Re: Spamhaus ...
On Wed, 17 Feb 2010 18:33:00 -0700 Joel M Snyder joel.sny...@opus1.com wrote: I second the assertion that others have already made that this is worth the money. We do spam testing, and I can more-or-less guarantee that Spamhaus beats all of the free reputation services (and a number of the for-pay ones) hands-down in its ability to block spam and the incredibly low number of false positives. We ADDED Spamhaus to our IronPort because it was inexpensive. I recall using MAPS RBL many years earlier with a lot of false positives and angry companies trying to reach our users. John Levine wrote: We no longer use Spamhaus, relying instead upon Sender Base Reputation Scores (IronPort). How does the price compare? Well, depending on how you look at it, either horribly or beautifully. You can't buy SenderBase by itself; you get it with an Ironport anti-spam appliance. So if you were going to buy Ironport anyway, the price is free which makes it cheaper than Spamhaus. On the other hand, if you just want SenderBase, it'd be a very expensive way to get only the reputation filtering. In general, like many of the big-name anti-spam products, the reputation service is part-and-parcel of the product and can't really be separated out. In fact, with Ironport, they use the reputation service in two ways: one is to block connections in the first place, and the second way is to bias results of their content filter for connections which are accepted. Since their scores are -10 to +10, there's considerable leeway to use the information as part of their anti-spam cocktail beyond simple go/no-go of a typical reputation service. jms Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 SenderBase blocks about 90% of incoming connections. 3-part TCP/IP handshake, send them an error, then disconnect. For some egregious senders, we simply refuse the TCP/IP connection. You don't have to scan refused messages or connections for viruses or spam, a very costly process. When IronPort first released their own anti-spam product to replace Brightmail, it had many false positives. We were a beta tester. They do much better now and false positives are almost non-existent. We still encounter the occasional user wondering why their connection gets blocked by SenderBase. For our users, we remind them to configure SMTP AUTH when working from off campus because so many DSL addesses have low SBRS values. SMTP AUTH lets them bypass the SenderBase. One of the coolest IronPort features is virtual gateways. Besides all the reputation filtering and anti-spam, anti-virus features, IronPort lets you create virtual gateways so outbound e-mail can be classed to use a different outbound source IP address. Very helpful so that our bulk mailers don't affect individual users should we get black or graylisted. Cheers. matthew black e-mail postmaster california state university, long beach
Re: In wall switches
On 2/16/2010 12:01 PM, Jeff Kell wrote: On 2/16/2010 11:45 AM, Douglas K. Rand wrote: Does anyone know of anything like a small, but managed in wall switch? We had looked at the 3com NJ90 for a deployment. We ended up pulling more wire instead, but it was a cool device. It isn't managed. But from the 3com page I see that they now have new devices, the NJ220 for managed fast Ethernet, and a NJ2000 for gigE. We have a number of NS220s out there working fine, but they are either EOS/EOL or their clocks are ticking. There is the NJ2000 series, but they have issues with management and proper reporting (our network management gear can't quite properly manage them as the NJ220s). Jeff We've used the NJ220s herePITA. Maybe it's how we use them (multicast traffic and .1q VLANs) but I could never get a consistent view of the quantity of the NJ220s active on the subnet. I found that when passing a fair amount of traffic ( 10Mbps) the 3com management widget Central Configuration Manager wouldn't be able to manage the switch unless I reduced that traffic load on the port leading to the NJ220.
Re: Spamhaus...
Laczo, Louis wrote: Folks, I'm looking for comments / suggestions / opinions from any providers that have been contacted by spamhaus about excessive queries originating from their DNS resolvers, typically, as a proxy for customers. I know that certain large DNS providers (i.e. google and level3) have either been banned or have voluntarily blocked spamhaus queries by their resolvers. We're currently in discussion with spamhaus and I wanted to see how others may have handled this. They seem to be doing that a lot of late. They also contacted my employer and demanded $100k/yr(?) for having a Use Spamhaus RBL in our software. Next version will not have the ability to query Spamhaus unless a user configures it themselves in the Custom RBL settings. Michelle ? = could have been more, not sure without checking with the CEO, result was the same.
50/8 and 107/8 allocated to ARIN
Hi, The IANA IPv4 registry has been updated to reflect the allocation of two /8 IPv4 blocks to ARIN in February 2010: 50/8 and 107/8. You can find the IANA IPv4 registry at: http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt Please update your filters as appropriate. There are 22 unallocated unicast IPv4 /8s. Regards, Leo Vegoda Number Resources Manager, IANA ICANN
Re: austin eats
Daniel I hope you'll be able to join us at Iron Cactus on Sunday night - http://renster.multiply.com/photos/album/553/Sunday_night_in_Austin On Thu, Feb 18, 2010 at 12:01 AM, Daniel Fox d...@smarsh.com wrote: Just ate at iron cactus on 6th and both the talapia and spicy shrimp tacos are phenomonal! Margaritas are really good too... 90 plus tequillas to choose from...great staff Daniel Fox Smarsh Inc - Original Message - From: Chris Boyd cb...@gizmopartners.com Sent: 17 February 2010 14:42 To: North American Network Operators Group na...@merit.edu Subject: Re: austin eats On Feb 17, 2010, at 2:04 PM, Will Clayton wrote: Maudi's on Lake Austin and Taco Deli are always on my menu. We just got some Buffalo Wild Wings in town if you are in to that. If you make it to NXNW get the Calimari. If you wind up ordering pizza, shop local and get the best pizza for the best price in town at Austin's Pizza. Austin's is good, but HomeSlice on South Congress is better, and you can walk on down to Trophy's, Continental Club, or the garden at Guero's and take in a band. http://www.homeslicepizza.com/ http://austin.citysearch.com/profile/10210801/austin_tx/trophy_s_bar_grill.html http://www.continentalclub.com/ http://www.guerostacobar.com/
Re: austin eats
On Feb 17, 2010, at 5:23 PM, Randy Bush wrote: which raises the critical question, where is the nearest decent (i.e. not fourbucks) coffee to the venue? https://auth.lessnetworks.com/v099/app?service=direct/1/Home/hotList_col3sp=0sp=SDESC Has a list of some hotspots. The Schlotzky's across the street from SBUX downtown also has free access. There's also a city sponsored network available in several of the downtown parks. --Chris
Re: Spamhaus ...
Sharef Mustafa wrote: What is the title of the white paper you mentioned? Is it available for free? If not how can I get it? Sorry, I should have put the link to the Best Practices in Reputation Services white paper in. I meant to, but I got distracted writing the disclaimer and forgot to paste the URL. http://www.opus1.com/www/whitepapers/reputationserviceswp.pdf jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 j...@opus1.comhttp://www.opus1.com/jms
Re: Spamhaus...
On 2/17/2010 7:35 PM, John Levine wrote: We no longer use Spamhaus, relying instead upon Sender Base Reputation Scores (IronPort). How does the price compare Price comparisons would be difficult; with Ironport (Cisco now) you get hardware to go along with the service. -- Dave
Re: Spamhaus ...
We ADDED Spamhaus to our IronPort because it was inexpensive. I recall using MAPS RBL many years earlier with a lot of false positives and angry companies trying to reach our users. Yeah, I used to pay for MAPS but dropped them several years ago because of the false positives and the high cost. R's, John
Re: austin eats
The fish tacos at Hang Town down Capital of Texas are awesome too. On Wed, Feb 17, 2010 at 11:01 PM, Daniel Fox d...@smarsh.com wrote: Just ate at iron cactus on 6th and both the talapia and spicy shrimp tacos are phenomonal! Margaritas are really good too... 90 plus tequillas to choose from...great staff Daniel Fox Smarsh Inc - Original Message - From: Chris Boyd cb...@gizmopartners.com Sent: 17 February 2010 14:42 To: North American Network Operators Group na...@merit.edu Subject: Re: austin eats On Feb 17, 2010, at 2:04 PM, Will Clayton wrote: Maudi's on Lake Austin and Taco Deli are always on my menu. We just got some Buffalo Wild Wings in town if you are in to that. If you make it to NXNW get the Calimari. If you wind up ordering pizza, shop local and get the best pizza for the best price in town at Austin's Pizza. Austin's is good, but HomeSlice on South Congress is better, and you can walk on down to Trophy's, Continental Club, or the garden at Guero's and take in a band. http://www.homeslicepizza.com/ http://austin.citysearch.com/profile/10210801/austin_tx/trophy_s_bar_grill.html http://www.continentalclub.com/ http://www.guerostacobar.com/
Re: austin eats
Now that you mention it, Might Fine burgers are some of the best I've had in town too. On Wed, Feb 17, 2010 at 8:58 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Wed, Feb 17, 2010 at 9:07 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Wed, Feb 17, 2010 at 6:23 PM, Randy Bush ra...@psg.com wrote: Most coffee shops, bars and restaurants have wifi hotspots since there's an active group of volunteers that helps install and maintain them. which raises the critical question, where is the nearest decent (i.e. not fourbucks) coffee to the venue? http://maps.google.com/maps?near=500+E+4th+St,+Austin,+TX+78701geocode=CdxL1XHf6o_tFXzOzQEdUJ8s-ikL4kgoprVEhjGsYasgZ_A1zQq=coffee+shopf=lsll=30.265406,-97.739289sspn=0.004202,0.003578ie=UTF8z=15 lmgtfy.com ... (I'll ask a local as well, unless one pipes up first) A local (and very good friend, buy her book: http://www.notellbooks.org/harlot book not about coffee, and the cover's a tad nsfwish... but it's art so...) says: Ok, this is a few blocks away but it's quite fine-- mighty fine, even-- http://www.halcyonaustin.com/ 218 W 4th street -Chris
Re: austin eats
On Thu, Feb 18, 2010 at 9:51 AM, Will Clayton w.d.clay...@gmail.com wrote: Now that you mention it, Might Fine burgers are some of the best I've had in town too. I can't believe nobody has mentioned the burgers at Hut's or Casino El Camino yet. Casino is a bar that's walking distance from the hotel. The buffalo burger (as in wing sauce, not bison) is hot and tasty. For cheap but decent sushi, check out Kyoto on Congress -- the happy hour pricing has strict rules though -- arrive early, and no seating of incomplete parties. Then head downstairs for some live jazz at the Elephant Room. http://www.kyotodowntown.com/5585168_47375.htm -Adam
Re: austin eats
For good food/beer/atmosphere, I recommend Fado Irish Pub on 214 W. 4th. -- Byron L. Hicks University of Texas System 512-377-9857 AIM: byronhicks On Thu, Feb 18, 2010 at 10:42 AM, Adam Kujawski adam...@amplex.net wrote: On Thu, Feb 18, 2010 at 9:51 AM, Will Clayton w.d.clay...@gmail.com wrote: Now that you mention it, Might Fine burgers are some of the best I've had in town too. I can't believe nobody has mentioned the burgers at Hut's or Casino El Camino yet. Casino is a bar that's walking distance from the hotel. The buffalo burger (as in wing sauce, not bison) is hot and tasty. For cheap but decent sushi, check out Kyoto on Congress -- the happy hour pricing has strict rules though -- arrive early, and no seating of incomplete parties. Then head downstairs for some live jazz at the Elephant Room. http://www.kyotodowntown.com/5585168_47375.htm -Adam
Re: Spamhaus...
On 2/18/2010 at 2:40 AM, Michelle Sullivan matt...@sorbs.net wrote: Laczo, Louis wrote: Folks, I'm looking for comments / suggestions / opinions from any providers that have been contacted by spamhaus about excessive queries originating from their DNS resolvers, typically, as a proxy for customers. I know that certain large DNS providers (i.e. google and level3) have either been banned or have voluntarily blocked spamhaus queries by their resolvers. We're currently in discussion with spamhaus and I wanted to see how others may have handled this. They seem to be doing that a lot of late. They also contacted my employer and demanded $100k/yr(?) for having a Use Spamhaus RBL in our software. Next version will not have the ability to query Spamhaus unless a user configures it themselves in the Custom RBL settings. Michelle ? = could have been more, not sure without checking with the CEO, result was the same. We received such a message from a Spamhaus Datafeed reseller and eventually had our DNS servers blocked. What angered me was that I analyzed our usage, and we were well below the thresholds and met the TOS published at the Spamhaus website for no-cost use. However, they said we had to subscribe to the Datafeed despite that because we have a Barracuda appliance. To me, it sounds like Barracuda customers are being singled out in some conflict between Barracuda Networks and Spamhaus. Spamhaus (via the reseller, MXTools) is leaning on Barracuda customers hoping that they'll lean on Barracuda Networks so that Barracuda Networks will do a deal at the corporate level with Spamhaus. Spamhaus does some good work, but being used as a pawn in some conflict between vendors doesn't feel nice. And I want to know how they figured out we had a Barracuda.
Re: Spamhaus...
On 2/18/2010 12:50 PM, Crist Clark wrote: On 2/18/2010 at 2:40 AM, Michelle Sullivanmatt...@sorbs.net wrote: Laczo, Louis wrote: Folks, I'm looking for comments / suggestions / opinions from any providers that have been contacted by spamhaus about excessive queries originating from their DNS resolvers, typically, as a proxy for customers. I know that certain large DNS providers (i.e. google and level3) have either been banned or have voluntarily blocked spamhaus queries by their resolvers. We're currently in discussion with spamhaus and I wanted to see how others may have handled this. They seem to be doing that a lot of late. They also contacted my employer and demanded $100k/yr(?) for having a Use Spamhaus RBL in our software. Next version will not have the ability to query Spamhaus unless a user configures it themselves in the Custom RBL settings. Michelle ? = could have been more, not sure without checking with the CEO, result was the same. We received such a message from a Spamhaus Datafeed reseller and eventually had our DNS servers blocked. What angered me was that I analyzed our usage, and we were well below the thresholds and met the TOS published at the Spamhaus website for no-cost use. However, they said we had to subscribe to the Datafeed despite that because we have a Barracuda appliance. To me, it sounds like Barracuda customers are being singled out in some conflict between Barracuda Networks and Spamhaus. Spamhaus (via the reseller, MXTools) is leaning on Barracuda customers hoping that they'll lean on Barracuda Networks so that Barracuda Networks will do a deal at the corporate level with Spamhaus. Spamhaus does some good work, but being used as a pawn in some conflict between vendors doesn't feel nice. And I want to know how they figured out we had a Barracuda. try using barracuda's own barbell(brbl) service..i don't know if it's built into your appliance. I have also found that greylisting(for me via postgrey) has done more than any rbl to nearly eliminate my spam.
Blocking private AS
I am thinking about implementing a filter to block all traffic with private AS numbers in the path. I see quite a few in my table though so I am concerned I might block some legitimate traffic. In some cases, these are just prefixes with the private appended to the end but a few have the private as a transit. Is this a good idea or would I likely be blocking too much legitimate traffic? The filter I am using currently shows the following: BGP table version is 5462394, local router ID is 209.112.253.4 Status codes: s suppressed, d damped, h history, * valid, best, i - internal, r RIB-failure, S Stale Origin codes: i - IGP, e - EGP, ? - incomplete Network Next HopMetric LocPrf Weight Path * i58.68.109.0/24 x.x.x.x0100 0 6130 9498 10201 65534 i * y.y.y.y 0 6130 9498 10201 65534 i * i68.115.224.0/24 x.x.x.x0100 0 6130 19151 20115 65011 i * y.y.y.y 0 6130 19151 20115 65011 i * 85.112.22.0/24 y.y.y.y 0 6130 6939 23148 64532 64532 64532 64532 64532 64532 64532 64532 64532 i * 93.189.194.0/24 y.y.y.y 0 6130 3549 39386 39386 39386 25233 65000 47146 i * i x.x.x.x0100 0 6130 3549 39386 39386 39386 25233 65000 47146 i * 96.60.243.0/24 y.y.y.y 0 6130 2828 4181 65528 i * i x.x.x.x0100 0 6130 2828 4181 65528 i * i96.61.232.0/24 x.x.x.x0100 0 6130 2828 4181 65527 i * y.y.y.y 0 6130 2828 4181 65527 i * i96.61.233.0/24 x.x.x.x0100 0 6130 2828 4181 65527 i * y.y.y.y 0 6130 2828 4181 65527 i * i96.61.234.0/24 x.x.x.x0100 0 6130 2828 4181 65527 i * y.y.y.y 0 6130 2828 4181 65527 i * 148.207.2.0/24 y.y.y.y 0 6130 2828 3257 16531 13579 65090 i * i x.x.x.x0100 0 6130 2828 3257 16531 13579 65090 i * 148.207.40.0/24 y.y.y.y 0 6130 2828 3257 16531 13579 65090 i * i x.x.x.x0100 0 6130 2828 3257 16531 13579 65090 i * 148.207.97.0/24 y.y.y.y 0 6130 2828 3257 16531 13579 65090 i * i x.x.x.x0100 0 6130 2828 3257 16531 13579 65090 i * 170.34.100.0/24 y.y.y.y 0 6130 19151 20115 65011 ? * 170.34.104.0/24 y.y.y.y 0 6130 19151 20115 65011 ? * 170.34.113.0/24 y.y.y.y 0 6130 19151 20115 65011 ? * i174.35.1.0/24x.x.x.x0100 0 6130 16467 64565 i * i174.47.199.0/24 x.x.x.x0100 0 6130 2828 4323 15065 65123 i * y.y.y.y 0 6130 2828 4323 15065 65123 i * i192.109.61.0 x.x.x.x0100 0 6130 19151 20115 65011 i * y.y.y.y 0 6130 19151 20115 65011 i * 196.216.249.0y.y.y.y 0 6130 2828 3257 8513 8513 8513 36881 65000 36896 37062 i * i x.x.x.x0100 0 6130 2828 3257 8513 8513 8513 36881 65000 36896 37062 i Network Next HopMetric LocPrf Weight Path * 209.172.69.128/30 y.y.y.y 0 6130 16467 64565 i * i x.x.x.x0100 0 6130 16467 64565 i * 213.146.161.0y.y.y.y 0 6130 2828 174 64679 48493 i * i x.x.x.x0100 0 6130 2828 174 64679 48493 i Thomas Magill Network Engineer Office: (858) 909-3777 Cell: (858) 869-9685 mailto:tmag...@providecommerce.com mailto:tmag...@providecommerce.com provide-commerce 4840 Eastgate Mall San Diego, CA 92121 ProFlowers http://www.proflowers.com/ | redENVELOPE http://www.redenvelope.com/ | Cherry Moon Farms http://www.cherrymoonfarms.com/ | Shari's Berries http://www.berries.com/
Re: Latest Cisco for small dual homed ASN
On 11/02/2010 18:53, James Smallacombe wrote: I have a customer that is looking at using BGP for their network; one connection over a few bonded T1s, the other over a Comcast Enterprise connection (which supposedly will do BGP now). When I was dual homed a few years ago, a 7204VXR with 256MB was more than adequate. With routing tables growing the way they are, what's a good Cisco based solution on the lower end of the price spectrum that should handle this fine for a few years? There was a bit of info missing from the replies in this thread, so I shall inflict my thoughts onto you all. Sorry, but : On 11/02/2010 19:12, Matthew Huff wrote: You can squeeze by with 512MB, but 1GB of ram would be better. A 7204VXR with 1GB of ram will work fine. ... though you would want an npe-g1 or npe-g2 to avoid frustration. On 11/02/2010 19:08, Seth Mattinen wrote: Any 2800/3800 ISR (except the 2801) will handle this just fine Any sort of attack traffic will hurt this family in a hosting environment in my experience. They are good (feature-rich) in the 'branch' environment though. We are also rolling out huge volumes of Juniper equipment, and medium to high end J-series equipment is likely to vastly exceed expectations without exceeding your budget. Andy -- // www.netsumo.com // Professional network engineering consultancy // //uk ddi: +44(0)20 7993 1702// us ddi: (415) 520 3589//
Re: several messages
Dean Anderson wrote: [Damn. spit out my coffee on keyboard.] Levine and Vixie are partners in Whitehat. Whitehat is a commercial bulk mailer that offers listwashing services (removing spam-traps). MAPS employees were involved in listwashing. MAPS, Spamhaus, SORBS do not block Whitehat, suggesting that the spamtraps removed come from MAPS/Spamhaus/SORBS LOL Dean's really lost it finally (if he hadn't before.) SORBS does not 'not block' anyone (many on here will attest to that) no one is to big or too small to get listed in SORBS. ..but more importantly, and almost on topic unlike Dean's entire post... I thought Dean was banned for his off continual off topic posts and all the attacks on other people and organisations? Michelle
Re: Spamhaus...
On 18/02/2010 10:40, Michelle Sullivan wrote: They seem to be doing that a lot of late. They also contacted my employer and demanded $100k/yr(?) for having a Use Spamhaus RBL in our software. I sympathise. It's very frustrating when you try to deal with these anti-spam outfits in a reasonable way and you're met with almost completely arbitrary b/s. Nick
Re: several messages
On Feb 18, 2010, at 3:15 PM, Michelle Sullivan wrote: Dean Anderson wrote: [Damn. spit out my coffee on keyboard.] Levine and Vixie are partners in Whitehat. Whitehat is a commercial bulk mailer that offers listwashing services (removing spam-traps). MAPS employees were involved in listwashing. MAPS, Spamhaus, SORBS do not block Whitehat, suggesting that the spamtraps removed come from MAPS/Spamhaus/SORBS LOL Dean's really lost it finally (if he hadn't before.) SORBS does not 'not block' anyone (many on here will attest to that) no one is to big or too small to get listed in SORBS. ..but more importantly, and almost on topic unlike Dean's entire post... I thought Dean was banned for his off continual off topic posts and all the attacks on other people and organisations? Dean e-mails lots of people directly and CC's the list with his .. uh .. missives. The list members do not see it, just the people individual on the To or CC lines see it. When you reply to the list, /then/ people on the list see it. I am replying to the list because I want to educate people. The next time someone gets e-mail from Dean, please do not reply to NANOG. -- TTFN, patrick
Re: Spamhaus...
On Thu, Feb 18, 2010 at 3:25 PM, Nick Hilliard n...@foobar.org wrote: On 18/02/2010 10:40, Michelle Sullivan wrote: They seem to be doing that a lot of late. They also contacted my employer and demanded $100k/yr(?) for having a Use Spamhaus RBL in our software. I sympathise. It's very frustrating when you try to deal with these anti-spam outfits in a reasonable way and you're met with almost completely arbitrary b/s. really? that happens? I'm shocked. Oh wait, you were being ironic! -chris
Re: Spamhaus...
On 2/18/2010 at 11:47 AM, Michelle Sullivan matt...@sorbs.net wrote: Crist Clark wrote: We received such a message from a Spamhaus Datafeed reseller and eventually had our DNS servers blocked. What angered me was that I analyzed our usage, and we were well below the thresholds and met the TOS published at the Spamhaus website for no-cost use. However, they said we had to subscribe to the Datafeed despite that because we have a Barracuda appliance. Well aside from I remember reading that they look for Barracuda Appliances*, it does say on: http://www.spamhaus.org/organization/dnsblusage.html *Definition: non-commercial use is use for any purpose other than as part or all of a product or service that is resold, or for use of which a fee is charged. For example, using our DNSBLs in a commercial spam filtering appliance that is then sold to others requires a data feed, regardless of use volume. The same is true of commercial spam filtering software and commercial spam filtering services. We do not fit into that. We are not selling an appliance or service to others (the 'Cuda is for our internal corporate email only, not customers). If we were still using my home-built SpamAssassin system, it'd be OK to use Spamhaus. Now that we've purchased an appliance and manually added a Spamhaus to the user-customizable DNSBL list on it, it's not OK? And I want to know how they figured out we had a Barracuda. * well have you considered that the Barracuda may be very specific in it's IP stack, or they signature it produces in queries etc. Might have a very specific open port for administration - and not forgetting that if it's making queries very directly it's exposing it's IP address and therefore can be tested very simply. Many different ways, and I bet I could find out if I were to have a device to look at. I have considered that, but it would seem it must be some signature in the queries. It does not query directly, but through our own caching DNS servers (I won't name the DNS server software, but its initials are B.I.N.D.).
Re: several messages
On Thu, Feb 18, 2010 at 3:25 PM, Patrick W. Gilmore patr...@ianai.net wrote: On Feb 18, 2010, at 3:15 PM, Michelle Sullivan wrote: Dean Anderson wrote: [Damn. spit out my coffee on keyboard.] Levine and Vixie are partners in Whitehat. Whitehat is a commercial bulk mailer that offers listwashing services (removing spam-traps). MAPS employees were involved in listwashing. MAPS, Spamhaus, SORBS do not block Whitehat, suggesting that the spamtraps removed come from MAPS/Spamhaus/SORBS LOL Dean's really lost it finally (if he hadn't before.) SORBS does not 'not block' anyone (many on here will attest to that) no one is to big or too small to get listed in SORBS. ..but more importantly, and almost on topic unlike Dean's entire post... I thought Dean was banned for his off continual off topic posts and all the attacks on other people and organisations? Dean e-mails lots of people directly and CC's the list with his .. uh .. missives. The list members do not see it, just the people individual on the To or CC lines see it. When you reply to the list, /then/ people on the list see it. I am replying to the list because I want to educate people. The next time someone gets e-mail from Dean, please do not reply to NANOG. -- TTFN, patrick +1 to that. I had to create a mail filter specifically for him that takes the message, sends it back with a message saying not to mail me anymore. He doesn't get hints very well.
Re: several messages
[bagged and tagged for hazmat disposal] Why is that everybody who is compelled to comment on how useless (or worse) a posting is is also compelled to quote the garbage at great length? -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email
Re: Spamhaus...
On 2/18/2010 2:36 PM, Crist Clark wrote: *Definition: non-commercial use is use for any purpose other than as part or all of a product or service that is resold, or for use of which a fee is charged. For example, using our DNSBLs in a commercial spam filtering appliance that is then sold to others requires a data feed, regardless of use volume. The same is true of commercial spam filtering software and commercial spam filtering services. We do not fit into that. We are not selling an appliance or service to others (the 'Cuda is for our internal corporate email only, not customers). Would appear to this uninformed ignoramus that Barracuda is using the data for a commercial purpose and should be buying the feed. It appears, therefore, that you have a beef with Barracuda. Do they monitor this list, or is there a better way of contacting them? -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: Spamhaus...
In article 4b7da21c.1060...@foobar.org you write: On 18/02/2010 10:40, Michelle Sullivan wrote: They seem to be doing that a lot of late. They also contacted my employer and demanded $100k/yr(?) for having a Use Spamhaus RBL in our software. I sympathise. It's very frustrating when you try to deal with these anti-spam outfits in a reasonable way and you're met with almost completely arbitrary b/s. Spamhaus has a published price list. If you use them in a separate filtering service you sell, the price is considerably higher than if you use them as part of mail service. R's, John
Austin
Any of the Austin contingent near the IRS office? Everybody OK? -- Government big enough to supply everything you need is big enough to take everything you have. Remember: The Ark was built by amateurs, the Titanic by professionals. Requiescas in pace o email Ex turpi causa non oritur actio Eppure si rinfresca ICBM Targeting Information: http://tinyurl.com/4sqczs http://tinyurl.com/7tp8ml
Re: Latest Cisco for small dual homed ASN
On Thu, Feb 11, 2010 at 1:53 PM, James Smallacombe u...@3.am wrote: I have a customer that is looking at using BGP for their network; one connection over a few bonded T1s, the other over a Comcast Enterprise connection (which supposedly will do BGP now). When I was dual homed a few years ago, a 7204VXR with 256MB was more than adequate. With routing tables growing the way they are, what's a good Cisco based solution on the lower end of the price spectrum that should handle this fine for a few years? I use 2811s in a couple of similar configurations. One of them currently uses about 400M of the 768M ram with 4 BGP feeds and soft-reconfiguration inbound. Another with just one BGP feed and soft-reconfiguration takes about 300M. Needs a minute or so to recover from one of the BGP links dropping but otherwise it keeps up with my light-weight traffic just fine. In both cases the packets are cpu-switched and normal CPU load (when a link isn't collapsing or returning) is under 10%. -- William D. Herrin her...@dirtside.com b...@herrin.us 3005 Crane Dr. .. Web: http://bill.herrin.us/ Falls Church, VA 22042-3004
Tahiti's OPT ASN?
Anyone got the ASN of Office des Postes et Télécommunications in French Polynesia? I'm having a heck of a time looking for it in APNIC. scott
Please Ignore Re: Tahiti's OPT ASN?
--- sur...@mauigateway.com wrote: -- Anyone got the ASN of Office des Postes et Télécommunications in French Polynesia? I'm having a heck of a time looking for it in APNIC. --- Apologies for the noise. I found it at http://multicasttech.com/status/asn_expand.txt just after sending this: 9471 scott
RE: dns interceptors
While not covering all apps you may want to use, it does work for at least Firefox when web browsing (works on non-windows too) when using an ssh socks proxy Go to the address about:config filter for dns toggle network.proxy.socks_remote_dns to true and then firefox will send its own DNS queries over the socks proxy. -Original Message- From: Patrick W. Gilmore [mailto:patr...@ianai.net] Sent: Sunday, February 14, 2010 11:42 AM To: North American Network Operators Group Subject: Re: dns interceptors On Feb 14, 2010, at 12:37 PM, Jason Frisvold wrote: On Feb 13, 2010, at 4:58 PM, Randy Bush wrote: i am often on funky networks in funky places. e.g. the wireless in changi really sucked friday night. if i ssh tunneled, it would multiply the suckiness as tcp would have puked at the loss rate. You can always run your own local resolver... Or is there a reason that's unacceptable? How does that help? It still sends port 53 requests to the authorities, which will be intercepted. -- TTFN, patrick smb whacked me that i should use non-tcp tunnels. randy -- Jason 'XenoPhage' Frisvold xenopha...@gmail.com http://blog.godshell.com
Spamhaus and Barracuda Networks BRBL
With respect to Barracuda Networks and Spamhaus. I expect, but I do not know, that Spamhaus probes on port 25 in order to identify Barracuda Spam and Virus Firewalls and then block their access to their RBL. Many Barracuda customers have been cut off without warning causing them trouble and pain. Barracuda attempted to find a deal that would work for licensing Spamhaus for our products, however, spamhaus's desire for money could not be met without significantly increasing the price to each of our customers.They wanted us to charge the spamhaus feed price to each of our customers. We tried to find an arrangement for a long time. I personally love the work that spamhaus has done. I was disappointed that we could not find an arrangement once they changed into a commercial entity and started charging customers. When they were providing a free service we promoted them strongly, but when they started charging the customers that really used it, we had to part ways. It is a pity. We recommend customers use only Barracuda's Free RBL: BRBL and this is now built into the Barracuda Spam and Virus Firewall. http://www.barracudacentral.org/rbl The BRBL is provided at no charge to anyone who wants to use it (even non barracuda customers). The BRBL has a full time staff that answers phone and email to correct any false positives and handle removal requests -- unlike competing services that charge money and who do not provide a staff. We will consider providing data feeds if anyone has interest. We currently provide the BRBL as a free service. We make no claims about it being better or worse than any other RBL. It does use a massive amount of data in order to determine which IP's should be on the list. Others have made claims about its accuracy and say great things about it. Others complain that we unjustly block them, however, 99.9% of the people who are blocked and who contact us find a BOT in their network. Sincerely, Dean Drako CEO Barracuda Networks
Re: Spamhaus...
On Thu, 18 Feb 2010, James Hess wrote: According to the Spamhaus web site, Your mail volume is automatically assumed to be very large, if you use a dedicated anti-spam server/appliance of any type. It would appear that the logic is: everyone who has a low volume of mail MUST perform all spam filtering on the mail server, and not have any separate machine dedicated to spam filtering. If your mail volume is large enough that it made sense to shell out a grand to a few grand for a spam firewall and several hundred $ per year for updates, is it wrong for Spamhaus to want you to pay them too (if you want to use their data to improve your spam filtering)? The yearly fee for small corporate query access (up to a few hundred users) is less than you'd pay for a year of updates on a spam firewall. -- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
Re: Spamhaus and Barracuda Networks BRBL
Dean Drako wrote: We make no claims about it being better or worse than any other RBL. I have some objective data based on our testing here. Over the past 18 months, Barracuda's block rate is 81.9%, while Spamhaus' is 83.3%. For whatever measurement error you want to include, that says that they are roughly equivalent. Over the past 6 months, BRBL is actually getting better: their block rate is 87%, while Spamhaus is 82%. There is, of course, a catch. BRBL gets a higher rate, but at a substantially higher false positive (FP) rate. We normalize FPs per 10,000 messages our measurements. Over the last 18 months, BRBL was 4.1 FP/10K messages; Spamhaus 0.2 FP/10K messages. Again, BRBL is getting better: over the past 6 months, BRBL went down to 1.6 FP/10K messages, while Spamhaus is about the same at 0.3 FP/10K messages. So, depending on your definition of better, you could either say BRBL is better or BRBL is worse. It would generally depend on your sensitivity to FPs. jms -- Joel M Snyder, 1404 East Lind Road, Tucson, AZ, 85719 Senior Partner, Opus One Phone: +1 520 324 0494 j...@opus1.comhttp://www.opus1.com/jms
RE: Spamhaus and Barracuda Networks BRBL
Hello Joel. I have some objective data based on our testing here. Over the past 18 months, Barracuda's block rate is 81.9%, while Spamhaus' is 83.3%. For whatever measurement error you want to include, that says that they are roughly equivalent. Over the past 6 months, BRBL is actually getting better: their block rate is 87%, while Spamhaus is 82%. There is, of course, a catch. BRBL gets a higher rate, but at a substantially higher false positive (FP) rate. We normalize FPs per 10,000 messages our measurements. Over the last 18 months, BRBL was 4.1 FP/10K messages; Spamhaus 0.2 FP/10K messages. Again, BRBL is getting better: over the past 6 months, BRBL went down to 1.6 FP/10K messages, while Spamhaus is about the same at 0.3 FP/10K messages. Your numbers reflect what I see, too. One other thing to note is that the two services don't catch exactly the same spam, so using both results in better trapping than either one alone. John John Souvestre - New Orleans LA
MLFR Differential Delay Problems
Hello NANOGers - I'm working on a project to migrate a customer from one Tier 1 provider to another at 50+ locations (all domestic US sites). Most of these connections are 4xT1 multi-link bundles. The old router configuration was MLPPP which was rock-solid for 3 years (save for the typical last-mile circuit issues, fiber-cuts, etc.). The new carrier uses FRF.16 multi-link Frame Relay vs. MLPPP. We've completed the migration on 10+ sites and all of them are now reporting errors like the following: Feb 17 21:01:39 /kernel: MFR bundle ls-0/0/0:0 link t1-1/0/0 differential 91.7 ms over yellow differential delay 75 ms Feb 17 21:01:50 /kernel: MFR bundle ls-0/0/0:0 link t1-1/0/0 differential 115.9 ms over yellow differential delay 75 ms Feb 17 21:01:50 /kernel: MFR bundle ls-0/0/0:0 link t1-1/0/1 differential 79.0 ms over yellow differential delay 75 ms Feb 17 21:01:50 /kernel: MFR bundle ls-0/0/0:0 link t1-2/0/1 differential 79.1 ms over yellow differential delay 75 ms Feb 17 21:01:50 /kernel: MFR bundle ls-0/0/0:0 link t1-1/0/1 differential 97.4 ms over yellow differential delay 75 ms Feb 17 21:01:50 /kernel: MFR bundle ls-0/0/0:0 link t1-2/0/0 differential 97.5 ms over yellow differential delay 75 ms Feb 17 21:01:50 /kernel: MFR bundle ls-0/0/0:0 link t1-2/0/1 differential 97.5 ms over yellow differential delay 75 ms Feb 17 21:01:52 /kernel: MFR bundle ls-0/0/0:0 link t1-1/0/1 differential 97.4 ms over yellow differential delay 75 ms Feb 17 21:01:52 /kernel: MFR bundle ls-0/0/0:0 link t1-2/0/0 differential 97.5 ms over yellow differential delay 75 ms Feb 17 21:01:52 /kernel: MFR bundle ls-0/0/0:0 link t1-2/0/1 differential 97.5 ms over yellow differential delay 75 ms Feb 17 21:01:53 /kernel: MFR bundle ls-0/0/0:0 link t1-1/0/1 differential 90.0 ms over yellow differential delay 75 ms Feb 17 21:01:53 /kernel: MFR bundle ls-0/0/0:0 link t1-2/0/1 differential 100.0 ms over yellow differential delay 75 ms The customer routers are all Juniper J6350; I believe the Carrier's routers are all Cisco GSRs. Advanced JTAC says that our configurations are solid and that there are no known bugs that would exhibit behavior like this. The carrier is insisting on performing physical-level tests of the circuits (even though they're running error free) before they'll engage higher-level engineers so I'm currently in a holding pattern awaiting those results. My Google-foo is failing me and I'm not able to find any documents that help explain what may be causing this and how to troubleshoot and find an eventual solution. I would really appreciate any tips or suggestions from anyone on the list that may have seen issues like this in the past. Thanks, Ben
Re: Spamhaus...
Crist Clark wrote: On 2/18/2010 at 11:47 AM, Michelle Sullivan matt...@sorbs.net wrote: Crist Clark wrote: We received such a message from a Spamhaus Datafeed reseller and eventually had our DNS servers blocked. What angered me was that I analyzed our usage, and we were well below the thresholds and met the TOS published at the Spamhaus website for no-cost use. However, they said we had to subscribe to the Datafeed despite that because we have a Barracuda appliance. Well aside from I remember reading that they look for Barracuda Appliances*, it does say on: http://www.spamhaus.org/organization/dnsblusage.html *Definition: non-commercial use is use for any purpose other than as part or all of a product or service that is resold, or for use of which a fee is charged. For example, using our DNSBLs in a commercial spam filtering appliance that is then sold to others requires a data feed, regardless of use volume. The same is true of commercial spam filtering software and commercial spam filtering services. We do not fit into that. We are not selling an appliance or service to others (the 'Cuda is for our internal corporate email only, not customers). If we were still using my home-built SpamAssassin system, it'd be OK to use Spamhaus. Now that we've purchased an appliance and manually added a Spamhaus to the user-customizable DNSBL list on it, it's not OK? To use a phrase that I use for myself on SORBS... Their list their rules. If you don't like the rules, don't use the list. They've stated you have an appliance and regardless of volume, you are not 'non commercial' and have to pay a license. It's their list and their license, so you cannot fault them for that no matter how much you disagree with it. Michelle Michelle
Re: several messages
Patrick W. Gilmore wrote: Dean e-mails lots of people directly and CC's the list with his .. uh .. missives. The list members do not see it, just the people individual on the To or CC lines see it. When you reply to the list, /then/ people on the list see it. I am replying to the list because I want to educate people. The next time someone gets e-mail from Dean, please do not reply to NANOG. My bad, I didn't realise I was in the CC list (in fact I specifically went back to check). Sorry all, it won't happen again. Michelle
Re: Spamhaus...
Crist Clark wrote: We do not fit into that. We are not selling an appliance or service to others (the 'Cuda is for our internal corporate email only, not customers). If we were still using my home-built SpamAssassin system, it'd be OK to use Spamhaus. Now that we've purchased an appliance and manually added a Spamhaus to the user-customizable DNSBL list on it, it's not OK? I knew I had read it somewhere... http://www.spamhaus.org/faq/answers.lasso?section=Datafeed%20FAQ#153 Quote: If you do not have a current Spamhaus Datafeed subscription, then you are abusing Spamhaus's public DNSBL servers. If your email volume is big enough that you need a Barracuda or similar spam filter appliance, then you certainly CAN NOT use Spamhaus's free public DNSBL servers. Contrary to what you may have been told by the nice appliance salesman, Spamhaus does not have any agreement with Barracuda for the use of Spamhaus DNSBLs with Barracuda appliances. Because Spamhaus's public DNSBL servers get heavily abused by companies with spam filter appliances, mostly Barracuda appliances, Spamhaus has implemented a control system on the public DNSBL servers to flag and firewall such users and Barracuda appliances in particular. Michelle