Re: Abuse procedures... Reality Checks
On Mon, 9 Apr 2007, Paul Vixie wrote: than you're describing. for example, this weekend two /24's were hijacked and used for spam spew. as my receivebot started blackholing /32's, the Why do you think they were hijacked ? At least for your second block: 1 71.6.213.103 I've had that /24 blocked since 4/4/07. I have spam attempts for that domain going back to Feb 13 2007, but it didn't have reverse DNS set up until 4/4 so nothing got through. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 948-3162 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Comment spammers chewing blogger bandwidth like crazy
On Sun, 14 Jan 2007, Tony Finch wrote: I would expect the lists of compromised hosts to be fairly effective - open proxies of various kinds and perhaps botnet hosts. As for SMTP the blacklists would only be a starting point that either provide a cheap preliminary check or feed a more sophisticated filtering system. I tihnk the real trick is to make sure the list does NOT include dynamic IP space. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 948-3162 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Removal of my name
On Wed, 20 Sep 2006, Randy Bush wrote: but there are a couple of more significant issues being discussed over there, those surrounding the community's desires for maintaining mailing list archive integrity. Personally I find it sad that at the prospect of a list archive being censored, the only discussion that could come up on this list was HTML versus plain text. Had the guy not re-sent the whole nonsense to the list itself I might have more sympathy for him. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Removal of name
On Fri, 15 Sep 2006, Tash wrote: Dear Sirs/Madams, Please remove my name Tashfeen Imdad from this site below. It is slanderous towards me and it does not involve me. I am no Dr. Phil has a saying: When you find yourself in a hole, stop digging. You do realize you mailed this out to a mailing list with a few thousand people on it, right ? So that you've just reminded everyone who had forgotten about it. In any case, this is an archive of a mailing list, where this discussion originally took place. None of us run it, and there are probably multiple archives of Nanog out there, so you'll never get rid of them all. In fact I'll bet there are people who read your message and are making copies of the page now, just in case the others do come down. longer involved with telecommunications and I am not associated with Qwest anymore and it is also slanderous towards Qwest. I would appreciate this act of kindness. It is gone on too long this is from 2002. This defames my character from 2002 and it does not properly represent me. Dude, you did it. Be a man and own up to it. Figure out a way in Interviews to show you learned from it, though this post will make it harder. http://www.ibiblio.org/Dave/Dr-Fun/df9601/df960124.jpg thanks Tash http://www.cctec.com/maillists/nanog/historical/0202/msg00446.html Re: OT: spam from Globix to ARIN POCs - To: Kai Schlichting [EMAIL PROTECTED] Subject: Re: OT: spam from Globix to ARIN POCs From: Christopher X. Candreva [EMAIL PROTECTED] Date: Mon, 25 Feb 2002 15:26:36 -0500 (EST) Cc: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] In-Reply-To: [EMAIL PROTECTED] Sender: [EMAIL PROTECTED] - On Mon, 25 Feb 2002, Kai Schlichting wrote: And on another note, that little spamming jerk from Qwest's NYC sales office, Tashfeen Imdad, should start finding himself a new job while there is time. And don't count on collecting unemployment.What, did he spam your users through the whois database, and copy you on it since you are the tech contact ? [EMAIL PROTECTED] went right in the filters. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/ - References: OT: spam from Globix to ARIN POCs From: Kai Schlichting [EMAIL PROTECTED] - Prev: Re: DNS timeline Next: Re: DNS timeline Index(es): Main Thread - Want to be your own boss? Learn how on Yahoo! Small Business. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: FWD: Explanation for the recent major downtime
On Thu, 15 Sep 2005, jc dill wrote: My personal website is hosted with DreamHost. They sent this out to their customers today. Of interest to NANOG is the bit about the N+1 redundant genset system having 2 generators quickly fail, and in doing so having the UPS fail and the entire data center go dark. Something to consider in For some reason this immediately made me think of VAXen, my children, just don't belong some places. http://www.crash.com/fun/texts/vaxen-dont.html We appear to have progressed, marginally, from those days. :-) == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
RE: Cisco and the tobacco industry
On Thu, 28 Jul 2005, Geo. wrote: Have you ever actually tried to get the updates using this method? It really does take the better part of a week and no less than half a dozen emails or phone calls and then there is the begging... I have, on at least two occasions I remember, and I don't recall it being that big a deal, fill out the form, I don't recall if I even had to speak to anyone, and I received the link to the image. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
RE: Why do so few mail providers support Port 587?
On Fri, 25 Feb 2005 [EMAIL PROTECTED] wrote: being used on port 25 already. You can do SMTP AUTH just as easily on port 25 without having to re-educate your users and still net the same simplified tracking procedures that you mention. It sounds to me like what we should really be talking about is getting MTA operators to begin using SMTP authentication of some kind (any kind!), rather than harping on whether or not MTA's should accept mail on port 587... Port 587 becomes useful because it allows you to firewall outbound port 25 from non-mail servers (IE -users), while allowing them to submit mail to other places. It's hard to say how it benefits YOU as a single person. But the separation benefits the Internet as a whole. It's a two part thing though. Blocking port 25 won't work without and alternative for users, and having mail submitted to relays on 587 isn't helpful if local admins don't block port 25 outbound for their users. However, with both of these in place, you stop the ability of every virus-infected host to send mail out directly to other people's mail servers. Forcing them through your mail relay gives you control: Your virus scanner can now detect the traffic, issue an alert, shut down the account, etc. So to answer Nil's original question, along the lines of giving him a reason to listen on port 587, the only selfish reason would be so your users behind port 25 firewalls can relay through your server. If you don't need that, that don't bother. Simply making this available has caused us really no additional support requests, it's maybe two lines in the sendmail.mc file. On the other hand, Optimum Online deciding to block outbound port 25 one (Saturday) morning caused quite a bit of support work. Had we not already been supporting 587 at that point, the work would have been far greater, if not for the techs, then for the salespeople trying to get new customers to replace all the ones we would have lost. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Why do so few mail providers support Port 587?
On Fri, 25 Feb 2005, just me wrote: What are you, stupid? The spammers have drone armies of machines with completely compromised operating systems. What makes you think that their mail credentials will be hard to obtain? What are you, stupid ? Run a virus scanner on your mail relay so you don't propogate any viruses. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Why do so few mail providers support Port 587?
On Fri, 25 Feb 2005, just me wrote: Most ISPs don't watch logs for the signs of abuse now, why would they magically change their behavior and monitor logs if they required auth? Just because there is more of an audit trail doesn't mean that it will be used. Because now the server sending viruses is their outgoing mail server, which will get blocked via the various DNSBL's instead of the end-user machine, which should be much more of an incentive t clean things up. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
RE: verizon.net and other email grief
On Fri, 10 Dec 2004, Roy wrote: While I can't speak to what Verizon is using, Both Exim and Postfix have the very same feature called address verification. Its in use at a number of ISPs. My systems reject 1000's of messages every day because of verification failures. That would be 1000's of other people's servers getting traffic from you because someone forged their address in the spam. You are effectively doubleing the total load spam places on the net. This doesn't scale. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: My yearly post about environmental monitoring devices
On Thu, 2 Dec 2004, Brandon Butterworth wrote: Ethernet is cheap and trivial, drop some code in one of these (cpu is built into the rj45 socket) http://www.lantronix.com/device-networking/embedded-device-servers/xport.html Cheap is relative. These are showing about $50 each, Considering your average MCU is under $10, and smaller ones under $5, this can be equal to or more than the rest of your device. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Are AOL's MXs mass rejecting anyone else's emails?
On Tue, 7 Sep 2004, Jon Lewis wrote: Any network that doesn't already have it, I highly recommend signing up for AOL's feedback loop (aka scomp reports) at http://postmaster.aol.com/tools/fbl.html. This will give you a sort of early warning system notifying you of spam issues on your network. And you will also get random emails that your users have sent to AOL users, who then click on Report as spam seemingly at random. I've received Spam reports on e-mail asking when someone's kids should be picked up at school, giving directions for a job interview, CONGRATULATING that same person on being accepted for the job, and in once case received a 'spam complaint' on every mail my user sent as part of a conversation. As in, the AOL user replied, then clicked Report as spam. He received a reply to his reply, replied, and Reported as Spam. This was not a Stop e-mailing me conversation. It was a perfectly normal conversation between two people. Then there are the people who have mail forwarded from here to their AOL account, and can't get it through their thick skulls that Report as spam isn't doing a damn thin in this case. G. So it's a nice idea -- but IMHO fails in practice. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Are AOL's MXs mass rejecting anyone else's emails?
On Tue, 7 Sep 2004, Jon Lewis wrote: Yeah...there's a certain amount of GIGO since the scomp system relies on the lusers to decide what's spam and what's not...but that's not a serious problem. IME, AOL won't block you unless you're getting thousands of scomp complaints/day and seem to be ignoring them. A handful of bogus ones are just a few messages your abuse people can delete when they see the mail appears to not really be spam. Well, maybe I'm spoiled. :-) Thing is, our 'abuse people' is me. I used to measure the number of mails sent to abuse@ in 10 messages/month, and most of those are misdirected for westnet.net, or west.net, or westnet.com.au or . . . take your pick. As of now the bulk of all abuse mail is scomp noise. If anything I'm afraid I'm going to miss a real problem burried in the garbage. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Distributed Dictonary email slam
On Mon, 6 Sep 2004, Jared Mauch wrote: does anyone have some pointers to a good (possibly radius+sendmail) based approach for checking this? I load rules into the access.db database. lines like this: To:westnet.com ERROR:5.1.1:550 User unknown To:[EMAIL PROTECTED]OK To:[EMAIL PROTECTED]OK Perl script builds this off /etc/passwd, /etc/aliases, our user database, and whatever else is applicable, rsync distributes to the other machines, make builds the database. I wanted it to be completeely local so that the secondaries could continue to function even if the radius server was down == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Distributed Dictonary email slam
On Sun, 5 Sep 2004, Matt Hess wrote: source hosts.. Now being as we are a secondary mx I'm dropping their record out of our email system as I write this, however, I am curious if other have gone through or are currently going through something of this magnitude (12K spam/dictionary msgs per hour destined to one domain and that's just what is You want to keep a list of valid accounts on the secondary so you can refuse mail for non-existing accounts on the secondary too. If you don't care about yourself -- relize that if, say, all of these mails have a return address forged from the same domain, you will be DOSing THAT site with the bounce messages. This is enough for some people to block mail from you. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: OT: xDSL hardware
On Tue, 13 Jul 2004, Charles Sprickman wrote: I'm wondering if there are any ISPs here that are Covad partners that have found a need to terminate a DSL line alongside a T1 for backup. Yes. Not doing it currently, but when we did we used a FlowPoint 2200 in routed mode into the second ethernet port on a 2e/1serial 25xx. , with a /30 between the FP and the Cisco. Is anyone aware of a WIC card that will work with the lower end Cisco gear (1700 or 2600 series) that will allow me to terminate an ADSL or preferably an SDSL line directly on the router? The idea being that the router is then aware of link up/down status... Covad business class is SDSL. But - if the DSL line is backup to the T1, does the router 'need' to know that the DSL line is down ? I believe we just used weighted static routes. If the T1 was up use that, otherwise use the DSL. If both are down -- it won't really matter, will it ? :-) (Unless you are relying on SNMP monitoring from this router internally for an alarm). == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Barracuda Networks Spam Firewall
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote: and then forward it to an internal machine that actually knew what mailboxes were valid addresses. If you don't do that, then you have to make your authentication system visible to machines on your DMZ, which has it's own touchy implications Or push a list of valid addresses to the secondaries that they keep locally and use, update as needed. You don't need to 'authenticate' -- just know what is/isn't valid. For a few hundred, or a few thousand accounts rsync/ssh/make could do the job. If you're AOL, I'm sure there is a solution too. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Barracuda Networks Spam Firewall
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote: So your auditor wouldn't mind if you kept an unencrypted list of credit card numbers on a DMZ box, because if somebody hacks the box they can gather those over time? :) This is hardly the same thing. E-mail addresses are public, credit card numbers aren't. Email addresses can be gotten by brute-force checking fairly easily without even cracking the machine. card numbers can't. What would your auditor think about your secondary MX being used as a DOS amplifier because it sends out thousands of bogus bounces to forged addresses ? == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Barracuda Networks Spam Firewall
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote: You're missing the main point - that sometimes things are done in ways that are sub-optimal or even pessimal from the technical standpoint, because some other consideration interferes. Yes, it *would* be nice if everybody in the world Oh, I know that point very well. It's why we're in the mess we are in, because no one could budget to set things up properly. It's the same arguement we heard as to why people couldn't close their open relays. To which we eventually responded OK, if that's what you have to do. Let us know when you have fixed it and we'll accept mail from you again. You'll have to use a different server though, 'cause it's blocked now. It's not that I missed the point. I don't care if YOU can't afford it. That's your problem. I'm not going to let it affect MY network. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Barracuda Networks Spam Firewall
You're missing the main point - that sometimes things are done in ways that are sub-optimal or even pessimal from the technical standpoint, because some other consideration interferes. Yes, it *would* be nice if everybody in the world But if you really need a reason to convince someone who won't get their head out of their . . . the sand -- You can probably cut in half the number of viruses you have to scan if you reject invalid addresses up front, meaning you can buy a smaller/ fewer virus scanner(s). Which means the companies making them have absolutely no incentive to add this feature. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Barracuda Networks Spam Firewall
On Tue, 18 May 2004 [EMAIL PROTECTED] wrote: When it gets built, will it list AOL.COM for not rejecting at the original RCPT TO? Or Hotmail.com? (Consider the following 2 pieces of mail - mail Don't know about hotmail, but AOL is working on this. You might want to check out that SPAM-L list, if this is something you are interested in. Once AOL starts doing it -- you can bet they will be one of the ones blocking on it. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: backscatter hosts
On Tue, 18 May 2004, Steven Champeon wrote: Granted, it's a DSN for an over-quota user, not a nonexistent user, but the rejection happens after accept, and the DNS goes to the forged sender. OK Steve let me know when you have the sendmail ruleset to check quota on a remote host before accepting RCPT To: :-) == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: routing invalid IP addresses
On Sat, 21 Feb 2004, Geo. wrote: traceroute to 248.245.255.191, that's what made me think it was invalid. It has nothing to do with the x.y.255.z -- the 240.0.0.0/4 is IANA reserved space. If you had given the whole IP in the first place you could have saved yourself some abuse. :-) You are right in the sense that it has been recommended for a while that ISP's filter invalid traffic outbound from their network, to prevent their customers from spoofing. However, given the number of incidents of hijacking recently, it's entirely possible whoever is using this actually has their own BGP feed. [westnet]:~$ whois 248.245.255.191 BW whois 3.4 by Bill Weinman (http://whois.bw.org/) Copyright 1999-2003 William E. Weinman Request: 248.245.255.191 from whois.arin.net:43 [cached Sat Feb 21 16:18:16 2004 UTC] OrgName:Internet Assigned Numbers Authority OrgID: IANA Address:4676 Admiralty Way, Suite 330 City: Marina del Rey StateProv: CA PostalCode: 90292-6695 Country:US NetRange: 240.0.0.0 - 255.255.255.255 CIDR: 240.0.0.0/4 NetName:RESERVED-240 NetHandle: NET-240-0-0-0-0 Parent: NetType:IANA Special Use Comment:Please see RFC 3330 for additional information. RegDate: Updated:2002-10-14 OrgAbuseHandle: IANA-IP-ARIN OrgAbuseName: Internet Corporation for Assigned Names and Number OrgAbusePhone: +1-310-301-5820 OrgAbuseEmail: [EMAIL PROTECTED] OrgTechHandle: IANA-IP-ARIN OrgTechName: Internet Corporation for Assigned Names and Number OrgTechPhone: +1-310-301-5820 OrgTechEmail: [EMAIL PROTECTED] # ARIN WHOIS database, last updated 2004-02-20 19:15 # Enter ? for additional hints on searching ARIN's WHOIS database. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Need abuse contact for Yahoo Hostinng
Sorry to bother the list, but if anyone from Yahoo is listening, There is an credit card stealing web site hosted by Yahoo. Complaints to [EMAIL PROTECTED], as usual for complaints about their hosting, are returned days later saysing Sorry, we can't do anything since this spam didn't come through Yahoo.: URL: http://aol.account-cgi1.com/update.htm Please contact me directly for a copy of the scam e-mail and the idiotic Yahoo abuse response. If [EMAIL PROTECTED] is not the correct address, then this really should be added to the whois record for your hosting netblocks. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Need abuse contact for Yahoo Hostinng
On Mon, 2 Feb 2004, Barnabas Toth wrote: Maybe you should try to contact AOL abuse instead? I know, I know... Just a though. Thanks to those who replied. I've been contacted directly by an AOL rep (who the site pretended to be), and an FBI agent. Interestingly not a peep from Yahoo. Sigh. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Need abuse contact for Yahoo Hostinng
On Mon, 2 Feb 2004, Christopher X. Candreva wrote: Interestingly not a peep from Yahoo. Sigh. In fairness -- I just heard from someone at Yahoo-inc.com == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: SMTP problems from *.ipt.aol.com
On Fri, 16 Jan 2004, Ajai Khattri wrote: I have several users who connect to our mail server from an IP in the *.ipt.aol.com namespace. All are complaining about intermittent SMTP problems. I see that outbound SMTP traffic is proxied through AOL servers to our mail servers. Has there been a change recently causing this to not work? We had users who SMTP AUTH relay through us from AOL dsl lines suddenly have problems this week. Switching them to the submission port (587) has solved things so far. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Anyone from NeuLeve.bizl listening?
On Thu, 11 Dec 2003, Suresh Ramasubramanian wrote: This is an old and time honored tradition to deal with lusers anyway, kind of like the warez.* ftp servers (though one of the more popular of these, warez.slashdot.org, seems to have found itself a non-localhost IP some months back) :( Looks like they set up a wildcard: [westnet]:~$ host candreva.slashdot.org candreva.slashdot.org has address 66.35.250.151 candreva.slashdot.org mail is handled (pri=10) by mail.osdn.com == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: AOL rejecting mail from IP's w/o reverse DNS ?
On Sat, 6 Dec 2003, Adam Kujawski wrote: Why bother with CNAMES or A records? Is there anything wrong with simply using NS records for each adress? i.e.: $ORIGIN 109.246.64.in-addr.arpa. 1NS ns1.customerA.com. 1NS ns2.customerA.com. This will work. For large blocks it would get tedious to manage, though a few lines of perl will spit out a file in short order. Definately not easy to manage on a large scale however. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
AOL rejecting mail from IP's w/o reverse DNS ?
Since I'm 99% sure the idea (or stupidity thereof :-) of blocking SMTP servers without reverse DNS came up here in this discussion, I just ran a manual queue run to clean out a queue, and saw this come up: ... Connecting to mailin-04.mx.aol.com. via esmtp...220-rly-xn05.mx.aol.com ESMTP mail_relay_in-xn5.9; Wed, 03 Dec 2003 09:59:55 -0500 220-America Online (AOL) and its affiliated companies do not 220- authorize the use of its proprietary computers and computer 220- networks to accept, transmit, or distribute unsolicited bulk 220- e-mail sent from the internet. Effective immediately: AOL 220- may no longer accept connections from IP addresses which 220 have no reverse-DNS (PTR record) assigned. EHLO westnet.com I don't know if this is new -- I don't recall seeing it before, but it doesn't say they WILL refuse, just they may. If they do start blocking -- this WILL be an operational issue. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: AOL rejecting mail from IP's w/o reverse DNS ?
On Wed, 3 Dec 2003, Randy Bush wrote: you're right. it will be. people will have to clean up their in-addr.arpa. or am i missing some reason they can't, other than laziness? See, this is the war I didn't want to start again. Unless I'm thinking of a discussion on a different list -- I was sure in the whole Verizon spam measures hurting other servers thread, the whole blocking w/o IN PTR records had come up, with people saying they were on hosting where they couldn't change PTR records, and the clients who couldn't get mail from small offices with Exchange servers on DSL lines where the ISP hadn't configured reverse DNS . Then there was the comment on how reverse DNS was meaningless, and did you still run identd ? Maybe I'm thinking of the wrong list. If AOL does it, in a way the question is moot. At least those of us who DO know how to configure DNS can get some clients from the ones who don't. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: AOL rejecting mail from IP's w/o reverse DNS ?
On Wed, 3 Dec 2003, Robert E. Seastrom wrote: ... and it will be a zero-sum game once the spammers (or their complicit ISPs) fix their in-addrs too. I disagree. I don't think the spammers, by and large, 'own' their IP addresses. They are using (as someone said) hijacked space, or compromised machines. Odds are since many of these machines aren't SUPPOSED to be sending mail in the first place, no one is going to complain, so nothing is going to be done about them. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
The Internet's Immune System
On Sun, 2 Nov 2003, Paul Vixie wrote: so listen up. just because many of the infected hosts won't be disinfected, don't assume that there's no value in tracking and reporting them, or that there's no reason to spend money listening to and acting on complains about them. the internet's immune system needs *more* resources, not fewer. I've had an idea kicking around my head since Paul posted this. Most of the reporting work seems to be centered around finding who to report problems to. I think we need to turn the problem around: Devise a system that assumes owners of IP space WANT to know about problems. In simple terms, a system that would let me issue a command such as report --open-proxy 192.168.1.1 (or even report --open-proxy 192.168.1.1 logfiles) and have a report sent to whoever needed to know about it. To participate in this, I would have to run a problem-report server that accepts reports on my IP space. It would be registered with some central server, that refers problems to the proper server for that IP address, like DNS. This might be a NOC to NOC tool, or perhaps useing registered PGP signatures, reports from other NOCs could have more weight then those from end users. In any case, the idea is to allow automated testing based on reports, aggragation of reports to weed out mistakes and errors, and provide a mechanisim for various firewalls, intusion detection systems, etc to talk to each other to solve problems as quickly as possible. So in the above example, if I receive the report for 192.168.1.1 being an open proxy, I might have my system configured, because that is a residential DSL IP, to automaticly do a full port scan on it to look for open proxies, and if I confirm that it is open shut the line down, or just kick out a ticket for someone to call the customer. Or, start a netflow analysis on it to look for virus/worm traffic. Or not do anything until a certain number of reports are received, weighted based on the ranking of PGP sigs. Paul's use of the word immune system hit it on the head. An immune system kicks in automaticly to fight infection, and right now there isn't one on the net. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Ex PSI legacy .us domains inactive
Over the weekend a customer of mine had his legacy .us domain under .rye.ny.us stop working, as it is no longer in the root servers. After doing some checking, a whois on rye.ny.us shows it as inactive. The customer found this list of .us delegations: http://www.neustar.us/delegated_managers/delegated_subdomains.txt A random check shows every domain listed as being with psi.net as inactive. I'm about to write a little script to check all the psi domains in that list. This is basicly a heads-up if anyone else has a domain that might be in the same catagory, or if someone from Neustar is listening, the customer's attempts to contact them so far haven't been fruitfull. The PSI deleted domains are mostly NY cities. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: cooling systems
On Thu, 6 Nov 2003, Peter Galbavy wrote: You foreigners are scary. As a UK resident, born in Oz many many years ago, I consider -10C to be very very cold. Uhm, 9/5 * -10 +32 . . . 14 degrees ? Peshaw. As long as it's over 0 I'm OK. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: cooling systems
On Wed, 5 Nov 2003, Mike Tancsa wrote: costs, not to mention be a little more environmentally friendly. We were thinking we could circulate the air up to the roof and cool it there inside some aluminum ducts and then bring it back down. We dont want to just bring in cold air as it is quite dirty outside since we are next to a major highway. Anyone done anything like this before in a computer room setting ? Depending on the type of AC you have, it may already do that. If it is, say, a one piece roof mounted unit, with intake/oulet ducts attached to the building, then just leave the fan on all the time and it will do what you want. If it's a split unit, with copper tubeing bringing the freon from an outside to inside unit, then this doesn't work. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
RE: ISPs' willingness to take action
On Sun, 26 Oct 2003, Terry Baranski wrote: What if the great majority of your clients are bare PCs on broadband circuits? Well, you might just find that small ISPs, then BIG ISPs, stop accepting mail from your dynamic IP customers. As a start. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Verislime NSI details
On Mon, 20 Oct 2003, David Lesher wrote: Solutions, the Herndon-based registrar of Internet addresses, for $100 million in a deal that will allow VeriSign to retain exclusive control of the valuable .com and .net database. And NetSlow is now offering free domain transfers - http://www.networksolutions.com/en_US/name-it/transfer.jhtml?siteid=100chan So, how much to they need to pump their numbers for the sale ? == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: more on VeriSign to revive redirect service
On Thu, 16 Oct 2003, Miles Fidelman wrote: Just out of curiousity, I wonder how many domain registrations those of us on nanog represent? Contract sanctions from ICANN are one thing, taking We've been moving all our domains to OpenSRS for a year, but doing it as they come up for renewal. This has definately inspired not only us, but our customers to do it before the deadline. OpenSRS also offers SSL certs, and we've been moving those away from Verisign too. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: i'd like to know your opinions on the com/net wildcard issue
On Mon, 13 Oct 2003, Paul Vixie wrote: see http://sa.vix.com/~vixie/comnetsurv/ this is not an icann thing btw, it's just me. OK, this is nit-picky, but the errors a wildcard will pick up are NOT 404 errors. A wild card could not possibly ever pick up a 404 error. Since 404 is a server error code, you have to already be talking to the server to get a 404. I've seen this in the press repeatedly and it drives me almost as nuts as having to call DSL access hardware a modem. Thank you. I feel better now. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Wildcards gone here
Looks like Verisign has the wildcards out. The following is without any bind patches. [westnet]:~$ date Sat Oct 4 20:46:09 EDT 2003 [westnet]:~$ host www.opensrsS.net Host not found. Whoo Whoo Whoo Whooo ! == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Root Server Operators (Re: What *are* they smoking?)
On Wed, 17 Sep 2003, Sean Donelan wrote: What would it do to website's Keynote performance to eliminate another name lookup by having their www.something.com records served directly from Verisign's gtld-servers? Now, that would be a real problem, considdering the person who owns something.com is a good friend of mine, and hosts it on my servers. If they start touching actual registered and in-use domains I believe they will loose their contract. :-) (Which also means PLEASE don't use something.com to test !) -Chris == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Verisign Countermeasures - BIND and djbdns patches
On Tue, 16 Sep 2003, Adam Langley wrote: On Tue, Sep 16, 2003 at 04:03:08PM +0100, Adam Langley wrote: I'm collecting countermeasures to the verisign wildcard DNS records at http://www.imperialviolet.org/dnsfix.html. Currently there are patches for BIND 9.2.2 and djbdns (not authored by myself) and a Patch for Bind 8.4.1 - http://achurch.org/bind-verisign-patch.html Quick and dirty. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Vote early...
When you're done patching your resolver, and openssh, you might want to cast a vote for Stratton in their monthly CEO opinion poll. http://www.forbes.com/2003/05/01/cx_ceointernetpoll.html (Thanks to, uhm, someone who might not want to be named from OpenSRS for passing this along.) == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Root Server Operators (Re: What *are* they smoking?)
On Tue, 16 Sep 2003, Eric Gauthier wrote: On the other hand, a headline of Internet Providers Worldwide block access to Verisign in Effort to Protect the Public is very easily understood. I was contacted a little while ago by a reporter from the Wall Street Journal, based on my Nanog posts. We'll see what the headline reads. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Root Server Operators (Re: What *are* they smoking?)
On Tue, 16 Sep 2003, Damian Gerow wrote: Declan (of news.com) has indicated that he's working on something, and I'm waiting to hear back from the editors at lightreading.com. I have full faith that Declan will not only put out a technically accurate piece, but one that is easily digestible by the public at large. One other thing to do -- call the technology writer for your local paper, if you know who that is. Which you should. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: What *are* they smoking?
On Mon, 15 Sep 2003, Chris Adams wrote: Someone has already brought up the idea on the BIND list of modifying BIND to recognize this response and converting it back to NXDOMAIN. That would be me -- I posted to comp.protocols.dns.bind, not realizeing it was a mailing list gateway. This also blows away the whole idea of rejeting mail from non-existant domains -- never mind all the bounces to these non-existant domains when the spammers get ahold of them. Boy, I hope they have a good mail server responding with the 550 on that IP ! At the least we need a way for MTA's to reject mail from domains that resolve to this nonsense. Having bind put NXDOMAIN back would be a plus. -Chris == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: What *are* they smoking?
On Mon, 15 Sep 2003, Patrick W. Gilmore wrote: Anyone wanna patch BIND such that replies of that IP addy are replaced with NXDOMAIN? That solves the web site and the spam problem, and all others, all at once. I took a look at the Bind 8.3.4 code this afternoon, but couldn't readily find where to do it. I'll take another look later. (Last time I tried it Bind 9 sucked up twice as much server CPU as 8.x) == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Change to .com/.net behavior
On Mon, 15 Sep 2003, Vadim Antonov wrote: I'm going to hack my BIND so it'll discard wildcard RRs in TLDs, as a matter of reducing the flood of advertising junk reaching my desktop. Please share your hack ! == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: What if it doesn't affect the ISP? (was Re: What do you wantyour ISP to block today?)
On Sun, 31 Aug 2003, Matthew Palmer wrote: dodgy behaviour (spoofed source addresses, for one). Yes, port 135 is a known vector, and so is now, but they have their legitimate uses. If OK, here's an alternative viewpoint. We're an ISP. I'm blocking 135 and the other netbios ports inbound on my clients dial-up/dsl lines because if I didn't, the lines would be useless. Client side firewalls are great, but by the time they can do anything the traffic is already over the line. It doesn't take much traffic at all to overload a dial-up, and every virus flare-up puts a noticeable impact on DSL lines. I'll unblock for a client that asks. The only one who asked, sheepishly asked for it to be put back less than an hour later. They couldn't do anything with the line. It's all well and good to say how things 'should' be, but reality has a way of not caring how things should be. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: What if it doesn't affect the ISP? (was Re: What do you wantyour ISP to block today?)
On Sun, 31 Aug 2003, Christopher X. Candreva wrote: We're an ISP. I'm blocking 135 and the other netbios ports inbound on my clients dial-up/dsl lines because if I didn't, the lines would be useless. Sunday morning posting. I'm blocking these ports OUTBOUND -- TO our clients. Their lines are being saturated by other infected hosts trying to infect them. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: AC/AC power conversion for datacenters
On Tue, 3 Jun 2003, Matthew Zito wrote: This is marginally related to the power discussions earlier, but does anyone know of a product that steps up 120V AC to 220V AC and is reasonably datacenter-friendly? We're looking at an environment where there's no 220V available - but we only need ~7 amps so conversion could You don't mention why you need this -- as someone mentioned, 220v/7a is 110v/14a. If this is a piece of electronic equipment, it may be cheaper to simply replace the power supply with a 110 supply. If it's something with a 220v motor, you might want to make sure that it isn't also looking for 3 phase power. (Not that I really know the difference -- just enough to know it's something to watch out for). -Chris == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: Verizon mail server on MAPS RSS list
On Thu, 27 Mar 2003, Josh Gentry wrote: We've got customers trying to receive email from people using Verizon for Internet acess, and we are rejecting that mail because out013pub.verizon.net [206.46.170.44] is on the MAPS RSS list. Can't pull up the MAPS RSS website at the moment to check why. Anyone know contact info for Verizon for this kind of issue? This server is an open relay. It's been on RSS since Sept. It's also on njabl.org, and their web site is responding more quickly. Verizon has been contacted many times about this and either doesn't care or just doesn't know how to fix it. In fact, the MAPS page has a specific message that they must be contacted by a Verizon rep to have it removed. It will relay for anyone who gives a @verizon.net return address. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: White House to Propose System for Wide Monitoring of Internet(fwd)
On Fri, 20 Dec 2002, David Lesher wrote: [This just jumped into the operational arena. Are you prepared with the router port for John Poindexter's vacuum? What changes will you need to make? What will they cost? Who will pay?] I read this in the paper this morning. The article is a summary of a summary of a briefing, and contains contradictory statements, ranging from the tracking of end-users web browsing (bad) to a clearing house to gather real-time information of attacks in progress (which sounds like a good idea to me). I'm reserving judgement until there are some actual facts. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: How do you stop outgoing spam?
On Wed, 11 Sep 2002, Brad Knowles wrote: B) KNOW WHO THE HELL YOU'RE GIVING ACCOUNTS TO so that (A) works. Get a credit card or verify the phone number and other info (e.g., call them back, insist on calling them back.) C) Use (B) to enforce (A). Doesn't work. See above. Back in the day, a reasonable BBS would voice-validate all new users. This meant getting a valid phone number from a new user, and actually calling them back at that number, before activating an account. We started as a BBS giving out Unix shell accounts. Our new user registration screen still says we voice-validate all new accounts, and we do. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: IP address fee??
On Thu, 5 Sep 2002, Owens, Shane (EPIK.ORL) wrote: Quick question, does there exist a practice of charging customer for IP address blocks used? My theory is that the first Class C is included with the service, but I'm wondering what happens when the customer wants 2,3,4 or more? Shane: I think an important question would be what level of service are they buying. Including 255 address with a T3 would be very reasonable, less so with a T1, not very reasonable with DSL, and ridiculous with a dial-up account. There is generally a charge for additional IPs with DSL (or co-location) services because it is so cheap. You don't usually find this with T1 and above. But everyone's pricing is different. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: IP address fee??
On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote: I'm trying to figure out what you think IP space allocation has to do with bandwidth. IP space is not just another bullet point on the marketing slide that makes a particular service option that more attractive - if you can't use it, you can't have it. I have to believe Who said anything about NOT showing justification ? That thread had already been fairly well covered - but didn't address the question as I saw it. The question was about price and that's what I was addressing. You might request justification for any allocation over a single address -- but still not charge until they have 255, or 65,536, or whatever you might decide. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
NAS filed chp 11
http://biz.yahoo.com/djus/020605/200206051047000419_1.html == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
New mailing list for Verizon DSL ISP's
Since a discussion of NAS/CAIS DSL came up last week, I am assuming there are at least some DSL resellers out there, so . . . Verizon had a converence call for the Northeast ISPs this afternoon to introduce a new product. It began with them explaining to us why our customers might want a static IP and went downhill from there. This did however get me in touch with at least one other ISP reselling Verizon DSL, and it seems we've both thought some sort of forum for Verizon reselling ISPs to ask questions and discuss issues would be helpfull. SO -- I've created a mailing list, [EMAIL PROTECTED] . To subscribe, send the single word subscribe to [EMAIL PROTECTED] This is intended as a forum for Verizon DSL resellers across the country to disccus an issues related to the service: Configuration, operation, trouble resolution, dealing with Verizon, etc. This is completely unofficial, not sanctioned by Verizon . == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Re: CAIS/Ardent and now Network Access Solutions
On Thu, 30 May 2002, John Palmer wrote: CAIS sold our account to NAS. They did this about 5 months back. They are NAS has been nothing but trouble. We are (or were) a Covad reseller, first direct through Covad, then through CAIS. The first we heard our lines had been sold was when we called CAIS for support and were transfered to NAS. A week after that, our customers started getting e-mail that their accounts had been sold and they now were NAS customers. Except our CAIS explicitly stated they were NEVER to contact our customers for any reason. They appologized -- and a week later mailed out paper letters to all our customers. When our backhaul went down, it took them over 4 hours to even pick up the ticket. It was in the same queue as regular DSL lines. It's been the same with every circuit that goes down. One hour plus hold times for support, e-mail to support is answered days later. We finally have a direct rep in corporate's cell number and put all tickets in through him, but this is no way to run things. The best was they wanted me to sign a contract adendum stateing that if any bill was more than 10 days late, they would take our customers -- no mention at all of dispute resolution. I laughed at them. So, we don't place any more Covad orders, which is fine since no one wants to pay those prices anyway, and we sell Verizon DSL. Amazingly, Verizon DSL has had far fewer hassels than Covad ever did. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
Cable Wireless outage NYC 11:00 AM EDT
This was going to be a question, but now it's a statement. CW had an outage in NYC around 11:00 AM this morning. 11:40 EDT and things seem to be comming back. CW NOC was returning busy for about 10 minutes, then I was on hold for 1/2 hour, and they picked up just as traffic started flowing again. == Chris Candreva -- [EMAIL PROTECTED] -- (914) 967-7816 WestNet Internet Services of Westchester http://www.westnet.com/
