On Tue, Dec 14, 2010 at 10:20 PM, Beavis pfu...@gmail.com wrote:
I come across this interesting link.
http://blogs.techrepublic.com.com/security/?p=4828tag=nl.e036
Is ICANN really that susceptible to govt. pressure?
I only see chaos ahead specially with ipv6 coming into the scene.
ICANN is
On Wed, Dec 15, 2010 at 7:28 AM, mikea mi...@mikea.ath.cx wrote:
More to the point, I think it wouldn't be an NDA, but a security
classification on the knowledge of the backdoors, and probably one not
subject to automatic downgrading.
Someone working on a classified project or having access to
On Thu, Jan 6, 2011 at 4:00 PM, Deepak Jain dee...@ai.net wrote:
Wouldn't a number of problems go away if we just, for now, follow the IPv4
lessons/practices like allocating the number of addresses a customer needs ---
say /122s or /120s that current router architectures know how to handle --
On Mon, Jan 24, 2011 at 7:39 AM, Florin Veres flo...@futurefreedom.ro wrote:
Hey guys,
Do any of you have any idea if it's possible to upload configuration from a
script (prefix-list updates in this case) to a JunOS device (MX)?
For Cisco devices I'm doing it using rcp.
From config mode use
On Thu, Jan 27, 2011 at 8:49 AM, Jared Mauch ja...@puck.nether.net wrote:
On Jan 26, 2011, at 8:33 PM, Owen DeLong wrote:
I expect that in ~3 years, we will see dual-stack and /64's handed out in
conjunction with an IPv4 address as common.
The ipv6 zealots talking about anything but a /64 for
On Mon, Jan 31, 2011 at 3:42 PM, Jeffrey Lyon
jeffrey.l...@blacklotus.net wrote:
One cannot be owned by a carrier and remain carrier neutral.
My two cents,
Agreed. An organization being a fully owned subsidiary of one carrier,
and claiming to be completely carrier neutral, is an indelible
On Mon, Jan 31, 2011 at 5:36 PM, Carlos Martinez-Cagnazzo
carlosm3...@gmail.com wrote:
That was it :-) so long IPv4! It's been a great ride!
IPv4's not dead yet; even the first RIR exhaustion probable in 3 -
6 months doesn't end the IPv4 ride.
There is some hope more IPv4 organizations will
On Mon, Jan 31, 2011 at 10:00 PM, Ernie Rubi erne...@cs.fiu.edu wrote:
[snip]
shareholders and dividends to pay out) engage in competition and cannot be
'neutral' in at least one definition of the word.
There is nothing wrong with a non-neutral facility, being a non-neutral
operator of a
On Mon, Jan 31, 2011 at 11:00 PM, Martin Millnert milln...@gmail.com wrote:
This has come up before, in 2007, and earlier,
http://www.merit.edu/mail.archives/nanog/2007-10/msg00487.html
Way too late now for unreserving 240/4 to help.
Now, if it had been unreserved in 2003 or so, there might
On Wed, Feb 2, 2011 at 7:10 PM, Brandon Butterworth
bran...@rd.bbc.co.uk wrote:
Just need to add default route in there and make dhcpd do RA
then the user can turn off RA on their routers and not care
that DHCPv6 doesn't include default router.
Having a DHCP server generate RA messages kind
On Wed, Feb 2, 2011 at 10:34 PM, Jay Ashworth j...@baylink.com wrote:
[snip]
I won't run an edge-network that *isn't* NATted; my internal machines
have no business having publicly routable addresses. No one has *ever*
provided me with a serviceable explanation as to why that's an invalid
On Wed, Feb 2, 2011 at 11:18 PM, Jay Ashworth j...@baylink.com wrote:
Justify, yourself in turn, small number. My personal estimate of the
number of NATted edge networks is well north of 75%, on a network count
You don't get to count all NAT'ed IPv4 edge networks the same.
Only the number of
On Thu, Feb 3, 2011 at 1:34 PM, Jay Ashworth j...@baylink.com wrote:
I strongly suspect that his question is actually Does ARIN have any
enforceable legal authority to compel an entity to cease using a
specific block of address space, absent a contract?
ARIN has about as much to do with
On Fri, Feb 4, 2011 at 4:28 PM, Daniel Seagraves
dseag...@humancapitaldev.com wrote:
On Feb 4, 2011, at 3:51 PM, Patrick W. Gilmore wrote:
How many addresses do I have to be using for it to count as in use? How high
will that number go in the next few months/years?
The most important thing
On Sat, Feb 5, 2011 at 1:24 PM, John Curran jcur...@arin.net wrote:
ARIN allows legacy holders to update their registration information, in
fact, we even allow such via ARIN Online. No agreement is required with
ARIN; we provide this service as well as WHOIS and reverse DNS without
On Sun, Feb 6, 2011 at 11:15 AM, Joel Jaeggli joe...@bogus.com wrote:
So assuming this operates on a pollution model the victims of routing
table bloat are compensated by the routing table pollutors for the use
of the slots which they have to carry. so I take the marginal cost of
In this case
On Tue, Feb 8, 2011 at 10:24 PM, Vikas Sharma vikasshar...@gmail.com wrote:
Hi, I am looking for the recommendation for core interfaces IP addressing
schema
for Ipv6. Some different views are (PE- P - PE, point to point link) as
below -
1- Use Public Ipv6 with /122 and do not advertise to
On Wed, Feb 9, 2011 at 10:17 PM, Paul Vixie vi...@isc.org wrote:
David Conrad d...@virtualized.org writes:
whether either DEC or HP could have qualified for a /8 under current rules,
since the basis for these (pre-RIR) allocations was that they needed more
than a /16 and these were the days
On Fri, Feb 18, 2011 at 1:13 PM, Max Pierson nmaxpier...@gmail.com wrote:
Anyone out there using something other than rrdtool for creating graphs?? I
have a project that will need a trend taken, and unfortunately rrdtool
doesn't fit the bill. All of the scripting, data collection,
database
On Fri, Feb 18, 2011 at 2:24 AM, Zed Usser zzu...@yahoo.com wrote:
Basic Internet services will work (web browsing, email, Facebook,
Youtube,...), but:
- Less torrenting
- Less Netflix watching
- Less FTP downloads
- Less video streaming in general (webcams, etc.)
You might take a hit on
On Tue, Mar 1, 2011 at 3:16 PM, Franck Martin fra...@genius.com wrote:
Don't forget there is no commission for the salesperson to enable IPv6 for
you, so definitively they are not interested and you asking them to deal with
the issue, will just lower their pay at the end of the month because
On Tue, Mar 15, 2011 at 8:11 AM, Andrew Elliott andrel...@yahoo.com wrote:
How much are SP's charging and what are the thresholds? What are default
allocations based on? (ie: size of the circuit, type of product, etc...)
For IPv4, there are policies provided by ARIN for this; they come
from
On Thu, Mar 24, 2011 at 10:07 PM, Matthew Kaufman matt...@matthew.at wrote:
On 3/24/2011 7:59 PM, Jimmy Hess wrote:
Because that's what IP addresses are. Totally worthless unless community
participants voluntarily route traffic for those IPs to the assignee.
Would de-peer with Microsoft
On Mon, Mar 28, 2011 at 5:18 PM, Wil Schultz wschu...@bsdboy.com wrote:
I'm attempting to find out information on the SEO implications of testing
ipv6 out.
A couple of concerns that come to mind are:
1) www.domain.com and ipv6.domain.com are serving the exact same content.
Typical SEO
On 10/8/12, valdis.kletni...@vt.edu valdis.kletni...@vt.edu wrote:
On Sun, 07 Oct 2012 16:47:18 -0400, Tom Limoncelli said:
Have there been studies on how much latency CGN adds to a typical
internet user? I'd also be interested in anecdotes.
Should we include the time spent talking to the
On 10/11/12, William Herrin b...@herrin.us wrote:
On Thu, Oct 11, 2012 at 6:06 PM, Randy Carpenter rcar...@network1.net
wrote: How many sites do you have? If less than 192, /44 is
perfect, unless some of those sites require more than
a /48. Then, it gets more complicated :-)
We're having a
On 10/11/12, shawn wilson ag4ve...@gmail.com wrote:
in the past, i've done many different things to create entropy -
encode videos, watch youtube, tcpdump -vvv /dev/null, compiled a
kernel. but, what is best? just whatever gets your cpu to peak or are
You are referring to the entropy pool
On 10/11/12, Jonathan Lassoff j...@thejof.com wrote:
Yes, but then you're also introducing a way for an external attacker
to transmit data that can be mixed into your entropy pool.
The binary operations used to 'mix in' data preserve entropy, when
non-random data is mixed in, given the
On 10/14/12, Jonathan Lassoff j...@thejof.com wrote:
I've yet to see a solid methodology for detecting NATing devices,
short of requiring 802.1x authentication using expiring keys and
one-time passwords. :p
Or implement network access protection, w IPsec between the hosts
and the resources
On 10/16/12, Darius Jahandarie djahanda...@gmail.com wrote:
On Tue, Oct 16, 2012 at 12:57 AM, Scott Weeks sur...@mauigateway.com
wrote:
I always thought it wasn't allowed because of 18 USC § 2701, but
IINAL, would be happy to hear otherwise :).
18 USC 2701 is not necessarily the only
On 10/16/12, JC Dill jcdill.li...@gmail.com wrote:
It's interesting... though Lava lamps require heat to work, so not
necessarily energy efficient. In theory, you shouldn't really need
the lava lamp part. Just the digital camera part.. operate at a
high ISO, say ISO 3000, dark background,
On 10/14/12, Karl Auer ka...@biplane.com.au wrote:
No-one has said this yet, so I will - why are people working around your
normal network policies? This is often a sign of something lacking that
people need in their daily work. You can often reduce this sort of
While that's no reason to stop
On 10/16/12, Randy Bush ra...@psg.com wrote:
First off, I'm using djbdns internally and it doesn't support
records. So we really aren't using it internally.
if the clutch in my car is broken, should i stop using vehicles?
dump djbdns or get some diehard to tell you how to fix it.
Ah, but
On 10/17/12, Landon Stewart lstew...@superb.net wrote:
it's difficult to decide what to do when it's already an issue. For
example in RFC 1034 section 3.6.2 the use of CNAME's with NS and MX records
is not permitted but other research shows this is widely used even though
its technically
On 10/22/12, Paul Zugnoni paul.zugn...@jivesoftware.com wrote:
[snip]
Any experience or recommendations? Besides replace the ISA proxy…. Since
it's not mine to replace. Also curious whether there's an RFC recommending
against the use of .0 or .255 addresses for this reason.
ISA is old, and
On 10/22/12, Joe Abley jab...@hopcount.ca wrote:
I will further note that just because dnsop can't agree on something doesn't
mean that it's not worth agreeing on.
[snip]
Some of the IETF WGs' members wouldn't be able to agree what color
the sky appears to be on a clear sunny day.
But it is
On 11/1/12, Karl Auer ka...@biplane.com.au wrote:
I espouse four principles (there are others, but these are the biggies):
Sounds like what is suggested is anti-practices, rather than
suggesting affirmative practices.
I would suggest slightly differently.
Complexity results in failure
On 11/11/12, Miquel van Smoorenburg mik...@xs4all.net wrote:
Which isn't really a problem, none of the control plane stuff needs
to run in the kernel. The only thing that needs to run in the
kernel is the device driver(s) to talk to the forwarding plane
Yes. But avoiding kernel mode is a
On 11/8/12, Mikael Abrahamsson swm...@swm.pp.se wrote:
On Thu, 8 Nov 2012, Phil wrote:
NSR isn't ISSU.
The equipment vendors call upgrades with NSR failover, ISSU; if their
marketing people feel that a 0.5 or 6 second hit is good enough..
If you care about the 0.5 seconds, it's important you
On 11/12/12, Jim Mercer j...@reptiles.org wrote:
Hi, Is there a common practice of providers to vet / validate requests to
advertise blocks?
There is a common practice of providers to require an initial Letter
of authorization from the org listed in WHOIS when first setting up,
and manual
On 11/19/12, Van Wolfe vanwo...@gmail.com wrote:
Did anyone else experience issues with NTP today? We had our server
times update to the year 2000 at around 3:30 MT, then revert back to 2012.
Are you sure that you are actually using NTP to set your clock?
For you to sync with 2000, you should
On 11/21/12, Suresh Ramasubramanian ops.li...@gmail.com wrote:
Wait it out as in - you had better examine your mail queues and purge them
of any of the spam that was sent and is still queued up.
It'll still take a day or two after that's done for the blocks to subside.
The majority of
On 11/24/12, John Adams j...@retina.net wrote:
Don't conflate layer 5-7 needs with basic communication requirements. IP is
not the place for this sort of header.
IP is the logical place for this kind of header, as this information
is node dependent, not application dependent.
It would be
25, 2012 at 1:28 AM, Jimmy Hess mysi...@gmail.com wrote:
On 11/24/12, John Adams j...@retina.net wrote:
Don't conflate layer 5-7 needs with basic communication requirements. IP
IP is the logical place for this kind of header, as this information
is node dependent, not application dependent
On 11/26/12, Alex dreamwave...@yahoo.com wrote:
This would be great for troubleshooting things...I agree, but other than
that it would create a whole new plethora of privacy concerns.
Just about every new technology, IP itself included has privacy concerns,
related to it; which is really just
On 11/29/12, William Herrin b...@herrin.us wrote:
If the computer at IP:port:timestamp transmitted child porn, a warrant
for all computers is also too broad. Computers which use said IP
As you know, there may always be some uncertainty about which computer
was using a certain IP address at a
On 12/1/12, Patrick W. Gilmore patr...@ianai.net wrote:
On Nov 30, 2012, at 20:25 , Randy Bush ra...@psg.com wrote:
As for the legal crap, most of what is posted is not on-topic here. There
are laws legal implications which are operational, though. And even
though I am not a lawyer, I need
On 12/1/12, ML m...@kenweb.org wrote:
I'm querying the community on the feasibility of running my own IRR on
behalf of customers whom probably aren't/won't register their own
objects. I'm going down this path since I don't believe RADB or ARIN
would let me register objects on behalf of my
On 12/5/12, Jutta Zalud j...@netzwerklabor.at wrote:
Technically you are right. But then: what is the difference to ISPs?
They offer routing- and DNS- and mail- and other services on
various infrastructure.
ISPs typically have a customer.They know their customer, they
retain sufficient
On 12/17/12, Mark Andrews ma...@isc.org wrote:
In message 34925.1355780...@turing-police.cc.vt.edu,
On Mon, 17 Dec 2012 16:28:28 -0500, Peter Kristolaitis said:
Yeah... degaussing rings consume a lot of energy you shouldn't need
to consume. If you _must_ be able to protect data from
On 12/18/12, Henry Yen he...@aegisinfosys.com wrote:
On Mon, Dec 17, 2012 at 20:45:04AM -0600, Jimmy Hess wrote:
Physical threat is somewhat different than seizure by law enforcement,
though.
I'm not so sure about that. It's a kind of physical threat; the set
of all physical threats
On 12/20/12, Saku Ytti s...@ytti.fi wrote:
On (2012-12-20 03:24 +), Blake Pfankuch wrote:
[snip]
For me, humans would not do much directly with the tool. They'd give it
large chunk of resource. Then maybe mine it to pools like 'coreLink',
'coreLoop', 'custLink', 'custLAN' etc.
Then in
On 12/20/12, Wayne E Bouchard w...@typo.org wrote:
Really, it will remain that way until the bandwidth needs from the
desktop begin to push the GE threshold. Until then, why bother
changing anything? When that does happen, it'll pretty well deal with
itself.
At which point the 8P8C
On 12/20/12, Charles N Wyble charles-li...@knownelement.com wrote:
Zenoss works very well as a cmdb.
Zenoss is very visually appealing, but a monitoring system for network
hosts, not a CMDB.
In particular, except through extensive custom programming, I see no
mechanism to manage CIs with it
On 12/21/12, Naslund, Steve snasl...@medline.com wrote:
I have noticed that too. However it is not the RJ-45 connector's fault.
It is the morons that insist on recessing connectors in places where you
can't get your finger on the tab. I like the patch cords that have the
Likely any connector
On 12/27/12, Blake Pfankuch bl...@pfankuch.me wrote:
It does make no sense, and I would say it is an unusual restriction,
but a CA can put any certificate usage restriction they want in their
policy, and technically, they have likely included a right to audit
and issue out a revokation/CRL for
On 12/14/12, Randy na...@afxr.net wrote:
[snip]
It explained that google is no longer accepting self signed ssl
certificates. It claims that this change will offer[s] a higher level of
security to better protect your information.
Hm... Self-signed certificates, or (worse) the use of
On 12/30/12, Keith Medcalf kmedc...@dessus.com wrote:
Your assertion that using bought certificates provides any security
benefit whatsoever assumes facts not in evidence.
I would say those claiming certificates from a public CA provide no
assurance of authentication of server identity greater
On 12/30/12, John Levine jo...@iecc.com wrote:
Do you ever buy SSL certificates? For cheap certificates ($9
Geotrust, $8 Comodo, free Startcom, all accepted by Gmail), the
entirety of the identity validation is to send an email message to an
address associated with the domain, typically one
In resp, On 1/2/13, valdis.kletni...@vt.edu valdis.kletni...@vt.edu wrote:
There's a bit more trust (not much, but a bit) to be attached to a
cert signed by a reputable CA over and above that you should attach
to a self-signed cert you've never seen before.
[snip]
Absolutely. A certificate
On 1/2/13, William Herrin b...@herrin.us wrote:
Out of curiousity... how did mem...@linkedin.com get subscribed to
nanog and, if it isn't, how did the message from mem...@linkedin.com
make it to the list?
Whatever happened to ' Only humans who bothered to read the directions
and subscribed to
On 1/2/13, Steven Bellovin s...@cs.columbia.edu wrote:
[snip]
It's ashame they've stuck with a hardcoded list of Acceptable CAs
for certain certificates; that would be very difficult to update. The
major banks, Facebook, Hotmail, etc, possibly have not made a
promise to anyone, that all their
On 1/3/13, Maxim Khitrov m...@mxcrypt.com wrote:
On Thu, Jan 3, 2013 at 12:14 AM, Damian Menscher dam...@google.com wrote:
I talked to Google Apps support a few weeks ago, sent them a link to
this discussion, but all they could do is file a feature request.
I am not sure why this would be
On 1/10/13, Nick Hilliard n...@foobar.org wrote:
On 10/01/2013 13:51, Jared Mauch wrote:
- rs232: please no. it's 2013. I don't want or need a protocol which
was designed for access speeds appropriate to the 1980s.
[snip]
Maybe stop with rs232 versus Ethernet, and implement _both_ as
On 1/13/13, John R. Levine jo...@iecc.com wrote:
If I were trying to think of a way to totally destroy the effectiveness of
the IETF, loading it up with millions of dollars that come with political
strings attached would be about the best one I could imagine. Congrats.
Yes, please redirect
On 1/18/13, David Swafford da...@davidswafford.com wrote:
There is no suckerage to V6. Really, it's not that hard. While
CGN is the reality, we need to keep focused on the ultimate goal -- a
Correct. CGN may be part of a transition towards IPv6.Not all
providers are necessarily going to
On 1/18/13, Matt Palmer mpal...@hezmatt.org wrote:
Primarily abuse prevention. If I can get a few thousand people to do
something resource-heavy (or otherwise abusive, such as send an e-mail
somewhere) within a short period of time, I can conscript a whole army of
unwitting accomplices into
On 1/20/13, Warren Bailey wbai...@satelliteintelligencegroup.com wrote:
[snip]
want to play ball, they take what you give with a smile. I would be
curious to see what would happen if a lawful intercept request came
through and the service provider refused to process it. I have been a
The LEAs
On 1/21/13, Matt Palmer mpal...@hezmatt.org wrote:
Nonce on the server is a scalability hazard (as previously discussed). You
It's not really a scalability hazard. Not if its purpose is to
protect a data driven operation, or the sending of an e-mail; in
reality, that sort of abuse is
On 1/22/13, Suresh Ramasubramanian ops.li...@gmail.com wrote:
On Tuesday, January 22, 2013, Matt Palmer wrote:
What the article may not tell us is, what the applicable College's
technology policies would be, or what sort of contacts between
student and university staff were taking place.
I
On 1/23/13, Rich Kulawiec r...@gsp.org wrote:
On Mon, Jan 21, 2013 at 02:23:53AM -0600, Jimmy Hess wrote:
Once again: captchas have zero security value. They either defend
(a) resources worth attacking or (b) resources not worth attacking. If
it's (a) then they can and will be defeated
On 1/26/13, Michael Thomas m...@mtcc.com wrote:
Rich Kulawiec wrote:
On Thu, Jan 24, 2013 at 09:50:15AM -0600, Joe Greco wrote:
However, as part of a defense in depth strategy, it can still make
sense.
But defenses have to be *meaningful* defenses. Captchas are a pretend
defense. They're
On 2/11/13, Graham Donaldson gra...@airstripone.org.uk wrote:
On Sat, Feb 09, 2013 at 07:55:59PM -0800, Constantine A. Murenin wrote:
I personally think you're being unreasonable on the bandwidth and latency
expectations, Hotel Internet connections are
there as a convenience rather than some
On 2/21/13, Mark Andrews ma...@isc.org wrote:
RFC 952 as modified by RFC 1123 describe the legal syntax of a hostname.
There is no trailing period.
A hostname is not a domain name, the hostname is just a label, and
has stricter syntax than is allowed in a DNS label; however: When
hostnames
On 2/22/13, Jay Ashworth j...@baylink.com wrote:
RFC103 5.1 is correct in the context of a DNS zonefile.
In other contexts, however, a domain is absolute without a trailing dot.
One example, would be in the case of the SMTP protocol, where
hostnames are required to _always_ be absolute.
In
On 2/25/13, Jay Ashworth j...@baylink.com wrote:
From: Brian Reichert reich...@numachi.com
[snip]
name it's looking up before doing the SSL interaction with the server side,
a process with which I'm not familiar enough to know if the client actually
send the host/domain name to the server end.
On 3/2/13, Constantine A. Murenin muren...@gmail.com wrote:
On 2 March 2013 15:45, Owen DeLong o...@delong.com wrote:
Now, back to ARIN: is Linode doing it right? Is vr.org doing it
wrong? Are they both doing it correct, or are they both wrong?
They have repeatedly disagreed, on two
On 3/17/13, Jon Lewis jle...@lewis.org wrote:
On Sun, 17 Mar 2013, Arturo Servin wrote:
You'd have to get access (cloud VM, dedicated server, etc.) on each
network and see if you can successfully get spoofed packets out to
another network.
If you have packet data about a sufficient number of
On 3/20/13, John Curran jcur...@istaff.org wrote:
On Mar 20, 2013, at 2:25 PM, Owen DeLong o...@delong.com wrote:
However, if there were motivation on the provider side, automated BGP
configuration could enable consumers to attach to multiple providers and
actually reduce support calls
On 3/23/13, Owen DeLong o...@delong.com wrote:
A reliable cost-effective means for FTL signaling is a hard problem without
a known solution.
Faster than light signalling is not merely a hard problem.
Special relativity doesn't provide that information may travel faster
than the maximum
speed C.
On 3/26/13, Dobbins, Roland rdobb...@arbor.net wrote:
On Mar 26, 2013, at 9:51 PM, Jay Ashworth wrote:
Perhaps you should reframe your strategy as security problem, and
show how providers have implemented BCP38, how it is such a common
practice, that not implementing BCP38 may fall short of
On 3/28/13, Jay Ashworth j...@baylink.com wrote:
My understanding has always been different from that, based on the idea
that the carrier to which a customer connects is the only one with which
that end-site has a business relationship, and therefore (frex), the only
one whom that end-site
On 3/28/13, Ben Aitchison b...@meh.net.nz wrote:
On Tue, Mar 26, 2013 at 07:07:16PM -0700, Tom Paseka wrote:
Authoritative DNS servers need to implement rate limiting. (a client
shouldn't query you twice for the same thing within its TTL).
The RFC doesn't say that is a should; a client MAY
On 3/29/13, Scott Noel-Hemming frogstar...@gmail.com wrote:
Some of us have both publicly-facing authoritative DNS, and inward
facing recursive servers that may be open resolvers but can't be
found via NS entries (so the IP addresses of those aren't exactly
publicly available info).
Sounds
On 3/31/13, Karl Auer ka...@biplane.com.au wrote:
On Mon, 2013-04-01 at 15:07 +1100, Mark Andrews wrote:
In message 1364787851.2136.7.camel@karl, Karl Auer writes:
A side effect of NAT is to clamp the source address range
It depends on how the nat is configured.
OK - how does one configure
On 4/1/13, Karl Auer ka...@biplane.com.au wrote:
So it may well be that a particular device, capable of doing NAT and
other things, of NATting some packets but not others, may permit
Yes. Many NAT devices of reasonable quality are fully capable of such things.
And skipping NAT or NAT'ing the
On 4/1/13, Jay Ashworth j...@baylink.com wrote:
It would just be way too much luck and convenience for that to happen
by coincidence.
Once in a while, you win.
The trouble with winning by coincidence or winning as a side-effect...
Do you keep winning?
What happens with IPv6 CPE devices,
On 4/6/13, Keith Medcalf kmedc...@dessus.com wrote:
Although spoofed ICMP redirects mightalso be abused to
intercept/quietly sniff traffic
on a switched LAN;
The default gateway responding with a redirect in that situation
is the normal case where you expect to receive an ICMP redirect. ; in
On 4/6/13, valdis.kletni...@vt.edu valdis.kletni...@vt.edu wrote:
On Sat, 06 Apr 2013 10:38:06 -0400, shawn wilson said:
case, you shouldn't see any valid ICMP redirects. They're there mostly so
things kind-of-sort-of work even if you botch it (so for instance, even if
you whiff your default
On 4/6/13, Matthew Kaufman matt...@matthew.at wrote:
On 4/6/2013 6:24 PM, cb.list6 wrote:
I'd love to see a CGN box that is cheaper than IPv4 addresses currently
are on the transfer market.
You mean like a few linux servers running iptables nat-masquerade?
You think the Carrier Grade in
On 4/11/13, Oliver Garraux oli...@g.garraux.net wrote:
Agreed; but it would seem that unstoppable forces have been set into
motion by ICANN, to cause it to happen, regardless of whether it is
beneficial to the community, and regardless of any objections from the
public...
Yes... let a single
On 3/21/13, Constantine A. Murenin muren...@gmail.com wrote:
Does it sound too complicated and pointy? Yes, it's not exactly
trivial, and not as good as BGP, but better than having 300ms latency
from a simple round-robin.
It sounds like you are asking about Geolocation, when what you really
On 4/19/13, Dave Crocker d...@dcrocker.net wrote:
On 4/19/2013 12:57 PM, Tony Finch wrote:
To reinforce Joe's point, there doesn't even need to be a zone cut for
there to be an administrative cut. There are various ISPs and dynamic DNS
providers that put all their users in the same zone, and
On 4/19/13, Dave Crocker d...@dcrocker.net wrote:
On 4/19/2013 4:33 PM, Jimmy Hess wrote:
[snip]
Absent a view that somehow says all metadata is a security function, I
don't see how the marking of administrative boundaries qualifies as a
security function.
The security function comes
On 4/19/13, Dave Crocker d...@dcrocker.net wrote:
That is only theoretically possible, if every boundary keeper participates.
In reality, you would wind up with some zones having explicit marking,
and most zones not having any marking at all, just because the admin
didn't bother to pick up on
On 4/28/13, Randy Bush ra...@psg.com wrote:
Doing away with IPv4 isn't a sane short-term goal for anyone
who wants global internet connectivity/reachability, period.
Breaking global connectivity is bad. I don't see networks turning off ipv4.
I would favor differentiation of network
On 4/28/13, Randy Bush ra...@psg.com wrote:
-- for example: large Cable providers getting together and agreeing to
implement a 100ms RTT latency penalty for IPv4
we do not see intentionally damaging our customers as a big sales
feature. but we think all our competitors should do so.
Yes, I
On 4/28/13, Owen DeLong o...@delong.com wrote:
I don't see turning IPv4 off as a short-term goal for anyone.
OTOH, I do see the cost of maintaining residential IPv4 service escalating
over about the next 5-7 years.
Yes... Which I interpret to result in an outcome of less service,
for more
On 4/29/13, Jérôme Nicolle jer...@ceriz.fr wrote:
Therefore it is inevitable to reclaim unused address space as long as
there's a demand for IPv4, wich will still be strong as long as major
players refuse to do their jobs.
The RIRs are very limited in what unused resources they could seek to
On 4/29/13, Jakob Heitz jakob.he...@ericsson.com wrote:
That's evil.
Charge what it costs to provide each service.
If and when it costs more to provide IPv4 service (and only then), then
charge more for it.
Which of the below do you suggest is evil? Offering an IPv6 only
service and charging
1 - 100 of 564 matches
Mail list logo
