Re: Looking for Yahoo eMail contact
On 1/12/16, 7:04 PM, "NANOG on behalf of Larry Sheldon" wrote: >I told her it meant "All Fouled Up", where upon she picked up another >stack, also mine, marked "NFG". At $DAYJOB we often ship audio/video equipment via air counter to counter for same-day delivery. On Southwest those deliveries are coded "Next Flight Guaranteed" and stickered NFG. Occasionally a client will see a highly expensive piece of gear arrive with an NFG sticker on the case and come unglued asking why he paid tens of thousands of dollars if we're sending him gear that is "No F*ing Good." Hilarity ensues -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com
Re: rDNS delegation process question
On 8/18/15, 3:53 PM, "Jake Mertel" wrote: >Someone needs to update the delegation at ARIN since they are the >authoritative root for 69/8. >http://whois.arin.net/rest/rdns/223.26.69.in-addr.arpa shows that the >current nameservers are OAK.FOREST.NET <http://OAK.FOREST.NET> and >WILLOW.FOREST.NET <http://WILLOW.FOREST.NET>. If I recall correctly, the >ARIN Online interface allows the registered administrative and technical >POC to make these adjustments directly from the interface. As it stands >right now, it would appear that whomever has access to >net...@alfordmedia.com,. n...@airband.com, or an associated POC would need >to use the appropriate ARIN template or interface to make the change. That definitely gets me pointed in the right direction. Tasty $BEVERAGE, I owe you a few... -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com
rDNS delegation process question
At $DAYJOB we have a /24 of PA space that we were allocated by Airband, and when the account was set up they delegated authoritative reverse DNS to our DNS hosting provider. This is 69.26.223.0/24, in ARIN address space. Now, almost a decade later Airband has been acquired by somebody or other who was in turn acquired by GTT.net; we're trying to move our rDNS to Route53 and nobody at GTT.net seems to know how they would go about changing that rDNS delegation. My involvement with the process back in the day was limited to "provide Airband with the name servers we would like to be authoritative for the reverse DNS and wait about 12 hours for them to handle the ticket." Now I'm trying to help my GTT contact get pointed in the right direction, and any assistance would be appreciated. -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com
Re: Quakecon: Network Operations Center tour
>>any security protections so competitors can't kill off their >> competition?) > >It would be interesting to learn whether they saw any DDoS attacks or >cheating attempts during competitive play, or even casual >non-competitive play amongst attendees. I wonder if that would be a reason for the relatively anemic 1Gb Internet pipe-- making sure that a DDoS couldn't push enough packets through to inconvenience the LAN party. (Disclaimer: $DAYJOB did the audio/visual/lighting for QuakeCon but we had nothing to do with the network and I was utterly uninvolved in any way, so my speculation is based on no information obtained from outside my own skull.) -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com
Re: Remember "Internet-In-A-Box"?
>Internet in a box. > >Wasn't that the Japanese thing with the Woody Woodpecker logo and the >(translated) English text: "Touch Woody, the Internet pecker"? > >Didn't go over to well in English speaking parts as I recall ... But it eventually evolved into ChatRoulette. -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com
Re: dns on fios/frontier
>in the other message you make clear 'a frontier customer on the fios >infrastructure'... you do mean that, not 'a frontier customer OR a >verizon fios customer' right? Ah. Obviously, that's not how I read it. ;-) But yes, I'm a bog-standard Verizon FIOS customer with no frontier connection at all. -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com
Re: dns on fios/frontier
On 4/20/15, 1:54 AM, "Randy Bush" wrote: >[ reposted from subscribed address ] > >anyone on fios/frontier can please run a quickie and see if you can get >to http://psg.com/? Works fine from FIOS in Dallas, TX: traceroute to psg.com (147.28.0.62), 64 hops max, 52 byte packets 1 wireless_broadband_router.home (192.168.74.1) 0.955 ms 0.556 ms 0.466 ms 2 lo0-100.dllstx-vfttp-305.verizon-gni.net (108.19.21.1) 8.485 ms 6.878 ms 7.740 ms 3 t0-11-0-4.dllstx-lcr-21.verizon-gni.net (100.41.202.110) 9.509 ms 9.147 ms t0-7-4-0.dllstx-lcr-22.verizon-gni.net (130.81.218.82) 12.641 ms 4 * * * 5 0.ae2.br2.dfw13.alter.net (140.222.225.53) 11.300 ms 10.578 ms 9.156 ms 6 sl-st31-dal-.sprintlink.net (144.232.25.125) 12.739 ms 12.290 ms 12.203 ms 7 144.232.12.195 (144.232.12.195) 9.740 ms 144.232.11.207 (144.232.11.207) 13.921 ms 144.232.12.195 (144.232.12.195) 10.403 ms 8 144.232.12.138 (144.232.12.138) 27.853 ms 24.854 ms 24.937 ms 9 144.232.1.101 (144.232.1.101) 36.967 ms 35.642 ms 37.945 ms 10 144.232.10.186 (144.232.10.186) 39.913 ms 39.716 ms 39.950 ms 11 144.232.10.191 (144.232.10.191) 72.407 ms 72.032 ms 69.433 ms 12 sl-gw20-sea-11-0-0.sprintlink.net (144.232.8.60) 70.467 ms sl-gw20-sea-5-0-0.sprintlink.net (144.232.20.218) 67.034 ms 66.585 ms 13 144.232.9.62 (144.232.9.62) 69.903 ms 67.101 ms 67.374 ms 14 psg.com (147.28.0.62) 62.188 ms 64.435 ms 67.417 ms -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com
Re: Office 365 Expert - I am not. I have a customer that...
>Wonder when Cloud providers get a clue, step up and help recommend a >circuit size based on users and the services their customer buy from them. When they think that poor customer word of mouth will cost them more sales then they are currently gaining from customers who would *not* move away from on-prem if they understood all the costs including increased bandwidth? -- Dave Pooser Cat-Herder-in-Chief, Pooserville.com
Re: cannot access some popular websites from Linode, geolocation is wrong, ARIN is to blame?
>Have we *really* sunk so low that inline replies need to be flagged as >such, because people *expect* top-posting and if they don't see it they >assume it's a MUA misfire rather than an inline reply? SATSQ: Any time the question is "have we *really* sunk so low?" the answer is yes. -- Dave Pooser Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Announcing a reserved ASN?
On 2/3/13 9:04 AM, "Rich Kulawiec" wrote: >On Sun, Feb 03, 2013 at 06:12:32PM +0530, Suresh Ramasubramanian wrote: >> AS23456 is currently announcing a good few netblocks (which don't have a >> very good smtp reputation, by the way). > >To say the least. A quick rDNS scan reveals that those netblocks include: > > 8448 addresses > 6932 return nxdomain > 512 return servfail > 1004 with rDNS entries > >Those 1004 hosts with rDNS account for 36 domains: Just as another data point, the domain names you listed hit on enough URL blacklists that Spamassassin quarantined the message for me (and would have rejected it during the SMTP transaction had the NANOG server not been listed on DNSWL-High). Spam hosts plus fake ASN = paging the Spamhaus DROP maintainers to the white courtesy phone -- Dave Pooser Manager of Information Services Alford Media http://www.alfordmedia.com
Re: which one a Technical Support or Help Desk
On 3/3/12 9:57 AM, "Faisal Imtiaz" wrote: >>Especially if a human answers promptly without a horrible accent... >> >>Jeff >Like a heavy Southern Drawl ? Saah, Ah resemble that remahk! :^) I think no matter where you're located, having a tech support rep who speaks your language with an accent not too dissimilar to your own can be a huge help. I've had tech support calls go bad because of unintelligible accents when I was calling centers in India and in Ireland, but also in the US when I found the last of the Clampett clan answering phones for an ISP. (I've lived in Texas almost 16 years-- if you're so redneck that *I* can't understand you, you need a job where all your communication is in writing. Or pictures.) -- Dave Pooser Manager of Information Services Alford Media http://www.alfordmedia.com
Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)
On 2/1/12 8:43 PM, "Jimmy Hess" wrote: >Simple government regulation is of limited value, since the problem >network >may be overseas. So government regulation won't work >What the internet really needs is Tier1 and Tier2 providers participating >in the internet who "care", regardless of the popularity or size of >netblocks or issues involved. ...and all we need is for billion-dollar corporations to start putting moral rectitude ahead of profits. Well, heck, that should start happening any day now! And then FedEx will deliver my unicorn! IMO, as long as the consequences for address hijacking boil down to "a bunch of nerds will be unhappy with you," of COURSE we will continue to see more hijackings. It's profitable (for spammers and other criminals) and there is no shortage of sociopaths in this world. If there were a chance of coordinated shunning of those upstreams that tolerate hijacking then the moral rectitude/profits calculus would change, but there is no such chance. So we're left with coordinated governmental action, RPKI, or anarchy. A thought experiment: Imagine this happens in IPv6 space. Absent the element of scarcity, does it become simpler to just get more IPs for your legitimate company than to spend time fighting with the thieves and their collection of negligent or colluding upstreams? And what does that do for the Internet if more and more companies decide to just abandon their V6 space to the squatters rather than contesting it? -- DP
Re: using ULA for 'hidden' v6 devices?
On 1/25/12 10:28 AM, "Nick Hilliard" wrote: >I wish you luck selling this notion to enterprise network people, most of >who appear to believe that rfc1918 address space is a feature, not a bug. Until they've gone through an M&A where they had to connect multiple sites using overlapping RFC1918 space, of course. Then the idea of globally unique addressing, even if it's not globally routable, starts looking awfully useful. -- Dave Pooser Manager of Information Services Alford Media http://www.alfordmedia.com
Re: World IPv6 Launch Day - June 6, 2012
On 1/17/12 10:17 PM, "Owen DeLong" wrote: >I don't seem to be able to get to the site on IPv6. Well not before June 6, duh! You don't open Christmas presents in August either! :^) -- Dave Pooser Manager of Information Services Alford Media http://www.alfordmedia.com
BGP noob needs monitoring advice
Earlier this year I got a /24 of PA space, set up our shiny new router, got BGP working with both my upstreams, and heaved a sigh of relief: "I'll never have to think about THAT again!" (Okay, quit laughing; I SAID I was a noob!) Now, I discover that one of my upstreams quit announcing our route in November (fortunately the provider who assigned us the /24, so we're still covered in their /18) and the other upstream apparently started filtering our announcements last week. I'm working with both of them to get that fixed, but it's made it clear to me that I need to be monitoring this. My question for the group is, how? I can and do monitor my own router, and I can see that I'm receiving full routes from both ISPs. I am capable of manually accessing route servers and looking glass servers to check if they're receiving routes to me, but I'd like something more automated. Free is nice, $$ is not a problem, might become a problem. Thanks in advance for any suggestions. -- Dave Pooser Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Cogent --> Google Public DNS routing issue
On 8/16/11 11:09 PM, "Robert Glover" wrote: >What is going on here? Cogent finally depeered the entire US? :^) -- Dave Pooser Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Is NAT can provide some kind of protection?
On 1/12/11 1:03 PM, "Owen DeLong" wrote: > NATing IPv6 doesn't do anything good. There's no benefit, only cost. Except for making sure you can switch providers without renumbering, which can be a significant benefit. (Yes, PI space accomplishes the same thing, but that's harder to get for most SMBs.) -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: the alleged evils of NAT, was Rate of growth on IPv6 not fast enough?
> IPv6's fundamental goal is to restore end-to-end. For some. For many, IPv6's fundamental goal is to keep doing what we've been doing without running out of addresses. The fact that the two camps have orthogonal goals is probably part of the reason the rate of growth on IPv6 is so slow. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Rate of growth on IPv6 not fast enough?
> Frankly, when you hear people strongly using the argument stateful > firewalling == NAT, you start to wonder if they've ever seen a stateful > firewall using public addresses. I'd hazard a guess that the number of hosts behind NAT gateways is an order of magnitude -- probably two-- greater than the number of hosts behind stateful firewalls using public addresses. It's not that the latter don't exist, it's that economies of scale make the NAT/PAT appliances more widely used and thus more relevant to the discussion. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Rate of growth on IPv6 not fast enough?
On 4/19/10 9:14 AM, "Patrick Giagnocavo" wrote: > The eyeball ISPs will find it trivial to NAT should they ever need to do > so however, something servers cannot do - you are looking at numbers, > not operational considerations. Personally, I'm just waiting to see which eyeball ISP is the first to react to looming IPv4 exhaustion by (NAT | IPv6 && 6to4)ing their client ranges and using the freed up /9 to offer colo/hosting services at very competitive (compared to desperately scrambling to find a /29 at your IPv4-exhausted ISP) pricing. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Rate of growth on IPv6 not fast enough?
On 4/18/10 8:28 PM, "Patrick Giagnocavo" wrote: > Reality is that as soon as SSL web servers and SSL-capable web browsers > have support for name-based virtual hosts, the number of IPv4 addresses > required will drop. And if Internet history teaches us one thing, it's that end users replace outdated browsers at the drop of a hat, right? -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: small site multi-homing (related to: Small guys with BGP issues)
> If 500 companies are currently > announcing /24s to be heard, but could be moved to /29s, then you still > have 500 route announcements. You just have a lot less waste. That's my situation here. I've got a /24 with fewer than 10 public IPs active, because I need those 10 hosts to be reachable even after Bubba and his backhoe finish tearing up the road in front of my office. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Is your ISP blocking outgoing port 25?
>> On the other hand, why don't modern mail user agents and mail transfer >> agents come configured to use MSA port 587 by default for message >> submission instead of making customers remember anything? > Better yet would be for the MUA to probe for the "best" configuration. The iPhone mail app will try 587 and then fall back to 25 if 587 doesn't work, which strikes me as a model for others to emulate. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Fiber cut - response in seconds?
> Right. So why the "near instant" response time. If it's a diverse path, > one would imagine that they could respond in a few hours or a day and > not have any impact. Just a guess, but: A cut cable is one thing. A cut cable in which people wearing different suits and driving a different brand of SUV might splice in a fiber tap is something altogether different. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: IPv6 Confusion
>> Well, considering how very few vendors actually support IPv6, it's >> hard to find proper competition. > > You don't have to tell the truth to the losing sales folk... : Or you could be truthful and say "we decided to go with the XYZ product, despite the fact that they don't support IPv6; if your product HAD supported IPv6 you would have been in a much stronger position when the contract was awarded." -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: What to do when your ISP off-shores tech support
> Macs are macs, Windows is windows and mail is mail whether you're in Mumbai > or Memphis. As long as the language skills are good and the people are well > trained, it should be mostly irrelevant, IMHO. The problem, IMO is that the sort of organization that wants to reduce labor costs from $11/hr to $1.50/hr (all numbers made up out of thin air) by moving tech support offshore is likely to be the sort of organization that reduces labor costs from $1.50 to $1.15/hr by moving tech support from an offshoring house that provides well-trained people with good language skills to one that provides warm bodies and asinine scripts. I'm know there are good tech support people in India-- I've dealt with some of them-- but the overwhelming majority of times I've ended talking to Indian tech support I've gotten people who are as fluent in English as I am in Hindi and as familiar with the technology they are "supporting" as I am with rebuilding transmissions ("not at all" and "not at all" respectively). That said, Merry Christmas to all and I hope Santa brought extra eggnog to any poor souls working tech support this evening, on any continent. :^) -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: What to do when your ISP off-shores tech support
>> Uh, ditto? Having left SoCal a couple of years ago, my data is a bit >> stale. However, I happily used XO+Covad in three separate locations >> (in SoCal). DSLExtreme also has (or at least had) a good reputation. >> Verizon sucks. In fact, since you are in the Long Beach area, they >> suck even more than they do other places. Vote with your feet. >> > I am pretty sure that COVAD is offshore now Last time I talked to them the helpdesk people were Canadian. That's for T1s; I'm not sure if they do DSL support in the same location. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Misguided SPAM Filtering techniques
> You should have used the oppurtunity to educate your customer. Email is a > best-effort, no receipt service. It is simply not appropriate to use for > business-critical communication without some kind of confirmation of > receipt. That sounds like a statement from the dawn of the ARPAnet. Email is a best effort service, sure. In an ideal world, people would not use it for business-critical communication. But that train left the station a decade ago; if you design your network around the assumption that email is just going to spontaneously vanish sometimes and that's OK, you'll have lower customer satisfaction ratings than chlamydia does. > The hotel didn't really do the wrong thing. Yes it did. It silently hijacked traffic directed for his email server and directed it to an unrelated server. That is never, ever acceptable behavior for a network. Full stop. If they *insist* on hijacking a better response would be to point all port 25 traffic except relay.cluefreehotel.dom to an internal address with an SMTP server that did nothing but issue a 550 with a Web page link that would show the user how to configure Outlook/ OE/ Thunderbird/ Mail.app to send via the hotel's relay server. That way the user knows something bad is happening. The problem is then the hotel has to deal with annoyed users, whereas with the hotel's silent hijacking solution many users don't know enough to be annoyed until after they've left, and may be annoyed at a third party rather than the hotel. Win for the hotel, lose for everybody else. > Blocking it is not a very good solution either because > people who are not sophisticated will just be unable to send mail. Blocking means people who are not sophisticated will be unable to send email and will *know* that they are unable to send email. Silently hijacking means those people will be unable to send email to much (though not all) of the Internet with no idea which messages are successful and which aren't. > You should blame whoever decided not to accept *any* email from the hotel > just because *some* of the email was spam. That person knew or should have > know that some of that email might be business critical. Hmm, that was > *YOU*. Yep, and my company's customer. Each of us had decided, independently, that a host that appeared on a Spamhaus.org blacklist was not allowed to talk to our mail servers. Both of us operated on the assumption that there was not a host in the middle silently hijacking packets. Those assumptions were wrong in this case, but not IMO unreasonable. On the bright side, the customer has now learned to do what my staff already do, which is use an alternate port with encryption, use VPN as a fallback plan, and failing that go somewhere else for Internet access. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Misguided SPAM Filtering techniques
> I use an authenticated TLS-protected mailhost at home for submitting my > email for delivery. Unfortunately, networks have taken to: > > outright blocking 25 and 587 except to their own servers. Back in the day AT&T dial-up blocked port 25 outgoing (except to their own servers) for the first month; after that, a user could request an unblock. I believe the SBC/AT&T Borg does the same thing with dynamic DSL IPs. It seems to me that blocking port 25 by default and unblocking on request would be an ideal low-maintenance solution that would reduce spam considerably, and has the added benefit of being on-topic for NANOG. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Misguided SPAM Filtering techniques
> And that is probably just fine, as 99% of the true spam comes from email > addresses (and often doamins) that either do not exist, or often are not > configured to receive email. I call BS. I ran sender-callout verification on my primary email server for a while (before I became convinced it was mildly abusive, and stopped) and typically blocked 2-3 spams per day. In fact, I had more FPs than legit spam blocked by that method. > If you didn't send the the email, why bother confirming it? > Aren't you also adding back to the problem? Absolutely I am. If you're going to try to offload your spam filtering to me, I want the process to cause you as much pain as possible (within ethical limits, which is why I won't forward your email > Even if you confirm your email address, that's all that spamarrest is asking > for. If the email address is valid, then it's done its job. Sender callouts will verify addresses without requiring any action from the end user. If you must [ab]use my resources to do your job, please have the common decency to use my (abundant) hardware and software resources rather than my (much more limited) wetware resources. -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com
Re: Misguided SPAM Filtering techniques
> If something comes that is not whitelisted then email is sent > back asking you to confirm that it is not spam. I received one of these > confirmation requests for a piece of spam that I did not send out. Whenever I get one of those, I go ahead and confirm the message so the spam gets through to the end user. I figure if they think I'm gonna filter their mail for free, well, they get what they pay for. :^) -- Dave Pooser, ACSA Manager of Information Services Alford Media http://www.alfordmedia.com