Comcast Postmaster IPv6 issue
We're wresting with a Comcast IPv6 SMTP block and none of the Comcast postmaster communication tools allows entering an IPv6 address. End result = brick wall. If anyone from the Comcast postmaster team is listening, a message off-list would be most appreciated.
Re: More specifics from AS18978
On Thu, Mar 26, 2015 at 11:26:07PM -0400, ML wrote: On 3/26/2015 6:20 PM, Nick Rose wrote: While investigating the issue we did find that the noction appliance stopped advertising the no export community string with its advertisements which is why certain prefixes were also seen. Wouldn't it be a BCP to set no-export from the Noction device too? Sure, but even that might not always prevent the fake paths from leaking to your eBGP neighbors. For instance, not too long ago there was this bug: Routes learned with the no-export community from an iBGP neighbor are being advertised to eBGP neighbors. This may occur on Cisco ASR 9000 Series Aggregation Services Routers. (don't remember BugID) In other words: it can happen to the best of us. You should not lie to yourself by inserting fake more-specific paths into routing tables. The moment your lies somehow manage to escape into the default-free-zone you are taking other businesses down. Whether the leak is caused by a bug in the router's software or human error, destroying other people's online presence is far beyond acceptable. If the same leak would've happened /without/ the fake more-specifics, it'd still be an issue, but the collateral damage would have been dampened. The leaked paths would have to compete with the normal paths and best-path selectors like as-path length apply. Using software to insert fake more-specific paths into your routing domain should be discouraged and frowned upon. Kind regards, Job
Re: More specifics from AS18978
On 27/Mar/15 12:03, Job Snijders wrote: Sure, but even that might not always prevent the fake paths from leaking to your eBGP neighbors. For instance, not too long ago there was this bug: Routes learned with the no-export community from an iBGP neighbor are being advertised to eBGP neighbors. This may occur on Cisco ASR 9000 Series Aggregation Services Routers. (don't remember BugID) In other words: it can happen to the best of us. Your upstream could also re-write any BGP communities you attach to your BGP updates; so unless co-ordinated, there is no real guarantee a NO_EXPORT community will be maintained/honoured within your upstream's network. Mark.
802.11 based WISP hardware
Hi all, I’m looking to gather some public opinion, links and pointers around the current landscape of WISP hardware vendors. I’m familiar with Cisco, Ruckus, AdTran, Motorola and Aruba (HP) but I’m wondering who else is out there that folks have used with success. My main areas of interest are around controller based (hardware or virtual (in-house, not off-net cloud based)) systems that have a range of indoor outdoor 802.11AC PoE capable APs. The controller(s) would be capable of tunnelling traffic from the APs for one or more SSIDs, support per-SSID captive portals and unique, intra-SSID captive portals. In a perfect world, an on-board DHCP server would be super handy too. The system should support CAPWAP, but some proprietary alternative is also fine, the usual suite of security protocols per SSID, reliable intra-SSID AP roaming algorithms and multi-SSID capable. Thanks in advance.
Re: 802.11 based WISP hardware
Definitely take a look at Mikrotik. The gear is very low-cost with very large feature set. I have not used their CAPWAP functionality, so I can't speak to that. Ubiquiti is also very good and can do most, if not all, of what you want. -dan Dan Brisson Network Engineer University of Vermont On 3/27/15 6:59 AM, Jason Lixfeld wrote: Hi all, I’m looking to gather some public opinion, links and pointers around the current landscape of WISP hardware vendors. I’m familiar with Cisco, Ruckus, AdTran, Motorola and Aruba (HP) but I’m wondering who else is out there that folks have used with success. My main areas of interest are around controller based (hardware or virtual (in-house, not off-net cloud based)) systems that have a range of indoor outdoor 802.11AC PoE capable APs. The controller(s) would be capable of tunnelling traffic from the APs for one or more SSIDs, support per-SSID captive portals and unique, intra-SSID captive portals. In a perfect world, an on-board DHCP server would be super handy too. The system should support CAPWAP, but some proprietary alternative is also fine, the usual suite of security protocols per SSID, reliable intra-SSID AP roaming algorithms and multi-SSID capable. Thanks in advance.
RE: 802.11 based WISP hardware
In my experience in the rural areas around DFW most of the smaller operations, such as I had until recently, used Mikrotik equipment. Around here SkyBeam has bought out all of the small and most of the large WISPs. They retired the Mikrotik equipment in favor of Motorola Canopy originally. I was told the Canopy line may have been sold to someone else. I think Cambium. The Mikrotik equipment I had at the top of my 96 foot tall tower was rock solid. Never a hiccup in years of service in all kinds of weather. Of course I did a proper standards based installation including bonding and grounding. Proper installation makes a big difference no matter what you use. Kenneth M. Chipps Ph.D. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jason Lixfeld Sent: Friday, March 27, 2015 6:00 AM To: NANOG Subject: 802.11 based WISP hardware Hi all, I’m looking to gather some public opinion, links and pointers around the current landscape of WISP hardware vendors. I’m familiar with Cisco, Ruckus, AdTran, Motorola and Aruba (HP) but I’m wondering who else is out there that folks have used with success. My main areas of interest are around controller based (hardware or virtual (in-house, not off-net cloud based)) systems that have a range of indoor outdoor 802.11AC PoE capable APs. The controller(s) would be capable of tunnelling traffic from the APs for one or more SSIDs, support per-SSID captive portals and unique, intra-SSID captive portals. In a perfect world, an on-board DHCP server would be super handy too. The system should support CAPWAP, but some proprietary alternative is also fine, the usual suite of security protocols per SSID, reliable intra-SSID AP roaming algorithms and multi-SSID capable. Thanks in advance.
RE: 802.11 based WISP hardware
I have noticed that larger companies do not like Mikrotik. Its market centered on the mom and pop operations around here. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mike Hammett Sent: Friday, March 27, 2015 7:34 AM To: NANOG Subject: Re: 802.11 based WISP hardware Ken Chipps, there's a name I haven't seen in a while. Motorola did sell the Canopy line off to private equity and is now Cambiun Networks. I started with Mikrotik in my WISP and still use them for routers and switches, but I cannot recommend them for the fixed wireless portion. They haven't pursued FCC certification for 5150 - 5350 or 5470 - 5725. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Kenneth M. Chipps Ph.D. chi...@chipps.com To: NANOG nanog@nanog.org Sent: Friday, March 27, 2015 6:40:35 AM Subject: RE: 802.11 based WISP hardware In my experience in the rural areas around DFW most of the smaller operations, such as I had until recently, used Mikrotik equipment. Around here SkyBeam has bought out all of the small and most of the large WISPs. They retired the Mikrotik equipment in favor of Motorola Canopy originally. I was told the Canopy line may have been sold to someone else. I think Cambium. The Mikrotik equipment I had at the top of my 96 foot tall tower was rock solid. Never a hiccup in years of service in all kinds of weather. Of course I did a proper standards based installation including bonding and grounding. Proper installation makes a big difference no matter what you use. Kenneth M. Chipps Ph.D. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jason Lixfeld Sent: Friday, March 27, 2015 6:00 AM To: NANOG Subject: 802.11 based WISP hardware Hi all, I’m looking to gather some public opinion, links and pointers around the current landscape of WISP hardware vendors. I’m familiar with Cisco, Ruckus, AdTran, Motorola and Aruba (HP) but I’m wondering who else is out there that folks have used with success. My main areas of interest are around controller based (hardware or virtual (in-house, not off-net cloud based)) systems that have a range of indoor outdoor 802.11AC PoE capable APs. The controller(s) would be capable of tunnelling traffic from the APs for one or more SSIDs, support per-SSID captive portals and unique, intra-SSID captive portals. In a perfect world, an on-board DHCP server would be super handy too. The system should support CAPWAP, but some proprietary alternative is also fine, the usual suite of security protocols per SSID, reliable intra-SSID AP roaming algorithms and multi-SSID capable. Thanks in advance.
RE: 802.11 based WISP hardware
Try Unifi by Ubiquiti. We use it for our public hotspots and our internal network. Very easy to manage, and you can load the controller in a VMWare instance. Eric Rogers PDSConnect www.pdsconnect.me (317) 831-3000 x200 -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jason Lixfeld Sent: Friday, March 27, 2015 7:00 AM To: NANOG Subject: 802.11 based WISP hardware Hi all, I’m looking to gather some public opinion, links and pointers around the current landscape of WISP hardware vendors. I’m familiar with Cisco, Ruckus, AdTran, Motorola and Aruba (HP) but I’m wondering who else is out there that folks have used with success. My main areas of interest are around controller based (hardware or virtual (in-house, not off-net cloud based)) systems that have a range of indoor outdoor 802.11AC PoE capable APs. The controller(s) would be capable of tunnelling traffic from the APs for one or more SSIDs, support per-SSID captive portals and unique, intra-SSID captive portals. In a perfect world, an on-board DHCP server would be super handy too. The system should support CAPWAP, but some proprietary alternative is also fine, the usual suite of security protocols per SSID, reliable intra-SSID AP roaming algorithms and multi-SSID capable. Thanks in advance.
Re: 802.11 based WISP hardware
I would also caution those considering ubiquiti for anything fixed right now. They have a number of unaddressed issues with UNII frequencies and DFS. Jared Mauch On Mar 27, 2015, at 7:33 AM, Mike Hammett na...@ics-il.net wrote: Ken Chipps, there's a name I haven't seen in a while. Motorola did sell the Canopy line off to private equity and is now Cambiun Networks. I started with Mikrotik in my WISP and still use them for routers and switches, but I cannot recommend them for the fixed wireless portion. They haven't pursued FCC certification for 5150 - 5350 or 5470 - 5725. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Kenneth M. Chipps Ph.D. chi...@chipps.com To: NANOG nanog@nanog.org Sent: Friday, March 27, 2015 6:40:35 AM Subject: RE: 802.11 based WISP hardware In my experience in the rural areas around DFW most of the smaller operations, such as I had until recently, used Mikrotik equipment. Around here SkyBeam has bought out all of the small and most of the large WISPs. They retired the Mikrotik equipment in favor of Motorola Canopy originally. I was told the Canopy line may have been sold to someone else. I think Cambium. The Mikrotik equipment I had at the top of my 96 foot tall tower was rock solid. Never a hiccup in years of service in all kinds of weather. Of course I did a proper standards based installation including bonding and grounding. Proper installation makes a big difference no matter what you use. Kenneth M. Chipps Ph.D. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jason Lixfeld Sent: Friday, March 27, 2015 6:00 AM To: NANOG Subject: 802.11 based WISP hardware Hi all, I’m looking to gather some public opinion, links and pointers around the current landscape of WISP hardware vendors. I’m familiar with Cisco, Ruckus, AdTran, Motorola and Aruba (HP) but I’m wondering who else is out there that folks have used with success. My main areas of interest are around controller based (hardware or virtual (in-house, not off-net cloud based)) systems that have a range of indoor outdoor 802.11AC PoE capable APs. The controller(s) would be capable of tunnelling traffic from the APs for one or more SSIDs, support per-SSID captive portals and unique, intra-SSID captive portals. In a perfect world, an on-board DHCP server would be super handy too. The system should support CAPWAP, but some proprietary alternative is also fine, the usual suite of security protocols per SSID, reliable intra-SSID AP roaming algorithms and multi-SSID capable. Thanks in advance.
Re: 802.11 based WISP hardware
Ken Chipps, there's a name I haven't seen in a while. Motorola did sell the Canopy line off to private equity and is now Cambiun Networks. I started with Mikrotik in my WISP and still use them for routers and switches, but I cannot recommend them for the fixed wireless portion. They haven't pursued FCC certification for 5150 - 5350 or 5470 - 5725. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Kenneth M. Chipps Ph.D. chi...@chipps.com To: NANOG nanog@nanog.org Sent: Friday, March 27, 2015 6:40:35 AM Subject: RE: 802.11 based WISP hardware In my experience in the rural areas around DFW most of the smaller operations, such as I had until recently, used Mikrotik equipment. Around here SkyBeam has bought out all of the small and most of the large WISPs. They retired the Mikrotik equipment in favor of Motorola Canopy originally. I was told the Canopy line may have been sold to someone else. I think Cambium. The Mikrotik equipment I had at the top of my 96 foot tall tower was rock solid. Never a hiccup in years of service in all kinds of weather. Of course I did a proper standards based installation including bonding and grounding. Proper installation makes a big difference no matter what you use. Kenneth M. Chipps Ph.D. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Jason Lixfeld Sent: Friday, March 27, 2015 6:00 AM To: NANOG Subject: 802.11 based WISP hardware Hi all, I’m looking to gather some public opinion, links and pointers around the current landscape of WISP hardware vendors. I’m familiar with Cisco, Ruckus, AdTran, Motorola and Aruba (HP) but I’m wondering who else is out there that folks have used with success. My main areas of interest are around controller based (hardware or virtual (in-house, not off-net cloud based)) systems that have a range of indoor outdoor 802.11AC PoE capable APs. The controller(s) would be capable of tunnelling traffic from the APs for one or more SSIDs, support per-SSID captive portals and unique, intra-SSID captive portals. In a perfect world, an on-board DHCP server would be super handy too. The system should support CAPWAP, but some proprietary alternative is also fine, the usual suite of security protocols per SSID, reliable intra-SSID AP roaming algorithms and multi-SSID capable. Thanks in advance.
Re: Comcast Postmaster IPv6 issue
Someone will reach out. In the future, FYI: http://postmaster.comcast.net/ Thx - Jason On 3/27/15, 12:17 PM, Drew Linsalata drew.linsal...@gmail.com wrote: We're wresting with a Comcast IPv6 SMTP block and none of the Comcast postmaster communication tools allows entering an IPv6 address. End result = brick wall. If anyone from the Comcast postmaster team is listening, a message off-list would be most appreciated.
Re: FIXED - Re: Broken SSL cert caused by router?
When I had the same mistake as you, that toll identified it. That's why I mentioned that one :) Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Mar 27, 2015 12:34 PM, Mike mike-na...@tiedyenetworks.com wrote: On 03/27/2015 08:43 AM, Josh Luthman wrote: FFR you can use this to verify the site itself is good or not: https://www.sslshopper.com/ssl-checker.html (there are others, this is just what I have bookmarked) Thanks. Previously while diagnosing this however, I used some others similar and they all were saying I was ok. For example, https://www.ssllabs.com/ssltest/analyze.html and one other I forget now. I am surprised this problem was not being pointed out.
RE: FIXED - Re: Broken SSL cert caused by router?
Glad you figured that out. I've used three SSL evaluation websites to help me with intermediate certificate issues: https://www.ssllabs.com/ssltest/analyze.html (will show the names and details of the certs, missing or not https://www.wormly.com/test_ssl (quick SSL tester, will point out if intermediate certificate is missing) https://www.digicert.com/help/ (will show a green chain link between certs when they're all there *and* in order) Frank -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Mike Sent: Friday, March 27, 2015 10:36 AM Cc: nanog@nanog.org Subject: FIXED - Re: Broken SSL cert caused by router? I'd like to thank everyone for their kind responses. One person who responded off list and bothered to look at the returned certificates pointed out, and correctly it seems, that my original setup was missing an intermediate certificate. The site was returning 'valid ssl' and all browsers got the green lock and offsite ssl tests came back ok, but apparently the missing intermediate means it would have had to have been fetched and that was the part that was failing at the customer site. Once I put the intermediate certificate in there, the customer site was able to access https without fail. I have not had an opportunity yet to examine in detail the config of the meraki router there but it's either a routing problem or a DPI problem. If I get an answer I'll post again with my results. Thanks all. Mike-
Re: FIXED - Re: Broken SSL cert caused by router?
On 03/27/2015 08:43 AM, Josh Luthman wrote: FFR you can use this to verify the site itself is good or not: https://www.sslshopper.com/ssl-checker.html (there are others, this is just what I have bookmarked) Thanks. Previously while diagnosing this however, I used some others similar and they all were saying I was ok. For example, https://www.ssllabs.com/ssltest/analyze.html and one other I forget now. I am surprised this problem was not being pointed out.
Re: FIXED - Re: Broken SSL cert caused by router?
FFR you can use this to verify the site itself is good or not: https://www.sslshopper.com/ssl-checker.html (there are others, this is just what I have bookmarked) Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Fri, Mar 27, 2015 at 11:35 AM, Mike mike-na...@tiedyenetworks.com wrote: I'd like to thank everyone for their kind responses. One person who responded off list and bothered to look at the returned certificates pointed out, and correctly it seems, that my original setup was missing an intermediate certificate. The site was returning 'valid ssl' and all browsers got the green lock and offsite ssl tests came back ok, but apparently the missing intermediate means it would have had to have been fetched and that was the part that was failing at the customer site. Once I put the intermediate certificate in there, the customer site was able to access https without fail. I have not had an opportunity yet to examine in detail the config of the meraki router there but it's either a routing problem or a DPI problem. If I get an answer I'll post again with my results. Thanks all. Mike-
FIXED - Re: Broken SSL cert caused by router?
I'd like to thank everyone for their kind responses. One person who responded off list and bothered to look at the returned certificates pointed out, and correctly it seems, that my original setup was missing an intermediate certificate. The site was returning 'valid ssl' and all browsers got the green lock and offsite ssl tests came back ok, but apparently the missing intermediate means it would have had to have been fetched and that was the part that was failing at the customer site. Once I put the intermediate certificate in there, the customer site was able to access https without fail. I have not had an opportunity yet to examine in detail the config of the meraki router there but it's either a routing problem or a DPI problem. If I get an answer I'll post again with my results. Thanks all. Mike-
Re: Broken SSL cert caused by router?
It might be filtering the CRL or OCSP verification for the SSL certificate. For GoDaddy I think this would be: http://crl.godaddy.com/ http://ocsp.godaddy.com/ http://certificates.godaddy.com/ We ran into this when OS X changed how it handles SSL a few years back, our captive portal was presenting a splash page in place of Thawte OCSP and crashing the SSL keychain process. The work-around was either to respond with a TCP RST for these requests or to allow them through. On Thu, Mar 26, 2015 at 11:57 PM, Lewis,Mitchell T. ml-na...@techcompute.net wrote: Meraki Access Points are interesting devices. I have found they cause issues with Linux firewalls if the merakis are not configured correctly. Meraki Access Points do content inspections which I have found can cause produce symptoms similar to yours, although I have not experienced what you are describing. Since the MX64W is both an Access Point security gateway, it has some additional content inspection/intelligence for it's security appliance role on top of the functions it performs as an access point, the same functions which are found in Meraki standalone access points as well. I am not sure what the specifics are as I do not use Meraki security appliances but it is worth checking. I have found with Meraki that items in the control panel/dashboard are not always labeled the best so I have found it is usually worth putting in a ticket with them and/or a call to them to see what they think (1-888-490-0918). Mitchell T. Lewis mle...@techcompute.net : www.linkedin.com/in/mlewiscc Mobile: (203)816-0371 PGP Fingerprint: 79F2A12BAC77827581C734212AFA805732A1394E Public PGP Key A computer will do what you tell it to do, but that may be much different from what you had in mind. ~Joseph Weizenbaum - Original Message - From: Mike mike-na...@tiedyenetworks.com To: nanog@nanog.org Sent: Thursday, March 26, 2015 6:38:55 PM Subject: Broken SSL cert caused by router? Hi, I have a very odd problem. We've recently gotten a 'real' ssl certificate from godaddy to cover our domain (*.domain.com) and have installed it in several places where needed for email (imap/starttls and etc) and web. This works great, seems ok according to various online TLS certificate checkers, and I get the green lock when testing using my own browsers and such. I have a customer however that uses our web mail system now secured with ssl. I myself and many others use it and get the green lock. But, whenever any station at the customer tries using it, they get a broken lock and 'your connection is not private'. The actual error displayed below is 'cert_authority_invalid' and it's Go Daddy Secure Certificate Authority - G2. And it gets worse - whenever I go to the location and use my own laptop, the very one that 'works' when at my office, I ALSO get the error. AND EVEN WORSE - when I connect to my cell phone provided hotspot, the error goes away! As weird as this all sounds, I got it nailed down to one device - they have a Cisco/Meraki MX64W as their internet gateway - and when I remove that device from the chain and go 'straight' out to the internet, suddenly, the certificate problem goes away entirely. How is this possible? Can anyone comment on these devices and tell me what might be going on here? Mike- -- Ray Patrick Soucy Network Engineer University of Maine System T: 207-561-3526 F: 207-561-3531 MaineREN, Maine's Research and Education Network www.maineren.net
Re: Google served from non-google IPs?
Hi Jason, This is not commonplace. That prefix is from a specially designated IXP micro allocation block. See http://bit.ly/1OEcHde for detail. The use of these specially designated blocks is for IXPs only. We (Akamai) don't have equipment numbered into this type of address space nor do we have any evidence that we have in the past. We certainly won't in the future. If someone knows of anything that we missed, contact me directly and we'll arrange to renumber. Hope that helps. Best, -M On Thu, Mar 12, 2015 at 3:58 PM, Jason Lixfeld ja...@lixfeld.ca wrote: So today, I saw this: BlackBox:~ jlixfeld$ host google.ca 8.8.8.8 Using domain server: Name: 8.8.8.8 Address: 8.8.8.8#53 Aliases: google.ca has address 206.126.112.166 google.ca has address 206.126.112.177 google.ca has address 206.126.112.172 google.ca has address 206.126.112.187 google.ca has address 206.126.112.151 google.ca has address 206.126.112.158 google.ca has address 206.126.112.157 google.ca has address 206.126.112.173 google.ca has address 206.126.112.181 google.ca has address 206.126.112.155 google.ca has address 206.126.112.147 google.ca has address 206.126.112.185 google.ca has address 206.126.112.143 google.ca has address 206.126.112.170 google.ca has address 206.126.112.162 google.ca has IPv6 address 2607:f8b0:4006:808::100f google.ca mail is handled by 50 alt4.aspmx.l.google.com. google.ca mail is handled by 30 alt2.aspmx.l.google.com. google.ca mail is handled by 20 alt1.aspmx.l.google.com. google.ca mail is handled by 10 aspmx.l.google.com. google.ca mail is handled by 40 alt3.aspmx.l.google.com. BlackBox:~ jlixfeld$ That is not Google IPv4 address space, and those IPv4 IPs are not being announced by 15169. Am I dumb in thinking that this is weird or is this sort of thing commonplace?
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG, CaribNOG and the RIPE Routing Working Group. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.rand.apnic.net. If you have any comments please contact Philip Smith pfsi...@gmail.com. Routing Table Report 04:00 +10GMT Sat 28 Mar, 2015 Report Website: http://thyme.rand.apnic.net Detailed Analysis: http://thyme.rand.apnic.net/current/ Analysis Summary BGP routing table entries examined: 539583 Prefixes after maximum aggregation (per Origin AS): 205817 Deaggregation factor: 2.62 Unique aggregates announced (without unneeded subnets): 262661 Total ASes present in the Internet Routing Table: 49834 Prefixes per ASN: 10.83 Origin-only ASes present in the Internet Routing Table: 36546 Origin ASes announcing only one prefix: 16280 Transit ASes present in the Internet Routing Table:6292 Transit-only ASes present in the Internet Routing Table:172 Average AS path length visible in the Internet Routing Table: 4.5 Max AS path length visible: 59 Max AS path prepend of ASN ( 55644) 56 Prefixes from unregistered ASNs in the Routing Table: 1158 Unregistered ASNs in the Routing Table: 415 Number of 32-bit ASNs allocated by the RIRs: 9001 Number of 32-bit ASNs visible in the Routing Table:6996 Prefixes from 32-bit ASNs in the Routing Table: 25268 Number of bogon 32-bit ASNs visible in the Routing Table: 4 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space:361 Number of addresses announced to Internet: 2737519268 Equivalent to 163 /8s, 43 /16s and 58 /24s Percentage of available address space announced: 73.9 Percentage of allocated address space announced: 73.9 Percentage of available address space allocated: 100.0 Percentage of address space in use by end-sites: 97.3 Total number of prefixes smaller than registry allocations: 182122 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes: 132907 Total APNIC prefixes after maximum aggregation: 38646 APNIC Deaggregation factor:3.44 Prefixes being announced from the APNIC address blocks: 138626 Unique aggregates announced from the APNIC address blocks:56513 APNIC Region origin ASes present in the Internet Routing Table:5030 APNIC Prefixes per ASN: 27.56 APNIC Region origin ASes announcing only one prefix: 1211 APNIC Region transit ASes present in the Internet Routing Table:882 Average APNIC Region AS path length visible:4.5 Max APNIC Region AS path length visible: 59 Number of APNIC region 32-bit ASNs visible in the Routing Table: 1362 Number of APNIC addresses announced to Internet: 747670784 Equivalent to 44 /8s, 144 /16s and 141 /24s Percentage of available APNIC address space announced: 87.4 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079, 55296-56319, 58368-59391, 63488-64098, 131072-135580 APNIC Address Blocks 1/8, 14/8, 27/8, 36/8, 39/8, 42/8, 43/8, 49/8, 58/8, 59/8, 60/8, 61/8, 101/8, 103/8, 106/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 150/8, 153/8, 163/8, 171/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, 223/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:178044 Total ARIN prefixes after maximum aggregation:87849 ARIN Deaggregation factor: 2.03 Prefixes being announced from the ARIN address blocks: 180012 Unique aggregates announced from the ARIN address blocks: 84168 ARIN Region origin ASes present in the Internet Routing Table:16527 ARIN Prefixes per
Denver
So in Denver Comfluent\CoreSite seems to be the place to be... except as someone that predominately serves eyeball networks, I'm interested in NetFlix. NetFlix is in EdgeConneX... where no other significant peering is happening. Also, my partner who has been looking into the Denver market said that CoreSite costs more than Chicago Equinix. Any recommendations for where to go? Seems like both main options suck, but there aren't any better. This would be for eyeball networks getting peering with the big content guys and cheaper transit than the tier 4\5\6\7\8 (how small of markets get numbers?) where they're located. Any significant web hosting operations in the Denver market? Someone that's bigger than Bob's DS3 Web Hosting, but not SoftLayer size where they can't get creative with their services. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com
[NANOG-announce] NANOG On The Road Comes to Boston!!
We are very excited to be holding the next NOTR event in the great city of Boston and we invite you to join us! Are you interested in Internet networking/peering? Do you work at a colocation, hosting or data center facility? Are you a provider of hardware/software solutions for the Internet industry? If so, the NANOG On The Road https://www.nanog.org/meetings/road6/homeNANOG On The Road https://www.nanog.org/meetings/road6/home Boston event is perfect for you! Date: April 21, 2015 Time: 9:00 AM - 5:00 PM Location: Courtyard Boston Cambridge Hotel https://www.nanog.org/meetings/road6/hotel The FREE to attend event is open for registration. Register Now! https://nanog.org/meetings/road6/registration The agenda https://www.nanog.org/meetings/road6/agenda is posted - topics to be discussed include: - Keynote Presentation by Scott Bradner - Updates on Boston IX and RE Interconnection - DNSSEC RPKI - QUIC - Optical Networking Tutorial - IPv6 Tutorial - Data Center Track - BGP Tutorial If you are, or will be, in the Boston area, we invite you to attend. And don’t forget to share the invitation with your colleagues or others you feel may benefit from attending. Make NANOG On The Road your first step toward learning how you can take the wheel and steer the future of the Internet. Learn more about On The Road events here https://www.nanog.org/meetings/road/home. Feel free to contact us at nanog-supp...@nanog.org mailto:nanog-supp...@nanog.org if you have any questions. Regards, Valerie Valerie Wittkop NANOG Program Director 48377 Fremont Boulevard, Suite 117 Fremont, CA 94538 Tel: +1 510 492 4030 ___ NANOG-announce mailing list nanog-annou...@mailman.nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-announce
Re: Denver
Right, that's how I saw that NetFlix wasn't in Coresite by using CoreSite's Any2 member list... however accurate it is. (I did check peeringdb as well.) - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com - Original Message - From: Reid Fishler rfish...@he.net To: Mike Hammett na...@ics-il.net Cc: NANOG nanog@nanog.org Sent: Friday, March 27, 2015 4:15:45 PM Subject: Re: Denver Just to add a note, at Coresite there is the RMIX exchange, which now is an Any2...but its a fairly nice exchange. Reid On Fri, Mar 27, 2015 at 4:40 PM, Mike Hammett na...@ics-il.net wrote: So in Denver Comfluent\CoreSite seems to be the place to be... except as someone that predominately serves eyeball networks, I'm interested in NetFlix. NetFlix is in EdgeConneX... where no other significant peering is happening. Also, my partner who has been looking into the Denver market said that CoreSite costs more than Chicago Equinix. Any recommendations for where to go? Seems like both main options suck, but there aren't any better. This would be for eyeball networks getting peering with the big content guys and cheaper transit than the tier 4\5\6\7\8 (how small of markets get numbers?) where they're located. Any significant web hosting operations in the Denver market? Someone that's bigger than Bob's DS3 Web Hosting, but not SoftLayer size where they can't get creative with their services. - Mike Hammett Intelligent Computing Solutions http://www.ics-il.com -- Reid Fishler Director Hurricane Electric +1-510-580-4178
The Cidr Report
This report has been generated at Fri Mar 27 21:14:39 2015 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org/2.0 for a current version of this report. Recent Table History Date PrefixesCIDR Agg 20-03-15544650 297738 21-03-15544456 298114 22-03-15544479 298583 23-03-15545351 298755 24-03-15545533 298722 25-03-15545653 298852 26-03-15545243 299436 27-03-15545205 299145 AS Summary 50078 Number of ASes in routing system 20014 Number of ASes announcing only one prefix 3153 Largest number of prefixes announced by an AS AS10620: Telmex Colombia S.A.,CO 120880640 Largest address span announced by an AS (/32s) AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street,CN Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 27Mar15 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 546649 299157 24749245.3% All ASes AS22773 3017 171 284694.3% ASN-CXA-ALL-CCI-22773-RDC - Cox Communications Inc.,US AS6389 2890 73 281797.5% BELLSOUTH-NET-BLK - BellSouth.net Inc.,US AS17974 2795 78 271797.2% TELKOMNET-AS2-AP PT Telekomunikasi Indonesia,ID AS39891 2473 24 244999.0% ALJAWWALSTC-AS Saudi Telecom Company JSC,SA AS28573 2390 312 207886.9% NET Serviços de Comunicação S.A.,BR AS4755 1997 265 173286.7% TATACOMM-AS TATA Communications formerly VSNL is Leading ISP,IN AS4766 2866 1317 154954.0% KIXS-AS-KR Korea Telecom,KR AS28024 1527 24 150398.4% Nuevatel PCS de Bolivia S.A.,BO AS9808 1553 67 148695.7% CMNET-GD Guangdong Mobile Communication Co.Ltd.,CN AS7303 1752 287 146583.6% Telecom Argentina S.A.,AR AS6983 1703 248 145585.4% ITCDELTA - Earthlink, Inc.,US AS10620 3153 1792 136143.2% Telmex Colombia S.A.,CO AS20115 1850 500 135073.0% CHARTER-NET-HKY-NC - Charter Communications,US AS8402 1321 25 129698.1% CORBINA-AS OJSC Vimpelcom,RU AS4323 1627 411 121674.7% TWTC - tw telecom holdings, inc.,US AS9498 1312 111 120191.5% BBIL-AP BHARTI Airtel Ltd.,IN AS18566 2040 869 117157.4% MEGAPATH5-US - MegaPath Corporation,US AS7545 2567 1410 115745.1% TPG-INTERNET-AP TPG Telecom Limited,AU AS34984 1981 894 108754.9% TELLCOM-AS TELLCOM ILETISIM HIZMETLERI A.S.,TR AS22561 1338 259 107980.6% CENTURYLINK-LEGACY-LIGHTCORE - CenturyTel Internet Holdings, Inc.,US AS7552 1123 61 106294.6% VIETEL-AS-AP Viettel Corporation,VN AS3356 2552 1491 106141.6% LEVEL3 - Level 3 Communications, Inc.,US AS6849 1209 171 103885.9% UKRTELNET JSC UKRTELECOM,UA AS6147 1043 90 95391.4% Telefonica del Peru S.A.A.,PE AS8151 1562 619 94360.4% Uninet S.A. de C.V.,MX AS7738 1000 84 91691.6% Telemar Norte Leste S.A.,BR AS38285 983 115 86888.3% M2TELECOMMUNICATIONS-AU M2 Telecommunications Group Ltd,AU AS18881 867 23 84497.3% Global Village Telecom,BR AS4538 1775 953 82246.3% ERX-CERNET-BKB China Education and Research Network Center,CN AS26615 972 150 82284.6% Tim Celular S.A.,BR Total 5523812894
BGP Update Report
BGP Update Report Interval: 19-Mar-15 -to- 26-Mar-15 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS4837 702745 13.0% 147.8 -- CHINA169-BACKBONE CNCGROUP China169 Backbone,CN 2 - AS23752 244946 4.5%1828.0 -- NPTELECOM-NP-AS Nepal Telecommunications Corporation, Internet Services,NP 3 - AS9829 189846 3.5% 104.9 -- BSNL-NIB National Internet Backbone,IN 4 - AS61894 178259 3.3% 44564.8 -- FreeBSD Brasil LTDA,BR 5 - AS4134 135742 2.5% 38.6 -- CHINANET-BACKBONE No.31,Jin-rong Street,CN 6 - AS28024 107767 2.0% 70.9 -- Nuevatel PCS de Bolivia S.A.,BO 7 - AS21669 91310 1.7%6522.1 -- NJ-STATEWIDE-LIBRARY-NETWORK - New Jersey State Library,US 8 - AS36947 81468 1.5% 493.7 -- ALGTEL-AS,DZ 9 - AS480872591 1.3% 38.7 -- CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network,CN 10 - AS53563 49214 0.9%4921.4 -- XPLUSONE - X Plus One Solutions, Inc.,US 11 - AS845248999 0.9% 23.6 -- TE-AS TE-AS,EG 12 - AS19429 48663 0.9% 37.5 -- ETB - Colombia,CO 13 - AS771342512 0.8%2237.5 -- TELKOMNET-AS-AP PT Telekomunikasi Indonesia,ID 14 - AS481241694 0.8% 59.6 -- CHINANET-SH-AP China Telecom (Group),CN 15 - AS33529 38476 0.7%1539.0 -- PEAK-WEB-HOSTING - Peak Web Hosting Inc.,US 16 - AS39891 37945 0.7% 15.3 -- ALJAWWALSTC-AS Saudi Telecom Company JSC,SA 17 - AS778236584 0.7%1355.0 -- ALSK-7782 - Alaska Communications Systems Group, Inc.,US 18 - AS393276 36376 0.7%6062.7 -- CEA - Chugach Electric Association, Inc.,US 19 - AS840233140 0.6% 82.6 -- CORBINA-AS OJSC Vimpelcom,RU 20 - AS28573 31607 0.6% 14.0 -- NET Serviços de Comunicação S.A.,BR TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS61894 178259 3.3% 44564.8 -- FreeBSD Brasil LTDA,BR 2 - AS197914 19647 0.4% 19647.0 -- STOCKHO-AS Stockho Hosting SARL,FR 3 - AS33356 17197 0.3%8598.5 -- CTWS - Eagle-Tech Systems,US 4 - AS463368558 0.2%8558.0 -- GOODVILLE - Goodville Mutual Casualty Company,US 5 - AS25563 24048 0.5%8016.0 -- WEBLAND-AS Webland AG, Autonomous System,CH 6 - AS198005 14854 0.3%7427.0 -- UNI-AS UNI BAHRAIN TELECOM Bsc closed,SA 7 - AS549707259 0.1%7259.0 -- NORTHERN-AIR-CARGO - NORTHERN AIR CARGO,US 8 - AS21669 91310 1.7%6522.1 -- NJ-STATEWIDE-LIBRARY-NETWORK - New Jersey State Library,US 9 - AS393276 36376 0.7%6062.7 -- CEA - Chugach Electric Association, Inc.,US 10 - AS58396 18009 0.3%6003.0 -- DETELNETWORKS-AS-ID PT. DEWATA TELEMATIKA,ID 11 - AS53563 49214 0.9%4921.4 -- XPLUSONE - X Plus One Solutions, Inc.,US 12 - AS399134605 0.1%4605.0 -- COTEWA-AS Manuel Wannemacher,DE 13 - AS337213507 0.1%3507.0 -- CCL-ASN2 - CARNIVAL CRUISE LINES,US 14 - AS3935883166 0.1%3166.0 -- MUBEA-FLO - Mubea,US 15 - AS47680 13679 0.2%2735.8 -- NHCS EOBO Limited,IE 16 - AS508692514 0.1%2514.0 -- AKVARIUSNET Akvarius Ltd.,CZ 17 - AS621742484 0.1%2484.0 -- INTERPAN-AS INTERPAN LTD.,BG 18 - AS771342512 0.8%2237.5 -- TELKOMNET-AS-AP PT Telekomunikasi Indonesia,ID 19 - AS334408745 0.2%2186.2 -- WEBRULON-NETWORK - webRulon, LLC,US 20 - AS45606 10266 0.2%2053.2 -- TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 177.10.158.0/24 178221 2.9% AS61894 -- FreeBSD Brasil LTDA,BR 2 - 202.70.64.0/21 122090 2.0% AS23752 -- NPTELECOM-NP-AS Nepal Telecommunications Corporation, Internet Services,NP 3 - 202.70.88.0/21 121761 2.0% AS23752 -- NPTELECOM-NP-AS Nepal Telecommunications Corporation, Internet Services,NP 4 - 209.212.8.0/2491244 1.5% AS21669 -- NJ-STATEWIDE-LIBRARY-NETWORK - New Jersey State Library,US 5 - 105.96.0.0/22 77442 1.3% AS36947 -- ALGTEL-AS,DZ 6 - 199.38.164.0/23 49199 0.8% AS53563 -- XPLUSONE - X Plus One Solutions, Inc.,US 7 - 118.98.88.0/2442487 0.7% AS64567 -- -Private Use AS-,ZZ AS7713 -- TELKOMNET-AS-AP PT Telekomunikasi Indonesia,ID 8 - 69.194.4.0/24 38422 0.6% AS33529 -- PEAK-WEB-HOSTING - Peak Web Hosting Inc.,US 9 - 93.181.216.0/21 23509 0.4% AS13118 -- ASN-YARTELECOM OJSC Rostelecom,RU 10 - 130.0.192.0/2119647 0.3% AS197914 -- STOCKHO-AS Stockho Hosting SARL,FR 11 - 67.59.81.0/24 17196 0.3% AS33356 -- CTWS - Eagle-Tech Systems,US 12 - 91.193.202.0/24 16220 0.3% AS42081 --
Level 3 Outage
Did anyone else experience a Level 3 outage in the last couple of days? Seems like we've been affected with quite a few VPNV4 outages (one that lasted for upto 9 hrs) and didn't get resolved until they rebuilt their vpnv4 address family on their PE router(s)? On Thu, Mar 26, 2015 at 8:00 AM, nanog-requ...@nanog.org wrote: Send NANOG mailing list submissions to nanog@nanog.org To subscribe or unsubscribe via the World Wide Web, visit http://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-requ...@nanog.org You can reach the person managing the list at nanog-ow...@nanog.org When replying, please edit your Subject line so it is more specific than Re: Contents of NANOG digest... Today's Topics: 1. godaddy contact (Tim) 2. Frontier: Blocking port 22 because of illegal files? (Aaron C. de Bruyn) 3. Re: Frontier: Blocking port 22 because of illegal files? (Eygene Ryabinkin) 4. Re: Frontier: Blocking port 22 because of illegal files? (Jon Lewis) 5. Re: Frontier: Blocking port 22 because of illegal files? (Stephen Satchell) 6. Re: Frontier: Blocking port 22 because of illegal files? (Seth Mos) 7. booster to gain distance above 60km (Rodrigo Augusto) 8. Re: Frontier: Blocking port 22 because of illegal files? (Jens Link) 9. Prefix hijack by INDOSAT AS4795 / AS4761 (Randy) 10. Re: Frontier: Blocking port 22 because of illegal files? (Livingood, Jason) 11. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Christopher Morrow) 12. Re: Frontier: Blocking port 22 because of illegal files? (Jeff Richmond) 13. Re: Frontier: Blocking port 22 because of illegal files? (Daniel Corbe) 14. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Randy) 15. RE: Prefix hijack by INDOSAT AS4795 / AS4761 (Peter Rocca) 16. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Christopher Morrow) 17. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Christopher Morrow) 18. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Randy) 19. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Pierre Emeriaud) 20. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Paul S.) 21. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Chuck Anderson) 22. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Christian Teuschel) 23. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Andree Toonk) 24. RE: Prefix hijack by INDOSAT AS4795 / AS4761 (Peter Rocca) 25. Charter Engineer (Shawn L) 26. RE: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761] (Randy) -- Message: 1 Date: Wed, 25 Mar 2015 16:41:50 -0600 From: Tim tim...@progressivemarketingnetwork.com To: nanog@nanog.org Subject: godaddy contact Message-ID: 551339ae.8010...@progressivemarketingnetwork.com Content-Type: text/plain; charset=utf-8 Anyone from godaddy on here or have contact details for them? We are having a routing issue to them. -- Message: 2 Date: Wed, 25 Mar 2015 19:31:35 -0700 From: Aaron C. de Bruyn aa...@heyaaron.com To: NANOG mailing list nanog@nanog.org Subject: Frontier: Blocking port 22 because of illegal files? Message-ID: CAEE+rGqimJYAfgmzm9AJ72+gcmJxfZLM7n4Rf03vynxKN= q...@mail.gmail.com Content-Type: text/plain; charset=UTF-8 I've had a handful of clients contact me over the last week with trouble using SCP (usually WinSCP) to manage their website content on my servers. Either they get timeout messages from WinSCP or a message saying they should switch to SFTP. After getting a few helpful users on the phone to run some quick tests, we found port 22 was blocked. When my customers contacted Frontier, they were told that port 22 was blocked because it is used to transfer illegal files. I called them, and got the same ridiculous excuse. Just a friendly heads-up to anyone from Frontier who might be listening, I have a few additional ports you may wish to block: 80 - Allows users to use Google to search for illegal files 443 - Allows users to use Google to search for illegal files in a secure manner 69 - Allows users to trivially transfer illegal files 3389 - Allows users to connect to unlicensed Windows machines 179 - Allows users to exchange routes to illegal file shares 53 - Allows people to look up illegal names -A -- Message: 3 Date: Thu, 26 Mar 2015 07:21:45 +0300 From: Eygene Ryabinkin rea+na...@grid.kiae.ru To: Aaron C. de Bruyn aa...@heyaaron.com Cc: NANOG mailing list nanog@nanog.org Subject: Re: Frontier: Blocking port 22 because of illegal files? Message-ID: nwCOvNPJTWOEp6pB7jt97dzYZ/0@xD7c2HZfPDzIruDUr3Qm9QhN1kk Content-Type: text/plain; charset=us-ascii Wed, Mar 25, 2015 at 07:31:35PM -0700, Aaron C. de Bruyn wrote: Just a friendly
RE: Level 3 Outage
Yes, see this thread: https://puck.nether.net/pipermail/outages/2015-March/007687.html Frank -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Debottym Mukherjee Sent: Friday, March 27, 2015 10:14 AM To: nanog@nanog.org Subject: Level 3 Outage Did anyone else experience a Level 3 outage in the last couple of days? Seems like we've been affected with quite a few VPNV4 outages (one that lasted for upto 9 hrs) and didn't get resolved until they rebuilt their vpnv4 address family on their PE router(s)? On Thu, Mar 26, 2015 at 8:00 AM, nanog-requ...@nanog.org wrote: Send NANOG mailing list submissions to nanog@nanog.org To subscribe or unsubscribe via the World Wide Web, visit http://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to nanog-requ...@nanog.org You can reach the person managing the list at nanog-ow...@nanog.org When replying, please edit your Subject line so it is more specific than Re: Contents of NANOG digest... Today's Topics: 1. godaddy contact (Tim) 2. Frontier: Blocking port 22 because of illegal files? (Aaron C. de Bruyn) 3. Re: Frontier: Blocking port 22 because of illegal files? (Eygene Ryabinkin) 4. Re: Frontier: Blocking port 22 because of illegal files? (Jon Lewis) 5. Re: Frontier: Blocking port 22 because of illegal files? (Stephen Satchell) 6. Re: Frontier: Blocking port 22 because of illegal files? (Seth Mos) 7. booster to gain distance above 60km (Rodrigo Augusto) 8. Re: Frontier: Blocking port 22 because of illegal files? (Jens Link) 9. Prefix hijack by INDOSAT AS4795 / AS4761 (Randy) 10. Re: Frontier: Blocking port 22 because of illegal files? (Livingood, Jason) 11. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Christopher Morrow) 12. Re: Frontier: Blocking port 22 because of illegal files? (Jeff Richmond) 13. Re: Frontier: Blocking port 22 because of illegal files? (Daniel Corbe) 14. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Randy) 15. RE: Prefix hijack by INDOSAT AS4795 / AS4761 (Peter Rocca) 16. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Christopher Morrow) 17. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Christopher Morrow) 18. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Randy) 19. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Pierre Emeriaud) 20. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Paul S.) 21. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Chuck Anderson) 22. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Christian Teuschel) 23. Re: Prefix hijack by INDOSAT AS4795 / AS4761 (Andree Toonk) 24. RE: Prefix hijack by INDOSAT AS4795 / AS4761 (Peter Rocca) 25. Charter Engineer (Shawn L) 26. RE: More specifics from AS18978 [was: Prefix hijack by INDOSAT AS4795 / AS4761] (Randy) -- Message: 1 Date: Wed, 25 Mar 2015 16:41:50 -0600 From: Tim tim...@progressivemarketingnetwork.com To: nanog@nanog.org Subject: godaddy contact Message-ID: 551339ae.8010...@progressivemarketingnetwork.com Content-Type: text/plain; charset=utf-8 Anyone from godaddy on here or have contact details for them? We are having a routing issue to them. -- Message: 2 Date: Wed, 25 Mar 2015 19:31:35 -0700 From: Aaron C. de Bruyn aa...@heyaaron.com To: NANOG mailing list nanog@nanog.org Subject: Frontier: Blocking port 22 because of illegal files? Message-ID: CAEE+rGqimJYAfgmzm9AJ72+gcmJxfZLM7n4Rf03vynxKN= q...@mail.gmail.com Content-Type: text/plain; charset=UTF-8 I've had a handful of clients contact me over the last week with trouble using SCP (usually WinSCP) to manage their website content on my servers. Either they get timeout messages from WinSCP or a message saying they should switch to SFTP. After getting a few helpful users on the phone to run some quick tests, we found port 22 was blocked. When my customers contacted Frontier, they were told that port 22 was blocked because it is used to transfer illegal files. I called them, and got the same ridiculous excuse. Just a friendly heads-up to anyone from Frontier who might be listening, I have a few additional ports you may wish to block: 80 - Allows users to use Google to search for illegal files 443 - Allows users to use Google to search for illegal files in a secure manner 69 - Allows users to trivially transfer illegal files 3389 - Allows users to connect to unlicensed Windows machines 179 - Allows users to exchange routes to illegal file shares 53 - Allows people to look up illegal names -A -- Message: 3 Date: Thu, 26 Mar 2015 07:21:45 +0300 From: Eygene Ryabinkin rea+na...@grid.kiae.ru To: Aaron C. de Bruyn aa...@heyaaron.com Cc: NANOG mailing list