RE: Is there a alternative way of doing kvm-over-IP
I'd second the notion on the PC Weasel. I know the guy who designed them (hpeyerl), and they were designed from the start to be indistinguishable to the OS from textmode VGA cards and PS2 keyboards. The redraw algorithm is smart, along the lines of screen -- some serial BIOS support I've seen is far too full-screen-redraw happy (coughDellchoke). Thirded, Herb did a stunning job on these.
Re: You're all over thinking this (was: Re: Vonage Selects TCS For VoIP E911 Service)
Brad Knowles [EMAIL PROTECTED] wrote: [...] I understand that the carriers have gotten together and made sure that the various 911/112/999 emergency services numbers work world-wide, so that if you're an American in Europe, you can still call 911 and have that work as expected. Given that there are UK telephone numbers starting 911, this seems rather unlikely. By way of example, and to bring VoIP back into the discussion, Bristol (0117) 911 numbers all belong to Magrathea who appear to be the main VoIP-to-PSTN wholesaler for the UK. AFAIAA, Magrathea don't offer access to 112/999, but this is no great loss given that mobile phones are cheap, ubiqitous, and work pretty much everywhere in the UK. Even hermits have them :) -- PGP key ID E85DC776 - finger [EMAIL PROTECTED] for full key Please contribute to the beer fund and a tidier house: http://search.ebay.co.uk/_W0QQfgtpZ1QQfrppZ25QQsassZpndc
Re: You're all over thinking this (was: Re: Vonage Selects TCS For VoIP E911 Service)
On Thu, 21 Jul 2005 10:20:07 + (UTC) [EMAIL PROTECTED] (Peter Corlett) wrote: Given that there are UK telephone numbers starting 911 When I worked with Oftel on the design of the new UK numbering schemes, one of my strongest recommendations was for certain prefixes, including 911, to be ringfenced from all local numbering schemes - for exactly the reasons that you are now pointing to. Sadly Oftel were never known for their ability to understand reasoned argument within the technical arena ... A current, and related, problem is the introduction of emergency SMS messaging from cellphones ... a very necessary feature for deaf people to use, where they cannot access a text/relay service (eg when they are in a foreign country) Of course, the design of GSM predicates that such messages will go to the message center in their home country, and as things stand would be routed from there to the home country emergency services, regardless of where in the world the user actually is! -- Richard
Re: You're all over thinking this
Peter Corlett wrote: Brad Knowles [EMAIL PROTECTED] wrote: [...] I understand that the carriers have gotten together and made sure that the various 911/112/999 emergency services numbers work world-wide, so that if you're an American in Europe, you can still call 911 and have that work as expected. Given that there are UK telephone numbers starting 911, this seems rather unlikely. By way of example, and to bring VoIP back into the discussion, Bristol (0117) 911 numbers all belong to Magrathea who appear to be the main VoIP-to-PSTN wholesaler for the UK. AFAIAA, Magrathea don't offer access to 112/999, but this is no great loss given that mobile phones are cheap, ubiqitous, and work pretty much everywhere in the UK. Even hermits have them :) Given the recent London experience should mobiles be used as a backup to proper land lines..?? -- Martin Hepworth Senior Systems Administrator Solid State Logic Ltd tel: +44 (0)1865 842300 ** This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received this email in error please notify the system manager. This footnote confirms that this email message has been swept for the presence of computer viruses and is believed to be clean. **
Re: You're all over thinking this (was: Re: Vonage Selects TCS For VoIP E911 Service)
On 20 Jul 2005, at 21:46, Brad Knowles wrote: In the case of regular cell phones, if you are roaming on a network in a foreign country, or you have rented a local phone, I understand that the carriers have gotten together and made sure that the various 911/112/999 emergency services numbers work world-wide, so that if you're an American in Europe, you can still call 911 and have that work as expected. Cite? (This isn't my experience at all, although obviously it's possible that the very few occasions I've had to test this have just been localised inability to implement the arrangement you describe.) (Emergency services are obtained by dialling 111 in New Zealand, for the record, just to make your list a little more complete. The physical act of dialling 111 in New Zealand on a rotary phone was the same as dialling 999 in England, however, since the dials in each country were numbered in opposite directions; a New Zealand 1 and an English 9 were both sent as nine pulses.) (Not that any of this has much to do with network operations.) Joe
More bombings in London....
http://www.msnbc.msn.com/id/8655541/ - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: You're all over thinking this
On 07/21/2005 09:32 AM, Joe Abley allegedly wrote: On 20 Jul 2005, at 21:46, Brad Knowles wrote: In the case of regular cell phones, if you are roaming on a network in a foreign country, or you have rented a local phone, I understand that the carriers have gotten together and made sure that the various 911/112/999 emergency services numbers work world-wide, so that if you're an American in Europe, you can still call 911 and have that work as expected. Cite? (This isn't my experience at all ... My experience is that the mobile network operators (in Europe and the USA (GSM) anyway) are lumping all of these together, so that no matter which you dial, you get the emergency service they connect you to. They added to the list of special numbers, with a many-to-one mapping of number to service.
Re: More bombings in London....
More detail here: http://news.bbc.co.uk/1/hi/uk/4703777.stm - Original Message - From: Fergie (Paul Ferguson) [EMAIL PROTECTED] Date: Thursday, July 21, 2005 9:57 am Subject: More bombings in London http://www.msnbc.msn.com/id/8655541/ - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: You're all over thinking this
Scott W Brim [EMAIL PROTECTED] writes: On 07/21/2005 09:32 AM, Joe Abley allegedly wrote: On 20 Jul 2005, at 21:46, Brad Knowles wrote: In the case of regular cell phones, if you are roaming on a network in a foreign country, or you have rented a local phone, I understand that the carriers have gotten together and made sure that the various 911/112/999 emergency services numbers work world-wide, so that if you're an American in Europe, you can still call 911 and have that work as expected. Cite? (This isn't my experience at all ... My experience is that the mobile network operators (in Europe and the USA (GSM) anyway) are lumping all of these together, so that no matter which you dial, you get the emergency service they connect you to. They added to the list of special numbers, with a many-to-one mapping of number to service. The 112 emergency number is required by the GSM spec to work at all times, no matter what. This includes e.g. dialling with keypad lock enabled or without a valid sim card. Some phone manufacturers and/or operators have extended this to include 911 and other commonly used emergency numbers, but I don't think those are part of the spec. The requirement was probably included to satisfy european regulatory authorities who actively participated in the standardisation work in ETSI at the time. Bjørn
Re: You're all over thinking this
Martin Hepworth [EMAIL PROTECTED] wrote: Peter Corlett wrote: [...] AFAIAA, Magrathea don't offer access to 112/999, but this is no great loss given that mobile phones are cheap, ubiqitous, and work pretty much everywhere in the UK. Even hermits have them :) Given the recent London experience should mobiles be used as a backup to proper land lines..?? 112/999 takes priority over regular calls. There doesn't seem to be any evidence that calls to 999 from mobiles were any more prone to failure than those from landlines. -- Fashion is what you adopt when you don't know who you are. - Quentin Crisp
London: Mobile networks bear blast calls
Via the BBC. http://news.bbc.co.uk/1/hi/technology/4704359.stm [snip] Mobile phone networks are bearing the weight of calls once more as news of four blasts across London spreads. Vodafone, the largest network, told the BBC News website that it had seen significantly higher call volumes than usual following the incidents. A spokesperson said Vodafone was advising people in London to avoid making unnecessary calls, and to send text messages instead. Police has called for anyone with mobile images or video to e-mail them. They have asked that anyone with images relevant to the incident should send them through the www.police.uk website, or send the photos via MMS (Multimedia Messaging Service) to 07734 282 288. While some networks are noticing the increase in call traffic others, such as T-Mobile, told the BBC News website that it was still business as usual. A spokesperson said that it was experiencing none of the congestion that it had faced two weeks ago. [snip] - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
Re: compromized host list available
On Wed, Jul 20, 2005 at 04:32:09PM -0700, Rick Wesson wrote: Folks, I've developed a tool to pull together a bunch of information from DNSRBLs and mix it with a BGP feed, the result is that upon request I can generate a report of all the compromised hosts on your network as seen by various DNSRBLs. reports are available daily in pdf, text, csv, and excel. they are all a bit chunky but should be helpful. contact me off list, if you would like to get a daily report for your ASN. You will be required to prove you are associated with and responsible for the ASN you want a report for. The report are free so this isn't a commercial =) honestly I hope the stuff helps. -rick Unless you have personally verified each entry, you would do well to add a disclaimer that DNSRBLs are not 100% reliable, eh? -- Joe Yao --- This message is not an official statement of OSIS Center policies.
Re: You're all over thinking this
On Thu, 21 Jul 2005 15:21:36 + (UTC) [EMAIL PROTECTED] (Peter Corlett) wrote: 112/999 takes priority over regular calls. There doesn't seem to be any evidence that calls to 999 from mobiles were any more prone to failure than those from landlines. 112 takes priority at all levels. 999 will get priority once the call reaches a basestation, but won't override congestion in the radio path. -- Richard
Re: You're all over thinking this
Even for fixed, US, residential VoIP, there's another problem: service availability. With cell phones, people expect dropped calls and sketchy service, and understand misrouted calls to local operators/emergency services. It's part of the deal. But a land line? If I pick up an analog phone anywhere, I expect a dial tone, and local calling. If I don't have access to emergency services after a blackout/natural disaster that knocks cell towers down (think hurricane season in Florida last year) then you'd never get me to drop my local carrier. I Am Not a Telco Engineer, BUT: What if part of your monthly VoIP service included a stripped down, leased PSTN line from the carrier? Say, another 2 bucks a month. What's the opex of a single residential phone line? How much does it cost to have a live copper pair, and how much does it cost to connect said copper to the PSTN? Could local telcos offer nothing but emergency local dialing? Say, 911, hospitals, sheriff's office? Or maybe just local dialing, with a by the minute rate to discourage use? Since most residential customers use their ATA's to mimic a single analog line for the whole house anyways, why not add an FXO port to the ATA? Set the ATA to fail over to the analog line if it loses power. Customers get *real* 911 service, and telcos won't be stuck with miles of worthless, buried line. This solves the babysitter problem, too: people who don't care how your VoIP setup works; they just expect 911 to do what it's supposed to. Austin Steve Gibbard wrote: I don't know all that much about commercial VOIP service or GPS, but it seems to me I've just read lots and lots of messages citing weird cases where locating a VOIP phone won't work well as evidence that the whole idea is a failure, while none of those cases appear to have much to do with the problem that people have been trying to solve. The end result of this is that a bunch of people who have loudly written the problem off as impossible then start loudly complaining that those working on the problem didn't ask them how to do it. The basic problem, if I understand correctly, is this: For the last several years, anybody picking up phone installed in a reasonably standard way and calling 911 could expect that if weren't able to explain where they were, the police would show up anyway. It was hard to see this as espionage or as a civil liberties violation -- the wire goes where the wire goes. Now we've got competition among providers of wire line residential phone service, and the competitors are mostly VOIP companies who provide their service over the users' cable modems. Since this service is being marketed as equivalent to regular home phone service, and used that way by lots of its customers, it seems reasonable to expect that calling 911 from it would work the same way. There's a minor problem -- the VOIP carrier often doesn't provide the wire, and thus doesn't know where the wire goes -- but that seems easy enough to get around. The simplest way to do it would be to ask two questions when the service gets installed: Is it going to be used in a fixed location, and if so, where? Asking the same questions again whenever the billing address changes should keep this reasonably up to date. There are, of course, other ways to do this, which might also work. Whether GPS in the ATA box will work has already been discussed to death here. Requiring the cable or DSL providers to map IP addresses to installed locations would presumably also work, although with many more layers of complexity to go through to have useful information accompany a phone call. Anyhow, I'm sure if we leave those questions to those who have to implement it, they'll figure out something that doesn't require too much completely extraneous work on their parts. There are, of course, VOIP installations where this won't work. I use a VOIP soft phone through a gateway in San Francisco to call the US from countries where using my US cell phone is expensive, and there are plenty of other people who use VOIP phones in much the same way. Owen maybe isn't quite unique in his bizarre scenario of trying to hide his location by using his wi-fi phone via repeaters from two counties away from the base station. But these scenarios aren't at all relevant to the problem at hand. If I need urgent help in a hotel room in a foreign country, I'll grab the hotel phone and call somebody local rather than trying to patch a call through to the US via my computer. And if Owen were to die because he deliberately hid his location when calling 911 and the ambulance couldn't find him, it would be hard to argue that it would be anybody's fault but Owen's. At some point it makes sense to solve the problems you can solve, rather than inventing new ones. Yes, this ignores the cell phone issue, which seems rather different because they're almost always portable. It's already
Re: compromized host list available
On 7/21/05, Joseph S D Yao [EMAIL PROTECTED] wrote: On Wed, Jul 20, 2005 at 04:32:09PM -0700, Rick Wesson wrote: Folks, I've developed a tool to pull together a bunch of information from DNSRBLs and mix it with a BGP feed, the result is that upon request I can generate a report of all the compromised hosts on your network as seen by various DNSRBLs. ... Unless you have personally verified each entry, you would do well to add a disclaimer that DNSRBLs are not 100% reliable, eh? Well there is that, but that should be implicit in pretty much every report you get that $this or $that host is compromised. This is just a convenient offering to say someone out there thinks one of your machines is holed. You might want to check that out. I'm good friends with some fully-automated blackholing mechanisms, and even I'm not crazy enough to just blackhole my own machines on someone else's say-so. CK -- GDB has a 'break' feature; why doesn't it have 'fix' too?
Re: compromized host list available
On 21 Jul 2005, at 12:02, Joseph S D Yao wrote: Unless you have personally verified each entry, you would do well to add a disclaimer that DNSRBLs are not 100% reliable, eh? Unless I'm mistaken (and my first report hasn't arrived yet, so maybe I am) this is more of a heads up! the following addresses within your network are listed on DNSBLs than anything else. I can't see why you'd add a disclaimer to a report like that. Joe
Re: compromized host list available
On Thu, Jul 21, 2005 at 12:31:13PM -0400, Joe Abley wrote: ... Unless I'm mistaken (and my first report hasn't arrived yet, so maybe I am) this is more of a heads up! the following addresses within your network are listed on DNSBLs than anything else. I can't see why you'd add a disclaimer to a report like that. ... The announcement didn't state the intended use - which, given the ingenuity of some, is most reasonable. But there are those who will believe whatever they read, as long as it's in a report, and especially if the report is automatically generated. Must be true, then, eh? A report, eh? And done by one of them infallible computer dinguses, eh? ;-) [in case anyone needed it] -- Joe Yao --- This message is not an official statement of OSIS Center policies.
Re: compromized host list available
On Jul 21, 2005, at 12:35 PM, Joseph S D Yao wrote: On Thu, Jul 21, 2005 at 12:31:13PM -0400, Joe Abley wrote: ... Unless I'm mistaken (and my first report hasn't arrived yet, so maybe I am) this is more of a heads up! the following addresses within your network are listed on DNSBLs than anything else. I can't see why you'd add a disclaimer to a report like that. ... The announcement didn't state the intended use - which, given the ingenuity of some, is most reasonable. But there are those who will believe whatever they read, as long as it's in a report, and especially if the report is automatically generated. Must be true, then, eh? A report, eh? And done by one of them infallible computer dinguses, eh? I don't see why the reliability/reputation of a dnsbl changes the trueness of this host is listed in this dnsbl. That is, I agree with Joe :)
Re: compromized host list available
--- Joseph S D Yao [EMAIL PROTECTED] wrote: Unless you have personally verified each entry, you would do well to add a disclaimer that DNSRBLs are not 100% reliable, eh? And what on the net is? :) Iâm all for people dealing with âbadly managedâ boxes at various levels. While some data may be stale/wrong, and DNSRBL isnât the perfect mechanism to distribute this information, it works well enough. The internet was built on the (well proven) theory that things are unreliable, and we should do things that we think will help get more uptime, upses, back up gen sets, HSRP, alt-paths, alt-routes, back up data centers, etc. All of witch have at least one gotya. If you do not understand the limits if the tools That you are using, you might be a windows admin (if fsck ây describes how you deal with relationship issues you might be a unix admin :) , or you just canât be bothered. More tools and information are a good thing, but how/where you chose to use a sawzall is up to you. http://www.milwaukeetool.com/us/en/news.nsf/vwFeaturedProducts/4CBA61C6E299F75D86256FEB0072211D?OpenDocument The packets that you allow across YOUR slice of the net are also up to you. I believe that this tool is best used as an outsiders view into your space to see what is going on _inside your network_ , based on the behavior observed by others. (hay rick, can you do a tool like this to help us (well me) with social skills?) If youâre the kind of person who complies when some one says go BLEEP yourself perhaps the internet is not a place for you, And perhaps blindly following the info that any tool gives out is not the best thing for you or your network. Use your brain, not just the tool. Missing the days of John Postel http://www.usc.edu/webcast/events/postel/ http://www.isoc.org/postel/ -charles http://www.catb.org/~esr/faqs/smart-questions.html
Re: compromized host list available
On Thu, Jul 21, 2005 at 12:48:27PM -0400, John Payne wrote: ... I don't see why the reliability/reputation of a dnsbl changes the trueness of this host is listed in this dnsbl. That is, of course, all that the report says [per the announcement]. But who knows how it might be interpreted, especially by PHBs? ;-] That is, I agree with Joe :) O K . -- Joe Yao --- This message is not an official statement of OSIS Center policies.
Re: compromized host list available
On Thu, Jul 21, 2005 at 10:10:27AM -0700, Charles Cala wrote: ... More tools and information are a good thing, but how/where you chose to use a sawzall is up to you. http://www.milwaukeetool.com/us/en/news.nsf/vwFeaturedProducts/4CBA61C6E299F75D86256FEB0072211D?OpenDocument Yes, but I usually make sure that the safety attachments on my sawzall and other saws are well fastened on, and the saws fastened down in the correct compartment of my ladder truck. ;-) ... If you???re the kind of person who complies when some one says go BLEEP yourself perhaps the internet is not a place for you, And perhaps blindly following the info that any tool gives out is not the best thing for you or your network. Use your brain, not just the tool. ... There's more than just knowledgeable folks out there, these days! Missing the days of John Postel Aren't we all. -- Joe Yao --- This message is not an official statement of OSIS Center policies.
networks with many issues
I've come across a few requests for reports with over 10,000 issues. for the net ops folks that might have huge blocks with many issues -- what is the most relivant information? Also, how does one go about solving a large set of issues across a huge address space? Basickly I'm wondering if I can't build some tools to make life easyer and use the reports as an input to the tools. Also I'd be interested in how large reports should be broken down. I have the issue, address, reverse dns, source and timestamp. would it be best to group the report by issue type. The issues I am track are Open Proxy (http, socks, other) Website with vunerabilities Spam source( spammed honney pot, spamtrap) Open Relay (smtp) Understand the timestamp is the time I saw the issue from the RBL. I import data at best hourly and the DNSRBLs don't all have timestamps for their data. I am generaly interested in understanding how to produce information and tools that the large operaters can utilize effectively. I'd appreciate any thoughts and ideas on how to hande these problems. -rick
*** NANOG election update ***
All: As of 9:14am today: 191 people have voted 915 votes cast Voting is proceeding, but at a slow pace, getting just a trickle the past few days. If you are eligible and have not voted, please take advantage of this opportunity. A reminder, voting ends at midnight EST on Monday, July 25. Refer to http://nanog.org/elections.html for instructions and updates: All best. Betty Burke Project Manager Merit Network
RE: compromized host list available
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Rick Wesson Sent: Wednesday, July 20, 2005 7:32 PM To: nanog@merit.edu Subject: compromized host list available Folks, I've developed a tool to pull together a bunch of information from DNSRBLs and mix it with a BGP feed, the result is that upon request I can generate a report of all the compromised hosts on your network as seen by various DNSRBLs. reports are available daily in pdf, text, csv, and excel. they are all a bit chunky but should be helpful. contact me off list, if you would like to get a daily report for your ASN. You will be required to prove you are associated with and responsible for the ASN you want a report for. The report are free so this isn't a commercial =) honestly I hope the stuff helps. What about collateral damage? -M
RE: compromized host list available
On Thu, 21 Jul 2005, Hannigan, Martin wrote: I've developed a tool to pull together a bunch of information from DNSRBLs and mix it with a BGP feed, the result is that upon request I can generate a report of all the compromised hosts on your network as seen by various DNSRBLs. What about collateral damage? Why, are you wanting to create some? 8-) I think such reports should be treated as they are: third party statistics that (depending on the sources, as I don't know what they are) indicate what those third parties think is happening with your network's hosts. These reports are not a new blacklist. The original poster is only offering these to the admin of any given network -- not another third party. Certainly, I'd *love* to see a neatly cross referenced list for a few unnamed cesspools who refuse to police their networks, in order to ostracize them for it in public, but that's not the purpose of these reports -- -- Todd Vierling [EMAIL PROTECTED] [EMAIL PROTECTED] [EMAIL PROTECTED]
Re: compromized host list available
Todd Vierling wrote: Certainly, I'd *love* to see a neatly cross referenced list for a few unnamed cesspools who refuse to police their networks, in order to ostracize them for it in public, but that's not the purpose of these reports a personal flaw of mine, is that I tend in this direction, my first impulse was to post a list of all the networks and their rate in infection. I'm doing my best to be productive and nice. -rick
Re: compromized host list available
The announcement didn't state the intended use - which, given the ingenuity of some, is most reasonable. But there are those who will believe whatever they read, as long as it's in a report, and especially if the report is automatically generated. Must be true, then, eh? A report, eh? And done by one of them infallible computer dinguses, eh? did you receive or read it on the net? if so, question it. if you are a fool, you'll ignore any warnings. just gimme the list please randy
Re: You're all over thinking this
Austin McKinley wrote: But a land line? If I pick up an analog phone anywhere, I expect a dial tone, and local calling. If I don't have access to emergency services after a blackout/natural disaster that knocks cell towers down (think hurricane season in Florida last year) then you'd never get me to drop my local carrier. I think it is quite a bit to expect very high reliability even from land lines during and immediately following a hurricane. In fact, the odds may not be bad that your cellular service could be restored before your land line. Funny thing about blackouts, you're IP phone is dead if your ISP link depends on utility power. Your cell phone is OK. Your land line is OK... as long as you don't just have cordless phones that require a base station that only operates plugged in. Gratuitous-Plug=Employer If you really want high reliability during and after a natural disaster, satellite phones are probably your best option. We just opened a new gateway in Florida, partly due to demand for emergency services support during hurricane season. (Although I'd rather not slide into the discussion about how 911 works for us.) /Gratuitous-Plug As any network engineer knows, the best engineered systems still do fail. Your best bet for reliability is diversity. -- Crist J. Clark [EMAIL PROTECTED] Globalstar Communications(408) 933-4387 The information contained in this e-mail message is confidential, intended only for the use of the individual or entity named above. If the reader of this e-mail is not the intended recipient, or the employee or agent responsible to deliver it to the intended recipient, you are hereby notified that any review, dissemination, distribution or copying of this communication is strictly prohibited. If you have received this e-mail in error, please contact [EMAIL PROTECTED]
RE: networks with many issues
Rick, Similar to what I expressed already in email directly to you, data without timestamp of when a specific IP address was found to be an offender is nearly worthless for action, and only interesting as statistical chatter.. Except where you perhaps have business customers (and the occasional residential customer) with static address assignments. Even still, acting on such 3rd party derived data for things like AUP enforcement is probably still more problematic... I understand the difficulty of coming up with a valid timestamp, but the other part of this is operational realities that IP addresses temporary assignments for a lot of broadband subs. So, I guess, I wonder -- with the deficiencies indicated above -- what operational use such a list would really have in the end. ;-) Other than yet another interesting metric of just how bad things are out there(TM). Regards, Christian I've come across a few requests for reports with over 10,000 issues. for the net ops folks that might have huge blocks with many issues -- what is the most relivant information? Also, how does one go about solving a large set of issues across a huge address space? Basickly I'm wondering if I can't build some tools to make life easyer and use the reports as an input to the tools. Also I'd be interested in how large reports should be broken down. I have the issue, address, reverse dns, source and timestamp. would it be best to group the report by issue type. The issues I am track are Open Proxy (http, socks, other) Website with vunerabilities Spam source( spammed honney pot, spamtrap) Open Relay (smtp) Understand the timestamp is the time I saw the issue from the RBL. I import data at best hourly and the DNSRBLs don't all have timestamps for their data. I am generaly interested in understanding how to produce information and tools that the large operaters can utilize effectively. I'd appreciate any thoughts and ideas on how to hande these problems. -rick * The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon, this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. 118
RE: networks with many issues
So, I guess, I wonder -- with the deficiencies indicated above -- what operational use such a list would really have in the end. ;-) Other than yet another interesting metric of just how bad things are out there(TM). And, I should say, that in the end.. The best use might be aggregate statistical trending etc, without publicly (or privately) identifying specific nodes. That might actually be very interesting, just like we have clueful folks tracking a bunch of metrics for, say, the routing system itself. Perhaps folks like CAIDA might be interested in this.. ;-) Just a thought.. Thanks, Christian -- You may safely ignore any of the junk below. If you're reading this, you are the intended addressee. Proprietary info.. On NANOG? You're kidding right? * The information transmitted is intended only for the person or entity to which it is addressed and may contain confidential, proprietary, and/or privileged material. Any review, retransmission, dissemination or other use of, or taking of any action in reliance upon this information by persons or entities other than the intended recipient is prohibited. If you received this in error, please contact the sender and delete the material from all computers. 162
MCI billing fraud ... again
We're being hit up by MCI's billing fraud again. You'd think after the multiple settlements, the $4 billion accounting fraud and Ebbers' 25 year prison sentence that MCI would have learned something, but apparently not. Anyone have a definitive method of dealing with these clowns? Any contacts for someone skilled in getting MCI to FOAD? -Dan
Re: You're all over thinking this
Crist Clark wrote: Gratuitous-Plug=Employer If you really want high reliability during and after a natural disaster, satellite phones are probably your best option. That's who I thought you worked for, but the only satellite phone provider whose name I consistently remember is Iridium (aren't they bankrupt and/or gone?) Of course, you have issues with satellite phones too. Cost is one such issue. Even when I signed up for my first cell phone in 1993, long before the wireless boom, airtime was still only about 40 to 50 cents per minute[0] - about 1/2 or 1/3 of what you'll pay per minute for a satellite phone today, IIRC. (Please correct me if necessary!) Another, potentially worse, problem occurs if you don't have line of sight to the bird... that's precisely why I ended up with cable TV instead of satellite when I lived in Lake County, Ohio - three *very* tall trees to the south of my house, with DirecTV's satellite *and* Dish's satellite both requiring line of sight to the southwest. during hurricane season. (Although I'd rather not slide into the discussion about how 911 works for us.) It doesn't? ;) **SJS [0] All monetary figures quoted here are in US dollars -- Steve Sobol, Professional Geek 888-480-4638 PGP: 0xE3AE35ED Company website: http://JustThe.net/ Personal blog, resume, portfolio: http://SteveSobol.com/ E: [EMAIL PROTECTED] Snail: 22674 Motnocab Road, Apple Valley, CA 92307
Re: MCI billing fraud ... again
On Thu, Jul 21, 2005 at 03:31:53PM -0700, Dan Hollis wrote: We're being hit up by MCI's billing fraud again. You'd think after the multiple settlements, the $4 billion accounting fraud and Ebbers' 25 year prison sentence that MCI would have learned something, but apparently not. Anyone have a definitive method of dealing with these clowns? Any contacts for someone skilled in getting MCI to FOAD? You give NO details, but I am wondering whether you are being misbilled rather than suffering deliberate billing fraud. In such cases, we find our MCI salesperson to be incredibly helpful at getting bad billing fixed. And we both wish it could be stopped at the source, but the company STILL isn't unified after all the acquisitions of the last millenium. Say, isn't this ... off topic? -- Joe Yao --- This message is not an official statement of OSIS Center policies.
Re: You're all over thinking this
Austin McKinley [EMAIL PROTECTED] wrote: [Well, OK, so I'm being UK-centric, but the same problems apply.] What's the opex of a single residential phone line? How much does it cost to have a live copper pair, and how much does it cost to connect said copper to the PSTN? If BT is to be believed, slightly *more* than the retail cost of GBP10.49 a month. I assume that BT expect to recover some of the loss through call charges or other services. (Not unreasonable - BT indirectly get a reasonable wedge from my ADSL supplier even if I don't pay more than the basic line rental.) Could local telcos offer nothing but emergency local dialing? Say, 911, hospitals, sheriff's office? Who would decide which numbers go onto the list. What about the 40p/min 070xx numbers that Patientline provide free to hospitals? (070xx is just a sleazy way of sidestepping premium-rate legislation of 09xx numbers.) Or maybe just local dialing, with a by the minute rate to discourage use? Us 10.49 customers pay 3p/min daytime anyway, whether local or to the other side of the UK :) Since most residential customers use their ATA's to mimic a single analog line for the whole house anyways, why not add an FXO port to the ATA? Set the ATA to fail over to the analog line if it loses power. Customers get *real* 911 service, and telcos won't be stuck with miles of worthless, buried line. It's not really worthless, as that's what the broadband comes in on for pretty much every UK broadband user. (Unlike BT, with NTL and Telewest you don't *have* to take the voice service, but the price breaks encourage you to and I suspect it gets installed anyway.) It seems that the status quo in the UK already gives you pretty much what you want. I guess that's why, wearing my end-user hat, I've seen absolutely no effort going on to make 999 work over VoIP. I think UK users of VoIP still view it as a way of getting dirt cheap voice minutes by avoiding BT's call rates, rather than as a replacement phone line. In that vein, would you expect, say, MCI and all the tinpot long-distance carriers to concern themselves with 911? -- Everyone must believe in something. I believe I'll have another drink. - W.C. Fields
Re: MCI billing fraud ... again
We're being hit up by MCI's billing fraud again. mci's billing problems are gross ineptitude, not fraud. and just about every major (and many minor) telco has the same mess. have your documentation in order and talk to your account rep. the sky is not falling. randy
Switch advice please
Hello I am looking at aquiring some switches to upgrade a large web site front and backend switching network. I am looking at cisco and HP switches at the moment and would like to hear peoples opinions on them or recommendations for any others. Some of the switches I am looking at are 24 and 48 Port GB (copper) switches and 48 and 24 port 10/100 with GB feed's. (one or two feeds) Also if anyone makes a small (like 8 port) GB switch with GB that routes fast enough to act as a gateway from Gb fiber drop to copper GB feed to other switches. Most of the small switches seem underpowered for such a task. Or am I wrong in this? Thanks so much! Nicole
CircleID: News from the E-mail Authentication Summit in NYC
Bill Nussey writes on CircleID: [snip] At The Email Authentication Implementation Summit in New York City last week, several major ISPs surprised attendees with their announcement that they are jointly backing a single authentication standard. Yahoo!, Cisco, EarthLink, AOL, and Microsoft got together and announced they are submitting a new authentication solution, DomainKeys Identified Mail to the Internet Engineering Task Force for approval as a standard. This is big news. To date, these groups have been at odds over authentication, with each promoting their own authentication techniques. While it is likely that each will continue to support its own standard for now (Microsoft with Sender ID, AOL with SPF and Yahoo! with the original DomainKeys), we can expect that they all will begin to use this common standard over the coming years if it is adopted by the IETF. [snip] http://www.circleid.com/article/1143_0_1_0_C/ - ferg -- Fergie, a.k.a. Paul Ferguson Engineering Architecture for the Internet [EMAIL PROTECTED] or [EMAIL PROTECTED] ferg's tech blog: http://fergdawg.blogspot.com/
RE: MCI billing fraud ... again
Interesting. About 1 year ago (early 2004), in a one month period, we had every single MCI outstanding billing dispute resolved -- some even that were over 4 years old. It seemed to me that the dispute resolution people actually gave a hoot all of a sudden. And, some inside information I gleaned was that they were instructed by the higest levels to do so. Also, about 2 months ago, we had a random $90k charge on an account that usually bills a few thousand a month. This was quickly resolved (as in, already). Our rep was the channel used, and he was good about it. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Dan Hollis Sent: Thursday, July 21, 2005 6:32 PM To: 'nanog@merit.edu' Subject: MCI billing fraud ... again We're being hit up by MCI's billing fraud again. You'd think after the multiple settlements, the $4 billion accounting fraud and Ebbers' 25 year prison sentence that MCI would have learned something, but apparently not. Anyone have a definitive method of dealing with these clowns? Any contacts for someone skilled in getting MCI to FOAD? -Dan
Re: CircleID: News from the E-mail Authentication Summit in NYC
On 22/07/05, Fergie (Paul Ferguson) [EMAIL PROTECTED] wrote: Bill Nussey writes on CircleID: [snip] How do you say that was an email authentication for dummies session without actually saying so? Here's how (my followup on circleid) By Suresh Ramasubramanian | Posted on Jul 21, 2005 @ 7:08 PM PST In the interests of setting several records straight, and making a few points clearer. AOL's spf is just plain wrong. SPF is by meng weng wong of pobox.com (http://spf.pobox.com). The most that AOL has done is to use it in a way that is way out of spec for what it is designed for .. tells large sites who ask it for a whitelist to consider publishing spf records, to automate the updation / maintenance of their whitelist (so if they add or remove netblocks for their sending of email, the changes can be picked up from the spf record). Even that is not necessary - all people have to do if they dont want spf is to open a ticket with aol's postmaster staff if they want their whitelist updated. Domainkeys and Cisco's IIM merged as they were fairly similar and reasonably complementary proposals - with the added advantage that the considerable experience that Cisco distinguished engineers like Jim Fenton (the author of IIM) has with IETF operations is brought to bear in polishing the joint spec. A balanced set of use cases of spf and sender id, that also documents the potential gotchas and pitfalls that exist (and show themselves quite often particularly when people publish restrictive -all spf records, and even more when sites treat spf failures as a blanket reason to immediately reject email) - http://www.maawg.org/about/whitepapers/spf_sendID/ More on the blind use of spf here - something I wrote a few months back on circleid. http://www.circleid.com/article/1039_0_1_0_C/ The email authentication summit did not go beyond fairly general issues, and can be treated as a general introduction / update to the authentication issue for people who have not been following it very closely. You may want to attend MAAWG and IETF meetings - that is where you will see a clearer picture.
Re: Switch advice please
I am looking at aquiring some switches to upgrade a large web site front and backend switching network. I am looking at cisco and HP switches at the moment and would like to hear peoples opinions on them or recommendations for any others. We've been using Cisco equipment since 1990 or so, and have used HP equipment off and on for the last then years or so. We're currently happiest with Cisco's 3560G series, so you might take a look at them and see if they're what you're looking for. HPs have always seemed a bit difficult to manage, by comparison, though sometimes a little cheaper. -Bill
Re: CircleID: News from the E-mail Authentication Summit in NYC
At The Email Authentication Implementation Summit in New York City last week, several major ISPs surprised attendees with their announcement that they are jointly backing a single authentication standard. More details are at http://mipassoc/mass. Participation by the ops community is *strongly* encouraged. -- d/ Dave Crocker Brandenburg InternetWorking +1.408.246.8253 dcrocker a t ... WE'VE MOVED to: www.bbiw.net
Re: CircleID: News from the E-mail Authentication Summit in NYC
Date: Thu, 21 Jul 2005 22:12:28 -0700 From: Dave Crocker [EMAIL PROTECTED] To: nanog@merit.edu Subject: Re: CircleID: News from the E-mail Authentication Summit in NYC X-Songbird-SpamCheck: At The Email Authentication Implementation Summit in New York City last week, several major ISPs surprised attendees with their announcement that they are jointly backing a single authentication standard. More details are at http://mipassoc/mass. That should be http://mipassoc.org/mass Participation by the ops community is *strongly* encouraged. -- d/ Dave Crocker Brandenburg InternetWorking +1.408.246.8253 dcrocker a t ... WE'VE MOVED to: www.bbiw.net - Gregory Hicks | Principal Systems Engineer Cadence Design Systems | Direct: 408.576.3609 555 River Oaks Pkwy M/S 6B1 | Fax: 408.894.3479 San Jose, CA 95134 | Internet: [EMAIL PROTECTED] I am perfectly capable of learning from my mistakes. I will surely learn a great deal today. A democracy is a sheep and two wolves deciding on what to have for lunch. Freedom is a well armed sheep contesting the results of the decision. - Benjamin Franklin The best we can hope for concerning the people at large is that they be properly armed. --Alexander Hamilton