On Mon, 29 Nov 2004, Owen DeLong wrote:
Of course, every ASN would not be active. But if we'd have 32 bit ASNs,
there would be "no need" (or so folks would argue) to be strict in the
policies -- everyone and their uncle could have one. Folks could even
get ones for their homes, theis SOHO deploym
Dear colleagues
APNIC received the following IPv6 address blocks from IANA today
and will be making allocations from this range in the near future.
2001:8000::/19
2001:A000::/20
This announcement is being made for the information of the Internet
community, and so that network configu
On Mon, 29 Nov 2004, Owen DeLong wrote:
On Mon, 29 Nov 2004, Leo Bicknell wrote:
# 1 Set aside a block for "local" use a-la RFC1918. This set aside
should make no recommendations about how the space is subdivided
for used for these local purposes.
FWIW, site-locals were dropped (among others)
At 12:00 AM 11/30/2004, Jeff Kell wrote:
Tony Li wrote:
If there was a way that these costs were reallocated to the site that
decided to be multihomed, then the economics of the situation would
balance. Imagine paying US $10K/yr to advertise a single prefix and you
would get to a point where pe
On Mon, Nov 29, 2004 at 08:14:27PM -0800, Tony Li wrote:
> My preferred solution at this point is for the UN to take over
> management of the entire Internet and for them to issue a policy of one
> prefix per country. This will have all sorts of nasty downsides for
> national providers and fol
On Mon, 29 Nov 2004, Chris Burton wrote:
It is highly doubtful that the policies in place will become
more relaxed with the introduction of 32-bit ASNs, the more likely
scenario is that they will stay the same or get far stricter as with
assignments of IPv4 or IPv6 addresses.
I find this ha
Tony Li wrote:
If there was a way that these costs were reallocated to the site that
decided to be multihomed, then the economics of the situation would
balance. Imagine paying US $10K/yr to advertise a single prefix and
you would get to a point where people would make some more rational
decis
You make it sound like the politics involved in a regulatory/governed
setting are different than those involved in a commercial setting. In the
end, it's all about economics.
I think the UN has enough trouble managing the things it attempts to manage
right now. Don't let them try to be technica
Tony Li <[EMAIL PROTECTED]> writes:
> My preferred solution at this point is for the UN to take over
> management of the entire Internet and for them to issue a policy of
> one prefix per country. This will have all sorts of nasty downsides
> for national providers and folks that care about opt
I'm sorry, North Korea is in the UN. My mistake.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Joe Johnson
Sent: Monday, November 29, 2004 10:25 PM
To: Tony Li; [EMAIL PROTECTED]
Subject: RE: size of the routing table is a big deal, especially in IPv6
> > It would have been nice to make sctp be the standard stream protocol
> > for ipv6.
yup. or at any rate, SOME kind of improvement in this area.
> > For most nanog customers, there's still time.
nope.
> > Those places that have already seen significant ipv6 adoption may
> > need to upgrade
My preferred solution at this point is for the UN to take over
management of the entire Internet and for them to issue a policy of one
prefix per country. This will have all sorts of nasty downsides for
national providers and folks that care about optimal routing, but it's
the only way that
Daniel Senie wrote:
There are basically two issues: the forwarding table and BGP
processing. Information in the forwarding table needs to be found
*really* fast. Fortunately, it's possible to create datastructures
where this is possible, to all intends and purposes, regardless of the
size of t
But old-style tcp apps don't work with ipv6 either. So if you're going
to demand binary compatibility, all the mechanics need to get done below
the app anyway.
Actually, on some systems, the appear to work just fine, or, at least the
authors have already coded v6 support in. In an ideal world, ye
On Mon, Nov 29, 2004 at 06:02:48PM -0800, Owen DeLong wrote:
> >
> Please point me to where I can get a version of SSH that uses SCTP instead
> of TCP and talks to the existing SSHD services using TCP with flow
> survivability. If the TCP library changes underneath SSH and provides this
> capabil
Instead of hacking the nice and working TCP we have now you should
move on to greener grass and use SCTP instead. It does what you
want, at least in the specification. I don't know how many implementors
have managed to code it properly.
Please point me to where I can get a version of SSH that use
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This is to inform you that the IANA has allocated the following
twenty-four (24) IPv6 /23s blocks to APNIC:
2001:8000::/23 APNIC
2001:8200::/23 APNIC
2001:8400::/23 APNIC
2001:8600::/23 APNIC
2001:8800::/23 APNIC
200
At 06:33 PM 11/29/2004, Iljitsch van Beijnum wrote:
On 28-nov-04, at 5:20, Daniel Roesen wrote:
I find it interesting that no operators are screaming that there will be
too many routes, but that all the IPv6 researchers are bringing forth
this view.
ACK. All the "oh our IPv4 DFZ table explodes tod
On Mon, Nov 29, 2004 at 10:54:03AM -0600, Jerry Pasker wrote:
> The big difference between Lycos Europe, and a script kiddie with
> zombies is that Lycos is mature enough to use restraint and not knock
> down websites with brute force.
I have no idea whether they're mature enough. They're most
On 28-nov-04, at 5:20, Daniel Roesen wrote:
I find it interesting that no operators are screaming that there will
be
too many routes, but that all the IPv6 researchers are bringing forth
this view.
ACK. All the "oh our IPv4 DFZ table explodes today" is similarily
unfounded as far as I'm aware. I
The servers targeted by the screensaver have been manually selected
from various sources, including Spamcop, and verified to be spam
advertising sites, Lycos claims.
I'd like to know how will they "manually" choose which spammers they'll go
after? Personal e-vendetta? It'll just cau
These are the same arguments that are presented each time
something new comes along to replace something old. When IPv4 first
came along nobody thought all of the 4 billion plus address could ever
be used; but we were wrong. 16-bit ASNs have served their place and
will continue
It's a DDOS. The risk of collateral damage is high.
From what limited information is available in the articles, it
doesn't sound that way. It's not really a DDoS attack, but more of
a "distributed web surfing bot."
I understand this as more of a Distributed Consumption of Service
attack.
> I am not saying that the proposal is intrinsically right or wrong, I am
> saying it could have merit if just in waking up a brain-dead co-lo
> facility operator to deal with spamming clients.
>
> -mm
How would this method be more effective than the e-mails, faxes, blocklists,
and phonecalls
th
On 27-nov-04, at 22:45, [EMAIL PROTECTED] wrote:
the short version of my rebuttal is: "those are not your bits to
waste."
They are if my ISP assigns them to me. :-)
er... not really. they are the ISPs.
Well, the ISP doesn't "own" them either. But they're assigned to me,
which gives me the rig
Your argument seems to assume a T1 garage operation co-lo that is
perpetually out to lunch. Provided Lycos delivers the restrictions on
bandwidth they are stating, why would it exceed capacity? Come on, kids.
If you can't deliver to begin with, don't sell it.
I am not saying that the proposal i
Once upon a time, Miller, Mark <[EMAIL PROTECTED]> said:
> Ah, but I said "poetic justice". Like for like. I am hearing DDoS
> over and over. As I understand it, the application will throttle to
> prevent Denial of access. It just causes additional GB to be used and
> paid for.
For sites set
Ah, but I said "poetic justice". Like for like. I am hearing DDoS
over and over. As I understand it, the application will throttle to
prevent Denial of access. It just causes additional GB to be used and
paid for.
Fraudulent CC use is an entirely different issue...
-m
-Original Messa
> Instead of hacking the nice and working TCP we have now you should
> move on to greener grass and use $xyzzy instead. It does what you
> want, at least in the specification. I don't know how many
> implementors have managed to code it properly.
i remember hearing folks tell vj and mk that whe
72.0.0.0/8 as well :)
Will send you a private email once I get the IP going :-)
--
Majid.
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Jared Mauch
Sent: Monday, November 29, 2004 5:08 PM
To: Barry Raveendran Greene
Cc: 'Jared Mauch'; 'Jon Lewis';
- Original Message -
From: "Erik Haagsman" <[EMAIL PROTECTED]>
To: "Paul G" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Monday, November 29, 2004 4:30 PM
Subject: Re: "Make love, not spam"
>
> I agree and I'm surprised you even mentioned the wordt justice...since
> when is re
On Mon, Nov 29, 2004 at 07:04:28AM -0800, Barry Raveendran Greene wrote:
> > Jared Mauch:
> > > jlewis:
> > > If someone will lend me appropriate /24's, I'll copy
> > > 69box.atlantic.net into 70box, 71box, etc. and come up with a
> > > large (fairly comprehensive) list of IPs behind broken bogo
I agree and I'm surprised you even mentioned the wordt justice...since
when is retaliating bad practices with more bad practises that are
hardly likely to take out the real target considered a good idea..?
Erik
Paul G wrote:
spammer buys hosting account, pays with fraudulent credit card,
spams,
Of course, every ASN would not be active. But if we'd have 32 bit ASNs,
there would be "no need" (or so folks would argue) to be strict in the
policies -- everyone and their uncle could have one. Folks could even
get ones for their homes, theis SOHO deployments, or their 3-person,
on-the-side con
--On Monday, November 29, 2004 21:35 +0200 Pekka Savola <[EMAIL PROTECTED]>
wrote:
On Mon, 29 Nov 2004, Leo Bicknell wrote:
# 1 Set aside a block for "local" use a-la RFC1918. This set aside
should make no recommendations about how the space is subdivided
for used for these local purposes.
Paul Vixie wrote:
i have long wished for and sometimes needed a way to renumber a host
w/o killing or restarting its active tcp flows. this isn't a
layering violation. tcp should be able to know about
endpoint-renumber events.
This is a layering violation and has endless security implications.
as
- Original Message -
From: "Miller, Mark" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Monday, November 29, 2004 10:27 AM
Subject: RE: "Make love, not spam"
>Although I have
>traditionally been in favor of low bandwidth "fixes", this kind of
>appeals to my sense of poetic justi
On Mon, 29 Nov 2004, Owen DeLong wrote:
Also, with 32bit ASN's, also expect upto 2^32 routes in your routing
table when each and every ASN would at least send 1 route and of course
there will be ASN's sending multiple routes.
Only if EVERY ASN were allocated and active. You and I both know this
do
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
> Hannigan, Martin
> Sent: Monday, November 29, 2004 1:16 PM
> To: [EMAIL PROTECTED]
> Subject: RE: "Make love, not spam"
>
>
>
>
> > -Original Message-
> > From: [EMAIL PROTECTED] [mailto:[
On Mon, 29 Nov 2004, Leo Bicknell wrote:
#1 Set aside a block for "local" use a-la RFC1918. This set aside
should make no recommendations about how the space is subdivided
for used for these local purposes.
FWIW, site-locals were dropped (among others) due to concerns about
sufficient guarant
On 29 Nov 2004, at 13:50, Owen DeLong wrote:
Right... Well... The point of the loopback thingy was that you don't
renumber the loopback.
This is not any kind of answer to the problem of TCP session
survivability across renumbering events; it's an answer to the
non-problem of TCP session survivab
On Sat, 27 Nov 2004 18:03:28 +0100, Iljitsch van Beijnum said:
> > To some extent this is correct, but these users really need to learn to
> > effectively protect themselves. In the long term atleast.
>
> Never teach a pig to sing: it wastes your time and annoys the pig.
I've always wondered whe
Paul Vixie wrote:
let me put that another way, in case it's not clear enough as stated:
tcp's existing reference to network addresses are a layering violation,
and so anything we do to improve the situation will also be a layering
violation, but what of it? deciding against making tcp "less pure"
Right... Well... The point of the loopback thingy was that you don't
renumber the loopback. The address assigned to the loopback is used
as the session endpoint identifier, while, the address assigned to
the network interface is used as the routing endpoint identifier. So,
BGP takes care of deail
On 29 Nov 2004, at 13:36, Owen DeLong wrote:
ifconfig le0:1 netmask
YMMV depending on your operating system.
If the old address is removed, then TCP sessions established with the
old address as an endpoint will break; hence plumbing TCP sessions to
loopback addresses is not a solution to TCP s
ifconfig le0:1 netmask
YMMV depending on your operating system.
Owen
--On Monday, November 29, 2004 1:28 PM -0500 Joe Abley <[EMAIL PROTECTED]>
wrote:
On 29 Nov 2004, at 10:58, Andre Oppermann wrote:
You can solve the renumber thingie by having all TCP connecting to/from
an official IP on the
In a message written on Mon, Nov 29, 2004 at 09:09:08AM -0800, Owen DeLong
wrote:
> I will point out, however, that if the boundary moves to /24, there's not
> much difference between the allocation policy of the past that created the
> swamp and current allocation policy. I'm not saying I think
On 29 Nov 2004, at 10:58, Andre Oppermann wrote:
You can solve the renumber thingie by having all TCP connecting to/from
an official IP on the loopback interface. Then the routing code could
do its work and route the packets through some some other or renumbered
interface.
So how do you renumber
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 29, 2004 12:45 PM
> To: [EMAIL PROTECTED]
> Subject: RE: "Make love, not spam"
>
>
>
> > > -Original Message-
> >> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> >> Sen
On Mon, 2004-11-29 at 09:58 -0800, Owen DeLong wrote:
>
> --On Monday, November 29, 2004 5:41 PM +0100 Jeroen Massar
> <[EMAIL PROTECTED]> wrote:
>
> > On Mon, 2004-11-29 at 08:35 -0800, Owen DeLong wrote:
> >> > Also, with 32bit ASN's, also expect upto 2^32 routes in your routing
> >> > table w
> > i have long wished for and sometimes needed a way to renumber a host
> > w/o killing or restarting its active tcp flows. this isn't a
> > layering violation. tcp should be able to know about
> > endpoint-renumber events.
>
> This is a layering violation and has endless security implications
--On Monday, November 29, 2004 5:41 PM +0100 Jeroen Massar
<[EMAIL PROTECTED]> wrote:
On Mon, 2004-11-29 at 08:35 -0800, Owen DeLong wrote:
> Also, with 32bit ASN's, also expect upto 2^32 routes in your routing
> table when each and every ASN would at least send 1 route and of course
> there wil
> -Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
Sent: Monday, November 29, 2004 11:54 AM
To: [EMAIL PROTECTED]
Subject: RE: "Make love, not spam"
[ SNIP ]
The big difference between Lycos Europe, and a script kiddie with
zombies is that Lycos is mature en
For residential users on cable-modem, the plan will deplete a scarce resource:
upstream transmit opportunities. The DOCSIS MAC layer imposes an upper limit
on the quantity of upstream transmissions (essentially PPS limitation, unless
concatenation is employed, and concatenation is probably moot
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 29, 2004 11:54 AM
> To: [EMAIL PROTECTED]
> Subject: RE: "Make love, not spam"
>
>
>
[ SNIP ]
>
> The big difference between Lycos Europe, and a script kiddie with
> zombies is that
I don't think this statement is true on its face. Regardless, if
it is true the end users have no one to blame but themselves.
Agreed... Although I think ARIN could do better outreach to the broader
community. I think there are perceptions out there that differ from
reality,
and, blaming people
On Mon, 29 Nov 2004, Pekka Savola wrote:
>
> ASN exhaustion is IMHO just a symptom of the real problem. Enlarging
> the ASN space does not cure the disease, just makes it worse.
>
Uhm... because you DON'T want customers to multihome and do so with
multiple providers for their own safety?
> > i have long wished for and sometimes needed a way to renumber a host
> > w/o killing or restarting its active tcp flows. this isn't a
> > layering violation. tcp should be able to know about
> > endpoint-renumber events.
>
> Unfortunately this sounds like a good target for people to mess up
It's a DDOS. The risk of collateral damage is high. I
won't discuss the RBL aspect of it because it can't be
legitimized past the first sentence.
-M<
From what limited information is available in the articles, it
doesn't sound that way. It's not really a DDoS attack, but more of a
"distribut
On Mon, 2004-11-29 at 08:35 -0800, Owen DeLong wrote:
> > Also, with 32bit ASN's, also expect upto 2^32 routes in your routing
> > table when each and every ASN would at least send 1 route and of course
> > there will be ASN's sending multiple routes.
> >
> Only if EVERY ASN were allocated and acti
Also, with 32bit ASN's, also expect upto 2^32 routes in your routing
table when each and every ASN would at least send 1 route and of course
there will be ASN's sending multiple routes.
Only if EVERY ASN were allocated and active. You and I both know this
doesn't begin to approach reality. Slight
On Mon, 2004-11-29 at 16:58 +0100, Andre Oppermann wrote:
> Paul Vixie wrote:
> >>And please don't add any more layering violations. It makes implementors
> >>life painful and kills any architectual cleaniess in operating systems.
> >
> > i have long wished for and sometimes needed a way to renum
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 29, 2004 11:00 AM
> To: [EMAIL PROTECTED]
> Subject: Re: "Make love, not spam"
>
>
>
> Rich Kulawiec <[EMAIL PROTECTED]> wrote:
> > Already noted as unbelievably stupid and dissected on
In message <[EMAIL PROTECTED]>, Peter Corlett writes:
>
>Rich Kulawiec <[EMAIL PROTECTED]> wrote:
>> Already noted as unbelievably stupid and dissected on Spam-L,
>
>I'm inclined to agree...
>
>> but: getting into a bandwidth contest with spammers is a guaranteed
>> loss, as they have an [essentia
Rich Kulawiec <[EMAIL PROTECTED]> wrote:
> Already noted as unbelievably stupid and dissected on Spam-L,
I'm inclined to agree...
> but: getting into a bandwidth contest with spammers is a guaranteed
> loss, as they have an [essentially] infinite amount available to
> them for free. Apparently L
Paul Vixie wrote:
And please don't add any more layering violations. It makes implementors
life painful and kills any architectual cleaniess in operating systems.
i have long wished for and sometimes needed a way to renumber a host w/o
killing or restarting its active tcp flows. this isn't a laye
On Mon, Nov 29, 2004 at 02:14:01PM +, Fergie (Paul Ferguson) wrote:
> Techdirt has an article this morning that discusses how
> Lycos Europe is encouraging their users to run a screensaver
> that constantly "pings servers suspected to be used by
> spammers" and also suggests that "In other wor
> -Original Message-
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Monday, November 29, 2004 9:28 AM
> To: [EMAIL PROTECTED]
> Subject: Re: "Make love, not spam"
>
>
>
>
> The BBC also has an article this morning about this:
>
> http://news.bbc.co.uk/2/hi/technolo
Not the A, the PTR... But yes, that could be a nasty retaliation by
spammers with control of their DNS. I would hope, however, that the
"screen saver's" target would be an IP address instead of a FQ mnemonic
hostname.
From the article, I understand that Lycos will be manually watching the
li
Scratch that... Yes, the A record. You are right.
I need coffee or something... :-)
-Original Message-
From: Miller, Mark
Sent: Monday, November 29, 2004 9:27 AM
To: [EMAIL PROTECTED]
Subject: RE: "Make love, not spam"
Not the A, the PTR... But yes, that could be a nasty re
In a message written on Wed, Nov 24, 2004 at 11:40:50AM -0800, Tony Hain wrote:
> The current problem is that the RIR membership has self-selected to a state
> where they set policies that ensure the end customer has no alternative
> except to be locked into their provider's address space. Everyone
Paul Vixie wrote:
And please don't add any more layering violations. It makes implementors
life painful and kills any architectual cleaniess in operating systems.
i have long wished for and sometimes needed a way to renumber a host w/o
killing or restarting its active tcp flows. this isn't a
At 09:39 AM 29/11/2004, Suresh Ramasubramanian wrote:
Fergie (Paul Ferguson) wrote:
I'd be curious to hear what NANOG readers thoughts are on
this.
It would be interesting to see how this fares when faced with a whole lot
of router acls that got put in to filter out nachi
Although I generally like
> Date: Wed, 24 Nov 2004 21:33:24 -0500
> From: Gordon Cook <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED], [EMAIL PROTECTED]
> Subject: Re: Public Interest Networks (try UCLP)
> [ ... ]
> In Europe Kees neggers with Surfnet6 is doing the same thing.
Well, some people over here in .NL might take o
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
> > If someone will lend me appropriate /24's, I'll copy
> > 69box.atlantic.net into 70box, 71box, etc. and come up with a
> > large (fairly comprehensive) list of IPs behind broken bogon
> > filters.
>
> http://puck.nether.net/~jared/papers/69
> And please don't add any more layering violations. It makes implementors
> life painful and kills any architectual cleaniess in operating systems.
i have long wished for and sometimes needed a way to renumber a host w/o
killing or restarting its active tcp flows. this isn't a layering
violati
Fergie (Paul Ferguson) wrote:
I'd be curious to hear what NANOG readers thoughts are on
this.
It would be interesting to see how this fares when faced with a whole
lot of router acls that got put in to filter out nachi
srs
On Sat, Nov 27, 2004 at 06:25:52PM +0100, Iljitsch van Beijnum wrote:
> While IPv6 is still IP, it's not just IPv4 with bigger addresses. We
> have 128 bits, so we should make good use of them. One way to do this
> is to make all subnets and 99% of end-user assignements the same size.
> Yes, t
The BBC also has an article this morning about this:
http://news.bbc.co.uk/2/hi/technology/4051553.stm
- ferg
-- "Fergie (Paul Ferguson)" <[EMAIL PROTECTED]> wrote:
Techdirt has an article this morning that discusses how
Lycos Europe is encouraging their users to run a screensaver
that const
Paul Vixie wrote:
(catching up)
(you missed some stuff.)
On 2004-11-22, at 18.52, Paul Vixie wrote:
(let me put it this way: A6/DNAME was shot down because of
complexity, and it was simpler than this.)
I am not convinced A6/DNAME would have solved all problems, not even
all of the ones you pointed
Techdirt has an article this morning that discusses how
Lycos Europe is encouraging their users to run a screensaver
that constantly "pings servers suspected to be used by
spammers" and also suggests that "In other words, it's a
distributed denial of service attack against spammers by
Lycos."
Th
Geekzone reports that "Intelsat, Ltd. said that its
Intelsat Americas-7 satellite experienced a sudden and
unexpected electrical distribution anomaly that caused
the permanent loss of the spacecraft on 28 November 2004
at approximately 2:30 am EST."
ref: http://www.geekzone.co.nz/content.asp?con
On Mon, 2004-11-29 at 12:11 +0100, Cliff Albert wrote:
> On Mon, Nov 29, 2004 at 08:45:17AM +0200, Pekka Savola wrote:
>
> > >Well, how many AS numbers would you like to give out? 3 in 20 years?
> > >100k a year? A million in a month? 32 bits will then give you 2863
> > >millennia, 429 centu
On Mon, Nov 29, 2004 at 08:45:17AM +0200, Pekka Savola wrote:
> >Well, how many AS numbers would you like to give out? 3 in 20 years?
> >100k a year? A million in a month? 32 bits will then give you 2863
> >millennia, 429 centuries or 357 years, respectively.
>
> ASN exhaustion is IMHO jus
On 29-nov-04, at 10:59, Owen DeLong wrote:
2002/48, eg, 192.0.2.42 becomes 2002:c000:22a::/48, 6to4,
quite in use and works fine when the 6to4 relays are close-by for both
ends.
OK... Seems a bit messier, and more wasteful of address space, but, if
we
want to blow away 4 billion /48s to accom
On Mon, Nov 29, 2004 at 11:13:55AM +0100, Iljitsch van Beijnum wrote:
> We really don't want to arrive at a situation
> where it becomes increasingly difficult to obtain an AS number for
> those who legitimately need one.
What will be interesting is the definition of "legitimate" in this
contex
On 29-nov-04, at 7:45, Pekka Savola wrote:
I think it's not. The problem will not go away then, it will just
take
longer before it appears again. The policies have to get stricter,
there
is no point in 'fixing' your problems by not fixing the issue that
created them in the first place.
Well, how
On Mon, 2004-11-29 at 01:59 -0800, Owen DeLong wrote:
> > 2002/48, eg, 192.0.2.42 becomes 2002:c000:22a::/48, 6to4,
> > quite in use and works fine when the 6to4 relays are close-by for both
> > ends.
> >
> OK... Seems a bit messier, and more wasteful of address space, but, if we
> want to blow
:::, eg :::192.0.2.42, but that is mostly (or
entirely?) deprecated. The IPv4 mapped addresses give a range of nice
security problems where people forget to close down their IPv6 firewall
for this and thus allow IPv4 addresses into the IPv6 world and there
where some other reasons.
Huh? A
On Sat, Nov 27, 2004 at 02:42:55PM +0100, Måns Nilsson wrote:
> > The current problem is that the RIR membership has self-selected to a
> > state where they set policies that ensure the end customer has no
> > alternative except to be locked into their provider's address space.
>
> Do note that,
--On Sunday, November 28, 2004 11:35 PM -0800 "william(at)elan.net"
<[EMAIL PROTECTED]> wrote:
On Mon, 29 Nov 2004, Pekka Savola wrote:
6. Acknowledgments
[...]
Some took it on themselves to convince the authors that the concept
of network renumbering as a normal or frequent procedure
On Mon, 2004-11-29 at 01:11 -0800, Owen DeLong wrote:
> How is this any more of a security hole than address-based trust in the
> first place. As near as I can tell, the 6-to-4 mapping is simply a
> legitimate form of address spoofing more than what I would call dynamic
> tunnels. As I understa
I suspect that it is now time to agree to disagree.
I have said before and will say again:
1. IPv4 is fundamentally flawed in that we are using a single
resource as both an end-point identifier and a routing
identifier. The phone companies figured out t
--On onsdag 24 november 2004 11.40 -0800 Tony Hain <[EMAIL PROTECTED]>
wrote:
> The current problem is that the RIR membership has self-selected to a
> state where they set policies that ensure the end customer has no
> alternative except to be locked into their provider's address space.
Do no
the property of a6/dname that wasn't widely understood was its intrinsic
multihoming support. the idea was that you could go from N upstreams to
N+1 (or N-1) merely by adding/deleting DNAME RRs. so if you wanted to
switch from ISP1 to ISP2 you'd start by adding a connection to ISP2, then
add a DN
Reclaiming AS numbers is a waste of time. We need to move beyond 16
bits at some point anyway.
I think it's not. The problem will not go away then, it will just take
longer before it appears again. The policies have to get stricter, there
is no point in 'fixing' your problems by not fixing the issu
* Owen DeLong <[EMAIL PROTECTED]> [2004-11-28 19:51]:
> there are a lot of organizations now having PI without having an ASN
> and beeing multihomed. a transition to v6 with this policy would make
> things much worse for them, so why should they?
They shouldn't unless they need features that are av
97 matches
Mail list logo