On Wed, Dec 8, 2010 at 5:08 PM, Iljitsch van Beijnum iljit...@muada.com wrote:
On 8 dec 2010, at 23:48, Jack Bates wrote:
I'm going to go out on a limb (and not read the last BGP summary reports)
and say that ISPs being assigned fragmented space has caused more routing
table bloat than
On Mon, Dec 6, 2010 at 1:50 AM, Sean Donelan s...@donelan.com wrote:
February 2000 weren't the first DDOS attacks, but the attacks on multiple
Other than buying lots of bandwidth and scrubber boxes, have any other DDOS
attack vectors been stopped or rendered useless during the last decade?
On Sun, 05 Dec 2010 02:53:22 GMT, Michael Sokolov said:
Factoid: we outnumber the pigs by 1000 to 1. Even if only 1% of us were
to go out and shoot a pig, we would still outnumber them 10 to 1! We
*CAN* win -- wake up, people!
Yes, but shooting down an RFC1925-compliant porker may require
On Sat, Dec 4, 2010 at 9:40 PM, Mark Radabaugh m...@amplex.net wrote:
of running RIPng. The thought of letting Belkin routers (if you can call
them that) into the routing table scares me no end.
I think that indeed looks scary. I wouldn't be too concerned about the
Belkin routers.
How many SP
On Mon, Nov 22, 2010 at 8:02 AM, Brandon Ross br...@pobox.com wrote:
On Mon, 22 Nov 2010, Nick Hilliard wrote:
least once a second. Perhaps you are thinking about the rate counters that
are often _configured_ to use the last 30 seconds of data to compute the
average but also update much more
On Wed, Dec 1, 2010 at 5:42 PM, Brett Watson br...@the-watsons.org wrote:
I'm not able to get my fingers or thumbs to randomly (seemingly)
select approximately 15% of all prefixes, originate those, modify
filters so I can do so, and also somehow divert it to another router
that doesn't have
On Tue, Nov 30, 2010 at 2:41 PM, bill manning bmann...@isi.edu wrote:
96 days left Martin? Don't think we'll make it past January?
--bill
I doubt whether or not there are more than 60 days left for the IANA pool.
The number of addresses that remain for normal allocation happens to
be identical
On Tue, Nov 9, 2010 at 10:17 AM, Brandon Kim brandon@brandontek.com wrote:
I'm not looking for companies that offer this service, but the actual
software engines that allow you
to create VM's on the fly. So a customer goes to your website and says I want
Win2008 with 8gigs of RAM and
On Tue, Oct 26, 2010 at 9:12 AM, Jack Carrozzo j...@crepinc.com wrote:
Well, I whois'd 702, got no match, said hm, I see 701 all over the place,
lemmy take a look and found:
There is a match... I think WHOIS as702 is erroneous WHOIS query syntax,
typing asX not being the way to search
On Wed, Oct 20, 2010 at 4:48 PM, Jeroen van Aart jer...@mompl.net wrote:
IPv6 newbie
these addresses, their address scope is global, i.e. they are expected to be
globally unique.
The ULA /48s are hoped to only be globally unique, but this only has
a good chance of happening
if all users
On Sat, Oct 16, 2010 at 11:46 PM, Day Domes daydo...@gmail.com wrote:
I have been tasked with coming up with a new name for are transit data
network. I am thinking of using 101100010100110.net does anyone see
any issues with this?
The domain-name starts with a digit, which is not really
On Sat, Oct 2, 2010 at 3:41 PM, John Curran jcur...@arin.net wrote:
On Oct 2, 2010, at 4:03 PM, Robert Bonomi bon...@mail.r-bonomi.com wrote:
Robert -
You are matching nearly verbatim from ARIN's actual procedures for
recognizing a transfer via merger or acquisition. The problem is
On Sun, Aug 29, 2010 at 3:12 PM, Thomas Mangin
thomas.man...@exa-networks.co.uk wrote:
However to make sense you would need to find a resynchronisation point to
only exclude the one faulty message. Initially I thought that the last
received KEEPALIVE (for the receiver of the error message)
On Fri, Aug 27, 2010 at 2:33 PM, Dave Israel da...@otd.com wrote:
On 8/27/2010 3:22 PM, Jared Mauch wrote:
[snip]
an MD5 hash that can be added to the packet. If the TCP hash checks
Hello, layering violation.If the TCP MD5 option was used, the
MD5 checksum was probably correct.
On Fri, Aug 20, 2010 at 4:08 PM, Butch Evans but...@butchevans.com wrote:
I would suggest the recommendation be that ICMP Redirects, proxy ARP,
directed broadcast, source routing, and acceptance/usage
of all fancy/surprising features should be off by default. Where
surprising is defined as
On Thu, Jul 29, 2010 at 10:23 PM, Franck Martin fra...@genius.com wrote:
Hmmm, from the interview of the British guy, the smart card seems to be in UK
(he did a lapsus on it), which differs from what you describe.
You gotta read up on the whole ceremony and their statement of
practices:
On Tue, Jul 20, 2010 at 9:44 PM, Antonio Querubin t...@lava.net wrote:
On Tue, 20 Jul 2010, Marshall Eubanks wrote:
Maybe they are having issues with their multicast mail routing protocol.
Looks like their mmrpf (multicast mail reply path forwarding) is broken ;)
Or.. perhaps someone over
On Thu, Jul 1, 2010 at 8:03 AM, Franck Martin fra...@genius.com wrote:
The question is because gTLDs operations are in the USA, does it mean that
the USA have control over all those domain names?
Can we trust solely the USA for such control?
No. However, anyone signing up for a GTLD should
On Wed, Jun 16, 2010 at 5:57 PM, Chris Woodfield rek...@semihuman.com wrote:
OK, this sounds Really Wacky (or, Really Hacky if you're into puns) but
there's a reason for it, I swear...
Will typical OSS UNIX kernels (Linux, BSD, MacOS X, etc) reply to a crafted
ARP request that, instead of
On Thu, Jun 10, 2010 at 9:56 PM, Rubens Kuhl rube...@gmail.com wrote:
comeonspammer32...@wannahaveapieceofme.com, dynamically generated to
match a download session, and suddenly this account starts to get
spam...
well... yes.. doesn't help much if the token being abused is the
admin POC's
On Tue, Jun 1, 2010 at 3:50 PM, Andrey Khomyakov
khomyakov.and...@gmail.com wrote:
Seems like to do that I'd have to run a software router on a VM that would
[snip]
For a VM router (for performance reasons is different than what i'd
suggest for a generic software router), I would suggest picking
On Sun, May 23, 2010 at 5:16 PM, Christopher Gatlin
ch...@travelingtech.net wrote:
That is a stellar TCL script!
I generally use netflow to glean information regarding average packet size.
Seems like a good script to me. My only criticism would be pretty
hard to do anything about... you're
On Thu, May 6, 2010 at 1:12 PM, L. Gabriel Somlo gso...@gmail.com wrote: ..
I wonder if DNS for GLOP/RFC3180 is still expected to work/be supported,
or should I just give up :)Thanks,
I am not sure, but I believe as a best practice, RFC3180 is
considered basically defunct at this
On Thu, Apr 29, 2010 at 7:15 PM, valdis.kletni...@vt.edu wrote:
So if you want to make an analogy, it's more like taking the keys away from
a drunk so they can't drive. Good luck finding a DA who will indict you for
grand theft auto for taking the keys to prevent a DWI.
According to news
On Tue, Apr 27, 2010 at 4:25 PM, Jon Lewis jle...@lewis.org wrote:
breaks. i.e. they'll know its broken. When they change the default policy
on the firewall to Accept/Allow all, everything will still work...until all
their machines are infected with enough stuff to break them.
The same is
On Tue, Apr 27, 2010 at 7:58 PM, Jason 'XenoPhage' Frisvold
xenoph...@godshell.com wrote:
On Apr 27, 2010, at 8:50 PM, Richard Barnes wrote:
...However, I was under the impression that having both forward and reverse
for dynamic IPs was a best practice..
Perhaps we should back up a bit and
On Mon, Apr 19, 2010 at 11:47 PM, Adrian Chadd
adr...@creative.net.au wrote: On Tue, Apr 20, 2010, Perry Lorier
wrote:
could dimension a NAT box for an ISP. His research is available here
http://www.wand.net.nz/~salcock/spnat/tech_report.pdf . If walls of
text scare you (why are you reading
On Tue, Apr 20, 2010 at 3:08 PM, James Martin jamesmar...@ieee.org wrote:
All:
In the process of requesting a block of IP's for a client, ARIN requested
that we list Reverse DNS Servers for the block. I've never done this
before, nor have I ever thought it through.
The Reverse DNS zone is
On Wed, Jan 20, 2010 at 9:52 AM, valdis.kletni...@vt.edu wrote:
On Wed, 20 Jan 2010 08:01:50 CST, Jorge Amodio said:
Ohh yeah, now we can send sort of a telegram with multiple fonts and
colors almost from anywhere...
At least it doesn't do blinkBLINK/blink ;)
Oh SMS/MMS do a few things
On Thu, Apr 15, 2010 at 3:59 PM, William Pitcock
neno...@systeminplace.net wrote:
For someone who is a CCNA, Mikrotik Certified Whatever, etc, etc, etc,
you really should know how to use dig(1).
Certifications usually only suggest certain skills or knowledge they
were designed to validate, and
On Thu, Apr 8, 2010 at 9:35 PM, Brielle Bruns br...@2mbit.com wrote:
I grabbed that access-list from the routers directly, so thats why it's been
generated already. If there's a tool for UNIX/Linux that can generate the
wildcard masks from CIDR in bulk for use in creating ACLs, I'd be happy
On Sun, Apr 4, 2010 at 2:33 PM, Michael Sokolov
msoko...@ivan.harhan.org wrote:
feature blocking seems to negate that. I mean, how could their
disabled-until-you-pay blocking of premium features be effective if a
user can get to the underlying Unix OS, shell, file system, processes,
Probably
On Sun, Apr 4, 2010 at 9:53 AM, A.B. Jr. skan...@gmail.com wrote:
Lots of traffic recently about 64 bits being too short or too long.
What about mac addresses? Aren't they close to exhaustion? Should be. Or it
is assumed that mac addresses are being widely reused throughout the world?
All
On Fri, Apr 2, 2010 at 9:17 PM, jim deleskie deles...@gmail.com wrote:
not, but I've been asking people last few months why we don't just do
something like this. don't even need to get rid of BGP, just add some
[snip]
On Fri, Apr 2, 2010 at 11:13 PM, George Bonser gbon...@seven.com wrote:
On Sat, Apr 3, 2010 at 11:31 AM, George Bonser gbon...@seven.com wrote:
Any school teaching v4 at this point other than as a legacy protocol
that they teach on the second year because they might see it in the
wild should be closed down. All new instruction that this point should
begin and end
On Fri, Mar 26, 2010 at 9:29 PM, Chuck Anderson c...@wpi.edu wrote:
So basically, the problem is the core switches implement a proprietary
loop-prevention protocol that sends beacon frames out every 500ms,
and if a certain number of these special frames come back (exceeds
-- loop first, but I'm
Well, those UDP captures appear to be BitTorrent Peer-to-Peer file
sharing traffic, or something disguised as such.
Note the 64 31 3a 61 64 32 3a 69 64 32 30 3a
and also the textual reference to info_hash
On Fri, Mar 12, 2010 at 12:18 AM, Joe jbfixu...@gmail.com wrote:
Not to distract from
On Mon, Feb 22, 2010 at 10:30 AM, Jeff Kell jeff-k...@utc.edu wrote:
There's no way to do this without some underlying forwarding... and
Forwarding SMTP traffic consumes major bandwidth resources
(potentially), as the number of 'ports' eventually increases, and
seems like a juicy target for
On Sun, Feb 21, 2010 at 1:16 PM, Patrick W. Gilmore patr...@ianai.net wrote:
You should not randomly respond to packets at arbitrary rates. If you do,
you are being a bad Netizen for exactly this reason. See things like
amplification attacks for why. ...
--
Whether it's SMTP, TCP, or
On Sat, Feb 20, 2010 at 2:34 PM, Mike Lyon mike.l...@gmail.com wrote:
hm..If you really want to snarf the imap, think fetchmail for
downloading. hypermail/pipermail for parsing. Get it into a DBM
(such as PgSQL) and perform full-text indexing. Or coax Hypermail into
generating HTML flat
Does the RFC say what to do if the reverse-path has been
damaged and now points to somebody who had nothing
what ever to do with the email?
Do the TCP RFCs say what to do in response to a SYN packet, if the
source IP address has been damaged, and now points to some source IP
that has nothing
On Sat, Feb 20, 2010 at 6:25 PM, Jon Lewis jle...@lewis.org wrote:
it off to jail. The questions of when/whether/and to who bounces should be
sent is a debate for spam-l or nanae.
I don't know about that. Bounce handling is not a question of spam filtering.
Spam or not is orthogonal to the
On Sun, Feb 14, 2010 at 7:55 PM, Larry Sheldon larryshel...@cox.net wrote:
I understand that--but it the TTL is being managed correctly the server
answering authoritatively ought to stop doing so when the TTL runs out,
since it will not have had its authority renewed.
The TTL can never run
On Thu, Feb 11, 2010 at 1:41 PM, J.D. Falk
jdfalk-li...@cybernothing.org wrote:
Some types of conversations simply don't take well to automation.
However, automatically indexing/archiving such conversations for
future reference can be useful (and can assist participants to the
conversation in
On Thu, Feb 11, 2010 at 7:30 PM, Hector Herrera hectorherr...@gmail.com wrote:
As far as I can tell from IANA, the block 192/8 is allocated to ARIN.
ARIN does not have a record of 192.255.103 being allocated to anybody.
I can infer very strongly that the block has probably not been
allocated,
On Wed, Feb 10, 2010 at 3:00 PM, David Hubbard
dhubb...@dino.hostasaurus.com wrote:
Residential computers with enough bandwidth to DoS
hosting providers; that should be fun. Maybe it will
Enough to DoS hosting providers based on _current_ practices. If 1g
FTTH catches on, hosting providers
On Fri, Feb 5, 2010 at 12:15 AM, sth...@nethelp.no wrote:
And now for the trick question. Is :::077.077.077.077 a legal
mapped address and if it, does it match 077.077.077.077?
Wasn't there an internet draft on that subject, recently?
--
From: James Hess mysi...@gmail.com
Date: Sat, Jan 30, 2010 at 12:23 AM
Subject: Re: SSH brute force China and Linux: best practices
To: Bobby Mac bobby...@gmail.com
For home?Turn off the SSH daemon and keep it off, unless you really need it.
Or use iptables and /etc/hosts.deny + /etc
On Sat, Jan 23, 2010 at 7:50 AM, Dobbins, Roland rdobb...@arbor.net wrote:
On Jan 23, 2010, at 7:56 PM, Mikael Abrahamsson wrote:
We should forget about small efficiencies, say about 97% of the time:
premature optimization is the root of all evil --Donald Knuth
A couple of points for
On Sat, Jan 23, 2010 at 5:51 PM, Dobbins, Roland rdobb...@arbor.net wrote:
It isn't 'FUD'.
redistribute connected.
In that case, the fault would lie just as much with the unconditional
redistribution policy, as the addressing scheme, which is error-prone
in and of itself.
No matter how you
On Tue, Jan 12, 2010 at 1:33 AM, Pierfrancesco Caci p.c...@seabone.net wrote:
..
Maybe next time drop me a line when it's happening, I don't see the
route from the customer now.
Can still be seen on routeviews... a ghost route, perhaps?
route-views6.routeviews.org show bgp d000::
BGP
On Fri, Jan 8, 2010 at 10:48 AM, Joe Greco jgr...@ns.sol.net wrote:
Putting a stateful firewall in front of that would be dumb; the server
is completely capable of coping with the superfluous SYN's in a much
more competent manner than the firewall.
The trouble with blanket statements about all
On Sun, Jan 10, 2010 at 11:47 AM, William Herrin b...@herrin.us wrote:
On Sun, Jan 10, 2010 at 3:48 AM, James Hess mysi...@gmail.com wrote:
there are a few different things that can be
done, such as the firewall answering on behalf of the server (using
SYN cookies) and negotiating
On Sat, Jan 9, 2010 at 8:09 PM, Martin Hannigan
mar...@theicelandguy.com wrote: ..
is reasonable to inject it and everyone who can ignore it should
simply ignore it.
confidentiality notices are non-innocuous for recipients who pay per
kilobyte for data service, or who are frustrated by time
On Tue, Jan 5, 2010 at 11:41 PM, Dobbins, Roland rdobb...@arbor.net wrote:
On Jan 6, 2010, at 11:52 AM, Jonathan Lassoff wrote:
DDoS attacks are attacks against capacity and/or state. Start reducing
DDoS, by its very nature is a type of attack that dances around
common security measures like
On Fri, Dec 18, 2009 at 1:24 PM, Jonny Martin jo...@pch.net wrote:
On Dec 19, 2009, at 1:47 AM, Fred Baker wrote:
..
modified if need be - to achieve this. Mixing billing with the reachability
information signalled through BGP just doesn't seem like a good idea.
Indeed not.. but it might
On Thu, Dec 17, 2009 at 6:54 AM, Tony Finch d...@dotat.at wrote:
On Wed, 16 Dec 2009, Douglas Otis wrote: more polite to use a nonexistent
name that you control, but that doesn't allow the source MTA to skip
further DNS lookups
If you want to be kind, point the MX to an A record that
On Tue, Dec 15, 2009 at 11:30 PM, Adam Armstrong li...@memetic.org wrote:
personally, i'd recommend not being a dick and setting valid *meaningful*
reverse dns for things relaying mail.
Many sites don't use names that will necessarily be meaningful to an outsider.
Sometimes the non-meaningful
On Wed, Nov 25, 2009 at 2:58 PM, Jorge Amodio jmamo...@gmail.com wrote:
[snip]
What needs to be done to have ISPs and other service providers stop tampering
with DNS ?
Well, NXDOMAIN substitution, on ISP provided DNS servers, is not
tampering with DNS, anymore than spam/virus
On Mon, Nov 16, 2009 at 6:23 PM, Jack Kohn kohn.j...@gmail.com wrote:
However, i still dont understand why AH would be preferred over
ESP-NULL in case of OSPFv3. The draft speaks of issues with replaying
the OSPF packets. One could also do these things with AH.
Am i missing something?
Neither
On Sat, Oct 24, 2009 at 8:00 AM, William Allen Simpson
What's going on? Since when are we required to take down an entire
customer's net for one of their subscriber's so-called infringement?
Since people are afraid. Organizations may send DMCA letters,
whether they are valid or not; the
On Fri, Oct 23, 2009 at 5:43 PM, Justin Shore jus...@justinshore.com wrote:
[...] Just because someone bought themselves a
Camry doesn't mean that Toyota is deciding for them that they can't haul
1000lbs of concrete with it. [...]
Server does not necessarily equal business. A server that
On Tue, Oct 13, 2009 at 6:34 PM, Cord MacLeod cordmacl...@gmail.com wrote:
IPv4? What's the point of a /64 on a point to point link? I'm not clear
IP Addressing uniformity and simplicity.
Use of /127s for Point-to-Point links introduces addressing
complexity that may be avoided in
unimaginably huge *classless* network. Yet, 2 hours into day one, a
classful boundary has already been woven into it's DNA. Saying it's
No bit patterns in a V6 address indicate total size of a network. v6
doesn't bring classful addressing back or get rid of CIDR..
v6 dispenses with
On Wed, Aug 26, 2009 at 3:01 PM, valdis.kletni...@vt.edu wrote:
(Seriously - if 95% of the mail out there is spam, then the top 4-5 MTAs are
probably the ratware that's sending out the spam. Something to consider...)
http://www.mailradar.com/mailstat/
Some of the most popular:
1. Sendmail;
On Tue, Aug 25, 2009 at 7:53 AM, Jeff Aitkenjait...@aitken.com wrote:
[..] Periodically inducing failures to catch [...] them is sorta like using
your smoke detector as an oven timer.
[..]
machine-parsable format, but the benefit is that you know in pseudo-realtime
when something is wrong, as
On Mon, Aug 17, 2009 at 4:19 PM, Darren Boldingdar...@bolding.org wrote:
the ICMP reply leaves with the same DSCP marking.
ICMPs may have special treatment. This is the kernel replying, not a
user application.
However, when I do this with apache and mysql connections (TCP 80/3306), the
On Sat, Jul 11, 2009 at 11:08 AM, Christopher
Morrowmorrowc.li...@gmail.com wrote:
From www.sorbs.net:
It comes with great sadness that I have to announce the imminent
[snip]
You might want to read the June 25th update they made to the
announcement, as shown on the very same page.
SORBS has
I wouldn't condone usage of SORBS' lists, because they sometimes use
robots to automatically list things that have little rational basis
for being listed, which causes problems. But it may be hard to
convince your mail recipients to avoid the same.
Commonly, providers may give un-assigned
29/256 = 11% of the available address space. My argument is, if
someone is scanning you from random source addresses blocking 10%
of the scan traffic is reaching a point of very little return for
the effort of updating the address lists, and as we all know it is
getting smaller and smaller.
On Fri, May 1, 2009 at 8:46 PM, Joel Jaeggli joe...@bogus.com wrote:
By definition, every single one of them that buys wireless router, then
buys another and hangs it off the first. That happens more often then
you would think.
A /62 takes care of that unusual case, no real need for a /56
I have trouble understanding why an ARIN record for a network regularly
receiving new, out-sized IPv4 allocations on the order of millions of
OrgName:Cellco Partnership DBA Verizon Wireless
CIDR: 97.128.0.0/9
Comment:Verizon Wireless currently has 44.3 Million
Comment:
On Sun, Jan 4, 2009 at 10:27 PM, bmann...@vacation.karoshi.com wrote:
On Sun, Jan 04, 2009 at 09:55:20PM -0600, Gadi Evron wrote:
A legal botnet is a distributed system you own.
A legal DDoS network doesn't exist. The question is set wrong, no?
kind of depends on what the model is. a
On Wed, Dec 24, 2008 at 11:38 AM, Scott Morris s...@emanon.com wrote:
I would guess (hope?) that most, if not all, providers filter the RFC1918
space addresses from entering or leaving their networks unchecked. But just
my two cents there...
All sites (not just providers) should, but many
It's also not effective in various situations.
The bad behavior is not disabling abused domains, it's the method used to do it
(by giving no answer instead of actively giving a negative answer).
When a http client asks recursive resolver A for an A RR, and no
response is received,
the client
On Sun, Nov 2, 2008 at 8:29 PM, Martin Hannigan [EMAIL PROTECTED] wrote:
But according to Sprint, this isn't a peering spat. This is a customer
who didn't pay their bill.
Probably useful to keep that in perspective.
-M
I would say it's a peering spat, because Cogent's press releases
stated
Perl provides some cleaner methods for interpreting/displaying IPs.
There isn't a formal standard notation for an IP that looks like a string of
decimal digits with no dots though.
I.e. no RFC will define the host byte order and tell you that 127.0.0.1
corresponds to the decimal integer
On Jan 4, 2008 6:02 PM, Rick Astley [EMAIL PROTECTED] wrote:
I know large mostly unused pools of client IP's make it more difficult to
use traditional worm propagation methods in IPv6[1], but if customers move
from IPv4 firewalls to IPv6 routers, we still lose an important layer of
security.
On Dec 31, 2007 3:26 PM, Church, Charles [EMAIL PROTECTED] wrote:
like a natural choice, leaving 80 bits for network addressing. This
waste of space seems vaguely familiar to handing out Class A netblocks
20+ years ago. We'll never run out... Maybe it's just me though.
The comparison is
Possible scenario...
Subscriber bandwidth caps are in theory too high, if the ISP can't support it --
but if the ISP were to lower them, the competition's service would look better,
advertising the larger supposed data rate -- plus the cap reduction would hurt
polite users.
In the absence of
On 7/22/07, Steven M. Bellovin [EMAIL PROTECTED] wrote:
I would suggest not underestimating the ingenuity and persistence of
the bad guys
to escalate the neverending war, when a new weapon is invented to use
against them. If there's a way around it, history has shown, the new
weapon quickly
On 6/4/07, David Schwartz [EMAIL PROTECTED] wrote:
I posit that a screen door does not provide any security. A lock and
deadbolt provide some security. NAT/PAT is a screen door.
This is a fine piece of rhetoric, but it's manifestly false and seriously
misleading.
Hi, David
I think the
82 matches
Mail list logo