On Tue, Apr 15, 2008 at 11:04 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
In fact, we have done just that -- develop a standard boilerplate
very similar to what PIRT uses in its notification(s) to the
stakeholders in phishing incidents.
The boilerplate is no damned use. PIRT - and you -
On Tue, Apr 15, 2008 at 11:55 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
Really.
How many people are actually doing IODEF?
http://www.terena.org/activities/tf-csirt/iodef/
AISI - for example - and AISI feeds the top 25 australian ISPs - takes
IODEF as an input
And MAAWG does ARF, quite
On Mon, Apr 14, 2008 at 11:27 AM, Edward B. DREGER
[EMAIL PROTECTED] wrote:
For such a system to scale, it would need to avoid OSPF-style
convergence. Similarly, I would not want to query, for the sake of
example, 15k different trust peers each time I needed to validate a
new
(whitelists) on their own, possibly tying this to auth systems such as
dkim.
--srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On Tue, Apr 15, 2008 at 10:16 AM, Paul Ferguson [EMAIL PROTECTED] wrote:
As I mentioned in my presentation at NANOG 42 in San Jose, the
biggest barrier we face in shrinking the time-to-exploit window
with regards to contacting people responsible for assisting in
mitigating malicious
in on most of the security related talks and
bofs at *nog, right? If you have, that'd be a surprisingly naïve
statement.
srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
should they be able to shift the cost of
their business model to me, just because I run a much smaller business?
So has hotmail, so have several of the domains that we host.
srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
for exchanging email except
between guy with personal colo and a tunneled /48, and freebsd.org /
isc.org etc hosted lists .. you'll probably find that the basic
concepts of filtering remain much the same, v4, v6 (or perhaps even
Jim Fleming's or that Chinese vendor's IPv9)
srs
--
Suresh
a problem appears, some cognizance
of that is surely in order.
That was the only meta comment I had here. I'll stop now.
srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
1. They are not complaints as such. They are what AOL users click report spam on
2. They are sent in a standard format - http://www.mipassoc.org/arf/ -
and if you weed out the obvious (separate forwarding traffic out
through another IP, and ditto for bounce traffic), then you will find
that -
On Mon, Apr 14, 2008 at 10:34 AM, Owen DeLong [EMAIL PROTECTED] wrote:
Now I'm lost again. You've mixed so many different metaphors from
interdomain routing to distance-vector computaton to store-and-forward
that I simply don't understand what you are proposing or how one
could begin to
On Fri, Apr 11, 2008 at 8:37 PM, Raymond L. Corbin
[EMAIL PROTECTED] wrote:
It's not unusual to do /24 blocks, however Yahoo claims they do not keep any
logs as to what causes the /24
We keep quite detailed logs. No comment about yahoo - I've never been
at the other end of a /24 block from
On Sat, Apr 12, 2008 at 2:34 AM, Barry Shein [EMAIL PROTECTED] wrote:
The lesson one should get from all this is that the ultimate harm of
spammers et al is that they are succeeding in corrupting the idea of a
standards-based internet.
The lesson here is that different groups at the same
On Sat, Apr 12, 2008 at 9:02 AM, Randy Bush [EMAIL PROTECTED] wrote:
Packet pushers go to *NOG. And the abuse desks mostly all go to
MAAWG. And any CERTs / security types the ISP has go to FIRST and
related events. And most of them never do coordinate internally, run
by different
On Fri, Apr 11, 2008 at 1:22 AM, Raymond L. Corbin
[EMAIL PROTECTED] wrote:
Yeah, but without them saying which IP's are causing the problems you can't
really tell
which servers in a datacenter are forwarding their spam/abusing Yahoo. Once
the /24
block is in place then they claim to have
On Thu, Apr 3, 2008 at 3:00 AM, Jason J. W. Williams
[EMAIL PROTECTED] wrote:
Does anyone have a good contact number for the Hotmail NOC? We've got
e-mails from Hotmail to some of our customers being returned the Hotmail
sender with a 554 error message fairly regularly. Our logs aren't
system.
So, does that mean Brightmail is not updating their system properly, or
MSN/Hotmail is not updating their Brightmail?
Seems like a huge waste of everyone's time because some LARGE network
operators can't keep their stuff updated.
*grumble*
--
Suresh Ramasubramanian ([EMAIL
What we did was to isolate our forwarding traffic out through a
separate set of IPs.
And then told Hotmail, Yahoo, AOL etc about the IPs. They were very
glad to tag these as such in their filters
This was over three years ago, and admittedly, our email traffic is
rather higher (by orders of
On 17 Mar 2008 04:12:13 +, Paul Vixie [EMAIL PROTECTED] wrote:
i think, at this stage and at this date, that bringing up the ORBS/abovenet
debacle constitutes a canard, and should be avoided, for the good of all.
Completely unrelated to l'affaire ORBS of course, but in this more
recent
On Mon, Mar 17, 2008 at 3:48 PM, Glen Kent [EMAIL PROTECTED] wrote:
Do ISPs (PTA, AboveNet, etc) that unintentionally hijack someone
else IP address space, ever get penalized in *any* form? Depending
upon whom and what they hijack, and who all get affected, it sure can
PTA's ASN actually
with implement RFC 2827 yourself, and start pushing other SPs
to implement it maybe?
srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On Mon, Mar 17, 2008 at 8:48 PM, Larry J. Blunk [EMAIL PROTECTED] wrote:
RFC2827 is about source address filtering which
is not really the same as BGP route announcement
filtering. Unfortunately, I have not come across
Yup, radb etc for that. Not fully awake when I wrote that, and hit
I seem to remember something about Earthlink rolling out v6 enabled
wifi routers to its customers (linksys with a hacked up firmware
that'd create a v6 tunnel between the cpe and an elnk tunnelbroker) ..
what happened to that interesting little product? Killed off and the
few remaining users
Is it time for this nanog thread again?
http://www.merit.edu/mail.archives/nanog/msg02822.html
srs
On Fri, Feb 29, 2008 at 11:45 PM, Henry Futzenburger
[EMAIL PROTECTED] wrote:
1. Accept only default and partial routes from upstream.
a. Accept directly-connected routes, reject everything
notates the same.
Coincidentally, Telecom Egypt announced a new cable to be built by
Alcatel-Lucent this morning. TE North, which looks like it's going
from Egypt to France, is an 8 pair system (128 x 10Gb/s x 8).
Thanks for your input.
-M
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On Feb 2, 2008 4:07 AM, Steven M. Bellovin [EMAIL PROTECTED] wrote:
Yah. I'm a security guy, and hence suspicious by nature -- our slogan
is Paranoia is our Profession -- and I'm getting very concerned. The
old saying comes to mind: once is happenstance, twice is coincidence,
but the third
On Jan 17, 2008 12:13 PM, Barry Shein [EMAIL PROTECTED] wrote:
Once again shortly after posting a message to NANOG a fairly
significant dictionary attack using Earthlink's mail servers fired up.
The same thing happened around Nov 30th (I posted about it here.)
Post Hoc, Ergo Propter Hoc.
and your blood pressure under
control
[...]
APRICOT - http://www.apricot2008.net next month in Taipei.
SANOG - www.sanog.org - going on right now in Dhaka, Bangladesh
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
I see roadrunner listens.
frodo:~ dig +short houston.rr.com mx
0 .
frodo:~ dig +short houston.rr.com txt
v=spf1 -all
--srs
On Jan 13, 2008 8:55 AM, Suresh Ramasubramanian [EMAIL PROTECTED] wrote:
A bunch of roadrunner subdomains migrated over to comcast and those are dud.
One operationally
suggested
a few wording changes for the definition of a null MX - dot terminated
null string, STD13 etc, during his drafting of the document)
--srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On Jan 15, 2008 8:53 AM, Mark Andrews [EMAIL PROTECTED] wrote:
There are lots of places in the DNS where . makes sense
as a null indicator. RP uses it today, as does SRV. MX
should use it and fallback to A should be removed. It
Fallback to A should be removed sure
On Jan 13, 2008 9:55 PM, Tony Finch [EMAIL PROTECTED] wrote:
On Sun, 13 Jan 2008, Suresh Ramasubramanian wrote:
One operationally better way to go seems to be Mark Delany's mx0dot
proposal, which started out as an internet draft, but seems to have
lost momentum .. the concept is sound
A bunch of roadrunner subdomains migrated over to comcast and those are dud.
One operationally better way to go seems to be Mark Delany's mx0dot
proposal, which started out as an internet draft, but seems to have
lost momentum .. the concept is sound though.
be resolved via router
architecture improvement, such as adding memory chips or compressing RIB. or
via changing routing and addressing scheme, which one will be the long-term
essential approach?
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On Nov 27, 2007 8:08 PM, Sean Donelan [EMAIL PROTECTED] wrote:
Several new projects have started around the world to achieve those goals.
ITU anti-botnet initiative
http://www.itu.int/ITU-D/cyb/cybersecurity/projects/botnet.html
I wrote this one. And there are a few things in there that
On Nov 22, 2007 1:27 PM, Leigh Porter [EMAIL PROTECTED] wrote:
longer make any cheap plastic tat. If there is no cheap plastic tat,
then Internet commerce will die because there will be nothing to buy!
Great. So half the world's population is dead, lots of dotbombs are
out of business .. but
On Nov 22, 2007 6:15 PM, Adrian Chadd [EMAIL PROTECTED] wrote:
On Thu, Nov 22, 2007, Suresh Ramasubramanian wrote:
Great. So half the world's population is dead, lots of dotbombs are
out of business .. but you have LOTS of IP space that's suddenly
unused and available.
Is this actually
On Nov 21, 2007 5:46 PM, Eliot Lear [EMAIL PROTECTED] wrote:
Given what Sean wrote goes to the core of how mail is routed, you'd
pretty much need to overhaul how MX records work to get around this one,
or perhaps go back to try to resurrect something like a DNS MB record,
but that presumes
The World | [EMAIL PROTECTED] | http://www.TheWorld.com
Purveyors to the Trade | Voice: 800-THE-WRLD| Login: Nationwide
Software Tool Die| Public Access Internet | SINCE 1989 *oo*
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On Nov 16, 2007 10:04 PM, Leigh Porter [EMAIL PROTECTED] wrote:
If there was, I sure would not join it. It'd be full of I cannot send
mail to your domain blah blah
Been to a MAAWG meeting yet? Or been on one such list?
There's a lot more interesting and useful / operationally relevant
On Nov 10, 2007 2:43 AM, Lamar Owen [EMAIL PROTECTED] wrote:
I'm able to get 45Mb/s through a P3-800 with a four-port NIC running NAT and
simple content filtering with SmoothWall Advanced Firewall 2 easily. Have a
box doing that right now.
Speaking of all that, does someone have a conference
thanks
Andy
--
Regards, Andy Davidson // Engineering
Localphone Limited http://www.localphone.com
+44-(0)114-3191919 // Sheffield, UK
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
Well, the current nanog MLC is mostly because Susan Harris was
cracking down equally on discussions of anything mail / spam filtering
related (operational not kooky) .. in fact, on anything that didnt
involve pushing packets from A to B.
And we have Marty Hannigan from the MLC telling us that
On Oct 29, 2007 11:01 PM, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Fix your forwarding a lot better. Not sure what this
means. My machines are MX's for the clients domain. They
accept it, and either forward it around locally to one of the
processing MX's or ARE one one of the
On 10/29/07, Tuc at T-B-O-H.NET [EMAIL PROTECTED] wrote:
Unfortunately, we cannot provide you with
specific information other than to suggest a review
of the questionnaire we supplied and try to determine
where your mailing practices may be improved upon.
In other words, fix your
On 10/26/07, Dave Pooser [EMAIL PROTECTED] wrote:
What I did in the past in a similar situation was sign up for an MSN
account, complain that my office couldn't email me, and keep escalating
until I reached somebody who understood the problem. Of course the
circumstances were somewhat
On 9/22/07, Wayne E. Bouchard [EMAIL PROTECTED] wrote:
I realize that it's expensive to run these lines but when you put your
working and protect in the same cable or different cables in the same
trench (not even a trench a few feet apart, but the same trench and
same innerduct), you have to
Bugs laying eggs in fiber tearing up a lot of broadband in Japan
http://www.sciencemag.org/content/current/r-samples.dtl
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
://blog.wired.com/sterling/2007/08/lax-outage-is-b.html
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 8/18/07, Steven Haigh [EMAIL PROTECTED] wrote:
Oh noes! The terrerists can kill all the airports by installing dodgy
network cards in a machine!
I wonder if the machine had an RTL8139 card in there? ;)
Well, if it is a mess of legacy equipment in there .. there's a high
chance that
the tiny plastic packets of ketchup at fast
food stores ..
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
http://www.thehindubusinessline.com/2007/07/18/stories/2007071850650400.htm
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 7/24/07, Chris L. Morrow [EMAIL PROTECTED] wrote:
Pleaes do this at 1Gbps, really 2Gbps today and 20gbps shortly, in a cost
effective manner. Please also do this on encrypted control channels or
channels not 'irc', also please stay 'cost effective'. Additionally,
Right. However one
On 7/24/07, Joe Greco [EMAIL PROTECTED] wrote:
The problem is isolating the traffic in question. Since you DO NOT HAVE
GIGABITS OF TRAFFIC destined for IRC servers, this becomes a Networking
101-style question. A /32 host route is going to be effective.
Manipulating DNS is definitely the
members seem to be pushing
walled gardens for this purpose.
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
doing anything just means ISPs won't do
anything.
Running email abuse desks for about a decade now makes me tend to
agree with you .. and completely unfiltered pipes to the internet for
customer broadband are a pipe dream, most places.
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 7/23/07, Joe Greco [EMAIL PROTECTED] wrote:
All right, here we go. Please explain the nature of the bot on my freshly
installed (last night) FreeBSD 6.2R box.
%age of freshly installed freebsd 6.2R boxes v/s random windows boxes
on cox cable?
Like anything else, its a numbers game.
On 7/24/07, Chris L. Morrow [EMAIL PROTECTED] wrote:
So, to back this up and get off the original complaint, if a service
provider can protect a large portion of their customer base with some
decent intelligence gathering and security policy implementation is that a
good thing? keeping in mind
we disagree on this
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
://www.londonactionplan.net/?q=node/5
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 5/24/07, David Ulevitch [EMAIL PROTECTED] wrote:
Again, good idea, but doesn't belong in the core. If I register a
domain, it should be live immediately, not after some 5 day waiting
period. On the same token, if you want to track new domains and not
accept any email from me until my
On 5/24/07, Per Heldal [EMAIL PROTECTED] wrote:
It should be the registries responsibility to keep their registrars in
line. If they fail to do so their delegation should be transferred
elsewhere.
Of course, to impose decent rules you'd need a root-operator whose
Moving right back to where
help. Some
mailservers (recent postfix) allow you to block by NS, or there's
always the good old expedient of bogusing these out in your bind
resolver config, or serving up a fake zone for them.
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
desk .. and
ask yourself how many times your abuse desk has been bcc'd on email in
the past.
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 5/12/07, Albert Meyer [EMAIL PROTECTED] wrote:
I and numerous others (including some whom any reasonable NANOG-L poster would
respect and listen to) have asked you repeatedly to stop trolling NANOG-L with
this botnet crap. It is off-topic here. The last time you pulled this (starting
As
over the last few
meetings, it should be well worth reading when it does come out.
--srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 4/28/07, Deepak Jain [EMAIL PROTECTED] wrote:
Anyone have any recommendations for BCPs or software suggestions on
running an open community-based access point (or network)?
MAAWG BCPs on walled gardens (probably coming soon if not already out
there). Quite a few ISPs - Bell Canada
to contact several AS operators.
As you can see we do indeed own these blocks:
When Bill Manning said this he was being more than a little sarcastic.
Own? ARIN gave you title?
ARIN assigns you those blocks. They dont give you ownership of those, as such.
regards
srs
--
Suresh Ramasubramanian
[phish domains hosted on botnets,
and registered on ccTLDs where bureaucracy comes in the way of quick
takedowns]
srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 3/31/07, Adrian Chadd [EMAIL PROTECTED] wrote:
.. just wait until they start living on in P2P trackerless type setups
and not bothering with temporary domains - just use whatever resolves to the
end-client. You'll wish it were as easy to track as accessing these websites
p2p based botnets
be found by a quick google for p2p+botnet
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 4/1/07, Fergie [EMAIL PROTECTED] wrote:
ICANN, from what I can tell, had this issue (doamin tasting) on their
agenda as a discussion iten in Lisbon last week, but i am unaware of
the discussion outcome.
Some of the biggest domain tasters aren't too particular about what
they register..
on registered domains ..
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
There are a few fairly easy things to do.
1. Don't do what most hotel networks do and think that simply sticking
lots of $50 linksys routers into various rooms randomly does the
trick. Use good, commercial grade APs that can handle 150+
simultaneous associations, and dont roll over and die
On 2/8/07, Al Iverson [EMAIL PROTECTED] wrote:
Actually, http://www.comcast.net/help/faq/index.jsp?faq=SecurityMail_Policy18627
links you to
http://www.comcastsupport.com/rbl
aka
http://www.comcastsupport.com/sdcxuser/lachat/user/Blockedprovider.asp
What Al said, in spades. That
On 2/3/07, Gadi Evron [EMAIL PROTECTED] wrote:
On Sat, 3 Feb 2007, Suresh Ramasubramanian wrote:
What do nanogers usually do when caught in a situation like this?
Important question: if memory serves, and you are in the Paris Charles de
Gaulle International Airport, wireless costs money
into /etc/hosts
What do nanogers usually do when caught in a situation like this?
thanks
srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
there
anyway. Worth a read.
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
, Kim says.
To contact the reporter on this story: Andrea Tan in Singapore at
[EMAIL PROTECTED]
Last Updated: December 26, 2006 22:57 EST
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 12/19/06, Jay Stewart [EMAIL PROTECTED] wrote:
This may not be much of a help, but can be a good resource for data when
dealing with mail issues regarding MS.
https://postmaster.live.com/snds/index.aspx
Of course, you need a Valid MSN passport for registration. . . . . sigh. .
It
On 12/5/06, William Allen Simpson [EMAIL PROTECTED] wrote:
The study says that nearly 20 percent of email does not get delivered to
the inbox as intended, largely because it gets mistaken as spam.
That's utter hogwash. My Mail Mailguard statistics this year show that for
me personally, only
20,000 spam per
day from one of their customers and they aren't very
responsive. I'd rather get beyond first-line support
before blocking a large swath 67.18.0.0/15.
matthew black
e-mail postmaster
california state university, long beach
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 10/11/06, Joseph S D Yao [EMAIL PROTECTED] wrote:
Why is 10 October their 01 April?
Looks like you got october-fooled, Mr.Yao :)
10 October is just a date like any other .. those of us in India who
want to play tricks on our friends stick to 4/1 like everybody else
--
Suresh
.. because they provide internet over fiber optic cables, which work by sending
pulses of light down the cable to push packets ..
http://www.hindu.com/2006/10/10/stories/2006101012450400.htm
So they get slapped with tax + penalties of INR 241.8 million.
Broadband providers
On 10/10/06, Fergie [EMAIL PROTECTED] wrote:
Is it April 1st already? :-)
- ferg
Sadly, I dont think taxmen ever had a sense of humor
.
However, since the customer must beam back light as part of the exchange
then you must track the number of pulses in both directions and
determine the difference. Some days the customer gets more energy and
some days it doesn't. That should affect the tax.
--
Suresh Ramasubramanian ([EMAIL
, mail
and webhosting
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 10/2/06, Matt Baldwin [EMAIL PROTECTED] wrote:
Yes, I'm noticing this too. Very lame indeed. Doing a quick Google
on it in the Groups it seems that it was a feature that was enabled
earlier this year. My guess is they turned it off, then turned it
Drew the attention of a friend at
.:
Now that we're firmly into offtopic territory -
http://www.kitenet.net/~joey/blog/entry/thread_patterns.html
Here's how to subscribe to mailing lists with a combined total posts
of 2000 or more per day, and live. It's all about pattern recognition.
[snip]
--
Suresh Ramasubramanian ([EMAIL
out all kinds of cruft/spam.
Next you'll be telling me that IMAP is the wave of
the future and that i should read email on some
PDA/CELL thingie...
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
end.
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
ps: I do wish people who forward me this URL on your website would add
a not safe for work type disclaimer to it :)
http://www.ryanair.com/site/EN/notices.php?notice=060822-ASP-EN
Can someone from HP please email me offlist?
thanks
srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 8/10/06, Sean Donelan [EMAIL PROTECTED] wrote:
On Thu, 10 Aug 2006, Suresh Ramasubramanian wrote:
The MAAWG bcps, for example, state that ISPs must take responsiblity
for mitigating outbound spam and abuse.
The RIAA, for example, states that ISPs must take responsibility for
mitigating
a webmail provider - yes, I've got measures in place. This is
for ISPs who provide connectivity to mitigate abuse at their end as
well.
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
vietnamese ISP that has / had till recently set
localhost as rDNS for all their IPs.
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
. Focus on stopping the tons of spam that's pumped out over plain old
http as well
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
(including govt / LE) who would be just as interested as Hank is.
-srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
mosquito repellant and draining a huge pool of stagnant water
just outside your home.
srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
for that
matter.
srs
--
Suresh Ramasubramanian ([EMAIL PROTECTED])
On 8/3/06, Jim Popovitch [EMAIL PROTECTED] wrote:
Don't parked domains exist on a registrar owned IP? I would think a
list could be built from spending some time contacting each registrar
(http://www.icann.org/registrars/accredited-list.html). ;-)
Not always. You will find several
1 - 100 of 645 matches
Mail list logo