Re: RIP Dave Mills

Word got out a week ago with a message from Vint cerf to the internet-history list. The thread Vint started is here: https://elists.isoc.org/pipermail/internet-history/2024-January/009265.html Vint is collecting anecdotes here:

Re: Northern Virginia has had enough with data centers

> Even traditional data centers have not been known to be especially > considerate about scheduling their -loud- genset tests. Doesn't matter so > much in the middle of an industrial zone but when you do it near where people > live you're going to make them angry. Why are gensets loud? Is

Re: ntp with dhcp

> I'm looking for statistics on setting NTP servers on clients using DHCP, in > the wild. Does anyone know if there is any available somewhere? That brings up an interesting can of worms. If you run a NAT box with lots of clients, please don't point your NTP clients at the pool. I can't

Re: "Hacking" these days - purpose?

> Simple question: What's the purpose of obtaining illicit access to random > devices on the Internet these days ... Aside from stealing user's information, there is also stealing industrial and diplomatic secrets. The Chinese stole a lot of F-35 info. The news is full of Russians hacking

Re: Is there any data on packet duplication?

b...@herrin.us said: > NTP you say? How does iburst work during initial sync up? How does it work, or how should it work? 1/2 :) NTP has been around for a long time. It looks very simple, so anybody thinks they can toss off an implementation without much thought. It will probably work,

Is there any data on packet duplication?

How often do packets magically get duplicated within the network so that the target receives 2 copies? That seems like something somebody at NANOG might have studied and given a talk on. Any suggestions for other places to look? Context is NTP. If a client gets an answer, should it keep

Re: Abuse Desks

Mike Hammett said: > IMO, the answer is balance. > - Handful of SSH connection attempts against a server. Nobody got in, > security hardening did it's job. I don't think that is worth reporting. - > Constant brute force SSH attempts from a given source over an extended period > of time, or a

RE: Backhoe season?

> I heard, and am seeing that construction type jobs don't seem to be affected > much with the virus shutdown. I mean I see guys building homes and working > on roads all around me... furthermore, we've heard of a couple fiber cuts > that have brought portions of our network down a couple

Re: UDP/123 policers & status

Steven Sommars said: > The secure time transfer of NTS was designed to avoid amplification attacks. I work on NTP software (ntpsec). I have a couple of low cost cloud servers in the pool where I can test things and collect data. I see bursts of 10K to several million packets "from" the same IP

RE: Internet diameter?

Keith Medcalf said: > "just static content" would be more accurate ... and using http rather than https > There were many attempts at this by Johhny-cum-lately ISPs back in the 90's > -- particularly Telco and Cableco's -- with their "transparent poxies". > Eventually they discovered that

Re: WWV Broadcast Outages

"Majdi S. Abbas" said: > That said, I and many others "still use" WWV -- there aren't exactly a > surplus of suitable backup methods to GPS these days. Any suggestions for gear and/or software that works with WWV (or CHU)? Or general suggestions for non GPS sources of

Re: ddos attack blog

I was being a bit extreme, I don't expect UDP to be blocked and there are valid uses for NTP and it needs to pass. Can you imagine the trading servers not having access to NTP? Sure. They could setup internal NTP servers listening to GPS. Would it be as good overall as using external

Re: [VoiceOps] (cross post) VoIP heat charts...

http://www.nanpa.com/nanp1/allutlzd.zip lists NPANXX and Ratecentre. How does number portability interact with this? What fraction of numbers have been ported? (Where should I look/google to find the answer?) -- These are my opinions. I hate spam.

Re: Mikrotik Cloud Core Router and BGP real life experiences?

nanog-requ...@nanog.org said: We replaced a few Maxxwave 6 port Atom's with the CCR. ~400Mb/s and ~40K pps aggregate across all ports. CPU load went from ~25% to ~0-2%. These are in a configuration where they have little or no firewall/nat/queue rules. And in most cases are running MPLS.

Re: Automatic abuse reports

William Herrin b...@herrin.us said: That's the main problem: you can generate the report but if it's about some doofus in Dubai what are the odds of it doing any good? It's much worse than that. Several 500 pound gorillas expect you to jump through various hoops to report abuse. Have you

Re: This is a coordinated hacking. (Was Re: Need help in flushing DNS)

at what point is the Internet a piece of infrastructure whereby we actually need a way to watch this thing holistically as it is one system and not just a bunch of inter-jointed systems? Who's job is it to do nothing but ensure that the state of DNS and other services is running as it

Re: OOB core router connectivity wish list

It might help clarify things if you added two (hopefully) short sections: One discussing how to get off the ground. How do I get my ssh key on a factory-reset box? Another discussing security. There may be conflicting requirements for different usage scenarios. -- These are my

Re: FYI Netflix is down

George Herbert george.herb...@gmail.com said: I worked for a Sun clone vendor (Axil) for a while and took some of our systems and storage to Comdex one year in the 90s. We had a RAID unit (Mylex controller) we had just introduced. Beforehand, I made REALLY REALLY SURE that the

NTP/THunderbolt (was Re: strat-1 gps)

Thing with the Thunderbolts is not all revisions of the firmware seem to play nice with ntpd. Would anybody with more info please contact me off-list. We should be able to fix that, or at least document it. -- These are my opinions. I hate spam.

RE: EBAY and AMAZON

[Snip good collection of security setting suggestions. Does anybody have others or a URL?] I could never quite understand how anyone could get phished by e-mail since I have never ever seen a phishing or other malicious message that was not obviously so, even when I don't have me spectacles

CVV numbers

In response to my comment about: If I'm not supposed to not tell anyone, why is it even printed where I can read it? (Sorry for the extra not in there.) I got an off list suggestion of: http://www.cvvnumber.com/ It looks reasonable. But then, whois for cvvnumber.com says: Registrant:

Re: Dear Linkedin,

I have accounts at probably 100's of sites. Am I to understand that I am supposed to remember each one of them and dutifully update them every month or two? Yes; of course if most of those accounts are moribund and unused then you don't need to change them so often, but the passwords you

Re: Dear Linkedin, [and proposed mitigation approach

Yes, well, I'm being cynical ... Yes, but are you being cynical enough? -- Is 14 months a excusable length of time for someone not to have changed their password after a break? That cuts both ways. Who is changing the password, the good guys or the bad guys? -- These are my

Re: Dear Linkedin,

Does your bank request/require that you change the PIN on your ATM card every few months? ATM cards are not passwords, they are a coarse form of two-factor authentication - You have the card, you have the PIN. You have to possess both in order to transact - at least in in theory.

Re: Wacky Weekend: The '.secure' gTLD

I think this is an interesting concept, but i don't know how well it will hold up in the long run. All the initial verification and continuous scanning will no doubtingly give the .secure TLD a high cost relative to other TLD's. Right. But your high cost is relative to dime-a-dozen vanity

RE: Outdoor Wireless Access Point

Hi...How do I do it! I'm utterly amazed how many people give away free consultant work. We need to keep people working... not giving it away. Ethics... Security... etc... Does the university give away free diploma's? I don't think so. I don't expect a free diploma, but many

Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)

I'm not a lawyer nor an operator. Imagine that instead of www.google.com, it was www.whitehouse.gov At some point, I suspect that this gets service to get it fixed RIGHT NOW. At some point, the guys informing you it's RIGHT NOW show up with badges. Where is Milo Medin when we need him? The

Re: [#135346] Unauthorized BGP Announcements (follow up to Hijacked Networks)

Where is Milo Medin when we need him? how would he be helping? He would have pulled the plug. The story is from the very early days of the internet, probably long before NANOG existed. Milo worked at NASA and found a cracker from Finland on one of NASAs machines. The link from Finland to

Re: Recent DNS attacks from China?

I am wondering if anyone else is seeing a sudden increase in DNS attacks emanating from chinese IP addresses? Over the past 24 hours we've seen a sudden rash of chinese IPs attacking our DNS servers in the order of 5 to 10 million PPS for periods of 5 to 10 mins, repeated every 20 to 30

Re: First real-world SCADA attack in US

Like any of the decades largest breaches this could have been avoided by following BCP's. In addition SCADA networks are easily protected via behavioral and signature based security technologies. Is there a BCP that covers security for SCADA? Note that Google for BCP SCADA finds

Re: First real-world SCADA attack in US

On an Illinois water utility: http://www.msnbc.msn.com/id/45359594/ns/technology_and_science-security That URL says: The Nov. 8 incident was described in a one-page report from the Illinois Statewide Terrorism and Intelligence Center, according to Joe Weiss, a prominent expert on protecting