On Sun, 07 Oct 2012 16:47:18 -0400, Tom Limoncelli said:
Have there been studies on how much latency CGN adds to a typical
internet user? I'd also be interested in anecdotes.
Should we include the time spent talking to the help desk trying to resolve
double-NAT'ing issues in the latency?
On Thu, 11 Oct 2012 19:20:02 -0500, Jimmy Hess said:
You could setup a video capture card or radio tuner card, tune it into
a good noise source
Finally, a good use for political talk radio. :)
pgpGRW6vGgt7E.pgp
Description: PGP signature
On Mon, 15 Oct 2012 13:11:00 +1100, Karl Auer said:
No-one has said this yet, so I will - why are people working around your
normal network policies? This is often a sign of something lacking that
people need in their daily work. You can often reduce this sort of
innocent thievery down to a
On Tue, 16 Oct 2012 08:48:47 -0400, Darius Jahandarie said:
On Tue, Oct 16, 2012 at 12:57 AM, Scott Weeks sur...@mauigateway.com wrote:
Want to re-write that section or should I respond now? ;-)
I always thought it wasn't allowed because of 18 USC 2701, but
IINAL, would be happy to hear
On Tue, 16 Oct 2012 11:38:52 -0400, Darius Jahandarie said:
In particular, my understanding was that since you're sending a SYN,
it could very well initiate access to stored communications (although
What 18 USC 2701 actually says, courtesy of www.law.cornell.edu:
Offense. - Except as provided
On Sat, 27 Oct 2012 11:16:10 +0100, Darren O'Connor said:
All vendors should be writing in depth architecture books. The Juniper MX
book is a great example. Tell us exactly what your product can do and we'll
likely use more of it
On the flip side, if you document what your product is probably
On Thu, 01 Nov 2012 14:28:48 +0100, Miquel van Smoorenburg said:
We use a /120 subnet for servers to prevent the NDP cache exhaustion
attack. We do maintain a mapping between IPv4 and IPv6 addresses;
it's simply 2001:db8:vv:ww::xx, where xx is the hex value of the
last octet of the IPv4
On Sat, 03 Nov 2012 00:44:14 -0500, Randy said:
Veering off this topic's course, Is there any issue with addresses like
this ?
2001:470:1f00:1aa:abad:babe:8:beef I have a bunch of these type
'addresses' configured for my various machines.
I make it a point to come up with some sort of
On Thu, 15 Nov 2012 23:05:39 -0800, Kyle Creyts said:
Jeez, isn't RPKI supposed to solve this problem?
That would presume the existence of a deployed system that
everybody actually used.
pgpSBbgRGoEqE.pgp
Description: PGP signature
On Mon, 19 Nov 2012 16:37:05 -0500, Jeff Kell said:
The video folks are set, determined, and insistent that they need APC
terminations.
All data references I have found preach UPC.
Remember - the nozzles on unleaded gas pumps aren't interchangeable with the
ones that dispense leaded gas (if
On Tue, 04 Dec 2012 17:32:01 +, Brian Johnson said:
This is a misleading statement. ISP's (Common carriers) do not provide a
knowingly
illegal offering, ... TOR exit/entrance nodes provide only the former.
This is also a misleading statement. Explain the difference between
a consumer
On Wed, 05 Dec 2012 19:48:31 +, Warren Bailey said:
Since when is heavy encryption cool in China? Export restrictions smoke all
of the decent crypto options.
OK, I'll bite.. What crypto options are getting stuck due to export
restrictions (as opposed to import restrictions on the other
On Sat, 08 Dec 2012 10:34:07 +1100, Carl Gough said:
Looking for a sales engineer
I doubt NANOG is the place for you to find sales engineers to work for a
company where the CEO is clueless enough to do all of the following in 1 email:
1) Reply to a digest, and not fix the Subject:
2) Not clean
On Sun, 16 Dec 2012 23:48:13 +0100, Iljitsch van Beijnum said:
Looking for 32-bit AS numbers, I get some strange results from
routeviews:
Unless I missed something, AS 23456 is supposed to show up as a stand-in
for 32-bit ASNs on 16-bit BGP implementations, not in _addition_ to
32-bit ASNs.
On Mon, 17 Dec 2012 16:28:28 -0500, Peter Kristolaitis said:
Now, having said all that... I'm not sure I'd want to pay the
electricity bill for keeping that degausser running... :p
An EMP device doesn't have to chew power all the time...
And of course, there's this:
On Sat, 22 Dec 2012 18:07:16 -0700, Wayne E Bouchard said:
They serve quite well until I get to a switch that some douchebag
mounted rear facing on the front posts of the rack with servers above
and below and I just stand there cursing for a while as I scratch my
head trying to figure out how
On Sun, 30 Dec 2012 19:25:04 -0600, Jimmy Hess said:
I would say those claiming certificates from a public CA provide no
assurance of authentication of server identity greater than that of a
self-signed one would have the burden of proof to show that it is no
less likely for an attempted
On Wed, 02 Jan 2013 12:10:55 -0800, George Herbert said:
Google is setting a higher bar here, which may be sufficient to deter
a lot of bots and script kiddies for the next few years, but it's not
enough against nation-state or serious professional level attacks.
To be fair though - if I was
On Wed, 02 Jan 2013 19:59:35 -0800, Damian Menscher said:
Aurora compromised at least 20 other companies, failed at its assumed
objective of seeing user data, and Google was the only organization to
notice, let alone have the guts to expose the attack [0]. And you're going
to hold that
On Wed, 02 Jan 2013 21:14:31 -0800, Damian Menscher said:
We're off-topic, but that decision needs to be weighed against the
alternatives. If your alternative is running your own mailserver at home,
then your risks are:
Let's face it - if a nation-state has you in the crosshairs, digital
or
On Tue, 15 Jan 2013 14:52:24 -0500, Joe Maimon said:
I only ever say class-c sized. And only when trying to communicate with
the slash-whats.
Your mistake there is trying to communicate with people who have been in
networking long enough to understand class-c, but *still* haven't educated
On Thu, 17 Jan 2013 18:21:28 -0500, William Herrin said:
Then it's a firewall that mildly enhances protection by obstructing
90% of the port scanning attacks which happen against your computer.
It's a free country so you're welcome to believe that the presence or
absence of NAT has no impact
On Fri, 18 Jan 2013 09:03:31 -0500, William Herrin said:
On the technical side, enterprises have been doing large-scale NAT for
more than a decade now without any doomsday consequences. CGN is not
different.
Corporate enterprises have been pushing GPO to the desktop for more
than a decade as
On Sat, 19 Jan 2013 06:26:53 +, Mike Jones said:
Potentially another source of IPv4 addresses - every content network
(/hosting provider/etc) that decides they don't want to give their
customers IPv6 reachability is a future bankrupt ISP with a load of
IPv4 to sell off :)
The problem is
On Mon, 21 Jan 2013 09:17:48 +, Carlos Alcantar said:
I would agree here cross connects. We pay 15x more in cross connects per
month then we do in just the space/power. We actually pulled out of a
colo once our contract came to terms with one of the large colo providers
because of the
On Mon, 21 Jan 2013 23:23:16 -0500, Jean-Francois Mezei said:
This article may be of interest:
http://arstechnica.com/security/2013/01/canadian-student-expelled-for-playing-security-white-hat/
Basically, a Montreal student, developping mobile software to interface
with schools system found
On Sat, 26 Jan 2013 10:26:43 +0100, Pavel Dimow said:
Hi,
I have read many of those ipv6 documents and they are great but I
still luck to find something like real word scenario.
I wish I had taken notes when we actually did this last century.
pgpeb2r7wChr6.pgp
Description: PGP signature
On Tue, 29 Jan 2013 01:20:25 -0500, Rob McEwen said:
The market will eventually sort this out... and in many cases already
has! Meanwhile, Amtrack and the Post Office show no signs of ever making
it without their MASSIVE taxpayer subsidies.
I can't speak to Amtrack, but a large part of the
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
boys and girls, all the cyber-capable countries are cyber-culpable. you
can bet that they are all snooping and attacking eachother, the united
states no less than the rest. news at eleven.
The scary part is that so many things got hacked
On Thu, 14 Feb 2013 13:18:24 -0800, Owen DeLong said:
On Feb 14, 2013, at 12:58 , Karl Auer ka...@biplane.com.au wrote:
On Thu, 2013-02-14 at 08:08 -0500, Jared Mauch wrote:
I recommend keeping your network as congruent between IPv4 and IPv6 as
possible, with dual-stack.
Why?
For one
On Fri, 22 Feb 2013 06:11:21 +0530, Suresh Ramasubramanian said:
And so their bush league by itself was responsible for all the penetrations
that mandiant says they did? Which shows that they don't have to be
particularly smart, just a bit smarter than their average spear phish or
other
On Mon, 25 Feb 2013 13:05:48 -0500, Joly MacFie said:
Who said it's a law?
If it was in fact a law, it would be a lot easier for the victims to
fight back in a court of law.
pgpYuNrgemCzm.pgp
Description: PGP signature
On Mon, 25 Feb 2013 20:07:43 +, Livingood, Jason said:
Other than a few IP mix ups years ago, is this still really an issue? It
seems ISPs have pretty reliable IP lease histories for many years to
support LEA requests and other needs...
The fact that the ISP has a good record of what
On Mon, 25 Feb 2013 13:53:13 +0530, Glen Kent said:
Yahoo, Google, etc applications are running on one server and each
application could be theoretically associated with a unique VXLAN tag. This
way service providers will be able to provide QoS per application
QoS is, when you get down to it,
On Mon, 25 Feb 2013 19:07:20 -0600, Jimmy Hess said:
If the domain in a certificate were not interpreted as a FQDN by the
client, this would mean, that the certificate for
CN=bigbank.example.com
might be used to authenticate a connection to https://bigbank.example.com
which do the local
On Tue, 26 Feb 2013 17:45:18 -0800, Jeroen van Aart said:
Correct, one should not have expectations of fast reliable internet with
low latency in a hotel.
The part that always puzzled me is why a major high-tier chain like Hilton
can't get it right, but a Motel 6 can... :)
pgp_nmdk5jzCn.pgp
On Sun, 03 Mar 2013 00:24:07 +, Mike Jones said:
Inline Reply
On 2 March 2013 21:58, Constantine A. Murenin muren...@gmail.com wrote:
Dear NANOG@,
Have we *really* sunk so low that inline replies need to be flagged as
such, because people *expect* top-posting and if they don't see it
On Mon, 04 Mar 2013 20:40:58 +0200, Saku Ytti said:
Most people design only against 3), often with design which actually
increases likelihood of 2) and 1), reducing overall MTBF on design which
strictly theoretically increases it.
I have to admit I've always suspect that MTBWTF would be a
On Tue, 05 Mar 2013 21:55:14 +0400, Mukom Akong T. said:
I've found myself thinking about what ground an engineer needs to cover in
order to convince the executives to approve and commit to an IPv6
Deployment project.
You forgot step 0 - figuring out why in 2013, you're talking to an
On Wed, 20 Mar 2013 15:16:57 -0500, Owen DeLong said:
On Mar 20, 2013, at 9:55 AM, Seth Mattinen se...@rollernet.us wrote:
Based on the average clue of your average residential subscriber (anyone
here need not apply) I'd say that's a good thing.
If BGP were plug-and-play automated with
On Sat, 23 Mar 2013 11:28:07 -0700, Owen DeLong said:
A reliable cost-effective means for FTL signaling is a hard problem without
a known solution.
Agreed.
An idiot-proof simple BGP configuration is a well known solution. Automating
it would be relatively simple if there were the will to do
On Mon, 25 Mar 2013 10:22:08 -0400, Jared Mauch said:
Some basic stats:
27 million resolvers existed as of this dataset collection
only 2.1 million of them were closed.
We have a lot to do to close the hosts, please do what you can to help.
What's the current BCP on how to deal with mobile
On Mon, 25 Mar 2013 15:38:01 -, Nick Hilliard said:
On 25/03/2013 14:33, Mikael Abrahamsson wrote:
I would like to be able to request an IP list of open resolvers in my ASN,
perhaps sent to the contact details in RIPE whois database to make sure I'm
not falsely representing that ASN.
On Mon, 25 Mar 2013 23:19:31 -0400, Christopher Morrow said:
Some of us have both publicly-facing authoritative DNS, and inward
facing recursive servers that may be open resolvers but can't be
found via NS entries (so the IP addresses of those aren't exactly
publicly available info).
On Tue, 26 Mar 2013 08:13:49 -, Nick Hilliard said:
Then wait for a while while it churns through the ~224*2^24 packets it
needs to scan the entire ipv4 internet. Of course, you could write your
own code, but that would take at least 1/2 an hour.
Then you have every open resolver on the
On Tue, 26 Mar 2013 10:51:45 -0400, Jay Ashworth said:
Do we need to define a flag day, say one year hence, and start making the
sales pitch to our Corporate Overlords that we need to apply the IDP to
edge connections which cannot prove they've implemented BCP38 (or at very
least, the source
On Tue, 26 Mar 2013 07:43:15 -0700, Tom Paseka said:
On Tue, Mar 26, 2013 at 7:38 AM, Jay Ashworth j...@baylink.com wrote:
Sure. But OpenDNS, Google, and the other providers of recursive servers
for edge cases can't do that anymore?
Of cos they can. But they take the security of their
On Tue, 26 Mar 2013 12:59:25 -0400, Harry Hoffman said:
https://developers.google.com/speed/public-dns/docs/security
Thanks :)
pgpAXDRcrd5O4.pgp
Description: PGP signature
On Tue, 26 Mar 2013 13:09:53 -0400, Joe Abley said:
What mobile devices do you support that don't acquire a suitable local DNS
resolver using DHCP or PPP?
Pretty much all devices are *able* to acquire a DNS resolver via DHCP.
Honest question. I presume you wouldn't bring it up if it wasn't
On Wed, 27 Mar 2013 12:01:25 +1100, Mark Andrews said:
If you are with a ISP that does not practice BCP 38 are you willing
to risk your neck that you won't be subject to a aiding and abetting
charge? All of us here know that spoofing address like this is a
criminal activity.
So what you're
On Tue, 26 Mar 2013 19:13:43 -0700, Jared Mauch said:
If you give the same answer 15x to the same person in a few seconds one can
possibly infer they aren't a caching resolver or are broken. Either way you
can
think about ignoring them for a few with dampening or similar.
So what you're
On Wed, 27 Mar 2013 10:51:35 -0500, Jack Bates said:
They are not, and I can think of quite a few people who would stare
blankly at you for making such a statement. Of course, I can think of
plenty of people who we'd like to see implementing BCP38 concepts that
would need you to define
On Wed, 27 Mar 2013 14:19:05 -0700, Paul Ferguson said:
And there may even be some stick approaches to accompany the carrot,
but some awareness is going to have to happen.
Sing it from the mountain tops.
http://www.sans.org/dosstep/roadmap.php
Note the date. Note the list of
On Wed, 27 Mar 2013 16:59:16 -0500, Jack Bates said:
On 3/27/2013 4:49 PM, Tony Finch wrote:
Jack Bates jba...@brightok.net wrote:
3) BCP38 (in spirit)
That should be deployed as well as RRL.
Tony.
If BCP38 was properly deployed, what would be the purpose of RRL outside
of
So we all have heard the breathless news reports of how the recent
urinating contest between Spamhaus and a butthurt ISP was the biggest
in history.
Where would you guys put it, if measured as percent of total worldwide
available Internet bandwidth/resources? My gut feeling is that by that
On Thu, 28 Mar 2013 17:16:48 -, bmann...@vacation.karoshi.com said:
is there a clear understanding of the edge in the network operations
community? in a simpler world, it was not that difficult, but interconnect
has blossomed and grown all sorts of noodly appendages/extentions. I fear
On Thu, 28 Mar 2013 14:16:58 -0400, Jared Mauch said:
I wanted to share PER-ASN data for those that are interested in this
generally. If you are a contact for these ASNs, you can e-mail me from your
corporate address to get access to the list.
Thank you for many of you that have secured
On Thu, 28 Mar 2013 15:05:57 -0400, Jay Ashworth said:
- Original Message -
From: Valdis Kletnieks valdis.kletni...@vt.edu
For 5 9's worth of eyeball networks hanging off consumer-grade ADSL and
cable
connections, it's still the edge and still trivially filterable. If that's
On Sat, 30 Mar 2013 14:57:53 -0700, Matthew Petach said:
I am *sooo* reminded of
http://xkcd.com/1133/
and
http://youwillnotgotospacetoday.tumblr.com/
'Your internet is having a bad day, and
your packets will not be going to their destination'
I heard the failure of a server to boot
On Sun, 31 Mar 2013 16:09:35 -0500, Jimmy Hess said:
On 3/29/13, Scott Noel-Hemming frogstar...@gmail.com wrote:
Some of us have both publicly-facing authoritative DNS, and inward
facing recursive servers that may be open resolvers but can't be
found via NS entries (so the IP addresses of
On Mon, 01 Apr 2013 09:34:31 -0400, Alain Hebert said:
I'm sad to confirm that my spoof test was successful with a:
. SageMCom modem+router, which is used by a big TelCo around my
part, for both their residential and commercial ADSL2+, VDSL customers.
You might want to check more
On Mon, 01 Apr 2013 14:19:16 -0400, Jay Ashworth said:
So, how would Patrick's caveat affect me, whose recursive resolver *is
on my Linux laptop*? Would not that recursor be making queries he
advocates blocking?
You're sending queries, not replies. That's why DPI is needed to do the
On Mon, 01 Apr 2013 19:40:03 +0100, Tony Finch said:
You should be able to get a reasonable sample of IPv6 resolvers from the query
logs of a popular authoritative server.
Hopefully, said logs are not easily accessible to the miscreants.
(I still expect the most feasible method for the
On Tue, 02 Apr 2013 19:00:35 -0400, Mike. said:
Oddly, prehaps, those punchcards on the stagecoaches probably will
outlast any magnetic media we have at our disposal today
Here's a picture of an estimated 4.3G of data on punch cards:
On Wed, 03 Apr 2013 14:07:48 -0700, Mike said:
These speedtests are pure unscientific bs and I'd love to see them
called out on the carpet for it.
As far as I know, it's possible for the end-to-end reported values to be
lower than your immediate upstream due to issues further upstream.
But if
On Thu, 04 Apr 2013 06:18:34 +0200, Mikael Abrahamsson said:
I have pitched the idea in the IETF to have TCP stacks themselves report
IP performance indicators (aggregate) and that a standard for this to be
standardised. No takers so far.
RFC4989 TCP Extended Statistics MIB. M. Mathis, J.
On Thu, 04 Apr 2013 17:29:40 +0200, Mikael Abrahamsson said:
On Thu, 4 Apr 2013, valdis.kletni...@vt.edu wrote:
RFC4989 TCP Extended Statistics MIB. M. Mathis, J. Heffner, R.
Raghunarayan. May 2007. (Format: TXT=153768 bytes) (Status: PROPOSED
STANDARD)
Looks like a taker to
On Sat, 06 Apr 2013 10:38:06 -0400, shawn wilson said:
What would break if u dropped all ICMP packets with redirects on public
facing boxes?
Presumably nothing, as long as you guaranteed that your IP address, netmask,
and routes actually match the reality of your network configuration. In
On Sun, 07 Apr 2013 01:40:09 -0400, Christopher Morrow said:
I wonder how much more painful just upgrading the dsl plant to support v6
would be vs deploying the cgn equipment and funneling users through that :(
The answer depends on whether the person making the decision thinks they'll
have
On Sun, 07 Apr 2013 13:54:04 +0300, Alex said:
Well if the RFCs would just be set in stone already like Moses's 10
commandments
and if the programmers would actually start writing code for v6
and if the web site hosting servers would at least have dual stack
enabled on them
it would be
On Sun, 07 Apr 2013 12:25:30 -0700, Owen DeLong said:
Presumably nothing, as long as you guaranteed that your IP address, netmask,
and routes actually match the reality of your network configuration.
They also cover the case where there are two (or more) routers on the
network and you
I didn't see any mention of this Tony Hain paper:
http://tndh.net/~tony/ietf/ARIN-runout-projection.pdf
tl;dr: ARIN predicted to run out of IP space to allocate in August this year.
Are you ready?
pgpUxW4V78URP.pgp
Description: PGP signature
On Tue, 23 Apr 2013 20:13:20 -0400, Chris McDonald said:
Does anyone have a creative (read - fast) way of getting from the mmr there
to 60 Hudson ?
Taxi? :)
Would help if you told us what exactly you were trying to get from
point A to point B, and in what quantities. What will work well for
On Thu, 02 May 2013 15:48:08 -0700, Constantine A. Murenin said:
On 2 May 2013 15:41, Cameron Daniel cdan...@nurve.com.au wrote:
dig -t txt o-o.myaddr.l.google.com
That's cool, but still no IPv6.
o-o.myaddr.l.google.com. 60 IN TXT 216.66.80.30
You're complaining that there's
On Thu, 02 May 2013 17:05:36 -0700, Paul Ferguson said:
In the original message, he said 23666
But 'whois as23666' points at Indonesia, not Louisiana, so I suspect
some transcription errors have crept into the process...
pgpru6LP5k5hK.pgp
Description: PGP signature
On Mon, 06 May 2013 15:27:35 -, Warren Bailey said:
Illegal or undesired?
This sort of stuff comes in two flavors: typo and intentionally done
in furtherance of criminal activities.
The fact that an AS number and matching IP range are involved tends to say it's
not a typo.
On Fri, 15 May 2009 22:20:28 EDT, David Storandt said:
- Vyatta was proposed as an alternative system, probably best
architected out of the mainstream traffic flows (no hardware
forwarding), say a BGP route reflector or GBE edge router, similar
argument to a 7200/G[1|2]. I can't say I'm
On Tue, 26 May 2009 11:03:59 PDT, gb10hkzo-na...@yahoo.co.uk said:
would be most interested to hear NANOG theories on the variety of MX
record practices out there, namely, how come there seem to be so many
ways employed to achieve the same goal ?
The trick here is that it isn't always
On Tue, 02 Jun 2009 03:29:16 -, Lee, Steven (NSG Malaysia) said:
Hi all, may I know how you guys measure the network equipment usage
effectiveness? (...) Is there any tools other there can measure this?
Step 0: Define effectiveness.
The problem is that quite often, decisions on whether to
On Tue, 02 Jun 2009 13:54:44 EDT, Martin Hannigan said:
It would also be cheaper to add an additional layer of security with
encryption vs. roving teams of gun toting manhole watchers.
Even if encrypted, you can probably do an amazing amount of traffic
analysis to tell when something is afoot.
On Wed, 15 Jul 2009 22:03:56 +0900, Randy Bush said:
The typical network architecture problem, what are the best (shortest
latency, greatest bandwidth, etc) locations to connect to the every
nation in the world? As you increase the number of locations, how do the
choices change?
And
On Thu, 23 Jul 2009 13:22:54 PDT, goe...@anime.net said:
Seems rather unwise to filter your abuse mailbox.
- The following addresses had permanent fatal errors -
ab...@btopenworld.com
(reason: 554 Message not allowed - UP Email not accepted for policy
reasons. Please
On Wed, 29 Jul 2009 22:53:39 BST, andrew.wallace said:
The hackers criticized Mitnick and Kaminsky for using insecure
blogging and hosting services to publish their sites, that allowed the
hackers to gain easy access to their data.
*yawn*. kiddies whack low-value sites, death of Internet
On Tue, 04 Aug 2009 13:32:42 EDT, Curtis Maurand said:
What does this have to do with Nanog, the guy found a critical
security bug on DNS last year.
He didn't find it. He only publicized it. the guy who wrote djbdns
fount it years ago. Powerdns was patched for the flaw a year and a
On Thu, 06 Aug 2009 11:12:23 CDT, Jorge Amodio said:
We are defending against a denial-of-service attack, and will update status
again shortly.
Could be interesting if folks @Twitter take pictures or better video about how
are they defending against the attack.
Do they wear special
On Fri, 14 Aug 2009 19:55:36 BST, Rod Beck said:
Well, the funny thing is that when I approached bandwidth buyers at some
well known publicly traded carriers, they told me that 40 gig waves
across the Atlantic were impossible.
Theoretically impossible, or just impossible on the fiber that's
On Wed, 26 Aug 2009 16:50:51 +0300, Sharef Mustafa said:
Can anyone please point me to a list of the most used MTAs (mail
servers) and their market share?
Now, did you want that in terms of number of copies installed or
amount of mail handled? There's probably zillions of little Fedora and
On Sun, 30 Aug 2009 10:59:34 +1000, Jeff Young said:
Having met more than a few people in government IT, all jokes aside,
I think they're pretty well equipped to know when and if they need to
disconnect from the Internet, even without an executive order.
Department of the Interior had *how*
On Fri, 28 Aug 2009 16:51:39 CDT, Hiers, David said:
Governments already license stock brokers, pilots, commercial drivers,
accountants, engineers, all sorts of people whose mistakes can be measured
in the loss of hundreds of lives and millions of dollars.
In many localities, hairdressers
On Mon, 31 Aug 2009 14:06:56 EDT, Sachs, Marcus Hans (Marc) said:
(d) CERTIFICATION.-Beginning 3 years after the date of enactment of
this Act, it shall be unlawful for an individual who is not certified
under the program to represent himself or herself as a cybersecurity
professional.
On Tue, 08 Sep 2009 13:43:39 EDT, John Curran said:
I'm sure there's an excellent reason why these addresses stay
blocked, but am unable to fathom what exactly that is...
If I'm a smaller shop with limited clue, there's 3 likely colloraries:
1) Even a smallish spam blast is big enough to
On Wed, 09 Sep 2009 15:13:44 EDT, Martin Hannigan said:
Not sure that this is an ARIN problem more than an operational problem since
RBL's are opt-in. An effort to identify RBL's that are behaving poorly is
probably more interesting at this point, no?
I suspect the problem isn't poor RBLs,
On Wed, 09 Sep 2009 20:30:02 PDT, Leo Vegoda said:
Putting these addresses back into use does not mean that they have to
be allocated to networks where they'll number mail servers. ARIN staff
is doubtless aware of the history of these blocks and will presumably
do their best to allocate them
On Mon, 14 Sep 2009 16:52:26 CDT, Jorge Amodio said:
In the transition from the old IANA to FrICANNstein
Well, that monitor needed cleaning anynow... ;)
pgpnWwneWCOxL.pgp
Description: PGP signature
On Tue, 15 Sep 2009 08:01:48 PDT, Shawn Somers said:
Anyone that intentionally uses address space in a manner that they
know will cause it to become contaminated should be denied on any
further address space requests.
You *do* realize that the people you're directing that paragraph at are
On Thu, 24 Sep 2009 11:20:06 EDT, Michael Holstein said:
I dunno boss, just ask the cloud .. you're the one that wanted to
compute there instead of here.
/dilbert :)
Actually, yes, there *is* a rather recent Dilbert about it.
http://www.dilbert.com/strips/comic/2009-08-30/
:)
On Tue, 29 Sep 2009 15:30:36 PDT, Owen DeLong said:
It occurs to me that in addition to the PGP key signings that tend to
happen at NANOG
meetings it might be worth having a group notary event for CAcert and/
or Thawte
notarizations.
Umm.. aren't the Thawte web-of-trust going belly-up in
On Mon, 05 Oct 2009 16:13:37 CDT, Dan White said:
a publicly routeable stateless auto configured address is no less
secure than a publicly routeable address assigned by DHCP. Security is, and
should be, handled by other means.
The problem is user tracking and privacy.
RFC4941's problem
On Mon, 05 Oct 2009 20:40:28 EDT, TJ said:
Isn't this really a security by obscurity argument?
No - security through obscurity is security measures that only seem to work
because you hope the attacker doesn't know how they are implemented. In
this case, making sure somebody else can't
On Tue, 06 Oct 2009 09:34:28 PDT, Owen DeLong said:
although that isn't the case today. However, I believe
that 90.1 is supposed to be parsed equivalent to 90.0.0.1
and 90.5.1 is supposed to be treated as 90.5.0.1, so,
32.1.13.184.241.1 should also work for the above if
you expanded todays
201 - 300 of 1617 matches
Mail list logo