BGP Update Report
BGP Update Report Interval: 30-Jun-08 -to- 31-Jul-08 (32 days) Observation Point: BGP Peering with AS2.0 TOP 20 Unstable Origin AS Rank ASNUpds % Upds/PfxAS-Name 1 - AS9583 122069 1.8% 98.8 -- SIFY-AS-IN Sify Limited 2 - AS4538 112661 1.6% 22.5 -- ERX-CERNET-BKB China Education and Research Network Center 3 - AS17488 80816 1.2% 60.0 -- HATHWAY-NET-AP Hathway IP Over Cable Internet 4 - AS569173841 1.1%5680.1 -- MITRE-AS-5 - The MITRE Corporation 5 - AS180368104 1.0% 54.4 -- ICMNET-5 - Sprint 6 - AS629857728 0.8% 31.3 -- COX-PHX - Cox Communications Inc. 7 - AS10396 56155 0.8%1039.9 -- COQUI-NET - DATACOM CARIBE, INC. 8 - AS773853571 0.8% 173.9 -- Telecomunicacoes da Bahia S.A. 9 - AS905152726 0.8% 323.5 -- IDM Autonomous System 10 - AS476650485 0.7% 57.0 -- KIXS-AS-KR Korea Telecom 11 - AS886647434 0.7% 148.2 -- BTC-AS Bulgarian Telecommunication Company Plc. 12 - AS17974 47379 0.7% 64.5 -- TELKOMNET-AS2-AP PT Telekomunikasi Indonesia 13 - AS33783 43181 0.6% 261.7 -- EEPAD 14 - AS478840747 0.6% 19.0 -- TMNET-AS-AP TM Net, Internet Service Provider 15 - AS306 40457 0.6% 235.2 -- DNIC - DoD Network Information Center 16 - AS12455 39791 0.6% 523.6 -- JAMBONET 17 - AS815137280 0.5% 25.9 -- Uninet S.A. de C.V. 18 - AS346434641 0.5% 92.1 -- ASC-NET - Alabama Supercomputer Network 19 - AS992933311 0.5% 105.7 -- CNCNET-CN China Netcom Corp. 20 - AS939432523 0.5% 21.3 -- CRNET CHINA RAILWAY Internet(CRNET) TOP 20 Unstable Origin AS (Updates per announced prefix) Rank ASNUpds % Upds/PfxAS-Name 1 - AS47467 26561 0.4% 13280.5 -- GRIFFEL Griffel AB 2 - AS27245 14477 0.2%7238.5 -- HEIDRICK-CHICAGO - HEIDRICK 3 - AS30850 12500 0.2%6250.0 -- DESMIE-AS Hellenic Trasmission System Operator S.A. 4 - AS569173841 1.1%5680.1 -- MITRE-AS-5 - The MITRE Corporation 5 - AS299105222 0.1%5222.0 -- IACP - INTL. ASSN OF CHIEF OF POLICEI 6 - AS391055002 0.1%5002.0 -- CLASS-AS SC Class Computers And Service SRL 7 - AS446564902 0.1%4902.0 -- HOLOSFIND-ROMANIA HOLOSFIND SRL 8 - AS226783945 0.1%3945.0 -- OSDE 9 - AS23082 18507 0.3%3701.4 -- MPHI - Michigan Public Health Institute 10 - AS283613311 0.1%3311.0 -- 11 - AS441943261 0.1%3261.0 -- FREIFUNK-BERLIN-AS Freifunk Berlin 12 - AS277862845 0.0%2845.0 -- SSA SISTEMAS S.A. 13 - AS406274082 0.1%2041.0 -- RC-COLO1 - RingCentral Inc 14 - AS5382 2033 0.0%2033.0 -- TELESYSTEM-NET Planet Service Srl 15 - AS385131995 0.0%1995.0 -- LINTASARTA-AS-ID PT Aplikanusa Lintasarta 16 - AS369885752 0.1%1917.3 -- MILLICOM-SL 17 - AS285421751 0.0%1751.0 -- Gobierno del Estado de Coahuila 18 - AS30560 16921 0.2%1692.1 -- GE-MS001 - General Electric Company 19 - AS369661672 0.0%1672.0 -- Edgenet 20 - AS402566549 0.1%1637.2 -- ACS-HCMS-ASN - Affiliated Computer Services, Inc. TOP 20 Unstable Prefixes Rank Prefix Upds % Origin AS -- AS Name 1 - 192.12.120.0/24 73669 1.0% AS5691 -- MITRE-AS-5 - The MITRE Corporation 2 - 221.134.222.0/24 63345 0.8% AS9583 -- SIFY-AS-IN Sify Limited 3 - 194.126.143.0/24 42847 0.6% AS9051 -- IDM Autonomous System 4 - 83.228.71.0/2438724 0.5% AS8866 -- BTC-AS Bulgarian Telecommunication Company Plc. 5 - 221.128.192.0/18 25021 0.3% AS18231 -- EXATT-AS-AP IOL NETCOM LTD 6 - 210.214.128.0/23 19650 0.3% AS9583 -- SIFY-AS-IN Sify Limited 7 - 210.214.144.0/24 17053 0.2% AS9583 -- SIFY-AS-IN Sify Limited 8 - 72.50.96.0/20 14955 0.2% AS10396 -- COQUI-NET - DATACOM CARIBE, INC. 9 - 63.84.91.0/24 13583 0.2% AS27245 -- HEIDRICK-CHICAGO - HEIDRICK 10 - 62.182.216.0/21 13292 0.2% AS35706 -- NAO Net at Once AS47467 -- GRIFFEL Griffel AB 11 - 91.203.160.0/22 13283 0.2% AS35706 -- NAO Net at Once AS47467 -- GRIFFEL Griffel AB 12 - 195.47.233.0/24 12480 0.2% AS30850 -- DESMIE-AS Hellenic Trasmission System Operator S.A. 13 - 203.63.26.0/2410716 0.1% AS9747 -- EZINTERNET-AS-AP EZInternet Pty Ltd 14 - 196.42.0.0/20 9406 0.1% AS10396 -- COQUI-NET - DATACOM CARIBE, INC. 15 - 196.42.48.0/20 9360 0.1% AS10396 -- COQUI-NET - DATACOM CARIBE, INC. 16 - 216.255.56.0/219293 0.1% AS7106 -- OHIOBRIGHTNET - Com Net, Inc. 17 - 72.50.112.0/20 9263 0.1% AS10396 --
The Cidr Report
This report has been generated at Fri Aug 1 21:14:54 2008 AEST. The report analyses the BGP Routing Table of AS2.0 router and generates a report on aggregation potential within the table. Check http://www.cidr-report.org for a current version of this report. Recent Table History Date PrefixesCIDR Agg 25-07-08275453 173831 26-07-08275442 173410 27-07-08275750 173503 28-07-08275756 173855 29-07-08275931 173240 30-07-08275991 174045 31-07-08276919 172327 01-08-08276746 172621 AS Summary 28973 Number of ASes in routing system 12245 Number of ASes announcing only one prefix 4989 Largest number of prefixes announced by an AS AS4538 : ERX-CERNET-BKB China Education and Research Network Center 88348160 Largest address span announced by an AS (/32s) AS721 : DISA-ASNBLK - DoD Network Information Center Aggregation Summary The algorithm used in this report proposes aggregation only when there is a precise match using the AS path, so as to preserve traffic transit policies. Aggregation is also proposed across non-advertised address space ('holes'). --- 01Aug08 --- ASnumNetsNow NetsAggr NetGain % Gain Description Table 277003 172671 10433237.7% All ASes AS4538 4989 881 410882.3% ERX-CERNET-BKB China Education and Research Network Center AS6389 3204 268 293691.6% BELLSOUTH-NET-BLK - BellSouth.net Inc. AS209 2999 677 232277.4% ASN-QWEST - Qwest AS4755 1692 253 143985.0% VSNL-AS Videsh Sanchar Nigam Ltd. Autonomous System AS18566 1045 40 100596.2% COVAD - Covad Communications Co. AS6298 1774 784 99055.8% COX-PHX - Cox Communications Inc. AS22773 970 67 90393.1% CCINET-2 - Cox Communications Inc. AS17488 1262 366 89671.0% HATHWAY-NET-AP Hathway IP Over Cable Internet AS8151 1427 567 86060.3% Uninet S.A. de C.V. AS4323 1487 678 80954.4% TWTC - tw telecom holdings, inc. AS1785 1390 613 77755.9% AS-PAETEC-NET - PaeTec Communications, Inc. AS19262 931 231 70075.2% VZGNI-TRANSIT - Verizon Internet Services Inc. AS11492 1214 523 69156.9% CABLEONE - CABLE ONE AS2386 1492 897 59539.9% INS-AS - ATT Data Communications Services AS18101 710 151 55978.7% RIL-IDC Reliance Infocom Ltd Internet Data Centre, AS9498 661 107 55483.8% BBIL-AP BHARTI BT INTERNET LTD. AS6478 1016 474 54253.3% ATT-INTERNET3 - ATT WorldNet Services AS4766 881 397 48454.9% KIXS-AS-KR Korea Telecom AS6197 954 486 46849.1% BATI-ATL - BellSouth Network Solutions, Inc AS4808 623 160 46374.3% CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network AS7011 1001 548 45345.3% FRONTIER-AND-CITIZENS - Frontier Communications of America, Inc. AS17676 524 82 44284.4% GIGAINFRA BB TECHNOLOGY Corp. AS22047 565 129 43677.2% VTR BANDA ANCHA S.A. AS855587 156 43173.4% CANET-ASN-4 - Bell Aliant AS9443 519 91 42882.5% INTERNETPRIMUS-AS-AP Primus Telecommunications AS7018 1430 1004 42629.8% ATT-INTERNET4 - ATT WorldNet Services AS4134 830 436 39447.5% CHINANET-BACKBONE No.31,Jin-rong Street AS4780 716 323 39354.9% SEEDNET Digital United Inc. AS24560 542 150 39272.3% AIRTELBROADBAND-AS-AP Bharti Airtel Ltd. AS3602 454 78 37682.8%
Fwd: [LN20080729.4147] RE: AS 28551
I think that 161.164.248.0/21 and AS 28551 may be hijacked. To summarize AS 28551 is announcing 161.164.248.0/21 28551 is assigned to LANIC but has not been assigned to a end user. 161.164.248.0/21 is assigned to WalMart 161.164.248.0/21 is currently routed through AS35681 - VINDAVA-AS - which is in Bucharest, Romania I think that this is a bogon. Regards Marshall P.S. I have asked WalMart about this, and received no response. Begin forwarded message: From: Lucas Graciano [EMAIL PROTECTED] Date: July 31, 2008 1:10:25 PM EDT To: Marshall Eubanks [EMAIL PROTECTED] Cc: LACNIC Hostmaster [EMAIL PROTECTED] Subject: Re: [LN20080729.4147] RE: AS 28551 Dear Sir, This AS number is under administration by NIC.MX, but is a resource that is not allocated yet! Regards, Hostmaster // Registration Service L A C N I Chttp://lacnic.net Latin American and Caribbean Internet Addresses Registry On Tue, Jul 29, 2008 at 04:59:02AM -0400, Marshall Eubanks wrote: Hello; I contacted LANIC (read below) to see if they actually did register AS 28551. My question remains : Is there a reason for this ASN not to be in the LACNIC whois, or is this a rogue ASN ? Regards Marshall Eubanks On Jul 29, 2008, at 3:14 AM, Network Abuse wrote: **This is an automatic message. ** ** Please carefully read the information below. ** You have contacted LACNIC due to some abuse activity (spam, hacking, etc), from an IP address allocated or assigned by LACNIC. LACNIC is an RIR (Regional Internet Registry) for Latin America and the Caribbean region. What that means is that LACNIC is responsible for the IP address space and ASN allocation/assignment in this region. As mentioned, the IP address in question was allocated by LACNIC to some other organization or ISP in the region. So the abuse activity originated in that organization's network, not in LACNIC. You should query our whois database to get information about the source of this abuse activity and the appropriate network contact. LACNIC's whois is available at: http://lacnic.net/cgi-bin/lacnic/whois or via the command line: whois -h whois.lacnic.net [IP ADDRESS] Important Note: -- Addresses allocated to Comite Gestor da Internet no Brasil are those allocated to the Brazilian NIR (Registro BR), and in this case you might want to query their Whois database: http://registro.br/cgi-bin/nicbr/whois whois -h whois.nic.br [IP ADDRESS] - Please note that LACNIC has no authority to investigate spam, hacking or any other kind of network abuse activity committed by other organizations. Nor can we punish other organizations' users. More details are available at: http://lacnic.net/abuse If this information did not help you, please reply this message to [EMAIL PROTECTED] and keep the subject line. Regards, LACNIC Hostmaster --Original Header From [EMAIL PROTECTED] Tue Jul 29 04:14:07 2008 Return-Path: [EMAIL PROTECTED] X-Original-To: [EMAIL PROTECTED] Delivered-To: [EMAIL PROTECTED] Received: from localhost (localhost [127.0.0.1]) by mail.lacnic.net (Postfix) with ESMTP id C6A23B9C3 for [EMAIL PROTECTED]; Tue, 29 Jul 2008 04:14:07 -0300 (BRT) X-Virus-Scanned: amavisd-new at lacnic.net X-Spam-Score: -2.407 X-Spam-Level: X-Spam-Status: No, score=-2.407 tagged_above=-99 required=4 tests=[AWL=0.192, BAYES_00=-2.599] Received: from mail.lacnic.net ([127.0.0.1]) by localhost (mail.lacnic.net [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7B1tNXyA0p7h for [EMAIL PROTECTED]; Tue, 29 Jul 2008 04:14:05 -0300 (BRT) X-Greylist: delayed 3599 seconds by postgrey-1.27 at mail.lacnic.net; Tue, 29 Jul 2008 04:14:04 BRT Received: from multicasttech.com (lennon.multicasttech.com [63.105.122.7]) by mail.lacnic.net (Postfix) with ESMTP id DB5F5B9C0 for [EMAIL PROTECTED]; Tue, 29 Jul 2008 04:14:04 -0300 (BRT) Received: from [63.105.122.7] (account marshall_eubanks HELO [IPv6:::1]) by multicasttech.com (CommuniGate Pro SMTP 3.4.8) with ESMTP-TLS id 12277392 for [EMAIL PROTECTED]; Tue, 29 Jul 2008 02:14:04 -0400 Message-Id: [EMAIL PROTECTED] From: Marshall Eubanks [EMAIL PROTECTED] To: [EMAIL PROTECTED] Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Content-Transfer-Encoding: 7bit Mime-Version: 1.0 (Apple Message framework v926) Subject: AS 28551 Date: Tue, 29 Jul 2008 02:14:03 -0400 X-Mailer: Apple Mail (2.926) --Original Message Hello; AS 28551 is in a ASN block assigned to LACNIC and is shwoing up in my BGP tables, but a whois returns a blank : [EMAIL PROTECTED] mcast]$ lacnic_whois 28551 [lacnic.net] % Joint Whois - whois.lacnic.net % This server accepts single ASN, IPv4 or IPv6 queries %
Re: [LN20080729.4147] RE: AS 28551
Le 08-08-01 à 15:05, Marshall Eubanks a écrit : I think that 161.164.248.0/21 and AS 28551 may be hijacked. traceroute to 161.164.248.1 (161.164.248.1), 64 hops max, 40 byte packets snip 7 tengige0-3-0-3.auvtr1.Aubervilliers.opentransit.net (193.251.241.253) 78.728 ms 79.154 ms 79.548 ms 8 tengige0-3-0-1.ffttr1.FrankfurtAmMain.opentransit.net (193.251.241.254) 85.894 ms 86.476 ms 86.701 ms 9 64.208.110.229 (64.208.110.229) 86.312 ms 87.509 ms 87.463 ms 10 Alestra-S-De-R-L-De-CV-San-Pedro-Garza.so-0-2-0.ar1.MEX1.gblx.net (208.48.33.78) 266.280 ms Alestra-S-De-R-L-De-CV-Lago- Zurich.so-0-2-2.ar1.MEX1.gblx.net (64.215.25.70) 262.566 ms Alestra-S- De-R-L-De-CV-San-Pedro-Garza.so-1-1-0.ar1.MEX1.gblx.net (208.48.238.98) 473.559 ms 11 host-201-151-29-61.block.alestra.net.mx (201.151.29.61) 260.021 ms 433.502 ms 259.899 ms 12 host-201-151-29-42.block.alestra.net.mx (201.151.29.42) 661.863 ms 256.985 ms 434.032 ms 13 * * * As well AS paths shown from route-views.ip.att.net end with AS11172 (alestra) then AS28551. Perhaps Walmart is providing Internet access for its maquilladoras? ;) Cheers, -w
Re: Hardware capture platforms
On Fri, 1 Aug 2008, Paul Jakma wrote: GigE is PtP at the physical-layer by the IEEE 802.3ad specification. It's Gah, I meant 802.3ab, of course. just not possible to have a dumb, GigE hub. You have to have a switch that can be told to L2-forward everything to one or more ports (e.g. through a port-mirroring feature, or by disabling MAC learning). Also, though probably not terribly relevant, various switches have various bugs/malfeatures that cause them to consume certain kinds of frames rather than forward them (e.g. consuming all or certain kinds of ISO frames). regards, -- Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A Fortune: Anything is possible, unless it's not.
Re: Hardware capture platforms
On Wed, 30 Jul 2008, Jon Kibler wrote: However, there is a problem with your specification: No hub (that I am aware of) can do 1Gbps. All hubs are 10/100 AFAIK. GigE is PtP at the physical-layer by the IEEE 802.3ad specification. It's just not possible to have a dumb, GigE hub. You have to have a switch that can be told to L2-forward everything to one or more ports (e.g. through a port-mirroring feature, or by disabling MAC learning). Also, though probably not terribly relevant, various switches have various bugs/malfeatures that cause them to consume certain kinds of frames rather than forward them (e.g. consuming all or certain kinds of ISO frames). regards, -- Paul Jakma [EMAIL PROTECTED] [EMAIL PROTECTED] Key ID: 64A2FF6A Fortune: lisp, v.: To call a spade a thpade.
Re: Level3 BGP help
* Jon Lewis was thought to have said: If someone from Level3 could tell me why routes tagged with 65000:0 and/or 65000:1239 don't actually stop those routes from being advertised to 1239, I'd appreciate it. You should start to see them disappear shortly. On route-views they're starting to show as history entries. Bad community list on one router was the issue. regards -Craig
Re: Level3 BGP help
On Aug 1, 2008, at 11:13 AM, Craig Pierantozzi wrote: * Jon Lewis was thought to have said: If someone from Level3 could tell me why routes tagged with 65000:0 and/or 65000:1239 don't actually stop those routes from being advertised to 1239, I'd appreciate it. You should start to see them disappear shortly. On route-views they're starting to show as history entries. Bad community list on one router was the issue. I thought perhaps we'd found the reason behind the tax^surcharge in the other thread... a community tax :)
Covad VOA contact
Hey all sorry for the noise, can someone put me in touch with someone with a clue @ Covad hopefully on their VoA side. Attempting a resolution of some circuits and don't care to escalate things right now. =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA #579 (FW+VPN v4.1) SGFE #574 (FW+VPN v4.1) CEH/CNDA, CHFI Experience hath shewn, that even under the best forms (of government) those entrusted with power have, in time, and by slow operations, perverted it into tyranny. Thomas Jefferson wget -qO - www.infiltrated.net/sig|perl http://pgp.mit.edu:11371/pks/lookup?op=getsearch=0x3AC173DB
Re: Software router state of the art
On 2008-07-28, Joe Greco [EMAIL PROTECTED] wrote: I have yet to look into *BSD based solutions, but hear very good things about firewall performance. I don't know about BGP/OSPF/MPLS etc support on FreeBSD but am going to wager a guess its on par with Linux if not better. The underlying OS is responsible for packet forwarding, but none of them do any significant routing protocols natively. OpenBSD has OpenOSPFD/OpenBGPD in the base OS rather than as a port/ package, so it's fully coupled with any kernel changes (and supports some things missing from the FreeBSD port).
Weekly Routing Table Report
This is an automated weekly mailing describing the state of the Internet Routing Table as seen from APNIC's router in Japan. Daily listings are sent to [EMAIL PROTECTED] For historical data, please see http://thyme.apnic.net. If you have any comments please contact Philip Smith [EMAIL PROTECTED]. Routing Table Report 04:00 +10GMT Sat 02 Aug, 2008 Report Website: http://thyme.apnic.net Detailed Analysis: http://thyme.apnic.net/current/ Analysis Summary BGP routing table entries examined: 265184 Prefixes after maximum aggregation: 129461 Deaggregation factor: 2.05 Unique aggregates announced to Internet: 129300 Total ASes present in the Internet Routing Table: 28821 Prefixes per ASN: 9.20 Origin-only ASes present in the Internet Routing Table: 25126 Origin ASes announcing only one prefix: 12150 Transit ASes present in the Internet Routing Table:3695 Transit-only ASes present in the Internet Routing Table: 79 Average AS path length visible in the Internet Routing Table: 3.6 Max AS path length visible: 21 Max AS path prepend of ASN ( 3816) 15 Prefixes from unregistered ASNs in the Routing Table: 572 Unregistered ASNs in the Routing Table: 211 Number of 32-bit ASNs allocated by the RIRs: 53 Prefixes from 32-bit ASNs in the Routing Table: 7 Special use prefixes present in the Routing Table:0 Prefixes being announced from unallocated address space:791 Number of addresses announced to Internet: 1888212576 Equivalent to 112 /8s, 139 /16s and 214 /24s Percentage of available address space announced: 50.9 Percentage of allocated address space announced: 61.9 Percentage of available address space allocated: 82.3 Percentage of address space in use by end-sites: 73.0 Total number of prefixes smaller than registry allocations: 129790 APNIC Region Analysis Summary - Prefixes being announced by APNIC Region ASes:60837 Total APNIC prefixes after maximum aggregation: 22712 APNIC Deaggregation factor:2.68 Prefixes being announced from the APNIC address blocks: 57817 Unique aggregates announced from the APNIC address blocks:26028 APNIC Region origin ASes present in the Internet Routing Table:3320 APNIC Prefixes per ASN: 17.41 APNIC Region origin ASes announcing only one prefix:878 APNIC Region transit ASes present in the Internet Routing Table:513 Average APNIC Region AS path length visible:3.5 Max APNIC Region AS path length visible: 15 Number of APNIC addresses announced to Internet: 369846304 Equivalent to 22 /8s, 11 /16s and 104 /24s Percentage of available APNIC address space announced: 78.7 APNIC AS Blocks4608-4864, 7467-7722, 9216-10239, 17408-18431 (pre-ERX allocations) 23552-24575, 37888-38911, 45056-46079 APNIC Address Blocks58/8, 59/8, 60/8, 61/8, 112/8, 113/8, 114/8, 115/8, 116/8, 117/8, 118/8, 119/8, 120/8, 121/8, 122/8, 123/8, 124/8, 125/8, 126/8, 202/8, 203/8, 210/8, 211/8, 218/8, 219/8, 220/8, 221/8, 222/8, ARIN Region Analysis Summary Prefixes being announced by ARIN Region ASes:121736 Total ARIN prefixes after maximum aggregation:65145 ARIN Deaggregation factor: 1.87 Prefixes being announced from the ARIN address blocks:91199 Unique aggregates announced from the ARIN address blocks: 34975 ARIN Region origin ASes present in the Internet Routing Table:12333 ARIN Prefixes per ASN: 7.39 ARIN Region origin ASes announcing only one prefix:4760 ARIN Region transit ASes present in the Internet Routing Table:1172 Average ARIN Region AS path length visible: 3.3 Max ARIN Region AS path length visible: 15 Number of ARIN addresses announced to Internet: 359625120 Equivalent to 21 /8s, 111 /16s and 113 /24s Percentage of available ARIN address space announced: 73.9 ARIN AS Blocks 1-1876, 1902-2042, 2044-2046, 2048-2106 (pre-ERX allocations) 2138-2584, 2615-2772, 2823-2829, 2880-3153
Cache Poisoning Detection via ONZRA's CacheAudit
In light of new attack vectors DNS Cache Poisoning discovered by Dan Kaminsky, ONZRA has developed a free Open Source (BSD License) tool called CacheAudit. This tool allows recursive providers to detect cache poisoning events using cache dumps from their DNS servers. Along with releasing this tool, ONZRA has also released a white paper describing the validation process. Main Tool Page: http://www.onzra.com/cacheaudit.html White Paper: http://www.onzra.com/RecursiveDNSCacheAuditingWhitepaper.pdf Jose -- Jose Avila III ONZRA www.onzra.com
Re: Cache Poisoning Detection via ONZRA's CacheAudit
On Fri, 1 Aug 2008 13:20:45 -0700 Jose Avila [EMAIL PROTECTED] wrote: In light of new attack vectors DNS Cache Poisoning discovered by Dan Kaminsky, ONZRA has developed a free Open Source (BSD License) tool called CacheAudit. This tool allows recursive providers to detect cache poisoning events using cache dumps from their DNS servers. Along with releasing this tool, ONZRA has also released a white paper describing the validation process. Main Tool Page: http://www.onzra.com/cacheaudit.html White Paper: http://www.onzra.com/RecursiveDNSCacheAuditingWhitepaper.pdf Main Tool Page: http://www.onzra.com/cacheaudit.html LOL. Now that's funny! I get a completely black screen with Firefox and IE. I briefly glanced at the HTML src code (CTRL-U) but don't want to burn brain cells figuring out what you have to say. matthew black network services california state university, long beach
Re: Cache Poisoning Detection via ONZRA's CacheAudit
Issue should be corrected. Thanks, Jose On Aug 1, 2008, at 3:25 PM, Matthew Black wrote: On Fri, 1 Aug 2008 13:20:45 -0700 Jose Avila [EMAIL PROTECTED] wrote: In light of new attack vectors DNS Cache Poisoning discovered by Dan Kaminsky, ONZRA has developed a free Open Source (BSD License) tool called CacheAudit. This tool allows recursive providers to detect cache poisoning events using cache dumps from their DNS servers. Along with releasing this tool, ONZRA has also released a white paper describing the validation process. Main Tool Page: http://www.onzra.com/cacheaudit.html White Paper: http://www.onzra.com/RecursiveDNSCacheAuditingWhitepaper.pdf Main Tool Page: http://www.onzra.com/cacheaudit.html LOL. Now that's funny! I get a completely black screen with Firefox and IE. I briefly glanced at the HTML src code (CTRL-U) but don't want to burn brain cells figuring out what you have to say. matthew black network services california state university, long beach
Test Cases for Network Management
Hi Everyone Does anyone have any network management test cases or templates (particularly based around fault management, performance and security) which I could have access to help with some evaluation of some open source network management platforms for SME clients. Ideally test cases which support IP based networks (both local and wide area) and Cisco/Nortel equipment would be excellent. Many thanks in advance Adrian __ Not happy with your email address?. Get the one you really want - millions of new email addresses available now at Yahoo! http://uk.docs.yahoo.com/ymail/new.html
[to [EMAIL PROTECTED] ATT/AS7018 eng?
³When in Rome...² Any backbone eng¹s (access or ipfr) from as7018 present? An off list reply leading to problem mitigation wins you a case of beer . . . ;) -jamie -- jamie rishaw // arpa
Sprint Looking Glass
Greetings, Earlier today, I was tying to determine what local preferences Sprint uses within their network for peers vs customers ... Long story short, their Looking Glass only allows for: ping traceroute bgp dampened bgp flap-statistics But not 'bgp X.X.X.X' which can be quite frustrating.The customer local preferences are within their community guide, but they do not state that of a peer. Anybody find an alternative means to get this type of information, short of emailing [EMAIL PROTECTED] ? (I did email them and have yet to get a response)I also called the customer service group who were kind, but clueless about the question, forget the answer. If anybody from Sprint is reading this and can aid in getting 'show ip bgp X.X.X.X' re-enabled on the Looking Glass, I would be most grateful. charles
Yahoo mail abuse contact?
Randy Cassingham at This Is True is complaining in his newsletter that he has something like 15K undeliverables to Yahoo email addresses, because, as he understands it, some of those people clicked Yahoo's 'This is Spam' button, and he can't find a way off the list. Anyone got a pointer to Yahoo closed-loop stuff I can point him at? Cheers, -- jra -- Jay R. Ashworth Baylink [EMAIL PROTECTED] Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com '87 e24 St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274 Those who cast the vote decide nothing. Those who count the vote decide everything. -- (Josef Stalin)