Linkedin Contacts

[Felix Bako]

Guyz. Anyone from Linkedin here? please
contact me offlist. We have not been able to open www.linkedin.com
from Our Ip space for close to 2 months now!!.
Any Help will be highly apreciated

Regards

-- 
Felix Bako
*Team Leader - Networks*
Africa Online (K) LTD
Tel: + 254 (20) 2792246
Fax: + 254 (20) 2710010
Email: [EMAIL PROTECTED] _
AIM: felixbako




*OFFICIAL CO – SPONSOR OF THE 2008 TUSKER SAFARI SEVENS
*

A MEMBER OF TELKOM SOUTH AFRICA GROUP

*Africa Online Disclaimer and Confidentiality Note*

This e-mail, its attachments and any rights attaching hereto are, unless
the context clearly indicates otherwise, the property of Africa Online
Holdings (Kenya) Limited and / or its subsidiaries ("the Group"). It is
confidential and intended for the addressee only. Should you not be the
addressee and have received this e-mail by mistake, kindly notify the
sender, delete this e-mail immediately and do not disclose or use the
same in any manner whatsoever. Views and opinions expressed in this
e-mail are those of the sender unless clearly stated as those of the
Group. The Group accepts no liability whatsoever for any loss or
damages, however incurred, resulting from the use of this e-mail or its
attachments. The Group does not warrant the integrity of this e-mail,
nor that it is free of errors, viruses, interception or interference.
For more information about Africa Online, please visit our website at
_http://www.africaonline.com _

Re: Multiple DNS implementations vulnerable to cache poisoning

[Joao Damas]

I would love to get input on that be it in Dublin or elsewhere, both  
sides: the authoritative server and the recursive validator. We have  
ideas and want to do this but I will not claim to be the owner of THE  
TRUTH, so input is much desired.


Joao

PS: I would also want a copy of, or a secure method to access, the  
public part of the keys you use to sign those ccTLDs so I can place  
them in ISC's DLV registry


On 10 Jul 2008, at 01:17, Randy Bush wrote:


David Conrad wrote:

There are 4 ccTLDs (se, bg, pr, br) that are signed.

wanna crawl in a corner in dublin and i can sign a few?
Love to.  We can also put your trust anchors in the prototype ITAR  
(see

the first part of
https://par.icann.org/files/paris/IANAReportKim_24Jun08.pdf).


aside from just getting some cctlds signed, i will be interested in  
the

tools, usability, work flow, ...  i.e. what is it like for a poor
innocent cctld which wants to sign their zone?

randy

Re: Multiple DNS implementations vulnerable to cache poisoning

[Phil Regnauld]

Eric Davis (eric) writes:
> Anyone using Infoblox DNSOne?  They claimed to have fixed their BIND version
> but I still see issues with source ports staying the same.

Which version are you running of the OS ?

Big delays at Sprint or Verizon network?

[Nicolas Antoniello]

Hi all,

Are any of you experiencing some unusual delay at Sprint or Verizon network?

From here, we are getting about 400ms, where should be around 150-180ms.

Thanks,
Nicolas.

  2 ibb2agu1-dist.antel.net.uy (200.40.0.143) 0 msec
ibb2agu2-dist.antel.net.uy (200.40.0.153) 4 msec
ibb2agu1-dist.antel.net.uy (200.40.0.143) 0 msec
  3  *  *  *
  4  *  *  *
  5 POS1-0.IG2.MIA4.ALTER.NET (157.130.75.33) 468 msec 492 msec 488 msec
  6  *  *  *
  7 0.so-7-0-0.XL1.SJC1.ALTER.NET (152.63.55.106) 576 msec 588 msec *
  8  *  *  *
  9 cisco-sjc-gw.customer.alter.net (157.130.198.78) 572 msec 592 msec 588 msec

Re: Multiple DNS implementations vulnerable to cache poisoning

[Christopher Morrow]

On Thu, Jul 10, 2008 at 10:22 AM, Wes Hardaker <[EMAIL PROTECTED]> wrote:
>> On Wed, 9 Jul 2008 22:55:05 -0400, "Christopher Morrow" <[EMAIL 
>> PROTECTED]> said:
>
 aside from just getting some cctlds signed, i will be interested in the
 tools, usability, work flow, ...  i.e. what is it like for a poor
 innocent cctld which wants to sign their zone?
>>>
>>> If there is sufficient interest, we could do a bar bof to describe some of
>>> the tools IANA has...
>>>
>
> CM> I think Sandy Murphy or other Sparta folks have presented some of the
> CM> work they've done on this... Perhaps finding one/some of them and
> CM> having a more operations focused presentation in LAX or ... is a good
> CM> idea as well?
>
> The tools that Sparta developed (and made freely available via an open
> source packaged that is BSD licensed) can be found at
> http://www.dnssec-tools.org/ .  In particular, signing a zone is

yup, and that's helpful stuff.

> intended to be easy using "zonesigner" (requires bind tools):
>
>  zonesigner -genkeys db.example.com
>

great... what about a zone that's getting slaved off of a silent
master at the customer site? how does that get integrated? (customer
does the dns-sec magic, my server validates the updates... config
examples help here)

> Then next time, just leave off the -genkeys argument.
>
> (there is also a daemon called "rollerd" that can auto-sign on a regular
> basis and help automate key-rollever timing)
>

nice, extra load induced on server? impact on the number of zones I
can serve? tinydns compatible? db-backended NS daemon support?

> The full list of tools and tutorials sectioned into different needs can
> be found here:
>
>  http://www.dnssec-tools.org/wiki/index.php/Tutorials
>

great :)

>
> All for free.  Don't you hate those ??biased??, freely-available,
> source-code-supplied-so-you-can-change-it, BSD-licensed open source
> packages?
> --

I like free... as long as it's the hammer I need for the nails I have.

-Chris

Independent Testing for Network Hardware

[Brian Knoll (TT)]

Can anyone recommend a reliable independent testing company that tests
network hardware performance?

 

We are considering buying testing hardware (right now we are looking at
Spirent TestCenter) and I wanted to see if there were other options...

 

Brian Knoll

 

 

Re: Linkedin Contacts

[mark seiden-via mac]

it probably has something to do with the large proportion of fraudsters
using linked in and every personals site in the world for 419 and
other confidence schemes, don't you think?

of course, this only forces the fraudsters to use proxies, aol and  
satellite

providers which are more difficult to geolocate.



On Jul 10, 2008, at 1:11 AM, Felix Bako wrote:


Guyz. Anyone from Linkedin here? please
contact me offlist. We have not been able to open www.linkedin.com
from Our Ip space for close to 2 months now!!.
Any Help will be highly apreciated

Regards

--
Felix Bako
*Team Leader - Networks*
Africa Online (K) LTD
Tel: + 254 (20) 2792246
Fax: + 254 (20) 2710010
Email: [EMAIL PROTECTED] _
AIM: felixbako




*OFFICIAL CO – SPONSOR OF THE 2008 TUSKER SAFARI SEVENS
*

A MEMBER OF TELKOM SOUTH AFRICA GROUP

*Africa Online Disclaimer and Confidentiality Note*

This e-mail, its attachments and any rights attaching hereto are,  
unless

the context clearly indicates otherwise, the property of Africa Online
Holdings (Kenya) Limited and / or its subsidiaries ("the Group"). It  
is
confidential and intended for the addressee only. Should you not be  
the

addressee and have received this e-mail by mistake, kindly notify the
sender, delete this e-mail immediately and do not disclose or use the
same in any manner whatsoever. Views and opinions expressed in this
e-mail are those of the sender unless clearly stated as those of the
Group. The Group accepts no liability whatsoever for any loss or
damages, however incurred, resulting from the use of this e-mail or  
its

attachments. The Group does not warrant the integrity of this e-mail,
nor that it is free of errors, viruses, interception or interference.
For more information about Africa Online, please visit our website at
_http://www.africaonline.com _

Re: Linkedin Contacts

[Suresh Ramasubramanian]

On Thu, Jul 10, 2008 at 9:17 PM, mark seiden-via mac <[EMAIL PROTECTED]> wrote:
> it probably has something to do with the large proportion of fraudsters
> using linked in and every personals site in the world for 419 and
> other confidence schemes, don't you think?
>
> of course, this only forces the fraudsters to use proxies, aol and satellite
> providers which are more difficult to geolocate.

Well, half of west african connectivity IS satellite so you're going
to see a lot of Gilat, etc satellite carriers' IP space as the source
for 419 activity

Especially when it comes to a paid service like a lot of linkedin is,
if firewalling off a particular section of IP space means far less
chargebacks, well, it may not look good but it sure has a great impact
on your bottom line.

--srs

Cogent problems in Chicago area?

[Brandon Galbraith]

Is anyone seeing Cogent issues in the Chicago area? We have several racks
with them, and our connectivity just dropped off.

-brandon

Cogent problems in Chicago area? (updated with info)

[Brandon Galbraith]

Cogent is indeed having a problem in the Chicago area. No ETR. Master ticket
# 759401.

-brandon

Re: Cogent problems in Chicago area?

[Christian Koch]

...what did big 'ol 174 say?



On Thu, Jul 10, 2008 at 12:31 PM, Brandon Galbraith <
[EMAIL PROTECTED]> wrote:

> Is anyone seeing Cogent issues in the Chicago area? We have several racks
> with them, and our connectivity just dropped off.
>
> -brandon
>



-- 
^christian$

Re: Cogent problems in Chicago area?

[Darrell Hyde]

> ...what did big 'ol 174 say?

Cogent Network Status/DNS Server Status Description: 
Welcome to Cogent Communications’ Network Status Message. Today is
7/10/08 @ 12:30 ET. At this time, some customers in the Chicago region
may be experiencing loss of connectivity in the 427 S LaSalle Data
Center. The NOC and IP Engineering teams are working to isolate the
issue and resolve as soon as possible. There is no Estimated Time to
Repair at this time. Our ticket number for this issue is
HD000759398. Next expected update in 20 minutes.

Re: Cogent problems in Chicago area?

[Brandon Galbraith]

On 7/10/08, Darrell Hyde <[EMAIL PROTECTED]> wrote:
>
> > ...what did big 'ol 174 say?
>
>
> Cogent Network Status/DNS Server Status Description:
> Welcome to Cogent Communications' Network Status Message. Today is
> 7/10/08 @ 12:30 ET. At this time, some customers in the Chicago region
> may be experiencing loss of connectivity in the 427 S LaSalle Data
> Center. The NOC and IP Engineering teams are working to isolate the
> issue and resolve as soon as possible. There is no Estimated Time to
> Repair at this time. Our ticket number for this issue is
> HD000759398. Next expected update in 20 minutes.
>

I can reach the equipment at that location again. Seems to be back up and
running.

-brandon

Re: Multiple DNS implementations vulnerable to cache poisoning

[David Conrad]

Already gotten a hint that something along these lines would be  
desirable for LAX.  I can propose something to the PC -- which would  
be more useful for folks, a more general DNSSEC signing workshop or a  
focused presentation on IANA's stuff?


Regards,
-drc

On Jul 9, 2008, at 7:55 PM, Christopher Morrow wrote:

On Wed, Jul 9, 2008 at 7:28 PM, David Conrad <[EMAIL PROTECTED]>  
wrote:

On Jul 9, 2008, at 4:17 PM, Randy Bush wrote:


aside from just getting some cctlds signed, i will be interested  
in the

tools, usability, work flow, ...  i.e. what is it like for a poor
innocent cctld which wants to sign their zone?


If there is sufficient interest, we could do a bar bof to describe  
some of

the tools IANA has...



I think Sandy Murphy or other Sparta folks have presented some of the
work they've done on this... Perhaps finding one/some of them and
having a more operations focused presentation in LAX or ... is a good
idea as well?

-Chris

Re: Multiple DNS implementations vulnerable to cache poisoning

[David Conrad]

On Jul 9, 2008, at 8:27 PM, Martin Hannigan wrote:
If there is sufficient interest, we could do a bar bof to describe  
some of

the tools IANA has...

I think Sandy Murphy or other Sparta folks have presented some of the
work they've done on this... Perhaps finding one/some of them and
having a more operations focused presentation in LAX or ... is a good
idea as well?

I'd rather see the IANA do it. I wouldn't say that they are 100%
neutral, but they're more neutral than SPARTA.



Not taking the bait on neutrality (:-)), but I don't see this as  
either/or...


Regards,
-drc

Re: Multiple DNS implementations vulnerable to cache poisoning

[David Conrad]

On Jul 10, 2008, at 2:59 AM, Joao Damas wrote:
PS: I would also want a copy of, or a secure method to access, the  
public part of the keys you use to sign those ccTLDs so I can place  
them in ISC's DLV registry


IANA's 'interim trust anchor repository' will be publicly accessible  
(of course).


Regards,
-drc

verizon.net abuse/support contacts?

[Bill]

I need to report something about an IP belonging to them:
pool-.ny325.east.verizon.net

I've looked at their website and the whois record...and sent email to 
[EMAIL PROTECTED], [EMAIL PROTECTED], [EMAIL PROTECTED]


Are these the right addresses? If someone works for verizon.net please let me 
know here or offline.


Thanks a bunch!

Bill

Re: Multiple DNS implementations vulnerable to cache poisoning

[Leo Bicknell]

In a message written on Wed, Jul 09, 2008 at 12:30:08PM -0700, David Conrad 
wrote:
> for root signing.  The fact that root zone data you receive from the  
> root servers is not signed may suggest that there is a bit more that  
> needs to be done and pretty much all of that is NOT something ICANN  
> has direct control over.

So David, who has control, and what do they need to do?

Every time I've asked someone in the chain about what it takes to
sign the root, their part is done, it's others who aren't doing
their bits.

Perhaps I'm too much of an engineer.  Today there is a process for
IANA (ICANN?) to say "update the IP for a.root-servers.net from x
to y" and it makes it to someone who can run vi on the master file,
and they insert a new entry, and boom the root has it.

It seems to me if IANA (ICANN?) generates sigs, hands those same
records to the same person with vi access to the file and they add
them then boom, the root would have it.  Signature records are no
different than any other type of record in the root, and other
records have been updated in the past.

Since you already have the sigs on the web page why can't they be
sent to the guy with vi access the same as any other record change?
Please, let us know so people can go fix it.

-- 
   Leo Bicknell - [EMAIL PROTECTED] - CCIE 3440
PGP keys at http://www.ufp.org/~bicknell/


pgpdtnCuIGFhc.pgp
Description: PGP signature

RE: Multiple DNS implementations vulnerable to cache poisoning

[Martin Hannigan]

> -Original Message-
> From: David Conrad [mailto:[EMAIL PROTECTED]
> Sent: Thursday, July 10, 2008 1:26 PM
> To: Martin Hannigan
> Cc: [EMAIL PROTECTED]
> Subject: Re: Multiple DNS implementations vulnerable to cache
poisoning
> 
> 
> On Jul 9, 2008, at 8:27 PM, Martin Hannigan wrote:
> >>> If there is sufficient interest, we could do a bar bof to describe
> >>> some of
> >>> the tools IANA has...
> >> I think Sandy Murphy or other Sparta folks have presented some of
> the
> >> work they've done on this... Perhaps finding one/some of them and
> >> having a more operations focused presentation in LAX or ... is a
> good
> >> idea as well?
> > I'd rather see the IANA do it. I wouldn't say that they are 100%
> > neutral, but they're more neutral than SPARTA.
> 
> 
> Not taking the bait on neutrality (:-)), but I don't see this as
> either/or...
> 
> Regards,
> -drc
> 


Not bait, but agreed. I was trying to indicate that I thought it would
be interesting for the IANA to present something since it is an effort
under the ICANN umbrella, regardless of it being bottom up or top down. 

Bad choice of words. Mea culpa.


Best,

Marty

--
Martin Hannigan  http://www.verneglobal.com/
Verne Global Datacenters e: [EMAIL PROTECTED]
Keflavik, Icelandp: +16178216079

Re: Multiple DNS implementations vulnerable to cache poisoning

[Jay R. Ashworth]

Another test, that apparently was publicized on some dnsops list:

dig +short porttest.dns-oarc.net TXT

Cheers,
-- jra
-- 
Jay R. Ashworth   Baylink  [EMAIL PROTECTED]
Designer The Things I Think   RFC 2100
Ashworth & Associates http://baylink.pitas.com '87 e24
St Petersburg FL USA  http://photo.imageinc.us +1 727 647 1274

 Those who cast the vote decide nothing.
 Those who count the vote decide everything.
   -- (Josef Stalin)

Re: Multiple DNS implementations vulnerable to cache poisoning

[Michael Sinatra]

On 07/10/08 11:03, Jay R. Ashworth wrote:

Another test, that apparently was publicized on some dnsops list:

dig +short porttest.dns-oarc.net TXT


The "some dnsops list" is the OARC public dns-operations list, and this 
posting explains the tool and briefly describes the results:


http://lists.oarci.net/pipermail/dns-operations/2008-July/002932.html

There's a healthy discussion of this vuln and DNSSEC going on over 
there, and that list is an appropriate forum for further discussion of 
this topic.


michael

on Qwest transport, need service in Denver area

[neal rauhauser]

  I'm doing some work for a rural phone company and Denver is the nearest
metro area for them. The only transport in their area is Qwest and a
response from someone with knowledge of how to coax a mileage free ethernet
transport link out of them would be quite welcome.

  Drop me a note here if you either provide service in the area or if you're
a customer of someone who does ...

-- 
mailto:[EMAIL PROTECTED] //
GoogleTalk: [EMAIL PROTECTED]
IM: nealrauhauser

RE: Multiple DNS implementations vulnerable to cache poisoning

[Andrews Carl 455]

https://www.dns-oarc.net 

-Original Message-
From: Michael Sinatra [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 10, 2008 1:13 PM
To: Jay R. Ashworth
Cc: nanog@nanog.org
Subject: Re: Multiple DNS implementations vulnerable to cache poisoning

On 07/10/08 11:03, Jay R. Ashworth wrote:
> Another test, that apparently was publicized on some dnsops list:
> 
> dig +short porttest.dns-oarc.net TXT

The "some dnsops list" is the OARC public dns-operations list, and this
posting explains the tool and briefly describes the results:

http://lists.oarci.net/pipermail/dns-operations/2008-July/002932.html

There's a healthy discussion of this vuln and DNSSEC going on over
there, and that list is an appropriate forum for further discussion of
this topic.

michael

Re: Multiple DNS implementations vulnerable to cache poisoning

[Russ Mundy]

At 11:08 AM -0400 7/10/08, Christopher Morrow wrote:
>On Thu, Jul 10, 2008 at 10:22 AM, Wes Hardaker <[EMAIL PROTECTED]> wrote:
>>> On Wed, 9 Jul 2008 22:55:05 -0400, "Christopher Morrow"
>>><[EMAIL PROTECTED]> said:
>>
> aside from just getting some cctlds signed, i will be interested in the
> tools, usability, work flow, ...  i.e. what is it like for a poor
> innocent cctld which wants to sign their zone?

 If there is sufficient interest, we could do a bar bof to describe some of
 the tools IANA has...

>>
>> CM> I think Sandy Murphy or other Sparta folks have presented some of the
>> CM> work they've done on this... Perhaps finding one/some of them and
>> CM> having a more operations focused presentation in LAX or ... is a good
>> CM> idea as well?
>>
>> The tools that Sparta developed (and made freely available via an open
>> source packaged that is BSD licensed) can be found at
>> http://www.dnssec-tools.org/ .  In particular, signing a zone is
>
>yup, and that's helpful stuff.
>

Great, we're trying to provide tools that will help with the deployment and
operation of DNSSEC.  We also try to keep a listing of all the 'pieces'
that we know about that could be helpful to folks who want to deploy and
use DNSSEC in various ways whether they are operating a signed zone,
running a validating resolver or wanting DNSSEC-aware applications. The url
for the listing is:

http://www.dnssec-deployment.org/tracker

We provide the listing as community resource and try to keep it reasonably
current. But we are always on the lookout for additional information (&
corrections) to the list - if you have any, please let me know.

->snip<--
>>
>> All for free.  Don't you hate those ??biased??, freely-available,
>> source-code-supplied-so-you-can-change-it, BSD-licensed open source
>> packages?
>> --
>
>I like free... as long as it's the hammer I need for the nails I have.
>
>-Chris

We don't try to keep track of things in the listing by whether they or free
or not but I know a lot of them have typical open source type of licenses.

Russ

Re: Multiple DNS implementations vulnerable to cache poisoning

[Russ Mundy]

At 10:24 AM -0700 7/10/08, David Conrad wrote:
>Already gotten a hint that something along these lines would be
>desirable for LAX.  I can propose something to the PC -- which would
>be more useful for folks, a more general DNSSEC signing workshop or a
>focused presentation on IANA's stuff?
>
>Regards,
>-drc

Folks might find the DNSSEC session at the recent ICANN meeting interesting
since it focused on DNSSEC in the field and DNSSEC tools.  Descriptions of
the presentations as well as the slides are available at:

http://par.icann.org/en/node/77


I imagine that folks might want something different at LAX but I's be happy
to work with drc to put together a DNSSEC session of some sort if there was
interest.

Russ

>
>On Jul 9, 2008, at 7:55 PM, Christopher Morrow wrote:
>
>> On Wed, Jul 9, 2008 at 7:28 PM, David Conrad <[EMAIL PROTECTED]>
>> wrote:
>>> On Jul 9, 2008, at 4:17 PM, Randy Bush wrote:

 aside from just getting some cctlds signed, i will be interested
 in the
 tools, usability, work flow, ...  i.e. what is it like for a poor
 innocent cctld which wants to sign their zone?
>>>
>>> If there is sufficient interest, we could do a bar bof to describe
>>> some of
>>> the tools IANA has...
>>>
>>
>> I think Sandy Murphy or other Sparta folks have presented some of the
>> work they've done on this... Perhaps finding one/some of them and
>> having a more operations focused presentation in LAX or ... is a good
>> idea as well?
>>
>> -Chris
>>

RE: Independent Testing for Network Hardware

[Frank P. Troy]

I can recommend Isocore http://www.isocore.com/ (the same folks that run the
MPLS conference).  Talk to Rajiv Papneja [EMAIL PROTECTED]

Regards,
Frank


   Frank P. Troy
   703-396-8700
   [EMAIL PROTECTED]
-


-Original Message-
From: Brian Knoll (TT) [mailto:[EMAIL PROTECTED] 
Sent: Thursday, July 10, 2008 11:16 AM
To: [EMAIL PROTECTED]
Subject: Independent Testing for Network Hardware

Can anyone recommend a reliable independent testing company that tests
network hardware performance?

 

We are considering buying testing hardware (right now we are looking at
Spirent TestCenter) and I wanted to see if there were other options...

 

Brian Knoll

 

 

Comcast routing issue

[Andrew D Kirch]

Would a Comcast routing engineer contact me off list regarding a routing 
issue in Chicago?


Andrew

Thanks

[Andrew D Kirch]

I got a reply from several network engineers at Comcast, and they're now 
working on a resolution.  Thanks for the fast work guys!


Andrew

[ot] Re: Thanks

[jamie]

Nice .. Wish I'd gotten the same response when I'd nog-paged looking for an
AIM"(R)" [|net|ptn.aol] engineer.

(..which i'm still looking for, cough).



On Thu, Jul 10, 2008 at 11:05 PM, Andrew D Kirch <[EMAIL PROTECTED]>
wrote:

> I got a reply from several network engineers at Comcast, and they're now
> working on a resolution.  Thanks for the fast work guys!
>
> Andrew
>
>


-- 
Would you like a little bit of legal advice?
NEVER let a scientist use the words "unanticipated" and "immediate" in the
same sentence.
Okay? Okay.