Re: useful bgp example

2010-05-17 Thread Valdis . Kletnieks
On Mon, 17 May 2010 19:15:01 EDT, Deric Kwok said: My company will get 2 upstream provider. We will plan 2 routers and each router to connect one provider to use bgp for redundant. Do you have any useful bgp example and website to set it up? If your BGP clue is that low, I believe the entire

Re: Root Zone DNSSEC Deployment Technical Status Update

2010-05-20 Thread Valdis . Kletnieks
On Thu, 20 May 2010 08:33:47 PDT, itservices88 said: I am having this problem now: # dnssec-signzone -N INCREMENT mydomain.org Verifying the zone using the following algorithms: RSASHA1. Missing RSASHA1 signature for . NSEC Missing trust anchor? pgpG65C3ZegOp.pgp Description: PGP

Re: Root Zone DNSSEC Deployment Technical Status Update

2010-05-20 Thread Valdis . Kletnieks
On Thu, 20 May 2010 09:19:44 PDT, itservices88 said: Is there any specific dnssec mailing list, which might be more helpful. https://lists.dns-oarc.net/mailman/listinfo/dns-operations (Unless I've fat-fingered it and it's elsewhere?) pgp8YgFVEOAym.pgp Description: PGP signature

Re: thoughts?

2010-05-27 Thread Valdis . Kletnieks
On Thu, 27 May 2010 09:06:26 EDT, Dorn Hetzel said: Perhaps my brevity got the better of me. I should have said something like any thoughts on whether the migration of this 'news' into the 'mainstream' media will eventually result in some sort of y2k like 'panic' and will that 'panic', if it

Re: thoughts?

2010-05-27 Thread Valdis . Kletnieks
On Thu, 27 May 2010 08:46:47 PDT, George Bonser said: http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html Somebody should do something! We started deploying IPv6 in testbed mode on our production network in 1997, so we're waiting for the rest of you slackers to get caught up. :)

Re: BT strike could affect internet and phone connections

2010-05-27 Thread Valdis . Kletnieks
On Thu, 27 May 2010 10:42:37 PDT, andrew.wallace said: Look at it from an attackers point of view. If you're thinking about carrying out an electronic jihad of some kind when is the best time? A normal working day or during an engineers strike that only happens once every 23 years? A co-worker

Re: BT strike could affect internet and phone connections

2010-05-27 Thread Valdis . Kletnieks
On Thu, 27 May 2010 12:57:42 PDT, andrew.wallace said: Are you *still* using the same threat models as you were 11 years ago? No, it's just in the late 90's our threat models and protocols were already advanced to where everybody else is just getting to now. You won't be able to comprehend our

Re: Nato warns of strike against cyber attackers

2010-06-08 Thread Valdis . Kletnieks
On Tue, 08 Jun 2010 19:23:17 CDT, Jorge Amodio said: So let's say a cyber-attack originates from Chinese script kiddie. Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark, Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia, Lithuania, Luxembourg,

Re: Nato warns of strike against cyber attackers

2010-06-08 Thread Valdis . Kletnieks
On Tue, 08 Jun 2010 22:01:35 CDT, Jorge Amodio said: On the other hand think as the Internet being a vast ocean where the bad guys keep dumping garbage, you can't control or filter the currents that are constantly changing and you neither can inspect every water molecule, then what do you do

Re: Nato warns of strike against cyber attackers

2010-06-09 Thread Valdis . Kletnieks
On Wed, 09 Jun 2010 00:36:29 EDT, Patrick W. Gilmore said: But it is not -just- market share. There are a lot more Windows Mobile compromises, viruses, etc., than iOS, Symbian, and RIM. I think combined. Yet Windows Mobile has the lowest market share of the four. I'll just point out that

Re: Nato warns of strike against cyber attackers

2010-06-09 Thread Valdis . Kletnieks
On Wed, 09 Jun 2010 12:32:54 CDT, Larry Sheldon said: On 6/9/2010 12:17, Joe Greco wrote: So, just so we're clear here, I go to Best Buy, I buy a computer, I bring it home, plug it into my cablemodem, and am instantly Pwned by the non-updated Windows version on the drive plus the incessant

Re: SCO UNIX Errors

2010-06-10 Thread Valdis . Kletnieks
On Thu, 10 Jun 2010 05:39:43 EDT, N. Yaakov Ziskind said: The best place to ask this question is on usenet:comp.unix.sco.misc. This is, of course, if you can find a still-functional usenet server. ;) pgp74dWyAu0bD.pgp Description: PGP signature

Re: Nato warns of strike against cyber attackers

2010-06-10 Thread Valdis . Kletnieks
On Thu, 10 Jun 2010 12:27:18 BST, Michael Dillon said: If any organization operates an infrastructure which could be vulnerable to cyberattack that would damage the country in which they operate, that organization needs to be regulated to ensure that their networks cannot be exploited for

Re: Best Practices checklists

2010-06-10 Thread Valdis . Kletnieks
On Thu, 10 Jun 2010 17:05:35 BST, Michael Dillon said: I expect that the collected members of this list could do a good job of defining some network security practices checklists. Already done for some stuff: http://www.cisecurity.org You disagree with the content or choices, feel free to

Re: On the control of the Internet.

2010-06-13 Thread Valdis . Kletnieks
On Sun, 13 Jun 2010 00:21:49 CDT, Larry Sheldon said: For example--what happens when name-service information for a part that is not shutdown comes from a part that is? It's always been a BCP good idea to have your DNS have secondaries in another non-fate-sharing AS, even though everybody from

Re: On the control of the Internet.

2010-06-14 Thread Valdis . Kletnieks
On Mon, 14 Jun 2010 08:05:14 BST, Brandon Butterworth said: Paul Baran's rand paper was on survivable networks. The arpanet was not that network. I worry now if it will survive the people that operate it. I doubt it. When the machines rise up against us they will kill the current

Re: Literatur hint needed

2010-06-16 Thread Valdis . Kletnieks
On Wed, 16 Jun 2010 10:21:54 +0200, Matthias Flittner said: I'm searching an fundamental book about how to (inter)connect two networks. It should be about how to connect your business network in a secure and reliable way to the internet. The book should contain some theoretical basics and

Re: PCAP Sanitization Tool

2010-06-17 Thread Valdis . Kletnieks
On Thu, 17 Jun 2010 11:15:05 +1200, Sebastian Castro said: Bein, Matthew wrote: Anyone know of a good tool for sanitizing PCAP files? I would like to keep as much of the payload as possible but remove src and dst ip information. Would address anonymization work? Instead of removing

Re: PCAP Sanitization Tool

2010-06-17 Thread Valdis . Kletnieks
On Wed, 16 Jun 2010 18:37:01 PDT, Steven Bellovin said: What's your threat model? In general, proper anonymization of packet trace data is very hard. I'll go out on a limb and point out that a large chunk of the difficulty is because every protocol has had to invent its own hack-arounds for

Re: Question about Manycore processor- Tilera

2010-07-06 Thread Valdis . Kletnieks
On Tue, 06 Jul 2010 17:09:20 +0800, Adrian Chadd said: There's been plenty of multi-dimensional processor interconnects over the years. You should do some further research. :) The original poster totally failed to answer the single biggest unasked question - What problem are you trying to solve

Re: U.S. Plans Cyber Shield for Utilities, Companies

2010-07-07 Thread Valdis . Kletnieks
On Wed, 07 Jul 2010 22:02:24 EDT, Patrick Giagnocavo said: andrew.wallace wrote: Article: http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html Why does it cost $100 million to install and configure OpenBSD on a bunch of old systems? That's the first $3M.

Re: U.S. Plans Cyber Shield for Utilities, Companies

2010-07-08 Thread Valdis . Kletnieks
On Wed, 07 Jul 2010 19:16:27 -1000, Michael Painter said: I find it hard to understand that a nuclear power plant, air-traffic control network, or electrical grid would be 'linked' to the Internet in the interest of 'efficiency'. Air gap them all and let them apply for Inefficiency Relief

Re: U.S. Plans Cyber Shield for Utilities, Companies

2010-07-08 Thread Valdis . Kletnieks
On Thu, 08 Jul 2010 08:12:29 PDT, JC Dill said: valdis.kletni...@vt.edu wrote: What's the going rate these days that you have to pay to make sure your fiber gets spliced first rather than that other customer's 10GE? I'm not familiar with cable break splicing procedures, but is it even

Re: Vyatta as a BRAS

2010-07-13 Thread Valdis . Kletnieks
On Tue, 13 Jul 2010 23:31:25 +0700, Christian Chapman said: Sorry, it's software running those ASIC's and FPGA's, even at that level Sorry ..Its a clock that runs ASIC's and FPGA's And how many clockless CPU's have we seen so far? pgpZRV93nKbv1.pgp Description: PGP signature

Re: Vyatta as a BRAS

2010-07-13 Thread Valdis . Kletnieks
On Tue, 13 Jul 2010 18:11:45 -, Dobbins, Roland said: During the Code Red/Nimda period (2001), and on into the Slammer/Blaster/Nachi period (2003), all the routers I personally know of which were adversely affected were software-based, didn't make use of ASICs for forwarding. Cisco

Re: Vyatta as a BRAS

2010-07-14 Thread Valdis . Kletnieks
On Wed, 14 Jul 2010 02:18:18 -, Dobbins, Roland said: Right. And to date, such routers make use of ASICs - i.e., 'hardware-based' routers, in the vernacular. Routers which use only centralized, general-purpose processors can't handle even a fraction of 'line-rate' without tanking But as

Re: On another security note... (of sorts)

2010-07-15 Thread Valdis . Kletnieks
On Thu, 15 Jul 2010 13:46:24 EDT, J. Oquendo said: RFP anyone.. Botnet Mitigation for Networks surely collectively it would and CAN work. A nice idea, but consider if a more automated tool/system was created to behead a botnet (50,000 null0 routes to blackhole all the nodes? Or accept

Re: Vyatta as a BRAS

2010-07-16 Thread Valdis . Kletnieks
On Thu, 15 Jul 2010 20:57:15 PDT, Henry Linneweh said: Your definitions seem to be rather ATM-specific, which may be a bit of a problem in a world dominated by Ethernet... Can we get a consensus definition on these definition's and what hardware vender's make edge routers and what hardware

Re: On another security note... (of sorts)

2010-07-19 Thread Valdis . Kletnieks
On Mon, 19 Jul 2010 08:06:08 EDT, J. Oquendo said: Maybe naivete on my part, but I don't see how customers would have issues if the scenario/framework was concisely explained. It's one thing to be sitting in my office rationally discussing what my bank does to prevent credit card fraud, and

Re: While we worry about Vyatta and Bras.....

2010-07-20 Thread Valdis . Kletnieks
On Mon, 19 Jul 2010 18:36:57 EDT, Marshall Eubanks said: None of this is going to help configure any routers. Most people call a network of routers run in isolation, without any care or consideration of the outside world and its potential impact on operations, a test lab. The occasional

Re: Addressing plan exercise for our IPv6 course

2010-07-22 Thread Valdis . Kletnieks
On Fri, 23 Jul 2010 00:33:45 BST, Matthew Walster said: I never saw the point of assigning a /48 to a DSL customer. Surely the better idea would be to assign your bog standard residential DSL customer a /64 and assign them a /56 or /48 if they request it, routed to an IP of their choosing.

Re: Addressing plan exercise for our IPv6 course

2010-07-24 Thread Valdis . Kletnieks
On Sat, 24 Jul 2010 18:49:55 BST, Brandon Butterworth said: The RFC seeks to avoid a registry so we end up with the potential for many as a result. May as well have had ARIN do it officially in the first place so there'd only be one. Given our failure rate with registries of AS numbers, IP

Re: IPv4 Exhaustion...

2010-07-24 Thread Valdis . Kletnieks
On Sat, 24 Jul 2010 15:40:58 EDT, Christopher Morrow said: why wouldn't you just do the intercept before the LSN? That gets interesting too, when several tens of thousands of users may all be behind the same LSN. Making sure you intercept only the right user's traffic gets a lot more

Re: Addressing plan exercise for our IPv6 course

2010-07-25 Thread Valdis . Kletnieks
On Sat, 24 Jul 2010 22:35:07 PDT, Doug Barton said: having none of that. (For bonus points, explain how the RIRs continue to exist if everyone can have all of the guaranteed-globally-unique IPv6 space they wanted for free.) The same way that companies are making money selling people credit

Re: Addressing plan exercise for our IPv6 course

2010-07-25 Thread Valdis . Kletnieks
On Sun, 25 Jul 2010 11:40:19 +0300, Saku Ytti said: On (2010-07-25 17:32 +1000), Karl Auer wrote: The risk of a ULA prefix conflict is for *all practical purposes* zero. http://www.wolframalpha.com/input/?i=1-((2^40)!)%2F((2^40)^100+((2^40)-100)!)+ It wouldn't puke nice

Re: Appliance Vs Software based routers

2010-07-25 Thread Valdis . Kletnieks
On Sun, 25 Jul 2010 10:20:43 +0300, Tarig Yassin said: I'm wondering why the software based router is not preferable in business Sorry, but you've gone wrong already. You can't ask why something is true until you first establish that the something is in fact true. There are *plenty* of

Re: Web expert on his 'catastrophe' key for the internet

2010-07-27 Thread Valdis . Kletnieks
On Tue, 27 Jul 2010 16:43:21 PDT, andrew.wallace said: A British computer expert has been entrusted with part of a digital key, to help restart the internet in the event of a major catastrophe. You *do* realize this news is like two months old, right?

Re: Web expert on his 'catastrophe' key for the internet

2010-07-27 Thread Valdis . Kletnieks
On Tue, 27 Jul 2010 20:37:57 CDT, Joe Greco said: Aren't there still some satellite pager providers out there? :-) Works fine till solar flare season. :) pgpInyHorwObH.pgp Description: PGP signature

Re: Web expert on his 'catastrophe' key for the internet

2010-07-28 Thread Valdis . Kletnieks
On Wed, 28 Jul 2010 09:24:57 PDT, andrew.wallace said: What I think is, this is leaving them wide open to attack. If an attack was state-sponsored, its likely they would be able to stop those selected people reaching the location in the United States by way of operational officers

Re: Web expert on his 'catastrophe' key for the internet

2010-07-28 Thread Valdis . Kletnieks
On Wed, 28 Jul 2010 14:20:51 CDT, Jorge Amodio said: Also, these famous guys selected as part of the TCR group where the number is not actually seven, don't even have enough material to sign anything by themselves. Of course not. The only real requirement is that the TCR group hold enough

Re: Web expert on his 'catastrophe' key for the internet

2010-07-29 Thread Valdis . Kletnieks
On Thu, 29 Jul 2010 20:19:45 CDT, Jorge Amodio said: I suggest that it should be seriously considered to revoke the role of RKSH from the person that used that role to obtain publicity and self promotion, and request the immediate return of all cryptographic material. This is not something to

Re: 33-Bit Addressing via ONE bit or TWO bits ? does NANOG care?

2010-07-29 Thread Valdis . Kletnieks
On Thu, 29 Jul 2010 23:45:03 EDT, Atticus said: What world do live in? Yes, we extend the life of IPv4 by increasing the numeric range. As for only needing port 80, I'm not really sure where you've been for the last decade or so. I hate to say this, but all of you who are actually thinking

Re: 33-Bit Addressing via ONE bit or TWO bits ? does NANOG care?

2010-07-29 Thread Valdis . Kletnieks
On Fri, 30 Jul 2010 00:14:46 EDT, Atticus said: technology, and an inferior one at that. With IPSec compliance integrated into the protocol itself, and the hundreds of other benefits, why try to morph an old technology? You *do* realize that IPv6 IPSec is the *exact same stuff* that's in

Re: Addressing plan exercise for our IPv6 course

2010-07-30 Thread Valdis . Kletnieks
On Fri, 30 Jul 2010 11:11:04 BST, Matthew Walster said: Seriously, this is getting silly. I'm not even going to respond any more - if you genuinely think users care about network management, you're wrong. They treat it as a black box, and that isn't going to change for a long, long, long time.

Re: Monitoring tools for IPv6 tools

2010-07-31 Thread Valdis . Kletnieks
On Sat, 31 Jul 2010 10:04:16 +0800, Diogo Montagner said: This was the best compilation that I found before. Unfortunately, this presentation is a little bit old (2006). I am supposing that most of commercial tools have improved your IPv6 support. Dunno. Were the customers pressuring the

Re: Question of privacy with reassigned resources

2010-08-05 Thread Valdis . Kletnieks
On Thu, 05 Aug 2010 08:04:47 EDT, William Herrin said: If you feel that way, I suggest you take the issue up on the ARIN public policy mailing list. Solicit public consensus for a change in handling for SWIPs for apartment complexes as ISP resellers. Absent such a change, redacting identity

Re: Question of privacy with reassigned resources

2010-08-05 Thread Valdis . Kletnieks
On Thu, 05 Aug 2010 08:58:48 EDT, William Herrin said: It takes some creative reading to think I claimed using an alternate but still correct address (e.g. supplied by mailboxes etc.) constituted fraud. Alternate != redacted. Right. The point is that by the same what is the personal gain

Re: Question of privacy with reassigned resources

2010-08-05 Thread Valdis . Kletnieks
On Thu, 05 Aug 2010 12:05:18 EDT, William Herrin said: You've deprived everyone else of the use of that block of IP addresses in violation with your contract with ARIN which requires disclosure. Then, based on the claim that block is in use and properly registered, you've acquired additional

Re: off-topic: historical query concerning the Internet bubble

2010-08-09 Thread Valdis . Kletnieks
On Mon, 09 Aug 2010 08:01:12 PDT, Frank A. Coluccio said: re: Capacity as measured by OC12-miles, doubles every four months... Now that's a fascinating form of metric in itself. Distance * bit-rate equals capacity? What happened to the 'traffic' component? It's a measure of *capacity*,

Re: Google wants your Internet to be faster

2010-08-09 Thread Valdis . Kletnieks
On Mon, 09 Aug 2010 15:29:46 EDT, Joly MacFie said: Nor ensure 'lawful' content Do you *really* want to go there? pgpbq3m3xycH4.pgp Description: PGP signature

Re: Google wants your Internet to be faster

2010-08-10 Thread Valdis . Kletnieks
On Tue, 10 Aug 2010 14:42:43 PDT, Joseph Jackson said: The way I understand it is if you aren't paying for preferred service then your VPN traffic would be at the bottom of the stack on forwarding. So while it gets around GeoIP stuff vpns would be subject to the same quality of service

Re: Pacific Northwest downtime?

2010-08-13 Thread Valdis . Kletnieks
On Thu, 12 Aug 2010 23:52:06 PDT, Jeff Walter said: Just got confirmation from GBLX... Router seized. Perhaps some WD-40 is in order? No caffeine yet. Did you mean router froze up, or router taken into possession by creditors and/or law enforcement officials? ;) pgpYOKNVcQp1i.pgp

Re: Lightly used IP addresses

2010-08-13 Thread Valdis . Kletnieks
On Fri, 13 Aug 2010 15:24:45 EDT, Ken Chase said: I'm indicating (the probably obvious) that these pressures will certainly increase over time, and as one other member pointed out, the sticks may become neccessary - and the community will have to become more 'constitutionally ethical' in

Re: Lightly used IP addresses

2010-08-14 Thread Valdis . Kletnieks
On Sat, 14 Aug 2010 17:03:59 MDT, Chris Grundemann said: First, in this thread we are not talking about folks who have not paid ARIN their dues, we are talking about folks who sell addresses despite not being authorized to do so by ARIN - aka abuse/fraud. Psst.. Hey.. buddy. Over here... wanna

Re: BCP38 exceptions for RFC1918 space

2010-08-15 Thread Valdis . Kletnieks
On Sun, 15 Aug 2010 18:14:41 +0200, Florian Weimer said: What's the current consensus on exempting private network space from source address validation? Is it recommended? Discouraged? What you do on your internal networks and internal transit is your business. BCP38 talks about where you

Re: Lightly used IP addresses

2010-08-15 Thread Valdis . Kletnieks
On Sun, 15 Aug 2010 11:44:18 EDT, Owen DeLong said: You and Randy operate from the assumption that these less certain rights somehow exist at all. I believe them to be fictitious in nature and contrary to the intent of number stewardship all the way back to Postel's original notebook. Postel

Re: Numbering nameservers and resolvers

2010-08-16 Thread Valdis . Kletnieks
On Sun, 15 Aug 2010 23:49:05 PDT, Mike said: I am needing to renumber some core infrastructure - namely, my nameservers and my resolvers - and I was wondering if the collective wisdom still says heck yes keep this stuff all on seperate subnets away from eachother? Anyone got advice either

Re: BCP38 exceptions for RFC1918 space

2010-08-16 Thread Valdis . Kletnieks
On Sun, 15 Aug 2010 19:02:50 +0200, Florian Weimer said: * Valdis Kletnieks: On Sun, 15 Aug 2010 18:46:49 +0200, Florian Weimer said: And that connection that's trying to use PMTU got established across the commodity internet, how, exactly? ;) ICMP fragmentation needed, but DF

Re: BCP38 exceptions for RFC1918 space

2010-08-16 Thread Valdis . Kletnieks
On Mon, 16 Aug 2010 06:50:00 CDT, Joe Greco said: What *possible* use case would require a 1918-sourced packet to be traversing the public internet? We're all waiting with bated breath to hear this one. ;) It's great for showing in traceroutes who the heel is. Like I said, at that

Re: Lightly used IP addresses

2010-08-16 Thread Valdis . Kletnieks
On Mon, 16 Aug 2010 09:57:51 EDT, Joe Maimon said: Kind of interesting to consider how a successful implementation of RPKI might change the rules of this game we all play in. I tried talking about that at ARIN in Toronto, not certain I was clear enough. I'm not at all convinced this would

Re: Should routers send redirects by default?

2010-08-20 Thread Valdis . Kletnieks
On Fri, 20 Aug 2010 16:08:19 CDT, Butch Evans said: Maybe I'm missing something. Can you point me to something that will help my understand WHY an ICMP redirect is such a huge security concern? For most of the networks that I manage (or help to manage), I can see no reason why this would be

Re: Should routers send redirects by default?

2010-08-20 Thread Valdis . Kletnieks
On Fri, 20 Aug 2010 18:16:35 EDT, Brandon Ross said: How does turning off ICMP redirects on the router prevent a rouge PC from sending ICMP redirects to it's neighbors? If I know for a fact that the network is designed such that I will never ever receive a valid ICMP redirect because there is

Re: Calculating Cost

2010-08-22 Thread Valdis . Kletnieks
On Sun, 22 Aug 2010 18:29:52 +0200, Kasper Adel said: How would you calculate the cost of a network outage, specifically if its related to a software bug or a misconfiguration. Just your actual costs, or your costs plus refunds due on SLAs, or your costs plus refunds after SLAs once you finish

Re: Other NOGs around the world?

2010-08-22 Thread Valdis . Kletnieks
On Mon, 23 Aug 2010 05:51:53 +1000, Matthew Palmer said: We have been leading up to a Federal election, with two big tech issues involved - a new national broadband network and Internet censorship. These two topics have rather dominated discussions of late. Politics on an operational

Re: PacketShader

2010-08-23 Thread Valdis . Kletnieks
On Sun, 22 Aug 2010 22:23:19 -1000, Michael Painter said: Researchers in South Korea have built a networking router that transmits data at record speeds from components found in most high-end desktop computers http://www.technologyreview.com/communications/26096/?nlid=3423 Two great quotes

Re: Looking for suggestions for an internet content filteringappliance

2010-08-23 Thread Valdis . Kletnieks
On Mon, 23 Aug 2010 19:46:59 -, khatfi...@socllc.net said: This would give you some advantages: 1) Content caching - increasing speeds for users while decreasing your overall bandwidth utilization. Does anybody have any real-world stats on what size local Squid/whatever cache they're

Re: sort by agony

2010-08-27 Thread Valdis . Kletnieks
On Fri, 27 Aug 2010 00:25:43 PDT, Michael J McCafferty said: 2) Tijuana to Guadalajara for an 8hr layover, then to Atlanta for a 1.5hr layover to New York LGA. I once got booked Roanoke-Pittsburgh-Chicago-St Louis-Columbia MO. All layovers *short* enough to induce run through the airport panic

Re: sort by agony

2010-08-27 Thread Valdis . Kletnieks
On Fri, 27 Aug 2010 10:32:17 EDT, Marshall Eubanks said: A _really_ intelligent airline scheduling system would (IMHO) be able to offer you options like there is a direct flight Pittsburgh - Kansas City, and from there it is a 2 hour drive to Columbia, so that will save you 5 hours travel

Re: Did your BGP crash today?

2010-08-27 Thread Valdis . Kletnieks
On Fri, 27 Aug 2010 19:27:06 +0200, Kasper Adel said: Havent seen a thread on this one so thought i'd start one. Ripe tested a new attribute that crashed the internet, is that true? If it in fact crashed the internet, as opposed to gave a few buggy routers here and there indigestion, you

Re: Did your BGP crash today?

2010-08-27 Thread Valdis . Kletnieks
On Fri, 27 Aug 2010 13:43:39 PDT, Clay Fiske said: If -everyone- dropped the session on a bad attribute, it likely wouldn't make it far enough into the wild to cause these problems in the first place. That works fine for malformed attributes. It blows chunks for legally formed but unknown

Re: Comcast enables 6to4 relays

2010-08-31 Thread Valdis . Kletnieks
On Tue, 31 Aug 2010 12:02:56 CDT, Jack Bates said: 6to4 doesn't suffer the same issues. Primarily because RFC1918 addressing can't be used in 6to4. This means that at a minimum, the router has to participate or the host behind it must be manually configured with a 6to4 address (for the

Re: largest OSPF core

2010-09-02 Thread Valdis . Kletnieks
On Thu, 02 Sep 2010 14:12:38 EDT, Deepak Jain said: Dual routing is intended to be more of a long-term solution because there will be very few pure OSI or TCP/IP routing environments in the future. Well, they were half-right. ;) pgpjIdWlsKA38.pgp Description: PGP signature

Re: just seen my first IPv6 network abuse scan, is this the startfor more?

2010-09-07 Thread Valdis . Kletnieks
On Tue, 07 Sep 2010 09:03:12 EDT, Jamie Bowden said: Now, on to the topic at hand. Why would you scan the address space in the first place? Wouldn't it be easier to compromise a known host and look at the ARP table? Or better yet, the router on the edge? If it's moving packets, something

Re: yahoo crawlers hammering us

2010-09-08 Thread Valdis . Kletnieks
On Wed, 08 Sep 2010 02:21:31 PDT, Bruce Williams said: I *am* curious--what makes it any worse for a search engine like Google to fetch the file than any other random user on the Internet Possibly because that other user is who the customer pays have their content delivered to? Seems to

Re: Did Internet Founders Actually Anticipate Paid, Prioritized Traffic?

2010-09-14 Thread Valdis . Kletnieks
On Tue, 14 Sep 2010 11:47:38 EDT, Dave Sparro said: Would you object to an ISP model where a content provider could pay to get an ISP subscriber's package upgraded on a dynamic basis? It would look something like my Road Runner PowerBoost(tm) service, only it never cuts off when the

Re: Did Internet Founders Actually Anticipate Paid, Prioritized

2010-09-17 Thread Valdis . Kletnieks
On Fri, 17 Sep 2010 09:13:48 CDT, Joe Greco said: Rather than allowing service providers to pick and choose who subscribers can communicate with, we're much more likely to see regulation intervene to enforce reasonable rules. We are indeed likely to see regulation intervene to enforce rules.

Re: Routers in Data Centers

2010-09-24 Thread Valdis . Kletnieks
On Fri, 24 Sep 2010 15:52:22 +0530, Venkatesh Sriram said: Can somebody educate me on (or pass some pointers) what differentiates a router operating and optimized for data centers versus, say a router work in the metro ethernet space? What is it thats required for routers operating in data

Re: Online games stealing your bandwidth

2010-09-25 Thread Valdis . Kletnieks
On Sat, 25 Sep 2010 21:43:25 BST, Matthew Walster said: Was anything ever standardised in that field? I imagine with much of P2P traffic being (how shall I put this...) less than legal, it's of questionable legality and the ISPs would not want to be held liable for the content cached there?

Re: Online games stealing your bandwidth

2010-09-26 Thread Valdis . Kletnieks
On Sat, 25 Sep 2010 17:41:16 CDT, Robert Bonomi said: On Sun, 26 Sep 2010 00:01:38 , Jeroen Massar said: So it that is true, if you define news server as a cache, even though you have to buy several terabytes, make that several petabytes, to be able to cache this data one along with all the

Re: Randy in Nevis

2010-09-27 Thread Valdis . Kletnieks
On Mon, 27 Sep 2010 09:30:06 PDT, Lyndon Nerenberg said: I've heard from a couple of people that the PIX will remap 587 (and 25) to oddball ports if you fiddle the config just right. Given all the other bogosity that box does with SMTP I wonder if there's truth to the rumour. (I haven't

Re: Online games stealing your bandwidth

2010-09-27 Thread Valdis . Kletnieks
On Mon, 27 Sep 2010 17:44:37 BST, Leigh Porter said: We had a great P2P cache from Cache Appliance. Did anybody else try them? Can you say anything about what size cache it was, and what amount of bandwidth savings it produced? pgpHbKjlAd43Z.pgp Description: PGP signature

Re: Online games stealing your bandwidth

2010-09-27 Thread Valdis . Kletnieks
On Mon, 27 Sep 2010 19:27:28 BST, Brandon Butterworth said: I fail to see the point. If an ISP needs to add caches they may as well just add a simple, cheaper, standard, http cache. It's a bang-per-buck issue, and depends highly on whether your particular network sees more HTTP or P2P traffic.

Re: Randy in Nevis

2010-09-29 Thread Valdis . Kletnieks
On Wed, 29 Sep 2010 14:13:51 +0200, =?utf-8?Q?Bj=C3=B8rn_Mork?= said: John Peach john-na...@johnpeach.com writes: It is on all Linux distros: ssmtp 465/tcp smtps # SMTP over SSL So file bug reports. bug-repo...@iana.org seems to bounce. pgpKVhunwIKfg.pgp

Re: A New TransAtlantic Cable System

2010-10-01 Thread Valdis . Kletnieks
On Fri, 01 Oct 2010 15:01:25 BST, Heath Jones said: http://finance.yahoo.com/news/Hibernia-Atlantic-to-bw-3184701710.html?x=0.v=1 Sales spam - but still - very close to minimum possible latency! 3471 miles @ 186,282 miles/s * 1.5 in glass * 2 round trip = 55.9ms. My first thought is that

Re: do you use SPF TXT RRs? (RFC4408)

2010-10-04 Thread Valdis . Kletnieks
On Mon, 04 Oct 2010 13:30:55 PDT, Owen DeLong said: Removing a few points probably isn't a bad idea so long as you have a list of domains for which points should be added. 140 million .coms. Throw-away domains. I do believe that Marcus Ranum had trying to enumerate badness on his list of Six

Re: do you use SPF TXT RRs? (RFC4408)

2010-10-04 Thread Valdis . Kletnieks
On Mon, 04 Oct 2010 17:05:12 EDT, Suresh Ramasubramanian said: dig throwaway1.com NS dig throwaway2.com NS etc etc ... and then check_sender_ns_access in postfix, for example. Yes, that *is* better than whack-a-mole on the same DNS server, but... The NANOG lurker in the next cubicle used to

Re: Facebook down!! Alert!

2010-10-06 Thread Valdis . Kletnieks
On Wed, 06 Oct 2010 16:39:03 EDT, Andrew Kirch said: No, the majority does not define what operational means. Facebook is not a mission critical internet resource (such as a fiber cut, power loss at a peering point, DoS attack. Yes, but anytime something spikes the number of calls at my

Re: New hijacking - Done via via good old-fashioned Identity Theft

2010-10-07 Thread Valdis . Kletnieks
On Thu, 07 Oct 2010 12:10:37 -, Sven Olaf Kamphuis said: If what you're asking under point c is what happens if a system that contains such a password for your email address gets compromised the answer is simple, you remove that specific password from your approved passwords list 140

Re: New hijacking - Done via via good old-fashioned Identity Theft

2010-10-07 Thread Valdis . Kletnieks
On Thu, 07 Oct 2010 14:16:00 -, Sven Olaf Kamphuis said: you just give contacts for the passwords with which you have received a new one. each potential person that can send email to your email address, gets a unique password from you. You missed the point. How does

Re: Network Operators Unite Against SORBS

2010-10-12 Thread Valdis . Kletnieks
On Tue, 12 Oct 2010 05:35:11 PDT, iHate SORBS said: I am calling on all Network Operators to stand up and stop routing dnsbl.sorbs.net until that time they can commit to making real changes. You *do* realize your beef isn't with SORBS, it's with the mail operators that are using that as part

Re: Only 5x IPv4 /8 remaining at IANA

2010-10-18 Thread Valdis . Kletnieks
On Mon, 18 Oct 2010 14:41:36 +0200, Jens Link said: Jeroen Massar jer...@unfix.org writes: So, if your company is not doing IPv6 yet, you really are really getting late now. They won't listen. Consider it evolution in action. :) pgpBYy5yKbRFN.pgp Description: PGP signature

Re: Only 5x IPv4 /8 remaining at IANA

2010-10-18 Thread Valdis . Kletnieks
On Mon, 18 Oct 2010 10:52:18 PDT, George Bonser said: From: Owen DeLong [mailto:o...@delong.com] The good news is that stateful inspection doesn't go away in IPv6. It works just fine. All that goes away is the header mangling. Exactly true but there are people out there who experience it

Re: Only 5x IPv4 /8 remaining at IANA

2010-10-19 Thread Valdis . Kletnieks
On Tue, 19 Oct 2010 13:49:10 +0200, Jens Link said: valdis.kletni...@vt.edu writes: Those people are next on my hit list, after we've finally eliminated those who still talk about class A/B/C addresses. :) You are going to kill about 90% of all net-/sysadmins? Do you *really* want

Re: Topic: Inter-AS BGP Local Preference Matrix

2010-10-31 Thread Valdis . Kletnieks
On Fri, 29 Oct 2010 09:55:06 PDT, Rettke, Brian said: It's obviously something that each of us would need to do individually, but I'm wondering if there is any way this could become a de facto standard, or could be a method that the community at large could enforce somehow. Alice's

Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)

2010-10-31 Thread Valdis . Kletnieks
On Thu, 21 Oct 2010 19:21:41 PDT, George Bonser said: With v6, while changing prefixes is easy for some gear, other gear is not so easy. If you number your entire network in Provider A's space, you might have more trouble renumbering into Provider B's space because now you have to change

Re: IPv6 rDNS

2010-11-03 Thread Valdis . Kletnieks
On Tue, 02 Nov 2010 18:21:14 -, Sven Olaf Kamphuis said: getting rid of bind has various other advantages, such as no longer needing tcp to transfer zone files (Retarded concept to say the least) so there are no more tcp issues related to anycasting your authorative dns servers, as you

Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 - Unique local addresses)

2010-11-03 Thread Valdis . Kletnieks
On Wed, 03 Nov 2010 17:01:32 PDT, Owen DeLong said: On Nov 3, 2010, at 3:43 PM, Mark Andrews wrote: Actually PI is WORSE if you can't get it routed as it requires NAT or it requires MANUAL configuration of the address selection rules to be used with PA. It's very easy to get PIv6 routed

Re: RINA - scott whaps at the nanog hornets nest :-)

2010-11-08 Thread Valdis . Kletnieks
On Mon, 08 Nov 2010 19:36:49 +0100, Mans Nilsson said: Given this empirical data, clearly pointing to the fact that It Does Not Matter, I think we can stop this nonsense now. That's right up there with the sites that blackhole their abuse@ address, and then claim they never actually see any

Re: Current trends in capacity planning and oversubscription

2010-11-10 Thread Valdis . Kletnieks
On Wed, 10 Nov 2010 07:42:32 EST, ML said: - An external Internet connection to the Internet Service Provider of at least 100 Mbps per 1,000 students/staff 30K students here, 2x10GE to the outside world. - Internal wide area network connections from the district to each school and

Re: AS path question.

2010-11-10 Thread Valdis . Kletnieks
On Wed, 10 Nov 2010 15:31:25 EST, Jared Mauch said: The best question is: Do you know what prefix you just lost reachability to, or do you just point default as a last resort anyways, so don't know. One has to wonder how many places are using the prepend-me-harder commands to do traffic

  1   2   3   4   5   6   7   8   9   10   >