Sharp drop in IPv6 traffic on AMS-IX on January 10th, 2019

[Sadiq Saif]

Hi all,

/u/tambry on Reddit [0] posted about there being a sharp decline in IPv6 
traffic on AMS-IX today.  

A ~60G drop from peak looking at the graphs here:
https://stats.ams-ix.net/sflow/ipv6.html

Anyone know what happened or any ideas as to what the cause in such a sharp 
drop might be?

[0] - 
https://www.reddit.com/r/ipv6/comments/emvjyd/sharp_decline_in_ipv6_traffic_at_amsix/

-- 
Sadiq Saif
https://sadiqsaif.com

Need help removing a old/outdated/incorrect proxy route object

[Sadiq Saif]

Hi all,

I am looking for help with removal of a old/outdated/incorrect proxy route 
object for one of my prefixes, 192.195.251.0/24.

The object in question:
route:  192.195.251.0/24
descr:  Proxy-registered route object
origin: AS135091
remarks:This is a HGC customer route-object
remarks:which is being exported under this origin AS.
remarks:
remarks:This route object was created because no existing
remarks:route object with the same origin was found.
remarks:
remarks:Please contact r...@hutchcity.com if you have any
remarks:questions regarding this object.
notify: r...@hutchcity.com
mnt-by: MAINT-AS9304
changed:r...@hutchcity.com 20171209
source: NTTCOM

I reached out to the address on file already but the mail server there is not 
reachable. Additionally I have no recollection of ever having used services 
from any of the AS mentioned.

The correct and only origin for that should be AS393949 as is in the ARIN IRR 
route object and also the ROA.

Can somebody help me with this?

Thanks in advance.

-- 
  Sadiq Saif/AS393949
  https://sadiqsaif.com/

Re: Need help removing a old/outdated/incorrect proxy route object

[Sadiq Saif]

On Tue, 17 Mar 2020, at 16:18, Job Snijders wrote:
> I can help! Will follow-up off list.
> 
> For future reference: db-ad...@rr.ntt.net is also a good place to 
> direct any questions about NTT's IRR service "NTTCOM"
> 
> Kind regards,

Thank you, Dan Paxton from the NTT NOC reached out off-list well. I appreciate 
the help!
-- 
  Sadiq Saif
  https://sadiqsaif.com/

Re: COVID-19 vs. peering wars

[Sadiq Saif]

On Fri, 20 Mar 2020, at 10:31, Steve Mikulasik via NANOG wrote:
>  
> In Canada the CRTC really needs to get on Canadian ISPs about peering 
> very liberally at IXs in each province. I know of one major institution 
> right now that would have a major work from home issue resolved if one 
> big ISP would peer with one big tier 1 in the IX they are both located 
> at in the same province. Instead traffic needs to flow across the 
> country or to the USA to get back to the same city.

**cough** Bell Canada **cough**.

-- 
  Sadiq Saif
  https://sadiqsaif.com/

Re: BGP route hijack by AS10990

[Sadiq Saif]

On Thu, 30 Jul 2020, at 13:09, Patrick Schultz wrote:
> so, bgp optimizers... again?
> 
> -- 
> Patrick

More like shame on Telia for not filtering properly.

If Tulix used a so called BGP "optimizer" and didn't have a proper export 
filter in place it is their mistake but as a major transit provider, Telia 
bears the brunt of the responsibility of making sure that Tulix's mistake 
doesn't affect the rest of us.

-- 
  Sadiq Saif
  https://sadiqsaif.com/

Re: Telstra Hijack

[Sadiq Saif]

On Tue, 29 Sep 2020, at 16:36, Ross Tajvar wrote:
> I'm surprised no one else has mentioned this yet, but Telstra is 
> hijacking a lot of prefixes:
> 
> https://rpki.cloudflare.com/?view=bgp&prefix=&asn=1221&validState=Invalid 
> 
> Since we don't have RPKI filtering in our network (yet), we are 
> currently filtering everything with the path ".* 4637 1221$". 
> 
> This is of course taking a while...

My employer's prefixes were affected, I posted about it on the AusNOG list so I 
could get some assistance. It has cleared up now but it took about two hours or 
so.

I saw AS paths like this from HE's looking glass:
6461x4, 4637x11, 1221

I would love to know what the root cause of the leak was.

-- 
  Sadiq Saif

Re: Anyone else getting the 'spam' bomb threat?

[Sadiq Saif]

On Tue, 19 Oct 2021, at 08:40, Matt Hoppes wrote:
> Are you contacting your LEO?  Or is this so spammy just hit delete?
>
> I feel like even spam chosen poorly comes with consequences.

I hit delete after I saw Frantech had already reported it the FBI as per their 
website.

Whoever this is seems to be scraping ASN WHOIS data, the spam got sent to the 
noc@ address that's in whois for my ASN and IP space.
-- 
Sadiq Saif
https://bastetrix.com

Looking for audiovisual resources on Clos topologies

[Sadiq Saif]

Hi all,

I recently read a APNIC blog post about LINE's network redesign [0] into 
a Clos topology. That lead to me RFC7938 [1] which has a fairly minimal 
explanation of the topology design itself.


I was wondering if there are any NANOG or other *NOG talks explaining 
the Clos topology in a more audiovisual format. I figured I ask here 
before I go looking on a search engine.


Thanks in advance.

[0] - 
https://blog.apnic.net/2019/05/03/simplicity-is-key-to-network-redesign-for-line/


[1] - https://tools.ietf.org/html/rfc7938
--
Sadiq Saif
https://sadiqsaif.com

Re: Looking for audiovisual resources on Clos topologies

[Sadiq Saif]

On Fri, 3 May 2019, at 13:32, Hugo Slabbert wrote:
> 
> 
> Some notes from Facebook and Google network architecture 
> evolution/designs 
> Google: http://conferences.sigcomm.org/sigcomm/2015/pdf/papers/p183.pdf
> Facebook: 
> https://code.fb.com/production-engineering/introducing-data-center-fabric-the-next-generation-facebook-data-center-network/
> 
> Some other related presentations:
> 
> Doug Hanks on multi-stage Clos architectures:
> https://www.youtube.com/watch?v=HeTitZdcHB4
> 
> TeamNANOG: Building Scalable Data Centers: BGP is the Better IGP  
> https://www.youtube.com/watch?v=yJbqnOdD3cg
> 
> TeamNANOG: Building a smallish DC...for the rest of us  
> https://www.youtube.com/watch?v=4yL6_tKfIfk
> 
> UKNOFconf: UKNOF32 - Google datacentre networking  
> https://www.youtube.com/watch?v=Thc7Muu9SHc
> 
> 
> -- 
> Hugo Slabbert   | email, xmpp/jabber: h...@slabnet.com
> pgp key: B178313E   | also on Signal

Thank you very much Hugo, I'll give these a look.
-- 
Sadiq Saif
https://sadiqsaif.com

Re: backbones filtering unsanctioned sites

[Sadiq Saif]

On 2017-02-14 08:27, Jared Mauch wrote:
> So risk avoidance on the part of the 100k other sites hosted by CF is now a 
> conspiracy? 
> 
> I'm surprised it took this many years for something like this to happen. 
> Wonder which LE in which country... 
> 
> Either way seems nothing too suspicious is going on here. 
> 
> Jared Mauch


Looks like it was a court order issued recently in Spain.

"Cogent CEO Dave Schaeffer yesterday confirmed to Ars that the company
is complying with a court order issued recently in Spain."

TPB was not actually the target, it was collateral.

"But The Pirate Bay was not the subject of the court order, Schaeffer
also confirmed."

>From -
https://arstechnica.com/tech-policy/2017/02/a-court-order-blocked-pirate-sites-that-werent-supposed-to-be-blocked/

-- 
Sadiq Saif
https://sadiqsaif.ca

Canada and IPv6 (was: Ars Technica on IPv4 exhaustion)

[Sadiq Saif]

On 6/18/2014 14:25, Lee Howard wrote:
> Canada is way behind, just 0.4% deployment.

Any Canadian ISP folk in here want to shine a light on this dearth of
residential IPv6 connectivity?

Is there any progress being made on this front?

-- 
Sadiq Saif

Re: Comcast IPv6 Milestone

[Sadiq Saif]

On 7/24/2014 11:08, Brzozowski, John wrote:
> FYI – please feel free to contact me directly if you have any questions:
> 
> http://corporate.comcast.com/comcast-voices/comcast-reaches-key-milestone-in-launch-of-ipv6-broadband-network
> 
> Thank you,
> 
> John

"we recently crossed 1Tb/s of Internet facing, native IPv6 traffic."
Achievement unlocked. Nice job.

-- 
Sadiq Saif
XMPP - statics...@jabber.org

Re: HE IPv6 tunnel inbound

[Sadiq Saif]

On Thu, Jun 14, 2012 at 12:10 AM, Cameron Byrne  wrote:
> On Jun 13, 2012 8:29 PM, "Grant Ridder"  wrote:
>>
>> Hi,
>>
>> I have a Hurricane Electric v6 tunnel setup on an AWS (amazon web
> services)
>> instance so that i can have ipv6 connectivity.  I can ping and traceroute
>> out of the tunnel fine, but am unable to access the tunnel from outside.
>>  For example, i am unable to traceroute to the tunnel address outside the
>> tunnel address, even with the AWS instance firewall completely open.  I
>> would like to host a website accessible via IPv6, hence the tunnel setup.
>>  Is this possible? if so, what could i be doing wrong?  Or is there a
>> better was to go about this?
>>
>> Thanks,
>> Grant
>
> Sigh.
>
> Or you could take your business to the dozen or so cloud / vps providers
> that support ipv6. ... Softlayer and Arpnetworks come to mind. I have used
> both with a high level of sucess
>
> CB

To add to that list, I highly suggest Linode. Amazing provider with
the best customer service I've seen.

-- 
Sadiq S
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: HE IPv6 tunnel inbound

[Sadiq Saif]

On Thu, Jun 14, 2012 at 12:43 PM, Owen DeLong  wrote:
>
>
> Sent from my iPad
>
> On Jun 14, 2012, at 12:25 PM, Seth Mattinen  wrote:
>
>> On 6/13/12 9:10 PM, Cameron Byrne wrote:
>>> On Jun 13, 2012 8:29 PM, "Grant Ridder"  wrote:

 Hi,

 I have a Hurricane Electric v6 tunnel setup on an AWS (amazon web
>>> services)
 instance so that i can have ipv6 connectivity.  I can ping and traceroute
 out of the tunnel fine, but am unable to access the tunnel from outside.
 For example, i am unable to traceroute to the tunnel address outside the
 tunnel address, even with the AWS instance firewall completely open.  I
 would like to host a website accessible via IPv6, hence the tunnel setup.
 Is this possible? if so, what could i be doing wrong?  Or is there a
 better was to go about this?

 Thanks,
 Grant
>>>
>>> Sigh.
>>>
>>> Or you could take your business to the dozen or so cloud / vps providers
>>> that support ipv6. ... Softlayer and Arpnetworks come to mind. I have used
>>> both with a high level of sucess
>>>
>>
>>
>> VR.org (Host Virtual) as well. I've asked about IPv6 BGP support and
>> while I haven't tried it yet they say that can do that too.
>>
>> ~Seth
>
> VR is fully dual stack support throughout their network and a good bunch of 
> guys.
>
> With LINODE, they're mixed since some of the colos they are in have IPv6 
> (like HE, for example) and some don't. So if you go with LINODE, make sure 
> they know to put you in a location with IPv6. (note this may be out of date 
> and they may have IPv6 everywhere by now, as I know they were working on it)
>
> To the best of my knowledge, both provide excellent services at competitive 
> prices. There's a soft spot in my heart for VR because I have done some work 
> for them and I like the two guys that run it.
>
> Owen
>
>

Linode now has IPv6 in all the DCs they colo in -
http://blog.linode.com/2012/02/28/native-ipv6-now-available-in-all-locations/

-- 
Sadiq S
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: DNS poisoning at Google?

[Sadiq Saif]

Accidentally sent that to Matthew only,

mind sharing the domain name?

On Tue, Jun 26, 2012 at 11:53 PM, Matthew Black  wrote:
> Google Safe Browsing and Firefox have marked our website as containing 
> malware. They claim our home page returns no results, but redirects users to 
> another compromised website couchtarts.com.
>
> We have thoroughly examined our root .htaccess and httpd.conf files and are 
> not redirecting to the problem target site. No recent changes either.
>
> We ran some NSLOOKUPs against various public DNS servers and intermittently 
> get results that are NOT our servers.
>
> We believe the DNS servers used by Google's crawler have been poisoned.
>
> Can anyone shed some light on this?
>
> matthew black
> information technology services
> california state university, long beach
> www.csulb.edu
>



-- 
Sadiq S
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: DNS poisoning at Google?

[Sadiq Saif]

DNS seems to check out from here. Tested against Google DNS, OpenDNS
and Linode's DNS servers.

According to Google:
"Malicious software is hosted on 1 domain(s), including couchtarts.com/."

Normally, I would say this happens due to malicious ads loaded but
this does not seem to be a site that will contain ads. :)

On Wed, Jun 27, 2012 at 12:12 AM, Ishmael Rufus  wrote:
> I am also getting the same issue when accessing his website.
>
> On Tue, Jun 26, 2012 at 11:07 PM, Landon Stewart wrote:
>
>> Is it possible that some malicious software is listening and injecting a
>> redirect on the wire?  We've seen this before with a Windows machine being
>> infected.
>>
>> On 26 June 2012 20:53, Matthew Black  wrote:
>>
>> > Google Safe Browsing and Firefox have marked our website as containing
>> > malware. They claim our home page returns no results, but redirects users
>> > to another compromised website couchtarts.com.
>> >
>> > We have thoroughly examined our root .htaccess and httpd.conf files and
>> > are not redirecting to the problem target site. No recent changes either.
>> >
>> > We ran some NSLOOKUPs against various public DNS servers and
>> > intermittently get results that are NOT our servers.
>> >
>> > We believe the DNS servers used by Google's crawler have been poisoned.
>> >
>> > Can anyone shed some light on this?
>> >
>> > matthew black
>> > information technology services
>> > california state university, long beach
>> > www.csulb.edu
>> >
>> >
>>
>>
>> --
>> Landon Stewart 
>> Sr. Administrator
>> Systems Engineering
>> Superb Internet Corp - 888-354-6128 x 4199
>> Web hosting and more "Ahead of the Rest": http://www.superbhosting.net
>>



-- 
Sadiq S
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: DNS poisoning at Google?

[Sadiq Saif]

couchtarts.com seems to be hosted on a IP belonging to AS32244 (Liquid Web).

On Wed, Jun 27, 2012 at 12:28 AM, Matthew Black  wrote:
> Running Apache on three Solaris servers behind a load balancer.
>
> I forgot how to lookup our AS number to see if it matches couchtarts.
>
> matthew black
> information technology services
> california state university, long beach
>
>
> -Original Message-
> From: David Hubbard [mailto:dhubb...@dino.hostasaurus.com]
> Sent: Tuesday, June 26, 2012 9:14 PM
> To: nanog@nanog.org
> Subject: RE: DNS poisoning at Google?
>
> Typically if google were pulling your site sometimes from the wrong IP, their 
> safe browsing page should indicate it being on another AS number in addition 
> to the correct one 2152:
>
> http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http
> ://www.csulb.edu
>
> For example, the couchtarts site they claim yours is redirecting to:
>
> http://safebrowsing.clients.google.com/safebrowsing/diagnostic?site=http
> ://www.couchtarts.com
>
> That site's DNS is screwed up and some requests are sent to a different IP at 
> a different host, so Google picked up both AS numbers.
>
> Could one of your domain's subdomains be what is actually infected?  You seem 
> to have a bunch of them, maybe google is penalizing the whole domain over a 
> subdomain?  Not sure if they do that or not.
>
> If your sites are running off of an application like wordpress, etc., you may 
> not get the same page that google gets and the application may have been 
> hacked.
> Here's a wget command you can use to make requests to your site pretending to 
> be google:
>
> wget -c \
> --user-agent="Mozilla/5.0 (compatible; Googlebot/2.1;
> +http://www.google.com/bot.html)" \
> --output-document=googlebot.html 'http://www.csulb.edu'
>
> nanog will probably line wrap that user agent line making it not correct so 
> you'll have to put it back together correctly.  It will save the output to a 
> file named googlebot.html you can look at to see if anything weird ends up 
> being served.
>
> David
>
>
>> -Original Message-
>> From: Matthew Black [mailto:matthew.bl...@csulb.edu]
>> Sent: Tuesday, June 26, 2012 11:53 PM
>> To: nanog@nanog.org
>> Subject: DNS poisoning at Google?
>>
>> Google Safe Browsing and Firefox have marked our website as containing
>> malware. They claim our home page returns no results, but redirects
>> users to another compromised website couchtarts.com.
>>
>> We have thoroughly examined our root .htaccess and httpd.conf files
>> and are not redirecting to the problem target site. No recent changes
>> either.
>>
>> We ran some NSLOOKUPs against various public DNS servers and
>> intermittently get results that are NOT our servers.
>>
>> We believe the DNS servers used by Google's crawler have been
>> poisoned.
>>
>> Can anyone shed some light on this?
>>
>> matthew black
>> information technology services
>> california state university, long beach
>> www.csulb.edu
>>
>>
>>
>
>
>
>



-- 
Sadiq S
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: Comcast's IPv6 Information Site Unreachable

[Sadiq Saif]

Website is reachable here via my HE tunnel. Pings are not going
through though as you showed.

On Sun, Jul 1, 2012 at 7:28 PM, Derek Ivey  wrote:
> Anyone else having trouble getting to Comcast's IPv6 Information site? It
> appears to be unreachable over IPv6.
>
> [root@server ~]# ping6 comcast6.net
> PING comcast6.net(speedlab-app05.newcastlerdc.de.panjde.comcast.net) 56 data
> bytes
> From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=0 Destination
> unreachable: Administratively prohibited
> From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=1 Destination
> unreachable: Administratively prohibited
> From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=2 Destination
> unreachable: Administratively prohibited
> From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=3 Destination
> unreachable: Administratively prohibited
> From te-4-1-ur01.newcastlerdc.de.panjde.comcast.net icmp_seq=4 Destination
> unreachable: Administratively prohibited
> ^C
> --- comcast6.net ping statistics ---
> 5 packets transmitted, 0 received, +5 errors, 100% packet loss, time 4008ms
>
> [root@server ~]# traceroute6 comcast6.net
> traceroute to comcast6.net (2001:558:fe16:7:69:252:216:215), 30 hops max, 40
> byte packets
>  1  pfsense.d3r3k.net (2001:470:8:d15::1)  0.278 ms  0.282 ms  0.317 ms
>  2  2001:470:7:d15::1 (2001:470:7:d15::1)  20.794 ms  24.746 ms 28.569 ms
>  3  gige-g4-12.core1.ash1.he.net (2001:470:0:90::1)  28.946 ms 29.124 ms
> 29.144 ms
>  4  as6453.gige-g3-16.core1.ash1.he.net (2001:470:0:191::2)  28.917 ms
> 28.936 ms  28.097 ms
>  5  if-ae2.2.tcore2.AEQ-Ashburn.ipv6.as6453.net (2001:5a0:600:500::1)
> 28.059 ms  31.771 ms  57.135 ms
>  6  2001:5a0:600:500::72 (2001:5a0:600:500::72)  28.959 ms 2001:559::31d
> (2001:559::31d)  29.041 ms  29.060 ms
>  7  pos-3-11-0-0-cr01.ashburn.va.ibone.comcast.net (2001:558:0:f5a4::1)
> 32.553 ms  19.810 ms  16.526 ms
>  8  2001:558:0:f669::2 (2001:558:0:f669::2)  39.019 ms  37.954 ms 36.368 ms
>  9  2001:558:0:f57f::1 (2001:558:0:f57f::1)  67.134 ms  67.151 ms 67.166 ms
> 10  pos-2-7-0-0-cr01.denver.co.ibone.comcast.net (2001:558:0:f54d::1)
> 81.571 ms  81.507 ms  81.569 ms
> 11  2001:558:0:f744::2 (2001:558:0:f744::2)  80.633 ms  80.760 ms 79.825 ms
> 12  2001:558:d0:33::1 (2001:558:d0:33::1)  104.686 ms  105.060 ms 105.040 ms
> 13  te-3-1-ur03.cmc.co.ndcwest.comcast.net (2001:558:d0:5::1) 104.335 ms
> 103.962 ms  104.068 ms
> 14  te-3-1-ur03.cmc.co.ndcwest.comcast.net (2001:558:d0:5::1) 104.492 ms !X
> 104.597 ms !X  104.999 ms !X
>
> Thanks,
> Derek
>



-- 
Sadiq S
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: You thought you had... wiring issues!!!

[Sadiq Saif]

For the opposite check - http://www.reddit.com/r/cableporn (completely
SFW of course ;))

On Tue, Jul 31, 2012 at 5:04 PM, Network IPdog  wrote:
> Mates.
>
>
>
> WiringIssues.jpg
>
>
>
>
>
> Ephesians 4:32  &  Cheers!!!
>
>
>
> A password is like a... toothbrush  ;^)
>
> Choose a good one, change it regularly and don't share it.
>
>
>



-- 
Sadiq S
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: Wanted: Asia bandwidth test files

[Sadiq Saif]

Linode hosts one to test their Tokyo location -
http://speedtest.tokyo.linode.com/100MB-tokyo.bin

Source - http://www.linode.com/speedtest/

On Thu, Aug 2, 2012 at 1:59 PM, Micah Anderson  wrote:
>
> Hi,
>
> I'm sitting on what is advertised as a 100mbit/sec connection in
> Cambodia. I have been trying to verify that, because I do not believe it
> is valid.
>
> I did iperf tests from a number of network locations, and at one point I
> did get 71mbit/sec (most of the results were around 20-25mbit/sec or
> less). But I dont think 30 second iperf tests are particularly revealing
> when the bandwith rate might change drastically over the day. I
> considered doing a 3 day iperf test, but somehow this seems not how the
> tool was designed.
>
> Someone suggested I find test files from various Asian locations to
> download via wget. I found a bunch of 100mb test files for various
> providers in N. America and Europe on webhostingtalk, which were
> interesting, but I never got more than around 5mbit/sec with them.
>
> Does anyone have any machines in Japan, S. Korea, or other asian
> locations with good bandwidth. where they can host a 100mbit file so I
> can attempt to download it to test this?
>
> Other suggestions for reliable tests would also be welcome! Please, dont
> suggest some flash garbage :)
>
> thanks!
> micah
>
> --
>
>



-- 
Sadiq S
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: APIs for domain registration and management

[Sadiq Saif]

On Wed, Sep 12, 2012 at 8:18 PM, Miles Fidelman
 wrote:
> Hi Folks,
>
> I expect folks on NANOG would know:  Are there any domain registrars who
> provide APIs for managing domains and/or DNS records?  It's kind of a pain
> managing large numbers of domains via klunky web interfaces.  It sure would
> be nice to tie registry accounts into equipment inventory management
> systems.
>
> Thanks,
>
> Miles Fidelman
>
> --
> In theory, there is no difference between theory and practice.
> In practice, there is.    Yogi Berra
>
>

Hexonet (http://hexonet.net) has quite an extensive API as far as I
can tell from their API manuals page available via the control panel.
I have personally not used it but have great praises about it from
other people.

-- 
Sadiq S
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: IPv4 address length technical design

[Sadiq Saif]

On Wed, Oct 3, 2012 at 12:13 PM, Chris Campbell  wrote:
> Is anyone aware of any historical documentation relating to the choice of 32 
> bits for an IPv4 address?
>
> Cheers.

I believe the relevant RFC is RFC 791 - https://tools.ietf.org/html/rfc791

-- 
Sadiq S
O< ascii ribbon campaign - stop html mail - www.asciiribbon.org

Re: How our young colleagues are being educated....

[Sadiq Saif]

On 12/22/2014 11:11, valdis.kletni...@vt.edu wrote:
> Did the standard packaged Cisco curriculum finally drop mention of
> "Class A/B/C" and go CIDR?

For the most part yes. They still reference it for historical purposes
but otherwise it is all VLSM/CIDR.

-- 
Sadiq Saif

Re: merry xmas

[Sadiq Saif]

On 12/24/2014 14:40, Theodore Baschak wrote:
> For anyone who wishes to implement a Holiday Message for us IPv6 folks,
> Job Snijders has this code online:
> https://github.com/job/ipv6-traceroute-faker
> 
> Just needs Linux, Python, and a /64 routed to it.
> 

Been trying to get this running but I get this error:
TypeError: do_callback() takes exactly 1 argument (2 given)

Not sure where it is getting the second argument. Any ideas?

-- 
Sadiq Saif
https://staticsafe.ca

Re: merry xmas

[Sadiq Saif]

On 12/24/2014 20:01, Sadiq Saif wrote:
> Been trying to get this running but I get this error:
> TypeError: do_callback() takes exactly 1 argument (2 given)
> 
> Not sure where it is getting the second argument. Any ideas?
> 

To clarify, I am running Python 2.7.6 (default, Mar 22 2014, 22:59:56)
on Ubuntu 14.04.

-- 
Sadiq Saif
https://staticsafe.ca

Re: merry xmas

[Sadiq Saif]

On 12/24/2014 13:27, Ken Chase wrote:
> (mtr|lft|traceroute) xmas.futile.net
> 
> /kc
> --
> Ken Chase - Toronto Canada
> 

Here is the IPv6 version:
mtr xmas.asininetech.org

Thanks to all the people who helped with the bit of python debugging.
:)

-- 
Sadiq Saif
https://staticsafe.ca

Re: merry xmas

[Sadiq Saif]

On 12/24/2014 20:52, Sadiq Saif wrote:
> 
> Here is the IPv6 version:
> mtr xmas.asininetech.org
> 
> Thanks to all the people who helped with the bit of python debugging.
> :)
> 

For those using traceroute6, try with the -I flag.

-- 
Sadiq Saif
https://staticsafe.ca

Re: merry xmas

[Sadiq Saif]

On 12/28/2014 15:20, Matthew Petach wrote:
> 
> What is this supposed -l flag?  Linux traceroute6
> doesn't seem to have a -l flag:
> 


It seems your version of traceroute6 is too old for the -I option.

It is present in the version in Debian Wheezy.
 traceroute6 -V
Modern traceroute for Linux, version 2.0.18, Jun 30 2012

The little Python script also ran out of memory it seems and was killed
by the OS, which is why the traceroute fails otherwise.

OSError: [Errno 12] Cannot allocate memory
Processing at most 50 events
Killed



-- 
Sadiq Saif
https://staticsafe.ca

Re: whois server features

[Sadiq Saif]

On 1/8/2015 09:02, shawn wilson wrote:
> Awesome thanks. That answers half of my original question (though this
> route was much more insightful than I thought). I can run with that (php
> isn't my language but the etl is pretty clear).
> 

There is a Python module if that is more your thing:
https://pypi.python.org/pypi/pythonwhois

-- 
Sadiq Saif
https://staticsafe.ca

Re: shy north american roas

[Sadiq Saif]

On 2/6/2016 21:14, Randy Bush wrote:
> question from a lazy person for a research project.  in the arin rpki
> instance, is it easy to withdraw a roa?
> 
> randy
> 
Yes, it is one button titled "Remove ROA" under Organization Data ->
Manage RPKI.

Additionally:
ROA removals may take up to 12 hours to be reflected in ARIN's RPKI
repository.

-- 
Sadiq Saif (AS393949)
https://staticsafe.ca

Fwd: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability

[Sadiq Saif]

Update your ASAs folks, this is a critical one.


 Forwarded Message 
Subject: [c-nsp] Cisco Security Advisory: Cisco ASA Software IKEv1 and
IKEv2 Buffer Overflow Vulnerability
Date: Wed, 10 Feb 2016 08:06:51 -0800
From: Cisco Systems Product Security Incident Response Team

Reply-To: ps...@cisco.com
To: cisco-...@puck.nether.net
CC: ps...@cisco.com

Cisco Security Advisory: Cisco ASA Software IKEv1 and IKEv2 Buffer
Overflow Vulnerability

Advisory ID: cisco-sa-20160210-asa-ike

Revision 1.0

For Public Release 2016 February 10 16:00  GMT (UTC)

+-


Summary
===

A vulnerability in the Internet Key Exchange (IKE) version 1 (v1) and
IKE version 2 (v2) code of Cisco ASA Software could allow an
unauthenticated, remote attacker to cause a reload of the affected
system or to remotely execute code.

The vulnerability is due to a buffer overflow in the affected code area.
An attacker could exploit this vulnerability by sending crafted UDP
packets to the affected system. An exploit could allow the attacker to
execute arbitrary code and obtain full control of the system or to cause
a reload of the affected system.

Note: Only traffic directed to the affected system can be used to
exploit this vulnerability. This vulnerability affects systems
configured in routed firewall mode only and in single or multiple
context mode. This vulnerability can be triggered by IPv4 and IPv6 traffic.

Cisco has released software updates that address this vulnerability.
This advisory is available at the following link:
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20160210-asa-ike



___
cisco-nsp mailing list  cisco-...@puck.nether.net
https://puck.nether.net/mailman/listinfo/cisco-nsp
archive at http://puck.nether.net/pipermail/cisco-nsp/

RFC 7511 - Scenic Routing for IPv6

[Sadiq Saif]

Informational of course. :)
https://tools.ietf.org/html/rfc7511

-- 
Sadiq Saif
https://staticsafe.ca

NANOG 64 recordings

[Sadiq Saif]

Hi all,

For those that missed them:
https://www.youtube.com/playlist?list=PLO8DR5ZGla8ju3ftZv_S6L12jBkZKEJVZ

-- 
Sadiq Saif (AS393949)
https://staticsafe.ca

VPS + BGP session

[Sadiq Saif]

Hi,

I am looking for providers that can provide me a VPS with a BGP session
so I can announce my PI IP space (v4 + v6). I have looked at other
threads on NANOG regarding this and already have sessions up with ARP
Networks, Mythic Beasts, and Knightswarm. Host Virtual is unfortunately
out of my budget.

I am looking for providers in the east coast USA and Asia Pacific
regions at this time.

Any pointers are appreciated!

-- 
Sadiq Saif (AS393949)
https://staticsafe.ca

Re: BGP Update Report

[Sadiq Saif]

On 7/25/2015 08:26, Max Tulyev wrote:
> Unassigned ASN is used and even is in top of the list? WTF?!
> 
> On 25.07.15 01:00, cidr-rep...@potaroo.net wrote:
> 
>> Rank ASNUpds %  Upds/PfxAS-Name
>>  2 - AS22059  140461  3.6%   70230.5 -- -Reserved AS-,ZZ
> 

It appears it only recently became unassigned.

The BGP update report from June 5 has the AS-Name:
3 - AS22059  118918  2.0%   16988.3 -- APVIO-1 - Apvio, Inc.,US

So it became unassigned somewhere between June 5 and June 12

stats.ripe.net shows this AS has had large amounts of BGP update
activity for the last 90 days.

https://stat.ripe.net/AS22059#routing_routing-status.min_peers_seeing=0&routing_routing-status.resource=AS22059&tabId=routing

-- 
Sadiq Saif (AS393949)
https://staticsafe.ca

Re: Windows 10 Release

[Sadiq Saif]

On 7/28/2015 16:45, Nick Olsen wrote:
> Anyone anxious to see what kind of traffic comes from Windows 10 releasing 
> tomorrow?
>   
>  Being a 3-4GB download. Each device is moving more data than any Apple 
> update ever did.
>   
>  Wonder if they'll stage the release as apple appeared to have learned 
> after IOS7 hammered a bunch of networks. 
>   
>  Nick Olsen
> Network Operations  (855) FLSPEED  x106
> 
> 

A friend and I noticed that Microsoft has pre-loaded the upgrade data
onto machines that have confirmed/"reserved" the upgrade *today*.

C:\$Windows.~BT is the directory, hidden folder.

-- 
Sadiq Saif (AS393949)
https://staticsafe.ca