Re: Repeated Blacklisting / IP reputation

so... this thread has a couple of really interesting characteristics. a couple are worth mentioning more directly (they have been alluded to elsewhere)... Who gets to define bad - other than a blacklist operator? Are the common, consistent defintions of contamination?

Re: Repeated Blacklisting / IP reputation

On Tue, Sep 15, 2009 at 09:34:14PM -0400, Christopher Morrow wrote: On Tue, Sep 15, 2009 at 4:46 PM, bmann...@vacation.karoshi.com wrote: so... this thread has a couple of really interesting characteristics. a couple are worth mentioning more directly (they have been alluded to

Re: Repeated Blacklisting / IP reputation

On Thu, Sep 10, 2009 at 04:42:13PM +0200, Benjamin Billon wrote: Why don't we just blacklist everything and only whitelist those we know are good? snip Note we all could start using IPv6 and avoid this problem altogether. snip Yeah. When ISP will start receiving SMTP traffic in IPv6,

Re: Repeated Blacklisting / IP reputation

On Tue, Sep 08, 2009 at 02:34:10PM -0500, Joe Greco wrote: there is a fundamental disconnect here. the IP space is neutral. it has no bias toward or against social behaviours. its a tool. the actual/real target here are the people who are using these tools to be antisocial. blacklisting

Re: Repeated Blacklisting / IP reputation

sounds like domain tasting to me. --bill On Wed, Sep 09, 2009 at 01:04:48AM -0400, Peter Beckman wrote: How about a trial period from ARIN? You get your IP block, and you get 30 days to determine if it is clean or not. Do some testing, check the blacklists, do some magic to see if there

Re: sat-3 cut?

On Mon, Aug 10, 2009 at 09:49:51PM +0900, Randy Bush wrote: http://www.nytimes.com/2009/08/10/business/global/10cable.html if seacom completes, and it is looking likely (yay!), this will be great. but Alan Mauldin, research director at TeleGeography, a telecommunications market

Re: Probes from root servers

On Thu, Jul 16, 2009 at 03:56:29PM -0700, Pederson, Krishna wrote: One of our IP addresses is being probed by up to 8 of the 13 root dns servers every 15 seconds. I'm looking for input on how to contact the admins for the servers or perhaps a way to figure out if perhaps someone is spoofing

Re: ARIN and DNSSEC

On Wed, Jul 08, 2009 at 11:09:49AM +1000, Mark Andrews wrote: In message 20090707171251.ga2...@arin.net, Mark Kosters writes: On Mon, Jul 06, 2009 at 10:35:56AM -0400, Dan White wrote: Are there any high level operational details you could share? Specifically, are you using any

Re: CADR

On Wed, Jul 08, 2009 at 11:58:17AM +1000, Mark Andrews wrote: received a lot of good feedback with the conclusion that using a restful service would be a useful transport for this type of data transfer. We certainly need your feedback on future services and encourage you

Re: CADR

On Wed, Jul 08, 2009 at 11:58:17AM +1000, Mark Andrews wrote: hey, thats what the CADR tool does. fully in-band maintainace for the child/parent interactions. only needs manual re-keying if a party loses control of the credential. -- bill It would be nice if

Re: Hurricane Electric

used them for years, from when they were just a local ISP till today. a good addition to your mix... great value for money. --bill On Wed, Jun 17, 2009 at 08:41:23PM -0400, Paul Stewart wrote: Hi folks... Looking for some feedback on using Hurricane Electric as an upstream? Thanks,

Re: glue record

On Fri, May 29, 2009 at 02:48:33PM +0700, Anton Zimm wrote: I get this: MOBI servers are not authoritative for push.mobi zone, ns1.push.mobi is authoritative for it. But since ns1.push.mobi is inside push.mobi zone, this create circular reference. Afaik to solve this circular dependency,

Re: White House net security paper

fine piece of work. On Fri, May 29, 2009 at 11:37:58AM -0500, jamie rishaw wrote: The White House just put out a release on net security[1] - at first glance a mission/vision/values paper, the release page[2] also containing a short video[3]. At first glance, this looks promising -

Re: ISP best practices

On Thu, May 21, 2009 at 12:00:58PM -0400, Joe Abley wrote: However, you're not necessarily doing anybody any favours in making statements like faster, more secure and does IPv6. DNS servers are complicated beasts, and simplistic comparisons are not useful for much (it'd be trivial to

Re: Where to buy Internet IP addresses

On Wed, May 06, 2009 at 10:39:23AM +1000, Karl Auer wrote: On Tue, 2009-05-05 at 15:58 -0400, Ricky Beam wrote: stateless with constant and consistent. SLAAC doesn't need to generate the exact same address everytime the system is started. No - but it is *phenomenally useful* if it

Re: Where to buy Internet IP addresses

On Fri, May 01, 2009 at 02:29:24PM -0400, LEdouard Louis wrote: Optimum Online business only offer 5 static IP address. Where can I buy a block of Internet IP address for Business? How much does it cost? how much is Optimum Online charging you for each of the five?

Re: [Nanog-futures] Fwd: ADMIN: Reminder on off-topic threads

On Thu, Apr 23, 2009 at 09:10:31PM -0400, Joe Abley wrote: On 23 Apr 2009, at 20:55, Jo Rhett wrote: And it wasn't specific. Nanog shouldn't be everything-Jo-wants-to- talk-about or everything-Randy-wants-to-talk-about or anything else. !snork!... rubbing the sleep from

Re: NAT64/NAT-PT update in IETF, was: Re: Important New Requirement for IPv4 Requests [re impacting revenue]

On Thu, Apr 23, 2009 at 08:17:07PM +0800, Adrian Chadd wrote: On Thu, Apr 23, 2009, William Allen Simpson wrote: Some wag around here re-christened it the IVTF (V stands for Vendor, not Victory). ;-) I haven't bothered to go in years If the people with operational experience stop

Re: IPv4 Anycast?

On Tue, Apr 21, 2009 at 11:53:02PM -0700, Zhenkai Zhu wrote: Hello NANOG, I noticed that more than 3K prefixes are with 2 Origin ASes. Are they the simplest cases of anycast? Or they are mainly due to misconfiguration? --- --Zhenkai i honestly don't remember the

Re: Important New Requirement for IPv4 Requests

On Wed, Apr 22, 2009 at 10:17:38AM -0400, Joe Abley wrote: On 21-Apr-2009, at 21:50, bmann...@vacation.karoshi.com wrote: On Tue, Apr 21, 2009 at 08:24:38PM -0400, Ricky Beam wrote: FTP? Who uses FTP these days? Certainly not consumers. Even Cisco pushes almost everything via a

Re: Important New Requirement for IPv4 Requests

On Wed, Apr 22, 2009 at 02:27:14PM +, bmann...@vacation.karoshi.com wrote: On Wed, Apr 22, 2009 at 10:17:38AM -0400, Joe Abley wrote: On 21-Apr-2009, at 21:50, bmann...@vacation.karoshi.com wrote: On Tue, Apr 21, 2009 at 08:24:38PM -0400, Ricky Beam wrote: FTP? Who uses FTP

Re: Important New Requirement for IPv4 Requests

On Tue, Apr 21, 2009 at 08:24:38PM -0400, Ricky Beam wrote: On Tue, 21 Apr 2009 18:40:30 -0400, Chris Adams cmad...@hiwaay.net wrote: SSL and FTP are techincal justifications for an IP per site. No they aren't. SSL will work just fine as a name-based virtual host with any modern webserver

Re: IXP

On Sat, Apr 18, 2009 at 05:30:41AM +, Stephen Stuart wrote: Not sure how switches handle HOL blocking with QinQ traffic across trunks, but hey... what's the fun of running an IXP without testing some limits? Indeed. Those with longer memories will remember that I used to regularly

Re: IXP

On Sat, Apr 18, 2009 at 04:01:41PM +, Paul Vixie wrote: Date: Sat, 18 Apr 2009 10:09:00 + From: bmann...@vacation.karoshi.com ... well... while there is a certain childlike obession with the byzantine, rube-goldburg, lots of bells, knobs, whistles type machines...

Re: IXP

On Sat, Apr 18, 2009 at 09:12:24PM +, Paul Vixie wrote: Date: Sat, 18 Apr 2009 13:17:11 -0400 From: Steven M. Bellovin s...@cs.columbia.edu On Sat, 18 Apr 2009 16:58:24 + bmann...@vacation.karoshi.com wrote: i make the claim that simple, clean design and execution is

Re: IXP

On Fri, Apr 17, 2009 at 10:11:30AM -0400, Sharlon R. Carty wrote: Hello NANOG, I like would to know what are best practices for an internet exchange. I have some concerns about the following; Can the IXP members use RFC 1918 ip addresses for their peering? Can the IXP members use private

Re: IXP - PNI

the vlan tagging idea is a virtualization of the PNI construct. why use an IX when running 10's/100's/1000's of private network interconnects will do? granted, if out of the 120 ASN's at an IX, 100 are exchanging on average - 80KBs - then its likley safe to dump them all into a single physical

Re: IXP - PNI

On Fri, Apr 17, 2009 at 04:52:53PM -0500, Joe Greco wrote: On Fri, 17 Apr 2009, bmann...@vacation.karoshi.com wrote: the vlan tagging idea is a virtualization of the PNI construct. why use an IX when running 10's/100's/1000's of private network interconnects will do? granted, if

Re: US west coast personal colo

On Fri, Apr 17, 2009 at 06:50:42PM -0400, Sean Donelan wrote:A Is anyone still doing personal colo on the west coast? I'm looking for a new home for my personal server on the west coast, and it seems like the economy has taken out most of the old personal colo offers. Even the old web page

Re: Fiber cut in SF area

On Tue, Apr 14, 2009 at 03:41:25AM +0200, Peter Lothberg wrote: There are three solutions to the problem; A: Put a armed soldier every 150ft on the fiber path. B: Make the infrstructure so redundant that cutting things just makes you tired, but nothing hapens. C:

Re: Vandalism Likely ...

at least this year its been changed from Terrorists to Vandals. (when most likley, its over-aggressive metals recyclers who have run out of catalitic converters to steal...) --bill

Re: ISC DLV

On Sun, Apr 05, 2009 at 07:37:15PM +1000, Mark Andrews wrote: The fault has been rectified. We are still looking into the underlying cause and what procedural changes need to be made to prevent a repeat occurance. Mark Andrews, ISC could ISC be a bit more open and transparent on

Re: ISC DLV

On Sun, Apr 05, 2009 at 06:19:35AM -1000, David Conrad wrote: On Apr 5, 2009, at 12:09 AM, bmann...@vacation.karoshi.com wrote: On Sun, Apr 05, 2009 at 07:37:15PM +1000, Mark Andrews wrote: The fault has been rectified. We are still looking into the underlying cause and what procedural

Re: Redundant AS's

On Sun, Mar 22, 2009 at 10:56:06PM +, Nick Hilliard wrote: On 21/03/2009 16:36, bmann...@vacation.karoshi.com wrote: er... 'parm me sir, but aren't -all- ASNs 4 bytes? i mean, for lo these many years we cheated and only used the first two bytes... but the spec always

Re: REVERSE DNS Practices.

the 20th or 21st century answer? if you really don't care about the actual node, then you should map the numbers to topologically significant names - after all, the reverse map follows topology, not some goofball - layer 9 - ego trip thing. or - the more modern approach is to let the node

Re: Redundant AS's

On Sat, Mar 21, 2009 at 08:44:23AM -0700, Randy Bush wrote: perhaps there is a lesson here. move on to 4-byte asns. randy er... 'parm me sir, but aren't -all- ASNs 4 bytes? i mean, for lo these many years we cheated and only used the first two bytes... but the

Re: XKL

you mean these guys? http://inwap.com/pdp10/td-1b.html --bill (who is almost certainly experiencing Charles Bonet Syndrome) On Wed, Feb 11, 2009 at 10:33:48AM -0600, Sutterfield, Brian wrote: Does anyone have any experience using the DXM from XKL for DWDM deployments? Any feedback

Re: IP networks will feel traffic pain in 2009 (C|Net Cisco)

Cisco VNI projections indicate that IP traffic will increase at a combined annual growth rate (CAGR) of 46 percent from 2007 to 2012, nearly doubling every two years. This will result in an annual bandwidth demand on the world's IP networks of approximately 522 exabytes2, or more than half a

orphan kit?

Nortel board of directors vote to file bankruptcy http://www.nortel.com/corporate/restructuring.html

Re: Anyone notice strange announcements for 174.128.31.0/24

welcome to the joys of anycast... :) --bill On Wed, Jan 14, 2009 at 09:50:39AM -0600, Michienne Dixon wrote: Interesting - So as a cyber criminal - I could setup a router, start announcing AS 16733, 18872, and maybe 6966 for good measure and their routers would ignore my announcements and

Re: Ethical DDoS drone network

On Sun, Jan 04, 2009 at 09:55:20PM -0600, Gadi Evron wrote: A legal botnet is a distributed system you own. A legal DDoS network doesn't exist. The question is set wrong, no? kind of depends on what the model is. a botnet for hire to red-team my network might be just the

Re: What is the most standard subnet length on internet

On Tue, Dec 23, 2008 at 02:08:25PM +1300, Nathan Ward wrote: On 23/12/2008, at 1:31 PM, Seth Mattinen wrote: Anyone running a platform that can't take a full table would apply such a filter to weed out anyone who likes to announce all of their space as /24's for traffic engineering. If one

Re: What is the most standard subnet length on internet

On Fri, Dec 19, 2008 at 02:40:47AM +, l l9l
wrote: However, what I am really wondering is what is the most standard subnet length that always can be guaranteed through Internet. less than /24 bit ? while one can get away w/ /24s (if that is all one has) for many places,

Public Assertions

On Thu, Oct 16, 2008 at 10:31:21PM -0400, Dean Anderson wrote: (Manning and Woodcock have so far refused to accept the certified letters) and then sometime in the past 5 days, you posted a comment to DoC here; http://www.ntia.doc.gov/dns/dnssec.html that states: Bill Manning refused to

Re: Public Assertions

On Tue, Nov 25, 2008 at 08:56:43AM -0800, Bill Woodcock wrote: On Tue, 25 Nov 2008 [EMAIL PROTECTED] wrote: If I may... I am in possesion of your certified letter -AND- the signed acknowledgement that you received notice that I have taken

Re: NTP Md5 or AutoKey?

On Mon, Nov 03, 2008 at 10:23:07PM -0800, Paul Ferguson wrote: On Mon, Nov 3, 2008 at 10:15 PM, Glen Kent [EMAIL PROTECTED] wrote: Hi, I was wondering what most folks use for NTP security? Do they use the low cost, light weight symmetric key cryptographic protection method using MD5

breadcrumbs and collusion

NANOG makes a fine archive of discoverable material in a court case intending to show collusion to drive folks out of business. One presumes that each ISP here has some form of AUP and rules on self-preservation roughly along the lines of if there is material impact to my network or my

carpet sellers

On Thu, Sep 25, 2008 at 02:26:28PM -0400, [EMAIL PROTECTED] wrote: Of course, there's a discount carpet dealer in the area, has a big sign out front We will not be knowingly undersold. Nice wording, that... once burned, twice shy. --bill

Re: ARIN Routing Registry vs RADB vs X

On Thu, Sep 25, 2008 at 05:38:26PM -0500, Craig Holland wrote: Hi, I recently ran across a situation where a large ISP only accepts IRR entries generated by RADB to build their path filters. I use the ARIN Routing Registry. Is this a common practice? Should I convert over to RADB?

Re: hat tip to .gov hostmasters

On Mon, Sep 22, 2008 at 10:52:42AM -0400, Jason Frisvold wrote: On Mon, Sep 22, 2008 at 10:34 AM, Scott Francis [EMAIL PROTECTED] wrote: nice to see a wholesale DNSSEC rollout underway (I must confess to being a little surprised at the source, too!). Granted, it's a much more manageable

Re: hat tip to .gov hostmasters

On Mon, Sep 22, 2008 at 11:11:40AM -0400, Keith Medcalf wrote: Correct, you need a validating, security-aware stub resolver, or the ISP needs to validate the records for you. That would defeat the entire purpose of using DNSSEC. In order for DNSSEC to actually provide any improvement

Re: hat tip to .gov hostmasters

On Mon, Sep 22, 2008 at 05:24:00PM +0200, Florian Weimer wrote: * marcus sachs: While we wait for applications to become DNSSEC-aware, Uhm, applications shouldn't be DNSSEC-aware. Down that road lies madness. What should an end user do when the browser tells him, Warning: Could not

Re: hat tip to .gov hostmasters

The end-stage is secure only if at that stage you also set all DNS infrastructure to refuse to talk to any DNS client/server/resolver that DOES NOT validate and enforce DNSSEC. Up until that point in time, there is NO CHANGE in the security posture from what we have today with no DNSSEC

Re: hat tip to .gov hostmasters

On Mon, Sep 22, 2008 at 12:06:57PM -0400, Edward Lewis wrote: At 15:30 + 9/22/08, [EMAIL PROTECTED] wrote: data. We never finished the discussion on fail/open fail/closed wrt DNSSEC. And I'd bet a dollar we never will finish that discussion. --

Re: hat tip to .gov hostmasters

On Mon, Sep 22, 2008 at 12:14:53PM -0400, Keith Medcalf wrote: If I cannot authenticate the data myself, then it is simply untrusted and untrustworthy -- exactly the same as it is now. so I guess PGP web of trust is right out, then? [elided] If there is a piece of data X signed

Re: Procedure to Change Nameservers

On Thu, Sep 18, 2008 at 07:31:37PM -0400, Jay R. Ashworth wrote: - Crist Clark [EMAIL PROTECTED] wrote: I want to change the nameservers for a bunch of domains. Really, all I want to do is change the IP address, but it seems easier just to change both the name and IP to avoid any

Re: an effect of ignoring BCP38

On Sun, Sep 07, 2008 at 07:43:41PM +1200, Randy Bush wrote: http://www.caida.org/workshops/wide/0808/slides/measuring_reverse_paths.pdf great work on a tough problem yes, but would it work if we all did BCP38 filtering? --bill

Re: [Fwd:] Nvidia NICs with duplicate mac addresses

it was real. (I still ahve some 3c503's with the problem :) this is one reason why it is so important to be able to override the MAC. --bill On Fri, Sep 05, 2008 at 10:53:28AM -0400, Scott Berkman wrote: This reminds me of a story I was told a while back that there was a batch of 3com

Re: 198.32.64.12 -- Harmless mis-route or potential exploit?

well, actually this was the IP address used for l.root-servers.net from 1998-2008. so i guess you could say its never been used for anything. we are not currently routing that prefix and there should currently be nothing at that IP address. --bill On Tue, Sep 02, 2008 at 06:24:21PM

Re: 198.32.64.12 -- Harmless mis-route or potential exploit?

On Wed, Sep 03, 2008 at 10:00:41AM -0400, Christopher Morrow wrote: On Wed, Sep 3, 2008 at 8:48 AM, [EMAIL PROTECTED] wrote: On Tue, Sep 02, 2008 at 10:08:10PM -0400, Christopher Morrow wrote: On 9/2/08, Todd Underwood [EMAIL PROTECTED] wrote: checking our current data, that block is

Re: GLBX De-Peers Intercage [Was: RE: Washington Post: Atrivo/Intercag e, w hy are we peering with the American RBN?]

On Mon, Sep 01, 2008 at 05:36:47AM -0400, [EMAIL PROTECTED] wrote: Serious question, that - how many long-haul providers would be in serious trouble if all the spam and filesharing suddenly stopped and only legitimate traffic travelled through their pipes? define legitimate --bill

Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?

On Sat, Jul 26, 2008 at 03:05:18PM -0500, Joe Greco wrote: what i do not understand is why people think screaming to the choir will make any significant difference? And Paul's absolutely correct, this is not something where we can afford to let that happen. Paul is correct if

Re: Paul Vixie: Re: [dns-operations] DNS issue accidentally leaked?

On Sat, Jul 26, 2008 at 05:47:54PM -0400, Sean Donelan wrote: On Sat, 26 Jul 2008, [EMAIL PROTECTED] wrote: there you go. the massive effort to patch would likley have better been spent to actually -sign- the stupid zones and work out key distribution. but no... running around

Re: So why don't US citizens get this?

well... hard to tell... Secure Connection Failed asahi-net.jp uses an invalid security certificate. The certificate is not trusted because the issuer certificate is not trusted. that said, can I get FIOS w/o any other Verizon crap? I just want the fiber transport

Re: DNS and potential energy

On Mon, Jun 30, 2008 at 07:19:45PM +0100, Tony Finch wrote: On Sun, 29 Jun 2008, [EMAIL PROTECTED] wrote: one might legitimately argue that ICANN is in need of some serious regulation that can happen at that national level or on the international level. Doesn't

DNS and potential energy

On Sun, Jun 29, 2008 at 02:14:58PM -0400, Joe Abley wrote: The only decision that is required is whether new generic top-level domains are desired. If not, do nothing. Otherwise, shake as much energy into the system as possible and sit back and let it find its own steady state. Joe

Re: DNS and potential energy

this may actually be the straw that triggers a serious redesign of the Internet's lookup system(s)... if not this, then IPv6 has a good chance. Incremental changes are good - are stable (usually), and often can be compartmentalized. But sometimes - revolutionary changes are needed. and if

Re: .255 addresses still not usable after all these years?

On Fri, Jun 13, 2008 at 03:08:47PM -0400, David Hubbard wrote: I remember back in the day of old hardware and operating systems we'd intentionally avoid using .255 IP addresses for anything even when the netmask on our side would have made it fine, so I just thought I'd try it out for kicks

Re: OLD root server IP addresses through history

On Mon, Jun 02, 2008 at 02:53:26PM -0400, Sean Donelan wrote: http://www.donelan.com/dnstimeline.html 1 Jun 1990 NIC.DDN.MIL 26.0.0.73 root service ends (last original root server) it would much more helpful to have citations for your dates. --bill

nanog precursors

http://www.nsfnet-legacy.org/webcast --bill

off topic post

if you are coming to ABQ and would like to help me out on a small project, please drop me a line BEFORE you leave. --bill

two questions - SWAG answers entertained

one: AS hop count for average e2e packet flow, eg. from origin to destination, how many ASN's will a packet traverse? two: number/location of IX that monitor/forbid transit across exchange fabric? --bill (doing grunt work for a study on Landauer Entropy)

Re: AUP modification - full first and last names

well... i guess i should stop posting then. --bill

Re: IPv6 Advertisements

On Tue, May 29, 2007 at 06:14:51PM +0100, Brandon Butterworth wrote: You get one shot at fixed prefix size filters, miss and you'll pay forever. Which is more scarce, /32's or routing table entries. your first lema is false. and RTE are more scarce. brandon let

<    1   2   3   4