Re: Best TAC Services from Equipment Vendors

[Joel Esler]

It may be a pain in the butt to get Cisco equipment, but their TAC is sublime.  If something is critical enough, and you push hard enough, Cisco will move heaven and earth to solve your issue.  — Sent from my iPhoneOn Mar 6, 2024, at 13:42, Pascal Masha  wrote:For us this has been the experience to a point where 100s of nodes( from vendor x) had to be swapped out because no one had the patience anymore…On Wed, 6 Mar 2024 at 21:29,  wrote:Interesting, this has never been my experience even with Cisco or Juniper, have always been able to escalate quickly to engineering. I wonder if it was related to the size of my accounts.

Shane

> On Mar 6, 2024, at 1:27 PM, Pascal Masha  wrote:
> 
> Thought about it but so far I believe companies from China provide better and fast TAC responses to their customers than the likes of Cisco and perhaps that’s why some companies(where there are no restrictions)prefer them for critical services. 
> 
> For a short period in TAC call you can have over 10 R engineers and solutions provided in a matter of hours even if it involves software changes.. while these other companies even before you get in a call with a TAC engineer it’s hours and when they join you hear something like “my shift ended 15 minutes ago, hold let me look for another engineer”. WHY? Thoughts

Re: Any info on AT Wireless Outage?

[Joel Esler]

/me waves my hand dismissingly— Sent from my iPhoneOn Feb 29, 2024, at 14:55, Javier J  wrote:Where did you see this? Erik Prince was on the PBD podcast saying he has a 70% chance in his head it was China. I tend to learn towards human error from my experience in the IT biz.- JOn Wed, Feb 28, 2024 at 10:58 AM  wrote:I read it as “someone pushed an ACL that wasn’t properly reviewed and it really screwed things up."On Feb 27, 2024, at 21:41, Mark Seiden  wrote:aside from the official pablum that was released about an “incorrect process used”(which says exactly nothing) does anyone actually know anything accurate and more specific about the root cause?(and why it took 11 hours to recover?)On Feb 22, 2024, at 11:15 AM, John Councilman  wrote:From what I've read, they lost their database of SIM cards.  I could be wrong of course.On Thu, Feb 22, 2024 at 2:02 PM Dorn Hetzel  wrote:As widespread as it seemed to be, it feels like it would be quite a trick if it were a single piece of hardware.  Firmware load that ended badly, I wonder?On Thu, Feb 22, 2024 at 1:51 PM Leato, Gary via NANOG  wrote:






Do you have the ability to expand on this at all? Do you mean a hardware failure of some kind IE router, optitcs, etc? 

From: NANOG advance-trading@nanog.org>
On Behalf Of R. Leigh Hennig
Sent: Thursday, February 22, 2024 8:17 AM
To: Robert DeVita 
Cc: nanog@nanog.org
Subject: Re: Any info on AT Wireless Outage?

 Word around the campfire is that it’s a Cisco issue.




On Feb 22, 2024, at 8:03 AM, Robert DeVita  wrote:
 

Reports have it starting at 4:30 a.m.. SOS on all phones..

 

 

 


















Robert DeVita









CEO and Founder

















t: (469) 581-2160



 | 



m: (469) 441-8864

















e: radev...@mejeticks.com



 | 



w: mejeticks.com













a: 







2323 N Akard Street



, 



Dallas



, 



75201




















































































 



The risk of trading futures and options can be substantial. All information, publications, and material used and distributed by Advance Trading Inc. shall be construed as a solicitation. ATI does not maintain an independent research department as defined in
 CFTC Regulation 1.71. Information obtained from third-party sources is believed to be reliable, but its accuracy is not guaranteed by Advance Trading Inc. Past performance is not necessarily indicative of future results.

Re: How threading works (was Re: Root Cause Re: 202401102221.AYC Re: Streamline The CG-NAT Re: 202401100645.AYC Re: IPv4 address block)

[Joel Esler]

Things you have to remember.  Not everyone uses thunderbird.  Not every mail client threads like thunderbird.  — Sent from my iPhoneOn Jan 13, 2024, at 17:39, Abraham Y. Chen  wrote:

  

  
  
Hi, Bryan:

  
0)    Thank you so much
for coming to the rescue!!! 
  

  
1)    Basically trained
as a radio frequency hardware engineer, I am only capable of
using software as tools necessary for my work. For eMail, I have
been using ThunderBird ever since its beginning. With my own
time-stamping Subject line discipline, I never needed its
threading function. When I received complaints last year, I
experimented threading on it and found that it was doing just
fine. Whether I prefixed or suffixed the timestamps to the
Subject line could not break it. I requested counter examples
from those who were having difficulties with my MSGs, but
received none. Frustrated but not able to do anything, I went
back to continue my EzIP work, leaving this subject in the back
burner of my mind. This time around, the problem popped up again
in the midst of large number of MSG exchanges. I am so relieved
that you presented the threading on the NANOG eMail server that
mirrors what I saw on my own PC. So, we now have a common
reference for everyone to look at this phenomenon. (Why no one else knew about this facility?) 
  

  
2)    From the Wikipedia
explanation of RFC5822, I as a ThunderBird user, really have
nothing to do with the Message-ID that it puts on my MSGs nor
how does it make use of such to display the threads. And, my
Subject line style can't affect it either. So, why some
colleagues are having difficulties with just my eMails, but
seemly not from others? Could this be caused by the large number
of MSGs within a short period of time that amplified this issue?
From another feedback, I realized that some colleagues may be
using plain text text editors or alike for eMail, because they
could not see color nor italic emphasizing of my text. Could
such be related to this issue?
  

  
I would appreciate very
much if you could advance my education with some explanations
after perhaps discussions with those offended by my MSGs. 
  


Regards,

  

  
Abe (2024-01-13 17:37)



 







On
  1/12/24 3:04 PM, Mu wrote: 
  Would it be possible for you to reply
in-thread, rather than creating a new thread with a new subject
line every time you reply to someone? 

Trying to follow the conversation becomes very difficult for no
reason. 
  
  
  Threading has nothing to do with subject lines.  RFC822 (now 5822)
  specifies how this works based on message ID.  This thread
  displays fine in threaded mode in my MUA and in the archives. 
  
  https://en.wikipedia.org/wiki/Conversation_threading
  
  https://mailman.nanog.org/pipermail/nanog/2024-January/thread.html
  
  
  If people could please reply to threads properly, inline and
  trimming non relevant text, it would make following discussion
  much easier. 
  



  Virus-free.www.avast.com 

Re: Auth0 geolocation?

[Joel Esler]

I bet money it’s maxmind. — Sent from my iPhoneOn Apr 6, 2023, at 20:33, Tim Burke  wrote:




Anyone know who Auth0 is using for geolocation services? Have a customer reporting that Auth0, Lowes, Bank of America, and some other sites are reporting their IP in the wrong location. Checked the usual suspects,
BrothersWISP.com geolocation providers list, etcetera and they’re all showing in the correct location. 


Thanks,
Tim

Re: 202212160543.AYC Re: eMail Conventions

[Joel Esler via NANOG]

> On Dec 16, 2022, at 12:04 PM, ic  wrote:
> 
> Hi there,
> 
>> On 16 Dec 2022, at 17:13, William Herrin > > wrote:
>> 
>> Most email clients assume that a change to the subject line (other
>> than adding "Re:" to the front) indicates that the sender wants to
>> discuss a new topic related to but meaningly different from the last.
> 
> Although I generally agree that changing the Subject line without reason is 
> an annoyance, I didn’t notice any issue with it until I came across this 
> thread, which wasn’t broken in my mail client (Apple’s Mail.app).

As a user of Mail.app as well, it is not broken for me either.  However, reason 
being — Mail does not use just the subject to thread.  I used to nerd out about 
email (top + bottom posting, etc) so the details of how Apple Mail threads have 
been lost in my ADHD riddled brain, but — that’s why.

> 
> This led me to a few tests, and FWIW even Mutt seems happy with the Subject 
> changing and still threads the emails appropriately.
> 
> In my experience, threading is done by clients looking for the In-Reply-To: 
> header, not subject. Subject is a heuristic fallback, in case In-Reply-To is 
> absent.
> 
> Some email clients (although I don’t remember which ones) remove In-Reply-To: 
> when the Subject: is changed (that might go as far back as my Gnus Oort days).
> 

…. and now that I wrote the above email response, I think you’re right.  
In-Reply-To:  I believe, is how Mail.app does it. (And several others)

Re: What say you, nanog re: Starlink vs 5G?

[Joel Esler via NANOG]

> On Jun 24, 2022, at 3:38 PM, Owen DeLong via NANOG  wrote:
> 
> It’s not entirely clear, without knowing the technical details of the 
> Starlink modulation scheme whether or not they could successfully share the 
> 12Ghz spectrum.
> 
> I have no reason to disbelieve their claims.


Exactly.  Why would they lie?

Re: Flow collection and analysis

[Joel Esler via NANOG]

Are you asking for commercial solutions?  Free solutions?  Open Source?

> On Jan 25, 2022, at 10:46 AM, David Bass  wrote:
> 
> Wondering what others in the small to medium sized networks out there are 
> using these days for netflow data collection, and your opinion on the tool?
> 
> Thanks!

Re: OpenDNS contact

[Joel Esler via NANOG]

Tell your friend to head over to talosintelligence.com/support and file a 
dispute.  


— 
Sent from my  iPad

> On Nov 19, 2021, at 08:41, Mark Costlow  wrote:
> 
> Does anyone have a contact within OpenDNS?  A friend's business is in
> extreme pain because a false-positive blacklisting and he hasn't been
> able to find a human to appeal to.
> 
> The source of the bad initial report has retracted it and the usual "remove
> me from this blacklist" form has been filled out, but they're still hurting.
> 
> Thanks,
> 
> Mark
> -- 
> Mark Costlow| Southwest Cyberport | Fax:   +1-505-232-7975
> che...@swcp.com | Web:   www.swcp.com | Voice: +1-505-232-7992

Re: Hulu and HBO

[Joel Esler (jesler)]

I believe HBO is using MLB's network.

--
Joel Esler
Sent from my iPhone

On May 17, 2015, at 6:38 PM, Josh Reynolds 
j...@spitwspots.commailto:j...@spitwspots.com wrote:

Mike, to test, change DNS.

On May 17, 2015 2:04:18 PM AKDT, Mike Hammett 
na...@ics-il.netmailto:na...@ics-il.net wrote:
When I fire up their streams, they come from Level3 IPs. Can anyone
confirm that Hulu and HBO come from Level 3 and not just someone that
has the box I was talking to on Level3's network?




-
Mike Hammett
Intelligent Computing Solutions
http://www.ics-il.com



Midwest Internet Exchange
http://www.midwest-ix.com

--
Sent from my Android device with K-9 Mail. Please excuse my brevity.

[no subject]

[Joel Esler (jesler) via NANOG]

---BeginMessage---
Seeing them here too.

--
Joel Esler
Sent from my iPhone

On May 7, 2015, at 9:58 PM, Paul Ferguson via NANOG 
nanog@nanog.orgmailto:nanog@nanog.org wrote:

mime-attachment
---End Message---

Re: Galaxy S6 is IPv6 on all US National Mobile carriers

[Joel Esler (jesler)]

So am I correct in assuming that unless you go 100Mb, and other than the N 
router to replace the G router, there isn’t anything beneficial?

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Talos Group


I reserve the right to be wrong


On Apr 14, 2015, at 11:11 AM, Matthew Huff mh...@ox.commailto:mh...@ox.com 
wrote:

The earlier generation of ONT has 100MB Ethernet and MOCA. If you upgrade to 
Quantum and order speeds  100MB you'll need an ONT with gig-E and switch from 
MOCA to wired Ethernet. The MOCA standard specifies up to 175MB, but I don't 
think MOCA vendors have made any adapters  100MB.




Matthew Huff | 1 Manhattanville Rd
Director of Operations   | Purchase, NY 10577
OTA Management LLC   | Phone: 914-460-4039
aim: matthewbhuff| Fax:   914-694-5669

-Original Message-
From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Joel Esler (jesler)
Sent: Tuesday, April 14, 2015 7:17 AM
To: Joe Klein
Cc: nanog@nanog.orgmailto:nanog@nanog.org
Subject: Re: Galaxy S6 is IPv6 on all US National Mobile carriers

I don't believe Quantum has any changes relative to the external of the house.  
Fios has been capable of pushing those speeds with the old modem for years.  
The difference between the old modem and the new one is that the wireless is 
802.11n whereas the old one was only capable of g.

--
Joel Esler
Sent from my iPhone

On Apr 13, 2015, at 11:20 PM, Joe Klein 
jskl...@gmail.commailto:jskl...@gmail.commailto:jskl...@gmail.com wrote:

Was in a meeting over 4 years ago, where the people from Verizon were
claiming they would be rolling out IPv6 for FIOS in the following years.
Still waiting.

Can anyone confirm or deny that Verizon FIOS requires an upgrade to the ONT
and router for its FiOS Quantum service in order to get IPv6?

Joe Klein
Inveniam viam aut faciam

On Mon, Apr 13, 2015 at 10:25 PM, Matt Palmer 
mpal...@hezmatt.orgmailto:mpal...@hezmatt.orgmailto:mpal...@hezmatt.org 
wrote:

On Mon, Apr 13, 2015 at 09:42:07PM -0400, Jared Mauch wrote:
On Apr 13, 2015, at 9:02 PM, Christopher Morrow 
morrowc.li...@gmail.commailto:morrowc.li...@gmail.commailto:morrowc.li...@gmail.com
 wrote:
On Mon, Apr 13, 2015 at 7:30 PM, Will Dean 
w...@willscorner.netmailto:w...@willscorner.netmailto:w...@willscorner.net
wrote:
Reddit started using CloudFlare late last year, so they should able to
serve content up over v6.

nice!

Sorry to rain on your parade:

dhcp-7f01:~ jared% host -t  
www.reddit.comhttp://www.reddit.comhttp://www.reddit.com.
www.reddit.comhttp://www.reddit.comhttp://www.reddit.com has no  record

should be able to serve != are serving.

- Matt

--
If you are a trauma surgeon and someone dies on your table, [...] everyone
would know you did your best.  When someone does something truly stupid
with their system and it dies and you can't resuscitate it, you must be
incompetent or an idiot.  -- Julian Macassey, in the Monastery

Re: Galaxy S6 is IPv6 on all US National Mobile carriers

[Joel Esler (jesler)]

I don't believe Quantum has any changes relative to the external of the house.  
Fios has been capable of pushing those speeds with the old modem for years.  
The difference between the old modem and the new one is that the wireless is 
802.11n whereas the old one was only capable of g.

--
Joel Esler
Sent from my iPhone

On Apr 13, 2015, at 11:20 PM, Joe Klein 
jskl...@gmail.commailto:jskl...@gmail.com wrote:

Was in a meeting over 4 years ago, where the people from Verizon were
claiming they would be rolling out IPv6 for FIOS in the following years.
Still waiting.

Can anyone confirm or deny that Verizon FIOS requires an upgrade to the ONT
and router for its FiOS Quantum service in order to get IPv6?

Joe Klein
Inveniam viam aut faciam

On Mon, Apr 13, 2015 at 10:25 PM, Matt Palmer 
mpal...@hezmatt.orgmailto:mpal...@hezmatt.org wrote:

On Mon, Apr 13, 2015 at 09:42:07PM -0400, Jared Mauch wrote:
On Apr 13, 2015, at 9:02 PM, Christopher Morrow 
morrowc.li...@gmail.commailto:morrowc.li...@gmail.com wrote:
On Mon, Apr 13, 2015 at 7:30 PM, Will Dean 
w...@willscorner.netmailto:w...@willscorner.net
wrote:
Reddit started using CloudFlare late last year, so they should able to
serve content up over v6.

nice!

Sorry to rain on your parade:

dhcp-7f01:~ jared% host -t  www.reddit.comhttp://www.reddit.com.
www.reddit.comhttp://www.reddit.com has no  record

should be able to serve != are serving.

- Matt

--
If you are a trauma surgeon and someone dies on your table, [...] everyone
would know you did your best.  When someone does something truly stupid
with their system and it dies and you can't resuscitate it, you must be
incompetent or an idiot.  -- Julian Macassey, in the Monastery

Re: Verizon's New Repair Method: Plastic Garbage Bags

[Joel Esler]

Can we all just agree that the whole pole needs to be restrung?

That's horrible!

On Aug 20, 2012, at 3:25 PM, Harry Hoffman hhoff...@ip-solutions.net wrote:

 What? That's totally legit. Look! There's even bubble wrap there for
 cushioning! ;-)
 
 On 08/20/2012 03:09 PM, Eric Wieling wrote:
 For a while we have had a customer with some lines which go down every time 
 it rains.   We put in the trouble ticket, a couple of days later Verizon 
 says the issue is resolved...until the next time it rains. 
 
 The customer sent us some pictures today of the pole outside their office.   
 The repair appears to be wrapping some plastic bags around something up on 
 the pole.  Here is link to the pictures the customer sent us, in case anyone 
 in the mood for a good scare.
 
 http://rock.nyigc.net/verizon/
 
 
 
 
 

Re: EBAY and AMAZON

[Joel Esler]

These are exploit kit teasers. 

Black hole exploit kit specifically. I wouldn't click on any of the links in 
there. 

Anyone who would like to send me copies of these, I'll take.  

--
Joel Esler

On Jun 11, 2012, at 4:51 PM, Blake Pfankuch bl...@pfankuch.me wrote:

 I have a spam pit email address which I monitor for trends to have a little 
 bit of jump on the possible things users might touch at work.  I started 
 seeing the amazon, ebay and paypal ones a few weeks back.  The other one I 
 have started to see a lot of is the Free or cheaper home phone service 
 through magic jack ones.  Again as expected they link to some .ru domain and 
 look just like the normal sign up page.  Also my handy dandy virtual machine 
 was instantly owned with malware just by loading the page.  The VM runs 
 Windows 7 as a non administrative user, UAC cranked up and IE9.  Something 
 like 10 installed apps showed up including Adobe Flash Player Latest.
 
 The other cool one I have been seeing is along the lines of How to better 
 utilize your office phone system or New Business Phone systems with 
 supposed links to popular new phone system trends.  This one is rather 
 crafty as it has an embedded image which is a nice weblink to an infected 
 jpg.  So you click show picture in outlook, or in your browser and you get 
 another installed piece of nastyware.
 
 -Original Message-
 From: Kain, Rebecca (.) [mailto:bka...@ford.com] 
 Sent: Monday, June 11, 2012 12:40 PM
 To: n...@flhsi.com; Brandt, Ralph; nanog@nanog.org
 Subject: RE: EBAY and AMAZON
 
 I have gotten them from amazon stating order number X was cancelled and 
 please click on the below file for more information.  Because I order so 
 much on amazon, I almost thought it was real and clicked on it but then went 
 to the amazon site and looked at my open orders.  It always pays to goto 
 the site, not believe email.
 
 
 -Original Message-
 From: Nick Olsen [mailto:n...@flhsi.com]
 Sent: Monday, June 11, 2012 2:06 PM
 To: Brandt, Ralph; nanog@nanog.org
 Subject: re: EBAY and AMAZON
 
 I think it might just be coincidence. I've gotten about 10 of them and 
 haven't been to ebay or amazon in months.
 Most of them have been for 60 dollar books.
 
 Nick Olsen
 Network Operations (855) FLSPEED  x106
 
 
 From: Brandt, Ralph ralph.bra...@pateam.com
 Sent: Monday, June 11, 2012 1:28 PM
 To: nanog@nanog.org
 Subject: EBAY and AMAZON
 
 I have received bogus emails from both of the above on Friday. 
 
 These look like I bought something that in both cases I did not buy.
 The EBAY was a golf club for $887 and the Amazon was a novel for $82, far 
 more than I would have spent on either.
 
 I think I looked at the novel on Amazon and I remember the golf club came up 
 on a search with something else on Ebay.  
 
 How this information could get to someone spoofing is a little disconcerting. 
  
 
 I have changed EBAY and Paypal Passwords as instructed.  
 
 Ralph Brandt
 Communications Engineer
 HP Enterprise Services
 Telephone +1 717.506.0802
 FAX +1 717.506.4358
 Email ralph.bra...@pateam.com
 5095 Ritter Rd
 Mechanicsburg PA 17055
 
 
 
 

Re: Cat Humor

[Joel Esler]

But a Cat 6 is one more isn't it?

http://www.youtube.com/watch?v=EbVKWCpNFhY



-- 
Joel Esler


On Monday, June 4, 2012 at 2:58 PM, Eric Wieling wrote:

 
 I'm not looking for help, just thought this was hilarious.
 
 Mark called in from XO he stated a tech was on site and found out that 
 client used a CAT 6 cable instead of a CAT 5 cable and XO doesn't have a 
 connecting piece for the CAT 6 cable. he stated if client gets a wire/cable 
 guy out there to fix issue, XO can send out a tech to make sure they hook up 
 everything correctly. 

Re: NANOG Digest... digest or closer to IM?

[Joel Esler]

I think you just volunteered.  

--
Joel Esler

On Feb 17, 2012, at 4:13 PM, Mark Kent m...@noc.mainstreet.net wrote:

 I got 29 NANOG Digest messages in the past 24 hours.
 
 Where are those people who have time to complain about the noise on
 this list?  Did they all leave?   Is anyone else willing to take up
 the cause?
 
 -mark
 

Re: medicare.gov / cms.gov DNSSEC Validation Failures

[Joel Esler]

On Dec 28, 2010, at 11:39 PM, William Warren wrote:
 On 12/28/2010 8:43 PM, Nate Itkin wrote:
 On Tue, Dec 28, 2010 at 06:39:21PM -0600, Richard Laager wrote:
 I'm looking for a DNS contact for medicare.gov (and cms.gov). They are
 failing DNSSEC validation.
 Ditto.  Similar to uspto.gov not too long ago.
 
 Try posting to dns-operations.
 https://lists.dns-oarc.net/mailman/listinfo/dns-operations
 Almost certainly some *.gov dns admins lurking there.
 
 Cheers,
 Nate Itkin
 
 There's a thread going on about .gov dnssec changes going on.  This could be 
 the source of your issues.
 

Did you get a contact?  If not, I know someone over there.

J

Re: medicare.gov / cms.gov DNSSEC Validation Failures

[Joel Esler]

Ditto.


On Dec 29, 2010, at 12:32 PM, Christopher J. Pilkington wrote:

 On Tue, Dec 28, 2010 at 06:39:21PM -0600, Richard Laager wrote:
 I'm looking for a DNS contact for medicare.gov (and cms.gov). They are
 failing DNSSEC validation.
 
 Seeing it still broken, I contacted someone over at Lockheed who
 works over at CMS.  They're escalating to the appropriate
 support vendor.
 
 -cjp
 

Re: wikileaks unreachable

[Joel Esler]

I've heard it's a DOS (not DDOS) according to twitter. Allegedly according to 
the person doing the DOS:

Just so we are all straight and clear - wikileaks hit is not a
'Distributed' DoS, its a simple DoS - I dont use intermediaries or
botnets. Sun Nov 16 - 15:28 EST

http://twitter.com/th3j35t3r

Joel

On Nov 28, 2010, at 6:42 PM, Marshall Eubanks wrote:

 
 On Nov 28, 2010, at 5:19 PM, Wil Schultz wrote:
 
 DOS is probably because they released some more stuff.
 
 Secret US Embassy Cables
 http://cablegate.wikileaks.org/
 
 
 DDOS according to this
 
 http://www.securityweek.com/wikileaks-under-denial-service-attack-ddos
 
 Regards
 Marshall
 
 -wil
 
 On Nov 28, 2010, at 1:38 PM, James Downs wrote:
 
 
 On Nov 28, 2010, at 1:34 PM, Randy Bush wrote:
 
 anyone know why https://www.wikileaks.org/ is not reachable?  nations
 state level censors trying to close the barn door after the horse has
 
 Reported they were under attack: http://bgg.lv/h2pmsd
 
 
 
 
 
 
 

Re: wikileaks unreachable

[Joel Esler]

I copied and pasted that from another list, however, when I brought up the 
twitter feed it said six hours ago (when i sent that first email). 

Now I don't see the tweet. shrug

So, the truth may vary. 

Sent from my iPad

On Nov 28, 2010, at 9:06 PM, kmedc...@dessus.com kmedc...@dessus.com wrote:

 Uh... huh?
 
 Just so we are all straight and clear - wikileaks hit is not a
 'Distributed' DoS, its a simple DoS - I dont use intermediaries or
 botnets. Sun Nov 16 - 15:28 EST
 
 That would be just about 2 weeks ago.
 
 Actually, the last time November 16th fell on a Sunday would have been in 
 2008.
 
 So fifty-four weeks ago ...
 
 -- 
 ()  ascii ribbon campaign against html e-mail
 /\  www.asciiribbon.org 
 
 
 
 

Re: Gratuitous syn/ack

[Joel Esler]

I am betting backscatter.  


Sent from my iPhone

On Nov 11, 2010, at 5:31 PM, Pete Carah p...@altadena.net wrote:

 I'm seeing a significant number (about 1/minute 24 hr/day) of syn/ack
 packets coming from port 80 of random addresses to random ports on my
 nameserver and a few other systems.  This isn't enough traffic to be
 really annoying, but is curious.
 
 I wonder if the simple explanation (backscatter from syn floods with
 spoofed source addresses) is more likely, or if there are some probing
 techniques in normal use that use these packets (one could accomplish
 a traceroute using port 80 packets in either direction...)
 
 -- Pete
 
 

Re: ARIN recognizes Interop for return of more than 99% of 45/8 address block

[Joel Esler]

Now, if we could get everyone that has these gigantic /8's (or multiple of 
them) that aren't using them to give some back, that'd be great.

Thank you interop for setting the example.

Joel

On Oct 20, 2010, at 10:43 AM, Nick Hilliard wrote:

 Thank you Interop - for performing an outstanding act of altruism.
 
 John, could you provide more details at this stage on how much address space 
 was returned to ARIN?
 
 Nick
 
 On 20/10/2010 14:34, John Curran wrote:
 FYI,
 /John
 
 
 https://www.arin.net/announcements/2010/20101020.html
 
 
 Posted: Wednesday, 20 October 2010
 
 ARIN today recognizes Interop, an organization with a long-standing presence 
 in the Internet industry, for returning its unneeded Internet Protocol 
 version 4 (IPv4) address space.
 
 Interop was originally allocated a /8 before ARIN's existence and the 
 availability of smaller-sized address blocks. The organization recently 
 realized it was only using a small portion of its address block and that 
 returning the remainder to ARIN would be for the greater good of the 
 Internet community.
 
 ARIN will accept the returned space and not reissue it for a short period, 
 per existing operational procedure. After the hold period, ARIN will follow 
 global policy at that time and return it to the global free pool or 
 distribute the space to those organizations in the ARIN region with 
 documented need, as appropriate.
 
 With less than 5% of the IPv4 address space left in the global free pool, 
 ARIN warns that Interop's return will not significantly extend the life of 
 IPv4. ARIN continues to emphasize the need for all Internet stakeholders to 
 adopt the next generation of Internet Protocol, IPv6.
 
 Regards,
 
 Communications and Member Services
 American Registry for Internet Numbers
 
 
 

--
Joel Esler
http://www.joelesler.net

Re: ARIN recognizes Interop for return of more than 99% of 45/8 address block

[Joel Esler]

On Oct 20, 2010, at 11:45 AM, Joe Maimon wrote:
 Christopher Morrow wrote:
 On Wed, Oct 20, 2010 at 10:43 AM, Nick Hilliardn...@foobar.org  wrote:
 Thank you Interop - for performing an outstanding act of altruism.
 
 John, could you provide more details at this stage on how much address space
 was returned to ARIN?
 
 less than 3 months supply at the going drain rate.
 
 
 So would it be more logical for all those willing to return do so only after 
 depletion when the impact and resulting appreciation is likely to be greater?

That was my overall point.  There are lots of places that /8, and multiple ones 
at that that aren't using them.  I'm not saying it'll put off going to v6 for 
years, but it'll help in our current time.


--
Joel Esler
http://www.joelesler.net

Re: Network Naming Conventions

[Joel Esler]

Being in the IDS business mostly involved with Snort, I've given my sensors 
pig names in the past.

Wilbur, Arnold, Lechoncito


On Mar 15, 2010, at 9:57 AM, Andrew D Kirch wrote:

 Nice, I've used mountains (Denali, Everest, Olympus, etc) in the past to
 name systems.  Used profanity for awhile to name machines, there's
 really quite a bit of it, and every language has it's own set, giving a
 large pool to choose from.  Sadly, when outages occurred, it was
 somewhat difficult to determine which machines were down, and this was
 discarded.
 
 Andrew
 
 Greg Whynott wrote:
 We use confidence inspiring names here for our devices,  shakey,  broken,  
 jitter,  crusty  
 
 G
 
 
 

--
Joel Esler
http://blog.joelesler.net

Re: unsubscribe

[Joel Esler]

Please review the link at the very bottom of every email for  
instructions on how to unsubscribe.


--
Joel Esler
Sent from my iPhone

On Mar 12, 2010, at 10:27 AM, Ramsden, Colt ctr...@shsu.edu wrote:


unsubscribe

--
Colt Ramsden
Programmer Analyst II
Sam Houston State University
936.294.4488 - rams...@shsu.edu


-Original Message-
From: nanog-requ...@nanog.org [mailto:nanog-requ...@nanog.org]
Sent: Friday, March 12, 2010 8:46 AM
To: nanog@nanog.org
Subject: NANOG Digest, Vol 26, Issue 61

Send NANOG mailing list submissions to
   nanog@nanog.org

To subscribe or unsubscribe via the World Wide Web, visit
   https://mailman.nanog.org/mailman/listinfo/nanog
or, via email, send a message with subject or body 'help' to
   nanog-requ...@nanog.org

You can reach the person managing the list at
   nanog-ow...@nanog.org

When replying, please edit your Subject line so it is more specific
than Re: Contents of NANOG digest...


Today's Topics:

  1. Re: IP4 Space (Tim Chown)
  2. Re: YouTube AS36561 began announcing 1.0.0.0/8
 (Patrick W. Gilmore)
  3. FCC releases Internet speed test tool (Marshall Eubanks)
  4. Re: FCC releases Internet speed test tool (Jared Mauch)
  5. Re: FCC releases Internet speed test tool (Randy Bush)
  6. Re: FCC releases Internet speed test tool (Alan Clegg)
  7. Re: FCC releases Internet speed test tool (Joe Greco)
  8. Re: FCC releases Internet speed test tool (Joe Greco)
  9. Re: 10GBase-t switch (Joe Provo)
 10. Re: FCC releases Internet speed test tool (Sean Donelan)
 11. Re: FCC releases Internet speed test tool (Joe Greco)
 12. Re: FCC releases Internet speed test tool (Bret Clark)


--

Message: 1
Date: Fri, 12 Mar 2010 12:24:49 +
From: Tim Chown t...@ecs.soton.ac.uk
Subject: Re: IP4 Space
To: NANOG list nanog@nanog.org
Message-ID:
   EMEW3|8307ebe537c701ca160c7121d1426ccbm2BCOp03tjc| 
login.ecs.soton.ac.uk|20100312122449.gk21...@login.ecs.soton.ac.uk


Content-Type: text/plain; charset=us-ascii

On Fri, Mar 12, 2010 at 11:42:50AM +1100, Mark Andrews wrote:


Does it make sense/work to do this for internal operations even if  
our
outside connections are IPv4 only (forget about tunneling).  Even  
more

mundane questions like how to deal with IPv4 only networked printers
when everything else is IPv6?


As for IPv4 only printers you can continue to run dual stack
internally forever if you want.  Otherwise put them on their
own vlan and connect to them over NAT64 or run a proxy service.


Our approach to v6 deployment has always been about enabling  
capability

where it is available.   The trick is then to have the right tools to
manage and monitor it.

The interesting thing about printers is that even quite low end  
network
printers (like the HP Laserjet I have) have had IPv6 for quite a  
while.

You can even configure DHCPv6 on the one I'm using.

Just look for capabilities/features as you refresh equipment and it
makes things that little easier.

Tim



--

Message: 2
Date: Fri, 12 Mar 2010 07:34:10 -0500
From: Patrick W. Gilmore patr...@ianai.net
Subject: Re: YouTube AS36561 began announcing 1.0.0.0/8
To: NANOG list nanog@nanog.org
Message-ID: 6221c75d-a46c-457c-ac28-95d32aba2...@ianai.net
Content-Type: text/plain; charset=us-ascii

On Mar 12, 2010, at 1:52 AM, Nathan wrote:

I'm hoping to alleviate the what's going on!? type messages here  
this time. :)


Oh, I understand what's going on exactly.  YouTube is trying to  
balance their ratios. :)


--
TTFN,
patrick



Here's an except from the APNIC provided LOA I provided to a couple
networks, to carry a new announcement...

To whom it may concern,

APNIC and YouTube are cooperating in a project to investigate the
properties of unwanted traffic that is being sent to specific
destinations in the address block of 1.0.0.0/8. This address block  
has

been recently allocated to APNIC from the IANA, and
APNIC and YouTube are wanting to undertake this investigation prior  
to

the commencement of ordinary allocations.
Accordingly, APNIC authorizes AS36351 to periodically advertise a
route for 1.0.0.0/8 from now until 21 March 2010, and
requests that AS36351's peers and upstreams accept this as a
legitimate routing advertisement.


In a continuation of last weeks experiments... we are now announcing
1.0.0.0/8 instead of 1.1.1.0/24 and 1.2.3.0/24.

Cheers
,N (nat...@youtube.com - AS36561)






--

Message: 3
Date: Fri, 12 Mar 2010 08:43:22 -0500
From: Marshall Eubanks t...@americafree.tv
Subject: FCC releases Internet speed test tool
To: nanog@nanog.org list nanog@nanog.org
Message-ID: 9085b96b-ef03-4bc9-86c7-bc096d5e3...@americafree.tv
Content-Type: text/plain; charset=US-ASCII; format=flowed

This might be useful to some.

Article :

http://www.reuters.com/article/idUSTRE62B08720100312

site :

http://www.broadband.gov/

It requires giving your address.

Regards

Re: CRS-3

[Joel Esler]

Yes, it says that right in the press release.

J

--
Joel Esler
joel.es...@me.com
http://www.joelesler.net
 
On Tuesday, March 09, 2010, at 03:09PM, Brandon Galbraith 
brandon.galbra...@gmail.com wrote:
It was mentioned that Att is already testing this with a 100gbps fiber run.

On Mar 9, 2010 1:53 PM, Brian Feeny bfe...@mac.com wrote:


So who is going to be the first to deploy these?

http://newsroom.cisco.com/dlls/2010/prod_030910.html


- Download the entire Library of Congress in just over 1 second
- Stream every motion picture ever created in less than four minutes

If nothing else you gotta love the Cisco Marketing machine!



Brian

Re: CRS-3

[Joel Esler]

No one ever got fired for buying Cisco?

(This isn't true btw --  I know of people that did get fired for buying Cisco.  
Just saying...)

J

On Mar 9, 2010, at 3:36 PM, Jake Khuon wrote:

 On Tue, 2010-03-09 at 15:29 -0500, Patrick W. Gilmore wrote:
 
 The only wow here is wow, why did cisco hype how far behind they
 are?
 
 Because in some organisations, the only vendor that matters is Cisco.

--
Joel Esler
http://blog.joelesler.net

Re: Security Guideance

[Joel Esler]

Why does there need to be blame?  Diagnose the problem, fix the problem, move 
on with life.  Someone made a mistake, learn from it, move on.

--
Joel Esler
joel.es...@me.com
http://www.joelesler.net

 
On Tuesday, February 23, 2010, at 05:13PM, valdis.kletni...@vt.edu wrote:
On Tue, 23 Feb 2010 11:27:21 -1000, Nate Itkin said:
 On Tue, Feb 23, 2010 at 02:46:54PM -0500, Paul Stewart wrote:
  The problem is that a user on this box appears to be launching high
  traffic DOS attacks from it towards other sites.
 
 It's possible the user inadvertently enabled the same exploit after you
 rebuilt the system. I suggest caution with assigning culpability.

Or the gold image used to rebuild was itself vulnerable.  It happens a lot
more often than you think. I'd suggest *lots* of caution with assigning
culpability. ;)

Re: Email Portability Approved by Knesset Committee

[Joel Esler]

I have an idea.  Everyone just get a gmail (or otherwise neutral account) 
like me.com or gmail.com or yahoo.com and be done with it.

J

On Feb 22, 2010, at 11:49 AM, Larry Sheldon wrote:

 A thing being missed here is this:
 
 A telephone number does not have an obvious affinity with personal
 intellectual-property-like information.  (402 332- is not obviously
 a Northwest Bell-USWest-Quest telephone number, but at least two of them
 are now served by Cox.  A person using a 917 NNX- number in has now
 turned useful information into noise, but that is not quite the same thing.)
 
 An email address that ends in example.com irrevocably ties the address
 user to the company Example and may in fact be affirmatively harmful
 beyond the technical difficulty of implementation.
 
 -- 
 Government big enough to supply everything you need is big enough to
 take everything you have.
 
 Remember:  The Ark was built by amateurs, the Titanic by professionals.
 
 Requiescas in pace o email
 Ex turpi causa non oritur actio
 Eppure si rinfresca
 
 ICBM Targeting Information:  http://tinyurl.com/4sqczs
 http://tinyurl.com/7tp8ml
   
 

--
Joel Esler
http://blog.joelesler.net

Re: Google to offer fiber to end users

[Joel Esler]

I have gig copper ran all over my house. Handy for large file  
transfers. I have fios as well, and wish it was faster. (yes, all I  
know is it's a setting, it costs them nothing more)


--
Joel Esler
302-223-5974
Sent from my iPhone

On Feb 10, 2010, at 8:02 PM, Luan Nguyen l...@netcraftsmen.net  
wrote:



They don't have a field in the MLS for that, but most people put the
description FTTH in.
There are quite a few communities with FTTH in the Wash DC  
metropolitan area
that is not FIOS.  Openband is one of them serving my house. The  
100M fiber
comes into a transition network converter and then to a Netgear. I  
doubt

that any house would have FTTR (rooms).

-
Luan Nguyen
Chesapeake NetCraftsmen, LLC.
-

Re: more news from Google

[Joel Esler]

On Jan 13, 2010, at 12:01 PM, Jorge Amodio wrote:

 You don't like the law, don't do biz in that country.  But blatantly 
 breaking a law is bad joo-joo.
 
 OT.
 Please don't say joo-joo every time the TechCrunch folks see that
 they get diarrhea

That is a horrible name for a product.  Just saying.

Re: Default Passwords for World Wide Packets/Lightning Edge Equipment

[Joel Esler]

On Wed, Jan 6, 2010 at 8:26 PM, Steven Bellovin s...@cs.columbia.edu wrote:

 On Jan 6, 2010, at 6:24 PM, Jeffrey I. Schiller wrote:

  -BEGIN PGP SIGNED MESSAGE-
  Hash: SHA1
 
  An option I saw years ago (I forgot on whose equipment) was a default
  password which was a function of the equipment's serial number. So you
  had to have the algorithm and you needed the serial number which was not
  related to the MAC. So if you didn't have physical access, you were not
  in a good position to learn the password.
 
  I suspect this was a support nightmare for the vendor and I bet they
  went to a more standard (read: the same) factory password.
 
  At the end of the day, minimizing support costs for the vendor (not to
  mention likely annoyance for the customer) trumps providing default
  security for the folks who won't change the default password.

 The MyFi apparently does this.  According to
 http://www.nytimes.com/2009/05/07/technology/personaltech/07pogue.htmlThe 
 network password is printed right there on the bottom of the MiFi
 itself.


At least it's not .

But yes, my Mifi *had* the password on the bottom.



-- 
Joel Esler

Re: IPv6 Training

[Joel Esler]

On Wed, Dec 23, 2009 at 12:00:28PM -0800, Marty Anstey wrote:
 Greetings,
 
 Just wondering if anyone has had any experience with IPv6 training courses.
 
 A quick search turns up a few results on the subject, but it would be
 handy to hear if anyone has any firsthand experiences or recommendations.
 We're based in western Canada but don't mind traveling a bit, but
 alternatively an online course would be acceptable as well.
 
 -M
 

SANS has a course that's pretty good, from what I hear.  I haven't taken it.

fd:  I work for SANS part-time, but I have not taken the course, nor am a 
course author (aka, i earn nothing by saying this) 

Re: Breaking the internet (hotels, guestnet style)

[Joel Esler]

On Dec 7, 2009, at 10:18 PM, Lou Katz wrote:

 On Mon, Dec 07, 2009 at 09:48:25PM -0500, Steven Bellovin wrote:
 
 On Dec 7, 2009, at 6:00 PM, Jared Mauch wrote:
 
 
 On Dec 7, 2009, at 5:29 PM, John Levine wrote:
 
 Will be interesting to see if ISPs respond to a large scale thing like
 this taking hold by blocking UDP/TCP 53 like many now do with tcp/25
 (albeit for other reasons). Therein lies the problem with some of the
 net neturality arguments .. there's a big difference between doing it
 because it causes a problem for others, and doing it because it robs
 me of revenue opportunities.
 
 I do hear of ISPs blocking requests to random offsite DNS servers.
 For most consumer PCs, that's more likely to be a zombie doing DNS
 hijacking than anything legitimate.  If they happen also to block
 8.8.8.8 that's just an incidental side benefit.
 
 I've found more and more hotel/edge networks blocking/capturing this 
 traffic.
 
 The biggest problem is they tend to break things horribly and fail things 
 like the
 oarc entropy test.
 
 They will often also return REFUSED (randomly) to valid well formed DNS 
 queries.
 
 While I support the capturing of malware compromised machines until they are
 repaired, I do think more intelligence needs to be applied when directing 
 these systems.
 
 Internet access in a hotel does not mean just UDP/53 to their selected 
 hosts plus TCP/80,
 TCP/443.
 
 It's why I run an ssh server on 443 somewhere -- and as needed, I ssh-tunnel 
 http to a squid proxy, smtp, and as many IMAP/SSL connections as I really 
 need...


Also handy to set up an SSH tunnel.  That works for almost everything else.

J

Re: FCCs RFC for the Definition of Broadband

[Joel Esler]

On Wed, Aug 26, 2009 at 3:06 PM, Jack Batesjba...@brightok.net wrote:
 jim deleskie wrote:

 I agree we should all be telling the FCC that broadband is fiber to
 the home.  If we spend all kinds of $$ to build a 1.5M/s connection to
 homes, it's outdated before we even finish.

 I disagree. I much prefer fiber to the curb with copper to the home. Of
 course, I haven't had a need for 100mb/s to the house which I can do on
 copper, much less need for gigabit.

 Pro's for copper from curb:

 1) power over copper for POTS
 2) Majority of cuts occur on customer drops and copper is more resilient to
 splicing by any monkey.

I have fiber to the home.  I can't imagine going back to cable
modems now.  eww..

Re: ATT. Layer 6-8 needed.

[Joel Esler]

I posted it on Twitter.  And I was talking with John at the time.   
We're observing the information that is coming in,   but it's hard to  
verify something like that when:


A) We haven't heard from our contacts at ATT.
B)  The only information we are seeing confirming it is on open  
mailing lists, and no offense, but given 4chan's proclivity in  
spreading disinformation extremely well
C)  I don't know if we want to take the word of moot directly from the  
4chan website either.


I've read in a couple places that the connectivity is coming back up,  
I have a hard time believing that ATT would do this, and even if they  
did, they did it for a legit reason (maybe a DDOS?)


J

On Jul 27, 2009, at 1:19 AM, John Bambenek wrote:


Someone else posted on twitter, I saw it recently.

To make it even clearer, we'll take your data, sure.  Just don't  
expect us to jump on it until we verify with something solid.


chris rollin wrote:

Uh.

 You posted on Twitter.

 The most trusted name in [?]

On Mon, Jul 27, 2009 at 12:17 AM, John Bambenek bambe...@gmail.com  
mailto:bambe...@gmail.com wrote:


   We'll take data from **Trusted** sources.

   I'm just not going to take a public open mailing list post as
   evidence at this point.


   chris rollin wrote:

   Shon wrote:

   Seth,


   I said it could be, not that it is. Thanks for pointing
   that out. However,

   I

   believe the reason they are being blocked at ATT is the
   main reason I

   supplied

   on my first post. The DDoS attack issue is the main ticket
   here.


   The ACK storms arent coming from the 4chan servers
   It's just like the DNS attack (IN/NS/.).  It points to the
   stupidity of ATT
   uppers
   SANS: Are you or arent you soliciting data?  I have some to
   confirm also


   It's not
   because of content, or to piss people off. It's to protect
   their network,

   as any

   of you would do when you got DDoSed on your own networks.


   They are going to get some first hand experience in what
   Protecting their
   Network
   involves real soon, now.  Blocking 4chan was an exercise in
   Stupidity


   It's damage control,


   It's a damage challenge.


   essentially, until they find out who is involved and block
   them, then

   they'll

   likely lift the block.


   They don't have the right to do this.  Not in their
   TOS/EULA/User-Agreement.
Not in any sane legal forum.  (I*A*AL)


   This ISN'T the first time this has happened.


   Exactly.

   Now you see the problem ?









--
Joel Esler
  http://www.joelesler.net
  http://www.twitter.com/joelesler
[m]

Re: ATT. Layer 6-8 needed.

[Joel Esler]

I have read on another list this evening that ATT DSL in SoCal is  
blocking certain sites within 4chan.


J

On Jul 26, 2009, at 9:48 PM, jamie wrote:


All,

 It appears at ATT (including DSL, and my own home service via u- 
verse)

has unilaterally and without explanation started blocking websites.

 I have confirmed this with multiple tests.  (It actually appears that
these sites are being blocked at a local-global scale -- that is, each
city/hub seems to have blackholes for the sites).

 The sites I know of I'll list below (see Reddit for a discussion),  
but
this is clearly and absolutely unacceptable.  Please, comments on  
the nature
of the sites are OT.. Let's keep this thread that way.  (Away from  
being OT,

that is).

 If any T folk are around, and have gotten wind of this (all  
comments /

direct emails will be off record), a reply would be appreciated.

 No ears enclosing clue will be reached via normal channels at ~950E  
on a
Sunday, but this is clearly a problem needing addressing,  
resolution, action

and, who knows - suit?

 Thanks in advance all for insight, comments,

-jamie



--
Joel Esler
  http://www.joelesler.net
  http://www.twitter.com/joelesler
[m]

Re: Google News Down?

[Joel Esler]

On Fri, May 15, 2009 at 9:31 AM, Nitin Sharma nitin...@gmail.com wrote:

 I can reach Google News through icmp traceroutes, but the HTTP response
 says
 Server Error.Anyone seeing this too?



All fine here.


-- 
joel esler | Sourcefire | gtalk: jes...@sourcefire.com | 302-223-5974 |
http://twitter.com/joelesler

Re: Packet Loss to Google, others

[Joel Esler]

We have been receiving reports for about the past hour and a half at
http://isc.sans.org and via Twitter.  The situation appears to be clearing
up now.
J

On Thu, May 14, 2009 at 12:13 PM, rar r...@syssrc.com wrote:

 We are seeing issues through our Verizon, and Level3 connections.  Fine
 through Comcast.
 Our Comcast routing goes through Level 3.

 Bob Roswell
 System Source
 brosw...@syssrc.com
 (410) 771-5544 ext 4336



 -Original Message-
 From: Peter Beckman [mailto:beck...@angryox.com]
 Sent: Thursday, May 14, 2009 11:56 AM
 To: nanog@nanog.org
 Subject: Packet Loss to Google, others

 Anyone else getting reports of Google (and other destinations) slowness?

 From Verizon FIOS Northern VA:

 HOST: xxx.angryox.com Loss%   Snt   Last   Avg  Best  Wrst
 StDev
   1. xxx2  0.0%200.6   0.6   0.4   0.7
 0.1
   2. 10.1.41.890.0%201.6   1.8   1.6   3.0
 0.3
   3. G2-0-3-891.WASHDC-LCR-08.ver  0.0%201.6   1.7   1.6   2.0
 0.1
   4. so-1-1-0-0.RES-BB-RTR2.veriz  0.0%202.2   2.7   2.1   7.5
 1.4
   5. 0.ge-5-2-0.BR2.IAD8.ALTER.NE  0.0%202.9   2.9   2.7   3.1
 0.1
   6. 204.255.168.300.0%206.2   9.4   6.1  70.6
 14.4
   7. cr2.wswdc.ip.att.net  0.0%206.5   6.8   6.3   7.3
 0.3
   8. 12.122.134.1570.0%206.2  27.8   6.1 196.8
 51.4
   9. ???  100.0200.0   0.0   0.0   0.0
 0.0
  10. 216.239.48.108   55.0%20  328.2 335.7 326.8 389.6
 20.3
  11. 64.233.175.109   50.0%20  334.7 333.0 325.1 337.4
 4.0
  12. 72.14.236.74 30.0%20  328.3 328.3 324.3 335.5
 3.5
  13. he-in-f147.google.com40.0%20  335.2 328.6 323.6 337.0
 4.5

 From Cox Fiber in Northern VA / DC:

 HOST: xxx.angryox.com Loss%   Snt   Last   Avg  Best  Wrst
 StDev
   1. 70.164.19.3   0.0%200.2   0.2   0.2   0.4
 0.1
   2. wsip-70-168-111-17.dc.dc.cox  0.0%201.7   9.6   1.5  77.5
 20.9
   3. mrfddsrj01-ge706.rd.dc.cox.n  0.0%20   13.2   3.9   1.4  18.7
 5.2
   4. ashbbbrj01-ae0.0.r2.as.cox.n  0.0%202.5   2.7   2.3   6.4
 0.9
   5. 209.85.240.1360.0%20   39.5  10.5   3.7  63.0
 15.3
   6. 64.233.175.1110.0%204.9   4.7   4.1   5.9
 0.4
   7. 72.14.236.74  0.0%206.0   6.9   6.0   8.5
 0.7
   8. he-in-f147.google.com 0.0%204.4   4.6   4.1   7.1
 0.8

 From Level3 in New York:

 HOST: xxx.angryox.com Loss%   Snt   Last   Avg  Best  Wrst
 StDev
   1. 208.72.185.1770.0%200.4  89.0   0.3 303.9
 86.1
   2. 208.72.184.2450.0%200.4   0.8   0.3   7.7
 1.6
   3. ge-6-7.car3.NewYork1.Level3.  0.0%200.5   2.3   0.5  29.9
 6.6
   4. vlan69.csw1.NewYork1.Level3.  0.0%204.5   6.1   0.6  14.0
 4.7
   5. ae-61-61.ebr1.NewYork1.Level  0.0%201.6   1.0   0.7   1.6
 0.2
   6. ae-3-3.ebr4.Washington1.Leve  0.0%20   11.3  10.9   5.4  19.1
 4.3
   7. ae-64-64.csw1.Washington1.Le  0.0%20   14.0  10.9   5.8  18.5
 4.8
   8. ae-1-69.edge1.Washington1.Le  0.0%206.2   9.2   5.8  60.1
 12.0
   9. ???  100.0200.0   0.0   0.0   0.0
 0.0
  10. 209.85.241.5050.0%20  330.9 330.3 329.1 331.6
 0.9
  11. 64.233.175.219   55.0%20  316.6 314.4 311.7 317.3
 2.3
  12. 72.14.236.66 60.0%20  317.4 319.6 314.1 328.0
 4.5
  13. he-in-f147.google.com45.0%20  323.9 321.5 312.1 332.9
 6.9

 
 ---
 Peter Beckman  Internet
 Guy
 beck...@angryox.com
 http://www.angryox.com/
 
 ---





-- 
joel esler | Sourcefire | gtalk: jes...@sourcefire.com | 302-223-5974 |
http://twitter.com/joelesler

Re: RE: delays to google

[Joel Esler]

[Citation Needed]

On Thu, May 14, 2009 at 1:21 PM, a2t...@gmail.com wrote:

 Google ack'da maintenance on their core network did not go as
 planned-Forced traffic to one peer link that was unable to handle all the
 traffic. Maintenance has been rolled back. Issue has been restored,

 -Adam


 On May 14, 2009 12:44pm, Mullins, Douglas dmull...@covad.com wrote:

 conficker?






  Doug









  -Original Message-



  From: Patrick Darden [mailto:dar...@armc.org]



  Sent: Thursday, May 14, 2009 12:13 PM



  To: na...@merit.edu



  Subject: Re: delays to google









  Fixed?






  5 mins ago:



  1 gw1.armc.org (68.153.29.1) 0.571 ms 0.705 ms 0.732 ms



  2 65.14.131.185 (65.14.131.185) 2.330 ms 2.318 ms 2.308 ms



  3 axr00mia-7-0-0-0.bellsouth.net (65.83.237.92) 3.009 ms 3.001 ms 3.080



  ms



  4 AXR00AEP-0-1-0.bellsouth.net (65.83.236.50) 2.384 ms 2.370 ms 2.499 ms



  5 65.83.238.202 (65.83.238.202) 3.148 ms 3.136 ms *



  6 cr1.attga.ip.att.net (12.122.141.22) 4.011 ms 3.769 ms 4.106 ms



  7 12.123.22.5 (12.123.22.5) 3.735 ms 3.042 ms 3.033 ms



  8 * * *



  9 72.14.233.56 (72.14.233.56) 159.416 ms * *



  10 72.14.232.213 (72.14.232.213) 163.622 ms 209.85.254.241



  (209.85.254.241) 165.287 ms 209.85.254.243 (209.85.254.243) 219.136 ms



  11 209.85.254.6 (209.85.254.6) 170.937 ms 171.154 ms 209.85.254.10



  (209.85.254.10) 169.944 ms



  12 * * *



  13 * * *



  14 * * *



  15 * * *



  16 * * *



  17 * * *



  18 * * *



  19 * * *



  20 * * *



  21 * * *



  22 * * *



  23 * * *



  24 * * *



  25 * * *



  26 * * *



  27 * * *



  28 * * *



  29 * * *



  30 * * *









  Now (12:11 eastern)



  [r...@inetsec ~]# traceroute www.google.com



  traceroute to www.google.com (74.125.65.99), 30 hops max, 60 byte



  packets



  1 gw1.armc.org (68.153.29.1) 0.760 ms 0.884 ms 0.908 ms



  2 65.14.131.185 (65.14.131.185) 2.345 ms 2.342 ms 3.132 ms



  3 axr01asm-7-1-0-1.bellsouth.net (65.83.237.90) 3.338 ms 3.331 ms 3.322



  ms



  4 axr00msy-0-3-1.bellsouth.net (65.83.236.46) 3.112 ms 3.105 ms 3.095 ms



  5 65.83.238.202 (65.83.238.202) 3.503 ms 3.654 ms *



  6 cr2.attga.ip.att.net (12.122.140.22) 4.489 ms 3.823 ms 3.795 ms



  7 12.123.22.129 (12.123.22.129) 3.591 ms 3.094 ms 3.079 ms



  8 12.88.97.6 (12.88.97.6) 3.197 ms 3.172 ms 3.160 ms



  9 72.14.233.56 (72.14.233.56) 3.322 ms 3.490 ms 72.14.233.54



  (72.14.233.54) 3.510 ms



  10 209.85.254.249 (209.85.254.249) 16.887 ms 3.501 ms 72.14.239.127



  (72.14.239.127) 4.261 ms



  11 209.85.253.214 (209.85.253.214) 12.987 ms 12.979 ms 209.85.253.218



  (209.85.253.218) 3.882 ms



  12 gx-in-f99.google.com (74.125.65.99) 4.357 ms 4.740 ms 4.481 ms









  --Patrick Darden
















-- 
joel esler | Sourcefire | gtalk: jes...@sourcefire.com | 302-223-5974 |
http://twitter.com/joelesler

Re: 97.128.0.0/9 allocation to verizon wireless

[Joel Esler]

Exactly.

On Sun, Feb 8, 2009 at 10:04 AM, Joel Jaeggli joe...@bogus.com wrote:

 Eliot Lear wrote:
  On 2/8/09 3:24 AM, Jeff S Wheeler wrote:
  Sure, smart phones are becoming more popular.  It's reasonable to assume
  that virtually all cell phones will eventually have an IP address almost
  all the time.
 
  The numbers I keep seeing for so-called smartphones in the press for
  U.S. and Europe are 49% and 50% within two years, respectively.  Here's
  an article you might find interesting about the U.S. domestic market,
  and it may help you calculate what sort of growth rate we can expect in
  the future, when combined with both of the above numbers.  Put another
  way, the news is bad, but there is a cap on growth.

 We live in rather sad times if, subscriber, arpu and internet usage
 growth is considered bad news.

 
 http://albuquerque.bizjournals.com/dallas/stories/2008/09/29/story10.html
 
  Eliot
 

Re: Verizon outage between Baltimore and Washington

[Joel Esler]

Just to agree, I am in Columbia, MD as well, and am unaffected.

J

On Nov 19, 2008, at 3:41 PM, Steven Fischer wrote:


looks like a single breakBaltimore is about 36.4 miles north of
Washington, and Laurel is about 16.25 miles north of Washington, with
Baltimore being about 20 miles north of Laurel.  All this makes  
sense.  The

part that doesn't really make sense is that our headquarters in right
smack-dab along this run in Columbia, MD (about 5-7 miles north of  
Laruel),
and has been unaffected...but a remote office in Hagerstown, about  
50-60

miles west, north-west of here, is down hard.

Re: SMS hinkiness on ATT?

[Joel Esler]

Yes, I was getting delayed messages from AIM - iPhone and back as well.
 (via sms)..

On Thu, Aug 14, 2008 at 8:39 AM, Jack Bates [EMAIL PROTECTED] wrote:


 As near as we could tell, ATT doesn't support TAP, so we've been
 looking at alternatives (like a GSM modem).  However, if the problem is
 ATT, I guess we might hold off.


 Not sure what you are using, but the official TAP number I found seems to
 always answer, but it does require that you have the enterprise paging
 service on the phone (which is like 10 bucks). A search of enterprise paging
 in ATT's stuff gives you the info on TAP, as well as the various internet
 protocol's supported (which I prefer with TAP as fallback).

 Jack




-- 
--Joel Esler
ISC Incident Handler
http://www.joelesler.net

Re: Verizon Contactg

[Joel Esler]

You've been forwarded.

J

On Aug 6, 2008, at 12:36 PM, Alan Halachmi wrote:

Would someone from Verizon please contact me?  Or, if you know of a  
technical contact for Verizon, please pass it along.  Thanks.


Best,
Alan




--
Joel Esler
  http://blog.joelesler.net
  http://www.dearcupertino.com
[m]

Re: Level3 tries cell-phone style billing scam on customers

[Joel Esler]

At what point is regulation okay?

J

On Jul 31, 2008, at 11:46 AM, Patrick Giagnocavo wrote:


Today I looked at my most recent bill from Level3.

They are now assessing a 2.5% surcharge, which is listed as Taxes  
on the bandwidth bill I have.  In the state of PA, telecoms services  
are explicitly not taxable.


When you call Level3 billing, they admit in their recorded message  
it is not a tax at all, but a surcharge, and if you want to dispute  
it you are supposed to quote back their own contract terms to them  
via email (i.e. you cannot reach a human).


I would expect this kind of scamminess from Verizon's cell-phone  
billing, but a contract is a contract and I can see no provision for  
arbitrarily tacking on fees, illegally labeling them as taxes and  
then putting the onus on you to prove that they can't charge you.


Anyone else seeing this same behavior from Level3?

(It seems that the larger a telecom company gets, the more they want  
to act like a scum-sucking ILEC.)


--Patrick




--
Joel Esler
  http://blog.joelesler.net
  http://www.dearcupertino.com
[m]