Learning about the internet

2014-11-03 Thread Paige Thompson 
Hi,

I was just reading about transatlantic cabling in some hopes that I
would be able to find an answer as to why the latency between here in
greece and Los Angeles is roughly ~250ms. This seems to be a really
common thing, although I'd like to understand why and the articles on
transatlantic cabling as near as I can tell indicate that I am getting
screwed if anything (not enough information?)

(from Los Angeles to my house)
Konsole output

Konsole output
gw~ #mtr --report-wide xxx.access.hol.gr
Start: Mon Nov  3 13:04:02 2014
HOST: gwLoss%   Snt   Last   Avg
 Best  Wrst StDev
 1.|-- 208.79.92.65  10.0%101.5   3.6
  1.2  15.5   4.6
 2.|-- s7.lax.arpnetworks.com 0.0%100.8  10.9
  0.8  54.2  20.7
 3.|-- vlan953.car2.LosAngeles1.Level3.net   30.0%10   10.5  10.3
 10.1  10.8   0.0
 4.|-- ae-27-27.edge6.LosAngeles1.Level3.net 30.0%10   21.8  16.2
  8.6  47.6  14.7
 5.|-- ae-4-90.edge1.LosAngeles6.Level3.net  80.0%109.0   8.9
  8.7   9.0   0.0
 6.|-- be3036.ccr21.lax04.atlas.cogentco.com 10.0%101.7   2.1
  1.4   4.3   0.7
 7.|-- be2076.mpd22.lax01.atlas.cogentco.com 10.0%101.6   1.9
  1.6   3.2   0.0
 8.|-- be2068.ccr22.iah01.atlas.cogentco.com  0.0%10   37.7  37.7
 37.3  39.0   0.3
 9.|-- be2173.ccr42.atl01.atlas.cogentco.com  0.0%10   51.6  52.4
 51.5  57.5   1.7
10.|-- be2171.mpd22.dca01.atlas.cogentco.com  0.0%10   62.6  62.7
 62.4  63.3   0.0
11.|-- be2112.ccr41.iad02.atlas.cogentco.com  0.0%10  155.5 155.8
155.5 156.1   0.0
12.|-- be2268.ccr42.par01.atlas.cogentco.com  0.0%10  152.6 152.7
152.5 153.5   0.0
13.|-- be2278.ccr42.fra03.atlas.cogentco.com  0.0%10  155.3 155.4
155.1 155.5   0.0
14.|-- be2229.ccr22.muc01.atlas.cogentco.com  0.0%10  161.2 161.1
160.9 161.3   0.0
15.|-- be2223.ccr21.vie01.atlas.cogentco.com  0.0%10  164.9 165.1
164.9 165.2   0.0
16.|-- be2046.ccr21.sof02.atlas.cogentco.com  0.0%10  189.5 189.4
189.3 189.9   0.0
17.|-- be2118.rcr11.ath01.atlas.cogentco.com  0.0%10  197.5 197.6
197.4 197.7   0.0
18.|-- 149.11.120.38  0.0%10  202.7 202.2
200.3 204.2   1.4
19.|-- 62.38.97.113  80.0%10  208.5 209.8
208.5 211.1   1.7
20.|-- gigaeth04-13.krs00.ar.hol.gr  60.0%10  211.3 213.0
211.2 218.2   3.4
21.|-- ???   100.0100.0   0.0
  0.0   0.0   0.0
22.|-- .access.hol.gr 40.0%10  231.3 231.4
231.2 231.7   0.0
gw~ #



And to be more clear: I am hoping to learn about the complex trials that
these packets are going through and how time is being lost if the
latency across the transatlantic cable is really capable of less the
60ms of latency? Sure over capacity (3.2Tbits/s wow jeez) is one answer,
but what are some other possibilities for loss of time?

Also it seems with my VPN (OpenVPN) tunnel I get the most reliable
connection (fewest drops) with:

Konsole output
mssfix 576
fragment 576

Although this could be a false positive as it only *seems* to help with
reliability since I changed it. Even then but less often than before I
still experience drops but I want to believe that's possibly due to my
ISP at that point.. but assuming my ISP was absolutely perfect and never
a problem what else there to consider?

Any and all insight is appreciated.

-Paige

Re: 4.2.2.2 4.2.2.21 High Packet Loss

2014-10-26 Thread Paige Thompson 

On 10/25/14 02:03, Rafael Possamai wrote:
 Those addresses are anycasted, so you would have to do a bit of research
 and figure out what part of their network is having any packet loss.

 Here is an alternative: http://www.opennicproject.org/



 On Fri, Oct 24, 2014 at 11:05 AM, Emir Sosa emirs...@gmail.com wrote:

 Any one else experiencing high packet loss*; *​Any word out there what's
 happening?​





 *​Regards,Emir sosaemirs...@gmail.com emirs...@gmail.com​*

Are you familiar with mtr (my traceroute) try this:

Konsole output
erratic@laptop~ $mtr -c 10 --report 4.2.2.1  
Start: Sun Oct 26 14:16:00 2014
HOST: laptop  Loss%   Snt   Last   Avg  Best  Wrst
StDev
 1.|-- 206.125.168.65 0.0%10  235.6 240.5 235.2 281.3  14.3
 2.|-- 208.79.92.65   0.0%10  241.7 249.3 235.8 295.8  17.2
 3.|-- 208.79.88.135  0.0%10  245.1 237.2 234.7 245.1   3.1
 4.|-- 4.71.143.105   0.0%10  244.4 294.9 243.6 369.4  51.6
 5.|-- 4.69.201.170.0%10  245.4 245.8 244.3 248.2   0.9
 6.|-- 4.69.144.730.0%10  243.5 249.2 243.3 296.9  16.7
 7.|-- 4.2.2.10.0%10  245.4 245.3 244.3 249.3   1.4
erratic@laptop~ $



was seeing quite a bit of loss on level3 a minute ago in --ncurses.

Re: Why is .gov only for US government agencies?

2014-10-19 Thread Paige Thompson 

On 10/19/14 12:42, Donald Eastlake wrote:
 Why is the Greek flag always flow at the Olympics as well as the
 Olympic and host nation flags? Why is Britain the only country
 allowed, under Universal Postal Union regulations to have no national
 identification on its stamps used in international mail? Basically, if
 you are first, you tend to get extra privileges. Same with .gov for
 the US government.

 Thanks,
 Donald
 =
  Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
  155 Beaver Street, Milford, MA 01757 USA
  d3e...@gmail.com


 On Sun, Oct 19, 2014 at 8:05 AM, Matthew Petach mpet...@netflight.com wrote:
 Wondering if some of the long-time list members
 can shed some light on the question--why is the
 .gov top level domain only for use by US
 government agencies?  Where do other world
 powers put their government agency domains?

 With the exception of the cctlds, shouldn't the
 top-level gtlds be generically open to anyone
 regardless of borders?

 Would love to get any info about the history
 of the decision to make it US-only.

 Thanks!

 Matt
Do as we say, not as we do

Re: IPv6 Default Allocation - What size allocation are you giving out

2014-10-09 Thread Paige Thompson 
makes more sense to hand out /48s imho. theres only a mere 65k /48s per
/32 (or something like that), though.


On 10/09/14 12:29, Mark Andrews wrote:
 In message 1aa6f1a9-d63b-4066-903d-0e8690c7c...@isi.edu, manning bill 
 writes:
 yes!  by ALL means, hand out /48s.  There is huge benefit to announcing =
 all that dark space, esp. when
 virtually no one practices BCP-38, esp in IPv6 land.


 /bill
 PO Box 12317
 Marina del Rey, CA 90295
 310.322.8102
 and if everyone hands out /48's you just filter /48's.  With a mix of /56
 and /48 you need to filter at the /56 level.  Given enterpises are getting
 /48's it will be simpler overall for everyone to get /48's.
  
 On 8October2014Wednesday, at 18:31, Mark Andrews ma...@isc.org wrote:

 =20
 Give them a /48.  This is IPv6 not IPv4.  Take the IPv4 glasses off
 and put on the IPv6 glasses.  Stop constraining your customers
 because you feel that it is a waste.  It is not a waste  It
 will also reduce the number of exceptions you need to process and
 make over all administration easier.
 =20
 As for only two subnets, I expect lots of equipment to request
 prefixes in the future not just traditional routers.  It will have
 descrete internal components which communicate using IPv6 and those
 components need to talk to each other and the world.  In a IPv4
 world they would be NAT'd.  In a IPv6 world the router requests a
 prefix.
 =20
 Mark
 =20
 In message 495d0934da46854a9ca758393724d5906da...@ni-mail02.nii.ads, =
 Erik Sun
 dberg writes:
 I am planning out our IPv6 deployment right now and I am trying to =
 figure o=3D
 ut our default allocation for customer LAN blocks. So what is =
 everyone givi=3D
 ng for a default LAN allocation for IPv6 Customers.  I guess the idea =
 of ha=3D
 nding a customer /56 (256 /64s) or  a /48 (65,536 /64s) just makes me =
 cring=3D
 e at the waste. Especially when you know 90% of customers will never =
 have m=3D
 ore than 2 or 3 subnets. As I see it the customer can always ask for =
 more I=3D
 Pv6 Space.
 =20
 /64
 /60
 /56
 /48
 =20
 Small Customer?
 Medium Customer?
 Large Customer?
 =20
 Thanks
 =20
 Erik
 =20
 
 =20
 CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, =
 files =3D
 or previous e-mail messages attached to it may contain confidential =
 informa=3D
 tion that is legally privileged. If you are not the intended =
 recipient, or =3D
 a person responsible for delivering it to the intended recipient, you =
 are h=3D
 ereby notified that any disclosure, copying, distribution or use of =
 any of =3D
 the information contained in or attached to this transmission is =
 STRICTLY P=3D
 ROHIBITED. If you have received this transmission in error please =
 notify th=3D
 e sender immediately by replying to this e-mail. You must destroy the =
 origi=3D
 nal transmission and its attachments without reading or saving in any =
 manne=3D
 r. Thank you.
 --=20
 Mark Andrews, ISC
 1 Seymour St., Dundas Valley, NSW 2117, Australia
 PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org

Re: Marriott wifi blocking

2014-10-09 Thread Paige Thompson 

On 10/10/14 01:02, Naslund, Steve wrote:
 Yes, the BART case is different because we are talking about a public safety 
 functionality.  It really does not even matter who owns the repeaters.  Let's 
 say one of the carriers suddenly shuts down their very own cell sites to 
 purposely deny public service.You can almost guarantee that an FCC 
 enforcement action will result because carriers have a public safety 
 responsibility.  The state communications commission could even pull your 
 license for that and the FCC could ultimately pull your spectrum licenses for 
 using a public resource in a way not beneficial to the public.  BART 
 disrupting cell repeaters is tantamount to you doing anything to disrupt 911 
 service which is illegal whether you own the gear or not.  I don't know what 
 the exact rule currently is but I'm sure it would take someone like Homeland 
 Security to shut down a cellular network for national security reasons.  
 For example, interrupting a cellular bomb detonator or a coordinated 
 terrorist attack.  The legal concept of greater good comes into effect at 
 that point.

 As a common carrier, I know I would not shut down anything that affects 911 
 service deliberately without either the proper notifications taking place or 
 a federal court order in my hand (and it better be federal because those are 
 the laws you are asking me to throw out here).  The funny thing about cell 
 service (or repeaters in this case) is that there isn't usually a mandate to 
 provide coverage in any particular area but once you provide it you are on 
 the hook to maintain it and not purposely disrupt it.  Again, it is the 
 intent in this case that matters.  If BART had a maintenance problem or the 
 equipment was damaged, they would be off the hook but they purposely 
 interrupted the service to deny communications services to a group of users.  
 Cell sites go down all the time for maintenance scheduled or otherwise but if 
 you are doing it to purposely deny service, it's another story.   Again, 
 intent matters...a lot.

 I definitely see abuse of authority (not really a criminal act in itself, but 
 not nice for sure) and for sure civil liability, not so much a 1st Amendment 
 issue since the government is under no real obligation to give you the means 
 to communicate (like repeaters).  It's the 911 service disruption that is 
 most criminal here.

 Steve


 However, that's not what was being discussed in the BART example. In this 
 case, repeaters with unclear ownership operated by cellular providers were 
 shut down by BART authorities to try and disrupt a protest. That's not 
 active jamming, so most likely, not an FCC issue. There are other areas of 
 concern, however, such as 1st amendment violations, abuse of authority, 
 potential civil liability if anyone was unable to reach 911 in an expected 
 manner, etc.
 Owen

see if you can get tor browser to work... download it from torproject.org

netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Paige Thompson 
Hi,

I guess syncookies wasn't enough and the SYNPROXY target is a relatively
new addition to netfilter. If I remember correctly this has been a part
of BSD PF for quite some time and is pretty easy to get up and working.
I recently tried to set this up on one of my gateways considering that
it's just one less uncovered means for somebody to be a dick that I have
to deal with in the future. But, after spending some time researching
and asking on Freenode I have been unable to determine whether or not it
works, or even makes any sense. I'm starting to think it's a moot point.

pastie.org/private/gjsypxkpjs8kuev0tlbxrw#22 (iptables rules, plenty of
things to pick at but please try to focus on the subject of synproxy for
the purpose of this e-mail.)

based on the following table I want to say its not working because it
seems to never change:

http://pastie.org/private/xwct5opbb0aajcko2tnpw

more info on /proc/stat/synproxy:
http://www.spinics.net/lists/netdev/msg264350.html

My only guess is that you can't do this at all with NAT because it
relies on conntrack or maybe it will only work with SNAT? I don't
understand this well enough to say; are proper firewall rules really a
science that need to be understood that far in depth? Why is this not
documented? This tutorial seems to indicate that you could use this with
a NAT'd network:

http://www.academia.edu/6773989/Homemade_DDoS_Protection_Using_IPTables_SYNPROXY

I really would like to come to some closure on this subject. Whether it
needs to be done right or not done at all, I'm tired of it looming over
me. I really want to believe I should do the very best to have all
mitigation techniques already in place, but I'm having a hard time
understanding why this is next to impossible to figure out if it's so
important. #netfilter on freenode is next to no help, the mailing list
seems to be unavailable the things people are saying about how I
should just switch back to using pf seem like a drastic solution when
people in #netfilter are so content (yet many of them have never heard
of synproxy before.)


Any thoughts on this are appreciated,

-Paige

netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Paige Thompson 
Hi,

I guess syncookies wasn't enough and the SYNPROXY target is a relatively
new addition to netfilter. If I remember correctly this has been a part
of BSD PF for quite some time and is pretty easy to get up and working.
I recently tried to set this up on one of my gateways considering that
it's just one less uncovered means for somebody to be a dick that I have
to deal with in the future. But, after spending some time researching
and asking on Freenode I have been unable to determine whether or not it
works, or even makes any sense. I'm starting to think it's a moot point.
pastie.org/private/gjsypxkpjs8kuev0tlbxrw#22 (iptables rules, plenty of
things to pick at but please try to focus on the subject of synproxy for
the purpose of this e-mail.)

based on the following table I want to say its not working because it
seems to never change:
http://pastie.org/private/xwct5opbb0aajcko2tnpw

more info on 
/proc/stat/synproxy:http://www.spinics.net/lists/netdev/msg264350.html

My only guess is that you can't do this at all with NAT because it
relies on conntrack or maybe it will only work with SNAT? I don't
understand this well enough to say; are proper firewall rules really a
science that need to be understood that far in depth? Why is this not
documented? This tutorial seems to indicate that you could use this with
a NAT'd network:
http://www.academia.edu/6773989/Homemade_DDoS_Protection_Using_IPTables_SYNPROXY

I really would like to come to some closure on this subject. Whether it
needs to be done right or not done at all, I'm tired of it looming over
me. I really want to believe I should do the very best to have all
mitigation techniques already in place, but I'm having a hard time
understanding why this is next to impossible to figure out if it's so
important. #netfilter on freenode is next to no help, the mailing list
seems to be unavailable the things people are saying about how I
should just switch back to using pf seem like a drastic solution when
people in #netfilter are so content (yet many of them have never heard
of synproxy before.)


Any thoughts on this are appreciated,

-Paige

Re: netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Paige Thompson 
On 10/08/14 18:06, Thijs Stuurman wrote:
 I set up a bridge at home to filter traffic using iptables with synproxy. I 
 tried to adjust the lines so that it would log hits but that wouldn't work
 It gave me a message to read dmesg why it didn't work but dmesg had no 
 information in it.
 However, when I turned on the lines in my iptables configuration file (bash 
 script to load in the rules basicly) it did filter out a SYN attack and the 
 output of cat /proc/net/stat/synproxy showed the syn_received go up. (see 
 https://r00t-services.net/knowledgebase/14/Homemade-DDoS-Protection-Using-IPTables-SYNPROXY.html)

 A tcpdump on the bridge confirmed the packets coming in and on my server 
 behind it they didn't so that worked while I would perfectly fine access the 
 apache service.


 I haven't done any further testing, just got the setup to work late last 
 night.


 Kind regards / Vriendelijke groet,
 IS Group
 Thijs Stuurman

 Powered by results.

 Wielingenstraat 8 | T +31 (0)299 476 185
 1441 ZR Purmerend | F +31 (0)299 476 288
 http://www.is.nl | KvK Hoorn 36049256

 IS Group is ISO 9001:2008, ISO/IEC 27001:2005,
 ISO 20.000-1:2005, ISAE 3402 en PCI DSS certified.

 -Oorspronkelijk bericht-
 Van: NANOG [mailto:nanog-boun...@nanog.org] Namens Paige Thompson
 Verzonden: Wednesday, October 8, 2014 4:51 PM
 Aan: Nanog
 Onderwerp: netfilter/iptables synproxy; need help deciding

 Hi,

 I guess syncookies wasn't enough and the SYNPROXY target is a relatively new 
 addition to netfilter. If I remember correctly this has been a part of BSD PF 
 for quite some time and is pretty easy to get up and working.
 I recently tried to set this up on one of my gateways considering that it's 
 just one less uncovered means for somebody to be a dick that I have to deal 
 with in the future. But, after spending some time researching and asking on 
 Freenode I have been unable to determine whether or not it works, or even 
 makes any sense. I'm starting to think it's a moot point.
 pastie.org/private/gjsypxkpjs8kuev0tlbxrw#22 (iptables rules, plenty of 
 things to pick at but please try to focus on the subject of synproxy for the 
 purpose of this e-mail.)

 based on the following table I want to say its not working because it seems 
 to never change:
 http://pastie.org/private/xwct5opbb0aajcko2tnpw

 more info on 
 /proc/stat/synproxy:http://www.spinics.net/lists/netdev/msg264350.html

 My only guess is that you can't do this at all with NAT because it relies on 
 conntrack or maybe it will only work with SNAT? I don't understand this well 
 enough to say; are proper firewall rules really a science that need to be 
 understood that far in depth? Why is this not documented? This tutorial seems 
 to indicate that you could use this with a NAT'd network:
 http://www.academia.edu/6773989/Homemade_DDoS_Protection_Using_IPTables_SYNPROXY

 I really would like to come to some closure on this subject. Whether it needs 
 to be done right or not done at all, I'm tired of it looming over me. I 
 really want to believe I should do the very best to have all mitigation 
 techniques already in place, but I'm having a hard time understanding why 
 this is next to impossible to figure out if it's so important. #netfilter on 
 freenode is next to no help, the mailing list seems to be unavailable the 
 things people are saying about how I should just switch back to using pf 
 seem like a drastic solution when people in #netfilter are so content (yet 
 many of them have never heard of synproxy before.)


 Any thoughts on this are appreciated,

 -Paige

Yeah, I have no way to test for sure but I can tell you this which I
forgot to mention:

All of my services still work with these rules
-A PREROUTING -d 172.16.20.98/32 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN 
-j CT --notrack
-A PREROUTING -d 172.16.40.98/32 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN 
-j CT --notrack
-A PREROUTING -d 172.16.80.98/32 -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN 
-j CT --notrack

None of my services worked with this rule:
-A PREROUTING -p tcp -m tcp --tcp-flags FIN,SYN,RST,ACK SYN -j CT --notrack

I sort of get it, but I totally don't get it. I'm not sure what traffic that 
second rule is matching (or if the -d even works in the raw table maybe thats 
bunk too.) I don't think the first set are working, 
but I have no way to test it either.

Re: netfilter/iptables synproxy; need help deciding

2014-10-08 Thread Paige Thompson 
On 10/08/14 17:54, Roland Dobbins wrote:
 On Oct 8, 2014, at 9:43 PM, Paige Thompson paigead...@gmail.com wrote:

 Any thoughts on this are appreciated,
 http://mailman.nanog.org/pipermail/nanog/2010-January/016747.html

 https://app.box.com/s/e6hdt0iansu1sdb6m42t pp. 30-36.

 --
 Roland Dobbins rdobb...@arbor.net // http://www.arbornetworks.com

Equo ne credite, Teucri.

 -- Laocoön

Re pp: 30-36 I think I catch your drift (ie: using cisco netflow to
detect a synflood?) but would you care to summarize just in case because
I am not this savvy, but would like to understand.

Also in regards to snort inline, I've been trying to figure out whether
or not Snort/DAQ/NFQ (netfilter) is appropriate or not. I cannot get
this to work but it seems like on a gatway, for example where I have all
of this iptables stuff that NFQ would be appropriate and would probably
help with all of the false positives (3 way handshake and a couple of
others) I see when trying to use the pcap driver (the only one that will
work.)

Re: YouTube CDN down?

2014-09-29 Thread Paige Thompson 
yt is working for me:

2607:f2f8:a2c4:/48 / 206.125.168.64/28

On 09/30/14 00:22, Blair Trosper wrote:
 Watching in dev tools, the CDN is returning the dreaded HTTP header 204 (No
 Content), even though the entire video is buffering.

 This reminds me of an outage a while back that only affected IPv6.

 I've confirmed with other users, and YouTube is dead to us from these
 networks:
 - AS22645 (Texas Gigapop) - v4/v6
 - AS19108 (Suddenlink) - v4
 - AS40285 (Northland Cable) - v4/v6
 - AS40244 (TurnKey) - v4/v6

 It does seem to be regional.  People in SC/NC who are presumably hitting
 the Charleston DC are unaffected.

 On Mon, Sep 29, 2014 at 4:16 PM, Brandon Martin lists.na...@monmotha.net
 wrote:

 On 09/29/2014 05:12 PM, Blair Trosper wrote:

 Suddenly having an inability to play YouTube videos over IPv4 and IPv6
 from
 multiple ASNs in multiple locations in the United States.  Tried multiple
 operating systems and browsers...all have the same issue.

 (The very few that do play stall out, even though they're buffered.)

 Is this just me, or is there an issue afoot?


 Seems to be working here over a HE.net IPv6 tunnel (Chicago endpoint).

 --
 Brandon Martin

Internet in Venezuela

2014-09-29 Thread Paige Thompson 
I have lots of questions, feel free to contact me privately if you have
some time or interest in answering
some of them.

-Paige

paigead...@gmail.com
PGP: 0x0d5d2688 (keys.gnupg.net), also attached.



0d5d2688.pub.asc
Description: application/pgp-encrypted

Re: 2002::/16 [6to4] abuse

2014-09-24 Thread Paige Thompson 

On 2014-09-24 20:09, William Herrin wrote:

Hi David,

6to4 is a stateless tunnel network. The tunnel entry node advertises
2002::/16 into the native IPv6 network and relays received IPv6
packets inside an IPv4 packet. The tunnel exit node's IPv4 address is
encoded in the 6to4 IPv6 destination address.

No IPv6 addresses are changed in the transmission of the packet, so
unless someone is incorrectly advertising more-specifics for
2002::/16, 2002:af2c:785::af2c:785 is the host that connected to your
customer and that host is connected to af.2c.07.85, i.e. 175.44.7.133.

Going the other way (towards the native IPv6 network), 175.44.7.133
encapsulates the IPv6 packet into an IPv4 packet addressed to the
standard anycast IPv4 address for a 6to4 exit node. This packet finds
its way to the nearest 6to4 exit node on the IPv6 native network where
it is decapsulated back to an plain IPv6 packet.

Repeating af2c:785 in the address is just like saying 10.11.10.11.
Don't expect it to mean anything.

Regards,
Bill Herrin

On Wed, Sep 24, 2014 at 12:42 PM, David Hubbard
dhubb...@dino.hostasaurus.com wrote:

Curious if anyone can tell me, or point me to a link, on how 2002::/16
is actually implemented for 6to4?  Strictly for curiosity.

We had a customer ask about blocking spam from their wordpress blog 
that
we host and the spammer was using 2002:af2c:785::af2c:785, which was 
the

first time I'd seen wordpress spam coming from IPv6.  Per RFC3964, I'm
guessing the 175.44.120.5 is just a relay router, not surprisingly, on
the China Net network and the spammer was native v6?

I see that net advertised from 6939 (HE) and 1103 (SURFnet 
Netherlands)

from the perspective of my feeds, so that just got me more confused.

Thanks,

David


Was gonna say if the customer is complaining that there is wordpress 
spam (in the apache logs) of an ipv6 address then the customer probably 
has an ipv6 address that he/she doesn't know about. Most people don't 
even know about ip6tables vs iptables. Usually apache won't serve the 
request unless the request includes the hostname of the vhost to server 
unless its all setup in /var/www/localhost or something, getting back to 
wordpress kind of makes me wonder how that RBL service (kismet? I think 
its called?) that they have is going to keep up with ipv6... theres a 
lot of them.


--
GPG: 0x0d5d2688 (keys.gnupg.net)