http://www.circleid.com/posts/psst_interested_in_some_lightly_used_ip_addresses/
Discuss. :-)
I don't entirely understand the process. Here's the flow chart as far
as I've figured it out:
1. A sells a /20 of IPv4 space to B for, say, $5,000
2. A tells ARIN to transfer the chunk to B
3.
I've tried to deal with that a few times - mainly by writing up the
first upstream AS. Usually they don't care (and every time I have
noticed someone blatantly stealing space, it's been spammers).
Has there ever been a case where ARIN has tried to take a block back
from a party to whom they had
Really? So, since so many ISPs are blocking port 25, there's lots less spam
hitting our networks?
It's been extremely effective in blocking spam sent by spambots on
large ISPs. It's not a magic anti-spam bullet. (If you know one,
please let us know.)
workaround. Since, like many of us, I use
That's really the question at hand here -- whether or not there's any
benefit to continuing the never ending arms race game. Some people
think there is. Others question whether anything is really being
accomplished. Certainly we're playing it out like an arms race -- ISPs
block something,
We have proper A+PTR records on the edge MTAs, proper SPF records for
the originating domain, proper Return-Path and other headers, and so
on. There isn't anything that I can think of other than the content
itself which would be abnormal, and obviously the content is
repetitive and can't be
Perm connection from China Netcom? Does anybody have any more info about
this?
http://175.45.179.68/
R's,
John
the possiblity that the government
would have a mandatory do-not-resolve list for networks in the US.
That would be unlikely to stand up in court, viz. the quick failure
of the Pennsylvania child porn IP blacklist, but the process would
be painful while it unfolded.
Regards,
John Levine, jo...@iecc.com
We use OpenSRS and never have these issues. Many of the other major
registrars will freeze domains for whatever reason they choose.
OpenSRS basically fulfills their duties to ICANN and leaves it alone
at that. The only domain I have ever seen them get involved with was
along time ago when someone
I've been pondering IPv6 setups, and I don't understand how IPv6 rDNS
is supposed to work. It's clear enough how you look up any particular
address, but it's not at all clear to me what you put into an rDNS
zone and how you put it there.
In IPv4 land, it is standard to assign matching forward
with IP based blacklists and whitelists,
since spammers could easily use a unique IP address for every message
they ever send. (Please don't argue about that particular issue here,
but feel free to do so in the ASRG.)
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies
and saying by God, this Owen character is right, we're in breach of
contract and his definition of the purity of Internet ports has so
stunned us with its symmetry and loveliness that we shall bow down and
sin no more! Thank you Mr. DeLong from making the blind see again!
More likely uh, oh,
Your right to use a particular set of addresses on a particular
network is not granted by any RIR.
As far as I know, there's no case law about address space assignments.
There's been a bunch of cases where someone stole address space by
pretending to be the original assignee, like the SF Bay
In article 0d7e01cbc58a$340347a0$9c09d6e0$@net you write:
How can someone steal something from you that you don’t own?
Here in the US, until there is statutory or case law, the question of
whether the people with legacy IP space assignments own that space is
entirely a matter of opinion. I
them into the peering/transit negotiations.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
be delighted to run a similar database for IP networks at
a similar price. Of course, that just handles the networks in the
U.S.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
Anyone have a list of MUAs that actually support RFC 2369 with
subscription management widgets in the GUI? Surely someone has written
one but I can't seem to find any documentation to that effect.
Alpine, which has what must be the cruddiest GUI on the planet, does.
Too bad people prefer glitz to
If the creation of .xxx is a preliminary step in making the fact of
your web site only being accessible by a name ending in .xxx an
affirmative defense against a charge of allowing minors to access your
site then
A charge of what? ICM and .XXX are headquartered in Florida. Could
you give some
Suppose, just for the sake of the argument, that a statute or
precedent came about to the effect that a community which permits
access to .xxx sites (by not censoring the DNS) implicitly accepts
that kind of thing isn't obscenity under local law.
If we're doing counterfactuals, let's suppose that
What changed ICANN's mind between the ruling in 2007 and the ruling in 2010?
The growing certainty of an expensive and very embarassing lawsuit if
they turned ICM down. Despite the clear lack of industry support for
.XXX, ICM carefully jumped through every hoop, dotted every i, and
crossed every
... I expect the board and staff really
really would not want to have to answer questions under oath like who
did you talk to at the US Department of Commerce about the .XXX
application and what did you say? and why did you vote against .XXX
when they followed the same
Next, on what basis do you make the claim that .coop and .cat have
failed to attract the predicted support from their nominal communities?
Arithmetic, mostly. There are 40,000 co-ops in the United States,
160,000 in Europe, and apparently several million world-wide, yet
there are only 6700
In article 20592.28334.622769.539...@world.std.com you write:
It's occured to you that FQDNs contain some structured information,
no?
Hey, I've got a great idea. Let's lose this silly phone number
portability nonsense and use phone numbers as routes.
I mean, anyone who moves and takes his cell
Look at TextMagic.
They're in the UK. You might take a look at Aerialink
who are in the US:
http://www.aerialink.com/gateway/options/outbound-sms/
Getting your own cellular modem may well end up being
more reliable and cheaper in the long run, since you are
less at the mercy of other people's
,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
-- SHAREDBAND EMAIL DISCLAIMER --
This e-mail and any attachments are confidential, are intended solely for the
use of the individual to
whom it is addressed and may also be privileged. If you are not the named
recipient, please notify the
sender immediately and do not disclose the contents to
What's anyone really going to do with more than a few IP addresses on a VPS
anyway?
Give every web site its own IP address, rather than using virtual
hosts, I expect.
On the other hand, I suppose if someone has more than a a few dozen web sites
on a single VPS, more likely than not something
Can someone explain me how can I get an block of DID (Telephony numbers)?
As I think recent messages have shown, it's not possible to provide a
useful answer unless you give us some hint about what you want to do
with the traffic from those numbers.
If you want to deliver it via SIP over the
I would say those claiming certificates from a public CA provide no
assurance of authentication of server identity greater than that of a
self-signed one would have the burden of proof to show that it is no
less likely for an attempted forger to be able to obtain a false
bought certificate from a
Neustar has been successful in getting RFC1480-style domain names
effectively discontinued as of maybe a decade ago (we're responsible
for mil.wi.us here) and so any locality stuff under .fl.us is probably
legacy stuff. They'd much rather sell people foo.us ...
If you're wondering about
Any moron can run a DNSBL. Many morons do. But that doesn't mean
that anyone actually uses them.
They are yes. Emails are being blocked due to the listing on spamrats.
Please show us a copy of one of the failure messages. Feel free to
redact any private information, but please leave the IP
No point. address - name - address doesn't work with wildcards.
(Still an IPv6 implementation virgin, just curious :) )
If you want to do generic IPv6 rDNS for all your hosts, you're
stuck with a variety of less than great possibilities.
One is a stunt rDNS server that synthesizes the
*.4.4.3.0.5.a.0.0.8.b.d.0.1.0.0.2.ip6.arpa. PTR a.node.on.vlan344.namn.se.
...will work just fine, for instance.
Since there is no record for a.node.on.vlan344.namn.se., this
won't work fine in any rDNS check I'm aware of.
You are aware that useful rDNS has to have matching forward DNs,
IMHO mail is one of the easiest first things to turn on for IPv6.
You can certainly turn it on, and it will work at the current toy
scale, but nobody has a clue how we're going to scale IPv4 spam
management up for large scale IPv6. Anything that's obvious won't
work.
not worth the trivial amount of money
involved.
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
There'd have to be some organization to negotiate and oversee
international settlements and other, similar, regulations.
Why? The internet has operated just fine without such for quite some time
now.
The Internet is held together with spit and duct tape, and sucks for
connections that need a
The other thing I find interesting about this entire thread is the
assumption by most that a government entity would do a good job as a
layer-1 or -2 provider and would be more efficient than a private company.
Governments, including municipalities, are notorious for corruption, fraud,
waste - you
I'm in the midst of what would be a comedy of errors if it weren't so
annoying. I bought a new Grandstream HT701 VoIP terminal adapter from
a guy on eBay who is apparently an official Grandstream reseller. It
doesn't work. The guy I bought it from (whose support ends at nobody
else has that
As another reference point, I really liked the sipura atas, they were my
personal favorite as far as the gear we used. I don't know how well that
translates to after the linksys takeover though, as I haven't done voice
gear in a few years.
Got a Sipura SPA-1001, can't get it to work, similar
Yes.
In article 215377.1362329...@turing-police.cc.vt.edu you write:
-=-=-=-=-=-
On Sun, 03 Mar 2013 00:24:07 +, Mike Jones said:
Inline Reply
On 2 March 2013 21:58, Constantine A. Murenin muren...@gmail.com wrote:
Dear NANOG@,
Have we *really* sunk so low that inline replies need to
The benefits, if any, of supporting IPv6 now really depend on what
kind of use your organization makes of the Internet. Despite all of
the huffing and puffing, it will be a very long time before there are
interesting bits of the net not visible over IPv4 for common
applications like http and
As a white-hat attempting to find problems to address through legitimate
means, how
do you �
You make friends with people with busy authoritative servers and see
who's querying them.
I suppose you could justify one probe per client and see if they appear to be
open.
R's,
John
If the DS record identifies a different signer, then you have an
administrative split,
or if the e-mail address field in the SOA fields of the parent zone
are different, then you have an administrative split, OR if one of the
two zones has RP (responsible party records), and the list of RP
I don't imagine they will be open to paying extortion prices for IPs
that other people never bothered to use.
You know, sometimes life is just unfair. If they need the space,
they'll have to figure out how to buy it.
In article 51794abf.5040...@mtcc.com you write:
So here is the question I have: when we run out, is there *anything* that
will reasonably allow an ISP to *not* deploy carrier grade NAT? Assuming
that it's death for the ISP to just say no to the long tail of legacy v4-only
sites?
Sure. Enough
the difference,
we're all ears.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Information Superhighwayman wanna-be, http://www.johnlevine.com, ex-Mayor
More Wiener schnitzel, please, said Tom, revealingly.
Is there a competing droplist, that can be compared against
Spamhaus's droplist?
Not that I've ever seen. Nobody else has the breadth of data that
Spamhaus does.
I've been using it for ages and based on zero complaints, it's never
blocked anything that any of my users wanted.
R's,
John
I wonder which ISPs are still doing so. I know comcast has been doing
that but they cancelled it after many complaints. It seems to be the
same case for Verizon.
You're mistaken. Comcast most certainly does port 25 filtering,
although not necessarily on every line at every moment. So does
It's a pity that MAAWG or another group hasn't written a
specification for the automatic downloading of configuration (with
certificates, to be sure, for some kind of repudiation) and the
update thereof, for adoption by the leading consumer e-mail clients.
MAAWG decided it's not in the standards
Fine; re-phrase my question as an organisation currently enjoying
common carrier status.
That would not include any ISP in the United States. (Dunno about Canada.)
As other people have pointed out, telcos are common carriers, ISPs
aren't, not even ISPs that are subsidiaries of telcos. The
Example: I work for a VoIP provider that sells to large customers.
Their customers sell to smaller customers that want to operate their
own small scale VoIP business. No one 2 or 3 levels down knows who we
are, and the people upstream want it that way.
Sure.
Solution? Generic sounding
ab...@btopenworld.com
I'm not sure which is worse:
1) That they filter their abuse mailbox.
2) That they outsource their abuse mailbox (and potentially others) to Yahoo.
BT outsources all of their mail to Yahoo. It actually works pretty well,
either POP or web mail.
R's,
John
Other than DNSSEC, I'm aware of these relatively simple hacks to add
entropy to DNS queries.
1) Random query ID
2) Random source port
3) Random case in queries, e.g. GooGLe.CoM
4) Ask twice (with different values for the first three hacks) and
compare the answers
I presume everyone is doing
spam is one of the most egregious cases of
foisting off costs on others. If you get a toxic block, find a
creative lawyer and sue the former assignee for fraudulent transfer or
something.
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Information
In article a28e70a6-ed1e-4dc0-aaa1-66d723e64...@fattoc.com you write:
On that same note, can someone point me in the direction of an SMS
gateway service? I would like to be able to send SMS messages from my
monitoring systems, but I am unsure about how to go about it.
If your monitoring
The blackholes.us series of RBLs (geotargetted IP space by country)
is no more, hasn't been for awhile. It has now been wildcarded and
answers positive to all queries.
The problem is that the domain has been abandoned, the IP block
where its nameservers live was returned to ARIN and reallocated,
Your scholar is wrong -- or he is giving the simplified explanation
for children and others incapable of rational though and
understanding, and you are believing the summary because it is
simpler for you than understanding the underlying rational.
Ah, the classic nerd legal misconception. Laws
Postini also does outgoing email filtering. Just requires setup.
Based on the amount of spam their customers send me, it doesn't
work very well.
R's,
John
Are passwords still the only lowest-common-denominator?
There's OpenID, where a provider can use any verification process it
wants, but all the OpenID providers I know use ordinary passwords.
R's,
John
I guess I've never really seen the point of publishing a SPF record if
it ends in ~all. What are people supposed to do with that info?
Get your mail delivered to Hotmail, the last significant outpost of
SPF/Sender-ID. Other than that, I agree it's useless.
I also agree that any domain with
I would love to know how the marketplace wants to handle Official Mail,
but I'm not expecting useful answers here.
The marketplace doesn't have a clue. We have a plenty of tools in the
toolbox, from heavyweight S/MIME to lighter weight DKIM+VBR to
proprietary Goodmail, but among the mailers
Will be interesting to see if ISPs respond to a large scale thing like
this taking hold by blocking UDP/TCP 53 like many now do with tcp/25
(albeit for other reasons). Therein lies the problem with some of the
net neturality arguments .. there's a big difference between doing it
because it causes
;; ANSWER SECTION:
csuohio.edu.10800INMX10 antispam5.csuohio.edu.
csuohio.edu.10800INMX10 antispam4.csuohio.edu.
csuohio.edu.10800INMX10 antispam3.csuohio.edu.
csuohio.edu.10800INMX10 antispam2.csuohio.edu.
(and)
1) TOTAL ALLOCATED SPACE in CIDR format
Please include all information for the space you announce.
The total of Static and Dynamic space must equal the
Total Allocated Space.
2) DYNAMIC SPACE LIST - in CIDR format
3) STATIC SPACE LIST - in CIDR Format
[snip]
Which was, of
thing is that it's illegal to maintain a database with personal details
which ip addresses according to various german courts are (don't ask..
I've actually looked at some of the German decisions, and I didn't see
anything that would be a problem for DNSBLs
But if you're getting legal advice
ASPEWS is listing 216.83.32.0/20 as being associated with the whole
Atrivo incident of 2008. My memory does not recall 216.83.32.0/20 being
involved, nor the provider that belongs to.
Since nobody but the occasional highly vocal GWL uses ASPEWS, it's
hard to see why one would care, but if you
It's not legal for an ISP to modify computer data. Especially
digitally signed data. That's a criminal offense.
It is indeed illegal to break into someone's else's computer and
tamper with the data therein.
It is frankly ridiculous to try to apply that law to data in your own
equipment. If
of viruses. The
Dryden Police Services Board and the Corporation of the City of Dryden
accepts no liability for any damage caused by any virus transmitted by
this email.
Wow. I was thinking about answering the question, but now I don't dare.
Regards,
John Levine, jo...@iecc.com, Primary
That's nice for you, but some of us are stuck with a corporate policy
that requires us to use such disclaimers, or face disciplinary actions.
Not to seem unsympathetic or anything, but it's not my problem if your
management are idiots.
Sometimes when I get a message with particularly
As far as I can tell, locality domains with live registrars can
continue doing whatever we've been doing, and existing 4LDs from the
pre-Neustar days still work, but they are not delegating any more of
them. My ancient iecc.cambridge.ma.us still gets tons of spam (handy
for filter tuning), and
See my new blog entry:
World notices that Verisign said three months ago that they had a
security breach two years ago
http://jl.ly/2012/02/02#vrsnbreach
R's,
John
I'm seeing surprisingly slow responses from some of the IN-ADDR
servers, like 300ms or more. Are they being attacked by script
kiddies of something?
R's,
John
I checked the traffic graphs for the server we operate
(a.in-addr-servers.arpa) and it has normal traffic loads. Have not heard
of any report of issues with the other operators.
Actually, the A server is the only one that's responding quickly,
viewed from my DSL line hanging off gblx:
A 26ms
B
We operate B.* and we don't see anything unusual in our locations.
Seems to have been routing problems with C. The B server looks fine
from here, too. Thanks, all.
R's,
John
Nice. Basically, unless the TLD registrar has a public policy that basically
says
We don't allow names with cyrillic C to collide with MICROSOFT, their
hostnames
all get displayed as xn--gobbledygook.
More or less. ICANN has been wrestling with the lookalike character
issue in domain names
What is truly evil is non text/plain email.
Have we fallen through a time warp into 1996?
R's,
John
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
-check
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
In article pine.lnx.4.64.1202121919390.10...@a84-22-97-10.cb3rob.net you
write:
btw, i'm quite sure that -banks- of all things have the resources to just
take the transaction part for consumers -off their pcs- and simply send
them a dedicated device with an ethernet port to do the transactions
the cache would be a good idea, or capping TTL on the
DNSBLs, or other sorts of tricks?
Pointers are fine. TIA.
R's,
John
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
Almost everyone are basically just selling an activation with one of the SSL
certificate authorities.
I usually buy a RapidSSL (Verisign) certificate from
https://www.sslmatrix.com/ -- they seem to have some of the best
prices and the rapidssl enrollment process is very efficient (at least for
In article 20120216162108.ga11...@ussenterprise.ufp.org you write:
-=-=-=-=-=-
In a message written on Thu, Feb 16, 2012 at 12:57:25AM -0600, Jimmy Hess
wrote:
There is a risk that any CA issued SSL certificate signed by _any_ CA
may be worthless some time in the future, if the CA chosen is
I am in the last-moment phase of moving from Canada to the U.S. for a
one-year contract. Tomorrow I will be crossing at the Peace Bridge at
Niagara to apply for my TN visa.
And here I thought it was just West Virginia and Alabama that required their
own separate visas for furriners. ;)
Watch
In article 20120216215554.54d22...@m0005309.ppops.net you write:
Watch out or I'll tell you about the time I was busted at the Rainbow Bridge
for
undeclared photo albums.
Actually I lied, it was the Whirlpool bridge, an underappreciated
engineering marvel. Trains on the upper level, cars on the
In article 4f3e5d8d.60...@foobar.org you write:
So, anyone else get spammed by Telx after posting to nanog?
Yes.
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail. http://jl.ly
I got 29 NANOG Digest messages in the past 24 hours.
Where are those people who have time to complain about the noise on
this list? Did they all leave? Is anyone else willing to take up
the cause?
Maybe we've finally all learned how to make our mail programs sort the
mail.
R's,
John
I use these guys: http://www.cheapssls.com/
They sell Geotrust and Comodo certs for under $10/yr. The hassle
level is quite low. First you order a cert providing the usual
billing info, then you go to their web site, pick the order you just
paid for, go to a screen where you paste in your
Here's a copy of one I recently got:
http://spample.iecc.com/sqz/22977784
It was sent from hub027-nj-8.exch027.serverdata.net [206.225.167.252]
--
Regards,
John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies,
Please consider the environment before reading this e-mail
The value proposition is not spam: that works with unallocated space.
You may well be right that their plan is to fake out page rank, but
spammers also like address space that's been allocated for a long
time. Spreading spam around to try to sneak under the radar is so
common that it has a name,
do, but I don't think the primary driver is spam, because spam generates a
lower
income stream, and has higher risks of being RBL or otherwise blocked, and can
be
achieved quickly by use of unrouted space.
I think you overestimate how technically sophisticated snowshoers are.
I just don't see a
In article 95f7df59-052d-43ba-869f-289df915c...@arbor.net you write:
On Mar 10, 2012, at 7:02 PM, Robert E. Seastrom wrote:
there are four gtlds
Aren't there actually seven?
Including the new IDN TLDs, there are now 60.
R's,
John
aero. 172800 IN NS
I thought it should have died when pr0n and
w4rez took it over (in the late 90's)..
Many of the tech groups remain quite healthy. I still moderate
comp.compilers which gets about 100 posts/month.
Actually, it's fine with us that the ignorant masses think that
Seems perfectly reasonable to me. The NNTP protocol can be used for
lots of things and not just public newsgroup discussions. For a company
that has a lot of offices distributed around the world there could be
many applications for it.
Microsoft uses it for support of their semi-public product
dnslists = dialups.mail-abuse.org \
: rbl-plus.mail-abuse.org \
Are you paying Trend for access to these? If not, you're not getting
any answers from them and they're not blocking anything.
R's,
John
Are you paying Trend for access to these? If not, you're not getting
any answers from them and they're not blocking anything.
Do they return a canned answer that says don't block, or do you get
to wait for a DNS timeout?
Is there some reason you're asking random people rather than spending
Yes; of course if most of those accounts are moribund and unused then you
don't need
to change them so often, but the passwords you use frequently should be
changed at
regular intervals.
It's pretty commonsensical once the threat is understood.
Given that most compromised passwords these days
From someone who supplies an out-of-country drivers license, I'd request to
see their passport. From someone who supplies an out-of-state drivers
license, I'd probably accept it, but the risks there are somewhat reduced at
least.
OK, someone shows you a Quebec driver's license. You ask for a
So everybody who's ever not bothered SWIP'ing an IPv4 allocation is helping
the terrorists?
Yes, of course. Mindless, irrational reactions to overblown threats are
everyone's job.
R's,
John
PS: Why do you hate America?
BCP 38 would work. The problem is that many ISPs do not ingress filter,
so I
can use whatever unnallocated IPv6 space
(2F10:baba:ba30:e8cf:d06f:4881:973a:c68) to SPAM and then go invisible and use
another one (2E10:baba:ba30:e8cf:d06f:4881:973a:c68)
How do you plan to get the return
In article
ed78b1c68b84a14fa706d13a230d7b431954e...@its-mail01.campus.ad.csulb.edu you
write:
I'm not familiar with curl and don't understand what I type and what are
results. Are you suggesting that when
google refers to our website, we pick that up and redirect to couchtarts?
curl is a
I feel like I should be able to do something really nice with an
absurdly large address space. But lack of imagination or whatever.. I
haven't come up with anything that really appeals to me.
Use a fresh IP for every HTTP request, email message, and IM. Just think of how
well you can do error
In article CAArzuot9dGV8N0PBY4P2=u=n_a2t36y1kr6w4veeyr+jygs...@mail.gmail.com
you write:
Did your customer set up an MX for their domain pointing to postini
and then forward it to you?
obsmtp.com is Postini's outbound servers for customer mail.
In my experience, they gush spam, and Postini
1 - 100 of 668 matches
Mail list logo
