Re: Large jump in global table prefix count?
I can only see about 450 right now - perhaps they fixed it On 16/06/11 04:05, valdis.kletni...@vt.edu wrote: > On Wed, 15 Jun 2011 22:51:52 EDT, Chris Griffin said: >> Prefixes Change ASnum AS Description >> 19227 115->19342 AS15557 LDCOMNET NEUF CEGETEL (formerly >> LDCOM NETWORKS) > Somehow, I get the feeling that a network engineer at AS15557 is about to have > a very bad work shift. ;)
RE: Open Resolver Problems
There are a number of open resolvers that are that way by design (i.e. Google), but most of them are there by misconfiguration, having a small number (say < 100) of well-known open resolvers in the world is not a problem, having > 1 million probably is Mike -Original Message- From: Harry Hoffman [mailto:hhoff...@ip-solutions.net] Sent: 25 March 2013 14:46 To: nanog@nanog.org Subject: Re: Open Resolver Problems What are those who provide open resolvers, such as google, doing to combat the problem? It would be nice to be able to provide open resolvers as a service and combat the various threats associated with them. Cheers, Harry On 03/25/2013 10:22 AM, Jared Mauch wrote: > All, > > Open resolvers pose a security threat. I wanted to let everyone know about a search tool that can help you find the ones within your organization. Treat it like a big "BETA" stamp is across it, but please try it out and see if you can close down any hosts within your network. > > This threat is larger than the SMURF amplification attacks in the past and can result in some quite large attacks. I've seen this spilling out into other mailing lists (e.g.: juniper-nap and others). > > Please send feedback about links that should be included or documentation and spelling errors to me. > > openresolverproject.org > > Some basic stats: > > 27 million resolvers existed as of this dataset collection > > only 2.1 million of them were "closed". > > We have a lot to do to close the hosts, please do what you can to help. > > Thanks, > > - Jared > >
RE: Problems getting to Verisign's whois server on IPv6
Seems to work for me mps31@lonsgnsu1:~$ telnet -6 2001:503:3227:1060::74 whois Trying 2001:503:3227:1060::74... Connected to 2001:503:3227:1060::74. Escape character is '^]'. mps31@lonsgnsu1:~$ whois -h 2001:503:3227:1060::74 =verisign.com Whois Server Version 2.0 Domain names in the .com and .net domains can now be registered with many different competing registrars. Go to http://www.internic.net for detailed information. Domain Name: VERISIGN.COM Registrar: NETWORK SOLUTIONS, LLC. Whois Server: whois.networksolutions.com Referral URL: http://www.networksolutions.com/en_US/ Name Server: A2.NSTLD.COM Name Server: C2.NSTLD.NET Name Server: D2.NSTLD.NET Name Server: E2.NSTLD.NET Name Server: F2.NSTLD.COM Name Server: G2.NSTLD.COM Name Server: H2.NSTLD.NET Name Server: J2.NSTLD.NET Name Server: K2.NSTLD.NET Name Server: L2.NSTLD.COM Name Server: M2.NSTLD.NET Status: clientTransferProhibited Status: serverDeleteProhibited Status: serverTransferProhibited Status: serverUpdateProhibited Updated Date: 14-apr-2011 Creation Date: 02-jun-1995 Expiration Date: 01-jun-2012 >>> Last update of whois database: Tue, 01 May 2012 12:29:12 UTC <<< Mike Simkins ▪ Senior Network Engineer , Operations Engineering ▪ SunGard Availability Services ▪ 25 Canada Square, London E14 5LQ -Original Message- From: TR Shaw [mailto:ts...@oitc.com] Sent: 01 May 2012 13:23 To: Tony Tauber Cc: NANOG list Subject: Re: Problems getting to Verisign's whois server on IPv6 Nope sure can't $ telnet -6 2001:503:3227:1060::74 whois 2001:503:3227:1060::74: nodename nor servname provided, or not known Tom On May 1, 2012, at 8:15 AM, Tony Tauber wrote: > Path is not the same, but the last few replies similarly suggest > packet-filters (!X in my case vs. !P). > I can get to the whois port (TCP/43): > > $ telnet -6 2001:503:3227:1060::74 whois Trying > 2001:503:3227:1060::74... > Connected to 2001:503:3227:1060::74. > Escape character is '^]'. > > Can you? > > Tony > > On Tue, May 1, 2012 at 8:01 AM, TR Shaw wrote: > Anyone else having problems getting to Verisign's whois server on IPv6? > > $ host com.whois-servers.net > com.whois-servers.net is an alias for whois.verisign-grs.com. > whois.verisign-grs.com has address 199.7.59.74 whois.verisign-grs.com > has IPv6 address 2001:503:3227:1060::74 > > $ traceroute6 2001:503:3227:1060::74 > traceroute6 to 2001:503:3227:1060::74 (2001:503:3227:1060::74) from > 2001:470:5:4ed:cabc:c8ff:fea1:560c, 64 hops max, 12 byte packets > 1 2001:470:5:4ed:226:bbff:fe6d:426e 0.311 ms 0.374 ms 0.260 ms > 2 ipv6oitc-1.tunnel.tserv12.mia1.ipv6.he.net 21.128 ms 21.052 ms > 17.389 ms > 3 gige-g2-3.core1.mia1.he.net 20.055 ms 16.198 ms 22.699 ms > 4 10gigabitethernet4-3.core1.atl1.he.net 40.166 ms 33.887 ms > 32.547 ms > 5 10gigabitethernet6-4.core1.ash1.he.net 49.821 ms 45.999 ms > 52.751 ms > 6 2001:504:0:2::2641:1 47.197 ms 46.748 ms 47.289 ms > 7 xe-1-2-0.r1.bb-fo.chi2.vrsn.net 65.094 ms >xe-0-2-0.r2.bb-fo.chi2.vrsn.net 66.441 ms >xe-1-2-0.r1.bb-fo.chi2.vrsn.net 66.320 ms > 8 2001:503:3227:14ff::2 66.448 ms >2001:503:3227:13ff::2 101.761 ms 86.864 ms > 9 2001:503:3227:13ff::2 69.818 ms !P >2001:503:3227:14ff::2 69.311 ms !P >2001:503:3227:13ff::2 68.662 ms !P > > >
Re: IRR-clueful person at 3356?
That's the sort of thing we have in Europe, downstream customer need to be in your AS-SET for filtering purposes - Original Message - From: Jon Lewis [mailto:jle...@lewis.org] Sent: Friday, August 17, 2012 11:29 AM To: Robert E. Seastrom Cc: nanog@nanog.org Subject: Re: IRR-clueful person at 3356? On Fri, 17 Aug 2012, Robert E. Seastrom wrote: > The telemetry I'm getting (thirdhand and believed to originate from > first line support) suggests that both Level(3)'s direct customer and > any downstreams of that customer need to be in the same IRR component. Can't say for sure if it's true, but I've been told the same thing by Level3 support. -- Jon Lewis, MCP :) | I route Senior Network Engineer | therefore you are Atlantic Net| _ http://www.lewis.org/~jlewis/pgp for PGP public key_
RE: IPv6 Ignorance
RIPE 552 (I think), allows you to request up to a /29 without additional justification if needed. Mike -Original Message- From: Adrian Bool [mailto:a...@logic.org.uk] Sent: 17 September 2012 15:55 To: nanog@nanog.org Subject: Re: IPv6 Ignorance Hi, On 17 Sep 2012, at 15:02, Nick Hilliard wrote: > On 17/09/2012 14:37, Adrian Bool wrote: >> It seems a tad unfair that the bottom 80 bits are squandered away >> with a utilisation rate of something closely approximating zero > > You are thinking in ipv4 mode. In ipv6 mode, the consideration is not > how > many hosts you have, but how many subnets you are dealing with. > Instead of thinking of 128 bits of addressing space, we talk about 64 > bits of subnet space. So your statement comes down to: "it seems a > tad unfair that the bottom 16 bits are squandered away". This is a > more difficult argument to make. I don't really agree with the "IPv6 think" concept - but let's put that aside for now... The default allocation size from an RIR* to an LIR is a /32. For an LIR providing /48 site allocations to their customers, they therefore have 16-bits of address space available to them to address their customers. So, even in "IPv6 think", homes that typically have one subnet have an equal number of bits to address their single subnet as an LIR has to address all of their customers. It seems illogical to me that we've got an 128-bit address space, featuring numbers far larger than any human can comprehend, yet the default allocation to an LIR allows them to address such a feeble number as 65,536 customers - a number far smaller than the number of customers for medium to large ISPs. The default LIR allocation should be a several orders of magnitude greater than the typical customer base - not a smaller default allocation. Regards, Adrian * At least for RIPE.
