Re: Notice: Fradulent RIPE ASNs
Hello, On Tue, Jan 15, 2013 at 7:31 AM, Eugeniu Patrascu eu...@imacandi.net wrote: On Tue, Jan 15, 2013 at 12:49 AM, Ronald F. Guilmette r...@tristatelogic.com wrote: After a careful investigation, I am of the opinion that each of the following 18 ASNs was registered (via RIPE) with fradulent information purporting to represent the identity of the true registrant, and that in fact, all 18 of these ASNs were registered by a single party, apparently as part of a larger scheme to provide IP space to various snowshoe spammers. As this email is regarding actions in Europe by RIPE, you may get a better response from contacts in the RIPE region. I notice that you have been cross posting this message (though not responding on list to replies), for example to the RIPE NCC Anti-Abuse Working Group (http://www.ripe.net/ripe/groups/wg/anti-abuse) - a great place to start. Although you have already been told this elsewhere, your best step after contacting the Romanian CIRT is likely to be following the reporting procedure for the provision of untruthful information to the RIPE NCC at http://www.ripe.net/contact/reporting-procedure, which is a well defined procedure. RIPE NCC will investigate any report submitted though this procedure; there is a flowchart at this web address that clearly explains what will happen. If you ever need to find the contact details for a European CSIRT, the centralised Trusted Introducer is normally the place to start. Their website can be found at https://www.trusted-introducer.org. As this list is the North America Network Operators Group, it's unlikely that much in they way of action by RIPE NCC, Romanian authorities or other relevant authorities within the EU will happen as a result of a post here. I hope this helps get you in touch with the right people to help. Best wishes, Alex
Re: Notice: Fradulent RIPE ASNs
In message calgc3c7n0hy80qlbcq8tzrvguavsvrceneyaykomuuy58p3...@mail.gmail.com, Eugeniu Patrascu eu...@imacandi.net wrote: Jump.ro is a very active LIR and domain registry on the Romanian market and is selling ASNs to whomever is interested... I do see that JUMP.RO is ``very active''. I do not know who they have actually given all of this IP space to. Do you? If so, then by all means, please don't keep us in suspense. Please do share that information. (I have also seen that JUMP.RO has puffed up its own resume, claiming on its home page to have over 12,000 customers. but from where I am sitting, it looks more like a tiny little ISP with only two /24s of its own, and perhaps only a few handfuls of customers, many of whom, it seems, are spammers.) and facilitates allocations of PI netblocks to those who can justify them. JUMP.RO also ``facilitates'' IP block allocations to _themselves_, apparently. It might come as a surprise to you, but in Romania there are a lot of companies (even very small ones) with their own ASN and PI netblocks. Regardless of whether that assertion is true or false, it has no bearing whatsoever on the specific issue and the specific ASNs and the specific IP address blocks that I have reported on here. I will repeat myself, so as to be completely clear. The 18 specific ASNs I reported on, together with their associated IPv4 address blocks, were all registered, via RIPE, with fradulent information. AS16011 (fiberwelders.ro) AS28822 (creativitaterpm.ro) AS48118 (telecomhosting.ro) AS49210 (rom-access.ro) AS50659 (grandnethost.com) AS57131 (speedconnecting.ro) AS57133 (nordhost.ro) AS57135 (fastcable.ro) AS57176 (bucovinanetwork.ro) AS57184 (kaboomhost.ro) AS57415 (highwayinternet.ro) AS57695 (effidata.ro) AS57724 (id-trafic.ro) AS57738 (mclick.ro) AS57786 (hosting-www.ro) AS57837 (romtechinnovation.ro) AS57906 (momy.ro) AS57917 (nature-design.ro) from all those websites it looks like they are all hosting companies. Yes. Indeed. The web sites associated with all of the above domain names have indeed been made to _look_ like they are all legitimate hosting companies. I'm so glad that you noticed. have you tried calling the numbers listed on the WHOIS registrant information on the ASN and you couldn't get to any one ? That is a good idea. Why don't you try it and report back here and let us know your results. Personally, I have much better things to do with my time (and my money) that to waste any of it making pointless long-distance overseas phone calls to pseudo-companies that I am already 100% convinced are simply fradulent and fictitious. But since you yourself seem to be geographically in that area... AND since you probably speak Romanian about 100,000% better than I do, by all means, I encourage you to try to reach some human, i.e. ANY human at any of these (fictitious) places who might be able to disprove the assertions that I have made here, and repeated elsewhere. Good luck. If you really believe that all those ASNs listed by you above are only used to host spammers... Sir, I am not in the habit of risking either my reputation or my legal safety by posting allegations on the NANOG list which I have anything less than the highest confidence in. To do so would be foolish in the extreme, and in multiple dimensions. ...then by all means please contact ale...@cert-ro.eu - that is the Romanian CERT Thank you but no. This is another task that you have tried to assign to me... also of entirely questionable usefulness... that I also personally elect not to waste any of my precious minutes on this earth pursuing. But please, feel free to do yourself the (pointless) tasks that you have attempted to assign to me. Please feel free to contact the Romanian CERT yourself. (If you manage to find anyone within that organization that has ever done _anything_ to materially improve the safety or security of the Internet, then please do send me that person's name so that I can send it on to the Guinness World Records people and let them know that such a person does exist after all.) ...as they are active... Oh yes! I am quite sure they are. As are the particles shown in the simulation on this page: http://en.wikipedia.org/wiki/Brownian_motion Very active indeed! and will investigate the allegations you make. What exactly would be the point of that? They are not Internet Police, and I rather doubt that they have any control over RIPE's allocation processes for number resources. (On the other hand, if I am wrong, and if the people at the Romanian CERT actually *are* the Internet Police, then please do let me know immediately. In that case, I have some vastly more serious matters to discuss with them, specifically the massive fake pharmacy operations that are run out of your country *and* the propensity of the specific crooks behind those oper- ations for stealing and using the credit card numbers of at least hundreds and more probably
Re: Notice: Fradulent RIPE ASNs
In message calklf0-g2ni7tz5touzi9ss_vwxobl7baedubmro1tpcsjd...@mail.gmail.com Alex Brooks askoorb+na...@gmail.com you wrote: I notice that you have been cross posting this message (though not responding on list to replies), for example to the RIPE NCC Anti-Abuse Working Group (http://www.ripe.net/ripe/groups/wg/anti-abuse) I did post (singular) the message there also, and have seen no replies on that list that warrant any type of further follow up from me. Although you have already been told this elsewhere, your best step after contacting the Romanian CIRT I personally have no intention of contacting the Romanian CERT (or CIRT) for reasons I previously elaborated upon. But by all means, please feel free to do so yourself it you think it worthwhile. I have done the hard work to find, flesh out, document, and verify the problem/issue I reported on. I have tried to warn the people who matter, network operators and people in the RIPE area interested in network abuse issues. If other people feel that the message needs to be relayed to yet more parties, then that is up to them to effectuate. I have done all that I plan to do on this. (However I am willing to answer questions put to me, e.g. from people wanting to know the specific facts that led me to my conclusions. That is only fair, after all.) is likely to be following the reporting procedure for the provision of untruthful information to the RIPE NCC at http://www.ripe.net/contact/reporting-procedure, which is a well defined procedure. RIPE NCC will investigate any report submitted though this procedure; there is a flowchart at this web address that clearly explains what will happen. See above. I have done a great deal of work on this already. I leave it to other interested parties to file wharever additional reports they might feel are warranted or appropriate. I may be able to clear tall buildings with a single bound, but I can't do _everything_. (Besides which, why should _I_ have all the fun?) Separately however, I should perhaps also clarify that I have less than zero faith in _any_ process undertaken by _any_ RiR which has as its purported goal the un-doing of fradulent number resource registrations. I was not born yesterday. I have seen such processes in action, and it has been my experience that all such make molasses in January look fast by comparison... when they work at all. Furthermore, RiRs are not the Internet Police. Thus, whenever they find (or, more often, are told about) some number resource which has been registered or used via fraud, deceit, or artifice they have universally self-defined the limits of their own authority to simply taking back what was stolen. Never more. Thus, the most theives risk when they steal or defraud to obtain number resources is that somebody _might_ someday ask them to give what they stole back... and thus it may be easily demonstrated that the RiRs are effectively all castrated eunics with gigantic kick me signs on their backs. (When and if RIPE kicks JUMP.RO entirely off the net as a penalty for its part in these shenanigans... and others that have previously been documented..., then please do let me know and then I may change my mind and start believeing that RiRs are no longer acting like helpless hapless morons each time they have been clearly defrauded.) And of course, some (perhaps all) RiRs are more than happy to have the final remaining bits of IPv4 space defrauded out from under them so that they can press on with the business of selling us all IPv6. It is rather pointless to report something as stolen to an owner who doesn't seriously want it back anyway. But it's a free country. You can do whatever you like. If you ever need to find the contact details for a European CSIRT, Why would I ever need THAT?? Until convinced otherwise, I'm going to continue to view those folks as being more likely to be a part of the problem rather than part of the solution. As this list is the North America Network Operators Group, it's unlikely that much in they way of action by RIPE NCC, Romanian authorities or other relevant authorities within the EU will happen as a result of a post here. I know that. However I am also of the opinion that it is unlikely that much in the way of action by RIPE NCC, Romanian authorities or other relevant authorities within the EU will happen with respect to an issue like this NO MATTER WHAT because all of these organizations are far more adept at explaining why nothing can be done than they are at actually doing anything. By posting here, at least North American network operators can decide on their own to block routes from the relevant ASNs... or not, if they don't feel like it. That's something at least. I'm not an Internet Policeman. I'm not even an Internet Police informant. I'm an investigative journalist. As the old saying goes, if you don't like the news, then go out and make some of your own. I hope this helps get you in touch with the
Re: looking glass for Level 3
http://lg.level3.net/ is online from Baton Rouge, LA. Any official word from Level3? -bb On Wed, Jan 2, 2013 at 9:27 AM, Siegel, David dave.sie...@level3.comwrote: Hi Folks, The site is offline as a result of some security issues that were discovered. As soon as we've got it patched we'll put it back online. Sorry for any inconvenience this may be causing. Dave -Original Message- From: N. Max Pierson [mailto:nmaxpier...@gmail.com] Sent: Friday, December 28, 2012 11:06 AM To: Cameron Daniel Cc: nanog@nanog.org Subject: Re: looking glass for Level 3 Same here. http://lg.level3.net has been down for over a week for me. I know someone in operations I can open a ticket with. On Fri, Dec 28, 2012 at 5:18 AM, Cameron Daniel cdan...@nurve.com.au wrote: I've had issues getting to it for a week or so. Their NOC was unresponsive when queried. On 2012-12-28 8:23 pm, Peter Ehiwe wrote: I normally use the 3rd one you mentioned but they seem to be down at the moment. Rgds Peter, Sent from my Asus Transformer Pad On Dec 28, 2012 1:51 AM, Tassos Chatzithomaoglou ach...@forthnetgroup.gr wrote: Anyone have any looking glass for Level 3? The following seem not to be working http://www.level3.com/**LookingGlass/http://www.level3.com/LookingG lass/ http://lg.level3.net/bgp/bgp.**cgi http://lg.level3.net/bgp/bgp.cgi http://lookingglass.level3.**net/ http://lookingglass.level3.net/ -- Tassos
Re: De-funding the ITU
On 14/01/2013 22:42, Owen DeLong wrote: Those countries that have done so have largely done so because they got lucky with visionary regulators that were motivated more by doing right by the country and its citizens rather than maximizing personal immediate gains. In many cases, this was the result of a higher level official overriding the telecom minister (or equivalent) and opening competition over the objections of said telecom minister (or equiv.). Sorry, but this is nonsense. Even in trying to be pro-ITU, you have admitted that ... This is the problem discussing anything with you: you generate straw men at such a rate that there's just no point responding. Nick
NANOG 57 netops security track
Friends, colleagues, fellow operators, The network security track, formerly known as the ISP security BoF, returns at NANOG 57. One option we're considering is taking a few moments for veterans and newcomers to get up and doing a 2 minute or less security contact personal introduction, akin to the peering personals that have been in done in the peering sessions for years. If you're planning on attending and are willing to stand up and introduce yourself to the group, please contact me offline. In addition, we may have room for one or two more brief discussion topics or lightning talks. If anyone, especially newcomers, have something they'd really like to present, conduct a demonstration of or coordinate a brief discussion about, I'd be grateful for your follow ups. Here is an incomplete list of ideas to help stir your thoughts: * Botnet take downs * BGPSEC and RPKI update or trial deplolyments * DDoS case study * Control plane best practices and templates * DNS RPZ overview and/or experience * Embedded device problems and protections * Government regulatory and compliance issues * Malware analysis * Mobile issues * MPLS and VLAN security issues * Route leak/hijack monitoring and mitigation * VM and cloud security challenges * insert your new cool tool or idea here Note, this track is not streamed nor recorded. John
Issues with level3?
Anyone seeing any issues with level3? We can connect to every other IP in our Class C. When tracerouting to individual IP's, (x.x.x.50/51/52/53) we get a drop at ge-4-16.car2.Washington1.Level3.net [4.59.146.53] for 50, but 51 is fine, drop for 52, 53 is fine. Thanks.
Re: Issues with level3?
On Tue, Jan 15, 2013 at 04:12:12PM +, Network Operations wrote: Anyone seeing any issues with level3? We can connect to every other IP in our Class C. When tracerouting to individual IP's, (x.x.x.50/51/52/53) we get a drop at ge-4-16.car2.Washington1.Level3.net [4.59.146.53] for 50, but 51 is fine, drop for 52, 53 is fine. Sounds like a classic problem with a member of a bundle (like a link-agg or ECMP) breaking. Level3 tends not to do anything in bundles of 2, so you might want to look elsewhere, like with your own connections to them, possibly on the reverse path. Now, please go find a blunt object and hit yourself in the head as punishment for using the words Class C in 2013 in a non-historic or ironic context. Hard. :) -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Issues with level3?
I still call a /24 a class c too.. :/ lol From my Android phone on T-Mobile. The first nationwide 4G network. Original message From: Richard A Steenbergen r...@e-gerbil.net Date: 01/15/2013 9:19 AM (GMT-08:00) To: Network Operations networkoperati...@etsms.com Cc: nanog@nanog.org Subject: Re: Issues with level3? On Tue, Jan 15, 2013 at 04:12:12PM +, Network Operations wrote: Anyone seeing any issues with level3? We can connect to every other IP in our Class C. When tracerouting to individual IP's, (x.x.x.50/51/52/53) we get a drop at ge-4-16.car2.Washington1.Level3.net [4.59.146.53] for 50, but 51 is fine, drop for 52, 53 is fine. Sounds like a classic problem with a member of a bundle (like a link-agg or ECMP) breaking. Level3 tends not to do anything in bundles of 2, so you might want to look elsewhere, like with your own connections to them, possibly on the reverse path. Now, please go find a blunt object and hit yourself in the head as punishment for using the words Class C in 2013 in a non-historic or ironic context. Hard. :) -- Richard A Steenbergen r...@e-gerbil.net http://www.e-gerbil.net/ras GPG Key ID: 0xF8B12CBC (7535 7F59 8204 ED1F CC1C 53AF 4C41 5ECA F8B1 2CBC)
Re: Issues with level3?
On Tue, 2013-01-15 at 17:23 +, Warren Bailey wrote: I still call a /24 a class c too.. :/ lol More efficient that way - class c uses fewer syllables than slash twenty four :-) -- Bruce H. McIntoshb...@ufl.edu Senior Network Engineer http://net-services.ufl.edu University of Florida CNS/Network Services 352-273-1066
Re: Issues with level3?
On 01/15/2013 11:12 AM, Network Operations wrote: Anyone seeing any issues with level3? We can connect to every other IP in our Class C. When tracerouting to individual IP's, (x.x.x.50/51/52/53) we get a drop at ge-4-16.car2.Washington1.Level3.net [4.59.146.53] for 50, but 51 is fine, drop for 52, 53 is fine. Thanks. It is not just you. We are seeing issue with that Level3 router/site as well. I would report it to Level3, but I don't see any need to add to my already extensive collection of one line Level3 support responses saying All is well. Nothing to see here. All is well. My guess would be that your up/down for individual IPs is a result of your testing methodology. That Level3 router/site appears to be dropping some packets to all IPs that I tested before dropping my conn there. Our response to the nearly constant Level3 issues of the past 12/18 months has been terminate them. The washington1.level3 site was unfortunately the last on my list of DCs. -- -__ David Miller dmil...@tiggee.com
Re: Issues with level3?
I tend to enjoy being rebellious... Lol From my Android phone on T-Mobile. The first nationwide 4G network. Original message From: Bruce H McIntosh b...@ufl.edu Date: 01/15/2013 9:32 AM (GMT-08:00) To: nanog@nanog.org Subject: Re: Issues with level3? On Tue, 2013-01-15 at 17:23 +, Warren Bailey wrote: I still call a /24 a class c too.. :/ lol More efficient that way - class c uses fewer syllables than slash twenty four :-) -- Bruce H. McIntoshb...@ufl.edu Senior Network Engineer http://net-services.ufl.edu University of Florida CNS/Network Services 352-273-1066
Re: Issues with level3?
On 1/15/13 9:31 AM, Bruce H McIntosh wrote: On Tue, 2013-01-15 at 17:23 +, Warren Bailey wrote: I still call a /24 a class c too.. :/ lol More efficient that way - class c uses fewer syllables than slash twenty four :-) You realize that class-c address space was only found within 192/8 e.g. if you print it in hex, C000. so not only is it historically irrelevant but you're using it wrong anyway.
Re: Issues with level3?
On Tue, Jan 15, 2013 at 12:52 PM, joel jaeggli joe...@bogus.com wrote: On 1/15/13 9:31 AM, Bruce H McIntosh wrote: On Tue, 2013-01-15 at 17:23 +, Warren Bailey wrote: I still call a /24 a class c too.. :/ lol More efficient that way - class c uses fewer syllables than slash twenty four :-) You realize that class-c address space was only found within 192/8 e.g. if you print it in hex, C000. so not only is it historically irrelevant but you're using it wrong anyway. i only call class-c's class-c's when they come from the space GE uses.
Re: Issues with level3?
- Original Message - On 1/15/13 9:31 AM, Bruce H McIntosh wrote: On Tue, 2013-01-15 at 17:23 +, Warren Bailey wrote: I still call a /24 a class c too.. :/ lol More efficient that way - class c uses fewer syllables than slash twenty four :-) You realize that class-c address space was only found within 192/8 e.g. if you print it in hex, C000. so not only is it historically irrelevant but you're using it wrong anyway. But, class B is not B000 and A is not A000, so is that actually true, or just a coincidence? Class C was actually 192.0.0.0-223.255.255.255 (192.0.0.0/3) -Randy
Re: Issues with level3?
On Tue, 2013-01-15 at 17:23 +, Warren Bailey wrote: I still call a /24 a class c too.. :/ lol More efficient that way - class c uses fewer syllables than slash twenty four :-) Not to mention that it's classier. ... JG -- Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again. - Direct Marketing Ass'n position on e-mail spam(CNN) With 24 million small businesses in the US alone, that's way too many apples.
Re: Issues with level3?
Randy beat me.. :/ Class C 192. 0. 0. 0 = 1100... 223.255.255.255 = 1101... 110n... On 1/15/13 10:04 AM, Randy Carpenter rcar...@network1.net wrote: - Original Message - On 1/15/13 9:31 AM, Bruce H McIntosh wrote: On Tue, 2013-01-15 at 17:23 +, Warren Bailey wrote: I still call a /24 a class c too.. :/ lol More efficient that way - class c uses fewer syllables than slash twenty four :-) You realize that class-c address space was only found within 192/8 e.g. if you print it in hex, C000. so not only is it historically irrelevant but you're using it wrong anyway. But, class B is not B000 and A is not A000, so is that actually true, or just a coincidence? Class C was actually 192.0.0.0-223.255.255.255 (192.0.0.0/3) -Randy
Re: Issues with level3?
On 1/15/13 10:04 AM, Randy Carpenter wrote: - Original Message - On 1/15/13 9:31 AM, Bruce H McIntosh wrote: On Tue, 2013-01-15 at 17:23 +, Warren Bailey wrote: I still call a /24 a class c too.. :/ lol More efficient that way - class c uses fewer syllables than slash twenty four :-) You realize that class-c address space was only found within 192/8 e.g. if you print it in hex, C000. so not only is it historically irrelevant but you're using it wrong anyway. But, class B is not B000 and A is not A000, so is that actually true, or just a coincidence? yeah /3 not /8 class-a is the first half of the address space class-b is the next 1/4 ... Class C was actually 192.0.0.0-223.255.255.255 (192.0.0.0/3) -Randy
Register Now for ARIN Public Policy Consultation @ NANOG 57
NANOGers - If you are going to be at NANOG 57 in Orlando, then please note that ARIN will be holding a Public Policy Consultation (PPC) there regarding several number resource policy proposals and you are very much encouraged to participate and make your views on these proposals known. Your NANOG 57 registration includes attending the ARIN Public Policy Consultation onsite if you so desire to do so. As ARIN's Public Policy Consultations are open to all, it is also possible to attend _just_ the PPC without charge, either in person or remotely. One needs to register separately to just participate in the public policy consultation, and this registration does not provide you entry to any other NANOG programming or social events. This is not likely to be relevant to many folks on this list (since I'll be seeing most of you onsite at NANOG 57!) but if you are going to be remotely watching NANOG 57, please take note and register for the ARIN PPC if you intend on participating in that session (and details are available in the attached announcement.) I'd like to take a moment to thank NANOG's Executive Director Betty Burke and the NANOG Planning Committee for making possible the ARIN Public Policy Consultation @ NANOG 57! Thanks! /John John Curran President and CEO ARIN Begin forwarded message: From: ARIN i...@arin.netmailto:i...@arin.net Subject: [arin-ppml] Register Now for ARIN Public Policy Consultation @ NANOG 57 Date: January 15, 2013 5:17:30 AM HST To: arin-p...@arin.netmailto:arin-p...@arin.net Registration is now open for ARIN's first Public Policy Consultation (PPC), which will be held during NANOG 57 in Orlando, FL on 5 February 2013 at the Renaissance Orlando at Seaworld. The PPC is part of ARIN's new Policy Development Process, and it is an open public discussion of Internet number resource policy. Registered NANOG 57 attendees do not need to register to participate in this session. ARIN welcomes members of the NANOG community who will not be in Orlando to register as remote participants. If you plan to attend and are not registered for NANOG you must register for the PPC at the URL below. There is no registration fee for this 90-minute session, and it does not provide you entry to any other NANOG programming or social events. Learn more at https://www.arin.net/ppc_nanog57/index.html. Current policy proposals up for discussion at this meeting are: * ARIN-2012-2: IPv6 Subsequent Allocations Utilization Requirement - https://www.arin.net/policy/proposals/2012_2.html * ARIN-prop-182 Update Residential Customer Definition to not exclude wireless as Residential Service - http://lists.arin.net/pipermail/arin-ppml/2012-October/026116.html * ARIN-prop-183 Section 8.4 Transfer enhancement- http://lists.arin.net/pipermail/arin-ppml/2012-October/026203.html The PPC will also include a Policy Experience Report and Open Microphone. ARIN will offer a webcast, live transcript, and Jabber chat options for remote participants. Registered remote participants can submit comments and questions to the discussions during the meeting. Register to attend in person or remotely today! Visit https://www.arin.net/app/meeting/registration/. Regards, Communications and Member Services American Registry for Internet Numbers (ARIN)
RE: Issues with level3?
Hi David, I'm sorry you've had so many poor experiences with Level 3 recently, but I assure you that we have acknowledged the problem and are actively working on it at present. Of general operations interest, I just saw an event notification that matches the description of the problem and our NOC, engineering team and vendor are working together to solve the problem. If you are a customer and believe you are impacted, you can reference event case ID: 6237890 as potentially being the related case. Dave -Original Message- From: David Miller [mailto:dmil...@tiggee.com] Sent: Tuesday, January 15, 2013 10:38 AM To: nanog@nanog.org Cc: networkoperati...@etsms.com Subject: Re: Issues with level3? On 01/15/2013 11:12 AM, Network Operations wrote: Anyone seeing any issues with level3? We can connect to every other IP in our Class C. When tracerouting to individual IP's, (x.x.x.50/51/52/53) we get a drop at ge-4-16.car2.Washington1.Level3.net [4.59.146.53] for 50, but 51 is fine, drop for 52, 53 is fine. Thanks. It is not just you. We are seeing issue with that Level3 router/site as well. I would report it to Level3, but I don't see any need to add to my already extensive collection of one line Level3 support responses saying All is well. Nothing to see here. All is well. My guess would be that your up/down for individual IPs is a result of your testing methodology. That Level3 router/site appears to be dropping some packets to all IPs that I tested before dropping my conn there. Our response to the nearly constant Level3 issues of the past 12/18 months has been terminate them. The washington1.level3 site was unfortunately the last on my list of DCs. -- -__ David Miller dmil...@tiggee.com
Re: State of the RING 2012
On Fri, 28 Dec 2012 12:04:59 +0100 Job Snijders job.snijd...@atrato-ip.com wrote: We also started talks with other debugging projects such as RIPE Atlas to explore if cooperation and exchange of information can further such projects. A software-version of the atlas probe would be nice. But I guess many RING-members already have probes in their networks running?! -- Dan Lüdtke www.danrl.de
Re: Issues with level3?
joel jaeggli wrote: On 1/15/13 9:31 AM, Bruce H McIntosh wrote: On Tue, 2013-01-15 at 17:23 +, Warren Bailey wrote: I still call a /24 a class c too.. :/ lol More efficient that way - class c uses fewer syllables than slash twenty four :-) You realize that class-c address space was only found within 192/8 e.g. if you print it in hex, C000. so not only is it historically irrelevant but you're using it wrong anyway. I only ever say class-c sized. And only when trying to communicate with the slash-whats. Joe
Re: Issues with level3?
On Tue, 15 Jan 2013 14:52:24 -0500, Joe Maimon said: I only ever say class-c sized. And only when trying to communicate with the slash-whats. Your mistake there is trying to communicate with people who have been in networking long enough to understand class-c, but *still* haven't educated themselves out of the slash-what stage. Such people deserve to be shunned. pgpL2ksjd88sg.pgp Description: PGP signature
Re: Issues with level3?
--- original message -- I still call a /24 a class c too.. :/ lol --- I'm having trouble rectifying the top part of your email: b...@ufl.edu wrote: More efficient that way - class c uses fewer syllables than slash twenty four :-) - with the bottom part of your email: -- Senior Network Engineer - University of Florida CNS/Network Services -
Re: Notice: Fradulent RIPE ASNs
Hi, is likely to be following the reporting procedure for the provision of untruthful information to the RIPE NCC at http://www.ripe.net/contact/reporting-procedure, which is a well defined procedure. RIPE NCC will investigate any report submitted though this procedure; there is a flowchart at this web address that clearly explains what will happen. See above. I have done a great deal of work on this already. I leave it to other interested parties to file wharever additional reports they might feel are warranted or appropriate. Sorry, but you post this information on public mailing lists where it can be discussed but where no action can be taken, and then refuse to post it to the single organisation that actually *can* do something with it? Nobody else will take your research and submit it to a third party. It's your research: either you submit it to the RIPE NCC and action will be taken where appropriate, or you don't and then your research will be forgotten and nothing will be done... It's just one form to fill in. Thanks, Sander
Re: Notice: Fradulent RIPE ASNs
On Mon, Jan 14, 2013 at 5:49 PM, Ronald F. Guilmette r...@tristatelogic.com wrote: After a careful investigation, I am of the opinion that each of the following 18 ASNs was registered (via RIPE) with fradulent information purporting to represent the identity of the true registrant, and that in fact, all 18 of these ASNs were registered by a single party, apparently as part of a larger scheme to provide IP space to various snowshoe spammers. Ronald, What is your goal here? Is there some action that any particular NANOG participant should take based on your opinion? Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: Notice: Fradulent RIPE ASNs
I'm having more than a little deja vu here - Romanian LIRs have come up on this list (leave alone nanog, or various other RIPE lists) more than once in this context. In fact There is an apparent pattern of large scale misuse of resources here, with a complex reporting procedure that puts the onus on the complainant to perform validation that, given complaints of a widespread problem, RIPE staff is much better qualified (not to mention, paid for their time) to do themselves, on a proactive basis. --srs On Wednesday, January 16, 2013, Sander Steffann wrote: Hi, is likely to be following the reporting procedure for the provision of untruthful information to the RIPE NCC at http://www.ripe.net/contact/reporting-procedure, which is a well defined procedure. RIPE NCC will investigate any report submitted though this procedure; there is a flowchart at this web address that clearly explains what will happen. See above. I have done a great deal of work on this already. I leave it to other interested parties to file wharever additional reports they might feel are warranted or appropriate. Sorry, but you post this information on public mailing lists where it can be discussed but where no action can be taken, and then refuse to post it to the single organisation that actually *can* do something with it? Nobody else will take your research and submit it to a third party. It's your research: either you submit it to the RIPE NCC and action will be taken where appropriate, or you don't and then your research will be forgotten and nothing will be done... It's just one form to fill in. Thanks, Sander -- --srs (iPad)
Re: Issues with level3?
valdis.kletni...@vt.edu wrote: On Tue, 15 Jan 2013 14:52:24 -0500, Joe Maimon said: I only ever say class-c sized. And only when trying to communicate with the slash-whats. Your mistake there is trying to communicate with people who have been in networking long enough to understand class-c, but *still* haven't educated themselves out of the slash-what stage. Such people deserve to be shunned. The new guys dont know to shun these old folk. And then its too late. Joe
Problem with email to Hawaiilink.net email
Does anyone know of any problems in Hawaii with email or DNS problems? Sending from gmail.com and pacbell.net domains, I get: host mail.hawaiilink.net[24.43.223.114] said: 553 5.1.8 emailaddr...@pacbell.net ... Domain of sender address emailaddr...@pacbell.net does not exist (in reply to MAIL FROM command) Regards, David
Re: Notice: Fradulent RIPE ASNs
Hi, I'm having more than a little deja vu here - Romanian LIRs have come up on this list (leave alone nanog, or various other RIPE lists) more than once in this context. In fact Yes, but like I said: talk on lists is not enough There is an apparent pattern of large scale misuse of resources here, with a complex reporting procedure that puts the onus on the complainant to perform validation Filling in one web form is a complex reporting procedure? The form only contains: - the reason (probably Violation of RIPE Policies and RIPE NCC Procedures or Provision of untruthful information to the RIPE NCC) - one of the relevant resources (can be an address, ASN or organisation object from the RIPE database) In order to identify the natural or legal person responsible. - a text field where you can copypaste your report - your contact details - one checkbox I confirm that the information I provide is correct and to the best of my knowledge - one checkbox I allow the RIPE NCC to forward my report and attachments to the party the report is about. - a captcha They add a note that your contact details will never be shared with a third party, only the content of your report. They also provide a nice flowchart that shows how they will handle the report, which basically comes down to: Report-submitted - report-accepted - start-investigation. I really can't see how this is a complex reporting procedure that puts the onus on the complainant to perform validation. They don't ask for validation, only that you provide correct information on which they can base their investigation. that, given complaints of a widespread problem, RIPE staff is much better qualified (not to mention, paid for their time) to do themselves, on a proactive basis. They do proactive audits and they do verification/validation of the information people write in the reports. They will take action on complaints of a widespread problem. They just need the proper information through the official channels, which in this case is a not-so-complicated web form... Cheers, Sander
RE: Problem with email to Hawaiilink.net email
Yes, the ILEC there is having issues. There are a few posts on the outages listserv. Frank -Original Message- From: david peahi [mailto:davidpe...@gmail.com] Sent: Tuesday, January 15, 2013 6:19 PM To: nanog@nanog.org Subject: Problem with email to Hawaiilink.net email Does anyone know of any problems in Hawaii with email or DNS problems? Sending from gmail.com and pacbell.net domains, I get: host mail.hawaiilink.net[24.43.223.114] said: 553 5.1.8 emailaddr...@pacbell.net ... Domain of sender address emailaddr...@pacbell.net does not exist (in reply to MAIL FROM command) Regards, David
Re: Problem with email to Hawaiilink.net email
Looks like you are not the only one with issues connecting to Hawaii: http://permalink.gmane.org/gmane.org.operators.isotf.outages/5231 On 16 January 2013 00:19, david peahi davidpe...@gmail.com wrote: Does anyone know of any problems in Hawaii with email or DNS problems? Sending from gmail.com and pacbell.net domains, I get: host mail.hawaiilink.net[24.43.223.114] said: 553 5.1.8 emailaddr...@pacbell.net ... Domain of sender address emailaddr...@pacbell.net does not exist (in reply to MAIL FROM command) Regards, David -- BaconZombie LOAD *,8,1 ฦ ฮ้ Ỏ̷͖͈̞̩͎̻̫̫̜͉̠̫͕̭̭̫̫̹̗̹͈̼̠̖͍͚̥͈ ฦ้็้็็
Re: Problem with email to Hawaiilink.net email
hawaiiantel is reporting a fibercut which I imagine explains most of this. On 1/15/13 4:32 PM, Bacon Zombie wrote: Looks like you are not the only one with issues connecting to Hawaii: http://permalink.gmane.org/gmane.org.operators.isotf.outages/5231 On 16 January 2013 00:19, david peahi davidpe...@gmail.com wrote: Does anyone know of any problems in Hawaii with email or DNS problems? Sending from gmail.com and pacbell.net domains, I get: host mail.hawaiilink.net[24.43.223.114] said: 553 5.1.8 emailaddr...@pacbell.net ... Domain of sender address emailaddr...@pacbell.net does not exist (in reply to MAIL FROM command) Regards, David -- BaconZombie LOAD *,8,1 ฦ ฮ้ Ỏ̷͖͈̞̩͎̻̫̫̜͉̠̫͕̭̭̫̫̹̗̹͈̼̠̖͍͚̥͈ ฦ้็้็็
Re: Problem with email to Hawaiilink.net email
http://www.staradvertiser.com/news/breaking/186990051.html Thanks, -Roy Hockett Network Architect, ITS Communication Systems University of Michigan Tel: (734) 763-7325 Fax: (734) 615-1727 email: roy...@umich.edu On Jan 15, 2013, at 3:26 PM, joel jaeggli joe...@bogus.com wrote: hawaiiantel is reporting a fibercut which I imagine explains most of this. On 1/15/13 4:32 PM, Bacon Zombie wrote: Looks like you are not the only one with issues connecting to Hawaii: http://permalink.gmane.org/gmane.org.operators.isotf.outages/5231 On 16 January 2013 00:19, david peahi davidpe...@gmail.com wrote: Does anyone know of any problems in Hawaii with email or DNS problems? Sending from gmail.com and pacbell.net domains, I get: host mail.hawaiilink.net[24.43.223.114] said: 553 5.1.8 emailaddr...@pacbell.net ... Domain of sender address emailaddr...@pacbell.net does not exist (in reply to MAIL FROM command) Regards, David -- BaconZombie LOAD *,8,1 ฦ ฮ้ Ỏ̷͖͈̞̩͎̻̫̫̜͉̠̫͕̭̭̫̫̹̗̹͈̼̠̖͍͚̥͈ ฦ้็้็็
Re: Problem with email to Hawaiilink.net email
--- roy...@umich.edu wrote: From: Roy hockett roy...@umich.edu http://www.staradvertiser.com/news/breaking/186990051.html --- You just gotta love living in the boonies! ;-) The Kauai Police Department said they are experiencing intermittent phone outages due to a technical issue with their service provider, Hawaiian Telcom. The department asks that Kauai residents limit 911 calls to emergencies only until the issue is resolved. scott