Re: U.S. test of national alerts on Oct. 4 at 2:20pm EDT (1820 UTC)

people can't be trusted and sends ALL alerts at the "national alert" priority. (When Canada last tested in May, I had my phone on silent - the alert vibrated but did not make noise - which is a slight improvement, I guess). -- Harald Koch c...@pobox.com

Re: Survey on the use of IP blacklists for threat mitigation

ilter list, etc. are all more precise terms that happen to be easier for everyone to understand. Improving technical jargon is always worthwhile. -- Harald Koch c...@pobox.com

Re: understanding IPv6

On Sun, Jun 7, 2020, at 12:02, Brandon Martin wrote: > This is difficult to understate. "People" are continually amazed when I > show them that I can leave TCP sessions up for days at a time (with > properly configured endpoints) with absolutely zero keepalive traffic > being exchanged. On

Re: Jenkins amplification

Jenkins, like a zillion other developer-oriented tools, should never be deployed Internet-facing. Reflection attacks inside an enterprise are handled by HR. :) -- Harald Koch c...@pobox.com

Re: What can ISPs do better? Removing racism out of internet

On Mon, Aug 5, 2019, at 11:30, Mel Beckman wrote: > Keith, what could be more on-topic than an ISP’s status as a common > carrier? Seems pretty operational to me. American ISPs are not common carriers. When net neutrality was revoked on December 14, 2017, so was ISP's common carrier status /

Re: Widespread Firefox issues

check if you have studies enabled by going to Firefox Preferences -> Privacy & Security -> Allow Firefox to install and run studies. You can disable studies again after your add-ons have been re-enabled. We are working on a general fix that doesn’t need to rely on this and will keep yo

Re: NTP question

ose lands on the transfer switch, shorting it out and disconnecting street, UPS, and generator. TBH I wasn't monitoring NTP at the time, being slightly more concerned with critical applications, so I concede your point :) -- Harald Koch c...@pobox.com

Re: NTP question

ked everyone out. Time is hard :) -- Harald Koch c...@pobox.com

Re: WIndows Updates Fail Via IPv6 - Update!

create those knobs for firewalls. My experience then (and now, with my current employer) is that admins turn every knob you give them up to eleven; there is no finesse. The only answer was, and is, to remove the knobs altogether. (Can I join the choir too? :) -- Harald Koch c...@pobox.com

Re: Facebook doesn't have a route to my ISP's (Cogeco) IPv6 space?

der in Canda is still offering IPv6 as a best-effort, unsupported service. As a former Canadian networking guy, this ... angers me. Good luck ...) -- Harald Koch c...@pobox.com

Re: Unsolicited LinkedIn requests

LinkedIn has a "I don't know this person" option when you decline an invitation. If a user gets too many of those they're kicked, because LinkedIn is explicitly about making cyber connections that you already had IRL. -- Harald

Re: Any Gmail Admins on here?

chilli.nosignal.org has an SSL certificate that expired in *July*. -- Harald On Thu, 25 Oct 2018 at 12:48, Mike Hammett wrote: > https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop > > > > - > Mike Hammett > Intelligent Computing Solutions >

Re: Time to add 2002::/16 to bogon filters?

20 years from now when the IETF decides to reclaim / repurpose that prefix, y'all are going to have to run around removing it from your filters again... -- Harald

Re: IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

On 1 March 2018 at 18:48, Mark Andrews wrote: > ULA provide stable internal addresses which survive changing ISP > for the average home user. Yeah this is pretty much what I'm doing. ULA for stable, internal addresses that I can put into the (internal) DNS: ISP prefixes for

IPv6 Unique Local Addresses (was Re: New Active Exploit: memcached on port 11211 UDP & TCP being exploited for reflection attacks)

On 1 March 2018 at 15:18, Owen DeLong wrote: > Second, RFC-1918 doesn’t apply to IPv6 at all, and (fortunately) hardly > anyone > uses ULA (the IPv6 analogue to RFC-1918). > Wait. What's the objection to ULA? Is it just that NAT is bad, or is there something new? -- Harald

Re: IPv4 smaller than /24 leasing?

"IPv6 available upon request. " LOL. -- Harald

Re: Waste will kill ipv6 too

On 20 December 2017 at 13:23, Mike wrote: > in IPv4 for example, when you assign a P2P > link with a /30, you are using 2 and wasting 2 addresses. But in IPv6, > due to ping-pong and just so many technical manuals and other advices, > you are told to "just use a

Re: Companies using public IP space owned by others for internal routing

On 17 December 2017 at 17:48, Tom Carter wrote: > RFC1918 isn't big enough to cover all use cases. Think about a large > internet service providers. If you have ten million customers, 10.0.0.0/8 > would be enough to number modems, but what happens when you need to number >

Re: Companies using public IP space owned by others for internal routing

On 17 December 2017 at 17:57, James Downs wrote: > Unless there isn't.. I've worked at more than one company that had used up > all the private space. Then you have the cases where some M causes > overlapping IP space. > Or places like Ontario, where the government runs a registry

Re: Novice sysadmins

On 6 December 2017 at 13:51, Stephen Satchell wrote: > What professional engineers you mentioned do can kill people. I have yet > to hear of anyone dying from a sysadmin or netadmin screwing up. > Oh c'mon. Now you're being deliberately obtuse. I work IT for a hospital.

Re: Novice sysadmins (was: Suggestions for a more privacy conscious email provider)

Thirty years ago I started my sysadmin journey on an Internet that was filled with helpful, experienced people that were willing to share their knowledge. Twenty years ago I was one of three people running CA*net, the cross-Canada research Internet with three connections to the NSFnet. I don't

Re: Question about Customer Population by ASN for Canada

On 2 October 2017 at 16:17, Eric Dugas wrote: > > > e.g. Teksavvy at 937,855 estimated users. How can they have 937,855 users > if they "only" have 686,848 IPv4 (https://bgp.he.net/AS5645)? > I have one IPv4 and five users in my household... -- Harald (teksavvy

Re: Bell outage

parallel around the lake and > at certain points is collapsed into one right of way. > To generalise - most of Canada's population lives within 160 km of the US border. That's a 8800 km long, but very skinny piece of territory, and that makes finding geographically diverse routes ... challeng

Re: Domain renawals

There are still many registrars that don't support DNSSEC (possibly only for a subset of TLDs), and/or have an unusable or cumbersome interface for adding DNSSEC glue. Just another thing to watch out for...

Re: Netflix banning HE tunnels

My son came home from uni and complained that Netflix wasn't working - which turned out to be my HE tunnel. So I blocked a few suggested IPv6 addresses, and everything is now fine. Except that using IPv6 was connecting to some Netflix servers in the US of A, and using IPv4 connects to the local

Re: Netflix VPN detection - actual engineer needed

On 6 June 2016 at 19:40, Owen DeLong wrote: > > The problem is that some users travel and they try to watch Netflix using > their home account in far away lands. > Interestingly, audible.com (the audio book people) actually warn you about this up front - they point out on their

Re: Stop IPv6 Google traffic

On 10 April 2016 at 10:36, Filip Hruska wrote: > If I'm not mistaken, when there is some "abuse", > Google typically shows captcha for the single IPs, not for whole provider, > so only the customers who actually do something nefarious should get > flagged. > You are mistaken.

Re: Quick Update on the North American BCOP Efforts

On 1 October 2015 at 00:37, Chris Grundemann wrote: > > Those that have the information are mostly busy > engineers, for whom writing documentation is not their favorite thing. > There's also the issue that if you ask two NANOG engineers a technical question you'll get

Re: Ear protection

I use Etymotic earplugs on my motorcycle as well as in other loud environments, because they attenuate "without loss of clarity": http://www.amazon.com/Etymotic-Research-ETY-Plugs-Protection-Earplugs/dp/B0044DEESS ​ -- Harald

Re: Dual stack IPv6 for IPv4 depletion

On 9 July 2015 at 09:11, Mike Hammett na...@ics-il.net wrote: I think you're confusing very common for a tech guy and very common for the common man. I have a dozen or two v4 subnets in my house. Then again, I also run my ISP out of my house, so I have a ton of stuff going on. I can't even

Re: Dual stack IPv6 for IPv4 depletion

On 9 July 2015 at 11:42, Matthew Huff mh...@ox.com wrote: What am I missing? Is it just the splitting on the sextet boundary that is an issue, or do people think people really need 64k subnets per household? One thing you're missing is that some of these new-fangled uses for IP networking

Re: gmail security is a joke

On 26 May 2015 at 23:43, Anil Kumar aku...@anilkumar.com wrote: According to this page, the 2-factor authentication does kick in when you finally try to reset the password. http://webapps.stackexchange.com/questions/27258/is-there-a-way-of-disabling-googles-password-recovery-feature “… I

Re: gmail security is a joke

On 26 May 2015 at 11:32, Alex Brooks askoorb+na...@gmail.com wrote: Can you not set account recory options which change the way password reset requests are handled. https://support.google.com/accounts/answer/183723 Gives some guidance? Alex Unfortunately, setting these options does not

Re: Any google network admins out there?

On 4/4/2015 3:11 AM, Lou Ashtonhurst wrote: Randy, you can just use the contact details on their page about it: https://support.google.com/websearch/contact/ban Ask them for the netflow or other source of proof. My understanding was they blocked on /32s not larger subnets which would

Re: Comcast thinks it ok to install public wifi in your house

On 10 December 2014 at 21:50, Mr Bugs b...@debmi.com wrote: however they use a separate DOCSIS and 802.11 channel so if would follow that it would be a separate IP tied to comcast corporate and not the subscriber as well as not taking up your bandwidth. IIRC there are only three

Re: Credit to Digital Ocean for ipv6 offering

On 19 June 2014 14:07, Daniel Ankers md1...@md1clv.com wrote: How does it use those 6 /64s? That seems to be getting towards the interesting times where the way devices work with v6 is very different to how they would have worked with v6 Bridging between (slow) 802.11 and (fast) ethernet

Re: yahoo.fr is no longer interested in your abuse reports.

On 11 June 2014 16:41, goe...@anime.net wrote: It's the content. They're spamfiltering their abuse mailbox. As supporting evidence I offer the fact that this entire conversation ended up in my (Google) Junk folder. -- Harald

Re: NAT IP and Google

On 20 May 2014 10:27, William Waites w...@styx.org wrote: IPv6? Might help if all your hosts have their own IPv6 addresses - doesn't help if you run an http proxy. Google blacklists my (personal) IPv6 proxy at least once a month. -- Harald

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

On 7 September 2013 17:08, Paul Ferguson fergdawgs...@mykolab.com wrote: Preliminary analysis of more than 25,000 traceroutes reveals a phenomenon we call ‘boomerang routing’ whereby Canadian-to-Canadian internet transmissions are routinely routed through the United States. I sincerely hope

Re: Vancouver IXP - VanTX - BCNet

On 20 August 2013 09:05, Randy Bush ra...@psg.com wrote: ok, i have heard privately from folk who i respect. cira seems to be on the up and up and doing good professional work. haha. yes, because Canadians are normally so sinister and nefarious...

Re: It's the end of the world as we know it -- REM

Meanwhile, consumer-grade IPv6 still sucks, at I have to turn off IPv6 to watch YouTube videos levels of suck...

Re: IPV6 in enterprise best practices/white papaers

On 30 January 2013 02:39, Jussi Peltola pe...@pelzi.net wrote: High density virtual machine setups can have 100 VMs per host. Each VM has at least a link-local address and a routable address. This is 200 groups per port, 9600 per 48 port switch. um - let's compare apples to apples here - 100

Re: IPV6 in enterprise best practices/white papaers

On 26 January 2013 17:38, Mark Andrews ma...@isc.org wrote: As for breaking your LAN, if the applications take 60 seconds to fallback to the other address they were already broken. Go complain to your application vendor. Some vendors have already fixed this problem with their applications.

Re: Adding GPS location to IPv6 header

This also naively assumes that wireless network topology correlates with geographic location. Any radio engineer (or cell phone user) can explain why that doesn't work. On 26 November 2012 17:36, William Herrin b...@herrin.us wrote: On Mon, Nov 26, 2012 at 10:20 AM, Eugen Leitl eu...@leitl.org

Re: Big day for IPv6 - 1% native penetration

While looking into the NTP chaos from Monday, I noticed that my personal servers have an NTP peer running IPv6. I have no idea how long that's been going on - it was a complete non-event ;). -- Harald

Re: Bell Canada outage?

On 8 August 2012 16:10, Zachary McGibbon zachary.mcgibbon+na...@gmail.comwrote: Thanks for the info, looks like Bell needs to put some filtering on their customer links! I remember when AS577 had those... ;) -- Harald

Re: Gmail Down?

It does appear that gmail going down leads to a DoS against the NANOG list. :-) -- Harald

Re: isprime DOS in progress

Graeme Fowler wrote: On Tue, 2009-01-20 at 14:55 -0600, Todd T. Fries forwarded: I've been seeing a lot of noise from the latter two addresses after switching on query logging (and finishing an application of Team Cymru's excellent template) so I decided to DROP traffic from the addresses