On Sun, 2 Mar 2003, Sean Donelan wrote:
> Why should routes learned by eBGP have a higher priority than iBGP?
In general, isn't it better that they pay to carry the traffic across
the world on their network, rather than you?
> Why don't SWIP forms include Origin-AS?
Good question...but is it
On Fri, 28 Feb 2003, Steven M. Bellovin wrote:
> >> My own opinion is that sophisticated routing attacks are the
> >> single biggest threat to the Internet.
> >
> >My opinion is that lazy operational practices are the single biggest threat to
> >the Internet. What's the point of building security
"andy" == Andy Dills <[EMAIL PROTECTED]> writes:
andy> On 1 Mar 2003, Michael Lamoureux wrote:
andy> If you do a good job with your network, probing will have zero
andy> affect on you. All the person probing can do (regardless of
andy> their intent) is say "Gee, I guess there aren't any
andy> v
On Sat, Mar 01, 2003 at 11:31:30AM -0500, Mark Radabaugh wrote:
>
>
> > So, let's recap why no one uses them (as many have said already in the
> related
> > thread): Laziness. The same laziness that results in the slew of other
> things
> > many folks have pointed out not being addressed.
> >
G> Date: Sat, 1 Mar 2003 20:15:56 -0500
G> From: Geo.
G>
http://www.amazon.com/exec/obidos/ASIN/0671723650/qid=1046567734/sr=2-1/ref=sr_2_1/002-9383411-3569615
G> right back at cha..
At the risk of turning this into a "you need to read this"-fest:
http://www.nanog.org/faq/
helps clarify the
http://www.amazon.com/exec/obidos/ASIN/0671723650/qid=1046567734/sr=2-1/ref=
sr_2_1/002-9383411-3569615
right back at cha..
Geo.
- Original Message -
From: "Nathan J. Mehl" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Saturday, March 01, 2003 7:46 PM
Subject: Re: Root server error
In the immortal words of Geo. ([EMAIL PROTECTED]):
>
>
> Can someone verify something for me?
> Do an NSLOOKUP for www.stemtostern.com and stemtostern.com against the
> i.gtld-servers.net
> why would the www one resolve?
http://www.amazon.com/exec/obidos/tg/detail/-/0596001584/
Sheesh.
--
> Some traces show individual interface names, some just show
> device names. Any particular reason to go one way or the
> other for PTR records (doing a single device name for every
> interface seems easier and less-likely to screw up to me)?
Providing information where the packet went is much m
In article <[EMAIL PROTECTED]> Vadim wrote:
: Thank you very much, but no.
: DNS (and DNSSEC) relies on working IP transport for its operation.
Good point. However -
Routers rely on having enough CPU and RAM to do transport as well,
and router engineers rely on not running offboard boxes in s
> On Sat, 1 Mar 2003, Mark Radabaugh wrote:
>
> > Who actually uses RADB to build filters other than Verio? While my
> > experience with other providers is limited Verio is the only one (of the
> > ones we have used) who used RADB entries for BGP peers.
>
> AFAIK, Level3 and C&W.
Teleglobe as we
On 1 Mar 2003, Michael Lamoureux wrote:
> >> If you're randomly walk up to my house and check to see if the door
> >> is unlocked, you better be ready for a reaction. Same thing with
> >> unsolicited probes, in my opinion. Can I randomly walk up to your
> >> car to see if it's unlocked without ge
On Sat, 1 Mar 2003, Avi Freedman wrote:
> Re: S-BGP in particular, I think that the analysis on S-BGP has been...
> limited. Ironic for a security protocol that I haven't seen any
> real analysis of the effect on router CPUs when *under attack*. I
> am not saying "oh, the authentication will dr
> A) Verio provides a free db for its customers
They're not the only ones, CWI and Level3 do as well, off the top of my
head.
> B) Altdb is free, and works great
That it does, round of applause for Steve :)
Jeff
--
Jeffrey Meltzer
ICS/VillageWorld
631-218-0700 x100
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 02:07 PM 3/1/2003 -0500, [EMAIL PROTECTED] wrote:
>People speed, drive drunk, and run over pedestrians. Should we outlaw
>cars? Maybe just in California? :)
To use your analogy, you'd have to outlaw computers because they're used to
bad things
On Sat, Mar 01, 2003 at 10:20:43AM -0500, Mark Radabaugh wrote:
>
> This is not meant as a complaint toward Verio - I'm simply trying to
> decide why we should go to the added expense of entering our routes in a
> RADB. To date I have seen no operational difference between using RADB
> and not u
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
At 01:41 PM 3/1/2003 -0500, Michael Lamoureux wrote:
> andy> In this case, your door being unlocked cannot cause me
>andy> harm. However, an "unlocked proxy" can.
>
>Heh, so I guess you could make it his gun and the safety. Does that
>change your a
> It doesnt cost a million dollars to have access to a RR, its somewhat less! You
> pay for your domains you pay for your IPs you pay for your ASN you pay for your
> SSL, so why be shocked you pay a little for this too? And if everyone filters
> your prefixes that will be operational value enough
On 1 Mar 2003, Michael Lamoureux wrote:
> andy> If so, why outlaw the act of probing? Why not outlaw "probing
> andy> for the purposes of..."?
>
> What's the offset into the probe packets to the "intent of the this
> probe" field? And would you trust it if there were one anyway?
People speed,
Any passionate opinions about DNS record conventions for
routers? Or recommendations?
I'm not particularly concerned about device naming
conventions (we have that down), I'm more interested in what
makes sense for public-viewable DNS names (so I can put
those beautiful fully-compliant names where
"andy" == Andy Dills <[EMAIL PROTECTED]> writes:
andy> On Fri, 28 Feb 2003, Charlie Clemmer wrote:
>> At 03:52 PM 2/28/2003 -0500, Andy Dills wrote:
>> >Why is probing networks wrong?
>>
>> Depends on why you're doing the probing.
andy> If so, why outlaw the act of probing? Why not outlaw "pr
At 05:05 PM 28-02-03 -0500, Len Rose wrote:
Scanning is always a precursor to an attack, or to determine if any obvious
methodology can be used to attack. At least that's how it has been
historically viewed.
When buying from Landsend or Amazon, I normally trust their ecommerce
security. But when
On Sat, 1 Mar 2003, Mark Radabaugh wrote:
> Who actually uses RADB to build filters other than Verio? While my
> experience with other providers is limited Verio is the only one (of the
> ones we have used) who used RADB entries for BGP peers.
AFAIK, Level3 and C&W. I have to keep RADB entries
> It doesnt cost a million dollars to have access to a RR, its somewhat
less! You
> pay for your domains you pay for your IPs you pay for your ASN you pay for
your
> SSL, so why be shocked you pay a little for this too? And if everyone
filters
> your prefixes that will be operational value enough
[EMAIL PROTECTED] writes:
> When I hooked up my first server on the internet back in 1993, I was kind
> of shocked that some far away stranger was trying to log into my POP3
> server. Unwanted connections have been a fact of life on the internet
> probably since its beginning.
here's a sam
> You forgot the other one - expense. AFAIK all of the registries have fees
> or require you to be a customer. If there is no operational value
First problem, you see no "operational value".
> for me why would I want to spend the money?
Money changing hands no longer makes the IRR a dis-int
On Sat, 1 Mar 2003, Mark Radabaugh wrote:
> > So, let's recap why no one uses them (as many have said already in the
> related
> > thread): Laziness. The same laziness that results in the slew of other
> things
> > many folks have pointed out not being addressed.
> >
> > -danny
>
> You forgot
> So, let's recap why no one uses them (as many have said already in the
related
> thread): Laziness. The same laziness that results in the slew of other
things
> many folks have pointed out not being addressed.
>
> -danny
>
You forgot the other one - expense. AFAIK all of the registries have
> as you say for customers only. Inter-provider we have basic bogon checking plus
> maximum prefix. Its too unwieldy to build when you have peers exchanging
> thousands of routes... theres a belief that the peer should be behaving
> responsibly tho and this is a condition of most bilateral pee
On Sat, 1 Mar 2003, Danny McPherson wrote:
>
> >
> > > Who actually uses RADB to build filters other than Verio? While my
> > > experience with other providers is limited Verio is the only one (of the
> > > ones we have used) who used RADB entries for BGP peers.
> >
> > Level3 do atleast. Mo
>
> > Who actually uses RADB to build filters other than Verio? While my
> > experience with other providers is limited Verio is the only one (of the
> > ones we have used) who used RADB entries for BGP peers.
>
> Level3 do atleast. Most European providers do.
For customers, though not inter-p
On Sat, 1 Mar 2003 [EMAIL PROTECTED] wrote:
> On Fri, 28 Feb 2003, Andy Dills wrote:
>
> > You don't have to. This is why I never understood why people care so much
> > about probing. If you do a good job with your network, probing will have
> > zero affect on you. All the person probing can do (
> Who actually uses RADB to build filters other than Verio? While my
> experience with other providers is limited Verio is the only one (of the
> ones we have used) who used RADB entries for BGP peers.
Level3 do atleast. Most European providers do.
Neil.
> No, the lazy operational implementations of how people deploy BGP
> in their networks will be the downfall of the Internet. I see on a daily
> basis, wrong announcements, route leaks tripping max-prefixes, RADB
> entries that are either totally out of date, completely wrong or
> for some large
Hello Everyone,
I'm looking for feedback related to Alcatel routers for core equipment. I'm
comparing it's functionality to that of Juniper, Cisco, and Riverstone. Any
help would be appreciate. Most of our experience is with Cisco, but looking
at other avenues.
Regards,
Wayne
Wayne Bogan
80
> http://news.com.com/2100-1009-990608.html?tag=fd_lede1_hed
>
> Seems the BGP will be the down fall of the internet, the sky is falling the
> sky is falling
No, the lazy operational implementations of how people deploy BGP
in their networks will be the downfall of the Internet. I see on a daily
>
>
> > It wouldn't be too hard for me to trust:
> >
> > 4969.24.origin.0.254.200.10.in-addr.arpa returning something like "true."
> > to check whether 4969 is allowed to originaate 10.200.254.0/24. ...
>
> at last, an application for dnssec!
>
er, thats been one of the objectives f
I'm thankful that I have a sense of humor. :-)
Barry is spot on -- this is one of things that I have
continually bitched about. The decline of clever engineering
in the Internet engineering arena is directly related to (methinks)
situations wherein despicable business practices unfortunately
over
37 matches
Mail list logo