Hey!
New message, please read <http://tecmawatco.com.vn/let.php?qd>
Justin Shore
Hey!
New message, please read <http://forum.onnet.com.vn/now.php?2bv>
Justin Shore
Does anyone have any experience with the Springnet Underground in
Springfield, MO?
In case people don't know it's a working limestone mine. In the areas
that have already been mined close to the entrance, they've sold or
rented out space between the rock pillars that hold up the mine roof.
On 4/27/2010 3:02 PM, IPv3.com wrote:
NANOG Operational Audit of IPv4+ End-to-End L3 Transport in North America
I haven't been keeping up with NANOG in a while so perhaps I missed the
discussion and/or memo. I take it that this spammer is still being
allowed to send his shit to the mailing
Does anyone know of any tools that can do repeated traceroutes over time
to a remote IP and log the results for later viewing/comparison? I'd
like to do a traceroute several times a day and store the details in CVS
or somewhere accessible down the road. Alerting to major path changes
would
Luke Marrott wrote:
I'm wondering what everyones thoughts are in regards to FTTH using Active
Ethernet or Passive. I work for a FTTH Provider that has done Active
Ethernet on a few networks so I'm always biased in discussions, but I don't
know anyone with experience in PON.
Active is the way
Dan White wrote:
All valid points. Deploying a strand to each customer from the CO/Cabinet
is a good way to future proof your plant.
However, there are some advantages to GPON - particularly if you're
deploying high bandwidth video services. PON ONTs share 2.4Gb/s of
bandwidth downstream, which
Hank Nussbacher wrote:
At 18:29 24/11/2009 +0900, Randy Bush wrote:
RIS Routing History for AS1712 since 2001:
on what date was AS1712 assigned to the current RIPE holder?
Based on:
ftp://ftp.ripe.net/pub/stats/ripencc/delegated-ripencc-latest
it doesn't show AS1712 ever being allocated to
Brad Fleming wrote:
My company is searching for some Ethernet over DS3 converters / adaptors
for a specific installation. I see several options from Adtran,
RAD-Direct, and a couple other (smaller) vendors and was wondering if
anyone out there has suggestions or insights.
Our needs are
Russell Myba wrote:
Let's say our direct customer is CustomerA. They seem to buy rackspace from
BusinessB. CustomerA seem to retain BusinessC for IT Solutions even
though all three entities purport to be IT solutions providers.
BusinessC came into the picture after the spamming started saying
Michiel Klaver wrote:
I would suggest to report that netblock to SpamHaus to have it included
at their DROP list, and also use that DROP list as extra filter in
addition to your bogon filter setup at your border routers.
The SpamHaus DROP (Don't Route Or Peer) list was specially designed for
Owen DeLong wrote:
Blocking ports that the end user has not asked for is bad.
I was going to ask for a clarification to make sure I read your
statement correctly but then again it's short enough I really don't see
any room to misinterpret it. Do you seriously think that a typical
Dan White wrote:
On 23/10/09 17:58 -0400, James R. Cutler wrote:
Blocking the well known port 25 does not block sending of mail. Or the
message content.
It does block incoming SMTP traffic on that well known port.
Then the customer should have bought a class of service that permits
Zhiyun Qian wrote:
Hi all,
What is the common practice for enforcing port blocking policy (or what
is the common practice for you and your ISP)? More specifically, when
ISPs try to block certain outgoing port (port 25 for instance), they
could do two rules:
1). For any outgoing traffic, if
Zhiyun Qian wrote:
1). For any outgoing traffic, if the destination port is 25, then drop
the packets.
2). For any incoming traffic, if the source port is 25, then drop the
packets.
It's been pointed that I glossed over the wording of #2, specifically
missing the source port part of it, thus
Lyndon Nerenberg (VE6BBM/VE7TFX) wrote:
Few
companies use the MSP port (tcp/587).
Can you elaborate. Is this based on analysis you've conducted on
your own network? And if so, is the data (anonymized) available for
the rest of us to look at?
My experience is that port 587 isn't used because
Joe Maimon wrote:
You can configure exchange to use additional smtp virtual servers and
bind them to specific ports. You can also require authentication to
access the ports and you can restrict it to users. You can also enable
it for STARTTLS.
That I did not know. Last time I'd looked there
Does anyone know if there will be video streams of the events from rooms
other than what's in the Grand room? For example I would like to see
the ISP Security Track BOF or the one tomorrow on Peering. I don't see
a way to select those specific feeds though.
Thanks
Justin
leigh.por...@ukbroadband.com
To: Justin Shore jus...@justinshore.com; NANOG na...@merit.edu
Sent: Mon Oct 19 14:06:17 2009
Subject: RE: Webcasts of NANOG47
Hey,
I don't know for sure but I think only the Grand Room is televised.
Get somebody there with a webcam to do ustream.tv or livestream.com
Doug Barton wrote:
Out of curiosity who is conducting this class and what was their
rationale for using /127s?
It's a GK class. The instructor seems to be fairly knowledgeable and
has a lengthy history consulting on and deploying IPv6. The class seems
to be geared much more towards
George Michaelson wrote:
As a point of view on this, a member of staff from APNIC was doing a
Masters of IT in the last 3-4 years, and had classfull A/B/C addressing
taught to her in the networks unit. She found it quite a struggle to
convince the lecturer that reality had moved on and they
Dan White wrote:
I don't recall if Pannaway is a layer 3 or layer 2 DSLAM, but we have a mix
of Calix C7 (ATM) and Calix E5 (Ethernet) gear in our network. We're kinda
in the same boat, but we expect to be able to gracefully transition to dual
stacked IPv4/IPv6 without having to replace DSL
Dan White wrote:
Occam did it partially right. They're half-bridging only - not true layer 2
to an aggregator (which is not necessary in their scenario). The problem
with the access vendor doing half-bridging is that they have to be very
layer-3 smart, and Occam was not quite there for IPv6 last
Andy Ringsmuth wrote:
Barring that, what recommendations might the NANOG community have for an
extremely rock-solid e-mail hosting company? I realize that may mean
self-promotion, but hey, bring it on.
I would strongly recommend against GoDaddy's hosted email. See my
earlier post on 9/8
Hank Nussbacher wrote:
http://www.wired.com/gadgets/miscellaneous/magazine/17-10/ts_burningquestion
It's an interesting theory, that temperature affects overall throughput.
Their assumptions on other conditions that affect bandwidth
consumption are off IMHO. Our own data directly refutes
Gadi Evron wrote:
Apparently, marketing departments like the idea of being able to send
customers that need to pay them to a walled garden. It also saves on
tech support costs. Security being the main winner isn't the main
supporter of the idea at some places.
I would love to do this both
Martin Hannigan wrote:
Well, I haven't even had coffee yet and...
Get the removals:
curl -ls
http://lists.arin.net/pipermail/arin-issued/2009-September/000270.html |
grep Remove | grep -v PRE
Get the additions:
mahannig$ curl -ls
Frank Bulk wrote:
With scarcity of IPv4 addresses, organizations are more desperate than ever
to receive an allocation. If anything, there's more of a disincentive than
ever before for ARIN to spend time on netblock sanitization.
I do think that ARIN should inform the new netblock owner if it
Rod Beck wrote:
What is EAPS?
A joke of a standard and something to be avoided at all costs. I
would echo the last part about Extreme switches too.
Justin
Jason Bertoch wrote:
Suresh Ramasubramanian wrote:
That said most of the larger players already attend MAAWG - that
leaves rural ISPs, small universities, corporate mailservers etc etc
that dont have full time postmasters, and where you're more likely to
run into this issue.
I've found the
Wayne E. Bouchard wrote:
Best practices for the public or subscription RBLs should be to place
a TTL on the entry of no more than, say, 90 days or thereabouts. Best
practices for manual entry should be to either keep a list of what and
when or periodically to simply blow the whole list away and
sth...@nethelp.no wrote:
Rod Beck wrote:
What is EAPS?
A joke of a standard and something to be avoided at all costs. I
would echo the last part about Extreme switches too.
Disagree. I don't believe anybody would claim EAPS is a standard
just because an RFC has been published.
Pannaway
Jay Hennigan wrote:
By the way, among the members...
Experian CheetahMail
ExactTarget, Inc
Responsys, Inc.
Vertical Response, Inc
Yesmail
Have you been reading from my blacklist again, Jay?
Justin
and so on.
Whatever your opinion, get involved. Let your representatives know
about your better ideas.
I strongly second this. To quote a bumper sticker/slogan I've seen,
if you didn't vote, you shouldn't complain.
Democracy is not a spectator's sport
Justin Shore
Jared Mauch wrote:
I've come to the conclusion that if someone put a nice web2.0+ interface
on creating and managing these objects it would be a lot easier.
I've looked into IRR several times, usually after events like PCCW.
Each time the amount of work to 1) figure out how to implement IRR
Didn't you hear? Cisco EoLed BGP this time last week. I guess they
really meant it!
Justin
deles...@gmail.com wrote:
So cisco has no BGP is that what I'm hearing... Oh the irony :)
--Original Message--
From: Aaron Millisor
To: R. Benjamin Kessler
Cc: nanog@nanog.org
Subject: Re:
Mark Radabaugh wrote:
I'm looking for new core routers for a small ISP and having a hard time
finding something appropriate and reasonably priced. We don't have
huge traffic levels (1Gb) and are mostly running Ethernet interfaces to
upstreams rather than legacy interfaces (when did OC3
Shon Elliott wrote:
Does anyone have any data on how the memorial event for Michael Jackson effected
the global backbones? This was seen as another inaugural type of traffic day to
most of the people I've talked to.
99.99% of my userbase is in the rural Midwest. Needless to say I saw no
Scott Howard wrote:
We're looking at getting connectivity via Level 3 in a particular
datacenter, but we're being told that it's legacy Wiltel/Looking Glass
rather than true Level 3.
Given that both of these acquisitions occurred years ago should I be
worried, or is this legacy connectivity the
John van Oppen wrote:
NTT (2914) and GBLX (3549) both do native v6... most everyone else on
the tier1 list does tunnels. :(
There are some nice tier2 networks who do native v6, tiscali and he.net
come to mind.
Let me rephrase that. :-) I know of no tier-Ns that offer any native v6
Paul Timmins wrote:
GlobalCrossing told me today I can order native IPv6 anywhere on their
network. Don't know if they count as Tier 1 on your list, though. VZB
has given me tunnels for a while, hopefully they'll get their pMTU issue
fixed so we can do more interesting things with it.
I'd
Tore Anderson wrote:
advertise loopbacks, and another for the actual feed. The biggest
issue we have with them is that they don't allow deaggregation. If
you've been allocated a prefix of length yy, they'll accept only
x.x.x.x/yy, not x.x.x.x/yy le 24. Yes, sometimes deaggregation is
necessary
Mikael Abrahamsson wrote:
Well, considering how very few vendors actually support IPv6, it's hard
to find proper competition. Even the companies who do support IPv6 very
well in some products, not all their BUs do on their own products (you
know who you are :P ).
Even worse is when the BU
Steven Lisson wrote:
Hi,
I find it a shame that NAT-PT has become depreciated, with people
talking about carrier grade NATS I think combining these with NAT-PT
could help with the transition after we run out of IPv4 space.
For me the bigger problem is how do I enable IPv6 on my assorted
Jens Ott - PlusServer AG wrote:
Therefore I had the following idea: Why not taking one of my old routers and
set it up as blackhole-service. Then everyone who is interested could set up a
session to there and
I do something similar on our network with a RTBH trigger router. I
peer with it
David Barak wrote:
Consider for a moment a large retail chain, with several hundred or a couple
thousand locations. How big a lab should they have before deciding to roll out
a new network something-or-other? Should their lab be 1:10 scale? A more
realistic figure is that they'll consider
Evening, Justin. Thanks for the reply.
Justin M. Streiner wrote:
You could certainly store all of the relevant config details in a
database of some sort, and it certainly can't hurt to do so. Same goes
for backing up your device configurations - always a good idea. As far
as storing things
Does anyone have any preferred ways to manage their customer-facing BGP
details? I'm thinking about the customer's ASN (SP assigned private ASN
or RIR assigned ASN), permitted prefixes, etc? While I'm sure this
could be easily stored in a spreadsheet I'm not sure if there is any
merit to
Suresh Ramasubramanian wrote:
Heck, you could store all that in Rancid .. even cvs/svn
I should have said it earlier when I mentioned config backups. I'm
already a heavy user of RANCID, archiving my configs hourly. Been using
it since right around v2.0-2.1 which would be several years ago
If we all dropped routes from 26780 at the edge, I wonder how long it
would be before their prefixes popped up somewhere else.
Justin
Paul Ferguson wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Sat, Nov 15, 2008 at 7:22 PM, Paul Ferguson [EMAIL PROTECTED]
wrote:
If they are,
Nick Hilliard wrote:
And they'll do it to others in future peering spats. It's just a
bullying tactic - entertaining if you're on the sideline; irritating if
you're Sprint.
Cogent reminds me of Ethan Coen's poem, which starts:
The loudest has the final say,
The wanton win, the rash
Jeff Kinz wrote:
Based on their long term refusal to adjust their policy to
conform to PBL intended usage of the list I suspect this
issue cannot be corrected. The only answer I have found is
to inform the affected people they have to move from GoDaddy
to a company that does a better job to
David W. Hankins wrote:
I think the current state of the art in civilized, peaceful,
extralegal negotiation of reasonable behaviour expected of businessmen
and their peers is a form of social ostracism given its name in 1880
when the Irish Land League bade everyone in Mayo county, Ireland not
to
Justin M. Streiner wrote:
I have some Tripp Lite PDUMH30NETs that work well and are reasonably
priced, but they have a few quirks (no RS-232 console port, web
interface seems to be a little shaky with Firefox, etc) that would
become more annoying when scaled up to several rows of new rack
[EMAIL PROTECTED] wrote:
On Mon, 22 Sep 2008 17:00:35 CDT, Justin Shore said:
There may not be a law preventing you from asking him for proof of
legitimate customers, but there is a law preventing him from answering
you. Google for CPNI and red flag.
Hmm... I'm not sure how Yes, XYZ
Patrick W. Gilmore wrote:
There is no law or even custom stopping me from asking you to prove you
are worthy to connect to my network.
There may not be a law preventing you from asking him for proof of
legitimate customers, but there is a law preventing him from answering
you. Google for
Looking up some of my prefixes in PHAS and BGPPlay, I too see my
prefixes being advertised by 8997 for a short time. It looks like it
happened around 1222091563 according to PHAS.
Was this a mistake or something else?
Justin
Christian Koch wrote:
I received a phas notification about this
Randy Bush wrote:
why don't we just have dick cheney bomb them?
We could send in the Trojan Moose.
Justin
Paul Ferguson wrote:
My next question to the peanut gallery is: What do you
suggest we should do on other hosting IP blocks are are continuing
to host criminal activity, even in the face of abuse reports, etc.?
Seriously -- I think this is an issue which needs to be addressed
here. ISPs cannot
Charles Wyble wrote:
This was especially a question when L2 was in and routing was out:
how do
you ping a MAC address?
l2ping works on bluetooth devices on Linux. Might work for other stuff
as well. Not sure what Cisco offers in this regard.
The ideal solution would be OAM. Of course
This is just a WAG but what the hell.
Jon Lewis wrote:
I've got this private line DS3. It connects cisco 7206 routers in
Orlando (at our data center) and in Ocala (a colo rack in the Embarq CO).
According to the DLR, it's a real circuit, various portions of it ride
varying sized OC
Randy Bush wrote:
serious curiosity:
what is the proportion of bad stuff coming from unallocated space vs
allocated space? real measurements, please. and are there longitudinal
data on this?
are the uw folk, gatech, vern, ... measuring?
I still have 2 of my borders using an inbound ACL to
Leo Bicknell wrote:
Have bogon filters outlived their use? Is it time to recommend people
go to a simpler bogon filter (e.g. no 1918, Class D, Class E) that
doesn't need to be updated as frequently?
In my opinion no; BOGON filters are still very useful. Back when only
5% of the IP space was
Rob Evans wrote:
I see a number of hits on those entries, especially on 94/8. and 0/8.
You do know that 94/8 has been assigned to the RIPE NCC, right? :-)
I knew I should have logged into a production box to look at the ACL
counters. But no, I thought the former border that I was already
Somewhere I've seen what amounts to a concave cover that you can mount
over the face of gear racked in a 2-post. The cover I saw had a bracket
that mounted to the 2-post before any equipment was installed and it had
a couple knobs sticking out (basically consuming a U on each end). Then
you
Phil Vandry wrote:
On Tue, Jul 01, 2008 at 11:54:46AM +0200, Jeroen Massar wrote:
The magic keyword: REJECT-ON-SMTP-DATA.
[snip description on how to reject during DATA phase]
Unfortunately there is also a side-effect, partially, one has to have
all inbound servers use this trick, and it
Jean-François Mezei wrote:
Blocking messages as early as possible also greatly reduces the load on
your system, disk storage requirements etc.
Rejecting during the SMTP dialog but before you signal that you've
accepted the DATA output also also pushes the responsibility for sending
a DSN to
Chris Owen wrote:
The lack of a spam folder is one of the problems with such a solution.
Having a middle ground quarantine is actually quite nice.
However, the biggest problem is these solutions are global in nature.
We let individual customers considerable control over the process. They
Darden, Patrick S. wrote:
Hi all,
Does anyone know of an easy way to scan for issues with path mtu discovery
along a hop path? E.g. if you think someone is ICMP black-holing along a
route, or even on the endpoint host, could you use some obscure nmap flag to
find out for sure, and also to
Nathan Ward wrote:
There was a product around that would keep track of torrents and fudge
the tracker responses to direct you to on-net peers where possible. Not
sure what it's called. Inline box thing, much like Sandvine, Allot, etc.
I imagine you could either inject the details of a local
Is the whole AS (33302) rogue like the AS advertising the SF Bay Packet
Radio block is? Looking at the WHOIS for some of the prefixes
advertised by both ASs, I see some common company names. That would
lead me to believe that 33302 is no better than 33211 but I can't
confirm that. Any
Jon Kibler wrote:
Various hardening documents for Cisco routers specify the best practices
are to only allow 53/tcp connections to/from secondary name servers.
Plus, from all I can tell, Cisco's 'ip inspect dns' CBAC appears to only
handle UDP data connections and anything TCP would be denied.
Justin Shore wrote:
Jon Kibler wrote:
Various hardening documents for Cisco routers specify the best practices
are to only allow 53/tcp connections to/from secondary name servers.
Plus, from all I can tell, Cisco's 'ip inspect dns' CBAC appears to only
handle UDP data connections and anything
73 matches
Mail list logo
