SHA1 collisions proven possisble

[Grant Ridder]

Coworker passed this on to me.

Looks like SHA1 hash collisions are now achievable in a reasonable time
period
https://shattered.io/

-Grant

Krebs on Security booted off Akamai network after DDoS attack proves pricey

[Grant Ridder]

Didn't realize Akamai kicked out or disabled customers
http://www.zdnet.com/article/krebs-on-security-booted-off-akamai-network-after-ddos-attack-proves-pricey/

"Security blog Krebs on Security has been taken offline by host Akamai
Technologies following a DDoS attack which reached 665 Gbps in size."

-Grant

Re: syslog server

[Grant Ridder]

+1 for ELKK (with kafka)
Doing several hundred GB of log per day with a dozen instances on AWS (ES
cluster + logstash hosts + kafak cluster)

-Grant

On Mon, Jun 6, 2016 at 11:25 PM,  wrote:

> On Mon, 06 Jun 2016 14:59:51 -0600, Maximino Velazquez said:
> > What is the best syslog server  (opensource)?
>
> Step 0:  Define what "best" means in your environment.
>
> What features do you need?  Routing to a central aggregation server over
> TLS?
> Powerful regex-based routing?  Ingestion into a database (a la splunk or
> Elk)
> for data mining?  Ability to deal with insanely high message rates? Other
> must-have or don't-care features?  License pricing? Vendor support?
>
> Step 1:  After figuring out what you need, make a matrix of the available
> options and how well they fit.
>
> (We have in production syslog-ng, rsyslog, splunk, Elk, and probably a few
> others I've forgotten, for different purposes)
>
>

Re: GitHub outage - idle speculation thread

[Grant Ridder]

I haven't had any issues w/ push and pull via SSH so far during the
outage.  Appears to be only HTTP based interactions.

-Grant

On Wed, Jan 27, 2016 at 6:19 PM, Alex Forster  wrote:

> Github has been down for about two hours now. No good public information
> that I can find so far, except that they mention a "network disruption" in
> early status updates. However, nothing interesting is showing up in BGPlay
> (like a shift over to Prolexic due to a DDoS). Their colocation provider
> is Rackspace, but Rackspace hasn't posted about any wider issues.
>
> https://status.github.com/graphs/past_day
>
>
> Alex Forster
>
>

Re: ICYMI: FBI looking into LA fiber cuts, Super Bowl

[Grant Ridder]

Broke ground in April 2012
http://www.mercurynews.com/southbayfootball/ci_20434376/49ers-break-ground-this-evening-stadium-at-center

-Grant

On Tue, Jan 19, 2016 at 12:12 PM, Jay R. Ashworth  wrote:

> - Original Message -
> > From: "Owen DeLong" 
>
> > Correct me if I’m wrong, but these FO vandalisms have been going on in
> the bay
> > area since before the stadium
> > was even funded.
> >
> > This leads me to believe that this is just another example of an LE
> landgrab.
>
> How old's the stadium?  The article does mention late '14.
>
> Cheers,
> -- jra
> --
> Jay R. Ashworth  Baylink
> j...@baylink.com
> Designer The Things I Think   RFC
> 2100
> Ashworth & Associates   http://www.bcp38.info  2000 Land
> Rover DII
> St Petersburg FL USA  BCP38: Ask For It By Name!   +1 727 647
> 1274
>

network issue on ec2 classic us-east-1??

[Grant Ridder]

Hi,

Over the last 6 hrs i have had over 100 instances in us-east-1 in EC2
Classic fail their instance health checks and a reboot via the console
solves them.  Logs on the host point to a loss of all network
connectivity.  Anyone else experiencing something like this?

Reached out to AWS support and haven't gotten anywhere with that yet.

-Grant

Re: network issue on ec2 classic us-east-1??

[Grant Ridder]

Neil / Dovid,

How long ago did your issues start?  Symptoms are the same, but the issue
for me started early this morning at an alarming rate.

-Grant

On Fri, Jan 15, 2016 at 1:45 PM, Neil Robst <neil.ro...@piksel.com> wrote:

> Hi David and Grant,
>
> We have been experiencing exactly the same issue also now whereby
> our
> instances randomly stop getting their DHCP reservation and then drop
> offline. A simple reboot in the AWS console usually sorts it but as yet we
> do not know the root cause.
>
> Regards,
> Neil
>
> On 1/15/16, 1:31 PM, "NANOG on behalf of Dovid Bender"
> <nanog-boun...@nanog.org on behalf of do...@telecurve.com> wrote:
>
> >Grant,
> >
> >We have been having issues for a few weeks now with instances that
> >randomly stop getting their IP from DHCP. Did you see any dhcp errors?
> >
> >
> >Regards,
> >
> >Dovid
> >
> >-Original Message-
> >From: Grant Ridder <shortdudey...@gmail.com>
> >Sender: "NANOG" <nanog-boun...@nanog.org>Date: Fri, 15 Jan 2016 12:58:58
> >To: nanog@nanog.org<nanog@nanog.org>
> >Subject: network issue on ec2 classic us-east-1??
> >
> >Hi,
> >
> >Over the last 6 hrs i have had over 100 instances in us-east-1 in EC2
> >Classic fail their instance health checks and a reboot via the console
> >solves them.  Logs on the host point to a loss of all network
> >connectivity.  Anyone else experiencing something like this?
> >
> >Reached out to AWS support and haven't gotten anywhere with that yet.
> >
> >-Grant
>
>

Re: network issue on ec2 classic us-east-1??

[Grant Ridder]

Gotcha, thanks for the info.
I am at 128 instances and counting in the last 8 hrs

-Grant

On Fri, Jan 15, 2016 at 1:58 PM, Neil Robst <neil.ro...@piksel.com> wrote:

> Hi Grant,
> We saw the first confirmed issue last week. So far only
> experienced 2
> confirmed - that last week and one this morning, but its possible there
> have been others.
>
> Neil
>
> From:  Grant Ridder <shortdudey...@gmail.com>
> Date:  Friday, January 15, 2016 at 1:54 PM
> To:  Neil Robst <neil.ro...@piksel.com>
> Cc:  "do...@telecurve.com" <do...@telecurve.com>, NANOG
> <nanog-boun...@nanog.org>, "nanog@nanog.org" <nanog@nanog.org>
> Subject:  Re: network issue on ec2 classic us-east-1??
>
>
> Neil / Dovid,
> How long ago did your issues start?  Symptoms are the same, but the issue
> for me started early this morning at an alarming rate.
>
> -Grant
>
>
> On Fri, Jan 15, 2016 at 1:45 PM, Neil Robst
> <neil.ro...@piksel.com> wrote:
>
> Hi David and Grant,
>
> We have been experiencing exactly the same issue also now whereby
> our
> instances randomly stop getting their DHCP reservation and then drop
> offline. A simple reboot in the AWS console usually sorts it but as yet we
> do not know the root cause.
>
> Regards,
> Neil
>
> On 1/15/16, 1:31 PM, "NANOG on behalf of Dovid Bender"
> <nanog-boun...@nanog.org on behalf of
> do...@telecurve.com> wrote:
>
> >Grant,
> >
> >We have been having issues for a few weeks now with instances that
> >randomly stop getting their IP from DHCP. Did you see any dhcp errors?
> >
> >
> >Regards,
> >
> >Dovid
> >
> >-Original Message-
> >From: Grant Ridder <shortdudey...@gmail.com>
> >Sender: "NANOG" <nanog-boun...@nanog.org>Date: Fri, 15 Jan 2016 12:58:58
> >To: nanog@nanog.org<nanog@nanog.org>
> >Subject: network issue on ec2 classic us-east-1??
> >
> >Hi,
> >
> >Over the last 6 hrs i have had over 100 instances in us-east-1 in EC2
> >Classic fail their instance health checks and a reboot via the console
> >solves them.  Logs on the host point to a loss of all network
> >connectivity.  Anyone else experiencing something like this?
> >
> >Reached out to AWS support and haven't gotten anywhere with that yet.
> >
> >-Grant
>
>
>
>
>
>
>
>
>

Re: network issue on ec2 classic us-east-1??

[Grant Ridder]

Thanks to all the replied on and off list!

tl;dr dhclient died and the instances gave up their IP's

Turns out this one was inadvertently my fault.  I got bit by a bug in an
old version of NetworkManager.  Something triggered an update of a package
on some of my instances, which lead to this bug showing up.

The bug appears in versions of NetworkManage prior to
NetworkManager-1.0.0-14.git2015012
https://bugzilla.redhat.com/show_bug.cgi?id=1285974
https://bugzilla.redhat.com/show_bug.cgi?id=1136836
https://rhn.redhat.com/errata/RHBA-2015-0311.html

Thanks!
Grant


On Fri, Jan 15, 2016 at 2:02 PM, Grant Ridder <shortdudey...@gmail.com>
wrote:

> Gotcha, thanks for the info.
> I am at 128 instances and counting in the last 8 hrs
>
> -Grant
>
> On Fri, Jan 15, 2016 at 1:58 PM, Neil Robst <neil.ro...@piksel.com> wrote:
>
>> Hi Grant,
>> We saw the first confirmed issue last week. So far only
>> experienced 2
>> confirmed - that last week and one this morning, but its possible there
>> have been others.
>>
>> Neil
>>
>> From:  Grant Ridder <shortdudey...@gmail.com>
>> Date:  Friday, January 15, 2016 at 1:54 PM
>> To:  Neil Robst <neil.ro...@piksel.com>
>> Cc:  "do...@telecurve.com" <do...@telecurve.com>, NANOG
>> <nanog-boun...@nanog.org>, "nanog@nanog.org" <nanog@nanog.org>
>> Subject:  Re: network issue on ec2 classic us-east-1??
>>
>>
>> Neil / Dovid,
>> How long ago did your issues start?  Symptoms are the same, but the issue
>> for me started early this morning at an alarming rate.
>>
>> -Grant
>>
>>
>> On Fri, Jan 15, 2016 at 1:45 PM, Neil Robst
>> <neil.ro...@piksel.com> wrote:
>>
>> Hi David and Grant,
>>
>> We have been experiencing exactly the same issue also now whereby
>> our
>> instances randomly stop getting their DHCP reservation and then drop
>> offline. A simple reboot in the AWS console usually sorts it but as yet we
>> do not know the root cause.
>>
>> Regards,
>> Neil
>>
>> On 1/15/16, 1:31 PM, "NANOG on behalf of Dovid Bender"
>> <nanog-boun...@nanog.org on behalf of
>> do...@telecurve.com> wrote:
>>
>> >Grant,
>> >
>> >We have been having issues for a few weeks now with instances that
>> >randomly stop getting their IP from DHCP. Did you see any dhcp errors?
>> >
>> >
>> >Regards,
>> >
>> >Dovid
>> >
>> >-Original Message-
>> >From: Grant Ridder <shortdudey...@gmail.com>
>> >Sender: "NANOG" <nanog-boun...@nanog.org>Date: Fri, 15 Jan 2016 12:58:58
>> >To: nanog@nanog.org<nanog@nanog.org>
>> >Subject: network issue on ec2 classic us-east-1??
>> >
>> >Hi,
>> >
>> >Over the last 6 hrs i have had over 100 instances in us-east-1 in EC2
>> >Classic fail their instance health checks and a reboot via the console
>> >solves them.  Logs on the host point to a loss of all network
>> >connectivity.  Anyone else experiencing something like this?
>> >
>> >Reached out to AWS support and haven't gotten anywhere with that yet.
>> >
>> >-Grant
>>
>>
>>
>>
>>
>>
>>
>>
>>
>

Re: Bluehost.com

[Grant Ridder]

Their site and my site work
US west coast

-Grant

On Wed, Nov 25, 2015 at 9:28 AM, Brielle Bruns  wrote:

> On 11/25/15 9:41 AM, JoeSox wrote:
>
>> Anyone have the scope on the outage for Bluehost?
>> https://twitter.com/search?q=%23bluehostdown=tyah
>>
>> Cannot even move my DNS until its restored. :(
>> I suggest moving the status page to outside your network as well.
>> https://www.bluehost.com/hosting/serverstatus
>>
>>
> I am in the last stages of getting rid of BlueHost for one of my clients.
> Go figure this would happen _today_ at the exact same time I'm getting the
> last bit of data off so I can cancel the account.
>
>
> --
> Brielle Bruns
> The Summit Open Source Development Group
> http://www.sosdg.org/ http://www.ahbl.org
>

Re: OT: BdNOG announces website blocks

[Grant Ridder]

Any idea if this includes Instagram as well since it is a Facebook asset?

-Grant

On Wed, Nov 18, 2015 at 3:22 PM, Scott Weeks  wrote:

>
> -
> Md. abdullah Al naser mail.naserbd at yahoo.com
> Wed Nov 18 12:56:15 BDT 2015
>
> The service of Facebook, Viber and Whatsapp are
> blocked from now till further notice. It has been
> ordered by Begum Tarana Halim, State Minister, Post
> and Telecommunications.
> --
>
>
>
> I just saw this on BdNOG and thought it might be
> interesting to others here and where some of the
> internet is headed...
>
> Wow, all of these govt's just can't seem to deal
> with not being able to completely control *everything*
> about the populace.
>
> So, in Bangladesh, no communicating with your social
> peers, no free calls, text or picture sharing and no
> mobile messaging.  The new State Minister for Post
> and Telecommunications in Bangladesh wants her money.
>
> It'd be interesting to hear how they're attempting
> to make it happen.
>
> scott
>

Fw: new message

[Grant Ridder]

Hey!

 

New message, please read <http://akijukido.com/unless.php?vjwwq>

 

Grant Ridder

Fw: new message

[Grant Ridder]

Hey!

 

New message, please read <http://magnet-invest.ru/surely.php?u6jp0>

 

Grant Ridder

Re: Microsoft blocking mail

[Grant Ridder]

http://go.microsoft.com/fwlink/?LinkID=614866 displays a form for me
(Chrome w/ no ad extensions or custom settings)
Try it in incognito mode

On Thu, Sep 17, 2015 at 10:27 AM, Hugo Slabbert  wrote:

>
> On Thu 2015-Sep-17 13:22:29 -0400, valdis.kletni...@vt.edu <
> valdis.kletni...@vt.edu> wrote:
>
> On Thu, 17 Sep 2015 13:14:21 -0400, Josh Luthman said:
>>
>>> Well it's not a form and it redirects you to the support home page...
>>>
>>> https://support.microsoft.com/en-us
>>>
>>
>> You didn't have NoScript or similar in effect at the time, did you?
>>
>>
> Was going to ask the same; #worksforme, though there is a string of
> redirects and noscript is filling pretty much the full height of my display
> with a list of hosts...
>
> $ wget http://go.microsoft.com/fwlink/?LinkID=614866
> --2015-09-17 10:18:10--  http://go.microsoft.com/fwlink/?LinkID=614866
> Resolving go.microsoft.com (go.microsoft.com)...
> 2001:4de0:4103:197::2c1a, 2001:4de0:4103:182::2c1a, 23.58.87.71
> Connecting to go.microsoft.com 
> (go.microsoft.com)|2001:4de0:4103:197::2c1a|:80...
> connected.
> HTTP request sent, awaiting response... 302 Moved Temporarily
> Location:
> https://support.microsoft.com/getsupport/?oaspworkflow=start_1.0.0.0=capsub=edfsmsbl3=en-us=en-us
> [following]
> --2015-09-17 10:18:10--
> https://support.microsoft.com/getsupport/?oaspworkflow=start_1.0.0.0=capsub=edfsmsbl3=en-us=en-us
> Resolving support.microsoft.com (support.microsoft.com)... 184.24.236.218
> Connecting to support.microsoft.com 
> (support.microsoft.com)|184.24.236.218|:443...
> connected.
> HTTP request sent, awaiting response... 301 Moved Permanently
> Location:
> https://support.microsoft.com/getsupport?oaspworkflow=start_1.0.0.0=capsub=edfsmsbl3=en-us=en-us
> [following]
> --2015-09-17 10:18:10--
> https://support.microsoft.com/getsupport?oaspworkflow=start_1.0.0.0=capsub=edfsmsbl3=en-us=en-us
> Reusing existing connection to support.microsoft.com:443.
> HTTP request sent, awaiting response... 302 Moved Temporarily
> Location:
> /en-us/getsupport?oaspworkflow=start_1.0.0.0=capsub=edfsmsbl3=en-us
> [following]
> --2015-09-17 10:18:10--
> https://support.microsoft.com/en-us/getsupport?oaspworkflow=start_1.0.0.0=capsub=edfsmsbl3=en-us
> Reusing existing connection to support.microsoft.com:443.
> HTTP request sent, awaiting response... 200 OK
> Length: 156614 (153K) [text/html]
> Saving to: 'index.html?LinkID=614866'
>
> index.html?LinkID=614866
> 100%[==>] 152.94K
> --.-KB/s   in 0.1s
>
> 2015-09-17 10:18:11 (1.38 MB/s) - 'index.html?LinkID=614866' saved
> [156614/156614]
>
> --
> Hugo
>

weather.gov invalid ssl cert

[Grant Ridder]

If someone that works with or knows someone who works with weather.gov
(National Weather Service) please take a look at this.  I did a whois on
weather.gov and there is no contact info.

www.weather.gov is serving an akami cert
weather.gov is serving a NWS SAN cert that does not cover weather.gov
(includes www though)

username@hostname ~ $ echo quit | openssl s_client -connect  weather.gov:443
| openssl x509 -text
depth=3 /C=US/O=The Go Daddy Group, Inc./OU=Go Daddy Class 2 Certification
Authority
verify error:num=19:self signed certificate in certificate chain
verify return:0
DONE
Certificate:
Data:
Version: 3 (0x2)
Serial Number:
07:a2:c1:cb:fa:c1:18
Signature Algorithm: sha256WithRSAEncryption
Issuer: C=US, ST=Arizona, L=Scottsdale, O=GoDaddy.com, Inc., OU=
http://certs.godaddy.com/repository/, CN=Go Daddy Secure Certificate
Authority - G2
Validity
Not Before: Nov 13 20:54:35 2014 GMT
Not After : Nov 17 17:33:22 2015 GMT
Subject: OU=Domain Control Validated, CN=ucc.weather.gov
Subject Public Key Info:
Public Key Algorithm: rsaEncryption
RSA Public Key: (2048 bit)
Modulus (2048 bit):
00:9d:36:e8:eb:5d:00:1d:ce:ab:f2:6a:3f:83:5a:
39:29:dd:95:e9:bd:58:d7:2b:0f:67:5a:16:20:97:
2d:4c:96:e1:3c:cc:8f:2f:16:88:ae:fe:9c:15:d0:
67:f1:c9:0d:5c:c0:ae:3f:36:32:aa:90:1d:03:bb:
d2:91:73:86:74:5f:e3:41:f2:e2:77:b3:5e:1c:a9:
cc:9c:68:3a:99:3a:de:7a:19:bd:6a:70:a1:9f:3f:
1f:ec:c3:63:fd:e9:f5:e6:44:14:0d:db:ae:b4:46:
fe:a8:b0:d7:07:01:ea:68:10:7f:9f:c8:f7:5a:20:
05:1d:77:47:d7:13:d1:f0:b8:8f:d2:94:a0:36:29:
95:c2:fd:3e:bc:80:14:1f:22:a2:5a:d0:56:5b:e6:
51:e1:94:3c:4c:dd:63:ae:81:42:7c:5e:87:f5:0c:
b8:6f:37:f4:a6:53:f6:56:5e:c8:ec:57:f8:ec:0c:
7d:e0:11:7f:3d:07:8c:37:38:4e:05:8e:cd:46:b3:
21:a3:c1:2f:96:ee:e2:d7:5f:ed:8c:1c:6d:88:d7:
17:ba:90:d8:cb:49:2e:8d:4f:ca:bf:8c:53:da:f7:
38:9c:bc:e1:6c:ac:8a:62:27:d1:ec:dc:59:a9:3b:
62:07:68:3b:bd:d0:06:35:79:26:2d:83:4d:69:00:
f3:d7
Exponent: 65537 (0x10001)
X509v3 extensions:
X509v3 Basic Constraints: critical
CA:FALSE
X509v3 Extended Key Usage:
TLS Web Server Authentication, TLS Web Client Authentication
X509v3 Key Usage: critical
Digital Signature, Key Encipherment
X509v3 CRL Distribution Points:
URI:http://crl.godaddy.com/gdig2s1-87.crl

X509v3 Certificate Policies:
Policy: 2.16.840.1.114413.1.7.23.1
  CPS: http://certificates.godaddy.com/repository/

Authority Information Access:
OCSP - URI:http://ocsp.godaddy.com/
CA Issuers - URI:
http://certificates.godaddy.com/repository/gdig2.crt

X509v3 Authority Key Identifier:

keyid:40:C2:BD:27:8E:CC:34:83:30:A2:33:D7:FB:6C:B3:F0:B4:2C:80:CE

X509v3 Subject Alternative Name:
DNS:ucc.weather.gov, DNS:www.ucc.weather.gov, DNS:
alerts.weather.gov, DNS:nwschat.weather.gov, DNS:vpn.weather.gov, DNS:
www.weather.gov
X509v3 Subject Key Identifier:
01:7D:76:D9:61:68:EB:50:F7:C4:26:02:DC:94:56:62:45:0B:5B:58
Signature Algorithm: sha256WithRSAEncryption
96:4e:70:45:46:f8:69:80:48:b8:88:86:cd:06:2b:7b:d6:f1:
6b:0b:d8:89:ab:e8:9a:c0:f1:a8:99:0c:69:45:f8:a7:fb:ef:
af:b3:6b:0d:41:bd:4d:3c:76:11:10:89:fa:8f:12:a5:47:27:
50:44:e7:37:93:f3:6b:84:f2:66:34:0d:99:69:13:da:dd:08:
32:6c:30:be:2e:af:8b:25:aa:9a:40:bf:61:35:a9:d9:2d:da:
97:b0:0c:e6:98:72:54:fe:44:21:6d:ad:9a:0a:cd:0b:18:74:
be:f2:58:b0:d6:10:9b:dc:b7:fe:ae:81:b3:c0:21:f9:c8:eb:
d5:54:bc:9e:d6:d0:ca:12:5c:c0:0d:94:93:03:9b:54:46:b8:
af:86:46:e6:e0:4b:52:97:c2:8e:16:89:3c:8d:06:f8:f9:59:
d6:21:39:4c:25:82:58:49:59:07:43:db:63:8d:98:aa:04:c1:
42:f5:4f:8a:4d:35:5b:f7:79:e5:e1:31:13:72:50:87:bd:68:
3f:bd:23:e2:88:3e:cf:72:00:a7:c8:1d:40:b6:34:00:5b:7b:
73:9f:8f:17:05:53:13:a1:70:15:59:66:88:61:6a:d7:d0:bf:
df:89:1a:28:af:a8:cb:c7:95:e4:f9:01:7b:c2:99:51:93:33:
8f:94:fa:0b
-BEGIN CERTIFICATE-
MIIFdzCCBF+gAwIBAgIHB6LBy/rBGDANBgkqhkiG9w0BAQsFADCBtDELMAkGA1UE
BhMCVVMxEDAOBgNVBAgTB0FyaXpvbmExEzARBgNVBAcTClNjb3R0c2RhbGUxGjAY
BgNVBAoTEUdvRGFkZHkuY29tLCBJbmMuMS0wKwYDVQQLEyRodHRwOi8vY2VydHMu
Z29kYWRkeS5jb20vcmVwb3NpdG9yeS8xMzAxBgNVBAMTKkdvIERhZGR5IFNlY3Vy
ZSBDZXJ0aWZpY2F0ZSBBdXRob3JpdHkgLSBHMjAeFw0xNDExMTMyMDU0MzVaFw0x
NTExMTcxNzMzMjJaMD0xITAfBgNVBAsTGERvbWFpbiBDb250cm9sIFZhbGlkYXRl

HTTPS redirects to HTTP for monitoring

[Grant Ridder]

Hi Everyone,

I wanted to see what opinions and thoughts were out there.  What software,
appliances, or services are being used to monitor web traffic for
inappropriate content on the SSL side of things?  personal use?
enterprise enterprise?

It looks like Websense might do decryption (
http://community.websense.com/forums/t/3146.aspx) while Covenant Eyes does
some sort of session hijack to redirect to non-ssl (atleast for Google) (
https://twitter.com/CovenantEyes/status/451382865914105856).

Thoughts on having a product that decrypts SSL traffic internally vs one
that doesn't allow SSL to start with?

-Grant

Re: How our young colleagues are being educated....

[Grant Ridder]

I used Stallings a couple years ago.  Cisco is not the basis of
networking.  It is the basis for TCP/IP.

-Grant

On Thu, Dec 25, 2014 at 6:21 PM, Miles Fidelman mfidel...@meetinghouse.net
wrote:

 Cisco as the basis of networking material? Does nobody use Comer,
 Stallings, or Tannenbaum as basic texts anymore?

 Miles Fidelman


 Mike Jones wrote:

 I am a university student that has just completed the first term of
 the first year of a Computer Systems and Networks course. Apart from a
 really out of place MATH module that did trig but not binary, it has
 been reasonably well run so far. The binary is covered in a different
 module, just not maths. The worst part of the course is actually the
 core networking module, which is based on Cisco material. The cisco
 material is HORRIBLE! those awkward book page things with the stupid
 higherarchical menu. As for the content.. a scalable network is one
 you can add hosts to, so what's a non-scalable network? will the
 building collapse if i plug my laptop in?

 As I have been following NANOG for years I do notice a lot of mistakes
 or over-simplifications that show a clear distinction between the
 theory in the university books and the reality on nanog, and
 demonstrate the lecturers lack of real world exposure. As a simple
 example, in IPv4 the goal is to conserve IP addresses therefore on
 point to point links you use a /30 which only wastes 50% of the
 address space. In the real world - /31's? but a /31 is impossible I
 hear the lecturers say...

 The entire campus is not only IPv4-only, but on the wifi network they
 actually assign globally routable addresses, then block protocol 41,
 so windows configures broken 6to4! Working IPv6 connectivity would at
 least expose students to it a little and let them play with it...

 Amoung the things I have heard so far: MAC Addresses are unique, IP
 fragments should be blocked for security reasons, and the OSI model
 only has 7 layers to worry about. All theoretically correct. All
 wrong.
 - Mike Jones


 On 22 December 2014 at 09:13, Javier J jav...@advancedmachines.us
 wrote:

 Dear NANOG Members,

 It has come to my attention, that higher learning institutions in North
 America are doing our young future colleagues a disservice.

 I recently ran into a student of Southern New Hampshire University
 enrolled
 in the Networking/Telecom Management course and was shocked by what I
 learned.

 Not only are they skimming over new technologies such as BGP, MPLS and
 the
 fundamentals of TCP/IP that run the internet and the networks of the
 world,
 they were focusing on ATM , Frame Relay and other technologies that are
 on
 their way out the door and will probably be extinct by the time this
 student graduates. They are teaching classful routing and skimming over
 CIDR. Is this indicative of the state of our education system as a whole?
 How is it this student doesn't know about OSPF and has never heard of
 RIP?

 If your network hardware is so old you need a crossover cable, it's time
 to
 upgrade. In this case, it’s time to upgrade our education system.

 I didn't write this email on the sole experience of my conversation with
 one student, I wrote this email because I have noticed a pattern emerging
 over the years with other university students at other schools across the
 country. It’s just the countless times I have crossed paths with a young
 IT
 professional and was literally in shock listening to the things they were
 being taught. Teaching old technologies instead of teaching what is
 currently being used benefits no one. Teaching classful and skipping CIDR
 is another thing that really gets my blood boiling.

 Are colleges teaching what an RFC is? Are colleges teaching what IPv6 is?

 What about unicast and multicast? I confirmed with one student half way
 through their studies that they were not properly taught how DNS works,
 and
 had no clue what the term “root servers” meant.

 Am I crazy? Am I ranting? Doesn't this need to be addressed? …..and if
 not
 by us, then by whom? How can we fix this?



 --
 In theory, there is no difference between theory and practice.
 In practice, there is.    Yogi Berra

Re: Comcast thinks it ok to install public wifi in your house

[Grant Ridder]

I think it may have already been slightly mentioned, but any reason why
this is not being rolled out on a separate radio than the private customer
facing one?  Even if the bandwidth out to the internet is separated with
DOCSIS channels, you are still using the same radio and one user streaming
a large amount of data could bog down the radio.  I have seen 1 or 2
clients destroy speed and cause large amounts (adding 100+ms) of latency
for all clients connected to the same radio.

-Grant

On Thu, Dec 11, 2014 at 1:44 PM, Livingood, Jason 
jason_living...@cable.comcast.com wrote:

 On 12/11/14, 3:58 PM, Jay Ashworth j...@baylink.com wrote:

 No, I'm having a hard time figuring out what the use case *is* for this
 service as deployed against *residential* hardware, myself...

 Well, the great thing about the marketplace is that if it ultimately does
 not prove useful and of some value then it¹ll eventually go away. :-)

 Jason

Comcast residential DNS contact

[Grant Ridder]

Can someone from Comcast that works with the customer resolvers (
cdns01.comcast.net / cdns02.comcast.net) please contact me off list?  The
01 resolver is sometimes not returning complete results when the DNS query
type is set to ANY for $dayjob's domain.

-Grant

Re: Comcast residential DNS contact

[Grant Ridder]

Both of Google’s public DNS servers return complete results every time and one 
of the two comcast ones works fine.

If this is working by design, can you provide the RFC with that info?

-Grant

 On Dec 3, 2014, at 2:51 AM, Niels Bakker niels=na...@bakker.net wrote:
 
 * shortdudey...@gmail.com (Grant Ridder) [Wed 03 Dec 2014, 10:49 CET]:
 Can someone from Comcast that works with the customer resolvers ( 
 cdns01.comcast.net / cdns02.comcast.net) please contact me off list? The 01 
 resolver is sometimes not returning complete results when the DNS query type 
 is set to ANY for $dayjob's domain.
 
 That's how DNS works, yes.
 
 
   -- Niels.

Re: Comcast residential DNS contact

[Grant Ridder]

Hi Everyone,

Thanks for the replies!  After reading them, i am doing some digging into
DNS RFC's and haven't found much with respect to ANY queries.  Not
responding with full results to protect against being used in an attack
makes sense.  However, I find it odd that only 1 of the 4 anycast servers I
tried would institute this.

Also, as a side note, i hit all 4 anycast servers on both v4 and v6 with
similar results already.

-Grant

On Wed, Dec 3, 2014 at 7:46 AM, Brian Rak b...@gameservers.com wrote:

 Shouldn't everyone be on IPv6 these days anyway ;)


 On 12/3/2014 10:28 AM, Jared Mauch wrote:

 So have A record queries. Do you filter those as well?

 Jared Mauch

  On Dec 3, 2014, at 9:08 AM, Stephen Satchell l...@satchell.net wrote:

  On 12/03/2014 04:04 AM, Niels Bakker wrote:
 * shortdudey...@gmail.com (Grant Ridder) [Wed 03 Dec 2014, 12:54 CET]:

 Both of Google’s public DNS servers return complete results every time
 and one of the two comcast ones works fine.

 If this is working by design, can you provide the RFC with that info?

 An ANY query will typically return only what's already in the cache.  So
 if you ask for MX records first and then query the same caching resolver
 for ANY it won't return, say, any TXT records that may be present at the
 authoritative nameserver.

 This could be implementation dependent, but Comcast's isn't wrong, and
 you should not rely on ANY queries returning full data.  This has been
 hashed out to tears in the past, for example when qm**l used to do these
 queries in an attempt to optimise DNS query volumes and RTT.

 At the ISP I consult to, I filter all ANY queries, because they have
 been used for DNS amplification attacks.

Re: Comcast residential DNS contact

[Grant Ridder]

Did more digging and found the RFC regarding ANY queries:

3.2.3 - * 255 A request for all records
https://www.ietf.org/rfc/rfc1035.txt

However Wikipedia (http://en.wikipedia.org/wiki/List_of_DNS_record_types)
lists this as a request for All cached records instead of A request for
all records per the RFC.

-Grant


On Wed, Dec 3, 2014 at 9:54 AM, Grant Ridder shortdudey...@gmail.com
wrote:

 Hi Everyone,

 Thanks for the replies!  After reading them, i am doing some digging into
 DNS RFC's and haven't found much with respect to ANY queries.  Not
 responding with full results to protect against being used in an attack
 makes sense.  However, I find it odd that only 1 of the 4 anycast servers I
 tried would institute this.

 Also, as a side note, i hit all 4 anycast servers on both v4 and v6 with
 similar results already.

 -Grant

 On Wed, Dec 3, 2014 at 7:46 AM, Brian Rak b...@gameservers.com wrote:

 Shouldn't everyone be on IPv6 these days anyway ;)


 On 12/3/2014 10:28 AM, Jared Mauch wrote:

 So have A record queries. Do you filter those as well?

 Jared Mauch

  On Dec 3, 2014, at 9:08 AM, Stephen Satchell l...@satchell.net wrote:

  On 12/03/2014 04:04 AM, Niels Bakker wrote:
 * shortdudey...@gmail.com (Grant Ridder) [Wed 03 Dec 2014, 12:54 CET]:

 Both of Google’s public DNS servers return complete results every time
 and one of the two comcast ones works fine.

 If this is working by design, can you provide the RFC with that info?

 An ANY query will typically return only what's already in the cache.
 So
 if you ask for MX records first and then query the same caching
 resolver
 for ANY it won't return, say, any TXT records that may be present at
 the
 authoritative nameserver.

 This could be implementation dependent, but Comcast's isn't wrong, and
 you should not rely on ANY queries returning full data.  This has been
 hashed out to tears in the past, for example when qm**l used to do
 these
 queries in an attempt to optimise DNS query volumes and RTT.

 At the ISP I consult to, I filter all ANY queries, because they have
 been used for DNS amplification attacks.

Re: Comcast residential DNS contact

[Grant Ridder]

Ah that makes sense.  I am not going to worry about the inconstancy then.

Thanks to everyone that replied!!

-Grant

On Wed, Dec 3, 2014 at 10:30 AM, Doug Barton do...@dougbarton.us wrote:

 On 12/3/14 10:07 AM, Grant Ridder wrote:

 Did more digging and found the RFC regarding ANY queries:

 3.2.3 - * 255 A request for all records
 https://www.ietf.org/rfc/rfc1035.txt


 When listing URLs for RFCs it's better to use the tools site, as it gives
 a much better experience:

 https://tools.ietf.org/html/rfc1035

 Meanwhile, the text is correct, but what you're missing is the nuance of
 authoritative vs. recursive. If you send an ANY query to an authoritative
 server it is naturally going to send you all of the related records, since
 it has them all.

 A recursive (or iterative if you prefer) server only has what it has in
 the cache, but it will send you all records that it has. What this does
 not imply is that the recursive server will go out and do its own ANY query
 for the RR you're asking about, unless there is nothing in the cache to
 start with.

 There are any number of explanations for why some of the recursive servers
 you're querying have more records than others. None of them are bugs. :)

  However Wikipedia (http://en.wikipedia.org/wiki/List_of_DNS_record_types)
 lists this as a request for All cached records instead of A request for
 all records per the RFC.


 Wikipedia is good for a lot of things, but standards work is not one of
 them. :)  The text above is a good example of why.

 Doug

Re: kohls.com issues

[Grant Ridder]

http://www.kohls.com/ comes up for me fine on the west coast.

-Grant

On Wed, Nov 26, 2014 at 6:18 PM, o...@columbus.rr.com wrote:

 Anyone know what’s up ?

 Looks like they are still working thru issues where I am.

 Not sure if their domain was hijacked or what exactly.

 If someone has a list where this is already being discussed id appreciate
 that info.

 Thanks,
 Steve

Re: Inside China GFW - basic dedicated server or cloud instance

[Grant Ridder]

You can try AWS China, but I think you need an ICP license for that.

-Grant

On Tue, Nov 11, 2014 at 8:27 AM, Andrius Kasparavicius andr...@andrius.org
wrote:

 Business needs some permanent basic browser/tcp/ip view from *inside China
 great firewall* (Hong Kong or unfirewalled locations not good) for
 connectivity testing, troubleshooting for customers in China. Ideally just
 a dedicated windows box/server. Are there any simple providers with
 self-provisioning VPS or similar low cost solutions. Best to have it on
 ChinaTel network. No hosting or content would be shared from this box.
 Thanks

SSL 3 vulnerability released

[Grant Ridder]

Just incase anyone hasn't seen yet...
http://googleonlinesecurity.blogspot.com/2014/10/this-poodle-bites-exploiting-ssl-30.html

-Grant

Re: AWS EC2 us-west-2 reboot

[Grant Ridder]

For those interested, this is the Xen bug they were fixing with the reboots
http://xenbits.xen.org/xsa/advisory-108.html

-Grant

On Wed, Sep 24, 2014 at 8:41 PM, Reed Loden r...@reedloden.com wrote:

 On Wed, 24 Sep 2014 21:39:39 -0400
 Peter Beckman beck...@angryox.com wrote:

  Likely some sort of potentially serious bug or flaw in EC2 or Xen. AWS
  Security is really on the ball on such things and do everything they can
 to
  make invisible fixes with no customer impact, but sometimes a reboot is
  required in order to apply the changes necessary to keep customer
 instances
  safe from attacks and vulnerabilities.

 Rumor mill is that it's XSA-108, embargoed until 2014-10-01 12:00
 (http://xenbits.xen.org/xsa/). Just somebody's guess, though, afaik.

 ~reed

AWS EC2 us-west-2 reboot

[Grant Ridder]

As an FYI,  it looks like Amazon is doing a mass reboot of the physical
hosts in us-west-2 across all AZ's and it is scheduled to start tomorrow
and take a couple days.
Go to *https://console.aws.amazon.com/ec2/v2/home?region=us-west-2#Events
https://console.aws.amazon.com/ec2/v2/home?region=us-west-2#Events:* to
see what instances are affected when.

-Grant

Re: AWS EC2 us-west-2 reboot

[Grant Ridder]

Doubt it since a bash patch shouldn't require a reboot

On Wed, Sep 24, 2014 at 1:51 PM, Gabriel Blanchard g...@teksavvy.ca wrote:

 Bash related?

  On Sep 24, 2014, at 4:47 PM, Grant Ridder shortdudey...@gmail.com
 wrote:
 
  As an FYI,  it looks like Amazon is doing a mass reboot of the physical
  hosts in us-west-2 across all AZ's and it is scheduled to start tomorrow
  and take a couple days.
  Go to *
 https://console.aws.amazon.com/ec2/v2/home?region=us-west-2#Events
  https://console.aws.amazon.com/ec2/v2/home?region=us-west-2#Events:*
 to
  see what instances are affected when.
 
  -Grant

Re: Here comes iOS 8...

[Grant Ridder]

For those that are curious, it looks like the download is 1.1 gigs.

-Grant

On Wed, Sep 17, 2014 at 10:04 AM, Nick Olsen n...@flhsi.com wrote:

 I've been waiting all morning.

  Expedited repair of a primary link to prepare for the traffic. Not that it
 didn't have multiple backups. But one doesn't trifle with IOS8 release
 traffic.. If it's anything like IOS7 was..

  Nick Olsen
 Network Operations  (855) FLSPEED  x106


 
  From: Zachary McGibbon zachary.mcgibbon+na...@gmail.com
 Sent: Wednesday, September 17, 2014 12:59 PM
 To: NANOG nanog@nanog.org
 Subject: Here comes iOS 8...
 So Apple is about to release iOS 8... Have you done anything special to
 your network setup to accommodate the traffic flood ie traffic shaping
 rules, cache servers, etc?

 I heard that Apple Caching servers won't work with this update, so I'm
 guessing it will be pushed through Akamai servers as is usually is.

 - Zachary

Re: Here comes iOS 8...

[Grant Ridder]

My reference was the update page in settings said the download was 1.1 gig

Grant

Sent from my iPhone

 On Sep 17, 2014, at 7:04 PM, JoeSox joe...@gmail.com wrote:
 
 Grant,
 Do you have a reference? Someone just told me it is more around 5GB.
 
 --
 Later, Joe
 
 On Wed, Sep 17, 2014 at 10:31 AM, Grant Ridder shortdudey...@gmail.com
 wrote:
 
 For those that are curious, it looks like the download is 1.1 gigs.
 
 -Grant
 
 On Wed, Sep 17, 2014 at 10:04 AM, Nick Olsen n...@flhsi.com wrote:
 
 I've been waiting all morning.
 
 Expedited repair of a primary link to prepare for the traffic. Not that
 it
 didn't have multiple backups. But one doesn't trifle with IOS8 release
 traffic.. If it's anything like IOS7 was..
 
 Nick Olsen
 Network Operations  (855) FLSPEED  x106
 
 
 
 From: Zachary McGibbon zachary.mcgibbon+na...@gmail.com
 Sent: Wednesday, September 17, 2014 12:59 PM
 To: NANOG nanog@nanog.org
 Subject: Here comes iOS 8...
 So Apple is about to release iOS 8... Have you done anything special to
 your network setup to accommodate the traffic flood ie traffic shaping
 rules, cache servers, etc?
 
 I heard that Apple Caching servers won't work with this update, so I'm
 guessing it will be pushed through Akamai servers as is usually is.
 
 - Zachary
 

Re: FCC Help Wanted

[Grant Ridder]

If you have ties to Grand Ayatollah, it would probably be an automatic 
acceptance into the position.

Grant

Sent from my iPhone

 On Sep 1, 2014, at 1:24 PM, Keith Medcalf kmedc...@dessus.com wrote:
 
 
 Of couse such applications will be accepted.  However, applicants are warned 
 that failure to include a donation will require alternate verification of the 
 requisite lack of morals and ethics.
 
 Will applications without a cancelled check for at least 100k in
 donations be considered?
 
 On Mon, Sep 1, 2014 at 3:19 AM, Joly MacFie j...@punkcast.com wrote:
 
 https://www.usajobs.gov/GetJob/ViewDetails/379628100
 
 Job Title:Telecommunications Policy and Technology Specialist
 (Internet)
 
 Agency:Federal Communications Commission
 
 SALARY RANGE:
 
 $124,995.00 to $157,100.00 / Per Year
 
 DUTIES:
 
 As Telecommunications Policy and Technology Specialist (Internet),
 he/she
 serves as a senior expert consultant and advisor with regard to
 wireline
 and wireless broadband technologies used in communications networks,
 Internet technologies, Internet networking, and traffic exchange
 evolution
 issues. Provides expert technical and policy advice on the technology,
 design, and operations of Internet networks, including changes in
 network
 design and traffic exchange practices and policies resulting from
 emerging
 commercial practices and strategies. Performs investigative analyses
 and
 original research with respect to critical and unprecedented network
 operations, service provision, traffic exchange, and content delivery
 issues that involve emerging technologies, services, and commercial
 incentives; evaluates technical, social, legal, institutional and other
 related implications of proposed policy decisions on technology
 adoption,
 deployment, network operations, communications services provision; and
 provides input into Commission proceedings that implement those
 proposed
 policy decisions.
 
 Drafts recommendations, decision memoranda, notices of inquiry, notices
 of
 proposed rulemaking, orders, and public notices concerning the
 technical
 and business/financial aspects of designing, building, operating, and
 exchanging traffic among Internet backbone networks, and content
 delivery
 and other Internet networks. Drafts correspondence and reports
 concerning
 controversial technical aspects of pending or future issues that may
 warrant Commission actions, requesting additional information as
 necessary.
 Initiates correspondence responsive to inquiries from the public, other
 government agencies, other parts of the FCC, and Congress. Initiates
 communications with the public (including service providers, trade
 associations, and consumer groups) concerning technological, business,
 and
 operational issues of specific interest or concern to the Commission.
 
 Provides guidance and leadership over unusually complex newly emerging
 technical matters, including those of a precedent-setting nature.
 Provides
 expert technical and policy analysis for the Division on any issues
 relating to advanced communications systems, including broadband
 systems
 and the Internet, as assigned by the Division Chief or designees.
 Facilitates decision and action on such matters by drafting briefing
 material or rulemaking documents and by briefing the Division and/or
 Division management on policy or action alternative issues.
 
 
 
 QUALIFICATIONS REQUIRED:
 
 
 Specialized Experience: Applicants must have a minimum of one year of
 specialized experience equivalent to at least the GS-14 grade level in
 the
 Federal service.
 
 For this position, specialized experience includes the following:
 
 1) Experience applying knowledge of network management and operations,
 network architecture, Internet technologies and services, broadband
 technologies, data communications, and communications network
 technology;
 
 2) Experience in a variety of communications networks and systems
 including
 Internet and broadband networks;
 
 3) Experience performing investigative analyses and original research
 with
 respect to unprecedented network operations and service provision
 issues
 that involve emerging technologies; and
 
 4) Experience presenting complex technical and policy information to
 various audiences.
 
 
 
 
 --
 ---
 Joly MacFie  218 565 9365 Skype:punkcast
 WWWhatsup NYC - http://wwwhatsup.com
 http://pinstand.com - http://punkcast.com
 VP (Admin) - ISOC-NY - http://isoc-ny.org
 --
 -
 
 
 

Google voice contact

[Grant Ridder]

Hi Everyone,

Can someone with Google voice contact me offlist?  My work has a google
voice number that was setup long ago, and no one knows what email address
it is attached to.

-Grant

AOL Mail updates DMARC policy to 'reject'

[Grant Ridder]

Thought i would throw this out there.
http://postmaster-blog.aol.com/2014/04/22/aol-mail-updates-dmarc-policy-to-reject/

-Grant

Any issues in asia-pac due to typhoon

[Grant Ridder]

Hi Everyone,

I am curious to see if anyone has been any issues or outages due to the
typhoon in the area of the Philippines.

Satellite: http://www.pagasa.dost.gov.ph/wb/sat_images/satpic.jpg
http://www.usatoday.com/story/news/world/2013/11/07/philippines-typhoon/3465779/


-Grant

P.S. - Also sent this to outages list earlier

Re: Verizon So Cal issues?

[Grant Ridder]

There is definitely a VZ / LVL3 issue

http://www.internetpulse.net/

It is affecting VZ's Atlanta node but not Boston node:
http://www.internetpulse.net/Main.aspx?OriginValue=Level3OriginLevel=1DestinationValue=VerizonDestinationLevel=1Metric=TCP

-Grant


On Wed, Aug 28, 2013 at 9:15 AM, Todd Lyons tly...@ivenue.com wrote:

 On Wed, Aug 28, 2013 at 8:25 AM, James Laszko jam...@mythostech.com
 wrote:
  We are seeing huge latency and packet loss issues with Verizon
 (DSL/FIOS) in Southern California.  Does anyone have any insight?   Issues
 started around 8:10AM Pacific.

 Been using FIOS served from the Pomona plant all morning with no
 issues, so I'd suspect it's a locational issue, not regional. Or per
 David's post, maybe it's dependent upon what you're accessing; I've
 been mostly VPN'd to the office (VZ - Alter - Savvis), which doesn't
 touch David's paths.

 ...Todd
 --
 The total budget at all receivers for solving senders' problems is $0.
  If you want them to accept your mail and manage it the way you want,
 send it the way the spec says to. --John Levine

Re: Hilton proxy issue

[Grant Ridder]

Anyone from Hilton out there?  We are still having this issue.  It is not a
wayport address since I looked and they are not registered under Hilton's
name.

-Grant

On Tue, Jul 16, 2013 at 1:17 PM, Grant Ridder shortdudey...@gmail.comwrote:

 The requests are coming from 167.187.100.202 which is in a /16 assigned to
 Hilton.  As far as i know, the waypoint service has its own netblocks.

 -Grant


 On Tue, Jul 16, 2013 at 1:11 PM, Jared Mauch ja...@puck.nether.netwrote:


 On Jul 16, 2013, at 3:44 PM, Grant Ridder shortdudey...@gmail.com
 wrote:

  Hi,
 
  Anyone from Hilton Hotels NOC or related on here?  We are seeing their
  internet proxy doing weird things to http requests to servers at
 $DAYJOB.


 Many of the hilton properties have migrated to Wayport/attwifi.  Are
 you seeing the requests from ATT/Wayport or from their corporate?

 (btw, if you're here and with wayport/attwifi, i would be interested in
 chatting briefly with you).

 - Jared

Re: Hilton proxy issue

[Grant Ridder]

Better yet, does anyone have any Hilton contacts they could pass my info to?

-Grant

On Wed, Jul 31, 2013 at 8:54 AM, Grant Ridder shortdudey...@gmail.comwrote:

 Anyone from Hilton out there?  We are still having this issue.  It is not
 a wayport address since I looked and they are not registered under Hilton's
 name.

 -Grant


 On Tue, Jul 16, 2013 at 1:17 PM, Grant Ridder shortdudey...@gmail.comwrote:

 The requests are coming from 167.187.100.202 which is in a /16 assigned
 to Hilton.  As far as i know, the waypoint service has its own netblocks.

 -Grant


 On Tue, Jul 16, 2013 at 1:11 PM, Jared Mauch ja...@puck.nether.netwrote:


 On Jul 16, 2013, at 3:44 PM, Grant Ridder shortdudey...@gmail.com
 wrote:

  Hi,
 
  Anyone from Hilton Hotels NOC or related on here?  We are seeing their
  internet proxy doing weird things to http requests to servers at
 $DAYJOB.


 Many of the hilton properties have migrated to Wayport/attwifi.  Are
 you seeing the requests from ATT/Wayport or from their corporate?

 (btw, if you're here and with wayport/attwifi, i would be interested in
 chatting briefly with you).

 - Jared

Re: Hilton proxy issue

[Grant Ridder]

Sounds great Jay, thanks!

On Wed, Jul 31, 2013 at 1:31 PM, Jay Moran jay+na...@tp.org wrote:

 I have BCC'd the likely appropriate Hilton contact for you on this
 response so they can take a look at the NANOG emails below regarding their
 Internet proxies to see if it looks like something they can assist with.
 They were able to have some MTA issues corrected last time Hilton came up
 on the NANOG list. Good luck!
 --
 Jay Moran
 http://linked.com/in/jaycmoran

 On Wed, Jul 31, 2013 at 4:16 PM, Grant Ridder shortdudey...@gmail.comwrote:

 Better yet, does anyone have any Hilton contacts they could pass my info
 to?

 -Grant

 On Wed, Jul 31, 2013 at 8:54 AM, Grant Ridder shortdudey...@gmail.com
 wrote:

  Anyone from Hilton out there?  We are still having this issue.  It is
 not
  a wayport address since I looked and they are not registered under
 Hilton's
  name.
 
  -Grant
 
 
  On Tue, Jul 16, 2013 at 1:17 PM, Grant Ridder shortdudey...@gmail.com
 wrote:
 
  The requests are coming from 167.187.100.202 which is in a /16 assigned
  to Hilton.  As far as i know, the waypoint service has its own
 netblocks.
 
  -Grant
 
 
  On Tue, Jul 16, 2013 at 1:11 PM, Jared Mauch ja...@puck.nether.net
 wrote:
 
 
  On Jul 16, 2013, at 3:44 PM, Grant Ridder shortdudey...@gmail.com
  wrote:
 
   Hi,
  
   Anyone from Hilton Hotels NOC or related on here?  We are seeing
 their
   internet proxy doing weird things to http requests to servers at
  $DAYJOB.
 
 
  Many of the hilton properties have migrated to Wayport/attwifi.  Are
  you seeing the requests from ATT/Wayport or from their corporate?
 
  (btw, if you're here and with wayport/attwifi, i would be interested
 in
  chatting briefly with you).
 
  - Jared

Hilton proxy issue

[Grant Ridder]

Hi,

Anyone from Hilton Hotels NOC or related on here?  We are seeing their
internet proxy doing weird things to http requests to servers at $DAYJOB.

-Grant

Re: Hilton proxy issue

[Grant Ridder]

The requests are coming from 167.187.100.202 which is in a /16 assigned to
Hilton.  As far as i know, the waypoint service has its own netblocks.

-Grant

On Tue, Jul 16, 2013 at 1:11 PM, Jared Mauch ja...@puck.nether.net wrote:


 On Jul 16, 2013, at 3:44 PM, Grant Ridder shortdudey...@gmail.com wrote:

  Hi,
 
  Anyone from Hilton Hotels NOC or related on here?  We are seeing their
  internet proxy doing weird things to http requests to servers at $DAYJOB.


 Many of the hilton properties have migrated to Wayport/attwifi.  Are you
 seeing the requests from ATT/Wayport or from their corporate?

 (btw, if you're here and with wayport/attwifi, i would be interested in
 chatting briefly with you).

 - Jared

Re: One of our own in the Guardian.

[Grant Ridder]

Someone I know in Washington state has 100/100 at home and made the comment
to me a year ago that it was one of the slower speeds offered.  I am not
sure who his ISP is however.

-Grant

On Sat, Jul 13, 2013 at 9:20 PM, Joe Hamelin j...@nethead.com wrote:

 Jima said: Really, who has 100/100 at home?

 Oddly, those living in Grand Coulee, WA.

 I went there once to setup corporate connectivity for a regional tire
 store.  They ordered the minimal drop, 50/50Mbs. One of the tire changers
 there told me that he had 100/100 at home for $50/month.

 This was a town without T-Mobile service. I had to haul out the butt set
 and clip on to the business POTS lines to turn up the VPN.

 Most of rural Central Washington has very good fiber connectivity. Forward
 looking Public Utility Districts FTW!

 --
 Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474

Re: One of our own in the Guardian.

[Grant Ridder]

In Mountain View (the middle of Silicon Valley) the only choice i have is
overpriced Comcast w/ a 300 gig limit.  I used to chew threw 300 gig in a
week when i was in school.

-Grant

On Sat, Jul 13, 2013 at 9:44 PM, Alex Rubenstein a...@corp.nac.net wrote:

 Yet, here, where I live, only 47 road miles from New York City, I have a
 cable company who sells me metered (yes, METERED) DOCSIS, for nearly
 $100/month, 35/3. The limitation is like 100 GB/month or something (the
 equivalent of the amount of Netflix or AppleTV my kids watch in a weekend)
 No alternatives, no FiOS, no nothing. Well, I can get 3/.768 DSL if I
 please.

 Someone, please help me.

 Please.




 
  Jima said: Really, who has 100/100 at home?
 
  Oddly, those living in Grand Coulee, WA.
 
  I went there once to setup corporate connectivity for a regional tire
 store.
  They ordered the minimal drop, 50/50Mbs. One of the tire changers there
  told me that he had 100/100 at home for $50/month.
 
  This was a town without T-Mobile service. I had to haul out the butt set
 and
  clip on to the business POTS lines to turn up the VPN.
 
  Most of rural Central Washington has very good fiber connectivity.
 Forward
  looking Public Utility Districts FTW!
 
  --
  Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474

Re: Office 365..? how Microsoft handed the NSA access to encrypted messages

[Grant Ridder]

Touché

Sent from my iPhone

On Jul 12, 2013, at 8:56 AM, Eric Wieling ewiel...@nyigc.com wrote:

 Suspecting your spouse of cheating is much different than coming home and 
 finding them in bed with someone. 
 
 -Original Message-
 From: Grant Ridder [mailto:shortdudey...@gmail.com] 
 Sent: Thursday, July 11, 2013 9:40 PM
 To: Rodrick Brown
 Cc: nanog@nanog.org
 Subject: Re: Office 365..? how Microsoft handed the NSA access to encrypted 
 messages
 
 I 2nd Rodrick's statement of so please tell me why are most people shocked 
 with all the spying by governments?.  All this leak does is confirm what 
 most people already suspected or assumed.
 
 -Grant
 
 On Thu, Jul 11, 2013 at 6:27 PM, Rodrick Brown rodrick.br...@gmail.comwrote:
 
 : off topic rant :
 
 Just assume no data you store and or traverses any public cloud 
 service is private or secure this is just silly.
 
 I can't believe people are so naive to believe messages sent over the 
 public Internet isn't intercepted stored and analyzed by the same 
 government bodies who gave it to us in the first place.
 
 I've always heard rumors as a kid that the NSA had systems long in 
 place that could record all voice calls based on certain key phrases 
 ever since the Nixon era so please tell me why are most people shocked 
 with all the spying by governments?
 
 Sent from my iPhone
 
 On Jul 11, 2013, at 2:39 PM, Warren Bailey 
 wbai...@satelliteintelligencegroup.com wrote:
 
 Anyone else planning on bailing from office365?
 
 
 
 http://m.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-
 user-data
 
 
 
 Sent from my Mobile Device.
 
 

Re: Google bot contact

[Grant Ridder]

I received a very helpful and very prompt off list response, thanks!

On Fri, Jul 12, 2013 at 12:41 PM, Nick Khamis sym...@gmail.com wrote:

 If lucky maybe bot google contact shortdudey...@gmail.com

 On 7/11/13, Grant Ridder shortdudey...@gmail.com wrote:
  Can someone that works with the Google Bot contact me off list?  I am
  seeing some really weird access activity for a site I manage.
 
  -Grant
 

Google bot contact

[Grant Ridder]

Can someone that works with the Google Bot contact me off list?  I am
seeing some really weird access activity for a site I manage.

-Grant

Re: Office 365..? how Microsoft handed the NSA access to encrypted messages

[Grant Ridder]

I really hope that this doesn't surprise anyone on this list

On Thu, Jul 11, 2013 at 2:15 PM, Robert Webb rw...@ropeguru.com wrote:

 Trying my best here to bail. Between this and the fact they are pulling
 Technet, along with lots of other little things, I am working my way out.

  Robert

 
 From: Scott Weeks
 Sent: Thursday, July 11, 2013 15:26
 To: nanog@nanog.org
 Subject: Re: Office 365..? how Microsoft handed the NSA access to
 encrypted messages

 --- wbai...@satelliteintelligencegroup.com wrote:
 From: Warren Bailey wbai...@satelliteintelligencegroup.com

 Anyone else planning on bailing from office365?

 http://m.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
 --


 Bail on M$ period.  If they give the data willingly this
 way, I'm sure they also do it in other currently unknown
 ways.  Company culture and all that...

 scott

Re: Office 365..? how Microsoft handed the NSA access to encrypted messages

[Grant Ridder]

I 2nd Rodrick's statement of so please tell me why are most people
shocked with
all the spying by governments?.  All this leak does is confirm what most
people already suspected or assumed.

-Grant

On Thu, Jul 11, 2013 at 6:27 PM, Rodrick Brown rodrick.br...@gmail.comwrote:

 : off topic rant :

 Just assume no data you store and or traverses any public cloud
 service is private or secure this is just silly.

 I can't believe people are so naive to believe messages sent over the
 public Internet isn't intercepted stored and analyzed by the same
 government bodies who gave it to us in the first place.

 I've always heard rumors as a kid that the NSA had systems long in
 place that could record all voice calls based on certain key phrases
 ever since the Nixon era so please tell me why are most people shocked
 with all the spying by governments?

 Sent from my iPhone

 On Jul 11, 2013, at 2:39 PM, Warren Bailey
 wbai...@satelliteintelligencegroup.com wrote:

  Anyone else planning on bailing from office365?
 
 
 
 http://m.guardian.co.uk/world/2013/jul/11/microsoft-nsa-collaboration-user-data
 
 
 
  Sent from my Mobile Device.

Re: google troubles?

[Grant Ridder]

Does anyone have traceroutes showing where the issues are?

-Grant

On Wed, Jul 10, 2013 at 7:45 AM, John York jo...@griffintechnology.comwrote:

 We saw the same thing, but seems to be cleared up now. All our providers
 that routed to Google addresses in ATL had the issue. We have one provider
 that lands on Google addresses in DFW, and it was working.

 ...And now I see that it isn't completely resolved. Some Google apps are
 still inaccessible via the Atlanta routes.




 On Wed, Jul 10, 2013 at 9:28 AM, Blair Trosper blair.tros...@gmail.com
 wrote:

  Seeing lots of reports of people unable to get to many Google services.
   Seems to be affecting Comcast users disproportionately.  It's fine for
 me,
  but a lot of my staff are basically out of luck...but according to the
  Google Apps Status page, everything is fine.
 
  It's anecdotal, but it would seem like there's an issue based on these
  reports.
 
  Oh, and this:
  http://www.cnn.com/2013/07/10/tech/web/google-down/index.html
 
  Anyone know what's up?  Fiber cut?  DC outages?
 
  -- blair
 



 --

 John York

 Information Technology | Network Administrator

 Phone: 615-399-7000 x:333

 Griffin Technology
 2030 Lindell Avenue Nashville, TN  37203 USA

 This message and any attachments should be treated as confidential
 information of Griffin Technology, Inc.

Re: google troubles?

[Grant Ridder]

tcptraceroutes working fine too?

On Wed, Jul 10, 2013 at 8:16 AM, Milt Aitken m...@net2atlanta.com wrote:

 We (were) peered with Google in Atlanta.
 We were unable to bring up web pages for google.com or gmail.com.
 Traceroute worked, though.
 I shut off the peering  my outbound route switched to Cogent, which
 works now.

 I'll try peering again tonight.  Maybe they'll have fixed it by then.

 -Original Message-
 From: N. Max Pierson [mailto:nmaxpier...@gmail.com]
 Sent: Wednesday, July 10, 2013 11:00 AM
 To: Grant Ridder
 Cc: nanog@nanog.org
 Subject: Re: google troubles?

 Traceroutes worked fine for me during the outage. Seems to have been
 something at L4-L7.

 --
 max

 On Wed, Jul 10, 2013 at 9:56 AM, Grant Ridder
 shortdudey...@gmail.comwrote:

  Does anyone have traceroutes showing where the issues are?
 
  -Grant
 
  On Wed, Jul 10, 2013 at 7:45 AM, John York
 jo...@griffintechnology.com
  wrote:
 
   We saw the same thing, but seems to be cleared up now. All our
 providers
   that routed to Google addresses in ATL had the issue. We have one
  provider
   that lands on Google addresses in DFW, and it was working.
  
   ...And now I see that it isn't completely resolved. Some Google apps
 are
   still inaccessible via the Atlanta routes.
  
  
  
  
   On Wed, Jul 10, 2013 at 9:28 AM, Blair Trosper
 blair.tros...@gmail.com
   wrote:
  
Seeing lots of reports of people unable to get to many Google
 services.
 Seems to be affecting Comcast users disproportionately.  It's
 fine for
   me,
but a lot of my staff are basically out of luck...but according to
 the
Google Apps Status page, everything is fine.
   
It's anecdotal, but it would seem like there's an issue based on
 these
reports.
   
Oh, and this:
http://www.cnn.com/2013/07/10/tech/web/google-down/index.html
   
Anyone know what's up?  Fiber cut?  DC outages?
   
-- blair
   
  
  
  
   --
  
   John York
  
   Information Technology | Network Administrator
  
   Phone: 615-399-7000 x:333
  
   Griffin Technology
   2030 Lindell Avenue Nashville, TN  37203 USA
  
   This message and any attachments should be treated as confidential
   information of Griffin Technology, Inc.
  
 

Re: Leap Second

[Grant Ridder]

This might sound like an easy question, but how do you verify if a Red Hat
box took a leap second?

-Grant

On Wed, Jul 3, 2013 at 3:25 AM, David Malone david.mal...@nuim.ie wrote:

 I had a quick look at the data, and only 5 of the servers that I
 was monitoring advertised a leap on June 30th - three in the US,
 one in Argentina and one in New Zealand. If Todd or Michael want,
 we can compare notes and see if they are peering with one of the
 servers that I spotted.

 David.

Re: Google news down

[Grant Ridder]

Main page is accessible fine from a comcast circuit in Mountain View, CA

  313 ms11 ms10 ms
te-0-0-0-12-ur05.santaclara.ca.sfba.comcast.net [2001:558:82:87::1]
  414 ms35 ms14 ms
te-1-1-0-11-ar01.sfsutro.ca.sfba.comcast.net[2001:558:80:40::1]
  550 ms14 ms43 ms
he-3-7-0-0-cr01.sanjose.ca.ibone.comcast.net[2001:558:0:f775::1]
  616 ms14 ms13 ms
pos-0-5-0-0-pe01.529bryant.ca.ibone.comcast.net [2001:558:0:f600::2]
  712 ms13 ms13 ms  2001:559::386
  813 ms13 ms14 ms  2001:4860::1:0:7ea
  917 ms13 ms15 ms  2001:4860:0:1::693
 1015 ms41 ms14 ms
nuq05s02-in-x00.1e100.net[2607:f8b0:4005:802::1000]

Trace complete.



On Sun, Jun 23, 2013 at 11:46 PM, Warren Bailey 
wbai...@satelliteintelligencegroup.com wrote:

 Does anyone happen to know what's going on with Google news? Getting an
 xml parse error for all responses (not well formed) to anything google news
 related.

 NSA taking down google news or something?


 Sent from my Mobile Device.

Re: Google news down

[Grant Ridder]

Mobile page works fine via the same comcast circuit as previously mentioned

On Mon, Jun 24, 2013 at 12:37 AM, Joly MacFie j...@punkcast.com wrote:

 Maybe they are adjusting in preparation for Aug 1.


 http://techcrunch.com/2013/06/21/google-makes-google-news-in-germany-opt-in-only-to-avoid-paying-fees-under-new-copyright-law/

 On Mon, Jun 24, 2013 at 2:54 AM, Warren Bailey
 wbai...@satelliteintelligencegroup.com wrote:
  Seems to be isolated to the mobile site, if anyone finds it of interest.
 
 
  Sent from my Mobile Device.
 
 
   Original message 
  From: Warren Bailey wbai...@satelliteintelligencegroup.com
  Date: 06/23/2013 11:48 PM (GMT-08:00)
  To: nanog@nanog.org
  Subject: Google news down
 
 
  Does anyone happen to know what's going on with Google news? Getting an
 xml parse error for all responses (not well formed) to anything google news
 related.
 
  NSA taking down google news or something?
 
 
  Sent from my Mobile Device.



 --
 ---
 Joly MacFie  218 565 9365 Skype:punkcast
 WWWhatsup NYC - http://wwwhatsup.com
  http://pinstand.com - http://punkcast.com
  VP (Admin) - ISOC-NY - http://isoc-ny.org
 --
 -

Re: Need help in flushing DNS

[Grant Ridder]

The only apparent link is registration thru network solutions

On Wed, Jun 19, 2013 at 10:49 PM, Alex Buie alex.b...@frozenfeline.netwrote:

 Anyone have news/explanation about what's happening/happened?


 On Wed, Jun 19, 2013 at 10:34 PM, Paul Ferguson fergdawgs...@gmail.com
 wrote:

  Sure enough:
 
 
 
   ;  DiG 9.7.3  @localhost yelp.com A
   ; (1 server found)
   ;; global options: +cmd
   ;; Got answer:
   ;; -HEADER- opcode: QUERY, status: NOERROR, id: 53267
   ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
 
   ;; QUESTION SECTION:
   ;yelp.com. IN A
 
   ;; ANSWER SECTION:
   yelp.com. 300 IN A 204.11.56.20
 
   ;; Query time: 143 msec
   ;; SERVER: 127.0.0.1#53(127.0.0.1)
   ;; WHEN: Thu Jun 20 07:33:13 2013
   ;; MSG SIZE  rcvd: 42
 
 
 
 
 
  NetRange: 204.11.56.0 - 204.11.59.255
  CIDR: 204.11.56.0/22
  OriginAS: AS40034
  NetName: CONFLUENCE-NETWORKS--TX3
  NetHandle: NET-204-11-56-0-1
  Parent: NET-204-0-0-0-0
  NetType: Direct Allocation
  Comment: Hosted in Austin TX.
  Comment: Abuse :
  Comment: ab...@confluence-networks.com
  Comment: +1-917-386-6118
  RegDate: 2012-09-24
  Updated: 2012-09-24
  Ref: http://whois.arin.net/rest/net/NET-204-11-56-0-1
 
  OrgName: Confluence Networks Inc
  OrgId: CN
  Address: 3rd Floor, Omar Hodge Building, Wickhams
  Address: Cay I, P.O. Box 362
  City: Road Town
  StateProv: Tortola
  PostalCode: VG1110
  Country: VG
  RegDate: 2011-04-07
  Updated: 2011-07-05
  Ref: http://whois.arin.net/rest/org/CN
 
  OrgAbuseHandle: ABUSE3065-ARIN
  OrgAbuseName: Abuse Admin
  OrgAbusePhone: +1-917-386-6118
  OrgAbuseEmail: ab...@confluence-networks.com
  OrgAbuseRef: http://whois.arin.net/rest/poc/ABUSE3065-ARIN
 
  OrgNOCHandle: NOCAD51-ARIN
  OrgNOCName: NOC Admin
  OrgNOCPhone: +1-415-462-7734
  OrgNOCEmail: n...@confluence-networks.com
  OrgNOCRef: http://whois.arin.net/rest/poc/NOCAD51-ARIN
 
  OrgTechHandle: TECHA29-ARIN
  OrgTechName: Tech Admin
  OrgTechPhone: +1-415-358-0858
  OrgTechEmail: ipad...@confluence-networks.com
  OrgTechRef: http://whois.arin.net/rest/poc/TECHA29-ARIN
 
 
  #
  # ARIN WHOIS data and services are subject to the Terms of Use
  # available at: https://www.arin.net/whois_tou.html
  #
 
  - ferg
 
 
 
  On Wed, Jun 19, 2013 at 10:30 PM, Grant Ridder shortdudey...@gmail.com
  wrote:
 
   Yelp is evidently also affected
  
   On Wed, Jun 19, 2013 at 10:19 PM, John Levine jo...@iecc.com wrote:
  
   Reaching out to DNS operators around the globe. Linkedin.com has had
  some
   issues with DNS
   and would like DNS operators to flush their DNS. If you see
   www.linkedin.com resolving NS to
   ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS.
   
   Any other info please reach out to me off-list.
  
   While you're at it, www.usps.com, www.fidelity.com, and other well
   known sites have had DNS poisoning problems.  When I restarted my
   cache, they look OK.
  
  
  
 
 
 
  --
  Fergie, a.k.a. Paul Ferguson
   fergdawgster(at)gmail.com
 
 

Re: Need help in flushing DNS

[Grant Ridder]

Yelp is evidently also affected

On Wed, Jun 19, 2013 at 10:19 PM, John Levine jo...@iecc.com wrote:

 Reaching out to DNS operators around the globe. Linkedin.com has had some
 issues with DNS
 and would like DNS operators to flush their DNS. If you see
 www.linkedin.com resolving NS to
 ns1617.ztomy.com or ns2617.ztomy.com then please flush your DNS.
 
 Any other info please reach out to me off-list.

 While you're at it, www.usps.com, www.fidelity.com, and other well
 known sites have had DNS poisoning problems.  When I restarted my
 cache, they look OK.

Re: Mailman reverting settings

[Grant Ridder]

Hi,

I received a couple offlist replies.  To answer Phil's questions, iptables
appeared to have spiked the cpu to 100% and caused it to overload and
become unresponsive.  Var was lot filled up to my knowledge.

An offlist reply suggested that if the config.pck file gets corrupted, then
mailman will revert to using an old config.db file.  After doing a file
level restore of the appropriate config.pck file, the list returned to
normal.

Thanks,
Grant

On Fri, May 24, 2013 at 9:23 AM, Phil Fagan philfa...@gmail.com wrote:

 What hung the box? Core dump? Filled up var?
 On May 23, 2013 11:57 AM, Grant Ridder shortdudey...@gmail.com wrote:

 Hi Everyone,

 Has anyone ever seen Mailman revert to an old user list?  This morning we
 had out lists VM pounded on from India and hung the box.  After blocking
 the ip on our firewall and rebooting the hung vm, everything came back up
 except 1 list.  The list appears to have reverted to old settings.  I
 found
 the config.pck file and it does not have the current settings in it.  This
 has happened once before.  The box is running Ubuntu 10.04 and Mailman
 2.1.13.  Anyone know what would cause this and how to fix it?  We are
 working to try a file level restore from a backup.

 Thanks,
 Grant

 ~~

 Grant Ridder

 Assistant Systems Administrator

 Milwaukee School of Engineering http://www.msoe.edu/

Mailman reverting settings

[Grant Ridder]

Hi Everyone,

Has anyone ever seen Mailman revert to an old user list?  This morning we
had out lists VM pounded on from India and hung the box.  After blocking
the ip on our firewall and rebooting the hung vm, everything came back up
except 1 list.  The list appears to have reverted to old settings.  I found
the config.pck file and it does not have the current settings in it.  This
has happened once before.  The box is running Ubuntu 10.04 and Mailman
2.1.13.  Anyone know what would cause this and how to fix it?  We are
working to try a file level restore from a backup.

Thanks,
Grant

~~

Grant Ridder

Assistant Systems Administrator

Milwaukee School of Engineering http://www.msoe.edu/

Re: Feedly and Facebook having issues?

[Grant Ridder]

I am not seeing any slowness from a TWTC circuit in Milwaukee, WI.  (The
spike an noon is due to a script that also runs that slows the server a bit)



-Grant


On Wed, May 8, 2013 at 12:16 PM, Hank Nussbacher h...@efes.iucc.ac.ilwrote:

 http://www.isitdownrightnow.**com/facebook.com.htmlhttp://www.isitdownrightnow.com/facebook.com.html
 http://www.isitdownrightnow.**com/feedly.com.htmlhttp://www.isitdownrightnow.com/feedly.com.html

 -Hank

Re: Problem reaching Wikipedia (AS43821) via Tele2

[Grant Ridder]

Looks like ge-2-5.br1-knams.wikimedia.org (130.244.6.250) is filtering you 
somehow.

Grant 

Sent from my iPhone

On May 2, 2013, at 9:01 AM, Israel G. Lugo israel.l...@lugosys.com wrote:

 Hello,
 
 Anyone else having problems reaching Wikipedia?
 
 I can't reach AS43821 (Wikimedia RIPE) from within the Portuguese NREN
 (AS1930), via Cogent (AS174) - Tele2 (AS1257):
 
 traceroute to en.wikipedia.org (91.198.174.225), 30 hops max, 60 byte
 packets
 1  Router3.10GE.Lisboa.fccn.pt (193.136.1.89) [AS1930]  0.953 ms
 2  ROUTER10.10GE.Lisboa.fccn.pt (193.137.0.8) [AS1930]  0.939 ms
 3  ROUTER4.10GE.Lisboa.fccn.pt (193.137.0.20) [AS1930]  1.000 ms
 4  fccn.mx2.lis.pt.geant.net (62.40.124.97) [AS20965]  1.000 ms
 5  xe-2-3-0.rt1.mad.es.geant.net (62.40.98.107) [AS20965]  13.926 ms
 6  as2.rt1.gen.ch.geant2.net (62.40.112.25) [AS20965]  37.882 ms
 7  ae3.mx1.gen.ch.geant.net (62.40.112.14) [AS20965]  37.874 ms
 8  ae1.mx1.fra.de.geant.net (62.40.98.109) [AS20965]  44.154 ms
 9  ae4.rt1.fra.de.geant.net (62.40.98.135) [AS20965]  43.935 ms
 10  te0-4-0-2.mag21.fra03.atlas.cogentco.com (149.6.42.73) [AS174] 
 44.842 ms
 11  fra36-peer-1.xe-1-2-0-unit0.tele2.net (130.244.200.41) [AS1257] 
 44.368 ms
 12  fra36-core-1.bundle-ether2.tele2.net (130.244.64.186) [AS1257] 
 44.977 ms
 13  *
 14  ams13-peer-1.ae0-unit0.tele2.net (130.244.53.123) [AS1257]  50.299 ms
 15  *
 16  *
 17  *
 18  *
 19  *
 20  *
 
 Tele2's traceroute server (http://services.tele2net.at/traceroute.html)
 reaches the same IP without problems:
 
 1 213.90.34.4 (213.90.34.4) 0.268 ms 0.124 ms 0.151 ms
 2 213.90.1.20 (213.90.1.20) 0.430 ms 0.382 ms 0.303 ms
 3 wat1-15-93.net.uta.at (62.218.15.93) 0.497 ms 0.368 ms 0.387 ms
 4 c76wmode1-tengigE4-1.net.uta.at (212.152.192.206) 0.644 ms 0.572 ms
 0.599 ms
 5 wen1-core-2.tengige0-0-1-1.tele2.net (130.244.205.57) 0.836 ms 0.874
 ms 0.737 ms
 6 fra36-core-1.bundle-ether7.tele2.net (130.244.206.28) 13.683 ms 13.472
 ms 13.817 ms
 7 ams-core-2.bundle-ether4.tele2.net (130.244.64.201) 20.421 ms 20.482
 ms 20.762 ms
 8 ams13-peer-1.ae0-unit0.tele2.net (130.244.53.123) 19.972 ms 19.936 ms
 19.962 ms
 9 ge-2-5.br1-knams.wikimedia.org (130.244.6.250) 20.727 ms 20.641 ms
 20.660 ms
 10 wikipedia-lb.esams.wikimedia.org (91.198.174.225) 20.610 ms 20.539 ms
 20.615 ms
 
 Trying from $HOME_ISP, via AS6453 (Globe) - AS1299 (Telia) works fine.
 
 Regards,
 Israel G. Lugo
 
 

Re: Fake or Real Google servers from China Hong Kong (116.92.194.14x)?

[Grant Ridder]

Whois record isn't Google.


inetnum:116.92.0.0 - 116.92.255.255
descr:  This field was added to fix syntax error
netname:PACNET
remarks:Spam and Security: ab...@pacnet.com
remarks:Network Issues : r...@pacnet.com
country:HK
admin-c:PNH4-AP
tech-c: PNH4-AP
mnt-by: APNIC-HM
mnt-lower:  MAINT-AP-PACNET
mnt-lower:  MAINT-AP-PACNET-NOC
changed:r...@pacnet.com
status: ALLOCATED PORTABLE
changed:hm-chan...@apnic.net 20080604
source: APNIC

role:   PACNET NIC Handler
address:PACNET
country:HK
phone:  +65-6872-1010
e-mail: r...@pacnet.com
remarks:-
remarks:Spam and Security: ab...@pacnet.com
remarks:Network Issues   : r...@pacnet.com
remarks:-
admin-c:PR132-AP
admin-c:AN155-AP
tech-c: PR132-AP
tech-c: AN155-AP
nic-hdl:PNH4-AP
remarks:http://www.pacnet.com
notify: r...@pacnet.com
mnt-by: MAINT-AP-PACNET
changed:r...@pacnet.com 20090911
source: APNIC
changed:hm-chan...@apnic.net 2014

On Mon, Mar 25, 2013 at 3:42 PM, Manu Chao linux.ya...@gmail.com wrote:

 Could someone confirm me following IP are legitimated from Google China
 (HK) or not (fake=dangerous) ???

 116.92.194.140
 116.92.194.141
 116.92.194.142
 116.92.194.143

 No DNS resolution from Google DNS, i am suspicious...

 Any help appreciate

Re: Time Warner Cable YouTube throttling

[Grant Ridder]

Can any one provide traceroutes to youtube to see if there is any
correlation between last mile providers?

-Grant

On Wed, Mar 6, 2013 at 6:37 PM, Derek Ivey de...@derekivey.com wrote:

 I don't think it's just Time Warner. Definitely looks like XO. I have
 Verizon FiOS and it was pretty bad for me as well (not sure if it still is
 since I'm not home right now). There's also atleast two threads in the
 Verizon FiOS section on Broadband Reports:

 http://www.dslreports.com/forum/r28027601-Horrible-youtube-speeds

 http://www.dslreports.com/forum/r28071070-How-to-Reddit-YouTube-firewall-rule-with-MI424wr

 Derek


 On Wed, Mar 6, 2013 at 5:56 PM, Rick Coloccia coloc...@geneseo.edu
 wrote:

  I'd like to help, too, I'm from a TWC business class site with 650 Mbps
  bandwidth and still regularly poor performance with YouTube.
 
  -Rick
 
  Sent from my iPhone 4S
 
  On Mar 6, 2013, at 4:10 PM, Christopher Morrow morrowc.li...@gmail.com
  wrote:
 
   On Wed, Mar 6, 2013 at 3:34 PM, Randy Carpenter rcar...@network1.net
  wrote:
  
   - Original Message -
   On Wed, Mar 6, 2013 at 3:11 PM, Randy Carpenter
   rcar...@network1.net wrote:
  
   We have recently been having some serious speed issues with YouTube
   on our home connections, which are all Time Warner Cable.
   Some searching on forums and such revealed a work around:
  
   Block 206.111.0.0/16 at the router.
  
   this was reported elsewhere... it seems odd, since that's XO space,
   not Google and not TWC space. Would you care to engage in some
   troubleshooting to help everyone out? :)
  
   I'll be happy to help troubleshoot in any way I can.
  
   excellent.. I'll arrange my ducks, let's chat offlist?
  
 
 

Re: Time Warner Cable YouTube throttling

[Grant Ridder]

The 1st one gets slow at XO and the 2nd and 3rd get slow at Sprint.

Now the interesting one with XO is that it is routed in a /30 that is
assigned to Google by XO.

network:Class-Name:network
network:ID:NET-XO-NET-d1302a54
network:Auth-Area:209.48.0.0/15
network:Network-Name:XO-NET-d1302a54
network:Organization;I:GOOGLE INC. (328874-1)
network:IP-Network:209.48.42.84/30
network:Admin-Contact;I:XCIA-ARIN
network:Tech-Contact;I:XCIA-ARIN
network:Created:20120917
network:Updated:20121018
network:Updated-By:ipad...@eng.xo.com

-Grant

On Wed, Mar 6, 2013 at 8:25 PM, Min qiu.mi...@gmail.com wrote:

 3 traces all indicated the last hub are 80~100ms faster than the
 second last hub.  Interesting.

 Min

 On Wed, Mar 6, 2013 at 9:07 PM, Derek Ivey de...@derekivey.com wrote:
  I just got home and tested with quite a few 1080p videos. No issues over
 my
  Hurricane Electric IPv6 tunnel. I did notice frequent stops to buffer on
 my
  FiOS IPv4 connection. I have a 50 Mbps down connection and don't even
 come
  close to maxing it when watching Youtube videos.
 
  Here are a few traceroutes:
 
  [2.1-BETA0][root@pfsense]/root(1): traceroute
  r19---sn-p5qlsm7d.c.youtube.com
  traceroute to r19.sn-p5qlsm7d.c.youtube.com (208.117.251.184), 64 hops
 max,
  40 byte packets
   1  L100.HRBGPA-VFTTP-12.verizon-gni.net (98.117.0.1)  1.222 ms 1.348 ms
  0.834 ms
   2  G10-0-8-112.HRBGPA-LCR-01.verizon-gni.net (130.81.184.148) 2.839 ms
  2.589 ms  2.443 ms
   3  P12-0-0.HRBGPA-LCR-02.verizon-gni.net (130.81.27.185)  14.880 ms
  14.614
  ms  14.698 ms
   4  so-12-1-0-0.RES-BB-RTR1.verizon-gni.net (130.81.28.254) 14.647 ms
  14.696 ms  14.552 ms
   5  0.xe-3-1-1.BR1.IAD8.ALTER.NET (152.63.37.141)  15.027 ms 15.004 ms
  15.064 ms
   6  te9-2-0d0.cir1.ashburn-va.us.xo.net (206.111.0.201)  38.517 ms
  36.033
  ms  34.816 ms
   7  216.156.8.189.ptr.us.xo.net (216.156.8.189)  31.958 ms  30.994 ms
  29.194 ms
   8  209.48.42.86 (209.48.42.86)  124.931 ms  126.117 ms  124.303 ms
   9  208.117.251.184 (208.117.251.184)  26.483 ms  27.792 ms 27.974 ms
 
  [2.1-BETA0][root@pfsense]/root(2): traceroute
  r15---sn-p5qlsm76.c.youtube.com
  traceroute to r15.sn-p5qlsm76.c.youtube.com (208.117.251.148), 64 hops
 max,
  40 byte packets
   1  L100.HRBGPA-VFTTP-12.verizon-gni.net (98.117.0.1)  1.077 ms 0.863 ms
  0.968 ms
   2  G10-0-8-112.HRBGPA-LCR-01.verizon-gni.net (130.81.184.148) 2.429 ms
  2.265 ms  2.456 ms
   3  P12-0-0.HRBGPA-LCR-02.verizon-gni.net (130.81.27.185)  14.788 ms
  14.666
  ms  14.643 ms
   4  so-12-1-0-0.RES-BB-RTR1.verizon-gni.net (130.81.28.254) 14.591 ms
  14.479 ms  16.041 ms
   5  0.xe-10-0-0.BR2.IAD8.ALTER.NET (152.63.38.165)  15.007 ms 15.109 ms
  14.975 ms
   6  144.232.8.209 (144.232.8.209)  187.038 ms  115.363 ms  117.669 ms
   7  sl-st31-ash-0-4-0-0.sprintlink.net (144.232.28.6)  116.263 ms
  sl-st31-ash-0-8-0-2.sprintlink.net (144.232.1.19)  116.491 ms
  sl-st31-ash-0-4-0-0.sprintlink.net (144.232.28.6)  116.934 ms
   8  sl-googl10-584821-0.sprintlink.net (144.228.205.34)  122.521 ms
  122.780
  ms  121.535 ms
   9  208.117.251.148 (208.117.251.148)  33.669 ms  37.652 ms 38.478 ms
 
  [2.1-BETA0][root@pfsense]/root(6): traceroute
  r10---sn-p5qlsm7l.c.youtube.com
  traceroute to r10.sn-p5qlsm7l.c.youtube.com (208.117.251.47), 64 hops
 max,
  40 byte packets
   1  L100.HRBGPA-VFTTP-12.verizon-gni.net (98.117.0.1)  1.159 ms 0.831 ms
  0.806 ms
   2  G9-0-4-212.HRBGPA-LCR-02.verizon-gni.net (130.81.139.126) 2.396 ms
  2.435 ms  2.167 ms
   3  so-12-1-0-0.RES-BB-RTR1.verizon-gni.net (130.81.28.254) 14.497 ms
  14.767 ms  14.695 ms
   4  0.xe-11-0-0.BR2.IAD8.ALTER.NET (152.63.38.169)  15.001 ms 15.074 ms
  15.024 ms
   5  144.232.8.209 (144.232.8.209)  118.582 ms  116.717 ms  113.669 ms
   6  sl-st31-ash-0-4-0-3.sprintlink.net (144.232.3.169)  114.433 ms
  117.698
  ms
  sl-st31-ash-0-4-0-0.sprintlink.net (144.232.28.6)  115.981 ms
   7  sl-googl10-584821-0.sprintlink.net (144.228.205.34)  123.912 ms
  124.402
  ms  125.384 ms
   8  208.117.251.47 (208.117.251.47)  30.591 ms  30.676 ms  29.528 ms
 
  Derek
 
  On 3/6/2013 8:31 PM, Grant Ridder wrote:
 
  Can any one provide traceroutes to youtube to see if there is any
  correlation between last mile providers?
 
  -Grant
 
  On Wed, Mar 6, 2013 at 6:37 PM, Derek Ivey de...@derekivey.com
  mailto:de...@derekivey.com wrote:
 
  I don't think it's just Time Warner. Definitely looks like XO. I
 have
  Verizon FiOS and it was pretty bad for me as well (not sure if it
  still is
  since I'm not home right now). There's also atleast two threads in
 the
  Verizon FiOS section on Broadband Reports:
 
  http://www.dslreports.com/forum/r28027601-Horrible-youtube-speeds
 
 
 http://www.dslreports.com/forum/r28071070-How-to-Reddit-YouTube-firewall-rule-with-MI424wr
 
  Derek
 
 
  On Wed, Mar 6, 2013 at 5:56 PM, Rick Coloccia
  coloc...@geneseo.edu mailto:coloc...@geneseo.edu wrote:
 
   I'd like to help, too, I'm from a TWC

Re: Time Warner Cable YouTube throttling

[Grant Ridder]

One thing to keep in mind is that youtube may be anycast.  Google's
distributed file system is pretty amazing and it could be traffic to one
specific datacenter that is possibly slow.

-Grant

On Wed, Mar 6, 2013 at 8:47 PM, Min qiu.mi...@gmail.com wrote:

 I use FIOS.  In my case, I suspected two things.

   1. congestion (my first hub appeared over subscribed)
   2. packet out of order (high packet drop in alternet-google could be
 a symptom of multipath)

 Not sure which has bigger performance impact to youtube.

 Min

 On Wed, Mar 6, 2013 at 9:35 PM, Grant Ridder shortdudey...@gmail.com
 wrote:
  The 1st one gets slow at XO and the 2nd and 3rd get slow at Sprint.
 
  Now the interesting one with XO is that it is routed in a /30 that is
  assigned to Google by XO.
 
  network:Class-Name:network
  network:ID:NET-XO-NET-d1302a54
  network:Auth-Area:209.48.0.0/15
  network:Network-Name:XO-NET-d1302a54
  network:Organization;I:GOOGLE INC. (328874-1)
  network:IP-Network:209.48.42.84/30
  network:Admin-Contact;I:XCIA-ARIN
  network:Tech-Contact;I:XCIA-ARIN
  network:Created:20120917
  network:Updated:20121018
  network:Updated-By:ipad...@eng.xo.com
 
  -Grant
 
  On Wed, Mar 6, 2013 at 8:25 PM, Min qiu.mi...@gmail.com wrote:
 
  3 traces all indicated the last hub are 80~100ms faster than the
  second last hub.  Interesting.
 
  Min
 
  On Wed, Mar 6, 2013 at 9:07 PM, Derek Ivey de...@derekivey.com wrote:
   I just got home and tested with quite a few 1080p videos. No issues
 over
   my
   Hurricane Electric IPv6 tunnel. I did notice frequent stops to buffer
 on
   my
   FiOS IPv4 connection. I have a 50 Mbps down connection and don't even
   come
   close to maxing it when watching Youtube videos.
  
   Here are a few traceroutes:
  
   [2.1-BETA0][root@pfsense]/root(1): traceroute
   r19---sn-p5qlsm7d.c.youtube.com
   traceroute to r19.sn-p5qlsm7d.c.youtube.com (208.117.251.184), 64
 hops
   max,
   40 byte packets
1  L100.HRBGPA-VFTTP-12.verizon-gni.net (98.117.0.1)  1.222 ms
 1.348 ms
   0.834 ms
2  G10-0-8-112.HRBGPA-LCR-01.verizon-gni.net (130.81.184.148) 2.839
 ms
   2.589 ms  2.443 ms
3  P12-0-0.HRBGPA-LCR-02.verizon-gni.net (130.81.27.185)  14.880 ms
   14.614
   ms  14.698 ms
4  so-12-1-0-0.RES-BB-RTR1.verizon-gni.net (130.81.28.254) 14.647 ms
   14.696 ms  14.552 ms
5  0.xe-3-1-1.BR1.IAD8.ALTER.NET (152.63.37.141)  15.027 ms 15.004
 ms
   15.064 ms
6  te9-2-0d0.cir1.ashburn-va.us.xo.net (206.111.0.201)  38.517 ms
   36.033
   ms  34.816 ms
7  216.156.8.189.ptr.us.xo.net (216.156.8.189)  31.958 ms  30.994 ms
   29.194 ms
8  209.48.42.86 (209.48.42.86)  124.931 ms  126.117 ms  124.303 ms
9  208.117.251.184 (208.117.251.184)  26.483 ms  27.792 ms 27.974 ms
  
   [2.1-BETA0][root@pfsense]/root(2): traceroute
   r15---sn-p5qlsm76.c.youtube.com
   traceroute to r15.sn-p5qlsm76.c.youtube.com (208.117.251.148), 64
 hops
   max,
   40 byte packets
1  L100.HRBGPA-VFTTP-12.verizon-gni.net (98.117.0.1)  1.077 ms
 0.863 ms
   0.968 ms
2  G10-0-8-112.HRBGPA-LCR-01.verizon-gni.net (130.81.184.148) 2.429
 ms
   2.265 ms  2.456 ms
3  P12-0-0.HRBGPA-LCR-02.verizon-gni.net (130.81.27.185)  14.788 ms
   14.666
   ms  14.643 ms
4  so-12-1-0-0.RES-BB-RTR1.verizon-gni.net (130.81.28.254) 14.591 ms
   14.479 ms  16.041 ms
5  0.xe-10-0-0.BR2.IAD8.ALTER.NET (152.63.38.165)  15.007 ms 15.109
 ms
   14.975 ms
6  144.232.8.209 (144.232.8.209)  187.038 ms  115.363 ms  117.669 ms
7  sl-st31-ash-0-4-0-0.sprintlink.net (144.232.28.6)  116.263 ms
   sl-st31-ash-0-8-0-2.sprintlink.net (144.232.1.19)  116.491 ms
   sl-st31-ash-0-4-0-0.sprintlink.net (144.232.28.6)  116.934 ms
8  sl-googl10-584821-0.sprintlink.net (144.228.205.34)  122.521 ms
   122.780
   ms  121.535 ms
9  208.117.251.148 (208.117.251.148)  33.669 ms  37.652 ms 38.478 ms
  
   [2.1-BETA0][root@pfsense]/root(6): traceroute
   r10---sn-p5qlsm7l.c.youtube.com
   traceroute to r10.sn-p5qlsm7l.c.youtube.com (208.117.251.47), 64 hops
   max,
   40 byte packets
1  L100.HRBGPA-VFTTP-12.verizon-gni.net (98.117.0.1)  1.159 ms
 0.831 ms
   0.806 ms
2  G9-0-4-212.HRBGPA-LCR-02.verizon-gni.net (130.81.139.126) 2.396
 ms
   2.435 ms  2.167 ms
3  so-12-1-0-0.RES-BB-RTR1.verizon-gni.net (130.81.28.254) 14.497 ms
   14.767 ms  14.695 ms
4  0.xe-11-0-0.BR2.IAD8.ALTER.NET (152.63.38.169)  15.001 ms 15.074
 ms
   15.024 ms
5  144.232.8.209 (144.232.8.209)  118.582 ms  116.717 ms  113.669 ms
6  sl-st31-ash-0-4-0-3.sprintlink.net (144.232.3.169)  114.433 ms
   117.698
   ms
   sl-st31-ash-0-4-0-0.sprintlink.net (144.232.28.6)  115.981 ms
7  sl-googl10-584821-0.sprintlink.net (144.228.205.34)  123.912 ms
   124.402
   ms  125.384 ms
8  208.117.251.47 (208.117.251.47)  30.591 ms  30.676 ms  29.528 ms
  
   Derek
  
   On 3/6/2013 8:31 PM, Grant Ridder wrote:
  
   Can any one provide traceroutes to youtube to see if there is any
   correlation between last mile providers

Re: Time Warner Cable YouTube throttling

[Grant Ridder]

RIT is probably on a commercial circuit and from what i have seen on this
chain so far, it is only affecting home/consumer users.  At MSOE (msoe.edu)
i dont show any latency but we are on TWTC.  Anyone chime in if that is
wrong.

-Grant

On Wed, Mar 6, 2013 at 10:46 PM, Mark Jeremy mej...@rit.edu wrote:

 Jumping into the bandwagon here to help out.

 Here's the result from RIT to r19.sn-p5qlsm7d.c.youtube.com, going through
 at least 4 hops through XO territory.

 traceroute to r19.sn-p5qlsm7d.c.youtube.com (208.117.251.184), 30 hops
 max,
 60 byte packets
  1  rit-west1-gw-014-vlan453.rit.edu (129.21.153.254)  0.593 ms  0.584 ms
 0.576 ms
  2  rit-core1-pp-west2-vlan824.rit.edu (129.21.8.93)  1.938 ms  1.941 ms
 2.116 ms
  3  rit-rit1-pp-core1-vlan2811.rit.edu (129.21.8.42)  0.508 ms  0.497 ms
 0.484 ms
  4  te-7-2.car2.Buffalo1.Level3.net (4.59.214.21)  2.293 ms  2.294 ms
  2.282
 ms
  5  ae-4-4.ebr2.NewYork1.Level3.net (4.69.140.242)  10.332 ms  10.339 ms
 11.022 ms
  6  ae-72-72.csw2.NewYork1.Level3.net (4.69.148.38)  15.274 ms  10.212 ms
 ae-92-92.csw4.NewYork1.Level3.net (4.69.148.46)  10.204 ms
  7  ae-1-60.edge2.NewYork1.Level3.net (4.69.155.16)  10.202 ms
 ae-2-70.edge2.NewYork1.Level3.net (4.69.155.80)  10.174 ms  10.171 ms
  8  206.111.13.65.ptr.us.xo.net (206.111.13.65)  10.160 ms  10.345 ms
 10.336 ms
  9  207.88.14.185.ptr.us.xo.net (207.88.14.185)  18.555 ms  18.541 ms
 20.749 ms
 10  ae0d1.cir1.ashburn-va.us.xo.net (207.88.13.65)  16.241 ms  16.322 ms
 16.261 ms
 11  209.48.42.86 (209.48.42.86)  16.673 ms  64.114 ms  64.054 ms
 12  208.117.251.184 (208.117.251.184)  16.313 ms  16.306 ms  16.486 ms

 -MJ

 -Original Message-
 From: John Zettlemoyer [mailto:j...@razorservers.com]
 Sent: Wednesday, March 06, 2013 11:19 PM
 To: 'Derek Ivey'
 Cc: nanog@nanog.org
 Subject: RE: Time Warner Cable YouTube throttling

 Yup... This might be more helpful.
 I went to r19.sn-p5qlsm7d.c.youtube.com for better comparison.

 Verizon FIOS

   1 8 ms 4 ms 4 ms  l100.cmdnnj-vfttp-27.verizon-gni.net
 [98.110.113.1]
   2 9 ms 6 ms 7 ms  g0-3-3-6.cmdnnj-lcr-22.verizon-gni.net
 [130.81.182.44]
   310 ms 9 ms 9 ms  xe-9-1-2-0.ny5030-bb-rtr2.verizon-gni.net
 [130.81.209.144]
   4 8 ms 8 ms 9 ms  0.xe-3-1-0.br3.nyc4.alter.net
 [152.63.26.117]
   523 ms24 ms24 ms  204.255.168.118
   633 ms34 ms34 ms  144.232.4.93
   722 ms22 ms22 ms  sl-crs4-nyc-0-3-5-0.sprintlink.net
 [144.232.7.122]
   825 ms22 ms24 ms  sl-crs2-dc-0-4-0-2.sprintlink.net
 [144.232.8.164]
   922 ms21 ms22 ms  sl-st31-ash-0-2-0-0.sprintlink.net
 [144.232.25.15]
  1050 ms49 ms49 ms  sl-googl10-584821-0.sprintlink.net
 [144.228.205.34]
  1120 ms19 ms19 ms  208.117.251.184

 Comcast
   127 ms31 ms21 ms  68.38.220.1
   2 8 ms 9 ms11 ms
 xe-11-3-0-0-sur01.burlington.nj.panjde.comcast.net [68.85.128.237]
   311 ms 9 ms 9 ms
 xe-13-0-0-0-ar03.audubon.nj.panjde.comcast.net [68.85.62.89]
   415 ms16 ms15 ms
 pos-4-0-0-0-cr01.ashburn.va.ibone.comcast.net [68.86.93.233]
   514 ms14 ms13 ms  be-27-pe06.ashburn.va.ibone.comcast.net
 [68.86.82.174]
   615 ms13 ms14 ms  144.232.6.97
   715 ms14 ms15 ms  sl-st31-ash-0-4-0-3.sprintlink.net
 [144.232.3.169]
   834 ms32 ms31 ms  sl-googl10-584821-0.sprintlink.net
 [144.228.205.34]
   930 ms31 ms31 ms  208.117.251.184

 Our DC
   11 ms1 ms1 ms  static.razorinc.net [70.34.208.101]
   21 ms1 ms1 ms  mx1.razorinc.net [70.34.252.9]
   31 ms1 ms1 ms  xe-0-2-0.phi10.ip4.tinet.net
 [199.168.63.233]
   4 3 ms 8 ms 3 ms  xe-7-2-1.was14.ip4.tinet.net
 [89.149.181.174]
   5 3 ms 3 ms 3 ms  as2828.ip4.tinet.net [77.67.68.14]
   6 3 ms 3 ms 3 ms  216.156.8.189.ptr.us.xo.net[216.156.8.189]
   7 4 ms 4 ms 4 ms  209.48.42.86
   8 4 ms 4 ms 4 ms  208.117.251.184



 John

Re: After Being Cut From Norway, The Pirate Bay Returns From North Korea or is it just BGP Tricks

[Grant Ridder]

It was a hoax

http://www.pcworld.com/article/2030073/the-pirate-bay-admits-to-north-korean-hosting-hoax.html


On Tue, Mar 5, 2013 at 10:10 AM, Warren Bailey 
wbai...@satelliteintelligencegroup.com wrote:

 Seems easy enough to convince North Korea that they should announce my
 prefixes... ;)


 From my Android phone on T-Mobile. The first nationwide 4G network.



  Original message 
 From: Stephane Bortzmeyer bortzme...@nic.fr
 Date: 03/05/2013 10:55 AM (GMT-05:00)
 To: Bacon Zombie baconzom...@gmail.com
 Cc: nanog@nanog.org
 Subject: Re: After Being Cut From Norway, The Pirate Bay Returns From
 North Korea or is it just BGP Tricks


 On Mon, Mar 04, 2013 at 09:43:05PM +,
  Bacon Zombie baconzom...@gmail.com wrote
  a message of 71 lines which said:

  But there is a lot of debate on Reddit that they are not really in
  North Korea and just doing some BGP trickery:

 And ICMP trickery, to send false ICMP replies (with a delay) to
 traceroute requests.

 I am certain they are not in North Korea. The TCP latency when you
 connect with HTTP to thepiratebay.se if  40 ms, something which you
 cannot have from North Korea.

Re: Check this out T-Mobile Launches GoSmart Prepaid Service Nationally on Phone Scoop

[Grant Ridder]

haha i love the header:

Received: (from nobody@localhost)

On Tue, Feb 19, 2013 at 7:48 PM, Jay Ashworth j...@baylink.com wrote:

 Check this out:

 http://www.phonescoop.com/articles/article.php?a=11946

 This email was sent via Phone Scoop (www.phonescoop.com). The sender
 thought you might be interested in the page linked above.

Re: Reachability problem with AS8388 [194.63.246.0/23]

[Grant Ridder]

Can you provide the traceroute?

-Grant

On Tue, Feb 12, 2013 at 6:01 AM, Carlos Friacas cfria...@fccn.pt wrote:


 Hello,

 Does anyone has reachability issues with AS8388?

 It seems i'm unable to get packets back from 194.63.246.0/23, but only if
 the source is my 193.136.0.0/15 block, at AS1930. It works well from my
 other netblocks. I'm basically performing a (non-recursive) DNS query to
 DNS servers within 194.63.246.0/23.

 I've been trying to involve upstream providers to take a deeper look at
 this problem, but i haven't had any luck so far. I can't even get a
 traceroute back to my network from anyone at AS8388.

 Any suggestions?


 Best Regards,
 Carlos Friaças

Re: Reachability problem with AS8388 [194.63.246.0/23]

[Grant Ridder]

Traceroute to the same address from a TWTC circuit in Milwaukee, Wi drops
in the same network as you.

  7 7 ms 6 ms 7 ms  xe-7-3-0.edge4.Chicago3.Level3.net[4.53.98.45]
  8   114 ms   110 ms   113 ms  vlan52.ebr2.Chicago2.Level3.net[4.69.138.190]
  9   112 ms   110 ms   111 ms
ae-6-6.ebr2.Washington12.Level3.net[4.69.148.145]
 10   113 ms   113 ms   114 ms  ae-5-5.ebr2.Washington1.Level3.net[4.69.143.221]
 11   113 ms   109 ms   109 ms  ae-43-43.ebr2.Paris1.Level3.net[4.69.137.57]
 12   111 ms   111 ms   115 ms
ae-45-45.ebr1.Frankfurt1.Level3.net[4.69.143.133]
 13   111 ms   111 ms   111 ms  ae-81-81.csw3.Frankfurt1.Level3.net[4.69.140.10]
 14   110 ms   107 ms   109 ms
ae-3-80.edge1.Frankfurt1.Level3.net[4.69.154.133]
 15   190 ms   189 ms   183 ms  212.162.9.6
 16 *** Request timed out.
 17   176 ms   169 ms   169 ms
tengigaeth00-00-00-00.adr00.csr.hol.gr[62.38.93.98]
 18 *** Request timed out.
 19 *** Request timed out.
 20 *** Request timed out.
 21 *** Request timed out.
 22  ^C

On Tue, Feb 12, 2013 at 9:52 AM, Carlos Friacas cfria...@fccn.pt wrote:



 On Tue, 12 Feb 2013, Grant Ridder wrote:

 Hello,


  Can you provide the traceroute?


 Yes. Please see below. We were already told they drop icmp packets making
 the traceroute useless beyond 62.38.94.98

 I strongly suspect there is an issue only on the return path, but i would
 need a traceroute originated at the other end so i can be sure and
 understand where the packets (tcp  udp) are exactly being dropped.


 Regards,
 Carlos Friaças


 # traceroute 194.63.247.20
 traceroute to 194.63.247.20 (194.63.247.20), 30 hops max, 60 byte packets
  1  193.136.2.29 (193.136.2.29)  0.278 ms  0.256 ms  0.241 ms
  2  ROUTER4.10GE.Lisboa.fccn.pt (193.137.0.20)  0.294 ms  0.282 ms  0.269
 ms
  3  fccn.mx2.lis.pt.geant.net (62.40.124.97)  0.332 ms  0.320 ms  0.337 ms
  4  xe-2-3-0.rt1.mad.es.geant.net (62.40.98.107)  12.650 ms  12.725 ms
 12.641 ms
  5  as2.rt1.gen.ch.geant2.net (62.40.112.25)  34.808 ms  34.791 ms
  34.863 ms
  6  ae3.rt1.fra.de.geant2.net (62.40.112.161)  43.062 ms  43.022 ms
 43.010 ms
  7  
 te0-7-0-5.ccr22.fra03.atlas.**cogentco.comhttp://te0-7-0-5.ccr22.fra03.atlas.cogentco.com(149.6.42.73)
   43.724 ms 43.808 ms  43.889 ms
  8  
 te0-0-0-2.ccr22.ams03.atlas.**cogentco.comhttp://te0-0-0-2.ccr22.ams03.atlas.cogentco.com(130.117.3.89)
   50.106 ms
 te0-2-0-2.ccr22.ams03.atlas.**cogentco.comhttp://te0-2-0-2.ccr22.ams03.atlas.cogentco.com(130.117.1.65)
   50.240 ms
 te0-0-0-2.ccr22.ams03.atlas.**cogentco.comhttp://te0-0-0-2.ccr22.ams03.atlas.cogentco.com(130.117.3.89)
   50.114 ms
  9  
 te0-2-0-0.ccr22.lon13.atlas.**cogentco.comhttp://te0-2-0-0.ccr22.lon13.atlas.cogentco.com(130.117.1.170)
   55.518 ms
 te0-0-0-0.ccr22.lon13.atlas.**cogentco.comhttp://te0-0-0-0.ccr22.lon13.atlas.cogentco.com(130.117.1.225)
   55.453 ms
 te0-5-0-0.ccr22.lon13.atlas.**cogentco.comhttp://te0-5-0-0.ccr22.lon13.atlas.cogentco.com(154.54.61.154)
   55.689 ms
 10  
 te0-1-0-0.ccr22.lon01.atlas.**cogentco.comhttp://te0-1-0-0.ccr22.lon01.atlas.cogentco.com(154.54.57.178)
   55.570 ms
 te0-4-0-0.ccr22.lon01.atlas.**cogentco.comhttp://te0-4-0-0.ccr22.lon01.atlas.cogentco.com(130.117.0.205)
   55.452 ms
 te0-2-0-0.ccr22.lon01.atlas.**cogentco.comhttp://te0-2-0-0.ccr22.lon01.atlas.cogentco.com(154.54.57.174)
   55.481 ms
 11  
 te2-1.mag02.lon01.atlas.**cogentco.comhttp://te2-1.mag02.lon01.atlas.cogentco.com(154.54.74.114)
   55.439 ms 55.356 ms  55.342 ms
 12  149.6.187.234 (149.6.187.234)  55.370 ms  55.451 ms  55.493 ms
 13  
 POS00-07-00-03.med00.brd.hol.**grhttp://POS00-07-00-03.med00.brd.hol.gr(62.38.36.13)
   127.954 ms *  127.106 ms
 14  
 tengigaeth00-01-00-02.med00.**ccr.hol.grhttp://tengigaeth00-01-00-02.med00.ccr.hol.gr(62.38.97.29)
   136.321 ms * *
 15  
 tengigaeth00-07-00-00.med00.**csr.hol.grhttp://tengigaeth00-07-00-00.med00.csr.hol.gr(62.38.94.98)
   125.525 ms 125.519 ms  125.584 ms
 16  * * *
 17  * * *
 18  * * *
 19  * * *
 20  * * *
 21  * * *
 22  * * *
 23  * * *
 24  * * *
 25  * * *
 26  * * *
 27  * * *
 28  * * *
 29  * * *
 30  * * *





  -Grant

 On Tue, Feb 12, 2013 at 6:01 AM, Carlos Friacas cfria...@fccn.pt wrote:

   Hello,

   Does anyone has reachability issues with AS8388?

   It seems i'm unable to get packets back from 194.63.246.0/23, but
 only if the source is my 193.136.0.0/15 block, at
   AS1930. It works well from my other netblocks. I'm basically
 performing a (non-recursive) DNS query to DNS servers
   within 194.63.246.0/23.

   I've been trying to involve upstream providers to take a deeper
 look at this problem, but i haven't had any luck so
   far. I can't even get a traceroute back to my network from anyone
 at AS8388.

   Any suggestions?


   Best Regards,
   Carlos Friaças

Re: ripe/ncc likes cookies

[Grant Ridder]

Don't most browsers accept all cookies by default without asking the user?

-Grant

Sent from my iPhone

On Jan 12, 2013, at 11:03 PM, Randy Bush ra...@psg.com wrote:

 Local law in EU which I assumed that most knew about
 http://www.cookielaw.org/about-this-message.aspx
 
 this says what you must do if you want to feed the client a cookie.
 it does not mandate feeding them a cookie.  in fact, it would seem to
 suggest that you might do so only if you really must.
 
 randy
 

Re: SSL Certificates and ... Providers

[Grant Ridder]

Yes the Verisign auth stuff is done by Symantic as of 2010.

-Grant

On Thursday, December 27, 2012, Christopher Morrow wrote:

 On Thu, Dec 27, 2012 at 3:37 PM, Blake Pfankuch 
 bl...@pfankuch.mejavascript:;
 wrote:
  Our stuff is currently through Verisign because of the reliability of
 the name and the nature of the industry.

 verisign sold this business (like 2+ years ago?), maybe it's time to
 find someone else with a reliable name? (who hasn't sold the business
 out from under you)

Re: gmail offline?

[Grant Ridder]

Not seeing any issues from a TWTC circuit in Milwaukee, Wi.

-Grant

On Mon, Dec 10, 2012 at 11:01 AM, Andrew Latham lath...@gmail.com wrote:

 On Mon, Dec 10, 2012 at 11:56 AM, Philip Lavine source_ro...@yahoo.com
 wrote:
  getting a 502 error

 Some network issues on a normal Monday morning.

 --
 ~ Andrew lathama Latham lath...@gmail.com http://lathama.net ~

Re: gmail offline?

[Grant Ridder]

I stand corrected, the web interface just stopped working with a 502 error

Sent from my iPhone

On Dec 10, 2012, at 11:06 AM, Tom Beecher tbeec...@localnet.com wrote:

 Web interface for Gmail/GChat seems to be the culprit. My email and chat 
 clients that don't use the web interface seem pretty uneffected.
 
 It's Google. They'll straighten it out quick enough.
 
 On 12/10/2012 12:00 PM, Peter Kristolaitis wrote:
 I'm getting the same thing when I try to access the web interface, but SMTP 
  IMAP seem to be working fine at the moment.
 
 - Peter
 
 
 On 12/10/2012 11:56 AM, Philip Lavine wrote:
 getting a 502 error
 
 

Apple iMessage

[Grant Ridder]

Hi,

Is anyone having trouble with apples iMessage service?  A friend and I are
in Wisconsin and Illinois respectfully and messages via iMessage are taking
up to several minutes to send.  I am using a 4s on iOS 5 and my friend is
using a 3GS.

Thanks
Grant

Re:

[Grant Ridder]

I love spam from Honduras.  I am hoping that someone is going to kick this
email from the members list.

On Tue, Aug 21, 2012 at 4:47 PM, ty chan chanty...@yahoo.com wrote:

 http://homeprobestprice.info/wp-admin/bjsdvs.php?comz=comz

Re: DNS Changer items

[Grant Ridder]

From the little blurb on the RIPE site, it sounds like the Dutch police are
making threats (taking over administration) that they can't legally keep.
 It also sounds like RIPE did a big screw you to the Dutch police for
trying to interfere.

-Grant

On Wed, Aug 15, 2012 at 4:46 AM, Stephen Wilcox steve.wil...@ixreach.comwrote:

 FYI RIPE reallocated these blocks. Whilst I understand they didn't want the
 court order, this seems a bit silly, doesn't that now make the machines
 residing in these blocks special - even if the owners arent miscreants, it
 makes them a viable target.


 https://www.ripe.net/internet-coordination/news/clarification-on-reallocated-ipv4-address-space-related-to-dutch-police-order

 inetnum: 93.188.160.0 - 93.188.167.255
 netname: LT-HOSTING-20120810
 descr:   Aurimas Rapalis trading as II Hosting Media
 country: US

 inetnum: 85.255.112.0 - 85.255.127.255
 netname: INEVO-NET
 descr:   Inevo Labs SRL
 country: RO



 On 13 July 2012 19:48, Owen DeLong o...@delong.com wrote:

 
  On Jul 7, 2012, at 10:31 AM, Jay Ashworth wrote:
 
   - Original Message -
   From: Seth Mattinen se...@rollernet.us
  
   On Fri, 06 Jul 2012 13:20:55 -0400, Andrew Fried said:
   The dns-ok.us site is getting crushed from all the sudden media
   interest.
  
   One wonders why it's so hard to get the media interested when it
   would be *helpful*. DNS Changer gets traction like 3 days before the
   drop dead date, IPv6 gets on the radar *after* we run out of v4 /8's
   to give to regionals, etc...
  
   Reactive is easier to justify to the powers that be than proactive.
  
   It's easier to justify *not* being smart enough to deal with the
 problem
   when it doesn't cause a major disruption?
  
 
  When it isn't causing a major problem, the powers that be have a harder
  time understanding the need to act.
 
  Once it is causing a major disruption, the powers that be have no trouble
  understanding the need to act.
 
  This is not veneration of stupidity, it is human nature. Often summarized
  in the colloquialism The squeaky wheel gets the grease.
 
  Owen
 
 
 


 --
 Director / Founder
 IX Reach Ltd
 E: steve.wil...@ixreach.com
 M: +44 7966 048633
 Tempus Court, Bellfield Road, High Wycombe, HP13 5HA, UK.

Re: Att funkyness

[Grant Ridder]

What kind of circuit?  residential? commercial?  DNS server ip's?

On Wed, Aug 15, 2012 at 9:17 AM, jeff jones jeff.jjo...@gmail.com wrote:

 Anyone seeing issues with ATT and DNS resolution? Still troubleshooting,
 but wanted other input.

 Thanks
 ~Jeff

Re: Att funkyness

[Grant Ridder]

I have ATT DSL at home and the DNS servers (68.94.156.1 and 68.94.157.1)
pushed from ATT work fine.

-Grant

On Wed, Aug 15, 2012 at 9:34 AM, Justin Vocke justin.vo...@gmail.comwrote:

 https://twitter.com/#!/search/AT%26T%20DNS

 ATT is having some DNS issues on their backbone. There is currently no ETA
 for resolution.


 --
 Justin Vocke





 On 8/15/12 9:20 AM, Grant Ridder shortdudey...@gmail.com wrote:

 What kind of circuit?  residential? commercial?  DNS server ip's?
 
 On Wed, Aug 15, 2012 at 9:17 AM, jeff jones jeff.jjo...@gmail.com
 wrote:
 
  Anyone seeing issues with ATT and DNS resolution? Still
 troubleshooting,
  but wanted other input.
 
  Thanks
  ~Jeff
 

Re: DNS Changer items

[Grant Ridder]

Caved? How so?  It looks like RIPE is ignoring the court order to keep the
blocks locked.  Unless i am misunderstanding it.

On Wed, Aug 15, 2012 at 3:52 PM, Randy Bush ra...@psg.com wrote:

  It also sounds like RIPE did a big screw you to the Dutch police for
  trying to interfere.

 no, they caved.

Re: DNS Changer items

[Grant Ridder]

Gotcha

On Wed, Aug 15, 2012 at 4:34 PM, Randy Bush ra...@psg.com wrote:

  Caved? How so?

 at the time, ripe caved to the court order.  took some weeks before they
 woke up.  now a lot of noise, lawyers, and whitewash.

 randy

Comcast outage

[Grant Ridder]

Does anyone know about or experiencing a Comcast outage in the Santa Clara
area?

-Grant

Re: UCSF Network Admin??

[Grant Ridder]

Ditto on that from TWTC in Milwaukee, WI.

# dig www.ucsf.edu @ucsfns2.ucsf.edu

;  DiG 9.8.1-P1  www.ucsf.edu @ucsfns2.ucsf.edu
;; global options: +cmd
;; Got answer:
;; -HEADER- opcode: QUERY, status: NOERROR, id: 49793
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 6
;; WARNING: recursion requested but not available

;; QUESTION SECTION:
;www.ucsf.edu.  IN  A

;; ANSWER SECTION:
www.ucsf.edu.   3600IN  A   64.54.132.50

;; AUTHORITY SECTION:
ucsf.edu.   3600IN  NS  adns1.Berkeley.edu.
ucsf.edu.   3600IN  NS  ucsfns2.ucsf.edu.
ucsf.edu.   3600IN  NS  adns2.Berkeley.edu.
ucsf.edu.   3600IN  NS  ucsfns1.ucsf.edu.

;; ADDITIONAL SECTION:
adns1.Berkeley.edu. 172800  IN  A   128.32.136.3
adns1.Berkeley.edu. 3600IN  2607:f140::fffe::3
adns2.Berkeley.edu. 172800  IN  A   128.32.136.14
adns2.Berkeley.edu. 3600IN  2607:f140::fffe::e
ucsfns1.ucsf.edu.   3600IN  A   128.218.254.10
ucsfns2.ucsf.edu.   3600IN  A   128.218.254.40

;; Query time: 63 msec
;; SERVER: 128.218.254.40#53(128.218.254.40)
;; WHEN: Wed Aug  1 13:48:51 2012
;; MSG SIZE  rcvd: 259

On Wed, Aug 1, 2012 at 1:07 PM, Henry Stryker he...@hup.org wrote:



 On 08/01/12 10:51 , Robert Glover wrote:
  We are not able to query their DNS servers from our network.  We've got
  users not able to access anything UCSF due to this.


 I am querying them OK.  I am in US AZ.  I am also able to reach
 manana.garlic.com.

 [hyperion]/usr/local# dig www.ucsf.edu @ucsfns2.ucsf.edu
 www.ucsf.edu.   3600IN  A   64.54.132.50
 ucsf.edu.   3600IN  NS  ucsfns1.ucsf.edu.
 ucsf.edu.   3600IN  NS  adns2.Berkeley.edu.
 ucsf.edu.   3600IN  NS  adns1.Berkeley.edu.
 ucsf.edu.   3600IN  NS  ucsfns2.ucsf.edu.
 adns1.Berkeley.edu. 172800  IN  A   128.32.136.3
 adns1.Berkeley.edu. 3600IN  2607:f140::fffe::3
 adns2.Berkeley.edu. 172800  IN  A   128.32.136.14
 adns2.Berkeley.edu. 3600IN  2607:f140::fffe::e
 ucsfns1.ucsf.edu.   3600IN  A   128.218.254.10
 ucsfns2.ucsf.edu.   3600IN  A   128.218.254.40
 ;; Query time: 41 msec
 ;; SERVER: 128.218.254.40#53(128.218.254.40)
 ;; WHEN: Wed Aug  1 11:02:46 2012
 ;; MSG SIZE  rcvd: 270

Re: Another LTE network turns up as IPv4-only squat space + NAT

[Grant Ridder]

I am on sprint and my ip is always in the 20. net even though my wan up is
totally different.

Grant

On Wednesday, July 18, 2012, TJ wrote:

 Even if they did OK it (which i doubt), actually using it - especially in a
 public/customer facing / visible deployment - is a Bad Idea.
 *Traceability fail and possibly creating unreachable networks out there
 ...*

 /TJ


 On Wed, Jul 18, 2012 at 9:24 PM, Andrey Khomyakov 
 khomyakov.and...@gmail.com javascript:; wrote:

  So some comments on the intertubes claim that DoD ok'd use of it's
  unadvertized space on private networks. Is there any official reference
  that may support this statement that anyone of you have seen out there?
 
  --Andrey
 

Re: NAT66 was Re: using reserved IPv6 space

[Grant Ridder]

If you are running an HA pair, why would you care which box it went back
through?

-Grant

On Monday, July 16, 2012, Mark Andrews wrote:


 In message CAD8GWsswFwnPKTfxt=
 squumzofs3_-yrihy8o4gt3w9+x6f...@mail.gmail.com javascript:;, Lee
 writes:
  On 7/16/12, Owen DeLong o...@delong.com javascript:; wrote:
  
   Why would you want NAT66? ICK!!! One of the best benefits of IPv6 is
 being
   able to eliminate NAT. NAT was a necessary evil for IPv4 address
   conservation. It has no good use in IPv6.
 
  NAT is good for getting the return traffic to the right firewall.  How
  else do you deal with multiple firewalls  asymmetric routing?

 Traffic goes where the routing protocols direct it.  NAT doesn't
 help this and may actually hinder as the source address cannot be
 used internally to direct traffic to the correct egress point.

 Instead you need internal routers that have to try to track traffic
 flows rather than making simple decisions based on source and
 destination addresess.

 Applications that use multiple connections may not always end up
 with consistent external source addresses.

  Yes, it's possible to get traffic back to the right place without NAT.
  But is it as easy as just NATing the outbound traffic at the
  firewall?

 It can be and it can be easier to debug without NAT mangling
 addresses.

 The only thing helpful NAT66 does is delay the externally visible
 source address selection until the packet passes the NAT66 box.

 Mark
 --
 Mark Andrews, ISC
 1 Seymour St., Dundas Valley, NSW 2117, Australia
 PHONE: +61 2 9871 4742 INTERNET: ma...@isc.orgjavascript:;

Re: The Cidr Report

[Grant Ridder]

if the admins are not going to moderate this list... give me the admin
password to the list serve and i will set it up right... gees

Re: The Cidr Report

[Grant Ridder]

Mailman also allows keyword filtering

On Fri, Jul 13, 2012 at 12:56 PM, Lynda shr...@deaddrop.org wrote:

 On 7/13/2012 10:46 AM, Grant Ridder wrote:

 if the admins are not going to moderate this list... give me the admin
 password to the list serve and i will set it up right.


 These emails seem to be originating from comcast (75.144.246.6). Please
 note I said seem to be since it's very easy to forge such things. I was
 quite sad when yahoo started dispensing *new* accounts from Rocketmail (a
 property they acquired in the long ago times), since I have a rocketmail
 account that long predates yahoo, or the acquisition.

 Still, there needs to be a filter of some sort set up. Mailman permits
 this, and I'd be a fan of it. It seems to be generated by someone who has
 the serious hate on for the list. That actually narrows it down quite a
 bit. Maybe I'll do a bit of traffic analysis over the weekend.

 Or not...

 --
 Politicians are like a Slinky.
 They're really not good for anything,
 but they still bring a smile to your face
 when you push them down a flight of stairs.

Re: Communications Committee volunteers [was: The Cidr Report]

[Grant Ridder]

The admins say they are working on a content filter system.  All you really
should have to do if do keyword filtering in mailman.  I have this setup on
a maillist that i manage.

On Fri, Jul 13, 2012 at 2:51 PM, Jared Mauch ja...@puck.nether.net wrote:


 On Jul 13, 2012, at 3:49 PM, Patrick W. Gilmore wrote:

  On Jul 13, 2012, at 14:20 , JC Dill wrote:
   On 13/07/12 10:46 AM, Grant Ridder wrote:
 
  if the admins are not going to moderate this list... give me the admin
  password to the list serve and i will set it up right... gees
 
  +1
 
  Most excellent!
 
  Just so you know, the admins are the Communications Committee, and
 they are always looking for new volunteers.
 
  I assume you both will be volunteering forthwith?

 They already did in public.  I don't think they can turn it down now :)

 - Jared

Re: HELP IN SETTING UP iBGPlay

[Grant Ridder]

can someone do a blanket block on nanog*@yahoo.com?

On Tue, Jul 10, 2012 at 10:45 AM, NIG NOG nanog...@yahoo.com wrote:






 When he sat down on the bed, he quickly pulled his stretchy pants down as
 far as he could reach. Still, his tremendous prick was trapped, the pants
 leg tight around his ankle and the swollen, almost eighteen inch
 circumference pole. Unh! Gotta give my dick some room! I need this out!
 Chris lunged forward and desperately pulled at the pants, trying to free
 his gargantuan schlong and give himself some needed relief.

 WHACK! Freed of its confinement, the tree trunk of Chris’s cock slammed
 into his face. Chris was stunned by the hot, solid mass of his colossal
 prick. The wide, firm shaft pushed against his face, rising to its full
 thirty inches proudly. Trying to right himself, Chris grasped his dick
 firmly with both hands (although unable to fully encircle its eighteen inch
 girth) and felt any resolve he might have had melt away. Ohh, man. I gotta
 jerk off. My cock needs to be jerked off. It’s so hard and it’s been
 waiting sooo long. I won’t call the girls. Jen will understand. I can’t
 help it. There’s no way I could wait that long. It’s impossible. If I can
 just jerk off once…a few times… some, I can wait for Jen to get back. Just
 a few times and I can wait. Maybe an hour or two and I will be fine.
 Chris’s hands eagerly roamed up and down the expanse of his giant dick,
 caressing himself and causing him to gasp in anticipation. Yesss. Been
 waiting
  so long, haven’t you? Chris wrapped both hands under his throbbing
 monster and bounced it up and down, feeling every ounce of its massive,
 twenty-five pound weight. Gotta take good care of this cock.

 Oooh! Wait! Jen has lube in here! Nothing but the best for my huge cock.
 You’ve been such a good boy, waiting all this time. Stroking himself
 lovingly, Chris levered himself upright, spreading his legs wide to
 accommodate the twenty pound weight of his full, heavy ballsack. That lube
 will feel sooo good on my fat dick. Oh, yes it will, won’t it? Chris patted
 his titanic rod proudly, and stood up, feeling the sudden weight of his
 hugely bloated cock and balls. Ohhh, yeah. Who’s got the biggest package in
 the world? Me.

 He caught a glimpse of himself in Jen’s mirror and straightened up
 proudly. His gargantuan, smooth ballsack hung heavy between his legs to his
 knees, pushing his thighs apart due to its incredible size. His thirty inch
 long cock bobbed up and down as he straighened up, standing up fully erect
 despite its monumental dimensions. His slender frame was dwarfed by his
 mammoth package. Chris’s swollen cock was thicker than his arm, and looked
 to be almost as thick as his thigh. Oh, yeah. That’s what a real man looks
 like. Nobody else has a cock half as nice as this one. Chris continued to
 stroke himself as he turned to admire himself in the mirror, watching his
 gargantuan rod bob up and down hypnotically. Chris experimentally thrust
 his hips back and forth and was rewarded with the consuming sensation of
 forty five pounds of hot cock and balls bouncing and flopping between his
 legs. Ohhh, that feels great! No wonder the girls can’t resist me. Look at
  all this meat. I’m surprised that Terry and Greg can keep their hands off
 this beautiful dick. James can’t keep his hands or mouth off my prick, and
 he hates gays. I must drive Greg crazy.

 Chis watched his thick, stiff prick slowly bob as he pumped his hips again
 and again, letting his immense nutsack shift between his legs. Chris
 reveled in the feeling of his huge, heavy ballsack sliding over the skin of
 his thighs He reached down and cupped his immense, bloated balls. He slowly
 lifted them up, feeling their mass in his arms, and letting their upper
 curves lift his gargantuan slab of meat. Oh, yeah. Nice and full. Tasha’s
 right. I do like to keep my balls nice and full. Chris bobbed his nuts up
 and down, admiring himself in the mirror. Why not? Bigger is better, right?
 Like Jen said, too big is best. Chis was mesmerized by the sight of his
 gargantuan genitals, looking so oversized on his small frame. Time to give
 this fantastic dick a little TLC. Chris confidently leaned forward to grab
 a bottle of Astroglide from Jen’s bedside table.


 “Argh!” Chris’s erection, longer than his reach, slammed into the
 table. Oh, baby! Daddy’s sorry! Chris wrapped his arms around his shaft and
 hugged it tightly, caressing it with his fingers as he winced. The motion
 brought his thick, warm shaft to his face as he did so, and without
 thinking, he leaned forward and kissed it several times. I’m so sorry,
 gorgeous. I never want to hurt you. Chris continued to kiss his fat salami,
 moving from quick pecks with closed lips to open-mouthed kisses. Is my baby
 okay? Can I make it feel better? Chris continued to plant sloppy, wet
 kisses all over his veiny, throbbing rod. His wet lips wandered over all
 the hot flesh he could reach. Finally, 

Re: Cisco Update

[Grant Ridder]

Keep in mind, that to receive the update, the router has to be connected to
the internet.  So routers that are not connected to the internet by design
will be unaffected.

-Grant

On Thu, Jul 5, 2012 at 11:55 AM, David Hubbard 
dhubb...@dino.hostasaurus.com wrote:

 Technical users could always just flash DD-WRT onto the device and replace
 the Linksys/Cisco firmware; then you have a much more robust system without
 any big brother stuff.

Re: FYI Netflix is down

[Grant Ridder]

The problem is large scale tests take a lot of time and planning.  For it
to be done right, you really need a dedicated DR team.

-Grant

On Mon, Jul 2, 2012 at 11:31 AM, AP NANOG na...@armoredpackets.com wrote:

 This is an excellent example of how tests should be ran, unfortunately
 far too many places don't do this...


 --

 Thank you,

 Robert Miller
 http://www.armoredpackets.com

 Twitter: @arch3angel

 On 7/2/12 12:09 PM, Leo Bicknell wrote:

 In a message written on Mon, Jul 02, 2012 at 11:30:06AM -0400, Todd
 Underwood wrote:

 from the perspective of people watching B-rate movies:  this was a
 failure to implement and test a reliable system for streaming those
 movies in the face of a power outage at one facility.

 I want to emphasize _and test_.

 Work on an infrastructure which is redundant and designed to provide
 100% uptime (which is impossible, but that's another story) means
 that there should be confidence in a failure being automatically
 worked around, detected, and reported.

 I used to work with a guy who had a simple test for these things,
 and if I was a VP at Amazon, Netflix, or any other large company I
 would do the same.  About once a month he would walk out on the
 floor of the data center and break something.  Pull out an ethernet.
 Unplug a server.  Flip a breaker.

 Then he would wait, to see how long before a technician came to fix
 it.

 If these activities were service impacting to customers the engineering
 or implementation was faulty, and remediation was performed.  Assuming
 they acted as designed and the customers saw no faults the team was
 graded on how quickly the detected and corrected the outage.

 I've seen too many companies who's test is planned months in advance,
 and who exclude the parts they think aren't up to scratch from the test.
 Then an event occurs, and they fail, and take down customers.

 TL;DR If you're not confident your operation could withstand someone
 walking into your data center and randomly doing something, you are
 NOT redundant.

Re: FYI Netflix is down

[Grant Ridder]

well one would think that they could at least get power redundancy right...

On Sat, Jun 30, 2012 at 1:07 AM, Roy r.engehau...@gmail.com wrote:

 On 6/29/2012 10:38 PM, jamie rishaw wrote:

 you know what's happening even more?

 ..Amazon not learning their lesson.

 they just had an outage quite similar.. they performed a full audit on
 electrical systems worldwide, according to the rfo/post mortem.

 looks like they need to perform a full and we mean it audit, and like
 I've been doing/participating in at dot coms for a decade plus: Actually
 Do
 Regular Load tests..

 Related/equally to blame: companies that rely heavily on one aws zone, or
 arguably one cloud (period), are asking for it.

 Please stop these crappy practices, people.  Do real world DR testing.
  Play What If This City Dropped Off The Map games, because tonight,
 parts
 of VA infact did.

 ...


 I am not a computer science guy but been around a long time.  Data centers
 and clouds are like software.  Once they reach a certain size, its
 impossible to keep the bugs out.  You can test and test your heart out and
 something will slip by.  You can say the same thing about nuclear reactors,
 Apollo moon missions, the NorthEast power grid, and most other technology
 disasters.

Re: [c-nsp] NTP Servers

[Grant Ridder]

I don't understand why anyone would use windows server for anything that
needed precision like time.

On Sat, Jun 30, 2012 at 5:39 PM, Keith Medcalf kmedc...@dessus.com wrote:


  Or you can ask the it guys to use a windows server... Eg:
 
  http://support.microsoft.com/kb/816042

 That is a joke Jared?  You left off the smiley.

 Windows doesn't do NTP out-of-the-box (Microsoft assertions to the
 contrary notwithstanding).  You can build a reasonably working standard
 daemon, however don't expect time to be very accurate.  Windows
 out-of-the-box can keep time +/- 10 minutes or so using the Microsoft
 lets-pretend-NTP.

 You can build the current standard NTPD distribution on Windows.  You can
 also spend lots of time to make it work as well as possible (once you
 manage to get it to compile, that is).  Even so, when you have configured
 it to the optimality of accuracy, this is what you can expect:

 remote   refid  st t when poll reach   delay   offset
  jitter

 ==
 +tic.nrc.ca  .PPS.1 u   13   64  377   55.5445.913
 0.870
 -tac.nrc.ca  .ATOM.   1 u   48   64  377   56.1884.768
 3.041
 -toc.nrc.ca  .ATOM.   1 u1   64  377   55.4854.758
 0.981
 +tick.usask.ca   .GPS.1 u   34   64  377   19.5666.942
 5.699
 *tock.usask.ca   .GPS.1 u   29   64  377   19.6655.955
 1.937
 -clock.isc.org   .GPS.1 u   37   64  377   53.0918.311
 0.649
 +clock.sjc.he.ne .CDMA.   1 u   48   64  377   43.5916.066
 2.501

 offset:   0.005955 s
 frequency:23.346 ppm
 poll adjust:  -30
 watchdog timer:   47 s

 is about the best you will get.  Statistics are pretty awful:

 Date# O.Avg O.Median  O.Range   O.CI  O.Skew
  O.KurtF.Avg F.Median  F.Range   F.CI  F.Kurt
 2012-01 899   0.765559  0.004198  20.05221  0.000371  -0.56023
  0.751151  21.31698  20.9705   2.96850.108050  -0.88068
 2012-02 9673  0.237434  -7.46502  59.75607  0.000156  -1.43583
  8.609085  19.01126  19.3495   5.29950.040683  -0.54578
 2012-03 1380  -0.02157  -14.8416  44.00043  0.000124  -1.08589
  4.559049  18.08941  16.8227.536 0.045387  0.268831
 2012-04 1322  0.196654  21.16261  106.1250  0.000141  -0.48643
  26.05868  17.56811  16.8126.111 0.040561  -0.38021
 2012-05 8849  0.118125  27.44213  72.01526  0.000161  0.296114
  8.939429  17.88685  15.2595   9.31950.080186  1.121740
 2012-06 1457  0.409662  -20.2809  63.32684  0.000114  -1.44144
  11.98237  20.50724  19.5425   6.74250.042372  -0.08891
6102  0.201651  21.16261  106.1250  6.065429  -0.84354
  13.78161  18.71838  16.1125   10.1725   0.023443  1.215941

 This is from a custom ntpd build using the highest precision that it can
 manage to coerce from Windoze.

 Of course, this may be accurate enough for most uses -- at least it does
 not have to time-step.

 Doesn't compare to ntpd on linux on an 80286 with 640K ram booting from a
 floppy, which can maintain time sync within less than 1 ms easily.

 ---
 ()  ascii ribbon campaign against html e-mail
 /\  www.asciiribbon.org

Re: FYI Netflix is down

[Grant Ridder]

From Amazon

Amazon Elastic Compute Cloud (N. Virginia)  (http://status.aws.amazon.com/)
8:21 PM PDT We are investigating connectivity issues for a number of
instances in the US-EAST-1 Region.
8:31 PM PDT We are investigating elevated errors rates for APIs in the
US-EAST-1 (Northern Virginia) region, as well as connectivity issues to
instances in a single availability zone.

-Grant

On Fri, Jun 29, 2012 at 10:40 PM, Jason Baugher ja...@thebaughers.comwrote:

 Seeing some reports of Pinterest and Instagram down as well. Amazon cloud
 services being implicated.


 On 6/29/2012 10:22 PM, Joe Blanchard wrote:

 Seems that they are unreachable at the moment. Called and theres a
 recorded
 message stating they are aware of an issue, no details.

 -Joe

Re: FYI Netflix is down

[Grant Ridder]

I have an instance in zone C and it is up and fine, so it must be A, B, or
D that is down.

On Fri, Jun 29, 2012 at 10:42 PM, James Laszko jam...@mythostech.comwrote:

 To further expand:

 8:21 PM PDT We are investigating connectivity issues for a number of
 instances in the US-EAST-1 Region.

  8:31 PM PDT We are investigating elevated errors rates for APIs in the
 US-EAST-1 (Northern Virginia) region, as well as connectivity issues to
 instances in a single availability zone.

  8:40 PM PDT We can confirm that a large number of instances in a single
 Availability Zone have lost power due to electrical storms in the area. We
 are actively working to restore power.

 -Original Message-
 From: Grant Ridder [mailto:shortdudey...@gmail.com]
 Sent: Friday, June 29, 2012 8:42 PM
 To: Jason Baugher
 Cc: nanog@nanog.org
 Subject: Re: FYI Netflix is down

 From Amazon

 Amazon Elastic Compute Cloud (N. Virginia)  (http://status.aws.amazon.com/
 )
 8:21 PM PDT We are investigating connectivity issues for a number of
 instances in the US-EAST-1 Region.
 8:31 PM PDT We are investigating elevated errors rates for APIs in the
 US-EAST-1 (Northern Virginia) region, as well as connectivity issues to
 instances in a single availability zone.

 -Grant

 On Fri, Jun 29, 2012 at 10:40 PM, Jason Baugher ja...@thebaughers.com
 wrote:

  Seeing some reports of Pinterest and Instagram down as well. Amazon
  cloud services being implicated.
 
 
  On 6/29/2012 10:22 PM, Joe Blanchard wrote:
 
  Seems that they are unreachable at the moment. Called and theres a
  recorded message stating they are aware of an issue, no details.
 
  -Joe
 
 
 
 
 
 

Re: FYI Netflix is down

[Grant Ridder]

Yes, although, when you launch an instance, you do have the option of
selecting a zone if you want.  However, once the instance is started it
stays in that zone and does not switch.

On Fri, Jun 29, 2012 at 10:47 PM, Ian Wilson ian.m.wil...@gmail.com wrote:

 On Fri, Jun 29, 2012 at 11:44 PM, Grant Ridder shortdudey...@gmail.com
 wrote:
  I have an instance in zone C and it is up and fine, so it must be A, B,
 or
  D that is down.

 It is my understanding that instance zones are randomized between
 customers -- so your zone C may be my zone A.

 Ian
 --
 Ian Wilson
 ian.m.wil...@gmail.com

 Solving site load issues with database replication is a lot like
 solving your own personal problems with heroin -- at first, it sorta
 works, but after a while things just get out of hand.

Re: FYI Netflix is down

[Grant Ridder]

They may use it for content, but reddit.com resolves to IPs own by quest

On Fri, Jun 29, 2012 at 10:51 PM, Seth Mattinen se...@rollernet.us wrote:

 On 6/29/12 8:47 PM, Mike Lyon wrote:
  Whatever happened to UPSs and generators?
 

 You don't need them with The Cloud!

 But seriously, this is something like the third or fourth time AWS fell
 over flat in recent memory.

 ~Seth

Re: FYI Netflix is down

[Grant Ridder]

8:49 PM PDT Power has been restored to the impacted Availability Zone and
we are working to bring impacted instances and volumes back online

On Fri, Jun 29, 2012 at 10:52 PM, Grant Ridder shortdudey...@gmail.comwrote:

 They may use it for content, but reddit.com resolves to IPs own by quest


 On Fri, Jun 29, 2012 at 10:51 PM, Seth Mattinen se...@rollernet.uswrote:

 On 6/29/12 8:47 PM, Mike Lyon wrote:
  Whatever happened to UPSs and generators?
 

 You don't need them with The Cloud!

 But seriously, this is something like the third or fourth time AWS fell
 over flat in recent memory.

 ~Seth

Re: DNS poisoning at Google?

[Grant Ridder]

It also redirects with facebook, youtube, and ebay but NOT amazon.

-Grant

On Wed, Jun 27, 2012 at 12:57 AM, Matthew Black matthew.bl...@csulb.eduwrote:

  Our web lead was able to run curl. Thanks.

 ** **

 matthew black

 information technology services

 california state university, long beach

 ** **

 *From:* Grant Ridder [mailto:shortdudey...@gmail.com]
 *Sent:* Tuesday, June 26, 2012 10:53 PM
 *To:* Matthew Black
 *Cc:* Landon Stewart; nanog@nanog.org; Jeremy Hanmer

 *Subject:* Re: DNS poisoning at Google?

 ** **

 Matt, what happens you get on a subnet that can access the webservers
 directly and bypass the load balancer.  Try curl then and see if its
 something w/ the webserver or load balancer.

 ** **

 -Grant

 On Wed, Jun 27, 2012 at 12:40 AM, Matthew Black matthew.bl...@csulb.edu
 wrote:

 Thanks again to everyone who helped. I didn't know what to enter with
 curl, because Outlook clobbered the line breaks in Jeremy's original
 message.

 Also, curl failed on our primary webserver because of firewall and load
 balancer magic settings. The Telnet method worked better!

 Our team is now scouring for that hidden redirect to couchtarts.


 matthew black
 information technology services
 california state university, long beach


 

 From: Landon Stewart [mailto:lstew...@superb.net]

 Sent: Tuesday, June 26, 2012 10:37 PM
 To: Matthew Black
 Cc: Jeremy Hanmer; nanog@nanog.org

 Subject: Re: DNS poisoning at Google?

 There is definitely a 301 redirect.

 $ curl -I --referer http://www.google.com/ http://www.csulb.edu/
 HTTP/1.1 http://www.csulb.edu/%0d%0aHTTP/1.1 301 Moved Permanently
 Date: Wed, 27 Jun 2012 05:36:31 GMT
 Server: Apache/2.0.63
 Location: http://www.couchtarts.com/media.php
 Connection: close
 Content-Type: text/html; charset=iso-8859-1

 On 26 June 2012 22:05, Matthew Black matthew.bl...@csulb.edumailto:
 matthew.bl...@csulb.edu wrote:
 Google Webtools reports a problem with our HOMEPAGE /. That page is not
 redirecting anywhere.
 They also report problems with some 48 other primary sites, none of which
 redirect to the offending couchtarts.

 matthew black
 information technology services
 california state university, long beach




 -Original Message-

 From: Jeremy Hanmer [mailto:jeremy.han...@dreamhost.commailto:
 jeremy.han...@dreamhost.com]
 Sent: Tuesday, June 26, 2012 9:58 PM
 To: Matthew Black

 Cc: nanog@nanog.orgmailto:nanog@nanog.org
 Subject: Re: DNS poisoning at Google?
 It's not DNS.  If you're sure there's no htaccess files in place, check
 your content (even that stored in a database) for anything that might be
 altering data based on referrer.  This simple test shows what I mean:

 Airy:~ user$ curl -e 'http://google.com' csulb.eduhttp://csulb.edu
 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead

 title301 Moved Permanently/title
 /headbody
 h1Moved Permanently/h1
 pThe document has moved a href=http://www.couchtarts.com/media.php
 here/a./p
 /body/html

 Running curl without the -e argument gives the proper site contents.

 On Jun 26, 2012, at 9:24 PM, Matthew Black matthew.bl...@csulb.edu
 mailto:matthew.bl...@csulb.edu wrote:

  Running Apache on three Solaris webservers behind a load balancer. No MS
 Windows!
 
  Not sure how malicious software could get between our load balancer and
 Unix servers. Thanks for the tip!
 
  matthew black
  information technology services
  california state university, long beach
 
 
 

  From: Landon Stewart [mailto:lstew...@superb.netmailto:
 lstew...@superb.net]

  Sent: Tuesday, June 26, 2012 9:07 PM
  To: Matthew Black

  Cc: nanog@nanog.orgmailto:nanog@nanog.org

  Subject: Re: DNS poisoning at Google?
 
  Is it possible that some malicious software is listening and injecting a
 redirect on the wire?  We've seen this before with a Windows machine being
 infected.

  On 26 June 2012 20:53, Matthew Black matthew.bl...@csulb.edumailto:
 matthew.bl...@csulb.edumailto:matthew.bl...@csulb.edumailto:
 matthew.bl...@csulb.edu wrote:
  Google Safe Browsing and Firefox have marked our website as containing
 malware. They claim our home page returns no results, but redirects users
 to another compromised website couchtarts.comhttp://couchtarts.com
 http://couchtarts.com.

 
  We have thoroughly examined our root .htaccess and httpd.conf files and
 are not redirecting to the problem target site. No recent changes either.
 
  We ran some NSLOOKUPs against various public DNS servers and
 intermittently get results that are NOT our servers.
 
  We believe the DNS servers used by Google's crawler have been poisoned.
 
  Can anyone shed some light on this?
 
  matthew black
  information technology services
  california state university, long beach

  www.csulb.eduhttp://www.csulb.eduhttp://www.csulb.edu
 http://www.csulb.edu
 
 
 
  --
  Landon Stewart lstew...@superb.netmailto:lstew...@superb.netmailto:
 lstew

Re: DNS poisoning at Google?

[Grant Ridder]

Matt, what happens you get on a subnet that can access the webservers
directly and bypass the load balancer.  Try curl then and see if its
something w/ the webserver or load balancer.

-Grant

On Wed, Jun 27, 2012 at 12:40 AM, Matthew Black matthew.bl...@csulb.eduwrote:

 Thanks again to everyone who helped. I didn't know what to enter with
 curl, because Outlook clobbered the line breaks in Jeremy's original
 message.

 Also, curl failed on our primary webserver because of firewall and load
 balancer magic settings. The Telnet method worked better!

 Our team is now scouring for that hidden redirect to couchtarts.

 matthew black
 information technology services
 california state university, long beach



 From: Landon Stewart [mailto:lstew...@superb.net]
 Sent: Tuesday, June 26, 2012 10:37 PM
 To: Matthew Black
 Cc: Jeremy Hanmer; nanog@nanog.org
 Subject: Re: DNS poisoning at Google?

 There is definitely a 301 redirect.

 $ curl -I --referer http://www.google.com/ http://www.csulb.edu/
 HTTP/1.1 301 Moved Permanently
 Date: Wed, 27 Jun 2012 05:36:31 GMT
 Server: Apache/2.0.63
 Location: http://www.couchtarts.com/media.php
 Connection: close
 Content-Type: text/html; charset=iso-8859-1

 On 26 June 2012 22:05, Matthew Black matthew.bl...@csulb.edumailto:
 matthew.bl...@csulb.edu wrote:
 Google Webtools reports a problem with our HOMEPAGE /. That page is not
 redirecting anywhere.
 They also report problems with some 48 other primary sites, none of which
 redirect to the offending couchtarts.

 matthew black
 information technology services
 california state university, long beach




 -Original Message-
 From: Jeremy Hanmer [mailto:jeremy.han...@dreamhost.commailto:
 jeremy.han...@dreamhost.com]
 Sent: Tuesday, June 26, 2012 9:58 PM
 To: Matthew Black
 Cc: nanog@nanog.orgmailto:nanog@nanog.org
 Subject: Re: DNS poisoning at Google?
 It's not DNS.  If you're sure there's no htaccess files in place, check
 your content (even that stored in a database) for anything that might be
 altering data based on referrer.  This simple test shows what I mean:

 Airy:~ user$ curl -e 'http://google.com' csulb.eduhttp://csulb.edu
 !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead
 title301 Moved Permanently/title
 /headbody
 h1Moved Permanently/h1
 pThe document has moved a href=http://www.couchtarts.com/media.php
 here/a./p
 /body/html

 Running curl without the -e argument gives the proper site contents.
 On Jun 26, 2012, at 9:24 PM, Matthew Black matthew.bl...@csulb.edu
 mailto:matthew.bl...@csulb.edu wrote:

  Running Apache on three Solaris webservers behind a load balancer. No MS
 Windows!
 
  Not sure how malicious software could get between our load balancer and
 Unix servers. Thanks for the tip!
 
  matthew black
  information technology services
  california state university, long beach
 
 
 
  From: Landon Stewart [mailto:lstew...@superb.netmailto:
 lstew...@superb.net]
  Sent: Tuesday, June 26, 2012 9:07 PM
  To: Matthew Black
  Cc: nanog@nanog.orgmailto:nanog@nanog.org
  Subject: Re: DNS poisoning at Google?
 
  Is it possible that some malicious software is listening and injecting a
 redirect on the wire?  We've seen this before with a Windows machine being
 infected.
  On 26 June 2012 20:53, Matthew Black matthew.bl...@csulb.edumailto:
 matthew.bl...@csulb.edumailto:matthew.bl...@csulb.edumailto:
 matthew.bl...@csulb.edu wrote:
  Google Safe Browsing and Firefox have marked our website as containing
 malware. They claim our home page returns no results, but redirects users
 to another compromised website couchtarts.comhttp://couchtarts.com
 http://couchtarts.com.
 
  We have thoroughly examined our root .htaccess and httpd.conf files and
 are not redirecting to the problem target site. No recent changes either.
 
  We ran some NSLOOKUPs against various public DNS servers and
 intermittently get results that are NOT our servers.
 
  We believe the DNS servers used by Google's crawler have been poisoned.
 
  Can anyone shed some light on this?
 
  matthew black
  information technology services
  california state university, long beach
  www.csulb.eduhttp://www.csulb.eduhttp://www.csulb.edu
 http://www.csulb.edu
 
 
 
  --
  Landon Stewart lstew...@superb.netmailto:lstew...@superb.netmailto:
 lstew...@superb.net
  Sr. Administrator
  Systems Engineering
  Superb Internet Corp - 888-354-6128 x 4199tel:888-354-6128%20x%204199
 Web hosting and more Ahead
  of the Rest:
  http://www.superbhosting.nethttp://www.superbhosting.net/
 






 --
 Landon Stewart lstew...@superb.netmailto:lstew...@superb.net
 Sr. Administrator
 Systems Engineering
 Superb Internet Corp - 888-354-6128 x 4199
 Web hosting and more Ahead of the Rest: http://www.superbhosting.net
 http://www.superbhosting.net/

Re: HE IPv6 tunnel inbound

[Grant Ridder]

Hi,

Thanks for all the replies.  I will look at Chris's solution to see if that
will work.  I had found similar instructions, but none as extensive.  Also,
I am using the AWS free tier right now, hence the choice, but i am open to
other suggestions.

Thanks,
Grant

On Thu, Jun 14, 2012 at 7:54 AM, seth s...@untethered.org wrote:





 On Jun 13, 2012, at 11:10 PM, Cameron Byrne cb.li...@gmail.com wrote:

  On Jun 13, 2012 8:29 PM, Grant Ridder shortdudey...@gmail.com wrote:
 
  Hi,
 
  I have a Hurricane Electric v6 tunnel setup on an AWS (amazon web
  services)
  instance so that i can have ipv6 connectivity.  I can ping and
 traceroute
  out of the tunnel fine, but am unable to access the tunnel from outside.
  For example, i am unable to traceroute to the tunnel address outside the
  tunnel address, even with the AWS instance firewall completely open.  I
  would like to host a website accessible via IPv6, hence the tunnel
 setup.
  Is this possible? if so, what could i be doing wrong?  Or is there a
  better was to go about this?
 
  Thanks,
  Grant
 
  Sigh.
 
  Or you could take your business to the dozen or so cloud / vps providers
  that support ipv6. ... Softlayer and Arpnetworks come to mind. I have
 used
  both with a high level of sucess
 
  CB

 But everybody knows that amazon and cloud are synonyms.

Re: LinkedIn password database compromised

[Grant Ridder]

Hi Everyone,

I thought that i would share an IEEE article about LinkenIn and eHarmony.

http://spectrum.ieee.org/riskfactor/telecom/security/linkedin-and-eharmony-hacked-8-million-passwords-taken/?utm_source=computerwiseutm_medium=emailutm_campaign=061312


-Grant

On Wed, Jun 13, 2012 at 1:05 PM, Phil Pishioneri pgp+na...@psu.edu wrote:

 On 6/8/12 7:22 PM, Luke S. Crawford wrote:

 I haven't found any way that is as simple and as portable as using
 ssh that works in a web browser.


 The Enigform Firefox Add-on (plus mod_openpgp on Apache httpd) seems
 similar:

 http://wordpress.org/extend/**plugins/wp-enigform-**authentication/http://wordpress.org/extend/plugins/wp-enigform-authentication/

  Enigform is a Firefox Add-On which uses OpenPGP to digitally sign
 outgoing HTTP requests and Securely login to remote web sites, as long
 as the remote web server is Enigform-compliant.


 -Phil