Thread that I just started yesterday about port 25 blocking and if
more ISPs werent doing this bidirectionally.
Which is what your local ISP, and other ISPs that have dialup pools, must do.
--srs
On Tue, 11 Jan 2005 01:33:00 -0600, Ejay Hire <[EMAIL PROTECTED]> wrote:
>
> My apologies if this
My apologies if this strays off topic, but I wanted to share my recent
experience.
We had a collocation customer come in and request a t1 of pots lines for
their servers, then complaints that their "security" software wasn't
working because of our RPF checks. As it turns out they were dialing up
Hello people of nanog :)
Ive been doing some reading up and I see that that 2600 series is now supporting 256MB of memory. Do you guys think this router could handle 3/4 peers a QoS setup (RSVP or something)?
http://www.cisco.com/en/US/products/hw/routers/ps259/products_qanda_item0900aecd800f
On Mon, 10 Jan 2005, william(at)elan.net wrote:
> I recently created email security glossary out of the smaller one that was
> included in mta-signatures paper (its now > 5 times larger with almost 300
> terms and abbreviations!), it includes primarily email and cryptography
> abbreviations and t
I recently created email security glossary out of the smaller one that was
included in mta-signatures paper (its now > 5 times larger with almost 300
terms and abbreviations!), it includes primarily email and cryptography
abbreviations and terms but number of related network and dns terms are
On Tue, 11 Jan 2005, Suresh Ramasubramanian wrote:
> and it is being abused - well, nanog found out about this a while
> back, but the popular press (read - eweek magazine) seems to have
> discovered it now, or at least think they've discovered it .. their
> idea of the situation is a bit skewed
and it is being abused - well, nanog found out about this a while
back, but the popular press (read - eweek magazine) seems to have
discovered it now, or at least think they've discovered it .. their
idea of the situation is a bit skewed.
--srs
What actually happens -
http://www.mail-archive.co
> Correct, route reflector's main advantage is scalability and
> if you're thinking to evolve into a larger network with
> dedicated access and core routers, route reflectors are a far
> better option than full mesh, though perhaps not from the start.
Does anyone have any input on when this d
> > ah i was meaning tcp, afaik it sets DF on at least win2k
> All OSes that I know of do this in order to do path MTU discovery. The
> PMTUD RFC encourages implementers to detect changes in the path MTU as
> fast as possible, which they took to mean "set the DF bit on ALL
> packets". Which is u
On 10-jan-05, at 17:15, Stephen J. Wilcox wrote:
Windows appears to always set DF, is there a reason why they did
that?
Of course I wanted to see this for myself. I used Quicktime to
generate
some UDP, but no DFs, either on Win98 or XP.
ah i was meaning tcp, afaik it sets DF on at least win2k
A
The (many) authors of the NANOG-Reform proposal would like to put out this
brief clarification to address some concerns from the community...
Clarification: There has been concern that this proposal would limit NANOG
mailing list reading/posting privileges or meeting attendance privileges.
here's the updated agenda, with three changes.
1. added betty burke's presentation.
2. added adjournment.
3. added webcast/concall.
--
introductionmartin hannigan 5 minutes
&
Does anyone have a Juno contact, preferably one in their mail department. If
you do please contact me off list.
Ross Hosman
HSD Administrator
E: [EMAIL PROTECTED]
O: 314-543-5823
C: 314-898-3381
Yes, it is correct.
> >
> > It is a cisco pix, right? Maybe just replacing the thing with a 1U
> > openbsd box will work wonders.
>
> A PIX firewall can handle EDNS fine. It just has to be told
> what is the maximum EDNS size being advertised by the internal
> clients. The defaults assume th
On Sun, 9 Jan 2005, Suresh Ramasubramanian wrote:
> Applying port 25 filters both ways (inbound and outbound to your
> dialup pool, instead of just outbound port 25 filtering) would help in
> such a situation.
It's good to clarify that this "bidirectional" filtering does not mean
filtering inbou
On 10-jan-05, at 12:26, Stephen J. Wilcox wrote:
Shifting topic a little.. any idea why DF is used anyway? I've never
understood what the purpose of not fragmenting is, and if DF didnt
exist we wouldnt experience the PMTU missing icmp issues
Good question. According to RFC 791:
If the Don't F
> The largest growth element I see is deaggregation of 'classical'
> space which may have perfectly valid purpose within an AS, or in
> a provider-customer relationship, but not N hops away in the DFZ.
> The reasons vary from putting the burden of traffic engineering
> on the rest of the world t
On Mon, 10 Jan 2005 13:50:15 +, [EMAIL PROTECTED]
<[EMAIL PROTECTED]> wrote:
> 1. Did you try using inoc-dba to contact
> other Austrian providers like ACONET
> to ask them this question?
>
> 2. After you finally made contact with
> Austrian Telecom, did you tell them about
> the inoc-dba sys
> I think I'm seeing a rather massive cut. Does anyone have a direct #
for
> someone with clue for backbone events?
I'm curious about a couple of things,
but mainly the second point:
1. Did you try using inoc-dba to contact
other Austrian providers like ACONET
to ask them this question?
2. A
> On Mon, 10 Jan 2005 22:42:28 +1100, Mark Andrews <[EMAIL PROTECTED]> wrote
> :
> > > I receive DNS responses > 500 bytes every day (reported by PIX firewall).
> So
> > > it is an issue, no matter wgat is recomended in RFC.
> >
> > The correct thing to do is to fix your firewall to han
On Mon, 10 Jan 2005 22:42:28 +1100, Mark Andrews <[EMAIL PROTECTED]> wrote:
> > I receive DNS responses > 500 bytes every day (reported by PIX firewall). So
> > it is an issue, no matter wgat is recomended in RFC.
>
> The correct thing to do is to fix your firewall to handle the
>
> I receive DNS responses > 500 bytes every day (reported by PIX firewall). So
> it is an issue, no matter wgat is recomended in RFC.
And you most probable have EDNS clients (nameservers) inside
your firewall making EDNS queries which return EDNS responses
that are bigger
On 10-jan-05, at 1:54, Stephen J. Wilcox wrote:
With a 296 byte MTU I don't get answers from
(a|b|h|j).root-servers.net, *.gtld-servers.net, tld2.ultradns.net and
some lesser-known ccTLD servers.
I thought 576 bytes was the minimum by way of largest initial packet
prior
to negotiating MSS must no
I receive DNS responses > 500 bytes every day (reported by PIX firewall). So
it is an issue, no matter wgat is recomended in RFC.
- Original Message -
From: "Mark Andrews" <[EMAIL PROTECTED]>
To:
Sent: Sunday, January 09, 2005 3:08 PM
Subject: Re: Broken PMTUD for . + TLD servers, was:
24 matches
Mail list logo
