Re: Legislative proposal sent to my Congressman

On Mon, 03 Oct 2016 11:58:10 -0700, Stephen Satchell said: > > THEREFORE the Consumer Product Safety Commission shall require that > > the manufacturer provide a security update to the device within 30 day > > of first notice; or failing that, to issue a complete recall of the > > defective

Re: BCP38 adoption "incentives"?

On Tue, 27 Sep 2016 20:44:35 -, "White, Andrew" said: > This assumes the ISP manages the customer's CPE or home router, which is > often not the case. Adding such ACLs to the upstream device, operated by the > ISP, is not always easy or feasible. Hopefully, if you've been burnt by this, you

Re: BCP38 deployment [ was Re: Krebs on Security booted off Akamai network after DDoS attack proves pricey ]

On Sun, 25 Sep 2016 21:19:31 -0700, Hugo Slabbert said: > Linux: > From /etc/sysctl.conf: > > # Uncomment the next two lines to enable Spoof protection (reverse-path=20 > # filter) > # Turn on Source Address Verification in all interfaces to > # prevent some spoofing attacks >

Re: PlayStationNetwork blocking of CGNAT public addresses

On Thu, 22 Sep 2016 14:31:12 +0200, Alexander Maassen said: > Maybe its time then for a global accepted, unified way to send/report abuse? YOu mean ike these RFCs? (OK, so it's an XML schema. Just be glad it isn't ASN.1 :) 5070 The Incident Object Description Exchange Format. R. Danyliw, J.

Re: Domain renawals

On Mon, 19 Sep 2016 13:19:43 -0400, Jeff Jones said: > networksolutions.com and am looking for input on who is cheap, secure, > reliable registrar. Thanks for your input. cheap, secure, reliable - pick any two. (The driver here is "cheap" - the other two criteria can be almost anything, but to

Re: PlayStationNetwork blocking of CGNAT public addresses

On Wed, 21 Sep 2016 11:29:49 +1000, Mark Andrews said: > What we need is business tech reporters to continually report on > these failures of content providers to deliver their services over > IPv6. 20 years lead time should be enough for any service. Interestingly enough, the Playstation 4 has

Re: PlayStationNetwork blocking of CGNAT public addresses

On Mon, 19 Sep 2016 10:41:59 +1200, "Tony Wicks" said: > Interestingly, Sony (SNEI-NOC-Abuse replied to being forwarded back one of their notification blocks requesting > more detailed information with a csv file in under an hour! So I guess

Re: QWEST.NET can you fix your nameservers

On Thu, 15 Sep 2016 09:22:10 -0700, "Aaron C. de Bruyn" said: > On Thu, Sep 15, 2016 at 12:31 AM, Mark Andrews wrote: > > > QWEST isn't the only DNS provider that has broken nameservers. One > > shouldn't have to try and contact every DNS operator to get them to > > use protocol

Re: Lawsuits for falsyfying DNS responses ?

On Tue, 13 Sep 2016 08:29:25 -0400, Alain Hebert said: > Well "may" is not "must". > > “260.34. An Internet service provider may not give access to an online > gambling site whose operation is not authorized under Québec law. Note that most legal jurisdictions don't include RFC2119 as part

Re: "Defensive" BGP hijacking?

On Mon, 12 Sep 2016 14:07:47 -0400, Jean-Francois Mezei said: > So there are some cases where BGP hijacking may be desirable. I guess > this is where judgement kicks in. I don't see "hijacking" in your description of the iStop case - it appears to have been fully coordinated and with permission.

Re: Use of unique local IPv6 addressing rfc4193

On Thu, 08 Sep 2016 23:09:28 -, Pshem Kowalczyk said: > If I give them public IPs then they're routable and potentially can reach > the internet via devices that don't police the traffic. They can potentially reach the Internet even without public IPs. All it takes is one idiot with a

Re: Cloudflare reverse DNS SERVFAIL, normal?

On Tue, 30 Aug 2016 14:39:10 -0700, Owen DeLong said: > I run a pair of nameservers. Let’s call them ns1.company.com > and ns2.company.com > Someone registers example.com and points NS records in the COM zone at my > nameservers. I would have expected that the resulting NXDOMAIN replies from

Re: Why the internal network delays, Gmail?

On Sat, 27 Aug 2016 10:34:36 -, Mel Beckman said: > But mailop doesn't have the same odd mix of people as nanog. For example, I'm > not on mailop. :) And apparently you need to know the secret handshake to get on. After Chrome complained the SSL cert on the subscription page had expired 6

Re: Zayo Extortion

On Wed, 17 Aug 2016 01:11:09 +0200, Jonathan Hall said: > And either way, defamation requires some form of punitive damage be proven in > order to act ually win that case. In addition to the other things already pointed out, punitive damage doesn't need to be proven. *Actual* damages have to be

Re: Zayo Extortion

On Tue, 16 Aug 2016 17:53:23 +0200, Niels Bakker said: > An actual lawyer! Where were you in the CloudFlare booters thread, though? Keeping sensibly quiet, I think... :) pgp7DwJ_2f90w.pgp Description: PGP signature

Re: Zayo Extortion

On Mon, 15 Aug 2016 11:16:26 -0400, Jon Lewis said: > Obvious first question would be, have you fallen behind paying your bill? And if you're in fact up-to-date, make sure you have *proof* of same. It's not unheard of for providers to mis-credit your payments and then think you're behind.

Re: Host.us DDOS attack -and- related conversations

On Wed, 03 Aug 2016 10:53:22 -0400, Alain Hebert said: > Between you and me, if only Elbonia are left DDoSing at 100Gbps, we > simply de-peer the commercial subnets from that country (leaving the > govt subnets up obviously) Explain why, for those of us who don't see it as obvious.

Re: NFV Solution Evaluation Methodology

On Tue, 02 Aug 2016 19:16:04 -0700, Eric Kuhnke said: > But but but... cloud! THE CLOUD! Cloudy clouds fluffy white flying > through the air, you should move everything to the Cloud (tm). Running the stuff you need to keep your own network running on the cloud? That's the sort of thing I

Re: Cloudflare, dirty networks and politricks

On Fri, 29 Jul 2016 07:50:09 -0500, "J. Oquendo" said: > In my ramblings on "Why network operators love filth", I > associate a landlord that knowingly allows his/her tenant > to sell drugs. In America, your house is gone. This should > be the case on the Internet as well. Oh, do *NOT* go there.

Re: EVERYTHING about Booters (and CloudFlare)

On Thu, 28 Jul 2016 12:00:00 +0200, Baldur Norddahl said: > DDoS attacks using stolen resources and fake identities is not legal Are you making a blanket statement that covers all jurisdictions on the planet? For bonus points - is it more like "illegal as in murder", or "illegal as in

Re: EVERYTHING about Booters (and CloudFlare)

On Wed, 27 Jul 2016 22:55:54 -0400, Miles Fidelman said: > On 7/27/16 10:48 PM, Randy Bush wrote: > >> They just lost all respect from here. Would someone from USA please > >> report these guys to the feds? What they are doing is outright > >> criminal. > > hyperbole. it is not criminal. you

Re: EVERYTHING about Booters (and CloudFlare)

On Thu, 28 Jul 2016 10:48:47 +1000, Mark Andrews said: > As soon as a transaction takes place, conspiricy to harm by > . If the DoS actually occurs you can add additional charges for > the actual actions. If the claim is that a law has been broken, you have to show that is actually a crime in

Re: EVERYTHING about Booters (and CloudFlare)

On Wed, 27 Jul 2016 11:21:02 -0700, Dan Hollis said: > On Wed, 27 Jul 2016, b...@theworld.com wrote: > > There isn't even general agreement on whether (or what!) Cloudfare is > > doing is a problem. > > aiding and abetting. at the very least willful negligence. aiding and abetting of what,

Re: IPv6 Deployment for Mobile Subscribers

On Fri, 22 Jul 2016 10:54:48 +0200, Ricardo Ferreira said: > Is there anyone here working in an ISP where IPv6 is deployed? > We are starting to plan the roll-out IPv6 to mobile subscribers (phones) I > am interesting in knowing the mask you use for the assignment; whether it > is /64 or /128. > >

Re: New Office, New Network. Questions.

On Tue, 12 Jul 2016 15:30:11 +0300, Nikolai Petrov said: > Is there any way to limit the amount of devices in a subnet to avoid problems > and attacks? I don't think the equipment will work with 2^64 devices in a > single subnet.. Sure. Just don't connect that many devices to one subnet, just

Re: New Office, New Network. Questions.

On Sun, 10 Jul 2016 21:53:52 +0300, Nikolai Petrov said: > 1. Currently we do not have IPv6 in our network but I have seen the ISP is > giving us a "/56 Block" which from what I understand is a couple hundred "/64 > Subnets". I think you can only have /64 subnets in IPv6. In our IPv4 setup we

Re: Leap Second planned for 2016

On Sat, 09 Jul 2016 12:14:03 +0300, Saku Ytti said: > Check the implementation on your PC. This is why code is broken and > people don't even know it's broken. You have to use monotonic time to > measure passage of time, which is not particularly easy to do > portable, in some languages. It

Re: New ICANN registrant change process

On Wed, 06 Jul 2016 13:23:04 -0400, Christopher Morrow said: > On Mon, Jul 4, 2016 at 3:03 PM, Jay Ashworth wrote: > > > Seems to me that the proper thing to be done would have been for > > Registries to deauthorize registrars on the grounds of continuous streams > > of

Re: NAT firewall for IPv6?

On Tue, 05 Jul 2016 11:54:14 -0400, Spencer Ryan said: > The Palo-Alto's also don't support anything but NAT64, They don't support proper dual-stack?? Or NAT64 is the only NAT flavor they support on the v6 side? pgpMGuNc6KiEk.pgp Description: PGP signature

Re: NAT firewall for IPv6?

On Fri, 01 Jul 2016 21:28:54 -0500, Edgar Carver said: > We're having problems where viruses are getting through Firefox, and we > think it's because our Palo Alto firewall is set to bypass filtering for > IPv6. Do you have any actual evidence (device logs, tcpdump, netflow, etc) that support

Re: IPv6 deployment excuses

On Tue, 05 Jul 2016 11:16:31 +0900, Masataka Ohta said: > A large ISP should just set up usual NAT. In addition, the ISP > tells its subscriber a global IP address, a private IP address > and a small range of port numbers the subscriber can use and > set up *static* bi-directional port

Re: Netflix banning HE tunnels

On Tue, 14 Jun 2016 14:57:40 -0400, "Ricky Beam" said: > I've seen many "IPv6 Capable" CPEs that apply ZERO security to IPv6 > traffic. IPv4 goes through NAT, so one gets the pseudo-security of not > being directly touchable from the internet. And a very big *PSEUDO* on that. It's amazing how

Re: Measuring the quality of Internet access

On Mon, 13 Jun 2016 22:11:47 +0300, Max Tulyev said: > Is it possible in general to measure the quality of Internet access? And > if yes - how? First, *define* "quality". Raw bandwidth to a test server? Raw bandwidth to a weighted average of the Alexa Top 100? Does RTT/bufferbloat count? What

Re: Netflix banning HE tunnels

On Mon, 13 Jun 2016 03:27:41 +0200, Baldur Norddahl said: > On 13 June 2016 at 02:05, Owen DeLong wrote: > > 1) lower case > 2) as short as possible, except do not shorten just one :0: into ::. > 3) if there is more than one possible :: block that results in the same > shortest

Re: Detecting Attacks

On Fri, 10 Jun 2016 22:22:31 -0700, subashini hariharan said: > The aim is to detect DoS/DDoS attacks using the application. I am going to > use ELK (ElasticSearch, Logstash, Kibanna) for processing the logs (Log > Analytics). Bad approach. At that point, not only is the application being

Re: Netflix banning HE tunnels

On Sat, 11 Jun 2016 00:21:52 +0900, Masataka Ohta said: > As such, the fish passages can be constructed, if translation > behavior of the NAT boxes are known to end systems so that > the end systems have sufficient knowledge to reverse the > translation. This requires each end system to restrict

Re: Enough about Netflix banning HE tunnels [really: IPv6 adoption]

On Fri, 10 Jun 2016 20:12:43 -, "STARNES, CURTIS" said: > and the Chromebook content filtering is not IPv6 compatible either So what are you using for content filtering? A quick google search indicates that there do exist filtering solutions that are IPv6 capable? And what *non* Chromebook

Re: Enough about Netflix banning HE tunnels [really: IPv6 adoption]

On Fri, 10 Jun 2016 19:39:38 -, "STARNES, CURTIS" said: > - Unix such as System V/BSD/Open Systems/AIX/SCO/HP-UX/Sun Solaris would each > rule the world. Compare the number of Android devices (basically every single smartphone on the planet that doesn't say iPhone) to the number of laptops

Re: Netflix banning HE tunnels

On Fri, 10 Jun 2016 07:19:22 +0100, "t...@pelican.org" said: > All the business systems that sit around it? Not so much. $DAYJOB has > plenty of code, database structures etc that are built around "an IP address > is > no more than 15 characters long and matches >

Re: syslog server

On Mon, 06 Jun 2016 14:59:51 -0600, Maximino Velazquez said: > What is the best syslog server (opensource)? Step 0: Define what "best" means in your environment. What features do you need? Routing to a central aggregation server over TLS? Powerful regex-based routing? Ingestion into a

Re: Netflix VPN detection - actual engineer needed

On Mon, 06 Jun 2016 20:30:02 +0100, Aled Morris said: > Maybe HE's IPv6 tunnel packets could be flagged with a destination option > (extension header field) that records the end-user's IPv4 tunnel endpoint > so geolocation could be done in the "old fashioned" way on that address. > > Similar to

Re: Netflix VPN detection - actual engineer needed

On Fri, 03 Jun 2016 17:21:16 -0700, Blair Trosper said: > ...IF (and that's a big IF in the Bay Area at least) you can get the newest > modems. Easier said than done. http://www.amazon.com/ARRIS-SURFboard-SB6141-DOCSIS-Cable/dp/B00AJHDZSI/ $68.75 and Done. And the damned thing even pays for

Re: craigslist.com admin

On Thu, 02 Jun 2016 14:11:57 -0700, Todd Crane said: > According to bgp.he.net and ARIN, craigslist has 2620:7E::/44 which is > announced on several transits. Curious as to what they use it for if not > Web, MX, or DNS. Well, for starters, they could put a quad-A in the DNS for

Re: craigslist.com admin

On Thu, 02 Jun 2016 15:45:33 -0500, Darin Steffl said: > Have been getting reports of the same thing. Went to the craigslist help > forums where some people there decided to call us a fake ISP because we > don't hand out publics to every customer. They were VERY rude and hopefully > none of them

Re: Cost-effectivenesss of highly-accurate clocks for NTP

On Sun, 15 May 2016 15:21:02 -, Mel Beckman said: > But a more critical deployment of rubidium clocks is in cash-strapped public > safety institutions, such as local police dispatch centers. Timing is crucial > for the squad car communication systems, which these days are all digital, > based

Re: NIST NTP servers

On Wed, 11 May 2016 17:23:31 -0700, Eric Kuhnke said: > average of $150/mo x 500 = $75,000 Id worry more about the fact that somebody is willing to spend $75K/mo to attack me than the fact that it might be possible to wiggle my time base a bit. At that point, you *really* have to worry about

Re: NIST NTP servers

On Wed, 11 May 2016 21:07:21 +0200, Florian Weimer said: > * Chris Adams: > > > First, out of the box, if you use the public pool servers (default > > config), you'll typically get 4 random (more or less) servers from the > > pool. There are a bunch, so Joe Random Hacker isn't going to have a > >

Re: NIST NTP servers

On Wed, 11 May 2016 15:36:34 -, "Jay R. Ashworth" said: > CDMA and GSM are false diversity: both network types nodes *get their time* > from GPS, so far as I know. I'll make the fairly reasonable assumption that most readers of this list have networks that span multiple buildings. If

Re: NIST NTP servers

On Tue, 10 May 2016 08:07:15 -0700, Brandon Vincent said: > On May 10, 2016 7:59 AM, "Stephane Bortzmeyer" wrote: > > Yes, but they may switch it off for civilian use (by going encrypted, > > for instance) at any time, if it is better for *their* operations. > > I think you are

Re: NIST NTP servers

On Tue, 10 May 2016 16:39:54 +0200, Stephane Bortzmeyer said: > You mean the GPS network is not managed by an external entity? With > budget issues? > > http://www.schriever.af.mil/GPS Note that they *do* have motivation to keep it working, simply because so much of their *own* gear (from gear

Re: Superfluous advertisement (was: Friday's Random Comment)

On Sat, 30 Apr 2016 19:10:44 -, "Jakob Heitz (jheitz)" said: > A use case for a longer prefix with the same nexthop: > >F > / \ > D E > | | > B C > \ / >A Am I the only one thinking "RFC4264" here? :) pgpI3q583g2Ao.pgp Description: PGP signature

Re: carrier grade fax boards?

On Thu, 28 Apr 2016 04:30:23 -, Ryan Finnesey said: > I was wondering if anyone had any recommendations on carrier grade fax boards > that are SIP based? What would "carrier grade" even *mean* for a fax board? pgpnbu6lUPiJ5.pgp Description: PGP signature

Re: GeoIP database issues and the real world consequences

On Thu, 14 Apr 2016 16:43:00 -0700, Todd Crane said: > You do realize that this is the exact kind of thing that caused this > discussion in the first place. I'm well familiar with that case. I was talking > about my own experiences in the food service industry, but of course you > barely > read

Re: GeoIP database issues and the real world consequences

On Tue, 12 Apr 2016 22:57:42 -0700, Todd Crane said: >.What ever happened to holding people responsible for being > stupid. When did it start becoming ((fill in the blank)) coffee shop > for you burning your tongue on your coffee Whatever happened to holding people responsible for fact checking

Re: GeoIP database issues and the real world consequences

On Tue, 12 Apr 2016 20:17:03 -0400, Jean-Francois Mezei said: > All GeoIP services would be forced to How? pgpE7Fsimh3CW.pgp Description: PGP signature

Re: GeoIP database issues and the real world consequences

On Mon, 11 Apr 2016 21:13:48 +0200, Niels Bakker said: > * baldur.nordd...@gmail.com (Baldur Norddahl) [Mon 11 Apr 2016, 21:02 CEST]: > >They should stop giving out coordinates on houses period. Move the > >coordinate to the nearest street intersection if you need to be that > >precise (I would

Re: Stop IPv6 Google traffic

On Sun, 10 Apr 2016 15:33:43 -0400, b...@theworld.com said: > > > > Ya know, this is the problem with this kind of list groupthink. > > Who cares what his motivations are unless he asks for help with that > underlying problem? Because when people apply band-aid solutions rather than fixing the

Re: Stop IPv6 Google traffic

On Sun, 10 Apr 2016 17:07:47 +0300, Max Tulyev said: > Customers see timeouts if I blackhole Google network. I looking for > alternatives (other than stop providing IPv6 to customers at all). "Doctor, it hurts when I do this.." "Then don't do that..." Why are you blackholing Google?

Re: Stop IPv6 Google traffic

On Sun, 10 Apr 2016 16:29:39 +0300, Max Tulyev said: > I need to stop IPv6 web traffic going from our customers to Google > without touching all other IPv6 and without blackhole IPv6 Google > network (this case my customers are complaining on long timeouts). > > What can you advice for that?

Re: What services does Microsoft AS8075 provide when peering at IXPs?

On Fri, 01 Apr 2016 18:02:56 -, Eric A Louie via NANOG said: > I suppose we have a customer who is an Azure customer that wants to know if > their Azure traffic will stay in our network or still go through the Internet. As a practical matter, if they're using the answer for a security

Re: how to deal with port scan and brute force attack from AS 8075 ?

On Thu, 31 Mar 2016 10:02:05 +0200, "marcel.duregards--- via NANOG" said: > We consider port scan and brute force on ssh port as an attack, and even So explain to me why you don't have ACLs that silently drop inbound SYN packets on port 22 from outside your allocated address space? (And if you

Re: Cogent Communications

On Fri, 25 Mar 2016 23:15:25 -0700, Todd Crane said: > Last time I called them on a Friday night, it was because they announcing > (not originating but bad nevertheless) the IPv6 default route. I'm tempted to say that forwarding it is even worse than originating it, because it proves they

Re: Why the US Government has so many data centers

On Tue, 22 Mar 2016 12:11:11 -0400, Sean Donelan said: > Why do you have two circuits with only 40% utilization. The auditor says > that's waste, and you only need one circuit at 80% utilization for half > the cost. And of course, said auditor is probably near impervious to the very real and

Re: Oh dear, we've all been made redundant...

On Sun, 20 Mar 2016 12:07:31 -0700, Roy said: > Here is an even better one. This one recycles the power when it loses > contact with the internet. Depending on its definition of "lose contact with the Interent", that could result in interesting failure modes - everything from hundreds of them

Re: Internet Exchanges supporting jumbo frames?

On Fri, 18 Mar 2016 21:29:44 -, "Jakob Heitz (jheitz)" said: > A single bit error will drop a whole packet. > Larger packets will cause more loss. Cables will need to be > shorter or bitrates lower to compensate. If that's an actual concern in your production network, you probably have bigger

Re: DataCenter color-coding cabling schema

On Mon, 14 Mar 2016 11:15:29 -0700, Owen DeLong said: > > On Mar 13, 2016, at 20:58 , valdis.kletni...@vt.edu wrote: > > Especially if you drop it and it manages to bounce through a cutout in the > > raised floor. That's got to be the single best reason for overhead > > cabling. :) > Because

Re: DataCenter color-coding cabling schema

On Sun, 13 Mar 2016 22:21:48 -0400, "Oliver O'Boyle" said: > Just place a piece of tape under the padding and it won't slide anymore. 5 > seconds of extra work per end, though. I dunno. Your dexterity must be better than mine. I'd have trouble digging up the roll of tape, removing a section,

Re: IPV6 planning

On Sat, 05 Mar 2016 23:46:59 +0200, Mark Tinka said: > If you want IPv6 DNS resolvers, DHCPv6 is a good option, which means a > hybrid of DHCPv6 and SLAAC is reasonable. And note that there isn't any problem with a machine getting an IPv6 address via SLAAC *and* getting another one via DHCPv6 -

Re: sFlow vs netFlow/IPFIX

On Mon, 29 Feb 2016 09:24:42 +0700, "Roland Dobbins" said: > On 29 Feb 2016, at 6:26, Baldur Norddahl wrote: > > > Around here they are currently voting on a law that will require unsampled > > 1:1 netflow on all data in an ISP network with more than 100 users. > > That's interesting, given that

Re: Thank you, Comcast.

On Fri, 26 Feb 2016 10:52:55 -0500, Jay Nugent said: > However, if a 'provider' wishes to block ANYTHING, then they need to > inform the customer IN WRITING exactly what will be blocked so that > customer doesn't waste their time and money with said (limited) service > and vote with their

Re: Cogent & Google IPv6

On Wed, 24 Feb 2016 16:51:55 -0500, "Patrick W. Gilmore" said: > Or do you think Cogent is paying all of them? That is a possibility, but it > means that Cogent is not getting paid - by definition. All depends how creative their accountants are... :) pgpW8dCKWjsxu.pgp Description: PGP

Re: Cable Operator List

On Tue, 02 Feb 2016 14:26:14 +, Nick Hilliard said: > Jared Mauch wrote: > > I can create a catv or similar list easily. good name > > suggestions welcome. > > "There are only two hard things in Computer Science: cache invalidation > and naming things". They're only hard because all

Re: Netflix NOC? VPN Mismarked?

On Thu, 28 Jan 2016 14:46:33 +0100, Bacon Zombie said: > Do all "smart" TVs and Game consoles fully support IPv6 out of the box? Specific data points: The PS/3 and PS/4 consoles do *not* do so. My Vizio TV also apparently does not - it *does* dhcp for an ipv4, but does naught that produces an

Re: RADb Outage?

On Sat, 23 Jan 2016 14:02:52 -0500, Daniel Corbe said: > How come? What situations would you run into that are so urgent about > updating > prefix lists that the task can’t be put off for a few hours? Those of you who have cron jobs doing an automatic pull can be quite surprised by scenarios

Re: ICYMI: FBI looking into LA fiber cuts, Super Bowl

On Tue, 19 Jan 2016 15:41:31 -0600, Rafael Possamai said: > I fail to see how drones relate to fiber cuts and the superbowl. Did the > article author just throw that in there? The news helicopter getting aerial > footage also poses a risk, so not sure what's special about drones. Drones don't

Re: de-peering for security sake

On Sun, 17 Jan 2016 19:39:52 -0500, b...@theworld.com said: > How about if backed by an agreement with the 5 RIRs stating no new > resource allocations or transfers etc unless a contract is signed and > enforced? Or similar. Then they'd just resort to hijacking address space. Oh wait, they

Re: de-peering for security sake

On Sat, 16 Jan 2016 09:53:40 -0500, Rich Kulawiec said: > I've said this many times: abuse does not magically fall out of the sky. > It comes from hosts, on networks, run by people. It is time -- well > past time -- to hold those people *personally* acountable. And who, *exactly*, are you

Re: de-peering for security sake

On Sat, 16 Jan 2016 11:09:27 -0800, Owen DeLong said: > > Making the owner of the host responsible for an attack -personally- > > responsible would require every grandma & 6 year old to have insurance > > before > > buying a laptop or Xbox. And would bankrupt your favorite startup no matter > >

Re: Youtube CDN unreachable over IPv6

On Thu, 14 Jan 2016 16:04:54 +0100, Seth Mos said: > lsintra:~# telnet 62.214.62.205 443 > lsintra:~# telnet 2001:1438:1:2::d 443 > Is it possible for Google to realize some form of internal monitoring to > catch these defunct dual stack nodes? A traceroute to both would help greatly in

Re: Looking for Yahoo eMail contact

On Mon, 11 Jan 2016 12:25:17 +, Marc Storck said: > I'm looking for a Yahoo email administrator who could contact me offlist. > Error: "421 4.7.1 [TS03] All messages from x.x.x.x permanently deferred" If you find one, tell them to go look up the difference between 4xx and 5xx return codes.

Re: Anonymous Threats

On Sun, 10 Jan 2016 20:45:25 -0500, "Eric Rogers" said: > Thank you for all that have responded, and this response has been the > majority, to leave well enough alone. I guess I was hoping that maybe I could > offer a new way to help narrow this search down. The only thing that's more likely to

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

On Sun, 10 Jan 2016 14:04:13 +, Alan Buxey said: > as for carriers pipes...will, if multicast was seriously taken up then eg OS > updates could be streamed out on regular updates You can multicast the Super Bowl, because to a rather high rate of accuracy you can assume that everybody who

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

On Sat, 09 Jan 2016 11:12:16 -0600, Mike Hammett said: > Bytes uploaded and\or downloaded. That's all that should matter. Initiated by > you or not. You want to be the one explaining to your customer that the reason they got charged for 20G of unexpected transfer was because their 3 Windows 8

Binge On! - get your umbrellas out, stuff's hitting the fan.

So we went round and round back in November regarding Binge On! and whether it was net neutrality. So here's some closure to that... The EFF did some testing and discovered that what T-Mobile is actually doing doesn't match what they said it was...

Re: Another Big day for IPv6 - 10% native penetration

On Mon, 04 Jan 2016 15:35:05 -0800, Owen DeLong said: > You do realize that the query source address is not 8.8.8.8 when it goes to > the > authoritative server, right? As I said: > So in how many of the 196 or so extant countries does 8.8.8.8 resolve to > a host which, when it sends a query

Re: Another Big day for IPv6 - 10% native penetration

On Mon, 04 Jan 2016 13:52:46 -0800, Damian Menscher said: > While I agree with your general sentiment about 3xx responses (often used > to redirect example.com to www.example.com) I think your concerns about > 8.8.8.8 are over-stated. 8.8.8.8 is deployed in many locations, which > gives

Re: Another Big day for IPv6 - 10% native penetration

On Mon, 04 Jan 2016 17:23:20 -0500, Christopher Morrow said: > https://developers.google.com/speed/public-dns/faq?hl=en > > there I asked jeeves for ya! > > So in how many of the 196 or so extant countries does 8.8.8.8 resolve to > > a host which, when it sends a query up the chain, appears to be

Re: Another Big day for IPv6 - 10% native penetration

On Mon, 04 Jan 2016 16:42:45 -0800, Owen DeLong said: > Another alternative discussed, but Netflix seems so far to be unconvinced: > > If you come via IPv6, you get all the content. > > If you come from IPv4, And Netflix convinces Sony to ship an IPv6-capable OS update for the PS3 and PS4, how,

Re: Another Big day for IPv6 - 10% native penetration

On Mon, 04 Jan 2016 11:59:40 -0800, Owen DeLong said: > These numbers might be slightly pessimistic because 3XX series responses are > not counted as good. They may be a *lot* more than slightly pessimistic - consider the case of any site that uses 3xx replies to redirect to a geo-IP based

Re: VPLS Providers

On Thu, 31 Dec 2015 15:55:24 -0500, Chris Burwell said: > Hi NANOG, > > I'm looking to solicit feedback on VPLS providers. The requirement is for > connectivity among about ten sites in North America, Going to depend a lot on what the 10 sites are. You're in Fairfax, Virginia, I'm sure you can

Re: Broadband Router Comparisons

On Sun, 27 Dec 2015 08:37:25 +0100, Mikael Abrahamsson said: > If someone like Consumer Reports or similar agency started testing and > rating devices on these things like long-time support, automatic updates, > software quality etc, and not just testing wifi speed as a factor of > distance, we

Re: de-peering for security sake

On Sun, 27 Dec 2015 05:35:19 +0100, Baldur Norddahl said: > SSH password + key file is accepted as two factor by PCI DSS auditors, so > yes it is in fact two factor. They also accept NAT as "security". If anything, PCI DSS is yet another example of a money grab masquerading as security theater

Re: Broadband Router Comparisons

On Sun, 27 Dec 2015 17:56:02 -0800, Mike said: > NO SUCH DEVICE EXISTS, because you can't afford it. If I were to take > you seriously however - and we're talking about eliminating all excuses > and simply getting down to it and making a marginally qualified showing > at expecting uninterrupted

Re: Broadband Router Comparisons

On Sun, 27 Dec 2015 22:12:25 -0600, Josh Reynolds said: > Based over what has been leaked, announced, or passed as pork barrel since > 9/11, its probably time a tin foil hat factory was created to speed up the > issuance of said hats.

Re: de-peering for security sake

On Sat, 26 Dec 2015 15:11:13 -0800, Owen DeLong said: > Or contexts where the user is sloppy about securing their private key, e.g. > the real world. I seem to remember that enough people stashed their entire home directory to github, including their keys, that github had to put in special hacks

Re: de-peering for security sake

On Sat, 26 Dec 2015 12:50:27 -0800, Matthew Petach said: > No, the difference is that a passphrase works > in conjunction with the private key, which is > the "something you have" vs the "something > you know" in two-factor authentication. > > With password authentication, there's only a > single

Re: de-peering for security sake

On Thu, 24 Dec 2015 23:44:10 +, Colin Johnston said: > We really need to ask if China and Russia for that matter will not take abuse > reports seriously why allow them to network to the internet ? Well, first off, it isn't like China or Russia are just one ASN. You'd have to de-peer a bunch

Re: interconnection costs

On Wed, 23 Dec 2015 16:39:11 -0800, Reza Motamedi said: > Aren't availability, guaranteed service and remote hands an incentive to do > peering inside a third party colocation? Sure. But there are places in the US where you have to decide whether the cost of lighting 300 miles of fiber to the

Re: Bluehost.com

On Thu, 26 Nov 2015 10:06:30 +1100, Matt Palmer said: > Except for the fuckups that the redundancy *caused*... You can't have split-brain failures if there isn't enough brain to split? :) pgpYyCs8TIJTE.pgp Description: PGP signature

Re: DHCPv6 PD & Routing Questions

On Tue, 24 Nov 2015 09:39:54 +1100, Mark Andrews said: > And a /56 gives you 256 subnets. When you remove unnecessary > heirachical delegation / routing that still supports a reasonable > sized home network. If you have a *workable* solution for the case where you're handed a /56 and are running

<    1   2   3   4   5   6   7   8   9   10   >