On Jun 15, 2006, at 7:06 AM, Kristal, Jeremiah wrote:
I don't think it was Extreme that filed it, or at least they didn't
write it. It was the good folks at Qwest engineering who came up with
the idea, which was implemented (for some low value of implemented) by
Extreme. The authors had move
Once upon a time, chuck goolsbee <[EMAIL PROTECTED]> said:
> * They lacked sufficient clue to grok name-based virtual hosting.
Name-based virtual hosting is not a cure-all. Think about SSL and
anonymous FTP uploads for starters.
--
Chris Adams <[EMAIL PROTECTED]>
Systems and Network Administra
At 2:35 PM -0400 6/15/06, Matt Buford wrote:
But how could this possibly be IP abuse or evil (except perhaps in
the eyes of the search engines)? What difference does it make to
ARIN if I give a customer 30 IPs from a single /24 or 30 IPs from 30
different /24s?
How is that customer using th
On 6/14/06, Florian Weimer <[EMAIL PROTECTED]> wrote:
There are universal subscriber gateways
that simply override all network configuration on the host, but they
aren't marketed at datacenters AFAIK. After all, who would think that
a datacenter needs a network security policy similar to that o
> At 7:03 PM -0400 6/14/06, Matt Buford wrote:
> >There is also strong demand among web hosting customers to scatter
> >sites across multiple /24's due to search engine optimization.
>
> I hear this line of thinking often, but to me it sounds like
> bulls^X^X^X^X^X... um, "folklore". When our
"chuck goolsbee" <[EMAIL PROTECTED]> wrote:
Anyway, if somebody could enlighten me to definitive proof, or stated
policy by Goo... er "search engines", that confirms this "search engine
result optimization by blatant abuse of IP addresses" I'd appreciate it. I
for one believe it is bunk dreamt
At 7:03 PM -0400 6/14/06, Matt Buford wrote:
There is also strong demand among web hosting customers to scatter
sites across multiple /24's due to search engine optimization.
I hear this line of thinking often, but to me it sounds like
bulls^X^X^X^X^X... um, "folklore". When our customers/sal
Has anyone considered using sFlow to detect this type of bad behavior? Many
layer 2 switches vendors mentioned in the discussion support sFlow (see
http://www.sflow.org/products/network.php for a list).
sFlow operates at layer 2 (think of it as a kind of remote sampled mirror
port capability that
On Thu, 15 Jun 2006, Mikael Abrahamsson wrote:
> advice when they first started to attempt to migrate), or supporting
> super/sub-VLANs in an operational environment. Customers hated both,
> but at least they saw better performance once the hosting network was
> broken up per-customer VLANs.
On Thu, 15 Jun 2006, Kristal, Jeremiah wrote:
advice when they first started to attempt to migrate), or supporting
super/sub-VLANs in an operational environment. Customers hated both,
but at least they saw better performance once the hosting network was
broken up per-customer VLANs.
Why woul
On Thu, 15 Jun 2006, Mikael Abrahamsson wrote:
Some ciscos can do this as well (recent IOS). IP unnumbered and static
routes towards vlan interfaces means you can put customers in their own
vlan and still have them be part of a larger IP subnet spanning several
vlans.
Since it was Extreme th
On Wed, 14 Jun 2006 11:59:51 -0700
Warren Kumari <[EMAIL PROTECTED]> wrote:
>
>
> On Jun 14, 2006, at 2:18 AM, John van Oppen wrote:
> >
> > That being said, I know at least one of our transit customers does
> > hosting exactly how you are describing. Coincidentally, this
> > customer is
On Thu, 15 Jun 2006, Chris Hills wrote:
Unless I am missing something obvious, it seems like rfc 3069 (sub/super
vlans) provides an easy (interim?) solution to this dilemma.
Some ciscos can do this as well (recent IOS). IP unnumbered and static
routes towards vlan interfaces means you can pu
Bill Nash wrote:
> Trying to migrate customers to their own vlan when they've been alloted
> IPs, willy nilly, across one of the bajillion /24's secondaried on the
> vlan interface drives me into an entire new dimension of pissed off.
Unless I am missing something obvious, it seems like rfc 3069
* A spamware daemon is installed on the dedicated server, to keep
the network interface in promiscuous mode
* The daemon determines which IP addresses on the local subnet are
not in use. It also determines the addresses of the network routers.
One or more unused IP addresses are comman
And let me tell you.. inheriting a network like that, knowing a better way
to do it, will make you want to put a gun in your mouth. Two /19's worth
of address space in VLAN1 (not just in one vlan, but in vlan *1*. Cisco
nerds are slapping foreheads or spitting Coke right now.)
Trying to mig
On Wed, Jun 14, 2006 at 07:03:10PM -0400, Matt Buford wrote:
> As a hoster with many customers on large shared VLANs perhaps I can add a
> bit...
Note that if you're reading this list, you have already identified
yourself as a non-typical hoster. Go read WHT or GFY for 10 minutes for an
exampl
As a hoster with many customers on large shared VLANs perhaps I can add a
bit...
"Richard A Steenbergen" <[EMAIL PROTECTED]> wrote:
Simple: Subnets are hard, customers are stupid, and ARIN is not exactly a
hosters best friend.
When a hosting customer asks for 5 IPs today and 25 IPs tomorrow,
On Wed, 14 Jun 2006, Church, Chuck wrote:
>
> Since this technique requires a IPinIP or GRE tunnel, wouldn't blocking
> these two protocols to/from the hosts be sufficient? Assuming of course
> the customer's host isn't using that normally.
sure, but those are probably just convenience things,
On Jun 14, 2006, at 2:18 AM, John van Oppen wrote:
That being said, I know at least one of our transit customers does
hosting exactly how you are describing. Coincidentally, this
customer is also one of the customers that asked if we could "give
them a class C block."
Ok, I KNOW I am
On Jun 14, 2006, at 1:53 PM, Church, Chuck wrote:
Since this technique requires a IPinIP or GRE tunnel, wouldn't
blocking
these two protocols to/from the hosts be sufficient? Assuming of
course
the customer's host isn't using that normally.
Unfortunately, that probably won't work for ver
Since this technique requires a IPinIP or GRE tunnel, wouldn't blocking
these two protocols to/from the hosts be sufficient? Assuming of course
the customer's host isn't using that normally.
Chuck
Netco Government Services has recently acquired Multimax and is changing its
name to Multimax I
> "Mikael" == Mikael Abrahamsson <[EMAIL PROTECTED]> writes:
> On Wed, 14 Jun 2006, Christopher L. Morrow wrote:
>> is it really that hard to make your foudry/extreme/cisco l3 switch
>> vlan and subnet??? Is this a education thing or a laziness thing?
>> Is this perhaps covered in a 'bcp'
* Christopher L. Morrow:
> is it really that hard to make your foudry/extreme/cisco l3 switch vlan
> and subnet??? Is this a education thing or a laziness thing?
You need those L3 switches before you can do this. Obviously, L2 gear
is much cheaper, and will work equally well until it is attacke
* Christopher L. Morrow:
> On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote:
>>
>> http://thespamdiaries.blogspot.com/2006/02/new-host-cloaking-technique-used-by.html
>>
>> * Monitor your local network for interfaces transmitting ARP
>> responses they shouldn't be.
>
> how about just mac sec
On Wed, 2006-06-14 at 05:28 +, Edward B. DREGER wrote:
> CLM> Date: Wed, 14 Jun 2006 04:46:31 + (GMT)
> CLM> From: Christopher L. Morrow
>
> CLM> is it really that hard to make your foudry/extreme/cisco l3 switch vlan
> CLM> and subnet???
>
> Of course not.
>
>
> CLM> Is this a educati
> is it really that hard to make your foudry/extreme/cisco l3 switch vlan
> and subnet??? Is this a education thing or a laziness thing? Is this
> perhaps covered in a 'bcp' (not even an official IETF thing, just a
> hosters bible sort of thing) ?
Subnets aren't exactly good for address space usa
On Wed, 14 Jun 2006, Christopher L. Morrow wrote:
| how about just mac security on switch ports? limit the number of mac's at
| each port to 1 or some number 'valid' ?
Hi,
Just to be clear, simple L2 mac security doesn't help here.
This attack (arp spoofing on a shared subnet) does not invol
s for
the last four years without any issue at all.
John :)
-Ursprüngliche Nachricht-
Von: Richard A Steenbergen [mailto:[EMAIL PROTECTED]
Gesendet: Wednesday, June 14, 2006 12:18 AM
An: Christopher L. Morrow
Cc: NANOG
Betreff: Re: Interesting new spam technique - getting a lot more pop
On Wed, Jun 14, 2006 at 04:46:31AM +, Christopher L. Morrow wrote:
>
> is it really that hard to make your foudry/extreme/cisco l3 switch vlan
> and subnet??? Is this a education thing or a laziness thing? Is this
> perhaps covered in a 'bcp' (not even an official IETF thing, just a
> hosters
CLM> Date: Wed, 14 Jun 2006 04:46:31 + (GMT)
CLM> From: Christopher L. Morrow
CLM> is it really that hard to make your foudry/extreme/cisco l3 switch vlan
CLM> and subnet???
Of course not.
CLM> Is this a education thing or a laziness thing?
Both.
Eddy
--
Everquick Internet - http://www.
JvO> Date: Tue, 13 Jun 2006 21:35:14 -0700
JvO> From: John van Oppen
JvO> It sure seems like this is a good demo of the best practice of
JvO> having customers on their own VLANs with their own subnets. We
JvO> have been doing this since we started offering colo services, is
We actually go so f
On Wed, 14 Jun 2006, Christopher L. Morrow wrote:
is it really that hard to make your foudry/extreme/cisco l3 switch vlan
and subnet??? Is this a education thing or a laziness thing? Is this
perhaps covered in a 'bcp' (not even an official IETF thing, just a
hosters bible sort of thing) ?
T
ess common than I thought?
John
-Ursprüngliche Nachricht-
Von: Christopher L. Morrow [mailto:[EMAIL PROTECTED]
Gesendet: Tuesday, June 13, 2006 9:23 PM
An: Suresh Ramasubramanian
Cc: NANOG
Betreff: Re: Interesting new spam technique - getting a lot more popular.
On Wed, 14 J
On Wed, 14 Jun 2006, Adam Rothschild wrote:
> On 2006-06-14-00:23:15, "Christopher L. Morrow" <[EMAIL PROTECTED]> wrote:
> [...]
> > I assume that dedicated hosting folks don't just drop machines
> > behind a switch on one big flat subnet? That's probably a naive
> > assumption though
>
> I've l
On 2006-06-14-00:23:15, "Christopher L. Morrow" <[EMAIL PROTECTED]> wrote:
[...]
> I assume that dedicated hosting folks don't just drop machines
> behind a switch on one big flat subnet? That's probably a naive
> assumption though
I've long been a proponent of a per-customer VLAN or L3 interface
On 6/14/06, Christopher L. Morrow
<[EMAIL PROTECTED]> wrote:
Atleast it'd trim down the 'problem' to the single customer subnet, I
assume that dedicated hosting folks don't just drop machines behind a
switch on one big flat subnet? That's probably a naive assumption though
:( Perhaps this is cl
[mailto:[EMAIL PROTECTED]
Gesendet: Tuesday, June 13, 2006 9:23 PM
An: Suresh Ramasubramanian
Cc: NANOG
Betreff: Re: Interesting new spam technique - getting a lot more popular.
On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote:
> That was not my advice btw - just forwarding on what I
On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote:
> That was not my advice btw - just forwarding on what I saw.
>
oh,. apologies, i did cut the message down quite a bit :( I understood you
were quoting from the spamdiaries website, I apologize to the other
listeners (readers?) if it confused t
That was not my advice btw - just forwarding on what I saw.
What you say does seem like a "must do" all right - but putting ARP
filters in is actually a reasonable idea.
On 6/14/06, Christopher L. Morrow
<[EMAIL PROTECTED]> wrote:
On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote:
>
>
http:/
On Wed, 14 Jun 2006, Suresh Ramasubramanian wrote:
>
> http://thespamdiaries.blogspot.com/2006/02/new-host-cloaking-technique-used-by.html
>
> * Monitor your local network for interfaces transmitting ARP
> responses they shouldn't be.
how about just mac security on switch ports? limit the nu
http://thespamdiaries.blogspot.com/2006/02/new-host-cloaking-technique-used-by.html
Does seem to have potential, because at least one large webhost says
they got bit hard by this (when they asked me to unblock one of their
/24s) - and I've been seeing the same type of spam for quite some time
[p
42 matches
Mail list logo
