RE: What DNS Is Not
-Original Message- From: bmann...@vacation.karoshi.com [mailto:bmann...@vacation.karoshi.com] Sent: Monday, November 09, 2009 4:32 PM To: Patrick W. Gilmore Cc: NANOG list Subject: Re: What DNS Is Not ... notbeing Paul, its rude of me to respond - yet you posted this to a public list ... so here goes. Why do you find your behaviour in your domains acceptable and yet the same behaviour in others zones to be a Bad Thing and should be stopped? Ok, devils advocate argument. Is there is a difference between being a domain owner (Patrick wanting to wildcard the domain he has paid for), and a domain custodian (Verisign for the .com example) in whether wildcards are ever acceptable in the DNS responses you provide?
RE: Dan Kaminsky
doesn't the iphone has an app to decode qr-codes similar to the one built into almost all keitai here in japan. http://en.wikipedia.org/wiki/QR_Code Yep. Called iMatrix. (There are probably others too)
RE: MGE UPS Systems
Or are you talking about Eaton's? http://www.eaton.com/EatonCom/SearchResults/CT_136576 History (as I recall it). Schneider Electric bought MGE late 2003 Schneider Electric bought APC late 2006 (and merges APC/MGE product line, which has overlap) Schneider Electric sold small MGE product line to Eaton late 2007 (these are the office/small business type UPSs, as I recall, and overlapped the APC consumer/office/small business offerings). I do not know the plans regarding how Schneider Electric will deal with the remaining overlap in the high end APC/MGE UPS business.
RE: 97.128.0.0/9 allocation to verizon wireless
Does ARIN lack sufficient resources to vet jumbo requests? I am fairly confident ARIN followed their policies. The existing policies allow anyone (including Verizon) to make a request for (and receive) a /9 with appropriate justification. If you do not like the policies, please participate in the ARIN policy process and work to change them. Mailing lists: arin-p...@arin.net Open to the general public. Provides a forum to raise and discuss policy-related ideas and issues surrounding existing and proposed ARIN policies. The PPML list is an intrinsic part of ARIN's Policy Development Process (PDP), which details how proposed policies are handled. http://www.arin.net/mailing_lists/index.html
RE: Leap second tonight
It's theoretically possible for leap seconds to be introduced at the end of March and September. As I recall, NTP supports leap seconds every month, for which there is a prediction that even this would be insufficient at some point in this millennium (depending, of course, on the actual rotation speed). There have been on again/off again talks to abolish the leap second for quite a number of years. Gary
RE: an over-the-top data center
-Original Message- From: Steven M. Bellovin [mailto:[EMAIL PROTECTED] Sent: Friday, November 28, 2008 5:35 AM To: nanog@nanog.org Subject: an over-the-top data center http://royal.pingdom.com/2008/11/14/the-worlds-most-super-desi gned-data-center-fit-for-a-james-bond-villain/ (No, I don't know if it's real or not.) One could consider purchasing the underground tunnels in downtown London that BT is selling to build a competing over-the-top data center. http://www.nytimes.com/2008/11/28/business/worldbusiness/28tunnel.html
RE: Advice/resources for setting up TACACS server
Do you have any suggestions for a free tacacs server which will run on linux ? I have so far been unable to find any and the tacacs+ source code hasn't been updated since around 2000 Available (and maintained) at: http://www.shrubbery.net/tac_plus/ (direct download link: ftp://ftp.shrubbery.net/pub/tac_plus) The latest was last updated end of year 2007
Multiple DNS implementations vulnerable to cache poisoning
Multiple DNS implementations vulnerable to cache poisoning: http://www.kb.cert.org/vuls/id/800113 (A widely coordinated vendor announcement. As always, check with your vendor(s) for patch status.) Gary
RE: Best utilizing fat long pipes and large file transfer
Hi, I'm looking for input on the best practices for sending large files There are both commercial products (fastcopy) and various free(*) products (bbcp, bbftp, gridftp) that will send large files. While they can take advantage of larger windows they also have the capability of using multiple streams (dealing with the inability to tune the tcp stack). There are, of course, competitors to these products which you should look into. As always, YMWV. Some references: http://www.softlink.com/fastcopy_techie.html (Some parts of NASA seem to like fastcopy) http://nccs.gov/user-support/general-support/data-transfer/bbcp/ (Full disclosure, bbcp was written by someone who sits about 3 meters from where I am sitting, but I cannot find a nice web reference from him about the product, so I am showing a different sites documentation) http://doc.in2p3.fr/bbftp/ (One of the first to use multistream for BaBar) http://www.globus.org/grid_software/data/gridftp.php (Part of the globus toolkit. Somewhat heavier weight if all you want is file transfer.) http://fasterdata.es.net/tools.html (A reference I am surprised Kevin did not point to :-) http://www.slac.stanford.edu/grp/scs/net/talk/ggf5_jul2002/NMWG_GGF5.pdf (A few year old performance evaluation) www.triumf.ca/canarie/amsterdam-test/References/010402-ftp.ppt (Another older performance evaluation) Gary (*) Some are GPL, and some (modified) BSD licenses. Which one is free enough depends on some strongly held beliefs of the validator.
RE: www.Amazon.com down?
www.amazon.com returns: Http/1.1 Service Unavailable Anyone have a URL for a network/etc status page, or info on the outage? Been that way for a while this morning. Apparently, Amazon has fallen over, and cannot get up. http://news.cnet.com/8301-10784_3-9962010-7.html
Re: [NANOG] IOS rootkits
I understand *why* we are worried about rootkits on individual servers. On essentially closed platforms this isn't going to be rocket science. It may seem odd by today's BCPs, but booting up from golden images via write-protected hardware or TFTP or similar is pretty straightforward Since todays bootstrap codes are in EEPROM (or equivalent), if you get root once, you can have root forever. Faking file system content (and real time replacing of code) is the core of any current (good) Linux/Mac/Windows rootkit. Cisco/Juniper/Force10/whatever is just another platform to do the same if you can replace the bootstrap. Modular IOS might even make it easier to do dynamic code insertion. There are platforms (Xbox?, Tivo?, etc.) that try to do cryptographic validation of the code they are loading. Network devices are not yet doing a true cryptograhic validation as far as I know, although one could imagine that that might be a next step to protect against that specific threat (although I seem to recall that bypassing the Xbox validations only took a few months, so it is harder than it first appears to get right). Gary ___ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
Re: [NANOG] US DoD receives chunked IPv6 /13 (14x /22 but not totallyconsecutive)
The other fun question is of course what a single organization has to do with (2^(48-13)=) 34.359.738.368, yes indeed, 34 billion /48's which cover 2.251.799.813.685.248 /64's which is a number that I can't even pronounce. Perhaps the DARPA initiative regarding having each mine have its own network address (so it can communicate and hop around) is closer than we think. http://www.theregister.co.uk/2003/04/11/the_selfhealing_selfhopping_landmine/ (The animation content has moved to: http://www.darpa.mil/sto/smallunitops/shm/index.htm#) Perhaps next each round of ammo will have its own IPv6 address. ___ NANOG mailing list NANOG@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog
