Re: [EXT] RE: Widespread Firefox issues
From: NANOG on behalf of Keith Medcalf Sent: Saturday, May 4, 2019 3:14:53 AM To: NANOG list Cc: Constantine A. Murenin Subject: [EXT] RE: Widespread Firefox issues HTTPS: has nothing to do with the website being "secure". https: means that transport layer security (encryption) is in effect. https: is a PRIVACY measure, not a SECURITY measure. --- The fact that there's a Highway to Hell but only a Stairway to Heaven says a lot about anticipated traffic volume. >-Original Message- >From: NANOG [ mailto:nanog-boun...@nanog.org] On Behalf Of Constantine >A. Murenin >Sent: Friday, 3 May, 2019 21:02 >To: Brielle Bruns >Cc: NANOG list >Subject: Re: Widespread Firefox issues > >On Fri, 3 May 2019 at 20:57, Brielle Bruns wrote: > > > Just an FYI since this is bound to impact users: > > https://bugzilla.mozilla.org/show_bug.cgi?id=1548973 > > Basically, Mozilla forgot to renew an intermediate cert, and >people's > Firefox browsers have mass-disabled addons. > > Whoops. > > > >This is why it's important that every single website on the internet >is available ONLY over HTTPS. Don't forget to install an HSTS >policy, too, so, if anyone ever visits Kazakhstan or a security- >conscious corporate office, they'll be prevented from accessing the >cute pictures of cats on your fully static website. Of course, don't >forget to abandon HTTP, too, and simply issue 301 Moved Permanently >redirects from all HTTP targets to HTTPS, to cover all the bases. > >Backwards compatibility? Don't you worry — no browser lets anyone >remove HSTS, once installed, so, you're golden. And HTTPS links >won't fallback to HTTP, either, so, you're good there, too — your >cute cats are safe and secure, and once folks link to your new site >under https://, your future self will be safe and secure from ever >having the option to go insecure again. I mean, why would anyone go >"insecure"? Especially now with LetsEncrypt? > > >Oh, wait… > > >Wait a moment, and who's the biggest player behind the HTTPS-only >movement? Oh, and Mozilla's one of the biggest backers of >LetsEncrypt, too? I see… Well, nothing to see here, move along! >#TooBigToFail. > > >C. I may be wrong and if so, I am happy to be corrected, but I don't think that statement is entirely true. The certificate not only encrypts the connection, it also verifies that you are connecting to the server you intend to. That second component is a security measure. Charles Bronson
RE: [EXT] Fwd: Re: problems sending to prodigy.net hosted email
If this isn't pertinent to the list, feel free to answer privately. How did you implement the server that got rid of ARP storms? Charles Bronson -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Stephen Satchell Sent: Monday, March 19, 2018 9:31 PM To: nanog@nanog.org Subject: [EXT] Fwd: Re: problems sending to prodigy.net hosted email Two DNS servers hosted on one box (or VM object), even with two addresses, is easily compromised by DDoS amplification attacks. That's the norm for a number of "web control panel" systems like Plesk and CPanel. It depends on the scale of your operations. Last time I was in that situation, I had roughly 25,000 domains spread across 30 servers. Life became MUCH simpler when I put up dedicated, and high-power, physical systems running non-recursive BIND for DNS1 and DNS2, as well as another pair of boxes running recursive servers as DNS3 and DNS4. Getting QMail and Exim to "smart host" to my monster MX servers proved to be pretty easy, and I even was able to get the web servers to tell me when a mailbox was full so I could reject the SMTP exchange at the edge, instead of generating backscatter. And, with a pool of roughly 4,000 IP addresses, I got rid of ARP storms in our network by putting up a little server called "ackbar", that was configured to respond to all otherwise unused IP address in our pool. (Edge routers were Cisco 7000 class, with DS3 uplinks.) Lessons learned well. Forwarded Message Subject: Re: problems sending to prodigy.net hosted email Date: Mon, 19 Mar 2018 17:55:33 +0100 From: Chris <chris2...@postbox.xyz> To: C. Jon Larsen <jlar...@richweb.com> CC: nanog@nanog.org On Mon, 19 Mar 2018 11:56:16 -0400 (EDT) C. Jon Larsen wrote: > > Why not? Never had a problem with multiple services on linux, in > > contrast to windows where every service requires its own box (or at > > least vm). > > Go for it ! Failure is an awesome teacher :) Don't really see a problem, especially since you normally always have two DNS servers... -- Papst Franziskus ruft zum Kampf gegen Fake News auf. Wir finden, der Mann, der sich als Stellvertreter Christi ausgibt, von dem er behauptet, dessen Mutter sei zeitlebens Jungfrau gewesen, er hätte über Wasser gehen und selbiges in Wein verwandeln können, hat vollkommen recht.
Re: thoughts?
Message: 6 Date: Thu, 27 May 2010 07:10:54 -0400 From: Dorn Hetzel dhet...@gmail.com Subject: thoughts? To: nanog@nanog.org Message-ID: aanlktinafob1k2nxycwmh7o6ni0ffouckcdfwon0j...@mail.gmail.com Content-Type: text/plain; charset=ISO-8859-1 http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html?hpt=T2 I'm not sure what these IP Addresses are that they speak of. But can't we have the government just print more? Charles Bronson
Starting up a WiMAX ISP
Looking for advice... I live in central / western New York state (think villages and farms). There are a good number of hills but no mountains. I have solid LAN experience and experience facing a smaller network to the Internet. I was network admin for a medium size enterprise network (I.e. design and implementation including LAN, Internet connectivity, VPN, routers, DNS, mail, webservers, physical servers, etc). I would like to build a local ISP that can serve high speed internet access to the more rural areas whose only option is dial up access, well away from the CO. It would also be nice to compete with the cable company and DSL for customers in the villages. I have been researching information for design / implementation of WiMAX, equipment suppliers, contractors to help with installation of tower equipment and acquiring tower space, but have been coming up empty handed. What resources are available to help me bridge the gap from where I am to what I need to know to get started and what specific technologies would you recommend I bone up on? I know beyond the WiMAX specific information, I will probably need to cozy up to BGP, maybe MPLS for traffic between the core and towers? Also do you have any suggestions on where I can find suppliers and service vendors in this field? Networks are my passion and am willing to dig in, but I need some direction. Thanks for you help an insight. Charles Bronson
Re: Starting up a WiMAX ISP
I have received a few responses along this line and figured I would pick one and answer all of them. To determine if it is financial sustainable, I will take the information on design and implementation to create a configuration. This will let me establish the fixed and recurring costs required to set up the core and then incremental costs (fixed hardware and recurring leases) per broadcast area. Then I can calculate how many customers I will need per broadcast area to bring up a broadcast site. This will give me general startup costs and let me build a customer count / biling rate table. Once I have those numbers I can beat the pavement and find out what people will pay for my service and then I will know based on my table if there is a snowball's chance in hell of this working. Charles Bronson From: Brandon Kim brandon@brandontek.com To: packetg...@yahoo.com Sent: Tue, April 27, 2010 11:10:08 AM Subject: RE: Starting up a WiMAX ISP Interesting mission you have here. I'm in hudson valley region of NY. Have you done some research on the economics of this venture? Do you know if people would be willing to pay for higher speed internet access? Do you know if there are any gov't programs that can give you a grant to do this? Date: Tue, 27 Apr 2010 07:00:38 -0700 From: packetg...@yahoo.com Subject: Starting up a WiMAX ISP To: nanog@nanog.org Looking for advice... I live in central / western New York state (think villages and farms). There are a good number of hills but no mountains. I have solid LAN experience and experience facing a smaller network to the Internet. I was network admin for a medium size enterprise network (I.e. design and implementation including LAN, Internet connectivity, VPN, routers, DNS, mail, webservers, physical servers, etc). I would like to build a local ISP that can serve high speed internet access to the more rural areas whose only option is dial up access, well away from the CO. It would also be nice to compete with the cable company and DSL for customers in the villages. I have been researching information for design / implementation of WiMAX, equipment suppliers, contractors to help with installation of tower equipment and acquiring tower space, but have been coming up empty handed. What resources are available to help me bridge the gap from where I am to what I need to know to get started and what specific technologies would you recommend I bone up on? I know beyond the WiMAX specific information, I will probably need to cozy up to BGP, maybe MPLS for traffic between the core and towers? Also do you have any suggestions on where I can find suppliers and service vendors in this field? Networks are my passion and am willing to dig in, but I need some direction. Thanks for you help an insight. Charles Bronson
Re: Starting up a WiMAX ISP
That is a good idea. I would definitely be interested in working with the right people to extend their service as opposed to reinventing the wheel unless I don't like the wheel they invented. Charles Bronson - Original Message From: John Levine jo...@iecc.com To: nanog@nanog.org Cc: packetg...@yahoo.com Sent: Tue, April 27, 2010 11:09:11 AM Subject: Re: Starting up a WiMAX ISP I live in central / western New York state (think villages and farms). You might want to start by talking to Lightlink in Ithaca, which has been doing fixed wireless for years. R's, John