On Thu, May 27, 2010 at 09:16:35AM -1000,
Antonio Querubin t...@lava.net wrote
a message of 10 lines which said:
Anyone seeing trouble resolving some .mil hostnames consistently today?
Yes, most DNS servers of .MIL are unresponsive:
% check_soa mil
There was no response from EUR2.NIPR.mil
On Sun, Jul 25, 2010 at 08:24:27PM +0300,
Tarig Yassin tariq198...@hotmail.com wrote
a message of 27 lines which said:
For example when users from Sudan trying to access some web site
they will get a *Forbidden Access Error* message.
And some messages say: you are forbidden to access this
On Wed, Nov 17, 2010 at 12:13:39PM +0530,
Suresh Ramasubramanian ops.li...@gmail.com wrote
a message of 17 lines which said:
Man in the middle rewriting of DNS query responses is the only thing I
can think of.
And it's easy to detect since the rewriter tells the truth about its
own name.
On Fri, Dec 03, 2010 at 12:52:29AM -0500,
Ken Chase k...@sizone.org wrote
a message of 24 lines which said:
Anyone have records of what wikileaks (RR, i assume) A record was?
91.121.133.41
46.59.1.2
Translated into an URL, the first one does not work (virtual hosting,
may be) but the
On Fri, Dec 03, 2010 at 08:27:57AM -0600,
Dan White dwh...@olp.net wrote
a message of 28 lines which said:
Their A records on Sunday were:
(No longer working.)
Several people are keeping track of working IP addresses and avertise
them in the DNS (wikileaks.something.example). Other have
On Tue, Jan 04, 2011 at 04:38:19AM -0800,
Akmal Shahbaz akmal_shah...@yahoo.com wrote
a message of 443 lines which said:
I am looking for example routing policies when any AS receiving BGP
advertisement changes Origin AS in BGP AS set attribute to remove
the received AS number and puts its
On Tue, Jan 04, 2011 at 08:22:35AM -0800,
Akmal Shahbaz akmal_shah...@yahoo.com wrote
a message of 44 lines which said:
When the old origin AS was a private one?
NO.Even when old origin AS is not private one.
You misunderstood me. I replied to your query When is it legitimate
to change an
On Tue, Jan 11, 2011 at 05:50:09AM -0500,
Marshall Eubanks t...@americafree.tv wrote
a message of 10 lines which said:
Can anyone confirm that there is blockage ?
There exists filtering for a long time and it is widely documented. I
am not aware of a global blockage today.
Are there any
On Wed, Feb 02, 2011 at 06:23:39AM -0500,
Jim Cowie co...@renesys.com wrote
a message of 29 lines which said:
Yes, confirmed from 09:29 UTC. Basically all major providers are
back, full status quo ante (modulo reagg), major sites are up.
EUN (the academic network, which includes the
On Wed, Feb 02, 2011 at 12:30:45PM +0100,
Stephane Bortzmeyer bortzme...@nic.fr wrote
a message of 10 lines which said:
EUN (the academic network, which includes the primary name server for
.EG) is still unreachable (1130 UTC).
It works now (1137 UTC). BGP was a bit slow.
On Mon, Nov 05, 2012 at 09:14:54AM +0100,
Henri Wahl h.w...@ifw-dresden.de wrote
a message of 155 lines which said:
- identifies clients by MAC address, DUID or hostname
Excellent, identification by MAC address was often requested. Thanks
for this software.
like other people we had the
On Tue, Nov 06, 2012 at 05:38:32AM -0800,
Owen DeLong o...@delong.com wrote
a message of 68 lines which said:
If you're on local subnet, why not pull the MAC address out of the
received packet?
Because it requires access to raw sockets, which should not be
necessary for DHCP?
On Thu, Jan 31, 2013 at 11:23:11AM +0330,
Shahab Vahabzadeh sh.vahabza...@gmail.com wrote
a message of 55 lines which said:
Those ip addresses I send were only sample, its 5 page :D and not
only those addresses.
Because the attacker attacks when they have a new opponent. They DoS
it long
On Wed, Feb 06, 2013 at 01:04:40PM +0200,
JP Viljoen froztb...@froztbyte.net wrote
a message of 10 lines which said:
the general guess I saw was that it was Juniper-related.
Juniper Technical Bulletin PSN-2013-01-823, probably?
On Mon, Mar 04, 2013 at 09:43:05PM +,
Bacon Zombie baconzom...@gmail.com wrote
a message of 71 lines which said:
But there is a lot of debate on Reddit that they are not really in
North Korea and just doing some BGP trickery:
And ICMP trickery, to send false ICMP replies (with a delay)
On Tue, May 05, 2009 at 09:41:41AM +0200,
Chris Meidinger cmeidin...@sendmail.com wrote
a message of 17 lines which said:
I think the real question here is why does schroedingers.cat not
resolve,
That's because .cat has IDN and therefore it should be
schrödingers.cat
On Tue, Jul 28, 2009 at 11:50:02AM +0100,
Russell Heilling chew...@s8n.net wrote
a message of 75 lines which said:
No. monitors: 1
That's why it's good to use BGP alarm systems with a peer threshold. I
recommend BGPmon http://bgpmon.net/ (today, I run it with a peer
thershold
On Tue, Jul 28, 2009 at 11:50:02AM +0100,
Russell Heilling chew...@s8n.net wrote
a message of 75 lines which said:
I guess ROBTEX didn't implement ingress filters after the last
episode...
It *seems* (I do not know them in detail) that Robtex
http://www.robtex.com/, AS 48285, is dedicated
On Tue, Jul 28, 2009 at 11:50:02AM +0100,
Russell Heilling chew...@s8n.net wrote
a message of 75 lines which said:
I guess ROBTEX didn't implement ingress filters after the last
episode...
I simply asked them and they told me that DCP (AS 13214) is simply
their transit provider so they
On Mon, Oct 12, 2009 at 09:38:10PM +0100,
Ben White b...@cuckoo.org wrote
a message of 4 lines which said:
Does anyone else also see trouble reaching .se domains at the moment?
It fails for me through an Unbound resolver but works with a BIND
one. Certainly a DNSSEC glitch but I did not find
On Tue, Oct 13, 2009 at 12:23:46AM +0200,
Hauke Lampe list+na...@hauke-lampe.de wrote
a message of 53 lines which said:
Even after a cache reload, the SOA record appears still bogus:
Yes, even after a cold reboot, the data did not validate. But, this
time, the problem was purely DNSSEC and
On Mon, Nov 09, 2009 at 06:15:09PM -0500,
David Ulevitch dav...@everydns.net wrote
a message of 18 lines which said:
When the conficker worms phones home to one of the 50,000 potential
domains names it computes each day, there are a lot of IT folks out
there that wish their local resolver
% whois -h whois.ripe.net AS1712
aut-num:AS1712
as-name:FR-RENATER-ENST
descr: Ecole Nationale Superieure des Telecommunications,
descr: Paris, France.
descr: FR
% whois -h whois.arin.net AS1712
OrgName:Twilight Communications
City:
On Mon, Nov 23, 2009 at 10:13:58AM -0500,
Jeffrey Lyon jeffrey.l...@blacklotus.net wrote
a message of 42 lines which said:
Looks like FR-RENATER-ENST is in the wrong:
You mean RIPE-NCC is wrong? Because this AS is used by ENST for many
years and is registered in the RIPE database...
On Mon, Nov 23, 2009 at 05:29:59PM +0100,
Benjamin BILLON bbillon...@splio.fr wrote
a message of 36 lines which said:
The RENATER I'm peering with is AS2200.
The AS number was allocated (ten years ago, as noticed by Frédéric)
through the LIR Renater to the customer ENST (now Télécom Paris
On Mon, Nov 23, 2009 at 11:06:31AM -0500,
Larry Blunk l...@merit.edu wrote
a message of 29 lines which said:
it appears that AS1708-AS1726 were missed and have subsequently been
reallocated by ARIN (between Aug 18 and Aug 21, 2009)
Now, interesting question: what can we do to solve the
On Mon, Nov 23, 2009 at 07:42:34PM -0500,
Durand, Alain alain_dur...@cable.comcast.com wrote
a message of 14 lines which said:
The whole value of the RIR is to guarantee this uniqueness. This
problem should not have happened.
Indeed. It is a big blunder from the RIR system. I have reported
On Mon, Nov 23, 2009 at 08:25:33PM -0500,
Jon Lewis jle...@lewis.org wrote
a message of 44 lines which said:
Is it too much to ask that the RIRs query each other's whois servers
for an ASN before assigning that ASN?...
Yes, very good idea. And to check the BGP public routing table also
On Tue, Nov 24, 2009 at 07:54:08PM -0800,
Joe Abley jab...@hopcount.ca wrote
a message of 13 lines which said:
Are you suggesting that I should be able to block the assignment of
particular ASNs by simply including them in an AS_PATH attribute on
a route I originate, and making sure that
On Sun, Oct 02, 2011 at 05:40:23PM +,
Janne Snabb sn...@epipe.com wrote
a message of 32 lines which said:
I happened to notice the following at three separate sites around
the US and one site in Europe:
Good analysis at http://bgpmon.net/blog/?p=540
On Sun, Oct 02, 2011 at 04:06:44PM -0700,
Leo Bicknell bickn...@ufp.org wrote
a message of 107 lines which said:
We have found networks where a query sent to F-Root never reaches an
ISC run server.
For details on such behavior, i highly recommend the excellent paper
Identifying and
On Sun, Oct 02, 2011 at 05:40:23PM +,
Janne Snabb sn...@epipe.com wrote
a message of 32 lines which said:
$ dig +short +norec @F.ROOT-SERVERS.NET HOSTNAME.BIND CHAOS TXT
pek2a.f.root-servers.org
The next time, I suggest to also run data queries such as A
www.facebook.com or A
On Mon, Nov 07, 2011 at 10:00:34AM -0500,
Todd Snyder t...@borked.ca wrote
a message of 12 lines which said:
We seem to be having some problems with our tata links
They probably use Juniper routers :-)
On Mon, Nov 07, 2011 at 08:37:55PM -0700,
brian nikell nickell...@gmail.com wrote
a message of 38 lines which said:
Actually, Juniper does disclose code bugs. Though not always to the
public at first, importantly to Juniper customers. Juniper had
advised all of their customers last August
On Tue, Dec 13, 2011 at 06:12:34PM -0800,
Peter Eckersley p...@eff.org wrote
a message of 86 lines which said:
To date, the leading role the US has played in this infrastructure
has been fairly uncontroversial [sic and re-sic] because America
is seen as a trustworthy arbiter and a
fr $(dig +short NS fr.)
#
# From: Joe Abley jab...@isc.org
# Modified-by: Stephane Bortzmeyer bortzme...@nic.fr
# Settings
max=1
verbose=0
# Some Unices like NetBSD are crazy enough to ship a dinosaurian
# version of getopt, which cannot handle arguments with spaces! So, we
# have a lot of work
On Wed, Feb 15, 2012 at 10:36:32PM +,
George Bakos gba...@alpinista.org wrote
a message of 13 lines which said:
As I hadn't seen it discussed here, I'll have to assume that many
NANOGers haven't seen the latest rant from Anonymous:
There's nothing proving that it comes from the
On Wed, Feb 15, 2012 at 04:40:47PM -0600,
Grant Ridder shortdudey...@gmail.com wrote
a message of 23 lines which said:
If i remember right, another group tried to take down the root
servers within the past 5 or 6 years and only took out around 20 or
25.
No need to remember, Wikipedia does
On Sat, Mar 31, 2012 at 05:05:46AM -0400,
Marshall Eubanks marshall.euba...@gmail.com wrote
a message of 17 lines which said:
Anyone seen signs of this attack actually occurring ?
For serious information about this issue, see:
On Sun, Apr 01, 2012 at 11:23:31PM +0800,
Che-Hoo CHENG chch...@ieee.org wrote
a message of 9 lines which said:
http://dnsmon.ripe.net/dns-servmon/server/plot?server=b.root-servers.net;type=drops;tstart=1333166400;tstop=1333252799;af=ipv4
There were quite a few unanswered queries from
On Wed, Apr 04, 2012 at 10:26:11PM +0200,
Marco Davids (Prive) mdav...@forfun.net wrote
a message of 8 lines which said:
Something seems wrong with the DNS of 'tools.ietf.org'.
Can you be more specific? It works for me except that one name server
does not actually exist (but it does not
On Wed, Apr 04, 2012 at 10:35:34PM +0200,
Marco Davids (Prive) mdav...@forfun.net wrote
a message of 15 lines which said:
And what about this:
But two name servers, gamay and shiraz still work. So the domain
works, so you can email the hostmaster :-)
On Sat, Apr 28, 2012 at 03:04:07AM -0700,
Randy Bush ra...@psg.com wrote
a message of 9 lines which said:
draft-bates-bgp4-nlri-orig-verif-00.txt was '98
and we dropped it for good reasons
Unfortunately, we have RFCs for good ideas but bad ideas never get
documented by the IETF (one of
On Sat, Apr 28, 2012 at 12:34:52PM +0200,
Alex Band al...@ripe.net wrote
a message of 41 lines which said:
In reality, since the RIRs launched an RPKI production service on 1
Jan 2011, adoption has been incredibly good (for example compared to
IPv6 and DNSSEC). More than 1500 ISPs and large
On Fri, Apr 27, 2012 at 11:41:57PM -0400,
valdis.kletni...@vt.edu valdis.kletni...@vt.edu wrote
a message of 33 lines which said:
I have a security incident to report and need to make contact with
a senior level contact responsible for spamcop/ironport
immediately.
And you need a
On Sat, Apr 28, 2012 at 01:17:10PM +0300,
Saku Ytti s...@ytti.fi wrote
a message of 27 lines which said:
I think ROVER is better solution, doesn't need any changes to BGP
just little software magic when accepting routes.
I like Rover but RPKI+ROA does not change BGP either (it will be a
On Sun, Apr 29, 2012 at 11:28:58AM -0400,
Jennifer Rexford j...@cs.princeton.edu wrote
a message of 37 lines which said:
How does this interact with the presence of certificates for
supernets, though? That is, suppose an ISP creates a legitimate ROA
for 12.0.0.0/8, after ensuring that all
On Mon, Apr 30, 2012 at 09:41:51AM -0400,
Russ White ru...@riw.us wrote
a message of 60 lines which said:
Neither a DNS based solution nor the RPKI will resolve path attacks,
I want to be sure of the terminology: what is deployed presently is
the bundle RPKI+ROA. As their name say, ROA can
On Wed, May 23, 2012 at 03:10:38PM +0300,
Frank Habicht ge...@geier.ne.tz wrote
a message of 13 lines which said:
Is there anywhere a page where one can type an ASN or a CIDR block
and then the whois contacts get a list of IPs that still contact the
unintended servers?
See
On Tue, May 29, 2012 at 12:21:10AM +0530,
Anurag Bhatia m...@anuragbhatia.com wrote
a message of 28 lines which said:
I know few registry/registrars which do not accept both (or all)
name servers of domain name on same subnet.
Since my employer is one of these registries, let me mention
On Mon, May 28, 2012 at 10:01:59PM +,
paul vixie vi...@isc.org wrote
a message of 37 lines which said:
i can tell more than that. rover is a system that only works at all
when everything everywhere is working well, and when changes always
come in perfect time-order,
Exactly like
On Mon, May 28, 2012 at 08:59:28PM +,
Paul Vixie vi...@isc.org wrote
a message of 43 lines which said:
ROVER expects that we will query for policy at the instant of
need. that's nuts for a lot of reasons, one of which is its
potentially and unmanageably circular dependency on the
On Mon, May 28, 2012 at 06:56:29PM -0500,
Brett Frankenberger rbf+na...@panix.com wrote
a message of 15 lines which said:
How does your employer know if two nameservers (two IP addresses) are
on the same subnet?
The current heuristic for IPv4 is belongs in the same /28 (and /64
for IPv6).
On Fri, Jun 08, 2012 at 03:09:04PM -0400,
Joe Maimon jmai...@ttec.com wrote
a message of 7 lines which said:
Is there any publicly available rate limiting for BIND?
Not as far as I know. I'm not sure it would be a good idea. BIND is
feature-rich enough.
How about host-based IDS that can
On Fri, Jun 08, 2012 at 12:56:23PM -0700,
Owen DeLong o...@delong.com wrote
a message of 28 lines which said:
IPv6 should be a simple matter of putting the same line in your
ip6tables file.
My experience with attack mitigation is that tools do not always work
as advertised and sometimes do
On Wed, Jun 27, 2012 at 03:53:17AM +,
Matthew Black matthew.bl...@csulb.edu wrote
a message of 18 lines which said:
We believe the DNS servers used by Google's crawler have been poisoned.
[After reading the whole thread and discovering that Google was indeed
right.]
What made you think
On Mon, Sep 17, 2012 at 10:23:43AM -0300,
Takashi Tome taka...@cpqd.com.br wrote
a message of 8 lines which said:
Does anyone knows whether GoDaddy is having problems again?
Post *details*! dig, traceroute, etc
Unlike the last outage, their name servers appear to work fine.
On Thu, Sep 27, 2012 at 11:23:34AM +0200,
Eugen Leitl eu...@leitl.org wrote
a message of 5 lines which said:
the official Internet
I wasn't aware there is an official Internet. Where is it?
On Thu, Sep 27, 2012 at 08:55:58AM -0600,
Miguel Mata mm...@intercom.com.sv wrote
a message of 30 lines which said:
Guys,
No gals on NANOG?
The attacks comes from various sites from the other side of the pond
(46.165.197.xx, 213.152.180.yy).
How can you be sure? With UDP, you have zero
On Thu, Sep 27, 2012 at 12:12:50PM -0400,
Patrick W. Gilmore patr...@ianai.net wrote
a message of 32 lines which said:
I do not know of any name servers that reply to queries with UDP
packets filled with only the letter X. The DNS Headers alone
require more than the letter X.
Yes, you're
On Fri, Dec 12, 2008 at 01:13:59PM -0600,
Frank Bulk frnk...@iname.com wrote
a message of 52 lines which said:
Is there an easy way to get past history on an IP block? Most sites
will show you aspects of that *now*
Indeed, down for me too, from France:
% telnet mail.google.com http
Trying 72.14.221.19...
Connected to googlemail.l.google.com.
Escape character is '^]'.
GET / HTTP/1.0
Host: mail.google.com
[Nothing]
On Wed, Aug 08, 2007 at 03:20:56PM -0700,
william(at)elan.net [EMAIL PROTECTED] wrote
a message of 23 lines which said:
How is that an anti DoS technique when you actually need to return
an answer via UDP in order to force next request via TCP?
Because there is no amplification: the UDP
On Tue, Apr 22, 2008 at 02:02:21PM +0100,
[EMAIL PROTECTED] [EMAIL PROTECTED] wrote
a message of 46 lines which said:
This is where all the algorithmic tinkering of the P2P software
cannot solve the problem. You need a way to insert non-technical
information about the network into the
On Fri, May 02, 2008 at 01:12:52PM -0700,
Mike Lyon [EMAIL PROTECTED] wrote
a message of 15 lines which said:
So I want to mimic some latency in a test network for DB replication.
I am wondering what other's have used for this? Obviously, the best
way to would be to actually have one box
On Wed, Jun 18, 2008 at 10:52:38AM -0400,
Joe Abley [EMAIL PROTECTED] wrote
a message of 41 lines which said:
The behaviour I have observed with BitTorrent is that clients are
handed a relatively short list of potential peers by the tracker,
and it's quite common for sensible, close, local
On Thu, Jun 26, 2008 at 11:53:06PM +0200,
Jeroen Massar [EMAIL PROTECTED] wrote
a message of 49 lines which said:
not even thinking of all the nice security issues which come along
(home, mycomputer and .exe etc anyone ?
This requires serious elaboration. How could you use a domain in
.exe
On Thu, Jun 26, 2008 at 10:37:34PM -0500,
Frank Bulk - iNAME [EMAIL PROTECTED] wrote
a message of 37 lines which said:
...which is why it might be a strategy to blacklist all new TLDs (if
this proposal gets through) and whitelist just .com, .net, etc.
Interesting. I do not know if this
On Fri, Jun 27, 2008 at 01:32:05PM -0700,
Roger Marquis [EMAIL PROTECTED] wrote
a message of 22 lines which said:
Security-aware programmers will now be unable to apply even cursory
tests for domain name validity.
I am very curious of what tests a security-aware programmer can do,
based on
On Fri, Jun 27, 2008 at 10:24:48AM -0700,
Scott Francis [EMAIL PROTECTED] wrote
a message of 32 lines which said:
what problem is ICANN trying to solve with this
proposal? What about the current system that's broken, does this new
system fix?
ICANN is simply responding to demand. Some
On Sat, Jun 28, 2008 at 06:19:19PM -0400,
Jean-François Mezei [EMAIL PROTECTED] wrote
a message of 47 lines which said:
I think that IANA should have long ago become quite strict with
domain name registrations. .COM should have been only to companies
operating worldwide.
Wow, .fr, like
[Wow, operational content!]
On Sat, Jun 28, 2008 at 05:25:16PM -0500,
Chris Owen [EMAIL PROTECTED] wrote
a message of 53 lines which said:
At some point what is the difference between putting the mail into a
spam folder and sending them to /dev/null?
To me, there is a huge difference. I
On Sun, Jun 29, 2008 at 02:45:55PM -0700,
Roger Marquis [EMAIL PROTECTED] wrote
a message of 31 lines which said:
The difference between '[a-z0-9\-\.]*\.[a-z]{2-5}'
If this is a regexp for the current root zone, it is
wrong... (.museum and the test IDNs, whose punycode encoding
contains
On Sun, Jun 29, 2008 at 03:30:15PM -0500,
Frank Bulk - iNAME [EMAIL PROTECTED] wrote
a message of 35 lines which said:
Because if you do anything, even as basic as RBLs, you're not being
consistent with your stance.
The typical use of RBLs is to reject email at the SMTP level, when it
On Sat, Jul 05, 2008 at 05:45:26PM -0700,
Paul Bertain [EMAIL PROTECTED] wrote
a message of 41 lines which said:
For incrementing your zone's serial number, I usually include zsu
Do you work for the Russian army
http://en.wikipedia.org/wiki/ZSU-57-2, which seems to win the Google
race for
On Wed, Aug 27, 2008 at 02:27:24PM +0200,
Iljitsch van Beijnum [EMAIL PROTECTED] wrote
a message of 14 lines which said:
Easiest way.
$ ping 1089055123
PING 1089055123 (64.233.169.147): 56 data bytes
It relies on an undocumented feature (it is not in RFC 791, nor in
getaddrinfo() manual)
I have no information about the state of the Internet links in Haiti
(everything seems down) but, for the .HT top-level domain, here are a
few news.
.HT has six name servers, four outside of the country. They were not
affected so .HT never had a problem resolving. Main DNS lesson: always
put name
On Fri, Jan 22, 2010 at 08:54:37AM -0500,
William Allen Simpson william.allen.simp...@gmail.com wrote
a message of 20 lines which said:
I agree that 1/8 was probably about the *last* that should have been
allocated. It's particularly frustrating that they made two
assignments at the same
On Fri, Jan 22, 2010 at 10:16:12AM -0500,
William Allen Simpson william.allen.simp...@gmail.com wrote
a message of 17 lines which said:
http://blog.icann.org/2009/09/selecting-which-8-to-allocate-to-an-rir/
Because relying on a blog post for policy
I'm fairly certain that it is because
On Wed, Feb 03, 2010 at 04:49:00PM +0100,
Mirjam Kuehne m...@ripe.net wrote
a message of 15 lines which said:
After 1/8 was allocated to APNIC last week, the RIPE NCC did some
measurements to find out how polluted this block really is.
See some surprising results on RIPE Labs:
On Sun, Feb 14, 2010 at 12:43:12PM -0600,
John Palmer (NANOG Acct) nan...@adns.net wrote
a message of 42 lines which said:
A more useful resolver is ASLAN [199.5.157.128] which is an
inclusive namespace resolver which shows users a complete map of the
internet,
There are many crooks which
On Mon, Feb 15, 2010 at 10:22:17AM +0100,
Michelle Sullivan matt...@sorbs.net wrote
a message of 185 lines which said:
213.in-addr.arpa. 86400 IN NS NS-PRI.RIPE.NET.
213.in-addr.arpa. 86400 IN NS NS3.NIC.FR.
213.in-addr.arpa. 86400 IN NS
On Mon, Feb 15, 2010 at 01:40:31PM +0100,
Michelle Sullivan matt...@sorbs.net wrote
a message of 298 lines which said:
miche...@enigma:~$ dig +bufsize=4096 -x 81.255.164.225 @NS3.NIC.FR
Bad test: the response is too small to exercice real size
problems. Try adding +dnssec to the dig
On Mon, Feb 15, 2010 at 08:30:43PM +0800,
Wilkinson, Alex alex.wilkin...@dsto.defence.gov.au wrote
a message of 14 lines which said:
Curious, why did you modify 'bufsize' ?
To test response size issues, probably. Broken middleboxes are the
scourge of the Internet.
On Mon, Feb 15, 2010 at 01:12:55PM +0100,
Mark Scholten m...@streamservice.nl wrote
a message of 36 lines which said:
Solution: stop using DNSSEC or checking for DNSSEC.
In 2010, it is a bit backward...
On Fri, Apr 02, 2010 at 11:42:25AM +0200,
Robert Kisteleki rob...@ripe.net wrote
a message of 20 lines which said:
I don't know what good reasons you might have to pull down the current
URLs. Please keep them working.
I strongly agree and, by the way, it seems this was partially
mentioned
On Wed, Apr 14, 2010 at 05:02:10PM +1000,
Skeeve Stevens ske...@eintellego.net wrote
a message of 37 lines which said:
As the subject says, APNIC was allocated 14/8 and 223/8 today...
Actually, it was a few days ago.
Not sure why I haven't seen any announcements about it...
There have
On Fri, May 13, 2011 at 05:03:11AM -0400,
Joly MacFie j...@punkcast.com wrote
a message of 19 lines which said:
I recall checking at the time that http://icmregistry.xxx worked
Now it doesn't. Anyone know what's going on?
The TLD .xxx works. Names like sex.xxx or icmregistry.xxx have
On Thu, May 30, 2013 at 09:04:44AM -0600,
Josh Galvez j...@zevlag.com wrote
a message of 135 lines which said:
DNSSEC seems to be validating properly.
Since Google Public DNS returns SERVFAIL even with the +cd option
(Checking Disabled), I suspect that it is not a DNSSEC issue at all.
On Sat, Nov 02, 2013 at 01:12:54PM -0400,
Jay Ashworth j...@baylink.com wrote
a message of 8 lines which said:
The balkanizing of the Net?
http://www.washingtonpost.com/blogs/worldviews/wp/2013/11/01/how-anti-nsa-backlash-could-fracture-the-internet-along-national-borders/
So, to host
Interesting study of what seems to be real BGP shunts:
http://www.renesys.com/2013/11/mitm-internet-hijacking/
On Wed, Nov 20, 2013 at 01:54:00PM -0500,
Christopher Morrow morrowc.li...@gmail.com wrote
a message of 11 lines which said:
someone has already parsed out all route announcements from
ris/routeviews for the 2 specific incidents in question in the
article? and posted the contents somewhere
On Wed, Nov 27, 2013 at 02:10:33AM -0500,
Jay Ashworth j...@baylink.com wrote
a message of 7 lines which said:
To Belarus, Iceland.
Old news, more than a week.
Um, oops.
http://catless.ncl.ac.uk/go/risks/27/62/2
The real URL is
On Fri, Dec 06, 2013 at 06:38:31PM +0100,
Eugen Leitl eu...@leitl.org wrote
a message of 357 lines which said:
http://www.wired.com/threatlevel/2013/12/bgp-hijacking-belarus-iceland/
Except the remarks from Kapela, it has very little content above what
was in the Renesys paper, discussed
On Fri, Dec 06, 2013 at 01:05:54PM -0500,
Jared Mauch ja...@puck.nether.net wrote
a message of 36 lines which said:
I've detected 11.6 million of these events since 2008 just looking at the
route-views data. Most recently the past two days 701 has done a large MITM
of
traffic.
The big
On Fri, Dec 06, 2013 at 12:39:16PM -0600,
Brandon Galbraith brandon.galbra...@gmail.com wrote
a message of 43 lines which said:
If your flows are a target, or your data is of an extremely
sensitive nature (diplomatic, etc), why aren't you moving those bits
over something more private than
On Sun, Feb 02, 2014 at 02:49:49PM -0800,
Matthew Petach mpet...@netflight.com wrote
a message of 49 lines which said:
If NTP responded to a single query with a single equivalently sized
response, its effectiveness as a DDoS attack would be zero; with
zero amplification, the volume of
On Mon, Feb 03, 2014 at 04:09:39AM +,
Dobbins, Roland rdobb...@arbor.net wrote
a message of 20 lines which said:
I also think that restricting your users by default to your own
recursive DNS servers, plus a couple of well-known, well-run public
recursive services, is a good idea - as
On Sat, Feb 08, 2014 at 12:34:45AM -0800,
Jonathan Lassoff j...@thejof.com wrote
a message of 88 lines which said:
This is going to be tricky to do, as DNS packets don't necessarily
contain entire query values or FQDNs as complete strings due to
packet label compression
Apprently, the OP
On Sat, Feb 08, 2014 at 01:38:13PM +0530,
Anurag Bhatia m...@anuragbhatia.com wrote
a message of 54 lines which said:
but here I am not sure how to create such string out and script them
for automation.
Use this program:
http://www.bortzmeyer.org/files/generate-netfilter-u32-dns-rule.py
1 - 100 of 232 matches
Mail list logo
