Re: G root servers unreachable via ICMP(v6)

However, from several sites, either on IPv4 or IPv6, I cannot ping(6) them. Is it by design, or it's an issue? I believe g-root never answered ping requests. Others have been for a looong time (ever?) with some exceptions - those enabled it a few years ago. Robert

Re: FYI - 2FA to be come mandatory for ARIN Online? (was: Fwd: [arin-announce] Consultation on Requiring Two-Factor Authentication (2FA) for ARIN Online Accounts

On 2022-05-30 11:45, t...@pelican.org wrote: On Sunday, 29 May, 2022 06:04, "Owen DeLong via NANOG" said: I use google auth for several forced 2FA sites and a few sites where what I am protecting is worth the hassle. One difficulty that quickly emerges is managing and finding the correct

Re: Gmail (thus Nanog) rejecting ipv6 email

Accepting mail for delivery, and then either silently dropping it, delaying it for days, or putting mail that in no way resembles spam into a spam folder seems a little worse than “doing what the standards say”. If you’re going to decide, on little or no evidence, that a message is spam or

Re: Gmail (thus Nanog) rejecting ipv6 email

On 2022-04-03 07:18, Owen DeLong via NANOG wrote: I’ve not experienced this problem sending emails via IPv6 to gmail destinations from my personal domain. (delong.com ) Likely this email will, in fact, get sent to GMAIL via IPv6. I do have good SPF and DKIM records and

Re: Authoritative Resources for Public DNS Pinging

On 2022-02-09 10:32, Brian Turnbow via NANOG wrote: It wouldn't be too hard for ripe to setup a dns record for ping.ripe.net and point it towards a local anchor for each request. Yes this is possible and it's an interesting engineering problem (as we also have 11000 vantage points with

Re: OT: Re: Younger generations preferring social media(esque) interactions.

[...] Keeping it simple so you can reach your result faster and most efficiently is often understood more by the kids than us geezers. While we are fighting about whether Discourse or Mailman are appropriate, the kids have probably dumped both and found something that gets them to the

Re: cloud automation BGP

Hi, It uses RIS Live (https://ris-live.ripe.net) under the hood. Robert On 2020-09-29 15:36, Graham Johnston wrote: Does anyone have a quick answer as to what public data sources are used? I tried looking at the main github page for the project but I either missed it or it isn't there.

Re: This DNS over HTTP thing

> The bare about:config pref you want is "network.trr.mode".  Short and > sweet of it, set to 5 (off by choice), and it should disable the > function entirely.  3 would be the opposite: always use it. Thank you, IMO this is by far the most useful piece of information on the subject! Robert

Re: new BGP hijack & visibility tool “BGPalerter”

On 2019-08-16 14:13, Valdis Klētnieks wrote: > On Fri, 16 Aug 2019 11:02:41 +0200, Robert Kisteleki said: >> Hi, >> >> On 2019-08-15 17:38, Christopher Morrow wrote: >>> This looks like fun! >>> (a few questions for the RIPE folk, I think though b

Re: new BGP hijack & visibility tool “BGPalerter”

Hi, On 2019-08-15 17:38, Christopher Morrow wrote: > This looks like fun! > (a few questions for the RIPE folk, I think though below) > > What is the expected load of streaming clients on the RIPE service? (I > wonder because I was/am messing about with something similar, though > less node and

spam and GDPR (was something else)

On 2019-06-02 00:51, Mark Rousell wrote: > On 31/05/2019 16:02, Niels Bakker wrote: >> Which is why we now have GDPR.  Care, or get fined. > > Not quite so simple, though, is it. If you want to make a complaint then > you have to get your EU national data protection regulator interested. What

CVV (was: Re: bloomberg on supermicro: sky is falling)

(this is probably OT now...) > I'm pretty sure the "entire point" of inventing CVV was to prove you > physically have the card. Except that it doesn't serve that purpose. Anyone who ever had your card in their hands (e.g. waiters) can just write that down and use it later hence defeating the

Re: G root not responding on UDP?

On 2016-04-14 14:29, Robert Kisteleki wrote: > On 2016-04-14 13:30, Anurag Bhatia wrote: >> Hello everyone >> >> >> I wonder if it's just me or anyone else also finding issues in g root >> reachability? >> >> >> ICMP, trace, UDP DNS queries

Re: G root not responding on UDP?

On 2016-04-14 13:30, Anurag Bhatia wrote: > Hello everyone > > > I wonder if it's just me or anyone else also finding issues in g root > reachability? > > > ICMP, trace, UDP DNS queries all timing out. Only TCP seem to work. It's not only you:

Re: how to deal with port scan and brute force attack from AS 8075 ?

> How do you deal with such massive amount of 'illegal' traffic ? Move SSH to a different port. Better yet, use IPv6 only :-) Robert

Password storage (was Re: gmail security is a joke)

Bcrypt or PBKDF2 with random salts per password is really what anyone storing passwords should be using today. Indeed. A while ago I had a brainfart and presented it in a draft: https://tools.ietf.org/html/draft-kistel-encrypted-password-storage-00 It seemed like a good idea at the time :-)

Re: dns on fios/frontier

anyone on fios/frontier can please run a quickie and see if you can get to http://psg.com/? have a net friend who can not from multiple hosts on their home lan and he has rebooted router. called support and they showed their sunday best the web site is down. sigh.

Re: Getting hit hard by CHINANET

On 2015-03-17 3:06, Terrance Devor wrote: Hello Everyone, I really hope this is not against group policy etc.. however our network is being hit hard by a China IP for the past 6 months. Our systems our up to date, passwordless ssh etc.. but they're DOS attempts are getting more and more

Re: Linux: concerns over systemd adoption and Debian's decision to switch

On 2014-10-23 9:15, Matt Palmer wrote: On Wed, Oct 22, 2014 at 10:05:30PM -0500, Jeffrey Ollie wrote: To achieve the level of integration that timedated has with the rest of systemd would require more than just putting code into timedatectl to write out /etc/ntpd.conf and starting a service.

Re: crave your indulgence

On 2014.05.27. 20:28, manning bill wrote: If you wouldn’t mind a quick tracerooute - Can you confirm reachability to the following: 2001:500:84::b Thanks in advance. /bill Neca eos omnes. Deus suos agnoscet. There should be a tool for this kind of thing! :-)

Re: RIPE Atlas data parsing

On 2014.05.27. 21:28, Ca By wrote: Folks, Yes, RIPE Atlas is great. It generates output as JSON. Is there dummy tool for summarizing this JSON data and possibly visualizing it? I could write my own, but i imagine someone has already done this somewhere. No? CB These may help:

Re: ANNOUNCE: bgptables.merit.edu - understanding visibility of your prefix/AS

On 2012.01.19. 7:57, Suresh Ramasubramanian wrote: On Wed, Jan 18, 2012 at 8:07 PM, Robert Kisteleki rob...@ripe.net wrote: One can also try RIPEstat for this: http://stat.ripe.net/ Amongst other modules it gives full (~10 year) BGP history for prefixes. Does it also give a similar history

Re: ANNOUNCE: bgptables.merit.edu - understanding visibility of your prefix/AS

On 2012.01.18. 15:22, Arturo Servin wrote: For example for any given prefix to get which ASNs have originated that prefix over time and when. I think that could be interesting for discovering if a prefix has been hijacked in the past. RIS from RIPE NCC provides

Re: Weekly Routing Table Report

On 2011.03.19. 23:40, Geoff Huston wrote: On 19/03/2011, at 6:08 AM, Mikael Abrahamsson wrote: On Sat, 19 Mar 2011, Routing Analysis Role Account wrote: Number of 32-bit ASNs allocated by the RIRs: 1207 Prefixes from 32-bit ASNs in the Routing Table:

Re: ip block history.

On 2010.09.15. 4:50, Richard Barnes wrote: RIPE has been developing a couple of projects to support this sort of history searching: Internet Resource Database (INRDB): http://labs.ripe.net/Members/kistel/content-intro-inrdb-internet-number-resource-database Resource EXplainer (REX):

Re: Note change in IANA registry URLs

On 2010.04.02. 6:16, Leo Vegoda wrote: On Mar 31, 2010, at 8:22 PM, Dan White wrote: […] http://www.iana.org/assignments/ipv4-address-space/ I think it's worth pointing out again that the URLs for IANA registries have changed and the old URLs, like the one above, will be going away from

Re: Note change in IANA registry URLs

On 2010.04.02. 18:16, David Conrad wrote: On Apr 1, 2010, at 11:42 PM, Robert Kisteleki wrote: I don't know what good reasons you might have to pull down the current URLs. Because the content has changed from arbitrary ASCII text files into more easily parseable XML and backporting to those

Re: DNSSEC deployment testing and awareness (Was: Re: IPv4 ANYCAST setup)

I must observe that these are not really the links you'd want to give your end users to check out. Their audience is very different. While the article on RIPE Labs comes close, they don't really answer the does it work or does it not? question with a green/red light, and they don't provide a

Re: interger to I P address

Colin Alston wrote: On 2008/08/27 05:22 PM Dave Israel wrote: Normally, I don't participate in this sort of thing, but I'm a sucker for a there's more than one way to do it challenge. Aww come on, C gets way more fun than that ;) #define _u8 unsigned char #define _u32 unsigned long int

https (was: Re: Exploit for DNS Cache Poisoning - RELEASED)

Patrick W. Gilmore wrote: Anyone have a foolproof way to get grandma to always put https://; in front of www? I understand this is a huge can of worms, but maybe it's time to change the default behavior of browsers from http to https...? I'm sure it's doable in FF with a simple plugin, one