On 4/8/10 2:23 PM, Jay Hennigan wrote:
We just got Cyclops alerts showing several of our prefixes sourced from
AS23474 propagating through AS4134. Anyone else?
aut-num: AS23724
as-name: CHINANET-IDC-BJ-AP
descr:IDC, China Telecommunications Corporation
country: CN
aut-nu
On Thu, 08 Apr 2010 16:01:55 EDT, William Herrin said:
> On Thu, Apr 8, 2010 at 3:49 PM, John Payne wrote:
> > So again, why do WE have to encourage YOU to adopt IPv6?
> > Why should WE care what you do to the point of creating
> > new rules so YOU don't have to pay like everyone else?
>
> Becaus
On Thu, Apr 8, 2010 at 4:27 PM, John Payne wrote:
> On Apr 8, 2010, at 4:01 PM, William Herrin wrote:
>> Because when WE haven't deployed IPv6 yet and YOU have trouble finding
>> a free IPv4 address for your new server, it'll be YOUR problem too.
>
> Sure... if I'm in the minority. If/when I'm no
On Thu, 08 Apr 2010 14:32:44 CDT, "IPv3.com" said:
> People seem to be happy with 34 bits, one extra bit at each end. 1+32+1
It's interesting to see that people can be this reality-challenged and still
ruled competent to manage their own affairs.
But I'll let the list admins make the call on thi
On 4/8/10 1:36 PM, Brielle Bruns wrote:
> I'm starting to wonder if someone is 'testing the waters' in China to
> see what they can get away with. I hate to be like this, but there's a
> reason why I have all of China filtered on my routers.
>
> Amazing how much SSH hammering, spam, and other n
On Apr 8, 2010, at 4:44 PM, William Herrin wrote:
On Thu, Apr 8, 2010 at 4:27 PM, John Payne wrote:
On Apr 8, 2010, at 4:01 PM, William Herrin wrote:
Because when WE haven't deployed IPv6 yet and YOU have trouble
finding
a free IPv4 address for your new server, it'll be YOUR problem too.
I also see some of this from France.
On this incident/error, even if tools like BGPMon, watchmy.net and
others exactly did their roles, I asking myself if there are some other
public tools which can help.
CIDR returns Chinanet as the biggest announcer (but could be the case
previously)
97074688
On Apr 8, 2010, at 12:10 PM, Chris Grundemann wrote:
> On Thu, Apr 8, 2010 at 12:47, Jeroen Massar wrote:
>> [changing topics, so that it actually reflects the content]
>>
>> On 2010-04-08 20:33, William Herrin wrote:
>>> Yes, with suitably questionable delegations, it is possible to run out
>>
and what makes you think that there is anyone looking after the
mailing lists any more. There have been few network operational
threads in recent months, and the Jim Fleming IPv3 bot is given free
rein on the NANOG lists. Go look at the traffic for nanaog-futures
this month. 100% of the postings ar
Hi Jul, list
.-- My secret spy satellite informs me that at 08/04/10 1:57 PM jul wrote:
So, how each one has assess the impact of this on his network ? How
could we check where route's propagation stop(ed) ?
Thanks to Renesys and Team Cymru for the stats of how many
prefixes/countries where af
In article <201004071118.o37bivk1022...@aurora.sol.net>, Joe Greco
writes
Unfortunately, power-cycling crashed PC's is (was?) pretty common, and
many users are (were?) also trained to shut off PC's when done, so here
you've introduced something that is by-design going to fail periodically.
O
On Thu, Apr 8, 2010 at 4:51 PM, John Payne wrote:
> On Apr 8, 2010, at 4:44 PM, William Herrin wrote:
>> I think you'll find that the guy deploying the IPv6-only client -or-
>> server is going to be in the minority for a long time to come. But if
>> you want to bet against me, more power to you.
> NANOG Seems to be Dominated by NON-North American People ?
> ...odd
When was the last time that you attended a NANOG meeting?
When was the last time that you read the NANOG charter, in particular this line:
The purpose of NANOG is to provide forums in the North American
region for educ
In article ,
Steven Bellovin writes
Remember, it was this strange time when people were uncertain about how
networks were going to evolve, and what the next thing would be, and
even then, 10baseT was being deployed over Cat3 (sometimes recycled/
repurposed), so any sort of "enabling" gadget such
On Apr 8, 2010, at 5:14 PM, William Herrin wrote:
> On Thu, Apr 8, 2010 at 4:51 PM, John Payne wrote:
>> On Apr 8, 2010, at 4:44 PM, William Herrin wrote:
>>> I think you'll find that the guy deploying the IPv6-only client -or-
>>> server is going to be in the minority for a long time to come.
> 1) Justify why we need a heavy bureaucracy such as ARIN for IPv6
> numbering resources,
Because the members of ARIN (and the other four RIRs) want it that way.
And because nobody has yet made a serious proposal to ICANN that
would replace ARIN.
> 2) Tell me why something like the old pre-depl
>
>> *I* am personally convinced that IPv6 is great, but on the other hand,
>> I do not see so much value in v6 that I am prepared to compel the
>> budgeting for ARIN v6 fees, especially since someone from ARIN just
>> described all the ways in which they fritter away money.
>
> Well, if you joi
> You're aware that RIPE has already made some /19 and /20 IPv6 allocations?
10 years ago ARIN rarely allocated less than a /19 or a /20 in IPv4. And we
are still breathing today.
> Yes, with suitably questionable delegations, it is possible to run out
> of IPv6 quickly.
Fortunately, there haven
>
> I have my doubts, based on a ~decade of observation. I don't think ARIN
> is deliberately evil, but I think there are some bits that'd be hard to
> fix.
>
I believe that anything at ARIN which the community at large and the membership
can come to consensus is broken will be relatively easy t
On Thu, Apr 8, 2010 at 5:26 PM, John Payne wrote:
> b) ARIN or RIRv6 has costs that are covered by registration fees.
> How does having a whole bunch of freeloaders save me money?
'Cause if you're clever about it, they're not freeloaders forever...
they only get to be freeloaders until, as you s
On Apr 8, 2010, at 5:03 PM, Michael Dillon wrote:
> and what makes you think that there is anyone looking after the
> mailing lists any more. There have been few network operational
> threads in recent months, and the Jim Fleming IPv3 bot is given free
> rein on the NANOG lists.
[snip]
I guarant
On 3/30/10 8:26 PM, Steve Bertrand wrote:
> I'd put 'janitor' on my business card for all I really care.
Or on your T-shirt?
Like the ones from NANOG 42 that read "Custodians of the Internet"?
--
Jay Hennigan - CCIE #7880 - Network Engineering - j...@impulse.net
Impulse Internet Service - htt
I got $5, litterally. Will that Do?
Otherwise,
> ...and fools are wasting their time and money on IPv6
No offence chap its to late to be saying that. IPv6 is where we are
all going, some are already there. You are going to have to embrace it
sooner or later or suffer the wrath of unsupported tec
On Apr 8, 2010, at 5:38 PM, Owen DeLong wrote:
*I* am personally convinced that IPv6 is great, but on the other
hand,
I do not see so much value in v6 that I am prepared to compel the
budgeting for ARIN v6 fees, especially since someone from ARIN just
described all the ways in which they
- "James Bensley" wrote:
>
> > ...and fools are wasting their time and money on IPv6
>
> No offence chap its to late to be saying that. IPv6 is where we are
> all going, some are already there. You are going to have to embrace
> it
> sooner or later or suffer the wrath of unsupported techno
> I guarantee you the Communications Committee is on the job. What's more,
> they are doing a GREAT job - for no money and apparently no gratitude. It is
> worse than thankless, no matter what they do they will be derided. Filter
> someone and they get flamed. Leave someone allowed to post a
On Apr 8, 2010, at 6:39 45PM, Michael Dillon wrote:
>> I guarantee you the Communications Committee is on the job. What's more,
>> they are doing a GREAT job - for no money and apparently no gratitude. It
>> is worse than thankless, no matter what they do they will be derided.
>> Filter som
On Apr 8, 2010, at 3:51 PM, David Conrad wrote:
> Sure they are. I personally know of several cases where addresses have been
> sold. Right now, people have to go through a bunch of foo, creating dummy
> companies to hold the IP address assets, transferring the assets, selling the
> dummy comp
[Reply-to set.]
On Apr 8, 2010, at 6:39 PM, Michael Dillon wrote:
>> I guarantee you the Communications Committee is on the job. What's more,
>> they are doing a GREAT job - for no money and apparently no gratitude. It
>> is worse than thankless, no matter what they do they will be derided.
On 08/04/10 18:00 +, bmann...@vacation.karoshi.com wrote:
On Thu, Apr 08, 2010 at 12:50:26PM -0500, Dan White wrote:
On 08/04/10 17:17 +, bmann...@vacation.karoshi.com wrote:
> in the IPv4 space, it was common to have a min allocation size of
> a /20 ... or 4,096 addresses ... and yet t
> -Original Message-
> From: Michael Dillon [mailto:wavetos...@googlemail.com]
> Sent: Thursday, April 08, 2010 3:40 PM
> To: NANOG list
> Subject: Re: Cheers to the Communication Committee [was: Likely /8
> Scenario - Carriers will TAKE what they want ?]
>
> > I guarantee you the Communic
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Yo Owen!
Since I just need one /64 that is $1,250/yr for the /64.
That puts me at a large competitive disadvantage to the big boys.
RGDS
GARY
- ---
Gary E. Miller Rellim 109 NW
You are mistaken.
If you only need one /64, you cannot possibly be an IPv6 ISP.
As such, you would only pay the end-user price of $1250 one-time and $100/year.
That $100/year also covers your IPv4 space and your autonomous system number.
Owen
On Apr 8, 2010, at 4:18 PM, Gary E. Miller wrote:
On Thu, Apr 08, 2010 at 06:05:09PM -0500, Dan White wrote:
> >>>
> >>> What, if any, plan exists to improve the utilization density of the
> >>> existant IPv4 pool?
> >>
> >>I believe your question is based on an outdated assumption.
> >
> > and that outdated assumption is?
>
> The assum
Owen DeLong wrote:
You are mistaken.
If you only need one /64, you cannot possibly be an IPv6 ISP.
As such, you would only pay the end-user price of $1250 one-time and $100/year.
That $100/year also covers your IPv4 space and your autonomous system number.
Only $100/year (and an RSA) more
John,
In the cases I'm aware of (which were some time ago), there was (to my
knowledge) no fraud involved.
Or are you indicating the mechanisms I described are in some way fraudulent?
Regards,
-drc
On Apr 8, 2010, at 12:46 PM, John Curran wrote:
> On Apr 8, 2010, at 3:51 PM, David Conrad wrot
On Apr 8, 2010, at 2:29 PM, joe mcguckin wrote:
> I think the more interesting discussion is:
> - Where is ARIN and the RIR's headed?
> - What will ARIN look like 10 years from now?
Joe -
Excellent questions... The direction with respect to ARIN is that
the Board has spent significant
What I would need if I were to go with IP6 would be to have a parallel address
for every one of
my current addresses. Right now we have 2 - legacy /24's and one legacy /23 -
thats it.
I'd just need the "equivalent" IP6 space.
We could just get that from our current provider (Steadfast in th
On Apr 8, 2010, at 7:51 PM, David Conrad wrote:
> John,
>
> In the cases I'm aware of (which were some time ago), there was (to my
> knowledge) no fraud involved.
If you see more recent cases of this occurring, please report them.
> Or are you indicating the mechanisms I described are in some w
> What I would need if I were to go with IP6 would be to have a parallel
> address for every one of
> my current addresses. Right now we have 2 - legacy /24's and one legacy /23
> - thats it.
>
> I'd just need the "equivalent" IP6 space.
The key question is "are you an ISP?". If the answer is yes
On Apr 8, 2010, at 4:57 PM, John Palmer (NANOG Acct) wrote:
> What I would need if I were to go with IP6 would be to have a parallel
> address for every one of
> my current addresses. Right now we have 2 - legacy /24's and one legacy /23 -
> thats it.
>
> I'd just need the "equivalent" IP6 sp
Is it possible for you to share that filter list you have for china?
im getting bogged down by those ssh-bruts as well coming in from
china.
-B
On Thu, Apr 8, 2010 at 2:36 PM, Brielle Bruns wrote:
> On 4/8/10 2:23 PM, Jay Hennigan wrote:
>>
>> We just got Cyclops alerts showing several of our p
On 04 Apr 2010 16:07, James Hess wrote:
> Using a 'key' is slightly less of a network operator nightmare than
> having 100 featuresets, and thousands of mystery meat images for the
> same software version. At least you don't need to go buy a new
> software image, and do a full upgrade procedure to
On 4/8/10 6:29 PM, Beavis wrote:
Is it possible for you to share that filter list you have for china?
im getting bogged down by those ssh-bruts as well coming in from
china.
Sure, check off-list momentarily, you'll have a nice Foundry formatted
ACL that can easily be adjusted to work with ci
Do share!
On Thu, Apr 8, 2010 at 7:29 PM, Beavis wrote:
> Is it possible for you to share that filter list you have for china?
> im getting bogged down by those ssh-bruts as well coming in from
> china.
>
>
> -B
>
> On Thu, Apr 8, 2010 at 2:36 PM, Brielle Bruns wrote:
> > On 4/8/10 2:23 PM, Jay
Please.
-Original Message-
From: Will Clayton [mailto:w.d.clay...@gmail.com]
Sent: Thursday, April 08, 2010 8:43 PM
To: Beavis
Cc: nanog@nanog.org
Subject: Re: BGP hijack from 23724 -> 4134 China?
Do share!
On Thu, Apr 8, 2010 at 7:29 PM, Beavis wrote:
> Is it possible for you to shar
On 4/8/10 7:50 PM, Aaron Wendel wrote:
Please.
Since there's been alot of requests for the ACLs, i've gone ahead and
put the info on our wiki for easy access.
http://wiki.sosdg.org/sosdg:internal:chinafilter
Hope it comes in handy, and please let me know if i'm missing anything.
--
Bri
+1
On Thu April 8 2010 20:50, Aaron Wendel wrote:
> Please.
>
> -Original Message-
> From: Will Clayton [mailto:w.d.clay...@gmail.com]
> Sent: Thursday, April 08, 2010 8:43 PM
> To: Beavis
> Cc: nanog@nanog.org
> Subject: Re: BGP hijack from 23724 -> 4134 China?
>
> Do share!
>
> On Thu, A
On Apr 8, 2010, at 8:05 PM, Brielle Bruns wrote:
>
> Since there's been alot of requests for the ACLs, i've gone ahead and put the
> info on our wiki for easy access.
>
> http://wiki.sosdg.org/sosdg:internal:chinafilter
>
> Hope it comes in handy, and please let me know if i'm missing anything
On 4/8/10 8:17 PM, Danny McPherson wrote:
On Apr 8, 2010, at 8:05 PM, Brielle Bruns wrote:
Since there's been alot of requests for the ACLs, i've gone ahead and put the
info on our wiki for easy access.
http://wiki.sosdg.org/sosdg:internal:chinafilter
Hope it comes in handy, and please let
On 04/08/2010 06:00 AM, Adrian Chadd wrote:
> On Thu, Apr 08, 2010, Joe Greco wrote:
>
>> Because a legacy holder doesn't care about ARIN; a legacy holder has
>> usable space that cannot be reclaimed by ARIN and who is not paying
>> anything to ARIN. The point here is that this situation does n
On Thu, 8 Apr 2010, Danny McPherson wrote:
FWIW, this is a lot like putting a bandaid on a headache - it's not going
to do much good in reality, and likely cause more harm than good in properly
secured networks - but it might make some folks feel a little better.
behavior modification. chinanet
On Thu, Apr 8, 2010 at 7:57 PM, John Palmer (NANOG Acct)
wrote:
> What I would need if I were to go with IP6 would be to have a parallel
> address for every one of
> my current addresses. Right now we have 2 - legacy /24's and one legacy /23
> - thats it.
>
> I'd just need the "equivalent" IP6 sp
On Apr 8, 2010, at 8:35 PM, Brielle Bruns wrote:
>
> More harm then good is a matter of opinion. Denying all of mainland China
> reduces the amount of attacks on my network. If you consider that masking
> security problems rather then fixing them, then *shrugs*. Its just one of
> many layer
On Thu, Apr 8, 2010 at 9:35 PM, Brielle Bruns wrote:
> I grabbed that access-list from the routers directly, so thats why it's been
> generated already. If there's a tool for UNIX/Linux that can generate the
> wildcard masks from CIDR in bulk for use in creating ACLs, I'd be happy to
> put it up
On 08.04 14:36, Brielle Bruns wrote:
>
> I'm starting to wonder if someone is 'testing the waters' in China to
> see what they can get away with. I hate to be like this, but there's a
> reason why I have all of China filtered on my routers.
Beware of prejudice influencing observations and their
It depends. Preventing packet flow from a rather more carefully
selected list of prefixes may actually make sense.
These for example - www.spamhaus.org/drop/
Filtering prefixes that your customers may actually exchange valid
email / traffic with, and that are not 100% bad is not the best way to
101 - 157 of 157 matches
Mail list logo