Anyone know whats up ?
wat-border2# whois -h whois.arin.net 192.168.0.0
An error has occured, please contact the administrator.
wat-border2#
---Mike
Mike Tancsa, tel +1 519 651
At 03:21 PM 28/05/2002 -0400, Jeff Mcadams wrote:
>Also sprach E.B. Dreger
> >RAS> be mistaken for a port scan. But for so many network admins,
> >RAS> all they know is "ICMP bad".
>
> >That'll be the day when someone calls abuse saying "I'm being attacked
> >by ICMP unreachables!" ;-)
>
>"That'
Well, the recent jumbo AS path issue had an interesting effect of resource
starvation on a few routers. Still, I think the softest targets are the
root name servers. I was glad to hear at the Toronto NANOG meeting that
this was being looked into from a routing perspective. Not sure what is
Dont know, but I was seeing lots-o-problems to 852 174 6453 15605 at the
PSINet / Teleglobe link in New York. At the time I didnt know if it was a
just a problem to Iceland (15605) or it started in Teleglobe. I didnt have
time to take a close look then. Teleglobe has a looking glass at
htt
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED]
Providing Internet since 1994www.sentex.net
Cambridge, Ontario Canada
This started just before noon Toronto time (EDT) (my BGP session to them
went idle at 11:41). Supposedly a sprinkler pipe broke and soaked a few
optical transport shelves. The last updated I had was that it will be a
few hours still. The master ticket is 895-126. This is all third hand.
ecedent for a common carrier argument :( I like BGP blackholing to
protect internet infrastructure, but what exactly is this protecting ?
---Mike
--------
Mike Tancsa, tel +1 519 651 3400
At 10:05 AM 25/07/2005, Patrick W. Gilmore wrote:
ISPs are not common carriers. Look at your contract, I think you
will find they are allowed to filter specific things if they feel
necessary for a wide variety of reasons.
Infrastructure reasons yes. This is not an infrastructure issue. As t
A nice succinct analysis (by an actual lawyer (law prof) who specializes in
Canadian Internet law) can be found at
http://www.michaelgeist.ca/
Telus Blocks Subscriber Access to Union Website
Reports today indicate that Telus is currently blocking access to Voices
for Change, a website run
Same here. I didnt get a notice that it was reset, but I cannot login
---Mike
At 09:30 AM 03/08/2005, Dan Armstrong wrote:
My PW to CCO did not work this morning either. I am on hold with the TAC
right now
Joe Blanchard wrote:
FYI
I got an email that my CCO account's passw
tal.
---Mike
----
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED]
Providing Internet since 1994www.sentex.net
Cambridge, Onta
At 04:55 PM 03/08/2005, Christopher L. Morrow wrote:
> hops away, the TTL of the packet when it got to me was 56). Yes, I know
> those could be adjusted in theory to mask multiple sources, but in practice
> has anyone seen that ?
what exactly was the question?
You answered it mostly-- what d
At 09:31 AM 13/09/2005, Steven Champeon wrote:
Does anyone know what their mail infrastructure looks like? From what I
can see, they don't even have an MX record for fema.gov...
No MX record, and the A record for fema.gov does not accept smtp traffic.
# telnet fema.gov smtp
Trying 205.128.1.
At 10:29 AM 13/09/2005, Steven Champeon wrote:
on Tue, Sep 13, 2005 at 09:54:42AM -0400, Mike Tancsa wrote:
>
>
> Looks Solaris'ish
>
> # telnet ns2.fema.gov smtp
> Trying 162.83.67.144...
> Connected to ns2.fema.gov.
> Escape character is '^]'.
> 22
At 03:50 PM 13/09/2005, Joseph S D Yao wrote:
Oh, and also ... please consider that some firewalls try to discern
whether the connection on port 25 is from a mail server or from Telnet.
While I mourn the simplicity of manual debugging of such sites, it
remains that: the fact that you can't TELN
At 05:10 PM 13/09/2005, kent crispin wrote:
Port 587?
Not everyone implements that. You would make a large part of the
internet unreachable via email
vinyl# telnet mx2.mail.yahoo.com 587
Trying 67.28.114.36...
telnet: connect to address 67.28.114.36: Connection refused
Trying 4.79.181.13..
At 07:28 AM 14/09/2005, Suresh Ramasubramanian wrote:
On 9/14/05, Mike Tancsa <[EMAIL PROTECTED]> wrote:
> >Port 587?
> Not everyone implements that. You would make a large part of the
> internet unreachable via email
> vinyl# telnet mx2.mail.yahoo.com 587
> Trying
At 11:50 AM 05/10/2005, Matthew Crocker wrote:
I opened a billing/support ticket with Cogent. I'm not planning on
paying my bill or continuing the contract if they cannot provide full
BGP tables and full Internet transport (barring outages). Luckily I
have 2 other providers so I can still re
At 01:43 PM 05/10/2005, Jeff Shultz wrote:
And why isn't this apparently happening automatically? Pardon the
density of my brain matter here, but I thought that was what BGP was all about?
The assumption you are making is that Cogent has a full view from
someone of all prefixes outside AS17
At 02:47 PM 05/10/2005, Douglas Dever wrote:
> fact remains that Cogent is not providing the service I'm paying them
> for and they need to get it fixed.
Really? As you already pointed out, your packets are reaching their
destination. So, they don't "need" to get anything "fixed."
I think
At 11:59 AM 19/10/2005, Elmar K. Bins wrote:
[EMAIL PROTECTED] (Todd Vierling) wrote:
> Tier-2s should be given much more credit than they typically are in
> write-ups like this. When a customer is single homed to a tier-2 that has
> multiple tier-1 upstreams, and uses a delegated netblock fr
At 01:39 PM 28/11/2005, Roy wrote:
Is anyone else seeing high failure rates of Akamai servers at their
facilities?
Nope, just one bad box in many years.
---Mike
o anywhere ?
---Mike
----
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED]
Providing Internet since 1994www.sentex.net
At 11:17 AM 09/12/2004, william(at)elan.net wrote:
Read NANOG archives - Verisign now allows immediate (well, within about 10
minutes) updates of .com/.net zones (also same for .biz)
Yes, I was aware of that.
while whois data
is still updated once or twice a day.
I (wrongly) assumed that the initi
At 01:50 PM 09/12/2004, Jeff Rosowski wrote:
shell1% whois vestigial3had.com
...
No match for "VESTIGIAL3HAD.COM".
What gives ? How can there be no whois info anywhere ?
You can also make whois information private, usually for an additional fee.
I wonder what % of domains that have their whois inf
At 02:44 PM 09/12/2004, Hannigan, Martin wrote:
Perhaps 100% of spammers hide their registration data when possible,
but I wouldn't say that 100% of hidden registrations are spammers.
An RBL option of this type of data would probably mean forced
elimination of a benefit to the public - privacy.
Th
At 03:10 PM 09/12/2004, Daniel Senie wrote:
The WHOIS data is there to ensure there's someone to contact. As long as
the data listed can be used to reach the domain holder for legitimate
purposes (technical problems, etc.), why should you care if the listed
address is a Care Of address, the emai
At 07:49 PM 09/12/2004, Peter John Hill wrote:
Jeff Rosowski wrote:
shell1% whois vestigial3had.com
...
No match for "VESTIGIAL3HAD.COM".
What gives ? How can their be no whois info anywhere ?
How about the following... (note that just because someone is using
someone as their authoritative name
At 10:32 PM 09/12/2004, Janet Sullivan wrote:
I wonder what % of domains that have their whois info hidden or "private"
are throwaway spam domains... Some number approaching 100% I would
bet. It would be nice to somehow incorporate this into a SpamAssassin
check somehow.
Please don't, there ar
Works for me. Are you sure you are not coming from a PTR/A record mismatch ?
smarthost1# host 66.235.194.37
37.194.235.66.IN-ADDR.ARPA domain name pointer ds194-37.ipowerweb.com
smarthost1# host ds194-37.ipowerweb.com
Host not found.
smarthost1#
smarthost1# host -tns ipowerweb.com
ipowerweb.com n
At 04:39 PM 17/04/2005, Joseph W. Breu wrote:
Can someone from ATT.net security contact me offlist RE: our network in
their RBL?
Try [EMAIL PROTECTED] Humans do seem to read it. During the week they
responded within a few hrs. However, when I asked why they blacklisted us
in the first place, I
p7.bellnexxia.net smtp
Trying 209.226.175.175...
telnet: Unable to connect to remote host: Connection refused
>
----
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,
There is discussion on ntbugtraq
http://www.ntbugtraq.com/default.aspx?pid=36&sid=1&A2=ind0505&L=ntbugtraq&T=0&O=D&F=N&P=192
---Mike
At 04:43 PM 17/05/2005, Alexei Roudnev wrote:
Do you have amny information about last Microsoft problems with security
patches? We can see, how
one of last u
--Mike
----
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED]
Providing Internet since 1994www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
I am seeing this as well. One of my upstreams (AT&T Canada- 15290) has
connections with AT&T US (7018) in Chicago and Vancouver. Chicago seems to
have disappeared for me and all traffic bound via that path is going via
Vancouver now.
---Mike
At 02:52 PM 28/08/2002 -0500, Wes Bachm
route-server.ip.att.net is not currently reachable, but AS15290's router
server is for those who want a view on things...
route-server.east.attcanada.com.
and
route-server.west.attcanada.com.
which come in handy :-)
---Mike
At 04:11 PM 28/08/2002 -0400, Mike Tancsa wrote:
dmitting there
was a problem and not pointing fingers elsewhere (it was the vendors
fault!) should be commended.
---Mike
At 11:21 PM 8/28/2002 -0400, Frank Scalzo wrote:
>Whoops! 2 hours to find routers w/o an IGP tsk tsk.
01.us.bb.verio.net (129.250.5.35) 87 ms 87 ms 88 ms
> > 12 p16-0-0-0.r02.stngva01.us.bb.verio.net (129.250.5.15) 87 ms 88 ms 87 ms
> > 13 p16-7-0-0.r02.mclnva02.us.bb.verio.net (129.250.5.47) 88 ms 88 ms 88 ms
> > 14 p4-3-0.r00.mclnva02.us.bb.verio.net (129.250.5.249) 88
At 07:41 PM 05/09/2002 -0400, batz wrote:
>On Thu, 5 Sep 2002 [EMAIL PROTECTED] wrote:
>
>:The question is what if someone was gunning for your fiber. To date
>:cuts have been unintentional. Obviously the risk level is much higher
>:doing a phyisical attack, but the bad guys in this scenario a
to any "roll your own" parts, esp. IDE ->
>Flash adapters and multiport serial cards that will work with FreeBSD.
>
>I can summarize to keep the noise down...
>
>Thanks,
>
>Charles
>
>--
>Charles Sprickman
>[EMAIL PROTECTED]
-
---Mike
--------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED]
Providing Internet since 1994www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
At 01:31 PM 26/09/2002 -0400, Vinny Abello wrote:
>Looks like something isn't right... I see the announcement from Sprint
>with an AS path of 1239 852 11647, but it never gets past one of the
>routers on Sprint's network. I have no problem going through Cable and
>Wireless:
Yes, and the stran
is.
---Mike
At 01:35 PM 26/09/2002 -0400, Mike Tancsa wrote:
>At 01:31 PM 26/09/2002 -0400, Vinny Abello wrote:
>>Looks like something isn't right... I see the announcement from Sprint
>>with an AS path of 1239 852 11647, but it never gets past one of the
&
At 02:27 PM 26/09/2002 -0400, Vinny Abello wrote:
>Yep, you're right. Looks like they might blackholing the /32 with a null
>route on their network somewhere.
To mitigate the impact, I am sending 199.212.134.0/24 as a more specific
route through my other transit provider (15290) who does not
At 10:34 AM 08/10/2002 -0400, Joe Abley wrote:
>What is difficult about dropping packets sourced from RFC1918 addresses
>before they leave your network?
>
>I kind of assumed that people weren't doing it because they were lazy.
I am sure thats part of it. Also, it might be a CPU issue as well
ome time now, so perhaps someone on the list
might know whats up ? I know there are a few Telus people who monitor NANOG...
---Mike
----
Mike Tancsa, tel +1 519 651 3400
Sentex Communicati
e:
They've definitely got some funky routing going on.
Not too sure if it's normal, but regardless, it's strange.
On Sun, 2002-11-10 at 20:42, Mike Tancsa wrote:
>
> Anyone else seeing any problems with Telus (AS852) tonight ? This morning
> an IGP config typo (dont know many
There is a second one as well which is 198.32.162.102. Its a little more
responsive, but with less peers.
---Mike
At 01:04 PM 20/11/2002 -0500, Jared Mauch wrote:
Kai,
i'm not sure about the dns for the domain (i suspect the
appropriate people are at ietf.. infact i k
20, 2002 at 06:35:59PM +, Stephen J. Wilcox wrote:
> telnet to the domain works fine from here?
>
> confirm you have it correct- route-views.oregon-ix.net
>
> On Wed, 20 Nov 2002, Mike Tancsa wrote:
>
> >
> >
> > There is a second one as well which
Might have to do with
http://isp-lists.isp-planet.com/isp-bandwidth/0212/msg00978.html
(AOL vs Cogent Peering issue)
---Mike
At 09:51 AM 18/12/2002 -0500, Dale Levesque wrote:
Anyone happen to have more information on the problems that have been
happening with the peering between Co
om all over
the world to any address on my network.
--------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, [EMAIL PROTECTED]
Providing Internet since 1994www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
At 02:45 AM 1/25/2003 -0600, Jack Bates wrote:
From: "Mike Tancsa"
>
>
> Yes, I am seeing this big time. Are you sure its SQL server ? Thats
> normally 1433 no ? Are there any other details somewhere about this ?
>
All MS SQL servers listen to 1434 reguardles
implementing it.
---Mike
Mike Tancsa, tel +1 519 651 3400
Sentex Communications, [EMAIL PROTECTED]
Providing Internet since 1994www.sentex.net
Cambridge, Ontario
route-views.on>
Anyone know whats up ?
---Mike
----
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED]
Providing Internet since 1994
go there :-) Anyways, just wanted to publicly thank the nice Telus NOC
people for making my life easier.
---Mike
At 10:10 PM 25/02/2003 -0500, Mike Tancsa wrote:
Anyone know what is up between them in Ontario, Canada ? I am seeing
pretty high latency and packet loss in both directions
ak in many parts of North America... More time to do
these sorts of things.
---Mike
----
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED]
Looks like 213.30.180.218 allows unrestricted zone transfers.
> ls -d ALJAZEERA.NET.
[[213.30.180.218]]
$ORIGIN aljazeera.net.
@ 15M IN SOA ns3 dnsadmin.nav-link.net. (
2003032706 ; serial
At 09:58 PM 30/05/2004, Sean Donelan wrote:
"Initially you start to work backwards from the e-mail and find that to
be a very frustrating route," said Daniel Larkin, chief of the FBI's
Internet Crime Complaint Center, the unit that is coordinating Project
Slam Spam. "that doesn't lead to a
We are unable to make new resolutions from their servers
granite# host -t ns akadns.net
akadns.net name server zh.akadns.net
akadns.net name server eur3.akam.net
akadns.net name server zf.akadns.net
akadns.net name server zc.akadns.net
akadns.net name server asia3.akam.net
akadns.net name server u
So anyone know what was the cause ?
---Mike
At 09:08 AM 15/06/2004, Leo Bicknell wrote:
From here neither www.google.com, nor www.apple.com work. Both
seem to return CNAMES to akadns.net addresses (eg, www.google.akadns.net,
www.apple.com.akadns.net), and from here all of the akadns.net
s
://www.theregister.co.uk/2004/06/15/akamai_goes_postal/
Brian Conant
Lead Security Engineer
ADESA Corp
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Mike Tancsa
Sent: Tuesday, June 15, 2004 2:53 PM
To: Leo Bicknell; [EMAIL PROTECTED]
Subject: Re: Akamai DNS Issue?
So
y unavailable. Please
try again later [#4.16.3].
I checked from another network totally independent of mine and they too are
seeing similar problems.
---Mike
----
Mike Tancsa, tel +1 519 65
(152.63.32.181) 34.680 ms 35.498
ms 35.267 ms
13 194.ATM5-0.GW4.DCA1.ALTER.NET (152.63.37.65) 35.113 ms 35.455
ms 35.452 ms
14 arin-gw2.customer.alter.net (65.207.88.74) 110.848 ms 37.177
ms 38.229 ms
15 *^C
marble%
Mike
Not the best place to ask (full-discloure or the incidents list perhaps),
but there are numerous phishing scams going of late (I get 3 or 4 a day)
that exploit an unpatched IE bug
e.g. the spam reads
You Have a VoiceMessage Waiting Priority :Urgent From:xxx xxx
http://www.ONEvoicemailbox.n
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED]
Providing Internet since 1994www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
ved. Telus
is my main transit, and I dont like having to use such a blunt approach to
working around this issue :(
---Mike
Eric Krichbaum, Chief Engineer
MCSE, CCNP, CCDP, CCSP, CCIP
-Original Message-
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of
Mike Tancsa
Sent
At 04:12 PM 30/08/2004, Dan Hollis wrote:
yep md5 made the news recently because it's been cracked:
http://techrepublic.com.com/5100-22-5314533.html
http://www.rtfm.com/movabletype/archives/2004_08.html#001055
Thats a misleading over simplification. A collision being found implies
something diffe
At 05:10 PM 30/08/2004, Scott Call wrote:
On Mon, 30 Aug 2004, Mike Tancsa wrote:
I recall even seeing posts about people claiming this meant original data
being reconstructed from the checksum! That would be truly amazing since
I could reconstruct a 680MB ISO from just
At 07:27 AM 07/09/2004, Thornton wrote:
Only thing you can do is try to call them but that probably wont get you
anywhere. If you have enough customers on AOL they can complain and if
you really have a lot could get it removed.
But for the most part your just SOL
Thats not been our experience at
Try @aliant.ca (note the one L). Bell.ca (BCE) is a majority owner in
Aliant which is an amalgamation of the various old provincial incumbent
telcos and they are just finishing up a nasty protracted strike as well.
---Mike
At 01:52 PM 07/09/2004, Dave Dennis wrote:
Greetings,
Attemptin
At 01:10 AM 07/10/2004, J. Oquendo wrote:
I've been slowly compiling a list of known botnets should
A lot of the IP addresses you have listed seem like they would change with
some frequency based on the host names. The problem with using such a list
is that it can quickly become out of date unl
At 09:39 AM 29/11/2004, Suresh Ramasubramanian wrote:
Fergie (Paul Ferguson) wrote:
I'd be curious to hear what NANOG readers thoughts are on
this.
It would be interesting to see how this fares when faced with a whole lot
of router acls that got put in to filter out nachi
Although I generally like
'm wondering
whether
> > this may be an IOS bug or whether I may have hardware on its way out or
> > whether this was some kind of new crafty DoS attack.
> >
> > TIA!
> >
> > Mark J. Scheller ([EMAIL PROTECTED])
>
>
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED]
Providing Internet since 1994www.sentex.net
Cambridge, Ontario Canada www.sentex.net/mike
At 01:15 PM 30/05/2003 -0500, Stephen Sprunk wrote:
For the same reason anyone else accepts their routes -- because they want to
be able to reach them. If they don't want to reach _you_, that's their
choice.
As Sean Donelan pointed out, the fact that 2 of the root name servers are
inside their n
At 10:20 PM 03/06/2003 +0200, Daniel Karrenberg wrote:
On 03.06 13:44, Dominic J. Eidson wrote:
>
> I'm having a feeling that someone harvested a bunch of adresses, possibly
> from NANOG, and is using them as the sender address in pretend-to-be KLEZ
> spams.. I have received several bounces lately
ignature ? trinity v3 seems to have these
capabilities but I have not seen it mentioned in some time... An oldie but
a goodie, or something new ?
---Mike
--------
Mike Tancsa, tel +1
--
William Leibzon
Elan Communications Inc.
[EMAIL PROTECTED]
----
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED]
Providing Internet since 1994
Something was posted to the full-disclosure list. I havent tested it yet
myself but someone else said it did work.
http://lists.netsys.com/pipermail/full-disclosure/2003-July/011421.html
http://lists.netsys.com/pipermail/full-disclosure/2003-July/011420.html
---Mike
At 09:24 AM 18/07/2
y news regarding the problem cause?
--------
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL PROTECTED]
Providing Internet since 1994www.se
At 10:58 AM 30/07/2003 -0400, Jared Mauch wrote:
If someone abuses the PSTN, or other networks they eventually
will get their service terminated. If people abuse their access by
launching DoS attacks, we need to catch them and get their access
Gee, wouldnt that be nice. Having personally
At 03:19 PM 30/07/2003 -0400, Jared Mauch wrote:
On Wed, Jul 30, 2003 at 02:43:16PM -0400, Mike Tancsa wrote:
>
> At 10:58 AM 30/07/2003 -0400, Jared Mauch wrote:
>
> >If someone abuses the PSTN, or other networks they eventually
> >will get their service terminated.
At 10:37 PM 30/07/2003 +, Christopher L. Morrow wrote:
Sure, trace my attacks to the linux box at UW, I didn't spoof the flood
and you can prove I did the attacking how?
You can at least TRY and see where the controlling traffic stream is
originating from. i.e. if crap is coming out of box
Sounds like mimail. See
http://vil.nai.com/vil/content/v_100523.htm
---Mike
At 02:45 PM 01/08/2003 -0400, Drew Weaver wrote:
I have had like 4 users call and tell me that they're
receiving email from [EMAIL PROTECTED] with a unidentified attachment,
possibly a worm that
Anyone know whats up with the big power outage in Ontario Canada ?
---Mike
Although our main office here has generator power, what do all the
intermediary unmanaged network sites typically have for DC power along the
way ? One of my local fibre providers told me that the remote hut we are
off of only will last until about 9:30pm tonight and then bye bye. Is that
t
Thanks. A couple of people told me that the target is 8hrs for Bell Canada
huts. So hopefully some power will make it there before long. Not sure how
well they will prioritize what huts to charge with portable gensets. I
imagine they dont of course have a portable genset for every hut out ther
Does anyone know whats up with them ? All my peers are down now and the
host for the mailing list is still off the air.
---Mike
Mike Tancsa, tel +1 519 651 3400
Sentex
Yikes, I just heard that the power is out at 151 Front St because they are
having generator problem.
---Mike
At 11:04 PM 14/08/2003 -0400, Mike Tancsa wrote:
Does anyone know whats up with them ? All my peers are down now and the
host for the mailing list is still off the air
have any
more details ? The intake on my 7204s are at 37C vs the normal 28C.
---Mike
At 11:04 PM 14/08/2003 -0400, Mike Tancsa wrote:
Does anyone know whats up with them ? All my peers are down now and the
host for the mailing list is still off the air.
---Mike
At 07:02 PM 05/08/2003 +, Christopher L. Morrow wrote:
so long as you are sure they aren't spoofed, yes.
A recent post by Rob Thomas said, "I've tracked 1787 DDoS attacks since 01
JAN 2003. Of that number, only 32 used spoofed sources. I rarely see
spoofed attacks now."
Thats about 1%. Of
Yes, we are starting to see this as well. We are filtering at the edge, so
the bogus packets are not getting out.
We have a /19 of 64.7.128.0/19 and 64.7.229.241 is totally bogus for our
network.
Aug 14 21:59:16 telus-151front /kernel: ipfw: 3 Deny TCP
64.7.229.241:1069 204.79.188.11:80
At 08:26 PM 14/08/2003 -0700, Eric Kuhnke wrote:
TORIX is off the net
traces to peer1 routers/hosts at 151 front die before reaching toronto
the rumor mill has it that 151 front's generator system failed utterly...
Just called my colo provider (GT/360) and they said the air conditioners
are sti
supposedly restored around ~ 1am but still no cooling :-(
---Mike
At 03:46 AM 15/08/2003 -0400, Bill Zeng wrote:
That's a shame to owner/Bell. Generators should have been tested with
the full load on a periodic basis.
On Thu, 14 Aug 2003, Mike Tancsa wrote:
> Yikes, I just heard
, Mike Tancsa wrote:
At 08:26 PM 14/08/2003 -0700, Eric Kuhnke wrote:
TORIX is off the net
traces to peer1 routers/hosts at 151 front die before reaching toronto
the rumor mill has it that 151 front's generator system failed utterly...
Just called my colo provider (GT/360) and they said th
Are they blocking just icmp echo or everything ?
---Mike
At 12:29 PM 19/08/2003 -0400, Ingevaldson, Dan (ISS Atlanta) wrote:
The "Nachi" worm propagates via MSRPC DCOM and the IIS WebDAV bug. It
may be causing this storm because it runs 300 scanning threads, and it
pings each IP first
At 03:40 PM 19/08/2003 -0400, Joe Abley wrote:
The consistent component of the ongoing rumour mill is that this is due to
"some computer virus".
sobig.f is REALLY making the rounds. I think its been effective as it plays
on the public awareness of "some security hole" and "needed fixes from
Mic
Probably not. The virus grabs a From address at random from the infected
person's email in box. So its more likely someone who has got mail FROM
those people rather than those people. See
http://vil.nai.com/vil/content/v_100561.htm
To quote,
"The "From:" address may be spoofed with an address
which are static;)
What would BGP tables tell you about internal routing and DNS ?
---Mike
Mike Tancsa, tel +1 519 651 3400
Sentex Communications,[EMAIL
We have been doing that. During quiet times our Customer Service Reps
(CSR) are calling infected users telling them
a) Their computer has been compromised. In its current state it can
potentially be taken over by others or other users can look at the contents
of their private files etc.
b) I
At 12:54 PM 28/08/2003 -0700, Dan Hollis wrote:
> Alternatively, perhaps we could, instead, publish an INFECTED SYSTEMS
> blacklist
> based on such connections to a honeypot. Any system which made the correct
> request could then have it's address published via BGP or DNS for ISPs and
> the like t
1 - 100 of 186 matches
Mail list logo
