Re: Stupid Question maybe?

Sent from my iPhone > On Dec 17, 2018, at 9:36 PM, Joe wrote: > > Recently, I was made aware that a class "A" was indeed a /8 and a class "B" > was actually a /12 (172.16/172.31.255.255) while a class "C" is actually a > /16. You had it right to start with. A is (was) /8, B is /16, C is

Email security: PGP/GPG & S/MIME vulnerability drop imminent

This is likely bad enough operators need to pay attention. @seecurity tweeted: "We'll publish critical vulnerabilities in PGP/GPG and S/MIME email encryption on 2018-05-15 07:00 UTC. They might reveal the plaintext of encrypted emails, including encrypted emails sent in the past. #efail 1/4"

Re: Proof of ownership; when someone demands you remove a prefix

Ownership?... (Duck) -george Sent from my iPhone > On Mar 12, 2018, at 4:11 PM, Randy Bush wrote: > > it's a real shame there is no authorative cryptographically verifyable > attestation of address ownership.

Re: improving signal to noise ratio from centralized network syslogs

From the systems side we got HoneycombIO which shifts a bit to calling itself events rather than logs management. I don't know anyone else who's tried using it for networks per se but that's on my "interesting tech tools explorations" medium length list. -george Sent from my iPhone > On

Re: GCSC critical infrastructure protection questions: your input needed.

That's a good question. Part of the problem is that the line between defense and offense, between intelligence gathering and attacking is more muddy than with "real weapons". Movies aside, you don't do intelligence gathering with guns in peacetime. Bringing guns makes it paramilitary

Re: supermicro server visio templates

I emailed supp...@supermicro.com When I needed them, I think, but those I had are years obsolete now and lurking in a corner somewhere. Sent from my iPhone > On Aug 10, 2017, at 8:42 PM, Christopher Morrow > wrote: > > https://miketabor.com/tools/ > > mike seems to

Re: Ingress filtering from an external cloud service to the internal network

You can usually run OpenVPN from a cloud host. The source IP changing possibly should require only one open exception to the local VPN termination point. Better, find a cloud that doesn't do that shit with changing endpoints and gives you real VPNs. What sort of cloud doesn't these

AS9498 Bharti BGP hijacks

Hey, Bharti, knock that off. http://bgpstream.com/event/78126 http://bgpstream.com/event/78125 http://bgpstream.com/event/78124 http://bgpstream.com/event/78123 http://bgpstream.com/event/78122 Sent from my iPhone

Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

> On Mar 17, 2017, at 10:28 AM, valdis.kletni...@vt.edu wrote: > > On Fri, 17 Mar 2017 17:42:11 +0100, Bjørn Mork said: >> Well, it was a nice smoke test of the "RDNS required" anti-feature. All >> of a sudden we couldn't even send email to ourselves, having smarthosts >> in one of the

Re: Dyn DDoS this AM?

Oh god, you invoked @popehat ... [dyndds and its customers sue XiongMai, the OEM integrators, and Does 1-10,000,000 who own the devices for neglegence?...] Sent from my iPhone > On Oct 21, 2016, at 8:29 PM, Chris Woodfield wrote: > > As a Twitter network engineer (and

Re: Dyn DDoS this AM?

> On Oct 21, 2016, at 6:35 PM, Eitan Adler wrote: > > [...] > > In practice TTLs tend to be ignored on the public internet. In past > research I've been involved with browser[0] behavior was effectively > random despite the TTL set. > > [0] more specifically, the

Re: Chinese root CA issues rogue/fake certificates

> On Sep 1, 2016, at 3:10 AM, Matt Palmer wrote: > > How the hell do you get from "the world does not work that way" to "please > pitch me your consulting services"? You appear ignorant of what real DR / resiliency can do, as do your local providers if they said that.

Re: Chinese root CA issues rogue/fake certificates

> On Sep 1, 2016, at 3:19 AM, Stephane Bortzmeyer wrote: > > On Thu, Sep 01, 2016 at 11:36:57AM +1000, > Matt Palmer wrote > a message of 45 lines which said: > >> I'd be surprised if most business continuity people could even name >> their cert

Re: Chinese root CA issues rogue/fake certificates

> On Aug 31, 2016, at 6:36 PM, Matt Palmer wrote: > > there's just wy too many sites using WoSign (and StartCom) for the > CAs' roots to just be pulled. Sad, but true. Not even. Pull away. > I'd be surprised if most business continuity people could even name their

Re: A simple proposal

On May 16, 2014, at 9:28 AM, McElearney, Kevin kevin_mcelear...@cable.comcast.com wrote: will likely have negative consequences all around. Actually, pretty focusedly more negative for the middlemen trying to charge for those packets' transit of their networks. -george william herbert

Re: Requirements for IPv6 Firewalls

use of the technology. -george william herbert george.herb...@gmail.com

Re: Requirements for IPv6 Firewalls

in the last decade. And SPOF is changing the goalposts; nobody single-strings anything at scale. -george william herbert george.herb...@gmail.com Sent from Kangphone

Re: misunderstanding scale

for 15 years. But you'd better pull it out now. Each of these phases is well understood *and we're here now*... -george william herbert george.herb...@gmail.com Sent from Kangphone

Re: Filter NTP traffic by packet size?

BCP 38 implementation will rise fast enough that these things will not become real, but we have been hearing that for 15 plus years now... At some point, the 38 will work by itself! line approaches Look at the Emperors' fine new clothes!. -george william herbert george.herb...@gmail.com Sent

Re: ARIN Wants Your Feedback

Gentlemen! Cease this infernal internal bickering! If we do not make common cause against the one true enemy, the User, all is lost! ... -george william herbert george.herb...@gmail.com Sent from Kangphone On Feb 13, 2014, at 11:15 PM, Owen DeLong o...@delong.com wrote: On Feb 13

Re: Updated ARIN allocation information

global announcement and internal side split-out... -george william herbert george.herb...@gmail.com Sent from Kangphone On Jan 31, 2014, at 5:14 PM, Owen DeLong o...@delong.com wrote: I will attempt to clarify this once more... When I wrote the policy which created this set-aside space

Re: Is there a method or tool(s) to prove network outages?

an issue. -george william herbert george.herb...@gmail.com Sent from Kangphone

Re: DNS Reliability

a backup registrar available spun up... -george william herbert Sent from Kangphone

Re: DNS Reliability

. Honest! The worry is bimodal. Most small sites, two or three servers, stop worrying. Most medium sites, watch your server load and run external monitoring. Most big sites are not sufficiently paranoid / redundant here. -george william herbert Sent from Kangphone

Re: Fiber cut in SF area

Matthew Petach wrote: George William Herbert gherb...@retro.com wrote: Matthew Petach writes: protected rings are a technology of the past. Don't count on your vendor to provide redundancy for you. Get two unprotected runs for half the cost each, from two different providers

Re: Fiber cut in SF area

there. -george william herbert gherb...@retro.com

Re: Fiber cut in SF area

I had written in a NANOG reply: Mike Lyon writes: Anyone know where the actual cut is? According to SF Chronicle: http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2009/04/09/BAP816VTE6.DTLtsp=1 The fiber-optic cables were severed shortly before 1:30 a.m. along Monterey Highway north of Blossom

Re: Fiber cut in SF area

Scott Doty wrote: (Personally, I can think of a MAE-Clueless episode that was worse than this, but that was in the 90's...) The gas main strike out front of the building in Santa Clara? Or something else? -george william herbert gherb...@retro.com

Re: v6 DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)]

got to set IPv6 up to be a more perfect way forward is not scaling. And 20 years between protocol design and rollout is absurd and insulting. -george william herbert gherb...@retro.com

Re: an over-the-top data center

rooms) is normal it's no big deal. You can have the floor covered in an inch of water and the air be perfectly safe humidity for systems (just don't drop a live power cable in the water...). I wouldn't do this personally, but if done right it should be safe. -george william herbert [EMAIL PROTECTED]

Re: an over-the-top data center

(we're not hosting routers in closets anymore) that it's legit for some discussion. The plants and waterfalls is probably drifting a bit far afield, though... -george william herbert [EMAIL PROTECTED]

Re: an over-the-top data center

This discussion about plants, waterfalls and humidity is getting more and more off-tropic... Humidity is not off topic for a general or specific datacenter conversation - it's a fairly routine issue in facilities. *woosh* tropic... not topic. It's a joke. :) D'oh. Serves me right for

Re: routing around Sprint's depeering damage

anywhere, but they won't get a chance to become it again anywhere unless either they agree to stop playing peering games, or can lower prices to be competitive with networks with equivalent outage risks. I will not pay a premium cost for inferior ultimate reliability. -george william herbert [EMAIL

Re: routing around Sprint's depeering damage

. Not to be alarmist, but what the @[EMAIL PROTECTED]@#(*$% ? -george william herbert [EMAIL PROTECTED]

Re: routing around Sprint's depeering damage

some, is nonzero and in some cases significantly high. The only way to actually reliably defeat that risk is to walk your ISP up the size chart to Tier 1 and total control of what you talk to. That was a much more attractive path in the mid-late 90s than it is today. -george william herbert [EMAIL

Re: Sprint v. Cogent, some clarity facts

on some legal protection about best-effort to route to rest of world. It never fails to impress me how many people have little clue, though... -george william herbert [EMAIL PROTECTED]

Re: DSL at MAE-East

without going to Iridium or Hughesnet. -george william herbert [EMAIL PROTECTED]