Hey Paul,
-- Sean Donelan [EMAIL PROTECTED] wrote:
On Tue, 20 Nov 2007, [EMAIL PROTECTED] wrote:
[EMAIL PROTECTED]
(reason: 552 5.2.0 F77u1Y00B2ccxfT000 Message Refused. A
URL in
the content of your message was found on...uribl.com. For
resolution do
not contact Cox
Suresh Ramasubramanian wrote:
Most mailservers do allow you to exempt specific addresses from filtering.
On the LHS of the @ of a remote address? I think that was Sean's point.
Eliot
David Conrad wrote:
On Nov 5, 2007, at 2:13 PM, Bora Akyol wrote:
Do common endpoints (Windows Vista/XP, MacOS X 10.4/5) support DNSSEC
Validation? If not, then do people have a choice?
Yes and no.
Of course, nobody supports the Evil bit today, so some change would be
necessary one way or
Sean Donelan wrote:
I just wish the IETF would acknowledge this and go ahead and define a
DNS bit for artificial DNS answers for all these address correction
and domain parking and domain tasting people to use for their keen
Web 2.0 ideas.
Yes, it sounds like the evil bit. Why would anyone
Sean,
Yes, it sounds like the evil bit. Why would anyone bother to set it?
Two reasons
1) By standardizing the process, it removes the excuse for using
various hacks and duct tape.
2) Because the villian in Bond movies don't view themselves as evil.
Google is happy to pre-check the box
Iljitsch van Beijnum wrote:
That isn't actually true. I could move to IPv6 and deploy a NAT-PT
box to give my customers access to the v4 Internet regardless of
whatever the rest of the community thinks.
And then you'll see your active FTP sessions, SIP calls, RTSP
sessions, etc fail.
Stephen Sprunk wrote:
Shim6 is an answer to what kind of multihoming can we offer to sites
without PI space?; it is yet to be seen if anyone cares about the
answer to that question.
This argument is circular. The only real way to test demand is to offer
a service and see if customers bite.
Stephen,
I'm not a fan of build it and they will come engineering.
I suppose a reasonable question one could ask is this: who's the
customer? Is the customer the ISP? I tend to actually it's the end
enterprise. But that's just me.
Eliot
Daniel,
All solutions will use a different SSH port as part of the standard just
so that firewall administrators have the ability to block.
Eliot
Daniel Senie wrote:
At 02:00 PM 9/6/2005, Dave Crocker wrote:
Eliot,
I need your help to correct for an impending mistake by the ISMS
Anyone got one? Amusingly, the search engine these guys run can't seem
to provide me this small bit of information.
Thanks in advance,
Eliot
Josh Duffek wrote:
http://abuse.yahoo.com/ ?
josh
Ok, I have a response. Thanks all.
[replies to either the netconf list if you are a member or to me, and I
will forward them *directly* to the netconf list unless instructed NOT
to do so.]
Dear NANOG folk,
The NETCONF working group of the IETF is currently developing a
collection of protocol specifications for the
According to the marketing folk, it's a phased approach. This
translates to two things:
1. There is a plan for an open API.
2. *NIX is not where the problem lies, right now.
Eliot
As some of you may already know, Randy Bush has resigned as Ops Area
Director for the IETF. The community was well served by Randy,
particularly because he has a good head on his shoulders and strong ties
with the operational community.
If you or someone you know would like to have broad
Patrick W. Gilmore wrote:
NAT is harmful to many protocols. Stateful
inspection is not.
Possibly. But Joe User will never use those many protocols. Plus the
overwhelming majority of protocols are not harmed by NAT.
Of course NAT causes all sorts of damage to all sorts of protocols, as
the
Valdis hits the nail on the head. And this boils down to something that
I believe is attributable to someone commenting on the old FSP protocol,
perhaps Erik Fair:
The Internet routes around damage.
Damage can take the form of a broken link, or it can take the form of an
access-list. In
Howard C. Berkowitz wrote:
I have gotten a reasoned response from the technology editor of the
Washington Post, and we are discussing things. While I wouldn't have
done it that way, he had a rational explanation of why the story was
written the way it was, and definitely indicating there will
[EMAIL PROTECTED] wrote:
Beware the single point of failure. If all your clocks come from GPS, then
GPS is the SPOF.
Can you describe what would be involved to cause this sort of single
point of failure to fail?
Eliot
okay. two valid cases to be concerned about:
The most valid case is when we all go and buy GPS receivers from the
same vendor who turns out to have a bug or a vulnerability of some form.
The other valid case is if the defense department brought down the
sattelite system for some odd reason.
Jim Segrave wrote:
And the usual US-centric view...
Which congress person does Demon Netherlands, T-dialin, Wanadoo
France, Tiscali etc. go to?
I recognize it sounds U.S.-centric, but quite frankly since the U.S.
Department of Commerce claims ownership here, I don't have a any grand
more
Andy Walden wrote:
Godwin's Law should probably be extended to September 11 references.
Walden's Corollary?
;-)
Eliot
Randy Bush wrote:
it would ust make wildcards illegal in top level domains,
not subdomains.
there are tlds with top level wildcards that are needed and
in legitimate use.
verisign has not done anything strictly against spec. this
is a social and business issue.
And this in itself indicates a
[For some reason, the first message ended up in the bit bucket]
Dear all,
Over the last few years, a bunch of us from the vendor community have
sought your opinion about doing programmatic configuration to routers,
switches, and the like. Over the last few months, the NETCONF working
group was
I say to that...
http://www.ofcourseimright.com/~lear/fishbowl.jpg
It's a rare day when I differ with Dave over mail standards, so
something's weird.
Dave Crocker wrote:
Some current choices:
Email standards provide for posting of email to the usual port 25 or to
port 773 for the newer submit service. (Submit is a clone of SMTP that
operates on a different
Yah, the abstract indicates what most of us already know. Good coverage
and redundancy options in urban areas; less so for rural areas. Why
should this shock anyone? Imminent death of the 'net is *not predicted ;-)
Eliot
Crist J. Clark wrote:
But there are still management reservations, the only reservation we
do not have a good answer for is the (arbitrary) claim that turning
off NAT may break stuff for customers who depend on it. Now we have
customers that do some pretty messed up stuff, and everybody knows
Hi,
I've put a stake in the ground regarding network management. Below is a
URL that discusses the problem. I'm wondering if you would like to send
me comments (off list) on what I've gotten right and what I've gotten
wrong. This draft compliment's Bill Woodcock's draft, in as much as I'm
Tony Hain wrote:
Public executions would be much more effective than preventing
legitimate customers from getting their job done.
A proposed activity for Portland? Network engineer assisted homocide?
;-)
Paul Vixie wrote:
per-destination host AND port egress rate shaping. if someone tries to send
more than 1Kbit/sec to all port 80's, or more than 1Kbit/sec to any single
IP address, then you can safely RED their overage. this violates the whole
peer-to-peer model but there's no help for
Rafi Sadowsky wrote:
Maybe I'm missing something obvious but do how you get rate-limiting per
TCP *flow* with Cisco IOS ?
There is something called flow-based RED (FRED) but it consumes a whole
lot of memory because you have to keep track of lots more state. I
don't know about that code.
Rob Mitzel wrote:
So my question is...what's out there that will allow us to check
thresholds on traffic, and notify us if needed?
RMON alarms and events for one. These are available on pretty much all
recent versions of IOS. You can set a rising or falling threshhold on
any MIB variable
Hi all,
[This may sound like a perennial question.]
I'm curious as to how you configure your routers (whatever they may be).
In particular, what tools do you use? Home grown? Rancid? Vendor
provided?
I'll summarize.
Thanks in advance,
Eliot
I don't know if this is an annual argument yet, but the frog is in the
pot, and the flame is on. Guess who's playing the part of the frog?
Answer: ISPs who do this sort of thing. Value added security is a nice
thing. Crippling Internet connections will turn the Internet into the
phone
34 matches
Mail list logo