Re: Best TAC Services from Equipment Vendors

I've been reading the "${VENDOR}'s support has really gotten worse lately" threads for pretty much every vendor for the past twenty years. That's not to say they've all been wrong. But it reminds me of those quotes you'll see about how "these kids today are awful and society is going to pot" and

Re: Any comprehensive listing of where Google's IPs originate from?

https://www.peeringdb.com/asn/15169 https://bgp.he.net/AS15169 Your providers,’ peers,’ or other upstreams’ looking glass services. On Mon, Dec 4, 2023 at 12:08 PM Hank Nussbacher wrote: > On 04/12/2023 16:09, Drew Weaver wrote: > > Although not an answer to your specific question, when I

Re: AS8003 mysteries

Is there any significant squatting going on in 2000::/3? Is there any at all? On Thu, Nov 9, 2023 at 5:57 PM Dave Taht wrote: > Well, I found it odd that they announce no IPv6 space. > > On Thu, Nov 9, 2023 at 11:49 AM Tom Beecher wrote: > > > > Didn't think there was much confusion about it

Re: xfinity not working

I had a forced modem upgrade with them earlier this year. I vaguely recall it was not without some frustration, but I managed to get it done. I don’t seem to have a problem logging in at https://login.xfinity.com/login Is it transient or still persisting for you? On Tue, Oct 10, 2023 at 5:07 PM

Re: maximum ipv4 bgp prefix length of /24 ?

Been resisting adding to this thread... But if the assumption is that networks will always eventually totally deaggregate to the maximum, we're screwed. Routing IPv4 /32s would be nothing. The current practice of accepting /48s could swell to about 2^(48 - 3) = 2^45 = 35184372088832. What will

Re: Geolocastion and FF and Whatsapp

Is there something about your Chrome and FF configurations that have them using different DNS sources? For example is one doing DoH and the other using the system resolver? Different DNS servers may be geographically diverse, getting different GLB answers, and sending you to different WhatsApp

Re: Request for assistance with Verizon FIOS connection

Of course, I meant, “not worry about giving customer devices IPv4.” On Sat, Jul 15, 2023 at 11:46 AM Crist Clark wrote: > His IPv6 was staying up. It was only his IPv4 breaking. > > Maybe it’s Verizon’s way of telling you to go IPv6-only and do NAT64/DNS64 > on your home network

Re: Request for assistance with Verizon FIOS connection

His IPv6 was staying up. It was only his IPv4 breaking. Maybe it’s Verizon’s way of telling you to go IPv6-only and do NAT64/DNS64 on your home network. (Only half-joking.) Be good for them to be able to operate the FIOS more like the wireless and not worry about giving customer devices IPv6.

Re: New addresses for b.root-servers.net

IP addresses cannot and should not be trusted. It’s not like you can really trust your packets going to B _today_ are going to and from the real B (or Bs). If the security of DNS relies on no one intercepting or spoofing responses of some of your queries to a root server, it’s been game over for

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps

There are probably a few more than 100 000 ocean going ships in the world. There are maybe 60 000 airliners. They may be able to charge more per unit, maybe several times more, but it’s still orders of magnitude below the size of the consumer market. It’s not like satellite Internet is a new

Re: FCC Chair Rosenworcel Proposes to Investigate Impact of Data Caps

Comcast still has data caps. My service is 1.2 TB per month. If we get close, we get a warning email. If we were to go over (hasn’t happened yet), we get billed per additional 500 MB. However, I just looked at my account usage for the first time for a few months, and somehow have had zero usage

Re: Starlink routing

I suspect, although I have no references, that satellite to ground connectivity is probably more “circuit-based” than per-packet or frame. Iridium has done inter satellite communication for decades. I wonder if it wouldn’t be something very similar. Although it would be totally on-brand for them

Re: Increasing problems with geolocation/IPv4 access

Are you sure it’s really geolocation blocks? Or is it anonymizer and VPN service detection? The geoIP vendors typically sell both since one of anonymizers’ top applications is to evade geolocation. Have customers using peer-to-peer anonymizers wittingly or unwittingly? Customers with malware or

Re: EVPN ESI BUM Forwarding

Thanks for the response. It really doesn't bear directly on my situation, but it does have references to what I need in RFC 8365. Now that I know the terminology for these features, "Split Horizon" and "Local Bias" (neither of which seems to fit very well to me), it's easier to find more info. I

EVPN ESI BUM Forwarding

My google-fu and attempts to dig through all of the standards is failing me. I am trying to understand the mechanism to prevent an ESI designated forwarder from looping BUM traffic. The scenario I am imagining is BUM traffic coming into the fabric on an ESI link on a non-designated member of the

Re: Router ID on IPv6-Only

As I said in the original email, I realize router IDs just need to be unique in an AS. We could have done random ones with IPv4, but using a well chosen address assigned to the router guarantees uniqueness as well as some other useful properties. I was wondering if people had some ways to do

Router ID on IPv6-Only

During some IPv6 numbering discussions at work today, someone had a question that I hadn't really considered before. How to choose 32-bit router IDs for IPv6-only routers. Quick background. We have a requirement to convert a significant portion of our network to IPv6-only over the next few years.

Re: email spam

>From the timeline here, https://wjla.com/news/local/timeline-darren-thornton-sex-crime-case-fairfax-county-public-schools-fcps-virginia-what-we-know-arrest-charges-conviction-chesterfield-county-police-hiring-firing-corrections The outbound mail DID bounce. And the bounce message is what ended

Re: Mystery MAC address

The vendor code C0-EA-E4 looks like Sonicwall. It’s not going unusual for a device take a global address on the device and flip the local bit for some other use. On Fri, Jul 8, 2022 at 10:13 AM Saku Ytti wrote: > Technically the right most is multicast bit, the 2nd right most is locally >

Re: What say you, nanog re: Starlink vs 5G?

A decade ago I recall Globalstar, yet another LEO phone service, had been trying to work out a partnership with a terrestrial carrier that could use their spectrum allotment. It was purely a business move. Nothing technical about it. Spectrum is valuable, and they were trying to find a way to

FCC vs FAA Story

There was a lively thread on NANOG about the FCC and FAA conflict over G5 spectrum and altimeters when it all came to a head early this year. ProPublica published an investigative report on it last week, https://www.propublica.org/article/fcc-faa-5g-planes-trump-biden Whaddya know. Plenty of

Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts

FIDO2. On Tue, May 24, 2022 at 1:32 PM Matt Harris wrote: > Matt Harris​ > | VP of Infrastructure > 816‑256‑5446 > | Direct > Looking for help? > *Helpdesk* > | *Email Support* > > We build customized end‑to‑end technology solutions powered by NetFire Cloud. > On

Re: IPv6 "bloat"

This is going to be one of the big things the US Federal govt requirements for agencies to meet the IPv6-only benchmarks will need. Solutions and products are going to have to mature quickly for agencies to hit 80% IPv6-only by end of FY25. On Sun, Mar 20, 2022 at 4:38 PM Owen DeLong via NANOG

Re: Starlink terminals deployed in Ukraine

So they’re going to offer the service to anyone in a denied area for free somehow? How do you send someone a bill or how do they pay it if you can’t do business in the country? On Mon, Feb 28, 2022 at 4:39 PM Jay Hennigan wrote: > On 2/28/22 16:17, Michael Thomas wrote: > > > As a practical

Re: OT: IPSec Transport vs Tunnel modes (Was: VPN recommendations?)

It's not like IPsec protocols (it's a suite of protocols and concepts, not one) are proprietary or something. There are pretty ASCII pictures in RFCs with all about how the packets are put together. See section 3 of RFC 4303 to see how ESP transport and tunnel mode datagrams are put together. For

LLDP Source MAC

Came across some endpoint behavior that caused some confusion with a MAC authentication bypass (MAB) setup, and I was wondering if this is some kind of well known behavior. The endpoints (Pure storage arrays) are using the expected MAC addresses, both fixed and a “virtual” shared MAC for 99.9% of

Re: 10 years from now... (was: internet futures)

It’s not like Starlink is anything brand new. Iridium and Globalstar both do Internet from LEO. It wasn’t their primary service, voice was/is, but they could do it in a half-a** manner. Starlink isn’t going to become big in China without bowing to the GFW ‘cause how do you bill for it if you

Network Gear Seismic Tolerances

I've been living and working in earthquake country for many years. The primary focus I've always encountered for network gear is to make sure it is properly secured to the racks and the racks properly secured to the building (and hope the building is well secured). I'm working on a project now

Re: Why are IPsec SAs unidirectional

I think there are a number of reasons. For example, anti-replay would be harder to implement on a bi- directional SA. Encryption and authentication algorithms may be asymmetric, so defining a bi-directional SA for those would be more complicated. For multicast, bi-directional also doesn’t make

Re: Hulu thinks all my IP addresses are "business class", how to reach them?

Probably because a market would quickly pop up to sell or rent accounts created in one region to others. On Thu, Nov 21, 2019, 2:32 AM t...@pelican.org wrote: > On Wednesday, 20 November, 2019 21:25, "William Herrin" > said: > > > This is why you don't go after Hulu. You go after the content

Re: Free Program to take netflow

Been loving Elastiflow. Way overkill for what you need, but it's actually pretty easy to setup. https://github.com/robcowart/elastiflow On Fri, May 17, 2019 at 7:25 AM Dennis Burgess via NANOG wrote: > > I am looking for a free program to take netflow and output what the top > traffic ASes to

Re: Cleveland/Cincinnati Co-location

On Sun, Jan 6, 2019 at 2:52 PM Ross Tajvar wrote: > I’m not sure if you have to be in Cleveland or Cincinnati, but Cyxtera has >> an AMAZING data center in Columbus. (The DC can withstand winds up 140 MPH, >> is on the Century Link backbone, and has a solid rubber roof with no holes >> or

Re: Dyn DDoS this AM?

Given the scale of these attacks, whether having two providers does any good may be a crap shoot. That is, what if the target happens to share the same providers you do? Given the whole asymmetry of resources that make this a problem in the first place, the attackers probably have the resources

Another puck.nether.net Outage?

There hasn't been a any traffic on the puck.nether.net list to which I am subscribed since the 10th. I sent something to cisco-nsp yesterday and retried today, and nothing has come through. Is it me or puck? I apologize for using NANOG for this, but jared's email is puck.nether.net too;

Re: Point to Point Ethernet request

Got 10 GbE service from a data center in Santa Clara to a campus in San Mateo California from Comcast. Been pretty solid. Only blips have been anounced maintenance. When I have contacted support, I really can't complain. It's L2. I see my BPDUs and LLDPDUs come through. So, yeah, it exists.

Microsoft Exchange Public Cloud Contact

Looking for some help from anyone associated with Microsoft's cloud email service. As of last Thursday, customers of Microsoft Exchange Online and other Microsoft email services could no longer send us email. We are not a Microsoft customer, so I'm not sure of how to get help on this. I think I

Re: IP Address Management IPAM software for small ISP

Infoblox just started offering the IPAM portion of their software for free, http://www.infoblox.com/en/resources/software-downloads/ip-address-management-freeware.html We've been using the full-blown commercial appliances (IPAM, DHCP, and DNS), not the freeware. I don't know exactly how it works

Re: The state-level attack on the SSL CA security model

On 3/29/2011 at 12:30 AM, Florian Weimer fwei...@bfk.de wrote: * Crist Clark: Any large, well funded national-level intelligence agency almost certainly has keys to a valid CA distributed with any browser or SSL package. It would be trivial for the US Gov't (and by extension, the whole

Re: The state-level attack on the SSL CA security model

this capability. Commercial SSL/TLS, i.e. using built-in CAs, offers no protection against nation-states at the intelligence or law enforcement level. -- Crist Clark Network Security Specialist, Information Systems Globalstar 408 933 4387

Re: IPv6: numbering of point-to-point-links

). Is there another reason? -- Crist Clark Network Security Specialist, Information Systems Globalstar 408 933 4387

Re: IPv6 rDNS

53/tcp is perhaps second only to dropping all incoming ICMP in the quest to be the most widely deployed and severely broken thing done in the name of Internet security. -- Crist Clark Network Security Specialist, Information Systems Globalstar 408 933 4387

Re: RIP Justification

On 9/29/2010 at 4:24 PM, Joe Greco jgr...@ns.sol.net wrote: where the RIP protocol is useful? Please excuse me if this is the = incorrect forum for such questions. RIP has one property no modern protocol has. It works on simplex = links (e.g. high-speed satellite downlink with

Inquiries to Acquire IPs

We got a strange and out of the blue inquiry from someone wishing to pay us for a chunk of our ARIN allocation, Hello, According to Whois data, you company owns the following IP address space: 206.220.220.0/24 We would like to get this block of IP addresses for our business needs. Is it

Re: Inquiries to Acquire IPs

this to a RIPE list, http://www.ripe.net/ripe/maillists/archives/address-policy-wg/2010/msg00038.html On 7/2/2010 at 11:46 AM, Crist Clark crist.cl...@globalstar.com wrote: We got a strange and out of the blue inquiry from someone wishing to pay us for a chunk of our ARIN allocation, Hello

Re: Sending ARP request to unicast MAC instead of broadcast MAC address?

On 6/16/2010 at 3:57 PM, Chris Woodfield rek...@semihuman.com wrote: OK, this sounds Really Wacky (or, Really Hacky if you're into puns) but there's a reason for it, I swear... Will typical OSS UNIX kernels (Linux, BSD, MacOS X, etc) reply to a crafted ARP request that, instead of having

Re: Spamhaus...

On 2/18/2010 at 2:40 AM, Michelle Sullivan matt...@sorbs.net wrote: Laczo, Louis wrote: Folks, I'm looking for comments / suggestions / opinions from any providers that have been contacted by spamhaus about excessive queries originating from their DNS resolvers, typically, as a proxy for

Re: Spamhaus...

On 2/18/2010 at 11:47 AM, Michelle Sullivan matt...@sorbs.net wrote: Crist Clark wrote: We received such a message from a Spamhaus Datafeed reseller and eventually had our DNS servers blocked. What angered me was that I analyzed our usage, and we were well below the thresholds and met

.ve WHOIS is Back (was: Re: .ve WHOIS Down?)

On 2/8/2010 at 7:28 PM, Nathan Ward na...@daork.net wrote: On 9/02/2010, at 2:13 PM, Crist Clark wrote: For want of a better place to ask, I'm wondering if anyone monitoring this list might know what is up with the registro.nic.ve web site. The WHOIS at www.nic.ve refers to that site

Re: .ve WHOIS Down?

On 2/8/2010 at 7:17 PM, Doug Barton do...@dougbarton.us wrote: On 02/08/10 17:13, Crist Clark wrote: For want of a better place to ask, I'm wondering if anyone monitoring this list might know what is up with the registro.nic.ve web site. The WHOIS at www.nic.ve refers to that site

.ve WHOIS Down?

For want of a better place to ask, I'm wondering if anyone monitoring this list might know what is up with the registro.nic.ve web site. The WHOIS at www.nic.ve refers to that site, and it appears to be down (for me and downforeveryoneorjustme.com too). Doing old fashioned native WHOIS isn't

Re: lawful intercept/IOS at BlackHat DC, bypassing and recommendations

On 2/4/2010 at 12:27 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Thu, Feb 4, 2010 at 3:19 PM, Gadi Evron g...@linuxbox.org wrote: That peer-review is the basic purpose of my Blackhat talk and the associated paper. I plan to review Cisco’s architecture for lawful intercept and

Contact w/ clue re: ATT SMS email gateway?

On 9/17/2009 at 12:03 PM, Dave Pascoe davek...@gmail.com wrote: Recently something seems to have changed with the @txt.att.net email to SMS gateway. Messages sent through the gateway suffer from the following: 1) Long delay in reaching the phone (intermittent) (yes I know there is no

Re: DNS ed.gov translations

You just flashed me back to alt.fan.warlord. That .sig is nothing. No ASCII sword or any BUAG involved at all. On 5/29/2009 at 12:04 AM, Warren Bailey wbai...@gci.com wrote: I elect Ralf as owner of the longest email signature in history.. - Original Message - From: Ralf Weber

MRTG in Fourier Space

Maybe a slightly off topic math-geek kind of question to take time out from the ARIN/death-of-IPv4/IPv6-evangalist thread of the week. Has anyone found any value in examining network utilization numbers with Fourier analyses? After staring at pretty MRTG graphs for a bit too long today, I'm

RE: Fiber cut in SF area

On 4/13/2009 at 1:12 PM, Peter Beckman beck...@angryox.com wrote: On Mon, 13 Apr 2009, Scott Weeks wrote: --- beck...@angryox.com wrote: I still think skipping the securing of manholes and access points in favor of active monitoring with offsite access is a better solution. The only

Re: Network diagram software

On 2/11/2009 at 3:15 PM, j...@miscreant.org wrote: Quoting Mathias Wolkert mathias.wolk...@gmail.com: I'd like to know what software people are using to document networks. Visio is obvious but feels like a straight jacket to me. I liked netviz but it seems owned by CA and unsupported

Re: Tracking the DNS amplification attacks (was: isprime DOS in progress)

On 1/24/2009 at 4:50 PM, Brian Keefer ch...@smtps.net wrote: Caveat: my PERL is _terrible_. http://www.smtps.net/pub/dns-amp-watch.pl This assumes you're using BIND. My logs roll on the hour, so I run it from cron at 1 minute before the hour. Depending on how long it takes to

Re: DNS Amplification attack?

On 1/20/2009 at 7:23 PM, Mark Andrews mark_andr...@isc.org wrote: In message 20090121140825.xwdzd4p64kgwo...@web1.nswh.com.au, j...@miscreant.or g writes: On Tue, Jan 20, 2009 at 9:16 PM, Kameron Gasso kgasso-li...@visp.net wro= te: We're also seeing a great number of these, but the

Re: Leap second tonight

On 1/5/2009 at 1:19 PM, Peter Beckman beck...@angryox.com wrote: I've gleened from this thread that: * everyone uses UTC, or should, because UTC is a uniform time scale, except for those leap seconds Local time is totally appropriate in some circumstances, but it is pretty much

Re: NAT66 and the subscriber prefix length

On 11/18/2008 at 11:03 AM, Tim Durack [EMAIL PROTECTED] wrote: On Fri, Nov 14, 2008 at 2:28 PM, Mikael Abrahamsson [EMAIL PROTECTED]wrote: On Fri, 14 Nov 2008, [EMAIL PROTECTED] wrote: Not long ago, ARIN changed the IPv6 policy so that residential subscribers could be issued with a /56

Re: Telstra NOC

On 10/22/2008 at 12:20 PM, Charles Wyble [EMAIL PROTECTED] wrote: http://www.telstra.com.au/abouttelstra/images/media/photos/73764g2_hires.jpg The date on the screen, June 30, 1999. I was wondering about the absence of any LCD displays until I saw that. The number of CRTs in that room without

Procedure to Change Nameservers

This should be easy. But sometimes things that seem like they should be easy are not. I want to change the nameservers for a bunch of domains. Really, all I want to do is change the IP address, but it seems easier just to change both the name and IP to avoid any possibility of confusion. However,

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

On 8/20/2008 at 1:54 AM, Iljitsch van Beijnum [EMAIL PROTECTED] wrote: On 20 aug 2008, at 3:31, Randy Bush wrote: matsuzaki-san's preso, i think the copy he will present next week at apops: http://www.attn.jp/presentation/apnic26-maz-ipv6-p2p.pdf He (she?) says packets will

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

On 8/20/2008 at 11:57 AM, Iljitsch van Beijnum [EMAIL PROTECTED] wrote: On 20 aug 2008, at 20:34, Crist Clark wrote: On a true P-to-P link, there is no netmask, no? A netmask is a concept that applies to broadcast media, like Ethernet. Even if you only have two hosts on an Ethernet link

Re: Traceroute and random UDP ports

On 8/13/2008 at 6:13 AM, Jeff Aitken [EMAIL PROTECTED] wrote: On Wed, Aug 13, 2008 at 07:56:53AM -0500, John Kristoff wrote: Also, why do we increase the UDP port number with each subsequent traceroute packet that is sent? I don't know definitively, but I have an of educated guess From

Comcast Users, Time to Change Your Password

I'm getting connection refused from Comcast's POP3 servers, mail.comcast.net. Related to this? http://www.theregister.co.uk/2008/05/29/comcast_domain_hijacked/ Oh, NetSol... Comcast Let the finger pointing begin. -- Crist J. Clark [EMAIL PROTECTED]