?
We are using a hodgepodge of homegrown stuff and RT but are outgrowing
it.
What's good? What sucks?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
army
The army guy contacts his base IT staff to bitch about his email
His base IT staff escalates the bitching up through a long and twisty channel
Then you may or may not hear a status back, or get your AS unblocked
Sit tight and wait, till then
--
Suresh Ramasubramanian (ops.li...@gmail.com)
Suresh Ramasubramanian:
Your customer contacts his contact (friend / relative / customer etc)
in the US army
The army guy contacts his base IT staff to bitch about his email
His base IT staff escalates the bitching up through a long and twisty channel
Then you may or may not hear a status back
On Thu, Jul 1, 2010 at 11:11 AM, Michael Painter tvhaw...@shaka.com wrote:
As randy said not too long ago, First they came for...
No. Not Randy. That was pastor martin neimoller about the nazis.
So, you just invoked godwin's law. Thread over.
thank you
suresh
of this communication is strictly prohibited.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Wed, Aug 11, 2010 at 4:59 PM, Sven Olaf Kamphuis s...@cb3rob.net wrote:
hmm funny, it had the piratebay on it, the 3rd most visted .org domain in
the world, as well as number 7 or so on the list of most visted websites in
the entire world, until a few months ago.
no, that doesnt matter as
That would be rarther funny Sven, you buying IBM. Sweet dreams.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
and of course apricot (www.apricot.net)
On Sun, Aug 22, 2010 at 7:47 PM, Marshall Eubanks t...@americafree.tv wrote:
SANOG (Southeast Asia) - http://www.sanog.org/
PACNOG (Pacific) - http://www.pacnog.org/
--
Suresh Ramasubramanian (ops.li...@gmail.com)
). This work appeared in this year's IEEE Security
Privacy conference. You can take a look at it if you are interested (and
feedbacks are welcome):
http://www.eecs.umich.edu/~zhiyunq/pub/oakland10_triangular-spamming.pdf
--
Suresh Ramasubramanian (ops.li...@gmail.com)
BCP38 / RFC2827 were created specifically to address some quite
similar problems. And googling either of those two strings on nanog
will get you a lot of griping and/or reasons as to why these aren't
being more widely adopted :)
--srs
On Fri, Sep 3, 2010 at 7:47 AM, Zhiyun Qian
would likely increase a
bit. but my guess, and i mean guess, is that the limiting parameter
could well be how many bots the perps can get, not how well those bots
are blocked.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
are very much there - and if the port 25 filtering were to be
taken out, you'd at once see the increase in spam volumes.
--srs
--
Suresh Ramasubramanian (ops.li...@gmail.com)
server,
change the IPs their spam servers VPN to, and they're back in business.
When sales brought me their initial request, I really didn't believe it, but
I didn't have good enough cause to reject it.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
.
--
Brandon Galbraith
Voice: 630.492.0464
--
Suresh Ramasubramanian (ops.li...@gmail.com)
Mongolia
if they want to.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
DDOS mitigation, or SPF .. or more likely both.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
organizations haven't solved
the problem yet, so I'm not holding my breath waiting for that to work out...)
--
Suresh Ramasubramanian (ops.li...@gmail.com)
, expect to see wifi hotspots diminish. IMO, that
classification would be a bad thing.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
Juniper srx runs JunOS.
On Sat, Oct 30, 2010 at 11:31 AM, Jeffrey Lyon
jeffrey.l...@blacklotus.net wrote:
Juniper Netscreen does, in case the OP is looking for alternatives.
Best regards, Jeff
--
Suresh Ramasubramanian (ops.li...@gmail.com)
using this to load balance three
satellite uplinks in Afghanistan, 2 Mbps each, but it will supposedly
handle much higher.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
http://www.foxnews.com/politics/2010/11/16/internet-traffic-reportedly-routed-chinese-servers/
--
Suresh Ramasubramanian (ops.li...@gmail.com)
something which was presented to congress
So, lessigisms like code is law aside, I guess yes, it IS political now.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
there is no obvious
indication of who made the change or for what reason, it's unlikely it was
accidental.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
referred to it seem more to be related to the routing
leaks on April 8th. Or do you have additional information?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
hands. Otherwise no.
/me waits for the knock at the door and the yell of Search warrant, we
hear you're running an uncensored BIND
--
Suresh Ramasubramanian (ops.li...@gmail.com)
to work for these
guys)...
http://www.webmetrics.com/
--
Suresh Ramasubramanian (ops.li...@gmail.com)
-'\
+---+ / \
| |@@@ / /|,|\ \
| |@@@ /_// /^\ \\_\
@x@@x@| | |/ WW( ( ) )WW
\/| |\| __\,,\ /,,/__
\||/ | | | jgs (__Y__)
/\/\/\/\/\/\/\/\//\/\\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\/\
--
Suresh Ramasubramanian (ops.li...@gmail.com)
/ signatures? Deny all, unless flow (addresses/protocol/port) is
pre-approved / registered?
What does the technical solution look like?
Any solutions to maintain some semblance of freedom?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
And if I ever find the genius who came up with the we are not the
internet police meme ...
On Fri, Dec 10, 2010 at 12:19 AM, Suresh Ramasubramanian
ops.li...@gmail.com wrote:
Let's put it this way.
1. If you host government agencies, provide connectivity to say a
nuclear power plant
to reconsider it, given the new
security threats we all face that have outdated that meme.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Fri, Dec 10, 2010 at 6:25 AM, Brandon Kim brandon@brandontek.com wrote:
Wow, sounds like TrueCrypt it is.not a single other app was suggested!!!
Thank you gentlemen!
There's also PGP WDE (Whole Disk Encryption)
--
Suresh Ramasubramanian (ops.li...@gmail.com)
inherited. Does
anybody know of anyone who would consider reconfiguring/fixing it.
It seems that all mail presented to it appears to be from
localhost, when i reject unautorized destinations, it rejects all
mail.
Thanks in advance.
Bill Kruchas
--
Suresh Ramasubramanian
-internet-regulation-options.aspx
DISSENT = set interface null *1984*
*
--
Suresh Ramasubramanian (ops.li...@gmail.com)
service you can buy that from at least 4 or 5 nationwide
landline providers, besides several cellphone providers.
Monopoly is what there was like a decade back.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
-in²
duplicated MACs across two physically different machines. What are the
odds, that HP would dup¹d them and that both would eventually end up at my
shop? Or maybe this type of thing isn¹t big of deal... ?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
to contact me directly
--
Suresh Ramasubramanian (ops.li...@gmail.com)
://www.proflowers.com/ |
redENVELOPEhttp://www.redenvelope.com/ | Cherry Moon
Farmshttp://www.cherrymoonfarms.com/ | Shari's
Berrieshttp://www.berries.com/
--
Suresh Ramasubramanian (ops.li...@gmail.com)
.
--
Jon Lewis, MCP :) | I route
Senior Network Engineer | therefore you are
Atlantic Net |
_ http://www.lewis.org/~jlewis/pgp for PGP public key_
--
Suresh Ramasubramanian (ops.li...@gmail.com)
webmetrics (acquired by neustar sometime back) -
http://www.webmetrics.com
--
Suresh Ramasubramanian (ops.li...@gmail.com)
530 W 6th Street #901
Los Angeles, CA 90014
k...@quadranet.com
--
Suresh Ramasubramanian (ops.li...@gmail.com)
. Many successful
enterprises sprung from hobby projects.
So did spamhaus for quite a while.
But this is specifically in the context of dnsbls. Where steve's mostly right.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
(postmaster for AS27477)
--
Suresh Ramasubramanian (ops.li...@gmail.com)
...@altechstream.rw wrote:
I am being attacked by a lot of spams on my postfix box. What is the best
way to block them and fix this for good?
It is so bad some of my IPs have been black listed.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
:Moscow
address:43, Bolshoy Tishinskiy per
phone: +7 495 9334592
nic-hdl:DA489-RIPE
source: RIPE # Filtered
So - the whois for these is quite confusing - not very easy for any
one entity to establish ownership?
--
Suresh Ramasubramanian (ops.li
, implement SPF and run
dkimproxy on your postfix box and bid spams adieu .
You would be surprised the power of ASSP . It is the best out there that
kills spam dead on arrival and departure.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
That's as cluebie an answer as it gets.
ps: man iptables on restricting / allowing by uid.
cheers
srs
On Fri, Mar 4, 2011 at 12:21 PM, Joshua William Klubi
joshua.kl...@gmail.com wrote:
Then like Robert Suggest he should implement step 2
and it would solve his problem asap
--
Suresh
On Tue, Mar 8, 2011 at 1:21 PM, Nathan Eisenberg
nat...@atlasnetworks.us wrote:
What happens when countries are formed from secession? Does one half have to
renumber? ;)
There's a civil war and the winner takes all
--
Suresh Ramasubramanian (ops.li...@gmail.com)
of 10
is block it on your end.
Email tends to be non threatening. As useless as it tends to be, it is still
generally better than calling.
the real cesspool is POC registries. i wish arin would start revoking
allocations for entities with invalid POCs.
--
Suresh Ramasubramanian (ops.li
snowshoer can get a /15, why can't a
legitimate corporation get some for itself? :)
--
Suresh Ramasubramanian (ops.li...@gmail.com)
device bridging clients
onto our network and we hunt it down from there.
I've yet to see a solid methodology for detecting NATing devices,
short of requiring 802.1x authentication using expiring keys and
one-time passwords. :p
Cheers,
jof
--
Suresh Ramasubramanian (ops.li...@gmail.com)
.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
.
I wish it were that easy.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
Falling back to A when there is an MX (especially after receiving any kind
of SMTP response from the MX) is an RFC violation by the way (rfc 5321
section 5.1)
Even then - this doesn't appear to be the case. The bounce below was
generated entirely within Hotmail. From SNT133-WS53 (a hotmail
authentication required is a bizzarre error to return.
Does it go away if you actually turn off graylisting for hotmail?
On Tuesday, October 23, 2012, Carlos M. Perez wrote:
Mike,
I think this is exactly what is going on. The domains that are having
issues have greylisting on with the spam
Most countries that implement a great firewall of $country model already do
route all their international outbound traffic through a common gateway.
Still others use the mechanism of sending a court order to all registered
ISPs in the country asking them to block whichever URL it is.
If that ISP
Maps was taken over by trend micro years back, maybe they just retired the
old domain?
--srs (htc one x)
On Nov 4, 2012 4:14 PM, Alexander Maassen outsi...@scarynet.org wrote:
Looks like it's down again
From ge0-1-v201.r2.mst1.proxility.net (77.93.64.146) icmp_seq=1
Destination Host
-authoring.ip-plus.net/documents/BIS_TI_Router_Filter_Policy_EN.pdf
ip prefix-list martians seq 8000 permit 8.0.0.0/7 le 19
[etc]
Not so much of a problem in v4 but as you saw for yourself, you risk not
seeing prefixes at all if you try this.
--
Suresh Ramasubramanian (ops.li...@gmail.com)
at
mxtoolbox?
Thanks,
David Sotnick
--
Pixar
Emeryville, CA
--
Suresh Ramasubramanian (ops.li...@gmail.com)
messages in the bounce code, then you can
probably look at the site for each ISP, and google their postmaster group.
Matthew
Matthew Barr
Technical Architect
Snap Interactive
mb...@mbarr.net
--
Suresh Ramasubramanian (ops.li...@gmail.com)
It's called the great firewall of china. Feel free to shift vendors but it
won't help.
Meanwhile make sure none of your users are surfing for falun gong,
dalai lama, ai weiwei or whoever else the chicom censors don't like on that
particular day
On Wednesday, December 5, 2012, Thomas York wrote:
http://www.youtube.com/watch?v=re0VRK6ouwIfeature=share
you'll probably laugh so hard you won't even need the fiber
-
From: Suresh Ramasubramanian [mailto:ops.li...@gmail.com javascript:;]
Sent: Thursday, December 06, 2012 5:31 AM
To: nanog@nanog.org javascript:;
Subject: Google Fiber - keeps you regular
Introducing the Google Fiber
Barhttp://www.youtube.com/watch?v=re0VRK6ouwIfeature=share
you'll probably
If you look at www.google.com/fiber they do seem to be in that market now
On Friday, December 7, 2012, Otis L. Surratt, Jr. wrote:
Yep. But you know I wouldn't be surprised if Google entered that market.
That's why I was asking. You never know these days.
From: Suresh Ramasubramanian
Who uses it? Or did you see your IP listed in one of those multiple dnsbl
query sites and contacted them on general principles even though you didn't
see any actual bounced email that could be traced to a spam rats listing?
That said, it is best practice to set ptr records even for your
Admin or the other to block mail based on spam rats..
Which is something I wouldn't recommend to people running a production mail
system, but we'll..
--srs (htc one x)
On 10-Jan-2013 8:40 AM, Julian DeMarchi jul...@jdcomputers.com.au wrote:
On 01/10/2013 01:06 PM, Suresh Ramasubramanian wrote
One $GENERATE in bind should take care of that, and save what looks like
the usual extra long nanog thread?
What does it cost you not to do it?
On Thursday, January 10, 2013, Julian DeMarchi wrote:
On 01/10/2013 01:16 PM, Suresh Ramasubramanian wrote:
Ask your customers what I asked you
AM, Chris Adams cmad...@hiwaay.net wrote:
Once upon a time, Suresh Ramasubramanian ops.li...@gmail.com said:
That said, it is best practice to set ptr records even for your
unassigned
ip space
[citation needed]
--
Chris Adams cmad...@hiwaay.net
Systems and Network Administrator - HiWAAY
/9/2013 10:06 PM, Suresh Ramasubramanian wrote:
Who uses it? Or did you see your IP listed in one of those multiple dnsbl
query sites and contacted them on general principles even though you
didn't
see any actual bounced email that could be traced to a spam rats listing?
That said
Mail is all this discussion is in the context of
On Friday, January 11, 2013, Karl Auer wrote:
On Thu, 2013-01-10 at 20:23 +0530, Suresh Ramasubramanian wrote:
Unused space generally gets a $generate type generic scripted runs which
could be whatever, like ip-ad-dr-ess.example.com
Mail is all this discussion is in the context of
On Friday, January 11, 2013, Karl Auer wrote:
On Thu, 2013-01-10 at 20:23 +0530, Suresh Ramasubramanian wrote:
Unused space generally gets a $generate type generic scripted runs which
could be whatever, like ip-ad-dr-ess.example.com
I'm having more than a little deja vu here - Romanian LIRs have come up on
this list (leave alone nanog, or various other RIPE lists) more than once
in this context. In fact
There is an apparent pattern of large scale misuse of resources here, with
a complex reporting procedure that puts the
There have been previous incidents in the ARIN region .. Nothing on the
grand scale of what Ron is describing, and just saying, Arin does liaise
with the Anti spam world rather better than this.
On Wednesday, January 16, 2013, William Herrin wrote:
Hi Rich,
Since this is NANOG, not a forum
On Tuesday, January 22, 2013, Matt Palmer wrote:
That article doesn't justify security review, it justifies not being a
complete knob when someone reports a security hole in your site. There are
so many site vulnerabilities these days that they're not news. What *is*
news is when the
arbor peakflow to start with?
On Thursday, January 31, 2013, Piotr wrote:
Hi,
I looking some box (vendor, model), which i can put out of the
main/product network, which can analyze packets netflow,sflow,syslog from
bgp router(s) and after discover some anomaly it can do some action, for
AS23456 is currently announcing a good few netblocks (which don't have a
very good smtp reputation, by the way).
Funny thing is, that's a special use ASN as per rfc4893, something about
two octet ASNs that don't have a four octet representation.
Only one upstream (airtelbroadband-as-ap, as24560)
At least the 103.x which are announced by airtel. The other netblocks (one
Indian and two brazilian) appear unrelated though also showing as23456
--srs (htc one x)
On 03-Feb-2013 6:12 PM, Suresh Ramasubramanian
ops.li...@gmail.comjavascript:_e({}, 'cvml',
'ops.li...@gmail.com');
wrote:
AS23456
dave.na...@alfordmedia.com wrote:
On 2/3/13 9:04 AM, Rich Kulawiec r...@gsp.org wrote:
On Sun, Feb 03, 2013 at 06:12:32PM +0530, Suresh Ramasubramanian wrote:
AS23456 is currently announcing a good few netblocks (which don't have a
very good smtp reputation, by the way).
To say the least
Part of the entire 'chinese l337 hxx0r spy' 1st complex is apparently the
local equivalent of a community college, where the passing out assignment
is probably something on the lines of 'get me a dump of the dalai lama's
email'.
--srs (htc one x)
On 20-Feb-2013 2:08 PM, Scott Weeks
Net net - what we have here is, so far, relatively low tech exploits with a
huge element of brute force, and the only innovation being in the delivery
mechanism - very well crafted spear phishes
They don't particularly need to hide in a location where they're literally
bulletproof (considering
Very true. The objection is more that the exploits are aimed at civilian
rather than (or, more accurately, as well as) military / government /
beltway targets.
Which makes the alleged chinese strategy rather more like financing jehadis
to suicide bomb and shoot up hotels and train stations,
On Thursday, February 21, 2013, Warren Bailey wrote:
The only spanking that has been going on nanog lately is Jay using his
email to keep us up to date on current news. I am going to call it a
night, and look for a SCUD fired from Florida in the morning. ;)
Nanog setting their list server up
And so their bush league by itself was responsible for all the penetrations
that mandiant says they did? Which shows that they don't have to be
particularly smart, just a bit smarter than their average spear phish or
other attack's victim.
On Friday, February 22, 2013, Jack Bates wrote:
On
Black market sales, handing out /15s to Romanian spammers like candy ..
Europe has had a lot of IP allocation fun
On Wednesday, April 24, 2013, Andrew Latham wrote:
On Tue, Apr 23, 2013 at 5:41 PM, Valdis Kletnieks
valdis.kletni...@vt.edu javascript:; wrote:
I didn't see any mention of this
Checking for a non resolvable HELO will get you significant fps. There are
plenty of HELO patterns that can and must be filtered but not this one.
On Wednesday, May 8, 2013, Robert Drake wrote:
Sorry for the noise, but I thought this might be of interest to anyone
waiting for their hotel
?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Fri, May 8, 2009 at 11:00 AM, Skywing skyw...@valhallalegends.com wrote:
I seem to recall that Mailstreet/MXlogic firewalls off (not rejects at SMTP
level) any AS listed in UCEProtect, at least of about a year or so ago.
- S
I would be very surprised indeed if MX Logic did something like
You wont find me holding up uceprotect or apews as fine examples of
properly or even competently run lists, I'd point you to spamhaus for
that.
But, in this day and age, and with the volumes of spam around, I'd
counsel you NOT to wait for or expect manual complaints to your abuse
desk, almost
Traffic from bogon IP space is more likely than anything else to be
the result of misconfiguration rather than a spammer abusing it.
The cymru bogons list and the spamhaus drop list target two entirely
distinct issues and they shouldnt be confused together.
On Wed, Jun 17, 2009 at 2:14 PM,
On Thu, Jun 18, 2009 at 5:29 AM, Sean Donelans...@donelan.com wrote:
On Wed, 17 Jun 2009, Suresh Ramasubramanian wrote:
The cymru bogons list and the spamhaus drop list target two entirely
distinct issues and they shouldnt be confused together.
Correct. And whatever list you use
Rod - you wouldnt qualify as an ISP - or even a provider of an
interactive computer service to go by the language in 47 USC 230, by
simply running a TOR exit node.
On Thu, Jun 25, 2009 at 4:15 AM, Rod Beckrod.b...@hiberniaatlantic.com wrote:
Richard,
The question is how much ISPs should be
On Thu, Jun 25, 2009 at 9:44 AM, Adrian Chaddadr...@creative.net.au wrote:
On Thu, Jun 25, 2009, Suresh Ramasubramanian wrote:
Rod - you wouldnt qualify as an ISP - or even a provider of an
interactive computer service to go by the language in 47 USC 230, by
simply running a TOR exit node
not ..
And even were the telco to run a tor node, their charter as a common
carrier probably doesnt specify that theyre a common carrier for tor
nodes.
so ...
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Thu, Jun 25, 2009 at 10:32 PM, Steve Pirkor...@pirk.com wrote:
On a related note, I posted a question about ipv6 a while back and the
ticket I also opened is gertting bounced around with no one saying yes,
this is my space.
My ipv6 skills are seriously lacking... Can anyone shed light on
On Fri, Jun 26, 2009 at 7:08 AM, Joe Grecojgr...@ns.sol.net wrote:
And which one is targetted at the specific repressive regime effectively
created by the US broadband cartels? :-)
Rod Beck's proposal to modify the common carrier regs, of course.
--
Suresh Ramasubramanian (ops.li
On Sun, Jun 28, 2009 at 5:50 PM, Gregoire Villainna...@greg.net wrote:
I would highly advise you have a read at any presentation by Phil Smith:
ftp://ftp-eng.cisco.com/pfs/seminars (anonymous login)
Read as much as you can from here 1st thing 1st - this is all solid ground
knowledge.
And
Sorbs was shut down just about that time ago ..
On Sat, Jul 11, 2009 at 7:50 PM, Ronald Cotoniseti...@gmail.com wrote:
I need to resolve some issues that we are having with you guys but there is
a lack of timelyness with your contact forms, 28 days is simply unacceptable
:(
--
Suresh
...which I can't unfortunately not answer. But I guess the announce
is not propagated outside of their network...
Thanks for your help.
Laurent
--
Suresh Ramasubramanian (ops.li...@gmail.com)
of).
Can please any of you tell me if from your location 213.215.28.0 is
reachable through AS12670 ?
Hi,
It seems the netblock 213.215.28.0/23 is now reachable through AS13193
and AS12670.
Thanks
Laurent
--
Suresh Ramasubramanian (ops.li...@gmail.com)
the company I work for even existed. Amazing right?
--
Suresh Ramasubramanian (ops.li...@gmail.com)
On Tue, Sep 22, 2009 at 1:56 AM, Jeffrey Lyon
jeffrey.l...@blacklotus.net wrote:
We used to have a lot of people buying IP's in bulk for SEO. They
would all cancel within one or two months citing that they couldn't
afford it or the project failed, etc. Guess they realized that the
whole thing
1 - 100 of 509 matches
Mail list logo