As of 38.0.5, this no longer is even an option, as they removed sslv3
support, see the reviews at
https://addons.mozilla.org/en-US/firefox/addon/ssl-version-control/
On Fri, July 17, 2015 2:41 pm, Robert Drake wrote:
On 7/17/2015 4:26 AM, Alexander Maassen wrote:
Well, this block also affects
On 7/17/15, 6:25 AM, Christopher Morrow christopher.mor...@gmail.com on
behalf of morrowc.li...@gmail.com wrote:
On Wed, Jul 15, 2015 at 4:43 PM, Ricky Beam jfb...@gmail.com wrote:
On Wed, 15 Jul 2015 16:20:11 -0400, Lee Howard l...@asgard.org wrote:
Business Class DOCSIS customers get a
On 7/17/2015 4:26 AM, Alexander Maassen wrote:
Well, this block also affects people who have old management hardware
around using such ciphers that are for example no longer supported. In my
case for example the old Dell DRAC's. And it seems there is no way to
disable this block.
Ok, it is
After making the about:config changes, no warning is given to the user about
the bad ciphers. Even if you click the SSL lock icon, no warning is given. Only
if you know that the connection being made with
TLS_RSA_WITH_AES_128_CBC_SHA,128 bit keys, TLS 1.0 is a bad thing would you
have any
On 07/17/2015 08:41 AM, Robert Drake wrote:
I've also got a jetty server (opennms) that broke due to this,
so I upgraded and fixed the SSL options and it's still broken in some
way that won't log errors. I have no time to track that down so the
workaround is to use the unencrypted version
On 7/15/15 9:10 AM, John R. Levine wrote:
It would be nice if it were possible to implement BCP 38 in IPv6,
since this
is the reason it isn't in IPv4.
There isn't any technical reason that an organization can't fix its edge
so it doesn't urinate bad IPv6 traffic all over the Internet.
In
To Ramy,
Thank you for the acknowledgement. DDoS Mitigation service providers,
regardless if its pure cloud, hybrid cloud, or CPE only, all face these
challenges when it comes to DDoS Attacks.
Can you restate your question again or rephrase it for the forum? Seems
there is some confusion or
Hi,
does anyone else see some prefix hijacks from AS7514? They started to announce
some of our /24
Thanks best regards
Jürgen Jaritsch
Head of Network Infrastructure
ANEXIA Internetdienstleistungs GmbH
Telefon: +43-5-0556-300
Telefax: +43-5-0556-500
E-Mail:
Seeing the same; a /19.
BGPMon reports an alert at 2015-07-17 05:29 (UTC) and that it's being
accepted by 2497.
--
Hugo Slabbert
Stargate Connections - AS19171
-Original Message-
Date: Fri, 17 Jul 2015 06:15:36 +
From: Jürgen Jaritsch j...@anexia.at
To: 'nanog@nanog.org'
We already informed AS2497 but I have no idea if they we'll cooperate.
Best regards
Jürgen Jaritsch
Head of Network Infrastructure
ANEXIA Internetdienstleistungs GmbH
Telefon: +43-5-0556-300
Telefax: +43-5-0556-500
E-Mail: j...@anexia.at
Web: http://www.anexia.at
Anschrift Hauptsitz
I let IIJ know too, hopefully they'll filter it soon.
On 7/17/2015 午後 03:30, Jürgen Jaritsch wrote:
Hi,
we also sent them an mail, but their MX is not reachable for us :(
best regards
Jürgen Jaritsch
Head of Network Infrastructure
ANEXIA Internetdienstleistungs GmbH
Telefon:
good isp's / peers are in no particular order
bt
telstra ex psinet uk/eu
colin
Sent from my iPhone
On 17 Jul 2015, at 07:52, Jared Geiger ja...@compuwizz.net wrote:
HE uses Telia for Transit. So you won't gain much redundancy there. I would
go with Cogent if you have lots of European
Ricky Beamwrote:
On Wed, 15 Jul 2015 22:32:19 -0400, Mark Andrews ma...@isc.org wrote:
You can blame the religious zealots that insisted that everything DHCP
does has to also be done via RA's.
I blame the anti-DHCP crowd for a lot of things. RAs are just dumb.
There's a reason IPv4 can do
Rather than a peer, it might be an okay idea to try out peering at NYIIX
(and if the funds permit to get transport, AMS-IX/DE-CIX).
You'll quickly find that peering is *very* useful in Europe, if you have
any EU bound traffic at all.
On 7/17/2015 午後 04:06, Colin Johnston wrote:
good isp's /
Date: Fri, 17 Jul 2015 15:38:13 +0900
Paul S. cont...@winterei.se wrote
I let IIJ know too, hopefully they'll filter it soon.
It seems AS7514 stopped the announcements around 06:54UTC.
I am not sure how BGPmon guesses AS relationships, but it needs
improvements as it shows IIJ as an upstream of
Hi,
we also sent them an mail, but their MX is not reachable for us :(
best regards
Jürgen Jaritsch
Head of Network Infrastructure
ANEXIA Internetdienstleistungs GmbH
Telefon: +43-5-0556-300
Telefax: +43-5-0556-500
E-Mail: j...@anexia.at
Web: http://www.anexia.at
Anschrift Hauptsitz
Hi,
all affected prefixes starts with 37... no other prefixes from AS42473 are
affected.
Best regards
Jürgen Jaritsch
Head of Network Infrastructure
ANEXIA Internetdienstleistungs GmbH
Telefon: +43-5-0556-300
Telefax: +43-5-0556-500
E-Mail: j...@anexia.at
Web: http://www.anexia.at
HE uses Telia for Transit. So you won't gain much redundancy there. I would
go with Cogent if you have lots of European customers and North American
business customers. One not on your list is Level3. They would be strong in
that blend too.
You might also try joining a peering point. You'll gain
any idea why error happened ?
what config needs fixing to mitigate mistake?
it was easy to see problem via ripe atlas :)
colin
Sent from my iPhone
On 17 Jul 2015, at 09:32, Matsuzaki Yoshinobu m...@iij.ad.jp wrote:
Date: Fri, 17 Jul 2015 15:38:13 +0900
Paul S. cont...@winterei.se wrote
I
At 06:15 17/07/2015 +, Jürgen Jaritsch wrote:
Hi,
does anyone else see some prefix hijacks from AS7514? They started to
announce some of our /24
Worldwide.
-Hank
Thanks best regards
Jürgen Jaritsch
Head of Network Infrastructure
ANEXIA Internetdienstleistungs GmbH
Telefon:
Colin Johnston col...@gt86car.org.uk wrote
any idea why error happened ?
what config needs fixing to mitigate mistake?
it was easy to see problem via ripe atlas :)
I just got brief explanation from a friend in AS7514.
A router in their network suddenly went out of control, and it seems
this
At 06:23 17/07/2015 +, Jürgen Jaritsch wrote:
We already informed AS2497 but I have no idea if they we'll cooperate.
All prefixes I see have the first octet as being 2 digits rather than
3. That is common among about 30 different alerts I have
received. Curious if this is common
many web sites are gonna have to upgrade ciphers and get rid of flash.
this will take vastly longer than prudence would dictate.
randy
I contacted 7514. They are aware.
-Seiichi
On 2015/07/17 15:23, Jürgen Jaritsch wrote:
We already informed AS2497 but I have no idea if they we'll cooperate.
Best regards
Jürgen Jaritsch
Head of Network Infrastructure
ANEXIA Internetdienstleistungs GmbH
Telefon: +43-5-0556-300
Hibernia (5580) have good latency throughout Europe and are huge on AMS-IX.
Latency is around 18ms from Edinburgh to Amsterdam and 5ms from London via
their network.
Used them for transit and they gave me a circuit onto AMS-IX too which
could be worth you looking into.
Between the route servers
Well, this block also affects people who have old management hardware
around using such ciphers that are for example no longer supported. In my
case for example the old Dell DRAC's. And it seems there is no way to
disable this block.
Ok, it is good to think about security, but not giving you any
Dictatorship enabled by consensus == Democratic Republic, Welcome to
America!
On 7/17/15 12:17 PM, Joe Maimon wrote:
Owen DeLong wrote:
On Jul 16, 2015, at 15:29 , Joe Maimon jmai...@ttec.com wrote:
All I am advocating is that if ever another draft standard comes
along to enable people
Lee Howard wrote:
On 7/16/15, 4:32 PM, Joe Maimon jmai...@ttec.com wrote:
Lee Howard wrote:
So, you would like to update RFC 1112, which defines and reserves Class
E?
That¹s easy enough. If somebody had a use in mind for the space, anybody
can write such a draft assigning space,
Baldur Norddahl wrote:
On 17 July 2015 at 00:29, Joe Maimon jmai...@ttec.com wrote:
All I am advocating is that if ever another draft standard comes along to
enable people to try and make something of it, lead follow or get out of
the way.
If I understand correctly you want someone (not
On Wed, Jul 15, 2015 at 4:43 PM, Ricky Beam jfb...@gmail.com wrote:
On Wed, 15 Jul 2015 16:20:11 -0400, Lee Howard l...@asgard.org wrote:
Business Class DOCSIS customers get a prefix automatically (unless you
provide your own gateway and DHCPv6 isn¹t enabled).
doesn't the last paranthetical
even if customer router crash fault, should have been filtered via prefix list
blocking to only allow customer network prefixs to be anounced onwards ? as per
best practice
colin
Sent from my iPhone
On 17 Jul 2015, at 09:55, Matsuzaki Yoshinobu m...@iij.ad.jp wrote:
Colin Johnston
On 17/Jul/15 11:46, Matsuzaki Yoshinobu wrote:
Yes, I agree, and we have done that. How about peering partners -
which is our case this time. Is it feasible to maintain strict
inbound prefix filters for all peering relationships?
To be honest, not really.
Some countries I know do this for
On 17.07.2015, at 12:03, Mark Tinka mark.ti...@seacom.mu wrote:
Some countries I know do this for their exchange points. But
by-and-large, it is not scalable. Same goes for AS_PATH lists for peering.
it does scale.
We do this for all our routeservers at all exchange points we operate.
In
On 17/Jul/15 12:47, Wolfgang Tremmel wrote:
it does scale.
We do this for all our routeservers at all exchange points we operate.
In Frankfurt we have 745 peers on our routeservers.
So you have prefix and AS_PATH lists for each of the members you peer
with that strictly define the prefixes
Wolfgang, it's unfair ... you do not have to deal with hardware routers :).
Install AS_PATH ACL and prefix list on a Cisco router (e.g. with an
RSP720-3CXL) and you'll run into lots of pain ...
best regards
Jürgen Jaritsch
Head of Network Infrastructure
ANEXIA Internetdienstleistungs GmbH
Colin Johnston col...@gt86car.org.uk wrote
even if customer router crash fault, should have been filtered via
prefix list blocking to only allow customer network prefixs to be
anounced onwards ? as per best practice
Yes, I agree, and we have done that. How about peering partners -
which is
On Thu, Jul 16, 2015 at 07:59:14AM +0200, Tore Anderson wrote:
* Owen DeLong o...@delong.com
On Jul 15, 2015, at 08:57 , Matthew Kaufman matt...@matthew.at wrote:
This is only true for dual-stacked networks. I just tried to set up
an IPv6-only WiFi network at my house recently, and it
On Fri 2015-Jul-17 12:36:51 -0400, Chuck Anderson c...@wpi.edu wrote:
On Thu, Jul 16, 2015 at 07:59:14AM +0200, Tore Anderson wrote:
* Owen DeLong o...@delong.com
On Jul 15, 2015, at 08:57 , Matthew Kaufman matt...@matthew.at wrote:
This is only true for dual-stacked networks. I just
On Fri, Jul 17, 2015 at 10:47:38AM +, Wolfgang Tremmel wrote:
On 17.07.2015, at 12:03, Mark Tinka mark.ti...@seacom.mu wrote:
Some countries I know do this for their exchange points. But
by-and-large, it is not scalable. Same goes for AS_PATH lists for peering.
it does scale.
We
Owen DeLong wrote:
On Jul 16, 2015, at 15:29 , Joe Maimon jmai...@ttec.com wrote:
All I am advocating is that if ever another draft standard comes along to
enable people to try and make something of it, lead follow or get out of the
way.
Sometimes good leadership is knowing when to say
Robert Drake rdr...@direcpath.com writes:
On 7/17/2015 4:26 AM, Alexander Maassen wrote:
Well, this block also affects people who have old management hardware
around using such ciphers that are for example no longer supported. In my
case for example the old Dell DRAC's. And it seems there
making 99% of the web secure is better than keeping an old 1% working
A fine idea, unless for $reason your application is among the 1% .. nevermind
the arrogance of the I'm sorry Dave sort of attitude.
As an example .. we have a vendor who, in the current release (last 3 months)
still requires
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
The posting is sent to APOPS, NANOG, AfNOG, AusNOG, SANOG, PacNOG,
CaribNOG and the RIPE Routing Working Group.
Daily listings are sent to bgp-st...@lists.apnic.net
For
On Wed, 15 Jul 2015 19:54:37 -0400, Joe Maimon said:
This objection hinges on the assumption that if there is even ONE host
on the network that will not accept that address, then the entire effort
was a waste.
if there's even ONE host isn't the assertion, so do us a favor and don't
claim it
P
Bob Watson
On Jul 17, 2015, at 10:14 AM, Dennis B infinity...@gmail.com wrote:
To Ramy,
Thank you for the acknowledgement. DDoS Mitigation service providers,
regardless if its pure cloud, hybrid cloud, or CPE only, all face these
challenges when it comes to DDoS Attacks.
Can you
FYI, My Note 4, With APN nextgenphone doesn't have IPv6 in Cocoa Florida
(Central Florida region)
Nick Olsen
Network Operations (855) FLSPEED x106
From: Jared Mauch ja...@puck.nether.net
Sent: Wednesday, July 15, 2015 6:38 PM
To: Jake Khuon
(Sorry Michael for the duplicate, forgot to press reply all :P)
No problem making the web more secure, but in such cases I think it would
have been better if you could set this behaviour per site, same as with
'invalid/self signed certs'. And in some cases, vendors use weak ciphers
because they
On Fri, Jul 17, 2015 at 07:14:17PM +, Michael O Holstein wrote:
making 99% of the web secure is better than keeping an old 1% working
A fine idea, unless for $reason your application is among the 1% ..
nevermind the arrogance of the I'm sorry Dave sort of attitude.
First they came for
Weak ciphers? Old (insecure) protocol versions? Open security issues? Vendor
will never provide a patch? Trash goes in the trash bin, no exceptions.
On Fri, Jul 17, 2015 at 10:26:22AM +0200, Alexander Maassen wrote:
Ok, it is good to think about security, but not giving you any chance to
make exceptions is simply forcing users to use another browser in order to
manage those devices, or to keep an old machine around that not gets
updated.
On Fri, 17 Jul 2015 06:25:26 -0400, Christopher Morrow
morrowc.li...@gmail.com wrote:
mean that your UBee has to do dhcpv6? (or the downstream thingy from
the UBee has to do dhcpv6?)
The Ubee router is in bridge mode. Customers have ZERO access to the
thing, even when it is running in
BGP Update Report
Interval: 09-Jul-15 -to- 16-Jul-15 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS9829 216684 5.0% 170.9 -- BSNL-NIB National Internet
Backbone,IN
2 - AS21669
* michael.holst...@csuohio.edu (Michael O Holstein) [Fri 17 Jul 2015, 21:14
CEST]:
making 99% of the web secure is better than keeping an old 1% working
A fine idea, unless for $reason your application is among the 1% ..
nevermind the arrogance of the I'm sorry Dave sort of attitude.
Why do
Why do you upgrade your management systems asynchronously to your
applications? You bring this on yourself.
Perhaps, but SaaS management systems are out of our control. They TELL us
when they upgrade, they do not ASK. A web browser isn't really an application,
you can't wait to upgrade.
Yes, the config option in FF is global .. I'm sure it could be done with an
extension though.
The 'el cheapo' solution that comes to mind is use a Rasberry Pi with dual
ethernet (second via USB) and run Nginx on it .. secure out the front, insecure
out the back. It'd cost you something like
This report has been generated at Fri Jul 17 21:14:51 2015 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org/2.0 for a current version of this report.
Recent Table History
56 matches
Mail list logo