Re: Incoming SSDP UDP 1900 filtering
Actually a little surprised to see port 25 blocked in both directions here along with 1080. It’s like saying here’s your network but it’s limited. Though I wouldn’t recommend spawning up 25 it’s still a legitimately used port today as alike with 1080. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Mar 25, 2019, at 07:13, Ca By wrote: > > Blocked ssdp and move on > > Ssdp is a horrible ddos vector > > Comcast and many others already block it, because is the smart and best thing > to do > > https://www.xfinity.com/support/articles/list-of-blocked-ports > > >> On Mon, Mar 25, 2019 at 1:30 AM marcel.duregards--- via NANOG >> wrote: >> Dear Community, >> >> We see more and more SSDP 'scan' in our network (coming from outside >> into our AS). Of course our client have open vulnerables boxes (last one >> is an enterprise class Synology with all defaults ports open:-)) which >> could be used as a reflection SSDP client. >> >> As SSDP is used with PnP for local LAN service discovery, we are >> thinking of: >> >> 1) educate our client (take a lot of time) >> 2) filter incoming SSDP packets (UDP port 1900 at least) in our bgp border >> >> We see option 2 as a good action to remove our autonomous systeme from >> potential sources of DDOS SSDP source toward the Internet. >> Of course this might (very few chance) open others problems with clients >> which use this port as an obfuscation port, but anyhow it would not be a >> good idea as it is a registered IANA port. >> We could think of filtering also incoming port 5000 (UPnP), but it is >> the default port that Synology decide to use (WHY so many trojan use >> this) for the DSM login into the UI. >> >> What do you think ? >> >> Thank, best regards, >> >> -- >> Marcel
Re: sending again in case Zoom didn't email it correctly
Anyone want to have a large off topic zoom meeting ? :-) consisting of IDK and willing to weigh in -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Mar 15, 2019, at 14:40, Valdis Klētnieks wrote: > > On Fri, 15 Mar 2019 13:56:35 -0500, Casey Russell said: > >> SIP failover call. > > It's 2019. Surely we have better ways to have SIP fail over than manually > sending an e-mail alert redirecting the person to a phone number? >
Re: GPS week number rollover event on April 6th
Thanks! -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Mar 7, 2019, at 17:02, Gerry Boudreaux wrote: > > For those who have GPS based NTP servers. > > https://ics-cert.us-cert.gov/sites/default/files/documents/Memorandum_on_GPS_2019.pdf > > G >
Re: A Zero Spam Mail System [Feedback Request]
http://4.bp.blogspot.com/-nRlbTO3RH1s/Uo-X_PX6WBI/JLU/mirPbTYFa6U/s1600/unnamed.jpg -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Feb 18, 2019, at 16:57, Tom Beecher wrote: > > Every single person on this list has either sent an email they later regret , > or will do so eventually. > > Full credit to you for acknowledging and owning this. > > Best of luck to you. > >> On Mon, Feb 18, 2019 at 09:08 Viruthagiri Thirumavalavan >> wrote: >> @Everyone >> >> I'm not gonna justify my behaviour. Yes my post was rude. I made a mistake. >> I was way over in my head. When I typed the original message I was obsessed >> with the man John Levine. He was responsible for the attacks on me in 4 >> mailing lists. DMARC, DKIM, IETF and this one (the old thread). >> >> I didn't want to face the same thing again. So I was rude. I'm not gonna >> make him responsible for this thread. This one is my mistake. I could have >> been more professional in my original post. But I screwed up. >> >> My apologies to everyone here for making you witness my rant. I'm leaving >> this mailing list too. But if anyone complete my white paper in the future, >> I would love to hear your feedback. I won't be receiving any mails from >> nanog. So contact me off-list in that case. >> >> Thanks for the guys who helped in my other threads. >> >> Good luck to you all.
Re: Quick Script to check the uptime of ASR920's
Good stuff! Thanks for sharing this will come in handy. Quick note for those running it would be a little more portable by changing the shebang line to #!/bin/sh as bash on a lot of systems does not exist in /bin -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jan 25, 2019, at 18:44, Erik Sundberg wrote: > > It was a script I created in regards to this thread below... Interface > counters and some other things stop working after a Cisco ASR920 is up 889 > days Fun Fun > > https://puck.nether.net/pipermail/cisco-nsp/2019-January/106558.html > > > -Original Message- > From: Mel Beckman > Sent: Friday, January 25, 2019 6:39 PM > To: Erik Sundberg > Cc: nanog@nanog.org > Subject: Re: Quick Script to check the uptime of ASR920's > > Erik, > > That’s a nice little script. Thanks! > > So you want a warning if a router hasn’t been rebooted in a long time? Just > out of curiosity, why? I’m kind of glad that my routers don’t reboot, pretty > much ever. Usually I want to know if the uptime suddenly became less than the > most recent uptime, indicting a possibly unplanned reboot. > > -mel > >> On Jan 25, 2019, at 4:29 PM, Erik Sundberg wrote: >> >> All, >> >> I just created a quick script to check the uptime of a ASR920 via SNMP >> if you have a fairly long list of devices. It's a simple bash script >> and snmpwalk version 2c. Figured I would share it with you. Happy >> Friday >> >> Grab the code from GitHub: >> https://github.com/esundberg/CiscoRouterUptime >> It's a quick and dirty script and my first repo on github. Let me know if >> there any issues with it. >> >> >> Output Format in CSV >> DeviceName, IP, Uptime in Days, OK/Warning >> >> I set my warning to 800 Days, you can change this in the code >> >> >> ASR920list.txt >> - >> ASR920-1.SEA1, 192.168.28.1, SuperSecretSNMPKey ASR920-2.SEA1, >> 192.168.28.2, SuperSecretSNMPKey snip you get the idea >> >> >> Output >> >> [user@Linux]$ ./CiscoRouterUptime.sh ASR920list.txt ASR920-1.SEA1, >> 192.168.28.1, 827, WARNING ASR920-2.SEA1, 192.168.28.2, 827, WARNING >> ASR920-2.ATL1, 192.168.23.2, 828, WARNING ASR920-1.ATL1, 192.168.23.1, >> 813, WARNING ASR920-1.CHI1, 192.168.21.3, 828, WARNING ASR920-1.NYC1, >> 192.168.25.1, 787, OK ASR920-2.CHI1, 192.168.21.4, 720, OK >> ASR920-3.CHI1, 192.168.21.5, 720, OK ASR920-1.DAL1, 192.168.26.3, 488, >> OK ASR920-4.CHI1, 192.168.21.6, 142, OK >> >> >> >> >> >> CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files >> or previous e-mail messages attached to it may contain confidential >> information that is legally privileged. If you are not the intended >> recipient, or a person responsible for delivering it to the intended >> recipient, you are hereby notified that any disclosure, copying, >> distribution or use of any of the information contained in or attached to >> this transmission is STRICTLY PROHIBITED. If you have received this >> transmission in error please notify the sender immediately by replying to >> this e-mail. You must destroy the original transmission and its attachments >> without reading or saving in any manner. Thank you. > > > > > CONFIDENTIALITY NOTICE: This e-mail transmission, and any documents, files or > previous e-mail messages attached to it may contain confidential information > that is legally privileged. If you are not the intended recipient, or a > person responsible for delivering it to the intended recipient, you are > hereby notified that any disclosure, copying, distribution or use of any of > the information contained in or attached to this transmission is STRICTLY > PROHIBITED. If you have received this transmission in error please notify the > sender immediately by replying to this e-mail. You must destroy the original > transmission and its attachments without reading or saving in any manner. > Thank you.
Re: (Netflix/GlobalConnect a/s) Scheduled Open Connect Appliance upgrade is starting
HTML gets converted to text here without images unless I want them the power of knowledge and ingenuity goes a long way. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jan 13, 2019, at 20:01, Seth Mattinen wrote: > >> On 1/13/19 2:49 PM, Bryce Wilson wrote: >> Not to name any names, but there are a few people on this list that for >> whatever reason use different fonts or sizes. I like having all of my text >> the same size because I can then use the features built into my email client >> to change the size as I need for my eyes and the screen I am using. I am >> also able to change the font when the email does not already specify one. >> More importantly, what is the need to use a different font in your emails? >> One of the people that I converse with outside of this list uses a cursive >> font which is also in a different color. It’s very hard to read and I see no >> need for it at all. > > > That's the primary reason I am plain text only: people that think they're > being whimsical by picking fonts and colors that are hard to read.
Re: plaintext email?
Haha nice troll -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jan 13, 2019, at 14:01, Christoffer Hansen > wrote: > > > >> On 13/01/2019 20:57, Brian Kantor wrote: >> Are you trying to start another flame war? > > I certainly hope to avoid this discussion currently! > > (back to 1) @NETFLIX: Anybody willing to listen to previous stated > comment and take action on it? > >- Christoffer >
Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
No problem. We all come across this here and there. We all fail 100 times or more but perception will always be key in how we obtain a final objective that benefits everyone. Thomas Edison failed thousands of times but of all those times his success only came from the knowledge of those so many failures. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jan 12, 2019, at 18:13, Viruthagiri Thirumavalavan wrote: > > Jason, Your comment is one of the best I have seen in this thread. > > Thanks for the input and being neutral.
Re: yet another round of SMTP Over TLS on Port 26 - Implicit TLS Proposal [Feedback Request]
Honestly, you feel very highly of your work in which any of us do in this field but John has a very good point and constructive criticism shroud not be the down fall of anyone. Read it 100 times without taking any thought of your own work and try to see the whole picture. Not agreeing with John or you but it is very straight forward and industry leading. It’s polite. I would feel the proper response from you would be to acknowledge the feedback and ask for some correction and guidance as John has had a lot of involvement here as so many others. He is not saying what you are doing is bad or such but more of guidance in a more proper direction so delusions are not set in the future. The whole picture of any outcome is not only had by just one person trying to make a difference but by the whole for a greater good for which makes sense for the current architectures and policies that are in place. I solute both you and John plus the community at which contribute highly valuable aspects to evolving “our” beat practices and judgements. Whether it’s positive or negative or proof of concept, it is how we get to where we “think” we should be. Criticism is how we get there regardless. Let’s cut out the other non-sense and discontinue this thread and work positively instead of against one-another. -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jan 12, 2019, at 17:26, Cummings, Chris wrote: > > Can we please have a mod step in and shut this thread down? Any conversation > of value is long gone. > > /Chris > > > > On Sat, Jan 12, 2019 at 5:25 PM -0600, "Viruthagiri Thirumavalavan" > wrote: > >> I don't know why you are all try to defend a man who try to silence my work. >> >> Are you saying this thread is necessary? >> >>> On Sun, Jan 13, 2019 at 4:46 AM Töma Gavrichenkov wrote: >>> On Sun, Jan 13, 2019 at 12:51 AM Viruthagiri Thirumavalavan >>> wrote: >>> > 5 months back I posted my spam research on DMARC list. >>> > You have gone through only 50 words and judged my work. >>> > The whole thread gone haywire because of you. I was >>> > humiliated there and left. >>> >>> By the way, since that you've left no traces of whatever piece of work >>> you've posted to that list. The website is empty, slides are removed >>> from Speakerdeck, etc. >>> >>> In theory, I can easily recall a few cases in my life when going >>> through just 50 words was quite enough for a judgment. >>> >>> > To be very honest, I don't like you. >>> >>> Please keep our busy mailing list out of this information, though for >>> me it's a valuable piece of data that someone I don't know personally >>> doesn't like someone else. >>> >>> > Although I don't like you, I still managed to respond politely in >>> > IETF lists. Again... In that list the only thing you did was >>> > attacking my work. >>> >>> So, I've read the whole thread, and, as far as I can see, there was >>> nothing coming from John except for a balanced judgement. >>> >>> > And then please tell me this man is not biased at all. >>> >>> Sorry, he's not. >>> >>> -- >>> Töma >> >> >> -- >> Best Regards, >> >> Viruthagiri Thirumavalavan >> Dombox, Inc.
Re: GTT Regulatory Recovery Surcharge
Down on the farm -- J. Hellenthal The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Dec 2, 2018, at 20:17, bob evans wrote: > > I think it's because they need to...not for any legal reason, but to > increase cash flow by every penny possible. As they just spend 2.3 billion > dollars on an acquisition. Every penny they can add to a bill is an > attempt to slow the bleeding that resulting from over borrowing. > > 3600 employees, huge major acquisitions half a billion here - 2 billion > there, where is this money coming from? Buying sales organizations with no > network? > > One has to ask is this a secretly government funded/owned business? If so, > which government? Ours? > > Bob Evans > CTO/Founder > >>> On Dec 2, 2018, at 6:04 PM, Clayton Zekelman wrote: >>> >>> I can't imagine how the corporate sociopaths could justify charging an >>> American recovery fee on a service delivered in Canada. >> >> I would speculate that the reason is ever popular ‘because they can”. >> >> James R. Cutler >> james.cut...@consultant.com >> PGP keys at http://pgp.mit.edu > >
Re: Hulu / ESPN: Commercial IP Address
Exactly ... blocked or rate limited from.a /20 or /18 but it’s pretty hard to diff from same customer that is also watching from a full routed VPN’d service for privacy which I find quite often being implemented in services like AdBlock, AdGuard and the like which becomes a point of confusion for the svc providers. It’s not necessarily sharing when you find the user in the US also logging in from Italy or France for example. -- The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Oct 13, 2018, at 15:06, Tyler Harden wrote: > > This happens a lot with people who share their Hulu with friends. Your IP can > get tagged as commercial for abuse of their service, especially if using > their TV service. > >> On Oct 13, 2018, at 14:39, Daniel Corbe wrote: >> >> I had a customer with a similar issue. I statically assigned them a >> different IP and it didn’t resolve it. The problem turned out to be tied >> to their Hulu account. >> >> The customer is going to need to keep pressing the issue with Hulu’s >> technical support group. Make sure they’re not using a VPN to connect to >> the Internet and have them keep calling Hulu back until they get someone >> clueful on the phone. >> >> In my customer’s case, they eventually had to “re-home” them to resolve it. >> I have no idea what that entails. >> >> -Daniel >> >> at 12:35 PM, Jason Canady wrote: >> >>> Hello, >>> >>> I have a customer that is using Hulu Live to stream ESPN, however it isn't >>> showing up in their Channel list. They reached out to Hulu and it's >>> because their IP address is 'commercial'. We have many customers using >>> Hulu without problems, but it seems specific to ESPN. Anyone else have >>> this issue? Do you reach out to ESPN or Hulu? >>> >>> If anyone has any information, please share it. Appreciate your help in >>> advance! >>> >>> Best Regards, >>> >>> Jason Canady >>> Unlimited Net, LLC >>> Responsive, Reliable, Secure >> >>
Re: bloomberg on supermicro: sky is falling
You are what you allow -- The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Oct 4, 2018, at 17:07, Naslund, Steve wrote: > > It would be really noticeable. In the secure networks I have worked with > "default routes" were actually strictly forbidden. Also, ACLs and firewall > policy is all written with Deny All policy first. Everything talking through > them is explicitly allowed. > > The government especially in the three letter intel agencies is not a > clownish as they are depicted. > > Steven Naslund > Chicago IL > >> Which makes the traffic that wanders towards the default route where >> nothing should go *very* noticeable. >> >> Regards, >> Bill Herrin >
Re: Application or Software to detect or Block unmanaged swicthes
As someone already stated the obvious answers, the slightly more difficult route to be getting a count of allowed devices and MAC addresses, then moving forward with something like ansible to poll the count of MAC’s on any given port ... of number higher than what’s allowed, suspend the port and send a notification to the appropriate parties. All in all though sounds like a really brash thing to do to your network team and will generally know and have a very good reason for doing so... but not all situations are created equally so good luck. -- The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Jun 7, 2018, at 03:57, segs wrote: > > Hello All, > > Please I have a very interesting scenario that I am on the lookout for a > solution for, We have instances where the network team of my company bypass > controls and processes when adding new switches to the network. > > The right parameters that are required to be configured on the switches > inorder for the NAC solution deployed to have full visibility into end > points that connects to such switches are not usually configured. > > This poses a problem for the security team as they dont have visibility > into such devices that connect to such switches on the NAC solution, the > network guys usually connect the new switches to the trunk port and they > have access to all VLANs. > > Is there a solution that can detect new or unmanaged switches on the > network, and block such devices or if there is a solution that block users > that connect to unmanaged switches on the network even if those users have > domain PCs. > > Anticipating your speedy response. > > Thank You!
Re: Geolocation issue with a twist
You will probably need to host that attachment elsewhere and post a link to it. Attachments don’t really fly to mailing lists. > On May 22, 2018, at 15:50, Clay Stewartwrote: > > Can someone point me for help with the following issue? > > I purchased a /24 late last year on auction which was originally owned by > Cox communications in Europe. It had Geolocation in a lot of bad places, > and Cox got it 'cleared' up for me. > > But there is still one issue, an ISP in Spain has it in a Geo database > which is pointed to my correct location, but because it is a Spain ISP, the > block has lots of issues in block apps and redirects to spam sites. > > Attach is a snapshot with the incorrect ISP highlight and Geo database. I > cannot get any info from the Geo database. > > I am new to this list, so I hope this is an appropriate question. -- The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
Re: Whois vs GDPR, latest news
Mind pointing out where in the GDPR that it directly relates to these types of mail services ? > On May 21, 2018, at 20:07, Matthew Kaufmanwrote: > > On Mon, May 21, 2018 at 1:56 PM Fletcher Kittredge wrote: > >> What about my right to not have this crap on NANOG? >> > > > What about the likely truth that if anyone from Europe mails the list, then > every mail server operator with subscribers to the list must follow the > GDPR Article 14 notification requirements, as the few exceptions appear to > not apply (unless you’re just running an archive). > > Matthew -- The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume.
Re: New DNS Service
Like a wildcard DNS entry ! -- The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Apr 3, 2018, at 10:25, Leewrote: > > It depends. If the web site is hosted on.. let's say cloudflare, > there could be hundreds of names pointing to the same IP address. > > Lee
Re: Proof of ownership; when someone demands you remove a prefix
haha. Sorry for the top posts. iOS what ya goin to do on a very long thread capability. :-) -- The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Mar 12, 2018, at 22:26, Scott Weeks <sur...@mauigateway.com> wrote: > > > >>> On Mar 12, 2018, at 4:11 PM, Randy Bush <ra...@psg.com> wrote: >>> >>> it's a real shame there is no authorative cryptographically verifyable >>> attestation of address ownership. > > >> On Mar 12, 2018, at 21:20, George William Herbert <george.herb...@gmail.com> >> wrote: >> >> Ownership?... >> >> (Duck) > > > --- jhellent...@dataix.net wrote: > From: Jason Hellenthal <jhellent...@dataix.net> > > : shouldn’t that be proof enough of ownership of the ASN ? > - > > > You don't own the ASN. And that was a special, friendly poke at randy... :-) > > scott
Re: Proof of ownership; when someone demands you remove a prefix
How about signed ownership ? (https://keybase.io) if you are able to update the record … and it is able to be signed then shouldn’t that be proof enough of ownership of the ASN ? If you can update a forward DNS record then you can have the reverse record updated in the same sort of fashion and signed by a third party to provide first party of authoritative ownership… Assuming you have an assigned ASN and the admin has taken the time to let alone understand the concept and properly prove the identity in the first place… (EV cert ?) Just a light opinion from … https://jhackenthal.keybase.pub Trust is a big issue these days and validation even worse given SSL trust. -- The fact that there's a highway to Hell but only a stairway to Heaven says a lot about anticipated traffic volume. > On Mar 12, 2018, at 21:20, George William Herbert> wrote: > > Ownership?... > > (Duck) > > -george > > Sent from my iPhone > >> On Mar 12, 2018, at 4:11 PM, Randy Bush wrote: >> >> it's a real shame there is no authorative cryptographically verifyable >> attestation of address ownership.
Re: Novice sysadmins
People die all the time in our profession. Loss of job due to major failure… self inflicted suicide or even homicide by disgruntled employee due to others negligent actions and laziness. It only amplifies and is less reported these days that in the dot.com boom era. But the higher the classification the more likely its to happen whether its someone else or the person that made the “huge mistake”. But this thread is really out of line and can go on forever. I would encourage others to not reply as I will not as well. > On Dec 6, 2017, at 19:39, Miles Fidelmanwrote: > > >> On Wed, Dec 6, 2017 at 1:51 PM, Stephen Satchell wrote: >> >>> What professional engineers you mentioned do can kill people. I have yet >>> to hear of anyone dying from a sysadmin or netadmin screwing up. (Other >>> than dropping something heavy onto someone, using a fork lift >>> incompetently, or building an unsafe raised floor.). >>> >>> > Military networks. Aviation. Hospitals. SCADA. The list goes on. > > > > -- > In theory, there is no difference between theory and practice. > In practice, there is. Yogi Berra >
IPv6 Connectivity at Specific Datacenter location.
I need to get in touch with a NOC/IP tech for Level3 previously TW/Telecom. Informative only. We have a /25 block of shared IPv4 at a local Datacenter in a Brookfield, WI located datacenter owned by Level3 and I would like to add V6 connectivity at our edge but I cannot seem to find a proper contact to inquire with. Were currently hosting a one off solution at Rackspace just for V6 and Apple requirements and Id like to discuss what its going to take to get that connectivity moved to our datacenter edge. Open for off list contact. Non time sensitive matter but would like to handle ASAP. Thanks
[AS1299] Contact Request
Could someone from AS1299 track down a the source of this problem. Feel free to contact me off list for phone number or otherwise. Thanks Routing from AS11427, AS209 & AS32201 to the IP address of 190.166.236.188 in the Dominican Republic (DO) seems to be dropping traffic at AS1299 to and from. I have a remote programmer that needs VPN access back to our corporate office in Wisconsin from that IP address. /TIA
Re: 403 Labs "Sikich"
Situation has been resolved. > On Feb 4, 2017, at 16:38, Jason Hellenthal <jhellent...@dataix.net> wrote: > > Is anyone from 403 Labs present on this list ? > > We have a stuck automated test that was never turned off that is effecting > our customers and coming from your network to a shared IP block in Chicago. > > Contact me off list for details please. > > > Thanks
403 Labs "Sikich"
Is anyone from 403 Labs present on this list ? We have a stuck automated test that was never turned off that is effecting our customers and coming from your network to a shared IP block in Chicago. Contact me off list for details please. Thanks
PayCom Network Contact Request
Could a network engineer from PayCom contact me off list when you get a chance please. Hoping to glean some subnet information from you that might help us out, if there is someone from PayCom on this list. Thanks signature.asc Description: Message signed with OpenPGP
Re: Wanted: volunteers with bandwidth/storage to help save climate data
Simply put… if the data that is hosted on the sites aforementioned then cough up the damn space and host it. Data space is cheap as hell these days, parse it and get the hell on with it already. *Disclaimer* not meant to single out any one party in this conversation but the whole subject all together. Need someone to help mirror the data ? I may or may not be able to assist with that. Provide the space to upload it to and the direction to the data you want. But beyond all that. This subject is plainly just off topic. > On Dec 21, 2016, at 22:16, Royce Williams <ro...@techsolvency.com> wrote: > > On Tue, Dec 20, 2016 at 7:08 AM, Royce Williams <ro...@techsolvency.com> > wrote: > > [snip] > >> IMO, *operational, politics-free* discussion of items like these would >> also be on topic for NANOG: >> >> - Some *operational* workarounds for country-wide blocking of >> Facebook, Whatsapp, and Twitter [1], or Signal [2] > > [snip] > >> 2. >> http://www.nytimes.com/aponline/2016/12/20/world/middleeast/ap-ml-egypt-app-blocked.html > > Steering things back towards the operational, the makers of Signal > announced today [1] an update to Signal with a workaround for the > blocking that I noted earlier. Support in iOS is still in beta. > > The technique (which was new to me) is called 'domain fronting' [2]. > It works by distributing TLS-based components among domains for which > blocking would cause wide-sweeping collateral damage if blocked (such > as Google, Amazon S3, Akamai, etc.), making blocking less attractive. > Since it's TLS, the Signal connections cannot be differentiated from > other services in those domains. > > Signal's implementation of domain fronting is currently limited to > countries where the blocking has been observed, but their post says > that they're ramping up to make it available more broadly, and to > automatically enable the feature when non-local phone numbers travel > into areas subject to blocking. > > The cited domain-fronting paper [2] was co-authored by David Fifield, > who has worked on nmap and Tor. > > Royce > > 1. https://whispersystems.org/blog/doodles-stickers-censorship/ > 2. http://www.icir.org/vern/papers/meek-PETS-2015.pdf -- Jason Hellenthal JJH48-ARIN
Re: [nanog] Avalanche botnet takedown
If I could have it my way, I would say no gTLD’s should be allowed to transmit any email messages whatsoever. And force them to either use something like sendgrid.com or to purchase a primary .com, .org, .net .co.uk whatever etc.. But thats just me. It’s not a nice world but it is just the world we live in today. > On Dec 2, 2016, at 05:28, Hugo Salgado-Hernández <hsalg...@nic.cl> wrote: > > According to a 2015 paper, 85% of new gTLDs domains was some form > of parking, defensive redirect, unused, etc: > <http://conferences2.sigcomm.org/imc/2015/papers/p381.pdf> > > Hugo > > On 15:02 01/12, J. Hellenthal wrote: >> 99% ? That's a pretty high figure there. >> >> -- >> Onward!, >> Jason Hellenthal, >> Systems & Network Admin, >> Mobile: 0x9CA0BD58, >> JJH48-ARIN >> >> On Dec 1, 2016, at 14:56, Rich Kulawiec <r...@gsp.org> wrote: >> >>> On Thu, Dec 01, 2016 at 05:34:26PM -, John Levine wrote: >>> [...] 800,000 domain names used to control it. >> >> 1. Which is why abusers are registrars' best customers and why >> (some) registrars work so very hard to support and shield them. >> >> 2. As an aside, I've been doing a little research project for a >> few years, focused on domains. I've become convinced that *at least* >> 99% of domains belong to abusers: spammers, phishers, typosquatters, >> malware distributors, domaineers, combinations of these, etc. >> >> In the last year, I've begun thinking that 99% is a serious underestimate. >> (And it most certainly is in some of the new gTLDs.) >> >> ---rsk >> -- Jason Hellenthal JJH48-ARIN
Re: Oracle buys... Dyn.
Lets just hope so, or Id think that the there will eventually be a price hike by AWS to compensate for Oracle’s outrageous costs. But again only speculation at this point. > On Nov 21, 2016, at 11:22, Akshay Kumar <aks...@mongodb.com> wrote: > > Route53 just uses Dyn and Ultra. I would expect AWS to roll out their own > soon. > > On Mon, Nov 21, 2016 at 12:18 PM, J. Hellenthal <jhellent...@dataix.net> > wrote: > Don't blame ya I'm a little negative on this one too as I can already > "assume" specialized DNS integration with oracle products among possibly > ?oracle cloud? Structures spawning up for competition with AWS, Azure ... > others but these are just speculations. > > -- > Onward!, > Jason Hellenthal, > Systems & Network Admin, > Mobile: 0x9CA0BD58, > JJH48-ARIN > > On Nov 21, 2016, at 10:26, Jay R. Ashworth <j...@baylink.com> wrote: > > Happy Monday. > > This seems to me to be equivalent (and bad for the same reasons) to cable > companies and/or ISPs being co-owned with program providers. > > > http://www.zdnet.com/article/oracle-acquires-dns-provider-dyn-to-take-on-amazons-lead-in-the-cloud > > How will this affect *your* operations planning, if at all? Am I being > overly cynical about Larry Ellison? :-) > > Cheers, > -- jra > > -- > Jay R. Ashworth Baylink > j...@baylink.com > Designer The Things I Think RFC 2100 > Ashworth & Associates http://www.bcp38.info 2000 Land Rover DII > St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274 > -- Jason Hellenthal JJH48-ARIN
Re: Network Diagnostic Tool
https://twitter.com/jhackenthal/status/799091998594650112 > On Nov 12, 2016, at 22:05, J. Hellenthal <jhellent...@dataix.net> wrote: > > That is a very cool contribution you've made. Let me run it through some > tests and put it to work right away and see if I can provide some feedback > and maybe possible patches or incites > > But thank you!! > > -- > Onward!, > Jason Hellenthal, > Systems & Network Admin, > Mobile: 0x9CA0BD58, > JJH48-ARIN > > On Nov 12, 2016, at 13:28, Mehrdad Arshad Rad <arshad@gmail.com> wrote: > > Hi, > > I've started to develop an open source tool 4 months ago to help > neteng/sysadmin/sysops please take look at the below link and let me know > if you have any suggestions. > > https://github.com/mehrdadrad/mylg > > p.s you can download it for different operating systems at http://mylg.io > > Thanks, > Mehrdad -- Jason Hellenthal JJH48-ARIN
Re: CenturyLink in Advanced Talks to Merge With Level 3 Communications - Interweb is doomed
lol > On Oct 28, 2016, at 00:43, Larry Sheldon <larryshel...@cox.net> wrote: > > > > On 10/27/2016 12:36, Nevin Gonsalves via NANOG wrote: >> :-) >> http://www.wsj.com/articles/centurylink-in-advanced-talks-to-merge-with-level-3-communications-1477589011 > > OH BOY! Omaha Taxpayers get to replace all the BGSs for their party venue > boondoggle. Again. > > > https://www.google.com/maps/place/CenturyLink+Center+Omaha/@41.2623782,-95.9281322,19z/data=!4m5!3m4!1s0x0:0xe896a8b5037ce4d0!8m2!3d41.2624226!4d-95.9282445 > > -- > "Everybody is a genius. But if you judge a fish by > its ability to climb a tree, it will live its whole > life believing that it is stupid." > > --Albert Einstein > > From Larry's Cox account. -- Jason Hellenthal JJH48-ARIN
Re: Route It Or Lose It
Well what else would you expect from todays information age. It’s like leaving a $100.00 bill on the sidewalk and expecting it to be there the following day. > On Oct 18, 2016, at 00:08, Ronald F. Guilmette <r...@tristatelogic.com> wrote: > > > What a friendly, helpful place the modern Internet is! > > Like the forrest floor, its an ecosystem where things don't go > to waste. > > If you happen to inadvertantly leave your shiny /18 IPv4 block > lying around, don't worry. It won't be long before some helpful > Bulgarian, Romania, Ukranian or Russian will happen by, notice > that you failed to route it, and then fix that for you, at no > charge, and without you even having to ask. Then, as a bonus, > also at no charge, he'll fill it to the brim with snowshoe spammers > for you! How helpful! > > 124.157.0.0/18 (VietNam) -> AS44814 (Bulgaria) > -- Jason Hellenthal JJH48-ARIN
Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension
Thanks for chiming in Jesse. > On Oct 13, 2016, at 08:08, Jesse McGraw <jlmcg...@gmail.com> wrote: > > Lee, > > Check out the setup.sh script, hopefully it does everything necessary to get > the script working on a Debian-derived Linux system > > I've attempted to make the only globally-installed dependencies be cpanm and > carton. Once those are installed it uses carton to install the dependencies > locally > > > On 10/12/2016 07:59 PM, Lee wrote: >> On 10/12/16, Jason Hellenthal <jhellent...@dataix.net> wrote: >>> Give these a shot. https://github.com/jlmcgraw/networkUtilities >>> >>> I know J could use a little feedback on those as well but all in all they >>> are pretty solid. >> Where does one get Modern/Perl.pm ? >> >> Can't locate Modern/Perl.pm in @INC (you may need to install the >> Modern::Perl module) (@INC contains: /tmp/local/lib/perl5 >> /usr/lib/perl5/site_perl/5.22/i686-cygwin-threads-64int >> /usr/lib/perl5/site_perl/5.22 >> /usr/lib/perl5/vendor_perl/5.22/i686-cygwin-threads-64int >> /usr/lib/perl5/vendor_perl/5.22 >> /usr/lib/perl5/5.22/i686-cygwin-threads-64int /usr/lib/perl5/5.22 .) >> at /tmp/iosToHtml.pl line 87. >> BEGIN failed--compilation aborted at /tmp/iosToHtml.pl line 87. >> >> Lee >> >> >> >>>> On Oct 11, 2016, at 08:48, Lee <ler...@gmail.com> wrote: >>>> >>>> On 10/10/16, Jay Hennigan <j...@west.net> wrote: >>>>> On 10/6/16 1:26 PM, Jesse McGraw wrote: >>>>>> Nanog, >>>>>> >>>>>>(This is me scratching an itch of my own and hoping that sharing it >>>>>> might be useful to others on this list. Apologies if it isn't) >>>>>> >>>>>> When I'm trying to comprehend a new or complicated Cisco router, >>>>>> switch or firewall configuration an old pet-peeve of mine is how >>>>>> needlessly difficult it is to follow deeply nested logic in route-maps, >>>>>> ACLs, QoS policy-maps etc etc >>>>>> >>>>>> To make this a bit simpler I’ve been working on a perl script to >>>>>> convert >>>>>> these text-based configuration files into HTML with links between the >>>>>> different elements (e.g. To an access-list from the interface where >>>>>> it’s >>>>>> applied, from policy-maps to class-maps etc), hopefully making it >>>>>> easier >>>>>> to to follow the chain of logic via clicking links and using the >>>>>> forward >>>>>> and back buttons in your browser to go back and forth between command >>>>>> and referenced list. >>>>> Way cool. Now to hook it into RANCID >>>> It looks like what I did in 2.3.8 should still work - control_rancid >>>> puts the diff output into $TMP.diff so add this bit: >>>> grep "^Index: " $TMP.diff | awk '/^Index: configs/{ >>>> if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; } >>>> printf("%s ", $2) >>>> } >>>> END{ printf("\n") } >>>> ' >$TMP.doit >>>> /bin/sh $TMP.doit >$TMP.out >>>> if [ -s $TMP.out ] ; then >>>> .. send mail / whatever >>>> rm $TMP.doit $TMP.out >>>> fi >>>> >>>> Regards, >>>> Lee >>> >>> -- >>> Jason Hellenthal >>> JJH48-ARIN >> . >> > -- Jason Hellenthal JJH48-ARIN
Re: A perl script to convert Cisco IOS/Nexus/ASA configurations to HTML for easier comprehension
Give these a shot. https://github.com/jlmcgraw/networkUtilities I know J could use a little feedback on those as well but all in all they are pretty solid. > On Oct 11, 2016, at 08:48, Lee <ler...@gmail.com> wrote: > > On 10/10/16, Jay Hennigan <j...@west.net> wrote: >> On 10/6/16 1:26 PM, Jesse McGraw wrote: >>> Nanog, >>> >>>(This is me scratching an itch of my own and hoping that sharing it >>> might be useful to others on this list. Apologies if it isn't) >>> >>> When I'm trying to comprehend a new or complicated Cisco router, >>> switch or firewall configuration an old pet-peeve of mine is how >>> needlessly difficult it is to follow deeply nested logic in route-maps, >>> ACLs, QoS policy-maps etc etc >>> >>> To make this a bit simpler I’ve been working on a perl script to convert >>> these text-based configuration files into HTML with links between the >>> different elements (e.g. To an access-list from the interface where it’s >>> applied, from policy-maps to class-maps etc), hopefully making it easier >>> to to follow the chain of logic via clicking links and using the forward >>> and back buttons in your browser to go back and forth between command >>> and referenced list. >> >> Way cool. Now to hook it into RANCID > > It looks like what I did in 2.3.8 should still work - control_rancid > puts the diff output into $TMP.diff so add this bit: > grep "^Index: " $TMP.diff | awk '/^Index: configs/{ > if ( ! got1 ) { printf("/usr/local/bin/myscript.sh "); got1=1; } > printf("%s ", $2) > } > END{ printf("\n") } > ' >$TMP.doit > /bin/sh $TMP.doit >$TMP.out > if [ -s $TMP.out ] ; then > .. send mail / whatever > rm $TMP.doit $TMP.out > fi > > Regards, > Lee -- Jason Hellenthal JJH48-ARIN
Re: Level 3 voice outage
Patience Obi Wan ! They are investigating the root cause and like most root causes they don’t just hold out a flag and say here I am !!! > On Oct 4, 2016, at 10:32, Ivaylo Katovski <ivokatov...@gmail.com> wrote: > > When will L3 notify their customers for the outage?!? According to l3 > twitter account their are aware of the voice impact and working on it > > On Oct 4, 2016 11:03 AM, "Mark Stevens" <mana...@monmouth.com> wrote: > >> Is anyone noticing issue with Level 3 voice? I can't even call their 800 >> number using one of my other carriers. >> >> Mark >> -- Jason Hellenthal JJH48-ARIN
[Cox Communications] RFC1918 On WAN Interfaces
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Could a clueful network operator from Cox contact me off list when they get a chance. Pertaining to RFC1918 appearing on our business WAN interfaces. Thanks - -- Jason Hellenthal JJH48-ARIN -BEGIN PGP SIGNATURE- iQEcBAEBCAAGBQJXQ1MIAAoJEDLu+wRc4KcIAOoH/A+HtiKIACE2ec07feb6RWRJ ed0tzLjW8ahljw+NGHYtSR4MZ0UtylUL8/QFplu9fxjVl6A4hFlpXY0Jjvkyq5T1 3R9Ec5V8hvKdW3r0yzpV/QghBWFPeV49C44SmQgnMPmlMksurBCH91yuPytTW5fz JKIJtjjhaDn4Zyg6eSSsMp0ueyOk8N8nLouCkjF/bj3EHS6bkRWwQDR6KNCLjKdB yXAV7ZnrtyrcqZBzW+covFGmGA6yrFwTNe7FaMCYT4jsm8HhEC1afW639iBhcZ23 +XaJKTPZF97X1x8/6VtMoooDoN7cW7OMRzGhF16kycv6gWSIbsoNQuKuqoJxQj0= =31hc -END PGP SIGNATURE-
Re: Cisco CMTS SNMP OID's
Not that you wouldn't have looked already but at the moment too much information for me to consume I figured it would be worthwhile mentioning I case you didn't know or maybe others as well. ftp://ftp.cisco.com/pub/mibs/oid/ I've had some custom ones around in the past and if I can figure out where they are held I'll shoot them your way. -- Jason Hellenthal JJH48-ARIN On Jan 24, 2016, at 13:06, Lorell Hathcock <lor...@hathcock.org> wrote: All: Does anyone out there have some valuable OID's for a Cisco CMTS? The ones I am looking for are: Signal to Noise per upstream channel Cable Modem counts of all kinds connected / online ranging offline I opened a ticket through Cisco's help desk. I have a SmartNET contract for the unit, but they were not very helpful. The OIDs they suggested did not yield any useful data. ("0" when I know there are CMs connected, etc). Thanks in advance. Lorell Hathcock
1and1 Clueful Email / DNS Admin Requested
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Would a 1and1 clueful DNS and Email Expert contact me off list. Tech support cannot seem to provide a customer of ours with appropriate help. Thanks - -- Jason Hellenthal JJH48-ARIN -BEGIN PGP SIGNATURE- iQEcBAEBCAAGBQJWgrHgAAoJEDLu+wRc4KcIC4sH/1Uo02IRtY5C1WOqZTMzYJcO Y4W1p2og4AUmf9M4QaENfdR2zvQkorkvJFZ9yg15RGH5icg8adpxs98MbI5QeL/R 8Ylsre3MqvTbWPSqRzWdud2ClYjtlclCXEFNn/gYZP1LXaFu2EUixcoMDdQx4ogY 0FdV3cOT6K1/3czywKb3oWa6NUYSWELsErheq559jmxTNZPpIogJBWuCNR57OH2f 7XigD8kdXgVjIc3sY4ttj+KEZL7BQgw25KFLGmdrCvvb1HZQg3mbGQEq1vo+Tn0S Cbm5+wYKsc+v5liRwgmA8eapGQb903V/Y/dAGMD9X6Z45hVhXMJG21mYG/L55FY= =H+9V -END PGP SIGNATURE-
[CenturyLink][Proto UDP] Blockage of UDP Outbound from Source Port 53
Could a CenturyLink network admin/engineer contact me off list. We have multiple locations receiving DNS queries over UDP where we see the connections making into our server and back out to our CenturyLink edge routers but never completes back to the connecting client at multiple locations. Connections Failing From Digital Ocean NY, Time Warner WI, Rackspace DFW TX (Hartford CT)# dig +short +novc @208.46.135.X domain.com A (Cleveland OH)# dig +short +novc @65.112.236.X domain.com A Connections from Chicago Rackspace to the above locations work as expected. CenturyLink Orlando FL to Hartford CT or Cleveland OH, CenturyLink circuits work as expected. Contact off list for domain and ip information used above. Thanks -- Jason Hellenthal JJH48-ARIN
Re: Google IMAP
$ dig @8.8.8.8 imap.gmail.com ; <<>> DiG 9.10.3 <<>> @8.8.8.8 imap.gmail.com ; (1 server found) ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49149 ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 512 ;; QUESTION SECTION: ;imap.gmail.com.IN A ;; ANSWER SECTION: imap.gmail.com. 299 IN CNAME gmail-imap.l.google.com. gmail-imap.l.google.com. 299IN A 173.194.74.108 gmail-imap.l.google.com. 299IN A 173.194.74.109 ;; Query time: 28 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Wed Oct 21 01:02:22 UTC 2015 ;; MSG SIZE rcvd: 109 I don’t recall this ever being imap.google.com > On Oct 20, 2015, at 19:54, Nathanael Cariaga > <nathanael.cari...@adec-innovations.com> wrote: > > Any GMail / Google Apps guys here? Just want to ask if there are issues > with imap.google.com > > > ; <<>> DiG 9 <<>> @localhost imap.google.com A > ; (1 server found) > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 24131 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0 > > ;; QUESTION SECTION: > ;imap.google.com. IN A > > ;; AUTHORITY SECTION: > google.com. 60 IN SOA ns4.google.com. > dns-admin.google.com. > 105915603 900 900 1800 60 > > ;; Query time: 16 msec > ;; SERVER: 127.0.0.1#53(127.0.0.1) > ;; WHEN: Wed Oct 21 02:53:04 2015 > ;; MSG SIZE rcvd: 83 > > > > > -- > Regards, > > > -nathan -- Jason Hellenthal JJH48-ARIN
Re: IP-Echelon Compliance
RoFLx1000 Srysly! Cluebat who are these people again and why does anyone need them ? #Sigh -- Jason Hellenthal JJH48-ARIN On Oct 13, 2015, at 09:52, s...@ip-echelon.com wrote: Hi Fred, I can’t find your name, email address or the domain-name from your email in our mailboxes. If you send the request via this webform or via email to the address specified in the notice, we’ll absolutely jump on it and respond ASAP. I can’t monitor this thread further but please reach out via the channels described so we can help. Cheers, Seth > On Oct 13, 2015, at 2:10 AM, Fred Hollis <f...@web2objects.com> wrote: > > At least, we tried contacting you many times, but you ignored all our > requests. > > Still receiving thousands of e-mails not related to our IPs on daily basis. > >> On 13.10.2015 at 00:04 Seth Arnold wrote: >> Hi All, >> >> Please feel free to get in touch with us to request changes. >> >> Expedited processing of your requests is offered through the Notice >> Recipient Management for ISPs section of our website located here: >> http://www.ip-echelon.com/isp-notice-management/ >> <http://www.ip-echelon.com/isp-notice-management/> >> >> If you are in the U.S., please also ensure that your change is reflected in >> the records of the US Copyright Office: >> http://copyright.gov/onlinesp/list/a_agents.html >> <http://copyright.gov/onlinesp/list/a_agents.html> >> >> >> Cheers, >> Seth >>
Re: Level(3) ex-twtelecom midwest packet loss (4323)
Cleared up here in WI TW/Level3 COLO between 19:00 - 19:20 CST - 3235 Intertech Dr. Brookfield On Aug 26, 2015, at 16:44, Ryan K. Brooks r...@hack.net wrote: Seems to be impacting their entire network now. On 8/26/15 4:41 PM, Rafael Possamai wrote: I have been seeing the same issues, but haven't heard anything back yet. It has improved in the last 30 minutes or so, see below. http://imgur.com/KVAzetA * * On Wed, Aug 26, 2015 at 4:34 PM, Ryan K. Brooks r...@hack.net mailto:r...@hack.net wrote: Seeing packet loss on AS4323 since 2:30 Central time. NOC is unresponsive to phone and email. Anyone have an idea what's going on over there? -- Jason Hellenthal JJH48-ARIN signature.asc Description: Message signed with OpenPGP using GPGMail
Re: GoDaddy : DDoS :: Contact
Just block it -- Jason Hellenthal JJH48-ARIN On Aug 2, 2015, at 14:59, Jason LeBlanc jason.lebl...@infusionsoft.com wrote: My company is being DDoS'd by a single IP from a GoDaddy customer. I havent had success with the ab...@godaddy.com email. Was hoping someone that could help might be watching the list and could contact me off-list. //Jason
Re: grepcidr 2.99
-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Hi John, Great contribution. Thanks Might I make a suggestion? with the following command it gives Invalid CIDR. In my usage it would seem logically convenient to throw any quad octet at it and have it translate to the proper CIDR range that isn’t reported as invalid since it does this anyway. For instance 127.0.0.1/8 would just become 127.0.0.0/8. Then add a (-d) flag for debugging or verbose messages. My first impression of the output was that it was only going to grep for valid CIDR ranges which was not true. $ cidr 127.0.0.1/8 Invalid cidr: 127.0.0.1/8 $ grepcidr -q 192.0.0.1/24 Invalid cidr: 192.0.0.1/24 All-in-all great tool and putting it to use right away! Thank you John On Jun 9, 2015, at 11:27, John Levine jo...@iecc.com wrote: I've updated grepcidr again, adding some code contributed by a user. (This open source thing may actually have a future.) grepcidr is what it sounds like, you give it a bunch of CIDR ranges, and files to read, and it prints out the lines in the files that contain addresses that match any of the CIDR ranges. The new feature lets it match CIDR ranges in the input files as well as IP addresses. It handles both IPv4 and IPv6. It maps each file into memory and runs a state machine over the file in one pass so it's quite fast. There should be no limits on line length, file size, or number of patterns other than running out of memory. Find it here: http://www.taugh.com/grepcidr-2/ Regards, John Levine, jo...@iecc.com, Primary Perpetrator of The Internet for Dummies, Please consider the environment before reading this e-mail. http://jl.ly - -- Jason Hellenthal JJH48-ARIN -BEGIN PGP SIGNATURE- iQEcBAEBCAAGBQJVd4OPAAoJEDLu+wRc4KcIKNYH/15qbVxyPhtcR3HnIXxEWzY+ hwLL0650Dr3cCxFAYkvNqcATgF8e3ZJTxDSKKs3jOlYTzGqQvMfbfI1AAMZyVuWD uyYDHP3SdQfzLlNclDAKZYHVdGNLVn76kew9k1R3uV8qdxfxtuRIhrko2bM60IxM dokeftVUafApnVU40O3mnHaDwAuoqWhKXZhMntNNrPRQqpwNoGfdiGMUtqTsDF6f XjTfY6Xtn3L6lzWK48PGqU6Tvj8/yKVR4BTMlfAp5UNqozYFl8nxfbfRBFEJDfDw JrlHpI52Z2n4d8zy/XKByWhiOskpPnm5QIxZHYXIfcvFA6nJSfl4J7ZiQvkkajE= =GuNx -END PGP SIGNATURE-
ControlNow / MailEssentials Admin Requested
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Could a clueful ControlNow smtp admin contact me off-ist. RE: na0102.smtpout.com - -- Jason Hellenthal JJH48-ARIN -BEGIN PGP SIGNATURE- iQEcBAEBAgAGBQJU7LauAAoJEDLu+wRc4KcIMecIAI35ZHbTDyLWcSLtYkuM8oxP zvsDZhHtD5r3j0iUkhD0jDpEWS2F1wTkQwZ6fZDWfaLcrqM90y2F5jQMYkmQ1FZa IlyAOlOqqOGvzLAuhNlXEac92MoIGMK6bcgxl1LBunO2k7CyGa1j0kFn7e0df5jp vSD3J5Rt97AvnqWUjLxJ37wy2tDlVTZbYASvaW+bDRen2oeU0rZu8blHoWbMTILo V/9JOblSgMpp3NvyjfeZI7G5u/qswescr6zikErHfIMx0t3sO0NYnsmmgV9yXuJw +uswFRclM3MGs6ExKDkg3Vsu8rMv/6S/0BjF1v4hmIDOo6T/d2W0IybpTjnOtlo= =ikhw -END PGP SIGNATURE-
Re: Charter ARP Leak
Well sure they are subnets :-) of 0.0.0.0/4 range: 0.0.0.0 15.255.255.255 range b10: 0 268435455 range b16: 0x0 0xfff hosts: 268435456 prefixlen: 4 mask:240.0.0.0 Doubt anyone should ever describe them as such unless they own all that space though. May God rest their soul if they do. On Dec 29, 2014, at 19:21, Larry Sheldon larryshel...@cox.net wrote: On 12/29/2014 11:35, Brett Frankenberger wrote: On Mon, Dec 29, 2014 at 12:27:04PM -0500, Jay Ashworth wrote: Valdis, you are correct. What your seeing is caused by multiple IP blocks being assigned to the same CMTS interface. Am I incorrect, though, in believing that ARP packets should only be visible within a broadcast domain, broadcast domain != subnet It surprises me that in this day and age, in a forum like this that has an active thread about kids being taught archaic concepts, we see language like broadcast domain != subnet and a perceived need to explain it. [no longer germane material deleted to reduce excess baggage charges] int ethernet 0/0 ip address 10.0.0.1 255.255.0.0 ip address 11.0.0.1 255.255.0.0 secondary ip address 12.0.0.1 255.255.0.0 secondary The broadcast domain will have ARP broadcasts for all three subnets. This are not subnets! They are IP addresses in three different IP networks. Doing it over a CMTS doesn't change that. Communication here perceived as hostile is apologized-for. -- The unique Characteristics of System Administrators: The fact that they are infallible; and, The fact that they learn from their mistakes. Quis custodiet ipsos custodes -- Jason Hellenthal Mobile: +1 (616) 953-0176 jhellent...@dataix.net JJH48-ARIN
Re: Looking for piece of undersea cable
Tanzania looks to have a peace they wouldn’t miss … grab your scuba gear we’ll go swimming :-) On Dec 12, 2014, at 14:58, Colin McIntosh cmcintos...@gmail.com wrote: Hey all, I'm looking for a piece of undersea cable to use for educational purposes and was hoping somebody would have a section they can part with. Doesn't need to be a big piece, really any size will work. I can pay for shipping and the cable, if needed. Thanks! -Colin -- Jason Hellenthal Mobile: +1 (616) 953-0176 jhellent...@dataix.net JJH48-ARIN
Re: Looking for piece of undersea cable
http://www.submarinecablemap.com/ On Dec 12, 2014, at 15:11, Jason Hellenthal jhellent...@dataix.net wrote: Tanzania looks to have a peace they wouldn’t miss … grab your scuba gear we’ll go swimming :-) On Dec 12, 2014, at 14:58, Colin McIntosh cmcintos...@gmail.com wrote: Hey all, I'm looking for a piece of undersea cable to use for educational purposes and was hoping somebody would have a section they can part with. Doesn't need to be a big piece, really any size will work. I can pay for shipping and the cable, if needed. Thanks! -Colin -- Jason Hellenthal Mobile: +1 (616) 953-0176 jhellent...@dataix.net JJH48-ARIN -- Jason Hellenthal Mobile: +1 (616) 953-0176 jhellent...@dataix.net JJH48-ARIN
Re: Kind of sad
Ha ya know what they say... Don't ever trust someone that says trust me... -- Jason Hellenthal Mobile: +1 (616) 953-0176 jhellent...@dataix.net JJH48-ARIN On Nov 10, 2014, at 21:43, Joe jbfixu...@gmail.com wrote: Generally speaking its best you do what your good at and this is not it. Exposing there is a window open to a gov agency is not hacking, trust me. I would say go back to fathering children and once you have a few more years under your belt feel free to join in. On Mon, Nov 10, 2014 at 5:48 PM, Brian Henson marin...@gmail.com wrote: Generally speaking its a bad idea to show you hacking into a server. Makes it to easy to prosecute those who do.
Re: Can anyone check this routing against Charter in WI?
No particular issues from where I'm at. Route - #1: 12.1 ms IP Address: 172.31.32.1 Hostname: gateway.dataix.local - #2: 5.2 ms IP Address: 192.168.1.1 - #3: 11.5 ms IP Address: 10.155.64.1 - #4: 14.0 ms IP Address: 96.34.34.206 Hostname: dtr02hlldmi-tge-0-1-1-2.hlld.mi.charter.com Country Name: United States Country Code: US - #5: 16.6 ms IP Address: 96.34.32.30 Hostname: crr02aldlmi-bue-12.aldl.mi.charter.com Country Name: United States Country Code: US Time Zone: America/Los_Angeles Region: California City: San Francisco Latitude: 37.775 Longitude: -122.419 - #6: 20.3 ms IP Address: 96.34.2.10 Hostname: bbr01aldlmi-bue-2.aldl.mi.charter.com Country Name: United States Country Code: US Time Zone: America/Los_Angeles Region: California City: San Francisco Latitude: 37.775 Longitude: -122.419 - #7: 23.7 ms IP Address: 96.34.0.99 Hostname: bbr01chcgil-bue-4.chcg.il.charter.com Country Name: United States Country Code: US Time Zone: America/Los_Angeles Region: California City: San Francisco Latitude: 37.775 Longitude: -122.419 - #8: 19.9 ms IP Address: 96.34.3.114 Hostname: prr02chcgil-bue-3.chcg.il.charter.com Country Name: United States Country Code: US Time Zone: America/Los_Angeles Region: California City: San Francisco Latitude: 37.775 Longitude: -122.419 - #9: 154.7 ms IP Address: 23.30.206.169 Hostname: be-204-pe04.350ecermak.il.ibone.comcast.net AS Number: AS7922 AS Name: Comcast Cable Communications, Inc. Country Name: United States Country Code: US - #10: 27.5 ms IP Address: 68.86.83.53 Hostname: he-3-1-0-0-cr01.350ecermak.il.ibone.comcast.net AS Number: AS7922 AS Name: Comcast Cable Communications, Inc. Country Name: United States Country Code: US Time Zone: America/Los_Angeles Region: California City: San Francisco Latitude: 37.775 Longitude: -122.419 - #11: 26.1 ms IP Address: 68.86.94.242 Hostname: he-0-12-0-0-ar01.pontiac.mi.michigan.comcast.net AS Number: AS7922 AS Name: Comcast Cable Communications, Inc. Country Name: United States Country Code: US Time Zone: America/Los_Angeles Region: California City: San Francisco Latitude: 37.775 Longitude: -122.419 - #12: 29.0 ms IP Address: 162.151.20.173 Hostname: te-0-8-0-7-ar01.taylor.mi.michigan.comcast.net AS Number: AS7922 AS Name: Comcast Cable Communications, Inc. Country Name: United States Country Code: US - #13: 26.9 ms IP Address: 68.85.223.185 Hostname: te-7-1-ur02.ypwest.mi.michigan.comcast.net AS Number: AS7922 AS Name: Comcast Cable Communications, Inc. Country Name: United States Country Code: US -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN On Jun 15, 2014, at 20:20, Michael Clark mikeal.cl...@gmail.com wrote: Well my routing isn't nearly that bad. I haven't been able to get confirmation but support said they are probably just routing around a problem and they can't get any direct feedback form network engineers. I should get an update tomorrow hopefully. I'm also seeing some bandwidth issues on charters internal network. Something must be going on. Best to have up and go get some Bells :) Sent from my iPhone On Jun 15, 2014, at 7:10 PM, Rusty Dekema rdek...@gmail.com wrote: Are you still seeing odd routing with Charter in Wisconsin? Charter's routing in Michigan seems to be going pretty crazy at the moment as well. The following traceroute is from a Charter residential line* in Kalamazoo MI to a Comcast business (DOCSIS) line in Ypsilanti MI, by way of several unknown hops, some of which are in RFC 1918 space, Sprintlink possibly in Fort Worth TX, another unknown hop, then Comcast Dallas TX, Comcast Marietta GA, Comcast Ashburn VA, then finally Comcast MI. Needless to say, this is not the normal route: http://pastebin.com/9CKmea6M Tracing the same route but in the other direction also yields odd results. The route proceeds normally to a Comcast ibone router in 350 E. Cermak (Chicago IL), but the very next hop after that router is the public IP of the Charter service in Kalamazoo MI as follows: http://pastebin.com/VCCgnUsn For what it's worth, if anyone could explain to me what might cause that behavior (between hops 8 and 9), I would really appreciate the knowledge. The routing between that same Charter residential service and a Merit/Michnet endpoint in southeast Michigan is also odd, taking a detour through Virginia [xe-8-3-0.1018.asbn0.tr-cps.internet2.edu (198.71.47.25)], which it does not normally do. The routing in that case does appear to be the same regardless of which side you initiate the traceroute from. Cheers, Rusty Dekema * The Charter residential line's IP address is currently reverse resolving to a Charter DHCP pool in Bay City, MI, which is over 100 miles from Kalamazoo. This is also unusual. The Charter service in question is now and has
Re: yahoo.fr is no longer interested in your abuse reports.
RoJlx100 -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN On Jun 11, 2014, at 17:28, Harald Koch c...@pobox.com wrote: On 11 June 2014 16:41, goe...@anime.net wrote: It's the content. They're spamfiltering their abuse mailbox. As supporting evidence I offer the fact that this entire conversation ended up in my (Google) Junk folder. -- Harald smime.p7s Description: S/MIME cryptographic signature
Re: Remote Hands Spokane, WA?
I know a guy that lives out that way if you'd like me to bring him in. -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN On Mar 27, 2014, at 15:11, Aaron C. de Bruyn aa...@heyaaron.com wrote: Anyone available for remote hands (installing memory) in Spokane, WA on a Thursday during business hours? -A smime.p7s Description: S/MIME cryptographic signature
Re: If you're on LinkedIn, and you use a smart phone...
Well said -- Jason Hellenthal Voice: 95.30.17.6/616 JJH48-ARIN On Oct 26, 2013, at 2:06, Jimmy Hess mysi...@gmail.com wrote: On Fri, Oct 25, 2013 at 6:43 PM, Chris Hartley hartl...@gmail.com wrote: Anyone who has access to logs for their email infrastructure ought probably to check for authentications to user accounts from linkedin's servers. [snip] Perhaps a prudent countermeasure would be to redirect all POP, IMAP, and Webmail access to your corporate mail server from all of LinkedIn's IP space to a Honeypot that will simply log usernames/credentials attempted. The list of valid credentials, can then be used to dispatch a warning to the offender, and force a password change. This could be a useful proactive countermeasure against the UIT (Unintentional Insider Threat); of employees inappropriately entering corporate e-mail credentials into a known third party service with outside of organizational control. Seeing as Linkedin almost certainly is not providing signed NDAs and privacy SLAs; it seems reasonable that most organizations who understand what is going on, would not approve of use of the service with their internal business email accounts. -- -JH smime.p7s Description: S/MIME cryptographic signature
Re: Yahoo is now recycling handles
Alec . . . I'll take I dont use Yahoo because of Yahoo 's for a 100 please. -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Sep 4, 2013, at 9:36, Leo Bicknell bickn...@ufp.org wrote: On Sep 3, 2013, at 10:47 PM, Peter Kristolaitis alte...@alter3d.ca wrote: The issue was studied thoroughly by a committee of MBAs who, after extensive thought (read: 19 bottles of scotch), determined that there was money to be made. whatcouldpossiblygowrong? Apparently it was implemented by a group of low-bid programmers in a far off land. I have, err, had, a Yahoo! account I used for two things, getting e-mail from Yahoo! groups and accessing Flickr. I was on Flickr not a two or three months ago to fix a picture someone noticed was in the wrong album. When I saw this I thought I should log in again to reset my one year ticker. Off to www.yahoo.com and click sign in. Enter userid, enter password. Drops me to a CAPTCHA screen, that's odd, never seen that before, but ok. Enter CAPTCHA and it redirects me to https://edit.yahoo.com/forgot;, which when reached from said CAPTCHA screen renders as a 100% blank page. That's some fine web coding. I went to the flickr site, tried to log in. At least there it tells me my userid is in the process of being recycled. No option to recover. Try creating a new account with the same userid, sorry, it's in use. So as far as I can tell: - The must be inactive for one year is BS, and/or logging into Flickr didn't count in my case. - No notifications are sent, so if you're a person who is there for things like Yahoo groups and forwards your e-mail elsewhere you may be using the service in a way that generates no logs. - There is no way to get an account back that is in the recycling phase, which is frankly stupid. As a result Yahoo! has lost a Flickr and Groups member, and I'm not sure I see any reason to sign up again at this point. -- Leo Bicknell - bickn...@ufp.org - CCIE 3440 PGP keys at http://www.ufp.org/~bicknell/ smime.p7s Description: S/MIME cryptographic signature
Re: A split window multi ping program
Nifty idea but could you give me a scenario where this would come in handy where a single instance of fPing -g would not be adequate ? -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Aug 25, 2013, at 15:47, sharon saadon sharon...@gmail.com wrote: Hello, At the passing month, i looked for some small program that can ping to multiply servers in a split window or a program with a split dos windows, i did not found it, So i developed one :) You can download it here.. http://www.sharontools.com/products/9ping.php Regards, Sharon Saadon smime.p7s Description: S/MIME cryptographic signature
Re: A split window multi ping program
Nice features. Good work and thanks for sharing. I'll see if I can put it to use and hopefully be able to provide some intelligible feedback. Thanks. -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Aug 25, 2013, at 17:30, sharon saadon sharon...@gmail.com wrote: I need it for ATP tests, I need to know if there was packet lost while disconnecting cables / making changes all the ping results are saved, and you can add bookmarks of the tests you do.. Sharon On Sun, Aug 25, 2013 at 10:59 PM, Jason Hellenthal jhellent...@dataix.net wrote: Nifty idea but could you give me a scenario where this would come in handy where a single instance of fPing -g would not be adequate ? -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Aug 25, 2013, at 15:47, sharon saadon sharon...@gmail.com wrote: Hello, At the passing month, i looked for some small program that can ping to multiply servers in a split window or a program with a split dos windows, i did not found it, So i developed one :) You can download it here.. http://www.sharontools.com/products/9ping.php Regards, Sharon Saadon smime.p7s Description: S/MIME cryptographic signature
Re: Assistance for Eavesdropping Legally on Avian Carriers (AELAC)
Wow I can't believe this is still going around. All you apparently need for this is a .gov spook possessed by evil entity X and all these avians will come crashing right into their federal widows like a DDoS. Scary head spinning fun ;-) -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Jun 25, 2013, at 22:58, Sean Donelan s...@donelan.com wrote: On Tue, 25 Jun 2013, Nick Khamis wrote: We are however trying to conform to RFC standards as pointed out by Jev. You guys really need to look at this. It's easily implementable: http://tools.ietf.org/html/rfc1149 That remind me I need to finish my April 1 submission to the RFC editor for next year. This has been sitting in my todo pile for several years. RFC for publication on April 1, Assistance for Eavesdropping Legally on Avian Carriers (AELAC) Abstract The memo provides an overview and principles regarding Lawful Intercept(LI) of networks using RFC 1149, A Standard for the Transmission of IP Datagrams on Avian Carriers. National requirements are not addressed. Overview and Rational Avian Carriers have not provided law enforcement with advanced capabilities to conduct covert surveillance of a subject's communications. When approached by law enforcement, Avian Carriers take flight leaving behind difficult to decode droppings of their activities. Identifying a specific packet stream within a large flock of carriers is difficult. Due to the 3D ether space available to carriers and their intrinsic collision avoidance systems, although sometimes poorly implemented with windows, performing full content communications interceptions can be hit or miss. This memo does not address specific national requirements for eavesdropping. Nevertheless, it may be important to public safety that carriers never use any communication technology which could hinder law enforcement.s access to the communications of a subject of a lawful order authorizing surveillance. Avian Carriers have a long and distinguished history in communications. For thousands of years they have been used to carry important messages to military and business leaders. However, they have also been used for nefarious purposes ranging from possible financial market manipulation after Napoleo's defeat at Waterloo to reports of enemy pigeons operating in England during World War II. smime.p7s Description: S/MIME cryptographic signature
Re: Assistance for Eavesdropping Legally on Avian Carriers (AELAC)
Matter of fact the sky is full of lightening right now... Anyone got a pentagram packet and a weje board ? -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Jun 25, 2013, at 22:58, Sean Donelan s...@donelan.com wrote: On Tue, 25 Jun 2013, Nick Khamis wrote: We are however trying to conform to RFC standards as pointed out by Jev. You guys really need to look at this. It's easily implementable: http://tools.ietf.org/html/rfc1149 That remind me I need to finish my April 1 submission to the RFC editor for next year. This has been sitting in my todo pile for several years. RFC for publication on April 1, Assistance for Eavesdropping Legally on Avian Carriers (AELAC) Abstract The memo provides an overview and principles regarding Lawful Intercept(LI) of networks using RFC 1149, A Standard for the Transmission of IP Datagrams on Avian Carriers. National requirements are not addressed. Overview and Rational Avian Carriers have not provided law enforcement with advanced capabilities to conduct covert surveillance of a subject's communications. When approached by law enforcement, Avian Carriers take flight leaving behind difficult to decode droppings of their activities. Identifying a specific packet stream within a large flock of carriers is difficult. Due to the 3D ether space available to carriers and their intrinsic collision avoidance systems, although sometimes poorly implemented with windows, performing full content communications interceptions can be hit or miss. This memo does not address specific national requirements for eavesdropping. Nevertheless, it may be important to public safety that carriers never use any communication technology which could hinder law enforcement.s access to the communications of a subject of a lawful order authorizing surveillance. Avian Carriers have a long and distinguished history in communications. For thousands of years they have been used to carry important messages to military and business leaders. However, they have also been used for nefarious purposes ranging from possible financial market manipulation after Napoleo's defeat at Waterloo to reports of enemy pigeons operating in England during World War II. smime.p7s Description: S/MIME cryptographic signature
Re: Assistance for Eavesdropping Legally on Avian Carriers (AELAC)
Lol -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Jun 26, 2013, at 0:04, Lyndon Nerenberg lyn...@orthanc.ca wrote: On 2013-06-25, at 8:54 PM, Jason Hellenthal jhellent...@dataix.net wrote: Anyone got a pentagram packet and a weje board ? Be careful, when you pull out the chalk to draw a pentaGRAM around your data centre, that you don't – accidentally – draw a pentaGONE. smime.p7s Description: S/MIME cryptographic signature
Re: GMail IPv6 IMAP Issue, or is it Just Me?
IDK, But I get NXDOMAIN upon lookup of imap. But have all my clients using mail.google.com for imaps. I get ipv6 on 2607:f8b0:4009:802::1015 -- Jason Hellenthal Inbox: jhellent...@dataix.net Voice: +1 (616) 953-0176 JJH48-ARIN On Jun 1, 2013, at 13:53, Stevens, Brant I. bra...@argentiumsolutions.com wrote: Is anyone else having issues reaching GMail on IPv6 via IMAP, or is it just me? Here's some of what I'm seeing: It responds to ping... imac01:~ branto$ ping6 imap.gmail.com PING6(56=40+8+8 bytes) 2001:470:8d30:b00c::bb0e -- 2607:f8b0:400d:c00::6c 16 bytes from 2607:f8b0:400d:c00::6c, icmp_seq=0 hlim=55 time=31.299 ms 16 bytes from 2607:f8b0:400d:c00::6c, icmp_seq=1 hlim=55 time=41.528 ms 16 bytes from 2607:f8b0:400d:c00::6c, icmp_seq=2 hlim=55 time=30.092 ms 16 bytes from 2607:f8b0:400d:c00::6c, icmp_seq=3 hlim=55 time=35.450 ms ^C --- gmail-imap.l.google.com ping6 statistics --- 4 packets transmitted, 4 packets received, 0.0% packet loss round-trip min/avg/max/std-dev = 30.092/34.592/41.528/4.470 ms TCP Sessions on v6 seem to time-out: imac01:~ branto$ telnet -6 imap.gmail.com 993 Trying 2607:f8b0:400d:c01::6c... telnet: connect to address 2607:f8b0:400d:c01::6c: Operation timed out telnet: Unable to connect to remote host IPv4 Connects: imac01:~ branto$ telnet -4 imap.gmail.com 993 Trying 173.194.76.108... Connected to gmail-imap.l.google.com. Escape character is '^]'. ^] telnet close Connection closed. and other connectivity via IPv6 works: imac01:~ branto$ telnet -6 www.google.com 80 Trying 2607:f8b0:400c:c04::68... Connected to www.google.com. Escape character is '^]'. GET / HTTP/1.0 200 OK Date: Sat, 01 Jun 2013 17:08:58 GMT snip Connection closed by foreign host. I've tried flushing my dnscache to make sure I'm not holding on to something that's not valid, but no dice. -Brant smime.p7s Description: S/MIME cryptographic signature
Re: Widespread Outages
That's a no. Not quite sure what you would see in these statistics given the weather conditions around the US. Might be more useful looking at a direct route from a specific point to destination where it might seem like things are awry. Looking glasses would be of more help to determine that. Though I can say mobile YouTube traffic has been quirky lately. On May 23, 2013, at 13:13, James Smits james.sm...@gmail.com wrote: Is something major going on? This looks like a X-mas tree http://www.internetpulse.net/ And FedEx rate servers are returning a 503 for up to an hour according to their rep. smime.p7s Description: S/MIME cryptographic signature
Re: The BGP Visibility Scanner
Pretty nice. Thanks! I don't suppose there is any straight text version of all this info is there ? -- Jason Hellenthal IST Services Professional Inbox: jhellent...@dataix.net JJH48-ARIN On May 15, 2013, at 6:22, Andra Lutu andra.l...@imdea.org wrote: Dear all, We have built a tool that checks the visibility of IPv4 prefixes at the interdomain level. The tool is available at *http://visibility.it.uc3m.es/* and you can use it to retrieve the Limited Visibility Prefixes (LVPs) (i.e., prefixes that are not present in all the global routing tables we analyse) injected by a certain originating AS. The query is very simple, it just requires to input the AS number for which you want to retrieve the originated LVPs, if any. After checking the limited-visibility prefixes, we would appreciate any feedback that you can provide on the cause of the limited visibility (we provide a form with a few very short questions which you could fill in and submit). Using a dataset from May 2nd 2013, we generated a list with the ASes which are originating LVPs: *http://visibility.it.uc3m.es/fullASlist.html* We would like to hear from any operator who might find this project interesting, and, in particular, from these large contributors to the LVPs set. Please note that advertising prefixes with limited visibility does not mean that the originating AS is necessarily doing something wrong. The ASes might be generating the LVPs knowingly (e.g., scoped advertisements). However, there might be cases where the origin AS might be unaware that some prefixes are not globally visible (when they should) or that others are leaking as a consequence of mis-configurations/slips. Our purpose is to spread awareness about these latter phenomena, help eliminate the cause of unintended/accidental LVPs and upgrade this tool to an anomaly detection mechanism. For more information on the definition and characteristics of a Limited Visibility prefix, please check the Frequently Asked Questions section of the webpage, available here: *http://visibility.it.uc3m.es/Q_and_A_latest.html* The tool works with publicly available BGP routing data, retrieved from the RIPE NCC RIS and RouteViews Projects. The results are updated on a daily basis. For more information on the methodology we refer you to the slides of the NANOG57 presentation about the BGP Visibility Scanner: http://www.nanog.org/meetings/nanog57/presentations/Wednesday/wed.general.Lutu.BGP_visibility_scanner.19.pdf Also, you can check the RIPE labs article about the BGP Visibility Scanner, available here: https://labs.ripe.net/Members/andra_lutu/the-bgp-visibility-scanner We are looking forward to your feedback! Thank you, best regards, Andra
Re: The BGP Visibility Scanner
Awesome! Thank you to you as well! -- Jason Hellenthal IST Services Professional Inbox: jhellent...@dataix.net JJH48-ARIN On May 15, 2013, at 11:01, Rene Wilhelm wilh...@ripe.net wrote: On 5/15/13 3:00 PM, Jason Hellenthal wrote: Pretty nice. Thanks! I don't suppose there is any straight text version of all this info is there ? At the RIPE NCC we are publishing aggregated dumps from our collective of 12 RIS route collectors every 8 hours. For each prefix we list the origin AS and the number of peers (on all collectors) which observe the prefix. If you are happy to do your own post-processing, set your own boundaries on what to consider limited visibility prefixes, have a look at the IPv4 and IPv6 table dumps at http://www.ris.ripe.net/dumps/ Note that the fact that not all RIS peers give us a full BGP table blurs the counts somewhat. Prefixes which are globally visible may (today) have anywhere between 96 and 110 peers announcing the prefix to the RIS route collectors. -- Rene -- Jason Hellenthal IST Services Professional Inbox: jhellent...@dataix.net JJH48-ARIN On May 15, 2013, at 6:22, Andra Lutu andra.l...@imdea.org wrote: Dear all, We have built a tool that checks the visibility of IPv4 prefixes at the interdomain level. The tool is available at *http://visibility.it.uc3m.es/* and you can use it to retrieve the Limited Visibility Prefixes (LVPs) (i.e., prefixes that are not present in all the global routing tables we analyse) injected by a certain originating AS. The query is very simple, it just requires to input the AS number for which you want to retrieve the originated LVPs, if any. After checking the limited-visibility prefixes, we would appreciate any feedback that you can provide on the cause of the limited visibility (we provide a form with a few very short questions which you could fill in and submit). Using a dataset from May 2nd 2013, we generated a list with the ASes which are originating LVPs:*http://visibility.it.uc3m.es/fullASlist.html* We would like to hear from any operator who might find this project interesting, and, in particular, from these large contributors to the LVPs set. Please note that advertising prefixes with limited visibility does not mean that the originating AS is necessarily doing something wrong. The ASes might be generating the LVPs knowingly (e.g., scoped advertisements). However, there might be cases where the origin AS might be unaware that some prefixes are not globally visible (when they should) or that others are leaking as a consequence of mis-configurations/slips. Our purpose is to spread awareness about these latter phenomena, help eliminate the cause of unintended/accidental LVPs and upgrade this tool to an anomaly detection mechanism. For more information on the definition and characteristics of a Limited Visibility prefix, please check the Frequently Asked Questions section of the webpage, available here:*http://visibility.it.uc3m.es/Q_and_A_latest.html* The tool works with publicly available BGP routing data, retrieved from the RIPE NCC RIS and RouteViews Projects. The results are updated on a daily basis. For more information on the methodology we refer you to the slides of the NANOG57 presentation about the BGP Visibility Scanner: http://www.nanog.org/meetings/nanog57/presentations/Wednesday/wed.general.Lutu.BGP_visibility_scanner.19.pdf Also, you can check the RIPE labs article about the BGP Visibility Scanner, available here:https://labs.ripe.net/Members/andra_lutu/the-bgp-visibility-scanner We are looking forward to your feedback! Thank you, best regards, Andra
Re: Speedtest Results speedtest.net vs Mikrotik bandwidth test
When is speed ever ensured past someone else's edge/border ? You may pass through your upstream that fast but once you are out in the open range you are free game to all the lions, tigers bears.., There is always going to be something eating you. Best off letting it be the Spanish queasiness from the night before than the results from speedtest.net -- Jason Hellenthal JJH448-ARIN - (2^(N-1)) On Apr 4, 2013, at 4:14, Mike mike-na...@tiedyenetworks.com wrote: On 04/03/2013 02:48 PM, valdis.kletni...@vt.edu wrote: On Wed, 03 Apr 2013 14:07:48 -0700, Mike said: These speedtests are pure unscientific bs and I'd love to see them called out on the carpet for it. As far as I know, it's possible for the end-to-end reported values to be lower than your immediate upstream due to issues further upstream. But if it reports 20MBbits/sec down and 5MBits/sec up, then the link is able to go *at least* that fast. (If anybody's got evidence of it reporting more than the link is technically capable of, feel free to correct me...) Yeah, I do... I've had T1 lines reported at 4.7mbps down and 2.8mbps up. These tests are hogwash. Mike-
Re: Packets dropped due to ICMP off
I don't recall seeing this thread before this message but this is nothing new. Most times you allowed to pass-thru these networks but not directly communicate with them. Whether it be some strenuous policy put in place by someone that still desires to provide routes back to the community or just the vision of the administrator of that router... it still works as intended for all other types of traffic. Besides, blocking ICMP type 0 doesn't neccesarily bust traceroutes. Using options (-I | -P icmp) would definately be busted but a normal traceroute from most systems that I have been on default to UDP datagrams. On Wed, Aug 08, 2012 at 08:46:35PM -0400, Jim Ray wrote: Awe, man, don't laugh too hard. Turned out to be problem with Firefox. Safari on iPhone and IE on PC work. I learned something, too, and appreciate the input: tracert using ICMP is not valid test. Not everyone has ping enabled. So, what looks like packet loss at next hop is really ICMP turned off. Sent from my iPhone -- - (2^(N-1)) JJH48-ARIN pgpSvu2UTBo5K.pgp Description: PGP signature
Re: NFSen plugin - ddd
Don't know if you ever recieved a reply for this but this is the best I have come up with to get more eyes on it. http://sourceforge.net/apps/trac/nfsen-plugins/wiki/RequestPlugin I have not submitted a request for it but if you happen to come accross this plugin, I would be interested. On Fri, Aug 03, 2012 at 01:55:21PM +1000, Andrew Jones wrote: Hi All, Does anyone have a copy of the DDoS detection plugin for NFSen called ddd that they could send to me? According to a blog article [1] I read, it used to be available at [2]. It's not there, and I haven't had any luck trying to track it down the usual ways. If anyone is able to provide a copy, I'd appreciate it. Thanks, Jonesy [1] http://www.ccieflyer.com/2010-01-JasonRowley.php [2] http://www.synacknetworks.com/ddd/ddd.zip -- - (2^(N-1)) JJH48-ARIN pgpA58Bu577Q6.pgp Description: PGP signature
Re: IPv6 only streaming video
On Thu, Jul 26, 2012 at 04:48:48AM +, Tina TSOU wrote: Do u mean I am a cow? I stop breast feeding this year. Tina ROGFLOL This is the best thing I have read yet this morning. Thanks for the laugh. On Jul 25, 2012, at 9:47 PM, Randy Bush ra...@psg.com wrote: I'm responsible for IPv6 deployment in my enterprise network, the users are my colleagues. In this context, I'm not vendor, not operator. i smell cows -- - (2^(N-1)) JJH48-ARIN
Re: HELP IN SETTING UP iBGPlay
Anyone going to block this fool ? On Tue, Jul 10, 2012 at 08:45:35AM -0700, NIG NOG wrote: -- - (2^(N-1))
Re: F-ckin Leap Seconds, how do they work?
On Wed, Jul 04, 2012 at 06:10:45PM -0400, William Herrin wrote: On Wed, Jul 4, 2012 at 1:44 PM, Brett Frankenberger rbf+na...@panix.com wrote: Without leap seconds, the sun stops being overhead at noon. But that's ridiculous. The sun *isn't* overhead at noon except at one particular longitude within each time zone. Everywhere else time synch to local noon is +/- half an hour. IMO, leap seconds are a really bad idea. Let the vanishingly few people who care about a precision match against the solar day keep track of the deviation from clock time and let everybody else have a *simple* clock year after year. When the deviation increases to an hour every what, thousand years? Then you can do a big, well publicized correction where everybody is paying attention to making it work instead of being caught by surprise. Yeah but what you don't understand is that manual navigation after a certain point of difference becomes inaccurate to a degree that is unacceptable by most military standards. 100 or a 1000 years the difference is too big. Someone somewhere at some point evaluated this need in the range of 0.3 - 0.9? in order for nauticle and other means of direction to not be impacted. It would be easy to disagree and say Well! we have GPS and other such digital devices to tell where you are now!... and if those go out just like all these failing Java Apps ?. I would not want to be the guy that would have to calculate all possible differences just to attempt to get a accurate location and then find out the math was wrong and you are 100 miles off target. Just sayin! -- - (2^(N-1))
Re: No DNS poisoning at Google (in case of trouble, blame the DNS)
What would be nice is the to see the contents of the htaccess file (obviously with sensitive information excluded) On Wed, Jun 27, 2012 at 10:14:12AM -0300, Arturo Servin wrote: It was not DNS issue, but it was a clear case on how community-support helped. Some of us may even learn some new tricks. :) Regards, as Sent from mobile device. Excuse brevity and typos. On 27 Jun 2012, at 05:07, Daniel Rohan dro...@gmail.com wrote: On Wed, Jun 27, 2012 at 10:50 AM, Stephane Bortzmeyer bortzme...@nic.frwrote: What made you think it can be a DNS cache poisoning (a very rare event, despite what the media say) when there are many much more realistic possibilities (trollspecially for a Web site written in PHP/troll)? What was the evidence pointing to a DNS problem? It seems likely that he made a mistake in his analysis of the evidence. Something that could happen to anyone when operating outside of a comfort zone or having a bad day. Go easy. -DR -- - (2^(N-1))
Re: DNS poisoning at Google?
On Tue, Jun 26, 2012 at 10:36:55PM -0700, Landon Stewart wrote: There is definitely a 301 redirect. $ curl -I --referer http://www.google.com/ http://www.csulb.edu/ HTTP/1.1 301 Moved Permanently Date: Wed, 27 Jun 2012 05:36:31 GMT Server: Apache/2.0.63 Location: http://www.couchtarts.com/media.php Connection: close Content-Type: text/html; charset=iso-8859-1 And if you visit http://www.couchtarts.com/media.php using the correct broser you end up back at http://google.com ... On 26 June 2012 22:05, Matthew Black matthew.bl...@csulb.edu wrote: Google Webtools reports a problem with our HOMEPAGE /. That page is not redirecting anywhere. They also report problems with some 48 other primary sites, none of which redirect to the offending couchtarts. matthew black information technology services california state university, long beach -Original Message- From: Jeremy Hanmer [mailto:jeremy.han...@dreamhost.com] Sent: Tuesday, June 26, 2012 9:58 PM To: Matthew Black Cc: nanog@nanog.org Subject: Re: DNS poisoning at Google? It's not DNS. If you're sure there's no htaccess files in place, check your content (even that stored in a database) for anything that might be altering data based on referrer. This simple test shows what I mean: Airy:~ user$ curl -e 'http://google.com' csulb.edu !DOCTYPE HTML PUBLIC -//IETF//DTD HTML 2.0//EN htmlhead title301 Moved Permanently/title /headbody h1Moved Permanently/h1 pThe document has moved a href=http://www.couchtarts.com/media.php here/a./p /body/html Running curl without the -e argument gives the proper site contents. On Jun 26, 2012, at 9:24 PM, Matthew Black matthew.bl...@csulb.edu wrote: Running Apache on three Solaris webservers behind a load balancer. No MS Windows! Not sure how malicious software could get between our load balancer and Unix servers. Thanks for the tip! matthew black information technology services california state university, long beach From: Landon Stewart [mailto:lstew...@superb.net] Sent: Tuesday, June 26, 2012 9:07 PM To: Matthew Black Cc: nanog@nanog.org Subject: Re: DNS poisoning at Google? Is it possible that some malicious software is listening and injecting a redirect on the wire? We've seen this before with a Windows machine being infected. On 26 June 2012 20:53, Matthew Black matthew.bl...@csulb.edumailto: matthew.bl...@csulb.edu wrote: Google Safe Browsing and Firefox have marked our website as containing malware. They claim our home page returns no results, but redirects users to another compromised website couchtarts.comhttp://couchtarts.com. We have thoroughly examined our root .htaccess and httpd.conf files and are not redirecting to the problem target site. No recent changes either. We ran some NSLOOKUPs against various public DNS servers and intermittently get results that are NOT our servers. We believe the DNS servers used by Google's crawler have been poisoned. Can anyone shed some light on this? matthew black information technology services california state university, long beach www.csulb.eduhttp://www.csulb.eduhttp://www.csulb.edu -- Landon Stewart lstew...@superb.netmailto:lstew...@superb.net Sr. Administrator Systems Engineering Superb Internet Corp - 888-354-6128 x 4199 Web hosting and more Ahead of the Rest: http://www.superbhosting.nethttp://www.superbhosting.net/ -- Landon Stewart lstew...@superb.net Sr. Administrator Systems Engineering Superb Internet Corp - 888-354-6128 x 4199 Web hosting and more Ahead of the Rest: http://www.superbhosting.net -- - (2^(N-1))
Re: ISPs and full packet inspection
On Thu, May 24, 2012 at 08:37:52PM -0500, Jimmy Hess wrote: On 5/24/12, not common notcommonmista...@gmail.com wrote: [snip I am looking for some guidance on full packet inspection at the ISP level. Aside from any legal issue; there is a respectable practices issue. Even if there is no regulation that prohibits something does not mean it is OK. Your customers' deserve to be made aware of any full packet capture practices that may impact traffic to/from network they own/manage, before packet capture occurs, especially when there is data retention, or human examination/analysis based on contents of large numbers of packets; otherwise there is a risk you will be in trouble, for some definition of in trouble that depends on the circumstances. Because your packet interception can put your user at risk; proprietary information can be disclosed.And most ISP customers intend to purchase network connectivity service, not record all my traffic without telling me service .. If you need a call center to handle this just let me know... :) since your call volume is going to spike through the roof. Are you prepared to explicitly explain to your customers, both existing, and new ones, before they are allowed to buy or continue service from you -- under what circumstances you intercept full packets, whose packets do you capture, what packets do you capture, how many packets / how long will you capture their packets, what do you do with their contents after you capture them, how long do you keep data, what security controls do you have in place to prevent unauthorized access to their packets and ensure timely destruction of sensitive data? If the answer is NO, that you have poor planning, or your privacy practices are not solid enough to reveal to your customers with confidence, then save the money on consulting lawyers, by choosing NOT to implement interception and capture of full packets. Is there any regulations that prohibit or provide guidance on this? -- -JH -- - (2^(N-1))
Re: Vixie warns: DNS Changer ‘blackouts’ inevitable
On Wed, May 23, 2012 at 06:42:34PM -0700, Lynda wrote: On 5/23/2012 6:35 PM, Brett Watson wrote: On May 23, 2012, at 18:27, George Herbertgeorge.herb...@gmail.com wrote: Please don't make me remember hosts.txt before I've had a chance to wrap up work, go home, and get some Scotch in... Come on George, hosts.txt was the good old days :) I still have a copy (from around 1992, so one of the very last), although much edited (and NOT 10,000 hosts, thanks). ftp://ftp.math.ethz.ch/pub/doc/hosts.txt Leftovers! -- - (2^(N-1))
Re: Looking for W7 whois freeware
On Sun, May 13, 2012 at 08:19:42AM +0300, Hank Nussbacher wrote: At 16:57 10/05/2012 -0400, Scott Berkman wrote: I am looking for a simple Windows GUI s/w for a secretary to use to do whois lookups for IP and ASNs and to easily copy/paste the results. Amazing that there is no such beast. Use your internal company webserver and write a simple CGI form that she can fill out and hit enter. This way you can simply control the results if you ever find out that you are not getting what you want. You could have that CGI also email out the results to her mailbox and yours just so you can keep an eye on it. I use Launchy (a keystroke launcher similar to GnomeDo, Quicksilver, etc) and it's Runner plugin with some bat scripts that reference the builtin whois DOS/CLI command to create my own. So for example, to look up an IP at ARIN I just hit my hotkey (Atl-Space) and type arin tab IP enter. My bat script really just runs whois, sizes the command prompt window, and waits for user input before disappearing. I'm happy to share my scripts off list if you are interested. -Scott -Original Message- From: Hank Nussbacher [mailto:h...@efes.iucc.ac.il] Sent: Thursday, May 10, 2012 2:49 AM To: nanog@nanog.org Subject: Looking for W7 whois freeware I am looking for a Window 7 GUI utility that does raw whois - not the standard domain lookup, but rather allows me to specify and change the whois server I am talking to and allows me to customize the whois search string for IPs or ASNs or anything else a whois server will accept, like: -B -G as378. I know of ezwhois but am looking for something better (for example - they don't have whois.ripe.net listed - one can add it but not save it). Thanks, Hank -- - (2^(N-1))
Re: IPv6 aggregation tool
The Net::CIDR package contains functions that manipulate lists of IP netblocks expressed in CIDR notation. The Net::CIDR functions handle both IPv4 and IPv6 addresses. WWW: http://search.cpan.org/dist/Net-CIDR/ On Thu, May 03, 2012 at 04:58:27PM -0400, chip wrote: Looks like the most recent NetAddr::IP perl module will do it: http://search.cpan.org/~miker/NetAddr-IP-4.059/IP.pm#EXPORT_OK Take a look at the Compact function. I think that's what will do it. --chip On Thu, May 3, 2012 at 4:25 PM, Rafael Rodriguez packetjoc...@gmail.com wrote: Hi list, I can't seem to find any tools that'll aggregate a list of IPv6 prefixes. Used to 'aggregate' for IPv4, looking for something similar for IPv6. Thanks! -- Just my $.02, your mileage may vary, batteries not included, etc -- - (2^(N-1))
Re: FW: Communal Dining
Shoot I was half way there already! :-) On Mon, Apr 16, 2012 at 10:11:44AM -0400, Ronald Bonica wrote: Folks, Sorry, you are not all invited to dinner. I apologize for the spam. MS mail address completion helped me a little more than I wanted. Ron -Original Message- From: Ronald Bonica Sent: Monday, April 16, 2012 10:05 AM To: 'frbi...@aol.com'; 'Nicholas Hinko'; 'Susan Hinko'; jay cuasay; 'William Richey'; Will Ress; 'maria torres'; 'landre...@gmail.com'; nanog@nanog.org Subject: Communal Dining Folks, You are all invited to an extremely informal dinner at our house at 6PM on Saturday, April 21. Spouses and children are all invited. I will bake bread and put on a huge pot of soup. If your kids are picky eaters, feel free to bring whatever they will eat. Our house is located at: 241 West Meadowland Lane Sterling, Virgina 20164 703 430 8379 -- Ron and Nancy Bonica vcard: www.bonica.org/ron/ronbonica.vcf
Re: is sbcglobal throttling Cuban traffic?
From this location it looks aweful... and I am on a sbcglobal line. Console traceroute -a havanatimes.org ...[INTERNAL]... 3 [AS0] adsl-99-181-143-254.dsl.klmzmi.sbcglobal.net (99.181.143.254) 19.510 ms 27.116 ms 19.387 ms 4 [AS7132] dist2-vlan60.klmzmi.ameritech.net (67.36.55.243) 19.482 ms 18.178 ms 19.939 ms 5 [AS7132] bb2-10g4-0.klmzmi.sbcglobal.net (151.164.38.108) 19.897 ms 26.879 ms 19.883 ms 6 * * * ... It stops there not even a ping. On Sat, Mar 24, 2012 at 02:41:01PM -0500, C. A. Fillekes wrote: Reports from around the country are that traceroutes through sbcglobal (in Austin, Houston and NJ) are failing with timeout to havanatimes.org -- yet when we go in through TOR or Comcast or using overseas services, their routing is just fine. What gives? -- ;s =;
Re: Monitoring other people's sites (Was: Website for ipv6.level3.com returns HTTP/1.1 500 Internal Server Error)
On Tue, Mar 20, 2012 at 03:54:13PM +0100, Jeroen Massar wrote: On 2012-03-20 15:40 , vinny_abe...@dell.com wrote: FYI - it's also the main IPv4 site, not just IPv6... although I'm unsure if it's the same issue. I was monitoring availability as a point of reference for my network and started receiving 500 errors recently as well that tripped up the monitoring system, even though the page comes up in any browser I try. GET / HTTP/1.1 User-Agent: Mozilla/4.0 (compatible; MSIE 4.01; Windows NT) For everybody who is monitoring other people's websites, please please please, monitor something static like /robots.txt as that can be statically served and is kinda appropriate as it is intended for robots. Oh and of course do set the User-Agent to something logical and to be super nice include a contact address so that people who do check their logs once in a while for fishy things they at least know what is happening there and that it is not a process run afoul or something. Of course, asking before doing tends to be a good idea too. The IPv6 Internet already consists way too much out of monitoring by pulling pages and doing pings... Fortunately that should heavily change in a few months. Greets, Jeroen (who noticed a certain sh company performing latency checks against one of his sites, which was no problem, but the fact that they where causing almost more hits/traffic/load than normal clients was a bit on the much side, them pulling robots.txt solved their problem to be able to check if their IPv6 worked fine and the load issue on the server side was gone too as nginx happily serves little robots.txt's at great speed from cache ;) And for the few folks putting nagios's on other people's sites, they obviously do not understand that even if the alarm goes off that something is broken that they cannot fix it anyway, thus why bother... I agree! leave the monitoring for those that are hired to do so. Using someone elses server to verify that your ipv6 connectivity works should just strictly get your traffic dropped or null-routed with an alert sent to your provider. ping6 your provider... wget -6 your provider but beyond that you, most likely cannot fix it... -- ;s =;
Falling for address collection (Was: Evil Bit and Spread Spectrum IP Addressing - NANOG Source Address Shaping)
Why does everyone keep falling for the same address collector ? ;-) -- LoL On Sun, Mar 04, 2012 at 10:22:15AM -0600, Guru NANOG wrote: Common Misconception: One additional bit of IPv4 Addressing will solve world hunger The Evil Bit (or spare unused bit) can be used to store (restore) one bit The Left-Most bit of the 32-bit Source Address Field can be SET to Zero no matter what the original value. The Evil bit can be set IFF the Left-Most bit is **changed**. Setting the Left-Most bit to zero **folds** this table in half. http://www.iana.org/assignments/ipv4-address-space/ipv4-address-space.txt Setting the Left-Most bit to ONE would move return traffic to the upper half of the Spectrum which has vast quantities of unused /8s Wide-spread consensus shows that TWO bits can work. Three bits folds the table to 1/8th. Governments want a 4-bit Return Prefix to their Super-Hubs for IPv6-like intercept. The U.S.FCC is expected to issue the regulations on how Spread Spectrum Source Address Shaping will work in their licensed CPE wireless devices. There are 160-bits in the deprecated header so there are many ways to go. One-Way Broadcast IP Addressing is now available. The Source Address Field is used for the second half of the 64-bit Destination Address. The DF (Did Flip) bit near the Evil Bit is used to note the two halves of the Destination Address have been *flipped*. NANOGers simply route 32 and then 32 after the flip based only on the Destination Field. There is no Source Address, only a channel (port). Keywords: WRT DNSMASQ Tomato WIFI Linux CPE -- ;s =;
Re: NANOG Digest, Vol 48, Issue 41
On Sun, Jan 15, 2012 at 01:56:45PM -0500, Scot Loach wrote: On 1/15/12, nanog-requ...@nanog.org nanog-requ...@nanog.org wrote: When replying, please edit your Subject line so it is more specific than Re: Contents of NANOG digest... These are good tips. Might also help to strip some of the context from what you are replying as well.
Re: Why is IPv6 broken?
deBunk Where did you get all this from ? There is not even one single reference to a URL, not to be rude but how long did it take you to write this theory ? As for It's broken, first and foremost... They may be a Tier 1 provider of other services and also happen to offer IPv6 at which they are only a Tier 2 or 3 but using the marketing gimics of theyre original Tier 1 status to get acknowledgement. I stopped reading shortly after 'I think' the second paragraph and scanned the rest for URLs that might have made this clear and to the point but did not find any. Heresay. /deBunk On Sat, Jul 09, 2011 at 03:25:27PM -0600, Bob Network wrote: Why is IPv6 broken? It's broken, first and foremost, because not all network providers who claim to be tier 1 are tier 1. Even worse, some of these providers run 6to4 relays or providers to home users. A user has no choice which provider is running their 6to4 relay...so, they might end up using a relay that is run by a provider who doesn't peer with their intended destination. I don't think the IETF saw that one coming. But the result is to make 6to4 even more broken. Now, I know some people want 6to4 to die, but while it still exists in some form, user experience is worse than it could be. The temporary fix is for any provider to run their own 6to4 relay for their own customers (assuming that they themselves have full connectivity). Right now, unless you buy transit from multiple tier 1s, and do so with carefully chosen tier ones, you have only part of the IPv6 internet. Many tier 1s are unsuitable even as backup connections, since you still want your backup connection to have access to the whole internet! Good tier 2 providers might be an excellent choice, sine good providers have already done this leg work and can monitor their providers for compliance. A few myths... Routing table size has nothing to do with completeness of routes. Google may be one route, through aggregation. And SmallCo may advertise a large route through one provider, and, due to traffic engineering, a smaller route through a second one - in many cases, anyone that had the large route would be able to contact SmallCo, even without the smaller route being present. So routing table size doesn't work. In addition, some providers aggregate their routing tables to reduce routing load and such. Others intentionally don't or deaggregate it intentionally so that they can brag about having bigger routing tables. What you need to ask is: How many /64s can you get to from your network, and how many of these /64s are reachable from at least one other major provider (you don't care about internal-only networks, after all)? They can give you that information, but many won't want to. It's also not about technical people not getting along. It's about business players trying to make money, but not just that either. It's also about ensuring that providers don't end up assuming more than their share of costs for a link. Just because you have a common peering point doesn't mean that turning peering on would reduce your costs. In some cases it may increase costs tremendously, particularly on your long haul backbone links, because the other party would like to take advantage of an attitude of trust on the internet. That's why we end up with peering policies and contracts. What is the issue? Let's take Hurricane. This is no different than other providers...basically, they want to say, We shouldn't need to pay for IPv6 transit from anyone. This is what Cogent said on IPv4 a few years ago. Google used to say this too for IPv6, not sure if they are still saying it. Basically, We know we're big enough that you won't want to screw your users by not peering with us. A small network couldn't do this tactic - a 100 node network who said to the IPv4 tier 1s: Hey, I'm in the Podunk Internet Exchange, so are you, so I'm going to peer from you so I don't have to buy any bandwidth for my web server (placed in the Podunk exchange). Sure, they would like to - it would save a ton of money if their site got lots of hits. I mean, who wouldn't want free connectivity? In IPv6, we're going through what we settled years ago in IPv4 - who has to pay who to connect. After all, even free peering connections have a cost in manpower, debugging, traffic engineering, documentation, etc. Some players who aren't getting free interconnection to tier 1s in IPv4 want to get it in IPv6. So they've worked to attract lots of users, and done so under the guise of We like IPv6 and want to promote it. Others have not bothered with trying to attract the users, but have said, We're too big for you to not want to give us connectivity for free, since it would piss off your users if you don't (Google did this at one point in the past, may still be doing it). The Google example is basically trying