Re: Unimus as NCM (Network Configuration Management) Tool
> On Apr 4, 2024, at 2:06 AM, Mark Tinka wrote: > On 4/4/24 08:25, Mike Lyon wrote: > >> I use it for config backups, diffs, etc. Love it. >> >> Theres others such as Rancid but im not sure if it works on anything other >> than Vendor C. > > RANCID works perfectly for Cisco, Juniper, Arista, Brocade (Foundry) and HP. Also works well for Dell S series switches. I use it on S4128s and S4048s.
Re: what is acceptible jitter for voip and videoconferencing?
> On Sep 20, 2023, at 2:46 AM, Saku Ytti wrote: > > skype uses Silk > (maybe teams too?). We run Teams Telephony in $DAYJOB, and it does use SILK. https://learn.microsoft.com/en-us/microsoftteams/platform/bots/calls-and-meetings/real-time-media-concepts
Re: Xfi Advances Security (comcast)
> On Sep 10, 2021, at 9:31 AM, Jason Kuehl wrote: > > For whatever reason Comcast Xfinity is blocking my VPN URL. I've started the > process to unblock, and I'm trying to get a hold of their security team to > resolve this. I've been bounced around all morning. > > Does anyone have a contact at Comcast that can whitelist a URL or get me to a > team that can understand what is going on for the block to happen? Why is Comcast blocking things? That seems like it’s out of scope for an ISP. —Chris
Re: Reminder: Never connect a generator to home wiring without transfer switch
> On Aug 25, 2021, at 1:30 PM, b...@theworld.com wrote: > > > > Except maybe that one guy at Harvard who came to replace what turned > out to be a 100+ year old, home made, "breaker" which fed our machine > room which was hidden in a narrow dark hallway winding around our > machine room behind an unmarked metal, locked doorway. I had no idea > it existed but we had no power so I called for help. > > It was just a single copper bar about the size of a small candy bar > tensioned into hot clips. Probably 400A but who remembers. > > He removed the old one confidently enough, grabbed the new one with > rubber-handled pliers and gloves and... > > Him: Have you ever played football? > > Me: Actually, yes, I have, why? > > Him: If something doesn't look right when I put this thing in just > tackle me clear of it as hard and as fast as you can. > > Me: Um, ok. > > It all worked out fine and I wrote a memo that maybe Harvard could > spring for a proper $500 breaker box? > > When I was working at the MCI training facility in 1994, I went into the power facility classroom where they had battery strings, rectifiers, transfer switches, etc for students to learn on. I noticed that every 8-10 feet there was an 8 foot long 3/4 inch PVC pipe with about 16 feet of rope threaded through it. When I asked what those were for, the instructor said “We will use those to pull people off the electricity in case anyone gets shocked.” I never heard that they were used, so that’s good. —Chris
Re: OVH datacenter SBG2 in Strasbourg on fire
> On Mar 11, 2021, at 5:06 AM, Matt Harris wrote: > > There are plenty of effective options besides environmentally-destructive > Halon, dangerous-to-equipment water sprinkler, or dangerous-to-personnel CO2 > for fire suppression these days. Some of the most common today are foam > systems like FM-200 or 3m's Novec. Novec and Solvay’s Galden are not really that much better than Halon. I guess it come down to which halogen do you want to release? Chlorine or Ffuorine? https://www.engineeredfluids.com/post/are-pfas-the-next-pcbs —Chris
Re: Google Fiber abuse address does not exist
> On Feb 18, 2021, at 5:19 PM, Louie Lee wrote: > > Hey Chris, > > Thanks for reporting this. We had an issue that caused emails to addresses in > that domain to not be recognized. > > The email is no longer bouncing back, and emails to other googlefiber.net > addresses are confirmed working. > > Louie Thanks Warren and Louie for looking into it and getting it fixed. My abuse report has been received by the giant brain. I’m waiting for $DAYJOB to wise up and make me the DMR at ARIN. Coming soon…. —Chris
Google Fiber abuse address does not exist
Can someone at ARIN tell them they need to fix this? From whois 136.32.164.64: OrgAbuseHandle: GFA32-ARIN OrgAbuseName: Google Fiber Abuse OrgAbusePhone: +1-650-253- OrgAbuseEmail: ab...@googlefiber.net OrgAbuseRef:https://rdap.arin.net/registry/entity/GFA32-ARIN Email response: - The following addresses had permanent fatal errors - (reason: 550-5.1.1 The email account that you tried to reach does not exist. Please try) - Transcript of session follows - ... while talking to gmr-smtp-in.l.google.com.: >>> DATA <<< 550-5.1.1 The email account that you tried to reach does not exist. Please try <<< 550-5.1.1 double-checking the recipient's email address for typos or <<< 550-5.1.1 unnecessary spaces. Learn more at <<< 550 5.1.1 https://support.google.com/mail/?p=NoSuchUser kk5si203161pjb.1 - gsmtp 550 5.1.1 ... User unknown <<< 503 5.5.1 RCPT first. kk5si203161pjb.1 - gsmtp Reporting-MTA: dns; lenny.gizmopartners.com Received-From-MTA: DNS; 136-49-160-191.googlefiber.net Arrival-Date: Thu, 18 Feb 2021 21:52:38 GMT Final-Recipient: RFC822; ab...@googlefiber.net Action: failed Status: 5.1.1 Remote-MTA: DNS; gmr-smtp-in.l.google.com Diagnostic-Code: SMTP; 550-5.1.1 The email account that you tried to reach does not exist. Please try Last-Attempt-Date: Thu, 18 Feb 2021 21:52:39 GMT
Re: Texas internet connectivity declining due to blackouts
> On Feb 16, 2021, at 11:51 AM, Michael Thomas wrote: > > You'd think that mid-summer Texas chews a lot more peak capacity than the > middle of winter. Plus I would think a lot of Texas uses natural gas for heat > rather than electricity further mitigating its effect on the grid. > > Mike The eia.gov site shows it to be about a 50/50 split between natural gas and electric heating. Propane fills in a few more percent. Yes, the grid does get quite strained in the summer from AC use. —Chris, from Austin
Re: public open resolver list?
> On Feb 1, 2021, at 5:26 PM, Kevin McCormick wrote: > > Nearly all of those seem to error out. > > Is that a wishful thinking list? Those that do answer to anyone who asks are flagged "recursion-yes,” but I don’t know how often it’s updated. —Chris
Re: public open resolver list?
> On Feb 1, 2021, at 12:19 PM, Nick Hilliard wrote: > > Randy Bush wrote on 01/02/2021 18:16: >> is there a list of public resolvers? e.g. 1.1.1.1, 4.4.4.4, 8.8.8.8, >> etc.? > > https://public-dns.info/ There’s also a list of interesting resolvers at https://gist.github.com/roycewilliams/6cb91ed94b88730321ca3076006229f1 —Chris
Re: Juniper configuration recommendations/BCP
> On Oct 8, 2020, at 10:55 AM, wrote: > > JunOS is so linux based Um, my MX-204 says FreeBSD amd64.
Re: Hand held copper Ethernet testers
> On Sep 30, 2020, at 3:42 PM, Warren Kumari wrote: > > > > On Wed, Sep 30, 2020 at 4:33 PM Nick Hilliard wrote: > Chris Boyd wrote on 30/09/2020 21:24: > > My old Test-Um Lanscaper died, and I was curious what people liked > > these days. Don’t need throughput testing or anything like that, just > > basic wire map testing, cable ID, cable length, PoE voltage, and DHCP > > client. > > > > What do y’all like? > > https://pockethernet.com/ is pretty neat. > > > Gr... > > Pockethernet *was* really great, but they ran into some issues and stopped > updating/ supporting the device/app. > > Many people updated the firmware, only to discover that the new firmware was > no longer compatible with the iOS app. There were numerous issues with the > UI, it wasn’t compatible with newer iOS, etc. This was incredibly frustrating > because it was all so close to perfect... > > I’ve just noticed that there is finally a new version - perhaps things are > now better; I really hope so, because the device itself has great potential, > just let down by the app… That does look pretty cool. Appreciate the heads up on the app.
Hand held copper Ethernet testers
My old Test-Um Lanscaper died, and I was curious what people liked these days. Don’t need throughput testing or anything like that, just basic wire map testing, cable ID, cable length, PoE voltage, and DHCP client. What do y’all like? —Chris
Just got this apparently fake NANOG invoice - Looks phishy
Apparent MS-Word doc attached. Be careful out there. Return-Path: Received: from cross6.lu-visp.net (cross6.lu-visp.net [62.182.179.184]) by lenny.gizmopartners.com (8.14.7/8.14.7) with ESMTP id 08LJIMld018071 for ; Mon, 21 Sep 2020 19:18:25 GMT Message-Id: <202009211918.08ljimld018...@lenny.gizmopartners.com> Received: from [161.132.101.74] (unknown [161.132.101.74]) by cross4.lu-visp.net (Postfix) with ESMTPSA id 54FDC8808 for ; Mon, 21 Sep 2020 21:13:53 +0200 (CEST) Date: Mon, 21 Sep 2020 14:15:49 -0500 From: "NANOG" To: "Chris Boyd" Subject: Chris Boyd MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="--308522813199332622918802174927344" X-unconfigured-debian-site-MailScanner-ID: 54FDC8808.AF049 X-unconfigured-debian-site-MailScanner: Found to be clean X-unconfigured-debian-site-MailScanner-From: cb2004...@bristol.lu X-Spam-Status: No 308522813199332622918802174927344 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable =0DPlease let me know WHAT ADDRESS TO SEND TO. NANOG =0DOriginal Message-----=0DOn Mon, Sep 21, 2020 at 15:17 Chris Boyd wrote:=20 --=20 This message has been scanned for viruses and dangerous content by MailScanner, and is believed to be clean. 308522813199332622918802174927344 Content-Type: application/msword; name="INV #7565831.doc" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="INV #7565831.doc" 0M8R4KGxGuEA
Re: COVID-19 vs. our Networks
> On Mar 16, 2020, at 3:15 PM, Alexandre Petrescu > wrote: > > Please tell me about your city: do you know the numbers in your city? How > did you get the info? Austin’s health department has a web page with the current confirmed infection count, as well as a bunch of recommendations for various groups, in multiple languages. http://www.austintexas.gov/COVID19 Almost all the tech companies here have told everyone to work from home. We’re seeing lower utilization on our office connections due to split-horizon VPN policies. —Chris
ATT Microcell in Austin, TX
Since people on here like to talk about the generatorn run time on cell towers, I thought y’all might like to see an ATT microcell in downtown Austin, TX. No apparent generator or battery on it. https://imgur.com/a/RY9Tg7h —Chris
Re: Art and Tech is madness
> On Sep 6, 2019, at 1:18 PM, Scott Weeks wrote: > > This site is blocked due to a security threat that was discovered by the > Cisco Umbrella security researchers. Here’s a YouTube link. https://www.youtube.com/watch?v=9k6A0ZlhTyw —Chris
Re: Art and Tech is madness
There’s also this gem from 2005 or 2007 days. I’ve heard Cisco staff was involved in its creation. http://www.mattzrelak.com/mp3/t1down.htm —Chris > On Sep 5, 2019, at 8:14 AM, Ca By wrote: > > See below for high value of the list, both items are very pleasing > > On Thu, Sep 5, 2019 at 6:10 AM Hank Nussbacher wrote: > On 05/09/2019 08:09, Kasper Adel wrote: > > No. This is art & tech from 12 years ago: > https://www.youtube.com/watch?v=_y36fG2Oba0 > > -Hank > >> In SPRING a time when segment and routing had no mismatch, a time when isis >> and ospf ate a forbidden encap, all they had to do was forward bgp like its >> hot, but crazy flapping doesnt leave any real LDP without some real FSM >> check, My dynamic unnumbered neighbor. >> >> >> >> Suddenly, Out of order, an AS is overridden, we see frames dropping, we >> sniff a bit and it turns out, sfps are burning, we are in a place right now >> where ping and pong are jittery, their latency is tested, they cant >> strengthen their icmp bond with a warm bfd message, how can they keep >> everyone in ACK, safe from teardown and dampening, with this kind of ixp >> relationship??! but oh admin, we know forwarding works in its own mysterious >> ways. We are left with two non rfc compliant scavengers, bastard 802.1ah >> fools in a leaky yet shaped, buffer display of some runts and nimbles, and a >> giant too. >> >> They start their life of a packet, leaving one interface to a neighbor, from >> an adjacency to a peer, an endless loop, its a prefix hijack, but as they >> move from one stack to another, finding their way through a tunnel of memory >> failures and RMAs, one hell of an LSP ride, through firewall horrors and MTU >> mismatches, leaving behind, a sea of syslog messages and snmp alarms. >> Anyway, Their ttl expired and one funny access list abruptly denies them >> life, sending them to Null0, where they can be peacefully discarded. >> >> >> >> Thats what tech does to yeh > > > > >
Re: Time and Timing Servers
> On Jul 11, 2019, at 10:29 AM, Mike Hammett wrote: > > I'm looking for a device that can receive GPS inside a building without the > assistance of an external antenna (Frontier says they no longer allow > external antenna), will provide traditional NTP services, and will provide a > timing signal that my Metaswitch can work with. Since it’s a telco facility, maybe they can provide BITS service. Worth asking. —Chris
Re: Network Speed Testing and Monitoring Platform
> On Jan 17, 2019, at 7:17 AM, Colton Conor wrote: > > Besides mikrotik, I haven't found anything that doesn't require me to build a > solution. Like OpenWRT with ipef3, or something like that. > > Seems like a commercial solution would exist for this. I though CAF > providers have to test bandwidth for the FCC randomly to get funding? Bias note—I know the founders. The product is voice focused, but it does include the capability to run a speed test, and has all the cloud based reporting features that you’d expect today. https://www.replycloud.io —Chris
Re: California fires: smart speakers and emergency alerts
> On Jul 26, 2018, at 12:09 PM, valdis.kletni...@vt.edu wrote: > > Do those use a frequency band that's suitable for cellphones to monitor > (antenna > size, power, etc)? Because your best chance of getting my attention in an > emergency > is to make my phone start shrieking. VHF, on 7 frequencies: 162.400 162.425 162.450 162.475 162.500 162.525 162.550 That’s about 1.85 meter wavelength, so a quarter wave antenna would be pretty large. I’m sure the RF engineers can come up with a way to listen effectively without a huge antenna. —Chris
Re: California fires: smart speakers and emergency alerts
> On Jul 26, 2018, at 11:54 AM, Seth Mattinen wrote: > > People in tornado areas seem to be the most aware that alert radios already > exist. No internet access required. For those interested in more info, http://www.nws.noaa.gov/nwr/ Pretty popular service in rural Texas. —Chris
Re: DSL Operators Mailing List?
> On May 8, 2018, at 11:19 AM, Stephen Satchellwrote: > > (Not useful for those of us not on Facebook.) LIKE
Someone from T-Mobile who can shake a ticket loose?
Sorry for using the white paging phone, but I have an IPv4 reachability ticket that I opened back in January that’s stuck in limbo. Ticket number is either 26088938 or 18444951. Users on T-Mobile data can’t reach services in 208.89.64.0/21, specifically 208.89.64.154. —Chris
OT - Looking for a EU based equipment vendor
Sorry for the noise, but I need to find a company similar to ServerMonkey.com or Teksavers.com that’s based in France or Switzerland. My google-fu seems to be weak on this. Thanks! —Chris
Re: Spitballing IoT Security
> On Oct 26, 2016, at 6:40 PM, Ronald F. Guilmette> wrote: > > Point: I have a DSL line which is limited to 6Mbps down and 756Kbps up. > My guess is that if any typical/average user is seen to be using more > than, say, 1/10 of that amount of "up" bandwidth in any one given 10 > minute time period, then something is really really REALLY wrong. Online backup service like Carbonite and Backblaze copy lots of data upstream. iPhone backups would probably saturate your line for a good chunk of 10 minutes. Even posting a bunch of photos could take that long. Oh, and bittorrent. —Chris
Re: Spitballing IoT Security
> On Oct 25, 2016, at 3:10 AM, Ronald F. Guilmette> wrote: > > An IoT is -not- a general purpose computer. In the latter case, it is > assumed that the owner will "pop the hood" when it comes to the software > configuration. Ah, but they are. In many cases you can ship a product faster and cheaper with an ARM based system running a stripped down Linux and some specialty I/O than building a properly hardened custom microcontroller. Source: Recently went through a round of proposals and bids for a small IoT type product. Also, you probably _don’t_ want the average consumer “popping the hood” on their PC OS. They will screw something up. Worked in small business IT hell for 8 years, and that was the single most dangerous thing a customer could do. —Chris
Re: Death of the Internet, Film at 11
> On Oct 24, 2016, at 11:37 PM, b...@theworld.com wrote: > > Just curious but one wonders what most here would do with an abuse > complaint sent to them in Chinese? I’ve received a few of these, and if the email included an IP address or domain name on our networks, I’d run the thing through Google Translate and try to figure out what they were on about. Not that hard. —Chris
Re: Death of the Internet, Film at 11
> On Oct 22, 2016, at 7:34 AM, Mike Hammettwrote: > > "taken all necessary steps to insure that none of the numerous specific types > of CCVT thingies that Krebs and others identified" > > Serious question... how? Putting them behind a firewall without general Internet access seems to work for us. We have a lot of cheap IP cameras in our facility and none of them can reach the net. But this is probably a bit beyond the capabilities of the general home user. —Chris
Re: issues?
> On Jul 14, 2016, at 9:21 PM, Ryan Finneseywrote: > > Is this list having issues? The last message I received was late Tuesday. You didn’t get a message from your router vendor(s) that it’s time for the biennial cleaning of the intartubes and emptying of the bit buckets? —Chris
Google Geolocation issue
Dear list readers, please forgive the noise, but if there's anyone here from Google who can fix a geolocation issue I'd appreciate a reply. 208.81.245.226 is not in the UAE, it's in Austin, Texas. Yes, I have filled out the form to request a fix, but the AI or whatever that's supposed to fix it has not, and we're well into 3 months after the first report. Thanks, --Chris
Re: ISP License in the USA?
> On Jun 5, 2016, at 11:31 AM, Ryan Finneseywrote: > > Would you mind sharing some of the telecommunications focused law firms? I > am about to start a company that is going back into the CLEC/ISP/VoIP > Business and I am going to have to establish relationships with a few law > firms. I highly recommend McCollough Henry, PC in Austin, Texas. http://www.mccolloughhenry.com 1250 South Capital of Texas Highway Building 3, Suite 400 Austin, Texas 78746 (512) 782-2086 —Chris
Re: Google GeoIP issue
I too am having a similar problem. Used the remediation link at https://support.google.com/websearch/contact/ip and it’s only partially corrected. Users who log in to Google are seeing the US google.com page after they select the preferred country and languate, but everyone else is still getting google.ae. 208.81.245.226 is in Austin, TX. —Chris > On Jun 1, 2016, at 5:17 PM, Peter Loronwrote: > > Hello folks. An address we use is not identified as being in the correct > location by Google. Can someone from their NOC reach out off-list? > > Thanks. > > > Sent from my iPhone >
GeoIP database issues and the real world consequences
Interesting article. http://fusion.net/story/287592/internet-mapping-glitch-kansas-farm/ An hour’s drive from Wichita, Kansas, in a little town called Potwin, there is a 360-acre piece of land with a very big problem. The plot has been owned by the Vogelman family for more than a hundred years, though the current owner, Joyce Taylor née Vogelman, 82, now rents it out. The acreage is quiet and remote: a farm, a pasture, an old orchard, two barns, some hog shacks and a two-story house. It’s the kind of place you move to if you want to get away from it all. The nearest neighbor is a mile away, and the closest big town has just 13,000 people. It is real, rural America; in fact, it’s a two-hour drive from the exact geographical center of the United States. But instead of being a place of respite, the people who live on Joyce Taylor’s land find themselves in a technological horror story. For the last decade, Taylor and her renters have been visited by all kinds of mysterious trouble. They’ve been accused of being identity thieves, spammers, scammers and fraudsters. They’ve gotten visited by FBI agents, federal marshals, IRS collectors, ambulances searching for suicidal veterans, and police officers searching for runaway children. They’ve found people scrounging around in their barn. The renters have been doxxed, their names and addresses posted on the internet by vigilantes. Once, someone left a broken toilet in the driveway as a strange, indefinite threat. --Chris
Re: Ear protection
> On Sep 23, 2015, at 7:33 AM, Joe Grecowrote: > > Passive cooling typically translates to lower performance but also can > be more expensive. $DAYJOB uses an immersion cooling system so it’s higher performance and much quieter. —Chris
Re: WiFI on utility poles
> On Sep 9, 2015, at 11:13 PM, John Levinewrote: > > The placement may be suboptimal, but free wifi away from home is nice. > CableWifi really is a consortium, T-W customers can use Comcast's > hotspots and vice versa. If it were truly free and open access I’d be more tolerant of them stomping on my signal, but you have to be a CableCo customer in order to use it. The truly sucky thing about TWC’s deployment is that they are also installing it in restaurants, bars, and similar venues—sometimes displacing the open access setup that was already there. They conveniently forget to tell the owner/manager that it’s not really free access. —Chris (Who spent many hours helping restaurants, bars, and similar venues in the Austin area set up guest wireless networks.)
Re: Data Center operations mail list?
On Aug 15, 2015, at 12:13 PM, Martin Hannigan hanni...@gmail.com wrote: There is reasonable demand for a forum. It might need a little marketing to get a list with traction going. There seems to be some traction, with 268 members on the NADCOG list so far. —Chris
Re: Data Center operations mail list?
On Aug 12, 2015, at 7:53 AM, Oliver O'Boyle oliver.obo...@gmail.com wrote: I missed the subscription info. Can you repost please? I can be #100 :) http://lists.nadcog.org Welcome aboard. —Chris
Data Center operations mail list?
Is there a mail list that’s analogous to NANOG, but focused on the data center infrastructure and operations? The shorty.com hosted list is defunct. Thanks, and apologies for the tangential topic. —Chris
Re: Rasberry pi - high density
On Mon, 2015-05-11 at 14:36 -0700, Peter Baldridge wrote: I don't know how to do the math for the 'vat of oil scenario'. It's not something I've ever wanted to work with. It's pretty interesting what you can do with immersion cooling. I work with it at $DAYJOB. Similar to air cooling, but your coolant flow rates are much lower than air, and you don't need any fans in the systems--The pumps take the place of those. We save a lot of money on the cooling side, since we don't need to compress and expand gases/liquids. We can run with warmish (25-30C) water from cooling towers, and still keep the systems at a target temperature of 35C. --Chris
Re: Alcatel-Lucent 7750 Service Router (SR)
On May 6, 2015, at 5:24 PM, Colton Conor colton.co...@gmail.com wrote: I am worried as most tech's know Cisco and Juniper, so going to ALU would be a learning curve based on replies I am getting off list. It’s not that hard to learn if you know the basics of IP routing. I just did an implementation of A-L 7705 SAR 8s and 18s. Now I really wish that Cisco supported the “info” command. —Chris
Re: Cisco/Level3 takedown
On Apr 9, 2015, at 3:01 PM, Matt Olney (molney) mol...@cisco.com wrote: In response to Sameer Khosla's comment that we should work with the entire service provider community: Talos is the threat intelligence group within Cisco. We absolutely welcome discussions with any network operator on how we can improve the state of security on the Internet. Please contact me directly via email and we can have a discussion about how we can work together going forward. While I agree that the (at least temporary) mitigation of the threat was overall a good thing, I'm not really happy with the method used. Decisions to drop/block/filter traffic should be done locally. I would have appreciated Talos coming to the various *nog lists and saying something like Hey, there's some really bad guys here. Here's the evidence of their bad behavior, you really should block them. That probably would have had a wider reach than just going to Level3. --Chris
Re: BGP offloading (fixing legacy router BGP scalability issues)
Can we please get back to the original topic? So far we have had one interesting and useful suggestion that I've seen -- Paul S. mentioned SIR https://github.com/dbarrosop/sir Have I missed any other solutions other than the prefix length filtering? --Chris
Re: Charter ARP Leak
On Dec 29, 2014, at 11:51 AM, Jay Ashworth j...@baylink.com wrote: Ok. But the interface to which the cablemodem is attached, in the general single-DHCP-IP case, is a /24, is it not? No, I've seen multiple IPv4 /21s assigned to a single customer interface on a CMTS. The newer CMTS are beastly large boxes. The example Valdis posted had 5 or 6 different /24s from all over the v4 address space; that seems exceptionally sloppy routing... It's just the nature of having multiple secondary IP addresses on the same RF interface facing the customers I have seen ARP-traffic-not-for-me come through a cablemodem in the past as well, but it was *uniformly* for the /24 in which my modem's address lived that day. Cable modems are typically bridges (at least the ones that Work Right, IMHO), so it makes sense that you'll see all layer 2 broadcasts. If you live in a small enough town, or have business class service on your modem, you may only see a smaller or single subnet. On the residential side in a larger town you'll see lots of layer 2 stuff. --Chris
Re: Carrier Grade NAT
On Jul 29, 2014, at 10:23 AM, Mikael Abrahamsson wrote: If law enforcement comes along without port numbers then you give them a list of subscribers behind that IP at the time. Use port block allocation and keep track of the blocks to reduce logging load. There's probably going to be some interesting legal fallout from that practice. As an ISP customer, I'd be furious to find out that my communications had been intercepted due to the bad behavior of another user. --Chris
Re: Carrier Grade NAT
On Jul 29, 2014, at 11:54 AM, valdis.kletni...@vt.edu valdis.kletni...@vt.edu wrote: On Tue, 29 Jul 2014 11:42:31 -0500, Chris Boyd said: There's probably going to be some interesting legal fallout from that practice. As an ISP customer, I'd be furious to find out that my communications had been intercepted due to the bad behavior of another user. See the various lawsuits against the NSA - the vast majority have been summarily dismissed because the plaintiffs couldn't produce evidence their communications had in fact been intercepted, and thus they didn't have standing to sue. True, but there is a difference in this case, since I could probably find a way to do discovery of the warrant/subpoena that was delivered to the ISP--assuming it's not an NSL. I would assume that going into court with evidence of the warrant/subpoena would be sufficient to grant standing. Or the notice of intercepted communications that I've seen a few times would work too. In $DAYJOB, we're all colo/cloud, so the stuff we get specifies a specific date. Have not come across any that specify a few seconds of time as another poster noted. In any case IANAL, so who knows until the cases start showing up on the dockets. --Chris
Re: Muni Fiber and Politics
On Jul 21, 2014, at 1:38 PM, William Herrin wrote: The only exception I see to this would be if localities were constrained to providing point to point and point to multipoint communications infrastructure within the locality on a reasonable and non-discriminatory basis. The competition that would foster on the services side might outweigh the damage on the infrastructure side. Like public roads facilitate efficient transportation and freight despite the cost and potholes, though that's an imperfect simile. I was planning on staying out of this debate, but. I was involved in an effort a few years back to legalize municiple fiber buildouts in Texas for a few reasons: Lack of fiber penetration in smaller cities where pent up demand was not being met. Lack of competition in high speed data services in all but a few markets in the state. This being the heady days of WiFi, allow cities who chose to build out public access to do so without interference from any incumbent. And locally, allow the cities that already had fiber built out to use that fiber to earn additional revenue by leasing capacity to any carrier who wanted it. To put it mildly, the incumbents went off. Massive lobbying efforts. Astroturfing. End of the telecom world rhetoric. During the regular session, using a pro market argument that allowing open access to a city built fiber network would improve the comepetive landscape, we fought the anti-muni bill to a draw in the regular session. It was, of course, passed in a dead-of-night action in a follow-on special session. Cities were pretty well blocked from leasing fiber to others. Now almost 10 years later, I'm finally seeing stirring of real competition on the utility poles in my neighborhood. ATT is hanging new fiber and advertisting new high speed service on uVerse, TWC has increased their service levels without increasing prices. The change? Google Fiber. --Chris
Re: We hit half-million: The Cidr Report
On Apr 28, 2014, at 2:27 AM, Andy Davidson wrote: now aggregate it back down again, please. :-) I'm in the middle of a physical move. I promise I'll take the 3 deagg'd /24s out as soon as I can. --Chris
Re: The FCC is planning new net neutrality rules. And they could enshrine pay-for-play. - The Washington Post
I'd like to propose a new ICMP message type 3 code -- Communication with Destination Network is Financially Prohibited --Chris
Re: How to catch a cracker in the US?
On Mar 13, 2014, at 2:30 PM, James Downs wrote: On Mar 13, 2014, at 12:24 PM, William Herrin b...@herrin.us wrote: I'm afraid my google-fu doesn't reach back to the 1960's. You don't happen to have a handy reference do you? http://en.wikipedia.org/wiki/Hacker_%28term%29 http://www.catb.org/jargon/html/H/hacker.html
Re: About ddos-respo...@nfoservers.com
On Jan 24, 2014, at 8:36 AM, Jared Mauch wrote: You haven’t been able to get GTT/nLayer/TINet to track the traffic back? Details are welcome, either here or in private. There are plenty of people who will chase and fix this stuff when they’re aware of it. When OpenResolver Project was announced, there were about 60 abusable addresses in my corner of the Internet. I was able to get that number down under 20 by asking politely. The NFOserver reports have been a pretty good stick to get the number down below 10. --Chris
Re: NSA able to compromise Cisco, Juniper, Huawei switches
On Dec 31, 2013, at 7:05 AM, Ray Soucy wrote: I think there needs to be some clarification on how these tools get used, how often they're used, and if they're ever cleaned up when no longer part of an active operation. Of course we'll never get that. But that's exactly what we need. Look at CALEA. It has its warts and issues, but the rules are published so everyone knows how the game is played. Even with NSLs, there's apparently some oversight, and you can challenge certain aspects (though it's a long and expensive process). But backdooring gear, servers, BIOS, etc. has no rules. It's just chaos. You don't know if a customer has been targeted, so you can't take appropriate steps. You have no way of knowing if your gear is backdoored or who is using the backdoor. And simply knowing that there is a backdoor will increase the chances that it will be found and used by others. The known threat landscape has been increased by orders of magnitude. --Chris
RE: The US government has betrayed the Internet. We need to take it back
On Fri, 2013-09-06 at 23:03 +, Paul Donner (pdonner) wrote: Great opportunity for a country like Brazil (for example) to become a place of business for many of these services which are subject to Calea (and such) in the US. This type of behavior is certainly a motivator for folks in other countries to benefit, to our detriment. If the NSA is truly undermining the security of private enterprises which rely on compromised security implements, besides being counter productive, it will cost (maybe already has) in lost revenue or damages. Sooner or later this is going to take its toll. In the end the universal language of cold hard cash will reign. You mean like this? http://www.zdnet.com/u-s-cloud-industry-stands-to-lose-35-billion-amid-prism-fallout-718974/ As one currently working in the cloud this is deeply concerning. --Chris
Re: Revealed: NSA program collects 'nearly everything a user does on the internet'
On Jul 31, 2013, at 10:26 AM, \tei'' oscar.vi...@gmail.com oscar.vi...@gmail.com wrote: - Have I read it correctly. Can then break into a vpn connection, then leach documents that a german in pakistan is sending to his office in germany? I would guess that it's becasuse many VPN services still support PPTP which can be attacked as outlined here: http://www.schneier.com/paper-pptpv2.html --Chris
Re: Friday Hosing
On Wed, 2013-07-17 at 16:36 -0700, Roy wrote: On 7/17/2013 1:59 PM, Alex Harrowell wrote: On 15/07/13 01:09, Tony Patti wrote: TWELVE years ago (press release March 20 2001), Comcast deployed Linux-based Sun Cobalt Qube appliances as CPE with their business-class Internet service, these provided firewall security, web caching, optional content filtering, an e-mail server, a web server, file and print servers. This is a good idea. . Whistle Interjet -- circa 1995 I still have one of the T-Shirts Julian gave somewhere. --Chris
Re: Tier1 blackholing policy?
On Tue, 2013-04-30 at 10:59 -0400, ML wrote: 1) Do nothing - They're supposed deliver any and all bits (Disregarding a DoS or similiar situation which impedes said network) 2) Prefix filter - Don't be a party (at least in one direction) to the bad actors traffic. 3 - Deliver all packets unless I've signed up for an enhanced security offering? --Chris
Re: Open Resolver Problems
On Mar 31, 2013, at 8:46 PM, Jared Mauch wrote: Many thanks to everyone that is treating this as a critical issue to close these hosts. Just back to the office, and started checking my networks. Found one of the resolvers is a Netgear SOHO NAT box. EoL'd, no new firmware available. Anyone have any feeling for what percentage are these types of boxes? --Chris
Re: [SHAME] Spam Rats
On Jan 9, 2013, at 8:58 PM, Julian DeMarchi wrote: This is the first RBL I have seen list a /24 for lack of PTRs. Not for sending spam, but just PTRs alone. How do you explain this to your customer? We're small shop, but our policy is not to accept email from addresses without PTRs. And we have a long list of pool/dhcp/dyn/resnet PTRs we don't accept mail from as well. I tried SpamRats a few years ago, but found them to have too many false positives. Then, they were trying to be early detectors of spam orginiating from static IP cable/DSL customers. Good idea, but poorly executed in operation. --Chris
Re: Big Temporary Networks
On Sep 13, 2012, at 9:29 AM, Jay Ashworth wrote: If not, do any of the people who've already done have 5 minutes to chime in on what they did and what they learned? I have not done any that size/duration but I have done some where the scale is 1000s of attendees over a long weekend event, with small budgets. You'll need a beefy NAT box. Linux with Xeon CPU and 4GB RAM minimum. Run your DNS resolver and DHCP here, unless you have hardware to spare. Set your DCHP lease time to 1 hour so you don't have an address tied up for someone who stopped in for 15 minutes three days ago. If you don't have any sort of WiFi controller, name the APs differently. People are really pretty good about picking the AP with the best signal strength. Configure and test your equipment before you get to the venue because you will be running around tryiong to find the electrician to turn on the breakers you need, and they forgot about. Change the default passwords on the APs. I did a lot of these for maker/hacker crowds, and there's great fun to be had in advertising rude SSID names. Bandwidth. Lots of Bandwidth. --Chris
Re: Big Temporary Networks
On Sep 13, 2012, at 11:32 AM, Tim Franklin wrote: Chris Scribbled: You'll need a beefy NAT box. Linux with Xeon CPU and 4GB RAM minimum. Or not. The CCC presentation is showing *real* Internet for everyone, unless I'm very much mistaken... If you know of an ISP in Central Texas that can deploy a 10Mbit plus connection along with a /22 of v4 address space for a 1 day event, please let me know. TWCable has been pretty easy to work with for special events, but I'd be really surprised to see them be able to do that. --Chris
Re: BGPttH. Neustar can do it, why can't we?
On Aug 6, 2012, at 9:08 AM, Christopher Morrow wrote: I'm curious as to your number... where is that from? Marhsall had noted a number of 'small businesses' in the US at ~1.4m as of ~2006ish? Speaking as someone who does a lot of work supporting small business IT, I suspect the number is much lower. As a group, these customers tend to be extremely cost averse. Paying for a secondary access circuit may become important as cloud applications become more critical for the market segment, but existing smart NAT boxes that detect primary upstream failure and switch over to a secondary ISP will work for many cases. Yes, it's ugly, but it gets them reconnected to the off-site email server and the payment card gateway. --Chris
Re: Heads-up: spammer Scott Whittle/iptechlabs.com/iptechnologylabs.com hitting addresses harvested from NANOG list
On Jun 13, 2012, at 10:56 AM, Patrick W. Gilmore wrote: Is his upstream, or the upstream of his hosting provider, on NANOG or IETF? My sample came via GoDaddy: Return-Path: scott.whit...@iptechlabs.com Received: from p3plsmtps2ded01-02.prod.phx3.secureserver.net (p3plsmtps2ded01.prod.phx3.secureserver.net [208.109.80.58]) by gandalf.gizmopartners.com (8.14.3/8.14.3) with SMTP id q5D5ERPD029411 for x...@gizmopartners.com; Wed, 13 Jun 2012 00:14:58 -0500 (CDT) (envelope-from scott.whit...@iptechlabs.com) --Chris
Re: Google SDN slides @NANOG55
On Jun 11, 2012, at 8:04 PM, Ray Qiu wrote: Hi, Could someone please share the SDN slides that Google presented at NANOG55? It is still not on the web. Thanks! Please post a link to the list. Thanks! +1 --Chris
Re: AS Connectivity Lookup
On Mar 7, 2012, at 11:39 AM, Hank Nussbacher wrote: Try: http://www.fixedorbit.com/search.htm and do an ASN search. -Hank Is that info supposed to be current? It's wildly out of date for us (35970). bgp.he.net has all the correct information. --Chris
Re: Internet mauled by bears
On Sep 19, 2011, at 8:49 PM, Richard Barnes wrote: And if they turn up the voltage on the fence high enough, dinner could be cooked by the time the crew gets there! Nah, they are high frequency and high voltage, but very low current. It's uncomfortable and may cause local burning similar to a TENS unit turned up too high. Here's another critter ate the Internet blog post: http://blog.lafayetteprofiber.com/2008/06/nutria-ratsand-fiber.html --Chris (who once fell off the top of a dual level loading chute when he didn't see the hot wire that someone strung 3 feet above the chute.)
Re: Mailing list/group for datacenter facilities folks
On Sep 7, 2011, at 8:03 PM, Jimmy Hess wrote: Probably with all air removed from the environment, and a sound thermal medium such as oil pumped in in its place (make sure to use SSDs for all storage and no mechanical devices). There are ways to submerge spinning disks. http://www.grcooling.com/ http://www.midasgreentech.com/ :-) --Chris
Re: Mailing list/group for datacenter facilities folks
On Sep 7, 2011, at 1:28 PM, Drew Weaver wrote: Just wondering, Is anyone aware whether there is already an active mailing list/group for datacenter facilities folks to discuss power, cooling, physical infrastructure, etc, etc...? There was one at shorty.com, but that's now a paintball / Airsoft site. $DAYJOB is willing to host a new maillist though. Give me a while and we'll get one set up. --Chris
Re: Mailing list/group for datacenter facilities folks
On Sep 7, 2011, at 3:09 PM, Drew Weaver wrote: dc-...@puck.nether.net thanks Jared =) +1, beat me to it. Thanks! --Chris
Re: Over a decade of DDOS--any progress yet?
On Dec 8, 2010, at 9:33 AM, Arturo Servin wrote: Yes, but all of them rely on your upstreams or in mirroring your content. If 100 Mbps are reaching your input interface of 10Mbps there is not much that you can do. Hmm. What would be really cool is if you could use Snort, NetFlow/NBAR, or some other sort of DPI tech to find specifically the IP addresses of the DDoS bots, and then pass that information back upstream via BGP communities that tell your peer router to drop traffic from those addresses. That way the target of the traffic can continue to function if the DDoS traffic doesn't closely mimic the normal traffic. Your BGP peer router would need to have lots of memory for /32 or /64 routes though. Anyone heard of such a beast? Or is this how the stuff from places like Arbor Networks do their thing? --Chris
Re: Token ring? topic hijack: was Re: Mystery open source switching
On Nov 1, 2010, at 11:48 AM, Nick Hilliard wrote: And FDDI and X.25 and every single legacy protocol Are there still any commercial X.25 nets in operation? I had some peripheral involvement with Tymnet in the MCI/Concert conversion, and hear it shut down sometime in 2003-4. --Chris
Re: IPv6 Routing table will be bloated?
On Oct 26, 2010, at 2:45 PM, George Bonser wrote: But how do they multihome without an ASN? If they have an ASN, how did they get it without going to an RIR and paying a fee? I beleive Jack said that they have redundant connections to his network. I took that to mean that they did not multihome to different AS. Such arrangements are not uncommon. Sprint seems to have done very well selling this sort of near-turnkey service to rural DSL carriers, tiny single town MSOs and the like. --Chris
Re: Randy in Nevis
On Sep 29, 2010, at 7:26 AM, John Peach wrote: With IANA? It's common knowledge that 465 is smtps, whatever else IANA might say. http://www.ietf.org/rfc/rfc4409.txt Here's what they've had to say over time: http://web.archive.org/web/20010519080902/http://www.iana.org/assignments/port-numbers Says it's unassigned. Then they assign it to URL Rendezvous a few months after that. http://web.archive.org/web/20010813015738/http://www.iana.org/assignments/port-numbers We currently support SMTP submission over 465 since there are still some old cranky Outlook versions out there that simply don't appear to be able to support connecting to 587, but it's been 18 months since we got a call like that, so we'll probably be shutting that off soon. --Chris
Re: Did Internet Founders Actually Anticipate Paid, Prioritized Traffic?
On Sep 16, 2010, at 12:15 AM, George Bonser wrote: I believe a network should be able to sell priotitization at the edge, but not in the core. I have no problem with Y!, for example, paying a network to be prioritized ahead of bit torrent on the segment to the end user but I do have a problem with networks selling prioritized access through the core as that only gives an incentive to congest the network to create revenue. end user I DO have a problem with a content provider paying to get priority access on the last mile. I have no particular interest in any of the content that Yahoo provides, but I do have an interest in downloading my Linux updates via torrents. Should I have to go back and bid against Yahoo just so I can get my packets in a timely fashion? /end user I understand that the last mile is going to be a congestion point, but the idea of allowing a bidding war for priority access for that capacity seems to be a path to madness. --Chris
Re: off-topic: summary on Internet traffic growth History
On Aug 11, 2010, at 1:13 PM, John Lee wrote: MCI bought MFS-Datanet because MCI had the customers and MFS-Datanet had all of the fiber running to key locations at the time and could drastically cut MCI's costs. UUNET merged with MCI and their traffic was put on this same network. MCI went belly up and Verizon bought the network. Although not directly involved in the MCI Internet operations, I read all the announcements that came across the email when I worked at MCI from early 1993 to late 1998. My recollection is that Worldcom bought out MFS. UUnet was a later acquisition by the Worldcom monster (no, no biases here :-). While this was going on MCI was building and running what was called the BIPP (Basic IP Platform) internally. That product was at least reasonably successful, enough so that some gummint powers that be required divestiture of the BIPP from the company that would come out of the proposed acquisition of MCI by Worldcom. The regulators felt that Worldcom would have too large a share of the North American Internet traffic. The BIPP went with BT IIRC, and I think finally landed in Global Crossing's assets. --Chris
Re: Broadband initiatives - impact to your network?
On Jun 28, 2010, at 7:42 PM, Eric Brunner-Williams wrote: Is unidirectional transport (monitized video streams) the rural service most absent and most valued, or are other characteristics of networks competitive with, or superior to, that service model? If you drive around rural central and northeastern Texas, every ranch house and bunkhouse has a DirecTV or Dish installation. Surprisingly, many of these same houses also have DSL available from the (heavily subsidized) telephone coops in the area. The speeds aren't screaming, typically being in the 300-700 down/128-384 up ADSL-2+ range. So the demand is there, and so is the service in some areas. --Chris
Re: Emulating ADSL bandwidth shaping
On May 4, 2010, at 7:27 AM, Marshall Eubanks wrote: I am not sure what the point is in mixing in speed of light latency. If your typical sites are, say, Indian cricket blogs, you will typically have a high latency from the US. What does that tell you about your DSL or Cable system, except that it is somewhat removed from India ? Most of the ADSL installations I've seen in SBC 13 state area had interleaving turned on, which significantly increases latency. I suspect that's why many cable MSOs in the same territory have cable is better for gaming marketing campaigns running all the time. So the latency you see on an ADSL line is dependent on how the carrier set up the DSLAM. --Chris
Re: Emulating ADSL bandwidth shaping
On May 4, 2010, at 8:42 AM, isabel dias wrote: Is cable better for gamming? All the LAN party places I know of use Metro Ethernet solutions. Gamers like low ping times to their servers, and are willing to spend $$ to get them. So if your target market includes people who play a lot of first person shooters, it may be worthwhile to consider offering a low latency setup for them. --Chris
Re: Problem from Comcast Network to The Planet
On Mar 5, 2010, at 3:33 PM, Zachary Frederick wrote: We have been having a problem emailing to a customer whose server is hosted by The Planet (http://www.theplanet.com/). Our mail server is hosted in-house on a comcast business connection. I don't know what's going on in the Comcast network, but I've been having similar fits with a single IP address in my network. Comcast can get to nearby IP addresses in the same /24 no issue. The Comcast customer in my case is in Florida, and I get to them via TWTelecom. I know it's not my net, and TWT was very helpful and knows it's not their net. Attempts to get Comcast to look into it seem to end with them pinging their customer's IP address from the Comcast support center and terminating the call since they can reach them. --Chris
Re: austin eats
On Feb 17, 2010, at 5:23 PM, Randy Bush wrote: which raises the critical question, where is the nearest decent (i.e. not fourbucks) coffee to the venue? https://auth.lessnetworks.com/v099/app?service=direct/1/Home/hotList_col3sp=0sp=SDESC Has a list of some hotspots. The Schlotzky's across the street from SBUX downtown also has free access. There's also a city sponsored network available in several of the downtown parks. --Chris
Re: austin eats
On Feb 17, 2010, at 10:33 AM, Mike Lyon wrote: Don't forget the Salt Lick... BBQ lovers should go to House Park BBQ. Most of the time the sign out front says you don't need no teef to eat my meef http://www.yelp.com/biz/house-park-bar-b-q-austin Cash only! If you want to make a short drive out to the east side of town and help your cardiologist make a boat payment or two, get the Don Juan breakfast taco from Juan in a Million. This place was featured on Man vs. Food a while back. http://www.juaninamillion.com/ If you get tired of Tex-Mex, there's a good interior Mexican place downtown. Manuel's. http://www.manuels.com/ Guiness fans should stop in at BD Riley's downtown. http://www.bdrileys.com/ Most coffee shops, bars and restaurants have wifi hotspots since there's an active group of volunteers that helps install and maintain them. --Chris
Re: austin eats
On Feb 17, 2010, at 2:04 PM, Will Clayton wrote: Maudi's on Lake Austin and Taco Deli are always on my menu. We just got some Buffalo Wild Wings in town if you are in to that. If you make it to NXNW get the Calimari. If you wind up ordering pizza, shop local and get the best pizza for the best price in town at Austin's Pizza. Austin's is good, but HomeSlice on South Congress is better, and you can walk on down to Trophy's, Continental Club, or the garden at Guero's and take in a band. http://www.homeslicepizza.com/ http://austin.citysearch.com/profile/10210801/austin_tx/trophy_s_bar_grill.html http://www.continentalclub.com/ http://www.guerostacobar.com/
Re: ISP port blocking practice
On Oct 22, 2009, at 6:14 PM, Lyndon Nerenberg (VE6BBM/VE7TFX) wrote: My experience is that port 587 isn't used because ISPs block it out-of-hand. Or in the case of Rogers in (at least) Vancouver, hijack it with a proxy that filters out the AUTH parts of the EHLO response, making the whole point of using the submission service ... pointless. We use 587 quite a lot (with SMTP Auth and SSL/TLS), and have found _very_ few places block or proxy it. We don't have any/many customers in Rogers service areas though. The biggest reason people don't use it is that it requires some thought and tweaking settings in the advanced tab areas of many email clients. Newer email clients are actually starting to look for submission port and SSL support and configuring it autmatically if they find it. Once it's set up correctly we've found customers really like it since their email just works in most places. --Chris
Re: ISP port blocking practice
On Oct 23, 2009, at 12:15 PM, Lyndon Nerenberg (VE6BBM/VE7TFX) wrote: As for outright blockage of port 587, I get this complaint from many of my clients while they are on the road. It seems hotels love to block it. I travel a bit (used to a lot) and only found one place that proxied it. Never saw an outright block. A call to the support group actually got if fixed in about 45 minutes. Call and complain if it's broken. You are the customer at that point. --Chris
Intel wants to hook 15 billion embedded devices to the Internet in 6 years
Oddly, none of the courses in the event discuss IPv6. http://www.intelembeddedevent.com/ Intel® Embedded eVent We’re standing at the forefront of the Embedded Internet Era. The opportunities are yours. The networked world is growing at a tremendous pace. In just six years, it’s expected that 15 Billion intelligent devices will be connected to the internet. And, with your imagination and hard work, Intel can be a part of many of the devices that will revolutionize the way we work, talk, play and move. So, Intel is hosting our first virtual tradeshow, the Intel Embedded eVent, and we want you to join us! It’s a one day event that will showcase Intel technologies and our customers’ innovation in intelligent, connected devices.
Re: ingress SMTP
On Sep 3, 2008, at 4:36 PM, Frank Bulk wrote: I would like to point my customers to port 587, but that kind of configuration is still in its infancy. We're a small managed services provider, and we started doing authenticated SMTP with TLS on port 587 six years ago. It's at least in kindergarten :-) Once we explain the advantages, our customers love it since their email just works pretty much wherever they go. As a former manager for a small resnet, blocking port 25 outbound is A Good Thing. Cut abuse email down by a huge factor. --Chris
Re: Power/temperature monitoring
We've got a couple of the (beta test) mini goose climate monitors installed. Takes up less space than the big APC boxes we've been using. http://www.itwatchdogs.com/ --Chris