Re: Packet Kiddies Invade NANOG
Why is NANOG starting to sound like full-disclosure? Can't you kids just argue amongst yourselves on IRC or something? This is so off-charter... If any of the involved parties thinks anyone cares, you'd do well to check your egos. -- Charles Sprickman [EMAIL PROTECTED] On Mon, 15 Mar 2004, Matthew S. Hallacy wrote: On Sun, Mar 14, 2004 at 10:43:29PM -0600, Gregory Taylor wrote: Matthew (yes I know it is you), The personal information you have posted regarding my phone number is me. However, the slanderous material and obvious hate/flame statements you made against me are absolutely false. For the record, I've been in-transit between the cold state of Minnesota to the semi-warm state of Texas for the past two days via car, Without internet access. If I wanted to post the urls in this thread I would have no issues doing it without hiding behind an anonymous email account. As for the accusations made being false, I know nothing about them. I do recall the 2 or 3 times you've attacked me by the direct, or indirect request of Andrew Kirch (trelane). -- Matthew S. HallacyFUBAR, LART, BOFH Certified http://www.poptix.net GPG public key 0x01938203
Re: who offers cheap (personal) 1U colo?
Ken Diliberto wrote: The smarter students put a NAT box on their port so they can run their desktop, laptop, XBox and have a place their friend can plug in. NAT is evil, not smart. If the addresses run out because of legitimate use, more addresses should be allocated. Pete
Re: who offers cheap (personal) 1U colo?
Paul Vixie wrote: at scale, with things as they now are, i simply don't believe this. with a 1:1 ratio (daily customers to onduty clues), it is never going to be possible to contact every customer out of band (by phone, that is) when they need to be told how to de-virus their win/xp box. not for $30/month. you can fiddle with the ratio -- 800:1 may work -- and you might be able to hire clues very cheaply for a while -- but not at scale. i'd love to be proved wrong on this point. I see this as a two different processes. There are definetly some individuals who have no help whatsoever with their computers and need the abuse/helpdesk to walk them through the disinfecting process. However in my experience these are only a small fraction of the population with infected machines. It really solves 90%+ of the problem by just getting the message to the individual that they have a problem and they´ll find somebody to fix it for them. Pete
Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
On Mon, 15 Mar 2004, Petri Helenius wrote: I see this as a two different processes. There are definetly some individuals who have no help whatsoever with their computers and need the abuse/helpdesk to walk them through the disinfecting process. Gartner estimates the total cost of ownership of a PC at $450/month. If someone is paying $50/month, I wonder where the other $400 goes? Is it marketing suicide in other industries have premium customer programs. Pay more or have a better credit rating, and you get a platinum credit card. Fly more or pay more and you get to sit in first class and board the plan first. Why not have special IP addresses reserved for the Internet elite? ISPs are desperately looking for new revenue streams. Would you pay an extra $50/month for platinum-level Internet address? ARIN could charge extra to certify those ISPs receiving platinum Internet addresses. Mass mailers already pay companies like Habeas and IronPort for bonded e-mail. Suppose we create Internet++ using 126/8 as the starting IP address block. Only ISPs agreeing to the good code of conduct could use 126/8 addresses assigned independently of any other IP addresses in use. ISPs might reserve 126/8 addresses to only a few of their most secure servers, and a few very trusted customers. If it was successfull, IANA could extend the range to 125/8, 124/8 and so on However in my experience these are only a small fraction of the population with infected machines. It really solves 90%+ of the problem by just getting the message to the individual that they have a problem and they´ll find somebody to fix it for them. Doubtful. If you look at large samples, e.g. 10,000 infected computers, the repair rate is essentially identical between a group told their computers are infected and a group which wasn't told. Perhaps more scary, the rate of repair after being notified doesn't change whether the group are self-described computer experts or general users. I expect every NANOG conference from now on will be filled with announcements asking people to please fix their computers because worms are killing the network. NANOG has less than 500 attendees, yet has about the same number as infected computers as any other ad-hoc network population.
Summary: 10GigaEthernet on GSR feedback ...
I was wondering : We recently installed 10GE interface on GSR boxes (Engine4+). I are experiencing a SNMP counter issue with 802.1q VLAN. We were used to have counters by 802.1q VLAN on GSR on 1GE, but it looks to be broken for 10GE subinterfaces. Counters are available by SNMP, but are buggy on Inbound. ifHCInUcastPkts is OK, but ifHCInOctets is not. Does anyone experienced such problem on 10GE with GSR ? Counters from physical interace are fine. We experiences this on SubInterfaces only. Thanks to nanog community, i had positive feedbacks. This is hardware limitation with 10GE cisco Card on GSR. Since it look to be an ASIC issue, i do not expect to be fixed by software !! There is a workaround to get byte counter, but we have to disable packet counter. This is what we did and it works fine. Details available on http://www.cisco.com/cgi-bin/Support/Bugtool/onebug.pl?bugid=CSCea37857 (need CCO login) Bottom line : Mind VLAN monitoring issues when using 10GE GSR LC. Vincent.
Long-term identifiers (was Re: who offers cheap (personal) 1U colo?)
On Sun, 14 Mar 2004, Andrew Dorsett wrote: In a dorm room situation or an apartment situation, you again know the physical port the DHCP request came in on. You then know which room that port is connected to and you therefore have a general idea of who the abuser is. So whats the big deal if you turn off the ports to the room until the users complain and the problem is resolved? It has to do with response time. If I send an abuse complaint to an organization's mailbox on a Friday night, will it be dealt with in the next 10 seconds? Or sometime next week? If the computer reboots every 60 seconds, and gets different IP addresses every time, a single infected computer can appear with lots of different IP addresses which results in overblocking. Similar things happen when a very large corporation has a NAT firewall, and attacks appear to come from all over their address ranges. A long-term end-to-end identifier would let me immediately drop the specific infected computer's traffic regardless of its rotating IP addresses, even if your abuse department doesn't open until next monday to track down the user to permanently fix it. The other issue is assuming abuse is defined the same way. If I can uniquly identify the source, we don't have to debate whether my definition of abuse is the same as your definition. You might have a three-strike policy and I have a zero-tolerance policy. It doesn't matter if there was an end-to-end long-term identifier. While you are waiting for the other strikes, I can immediately block that specific computer regardless of what IP address it has today. That way reputation could be tied to the infected computer instead of random address ranges. If IPsec ever gets fully deployed, then we may be able to negotiate end-to-end identification. The long-term end-to-end identifier does not need to include personally identifiable information.
Re: who offers cheap (personal) 1U colo?
## On 2004-03-14 11:58 - Simon Lockhart typed: SL SL If someone can point me to Virtual Solaris Machine, then I'd willingly offer SL that as a service (the colo I help run as a hobby is Sun only). AFAIK that will be in Solaris 10 - See N1 Grid Containers on http://wwws.sun.com/software/solaris/10/ You can get a non-supported preview for free (or pay 99$ for one year support) -- HTH, Rafi SL SL The reason people are doing it on Linux is that it's available. (And, in the SL case of LVM, free) SL SL Simon SL
Re: who offers cheap (personal) 1U colo?
On Mon Mar 15, 2004 at 12:26:09PM +0200, Rafi Sadowsky wrote: AFAIK that will be in Solaris 10 - See N1 Grid Containers on http://wwws.sun.com/software/solaris/10/ You can get a non-supported preview for free (or pay 99$ for one year support) Well, it's Zones. I downloaded the latest Solaris Express release last night and got a simple Zones implementation running on a spare box. It certainly looks very interesting. Simon -- Simon Lockhart | Tel: +44 (0)1628 407720 (x(01)37720) | Si fractum Technology Manager | Fax: +44 (0)1628 407701 (x(01)37701) | non sit, noli BBC Internet Ops | Email: [EMAIL PROTECTED]| id reficere BBC Technology, Maiden House, Vanwall Road, Maidenhead. SL6 4UB. UK
Re: who offers cheap (personal) 1U colo?
Sorry this thread is huge, I hope I'm not repeating comments.. if the market for this is nanog and you're just looking for smtp/shell surely we can manage this between ourselves without charge (ask your nanog buddy for a shell as a favour).. I know I can and will do this Steve On Sun, 14 Mar 2004, Janet Sullivan wrote: Paul Vixie wrote: every time i tell somebody that they shouldn't bother trying to send e-mail from their dsl or cablemodem ip address due to the unlikelihood of a well staffed and well trained and empowered abuse desk defending the reputation of that address space, i also say buy a 1U and put it someplace with a real abuse desk, and use your dsl or cablemodem to tunnel to that place. My cable modem provider filters port 25, so I can't run my own SMTP server. Their mail servers suck. Yes, I could pay for a business class cable modem connection and they'd unblock the port... but I'd likely still be filtered. Guess who is having a dedicated 1U set up right now? ;-) I think Paul is right, there is a small niche market for this.
Re: who offers cheap (personal) 1U colo?
$50/month at 40U rentable is $2000/rack/month if it's full. And then there's the newer high-density rackmount units like this one http://www.rlx.com/products/serverblades/dense.php This product puts up to 24 server blades in a 3U chassis which basically means you can put 8 times as many servers in a rack. And if any of you have played with things like the Zaurus C760/C860 then you know where all this is headed. $50/month today, $25/month in a year or two, and then in about 5 years it will be a free perk if you sign a two-year contract with your broadband provider. --Michael Dillon
RE: who offers cheap (personal) 1U colo?
For most people it'd probably make much more sense to find a provider that offers some form of SMTP relay service. It'd probably be cheaper/month, and they wouldn't have the trouble and expense of providing/maintaining a colo server. Yep, if you aren't technically inclined that is better. What if the cost were only $10/month and they didn't have to maintain anything other than a set of usernames/passwds (SMTP Auth) or perhaps a list of their own IPs (relaying based on IP)? It's starting to sound like a nice little business for a college senior to set up using one of the colo providers from Paul's list. It would be a lot more palatable for large providers to crack down on unauthenticated SMTP if there were such alternatives available. Then instead of cracking down on users they would be supporting new small businesses. I imagine there are a lot of people doing this already but we just don't see it because they don't have a catchy name for themselves like ISP. --Michael Dillon
Re: who offers cheap (personal) 1U colo?
Certianly the point central to your arguement is that with the right abuse-desk to customer ratio AND the right customer base, things could be kept clean for smtp/web/ftp/blah 'hosting'. I'll take the right customer base for $50 please Alex. This is most certainly the case... I look forward to seeing your list of providers and prices :) Rick Adams and Mike O'Dell had an idea in 1987. How is this any different? Eric
Re: Long-term identifiers (was Re: who offers cheap (personal) 1U colo?)
Sean Donelan wrote: If I send an abuse complaint to an organization's mailbox on a Friday night, will it be dealt with in the next 10 seconds? Or sometime next week? If the computer reboots every 60 seconds, and gets different IP addresses every time, a single infected computer can appear with lots of different IP addresses which results in overblocking. Similar things Most DHCP servers are capable of assigning the same IP address to the same MAC address both with DHCPDISCOVER and DHCPREQUEST. It just needs the configuring party to want that. (with the caveat that somebody got to the address first, which is possible but unlikely) Since static ip addresses are considered a premium service, most providers opt towards approaches which make the IP address change more often. Pete
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
I expect every NANOG conference from now on will be filled with announcements asking people to please fix their computers because worms are killing the network. NANOG has less than 500 attendees, yet has about the same number as infected computers as any other ad-hoc network population. Maybe NANOG needs to implement a system where you have to log in to a web page with your NANOG meeting passcode in order to get a usable IP address. Then, when an infected computer shows up we will know exactly whose it was. Might even be interesting for a researcher to interview every infected party and figure out why it is happening even among a supposedly clueful group. --Michael Dillon
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
[EMAIL PROTECTED] writes: Maybe NANOG needs to implement a system where you have to log in to a web page with your NANOG meeting passcode in order to get a usable IP address. Then, when an infected computer shows up we will know exactly whose it was. Might even be interesting for a researcher to interview every infected party and figure out why it is happening even among a supposedly clueful group. Seconded. This is dirt simple to do. If we believe in public humiliation, a list of infected machines and their owners (along with a suitably snarky don't hire these top network engineers to maintain your fleet of windows boxes message) could be displayed on the projection screens at the break. ---Rob
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
a suitably snarky don't hire these top network engineers to maintain your fleet of windows boxes message) could be displayed on the Is this an opt-in list? I'd like to opt-in. Now. Nu. Proto. A lifetime ago.
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
Robert E. Seastrom wrote: Seconded. This is dirt simple to do. If we believe in public humiliation, a list of infected machines and their owners (along with a suitably snarky don't hire these top network engineers to maintain your fleet of windows boxes message) could be displayed on the projection screens at the break. Employee to PHB: You hired me to provide core network engineering and lead the level 2 network ops staff. Tell me again why you want me to provide any server engineering, if you knew my strengths when you hired me? There's a reason I've gotten out of small ISP consulting - I don't do Windows, and I'm getting overrun by Linux corrosion slowly. I route, I switch, I help with securing networks. And I do wear a lot of hats at my day job, but I remind them that they hired a specialist, and promised lots of server support all along the way. Granted, the Windows guy is overloaded and the UNIX/Linux guy would snore in front of his PHB... pt
Re: who offers cheap (personal) 1U colo?
On Sun, 14 Mar 2004 01:29:29 -0500 (EST) Andrew Dorsett [EMAIL PROTECTED] wrote: This is a topic I get very soap-boxish about. I have too many problems with providers who don't understand the college student market. I can There are certain environments where it would be nice for people to have spent some time. Working at a university would be one good experience for many people, particularly in this field, to have had. think of one university who requires students to login through a web portal before giving them a routable address. This is such a waste of time for both parties. Sure it makes tracking down the abusers much easier, but is it worth the time and effort to manage? This is a very In most implementations I'm familiar with, the time and effort is mostly spent in the initial deployment of such a system. legitimate idea for public portals in common areas, but not in dorm rooms. In a dorm room situation or an apartment situation, you again know the physical port the DHCP request came in on. You then know which room that port is connected to and you therefore have a general idea of who the abuser is. So whats the big deal if you turn off the ports to the room until the users complain and the problem is resolved? As someone else mentioned, an AUP may be a reason for such a system. In addition, these systems often allow an i.d. to be notified, restricted or disabled and not just from a single port, but from any port where this system is used. Also know that some schools' dorm resident information is not populated nor easily accessible in network connectivity records. The portal systems are often used as a way to be proactive in testing a dorm user's system for vulnerabilities and allowing minimal connectivity for getting fixed up if they are. This is often referred to as the quarantine network. Many institutions have tried to simply turn off a port and deal with the problem when a user calls. Sometimes the user moves, but even if they don't this doesn't scale very well for widespread problems such as some of the more common worms and viruses that infect a large population. A lot of institutions don't have 24x7 support to handle calls from dorm students who are often up til midnight or later doing work. Many systems can have the connection registration pulled, forcing a new registration immediately. This may be due to proactive scanning or simply to refresh the database at the end of a school year. I guess this requires very detailed cable map databases and is something some providers are relunctant to develop. Scary thought. Correct, this is a problem for universities too. Especially when many of their cabling systems are old and have often been managed (or not) by transient workers (e.g. student employees) over the years. John
Re: who offers cheap (personal) 1U colo?
Ken Diliberto wrote: Something else I just remembered: Connecting so much equipment in our dorms creates a fire hazard. The are only two or three outlets (what I've been told) in a room shared by two or three students. Add to the computer equipment a TV, stereo, DVD player, alarm clocks, cordless phones, etc., etc., etc. and you have the makings for newspaper headlines. Hasn't happened yet to my knowledge, but it could and students don't consider these things. If you were willing to live in a place where an electrical overload caused a fire (as opposed to tripping a circuit-breaker or blowing a fuse), you have not correctly identified your worst problem, or the the University's. -- Requiescas in pace o email
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
Pete Templin wrote: Employee to PHB: You hired me to provide core network engineering and lead the level 2 network ops staff. Tell me again why you want me to provide any server engineering, if you knew my strengths when you hired me? There's a reason I've gotten out of small ISP consulting - I don't do Windows, and I'm getting overrun by Linux corrosion slowly. I route, I switch, I help with securing networks. And I do wear a lot of hats at my day job, but I remind them that they hired a specialist, and promised lots of server support all along the way. Granted, the Windows guy is overloaded and the UNIX/Linux guy would snore in front of his PHB... If you are in Nebraska I can help you with the Unemploy^WWorkforce Development paperwork. -- Requiescas in pace o email
Re: who offers cheap (personal) 1U colo?
Laurence F. Sheldon, Jr. [3/15/2004 7:39 PM] : If you were willing to live in a place where an electrical overload caused a fire (as opposed to tripping a circuit-breaker or blowing a fuse), you have not correctly identified your worst problem, or the the University's. That's always there, but at least one dorm that I know of has this rule against running appliances in a dorm room. srs -- srs (postmaster|suresh)@outblaze.com // gpg : EDEDEFB9 manager, outblaze.com security and antispam operations
Re: who offers cheap (personal) 1U colo?
Suresh Ramasubramanian wrote: Laurence F. Sheldon, Jr. [3/15/2004 7:39 PM] : If you were willing to live in a place where an electrical overload caused a fire (as opposed to tripping a circuit-breaker or blowing a fuse), you have not correctly identified your worst problem, or the the University's. That's always there, but at least one dorm that I know of has this rule against running appliances in a dorm room. A rule against running a hotplate or other heat-generating appliance (or all appliances to avoind the arguments) makes sense. A rule against running power-consumers that were not in the cost-of-overhead calculation makes sense. Restricting (or trying to restrict) computers in today's University environment is delusional. -- Requiescas in pace o email
RE: Will your cisco have the FBI's IOS?
This whole thing makes me think that we should be encouraging VOIP traffic to run over IPSEC so we can claim we don't know what it is. Owen pgp0.pgp Description: PGP signature
RE: Will your cisco have the FBI's IOS?
Owen, That sounds like an invitation to have the Jack Booted Thugs barbeque your home a'la Branch Davidian compound style. :) Christopher J. Wolff, VP CIO Broadband Laboratories, Inc. http://www.bblabs.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Owen DeLong Sent: Monday, March 15, 2004 7:51 AM To: 'nanog list' Subject: RE: Will your cisco have the FBI's IOS? This whole thing makes me think that we should be encouraging VOIP traffic to run over IPSEC so we can claim we don't know what it is. Owen
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
Laurence F. Sheldon, Jr. wrote: Pete Templin wrote: There's a reason I've gotten out of small ISP consulting - I don't do Windows, and I'm getting overrun by Linux corrosion slowly. I route, I switch, I help with securing networks. And I do wear a lot of hats at my day job, but I remind them that they hired a specialist, and promised lots of server support all along the way. Granted, the Windows guy is overloaded and the UNIX/Linux guy would snore in front of his PHB... If you are in Nebraska I can help you with the Unemploy^WWorkforce Development paperwork. I didn't suggest saying I'm not gonna do it. I just suggested You hired me to deploy dynamic routing on your statically-routed network. What prompted you to think that I could configure site-wide anti-virus services such that no one ever reports a virus leak from our enterprise, without training, time to test and develop such a critical solution, or both? pt
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
Pete Templin wrote: Laurence F. Sheldon, Jr. wrote: Pete Templin wrote: There's a reason I've gotten out of small ISP consulting - I don't do Windows, and I'm getting overrun by Linux corrosion slowly. I route, I switch, I help with securing networks. And I do wear a lot of hats at my day job, but I remind them that they hired a specialist, and promised lots of server support all along the way. Granted, the Windows guy is overloaded and the UNIX/Linux guy would snore in front of his PHB... If you are in Nebraska I can help you with the Unemploy^WWorkforce Development paperwork. I didn't suggest saying I'm not gonna do it. I just suggested You hired me to deploy dynamic routing on your statically-routed network. What prompted you to think that I could configure site-wide anti-virus services such that no one ever reports a virus leak from our enterprise, without training, time to test and develop such a critical solution, or both? It turns out that they can hire people with all kinds of certifications that say thye can do all of that for a lot less than what they are paying a specialist. -- Requiescas in pace o email
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
On Mon, 15 Mar 2004 04:57:03 -0500 (EST), Sean Donelan wrote: NANOG has less than 500 attendees, yet has about the same number as infected computers as any other ad-hoc network population. If true this is a very significant fact
Re: who offers cheap (personal) 1U colo?
Stephen J. Wilcox wrote: if the market for this is nanog and you're just looking for smtp/shell surely we can manage this between ourselves without charge (ask your nanog buddy for a shell as a favour).. I know I can and will do this Well, I do have motives beyond outbound smtp. I actually looked at some of the mail only services, but I really want someplace that will do IMAP and authenticated SMTP. I want to be able to configure how I filter spam, which I don't want to do at the MUA level because I'll need to access mail various ways from various locations. Besides mail, I want to be able to create and control firewall rules on the box. I also want to be able to setup Apache exactly like I want it, etc. And sometimes its nice to have shell access on a machine in a different location for troubleshooting purposes. However, I do like the idea of setting up a community of like minded individuals who would be willing to do secondary MX and/or DNS for each other, and perhaps provide basic shell accounts... On the other hand, I'm a little leary of giving someone I don't know access to one of my boxes. I'm curious how a virtual colocation or dedicated server co-op could work, with values statements on how servers must be run (secure, no SPAM), etc. Would there be member fees? Would members have to democratically vote to let new members in after some kind of vetting process? Would anyone even be interested in such an idea? It would also be interesting to see what kind of monitoring tools could be developed with a diverse set of servers in different parts of the world... could we set up a co-op version of keynote monitoring, where we helped monitor each other?
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
On 15 Mar 2004 08:01:15 -0500 Robert E. Seastrom [EMAIL PROTECTED] wrote: Maybe NANOG needs to implement a system where you have to log in to a web page with your NANOG meeting passcode in order to get a usable IP address. Then, when an infected computer shows [...] Seconded. This is dirt simple to do. If we believe in public humiliation, a list of infected machines and their owners (along with [...] In the case of some networks and some type of malware, you might need to do more than this. For example, if a compromised host continues to spew out packets without a valid IP, this still eats link capacity. If the network is relatively flat, which is often is in wireless configurations, you still have a problem to solve before normal access for everyone else is restored. John
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
John, There are the beginnings of some wireless devices that are capable of directing wireless clients to cease transmission with L2 link control messages. These are just beginning to emerge, and unfortunately I'm certain that with only a matter of time people will write drivers that ignore such control messages. The end result is that AP's can effectively address a DoS at an invalid/penalty-boxed host on the wireless ether, and allow everyone else to remain connected. There is a b/w penalty for the flood of control messages. One implementation I have been researching leaves ~75% of b/w available for valid traffic. That doesn't seem too bad to me, but I need to research real stats for how much b/w is consumed by the worms in the first place. Cheers, Ben. John On 15 Mar 2004 08:01:15 -0500 John Robert E. Seastrom [EMAIL PROTECTED] wrote: Maybe NANOG needs to implement a system where you have to log in to a web page with your NANOG meeting passcode in order to get a usable IP address. Then, when an infected computer shows John [...] Seconded. This is dirt simple to do. If we believe in public humiliation, a list of infected machines and their owners (along with John [...] John In the case of some networks and some type of malware, you might need to John do more than this. For example, if a compromised host continues to spew John out packets without a valid IP, this still eats link capacity. If the John network is relatively flat, which is often is in wireless configurations, John you still have a problem to solve before normal access for everyone else John is restored. John John
Re: Counter DoS
Leaving directed-bcast open would accomplish this on these devices, as well as many others. A bigger problem here is that these irresponsible network polyps would offer an icmp-independent amplifier. They essentially open smurf amplification to any other protocol. Whereas a network might clobber icmp at its border(s), a tcp or udp attack on a friendly port would elicit the same effect as the ping-of-death of old, and be permitted traversal of the traditional front lines of defense. Contrbuting to firewalking and general network recon, the bane of icmp is in its inherent behavior. It is designed to remit success and failure messages disclosing path and node details. This is its sole function, and is therefore non-negotiable and suspect and frequently dropped or monitored by edge devices. tcp and udp, on the other hand, are now being twisted to behave the same way when encountered by these stupid vigilante firewalls: send a (malicious) stream of data, invoke an equal and opposite stream of (malicious) data. The creepy innovators of this nonsense appliance just used the application layer to defile the fundamental nature of ubiquitous protocols. Think about how we generally react when it appears that M$ has done that. Just give the whole bloody Internet a big red button, and train users' crosshairs on the first thing that moves. I'll cheerlead outside the court proceedings when this obnoxious vendor sees its first lawsuit or dissolution hearing. No carrier would allow this on its network, anyway. --ra On Thu, Mar 11, 2004 at 04:10:04PM -0500, Deepak Jain said something to the effect of: If you wanted to do that, wouldn't the firewall just need directed-broadcast left open or emulate similar behavior, or even turning ip unreachables back on? Flooding pipes accidentally is easy enough. Now people are selling products to do it deliberately. Yeesh. I saw a license plate this week (Virginia -IWTFM) I thought that was clever. Deepak Gregory Taylor wrote: Yes, lets allow the kiddies who already get away with as little work as they can in order to produce the most destruction they can, the ability to use these 'Security Systems' as a new tool for DoS attacks against their enemies. Scenerio: Lets say my name is: l33th4x0r I want to attack joeblow.cable.com because joeblow666 was upset that I called his mother various inappropriate names. I find IP for joeblow.cable.com to be 192.168.69.69 I find one of these 'security' systems, or multiple security systems, and i decide to forge a TCP attack from 192.168.69.69 to these 'security systems'. These 'security systems' then, thinking joeblow is attacking their network, will launch a retaliatory attack against the offender, 192.168.69.69 thus destroying his connectivity. Kiddie 1 Joeblow 0The Internet as a whole 0 Greg Rachael Treu wrote: Mmm. A firewall that lands you immediately in hot water with your ISP and possibly in a courtroom, yourself. Hot. Legality aside... I don't imagine it would be too hard to filter these retaliatory packets, either. I expect that this would be more wad-blowing than cataclysm after the initial throes, made all the more ridiculous by the nefarious realizing the new attack mechanism created by these absurd boxen. A new point of failure and an amplifier rolled all into one! Joy! More buffoonery contributed to the miasma. Nice waste of time, Symbiot. Thanks for the pollution, and shame on the dubious ZDnet for perpetuating this garbage. ymmv, --ra -- rachael treu [EMAIL PROTECTED] ..quis costodiet ipsos custodes?..
RE: Will your cisco have the FBI's IOS?
This is part of a law enforcement wishlist which has been around for a long time (See Magic Lantern, Clipper Chip et. al. for examples). What is desired here is a system by which all communications originating/or terminating at $DESIGNATED_TARGET can be intercepted with no intervention by and/or knowledge of the carrier hence ensuring the security of the investigation. The trouble with a system like this is that like all backdoors it can be exploited by non-legitimate users but law enforcement personnel tend to have a very limited understanding of technology and communications tech especially since to the majority of LEA's AOL == Internet many local LEA's their only internet access is AOL. I've been asked how do you track down all $NET_MISCREANTS in town. I told the chief that it requires good old fashioned police work. The net is not magic and is decentralized. But what is wanted is a centralized place where with the press of a button you can see who Joe Smith has been talking to, sending email to and what web pages he is looking at to make investigations easy from a civil liberties standpoint that is a _bad_ thing human nature being what it is. It is our job as members of the NANOG community to educate our politicians and police so that we do not end up living in a system which would be the envy of the Stasi and the Soviet era KGB Scott C. McGrath On Sun, 14 Mar 2004, Sean Donelan wrote: On Sat, 13 Mar 2004, Christopher J. Wolff wrote: I believe that CALEA versions of IOS are already available on cisco.com. It has a backdoor for any traffic originating from dhs.gov address space. ;) If law enforcement was satisified with the solutions already available, I don't think they would have spent the time creating this filing. It's probably a good idea for anyone associated in the Internet industry to read the filing because it may be requesting the FCC change definitions of who is covered and what they must do. Even if you thought CALEA didn't apply to you for the last 10 years; you might find out after this you will be required to provide complete CALEA capabilities. The requested capabilities may be more than are currently available from vendors. Do you know what is the difference between call-identifying information and communications-identifying information? They both have the intials CII. What is the difference between the phone number of a fax machine and the from/to lines on the cover page of the fax?
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
Laurence F. Sheldon, Jr. wrote: Pete Templin wrote: I didn't suggest saying I'm not gonna do it. I just suggested You hired me to deploy dynamic routing on your statically-routed network. What prompted you to think that I could configure site-wide anti-virus services such that no one ever reports a virus leak from our enterprise, without training, time to test and develop such a critical solution, or both? It turns out that they can hire people with all kinds of certifications that say thye can do all of that for a lot less than what they are paying a specialist. You're right again. But those generalists would earn a spot on the don't hire these top network engineers to maintain your fleet of windows boxes list projected on the screen, while the specialists either wouldn't be doing work outside their scope or the PHB would understand that it's not their specialty. pt
Re: hey had eric sent you
Bit hard by same bug. What version of code are you running on the 6513 8.1(2) fixes the bug on the 6x48 line cards. What happens is that packets of 64 bytes or less are silently dropped. Replacing linecards will not help unless there is another bug of which I am not aware. With a little digging I can dredge up the relevant DDTS. Scott C. McGrath On Sat, 13 Mar 2004, joe wrote: MessageThis in reply to the earlier thread Weird Problems? Well barring that, I've seen simuliar issues, maybe not the exact same timings but. I've noticed a couple of things while working with a roll out of Active-Directory and a recent upgrade to I.E 6.0 for the user base. Since there were several thousand users involved some of the issues were simply bad configs/drivers/etc. However one of the stats I have noticed is that in certain situations where a system is connected to a Cisco 3548, and the client is running in an Auto detect (AD/AN) mode that things are horendiously slow during boot up, and at various times seem to hang unexplainably. It seemed corrected by setting the client to 100/Full, but not in all cases. Lots of HTTP complaints still remain about accessing webpages etc. but never consistant. This of course is a pretty fresh problem and is still in my queue for research to start this Monday. As well, we've found that there was an odd bug with Cisco's 6513s and their 48 port 10/100/1000 line cards. This was using the latest IOS/CAT software at the time. Again not sure if its a documented problem but, several users were unable to Telnet or FTP to systems that teminated to the 6513, oddly we were able to icmp echo and pass HTTP. After sometime and 2 TACs I found that there was a bug regarding these items and real small packets (I Think less than 64bits??) being passed thru the 6513 and got an RMA for new Line cards. Again, perhaps nothing to do with your situation. Since the Nix systems and non-Doze seem not to have an issue, perhaps you can enlighten me with further Sniffs/Captures of these events directly? As soon as I get some more data/Captures on my end from the problems I'm seeing I can forward those apon request so as to keep S/N ratio down on Nanog (: Cheers, -Joe - Original Message - From: Riley, Marty To: [EMAIL PROTECTED] Sent: Friday, March 12, 2004 11:17 PM Subject: FW: hey had eric sent you
RE: Will your cisco have the FBI's IOS?
On Mon, 15 Mar 2004, Scott McGrath wrote: What is desired here is a system by which all communications originating/or terminating at $DESIGNATED_TARGET can be intercepted with no intervention by and/or knowledge of the carrier hence ensuring the security of the investigation. I don't think that is correct. Read the Justice Department's filing. With correct legal authorization, law enforcement already has access to any electronic communications through a carrier. From the Washington Post: The Justice Department wants to significantly expand the government's ability to monitor online traffic, proposing that providers of high-speed Internet service should be forced to grant easier access for FBI wiretaps and other electronic surveillance, according to documents and government officials. A petition filed this week with the Federal Communications Commission also suggests that consumers should be required to foot the bill. Is this a modem tax by another name. Should every ISP add a fee to their subscriber's bill to pay for it? Read the filing.
RE: Will your cisco have the FBI's IOS?
I have read the filing it's another step down the road. True all comms are subject to intercept _already_ what is desired is a way to _easily_ perform the intercept and the easily part is the kicker. Some things should be hard especially where civil rights are involved. See all the light and noise about the MATRIX system which is simply a means of collecting and indexing information which is already available to LEA's. However MATRIX removes the step of asking the provider for information on a individual basis hence law abiding people are now in the position of having their information searched without the oversight of the judicial system in fishing expeditions. Human nature being what it is the act of having to ask a judge to grant access to the information keeps honest people honest and judges almost never deny this type of request. In a perfect world we would not need locks on our doors, passwords for our systems. In situations like this who watches the watchers?. Currently a judge does in the future... Scott C. McGrath On Mon, 15 Mar 2004, Sean Donelan wrote: On Mon, 15 Mar 2004, Scott McGrath wrote: What is desired here is a system by which all communications originating/or terminating at $DESIGNATED_TARGET can be intercepted with no intervention by and/or knowledge of the carrier hence ensuring the security of the investigation. I don't think that is correct. Read the Justice Department's filing. With correct legal authorization, law enforcement already has access to any electronic communications through a carrier. From the Washington Post: The Justice Department wants to significantly expand the government's ability to monitor online traffic, proposing that providers of high-speed Internet service should be forced to grant easier access for FBI wiretaps and other electronic surveillance, according to documents and government officials. A petition filed this week with the Federal Communications Commission also suggests that consumers should be required to foot the bill. Is this a modem tax by another name. Should every ISP add a fee to their subscriber's bill to pay for it? Read the filing.
Wiltel Contact
Can someone from Wiltel contact me offlist please. Brian Boles [EMAIL PROTECTED]
Re: Will your cisco have the FBI's IOS?
Speaking on Deep Background, the Press Secretary whispered: I have read the filing it's another step down the road. True all comms are subject to intercept _already_ what is desired is a way to _easily_ perform the intercept and the easily part is the kicker. Some things should be hard especially where civil rights are involved. It can not be emphasized enough that what the Feebees want now is what they always have wanted That's NOT just a way to intercept What You Say, but a way to intercept What You Say INEXPENSIVELY FOR THEM. They can and do kick on CO doors with paper in hand; but they want to save shoe leather. This is a budget issue for them. Thinking it is purely a technology issue is a trap, as it is anything but. It's a manpower/staffing resources one. -- A host is a host from coast to [EMAIL PROTECTED] no one will talk to a host that's close[v].(301) 56-LINUX Unless the host (that isn't close).pob 1433 is busy, hung or dead20915-1433
Re: iMPLS benefit
Mark, i heard there is a way to run MPLS for layer3 VPN(2547) service without needing to run label switching in the core(LDP/TDP/RSVP) but straight IP (aka iMPLS). ftp://ftp.ietf.org/internet-drafts/draft-townsley-l2tpv3-mpls-01.txt See also Mark's talk from the last NANOG http://nanog.org/mtg-0402/townsley.html That requires to run L2TP. An alternative is to run GRE (or even plain IP). The latter (GRE) is implemented by quite a few vendors (and is known to be interoperable among multiple vendors). The only multi-vendor interoperable mode of GRE that I am aware of requires manual provisioning of point-to-point GRE tunnels between MPLS networks and to each and every IP-only reachable PE. I guess you are *not* aware of the Redback implementation of 2547 over GRE, as this implementation is (a) available today, (b) interoperable with other implementations of 2547 over GRE, and (c) does *not* require manual provisioning of point-to-point GRE tunnels between MPLS networks and to each and every IP-only reachable PE. And, just for the record, (stating the obvious) I don't work for Redback. The BGP extension defined in the draft below allows iMPLS for 2547 VPN support without requiring any manually provisioned tunnels (and works for mGRE or L2TPv3). http://www.watersprings.org/pub/id/draft-nalawade-kapoor-tunnel-safi-01.txt The question to ask is whether the extension you mentioned above is truly necessary for supporting 2547 over GRE. The Redback implementation I mentioned above is an existence proof that the extension is *not* necessary for 2547 over GRE that does *not* involve manually provisioned GRE tunnels. Note that mGRE (multipoint GRE) is *not* the same as the point-to-point GRE method that Yakov is referring to. Same header, different usage. Enabling MPLS over any type of IP tunnel changes the security characteristics of your 2547 deployment, in particular with respect to packet spoofing attacks. The L2TPv3 encapsulation used with the extension defined above provides anti-spoofing protection for blind attacks (e.g., the kind that a script kiddie could launch fairly easily) with miniscule operational overhead vs. GRE which relies on IPsec. GRE relies on IPSec in *some*, but *not all* cases. Another alternative is to use packet filtering. Quoting from the 2547 over GRE spec: Protection against spoofed IP packets requires having all the boundary routers perform filtering; either filtering out packets from outside which are addressed to PE routers, or filtering out packets from outside which have source addresses that belong inside and filtering on each PE all packets which have source addresses that belong outside. Yakov.
Re: Packet Kiddies Invade NANOG
Yes, Gregory Taylor aka OseK is a perfect gentlemen now. Here are logs from Feb 4th 2004 showing him being a perfect gentlemen... (08:35:45) #sigdie!OseK_ :[NEMESIS] Nodes are attacking 212.242.41.0/24 on port 666 for 60 seconds using spoofed TCP RESET Packets ... (08:36:04) #sigdie!OseK_ doesn't help the port 666 tho :( (08:36:31) #sigdie!OseK_ you prolly have a much larger dosnet than me tho (08:36:34) #sigdie!OseK_ i only have 500 nodes (08:38:55) #sigdie!OseK_ you dropped it (08:38:58) #sigdie!OseK_ so it cant take ICMP (08:39:00) #sigdie!OseK_ what'd you hit? (08:39:18) #sigdie!p .17 (08:39:54) #sigdie!OseK_ down (08:39:55) #sigdie!OseK_ i got it (08:39:56) #sigdie!OseK_ :) (08:40:03) #sigdie!p let me try by myself ! (08:40:07) #sigdie!p no (08:40:07) #sigdie!p its up (08:40:08) #sigdie!OseK_ hold (08:40:10) #sigdie!OseK_ wait 60 seconds (08:40:15) #sigdie!OseK_ ah (08:40:16) #sigdie!OseK_ wtf (08:40:20) #sigdie!OseK_ i only dropped one box? (08:40:29) #sigdie!OseK_ cuz it wouldn't respond for a second there (08:40:44) #sigdie!OseK_ i wanna fucking drop banetele (08:40:49) #sigdie!p well (08:40:50) #sigdie!p my turn (08:40:51) #sigdie!OseK_ cuz those fags are the ones that put that page up on there (08:40:55) #sigdie!OvEr_LoAD lol lets do it (08:41:05) #sigdie!p OK (08:41:06) #sigdie!p wach (08:41:08) #sigdie!p watch (08:41:13) #sigdie!p is everyone watching (08:41:18) #sigdie!OseK_ yeah (08:41:28) #sigdie!OseK_ pwned (08:41:31) #sigdie!OseK_ p- (08:41:32) #sigdie!OseK_ u (08:41:34) #sigdie!p no i didnt even do anything (08:41:35) #sigdie!OseK_ pwn (08:41:36) #sigdie!p :P (08:41:38) #sigdie!OseK_ wtf (08:41:44) #sigdie!OseK_ why are they all fucked now (08:41:48) #sigdie!p they arent.. (08:42:01) #sigdie!p unless youre talking about 212.242.41.35 (08:42:05) #sigdie!p im flooding its httpd (08:42:28) #sigdie!p ok ok (08:42:29) #sigdie!p watch (08:42:57) #sigdie!p bewm (08:43:00) #sigdie!OseK_ ok (08:43:02) #sigdie!OseK_ dammit (08:43:05) #sigdie!OseK_ you hit it right when i do (08:43:07) #sigdie!p it doesnt like ICMP (08:43:07) #sigdie!OseK_ i can never tell (08:43:10) #sigdie!OseK_ if my shit is working (08:43:22) #sigdie!OseK_ :) (08:43:33) #sigdie!OseK_ its up (08:43:44) #sigdie!p i only did 50 seconds (08:44:06) #sigdie!OseK_ hrm (08:44:20) #sigdie!p 212.242.41.17 no like the icmp (08:45:19) #sigdie!OseK_ ok (08:45:23) #sigdie!OseK_ imma go play with banetele (08:48:02) #sigdie!OseK_ i just collapsed banetele's BGP announcement (08:48:09) #sigdie!OseK_ but that doesn't help (08:48:13) #sigdie!OseK_ cuz they're not gonna split (08:48:43) #sigdie!p i dunno banetele looks dead (08:48:48) #sigdie!p or maybe im just lagging (08:49:00) #sigdie!OseK_ ... BitchX: Sent server ping to [irc.banetele.no] (08:49:00) #sigdie!OseK_ ... Server pong from irc.banetele.no 0.8224 seconds (08:49:12) #sigdie!p bash-2.05a$ telnetirc.banetele.no 6667 (08:49:13) #sigdie!p Trying 213.239.111.2... (08:49:16) #sigdie!OseK_ thats cuz I collapsed their BGP announcement by nailing their router head on(08:49:26) #sigdie!OseK_ but they have a secondary route to efnet (08:49:30) #sigdie!_mre|42o BGP announcement? (08:49:31) #sigdie!OseK_ thru their multihomed connection (08:49:32) #sigdie!OseK_ yeah (08:49:37) #sigdie!OseK_ they have a collapsable route (08:49:44) #sigdie!OseK_ using the border gateway protocl (08:49:54) #sigdie!OseK_ hey have to announce to a pool (08:49:58) #sigdie!OseK_ in order to establish their route (08:50:07) #sigdie!OseK_ but if thye get hit enough their router drops the announcements (08:50:10) #sigdie!OseK_ and they lose their routes (08:50:14) #sigdie!OseK_ its wierd (08:50:21) #sigdie!OseK_ i dont quite understand how it works myself (08:50:33) #sigdie!OseK_ its something you only find UU net and IRC servers doing (08:50:34) #sigdie!OseK_ hehe (08:51:19) #sigdie!OseK_ they should recover now (08:51:21) #sigdie!OseK_ any time (08:53:30) #sigdie!OseK_ damn (08:48:02) #sigdie!OseK_ i just collapse (08:48:09) #sigdie!OseK_ but that doesn't help (08:48:13) #sigdie!OseK_ cuz they're not gonna split (08:48:43) #sigdie!p i dunno banetele looks dead (08:48:48) #sigdie!p or maybe im just lagging (08:49:00) #sigdie!OseK_ ... BitchX: Sent server ping to [irc.banetele.no] (08:49:00) #sigdie!OseK_ ... Server pong from irc.banetele.no 0.8224 seconds (08:49:12) #sigdie!p bash-2.05a$ telnet irc.banetele.no 6667 (08:49:13) #sigdie!p Trying 213.239.111.2... (08:49:16) #sigdie!OseK_ thats cuz I collapsed their BGP announcement by nailing their router head on (08:49:26) #sigdie!OseK_ but they have a secondary route to efnet (08:49:30) #sigdie!_mre|42o BGP announcement? (08:49:31) #sigdie!OseK_ thru their multihomed connection (08:49:32) #sigdie!OseK_ yeah (08:49:37) #sigdie!OseK_ they have a collapsable route (08:49:44) #sigdie!OseK_ using the border gateway protocl (08:49:54) #sigdie!OseK_ hey have to announce to a pool (08:49:58) #sigdie!OseK_ in order to establish their route (08:50:07) #sigdie!OseK_ but
Re: Packet Kiddies Invade NANOG
On Monday, March 15, 2004 1:11 PM [EST], John Harold [EMAIL PROTECTED] wrote: Yes, Gregory Taylor aka OseK is a perfect gentlemen now. Here are logs from Feb 4th 2004 showing him being a perfect gentlemen... You know how easy it is to fake IRC logs? (16:12:01) #nanog!jh I l33t hax0red y0uz! (16:12:30) #nanaog!skrptkd No, I l33t hax0red y0uz first! and on and on, I don't know why you people seem to think I'm involved with all of this stuff. If you want to show evidence, do it offlist and among yourselves, because I don't think people give a crap about your little spats between one another - especially not based on IRC logs. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: Security: Cisco time?
hice html shows lusers not operators, and i am not a browser. DIVHello,/DIV DIVnbsp;/DIV DIVI think cisco woke up now, A href=http://www.theregister.co.uk/content/5/36156.html;http://www.theregister.co.uk/content/5/36156.html/A/DIV DIVnbsp;/DIV DIVYou NSPs are the worst enemy for the internet security, do you know why?/DIV DIVnbsp;/DIV DIVYou are allowing your customers to abuse, and ignore the abuse emails, but that doesn't matter since they pay for the bw./DIV DIVnbsp;/DIV DIVGood example, hinet is the spolied kid of Sprint, UUNet, and ATamp;T, is the worst infected ISP./DIV DIVI don't buy innocent users joke, everyone connected the net is responsible and shouldn't be a problem on it./DIV DIVnbsp;/DIV DIVI think it's the right time to make something for abuseive NSP/ISPs like spews./DIV DIVnbsp;/DIV DIVahbl.org is good idea./DIV DIVnbsp;/DIV DIVPS: I know most of you, were ignoring the DDoS till it's too late now, soon we will see the internet goes down, and not trust worthy./DIV DIVnbsp;/DIV DIVThanks,/DIV DIVnbsp;/DIV DIV-J/DIVphr SIZE=1 Do you Yahoo!?br Yahoo! Search - a href=http://search.yahoo.com/?fr=ad-mailsig-home;Find what youre looking for faster./a
Re: Packet Kiddies Invade NANOG
Stop it children. The thousands of people on this mailing list do not need to watch this road kill. -ren At 06:11 PM 3/15/2004 +, John Harold wrote: Yes, Gregory Taylor aka OseK is a perfect gentlemen now. Here are logs from Feb 4th 2004 showing him being a perfect gentlemen... (08:35:45) #sigdie!OseK_ :[NEMESIS] Nodes are attacking 212.242.41.0/24 on port 666 for 60 seconds using spoofed TCP RESET Packets ... (08:36:04) #sigdie!OseK_ doesn't help the port 666 tho :( (08:36:31) #sigdie!OseK_ you prolly have a much larger dosnet than me tho (08:36:34) #sigdie!OseK_ i only have 500 nodes (08:38:55) #sigdie!OseK_ you dropped it (08:38:58) #sigdie!OseK_ so it cant take ICMP (08:39:00) #sigdie!OseK_ what'd you hit? (08:39:18) #sigdie!p .17 (08:39:54) #sigdie!OseK_ down (08:39:55) #sigdie!OseK_ i got it (08:39:56) #sigdie!OseK_ :) (08:40:03) #sigdie!p let me try by myself ! (08:40:07) #sigdie!p no (08:40:07) #sigdie!p its up (08:40:08) #sigdie!OseK_ hold (08:40:10) #sigdie!OseK_ wait 60 seconds (08:40:15) #sigdie!OseK_ ah (08:40:16) #sigdie!OseK_ wtf (08:40:20) #sigdie!OseK_ i only dropped one box? (08:40:29) #sigdie!OseK_ cuz it wouldn't respond for a second there (08:40:44) #sigdie!OseK_ i wanna fucking drop banetele (08:40:49) #sigdie!p well (08:40:50) #sigdie!p my turn (08:40:51) #sigdie!OseK_ cuz those fags are the ones that put that page up on there (08:40:55) #sigdie!OvEr_LoAD lol lets do it (08:41:05) #sigdie!p OK (08:41:06) #sigdie!p wach (08:41:08) #sigdie!p watch (08:41:13) #sigdie!p is everyone watching (08:41:18) #sigdie!OseK_ yeah (08:41:28) #sigdie!OseK_ pwned (08:41:31) #sigdie!OseK_ p- (08:41:32) #sigdie!OseK_ u (08:41:34) #sigdie!p no i didnt even do anything (08:41:35) #sigdie!OseK_ pwn (08:41:36) #sigdie!p :P (08:41:38) #sigdie!OseK_ wtf (08:41:44) #sigdie!OseK_ why are they all fucked now (08:41:48) #sigdie!p they arent.. (08:42:01) #sigdie!p unless youre talking about 212.242.41.35 (08:42:05) #sigdie!p im flooding its httpd (08:42:28) #sigdie!p ok ok (08:42:29) #sigdie!p watch (08:42:57) #sigdie!p bewm (08:43:00) #sigdie!OseK_ ok (08:43:02) #sigdie!OseK_ dammit (08:43:05) #sigdie!OseK_ you hit it right when i do (08:43:07) #sigdie!p it doesnt like ICMP (08:43:07) #sigdie!OseK_ i can never tell (08:43:10) #sigdie!OseK_ if my shit is working (08:43:22) #sigdie!OseK_ :) (08:43:33) #sigdie!OseK_ its up (08:43:44) #sigdie!p i only did 50 seconds (08:44:06) #sigdie!OseK_ hrm (08:44:20) #sigdie!p 212.242.41.17 no like the icmp (08:45:19) #sigdie!OseK_ ok (08:45:23) #sigdie!OseK_ imma go play with banetele (08:48:02) #sigdie!OseK_ i just collapsed banetele's BGP announcement (08:48:09) #sigdie!OseK_ but that doesn't help (08:48:13) #sigdie!OseK_ cuz they're not gonna split (08:48:43) #sigdie!p i dunno banetele looks dead (08:48:48) #sigdie!p or maybe im just lagging (08:49:00) #sigdie!OseK_ ... BitchX: Sent server ping to [irc.banetele.no] (08:49:00) #sigdie!OseK_ ... Server pong from irc.banetele.no 0.8224 seconds (08:49:12) #sigdie!p bash-2.05a$ telnetirc.banetele.no 6667 (08:49:13) #sigdie!p Trying 213.239.111.2... (08:49:16) #sigdie!OseK_ thats cuz I collapsed their BGP announcement by nailing their router head on(08:49:26) #sigdie!OseK_ but they have a secondary route to efnet (08:49:30) #sigdie!_mre|42o BGP announcement? (08:49:31) #sigdie!OseK_ thru their multihomed connection (08:49:32) #sigdie!OseK_ yeah (08:49:37) #sigdie!OseK_ they have a collapsable route (08:49:44) #sigdie!OseK_ using the border gateway protocl (08:49:54) #sigdie!OseK_ hey have to announce to a pool (08:49:58) #sigdie!OseK_ in order to establish their route (08:50:07) #sigdie!OseK_ but if thye get hit enough their router drops the announcements (08:50:10) #sigdie!OseK_ and they lose their routes (08:50:14) #sigdie!OseK_ its wierd (08:50:21) #sigdie!OseK_ i dont quite understand how it works myself (08:50:33) #sigdie!OseK_ its something you only find UU net and IRC servers doing (08:50:34) #sigdie!OseK_ hehe (08:51:19) #sigdie!OseK_ they should recover now (08:51:21) #sigdie!OseK_ any time (08:53:30) #sigdie!OseK_ damn (08:48:02) #sigdie!OseK_ i just collapse (08:48:09) #sigdie!OseK_ but that doesn't help (08:48:13) #sigdie!OseK_ cuz they're not gonna split (08:48:43) #sigdie!p i dunno banetele looks dead (08:48:48) #sigdie!p or maybe im just lagging (08:49:00) #sigdie!OseK_ ... BitchX: Sent server ping to [irc.banetele.no] (08:49:00) #sigdie!OseK_ ... Server pong from irc.banetele.no 0.8224 seconds (08:49:12) #sigdie!p bash-2.05a$ telnet irc.banetele.no 6667 (08:49:13) #sigdie!p Trying 213.239.111.2... (08:49:16) #sigdie!OseK_ thats cuz I collapsed their BGP announcement by nailing their router head on (08:49:26) #sigdie!OseK_ but they have a secondary route to efnet (08:49:30) #sigdie!_mre|42o BGP announcement? (08:49:31) #sigdie!OseK_ thru their multihomed connection (08:49:32) #sigdie!OseK_ yeah (08:49:37) #sigdie!OseK_ they have a collapsable route (08:49:44) #sigdie!OseK_ using the border
Re: Packet Kiddies Invade NANOG
: Stop it children. The thousands of people on this mailing list do not need : to watch this road kill. -ren But they sure make good kill file fodder ! James Edwards Routing and Security [EMAIL PROTECTED] At the Santa Fe Office: Internet at Cyber Mesa Store hours: 9-6 Monday through Friday 505-988-9200 SIP:1(747)669-1965
Re: Packet Kiddies Invade NANOG
ren wrote: Stop it children. The thousands of people on this mailing list do not need to watch this road kill. -ren mode=voice in the wilderness Some where it was ineffectively written that if you stop responding to them, and particularly, if you stop endorsing the crap by quoting it all verbatim over your signature, they will eventually stop reacting. additional_mode=grabage, removal snip /mode Kind of like this cold--I was asked why I didn't I a, b, c, and d--guaranteed to get rid of it in 14 days. I responded that I am unemployed and can not afford all that and am therefore doomed to wait out the whole 2 weeks. -- Requiescas in pace o email
Re: Load Balancing Multiple DS3s (outgoing) on a 7500
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Joe Abley wrote: | | | On 12 Mar 2004, at 23:24, joe mcguckin wrote: | | Patrick, | | I suspect that each FE goes to a different AS... | | | In that case, sample/count outbound traffic volumes by | (prefix/AS/AS_PATH/something), sort the resulting list, and develop an | import policy based on the top N entries which shares the traffic by | tweaking some other attribute to avoid the last-resort tie-break. | | Or bypass the measurement part, and make wild guesses about where your | traffic is going, and apply an import policy based on that. Either way, | lather, rinse, repeat. | | There might be something relevant in the slot I did in this tutorial in | Richmond Hill: | | http://www.nanog.org/mtg-0206/te.html | And products from folks like Proficient Networks and Routescience can automate the process for you. - -- = bep -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.2 (MingW32) iD8DBQFAVgGrE1XcgMgrtyYRAo3xAJ4qwszZ/lXxMeMJ5jF2OD9LDaMR/QCeOjz+ a8Mzb383mIOoEE2J0IzVq+I= =4QaS -END PGP SIGNATURE-
Re: Fw: Packet Kiddies Invade NANOG
On Mon, 15 Mar 2004 00:36:00 EST, Joshua Brady said: I was talking more along the lines of disclosing personal information without permission, slander is another one as well... I'm coming up empty-handed on statutes for the disclosure issue. Asking around in the office found lots of rules that we as a university have to comply with (mostly having to do with the information's status as student records), and businesses often have privacy requirements (see HIPPA and similar, and California has it's very recent laws regarding notification of information disclosure due to hacking incidents), but I'm not finding any good cites for Joe User discloses Jim Random's info. Tacky? Yes. Illegal? I'll wait to hear a citation (federal would be somewhere in USC or CFR, state laws would be wherever your state keeps them - but making them apply to an Internet incident might be tricky...) pgp0.pgp Description: PGP signature
Re: Packet Kiddies Invade NANOG
Susan, could you please clarify the NANOG AUP for the benefit of some of our young/new posters? Thank you, -David Barak -Fully RFC 1925 Compliant- --- John Harold [EMAIL PROTECTED] wrote: snipped IRC junk = David Barak -fully RFC 1925 compliant- __ Do you Yahoo!? Yahoo! Mail - More reliable, more storage, less spam http://mail.yahoo.com
Re: Packet Kiddies Invade NANOG
On Mon, 15 Mar 2004, David Barak wrote: Susan, could you please clarify the NANOG AUP for the benefit of some of our young/new posters? Thank you, -David Barak -Fully RFC 1925 Compliant- Either that or they can check out the website, http://www.nanog.org/aup.html -- (o_ stefan larsson(o_ (o_ //\ mailto:[EMAIL PROTECTED] (/)_ (/)_ V_/_ 9210 2EED 1153 C985 C010 C9F8 B9A5 2B46 5638 52A7
Cisco website www.cisco.com 403 forbidden?
Is it just me that they don't like? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Cisco's Website down?
Anyone else seeing an error getting to www.cisco.com? !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE403 Forbidden/TITLE /HEADBODY H1Forbidden/H1 You don't have permission to access / on this server.P PAdditionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. HR ADDRESSApache/1.0 Server at www.cisco.com Port 80/ADDRESS /BODY/HTML Cheers -Joe
RE: Cisco website www.cisco.com 403 forbidden?
| Behalf Of Jay Hennigan | Sent: March 15, 2004 3:19 PM | | Is it just me that they don't like? Apparently they don't like me either. On top of that, they're running Apache 1.0--not so good. Todd --
RE: Cisco website www.cisco.com 403 forbidden?
Nope. It's horked. = TC -Original Message- From: Jay Hennigan [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 2:19 PM To: [EMAIL PROTECTED] Subject: Cisco website www.cisco.com 403 forbidden? Is it just me that they don't like? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Cisco website www.cisco.com 403 forbidden?
Nah, they hate me too. :-) On Mon, 15 Mar 2004, Jay Hennigan wrote: Is it just me that they don't like? -- Jay Hennigan - CCIE #7880 - Network Administration - [EMAIL PROTECTED] WestNet: Connecting you to the planet. 805 884-6323 WB6RDV NetLojix Communications, Inc. - http://www.netlojix.com/
Re: Cisco website www.cisco.com 403 forbidden?
On 15.03.2004 21:18 Jay Hennigan wrote: Is it just me that they don't like? me too Arnold
Re: Cisco website www.cisco.com 403 forbidden?
On Mon, 15 Mar 2004, Jay Hennigan wrote: Is it just me that they don't like? Nope, they got me too.
Re: Cisco website www.cisco.com 403 forbidden?
Jay Hennigan wrote: Is it just me that they don't like? I've seen one or two other reports. Seems like a good opportunity for a round of Wild Speculation. -- Requiescas in pace o email
RE: Cisco website www.cisco.com 403 forbidden?
| Behalf Of Jay Hennigan | Sent: March 15, 2004 3:19 PM | | Is it just me that they don't like? All fixed now, but load times are hella slow: phoenix:~# curl -I cisco.com HTTP/1.1 200 OK Date: Mon, 15 Mar 2004 20:40:53 GMT Server: Apache/1.0 (Unix) Set-Cookie: CP_GUTC=209.123.169.252.240801079383253714; path=/; expires=Fri, 09-Mar-29 20:40:53 GMT; domain=.cisco.com Connection: close Content-Type: text/html Todd --
RE: Cisco website www.cisco.com 403 forbidden?
It was down the first time I tried... seems to be back now. Jeff -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Todd Mitchell - lists Sent: Monday, March 15, 2004 1:23 PM To: [EMAIL PROTECTED] Subject: RE: Cisco website www.cisco.com 403 forbidden? | Behalf Of Jay Hennigan | Sent: March 15, 2004 3:19 PM | | Is it just me that they don't like? Apparently they don't like me either. On top of that, they're running Apache 1.0--not so good. Todd -- ** This message, including any attachments, contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, please contact sender immediately by reply e-mail and destroy all copies. You are hereby notified that any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. TIAA-CREF **
RE: Cisco website www.cisco.com 403 forbidden?
Works fine for me. -- amar
RE: Cisco website www.cisco.com 403 forbidden?
Al Qaeda packets? -Original Message- From: Laurence F. Sheldon, Jr. [mailto:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 2:25 PM To: [EMAIL PROTECTED] Subject: Re: Cisco website www.cisco.com 403 forbidden? Jay Hennigan wrote: Is it just me that they don't like? I've seen one or two other reports. Seems like a good opportunity for a round of Wild Speculation. -- Requiescas in pace o email
Cisco 6513 Bug (was Re: hey had eric sent you
Scott, Yep, we had to send in the line cards to get them upgraded, didn't have any information on upgrading the s/w on the Line cards and TAC wanted me to RMA them back. So. Boy this one was a real pain because it only seemed protocol specific at the time. Here's the referenced Bug for those interested. CSCeb67650 Bug Details Headline WS-X6548-GE-TX WS-X6148-GE-TX may drop frames on egress Product cat6000 Model x6548 Component hw-1000tx Duplicate of Severity 2 Severity help Status Resolved Status help First Found-in Version 8.1 All affected versions First Fixed-in Version 8.1(1.8), 8.1(1.9), 8.2(0.18)DEL, 7.6(2.3), 12.1(19.4)E, 12.2(17a)SX Version help Release Notes Packets destined out the WS-X6548-GE-TX or the WS-X6148-GE-TX that are less than 64 bytes will be dropped. This can occur when a device forwards a packet that is 60 bytes and the 4 byte dot1q tag is to added to create a valid 64 byte packet. When the tag is removed the packet is 60 bytes. If the destination is out a port on the WS-X6548-GE-TX or the WS-X6148-GE-TX it will be dropped by the linecard. Additionally, if packets are received on an interface that does not have a minimum MTU of 64 bytes (e.g. ATM,POS) and are destined out the WS-X6548-GE-TX or the WS-X6148-GE-TX it will be dropped by the linecard. No current workaround other than moving the recieving device to a different model linecard. Cheers! -Joe -- From: [EMAIL PROTECTED]:[EMAIL PROTECTED] on behalf of Scott McGrath[SMTP:[EMAIL PROTECTED] Sent: Monday, March 15, 2004 11:07 AM To: joe Cc: Riley, Marty; [EMAIL PROTECTED] Subject:Re: hey had eric sent you Bit hard by same bug. What version of code are you running on the 6513 8.1(2) fixes the bug on the 6x48 line cards. What happens is that packets of 64 bytes or less are silently dropped. Replacing linecards will not help unless there is another bug of which I am not aware. With a little digging I can dredge up the relevant DDTS. Scott C. McGrath On Sat, 13 Mar 2004, joe wrote:
Re: Cisco's Website down?
On Mon, March 15, 2004 3:21 pm, [EMAIL PROTECTED] said: Anyone else seeing an error getting to www.cisco.com? Yep, from AOL, level3, and RoadRunner. All coming back as 403. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org
Re: Cisco's Website down?
Anyone else seeing an error getting to www.cisco.com? Maybe I missed to renew a service contract? They don't like me either. Adi
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
I expect, that good (tier-3, to say) network engineer MUST know Windows and Unix (== Linux, FreeBSD etc) on tear-2 (or better) level. Else, he will not be able to troubleshout his _network problem_ (because they are more likely complex Network + System + Application + Cable problem). So, it is not a good answer. - Original Message - From: Pete Templin [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 15, 2004 7:16 AM Subject: Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?) Laurence F. Sheldon, Jr. wrote: Pete Templin wrote: There's a reason I've gotten out of small ISP consulting - I don't do Windows, and I'm getting overrun by Linux corrosion slowly. I route, I switch, I help with securing networks. And I do wear a lot of hats at my day job, but I remind them that they hired a specialist, and promised lots of server support all along the way. Granted, the Windows guy is overloaded and the UNIX/Linux guy would snore in front of his PHB... If you are in Nebraska I can help you with the Unemploy^WWorkforce Development paperwork. I didn't suggest saying I'm not gonna do it. I just suggested You hired me to deploy dynamic routing on your statically-routed network. What prompted you to think that I could configure site-wide anti-virus services such that no one ever reports a virus leak from our enterprise, without training, time to test and develop such a critical solution, or both? pt
Re: Cisco's Website down?
no issues here [EMAIL PROTECTED] wrote: Anyone else seeing an error getting to www.cisco.com? !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE403 Forbidden/TITLE /HEADBODY H1Forbidden/H1 You don't have permission to access / on this server.P PAdditionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. HR ADDRESSApache/1.0 Server at www.cisco.com Port 80/ADDRESS /BODY/HTML Cheers -Joe -- My Foundation verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.
Re: Cisco website www.cisco.com 403 forbidden?
** Reply to message from Todd Mitchell - lists [EMAIL PROTECTED] on Mon, 15 Mar 2004 15:23:14 -0500 | Behalf Of Jay Hennigan | Sent: March 15, 2004 3:19 PM | | Is it just me that they don't like? Apparently they don't like me either. On top of that, they're running Apache 1.0--not so good. Todd -- As of 12:40 Pacific whatever time, it's working for me. Metadata says the updated the page March 12th. -- Jeff Shultz Loose nut behind the wheel.
RE: Cisco website www.cisco.com 403 forbidden?
Anyone going to open a TAC case ? -- Richard Danielli Founder/President eSubnet Enterprises Inc. TORONTO, ON Canada (416) 203-5253 c: (416) 525-6148 http://www.eSubnet.com ~~~ This E-mail message is confidential, intended only for the named recipient(s) above and may contain information that is privileged, confidential or exempt from disclosure under applicable law. If you receive it in error, please let us know by reply E-mail, delete it from your system and destroy any copies. Thank you. ~~~ -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Arnold Nipper Sent: Monday, March 15, 2004 3:23 PM To: Jay Hennigan Cc: [EMAIL PROTECTED] Subject: Re: Cisco website www.cisco.com 403 forbidden? On 15.03.2004 21:18 Jay Hennigan wrote: Is it just me that they don't like? me too Arnold
RE: Cisco website www.cisco.com 403 forbidden?
I can access it from Canada, but it seems that the first page is missing some info which are typically there. Priyantha Wightman Internet -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Todd Mitchell - lists Sent: Monday, March 15, 2004 3:23 PM To: [EMAIL PROTECTED] Subject: RE: Cisco website www.cisco.com 403 forbidden? | Behalf Of Jay Hennigan | Sent: March 15, 2004 3:19 PM | | Is it just me that they don't like? Apparently they don't like me either. On top of that, they're running Apache 1.0--not so good. Todd --
RE: Cisco website www.cisco.com 403 forbidden?
Back for me now too. I was seeing the error earlier though. On Mon, 15 Mar 2004, Amar Andersson wrote: Works fine for me. -- amar
www.sunfreeware.com down too?
Have noticed several sites down today. Can't seem to get to www.sunfreeware.com as well as Cisco. -- Jon R. Kibler Chief Technical Officer A.S.E.T., Inc. Charleston, SC USA (843) 849-8214 == Filtered by: TRUSTEM.COM's Email Filtering Service http://www.trustem.com/ No Spam. No Viruses. Just Good Clean Email.
Re: Cisco website www.cisco.com 403 forbidden?
no issues here..loads quickly. Todd Mitchell - lists wrote: | Behalf Of Jay Hennigan | Sent: March 15, 2004 3:19 PM | | Is it just me that they don't like? All fixed now, but load times are hella slow: phoenix:~# curl -I cisco.com HTTP/1.1 200 OK Date: Mon, 15 Mar 2004 20:40:53 GMT Server: Apache/1.0 (Unix) Set-Cookie: CP_GUTC=209.123.169.252.240801079383253714; path=/; expires=Fri, 09-Mar-29 20:40:53 GMT; domain=.cisco.com Connection: close Content-Type: text/html Todd -- -- My Foundation verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD.
Re: Cisco website www.cisco.com 403 forbidden?
On Mon, 15 Mar 2004, Laurence F. Sheldon, Jr. wrote: Jay Hennigan wrote: Is it just me that they don't like? I've seen one or two other reports. Seems like a good opportunity for a round of Wild Speculation. Cisco is under spam attack Cisco has closed their website because Vendor J made fun of it Cisco just lost all of their data! Call DataSafe! An intern unplugged the website Cisco decided to use SPEWS to control access to their website
RE: Cisco website www.cisco.com 403 forbidden?
On Mon, March 15, 2004 3:41 pm, Todd Mitchell - lists said: | Behalf Of Jay Hennigan | Sent: March 15, 2004 3:19 PM | | Is it just me that they don't like? All fixed now, but load times are hella slow: Probably a million other people just discovered it was back up as well. I know alot of users that will just sit there, hitting refresh over and over again until the site finally comes up, instead of just going to do something else and coming back later. Then, when it finally comes back up, you have a million users who are hitting refresh over and over again because the site is slow, creating even more load, and you get the picture. :-) -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The AHBL - http://www.ahbl.org
.edueyeball LART RE: who offers cheap (personal) 1U colo?
: This is a topic I get very soap-boxish about. I have too : many problems with providers who don't understand the college : student market. I can think of one university who requires : students to login through a web portal before giving them a : routable address. This is such a waste of time for both : parties. Sure it makes tracking down the abusers much : easier, but is it worth the time and effort to manage? This : is a very legitimate idea for public portals in common areas, : but not in dorm rooms. In a dorm room situation or an : apartment situation, you again know the physical port the : DHCP request came in on. You then know which room that port : is connected to and you therefore have a general idea of who : the abuser is. So whats the big deal if you turn off the : ports to the room until the users complain and the problem is : resolved? Since no one's mentioned it, the program everyone is referring to is netreg: www.netreg.org www.net.cmu.edu/netreg Also, most .edueyeball networks have (and have always had) a VERY low budget for networking stuff. As a result, generally, there is little to no plant map documentation, so it isn't the case of looking up the physical port on a map and shutting it off. Netreg allows you to bad web folks. They can go nowhere until they call the helpdesk. It's a great LART. :-) === That's an evil smile... scott
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
On Mon, 15 Mar 2004, Alexei Roudnev wrote: : I expect, that good (tier-3, to say) network engineer MUST know Windows and : Unix (== Linux, FreeBSD etc) on tear-2 (or better) level. Else, he will not : be able to troubleshout his _network problem_ (because they are more likely : complex Network + System + Application + Cable problem). : : So, it is not a good answer. No true in many cases. All I have to prove is it's not the network and then I hand it off to the windows/*nix/whatever sysadmins. To prove it's not the network, I don't need to know the end systems in any sort of detail. scott : : - Original Message - : From: Pete Templin [EMAIL PROTECTED] : To: [EMAIL PROTECTED] : Sent: Monday, March 15, 2004 7:16 AM : Subject: Re: Platinum accounts for the Internet (was Re: who offers cheap : (personal) 1U colo?) : : : : Laurence F. Sheldon, Jr. wrote: : : Pete Templin wrote: : There's a reason I've gotten out of small ISP consulting - I don't do : Windows, and I'm getting overrun by Linux corrosion slowly. I route, : I switch, I help with securing networks. And I do wear a lot of hats : at my day job, but I remind them that they hired a specialist, and : promised lots of server support all along the way. Granted, the : Windows guy is overloaded and the UNIX/Linux guy would snore in front : of his PHB... : : If you are in Nebraska I can help you with the Unemploy^WWorkforce : Development paperwork. : : I didn't suggest saying I'm not gonna do it. I just suggested You : hired me to deploy dynamic routing on your statically-routed network. : What prompted you to think that I could configure site-wide anti-virus : services such that no one ever reports a virus leak from our enterprise, : without training, time to test and develop such a critical solution, or : both? : : pt : :
Curiosity
People keep asking me why don't you take that off list? I have a suggestion: say instead STFU--it is easier to type. And that is the net effect, because every attempt to take an item off-list results in something like the following. I can not really figure out what the problem is. Original Message Subject: Mail System Error - Returned Mail Date: Mon, 15 Mar 2004 15:26:16 -0500 From: Mail Administrator [EMAIL PROTECTED] Reply-To: Mail Administrator [EMAIL PROTECTED] To: [EMAIL PROTECTED] This Message was undeliverable due to the following reason: Your message was not delivered because the return address was refused. The return address was '[EMAIL PROTECTED]' Please reply to [EMAIL PROTECTED] if you feel this message to be in error. -- Requiescas in pace o email Reporting-MTA: dns; lakemtao05.cox.net Arrival-Date: Mon, 15 Mar 2004 15:26:10 -0500 Received-From-MTA: dns; cox.net (68.110.29.174) Final-Recipient: RFC822; [EMAIL PROTECTED] Action: failed Status: 5.1.1 Remote-MTA: dns; mail.rocknyou.com (24.61.68.177) Diagnostic-Code: smtp; 550 5.1.1 Domain or IP address blocked for spamming
RE: Cisco website www.cisco.com 403 forbidden?
Still 404s on me now when I try to log into CCO or follow any of my bookmarks to case query, pricelist, or TAC Case generation. Todays excuse of the day is: flip flip flip SUNSPOTS! On Mon, 15 Mar 2004, Todd Mitchell - lists wrote: | Behalf Of Jay Hennigan | Sent: March 15, 2004 3:19 PM | | Is it just me that they don't like? All fixed now, but load times are hella slow: phoenix:~# curl -I cisco.com HTTP/1.1 200 OK Date: Mon, 15 Mar 2004 20:40:53 GMT Server: Apache/1.0 (Unix) Set-Cookie: CP_GUTC=209.123.169.252.240801079383253714; path=/; expires=Fri, 09-Mar-29 20:40:53 GMT; domain=.cisco.com Connection: close Content-Type: text/html Todd --
Re: Cisco's Website down?
Nor here. Been connected via GBLX all day to one of their pages. ymmv, --ra On Mon, Mar 15, 2004 at 03:42:12PM -0500, William Warren said something to the effect of: no issues here [EMAIL PROTECTED] wrote: Anyone else seeing an error getting to www.cisco.com? !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN HTMLHEAD TITLE403 Forbidden/TITLE /HEADBODY H1Forbidden/H1 You don't have permission to access / on this server.P PAdditionally, a 403 Forbidden error was encountered while trying to use an ErrorDocument to handle the request. HR ADDRESSApache/1.0 Server at www.cisco.com Port 80/ADDRESS /BODY/HTML Cheers -Joe -- My Foundation verse: Isa 54:17 No weapon that is formed against thee shall prosper; and every tongue that shall rise against thee in judgment thou shalt condemn. This is the heritage of the servants of the LORD, and their righteousness is of me, saith the LORD. -- rachael treu, CISSP [EMAIL PROTECTED] ..quis costodiet ipsos custodes?..
Re: Cisco website www.cisco.com 403 forbidden?
On Mon, Mar 15, 2004 at 03:38:39PM -0500, Richard Danielli wrote: Anyone going to open a TAC case ? Good god, is there really so little interesting shit on the Internet that we are reduced to 20 post long threads me too-ing a 30 minute outage of a website which is now fixed? The god damn packet kiddies were more interesting than this crap. Enough already! -- Richard A Steenbergen [EMAIL PROTECTED] http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: www.sunfreeware.com down too?
On Mon, March 15, 2004 3:51 pm, Jon R. Kibler said: Have noticed several sites down today. Can't seem to get to www.sunfreeware.com as well as Cisco. Works fine here. Possibly some flapping going on somewhere? I just logged into several routers and checked, I see nothing entirely out of the ordinary, but I don't have the most wide view of the Internet from these routers. It could also be DoS attacks too. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
RE: Cisco website www.cisco.com 403 forbidden?
It was down, came back up. It's certainly not a networking problem so saying it's down from a couple hosts doesn't matter. that's it that's all, no need to tell everybody it was down for you. -chris On Mon, 15 Mar 2004, Forrest Houston wrote: Back for me now too. I was seeing the error earlier though. On Mon, 15 Mar 2004, Amar Andersson wrote: Works fine for me. -- amar
Re: Cisco website www.cisco.com 403 forbidden?
At 03:53 PM 15/03/2004, Tom (UnitedLayer) wrote: On Mon, 15 Mar 2004, Laurence F. Sheldon, Jr. wrote: Jay Hennigan wrote: Is it just me that they don't like? I've seen one or two other reports. Seems like a good opportunity for a round of Wild Speculation. Cisco is under spam attack Cisco has closed their website because Vendor J made fun of it Cisco just lost all of their data! Call DataSafe! An intern unplugged the website Cisco decided to use SPEWS to control access to their website Its obviously the Monsters on Maple street. * * http://www.tvtome.com/TwilightZone/season1.html#ep22 Oh no! Wait, we are the ... Ahhh!!! ---Mike
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
No true in many cases. All I have to prove is it's not the network and then I hand it off to the windows/*nix/whatever sysadmins. To prove it's not the network, I don't need to know the end systems in any sort of detail. to pass the buck, one needs to know nothing. what makes a great noc engineer is taking ownership of the user's problem. randy
Re: Curiosity
On Mon, 15 Mar 2004, Laurence F. Sheldon, Jr. wrote: And that is the net effect, because every attempt to take an item off-list results in something like the following. I can not really figure out what the problem is. You're on SPEWS eh?
PRISP (ISP Provisiong) Project (was - Ipal project)
Due to previous ipal name collision discovered last week the project has been renamed PRISP, big thanks to GertJan Hagenaars for this name. Again if people would like to participate, this project will develop opensource software (or framework and database schema for such software) to help ISPs in tracking setup of new network services and connections. This would include allocation of ip addresses and database of such allocations, database of circuits and network devices, administration and colloboration on actual provisioning process for new connections (both for physical circuits and logical connections such as for colo customer), etc. At some distant future project homepage will be located at www.prisp.org currently there is a sourceforge project info at: http://sourceforge.net/projects/prisp/ If you're interested in helping, please join the mail list: http://lists.sourceforge.net/mailman/listinfo/prisp-discuss Or send email to [EMAIL PROTECTED] with usual subscribe in subject and body For reference for those who may join mail list after this message, below is the first email that is starting real project discussions (there have been some smaller discussions last week on different mail lists but we're starting it all again to keep track of this in archives): -- Date: Mon, 15 Mar 2004 13:40:26 -080D (PST) From: william(at)elan.net [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Open discussion - service provisioning components We'll open the discussion with what people would like to see in the service provisioning database software. Try to think of what network engineers are doing when setting up new customer and which settings might be general enough to be part of some database as well as which of those settings can be automated in some way. Might also be good if in your reply, you order these settings by how they come up in the actual provisioning process. -- William Leibzon Elan Networks [EMAIL PROTECTED]
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
On Mon, Mar 15, 2004 at 12:21:54PM -1000, Randy Bush wrote: No true in many cases. All I have to prove is it's not the network and then I hand it off to the windows/*nix/whatever sysadmins. To prove it's not the network, I don't need to know the end systems in any sort of detail. to pass the buck, one needs to know nothing. what makes a great noc engineer is taking ownership of the user's problem. The fact of the matter is, business environments today do not frequently seek specific expertise to solve specific problems, preferring instead to (ab)use existing employees to do more than they were hired to do with less time, less training, and fewer resources than they need. Similarly, experts brought in from the outside are usually expected to opine on their areas of expertise as little as possible so that they can be similarly (ab)used to do things other than what they were contracted to do. While taking responsibility for solving problems is an important quality, knowing how to effectively use your time is equally important. On a good note, contract killers seem exempt from this trend. Kelly
Re: Cisco's Website down?
Anyone else seeing an error getting to www.cisco.com? Yep, from AOL, level3, and RoadRunner. All coming back as 403. You expected the webserver to react differently depending on how your packets got there? Steve
Re: Cisco's Website down?
On Monday, March 15, 2004 6:01 PM [EST], Stephen J. Wilcox [EMAIL PROTECTED] wrote: Anyone else seeing an error getting to www.cisco.com? Yep, from AOL, level3, and RoadRunner. All coming back as 403. You expected the webserver to react differently depending on how your packets got there? Steve Possibly multiple web servers, each handling different areas, in some sort of a cluster? Its not unheard of. I used to have a system like that for one of my customers - based on where the traffic was coming from, the front end server which routed the connections to the various backend web servers, which would serve up slightly different data. Someone comes from RU, send them to a specific server which handles content for russia, and so on. 403 means permission denied, correct? Also could mean that its got the IP range you are coming from blacklisted. (Try visiting the Blars BL homepage from a blacklisted IP address, and you'll see what I mean). When trying to figure out where a problem is, sometimes its good to try from multiple locations regardless, even if it seems to be a problem specifically with the server itself. -- Brian Bruns The Summit Open Source Development Group Open Solutions For A Closed World / Anti-Spam Resources http://www.sosdg.org The Abusive Hosts Blocking List http://www.ahbl.org
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
On Mon, 15 Mar 2004, Randy Bush wrote: : No true in many cases. All I have to prove is it's not the network and : then I hand it off to the windows/*nix/whatever sysadmins. To prove : it's not the network, I don't need to know the end systems in any sort of : detail. : : to pass the buck, one needs to know nothing. what makes a great noc : engineer is taking ownership of the user's problem. In smaller networks, sure. However, it's not about passing the buck in large networks. It's about responsibilities. There, if you take ownership of the sysadmin's part of the ticket (where there're a lot of sysadmins for every OS), you'll likely get =them= chopped off and hung on the wall as an example to others. I would be pissed if one of the sysadmin folks tried to troubleshoot the backbone network instead of handing it off to me after clearing their part of the problem... All I need to do is clear my part and pass it to them with all helpful data points included in the ticket. Any more than that and I'm stomping on other folks' toes. scott
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
On Mon, 15 Mar 2004 [EMAIL PROTECTED] wrote: Maybe NANOG needs to implement a system where you have to log in to a web page with your NANOG meeting passcode in order to get a usable IP address. Then, when an infected computer shows up we will know exactly whose it was. Might even be interesting for a researcher to interview every infected party and figure out why it is happening even among a supposedly clueful group. I find it ironic that one of the presentations at the last nanog was about a system kind of like that: http://www.nanog.org/mtg-0402/gauthier.html and that we had some luser on the nanog30 wireless network infected by SQL slammer. Does anyone know who that was, how/if they were located and removed from the network, and whether they brought an infected PC (either via stupidity or as a joke) or simply brought an unpatched system out from behind their firewall/packet filters and got infected before they got a chance to actually use the network? After that incident, I sniffed the wireless for a little while and noticed slammer is alive and well out on the internet and still trying to infect the rest of the internet. We're still blocking it at our transit borders. The one time it was removed (accidentally), a colo customer was infected very shortly after the filter's protection was lost. -- Jon Lewis [EMAIL PROTECTED]| I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
I find it ironic that one of the presentations at the last nanog was about a system kind of like that: http://www.nanog.org/mtg-0402/gauthier.html and that we had some luser on the nanog30 wireless network infected by SQL slammer. Well it wouldnt be nanog without a few infections, password grabs and other random security breaches Does anyone know who that was, how/if they were located and removed from the network, and whether they brought an infected PC (either via stupidity or as a joke) or simply brought an unpatched system out from behind their firewall/packet filters and got infected before they got a chance to actually use the network? Probably genuine error (clueless/oversight), no names.. where is Randy when you want him? After that incident, I sniffed the wireless for a little while and noticed slammer is alive and well out on the internet and still trying to infect the rest of the internet. *jlewis in network sniffing shock!* We're still blocking it at our transit borders. The one time it was removed (accidentally), a colo customer was infected very shortly after the filter's protection was lost. yeah theres lots, we filter for several known worms on the gateway routers at the meetings we sponsor, i recommend nanog sponsors do the same (altho it cant save u from the devil within) Steve -- Jon Lewis [EMAIL PROTECTED]| I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
A TCP Replacement protocol 6000 times faster than DSL?
Found on slashdot: http://www.scienceblog.com/community/article2473.html Any idea what they're trying to say/sell? The article is so vague as to be mostly useless, but it seems to indicate the usual stuff like sliding windows. -S -- Scott Call Router Geek, ATGi, home of $6.95 Prime Rib I make the world a better place, I boycott Wal-Mart VoIP incoming: +1 360-382-1814
Re: A TCP Replacement protocol 6000 times faster than DSL?
http://www.slac.stanford.edu/grp/scs/net/talk03/tcp-slac-nov03.pdf signature.asc Description: This is a digitally signed message part
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
Ok - is name resoluution issue network issue or not? if it is, how can you answer anything without knowing, for example, of existing Windows DNS client with internal cache, and difference between 'ping' and 'nslookup' name resolution on Solaris? Is ARP problem - network one or not? if it is, how can you determine, what happen, if some crazy server became ARP proxy and sends wrong information to everyone? For tier-2 - I agree. For real tier-3 - I can not. Those friends, who are excellent network engineers (much better than me, with CCIE and other _really good_ experience), knows Windows and Unix on a very good level. (of course, if some HR asks them 'where is configuration file for SAMBA on Solaris - no one answer, but it does not mean that they do not know Solaris; and you can always met religious people 'my god is MS / my god is Linux'). - Original Message - From: Scott Weeks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, March 15, 2004 1:32 PM Subject: Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?) On Mon, 15 Mar 2004, Alexei Roudnev wrote: : I expect, that good (tier-3, to say) network engineer MUST know Windows and : Unix (== Linux, FreeBSD etc) on tear-2 (or better) level. Else, he will not : be able to troubleshout his _network problem_ (because they are more likely : complex Network + System + Application + Cable problem). : : So, it is not a good answer. No true in many cases. All I have to prove is it's not the network and then I hand it off to the windows/*nix/whatever sysadmins. To prove it's not the network, I don't need to know the end systems in any sort of detail. scott : : - Original Message - : From: Pete Templin [EMAIL PROTECTED] : To: [EMAIL PROTECTED] : Sent: Monday, March 15, 2004 7:16 AM : Subject: Re: Platinum accounts for the Internet (was Re: who offers cheap : (personal) 1U colo?) : : : : Laurence F. Sheldon, Jr. wrote: : : Pete Templin wrote: : There's a reason I've gotten out of small ISP consulting - I don't do : Windows, and I'm getting overrun by Linux corrosion slowly. I route, : I switch, I help with securing networks. And I do wear a lot of hats : at my day job, but I remind them that they hired a specialist, and : promised lots of server support all along the way. Granted, the : Windows guy is overloaded and the UNIX/Linux guy would snore in front : of his PHB... : : If you are in Nebraska I can help you with the Unemploy^WWorkforce : Development paperwork. : : I didn't suggest saying I'm not gonna do it. I just suggested You : hired me to deploy dynamic routing on your statically-routed network. : What prompted you to think that I could configure site-wide anti-virus : services such that no one ever reports a virus leak from our enterprise, : without training, time to test and develop such a critical solution, or : both? : : pt : :
3 strikes - Interior Department ordered offline again
The US Department of Interior was ordered to disconnect most, but not all, Internet connections. They don't have to disconnect their modems, private networks, or other agency networks. This is the third time the court has ordered the Interior Department to disconnect some or all of their systems. The court's order is interesting reading http://www.indiantrust.com/_pdfs/20040315DisconnectITSystems.pdf Although the judge is clearly frustrated with Interior's behaivor to date, there are practical limits on what a professional can say. An architect can only swear she designed a building to meet applicable codes, not that the building will never fall down.
Re: Platinum accounts for the Internet (was Re: who offers cheap (personal) 1U colo?)
Is it bad, If they (your sysadmins) understand your backbone infrastructure and understand such things, as MTU MTU discovery, knows about ACL filters (without extra details) and existing limitations? They are not required to know about VPN mode or T3 card configuration, but they must understand basic things. Else, everything ends up in a long delays and 10 person technical meetings (by the phone, of course) - which is the best way of wasting anyone's time. : : to pass the buck, one needs to know nothing. what makes a great noc : engineer is taking ownership of the user's problem. In smaller networks, sure. However, it's not about passing the buck in large networks. It's about responsibilities. There, if you take ownership of the sysadmin's part of the ticket (where there're a lot of sysadmins for every OS), you'll likely get =them= chopped off and hung on the wall as an example to others. I would be pissed if one of the sysadmin folks tried to troubleshoot the backbone network instead of handing it off to me after clearing their part of the problem... All I need to do is clear my part and pass it to them with all helpful data points included in the ticket. Any more than that and I'm stomping on other folks' toes. scott
Electrical Fire at 2nd + Federal Street
Apparently there's some PGE problem, and a possible electrical fire. It appears that 501 2nd street is on Generator, and several other businesses on federal and 2nd streets are out of power. Bryant street appears to have spotty power in the area. Anyone else know anything about this? --- Tom SparksUnitedLayer Office: 415-294-4111 AS23342
Re: .edueyeball LART RE: who offers cheap (personal) 1U colo?
On Mon, 15 Mar 2004 11:27:42 -1000, Scott Weeks [EMAIL PROTECTED] said: Also, most .edueyeball networks have (and have always had) a VERY low budget for networking stuff. As a result, generally, there is little to no plant map documentation, so it isn't the case of looking up the physical port on a map and shutting it off. OK, maybe our network crew is more clued and better financed than most, but we discovered long ago that although having all the plant documented is expensive, the alternative is even more costly in the long run. pgp0.pgp Description: PGP signature
AS3561 - lights are on but nobody's home?
I know that CW was supposed to close their US ops, and then it went to re-org and became CW America or something of the sort, but does anyone here have a clue as to their new support info? Because just a week or so ago 800-486-9932 got me to a real human for support, and now it just rings and rings. And $ dig www.cw.net @ns.cw.net ; DiG 9.2.2 www.cw.net @ns.cw.net ;; global options: printcmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NXDOMAIN, id: 35298 ;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.cw.net.IN A ;; AUTHORITY SECTION: cw.net. 600 IN SOA ns1.cw.net. hostmaster.cw.net. 2004031502 3600 600 360 600 ;; Query time: 48 msec ;; SERVER: 204.70.128.1#53(ns.cw.net) ;; WHEN: Mon Mar 15 19:40:25 2004 ;; MSG SIZE rcvd: 79 So, anyone else using CW who might know how I can report a flapping BGP session open a ticket? TIA, Mike