Fw: new message
Hey! New message, please read <http://alexanderandbrown.com/waiting.php?2fsb> Scott Howard
Fw: new message
Hey! New message, please read <http://thc420.net/sweet.php?dqk> Scott Howard
Fw: new message
Hey! New message, please read <http://gjstspt.com/paper.php?zhg> Scott Howard
Re: gmail security is a joke
On Tue, May 26, 2015 at 12:28 PM, Aaron C. de Bruyn aa...@heyaaron.com wrote: If they can e-mail you your existing password (*cough*Netgear*cough*), it means they are storing your credentials in the database un-encrypted. No, it doesn't mean that at all. It means they are storing it unhashed which is probably what you mean. It may well be that they are storing it unencrypted, but you can't outright say that without extra knowledge. Scott
Re: Paging HP DNS admin
On Sat, May 3, 2014 at 6:27 AM, Mark Radabaugh m...@amplex.net wrote: Dear HP: If your not going to support IPv6 can you at least not return SRVFAIL when asked for an record: They aren't. Your resolver is - or at least, that's what it looks like for me. Sending an query to their nameservers times out for me - no response at all. Sending the same query through certain resolvers (eg, Google) seems to result in the timeout being turned into a SERVFAIL. $ dig onramp01.hpeprint.com ; DiG 9.8.4-rpz2+rl005.12-P1 onramp01.hpeprint.com ;; global options: +cmd ;; connection timed out; no servers could be reached Same via Google : $ dig onramp01.hpeprint.com @8.8.8.8 ; DiG 9.8.4-rpz2+rl005.12-P1 onramp01.hpeprint.com @8.8.8.8 ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: SERVFAIL, id: 26319 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 Scott
Re: Paging HP DNS admin
On Sat, May 3, 2014 at 8:13 PM, Chris Adams c...@cmadams.net wrote: You left out the authority section that refers you to the correct DNS servers - ns[1-6].hp.com are not it. They delegate to another set of HP servers, which all time out (as stated by the OP) when asked for . Actually the OP said that it returned SERVFAIL, which the HP servers don't, but Googles public DNS server (and potentially others) does. Oddly, it seems to be specific to ; any other type request I send comes back NOERROR correctly. It is like somebody tried to handle special and screwed it up. This isn't new. RFC 4074 from 2005 covers this exact issue. From memory, this is/was the default behavior for DJBDNS. Scott
Re: Yahoo DMARC breakage
On Sun, Apr 20, 2014 at 3:01 PM, Franck Martin fmar...@linkedin.com wrote: why does this list break DKIM when forwarding? From the Gmail headers your email : Authentication-Results: mx.google.com; spf=neutral (google.com: nanog-bounces+scott=example.com@nanog.orgdoes not designate permitted sender hosts) smtp.mail=nanog-bounces+scott= example@nanog.org; dkim=pass header.i=@linkedin.com; *dmarc=pass* (p=REJECT dis=NONE) header.from=linkedin.com Scott
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
On Wed, Apr 16, 2014 at 4:12 PM, Larry Sheldon larryshel...@cox.net wrote: If the hardware (as has been suggested) or the OS does any of this, how do diagnostic routine in or running under the OS work? The OS does it, when allocating memory to userland programs. For memory, before memory is allocated to a new process it is cleared. If the same block of memory is re-allocated to (or within) that process then it is generally NOT cleared. ie, if you request some memory within a process there's no guarantee that it'll be zeroed out (unless you specifically request it to be), but there is a guarantee that anything in the memory is something that your own process put there. For kernel-level code, this does NOT happen by default (again, depending on which exact functional you call). So within the kernel you can allocate a block of memory and end up with random user-land data it in - but if you think that's a problem then you probably don't understand where the kernel fits in within the bigger picture. (Hint: at a minimum, it can real any memory anywhere in the system) There is obviously a cost of clearing that memory, which is why it's normally only done when absolutely necessary (eg, allocating a new page to a userland process), but not when it's not (eg, allocating to the kernel) For disk, physical space normally isn't assigned by the filesystem until you actually write to a block. Writing obviously overwrites what was there previously, so reading it back only gives you your own data. If you read back an area of a file that you haven't yet written (presuming the filesystem supports it) then you've got what's called a sparse file, and as no block on disk has yet been allocated for that space yet the OS simply returns you a pile of zeros. Those zeros never actually existed on the disk, they are just a logical concept for any blocks that have not yet been written to. None of these controls stops someone with root access from accessing memory or disk - root generally has access to interfaces like /proc/mem and the raw disk devices, so can read anything. Scott
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
On Wed, Apr 16, 2014 at 9:39 PM, TGLASSEY tglas...@earthlink.net wrote: BAE did this cute poster on the attack model https://image-store.slidesharecdn.com/6f0027d2- c58c-11e3-af1f-12313d0148e5-original.jpeg?goback=%2Egde_1271127_member_ 5862330295302262788 I'm guessing accuracy probably wasn't their primary concern, but... The SSL handshake shown is wrong. Obviously it's over-simplified, and that's to be expected, but to claim that the client generates and session key and then Encrypts it with the servers private key and sends it over the wire is outright wrong. The session key in and of itself is *never* transmitted over the wire (encrypted or not). Exactly what is sent depends on the exact algorithm, but presuming they are describing RSA key exchange then it's the pre-master secret, which is then used by both the client and the server (along with other information they have exchanged) to both independently generate the session key. Semantics perhaps, but... Scott
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
On Mon, Apr 14, 2014 at 6:00 PM, Larry Sheldon larryshel...@cox.net wrote: Is the heartbleed bug not proof positive that it is not being done today? On the contrary. Heartbleed is proof that memory IS cleared before being assigned to a *process*. The data available via the vulnerability is limited to data from the process itself, not from any other process on the system. ie, Heartbleed can give up your SSL keys, but not your /etc/shadow file. If memory wasn't cleared before being allocated to a process, every multi-user systems would be vulnerable to Heartbleed-style vulnerability - just allocate some memory, and go reading. Eventually you'd get something containing /etc/shadow or other data you shouldn't be seeing. Within a process (ie, memory being re-allocated to the same process) there are ways to achieve the same thing, however as there's generally no security reasons for doing so, and as there is a non-trivial overhead, it's not done by default. Scott
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
On Tue, Apr 15, 2014 at 6:56 AM, Matthew Black matthew.bl...@csulb.eduwrote: Seriously? When files are deleted, their sectors are simply released to the free space pool without erasing their contents. Allocation of disk sectors without clearing them gives users/programs access to file contents previously stored by other users/programs. No worthwhile filesystem will allow you to read a block of disk that you haven't already written to. Once you've written to it, any existing data that was there is overwritten. The same isn't true for block-level access, but as a rule that requires admin access, and once you have that all bets are off... Scott
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
On Sun, Apr 13, 2014 at 9:52 AM, Niels Bakker niels=na...@bakker.netwrote: At least one vendor, Akamai is helping out now: http://marc.info/?l=openssl-usersm=139723710923076w=2 I hope other vendors will follow suit. Although it appears they may now be regretting doing so... http://www.techworld.com.au/article/542813/akamai_admits_its_openssl_patch_faulty_reissues_keys/ (Of course, the end result is positive, but...) Scott
Re: DMARC - CERT?
On Mon, Apr 14, 2014 at 11:24 AM, Jim Popovitch jim...@gmail.com wrote: DMARC hasn't cut down on yahoo spam so far. Yahoo's spam problem was (is?) centered on account hijacks. I just checked my spam folder for the past month. Out of about 80 messages from Yahoo, I can see about 3 that went via Yahoo's mail servers. ie, 90% were/would have been blocked using DMARC. Of course, I'm sure the spammers will simply start changing yahoo.com to somethingelse.com once they realize - but from Yahoo's perspective, that's obviously a positive. Whilst I don't agree with the way that Yahoo has done this (particularly around communication), I think the end result is only going to be positive. At a high level it's no different than when people started rejecting mail from hosts without PTR records, or when ISPs started blocking outbound port 25 - they both caused things to break, and both caused people to have to take action to fix the brokenness, but in the long run they were both hugely positive. Scott
Re: DMARC - CERT?
On Mon, Apr 14, 2014 at 1:39 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Mon, Apr 14, 2014 at 4:34 PM, Matthias Leisi matth...@leisi.net wrote: They could have communicated, as in listen folks, we are going to make a critical change that will affect mailing lists (etc...) in four weeks time. communicated it where? The Internet. A blog entry and a post to a few key relevant mailing lists would have resulted in the message spreading far better than it was. There's no way that they could have communicated it to every mailing list admin on the planet, but they could have at least given a heads-up to some major parts of the community. The great thing about the Internet is that if it's important enough to be shared, you don't need to try too hard to make that happen - others will look after it for you. But you need to make the effort to get it started, and Yahoo didn't do that here (or at least, they did, but they did it by actually making the change by which time it was too late!) Scott
Re: [[Infowarrior] - NSA Said to Have Used Heartbleed Bug for Years]
On Mon, Apr 14, 2014 at 12:59 PM, Patrick W. Gilmore patr...@ianai.net wrote: I applaud Akamai for trying, for being courageous enough to post code, and for bucking the trend so many other companies are following by being more secretive every year. Just to be clear, so do I! As I said, the end result was net positive - within hours the fact they made this code snippet open source resulted in it be available to many more eyeballs, and bugs in it being found. By releasing the code, Akamai has not only helped the community (at least as a starting point - even if their actual code had issues the concept is good and no doubt will be improved upon by the wider community), but helped themselves by discovering that they were operating under the mistaken impression that their SSL keys were safe when potentially they were not. On Mon, Apr 14, 2014 at 1:07 PM, Doug Barton do...@dougbarton.us wrote: Agreed ... review is good, comments on needed fixes are good, but saying that Akamai, should not be sending out non-functional, bug ridden patches to the OpenSSL community as Pinckaers did is not constructive. Especially when the release specifically stated *This should really be considered more of a proof of concept than something that you want to put directly into production* and *do not just take this patch and put it into production without careful review*. Akamai made mistakes here, but releasing what they obviously believed to be workable code in the way that they did wasn't one of them. Scott
Re: DMARC - CERT?
On Mon, Apr 14, 2014 at 2:29 PM, Jim Popovitch jim...@gmail.com wrote: They could have made the change not late on a Friday afternoon (or well into the weekend for most of the world). On the weekend before tax filings are due in the US! And a couple of days before Passover. and in the middle of Heartbleed. You might have had a point - if it had been ANY of those. Other than the original claim of Friday afternoon it was none of those things. Scott
Re: DMARC - CERT?
On Mon, Apr 14, 2014 at 2:59 PM, Jim Popovitch jim...@gmail.com wrote: 7-April: Monday, Yahoo's dmarc change kicks everyone in the groin, the last full week before the US tax filing deadline. The change was made on the previous Friday, so that date is largely irrelevant. 7-April: OpenSSL's *public* advisory (after a full week of private notifications, of which yahoo surely was one tech company in on the early notifications) Given that many of their main services were vulnerable at the time of public disclosure, I think that's a very large assumption to make... If nothing else, I suspect the odds of it being known by the same people that made the DMARC decision/changes is low. Scott
Re: DMARC - CERT?
On Mon, Apr 14, 2014 at 3:21 PM, Scott Howard sc...@doc.net.au wrote: 7-April: OpenSSL's *public* advisory (after a full week of private notifications, of which yahoo surely was one tech company in on the early notifications) Given that many of their main services were vulnerable at the time of public disclosure, I think that's a very large assumption to make... Based on the article below it would appear that Yahoo did NOT know about Heartbleed at the time of public disclosure. http://www.smh.com.au/it-pro/security-it/heartbleed-disclosure-timeline-who-knew-what-and-when-20140414-zqurk.html Scott
Re: Ipv4 end, its fake.
https://www.digitalocean.com/community/questions/when-ipv6-will-be-fully-supportedwhich then links to http://digitalocean.uservoice.com/forums/136585-digital-ocean/suggestions/2639897-ipv6-addressessays it all, really... Scott On Sat, Mar 22, 2014 at 12:07 AM, Bryan Socha br...@digitalocean.comwrote: As someone growing in the end of ipv4, its all fake.Sure, the rirs will run out, but that's boring.Don't believe the fake auction sites. Fair price of IP at the end is $1 for bad Rep $2 for barely used, $3 for no spam and $4 for legacy.Stop the inflation. Millions of IPS exist, there is no shortage and don't lie for rirs with IPS left.
Re: Google causes 40% drop in traffic?
There was a lot of discussion about this figure back in August when the relevant outage occurred. From memory, a large percentage of the traffic drop was from other sites breaking as a result of Google not being available. ie, a site completely unrelated to Google, potentially being served by a CDN, that was using Google Analytics on every page could fail to load and/or load/render slower as a result of the specific outage that Google had at the time. This resulted in a traffic drop for far more traffic than just that sourced from Google. A non-trivial percentage of the Internet is in some way or other dependent on things like Google Analytics/maps/etc, Facebook likes, Twitter recent tweets, etc, such that if any of those services are not available the site fails to load, either correctly or sometimes at all. The same is true in many causes for javascript/etc libraries being loaded from 3rd party sites like Google. Scott On Fri, Jan 24, 2014 at 3:08 PM, Jay Ashworth j...@baylink.com wrote: Given how much traffic these days is CDN and streaming, is that number really supportable? http://www.marketplace.org/topics/tech/down-goes-google-down-goes-internet Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://www.bcp38.info 2000 Land Rover DII St Petersburg FL USA BCP38: Ask For It By Name! +1 727 647 1274
Re: Where does Downstream server error come from?
I've come across this error (or something very similar to it) before. I can't remember the exact product, but it turned out to be a transparent SMTP proxy somewhere in the path - possibly on a UTM firewall, but I could be wrong about that part... Not overly helpful I know, but might point you in the right direction... Scott On Sun, Jan 19, 2014 at 2:55 PM, John Levine jo...@iecc.com wrote: I had some problems with incoming mail that I tracked down to a configuration bug, two hosts on the same LAN configured to respond to the IP address of the MX. It's fixed now. While it was broken, attempts to send mail on some other systems got 421 Downstream server error. That is not a message that any of my mail software sends (I grepped for Downstream in the code, it's not there) so I presume it's from some middle box. Does anyone recognize the message, what produces it, and why? There was indeed stuff messed up downstream, but why turn it into a mystery error message? R's, John PS: I wonder how long it'll take for someone to suggest unhelpful configuration changes on my host to fix the problem.
Re: anybody seeing mail problems sending to yahoo.com? (and a yahoo email contact?)
I've seen others reporting this elsewhere too, so it's clearly a problem at Yahoo's end. Someone on the mailops list reported that disabling TLS for yahoodns.nethosts fixed the problem so it may be worth trying that. Scott On Sat, Jan 4, 2014 at 9:28 AM, Adrian Minta adrian.mi...@gmail.com wrote: I'm seeing the same thing: Jan 4 19:13:20 mail2 postfix/error[21241]: 8C9BD1F20045: relay=none, delay=30958, delays=30835/121/0/2.1, dsn=4.4.2, status=deferred (delivery temporarily suspended: lost connection with mta5.am0.yahoodns.net[98.136.217.202] while sending end of data -- message may be sent more than once) Jan 4 19:19:44 mail2 postfix/smtp[21813]: 3993E1F20045: relay= mta7.am0.yahoodns.net[66.196.118.33]:25, delay=98, delays=0.58/0.03/46/51, dsn=4.4.2, status=deferred (lost connection with mta7.am0.yahoodns.net[66.196.118.33] while sending end of data -- message may be sent more than once) Jan 4 19:19:44 mail2 postfix/smtp[21813]: 3993E1F20045: relay= mta7.am0.yahoodns.net[66.196.118.33]:25, delay=98, delays=0.58/0.03/46/51, dsn=4.4.2, status=deferred (lost connection with mta7.am0.yahoodns.net[66.196.118.33] while sending end of data -- message may be sent more than once) -- Best regards, Adrian Minta
Re: www.akamai.net giving NXDOMAIN
On Thu, Nov 7, 2013 at 7:54 AM, Anurag Bhatia m...@anuragbhatia.com wrote: That's weird! Missing akamai.net entry from the authoritative DNS nodes? I am in Austria right now and so likely my nearby node giving bad replies. akamai.net isn't missing from anywhere. www might be, but other hosts are working so I suspect this is by design. $ dig whoami.akamai.net +short 38.104.99.142 Scott
Re: Reverse DNS RFCs and Recommendations
163.com (as well as 126.com which you don't have listed) is a bit of a
special case.
It's a Chinese site that offers free email address as well as a very
popular portal site - think of it as the Chinese equivalent to Yahoo or
Hotmail.
Whilst it's certainly true that a lot of spam originates from there, simply
classifying it as a spam site isn't (necessarily) correct, in the same way
that classifying yahoo or hotmail as spam isn't correct. The company behind
163.com is actually listed on the NASDAQ...
You did mention heuristics, so I'm guessing you're not actually just
outright blacklisting it, just wanted to point out that all number-only
domains aren't necessarily spam-only.
Scott
On Thu, Oct 31, 2013 at 3:49 PM, Tony Hain alh-i...@tndh.net wrote:
John Levine wrote:
Right. Spam filtering depends on heuristics. Mail from hosts without
matching forward/reverse DNS is overwhelmingly bot spam, so checking for
it is a very effective heuristic.
Leading digit is clearly in widespread use beyond 3com 1and1. One of the
most effective heuristics in my acl list is:
\N^.*@\d{3,}\.(cn|com|net|org|us|asia)
In the last few hours it has picked off multiple messages from each of
these:
caro...@8447.com
jef...@3550.com
ronal...@0785.com
kevi...@2691.com
debora...@3585.com
kimberl...@5864.com
sara...@0858.com
zav...@131.com
qgmklyy...@163.com
pjp...@163.com
fahu...@163.com
danie...@4704.com
hele...@2620.com
Re: Reverse DNS RFCs and Recommendations
On Wed, Oct 30, 2013 at 9:12 AM, Nolan Rollo nro...@kw-corp.com wrote: RFC draft-msullivan-dnsop-generic-naming-schemes-00.txt states: I think you mean an Expired RFC Draft from 2006 written by the people from SORBS states : Which finally brings me to my questions: It seems like the unspoken de facto that mail admins appreciate given the IP 203.0.113.15 is 203-0-113-15.[type].[static/dynamic].yourdomain.tld. This seems perfectly acceptable, it's short, detailed and to the point. Is there really anything bad about this? No. Nothing at all, and as you've already discovered it's what is used by probably the majority of providers that include IP addresses in rDNS. What, if any would you name a network, gateway, broadcast address? Should the PTR be empty? I've never seen anyone put in rDNS for networks or broadcast addresses. (Naming networks was common many years ago, but it never made the jump to DNS from what I've seen). rDNS for gateways can be helpful for traceroute, and there are a few documents that provide examples of naming schemes for such hosts, but I can't seem to find them right now... Again, these are only samples - there's not such thing as a right answer. On Wed, Oct 30, 2013 at 9:24 AM, Nick Hilliard n...@foobar.org wrote: the only thing that's important is that forward and reverse DNS matches. After that, there is no correct or incorrect, so you need to do something that makes sense for your deployment. Well, yes and no... It's true that there's no correct answer, but there are incorrect answers - such as putting the term dynamic in the rDNS for an email server. It may not be incorrect enough to break an RFC, but it's still the wrong thing to do! Scott
Re: Reverse DNS RFCs and Recommendations
On Wed, Oct 30, 2013 at 2:33 PM, Nolan Rollo nro...@kw-corp.com wrote: So in the four examples below, 3 of them preface the IP with an alpha character. Charter however, starts the rDNS off with a number. I'm not arguing with anyone but what potential problems could that cause with DNS? I'm also thinking of the famous www.1and1.com, where the number 1 starts off one of the sections. Using domain name parts that start with a number will likely cause issues for anyone running resolvers written in the 80's. Anyone running resolvers that are less than ~25 years will likely not have any issues. Scott
Re: If you're on LinkedIn, and you use a smart phone...
On Sat, Oct 26, 2013 at 7:46 PM, Gary Baribault g...@baribault.net wrote: The other difference is that Google tells you up front, LinkedIn installed this out of the bleue without any real permissions. Of course if this where an opt in thing, nobody would be opting in! Well, I never did install their app and most certainly never will, and am telling all of my friends about this as well. Have you actually confirmed it's NOT opt-in? The screenshots on the Linked-in engineering blog referenced earlier certainly make it look like it is. http://engineering.linkedin.com/sites/default/files/intro_installer_0.png Of course, you could argue there's a difference between opting-in for enhancing your email with Intro and opting-in for Please MITM all of my email and dynamic modify it, but that's really just semantics - it definitely appears to be opt-in. Scott
Re: To CCIEs and JNCIEs
On Fri, Oct 11, 2013 at 12:28 AM, Randy Bush ra...@psg.com wrote: but who would want to deal with such slime? I dunno, it looks pretty legit to me!! Domain Name.. theccie.com Creation Date 2013-09-28 Registration Date 2013-09-28 Expiry Date.. 2014-09-28 Organisation Name the ccie Organisation Address. later Organisation Address. Organisation Address. Organisation Address. singapore Organisation Address. 100850 Organisation Address. singapore Organisation Address. SINGAPORE Scott
Re: Yahoo is now recycling handles
To their (partial) credit they are also supporting a new email header : Require-Recipient-Valid-Since: via draft-ietf-appsawg-rrvs-header-field The idea of this header is that it will allow a sender to control that a user will only receive an email if that email address was valid before a specific date, thus at least stopping someone from using a recycled account to carry out a password reset on another service. Facebook at least is already sending this header on all emails. Overall this is nothing new - Hotmail has been doing the same thing for years. Scott On Tue, Sep 3, 2013 at 8:09 PM, Jay Ashworth j...@baylink.com wrote: Whackiness, predictably, ensues: https://medium.com/editors-picks/46b47d95b957 You can do the math how this might affect you, your services, and your users, if you have those. Will people *ever* start listening when we tell them how Bad an Idea something is? The RISKS are endless... Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA #natog +1 727 647 1274
Re: couldn't get address for 'w.au': no more ,
It would appear there's something very unhealthy with your specific nameservers regarding .au. A direct email I sent you bounced (well, delayed warning) due to : The error that the other server returned was: 451 4.1.8 Domain of sender address sc...@doc.net.au does not resolve That address fairly clearly does resolve, and I've had no problems sending email to anywhere else on the internet, so it's obviously a local issue. Scott On Sat, Aug 31, 2013 at 1:05 PM, Mr. James W. Laferriere bab...@baby-dragons.com wrote: Hello All , Are the roots for .au lost in the haze someplace ? During my attempts to reach http://www.coker.com.au/**bonnie++/http://www.coker.com.au/bonnie++/ I tried a 'dig www.coker.com.au +trace' Did some roots change recently ? Tia, JimL Which yielded ... ; DiG 9.9.3-P2 www.coker.com.au +trace ;; global options: +cmd . 7424IN NS i.root-servers.net. . 7424IN NS m.root-servers.net. . 7424IN NS k.root-servers.net. . 7424IN NS a.root-servers.net. . 7424IN NS h.root-servers.net. . 7424IN NS d.root-servers.net. . 7424IN NS c.root-servers.net. . 7424IN NS l.root-servers.net. . 7424IN NS e.root-servers.net. . 7424IN NS g.root-servers.net. . 7424IN NS j.root-servers.net. . 7424IN NS b.root-servers.net. . 7424IN NS f.root-servers.net. . 517152 IN RRSIG NS 8 0 518400 2013090700 2013083023 49656 . lWj707jP5hxvgq8BwU5+IVeyuE/**p3wcEmuQRfzuneoFClny1L/xyaT53 IkhG57jFzRPsXbuvOM6J/**9tZzkbyuN20b5T0QLuxJVQsZT20pzW**SIZ54 MVcVd2HTRtq+* *Gr0OetDI3THRkgK06IVH0yyKrPqDCQ**I/iHbc+iljg21f lmc= ;; Received 857 bytes from 50.0.96.199#53(50.0.96.199) in 195 ms au. 172800 IN NS z.au. au. 172800 IN NS y.au. au. 172800 IN NS x.au. au. 172800 IN NS w.au. au. 172800 IN NS v.au. au. 172800 IN NS u.au. au. 172800 IN NS s.au. au. 172800 IN NS r.au. au. 172800 IN NS b.au. au. 172800 IN NS a.au. au. 86400 IN NSECaw. NS RRSIG NSEC au. 86400 IN RRSIG NSEC 8 1 86400 2013090700 2013083023 49656 . LZo++** i1OBOYRDncdZe8aAuO1TaWgCWVXVc/**aquFb0oT0LBNAbkPljT55 dQV8jlrsZyZ0QbAm09P29wuq1UBuca**6a1YX72DZrvfDeqX+1oXaAlEPd ZfFl2eQsao39AZPlRVfVVw18am5VX8**V4K/VmYgBeq1lmV52OVqYz2UVB ygQ= dig: couldn't get address for 'z.au': no more -- +-**--**---+ | James W. Laferriere | SystemTechniques | Give me VMS | | NetworkSystem Engineer | 3237 Holden Road | Give me Linux | | bab...@baby-dragons.com | Fairbanks, AK. 99709 | only on AXP | +-**--**---+
Re: Google having issues?
I've two 2 short outages to both Google Search and Google Mail/Apps over the last 30 mins. Both cleared after a few minutes. For Search at least it was returning a Google error page. Comcast in the Bay Area. Scott On Fri, Aug 16, 2013 at 4:29 PM, win...@team-metro.net wrote: Hey guys, I’m hearing reports of Google services (Search, Youtube, Mail, etc) going down all over the place, providing extremely spotty service. Works fine for me right now, but a lot of people seem to be having problems all over the world. Any ideas what’s going on? Thanks! ~ Em
Re: How big is the Internet?
You'd almost think this was a technology mailing list given some of the answers... (ohh.. wait!) How about this - the size of the Internet is just short of 3 billion. That's the number of people that have access to it. To me, that's a far more telling number than anything around IP address or Exabytes of data. Scott
Re: How big is the Internet?
To paraphrase Douglas Adams... The Internet is big. Really big. You just won't believe how vastly, hugely, mind- bogglingly big it is. I mean, you may think it's a long way down the road to the chemist's, but that's just peanuts to space! Scott On Wed, Aug 14, 2013 at 10:32 AM, Sean Donelan s...@donelan.com wrote: Researchers have complained for years about the lack of good statistics about the internet for a couple fo decades, since the end of NSFNET statistics. What are the current estimates about the size of the Internet, all IP networks including managed IP and private IP, and all telecommunications including analog voice, video, sensor data, etc? CAIDA, ITU, Telegeography and some vendors like Cisco have released forecasts and estimates. There are occasional pieces of information stated by companies in their investor documents (SEC 10-K, etc).
Re: How big is the Internet?
On Wed, Aug 14, 2013 at 8:24 PM, Jay Ashworth j...@baylink.com wrote: - Original Message - From: Patrick W. Gilmore patr...@ianai.net All that said: My back-of-the-envelope math says the Internet is order of 1 exabyte/day, as defined by my own rules on what counts as the Internet[*]. I could easily be wrong, but you asked. Which means that you could get somewhere between 11 and 17 days (depending on how far off my math was) worth of all of that onto LTO-5 carts and load them on a 747F. Where you'd fly them to, I'm not sure. Unless you add in de-dup, in which case it probably comes down to about 10 carts per day. After all, we all know that 90% of that 1 exabyte/day is just the same 3 cat videos on Youtube... Scott
Re: ARIN WHOIS for leads
On Thu, Jul 25, 2013 at 4:02 PM, Justin Vocke justin.vo...@gmail.comwrote: 512-377-6827 was one of the numbers trying to get more information about my network and how they could help me. Which appears to be http://www.siptrunksproviders.com/ Which in turns appears to be the same company as http://giglinx.com/ Scott
Re: One of our own in the Guardian.
Don't know about you, but when I log into my Comcast account I see : *Note:enforcement of the 250GB data consumption threshold is currently suspended * Even then, the 250GB only ever applied for the slower accounts. Scott On Sat, Jul 13, 2013 at 9:49 PM, Grant Ridder shortdudey...@gmail.comwrote: In Mountain View (the middle of Silicon Valley) the only choice i have is overpriced Comcast w/ a 300 gig limit. I used to chew threw 300 gig in a week when i was in school. -Grant On Sat, Jul 13, 2013 at 9:44 PM, Alex Rubenstein a...@corp.nac.net wrote: Yet, here, where I live, only 47 road miles from New York City, I have a cable company who sells me metered (yes, METERED) DOCSIS, for nearly $100/month, 35/3. The limitation is like 100 GB/month or something (the equivalent of the amount of Netflix or AppleTV my kids watch in a weekend) No alternatives, no FiOS, no nothing. Well, I can get 3/.768 DSL if I please. Someone, please help me. Please. Jima said: Really, who has 100/100 at home? Oddly, those living in Grand Coulee, WA. I went there once to setup corporate connectivity for a regional tire store. They ordered the minimal drop, 50/50Mbs. One of the tire changers there told me that he had 100/100 at home for $50/month. This was a town without T-Mobile service. I had to haul out the butt set and clip on to the business POTS lines to turn up the VPN. Most of rural Central Washington has very good fiber connectivity. Forward looking Public Utility Districts FTW! -- Joe Hamelin, W7COM, Tulalip, WA, 360-474-7474
Re: gTLDs opened up
On Wed, Jun 19, 2013 at 12:05 PM, Randy Bush ra...@psg.com wrote: AfriNIC put these wonderful people on stage at the African Internet Summit. At least they are good enough to include the facts in their FAQ : * 5 - Do business firms use open roots?* *Nowadays, no, or they are not identified. * Scott
Re: gTLDs opened up
If you're re-defining the general perception of DNS, why not re-define IPv4 whilst you're at it? It looks like the 4 at the start shouldn't be there - or at least, there is a DNS server at the IP address you get without the 4... Scott On Thu, Jul 11, 2013 at 10:08 PM, Alex Buie alex.b...@frozenfeline.netwrote: Am I missing something, or is that purporting to be an IPv4 address beginning with 478? http://www.open-root.eu/about-open-root/how-to-install-an-open-root-website-69/ On Thu, Jul 11, 2013 at 1:02 PM, Scott Howard sc...@doc.net.au wrote: On Wed, Jun 19, 2013 at 12:05 PM, Randy Bush ra...@psg.com wrote: AfriNIC put these wonderful people on stage at the African Internet Summit. At least they are good enough to include the facts in their FAQ : * 5 - Do business firms use open roots?* *Nowadays, no, or they are not identified. * Scott
Re: Cat-5 cables near 200 Paul, SF
On Fri, May 31, 2013 at 11:16 AM, Warren Bailey wbai...@satelliteintelligencegroup.com wrote: We talked about this the other day. I think the consensus was.. In San Fran, you're best off to head over to Fry's. The nearest Frys to SF is about 30 miles away in Palo Alto. Scott
Re: Google Public DNS Problems?
No issues on Comcast cable in the bay area, either Comcast business or Comcast home. Scott $ nslookup gmail.com 8.8.4.4 Server: 8.8.4.4 Address:8.8.4.4#53 Non-authoritative answer: Name: gmail.com Address: 74.125.239.149 Name: gmail.com Address: 74.125.239.150 On Wed, May 1, 2013 at 9:09 AM, Blair Trosper blair.tros...@gmail.comwrote: Is anyone else seeing this? From Santa Clara, CA, on Comcast Business...I'm getting SERVFAIL for any query I throw at 8.8.8.8 and 8.8.4.4... Level 3's own public resolvers are fine for me, as are OpenDNS's resolvers. Blair
Re: Google incorrect IPv6 GeoIP
On Fri, Apr 12, 2013 at 5:58 PM, Christopher Morrow morrowc.li...@gmail.com wrote: no you don't... the dreamhost example used the google ARIN allocation 2607:: this example uses the 2404 APNIC allocation. note that this may still be 'wrong', but .. it's a different wrong. :) But likely caused by exactly the same problem - with the distinction between between GeoIP of the DNS server and GeoIP of the client itself. (Keeping in mind that the DNS lookup could be occurring over IPv4, especially in the first example) Scott
Re: cannot access some popular websites from Linode, geolocation is wrong, ARIN is to blame?
On Sat, Mar 2, 2013 at 11:58 PM, Constantine A. Murenin muren...@gmail.comwrote: Additionally, it seems like both yelp.com and retailmenot.com block the whole 173.230.144.0/20 from their web-sites, returning some graphical 403 Forbidden pages instead. Although I have knowledge of either of those sites, I'd put money on the fact they they simply got sick of the repeated site scraping or similar activity from Linode and blocked the entire range. I've spoken to many other sites that have done exactly this, with a fairly clear inverse relation between the cost of the hosting provider and the likelihood of such behavioral (with Linode and Hetzner pretty much being at the top of that list) Scott.
Re: 10 Mbit/s problem in your network
On Sat, Feb 16, 2013 at 6:12 PM, Constantine A. Murenin muren...@gmail.comwrote: And at least in the US, I'm yet to encounter a complementary WiFi at any hotel that would be doing JavaScript insertion, so I'm not sure where you get your information that the free internet always means ads or a very high level of tampering. They exist, although they are rare. eg, http://bits.blogs.nytimes.com/2012/04/06/courtyard-marriott-wifi/ (This particular hotel apparently stopped shortly after this news broke) On Sun, Feb 10, 2013 at 8:11 AM, Måns Nilsson mansa...@besserwisser.org wrote: A VPN or SSH session (which is what most hotel guests traveling for work will do) won't cache at all well, so this is a very bad idea. Might improve some things, but not the really important ones. The chances of the average hotel wifi user even knowing what SSH means is close to zero. VPN connections are obviously common, but are becoming fewer and fewer by the day - especially non-split tunnel VPN. An on-site transparent proxy(with or without cache) will improve performance to at least some extent, if only because it's isolating the issues of the local network (potentially congested wifi in an environment that really isn't designed for good wifi coverage!) from the upstream. It's far better (and quicker) to handle a dropped packet between the client and the proxy than between the client and the webserver. From personal experience (around a dozen different hotels this year already) the best thing you can to do improve performance is to avoid Wifi and revert to a wired connection - or if you really want a wireless connection take your own travel wifi router and connect it via a wired connection. The performance difference in many hotels is significant, showing that the problem is often less the hotels Internet connection, and more their wifi. As an aside, I was sitting in JFK airport (terminal 4) a few days ago and having a shocking time getting a good internet connection - even from my own Mifi. I fired up inSSIDer, and within a few seconds it had detected 122 AP's... Scott.
Re: Suggestions for the future on your web site: (was cookies, and before that Re: Dreamhost hijacking my prefix...)
On Thu, Jan 24, 2013 at 8:48 AM, Rich Kulawiec r...@gsp.org wrote: (Yes, yes, I'm well aware that many people will claim that *their* captchas work. They're wrong, of course: their captchas are just as worthless as everyone else's. They simply haven't been competently attacked yet. And relying on either the ineptness or the laziness of attackers is a very poor security strategy.) So by this logic, the locks on your house (car/work/letterbox/cellphone/etc) are worthless too. Does that mean you leave your house unlocked? Scott.
Re: ripe/ncc likes cookies
On Sat, Jan 12, 2013 at 11:32 PM, Scott Weeks sur...@mauigateway.comwrote: Or ask me every time. Sites should not require cookies just to look around. I get it if there's a transaction to be made, but just to look? :-( Especially a site like RIPE! Umm.. Before deciding what sites should or shouldn't be doing, did you actually check WHY they are setting cookies? www.ripe.net sets 2 cookies for me : serverid=ws-www-plone2 wdm_last_run=1358067104394 The first of these is a fairly typical cookie for sites to set, and is normally use for session persistence when load balancing. The second seems to be related to something they are running to check IPv4 and IPv6 connectivity, and specifically controlling that it only gets run once for each client. That seems to be a perfectly acceptable use of cookies for me, and is something that could not reliably be done any other way. Scott
Re: Microsoft Product Activation server reachability
Working now, tested from 3 hosts on different networks on both 80 and 443 : $ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... Connected to wpa.one.microsoft.com. Escape character is '^]'. Scott On Fri, Jan 11, 2013 at 12:02 AM, Ben Carleton carle...@vanoc.net wrote: - Original Message - From: Nathan Anderson nath...@fsr.com To: nanog@nanog.org nanog@nanog.org Sent: Thursday, January 10, 2013 11:24:16 PM Subject: Microsoft Product Activation server reachability Anybody else having a problem reaching (what appears to be) the sole Microsoft Product Activation server (wpa.one.microsoft.com)? $ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107): 56 data bytes 36 bytes from 213.199.189.41: Communication prohibited by filter I get this sourcing from our network, from ATT 3G, and from ye residential DSL connection located in the greater Seattle area. They aren't simply source-filtering. Either that or they are source-filtering for 0.0.0.0/0 . This is apparently the only server/IP they have set up to respond to these requests. wpa.one.microsoft.com resolves to that IP via every DNS server I've tried (so no round-robin A records), Microsoft products that need to activate over the internet only try to resolve that FQDN, and I've looked for others without success (wpa.two.microsoft.com isn't valid, for example). -- Nathan Anderson First Step Internet, LLC nath...@fsr.com I am seeing the same from NYC metro. According to MS ( http://technet.microsoft.com/en-us/library/bb457159.aspx#ECAA), access to that host on 80 and 443 is all that should be required to activate. (and wpa.one.microsoft.com has no , go figure) [ben@razor ~]$ ping wpa.one.microsoft.com PING wpa.one.microsoft.com (94.245.126.107) 56(84) bytes of data. From 213.199.189.41 icmp_seq=2 Packet filtered ^C --- wpa.one.microsoft.com ping statistics --- 6 packets transmitted, 0 received, +1 errors, 100% packet loss, time 5260ms [ben@razor ~]$ telnet wpa.one.microsoft.com 80 Trying 94.245.126.107... ^C [ben@razor ~]$ telnet wpa.one.microsoft.com 443 Trying 94.245.126.107... ^C -- Ben
Re: Gmail and SSL
On Mon, Dec 31, 2012 at 6:07 AM, John R. Levine jo...@iecc.com wrote: Really, this isn't hard to understand. Current SSL signers do no more than tie the identity of the cert to the identity of a domain name. Anyone who's been following the endless crisis at ICANN about bogus WHOIS knows that domain names do not reliably identify anyone. So you're saying that you'd have no problems getting a well-known-CA signed certificate for, say, pop.mail.yahoo.com? If you can't, then it would seem that the current process provides (at least) a better mechanism than just blindly accepting self-signed certificates, no? Also keep in mind that this particular argument is about the certs used to submit mail to Gmail, which requires a separate SMTP AUTH within the SSL session before you can send any mail. This isn't belt and suspenders, this is belt and a 1/16 inch piece of duct tape. Err.. no it's not. It's about the certs used when Gmail connects to a 3rd-party host to collect mail. ie, Google is the client, not the server. Scott
Re: regions.com down??
But only over HTTP. Working fine over HTTPS for me. Scott On Wed, Dec 26, 2012 at 1:46 PM, Joshua Goldbard j...@2600hz.com wrote: Http://www.downforeveryoneorjustme.com/regions.com Down. Sent from my iPad On Dec 26, 2012, at 1:45 PM, Positively Optimistic positivelyoptimis...@gmail.com wrote: Is http://www.regions.com down globally?
Re: www.ipv6.facebook.com not loading)
On Thu, Oct 25, 2012 at 6:25 AM, Jeroen Massar jer...@unfix.org wrote: I am getting NXDOMAIN for www.ipv6.facebook.com thus it likely is fully gone now: Same from here. www.facebook.com is nicely at 2a03:2880:2050:1f01:face:b00c:: (which is kinda scary as typically the lowest address is a subnet anycast address, but I guess they have just configured it as a /128 and then it is not an issue...) The lowest address on that subnet (presuming a /64) would be 2a03:2880:2050:1f01:: Scott
Re: guys != gender neutral
On Thu, Sep 27, 2012 at 11:10 AM, Jo Rhett jrh...@netconsonance.com wrote: Guys seem to think that it's gender neutral. The majority of women are used to this, but they have indicated to me that they don't believe it to be very neutral. Using guys is not gender neutral, it's flat out implying the other gender doesn't matter. * The Oxford English dictionary apparently disagrees with you. http://oxforddictionaries.com/definition/american_english/guy?region=usq=guys (*guys*) people of either sex: * you guys want some coffee? * As other many words in the English language there are multiple definitions, and one of those definitions is gender specific - but the one above is very much gender neutral (either sex - it doesn't get much clearer than that!) Scott
Re: The Department of Work and Pensions, UK has an entire /8
On Tue, Sep 18, 2012 at 9:49 PM, Mike Hale eyeronic.des...@gmail.comwrote: So...why do you need publicly routable IP addresses if they aren't publicly routable? Because doing anything else is Harmful! There's even an RFC that says so! http://tools.ietf.org/html/rfc1627 - Network 10 Considered Harmful Ford's /8 was allocated in 1988, a full 6 years before RFC1597 (the precursor to RFC1918) was released. Scott.
Re: Is Hotmail in the habit of ignoring MX records?
On Thu, Jul 26, 2012 at 7:45 PM, Mark Andrews ma...@isc.org wrote: You don't lookup MX records for MX targets. This is basic MTA processing. If the MX lookup fails, as apposed to returns nodata, you don't lookup the A/ records and synthesis a MX record. You treat it as a soft error and queue for retry later. Again this is basic MTA processing. And yet, Hotmail apparently is doing the exact opposite of that. Which means what 'should' happen or what 'should' be done isn't as relevant as we would all it to be. Given this, considering unusual things like the target of an MX record having an MX record it - whilst completely irrelevant for a well-behaved mail server - might actually be relevant here... Scott.
Re: Cisco Update
On Thu, Jul 5, 2012 at 9:42 AM, Jon Lewis jle...@lewis.org wrote: Routers are sometimes used on networks that don't have internet connectivity [by design]. This seems amazingly short-sighted for a company that's been around selling routing gear as long as cisco. If the router is not connected to the internet (either due to network design, or just because you ripped out the WAN cable) then it IS able to be managed locally. Plug the Internet back in, and that option goes away. Scott
Re: job screening question
On Thu, Jul 5, 2012 at 10:16 AM, David Coulson da...@davidcoulson.netwrote: What if they said it would cause the generation of port-unreachable ICMP packets to cease, and applications may hang until they timeout? Not the answer you're looking for, but not wrong either. Umm, yeah, it is wrong. The question was TCP. TCP doesn't send ICMP Port-Unreach, it sends RST packets. Scott
Re: F-ckin Leap Seconds, how do they work?
On Wed, Jul 4, 2012 at 8:50 AM, Jimmy Hess mysi...@gmail.com wrote: The NTP daemon could still provide a configuration option to not implement leap-seconds locally, or ignore the leap-second announcement received. So the admin can make a tradeoff favoring Stability over Correctness, of _allowing_ the local clock to become 1 second inaccurate for a short time after the rare occasion of a leap second; and step it or slew the local clock, eg include the leap second in the ordinary time correction, averaged over a period of time instead of a 1 second jump. Unless I'm mis-reading things, it already does - of sorts. According to the ntpd website ( http://www.ntp.org/ntpfaq/NTP-s-algo-real.htm#AEN2499) : *The theory of leap seconds in explained in Q: 2.4.. In reality there are two cases to consider: If the operating system implements the kernel discipline described in Section 5.2, ntpd will announce insertion and deletion of leap seconds to the kernel. The kernel will handle the leap seconds without further action necessary. If the operating system does not implement the kernel discipline, the clock will show an error of one second relative to NTP's time immediate after the leap second. The situation will be handled just like an unexpected change of time: The operating system will continue with the wrong time for some time, but eventually ntpd will step the time. Effectively this will cause the correction for leap seconds to be applied too late. * Linux does implement the kernel discipline (via ntp_adjtime), so the first option is what normally happens. However you can disable this with an ntpd config option (disable kernel) or via ntpdc at which point I'm presuming it will fall back to the second option. The second option still gives you a step, but using the -x option to NTPD will slew this step, giving a gradual correction to the 1 second difference. Of course there would be side effects of this (the kernel implementation of NTP is there for a reason, and this disables it), but at least it's better than a server hang... Scott.
Re: FYI Netflix is down
On Sat, Jun 30, 2012 at 12:04 PM, Todd Underwood toddun...@gmail.comwrote: This was not a cascading failure. It was a simple power outage Cascading failures involve interdependencies among components. Not always. Cascading failures can also occur when there is zero dependency between components. The simplest form of this is where one environment fails over to another, but the target environment is not capable of handling the additional load and then fails itself as a result (in some form or other, but frequently different to the mode of the original failure). Whilst the Amazon outage might have been a simple power outage, it's likely that at least some of the website outages caused were a combination of not just the direct Amazon outage, but also the flow-on effect of their redundancy attempting (but failing) to kick in - potentially making the problem worse than just the Amazon outage caused. Scott
Re: Dear Linkedin,
On Sat, Jun 9, 2012 at 10:52 AM, joseph.sny...@gmail.com wrote: My biggest problem still is the multiple computer issue. I am on at least 3-5 physical computers and 1-20 virtual machines, and 2 cellphones a day. I honestly do not want to store a database of passwords encrypted or not on an open service. Security is all about trade-offs. In this case it's the trade-off between storing an excrypted password database on a 3rd party server, v's re-using passwords and having (potentially) weaker passwords as a result of not doing so. Personally I use KeePass, with the database stored on a cloud-synced directory. To decrypt the KeePass database requires both a Passwords AND a Key file, which is NOT synced to the cloud. IMHO this gives the best of both worlds - easy syncing between multiple computers and the ability to use unique, very strong passwords with all websites. But also very strong security in the case that the KeePass database is somehow compromised from the cloud service, as both the password and keyfile would be required to decrypt. Scott
Re: CVV numbers
On Sat, Jun 9, 2012 at 7:14 AM, Joel Maslak jmas...@antelope.net wrote: That said, the purpose of CVV is to stop *one* type of fraud - it's to stop a skimmer from being able to do mail-order/internet-order with your card number. The CVV is not on the magnetic strip, so a skimmer installed at the ATM or gas pump won't be able to capture it. No, it's to stop more than one type of fraud - however your point is correct in that it's not designed to stop *all* fraud, it's just one of many layers of prevention. In addition to the one you've mentioned, the CVV2 also stop the card being fraudulently being used in any situation where the card number has been leaked, such as a database of card numbers being hacked, a receipt with the full number on it (rare if at all existent these days), etc. The rules on CVV2 numbers basically say that the number can never be recorded by the merchant after the transaction has been processed, which pretty much means that they can't store it at all in any form. If a database is hacked, the CVV2 number will not be there. Scott
Re: CVV numbers
On Sat, Jun 9, 2012 at 12:12 PM, Wayne E Bouchard w...@typo.org wrote: The main weakness of CVV2 these days is form history in browsers. (auto complete). Any website requesting a CVV2 in a form field without the form history/autocomplete being disabled is in breach of PCI compliance, and risks losing their ability to accept credit cards. That's not to say there aren't some that do it, but to call this the main weakness of CVV2 is simply wrong. Scott
Re: CVV numbers
On Sat, Jun 9, 2012 at 2:25 PM, Jimmy Hess mysi...@gmail.com wrote: Someone must have something in a database that can easily derive the CVV2 number; There is no way to derive the CVV2 number. It is little more than a random number assigned to the card. otherwise there would be no way for it to be verified that the correct number has It is verified by comparing it to the known CVV2 number stored by the credit card company/bank that issued the card. I bet there is at least one small retailer out there who takes phone orders and gathers CVV2, and at least one POS software developer out there who is unaware of, has ignored, or has intentionally/unintentionally disobeyed the rule about never storing CVV2 values in a database, Gathering CVV2 number over the phone is completely valid. It's even valid to write them down, as long as they are destroyed as soon as the transaction has been completed. Of course there are people that disobey/ignore/don't know the rules - no level of security will ever be perfect in this regards - it's all about making the security better and reducing the rate of fraud/chargebacks. In other words CVV2 is a weak physical proof mechanism that only works if all parties involved obey the rules perfectly without error, Correct. It's a weak physical proof mechanism that has succeed in having a very significant reduction in fraudulent transactions/chargebacks across pretty much the entire industry. Remind me again what your point was? Scott
Re: Need (to acquire or sell) IPv4? Come to SpaceMarket.
On Tue, May 29, 2012 at 5:16 PM, Timothy McGinnis mc...@isc.org wrote: Dear Unnamed person at The SpaceMarket, He appears to not be unnamed. Gmail links the user to the Google+ profile https://plus.google.com/116655492141266828122 under the name Dan Cooper, and with a photo of another Dan Cooper, being http://en.wikipedia.org/wiki/D._B._Cooper Yup, that's the type of person you want to be buying IPv4 addresses off... Scott.
Re: Outgoing SMTP Servers
On Tue, Oct 25, 2011 at 2:51 AM, Aftab Siddiqui aftab.siddi...@gmail.comwrote: Blocking port/25 is a common practice (!= best practice) for home users/consumers because it makes life a bit simpler in educating the end user. MAAWG have considered this a best practice for residential/dynamic IPs since 2005 - http://www.uceprotect.net/downloads/MAAWGPort25English.pdf The FTC and numerous other government agreed the same year - http://www.ftc.gov/bcp/edu/microsites/spam/zombie/letter_english.pdf (The URL in the pdf no longer works - it's not http://www.ftc.gov/bcp/edu/microsites/spam/zombie/) Anyone not yet past the denial stage on this one needs to get themselves a copy of RFC 5068 and start reading. Scott.
Re: Outgoing SMTP Servers
On Tue, Oct 25, 2011 at 2:49 AM, Owen DeLong o...@delong.com wrote: Interesting... Most people I know run the same policy on 25 and 587 these days... to-local-domain, no auth needed. relay, auth needed. auth required == TLS required. Anything else on either port seems not best practice to me. RFC 5068 covers the best practice, and it's not what you've got above. Allowing unauthenticated inbound mail on port 587 defeats the entire purpose of blocking port 25 - the front door is now closed to spammers, but you've left the back door open! (Security through obscurity saves you here in that spammers rarely use port 587 - yet). There isn't a single situations where you should be expecting an unauthenticated inbound message on the 'Submission' port (is, 587) As much as some ISPs still resist blocking port 25 for residential customers, it does have a major impact on the volume of spam leaving your network. I've worked with numerous ISPs as they have gone through the process of blocking port 25 outbound. In every case the number of end-user complaints has been low enough to be basically considered background noise, but the benefits have been significant - including one ISP who removed not only themselves but also their entire country from most of the 'Top 10 Spammers' list when they did it! Scott.
Re: NANOG:RE: [outages] News item: Blackberry services down worldwide
On Thu, Oct 13, 2011 at 12:21 PM, McCall, Gabriel gabriel.mcc...@thyssenkrupp.com wrote: ActiveSync on Android allows corporate to force compliance with security policy and allow remote wipe. User cannot complete the exchange account setup without permitting the controls. If the user doesn't agree their sync isn't enabled. Moreover, if corporate requirements change sync is disabled until you approve again. That seems like it covers all the bases to me. There's two key differences between ActiveSync and BES. The first is that ActiveSync implementations vary widely between different manufacturers/implementations/versions/etc. There is a core set of features that all manufacturers must implement, but it's a very small percentage of the full feature set of controls that ActiveSync supports. Things like enforcing a PIN code fit into this category, but other options like disabling the camera and (from memory) device encryption or even remote wipe are NOT in this category. As a result, even if you enable these features on your Exchange/ActiveSync server, you can't be sure that they are actually being enforced as you can't readily control which devices are being used with ActiveSync, and (realistically) you can't stop a user from changing devices so that even if you gave them a handset that supported all the features you wanted, they could simply move over to a new device that didn't. The second key difference is inbound v's outbound. ActiveSync requires you to allow connections into your network from outside, where BES doesn't. In todays world that's not really an issue - especially as most people will have their email servers accessible from the Internet in some way or other - but in BB's heyday this alone was one of the key differientators for Blackberry v's anything else (be that ActiveSync, POP/IMAP/etc, or any other protocols) With so many companies today working on the entire concept of Mobile Device Management (MDM), Blackberry will fade into insignificance in the not too distant future if they don't come out with something better than the competition - but even today they still allow far better control over handsets than ActiveSync alone does. Scott.
Re: Y'all know Google is offering public DNS services now?
On Mon, Oct 10, 2011 at 11:04 PM, Christopher Morrow morrowc.li...@gmail.com wrote: On Tue, Oct 11, 2011 at 1:19 AM, Scott Howard sc...@doc.net.au wrote: the initial release date (not actually shown in the that version as far as I can see, but it was around the same time Google announced their public DNS servers). jan 27 2011, so says the doc header... The original draft had a different name, and was released in Jan 2010. http://tools.ietf.org/html/draft-vandergaast-edns-client-ip-00 Scott
Re: Y'all know Google is offering public DNS services now?
This service has been discussed several times in the ~2 years since it was first released (including topics such as why it's bad for CDNs) The archives would be a good place to start... Scott. On Mon, Oct 10, 2011 at 2:12 PM, steve pirk [egrep] st...@pirk.com wrote: I saw this in a post from Travis Wise of Google yesterday. Pretty cool for those users who do not want to use their ISP's name servers, or just want to have dns resolve quickly from anywhere in the world. In either case, I think it is cool ;-] http://code.google.com/speed/public-dns/ Here is the original post - Yes, this one is public... oops! https://plus.google.com/111937447827665620879/posts/27S6QB8j1Ry Nice easy numbers to remember too. 8.8.8.8 and 8.8.4.4 -- steve pirk yensid father... the sleeper has awakened... paul atreides - dune kexp.org member august '09
Re: Y'all know Google is offering public DNS services now?
On Mon, Oct 10, 2011 at 6:27 PM, steve pirk [egrep] st...@pirk.com wrote: Awesome link Todd - Why did I think that the resolving server would already know where network path wise the request came from. Let me post this as a comment and ask how the CDN endpoint routing is working. I would guess, using this - http://tools.ietf.org/html/draft-vandergaast-edns-client-subnet-00 Note the authors (two from Google), and the initial release date (not actually shown in the that version as far as I can see, but it was around the same time Google announced their public DNS servers). Scott.
Re: East Coast Earthquake 8-23-2011
On Tue, Aug 23, 2011 at 2:48 PM, Owen DeLong o...@delong.com wrote: A 5.8 (or 5.9, I've seen conflicting numbers) really isn't likely to do all that much damage, even on the East Coast. A 5.6 quake in Newcastle, Australia in 1989 caused, according to Wikipedia, 13 fatalities, 160 people hospitalised, 300,000 people affected. 50,000 homes damaged, 300 buildings demolished. Damage estimated at $4 billion. I left Newcastle in 1997, and even then there were will houses that had not been fully repaired from the damage caused. A smaller 5.2 quake in 1994 only caused $35 million worth of damage. So whilst it's not unusual for 5.x quakes to pass without causing any real damage, there's a lot more to it than just the magnitude... Even the 3.6 magnitude one in CA last night was enough to cause my mini-UPS at home to jump onto battery for a few seconds. Scott.
Re: STRIKE: VZN
And it's over as of tomorrow night. http://edition.cnn.com/2011/BUSINESS/08/20/verizon.strike/ Scott. On Sat, Aug 6, 2011 at 10:14 PM, Jay Ashworth j...@baylink.com wrote: As of midnight, 45,000 IBEW and CWA members are striking Verizon, as their contract has expired. http://www.reuters.com/article/2011/08/07/us-verizon-labor-idUSTRE7760C320110807 It's not clear how this might affect what we do, but it might, and I figured the heads up would probably be useful. Cheers, -- jra -- Jay R. Ashworth Baylink j...@baylink.com Designer The Things I Think RFC 2100 Ashworth Associates http://baylink.pitas.com 2000 Land Rover DII St Petersburg FL USA http://photo.imageinc.us +1 727 647 1274
Re: Cisco Ironport and Senderbase...how to get delisted?
In sort, wait... Once you're de-listed from SpamCop (which is owned by IronPort and plays a non-trivial part in their SenderBase scoring) you should find that your reputation increases fairly quickly - normally within 24 hours presuming that the spam has actually stopped. Scott. On Wed, Aug 17, 2011 at 1:57 PM, u...@3.am wrote: We had two users fall for a phishing email recently, and of course the result was that he gave his user/pass to a spammer. We caught one of them in time, but the other got out many thousands of spam the other night before being discovered. I am in the process of cleaning this up. Spamcop and others were good about delisting us promptly. Others will within the next day. However, Senderbase, apparently used in Cisco's Ironport, will let you look up your IP and tell you that your reputation is poor, but offers no way to get delisted. It refers you to Spamcop, which I imagine they rely on for listings, but not delistings. For now, I'm re--routing per domain to a second server, but I'd appreciate any tips if there are any. Seems a lot of .edu's use senderbase.
Fwd: ICANN 41 - now underway
Guessing some people here might be interested in this, but it seems to have only been sent to APAC-based *NOGs... Scott -- Forwarded message -- From: Save Vocea save.vo...@icann.org Date: Sun, Jun 19, 2011 at 5:30 PM Subject: [AusNOG] ICANN 41 - now underway To: aus...@ausnog.net aus...@lists.ausnog.net Dear all, The ICANN 41 meeting is already underway in Singapore this week and fortunately this is closer to the Oceania regional time zones. The official welcoming ceremony and opening is starting at 9am Singapore time. The full meeting schedule is available at http://singapore41.icann.org/full-schedule where if you click on the session link takes you to remote participation links so one can participate/follow proceedings remotely. There’s also live twitter feeds referencing #ICANN and #ICANN41 Regards, Save Vocea ICANN rep Australasia/Pacific Islands ___ AusNOG mailing list aus...@lists.ausnog.net http://lists.ausnog.net/mailman/listinfo/ausnog
Re: Strongest Solar Tsunami in Years to Hit Earth Today
On Fri, Jun 10, 2011 at 8:11 PM, Matthew Palmer mpal...@hezmatt.org wrote: On Fri, Jun 10, 2011 at 03:22:59PM +0300, Hank Nussbacher wrote: http://www.ibtimes.com/articles/159964/20110609/nasa-solar-flare-tsunami-earth-sun-radio-satellite-interference-aurora-displays-coronal-mass-ejectio.htm Someone should tell the IB Times that Tsunami doesn't mean anything big and destructive. Oh, and that popup ads are *s* 1997. While you're at it you might want to let NASA know too... http://www.nasa.gov/mission_pages/stereo/news/solar_tsunami.html Scott
Re: Question about migrating to IPv6 with multiple upstreams.
On Sat, Jun 11, 2011 at 6:50 PM, Randy Carpenter rcar...@network1.netwrote: With IPv6, we are having some trouble coming up with a way to do this. Since there is no NAT, does anyone have any ideas as to how this could be accomplished? Juniper, *BSD (including pfsense) and Linux all do NAT66 in some form or other, as potentially do others. Scott
Re: [v6z] Re: IPv6 day fun is beginning!
That's because you're asking the wrong nameservers. The response you're getting is pointing you to the correct nameservers (glb1/glb2.facebook.com) which are defintely returning records for me : $ dig +short www.facebook.com @glb1.facebook.com 2620:0:1c08:4000:face:b00c:0:3 Scott. On Tue, Jun 7, 2011 at 5:04 PM, fredrik danerklint fredan-na...@fredan.sewrote: This is from Sweden. $ dig any www.facebook.com @ns1.facebook.com ; DiG 9.7.3 any www.facebook.com @ns1.facebook.com ;; global options: +cmd ;; Got answer: ;; -HEADER- opcode: QUERY, status: NOERROR, id: 61742 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 2, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;www.facebook.com. IN ANY ;; AUTHORITY SECTION: www.facebook.com. 86400 IN NS glb1.facebook.com. www.facebook.com. 86400 IN NS glb2.facebook.com. ;; ADDITIONAL SECTION: glb1.facebook.com. 3600IN A 69.171.239.10 glb2.facebook.com. 3600IN A 69.171.255.10 ;; Query time: 58 msec ;; SERVER: 204.74.66.132#53(204.74.66.132) ;; WHEN: Wed Jun 8 02:01:37 2011 ;; MSG SIZE rcvd: 104 No records at the moment. Checked alll their nameservers. -- //fredan
Re: [v6z] Re: Yahoo! Mail Issue
On Tue, Apr 12, 2011 at 2:22 AM, Nathanael C. Cariaga nccari...@stluke.com.ph wrote: ps. I'm just wondering why yahoo doesn't inform their users that the email that they sent was blocked because of their servers were listed in a blocklist (inspite that the server is able to return a correct reject code 550) Because 550 is NOT a valid response code at that stage in the conversation. According to the RFC, the only two valid responses to an initial connection are a 220 or a 554. Even then, RFC 2821 doesn't make it clear if a 554 on initial connection should be considered a fatal error at the message level, and as a result most mail servers will consider it a temporary failure and will re-try to send the message multiple times even after getting a 554 (and especially after getting an invalid 550). As someone else has already pointed out, the solution is to return the 5xx response after the rcpt to, not at the initial connection. On 4/12/2011 3:33 PM, Matthew Petach wrote: -bash-3.2$ telnet qc.stluke.com.ph 25 Trying 219.90.94.56... Connected to qc.stluke.com.ph. Escape character is '^]'. 550 Blacklisted: Blocked - seehttp:// www.spamcop.net/bl.shtml?115.178.12.223 Connection closed by foreign host. Closing the connection immediately after sending the 5xx is also not RFC compliant. You MUST give the client the opportunity to close down the connection with a quit command. Scott
Re: [v6z] Re: New tsunami advisory warning - Japan
On Sun, Mar 27, 2011 at 6:28 PM, andrew.wallace andrew.wall...@rocketmail.com wrote: On Mon, Mar 28, 2011 at 1:59 AM, valdis.kletni...@vt.edu wrote: *yawn*. A foot and a half isn't going to be all *that* bad Remember a wall of tsunami water travels in general at approx 970 kph (600 mph), think about it. That's in deep water, where the height of the wave might be a few inches at most. Once it reaches shallow water the speed drops significantly and the height increases. Scott
Re: [v6z] The growth of municipal broadband networks
On Fri, Mar 25, 2011 at 11:31 AM, Paul Graydon p...@paulgraydon.co.ukwrote: http://arstechnica.com/tech-policy/news/2011/03/133-us-cities-now-run-their-own-broadband-networks.ars Ars Technica has a short article up about the growth of municipal networks, but principally a nice little 'hey check out this website' ( http://www.muninetworks.org/communitymap) The whole scenario around municipal broadband networks in a hopefully unbiased nutshell: Increasing numbers cities and counties seem to be getting frustrated with what they see as the lack of progress in broadband speeds from their incumbent provider(s) (even after incumbent provider(s) have been approached requesting faster speeds) and are deciding to do it themselves. Whilst that's certainly true for some areas, it's definitely not the case for all of the areas marked on that map. The only entry for the SF Bay area is San Bruno, where the municipal-owned cable provider *is* the incumbent, and has been for the past 30 years. Not only are they the incumbent, but they are also a monopoly who have blocked competition, resulting in higher prices than in much of the rest of the bay area. Scott (Happily no longer living in San Bruno)
Re: ICANN approves .XXX red-light district for the Internet
On Sat, Mar 26, 2011 at 1:55 PM, William Herrin b...@herrin.us wrote: If the creation of .xxx is a preliminary step in making the fact of your web site only being accessible by a name ending in .xxx an affirmative defense against a charge of allowing minors to access your site then But do you really believe playboy are going to give up playboy.com? Or that new websites are going to register an address that will result in their website not being visible by 1/6th of the worlds population ( http://uk.ibtimes.com/articles/127009/20110325/india-blocks-xxx-domain.htm - and we all know China and several other countries won't be far behind so we're probably talking closer to half or more of the worlds population). At first glance this might sounds like a good idea, but do you know any *.travel or *.asia (etc) websites that don't also have the equivalent or similar .com version? Nobody uses these domains as their only domain, it's just yet another one that they will register - and yet more money they need to pay to the registries each year to protect their brand. Scott.
Re: Who owns (or is allocated) 208.64.200.0/22?
It was unallocated a few days ago : http://lists.arin.net/pipermail/arin-issued/2011-March/000807.html Google will probably give you a fair idea why (the word botnet comes up a lot!) Scott On Tue, Mar 8, 2011 at 8:14 AM, mikea mi...@mikea.ath.cx wrote: I rise to expose my ignorance. 208.0.0.0/8 is an ARIN block, and ARIN has allocation data for the blocks immediately adjoining 208.64.200.0/22, but no allocation data for 208.64.200.0/22 itself, either in WHOIS or in the website. Nor does 208.64.200.0/22 appear to be special in any way. Is this an oversight? How do I get it corrected, if it is? -- Mike Andrews, W5EGO mi...@mikea.ath.cx Tired old sysadmin
Re: [v6z] 39.0.0.0/8 on table already ?
39/8 was assigned to APNIC in January, and realistically should have been removed from any bogon lists at that time. At this stage it appears they are still doing Resource Quality Assessment on it and haven't actually carried out any assignments, but that in itself is enough of a reason to make sure that it's reachable. http://www.apnic.net/services/services-apnic-provides/registration-services/resource-quality-assurance Scott. On Thu, Mar 3, 2011 at 12:07 AM, Danny Pinto danny.pi...@ymail.com wrote: Hi , I saw 39.0.0.0/8 from AS273 on global table till last week .Was it a genuine advertisement or some tests ongoing with 39.0.0.0/8 or any other previously reserved spaces . I am updating my bogons lists and want to know any experiments happening with previous reserved spaces. Thanks, Dan
Re: [v6z] Re: What vexes VoIP users?
On Mon, Feb 28, 2011 at 3:00 PM, Joe Greco jgr...@ns.sol.net wrote: In my neck of the woods, you can get a basic POTS line for $15/month if it's important to you, local calls billed by the number of calls and the normal LD charges. Add a basic DSL service to that ($20) AND add a basic unlimited VoIP service to that ($20) and suddenly you have the benefits of POTS for emergencies *plus* Internet connectivity *plus* unlimited worldwide calling for ~$60/month Or just move to California, order residential dry-loop DSL from ATT (not sure about via resellers) and they are required by law to give you dial-tone and access to 911. $20/month for the DSL, $0/month for the VOIP (via Google Voice and Asterisk) and you've got the best of all worlds. Scott.
Re: [v6z] Re: IPv6 mistakes, was: Re: Looking for an IPv6 naysayer...
On Sat, Feb 12, 2011 at 9:26 AM, Lamar Owen lo...@pari.edu wrote: While I have a few WRT54G's lying around, I've never tried IPv6 on them, and would find it interesting if anyone has. I used a WRT54G running DD-WRT for some time with a HE IPv6 tunnel (now replaced with a Cisco 877, but not due to any failing of the Linksys/DD-WRT) IPv6 support is actually broken in the latest version of DD-WRT, and it's been that way for some time (measured in years), however with some hacking you can get it to work. It's not at all user friendly, and definitely not consumer ready, but once it's working it's pretty much rock solid. All up I'd say I probably spent less time getting IPv6 working on DD-WRT than on my Cisco 877W (Hint: IOS 12.x doesn't support IPv6 on the bridge interface, the IOS 15.x Advanced Security feature set doesn't support IPv6 at all, and the flash requirements listed for 15.1 Advanced IP are wrong. Go Cisco!) Keep in mind that not all WRT54G's support DD-WRT. Linksys moved from Linux to Vxworks but kept the model number the same (the version did change). The WRT54GL along with various other devices do support it - details are on the DD-WRT website. Scott.
And so it ends...
102/8 AfriNIC2011-02whois.afrinic.net ALLOCATED 103/8 APNIC 2011-02whois.apnic.net ALLOCATED 104/8 ARIN 2011-02whois.arin.netALLOCATED 179/8 LACNIC 2011-02whois.lacnic.net ALLOCATED 185/8 RIPE NCC 2011-02whois.ripe.netALLOCATED
Re: Significant Announcement (re: IPv4) 3 February - Watch it Live!
The Windows Media stream was working for me (the others were giving the database error), but it's all over now. There's a press conference at 10:00am EST, but I'm not sure if it's going to be webcast or not. Scott. On Thu, Feb 3, 2011 at 6:37 AM, Sameer Khosla skho...@neutraldata.comwrote: Anyone else getting Error establishing a database connection trying to bring this up? Thanks Sameer -Original Message- From: John Curran [mailto:jcur...@arin.net] Sent: Tuesday, February 01, 2011 8:24 AM To: nanog@nanog.org list Subject: Significant Announcement (re: IPv4) 3 February - Watch it Live! FYI - Some people in this community may want to watch this event (either in person or via webcast) /John John Curran President and CEO ARIN Begin forwarded message: From: ARIN i...@arin.netmailto:i...@arin.net Date: February 1, 2011 7:09:02 AM EST To: arin-annou...@arin.netmailto:arin-annou...@arin.net Subject: [arin-announce] Significant Announcement 3 February - Watch it Live! On Thursday, 3 February 2011, at 9:30 AM Eastern Standard Time (EST), the Number Resource Organization (NRO), along with the Internet Corporation for Assigned Names and Numbers, the Internet Society (ISOC) and the Internet Architecture Board (IAB) will be holding a ceremony and press conference to make a significant announcement and to discuss the global transition to the next generation of Internet addresses. Much has been written in the international media over the last few weeks about the dwindling pool of Internet addresses using the original Internet protocol, called IPv4 (Internet Protocol version 4), and this topic will be addressed at the event. We invite all interested community members to view the webcast of this event at: http://www.nro.net/news/icann-nro-live-stream In the event you happen to be at the Intercontinental Hotel in Miami on Thursday, there will be limited public seating available to attend (with press receiving seating priority) in Room Concourse II at 9:30 AM EST for the ceremony and 10:00 AM for press conference which follows. Regards, Communications and Member Services American Registry for Internet Numbers (ARIN)
Re: Verizon acquiring Terremark
From all accounts it will remain carrier neutral. http://www.datacenterknowledge.com/archives/2011/01/28/verizon-terremark-will-remain-carrier-neutral/ Scott. On Mon, Jan 31, 2011 at 6:38 AM, Ryan Finnesey ryan.finne...@harrierinvestments.com wrote: With Verizon acquiring Terremark does the group fell the NAPs will change from being carrier-neutral environments to pro Verizon? Has Verizon acquired carrier-neutral centers in the past? Cheers Ryan
World IPv6 Day
From http://www.networkworld.com/news/2011/011211-world-ipv6-day.html Several of the Internet's most popular Web sites - including Facebook, Google and Yahoo - have agreed to participate in the first global-scale trial of IPv6, the long-anticipated upgrade to the Internet's main communications protocol known as IPv4. The trial — dubbed World IPv6 Day — requires participants to support native IPv6 traffic on their main Web sites on June 8, 2011. Leading content delivery networks Akamai and Limelight Networks also committed to the IPv6 trial, which is being sponsored by the Internet Society. [...] Scott.
Re: sudden low spam levels?
On Mon, Jan 3, 2011 at 10:04 AM, Ken Chase k...@sizone.org wrote: I have two independent mailservers, and two other customers that run their own servers, all largely unrelated infrastructures and target domains, suddenly experiencing low levels of spam. There's definitely been a drop-off in spam levels over the past week, which comes on top of a general drop over the past few months. Although far from a great indicator of global levels, the following two graphs give a good idea on what's happening on a relative basis : Past Month - http://www.spamcop.net/spamgraph.shtml?spammonth Past Year - http://www.spamcop.net/spamgraph.shtml?spamyear The numbers for December are especially unusual, as with Christmas coming it's normally one of the higher months for spam. The drop-off since September is mainly due to the closure of spamit.com(Pharma spam referal company), although I haven't seen any reports of what's caused the drop-off in the past week or so. Scott.
Re: Choice of network space when numbering interfaces with IPv6
http://www.google.com/search?q=nanog+126+64 would be a good place to start... (And I'm guessing you mean that /64 is awfully large, not /126) Scott. On Fri, Oct 15, 2010 at 12:26 PM, Zaid Ali z...@zaidali.com wrote: SO I have been turning up v6 with multiple providers now and notice that some choose /64 for numbering interfaces but one I came across use a /126. A /126 is awfully large (for interface numbering) and I am curious if there is some rationale behind using a /126 instead of a /64. Zaid
Re: Network Operators Unite Against SORBS
On Tue, Oct 12, 2010 at 5:35 AM, iHate SORBS ihateso...@gmail.com wrote: I am calling on all Network Operators to stand up and stop routing dnsbl.sorbs.net until that time they can commit to making real changes. What sort of changes are you suggesting? Suggesting a block unless they make undisclosed changes is simply asinine. I'm no fan of SORBS, but at the end of the day (ignoring the issues like they had last week) they do what they say they do. The problem with SORBS is not SORBS itself, but the mail admins that are stupid enough to use it - or at least stupid enough to use it as a straight blacklist (as opposed to a scoring blacklist). Start up a campaign against those if you like - perhaps an RBL of people who are using the SORBS RBL - but asking people to stop routing a DNS domain just because you don't like their clearly stated listing criteria simply isn't going to fly. Scott.
Re: Scam telemarketers spoofing our NOC phone number for callerid
On Wed, Oct 6, 2010 at 8:55 AM, Jon Lewis jle...@lewis.org wrote: Some do. Anyone with control of a phone system with digital lines (i.e. asterisk with PRI) can trivially set callerID to whatever they want. There are perfectly legitimate, and not so legitimate uses for this. You don't even need the PRI. There's a number of SIP providers that will allow you to set CallerID. In some cases they do some level of verification first, but in many cases it's just a free-for-all. There were some laws passed recently which makes faking caller-id illegal, although I'm not sure exactly what the details are (eg, I'm fairly sure sending your cell phone number from a desk phone is fine as you own both of them). Scott.
Re: AS11296 -- Hijacked?
On Wed, Sep 29, 2010 at 9:26 AM, N. Yaakov Ziskind aw...@ziskind.us wrote: And, even if it *is* unreasonable, well, his network, his rules, right? I block all SMTP traffic from IPV4 servers (clients?) which have odd numbers in the third octet. might not be a good idea for a high volume mail server with clients, but if it's your network, go for it. Except that this thread started with a recommendation to block an entire AS, containing a reasonable number of networks. Recommendations such as that are only as credible as the source they are coming from, and knowing that the person making the request also believes that blocking all mail from gmail.com is a valid anti-spam technique probably results in a different credibility level than one might otherwise have. Scott.
Re: Convenience or slippery slope... or something else?
On Sat, Sep 11, 2010 at 8:24 PM, N. Yaakov Ziskind aw...@ziskind.us wrote: Jon Lewis wrote (on Fri, Sep 10, 2010 at 01:44:02PM -0400): On Fri, 10 Sep 2010, Reese wrote: A friend brought this to my attention: http://ipq.co/ And now FF blocks it as a reported attack page. Bound to happen... http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http://ipq.co/ Over the past 90 days, ipq.co appeared to function as an intermediary for the infection of 4 site(s) including [...] (Domains removed so as to not trigger anyones anti-spam software...) Scott
Re: Off-Topic: use laptop only as USB power supply
On Thu, May 20, 2010 at 9:51 PM, Roy r.engehau...@gmail.com wrote: Why carry a laptop? Here are some examples http://www.walmart.com/ip/Belkin-Mini-Notebook-Surge-Portector-with-Built-In-USB-Charger/10248165?sourceid=1503142050ci_src=14110944ci_sku=10248165 If you're looking at one of these, just be aware that they are 110 volts only. Scott.
Re: Securing the BGP or controlling it?
Made it to Slashdot too - http://tech.slashdot.org/story/10/05/10/0056228/The-Status-of-Routing-Reform-mdash-How-Fragile-is-the-Internet As usual I wouldn't recommend reading the comments unless you want your eyes to bleed... Scott. On Sun, May 9, 2010 at 8:39 PM, Franck Martin fra...@genius.com wrote: http://skunkpost.com/news.sp?newsId=2327
Re: Internap Looking Glass / Route Server
Internap do not have an external Looking Glass (not sure about Route Server, but I suspect it's the same). If you're a customer their helpdesk will run traceroutes/etc from a specific location if you ask, within reason of course... Scott. On Sat, May 1, 2010 at 12:07 PM, Max Clark max.cl...@gmail.com wrote: Hello, I'm looking for a public looking glass / route server connected to Internap - preferably in Los Angeles. Does such a thing exist? Thanks, Max
Re: Tracking down reverse for ip
On Thu, Apr 15, 2010 at 10:52 PM, James Hess mysi...@gmail.com wrote: On Thu, Apr 15, 2010 at 3:59 PM, William Pitcock neno...@systeminplace.net wrote: For someone who is a CCNA, Mikrotik Certified Whatever, etc, etc, etc, you really should know how to use dig(1). Certifications usually only suggest certain skills or knowledge they were designed to validate, and sometimes might fail even at that; dig(1) or detailed DNS knowledge is not scoped within either of those certs, as far as I know.. Whilst that's almost certainly right, I had a lot of trouble finding a google search that _didn't_ return something relevant as it's first hit (such as ARIN's whois, or one of several guides on how to use dig/etc for reverse DNS). Of course, they don't teach google in any certification I've come across either, but... Scott
Re: Fiber Outage in Sunnyvale, CA.
No problems here on the western side of 101 with our ATT Opt-e-man. That said, the majority of fiber in the Sunnyvale area is on the other side of 101. Scott On Thu, Apr 15, 2010 at 2:29 PM, Shon Elliott s...@unwiredbb.com wrote: I heard there is a fiber outage in Sunnyvale that has taken out most of the city. Can someone from ATT Provide any kind of clue on what's going on? I'm being told by one of our partners that their entire building is without service in Sunnyvale and apparently they've talked to other businesses in the area that have fiber-based services who are also down. Regards, Shon Elliott Senior Network Engineer unWired Broadband, Inc. Office: (559) 261- x 511 Cell: (559) 917-6480
Re: Solar Flux (was: Re: China prefix hijack)
On Sun, Apr 11, 2010 at 7:07 AM, Robert E. Seastrom r...@seastrom.com wrote: We've seen great increases in CPU and memory speeds as well as disk densities since the last maximum (March 2000). Speccing ECC memory is a reasonable start, but this sort of thing has been a problem in the past (anyone remember the Sun UltraSPARC CPUs that had problems last time around?) and will no doubt bite us again. Sun's problem had an easy solution - and it's exactly the one you've mentioned - ECC. The issue with the UltraSPARC II's was that they had enough redundancy to detect a problem (Parity), but not enough to correct the problem (ECC). They also (initially) had a very abrupt handling of such errors - they would basically panic and restart. From the UltraSPARC III's they fixed this problem by sticking with Parity in the L1 cache (write-through, so if you get a parity error you can just dump the cache and re-read from memory or a higher cache), but using ECC on the L2 and higher (write-back) caches. The memory and all datapaths were already protected with ECC in everything but the low-end systems. It does raise a very interesting question though - how many systems are you running that don't use ECC _everywhere_? (CPU, memory and datapath) Unlike many years ago, today Parity memory is basically non-existent, which means if you're not using ECC then you're probably suffering relatively regular single-bit errors without knowing it. In network devices that's less of an issue as you can normally rely on higher-level protocols to detect/correct the errors, but if you're not using ECC in your servers then you're asking for (silent) trouble... Scott.
APNIC's report on traffic directed to 1.0.0.0/8
http://mailman.apnic.net/mailing-lists/apnic-talk/archive/2010/04/msg2.html (There's also a PDF version with easier to enlarge images at http://www.potaroo.net/studies/1slash8/1slash8.pdf ) Scott.
Re: what about 48 bits?
On Sun, Apr 4, 2010 at 1:51 PM, Matthew Kaufman matt...@matthew.at wrote: http://en.wikipedia.org/wiki/MAC_address The IEEE expects the MAC-48 space to be exhausted no sooner than the year 2100[3]; EUI-64s are not expected to run out in the foreseeable future. And this is what happens when you can use 100% of the bits on endpoint identity and not waste huge sections of them on the decision bits for routing topology. Having around 4 orders of magnitude more addresses probably doesn't hurt either... Although even MAC-48 addresses are wasteful in that only 1/4 of them are assignable to/by vendors, with the other 3/4 being assigned to multicast and local addresses (the MAC equivalent of RFC1918) Scott.
