, and then
announcing those IPs only in the North American data centers where they're
buying server hosting?
--
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net
. (39)
20:54:54.116841 IP 209.208.121.135.36828 209.208.121.126.53: 15939+ A?
i.jstv.com. (28)
I hope they got a good deal on the IP space...and a better deal on their
buggy router.
--
Jon Lewis | I route
blocks we've assigned to multihomed
customers. The ACLs wouldn't be that long, or that hard to maintain. Is
this common practice?
--
Jon Lewis | I route
Senior Network Engineer | therefore you
are,
that would let you see if its the same sort of issue I was seeing or
something different.
--
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http
) it's being done by a defense contractor
C) regardless of what they install, somebody's got to manage it and be
managed by multiple layers of managers
D) other
Pick three or more answers.
--
Jon Lewis | I route
interface cards 15 years or more.
--
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
express
interest in your decission to stop over south of the border for a
couple of hours.
You be cool for twenty hours
And I'll pay you twenty grand.
That song just pop into anyone else's head?
--
Jon Lewis, MCP :) | I
. and are an attractive
enough target that it made sense to code a bot to automate utilizing your
webmail interface). Bots being used as proxies seems far more likely to
me for the general case of bots spamming through an ISP's webmail.
--
Jon
the request was bogus and was
really just showing it to me out of humor.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis
of SWIPs in order to go to ARIN and request as big a block of ipv4
as they could get with the intent to chop it up and resell it in pieces as
soon as ARIN runs out of IPs to satisfy normal requests.
--
Jon Lewis, MCP
shutting their port.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
?
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
,
requiring either an attenuator or long service loop. The orientation of
the T1 cable connectors on the backs of the Widebank28 and Adtrans differ,
making swapping one for the other post-deployment a royal PITA.
--
Jon Lewis
it)
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
and unauthorized use of a computer network.
Are these companies not making enough in monthly subscriptions to afford
Akamai or similar CDN services to distribute their software updates?
--
Jon Lewis, MCP :) | I route
Senior
.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
either have to upgrade the NPE board to one that can
hold 512MB or more or give up full routes. And with the widebank28 muxes,
you just have to replace the mux controller cards every few years as they
tend to burn out.
--
Jon
something like fail2ban to stop the SIP scanners from eventually gaining
access.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org
for this.
However, SIP scanning and brute forcing has become really common, so it's
about as likely that a phone system has been compromised as someone is
forging callerID to one of its numbers.
--
Jon Lewis, MCP :) | I route
and all copies.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
not announce at peerings to AS XXX
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
?
You can telnet into it and watch the sessions come up, the memory run out,
and the sessions reset.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net
On Mon, 11 Oct 2010, Jon Lewis wrote:
Guess what happens when you run a 7206VXR (NPE300) as a route server with 3
full feeds? It took me a minute to figure out why my routes that TWTelecom
isn't supposed to see were showing up on route-server.twtelecom.net, but were
seemingly randomly
?
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
On Thu, 11 Nov 2010 valdis.kletni...@vt.edu wrote:
On Wed, 10 Nov 2010 21:35:50 EST, Jon Lewis said:
anywhere near that long. Worst case, someone is silly with their number
of prepends, we don't see their route. I can't say how long I've been
doing this...it predates our rancid setup, which
...but can't take it via TWT?..I'll send it
to you over Level3. At least that path works.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http
bandwidth is lopsided the other direction,
the big eyes networks are saying we should pay them to deliver the
traffic their customers request.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore
is fixed such that people can actually create a username in
order to sign up?
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org
an order of magnitude
higher than people are actually paying?
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp
.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
if they stopped those zombies from
sendig spam, participating in DDoS's, etc. After all, that's outgoing
traffic, and the less they send, the worse the ratio gets for networks
sending data to Comcast.
--
Jon Lewis, MCP
etc. unless they can hop on with the streaming
providers or make that move themselves.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http
sufficient motivation.
www.altdb.net is reachable, but the whois server is not. Even altdb
queries run from http://www.altdb.net/ fail.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you
not doing RPKI, but not implement RPKI, because we
haven't worked out all the details on how it'll be done. As it is,
rr.arin.net is pretty much worthless.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer
On Sun, 9 Jan 2011, John Curran wrote:
Should IRR services be part of the ARIN mission?
If that's a serious question, why does rr.arin.net exist at all?
--
Jon Lewis, MCP :) | I route
Senior Network Engineer
.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
get that much form submission
spam on the suggestion form (with the captcha)? My suggestion ID is
2011.1...so I'm guessing this isn't a heavily used form :)
--
Jon Lewis, MCP :) | I route
Senior Network Engineer
, especially if the cross connect is going into routers smart
enough to remove a route from the table if the destination interface is
down, static would do just fine.
--
Jon Lewis, MCP :) | I route
Senior Network
On Thu, 13 Jan 2011, Adrian Chadd wrote:
On Wed, Jan 12, 2011, Jon Lewis wrote:
On Wed, 12 Jan 2011, Jared Mauch wrote:
I suggest using one of the reserved/private BGP asns for this purpose.
ASNumber: 64512 - 65535
It sounds to me like Company B isn't doing BGP (probably has
the Masters of the Universe conference.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
backend,
it's trivial to have a script do some SQL updates as often as you need to
change the content and change_date of the records you're using for the DNS
based load balancing.
--
Jon Lewis, MCP :) | I route
Senior
185/8 RIPE NCC 2011-02whois.ripe.netALLOCATED
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp
don't want it to happen, or that it
shouldn't be allowed - but I'm a realist.
Be a realist. A private market in IPv4 leasing is inevitable. The RIRs
won't/can't prevent it.
--
Jon Lewis, MCP :) | I route
Senior
, everything works...including the traffic you didn't want.
People are going to want NAT66...and not providing it may slow down IPv6
adoption.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore
On Thu, 3 Feb 2011, Patrick W. Gilmore wrote:
On Feb 3, 2011, at 10:11 AM, Jon Lewis wrote:
The real fun's going to be over the next several years as the RIR's
become irrelevant in the acquisition of scarce IPv4 resources...and
things become less stable as lots of orgs rush to implement
On Thu, 3 Feb 2011, Iljitsch van Beijnum wrote:
On 3 feb 2011, at 17:16, Jon Lewis wrote:
When someone breaks or shuts off that filter, traffic through the NAPT firewall
stops working. On the stateful firewall with public IPs on both sides,
everything works...including the traffic you
On Thu, 3 Feb 2011, John Curran wrote:
On Feb 3, 2011, at 11:32 AM, Jon Lewis wrote:
My point being, the leasing of IP space to non-connectivity customers is
already well established, whether it's technically permitted by the
[ir]relevant RIRs. I fully expect this to continue and spread
assignments?
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
) of the space, I wouldn't worry about utilizing
out of region numbering resources.
This sort of thing probably happens quite a bit more than you'd
guess...both legitmately and not.
--
Jon Lewis, MCP :) | I route
popular tools I've yet to come across.
What's wrong with GNUplot? I used it to do graphing of dialup server port
utilization in some CGI I did back in the mid 90s.
--
Jon Lewis, MCP :) | I route
Senior Network
.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
year?
http://www.youtube.com/watch?v=jTmXHvGZiSY
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public
- Circle Internet LTD) [last
seen on 2011-02-11 23:31:20 UTC].
Hijacked unallocated space?
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http
) 212992 263 1%
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
demands more.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
service and
OpenVPN for my static addressing.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public
being DDoS'd on udp/53 at the same
time? thing, I've seen, and I can imagine it being very confusing to
someone seeing it for the first time.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore
--
-george william herbert
george.herb...@gmail.com
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP
).
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
to resolve
double-NAT'ing issues in the latency?
That's a different sort of latency, and from what I've heard, it's often
measured in days rather than fractional seconds.
--
Jon Lewis, MCP :) | I route
Senior
On Oct 8, 2012, at 5:20 AM, Jon Sands fohdee...@gmail.com wrote:
On 10/7/2012 9:22 PM, Jon Lewis wrote:
has anyone else noticed ATT mobile is blocking ssh (outgoing 22/tcp)
connections?
Not here, have an SSH session open on my phone on port 22 as we speak. I'm on
an android on ATT's 3G
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
mobiles, de livebox ou de connexions WIFI
partagées (au moins pour la seconde) ?
Merci d'avance,
--
J
--
Pierre-Yves Maunier
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you
/coating has to be removed in small steps or the fiber breaks :(
First, I wonder if anyone knows why this is? Second, I wonder if a
thermal stripper would help and is preferable to a strictly mechanical
stripper?
--
Jon Lewis
probably introduce the same problem/effect.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public
with the
kernel's TCP socket handling.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
]. If you look at the
whois, it looks more like domain tasters have taken it over after its
registration lapsed.
Anyone using it for blocking is resolving all IPs (via a wildcard A
record) to 141.8.225.13.
--
Jon Lewis, MCP
not send mail have PTRs or not. I would not expect anyone to
block my /24 for lack of PTRs on non-mail-sending hosts.
If they're not mail servers, how is the DNSBL listing impacting them
(assuming anyone even uses spamrats)?
--
Jon
. Network Engineer*
kenneth.mc...@dreamhost.com
Ph: 323-375-3814
www.dreamhost.com
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http
returned to normal numbers by about 4:35am.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public
on both networks and IP forwarding
enabled. In our setups, we've used IPoIB, but with 1918 addresses and not
routed beyond the IB network.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you
circuit
Even your leased lines can have packets copied off or injected into them,
apparently so easily it can be done by accident.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you
.
--
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
.
--
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
appreciate the idea of a
belt and suspenders.
It's time for people to stop passing the buck on BCP38 (we don't do it,
because it really ought to be done at that other level) and start
implementing it where possible.
--
Jon Lewis
--
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
on.
On Sun, 31 Mar 2013, Jon Lewis wrote:
They should updated their autoconf. It fails on modern 64-bit Linux.
On Sun, 31 Mar 2013, Paul Ferguson wrote:
You mean like this? :-)
http://spoofer.csail.mit.edu/
- ferg
On Sun, Mar 31, 2013 at 7:48 AM, Jay Ashworth j...@baylink.com wrote
to
blackhole the IP rather than reject the advertisement for an entire CIDR.
--
Jon Lewis, MCP :) | I route
| therefore you are
_ http://www.lewis.org/~jlewis/pgp for PGP public
), 13214 6364 (no), and 6364 13214
(not right either).
I'm also not seeing any unusual reduction of input traffic.
--
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net
you from offering transit to them
by announcing routes received from your other provider. Still, it's
better to get your config done right than rely on your providers to ignore
what you shouldn't be advertising.
--
Jon Lewis
imagine it's the same for iBGP.
--
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
1GB of RAM. That ought to be plenty for the next few
years.
--
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp
.
--
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
chicken fight which
causes you to lose reachability to some portion of the net.
As Randy might say, I encourage my competitors to design their network
that way.
--
Jon Lewis | I route
Senior Network Engineer
(NOT a Dial Up list!)
Donations won't help you there.
Shouldn't someone have tried steering this thread over to spam-l or
someplace other than nanog a day or two ago?
--
Jon Lewis | I route
Senior Network
= bandwidth. It
makes the numbers more impressive.
We've been using 6509s as BGP routers for years and they've generaly been
rock stable.
--
Jon Lewis | I route
Senior Network Engineer | therefore you
) and sent them traffic for those
destinations, you wouldn't get there. Getting the list of null routed
space from above.net was not trivial.
--
Jon Lewis | I route
Senior Network Engineer | therefore you
content.
Whatever happened to My network, my rules? If ATT blocks something,
and as an ATT customer, you don't like it, get your connectivity from
someone else.
--
Jon Lewis | I route
Senior Network
.
If you really want Sprint to not use your 3MB circuit unless the Verizon
one is down, have a look at https://www.sprint.net/index.php?p=policy_bgp
You probably want to lower their localpref for your routes.
--
Jon Lewis
.inet.qwest.net.
Rerouting the traffic to avoid AS209 solved the problem...but perhaps we
can get the real problem found fixed?
--
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net
devices (routers, switches, etc.) and know you'll never
have more than say 50-100 devices, why not go as far as using a /120?
--
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net
completed.
--
Jon Lewis | I route
Senior Network Engineer | therefore you are
Atlantic Net|
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
of
the networks doing the blocking likely don't participate in any forum
where the RIRs will be reach people who care and can do something.
--
Jon Lewis | I route
Senior Network Engineer | therefore you
after the blocking
was initiated is a pretty clear sign that the space has actually changed
hands, and seems like it would be fairly difficult (if at all possible) to
game.
--
Jon Lewis | I route
Senior
the headache of
being assigned blacklisted IPs. Until your next customer starts using the
space and can't send us email, you have no way of knowing that we null
routed the subnet on our MX cluster.
--
Jon Lewis
!
On Thu, Sep 17, 2009 at 5:59 PM, Marshall Eubanks t...@americafree.tvwrote:
Or until someone pulls out the wrong cable (which has happened to me).
Regards
Marshall
~Seth
--
Jon Lewis | I route
1 - 100 of 443 matches
Mail list logo
