Re: juniper mx80 vs cisco asr 1000
On (2012-01-19 12:10 -0800), jon Heise wrote: Does anyone have any experience with these two routers, we're looking to buy one of them but i have little experience dealing with cisco routers and zero experience with juniper. It might be because of your schedule/timetable, but you are comparing apples to oranges. MX80 is not competing against ASR1k, and JNPR has no product to compete with ASR1k. MX80 competes directly with ASR9001. Notable differences include: ASR9001 has lot more memory (2GB/8GB) and lot faster control-plane ASR9001 has 120G of capacity, MX80 80G ASR9001 BOM is higher, as it is not fabricless design like MX80 (this shouldn't affect sale price in relevant way) ASR9001 does not ship just now As others have pointed out ASR1k is 'high touch' router, it does NAPT, IPSEC, pretty much anything and everything, it is the next-gen VXR really. ASR9001 and MX80 both do relatively few things, but at high capacity. -- ++ytti
Re: Argus: a hijacking alarm system
On 2012-01-20 10:47 , Yang Xiang wrote: Hi, I build a system ‘Argus’ to real-timely alert prefix hijackings. Argus monitors the Internet and discovers anomaly BGP updates which caused by prefix hijacking. When Argus discovers a potential prefix hijacking, it will advertise it in a very short time, both in our website (http://argus.csnet1.cs.tsinghua.edu.cn) and the mailing list (ar...@csnet1.cs.tsinghua.edu.cn). But the big question of 2012 [*] is: does it do IPv6. The last 99 anomalies don't show any info there. Greets, Jeroen [*] We got a http://ipv6week.org/ and http://www.worldipv6launch.org/ this year ;)
Re: Megaupload.com seized
Mark Andrews ma...@isc.org wrote: I suspect most file sharing site don't have illegal content. Most would have some content that is there without the permission of the copyright holder. These are different things. nitpick Without the permission of the copyright holder _is_ contrary to statute, and thus 'against the law'. As such 'illegal' is _not_ an incorrect term to apply to the situation. It may not be a _criminal_ violation, but it is still proscribed by law. Illegal and criminal -- _these_ are different things. Junk faxing is illegal, Telemarketing calls to cell phones are illegal, Public distribution without the permission of the copyright owner is illegal. Except in special cases, none of those actions are _criminal_, but they are all violations of law, and thus _illegal_. Claiming that a thing is not 'illegal' if it is not 'criminal', is similar to asserting it's not a crime if you don't get caught. /nitpick
Re: Argus: a hijacking alarm system
_ Yang Xiang . about.me/xiangyang Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn 2012/1/20 Jeroen Massar jer...@unfix.org On 2012-01-20 10:47 , Yang Xiang wrote: Hi, I build a system ‘Argus’ to real-timely alert prefix hijackings. Argus monitors the Internet and discovers anomaly BGP updates which caused by prefix hijacking. When Argus discovers a potential prefix hijacking, it will advertise it in a very short time, both in our website (http://argus.csnet1.cs.tsinghua.edu.cn) and the mailing list (ar...@csnet1.cs.tsinghua.edu.cn). But the big question of 2012 [*] is: does it do IPv6. The last 99 anomalies don't show any info there. Yes, it's only v4 now :( But I'm trying to do so. It needs enough (dozens of) public IPv6 router-servers to do the job. Actually the system only need to execute 'ping6' and 'show ipv6 bgp' in the IPv6 route-server. Hope I can find enough v6 route-servers before Jun 6 :) Greets, Jeroen [*] We got a http://ipv6week.org/ and http://www.worldipv6launch.org/ this year ;)
Re: Megaupload.com seized
In article 201201201025.q0kapdm5040...@mail.r-bonomi.com, Robert Bonomi bon...@mail.r-bonomi.com writes I suspect most file sharing site don't have illegal content. Most would have some content that is there without the permission of the copyright holder. These are different things. nitpick Without the permission of the copyright holder _is_ contrary to statute, and thus 'against the law'. As such 'illegal' is _not_ an incorrect term to apply to the situation. It may not be a _criminal_ violation, but it is still proscribed by law. Illegal and criminal -- _these_ are different things. Junk faxing is illegal, Telemarketing calls to cell phones are illegal, Public distribution without the permission of the copyright owner is illegal. Except in special cases, none of those actions are _criminal_, but they are all violations of law, and thus _illegal_. Claiming that a thing is not 'illegal' if it is not 'criminal', is similar to asserting it's not a crime if you don't get caught. /nitpick As is common in most industries there are expressions in the world of Internet Governance that are jargon, and have agreed meanings in that context. Illegal Material is reserved for content which is illegal to possesses and/or distribute (even if, and possibly even more so, if you originated it). Harmful Material is content which is legal to possess but is nevertheless regarded by many as immoral or highly undesirable within some framework of commonly held values. Infringing Material is content which is held without a legitimate rightsholder's permission. -- Roland Perry
Illegal content (Re: Megaupload.com seized)
On Jan 20, 2012, at 11:25, Robert Bonomi wrote: Public distribution without the permission of the copyright owner is illegal. This is veering off the purpose of this list, but maybe it is operationally significant to be able to use the right terms when a law enforcement officer is standing in the door. Mark Andrews was pointing out that content being file-shared is rarely illegal. By itself. Examples of illegal content might be hate speech, child pornography, lèse-majesté, blasphemy, with the meaning of these terms depending on your jurisdiction. What you are pointing out is that distribution of content may be illegal. That does not make the content itself illegal. The legality of transfer under copyright is bound to many legal issues, such as fair use, right to personal copies, and of course licensing, again depending on your jurisdiction. But all this is divorced from the content. Content is never illegal with respect to copyright. (It might have been copied illegally, but once it's sitting somewhere, it's not illegal by itself. A license would suddenly make it legal.) The point is important because a lot of idiots are running around shouting he had all this copyrighted material on his computer!. Of course he had! There are very few computers that don't carry copyrighted material, starting from the BIOS. Without examining the legal context, such as purchasing histories, supreme court decisions etc., it is sometime really hard to say whether all of it got there in a legal way, and its presence may be an indication of previous illegal activity. But (at least wrt copyright law) it is never illegal while sitting somewhere on a computer. So the next time somebody says illegal content, think hate speech or child pornography, lèse-majesté or blasphemy, not copyrighted content. Almost everything on a computer is copyrighted. Now let's return to the impact of this heist on network utilization... Grüße, Carsten
Re: Argus: a hijacking alarm system
On Fri, Jan 20, 2012 at 4:09 PM, Yang Xiang xiang...@csnet1.cs.tsinghua.edu.cn wrote: Hope I can find enough v6 route-servers before Jun 6 :) Jeroen is just the guy to suggest where you can find them :) Till then, if google is an acceptable substitute - http://www.bgp4.net/wiki/doku.php?id=tools:ipv6_route_servers Enjoy - your system sounds great. And of course gong xi fa cai! -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Megaupload.com seized
What sould fileshares must do, is to store files in these services in a encrypted way, and anonimized name. So these services have absolutelly no way to tell what are hosting. Fileshares can organize thenselves in sites based on a forum software that is private by default (open with registration), then share some information file that include the url to the files hosted, and the key to unencrypt these files, and some metadata. A special desktop program* would load that information file, and start the http download. This way can combine the best of the old BBS systems to the best of the current caching and hosting technologies. These http hosting services seems to operate well enough. A % of the users go premium to allow more and better downloads. *Maybe is time to write such program. -- -- ℱin del ℳensaje.
Re: Argus: a hijacking alarm system
_ Yang Xiang . about.me/xiangyang 2012/1/20 Suresh Ramasubramanian ops.li...@gmail.com On Fri, Jan 20, 2012 at 4:09 PM, Yang Xiang xiang...@csnet1.cs.tsinghua.edu.cn wrote: Hope I can find enough v6 route-servers before Jun 6 :) Jeroen is just the guy to suggest where you can find them :) Till then, if google is an acceptable substitute - http://www.bgp4.net/wiki/doku.php?id=tools:ipv6_route_servers Thanks very much. I will check these servers. Enjoy - your system sounds great. And of course gong xi fa cai! Gong xi fa cai, happy Chinese New Year :) -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: Megaupload.com seized
On Jan 20, 2012, at 2:25 AM, Robert Bonomi wrote: Mark Andrews ma...@isc.org wrote: I suspect most file sharing site don't have illegal content. Most would have some content that is there without the permission of the copyright holder. These are different things. nitpick Without the permission of the copyright holder _is_ contrary to statute, and thus 'against the law'. As such 'illegal' is _not_ an incorrect term to apply to the situation. It may not be a _criminal_ violation, but it is still proscribed by law. Illegal and criminal -- _these_ are different things. Junk faxing is illegal, Telemarketing calls to cell phones are illegal, Public distribution without the permission of the copyright owner is illegal. Except in special cases, none of those actions are _criminal_, but they are all violations of law, and thus _illegal_. Actually, they are all criminal violations. They may be infractions, or, they may not often get prosecuted, but, each is, in fact, a criminal violation. Owen
Re: Megaupload.com seized
On 20 Jan 2012, at 11:00, Tei wrote: Fileshares can organize thenselves in sites based on a forum software that is private by default (open with registration), then share some information file that include the url to the files hosted, and the key to unencrypt these files, and some metadata. A special desktop program* would load that information file, and start the http download. At the risk of kicking over old ground, there are a bunch of privacy solutions like this; possibly the most complete attempt (in terms of attempted privacy and distribution) is Freenet: http://freenetproject.org/whatis.html ...but it's slow; then there's Tahoe-LAFS - a decentralised filesystem: https://tahoe-lafs.org/trac/tahoe-lafs ...but it's slow; then there are connection anonymisation tools like I2P and Tor, but - wonderful as they are - they're slow. Can you see a pattern developing that would be relevant to the downloader of 700Mb+ AVIs? :-) It would be great to speed them through wider adoption, but until then... -a
Re: Megaupload.com seized
On Fri, Jan 20, 2012 at 03:05:47AM -0800, Owen DeLong wrote: On Jan 20, 2012, at 2:25 AM, Robert Bonomi wrote: Mark Andrews ma...@isc.org wrote: I suspect most file sharing site don't have illegal content. Most would have some content that is there without the permission of the copyright holder. These are different things. nitpick Without the permission of the copyright holder _is_ contrary to statute, and thus 'against the law'. As such 'illegal' is _not_ an incorrect term to apply to the situation. It may not be a _criminal_ violation, but it is still proscribed by law. Illegal and criminal -- _these_ are different things. Junk faxing is illegal, Telemarketing calls to cell phones are illegal, Public distribution without the permission of the copyright owner is illegal. Except in special cases, none of those actions are _criminal_, but they are all violations of law, and thus _illegal_. Actually, they are all criminal violations. They may be infractions, or, they may not often get prosecuted, but, each is, in fact, a criminal violation. Owen depends on the jurisdiction me thinks. Do US laws apply in India? Nigeria? Mars? Your broad generlizations may not hold. /bill
Re: Megaupload.com seized
On 20 January 2012 12:14, Alec Muffett alec.muff...@gmail.com wrote: On 20 Jan 2012, at 11:00, Tei wrote: Fileshares can organize thenselves in sites based on a forum software that is private by default (open with registration), then share some information file that include the url to the files hosted, and the key to unencrypt these files, and some metadata. A special desktop program* would load that information file, and start the http download. At the risk of kicking over old ground, there are a bunch of privacy solutions like this; possibly the most complete attempt (in terms of attempted privacy and distribution) is Freenet: http://freenetproject.org/whatis.html ...but it's slow; then there's Tahoe-LAFS - a decentralised filesystem: https://tahoe-lafs.org/trac/tahoe-lafs ...but it's slow; then there are connection anonymisation tools like I2P and Tor, but - wonderful as they are - they're slow. Can you see a pattern developing that would be relevant to the downloader of 700Mb+ AVIs? :-) It would be great to speed them through wider adoption, but until then... -a These services are not needed yet. But is good that are under study, in case changes in laws or balance of power make it needed. For now, I think people will continue using HTTP download/stream movies and tv series. Perhaps countries where the 3 strikes legislation is aprobed will make one of these systems necesary. But I think speed is a important factor, and no slow system will suceed. -- -- ℱin del ℳensaje.
Re: Illegal content (Re: Megaupload.com seized)
On Fri, Jan 20, 2012 at 5:48 AM, Carsten Bormann c...@tzi.org wrote: On Jan 20, 2012, at 11:25, Robert Bonomi wrote: Public distribution without the permission of the copyright owner is illegal. This is veering off the purpose of this list, but maybe it is operationally significant to be able to use the right terms when a law enforcement officer is standing in the door. Mark Andrews was pointing out that content being file-shared is rarely illegal. By itself. Examples of illegal content might be hate speech, child pornography, lèse-majesté, blasphemy, with the meaning of these terms depending on your jurisdiction. What you are pointing out is that distribution of content may be illegal. That does not make the content itself illegal. The legality of transfer under copyright is bound to many legal issues, such as fair use, right to personal copies, and of course licensing, again depending on your jurisdiction. But all this is divorced from the content. Content is never illegal with respect to copyright. (It might have been copied illegally, but once it's sitting somewhere, it's not illegal by itself. A license would suddenly make it legal.) The point is important because a lot of idiots are running around shouting he had all this copyrighted material on his computer!. Of course he had! There are very few computers that don't carry copyrighted material, starting from the BIOS. Without examining the legal context, such as purchasing histories, supreme court decisions etc., it is sometime really hard to say whether all of it got there in a legal way, and its presence may be an indication of previous illegal activity. But (at least wrt copyright law) it is never illegal while sitting somewhere on a computer. So the next time somebody says illegal content, think hate speech or child pornography, lèse-majesté or blasphemy, not copyrighted content. Almost everything on a computer is copyrighted. There is a lot of disinformation in this area, with loaded words with no legal meaning being used to make political points or engender desired reactions. I am not a lawyer, and this is certainly not legal advice, but in the US copyright infringement is not theft, the shear possession of infringing material is not illegal, nor is listening / watching / reading such material in private, and the terms piracy and intellectual property are not to be found in US copyright law. That you would not know this reading the press releases is a feature, not a bug. And, since 1976, registration is not required for copyright and almost everything written, sung, videoed, etc., including these emails, is copyrighted from the time it is created. But, indeed, this is far the purpose of this mail list. Regards Marshall Now let's return to the impact of this heist on network utilization... Grüße, Carsten
Re: Argus: a hijacking alarm system
On 2012-01-20 12:01 , Yang Xiang wrote: 2012/1/20 Suresh Ramasubramanian ops.li...@gmail.com mailto:ops.li...@gmail.com On Fri, Jan 20, 2012 at 4:09 PM, Yang Xiang xiang...@csnet1.cs.tsinghua.edu.cn mailto:xiang...@csnet1.cs.tsinghua.edu.cn wrote: Hope I can find enough v6 route-servers before Jun 6 :) Jeroen is just the guy to suggest where you can find them :) Till then, if google is an acceptable substitute - http://www.bgp4.net/wiki/doku.php?id=tools:ipv6_route_servers Thanks very much. I will check these servers. Please note that automated polling of route servers without prior consent of the owner of said route server might not be completely acceptable as it puts serious loads on them. A better way is to get proper BGP sessions set up towards various locations. You might also want to look at http://www.ripe.net/data-tools/stats/ris/ris-raw-data which describes how to get access to RIPE's RIS system raw data, this is what BGPMon also uses. Greets, Jeroen
Why not to use RPKI (Was Re: Argus: a hijacking alarm system)
You could use RPKI and origin validation as well. We have an application that does that. http://www.labs.lacnic.net/rpkitools/looking_glass/ For example you can periodically check if your prefix is valid: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/valid/cidr/200.7.84.0/23/ If it were invalid for a possible hijack it would look like: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/invalid/cidr/200.31.18.0/24/ Or you can just query for any state: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.31.12.0/22/ Regards, as On 20 Jan 2012, at 07:47, Yang Xiang wrote: Hi, I build a system ‘Argus’ to real-timely alert prefix hijackings. Argus monitors the Internet and discovers anomaly BGP updates which caused by prefix hijacking. When Argus discovers a potential prefix hijacking, it will advertise it in a very short time, both in our website (http://argus.csnet1.cs.tsinghua.edu.cn) and the mailing list (ar...@csnet1.cs.tsinghua.edu.cn). Argus has been running in the Internet for more than eight months, it usually can discover potential prefix hijackings in ten seconds after the first anomaly BGP update announced. Several hijacking alarms have been confirmed by network operators. For example: http://argus.csnet1.cs.tsinghua.edu.cn/fingerprints/61544/ has been confirmed by the network operators of AS23910 and AS4538, it was a prefix hijacking caused by a mis-configuration of route filter. If you are interest in BGP security, welcome to visit our website and subscribe the mailing list. If you are interest in the system itself, you can find our paper which published in ICNP 2011 (FIST workshop) http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6089080. Hope Argus will be useful for you. _ Yang Xiang . about.me/xiangyang Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn
Re: Argus: a hijacking alarm system
_ Yang Xiang . about.me/xiangyang Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn 2012/1/20 Jeroen Massar jer...@unfix.org On 2012-01-20 12:01 , Yang Xiang wrote: 2012/1/20 Suresh Ramasubramanian ops.li...@gmail.com mailto:ops.li...@gmail.com Please note that automated polling of route servers without prior consent of the owner of said route server might not be completely acceptable as it puts serious loads on them. A better way is to get proper BGP sessions set up towards various locations. You might also want to look at http://www.ripe.net/data-tools/stats/ris/ris-raw-data which describes how to get access to RIPE's RIS system raw data, this is what BGPMon also uses. Argus receives BGP update from BGPmon, and only access route servers when it find one BGP update is 'anomalous'. We also controlled the load to these route servers. After login to the route server, Argus only execute 'ping' for a given IP address, and 'show ip bgp' for a given prefix, and will logout from the route server after two minutes. Greets, Jeroen
Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)
RPKI is great. But, firstly, ROA doesn't cover all the prefixes now, we need an alternative service to alert hijackings. secondly, ROA can only secure the 'Origin AS' of a prefix, while Argus can discover potential hijackings caused by anomalous AS path. After ROA and BGPsec deployed in the entire Internet (or, in all of your network), Argus will stop the service :) 2012/1/20 Arturo Servin aser...@lacnic.net You could use RPKI and origin validation as well. We have an application that does that. http://www.labs.lacnic.net/rpkitools/looking_glass/ For example you can periodically check if your prefix is valid: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/valid/cidr/200.7.84.0/23/ If it were invalid for a possible hijack it would look like: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/invalid/cidr/200.31.18.0/24/ Or you can just query for any state: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.31.12.0/22/ Regards, as -- _ Yang Xiang. Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn
Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)
On 20 Jan 2012, at 10:38, Yang Xiang wrote: RPKI is great. But, firstly, ROA doesn't cover all the prefixes now, we need an alternative service to alert hijackings. Or to sign your prefixes. secondly, ROA can only secure the 'Origin AS' of a prefix, That's true. while Argus can discover potential hijackings caused by anomalous AS path. Can you explain how? After ROA and BGPsec deployed in the entire Internet (or, in all of your network), Argus will stop the service :) I was just suggesting to add a more deterministic way to detecting hijacks. Regards, as 2012/1/20 Arturo Servin aser...@lacnic.net You could use RPKI and origin validation as well. We have an application that does that. http://www.labs.lacnic.net/rpkitools/looking_glass/ For example you can periodically check if your prefix is valid: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/valid/cidr/200.7.84.0/23/ If it were invalid for a possible hijack it would look like: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/invalid/cidr/200.31.18.0/24/ Or you can just query for any state: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.31.12.0/22/ Regards, as -- _ Yang Xiang. Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn
Re: How are you doing DHCPv6 ?
Randy Carpenter rcar...@network1.net writes: I am wondering how people out there are using DHCPv6 to handle assigning prefixes to end users. We have a requirement for it to be a redundant server that is centrally located. OK, so then you've already made your choice. Another solution is having the DHCPv6 servers distributed while keeping the database centrally managed. This is the route the delegated prefix will travel: central MySQL master = local MySQL slave on each RADIUS server = RADIUS based per client provisioning = local DHCPv6 server running on each access router = DHCPv6 client on customer CPE This is about as redundant as it gets if you have multiple RADIUS servers in multiple sites. No need for any cooperation between the DHCPv6 servers to be fully redundant. The only assumption is that either will the client always connect to the same access router, or the prefix must move between the access routers the client uses. Whether this is a deaggregation problem for you or not depends on how those access routers can be grouped, if at all. But that problem is really unrelated to DHCPv6 Bjørn
RE: juniper mx80 vs cisco asr 1000
Isn't the ASR9001 closer to the MX80? Thanks, -Drew -Original Message- From: jon Heise [mailto:j...@smugmug.com] Sent: Thursday, January 19, 2012 3:10 PM To: nanog@nanog.org Subject: juniper mx80 vs cisco asr 1000 Does anyone have any experience with these two routers, we're looking to buy one of them but i have little experience dealing with cisco routers and zero experience with juniper.
Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)
2012/1/20 Arturo Servin aser...@lacnic.net On 20 Jan 2012, at 10:38, Yang Xiang wrote: RPKI is great. But, firstly, ROA doesn't cover all the prefixes now, we need an alternative service to alert hijackings. Or to sign your prefixes. Sign prefixes is the best way. Before sign all prefixes, it is better if we have a detection service. secondly, ROA can only secure the 'Origin AS' of a prefix, That's true. while Argus can discover potential hijackings caused by anomalous AS path. Can you explain how? Only a imprecisely detection. Section III.C in our paper http://argus.csnet1.cs.tsinghua.edu.cn/static/Argus.FIST11.pdf A brief explanation is: If an anomalous AS path hijacked a prefix, I can get replies in normal route-server, and can not get reply in abnormal route-servers. Here we only consider hijackings that black-hole the prefix. If a hijacking doesn't black-hole the prefix (i.e., redirect, interception, ...), is hard to detect :( I think network operators are only careless, but not trust-less, so black-hole hijacking is the majority case. After ROA and BGPsec deployed in the entire Internet (or, in all of your network), Argus will stop the service :) I was just suggesting to add a more deterministic way to detecting hijacks. Sorry for my poor English :( What I want to say is, RPKI is really good, Argus is just an alternative, before we can protect ourself using signatures, honestly :-) Best regards! Regards, as -- _ Yang Xiang. Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn -- _ Yang Xiang. Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn
RE: Polling Bandwidth as an Aggregate
RTG uses MySQL for it's backend, so you can basically setup queries however you like and you can use RTGPOLL to graph multiple interfaces as well. It's a super good tool and I think there is a group working on RTG2 at googlecode (I think). -Drew -Original Message- From: Keegan Holley [mailto:keegan.hol...@sungard.com] Sent: Thursday, January 19, 2012 10:51 PM To: NANOG Subject: Polling Bandwidth as an Aggregate Has anyone had to aggregate bandwidth data from multiple interfaces for billing. For example I'd like to poll with an open source tool and aggregate data from multiple interfaces connected to the same customer or multiple customers for the purpose of billing and capacity management. Is there an easy way to do this with cacti/rrd or another open source kit? Keegan Holley ▪ Network Architect ▪ SunGard Availability Services ▪ 401 North Broad St. Philadelphia, PA 19108 ▪ (215) 446-1242 ▪ keegan.hol...@sungard.com Keeping People and Information Connected® ▪ http://www.availability.sungard.com/ Think before you print CONFIDENTIALITY: This e-mail (including any attachments) may contain confidential, proprietary and privileged information, and unauthorized disclosure or use is prohibited. If you received this e-mail in error, please notify the sender and delete this e-mail from your system.
Re: US DOJ victim letter
On a less serious note, did anyone notice the numbers on the fbi.gov link? I'm pretty sure they are implying those are IP addresses. 123.456.789 and 987.654.321. Must be the same folks that do the Nexus documentation for Cisco. -Hammer- I was a normal American nerd -Jack Herer On 1/19/2012 4:36 PM, Ryan Gelobter wrote: They are related to the DNSChanger and Ghostclick malware as ML said. The e-mails to us did come from the DOJ e-mail servers and were legitimate. The phone number is legit as well. On Thu, Jan 19, 2012 at 3:37 PM, Todd Lyonstly...@ivenue.com wrote: On Thu, Jan 19, 2012 at 1:39 PM, Carlos Alcantarcar...@race.com wrote: +1 on these emails we have received 3 of them. Three here as well. -- SOPA: Any attempt to [use legal means to] reverse technological advances is doomed. --Leo Leporte
Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)
On Jan 20, 2012, at 8:08 AM, Yang Xiang wrote: I think network operators are only careless, but not trust-less, so black-hole hijacking is the majority case. This is aligned with the discussion on route leaks at the proposed interim SIDR meeting just after NANOG. Even with RPKI and BGPSEC fully deployed we still have this vulnerability, which commonly manifests itself today even by accident. RPKI-enabled BGPSEC would give you some assurances that the ASes in the AS_PATH represent the list of ASes through which the NLRI traveled, but nothing about whether it should have traversed those ASes in the first place -- so we still need something somewhere to mitigate that threat. See this draft for more information: http://tools.ietf.org/html/draft-foo-sidr-simple-leak-attack-bgpsec-no-help-01 -danny
Re: Megaupload.com seized
On Fri, 20 Jan 2012 12:00:15 +0100, Tei said: What sould fileshares must do, is to store files in these services in a encrypted way, and anonimized name. So these services have absolutelly no way to tell what are hosting. http://freenetproject.org/ pgpQ1myO3UNxN.pgp Description: PGP signature
Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)
If you want to play around with RPKI Origin Validation, you can download the RIPE NCC RPKI Validator here: http://ripe.net/certification/tools-and-resources It's simple to set up and use: just unzip the package on a *NIX system, run ./bin/rpki-validator and browse to http://localhost:8080 EuroTransit have a public one running here: http://rpki01.fra2.de.euro-transit.net:8080/ You can see it's pointing to several Trust Anchors, downloads and validates all ROA periodically, you can apply ignore filters and white lists, see a BGP announcement validity preview based on route collector data, integrates with existing (RPSL based) workflows and can talk to RPKI-capable routers. If you want to get an idea of how an RPKI-capable router would be configured, here's some sample config for Cisco and Juniper: http://www.ripe.net/certification/router-configuration You can also log into a public RPKI-capable Juniper here: 193.34.50.25, 193.34.50.26 telnet username: rpki password: testbed With additional documentation available here: http://rpki01.fra2.de.euro-transit.net/documentation.html Have fun, Alex On 20 Jan 2012, at 13:08, Arturo Servin wrote: You could use RPKI and origin validation as well. We have an application that does that. http://www.labs.lacnic.net/rpkitools/looking_glass/ For example you can periodically check if your prefix is valid: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/valid/cidr/200.7.84.0/23/ If it were invalid for a possible hijack it would look like: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/invalid/cidr/200.31.18.0/24/ Or you can just query for any state: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.31.12.0/22/ Regards, as On 20 Jan 2012, at 07:47, Yang Xiang wrote: Hi, I build a system ‘Argus’ to real-timely alert prefix hijackings. Argus monitors the Internet and discovers anomaly BGP updates which caused by prefix hijacking. When Argus discovers a potential prefix hijacking, it will advertise it in a very short time, both in our website (http://argus.csnet1.cs.tsinghua.edu.cn) and the mailing list (ar...@csnet1.cs.tsinghua.edu.cn). Argus has been running in the Internet for more than eight months, it usually can discover potential prefix hijackings in ten seconds after the first anomaly BGP update announced. Several hijacking alarms have been confirmed by network operators. For example: http://argus.csnet1.cs.tsinghua.edu.cn/fingerprints/61544/ has been confirmed by the network operators of AS23910 and AS4538, it was a prefix hijacking caused by a mis-configuration of route filter. If you are interest in BGP security, welcome to visit our website and subscribe the mailing list. If you are interest in the system itself, you can find our paper which published in ICNP 2011 (FIST workshop) http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6089080. Hope Argus will be useful for you. _ Yang Xiang . about.me/xiangyang Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn
Re: US DOJ victim letter
On Fri, Jan 20, 2012 at 08:07:10AM -0600, -Hammer- wrote: On a less serious note, did anyone notice the numbers on the fbi.gov link? I'm pretty sure they are implying those are IP addresses. 123.456.789 and 987.654.321. Must be the same folks that do the Nexus documentation for Cisco. And write the scripts for various TV shows. Able to reconstruct an HD image from a single pixel. It's _CSI_! -- Mike Andrews, W5EGO mi...@mikea.ath.cx Tired old sysadmin
Re: Polling Bandwidth as an Aggregate
In a message written on Fri, Jan 20, 2012 at 12:16:14AM -0600, Jimmy Hess wrote: Except Cacti/RRDTOOL is really just a great visualization tool, while you can build stacks, it is not something that accurately meters data for billing purposes. The right kind of tool to use would be a netflow or network tap-based billing tool, that actually meters/samples specific datapoints at a specific interval and applies the billing business logic for reporting based on sampled data points, instead of smoothed averages of approximations. To suggest Netflow is more accurate than rrdtool seems rather strange to me. It can be as accurate, but is not the way most people deploy it. RRDTool pulls the SNMP counters from an interface and records them to a file. With no aggregation, and assuming your device has accurate SNMP, this should be 100% accurate. While you are right that the defaults for RRDTOOL aggregate data (after a day, week, and month, approximately) those aggregates can be disabled keeping the raw data. I know several ISP's that keep the raw data and use it for billing using these tools. Netflow often suffers right at the source. If you want to bill off netflow data 1:1 netflow is almost required, while most ISP's do sampled Netflow at 1:100 or 1:1000. Those sampling levels produce more inaccuracy than RRDTool's aggregation function. What's more, once the data is put into the Netflow collector, they all do aggregation as well, just like RRDTool. Again, you can disable much of it with careful configuration. But let's compare apples to apples. Let's consider RRDTool configured to not aggregate with 1:1 netflow configured to not aggregate. RRDTool polls a monotonically increasing counter. Should a poll be missed no data is lost about the total number of bytes transferred. Thus you can bill by the number of bytes transferred with 100% accuracy, even with missed polls. If you bill by the bit-rate, you can interpolate a single missing data point which high accuracy as well. Netflow is a continuous stream of UDP across the network. If a UDP packet is lost between the router and the collector there is no way to reconstruct that data, and it is lost forever. Thus any network events means you won't have the data to bill your customer, and you're pretty much stuck always underbilling them with the data actually collected. If data is not gathered using a mechanism that communicates timestamp to the poller, datapoints will still be imprecise, SNMP would be an example -- the cacti application may assume the SNMP response is current data, but possibly on the actual hardware, the internal MIB on the device was actually updated 10 seconds ago, which means there will be small spikes in traffic rate graphs that do not represent actual spikes in traffic. Most of the large ISP's I know of moved away from both of the solutions above to propretary, custom solutions. They SNMP poll the counters and store that data in a database with high resolution counters, forever, never aggregated. The necessary perl/python/ruby code to do that and stick it in mysql or postgres is only a few pages long and easy to audit. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpcyXdH8y6GU.pgp Description: PGP signature
Re: Polling Bandwidth as an Aggregate
Thanks all for the responses. I think I'm going to use cacti and plugins to aggregate. Aggregated billing is kind of something that would be nice to have but wasn't required. It's nice to know there are concerns with using cacti for this. My last question is if there is any easy/automated way to pull interfaces into cacti and configure graphs for them either via SNMP or reading from a mysql DB. I suddenly remember how much I hate importing large routers into cacti and configuring the graphs. 2012/1/20 Leo Bicknell bickn...@ufp.org In a message written on Fri, Jan 20, 2012 at 12:16:14AM -0600, Jimmy Hess wrote: Except Cacti/RRDTOOL is really just a great visualization tool, while you can build stacks, it is not something that accurately meters data for billing purposes. The right kind of tool to use would be a netflow or network tap-based billing tool, that actually meters/samples specific datapoints at a specific interval and applies the billing business logic for reporting based on sampled data points, instead of smoothed averages of approximations. To suggest Netflow is more accurate than rrdtool seems rather strange to me. It can be as accurate, but is not the way most people deploy it. RRDTool pulls the SNMP counters from an interface and records them to a file. With no aggregation, and assuming your device has accurate SNMP, this should be 100% accurate. While you are right that the defaults for RRDTOOL aggregate data (after a day, week, and month, approximately) those aggregates can be disabled keeping the raw data. I know several ISP's that keep the raw data and use it for billing using these tools. Netflow often suffers right at the source. If you want to bill off netflow data 1:1 netflow is almost required, while most ISP's do sampled Netflow at 1:100 or 1:1000. Those sampling levels produce more inaccuracy than RRDTool's aggregation function. What's more, once the data is put into the Netflow collector, they all do aggregation as well, just like RRDTool. Again, you can disable much of it with careful configuration. But let's compare apples to apples. Let's consider RRDTool configured to not aggregate with 1:1 netflow configured to not aggregate. RRDTool polls a monotonically increasing counter. Should a poll be missed no data is lost about the total number of bytes transferred. Thus you can bill by the number of bytes transferred with 100% accuracy, even with missed polls. If you bill by the bit-rate, you can interpolate a single missing data point which high accuracy as well. Netflow is a continuous stream of UDP across the network. If a UDP packet is lost between the router and the collector there is no way to reconstruct that data, and it is lost forever. Thus any network events means you won't have the data to bill your customer, and you're pretty much stuck always underbilling them with the data actually collected. If data is not gathered using a mechanism that communicates timestamp to the poller, datapoints will still be imprecise, SNMP would be an example -- the cacti application may assume the SNMP response is current data, but possibly on the actual hardware, the internal MIB on the device was actually updated 10 seconds ago, which means there will be small spikes in traffic rate graphs that do not represent actual spikes in traffic. Most of the large ISP's I know of moved away from both of the solutions above to propretary, custom solutions. They SNMP poll the counters and store that data in a database with high resolution counters, forever, never aggregated. The necessary perl/python/ruby code to do that and stick it in mysql or postgres is only a few pages long and easy to audit. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Re: Polling Bandwidth as an Aggregate
On 20/01/2012 15:36, Keegan Holley wrote: using cacti for this. My last question is if there is any easy/automated way to pull interfaces into cacti and configure graphs for them either via SNMP or reading from a mysql DB. I suddenly remember how much I hate importing large routers into cacti and configuring the graphs. No. This is one of cacti's major failings: there is no externally accessible API. You're going to end up injecting SQL directly into the cacti database and hoping that version upgrades don't screw up the schema layout too much. Nick
Re: Polling Bandwidth as an Aggregate
In a message written on Fri, Jan 20, 2012 at 10:36:38AM -0500, Keegan Holley wrote: using cacti for this. My last question is if there is any easy/automated way to pull interfaces into cacti and configure graphs for them either via SNMP or reading from a mysql DB. I suddenly remember how much I hate importing large routers into cacti and configuring the graphs. I find using MRTG is easier than Cacti for _automation_ purposes. It's configmaker script will generate a config file for a single router. I've written about 5 different versions of a small script that's basically a customized config maker so the graphs get named with customer names or the like. The job can be fully automated with a few hours of coding; run it out of Cron to rebuild your interface list automatically and you'll never miss a customer turn up because someone forgot to configure a graph. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpOeS9KeGXFw.pgp Description: PGP signature
Re: Polling Bandwidth as an Aggregate
Is there a plugin for MRTG that allows you to go back to specific times? I like MRTG better for this as well but cacti's graphs are much more flexible. 2012/1/20 Leo Bicknell bickn...@ufp.org In a message written on Fri, Jan 20, 2012 at 10:36:38AM -0500, Keegan Holley wrote: using cacti for this. My last question is if there is any easy/automated way to pull interfaces into cacti and configure graphs for them either via SNMP or reading from a mysql DB. I suddenly remember how much I hate importing large routers into cacti and configuring the graphs. I find using MRTG is easier than Cacti for _automation_ purposes. It's configmaker script will generate a config file for a single router. I've written about 5 different versions of a small script that's basically a customized config maker so the graphs get named with customer names or the like. The job can be fully automated with a few hours of coding; run it out of Cron to rebuild your interface list automatically and you'll never miss a customer turn up because someone forgot to configure a graph. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
Re: Argus: a hijacking alarm system
On Fri, Jan 20, 2012 at 05:47:21PM +0800, Yang Xiang wrote: I build a system ?Argus? to real-timely alert prefix hijackings. A suggestion: pick a different name. There's already a network tool named Argus (it's been around for years): http://www.qosient.com/argus/ I suggest using the name of a different Wishbone Ash album: Bona Fide. ;-) ---rsk
Re: Polling Bandwidth as an Aggregate
Once upon a time, Leo Bicknell bickn...@ufp.org said: To suggest Netflow is more accurate than rrdtool seems rather strange to me. It can be as accurate, but is not the way most people deploy it. Comparing Netflow to RRDTool is comparing apples to cabinets; one is a source of information and one is a way of storing information. RRDTool pulls the SNMP counters from an interface and records them to a file. No, RRDTool stores data given to it by a front end such as MRTG, Cricket, Cacti, etc. That front end can fetch data from any number of sources, including (but not limited to) SNMP. RRDTool then stores information in its database. With no aggregation, and assuming your device has accurate SNMP, this should be 100% accurate. While you are right that the defaults for RRDTOOL aggregate data (after a day, week, and month, approximately) those aggregates can be disabled keeping the raw data. RRDTool does not store the raw data. Even for 5-minute intervals, it adjusts the data vs. the timestamp to fit the desired interval. Since you don't read every counter at the exact time of your interval, RRDTool is always manipulating the numbers to fit. The only numbers that are not changed before storing are the timestamp and value for the most recent update (which get overwritten at each update); everything else is adjusted to fit. -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Polling Bandwidth as an Aggregate
On 01/20/2012 10:53 AM, Chris Adams wrote: Once upon a time, Leo Bicknellbickn...@ufp.org said: To suggest Netflow is more accurate than rrdtool seems rather strange to me. It can be as accurate, but is not the way most people deploy it. Comparing Netflow to RRDTool is comparing apples to cabinets; one is a source of information and one is a way of storing information. RRDTool pulls the SNMP counters from an interface and records them to a file. No, RRDTool stores data given to it by a front end such as MRTG, Cricket, Cacti, etc. That front end can fetch data from any number of sources, including (but not limited to) SNMP. RRDTool then stores information in its database. With no aggregation, and assuming your device has accurate SNMP, this should be 100% accurate. While you are right that the defaults for RRDTOOL aggregate data (after a day, week, and month, approximately) those aggregates can be disabled keeping the raw data. RRDTool does not store the raw data. Even for 5-minute intervals, it adjusts the data vs. the timestamp to fit the desired interval. Since you don't read every counter at the exact time of your interval, RRDTool is always manipulating the numbers to fit. The only numbers that are not changed before storing are the timestamp and value for the most recent update (which get overwritten at each update); everything else is adjusted to fit. I suggest reading http://oss.oetiker.ch/rrdtool/tut/rrd-beginners.en.html -- Stephen Clark *NetWolves* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.cl...@netwolves.com http://www.netwolves.com
Re: Polling Bandwidth as an Aggregate
On 20/01/2012 15:44, Nick Hilliard n...@foobar.org wrote: No. This is one of cacti's major failings: there is no externally accessible API. Not an external API but scripts have been available for some time now: http://www.cacti.net/downloads/docs/html/scripts.html Ian
Re: Polling Bandwidth as an Aggregate
2012/1/20 Chris Adams cmad...@hiwaay.net Once upon a time, Leo Bicknell bickn...@ufp.org said: To suggest Netflow is more accurate than rrdtool seems rather strange to me. It can be as accurate, but is not the way most people deploy it. Comparing Netflow to RRDTool is comparing apples to cabinets; one is a source of information and one is a way of storing information. I assumed he meant an RRDTool kit that creates graphs with RRDTool. Technically, mysql is the way of storing information. RRDTool processes it and has the ability to make it pretty for us humons. RRDTool pulls the SNMP counters from an interface and records them to a file. No, RRDTool stores data given to it by a front end such as MRTG, Cricket, Cacti, etc. That front end can fetch data from any number of sources, including (but not limited to) SNMP. RRDTool then stores information in its database. Same as above With no aggregation, and assuming your device has accurate SNMP, this should be 100% accurate. While you are right that the defaults for RRDTOOL aggregate data (after a day, week, and month, approximately) those aggregates can be disabled keeping the raw data. RRDTool does not store the raw data. Even for 5-minute intervals, it adjusts the data vs. the timestamp to fit the desired interval. Since you don't read every counter at the exact time of your interval, RRDTool is always manipulating the numbers to fit. The only numbers that are not changed before storing are the timestamp and value for the most recent update (which get overwritten at each update); everything else is adjusted to fit. I think every graphing tool does this. I pretty much ignored this though since I was asking about aggregating data from multiple objects not aggregating data over time. Cheers -- Chris Adams cmad...@hiwaay.net Systems and Network Administrator - HiWAAY Internet Services I don't speak for anybody but myself - that's enough trouble.
Re: Megaupload.com seized
- Original Message - From: Robert Bonomi bon...@mail.r-bonomi.com Mark Andrews ma...@isc.org wrote: I suspect most file sharing site don't have illegal content. Most would have some content that is there without the permission of the copyright holder. These are different things. nitpick Without the permission of the copyright holder _is_ contrary to statute, and thus 'against the law'. As such 'illegal' is _not_ an incorrect term to apply to the situation. It may not be a _criminal_ violation, but it is still proscribed by law. Illegal and criminal -- _these_ are different things. nitpick level=2 The *act of making the copy (available)* may be contrary to law (and whether the law should make this particular category of copyright infringement a criminal offense, rather than the civil one it's been for over a century is a completely different topic :-)... but whether the *contents of the file themselves* contravene some law is, I think, the issue that Mark was talking about, and clearly we all agree, a copy of Gigli, while a crime against nature, is not inherently criminal, in the way that a Traci Lords film is. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: Polling Bandwidth as an Aggregate
On 20/01/2012 15:48, Leo Bicknell wrote: I find using MRTG is easier than Cacti for _automation_ purposes. It also has another slightly subtle but hugely useful advantage: the primary index reference of a graph does not refer to an interface name or a number, but can be defined as an arbitrary unique token. This is ridiculously useful when it comes to 3rd party scripting and moving customers around the place Nick
Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)
BBN has also released an initial version of their relying party software. Core features are basically the same as the other validators (namely, RPKI certificate validation), with -- more fine-grained error diagnostics and -- more robust support for the RTR protocol for distributing validated information to routers. http://www.ietf.org/mail-archive/web/sidr/current/msg03854.html On Fri, Jan 20, 2012 at 9:39 AM, Alex Band al...@ripe.net wrote: If you want to play around with RPKI Origin Validation, you can download the RIPE NCC RPKI Validator here: http://ripe.net/certification/tools-and-resources It's simple to set up and use: just unzip the package on a *NIX system, run ./bin/rpki-validator and browse to http://localhost:8080 EuroTransit have a public one running here: http://rpki01.fra2.de.euro-transit.net:8080/ You can see it's pointing to several Trust Anchors, downloads and validates all ROA periodically, you can apply ignore filters and white lists, see a BGP announcement validity preview based on route collector data, integrates with existing (RPSL based) workflows and can talk to RPKI-capable routers. If you want to get an idea of how an RPKI-capable router would be configured, here's some sample config for Cisco and Juniper: http://www.ripe.net/certification/router-configuration You can also log into a public RPKI-capable Juniper here: 193.34.50.25, 193.34.50.26 telnet username: rpki password: testbed With additional documentation available here: http://rpki01.fra2.de.euro-transit.net/documentation.html Have fun, Alex On 20 Jan 2012, at 13:08, Arturo Servin wrote: You could use RPKI and origin validation as well. We have an application that does that. http://www.labs.lacnic.net/rpkitools/looking_glass/ For example you can periodically check if your prefix is valid: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/valid/cidr/200.7.84.0/23/ If it were invalid for a possible hijack it would look like: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/invalid/cidr/200.31.18.0/24/ Or you can just query for any state: http://www.labs.lacnic.net/rpkitools/looking_glass/rest/all/cidr/200.31.12.0/22/ Regards, as On 20 Jan 2012, at 07:47, Yang Xiang wrote: Hi, I build a system ‘Argus’ to real-timely alert prefix hijackings. Argus monitors the Internet and discovers anomaly BGP updates which caused by prefix hijacking. When Argus discovers a potential prefix hijacking, it will advertise it in a very short time, both in our website (http://argus.csnet1.cs.tsinghua.edu.cn) and the mailing list (ar...@csnet1.cs.tsinghua.edu.cn). Argus has been running in the Internet for more than eight months, it usually can discover potential prefix hijackings in ten seconds after the first anomaly BGP update announced. Several hijacking alarms have been confirmed by network operators. For example: http://argus.csnet1.cs.tsinghua.edu.cn/fingerprints/61544/ has been confirmed by the network operators of AS23910 and AS4538, it was a prefix hijacking caused by a mis-configuration of route filter. If you are interest in BGP security, welcome to visit our website and subscribe the mailing list. If you are interest in the system itself, you can find our paper which published in ICNP 2011 (FIST workshop) http://ieeexplore.ieee.org/xpl/freeabs_all.jsp?arnumber=6089080. Hope Argus will be useful for you. _ Yang Xiang . about.me/xiangyang Ph.D candidate. Tsinghua University Argus: argus.csnet1.cs.tsinghua.edu.cn
Re: juniper mx80 vs cisco asr 1000
While the ASR1002 does offer more services, I generally disagree with some parts of this comparison. Juniper has some very aggressive pricing on mx80 bundles license-locked to 5gb, which are cheaper and blow the performance specifications of the equivalent low end ASR1002 out of the water for internet edge BGP applications. Unlike the ASR, a simple upgrade license can unlock the boxes full potential. Just my opinion as a customer of both vendors... On Fri, Jan 20, 2012 at 1:14 AM, Saku Ytti s...@ytti.fi wrote: On (2012-01-19 12:10 -0800), jon Heise wrote: Does anyone have any experience with these two routers, we're looking to buy one of them but i have little experience dealing with cisco routers and zero experience with juniper. It might be because of your schedule/timetable, but you are comparing apples to oranges. MX80 is not competing against ASR1k, and JNPR has no product to compete with ASR1k. MX80 competes directly with ASR9001. Notable differences include: ASR9001 has lot more memory (2GB/8GB) and lot faster control-plane ASR9001 has 120G of capacity, MX80 80G ASR9001 BOM is higher, as it is not fabricless design like MX80 (this shouldn't affect sale price in relevant way) ASR9001 does not ship just now As others have pointed out ASR1k is 'high touch' router, it does NAPT, IPSEC, pretty much anything and everything, it is the next-gen VXR really. ASR9001 and MX80 both do relatively few things, but at high capacity. -- ++ytti
Re: Argus: a hijacking alarm system
On 20 January 2012 07:53, Rich Kulawiec r...@gsp.org wrote: On Fri, Jan 20, 2012 at 05:47:21PM +0800, Yang Xiang wrote: I build a system ?Argus? to real-timely alert prefix hijackings. A suggestion: pick a different name. There's already a network tool named Argus (it's been around for years): http://www.qosient.com/argus/ I suggest using the name of a different Wishbone Ash album: Bona Fide. ;-) ---rsk Ha, there are already two with the name Argus: http://argus.tcp4me.com/ also been around for years... .r'
RE: Polling Bandwidth as an Aggregate
RTG uses MySQL for it's backend, so you can basically setup queries however you like and you can use RTGPOLL to graph multiple interfaces as well. It's a super good tool and I think there is a group working on RTG2 at googlecode (I think). Another RTG user! I didn't know many of us existed! RTG is a great tool. It's design (perl and PHP and MySQL) lends itself to being modified at will; integration with tools like PHP NetworkWeathermap is very straightforward (http://pastebin.com/9RiZx4A8), and the MySQL backend makes it super flexible. There's no aggregation of data, unless you hack it in yourself with some fancy queries. RTG's data is ideal for doing MySQL partitioning, and there are some indexes that need to be added. But when you get those things in place, it becomes fast and powerful - and it's easy to drop out old data without a lengthy query (just drop the partition). The fact that each SNMP device gets its own table is also a big performance win over the more popular tools. The web interface allows for interface aggregation, and the code for doing that could probably be reverse engineered easily enough for other reporting mechanisms as well. Nathan Eisenberg
Re: Illegal content (Re: Megaupload.com seized)
Carsten Bormann c...@tzi.org wrote: On Jan 20, 2012, at 11:25, Robert Bonomi wrote: Public distribution without the permission of the copyright owner is illegal. This is veering off the purpose of this list, but maybe it is operationally s This is veering off the purpose of this list, but maybe it is operationally s ignificant to be able to use the right terms when a law enforcement officer i s standing in the door. The point is important because a lot of idiots are running around shouting h e had all this copyrighted material on his computer!. Of course he had! Th ere are very few computers that don't carry copyrighted material, startinug f rom the BIOS. By law, _EVERYTHING_ stored on a computer is copyrighted. Whether it is 'in memory', or on some more 'durable' media (disk,tape, etc.) the material has been 'fixed in a tangible medium of expression', and is thus covered by copyright. Copyright is automatic, and occurs when anything is first 'fixed' as described. Without examining the legal context, such as purchasing histor ies, supreme court decisions etc., it is sometime really hard to say whether all of it got there in a legal way, and its presence may be an indication of previous illegal activity. But (at least wrt copyright law) it is never ille gal while sitting somewhere on a computer. Sorry, but the last sentence is simply _not_ true. If the making of the copy was a violation of 17 USC 106 (1) or (2), it's existance is proscribed by law. if it is, by virtue of 'sitting somewhere on a computer', being 'offered to the public' [without benefit of express permission for that activity from the copyright owner(s)], that is a violation of 17 USC 106 (3), So the next time somebody says illegal content, think hate speech or chi ld pornography, lese-majeste or blasphemy, not copyrighted content. Alm ost everything on a computer is copyrighted. Repeating: not 'almost everyting', but _absolutely_ everything. Nitpicking again, but the original references were to computers with 'illegal content' on them, and _not_ files containing illegal content. A file, or other document, can be 'illegal', by reason of a 'making' in violation of 17 USC 106, or because it is being 'offered to the public, in violation of the same law, without the content of the file being illegal. Thus, content on a computer can be legally proscribed -- for reasons not involving the 'content of the content' as it were. :) Responsible (in _all_ meanings of that word :) parties are strongly advised _not_ to rely on any opinions expressed by any individual here, and to professionally consult competent legal counsel with expertise in this specific area for an authoritative opinion.
Re: US DOJ victim letter
From nanog-bounces+bonomi=mail.r-bonomi@nanog.org Fri Jan 20 08:11:24 2012 Date: Fri, 20 Jan 2012 08:07:10 -0600 From: -Hammer- bhmc...@gmail.com To: nanog@nanog.org Subject: Re: US DOJ victim letter On a less serious note, did anyone notice the numbers on the fbi.gov link? I'm pretty sure they are implying those are IP addresses. 123.456.789 and 987.654.321. Must be the same folks that do the Nexus documentation for Cisco. For illustration purposes, for a non-techincal audience, it seems (at least somewhat) reasonable to use 'nonets' instead of octets. After all, 'no nets' are clearly not what DNS -should- be returning. *GRIN* And, of course, systems using the traditional unix dotted-quad to binary conversion logic _will_ happily convert those strings to a 32-bit int.
Re: Illegal content (Re: Megaupload.com seized)
On Fri, 20 Jan 2012 12:46:51 CST, Robert Bonomi said: Sorry, but the last sentence is simply _not_ true. If the making of the copy was a violation of 17 USC 106 (1) or (2), it's existance is proscribed by law. Nice try, but reading 17 USC 503 (b) we see: As part of a final judgment or decree, the court may order the destruction or other reasonable disposition of all copies or phonorecords found to have been made or used in violation of the copyright owner's exclusive rights, and of all plates, molds, matrices, masters, tapes, film negatives, or other articles by means of which such copies or phonorecords may be reproduced. Note - the court *may* order the destruction. It's not mandatory. And there's no implied mandatory destruction elsewhere - if there was, 503(b) wouldn't need to exist because the destruction would already be required, so a court couldn't order additional destruction. pgpnjGgp9IcTf.pgp Description: PGP signature
Re: Megaupload.com seized
On Thu, 19 Jan 2012 22:34:33 -0500, Michael Painter tvhaw...@shaka.com wrote: I quickly read through the indictment, but the gov't claims that when given a takedown notice, MU would only remove the *link* and not the file itself. That's actually a standard practice. It allows the uploader to file a counterclaim and have the content restored. One cannot restore what has already been deleted. However, never going back and cleaning up the undisputed content is a whole other mess of dead monkeys.
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG, TRNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith pfsi...@gmail.com. Routing Table Report 04:00 +10GMT Sat 21 Jan, 2012 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary BGP routing table entries examined: 393115 Prefixes after maximum aggregation: 169030 Deaggregation factor: 2.33 Unique aggregates announced to Internet: 191068 Total ASes present in the Internet Routing Table: 39874 Prefixes per ASN: 9.86 Origin-only ASes present in the Internet Routing Table: 32616 Origin ASes announcing only one prefix: 15498 Transit ASes present in the Internet Routing Table:5384 Transit-only ASes present in the Internet Routing Table:140 Average AS path length visible in the Internet Routing Table: 4.3 Max AS path length visible: 33 Max AS path prepend of ASN (48687) 24 Prefixes from unregistered ASNs in the Routing Table: 2141 Unregistered ASNs in the Routing Table:1089 Number of 32-bit ASNs allocated by the RIRs: 2200 Number of 32-bit ASNs visible in the Routing Table:1874 Prefixes from 32-bit ASNs in the Routing Table:4540 Special use prefixes present in the Routing Table:2 Prefixes being announced from unallocated address space:118 Number of addresses announced to Internet: 2511238896 Equivalent to 149 /8s, 174 /16s and 118 /24s Percentage of available address space announced: 67.8 Percentage of allocated address space announced: 67.8 Percentage of available address space allocated: 100.0 Percentage of address space in use by end-sites: 91.9 Total number of prefixes smaller than registry allocations: 166200 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:97520 Total APNIC prefixes after maximum aggregation: 31610 APNIC Deaggregation factor:3.09 Prefixes being announced from the APNIC address blocks: 93822 Unique aggregates announced from the APNIC address blocks:38983 APNIC Region origin ASes present in the Internet Routing Table:4637 APNIC Prefixes per ASN: 20.23 APNIC Region origin ASes announcing only one prefix: 1240 APNIC Region transit ASes present in the Internet Routing Table:726 Average APNIC Region AS path length visible:4.3 Max APNIC Region AS path length visible: 19 Number of APNIC region 32-bit ASNs visible in the Routing Table:134 Number of APNIC addresses announced to Internet: 635145824 Equivalent to 37 /8s, 219 /16s and 142 /24s Percentage of available APNIC address space announced: 80.5 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 131072-132095, 132096-133119 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:147631 Total ARIN prefixes after maximum aggregation:75140 ARIN Deaggregation factor: 1.96 Prefixes being announced from the ARIN address blocks: 119589 Unique aggregates announced from the ARIN address blocks: 49078 ARIN Region origin ASes present in the Internet Routing Table:14859 ARIN Prefixes per ASN: 8.05 ARIN Region origin ASes announcing only one prefix:
Re: Megaupload.com seized
On 01/20/2012 09:11 AM, Ricky Beam wrote: On Thu, 19 Jan 2012 22:34:33 -0500, Michael Painter tvhaw...@shaka.com wrote: I quickly read through the indictment, but the gov't claims that when given a takedown notice, MU would only remove the *link* and not the file itself. That's actually a standard practice. It allows the uploader to file a counterclaim and have the content restored. One cannot restore what has already been deleted. However, never going back and cleaning up the undisputed content is a whole other mess of dead monkeys. From what I understand about MegaUpload's approach, they created a hash of every file that they stored. If they'd already got a copy of the file that was to be uploaded they'd just put an appropriate link in a users space, saving them storage space, and bandwidth for both parties. Fairly straight forward. Whenever they received a DMCA take-down they would remove the link, not the underlying file, so even though they knew that a file was illegally hosted, they never actually removed it. That comes up for some argument about the ways the company should be practically enforcing a DMCA take-down notice, whether each take-down should apply to just an individual user's link to a file or whether the file itself should be removed. That could be different from circumstance to circumstance. Paul
Re: Megaupload.com seized
On 20 January 2012 19:37, Paul Graydon p...@paulgraydon.co.uk wrote: From what I understand about MegaUpload's approach, they created a hash of every file that they stored. If they'd already got a copy of the file that was to be uploaded they'd just put an appropriate link in a users space, saving them storage space, and bandwidth for both parties. This sounds very similar to data deduplication eg http://www.netapp.com/uk/products/platform-os/dedupe.html
Re: Megaupload.com seized
In a message written on Fri, Jan 20, 2012 at 09:37:16AM -1000, Paul Graydon wrote: From what I understand about MegaUpload's approach, they created a hash of every file that they stored. If they'd already got a copy of the file that was to be uploaded they'd just put an appropriate link in a users space, saving them storage space, and bandwidth for both parties. Fairly straight forward. Whenever they received a DMCA take-down they would remove the link, not the underlying file, so even though they knew that a file was illegally hosted, they never actually removed it. That comes up for some argument about the ways the company should be practically enforcing a DMCA take-down notice, whether each take-down should apply to just an individual user's link to a file or whether the file itself should be removed. That could be different from circumstance to circumstance. Note that with A DMCA take down the original uploader can issue a counter-notice to get the content put back. Most sites don't immediately delete the content but rather disable it in some way so that should the file be counter noticed it can be put back up. Also, when using a hashed file store, it's possible that some uses are infringing and some are not. I might make a movie, put it on Megaupload, and then give the links only to the 5 people who bought it from them. One of them might turn around, upload it again to Megaupload, and share it with the world, infringing on my content. I would hope that when I issue a takedown notice they take down the infringers copy (link), but leave mine in place. None of this should be taken to mean I'm behind Megaupload. I have a greater concern here wondering if law enforcement, the courts, and most importantly the law makers understand the technolgy and can craft and apply laws in a reasonable way. One major issue that already came up is that a whole lot of people used Megaupload for storing perfectly legal content. It's now offline, and there appears to be no way for them to retrieve that data. At what percentage is that reasonable? If 99% of your users are infringing? 50%? 1%? Could this be used to take down your competitors? Buy some Amazon instances and put a bunch of infringing content on them, and then watch the feds seize all of Amazon's servers? Lots of troubling questions, no good answers. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpCRdC0cCbOU.pgp Description: PGP signature
Re: Megaupload.com seized
- Original Message - From: Paul Graydon p...@paulgraydon.co.uk To: nanog@nanog.org Sent: Friday, January 20, 2012 2:37:16 PM Subject: Re: Megaupload.com seized SNIP From what I understand about MegaUpload's approach, they created a hash of every file that they stored. SNIP So Megaupload did de-dupe.. Compare that to selecting the de-dupe option in your NetApp (or having someone else do it for you) and in that case other instances can exist on your site and you really don't know because, well De-Dupe is magic right? Are you doing the wrong thing by only removing the instance of that file that was complained about? Or are you required to dig further? I would think not. Is it possible that a file could be legal and illegal at the same time based on context of use? Like some guy is backing up his legitimate copy in his locker and some other guy is putting it out there for all his buddies.. Its the same file, de-dupe does its thing and now we need to re-think what do when we get a complaint. -Scott
Re: Megaupload.com seized
On Fri, 20 Jan 2012 14:37:16 -0500, Paul Graydon p...@paulgraydon.co.uk wrote: ... Whenever they received a DMCA take-down they would remove the link, not the underlying file, so even though they knew that a file was illegally hosted, they never actually removed it. And that's where their safe harbour evaporated. Upon receiving notice a file is infinging, they know that *file* is illegal, and must now remove all the links to it, not just the one that was reported. Mega is in a possition to know all the links, where as the copyright holder is not. They thought they had a gaping loophole. Well, the DOJ is about to teach them how wrong they are.
Re: juniper mx80 vs cisco asr 1000
The MX80 license locked is not 5Gb The MX5 is 20Gb TP - 20 SFP ports card, only one MIC slot active The MX10 is 40Gb TP - 20 SFP ports card. both MIC slots active The MX40 is 60Gb TP - 20 SFP ports card, both MIC slots + 2 of the onboard 10GbE ports The MX80 is 80Gb TP - 20 SFP ports card, both MIC slots + all 4 of the onboard 10GbE ports The MX80-48T is 80Gb TP - 48 Copper ports, both MIC slots + all 4 of the onboard 10GbE ports Last year the licensed versions were called MX80-5G, MX8-10G and so on, but as on this month they've renamed them to MX5, MX10, MX40's - note that the old MX80 could come with or without -T timing support, the new ones ONLY have timing. …Skeeve On Sat, Jan 21, 2012 at 3:50 AM, PC paul4...@gmail.com wrote: While the ASR1002 does offer more services, I generally disagree with some parts of this comparison. Juniper has some very aggressive pricing on mx80 bundles license-locked to 5gb, which are cheaper and blow the performance specifications of the equivalent low end ASR1002 out of the water for internet edge BGP applications. Unlike the ASR, a simple upgrade license can unlock the boxes full potential. Just my opinion as a customer of both vendors... On Fri, Jan 20, 2012 at 1:14 AM, Saku Ytti s...@ytti.fi wrote: On (2012-01-19 12:10 -0800), jon Heise wrote: Does anyone have any experience with these two routers, we're looking to buy one of them but i have little experience dealing with cisco routers and zero experience with juniper. It might be because of your schedule/timetable, but you are comparing apples to oranges. MX80 is not competing against ASR1k, and JNPR has no product to compete with ASR1k. MX80 competes directly with ASR9001. Notable differences include: ASR9001 has lot more memory (2GB/8GB) and lot faster control-plane ASR9001 has 120G of capacity, MX80 80G ASR9001 BOM is higher, as it is not fabricless design like MX80 (this shouldn't affect sale price in relevant way) ASR9001 does not ship just now As others have pointed out ASR1k is 'high touch' router, it does NAPT, IPSEC, pretty much anything and everything, it is the next-gen VXR really. ASR9001 and MX80 both do relatively few things, but at high capacity. -- ++ytti -- *Skeeve Stevens, CEO* eintellego Pty Ltd ske...@eintellego.net.au ; www.eintellego.net Phone: 1300 753 383 ; Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellego twitter.com/networkceoau ; www.linkedin.com/in/skeeve PO Box 7726, Baulkham Hills, NSW 1755 Australia The Experts Who The Experts Call Juniper - Cisco – Brocade - IBM
Re: Megaupload.com seized
aka deduplication. In Viacom vs. YouTube it was pretty successfully argued that there was no way for YT to know that *every* instance of a work was illegally uploaded. However they *were* able to produce 'smoking gun' evidence of Viacom agents uploading material. j On Fri, Jan 20, 2012 at 2:37 PM, Paul Graydon p...@paulgraydon.co.ukwrote: From what I understand about MegaUpload's approach, they created a hash of every file that they stored. If they'd already got a copy of the file that was to be uploaded they'd just put an appropriate link in a users space, saving them storage space, and bandwidth for both parties. Fairly straight forward. Whenever they received a DMCA take-down they would remove the link, not the underlying file, so even though they knew that a file was illegally hosted, they never actually removed it. That comes up for some argument about the ways the company should be practically enforcing a DMCA take-down notice, whether each take-down should apply to just an individual user's link to a file or whether the file itself should be removed. That could be different from circumstance to circumstance. Paul -- --- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com VP (Admin) - ISOC-NY - http://isoc-ny.org -- -
Re: juniper mx80 vs cisco asr 1000
Thank you, that is great to know and have for reference. Yeah, looking at this invoice from a a few months back, I have a MX80 Promotional 5G Bundle for channels... So I'm guessing that's now the MX5. (I had assumed it was a mx80 in my response). My first Juniper box ever, so forgive my confusion. As you might guess, I'm only pushing ~3 gig through it... but am very happy with it so far. On Fri, Jan 20, 2012 at 1:06 PM, Skeeve Stevens ske...@eintellego.netwrote: The MX80 license locked is not 5Gb The MX5 is 20Gb TP - 20 SFP ports card, only one MIC slot active The MX10 is 40Gb TP - 20 SFP ports card. both MIC slots active The MX40 is 60Gb TP - 20 SFP ports card, both MIC slots + 2 of the onboard 10GbE ports The MX80 is 80Gb TP - 20 SFP ports card, both MIC slots + all 4 of the onboard 10GbE ports The MX80-48T is 80Gb TP - 48 Copper ports, both MIC slots + all 4 of the onboard 10GbE ports Last year the licensed versions were called MX80-5G, MX8-10G and so on, but as on this month they've renamed them to MX5, MX10, MX40's - note that the old MX80 could come with or without -T timing support, the new ones ONLY have timing. …Skeeve On Sat, Jan 21, 2012 at 3:50 AM, PC paul4...@gmail.com wrote: While the ASR1002 does offer more services, I generally disagree with some parts of this comparison. Juniper has some very aggressive pricing on mx80 bundles license-locked to 5gb, which are cheaper and blow the performance specifications of the equivalent low end ASR1002 out of the water for internet edge BGP applications. Unlike the ASR, a simple upgrade license can unlock the boxes full potential. Just my opinion as a customer of both vendors... On Fri, Jan 20, 2012 at 1:14 AM, Saku Ytti s...@ytti.fi wrote: On (2012-01-19 12:10 -0800), jon Heise wrote: Does anyone have any experience with these two routers, we're looking to buy one of them but i have little experience dealing with cisco routers and zero experience with juniper. It might be because of your schedule/timetable, but you are comparing apples to oranges. MX80 is not competing against ASR1k, and JNPR has no product to compete with ASR1k. MX80 competes directly with ASR9001. Notable differences include: ASR9001 has lot more memory (2GB/8GB) and lot faster control-plane ASR9001 has 120G of capacity, MX80 80G ASR9001 BOM is higher, as it is not fabricless design like MX80 (this shouldn't affect sale price in relevant way) ASR9001 does not ship just now As others have pointed out ASR1k is 'high touch' router, it does NAPT, IPSEC, pretty much anything and everything, it is the next-gen VXR really. ASR9001 and MX80 both do relatively few things, but at high capacity. -- ++ytti -- *Skeeve Stevens, CEO* eintellego Pty Ltd ske...@eintellego.net.au ; www.eintellego.net Phone: 1300 753 383 ; Fax: (+612) 8572 9954 Cell +61 (0)414 753 383 ; skype://skeeve facebook.com/eintellego twitter.com/networkceoau ; www.linkedin.com/in/skeeve PO Box 7726, Baulkham Hills, NSW 1755 Australia The Experts Who The Experts Call Juniper - Cisco – Brocade - IBM
Re: Megaupload.com seized
Incidentally, some traffic stats on http://gigaom.com/2012/01/20/follow-the-traffic-what-megauploads-downfall-did-to-the-web/ MegaUpload was indeed one of the more popular sites on the web for storing and sharing content. It ranked as .98 percent of the total web traffic in the U.S. and 11.39 of the total web traffic in Brazil. It garnered 1.95 percent of the traffic in Asia-Pac and a less substantial .86 percent in Europe. -- --- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com VP (Admin) - ISOC-NY - http://isoc-ny.org -- -
Re: Megaupload.com seized
In article 20120120200216.ga62...@ussenterprise.ufp.org, Leo Bicknell bickn...@ufp.org writes Also, when using a hashed file store, it's possible that some uses are infringing and some are not. I might make a movie, put it on Megaupload, and then give the links only to the 5 people who bought it from them. One of them might turn around, upload it again to Megaupload, and share it with the world, infringing on my content. I would hope that when I issue a takedown notice they take down the infringers copy (link), but leave mine in place. It's been suggested that many movies which have been made widely available without the film company's permission were derived from legitimate copies supplied to reviewers. This is a similar issue to the unfortunate AUP of some access providers that say users are prohibited from downloading any copyrighted material, when the majority of websites are exactly that. In Europe we have a Copyright Directive which seeks to legitimise what could be termed incidental copying involved in using a browser, and I'm happy to say I was one of the industry people who persuaded a sceptical previous generation of media lawyers that this was OK. -- Roland Perry
Re: Megaupload.com seized
On Fri, Jan 20, 2012 at 3:02 PM, Leo Bicknell bickn...@ufp.org wrote: In a message written on Fri, Jan 20, 2012 at 09:37:16AM -1000, Paul Graydon wrote: From what I understand about MegaUpload's approach, they created a hash of every file that they stored. If they'd already got a copy of the file that was to be uploaded they'd just put an appropriate link in a users space, saving them storage space, and bandwidth for both parties. Fairly straight forward. Whenever they received a DMCA take-down they would remove the link, not the underlying file, so even though they knew that a file was illegally hosted, they never actually removed it. That comes up for some argument about the ways the company should be practically enforcing a DMCA take-down notice, whether each take-down should apply to just an individual user's link to a file or whether the file itself should be removed. That could be different from circumstance to circumstance. Note that with A DMCA take down the original uploader can issue a counter-notice to get the content put back. Most sites don't immediately delete the content but rather disable it in some way so that should the file be counter noticed it can be put back up. Also, when using a hashed file store, it's possible that some uses are infringing and some are not. I might make a movie, put it on Megaupload, and then give the links only to the 5 people who bought it from them. One of them might turn around, upload it again to Megaupload, and share it with the world, infringing on my content. I would hope that when I issue a takedown notice they take down the infringers copy (link), but leave mine in place. None of this should be taken to mean I'm behind Megaupload. I have My take only, of course a greater concern here wondering if law enforcement, maybe the courts, probably not and most importantly the law makers You've got to be kidding. understand the technolgy and can craft and apply laws in a reasonable way. A new scientific truth does not triumph by convincing its opponents and making them see the light, but rather because its opponents eventually die, and a new generation grows up that is familiar with it. -- Max Planck, We're in for an interesting few years. One major issue that already came up is that a whole lot of people used Megaupload for storing perfectly legal content. It's now offline, and there appears to be no way for them to retrieve that data. At what percentage is that reasonable? If 99% of your users are infringing? 50%? 1%? Could this be used to take down your competitors? Buy some Amazon instances and put a bunch of infringing content on them, and then watch the feds seize all of Amazon's servers? Maybe. It would help if you had a budget to lobby Congress sufficiently. Regards Marshall Lots of troubling questions, no good answers. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/
BGP Update Report
BGP Update Report Interval: 12-Jan-12 -to- 19-Jan-12 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS34205 50143 3.1%5571.4 -- MRBD-AS OJSC Rostelecom 2 - AS840245021 2.8% 31.8 -- CORBINA-AS OJSC Vimpelcom 3 - AS982938928 2.4% 43.9 -- BSNL-NIB National Internet Backbone 4 - AS42116 28307 1.7% 505.5 -- ERTH-NCHLN-AS CJSC ER-Telecom Holding 5 - AS580025683 1.6% 88.9 -- DNIC-ASBLK-05800-06055 - DoD Network Information Center 6 - AS28683 25418 1.6% 385.1 -- BENINTELECOM 7 - AS32528 24552 1.5% 12276.0 -- ABBOTT Abbot Labs 8 - AS12479 24301 1.5% 86.8 -- UNI2-AS France Telecom Espana SA 9 - AS24560 22794 1.4% 26.6 -- AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 10 - AS20632 20437 1.2% 704.7 -- PETERSTAR-AS PeterStar 11 - AS755219776 1.2% 22.1 -- VIETEL-AS-AP Vietel Corporation 12 - AS17488 18392 1.1% 51.4 -- HATHWAY-NET-AP Hathway IP Over Cable Internet 13 - AS11617 17168 1.1%1073.0 -- BT Latam Mexico, S.A. de C.V. 14 - AS211814076 0.9% 11.3 -- RELCOM-AS OOO NPO Relcom 15 - AS31148 14029 0.9% 21.1 -- FREENET-AS FreeNet ISP 16 - AS19223 13187 0.8% 13187.0 -- NTEGRATED-SOLUTIONS - Ntegrated Solutions 17 - AS606612172 0.8%6086.0 -- VERIZON-BUSINESS-MAE-AS6066 - Verizon Business Network Services Inc. 18 - AS17639 12045 0.7%2409.0 -- COMCLARK-AS ComClark Network Technology Corp. 19 - AS28573 10447 0.6% 10.1 -- NET Servicos de Comunicao S.A. 20 - AS949810165 0.6% 16.7 -- BBIL-AP BHARTI Airtel Ltd. TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS19223 13187 0.8% 13187.0 -- NTEGRATED-SOLUTIONS - Ntegrated Solutions 2 - AS32528 24552 1.5% 12276.0 -- ABBOTT Abbot Labs 3 - AS263416395 0.4%6395.0 -- OSI-ASP - Open Solutions Inc. 4 - AS606612172 0.8%6086.0 -- VERIZON-BUSINESS-MAE-AS6066 - Verizon Business Network Services Inc. 5 - AS34205 50143 3.1%5571.4 -- MRBD-AS OJSC Rostelecom 6 - AS17639 12045 0.7%2409.0 -- COMCLARK-AS ComClark Network Technology Corp. 7 - AS652731916 0.1%1916.0 -- -Private Use AS- 8 - AS488061349 0.1%1349.0 -- SMARTS-IVANOVO-AS OJSC SMARTS 9 - AS186881179 0.1%1179.0 -- TGIX - Thaumaturgix, Inc 10 - AS11617 17168 1.1%1073.0 -- BT Latam Mexico, S.A. de C.V. 11 - AS49369 934 0.1% 934.0 -- AORS-AS Staff Governor and Government of the Orenburg region 12 - AS518254608 0.3% 921.6 -- TELZAR-ASN TELZAR INTERNATIONAL TELECOMINICATIONS LTD 13 - AS53362 884 0.1% 884.0 -- MIXIT-AS - Mixit, Inc. 14 - AS20632 20437 1.2% 704.7 -- PETERSTAR-AS PeterStar 15 - AS574051096 0.1% 548.0 -- MIHAN-NOC2 MIHAN COMMUNICATION SYSTEMS CO.,LTD 16 - AS42116 28307 1.7% 505.5 -- ERTH-NCHLN-AS CJSC ER-Telecom Holding 17 - AS6072 6440 0.4% 460.0 -- UNISYS-6072 For routing issues, email hostmas...@unisys.com 18 - AS22386 459 0.0% 459.0 -- SARB 19 - AS56931 447 0.0% 447.0 -- KKDD-AS Trest Spetsstroymontazh LTD 20 - AS7099 443 0.0% 443.0 -- NORTELRCH - NORTEL TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 84.204.132.0/24 20335 1.2% AS20632 -- PETERSTAR-AS PeterStar 2 - 67.97.156.0/2413187 0.8% AS19223 -- NTEGRATED-SOLUTIONS - Ntegrated Solutions 3 - 130.36.34.0/2412277 0.7% AS32528 -- ABBOTT Abbot Labs 4 - 130.36.35.0/2412275 0.7% AS32528 -- ABBOTT Abbot Labs 5 - 182.64.0.0/16 8538 0.5% AS24560 -- AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services 6 - 62.36.252.0/22 7614 0.4% AS12479 -- UNI2-AS France Telecom Espana SA 7 - 202.92.235.0/246626 0.4% AS9498 -- BBIL-AP BHARTI Airtel Ltd. 8 - 111.125.126.0/24 6527 0.4% AS17639 -- COMCLARK-AS ComClark Network Technology Corp. 9 - 81.89.122.0/24 6513 0.4% AS34205 -- MRBD-AS OJSC Rostelecom AS34584 -- KHBDSV OJSC Rostelecom 10 - 81.89.118.0/24 6502 0.4% AS34205 -- MRBD-AS OJSC Rostelecom AS34584 -- KHBDSV OJSC Rostelecom 11 - 81.89.119.0/24 6501 0.4% AS34205 -- MRBD-AS OJSC Rostelecom AS34584 -- KHBDSV OJSC Rostelecom 12 - 109.236.224.0/20 6410 0.4% AS34205 -- MRBD-AS OJSC Rostelecom 13 - 81.89.123.0/24 6405 0.4% AS34205 -- MRBD-AS OJSC Rostelecom AS34584
Re: juniper mx80 vs cisco asr 1000
I certainly agree they have very different applications, and hopefully that will help those looking for this kind of insight. On Fri, Jan 20, 2012 at 3:54 PM, Saku Ytti s...@ytti.fi wrote: On (2012-01-20 09:50 -0700), PC wrote: Juniper has some very aggressive pricing on mx80 bundles license-locked to 5gb, which are cheaper and blow the performance specifications of the equivalent low end ASR1002 out of the water for internet edge BGP applications. Unlike the ASR, a simple upgrade license can unlock the boxes full potential. ASR1002 list price is 18kUSD, MX5 list price is 29.5kUSD. Upgrade license for MX5 - MX80 literally costs more than new MX80 (with all but jflow license, two psu and 20SFP MIC) Sure MX5 will do line rate on 20 SFP ports, vastly more than ASR1002, but this is little consolation if you need high touch services such as NAPT, IPSEC etc. So applications for these boxes are quite different. -- ++ytti
Re: Argus: a hijacking alarm system
On Fri, Jan 20, 2012 at 10:45 PM, RijilV rij...@riji.lv wrote: A suggestion: pick a different name. There's already a network tool named Argus (it's been around for years): http://www.qosient.com/argus/ I suggest using the name of a different Wishbone Ash album: Bona Fide. ;-) Ha, there are already two with the name Argus: http://argus.tcp4me.com/ Argus being a many eyed dog from greek myth .. no surprise a lot of tools that do this kind of thing have the very same name. Call it panopticon maybe? [nastier connotations - originally a prison design by jeremy bentham where a warder sitting in the center could see everything around him] --srs
Re: Polling Bandwidth as an Aggregate
On Jan 20, 2012, at 12:49, Nathan Eisenberg nat...@atlasnetworks.us wrote: The web interface allows for interface aggregation, and the code for doing that could probably be reverse engineered easily enough for other reporting mechanisms as well. On this point (of nice aggregation UIs) is anyone here using Graphite as a backend for their time series data stores? You have to supply/write the poller yourself but it seems an ideal backend for a just graph everything approach which allows the poller to use SNMP get-bulk requests which I haven't seen other pollers (rtg/mrtg/spine) doing. ~Matt
Re: Polling Bandwidth as an Aggregate
Matt Addison matt.addi...@lists.evilgeni.us wrote: On this point (of nice aggregation UIs) is anyone here using Graphite as a backend for their time series data stores? I'm not personally, but I know some of our support clients are happily using it along with OpenNMS' support for outboarding of data storage via TCP and Google protobuf. -jeff
Re: How are you doing DHCPv6 ?
On Tue, Jan 17, 2012 at 4:04 PM, Randy Carpenter rcar...@network1.netwrote: We have a requirement for it to be a redundant server that is centrally located. DHCPv6 will be relayed from each customer access segment. We have been looking at using ISC dhcpd, as that is what we use for v4. However, it currently does not support any redundancy. [snip] When you say you require redundant DHCPD, what do you mean by that? The DHCP protocol is mostly stateless, aside from offers made, which are stored persistently in a database. Therefore, you can cluster the DHCPD daemon, without modifications to the ISC DHCPD software. There is no shortage of cluster management software that is up to the task of keeping a service active on an active node, and keeping the service inactive on a standby (or failed) node. Achieving redundancy against DHCPD failure is mostly a design and configuration question, not a matter of finding a DHCPD implementation that has redundancy. If by redundancy you mean active/active pair of servers, for load balancing rather than failover, that implies DHCP servers with non-overlapping pools to assign from, and is generally a much more complicated objective to achieve with DHCP whether v4 or v6. -- -JH
Re: Megaupload.com seized
- Original Message - From: Ricky Beam jfb...@gmail.com On Fri, 20 Jan 2012 14:37:16 -0500, Paul Graydon p...@paulgraydon.co.uk wrote: ... Whenever they received a DMCA take-down they would remove the link, not the underlying file, so even though they knew that a file was illegally hosted, they never actually removed it. And that's where their safe harbour evaporated. Upon receiving notice a file is infinging, they know that *file* is illegal, and must now remove all the links to it, not just the one that was reported. Mega is in a possition to know all the links, where as the copyright holder is not. They thought they had a gaping loophole. Well, the DOJ is about to teach them how wrong they are. Nope; I agree with the amusingly psuedonymmed Administrator who posted immediately before you: the possibility exists that there's a copy of that file uploaded legally because some other client of the site has the right to do so... and if you delete the underlying file, you're then screwing over that other paying customer who isn't breaking the law. Is everyone beginning to see how legislators and LEOs who simply don't understand the playing field are a critically dangerous condition, here? This is precisely the grounds on which we opposed SOPA. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: How are you doing DHCPv6 ?
- Original Message - On Tue, Jan 17, 2012 at 4:04 PM, Randy Carpenter rcar...@network1.net wrote: We have a requirement for it to be a redundant server that is centrally located. DHCPv6 will be relayed from each customer access segment. We have been looking at using ISC dhcpd, as that is what we use for v4. However, it currently does not support any redundancy. [snip] When you say you require redundant DHCPD, what do you mean by that? The DHCP protocol is mostly stateless, aside from offers made, which are stored persistently in a database. Therefore, you can cluster the DHCPD daemon, without modifications to the ISC DHCPD software. DHCP is certainly not stateless, which is why there is a concept of leases, which are stored in a file. You can't have 2 servers answering for the same subnet without some sort of coordination, or you would have a potential for duplicate addresses being assigned. There is no shortage of cluster management software that is up to the task of keeping a service active on an active node, and keeping the service inactive on a standby (or failed) node. Achieving redundancy against DHCPD failure is mostly a design and configuration question, not a matter of finding a DHCPD implementation that has redundancy. If by redundancy you mean active/active pair of servers, for load balancing rather than failover, that implies DHCP servers with non-overlapping pools to assign from, and is generally a much more complicated objective to achieve with DHCP whether v4 or v6. I mean for failover, not load balancing. The other issue we are encountering with IPv6 is that ISC DHCPD does not log very much at all for DHCPv6. Also, we have yet to find something reliable to identify a particular client. It looks the only thing that is sent is the link local address, which is randomized on windows machines. The MAC address does not appear to ever be sent. This makes it impossible to apply any policies based on client. -Randy
Re: Megaupload.com seized
Technical nuances notwithsatnding, isn't the guts of the case that the megaupload team wilfully engaged in harbouring infringing files as evidenced by the email snooping, eg boasting to each other about having feature movies available prior to release etc. Similar evidence brought grokster down, and was confirmed by the US Supreme Court. j -- --- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com VP (Admin) - ISOC-NY - http://isoc-ny.org -- -