OpenBGPd problems relating to misuse of RESERVED bits in BGP Attribute Flags field

I had two downstream BGP customers experience problem with an OpenBGPd bug tonight. Before diving into detail, I would like to link this mailing list thread, because this is not a new issue and a patch is available: http://www.mail-archive.com/misc@openbsd.org/msg115071.html For the following

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

Dobbins, Roland rdobb...@arbor.net writes: On Nov 29, 2012, at 12:18 AM, Bjørn Mork wrote: But I will absolutely refuse the idea that anyone incapable of getting their application tested with IPv6 are able to create any useful networking software. Who's talking about 'networking software'?

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

On Nov 29, 2012, at 4:28 PM, Bjørn Mork wrote: If it doesn't do IPv4 then I don't see the need for IPv6 support. To me, 'networking software' software which happens to access the network. Quagga is an example of 'networking software'.

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

Dobbins, Roland rdobb...@arbor.net writes: On Nov 29, 2012, at 4:28 PM, Bjørn Mork wrote: If it doesn't do IPv4 then I don't see the need for IPv6 support. To me, 'networking software' software which happens to access the network. Quagga is an example of 'networking software'. OK, that

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

On Nov 29, 2012, at 6:47 PM, Bjørn Mork wrote: What's the proper term for software which happens to access the network? Just about anything, these days. ; 'Network-enabled' or 'network-capable' software, maybe? --- Roland

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

On 29 November 2012 12:48, Dobbins, Roland rdobb...@arbor.net wrote: On Nov 29, 2012, at 6:47 PM, Bjørn Mork wrote: What's the proper term for software which happens to access the network? Just about anything, these days. ; 'Network-enabled' or 'network-capable' software, maybe?

William was raided for running a Tor exit node. Please help if you can.

I'm not William and a friend pasted a link on IRC to me. I'm going to send him a few bucks because I know how it feels to get blindsided by the police on one random day and your world is turned upside down. Source:

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

On 2012-11-29 13:53 , . wrote: On 29 November 2012 12:48, Dobbins, Roland rdobb...@arbor.net wrote: On Nov 29, 2012, at 6:47 PM, Bjørn Mork wrote: What's the proper term for software which happens to access the network? Just about anything, these days. ; 'Network-enabled' or

Re: William was raided for running a Tor exit node. Please help if you can.

If you run Tor, then you should probably accept that it might be used for activity that you don't approve of or even is in violation of the law. I'm not saying Tor is good or bad, just that if you're using it you probably know what you're getting into. In order to catch someone in a criminal

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

You should store IPv6 as a pair of 64-bit integers. While PHP lacks the function set to do this on its own, it's not very difficult to do. Here are a set of functions I wrote a while back to do just that (though I admit I should spend some time to try and make it more elegant and I'm not sure

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

On Wed, Nov 28, 2012 at 1:30 PM, david peahi davidpe...@gmail.com wrote: Do today's programmers still use basic BSD socket programming? Is there an equivalent set of called procedures for IPv6 network application programming? The IPv6 API is BSD sockets. However, unless you were a particularly

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

On Thu, Nov 29, 2012 at 9:01 AM, Ray Soucy r...@maine.edu wrote: You should store IPv6 as a pair of 64-bit integers. While PHP lacks the function set to do this on its own, it's not very difficult to do. Hi Ray, I have to disagree. In your SQL database you should store addresses as a fixed

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

Hadn't thought about it that way before. This was a useful bit of info, thanks. -Blake On Thu, Nov 29, 2012 at 8:55 AM, William Herrin b...@herrin.us wrote: On Thu, Nov 29, 2012 at 9:01 AM, Ray Soucy r...@maine.edu wrote: You should store IPv6 as a pair of 64-bit integers. While PHP lacks

Re: William was raided for running a Tor exit node. Please help if you can.

Back in the early days of the public internet we didn't require any id to create an account, just that you found a way to pay us. We had anonymous accts some of whom dropped by personally to pay their bill, some said hello but I usually didn't know their names and that's how they wanted it, I'd

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

On 11/28/2012 09:40 PM, Jeroen Massar wrote: On 2012-11-28 18:26, Michael Thomas wrote: It's very presumptuous for you to tell me what my development/test priorities ought to be, and I can tell you for absolute certain that any such badgering will be met with rolled eyes and quick dismissal.

Re: William was raided for running a Tor exit node. Please help if you can.

On Nov 29, 2012, at 11:17 , Barry Shein b...@world.std.com wrote: Back in the early days of the public internet we didn't require any id to create an account, just that you found a way to pay us. We had anonymous accts some of whom dropped by personally to pay their bill, some said hello but

Syria off the net

The press is reporting on Renesys' report that Syria has finally dropped all its internet connectivity earlier this morning: http://www.renesys.com/blog/2012/11/syria-off-the-air.shtml

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

Subject: Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications Date: Thu, Nov 29, 2012 at 09:55:19AM -0500 Quoting William Herrin (b...@herrin.us): On Thu, Nov 29, 2012 at 9:01 AM, Ray Soucy r...@maine.edu wrote: You should store IPv6 as a pair of

Re: OpenBGPd problems relating to misuse of RESERVED bits in BGP Attribute Flags field

Hi Jeff (and NANOG) This is one of our customers, and we're going to get it fixed (or worked around) ASAP. michael On 11/29/12 12:44 AM, Jeff Wheeler wrote: I had two downstream BGP customers experience problem with an OpenBGPd bug tonight. Before diving into detail, I would like to link

Re: William was raided for running a Tor exit node. Please help if you can.

On November 29, 2012 at 11:45 patr...@ianai.net (Patrick W. Gilmore) wrote: On Nov 29, 2012, at 11:17 , Barry Shein b...@world.std.com wrote: It's funny, it's all illusion like show business. It's not hard to set up anonymous service, crap, just drop in at any wi-fi hotspot, many

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

Got some bad data here. Let me help. Sent from ipv6-only Android On Nov 29, 2012 8:22 AM, Michael Thomas m...@mtcc.com wrote: Phone apps, by and large, are designed by people in homes or small companies. They do not have v6 connectivity. Full stop. They don't care about v6. Full stop. It's

Re: William was raided for running a Tor exit node. Please help if you can.

On Nov 29, 2012, at 12:58 , Barry Shein b...@world.std.com wrote: On November 29, 2012 at 11:45 patr...@ianai.net (Patrick W. Gilmore) wrote: On Nov 29, 2012, at 11:17 , Barry Shein b...@world.std.com wrote: It's funny, it's all illusion like show business. It's not hard to set up anonymous

Re: William was raided for running a Tor exit node. Please help if you can.

Hi, I gotta ask and I'm sure someone would if I didn't, but how do we know this guy is legit? He's jumped up on a forum saying, Hey, police raided me, help. gib mone plz and failed to provide and reason as to how he's real and not just making it up. Maybe if there's a way to know this guy is

Re: William was raided for running a Tor exit node. Please help if you can.

On Thu, Nov 29, 2012 at 11:45 AM, Patrick W. Gilmore patr...@ianai.net wrote: Do you think if the police found out child pr0n was being served from a starbux they wouldn't confiscate the equipment from that store? I think if they took the cash registers too the Starbucks lawyer would be in

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

On 11/29/2012 10:36 AM, Cameron Byrne wrote: Got some bad data here. Let me help. Sent from ipv6-only Android On Nov 29, 2012 8:22 AM, Michael Thomas m...@mtcc.com mailto:m...@mtcc.com wrote: Phone apps, by and large, are designed by people in homes or small companies. They do not have v6

Re: William was raided for running a Tor exit node. Please help if you can.

It's difficult to compare a guy in Austria to a multi-billion dollar corporation. Here in the US, the fed has charged 3 men with involuntary manslaughter for their parts in the Gulf of Mexico Rig explosion. BP received a slap on the wrist, and a decent (to us, not them) sized fine. On 11/29/12

Re: William was raided for running a Tor exit node. Please help if you can.

On Nov 29, 2012, at 13:57 , William Herrin b...@herrin.us wrote: On Thu, Nov 29, 2012 at 11:45 AM, Patrick W. Gilmore patr...@ianai.net wrote: Do you think if the police found out child pr0n was being served from a starbux they wouldn't confiscate the equipment from that store? I think

RE: William was raided for running a Tor exit node. Please help if you can.

How would this be legally different than receiving the illegal content in an envelope and anonymously forwarding the envelope via the post office? I am pretty sure you are still liable since you were the sender. I realize that there are special postal regulations but I think that agreeing to

Re: William was raided for running a Tor exit node. Please help if you can.

Assuming it's true, it was bound to happen. Running anything , TOR or otherwise, that allows strangers to do whatever they want is just folly. People will spend time and money securing their home wireless so their neighbor can't steal their internet, but willingly allow strangers from

RE: William was raided for running a Tor exit node. Please help if you can.

I think the best analogy I would use in defense is something like the pre-paid cellular phones that are sold. That is about the only anonymous communications service I can think of off the top of my head. Problem is that most people are not licensed carriers and may not be able to hide behind

Re: William was raided for running a Tor exit node. Please help if you can.

On Fri, Nov 30, 2012 at 01:14:08AM +1100, Emily Ozols wrote: Hi, I gotta ask and I'm sure someone would if I didn't, but how do we know this guy is legit? He's jumped up on a forum saying, Hey, police raided me, help. gib mone plz and failed to provide and reason as to how he's real and not

Re: OpenBGPd problems relating to misuse of RESERVED bits in BGP Attribute Flags field

Jeff and NANOG: We are currently dropping the bad attribute within our network (as293) and are working with the customer to determine the origin of the attribute (equipment, code rev, etc.). The bad attribute should not be leaking beyond our AS at all. If you're filtering routes from AS68, you

RE: William was raided for running a Tor exit node. Please help if you can.

Not sure if there is a legal precedent for this, but logically the difference is that there are no robots that I know of that can automatically receive and parse postal mail, then re-address and forward it. For a human to forward a letter takes a conscious manual action, even if they choose not

Re: William was raided for running a Tor exit node. Please help if you can.

We had a guy (aka potential customer) inquire the other day about hosting a Tor exit on our infrastructure the other day; he disappeared fairly quickly when he figured out that we weren't just going to give him an endless supply of unmetered 10G bandwidth. I was looking forward to billing him.

Re: William was raided for running a Tor exit node. Please help if you can.

On Thu, Nov 29, 2012 at 2:06 PM, Patrick W. Gilmore patr...@ianai.net wrote: On Nov 29, 2012, at 13:57 , William Herrin b...@herrin.us wrote: On Thu, Nov 29, 2012 at 11:45 AM, Patrick W. Gilmore patr...@ianai.net wrote: Do you think if the police found out child pr0n was being served from a

Re: William was raided for running a Tor exit node. Please help if you can.

- Original Message - From: Patrick W. Gilmore patr...@ianai.net Mere conduit defense. (Please do not anyone mention common carrier status or the like, ISPs are _not_ common carriers.) Do you think if the police found out child pr0n was being served from a starbux they wouldn't

Re: William was raided for running a Tor exit node. Please help if you can.

- Original Message - From: Patrick W. Gilmore patr...@ianai.net I think if they took the cash registers too the Starbucks lawyer would be in court an hour later with a motion to quash in one hand and an offer of full cooperation in the other. And if the sky were orange

Re: William was raided for running a Tor exit node. Please help if you can.

On Thu, Nov 29, 2012 at 11:18 AM, Tom Beecher tbeec...@localnet.com wrote: Assuming it's true, it was bound to happen. Running anything , TOR or otherwise, that allows strangers to do whatever they want is just folly. Such as, say, an Internet Service Provider business? ... -- -george

Re: William was raided for running a Tor exit node. Please help if you can.

Not really comparable. Speaking from a US point of view, ISPs has strong legal protections isolating them from culpability for the actions of their customers. I know internationally things are different, but here in the US the ISP doesn't get dinged, except in certain cases where they are

RE: William was raided for running a Tor exit node. Please help if you can.

I think service providers are afforded special protections because the law recognizes their utility and the inability of the service provider to be responsible for the actions of all of their customers. The major problem is that not every individual has the same protections. A lot of ISPs are

Re: William was raided for running a Tor exit node. Please help if you can.

On Thu, Nov 29, 2012 at 11:58 AM, Tom Beecher tbeec...@localnet.com wrote: Not really comparable. Speaking from a US point of view, ISPs has strong legal protections isolating them from culpability for the actions of their customers. I know internationally things are different, but here in

Re: William was raided for running a Tor exit node. Please help if you can.

On Thu, Nov 29, 2012 at 12:00 PM, Naslund, Steve snasl...@medline.com wrote: ISPs also do not allow strangers to do whatever they want ISPs have responsibilities to act on DCMA notices and CALEA requests from law enforcement. These are things that Tor exit nodes are not capable of doing. If

Re: William was raided for running a Tor exit node. Please help if you can.

Communications Decency Act, 47 U.S.C. §230 is the US law that has been interpreted to provide immunity to ISP for the actions of their users. Zeran v. America Online, Inc., 4th Circuit, 1997 Jane Doe v. America Online, Inc., 5th Circuit, 1997 Blumenthal v. Drudge, DC District, 1998 Green v.

RE: William was raided for running a Tor exit node. Please help if you can.

The entire point of Tor is to be untraceable back to the source. Egress filters can prevent future abuse but do not provide for tracing back to the original source of offending conduct. They are not trying to stop the flow of the data in this case, they want the source in jail. If law

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

In message CALFTrnM+a56hx3CP0qqszfNrbirQZOefS_0uHVC8VQk=+qd...@mail.gmail.com , Ray Soucy writes: You should store IPv6 as a pair of 64-bit integers. While PHP lacks the function set to do this on its own, it's not very difficult to do. I did it as a array of 8, 16 bit integers with a old

Re: William was raided for running a Tor exit node. Please help if you can.

On Thu, Nov 29, 2012 at 12:42 PM, Naslund, Steve snasl...@medline.com wrote: The entire point of Tor is to be untraceable back to the source. Egress filters can prevent future abuse but do not provide for tracing back to the original source of offending conduct. They are not trying to stop

RE: William was raided for running a Tor exit node. Please help if you can.

1. Running open access wireless does not make you legally an ISP and if your open wireless is used to commit a crime you could be criminally negligent if you did not take reasonable care in the eyes of the court. 2. If I provide access to four or five friends, I am not an ISP and in fact I am

Re: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

Why would I want to do that instead of store it as a single 128 bit integer or bit-field? Owen Sent from my iPad On Nov 29, 2012, at 6:01 AM, Ray Soucy r...@maine.edu wrote: You should store IPv6 as a pair of 64-bit integers. While PHP lacks the function set to do this on its own, it's

Re: William was raided for running a Tor exit node. Please help if you can.

The entire question here is whether CALEA's covered entities definition and ISP common carrier (not exactly, but the commonly used term for CDA protections available, see earlier discussion) definitions overlap. The answer is no. It always has been no. Plenty of publishers and access providers

Re: OpenBGPd problems relating to misuse of RESERVED bits in BGP Attribute Flags field

If you hear anything more, I'd be interesting in knowing about it. I had a an upstream going up and down last night; reportedly their BGP process was core dumping due to a BGP attribute issue. I never found out what vendor it was though. Paul On Thu, Nov 29, 2012 at 12:33 PM, Michael Sinatra

RE: Programmers can't get IPv6 thus that is why they do not have IPv6 in their applications....

I have read a little of this BS thread. 1) I have been maintaining a network for 12 years. 2) I am and have been since Feb 1965 a programmer. Anyone who bashes either group has a problem. First, at one time programmers knew bits, bytes, opcodes, machine codes etc. I have written close to

Re: OpenBGPd problems relating to misuse of RESERVED bits in BGP Attribute Flags field

On 2012-11-29, Jeff Wheeler j...@inconcepts.biz wrote: I had two downstream BGP customers experience problem with an OpenBGPd bug tonight. Before diving into detail, I would like to link this mailing list thread, because this is not a new issue and a patch is available:

Re: William was raided for running a Tor exit node. Please help if you can.

On Thu, Nov 29, 2012 at 01:19:19PM -0600, Naslund, Steve wrote: I think the best analogy I would use in defense is something like the pre-paid cellular phones that are sold. That is about the only anonymous communications service I can think of off the top of my head. Problem is that most

Re: William was raided for running a Tor exit node. Please help if you can.

Date: Thu, 29 Nov 2012 15:26:57 -0500 From: Tom Beecher tbeec...@localnet.com Subject: Re: William was raided for running a Tor exit node. Please help if you can. Communications Decency Act, 47 U.S.C. 230 is the US law that has been interpreted to provide immunity to ISP for the actions

Re: William was raided for running a Tor exit node. Please help if you can.

47 U.S.C. 230 doesn't do much for child porn, no. However, PROTECT does. PROTECT spells out reporting, but also contains safe harbor provisions such that an ISP who didn't know that child porn was being transmitted across their network cannot be prosecuted for not knowing, only for not taking

RE: William was raided for running a Tor exit node. Please help if you can.

On Thu, 29 Nov 2012, Naslund, Steve wrote: 1. Running open access wireless does not make you legally an ISP and if OK. your open wireless is used to commit a crime you could be criminally negligent if you did not take reasonable care in the eyes of the court. I believe this is incorrect

Re: William was raided for running a Tor exit node. Please help if you can.

Michael Froomkin - U.Miami School of Law wrote: 2. If I provide access to four or five friends, I am not an ISP and in fact I am responsible if they use my connection to do something illegal since I am the customer of record. If you loan your car to an unlicensed driver and he kills someone,

Re: William was raided for running a Tor exit node. Please help if you can.

Naslund, Steve wrote: 1. Running open access wireless does not make you legally an ISP and if your open wireless is used to commit a crime you could be criminally negligent if you did not take reasonable care in the eyes of the court. Related:

RE: William was raided for running a Tor exit node. Please help if you can.

You are correct about most people not falling under CALEA. That also means that they do not have the safe harbor provisions provided to facilities based providers (however an open wireless hotspot MIGHT just make you a wireless facilities based provider). You are not under an obligation to

RE: William was raided for running a Tor exit node. Please help if you can.

On Thu, 29 Nov 2012, Naslund, Steve wrote: [...] When it comes to running an open access point, I think the legal issue would be negligence. Is it negligence for the 90 year old grandma to have an open AP (probably not, just didn't know better)? Is it negligence for me to have an open AP

Windows 2008/2012 arp timeout process

Greetings Nanog, I apologize in advance if this should be directed towards a server/systems discussion list, but I've noticed some (what I think are) issues with the way windows 2008/2012 handles arp. I started noticing some high arp processes on some of our 6500s running sup720s, and after

Re: William was raided for running a Tor exit node. Please help if you can.

On 29 Nov 2012, at 20:53, George Herbert george.herb...@gmail.com wrote: The assertion being made here, that it's somehow illegal (or immoral, or scary) for there to be not-completely-traceable internet access in the US, is absurd. The real issue here is *not* the legality of the act of

Re: William was raided for running a Tor exit node. Please help if you can.

On Thu, Nov 29, 2012 at 2:00 PM, Jim Mercer j...@reptiles.org wrote: On Thu, Nov 29, 2012 at 01:19:19PM -0600, Naslund, Steve wrote: I think the best analogy I would use in defense is something like the pre-paid cellular phones that are sold. That is about the only anonymous communications

Re: William was raided for running a Tor exit node. Please help if you can.

Yes, but if you are operating a TOR node, it's not entirely clear to me that you are not actually an ISP (whether you realize that or not). You are, after all, providing a form of internet access to non-paying customers. Owen On Nov 29, 2012, at 11:58 , Tom Beecher tbeec...@localnet.com wrote:

carping about CARP

I can't seem to recall anyone griping about this here on our august little list but google finds that I'm by no means the first to have been burned by an unholy interaction between VRRP and CARP. Let's skip the protocol discussions (same protocol number and uses multicast) [*] and go straight to

Re: carping about CARP

On Fri, Nov 30, 2012 at 12:52 AM, Robert E. Seastrom r...@seastrom.com wrote: Note that the Ciscos didn't exhibit any untoward behavior, and there were passwords on the VRRP sessions too. case of the same situation all[1] 'software md5 tcp' implementations have? sign but never verify... -chris

Re: William was raided for running a Tor exit node. Please help if you can.

* Patrick W. Gilmore (patr...@ianai.net) wrote: On Nov 29, 2012, at 12:58 , Barry Shein b...@world.std.com wrote: It would seem like they'd have to confiscate the equipment at every Starbucks in their jurisdiction, which could be every one in the US for example. They didn't confiscate

Re: [tor-talk] William was raided for running a Tor exit node. Please help if you can.

- Forwarded message from Asad Haider a...@asadhaider.co.uk - From: Asad Haider a...@asadhaider.co.uk Date: Thu, 29 Nov 2012 19:37:24 + To: tor-t...@lists.torproject.org Subject: Re: [tor-talk] William was raided for running a Tor exit node. Please help if you can. Reply-To:

Re: William was raided for running a Tor exit node. Please help if you can.

Joakim Aronius wrote: Lets assume that some child pr0n dealer used this Tor exit node, is it not reasonable if the police wants to see if there are logs that make it possible to catch the sleazebag? Should LE ignore crime if it originates from a network which operates a Tor exit node? I am