On Tue, 08 Nov 2011 20:51:00 GMT, Nick Hilliard said:
> I understand what the manual says (actually, i read it). I'm just curious
> as to how this is going to work in real life. Let's say you have a router
> cold boot with a bunch of ibgp peers, a transit or two and an rpki cache
> which is loca
On Wed, 09 Nov 2011 08:00:01 CST, Joe Greco said:
> > On Wed, Nov 09, 2011 at 03:32:45PM +0300, Alex Nderitu wrote:
> > > An important feature lacking for now as far as I know is content/web
> > > filtering especially for corporates wishing to block
> > > inappropriate/time wasting content like fac
On Thu, 10 Nov 2011 09:56:51 +0100, Lasse Birnbaum Jensen said:
> I would like to know how you guys handle encypted rpc across firewalls.
You can always just set the firewall to ban RPC in general, whether or not it's
encrypted (while you're there, close off ports 137-139 and other chucklehead
stu
On Thu, 10 Nov 2011 07:39:15 EST, William Herrin said:
> Such a process creates a back-door requirement that participating
> registries race to the bottom eliminating eligibility requirements for
> address recipients.
When was the last time this industry turned down a chance to have
a race to the
On Thu, 10 Nov 2011 12:12:21 CST, -Hammer- said:
> WOW. You really are naive
I think Rich has been around long enough that he gets called a *lot* of things
(many of them non-complimentary), but this is the first time this century
anybody's called him *naive*... ;)
pgpe1XQ1ubv8i.pgp
Descript
On Fri, 11 Nov 2011 00:15:46 MST, Brett Watson said:
> Awesome, so you've solved the multi-homing issues with v6? The RA/DHCPv6
> issues? (I'll just leave it at those three).
What multi-homing issues? We've been multihomed on the IPv6 side for... ages.
And yes, there's some RA/DHCP issues - but
On Fri, 11 Nov 2011 16:04:31 GMT, Nick Hilliard said:
> another practical upshot is that switch manufacturers now need to support
> both RA Guard and DHCPv6 snooping instead of just a single protocol like we
> have in ipv4. That is, unless you're ok with the idea of arbitrary
> priority RA pack
On Sun, 13 Nov 2011 19:14:59 CST, Brett Frankenberger said:
> What if you air-gap the SCADA network of which you are in
> administrative control, and then there's a failure on it, and the people
> responsible for troubleshooting it can't do it remotely (because of the
> air gap), so the trouble co
On Mon, 14 Nov 2011 15:55:14 EST, Jay Ashworth said:
> On the other hand, since a firewall's job is to stop packets you don't want,
One of Marcus Ranum's "5 Stupidest Security Blunders" - "enumerating badness".
A firewall's job isn't to stop unwanted packets, it's to pass only wanted
packets.
>
On Mon, 14 Nov 2011 19:06:13 EST, William Herrin said:
> Using two firewalls in serial from two different vendors doubles the
> complexity. Yet it almost always improves security: fat fingers on one
> firewall rarely repeat the same way on the second and a rogue packet
> must pass both.
Fat finge
On Tue, 15 Nov 2011 10:57:32 GMT, Leigh Porter said:
> Well this is not quite true, is it.. If your firewall is not working and you
> have private space internally then you are a lot better off then if you have
> public space internally! So if your firewall is not working then having
> private
>
On Tue, 15 Nov 2011 09:56:38 EST, William Herrin said:
> A firewall's job is to prevent the success of ACTIVE attack vectors
> against your network. If your firewall successfully restricts
> attackers to passive attack vectors (drive-by downloads) and social
> engineering vectors then it has done
On Tue, 15 Nov 2011 17:16:23 GMT, Leigh Porter said:
> Quite right.. I bet all Iran's nuclear facilities have air gaps but they let
> people in with laptops and USB sticks.
And that's the point - *most* networks have so many bigger issues that the
whole "NAT makes us secure" mantra is dangerous se
On Wed, 16 Nov 2011 08:36:21 EST, Jay Ashworth said:
> - Original Message -
> > From: "Jimmy Hess"
>
> > Or, the attack is against a legitimate user's outbound connection, for
> > example:
> > a user behind the firewall connects to a web site, a vulnerability
> > in their browser is expl
On Thu, 17 Nov 2011 12:59:38 EST, "Betty Burke " said:
> So Sorry Owen, as explained earlier, my mistake in list management! All
> resolved and those members added to the wrong list have been removed.
It's OK.. Everybody's entitled to at least one low-caffeine low-impact faux pax
a year. ;)
pg
On Thu, 17 Nov 2011 13:55:46 EST, Keegan Holley said:
> I suppose I can't argue with that, but anyone technical enough to know
> what an AS is should know better. Also, would it really count? What if I
> opened a small ISP in some carrier hotel and paid 1000 bucks for AS 1. I'm
> not sure I'd wa
On Sun, 20 Nov 2011 21:40:08 EST, Tyler Haske said:
> I'm looking for a mentor who can help me focus my career so eventually I
> wind up working at one of the Tier I ISPs as a senior tech. I want to
> handle the big pipes that hold everyone's data.
OK, so I'm not a mentor from a Tier-1, and I don
On Tue, 22 Nov 2011 07:11:43 +0200, Jussi Peltola said:
> Anybody who has seen what kind of bizarre malfunctions failed
> electrolytics cause in consumer electronics will probably not feel very
> comfortable trusting traffic lights whose safety relies on software that
> is proven correct.
Beware
On Mon, 21 Nov 2011 14:24:48 PST, "andrew.wallace" said:
> If NSA had no signals information prior to the attack, this should be a wake
> up call for the industry.
Actually, it should be a wake up call whether or not NSA had signals
information. However, it's pretty obvious that the entire SCADA
On Tue, 22 Nov 2011 08:19:25 PST, Owen DeLong said:
> On Nov 22, 2011, at 7:38 AM, Joel Maslak wrote:
> > Exactly. ISPs are in business to make as much money as they can - go
> > figure.
>
> How do you make more money by refusing to meet customer requests?
>
> I could understand how it MIGHT make
On Tue, 22 Nov 2011 10:43:35 PST, Owen DeLong said:
> > Not sure why you'd blame Microsoft. HTTP{,S} is increasingly looking to be
> > the real IPng.
> Perhaps because they have done more than any other vendor to enable/encourage
> this trend?
Actually, I'd nominate the creator of the PIX fire
On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said:
> > http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html
> And "In addition, DHS and FBI have concluded that there was no malicious
> traffic from Russia or any foreign entities, as
> previously reported."
It's i
On Wed, 23 Nov 2011 11:14:34 EST, Bryan Fields said:
> So really all a hacker needs is a pair of dykes, some electrical tape, and an
> all black jumpsuit.
Actually, you want a really dark blue jumpsuit. All-black creates a sillouette
in
all but the very darkest conditions.
pgprHPVYAjpnH.pgp
De
On Sat, 26 Nov 2011 10:28:03 PST, Jeff Richmond said:
> Of course, once you get to the point of being in the industry for a long
> time like most of us here, you'll look back and say what the heck was I
> thinking, I should have been an accountant. Heh :)
It's the rare accountant indeed that gets
On Sat, 26 Nov 2011 17:38:55 EST, Jared Mauch said:
> > I suggest new secrecy legislation, for fusion centres.
> It already exists :)
> People may be subject to prosecution for leaking this to the public.
> It's that simple. Problem is it can't be undone, so it's not an
> interesting case in s
On Mon, 28 Nov 2011 13:25:21 EST, Ray Soucy said:
> Even companies like Vyatta have invested time in a Web UI rather than
> expanding the core functionality offered (multicast routing support, for
> example), which doesn't seem like the best idea.
Compare the number of customers that insist on a
On Tue, 29 Nov 2011 00:15:02 EST, Jeff Wheeler said:
> Owen and I have discussed this in great detail off-list. Nearly every
> time this topic comes up, he posts in public that neighbor table
> exhaustion is a non-issue. I thought I'd mention that his plan for
> handling neighbor table attacks a
On Tue, 29 Nov 2011 03:23:04 EST, Jeff Wheeler said:
> On Tue, Nov 29, 2011 at 1:43 AM, wrote:
> > It's worked for us since 1997. We've had bigger problems with IPv4 worms
>
> That's not a reason to deny that the problem exists. It's even
> fixable. I'd prefer that vendors fixed it *before* the
On Wed, 30 Nov 2011 10:24:21 PST, "andrew.wallace" said:
> Before we see knee-jerk conclusions about who to blame, these attacks could
> be carried out by anyone. Is country even relevant in the cyberscape?
Reading comprehension, Andrew. Leland never said the Chinese were behind it,
he never even
On Wed, 30 Nov 2011 19:19:51 EST, Ray Soucy said:
> There is a lot of talk about "buggy" systems that are unable to handle
> prefixes longer than 64; but I've yet to encounter one. I imagine if
> I did it would be treated as a bug and fixed.
What year did Cisco first release IOS?
What year did
On Fri, 02 Dec 2011 05:20:39 GMT, John Curran said:
> ARIN holds that IP address space is not property but is managed as a
> public resource. Address holders may have certain rights (such as the
> right to be the registrant of the address block, the right to transfer the
> registration, etc.) but
On Fri, 02 Dec 2011 12:37:29 MST, joshua sahala said:
> the speculative market exists and is growing, why do certain factions
> of the community keep trying to pretend that it doesn't?
I'm sure at least some of those factions pretend it doesn't because admitting
it does would be a game changer. I
On Sat, 03 Dec 2011 11:40:54 EST, Jay Ashworth said:
> "Private IRC server".
Amen to that.
I've decided that our private Jabber server has resulted in an order of
magnitude improvement in dealing with "quick question for ya" requests, as you
can cut/paste to/from as needed (it's still kinda hard
On Mon, 05 Dec 2011 22:14:48 PST, "andrew.wallace" said:
> Using fruitful language and acting like a child isn't going to see you taken
> seriously.
No, he *does* want fruitful language - one that produces results. I think you
meant
some other word instead.
As far as "acting like a child", I'm
On Tue, 06 Dec 2011 10:30:20 PST, "andrew.wallace" said:
> It could be argued that Nmap is malware, and such software has already been
> called to be made illegal.
Called by whom, other than yourself?
pgpXRyBlKEIYx.pgp
Description: PGP signature
On Tue, 06 Dec 2011 14:18:52 EST, Jeff Wheeler said:
> I've spent enough time writing code to deal with SNMP (our own stack,
> not using Net-SNMP or friends) to have a more in-depth understanding
> of SNMP's pitfalls than most people. It is TERRIBLE and should be
> totally gutted and replaced wit
On Tue, 04 Dec 2012 17:32:01 +, Brian Johnson said:
> This is a misleading statement. ISP's (Common carriers) do not provide a
> knowingly
> illegal offering, ... TOR exit/entrance nodes provide only the former.
This is also a misleading statement. Explain the difference between
a consumer
On Wed, 05 Dec 2012 19:48:31 +, Warren Bailey said:
> Since when is heavy encryption cool in China? Export restrictions smoke all
> of the decent crypto options.
OK, I'll bite.. What crypto options are getting stuck due to export
restrictions (as opposed to import restrictions on the other end
On Sat, 08 Dec 2012 10:34:07 +1100, Carl Gough said:
> Looking for a sales engineer
I doubt NANOG is the place for you to find sales engineers to work for a
company where the CEO is clueless enough to do all of the following in 1 email:
1) Reply to a digest, and not fix the Subject:
2) Not clean
On Sun, 16 Dec 2012 23:48:13 +0100, Iljitsch van Beijnum said:
> Looking for 32-bit AS numbers, I get some strange results from
> routeviews:
> Unless I missed something, AS 23456 is supposed to show up as a stand-in
> for 32-bit ASNs on 16-bit BGP implementations, not in _addition_ to
> 32-bit AS
On Mon, 17 Dec 2012 16:28:28 -0500, Peter Kristolaitis said:
> Now, having said all that... I'm not sure I'd want to pay the
> electricity bill for keeping that degausser running... :p
An EMP device doesn't have to chew power all the time...
And of course, there's this: http://www.youtube.com/wa
On Sat, 22 Dec 2012 18:07:16 -0700, Wayne E Bouchard said:
> They serve quite well until I get to a switch that some douchebag
> mounted rear facing on the front posts of the rack with servers above
> and below and I just stand there cursing for a while as I scratch my
> head trying to figure out
On Sun, 30 Dec 2012 19:25:04 -0600, Jimmy Hess said:
> I would say those claiming certificates from a public CA provide no
> assurance of authentication of server identity greater than that of a
> self-signed one would have the burden of proof to show that it is no
> less likely for an attempted f
On Wed, 02 Jan 2013 12:10:55 -0800, George Herbert said:
> Google is setting a higher bar here, which may be sufficient to deter
> a lot of bots and script kiddies for the next few years, but it's not
> enough against nation-state or serious professional level attacks.
To be fair though - if I wa
On Wed, 02 Jan 2013 19:59:35 -0800, Damian Menscher said:
> Aurora compromised at least 20 other companies, failed at its assumed
> objective of seeing user data, and Google was the only organization to
> notice, let alone have the guts to expose the attack [0]. And you're going
> to hold that aga
On Wed, 02 Jan 2013 21:14:31 -0800, Damian Menscher said:
> We're off-topic, but that decision needs to be weighed against the
> alternatives. If your alternative is running your own mailserver at home,
> then your risks are:
Let's face it - if a nation-state has you in the crosshairs, digital
o
On Tue, 15 Jan 2013 14:52:24 -0500, Joe Maimon said:
> I only ever say class-c sized. And only when trying to communicate with
> the slash-whats.
Your mistake there is trying to communicate with people who have been in
networking long enough to understand "class-c", but *still* haven't educated
t
On Thu, 17 Jan 2013 18:21:28 -0500, William Herrin said:
> Then it's a firewall that mildly enhances protection by obstructing
> 90% of the port scanning attacks which happen against your computer.
> It's a free country so you're welcome to believe that the presence or
> absence of NAT has no impa
On Fri, 18 Jan 2013 09:03:31 -0500, William Herrin said:
> On the technical side, enterprises have been doing large-scale NAT for
> more than a decade now without any doomsday consequences. CGN is not
> different.
Corporate enterprises have been pushing GPO to the desktop for more
than a decade a
On Sat, 19 Jan 2013 06:26:53 +, Mike Jones said:
> Potentially another source of IPv4 addresses - every content network
> (/hosting provider/etc) that decides they don't want to give their
> customers IPv6 reachability is a future bankrupt ISP with a load of
> IPv4 to sell off :)
The problem
On Mon, 21 Jan 2013 09:17:48 +, Carlos Alcantar said:
> I would agree here cross connects. We pay 15x more in cross connects per
> month then we do in just the space/power. We actually pulled out of a
> colo once our contract came to terms with one of the large colo providers
> because of th
On Mon, 21 Jan 2013 23:23:16 -0500, Jean-Francois Mezei said:
> This article may be of interest:
>
> > http://arstechnica.com/security/2013/01/canadian-student-expelled-for-playing-security-white-hat/
>
> Basically, a Montreal student, developping mobile software to interface
> with schools system
On Sat, 26 Jan 2013 10:26:43 +0100, Pavel Dimow said:
> Hi,
>
> I have read many of those ipv6 documents and they are great but I
> still luck to find something like "real word" scenario.
I wish I had taken notes when we actually did this last century.
pgpeb2r7wChr6.pgp
Description: PGP signatur
On Tue, 29 Jan 2013 01:20:25 -0500, Rob McEwen said:
> The market will eventually sort this out... and in many cases already
> has! Meanwhile, Amtrack and the Post Office show no signs of ever making
> it without their MASSIVE taxpayer subsidies.
I can't speak to Amtrack, but a large part of the
On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said:
> boys and girls, all the cyber-capable countries are cyber-culpable. you
> can bet that they are all snooping and attacking eachother, the united
> states no less than the rest. news at eleven.
The scary part is that so many things got hacked
On Thu, 14 Feb 2013 13:18:24 -0800, Owen DeLong said:
> On Feb 14, 2013, at 12:58 , Karl Auer wrote:
> > On Thu, 2013-02-14 at 08:08 -0500, Jared Mauch wrote:
> >> I recommend keeping your network as congruent between IPv4 and IPv6 as
> >> possible, with dual-stack.
> > Why?
> For one thing, doin
On Fri, 22 Feb 2013 06:11:21 +0530, Suresh Ramasubramanian said:
> And so their bush league by itself was responsible for all the penetrations
> that mandiant says they did? Which shows that they don't have to be
> particularly smart, just a bit smarter than their average spear phish or
> other at
On Mon, 25 Feb 2013 13:05:48 -0500, Joly MacFie said:
> Who said it's a law?
If it was in fact a law, it would be a lot easier for the victims to
fight back in a court of law.
pgpYuNrgemCzm.pgp
Description: PGP signature
On Mon, 25 Feb 2013 20:07:43 +, "Livingood, Jason" said:
> Other than a few IP mix ups years ago, is this still really an issue? It
> seems ISPs have pretty reliable IP lease histories for many years to
> support LEA requests and other needs...
The fact that the ISP has a good record of what
On Mon, 25 Feb 2013 13:53:13 +0530, Glen Kent said:
> Yahoo, Google, etc applications are running on one server and each
> application could be theoretically associated with a unique VXLAN tag. This
> way service providers will be able to provide QoS per application
QoS is, when you get down to it
On Mon, 25 Feb 2013 19:07:20 -0600, Jimmy Hess said:
> If the domain in a certificate were not interpreted as a FQDN by the
> client, this would mean, that the certificate for
> CN=bigbank.example.com
> might be used to authenticate a connection to https://bigbank.example.com
> which do the l
On Tue, 26 Feb 2013 17:45:18 -0800, Jeroen van Aart said:
> Correct, one should not have expectations of fast reliable internet with
> low latency in a hotel.
The part that always puzzled me is why a major high-tier chain like Hilton
can't get it right, but a Motel 6 can... :)
pgp_nmdk5jzCn.pgp
On Sun, 03 Mar 2013 00:24:07 +, Mike Jones said:
> Inline Reply
>
> On 2 March 2013 21:58, Constantine A. Murenin wrote:
> > Dear NANOG@,
Have we *really* sunk so low that inline replies need to be flagged as
such, because people *expect* top-posting and if they don't see it they
assume it's
On Mon, 04 Mar 2013 20:40:58 +0200, Saku Ytti said:
> Most people design only against 3), often with design which actually
> increases likelihood of 2) and 1), reducing overall MTBF on design which
> strictly theoretically increases it.
I have to admit I've always suspect that MTBWTF would be a m
On Tue, 05 Mar 2013 21:55:14 +0400, "Mukom Akong T." said:
> I've found myself thinking about what ground an engineer needs to cover in
> order to convince the executives to approve and commit to an IPv6
> Deployment project.
You forgot step 0 - figuring out why in 2013, you're talking to an exec
On Sun, 10 Mar 2013 12:18:07 +0300, Aaron Glenn said:
> Very grateful for any cluebats you are able to spare on this
> (marginally off) topic.
Haven't seen it mentioned yet, so
I have found that at my age, if you're trying to read the tiny print on a
circuit label on Cat5 in the back of a se
On Tue, 12 Mar 2013 09:25:29 -0400, Joe Abley said:
> Imagine you have a number of GE and 10GE interfaces spread across multiple
> MX-class Juniper routers, and for each interface you want to maintain an
> accurate count of bytes sent, categorised by destination address.
An important question tha
On Thu, 14 Mar 2013 19:56:51 -0400, Miles Fidelman said:
> I think that's six words - twice as scary. I dunno how to fix it either
> ("when in trouble, when in doubt, run in circles, scream and shout?")
I don't think script kiddies with gene sequencers will manage to kill us
with Ebola, for the
On Fri, 15 Mar 2013 11:02:29 +0100, you said:
> The DIYbio community is perfectly harmless so far. The feds are
> already breathing down their necks, so there's no really no point
> in adding gratuitious gasoline to the fire.
"The Feds" have jurisdiction in Yemen, North Korea, Iran, and other pla
On Wed, 20 Mar 2013 15:16:57 -0500, Owen DeLong said:
> On Mar 20, 2013, at 9:55 AM, Seth Mattinen wrote:
> > Based on the average clue of your average residential subscriber (anyone
> > here need not apply) I'd say that's a good thing.
> If BGP were plug-and-play automated with settings specifie
On Sat, 23 Mar 2013 11:28:07 -0700, Owen DeLong said:
> A reliable cost-effective means for FTL signaling is a hard problem without
> a known solution.
Agreed.
> An idiot-proof simple BGP configuration is a well known solution. Automating
> it would be relatively simple if there were the will to
On Mon, 25 Mar 2013 10:22:08 -0400, Jared Mauch said:
> Some basic stats:
>
> 27 million resolvers existed as of this dataset collection
>
> only 2.1 million of them were "closed".
>
> We have a lot to do to close the hosts, please do what you can to help.
What's the current BCP on how to deal wit
On Mon, 25 Mar 2013 15:38:01 -, Nick Hilliard said:
> On 25/03/2013 14:33, Mikael Abrahamsson wrote:
> > I would like to be able to request an IP list of open resolvers in my ASN,
> > perhaps sent to the contact details in RIPE whois database to make sure I'm
> > not falsely representing that A
On Mon, 25 Mar 2013 23:19:31 -0400, Christopher Morrow said:
> > Some of us have both publicly-facing authoritative DNS, and inward
> > facing recursive servers that may be open resolvers but can't be
> > found via NS entries (so the IP addresses of those aren't exactly
> > publicly available info
On Tue, 26 Mar 2013 08:13:49 -, Nick Hilliard said:
> Then wait for a while while it churns through the ~224*2^24 packets it
> needs to scan the entire ipv4 internet. Of course, you could write your
> own code, but that would take at least 1/2 an hour.
> Then you have every open resolver on
On Tue, 26 Mar 2013 10:51:45 -0400, Jay Ashworth said:
> Do we need to define a flag day, say one year hence, and start making the
> sales pitch to our Corporate Overlords that we need to apply the IDP to
> edge connections which cannot prove they've implemented BCP38 (or at very
> least, the sour
On Tue, 26 Mar 2013 07:43:15 -0700, Tom Paseka said:
> On Tue, Mar 26, 2013 at 7:38 AM, Jay Ashworth wrote:
> > Sure. But OpenDNS, Google, and the other providers of recursive servers
> > for edge cases can't do that anymore?
> Of cos they can. But they take the security of their open recursive
On Tue, 26 Mar 2013 12:59:25 -0400, Harry Hoffman said:
> https://developers.google.com/speed/public-dns/docs/security
Thanks :)
pgpAXDRcrd5O4.pgp
Description: PGP signature
On Tue, 26 Mar 2013 13:09:53 -0400, Joe Abley said:
> What mobile devices do you support that don't acquire a suitable local DNS
> resolver using DHCP or PPP?
Pretty much all devices are *able* to acquire a DNS resolver via DHCP.
> Honest question. I presume you wouldn't bring it up if it wasn
On Wed, 27 Mar 2013 12:01:25 +1100, Mark Andrews said:
>
> If you are with a ISP that does not practice BCP 38 are you willing
> to risk your neck that you won't be subject to a "aiding and abetting"
> charge? All of us here know that spoofing address like this is a
> criminal activity.
So what y
On Tue, 26 Mar 2013 19:13:43 -0700, Jared Mauch said:
> If you give the same answer 15x to the same person in a few seconds one can
> possibly infer they aren't a caching resolver or are broken. Either way you
> can
> think about ignoring them for a few with dampening or similar.
So what you're s
On Wed, 27 Mar 2013 10:51:35 -0500, Jack Bates said:
> They are not, and I can think of quite a few people who would stare
> blankly at you for making such a statement. Of course, I can think of
> plenty of people who we'd like to see implementing BCP38 concepts that
> would need you to define ing
On Wed, 27 Mar 2013 14:19:05 -0700, Paul Ferguson said:
> And there may even be some stick approaches to accompany the carrot,
> but some awareness is going to have to happen.
>
> Sing it from the mountain tops.
http://www.sans.org/dosstep/roadmap.php
Note the date. Note the list of recommendat
On Wed, 27 Mar 2013 16:59:16 -0500, Jack Bates said:
> On 3/27/2013 4:49 PM, Tony Finch wrote:
> > Jack Bates wrote:
> >
> >> 3) BCP38 (in spirit)
> > That should be deployed as well as RRL.
> >
> > Tony.
>
> If BCP38 was properly deployed, what would be the purpose of RRL outside
> of misbehaving
So we all have heard the breathless news reports of how the recent
urinating contest between Spamhaus and a butthurt ISP was the "biggest
in history".
Where would you guys put it, if measured as "percent of total worldwide
available Internet bandwidth/resources"? My gut feeling is that by that
me
On Thu, 28 Mar 2013 17:16:48 -, bmann...@vacation.karoshi.com said:
>
> is there a clear understanding of "the edge" in the network operations
> community? in a simpler world, it was not that difficult, but interconnect
> has blossomed and grown all sorts of noodly appendages/extentions. I f
On Thu, 28 Mar 2013 14:16:58 -0400, Jared Mauch said:
>
> I wanted to share PER-ASN data for those that are interested in this
> generally. If you are a contact for these ASNs, you can e-mail me from your
> corporate address to get access to the list.
>
> Thank you for many of you that have secu
On Thu, 28 Mar 2013 15:05:57 -0400, Jay Ashworth said:
> - Original Message -
> > From: "Valdis Kletnieks"
> > For 5 9's worth of eyeball networks hanging off consumer-grade ADSL and
> > cable
> > connections, it's still the edge and stil
On Sat, 30 Mar 2013 14:57:53 -0700, Matthew Petach said:
> I am *sooo* reminded of
> http://xkcd.com/1133/
> and
> http://youwillnotgotospacetoday.tumblr.com/
>
> 'Your internet is having a bad day, and
> your packets will not be going to their destination'
I heard the failure of a server to boot
On Sun, 31 Mar 2013 16:09:35 -0500, Jimmy Hess said:
> On 3/29/13, Scott Noel-Hemming wrote:
> >> Some of us have both publicly-facing authoritative DNS, and inward
> >> facing recursive servers that may be open resolvers but can't be
> >> found via NS entries (so the IP addresses of those aren't
On Mon, 01 Apr 2013 09:34:31 -0400, Alain Hebert said:
> I'm sad to confirm that my spoof test was successful with a:
>
> . SageMCom modem+router, which is used by a big TelCo around my
> part, for both their residential and commercial ADSL2+, VDSL customers.
You might want to check m
On Mon, 01 Apr 2013 14:19:16 -0400, Jay Ashworth said:
> So, how would Patrick's caveat affect me, whose recursive resolver *is
> on my Linux laptop*? Would not that recursor be making queries he
> advocates blocking?
You're sending queries, not replies. That's why DPI is needed to do the
block
On Mon, 01 Apr 2013 19:40:03 +0100, Tony Finch said:
> You should be able to get a reasonable sample of IPv6 resolvers from the query
> logs of a popular authoritative server.
Hopefully, said logs are not easily accessible to the miscreants.
(I still expect the most feasible method for the miscr
On Tue, 02 Apr 2013 19:00:35 -0400, "Mike." said:
> Oddly, prehaps, those punchcards on the stagecoaches probably will
> outlast any magnetic media we have at our disposal today
Here's a picture of an estimated 4.3G of data on punch cards:
http://en.wikipedia.org/wiki/File:IBM_card_storage.N
On Wed, 03 Apr 2013 14:07:48 -0700, Mike said:
> These speedtests are pure unscientific bs and I'd love to see them
> called out on the carpet for it.
As far as I know, it's possible for the end-to-end reported values to be
lower than your immediate upstream due to issues further upstream.
But i
On Thu, 04 Apr 2013 06:18:34 +0200, Mikael Abrahamsson said:
> I have pitched the idea in the IETF to have TCP stacks themselves report
> IP performance indicators (aggregate) and that a standard for this to be
> standardised. No takers so far.
RFC4989 TCP Extended Statistics MIB. M. Mathis, J. H
On Thu, 04 Apr 2013 17:29:40 +0200, Mikael Abrahamsson said:
> On Thu, 4 Apr 2013, valdis.kletni...@vt.edu wrote:
>
> > RFC4989 TCP Extended Statistics MIB. M. Mathis, J. Heffner, R.
> > Raghunarayan. May 2007. (Format: TXT=153768 bytes) (Status: PROPOSED
> > STANDARD)
> >
> > Looks like a
On Sat, 06 Apr 2013 10:38:06 -0400, shawn wilson said:
> What would break if u dropped all ICMP packets with redirects on public
> facing boxes?
Presumably nothing, as long as you guaranteed that your IP address, netmask,
and routes actually match the reality of your network configuration. In th
On Sun, 07 Apr 2013 01:40:09 -0400, Christopher Morrow said:
> I wonder how much more painful just upgrading the dsl plant to support v6
> would be vs deploying the cgn equipment and funneling users through that :(
The answer depends on whether the person making the decision thinks they'll
have l
On Sun, 07 Apr 2013 13:54:04 +0300, Alex said:
> Well if the RFCs would just be set in stone already like Moses's 10
> commandments
> and if the programmers would actually start writing code for v6
> and if the web site hosting servers would at least have dual stack
> enabled on them
> it would be
501 - 600 of 1688 matches
Mail list logo