Re: Topic: Inter-AS BGP Local Preference Matrix

On Fri, Oct 29, 2010 at 7:16 PM, Matthew Petach wrote: >> 5. All vendors should make an effort to standardize the values/value ranges >> offered with other vendors. >> 6. All vendors should offer a local preference matrix to their customers, >> listing the changes made to a specific AS (e.g. ano

Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)

On Sun, Oct 31, 2010 at 12:31 PM, Owen DeLong wrote: > > On Oct 31, 2010, at 7:22 AM, valdis.kletni...@vt.edu wrote: > >> On Thu, 21 Oct 2010 19:21:41 PDT, George Bonser said: >> >>> With v6, while changing prefixes is easy for some gear, other gear is >>> not so easy.  If you number your entire n

Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 -Unique local addresses)

On Sun, Oct 31, 2010 at 2:01 PM, George Bonser wrote: >> ula really never should an option... except for a short lived lab, >> nothing permanent. > > I have a few candidate networks for it.  Mostly networks used for > clustering or database access where they are just a flat LAN with no > "gateway"

Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)

On Sun, Oct 31, 2010 at 3:10 PM, David Conrad wrote: > On Oct 31, 2010, at 6:45 AM, Christopher Morrow wrote: >>>> "If Woody had gone straight to a ULA prefix, this would never have >>>> happened..." >>> Or better yet, if Woody had gone straight to

Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)

On Mon, Nov 1, 2010 at 5:28 AM, Mark Smith wrote: > On Sun, 31 Oct 2010 21:32:39 -0400 > Christopher Morrow wrote: > >> On Sun, Oct 31, 2010 at 3:10 PM, David Conrad wrote: >> > On Oct 31, 2010, at 6:45 AM, Christopher Morrow wrote: >> >>>> "I

Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)

oops, I clipped a little too much from the message before replying... On Mon, Nov 1, 2010 at 5:28 AM, Mark Smith wrote: > > Permanent connectivity to the global IPv6 Internet, while common, > should not be essential to being able to run IPv6, and neither should > PI. All you should need to run IP

Re: Token ring? topic hijack: was Re: Mystery open source switching

On Tue, Nov 2, 2010 at 3:43 PM, Chris Boyd wrote: > > On Nov 1, 2010, at 11:48 AM, Nick Hilliard wrote: > >> And FDDI and X.25 and every single legacy protocol > > Are there still any commercial X.25 nets in operation?  I had some peripheral > involvement with Tymnet in the MCI/Concert conversion

Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)

On Wed, Nov 3, 2010 at 6:43 PM, Mark Andrews wrote: > Actually PI is WORSE if you can't get it routed as it requires NAT or > it requires MANUAL configuration of the address selection rules to be > used with PA. not everyone's network requires 'routed' ... wrt the internet.

Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)

On Thu, Nov 4, 2010 at 1:31 AM, Owen DeLong wrote: > > On Nov 3, 2010, at 5:21 PM, valdis.kletni...@vt.edu wrote: > >> On Wed, 03 Nov 2010 17:01:32 PDT, Owen DeLong said: >>> On Nov 3, 2010, at 3:43 PM, Mark Andrews wrote: Actually PI is WORSE if you can't get it routed as it requires NAT or

Re: Register.com DNS outages

On Sat, Nov 13, 2010 at 11:40 AM, Brandon Kim wrote: > > Thanks for the heads up. I just sent an email out to my companies staff to > keep an eye on our own customers if they > are noticing any issues. > > Times like this, makes you curious what kind of infrastructure register.com > has? How doe

Re: Level 3 Communications Issues Statement Concerning Comcast's Actions

On Mon, Nov 29, 2010 at 6:59 PM, Leo Bicknell wrote: > No one will ever be in ratio compliance with an eyeball dominant > network.  Ever.   Period.  It's not possible via technology and > TOS.  Enforcing it as an eyeball network just forces content providers > to aquire eyeballs, e.g. compete wit

Re: Level 3 Communications Issues Statement ConcerningComcast'sActions

On Mon, Nov 29, 2010 at 11:23 PM, Ben Butler wrote: > Ok, you have a point with SD vs HD which is encoded at 8 rather than 2 on our > digital terrestrial and satellite broadcasters in the UK. > > So why 24mb or 50mb access speeds, what is it actually being used for, I do > not believe that strea

Re: Level 3 Communications Issues Statement Concerning Comcast's Actions

On Mon, Nov 29, 2010 at 11:03 PM, Leo Bicknell wrote: > In a message written on Mon, Nov 29, 2010 at 10:22:34PM -0500, Christopher > Morrow wrote: >> see craig's report from nanog47: >> <http://www.nanog.org/meetings/nanog47/presentations/Monday/Labovitz_ObserveReport_

Re: Level 3 Communications Issues Statement Concerning Comcast'sActions

On Tue, Nov 30, 2010 at 1:52 AM, Mikael Abrahamsson wrote: > Considering there are mobile roaming partners that charge USD10-15 per > megabyte, unfortunately that proposition is really hard to do in todays > global market. but really, the 'cost' here is the same as a local wireless user for air-

Re: Cage nuts/rack hw near SAVVIS DC3 (Sterling VA)

On Wed, Dec 1, 2010 at 10:24 AM, Cat Okita wrote: > On Wed, 1 Dec 2010, Leo Bicknell wrote: >> >> Every meeting I have with a colo provider I suggest this exact idea. >> Patch cables (cat5, single mode, multi-mode), fiber couplers, maybe >> even SFP's, velcro ties, a 10-in-1 screwdriver, etc. > >

Re: FUD: 15% of world's internet traffic hijacked

On Wed, Dec 1, 2010 at 3:28 PM, Randy Bush wrote: > as usual i see no traffic measurements in the renesys note.  i see > inference of traffic based on some control plane measurements.  and, has > been shown, such inferences are highly suspect. it's fairly clear though that you won't get traffic i

Re: FUD: 15% of world's internet traffic hijacked

On Wed, Dec 1, 2010 at 3:52 PM, Randy Bush wrote: >> also, you won't get the traffic stats from the >> offending parties > > and how much traffic data does google publish? > > or iij or ntt?  oops!  cho, fukuda, esaki, & kato [0] did show real > traffic data from japan's largest isps. > > no accu

Re: Trying to Make Sense of the Comcast/Level 3 Dispute

On Thu, Dec 2, 2010 at 12:40 AM, Paul Ferguson wrote: > -BEGIN PGP SIGNED MESSAGE- > Hash: SHA1 > > Interesting article: > > http://www.freedom-to-tinker.com/blog/sjs/trying-make-sense-comcast-level-3 > - -dispute > > Considering the fact that I received an e-mail survey request today from

Re: Level 3 Communications Issues Statement Concerning Comcast's Actions

On Thu, Dec 2, 2010 at 5:10 PM, Matthew Petach wrote: > fair game for reverse billing.  If it does, it's going to completely > eliminate "transit" as a commercial offering; instead, we'll > all be stuck doing settlements in every direction for > traffic...and that's just *way* too much paperwork.

Re: wikileaks unreachable

On Fri, Dec 3, 2010 at 1:19 AM, Jorge Amodio wrote: >> and this is based on what facts? > > Instead of tweeting about how to reach their content, or their IP 'they' is a multicast address ... dyn/everydns or wikileaks? which is the 'they' that is doing the twittering?

Re: Domain shut downs by Registrar?

On Fri, Dec 3, 2010 at 10:17 AM, John Levine wrote: > We do remember, don't we, that the domain that started this discussion > were shut down by Verisign, the registry, not a registrar? what's super fun here is that often in conversations with registries about domains used for malware/spam/etc

Re: Domain shut downs by Registrar?

On Fri, Dec 3, 2010 at 10:45 AM, John R. Levine wrote: >>> We do remember, don't we, that the domain that started this discussion >>> were shut down by Verisign, the registry, not a registrar? > >> interesting that in THIS case the registry just took the action, was >> the domain registered throug

Re: The scale of streaming video on the Internet.

On Fri, Dec 3, 2010 at 10:47 AM, William Herrin wrote: > If the instant problem is that the character of eyeball-level Internet > service has shifted to include a major component of data which is more > or less broadcast in nature (some with time shifting, some without). > There's a purely techni

Re: The scale of streaming video on the Internet.

On Fri, Dec 3, 2010 at 11:18 AM, Leo Bicknell wrote: > In a message written on Fri, Dec 03, 2010 at 11:08:21AM -0500, Christopher > Morrow wrote: >> the above is essentially what Akamai (and likely other CDN products) >> built/build... from what I understand (purely fro

Re: wikileaks unreachable

On Fri, Dec 3, 2010 at 1:01 PM, Eric Brunner-Williams wrote: > there exists a free speech application for fast flux hosting networks, and > its in connecticut, not china. > > (during the icann gnso pdp on fast flux hosting the above assertion was > generally dismissed) 'fast flux hosting' == akam

Re: Domain shut downs by Registrar?

On Fri, Dec 3, 2010 at 1:10 PM, David Conrad wrote: > On Dec 3, 2010, at 5:49 AM, Christopher Morrow wrote: >> thanks... so, in this case, why did they take this action? > > When folks with guns and little sense of humor show up at your door with a > sealed court ordered w

Re: Abuse@ contacts

On Tue, Dec 7, 2010 at 11:39 AM, Gavin Pearce wrote: > Hello, > > > > After a weekend of heavy spam last month, we decided to fire some > reports over to the abuse contacts for each relevant IP or domain - some > US/Europe based, others from more "obscure" locations. > > > > We've not had a reply

Re: A fascinating piece of spam

same, sent via yahoomail webmail (I think): srcaddr: 173.208.103.211 On Tue, Dec 7, 2010 at 8:46 PM, Scott Weeks wrote: > > > --- s...@cs.columbia.edu wrote: > From: Steven Bellovin > > Yup, same purported sender... > > > > >From what company?  So we don't ma

Re: Mastercard problems

On Wed, Dec 8, 2010 at 12:34 PM, Jack Bates wrote: > > > On 12/8/2010 11:28 AM, William McCall wrote: > >> >> Are you prepared for "informaton terrorism" laws? >> > > > DOS attacks are already illegal. I question the ability to track responsible > parties down and have appropriate proof to actuall

Re: Mastercard problems

On Wed, Dec 8, 2010 at 3:06 PM, Philip Dorr wrote: > The problem is that they were also slashdotted.  The logs would also have a > large number of unrelated. pro-tip: the tool has a pretty easy to spot signature. -chris

Re: Mastercard problems

On Thu, Dec 9, 2010 at 3:49 AM, William Pitcock wrote: > On Thu, 2010-12-09 at 18:34 +1100, Ben McGinnes wrote: >> On 9/12/10 8:04 AM, Christopher Morrow wrote: >> > pro-tip: the tool has a pretty easy to spot signature. >> >> What is that signature? >> > &

Re: Over a decade of DDOS--any progress yet?

On Fri, Dec 10, 2010 at 5:51 PM, Joel Jaeggli wrote: > On 12/10/10 12:33 PM, Drew Weaver wrote: >> Nobody has really driven the point home that yes you can purchase a >> system from Arbor, RioRey, make your own mitigation system; what-have >> you, but you still have to pay for the transit to diges

Re: Over a decade of DDOS--any progress yet?

o much higher than that. If a customer continuously abused the 'limit' they may have been boosted to the next tier, but... I'd not ever seen that done. 3250/month... easy, peasy. -chris > Jeff > > > On Sun, Dec 12, 2010 at 12:05 AM, Christopher Morrow > wrote: >&g

Re: Over a decade of DDOS--any progress yet?

On Sun, Dec 12, 2010 at 12:42 AM, Aaron Glenn wrote: > On Sun, Dec 12, 2010 at 12:05 AM, Christopher Morrow > wrote: >> >> verizon's ddos service was/is 3250/month flat... not extra if there >> was some sort of incident, and completely self-service for the &g

Re: Over a decade of DDOS--any progress yet?

On Mon, Dec 13, 2010 at 8:49 AM, Drew Weaver wrote: > > verizon's ddos service was/is 3250/month flat... not extra if there > was some sort of incident, and completely self-service for the > customer(s). Is 3250/month a reasonable insurance against loss? > (40k/yr or there abouts) > > -chris

Re: Over a decade of DDOS--any progress yet?

On Mon, Dec 13, 2010 at 8:52 AM, Drew Weaver wrote: > I'm certain there are thresholds to that. Carrier grade mitigation > solutions will start low and ramp up to 5, 6, 7, etc. figures > depending on the attack and amount of bandwidth to be filtered among > other variables. > > > My point was

Re: Over a decade of DDOS--any progress yet?

On Mon, Dec 13, 2010 at 3:29 PM, Kevin Oberman wrote: >> Date: Mon, 13 Dec 2010 10:09:16 -0500 >> From: Christopher Morrow >> if you find that guy, maybe they'll also be the mythical unicorn of a >> sales person who will sell you ipv6 transit too? > > Unless

Re: DDoS Detection with netflow?

On Wed, Dec 22, 2010 at 3:07 PM, Thomas Magill wrote: > Has anyone run across any DDoS/anomoly detection applications that are based > on netflow, preferable v9?  I ran across a really old application called > Panoptis, but it does not appear to have any recent development.  Does anyone > have

Re: Public Wireless access (ticket / token / schedule based)

On Mon, Dec 27, 2010 at 11:50 PM, Robert E. Seastrom wrote: > Assuming that this is for your offices not your retail outlets... > > Is there some reason you can't run it wide open without even so much > as a captive-portal-check-the-box thing?  All of the commercial boxes > I've seen for doing wha

Re: Wireless IPv6

On Tue, Dec 28, 2010 at 10:58 AM, Cameron Byrne wrote: > Folks, > > I googled around and could not find anything on this.  Can anyone > share their experience with IPv6 on the Verizon's LTE network?  It is I had thought the capable devices weren't hitting the market for ~2-3 weeks still?[0] > my

Re: Wireless IPv6

On Tue, Dec 28, 2010 at 1:15 PM, wrote: > On Tue, 28 Dec 2010 12:49:37 EST, Christopher Morrow said: > >> on this, I HOPE vzw does the right thing and launches with v4/v6 >> dualstack on the devices in all regions where deployment happens. I ^^ (no

Re: Wireless IPv6

On Tue, Dec 28, 2010 at 3:20 PM, wrote: > On Tue, 28 Dec 2010 13:54:38 EST, Christopher Morrow said: >> On Tue, Dec 28, 2010 at 1:15 PM,   wrote: >> > On Tue, 28 Dec 2010 12:49:37 EST, Christopher Morrow said: >> > >> >> on this, I HOPE vzw does

Re: Specific Network Querying

On Wed, Dec 29, 2010 at 2:01 PM, John Adams wrote: > On Wed, Dec 29, 2010 at 6:01 AM, J. Oquendo wrote: >> >> Good morning and happy holidays all. I'm in the process of creating an >> automated filtering application and would like to know if anyone can >> point me to the right place. I'd like to

Re: FAA - ASDI servers

On Tue, Jan 4, 2011 at 10:25 PM, Ryan Finnesey wrote: > Is anyone on the list from the FAA?  I am trying to find out if we can > connect to the ASDI servers via IPv6. vacuum tubes don't do ipv6.

Re: FAA - ASDI servers

On Tue, Jan 4, 2011 at 10:39 PM, Ryan Finnesey wrote: > Very true but why the reference to vacuum tubes? sadly it was an FAA computer system joke. > -Original Message- > From: christopher.mor...@gmail.com [mailto:christopher.mor...@gmail.com] On > Behalf Of Christopher M

Re: FAA - ASDI servers

On Tue, Jan 4, 2011 at 10:50 PM, Menerick, John wrote: > Every joke has a bit of truth.  For instance, until recently (last 10 > years?), O'hare's traffic controllers relied upon vacuum tube technology to > perform their job. yea, I was really referring to the ATC part of the FAA I suppose... I

Re: Experiences with Comcast Ethernet

On Tue, Jan 4, 2011 at 4:05 PM, Dylan Ebner wrote: > My company has about 2 dozen Comcast business cable accounts at satellite > offices around the > Midwest. We are looking at adding an additional ISP to the mix and we are > thinking of purchasing an you are looking at an additional ISP, like

ARIN and the RPKI (was Re: AltDB?)

Sorry for the subject change, it seems now we're talking about something perhaps more relevant to me (security and routing stuff) On Wed, Jan 5, 2011 at 5:32 PM, Randy Bush wrote: > i have a rumor that arin is delaying and possibly not doing rpki that > seems to have been announced on the ppml li

Re: ARIN and the RPKI (was Re: AltDB?)

On Wed, Jan 5, 2011 at 11:16 PM, Randy Bush wrote: >> We need at least these things to exist: >>   o an accurate mapping of resource (netblock/asn) to >>     authorized-entity (RIR/NIR/LIR/Customer/...) >>   o a system to manage this data for our routing equipment > > see all the sidr documents in

Re: Announcing the Community FlowSpec trial

On Wed, Jan 5, 2011 at 7:51 PM, Richard A Steenbergen wrote: > On Wed, Jan 05, 2011 at 05:46:36PM -0600, John Kristoff wrote: >> Friends and colleagues, >> >> At NANOG 48 I talked about a community flow-spec service we were >> looking at trying to make work.  This is the idea of using IETF RFC >>

Re: ARIN and the RPKI (was Re: AltDB?)

On Wed, Jan 5, 2011 at 11:30 PM, Dobbins, Roland wrote: > > On Jan 6, 2011, at 11:16 AM, Randy Bush wrote: > >> actually, the formal rpki-based origin-validation stuff is measured to take >> *less* cpu, a lot less, than ACLs > > On the platforms which really matter in terms of rPKI, ACLs are hand

Re: AltDB?

On Thu, Jan 6, 2011 at 1:21 AM, David Conrad wrote: > On Jan 5, 2011, at 12:32 PM, Randy Bush wrote: >> i have a rumor that arin is delaying and possibly not doing rpki that >> seems to have been announced on the ppml list (to which i do not >> subscribe). > > I heard about the delay, but not abou

Re: ARIN and the RPKI (was Re: AltDB?)

On Thu, Jan 6, 2011 at 2:03 PM, Kevin Oberman wrote: >> Date: Thu, 06 Jan 2011 14:24:01 +0900 >> From: Randy Bush >> >> > I think ACLs here means prefix-lists ... or I hope that's what Randy >> > meant? >> >> sorry.  yes, irr based prefix lists.  and, sad to say, data which have >> sucked for 15+

Re: AltDB?

On Sat, Jan 8, 2011 at 1:10 PM, Jon Lewis wrote: > Getting back to the original topic...sort of: thanks! > [1] Don't care is probably too strong.  At this point in time, I don't think > it makes sense to get hung up on it and refuse to do any authentication if > we're not doing RPKI, but not imp

Re: AltDB?

On Sat, Jan 8, 2011 at 2:58 PM, Abhijit Phanse wrote: > Could you please remove all @unitedlayer.com addresses from this > distribution. > > Thanks in advance. I think you mean to ask this of nanog-admin ... though honestly @unitedlayer.com folks CAN request that themselves (with the associated m

Re: Routing Suggestions

On Fri, Jan 14, 2011 at 8:54 AM, Dorn Hetzel wrote: >> >> Randy, I know my solution was right.  I don't need your blessing. >> >> Go fuck yourself. >> >> > > It's nice to see we've really elevated the level of discourse around here :) yea... back to the coffee urn for me! (sometimes folks have h

Re: [arin-announce] ARIN Resource Certification Update

On Mon, Jan 24, 2011 at 9:02 PM, Joe Abley wrote: > > On 2011-01-24, at 20:24, Danny McPherson wrote: > >> >> Beginning to wonder why, with work like DANE and certificates in DNS >> in the IETF, we need an RPKI  and new hierarchical shared dependency >> system at all and can't just place ROAs in

Re: [arin-announce] ARIN Resource Certification Update

On Mon, Jan 24, 2011 at 11:27 PM, Steven Bellovin wrote: > > On Jan 24, 2011, at 10:31 30PM, Christopher Morrow wrote: >> it's not the best example, but I know that at UUNET there were plenty >> of examples of the in-addr tree not really following the BGP path. >> &

Re: [arin-announce] ARIN Resource Certification Update

On Mon, Jan 24, 2011 at 11:52 PM, Roland Dobbins wrote: > > On Jan 25, 2011, at 11:35 AM, Christopher Morrow wrote: > >> thinking of using DNS is tempting > > > The main arguments I see against it are: > > 1.      Circular dependencies. in the end though... if you

Re: Found: Who is responsible for no more IP addresses

On Thu, Jan 27, 2011 at 11:29 AM, Brian Johnson wrote: > I'm a bit torn on this issue. I haven't even heard any other "main-stream" > sources say anything on this topic. But Incorrect info is bad too. > > I hope the viewers who watched this are getting the gist that "Something > wicked this way

Re: Found: Who is responsible for no more IP addresses

On Thu, Jan 27, 2011 at 1:34 PM, Brian Johnson wrote: > I really wish people would keep their personal/political bias outside the > list unless it is specific and relevant. What other "main-stream" news > organization has made any reports on this issue? > > To be clear, FOX screwed this up big t

Re: Connectivity status for Egypt

On Fri, Jan 28, 2011 at 2:44 AM, Jake Khuon wrote: > I guess this begs the question of whether or not we're seeing actual > layer1 going down or just the effects of mass BGP withdrawals.  Are we > seeing lights out on fibre links or just peering sessions going down? > Both could still point to a

Re: 3500 Egyptian prefixes?

On Fri, Jan 28, 2011 at 2:01 PM, Iljitsch van Beijnum wrote: > On the Renesys blog > http://www.renesys.com/blog/2011/01/egypt-leaves-the-internet.shtml > it says that 3500 prefixes disappeared. 1% of the global table seems a lot, > especially considering that according to AfriNIC Egypt only has

Re: Connectivity status for Egypt

On Fri, Jan 28, 2011 at 3:51 PM, Alastair Johnson wrote: > For instance, our corporate WAN links into Cairo are still up (UUNET PIP). that's the MCI PIP...

Re: Connectivity status for Egypt

On Fri, Jan 28, 2011 at 4:18 PM, Christopher Morrow wrote: > On Fri, Jan 28, 2011 at 3:51 PM, Alastair Johnson wrote: > >> For instance, our corporate WAN links into Cairo are still up (UUNET PIP). > > that's the MCI PIP... probably the .EG parts of that PIP are provid

Re: Connectivity status for Egypt

On Fri, Jan 28, 2011 at 5:32 PM, jim deleskie wrote: > iMCI or WCOM? :) w (technically the folks that engineered it were mci folk... from texas. > On Fri, Jan 28, 2011 at 5:18 PM, Christopher Morrow > wrote: >> >> On Fri, Jan 28, 2011 at 3:51 PM, Alastair Johnson wrote:

Re: help needed - state of california needs a benchmark

On Sat, Jan 29, 2011 at 1:29 PM, Jeff Richmond wrote: > Mike, nothing is perfect, so let's just start with that. What the FCC has > done to measure this is to partner with Sam Knows and then have friendly DSL > subs for the participating telcos to run modified CPE firmware to test > against the

Re: Level 3's IRR Database

On Mon, Jan 31, 2011 at 1:17 PM, Andree Toonk wrote: > Hi Randy, > > .-- My secret spy satellite informs me that at 11-01-30 11:18 PM  Randy Bush > wrote: > >> so i am not sure what your point is.  please clarify with a concrete >> example. > > Adjusting a route's degree of preference in the selec

Re: Level 3's IRR Database

On Mon, Jan 31, 2011 at 3:55 PM, Andree Toonk wrote: > .-- My secret spy satellite informs me that at 11-01-31 12:11 PM Christopher > Morrow wrote: >> yes, but what is the way forward? > > Not sure, that was my original question: > Are there any suggestions or recommendati

Re: APNIC description: "unknown"

On Mon, Jan 31, 2011 at 11:14 PM, Owen DeLong wrote: > Interesting... "The Leadig Provider in Dhaka" is using hijacked addresses. botswana (not the same direct area. but one I happened to notice this same thing happening with this weekend) ;; QUESTION SECTION: ;bw.

Re: APNIC description: "unknown"

SNET descr: Botswana Telecommunications Corporation descr: Independance Avenue, Government Enclave (the 41 block in the original email does just show as allocated to AFRINIC only though) -Chris On Mon, Jan 31, 2011 at 11:29 PM, Christopher Morrow wrote: > On Mon, Jan 31, 2011 at 11:14 PM

Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)

On Sun, Jan 30, 2011 at 2:55 PM, Martin Millnert wrote: > Here be dragons, > It should be fairly obvious, by most recently what's going on in > Egypt, why allowing a government to control the Internet is a Really > Bad Idea. > how is the egypt thing related to rPKI? How is the propsed rPKI work

Re: Last of ipv4 /8's allocated

On Tue, Feb 1, 2011 at 1:49 PM, Brian Christopher Raaen wrote: > On Tuesday, February 01, 2011 01:41:21 pm Rodrick Brown wrote: >> http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.xml >> >> Sent from my iPhone 4. > > Not quite, I still show 102/8, 103/8, 104/8, 179/8, and 185/

Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)

On Tue, Feb 1, 2011 at 4:33 PM, Michael Hallgren wrote: > Le mardi 01 février 2011 à 12:14 -0500, Christopher Morrow a écrit : >> countries do not have RIR's, countries have NIR's... regions have RIR's. > > In this context, at least, perhaps the NIR should

Re: A top-down RPKI model a threat to human freedom? (was Re: Level 3's IRR Database)

On Tue, Feb 1, 2011 at 6:13 PM, Dongting Yu wrote: > Since we are already talking about RIRs, I am curious, who will sign > the legacy blocks in RPKI? my recollection is that IANA COULD do that... (presuming a single root of the tree not 5 roots) -chris

Re: quietly....

On Tue, Feb 1, 2011 at 11:32 PM, Skeeve Stevens wrote: > Not necessarily. > > There was a proposal passed at ARIN and I have a similar one proposed for (I think you mean, or the one dave farmer's been working on for a time now

Re: FW: Updated ARIN allocation information

On Wed, Jan 29, 2014 at 5:16 PM, Seth Mattinen wrote: > On 1/29/14, 14:01, Leslie Nobile wrote: >> >> Additionally, ARIN has placed 23.128.0.0/10 in its reserves in accordance >> with the policy "Dedicated IPv4 block to facilitate IPv6 Deployment" (NRPM >> 4.10). There have been no allocations m

Re: BGP multihoming

On Wed, Jan 29, 2014 at 3:45 PM, Michael Braun (michbrau) wrote: > Does > that cause any problems where address space is being advertised from a > non-assigned AS? how do you mean 'non-assigned' ? perhaps you have an example in the routing system today you could point at?

Re: TWC (AS11351) blocking all NTP?

On Mon, Feb 3, 2014 at 12:42 PM, Peter Phaal wrote: > Why burn the village when only one house is the problem? I thought > there might be some interest in hearing about work being done to use > SDN to automatically configure filtering in existing switches and > routers to mitigate flood attacks. >

Re: TWC (AS11351) blocking all NTP?

On Mon, Feb 3, 2014 at 2:42 PM, Peter Phaal wrote: > On Mon, Feb 3, 2014 at 10:16 AM, Christopher Morrow > wrote: >> On Mon, Feb 3, 2014 at 12:42 PM, Peter Phaal wrote: >> There's certainly the case that you could drop acls/something on >> equipment to selec

Re: TWC (AS11351) blocking all NTP?

direct you at: <https://www.nanog.org/resources/tutorials> and particularly at: "Tutorial: ISP Security - Real World Techniques II" <https://www.nanog.org/meetings/nanog23/presentations/greene.pdf> On Mon, Feb 3, 2014 at 5:16 PM, Peter Phaal wrote: > On Mon, Feb 3, 2

Re: TWC (AS11351) blocking all NTP?

On Mon, Feb 3, 2014 at 7:40 PM, Glen Turner wrote: > > On 4 Feb 2014, at 9:28 am, Christopher Morrow wrote: > >> wait, so the whole of the thread is about stopping participants in the >> attack, and you're suggesting that removing/changing end-system >> switch/

Re: TWC (AS11351) blocking all NTP?

-larry directly since I'm sure he's either tired of this, or already reading it via the nanog subscription. On Mon, Feb 3, 2014 at 7:54 PM, Peter Phaal wrote: > On Mon, Feb 3, 2014 at 2:58 PM, Christopher Morrow > wrote: >> wait, so the whole of the thread is about stoppi

Re: TWC (AS11351) blocking all NTP?

On Tue, Feb 4, 2014 at 1:52 PM, William Herrin wrote: > On Tue, Feb 4, 2014 at 1:45 PM, Laszlo Hanyecz wrote: >> Why not just provide a public API that lets users specify which >> of your customers they want to null route? > > They're spoofed packets. There's no way for anyone outside your AS to

Re: TWC (AS11351) blocking all NTP?

On Tue, Feb 4, 2014 at 2:28 PM, William Herrin wrote: > On Tue, Feb 4, 2014 at 2:08 PM, Doug Barton wrote: >> On 02/04/2014 08:04 AM, William Herrin wrote: >>> If just three of the transit-free networks rewrote their peering >>> contracts such that there was a $10k per day penalty for sending >>>

Re: BCP38 [Was: Re: TWC (AS11351) blocking all NTP?]

I here tell the spoofer project people are looking to improve their data and stats... And reporting. On Feb 5, 2014 1:08 PM, "Livingood, Jason" < jason_living...@cable.comcast.com> wrote: > Cool, thanks for the pointed. Now if we could get the data by ASN and > publish it on a site like bcp38.info

Re: Done a physical security audit lately?

hard to do physical security protections on a 1.5mile radius around your assets, eh? reference: also, see vijay's presentation: (slide 12) -chris (point about general physica

Re: Done a physical security audit lately?

On Wed, Feb 5, 2014 at 3:24 PM, Azinger, Marla wrote: > http://www.youtube.com/watch?v=NOZM5ZwN0kM > > nope not a problem wait, wait, wait... check out the video at :54 is that an f'ing unicorn?? I think it is! > > -Original Message- > From: Christopher Mo

Re: BCP38 is hard; let's go shopping!

On Wed, Feb 5, 2014 at 4:46 PM, Jay Ashworth wrote: > - Original Message - >> From: "joel jaeggli" > >> > As I've noted, I'm not sure I believe that's true of current generation >> > gear, and if it *is*, then it should cost manufacturers business. >> >> There are boxes that haven't aged

Re: OpenNTPProject.org

On Sun, Feb 16, 2014 at 11:09 PM, Lyndon Nerenberg wrote: > > On Feb 16, 2014, at 7:59 PM, Mark Tinka wrote: > >> Juniper's Junos implementation (which is based on FreeBSD) >> hasn't been patched >> >> Using firewall filters is the only way to mitigate the >> vulnerability. > > But doesn't the Ju

Re: OpenNTPProject.org

On Sun, Feb 16, 2014 at 11:42 PM, Mark Tinka wrote: > On Monday, February 17, 2014 06:35:46 AM Lyndon Nerenberg > wrote: > >> I was suggesting it as an alternative to just chopping >> off NTP at your border. Presumably it would be a >> one-off thing until Juniper issues a patch. > > In Junos, app

Re: random dns queries with random sources

On Tue, Feb 18, 2014 at 10:44 PM, Dobbins, Roland wrote: > > On Feb 19, 2014, at 10:08 AM, Joe Maimon wrote: > >> What is the purpose of this? > > Resource-exhaustion attack against the recursive DNS? so... i could be nuts, but in the example joe clipped, the resolved hosts are either: 66.199.13

Re: random dns queries with random sources

On Tue, Feb 18, 2014 at 10:47 PM, Christopher Morrow wrote: > On Tue, Feb 18, 2014 at 10:44 PM, Dobbins, Roland wrote: >> >> On Feb 19, 2014, at 10:08 AM, Joe Maimon wrote: >> >>> What is the purpose of this? >> >> Resource-exhaustion attack against th

Re: question about AS relationship

On Thu, Feb 20, 2014 at 3:14 AM, Song Li wrote: > Hi everyone, > > I have one simple question: as for AS relationship, should customer tell its > provider the AS# of its own customers, or the provider have the right to > require its customers to do that? in an ideal world the ISP is filtering pre

Re: question about AS relationship

's filters." -chris (and as someelse pointed out: "If they use BGP and expect global reachabilty... then the information isn't private anyway.") > -- > Sky Li > > >> On Thursday, February 20, 2014 08:09:35 PM Christopher >> Morrow wrote: >> >

Re: Managing IOS Configuration Snippets

On Wed, Feb 26, 2014 at 6:27 PM, Ryan Shea wrote: > Robert - all great suggestions. Big cross-vendor configuration generation > and deployment is outside the scope of what I was hoping for here. The goal > is to have the version information somehow encoded into the configuration, > and I'm not sur

Re: Verizon FIOS IPv6?

On Thu, Feb 27, 2014 at 9:18 PM, Stephen Frost wrote: > I echo the 'good luck' and ditto on the experience. > > There's a lot of people anxious to get IPv6 on FIOS, but there seems to > be precious little movement over there. > it really is just an embarrassment :( perhaps shame will work to moti

Re: Verizon FIOS IPv6?

On Thu, Feb 27, 2014 at 9:48 PM, Stephen Frost wrote: > * Christopher Morrow (morrowc.li...@gmail.com) wrote: >> On Thu, Feb 27, 2014 at 9:18 PM, Stephen Frost wrote: >> > There's a lot of people anxious to get IPv6 on FIOS, but there seems to >> > be pre

Re: Managing IOS Configuration Snippets

On Thu, Feb 27, 2014 at 8:38 PM, Keegan Holley wrote: > Putting aside the fact that snippets aren't a good way to conceptualize > deployed router code, my gut still tells me to question the question here. > The first is does this stuff change often enough to warrant a fancy > versioning soluti

Re: Managing ACL exceptions (was Re: Filter NTP traffic by packet size?)

On Fri, Feb 28, 2014 at 9:02 AM, Ray Soucy wrote: > If you have uRPF enabled on all your access routers then you can > configure routing policy such that advertising a route for a specific > host system will trigger uRPF to drop the traffic at the first hop, in > hardware. note that 'in hardware'

<    2   3   4   5   6   7   8   9   10   11   >