Re: Comcast thinks it ok to install public wifi in your house
http://bgr.com/2014/05/12/cablevision-optimum-modem-wifi-hotspots/ I thought cablevision has been doing this for years. I had a higher level tech at mi casa within the last two years and he suggested their goal was to get enough coverage to start offering CV voip cell phones. "pay a little less, for not guaranteed coverage' Ryan Pavely Net Access http://www.nac.net/ On 12/10/2014 9:35 PM, Jeroen van Aart wrote: Why am I not surprised? Whose fault would it be if your comcast installed public wifi would be abused to download illegal material or launch a botnet, to name some random fun one could have on your behalf. :-/ (apologies if this was posted already, couldn't find an email about it on the list) http://www.theregister.co.uk/2014/12/10/disgruntled_customers_lob_sueball_at_comcast_over_public_wifi/ "A mother and daughter are suing Comcast claiming the cable giant's router in their home was offering public Wi-Fi without their permission. Comcast-supplied routers broadcast an encrypted, private wireless network for people at home, plus a non-encrypted network called XfinityWiFi that can be used by nearby subscribers. So if you're passing by a fellow user's home, you can lock onto their public Wi-Fi, log in using your Comcast username and password, and use that home's bandwidth. However, Toyer Grear, 39, and daughter Joycelyn Harris – who live together in Alameda County, California – say they never gave Comcast permission to run a public network from their home cable connection. In a lawsuit [PDF] filed in the northern district of the golden state, the pair accuse the ISP of breaking the Computer Fraud and Abuse Act and two other laws. Grear – a paralegal – and her daughter claim the Xfinity hotspot is an unauthorized intrusion into their private home, places a "vast" burden on electricity bills, opens them up to attacks by hackers, and "degrades" their bandwidth. "Comcast does not, however, obtain the customer's authorization prior to engaging in this use of the customer's equipment and internet service for public, non-household use," the suit claims. "Indeed, without obtaining its customers' authorization for this additional use of their equipment and resources, over which the customer has no control, Comcast has externalized the costs of its national Wi-Fi network onto its customers." The plaintiffs are seeking monetary damages for themselves and on behalf of all Comcast customers nation-wide in their class-action case – the service was rolled out to 20 million customers this year."
Re: nanog.org website - restored
I vote we go with Alex Rubenstein's offer to host.. Ryan Pavely Net Access Corporation http://www.nac.net/ On 10/7/2013 9:43 PM, Adam Newman wrote: I would be happy to donate a VM or two on my personal stack. Contact me if interested. -Adam Original message From: Phil Bedard Date: 10/07/2013 5:51 PM (GMT-08:00) To: Michael Thomas ,nanog@nanog.org Subject: RE: nanog.org website - restored Yeah isn't there some cloud provider like Amazon, Rackspace, or MS willing to donate some BW and CPU cycles? Would be a drop in the bucket. Phil From: Michael Thomas Sent: 10/7/2013 19:57 To: nanog@nanog.org Subject: Re: nanog.org website - restored On 10/7/13 4:24 PM, Andrew Koch wrote: Working with onsite personel to upgrade the server with additional memory failed during the first announced maintenance. Compatible memory was located and tested leading to the second maintenance when it was successfully installed. At this time we have increased the memory on the server and are at a stable point. How primative. When i want more memory I just log into the provider's web console and tell it I want more geebees. Mike
Re: ARIN WHOIS for leads
Because your mail servers are broken. Because you put spamfilters on your abuse@ mailbox, IF you even have an abuse@, which a lot of you don't. Because we tried calling, and your tier1 are clueless. Fix your mailservers. Train your staff. Staff your abuse desk. Then we'll talk. My mail servers are just fine. My abuse department is standing by to serve your requests. They are listed on all domains, ip allocations, and abuse.org, etc, etc.. If you suggest folks attempt to reach an abuse contact, fail, and them spam. Ok. No problem. But starting out with receiving an email that is CC'd to 3 departments, 2 direct people, and the same for all other org's involved is offensive, abusive, etc. And if you suggest for a second someone attempted to call, and gave up, and then spammed; yeah that never happened. A phone call? Really? Maybe one a decade, versus many spammed-spam complaints a day. Someone else wrote and I seem to have deleted it.. but basically 'I don't think these occurrences happen that often to warrant a change.' Well. If it's not happening that often, then lets fix it now before it does :) I actually think it's important to have contact information publicly available. Why? Who outside 'the business' needs that level of detailed contact information to IP mgmt folks? Does an end-user need that access? No. Does a web hoster need that access? No. They can go through their ISP or contact my OPS contact. Do you need that access? Do you have an AS, and IP blocks? If so then sure, why not. Now there is a big bug in locking down access to those registered members. Registered with whom? Arin? Ok so how do my brit friends whois my IP contact info? That complicates things, beyond suggesting an Arin policy. So I don't ever see this as changing, as I think I said, but it should change. Just like we shouldn't have echo/chargen anymore. They were cool 'back in the day'. Ryan Pavely Net Access Corporation http://www.nac.net/ On 7/26/2013 9:02 PM, Matt Hite wrote:
Re: ARIN WHOIS for leads
What about the 2am phone calls from the guy, who did a nslookup on a website, and then whois on the ip, who is calling to say his porn site is partially not working and he's pissed. imho. The days of having public records like whois/rwhois available has passed. The data use to be protected with a simple clue test. Only the clue minded folks knew about the data, and were pretty responsible with it. Now anyone can look it up. We use to use that data to be able to directly communicate with another provider for a serious problem. It was great knowing exactly how to get a hold of someone, and not have to forage your way through tech support... noc.. etc.. Even the anti-spam army out there seem to ignore 'This is the abuse contact', and end up spamming all whois org contacts. What's the point in that? Why can't we implement a method where you have to be a registered, and paying, user/member with an AS number to be able to get IP whois 'contact' info? Sure list my name and company. But keep my email and phone number private. In fact show me a web log of all registered users that looked me up. I doubt that will ever happen. So it's time for me to update my arin contact as this past weekend I got exactly that 2am porn call and it was quite disturbing which website was being referenced. In all my years I knew there was some crazy stuff out there, but this took the cake. Ryan Pavely Net Access Corporation http://www.nac.net/ On 7/25/2013 7:02 PM, Justin Vocke wrote: Sent this little e-mail to ARIN: I'm not sure that you guys can do anything about this, but it's worth looking into. I registered AS626XX a week ago, and since it's registration, I've been getting calls from "wholesale" carriers trying to get me to purchase IP transit from them. Someone is obviously using your database of contact information to generate sales leads. 512-377-6827 was one of the numbers trying to get more information about my network and how they could "help" me. My guess is someone is using your mass whois database, looking at the most recently issued/created AS numbers, and cold calling. Just thought I'd pass this along. - Due to the amount of calls I've received, I'm guessing its probably a good idea to remove my contact info from the registration and setup role's instead. Does this sorta thing happen frequently with new registrations or did I just draw the short straw? Best, Justin
Re: US DOJ victim letter
I really enjoyed the fact that I called the number, on what I learned later was a "Sample", and when I picked the option to speak with an agent I got "The mailbox is full" message. I feel safe... Ryan Pavely Director Research And Development Net Access Corporation http://www.nac.net/ On 01/31/2012 7:38 PM, Phil Dyer wrote: On Fri, Jan 27, 2012 at 3:23 PM, Jon Lewis wrote: On Fri, 27 Jan 2012, Bryan Horstmann-Allen wrote: Bit odd, if it's a phish. Even more odd if it's actually from the Fed. It's definitely real, but seems like they're handling it as incompetently as possible. Yep. That sounds about right. Man, I'm feeling left out. I kinda want one now. phil
Re: Windows UDP packet generator software?
If anyone needs a per-compiled iPerf.exe, no need for cygwin libraries, lemme know. It's a great tool! Ryan Pavely Director Research And Development Net Access Corporation http://www.nac.net/ On 12/22/2011 3:20 PM, Larry Blunk wrote: On 12/22/2011 02:36 PM, Sean Harlow wrote: iperf might be able to do what you need and there are Windows builds available, but I'm not sure if it has a mode where it's not flooding the network trying to test maximum speed. Is there a reason that standard ICMP pings aren't appropriate if you just want packet loss info? Obviously every platform worth using has ping built in. -- Sean Harlow s...@seanharlow.info In UDP mode, iperf sends at 1 Mbps by default. You change the rate with the -b flag. There's an iperf-2.0.5-cygwin build floating around for Windows.
Re: First real-world SCADA attack in US
Note to self. When my opc/modbus code goes to hell and wipes out an hvac unit; blame cyber terrorists, crappy vendors, and provide a random shady ip address. This was sad when it was possibly an unprotected network, with poor password procedures, horrible protection code in the logics, etc etc. Now it even got worse. Sigh. Ryan Pavely Director Research And Development Net Access Corporation http://www.nac.net/ On 11/22/2011 6:32 PM, Michael Painter wrote: andrew.wallace wrote: Here is the latest folks, "DHS and the FBI have found no evidence of a cyber intrusion into the SCADA system in Springfield, Illinois." http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html Andrew And "In addition, DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported." I'd bet we'll soon be hearing more from this loldhs pr0f character in .ro. --Michael
Re: First real-world SCADA attack in US
Might I suggest using 127.0.0.2 if you want less spam :P Pretty scary that folks have 1. Their scada gear on public networks, not behind vpns and firewalls. 2. Allow their hardware vendor to keep a list of usernames / passwords. 2b. Obviously don't change these so often. Whens the last time they really "called support" and refreshed the password with the hw vendor Probably when they installed the gear... Sheesh.. Perhaps the laws people suggest we need to protect ourselves should be added to. If you are the operator of a network and due to complete insanity leave yourself wide open to attack, you are just as guilty as the bad guys... But then again I don't want to goto jail for leaving my car door open and having someone steal my car, so nix that idea. Ryan Pavely Director Research And Development Net Access Corporation http://www.nac.net/ On 11/21/2011 2:48 PM, Leigh Porter wrote: I checked the SCADA boxes used in our "smart" building. They are all using 127.0.0.1 Is that a security risk?
Re: Can somebody stop nanog@nanog.org from forwarding spam, kthx!
As far as I can tell me neither. I feel so left out :( Ryan Pavely Director Research And Development Net Access Corporation http://www.nac.net/ On 7/12/2011 10:43 AM, Elmar K. Bins wrote: jer...@unfix.org (Jeroen Massar) wrote: I am fairly sure that the fake "Western Union" message and various other spams that are dripping through are from real subscribers... Err... what I find most interesting is that I have received no spam via this list today. I've checked my spamfilters' garbage heap... Did someone unsubscribe me from the spam part of the list? Thank you :) Elmar.
Re: IPv6 day fun is beginning!
Are you really on Cook Island in the Pacific or is your email headers date timezone string set incorrectly -1000. Your message won't be read by me until tonight shortly after 12:19 am. Sadly you'll miss IPv6 day :( Ryan Pavely Net Access Corporation http://www.nac.net/ On 6/9/2011 12:19 AM, Paul Graydon wrote: I've done the same at home, HE tunnel for IPv6. I've got a Linksys WRT54GL running DD-WRT so getting it set up was relatively straight forward though I really need to fix the automatic startup script that's misbehaving. Work was another matter, one big headache, to the point where I'm wondering if something is interfering. OpenBSD box running pf acts as a router for us, HE tunnel comes up easily and works fine from box. rtadvd starts advertising the network range and every machine in the office picked it up. Briefly those workstations running Windows 7 in the office were able to use the tunnel (5 mins give or take). From then on I could see outbound and inbound IPv6 traffic on the BSD box, but it never seemed to reach the workstations. Tearing down, reconfiguring, checking out every guide under the sun, nothing worked :) Gave up in the end, I'll tackle it later when I've got time to waste. Would be nice if my $isp would sort out an IPv6 address range for us to use properly. Paul On 6/8/2011 1:40 AM, Jamie Bowden wrote: Thanks to HE's tunnel broker service, I've got fully functional dual stack at home (well, mostly, like most folks, VZ gives me a single address and I live behind that with NATv4, but otherwise, I loves me some FiOS) and yesterday went by for me without a hitch, including accessing Facebook (I'd hear from the wife and kid really quickly if they weren't working). For a working tunnel, I put my DIR-825 as the "DMZ" host behind the cheesy Actiontec router VZ requires, forward all traffic with zero firewalling to it, and let the D-Link appliance handle all my firewall needs (and it terminates my v6 tunnel obviously). The one thing I haven't quite figured out how to make it do (and maybe it's just not capable) is use the /48 HE routes to me. The box insists that the internal interface be on the same subnet as the external, and it hands out v6 addresses from that /64. Jamie -Original Message- From: Jared Mauch [mailto:ja...@puck.nether.net] Sent: Tuesday, June 07, 2011 7:15 PM To: Iljitsch van Beijnum Cc: NANOG list Subject: Re: IPv6 day fun is beginning! On Jun 7, 2011, at 7:13 PM, Iljitsch van Beijnum wrote: www.facebook.com has but doesn't load for me over IPv6, it does for others though If you go to www.v6.facebook.com it works, but it seems they have some problem on their main site. I am seeing some issues reaching them over IPv6. - Jared
Re: So... is it time to do IPv6 day monthy yet?
I was thinking the same thing. Good call :) Ryan Pavely Net Access Corporation http://www.nac.net/ On 6/8/2011 10:40 AM, Jay Ashworth wrote: It certainly sounds like it might be. Cheers, -- jra
Re: Cacti Bandwidth Monitoring
Also isn't http://forums.cacti.net/ more appropriate then nanog? Ryan Pavely Director Research And Development Net Access Corporation http://www.nac.net/ On 11/29/2010 9:24 AM, Peter Rudasingwa wrote: Hi, I have a cacti server running and it has been working fine so far except for one interface which has an average of 150Mbps going through it now. Before when I had less than 120Mbps I got proper graphs but of late it gives me graphs of 20Mbps when it should be giving me the correct reading (150Mbps). Is there a maximum bandwidth it graphs or can this be edited so that I get proper graphs?
