Re: Proving Gig Speed

On Wed, 18 Jul 2018 08:24:15 -0500, Mike Hammett said: > Check your Google portal for more information as to what Google can do with > BGP Communities related to reporting. For a horrifying moment, I misread this as Google surfacing performance stats via a BGP stream by encoding stat_name:value

Re: using expect to log into devices

On Sun, 22 Jul 2018 00:43:35 +0200, Niels Bakker said: > Fine as a personal exercise, of course. The inability to download > modules seems sadistic to me, though. And given the adage "Never create a rule you can't enforce", I wonder how they enforce it - have to be pretty hardcore to make sure th

Re: using expect to log into devices

On Sun, 22 Jul 2018 00:10:06 -0400, J Crowe said: > Have you looked into utilizing Ansible? Yes, we use Ansible heavily on production services. But Ansible doesn't *stop* somebody from downloading modules, especially if it's a laptop used for diagnosis/testing. pgpCUNzXhlEPO.pgp Description: P

Re: Rising sea levels are going to mess with the internet

On Mon, 23 Jul 2018 02:09:23 -0500, Colin Baker said: > These guys would freak if they popped open a manhole in the spring It's a lot harder to pump out a manhole if it's now below the water table. pgpuLFbGi3gUF.pgp Description: PGP signature

Re: Rising sea levels are going to mess with the internet

On Mon, 23 Jul 2018 09:25:28 -0400, William Herrin said: > Climate science is interesting and worthy, but it's still too shaky > and incomplete to justify trillion dollar decisions. So cleaner, less polluting energy sources don't justify it right there? Check the air quality in Beijing or parts o

Re: Rising sea levels are going to mess with the internet

On Thu, 26 Jul 2018 16:56:08 -, "Naslund, Steve" said: > Since we have been able to cope with train derailments, backhoes, forest > fires, traffic accidents, etc, I am pretty confident that the networks will > keep up with the lightning fast 1/8" per year rise in sea level. Have they finished

Re: California fires: smart speakers and emergency alerts

On Thu, 26 Jul 2018 09:54:10 -0700, Seth Mattinen said: > People in tornado areas seem to be the most aware that alert radios > already exist. No internet access required. Do those use a frequency band that's suitable for cellphones to monitor (antenna size, power, etc)? Because your best chance

Re: Rising sea levels are going to mess with the internet

On Thu, 26 Jul 2018 15:39:51 -0400, Rob McEwen said: > JUST BARELY curve upwards. So I dug into THEIR actual data - and even > THEIR data shows something like a cumulative 1mm/year increase - and - > it took ~40 years or so to get to that 1mm increase (to be extra clear, > this is a reported incre

Re: Rising sea levels are going to mess with the internet

On Thu, 26 Jul 2018 19:43:37 -, "Naslund, Steve" said: > As an engineer I would like to know how we separate what would be happening > without us from what effect we are having. Well, when all previous data shows temperature changes on the order of degrees per millenium (absent major incidents

Re: Rising sea levels are going to mess with the internet

On Thu, 26 Jul 2018 16:07:56 -0400, Rob McEwen said: > On 7/26/2018 3:49 PM, valdis.kletni...@vt.edu wrote: > > Compound interest is a bitch. >> it took ~40 years or so to get to that 1mm increase (to be extra clear, >> this is a reported increase over how much oceans are rising now compared >> to

Re: Rising sea levels are going to mess with the internet

On Thu, 26 Jul 2018 20:48:58 -, "Naslund, Steve" said: > Don't panic though about the 70 meter rise though. According to this article > by National Geographic, it would take around 5000 years to melt that much ice > even assuming the current temperature rise continues. Was that article from b

Re: Security team objectives

On Mon, 30 Jul 2018 06:43:35 +0200, Ramy Hashish said: > Good day all, > > If you are going to start a security team in a newly founded IT > organization, what will the objectives/results be? The answer will depend heavily on the organization that contains the IT group. The right answers will be

Re: Best practices on logical separation of abuse@ vs dmca@ role inboxes

On Mon, 06 Aug 2018 09:51:17 -0500, Matt Harris said: > But then the question becomes "how are they supposed to find the 'proper > address' for their reports?" Asked and answered already. On 8/5/2018 16:53:35, "John Levine" wrote: >See https://www.copyright.gov/dmca-directory/ If you are in fac

Re: OpenDNS CGNAT Issues

On Wed, 12 Sep 2018 14:10:05 -, Kenny Taylor said: > For a truckload of gold, I’m pretty sure most of us would make that work ☺ Unless they get underbid by the one of us willing to settle for a foot locker full of gold. pgp6lNCVQkTiq.pgp Description: PGP signature

Re: OpenDNS CGNAT Issues

On Wed, 12 Sep 2018 09:42:11 -0700, Owen DeLong said: > If you do it for a mere footlocker, I will be happy to watch and laugh. So.. taking this as a size: https://www.containerstore.com/s/storage/trunks/black-rolling-trunk-with-tray/12d?productId=1230 We'll shave off an inch or so off each

Re: CloudFlare D.N.S. Resolvers... (1.1.1.1 & 1.0.0.1)

On Wed, 26 Sep 2018 10:52:07 +0300, Michael Bullut said: > Has anyone deployed the aforementioned in your individual networks? A quick > test suggests it is quite fast compared with Google's D.N.S. resolvers: > *Reply from 1.1.1.1 : bytes=32 time=3ms TTL=61* 3ms indicates you're

Verizon FIOS finally gets IPv6?

Chatter here is that at least some areas are seeing actual functional IPv6, dhcpv6-pd and all... https://www.dslreports.com/forum/r32136440-Networking-IPv6-working

Re: Oct. 3, 2018 EAS Presidential Alert test

On Wed, 03 Oct 2018 12:53:57 -0700, mike.l...@gmail.com said: > Interesting question though... I wonder if people on micro-cells and/or wifi > calling don’t get the alerts. That would be extremely dumb and > irresponsible of > the cell phone carriers, so its likely the case :) Oddball corner c

Re: bloomberg on supermicro: sky is falling

On Thu, 04 Oct 2018 15:26:15 -0400, William Herrin said: > The Bloomberg article described them as looking like 'signal > conditioning couplers" on the motherboard. There is no such part on > server boards but maybe they meant optoisolators or power conditioning > capacitors. You overlook the obv

Re: bloomberg on supermicro: sky is falling

On Thu, 04 Oct 2018 21:00:57 -, "Naslund, Steve" said: > The other thing I am highly skeptical of is the suggestion of attempting to > tap sensitive intel agency systems this way. Talking to a C&C server is > suicide from within their network. How long do you think it would take them > to >

Re: bloomberg on supermicro: sky is falling

On Thu, 04 Oct 2018 14:10:07 -0700, "Scott Weeks" said: > Classified networks do not connect to other networks unless > they are equally or higher classified. No internet connection. > Period. Well, if your classified network is connecting to a higher classified net, then *that* network is conne

Re: Oct. 3, 2018 EAS Presidential Alert test

On Sat, 06 Oct 2018 15:09:09 -0700, "Scott Weeks" said: > Or some live where there is no cell coverage, don't > watch TV, live where their neighbors are far away > and no gov't folks are going to knock on doors > because the driveway is long, locked at the front > gate and there're dogs in the yard

Re: bloomberg on supermicro: sky is falling

On Mon, 08 Oct 2018 08:53:55 -0500, Daniel Taylor said: > Especially when you have companies out there that consider VPN a > reasonable way to handle secure data transfer cross-connects with > vendors or clients. At some point, you get to balance any inherent security problems with the concept of

Re: Cogent charging 50/mo for BGP (not IPs, the service)

On Wed, 17 Oct 2018 15:53:47 -, David Hubbard said: > Yep we pay it on our circuits, begrudgingly. Wouldn’t mind it as much if > it > actually delivered me every BGP prefix in the global routing table… On Wed, 17 Oct 2018 11:49:10 -0400, Jason Canady said: >  I believe IPv6 BGP is free.

Re: Whats going on at Cogent

On Sun, 28 Oct 2018 17:19:41 -0700, Matthew Petach said: > I can vouch for it. > > The cake was delicious and moist. I'm glad to hear it did *some* sort of good. :) pgpZqiULFZh90.pgp Description: PGP signature

Re: IGP protocol

On Mon, 12 Nov 2018 20:21:26 +, "Naslund, Steve" said: > 2. Most corporate networks will be running OSPF and/or EIGRP as an IGP. And I'm sure there's still some crazies out there using RIPv2. :) pgpPMFjssCptV.pgp Description: PGP signature

Re: netflix OCA in a CG-NAT world

On Wed, 28 Nov 2018 14:37:06 +0300, Nikolay Shopik said: > Sony Entertainment is know to be slowpoke in this area. PS4 > firmware/kernel is SLAC enabled IPv6 but its not exposed to devs and > thus apps doesn't use it at all. Odd. Mine does DHCPv6. It might do SLAC as well, my OpenWRT wouldn't not

Re: [outages] facebook slow

On Fri, 30 Nov 2018 13:16:31 -0700, "Keith Medcalf" said: > Why don't you just write all your password on big sheets of construction > paper and put them on the front of the building or in the nearest Starbucks? I'm going to go out on a limb and say that with all the problems inherent in using a s

Re: Pinging a Device Every Second

On Sat, 15 Dec 2018 12:20:01 -0700, Raymond Burkholder said: > Another aspect is congestion.  Large uploads or downloads can cause > packet loss (including dropping the pings with which you are testing).  > Therefore management packets such as these could be marked and > processed, on your side

Re: Stupid Question maybe?

On Tue, 18 Dec 2018 17:12:45 -0500, "David Edelman" said: > I seem to remember that before the advent of VLSM and CIDR there was no > requirement for the 1 bits in the netmask to be contiguous with no intervening > 0 bits and there was always someone who tested it out on a production network > just

Re: Stupid Question maybe?

On Wed, 19 Dec 2018 21:11:39 +0100, Thomas Bellman said: > On 2018-12-19 20:47 MET, valdis.kletni...@vt.edu wrote: > > There was indeed a fairly long stretch of time (until the CIDR RFC came out > > and > > specifically said it wasn't at all canon) where we didn't have an RFC that > > specifically

Re: ECN, DNS and Firewalls

On Fri, 28 Dec 2018 13:35:04 +1100, Mark Andrews said: > There are major operators that still have STUPID firewall settings > in front of DNS servers that drop SYN packets with ECE and CWR set > 17 years after ECN was specified. Time to name-n-shame?

Re: CenturyLink

On Mon, 31 Dec 2018 10:28:25 +0200, Saku Ytti said: > For the tl;dr folk, crystal drifts +-4.5us per day, Rb +-1.1us (both > seem like unsatisfactorily high numbers to me, i.e. you don't want to > be free-running 24h with Rb). There's another number that's missing - the stability of the drift. I

Re: BGP Experiment

On Tue, 08 Jan 2019 17:48:46 +0100, niels=na...@bakker.net said: > After seeing this initial result I'm wondering why the researchers > couldn't set up their own sandbox first before breaking code on the > internet. I believe FRR is a free download and comes with GNU autoconf. Perhaps you'd li

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

On Sat, 12 Jan 2019 09:45:12 +0530, Viruthagiri Thirumavalavan said: > When I originally drafted the SMTPS proposal, I thought those plaint text > part before the STARTTLS command leaks some sensitive info. So - given that multiple people have explained to you on the ietf-smtp list that there's n

Re: SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

On Sat, 12 Jan 2019 09:45:12 +0530, Viruthagiri Thirumavalavan said: > But I still want the future of email to adopt Implicit TLS. So someday we > can kill Opportunistic TLS. I already lost the case for security. So my > smtps part of the proposal not gonna fly. I'm just here to learn whether > Im

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

On Sat, 12 Jan 2019 17:37:02 -0500, Eric Tykwinski said: > even headers. My guess though is that if this gains traction, there will be a > corresponding law like CALEA for LEO to intercept. Hopefully *this* time we'll do it in such a way that LEO use will remain higher than bad-guys use. I'm not

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

On Sun, 13 Jan 2019 04:51:40 +0530, Viruthagiri Thirumavalavan said: > I don't know why you are all try to defend a man who try to silence my work. Rest assured that if he was actually trying to silence your work you wouldn't have been able to post your message to NANOG.

Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]

On Sun, 13 Jan 2019 04:57:26 +0530, Viruthagiri Thirumavalavan said: > Guys, I can't able to disclose my work at this point. But I'm happy to > publish my work again next month. In the meantime, I have no issues if you > all think my work is bad. You'd probably do the world a favor if you spent

Re: (Netflix/GlobalConnect a/s) Scheduled Open Connect Appliance upgrade is starting

On Sun, 13 Jan 2019 13:50:58 -0600, Mike Hammett said: > People use plain-text e-mail on purpose? Yes. Next question?

Re: (Netflix/GlobalConnect a/s) Scheduled Open Connect Appliance upgrade is starting

On Sun, 13 Jan 2019 20:55:54 +0100, Christoffer Hansen said: > (*it is frustrating when content parity between HTML and PLAINTEXT > sections is e-mails is inconsistent. :/ ) Back when we were designing MIME, somebody (Vernon Schryver?) stated that multipart/alternative with text/plain and text/h

Re: (Netflix/GlobalConnect a/s) Scheduled Open Connect Appliance upgrade is starting

On Sun, 13 Jan 2019 20:01:20 -0800, Brian Kantor said: > Clearly, editing inclusions is a lost art. > - Brian The September That Never Ended was so long ago that pretty much everybody from before that event is now well into "get off my lawn" territory.

Re: plaintext email?

A: Because it messes up the order in which people normally read text. Q: Why is top-posting such a bad thing? A: Top-posting. Q: What is the most annoying thing on usenet and in e-mail? And now you're sitting here wondering what possible relevance that might have to some line or other - the only c

Re: plaintext email?

Without reading further... which of your recent postings is this a reply to? Obviously you already know, because you said you don't need to see the text to know the context... Nope, it wasn't the one about how things became quoted text. On Tue, 15 Jan 2019 13:36:38 -0500, b...@theworld.

Re: Network Speed Testing and Monitoring Platform

On Wed, 16 Jan 2019 19:26:41 +, Chris Kimball said: > Would a raspberry pi work for this? > > Could 3D print a nice case with your logo for it. The Pi has a bandwidth limit at 300mbits/sec due to a USB port being used. I wonder if something like the RIPE Atlas probes could be flashed with sui

Re: Network Speed Testing and Monitoring Platform

On Wed, 16 Jan 2019 10:52:58 -0600, Colton Conor said: > As an internet service provider with many small business and residential > customers, our most common tech support calls are speed related. Customers > complaining on slow speeds, slowdowns, etc. So out of curiosity - does anybody have info

Re: BGP Experiment

On Thu, 24 Jan 2019 04:00:27 +1100, Ben Cooper said: > You caused again a massive prefix spike/flap, That's twice now you've said that without any numbers or details. Care to explain what you mean by "massive" in a world where the IPv4 table has like 700K+ routes? And as percieved by what point(

Re: BGP Experiment

On Sat, 26 Jan 2019 11:37:05 -0800, Owen DeLong said: > 1. Compile a list of lists that should be notified of such > experiments in > advance. Try to get the word out to as much of the community > as possible through various NOGs and other relevant industry >

Re: Calling LinkedIn, Amazon and Akamai @ DE-CIX NY

On Wed, 30 Jan 2019 23:55:40 +, "i3D.net - Martijn Schmidt" said: > Here: all networks that didn't already change their peering IP are not > yet connected to the updated route-server. Some networks are not > connected to any route-server. Therefore, those networks did not yet > change their

Re: Last Mile Design

On Thu, 07 Feb 2019 18:46:40 -0500, David Ratkay said: > I am not sure if this is a easy question to answer. Actually,trivial to answer: "It depends". Often due to "hysterical raisins". > even within the last mile POP. Do you just have POP's delegated to > residential users and a separate POP

Re: AT&T/as7018 now drops invalid prefixes from peers

On Mon, 11 Feb 2019 09:53:45 -0500, Jay Borkenhagen said: > The AT&T/as7018 network is now dropping all RPKI-invalid route > announcements that we receive from our peers. Congrats! Are you able to comment on what amount of routes are getting dropped?

Re: OT/venting: RIPE legal - please stop this madness!

On Fri, 15 Feb 2019 16:30:21 +, David Guo via NANOG said: > They are based in Netherlands and may be not familiar with Germany business > laws I'd expect that due diligence on their part would be to find an actual expert on German business law. And given that RIPE deals with most of Europe,

Re: A Zero Spam Mail System [Feedback Request]

On Mon, 18 Feb 2019 07:33:32 +0530, Viruthagiri Thirumavalavan said: > My name is Viruthagiri Thirumavalavan. I'm the guy who proposed SMTP over > TLS on Port 26 Unfortunately, your attempt there didn't demonstrate an in-depth knowledge of the email ecology of the sort needed to *actually* solve t

Re: A Zero Spam Mail System [Feedback Request]

On Sun, 17 Feb 2019 22:16:50 -0500, Jon Lewis said: > Anyone else having flashbacks to Jim Fleming telling us about how IPv8 was > the final ultimate solution to IPv4 runout? I was thinking more of the guy who was convinced that each octet in an IPV4 address could store 0 through 256.

Re: A Zero Spam Mail System [Feedback Request]

On Mon, 18 Feb 2019 12:28:21 +0530, Viruthagiri Thirumavalavan said: > Literally everyone attacking me here. Could you tell me why? Because I have > been rude to John Levine, right? No, it's because (a) every aspect we could understand from your writing has already been tried and failed, and (b)

Re: A Zero Spam Mail System [Feedback Request]

On Mon, 18 Feb 2019 12:29:54 -0700, "Anne P. Mitchell, Esq." said: > Especially when they are well-respected members of both NANOG and the greater > email community. Seriously?? Attacking John and Suresh?? It's been a while since the time somebody was dorksplaining RIP to Tony Li. :)

Re: A Zero Spam Mail System [Feedback Request]

On Wed, 20 Feb 2019 20:22:51 +, Matthew Black said: > Have you ever created a sendmail.cf without using M4? Sendmail 5.6mumble or so, for a machine that was on UUCP, Arpa/Milnet, and Bitnet and gatewayed between them. Bitnet was particularly ugly because (a) EBCDIC and (b) no way to represen

Re: A Deep Dive on the Recent Widespread DNS Hijacking

On Mon, 25 Feb 2019 12:14:59 -0700, Paul Ebersman said: > ekuhnke> One thing to consider with authentication for domain registrar > ekuhnke> accounts: > > ekuhnke> DO NOT USE 2FA VIA SMS. > > Yup. This is a good example of what I'm advocating. Just saying "use > 2FA" or "use DNSSEC" or "have a CAA"

Re: A Deep Dive on the Recent Widespread DNS Hijacking

On Mon, 25 Feb 2019 18:23:44 -0700, Paul Ebersman said: > Agreed. But this also gets down to the risk vs hassle tradeoff. Joe's > Bait & Tackle Shop probably isn't getting attacked by nation states who > can hack SS7, so SMS text might be good enough. And certainly better > than just an 8 char pla

Re: 2FA, was A Deep Dive on the Recent Widespread DNS Hijacking

On Tue, 26 Feb 2019 08:36:11 -0800, Seth Mattinen said: > On 2/25/19 9:59 PM, Keith Medcalf wrote: > > Are you offering an indemnity in case that code is malicious? What are the > > terms and the amount of the indemnity? > Anyone who is that paranoid should read the RFC and write their own TOTP

Re: Should Netflix and Hulu give you emergency alerts?

On Sat, 09 Mar 2019 14:14:27 -0500, Brandon Martin said: > I think the solution to this is perhaps maybe that network operators > could "help" by building in some useful features to their network > without explicitly supporting EAS or otherwise. After all, we (or at > least most of us) already

Re: Should Netflix and Hulu give you emergency alerts?

On Tue, 12 Mar 2019 13:45:23 -0700, William Herrin said: > In many cases, only the foreground app has a clear understanding of the > state of the screen. Not the OS and definitely not the hardware platform. > I'd be super pissed if I died in Overwatch because the BIOS tried to take > over the scre

Re: SHA1 collisions proven possisble

On Thu, 23 Feb 2017 15:03:34 -0500, "Patrick W. Gilmore" said: > For instance, someone cannot take Verisign’s root cert and create a cert > which collides on SHA-1. Or at least we do not think they can. We’ll know > in 90 > days when Google releases the code. >From the announce: "It is now

Re: SHA1 collisions proven possisble

On Thu, 23 Feb 2017 17:40:42 -0500, "Ricky Beam" said: > cost! However this in no way invalidates SHA-1 or documents signed by > SHA-1. We negotiate a contract with terms favorable to you. You sign it (or more correctly, sign the SHA-1 hash of the document). I then take your signed copy, take o

Re: SHA1 collisions proven possisble

On Thu, 23 Feb 2017 19:28:44 -0500, Jon Lewis said: > Doing it with an ASCII document, source code, or even something like a > Word document (containing only text and formatting), and having it not be > obvious upon inspection of the documents that the "imposter" document > contains some "specific

Re: SHA1 collisions proven possisble

On Thu, 23 Feb 2017 20:56:28 -0500, "Patrick W. Gilmore" said: > According to the blog post, you can create two documents which have the same > hash, but you do not know what that hash is until the algorithm finishes. You > cannot create a document which matches a pre-existing hash, i.e. the one i

Re: SHA1 collisions proven possisble

On Thu, 23 Feb 2017 21:10:42 -0500, "Ricky Beam" said: > When you can do that in the timespan of weeks or days, get back to me. > Today, it takes years to calculate a collision, and you have to start with > a document specifically engineered to be modified. (such documents are > easily spotted upo

Re: SHA1 collisions proven possisble

On Sat, 25 Feb 2017 09:26:28 -0800, Richard Hesse said: > Git prefixes blobs with its own data. You're not going to break git with a > SHA-1 binary collision. However, svn is very vulnerable to breaking. And here's the proof-of-concept for svn breakage. Somebody managed to make the WebKit svn tot

Re: SHA1 collisions proven possisble

On Mon, 27 Feb 2017 01:15:28 -0500, "Patrick W. Gilmore" said: > In the example above, the CA knows the SHA-1 hash of the cert it issued. (We > are assuming there is a CA which still does SHA-1.) How do you get that CA to > believe the two OTHER certs with DIFFERENT hashes you have to create so yo

Re: SHA1 collisions proven possisble

On Mon, 27 Feb 2017 07:23:43 -0500, Jon Lewis said: > On Sun, 26 Feb 2017, Keith Medcalf wrote: > > > So you would need 6000 years of computer time to compute the collision > > on the SHA1 signature, and how much additional time to compute the > > trapdoor (private) key, in order for the cert to be

Re: Consumer networking head scratcher

On Wed, 01 Mar 2017 14:04:07 -0500, William Herrin said: > I have no information about whether comcast blocks pings to its routers. All the Comcast gear in the path from my home router to non-Comcast addresses will quite cheerfully rate-limit answer both pings and traceroutes. pgpO6xO_p6EQX.pgp

Re: SHA1 collisions proven possisble

On Wed, 01 Mar 2017 15:28:23 -0600, "james.d--- via NANOG" said: > Those statistics are nowhere near real world for ROI. You'd have to invest > at least 7 figures (USD) in resources. So the return must be millions of > dollars before anyone can detect the attack. Except, it's already > detectable.

Re: SHA1 collisions proven possisble

On Wed, 01 Mar 2017 22:57:06 -0600, James DeVincentis via NANOG said: > - Google created a weak example. The difference in the document they > generated was a background color. They didn’t even go a full RGBA > difference. > They went from Red to Blue. That’s a difference of 4 bytes (R and B

Re: WEBINAR TUESDAY: Can We Make IPv4 Great Again?

On Mon, 06 Mar 2017 03:08:35 -0500, Joly MacFie said: > routing hardware layer that will be hit & miss. Nevertheless, since much of > the world is still IPv4 dependent, it just could take off. For it to "take off", the very same people who have dragged their heels deploying IPv6 will need to sudd

Re: WEBINAR TUESDAY: Can We Make IPv4 Great Again?

On Tue, 07 Mar 2017 18:27:06 -0500, Dennis Bohn said: > AFAICT, Cisco V6 HSRP (mentioning that brand only because it caused me to > try to figure something out, a coincidence that this is in reply to Jakob > from Cisco but is based on what he wrote) relies on Link Local addresses. > I didn't unde

Re: Verizon wireless to stop issuing static IPv4

On Wed, 08 Mar 2017 22:08:59 -0500, Christopher Morrow said: > > previous employer - who built CAD systems for transit buses. > on the bright side they can just get fios or dsl (depending on location) .. > you know you can still get v4 there, and won't even have to worry about > that pesky new fang

Re: Purchased IPv4 Woes

On Sun, 12 Mar 2017 11:11:41 -0400, "Chuck Church" said: > Maybe a silly idea, but shouldn't the sale of a block of addresses (RIR > ownership change) trigger a removal of that block from all reputation list > databases? If I buy a car from a police auction, I'm fairly sure the FBI > doesn't start

Re: Purchased IPv4 Woes

On Sun, 12 Mar 2017 17:59:59 +0200, Chris Knipe said: > > How do all the AS's that have their own internal blacklists find out that > > they should fix their old listings? (Note that this is the exact same > > problem > > as "We got blacklisted because of a bad customer, we axed the customer, but

Re: Purchased IPv4 Woes

On Sun, 12 Mar 2017 18:38:21 +0200, Chris Knipe said: > On Sun, Mar 12, 2017 at 6:17 PM, wrote: > > on the registries. 35,840,000,000 hits per day is the easy part...) > And yet, there's no problems of BILLIONS of queries against RBL DNS servers? As I said, that's not the problem. pgp2uqJvhXP

Re: [NOC] ARIN contact needed: something bad happens with legacy IPv4 block's reverse delegations

On Fri, 17 Mar 2017 17:42:11 +0100, Bjørn Mork said: > Well, it was a nice smoke test of the "RDNS required" anti-feature. All > of a sudden we couldn't even send email to ourselves, having smarthosts > in one of the affected zones. Nice. If you don't have a chaos monkey, the Internet will provid

IPv6 oddness in Comcast land...

Trying to figure out what the heck is going on here. Any good explanations cheerfully accepted. Background: Home internet router is a Linksys WRT1200AC that had been running OpenWRT 15.05.01. IPv6 worked just fine - Comcast handed me a /60 via DHCP-PD and no issues. I reflashed it to Lede 17.01

Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal

On Tue, 28 Mar 2017 15:51:43 -0700, Seth Mattinen said: > Has there ever been a real survey that asks people where they think > Google gets the money to support things like Gmail for "free"? There's a difference. Google only gets to aggregate data you pass to Google. Your ISP gets to aggregate d

Re: EFF Call for sign-ons: ISPs, networking companies and engineers opposed to FCC privacy repeal

On Wed, 29 Mar 2017 16:02:45 -0400, Mark Radabaugh said: > And there you have much of the problem with this privacy bill. Hate to break it to you, but most of the gripes you have here are things you really *want* to do - they're things that reduce your personal liability and/or chance of ending u

Re: 10G MetroE 1-2U Switch

On Thu, 13 Apr 2017 21:37:07 -, Erik Sundberg said: > Looking for a new metroE Edge switch that has more that 10x 10G ports. > 100G Not required Did you mean that downlink 100G is not needed (but needed on the uplink side), or are you planning to use a 40G as an uplink, or are you positive e

Re: PSN (Playstation Network) security team

On Fri, 28 Apr 2017 00:47:23 -0400, Andrew Kirch said: > Arrogance almost always proceeds humiliation. PSN being the counter-example? pgpKJ8jXN363x.pgp Description: PGP signature

Financial services BGP hijack last week?

I didn't see any mention of this here. Any comments? "On Wednesday, large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services companies were briefly routed through a Russian government-controlled telecom under unexplained circumstances that re

Re: Please run windows update now

On Mon, 15 May 2017 02:12:27 -0400, Rich Kulawiec said: > Or BSD, or anything but Windows. Anyone running Microsoft products > is quite clearly an unprofessional, unethical moron and fully deserves > all the pain they get Tell you what. Go over to http://line6.com/software/ - You convince them

Re: Please run windows update now

On Mon, 15 May 2017 15:45:26 -0400, b...@theworld.com said: > So for example why does a client OS produced with that much money > available even allow things like wholesale encryption of files without > at least popping up one of those warnings to confirm that you really > meant to run a program o

Re: Please run windows update now

On Mon, 15 May 2017 16:19:37 -0700, "Aaron C. de Bruyn via NANOG" said: > Combine that with fail2ban. When one user has more than 60 writes in > 60 seconds *or* a write contains a well-known cryptolocker name (i.e. > *DECRYPT_INSTRUCT*) Oddly enough, we've seen *lots* of spammers that are *total

Re: Please run windows update now

On Tue, 16 May 2017 12:23:36 -0500, Brad Knowles said: > On May 16, 2017, at 11:40 AM, JoeSox wrote: > > Isn't it true, with any tech product, the more complex features, the less > > secure it is? Ask yourself why this is the case, and I believe the true > > issue with tech lays there. > > To a d

Re: Please run windows update now

On Tue, 16 May 2017 09:40:50 -0700, JoeSox said: > What would be more of an interesting discussion, to me, would be why > doesn't Microsoft know about these hoarding of vulnerabilities by State > actors and plug them up? It's pretty hard for Microsoft to know about an exploit the NSA is sitting on

Re: Please run windows update now

On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said: > Of course Microsoft knew, since they wrote in the backdoor in the first > place. That is why when informed by their employers that the backdoor was > going to be made public, they could undo the changes they had introduced so > rapidly.

Re: Please run windows update now

On Tue, 16 May 2017 20:55:37 -0600, "Keith Medcalf" said: > > On Tuesday, 16 May, 2017 18:13, Valdis Kletnieks wrote: > > On Tue, 16 May 2017 16:41:36 -0600, "Keith Medcalf" said: > > >> Of course Microsoft knew, since they wrote in the backdoor in the

Re: Cogent BGP Hijack

On Tue, 23 May 2017 10:10:25 +0300, Scott Christopher said: > https://www.lowendtalk.com/discussion/114865/hetzner-and-other-traffic-passin g-cogent-rerouted-over-moscow#latest > > A report that all Cogent traffic got re-routed into Moscow. Looks > innocent but happened right after UA blocked RU we

Re: Making interconnection agreements between networks more dynamic

On Tue, 23 May 2017 15:07:14 -0300, Pedro de Botelho Marcos said: > Dynamic agreements offer many opportunities. For example, consider > acquiring extra "bandwidth as a service" that is available on demand just > when one needs it, similarly to how one might spin up extra VMs in the > cloud to han

Re: BCP38/84 and DDoS ACLs

On Sat, 27 May 2017 00:19:34 +0700, Roland Dobbins said: > servers/services/applications/users you have, et. al. You may need one > set of ACLs at the peering/transit edge, and other, more specific ACLs, > at the IDC distribution gateway, customer aggregation gateway, et. al. I'll go out on a li

Re: Russian diplomats lingering near fiber optic cables

On Thu, 01 Jun 2017 11:32:28 -0700, Brandon Vincent said: > DO NOT ANCHOR OR DREDGE is a pretty good indicator. In Kansas? :) pgpYVwj6j1AF6.pgp Description: PGP signature

Re: Russian diplomats lingering near fiber optic cables

On Fri, 02 Jun 2017 10:14:12 -0400, Alain Hebert said: > It will if the Ocean level change drastically. Raising the question - how well protected against sea level rise *is* the average cable landing/termination station, given that most landing stations in particular are probably fairly near

Re: Russian diplomats lingering near fiber optic cables

On Fri, 02 Jun 2017 15:11:36 -, Rod Beck said: > Landing stations can be 10 to 30 kilometers from the beach manhole. I don't > think it is big concern. Hibernia Atlantic dublin landing station is a good > example. So 100% of those beach manholes are watertight and safe from flooding, and don'

Re: Russian diplomats lingering near fiber optic cables

On Fri, 02 Jun 2017 13:23:26 -0400, Christopher Morrow said: > is this a case of 'wherer the cable gets dry' vs 'where the electronics > doing cable things lives' ? > aren't (normally) the dry equipment locations a bit inland and then have > last-mile services from the consortium members headed inl

<    1   2   3   4   5   6   7   8   9   10   >