Re: How do I handle a supplier that delivered a faulty product?
On Wed, Nov 26, 2014 at 12:41 AM, Nick B n...@pelagiris.org wrote: At no point does that spec say a single thing about speed. The closest part I could find was Upstream data rate 1.244Gbps, but I think it's pretty clear that that is the link speed, not the actual data rate. It's worth wringing them out over the issue, maybe you can shame them into taking the units back, but I don't think you will have much luck pinning them down legally on some nebulous belief that it would run at wire rate gigabit. Hi Nick, That's the beauty of the implied warranty of fitness for particular purpose. The seller doesn't have to give any specs at all. He just has to lead you to believe that the product is suitable for some purpose, such as providing gige to customers. Sometimes, even the fact that the seller was aware of the buyer's intended use and failed to warn him is enough. If it then proves unsuitable for that purpose for any reason, the seller is on the hook. IANAL and I think Baldur should consult one before taking any action, but unless Baldur's use obviously and significantly differed from Zhone's advertised intended use Baldur probably has a case. http://www.law.cornell.edu/ucc/2/2-315 Regards, Bill Herrin -- William Herrin her...@dirtside.com b...@herrin.us Owner, Dirtside Systems . Web: http://www.dirtside.com/ May I solve your unusual networking challenges?
Re: Seeking IPv6 Security Resources
Chris Some that come to my mind: draft-ietf-v6ops-balanced-ipv6-security and (not sure how up to date is this one) RFC 6092 Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service RFC 5157 IPv6 Implications for Network Scanning and draft-ietf-opsec-ipv6-host-scanning RFC 6104, 6105, 7113 All about Router Advertisement Guard (RA-Guard) draft-ietf-opsec-v6 RFC 6583 Operational Neighbor Discovery Problems Regards as On Tue Nov 25 2014 at 8:34:16 PM Chris Grundemann cgrundem...@gmail.com wrote: Hail NANOG! I am looking for IPv6 security resources to add to: http://www.internetsociety.org/deploy360/ipv6/security/ These could be best current practice documents, case-studies, lessons-learned/issues-found, research/evaluations, RFCs, or anything else focused on IPv6 security really. I'm not requesting that anyone do any new work, just that you point me to solid public documents that already exist. Feel free to share on-list or privately, both documents you may have authored and those you have found helpful. Thanks! ~Chris Note: Not every document shared will get posted to the Deploy360 site. -- @ChrisGrundemann http://chrisgrundemann.com
Re: Seeking IPv6 Security Resources
Hi, Perhaps https://tools.ietf.org/html/rfc7217 might also fit in the list. -- Marco Arturo Servin schreef op 26-11-14 om 10:28: Chris Some that come to my mind: draft-ietf-v6ops-balanced-ipv6-security and (not sure how up to date is this one) RFC 6092 Recommended Simple Security Capabilities in Customer Premises Equipment (CPE) for Providing Residential IPv6 Internet Service RFC 5157 IPv6 Implications for Network Scanning and draft-ietf-opsec-ipv6-host-scanning RFC 6104, 6105, 7113 All about Router Advertisement Guard (RA-Guard) draft-ietf-opsec-v6 RFC 6583 Operational Neighbor Discovery Problems Regards as On Tue Nov 25 2014 at 8:34:16 PM Chris Grundemann cgrundem...@gmail.com wrote: Hail NANOG! I am looking for IPv6 security resources to add to: http://www.internetsociety.org/deploy360/ipv6/security/ These could be best current practice documents, case-studies, lessons-learned/issues-found, research/evaluations, RFCs, or anything else focused on IPv6 security really. I'm not requesting that anyone do any new work, just that you point me to solid public documents that already exist. Feel free to share on-list or privately, both documents you may have authored and those you have found helpful. Thanks! ~Chris Note: Not every document shared will get posted to the Deploy360 site. -- @ChrisGrundemann http://chrisgrundemann.com -- Marco Davids smime.p7s Description: S/MIME-cryptografische ondertekening
Re: Buying IP Bandwidth Across a Peering Exchange
On Tuesday, November 25, 2014 09:51:47 PM Colton Conor wrote: Are exchanges really that unreliable compared to a traditional cross connect? Not necessarily. It's just that when money is changing hands, folk tend to find (passive) x-connects within the data centre to be far more reliable (even though they are not infallible) than passing traffic across another (active) system being run by someone else in the same physical facility. Plus, some service providers will drastically reduce or eliminate SLA's (for whatever they may be worth) if there is another active system in between you and their service. Mark. signature.asc Description: This is a digitally signed message part.
Re: Buying IP Bandwidth Across a Peering Exchange
On Tuesday, November 25, 2014 10:34:14 PM Eric Van Tol wrote: It's been a while since I've checked the Equinix Customer Agreement and Policies documents, but I know at one time they required a physical presence in the in the IDC for an Exchange cross-connect. This may have changed in the past several years. Several exchange points now support some kind of resale model, where peering members are transported into the exchange point via network, without the need for physical presence at the exchange point location. I'm not sure whether Equinix's exchange points do this. Mark. signature.asc Description: This is a digitally signed message part.
Re: Buying IP Bandwidth Across a Peering Exchange
On Tuesday, November 25, 2014 11:03:16 PM Bob Evans wrote: I agree with Bill...going it on the cheap is risky. DOn't consider it for primary. It may be good for backup. I have sold small amounts of transit to non-ISP companies on exchanges (100-200 meg). It's a good extra backup for ISPs, if you setup your local pref, MED and then prepend your AS an extra time or two to the prefixes you transmit. Then if you ever need to use it, it's sitting there waiting to send and receive traffic. I let ISPs customers do that with us for real low cost backup fees. We don't support that, for example, for reasons stated by many before. Even if we did, we typically don't offer customer services on peering routers. So physically, it would be a nightmare trying to terminate an IP Transit service from a peering member when the only path between us and them is a peering router. Yes, tunneling works, but tunnels insert your choice of colourful text here. Mark. signature.asc Description: This is a digitally signed message part.
Re: Buying IP Bandwidth Across a Peering Exchange
Hi, I’m pretty sure IX Reach can take you into an Equinix exchange, so it is probably possible that they allow this kind of stuff to happen. Ammar. This email and any files transmitted with it are confidential and intended solely for the use of the individual or entity to whom they are addressed. If you have received it by mistake, please let us know by e-mail reply and delete it from your system; you may not copy this message or disclose its contents to anyone. Please note that any views or opinions presented in this email are solely those of the author and do not necessarily represent those of the company. Finally, the recipient should check this email and any attachments for the presence of viruses. The company accepts no liability for any damage caused by any virus transmitted by this email. On Nov 26, 2014, at 4:38 PM, Mark Tinka mark.ti...@seacom.mu wrote: On Tuesday, November 25, 2014 10:34:14 PM Eric Van Tol wrote: It's been a while since I've checked the Equinix Customer Agreement and Policies documents, but I know at one time they required a physical presence in the in the IDC for an Exchange cross-connect. This may have changed in the past several years. Several exchange points now support some kind of resale model, where peering members are transported into the exchange point via network, without the need for physical presence at the exchange point location. I'm not sure whether Equinix's exchange points do this. Mark.
Re: Buying IP Bandwidth Across a Peering Exchange
On Wednesday, November 26, 2014 02:42:39 PM Ammar Zuberi wrote: I’m pretty sure IX Reach can take you into an Equinix exchange, so it is probably possible that they allow this kind of stuff to happen. I meant in terms of a reseller model between the exchange point and preferred service providers on behalf of the exchange point members. Of course, anyone can transport anyone anywhere, as long as the right people are paid. But exchange points have been getting into reseller models with transport providers as a way to discount what would be a normal transport service between two or more points. Mark. signature.asc Description: This is a digitally signed message part.
Re: Buying IP Bandwidth Across a Peering Exchange
On Tue, 25 Nov 2014 15:34:14 -0500, Eric Van Tol said: but I know at one time they required a physical presence in the in the IDC for an Exchange cross-connect. At the risk of being snarky, if somebody doesn't have a presence where do you connect the other end of the cross-connect cable? :) (Note that's different than I'm in a PoP on the west side of town, and the logical place to land my uplink is blade 2, port 3 of a router belonging to $upstream over on the east side of town - that's an external connection not a cross-connect) pgpojiPSu8QW_.pgp Description: PGP signature
Re: Buying IP Bandwidth Across a Peering Exchange
Well, we would have a BGP router in another town. Then get a wave from a transport provider from the other town to the town that equinix or the peering exchange was located at. The cross connect would go from the transport providers Z location to the port on the exchange. I have confirmed that Equinix is willing to sell us a port on the exchange even if we don't have a physical presence there. On Wed, Nov 26, 2014 at 8:45 AM, valdis.kletni...@vt.edu wrote: On Tue, 25 Nov 2014 15:34:14 -0500, Eric Van Tol said: but I know at one time they required a physical presence in the in the IDC for an Exchange cross-connect. At the risk of being snarky, if somebody doesn't have a presence where do you connect the other end of the cross-connect cable? :) (Note that's different than I'm in a PoP on the west side of town, and the logical place to land my uplink is blade 2, port 3 of a router belonging to $upstream over on the east side of town - that's an external connection not a cross-connect)
Re: Buying IP Bandwidth Across a Peering Exchange
peering exchange was located at. The cross connect would go from the transport providers Z location to the port on the exchange. I have In which case the cross connect is between the target and Z, who *has* a physical presence at the exchange pgp0hLFgZZD1w.pgp Description: PGP signature
Anyone else having trouble reaching thepiratebay.se? AS39138
Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me?
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
Works for me Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Nov 26, 2014 at 12:41 PM, Javier J jav...@advancedmachines.us wrote: Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me?
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
All good from hibernia's network (AS5580). On 26 Nov 2014 17:43, Javier J jav...@advancedmachines.us wrote: Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me?
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
im hitting 30 hops tracing from one location, and 30 from some EC2s. another shows 4. v638.core1.tor1.he.net 5. 100ge1-2.core1.nyc4.he.net 6. 100ge7-2.core1.lon2.he.net 7. 100ge3-2.core1.ams1.he.net 8. 100ge5-1.core1.fra1.he.net 9. rrbone.dus.ecix.net 10. te-2-1-800.bbr-dtm-01.de.infra.rrbone.net 11. ??? 12. xe-3-2.r02.dsdfge01.de.bb.gin.ntt.net 13. xe-0-1-0-20.r02.amstnl02.nl.bb.gin.ntt.net 14. 129.250.9.50 15. sl-bb21-ams-.sprintlink.net 16. sl-crs2-lon-0-8-3-0.sprintlink.net 17. sl-crs2-lon-.sprintlink.net 18. sl-crs1-nyc-0-5-2-0.sprintlink.net 19. 144.232.5.216 20. 144.232.18.59 21. 144.232.1.73 22. 144.232.11.17 23. 144.232.12.41 24. 144.232.7.124 25. sl-st20-sj-0-0-0.sprintlink.net 26. sl-china6-192107-0.sprintlink.net 27. 219.158.32.174 28. 175.45.177.217 29. ??? with some 1/2 ping times by the end. that's quite the trip around the world, hitting nyc twice. (no hesprintlink peering?) /kc On Wed, Nov 26, 2014 at 12:41:07PM -0500, Javier J said: Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me? -- Ken Chase - m...@sizone.org Toronto
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
From FL I die at xe-3-2.r02.dsdfge01.de.bb.gin.ntt.net (129.250.5.174) 172.519 ms 155.386 ms 187.235 ms On Nov 26, 2014, at 12:43 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Works for me Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Nov 26, 2014 at 12:41 PM, Javier J jav...@advancedmachines.us wrote: Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me?
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
Here is one from an EC2 instance in Sydney. 2. 100.68.201.19 0.0%24 0.5 0.6 0.4 4.3 0.8 3. 100.68.201.41 0.0%24 0.4 0.5 0.4 0.6 0.1 4. 100.67.166.50.0%24 0.4 0.4 0.3 0.5 0.1 5. 100.67.164.126 0.0%24 8.7 3.0 0.9 9.8 3.0 6. 100.64.134.79 0.0%24 1.0 4.7 0.8 13.6 4.6 7. 100.64.129.14 0.0%24 1.9 2.5 0.8 15.0 3.7 8. 100.64.57.640.0%24 0.8 0.6 0.3 3.8 0.7 9. 100.64.24.690.0%24 1.0 1.2 0.8 1.8 0.3 10. ec2-54-252-0-16.ap-southeast-2.compute.amazonaws.com0.0%24 0.4 8.8 0.3 49.3 17.1 11. 54.240.192.108 0.0%23 2.2 2.2 2.0 3.6 0.4 12. 54.240.192.78 0.0%23 2.3 3.5 1.9 21.3 4.0 13. 202.68.70.5 0.0%23 1.7 1.7 1.3 4.1 0.5 14. xe-3-1-0.r00.sydnau02.au.bb.gin.ntt.net 0.0%23 1.5 1.5 1.4 1.7 0.1 15. as-0.r22.tokyjp01.jp.bb.gin.ntt.net 0.0%23 133.8 115.9 112.8 133.8 6.0 16. ae-8.r25.tokyjp05.jp.bb.gin.ntt.net 0.0%23 113.0 117.9 112.8 138.5 7.3 17. ae-1.r22.amstnl02.nl.bb.gin.ntt.net 0.0%23 382.1 382.3 381.4 389.4 2.0 18. ae-1.r02.amstnl02.nl.bb.gin.ntt.net 0.0%23 370.8 369.5 368.8 370.8 0.5 19. ae7.edge6.Amsterdam.Level3.net 0.0%23 380.7 381.1 380.7 381.6 0.3 20. ae-232-3608.edge4.Amsterdam1.Level3.net 0.0%23 380.0 381.2 380.0 387.9 2.2 21. AS5580.edge4.Amsterdam1.Level3.net 0.0%23 342.5 343.1 342.1 353.3 2.2 22. eth5-4.core1.ams1.nl.as5580.net 0.0%23 342.1 342.6 342.0 344.4 0.6 23. eth4-1.r1.dus1.de.as5580.net0.0%23 345.6 346.4 341.4 355.4 4.6 24. 78.152.56.135 9.1%23 346.5 347.0 345.5 351.3 1.4 25. te-2-1-800.bbr-dtm-01.de.infra.rrbone.net 0.0%23 349.5 348.4 347.5 349.5 0.6 26. ??? 27. xe-3-2.r02.dsdfge01.de.bb.gin.ntt.net 0.0%23 347.7 348.3 347.3 349.2 0.6 28. xe-0-1-0-20.r02.amstnl02.nl.bb.gin.ntt.net 4.3%23 348.6 348.7 347.5 349.5 0.5 29. 129.250.9.500.0%23 354.3 354.4 353.6 355.3 0.5 30. sl-bb21-ams-.sprintlink.net 4.5%23 356.5 356.2 355.3 357.3 0.6 On Wed, Nov 26, 2014 at 12:47 PM, Ken Chase m...@sizone.org wrote: im hitting 30 hops tracing from one location, and 30 from some EC2s. another shows 4. v638.core1.tor1.he.net 5. 100ge1-2.core1.nyc4.he.net 6. 100ge7-2.core1.lon2.he.net 7. 100ge3-2.core1.ams1.he.net 8. 100ge5-1.core1.fra1.he.net 9. rrbone.dus.ecix.net 10. te-2-1-800.bbr-dtm-01.de.infra.rrbone.net 11. ??? 12. xe-3-2.r02.dsdfge01.de.bb.gin.ntt.net 13. xe-0-1-0-20.r02.amstnl02.nl.bb.gin.ntt.net 14. 129.250.9.50 15. sl-bb21-ams-.sprintlink.net 16. sl-crs2-lon-0-8-3-0.sprintlink.net 17. sl-crs2-lon-.sprintlink.net 18. sl-crs1-nyc-0-5-2-0.sprintlink.net 19. 144.232.5.216 20. 144.232.18.59 21. 144.232.1.73 22. 144.232.11.17 23. 144.232.12.41 24. 144.232.7.124 25. sl-st20-sj-0-0-0.sprintlink.net 26. sl-china6-192107-0.sprintlink.net 27. 219.158.32.174 28. 175.45.177.217 29. ??? with some 1/2 ping times by the end. that's quite the trip around the world, hitting nyc twice. (no hesprintlink peering?) /kc On Wed, Nov 26, 2014 at 12:41:07PM -0500, Javier J said: Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me? -- Ken Chase - m...@sizone.org Toronto
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
On 11/26/2014 06:41 PM, Javier J wrote: Its reachable from some places and not others. Maybe a partial outage.
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
They do some wacky routing with internal IP addresses and AS prepending to make it seem like that they see hosted in Korea. I have no idea why anyone would but they do. On 26 Nov 2014 17:54, Ken Chase m...@sizone.org wrote: im hitting 30 hops tracing from one location, and 30 from some EC2s. another shows 4. v638.core1.tor1.he.net 5. 100ge1-2.core1.nyc4.he.net 6. 100ge7-2.core1.lon2.he.net 7. 100ge3-2.core1.ams1.he.net 8. 100ge5-1.core1.fra1.he.net 9. rrbone.dus.ecix.net 10. te-2-1-800.bbr-dtm-01.de.infra.rrbone.net 11. ??? 12. xe-3-2.r02.dsdfge01.de.bb.gin.ntt.net 13. xe-0-1-0-20.r02.amstnl02.nl.bb.gin.ntt.net 14. 129.250.9.50 15. sl-bb21-ams-.sprintlink.net 16. sl-crs2-lon-0-8-3-0.sprintlink.net 17. sl-crs2-lon-.sprintlink.net 18. sl-crs1-nyc-0-5-2-0.sprintlink.net 19. 144.232.5.216 20. 144.232.18.59 21. 144.232.1.73 22. 144.232.11.17 23. 144.232.12.41 24. 144.232.7.124 25. sl-st20-sj-0-0-0.sprintlink.net 26. sl-china6-192107-0.sprintlink.net 27. 219.158.32.174 28. 175.45.177.217 29. ??? with some 1/2 ping times by the end. that's quite the trip around the world, hitting nyc twice. (no hesprintlink peering?) /kc On Wed, Nov 26, 2014 at 12:41:07PM -0500, Javier J said: Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me? -- Ken Chase - m...@sizone.org Toronto
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
Failing for me from NYC FiOS http://traceroute.monitis.com/index.jsp?url=thepiratebay.setestId=545087 On Wed, Nov 26, 2014 at 12:41:07PM -0500, Javier J said: Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me? -- Ken Chase - m...@sizone.org Toronto -- --- Joly MacFie 218 565 9365 Skype:punkcast WWWhatsup NYC - http://wwwhatsup.com http://pinstand.com - http://punkcast.com VP (Admin) - ISOC-NY - http://isoc-ny.org -- -
RE: Anyone else having trouble reaching thepiratebay.se? AS39138
Perhaps it has something to do with Verizon' huge fiber cut in LA? Vandalism this morning Aaron D. Osgood Streamline Solutions L.L.C 274 E. Eau Gallie Blvd. #336 Indian Harbour Beach, FL 32937 TEL: 207-518-8455 MOBILE: 207-831-5829 GTalk: aaron.osgood aosg...@streamline-solutions.net www.Streamline-Solutions.net www.WMDaWARe.com Introducing Efficiency to Business since 1986 -Original Message- From: NANOG [mailto:nanog-bounces+aosgood=streamline-solutions@nanog.org] On Behalf Of TR Shaw Sent: November 26, 2014 12:50 To: Josh Luthman Cc: nanog@nanog.org Subject: Re: Anyone else having trouble reaching thepiratebay.se? AS39138 From FL I die at xe-3-2.r02.dsdfge01.de.bb.gin.ntt.net (129.250.5.174) 172.519 ms 155.386 ms 187.235 ms On Nov 26, 2014, at 12:43 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Works for me Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Nov 26, 2014 at 12:41 PM, Javier J jav...@advancedmachines.us wrote: Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me?
Re: Buying IP Bandwidth Across a Peering Exchange
Colton Conor colton.co...@gmail.com writes: Some might ask why not get a cross connect to the provider. It is cheaper to buy an port on the exchange (which includes the cross connect to the exchange) than buy multiple cross connects. Plus we are planning on getting a wave to the exchange, and not having any physical routers or switches at the datacenter where the exchange/wave terminates at. Is this possible? Technically possible and advisable are two different things. If you enjoy finger-pointing on the occasions where you are trying to smoke out performance issues, I encourage as many third, fourth, and fifth-party-managed network layers in the mix as possible. A wave with no way to test to the handoff point would of course be the icing on the cake. Are you sure you can't afford to sublet a few ru of space from someone and pay for a couple extra cross connects? -r
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
I heard about that vandalism. Can anyone confirm that is the issue? But I am in the NY area so why would traffic destined to Europe go to LA? On Wed, Nov 26, 2014 at 1:02 PM, Aaron D. Osgood aosg...@streamline-solutions.net wrote: Perhaps it has something to do with Verizon' huge fiber cut in LA? Vandalism this morning Aaron D. Osgood Streamline Solutions L.L.C 274 E. Eau Gallie Blvd. #336 Indian Harbour Beach, FL 32937 TEL: 207-518-8455 MOBILE: 207-831-5829 GTalk: aaron.osgood aosg...@streamline-solutions.net www.Streamline-Solutions.net www.WMDaWARe.com Introducing Efficiency to Business since 1986 -Original Message- From: NANOG [mailto:nanog-bounces+aosgood=streamline-solutions@nanog.org] On Behalf Of TR Shaw Sent: November 26, 2014 12:50 To: Josh Luthman Cc: nanog@nanog.org Subject: Re: Anyone else having trouble reaching thepiratebay.se? AS39138 From FL I die at xe-3-2.r02.dsdfge01.de.bb.gin.ntt.net (129.250.5.174) 172.519 ms 155.386 ms 187.235 ms On Nov 26, 2014, at 12:43 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Works for me Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Nov 26, 2014 at 12:41 PM, Javier J jav...@advancedmachines.us wrote: Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me?
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
I confirmed It is also blocked for Comcast users. Even Comcast business users. This is starting to look like censorship to me. On Wed, Nov 26, 2014 at 1:14 PM, Javier J jav...@advancedmachines.us wrote: I heard about that vandalism. Can anyone confirm that is the issue? But I am in the NY area so why would traffic destined to Europe go to LA? On Wed, Nov 26, 2014 at 1:02 PM, Aaron D. Osgood aosg...@streamline-solutions.net wrote: Perhaps it has something to do with Verizon' huge fiber cut in LA? Vandalism this morning Aaron D. Osgood Streamline Solutions L.L.C 274 E. Eau Gallie Blvd. #336 Indian Harbour Beach, FL 32937 TEL: 207-518-8455 MOBILE: 207-831-5829 GTalk: aaron.osgood aosg...@streamline-solutions.net www.Streamline-Solutions.net www.WMDaWARe.com Introducing Efficiency to Business since 1986 -Original Message- From: NANOG [mailto:nanog-bounces+aosgood=streamline-solutions@nanog.org] On Behalf Of TR Shaw Sent: November 26, 2014 12:50 To: Josh Luthman Cc: nanog@nanog.org Subject: Re: Anyone else having trouble reaching thepiratebay.se? AS39138 From FL I die at xe-3-2.r02.dsdfge01.de.bb.gin.ntt.net (129.250.5.174) 172.519 ms 155.386 ms 187.235 ms On Nov 26, 2014, at 12:43 PM, Josh Luthman j...@imaginenetworksllc.com wrote: Works for me Josh Luthman Office: 937-552-2340 Direct: 937-552-2343 1100 Wayne St Suite 1337 Troy, OH 45373 On Wed, Nov 26, 2014 at 12:41 PM, Javier J jav...@advancedmachines.us wrote: Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me?
RE: Anyone else having trouble reaching thepiratebay.se? AS39138
Javier, I can't get to www.rrbone.net, an upstream provider to the IP I was given for thepiratebay.se. I tested on VZ FiOS and Wireless in Philadelphia area and both die within the VZ network. For Comcast, it looks like the space isn't showing up in the BGP table: route-server.newyork.ny.iboneshow ip bgp 194.71.107.27 % Network not in table No clue what the cause is, but it bigger than just the PirateBay. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 F: 610-429-3222 -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Javier J Sent: Wednesday, November 26, 2014 1:44 PM To: nanog@nanog.org Subject: Re: Anyone else having trouble reaching thepiratebay.se? AS39138 I confirmed It is also blocked for Comcast users. Even Comcast business users. This is starting to look like censorship to me.
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
Only one of their /24's is in TATA's(AS6453) table. http://bgp.he.net/AS51040#_prefixes http://lg.as6453.net Router: gin-aeq-tcore1 Site: US, Ashburn, AEQ Command: show route protocol bgp 194.71.107.0/24 terse exact {master} Router: gin-aeq-tcore1 Site: US, Ashburn, AEQ Command: show route protocol bgp 194.14.56.0/24 terse exact inet.0: 520187 destinations, 3597636 routes (519993 active, 9 holddown, 1053 hidden) Restart Complete + = Active Route, - = Last Active, * = Both A V DestinationP Prf Metric 1 Metric 2 Next hopAS path * ? 194.14.56.0/24 B 197595 51040 I unverified 216.6.87.1 ?B 197595 51040 I unverified 216.6.87.1 ?B 197595 51040 I unverified 216.6.87.1 ?B 1239 1257 197595 51040 I unverified 144.232.7.61 {master} On 11/26/14, 2:01 PM, eric-l...@truenet.com eric-l...@truenet.com wrote: Javier, I can't get to www.rrbone.net, an upstream provider to the IP I was given for thepiratebay.se. I tested on VZ FiOS and Wireless in Philadelphia area and both die within the VZ network. For Comcast, it looks like the space isn't showing up in the BGP table: route-server.newyork.ny.iboneshow ip bgp 194.71.107.27 % Network not in table No clue what the cause is, but it bigger than just the PirateBay. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 F: 610-429-3222 -Original Message- From: NANOG [ mailto:nanog-boun...@nanog.org ] On Behalf Of Javier J Sent: Wednesday, November 26, 2014 1:44 PM To: nanog@nanog.org Subject: Re: Anyone else having trouble reaching thepiratebay.se? AS39138 I confirmed It is also blocked for Comcast users. Even Comcast business users. This is starting to look like censorship to me.
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
I can get to www.rrbone.net via ipv6 (HE.net tunnel) but on ipv4, it dies on hop 2, same as thepiratebay.se on Verizon Fios. On Wed, Nov 26, 2014 at 2:01 PM, eric-l...@truenet.com wrote: Javier, I can't get to www.rrbone.net, an upstream provider to the IP I was given for thepiratebay.se. I tested on VZ FiOS and Wireless in Philadelphia area and both die within the VZ network. For Comcast, it looks like the space isn't showing up in the BGP table: route-server.newyork.ny.iboneshow ip bgp 194.71.107.27 % Network not in table No clue what the cause is, but it bigger than just the PirateBay. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 F: 610-429-3222 -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Javier J Sent: Wednesday, November 26, 2014 1:44 PM To: nanog@nanog.org Subject: Re: Anyone else having trouble reaching thepiratebay.se? AS39138 I confirmed It is also blocked for Comcast users. Even Comcast business users. This is starting to look like censorship to me.
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
Le 26/11/2014 18:51, Dominik Bay a écrit : On 11/26/2014 06:41 PM, Javier J wrote: Its reachable from some places and not others. Maybe a partial outage. From France: mh@home:~$ mtr --report thepiratebay.org Start: Wed Nov 26 23:09:31 2014 HOST: homeLoss% Snt Last Avg Best Wrst StDev 1.|-- 192.168.0.254 0.0%100.3 0.3 0.3 0.4 0.0 /snip 29.|-- sl-st20-sj-0-0-0.sprintli 10.0%10 215.3 216.2 213.1 219.6 2.3 30.|-- sl-china6-192107-0.sprint 10.0%10 455.9 461.0 455.9 464.5 3.0 mh@home:~$ Cheers, mh
Re: Seeking IPv6 Security Resources
Chris, Are you aware IPv6 has 3 or arguably 4 major generations of standards? Each generation requires nuanced defense strategies, based on which clauses (must and should) were implemented. Some of the derived security works, do not reflect, and in some cases contradict current security recommendations. The perceived newness of the technology, and ambiguities of recommendations have resulted in 'pushback' by the security community to implement IPv6. This has forced us to continue with the implement of IPv6 and 'trust' the vender recommendations, based on the limitations of that venders products. In the cracks, between the standards and implementation of these standards, are where security vulnerabilities exist, compromises lay, and defenses crumble. Joe Klein Inveniam viam aut faciam On Tue, Nov 25, 2014 at 3:32 PM, Chris Grundemann cgrundem...@gmail.com wrote: Hail NANOG! I am looking for IPv6 security resources to add to: http://www.internetsociety.org/deploy360/ipv6/security/ These could be best current practice documents, case-studies, lessons-learned/issues-found, research/evaluations, RFCs, or anything else focused on IPv6 security really. I'm not requesting that anyone do any new work, just that you point me to solid public documents that already exist. Feel free to share on-list or privately, both documents you may have authored and those you have found helpful. Thanks! ~Chris Note: Not every document shared will get posted to the Deploy360 site. -- @ChrisGrundemann http://chrisgrundemann.com
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
Reachable from 32748. tim-macbookair:~ tim$ curl -I thepiratebay.se | head -n 2 HTTP/1.1 200 OK Server: nginx/1.6.0 tim-macbookair:~ tim$ traceroute thepiratebay.se traceroute to thepiratebay.se (194.71.107.27), 64 hops max, 52 byte packets 1 ip253 (208.100.33.253) 4.519 ms 3.744 ms 7.527 ms 2 xe-0-0-1.core4.chi02.steadfast.net (208.100.32.54) 4.327 ms 3.609 ms 4.261 ms 3 equinix-chicago.r1.chi1.us.as5580.net (206.223.119.45) 1.949 ms 2.118 ms 2.739 ms 4 eth1-4.core1.nyc1.us.as5580.net (78.152.34.149) 27.405 ms 29.265 ms 27.324 ms 5 eth1-5.core1.lon1.uk.as5580.net (78.152.44.134) 112.885 ms 111.443 ms 115.038 ms 6 eth13-1.core1.ams2.nl.as5580.net (78.152.44.239) 117.769 ms 117.290 ms 117.682 ms 7 eth1-7.core1.ams1.nl.as5580.net (78.152.34.13) 119.281 ms 117.476 ms 119.076 ms 8 eth4-1.r1.dus1.de.as5580.net (78.152.35.81) 127.028 ms 129.374 ms 121.328 ms 9 78.152.56.135 (78.152.56.135) 120.359 ms 120.729 ms 122.419 ms 10 te-2-1-800.bbr-dtm-01.de.infra.rrbone.net (31.172.1.10) 125.505 ms 126.621 ms 124.002 ms 11 * * * 12 xe-3-2.r02.dsdfge01.de.bb.gin.ntt.net (129.250.5.174) 128.702 ms 123.925 ms 124.836 ms 13 xe-0-1-0-20.r02.amstnl02.nl.bb.gin.ntt.net (129.250.2.64) 128.228 ms 128.397 ms 127.411 ms 14 129.250.9.50 (129.250.9.50) 129.909 ms 129.704 ms 129.277 ms 15 sl-bb21-ams-.sprintlink.net (217.149.32.206) 131.034 ms 128.477 ms 134.101 ms 16 sl-crs2-lon-0-8-3-0.sprintlink.net (213.206.129.143) 141.237 ms 144.952 ms 140.634 ms 17 sl-crs2-lon-.sprintlink.net (213.206.128.184) 143.750 ms 143.616 ms * 18 sl-crs1-nyc-0-5-2-0.sprintlink.net (144.232.9.163) 203.638 ms 203.826 ms 201.930 ms 19 144.232.5.216 (144.232.5.216) 289.414 ms 226.218 ms 223.651 ms 20 144.232.18.59 (144.232.18.59) 225.157 ms 225.886 ms 241.369 ms 21 144.232.1.73 (144.232.1.73) 303.248 ms * 432.785 ms 22 144.232.11.17 (144.232.11.17) 272.401 ms 434.872 ms 269.220 ms 23 * * * 24 *^C On 11/26/14, 5:41 PM, Javier J jav...@advancedmachines.us wrote: Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me?
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
Network unreachable from Vz DSL in Philly: $ traceroute 194.71.107.27 traceroute to 194.71.107.27 (194.71.107.27), 64 hops max, 52 byte packets 1 192.168.1.1 (192.168.1.1) 1.064 ms 0.709 ms 0.699 ms 2 10.7.120.1 (10.7.120.1) 24.135 ms 24.033 ms 23.911 ms 3 g0-5-4-2.phlapa-lcr-21.verizon-gni.net (130.81.196.51) 27.534 ms !N * 28.486 ms !N On Wed, Nov 26, 2014 at 1:01 PM, Tim Burke t...@tburke.us wrote: Reachable from 32748. tim-macbookair:~ tim$ curl -I thepiratebay.se | head -n 2 HTTP/1.1 200 OK Server: nginx/1.6.0 tim-macbookair:~ tim$ traceroute thepiratebay.se traceroute to thepiratebay.se (194.71.107.27), 64 hops max, 52 byte packets 1 ip253 (208.100.33.253) 4.519 ms 3.744 ms 7.527 ms 2 xe-0-0-1.core4.chi02.steadfast.net (208.100.32.54) 4.327 ms 3.609 ms 4.261 ms 3 equinix-chicago.r1.chi1.us.as5580.net (206.223.119.45) 1.949 ms 2.118 ms 2.739 ms 4 eth1-4.core1.nyc1.us.as5580.net (78.152.34.149) 27.405 ms 29.265 ms 27.324 ms 5 eth1-5.core1.lon1.uk.as5580.net (78.152.44.134) 112.885 ms 111.443 ms 115.038 ms 6 eth13-1.core1.ams2.nl.as5580.net (78.152.44.239) 117.769 ms 117.290 ms 117.682 ms 7 eth1-7.core1.ams1.nl.as5580.net (78.152.34.13) 119.281 ms 117.476 ms 119.076 ms 8 eth4-1.r1.dus1.de.as5580.net (78.152.35.81) 127.028 ms 129.374 ms 121.328 ms 9 78.152.56.135 (78.152.56.135) 120.359 ms 120.729 ms 122.419 ms 10 te-2-1-800.bbr-dtm-01.de.infra.rrbone.net (31.172.1.10) 125.505 ms 126.621 ms 124.002 ms 11 * * * 12 xe-3-2.r02.dsdfge01.de.bb.gin.ntt.net (129.250.5.174) 128.702 ms 123.925 ms 124.836 ms 13 xe-0-1-0-20.r02.amstnl02.nl.bb.gin.ntt.net (129.250.2.64) 128.228 ms 128.397 ms 127.411 ms 14 129.250.9.50 (129.250.9.50) 129.909 ms 129.704 ms 129.277 ms 15 sl-bb21-ams-.sprintlink.net (217.149.32.206) 131.034 ms 128.477 ms 134.101 ms 16 sl-crs2-lon-0-8-3-0.sprintlink.net (213.206.129.143) 141.237 ms 144.952 ms 140.634 ms 17 sl-crs2-lon-.sprintlink.net (213.206.128.184) 143.750 ms 143.616 ms * 18 sl-crs1-nyc-0-5-2-0.sprintlink.net (144.232.9.163) 203.638 ms 203.826 ms 201.930 ms 19 144.232.5.216 (144.232.5.216) 289.414 ms 226.218 ms 223.651 ms 20 144.232.18.59 (144.232.18.59) 225.157 ms 225.886 ms 241.369 ms 21 144.232.1.73 (144.232.1.73) 303.248 ms * 432.785 ms 22 144.232.11.17 (144.232.11.17) 272.401 ms 434.872 ms 269.220 ms 23 * * * 24 *^C On 11/26/14, 5:41 PM, Javier J jav...@advancedmachines.us wrote: Name: thepiratebay.se Address: 194.71.107.27 Its reachable from some places and not others. Is it being filtered? Is it being hijacked? Email to them bounced from google apps. Are we now officially living in a police state? mtr dies at hop 2 for me: 2. l100.nwrknj-vfttp-134.verizon-gni.net ( 173.70.26.1 ) Is verizon now censoring the internet for me?
Re: Seeking IPv6 Security Resources
Hi, On Wed, Nov 26, 2014 at 08:54:07AM -0500, Joe Klein wrote: Chris, Are you aware IPv6 has 3 or arguably 4 major generations of standards? Each generation requires nuanced defense strategies, based on which clauses (must and should) were implemented. Some of the derived security works, do not reflect, and in some cases contradict current security recommendations. both very good points, Joe, which I fully second. This is - to some degree - discussed in this talk: https://www.ernw.de/download/TROOPERS_IPv6SecSummit_ERNW_IPv6_Structural_Deficits.pdf which I suggest to add to the resource list in compilation. [disclaimer: I'm the author] best Enno The perceived newness of the technology, and ambiguities of recommendations have resulted in 'pushback' by the security community to implement IPv6. This has forced us to continue with the implement of IPv6 and 'trust' the vender recommendations, based on the limitations of that venders products. In the cracks, between the standards and implementation of these standards, are where security vulnerabilities exist, compromises lay, and defenses crumble. Joe Klein Inveniam viam aut faciam On Tue, Nov 25, 2014 at 3:32 PM, Chris Grundemann cgrundem...@gmail.com wrote: Hail NANOG! I am looking for IPv6 security resources to add to: http://www.internetsociety.org/deploy360/ipv6/security/ These could be best current practice documents, case-studies, lessons-learned/issues-found, research/evaluations, RFCs, or anything else focused on IPv6 security really. I'm not requesting that anyone do any new work, just that you point me to solid public documents that already exist. Feel free to share on-list or privately, both documents you may have authored and those you have found helpful. Thanks! ~Chris Note: Not every document shared will get posted to the Deploy360 site. -- @ChrisGrundemann http://chrisgrundemann.com -- Enno Rey ERNW GmbH - Carl-Bosch-Str. 4 - 69115 Heidelberg - www.ernw.de Tel. +49 6221 480390 - Fax 6221 419008 - Cell +49 173 6745902 Handelsregister Mannheim: HRB 337135 Geschaeftsfuehrer: Enno Rey === Blog: www.insinuator.net || Conference: www.troopers.de Twitter: @Enno_Insinuator ===
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
I just posted TATA as a single example. This route is missing from multiple networks. I could not find the specific /24 on, Sprint(1239) ATT(7018) and Centurylink either. rvi...@route-server.ip.att.net show route 194.71.107.0/24 rvi...@route-server.ip.att.net from https://www.sprint.net/lg/lg_start.php Query Results: Sprint Source Region: New York, NY (sl-gw27-nyc) Performing: Show Route % Network not in table Completed - Wed Nov 26 21:11:51 EST 2014 Basic troubleshooting of your two example ASN's. Notice the community 174:991 on the Cogent path? Go look that up in Cogent's community guide. Level3's looking glass actually does the translation of communities for you. I'm not going to try to map out all the possible paths this prefix could be reach. At the moment, the /24 is not reachable from several networks. Either an outage or a change at AS51040 or their upstreams has caused the traffic engineering of one of the networks upstream of 51040 to break connectivity for a group of networks. from http://www.cogentco.com/en/network/looking-glass BGP routing table entry for 194.71.107.0/24, version 2977032097 Paths: (1 available, best #1, table Default-IP-Routing-Table) 5580 39138 22351 2.207 51040 38.104.73.58 (metric 10111041) from 154.54.66.76 (154.54.66.76) Origin IGP, metric 0, localpref 130, valid, internal, best Community: 174:991 174:10004 174:20999 174:21001 174:22013 Originator: 66.28.1.248, Cluster list: 154.54.66.76, 66.28.1.69, 66.28.1.103, 66.28.1.9, 154.54.66.49 Route results for 194.71.107.0/24 from Atlanta, GA BGP routing table entry for 194.71.107.0/24 Paths: (2 available, best #1) 5580 39138 22351 23456 51040 AS-path translation: { ATRATO-IP OPENAP-WIRELESS-NETWORKS-AS INTELSAT AS23456 PIRATE-AS } ear1.Atlanta2 (metric 2) Origin IGP, metric 0, localpref 100, valid, internal, best Community: North_America Lclprf_100 Level3_Customer United_States Atlanta Level3:10074 5580:25215 Suppress_to_Peers Originator: ear1.Atlanta2 5580 39138 22351 23456 51040 AS-path translation: { ATRATO-IP OPENAP-WIRELESS-NETWORKS-AS INTELSAT AS23456 PIRATE-AS } ear1.Atlanta2 (metric 2) Origin IGP, metric 0, localpref 100, valid, internal Community: North_America Lclprf_100 Level3_Customer United_States Atlanta Level3:10074 5580:25215 Suppress_to_Peers Originator: ear1.Atlanta2 On Nov 26, 2014, at 7:32 PM, Eric Tykwinski wrote: Courtney, No offense, and I can’t really verify Comcast’s network. But Verizon peers with the same ASNs I do 3356 and 174 which both have routes to thepiratebay’s prefixes, and I can almost guarantee that Comcast has those routes within your network. What’s up really? Just because TATA is blocking routes shouldn’t effect the whole internet, or this whole thing would have been screwed a long time ago. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 F: 610-429-3222 On Nov 26, 2014, at 2:11 PM, courtneysm...@comcast.net wrote: Only one of their /24's is in TATA's(AS6453) table. http://bgp.he.net/AS51040#_prefixes http://lg.as6453.net Router: gin-aeq-tcore1 Site: US, Ashburn, AEQ Command: show route protocol bgp 194.71.107.0/24 terse exact {master} Router: gin-aeq-tcore1 Site: US, Ashburn, AEQ Command: show route protocol bgp 194.14.56.0/24 terse exact inet.0: 520187 destinations, 3597636 routes (519993 active, 9 holddown, 1053 hidden) Restart Complete + = Active Route, - = Last Active, * = Both A V DestinationP Prf Metric 1 Metric 2 Next hopAS path * ? 194.14.56.0/24 B 197595 51040 I unverified 216.6.87.1 ?B 197595 51040 I unverified 216.6.87.1 ?B 197595 51040 I unverified 216.6.87.1 ?B 1239 1257 197595 51040 I unverified 144.232.7.61 {master} On 11/26/14, 2:01 PM, eric-l...@truenet.com eric-l...@truenet.com wrote: Javier, I can't get to www.rrbone.net, an upstream provider to the IP I was given for thepiratebay.se. I tested on VZ FiOS and Wireless in Philadelphia area and both die within the VZ network. For Comcast, it looks like the space isn't showing up in the BGP table: route-server.newyork.ny.iboneshow ip bgp 194.71.107.27 % Network not in table No clue what the cause is, but it bigger than just the PirateBay. Sincerely, Eric Tykwinski TrueNet, Inc. P: 610-429-8300 F: 610-429-3222 -Original Message- From: NANOG [ mailto:nanog-boun...@nanog.org ] On Behalf Of Javier J Sent: Wednesday,
kohls.com issues
Anyone know what’s up ? Looks like they are still working thru issues where I am. Not sure if their domain was hijacked or what exactly. If someone has a list where this is already being discussed id appreciate that info. Thanks, Steve
RE: Anyone else having trouble reaching thepiratebay.se? AS39138
No problem here in New Zealand tonyw@vrhost1-w show route 194.71.107.0/24 icore1-w.inet.0: 519451 destinations, 525214 routes (519437 active, 14 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 194.71.107.0/24*[BGP/170] 10:25:44, MED 0, localpref 90 AS path: 4826 5580 39138 22351 131279 51040 I, validation-state: unverified to 175.45.102.9 via ae1.526 -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Courtney Smith Sent: Thursday, 27 November 2014 3:18 p.m. To: Eric Tykwinski Cc: nanog@nanog.org Subject: Re: Anyone else having trouble reaching thepiratebay.se? AS39138 I just posted TATA as a single example. This route is missing from multiple networks. I could not find the specific /24 on, Sprint(1239) ATT(7018) and Centurylink either. rvi...@route-server.ip.att.net show route 194.71.107.0/24 rvi...@route-server.ip.att.net
Re: kohls.com issues
http://www.kohls.com/ comes up for me fine on the west coast. -Grant On Wed, Nov 26, 2014 at 6:18 PM, o...@columbus.rr.com wrote: Anyone know what’s up ? Looks like they are still working thru issues where I am. Not sure if their domain was hijacked or what exactly. If someone has a list where this is already being discussed id appreciate that info. Thanks, Steve
Re: kohls.com issues
Thanks - it's good now. Just earlier seemed to be some issues. http://www.isitdownrightnow.com/kohls.com.html Guess it could have been a hosting issue. From: Javier J jav...@advancedmachines.us Date: Wednesday, November 26, 2014 at 9:25 PM To: Steven Parsons o...@columbus.rr.com Subject: Re: kohls.com issues Works for me on FIOS in the NYC area. On Wed, Nov 26, 2014 at 9:18 PM, o...@columbus.rr.com wrote: Anyone know what’s up ? Looks like they are still working thru issues where I am. Not sure if their domain was hijacked or what exactly. If someone has a list where this is already being discussed id appreciate that info. Thanks, Steve
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
No problem here in Los Angeles either, but seeing a lone route through Atrato only. flags destination gateway lpref med aspath origin *194.71.107.0/24 100 0 3491 5580 39138 22351 2.207 51040 i * 194.71.107.0/24 100 0 174 5580 39138 22351 2.207 51040 i On 11/27/2014 午前 11:24, Tony Wicks wrote: No problem here in New Zealand tonyw@vrhost1-w show route 194.71.107.0/24 icore1-w.inet.0: 519451 destinations, 525214 routes (519437 active, 14 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 194.71.107.0/24*[BGP/170] 10:25:44, MED 0, localpref 90 AS path: 4826 5580 39138 22351 131279 51040 I, validation-state: unverified to 175.45.102.9 via ae1.526 -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Courtney Smith Sent: Thursday, 27 November 2014 3:18 p.m. To: Eric Tykwinski Cc: nanog@nanog.org Subject: Re: Anyone else having trouble reaching thepiratebay.se? AS39138 I just posted TATA as a single example. This route is missing from multiple networks. I could not find the specific /24 on, Sprint(1239) ATT(7018) and Centurylink either. rvi...@route-server.ip.att.net show route 194.71.107.0/24 rvi...@route-server.ip.att.net
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
Paul, I think this is isolated to ISP providers in the US. It seems this is affecting Comcast, ATT U-Verse and Verizon FIOS customers. Here is some interesting info: http://www.reddit.com/r/AskTechnology/comments/2ni118/is_att_uverse_blocking_the_pirate_bay/ On Wed, Nov 26, 2014 at 10:06 PM, Paul S. cont...@winterei.se wrote: No problem here in Los Angeles either, but seeing a lone route through Atrato only. flags destination gateway lpref med aspath origin *194.71.107.0/24 100 0 3491 5580 39138 22351 2.207 51040 i * 194.71.107.0/24 100 0 174 5580 39138 22351 2.207 51040 i On 11/27/2014 午前 11:24, Tony Wicks wrote: No problem here in New Zealand tonyw@vrhost1-w show route 194.71.107.0/24 icore1-w.inet.0: 519451 destinations, 525214 routes (519437 active, 14 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 194.71.107.0/24*[BGP/170] 10:25:44, MED 0, localpref 90 AS path: 4826 5580 39138 22351 131279 51040 I, validation-state: unverified to 175.45.102.9 via ae1.526 -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Courtney Smith Sent: Thursday, 27 November 2014 3:18 p.m. To: Eric Tykwinski Cc: nanog@nanog.org Subject: Re: Anyone else having trouble reaching thepiratebay.se? AS39138 I just posted TATA as a single example. This route is missing from multiple networks. I could not find the specific /24 on, Sprint(1239) ATT(7018) and Centurylink either. rvi...@route-server.ip.att.net show route 194.71.107.0/24 rvi...@route-server.ip.att.net
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
No problem here in Los Angeles either, but seeing a lone route through Atrato only. flags destination gateway lpref med aspath origin * 194.71.107.0/24 100 0 3491 5580 39138 22351 2.207 51040 i * 194.71.107.0/24 100 0 174 5580 39138 22351 2.207 51040 i On 11/27/2014 午前 11:24, Tony Wicks wrote: No problem here in New Zealand tonyw@vrhost1-w show route 194.71.107.0/24 icore1-w.inet.0: 519451 destinations, 525214 routes (519437 active, 14 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 194.71.107.0/24 *[BGP/170] 10:25:44, MED 0, localpref 90 AS path: 4826 5580 39138 22351 131279 51040 I, validation-state: unverified to 175.45.102.9 via ae1.526 Hopefully the body cones thru this time. The issue isn't city or country based. In my last post I pointed out the do not announce to peers community AS5580 was sending to Cogent, Level3 and who knows who else. So any ASN that is not a customer of Cogent or Level3 wont learn the 5580 path from them. When I checked a few hours ago, Comcast, Centurylink, ATT, TATA, and possibly Sprint were not seeing the /24 based on their public looking glasses or route servers. Have not had time to run bgplay to see if routeviews data shows how they previously saw the /24 in past 30 days. Finding the ASN(s) they used to see from would shed light on why they stopped seeing. Checking bgplay and contacting AS51040 to reach out to their upstreams is my suggestion.
Re: Anyone else having trouble reaching thepiratebay.se? AS39138
No problem here in Los Angeles either, but seeing a lone route through Atrato only. flags destination gateway lpref med aspath origin * 194.71.107.0/24 100 0 3491 5580 39138 22351 2.207 51040 i * 194.71.107.0/24 100 0 174 5580 39138 22351 2.207 51040 i On 11/27/2014 午前 11:24, Tony Wicks wrote: No problem here in New Zealand tonyw@vrhost1-w show route 194.71.107.0/24 icore1-w.inet.0: 519451 destinations, 525214 routes (519437 active, 14 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 194.71.107.0/24 *[BGP/170] 10:25:44, MED 0, localpref 90 AS path: 4826 5580 39138 22351 131279 51040 I, validation-state: unverified to 175.45.102.9 via ae1.526 Hopefully the body cones thru this time. The issue isn't city or country based. In my last post I pointed out the do not announce to peers community AS5580 was sending to Cogent, Level3 and who knows who else. So any ASN that is not a customer of Cogent or Level3 wont learn the 5580 path from them. When I checked a few hours ago, Comcast, Centurylink, ATT, TATA, and possibly Sprint were not seeing the /24 based on their public looking glasses or route servers. Have not had time to run bgplay to see if routeviews data shows how they previously saw the /24 in past 30 days. Finding the ASN(s) they used to see from would shed light on why they stopped seeing. Checking bgplay and contacting AS51040 to reach out to their upstreams is my suggestion.
Re: Seeking IPv6 Security Resources
Hi, Chris, On 11/25/2014 05:32 PM, Chris Grundemann wrote: Hail NANOG! I am looking for IPv6 security resources to add to: http://www.internetsociety.org/deploy360/ipv6/security/ This is stuff that I've authored or that I've been involved in: Tools * (Open Source) IPv6 Security Toolkit: http://www.si6networks.com/tools/ipv6toolkit/index.html Articles This site links all the articles that I've written so far: http://www.si6networks.com/publications/articles.html. They tend to cover stuff that I've covered in IETF RFCs, but in a more synthetic and human-readable way. Note while stuffed with some adds (Techtarget has to make money somehow), the full content of the articles is online, without the requirement of creating an account or anything just scroll down. IETF RFCs Internet Drafts Most of what I've published at the IETF in the last few years is IPv6-securty related. Please check: http://datatracker.ietf.org/doc/search/?name=rfcs=onactivedrafts=onolddrafts=onsort=by=authorauthor=Gont Of particular interest would be: * draft-ietf-6man-ipv6-address-generation-privacy * draft-ietf-opsec-ipv6-host-scanning * RFC6980 * RFC7112 * RFC7113 * RFC7123 * RFC7217 * RFC7359 Presentations (slides videos) * Slides: http://www.si6networks.com/presentations/index.html (More to be uploaded soon... please re-check in a week or so) * Videos: https://www.youtube.com/user/SI6Networks On-line communities * IPv6 Hackers mailing-list: http://lists.si6networks.com/listinfo/ipv6hackers/ * IPv6 Hackers web site: http://www.ipv6hackers.org This site includes the slideware (and videos) of the first (and so far only) IPv6 hackers meeting in Berlin 2013. Thanks! Best regards, -- Fernando Gont e-mail: ferna...@gont.com.ar || fg...@si6networks.com PGP Fingerprint: 7809 84F5 322E 45C7 F1C9 3945 96EE A9EF D076 FFF1