RE: Stupid Question maybe?

[David Edelman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

You could be sure of two things when there were ambiguities in the routing 
tables:
 1- Every manufacturer knew how to handle them.
2 - Every manufacturer did it a different way.

I suspect that in most cases where two conflicting route entries existed, the 
router selected the first one that it encountered unless they were advertised 
using different protocols, then the priority associated with the protocol was 
used as a tie breaker.

Dave

- -Original Message-
From: NANOG  On Behalf Of Owen DeLong
Sent: Wednesday, December 19, 2018 3:47 PM
To: Thomas Bellman 
Cc: nanog@nanog.org
Subject: Re: Stupid Question maybe?



> On Dec 19, 2018, at 12:11 , Thomas Bellman  wrote:
> 
> On 2018-12-19 20:47 MET, valdis.kletni...@vt.edu wrote:
> 
>> There was indeed a fairly long stretch of time (until the CIDR RFC 
>> came out and specifically said it wasn't at all canon) where we 
>> didn't have an RFC that specifically said that netmask bits had to be 
>> contiguous.
> 
> How did routers select the best (most specific) route for an address?
> If the routing table held both (e.g.) 10.20.30.0/255.255.255.64 and 
> 10.20.30.0/255.255.255.32, then 10.20.30.97 would match both, and have 
> the same number of matching bits.
> 
>   /Bellman
> 

The institution of the longest match rule came with the prohibition 
(deprecation) of discontiguous net masks.

Owen
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQP+UHquEepll566aqXCCyZOY1FIQUCXBq72AAKCRCXCCyZOY1F
IVcSAKDwHTb8NranEYcejX1CJQwz0h318QCfSBzQMCiJ2uZwOxt3gvPTe3f38KE=
=HMXc
-END PGP SIGNATURE-

RE: Stupid Question maybe?

[David Edelman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I seem to remember that before the advent of VLSM and CIDR there was no 
requirement for the 1 bits in the netmask to be contiguous with no intervening 
0 bits and there was always someone who tested it out on a production network 
just to prove a point (usually only once) 

Dave

- -Original Message-
From: NANOG  On Behalf Of Naslund, Steve
Sent: Tuesday, December 18, 2018 3:37 PM
To: nanog@nanog.org
Subject: RE: Stupid Question maybe?

It is a matter of machine readability vs human readability.  Remember the IP 
was around when routers did not have a lot of horsepower.  The dotted decimal 
notation was a compromise between pure binary (which the equipment used) and 
human readability.  VLSM seems obvious now but in the beginning organizing 
various length routes into very expensive memory and low horsepower processors 
meant that it was much easier to break routes down along byte boundaries.  This 
meant you only had four different lengths of route to deal with.  It was 
intended to eliminate multiple passes sorting the tables.  I am not quite sure 
what you mean about interspersing zeros, that would be meaningless.  Remember 
that it is a mask.  The address bits which are masked as 1s are significant to 
routing.  The bits that are masked with 0s are the host portion and don't 
matter to the network routing table.  

Steven Naslund
Chicago IL


>/24 is certainly cleaner than 255.255.255.0.
>
>I seem to remember it was Phil Karn who in the early 80's suggested that 
>expressing subnet masks as the number of bits from the top end of the address 
>word was efficient, since subnet masks were always a series of ones followd 
>>by zeros with no interspersing, which was incorporated (or independently 
>invented) about a decade later as CIDR a.b.c.d/n notation in RFC1519.
>   - Brian
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQP+UHquEepll566aqXCCyZOY1FIQUCXBlw1AAKCRCXCCyZOY1F
IYkTAJ98Gh+IGhDcyIB92H9JyWtbCVDhugCfZXq60pnHCqttKfw2fpUCBagTxYo=
=RimM
-END PGP SIGNATURE-

RE: bloomberg on supermicro: sky is falling

[David Edelman]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

I agree that bank fees for transfers between accounts is unusual. There may be 
a limit on the number of transfers you can do each month but typically no fees. 
I agree with the point about using a credit card for gas purchases, since you 
are currently using a debit card, you are going to be paying the credit card 
off each month and there is no interest charge, this assumes that you have a 
credit card already. If you do have a credit card and it isn't one that has 
awards, consider switching to one that does have awards that are useful to you. 
Switch all of the stuff that you would normally pay with the ATM card to the 
credit card but remember treat the credit card like an ATM card and pay in full 
each billing cycle.
I would argue that the liability protections are actually better with an ATM 
card since there is a requirement for the bank to make you whole without even a 
$50 maximum liability. The user experience may be better with the credit card.

Dave Edelman

- -Original Message-
From: NANOG  On Behalf Of William Herrin
Sent: Friday, October 12, 2018 4:53 PM
To: Naslund, Steve 
Cc: nanog@nanog.org
Subject: Re: bloomberg on supermicro: sky is falling

On Fri, Oct 12, 2018 at 4:39 PM Naslund, Steve  wrote:
> >Make a second account at your bank.  One account is 'storage' and has 
> >all your money.  You never use the 'storage account' ATM card for 
> >anything outside your bank's ATM machines.
>
> Doubling the service fees from your bank.

Hi Steve,

Your bank charges you service fees?

When I opened an additional checking account so I'd have something to link 
paypal to, it was free.


> >The second one is where you only keep $50-$100 in it.  When you use 
> >your ATM card it's only this account that's used.  Just before you 
> >make a purchase, move money from your 'storage account' into your 
> >'active account' and make the purchase.
>
> Don’t really want to be doing transfers with service fees every time I 
> decide to fill up the gas tank.

Your bank charges you a service fee to move money from one account to another 
at the same bank? Weird. Also, why would you buy gas (or anything else) with a 
debit card? Your legal liability protections with a credit card are better. 
Under the Fair Credit Billing Act, the consumer's maximum liability for a 
credit card breach is $50 and most banks waive that as well.

Regards,
Bill Herrin


- --
William Herrin  her...@dirtside.com  b...@herrin.us Dirtside 
Systems . Web: 
-BEGIN PGP SIGNATURE-

iF0EARECAB0WIQQP+UHquEepll566aqXCCyZOY1FIQUCW8EXowAKCRCXCCyZOY1F
Ib9nAKDKOUa+9HbWpWUxLqjHKe+BqQfJQACfbSNVz1rI2RNx004qw3B299L/E8Q=
=LUpC
-END PGP SIGNATURE-

RE: SHA1 collisions proven possisble

[David Edelman]

Especially if that "document" is a component of a ciphersuite exchange.

--Dave

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of
valdis.kletni...@vt.edu
Sent: Thursday, February 23, 2017 9:22 PM
To: Ricky Beam 
Cc: nanog@nanog.org
Subject: Re: SHA1 collisions proven possisble

On Thu, 23 Feb 2017 21:10:42 -0500, "Ricky Beam" said:

> When you can do that in the timespan of weeks or days, get back to me.
> Today, it takes years to calculate a collision, and you have to start 
> with a document specifically engineered to be modified. (such 
> documents are easily spotted upon inspection: why does this word doc 
> contain two
> documents?)

That question never arises, because this word doc contains only one
document.

The *OTHER* word doc also contains only one document.

> You can't take any random document, modify it to say what you want, 
> and keep the same hash. People still haven't been able to do that with 
> MD5, and that's been "broken" for a long time.

That doesn't change the fact that if I can get you to sign a document I
present to you, I can still have lots of fun at your expense.

Re: bad announcement taxonomy

[David Edelman]

How about Origin Obfuscation

--Dave

Dave Edelman


> On Nov 18, 2015, at 16:51, Joe Abley  wrote:
> 
> 
> 
>> On 18 Nov 2015, at 15:55, Arturo Servin wrote:
>> 
>> Laundered route
> 
> The routes in question are not just being laundered, they're being bleached.
> 
> 
> Joe

Re: oss netflow collector/trending/analysis

[David Edelman]

Argus (qosient.com) is worth looking at. 


Dave Edelman


 On May 2, 2014, at 12:21, Leslie geekg...@gmail.com wrote:
 
 pmacct (http://www.pmacct.net/) is another pretty awesome open source tool.
 
 Leslie
 
 On Fri, May 2, 2014 at 8:00 AM, Avi Freedman freed...@freedman.net wrote:
 
 There's also SiLK from CMU.  It's powerful but has a learning curve.
 
 I also see pmacct being used both by some end networks and by
 some vendors as part of systems.
 
 Avi
 
 Hey There,
 
 I was just wondering, for people who are doing netflow analysis with
 open source tools and who are doing at least 10k or more flows per
 second, what are you using?
 
 I know of three tool sets:
 
 - The classic osu flow-tools and the modern continuation/fork.
 - ntop
 - nfdump/nfsen
 
 Is there anything else I've missed? A few folks here really seem to like
 nfsen/nfdump.
 
 Thanks,
 
 Matt
 

IANA Reference to hopopt as a protocol

[David Edelman]

Does anyone have an explanation for the IPv6 hopopt appearing as  protocol
value 0  in http://www.iana.org/assignments/protocol-numbers? 

--Dave

RE: chargen is the new DDoS tool?

[David Edelman]

I can just see someone spoofing a packet from victimA port 7/UDP to victimB
port 19/UDP.  

--Dave


-Original Message-
From: Leo Bicknell [mailto:bickn...@ufp.org] 
Sent: Tuesday, June 11, 2013 3:13 PM
To: Bernhard Schmidt
Cc: nanog@nanog.org
Subject: Re: chargen is the new DDoS tool?


On Jun 11, 2013, at 10:39 AM, Bernhard Schmidt be...@birkenwald.de wrote:

 This seems to be something new. There aren't a lot of systems in our 
 network responding to chargen, but those that do have a 15x 
 amplification factor and generate more traffic than we have seen with 
 abused open resolvers.

The number is non-zero?  In 2013?

While blocking it at your border is probably a fine way of mitigating the
problem, I would recommend doing an internal nmap scan for such things,
finding the systems that respond, and talking with their owners.

Please report back to NANOG after talking to them letting us know if the
owners were still using SunOS 4.x boxes for some reason, had accidentally
enabled chargen, or if some malware had set up the servers.  Inquiring minds
would like to know!

-- 
   Leo Bicknell - bickn...@ufp.org - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/

Re: Looking for Netflow analysis package

[David Edelman]

Take a look at argus www.qosient.com



Dave Edelman


On May 14, 2013, at 19:17, Mike Hale eyeronic.des...@gmail.com wrote:

 Solarwinds netflow is also way, way overpriced for what you get...and
 their license model for Netflow is utterly ridiculous.
 
 I like Splunk plus Netflow integrator.  With some custom lookup
 tables, you might be able to code up a view that'll show you the
 per-ASN stats.  You can definitely do it by Subnet pretty easily.
 
 On Tue, May 14, 2013 at 4:10 PM, David Hubbard
 dhubb...@dino.hostasaurus.com wrote:
 The Netflow analyzer from Solarwinds works pretty well for
 all of that provided you're receiving the data from a
 Cisco source that does netflow v9.  It is not very useful
 at all for sflow though because they haven't updated it to
 recognize the ASN data.  Their sales staff will also hound
 you relentlessly about 'special pricing' for their other
 products while not actually being willing to give anything
 all that special, so use a throwaway email address and phone
 number if you do choose to purchase and don't want to be
 bothered.
 
 David
 
 -Original Message-
 From: Erik Sundberg [mailto:esundb...@nitelusa.com]
 Sent: Tuesday, May 14, 2013 7:00 PM
 To: nanog@nanog.org
 Subject: Looking for Netflow analysis package
 
 Does anyone know of a netflow collector that will do the following.
 *Graph/List Destination Networks By Top AS
 *Graph/List Destination Networks By Top IP Address
 *AS Path Analysis
 *Traffic Type (ICMP, TCP, UDP, IPSEC, HTTP, SSH, SMTP, etc..)
 
 We will be using this to help us decide who to Peer with and
 what transit Providers to look at.
 
 I am familiar with Arbor Network's Peak Flow utility but it's
 a little too pricy.
 I also found AS-Stats https://neon1.net/as-stats/ look
 promising from the power point on their page.
 
 Thanks
 Erik
 
 
 
 
 CONFIDENTIALITY NOTICE: This e-mail transmission, and any
 documents, files or previous e-mail messages attached to it
 may contain confidential information that is legally
 privileged. If you are not the intended recipient, or a
 person responsible for delivering it to the intended
 recipient, you are hereby notified that any disclosure,
 copying, distribution or use of any of the information
 contained in or attached to this transmission is STRICTLY
 PROHIBITED. If you have received this transmission in error
 please notify the sender immediately by replying to this
 e-mail. You must destroy the original transmission and its
 attachments without reading or saving in any manner. Thank you.
 
 
 
 -- 
 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
 

Re: why haven't ethernet connectors changed?

[David Edelman]

I think that you might be describing the DIX connector retaining clamp. 


Dave Edelman


On Dec 20, 2012, at 13:40, Howard C. Berkowitz h...@netcases.net wrote:

 On 12/20/2012 1:20 PM, Michael Thomas wrote:
 I was looking at a Raspberry Pi board and was struck with how large the 
 ethernet
 connector is in comparison to the board as a whole. It strikes me: ethernet
 connectors haven't changed that I'm aware in pretty much 25 years. Every 
 other
 cable has changed several times in that time frame. I imaging that if anybody
 cared, ethernet cables could be many times smaller. Looking at wiring 
 closets,
 etc, it seems like it might be a big win for density too.
 
 So why, oh why, nanog the omniscient do we still use rj45's?
 
 Mike
 Seen an AUI or vampire tap recently?  Vampires made a certain amount of 
 sense, but the AUI connector seemed to have little purpose other than 
 recycling weak metal from Coors beer cans.  IIRC, the inventor apologized.