Re: IOS Rookit: the sky isn't falling (yet)
here's the slides if anyone hasn't seen http://seclists.org/fulldisclosure/2008/May/att-0668/EuSecWest_presentation_ppt On Thu, May 29, 2008 at 11:27 AM, Fred Reimer [EMAIL PROTECTED] wrote: New keys, to be stored on the crypto chip, would presumably be delivered in a separately signed package using a master key that would not change (embedded within the chip). Maybe Cisco even doesn't have this key, and would need to send a revocation or new public key to be stored on the chip to the chip manufacturer, who would sign it with the master private key and which then could be delivered in a software update to the system. There are many possibilities, and no crypto scheme is foolproof. That much has been proven. But no, you would not make the on-chip EEPROM of the crypto chip flashable in the normal meaning of the word. You would send the chip a pointer to a buffer that contains a signed update key, and the chip itself would verify that signature and only then program the updated key(s). My intention was not to turn nanog into a crypto forum. I'd be much more interested in any unique methods that people use to harden their systems that have not already been widely distributed through vendor or industry best practices. Fred Reimer, CISSP, CCNP, CQS-VPN, CQS-ISS Senior Network Engineer Coleman Technologies, Inc. 954-298-1697 -Original Message- From: Jim Wise [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2008 11:10 AM To: Fred Reimer Cc: Jared Mauch; nanog@nanog.org Subject: RE: IOS Rookit: the sky isn't falling (yet) -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thu, 29 May 2008, Fred Reimer wrote: The code would presumably be run upon boot from a non-flashable source, which would run the boot ROM code through a check on the crypto chip and only execute it if it passed. You would not put the code that checks the boot ROM on the boot ROM. The new crypto chip would presumably have the initial boot code, which would only be designed to check the boot ROM signature and nothing else so presumably would never need to be replaced and hence would be designed to be non-flashable. Doesn't this just push the chicken-and-egg problem up the chain one step? The ROMMON would be flashable (among other reasons) because the key used to sign IOS releases should change over the years -- gaining length as cycles get cheaper, being replaced periodically to prevent use of the same key for too long, and perhaps being revoked if it should ever be compromised. If the ROMMON is itself to be verified by a prior, non-flashable ROM, then all the same arguments would call for making its key-list updatable -- and given the time-in-service seen by many such devices, any weakness in that key list would be around for quite some time. - -- Jim Wise [EMAIL PROTECTED] -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.9 (NetBSD) iD8DBQFIPsdRq/KRbT0KwbwRAkcmAJ4xOBtANHOc+C/fzL+7PvgWnjp76ACfSGUw 43+1Pq3xWS4MagWzdetZ0ws= =62gJ -END PGP SIGNATURE-
Update: NANOG 43 PGP signing party.
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 The keysigning sessions are going to be during the morning breaks during the general session, and will be located in the Gleason/Roebling rooms. Monday June 2nd11:00-11:30 Tuesday June 3rd11:00-11:30 If you plan to participate there is still time up until tomorrow to add your key to the keyring at: http://biglumber.com/x/web?ev=19916 And come to one or both sessions with some form of government issued photo ID. If you have any further questions, feel free to contact me via email or corner one of the people with the pgp signing dots since they mostly know the score. While printouts will probably be available at the sessions, feel free to add your key to the keyring right up to the time of the last keysigning event. thanks joel ___ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.7 (GNU/Linux) Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org iD8DBQFIQ+FV8AA1q7Z/VrIRAuN6AJ4hlfoRX/B2lFC5xlLV+nX1jOnuhgCdE8Me vmxenQEVkrzrcT6waUiN3zk= =Oaxb -END PGP SIGNATURE-
Re: Types of packet modifications allowed for networks
Darden, Patrick S. wrote: --packet fragmentation due to inconsistent MTUs and/or bandwidth (e.g. moving from ATM at 150Mbps to a fractional DS3 at 3.088Mbps) MTUs yes, bandwidth no. Bandwidth congestion at the boundary to a slower network will cause buffering and dropped packets, not a fragment. Trying to fit a jumbo frame packet into a standard MTU network _will_ (if the DF bit is not set). --ttl changes from hop to hop Decrements, yes. --dest ip changes from hop to hop Say what? The L2 address might change at each hop (eg, MAC address of the next gateway in ethernet type networks) but the L3 destination address, which is the destination IP, certainly doesn't. If it did how would the packet ever get to where it was sent? --PAT/NAT changes in last network borders (e.g. routing traffic to appropriate endpoints (servers) or starting points (workstations)) NAT/PAT can occur at any point in the network, but is most common at the edges. --PAT/NAT changes in last host (e.g. it hits ext ip port 4443, gets changed to newip:443 and forwarded on) Same. --firewall changes in buffer/mother network (e.g. protective network or DMZ)--these could be almost anything, most frequent would be morons who completely block ICMP--you should probably count anti-spam and anti-virus (layer 4 but affects layer 3 dramatically) but these are usually advertised features subscribed to by the customers (as opposed to secret features that only come out due to customer outrage) This is rather common, especially things like resetting the QOS bits, clearing the DF flag, etc. --header checksum changes after contents changes (e.g. dip at a router) TTL being decremented is enough. Cheers Darryl -- Darryl Ross, VK5FUNE Director, AFOYI, Information Technology Solutions p +61 8 7127 1831 f +61 8 8425 9607 e [EMAIL PROTECTED]
Re: NANOG NYC Event
Something Important to remember (I learned the hard way) Cell phones do not work on the metro so remember A C F JAY STREET STOP Those are the trains that stop on the back corner of the hotel. AC are BLUE LINE. F is BROWN i believe. the RED 2,3 line stops a block away. If you get lost remember we are across from the Court House. IF ANY questions please email me at davediaz(at)gmail.com or davediaz(at) telx.com ENJOY David Diaz Telx Host Nanog43
Re: Comcast - Stuck route in Chicago directing MN traffic via Denver
Thanks for the folks who looked at this -- things are looking better this morning: traceroute to 76.113.128.1 (76.113.128.1), 30 hops max, 40 byte packets 1 69.65.40.62 (69.65.40.62) 0.858 ms 0.840 ms 0.838 ms 2 so2-0-0-0.er1.Chi1.Servernap.net (69.39.239.169) 1.876 ms 1.878 ms 1.875 ms 3 ge-6-20.car1.Chicago1.Level3.net (4.79.65.49) 1.854 ms 1.858 ms 1.855 ms 4 ae-2-54.edge1.Chicago2.Level3.net (4.68.101.115) 60.047 ms 60.068 ms 60.067 ms 5 COMCAST-IP.edge1.Chicago2.Level3.net (4.71.248.26) 3.045 ms 3.051 ms 3.049 ms 6 te-0-2-0-5-ar03.roseville.mn.minn.comcast.net (68.87.174.73) 12.172 ms 12.267 ms 12.250 ms 7 te-2-1-ur01.sims.mn.minn.comcast.net (68.87.174.74) 11.717 ms * * 8 te-8-3-ur02.sims.mn.minn.comcast.net (68.87.174.78) 11.940 ms * * 9 te-2-1-ur01.newport.mn.minn.comcast.net (68.87.174.82) 12.224 ms * * 10 c-76-113-128-1.hsd1.mn.comcast.net (76.113.128.1) 12.203 ms 12.203 ms 12.045 ms -Eric Eric Spaeth wrote: For the last couple weeks there has been a route stuck in the Chicago wan/core that is directing some Minnesota-bound traffic through Denver, even though Chicago and the Roseville, MN aggregation remain up and directly connected. This has the dual benefit of unnecessarily increasing the load on Comcast's internal backbone as well as increasing latency for Minnesota subscribers connecting to east of the Mississippi destinations by ~20ms. I'm hoping Comcast engineers read this list, or someone in the carrier community can help poke one of their Comcast contacts to help get this resolved. Thanks in advance! Wedged route - 76.113.128.0/17 Correct route - 69.180.128.0/18 Example trace from Chicago source to 76.113.128.0/17: = traceroute to 76.113.128.1 (76.113.128.1), 30 hops max, 40 byte packets 1 69.65.40.62 (69.65.40.62) 0.542 ms 0.511 ms 0.508 ms 2 so2-0-0-0.er1.Chi1.Servernap.net (69.39.239.169) 1.632 ms 1.642 ms 2.121 ms 3 ge-6-20.car1.Chicago1.Level3.net (4.79.65.49) 1.605 ms 1.608 ms 1.619 ms 4 ae-2-54.edge1.Chicago2.Level3.net (4.68.101.115) 1.604 ms 1.602 ms 1.600 ms 5 COMCAST-IP.edge1.Chicago2.Level3.net (4.71.248.26) 2.735 ms 2.741 ms 2.739 ms 6 pos-0-8-0-0-cr01.denver.co.ibone.comcast.net (68.86.85.114) 27.284 ms 27.398 ms 27.387 ms 7 te-9-4-ar02.roseville.mn.minn.comcast.net (68.86.91.154) 44.177 ms * * 8 te-0-2-0-5-ar03.roseville.mn.minn.comcast.net (68.87.174.73) 28.352 ms 28.352 ms 28.349 ms 9 te-2-1-ur01.sims.mn.minn.comcast.net (68.87.174.74) 28.826 ms * * 10 te-8-3-ur02.sims.mn.minn.comcast.net (68.87.174.78) 28.959 ms * * 11 te-2-1-ur01.newport.mn.minn.comcast.net (68.87.174.82) 29.267 ms * te-2-1-ur01.newport.mn.minn.comcast.net (68.87.174.82) 28.700 ms 12 c-76-113-128-1.hsd1.mn.comcast.net (76.113.128.1) 28.638 ms 28.673 ms 28.667 ms = Example trace from Chicago source to working route 69.180.128.0/18 = traceroute to 69.180.130.1 (69.180.130.1), 30 hops max, 40 byte packets 1 69.65.40.62 (69.65.40.62) 0.482 ms 0.450 ms 0.446 ms 2 so2-0-0-0.er1.Chi1.Servernap.net (69.39.239.169) 1.595 ms 2.082 ms 2.082 ms 3 ge-6-20.car1.Chicago1.Level3.net (4.79.65.49) 1.568 ms 1.569 ms 1.579 ms 4 ae-2-52.edge1.Chicago2.Level3.net (4.68.101.51) 1.562 ms 1.563 ms 1.560 ms 5 COMCAST-IP.edge1.Chicago2.Level3.net (4.71.248.22) 2.708 ms 2.713 ms 2.711 ms 6 te-0-1-0-7-ar03.roseville.mn.minn.comcast.net (68.87.174.21) 13.144 ms 11.919 ms 11.877 ms 7 68.87.174.22 (68.87.174.22) 11.824 ms * * 8 te-8-3-ur02.brooklynpark.mn.minn.comcast.net (68.87.174.26) 12.333 ms * * 9 te-2-1-ur01.newhope.mn.minn.comcast.net (68.87.174.30) 12.012 ms * * 10 c-3-0-ubr02.newhope.mn.minn.comcast.net (69.180.130.1) 11.963 ms 12.018 ms 11.973 ms = -Eric
Re: Types of packet modifications allowed for networks
Only the end-to-end principle... Perhaps not relevant, but between any two consenting nodes, there can be severe mangling of headers as long as what comes out the other side looks pretty much the same as what went in. CSLIP is an example of this. Regards, -drc
UDP lossage (was: Types of packet modifications allowed for networks)
I was reminded by the packet modifications thread that it seems that dropping (rather than fragmenting) large UDP packets has become quite the norm, which is unfortunate. We're working on a (popular software) product that sends UDP datagrams (with DF cleared), and it is amazing how small they have to be to get through. Between the Cisco VPN software and the high-end NAT boxes that have broken hairpin behavior and broken consumer routers, we're finding that whereas sizes in the mid 1400-byte range used to be safe, going much over 1200 bytes is now routinely a problem. Path MTU discovery (PLPMTUD) shouldn't need to be looking for and finding black holes when the DF flag is cleared, but that's what we're having to implement to work on today's Internet. Operational relevance: 1) This software will be running on your networks, and your customers will be happier if you don't drop UDP datagrams that are of reasonable size, 2) Knowing that this is going on might help you debug problems customers are having with other applications if you didn't know already how bad it has gotten. Matthew Kaufman [EMAIL PROTECTED] http://www.matthew.at
RE: NANOG NYC Event
I also want to 2nd Little Italy ... And for proof that New York is constantly changing, check one of the newer Jewish neighborhoods in Brighton Beach, a little corner of the Soviet Union right on the edge of the USA. ;-) --Michael Dillon
Re: NANOG NYC Event
I also want to 2nd Little Italy and the NY Museum of Natural History/Hayden Planetarium as must sees if you've never been to NY. ... Considering the nerdy tendencies of this crowd, I can't see how one would omit a trip to the NYC Transit Museum, which chronicles the history of what was in the early 1900s quite the high tech marvel, and still the world's only urban railroad that runs 24/7/365, you know, like the Internet. It's at the corner of Boerum Place and Schermerhorn Street, about a five minute walk from the meeting. R's, John http://www.mta.info/mta/museum/
RE: NANOG NYC Event
Of course, there is always the question of what to put on the hot dog, and the mystic's reply: make me one with everything. -Original Message- From: Scott Berkman [mailto:[EMAIL PROTECTED] Sent: Monday, June 02, 2008 10:40 AM To: nanog@nanog.org Subject: RE: NANOG NYC Event For all the food everyone is listing you've missed the #1 NY food (opinion) ... Hot Dogs! Any street vendor will do (get a soft pretzel too) but I'm partial (like many New Yorkers) to Gray's Papaya in the city at least (their real website is under construction so check out http://maps.google.com/maps?ie=UTF8q=gray's+papayall=40.75597,-73.968372 spn=0.07737,0.117416z=13). Another option is the original Nathan's on Coney Island. If you like steak, I love Peter Lugar's but if you want something a little cheaper and definitely less stuffy, check out Sammy's Romanian Steaks, not too far from the Williamsburg Bridge (157 Chrystie St). I also want to 2nd Little Italy and the NY Museum of Natural History/Hayden Planetarium as must sees if you've never been to NY. Also try to see a Broadway show, you can find last minute tickets for 1/2 off at TKTS (bring cash!!), but stay away from Time's Square to beat the lines and hit the one at the Southstreet Seaport (this is another cool place to check out anyway and very close to Brooklyn). Have Fun! -Scott -Original Message- From: John Levine [mailto:[EMAIL PROTECTED] Sent: Sunday, June 01, 2008 12:10 PM To: nanog@nanog.org Subject: Re: NANOG NYC Event Dinosaur is swell, but it's in Syracuse. Perhaps you could pick one that's reachable by subway instead. Oh, all right, as about 47 people have pointed out, they have a branch on 131st St. The barbeque is not bad. I eat it at the NY State Fair every year. On the other hand, I would think that in NYC, home of the most wonderful food on the continent,* you could do better than a branch of a yuppie ex biker joint from Syracuse. How about RUB at 23rd and 7th? Or Johnny Utah's at 51st and 5th? Or Oklahoma Smoke up at 145st St? R's, John * - with the possible exception of Montreal, an argument that can only be resolved by extensive research in both places No virus found in this incoming message. Checked by AVG. Version: 8.0.100 / Virus Database: 269.24.4/1476 - Release Date: 5/31/2008 12:25 PM
Re: IPV6 network feeds
Joe Abley wrote: On 27 May 2008, at 17:45, [EMAIL PROTECTED] wrote: Verizon provides ipv6 connectivity according to their website. I mentioned this on another list, but if anybody has tried to actually turn the words referred to above into service, I would be very happy to hear about how they did it. If Verizon = AS701/702/703 (VerizonBusiness/UUnet/MCI) then you should be able to just call your sales person and ask for it.. We can do native in several locations, and if native isn't available in your location, we can set you up w/ a tunnel and move you over to native when it becomes available. **Any current Verizon Business (fUUnet/MCI) customer can call and ask for IPv6 connectivity. There is no additional charge for turning up IPv6 on your existing connection** If Verizon = AS19262 you'll have to wait a bit longer.. snip that stuff about ATT There seems to be a certain trend towards claiming IPv6 capability in order to win business, hoping that people are just looking for the check in the box and not actual exchange of packets.
[OFFTOPIC] Re: NANOG NYC Event
On Mon, Jun 02, 2008 at 09:45:41AM -0400, David Diaz wrote: Something Important to remember (I learned the hard way) Cell phones do not work on the metro so remember A C F JAY STREET STOP Those are the trains that stop on the back corner of the hotel. AC are BLUE LINE. F is BROWN i believe. F trains on maps are orange lines. Also, while this seems to have turned into the Newly Acclimated Newyork Olfactory Glee list, I'll chime in: Bereket... ( http://www.yelp.com/biz/bereket-turkish-kebab-house-new-york ) 187 E Houston (pronounced HOW-STON, not like the city in Texas, also aka 0th street) at Orchard street, right across the Williamsburg bridge in Manhattan ...has the best lamb kebabs I've ever had in my life, despite having grown up in the Metro Detroit area (which has a huge middle eastern population and tons of associated restaurants). They're open 24 hours and are easily my favorite restaurant in the tastiest-food category in the entire United States. Other POIs of interest to nanogers: Datavision on 5th avenue near 40th street (Manhattan) has saved me in a pinch when I've needed multimode cables (still dunno where to buy smf at a retail shop in nyc). Have fun in New York, it's my favorite city in America - I'd be there myself to play tour guide with everyone except I'm in ORD at the moment preparing for a transatlantic move for the summer (I'm coming back to NY in the fall). Most importantly, get out and roam around! Touristy things that everyone should see at least once: Herald Square (appx 34th st/6th ave) Times Square (~42s-49s, along 7a) Union Square (14s/4a) New York Harbor from Battery Park (take the 1 train in Manhattan all the way south to South Ferry, the last stop. Make sure you're in the first five front cars of the train. Get out, walk past the coast guard/dhs to the park, and go down to the water.) Good luck, -jp -- Rev. Jeffrey Paul-datavibe- [EMAIL PROTECTED] aim:x736e65616b pgp:0xD9B3C17D phone:1-800-403-1126 9440 0C7F C598 01CA 2F17 D098 0A3A 4B8F D9B3 C17D Virtue is its own punishment.
Re: [OFFTOPIC] Re: NANOG NYC Event
Other POIs of interest to nanogers: Datavision on 5th avenue near 40th street (Manhattan) has saved me in a pinch when I've needed multimode cables (still dunno where to buy smf at a retail shop in nyc). Chips and tech is around the corner on 39th between 5th and 6th. Datavision requires you to check your bags. They do have a pretty nice selection.
Re: [OFFTOPIC] NANOG NYC Event
On Mon, Jun 02, 2008 at 10:39:45AM -0400, Scott Berkman wrote: For all the food everyone is listing you've missed the #1 NY food (opinion) ... Hot Dogs! It's been years since I've lived in NYC, and I haven't visited in a few years. I'd love to get a really good knish or slice of Sicilian pizza. --gregbo
OLD root server IP addresses through history
http://www.donelan.com/dnstimeline.html 1 Jun 1990 NIC.DDN.MIL 26.0.0.73 root service ends (last original root server)
Re:Re: NANOG NYC Event
Read http://www.forgotten-ny.com/ before setting any agendas and if you have some time to spare, there is some awesome history to find. I lived there for nearly 20 years and it's endless the amazing things you can find just a short distance from anywhere. One of my stops is *always* the Dakotah and Strawbberry Fields followed by a walk through Central Park. Up on the Northwest side is the lake/castle that's a must see too. Right at 72nd and Columbus (close to the Dakotah) is the greatest pizzeria in NY. C. Genrich - Original Message - From: [EMAIL PROTECTED] To: nanog@nanog.org Sent: Monday, June 02, 2008 7:00 AM Subject: NANOG Digest, Vol 5, Issue 2 Send NANOG mailing list submissions to nanog@nanog.org To subscribe or unsubscribe via the World Wide Web, visit http://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to [EMAIL PROTECTED] You can reach the person managing the list at [EMAIL PROTECTED] When replying, please edit your Subject line so it is more specific than Re: Contents of NANOG digest... Today's Topics: 1. Re: NANOG NYC Event (Brant I. Stevens) 2. Re: NANOG NYC Event (J. Oquendo) 3. Re: NANOG NYC Event (John Levine) 4. Re: NANOG NYC Event (Fisher, Shawn) 5. Re: NANOG NYC Event (Henry Yen) 6. Comcast - Stuck route in Chicago directing MN traffic via Denver (Eric Spaeth) 7. Emerg data recovery recommdnations? (david raistrick) 8. Re: IOS Rookit: the sky isn't falling (yet) (Christian) -- Message: 1 Date: Sun, 01 Jun 2008 11:39:43 -0400 From: Brant I. Stevens [EMAIL PROTECTED] Subject: Re: NANOG NYC Event To: John Levine [EMAIL PROTECTED], nanog@nanog.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=US-ASCII On 5/31/08 11:58 PM, John Levine [EMAIL PROTECTED] wrote: In article [EMAIL PROTECTED] you write: I second the motion to recognize Dinosaur BBQ. All those in favor? Dinosaur is swell, but it's in Syracuse. Perhaps you could pick one that's reachable by subway instead. Dinosaur Barbecue www.dinosaurbarbque.com 646 W 131st St New York, NY 10027 It's in Harlem. BOOO! -- Message: 2 Date: Sun, 1 Jun 2008 10:54:40 -0500 From: J. Oquendo [EMAIL PROTECTED] Subject: Re: NANOG NYC Event To: nanog@nanog.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=us-ascii On Sun, 01 Jun 2008, Brant I. Stevens wrote: It's in Harlem. BOOO! So is Columbia University! Harlem is in the process of going through a renaissance and has been over the past 10 or more so things have changed for the better. Just avoid going there after certain hours ;) As for the prior Brooklyn comment, Park Slope also has some great eats but the area/scene tends to be sort of artsy. If you want to spend some time sightseeing Brooklyn, the Brooklyn Public Library (main one) Grand Army Plaza is near the Brooklyn Botanic Gardens. Don't forget Coney Island which has also changed in the last decade. Again, watch those hours, NY is a Jeckyll and Hyde city. Nice sometimes, beautiful to visit but can be insanely ugly. The downtown Brooklyn area has some nice eats but I've always preferred the city. In the area of downtown Brooklyn, you'll typically find a bunch of people in local government and lawyers eating as the courts are downtown. For those looking for sweets, don't forget the ever famous (overhyped) Junior's Cheesecake. If you've travelled to Coney Island then one cannot forget Nathan's. There are some really good pubs in the Red Hook section, but alas again, going through certain neighborhoods is not for everyone. You can jump on a Water Taxi there for kicks though. Makes for nice pictures at night. Sightseeing: Jump on a boat at night (booze cruise) $25.00 http://www.nywatertaxi.com/tours/happyhour/ Or just hop on an On and Off cruise: http://www.nywatertaxi.com/hop/ $20.00 -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) CEH/CNDA, CHFI Experience hath shewn, that even under the best forms (of government) those entrusted with power have, in time, and by slow operations, perverted it into tyranny. Thomas Jefferson wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x3AC173DB -- Message: 3 Date: 1 Jun 2008 16:09:56 - From: John Levine [EMAIL PROTECTED] Subject: Re: NANOG NYC Event To: nanog@nanog.org Message-ID: [EMAIL PROTECTED] Content-Type: text/plain; charset=iso-8859-1 Dinosaur is swell, but it's in Syracuse. Perhaps you could pick one that's reachable by subway instead. Oh, all right, as about 47 people have pointed out, they have a branch on 131st St. The barbeque is not bad. I eat it at the NY State Fair every year. On the other hand, I would think that in NYC, home of the most wonderful
Re: IPV6 network feeds
On Mon, 2 Jun 2008, Heather Schiller wrote: If Verizon = AS701/702/703 (VerizonBusiness/UUnet/MCI) then you should be able to just call your sales person and ask for it.. We can do native in several locations, and if native isn't available in your location, we can set you up w/ a tunnel and move you over to native when it becomes available. **Any current Verizon Business (fUUnet/MCI) customer can call and ask for IPv6 connectivity. There is no additional charge for turning up IPv6 on your existing connection** Does that also include connections through resellers? In our case, that's WBS Connect. I asked them about this last year and was told that their contact at Verizon Business had told them IPv6 wasn't available. Has that changed? Antonio Querubin whois: AQ7-ARIN
Re: IPV6 network feeds
Antonio Querubin wrote: On Mon, 2 Jun 2008, Heather Schiller wrote: If Verizon = AS701/702/703 (VerizonBusiness/UUnet/MCI) then you should be able to just call your sales person and ask for it.. We can do native in several locations, and if native isn't available in your location, we can set you up w/ a tunnel and move you over to native when it becomes available. **Any current Verizon Business (fUUnet/MCI) customer can call and ask for IPv6 connectivity. There is no additional charge for turning up IPv6 on your existing connection** Does that also include connections through resellers? In our case, that's WBS Connect. I asked them about this last year and was told that their contact at Verizon Business had told them IPv6 wasn't available. Has that changed? Antonio Querubin whois: AQ7-ARIN Yes, it includes connections through resellers. Your reseller, in this case, WBS, has to request it and sign the consent form on your behalf. There is no technical limitation to providing the service. --Heather -- ~*~*~*~*~*~*~*~*~*~*~*~ Heather Schiller Customer Security IP Address Management 1.800.900.0241 ~*~*~*~*~*~*~*~*~*~*~*~
RE: NANOG NYC Event
I'll probably be at 83rd and Amsterdam by 11p, This is my all time NYC favorite. http://www.hi-life.com/west.html http://www.hi-life.com/ If you're here on Thurs or beyond: http://www.hi-life.com/west-ipod-lounge.html NYC is so large and interesing that I wouldn't spend much time chasing food. You're in foodie heaven. See the Statute of Liberty, the 9/11 memorial, Empire State Building, ride the subway, go to Hoboken, or catch a glimpse of the UN. All great sites. Personally, I'd like to find a karaoke bar and sing NY NY with my Red Sox hat on. :-) Best, -M -- Martin Hannigan [EMAIL PROTECTED] mailto:[EMAIL PROTECTED] Verne Global http://www.verneglobal.com http://www.verneglobal.com/ Keflavik, Iceland From: WWWhatsup [mailto:[EMAIL PROTECTED] Sent: Mon 02-Jun-08 17:11 To: nanog@nanog.org Subject: RE: NANOG NYC Event I also want to 2nd Little Italy ... It's hard to choose from the plethora of Italian Restaurants on Mulberry St, imcidentally just a $8 cab ride, or even a leisurely stroll, across the Manhattan Bridge from NANOG, but I, as an area resident, swear by Da Nico (close to Broome). --- WWWhatsup NYC http://pinstand.com http://pinstand.com/ - http://punkcast.com http://punkcast.com/ ---
Re: NANOG NYC Event
NYC is so large and interesing that I wouldn't spend much time chasing food. You're in foodie heaven. See the Statute of Liberty, the 9/11 memorial, Empire State Building, ride the subway, go to Hoboken, or catch a glimpse of the UN. All great sites. Personally, I'd like to find a karaoke bar and sing NY NY with my Red Sox hat on. :-) Why hasn't anyone talking about putting together a trip to the various datacenters in the area 25 Broadway... 111 8th... and the grandaddy of them all... 60 Hudson. Tuc
Re: NANOG NYC Event
On Mon, 02 Jun 2008 17:33:21 EDT, Tuc at T-B-O-H.NET said: Why hasn't anyone talking about putting together a trip to the various datacenters in the area 25 Broadway... 111 8th... and the grandaddy of them all... 60 Hudson. http://www.answers.com/topic/busman-s-holiday pgpCE1HyIIJgV.pgp Description: PGP signature
Re: NANOG NYC Event
Date: Mon, 2 Jun 2008 21:24:00 - From: Martin Hannigan [EMAIL PROTECTED] I'll probably be at 83rd and Amsterdam by 11p, This is my all time NYC favorite. http://www.hi-life.com/west.html http://www.hi-life.com/ If you're here on Thurs or beyond: http://www.hi-life.com/west-ipod-lounge.html NYC is so large and interesing that I wouldn't spend much time chasing food. You're in foodie heaven. See the Statute of Liberty, the 9/11 memorial, Empire State Building, ride the subway, go to Hoboken, or catch a glimpse of the UN. All great sites. Personally, I'd like to find a karaoke bar and sing NY NY with my Red Sox hat on. :-) Marty, You are probably one of the few who might just get away with that! It would be fun to watch, though I would bring my ear-plugs, just to be safe. :-o -- R. Kevin Oberman, Network Engineer Energy Sciences Network (ESnet) Ernest O. Lawrence Berkeley National Laboratory (Berkeley Lab) E-mail: [EMAIL PROTECTED] Phone: +1 510 486-8634 Key fingerprint:059B 2DDF 031C 9BA3 14A4 EADA 927D EBB3 987B 3751 pgptThvSx49Pk.pgp Description: PGP signature
Re: Large number of DNS probes in last 24 hours
Jim Wise wrote: On Fri, 30 May 2008, Michael Still wrote: I have seen PlanetLab experiments doing this. What are the originating IP addresses? Three observed source addresses 208.78.169.237 204.11.51.62 194.199.24.101 Source ports are high and non-repeating. Other than the domain root, A-record queries for google.com and for hostnames which appear to be on the same subnet as the querying host. Hmmm. All the PlanetLab nodes should have valid reverse DNS, which isn't the case here, so I guess it is something more malicious. Mikal
Network trend and right planning
Hi all, I'm going to make a medium term (4~5 years) plan of our IP core/backbone network. Currently our backbone network is providing MPLS L3 VPN service and internet access service. Most of our platform is based on c7500 or 6509 (sup3 base). it is the right time we have to change our platform and service structure. Nowadays, most of people (network admin vendor) say that current trend is data and voice convergence or Ethernet based MPLS backbone, qos for multimedia service. but I wonder those things would really provide our customers more value and give us more profit. and then It doesn't seem to be in demands yet. every customers don't want to pay more for qos and they don't care which technique is applied on their circuit. I would like to make more realistic plan from the viewpoint of customer needs. Could anyone advice me where I can get useful reference about that ? best regards Chiyoung = Chi-Young Joung SAMSUNG NETWORKS Inc. Email: [EMAIL PROTECTED] Tel +82 70 7015 0623, Mobile +82 17 520 9193 Fax +82 70 7016 0031 =
Re: NANOG NYC Event
hilife is a great spot!! On Mon, Jun 2, 2008 at 5:24 PM, Martin Hannigan [EMAIL PROTECTED] wrote: I'll probably be at 83rd and Amsterdam by 11p, This is my all time NYC favorite. http://www.hi-life.com/west.html http://www.hi-life.com/ If you're here on Thurs or beyond: http://www.hi-life.com/west-ipod-lounge.html NYC is so large and interesing that I wouldn't spend much time chasing food. You're in foodie heaven. See the Statute of Liberty, the 9/11 memorial, Empire State Building, ride the subway, go to Hoboken, or catch a glimpse of the UN. All great sites. Personally, I'd like to find a karaoke bar and sing NY NY with my Red Sox hat on. :-) Best, -M -- Martin Hannigan [EMAIL PROTECTED]mailto: [EMAIL PROTECTED] Verne Global http://www.verneglobal.com http://www.verneglobal.com/ Keflavik, Iceland From: WWWhatsup [mailto:[EMAIL PROTECTED] Sent: Mon 02-Jun-08 17:11 To: nanog@nanog.org Subject: RE: NANOG NYC Event I also want to 2nd Little Italy ... It's hard to choose from the plethora of Italian Restaurants on Mulberry St, imcidentally just a $8 cab ride, or even a leisurely stroll, across the Manhattan Bridge from NANOG, but I, as an area resident, swear by Da Nico (close to Broome). --- WWWhatsup NYC http://pinstand.com http://pinstand.com/ - http://punkcast.com http://punkcast.com/ ---
