Re: BGP Scalability Simulation
Moazzam, I am trying to simulate BGP for scalability testing. I have few queries. 1) What sort of topology I should try out ? You might have a look at igen and cbgp available from http://inl.info.ucl.ac.be/softwares Olivier
Re: BGP Scalability Simulation
Vince Fuller has done some projections on what the the routing tables will be like in the near future which would be useful for you, check out http://www.ripe.net/ripe/meetings/ripe-53/presentations/rou-vf-sca.pdf If you are looking at doing simulations of what it could be like, use similar figures to his for IPv4 IPv6 routing table size. Regards Bradley Freeman 2008/9/1 Moazzam Khan [EMAIL PROTECTED] Thanks Stefan for your reply. Basically the goal of this testing is to study the BGP scalability issues in the internet sometime in future lets say 10 years from now and try to find out what problems it could face . I am trying to use ns2 as my simulation environment. Can you suggest how I can set up the envrionment for this kind of study and what parameters should I try to caputre. Regards MAK On Mon, Sep 1, 2008 at 3:51 PM, Fouant, Stefan [EMAIL PROTECTED] wrote: Topology and setup of these kinds of tests largely depend on whether you are testing iBGP or eBGP. In my experience, eBGP testing is fairly straight forward as you are almost always testing reconvergence of the BGP next-hop. iBGP testing scenarios on the other hand can be quite a bit more complex as you may also be testing the reconvergence of the underlying IGP if the BGP next-hop remains unchanged. Can you describe your testing goals and environment in a bit more detail? Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D - Original Message - From: Moazzam Khan [EMAIL PROTECTED] To: nanog@nanog.org nanog@nanog.org Sent: Mon Sep 01 15:37:19 2008 Subject: BGP Scalability Simulation Hi I am trying to simulate BGP for scalability testing. I have few queries. 1) What sort of topology I should try out ? 2) What parameters should I test? I am trying to simulate it in ns-2 and i would appreciate reply from you guys. Regards MAK
Re: BGP Scalability Simulation
We have a similar analysis (which agrees with Vince Fuller's #s in a general sense) in the middle of a recent sigcomm paper: http://www.aip-arch.net/ See the paper Accountable Internet Protocol (AIP). I point it out mostly because the Fuller presentation said kinda looks exponential; we found that the scaling was 17% per year, which could be a bit more useful if you need to come up with #s for the years between when Fuller provides projections for. -Dave On Sep 2, 2008, at 8:41 AM, Brad Freeman wrote: Vince Fuller has done some projections on what the the routing tables will be like in the near future which would be useful for you, check out http://www.ripe.net/ripe/meetings/ripe-53/presentations/rou-vf-sca.pdf If you are looking at doing simulations of what it could be like, use similar figures to his for IPv4 IPv6 routing table size. Regards Bradley Freeman 2008/9/1 Moazzam Khan [EMAIL PROTECTED] Thanks Stefan for your reply. Basically the goal of this testing is to study the BGP scalability issues in the internet sometime in future lets say 10 years from now and try to find out what problems it could face . I am trying to use ns2 as my simulation environment. Can you suggest how I can set up the envrionment for this kind of study and what parameters should I try to caputre. Regards MAK On Mon, Sep 1, 2008 at 3:51 PM, Fouant, Stefan [EMAIL PROTECTED] wrote: Topology and setup of these kinds of tests largely depend on whether you are testing iBGP or eBGP. In my experience, eBGP testing is fairly straight forward as you are almost always testing reconvergence of the BGP next-hop. iBGP testing scenarios on the other hand can be quite a bit more complex as you may also be testing the reconvergence of the underlying IGP if the BGP next-hop remains unchanged. Can you describe your testing goals and environment in a bit more detail? Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D - Original Message - From: Moazzam Khan [EMAIL PROTECTED] To: nanog@nanog.org nanog@nanog.org Sent: Mon Sep 01 15:37:19 2008 Subject: BGP Scalability Simulation Hi I am trying to simulate BGP for scalability testing. I have few queries. 1) What sort of topology I should try out ? 2) What parameters should I test? I am trying to simulate it in ns-2 and i would appreciate reply from you guys. Regards MAK PGP.sig Description: This is a digitally signed message part
RE: 10GE CWDM
Hello Alex: Depending how cheap and ghetto you want to get, there's also possibility of doing WDM on 1310/1300. I have custom-manufactured splitters filtering 1307nm +-2nm - and any given LR XFP [*1] will be either within that band or outside [*2]. Test a bunch of them, split them into two groups, use on the tested wavelength. Bunch of friendsfamily are using this technology in production. This gives you an ability to do 20G with very cheap optics. [*1] Except ones with very temperature dependent wavelength - mark them as warms up to 1300 and use if you don't care that your links will take about 5 minutes to warm up and come up. :) [*2] Any LX4 Xenpak would be outside of the band as well, and you can use LX4 concurrently with LR. There are some more ghetto fabulous things you can do, described in http://www.nanog.org/mtg-0610/presenter-pdfs/pilosov.pdf ;) -alex Do you have any issues with four wave mixing or other crosstalk issues or do you account for this in your channel plan? Regards, Mike PGP.sig Description: PGP signature
Re: BGP Scalability Simulation
Moazzam, Do you have something specific in mind you want to measure? e.g. convergence times, table size, update count, etc? the scope of your study seems to broad as you describe it.. Cheers, --Ricardo On Sep 1, 2008, at 12:57 PM, Moazzam Khan wrote: Thanks Stefan for your reply. Basically the goal of this testing is to study the BGP scalability issues in the internet sometime in future lets say 10 years from now and try to find out what problems it could face . I am trying to use ns2 as my simulation environment. Can you suggest how I can set up the envrionment for this kind of study and what parameters should I try to caputre. Regards MAK On Mon, Sep 1, 2008 at 3:51 PM, Fouant, Stefan [EMAIL PROTECTED]wrote: Topology and setup of these kinds of tests largely depend on whether you are testing iBGP or eBGP. In my experience, eBGP testing is fairly straight forward as you are almost always testing reconvergence of the BGP next-hop. iBGP testing scenarios on the other hand can be quite a bit more complex as you may also be testing the reconvergence of the underlying IGP if the BGP next-hop remains unchanged. Can you describe your testing goals and environment in a bit more detail? Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D - Original Message - From: Moazzam Khan [EMAIL PROTECTED] To: nanog@nanog.org nanog@nanog.org Sent: Mon Sep 01 15:37:19 2008 Subject: BGP Scalability Simulation Hi I am trying to simulate BGP for scalability testing. I have few queries. 1) What sort of topology I should try out ? 2) What parameters should I test? I am trying to simulate it in ns-2 and i would appreciate reply from you guys. Regards MAK
Re: BGP Scalability Simulation
Hi Ricardo, Basically I want to measure the Convergence times and routing table sizes. But I am not able to find a good topology of internet which I can utilize for my experimentations. I am looking at GT-ITM, BRITE and IGen but don't know what kind of abstraction they provide and if these topologies are feasible to test the above mentioned parameters. What challenges I can face if I want to measure all those parameters convergence times ,table sizes , update count, signal sizes etc. Regards Moazzam On Tue, Sep 2, 2008 at 1:35 PM, Ricardo Oliveira [EMAIL PROTECTED]wrote: Moazzam, Do you have something specific in mind you want to measure? e.g. convergence times, table size, update count, etc? the scope of your study seems to broad as you describe it.. Cheers, --Ricardo On Sep 1, 2008, at 12:57 PM, Moazzam Khan wrote: Thanks Stefan for your reply. Basically the goal of this testing is to study the BGP scalability issues in the internet sometime in future lets say 10 years from now and try to find out what problems it could face . I am trying to use ns2 as my simulation environment. Can you suggest how I can set up the envrionment for this kind of study and what parameters should I try to caputre. Regards MAK On Mon, Sep 1, 2008 at 3:51 PM, Fouant, Stefan [EMAIL PROTECTED] wrote: Topology and setup of these kinds of tests largely depend on whether you are testing iBGP or eBGP. In my experience, eBGP testing is fairly straight forward as you are almost always testing reconvergence of the BGP next-hop. iBGP testing scenarios on the other hand can be quite a bit more complex as you may also be testing the reconvergence of the underlying IGP if the BGP next-hop remains unchanged. Can you describe your testing goals and environment in a bit more detail? Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D - Original Message - From: Moazzam Khan [EMAIL PROTECTED] To: nanog@nanog.org nanog@nanog.org Sent: Mon Sep 01 15:37:19 2008 Subject: BGP Scalability Simulation Hi I am trying to simulate BGP for scalability testing. I have few queries. 1) What sort of topology I should try out ? 2) What parameters should I test? I am trying to simulate it in ns-2 and i would appreciate reply from you guys. Regards MAK
Re: BGP Scalability Simulation
The topos you mentioned are synthetic (e.g. generated based on math), you might want to check these ones instead, based on bgp tables from public sources: http://irl.cs.ucla.edu/topology/ Also, i don't think using a full internet topology is the way to go to do measure convergence time. The reason is that convergence time is highly dependent on ibgp architecture, router timers, etc and modeling things as one router per AS is at most unrealistic for this purpose. I would suggest to look at a small yet realistic topology of a few ISPs, e.g. as given by rocket fuel: http://www.cs.washington.edu/research/networking/rocketfuel/ For routing table size, you just need to grab the existing available routing tables, e.g. http://www.routeviews.org/ and do an extrapolation of the number of prefixes in RIB n years from now --Ricardo On Sep 2, 2008, at 10:43 AM, Moazzam Khan wrote: Hi Ricardo, Basically I want to measure the Convergence times and routing table sizes. But I am not able to find a good topology of internet which I can utilize for my experimentations. I am looking at GT-ITM, BRITE and IGen but don't know what kind of abstraction they provide and if these topologies are feasible to test the above mentioned parameters. What challenges I can face if I want to measure all those parameters convergence times ,table sizes , update count, signal sizes etc. Regards Moazzam On Tue, Sep 2, 2008 at 1:35 PM, Ricardo Oliveira [EMAIL PROTECTED] wrote: Moazzam, Do you have something specific in mind you want to measure? e.g. convergence times, table size, update count, etc? the scope of your study seems to broad as you describe it.. Cheers, --Ricardo On Sep 1, 2008, at 12:57 PM, Moazzam Khan wrote: Thanks Stefan for your reply. Basically the goal of this testing is to study the BGP scalability issues in the internet sometime in future lets say 10 years from now and try to find out what problems it could face . I am trying to use ns2 as my simulation environment. Can you suggest how I can set up the envrionment for this kind of study and what parameters should I try to caputre. Regards MAK On Mon, Sep 1, 2008 at 3:51 PM, Fouant, Stefan [EMAIL PROTECTED]wrote: Topology and setup of these kinds of tests largely depend on whether you are testing iBGP or eBGP. In my experience, eBGP testing is fairly straight forward as you are almost always testing reconvergence of the BGP next-hop. iBGP testing scenarios on the other hand can be quite a bit more complex as you may also be testing the reconvergence of the underlying IGP if the BGP next-hop remains unchanged. Can you describe your testing goals and environment in a bit more detail? Stefan Fouant Principal Network Engineer NeuStar, Inc. - http://www.neustar.biz GPG Key ID: 0xB5E3803D - Original Message - From: Moazzam Khan [EMAIL PROTECTED] To: nanog@nanog.org nanog@nanog.org Sent: Mon Sep 01 15:37:19 2008 Subject: BGP Scalability Simulation Hi I am trying to simulate BGP for scalability testing. I have few queries. 1) What sort of topology I should try out ? 2) What parameters should I test? I am trying to simulate it in ns-2 and i would appreciate reply from you guys. Regards MAK
Re: GLBX De-Peers Intercage [Was: RE: Washington Post: Atrivo/Intercag e, w hy are we peering with the American RBN?]
Paul Ferguson wrote: My next question to the peanut gallery is: What do you suggest we should do on other hosting IP blocks are are continuing to host criminal activity, even in the face of abuse reports, etc.? Seriously -- I think this is an issue which needs to be addressed here. ISPs cannot continue to sweep this issue under the proverbial carpet. Is this an issue that network operations folk don't really care about? IMHO policy should only be dictated by the edge, never upstream of that point. Now whether the edge is defined as the edge provider or the actual end-user is up for debate. I don't want my upstreams to make a decision what my SP and thus my customers can get to. My customers can't contact my upstream and argue for listing or delisting a given IP like they can with me. They can't speak with their dollars to my upstream like that can with me, their edge provider. Then again should I as the edge provider filter for my customers? Value-add service or a bonus service? It depends on your point of view. Justin
198.32.64.12 -- Harmless mis-route or potential exploit?
Hello all, While recently trying to debug a CEF issue, I found a good number of packets in my debug cef drops output that were all directed at 198.32.64.12 (which I see as being allocated to ep.net but completely unused). Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Now, as nearly as I can tell, this IP address has never been used for anything, but I see occasional references to it, such as here: http://www.honeynet.org/papers/forensics/exploit.html So the question is, should I just ignore this as a properly dropped packet due to no route (this provider is running defaultless, so unless such a route exists, it should be okay). On the other hand, one of the other packets I'm seeing specifically refers to a DNS exploit, so should I then dispatch to people to trace down the source origin ? (Suffice it to say the resources are there to find it fairly easily, even if the source address is forged). -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
Re: 198.32.64.12 -- Harmless mis-route or potential exploit?
My profile and resume: http://www.linkedin.com/in/gadievron On Tue, 2 Sep 2008, Dan Mahoney, System Admin wrote: Hello all, While recently trying to debug a CEF issue, I found a good number of packets in my debug cef drops output that were all directed at 198.32.64.12 (which I see as being allocated to ep.net but completely unused). Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Now, as nearly as I can tell, this IP address has never been used for anything, but I see occasional references to it, such as here: http://www.honeynet.org/papers/forensics/exploit.html So the question is, should I just ignore this as a properly dropped packet due to no route (this provider is running defaultless, so unless such a route exists, it should be okay). On the other hand, one of the other packets I'm seeing specifically refers to a DNS exploit, so should I then dispatch to people to trace down the source origin ? (Suffice it to say the resources are there to find it fairly easily, even if the source address is forged). It should be treated as an intelligence source, sharing that one openly is probably counter-productive. Regardless, very interesting. I think follow-up just for interest's sake may be worth it. -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
Re: 198.32.64.12 -- Harmless mis-route or potential exploit?
On Sep 2, 2008, at 3:24 PM, Dan Mahoney, System Admin wrote: Hello all, While recently trying to debug a CEF issue, I found a good number of packets in my debug cef drops output that were all directed at 198.32.64.12 (which I see as being allocated to ep.net but completely unused). Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Now, as nearly as I can tell, this IP address has never been used for anything, but I see occasional references to it, such as here: Once upon a time, that used to be the IP address for the L Root server. Steve - Steve Conte [EMAIL PROTECTED]
Re: 198.32.64.12 -- Harmless mis-route or potential exploit?
Gadi, Could you please take the self-promotion offline already? Enough is enough! I don't think anybody on this list is interested in hiring you or reviewing your resume! (It could be argued that my post is off-topic as well. I disagree. Furthermore, it had to be done, given the lack of public face or consistent enforcement action of the current MLC.) Drive Slow, Paul Wall http://www.linkedin.com/in/paulwall On Tue, Sep 2, 2008 at 6:28 PM, Gadi Evron [EMAIL PROTECTED] wrote: My profile and resume: http://www.linkedin.com/in/gadievron On Tue, 2 Sep 2008, Dan Mahoney, System Admin wrote: Hello all, While recently trying to debug a CEF issue, I found a good number of packets in my debug cef drops output that were all directed at 198.32.64.12 (which I see as being allocated to ep.net but completely unused). Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Sep 2 22:03:25: CEF-Drop: Packet for 198.32.64.12 -- no route Now, as nearly as I can tell, this IP address has never been used for anything, but I see occasional references to it, such as here: http://www.honeynet.org/papers/forensics/exploit.html So the question is, should I just ignore this as a properly dropped packet due to no route (this provider is running defaultless, so unless such a route exists, it should be okay). On the other hand, one of the other packets I'm seeing specifically refers to a DNS exploit, so should I then dispatch to people to trace down the source origin ? (Suffice it to say the resources are there to find it fairly easily, even if the source address is forged). It should be treated as an intelligence source, sharing that one openly is probably counter-productive. Regardless, very interesting. I think follow-up just for interest's sake may be worth it. -Dan -- Dan Mahoney Techie, Sysadmin, WebGeek Gushi on efnet/undernet IRC ICQ: 13735144 AIM: LarpGM Site: http://www.gushi.org ---
Re: 198.32.64.12 -- Harmless mis-route or potential exploit?
On Sep 2, 2008, at 3:24 PM, Dan Mahoney, System Admin wrote: While recently trying to debug a CEF issue, I found a good number of packets in my debug cef drops output that were all directed at 198.32.64.12 (which I see as being allocated to ep.net but completely unused). As Steve Conte pointed out, that is the address that used to be used for l.root-servers.net. l.root-servers.net was renumbered almost a year ago, with the announcement of the old address turned off about 6 months ago. So the question is, should I just ignore this as a properly dropped packet due to no route (this provider is running defaultless, so unless such a route exists, it should be okay). Packets being sent to 198.32.64.12 most likely come from DNS caching servers that haven't had their hints updated. In the ideal world, you could hunt down those machines and kick 'em in the head (that is, install a new hints file). That they're unrouted is definitely the way things should be. Regards, -drc
How the 'Net works: an introduction to peering and transit (arstech)
http://arstechnica.com/guides/other/peering-and-transit.ars -- Paul Vixie
Re: Is the export policy selective under valley-free?
Kai, That's correct. A network purchasing transit will advertise its internally-originated prefixes, as well as those it's learning from downstream customers, to its provider. (At least that's the theory. It's not terribly uncommon for transit purchasers to advertise a full table, or for their providers to have lax or non-existent filters, but that's neither here nor there. :) I'm not sure what valley-free means in this context. You might want to try the Rosetta Stone patches and make sure your copy is up to date. Drive Slow, Paul Wall http://www.linkedin.com/in/paulwall On Tue, Sep 2, 2008 at 7:45 PM, Kai Chen [EMAIL PROTECTED] wrote: Just want to ask a direct question. Will an AS export all it gets from its customers and itself to its providers? Or even under valley-free, the BGP export policy is also selective? Thanks a lot, -- -Kai
Re: 198.32.64.12 -- Harmless mis-route or potential exploit?
dan, (to follow up on david conrad's response)... On Tue, Sep 02, 2008 at 04:31:40PM -0700, David Conrad wrote: On Sep 2, 2008, at 3:24 PM, Dan Mahoney, System Admin wrote: While recently trying to debug a CEF issue, I found a good number of packets in my debug cef drops output that were all directed at 198.32.64.12 (which I see as being allocated to ep.net but completely unused). As Steve Conte pointed out, that is the address that used to be used for l.root-servers.net. l.root-servers.net was renumbered almost a year ago, with the announcement of the old address turned off about 6 months ago. there's some context on recent routing issues with this network described at the renesys blog here: http://www.renesys.com/blog/2008/06/securing_the_root_1.shtml in short: the prefix containing this network was advertised by people other than iana for a time after iana stopped advertising it. checking our current data, that block is not currently routed by any of our peers over the last month (i would assume ripe ris and routeviews report similar data, but i did not check them. t. -- _ todd underwood +1 603 643 9300 x101 renesys corporationgeneral manager babbledog [EMAIL PROTECTED] http://www.renesys.com/blog
Re: 198.32.64.12 -- Harmless mis-route or potential exploit?
On Tue, Sep 2, 2008 at 3:28 PM, Gadi Evron [EMAIL PROTECTED] wrote: My profile and resume: http://www.linkedin.com/in/gadievron are you for real?
Re: 198.32.64.12 -- Harmless mis-route or potential exploit?
On Tue, Sep 2, 2008 at 9:32 PM, Aaron Glenn [EMAIL PROTECTED] wrote: On Tue, Sep 2, 2008 at 3:28 PM, Gadi Evron [EMAIL PROTECTED] wrote: My profile and resume: http://www.linkedin.com/in/gadievron are you for real? No, he is not.
Re: Is the export policy selective under valley-free?
On Tue, Sep 2, 2008 at 4:45 PM, Kai Chen [EMAIL PROTECTED] wrote: Just want to ask a direct question. Will an AS export all it gets from its customers and itself to its providers? Or even under valley-free, the BGP export policy is also selective? that's the idea. but your use of valley-free in this context confuses me. care to clarify?
Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or potential exploit?]
On Tue, 2 Sep 2008 21:40:38 -0400 Patrick W. Gilmore [EMAIL PROTECTED] wrote: [SNIP] Just so that I am clear on your issue here: You believe it is okay for you to put your linkedin URL in your .sig, but Gadi must not be allowed to put it at the top of a post? Yes, I think that's exactly right. It's a statement of what the sender perceives to be important about the email. I read email for the content; having the URL at the top is an assertion by the poster that he thinks his resume is more important than what he says. (Yes, I know some of you are about to hit reply to say maybe it is from Gadi. Don't bother -- what he says is often quite valuable.) --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: GLBX De-Peers Intercage [Was: RE: Washington Post: Atrivo/Intercag e, w hy are we peering with the American RBN?]
There's this concept known as dual criminality in such situations, when you're looking at international prosecutions (or whatever). So, while lesé majesté - insult to the king - is a crime in thailand (liable to get you lynched before you get prosecuted, at that) that doesnt mean the thai authorities can do much about youtube videos .. On the other hand, child pornography, malware, illegal sale of prescription narcotics etc are generally criminal acts around the world. regards srs On Mon, Sep 1, 2008 at 9:03 PM, Steven M. Bellovin [EMAIL PROTECTED] wrote: I mostly agree with you -- but I get very worried about who defines scum. Consider the following cases, which I will assert are not very far-fetched: (a) China labels Falun Gong as scum and demands that international ISPs not carry it if they want to do business in China
Re: 198.32.64.12 -- Harmless mis-route or potential exploit?
On 9/2/08, Todd Underwood [EMAIL PROTECTED] wrote: checking our current data, that block is not currently routed by any of our peers over the last month (i would assume ripe ris and routeviews report similar data, but i did not check them. it's also probably worth stating that parts of 198.32/16 are never routed anywhere on the Internet (here comes bill to tell me 'who's Internet?' .). Some is in use on private networks, some is in use at exchange points and not routed outside the immediate peers. Most times, as I recall, epnet does a decent job of keeping the whois data or rdns data updated though, for things in use. (though possibly not for private uses) -chris
Re: self-promotion [was: 198.32.64.12 -- Harmless mis-route or potential exploit?]
On Tue, 2 Sep 2008, Steven M. Bellovin wrote: On Tue, 2 Sep 2008 21:40:38 -0400 Patrick W. Gilmore [EMAIL PROTECTED] wrote: [SNIP] Just so that I am clear on your issue here: You believe it is okay for you to put your linkedin URL in your .sig, but Gadi must not be allowed to put it at the top of a post? Yes, I think that's exactly right. It's a statement of what the sender perceives to be important about the email. I read email for the I agree, which is why this fluke in not deleting the last line with ctrk+k as PINE appends signature lines at the top of the post by default--was awkward. Good thing I don't much get deterred by awkward. Still, I bet this is going to be a huge thread yet again. No one appends any URL at the footer--not even me! ;) But folks with no content to contribute would naturally jump at it like they would at even just a typo. I suppose it is only natural when you become a celebrity of any sort--you draw all sorts of attention. At first my thick skin helped, nowadays I just find it amusing. Folks flooded mailing lists spoofing my name (creating ASCII art of Beavis or a swastika) using the subject lines. They flooded yet again, with furry porn pictures attached. They launched fan blogs, created an Encyclopedia Dramatica entry... I've had a comic strip made about me, a song written about me, a fake craigslist entry... all of course, serving as a boost to my ego--knowing now I must have made it! ;-) There was a blackhat presentation which in part was about how someone faked a social network account being me, and how he almost got an informationweek interview as me out of it--I was on to him. Most recently, someone created a comic-strip in ASCII about me (very funny, but R rated, so don't go if you find that type of thing offensive). It's from the now I know I've made it! department: http://fr.pastebin.ca/raw/1094119 To wrap this up, I don't often (at all) use signature lines, but I do have them and out of habit delete them with almost every new posting from the footer. I had two VERY self-depricating (and very funny) quotes, before, which also were not often used, anyone remember? 1. beepbeep it, i leave work, stop reading sec lists and im still hearing gadi - HD Moore to Gadi Evron on IM, on Gadi's interview on npr, March 2007. 2. *FART* -- Avi Freedman to Gadi Evron in a Chinese restaurant, Boston 2007. To even things out, my new barely ever used footer signature, is: - You don't need your firewalls! Gadi is Israel's firewall. -- Itzik (Isaac) Cohen, Computers czar, Senior Deputy to the Accountant General, Israel's Ministry of Finance, at the government's CIO conference, 2005. (after two very funny self-deprication quotes, time to even things up!) My profile and resume: http://www.linkedin.com/in/gadievron -- So, I missed one line and it stuck at the footer and no one noticed it except the trolls. Now that the awkward moment is over and I made the unnecessary yet required explanation... can we move on? I really should use the man page and see how I move the signature from the footer in PINE. Thanks for the free advertisement of my resume, trolls! Appreciated. Gadi. content; having the URL at the top is an assertion by the poster that he thinks his resume is more important than what he says. (Yes, I know some of you are about to hit reply to say maybe it is from Gadi. Don't bother -- what he says is often quite valuable.) --Steve Bellovin, http://www.cs.columbia.edu/~smb
Re: GLBX De-Peers Intercage [Was: RE: Washington Post: Atrivo/Intercag e, w hy are we peering with the American RBN?]
Suresh, In a parallel universe we're considering profiles for licit use of some mechanism. One element of a multi-part test to distinguish licit from illicit was the presence or absence of known signatures for malware. After some thought it was understood that this test was equivalent to the node subject to the test being cleaner than the average for network attached consumer devices, and therefore not realistic. Cheers, Eric Suresh Ramasubramanian wrote: There's this concept known as dual criminality in such situations, when you're looking at international prosecutions (or whatever). So, while lesé majesté - insult to the king - is a crime in thailand (liable to get you lynched before you get prosecuted, at that) that doesnt mean the thai authorities can do much about youtube videos .. On the other hand, child pornography, malware, illegal sale of prescription narcotics etc are generally criminal acts around the world. regards srs On Mon, Sep 1, 2008 at 9:03 PM, Steven M. Bellovin [EMAIL PROTECTED] wrote: I mostly agree with you -- but I get very worried about who defines scum. Consider the following cases, which I will assert are not very far-fetched: (a) China labels Falun Gong as scum and demands that international ISPs not carry it if they want to do business in China
