Re: more on the ICANN saga

> http://www.wired.com/news/politics/0,1283,21100,00.html > http://www.idg.net/idgns/1999/08/05/DysonEntersPoliticalSpatOverDomain.shtml > http://www.thestandard.com/article/0,1902,5722,00.html > http://www.idg.net/idgns/1999/07/30/ICANNDownplaysInappropriateTalksWithDOJ.shtml > http://www.icann.

Re: csu /dsu

> what are the primary functions of a csu / dsu? keeping papers on your desk from blowing all over the place when someone opens a window

Re: Help with bad announcement from UUnet

> What would work better/faster? > my-noc -> b0rken-noc > or > my-noc -> my-upstream-noc -> b0rken-noc-upstream-noc -> b0rken-noc for dinner this evening, would you prefer to walk or take a taxi to a closed restaurant? and there are scaling issues as well. randy

Re: is your host or dhcp server sending dns dynamic updates for rfc1918?

> now as to who's responsible, first off you have to understand that we block > rfc1918-sourced packets at our AS boundary. (otherwise these numbers would > be Much Higher are you sure? i suspect they are windows 2000 systems behind NATs. so the dynamic update is for the 1918 address, but the

Re: is your host or dhcp server sending dns dynamic updates for rfc1918?

>>> now as to who's responsible, first off you have to understand that we >>> block rfc1918-sourced packets at our AS boundary. (otherwise these >>> numbers would be Much Higher >> are you sure? i suspect they are windows 2000 systems behind NATs. so >> the dynamic update is for the 1918 addre

lucent vitalsigns

anybody use lucent's vitalsigns for snmp monitoring of a large scale ip network? if so, i would appreciate useful gossip. randy

Re: UUNET instability?

> Does anyone know if there is a web site or newsgroup I can get alerts and > updates about what is going on with UUNET ? http://quotes.nasdaq.com/Quote.dll?mode=stock&symbol=wcom&symbol=&symbol=&symbol=&symbol=&symbol=&symbol=&symbol=&symbol=&symbol=&quick.x=0&quick.y=0

RE: IS-IS information

> aside from the cisco is-is book... the gossip i am getting is that today is a particularly appropriate day to be reading the cisco is-is book randy

Re: anybody else been spammed by "no-ip.com" yet?

> a cost that you are forced to pay in order to enrich somebody else is > theft i thought it was called 'taxes' :-)/2

Re: IP renumbering timeframe

> Well how am I supposed to arrange a payment on a Sunday afternoon? > > As well I'd say I've already paid them more than enough to use > their IPs - I never brought up a BGP session with them and never > passed a single packet to them. I'm surprised to hear that such > extortion techniques are

Re: Corporate PGP for network operators

> What do commercial network operators, who are required to use Microsoft, > use their resumes

Re: RADB mirroring

> An IRR not mirrored by the RADB (to act as a member) and not > mirroring every RR mirrored by the RADB (to hijack the top level) > seems pointless. auto-config tools, such as ratoolset, do not use the mirrored data, only the origin data. one specifies the list of registries to search. so, mi

Re: Canonical bogon list?

you may look at draft-iana-special-ipv4-03.txt

Re: list problems?

andy and others who don't have the will or technology to plonk this clue-free troll, could you at least please not feed it? thanks. randy > Date: Wed, 22 May 2002 12:22:06 -0400 (EDT) > From: Andy Dills <[EMAIL PROTECTED]> > To: Ralph Doncaster <[EMAIL PROTECTED]> > Cc: "[EMAIL PROTECTED]" <[

Re: Certification or College degrees?

if i was to take a newbie, i would much rather hire someone who has taken algorithms and data structures, queuing, ... than someone who has spent their time studying for whatever juniper and cisco call their vendor certifications. one can teach a monkey how to hack a router, as is demonstrated o

Re: Routers vs. PC's for routing - was list problems?

> "Not to say you can't route well with a linux or bsd system you can but > at the high-end probably not as well." > > Tell that to Juniper. routing != forwarding routers have two jobs, both critical randy

Re: Certification or College degrees?

> A highly skilled gay is *VERY* different than a highly skilled guy... :-) not at work

Re: operational: icmp echo out of control?

> Its important to note a point entioned here that vendors are building > boxes to do this as well. I ran a 3dns pair for a while and wow the > mail that came in from people with firewalls or simply watching for > probes. F5 was opening all sorts of half opened connections and wierd > port

Re: proposed government regulation of .za namespace

> "I write in my capacity as the person who brought the Internet to > South Africa, that must be mike lawrie. only he has such misplaced arrogance. randy

Re: proposed government regulation of .za namespace

what i did was negligible. many folk in za, vic shaw, jacot guillarmod, alan barrett, chris pinkham, and then the whole uucp crew up on the reef, did the real work. but mike did push it, though with vastly excessive use of violence. > However, there is a larger arrogance he is battling - a poo

Re: proposed government regulation of .za namespace

> ISC has had very little in the way of problems as a .ZA slave its the ac.za and co.za messes

Re: proposed government regulation of .za namespace

> The net worked before DNS existed 'cept we hit this little scaling problem > I'm more concerned about well-meaning people and Secure-BGP than > DNS. run a few thousand zones, and you'll worry about the dns too randy

Re: Betr.: KPNQwest

> Anyone able to outline a worst case scenario, on what the effect would be, > if the KPN network really goes down? the world ends, we all die, and the universe goes dark

Re: China's cable firms fight deadly turf war

> http://www.china.org.cn/english/2002/May/33528.htm "Qungdag found > the outside world entirely different when he walked out of the > Prison of Tibet Autonomous Region after serving his 8-year term > there...Qungdag opened a teahouse in Lhasa, capital of Tibet > Autonomous Region. Business soon

RE: Bogon list

> I've never heard anyone refer to the IXP allocations as "bogons." Plus, I've > not heard of anyone filtering the IXP prefixes on their ingress peering > filters. well, you have now

Re: Bogon list

as peers do not give eachother transit, you don't need to announce the IX to eachother to get traceroute to work. you just carry it in your own network. randy

Re: Bogon list

>> as peers do not give eachother transit, you don't need to announce >> the IX to eachother to get traceroute to work. you just carry it >> in your own network. > Weren't they talking about customers at a "downstream" ISPs which don't > connect directly to the exchange? one gives transit custo

Re: Bogon list

> [[ What's with the huge CC list everyone? Aren't we all subscribers? Do > y'all enjoy getting multiple copies of replies? I don't! ;-) ]] :0 Wh: msgid.lock | formail -D 8192 msgid.cache

Re: KPNQwest ns.eu.net server.

> Given the current situation of KPNQwest and the possibility > of its services going offline sometime soon, the RIPE NCC in > agreement with KPNQwest will be temporally hosting this > server (ns.eu.net) in its premises. nice emergency hack and sorry to whine. but i used them both to get diver

Re: Updates to the root zone Re: KPNQwest ns.eu.net server.

> Has ICANN and NTIA worked out their operational issues so they can quickly > change the root zone to reflect changes in ccTLD nameservers if people > need to change which name servers are handling the ccTLDs. Last year, > some of the ccTLD operators were complaining it sometimes took weeks aft

RE: NAS filed chp 11

>> now someone will surely step up to the plate in their defence and rant >> about how this is all a good thing for NASC and how they will go on to >> reemerge next year as a lean, mean, bigger & better company. > I think at this point we are all long past the innocent stage and > rapidly approac

Re: KPNQwest ns.eu.net server.

> Don't even get me started on typos in the delegation records at the TLD > servers (entered by the registrants at least) there are currently 112 > domains in .com alone with at least one incorrect NS record pointing at > my nameservers. @ MX0 lame.delegation.to.. * MX0 lame

serious operational problem

nanog is in toronto, a city which has excellent restaurants. but, like many restaurants, my favorite (no, i will not tell you) is closed on sunday and monday. this is grim. now i don't care when nanog is in detroit or atlanta. but toronto?!!! randy, headin' for the airport

Re: NANOG25 - MRTG Stats for Hotel Network

> http://nanogmrtg.grouptelecom.net/ > ATM 2/0 is the OC-3c that connects the Hotel to the outside world. cool! any idea why the flat 750k? multicast beacon? randy

v6

so i have a local address # ifconfig wi0 wi0: flags=8843 mtu 1500 inet6 fe80::260:1dff:fe23:c352%wi0 prefixlen 64 scopeid 0x6 inet 192.35.167.202 netmask 0xfc00 broadcast 192.35.167.255 ether 00:60:1d:23:c3:52 media: IEEE 802.11 Wirele

Re: Reclaiming hijacked handle

> I noticed my handle was hijacked by a company I used > to work for. > > Naturally, I want it back since I went to use it and it's > incorrect. > > My old handle, MH309, is now MH569. > > Question 1: Did ARIN start expiring unused handles or did > something in the process of the hijack cause

Re: v6

> I can get a global address. i can now too! it was the merit router. randy

Re: v6

> IPv6 became operational around 10:50. Let us know if you continue to see > problems. i can see the dancing kame at http://www.kame.net randy

Re: How many protocols...

hint, the original poster is a well-known troll

Re: SPEWS?

> if grandma is hosted on chinanet she is already blackholed by most western > civilization anyway no, just by some self-marginalizing jingoists who don't know how to filter

Re: query about determining ingress interface

> Is there a way for an ISP to determine the ingress router interface at > its network border that will carry IP traffic _from_ an IP address not > owned by it? traceroute -g, which is what insisting on lsr is all about randy

RE: How low can Worldcom stock go?

> Instead, you have increased depeering as everyone tries to > squeeze [non-existant] money out of everybody else. some of the motivation is large players very consciously trying to squeeze out smaller or competitive players in the chaos of all the other noise. randy

Re: How low can Worldcom stock go?

> goto [Label A:]; ROFL! it's 1968!

Re: Sprint peering policy

> There is no way for a company to price transit below their peering > costs and make money. this may be true, but it's the level(3) business model. and the rest of the industry got suckered into dropping their drawers to match. kinda like a bunch of old men drinking poison to see who dies fir

Re: Sprint peering policy

>>> There is no way for a company to price transit below their peering >>> costs and make money. >> this may be true, but it's the level(3) business model. and the >> rest of the industry got suckered into dropping their drawers to >> match. kinda like a bunch of old men drinking poison to see

Re: Internet vulnerabilities

> Ok, here is my master plan to take down the Internet. First, we > will spend two weeks writing up several hundred seemingly simple, > short questions and innane statements regarding ORBS, filtering > RFC1918 space, Peering, and all of Nanog's other favorite topics. > Then, we'll start posting

Re: DNS was Re: Internet Vulnerabilities

> Now that we've seen enough years of experience from Genuity.orig, > UltraDNS, Nominum, AS112, and {F,K}.root-servers.net, we're seriously > talking about using anycast for the root server system. without dnssec, how do we differentiate this from a routing attack on the roots? the as112 anycas

Re: Maybe OT-Qwest DSL

> Hi, it's me again, Frank Rizzo. give us a break, children, would ya?

Re: Notes on the Internet for Bell Heads

> I don't know which is scarier. Lucent/Bell Labs trying to design > the next generation Internet architecture, or Cisco trying to > design the next generation DCN/SS7 architecture. the contest is keen. for a nice view of this insanity fueled by greed, paranoia, greed, and oh greed, see the ie

Re: QoS/CoS in the real world?

> a) QoS mechanisms are for the local-tail. Backbones should have "enough" > bandwidth (and bandwidth is cheap). > > b) QoS was for customers with services like VoIP and VPN - and in most > cases they where needed becuase the end users refused to buy the bandwidth > they actually needed. > >

RE: PSINet/Cogent Latency

> 40mb/s isn't "loaded" for a DS3? if you are measuring 40mb at five min intervals, micro peaks are pegged out causing serious packet loss. randy

RE: Draft of Rep. Berman's bill authorizes anti-P2P hacking

> I had significant input in my life regarding the difference between "can" > and "may." IMHO significant numbers of net citizens have forgotten that > difference. therefore all of us need to give up our civil rights? the terrorists have won. randy

Re: Identifying DoS sources quickly (was: Bogon list or Dshield.org type list)

>> Not a complete solution but a start: >> IP Source Tracker: > http://www.cisco.com/univercd/cc/td/doc/product/software/ios120/120newft/120 > limit/120s/120s21/ipst.htm >> Available as of 12.0(22)S for 7500 and 12000 series Cisco routers. ah yes. the new enterprise image. :-(

Re: Identifying DoS sources quickly (was: Bogon list or Dshield.orgtype list)

> AFAIK 12.0S only has the "service provider" feature set i fear that the joke is on us. at least one other train seems to have been merged into the ex-isp train. not sure how much. can't get a straight answer. welcome back to 1997, and bye bye what stability we had. randy

Re: RFC 2870's applicability (Re: Deaggregating for emergency purposes)

> The USG runs, directly or indirectly, 6 of the 13 root servers, imiho, it is more important, and undesirable, that the usg controls the *content* of the root zone. randy

damping

for research purposes. we want to send a periodic announce and a withdraw of a specific prefix. but we don't want to hit folk's damping policies. does anyone damp a swamp /24 which does an announce / withdraw on a two hour cycle? i.e. announce at 0,2,4,... and withdraw at 1,3,5,..? randy

Re: OT? /dev/null 5.1.1 email

> Should undeliverable email (5.1.1, User unknown) be directed > to /dev/null rather than responded to? one current fashion is to try to catch it as early in the smtp receipt process as possible and reject the mail to the smtp sender. this gives the rejection to the real source as opposed to the

Re: OT? /dev/null 5.1.1 email

> However, is seems the problem is over on the secondary MX (Postfix) > which only has a list of legit relay domains for pMX. When pMX is back > online sMX fwds it's queue, but at that point pMX rejects to sMX...who > then rejects to Sender. I'm not sure how I can get away from that > happening.

Re: OT? /dev/null 5.1.1 email

> The principle purpose of the secondary mx, in this case, is to accept > email for the primary mx during periods where the primary is down and the sending smtp server has no spool. i.e. no useful purpose. today, the primary purpose of secondary mxs is to receive spam. randy

Re: Please update filters for 58/8

> In May 2005, IANA's delegation of the following address block to APNIC was > widely broadcast to the operational and RIR mailing lists: > > 58.0.0.0/8 > > However, since that time, APNIC has received widespread reports of > difficulties routing address space within this range. repeat:

Re: DNS .US outage

Doc-2.2.3: doc -p -w us Doc-2.2.3: Starting test of us. parent is . Doc-2.2.3: Test date - Wed Jul 6 18:42:03 HST 2005 Note: Skipping parent domain testing Found 3 NS and 3 glue records for us. @a.root-servers.net. (non-AUTH) Using NSlist from parent domain server a.root-servers.net. NS list su

RE: DNS .US outage

> Thanks. Didn't have any *NIX boxes laying around to 'dig' any deeper. i believe even windoze has dig at the command line, though i don't know in what directory it lies. randy

Re: OMB: IPv6 by June 2008

we're off on the usual strange tangents. next will be whether it is ethical to walk in your neighbor's open house if they're running ipv6:-). ipv4 has some problems. the world has hacked around the major ones with things such as [holding nose] nat. the ivtf came up with a technically weak seco

Re: OMB: IPv6 by June 2008

> Is it a pproblem keeping 500,000 routess in core routers? Of > course, it is not (it was in 1996, but it is not in 2005 really? we have not seen this so how do you know? and it will be fine with churn and pushing 300k forwarding entries into the fibs on a well-known vendor's line cards? rand

Re: OMB: IPv6 by June 2008

> a) I suspect most SSL implementations derive out of the same code base. definitely not! at least three major ones out there. randy

Re: OMB: IPv6 by June 2008

> What is CPU power of today's core routers? What's memory? Compare with > junk-yard server - 2 x 1.4Ggz CPU, 4 GB RAM, total price about $1.5K. > > Routers have 3 - 10 times reserve _today_ . Then, you can always sacrify > reaction time a little. Reserves are tremendous in this area. > >>> Is i

icc to itu: fix the analog divide before venturing digital

The International Telecoms Union (ITU) has been told by the International Chamber of Commerce (ICC) to focus more of its efforts on stimulating the growth of fixed line voice telephony in developing countries. The Swiss-led ICC, which represents global business interests, says that the ITU devotes

Re: OMB: IPv6 by June 2008

> it is not _technical_ problem. no, it's a human problem. some reject clue. enough is enough.

Re: OMB: IPv6 by June 2008

> With G.711 and 20ms voice samples, with IPv4 you get: > > 20 bytes IP + 8 bytes UDP + 12 bytes RTP + 160 bytes payload > 20% overhead. > > Now with IPv6. Say we use shim6 or something like that to implement > multihoming too. The shim6 header isn't decided yet, but I suppose it's > got to cont

Re: Non-English Domain Names Likely Delayed

> What percent of the Joe Sixpacks out there could sucessfully manage their > named.root given a copy of 'DNS for Idiots' without generating at least > one trouble ticket? uh, i have been managing domains for a looong while, manage half a dozen cctld registries, ... and i only make a mistake once

Re: compromized host list available

> The announcement didn't state the intended use - which, given the > ingenuity of some, is most reasonable. But there are those who will > believe whatever they read, as long as it's in a report, and especially > if the report is automatically generated. Must be true, then, eh? A > report, eh?

Re: MCI billing fraud ... again

> We're being hit up by MCI's billing fraud again. mci's billing problems are gross ineptitude, not fraud. and just about every major (and many minor) telco has the same mess. have your documentation in order and talk to your account rep. the sky is not falling. randy

downloading old nanog real stream

i have to re-give a talk i gave a year ago in sf. i want to download the video stream so i can listen to it on the transpac flight. how the heck do i dl a stream from the nanog site? http://nanog.org/mtg-0405/real/wedgies.ram leads to rtsp://realmedia.merit.edu/nanog/n31/nanog31-wedgi

Re: downloading old nanog real stream

> mplayer -dumpstream -dumpfile nanog31-wedgies.rm > rtsp://realmedia.merit.edu/nanog/n31/nanog31-wedgies.rm bingo! works fine on freebsd. thank you! randy

Re: Where is Looking Glass source code?

http://www.traceroute.org/#source%20code

Re: Cisco cover up

> I suspect there was something slightly more than just giving information > about the vulnerabilities.. the inference is that they demonstrated > executing arbitrary code from buffer overflows.. perhaps for example they > developed ways of opening up privilege vty which I dont think has been > sh

RE: Cisco IOS Exploit Cover Up

> I think there is also a LOT concern about all the unpatched routers that > remain unpatched simply because the admins don't feel like spending a week > running the cisco gauntlet to get patches when you don't have a support > contract with cisco. Its like cisco doesn't want you to patch or they

Re: Cisco IOS Exploit Cover Up

> I spoke with people with Lynn in Vegas and confirmed the following, > if anyone is watching the AP wire or Forbes you'll see that Cisco, et > al. and Lynn have settled the suit. i missed the part where we, the likely actual injured parties, learn to what we are vulnerable and how to protect

janog

janog/fukuoka is in the last day of two day meeting. 330+ attending despite being quite far from networking centers of japan. general impressions o food much better than nanog, much better o but no snacks at breaks o program all ops/tech, no gl!tz, no vendor or what wonderful things ar

as numbers

geoff has a quite good article on antonymous systems, usage, ... at . randy

Re: as numbers

> geoff has a quite good article on antonymous systems, usage, ... at > . geoff, why not assume o all speakers will not transition at the same time, but o before the first > 0: is issued/used that all will transition? i would think this

Re: as numbers

>> While this looks like a lot, it does not really solve any problem. Geoff's >> numbers show that the pool will expire in 5 years. Our estimate is a > When discussed a few years back, I was told that this was already solved > by 32bit AS numbers (ASx:x). you may want to read the refer

Re: as numbers

> The article states it's not fixed. that seems to agree with at least one of my routers rtr42#conf t Enter configuration commands, one per line. End with CNTL/Z. rtr42(config)#router bgp 0:3130 ^ % Invalid input detected at '^' marker. my point was

Re: "Cisco gate" and "Meet the Fed" at Defcon....

fred, seeing as there is not now, and likely never will be fixed versions for many of our routers (25xx, 17xx, ..., and i can't find a path up from my 7200 k4p-mz.120-25.4.S on the web site), your logic tells us that cisco will never announce. i am sure this is not what you intend. randy

Re: "Cisco gate" and "Meet the Fed" at Defcon....

> Current remote directory is /cisco. > ncftp /cisco > dir ios/12.3/12.3.15a/2500/ > -rw-rw-r--1 518 11013444 Jul 25 14:50 c2500-c-l.123-15a.bin > -rw-rw-r--1 518 12303148 Jul 25 15:17 c2500-i-l.123-15a.bin > -rw-rw-r--1 518 16191744 Jul 25 14:34 c2500-is-l.123

Re: "Cisco gate" and "Meet the Fed" at Defcon....

> note image size of 11/12/16 mb... note that many (most?) 2500's don't have > 16M flash :( many, many referenced before (term servers for instance) are > 2mb flash boxes. It's possible that Randy's referring to this sort of > 2500. Kindly using himself for a whipping boy instead of the rest of us

Re: "Cisco gate" and "Meet the Fed" at Defcon....

> I might be wrong, but I thought an image with IPv6 support required > 16 MB flash on the 2500? could be. don't care. don't need ipv6 on terminal servers for oob access. > Anyway, the upgrade path is there not really. randy

RE: "Cisco gate" and "Meet the Fed" at Defcon....

>> no, but I'd like to... since I'm upgrading and all (for >> security reasons and ipv6 is so much better for security, right? :) ) > ok so your issue is totally irrelvant to the recent "ciscogate" > paranoia? see the smiley? randy

RE: "Cisco gate" and "Meet the Fed" at Defcon....

> But the vulnerability applies for only ipv6-enabled devices... > http://www.cisco.com/warp/public/707/cisco-sa-20050729-ipv6.shtml the general problem is definitely wider than the v6 hole. i believe, but of course could be wrong, that the april fix was a bit wider than v6. the blackhat/nanog

Re: "Cisco gate" and "Meet the Fed" at Defcon....

> I forget who suggested it actually, i was first, but others have followed > but I like the request to move this to cisco-nsp. Any reason > that isn't a better place than NANOG at this stage? i would guess that, if useful discussion is started on cisco-nsp, that the momentum will move there a

RE: "Cisco gate" and "Meet the Fed" at Defcon....

> The "nanog problem" was clearly stated. It had nothing to do with the > specific discussion, but more that the discussion contained instances > where folks were being insulting and crude. then address the insults and crudeness. randy

RE: "Cisco gate" - Payload Versus Vector

very helpful analysis. some questions: even without stiffling the heap check via crashing_already (i.e. a 'fix' is developed for that weakness), is the 30-60 second window sufficient to do serious operational damage. i.e. what could an attacker do with a code injection with a mean life as short

RE: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter

> You can ping to 126.66.0.30/8. and how does one ping a /8? randy

Re: OT: Cisco.com password reset.

> I got an email that my CCO account's password was reset > last night. Not sure how widespread this issue was, but > I called my account contact and verified that this is > a valid email, and that my password needed to be reset. funny, i had a similar incident o could not log on to account

Re: Traffic to our customer's address(126.0.0.0/8) seems blocked by packet filter

> just remember that not all networks use '126.255.255.255' as a broadcast > address. there are non-broadcast networks where that address is a 'host' > one. i suspect not in this one interesting case, as the following ip address is part of a very special block, 127/8. randy

Re: /8 end user assignment?

> there were discussions about this at the last APNIC OPM. > details can be found here if you are interested. > http://www.apnic.net/meetings/19/programme/sigs/ipv6.html > several ASs participated in this so called > "large space IPv4 trial usage". indeed, this was a very interesting, if somewha

Re: /8 end user assignment?

> The business of the rir's is providing ip addresses to their members. if > withholding the remaining address space became more important than > supporting the needs of the community of interest, then they've obviously > failed their membership. not for long, as their membership elects/appoin

Re: /8 end user assignment?

>> They are one of the largest ISPs in Japan. > And this helps them justify a /8 _in the US_ how? dunno. that would probably be hard. which is why they got it from apnic. randy

Re: /8 end user assignment?

> Until such devices support IPv6, to reiterate Steve's point, it's not an > option to consider approaching connectivity suppliers with IPv6 enquiries. could you comment on christopher's observation that, given the likely volume of v6 traffic, you would not have a v6 load worth balancing? of cou

Re: /8 end user assignment?

> Why do so many v6 folks fill their arguments with notes of alarmism? old bad habits. the sky has been falling for a decade now. the problem is it makes it hard to separate signal from noise. e.g. after many years of telling us 3gpp was about to be a major address space eater, we stopped list

  1   2   3   4   5   6   7   8   9   10   >