At 01:54 AM 2/16/2005, you wrote:
Odd regarding the Vonage connection. Their sitting on UU from where I
can see and I have excellent transit to them from Comcast.
I'm on Sprint, and the service was fine for a year and a half. In recent
months it deteriorated to the point where more often than
Or even sftp. This could enhance the security and still allow the tftp
style of getting the conigs. I know it's not widely used (if at all in
this scenario) but it could be a fix.
On Tue, 15 Feb 2005 23:45:16 +0100
Michael Hallgren [EMAIL PROTECTED] wrote:
MH
MH ssh, or other schemes of
On Tue, 15 Feb 2005, Rob Thomas wrote:
Hi, Dan.
] Why block TFTP at your borders? To keep people from loading new versions of
] IOS on your routers? ;)
Funny you should mention that. :) We have seen miscreants do exactly
that. They will upgrade or downgrade routers to support a
Thus spake C. Hagel [EMAIL PROTECTED]
Or even sftp. This could enhance the security and still allow the tftp
style of getting the conigs. I know it's not widely used (if at all in
this scenario) but it could be a fix.
I would think that HTTPS is both closer to the TFTP model (ask for a
What caused that issue was file transfers and other bursty traffic
overwhelming queues, resulting in vonage traffic being stomped.
My router is a BSD/OS box and I see no evidence that it's losing
packets. Keep in mind that the trouble was on inbound traffic, and my
internal network, a 100Mb
In an update yesterday on advancedIPpipeline, Vonage
said that the incident ... involved multiple Vonage
customers whose service was being affected by a single
provider.
http://www.advancedippipeline.com/news/60400945
- ferg
-- John Levine [EMAIL PROTECTED] wrote:
What caused that issue was
At 11:07 AM -0500 on 2/15/05, Steven M. Bellovin wrote:
http://advancedippipeline.com/60400413
The FCC is investigating -- it's not even clear if it's illegal to do
that.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
This has been an interesting thread; lots of divergence. I'll
http://advancedippipeline.com/60400413
The FCC is investigating -- it's not even clear if it's illegal to do
that.
--Prof. Steven M. Bellovin, http://www.cs.columbia.edu/~smb
http://advancedippipeline.com/60400413
The FCC is investigating -- it's not even clear if it's illegal to do
that.
How is this any different then blocking port 25 or managing the bandwidth
certain applications use.
Adi
On Tue, 15 Feb 2005, Adi Linden wrote:
http://advancedippipeline.com/60400413
The FCC is investigating -- it's not even clear if it's illegal to do
that.
How is this any different then blocking port 25 or managing the bandwidth
certain applications use.
could be there are some 911
15, 2005 9:58 AM
To: Adi Linden
Cc: [EMAIL PROTECTED]
Subject: Re: Vonage complains about VoIP-blocking
On Tue, 15 Feb 2005, Adi Linden wrote:
http://advancedippipeline.com/60400413
The FCC is investigating -- it's not even clear if it's illegal to do
that.
How is this any different
Christopher L. Morrow wrote:
On Tue, 15 Feb 2005, Adi Linden wrote:
http://advancedippipeline.com/60400413
The FCC is investigating -- it's not even clear if it's illegal to do
that.
How is this any different then blocking port 25 or managing the bandwidth
certain applications use.
could be
On Tue, Feb 15, 2005 at 11:53:59AM -0600, Adi Linden wrote:
How is this any different then blocking port 25 or managing the bandwidth
certain applications use.
If the article is correct, and the ISP involved is also a LEC, then
it would be pretty clearly anticompetitive, and the LECs
On Tue, Feb 15, 2005 at 10:22:56AM -0800, Majdi Abbas wrote:
On Tue, Feb 15, 2005 at 11:53:59AM -0600, Adi Linden wrote:
How is this any different then blocking port 25 or managing the bandwidth
certain applications use.
If the article is correct, and the ISP involved is also a
At 10:07 AM -0800 2/15/05, Jim Devane wrote:
I can see where it may come to a LEC being able to block a competitor's port
only if they offer a comparable service. It will be an interesting ride to
be sure.
Imagine Verizon blocking AOL dialup numbers [since verizon also
provides internet
Anyone know which rural LECs might be involved?
I find it interesting that it isnt an MSO or RBOC doing the blocking -
perhaps the greater lawyer:engineer ratio at those organizations prevents
it?
The other interesting aspect is that there seems to be a bit of a
persecution complex on the part
On Tue, Feb 15, 2005 at 11:53:59AM -0600, Adi Linden wrote:
How is this any different then blocking port 25 or managing the bandwidth
certain applications use.
Something else to consider. We block TFTP at our border for security reasons
and we've found that this prevents Vonage from
On Tue, Feb 15, 2005 at 01:45:05PM -0500, Eric Gauthier wrote:
On Tue, Feb 15, 2005 at 11:53:59AM -0600, Adi Linden wrote:
How is this any different then blocking port 25 or managing the bandwidth
certain applications use.
Something else to consider. We block TFTP at our border for
I can see where it may come to a LEC being able to block a
competitor's port
only if they offer a comparable service. It will be an interesting
ride to
be sure.
What if a LEC added QoS to increase priority of their own VoIP product
and reduced QoS on their competitors? Packets are still
Michael Kaegler wrote:
At 10:07 AM -0800 2/15/05, Jim Devane wrote:
I can see where it may come to a LEC being able to block a
competitor's port
only if they offer a comparable service. It will be an interesting
ride to
be sure.
Imagine Verizon blocking AOL dialup numbers [since verizon also
Samantha Fetter wrote:
Hi, just wanted to let you know that a friend recently got Vonage, and
they had to go through a special process to get 911 properly associated
with her address so that it would work right. I'm guessing that means
they have REAL 911 access? I'm not familiar with that
On Tue, Feb 15, 2005 at 11:53:59AM -0600, Adi Linden wrote:
How is this any different then blocking port 25 or managing the bandwidth
certain applications use.
Something else to consider. We block TFTP at our border for security reasons
and we've found that this prevents Vonage from
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
John Fraizer
Sent: Tuesday, February 15, 2005 2:31 PM
To: Samantha Fetter
Cc: nanog@merit.edu
Subject: Re: Vonage complains about VoIP-blocking
Samantha Fetter wrote:
Hi, just wanted to let
Why block TFTP at your borders? To keep people from loading new versions of
IOS on your routers? ;)
Not trying to be flippant, but what's the basis for this?
- Dan
On 2/15/05 1:45 PM, Eric Gauthier [EMAIL PROTECTED] wrote:
On Tue, Feb 15, 2005 at 11:53:59AM -0600, Adi Linden wrote:
How
Hi, Dan.
] Why block TFTP at your borders? To keep people from loading new versions of
] IOS on your routers? ;)
Funny you should mention that. :) We have seen miscreants do exactly
that. They will upgrade or downgrade routers to support a feature set
of their choosing.
A lot of malware
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Eric Gauthier
Sent: Tuesday, February 15, 2005 1:45 PM
To: nanog@merit.edu
Subject: Re: Vonage complains about VoIP-blocking
On Tue, Feb 15, 2005 at 11:53:59AM -0600, Adi Linden wrote:
How
I've gotten a couple emails on this. To summarize:
1) some malware uses tftp. However much malware now uses other ports, such
as 80
2) There are numerous buffer overflow bugs with tftp. This would seem to be
better resolved with rACLs or ACLs towards loopback/interface blocks. (and,
of course,
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
Something else to consider. We block TFTP at our border for
security reasons
and we've found that this prevents Vonage from working.
Would this mean that
LEC's can't block TFTP?
Was that a device trying to phone home and get it's
-Original Message-
From: Jay Hennigan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 15, 2005 5:10 PM
To: Hannigan, Martin
Cc: Eric Gauthier; nanog@merit.edu
Subject: RE: Vonage complains about VoIP-blocking
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
Something else
On Tue, 15 Feb 2005, Jay Hennigan wrote:
Vonage devices initiate an outbound TFTP connection back to Vonage to
snarf their configs on initial connection and also (presumably) on reboot.
Many, many VoIP devices do this, including Cisco phones in all major
flavors. If an ISP is blocking TFTP
; nanog@merit.edu
Subject: RE: Vonage complains about VoIP-blocking
-Original Message-
From: Jay Hennigan [mailto:[EMAIL PROTECTED]
Sent: Tuesday, February 15, 2005 5:10 PM
To: Hannigan, Martin
Cc: Eric Gauthier; nanog@merit.edu
Subject: RE: Vonage complains about VoIP-blocking
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Hannigan, Martin
Sent: Tuesday, February 15, 2005 3:14 PM
To: 'Jay Hennigan'
Cc: Eric Gauthier; nanog@merit.edu
Subject: RE: Vonage complains about VoIP-blocking
-Original Message-
From: Jay Hennigan
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
Something else to consider. We block TFTP at our border for
security reasons
and we've found that this prevents Vonage from working.
Vonage devices initiate an outbound TFTP connection
Was that a device trying to phone home and get it's configs?
Cisco, Nortel, etc. phone home and get configs via tftp.
Vonage doesn't need to phone home for config. The device is
programmed
(router) and it registers with the call manager.
If you analyze the transactions it's
configs.
-Jason
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
On Behalf
Of Hannigan, Martin
Sent: Tuesday, February 15, 2005 3:14 PM
To: 'Jay Hennigan'
Cc: Eric Gauthier; nanog@merit.edu
Subject: RE: Vonage complains about VoIP-blocking
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
Something else to consider. We block TFTP at our border for
security reasons and we've found that this prevents
Vonage from
working.
Vonage devices initiate an outbound
On Tue, 15 Feb 2005, Michael Hallgren wrote:
ssh, or other schemes of enhanced security...?
We have some that use https, but that is as about as secure as it gets. We
also encrypt config files, so that helps.
Nathan Stratton BroadVoice, Inc.
nathan at
ssh, or other schemes of enhanced security...?
We have some that use https, but that is as about as secure
as it gets. We also encrypt config files, so that helps.
Likely (at least for the time being :) better than nothing (or of
course use of naked protocols). My (inherited) point
Thus spake Bruce Campbell [EMAIL PROTECTED]
Introducing new devices that are intended to trust that big, bad, easily
spoofable internet using non-secured protocols such as tftp in order to
get their configuration from a non-local server shows a degree of trust
not seen since the Famous Five,
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
Stephen Sprunk
Sent: Tuesday, February 15, 2005 6:08 PM
To: Bruce Campbell
Cc: North American Noise and Off-topic Gripes
Subject: Re: Vonage complains about VoIP-blocking
Thus spake Bruce
On Tue, 15 Feb 2005, Stephen Sprunk wrote:
Thus spake Bruce Campbell [EMAIL PROTECTED]
Introducing new devices that are intended to trust that big, bad, easily
spoofable internet using non-secured protocols such as tftp in order to
get their configuration from a non-local server shows a
On Feb 15, 2005, at 4:45 PM, Michael Hallgren wrote:
ssh, or other schemes of enhanced security...?
How about encrypted config files loaded via tftp?
( Which is what the Motorola unit actually does ).
-Chris
--
Chris Parker
Director, Engineering
StarNet A Service of US LEC
(888)212-0099 Fax
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
Wouldn't there be a fee to utilize https?
Most CPE provider will give you a cert at no cost.
-Nathan
Thus spake Hannigan, Martin [EMAIL PROTECTED]
Unfortunately, TFTP is the only protocol that many phone vendors
implement -- and VoIP operators aren't happy about it. Some
vendors have
started implementing HTTP(S), but it's far from common at this point.
Wouldn't there be a fee to
On Tue, 15 Feb 2005 16:18:01 -0500
Daniel Golding [EMAIL PROTECTED] wrote:
Why block TFTP at your borders? To keep people from loading new versions of
IOS on your routers? ;)
Fear.
Not trying to be flippant, but what's the basis for this?
In addition to what others have said. The T in
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
Unfortunately, TFTP is the only protocol that many phone vendors
implement -- and VoIP operators aren't happy about it. Some
vendors have
started implementing HTTP(S), but it's far from common at this point.
Wouldn't there be a fee to
In message [EMAIL PROTECTED], Sean Donela
n writes:
On Tue, 15 Feb 2005, Hannigan, Martin wrote:
Unfortunately, TFTP is the only protocol that many phone vendors
implement -- and VoIP operators aren't happy about it. Some
vendors have
started implementing HTTP(S), but it's far from
http://advancedippipeline.com/60400413
The FCC is investigating -- it's not even clear if it's illegal to do
that.
For what it's worth, my ISP is owned by my rural ILEC, and I just
cancelled my Vonage service because it had become unusable.
However, the problem was not TFTP, it was rotten
On Tue, 15 Feb 2005, Steven M. Bellovin wrote:
The really interesting question, to me, is how to let users provision
their phones to talk to the operator of their choice. The simplest
solution is probably something like a SIM; it would contain the
customer subscription data and the
Why block TFTP at your borders? To keep people from loading new versions of
IOS on your routers? ;)
Not trying to be flippant, but what's the basis for this?
This is a really good question :)
In our particular case, it was not to protect the network as others suggested.
We do ACL our
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of
John Levine
Sent: Tuesday, February 15, 2005 9:02 PM
To: [EMAIL PROTECTED]
Subject: Re: Vonage complains about VoIP-blocking
http://advancedippipeline.com/60400413
The FCC is investigating
Odd regarding the Vonage connection. Their sitting on UU from where I
can see and I have excellent transit to them from Comcast.
I'm on Sprint, and the service was fine for a year and a half. In recent
months it deteriorated to the point where more often than not I couldn't
understand the
52 matches
Mail list logo
