Any advantage of announcing IPv6/64s Or purely misconfiguration?
Hello everyone I was just looking around and say a major Indian provider Sify (AS9583) is announcing /64s via BGP along with main /32 which is their allocation from APNIC. inet6num: 2001:0E48::/32 netname:SILNET descr: Sify Limited descr: Value Added Network service provider country:IN admin-c:HS51-AP tech-c: HS51-AP status: ALLOCATED PORTABLE mnt-by: APNIC-HM mnt-lower: MAINT-IN-SIFY changed:hm-chan...@apnic.net 20040211 changed:hm-chan...@apnic.net 20060117 source: APNIC As per IPv6 prefixes announced by AS9583 via bgp.he.net - http://bgp.he.net/AS9583#_prefixes6 we can see multiple /64s. Prefixhttp://bgp.he.net/AS9583#Description http://bgp.he.net/AS9583# 2001:0e48::/32 http://bgp.he.net/net/2001:0e48::/32Sify Limited [image: India] 2001:0e48::0001::/64 http://bgp.he.net/net/2001:0e48::0001::/64Sify Limited [image: India] 2001:0e48::0002::/64 http://bgp.he.net/net/2001:0e48::0002::/64Sify Limited [image: India] 2001:0e48::0004::/64 http://bgp.he.net/net/2001:0e48::0004::/64Sify Limited [image: India] I see Tata Comm (Sify's upstream) is accepting /64s while Tinet (one of other upstream) is dropping and taking only /32. Other major backbones like HE, Level3 dropping but Telia still accepting. Pretty much mixed result. Is it simply a misconfiguration or there is some use of announcing /64s along with main /32? Thanks. -- Anurag Bhatia Web: anuragbhatia.com Skype: anuragbhatia.com Linkedin http://in.linkedin.com/in/anuragbhatia21 | Twitterhttps://twitter.com/anurag_bhatia| Google+ https://plus.google.com/118280168625121532854
Re: Any advantage of announcing IPv6/64s Or purely misconfiguration?
On 09/07/2012 08:17, Anurag Bhatia wrote: I was just looking around and say a major Indian provider Sify (AS9583) is announcing /64s via BGP along with main /32 which is their allocation from APNIC. inet6num: 2001:0E48::/32 netname:SILNET I see Tata Comm (Sify's upstream) is accepting /64s while Tinet (one of other upstream) is dropping and taking only /32. Other major backbones like HE, Level3 dropping but Telia still accepting. Pretty much mixed result. Is it simply a misconfiguration or there is some use of announcing /64s along with main /32? I would hope its accidental. Most people I've spoken to won't even consider accepting longer prefixes than /48 and will typically also refuse to accept any prefixes where there are aggregate announces covering them. We're going to end up with a very nasty routing table if people start pumping all their /64s into it. -- Graham Beneke
Re: Any advantage of announcing IPv6/64s Or purely misconfiguration?
As per IPv6 prefixes announced by AS9583 via bgp.he.net - http://bgp.he.net/AS9583#_prefixes6 we can see multiple /64s. The question is why their upstreams are accepting /64? It shouldn't be at all otherwise just imagine how many /64s you have to deal with once IPv6 is in full swing. Regards, Aftab A. Siddiqui
Re: Any advantage of announcing IPv6/64s Or purely misconfiguration?
On 7/9/12 00:09 , Aftab Siddiqui wrote: As per IPv6 prefixes announced by AS9583 via bgp.he.net - http://bgp.he.net/AS9583#_prefixes6 we can see multiple /64s. you likely won't see them in your table though. The question is why their upstreams are accepting /64? It shouldn't be at all otherwise just imagine how many /64s you have to deal with once IPv6 is in full swing. that vantage point of the collector is germain here since if there are more specifics either filtered or no export those routes might appear from the vantage point of an upstream (where the collector is used) but not elsewhere: so consider the cidr report 9583 SIFY-AS-IN Sify Limited Adjacency: 7 Upstream: 5 Downstream: 2 Upstream Adjacent AS list AS6939HURRICANE - Hurricane Electric, Inc. AS10026 PACNET Pacnet Global Ltd AS6453GLOBEINTERNET TATA Communications AS1273CW Cable and Wireless Worldwide plc AS3257TINET-BACKBONE Tinet SpA Downstream Adjacent AS list AS45184 DEN-ISP-AS-IN-AP Den Digital Entertainment Pvt. Ltd. AS ISP india AS17825 MAHINDRABT-AS-AP Tech Mahindra Ltd. Software Development Organisation India Announced IPv6 Prefixes Rank AS TypeOriginate Addr Space (pfx) Transit Addr space (pfx) Description 1337 AS9583 ORG+TRN Originate: 4294967296 /32.00 Transit: 131073 /47.00 SIFY-AS-IN Sify Limited Aggregation Suggestions This report does not take into account conditions local to each origin AS in terms of policy or traffic engineering requirements, so this is an approximate guideline as to aggregation possibilities. Rank ASAS Name Current Wthdw Aggte Annce Redctn % 1448 AS9583 SIFY-AS-IN Sify Limited 1 0 0 1 0 0.00% Prefix AS Path Aggregation Suggestion 2001:e48::/325539 1273 9583 and ask yourself are they really leaking /64s into the DFZ which are being accepted (they aren't) or do they have and adjacency with he.net [jjaeggli@net-oob1.ca2 ~]$ telnet route-views6.routeviews.org Trying 128.223.51.112... Connected to route-views6.routeviews.org (128.223.51.112). Escape character is '^]'. route-views6.routeviews.org show ipv6 bgp 2001:0e48::0001::/64 % Network not in table route-views6.routeviews.org route-views6.routeviews.org show ipv6 bgp 2001:0e48::/32 longer-prefixes BGP table version is 0, local router ID is 128.223.51.112 Status codes: s suppressed, d damped, h history, * valid, best, i - internal, r RIB-failure, S Stale, R Removed Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * 2001:e48::/322001:4810::1 0 33437 29748 6939 7473 9583 i * 2600:803::15 0 701 3549 9583 i * 2001:4830::5 361 0 30071 3549 9583 i * 2001:4830::e 0 0 30071 6453 9583 i * 2001:428::205:171:203:140 829 0 209 10026 9583 i * 2001:428::205:171:203:141 8000919 0 209 174 9583 i * 2001:428::205:171:203:138 851 0 209 3257 9583 i * 2607:4200:10::30 19214 12989 6939 10026 9583 i * 2607:4200:10::20 19214 12989 6939 10026 9583 i * 2001:200:901::50 7660 4635 10026 9583 i * 2001:418:0:1000::f002 1 0 2914 3257 9583 i * 2001:418:0:1000::f000 0 0 2914 174 9583 i * 2001:1890:111d::1 0 7018 174 9583 i * 2001:1620:1::203 1 0 13030 3257 9583 i * 2001:470:0:1a::1 0 6939 10026 9583 i * 2001:668:0:4::2 10 0 3257 9583 i * 2001:240:100:ff::2497:2 0 2497 10026 9583 i * 2610:38:1::1 0 7781 6939 7473 9583 i Total number of prefixes 1 Regards, Aftab A. Siddiqui
Re: Any advantage of announcing IPv6/64s Or purely misconfiguration?
On 7/9/2012 10:45 AM, Joel jaeggli wrote: On 7/9/12 00:09 , Aftab Siddiqui wrote: As per IPv6 prefixes announced by AS9583 via bgp.he.net - http://bgp.he.net/AS9583#_prefixes6 we can see multiple /64s. you likely won't see them in your table though. as direct customer of 6453 I see them. :-( before starting to filter. 6453: will you filter them? Frank #sh bgp ipv6 u 2001:0E48::/32 lo BGP table version is 2543917, local router ID is 41.188.128.35 Status codes: s suppressed, d damped, h history, * valid, best, i - internal, r RIB-failure, S Stale, m multipath, b backup-path, x best-external, f RT-Filter, a additional-path Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path *i2001:E48::/322001:5A0:C00:400::5 0 30 0 6453 9583 i *i2001:E48:0:1::/64 2001:5A0:C00:400::5 0 30 0 6453 9583 ? *i2001:E48:0:2::/64 2001:5A0:C00:400::5 0 30 0 6453 9583 ? *i2001:E48:0:4::/64 2001:5A0:C00:400::5 0 30 0 6453 9583 ? *i2001:E48:0:5::/64 2001:5A0:C00:400::5 0 30 0 6453 9583 ? *i2001:E48:0:6::/64 2001:5A0:C00:400::5 0 30 0 6453 9583 ? *i2001:E48:0:7::/64 2001:5A0:C00:400::5 0 30 0 6453 9583 ? *i2001:E48:0:8::/64 2001:5A0:C00:400::5 0 30 0 6453 9583 ?
Re: FYI Netflix is down
Steve at pirk, I fail to grasp the concept in your argument. You do realise, do you not, that your $ black boxes from your favourite brand name vendor have software running inside of them do you not ? Case in point for example, the recent LINX issues it wasn't the hardware that gave them the headaches, but the software running on it sure did ! I am a big believer in using hardware to load balance data centers, and not leave it up to software in the data center which might fail.
Re: FYI Netflix is down
Hi, Well depending on your black box, your millage will vary. Their wide use of ASIC eliminate a lot of the headache of pure software implementation. Buffer, timing, expected results, etc. Their real sofware only represent a small part of the device and is mostly relegated to management and some L4 to L7 handling. So yes, ASIC/FPGA devices have software their result and behavior are predictable and the system is more stable because of it. PS: Yes, CAM lockout, bad RAM is still a pita for them. In short: It is quite a thing to say that because everything can be categorized as software that someone point is invalid. - Alain Hebertaheb...@pubnix.net PubNIX Inc. 50 boul. St-Charles P.O. Box 26770 Beaconsfield, Quebec H9W 6G7 Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443 On 07/09/12 07:42, gb10hkzo-na...@yahoo.co.uk wrote: Steve at pirk, I fail to grasp the concept in your argument. You do realise, do you not, that your $ black boxes from your favourite brand name vendor have software running inside of them do you not ? Case in point for example, the recent LINX issues it wasn't the hardware that gave them the headaches, but the software running on it sure did ! I am a big believer in using hardware to load balance data centers, and not leave it up to software in the data center which might fail.
Re: FYI Netflix is down
On Mon, 09 Jul 2012 08:07:14 -0400, Alain Hebert said: Their wide use of ASIC eliminate a lot of the headache of pure software implementation. And gets you, in return, the headaches of buggy hardware, where bug-fixing is just a bit harder than load the new release. ;) pgpSvdXo7xMkN.pgp Description: PGP signature
Re: Any advantage of announcing IPv6/64s Or purely misconfiguration?
On Mon, 9 Jul 2012, Anurag Bhatia wrote: I was just looking around and say a major Indian provider Sify (AS9583) is announcing /64s via BGP along with main /32 which is their allocation from APNIC. [snip] Is it simply a misconfiguration or there is some use of announcing /64s along with main /32? Most of the major carriers I've seen appear to have settled on /48 as the smallest IPv6 prefix they will accept, much like /24 is the smallest IPv4 prefix that most providers will accept. Anything smaller runs the risk of mixed degrees of acceptance. As long as the /64 is part of a larger parent block, there shouldn't be any total loss of connectivity, however the routing to one of those /64 sites could be sub-optimal. Advertising /64s into the global routing table is bad mojo. jms
Re: Any advantage of announcing IPv6/64s Or purely misconfiguration?
On Mon, 9 Jul 2012, Anurag Bhatia wrote: I was just looking around and say a major Indian provider Sify (AS9583) is announcing /64s via BGP along with main /32 which is their allocation from APNIC. inet6num: 2001:0E48::/32 I only see 2001:e48::/32 in my view of the v6 routing table. If any of my upstream providers don't drop anything smaller than a /48, I do... jms
Re: FYI Netflix is down
On Sun, Jul 8, 2012 at 8:27 PM, steve pirk [egrep] st...@pirk.com wrote: I am pretty sure Netflix and others were trying to do it right, as they all had graceful fail-over to a secondary AWS zone defined. It looks to me like Amazon uses DNS round-robin to load balance the zones, because they mention returning a list of addresses for DNS queries, and explains the failure of the services to shunt over to other zones in their postmortem. There are also bugs from the Netflix side uncovered by the AWS outage: Lessons Netflix Learned from the AWS Storm http://techblog.netflix.com/2012/07/lessons-netflix-learned-from-aws-storm.html For an infrastructure this large, no matter you are running your own datacenter or using the cloud, it is certain that the code is not bug free. And another thing is, if everything is too automated, then failure in one component can trigger bugs in areas that no one has ever thought of... Rayson == Open Grid Scheduler - The Official Open Source Grid Engine http://gridscheduler.sourceforge.net/ Elastic Load Balancers (ELBs) allow web traffic directed at a single IP address to be spread across many EC2 instances. They are a tool for high availability as traffic to a single end-point can be handled by many redundant servers. ELBs live in individual Availability Zones and front EC2 instances in those same zones or in other Availability Zones. ELBs can also be deployed in multiple Availability Zones. In this configuration, each Availability Zone’s end-point will have a separate IP address. A single Domain Name will point to all of the end-points’ IP addresses. When a client, such as a web browser, queries DNS with a Domain Name, it receives the IP address (“A”) records of all of the ELBs in random order. While some clients only process a single IP address, many (such as newer versions of web-browsers) will retry the subsequent IP addresses if they fail to connect to the first. A large number of non-browser clients only operate with a single IP address. During the disruption this past Friday night, the control plane (which encompasses calls to add a new ELB, scale an ELB, add EC2 instances to an ELB, and remove traffic from ELBs) began performing traffic shifts to account for the loss of load balancers in the affected Availability Zone. As the power and systems returned, a large number of ELBs came up in a state which triggered a bug we hadn’t seen before. The bug caused the ELB control plane to attempt to scale these ELBs to larger ELB instance sizes. This resulted in a sudden flood of requests which began to backlog the control plane. At the same time, customers began launching new EC2 instances to replace capacity lost in the impacted Availability Zone, requesting the instances be added to existing load balancers in the other zones. These requests further increased the ELB control plane backlog. Because the ELB control plane currently manages requests for the US East-1 Region through a shared queue, it fell increasingly behind in processing these requests; and pretty soon, these requests started taking a very long time to complete. http://aws.amazon.com/message/67457/ *In reality, though, Amazon data centers have outages all the time. In fact, Amazon tells its customers to plan for this to happen, and to be ready to roll over to a new data center whenever there’s an outage.* *That’s what was supposed to happen at Netflix Friday night. But it didn’t work out that way. According to Twitter messages from Netflix Director of Cloud Architecture Adrian Cockcroft and Instagram Engineer Rick Branson, it looks like an Amazon Elastic Load Balancing service, designed to spread Netflix’s processing loads across data centers, failed during the outage. Without that ELB service working properly, the Netflix and Pintrest services hosted by Amazon crashed.* http://www.wired.com/wiredenterprise/2012/06/real-clouds-crush-amazon/ I am a big believer in using hardware to load balance data centers, and not leave it up to software in the data center which might fail. Speaking of services like RightScale, Google announced Compute Engine at Google I/O this year. BuildFax was an early Adopter, and they gave it great reviews... http://www.youtube.com/watch?v=LCjSJ778tGU It looks like Google has entered into the VPS market. 'bout time... ;-] http://cloud.google.com/products/compute-engine.html --steve pirk
Re: job screening question
On Fri, Jul 06, 2012 at 09:36:47PM -0400, William Herrin wrote: On Fri, Jul 6, 2012 at 9:22 PM, Steven Noble sno...@sonn.com wrote: I have talked to companies who have job openings many months old for people who absolutely exist in the silicon valley. The hiring company just thinks the people who apply are over or under qualified. I thought someone was overqualified once. My decision was overridden. I turned out to be very glad it was. He didn't fit the role I thought I needed but I was able to turn him loose with minimal supervision. And I was able to go on vacation. :) That was so much more valuable. I've seen people turned away for being overqualified, when I would have hired them in a heartbeat. The HR types seem unable to comprehend that overqualified is not a bad thing, especially in the current economic climate, and that it includes qualified. Being able to bring someone in and then take vacation time without having to worry about things going casters-up is very valuable indeed. Now I know: tell the candidate about the work, all the work not just the job you thought you would hire for, and let him tell you whether any of it is beneath him. As long as you get all the skills you need on the team you can juggle the tasking. Unless you have a policy that Slot A only does Slot A work stuffed up some orifice. I've been there, and it is both stultifying and limiting. -- Mike Andrews, W5EGO mi...@mikea.ath.cx Tired old sysadmin
Re: job screening question
On 12-07-09 12:57 PM, Mike Andrews wrote: Unless you have a policy that Slot A only does Slot A work stuffed up some orifice. I've been there, and it is both stultifying and limiting. Further to the above wisdom, if you truly care about your work it will either drive you crazy as you force yourself to fix things that aren't your problem, or as you start to force yourself not to care about someone else's crappy work. -- Looking for (employment|contract) work in the Internet industry, preferrably working remotely. Building / Supporting the net since 2400 baud was the hot thing. Ask for a resume! ispbuil...@gmail.com
Re: FYI Netflix is down
On Mon, Jul 9, 2012 at 15:50 UTC, Rayson Ho wrote: There are also bugs from the Netflix side uncovered by the AWS outage: Lessons Netflix Learned from the AWS Storm http://techblog.netflix.com/2012/07/lessons-netflix-learned-from-aws-storm.html We continue to investigate why these connections were timing out during connect, rather than quickly determining that there was no route to the unavailable hosts and failing quickly. potential translation: We continue to shoot ourselves in the foot by filtering all ICMP without understanding the implications. Cheers, Dave Hart
Carrier assistance
Could anyone from Qwest/CenturyLink, TW Telecom, or XO with the ability to assist with some null routing please drop me a line off-list? Got a customer getting attacked in one of my sites and our calls are languishing in hold queues. Thanks in advance, - Darrell
Re: Any advantage of announcing IPv6/64s Or purely misconfiguration?
He caught a glimpse of himself in Jen’s mirror and straightened up proudly. His gargantuan, smooth ballsack hung heavy between his legs to his knees, pushing his thighs apart due to its incredible size. His thirty inch long cock bobbed up and down as he straighened up, standing up fully erect despite its monumental dimensions. His slender frame was dwarfed by his mammoth package. Chris’s swollen cock was thicker than his arm, and looked to be almost as thick as his thigh. Oh, yeah. That’s what a real man looks like. Nobody else has a cock half as nice as this one. Chris continued to stroke himself as he turned to admire himself in the mirror, watching his gargantuan rod bob up and down hypnotically. Chris experimentally thrust his hips back and forth and was rewarded with the consuming sensation of forty five pounds of hot cock and balls bouncing and flopping between his legs. Ohhh, that feels great! No wonder the girls can’t resist me. Look at all this meat. I’m surprised that Terry and Greg can keep their hands off this beautiful dick. James can’t keep his hands or mouth off my prick, and he hates gays. I must drive Greg crazy. Chis watched his thick, stiff prick slowly bob as he pumped his hips again and again, letting his immense nutsack shift between his legs. Chris reveled in the feeling of his huge, heavy ballsack sliding over the skin of his thighs He reached down and cupped his immense, bloated balls. He slowly lifted them up, feeling their mass in his arms, and letting their upper curves lift his gargantuan slab of meat. Oh, yeah. Nice and full. Tasha’s right. I do like to keep my balls nice and full. Chris bobbed his nuts up and down, admiring himself in the mirror. Why not? Bigger is better, right? Like Jen said, too big is best. Chis was mesmerized by the sight of his gargantuan genitals, looking so oversized on his small frame. Time to give this fantastic dick a little TLC. Chris confidently leaned forward to grab a bottle of Astroglide from Jen’s bedside table. “Argh!” Chris’s erection, longer than his reach, slammed into the table. Oh, baby! Daddy’s sorry! Chris wrapped his arms around his shaft and hugged it tightly, caressing it with his fingers as he winced. The motion brought his thick, warm shaft to his face as he did so, and without thinking, he leaned forward and kissed it several times. I’m so sorry, gorgeous. I never want to hurt you. Chris continued to kiss his fat salami, moving from quick pecks with closed lips to open-mouthed kisses. Is my baby okay? Can I make it feel better? Chris continued to plant sloppy, wet kisses all over his veiny, throbbing rod. His wet lips wandered over all the hot flesh he could reach. Finally, Chris opened his mouth wide and gave his glans a long, lingering lick. Mm. Daddy will make it all better. M-hm. What am I doing? Chris pulled his head back from his dick, with an unexpected reluctance. I’m not gay. Why am I licking my own dick? Chris sat down on the bed and looked at his own mammoth erection. Only gay guys want to suck dick, right? The urges from his huge, throbbing prick were too strong to resist completely. Chris squirted lube all over his right hand and rubbed his hands together, then grasped his thick, veiny shaft and began to stroke slowly. That’s better. It’s not gay to love jerking off. All guys jerk off. I just love it more because my cock is so big and thick. Chris stared at his monster dong with admiration. So much bigger than anyone else . He continued to stroke his shaft with delight, the huge amount of lube squelching as he spread it all over his dick. I like it when Jen licks me. It feels s good. I like it when Kimber and Tasha lick me. They both do it so nice. I like it when the girls lick my cock. Chris reached down and clenched his thick shaft at the base. He slid his hands up the length of his pole as he laid back on the bed. When he couldn’t reach any higher, he reversed direction and began to stroke downward towards his overstuffed balls. I’m too big to even reach my cockhead this way. It’s so great to be too big . Chris massaged his swollen, churning nuts. It felt pretty good even when James sucked my dick. I wasn’t looking for a guy to suck me off, but that felt pretty good, too. He was crazy for it, just like the girls. Anybody would be crazy for this cock. Chris started another slow, leisurely stroke up his cock, but this time he pulled his huge, thick prick close to his body, bringing his gigantic, broad cockhead close to his face. This way I can stroke it all the way to the head. His massive prick felt so heavy and hot on his torso. I like having my cock sucked . Chris’s gargantuan dick was now throbbing less than an inch away from his face. I love having my cock sucked. He began to stroke it steadily, faster and faster, keeping it held close to his body, and his face. My cock loves to be sucked. He crossed his legs in a loose
Re: Carrier assistance
Diane spent a few more seconds over by the dresser before turning back around, condom in hand and already unwrapped. Here we go, she grinned, slipping the condom over the throbbing mushroom-head of Terry's cock and sliding it down. The condom was lubricated inside as well as out, and the lube felt warm on his shaft. He felt a renewed surge of hardness. Diane dropped her pants and panties and positioned herself above him. She lowered her pussy down on top of Terry's beer bottle thick erection. God, what a massive clit! It makes Crissy's look small. Thought Terry. Diane's clitoris had swelled to the size of the end of her thumb, it gleamed wetly as it slid down the length of his python. Inch by inch, his impossible dick disappeared inside her. Diane grunted. This was almost more than she'd bargained for... Still, nothing she couldn't handle. She took some deep breaths and continued to ease herself down until she was sung against his balls. Terry could only stare in disbelief. Her pussy was warm and tight. It felt amazing. His dick tingled with excitement as she began to piston herself up and down, rising and falling on his monstrous member. Terry surrendered to the pleasure and grabbed Diane around her ass. She moaned with delight. That tingling was stronger now. It felt amazing. It felt... familiar. Oh shit! Diane, what did you do? he grunted. She thrust harder. Hm? she pretended not to hear. Did you put enlargement cream in the condom? his voice rose, tinged with panic. Maybe just one pump, she grinned mischievously To make things interesting. No! Terry bucked. Diane whooped with delight. He tried to wrestle her off of him, but she was too heavy. She pressed her boobs into his face, almost smothering him. He continued to thrash, but she gripped him tight and he couldn't escape. Diane, I don't want to get any bigger, I can't! Terry's cries were muffled by her gargantuan melons. Stop being a bitch! she laughed, riding him like a mechanical bull. Terry tired to pull out. Maybe if he got the condom off fast enough, he'd only grow a little... Nothing doing. Diane clenched her kegel muscles and his dick was suddenly stuck in a steel trap. He put all his strength behind it, but he couldn't get it to budge an inch. How the fuck was she so strong? Did I ever tell you about the year I spent abroad in Thailand? she grinned I learned some pussy techniques that would make you weep. Terry believed it. If she squeezed his dick any harder, he was sure it would pop. There's no reason we can't both enjoy this. I know I am, ahh! she squealed as an orgasm surged through her body. Diane, you're crazy! he bucked again, sending another orgasm boiling through Diane's bottomed-out pussy. Oh geez! she exclaimed. The first surge of growth pulsed through Terry's cock. There was no stopping it now. She felt it start to thicken and lengthen inside her. She had to lower herself down some more until once again her swollen clit was flush with his crotch. Terry bucked again and Diane rode the wave. There was nothing he could do anymore but finish off as quickly as he could. He began to thrust. Quick, angry bursts, sliding in and out of her faster and faster. Diane moaned with delight. I've never had a dick this big, never ever ever! she yelled Terry, you're the god of cock, you know that? Terry wasn't listening. He threw every ounce of energy he had into making himself come as quickly as possible. Unfortunately, his engorged dick had other ideas. He had too much stamina now to be a minuteman. He saw more and more of his shaft protrude from the bottom of Diane's swollen pussy, he could feel her tighten around him as his girth swelled. Veins at the base throbbed as blood rushed into his rapidly growing member. Diane was in heaven. She didn't even care that the sex was starting to hurt. It was about time a cock hurt her. She hadn't felt this way since eleventh grade! More, more, more! Keep growing for me, baby! she yelled. She came again, the force of orgasm was like getting hit by a dump truck. He kept growing. After what felt like an eternity of shouting and sweating and moaning, Diane's pussy was unbearably tight. He thought he would pass out. Finally he came. He felt the shock wave of it travel up his cock. Diane felt it, too, like a small explosion inside her. The feeling gave her another orgasm and she was lost again in a sea of pleasure. Get off, get off! he yelled at her. Oh, I got off alright, she mumbled, dazed. Terry finally managed to extricate himself, drawing his dick out of her as quickly as he could. No matter how much he slid out of her, more seemed to follow. The flared mushroom tip of his cock caught at the opening of her pussy and he had to give it a little tug to pop it out. The skin of the condom was streaked with a thin film of blood. Terry wasn't surprised. The monster he pulled out of her had to be at least as long and thick as his
Re: Carrier assistance
What's with the porn lately? On 7/9/2012 3:13 PM, NIG NOG wrote: Diane spent a few more seconds over by the dresser before turning back around, condom in hand and already unwrapped.
Re: Carrier assistance
What's with the porn lately? On 7/9/2012 3:13 PM, NIG NOG wrote: Diane spent a few more seconds over by the dresser before turning back around, condom in hand and already unwrapped. Probably someone trying to bring attention to the abuse problems Y! has lately. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: Carrier assistance
can we please ban his email from the list? On Mon, Jul 9, 2012 at 3:27 PM, Joe Greco jgr...@ns.sol.net wrote: What's with the porn lately? On 7/9/2012 3:13 PM, NIG NOG wrote: Diane spent a few more seconds over by the dresser before turning back around, condom in hand and already unwrapped. Probably someone trying to bring attention to the abuse problems Y! has lately. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: arin ipv6 whois working for you?
works for me suresh@frodo 16:59:51 :~$ whois -h 2001:500:13::46 204.74.68.40 # # Query terms are ambiguous. The query is assumed to be: # n 204.74.68.40 # # Use ? to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=204.74.68.40?showDetails=trueshowARIN=falseext=netref2 # On Tue, Jul 10, 2012 at 5:18 AM, David Hubbard dhubb...@dino.hostasaurus.com wrote: I want to make sure it's not just me but I'm not seeing a bgp route from my upstreams to networks with the addresses they're advertising: ;; ANSWER SECTION: whois.arin.net. 274 IN 2001:500:13::48 whois.arin.net. 274 IN 2001:500:13::46 whois.arin.net. 274 IN 2001:500:13::47 -- Suresh Ramasubramanian (ops.li...@gmail.com)
RE: arin ipv6 whois working for you?
Sorry, dumb internal route filter issue; problem resolved. :-) David -Original Message- From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com] Sent: Monday, July 09, 2012 8:01 PM To: David Hubbard Cc: nanog@nanog.org Subject: Re: arin ipv6 whois working for you? works for me suresh@frodo 16:59:51 :~$ whois -h 2001:500:13::46 204.74.68.40 # # Query terms are ambiguous. The query is assumed to be: # n 204.74.68.40 # # Use ? to get help. # # # The following results may also be obtained via: # http://whois.arin.net/rest/nets;q=204.74.68.40?showDetails=tru eshowARIN=falseext=netref2 # On Tue, Jul 10, 2012 at 5:18 AM, David Hubbard dhubb...@dino.hostasaurus.com wrote: I want to make sure it's not just me but I'm not seeing a bgp route from my upstreams to networks with the addresses they're advertising: ;; ANSWER SECTION: whois.arin.net. 274 IN 2001:500:13::48 whois.arin.net. 274 IN 2001:500:13::46 whois.arin.net. 274 IN 2001:500:13::47 -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: arin ipv6 whois working for you?
I see routes there just fine and can reach the servers from Hurricane Electric (AS6939) and from home (AS1734). Owen On Jul 9, 2012, at 4:48 PM, David Hubbard wrote: I want to make sure it's not just me but I'm not seeing a bgp route from my upstreams to networks with the addresses they're advertising: ;; ANSWER SECTION: whois.arin.net. 274 IN 2001:500:13::48 whois.arin.net. 274 IN 2001:500:13::46 whois.arin.net. 274 IN 2001:500:13::47 Thanks, Dave
U.S. spy agencies ... email for cybersecurity
Somebody needs to give them a clue-by-four. The private sector already has the Internet address where an email ... originated; it's already in the Received lines. We don't need to be informed about it, we already inform each other about it. And it's already delivered at network speed. It is my understanding the Dept of Homeland Security already cooperates in sharing government intrusion information. We certainly don't need a U.S. spy agency MITM to protect the private sector. Moreover, the US is the source of most spam and malware, so the NSA isn't really going to be much help. And the US is the source of the only known cyber attacks on other country's infrastructure, so it's not likely much help there, either. Unless they expect retaliation? === http://in.reuters.com/article/2012/07/10/net-us-usa-security-cyber-idINBRE86901620120710 U.S. spy agencies say won't read Americans' email for cybersecurity 8:48pm EDT By Tabassum Zakaria and David Alexander WASHINGTON (Reuters) - The head of the U.S. spy agency that eavesdrops on electronic communications overseas sought on Monday to reassure Americans that the National Security Agency would not read their personal email if a new cybersecurity law was enacted to allow private companies to share information with the government. ... But to help protect the private sector, he said it was important that the intelligence agency be able to inform them about the type of malicious software and other cyber intrusions it is seeing and hear from companies about what they see breaching the protective measures on their computer networks. It doesn't require the government to read their mail or your mail to do that. It requires them, the Internet service provider or that company, to tell us that that type of event is going on at this time. And it has to be at network speed if you're going to stop it, Alexander said. He said the information the government was seeking was the Internet address where an email containing malicious software originated and where it traveled to, not the content of the email. ... But the U.S. government is also concerned about the possibility of a cyber attack from adversaries on critical infrastructure such as the power grid or transportation systems.
Re: U.S. spy agencies ... email for cybersecurity
I think what Gen.Alexander said and what the reporter missed out is that they're interested in malware traffic flows, bot CCs etc, rather than smtp received headers He said the information the government was seeking was the Internet address where an email containing malicious software originated and where it traveled to, not the content of the email. --srs On Tue, Jul 10, 2012 at 7:16 AM, William Allen Simpson william.allen.simp...@gmail.com wrote: Somebody needs to give them a clue-by-four. The private sector already has the Internet address where an email ... originated; it's already in the Received lines. We don't need to be informed about it, we already inform each other about it. -- Suresh Ramasubramanian (ops.li...@gmail.com)
Re: U.S. spy agencies ... email for cybersecurity
(note, people ought to: 1) think about this on their own making up their own minds, 2) understand that the press has some very weird ideas, 3) take some better protections on their own, for their own security) also, I'm not judging the OP nor the reporter nor the ideas espoused in the article/clips... On Mon, Jul 9, 2012 at 9:46 PM, William Allen Simpson william.allen.simp...@gmail.com wrote: Somebody needs to give them a clue-by-four. The private sector people keep trying, sometimes it's helped. sometimes reporters need to sell stories :( already has the Internet address where an email ... originated; it's not just email they care about :( (you knew that I think) it's already in the Received lines. We don't need to be informed about it, we already inform each other about it. one interesting idea, that has proven out some merit over the years is the ability to share 'incident' data across entry points (say across companies, or gov'ts even) about 'bad things' that are happening. Take the case of 'spam came in from this end system to my mailserver', if I tell you that (or some central system that which you can query) you'll learn that maybe the inbound connection to you is also spam-rich. And it's already delivered at network speed. the article sort of reads like the above scenario though... maybe it's NOT that, maybe it's something else entirely... it SEEMS that the gov't wants to help. They may be able to, they may just foul things up. The reporter certainly didn't leave enough details in place to tell :( It is my understanding the Dept of Homeland Security already cooperates in sharing government intrusion information. We certainly don't need a U.S. spy agency MITM to protect the private sector. http://en.wikipedia.org/wiki/Einstein_%28US-CERT_program%29 you may mean? could be... the wikipedias are sometimes wrong, or so says the teacher of my 7yr old. Moreover, the US is the source of most spam and malware, so the NSA isn't really going to be much help. And the US is the source of the but hosts in the US that are botted/spamming, also spam/bot other things outside the US, right? so really who cares where the src is, get some data collection points up and use that data to inform your security policy, no? (sure, you'll have to have some smarts, and some smart people, and be cautious... but you'd do that anyway, right? :) ) These folks have some awesome tech for that sort of data collection and analysis: http://en.wikipedia.org/wiki/SHERIFF it's a shame that their parent company can't find a way to monetize that sort of thing. (the article there talks about some older version of the system, which is still alive/well today doing fraud detection and was doing some IDS/anomaly-detection-like work as well for ip network things) only known cyber attacks on other country's infrastructure, so it's not likely much help there, either. Unless they expect retaliation? === http://in.reuters.com/article/2012/07/10/net-us-usa-security-cyber-idINBRE86901620120710 U.S. spy agencies say won't read Americans' email for cybersecurity 8:48pm EDT By Tabassum Zakaria and David Alexander WASHINGTON (Reuters) - The head of the U.S. spy agency that eavesdrops on electronic communications overseas sought on Monday to reassure Americans that the National Security Agency would not read their personal email if a new cybersecurity law was enacted to allow private companies to share information with the government. ... But to help protect the private sector, he said it was important that the intelligence agency be able to inform them about the type of malicious translated: Hey, what if we could tell our private sector partners (Lockheed-Martin, for instance) that they should be on the lookout for things like X, or traffic destined to Y, or people sending all their DNS queries to these 5 netblocks. (dcwg.org sorta crap) that doesn't sound 'bad', it sounds like there is a gap in the business world to wrap all this data up and sell access to it... but the gov't can jump in with their mountains of data from their 'einstein' or whatever and go to town protecting their 'partners' who have often close interactions with the gov't, right? software and other cyber intrusions it is seeing and hear from companies about what they see breaching the protective measures on their computer networks. adding to the above: What if we had an API such that you could feed your collected alarm/alert/badness data to us as well? and we could feed that back into our system, protect ourselves AND send it back out to the other partners? again, that's not that bad, really it sounds pretty cool... only if MCI could have found a way to productize and monetize that... which we built for them too :( but I digress. It doesn't require the government to read their mail or your mail to do that. It requires them, the Internet service provider or that company, to tell us that that type of event is going on at
Re: U.S. spy agencies ... email for cybersecurity
One thing that GEN Alexander has is a clue. He was my Battalion Commander in Germany in the early 90s and he is one of those guys you don't give a second thought to following. Very competent.
Re: job screening question
William Herrin wrote: This is, incidentally, is a detail I'd love for one of the candidates to offer in response to that question. Bonus points if you discuss MSS clamping and RFC 4821. The less precise answer, path MTU discovery breaks, is just fine. I would say that the ability to quickly understand, troubleshoot and find a solution to a problem (and document it) is a far better skill to have than having ready made answers to interview questions learned by heart. It should take a skilled person less than 30 minutes to find the answer to that question and understand it too. The importance of knowing many things by heart has become incredibly moot. Greetings, Jeroen -- Earthquake Magnitude: 4.4 Date: Tuesday, July 10, 2012 04:06:53 UTC Location: Central Alaska Latitude: 63.4533; Longitude: -149.4308 Depth: 110.60 km