WCS Date: Mon, 29 Sep 2003 00:05:36 -0500
WCS From: Stewart, William C (Bill), RTSLS
[ moderately snipped ]
WCS Some cable user's machine running default-configured MS apps
WCS is sending Paul dynamic DNS queries that it shouldn't,
WCS Well, default-configured Microsoft applications have an
whats disturbing is how many contact addresses for both whois and AS#'s
bounce
sure, i agree, that's disturbing. however, it's a different problem than
having mail get ignored or ignorebotted and then depref'd so low that nobody
even bothers to call you or let you know whether a human ever
Also you have a new generation of ISPs (just like when crackers grow up
and stop there is a new generation to replace them). A lot of ISPs just came
off of having everything outsourced (e.g. [EMAIL PROTECTED]) a little over 1.5 to
2 years ago. A lot of them took the entire ISP management
Unfortunately, telling end users to disable a default setting is
rather difficult these days.
Not if it's done the right way using the right language.
For instance...
Did you realize that your computer is probably wasting
precious bandwidth and slowing down your Internet
Supposedly if you put a newly installed, unpatched Windows box on the
'net,
with an Outlook address book full of fresh spamtrap addresses, you'll
start
getting spam to those addresses in something like 3 hours.
And if you buy a recently expired domain name and set up an SMTP server
for it,
but no matter how good an
idea it is, my complaint is still that sending e-mail toward the whois
contact for a network or AS# should elicit a clueful reply, and if it
doesn't, then the key word we're looking for is cost shifting. (and
that, in case y'all wondered, is why this is relevant to
-BEGIN PGP SIGNED MESSAGE-
[EMAIL PROTECTED] wrote:
In order to truly secure the net against spammers we would
need to secure both the email system and the DNS system.
I use the word system in the context of General Systems Theory,
to refer to everything connected with
the
On Sun, Sep 28, 2003 at 10:26:00PM -0400, Robert Boyle wrote:
At 10:07 PM 9/28/2003, you wrote:
I am seeing the same. ARIN is completely off the air
box02rsm-en01.twdx.net sh ip bgp 192.149.252.16
% Network not in table
I see them via a UUNet announcement through Veroxity and
anyone who doesn't have the windows messanger service disabled or
fire-walled. gets huge piles of messenger spam so it will look just like
more messanger spam to those people.
joelja
On Mon, 29 Sep 2003, Stewart, William C (Bill), RTSLS wrote:
Some cable user's machine running
On 29.09 10:27, James Cowie wrote:
Single-homed /24 through UUNet's 7046 to 701. Withdrawals started at 01:21:38 GMT
(21:21:38 Eastern time), and ARIN flapped severely for about fifteen minutes.
Then they spent another hour and ten minutes inconsistently reachable from half the
world,
Im posting this for a friend.
Looking for a DC Metro area co-lo that will take
a non-rack-mountable box for around $150/month
or less. :) Looking for unlimted bandwidth.
Respond directly to me please.
Thanks,
BM
... probably most of the Abuse issues (especially via email) would
continue to be ignored. Noone wants to handle that stuff. But
someone(s) must handle that stuff.
the underlying question is, or else what?
this is an assymetric-benefit situation. when folks ignore reports from
noncustomers
I think the solution is for those DNS operators affected who have not
signed an EULA for the system that is hammering their DNS to sue Micr0$0ft
for the costs incurred in dealing with the issue. Making Micr0$0ft
play legal whack-a-mole may be the only strategy with a chance of success
here.
(I
... probably most of the Abuse issues (especially via email) would
continue to be ignored. Noone wants to handle that stuff. But
someone(s) must handle that stuff.
the underlying question is, or else what?
this is an assymetric-benefit situation. when folks ignore reports from
The difference is that Netgear admitted responsibility and worked with
UW to cope with the issue. Further, Netgear has funded UW in it's
cleanup efforts and generally stepped up to the plate. As much as I don't
care for Netgear's products, they did show decent corporate responsibility
when UW
Dear NANOG-ers,
I work for an information security company that is
dependant upon ICMP for network mapping purposes
(read: traceroute). On or about August 18, we were
told, our upstream provider began blocking ICMP
packets at its border in the Chicago NAP in an effort
to cut down on the
--On Monday, September 29, 2003 2:44 AM + Paul Vixie [EMAIL PROTECTED]
wrote:
the whole end-to-end argument depends on uniform clue distribution
for scale.
...
Getting vendors to supply more appropriate defaults offers better
scaling possibilities. Your complaint might fix one user's
It reminds me of the Netgear and U of Wisconsin time server SNAFU.
http://www.cs.wisc.edu/~plonka/netgear-sntp/
The difference is that Netgear admitted responsibility and worked with
UW to cope with the issue. Further, Netgear has funded UW in it's
cleanup efforts and generally stepped up to
--On Wednesday, September 24, 2003 1:18 PM -0500 Justin Shore
[EMAIL PROTECTED] wrote:
On Wed, 24 Sep 2003, Joel Perez wrote:
So back to my ACL's I go!
This is one of the most likely things to happen. DNS RBLs are effective.
Otherwise spammers wouldn't be targeting them for abuse.
What
On Mon, Sep 29, 2003 at 09:51:08AM -0700, Mike Batchelor wrote:
--On Wednesday, September 24, 2003 1:18 PM -0500 Justin Shore
[EMAIL PROTECTED] wrote:
On Wed, 24 Sep 2003, Joel Perez wrote:
So back to my ACL's I go!
This is one of the most likely things to happen. DNS RBLs are
CA Windon wrote:
Dear NANOG-ers,
I work for an information security company that is
dependant upon ICMP for network mapping purposes
(read: traceroute). On or about August 18, we were
told, our upstream provider began blocking ICMP
packets at its border in the Chicago NAP in an effort
Micahel,
I think class action is a less effective approach here. Micr0$0ft has
vast resources ready to take on any large single lawsuit and make it a very
expensive and resource intensive process for their opposition. On the other
hand, with a low (around $25 last I looked) filing fee and
Any ideas on how to convert from telco Major-V, Major-H coordinates
to latitude and longitude? Alternately, does anyone have a table of
mapping CLLI codes to latitude and longitude? I am trying to
programatically figure out the air distance between any two Verizon COs.
regards,
fletcher
--
rant
Providers blocking all ICMP = ignorant
I can't possibly stand any ISP's blocking _ALL_ ICMP (alas it is happening now, I
already know 5 ISP's around my area who's doing this as I speak) for any reasons.
If you want to *cough*cough*mitigate*/cough*/cough* impact of so-called BLASTER,
dependant upon ICMP for network mapping purposes
(read: traceroute). On or about August 18, we were
told, our upstream provider began blocking ICMP
If your uptream is only blocking 92 bute ICMP..
other programs such as WinMTR
http://www.icnet.ro/~stanimir/winmtr/
should work.
If they are
Jared Mauch wrote:
On Mon, Sep 29, 2003 at 09:51:08AM -0700, Mike Batchelor wrote:
--On Wednesday, September 24, 2003 1:18 PM -0500 Justin Shore
[EMAIL PROTECTED] wrote:
On Wed, 24 Sep 2003, Joel Perez wrote:
So back to my ACL's I go!
This is one of the most likely things to
Original Message -
From: Owen DeLong [EMAIL PROTECTED]
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Sent: Monday, September 29, 2003 1:07 PM
Subject: Re: Annoying dynamic DNS updates (was Re: someone from attbi please
contact me ...)
Think about Micr0$0ft trying to fight off thousands or
On Mon, Sep 29, 2003 at 01:11:08PM -0400, Dan Armstrong wrote:
Jared Mauch wrote:
On Mon, Sep 29, 2003 at 09:51:08AM -0700, Mike Batchelor wrote:
--On Wednesday, September 24, 2003 1:18 PM -0500 Justin Shore
[EMAIL PROTECTED] wrote:
On Wed, 24 Sep 2003, Joel Perez wrote:
So
Hmm noticed what I was to say has already been said, but to reiterate, if your
provider is blocking ICMP other than echo/echoreply .. in this case ICMP
unreachables and presumably fragments and other fundementally required icmps
they are seriously broken and I would insist they fix it or else
At 01:49 PM 29/09/2003, Jared Mauch wrote:
On Mon, Sep 29, 2003 at 01:11:08PM -0400, Dan Armstrong wrote:
Isn't that collateral damage issue enough to have angered hundreds of ISPs
end users to the point of not necessarily organizing a DDoS, but ignoring
it? I think it is far _more_ likely
Very rusty memory cells on this, but I think the mileage is 0.1 * sqrt ((delta-V)^2 +
(delta-H)^2)). That's assuming same LATA, IIRC.
Pete Templin
Senior Staff Engineer
TexLink Communications
(210) 892-4183
[EMAIL PROTECTED]
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL
Jared Mauch wrote:
On Mon, Sep 29, 2003 at 01:11:08PM -0400, Dan Armstrong wrote:
Jared Mauch wrote:
On Mon, Sep 29, 2003 at 09:51:08AM -0700, Mike Batchelor wrote:
--On Wednesday, September 24, 2003 1:18 PM -0500 Justin Shore
[EMAIL PROTECTED] wrote:
On Wed, 24 Sep 2003,
:s wrap 80-columns
On Mon, Sep 29, 2003 at 02:04:45PM -0400, Dan Armstrong wrote:
I agree with you whole heatedly. Malicious attacks deserve severe consequences,
and all ISPs need to set themselves up to be able to deal with them more quickly
and effectively. We have had problems with
Continuing the trend of holding ISPs morally responsible for all things,
India's Computer Emergency Response Team ordered all ISPs in India to
block a Yahoo bulletin board for promoting anti-national news and
containing material against the government.
[at the risk of angering the moderator, quite rightly since this
thread is bordering on OT - apologies moderator!]
At 14:04 -0400 (GMT) 29/9/03, Dan Armstrong wrote:
These BLs that leveraged their wild west style, unaccountable
[rant probably directed at 'spews' snipped]
I think it's a cop
Pete Templin wrote:
Very rusty memory cells on this, but I think the mileage is
0.1 * sqrt ((delta-V)^2 + (delta-H)^2)).
That's assuming same LATA, IIRC.
Close. It's
sqrt ( 0.1 * ((delta-V)^2 + (delta-H)^2)) )
and it doesn't care about LATAs.
It's mostly accurate in the US middle
From: Claudio GutiƩrrez [mailto:[EMAIL PROTECTED]
I think http://datec.web.att.com/faqs/telecom.htm is an internal ATT webserver
Arrgh..You're correct, and I should have noticed.
It's the 1996 FAQ for Telecom Digest,
Message-ID: [EMAIL PROTECTED]
TELECOM Digest - Frequently Asked
winders does use udp instead of icmp in their tracert program, IIRC (or at
least they used to). At the risk of getting my head blown off, could we say
that was foresight :)
Eric
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Stephen J. Wilcox
Sent:
My thanks to everyone for their responses. The
consensus seems to be to get a new provider, epecially
if my current one is willing to break Internet
Protocol.
To clarify, since the question was posed several
times, we were told that they are blocking _all_ ICMP.
C. Windon
In message [EMAIL PROTECTED], Eric Germann w
rites:
winders does use udp instead of icmp in their tracert program, IIRC (or at
least they used to). At the risk of getting my head blown off, could we say
that was foresight :)
No, they use icmp. Or at least that's what the XP box sitting next
On Mon, 2003-09-29 at 16:10, Steven M. Bellovin wrote:
In message [EMAIL PROTECTED], Eric Germann w
rites:
winders does use udp instead of icmp in their tracert program, IIRC (or at
least they used to). At the risk of getting my head blown off, could we say
that was foresight :)
No,
From: Eric Germann [EMAIL PROTECTED]
Date: Mon, 29 Sep 2003 15:56:04 -0400
Sender: [EMAIL PROTECTED]
winders does use udp instead of icmp in their tracert program, IIRC (or at
least they used to). At the risk of getting my head blown off, could we say
that was foresight :)
You have it
... probably most of the Abuse issues (especially via email) would
continue to be ignored. Noone wants to handle that stuff. But
someone(s) must handle that stuff.
the underlying question is, or else what?
* Fortunately, at least where I was, there is a knowledge of AUPs having
written
I would be happy just to see ISPs live up to their own published AUP. The
Internet would be a MUCH nicer place if this were the case.
Why does the topic of AUP enforcement gravitate towards straw man
discussions of totalitarian governments? Yeah, I am sure the North Korean
ISP scene is no
SMB Date: Mon, 29 Sep 2003 16:10:59 -0400
SMB From: Steven M. Bellovin
SMB No, they use icmp. Or at least that's what the XP box
SMB sitting next to me does...
AFAIK, it's been that way since Win95. I recall a certain
vendor's dodgy ISDN router * * * on Windows traceroute, but
working fine
On Mon, 29 Sep 2003, Stewart, William C (Bill), RTSLS wrote:
Well, default-configured Microsoft applications have an
application that lets you send a machine popup dialog boxes;
it's been discussed here recently because spammers abuse it
and (related discussion) it uses Port 135, so it might
Hope they don't just wildcard the virtual hanging chads...
They could start with a vote on who likes global wildcards in .com and .net
http://msnbc-cnet.com.com/2100-1029_3-5083772.html?part=msnbc-cnettag=alert
form=feedsubj=cnetnews
VeriSign announced Monday that it will provide key
That is so not very funny, andafterthis latest move on verisigns part, Iwouldn't trust online voting forthe next 1000 years..and you can "quote" me on that...
-Henry
Eric Germann [EMAIL PROTECTED] wrote:
Hope they don't just wildcard the virtual hanging chads...They could start with a vote
48 matches
Mail list logo
