Re: Using private APNIC range in US
On Thu, 2010-03-18 at 14:50 -0400, Daniel Senie wrote:
As you note, debugging this type of thing is often not intuitive, as
everything appears to work from almost everywhere
I got curious yesterday and set off a couple (very slow {option -T0},
very polite, very restrictive) nmap single port scans of a few lumps of
1.0.0.0/22 yesterday, but couldn't see much out there due to my several
of our ISPs internal boxes.
It looks like chaos-squared out there. I don't envy anyone fathoming
that stuff out for real.
Still, that said, the transition to fully signed roots seems to be going
along without too much breakage (I think/hope!) so maybe only time will
tell how much this latest block release will give trouble longterm.
Gord
--
rockin ze chair mit Davey Graham to Banshee from rackserver-2
Re: Using private APNIC range in US
On Fri, 2010-03-19 at 06:08 +, gordon b slater wrote: It looks like chaos-squared out there. I don't envy anyone fathoming that stuff out for real. clarification: `chaos` due to our ISP running internal boxes on the range in question, rather than external chaos. The implication being: if it's looping around inside the customers ISP then there's not much hope of easy troubleshooting, Gord -- sig nal generator
Re: NSP-SEC
On Thu, Mar 18, 2010 at 8:43 PM, Guillaume FORTAINE gforta...@live.com wrote: Misses, Misters, You forgot the ballers, shot callers, brawlers, those who dippin' in the benz with the spoilers. [0] I would want to inform you that the security of the Internet, that is discussed in the NSP-SEC mailing-list [0] by a selected group of vendors (Cisco, Juniper Arbor) [1] and operations contacts of the big ISPs [2] : I personally believe that that U.S. Americans are unable to do so because, uh, some people out there in our nation don't have maps and, uh, I believe that our, uh, education like such as in South Africa and, uh, the Iraq, everywhere like such as, and, I believe that they should, our education over here in the U.S. should help the U.S., uh, or, uh, should help South Africa and should help the Iraq and the Asian countries, so we will be able to build up our future, for our children. [1] 1) applies the Security through Obscurity paradigm that has been proven inefficient [3]. To quote [4] : When the Sun shines upon Earth, 2 - major Time points are created on opposite sides of Earth - known as Midday and Midnight. Where the 2 major Time forces join, synergy creates 2 new minor Time points we recognize as Sunup and Sundown. The 4-equidistant Time points can be considered as Time Square imprinted upon the circle of Earth. In a single rotation of the Earth sphere, each Time corner point rotates through the other 3-corner Time points, thus creating 16 corners, 96 hours and 4-simultaneous 24 hour Days within a single rotation of Earth - equated to a Higher Order of Life Time Cube. [2] First question : Why was I able to find this mail on the Internet if it should be kept secret ? ELMSFORD 12 GALAXIES CESJROGENICAL ERGONOMICS NBC: XOXPHROZENIGUL COVERAGE WASPROVENIKIL ADMONISHMENTS MINUSCULE STRATOSPHERICAL [3] Second question : Do you still ask yourself why the Internet is so insecure ? [10] http://www.youtube.com/watch?v=GkMvKeX7erI [4] I am also curious [5], is OBESUS [6] the new IASON [7]? Are you Peter and Karin Dambier [8]? Drive Slow [9], Paul WALL [10] [0] http://www.lyricsmode.com/lyrics/p/p_diddy/all_about_the_benjamins.html [1] http://en.wikipedia.org/wiki/Caitlin_Upton [2] http://en.wikipedia.org/wiki/Time_cube [3] http://en.wikipedia.org/wiki/Frank_Chu [4] http://en.wikipedia.org/wiki/List_of_recurring_characters_in_The_Simpsons#Crazy_Cat_Lady [5] http://www.merriam-webster.com/dictionary/curious [6] http://mailman.nanog.org/pipermail/nanog/2010-March/019518.html [7] http://iason.site.voila.fr/ [8] http://www.peter-dambier.de/ [9] http://en.wikipedia.org/wiki/Drive_Slow [10] http://en.wikipedia.org/wiki/Paul_Wall
Re: NSP-SEC
On Fri, 19 Mar 2010 04:43:18 +0100 Guillaume FORTAINE gforta...@live.com wrote: First question : Why was I able to find this mail on the Internet if it should be kept secret ? nsp-security was originally formed out of the dissatisfaction with other so-called private collaborative channels back when it was formed a number of years ago. There are many more lists and groups that have since formed along the same lines. The existence of nsp-security is no secret and there has been a small number of leaks, that is, mail primarily, that was not meant to be forwarded or copied outside the list that had been. Its been far from perfect from both a secretive standpoint and policy standpoint, but compared to what existed before it, it has proved useful from time to time. The ISP Security BoF/Track meetings at NANOG grew out of the nsp-security effort and those are open to any NANOG attendee. One thing groups like this has perhaps most helped with is building one-to-one relationships between colleagues. Groups like nsp-security help you to learn who the trusted and reliable contacts are at various organizations. An ongoing area of work is to build better closed, trusted communities without leaks. Its still an ongoing problem. Thats why many times really sensitive work gets done in even smaller ad-hoc groups or on a one-to-one basis. John
Re: NSP-SEC
I'd like to nominate this for the Best of Nanog 2010. In a message written on Fri, Mar 19, 2010 at 02:50:37AM -0700, Paul WALL wrote: On Thu, Mar 18, 2010 at 8:43 PM, Guillaume FORTAINE gforta...@live.com wrote: Misses, Misters, You forgot the ballers, shot callers, brawlers, those who dippin' in the benz with the spoilers. [0] I would want to inform you that the security of the Internet, that is discussed in the NSP-SEC mailing-list [0] by a selected group of vendors (Cisco, Juniper Arbor) [1] and operations contacts of the big ISPs [2] : I personally believe that that U.S. Americans are unable to do so because, uh, some people out there in our nation don't have maps and, uh, I believe that our, uh, education like such as in South Africa and, uh, the Iraq, everywhere like such as, and, I believe that they should, our education over here in the U.S. should help the U.S., uh, or, uh, should help South Africa and should help the Iraq and the Asian countries, so we will be able to build up our future, for our children. [1] 1) applies the Security through Obscurity paradigm that has been proven inefficient [3]. To quote [4] : When the Sun shines upon Earth, 2 - major Time points are created on opposite sides of Earth - known as Midday and Midnight. Where the 2 major Time forces join, synergy creates 2 new minor Time points we recognize as Sunup and Sundown. The 4-equidistant Time points can be considered as Time Square imprinted upon the circle of Earth. In a single rotation of the Earth sphere, each Time corner point rotates through the other 3-corner Time points, thus creating 16 corners, 96 hours and 4-simultaneous 24 hour Days within a single rotation of Earth - equated to a Higher Order of Life Time Cube. [2] First question : Why was I able to find this mail on the Internet if it should be kept secret ? ELMSFORD 12 GALAXIES CESJROGENICAL ERGONOMICS NBC: XOXPHROZENIGUL COVERAGE WASPROVENIKIL ADMONISHMENTS MINUSCULE STRATOSPHERICAL [3] Second question : Do you still ask yourself why the Internet is so insecure ? [10] http://www.youtube.com/watch?v=GkMvKeX7erI [4] I am also curious [5], is OBESUS [6] the new IASON [7]? Are you Peter and Karin Dambier [8]? Drive Slow [9], Paul WALL [10] [0] http://www.lyricsmode.com/lyrics/p/p_diddy/all_about_the_benjamins.html [1] http://en.wikipedia.org/wiki/Caitlin_Upton [2] http://en.wikipedia.org/wiki/Time_cube [3] http://en.wikipedia.org/wiki/Frank_Chu [4] http://en.wikipedia.org/wiki/List_of_recurring_characters_in_The_Simpsons#Crazy_Cat_Lady [5] http://www.merriam-webster.com/dictionary/curious [6] http://mailman.nanog.org/pipermail/nanog/2010-March/019518.html [7] http://iason.site.voila.fr/ [8] http://www.peter-dambier.de/ [9] http://en.wikipedia.org/wiki/Drive_Slow [10] http://en.wikipedia.org/wiki/Paul_Wall -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ pgpoJhyNIVl4x.pgp Description: PGP signature
Re: NSP-SEC
On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote: An ongoing area of work is to build better closed, trusted communities without leaks. Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit. Just saying. William
Re: NSP-SEC
On Fri, 19 Mar 2010 06:42:44 PDT, Leo Bicknell said: I'd like to nominate this for the Best of Nanog 2010. Amen to that. As the Jargon File says, C|NK. Unfortunately, I was eating breakfast, and it was corn flakes not coffee. Ouch. pgpxfLFPGhvAM.pgp Description: PGP signature
Re: NSP-SEC
Total transparency in security matters works about as well as it would for law enforcement: fine for tactical concerns, but not so great for long-term strategic concerns. -David Barak On Fri Mar 19th, 2010 9:44 AM EDT William Pitcock wrote: On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote: An ongoing area of work is to build better closed, trusted communities without leaks. Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit. Just saying. William
Re: NSP-SEC - should read Integrity
On Fri, Mar 19, 2010 at 08:44:29AM -0500, William Pitcock wrote: On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote: An ongoing area of work is to build better closed, trusted communities without leaks. Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit. I thnk I'd settle for operators with Integrity. those who do what they say. --bill
Cogent outage yesterday
All: Does anyone know anything about a Cogent outage yesterday? Thanks, Lorell Hathcock
RE: NSP-SEC - should read Integrity
There are some out there..Infragard?(shrugs shoulders).. -Original Message- From: bmann...@vacation.karoshi.com [mailto:bmann...@vacation.karoshi.com] Sent: Friday, March 19, 2010 9:57 AM To: William Pitcock Cc: nanog@nanog.org Subject: Re: NSP-SEC - should read Integrity On Fri, Mar 19, 2010 at 08:44:29AM -0500, William Pitcock wrote: On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote: An ongoing area of work is to build better closed, trusted communities without leaks. Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit. I thnk I'd settle for operators with Integrity. those who do what they say. --bill
Open Security (was Re:[a string that stops delivery here])
On 3/19/2010 08:44, William Pitcock wrote: On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote: An ongoing area of work is to build better closed, trusted communities without leaks. Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit. Just saying. It is clear that our security would be much improved if our politicians had to operate out in the open. -- Democracy: Three wolves and a sheep voting on the dinner menu. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: NSP-SEC - should read Integrity
On Mar 19, 2010, at 9:56 AM, bmann...@vacation.karoshi.com wrote: On Fri, Mar 19, 2010 at 08:44:29AM -0500, William Pitcock wrote: On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote: An ongoing area of work is to build better closed, trusted communities without leaks. Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit. I thnk I'd settle for operators with Integrity. those who do what they say. If we had that, no secrecy would be needed. But anyone who thinks publishing everything we learn about the miscreants is a Good Idea, has never tried to take out a botnet or snow-shoe spammer or Secrecy sucks. If you think those keeping secrets enjoy it[*], you just haven't been bored to tears by working one of these issues. Seriously, most of the work is mind numbingly horrible, and I have nothing but the utmost respect for people who do it on a regular basis. (In case it is not clear, I do not have to do it often, and for that I think whatever ghods there may be.) Put another way: Do not dis those that make the Internet safer for you. They spend time, effort, and money - frequently their own - and risk much more (ever been sued by a spammer?). In return, they often get nothing. Before you question (and to be clear, I am not saying you should not question), offer to help and see things from their side. -- TTFN, patrick [*] I'm sure there are a few who get off on the thrill. But that's the exception, not the rule.
Re: NSP-SEC
On Fri, 19 Mar 2010 04:43:18 BST, Guillaume FORTAINE said: First question : Why was I able to find this mail on the Internet if it should be kept secret ? Congratulations. You found an example of a mailing list where applying a standard disclaimer by default *does* make sense, which then got forwarded *by a coordination team leader at a national CERT* to an appropriate forum so that action could be taken, but failed to take the disclaimer off the bottom of that posting. Double bonus points for finding a posting that discussed something *really* sensitive, like we've seen bots connecting to You *do* realize that there's an estimated 140,000,000 bots on the net, right, and as a result, some operation lists have *dozens* of bots spotted connecting to postings *per day*. And you wonder why you have a hard time being taken seriously. pgp3Jpqo6VoVi.pgp Description: PGP signature
Re: Using private APNIC range in US
I love war stories. I once got chewed out by a colleague ? from another organization because we were using their address space. We were using 10.0.0.0/8. Explanation of NAT and RFC1918 was met with a deer in the headlights look. On Fri, Mar 19, 2010 at 12:04 AM, Matt Shadbolt matt.shadb...@gmail.com wrote: I once had a customer who for some reason had all their printers on public addresses they didn't own. Not advertising them outside, but internally whenever a user browsed to a external site that happened to be one of the addresses used, they would just receive a HP or Konica login page :) They didn't mind though. No idea if they've changed it since. On Fri, Mar 19, 2010 at 6:41 AM, Larry Sheldon larryshel...@cox.net wrote: On 3/18/2010 14:30, William Allen Simpson wrote: On 3/18/10 2:35 PM, Jared Mauch wrote: Does anyone know if the University of Michigan or Cisco are going be updating their systems and documentation to no longer use 1.2.3.4 ? http://www.google.com/search?q=1.2.3.4+site%3Acisco.com I know that the University of Michigan utilize 1.2.3.4 for their captive portal login/logout pages as recently as monday when I was on the medical campus. Dunno about cisco. med.umich.edu seems to run their own stuff, separately from umich.edu, and quite badly. I've complained about their setup repeatedly over the past several years. No traction. Is it something about Medical Schools? When we were first putting together the campus network, Surgery was running a Token Ring (I thought Vampire Tap was a fitting item for their inventory) running in Class D space as I recall. Should we try again, jointly? ;-) Towards the end, there were people who insisted I must rout their net to the Internets. I declined. -- Democracy: Three wolves and a sheep voting on the dinner menu. (A republic, using parliamentary law, protects the minority.) Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml -- = Charles L. Mills Westmoreland Co. ARES EC Amateur Radio Callsign W3YNI Email: w3y...@gmail.com
RE: NSP-SEC
IMHO, I think you have it backwards. I see strategic discussions (like new crypto algorithms, technologies, initiatives, etc) should be open to public debate, review, and scrutiny. But operational/tactical discussions (like new malware, software exploits, virus infected hosts, botnets, etc) don't need public review. Rather, those types of communications should be streamlined that would allow for quick resolution. -Original Message- From: David Barak [mailto:thegame...@yahoo.com] Sent: Friday, March 19, 2010 8:55 AM To: neno...@systeminplace.net; j...@cymru.com Cc: nanog@nanog.org Subject: Re: NSP-SEC Total transparency in security matters works about as well as it would for law enforcement: fine for tactical concerns, but not so great for long-term strategic concerns. -David Barak On Fri Mar 19th, 2010 9:44 AM EDT William Pitcock wrote: On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote: An ongoing area of work is to build better closed, trusted communities without leaks. Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit. Just saying. William
Re: NSP-SEC
On Fri, 19 Mar 2010 10:08:55 CDT, Adam Stasiniewicz said: IMHO, I think you have it backwards. I see strategic discussions (like new crypto algorithms, technologies, initiatives, etc) should be open to public debate, review, and scrutiny. But operational/tactical discussions (like new malware, software exploits, virus infected hosts, botnets, etc) don't need public review. Reducto ad absurdum: The police don't usually phone ahead to a suspect and say We're planning to stop by around 4PM and execute a search warrant, so please don't destroy any evidence before then, ktxbai pgpXVRUB61uB2.pgp Description: PGP signature
RE: NSP-SEC
--- On Fri, 3/19/10, Adam Stasiniewicz a...@adamstas.com wrote: IMHO, I think you have it backwards. I see strategic discussions (like new crypto algorithms, technologies, initiatives, etc) should be open to public debate, review, and scrutiny. But operational/tactical discussions (like new malware, software exploits, virus infected hosts, botnets, etc) don't need public review. Rather, those types of communications should be streamlined that would allow for quick resolution. Fair point - I was using strategic in the law enforcement with things like long-term undercover investigation in mind, but your point is well taken. I think we agree that some things benefit from increased transparency and other things don't. David Barak Need Geek Rock? Try The Franchise: http://www.listentothefranchise.com
Re: NSP-SEC
On 3/19/10 6:42 AM, Leo Bicknell wrote: I'd like to nominate this for the Best of Nanog 2010. I'd like to second/third/whatever that nomination as well. :) Epic win. Not only did it make me fall off the chair laughing, but I highly doubt Fortaine will understand why its so funny. Paul, remind me if I ever get into politics, that I hire you as a consultant for speeches. :-D -- Brielle Bruns The Summit Open Source Development Group http://www.sosdg.org/ http://www.ahbl.org
Re: Using private APNIC range in US
Chuck - Very true... What about the time our old manager (MARTIN) gave your old organization that Entire Class B On Fri, Mar 19, 2010 at 11:06 AM, Charles Mills w3y...@gmail.com wrote: I love war stories. I once got chewed out by a colleague ? from another organization because we were using their address space. We were using 10.0.0.0/8. Explanation of NAT and RFC1918 was met with a deer in the headlights look. On Fri, Mar 19, 2010 at 12:04 AM, Matt Shadbolt matt.shadb...@gmail.com wrote: I once had a customer who for some reason had all their printers on public addresses they didn't own. Not advertising them outside, but internally whenever a user browsed to a external site that happened to be one of the addresses used, they would just receive a HP or Konica login page :) They didn't mind though. No idea if they've changed it since. On Fri, Mar 19, 2010 at 6:41 AM, Larry Sheldon larryshel...@cox.net wrote: On 3/18/2010 14:30, William Allen Simpson wrote: On 3/18/10 2:35 PM, Jared Mauch wrote: Does anyone know if the University of Michigan or Cisco are going be updating their systems and documentation to no longer use 1.2.3.4 ? http://www.google.com/search?q=1.2.3.4+site%3Acisco.com I know that the University of Michigan utilize 1.2.3.4 for their captive portal login/logout pages as recently as monday when I was on the medical campus. Dunno about cisco. med.umich.edu seems to run their own stuff, separately from umich.edu , and quite badly. I've complained about their setup repeatedly over the past several years. No traction. Is it something about Medical Schools? When we were first putting together the campus network, Surgery was running a Token Ring (I thought Vampire Tap was a fitting item for their inventory) running in Class D space as I recall. Should we try again, jointly? ;-) Towards the end, there were people who insisted I must rout their net to the Internets. I declined. -- Democracy: Three wolves and a sheep voting on the dinner menu. (A republic, using parliamentary law, protects the minority.) Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml -- = Charles L. Mills Westmoreland Co. ARES EC Amateur Radio Callsign W3YNI Email: w3y...@gmail.com
Re: NSP-SEC
When the Sun shines upon Earth, 2 - major Time points are created on opposite sides of Earth - known as Midday and Midnight. Where the 2 major Time forces join, synergy creates 2 new minor Time points we recognize as Sunup and Sundown. The 4-equidistant Time points can be considered as Time Square imprinted upon the circle of Earth. In a single rotation of the Earth sphere, each Time corner point rotates through the other 3-corner Time points, thus creating 16 corners, 96 hours and 4-simultaneous 24 hour Days within a single rotation of Earth - equated to a Higher Order of Life Time Cube. [2] [2] http://en.wikipedia.org/wiki/Time_cube Uhhh, yeah... WOW man, like FARM OUT man! The best thing I've learned on NANOG all year is this message about Gene Ray. And as an added bonus that led me to the Peirce quincuncial projection which is actually something useful to know about. --Michael Dillon
RE: Cogent outage yesterday
Thanks for the responses to my query. Here's what happened to my network. On 3/17/2010 in the morning Central Time in Houston we started having issues connecting to parts of the rest of the world on an intermittent basis. We were troubleshooting our own equipment for quite some time and did not realize that Cogent was having routing/peering issues with Time Warner (Telecom?). Apparently it was an issue that was supposed to have started 3/17/2010 at 9:00am Central Time and effected Houston and Dallas, Texas, USA and stopped around 1:00pm CT on the same day. But my experience was that the outage was not resolved until 3/18/2010 at 3:00pm CT (or so). The Cogent ticket # on the issue was HD2113436. Thanks, Lorell Hathcock
Re: NSP-SEC
On Fri, 19 Mar 2010, William Pitcock wrote: On Fri, 2010-03-19 at 08:31 -0500, John Kristoff wrote: An ongoing area of work is to build better closed, trusted communities without leaks. Have you ever considered that public transparency might not be a bad thing? This seems to be the plight of many security people, that they have to be 100% secretive in everything they do, which is total bullshit. That's fine, in theory, but in practice it doesn't work. Part of the issue is that information that could be considered sensitive generally has to have a level of trust for both the sender(s) and receiver(s), and that level of trust is generally not possible in an open forum. By level of trust I mean that if I have sensitive intel about an ongoing incident (attack, pwnd box, etc) I need to have some assurance that the information gets to people who can and will act on it, and keep that information confidential. nsp-sec has worked to build that level of trust (in general, work pretty good success) through the vetting process that every potential participant goes through. Is it a perfect system? No, but it does serve a useful and important purpose. Many security people have to keep things quiet for the same reasons, in addition to (not an all-inclusive list): 1. They might be under NDA or be employed at a company that has a policy against any sort of unapproved disclosures 2. The sources of various bits of intel is confidential and releasing unfiltered information could compromise that source. 3. Releasing unfiltered information could compromised intel gathering methods, potentially rendering them useless for further action. The likelihood that a secret will be kept goes down by the square of the number of people who know it -- source unknown The likelihood that a meeting will be productive goes down by the square of the number of people who attend -- me jms
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to bgp-st...@lists.apnic.net For historical data, please see http://thyme.apnic.net. If you have any comments please contact Philip Smith pfsi...@gmail.com. Routing Table Report 04:00 +10GMT Sat 20 Mar, 2010 Report Website: http://thyme.apnic.net Detailed Analysis: http://thyme.apnic.net/current/ Analysis Summary BGP routing table entries examined: 312799 Prefixes after maximum aggregation: 145223 Deaggregation factor: 2.15 Unique aggregates announced to Internet: 153590 Total ASes present in the Internet Routing Table: 33561 Prefixes per ASN: 9.32 Origin-only ASes present in the Internet Routing Table: 29134 Origin ASes announcing only one prefix: 14245 Transit ASes present in the Internet Routing Table:4427 Transit-only ASes present in the Internet Routing Table:106 Average AS path length visible in the Internet Routing Table: 3.6 Max AS path length visible: 22 Max AS path prepend of ASN (32374) 19 Prefixes from unregistered ASNs in the Routing Table: 966 Unregistered ASNs in the Routing Table: 158 Number of 32-bit ASNs allocated by the RIRs:481 Prefixes from 32-bit ASNs in the Routing Table: 480 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space:218 Number of addresses announced to Internet: 2204886880 Equivalent to 131 /8s, 107 /16s and 231 /24s Percentage of available address space announced: 59.5 Percentage of allocated address space announced: 66.1 Percentage of available address space allocated: 90.0 Percentage of address space in use by end-sites: 81.7 Total number of prefixes smaller than registry allocations: 149633 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:75611 Total APNIC prefixes after maximum aggregation: 26228 APNIC Deaggregation factor:2.88 Prefixes being announced from the APNIC address blocks: 72268 Unique aggregates announced from the APNIC address blocks:31854 APNIC Region origin ASes present in the Internet Routing Table:3976 APNIC Prefixes per ASN: 18.18 APNIC Region origin ASes announcing only one prefix: 1089 APNIC Region transit ASes present in the Internet Routing Table:626 Average APNIC Region AS path length visible:3.6 Max APNIC Region AS path length visible: 15 Number of APNIC addresses announced to Internet: 504451648 Equivalent to 30 /8s, 17 /16s and 82 /24s Percentage of available APNIC address space announced: 79.1 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079 55296-56319, 131072-132095 APNIC Address Blocks 1/8, 27/8, 43/8, 58/8, 59/8, 60/8, 61/8, 110/8, 111/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 133/8, 175/8, 180/8, 182/8, 183/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:129513 Total ARIN prefixes after maximum aggregation:67928 ARIN Deaggregation factor: 1.91 Prefixes being announced from the ARIN address blocks: 103342 Unique aggregates announced from the ARIN address blocks: 40062 ARIN Region origin ASes present in the Internet Routing Table:13568 ARIN Prefixes per ASN: 7.62 ARIN Region origin ASes announcing only one prefix:5261 ARIN Region transit ASes present in the Internet Routing Table:1338 Average ARIN Region AS path length visible: 3.4 Max ARIN Region AS path length visible: 22 Number of ARIN addresses announced to Internet: 724084128 Equivalent to 43 /8s, 40 /16s and 165 /24s Percentage of available ARIN address space
ATT MIS Testing Center Manager
Is there a manager in the ATT MIS Testing center by chance on the list, or anyone have a contact that can put me in direct touch with one? I've got one circuit out of a bonded set that the testing center has had in a loopback now for almost 24 hours and after level 3 escalation, it's still not normaled up, my csu still shows a loop up, and all calls today, approx 1 every hour and half for the last 8 hours has resulted in We show the smartjack tested good, but we're showing that it's looping back toward the CSU, we'll open up a ticket with the testing center to request the loop be removed. Thanks. -- Micheal Patterson
BGP Update Report
BGP Update Report Interval: 11-Mar-10 -to- 18-Mar-10 (7 days) Observation Point: BGP Peering with AS131072 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS665 99574 8.9%1059.3 -- DNIC-ASBLK-00616-00665 - DoD Network Information Center 2 - AS45985 23578 2.1%5894.5 -- DAEWOOSEC Daewoo Securities Co., Ltd. 3 - AS14420 17434 1.6% 44.4 -- CORPORACION NACIONAL DE TELECOMUNICACIONES CNT S.A. 4 - AS30890 15750 1.4% 35.6 -- EVOLVA Evolva Telecom s.r.l. 5 - AS982913664 1.2% 27.7 -- BSNL-NIB National Internet Backbone 6 - AS31055 13155 1.2%3288.8 -- CONSULTIX-AS Consultix GmbH 7 - AS35805 12226 1.1% 20.7 -- UTG-AS United Telecom AS 8 - AS980810983 1.0% 24.4 -- CMNET-GD Guangdong Mobile Communication Co.Ltd. 9 - AS12479 10423 0.9% 694.9 -- UNI2-AS Uni2 - Lince telecomunicaciones 10 - AS8452 9035 0.8% 18.0 -- TEDATA TEDATA 11 - AS165698216 0.7%8216.0 -- ASN-CITY-OF-CALGARY - City of Calgary 12 - AS337768174 0.7% 29.0 -- STARCOMMS-ASN 13 - AS7738 7862 0.7% 16.5 -- Telecomunicacoes da Bahia S.A. 14 - AS260257195 0.7%7195.0 -- COC - City of Calgary 15 - AS201157025 0.6% 8.5 -- CHARTER-NET-HKY-NC - Charter Communications 16 - AS277476408 0.6% 37.3 -- Telecentro S.A. 17 - AS1659 6067 0.5% 19.9 -- ERX-TANET-ASN1 Tiawan Academic Network (TANet) Information Center 18 - AS100525951 0.5%2975.5 -- KNU-AS Kyungpook National Univ. 19 - AS179745867 0.5% 8.5 -- TELKOMNET-AS2-AP PT Telekomunikasi Indonesia 20 - AS270975815 0.5%1453.8 -- DNIC-ASBLK-27032-27159 - DoD Network Information Center TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS165698216 0.7%8216.0 -- ASN-CITY-OF-CALGARY - City of Calgary 2 - AS260257195 0.7%7195.0 -- COC - City of Calgary 3 - AS45985 23578 2.1%5894.5 -- DAEWOOSEC Daewoo Securities Co., Ltd. 4 - AS31055 13155 1.2%3288.8 -- CONSULTIX-AS Consultix GmbH 5 - AS100525951 0.5%2975.5 -- KNU-AS Kyungpook National Univ. 6 - AS270975815 0.5%1453.8 -- DNIC-ASBLK-27032-27159 - DoD Network Information Center 7 - AS665 99574 8.9%1059.3 -- DNIC-ASBLK-00616-00665 - DoD Network Information Center 8 - AS22395 968 0.1% 968.0 -- GHCO-INTERNAP - Goldenberg Hehmeyer 9 - AS5691 2630 0.2% 876.7 -- MITRE-AS-5 - The MITRE Corporation 10 - AS12479 10423 0.9% 694.9 -- UNI2-AS Uni2 - Lince telecomunicaciones 11 - AS5554 653 0.1% 653.0 -- INTEGRA Integra Information Co. Ltd 12 - AS31496 615 0.1% 615.0 -- ATNET-AS ATNET Autonomous System 13 - AS354001082 0.1% 541.0 -- MFIST Interregoinal Organization Network Technologies 14 - AS45960 502 0.1% 502.0 -- YTLCOMMS-AS-AP YTL COMMUNICATIONS SDN BHD 15 - AS28052 496 0.0% 496.0 -- Arte Radiotelevisivo Argentino 16 - AS8346 2569 0.2% 428.2 -- SONATEL-AS Autonomous System 17 - AS32794 400 0.0% 400.0 -- ICFG - International Church of the Foursquare Gospel 18 - AS348752293 0.2% 382.2 -- YANFES OJSC Uralsviazinform 19 - AS183991409 0.1% 352.2 -- BAGAN-TRANSIT-AS Bagan Cybertech IDC Teleport International Transit 20 - AS35291 651 0.1% 325.5 -- ICOMM-AS SC Internet Communication Systems SRL TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 62.168.199.0/24 13100 1.1% AS31055 -- CONSULTIX-AS Consultix GmbH 2 - 208.98.230.0/248216 0.7% AS16569 -- ASN-CITY-OF-CALGARY - City of Calgary 3 - 208.98.231.0/247195 0.6% AS26025 -- COC - City of Calgary 4 - 155.230.0.0/16 5927 0.5% AS10052 -- KNU-AS Kyungpook National Univ. 5 - 210.92.10.0/24 5895 0.5% AS45985 -- DAEWOOSEC Daewoo Securities Co., Ltd. 6 - 210.92.6.0/24 5895 0.5% AS45985 -- DAEWOOSEC Daewoo Securities Co., Ltd. 7 - 210.92.4.0/24 5895 0.5% AS45985 -- DAEWOOSEC Daewoo Securities Co., Ltd. 8 - 123.140.107.0/24 5893 0.5% AS45985 -- DAEWOOSEC Daewoo Securities Co., Ltd. 9 - 214.15.217.0/245673 0.5% AS27097 -- DNIC-ASBLK-27032-27159 - DoD Network Information Center 10 - 41.235.80.0/24 5590 0.5% AS8452 -- TEDATA TEDATA 11 - 199.114.154.0/24 3567 0.3% AS1733 -- CENTAF-SWA - 754th Electronic Systems Group 12 - 85.60.192.0/23 3060 0.3% AS12479 -- UNI2-AS Uni2 - Lince telecomunicaciones 13 - 206.184.16.0/242874 0.2% AS174 -- COGENT Cogent/PSI 14 - 205.101.192.0/24 2658 0.2% AS665 --
The Cidr Report
This report has been generated at Fri Mar 19 21:11:43 2010 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date PrefixesCIDR Agg
12-03-10316317 194613
13-03-10316114 194620
14-03-10316308 194520
15-03-10316419 194586
16-03-10316559 194728
17-03-10316754 194931
18-03-10316966 194996
19-03-10316783 195279
AS Summary
33916 Number of ASes in routing system
14488 Number of ASes announcing only one prefix
4402 Largest number of prefixes announced by an AS
AS4323 : TWTC - tw telecom holdings, inc.
95798016 Largest address span announced by an AS (/32s)
AS4134 : CHINANET-BACKBONE No.31,Jin-rong Street
Aggregation Summary
The algorithm used in this report proposes aggregation only
when there is a precise match using the AS path, so as
to preserve traffic transit policies. Aggregation is also
proposed across non-advertised address space ('holes').
--- 19Mar10 ---
ASnumNetsNow NetsAggr NetGain % Gain Description
Table 318238 195224 12301438.7% All ASes
AS6389 4063 317 374692.2% BELLSOUTH-NET-BLK -
BellSouth.net Inc.
AS4323 4402 1260 314271.4% TWTC - tw telecom holdings,
inc.
AS4766 1865 489 137673.8% KIXS-AS-KR Korea Telecom
AS1785 1794 659 113563.3% AS-PAETEC-NET - PaeTec
Communications, Inc.
AS4755 1287 200 108784.5% TATACOMM-AS TATA
Communications formerly VSNL
is Leading ISP
AS22773 1127 75 105293.3% ASN-CXA-ALL-CCI-22773-RDC -
Cox Communications Inc.
AS18566 1059 33 102696.9% COVAD - Covad Communications
Co.
AS17488 1307 349 95873.3% HATHWAY-NET-AP Hathway IP Over
Cable Internet
AS8151 1535 621 91459.5% Uninet S.A. de C.V.
AS10620 1028 170 85883.5% Telmex Colombia S.A.
AS18101 998 159 83984.1% RIL-IDC Reliance Infocom Ltd
Internet Data Centre,
AS19262 1082 245 83777.4% VZGNI-TRANSIT - Verizon
Internet Services Inc.
AS7545 1030 247 78376.0% TPG-INTERNET-AP TPG Internet
Pty Ltd
AS6478 1162 411 75164.6% ATT-INTERNET3 - ATT WorldNet
Services
AS5668 803 197 60675.5% AS-5668 - CenturyTel Internet
Holdings, Inc.
AS4808 843 242 60171.3% CHINA169-BJ CNCGROUP IP
network China169 Beijing
Province Network
AS4804 678 85 59387.5% MPX-AS Microplex PTY LTD
AS4134 1023 435 58857.5% CHINANET-BACKBONE
No.31,Jin-rong Street
AS7303 686 104 58284.8% Telecom Argentina S.A.
AS8452 914 345 56962.3% TEDATA TEDATA
AS7018 1565 1006 55935.7% ATT-INTERNET4 - ATT WorldNet
Services
AS24560 843 294 54965.1% AIRTELBROADBAND-AS-AP Bharti
Airtel Ltd., Telemedia
Services
AS3356 1230 688 54244.1% LEVEL3 Level 3 Communications
AS17908 772 234 53869.7% TCISL Tata Communications
AS4780 657 157 50076.1% SEEDNET Digital United Inc.
AS22047 546 53 49390.3% VTR BANDA ANCHA S.A.
AS17676 575 87 48884.9% GIGAINFRA Softbank BB Corp.
AS9443 555 75 48086.5% INTERNETPRIMUS-AS-AP Primus
Telecommunications
AS28573 947 475 47249.8% NET Servicos de Comunicao S.A.
AS11492 1142 671 47141.2% CABLEONE - CABLE ONE, INC.
Total 37518103832713572.3% Top 30 total
Possible Bogus Routes
2.0.0.0/16 AS12654 RIPE-NCC-RIS-AS RIPE NCC RIS project
2.1.0.0/21
Re: NSP-SEC
On Fri, Mar 19, 2010 at 8:42 AM, Leo Bicknell bickn...@ufp.org wrote: I'd like to nominate this for the Best of Nanog 2010. +1. Does the nomination include a sample ? J
Re: CRS-3
Paul Ferguson expunged (fergdawgs...@gmail.com): -BEGIN PGP SIGNED MESSAGE- Anyone have any idea how much a fully configured CRS-3 would cost? Or how much power it would consume? Or how much heat it would generate? Admittedly, my information on these topics comes from NPR these days. :-) They said it costs ~US$90k, and that ATT was in trails. $90k is the price of the special lift jack you need to move them around :) -Steve
Re: CRS-3
Thats funny, not sure if Cisco sells one or not but back in the day, I worked @ Avici, and we did in fact have a special jack used to move the chassis around :) -jim On Fri, Mar 19, 2010 at 10:30 PM, Steve Meuse sme...@mara.org wrote: Paul Ferguson expunged (fergdawgs...@gmail.com): -BEGIN PGP SIGNED MESSAGE- Anyone have any idea how much a fully configured CRS-3 would cost? Or how much power it would consume? Or how much heat it would generate? Admittedly, my information on these topics comes from NPR these days. :-) They said it costs ~US$90k, and that ATT was in trails. $90k is the price of the special lift jack you need to move them around :) -Steve
