Re: Satellite latency

New 12.2(8)T feature in Cisco IOS called TCP Windows Scaling: http://www.cisco.com/univercd/cc/td/doc/product/software/ios122/122newft/122t/122t8/tcpwslfn.htm Specifically made for satellite networks: ip tcp window-size 75 -Hank >On Wed, Feb 27, 2002 at 11:01:04PM -0500, Mark Allman wrote:

RE: Exodus/C&W Depeering

At 11:49 AM 26-03-02 -0800, Sean M. Doran wrote: >the Invisible Hand said you should talk to the face instead. Go figure. > >A monk I met on the street, however, said: "Even stupid companies can make >smart decisions sometimes, the trouble is that you can only tell in hindsight >whether the cho

Re: Exodus/C&W Depeering

At 10:18 AM 26-03-02 -0800, Bill Woodcock wrote: > On Tue, 26 Mar 2002, Stephen J. Wilcox wrote: > > You mean Exodus are well connected and C&W limit themselves which gives > > longer paths and increased latency. > >Longer paths definitely, increased jitter probably, increased late

Re: genuity - any good?

> >> I've gotten attractive pricing from Genuity but I haven't used them > >> in a couple years.Is there any reason I wouldn't want to use them > >> as a third upstream OC3 provider? Been using them since 1999 when we (AS378) bought transit at AADS via Nap.net->GTEI->BBN->Genuity. Over the co

Re: Google doing regional preferencing on results?

Probably due to their technology: http://www.google.com/technology/pigeonrank.html -Hank >Google appears to have the capability to georeference their index by country >and possibly with even finer geographic granularity. > >I noticed that they are now redirecting users to country specific vers

Re: Effective ways to deal with DDoS attacks?

At 01:49 AM 02-05-02 +0100, Avleen Vig wrote: >As time goes by, tools are being developed (in fact they're used now) that >completely randomize the TCP or UDP ports attacked, or use a variety of >icmp types in the attack. >So cuurrently the only way you can 'block' such attacks is to block all >

Re: Effective ways to deal with DDoS attacks?

At 09:58 PM 01-05-02 -0400, Wojtek Zlobicki wrote: The ultimate goal of the DDOS attack is to take a specific user/site down. Blackholing is a way to help the attacker along. If the user is a small site, we say "screw it" and do the null0 in order to save the ISP backbone links. If the use

Re: Effective ways to deal with DDoS attacks?

At 04:16 AM 02-05-02 +, Christopher L. Morrow wrote: >What we use and we're a 'largeish' network: > >http://www.secsup.org/Tracking/ >(shameless plug #1) > >Among other things this is a tool we use... there was a great set of >slides and presentation given at NANOG23: > >http://www.nanog.org

Re: Effective ways to deal with DDoS attacks?

At 12:23 PM 02-05-02 -0400, Richard A Steenbergen wrote: >Thats what the IP2 does, match bytes in the headers and come back with a >thumbs down or a thumbs up and a destination interface. It's really not >that much harder to match the bytes for a dest port against a compiled >ruleset and decide

Re: anybody else been spammed by "no-ip.com" yet?

At 08:21 PM 03-05-02 -0700, Paul Vixie wrote: > 456 05/03 "Big Brother" Protect your family on the Internet<< 457 05/03 "Big Brother" Protect your family on the Internet<< 458 05/03 "Big Brother" Protect your family on the Internet<< 459 05/03 "Big Brother" Protect your fa

Re: IP renumbering timeframe

get /24s is around 5000, perhaps lower. > > Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras > PGP Key ID: 0x138EA177(67 29 D7 BC E8 18 3E DAB2 46 B3 D8 14 36 FE B6) > Hank Nussbacher

Re: BGP Tutorial update...

At 07:42 AM 10-06-02 +1000, Philip Smith wrote: Phil, If you want a nice example of well documented community values via whois try Level-3: whois -h whois.radb.net as3356 Everyone should take an example from them. -Hank >Hi, > >An update on the AS3257 community slide I included at the end

Re: How many protocols...

At 09:33 AM 12-06-02 -0700, todd glassey wrote: >Hey there I am writing a paper for slamming ICANN a little more - how many >protocols are you folks actually routing today? 10, 20, and what are they? >Is there a standard list of protocols that all carriers support? > >Todd Don't feed the trolls

Korean Ministry unveils anti-spam guideline

For those suffering from spam: http://www.koreaherald.com/SITE/data/html_dir/2002/06/20/200206200013.asp Just FYI - not to open a discussion. -Hank

RE: Testing Bandwidth performance

At 02:15 PM 26-06-02 +0200, Daniska Tomas wrote: >ttcp is even included in ios > >try this hidden command: But documented: http://www.cisco.com/warp/public/471/ttcp.html -Hank >gw#ttcp >transmit or receive [receive]: > > >enjoy :) > >-- > >Tomas Daniska >systems engineer >Tronet Computer Net

Re: wcom overbilling

At 04:50 PM 06-07-02 +0100, Stephen J. Wilcox wrote: >.. which is why I think people (especially US altho it seems to be coming more >the normal in other markets) use EBITDA as it smooths out the bumps even >tho the >bumps are still there! > >The other nice thing in the telecoms world about EBI

Re: AS number inconsistencies

At 02:10 PM 09-07-02 +1000, Philip Smith wrote: >And there are only two ASes which appear, and are not registered anywhere >- one is intermittent, the other, AS5757, has been there since I started >this over 3 years ago. So what does UUnet have to say? * 207.19.224.0 152.158.76.66

RE: AS286 effectively no more..

At 10:27 AM 25-07-02 +0200, Mikael Abrahamsson wrote: >On Thu, 25 Jul 2002, Kurt Erik Lindqvist wrote: > > > Unless someone buys the equipment and agrees to theke the IRU:s on - they > > are worthless. > >You can make fiber IRUs stick even if the company who bought the fiber >goes belly up. > >I

Re: Identifying DoS sources quickly (was: Bogon list or Dshield.orgtype list)

On Tue, 30 Jul 2002 [EMAIL PROTECTED] wrote: > That's the obvious solution to the problem if the problem is how to track > down the source(s) of a DoS attack. However, in any DoS attack, there is > always a victim and one or more devices sendingattack traffic to the > victim. The owners of the a

Re: Routing Protocol Security

At 07:43 PM 13-08-02 -0400, batz wrote: >On Mon, 12 Aug 2002 [EMAIL PROTECTED] wrote: > >:Of the problems folks have run into, are they more often the result of a >:legitimate speaker being compromised & playing with advertisements >:somehow (and getting through filters that may or may not be pr

Re: OMB: IPv6 by June 2008

At 12:24 PM 11-07-05 -0400, Rich Emmings wrote: According to IANA, (http://www.iana.org/assignments/ipv4-address-space) MIT & MERIT are the two .edu /8 holders on the list. Stanford turned their /8 in a while ago. And I'm still holding my breathe to see when a commercial company returns th

Re: OMB: IPv6 by June 2008

At 11:52 PM 11-07-05 -0700, william(at)elan.net wrote: On Tue, 12 Jul 2005 [EMAIL PROTECTED] wrote: On Tue, Jul 12, 2005 at 08:41:04AM +0300, Hank Nussbacher wrote: At 12:24 PM 11-07-05 -0400, Rich Emmings wrote: According to IANA, (http://www.iana.org/assignments/ipv4-address-space

RE: Cisco IOS Exploit Cover Up

At 12:22 AM 28-07-05 -0400, Hannigan, Martin wrote: > ..and of course: > > "Cisco Denies Router Vulnerability Claims" > > [snip] Of course. That's how a broken vuln system works. :-) The major flaw is that the vendor decides who gets to know about a vulnerability. Or 3com: http://www.netw

Re: as numbers

On Fri, 29 Jul 2005, Randy Bush wrote: Geoff, "Of the 32,557 assigned AS numbers, some 19,859 are advertised, while 12,698 have been allocated in the past, but are not currently advertised in the BGP routing table." I would have liked to see how well the RIRs are at recovering unused ASNs, if a

Re: as numbers

On Sat, 30 Jul 2005, Daniel Karrenberg wrote: > The RIPE NCC has hit strong resistance to reclamation, most often with > the argument that the ASes are used in inter-domain routing on the > Internet but our BGP data collectors just do not see the paths > concerned. It takes considerable effort t

RE: drone armies C&C report - July/2005

At 05:05 PM 15-08-05 -0400, Hannigan, Martin wrote: It was noted that IL CERT does a fantastic job seeing that there are no IL networks listed. Or none that are easily identifiable. It is not IL-CERT but rather peer pressure on an internal Israeli ISP mailing list. Incidentally, there are 2

Re: Semi-on-topic: Light that travels faster than the speed of light?

On Sat, 20 Aug 2005, Fergie (Paul Ferguson) wrote: I doubt they are exceeding the speed of light. Propogation delay inside fiber is about 2/3 the speed of light so perhaps they have succeeded to increase the speed to 3/4? :-) -Hank > > Man, I knew I should've gotten in on the ground floor in >

Re: LA power outage?

At 02:08 AM 14-09-05 +, [EMAIL PROTECTED] wrote: And reported Oct 2004: -Hank threat models for huricanes are different that earthquakes. (or is that one of those "disaster+geography" e

Re: [routing-wg]The Cidr Report

At 10:00 PM 16-09-05 +1000, [EMAIL PROTECTED] wrote: No response: Date: Fri, 16 Sep 2005 16:51:07 +0300 (IDT) From: Hank Nussbacher <[EMAIL PROTECTED]> To: [EMAIL PROTECTED] Subject: Re: [routing-wg]The Cidr Report On Fri, 16 Sep 2005 [EMAIL PROTECTED] wrote: The report is flagging A

RE: [afnog] ARIN to allocate from 74/8 & 75/8

On Thu, 22 Sep 2005, Manish Karir wrote: Thanks! I don't understand something. Quoting from your page: "Based on the above data, we can see that both these prefixes were being (probably incorrectly) announced by AS9802 (CHINA-21VIANET 21vianet(China) Inc.) prior to Aug 30, at which time they wit

Re: Regulatory intervention (Redux: Who is a Tier 1?)

On Thu, 6 Oct 2005, William Allen Simpson wrote: > >> Following up on my own post, according to > >> http://www.ams-ix.net/connected/ > > > > Useful page, isn't it? > > > I wish that all IXs had one. I wish everyones was as complete as LINX's: https://www.linx.net/www_public/our_members/peerin

route-views.routeviews.org down?

I am unable to telnet or ping route-views.routeviews.org. No event listed at http://www.routeviews.org/update.html Is it just me? -Hank

Is Internet security ISPs' problem?

http://insight.zdnet.co.uk/internet/security/0,39020457,39242604,00.htm -Hank

RE: Bogon filtering (don't ban me)

On Fri, 3 Dec 2004, Mark Segal wrote: I do as well, but does this scale? Can Team CYMRU handle 2,000 BGP sessions? 20K? 200K? -Hank > Then you could also just get a connection to team cymru's bogon servers. > Works Perfectly for us. I have been peering with them from our sink > hole/black

Spammers ordered to pay $1 billion

http://www.cnn.com/2004/LAW/12/18/spam.lawsuit.ap/index.html What a nice present for the holiday season :-) -Hank

Re: Botnet pointer

On Mon, 20 Dec 2004, william(at)elan.net wrote: Try as well: http://swatit.org/bots/index.html -Hank > > > Can somebody also share good definition of "BOT" and "BOTNET" for glossary > and description of 2-4 lines? Should I also list it as synonymous with > Zombie (bot being more hacker-oriented

Re: Any net disruptions from Indonesia quake / Tsunami?

At 01:59 AM 27-12-04 -0500, [EMAIL PROTECTED] wrote: This of course only matters if the cable actually crosses the part of the fault line that was in motion. I have no idea if any cables were in that exact area The only cables I know in that area are FLAG and Sea-Me-We-3. See: http://www.alca

Re: IPv6, IPSEC and deep packet inspection

On Fri, 31 Dec 2004, Stephen Sprunk wrote: > Are there any layman-readable presentations or whitepapers out there that > discuss what _new_ threat vectors IPv6 brings? Or how firewall or ACL > tuning might be different? Try the Networkers 2004 IPv6 security session (SEC-A01) from 3 weeks ago. A

Re: panix.com hijacked (VeriSign refuses to help)

On Sun, 16 Jan 2005, Eric Brunner-Williams in Portland Maine wrote: One could almost think this hijack was timed to the release of the ICANN "Requests Public Comments on Experiences with Inter-Registrar Transfer Policy" from Jan 12: http://www.icann.org/announcements/announcement-12jan05.htm -Ha

Re: Association of Trustworthy Roots?

At 09:31 PM 16-01-05 +0100, Elmar K. Bins wrote: By chance - how is the press coverage of this incident? Has anybody read anything in the (online) papers? Unfortunately I haven't been able to follow the newsboards intensely this week-end, but Germany seems very quiet about this. The longest piece:

NYTimes: Purloined Domain Name Is an Unsolved Mystery

http://www.nytimes.com/2005/01/18/technology/18domain.html -Hank

Re: NYTimes: Purloined Domain Name Is an Unsolved Mystery

t want to let marketers have their information and its rude to send links > that dont work anonymously. > > - Original Message ----- > From: "Hank Nussbacher" <[EMAIL PROTECTED]> > To: > Sent: Tuesday, January 18, 2005 9:33 > Subject: NYTimes: Purloined Domai

Re: Regarding registrar LOCK for panix.com

At 12:22 AM 20-01-05 +, Eric Brunner-Williams in Portland Maine wrote: I picked 1990 because Panix is 15 year old. And not to forget that Panix was the 1st victim ever of a SYN attack in Sept 1996: http://www.panix.com/press/synattack.html http://www.panix.com/press/synattack2.html Seems like

RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19

On Thu, 20 Jan 2005, James Laszko wrote: > sort of mechanism. If they're not going to use something like the Cymru > BOGON BGP feed they should build their own and should have configured > their managed routers to query that from the beginning. As more How would this scale for say 200K routers

RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19

script to automatically update their > router. Probably a little advanced for most leaf sites, but for someone > who's responsible for a larger network -- doesn't seem that bad. > > > > James Laszko > Pipeline Communications, Inc. > [EMAIL PROTECTED] > > >

Re: long as path games?

At 10:23 PM 30-01-05 -0500, Jon Lewis wrote: Someone at fido.net having some bgp config issues? Looks like someone probing for a buffer overflow on a world-wide basis. -Hank Jan 30 18:34:51 EST: %BGP-6-ASPATH: Long AS path 6461 3356 6770 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282 8282

Re: The Cidr Report

On Sat, 12 Feb 2005, Philip Smith wrote: > From my own Routing Report (due out in a couple of hours), a quick > glance shows that the vast majority of the increase comes from ASNs > assigned by ARIN (the ASNs from the other three registry regions show > minimal increase in announcements). Duh!

Re: The Cidr Report

On Sat, 12 Feb 2005, Jon Lewis wrote: > I've personally dealt with a customer not too long ago who when we turned > them up was announcing 2 /20s, a /21, a /22, and several /23s and /24s all > deaggregated as /24s. Sprint and Qwest (their other upstreams at the > time) apparently had no problem

Re: The Cidr Report

At 10:27 AM 14-02-05 +1000, Philip Smith wrote: Well said. At NANOG you get the clueful people cuz they at least knew to come. That is a start. But there are hundreds of ISPs out there who don't have a clue. RIPE realized this without having to do a membership poll and rightly so, goes and d

RE: Please Check Filters - BOGON Filtering IP Space 72.14.128.0/19

At 05:27 PM 16-02-05 -0500, Sean Donelan wrote: On Wed, 16 Feb 2005, Kunjal Trivedi wrote: > Due to the feedback we've received on the Autosecure bogon list issue, we've > decided to do the following: > > 1) Provide a fix that removes bogon ACL creation and deployment from the > Autosecure feature

Re: Heads up: Long AS-sets announced in the next few days

At 02:49 AM 02-03-05 +0100, Daniel Roesen wrote: On Wed, Mar 02, 2005 at 01:27:31AM +, James A. T. Rice wrote: > What exactly are you attempting to do here? Those announcements will get > dropped on the floor at least in this AS right away: > > route-map peers-in deny 5 > match as-path 109 AS-

Re: High volume WHOIS queries

At 06:00 PM 01-03-05 -0500, Larry J. Blunk wrote: > ftp://ftp.arin.net/info/asn.txt > > Lists AS number, the whois AS name, and POC handle for each AS. > > Jeff > If you are also interested in AS info outside the ARIN region, the following file may be of interest -- http://bgp.potaroo.net/as1

Re: How to identify interconnection relationship between AS?

At 05:43 PM 08-03-05 +0800, Joe Shen wrote: Hi, I'm trying to identify how an AS is interconnected with other ASes. For example, I can access our border router which has BGP run, and I want to know how another AS ( e.g. 1234 ) is connected to internetwork ( e.g. as1234 interconnects with as1235,

Is everyone ready for April 12?

http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2aumng.mspx Should be a very interesting period of April 12-15 :-) -Hank

Re: Spam (un)blocking

At 06:43 PM 06-04-05 -0400, Daniel Senie wrote: Since the uptake on IRT has been slow, and after much internal discussion, RIPE has decided to add an "abuse-mailbox" attribute. For further details see: https://www.ripe.net/ripe/maillists/archives/db-wg/2005/msg00015.html -Hank At 06:10 PM 4/6/2

Re: AS prepending

On Fri, 8 Apr 2005, Patrick W Gilmore wrote: > > On Apr 8, 2005, at 10:28 AM, Philip Lavine wrote: > > > I am using AS prepending to favor one ISP over > > another, in a BGP multihomed/multiISP scenario. Why > > does the ISP receiving the prepends fail to add my > > network into their routing tabl

Re: clued/interested LEO list

At 02:12 PM 10-04-05 -0700, william(at)elan.net wrote: What is different about this then your current botnet tracking lists? If its anti-spam & anti-phishing, there are several closed mail lists discussing preventetive measures and tracking down those responsible for abuse. Yes, us geeks have many

Re: New IANA IPv4 allocation to AfriNIC (41/8)

At 11:26 AM 13-04-05 -1000, Scott Weeks wrote: If based on statistics (from 2004), then I think we should block California, New York, Texas and Florida: http://www.fraud.org/2004-internet%20scams.pdf Those 4 together exceed all foreign countries for fraud origination. :-) -Hank To those suggesti

Re: Paul Wilson and Geoff Huston of APNIC on IP address allocation ITU v/s ICANN etc

At 07:41 AM 20-04-05 +0530, Suresh Ramasubramanian wrote: http://www.circleid.com/article/1045_0_1_0_C/ That's a must read article, I'd say. Thank you Paul & Geoff! The WGIG and ITU have lost all sembelence of reason in their proposals and I have stopped reading them, which might be a mistake.

Re: Port 25 - Blacklash

On Tue, 26 Apr 2005, Adam Jacob Muller wrote: Doesn't seem to be stemming the tide of emails from Comcast though: -Hank > For example, about 2 months ago, comcast decided to block outgoing > port 25 from my entire n

Re: Acceptable DSL Speeds (ms based)

Luke Parrish <[EMAIL PROTECTED]> wrote: > Does anyone have a good resource for acceptable speeds for home DSL > customers? Try: http://www.dslreports.com/archive?all=1 to see how you compare with others in your ISP or area (you can search by zip code). Regards, Hank

Re: Google DNS problems?!?

At 02:18 AM 08-05-05 +, Fergie (Paul Ferguson) wrote: Does anyone else think that its a bit odd that if it were simply "DNS problems" that a redirect for www.google.com would end up at a location which provided this: http://img179.echo.cx/img179/7959/googlehacked7to.jpg [or] http://img241.ec

Re: anycast and ddos

At 01:38 AM 07-05-05 +, Christopher L. Morrow wrote: I scanned my Telescope report of 3,382 spoofed DDOS attacks last week (May 1-7) and could not find any listed for 216.168.229.0/24, worldnic.com, netsol.com or AS6245. -Hank worldnic.com. 86400 IN NS ns1.netsol.com.

Re: anycast and ddos

On Sun, 8 May 2005, Rodney Joffe wrote: I will check whether our telescope is missing tcp/53 pkts. -Hank > > > > >> At 01:38 AM 07-05-05 +, Christopher L. Morrow wrote: > > > > I scanned my Telescope report of 3,382 spoofed DDOS attacks last week (May > > 1-7) and could not find any listed

Re: Blocking port udp/tcp 1433/1434

On Wed, 11 May 2005, Jeff Kell wrote: > The SANS ISC currently gives an "Internet Survival Time" of 24 minutes > for an unpatched windows box. I would give an unpatched Windows server > with an old copy of MSSQL a considerably shorter lifespan :-) See: http://www.bbcworld.com/content/clickonlin

Re: IP->Country Data (RE: ISP's Contact List)

On Mon, 13 Jun 2005, william(at)elan.net wrote: I suspect your completewhois does not take into account ERX data: http://www.ripe.net/projects/erx/ Huge swaths of IP space were moved around between RIRs from Jan 2003-Apr 2005: http://www.ripe.net/projects/erx/erx-ip/completed.html If you want sp

RE: ISP's Contact List

At 10:18 AM 13-06-05 -0400, Sanfilippo, Ted wrote: Suresh, Broken. My IP, which has been allocated to Israel for about 15 years shows up as in China and no whois site is *that* broken. -Hank Sorry I meant GEOBYTES --- http://www.geobytes.com/IpLocator.htm When I enter m

Re: The Cidr Report

I was hoping the report would be cleaned up by now but it hasn't so sorry for the multiple list post. The Bogon section is IMHO, broken. Taking just the 1st line as an example: Prefix Origin AS AS Description Unallocated block 3.0.0.0/8 AS80 GE-CRD - General Electric Company 0.0.0.0 - 3.0.

Re: More long AS-sets announced

On Mon, 20 Jun 2005, Lorenzo Colitti wrote: > Hi, > > due to unforeseen technical difficulties, we have been forced to > postpone these experiments. We plan to make the announcements at the > same times on Monday 20 June. > > The prefixes will be the same (84.205.73.0/24 and 84.205.89.0/24) and >

Re: VoIP-in-a-can: Sysco IP Phone Model TC-04 by BubbaTel

At 03:08 PM 29-06-05 +, Fergie (Paul Ferguson) wrote: Sorry. Couldn't resist a little humor. :-) http://www.boingboing.net/2005/06/28/voipinacan_sysco_ip_.html Now all they need to do is use the WiFi Speed Spray: http://www.j-walk.com/other/wifispray/index.htm I'm sure some clever star

Re: ASN registry?

At 10:45 AM 20-08-02 +1000, Philip Smith wrote: ARIN is in the midst of a process to move the pre-existing ASNs to RIPE and APNIC. See: http://www.arin.net/registration/erx/index.html Interesting is that AS1221 is not listed on that page. -Hank >Ralph, > >ARIN only handles the ASNs for No

How do you stop outgoing spam?

Please try to keep this discussion technical and not diverge to opinions. I am not looking for opinions or religion. I am trying to find automated tools/systems/boxes that will stop spam from going *out* from an ISP. The ISP has no servers and allocates IP address space to downstream custo

Re: How do you stop outgoing spam?

On Mon, 9 Sep 2002, Iljitsch van Beijnum wrote: Looking for automatic off-the-shelf solution. Not something that requires a NOC to constantly update a Cisco ACL. -Hank > On Mon, 9 Sep 2002, Hank Nussbacher wrote: > > > The spamming is usually done (but not only) from an Interne

National Moment of Silence

Is anyone planning on measuring backbone loads during the National Moment of Silence at 8:46 a.m. Eastern Standard Time on 9/11? -Hank

Re: Who does source address validation? (was Re: what's that smel l?)

At 10:43 PM 09-10-02 -0700, Steve Francis wrote: >[EMAIL PROTECTED] wrote: >>My personal pet peeve is the opposite - we'll try to use pMTU, some >>provider >>along the way sees fit to run it through a tunnel, so the MTU there is >>1460 >>instead of 1500 - and the chuckleheads number the tunnel e

Re: WP: Attack On Internet Called Largest Ever

On Wed, 23 Oct 2002 [EMAIL PROTECTED] wrote: > Can someone point out to me where the heart of Internet is? > Alex Usually at the Beer&Gear at every NANOG. -Hank

Re: attacking DDOS using BGP communities?

doing this where you redirect the traffic towards an affected host to some "filter box" that would then clean it up. See http://www.bgpexpert.com/antidos.php This is essentially the concept behind Riverhead Networks (www.riverhead.com) - diverting the traffic to a specialized hardwar

Surviving the Fiber-Optic Fire Sale

An interesting read: http://www.wired.com/wired/archive/10.11/fiber_optic.html -Hank

Re: no ip forged-source-address

On Wed, 30 Oct 2002 [EMAIL PROTECTED] wrote: If every router in the world did this I could still use spoofed IP addresses and DDOS someone. My little program could determine what subnet I am on, check what other hosts are alive on the subnet and then when it decides to attack, it would use some

Re: no ip forged-source-address

At 01:36 AM 31-10-02 -0500, [EMAIL PROTECTED] wrote: It's the difference between: A) Going out to your car at the end of a too-long day and finding a broken taillight. B) Going out to your car at the end of a too-long day and finding a broken taillight and a business card under the windshield

Re: High Processor Rates.

At 09:09 AM 06-11-02 -0500, [EMAIL PROTECTED] wrote: When I have something like this, I do: sho proc cpu | excl 0.00 and then hit uparrow+return once a second for about a minute to get a quick snapshot of what process is doing the nasty stuff. -Hank Yes, the sh proc cpu command is how you s

Re: DNS timeline corrections

At 09:54 PM 06-11-02 -0500, Sean Donelan wrote: One that you missed is the date certain ccTLDs were added (for example, first non-US based domain was UK in July 1985). Below is something I had on file from 1999 which was sent by Elisabeth PORTENEUVE <[EMAIL PROTECTED]> to the [EMAIL PROTECTED

Re: PAIX

On Mon, 18 Nov 2002, David Lesher wrote: Depends. They can also be small. I recently was given 1 hour to ship X-rays and composite MRIs for a 2nd opinion. I was told by the radiologist to take the printed pix, get a late model digital camera and hold the pix up a window with no tree or electri

Re: Networking in Africa...

At 05:36 PM 02-12-02 -0500, [EMAIL PROTECTED] wrote: > >> fyi, all countries in africa are ip connected. dunno how big your > >> hands are, but there are over 50 countries in africa. > > > >Pardon me for not counting "allocated" addresses as IP connectivity. > > You're pardoned, but just barely

Re: Networking in Africa...

At 12:22 AM 03-12-02 +0200, fingers wrote: > > i don't know if I've ever actually received 1 of those spam messages from > > a host inside Nigeria > > wow, i seem to get several per day. would you like some, i can setup an exploder > for some of my spam if anyones interested? ;) and they're al

Fwd: Re: Networking in Africa...

> > i don't know if I've ever actually received 1 of those spam messages from > > a host inside Nigeria > > wow, i seem to get several per day. would you like some, i can setup an exploder > for some of my spam if anyones interested? ;) and they're all actually sent/relayed through a host in N

[Article] Core competency - ISP backbones stand up in grueling 30-day performance test

http://www.nwfusion.com/research/2002/1216isptest.html -Hank

Re: AT&T oddities tonight?

At 11:13 PM 06-01-03 -0800, Bulger, Tim wrote: I suggest showing them the results of "sho ip bgp damp damp | incl 7018" from route-views.oregon-ix.net (or even from route-server.ip.att.net). I get close to 800 prefixes as being suppressed (some for up to an hour). More details can be seen vi

Re: Weird networking issue.

At 03:17 PM 07-01-03 -0600, Peter E. Fry wrote: "David G. Andersen" wrote: > > Rule number 1 with any ethernet: Check to make sure you have the duplex > and rate statically configured, and configured identically on both ends of > the connection. [...] I'd like to thank Cisco for this piece o

Re: Is there a line of defense against Distributed Reflective attacks?

At 12:00 AM 17-01-03 -0500, [EMAIL PROTECTED] wrote: nsp-security now has 277 members and gets many of these warnings and alerts. For further details: http://puck.nether.net/mailman/listinfo/nsp-security -Hank We see a *LOT* of postings here "anybody know a clueful at XYZ, we've been DDoS'e

Re: The Cidr Report

agged Lee Howard a couple times to get this transferred over. Perhaps I need to go through a less busy person. Well, here is an email I sent last month that didn't result in a single response - either human or auto-response: Date: Wed, 25 Dec 2002 14:47:06 +0200 To: [EMAIL PROTECTED], [EMAIL

[Article] RIAA: ISPs should pay for music swapping

http://news.com.com/2100-1023-981281.html?tag=fd_top "CANNES, France--A top music industry representative said Saturday that telecommunications companies and Internet service providers will be asked to pay up for giving their customers access to free song-swapping sites." It gets better. Read t

Re: uunet

At 02:26 PM 19-01-03 -0800, Scott Granados wrote: I don't believe Chris sleeps, ever. -Hank Its just unfortunate that some companies not mentioning names feel this is good practice. Others don't feel this way which is a good thing. Just a note, uunet wouldn't take my call when a ddos attach

Re: Level3 routing issues?

At 09:47 AM 28-01-03 -0600, Jack Bates wrote: From: <[EMAIL PROTECTED]> > On the other hand, we also know (from private communications and from > other mailing lists.. ahem) that high rate and high src/dst diversity > of scans causes some network devices to fail (devices that cache flows, or >

Re: scripts to map IP to AS?

At 08:07 AM 20-02-03 -0600, Alif The Terrible wrote: On Thu, 20 Feb 2003, William Allen Simpson wrote: > Anybody have a pointer to scripts to map IP to AS? Google is your friend ;-) > There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets, > and I'd like to start blocking rout

Re: Cidera shuts down

At 05:58 PM 26-02-03 -0800, Dan Hollis wrote: On Wed, 26 Feb 2003, Jeffrey Wheat wrote: > I am now in need of obtaining a new source for news that is satellite based. Can anyone offer any suggestions > and or recommendations? All information is appreciated! satellite usenet does not appear to be

Re: anti-spam vs network abuse

At 05:05 PM 28-02-03 -0500, Len Rose wrote: Scanning is always a precursor to an attack, or to determine if any obvious methodology can be used to attack. At least that's how it has been historically viewed. When buying from Landsend or Amazon, I normally trust their ecommerce security. But when

Re: 923 Mbps across the Ocean ...

At 03:53 PM 07-03-03 -0500, Richard A Steenbergen wrote: Production commercial networks need not apply, 'lest someone realize that they blow away these speed records on a regular basis. Please document it so as to shame these I2 networks. Somehow, I doubt you will be able to. -Hank -- Richar

Re: 923 Mbps across the Ocean ...

At 10:09 PM 07-03-03 +0100, Mikael Abrahamsson wrote: On Fri, 7 Mar 2003, Richard A Steenbergen wrote: > Production commercial networks need not apply, 'lest someone realize that > they blow away these speed records on a regular basis. What kind of production environment needs a single TCP stream

Re: 923 Mbps across the Ocean ...

At 09:30 PM 07-03-03 -0800, Majdi S. Abbas wrote: Sure, given a link you don't have to share with production traffic and a lot of charity, it's possible to get TCP to do a lot of things. This doesn't make them a good idea (outside of those `special' environments.) 10 years ago there was n

  1   2   3   >