On Mon, 17 May 2010 19:15:01 EDT, Deric Kwok said:
My company will get 2 upstream provider. We will plan 2 routers and
each router to connect one provider to use bgp for redundant.
Do you have any useful bgp example and website to set it up?
If your BGP clue is that low, I believe the entire
On Thu, 20 May 2010 08:33:47 PDT, itservices88 said:
I am having this problem now:
# dnssec-signzone -N INCREMENT mydomain.org
Verifying the zone using the following algorithms: RSASHA1.
Missing RSASHA1 signature for . NSEC
Missing trust anchor?
pgpG65C3ZegOp.pgp
Description: PGP
On Thu, 20 May 2010 09:19:44 PDT, itservices88 said:
Is there any specific dnssec mailing list, which might be more helpful.
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
(Unless I've fat-fingered it and it's elsewhere?)
pgp8YgFVEOAym.pgp
Description: PGP signature
On Thu, 27 May 2010 09:06:26 EDT, Dorn Hetzel said:
Perhaps my brevity got the better of me. I should have said something like
any thoughts on whether the migration of this 'news' into the 'mainstream'
media will eventually result in some sort of y2k like 'panic' and will that
'panic', if it
On Thu, 27 May 2010 08:46:47 PDT, George Bonser said:
http://www.cnn.com/2010/TECH/05/27/internet.crunch.2012/index.html
Somebody should do something!
We started deploying IPv6 in testbed mode on our production network in 1997,
so we're waiting for the rest of you slackers to get caught up. :)
On Thu, 27 May 2010 10:42:37 PDT, andrew.wallace said:
Look at it from an attackers point of view. If you're thinking about carrying
out an electronic jihad of some kind when is the best time? A normal working
day or during an engineers strike that only happens once every 23 years?
A co-worker
On Thu, 27 May 2010 12:57:42 PDT, andrew.wallace said:
Are you *still* using the same threat models as you were 11 years ago?
No, it's just in the late 90's our threat models and protocols were already
advanced to where everybody else is just getting to now. You won't be able
to comprehend our
On Tue, 08 Jun 2010 19:23:17 CDT, Jorge Amodio said:
So let's say a cyber-attack originates from Chinese script kiddie.
Albania, Belgium, Bulgaria, Canada, Croatia, Czech Republic, Denmark,
Estonia, France, Germany, Greece, Hungary, Iceland, Italy, Latvia,
Lithuania, Luxembourg,
On Tue, 08 Jun 2010 22:01:35 CDT, Jorge Amodio said:
On the other hand think as the Internet being a vast ocean where the
bad guys keep dumping garbage, you can't control or filter the
currents that are constantly changing and you neither can inspect
every water molecule, then what do you do
On Wed, 09 Jun 2010 00:36:29 EDT, Patrick W. Gilmore said:
But it is not -just- market share. There are a lot more Windows Mobile
compromises, viruses, etc., than iOS, Symbian, and RIM. I think
combined. Yet Windows Mobile has the lowest market share of the four.
I'll just point out that
On Wed, 09 Jun 2010 12:32:54 CDT, Larry Sheldon said:
On 6/9/2010 12:17, Joe Greco wrote:
So, just so we're clear here, I go to Best Buy, I buy a computer, I
bring it home, plug it into my cablemodem, and am instantly Pwned by
the non-updated Windows version on the drive plus the incessant
On Thu, 10 Jun 2010 05:39:43 EDT, N. Yaakov Ziskind said:
The best place to ask this question is on usenet:comp.unix.sco.misc.
This is, of course, if you can find a still-functional usenet server. ;)
pgp74dWyAu0bD.pgp
Description: PGP signature
On Thu, 10 Jun 2010 12:27:18 BST, Michael Dillon said:
If any organization operates an infrastructure which could be
vulnerable to cyberattack that would damage the country in which they
operate, that organization needs to be regulated to ensure that their
networks cannot be exploited for
On Thu, 10 Jun 2010 17:05:35 BST, Michael Dillon said:
I expect that the collected members of this list could do a good job
of defining some network security practices checklists.
Already done for some stuff: http://www.cisecurity.org
You disagree with the content or choices, feel free to
On Sun, 13 Jun 2010 00:21:49 CDT, Larry Sheldon said:
For example--what happens when name-service information for a part that
is not shutdown comes from a part that is?
It's always been a BCP good idea to have your DNS have secondaries in another
non-fate-sharing AS, even though everybody from
On Mon, 14 Jun 2010 08:05:14 BST, Brandon Butterworth said:
Paul Baran's rand paper was on survivable networks. The arpanet was not
that network.
I worry now if it will survive the people that operate it.
I doubt it. When the machines rise up against us they will
kill the current
On Wed, 16 Jun 2010 10:21:54 +0200, Matthias Flittner said:
I'm searching an fundamental book about how to (inter)connect two
networks. It should be about how to connect your business network in a
secure and reliable way to the internet. The book should contain some
theoretical basics and
On Thu, 17 Jun 2010 11:15:05 +1200, Sebastian Castro said:
Bein, Matthew wrote:
Anyone know of a good tool for sanitizing PCAP files? I would like to
keep as much of the payload as possible but remove src and dst ip
information.
Would address anonymization work? Instead of removing
On Wed, 16 Jun 2010 18:37:01 PDT, Steven Bellovin said:
What's your threat model? In general, proper anonymization of packet
trace data is very hard.
I'll go out on a limb and point out that a large chunk of the difficulty is
because every protocol has had to invent its own hack-arounds for
On Tue, 06 Jul 2010 17:09:20 +0800, Adrian Chadd said:
There's been plenty of multi-dimensional processor interconnects over the
years. You should do some further research. :)
The original poster totally failed to answer the single biggest unasked
question - What problem are you trying to solve
On Wed, 07 Jul 2010 22:02:24 EDT, Patrick Giagnocavo said:
andrew.wallace wrote:
Article:
http://online.wsj.com/article/SB10001424052748704545004575352983850463108.html
Why does it cost $100 million to install and configure OpenBSD on a
bunch of old systems?
That's the first $3M.
On Wed, 07 Jul 2010 19:16:27 -1000, Michael Painter said:
I find it hard to understand that a nuclear power plant, air-traffic control
network, or electrical grid would be 'linked' to the Internet in the interest
of 'efficiency'. Air gap them all and let them apply for Inefficiency
Relief
On Thu, 08 Jul 2010 08:12:29 PDT, JC Dill said:
valdis.kletni...@vt.edu wrote:
What's the going rate these days that you have to pay to make sure your
fiber
gets spliced first rather than that other customer's 10GE?
I'm not familiar with cable break splicing procedures, but is it even
On Tue, 13 Jul 2010 23:31:25 +0700, Christian Chapman said:
Sorry, it's software running those ASIC's and FPGA's, even at that level
Sorry ..Its a clock that runs ASIC's and FPGA's
And how many clockless CPU's have we seen so far?
pgpZRV93nKbv1.pgp
Description: PGP signature
On Tue, 13 Jul 2010 18:11:45 -, Dobbins, Roland said:
During the Code Red/Nimda period (2001), and on into the Slammer/Blaster/Nachi
period (2003), all the routers I personally know of which were adversely
affected were software-based, didn't make use of ASICs for forwarding.
Cisco
On Wed, 14 Jul 2010 02:18:18 -, Dobbins, Roland said:
Right. And to date, such routers make use of ASICs - i.e., 'hardware-based'
routers, in the vernacular.
Routers which use only centralized, general-purpose processors can't handle
even a fraction of 'line-rate' without tanking
But as
On Thu, 15 Jul 2010 13:46:24 EDT, J. Oquendo said:
RFP anyone.. Botnet Mitigation for Networks surely collectively it would
and CAN work.
A nice idea, but consider if a more automated tool/system was created to
behead a botnet (50,000 null0 routes to blackhole all the nodes? Or accept
On Thu, 15 Jul 2010 20:57:15 PDT, Henry Linneweh said:
Your definitions seem to be rather ATM-specific, which may be a bit of a
problem in a world dominated by Ethernet...
Can we get a consensus definition on these definition's and what hardware
vender's make edge routers and what hardware
On Mon, 19 Jul 2010 08:06:08 EDT, J. Oquendo said:
Maybe naivete on my part, but I don't see how customers would have
issues if the scenario/framework was concisely explained.
It's one thing to be sitting in my office rationally discussing what my bank
does to prevent credit card fraud, and
On Mon, 19 Jul 2010 18:36:57 EDT, Marshall Eubanks said:
None of this is going to help configure any routers.
Most people call a network of routers run in isolation, without any care or
consideration of the outside world and its potential impact on operations, a
test lab. The occasional
On Fri, 23 Jul 2010 00:33:45 BST, Matthew Walster said:
I never saw the point of assigning a /48 to a DSL customer. Surely the
better idea would be to assign your bog standard residential DSL
customer a /64 and assign them a /56 or /48 if they request it, routed
to an IP of their choosing.
On Sat, 24 Jul 2010 18:49:55 BST, Brandon Butterworth said:
The RFC seeks to avoid a registry so we end up with the potential for
many as a result. May as well have had ARIN do it officially in the
first place so there'd only be one.
Given our failure rate with registries of AS numbers, IP
On Sat, 24 Jul 2010 15:40:58 EDT, Christopher Morrow said:
why wouldn't you just do the intercept before the LSN?
That gets interesting too, when several tens of thousands of users may all be
behind the same LSN. Making sure you intercept only the right user's traffic
gets a lot more
On Sat, 24 Jul 2010 22:35:07 PDT, Doug Barton said:
having none of that. (For bonus points, explain how the RIRs continue to
exist if everyone can have all of the guaranteed-globally-unique IPv6
space they wanted for free.)
The same way that companies are making money selling people credit
On Sun, 25 Jul 2010 11:40:19 +0300, Saku Ytti said:
On (2010-07-25 17:32 +1000), Karl Auer wrote:
The risk of a ULA prefix conflict is for *all practical purposes* zero.
http://www.wolframalpha.com/input/?i=1-((2^40)!)%2F((2^40)^100+((2^40)-100)!)+
It wouldn't puke nice
On Sun, 25 Jul 2010 10:20:43 +0300, Tarig Yassin said:
I'm wondering why the software based router is not preferable in business
Sorry, but you've gone wrong already. You can't ask why something is true
until you first establish that the something is in fact true. There are
*plenty* of
On Tue, 27 Jul 2010 16:43:21 PDT, andrew.wallace said:
A British computer expert has been entrusted with part of a digital key, to
help
restart the internet in the event of a major catastrophe.
You *do* realize this news is like two months old, right?
On Wed, 28 Jul 2010 09:24:57 PDT, andrew.wallace said:
What I think is, this is leaving them wide open to attack. If an attack was
state-sponsored, its likely they would be able to stop those selected people
reaching the location in the United States by way of operational officers
On Wed, 28 Jul 2010 14:20:51 CDT, Jorge Amodio said:
Also, these famous guys selected as part of the TCR group where the
number is not actually seven, don't even have enough material to sign
anything by themselves.
Of course not. The only real requirement is that the TCR group hold enough
On Thu, 29 Jul 2010 20:19:45 CDT, Jorge Amodio said:
I suggest that it should be seriously considered to revoke the role of
RKSH from the person that used that role to obtain publicity and self
promotion, and request the immediate return of all cryptographic
material. This is not something to
On Thu, 29 Jul 2010 23:45:03 EDT, Atticus said:
What world do live in? Yes, we extend the life of IPv4 by increasing the
numeric range. As for only needing port 80, I'm not really sure where
you've been for the last decade or so.
I hate to say this, but all of you who are actually thinking
On Fri, 30 Jul 2010 00:14:46 EDT, Atticus said:
technology, and an inferior one at that. With IPSec compliance integrated
into the protocol itself, and the hundreds of other benefits, why try to
morph an old technology?
You *do* realize that IPv6 IPSec is the *exact same stuff* that's in
On Fri, 30 Jul 2010 11:11:04 BST, Matthew Walster said:
Seriously, this is getting silly. I'm not even going to respond any
more - if you genuinely think users care about network management,
you're wrong. They treat it as a black box, and that isn't going to
change for a long, long, long time.
On Sat, 31 Jul 2010 10:04:16 +0800, Diogo Montagner said:
This was the best compilation that I found before. Unfortunately, this
presentation is a little bit old (2006). I am supposing that most of
commercial tools have improved your IPv6 support.
Dunno. Were the customers pressuring the
On Thu, 05 Aug 2010 08:04:47 EDT, William Herrin said:
If you feel that way, I suggest you take the issue up on the ARIN
public policy mailing list. Solicit public consensus for a change in
handling for SWIPs for apartment complexes as ISP resellers. Absent
such a change, redacting identity
On Thu, 05 Aug 2010 08:58:48 EDT, William Herrin said:
It takes some creative reading to think I claimed using an alternate
but still correct address (e.g. supplied by mailboxes etc.)
constituted fraud. Alternate != redacted.
Right. The point is that by the same what is the personal gain
On Thu, 05 Aug 2010 12:05:18 EDT, William Herrin said:
You've deprived everyone else of the use of that block of IP addresses
in violation with your contract with ARIN which requires disclosure.
Then, based on the claim that block is in use and properly registered,
you've acquired additional
On Mon, 09 Aug 2010 08:01:12 PDT, Frank A. Coluccio said:
re:
Capacity as measured by OC12-miles,
doubles every four months...
Now that's a fascinating form of metric in itself.
Distance * bit-rate equals capacity? What happened
to the 'traffic' component?
It's a measure of *capacity*,
On Mon, 09 Aug 2010 15:29:46 EDT, Joly MacFie said:
Nor ensure 'lawful' content
Do you *really* want to go there?
pgpbq3m3xycH4.pgp
Description: PGP signature
On Tue, 10 Aug 2010 14:42:43 PDT, Joseph Jackson said:
The way I understand it is if you aren't paying for preferred service then
your VPN traffic would be at the bottom of the stack on forwarding. So while
it gets around GeoIP stuff vpns would be subject to the same quality of
service
On Thu, 12 Aug 2010 23:52:06 PDT, Jeff Walter said:
Just got confirmation from GBLX... Router seized. Perhaps some WD-40 is
in order?
No caffeine yet. Did you mean router froze up, or router taken into
possession by creditors and/or law enforcement officials? ;)
pgpYOKNVcQp1i.pgp
On Fri, 13 Aug 2010 15:24:45 EDT, Ken Chase said:
I'm indicating (the probably obvious) that these pressures will certainly
increase over time, and as one other member pointed out, the sticks may become
neccessary - and the community will have to become more 'constitutionally
ethical' in
On Sat, 14 Aug 2010 17:03:59 MDT, Chris Grundemann said:
First, in this thread we are not talking about folks who have not paid
ARIN their dues, we are talking about folks who sell addresses
despite not being authorized to do so by ARIN - aka abuse/fraud.
Psst.. Hey.. buddy. Over here... wanna
On Sun, 15 Aug 2010 18:14:41 +0200, Florian Weimer said:
What's the current consensus on exempting private network space from
source address validation? Is it recommended? Discouraged?
What you do on your internal networks and internal transit is your business.
BCP38 talks about where you
On Sun, 15 Aug 2010 11:44:18 EDT, Owen DeLong said:
You and Randy operate from the assumption that these less certain rights
somehow exist at all. I believe them to be fictitious in nature and
contrary to the intent of number stewardship all the way back to
Postel's original notebook. Postel
On Sun, 15 Aug 2010 23:49:05 PDT, Mike said:
I am needing to renumber some core infrastructure - namely, my
nameservers and my resolvers - and I was wondering if the collective
wisdom still says heck yes keep this stuff all on seperate subnets away
from eachother? Anyone got advice either
On Sun, 15 Aug 2010 19:02:50 +0200, Florian Weimer said:
* Valdis Kletnieks:
On Sun, 15 Aug 2010 18:46:49 +0200, Florian Weimer said:
And that connection that's trying to use PMTU got established across the
commodity internet, how, exactly? ;)
ICMP fragmentation needed, but DF
On Mon, 16 Aug 2010 06:50:00 CDT, Joe Greco said:
What *possible* use case would require a 1918-sourced packet to be
traversing
the public internet? We're all waiting with bated breath to hear this one.
;)
It's great for showing in traceroutes who the heel is.
Like I said, at that
On Mon, 16 Aug 2010 09:57:51 EDT, Joe Maimon said:
Kind of interesting to consider how a successful implementation of RPKI
might change the rules of this game we all play in. I tried talking
about that at ARIN in Toronto, not certain I was clear enough.
I'm not at all convinced this would
On Fri, 20 Aug 2010 16:08:19 CDT, Butch Evans said:
Maybe I'm missing something. Can you point me to something that will
help my understand WHY an ICMP redirect is such a huge security concern?
For most of the networks that I manage (or help to manage), I can see no
reason why this would be
On Fri, 20 Aug 2010 18:16:35 EDT, Brandon Ross said:
How does turning off ICMP redirects on the router prevent a rouge PC from
sending ICMP redirects to it's neighbors?
If I know for a fact that the network is designed such that I will never ever
receive a valid ICMP redirect because there is
On Sun, 22 Aug 2010 18:29:52 +0200, Kasper Adel said:
How would you calculate the cost of a network outage, specifically if its
related to a software bug or a misconfiguration.
Just your actual costs, or your costs plus refunds due on SLAs, or your costs
plus refunds after SLAs once you finish
On Mon, 23 Aug 2010 05:51:53 +1000, Matthew Palmer said:
We have been leading up to a Federal election, with two big tech issues
involved - a new national broadband network and Internet censorship.
These two topics have rather dominated discussions of late.
Politics on an operational
On Sun, 22 Aug 2010 22:23:19 -1000, Michael Painter said:
Researchers in South Korea have built a networking router that transmits data
at record speeds from components found in most high-end desktop computers
http://www.technologyreview.com/communications/26096/?nlid=3423
Two great quotes
On Mon, 23 Aug 2010 19:46:59 -, khatfi...@socllc.net said:
This would give you some advantages:
1) Content caching - increasing speeds for users while decreasing your
overall bandwidth utilization.
Does anybody have any real-world stats on what size local Squid/whatever cache
they're
On Fri, 27 Aug 2010 00:25:43 PDT, Michael J McCafferty said:
2) Tijuana to Guadalajara for an 8hr layover, then to Atlanta for a
1.5hr layover to New York LGA.
I once got booked Roanoke-Pittsburgh-Chicago-St Louis-Columbia MO. All layovers
*short* enough to induce run through the airport panic
On Fri, 27 Aug 2010 10:32:17 EDT, Marshall Eubanks said:
A _really_ intelligent airline scheduling system would (IMHO) be able to
offer you options like
there is a direct flight Pittsburgh - Kansas City, and from there it
is a 2 hour drive to Columbia, so that will save you 5 hours travel
On Fri, 27 Aug 2010 19:27:06 +0200, Kasper Adel said:
Havent seen a thread on this one so thought i'd start one.
Ripe tested a new attribute that crashed the internet, is that true?
If it in fact crashed the internet, as opposed to gave a few buggy routers
here and there indigestion, you
On Fri, 27 Aug 2010 13:43:39 PDT, Clay Fiske said:
If -everyone- dropped the session on a bad attribute, it likely wouldn't
make it far enough into the wild to cause these problems in the first
place.
That works fine for malformed attributes. It blows chunks for legally formed
but unknown
On Tue, 31 Aug 2010 12:02:56 CDT, Jack Bates said:
6to4 doesn't suffer the same issues. Primarily because RFC1918
addressing can't be used in 6to4. This means that at a minimum, the
router has to participate or the host behind it must be manually
configured with a 6to4 address (for the
On Thu, 02 Sep 2010 14:12:38 EDT, Deepak Jain said:
Dual routing is intended to be more of a long-term solution because there
will be very few pure OSI or TCP/IP routing environments in the future.
Well, they were half-right. ;)
pgpjIdWlsKA38.pgp
Description: PGP signature
On Tue, 07 Sep 2010 09:03:12 EDT, Jamie Bowden said:
Now, on to the topic at hand. Why would you scan the address space in
the first place? Wouldn't it be easier to compromise a known host and
look at the ARP table? Or better yet, the router on the edge? If it's
moving packets, something
On Wed, 08 Sep 2010 02:21:31 PDT, Bruce Williams said:
I *am* curious--what makes it any worse for a search engine like Google
to fetch the file than any other random user on the Internet
Possibly because that other user is who the customer pays have their
content delivered to?
Seems to
On Tue, 14 Sep 2010 11:47:38 EDT, Dave Sparro said:
Would you object to an ISP model where a content provider could pay to
get an ISP subscriber's package upgraded on a dynamic basis?
It would look something like my Road Runner PowerBoost(tm) service, only
it never cuts off when the
On Fri, 17 Sep 2010 09:13:48 CDT, Joe Greco said:
Rather than allowing service providers to pick and choose who subscribers
can communicate with, we're much more likely to see regulation intervene
to enforce reasonable rules.
We are indeed likely to see regulation intervene to enforce rules.
On Fri, 24 Sep 2010 15:52:22 +0530, Venkatesh Sriram said:
Can somebody educate me on (or pass some pointers) what differentiates
a router operating and optimized for data centers versus, say a router
work in the metro ethernet space? What is it thats required for
routers operating in data
On Sat, 25 Sep 2010 21:43:25 BST, Matthew Walster said:
Was anything ever standardised in that field? I imagine with much of
P2P traffic being (how shall I put this...) less than legal, it's of
questionable legality and the ISPs would not want to be held liable
for the content cached there?
On Sat, 25 Sep 2010 17:41:16 CDT, Robert Bonomi said:
On Sun, 26 Sep 2010 00:01:38 , Jeroen Massar said:
So it that is true, if you define news server as a cache, even
though you have to buy several terabytes, make that several petabytes,
to be able to cache this data one along with all the
On Mon, 27 Sep 2010 09:30:06 PDT, Lyndon Nerenberg said:
I've heard from a couple of people that the PIX will remap 587 (and 25)
to oddball ports if you fiddle the config just right. Given all the
other bogosity that box does with SMTP I wonder if there's truth to the
rumour. (I haven't
On Mon, 27 Sep 2010 17:44:37 BST, Leigh Porter said:
We had a great P2P cache from Cache Appliance. Did anybody else try
them?
Can you say anything about what size cache it was, and what amount
of bandwidth savings it produced?
pgpHbKjlAd43Z.pgp
Description: PGP signature
On Mon, 27 Sep 2010 19:27:28 BST, Brandon Butterworth said:
I fail to see the point. If an ISP needs to add caches they may
as well just add a simple, cheaper, standard, http cache.
It's a bang-per-buck issue, and depends highly on whether your
particular network sees more HTTP or P2P traffic.
On Wed, 29 Sep 2010 14:13:51 +0200, =?utf-8?Q?Bj=C3=B8rn_Mork?= said:
John Peach john-na...@johnpeach.com writes:
It is on all Linux distros:
ssmtp 465/tcp smtps # SMTP over SSL
So file bug reports.
bug-repo...@iana.org seems to bounce.
pgpKVhunwIKfg.pgp
On Fri, 01 Oct 2010 15:01:25 BST, Heath Jones said:
http://finance.yahoo.com/news/Hibernia-Atlantic-to-bw-3184701710.html?x=0.v=1
Sales spam - but still - very close to minimum possible latency!
3471 miles @ 186,282 miles/s * 1.5 in glass * 2 round trip = 55.9ms.
My first thought is that
On Mon, 04 Oct 2010 13:30:55 PDT, Owen DeLong said:
Removing a few points probably isn't a bad idea so long as you have a list of
domains for which points should be added.
140 million .coms. Throw-away domains. I do believe that Marcus Ranum had
trying to enumerate badness on his list of Six
On Mon, 04 Oct 2010 17:05:12 EDT, Suresh Ramasubramanian said:
dig throwaway1.com NS
dig throwaway2.com NS
etc etc ... and then check_sender_ns_access in postfix, for example.
Yes, that *is* better than whack-a-mole on the same DNS server, but...
The NANOG lurker in the next cubicle used to
On Wed, 06 Oct 2010 16:39:03 EDT, Andrew Kirch said:
No, the majority does not define what operational means. Facebook is
not a mission critical internet resource (such as a fiber cut, power
loss at a peering point, DoS attack.
Yes, but anytime something spikes the number of calls at my
On Thu, 07 Oct 2010 12:10:37 -, Sven Olaf Kamphuis said:
If what you're asking under point c is what happens if a system that
contains such a password for your email address gets compromised the
answer is simple, you remove that specific password from your approved
passwords list
140
On Thu, 07 Oct 2010 14:16:00 -, Sven Olaf Kamphuis said:
you just give contacts for the passwords with which you have received a
new one.
each potential person that can send email to your email address, gets a
unique password from you.
You missed the point. How does
On Tue, 12 Oct 2010 05:35:11 PDT, iHate SORBS said:
I am calling on all Network Operators to stand up and stop routing
dnsbl.sorbs.net until that time they can commit to making real changes.
You *do* realize your beef isn't with SORBS, it's with the mail operators that
are using that as part
On Mon, 18 Oct 2010 14:41:36 +0200, Jens Link said:
Jeroen Massar jer...@unfix.org writes:
So, if your company is not doing IPv6 yet, you really are really getting
late now.
They won't listen.
Consider it evolution in action.
:)
pgpBYy5yKbRFN.pgp
Description: PGP signature
On Mon, 18 Oct 2010 10:52:18 PDT, George Bonser said:
From: Owen DeLong [mailto:o...@delong.com]
The good news is that stateful inspection doesn't go away in IPv6. It works
just fine. All that goes away is the header mangling.
Exactly true but there are people out there who experience it
On Tue, 19 Oct 2010 13:49:10 +0200, Jens Link said:
valdis.kletni...@vt.edu writes:
Those people are next on my hit list, after we've finally eliminated those
who still talk about class A/B/C addresses. :)
You are going to kill about 90% of all net-/sysadmins?
Do you *really* want
On Fri, 29 Oct 2010 09:55:06 PDT, Rettke, Brian said:
It's obviously something that each of us would need to do individually, but
I'm wondering if there is any way this could become a de facto standard,
or could be a method that the community at large could enforce somehow.
Alice's
On Thu, 21 Oct 2010 19:21:41 PDT, George Bonser said:
With v6, while changing prefixes is easy for some gear, other gear is
not so easy. If you number your entire network in Provider A's space,
you might have more trouble renumbering into Provider B's space because
now you have to change
On Tue, 02 Nov 2010 18:21:14 -, Sven Olaf Kamphuis said:
getting rid of bind has various other advantages, such as no longer
needing tcp to transfer zone files (Retarded concept to say the least)
so there are no more tcp issues related to anycasting your authorative
dns servers, as you
On Wed, 03 Nov 2010 17:01:32 PDT, Owen DeLong said:
On Nov 3, 2010, at 3:43 PM, Mark Andrews wrote:
Actually PI is WORSE if you can't get it routed as it requires NAT or
it requires MANUAL configuration of the address selection rules to be
used with PA.
It's very easy to get PIv6 routed
On Mon, 08 Nov 2010 19:36:49 +0100, Mans Nilsson said:
Given this empirical data, clearly pointing to the fact that It Does
Not Matter, I think we can stop this nonsense now.
That's right up there with the sites that blackhole their abuse@
address, and then claim they never actually see any
On Wed, 10 Nov 2010 07:42:32 EST, ML said:
- An external Internet connection to the Internet Service Provider of at
least 100 Mbps per 1,000 students/staff
30K students here, 2x10GE to the outside world.
- Internal wide area network connections from the district to each
school and
On Wed, 10 Nov 2010 15:31:25 EST, Jared Mauch said:
The best question is:
Do you know what prefix you just lost reachability to, or do you just
point default as a last resort anyways, so don't know.
One has to wonder how many places are using the prepend-me-harder
commands to do traffic
On Wed, 10 Nov 2010 21:35:50 EST, Jon Lewis said:
anywhere near that long. Worst case, someone is silly with their number
of prepends, we don't see their route. I can't say how long I've been
doing this...it predates our rancid setup, which means 6 years. Though
it's caused numerous
1 - 100 of 1617 matches
Mail list logo