Re: net neutrality and peering wars continue
On Jun 20, 2013, at 1:39 PM, Niels Bakker niels=na...@bakker.net wrote: You're mistaken if you think that CDNs have equal number of packets going in and out. I'm aware that neither the quantity nor the size of packets in each direction are equal. I'm just hard-pressed to think of a reason why this matters, and so tend to hand-wave about it a bit… To a rough approximation, flows are balanced. Someone requests something, and an answer follows. Requests tend to be small, but if someone requests something large, a large answer follows. Conversely, people also send things, which are followed by small acknowledgements. Again, this only matters if you place a great deal of importance both on the notion that size equals fairness, and that fairness is more important than efficiency. I would argue that neither are true. I'm far more interested in seeing the cost of Internet service go down, than seeing two providers saddled with equally high costs in the name of fairness. And costs go down most quickly when each provider retains the full incentivization of its own ability to minimize costs. Not when they have to worry about fairness in an arbitrary metric, relative to other providers. The only occasion I can think of when traffic flows of symmetric volume have an economic benefit are when a third party is imposing excess rent on circuits, such that the cost of upgrading capacity is higher than the cost of traffic engineering flows to fill reverse paths. And that's hardly the sort of mental pretzels I want carriers to be having to worry about, instead of moving bits to customers. I think the point is here that networks are nudging these decisions by making certain services suck more than others by way of preferential network access. I agree completely that that's the problem. But it didn't appear to be what Benson was talking about. -Bill
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
On 6/20/13, Hal Murray hmur...@megapathdsl.net wrote: Perhaps we should setup a distributed system for checking things rather than another SPOF. That's distributed both geographically and administratively and using several code-bases. [snip] I would be in favor of being able to pay two competitive to be registrars for a domain, and assign them two roles: Registrar Primary and Registrar Auditor With the requirement that all changes to the domain be initiated with my Primary Registrar, AND no major change would be allowed to take effect until validated by my secondary change Auditor Registrar Including changes to NS records, DS records, contacts, unlocking, renewal, deactivation, or transfers. Essentially, forcing me to submit the same change to both registrars, but denying either registrar the capability of forging authorization or submitting changes that I had not authorized. Also (in some measure) protecting me from identity theft, and other security issues -- since there are now two accounts with two providers, possibly with different authentication procedures. -- -JH
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
On 6/20/13, valdis.kletni...@vt.edu valdis.kletni...@vt.edu wrote: It's relatively small when you consider there's something like 140M .com's Yeah... I'm in agreement about that's probably what is going on... It's relatively small, but absolutely large, and absolute numbers matter. 5 domains is small, 50k is not, even if Netsol has a 100 billion domains. If I had 50,000 fingers; I might think differently. But the definition of a large number doesn't change to people, just because you also have a massive number of that thing. The phrase a small number means an absolutely small number, so it seems like a really really misleading if not possibly dishonest PR spin; they could have said a small proportion or a relatively small number, in that case. -- -JH
Server Sky - Internet and computation in orbit
(This may be Wacky Friday, but this one is not tongue in cheek -- the name Keith Lofstrom should ring a bell). http://server-sky.com/ Server Sky - internet and computation in orbit It is easier to move terabits than kilograms or megawatts. Space solar power will solve the energy crisis. Sooner if we process space power into high value computation before we send it to earth. Computation is most valuable where it is rarest - in the rural developing world. Human attention is the most valuable resource on earth, and Server Sky space-based internet can transport that attention from where it is most abundant to where it is most valued. Click RecentChanges on any page to see what I've been working on lately. This website is a public work in progress - warts and all. Server Sky thinsats are ultralight films of glass that convert sunlight into computation and communications. Powered by solar cells, propelled and steered by light pressure, networked and located by microwaves, and cooled by radiation into deep space. Arrays of tens of thousands of thinsats act as highly redundant computation and database servers, as well as phased array antennas to reach thousands of transceivers on the ground. First generation thinsats are 20 centimeters across (about 8 inches) and 0.08 millimeters (80 microns) thick, and weigh 5 grams. They can be mass produced with off-the-shelf semiconductor and display technologies. Thousands of radio chips provide intra-array, inter-array, and ground communication, as well as precise location information. Thinsats are launched stacked by the thousands in solid cylinders, shrouded and vibration isolated inside a traditional satellite bus. Traditional data centers consume almost 3% of US electrical power, and this fraction is growing rapidly. Server arrays in orbit can grow to virtually unlimited computation power, communicate with the whole world, pay for themselves with electricity savings, and greatly reduce pollution and resource usage in the biosphere. The goal is an energy and space launch growth path that follows Moore's Law, with the cost of energy and launch halving every two years. Server Sky may cost two to ten times as much as ground-based computation in 2015, but is may cost 100 times less in 2035. The computation growth driven by Moore's Law is solving difficult problems from genetics to improved manufacture for semiconductors. If Server Sky and Moore's Law can do the same for clean energy, we can get rid of the carbon fuel plants, undam the rivers, and reduce atmospheric CO2 far sooner than we had dared hope. Energy production systems based on manual manufacturing, human construction assembly, and the use of terrestrial land, biological habitat, and surface water, packaged to survive weather, gravity, and corrosion, cannot grow at the same rate as Moore's Law. Server Sky is speculative. The most likely technical showstopper is radiation damage. The most likely practical showstopper is misunderstanding. Working together, we can fix the latter. Why Bother? 212 Acres and a Marble Thinsat Detailed Description Thinsat Propulsion and Navigation Deployment orbits Launching Thinsats from Earth Radios for communication, interconnect, synchronization, radar, and orientation The Space Environment - Radiation, Drag, Collisions, Erosion Manufacturing Thinsats Biological and Environmental Effects Future Possibilities - low cost launch, terascale arrays, beam power to Earth, scientific sensors Criticism Contact Us Participate . . . . Mailing List Signup] The Launch Loop, a speculative space launch system useful for launching Server Sky. This website is under construction - many of the sections need filling in. If you want to improve spelling, add expertise, etc... send me an ASCII (not html) email and I will add you to the editor's list.
RE: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
I remember when I used to own a small ISP and NetSOL lost 1/3 of the domains. Just lost them. And it wasn't a DDOS, it was their screw up. It went on for days -Original Message- From: Hank Nussbacher [mailto:h...@efes.iucc.ac.il] Sent: Thursday, June 20, 2013 11:10 PM To: Richard Golodner Cc: nanog@nanog.org Subject: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) At 17:12 20/06/2013 -0500, Richard Golodner wrote: I think you are reading it the wrong way. Mr.Kletnieks never said it was okay. He just stated that the numbers were trivial when compared to the rest of potential customers being affected. Be cool, Richard Golodner sarcasm and Netsol agrees with you: http://www.networksolutions.com/blog/2013/06/important-update-for-network-solutions-customers-experiencing-website-issues/ a small number of Network Solutions customers were inadvertently affected for up to several hours. /sarcasm -Hank
Re: net neutrality and peering wars continue
On 2013-06-21 4:54 AM, Bill Woodcock wrote: Again, this only matters if you place a great deal of importance both on the notion that size equals fairness, and that fairness is more important than efficiency. ... I think the point is here that networks are nudging these decisions by making certain services suck more than others by way of preferential network access. I agree completely that that's the problem. But it didn't appear to be what Benson was talking about. It's clear to me that you don't understand what I've said. But whether you're being obtuse or simply disagreeing, there is little value in repeating my specific points. Instead, in hope of encouraging useful discussion, I'll try to step back and describe things more broadly. The behaviors of networks are driven (in almost all cases) by the needs of business. In other words, decisions about peering, performance, etc, are all driven by a PL sheet. So, clearly, these networks will try to minimize their costs (whether fair or not). And any imbalance between peers' cost burdens is an easy target. If one peer's routing behavior forces the other to carry more traffic a farther distance, then there is likely to be a dispute at some point - contrary to some hand-wave comments, carrying multiple gigs of traffic across the continent does have a meaningful cost, and pushing that cost onto somebody else is good for business. This is where so-called bit mile peering agreements can help - neutralize arguments about balance in order to focus on what matters. Of course there is still the P side of a PL sheet to consider, and networks will surely attempt to capture some of the success of their peers' business models. But take away the legitimate fairness excuses and we can see the real issue in these cases. Not that we have built the best (standard, interoperable, cheap) tools to make bit-mile peering possible... But that's a good conversation to have. Cheers, -Benson
Re: net neutrality and peering wars continue
On Jun 21, 2013, at 4:20 PM, Benson Schliesser bens...@queuefull.net wrote: On 2013-06-21 4:54 AM, Bill Woodcock wrote: Again, this only matters if you place a great deal of importance both on the notion that size equals fairness, and that fairness is more important than efficiency. ... I think the point is here that networks are nudging these decisions by making certain services suck more than others by way of preferential network access. I agree completely that that's the problem. But it didn't appear to be what Benson was talking about. It's clear to me that you don't understand what I've said. But whether you're being obtuse or simply disagreeing, there is little value in repeating my specific points. Instead, in hope of encouraging useful discussion, I'll try to step back and describe things more broadly. The behaviors of networks are driven (in almost all cases) by the needs of business. In other words, decisions about peering, performance, etc, are all driven by a PL sheet. This isn't exactly true and it turns out that the subtle difference from this fact is very important. They are driven not by a PL sheet, but by executive's opinions of what will improve the PL sheet. There is ample evidence that promiscuous peering can actually reduce costs across the board and increase revenues, image, good will, performance, and even transit purchases. There is also evidence that turning off peers tends to hamper revenue growth, degrade performance, create a negative image for the organization, reduce good will, etc. One need look no further than the history of SPRINT for a graphic example. In the early 2000's when SPRINT started depeering, they were darn near the epicenter of internet transit. Today, they're yet another also ran among major telco-based ISPs. Sure, their peering policy alone is likely not the only cause of this decline in stature, but it certainly contributed. So, clearly, these networks will try to minimize their costs (whether fair or not). And any imbalance between peers' cost burdens is an easy target. If one peer's routing behavior forces the other to carry more traffic a farther distance, then there is likely to be a dispute at some point - contrary to some hand-wave comments, carrying multiple gigs of traffic across the continent does have a meaningful cost, and pushing that cost onto somebody else is good for business. Reasonable automation means that it costs nearly nothing to add peers at public exchange points once you are present at that exchange point. The problem with looking only at the cost of moving the bits around in this equation is that it ignores where the value proposition for delivering those bits lies. In reality, if an eyeball ISP doesn't maintain sufficient peering relationships to deliver the traffic the eyeballs are requesting, the eyeballs will become displeased with said ISP. In many cases, this is less relevant than it should be because the eyeball network is either a true monopoly, an effective monopoly (30/10Mbps cable vs. 1.5Mbps/384k DSL means that cable is an effective monopoly for all practical purposes), or a duopoly where both choices are nearly equally poor. In markets served by multiple high speed providers, you tend to find that consumers gravitate towards the ones that don't engage in peering wars to the point that they degrade service to those customers. On the other hand, if a content provider does not maintain sufficient capacity to reach the eyeball networks in a way that the eyeball networks are willing to accept said traffic, the content provider is at risk of losing subscribers. Since content tends to have many competitors capable of delivering an equivalent service, content providers have less leverage in any such dispute. Their customers don't want to hear You're on Comcast and they don't like us as an excuse when the service doesn't work. They'll go find a provider Comcast likes. The bottom line is that these ridiculous disputes are expensive to both sides and degrade service for their mutual customers. I make a point of opening tickets every time this becomes a performance issue for me. If more consumers did, then perhaps that cost would help drive better decisions from the executives at these providers. The other problem that plays into this is, as someone noted, many of these providers are in the internet business as a secondary market for revenue added to their primary business. They'd rather not see their primary business revenues driven onto the internet and off of their traditional services. As such, there is a perceived PL gain to the other services by degrading the performance of competing services delivered over the internet. Attempting to use this fact to leverage (extort) money from the content providers to make up those revenues also makes for an easy target in the board room. This is where so-called bit mile peering agreements
Re: PRISM: NSA/FBI Internet data mining project
On 06/09/13 11:10 -0500, Dan White wrote: Let me put my gold tipped tinfoil hat on in response to your statement. http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant If accurate, this is extremely concerning: Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information inadvertently collected from domestic US communications without a warrant. The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used. ...However, alongside those provisions, the Fisa court-approved policies allow the NSA to: • Keep data that could potentially contain details of US persons for up to five years; Retain and make use of inadvertently acquired domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity; All protections afforded by the fourth amendment have essentially been thrown into the (rather large) bit bucket by the FISA court, when it comes to any bits which leave your premise. -- Dan White
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
On Thu, 20 Jun 2013 23:42:24 -0400, shawn wilson said: I think Netsol should be fined. Maybe even a class action suite filed against them for lost business. And that's it. So your contract with NetSol has an SLA guarantee in it, and you can demonstrate that (a) said SLA has been violated and (b) that NetSol has not made the contracted restitution? pgpIcdxHHMFzt.pgp Description: PGP signature
Re: PRISM: NSA/FBI Internet data mining project
I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrent. If the purpose was to actually collect data on you, in the event you do something , they can simply run a query against this data post court order...then that's crossing the line. I personally think there is nothing wrong with monitoring US communications - big difference between monitoring US communications and monitoring US persons communications. On Fri, Jun 21, 2013 at 8:56 AM, Dan White dwh...@olp.net wrote: On 06/09/13 11:10 -0500, Dan White wrote: Let me put my gold tipped tinfoil hat on in response to your statement. http://www.guardian.co.uk/**world/2013/jun/20/fisa-court-** nsa-without-warranthttp://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant If accurate, this is extremely concerning: Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information inadvertently collected from domestic US communications without a warrant. The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used. ...However, alongside those provisions, the Fisa court-approved policies allow the NSA to: • Keep data that could potentially contain details of US persons for up to five years; Retain and make use of inadvertently acquired domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity; All protections afforded by the fourth amendment have essentially been thrown into the (rather large) bit bucket by the FISA court, when it comes to any bits which leave your premise. -- Dan White -- Phil Fagan Denver, CO 970-480-7618
Re: PRISM: NSA/FBI Internet data mining project
On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. If the purpose was to actually collect data on you, in the event you do something , they can simply run a query against this data post court order...then that's crossing the line. Indeed, they don't even seem to be required to bother with the court order any more. The standing FISA order seems to pretty much allow them to do all the required line crossing without any additional court order. I personally think there is nothing wrong with monitoring US communications - big difference between monitoring US communications and monitoring US persons communications. It's pretty clear that they are likely monitoring both. Owen On Fri, Jun 21, 2013 at 8:56 AM, Dan White dwh...@olp.net wrote: On 06/09/13 11:10 -0500, Dan White wrote: Let me put my gold tipped tinfoil hat on in response to your statement. http://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant If accurate, this is extremely concerning: Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information inadvertently collected from domestic US communications without a warrant. The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used. ...However, alongside those provisions, the Fisa court-approved policies allow the NSA to: • Keep data that could potentially contain details of US persons for up to five years; Retain and make use of inadvertently acquired domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity; All protections afforded by the fourth amendment have essentially been thrown into the (rather large) bit bucket by the FISA court, when it comes to any bits which leave your premise. -- Dan White -- Phil Fagan Denver, CO 970-480-7618
Re: PRISM: NSA/FBI Internet data mining project
Good point; apparently the doctorine does protect against the case whereby any collected data would have been found anway with a court order. On Fri, Jun 21, 2013 at 9:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. If the purpose was to actually collect data on you, in the event you do something , they can simply run a query against this data post court order...then that's crossing the line. Indeed, they don't even seem to be required to bother with the court order any more. The standing FISA order seems to pretty much allow them to do all the required line crossing without any additional court order. I personally think there is nothing wrong with monitoring US communications - big difference between monitoring US communications and monitoring US persons communications. It's pretty clear that they are likely monitoring both. Owen On Fri, Jun 21, 2013 at 8:56 AM, Dan White dwh...@olp.net wrote: On 06/09/13 11:10 -0500, Dan White wrote: Let me put my gold tipped tinfoil hat on in response to your statement. http://www.guardian.co.uk/**world/2013/jun/20/fisa-court-** nsa-without-warranthttp://www.guardian.co.uk/world/2013/jun/20/fisa-court-nsa-without-warrant If accurate, this is extremely concerning: Top secret documents submitted to the court that oversees surveillance by US intelligence agencies show the judges have signed off on broad orders which allow the NSA to make use of information inadvertently collected from domestic US communications without a warrant. The documents show that even under authorities governing the collection of foreign intelligence from foreign targets, US communications can still be collected, retained and used. ...However, alongside those provisions, the Fisa court-approved policies allow the NSA to: • Keep data that could potentially contain details of US persons for up to five years; Retain and make use of inadvertently acquired domestic communications if they contain usable intelligence, information on criminal activity, threat of harm to people or property, are encrypted, or are believed to contain any information relevant to cybersecurity; All protections afforded by the fourth amendment have essentially been thrown into the (rather large) bit bucket by the FISA court, when it comes to any bits which leave your premise. -- Dan White -- Phil Fagan Denver, CO 970-480-7618 -- Phil Fagan Denver, CO 970-480-7618
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
On Thu, Jun 20, 2013 at 05:28:17PM -0400, valdis.kletni...@vt.edu wrote: It's relatively small when you consider there's something like 140M .com's Just FWIW, the current size of .com is roughly 109M domains. Someday it will reach 140M but not today. Nicolai
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
https://www.networksolutions.com/blog/2013/06/important-update-for-network-solutions-customers-experiencing-website-issues/ Why are they infinitely looping a script on their web server to check for a cookie? Are these people insane?
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
Registrar Primary and Registrar Auditor There are certainly registrars who are more security oriented than Netsol. If you haven't followed all of the corporate buying and selling, Netsol is now part of web.com, so their business is more to support web hosting than to be a registrar. I expect that if you put your domain at Markmonitor or CSC corporate domains, you would not have this problem, and you would pay accordingly.
Re: PRISM: NSA/FBI Internet data mining project
On Fri, Jun 21, 2013 at 11:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. Howdy, In spite of what you may have seen on TV, law enforcement is not required to ignore evidence of a crime which turns up during a lawful search merely because it's evidence of a different crime. Fruit of the poisonous tree applies when the original search for whatever it was they were originally looking for is unlawful. Supposedly the FISA court found the NSA's troll for terrorists to be lawful. Once that's true, evidence of any crime may be lawfully introduced in court. For a fun read, check out the Ilustrated Guide to Criminal Law: http://lawcomic.net/guide/?p=18 Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, LacNOG, TRNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith pfsi...@gmail.com. Routing Table Report 04:00 +10GMT Sat 22 Jun, 2013 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary BGP routing table entries examined: 457502 Prefixes after maximum aggregation: 186225 Deaggregation factor: 2.46 Unique aggregates announced to Internet: 227498 Total ASes present in the Internet Routing Table: 44356 Prefixes per ASN: 10.31 Origin-only ASes present in the Internet Routing Table: 34763 Origin ASes announcing only one prefix: 16168 Transit ASes present in the Internet Routing Table:5859 Transit-only ASes present in the Internet Routing Table:143 Average AS path length visible in the Internet Routing Table: 4.6 Max AS path length visible: 29 Max AS path prepend of ASN ( 36992) 22 Prefixes from unregistered ASNs in the Routing Table: 1392 Unregistered ASNs in the Routing Table: 609 Number of 32-bit ASNs allocated by the RIRs: 4809 Number of 32-bit ASNs visible in the Routing Table:3734 Prefixes from 32-bit ASNs in the Routing Table: 10899 Special use prefixes present in the Routing Table: 25 Prefixes being announced from unallocated address space:222 Number of addresses announced to Internet: 2642684428 Equivalent to 157 /8s, 132 /16s and 42 /24s Percentage of available address space announced: 71.4 Percentage of allocated address space announced: 71.4 Percentage of available address space allocated: 100.0 Percentage of address space in use by end-sites: 94.6 Total number of prefixes smaller than registry allocations: 160098 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes: 110296 Total APNIC prefixes after maximum aggregation: 33646 APNIC Deaggregation factor:3.28 Prefixes being announced from the APNIC address blocks: 112510 Unique aggregates announced from the APNIC address blocks:46108 APNIC Region origin ASes present in the Internet Routing Table:4852 APNIC Prefixes per ASN: 23.19 APNIC Region origin ASes announcing only one prefix: 1220 APNIC Region transit ASes present in the Internet Routing Table:819 Average APNIC Region AS path length visible:4.8 Max APNIC Region AS path length visible: 25 Number of APNIC region 32-bit ASNs visible in the Routing Table:583 Number of APNIC addresses announced to Internet: 725408992 Equivalent to 43 /8s, 60 /16s and 220 /24s Percentage of available APNIC address space announced: 84.8 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 131072-133119 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8, 163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:158910 Total ARIN prefixes after maximum aggregation:80418 ARIN Deaggregation factor: 1.98 Prefixes being announced from the ARIN address blocks: 159578 Unique aggregates announced from the ARIN address blocks: 74067 ARIN Region origin ASes present in the Internet Routing Table:15746 ARIN Prefixes per ASN:10.13 ARIN Region origin ASes
Re: PRISM: NSA/FBI Internet data mining project
I guess the moral here isdon't do anything wrong. :-D On Fri, Jun 21, 2013 at 12:31 PM, William Herrin b...@herrin.us wrote: On Fri, Jun 21, 2013 at 11:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. Howdy, In spite of what you may have seen on TV, law enforcement is not required to ignore evidence of a crime which turns up during a lawful search merely because it's evidence of a different crime. Fruit of the poisonous tree applies when the original search for whatever it was they were originally looking for is unlawful. Supposedly the FISA court found the NSA's troll for terrorists to be lawful. Once that's true, evidence of any crime may be lawfully introduced in court. For a fun read, check out the Ilustrated Guide to Criminal Law: http://lawcomic.net/guide/?p=18 Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- Phil Fagan Denver, CO 970-480-7618
Re: PRISM: NSA/FBI Internet data mining project
The United States Constitution* *See Terms and Conditions for details, not all citizens apply, void where prohibited, subject to change at any time. On 6/21/13 11:42 AM, Phil Fagan philfa...@gmail.com wrote: I guess the moral here isdon't do anything wrong. :-D On Fri, Jun 21, 2013 at 12:31 PM, William Herrin b...@herrin.us wrote: On Fri, Jun 21, 2013 at 11:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. Howdy, In spite of what you may have seen on TV, law enforcement is not required to ignore evidence of a crime which turns up during a lawful search merely because it's evidence of a different crime. Fruit of the poisonous tree applies when the original search for whatever it was they were originally looking for is unlawful. Supposedly the FISA court found the NSA's troll for terrorists to be lawful. Once that's true, evidence of any crime may be lawfully introduced in court. For a fun read, check out the Ilustrated Guide to Criminal Law: http://lawcomic.net/guide/?p=18 Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- Phil Fagan Denver, CO 970-480-7618
Re: PRISM: NSA/FBI Internet data mining project
Hah! On Fri, Jun 21, 2013 at 1:10 PM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: The United States Constitution* *See Terms and Conditions for details, not all citizens apply, void where prohibited, subject to change at any time. On 6/21/13 11:42 AM, Phil Fagan philfa...@gmail.com wrote: I guess the moral here isdon't do anything wrong. :-D On Fri, Jun 21, 2013 at 12:31 PM, William Herrin b...@herrin.us wrote: On Fri, Jun 21, 2013 at 11:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. Howdy, In spite of what you may have seen on TV, law enforcement is not required to ignore evidence of a crime which turns up during a lawful search merely because it's evidence of a different crime. Fruit of the poisonous tree applies when the original search for whatever it was they were originally looking for is unlawful. Supposedly the FISA court found the NSA's troll for terrorists to be lawful. Once that's true, evidence of any crime may be lawfully introduced in court. For a fun read, check out the Ilustrated Guide to Criminal Law: http://lawcomic.net/guide/?p=18 Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- Phil Fagan Denver, CO 970-480-7618 -- Phil Fagan Denver, CO 970-480-7618
/25's prefixes announced into global routing table?
Hello all, As the IPv4 space get smaller and smaller, does anyone think we'll see a time when /25's will be accepted for global BGP prefix announcement. The current smallest size is a /24 and generally ok for most people, but the crunch gets tighter, routers continue to have more and more ram will it always be /24 the smallest size? Cheers, Mike -- Michael McConnell WINK Streaming; email: mich...@winkstreaming.com phone: +1 312 281-5433 x 7400 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com
Re: /25's prefixes announced into global routing table?
On Fri, Jun 21, 2013 at 01:56:02PM -0600, Michael McConnell wrote: As the IPv4 space get smaller and smaller, does anyone think we'll see a time when /25's will be accepted for global BGP prefix announcement. The current smallest size is a /24 and generally ok for most people, but the crunch gets tighter, routers continue to have more and more ram will it always be /24 the smallest size? RAM != FIB. The forwarding hardware is generally going to be the limit, and that's going to be painful enough as we approach a half million prefixes. You couldn't even consider such a thing until after that pain point. --msa
Re: /25's prefixes announced into global routing table?
On 21-06-13 21:56, Michael McConnell wrote: As the IPv4 space get smaller and smaller, does anyone think we'll see a time when /25's will be accepted for global BGP prefix announcement. The current smallest size is a /24 and generally ok for most people, but the crunch gets tighter, routers continue to have more and more ram will it always be /24 the smallest size? As the fragmentation will progress and we will be closing to the magic limit of 500.000, people will filter out /24 and then /23 and so on. Back to static (default) routing! -- Grzegorz Janoszka
The Cidr Report
This report has been generated at Fri Jun 21 21:13:56 2013 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
14-06-13457227 260704
15-06-13457743 260696
16-06-13457703 260705
17-06-13457783 260821
18-06-13457828 260945
19-06-13457884 260605
20-06-13457589 260690
21-06-13457753 261049
AS Summary
44478 Number of ASes in routing system
18393 Number of ASes announcing only one prefix
2998 Largest number of prefixes announced by an AS
AS6389 : BELLSOUTH-NET-BLK - BellSouth.net Inc.
116801504 Largest address span announced by an AS (/32s)
AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 21Jun13 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 458608 261038 19757043.1% All ASes
AS6389 2998 77 292197.4% BELLSOUTH-NET-BLK -
BellSouth.net Inc.
AS28573 2802 107 269596.2% NET Serviços de Comunicação
S.A.
AS17974 2555 539 201678.9% TELKOMNET-AS2-AP PT
Telekomunikasi Indonesia
AS4766 2950 958 199267.5% KIXS-AS-KR Korea Telecom
AS10620 2662 828 183468.9% Telmex Colombia S.A.
AS22773 1984 162 182291.8% ASN-CXA-ALL-CCI-22773-RDC -
Cox Communications Inc.
AS18566 2064 474 159077.0% COVAD - Covad Communications
Co.
AS7303 1732 454 127873.8% Telecom Argentina S.A.
AS4323 1627 406 122175.0% TWTC - tw telecom holdings,
inc.
AS4755 1748 586 116266.5% TATACOMM-AS TATA
Communications formerly VSNL
is Leading ISP
AS2118 1069 85 98492.0% RELCOM-AS OOO NPO Relcom
AS18881 1002 44 95895.6% Global Village Telecom
AS7552 1149 198 95182.8% VIETEL-AS-AP Vietel
Corporation
AS36998 1237 301 93675.7% SDN-MOBITEL
AS1785 1993 1150 84342.3% AS-PAETEC-NET - PaeTec
Communications, Inc.
AS18101 1002 182 82081.8% RELIANCE-COMMUNICATIONS-IN
Reliance Communications
Ltd.DAKC MUMBAI
AS4808 1146 392 75465.8% CHINA169-BJ CNCGROUP IP
network China169 Beijing
Province Network
AS701 1533 803 73047.6% UUNET - MCI Communications
Services, Inc. d/b/a Verizon
Business
AS13977 844 139 70583.5% CTELCO - FAIRPOINT
COMMUNICATIONS, INC.
AS22561 1192 512 68057.0% DIGITAL-TELEPORT - Digital
Teleport Inc.
AS855733 54 67992.6% CANET-ASN-4 - Bell Aliant
Regional Communications, Inc.
AS8151 1263 588 67553.4% Uninet S.A. de C.V.
AS6983 1141 478 66358.1% ITCDELTA - ITC^Deltacom
AS24560 1077 420 65761.0% AIRTELBROADBAND-AS-AP Bharti
Airtel Ltd., Telemedia
Services
AS7545 2019 1365 65432.4% TPG-INTERNET-AP TPG Telecom
Limited
AS17676 735 112 62384.8% GIGAINFRA Softbank BB Corp.
AS6147 663 48 61592.8% Telefonica del Peru S.A.A.
AS31148 805 201 60475.0% FREENET-AS Freenet Ltd.
AS3549 1033 434 59958.0% GBLX Global Crossing Ltd.
AS4788 735 140 59581.0% TMNET-AS-AP TM Net, Internet
Service Provider
Total
BGP Update Report
BGP Update Report Interval: 13-Jun-13 -to- 20-Jun-13 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS36998 175465 8.0% 310.6 -- SDN-MOBITEL 2 - AS27947 123692 5.6% 180.6 -- Telconet S.A 3 - AS18403 42676 1.9% 78.6 -- FPT-AS-AP The Corporation for Financing Promoting Technology 4 - AS47331 34480 1.6% 16.4 -- TTNET TTNet A.S. 5 - AS60974 32953 1.5% 672.5 -- NAICOMS Naicoms EOOD 6 - AS14420 31318 1.4% 78.1 -- CORPORACION NACIONAL DE TELECOMUNICACIONES - CNT EP 7 - AS840229694 1.4% 38.7 -- CORBINA-AS OJSC Vimpelcom 8 - AS982926166 1.2% 36.0 -- BSNL-NIB National Internet Backbone 9 - AS755218256 0.8% 16.7 -- VIETEL-AS-AP Vietel Corporation 10 - AS941616685 0.8%1668.5 -- MULTIMEDIA-AS-AP Hoshin Multimedia Center Inc. 11 - AS27738 15941 0.7% 27.8 -- Ecuadortelecom S.A. 12 - AS45899 15326 0.7% 41.0 -- VNPT-AS-VN VNPT Corp 13 - AS17974 15256 0.7% 6.6 -- TELKOMNET-AS2-AP PT Telekomunikasi Indonesia 14 - AS815113724 0.6% 15.2 -- Uninet S.A. de C.V. 15 - AS453812369 0.6% 27.2 -- ERX-CERNET-BKB China Education and Research Network Center 16 - AS985411794 0.5%5897.0 -- KTO-AS-KR KTO 17 - AS647 11391 0.5% 96.5 -- DNIC-ASBLK-00616-00665 - DoD Network Information Center 18 - AS52257 10975 0.5% 997.7 -- Telconet S.A 19 - AS53189 10651 0.5% 394.5 -- NS Telecomunicações Ltda 20 - AS12880 10248 0.5% 64.9 -- DCI-AS Information Technology Company (ITC) TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS147336041 0.3%6041.0 -- AS14733 - Barclays Capital Inc. 2 - AS985411794 0.5%5897.0 -- KTO-AS-KR KTO 3 - AS194063990 0.2%3990.0 -- TWRS-MA - Towerstream I, Inc. 4 - AS362253115 0.1%3115.0 -- INFINITEIT-ASN-01 - Infinite IT Solutions Inc. 5 - AS6174 5846 0.3%2923.0 -- SPRINTLINK8 - Sprint 6 - AS611412091 0.1%2091.0 -- OST-AS OST CJSC 7 - AS486128786 0.4%1757.2 -- RTC-ORENBURG-AS CJSC Comstar-Regions 8 - AS941616685 0.8%1668.5 -- MULTIMEDIA-AS-AP Hoshin Multimedia Center Inc. 9 - AS280414896 0.2%1632.0 -- PANCHONET S.A 10 - AS261249184 0.4%1530.7 -- EOLNET-ECUADOR-ONLINE Grupo Coripar Corisat America 11 - AS373672904 0.1%1452.0 -- CALLKEY 12 - AS222165340 0.2%1335.0 -- SIEMENS-PLM - Siemens Corporation 13 - AS374021023 0.1%1023.0 -- TELESURE 14 - AS280254089 0.2%1022.2 -- CENTROSUR 15 - AS52257 10975 0.5% 997.7 -- Telconet S.A 16 - AS144537772 0.3% 971.5 -- AS-AKN - ADVANCED KNOWLEDGE NETWORKS 17 - AS22688 971 0.0% 971.0 -- DOLGENCORP - Dollar General Corporation 18 - AS12397 841 0.0% 841.0 -- OPTOCOM Optocom Ltd 19 - AS23295 838 0.0% 838.0 -- EA-01 - Extend America 20 - AS8137 4836 0.2% 806.0 -- DISNEYONLINE-AS - Disney Online TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 211.214.206.0/24 11790 0.5% AS9854 -- KTO-AS-KR KTO 2 - 92.246.207.0/248774 0.4% AS48612 -- RTC-ORENBURG-AS CJSC Comstar-Regions 3 - 203.118.232.0/21 8358 0.4% AS9416 -- MULTIMEDIA-AS-AP Hoshin Multimedia Center Inc. 4 - 203.118.224.0/21 8308 0.3% AS9416 -- MULTIMEDIA-AS-AP Hoshin Multimedia Center Inc. 5 - 192.58.232.0/247448 0.3% AS6629 -- NOAA-AS - NOAA 6 - 202.41.70.0/24 6948 0.3% AS2697 -- ERX-ERNET-AS Education and Research Network 7 - 192.107.15.0/246041 0.3% AS14733 -- AS14733 - Barclays Capital Inc. 8 - 190.95.229.0/245797 0.2% AS27947 -- Telconet S.A 9 - 190.95.232.0/245780 0.2% AS27947 -- Telconet S.A 10 - 186.3.20.0/24 5780 0.2% AS27947 -- Telconet S.A 11 - 186.3.48.0/24 5768 0.2% AS27947 -- Telconet S.A 12 - 181.112.96.0/215746 0.2% AS14420 -- CORPORACION NACIONAL DE TELECOMUNICACIONES - CNT EP 13 - 181.113.24.0/215508 0.2% AS14420 -- CORPORACION NACIONAL DE TELECOMUNICACIONES - CNT EP 14 - 198.187.189.0/24 4826 0.2% AS8137 -- DISNEYONLINE-AS - Disney Online 15 - 173.232.234.0/24 4751 0.2% AS30693 -- EONIX-CORPORATION-AS-WWW-EONIX-NET - Eonix Corporation 16 - 173.232.235.0/24 4750 0.2% AS30693 -- EONIX-CORPORATION-AS-WWW-EONIX-NET - Eonix Corporation 17 - 64.26.208.0/24 4534 0.2% AS14453 -- AS-AKN - ADVANCED KNOWLEDGE NETWORKS 18 - 78.41.106.0/24 4526 0.2% AS34879 -- CCT-AS NGENIX 19 - 181.198.192.0/19 4493 0.2% AS52257
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
I think we need a better measure than number of domains (in this case .COM), particularly vs total domains. If it was 100 domains it might seem small, unless that list began with facebook.com, amazon.com, google.com and g*d forbid theworld.com. -- -Barry Shein The World | b...@theworld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada Software Tool Die| Public Access Internet | SINCE 1989 *oo*
Re: /25's prefixes announced into global routing table?
Date: Fri, 21 Jun 2013 16:14:07 -0400 From: Majdi S. Abbas m...@latt.net On Fri, Jun 21, 2013 at 01:56:02PM -0600, Michael McConnell wrote: As the IPv4 space get smaller and smaller, does anyone think we'll see a time when /25's will be accepted for global BGP prefix announcement. The current smallest size is a /24 and generally ok for most people, but the crunch gets tighter, routers continue to have more and more ram will it always be /24 the smallest size? RAM != FIB. The forwarding hardware is generally going to be the limit, and that's going to be painful enough as we approach a half million prefixes. You couldn't even consider such a thing until after that pain point. --msa There are techniques to fix that. For example, Simple Virtual Aggregation http://tools.ietf.org/html/rfc6769 -- Jakob Heitz.
Re: PRISM: NSA/FBI Internet data mining project
On Jun 21, 2013, at 8:31 PM, William Herrin b...@herrin.us wrote: On Fri, Jun 21, 2013 at 11:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. Howdy, In spite of what you may have seen on TV, law enforcement is not required to ignore evidence of a crime which turns up during a lawful search merely because it's evidence of a different crime. Fruit of the poisonous tree applies when the original search for whatever it was they were originally looking for is unlawful. Supposedly the FISA court found the NSA's troll for terrorists to be lawful. Once that's true, evidence of any crime may be lawfully introduced in court. True… The question here, however, is whether these are really lawful searches. If we eliminate the need for any sort of check and balance and allow gross general permanent wiretapping, then there pretty much isn't a fourth amendment. I would argue that the FISA court has far overstepped its mandate (or at least failed to uphold its oversight role) and that the searches are, in fact, still unconstitutional. Owen
Re: /25's prefixes announced into global routing table?
Quite the opposite. As the technical limitations of the routing gear are reached, shorter and shorter prefixes will be tolerated until IPv4 is utterly unusable if we try to stay on IPv4 that long. Owen On Jun 21, 2013, at 9:56 PM, Michael McConnell mich...@winkstreaming.com wrote: Hello all, As the IPv4 space get smaller and smaller, does anyone think we'll see a time when /25's will be accepted for global BGP prefix announcement. The current smallest size is a /24 and generally ok for most people, but the crunch gets tighter, routers continue to have more and more ram will it always be /24 the smallest size? Cheers, Mike -- Michael McConnell WINK Streaming; email: mich...@winkstreaming.com phone: +1 312 281-5433 x 7400 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com
Re: /25's prefixes announced into global routing table?
On 6/21/13 2:15 PM, Grzegorz Janoszka wrote: On 21-06-13 21:56, Michael McConnell wrote: As the IPv4 space get smaller and smaller, does anyone think we'll see a time when /25's will be accepted for global BGP prefix announcement. The current smallest size is a /24 and generally ok for most people, but the crunch gets tighter, routers continue to have more and more ram will it always be /24 the smallest size? As the fragmentation will progress and we will be closing to the magic limit of 500.000, people will filter out /24 and then /23 and so on. Back to static (default) routing! 500k is imho no different than 250k 128k 100k. Some devices are going to fall off the applecart. some folks will engage in heroic measures to police their fib size and the world will move on. million route and 2 million route fib platforms abound. if we cross the million mark in 10 years we're fine. if we cross it in 2 (which doesn't seem likely) then we have a problem. the v6 table imho is the one to watch.
Re: /25's prefixes announced into global routing table?
On Fri, Jun 21, 2013 at 3:56 PM, Michael McConnell mich...@winkstreaming.com wrote: As the IPv4 space get smaller and smaller, does anyone think we'll see a time when /25's will be accepted for global BGP prefix announcement. The current smallest size is a /24 and generally ok for most people, but the crunch gets tighter, routers continue to have more and more ram will it always be /24 the smallest size? No. 1. Too many ASes whose operators are a part of too many cultures and speak too many languages apply a blind filter at /24. Too hard to change. 2. TCAM != RAM However It is possible for a tunnel provider to: 1. Draw a covering route in to a well chosen set of data centers, 2. Set up a nice redundant set of tunnels from each data center to each of its customers' Internet links, 3. Accept smaller-than-/24 routes at a higher priority than the tunnels from its peers where those routes originate from the customers to whom it assigned those addresses 4. Help the customers negotiate with the specific handful of ISPs that operate the paths between them so that they'll accept the sourced packets natively and propagate the smaller-than-/24 route within their system. It hasn't been done with any regularity, but it's technically feasible, can be implemented within a few percent of optimal routing and resilience and requires cooperation from few enough parties (all of them directly paid) that it could happen if the economics were right. On Fri, Jun 21, 2013 at 5:15 PM, Grzegorz Janoszka grzeg...@janoszka.pl wrote: As the fragmentation will progress and we will be closing to the magic limit of 500.000, people will filter out /24 and then /23 and so on. Back to static (default) routing! Don't bet heavy on that either. Many if not most of the Internet's critical resources (think: DNS roots) sit within /24 announcements. Incautious filtering shoots oneself in the foot. Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Re: /25's prefixes announced into global routing table?
On 6/21/13, Michael McConnell mich...@winkstreaming.com wrote: Hello all, As the IPv4 space get smaller and smaller, does anyone think we'll see a time when /25's will be accepted for global BGP prefix announcement. The I am confident there are providers that will accept /25s from some of their customer(s) or peer(s); either due to negotiations with some of their customer(s); or as a result of ignorance or administrative error (failing to reject /25s, and not realizing it). current smallest size is a /24 and generally ok for most people, but the Well, current smallest size intended to be accepted is /24 for many major providers. Some will be more restrictive./24 is useful as a rule of thumb but not an exact size that every network allows. Further address fragmentation will eventually demand that networks become more restrictive, OR that the underlying protocol and hardware gets redesigned; which again, leads to netwroks becoming more restrictive, to avoid spending $$$ on hardware, software, and config upgrades. crunch gets tighter, routers continue to have more and more ram will it always be /24 the smallest size? Cheers, Mike -- -JH
RE: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
Hi Shawn. Or you could vote with your feet, and wish then a fine g'day. John John Souvestre - New Orleans LA - (504) 454-0899 -Original Message- From: shawn wilson [mailto:ag4ve...@gmail.com] Sent: Thursday, June 20, 2013 10:42 pm To: Hal Murray Cc: North American Network Operators Group Subject: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) I think ICANN would have to add a delay in where a request was sent out to make sure everyone was on the same page and then what happens the couple thousand (more) times a day that someone isn't updated or is misconfigured? I think Netsol should be fined. Maybe even a class action suite filed against them for lost business. And that's it. On Jun 20, 2013 11:28 PM, Hal Murray hmur...@megapathdsl.net wrote:
Re: Need help in flushing DNS
Hi, Do we know which DNS server started leaking the poisoned entry? Being new to this, i still dont understand how could a hacker gain access to the DNS server and corrupt the entry there? Wouldnt it require special admin rights, etc. to log in? Glen On Thu, Jun 20, 2013 at 11:32 AM, Paul Ferguson fergdawgs...@gmail.comwrote: Hanlon's razor? Misconfiguration. Perhaps not done in malice, but I have no idea where the poison leaked in, or why. :-) - ferg On Wed, Jun 19, 2013 at 10:49 PM, Alex Buie alex.b...@frozenfeline.net wrote: Anyone have news/explanation about what's happening/happened? On Wed, Jun 19, 2013 at 10:34 PM, Paul Ferguson fergdawgs...@gmail.com wrote: Sure enough: ; DiG 9.7.3 @localhost yelp.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 53267 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;yelp.com. IN A ;; ANSWER SECTION: yelp.com. 300 IN A 204.11.56.20 ;; Query time: 143 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jun 20 07:33:13 2013 ;; MSG SIZE rcvd: 42 NetRange: 204.11.56.0 - 204.11.59.255 CIDR: 204.11.56.0/22 OriginAS: AS40034 NetName: CONFLUENCE-NETWORKS--TX3 NetHandle: NET-204-11-56-0-1 Parent: NET-204-0-0-0-0 NetType: Direct Allocation Comment: Hosted in Austin TX. Comment: Abuse : Comment: ab...@confluence-networks.com Comment: +1-917-386-6118 RegDate: 2012-09-24 Updated: 2012-09-24 Ref: http://whois.arin.net/rest/net/NET-204-11-56-0-1 OrgName: Confluence Networks Inc OrgId: CN Address: 3rd Floor, Omar Hodge Building, Wickhams Address: Cay I, P.O. Box 362 City: Road Town StateProv: Tortola PostalCode: VG1110 Country: VG RegDate: 2011-04-07 Updated: 2011-07-05 Ref: http://whois.arin.net/rest/org/CN OrgAbuseHandle: ABUSE3065-ARIN OrgAbuseName: Abuse Admin OrgAbusePhone: +1-917-386-6118 OrgAbuseEmail: ab...@confluence-networks.com OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3065-ARIN OrgNOCHandle: NOCAD51-ARIN OrgNOCName: NOC Admin OrgNOCPhone: +1-415-462-7734 OrgNOCEmail: n...@confluence-networks.com OrgNOCRef: http://whois.arin.net/rest/poc/NOCAD51-ARIN OrgTechHandle: TECHA29-ARIN OrgTechName: Tech Admin OrgTechPhone: +1-415-358-0858 OrgTechEmail: ipad...@confluence-networks.com OrgTechRef: http://whois.arin.net/rest/poc/TECHA29-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # - ferg On Wed, Jun 19, 2013 at 10:30 PM, Grant Ridder shortdudey...@gmail.com wrote: Yelp is evidently also affected On Wed, Jun 19, 2013 at 10:19 PM, John Levine jo...@iecc.com wrote: Reaching out to DNS operators around the globe. Linkedin.com has had some issues with DNS and would like DNS operators to flush their DNS. If you see www.linkedin.com resolving NS to ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS. Any other info please reach out to me off-list. While you're at it, www.usps.com, www.fidelity.com, and other well known sites have had DNS poisoning problems. When I restarted my cache, they look OK. -- Fergie, a.k.a. Paul Ferguson fergdawgster(at)gmail.com -- Fergie, a.k.a. Paul Ferguson fergdawgster(at)gmail.com
Re: Need help in flushing DNS
Not sure of some of the underlying details of the mechanics right now. http://news.softpedia.com/news/LinkedIn-Outage-Caused-by-DDOS-Attack-on-Network-Solutions-362473.shtml - ferg On Fri, Jun 21, 2013 at 5:22 PM, Glen Kent glen.k...@gmail.com wrote: Hi, Do we know which DNS server started leaking the poisoned entry? Being new to this, i still dont understand how could a hacker gain access to the DNS server and corrupt the entry there? Wouldnt it require special admin rights, etc. to log in? Glen On Thu, Jun 20, 2013 at 11:32 AM, Paul Ferguson fergdawgs...@gmail.com wrote: Hanlon's razor? Misconfiguration. Perhaps not done in malice, but I have no idea where the poison leaked in, or why. :-) - ferg On Wed, Jun 19, 2013 at 10:49 PM, Alex Buie alex.b...@frozenfeline.net wrote: Anyone have news/explanation about what's happening/happened? On Wed, Jun 19, 2013 at 10:34 PM, Paul Ferguson fergdawgs...@gmail.comwrote: Sure enough: ; DiG 9.7.3 @localhost yelp.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 53267 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;yelp.com. IN A ;; ANSWER SECTION: yelp.com. 300 IN A 204.11.56.20 ;; Query time: 143 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jun 20 07:33:13 2013 ;; MSG SIZE rcvd: 42 NetRange: 204.11.56.0 - 204.11.59.255 CIDR: 204.11.56.0/22 OriginAS: AS40034 NetName: CONFLUENCE-NETWORKS--TX3 NetHandle: NET-204-11-56-0-1 Parent: NET-204-0-0-0-0 NetType: Direct Allocation Comment: Hosted in Austin TX. Comment: Abuse : Comment: ab...@confluence-networks.com Comment: +1-917-386-6118 RegDate: 2012-09-24 Updated: 2012-09-24 Ref: http://whois.arin.net/rest/net/NET-204-11-56-0-1 OrgName: Confluence Networks Inc OrgId: CN Address: 3rd Floor, Omar Hodge Building, Wickhams Address: Cay I, P.O. Box 362 City: Road Town StateProv: Tortola PostalCode: VG1110 Country: VG RegDate: 2011-04-07 Updated: 2011-07-05 Ref: http://whois.arin.net/rest/org/CN OrgAbuseHandle: ABUSE3065-ARIN OrgAbuseName: Abuse Admin OrgAbusePhone: +1-917-386-6118 OrgAbuseEmail: ab...@confluence-networks.com OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3065-ARIN OrgNOCHandle: NOCAD51-ARIN OrgNOCName: NOC Admin OrgNOCPhone: +1-415-462-7734 OrgNOCEmail: n...@confluence-networks.com OrgNOCRef: http://whois.arin.net/rest/poc/NOCAD51-ARIN OrgTechHandle: TECHA29-ARIN OrgTechName: Tech Admin OrgTechPhone: +1-415-358-0858 OrgTechEmail: ipad...@confluence-networks.com OrgTechRef: http://whois.arin.net/rest/poc/TECHA29-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # - ferg On Wed, Jun 19, 2013 at 10:30 PM, Grant Ridder shortdudey...@gmail.com wrote: Yelp is evidently also affected On Wed, Jun 19, 2013 at 10:19 PM, John Levine jo...@iecc.com wrote: Reaching out to DNS operators around the globe. Linkedin.com has had some issues with DNS and would like DNS operators to flush their DNS. If you see www.linkedin.com resolving NS to ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS. Any other info please reach out to me off-list. While you're at it, www.usps.com, www.fidelity.com, and other well known sites have had DNS poisoning problems. When I restarted my cache, they look OK. -- Fergie, a.k.a. Paul Ferguson fergdawgster(at)gmail.com -- Fergie, a.k.a. Paul Ferguson fergdawgster(at)gmail.com -- Fergie, a.k.a. Paul Ferguson fergdawgster(at)gmail.com
Re: Need help in flushing DNS
The indications and claim are that the root cause was registrar internal goof, not hostile action against name servers. The story is not yet detailed enough to add up; getting from point A to point B requires steps that so far don't really make sense. A more detailed explanation is hopefully to be forthcoming... On Fri, Jun 21, 2013 at 5:22 PM, Glen Kent glen.k...@gmail.com wrote: Hi, Do we know which DNS server started leaking the poisoned entry? Being new to this, i still dont understand how could a hacker gain access to the DNS server and corrupt the entry there? Wouldnt it require special admin rights, etc. to log in? Glen On Thu, Jun 20, 2013 at 11:32 AM, Paul Ferguson fergdawgs...@gmail.com wrote: Hanlon's razor? Misconfiguration. Perhaps not done in malice, but I have no idea where the poison leaked in, or why. :-) - ferg On Wed, Jun 19, 2013 at 10:49 PM, Alex Buie alex.b...@frozenfeline.net wrote: Anyone have news/explanation about what's happening/happened? On Wed, Jun 19, 2013 at 10:34 PM, Paul Ferguson fergdawgs...@gmail.com wrote: Sure enough: ; DiG 9.7.3 @localhost yelp.com A ; (1 server found) ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 53267 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;yelp.com. IN A ;; ANSWER SECTION: yelp.com. 300 IN A 204.11.56.20 ;; Query time: 143 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Jun 20 07:33:13 2013 ;; MSG SIZE rcvd: 42 NetRange: 204.11.56.0 - 204.11.59.255 CIDR: 204.11.56.0/22 OriginAS: AS40034 NetName: CONFLUENCE-NETWORKS--TX3 NetHandle: NET-204-11-56-0-1 Parent: NET-204-0-0-0-0 NetType: Direct Allocation Comment: Hosted in Austin TX. Comment: Abuse : Comment: ab...@confluence-networks.com Comment: +1-917-386-6118 RegDate: 2012-09-24 Updated: 2012-09-24 Ref: http://whois.arin.net/rest/net/NET-204-11-56-0-1 OrgName: Confluence Networks Inc OrgId: CN Address: 3rd Floor, Omar Hodge Building, Wickhams Address: Cay I, P.O. Box 362 City: Road Town StateProv: Tortola PostalCode: VG1110 Country: VG RegDate: 2011-04-07 Updated: 2011-07-05 Ref: http://whois.arin.net/rest/org/CN OrgAbuseHandle: ABUSE3065-ARIN OrgAbuseName: Abuse Admin OrgAbusePhone: +1-917-386-6118 OrgAbuseEmail: ab...@confluence-networks.com OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3065-ARIN OrgNOCHandle: NOCAD51-ARIN OrgNOCName: NOC Admin OrgNOCPhone: +1-415-462-7734 OrgNOCEmail: n...@confluence-networks.com OrgNOCRef: http://whois.arin.net/rest/poc/NOCAD51-ARIN OrgTechHandle: TECHA29-ARIN OrgTechName: Tech Admin OrgTechPhone: +1-415-358-0858 OrgTechEmail: ipad...@confluence-networks.com OrgTechRef: http://whois.arin.net/rest/poc/TECHA29-ARIN # # ARIN WHOIS data and services are subject to the Terms of Use # available at: https://www.arin.net/whois_tou.html # - ferg On Wed, Jun 19, 2013 at 10:30 PM, Grant Ridder shortdudey...@gmail.com wrote: Yelp is evidently also affected On Wed, Jun 19, 2013 at 10:19 PM, John Levine jo...@iecc.com wrote: Reaching out to DNS operators around the globe. Linkedin.com has had some issues with DNS and would like DNS operators to flush their DNS. If you see www.linkedin.com resolving NS to ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS. Any other info please reach out to me off-list. While you're at it, www.usps.com, www.fidelity.com, and other well known sites have had DNS poisoning problems. When I restarted my cache, they look OK. -- Fergie, a.k.a. Paul Ferguson fergdawgster(at)gmail.com -- Fergie, a.k.a. Paul Ferguson fergdawgster(at)gmail.com -- -george william herbert george.herb...@gmail.com
Yahoo Postmaster
If there is a YAHOO! Postmaster contact available, can you please contact me off list? I need to investigate a customer's TS03 listing of a very large netblock (/16) and I'm afraid regular Yahoo! forms are leading me nowhere but frustration and no results. Thanks.
Re: /25's prefixes announced into global routing table?
Majdi S. Abbas wrote: On Fri, Jun 21, 2013 at 01:56:02PM -0600, Michael McConnell wrote: As the IPv4 space get smaller and smaller, does anyone think we'll see a time when /25's will be accepted for global BGP prefix announcement. The current smallest size is a /24 and generally ok for most people, but the crunch gets tighter, routers continue to have more and more ram will it always be /24 the smallest size? RAM != FIB. For /24, cheap 16M entry SRAM == FIB The forwarding hardware is generally going to be the limit, and that's going to be painful enough as we approach a half million prefixes. True. And that's why we must avoid IPv6. Masataka Ohta
Need ATT Contact
ATT screwed up the porting of our DIDs and we’re completely down, account rep has left for the weekend. Anyone have a contact? Brent Meshier ▪ Director Information Technology ▪ Amherst Holdings LLC 7801 North Capital of Texas Hwy ▪ Suite 300 ▪ Austin, TX 78731 512.342.3010 ▪ Fax 512.342.3097▪ Cell 650-278-3137 www.amherst.comhttp://www.amherst.com/ ▪ bmesh...@amherst.commailto:bmesh...@amherst.com The material contained herein is for informational purposes only and is not intended as an offer or solicitation with respect to the purchase or sale of securities. The decision of whether to adopt any strategy or to engage in any transaction and the decision of whether any strategy or transaction fits into an appropriate portfolio structure remains the responsibility of the customer and/or its advisors. Past performance on the underlying securities is no guarantee of future results. This material is intended for use by institutional clients only and not for use by the general public. Portions of this material may incorporate information provided by third party market data sources. Although this information has been obtained from and based upon sources believed to be reliable, neither Amherst Holdings, LLC nor any of its affiliates guarantee the accuracy or completeness of the information contained herein, and cannot be held responsible for inaccuracies in such third party data or the data supplied to the third party by issuers or guarantors. This report constitutes Amherst’s views as of the date of the report and is subject to change without notice. This information does not purport to be a complete analysis of any security, company or industry, including but not limited to any claim as to the prepayment consistency and/or the future performance of any securities or structures. To the extent applicable, change in prepayment rates and/or payments may significantly affect yield, price, total return and average life. Our affiliate, Amherst Securities Group, L.P., may have a position in securities discussed in this material.
Re: /25's prefixes announced into global routing table?
The forwarding hardware is generally going to be the limit, and that's going to be painful enough as we approach a half million prefixes. True. And that's why we must avoid IPv6. Masataka Ohta Great comment. :D -- Michael McConnell WINK Streaming; email: mich...@winkstreaming.com phone: +1 312 281-5433 x 7400 cell: +506 8706-2389 skype: wink-michael web: http://winkstreaming.com
RE: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
It's 120M if you add the .COM and the .NET's together, both of which NetSol is responsible for. http://www.verisigninc.com/en_US/products-and-services/domain-name-services/ registry-products/tld-zone-access/index.xhtml Frank -Original Message- From: Nicolai [mailto:nicolai-na...@chocolatine.org] Sent: Friday, June 21, 2013 11:16 AM To: nanog@nanog.org Subject: Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS) On Thu, Jun 20, 2013 at 05:28:17PM -0400, valdis.kletni...@vt.edu wrote: It's relatively small when you consider there's something like 140M .com's Just FWIW, the current size of .com is roughly 109M domains. Someday it will reach 140M but not today. Nicolai
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
In article 001a01ce6ef9$bf74d4a0$3e5e7de0$@iname.com you write: It's 120M if you add the .COM and the .NET's together, both of which NetSol is responsible for. http://www.verisigninc.com/en_US/products-and-services/domain-name-services/ registry-products/tld-zone-access/index.xhtml In late breaking news, Verisign spun off Network Solutions in 2003, and the two companies have been unrelated for the past decade. These days NetSol is just another registrar. Since 2011 it has been part of web hosting company web.com. R's, John
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
I know how we got here, but perhaps we can take corporate parentage and how big .com is now to -discuss? What happened with the registry data that caused the outage and what can / should be done about it / to prevent it happening again still seem to me to be operational topics. George William Herbert Sent from my iPhone
Re: Network diagnostics for the end user
May sound silly, but in another life I faced a similar problem and by hosting local SpeedTest.net servers in our network we could fend off many of these calls. But I guess it will depend on your customers, whether they take it or not. cheers, ~Carlos On 6/20/13 9:45 PM, Jeffrey Ollie wrote: Are there any tools out there that we could give to our end users to help diagnose network problems? We get a lot of the Internet is slow support calls and it would be helpful if we had something that would run on the end user's computer and help characterize the problem. We have central monitoring system of course but that doesn't always give a complete picture, as the problem could always be on the end user's computer - slow hard drive, not enough memory, wrong name servers, etc.
Re: /25's prefixes announced into global routing table?
The forwarding hardware is generally going to be the limit, and that's going to be painful enough as we approach a half million prefixes. True. And that's why we must avoid IPv6. This is not only wrong, it makes no sense whatsoever. Owen
Re: PRISM: NSA/FBI Internet data mining project
http://www.guardian.co.uk/uk/2013/jun/21/gchq-cables-secret-world-communica tions-nsa I suppose they really are tapping all of the fiber.. Huh? On 6/21/13 11:42 AM, Phil Fagan philfa...@gmail.com wrote: I guess the moral here isdon't do anything wrong. :-D On Fri, Jun 21, 2013 at 12:31 PM, William Herrin b...@herrin.us wrote: On Fri, Jun 21, 2013 at 11:19 AM, Owen DeLong o...@delong.com wrote: On Jun 21, 2013, at 5:10 PM, Phil Fagan philfa...@gmail.com wrote: I would think this is only an issue if they throw out the Fourth in that when they use that data collected inadvertantly to build a case a against you they use no other data collected under a proper warrant. That statement ignores a longstanding legal principle known as fruit of the poison tree. Howdy, In spite of what you may have seen on TV, law enforcement is not required to ignore evidence of a crime which turns up during a lawful search merely because it's evidence of a different crime. Fruit of the poisonous tree applies when the original search for whatever it was they were originally looking for is unlawful. Supposedly the FISA court found the NSA's troll for terrorists to be lawful. Once that's true, evidence of any crime may be lawfully introduced in court. For a fun read, check out the Ilustrated Guide to Criminal Law: http://lawcomic.net/guide/?p=18 Regards, Bill Herrin -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004 -- Phil Fagan Denver, CO 970-480-7618
Re: /25's prefixes announced into global routing table?
The forwarding hardware is generally going to be the limit, and that's going to be painful enough as we approach a half million prefixes. I would expect that we might finally see some pushback against networks that announce lots of disaggregated prefixes. The current CIDR report notes that the 400K prefixes could be 260K if aggregated. I realize it's not quite that simple due to issues of longer prefixes taking precedence over shorter ones, but it is my impression that there's a lot of sloppiness.
Re: /25's prefixes announced into global routing table?
On 06/22/2013 12:44 AM, Owen DeLong wrote: The forwarding hardware is generally going to be the limit, and that's going to be painful enough as we approach a half million prefixes. True. And that's why we must avoid IPv6. This is not only wrong, it makes no sense whatsoever. So here's a question: has anyone done any musings/reasearch on how big of a global IPv6 table we could expect given current policies if IPv6 were as widely deployed and used as IPv4 (or if IPv4 didn't exist)? -- Brandon Martin
Re: /25's prefixes announced into global routing table?
On Jun 22, 2013, at 7:19 AM, Brandon Martin lists.na...@monmotha.net wrote: On 06/22/2013 12:44 AM, Owen DeLong wrote: The forwarding hardware is generally going to be the limit, and that's going to be painful enough as we approach a half million prefixes. True. And that's why we must avoid IPv6. This is not only wrong, it makes no sense whatsoever. So here's a question: has anyone done any musings/reasearch on how big of a global IPv6 table we could expect given current policies if IPv6 were as widely deployed and used as IPv4 (or if IPv4 didn't exist)? -- Brandon Martin Yes… It will probably settle out somewhere around 100-125K routes. Owen
