >>
> >> OrgNOCHandle: NOCAD51-ARIN
> >> OrgNOCName: NOC Admin
> >> OrgNOCPhone: +1-415-462-7734
> >> OrgNOCEmail: n...@confluence-networks.com
> >> OrgNOCRef: http://whois.arin.net/rest/poc/NOCAD51-ARIN
> >>
> >> OrgTechHandle: TECHA29-ARIN
> >> OrgTechName: Tech Admin
> >> OrgTechPhone: +1-415-358-0858
> >> OrgTechEmail: ipad...@confluence-networks.com
> >> OrgTechRef: http://whois.arin.net/rest/poc/TECHA29-ARIN
> >>
> >>
> >> #
> >> # ARIN WHOIS data and services are subject to the Terms of Use
> >> # available at: https://www.arin.net/whois_tou.html
> >> #
> >>
> >> - ferg
> >>
> >>
> >>
> >> On Wed, Jun 19, 2013 at 10:30 PM, Grant Ridder  >
> >> wrote:
> >>
> >> > Yelp is evidently also affected
> >> >
> >> > On Wed, Jun 19, 2013 at 10:19 PM, John Levine  wrote:
> >> >
> >> >> >Reaching out to DNS operators around the globe. Linkedin.com has had
> >> some
> >> >> issues with DNS
> >> >> >and would like DNS operators to flush their DNS. If you see
> >> >> www.linkedin.com resolving NS to
> >> >> >ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS.
> >> >> >
> >> >> >Any other info please reach out to me off-list.
> >> >>
> >> >> While you're at it, www.usps.com, www.fidelity.com, and other well
> >> >> known sites have had DNS poisoning problems.  When I restarted my
> >> >> cache, they look OK.
> >> >>
> >> >>
> >> >>
> >>
> >>
> >>
> >> --
> >> "Fergie", a.k.a. Paul Ferguson
> >>  fergdawgster(at)gmail.com
> >>
> >>
>
>
>
> --
> "Fergie", a.k.a. Paul Ferguson
>  fergdawgster(at)gmail.com
>
>


-- 
Jamie Rishaw // .com.arpa@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Re: PRISM: NSA/FBI Internet data mining project

[jamie rishaw]

Just wait until we find out dark and lit private fiber is getting vampired.




-- 
Jamie Rishaw // .com.arpa@j <- reverse it. ish.
arpa / arpa labs

Cisco password implementation trubs: weakened strength?

[jamie rishaw]

warning: I'm tired and this email is terse.
warning: for huge nerds only.
disclaimer: although I've worked with actual rocket scientists(hi Roger),
I'm. not one myself..nor am I a crypto mathnerd

apparently, Cisco is changing its password schemas.

old: pbkdf2 by 1k, salted
vs
New: (type 4) unsalted sha256
..
discuss.?

there is a cert and Cisco sa on this.. but I'm wondering if anyone has any
opinions, yea or nay.?

-j.

OT: Hurricane retweet-2-smtp.

[jamie rishaw]

Here would be a prime guess.. obviously anyone that can help, karma=good..

-jamie

///

from @virtadpt --

> Need sources for Proxim point-to-point microwave hardware. Needed for
uplink from mesh to global Net. PLS RT #sandy #nyc  #projectbyzantium

Roy Bates, "Prince Roy" of Sealand, dies at 90.

[jamie rishaw]

+++
ATH0

http://goo.gl/EdN3C  [SealandGov.org]
also,
http://www.guardian.co.uk/uk/2012/oct/10/prince-sealand-dies

-j
--
"sharp, dry wit and brash in his dealings with contestants." - Forbes
/* - teh jamie. ; uri -> http://about.me/jgr */

California Voter?  Vote YES on Prop 34.   http://YesOn34.org/

Re: Wired access to SMS?

[jamie rishaw]

On Tue, Oct 9, 2012 at 7:15 PM, Aaron Toponce 
wrote:
>
> Instead, purchase a cellular USB modem with a standard plan. All 4 major
> carriers provide APIs to interact with the modems, and you get everything
> you need*. They aren't cheap (something in the neighborhood of $30/month),
*
> but they work, they are reliable, and you have a committed telecom corp
> dedicated to keeping uptime high, and the API up-to-date.
>

.. Just my $0.03,

If his need is mission critical, and $30/mo breaks the bank .. I'd
respectfully submit that there wasn't much of a mission.. :-p

I do agree, tho, that an external / serial / aybe-usb gsm device is
the route to pursue.

I also '+1' / 'bump' the earlier suggestion that the OP (bill) look
into Twilio.  Their level of support/interaction/help/you-name-it sets
standards I wish everyone lived by, and Twilio ease of use & reliability is
second to none, or, at the least, one of a very few.


-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

Re: Wired access to SMS?

[jamie rishaw]

On Tue, Oct 9, 2012 at 7:15 PM, Aaron Toponce

@ gmail.com > wrote:
>
> Instead, purchase a cellular USB modem with a standard plan. All 4 major
> carriers provide APIs to interact with the modems, and you get everything
> you need*. They aren't cheap (something in the neighborhood of $30/month),
*
> but they work, they are reliable, and you have a committed telecom corp
> dedicated to keeping uptime high, and the API up-to-date.
>

.. Just my $0.03,

If his need is mission critical, and $30/mo breaks the bank .. I'd
respectfully submit that there wasn't much of a mission.. :-p

I do agree, tho, that an external / serial / aybe-usb gsm device is
the route to pursue.

I also '+1' / 'bump' the earlier suggestion that the OP (bill) look
into Twilio.  Their level of support/interaction/help/you-name-it sets
standards I wish everyone lived by, and Twilio ease of use & reliability is
second to none, or, at the least, one of a very few.

-j.
-- 
jamie rishaw // .com.arpa@j <- reverse it. ish.

BGPttH. Neustar can do it, why can't we?

[jamie rishaw]

discuss.

Re: FYI Netflix is down

[jamie rishaw]

you know what's happening even more?

..Amazon not learning their lesson.

they just had an outage quite similar.. they "performed a full audit" on
electrical systems worldwide, according to the rfo/post mortem.

looks like they need to perform a "full and we mean it" audit, and like
I've been doing/participating in at dot coms for a decade plus: Actually Do
Regular Load tests..

Related/equally to blame: companies that rely heavily on one aws zone, or
arguably "one cloud" (period), are asking for it.

Please stop these crappy practices, people.  Do real world DR testing.
 Play "What If This City Dropped Off The Map" games, because tonight, parts
of VA infact did.

Down: Instagram, Pinterest, Netflix, Heroku, Woot. Pocket(Read It Later),
and on and on.  A bunch of openID sites.  A bunch of DNS sites (think
zoneedit et al).  Infact, probably nearly a /12 if not more of space..

Blame lies both with AWS (again) and with these services providers.

They all should know better.


-j
On Jun 29, 2012 11:22 PM, "Justin M. Streiner" 
wrote:

> On Fri, 29 Jun 2012, Mike Lyon wrote:
>
>  Whatever happened to UPSs and generators?
>>
>
> They can and do fail.  See list archives for numerous reports and examples
> :)
>
> Generators are capable of not starting.
> ATSs can get into a situation where they don't transfer loads properly, or
> they can't start the generator(s)
> UPSs can fail, drain out, or be left in bypass.
> Breakers can trip and need a manual reset
> etc...
>
> jms
>
>  On Fri, Jun 29, 2012 at 8:45 PM, Jason Baugher > >wrote:
>>
>>  Nature is such a PITA.
>>>
>>>
>>> On 6/29/2012 10:42 PM, James Laszko wrote:
>>>
>>>  To further expand:

 8:21 PM PDT We are investigating connectivity issues for a number of
 instances in the US-EAST-1 Region.

  8:31 PM PDT We are investigating elevated errors rates for APIs in the
 US-EAST-1 (Northern Virginia) region, as well as connectivity issues to
 instances in a single availability zone.

  8:40 PM PDT We can confirm that a large number of instances in a single
 Availability Zone have lost power due to electrical storms in the area.
 We
 are actively working to restore power.

 -Original Message-
 From: Grant Ridder [mailto:shortdudey123@gmail.com<
 shortdudey...@gmail.com>
 ]
 Sent: Friday, June 29, 2012 8:42 PM
 To: Jason Baugher
 Cc: nanog@nanog.org
 Subject: Re: FYI Netflix is down

  From Amazon
>

 Amazon Elastic Compute Cloud (N. Virginia)  (
 http://status.aws.amazon.com/ )
 8:21 PM PDT We are investigating connectivity issues for a number of
 instances in the US-EAST-1 Region.
 8:31 PM PDT We are investigating elevated errors rates for APIs in the
 US-EAST-1 (Northern Virginia) region, as well as connectivity issues to
 instances in a single availability zone.

 -Grant

 On Fri, Jun 29, 2012 at 10:40 PM, Jason Baugher >>>
> wrote:
>

  Seeing some reports of Pinterest and Instagram down as well. Amazon

> cloud services being implicated.
>
>
> On 6/29/2012 10:22 PM, Joe Blanchard wrote:
>
>  Seems that they are unreachable at the moment. Called and theres a
>
>> recorded message stating they are aware of an issue, no details.
>>
>> -Joe
>>
>>
>>
>>
>>
>
>

>>>
>>>
>>>
>>
>> --
>> Mike Lyon
>> 408-621-4826
>> mike.l...@gmail.com
>>
>> http://www.linkedin.com/in/**mlyon 
>>
>>
>

charter communications

[jamie rishaw]

wow, the sh*t is really hitting the fan over there..

/this/ has got to be a record - I've never seen this before.. yikes.

-snip-
20115
  Origin IGP, localpref 100, external, atomic-aggregate
...
  Dampinfo: penalty 10766, flapped 99 times in 03:14:17, reuse in
00:03:03
...
  (suppressed due to dampening) (history entry)
-/snip-

99 flaps, 10K penalty.. eh.

looks to be nationwide.. or multistate at the least. (Noc only confirms 'a
few areas').
anyone w/411 on this? offlist replies well be kept off list..

-j

Re: Comcast Paid Peer Pricing

[jamie rishaw]

..I was waiting for Ren to shut this thread Down. :)

Nabil: reply to Ren directly, off list. You'll be in good hands.

j
On Jun 3, 2012 10:44 AM, "Ren Provo"  wrote:

> What is your ASN Nabil so I can find out what you submitted for a
> request, including scope and term. -ren
>
> On Sat, Jun 2, 2012 at 5:08 PM, Nabil Sharma 
> wrote:
> >
> > Dear NANOG:
> > I seek pricing on Comcast AS7922 paid peer at following commit level:
> > 1G
> > 10G
> > 100G
> > Please reply in private and I will sum up on list.
> > Sincerely,
> > Nabil
> >
>
>

Re: limestone networks abuse department

[jamie rishaw]

Go top down.

Gary Kendall - CEO
Logan Vig - CTO
(All names should be considered "in quotes" as, well, do these people
exist?)

Their 'Interim Designation' (copyright) person of record:

Anthony Winters (7/1/2011)
Same tel, fax 242-3600.

Tho, from previous experience both here and irl, lstn peeps dont seem too
responsive.  Given their last address is a UPS store, well, good luck.

If you -really- want to rattle some cages:
http://www.databank.com/company/leadership.html appear to be bldg owners at
their current(?) addr (dctr bldg), and, well, .. should get you somewhere.

-j



On Sat, Jun 2, 2012 at 7:14 AM, Bryan King  wrote:

> ...Or lack thereof...
>
> Anyone on list from Limestone that can respond to continued abuse
> complaints please contact me off list.
>
>
> bryan king| Internet Department Director
> InLine> Solutions Through Technology
> 600 Lakeshore Pkwy
> Birmingham AL, 35209
> 205-278-8139 [p]
> 205-314-7729 [f]
> bk...@inline.com
> www.InLine.com
>
> All Quotes from InLine are only valid for 30 days. This message and any
> attached files may contain confidential information and are intended solely
> for the message recipient. If you are not the message recipient you are
> notified that disclosing, copying, distributing or taking any action in
> reliance on the contents of this information is strictly prohibited. E-mail
> transmission cannot be guaranteed to be secure or error-free as information
> could be intercepted, corrupted, lost, destroyed, arrive late or
> incomplete, or contain viruses. The sender therefore does not accept
> liability for any errors or omissions in the contents of this message,
> which arise as a result of e-mail transmission. If verification is required
> please request a hard-copy version.
>
>
>


-- 
Jamie Rishaw // .com.arpa@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Charter regional(nationwide?) flapping/multi outages

[jamie rishaw]

[ This email takes place and context between 0817 GMT and 0910 GMT ]

Charter is/was/has been/may still be hit by regional to national outages,
starting ~ 0817 GMT

Not only is my home ofc (100mb, quad doc3/rg6, hangs off chi) down (dying
well within the network and not at cpe-adjacent gear), Charter NOC and
Eng's cant even get to their ticketing and status/testing systems. They're
dead in the water. (Voice service aside)

... :

Three thoughts come to mind.

1) Tech says Charter (according to internal talk) has no v6 deploy plans
until 2013.  Someone stop me from pulling out my hair on this -- Does 3q
'13 align with others' plans for v6 deployment ?

2) Eating your own dogfood is awesome, but where is a backup plan?  My
traces out during the ~30 mins on the horn had me routing thru Chi, Cle,
and MO, dying at border/cores every time. Tethering my laptop to my
android, I saw similarly-stopping routes inbound.  (BGPlay disagrees, but
thats another issue).
Does it not behoove call centers and NOCs to have local access to
replicated ticket and status dbs, failing over to alt carriers during
severe outages (or any outage that takes down primary support)?

3) The first line tech suggested "it's DNS" (yet I run two of my own
nameservers @ home, and roll neustar for global) -- Are we (senior types)
just trying to get nocs off the phone with whatever answer, even if it
involves lies that (we're naive to think) there /aren't/ those without clue
that will challenge this, from premise to organization,
sometimes *(cough)*. bringing these issues to a national stage?


Thoughts, comments, insults, jokes, bring it.  Anonymization assured should
you want to go OTR and have me repost.

Superbowl traffic.

[jamie rishaw]

(yeah, i used a (C) term , so sue me)

akam reporting ~17M hits/sec..
anyone seeing clearly identifiable traffic spikes (presumably due to sb)?

reply offlist if you want to submit data but don't want to be outed as
divulging corp info, but graphs and/or raw datars would be awesome
sauce. data will be aggregated/anonymized unless requested otherwise.

               ^^ yes, you can configure your router for awesomesauce.
 so HDICMRFT flak will be nulled.  :-p

-j
-- 
"sharp, dry wit; brash in his dealings" - Forbes

X-Ob-Zing: "it's very hard not to be condescending when you're
explaining..to an idiot." -BMaher
/* - teh jamie. ; uri -> http://about.me/jgr */

Re: .gov DNSSEC operational message

[jamie rishaw]

Clearly this will require 3 years of subcommittee conferences in order to prove.

.j

On Sun, Dec 26, 2010 at 11:23, Florian Weimer  wrote:
> * Jay Ashworth:
>
>> - Original Message -
>>> From: "Matt Larson" 
>>
>>> The new KSK will not be published in an authenticated manner outside
>>> DNS (e.g., on an SSL-protected web page). Rather, the intended
>>> mechanism for trusting the new KSK is via the signed root zone: DS
>>> records corresponding to the new KSK are already present in the root
>>> zone.
>>
>> That sounds like a policy decision... and I'm not sure I think it sounds
>> like a *good* policy decision, but since no reasons were provided, it's
>> difficult to tell.
>
> I don't know if it influenced the policy decision, but as it is
> currently specified, the protocol ensures that configuring an
> additional trust anchor never decreases availability when you've also
> got the root trust anchor configured, it can only increase it.  This
> means that there is little reason to configure such a trust anchor,
> especially in the present scenario.
>
>

Re: [ot/bronog] !summon ..!clue!charter/HSI

[jamie rishaw]

I was told :
> Charter is very decentralized.

This is for endpoints (currently) GMT-5 - Chicago IL and Madison WI.

Thanks again

-jamie

[ot/bronog] !summon ..!clue!charter/HSI

[jamie rishaw]

  Looking for clue within Charter HSI realm (or people that can give contact
/ forward issues) .. HSI seems to be taboo even within Charter (even $work's
Charter biz/fiber acct mgrs are without clue as to who to call) . .

  Off list help is appreciated .. Thanks in advance

-jamie

Soooo... (Was Re: Using twitter as an outage notification)

[jamie rishaw]

How do I configure my router for that?


Router(config)# no ML jibber-jabber
  ^
% Invalid input detected at 'twitter' marker.


-j
-- 
Jamie Rishaw // .com.a...@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

[OT] Micros~1 Sysinternals

[jamie rishaw]

  [Off Topic]   [Dont annoy the MLC by making this a thread]
  [MLC: *waves hand, jedi style* This post is okay.]

All,

   I dont know the politics behind it, but whenever things like this come
out, it usually means the viability is being questioned.

   MS has put out a survey w.r.t. Sysinternals, formerly
sysinternals.combut now part of the Microsoft collective.  If you use,
or have used,
Sysinternals tools [1]  (invaluable to those with clue trying to deal with
MS crap), you know its value.

   As SANS writes, "If you are a Sysinternals user please consider taking
five minutes to contribute to their future."  It took me about a minute and
a half.

   The link URL is below at #2, or *http://tinyurl.com/mvtd6d*

-jamie

[1]  http://technet.microsoft.com/en-us/sysinternals/default.aspx
[2]  SURVEY LINK : *http://tinyurl.com/mvtd6d* , aka
http://www.zoomerang.com/Survey/survey-intro.zgi?p=WEB229A879HFVU

-- 
Jamie Rishaw // .com.a...@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

White House net security paper

[jamie rishaw]

The White House just put out a release on net security[1] - at first glance
a mission/vision/values paper, the release page[2] also containing a short
video[3].

At first glance, this looks promising - anyone else get a chance to
read/review?  Comments?


-jamie



[1] http://www.whitehouse.gov/asset.aspx?AssetId=1732
[2] http://www.whitehouse.gov/CyberReview/  (other links here as well)
[3] http://www.whitehouse.gov/videos/2009/May/20090529_Cyber_Security.mp4

-- 
Jamie Rishaw // .com.a...@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Re: Local Peering and Transit - BGP multihoming

[jamie rishaw]

on issues like this :

[1] JFGI
  -> if fail :
[2] man smartnet
  -> if fail :
[3] go back to studying to get that A+ and consider perhaps a yob in redmond



On Fri, May 22, 2009 at 4:01 AM, Raymond Dijkxhoorn  wrote:

> Hi!
>
>  Yes, i can get sample of configuration via Google search.
>>>> but i am looking for best practices and from experience people.
>>>>
>>>
>  Then post your suggested config and ask for comments.
>>>
>>
>  ...on a suitable list, dedicated to Cisco gear..
>>
>
> Sorry, yes. :-) Plenty of Cisco lists there to answer 'questions' :-)
>
> Bye,
> Raymond.
>
>


-- 
Jamie Rishaw // .com.a...@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Re: how many BGP routers, how many ASes

[jamie rishaw]

Wow, wish *I* had a group of people willing to do my thesis paper research
for me ..

Re: Outside plant protection, fiber cuts, interwebz down oh noes!

[jamie rishaw]

On Thu, Apr 9, 2009 at 7:00 PM, Charles Wyble  wrote:

> I tried to be very careful to say that it appears to have been sabatoage,
> but that it's not confirmed.


T is offering a 6-figure bounty already for anyone with info.. I'd say it's
pretty safe to assume..


-jamie

On a lighter note..

[jamie rishaw]

It's amusing to see the media's (misdirected) focus on the event.

Expected : MULTIPLE COORDINATED FIBER CUTS TAKE OUT 911, PHONE, CELL,
INTERNET TO TENS OF THOUSANDS
Google News:  AT&T uses Twitter ...
(link)

*shakes head*

Re: Fiber cut in SF area

[jamie rishaw]

On Thu, Apr 9, 2009 at 5:52 PM, Ben Scott  wrote:

>
> #ifdef CONSPIRACY_THEORIST
>
>  What if this isn't simple vandalism?
>
> #endif
>

If my read is correct, this is multiple cuts in multiple locations.

To answer the what-if ("What if this isn't simple vandalism?") : It's not.

-jamie

Re: Oddly, this has been a complaint

[jamie rishaw]

whitehouse.org has had the same A record for quite some time, sharing the ip
with a bunch of other .. interesting .. sites.

It's been at 67.19.217.250 for years now.  If your info matches that,
there's no DNS issues to worry about.

-j

On Sun, Mar 29, 2009 at 10:43 PM, Joe Blanchard  wrote:

>
>
> Not that I care one way or another, but since I've gotten 20+ complaints.
>
> going to www.whitehouse.org yields something else. I know I know, perhaps
> old news.
>
> Should I just redirect or is our DNS corrupt?
>
> Darn it
>
> Thanks in advance
>
>
>


-- 
Jamie Rishaw // .com.a...@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Request for data : Earth Hour - traffic stats [28 March 2009 20:30-21:30 local]

[jamie rishaw]

Ninjas,

  I'm compiling some data re this year's "Earth Hour"[1] .

  For those not in the know, or those that dismissed it, "Earth Hour" is
something the World Wildlife Fund cooked up, suggesting that the world "turn
off" all non-essential electrical  devices, to demonstrate some
global-warming hypothesis.

  I'm looking for data - either compiled or raw - of activity between 8:30
(20:30) and 9:30 (21:30) "local" time.  Power usage (and comparisons against
previous weeks if available) and probably easier to push out - bandwidth
info (and, again, comparisons against previous 2030-2130-saturday-night
data).

  All data will be anonymized.  Sources, if you send from $work email, will
not be included in any summarizations.

  I think this will turn out to be some rather interesting info.  I'll post
findings to nanog, of course, or at least, appropriate urls and such.

  TIA,

-jamie
[1] http://en.wikipedia.org/wiki/Earth_Hour |
http://www.earthhour.org/about/
-- 
Jamie Rishaw // .com.a...@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Re: Akamai wierdness

[jamie rishaw]

On Tue, Mar 24, 2009 at 1:08 PM, JC Dill  wrote:

>
> The reply I received came from someone who works in the NOC, not from
> Patrick (who doesn't work in the NOC).
>
> It's really poor form to make these unfounded assertions without any basis
> for them.
> jc


[Akamai customer. Hi.]

Akamai customer support is cc...@.  It's in all the literature, and their
support site.  You're arguing a suboptimal answer.

Customers with issues should use Akamai Edgecontrol.  This is from the
horse's mouth[1].  They can also use, and anyone can use, the ccare@ box.
The ccare@ email address interfaces to Edgecontrol and tons of other Akamai
sorcery[2], which does a whole bunch of jedi nunchuckery[3], giving the ops
tech a lot more info out of the gate.

Anyone claiming noc@ : not the place for issues to go to, and Akamai will
tell you that.[4]

Moving on, nation :

What bugs me about this thread(thanks for asking!) is that someone posted to
the list, trying to troubleshoot a problem affecting multiple customers. He
tried (brace yourself) collaboration, and was met with a quasi shot across
the bow from someone At That Company.  If you want to judge (how do I
configure my router for that?),  I'd point to the key employee of said
vendor, who, instead of replying to the poster with a ticket number and
ownership, "posted to 10k strangers" a snarky comment that one shouldnt post
"to 10k strangers".  Orly.

Now, I have nothing against anyone in this situation - we all get testy..
arguably, I am now ;-)  Not looking to start a flame war.  E-mail who you
want.

Obligatory Win : Someone wrote in this thread earlier re emailing noc@ and
getting an email back in 17 minutes.  For what it's worth, I forwarded the
original two posts to *cc...@* (before the war) (with no other contact info,
specifically stating it was someone else's problem) and got a phone call in
less than five.

Whut whut?  If only /all/ vendors' systems were that good..

-j.



[1] www.akamai.com/html/support/
[2] www.akamai.com/html/technology/
[3] i believe that is the technical term they used, yes.
[4] +1 877 4 akatec.

-- 
Jamie Rishaw // .com.a...@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Re: REVERSE DNS Practices.

[jamie rishaw]

On Sat, Mar 21, 2009 at 8:00 AM,  wrote:


> the 20th or 21st century answer?

> if you really don't care about the actual node, then you should map
the
> numbers to topologically significant names - after all, the reverse
map
> follows topology, not some goofball - layer 9 - ego trip thing.


>>> For routing / backbone devices/interfaces/loopbacks, absolutely. <<<

There are security implications [sort of] with being verbose about
infrastructure naming, but obscurity in DNS never stopped a crawler from
walking the ipv4 space looking for vulnerabilities...

I'm going to guess tho that your question pertains to user ips.

>>> For end-user (dsl/dial/cable/eyeball) ips on a small or large scale,
simpler is better. <<<

There's no need to put "-slip" or 'ppp' or isdn or dial or poolXXX or city
names in an in-addr.
Nobody needs to know, nobody will probably care, and eventually, it'll
change somehow.

There is a quite elegant, database-friendly, probably-easy-to-generate/code
sans textfiles method - a  rather clever nomenclature for its insanely
ginormous [yes, thats the technical term] user ip pools.  AOL uses it in
their user pools.

* each octet is converted to a to byte hex value, and concatenated.
example: 172.137.220.58 = AC89DC3A.ipt.aol.com.
  o It's short, simple, and not geographically tying or revealing (your
noc should know where your dial blocks sit) ;) etc etc.
  o Being hex, It's also not language-specific ..
  o Win factor?  With a different SLD or subdomain (e.g. /ipt/.aol.com)
, queries can be offloaded to less critical nameservers

The problem eventually, as bill hints to, is that hostnames (esp. in-addr)
*will* change.  A certain phone co out here (cant tell you their name, but
their initials are sbc) is annoyingly famous for this.
Tens of thousands of in-addrs resolve to hostnames with locations in other
states, other time zones, because, pools get shuffled around.. and really,
nobody likes to sit and manage DNS all day.  Even noc monkies.

Using the hex method solves this.

>  or - the more modern approach is to let the node (w/ proper
authorization) do a secure dynamic update of the revserse map - so the
forward and reverse delegations match. ... a -VERY- useful technique.

Lots of administration in this one, too, tho..  keys, manual definitions ..
i suppose it could be automated, but you still have client configs,
interoperability issues, and worst case / improperly configured dns update
controls, namespace collisions.

A lot of this of course is about context.
What are the IPs purposed to?  Infrastructure? Users?
Everyone's mileage will vary, but, I've yet to come across any serious
issues with dotted quads to hex...

-jamie

On Sat, Mar 21, 2009 at 01:38:55PM +0300, br...@yoafrica.com wrote:
> Slighty related...
>
> Can people please post their recommended reverse dns naming
conventions for a small ISP with growth and scalability in mind.
> I already have one drawn up, but I would like to contrast and compare
:D
>
> Thanks
>
> On 21 Mar 2009 10:32:30 -, John Levine  wrote:
> >> I want to ask some folks out there that maintain reverse DNS
queries
> >>of their respective IP blocks. I want to know if there is a need for
> >>me to contact my upstream provider. I am in charge of 2 /24's under
> >>LACNIC. I've already registered my DNS servers on LACNIC. but for
some
> >>weird reason it's not owning reverse resolves. any tips would be
> >>gladly appreciated.
> >
> > The RIRs don't maintain rDNS for you.  You'll have to trace the
> > delegations downward from in-addr.arpa, find out who's handling your
> > /24's, and contact them to get them to delegate your chunks to you.
> >
> > R's,
> > John
>




-- 
Jamie Rishaw // .com.a...@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Re: Leap second tonight

[jamie rishaw]

On Tue, Mar 17, 2009 at 1:07 AM, Ask Bjørn Hansen wrote:

>
> On Dec 31, 2008, at 15:28, Kevin Oberman wrote:
>
>  We use CDMA clocks and last leap second it took weeks for all of the
>> cell sites to adjust the last one. As a result, I have set all of our
>> clocks for manual leap second and set them to adjust tonight at midnight
>> (UTC).I'll take a look in about 35 minutes and see how it worked.
>>
>
> Chiming in a little late here ...
>


Oh, quiet.  After all, what's 6.5 million seconds or so between friends?


-j
-- 
Jamie Rishaw // .com.a...@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Re: [ MDVSA-2009:054 ] nagios (fwd)

[jamie rishaw]

srsly?

I didnt find this OT, considering its scope.

Want to dictate policy? Join the MLC.

Till then, /dev/null

thx


On Wed, Feb 25, 2009 at 4:00 PM, Jack Bates  wrote:
pew pew

> Eric Gearhart wrote:
>
pew pew pew




-- 
Jamie Rishaw // .com.a...@j <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Re: NetSol / WorldNIC nameservers continue to be down, for a couple days.

[jamie rishaw]

On Fri, Jan 23, 2009 at 2:55 PM, David Ulevitch  wrote:

>
> Is there anyone here who can provide an update to the ISPs and SPs on this
> list? NetSol still (amazingly) manages to do DNS for a few hundred thousand
> domains...
>
> -David
>

I'm counting a whole lot more than that.

I see 1.9 _million_ domains in .com alone.

Altho, I just tested a random-ish sample of 1,000 of them and got sub-75msec
response times, so, the issues may be resolved.

In either case , sounds like they need to rock UltraDNS, eh? :p

-j

-- 
Jamie Rishaw // .com.a...@j <- reverse it. ish.

ip access-list e no-nanog-bs (Was Re: Public Assertions)

[jamie rishaw]

These guys need to get a room already.

It's clear that the two bills have forgotten that "No U r !!!1" arguments
happen on efnet; nanog@ is reserved strictly for "Are any engineers from
[insert_company_who_blacklisted_my_company_here] around?" pages.

All three of these boys are acting like drama queens[1] : dash-bill,
dash-dash-bill and macgyver too for taking a picture of a piece of snail
mail so you could post it on a nerdlist.

| Bill Woodcock / 5:52 PM
| On Tue, 25 Nov 2008, Dean Anderson wrote:
| > A photo of Bill Woodcock's refused letter is at [irrelevant]
|
| Oh my god...  What _is_ that sitting on?  Is your desk upholstered with
the hides of your victims?


Soo.. How do I configure my rooter for that?

gw(config)#ip drama enable
   ^
% Invalid input detected at '^' marker.

Computer says no...

-j






[1] professional history and credentials upon request



On Tue, Nov 25, 2008 at 7:18 PM, Jim Popovitch <[EMAIL PROTECTED]> wrote:

> On Tue, Nov 25, 2008 at 18:52, Bill Woodcock <[EMAIL PROTECTED]> wrote:
> >  On Tue, 25 Nov 2008, Dean Anderson wrote:
> >> A photo of Bill Woodcock's refused letter is at
> >> http://www.av8.net/BillWoodcock.jpg
>
> That's not a refused letter, that's a certified letter that hasn't yet
> been mailed.   When refused, the item is signed and stamped (in red
> ink) by the postal delivery agent.It would be very interesting to
> see the image of the other side of the envelope (where postage
> stamp/payment info would appear).
>
> That said... this whole thing has an air of childishness associated with
> it.
>
> -Jim P.
>
>


-- 
Jamie Rishaw // [EMAIL PROTECTED] <- reverse it. ish.
[Impressive C-level Title Here], arpa / arpa labs

Re: Verizon/UU.net/Alternet Routing issue

[jamie rishaw]

Confirmed here as well; Saw loss on DS3s between 424 and 440 EST.  BGP
survived but routing didnt ..

No RCA yet from VZN (on hold).


On Wed, Nov 12, 2008 at 3:47 PM, Peter Beckman <[EMAIL PROTECTED]> wrote:

> At about 4:24pm EDT, I lost connectivity from Verizon to destinations in
> New York, Seattle and others.  Came back up (4:46pm) while composing this
> email.  Anyone else notice?  Major problem or minor routing issue?
>
>   Packets   Pings
>  HostLoss%   Snt   Last   Avg  Best  Wrst StDev
>  1. localrouter  67.6%   3950.6   1.6   0.5  18.8   2.3
>  2. 10.1.41.150.0%   3955.7   5.1   1.8 306.0
>  17.4
>  3. P4-2.LCR-02.WASHDC.verizon-g  0.0%   3957.4   2.7   1.2  19.0   2.5
>  4. 130.81.29.218 0.0%   3956.0   3.8   1.8  40.9
> 4.2
>  5. 152.63.39.177 0.0%   3958.6   6.8   3.9  71.3
> 4.4
>152.63.36.213
>  6. 152.63.69.11371.6%   395  120.7  44.0  31.2 186.7
>  30.3
>  7. POS7-0-0.GW4.IND6.ALTER.NET  30.7%   395  1179. 133.3 121.3 1179.
>  79.5
>  8. 152.63.67.25093.9%   395  121.5 125.4 121.0 186.2
>  13.0
>  9. POS6-0-0.GW4.IND6.ALTER.NET  53.0%   395  318.9 217.7 206.8 722.0
>  43.3
> 10. 152.63.67.25096.2%   395  211.1 211.1 209.0 215.7
> 1.8
> 11. POS6-0-0.GW4.IND6.ALTER.NET  67.0%   395  422.1 305.9 294.9 692.1
>  37.5
> 12. 152.63.67.25097.5%   394  295.1 298.0 295.1 303.6
> 2.5
> 13. POS6-0-0.GW4.IND6.ALTER.NET  73.5%   394  523.9 391.5 382.1 523.9
>  17.7
> 14. 152.63.67.25098.7%   392  388.5 386.6 381.9 389.5
> 3.1
> 15. POS6-0-0.GW4.IND6.ALTER.NET  82.6%   392  632.9 481.2 468.6 632.9
>  22.2
> 16. 152.63.67.25099.2%   388  472.7 472.2 470.2 473.6
> 1.8
> 17. POS6-0-0.GW4.IND6.ALTER.NET  85.8%   388  737.0 573.3 559.4 737.0
>  27.8
> 18. 152.63.67.25099.2%   387  560.5 562.0 560.5 565.1
> 2.7
> 19. POS6-0-0.GW4.IND6.ALTER.NET  89.6%   387  839.0 664.8 644.9 839.0
>  38.6
> 20. 152.63.67.25099.2%   387  649.3 649.6 649.3 649.9
> 0.3
> 21. POS6-0-0.GW4.IND6.ALTER.NET  94.8%   383  946.4 763.8 734.6 946.4
>  48.5
> 22. 152.63.67.25099.7%   376  735.5 735.5 735.5 735.5
> 0.0
> 23. POS6-0-0.GW4.IND6.ALTER.NET  92.5%   376  895.4 842.2 819.1 909.0
>  26.8
> 24. ???
> 25. POS6-0-0.GW4.IND6.ALTER.NET  96.7%   365  1153. 955.9 908.9 1153.
>  78.7
> 26. ???
> 27. POS6-0-0.GW4.IND6.ALTER.NET  96.6%   328  1261. 1057. 998.8 1261.
>  86.8
> 28. 152.63.67.25099.6%   245  999.3 999.3 999.3 999.3
> 0.0
> 29. POS6-0-0.GW4.IND6.ALTER.NET  98.8%   245  1189. 1123. 1086. 1189.
>  57.5
> 30. ???
>
> Beckman
> ---
> Peter Beckman  Internet Guy
> [EMAIL PROTECTED]
> http://www.angryox.com/
> ---
>
>


-- 
..!google!arpa.com!j

as 7018 leaks?

[jamie rishaw]

Anyone noticing issues with as 7018?

Seems to be leaking a lot of random stuff.

Including every prefix of mine, tho that may be partially coincidental as
they're one of my transits..

Check out dampened paths for 7018.  A few views outside of jamies-world seem
to confirm this..

-jamie

[NANOG] auth00/auth100.ns.uu.net down ?

[jamie rishaw]

Anyone seeing the same?

VZN engineer : pls contact off list, sev-0

; <<>> DiG 9.3.3 <<>> cunamutual.com ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 32159
___
NANOG mailing list
NANOG@nanog.org
http://mailman.nanog.org/mailman/listinfo/nanog