, or failing, leaving motorists
stranded, etc,
thus spending time not updating the design to incorporate beneficial,
new standards.
randy
--
-JH
Have a nice day,
Leen.
Doesn't really matter who gets what, because no one is going to route
anything larger than a /8 anyway, particularly the RIR allocations. Just
kinda fun to think about :-)
-Randy
How about when HP/Compay/DEC buys Apple or the other way around ? ;-)
They could do so in theory anyway.
a good alternative yet.
Fully support StartSSL and RIPE for trying to lower the bar for more
security.
Have a nice weekend,
Leen.
On 01/25/2011 11:06 PM, Owen DeLong wrote:
640k ought to be enough for anyone.
If IPv4 is like 640k, then, IPv6 is like having 47,223,664,828,696,452,136,959
terabytes of RAM. I'd argue that while 640k was short sighted, I think it is
unlikely we will see machines with much more than a
On 01/15/2011 11:06 PM, Stephen Davis wrote:
I'm a full supported for getting rid of NAT when deploying IPv6, but
have to say the alternative is not all that great either.
Because what do people want, they want privacy, so they use the
IPv6 privacy extensions. Which are enabled by default on
On 01/15/2011 02:01 AM, George Bonser wrote:
From: William Herrin
Sent: Friday, January 14, 2011 4:11 PM
To: nanog@nanog.org
Subject: Re: Is NAT can provide some kind of protection?
On Fri, Jan 14, 2011 at 2:43 PM, Owen DeLong o...@delong.com wrote:
Ah, but, the point here is that NAT
On 01/15/2011 03:01 PM, Joel Jaeggli wrote:
On 1/15/11 1:24 PM, Leen Besselink wrote:
I'm a full supported for getting rid of NAT when deploying IPv6, but
have to say the alternative is not all that great either.
Because what do people want, they want privacy, so they use the
IPv6 privacy
On 01/09/2011 07:46 AM, Matthew Kaufman wrote:
On 1/8/2011 3:16 AM, Leen Besselink wrote:
Hello Mr. Kaufman,
In the upcoming years, we will have no IPv6 in some places and badly
performing IPv4 (CGN, etc.) with working IPv6 in others.
Right. So we're discussing just how badly performing
and slides should show up on the list soon:
http://media.ccc.de/tags/27c3.html
(because of audio transcoding issues some videos are not online right
now, if you ask me nicely I could mail a link for the video from before
they took it down)
Have a nice day,
Leen Besselink.
On 12/01/2010 10:41 PM, Randy Bush wrote:
the more i think about this, the more i am inclined to consider a second
trusted root not (easily) attackable by the usg, who owns the root now,
or the acta vigilantes. as dissent becomes less tolerated, let alone
supported, we may want to attempt to
On 11/02/2010 01:26 PM, Tim Franklin wrote:
About the only hack I can see that *might* make sense would be that
home CPE does NOT honour the upstream lifetimes if upstream
connectivity is lost, but instead keeps the prefix alive on very
short lifetimes until upstream connectivity returns.
On 10/21/2010 09:25 PM, George Bonser wrote:
However, consider the fact that there will be v6 only hosts popping up
after IANA/RIR/ISP exhaustion. There will be new entrants in the
public
internet space that cannot obtain v4 addresses and will be reachable
via v6
only ...
Yep, you can't do
to
this by hand for a long time for a lot of contacts.
The good thing about using a unique e-mail address instead of a password
is that you can block at the SMTP-level, without even receiving an
e-mail body.
Have a nice day,
Leen.
each potential person that can send email to your email address, gets
On 09/12/2010 08:42 AM, Antonio Querubin wrote:
On Sat, 11 Sep 2010, Jared Mauch wrote:
I would be careful actually using teredo, as some of them (eg:
Microsoft) have swaths of native IPv6 networks that are unreachable.
While I would agree in principle, in practice we have little control
On 08/28/2010 11:39 AM, Saku Ytti wrote:
On (2010-08-28 18:20 +0900), Randy Bush wrote:
a bgp regression suite would not have caught this as it was not a
repeat. but it sure would be useful to implementors.
Naturally 'proving' that non-trivial software works is practically
On 08/28/2010 01:52 PM, Thomas Mangin wrote:
My point was not about crafted bgp message to test border cases - this is
what one would expect in a regression suite.
It is about the use of a fuzzer to corrupt packet when you then do not know
if the router is then behaving correctly or not.
On 08/21/2010 02:08 AM, Brandon Ross wrote:
On Fri, 20 Aug 2010, Ricky Beam wrote:
I think it's almost universally disabled (by default) everywhere in
IPv4 purely for security (traffic interception.)
Okay, I'll ask again. Exactly how does disabling ICMP redirects on my
router prevent
On 08/19/2010 07:58 PM, Joakim Aronius wrote:
* Joel Jaeggli (joe...@bogus.com) wrote:
manual configuration of ip address name mappings seems like a rather low
priority for the average home user...
I don't expect that will be a big activity in the future either, more
devices means less
On 07/28/2010 02:21 AM, valdis.kletni...@vt.edu wrote:
That plus the phrase restarting the Internet is more than a little bit
misleading.
If you think that is misleading, you would want to see this article:
http://www.metro.co.uk/news/836210-brit-given-a-key-to-unlock-the-internet
By
Eventually ARIN (or someone else will do it for them) may create a site
you can register your address and know that it really is unique
among participating registrants. Random is fine, unique is better.
Such a site would be the seed for when (if) we come up with the tech
for everyone to have
On Wed, Apr 21, 2010 at 10:49:07AM -0300, Claudio Lapidus wrote:
Hello all,
Hello Claudio,
At our ISP operation, we are seeing increasing levels of traffic in our
outgoing MTA's, presumably due to spammers abusing some of our subscribers'
accounts. In fact, we are seeing connections from
On Wed, Apr 21, 2010 at 10:05:34AM -0400, Mike Walter wrote:
We have had very good luck with using port 587 and requiring the users
to authenticate to send email from outside our network.
Inside customers, we have not changed to force port 587 and
authentication for email clients, but the
On 04/20/2010 09:31 PM, Roger Marquis wrote:
Jack Bates wrote:
.01%? heh. NAT can break xbox, ps3, certain pc games, screw with various
programs that dislike multiple connections from a single IP, and the
crap load of vpn clients that appear on the network and do not support
nat traversal
On 04/19/2010 07:45 PM, Bill Bogstad wrote:
On Mon, Apr 19, 2010 at 1:14 PM, Mohacsi Janosmoha...@niif.hu wrote:
On Mon, 19 Apr 2010, Bill Bogstad wrote:
On Mon, Apr 19, 2010 at 12:10 PM, Frank Bulk - iName.com
frnk...@iname.com wrote:
Don't forget the home gateway
On 04/03/2010 07:39 PM, valdis.kletni...@vt.edu wrote:
On Sat, 03 Apr 2010 08:06:44 EDT, Jeffrey Lyon said:
For small companies the cost of moving to IPv6 is far too great,
especially when we rely on certain DDoS mitigation gear that does not
yet have an IPv6 equivalent.
So? How
Not comparing this to the former-DDR or Chinese situation (please refer
to my tin-foil remark above) a per-country specific prefix is not
necessarily a bad thing and may even have an upside.
Care to explain what that could possibly be? (I simply don't see an
upside to making it easy to
On 03/02/2010 11:46 PM, Richard Barnes wrote:
Care to explain what that could possibly be? (I simply don't see an
upside to making it easy to censor the internet by national identity).
Maintenance of GeoIP-databases becomes easier and less error-prone ?
Possible less out of date
On 01/29/2010 08:30 PM, Robert D. Scott wrote:
Looks like an internal problem to BoA. The redirect works, and I get an
immediate reply. The https redirect page appears boinked. Even with a -k
curl took over 30 seconds to get the page, and the browser would have timed
out.
Hi,
Just noticed
On 12/15/2009 09:53 PM, Seth Mattinen wrote:
Babak Pasdar wrote:
Dear List,
I am getting a big push from Cogent on their full GigE for $1.50 per
circuit. What are your experiences with Cogent in general? If on
the fence, how would you use their service for this deal to make sense?
Keith Medcalf wrote:
... Dont know what web 2.0 is but the new portal is a web based
object management system complete
with recommended changes and inconsistency lists.
We just added prefix allocation check with backend information
from PCH (prefix checker tool).
Web 2.0 is marketroid
It's worth noting that despite higher voltages here there aren't more
deaths or injuries - but maybe it's because people take it more
seriously. Admittedly no one I know is nuts enough to use body parts
for liveness testing.
(sorry for being kinda late in this discussion)
I've never felt
mike wrote:
Well,
Our operation uses linux everywhere and we have our own in house tiny
embedded flavor with all the tools and things that make it suited for
use in big and small boxes as many kinds of router and general packet
flipping appliance. I have confidence built on long term,
William Warren wrote:
On 2/19/2009 9:37 AM, Ryan Harden wrote:
While you could probably build a linux router that is just as fast as a
real hardware router, you're always going to run into the moving pieces
part of the equation.
In almost all scenarios, moving parts are more prone to
Ray Burkholder wrote:
In scaling upward. How would a linux router even if a kernel guru were
to tweak and compile an optimized build, compare to a 7600/RSP720CXL or
a Juniper PIC in ASIC? At some point packets/sec becomes a limitation I
would think.
Is anyone building linux/bsd-box add-on
implementations though, haven't had the time to check yet.
Bye,
Raymond.
See you again,
Leen.
Mark Andrews wrote:
(or just pre-populate the DNS with DHCP-2001-9A98-D247-{5more}.ISP.com
and be
done with it like many places do for IPv4)
Which still leaves the problem of how does the machine get its
name in a trusted manner.
I don't know about that, but I do have an
- Original Message -
From: aljuhani i...@linuxmount.com
Subject: Re: Tightened DNS security question re: DNS amplification
attacks.
To: nanog na...@merit.edu
Well the RBLs, in using dns queries, is another form of legal DDoS attacks,
mainly when the
suddenly cease to
37 matches
Mail list logo
