> Abuse desk is a $0 revenue operation. Is it not obvious what the issue is?
They're too busy spamming and phishing to respond to abuse reports?
brandon
> I can lease 10 racks,
> put T1600s in two of them, and leave the other 8 empty; but
> that hasn't helped either me the customer or the exchange
> point provider; they've had to burn more real estate for empty
> racks that can never be filled
Seems fine to me, you used your power in two racks, t
> A minor point perhaps, but most technical people I know prefer to
> receive plaintext emails.
s/prefer/have/ in a lot of cases
We get a lot of spam and for technical matters don't need html which
usually gets trapped as spam, as was the posters message to the list.
brandon
> I thought we were all trying to discourage NAT in IPv6. Clearly, NAT
> solves the problem ... while introducing 1000 new ones. :-/
Clearly some have been trying to discourage NAT in IPv6
ensuring there'll be a 1000 problems if anyone tries.
> I mean, yeah, it'd be great if we could mandate /
> (totally disregarding the HSSG policy of talking cost and not price here)
All we see is price, don't forget step 3. Profit
> If the cost estimate has any bearing on actual end-user purchase price,
> then I would say that the 3-4km reach alternative makes sense.
Consider C prices. If there ar
> On Fri, Oct 26, 2007, Paul Ferguson wrote:
> > If I'm sitting at the end of 8Mb/768k cable modem link, and paying
> > for it, I should damned well be able to use it anytime I want.
> >
> > 24x7.
> >
> > As a consumer/customer, I say "Don't sell it it if you can't
> > deliver it." And not just
> > End-to-end-ness is and has been "busted" in the corporate world AFAICT
> > for a number of years. IPv6 "people" seem to think that simply
> > providing
> > globally unique addressing to all endpoints will remove NAT and all
> > associated trouble. Guess what - it probably won't.
>
> If you
> > It's more effective to spend the money on SMS messages. Mobile
> > providers are forced to use very aggressive anti spam measures, which
> > can add significant delays in message delivery.
>
> Recommendations on software and modems?
Easy enough to build, here's one I made earlier
http://www
> Is there a possible revenue stream here for larger ISP's to begin
> charging their customers for not aggregating
or to pay a clearing house to reaggregate them, mutual trades so you
can accumulate enough of a block, approach current (non)users of space
and buy out to build blocks they can sell
> but today that provision is: If you buy a domain you have 5 days to
> 'return' it. The reason behind the return could be: "oops, I typo'd"
Fine, I don't recall that being the case previously so somone thought
to introduce it
> "hurray, please refund me for the 1M domains I bought 4.99 days ago
> How do you engineer around enterprise and ISP recursors that
> don't honor TTL, instead caching DNS records for a week or more?
Ask their users to tell them to stop being muppets
brandon
> Are there any "good" tools for IPv6 address management?
"There's so many bits they don't need managing"
brandon
> Wouldn't residential fiber be
> expected to radiate out from neighborhood break-out boxes, or at the
> longest from a central office in the middle of town, rather than having
> some central point where enough individual strands of fiber converged to
> serve everybody in a 2,000 kilometer rad
> I found it amusing the FBI saying "don't call us (either)."
Can't say I blame them, most reports from people who installed
a security device they know nothing about seem to CC the FBI
They must be bored tracking down why our web servers are
attacking people with a little http.
brandon
> > #1 NAT advantage: it protects consumers from vendor
> > lock-in.
> >
> Speaking of FUD... NAT does nothing here that is not also accomplished
> through the use of PI addressing.
True, diy PI (mmm, PI) is a major reason people use it for v4 and why
they'll want something similar for v6. N
> Any reason it hasn't migrated over to IPv6 and 44/8 returned to the
> free pool?
Old software, efficiency (lots of the embedded low power
hardware), no need to as 44. is all the space needed. Lots
of other reasons I don't know
When it started it was quite advanced, it was pretty much the onl
> The last time I looked into this there wasn't anything being done with
> the block
It's been in use for a very long time (>10years)
> but now I see lots of people assigned to do various things -
> should have looked before I said anything, but in 2001 this was totally
> dead, at least in Iowa/
> But for the
> sanity and comfort of other list users, would it be too much to ask that
> people with annoying tacked-on .sig's use a personal mail account when
> posting to the list? I hear Google offers nice email accounts for a
> reasonable price.
That often results in people sending html in
> As to what CNN are doing with their DNS, I've no idea, but I don't think it
> concerns Nanog
Other news sites are available
regards,
brandon
http://news.bbc.co.uk/
> "So assuming router state based multicast, how do you bill on that if
> the stream is exploded on the opposite end of, or in the middle of, a
> transit network?"
"You're likely getting it from a settlement free peer at the request of
your customer who has paid for you to deliver it to them. You
> I think you're presupposing that the concept of "channels" is
> something that will persist.
For some time.
There's quite an industry with an interest in maintaining that. It
probably won't vanish until the current generations die.
Channel based and discrete delivery of content (radio vs re
> Multicast isn't going to help the phoneco atm network.
Indeed, people keep quoting that but it's a bogus argument
as nothing will help the phoneco atm network running out
of bandwidth other than upgrading it
That is happening, unicast/p2p/multicast/whatever, as all this
content is raising aver
> IP Multicast as a solution to video distribution is a non-starter. IP
> Multicast for the wide area is a failure. It assumes large numbers of
> people will watch the same content at the same time.
They do.
Sure it degrades to effective unicast if too few people watch the same
channel in the
> > During the cold war American kids
> > were trained to hide beneath their desktops in caseof a nuclear
> > attack. Much good that would have done.
It could have kept them from running around the streets screaming we're
all going to die.
It may well save people if they are on the edge of the s
> The UK avionics industry used to (and may still) use thin PVC tube
> for lacing
Have a reel here still, Suflex Lacing Cord R88W
PVC over synthetic cord
brandon
> Then that wouldn't be enough since the other Tier 1's would need to
> upgrade their peering infrastructure to handle the larger peering
> links (n*10G), having to argue to their CFO that they need to do it so
> that their competitors can support the massive BW customers.
Someone will take the b
> Given that the broadcast model for streaming content
> is so successful, why would you want to use the
> Internet for it?
We now have to pay for spectrum, when you have to pay you look for the
cheapest delivery path.
Until we switch off analogue there is a shortage of spectrum so we have
limit
> Note that video caching systems like P2P networks can
> potentially serve video to extremely large numbers of
> users while consuming reasonably low levels of upstream
> bandwidth.
The total bandwidth used is the same though, no escaping
that, someone pays.
> Then local users
> use local bandw
> > If this application takes off, I have to presume that everyone's
> > baseline network usage metrics can be tossed out the window...
That'll happen anyway, what used to be considered high volume
content is becoming the norm with lots of start ups and old
school broadcasters getting involved.
> Some say that top-posting reverses the conversation, but if you
> are thumbing through the archives of top-posted threads, each
> contribution is on the first screen and you can navigate message
> to message in time-order
Don't include the email you're responding to then it's no longer top
post
> What I've never understood is, that, how a gov't issue ID (for the
> purposes of allowing entry) is of any use whatsoever.
>
> It's not as if someone is doing a instand background check to know if
> the person is a criminal, or wanted, or whatever. It's trivial to forge
> a gov't ID.
Welcome t
Nothing new, we had a form of this long ago
http://en.wikipedia.org/wiki/Window_tax
Charging per fibre/mile is much the same
brandon
> ICANN *does* have a requirement for accurate information in WHOIS
> That's the reason for those notifications.
I've found the ones that need updating often don't reach the recipient
because their details are incorrect.
The rest are just spam (we have several 1000 domains...).
brandon
> Does anybody have details about a power outage at Telehouse North today?
There was no power to a fair proportion of it for around 5 minutes
at approx 12:50BST
brandon
> An e-mail message *can* in fact, be HTML, as HTML is a text payload
> like any other.
Perhaps he was saying he won't spend the time looking for information
amongst html tags. Sure you can send html, it's just not nice for the
reader.
> It's not his (or the world's) fault your MUA is locked i
> GSLB based on DNS have one significant shortcoming that moone here has yet
> mentioned: they are performing their magic on the location of the
> _nameserver_ that issued the query.
>
> this can be VERY different to that of the ACTUAL location of the client.
Systems that infer stuff make errors
> For the RIPE meeting, this has been solved by introducing day tickets.
RIPE is a whole week at Butlins[1] to Nanogs' day by the sea
brandon
[1] http://en.wikipedia.org/wiki/Butlins
> [I just happened to see this, browsing at high speed, so please
> forgive me, if I'm out of context.]
You did miss the point (if there is one still)
> a rouge anycast NTP server could create
> substantial amounts of harm from security and other standpoints by
> giving out incorrect time.
It d
> > Please provide reference URLs or the code, if not then stop spreading FUD.
>
> No.
>
> Talk to you after the first worm.
Don't bother, it's too late then
Anyone can claim to have had the 0day after the event.
brandon
> There are two exploit code samples I saw. There are two remote exploits
> for one of them so far that are public that I know of.
Please provide reference URLs or the code, if not then stop spreading FUD.
Bugs happen, deal with them and move on.
The endless whine is more annoying (as are 20 v
> If there's such a compelling need for native multicast, why has it
> seen such limited deployment
It hasn't been needed by enough people
We have a growing need and are doing a little bit to encourage use
http://www.bbc.co.uk/multicast/
Other content owners agree, we have a number working o
> There is
> talk at present of whether the protocol needs to be able to
> accommodate a site-policy middlebox function to enforce site policy
Certainly, firewalls may be the only point such policy will work
when the hosts are hidden behind them on a corporate lan
10 years of host legacy l
> In addition, if anyone has any problems with the
> trustworthiness of
> then they should raise that issue with the FIRST secretariat and on the
> FIRST mailing lists where we can counter any claims to the otherwise.
Trust is earned, it cannot be gained by shouting
brandon
> And if we can convince the PHBs that moving off of Windows is
> (1) feasible, which is obvious; (2) manageable for them
(3) they won't end up like Peter Quinn
http://www.theregister.co.uk/2005/12/29/mass_odf_cio/
brandon
This is pointless argument, please stop
There are those who think they are right in spamming people with reports
of a virus they didn't send and the rest of the planet who think they
are mad and wish they'd get a clue.
> As the recipient of the DSN is _always_ the best
> judge whether the DSN
> I choose to view this as ineffectual railing against the seemingly
> inevitable subordination of bit transport to compelling content.
I thought he is suggesting they are going to disconnect from
the Internet and run their own private net which is fine but
some customers may go elsewhere
> They
"Firms must defend against ISP clashes, warns Gartner
Commercial row between ISPs shows vulnerability of single sourcing
says analyst"
http://www.computerweekly.com/Articles/Article.aspx?liArticleID=212391
Looks like it's about to enter the corporate rule book
"Gartner said every location tha
> Think in the future, do we really want routers that'll handle millions of
> prefixes and hundreds of thousands of AS numbers, just because people want
> resiliance?
Something will have to provide it and I don't want it to be each of my
hosts. I'd rather the hundreds of hosts handle payload an
> But I have also to admit that I'm shocked how few folks have the balls
> (or is it lazyness?) to express their opinion on IPv6 multihoming in the
> public, on the established fora for that stuff.
The probably got bored of having "it doesn't scale" shouted at them
> Almost zero feedback from e
> You are misunderstanding.
I'm extrapolating, things rarely stay restricted to the
original use they existed for. At some point I expect
they'll put something on it that users become aware of
and think "it'd be much more convenient if we could
use the same on the internet"
> The data in .gprs i
> It is not a public root and it is not available over the internet either
>
> A closed service available solely over the gprs network
Until the users want to access the same stuff from their
PC and they petition for it to be in the public root too
To the public if it looks like internet they
> Besides, what sort of "dumb SMTP client" did you have in mind?
> Formmail scripts? Worms? Outlook Express? I can't say I'd miss mail
> from any of those.
Pot, kettle...
Yours seem to have come via a train wreck of mua/mta's
> From [EMAIL PROTECTED] Fri Sep 30 08:42:11 2005
> Delivered-To: [E
> >> So how do you know it's 4 million and not 4.1?
>
> > Could be 4.1 or even 4.2.
>
> And therein lies the problem.
My point, we don't know so some arbitrary or technology limits will
have to do as there isn't financial reason to make something
bigger
> in any event, 32-bit AS
> numbers al
> >> 1. Give us a maximum number of multihomers.
>
> > 4 Million
>
> So how do you know it's 4 million and not 4.1?
Could be 4.1 or even 4.2. I'm assuming those
working on 4byte ASs know, if it's more we'll have
to migrate again which would be silly so soon
So about 4M it must be.
> We know t
> 1. Give us a maximum number of multihomers.
4 Million
> 2. Tell us how a routing table of that size (assuming 1 route per AS)
> will scale based on reasonable extrapolations of today's technology.
SUP720-3BXL says 1M (500K v6) now, doesn't seem too much of a stretch
to 4M over many years
b
> Look at the headers... it was obviously sent by tribuneinteractive,
> and it's pretty unlike Paul to do something like this.
I just binned them as a poor fake, obvious because
they didn't have all the header cruft of real Paul message
brandon
> The time it would take it to be deployed depends (among other
> factors) on whether the IDR WG would reach a (rough) consensus on
> moving forward with the existing spec, even if one may argue that
> there could be a better alternative to the existing spec.
I don't think we're that short of tim
> The Huawei probe illustrates the uneasy relationship between China and
> India.
They don't have much choice who to trust when India owns most of the
fibre and China supplies most of the kit
brandon
> Why should content providers be at all interested in driving v6 usage?
Only if there are people on V6 that can't get to our V4 services,
otherwise we're just doing it for the good of the net
> They are interested in meeting demand, innovating, collecting
> ad revenue, etc. The ROI to the given
> "www.really-cool.alt. Now fix your systems so I can access it"
>
> The poor guy/gal at the other end of the line will need a really good
> answer.
"Looks like your friend has been duped by some domain hijackers/phishers
exploiting a DNS security hole. We've kept you safe from that perhaps
you
> Unfortunately, the problem is inherent in human writing systems.
> Consider rnicrosoft.com and paypaI.com.
And people are no better than muppets in ensuring they don't
screw themselves up
> The good news is that fairly simple homograph rules can be applied
Rules aren't safe, it involves huma
>> Already, some 21 TLDs are whitelisted, including .cn, .tw, a number
>> of European ccTLDs, .museum, and .info. Any other registrars who
>> want to be supported can simply E-mail Gerv at the Mozilla
>> Foundation, or his Opera counterpart, and give them a pointer to
>> their anti-spoofing rules.
> I think the world has shown that cellphones have been used over and over
> to detonate explosive devices.
They can go back to alarm clocks with big bells.
The point is people are only inconveniencing themselves in accepting
such knee jerk responses in the name of fighting terrorists. The
terro
> DomainKeys are the work of the devil
Well it is one of the most untidy headers
DomainKey-Signature: a=rsa-sha1; q=dns; c=nofws;
s=beta; d=gmail.com;
h=received:from:to:subject:date:mime-version:content-type:x-mailer:x-mimeole:thread-index:in-reply-to:message-id;
b=A7
> > > With public peering you simply never know how much spare
> > > capacity your peer has free.
> >
> > So? That doesn't make public peering bad, you don't know that
> > for PI or transit either
>
> For PI I know how much spare I have towards them, taking for
> granted they can move the traffi
> With public peering you simply never know how much spare
> capacity your peer has free.
So? That doesn't make public peering bad, you don't know that
for PI or transit either
> And would you expect your
> peer with 400 Mbit/s total to have 400 reserved on his AMSIX
> port for you when you see
> I'm sure a few more provider failures
> are in the offing - but obviously if the marginal price for bandwith
> doesn't pay for the capital costs of expansion, either eventually
> bandwidth will be more expensive, or the equipment will be cheaper.
Perhaps they aim to keep driving the competition
Depends on your choice of tools but these are handy -
http://www.canford.co.uk/commerce/resources/catdetails/2458.pdf
http://www.canford.co.uk/commerce/resources/catdetails/2457.pdf
http://www.canford.co.uk/commerce/resources/catdetails/2628.pdf
Sure, the other two buildings still work. Hex has had a history of
power problems. I'm in Sovereign and it's been OK so far.
Of course we have other buildings as anything can break (e.g. 25 Broadway)
"We host ecommerce sites turning over million of pounds,
pay redbus a significant amount
> What if the UN says ITU should run the TLDs, ICANN says yes, and, a
> significant portion of the operational internet says no?
Nothing happened beyond a bit of noise on mailing lists when ICANN
did their coup, why should anything happen now?
Now ICANN are ramping up their domain tax to fund th
> The loophole that led to this error has been closed.
Perhaps for you but this process leaves a lot of registrars in position
to do damage, accidentally or by the criminal action of staff.
> In some cases registrars delegate the obtaining of the approval from a
> reseller
Though well inten
> Sorry Alex, but I think you are barking up
> the wrong tree.
> When you add Ethernet as a requirement
> then you are asking for an I/O interface
> that is more complex
Ethernet is cheap and trivial, drop some
code in one of these (cpu is built into the
rj45 socket)
http://www.lantronix.com/d
> An end site is defined as an end user ...
Legal people make a lot from interpreting such documents
so it's best not to stare too long at them.
> As such, it appears to be a catch 22. If your organization has transit
> and PA space, apparently, as I read the policy, that would preclude you
> f
> > I've run into very few enterprises that know they'd even be allowed to
> > join an IX, much less actually interested in doing so.
Subject: Exchange Update - New Participant
Date: Fri, 19 Nov 2004 15:49:59 -0800
Equinix would like to introduce the following peers to the GigE Exchange
pee
> I put the blame not on the AV vendors but strictly on MS for building a
> sieve.
I blame the people who purchase sieves.
> I'd prefer a PGP signed message, but I know that
> the people who use S/MIME would probably object.
It doesn't matter what the email is signed with I'd still go
to the site to confirm
> It would be too easy to get many people to pull an entry from a filter
> with a forged message and have the
> IMHO the right way to do this is to build the power cycling
> capability into the individual 1U boxen. Again, we
> should be talking to the embedded systems folks to
> give them a standard set of requirements that everyone
> can support.
See Sun Netra LOM. Done.
> This may be worth having a wo
> I can imagine what a rack full of 1U's from varying vendors
> with different cable management systems would be like.
It can be tricky. Single vendor helps, even simpler if it's all Sun -
http://www.bogons.net/pics/bogons_20021205b.jpg
http://www.bogons.net/pics/bogons_20031005a.jpg
Sun Netras
> The Symbiot whitepaper on their service describes a process with a
> little more imagination
Like hooking it up to DARPA Grand Challenge winners?
http://abcnews.go.com/sections/SciTech/WorldNewsTonight/robot_race_darpa_040310-1.html
> I applaud the idea of a outsourced department that will ma
> > I'd just check the web site or directly if it was important to know
>
> What makes you think that the answer you get when you look up
> www.iana.org is what the real IANA wanted you to get?
"or directly if it was important to know", choose channel by
degree of certainty you desire.
> This
Duh. Make that
the OS that can use it seem to be more
usually wormed/virused than the OS that can't
> It would be good for them to sign such posts with
> a well known PGP key...
I see no point, if someone was trying to spoof this announcement
they may already have the iana key
X-Mailer: QUALCOMM Windows Eudora Version 6.0.0.22
Date: Mon, 17 Nov 2003 20:54:45 -0800
From: Steve Conte <[EMAIL P
> Cisco has licensed its Cisco
> Trust Agent technology to Network Associates, Symantec and Trend Micro so
>
> Currently the Cisco NAC software only works with Cisco network equipment
> and Microsoft Windows NT, XP and 2000 operating systems.
>
> Without the secret handshake Mac OS, Linux, Solari
> What effective action can we take as a collective group to
> get the point across that we will not tollerate this type of behavior?
Internet death penalty? (at last a topic you can configure
your router for)
Having been provided a mechanism to catch all those typos what ISP
wouldn't want that
> it would appear that given the large scale
> ddos attacks against networks, and dns in particular over the last year,
> an anycast implementation is the *only* way that dns has a chance of
> surviving.
It might help but isn't a cure all.
If they can query it they can DoS it and given the spla
> we're only upset because Verisign makes money off of this.
I'm sure that is a factor too.
Verisign have a contract to operate a shared registry, as a monopoly is
unreasonable, but hijack it to make a different service that nobody
else gets to bid for running.
If such a service were a feasibl
> the it behaves well in varying network conditions, which cannot be said
> from either WM or RM.
Quality of the link from encoder to Real server is important, send
garbage to the server and it has nothing to distribute.
I get the impression it's done in band with other NANOG traffic and may
be
> DNS piracy is DNS piracy
if Verisign gets away with it others will have a go too
brandon
> > Where is he "now" and why won't he remove himself to "somewhere a long
> > way away", overnight? Obviously, there is something more complex
> > happening here.
"don't give that lamer credit for my code. Doh!"
> > Considering the amount of email traffic generated by responding to
> > forged virus laden email from culprits like sobig should email virus
> > scanning systems be configured to send notifications back to
> > sender or not?
If your scanner doesn't know if a virus forges addresses, and hen
> But what if the huge distribution systems used DC
the UK - France interconnect is DC
http://www.nationalgrid.com/uk/activities/other/mn_interconnectors_france.html
though a relatively short distance it does provide isolation
brandon
> I think pauls point may be:
> If they use text based mailers
I know, intrinsically safe is good but that's not what managment
wants so you end up with bodges to make their choices safer. Some
people may go too far
> It's a lot harder to open up a microsoft executable on a *ni
> the thing that actually burns my hash, is when my spam
> complaints or noc correspondance are robotically bounced because they
> contain dangerous mime attachments of type "message/rfc822" (spam
> examples) or "text/plain" (traceroute or tcpdump output). if your noc
> or abusedesk has such a rob
> You want to move things like gtld servers,
> yahoo/google (and other 'important' things), including
Do a deal with some porn hosters, they get 69.69.69.69
in exchange for advertising tons of free porn there
on their next spam run - win/win
brandon
> what the
> restrictive-peering network owners are looking for is "are you a peer in
> real life?" which translates loosely to "are you going to be able to sell
> to the same customers i do whether i peer with you or not?"
That's always good for a laugh "we encourage you to build yourself up
to
> Am I the only one that finds this perversion of the DNS protocol
> abhorrent and scary?
Sounds like a fine interweb kludge
It'll just be annoying until other applications aquire similar
bodgery as the users will not understand why they can't use it
for mail and all
brandon
96 matches
Mail list logo