Re: is reverse dns required? (policy question)
On Wed, 1 Dec 2004, Greg Albrecht wrote: > we've recently gotten an influx of customer request for us to setup > reverse dns for the customer's mail servers Do you not delegate reverse DNS to customers? > however, management has taken it upon themselves to charge our customers > for every reverse dns request they submit to us. This sounds like a very business-unfriendly practice, and I think that Patrick Gilmore is right on the money...
DMCA/Chilling Effects
(taking something from the EFF Thread earlier and making it more relevant) I'm sure most of the network operators here have at some time or another dealt with a DMCA, Subpoena or a C&D order. That being said, has having dealt with those issues lessened your interest in dealing with "free speech" type organizations? Has it affected your network policies at all? Is it something that affects the business side more than the operational side of your networks? Does anyone participate in the Chilling Effects Clearinghouse? (www.chillingeffects.org) Please respond in private and I'll post a summary in a few days if there's enough interest. --- Tom SparksUnitedLayer Office: 415-294-4111 AS23342
Re: EFF whitepaper
On Mon, 15 Nov 2004, Steven Champeon wrote: > And this affects those of us with not-so-old, not-so-slow machines how? By the fact that there is no way in hell that he could relay a large amount of spam... > The bottom line is that Gilmore, and the EFF, have taken a very soft > stance on spam, believing it to be less important than "free speech" or > "anonymous speech". By definition, the EFF's main concern is free speech and privacy. > http://eff.org/wp/?f=SpamCollateralDamage.html > > Wow. So, any collateral damage is unacceptable? To me, and people who rely on email for reliable communication, yes absolutely. Collateral damage is unacceptable, period. Its even worse when administered punitively (like SPEWS/etc) because its done with the intent of disrupting other people's lives. If you're going to fight something, and you feel its worthwhile, fight it on the high-road. > In a nutshell, email requires accountability. The EFF apparently thinks > that is too high a price to ask for email. I think you're missing the point. Anonymous communication saves lives, allows people to "blow the whistle", and in general it serves the greater good to have it exist. Email already has an "audit trail" built into it, and you can at least track it to some extent if you know what you're doing. Does email need a DNA signature for the sender? In my mind no, you can get that if you use PGP signatures and look how few people actually use that.
Re: EFF whitepaper
On Mon, 15 Nov 2004, Steven Champeon wrote: > John Gilmore runs a well-known open relay at toad.com, and for some > reason thinks that free, anonymous speech is important enough to let > spammers drown it out through sheer volume. Someone famous said something about paying a high price for free speech, I think this perhaps would fall under that category. Mr Gilmore spends quite a bit of time tending to his mail server to ensure that spammers do not abuse it. Any spammer who spends time pumping mail through his server is going to realize quite quickly that its not worth their time. Its a very old slow machine on a T1 with other intentional slowdowns added to the MTA, and some amount of spam filtering. I would say it would have a hard time passing more than 1 message a minute. I would think that most spammers would give up and go abuse an open proxy somewhere, they're much more plentiful and less cluefully tended.
Re: Finding information about metro private line service in downtown SF
On Thu, 28 Oct 2004, Jeff Rosowski wrote: > The Corning, FreeLink Optical Transport System looked pretty good as well > if you have the money for it. Handles most weather, with the exception of > fog. Using FSO in San Francisco is almost impossible :) There are way too many foggy days, I've watched links go up and down when fog rolls down the street. If you're looking at wireless, the only real option is 38Ghz (if you can get the license) because of all of the 802.11x pollution.
Re: "Intel calls for Internet overhaul"
On Thu, 9 Sep 2004, Daniel Golding wrote: > It has become trendy, in some circles, > performance/congestion/non-deterministic nature/lack of security/ issue here>. After firmly denouncing the Internet, the company or > individual then touts their product, which will fix/replace/augment the > Internet. Really? Vendors trying to sell useless products? no way! Its amazing the level of internet snake oil that still persists; and even more hillarious is what people pay for it. I thought the bubble bursting would've cut that out, yet still people pay actual dollars for "optimized" internet routing appliances, and craptacular PC's filled with duct tape and glue software. > In the mean time, I've decided to enjoy the Internet in the precious little > time it has left. (yes, that was sarcasm) Well, we can always enjoy Internet2...
Re: "Intel calls for Internet overhaul"
On Thu, 9 Sep 2004, Fergie (Paul Ferguson) wrote: > Layer 8. > > - ferg Sounds more like a burrito than the internet...
Re: Spammers Skirt IP Authentication Attempts
On Mon, 6 Sep 2004, Edward B. Dreger wrote: > Yawn. "If the sender domain isn't forged, the mail isn't spam" > is incredibly stupid logic. No Kidding! > I suppose the next big news article will be that spammers also prefer > forging domains that lack SPF records. (Will miracles never cease?) Amazing :) I think SPF is an important step in getting rid of people pretending to be someone else. If you have SPF records, and they match the mail, chances are you are who you say you are. Finding out who you are behind domain records/etc, thats a different story...
RE: Senator Diane Feinstein Wants to know about the Benefits of P2P
On Mon, 30 Aug 2004, Michel Py wrote: > > Matthew McGehrin wrote: > > Tell her to kiss my white ass. > > Be careful what you wish for. This is exactly what politicians do for a > living, and some happen to have a strong enough tongue to rip you a new > one. Remeber she's from the PRK too! A grade a hypocrite in addition to being a master schmoozer.
Re: Weird GigE Media Converter Behavior
On Tue, 24 Aug 2004, Deepak Jain wrote: > > Can't wait until more routers start to incorporate inline optical > > power readings in "show interface" commands the way Procket did :-) > > Don't SFPs provide this sort of optical digital diagnostics? Apparently the CRS-1 supports this, as well as a few other types of GBIC's.
Re: Precise per GB traffic calculations.
On Fri, 20 Aug 2004, Drew Weaver wrote: > Does anyone know of a solution that offers precise methods of > tracking bandwidth utilizations at the per Megabyte or Gigabyte level and > not at the rate of transfer level? I've used a tool called "IOG", which works to some extent, but it looks like it has problems with 64bit counters. > Some people are asking me if we can bill them in this manner, and I'm > questioning whether the stats that the switch are giving us are that > accurate. Imagine this scenario: Customer Buys 600GB of "transfer" Customers transfers 600GB @ 100Mbps for however many hours. If you're being billed with 95th percentile, and your customer is being billed on transfer, guess who gets the short end of the stick...
Re: Has postini been taken over?
On Thu, 19 Aug 2004, Hank Nussbacher wrote: > Lately, I am getting more and more spam coming via postini.com. See below: > > >Received: from source ([206.190.38.111]) by exprod5mx128.postini.com > >([12.158.34.245]) with SMTP; Fri, 30 Jul 2004 04:40:47 CDT More than likely, the mail is being sent to postini for filtering, and its not being caught, or your mailbox is not being filtered by them.
Re: Looking for recommendations for Datacenter off CA Faultline
On Fri, 16 Jul 2004, David Lesher wrote: > http://www.havenco.com/ Havenco is a shell of what it once was, and about 75-90% of what it says on the website isn't true anymore which is sad. If you're really keen on former british millitary installations turned colo, there's a company that sells colo in bunkers in the UK :)
Re: OT: Re: Critters
On Mon, 12 Jul 2004, Jeff Cole wrote: > Marshall Eubanks wrote: > > Reliance Infocomm is installing 80,000 km of fiber in India. I wonder if > > they have any tiger stories. > > Oh no. You find lions only in Kenya Lions and Tigers and Bears, oh my! Err wait, which way to OZ again?
Re: concern over public peering points [WAS: Peering point speed publicly available?]
On Thu, 8 Jul 2004, Patrick Muldoon wrote: > At my last job while working at an earthstation in Texas where I had some > equipment, I looked up from the raised floor and found myself staring at a > scorpion. Being that I am from the Northeast where we don't seem to have > those things, it pretty much scared the heck out of me. Gave the techs at > the station a good laugh. Sounds like they need to make cowboy boots standard attire down there :)
Re: China deploys Internet protocol version 9 network
On Tue, 6 Jul 2004, Henry Linneweh wrote: > China's New Generation Of Ipv9 Network Technology Ready > July 2, 2004 > > http://www.chinatechnews.com/index.php?action=show&type=news&id=1405 > > Interesting development "So far, China is the only country in the world that has consolidated domain names, IP addresses and MAC addresses into ten-digit text files." So they have a nationalized MAC registry? Scary...
Re: Attn MCI/UUNet - Massive abuse from your network
On Sat, 26 Jun 2004, Richard Welty wrote: > On Sat, 26 Jun 2004 10:50:12 -0700 (PDT) "Tom (UnitedLayer)" <[EMAIL PROTECTED]> > wrote: > > The big deal is that spam complaining/etc is not operational content, and > > there are several other lists to handle that sort of thing. > > but then, individuals get 1 free shot at saying things that are in > some cases not true about spamhaus, and Steve is prohibited from > attempting to correct them. Steve can correct whomever he wants off list. If he wants to do it on list, it better be for a good reason, no? If the person posting the untrue information is not posting with operational content, they should be censured as well... A simple "these statements are untrue, please contact me off list for the truth" is hardly unreasonable.
Re: Attn MCI/UUNet - Massive abuse from your network
On Sat, 26 Jun 2004, Jon R. Kibler wrote: > > I seldom post here because the couple of times I have followed-up to > > correct wrong statements in nanog regarding Spamhaus, such as the > > above, I have each time been told by nanog's admin that I will be > > removed from the nanog list if I respond to any question in nanog > > regarding Spamhaus again. But, here goes: > > Why would you be removed from the list for posting corrections about > Spamhaus? I looked back through the archives, and I did see one post which was fairly inflammatory, but I wasn't really that excited to read everything The big deal is that spam complaining/etc is not operational content, and there are several other lists to handle that sort of thing.
RE: Attn MCI/UUNet - Massive abuse from your network
On Fri, 25 Jun 2004, Ben Browning wrote: > At 04:00 PM 6/24/2004, Hannigan, Martin wrote: > >[ Operations content: ] Do you know of any ISP's null routing AS701? > > ISPs? Not of the top of my head. I know several businesses who have, and a > great many people who have blocked UUNet space from sending them email, > either by using SPEWS, the SBL, or mci.blackholes.us . Do these people know how much legitimate email they're missing, for every spam message that's blocked? I noticed that from my personal mailbox (which I do filter with spam assassin), for every one legit mail that gets blocked/tagged by SPEWS, there's maybe 1-2 junkmails. Thats not a very impressive ratio...
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004, Ben Browning wrote: > >you mean the phone companies we do business with? > > No, I mean the internet. (Hence, ISPs). Your product, in the context of > this discussion anyways, is access to the internet. When the actions of a > downstream damage that product(IE more and more networks nullroute UUNet > traffic), I would assume that you have appropriate privilege to toss them > overboard in the contracts. I think you'll be hard pressed to find anyone running a real ISP who will null route any/all of UUNet. UUNet is a large organization, network wise, and people wise. The fact that they don't have people dedicated to jumping on customers who you consider to be spamming, should not be suprising nor expected.
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004, Ben Browning wrote: > >This is, in fact (for you nanae watchers), the reason that most of them > >get canceled by us FASTER... Sadly, non-payment is often a quicker and > >easier method to term a customer than 'abuse', less checks since there > >is no 'percieved revenue' :( > > A revenue check has no place in abuse terminations. That would be nice, but this is the real world. We (presumably technical people) don't get to make all of the choices in life. If we did, things might be a lot better, but then again maybe only 10-15% of us would still be employed :)
Re: Attn MCI/UUNet - Massive abuse from your network
On Thu, 24 Jun 2004 [EMAIL PROTECTED] wrote: > But most people are happy with things the way they are. They love SPAM > because it gives them something to complain about and get emotional > about. I unfortunately have to agree there. There's a large portion of the internet who has nothing better to do than sit around and do essentially nothing. Be it IRC, read email, spam, complain about spam, complain about hijacked netblocks, complain about how slow their dialup is, complain about how slow their cablemodem is, complain about how slow their computer is, etc... Spammers and Spamcomplainers belong to eachother, eventually they'll get their own private intarweb, and they can torment eachother directly :)
Re: TCP vulnerability
On Tue, 20 Apr 2004, Joe Abley wrote: > I suggest an extensive late-night BOF in San Francisco in the bar to > discuss the mechanics of adding MD5 keys to all your sessions in 48 > hours. Zeitgeist at 7pm or the Toronado at 9pm?
Re: Packet Kiddies Invade NANOG
On Tue, 16 Mar 2004 [EMAIL PROTECTED] wrote: > > Hmm, if someone (except masochists and security vendiors) still hosts > > efnet... I can only send them my condoleences. > > > > I saw sthe same dialogs 6 years ago. Nothing changes. > > What about undernet? Thats even worse :) > A customer wants us to help him setup an undernet IRC server. My gut > feeling is, hosting IRC servers (especially on the well known networks) > is like wearing a "kick me/flood me" sign on your network, and it's > probably not going to be worth the pain & pages. Sounds about right. Unless you feel like charging someone several thousands of dollars per month to host an EFNet server, don't do it unless you have a personal interest.
Re: Replacement for a Extreme Black Diamond 6808
On Mon, 15 Mar 2004, Drew Weaver wrote: > Can anyone suggest a good replacement for an Extreme Black Diamond 6808 > switch, we use it for aggregation, however their support is abhorrant > and every time we have an issue they require us to unconfigure the > switch, reset it to defaults and manually reconfigure it, no matter what > the problem is, the resolution is the same. Are you using it for L2 only, or L2+L3? I hear decent things about using them for L2 only, and using J or C boxes for the L3 portion.
Re: Electrical Fire at 2nd + Federal Street
ok, power is back on. There's a big stinky charred mess in the street, but nothing too horrible. This is in San Francisco for those of you that missed that heh. On Mon, 15 Mar 2004, Tom (UnitedLayer) wrote: > Apparently there's some PG&E problem, and a possible electrical fire. It > appears that 501 2nd street is on Generator, and several other businesses > on federal and 2nd streets are out of power. Bryant street appears to have > spotty power in the area. > > Anyone else know anything about this? > > --- > Tom SparksUnitedLayer > Office: 415-294-4111 AS23342
Electrical Fire at 2nd + Federal Street
Apparently there's some PG&E problem, and a possible electrical fire. It appears that 501 2nd street is on Generator, and several other businesses on federal and 2nd streets are out of power. Bryant street appears to have spotty power in the area. Anyone else know anything about this? --- Tom SparksUnitedLayer Office: 415-294-4111 AS23342
Re: Curiosity
On Mon, 15 Mar 2004, Laurence F. Sheldon, Jr. wrote: > And that is the net effect, because every attempt to take an item > off-list results in something like the following. > > I can not really figure out what the problem is. You're on SPEWS eh?
Re: Cisco website www.cisco.com 403 forbidden?
On Mon, 15 Mar 2004, Laurence F. Sheldon, Jr. wrote: > Jay Hennigan wrote: > > Is it just me that they don't like? > > I've seen one or two other reports. > > Seems like a good opportunity for a round of Wild Speculation. "Cisco is under spam attack" "Cisco has closed their website because Vendor J made fun of it" "Cisco just lost all of their data! Call DataSafe!" "An intern unplugged the website" "Cisco decided to use SPEWS to control access to their website"
Re: Cisco website www.cisco.com 403 forbidden?
On Mon, 15 Mar 2004, Jay Hennigan wrote: > Is it just me that they don't like? Nope, they got me too.
Re: BL of Compromised Hosts?
On Mon, 23 Feb 2004, william(at)elan.net wrote: > I find that most admins that decides on RBL lists are well educated about > what lists they choose to use are (the end-users are however not always > well informed about it and that is where most of the complaints are > coming from). The fact that people use some of the ridiculous RBLs out there indicates that there are still quite a few boneheads out there, and I'd be willing to bet that they outnumber the clued ones. You'd be suprised at how many times I've come into a consulting situation and had to explain to executives that their problems came from some admin using blacklists with high casualty rates and irresponsible practices (SPEWS/etc). But hey, it gives me lots of consulting opportunity, so I guess I shouldn't complain too much. Every time someone gets fired/reprimanded for using SPEWS or some other kind of list, I'm sure one more person springs up to fill their place. > I suspect that BGP admins are by their nature even better educated and > will likely do even more research prior to using anything. Don't be so sure of that either; I regularly find poorly configured routers redistributing default, loads of /24s and even /30's into their neighbors.
Re: Equinix 350 E. Cermak - Contact Please
On Wed, 18 Feb 2004, Eric Kuhnke wrote: > Will an employee of the Equinix corporation please contact me off-list? > This is regarding equipment delivery issues at 350 E. Cermak. Wow... Package-loss on the automobile superhighway?
RE: Cisco Router best for full BGP on a sub 5K bidget 7500 7200 or other vendor ?
On Sun, 8 Feb 2004, Alexander Hagen wrote: > The PA-2FE-TX is about 1600.00- better to get a second PA-FE-TX with > second VIP2-50 > > Now why is the CX-FEIP-2TX so much cheaper than the PA-2FE-TX ? I believe because the CX-FEIP-2TX is a full length card. The PA-2FE-TX also isn't able to handle a full 100Mbps per port, so don't be suprised if it doesn't work well :) VIP2/50 is a much better combo.
Re: Dumb users spread viruses
On 8 Feb 2004, Paul Vixie wrote: > In this past year's tour of my friends and family, I've taken to removing > their antivirus software at the same time I remove their spyware, and I've > taken to installing Mozilla (with its IMAP client) as a way to keep the > machine from having any dependency on anti-virus software. A friend of mine did that for his mom's law office about 4-5 years ago. Instead of MS Word + Outlook, they used Word Perfect and Eudora. They've never had a macro virus or email virus outbreak, and so far have managed to stay fairly virus free. I don't think not having MS Word or Outlook have slowed them down in the least.
Re: Unbelievable Spam.
On Tue, 3 Feb 2004 [EMAIL PROTECTED] wrote: > Spammers are not stupid. I would suggest a statement of "All spammers are not stupid" instead of the above. Some spammers are quite dumb/naive, some are middle of the road, some are very smart and organized. Just like any other profession, there is always a mix. > They are smart criminal gangs which have not only managed to keep their > schemes running for several years in the face of great public animosity, > they have also managed to sabotage the efforts that supposedly work > against them. Frankly, I think thats a myth perpetrated by rabid anti-spammers. Its more like organized crime than any ragtag street gang. > When will we realize that SPAM is a social problem and it needs a social > solution? Buyer education is the big issue. People get scammed every day, whether its over the phone, over TV or email. Educating people to not fall into these traps is the hard part. > When will the major email providers sit down around a table and agree to > some guidelines for email exchange that make it impossible for rogue > users to inject large volumes of email into the system? I think that you'll find that there have been several attempts at coming up with a way to legitimize email marketing, and a lot of the attempts seem to be aimed at stomping out the chickenboners and junkmailers. I may not enjoy junkmail, but there are people who do sign up for mailing lists for commercial things. A long time ago when I was new to the internet I managed to sign up for some mailing lists because they were things I wanted. Now that address is spewed all over the place due to people selling my address, but thats happend with my phone numbers and my postal address as well. What does that mean -> I signed up for commercial email. Does it mean I want it from everyone? no. Its an important distinction which needs to be recognized, even by people who spend all day obsessing over spam (and posting it to NANOG-L). Supporting 'legitimate' marketing VS UCE I think is the key to reducing the deluge of crap in our mailboxes every day. Is it an easy task, absolutely not.
Re: Outbound Route Optimization
On Thu, 22 Jan 2004, Patrick W.Gilmore wrote: > In any case, no matter how many resources or black boxes you have, you > cannot guarantee good performance on the 'Net. Too many people > involved over which you have no control. Even if you had control, BGP > is not the right tool to exert such control in all cases. Even more reason for people to buy the Sugar Mountain RouteMaster5000. No matter how good the claims are, you still end up with humans in the mix dictating "policy" of some sort over packets.
Re: Outbound Route Optimization
On Wed, 21 Jan 2004, Richard A Steenbergen wrote: > I don't know if they're doing the same thing in Cali or not (they probably > are, since all the radio stations are owned by the same 2 companies), Yeah, NPR and CBS, both monopolistic empires with the same viewpoint :) > but here in NoVA land there is currently a massive radio ad campaign for > a Rocky Mountain Radar radar-jamming product called the Phazer, which > claims to jam police radar (legally, because it doesn't actually put out > any RF, it is entirely passive) "or they'll pay for your ticket". I've heard of this, and I believe I know some people who've invested. They wanted to diverisfy from the IP Transit biz, and go into 100% pure sales and marketing. I believe the quote was "man, its hard to sell hosting off of an OC768 with my 2600 powered network, I'm going to greener pastures" > Then I recall the quote from the inventor, "I could ship an empty black > box with a weight in the bottom and only get 22-24 percent back." I've heard that before, but it sounds so much better in russian. > Oh well, at least web hosting is still worse (ever notice that EVERY > hoster has an OC192 backbone, even the ones with 2 machines and a 10Mbps > hub?). :P Yeah, the market for OC192 -> 10Mbps Ethernet is really booming! Those puppies fly off the shelves like fleeing rats.
Re: Outbound Route Optimization
On Wed, 21 Jan 2004, Richard A Steenbergen wrote: > On Wed, Jan 21, 2004 at 12:27:16PM -0800, Jim Devane wrote: > > "Are these devices able to effectively address the need?" > > Sugar pills effectively address the needs of a great many ailments when > given to people who believe that they will work. And if the end result is > an addressed need, who are we to say that it wasn't worth paying for. :) That sounds like a yes answer. That being said, the Sugar Mountain RouteMaster5000 is probably the best unit out there. It has lots of blinking lights, and sets the "low latency" bits on most types of IP traffic that needs high prioritization over regular internet traffic. It can speed up your network traffic up to %1000, but the results may vary depending on your packet mix, and in that case, it doesn't change your traffic patterns at all.
Re: Nachi/Welchia Aftermath
On Wed, 21 Jan 2004, Donovan Hill wrote: > > Extreme i-plattform is currently destination ip based with inital cache > > lookup. (guess this is flow based) > > I guess I just don't understand the architecture. What I really don't > understand is _why_ you'd bother with flow-based architecture over > prefix-based architecture. am I looking green yet? Cheap + Legacy. Some gear doesn't want to die :)
Re: Nachi/Welchia Aftermath
On Tue, 20 Jan 2004, Rubens Kuhl Jr. wrote: > Not all L3-switches are flow-based; prefix-based ones should do just fine. > Can people add/correct this initial list ? > > Flow-based: Foundry with IronCore modules, Cisco Catalyst 6500 with Sup1(A) > Prefix-based: Foundry with JetCore modules, Cisco Catalyst 6500/7600 with > Sup2(A), Sup3(A/BXL) The 2948G-L3 and the 4908G-L3 I believe are Prefix/ASIC based. I believe the 3550-EMI is as well, but I'm not familiar with that equipment.
Re: GSR, 7600, Juniper M?, oh my!
On Wed, 7 Jan 2004, Florian Weimer wrote: > Tom (UnitedLayer) wrote: > > Buying GSR's is probably the right replacement for 7500's if you want to > > stick with Cisco. > > But be careful when buying the linecards. Not all of them have > comparable forwarding performance to the 7500 if you do something else > than mere IP packet fowarding (e.g. ACLs or policy-based routing). Given that a GEIP in a 7500 can only do 200-300Mbps (packet load dependant), I hope the GSR can do better :) I have heard of instances where enabling inbound packet filtering or shaping on certain GigE cards would cause the cards to shutdown or reboot. I generally don't do shaping/etc on core gear, because its much easier to do it on my aggregation gear (2948G-L3/4908G-L3).
Re: GSR, 7600, Juniper M?, oh my!
On Tue, 6 Jan 2004, bcm wrote: > But where to go? The Cisco GSR platform seems a logical choice, but > their new 7600 series units are attractive for their cost. 7600's have all the craptacularity of 6500 switches, because thats what they are, I would reccomend against them. Buying GSR's is probably the right replacement for 7500's if you want to stick with Cisco. > Juniper may also have a place at this end of the processing spectrum. > I'd also like to ensure that the new platform supports doing CAR and > ACLs at line rate, given the client base. Then you'll be wanting J boxes then, cuz Cisco doesn't do that very well from my experience.
Re: Internet law
On Tue, 30 Dec 2003, Richard Irving wrote: >Worse still, as the US found (prior to law changes, post Darpa years), > prosecuting Script Kiddies is counter productive.. you take the > brightest most inquisitive minds of our time, and ruin their future... I'm not sure I'd say that the skript kiddies arrested were the "brightest minds". I believe the brighter minds may have had a brush with the law, and then gotten out of it.
Re: Internet law
On Tue, 30 Dec 2003, John Obi wrote: > when will we see the FBI, and other local police in > the other countries send the script kiddies to the > JAILL so we can use the internet without too much > pain? I use InternetIbuprofen(tm), it allows me to use the internet pain free all day long! BTW, do you really want the FBI playing around in your irc channel?
Re: Bandwidth Control Question
On Fri, 19 Dec 2003, Stephen Sprunk wrote: > Thus spake "Claydon, Tom" <[EMAIL PROTECTED]> > > Yep. There's plenty of fiber between the two buildings, so we may go that > > route. Anyone know if there's any easy way to limit bandwidth on the > > PA-POS-OC3 adapters? > > PA-POS-OC3MM$6000/card$38.71/Mbit > PA-FE-FX$3200/card$32.00/Mbit > PA-2FE-FX$5000/card$25.00/Mbit > > Why muck with SONET unless necessary? I've seen PA-FE-FX for ~$200 on ebay recently, where did $3200 come from? Also, I've seen the POSIP SM OC3 cards come up for fairly cheap too, so I don't see why you'd want the multimode ones...
Re: Request for submissions: messy cabling and other broken things
On Tue, 16 Dec 2003, John Kinsella wrote: > Another suggestion, although I'd be surprised to see it...anybody got > a shot from under PBI's datacenter floor when it was at 2nd and Folsom > in SF (across 2nd from SNFC21)? Heh, its actually in SF21 now. I got to see it a few months ago, I believe I saw 10 foot+ racks, packed to the ceiling with gear. There were step ladders everywhere...
Re: 25,000 ton amphibious spam relay
On Tue, 16 Dec 2003, Eric Kuhnke wrote: > http://www.interesting-people.org/archives/interesting-people/200312/msg00070.html > [misc deleted] Wow, just wait. BMW iDrive systems will get internet dongles and soon be able to relay spam, 150Mph smooth autobahn cruising spam relays.
Re: Microsoft Probes Flaw That Could Help Fraudsters Create Fake Web Sites
On Thu, 11 Dec 2003, Mike Tomasura wrote: > Did anyone else see this? > http://www.secunia.com/internet_explorer_address_bar_spoofing_test OMG! Holes in internet explorer?!?!!? Seriously... There's a reason I use Mozilla instead...
Re: Authority
On Wed, 10 Dec 2003 [EMAIL PROTECTED] wrote: > P.S. Note to other - this thread may have happened because of recent > thread on layer42 on inet-access mail list. While I generally answer > accusations, I'm not the one who starts such threads and do not think its > approriate for nanog mail list, so this will be my only message here. I think you've made plenty of accusations without basis, so to quote Richard Cox "Then you would appear to have a circular argument to contend with." Don't go around accusing people of malfeasance if you're not prepared to be confronted with your own wrongdoing (IE your own hijacked blocks), or to face the criticism of others when you're wrong. I generally try to stay out of these types of arguements, but I think that you should probably focus your efforts on something more productive than defaming other ISPs.
Re: Authority
I think that most people with clue will realize that every time he mentions or posts something thats about 50-90% innacurate, he damages his own credibility anyways. A lot of the stuff I've seen in regard to this issue is almost comical, and I wonder who picked on him so badly that he decided to lash out this way. Frankly, I think his vitriol would be better directed at those who defraud their upstream ISPs, as that hurts the community more than some hijacked unused IP space.
Re: Need Contact at RoadRunner
On Mon, 8 Dec 2003 [EMAIL PROTECTED] wrote: > >Unless you like playing whack-a-mole, you need a smarter hammer, not a > >bigger one. > > Email peering *IS* a smarter hammer. If all the cluefull email > administrators would set up peering agreements with each other > and exchange contact information, there would be fewer of these > situations. I think thats a great idea :) > Domain registry whois listings and INOC-DBA are not the right > contact information because they are too general. General yes, but calling someone on INOC-DBA will get you a clueful soul.
Re: Need Contact at RoadRunner
On Fri, 5 Dec 2003, james wrote: > To me the important thing is at least trying to notify. > So the clueless miss out. Tuff. Those of us that care would like to know > there is a problem, so we can solve it. Thank you James, thats my point exactly :) The people who care or have a clue will have what they need, and those who don't will get left behind. When people decide to clean up their act, they will start to care.
Re: Need Contact at RoadRunner
On Fri, 5 Dec 2003, Laurence F. Sheldon, Jr. wrote: > A reasonable reaction to protect own-turf is to plug up holes as > you identify the local end of it and wait to see if anybody cares > about it after the fire-fight. So block a /30, not a /24 > The likelyhood of being able to contact anybody competent and > sympathetic is not worth the time and effort the attempt takes. So next time I get portscanned from someone from RR, I should just blackhole their IP space and wait till someone complains about not being able to get to www.apache.org or www.archive.org? Thats totally irresponsible. Unless you like playing whack-a-mole, you need a smarter hammer, not a bigger one.
Re: Need Contact at RoadRunner
So, I got an e-mail back from RR after I posted here. They claim to have no specific record of why we were blocked, so they removed it. They said it was probably DOS or a Mailbomb, both of which we would have squelched IMMEDIATELY. Frankly, I think that its pretty poor practice to block someone and not tell them, especially when contact information is clearly available everywhere. We've got e-mail, various phones, and INOC-DBA, so its not that hard to get ahold of us :) --- Tom UnitedLayer Office: 415-294-4111 AS23342
Need Contact at RoadRunner
I need to speak with someone at RR about blocking issues. Apparently they've decided to block mail from Apache.org and some of our other customers without any notice to UL. I've followed their instructions and e-mailed the listed addresses, I've waited quite a while (over 24 hours) and have yet to be contacted with information about why we were blocked. UL is very responsive to abuse issues, so this is a little concerning. Please contact me or the NOC. Thank You --- Tom UnitedLayer Office: 415-294-4111 AS23342
Re: RBLs in use
On Fri, 21 Nov 2003, Suresh Ramasubramanian wrote: > If the guy is asking for DNSBLs to use, and you have some good ones in > mind, help him, I'd say. Here Here Suresh, you're on the money! If they (BT) really have that big of a problem, one could look at this as a sign that they want to see what effect its had on their network, and they might *GHASP* fix it. Rather than pointing fingers and attacking, help the poor guy!
Re: Mirapoint Message Director appliances
On Wed, 19 Nov 2003, W.D. McKinney wrote: > We are using Barracuda Networks instead, but it's also a complete > platform with hardware, OS, and software. So far it's doing the job very > well, and we are one week into our trial so far. Any idea what OS its based on?
Re: Mirapoint Message Director appliances
On Wed, 19 Nov 2003, Suresh Ramasubramanian wrote: > For commercial ware - Ironport is good. Yah, thats been my experience, its probably the only commercial solution I'd buy. Its a complete platform - Hardware, OS, Software Also, Ironport is supporting some sort of "Bonded Sender" program, so that may be a key thing to look for as well when buying something like this.
Re: Mirapoint Message Director appliances
On Wed, 19 Nov 2003, Paul S. Brown wrote: > Does anybody have any experience with the MD400/MD450 appliances? > Good/bad/indifferent Bad and expensive. > Would you recommend them for high volume VISP mail hosting? (around 600k > domains) Check out IronPort. They've done a lot of wild stuff to make their boxes hugely fast.
Re: looking for pull traffic
On Thu, 13 Nov 2003, Richard A Steenbergen wrote: > The traffic is too short and bursty to be of any benefit, even when you > can successfully filter it so that no other operations are impacted. I think that would be the biggest trick in order to even ratios - keep other services unaffected. I think most DOS traffic is hard to wrangle. > I also stand by my opinion that DoS does not happen without a reason. I happen to agree with that %100. Most of the times I get DOS on my network its either: 1. IRC 2. The EFF #2 doesn't happen that often, but when it does, its sortof entertaining to figure out where/what/why. Most people love the EFF, and are happy to help sort out problems :) #1 happens more often, but I generally tend to keep a good lot of direct customers, and the people targeted are customers of customers. > Those kinds of targets are generally not only engaged in some activity > which invites attack (such as running an IRC server), they are actively > encouraging it by their behavior, and probably should be booted anyways > for other reasons that you just don't know about yet. I've seen a few ISP's who run IRC servers reserve IP blocks for them, and only announce said blocks to peers. Seems like a good way to cut down on the number of people to contact when you have DOS aimed at it. > The only benefit to having a hefty outbound ratio is that you have plenty > of headroom to work with when attacks do come in. Unless you happen to > notice that a large amount of the traffic is coming from certain Asian > Pacific networks, and intentionally peer with them to setup choke points. > :) Good point. I'd be curious to see in terms of percentages, which networks source the most DOS and then keep them on INOC-DBA SpeedDial. I had in fact suggested to a certain Asian Pacific network that we should peer so that when someone on their network did launch a DOS against one of my customers, it would only cause problems there :) Whats next, DOS-NAP?
RE: looking for pull traffic
On Thu, 13 Nov 2003, Deepak Jain wrote: > Maybe I am exceptionally naive, but are DDOSes *REALLY* that consistent > between providers to affect month-over-month or quarterly ratios? I know a webhoster/provider who consistently takes in 1Mpps DOS attacks, and I'm presuming that the 95th percentile on that will be fairly high... Would I want that? Not especially...
Re: Yankee Group declares core routing obsolete (was Re: Anybody using GBICs?)
On Thu, 30 Oct 2003, E.B. Dreger wrote: > SR> What brand of switch is this guy selling? And what is he > SR> smoking? Sure would be interesting to find out :) > > Maybe the Yankee Group is a subsidiary of Ncatal Ventures. That was my thought. Its "Dood, Where's my Core?" all over again!
Re: peer/transit circuits
On Wed, 29 Oct 2003 [EMAIL PROTECTED] wrote: > Hi folks, > I am looking for some advice on how to place the peer/transit circuits > on the edge routers. > Would like to find the best practice that would provide enough diversity > without having an operation nightmare. e.g. putting peer and transit > circuits on different routers will make the routing policy easier since > peer and transit will have different policies. however, if I lost the > transit router then all transit is gone. It sounds like you might do well to investigate Vendor J's routers, as they can solve this in a single unit, rather than with multiple units. There are several reasons to separate Transit and peering routers, one of them being that if someone points default route at your peering router, the packets go to nowhere because that router doesn't have a full set of routes on it. Unfortunately, this has happened to a few list members and aquantances of mine so don't think this doesn't happen.
RE: Anybody using GBICs?
On Tue, 28 Oct 2003 [EMAIL PROTECTED] wrote: > To be more clear, I'm specifically referring to Gigabit Ethernet > Converters and not SFPs for POS or SONET. So, to reprhase, where in > your network topology, are you using Gigabit Ethernet, specifically GE > interfaces using GBICS? I think you already got your answer... Most people using GigE, are using GBIC's. I don't think I've ever seen SONET gear with replaceable interfaces... > Are you using GE primarily for customer connections, server connections, > peering points etc. ? I think anyone who's willing to pay for, or can justify GigE, is going to get a GigE connection.
Re: China Telecom filtering nameservers
On Wed, 22 Oct 2003, Owen DeLong wrote: > Care to share what was going on? Was it really censorship or something more > mundane and less offensive? It was actually about 100Mbps of DOS... Joe took care of it :)
Re: China Telecom filtering nameservers
On Wed, 22 Oct 2003, John Kristoff wrote: > This has been seen elsewhere too and contacting someone at chinanet > has been difficult. I actually found two helpful individuals via posting to this list. They both spoke english, and helped me out in finding out what was going on. China telecom has some US POPs, so they do have people in the US even.
Re: Green peering stickers
On Mon, 20 Oct 2003 [EMAIL PROTECTED] wrote: > Northern California, would mean SF Bay Area or not? The Bay Area is NorCal... > Or did you mean real "Northern" part of California (i.e. around Shasta)? I believe the technical term is "boonies" but thats a minor detail :)
Re: Completewhois Bogons Project - Initial Intro
On Fri, 17 Oct 2003 [EMAIL PROTECTED] wrote: > Nice to finally see competition to those people in cymru, who apparently > got too sloppy with their work. > > We can finally put an end to all those criminals like UU, L3, CW, GX, ATT, > DoD who are committing criminal activity by hijacking netblocks. > > Enough is enough! Yeah! Those UU and DOD guys are real criminals! I hear one has an arms stockpile...
Re: Extreme BlackDiamond
On Mon, 13 Oct 2003, Steve Francis wrote: > Doesn't happen here with MSFC2/SupII. > > Maybe just MSFC1's that are subject to that. That is possible, but I didn't see it on a 7500 till I started taking more than 1 full table.
RE: Extreme BlackDiamond
On Mon, 13 Oct 2003 [EMAIL PROTECTED] wrote: > Maybe you could expand on the BGP scanner problems - we haven't seen > them all the time we've been running 6500 native with full routes (about > 1.5 years now). BGP Scanner taking up close to 100% of CPU on a box periodically. GSR doesn't seem to do it, but a buncha other cisco boxes do. Its more irritating than anything else, especially when customers complain that when they traceroute they see ~200ms latency to the router...
Re: Extreme BlackDiamond
On Mon, 13 Oct 2003, Simon Lockhart wrote: > > Does the 7600 have the same BGP Scanner problem as the 6509 does? > > I've still yet to see anything that suggests that the difference between > the 7600 and the 6500 is more than just a paint job and a marketting job. Whee! Even more of a reason not to buy one for routing :)
RE: Extreme BlackDiamond
On Mon, 13 Oct 2003, Michel Py wrote: > Aren't most of the 6500 blades the same as the 7600 ones anyway? Between > these two IMHO we are looking at a blurry distinction between a router > with very good switching capabilities and a L3 switch with very good > routing capabilities. Does the 7600 have the same BGP Scanner problem as the 6509 does?
Re: Extreme BlackDiamond
On Mon, 13 Oct 2003, Mikael Abrahamsson wrote: > I can understand how a virus like Welchia can affect a flow-based > architecture like Extremes. I was under the impression that CEF enabled > Cisco gear wouldnt have this problem, but Cisco has instructions on their > webpage on how deal with it and cites CPU usage as the reason. With CEF I > thought the CPU wasn't involved? CEF is perhaps differently implemented on > different plattforms? I think CEF in HW is the key, ASIC based and not Flow based. I'm not all-knowlegable on which platforms do this, but the 7500, 12000, 2948G-L3, 4908 have it.
Re: Extreme BlackDiamond
On Mon, 13 Oct 2003, Shazad - eServers wrote: > How are these for CORE SWITCHES (distribution) compared to BigIron and the > CISCO 6509? > From what I have heard and reports they are very solid switches. As long as you only use them for switching, they're fine :) For routing, I wouldn't touch em with a 10 foot pole, but I can also say that for the BigIron, or the 6509. If you want a router, buy a router...
Update - Contacts for CHINANET-BJ?
I got two contacts on this, looks like the situation is resolved. On Wed, 8 Oct 2003, Tom (UnitedLayer) wrote: > Anyone got a clueful contact over there? > Getting 100Mbps or so of dos from over there and I'd rather not just > blackhole the /16
Contacts for CHINANET-BJ?
Anyone got a clueful contact over there? Getting 100Mbps or so of dos from over there and I'd rather not just blackhole the /16 --- Tom Sparks
Re: Verisign on Process
On Wed, 8 Oct 2003, Howard C. Berkowitz wrote: > Gomes' position truly bothers me if a registry, given that it meets > the formal definition of a technical monopoly, is planning around > competitive advantage. I think its definately a sign that the verisign hegemony over domain registration needs to be removed. If they're going to be so irresponsible as to misuse a public trust, they need to be nixed. > Other speakers pointed out that the functionality of Sitefinder could > be implemented at the edge, not breaking the end-to-end assumption > and still allowing innovation. Internet Explorer, for example, has > such functionality. > > MS and VS. Reminds me of some recent wars where observers were sad > that only one side could lose. :-) I think that might be one way to have Verisign quashed - use the monopolies to smash eachother. Think about how much money MS lost due to sitefinder...
Re: Removal of wildcard A records from .com and .net zones
On Fri, 3 Oct 2003, Matt Larson wrote: > VeriSign was directed by ICANN to suspend the Site Finder service by > 0100 UTC on Sunday, October 5. We requested an extension from ICANN > to give more notice to the community but were denied. You don't need an extension, we wanted it to go away as fast as possible. > We will be removing the wildcard A records from the .com and .net zones > beginning at 2300 UTC on Saturday, October 4. I'm glad things will go back to actually working again. Yay!
