Re: turning on comcast v6

[Enno Rey]

Hi,

On Thu, Jan 02, 2014 at 08:57:14PM -0800, Matthew Kaufman wrote:
> On 12/30/2013 4:56 PM, Owen DeLong wrote:
> > You can accomplish the same thing in IPv4?.
> >
> >
> > Plug in Sally?s PC with Internet Connection Sharing turned on and watch as 
> > her
> > DHCP server takes over your network.

for the record it should be noted that this particular issue was fixed by 
Microsoft a while ago (see http://support.microsoft.com/kb/2750841/en-us).

best

Enno






> 
> Not nearly as fast as bad RAs do (as others have pointed out).
> 
> >
> > Yes, you have to pay attention when you plug in a router just like you?d 
> > have to pay attention if you plugged in a DHCP server you were getting 
> > ready to recycle.
> 
> But the ability to plug in a not-router and break things is oh so much 
> greater.
> >
> > Incompetence in execution really isn?t the protocol?s fault.
> 
> But it is the protocol designer's fault... and once shipped, the 
> protocol's fault. There's all sorts of things that were known at the 
> time IPv6 was designed that the designers failed to build solutions for. 
> As an example, routers *could* be a lot smarter about sending RAs on a 
> network where routers are already present, but that's not in the spec.
> 
> Neither the ND DOS attack nor the need to protect against bogus RAs on 
> every port of your switch but one (or rarely, two) are things that 
> should have been a post-deployment surprise (to name just a couple pet 
> peeves of mine... there's more design flaws that could have been easily 
> avoided had enough people cared to do so).
> 
> Matthew Kaufman
> 
> 
> 

-- 
Enno Rey

ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de
Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 

Handelsregister Mannheim: HRB 337135
Geschaeftsfuehrer: Enno Rey

===
Blog: www.insinuator.net || Conference: www.troopers.de
===

Re: turning on comcast v6

[TJ]

I'd argue that while the timing may be different, RA and DHCP attacks are
largely the same and are simply variations on a theme.

And, regardless of the protocol in question, represent attacks which should
be defended against.

As is often (always?) the case, there are tradeoffs - and the pros and cons
of those tradeoffs will be weighted differently by different parties.

/TJ

On Jan 3, 2014 12:00 AM, "Matthew Kaufman"  wrote:
>
> On 12/30/2013 4:56 PM, Owen DeLong wrote:
>>
>> You can accomplish the same thing in IPv4….
>>
>>
>> Plug in Sally’s PC with Internet Connection Sharing turned on and watch
as her
>> DHCP server takes over your network.
>
>
> Not nearly as fast as bad RAs do (as others have pointed out).
>
>
>>
>> Yes, you have to pay attention when you plug in a router just like you’d
have to pay attention if you plugged in a DHCP server you were getting
ready to recycle.
>
>
> But the ability to plug in a not-router and break things is oh so much
greater.
>
>>
>> Incompetence in execution really isn’t the protocol’s fault.
>
>
> But it is the protocol designer's fault... and once shipped, the
protocol's fault. There's all sorts of things that were known at the time
IPv6 was designed that the designers failed to build solutions for. As an
example, routers *could* be a lot smarter about sending RAs on a network
where routers are already present, but that's not in the spec.
>
> Neither the ND DOS attack nor the need to protect against bogus RAs on
every port of your switch but one (or rarely, two) are things that should
have been a post-deployment surprise (to name just a couple pet peeves of
mine... there's more design flaws that could have been easily avoided had
enough people cared to do so).
>
> Matthew Kaufman
>
>
>

Re: Open source hardware

[Jorge Amodio]

I use a RouterBoard with RouterOS and afaik not the hardware nor the software 
are open

-Jorge

> On Jan 2, 2014, at 9:53 AM, Faisal Imtiaz  wrote:
> 
> Have you looked at Mikrotik.com (Software) and Routerboard.com (Hardware)
> 

Re: Open source hardware

[Jimmy Hess]

On Thu, Jan 2, 2014 at 8:53 PM, Andrew Duey <
andrew.d...@widerangebroadband.net> wrote:

> I'm surprised nobody's mentioned vyatta.org or the new fork of VyOs.  We
> are currently using the vyatta community edition and so far it's been good
> to to us.  It depends on your hardware and how small of an ISP you are but
> it might be a great open source fit for you.


The orig. author has potentially set course for a world of hurt --  if the
plan is to scrap robust packaged highly-validated gear having separate
hardware forwarding planes and ASIC-driven filtering,  to stick cheap x86
servers in the SP core and internet borders.

Sure... anyone can install Vyatta on a x86 server,   but  assembly of all
the pieces and full validation for a resilient platform comparable to
carrier grade gear, for a mission critical network,  should be a bit more
involved than that.

Next up   how to build your own  10-Gigabit  SFPs to avoid paying for
expensive brand-name SFPs,  by putting together some chips,  wires,  fiber,
and tying it all together with a piece of duck tape

just saying... :)


> --Andrew Duey
>
--
-JH

Re: turning on comcast v6

[Matthew Kaufman]

On 12/30/2013 4:56 PM, Owen DeLong wrote:

You can accomplish the same thing in IPv4….


Plug in Sally’s PC with Internet Connection Sharing turned on and watch as her
DHCP server takes over your network.


Not nearly as fast as bad RAs do (as others have pointed out).



Yes, you have to pay attention when you plug in a router just like you’d have 
to pay attention if you plugged in a DHCP server you were getting ready to 
recycle.


But the ability to plug in a not-router and break things is oh so much 
greater.


Incompetence in execution really isn’t the protocol’s fault.


But it is the protocol designer's fault... and once shipped, the 
protocol's fault. There's all sorts of things that were known at the 
time IPv6 was designed that the designers failed to build solutions for. 
As an example, routers *could* be a lot smarter about sending RAs on a 
network where routers are already present, but that's not in the spec.


Neither the ND DOS attack nor the need to protect against bogus RAs on 
every port of your switch but one (or rarely, two) are things that 
should have been a post-deployment surprise (to name just a couple pet 
peeves of mine... there's more design flaws that could have been easily 
avoided had enough people cared to do so).


Matthew Kaufman

RE: Comcast/Level3 issues

[R W]

I'm seeing the same as well. Can anyone from Comcast/Level(3) reach out to me 
or provide comment. We're seeing heavy jitter and some packet loss most 
noticeable in NYC area connections between Level(3) and Comcast.
-Rob

> Date: Tue, 31 Dec 2013 09:45:00 -0800
> Subject: Comcast/Level3 issues
> From: dwh...@gmail.com
> To: nanog@nanog.org
> 
> Looking for a networking contact at comcast and/or level3.  I've been
> having some slow speed issues with hitting some sites that's going through
> level3 and I think there might be some congestion.
> 
> Doug
  

Re: Open source hardware

[Andrew Duey]

I'm surprised nobody's mentioned vyatta.org or the new fork of VyOs.  We are 
currently using the vyatta community edition and so far it's been good to to 
us.  It depends on your hardware and how small of an ISP you are but it might 
be a great open source fit for you.

--Andrew Duey

On Jan 2, 2014, at 10:37 AM, Chris Russell  wrote:

> 
>> haven't been able to find anything that would fulfill the requirements that
>> a smallish ISP might have.
> 
> The Cumulus guys might be able to provide some pointers ?
> 
> http://cumulusnetworks.com/
> 
> Chris
> 
> 

RE: What's up at AOL?

[Frank Bulk]

We saw noticeable AOL email delivery issues on the 26th and 27th, but not
since then.  I saw nothing queued up New Year's Eve or New Year's Day.
Today we saw a very few delivery delays, but that cleared up by 2:45 pm
Central.  The message we get is:
Site aol.com () said after data sent: 421 4.2.1 "Service
unavailable. Please try again later."

Frank

P.S. I'd encourage folk to join the mailop listserv
(http://chilli.nosignal.org/mailman/listinfo/mailop) if they want to stay
abreast of such issues (note that the listserv tries its hardest to avoid
mail abuse issues, encouraging those folk to discuss those topics in avenues
that specialize in them).  I can't say that the mailop listserv has email
admins for all the major freemail providers (if they do, they're lurking),
but there's a reasonably sized community of ISPs and dotcom companies.

-Original Message-
From: Nick Olsen [mailto:n...@flhsi.com] 
Sent: Thursday, January 02, 2014 12:24 PM
To: Barry Shein; nanog@nanog.org
Subject: re: What's up at AOL?

We're seeing mail backup toward AOL as well. All coming back Service 
Unavailable.

postmas...@aol.com has not responded to our inquiry yet.

Nick Olsen
 Network Operations 
(855) FLSPEED  x106


From: "Barry Shein" 
Sent: Thursday, January 02, 2014 12:46 PM
To: nanog@nanog.org
Subject: What's up at AOL?

They've been accepting email only occasionally for a few days now.

We're on FBL, check reputation is good/green.

Sometimes we get DYN:T2 (according to AOL that's their code for it's
our, AOL's, problem), sometimes just various forms of try later,
Service not available, deferred, etc. typically after the DATA is sent
so MAIL FROM and RCPT TO are ok or no error.

I did get one response from postmas...@aol.com which said it was all
fixed yesterday which it was for several hours and today thousands of
msgs backed up for them again.

I am just asking if anyone knows what's going on even in general
terms.

That is, should we stop fussing with this (everyone's hosed w/ AOL
this week?) or is it just us?

-- 
-Barry Shein

The World  | b...@theworld.com   | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, 
Canada
Software Tool & Die| Public Access Internet | SINCE 1989 *oo*

Re: What's up at AOL?

[Jay Moran]

On Thu, Jan 2, 2014 at 8:02 PM, Jay Ashworth  wrote:

> Any chance this is related to the NoVa fiber outage being discussed on
> Outages?
>

Not related. With the best non-answer I can muster right now: I decided not
to reply after Peter replied. -- Jay Moran

Re: What's up at AOL?

[Jay Ashworth]

- Original Message -
> From: "Robert L Mathews" 

> > That is, should we stop fussing with this (everyone's hosed w/ AOL
> > this week?) or is it just us?
> 
> It's probably not just you. It's been happening intermittently to many
> people since December 26. See, for example:

Any chance this is related to the NoVa fiber outage being discussed on Outages?

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

RE: Mikrotik Cloud Core Router and BGP real life experiences?

[Geraint Jones]

As an update we put the first two into production on NYE

Everything working as expected so far...

Re: [SPAM]RE: [SPAM]RE: Mikrotik Cloud Core Router and BGP real life experiences?

[Rob Seastrom]

"Dennis Burgess"  writes:

> Mikrotik really relies on its list of consultants and trainers,
> these are all outside companies, yes such as mine, that provide the
> higher class of "support" than MikroTik own e-mail. .  While their
> e-mail does have a lack of responsiveness, I was told the volume
> that they do get form other parts of the world, not saying that's an
> excuse, but it is what it is.

This wasn't a support issue; it was bug reports.  Things such as:

* your CLI has an incomplete implementation of the Emacs key bindings
  (detailed list elided here on nanog@for brevity's sake but if you've ever
  used Mikrotik kit and are a seasoned CLI user on C and J platforms
  you know what I'm talking about); please consider fixing or adopting
  libcli, gnu readline, or somesuch in future releases.

* your GRE implementation always has a protocol type of 0x0800 in the
  GRE header even when it is forwarding an IPv6 packet (packet dumps
  attached).

* ssh sessions crash when ServerAliveInterval SSH application layer
  keepalives kick off.  See http://www.openssh.org/faq.html section
  2.12 or http://www.kehlet.cx/articles/129.html To replicate: ssh -o
  ServerAliveInterval=120 admin@myrouter (to their credit this was
  eventually fixed in 5.x - this behavior was observed in 5.0rc4)

* /ping and /tool/traceroute fail for a DNS name for which there is
  no A record, only an  record (although both commands will
  accept an IPv6 address as digits).  This is still a problem today.

* When trying to remove files, it seems that they are not removed by
  number, but rather by name, despite what the online help says.

There was more stuff along those lines.  "Thanks for the bug reports;
I made sure to open tickets for them but we can't commit to when or if
they'll get addressed due to competing priorities but they've
absolutely been documented" would have been a fine reply; I completely
understand the Real World considerations involved and that my
priorities were not necessarily their priorities.  Unfortunately the
return email left me with the impression that nobody cared and that
they were not equipped to handle issues brought to their attention by
people with field experience, hence the unfavorable parallels to the
"big guys".

Note that this has not kept my from speccing their kit when the task
calls for something that's surprisingly good considering how
inexpensive it is!  So maybe from a business perspective they were
entirely correct to blow me off - at least where it comes to "revenue
attributable to Rob Seastrom", the negative impact has been nil.

-r

Re: What's up at AOL?

[Peter Baldridge]

There was a note on the mailop list Dec 27 that mentioned they were
unofficially having a malware/virus issue but not much further.

On Thu, Jan 2, 2014 at 10:34 AM, Robert L Mathews  wrote:
> On 1/2/14, 9:40 AM, Barry Shein wrote:
>> They've been accepting email only occasionally for a few days now.
>>
>> We're on FBL, check reputation is good/green.
>>
>> [...]
>>
>> I am just asking if anyone knows what's going on even in general
>> terms.
>>
>> That is, should we stop fussing with this (everyone's hosed w/ AOL
>> this week?) or is it just us?
>
> It's probably not just you. It's been happening intermittently to many
> people since December 26. See, for example:
>
>  http://sitedown.co/aol/aol-smtp-in-appears-to-be-down
>
> And lots of recent, not-too-helpful Twitter conversations like:
>
>  https://twitter.com/TboneRyan/status/416577803752984578
>
> We saw this problem on December 26, 27, and 28, and are now seeing it
> again for the last 3 hours.
>
> --
> Robert L Mathews, Tiger Technologies, http://www.tigertech.net/
>

Re: What's up at AOL?

[Robert L Mathews]

On 1/2/14, 9:40 AM, Barry Shein wrote:
> They've been accepting email only occasionally for a few days now.
> 
> We're on FBL, check reputation is good/green.
>
> [...]
>
> I am just asking if anyone knows what's going on even in general
> terms.
> 
> That is, should we stop fussing with this (everyone's hosed w/ AOL
> this week?) or is it just us?

It's probably not just you. It's been happening intermittently to many
people since December 26. See, for example:

 http://sitedown.co/aol/aol-smtp-in-appears-to-be-down

And lots of recent, not-too-helpful Twitter conversations like:

 https://twitter.com/TboneRyan/status/416577803752984578

We saw this problem on December 26, 27, and 28, and are now seeing it
again for the last 3 hours.

-- 
Robert L Mathews, Tiger Technologies, http://www.tigertech.net/

re: What's up at AOL?

[Nick Olsen]

We're seeing mail backup toward AOL as well. All coming back Service 
Unavailable.

postmas...@aol.com has not responded to our inquiry yet.

Nick Olsen
 Network Operations 
(855) FLSPEED  x106


From: "Barry Shein" 
Sent: Thursday, January 02, 2014 12:46 PM
To: nanog@nanog.org
Subject: What's up at AOL?

They've been accepting email only occasionally for a few days now.

We're on FBL, check reputation is good/green.

Sometimes we get DYN:T2 (according to AOL that's their code for it's
our, AOL's, problem), sometimes just various forms of try later,
Service not available, deferred, etc. typically after the DATA is sent
so MAIL FROM and RCPT TO are ok or no error.

I did get one response from postmas...@aol.com which said it was all
fixed yesterday which it was for several hours and today thousands of
msgs backed up for them again.

I am just asking if anyone knows what's going on even in general
terms.

That is, should we stop fussing with this (everyone's hosed w/ AOL
this week?) or is it just us?

-- 
-Barry Shein

The World  | b...@theworld.com   | 
http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, 
Canada
Software Tool & Die| Public Access Internet | SINCE 1989 *oo*

What's up at AOL?

[Barry Shein]

They've been accepting email only occasionally for a few days now.

We're on FBL, check reputation is good/green.

Sometimes we get DYN:T2 (according to AOL that's their code for it's
our, AOL's, problem), sometimes just various forms of try later,
Service not available, deferred, etc. typically after the DATA is sent
so MAIL FROM and RCPT TO are ok or no error.

I did get one response from postmas...@aol.com which said it was all
fixed yesterday which it was for several hours and today thousands of
msgs backed up for them again.

I am just asking if anyone knows what's going on even in general
terms.

That is, should we stop fussing with this (everyone's hosed w/ AOL
this week?) or is it just us?


-- 
-Barry Shein

The World  | b...@theworld.com   | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Dial-Up: US, PR, Canada
Software Tool & Die| Public Access Internet | SINCE 1989 *oo*

Re: Open source hardware

[Chris Russell]

haven't been able to find anything that would fulfill the 
requirements that

a smallish ISP might have.


 The Cumulus guys might be able to provide some pointers ?

 http://cumulusnetworks.com/

Chris

Re: Open source hardware

[Matthew Walster]

On 2 January 2014 15:53, Faisal Imtiaz  wrote:

> Have you looked at Mikrotik.com (Software) and Routerboard.com (Hardware)
>

That's not Open Source.

M​​

Re: Open source hardware

[Faisal Imtiaz]

Have you looked at Mikrotik.com (Software) and Routerboard.com (Hardware)

Faisal Imtiaz
Snappy Internet & Telecom
7266 SW 48 Street
Miami, FL 33155
Tel: 305 663 5518 x 232

Help-desk: (305)663-5518 Option 2 or Email: supp...@snappytelecom.net 

- Original Message -
> From: "Daniël W. Crompton" 
> To: "nanog" 
> Sent: Thursday, January 2, 2014 10:48:39 AM
> Subject: Open source hardware
> 
> Hi,
> 
> a friend of mine mentioned he wants to migrate away from carrier grade
> equipment such as Juniper and Cisco to open source hardware. Both of us
> haven't been able to find anything that would fulfill the requirements that
> a smallish ISP might have.
> 
> Does anybody here have any advise?
> 
> Kind regards and best wishes for the new year,
> Daniël
> 
> 
> 
> Oplerno is built upon empowering faculty and students We want you to found
> (and fund) Oplerno with
> us
> [image: Support Us
> Here]
> --
> Daniël W. Crompton 
> 
> 
> 
> 
> http://specialbrands.net/
> 
>
> 
> 

Open source hardware

[Daniël W . Crompton]

Hi,

a friend of mine mentioned he wants to migrate away from carrier grade
equipment such as Juniper and Cisco to open source hardware. Both of us
haven't been able to find anything that would fulfill the requirements that
a smallish ISP might have.

Does anybody here have any advise?

Kind regards and best wishes for the new year,
Daniël



Oplerno is built upon empowering faculty and students We want you to found
(and fund) Oplerno with
us
[image: Support Us
Here]
-- 
Daniël W. Crompton 




http://specialbrands.net/

   

Re: Catalyst IOS refresher site?

[Jay Ashworth]

- Original Message -
> From: "Justin Wilson" 

> If it were me I would pickup a SupIII or SupIV off ebay. They are
> pretty cheap.

In fact, my vendor is an old client, so when the 4507 turned out to have
240-only power supplies (I rent), they swapped me out for a 4006, and we
card-swapped to leave me with:

* WS-X4515 Supervisor Engine IV
* An empty slot with a cover; 2 empty slots without covers
* WS-X4248-RJ45V 48-port POE
* WS-X4232-L3 Routing Engine, with 32 10/100 plus 2 of those large optical 
transceiver ports for which I have none of whatever we used to call GBICs
before they got tiny.  :-)

Holidays being what they are, I'm still digging out the bench, but I want
to say that the one time I consoled it and booted it on theirs, it said
12.5(20), or something thereabouts, before complaining it had no image to
boot from.

More fun to follow; everyone needs a New Year's resolution, right?

I mean, other than 3840x2160.

Cheers,
-- jra
-- 
Jay R. Ashworth  Baylink   j...@baylink.com
Designer The Things I Think   RFC 2100
Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII
St Petersburg FL USA   #natog  +1 727 647 1274

RE: [SPAM]RE: [SPAM]RE: Mikrotik Cloud Core Router and BGP real life experiences?

[Dennis Burgess]

Mikrotik really relies on its list of consultants and trainers, these are all 
outside companies, yes such as mine, that provide the higher class of "support" 
than MikroTik own e-mail. .  While their e-mail does have a lack of 
responsiveness, I was told the volume that they do get form other parts of the 
world, not saying that's an excuse, but it is what it is.

Many people in the WISP and smaller ISP markets rely on these consulting 
companies to not only help them with MikroTik but other hardware/software and 
business decisions, LTI (yes the company I work for) has more certified 
trainers and engineers for MikroTik than any other in North America, but there 
is a list from MikroTik that lists certified consultants available as well.

Dennis Burgess, Mikrotik Certified Trainer Author of "Learn RouterOS- Second 
Edition" 
 Link Technologies, Inc -- Mikrotik & WISP Support Services 
   
 Office: 314-735-0270 Website: http://www.linktechs.net - Skype: linktechs  
   
 -- Create Wireless Coverage's with www.towercoverage.com - 900Mhz - LTE - 3G - 
3.65 - TV Whitespace  


-Original Message-
From: Rob Seastrom [mailto:r...@seastrom.com] 
Sent: Thursday, January 02, 2014 6:16 AM
To: Justin Wilson
Cc: NANOG list
Subject: Re: [SPAM]RE: [SPAM]RE: Mikrotik Cloud Core Router and BGP real life 
experiences?


Justin Wilson  writes:

>   The biggest problem with Mikrotik is you just can¹t call them up for 
> support on buggy code. In a critical network this can be a major problem.

I've contacted them (via email) and the experience seems to be exactly the same 
as dealing with first level TAC at the big guys: the guy you contact doesn't 
care much about your problem once he realizes that it's a legitimate issue with 
their stuff and not simply a case of pilot error for which he can refer you to 
the documentation, and eventually you give up and develop a workaround, such as 
it is.

-r

Re: [SPAM]RE: [SPAM]RE: Mikrotik Cloud Core Router and BGP real life experiences?

[Rob Seastrom]

Justin Wilson  writes:

>   The biggest problem with Mikrotik is you just can¹t call them up for
> support on buggy code. In a critical network this can be a major problem.

I've contacted them (via email) and the experience seems to be exactly
the same as dealing with first level TAC at the big guys: the guy you
contact doesn't care much about your problem once he realizes that
it's a legitimate issue with their stuff and not simply a case of
pilot error for which he can refer you to the documentation, and
eventually you give up and develop a workaround, such as it is.

-r

Re: NSA able to compromise Cisco, Juniper, Huawei switches

[Eugeniu Patrascu]

On Thu, Jan 2, 2014 at 10:01 AM, Saku Ytti  wrote:

> On (2014-01-01 23:51 +0200), Eugeniu Patrascu wrote:
>
> > > Is this legal? Can NSA walk in to US based company and legally coerce
> to
> > > install such backdoor? If not, what is the incentive for private
> company to
> > > cooperate?
> > >
> >
> > As you might have seen from the beginning of time, people in power assume
> > anything can go until proven otherwise.
>
> This is mostly academic, as being legal or not being legal it's not
> appealing
> attack vector due to difficulties containing the information.
> But what I implied is, if it is legal, you'd have paper trail, like legal
> document from court.
>
>
I can't speak for NSA practices, but for example FBI asserted that they are
entitled to put GPS trackers on cars owned by people they suspected of
something without a court order. And they fought to the death in courts
when the suspects brought suits against them for violating their rights
with these practices.

It would assume that other agencies employ the same tactics and strong-arm
companies into doing their bidding with minimal paperwork. Let's not forget
that NSA vets all the security vendors and products that the USG uses and
it would be pretty easy for them to stop recommending SecurID tokens (main
RSA business is authentication) for government use.

The above presumption would have sounded crazy six months ago, but now...

Re: NSA able to compromise Cisco, Juniper, Huawei switches

[Saku Ytti]

On (2014-01-01 23:51 +0200), Eugeniu Patrascu wrote:

> > Is this legal? Can NSA walk in to US based company and legally coerce to
> > install such backdoor? If not, what is the incentive for private company to
> > cooperate?
> >
> 
> As you might have seen from the beginning of time, people in power assume
> anything can go until proven otherwise.

This is mostly academic, as being legal or not being legal it's not appealing
attack vector due to difficulties containing the information.
But what I implied is, if it is legal, you'd have paper trail, like legal
document from court.

-- 
  ++ytti