Re: any dangers of filtering every /24 on full internet table to preserve FIB space ?
The /24 is as small as it will get before it cuts into profits for the tiny bit of administration it would take to announce /25, /26. This argument is almost as old as my kids. Is it fair or just, probably not, but that's they way the consensus seems to want it.RichardRichard GolodnerInfratection IT Services Original message From: William Herrin Date: 10/11/22 16:00 (GMT-06:00) To: Matthew Petach Cc: nanog@nanog.org Subject: Re: any dangers of filtering every /24 on full internet table to preserve FIB space ? On Tue, Oct 11, 2022 at 1:15 PM Matthew Petach wrote:> Wouldn't that same argument mean that every ISP that isn't honoring> my /26 announcement, but is instead following the covering /24, or /20,> or whatever sized prefix is equally in the wrong?>> What makes /24 boundaries magically "OK" to filter on,Hi Matthew,/24 is the consensus filtering level for Internet-wide routes and ithas been for decades. It became the consensus as a holdover from"class C" and remains the consensus because too many people would haveto cooperate to change it. Indeed, a little over a decade ago somefolks tried to change it to /19 and then /20 for prefixes outside "theswamp" and, well, they failed. Likewise, more than a few folksannounce /26's to their immediate transit providers and they simplydon't move very deep into the system -- nobody has any expectationthat they will.> To wrap up--I disagree with your assertion because it depends entirely> on a 'magic' /24 boundary that makes it OK to filter more specifics smaller> than it, but not OK to filter larger than that and depend instead on covering> prefixes, without actually being based on anything concrete in BGP or> published standards.Got any better reasons besides disliking the consensus?Regards,Bill Herrin-- For hire. https://bill.herrin.us/resume/
Re: Famous operational issues
That was the one with the most severe imact for my company. Seven Frame Circuits (UUNET) and we all saw what an updtae can do On 2/16/21 3:28 PM, Sean Donelan wrote: Since you said operational issues, instead of just outage... How about MCI Worldcom's 10-day operational disaster in 1999. http://www.cnn.com/TECH/computing/9908/23/network.nono.idg/ How not to handle a network outage [...] MCI WorldCom issued an alert to its sales force, which was given the option to deliver a notice to customers by e-mail, hand delivery or telephone – or not at all. After a deafening silence from company executives on the 10-day network outage, MCI WorldCom CEO Bernie Ebbers finally took the podium to discuss the situation. How did he explain the failure, and reassure customers that the network would not suffer such a failure in the future? He didn't. Instead, he blamed Lucent. [...]
Re: Fwd: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends
There is a reason why my family loves open source. My kid is learning Linux and she doesn't even know it. Mommy has an Android... On 07/06/2015 12:53 PM, Jay Ashworth wrote: From Lauren, a new feature in Windows 10 I think this community probably wants to know about, to the extent you don't already. I *knew* I didn't like W10. :-) Cheers, -- jra - Forwarded Message - From: PRIVACY Forum mailing list priv...@vortex.com To: privacy-l...@vortex.com Sent: Wednesday, July 1, 2015 8:03:06 PM Subject: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends Windows 10 will share your Wi-Fi key with your friends' friends http://www.theregister.co.uk/2015/06/30/windows_10_wi_fi_sense/ In an attempt to address the security hole it has created, Microsoft offers a kludge of a workaround: you must add _optout to the SSID (the name of your network) to prevent it from working with Wi-Fi Sense. (So if you want to opt out of Google Maps and Wi-Fi Sense at the same time, you must change your SSID of, say, myhouse to myhouse_optout_nomap. Technology is great.) Microsoft enables Windows 10's Wi-Fi Sense by default, and access to password-protected networks are shared with contacts unless the user remembers to uncheck a box when they first connect. Choosing to switch it off may make it a lot less useful, but would make for a more secure IT environment. - - - --Lauren-- Lauren Weinstein (lau...@vortex.com): http://www.vortex.com/lauren Founder: - Network Neutrality Squad: http://www.nnsquad.org - PRIVACY Forum: http://www.vortex.com/privacy-info Co-Founder: People For Internet Responsibility: http://www.pfir.org/pfir-info Member: ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com Google+: http://google.com/+LaurenWeinstein Twitter: http://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com ___ privacy mailing list http://lists.vortex.com/mailman/listinfo/privacy
Re: Fwd: [ PRIVACY Forum ] Windows 10 will share your Wi-Fi key with your friends' friends
I long for the days of a good old fashion, bar, that made calls and received them. The smart phones are smarter than I am, but that is not much of a challenege either! On 07/06/2015 04:15 PM, rdrake wrote: On 07/06/2015 02:16 PM, Richard Golodner wrote: Mommy has an Android... Android shares your wifi password with Google. Including the password of everyone's wifi you've ever logged into. http://www.computerworld.com/article/2474851/android-google-knows-nearly-every-wi-fi-password-in-the-world.html
Urgent...
All kidding aside, did someone contact the OP off-list to get him the help he needs? Richard
Re: In Over My Head -- What do I need to setup a tiny ISP?
On Sat, 2013-10-19 at 20:57 +0100, Notify Me wrote: Hi, Hello, I can not tell you how to set up an ISP. There are people on here that have worked on doing just that and a good place for you to start would be here: http://www.afnog.org/ Another good resource would be found at http://www.nsrc.org/ This was set up by folk who frequent the NANOG forum and these people know their stuff. I interned at an ISP, but that was many years ago before wireless was happening so I don't have much to offer other than these links. I wish you success in your endeavor. One suggestion from me would be for you to use your real name so that you can be considered a professional. Just my own opinion, but there it is. Sincerely, Richard Golodner
Re: To CCIEs and JNCIEs
On Fri, 2013-10-11 at 12:45 -0700, Scott Howard wrote: I dunno, it looks pretty legit to me!! Domain Name.. theccie.com Creation Date 2013-09-28 Registration Date 2013-09-28 Expiry Date.. 2014-09-28 Organisation Name the ccie Organisation Address. later Organisation Address. Organisation Address. Organisation Address. singapore Organisation Address. 100850 Organisation Address. singapore Organisation Address. SINGAPORE With a business address of later and no other traceable info I would be wary. Like in Scarface, perhaps I am just paranoid. My paranoia has worked for me though. Richard
Re: which firewall product?
On Tue, 2013-07-30 at 18:15 -0500, Jimmy Hess wrote: I would encourage looking at Checkpoint / Palo Alto / Stonegate / Sonicwall/ some others. If this were me, I would give Stonegate a call and explain what I wanted to have happen. They are knowledgeable and kind folks. I can't speculate about the IPIP tunnels, but they will be able to give you an answer. I have used their products and found them to be very good. Then again, this is just me. Good luck solving your problem. Richard
Re: Office 365..? how Microsoft handed the NSA access to encrypted messages
On Sun, 2013-07-14 at 09:36 -1000, Randy Bush wrote: in fact, they were all likely in the same rotten boat. Why I love open source. Look at my mail, track my web site visits. None of this should come as any surprise, especially to the members of this list. Now for the guy down the street that is working on his 69 Camaro at two in the morning it may have come as a shock. Richard
Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)
On Thu, 2013-06-20 at 14:42 -0700, RijilV wrote: On 20 June 2013 14:28, valdis.kletni...@vt.edu wrote: On Thu, 20 Jun 2013 14:08:18 -0700, Jeff Shultz said: small number of Network Solutions customers They must be staffed with physicists, astronomers, or economists I don't know anyone else that would consider nearly fifty thousand (from a previous post by Phil Fagan) to be a small number. It's relatively small when you consider there's something like 140M .com's So it's okay to screw over nearly fifty thousand customer domains because there are 140M .com's? When talking about inadvertently effecting that many folks I don't think it is appropriate to trivialize the customer impact by calling it small when you're talking about a handful of large websites that aren't somehow magically shared over those 140M .coms. Also it is untrue to limit it to only the websites given how many other things folks are likely to be using DNS for... .r' I think you are reading it the wrong way. Mr.Kletnieks never said it was okay. He just stated that the numbers were trivial when compared to the rest of potential customers being affected. Be cool, Richard Golodner
RE: Stuxnet and more
Grant said today: -Original Message- From: Grant Ridder [mailto:shortdudey...@gmail.com] Sent: Thursday, July 26, 2012 11:25 AM To: nanog@nanog.org Subject: Stuxnet Hi Everyone, I realize most people already know the history of Stuxnet but i figured i would pass along an IEEE article that was just published. http://spectrum.ieee.org/computing/networks/declarations-of-cyberwar -Grant Grant and the rest of you NANOGERS, more regarding new problems in Iran via an F-Secure blog. Here is the link: http://www.f-secure.com/weblog/archives/2403.html Sincerely, Richard Golodner P.S. Did I ever mention how much I hate M$ Windows?
Re: very confusing.
On Thu, 2012-06-14 at 07:05 +0900, ACCIDENTAL email How can my company get six accidental emails? Not even an idiot sends six emails by mistake. Spammertechnology labs is more like it.
Re: Vixie warns: DNS Changer ‘blackouts’ inevitable
Is it time to drop this yet? Three weeks old. Let's move on. Richard Golodner
Re: Fwd: Welcome to the Marketing mailing list
On Thu, 2011-11-17 at 09:35 -0800, Owen DeLong wrote: Can someone explain this one to me? 1. Why was such a list created? 2. Why was I automatically subscribed to it? 3. Why was this done without notice to the community? Thanks, This has a lot of us wondering the same as Owen. This is also not typical of how NANOG does things. Hopefully as the day progresses we will get some insight. Richard Golodner
Re: General Internet Instability
On Mon, 2011-11-07 at 11:09 -0500, Todd Snyder wrote: Can anyone point to any authoritative updates about this? I think Jared's suggestion was about as close as your going to get for right now. Look at the size of the files he mentioned as compared to the average size of the others. Hopefully someone will come forth with an authoritative answer later today. Richard Golodner
[Nanog-futures] Volunteering.....
As was pointed out by Steve, there exists a tremendous gap in work to be done and people to do it. I have never attended a NANOG event, but was hoping to make Philly my first. Aging parents are making it look like Colorado will be my first. I have however benefited from the kind folks who have helped with technical problems and those who have just become trusted friends. With that being said, I am offering my services in any way they can be utilized so that we may continue as a community. most sincerely, Richard Golodner ___ Nanog-futures mailing list Nanog-futures@nanog.org https://mailman.nanog.org/mailman/listinfo/nanog-futures
6-15-2011
Wishing all the attendees a good time and a great start in Denver. NewNog is now NANOG and thank you to the community which has been a great source of information and education. Way to go Betty,Patrick and everyone else I have never met, but take the ball and run with it. Thanks for all of your hard work. Sincerely, Richard Golodner
Re: Top-posting
On Mon, 2011-04-11 at 19:39 -0400, Daniel Staal wrote: Of late I have started to get responses from people (not even the person who top-posted) saying that I should f*** off and that they would post however they wanted. Very hostile and even threatening. Too many Outlook users. With just about any other email client it is very easy to bottom post. To those who wish to post as they want demonstrates a certain something about being a professional and an additional personality component that need not be mentioned. Richard Golodner
RE: CSIRT - Backbone Security : Runtime Monitoring and DynamicReconfiguration for Intrusion Detection Systems
Move this to FD, please. On Thu, 2010-03-18 at 03:58 +0100, Guillaume FORTAINE wrote: Do you have any concern against fat dudes ? Best Regards, Guillaume FORTAINE From: charles.chu...@harris.com To: char...@knownelement.com; gforta...@live.com; nanog@nanog.org Date: Wed, 17 Mar 2010 20:42:49 -0400 Subject: Re: CSIRT - Backbone Security : Runtime Monitoring and DynamicReconfiguration for Intrusion Detection Systems isn't Obeseus the greek god of fat dudes? - Original Message - From: char...@knownelement.com To: Guillaume FORTAINE ; nanog@nanog.org Sent: Wed Mar 17 20:18:40 2010 Subject: Re: CSIRT - Backbone Security : Runtime Monitoring and DynamicReconfiguration for Intrusion Detection Systems Mods, Can we get the spam off the list? Its getting old. --Original Message-- From: Guillaume FORTAINE To: nanog@nanog.org Subject: CSIRT - Backbone Security : Runtime Monitoring and DynamicReconfiguration for Intrusion Detection Systems Sent: Mar 17, 2010 5:14 PM Misses, Misters, Let me introduce myself : Guillaume FORTAINE, Engineer in Computer Science. Me and my partners, INVEA-TECH (please see the attached file invea.pdf) [0] and Cognitive Security (please see the attached file cs.pdf) [1], are currently working on High-Speed Network Security Solutions. By the way, we would greatly appreciate to invite you to a further reading of the publication entitled Obeseus – a lightweight DDOS detector for big attacks (please see the attached file obeseus2.pdf) The point mentioned: Would be self-learning with black lists in this publication is of particular interest . We think that this last one is pretty much the core of a system that does big attack detection on backbones and is driving the new tools in this area according to our readings. The abilities to be assisted on the learning phase, to detect and block zero-day attacks. That's why we would greatly appreciate to invite you to a further reading about our methodology (please see the attached files paper4.pdf, Camnep.pdf and CognitiveSecurity.pdf). For a demo : http://demo.cognitivesecurity.cz/ We look forward to your answer, Best Regards, Guillaume FORTAINE Tel : +33(0)631092519 Mail : gforta...@gfortaine.biz Google Wave : gforta...@googlewave.com [0] http://www.invea-tech.com/ [1] http://www.cognitivesecurity.cz/ Sent via BlackBerry from T-Mobile _ Hotmail: Trusted email with Microsoft’s powerful SPAM protection. https://signup.live.com/signup.aspx?id=60969
Re: History of 4.2.2.2. What's the story?
On Sun, 2010-02-14 at 17:20 -0500, Patrick W. Gilmore wrote: Besides, it is quicker / better to use your local ISP's RNS. If something goes wrong, you can fall back to OpenDNS or L3, and, of course, yell at the _company_you_are_paying_ when their stuff doesn't work. :) The best advice I have read all day. I have recently been on a few networks that will not allow 4.2.2.2 to resolve for the clients. Cisco tech support tells their customers (us) to use it when testing. Perhaps this is not such a good practice. Patrick is correct. Use your own stuff and yell when it does not work.
[Nanog-futures] NANOG Emai list again...
Thank you for sending this out. It is time for another reminder. Best wishes and thank you for a job well done, Richard Golodner ___ Nanog-futures mailing list Nanog-futures@nanog.org http://mailman.nanog.org/mailman/listinfo/nanog-futures
Spam to the list from Japan...
Apparently no operational content here. Thanks to Google’s translation service: Date: 2009 Tuesday, April 28 Subject: - I have not seen in Aomori I have not seen is it hourly. How are you everyone. I'm relaxed and still. Now, in Aomori.来REMASHITA finally. Tetsu and because you live in the Hirosaki cherry blossoms in full bloom by TOMO, Ohanami also do it? I was invited to work with KIRASAN. But since I missed the last plane (perspiration), soft bear that has been let's go by train, the train I mean, I came by train. He was quite sudden so I眠RETA by a train. Peaceful train journey BONBI no. That world is still a lot of things happening. Taepodong or flying. Uproar in Japan and in the nude for her talent. It's overwrought media. Of laughed, He yelled words of mystery as a headline article. Cry for no reason and reasoned in terms of people and a naked and drunk. Anything mysterious ... (laughs) Hatoyama anger over her (laughs) There is important work that IMEJIKYARAKUTA, certainly as a society should care because it was in a position of responsibility I have. Maybe it was also like one叫BITAI Park. It is more painful is always good young man. The chest hurt from it, a nursing mother's 30 News was cute singer who committed suicide at the grave of the father before you continue. This is not someone else. Previously, only one son were hard to stop work to care for the mother of dementia, and to kill my mother die at the Kamogawa Kawahara行KI場Without missing a little money There was a scandal. TSURAKATTA or how. I read the news and reported涙GUMI and even the judge in the court ruling and compassionate decision. Cry every time you recall it. I must be alone in the bay so far? I do not have the time this goes to why I read the end of his mistake and feel sorry that Aso is smacked in the media and how it can look trashy, but I think gold or temporary benefits, and it looks like the effect, I think it's kind. BARAMAI consumption to increase by even a little money I do not think Rapidly entering the age of retirement of baby boomers coming from it. Care issues Is very concerned about. Tetsuya Komuro and that I hope in my heart for everything you can think Not seen in the eyes of ordinary people know it, and now that we should not say anything because I think I'm not. Nico JASRAC or acting like, I often I step on a land mine wrote something ... (sweat) and I think it is proper to consider the issue and the publicity I got from Nico's motion. In full today at the Sakura Sakura and cherry blossoms of Hirosaki Castle from when you live by Tetsu TOMO. I could do two times. After the live CD or sold.物販so help me, near you, please come and see you. Cherry, great fun, but have not seen yet. So, lie down! !
RE: Level3 funkiness
As Brandon had stated earlier: Out of Chicago on RCN onto L3. Tracing route to level3.net [63.211.236.36] over a maximum of 30 hops: 1 1 ms 4 ms 1 ms 10.10.10.1 (My home) 2 7 ms 9 ms 8 ms 10.20.0.1(RCN interior network) 310 ms 8 ms10 ms vl2.aggr1.chgo.il.rcn.net [207.229.191.130] 410 ms 7 ms10 ms tge3-1.border2.eqnx.il.rcn.net [207.172.19.159] 511 ms 8 ms10 ms te-8-3.car3.Chicago1.Level3.net [4.71.101.73] 611 ms17 ms19 ms ae-31-53.ebr1.Chicago1.Level3.net [4.68.101.94] 7 8 ms 8 ms 7 ms ae-6.ebr1.Chicago2.Level3.net [4.69.140.190] 844 ms34 ms36 ms ae-3.ebr2.Denver1.Level3.net [4.69.132.61] 9 * ge-9-1.hsa1.Denver1.Level3.net [4.68.107.99] reports: Destination host unreachable. Trace complete. Richard
RE: shipping pre-built cabinets vs. build-on-site
Joe asked today: Do I even need to spend time wondering about shock-tolerant cabinets, or should I instead be concentrating on finding the right company to wrap the cabinets for shipping, and to do the shipping itself? Joe, after having done a lot of this I found it was very expensive to find shock proof cabinets and a good air freight shipper. Any shipper of electronic goods will understand the requirements needed to protect their (your) cargo. It is costly for them to have damages occur in shipping which is why a good company will go the extra mile. Cushioned pallet wraps, additional padding and so forth come with the service you purchase. For my company, the bottom line was that it seemed redundant to pay for insurance, which is a must and have the racks built into shockproof cabinets. The cabinets were not needed at the data centers, so we called it overkill and have never had any problems with the company we used. Your stuff is departing from LAX I would imagine. If you need a recommendation or just some names so you can look for yourself, please feel free to contact me off list. I hope this helps everyone a bit. Sincerely, Richard Golodner
RE: The Confiker Virus.
Joe said earlier today: Thanks, the only thing is that these, like most, websites are very vague about the mechanics behind the infiltration Joe, the SRI report would be right up your alley as it is the most technical in its analysis of the variants A and B as well as an explanation of the algorithm it uses to determine domain names for future use of some kind. http://mtc.sri.com/Conficker/ Sincerely, Richard Golodner
RE: GLBX De-Peers Intercage [Was: RE: Washington Post: Atrivo/Intercag
Paul Vixie said on 9/1/08 OPN's are an unmanageable risk to all of us. Netops people generally sweep OPNs under the rug, yes. I agree completely, but how do we begin to address this problem? Words are not enough, we need some action and that action, whatever it may be will make the public network a better place for all of us. Divorcing my wife after 6 hours in the car with a newborn and a 4 day visit with my in-laws has a very real appeal to it. Hmmm... most sincerely, Richard Golodner
