Hello,
Thank you for launching such useful discussions for operators. IPv6
introduction in mobile networks is certainly one major issue we have to
consider for services and business development.
As you stated, pressure on public and private IPv4 addresses is more and more
important and we
I have looked at DS-lite very carefully. First, DS-Lite fits better
for cable operators since they have CPE and can have a DS-lite
function in the CPE that they control, and that in turn allows them to
provide IPv4, IPv6, and dual-stack to the end-host that they do not
control. DS-Lite
[resending with more readable, apologies for the duplicate]
DS-lite can work both for fixed and wireless scenario, where you have a
laptop/pda/smarphone/tablet
that is only configured by the access network with IPv6 but want to access
IPv4 content FROM IPv4
applications. This is the main
Part of the discussion of recent attacks by targeted email to
individuals crafted to deceive that particular individual based on
intelligence gathered for this use by governments.
The alleged attacks from China are troubling on many fronts. On
Thursday, security firm McAfee released a report
On 1/15/10 4:07 PM, Bruce Williams wrote:
As if the old threat models weren't bad enough...
The old threat models were simply not up to date.
Gadi.
Bruce
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevron.livejournal.com/
The APT is the new game. Old rules, new game.
--
Marcus H. Sachs
Verizon
+1 202 515 2463
Sent from my Verizon BlackBerry Storm
http://www.verizonwireless.com/storm
- Original Message -
From: Gadi Evron g...@linuxbox.org
To: nanog@nanog.org nanog@nanog.org
Sent:
telmn...@757.org wrote:
Did SORBS really cause you that much pain?
Yes. We purchased colo space for some systems that didn't need high
class of service (mostly development systems.) The IP space in a
former lifetime was a dialup pool for analog modems.
We of course changed the reverse DNS
On 1/15/10 4:32 PM, Sachs, Marcus Hans (Marc) wrote:
The APT is the new game. Old rules, new game.
I don't see why it's new just because suddenly people know what's going
on around them. A bit like with botnets before 2004.
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog:
Where are these quotes coming from ?
Marshall
On Jan 15, 2010, at 9:07 AM, Bruce Williams wrote:
Part of the discussion of recent attacks by targeted email to
individuals crafted to deceive that particular individual based on
intelligence gathered for this use by governments.
The alleged
The botnet concept is one of the old rules. The way the APT works and what it
is used for is the new game.
--
Marcus H. Sachs
Verizon
+1 202 515 2463
Sent from my Verizon BlackBerry Storm
http://www.verizonwireless.com/storm
- Original Message -
From: Gadi
On Jan 15, 2010, at 9:21 AM, Gadi Evron wrote:
On 1/15/10 4:07 PM, Bruce Williams wrote:
As if the old threat models weren't bad enough...
The old threat models were simply not up to date.
Precisely correct. This has been going on for quite some time; some people
simply weren't paying
On Fri, 15 Jan 2010, Bruce Williams wrote:
The alleged attacks from China are troubling on many fronts. On
Thursday, security firm McAfee released a report saying the program
used to target U.S. firms involved a so-called zero day
vulnerability -- one that was to this point unknown to the
Folks,
After the Katrina landfall a diverse group of wireless people started
organizing a relief effort, culminating in work around Waveland. There
was also a group from the NPGS in Monterey, who worked on the Boxing
Day Tsunami aftermath.
Does anyone have a similar contact set?
Eric
On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
Does anyone really believe that the use of targeted 0-day exploits to gain
unauthorized access to information hasn't been at least considered if not
used by spies working for other [than China] countries?
I think only those not paying
On Fri, Jan 15, 2010 at 10:17 AM, Michelle Sullivan matt...@sorbs.net wrote:
telmn...@757.org wrote:
Did SORBS really cause you that much pain?
Yes. We purchased colo space for some systems that didn't need high class
of service (mostly development systems.) The IP space in a former lifetime
On Jan 15, 2010, at 10:43 AM, Jared Mauch wrote:
On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
Does anyone really believe that the use of targeted 0-day exploits to gain
unauthorized access to information hasn't been at least considered if not
used by spies working for other [than
On Fri, Jan 15, 2010 at 10:20:33AM -0500, Marshall Eubanks wrote:
Where are these quotes coming from ?
That particular one:
http://redtape.msnbc.com/2010/01/gregory-fayer-opened-an-e-mail-on-monday-night-that-looked-like-it-was-from-a-fellow-lawyer-at-gipson-hoffman-pancione-inst.html
Ken Chase wrote:
Anyone got some pointers on how to get off SORBS' Dynamic IP lists?
We've followed their RFC proposed static reverse DNS assignment naming and all
elements of their FAQ.
We are not spammers. The /24 in question isnt listed on any RBLs except SORBS
DUL.
We've submitted
We now have (and have had for a few years) what appears to be nation-state
hacking. The differences are in targets and resources available to the
attacker.
Agreed, and given that is more easy to aggregate bits of information
from different sources to put together the puzzle it makes more
Ronald Cotoni wrote:
At the same time, I never hear this about spamhaus or outblaze. Go
figure :( Maybe your system is too confusing and you might want to
take a survey and revamp it to something a bit more functional.
I have never heard it about Outblaze, but I have heard at least we
On 1/15/10 5:52 PM, Steven Bellovin wrote:
On Jan 15, 2010, at 10:43 AM, Jared Mauch wrote:
On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
Does anyone really believe that the use of targeted 0-day exploits to gain
unauthorized access to information hasn't been at least considered if not
On Fri, Jan 15, 2010 at 11:06 AM, Michelle Sullivan matt...@sorbs.net wrote:
I'm now marking this request as 'answered' as I think there's nothing
more for me to do. If you feel otherwise, please reply to this message
to re-open your ticket. In particular, if you change your rDNS
information.
Fair enough, but it wasnt just me.
I have the customer who submitted his own tickets as well, as well as NAC.net
who has admins (an email admin, actually), who seems to know his way around RBLs
and the current state/reputation/happenings in the spam/RBL/mail world.
Customer has posted these
On 1/15/10 5:23 PM, Sachs, Marcus Hans (Marc) wrote:
The botnet concept is one of the old rules. The way the APT works and
what it is used for is the new game.
Perhaps for talking about, but it is far from new. Come on Marc.
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog:
On 15/01/2010 16:14, William Herrin wrote:
Is it bad English? Is it not clear?
No, it is not clear.
It's perfectly clear.
Can anyone else give better wording
that might result in less of an issue?
Please reply to this message to reopen your ticket and escalate your
case to a live human
In a message written on Fri, Jan 15, 2010 at 05:06:18PM +0100, Michelle
Sullivan wrote:
The common a reoccurring issue is the response by the robot has given
the next logical step to progress any delisting request (as has been
stated here recently, in another thread).. and the requester has
After the Katrina landfall a diverse group of wireless people started
organizing a relief effort, culminating in work around Waveland. There was
also a group from the NPGS in Monterey, who worked on the Boxing Day Tsunami
aftermath.
Does anyone have a similar contact set?
hello eric
i
On Fri, Jan 15, 2010 at 11:26 AM, William Hamilton b...@edisys.co.uk wrote:
Is it bad English? Is it not clear?
No, it is not clear.
Try as I might I really can't see what is not clear here...
It isn't clear that there's a way to reach a human being at sorbs
other than complaining
Michelle,
Thanks for your email. Please specifically look at ticket 260695. I
created the ticket on January 5th at about 1:30EST. Immediately I got my
response from the robot.
I replied a few minutes later with:
67.196.137.188/32
TTL is right. PTR is right.
From your email, it is my
Ken Chase wrote:
Fair enough, but it wasnt just me.
I have the customer who submitted his own tickets as well, as well as NAC.net
who has admins (an email admin, actually), who seems to know his way around RBLs
and the current state/reputation/happenings in the spam/RBL/mail world.
Customer
On 1/15/2010 10:26 AM, William Hamilton wrote:
On 15/01/2010 16:14, William Herrin wrote:
Is it bad English? Is it not clear?
No, it is not clear.
It's perfectly clear.
Can anyone else give better wording
that might result in less of an issue?
Please reply to this message to reopen your
On Fri, 15 Jan 2010, Eric Brunner-Williams wrote:
After the Katrina landfall a diverse group of wireless people started
organizing a relief effort...
There are quite a lot of us working on it, is there something specific
you're volunteering to do?
I have no information about the state of the Internet links in Haiti
(everything seems down) but, for the .HT top-level domain, here are a
few news.
.HT has six name servers, four outside of the country. They were not
affected so .HT never had a problem resolving. Main DNS lesson: always
put name
William Hamilton wrote:
Please reply to this message to reopen your ticket and escalate your
case to a live human being.
And now SORBS:
If you feel otherwise, please reply to this message
to re-open your ticket.
Try as I might I really can't see what is not clear here...
The difference is
On 15/01/2010 16:57, Michael Thomas wrote:
The difference is that nobody wants to talk to a robot when they're
the victim
of a false positive which is causing business impacting interruption. A
robot is not
empowered to go beyond its instructions, and if it's programmed either
wrong or with
Leo Bicknell wrote:
So, let me see if I got this right:
1) Network reports 1.2.3.0/24 has no dynamic IP addresses in it.
Networks don't report anything, people do, and in the majority of cases
not the network owner (where network owner = person listed in the RIR as
the POC)
2) SORBS
Michelle,
--
Paul
In the beginner's mind there are many possibilities, but in the expert's mind
there are few.
Shunryu Suzuki
On Fri, 15 Jan 2010, Michelle Sullivan wrote:
That is my view, however most (if not all) of the tickets were for the /22
not the /32 which is why it was rejected.
On Fri, Jan 15, 2010 at 5:37 AM, Durand, Alain
alain_dur...@cable.comcast.com wrote:
[resending with more readable, apologies for the duplicate]
DS-lite can work both for fixed and wireless scenario, where you have a
laptop/pda/smarphone/tablet
that is only configured by the access network
William Hamilton wrote:
On 15/01/2010 16:57, Michael Thomas wrote:
The difference is that nobody wants to talk to a robot when they're
the victim
of a false positive which is causing business impacting interruption. A
robot is not
empowered to go beyond its instructions, and if it's programmed
This will be my only reply to the conversation now that Michelle has poked in
and taken control of the thread.
I had a beef with SORBS a while back on behalf of my day job, and it cost me
quite a bit -- in frustration, in doing a few things publicly that I regret, and
ultimately in spending a
On Fri, 15 Jan 2010, Michelle Sullivan wrote:
Well 3 people have ignored the last 2 sentences... so please tell me what is
unclear in them? The only correct response was in 260573 when someone
The robot response, like much of the SORBS web site is rather longwinded,
and I suspect many
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to bgp-st...@lists.apnic.net
For historical data, please see http://thyme.apnic.net.
If you have any comments please contact Philip Smith
On Jan 15, 2010, at 12:08 PM, Michelle Sullivan wrote:
2) SORBS robot reponds with you must change your rDNS.
... or respond to indicate why you think the robot is wrong...
This does not work. Our provider has been told that unless the in-addr was
changed to include the word static, the
On Jan 15, 2010, at 10:06 AM, Michelle Sullivan wrote:
For fast approval:
Log ticket - robot checks rDNS for all networks listed in ticket -
robot confirms all space is static and submits the ticket to the
removals queue where it is manually checked by a human and processed.
For manual approval:
On Fri, Jan 15, 2010 at 05:01:54PM +, William Hamilton wrote:
I agree it's perhaps not clear how to get hold of a human, but you can't
really argue that it's not clear how to progress the issue in general as
the message quite clearly tells you to respond if you wish for it to be
In a message written on Fri, Jan 15, 2010 at 01:26:49PM -0500, Jed Smith wrote:
Let me reiterate for the benefit of Ricky Beam, Ken Chase, Leo Bicknell, Paul,
and anybody else who is tempted to debate Michelle in this thread: you are
100%
wasting your time.
Good advice, for sure.
On Jan 15, 2010, at 8:13 AM, Gadi Evron wrote:
1. Unlike GhostNet, which showed an interesting attack but jumped to
conclusions without evidence that it was China behind them -- based
on Ethos alone I'd like to think that when Google says China did it,
they know. Although being a
Logan Vig wrote:
Here are some tickets to review:
205929
206524
207964
208986
and for the /24's which finally resulted in the /18 being delisted:
208996-209062
Well from the initial look you kept submitting new tickets and the SORBS
staff kept merging them into the latest ticket as
On 1/15/10 10:15 PM, Fred Baker wrote:
On Jan 15, 2010, at 8:13 AM, Gadi Evron wrote:
1. Unlike GhostNet, which showed an interesting attack but jumped to
conclusions without evidence that it was China behind them -- based on
Ethos alone I'd like to think that when Google says China did it,
Hello Everyone:
The thread Sorbs on autopilot? has been moderated.
Kind Regards,
Mike (on behalf of the NANOG CC)
--
Michael K. Smith - CISSP, GSEC, GISP
Chief Technical Officer - Adhost Internet LLC mksm...@adhost.com
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 8611 27F3 08B9
If I may ... two questions:
a) do the humans @ SORBS use the AI/GUI that everyone else uses to
query/request
changes or do all SORBS internal manipulations use an entirely
different AI/GUI?
b) is there any method for someone to request their (as opposed to
BGP Update Report
Interval: 07-Jan-10 -to- 14-Jan-10 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS580029398 2.6% 133.0 -- DNIC-ASBLK-05800-06055 - DoD
Network Information Center
2
This report has been generated at Fri Jan 15 21:11:26 2010 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date
-Original Message-
From: bmann...@vacation.karoshi.com
[mailto:bmann...@vacation.karoshi.com]
Sent: Friday, January 15, 2010 1:54 PM
To: Michelle Sullivan
Cc: nanog@nanog.org
Subject: um... human generated requests
If I may ... two questions:
a) do the humans @
On 1/15/10 3:14 PM, Nathan Eisenberg wrote:
Slightly confused - it sounds like you're asking if you can list
yourself on a blacklist? Is that a self-immolating form of protest,
or did I misread?
Sounds more like to me an attempt to engineer a situation to cause grief
on SORBS end.
Maybe
On 1/14/10 12:31 AM, Steven Bellovin wrote:
On Jan 13, 2010, at 5:26 PM, mshel...@cox.net wrote:
From a single detection of one hostile email you can often expand the picture
to many mail recipients. A little open source research identifies the common
community the recipients belong to.
The Google Spokesperson I heard on the radio yesterday evening said
that they had not yet stopped censoring, and declined to give a date
when they would. His point was that the clock is ticking and Google
can see it.
On Jan 13, 2010, at 8:52 AM, Jérôme Fleury wrote:
On Wed, Jan 13, 2010
On Jan 13, 2010, at 8:31 AM, Anthony Uk wrote:
The ability to automatically discern users' political positions from
their inbox is not one that any email provider reasonably needs.
I'm not Chinese, but putting myself in their position...
I would be surprised if they were trying to
To my understanding they believe that people that live in China are relevant
(which is why they brought it up in the context), but they are very
carefully saying that they don't know the exact perpetrators.
http://www.ipinc.net/IPv4.GIF
Uh, Fred the link is to an image that has nothing to
On Jan 15, 2010, at 3:05 PM, Bruce Williams wrote:
Can you prove you are not Chinese and my computer is not hacked?
Fred is your real name, isn't it? You are Fred, aren't you?
You. Says so on my business card...
inline: IMG_2226_2.jpg
On Fri, Jan 15, 2010 at 02:14:03PM -0800, Nathan Eisenberg wrote:
-Original Message-
From: bmann...@vacation.karoshi.com
[mailto:bmann...@vacation.karoshi.com]
Sent: Friday, January 15, 2010 1:54 PM
To: Michelle Sullivan
Cc: nanog@nanog.org
Subject: um... human generated
On Jan 16, 2010, at 12:15 AM, Fred Baker wrote:
On Jan 15, 2010, at 3:05 PM, Bruce Williams wrote:
Can you prove you are not Chinese and my computer is not hacked?
Fred is your real name, isn't it? You are Fred, aren't you?
You. Says so on my business card...
IMG_2226_2.jpg
看的也不見!
TV
Hey Marcus, you got what you wanted pal
(http://www.youtube.com/watch?v=FSUPTZVlkyU), cyber security ramped up
as a
national security agenda item.
http://news.cnet.com/8301-30684_3-10436018-265.html
Congrats,
Andrew
i am confused here, which is not at all unusual. did the chinese get
any data which google does not give to american LEAs in answer to an
administrative request, i.e. not even a court order?
randy
I have a client in Edmonton who's looking for a network drop to their
office, something in the 2-10 MB/s range. The location is at 46 Ave.
and 99 St.
The core requirement is for a bare unfiltered *symmetric* pipe (no
ADSL). Traffic volume will be low: 2-4 laptop VPNs plus some light
web server
On Sat, Jan 16, 2010 at 10:00:38AM +0900, Randy Bush wrote:
i am confused here, which is not at all unusual. did the chinese get
any data which google does not give to american LEAs in answer to an
administrative request, i.e. not even a court order?
You mean why didn't they just ask for it
That's the translation the Chinese Government has inserted into the Google
Translation service. ;)
-Original Message-
From: Fred Baker [mailto:f...@cisco.com]
Sent: Friday, January 15, 2010 4:28 PM
To: tv...@eyeconomics.com
Cc: NANOG
Subject: Re: Anyone see a game changer here?
On
The listing method is if you actually receive virus traffic over v6.
Which someone will, sooner or later ..
Yes, I agree with listing a slightly larger range - given that /64
seems to be what most anyone gets these days with a free tunnel.
I wish you all the very best of fun trying to run dnsbl
Sorry for late response here...
On 1/14/2010 15:20, Cameron Byrne wrote:
On Thu, Jan 14, 2010 at 3:00 PM, Jim Burwell j...@jsbc.cc wrote:
On 1/14/2010 11:10, Cameron Byrne wrote:
Folks,
My question to the community is: assuming a network based IPv6 to IP4
translator is in place
- Mark Schouten ma...@bit.nl wrote:
Hi,
FYI:
http://virbl.bit.nl/index.php#ipv6
Comments on the listing method are appreciated.
Regards,
wow bind? thats gonna get slower and slower and slower. I hope you have a TON
of ram for that box. for example
if we loaded the
On Jan 15, 2010, at 7:53 PM, Jim Burwell wrote:
Sorry for late response here...
On 1/14/2010 15:20, Cameron Byrne wrote:
On Thu, Jan 14, 2010 at 3:00 PM, Jim Burwell j...@jsbc.cc wrote:
On 1/14/2010 11:10, Cameron Byrne wrote:
Folks,
My question to the community is: assuming a
71 matches
Mail list logo