Re: DOD prefixes and AS8003 / GRSCORP
> On Mar 11, 2021, at 8:43 AM, Eric Dugas via NANOG wrote: > > I would be really curious to see the LOA presented to AS6939 to announce 54 > million IPs out of government IP space and what type of verification was done > because it doesn't seem legit at all. Did you try calling the number on the WHOIS for AS8003, or maybe HE’s NOC to follow up? -jav
Re: Amazon now controls 3.0.0.0/8
> On Nov 8, 2018, at 15:56, Job Snijders wrote: > >> On Fri, Nov 9, 2018 at 0:54 Eric Kuhnke wrote: > >> https://news.ycombinator.com/item?id=18407173 >> >> Quoting from the post: >> >> " >> >> Apparently bought in two chunks: 3.0.0.0/9 and 3.128.0.0/9. >> Previous owner was GE. >> >> Anecdotal reports across the Internet that AWS EIPs are now being assigned >> in that range. >> >> https://whois.arin.net/rest/net/NET-3-0-0-0-1.html >> >> https://whois.arin.net/rest/net/NET-3-128-0-0-1.html >> >> " > > > Seems ALTDB should delete the old AS 80 / GE IRR proxy route registration: > http://irrexplorer.nlnog.net/search/3.0.0.0 It’s been done. -jav
Re: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends
On Jul 6, 2015, at 2:29 PM, Daniel C. Eckert d...@drakontas.org wrote: This isn't really an open source issue -- anybody can make foolish product design decisions regardless of licensing model. This is more about a vendor producing a feature that deliberately and shortsightedly creates a slew of problems impacting almost all existing networks anywhere. It's highly convenient feature for a specific, limited use case (home users hosting a party with a bunch of people that they don't want to have to worry about how to give them a network password). However, gat ignores all of the other security and user impact issues. Can you imagine how the user experience will change when you change your SSID to include the _optout tag and then try to verbally tell someone what the new SSID is? Bonus points for dealing with users in a context where you've had the same SSID for years. Bonus-bonus points for throwing in language barriers. Triple-bonus points if your SSID is called “Underscore” -jav
Re: ARIN just subdivided their last /17, /18, /19, /20, /21 and /22. Down to only /23s and /24s now. : ipv6
On Jun 29, 2015, at 8:42 AM, Stephen Satchell l...@satchell.net wrote: On 06/29/2015 01:16 AM, a.l.m.bu...@lboro.ac.uk wrote: Hi, I knew several people who built their career path on the assumptions of IPX. Ouch. or DECnet ;-) Or XNS. On the other hand, people did have a nice career with SNA...but they weren't trying to push packets over the “LAT” -jav
Re: The state of TACACS+
On Dec 30, 2013, at 9:01 AM, Christian Kratzer ck-li...@cksoft.de wrote: Hi, On Mon, 30 Dec 2013, Christopher Morrow wrote: I don't think radius nor kerberos nor ssh with certificates supports command authorization, do they? it is with radius afaik ... RADIUS does not support command authorization or accounting. -jav
Re: The state of TACACS+
On Dec 30, 2013, at 6:42 PM, Jimmy Hess mysi...@gmail.com wrote: How do you feel about having to wait 30 seconds between every command you enter to troubleshoot, to fail to the second server, if the TACACS or RADIUS system is nonresponsive, because the dumb router can't remember which TACACS servers are up and which ones are down, and always tries the first one in the list first? At least RADIUS has the concept of a dead timer :) Are you talking about Cisco routers? The default timeout value for TACACS+ is five seconds, so I’m not sure where you’re coming up with thirty seconds, unless you have seven servers listed on the router and the first six are dead/unreachable. -jav
Re: What's going on with NTP?
On Dec 25, 2013, at 11:35 AM, John Levine jo...@iecc.com wrote: I have two FreeBSD servers where the NTP daemons are using double digit CPU percentages today rather than the usual 0.01%. Restarting them didn't help. The clock on my Android phone is five hours slow. (It's not the time zone, I checked that.) Is this just my special Christmas present, or are there screwed up NTP servers? I suspect your servers are being attacked. Are you seeing a lot of in/out NTP traffic on those FreeBSD servers? -jav
Re: Are undersea cables tapped before they get to ISP's? [was Re: Security over SONET/SDH]
RFC 1149 addresses the practice of avian carriers. -jav On Tue, Jun 25, 2013 at 10:16 AM, Nick Khamis sym...@gmail.com wrote: Screw the pyramids. Look at that building Yeah we though about this and currently in the process of training pigeons to carry messages. Will keep everyone posted. :) Nick.
Re: cisco.com's IPv6 sites have a routing loop
On Jul 5, 2012, at 5:21 PM, Frank Bulk wrote: Two of Cisco's IPv6 sites, www-v6.cisco.com and www.ipv6.cisco.com, are in a routing loop: 13 10gigabitethernet11-4.core1.sjc2.he.net (2001:470:0:1b4::1) 84.519 ms 82.710 ms 81.033 ms 14 10gigabitethernet3-2.core1.pao1.he.net (2001:470:0:32::2) 81.821 ms 81.826 ms 83.413 ms 15 ciscosystems.v403.core1.pao1.he.net (2001:470:0:1ee::2) 86.730 ms 86.694 ms 110.206 ms 16 sjck-dmzbba-gw1-v6-g1-2.cisco.com (2001:420:80:6:c67d:4fff:fe8b:e2c0) 88.269 ms 88.128 ms 88.067 ms 17 sjck-ispa-gw1-v6-g0-0-2.cisco.com (2001:420:80:6:ca4c:75ff:fe34:7482) 111.224 ms 87.687 ms 87.867 ms 18 sjck-dmzbba-gw1-v6-g1-2.cisco.com (2001:420:80:6:c67d:4fff:fe8b:e2c0) 88.117 ms 87.956 ms 88.234 ms 19 sjck-ispa-gw1-v6-g0-0-2.cisco.com (2001:420:80:6:ca4c:75ff:fe34:7482) 87.879 ms 87.804 ms 103.848 ms 20 sjck-dmzbba-gw1-v6-g1-2.cisco.com (2001:420:80:6:c67d:4fff:fe8b:e2c0) 88.339 ms 88.367 ms 88.574 ms ... n...@cisco.com doesn't work and I can't seem find any of Cisco's NOC-related email addresses in any list that I have. Hopefully someone from Cisco is lurking. I am, and I passed that along to The Management. -jav
Re: altdb?
On Apr 13, 2012, at 4:59 PM, Justin Zipkin wrote: Anybody know what the scoop is with ALTDB? It's been down since yesterday. I just fixed it. -jav
Re: Dear RIPE: Please don't encourage phishing
On Feb 11, 2012, at 12:13 PM, chris wrote: The internet was way cooler before that Yes, and a lot of us could run open relays on our SMTP servers to help each other out, and a full usenet feed fit on a plain ol' 9600 baud link. But no way I could have at home the kind of bandwidth I can get today for a very reasonable price, and so on. -jav