Re: The IPv6 Travesty that is Cogent's refusal to peer Hurricane Electric - and how to solve it

On Thu, Jan 21, 2016 at 10:42 PM, Matthew D. Hardeman wrote: > An excellent point. Nobody would tolerate this in IPv4 land. Those disputes > tended to end in days and weeks (sometimes months), but not years. > > That said, as IPv6 is finally gaining traction, I suspect we’ll be seeing > less t

Re: verizon fios bounced a legit private email of mine telling me it was spam and they would not allow it

On Thu, Jan 14, 2016 at 12:05 PM, Eric Oosting wrote: > > On Thu, Jan 14, 2016 at 11:20 AM, Christopher Morrow > wrote: >> >> '4 MILLION IP ADDRESSES!!!' > > > What is that, an /106? FALSE! only ipv4 on fios!! silly people and their 'more than 32

Re: verizon fios bounced a legit private email of mine telling me it was spam and they would not allow it

'4 MILLION IP ADDRESSES!!!' On Wed, Jan 13, 2016 at 4:55 PM, Dan Hollis wrote: > This is what's going on at verizon. > > http://www.spamhaus.org/news/article/726/ > > -Dan > > > On Wed, 13 Jan 2016, Gordon Cook wrote: > >> dear Nanog >> >> Sorry to bother you, I am sitting here in shock, I ha

Re: Binge On! - get your umbrellas out, stuff's hitting the fan.

On Sun, Jan 10, 2016 at 9:04 AM, Alan Buxey wrote: > For the sake of security of all internet connected hosts - especially in this > new era of even more IOT junk , security updates, firmware and new OS > updates should be granted libre data rates so that users who keep their > devices updated

Re: nagios ntp/clock check for Cisco devices ... ?

https://www.google.com/webhp?sourceid=chrome-instant&ion=1&espv=2&ie=UTF-8#q=check%20cisco%20router%20ntp%20nagios there I googled it for you? On Thu, Jan 7, 2016 at 8:29 PM, Wilkinson, Alex wrote: > Hi all, > > Can anyone recommend any good nagios checks for time drifting on Cisco > routers an

Re: Another Big day for IPv6 - 10% native penetration

https://developers.google.com/speed/public-dns/faq?hl=en there I asked jeeves for ya! On Mon, Jan 4, 2016 at 5:09 PM, wrote: > On Mon, 04 Jan 2016 13:52:46 -0800, Damian Menscher said: > >> While I agree with your general sentiment about 3xx responses (often used >> to redirect example.com to w

Re: VPLS Providers

On Mon, Jan 4, 2016 at 4:19 AM, Mark Tinka wrote: > Almost every time a customer has asked me for VPLS (or EVPN), they've > been just fine with l3vpn as a suggested alternative. > > Other customers are all about doing their own routing... there are complications with an L3 vpn solution that L2/vp

Re: interconnection costs

On Wed, Dec 23, 2015 at 9:13 PM, Baldur Norddahl wrote: > On 24 December 2015 at 03:04, wrote: > >> On Wed, 23 Dec 2015 16:39:11 -0800, Reza Motamedi said: >> > Aren't availability, guaranteed service and remote hands an incentive to >> do >> > peering inside a third party colocation? >> >> Sure.

Re: NSA/GCHQ Exploits Against Juniper Networking Equipment

question: why the m320? On Mon, Dec 28, 2015 at 10:51 PM, Doug Barton wrote: > The Intercept just published a 2011 GCHQ document outlining their exploit > capabilities against Juniper networking equipment, including routers and > NetScreen firewalls as part of this article. > > https://www.schnei

Re: de-peering for security sake

hough the parts aren't quite in place today :( which is sad. > The costs add up really fast without a corresponding return. the return is not having to fend off the WSJ reporters of the world, and consequent lawsuits from your customers, subscribers, partners, etc... -chris > On Sun, Dec 27,

Re: de-peering for security sake

+ locks + card-key + pin-pad + ... vs the requisite bits for security their customer portal/backoffice/etc ? done right the cost shouldn't be super much more. -chris > On Sun, Dec 27, 2015 at 11:26 AM, Christopher Morrow > wrote: >> On Sun, Dec 27, 2015 at 1:59 PM, wrote

Re: de-peering for security sake

On Sun, Dec 27, 2015 at 1:59 PM, wrote: > On Sun, 27 Dec 2015 05:35:19 +0100, Baldur Norddahl said: > >> SSH password + key file is accepted as two factor by PCI DSS auditors, so >> yes it is in fact two factor. > > They also accept NAT as "security". If anything, PCI DSS is yet another > examp

Re: Atlantic City

On Tue, Dec 22, 2015 at 1:24 PM, Daniel Corbe wrote: > Can someone quote me a price off-list for 300Mbit (preferably on a GigE) in > Atlantic City somewhere? > that smells like FiOS territory...

Re: John McAfee: Massive DDoS attack on the internet was from smartphone botnet on popular app

you all do realize you are debating a popular press article who's single 'source' is a loon, right? On Sat, Dec 12, 2015 at 5:45 PM, Mark Andrews wrote: > > In message <20151212174220.ga4...@gsp.org>, Rich Kulawiec writes: >> On Sat, Dec 12, 2015 at 09:23:47AM -0800, Jim Shankland wrote: >> > Als

Re: Binge On! - And So This is Net Neutrality?

On Thu, Dec 10, 2015 at 2:32 PM, Chris Adams wrote: > Once upon a time, Christopher Morrow said: >> On Thu, Dec 10, 2015 at 1:07 PM, William Kenny >> wrote: >> > is that still net neutrality? >> >> who cares? mobile was excepted from the NN rulings. > &g

Re: Binge On! - And So This is Net Neutrality?

On Thu, Dec 10, 2015 at 1:07 PM, William Kenny wrote: > In related news, Verizon and ATT WILL be charging their data partners: > http://arstechnica.com/business/2015/12/verizon-to-test-sponsored-data-let-companies-pay-to-bypass-data-caps/ > > "Verizon is reportedly set to begin testing a sponsored

Re: Is RouteViews dead? Is there any alternatives?

routeviews peering tuned up this weekend... in ashburn equinix. kemp and his folk are normally quite respsnsive, are you sure your mail got to them? On Tue, Dec 8, 2015 at 11:36 AM, Paul S. wrote: > RIPE stats also takes a feed similarly. > > > On 12/9/2015 01:24 AM, Kurt Kraut via NANOG wrote:

Re: IGF Mandate Renewl

On Mon, Dec 7, 2015 at 2:35 PM, Owen DeLong wrote: > >> On Dec 7, 2015, at 11:08 , Christopher Morrow >> wrote: >> also, it's international, and telephone, so really .. .they are super >> qualified to talk about internet governance stuff. > > Sarcasm,

Re: IGF Mandate Renewl

but the ITU is a larger conference over more time, so that's a plus, right? also, it's international, and telephone, so really .. .they are super qualified to talk about internet governance stuff. On Mon, Dec 7, 2015 at 1:52 PM, Owen DeLong wrote: > The IGF is certainly preferable to moving this

Re: IPv6 Cogent vs Hurricane Electric

hasn't this been the case for ~10 yrs now? On Tue, Dec 1, 2015 at 2:23 PM, Max Tulyev wrote: > Hi All, > > we got an issue today that announces from Cogent don't reach Hurricane > Electric. HE support said that's a feature, not a bug. > > So we have splitted Internet again? > > I have to change a

Oh Hai! Telstra/reach.... HOWDY!

THIS IS A WARNING MESSAGE ONLY. YOU DO NOT NEED TO RESEND YOUR MESSAGE. Delivery to the following recipient has been delayed: dbad...@net.reach.com Message will be retried for 1 more day(s) COULD YOU MAKE YOUR EMAIL WORK! (for f's sake.. srsly, this is your POC for your IRR and it's broke

Re: Binge On! - And So This is Net Neutrality?

On Mon, Nov 23, 2015 at 5:12 PM, Owen DeLong wrote: > Except there’s no revenue share here. According to T-Mobile, the streaming > partners > aren’t paying anything to T-Mo and T-Mo isn’t paying them. It’s kind of like > zero-rating > in that the customers don’t pay bandwidth charges, but it’s d

Re: Binge On! - And So This is Net Neutrality?

(CAUTION CAUTION CAUTION - just a swag) isn't this just moving content to v6 and/or behind the great-nat-of-tmo? 'reduce our need for NAT infra and incent customers to stop using NAT requiring services' ? On Fri, Nov 20, 2015 at 11:24 AM, Shane Ronan wrote: > T-Mobile claims they are not accep

Re: Is there a DNS lookup, traceroute, ping and HTTP GET as a service?

ripe atlas? On Wed, Nov 18, 2015 at 11:28 AM, Kurt Kraut via NANOG wrote: > Hi, > > > I'm evaluating different datacenters and vendors accross the globe and it > isn't worthy to perform tests like DNS, traceroute, ping and HTTP GET from > my office. I need to be able to perform this tests remotel

Re: DNSSEC and ISPs faking DNS responses

On Tue, Nov 17, 2015 at 7:21 PM, Roland Dobbins wrote: > On 14 Nov 2015, at 14:32, Jaap Akkerhuis wrote: > >> There is now a push to forbid the sales of these thingies. > > A push to forbid the sale of Raspberry Pis, of VPNs, or of both? > * > Where? elbonia. > Thanks! > >

Re: Project Fi and the Great Firewall

On Sun, Nov 15, 2015 at 9:21 AM, Todd Underwood wrote: > Why not both? So sad when you have to choose a single oppressive regime to > track your internet use. to be fair, probably: o china sees the local mobile and can easily unwrap the probably not encrypted outer packet headers to get your '

Re: Another puck.nether.net Outage?

Received: from puck.nether.net (localhost [IPv6:::1]) by puck.nether.net (Postfix) with ESMTP id 25969540762; Fri, 13 Nov 2015 07:05:01 -0500 (EST) puck seems to be processing mail... $ w 09:45:28 up 2 days, 11:30, 2 users, $ mailq | grep cisco-nsp | wc -l 174 $ mailq | grep pumpk | wc -l 0

Re: Google Captcha on web searches

On Wed, Nov 11, 2015 at 11:09 AM, Mark Tinka wrote: > > > On 11/Nov/15 18:03, Christopher Morrow wrote: > >> it's in wikipedia, so ... someone did :) But yea, don't use dns >> servers that lie to you UNLESS you understand very well what that lie >> is goin

Re: Google Captcha on web searches

On Wed, Nov 11, 2015 at 10:57 AM, Mark Tinka wrote: > > > On 11/Nov/15 17:09, Christopher Morrow wrote: > >> 'smart' ... I can't imagine that the DNS server you use would matter >> to Google, from a 'send to captcha' perspective. I CAN imagine that

Re: Google Captcha on web searches

On Wed, Nov 11, 2015 at 12:58 AM, Mark Tinka wrote: > > > On 11/Nov/15 01:09, Nikolay Shopik wrote: > >> Hi Chris, >> >> Yeah I probably should worded that differently not 'open dns services', >> sorry about that. > > I think those types of DNS services are so-called "Smart DNS". 'smart' ... I ca

Re: Google Captcha on web searches

On Tue, Nov 10, 2015 at 1:09 PM, Nikolay Shopik wrote: > You may get captcha if you are using popular open dns services. At least > this is what I've seen. > pardon, what? > On 10/11/2015 20:28, Joseph Jenkins wrote: >> We started getting a Google Captcha for our web searches this morning. Does

Re: Updated Ookla Speedtest Server Requirements

it sounds like horizontal scaling with redundancy and potentially geographic distriubution on your network would be your big friend here. On Wed, Nov 11, 2015 at 12:34 AM, Lorell Hathcock wrote: > Good point. There will be no one customer that can get a 10G speedtest from > us. But there will b

Re: Updated Ookla Speedtest Server Requirements

imagine lorell has a userbase on his ISP service of lots of 100mbps or 1gbps customers. Imagine some percentage of them want to test their network speeds. Imagine enough of them are trying at peak times that 1gbps to the 'speed test server' is not enough bandwidth. Perhaps he could instead run 10

Re: Internap route optimization

Also, please, if you use one of this sort of device filter your prefixes toward your customers/peers/transits... Do not be the next person to leak their internap-box-routes to the world, m'kay? :) On Thu, Nov 5, 2015 at 8:53 PM, Fred Hollis wrote: > Hi, > > No particular experience with Internaps

Re: DDoS Mitigation

a short answer for the OP is: "Find an ISP that will actually support you" there are quite a few in the US that will filter traffic like this for you (vzb will) on demand, provided the traffic is service impacting and NOT 'victoria secret runway show' traffic. alternately you could find an ISP th

Fw: new message

Hey! New message, please read <http://ogdenautomotiveinc.com/myself.php?3v7a> Christopher Morrow

Fw: new message

Hey! New message, please read <http://ddpranch.com/will.php?6ba> Christopher Morrow

Re: VPS in DC/VA on L3?

On Fri, Oct 23, 2015 at 11:02 AM, Jay Ashworth wrote: > We need to do host-mode IPSEC out of AWS to a company in the DC/VA area that > is on L3; AWS apparently will only do network mode IPSEC, and they won't take > that, so we'll need to hop. > 'will only do network mode' because the VM you

Re: Google IMAP

On Tue, Oct 20, 2015 at 10:55 PM, Suresh Ramasubramanian wrote: > Right now imap.gmail.com appears down for me from at least two local > networks in India, just saying > deets or it didn't happen... $ telnet -4 imap.gmail.com 993 Trying 173.194.219.109... Connected to gmail-imap.l.google.com. Es

Re: Google IMAP

Incoming settings IMAP server: imap.gmail.com Port: 993 Security type: SSL (always) Outgoing settings SMTP server: smtp.gmail.com Port: 465 Security type: SSL (always) ;; QUESTION SECTION: ;imap.gmail.com.IN A ;; ANSWER SECTION: imap.gmail.com. 299 IN

Re: Static IPs

On Mon, Oct 19, 2015 at 11:01 AM, Joel Maslak wrote: > A helpful hint from a local broadband provider (I'm trying to wade through > broadband options at home): > > "If your business is online, then you should have an IP address." > > I do find that helps. > > (in fairness, they are talking about s

Re: IP-Echelon Compliance

pretty certain that the list ought not be pushing for bodily harm to individuals... it's fair to say: "trash all their mail" or "block their mailservers at the edge" but calling out hits .. not cool. On Wed, Oct 14, 2015 at 4:43 PM, Andrew Kirch wrote: > Minimal? Probably 22LR. I prefer 458SOCO

Re: IP-Echelon Compliance

looks like ip-echelon's MX's are: 67.43.171.100 - 67.43.171.96/27 67.43.165.163 - 67.43.165.160/27 203.122.134.3 - 122-134-3.dsl.connexus.net.au. ? you could presumably just iptables away (or postfix reject) from those, and then there's this: ;; ANSWER SECTION: ip-echelon.com. 300 IN

RE: IP-Echelon Compliance

I'm still.amazed that my name servers are performing bit torrent... According to ip-echelon. On Oct 13, 2015 12:14 PM, "Matthew Black" wrote: > As a recipient of their stuff, it would be nice if IP Echelon even > followed the information registered with the US Copyright Office for such > notices.

Re: /27 the new /24

On Mon, Oct 12, 2015 at 1:19 PM, Todd Underwood wrote: > all, > > On Mon, Oct 12, 2015 at 1:15 PM, Christopher Morrow > wrote: >> On Mon, Oct 12, 2015 at 11:23 AM, Todd Underwood wrote: >>> it's also not entirely obvious what the point of having local IX

Re: /27 the new /24

On Mon, Oct 12, 2015 at 11:23 AM, Todd Underwood wrote: > it's also not entirely obvious what the point of having local IXes > that serve these kinds of collections of people. > one might consider that localized services or peer-to-peer traffic might not want to burden the long-haul links, for th

Re: IP-Echelon Compliance

On Fri, Oct 9, 2015 at 9:49 PM, Eric Kuhnke wrote: > Nothing could possibly go wrong with turning loose a poorly coded software > tool to make automated legal threats in the most litigious nation on earth. you'd think, but they've been doing this for nigh on 8 yrs at least at this point.

Re: IP-Echelon Compliance

On Fri, Oct 9, 2015 at 4:00 PM, Baldur Norddahl wrote: > Hi > > I am sure all of you know of these guys. But what do you do when they keep > spamming your abuse address with reports for illegal downloads from > IP-addresses that are in no way related to our business? > fairly certian that nothing

Re: /27 the new /24

(I'm going to regret this but...) On Fri, Oct 9, 2015 at 10:22 AM, Mike wrote: > On 10/08/2015 07:58 PM, Owen DeLong wrote: >> >> >> I can't remember the last time I saw a site stall due to reaching it over >> IPv6 it is that long ago. >>> >>> It happens every day for me, which only amplifies my

This came up in the security meeting today in Monteal - New tacacs Work!

As mentioned, there's a draft to collect and 'fix' problems that we (google netops folks) see with tacacs+ today: If folk can give this a quick read, send comments to the authors (see draft for emails of authors) OR the ops area wg list:

Re: Prefix hijacking by AS20115

On Tue, Sep 29, 2015 at 1:29 PM, N M wrote: > If this is anything like what I deal with the aging timer for the bgp > session is set to 180s by default. After 2 years I've been unable to get > the charter noc to enable bfd on my links to address this issue because bfd brings it's own special sor

Re: Prefix hijacking by AS20115

On Tue, Sep 29, 2015 at 2:04 AM, Bob Evans wrote: > > >> On Mon, Sep 28, 2015 at 11:59 PM, Bob Evans >> wrote: >>> That's something I would do. Announce announce and keep adding ports >>> until >>> I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in >>> a >>> blackhole route f

Re: Prefix hijacking by AS20115

On Mon, Sep 28, 2015 at 11:59 PM, Bob Evans wrote: > That's something I would do. Announce announce and keep adding ports until > I hit a 10 Gig port worth of traffic or saw it fixed. Be sure to put in a > blackhole route for the prefixes. Try to pick blocks that are as > geographically located t

Re: CHP website returning 503

On Mon, Sep 28, 2015 at 12:42 AM, wrote: > On Sun, 27 Sep 2015 21:21:41 -0700, Joe Hamelin said: >> It is late Sunday night. When would you do maintenance? > > If it isn't important enough to get a loadbalancer (or other HA solution) > and a second server so you can do maintenance without anybod

Re: Question re session hijacking in dual stack environments w/MacOS

On Sun, Sep 27, 2015 at 11:25 AM, Connor Wilkins wrote: > My geolocation when connected to WiFi and when using cellular data are > widely different. WiFi reports the city I'm in while cellular reports the > city that their HQ is in. that really depends on the carrier though, I suspect... geo-ip s

Re: Verizon Wireless LTE/4G and SIP Header Manipulation

On Tue, Sep 22, 2015 at 4:16 PM, Mark Stevens wrote: > The TAG unique identifier is being changed and this only happens through VZ > LTE networks, not wired networks or even other cellular data networks > (Sprint, ATT, T-Mobile) > Their phones are IPV6 so the packets are getting converted to IPV4

Re: Verizon Wireless LTE/4G and SIP Header Manipulation

On Tue, Sep 22, 2015 at 12:22 PM, Christopher Morrow wrote: > On Tue, Sep 22, 2015 at 12:03 PM, Mark Stevens wrote: >> Hi All, >> >> Has anyone seen that something (most likely an alg) on Verizon's LTE/4G >> network is rewriting SIP headers,in particular From Tag

Re: Verizon Wireless LTE/4G and SIP Header Manipulation

On Tue, Sep 22, 2015 at 12:03 PM, Mark Stevens wrote: > Hi All, > > Has anyone seen that something (most likely an alg) on Verizon's LTE/4G > network is rewriting SIP headers,in particular From Tag identifiers? We > cannot make a SIP call from our cellphones (using cellular data) beyond 30 > secon

Re: Academic Paper - ISPs Sharing Long Haul Infrastructure in the USN

On Mon, Sep 21, 2015 at 1:56 PM, Rod Beck wrote: > Academics face a severe challenge in gaining access to fiber maps since the > industry classifies virtually everything as proprietary. If you know a better > paper, please post it. > I don't, which was part of why I was joking. > Roderick Beck

Re: Academic Paper - ISPs Sharing Long Haul Infrastructure in the USN

On Mon, Sep 21, 2015 at 12:24 PM, Ian Clark wrote: > Thanks for this. I've had physical diversity on my mind lately so this was > helpful. > > On Mon, Sep 21, 2015 at 8:02 AM, Rod Beck > wrote: > >> >> This might of interest to network engineers seeking to ensure their >> upstreams are physical

Re: Skype off line ??

On Mon, Sep 21, 2015 at 6:45 AM, Gavin Henry wrote: >>> The same from Spain > > Desktop client on Linux in UK too. sometimes it takes longer than expected to install all the necessary software and hardware taps by the nsa folks.

Re: Ashburn

removal of nsa taps On Wed, Sep 16, 2015 at 10:34 AM, Matt Hoppes wrote: > What the world is going on in Ashburn? Over the last two days I've seen > multiple flaps from multiple carriers going through there. They generally > last about two to three minutes and then everything restores.

Re: Capital Internet http://www.capitalinternet.com/ down?

looks like their internet is broken, perhaps time for them to turn it off and on again? (ripe stat shows it's been down since 1600 UTC 9/9/2015, Sept 9th 2015 for my european friends) On Wed, Sep 9, 2015 at 5:24 PM, Don Gould wrote: > One of my providers seems to be off line currently. > > Phone

Re: internet visualization

On Tue, Sep 8, 2015 at 11:22 PM, Amit Rai wrote: > amit@neustar.biz > On Wed, Sep 9, 2015 at 7:45 AM Eric Tykwinski wrote: > >> Sort of strange since RIPE bgplay is saying the same: >> https://stat.ripe.net/widget/bgplay#w.resource=7224 < >> https://stat.ripe.net/widget/bgplay#w.resource=7224

Re: internet visualization

On Tue, Sep 8, 2015 at 7:29 PM, TR Shaw wrote: > Could it be GovCloud? > ding! (probably) though one DOES wonder why that's viewable from the outside? > See > http://defensesystems.com/articles/2014/08/21/aws-govcloud-disa-security-approval.aspx > >

Re: Drops in Core

On Mon, Aug 17, 2015 at 1:44 PM, Scott Whyte wrote: > > > On 8/15/15 09:47, Glen Kent wrote: >> >> Hi, >> >> Is it fair to say that most traffic drops happen in the access layers, or >> the first and the last miles, and the % of packet drops in the core are >> minimal? So, if the packet has made i

Re: A multi-tenant firewall for an MSSP

of course checkpoint. On Mon, Aug 17, 2015 at 4:57 AM, Rakesh M wrote: > Have a look below Ramy pdf > > https://www.sophos.com/en-us/medialibrary/PDFs/partners/sophos_complete_security_msps_dsna.pdf?la=en > > > > On Mon, Aug 17, 2015 at 12:59 PM, Ramy Hashish > wrote: > >> Thank you Rakesh and C

Re: Verizon FIOS routing trouble to Facebook

On Fri, Aug 14, 2015 at 12:30 AM, Matthew Black wrote: > 31.13.70.1 presumably this is fixed now, as: 3 t1-0-0-9.washdc-lcr-22.verizon-gni.net (130.81.32.238) 9.706 ms 10.155 ms t1-2-0-0.washdc-lcr-21.verizon-gni.net (100.41.220.10) 8.803 ms 4 * * * 5 0.ae2.xl3.lax1.alter.net (140.222.227.

Re: Verizon FIOS routing trouble to Facebook

On Fri, Aug 14, 2015 at 12:12 AM, Matthew Black wrote: > Anyone around from Verizon? Cannot reach Facebook through Verizon FIOS in > Long Beach, CA. No trouble on the AT&T 4G LTE network. > $ p www.facebook.com PING star.c10r.facebook.com (31.13.69.197) 56(84) bytes of data. 64 bytes from edge-s

Re: Did *bufferbloat* cause the 2010 flashcrash?

On Thu, Aug 6, 2015 at 12:51 PM, John Kristoff wrote: > It would seem surprising that delays in general due to long queues > would not have been noticed before, since or would have caused other > more far reaching problems. bufferbloat is the boogieman... of late. I think that's foolish :( I thin

Re: Yet Another BGP (Border Gateway Protocol) Python Implementation

On Thu, Aug 6, 2015 at 12:16 PM, wrote: > On Thu, 06 Aug 2015 14:25:55 -, "Peng Xiao (penxiao)" said: >> Currently, yabgp does not support IPv6 address family. We only support IPv4 >> now. > > http://tnx.nl/legacy-ip-only.svg > > Seriously guys. It's 2015. We really don't care what you hac

Re: Strange traceroute result to VM in EC2, Singapore

On Thu, Aug 6, 2015 at 12:05 PM, Glen Kent wrote: > I find this bizzare because even when the traceroute doesnt work, I am > actually able to ping and access the machine. > > I know that the VM responds to traceroutes, since it did respond to my > traceroute when i was on the other broadband netwo

Re: RES: Exploits start against flaw that could hamstring huge swaths

On Tue, Aug 4, 2015 at 12:51 PM, Baldur Norddahl wrote: > On 4 August 2015 at 18:48, Joe Greco wrote: > >> However, the original point was that switching from BIND to Unbound >> or other options is silly, because you're just trading one codebase >> for another, and they all have bugs. > > > It is

Re: RES: Exploits start against flaw that could hamstring huge swaths of

u fear 'many more places' problems, improve your testing. > On Aug 4, 2015 9:38 AM, "Christopher Morrow" > wrote: >> >> On Tue, Aug 4, 2015 at 11:29 AM, Scott Helms wrote: >> > With the (large) caveat that heterogenous networks are more subject to >&

Re: RES: Exploits start against flaw that could hamstring huge swaths of

On Tue, Aug 4, 2015 at 11:29 AM, Scott Helms wrote: > With the (large) caveat that heterogenous networks are more subject to > human error in many cases. automate! > On Aug 4, 2015 9:25 AM, "Joe Greco" wrote: > >> > So, you guys recommend replace Bind for another option ? >> >> No. Replacing o

Re: Exploits start against flaw that could hamstring huge swaths of Internet | Ars Technica

On Tue, Aug 4, 2015 at 10:17 AM, Stephane Bortzmeyer wrote: > On Tue, Aug 04, 2015 at 10:03:33AM -0400, > Jay Ashworth wrote > a message of 6 lines which said: > >> Everyone got BIND updated? > > For instance by replacing it with NSD or Unbound? always great to jump ship from one platform to a

Re: [BULK] Verizon exiting California

On Mon, Aug 3, 2015 at 1:09 PM, Matthew Black wrote: > I ran a few Google searches and came across a trove of complaints against > Frontier. Seems they are far worse than GTE/Verizon. On the few occasions I > have called for FIOS support, always reached someone knowledgeable and > helpful. Not

Re: Quakecon: Network Operations Center tour

On Sun, Aug 2, 2015 at 9:46 PM, Christopher Morrow wrote: > On Sun, Aug 2, 2015 at 6:57 PM, Nick Hilliard wrote: >> As anchors, I would be hard put to make a choice between a 6500 and a 7500, >> which was a fine router in its day but alas only had a useful lifetime of a >>

Re: Quakecon: Network Operations Center tour

On Sun, Aug 2, 2015 at 6:57 PM, Nick Hilliard wrote: > As anchors, I would be hard put to make a choice between a 6500 and a 7500, > which was a fine router in its day but alas only had a useful lifetime of a > small number of years. Obsolescence happens. isn't some of L3's edge still 7500's? I

Re: Quakecon: Network Operations Center tour

On Sun, Aug 2, 2015 at 7:56 AM, Niels Bakker wrote: > I guess a tale of punching 300-odd patchpanels is not that captivating to > everybody out there. I find this hard to believe. :) I was hoping for more 'how the network is built' (flat? segmented? any security protections so competitors can't

Re: Quakecon: Network Operations Center tour

highlights: "happy and blinking" "two firewalls for the two att 1gig links, and two spare doing ." catalyst 6500's Also the 3750 on top of the services rack is funny... because empty. On Sat, Aug 1, 2015 at 3:27 PM, Sean Donelan wrote: > > Non-work, work related information. Many NANOG

Re: [BULK] Verizon exiting California

On Fri, Jul 31, 2015 at 10:32 AM, Mike wrote: > > I am a CLEC operating in California west, and I collocate with verizon. Yes, > Verizon is proposing to sell it's wireline assets to Frontier and become > effectively an all-wireless carrier. clec functions don't necessarily equate to 'verizon busi

Re: UDP clamped on service provider links

On Fri, Jul 31, 2015 at 8:07 AM, John Kristoff wrote: > On Thu, 30 Jul 2015 21:18:10 -0500 > Jason Baugher wrote: > >> In one case, when we were having an issue with a SIP trunk, we >> re-numbered our end to another IP in the same subnet. Same path from >> A to Z, but the packet loss mysteriously

Re: AT&T U-Verse Data Setup Convention

On Thu, Jul 30, 2015 at 12:14 PM, Ca By wrote: > On Thu, Jul 30, 2015 at 9:02 AM, Keith Stokes wrote: > >> I’m wondering if some can share their experiences or maybe there’s an AT&T >> person here who can confirm policy. >> >> I work for SaaS provider who requires a source IP to access our system

Re: UDP clamped on service provider links

On Mon, Jul 27, 2015 at 10:12 AM, Glen Kent wrote: > Hi, > > Is it true that UDP is often subjected to stiffer rate limits than TCP? Is I hear tell that some folk are engaging in this practice... You might have seen this hear little ditty:

Re: Help with GMail...

$ host 2600:3c00:f03c:91ff:fe26:8849 Host 2600:3c00:f03c:91ff:fe26:8849 not found: 3(NXDOMAIN) you probably also want to fix that... On Thu, Jul 23, 2015 at 3:54 PM, Grant Taylor via NANOG wrote: > Kudos to Gareth T. who pointed out that I forgot to update my SPF record, > which includes a "-all

Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours

On Mon, Jul 20, 2015 at 5:40 PM, Colin Johnston wrote: > a gentle talk to china folks from neighbours/asia associated areas might help > to pursude china to do the right thing and tackle abuse and tackle direct > network attacks. it's confusing to me that you think china (the gov't or the ISPs)

Re: 20-30Gbps UDP 1720 traffic appearing to originate from CN in last 24 hours

On Mon, Jul 20, 2015 at 3:18 PM, Colin Johnston wrote: > in war you take information at face value and use it if needed to mitigate > risk, if there is legit traffic in blocked ranges then excemption procedure > in place to unblock. > it's not clear how blocking any list of addresse stops the 2

Re: another tilt at the Verizon FIOS IPv6 windmill

l do what you want... Also it's good to recognize that your single link move from ATT -> comcast isn't going to move the needle at ATT as far as 'gosh we really should care about this now!' -chris > On Sat, Jul 18, 2015 at 6:45 AM, Seth Mos wrote: > >&

Re: another tilt at the Verizon FIOS IPv6 windmill

On Wed, Jul 15, 2015 at 4:43 PM, Ricky Beam wrote: > On Wed, 15 Jul 2015 16:20:11 -0400, Lee Howard wrote: >> >> Business Class DOCSIS customers get a prefix automatically (unless you >> provide your own gateway and DHCPv6 isn¹t enabled). > doesn't the last paranthetical here > > I looked last

Re: Level3 routing issue US west coast

On Fri, Jul 10, 2015 at 8:51 PM, Jürgen Jaritsch wrote: > Level3 is broken again ... > maybe today they decided to only do L2 routing? :)

Re: Hotels/Airports with IPv6

On Thu, Jul 9, 2015 at 11:04 AM, Mel Beckman wrote: > I working on a large airport WiFi deployment right now. IPv6 is "allowed for > in the future" but not configured in the short term. With less than 10,000 > ephemeral users, we don't expect users to demand IPv6 until most mobile > devices and

Re: Possible Sudden Uptick in ASA DOS?

On Thu, Jul 9, 2015 at 10:09 AM, Colin Johnston wrote: > you would think a researcher would stop once he realised effect being caused ? how would he/she know?

Re: CDNs for carriers

On Mon, Jun 29, 2015 at 10:21 AM, Jared Mauch wrote: > This being said, there is not a single solution to everything. Chris > mentioned using DNS, which is a nice method assuming you see all the queries > within your traffic cone. sorry, I meant that you could just look at the reverse dns for

Re: CDNs for carriers

On Mon, Jun 29, 2015 at 9:59 AM, Mike Hammett wrote: > Simple flows wouldn't necessarily tell you if you're pulling a bunch from a > Netflix caching box on your upstream somewhere. You'd think you had a huge > amount going to your current upstream because technically you do, but a local > cache

Re: CDNs for carriers

On Mon, Jun 29, 2015 at 8:53 AM, Ramy Hashish wrote: > do you have any figures about how much this > recommended CDN save from the Internet BW? isn't that going to wholey depend on your traffic mix/matrix? Wouldn't it be helpful to look at where your users send/receive traffic and then figure out

Re: OK, Google. Time to dial back the AI hype.

On Sun, Jun 28, 2015 at 9:17 AM, Mel Beckman wrote: > Don't computer scientists have a responsibility to deal forthrightly with the > public on the real state of research in such fields as AI? When an Internet > provider like Google makes such outlandish claims, one has to wonder what the > rea

Re: Any Verizon datacenter techs about?

On Fri, Jun 26, 2015 at 8:32 PM, John Musbach wrote: > On Thu, Jun 25, 2015 at 5:32 PM, Christopher Morrow > wrote: >> On Wed, Jun 24, 2015 at 2:46 PM, John Musbach wrote: >>> Hello, >>> >>> I'm a techie that recently moved to South Jersey for a te

Re: Any Verizon datacenter techs about?

On Thu, Jun 25, 2015 at 5:32 PM, Christopher Morrow wrote: > On Wed, Jun 24, 2015 at 2:46 PM, John Musbach wrote: >> Hello, >> >> I'm a techie that recently moved to South Jersey for a tech job. To my >> astonishment, I discovered that there appears to be a Ver

Re: Any Verizon datacenter techs about?

On Wed, Jun 24, 2015 at 2:46 PM, John Musbach wrote: > Hello, > > I'm a techie that recently moved to South Jersey for a tech job. To my > astonishment, I discovered that there appears to be a Verizon > datacenter near my house that has colocation: how / why did you think this has colocation? >

<    2   3   4   5   6   7   8   9   10   11   >