st on BSD, the socket buffers aren't allocated buffers at all, simply
numbers which fix maximium size that can be allocated when data comes in).
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
ortunity
to elect your favorite candidate is another.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
file, the web server will immediately
dump 1MB into the kernel until either the socket buffer or the file runs
out, and then the kernel will spend the 5 minutes transfering it to the
dialup user. Have that happen a few times, and you get an instant mbuf
exaustion (or whatever internal mechanism yo
206.223.115.79) appears to be up.
Host (206.223.115.255) appears to be up.
Nmap run completed -- 256 IP addresses (9 hosts up) scanned in 4 seconds
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
participant" for 6 months or more. Through time this will get
better of course, but I still consider it something akin to deceptive
advertising if you're going in there because of who you think you can peer
with.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbi
on't link it to EFNet noone
will packet it. :)
If thats too much trouble, try an AIM chat room. I don't think its worth
making a whole mud over (no offense to MOO :P).
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
se does either.
Worship your religion and/or politics all you want, but please don't tell
me how to choose mine.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
nd quarter, will be used to pay
> down debt, it said.
$50 mil down, $3.25 billion to go...
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
tched/multiplexed
> service from a telco and directly connect with your intended peering
^
> partners over it, regardless of where everyone is located. (Hey, does this
> sound like private interconnects?)
You answered your own question. :)
--
Richard A Steenbergen <
thers are as well, though
it takes a while to overcome the well-engranded traditions and beliefs
about "LAN vs WAN technology" and all that nonsense... Short of that,
Cogent offers a layer 3 transport service with gige on both ends as an
option... :)
--
Richard A Steenbergen <[EMAIL PROTECT
've seen the GigE long-haul transport subject come
up a couple time there...
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
n get a fairly good idea how drunk the
people were when they laid your fiber.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
bedded SSH who still suffer from this
problem (Vendor F comes to mind, but their SSH implementation also doesn't
work with OpenSSH w/freebsd localisations, so something else is afoot
there as well).
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID:
, the speed) doubles every 2
> years. The pace has since slowed down a bit, but appears to be holding
> steady at doubling every 18 months (1995-present).
Not to be too picky, but how is going from "doubling every 2 years" to
"doubling every 18 months" slowing down? :)
--
of any given path sucking are far greater than
the odds of that path going away. Therefore I would rather have one path
which doesn't suck than two paths which may.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
expensive) cables, all in a box made out of what I swear was some
kind of lead/neutron star material alloy. Of course that was a couple
years ago, maybe they've upgraded to the current market's $50 processor.
:)
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
than I did writing the code to do this in the first
place) but I don't see any reason it shouldn't work, with proper interrupt
coalescing of course.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
where you want the RX data to be DMA'd. The
kernel updates the producer index, discarding any data which the consumer
can't read. Then you just have your userland program constantly scanning
the ring for new data, put a usleep(1); in there and you'll stay below
0.01% cpu.
Thin
your nexthops. You can do something like RPF check your peers, but
then you can run into asymetric routing issues. But just like anyone who
is involved in selling "stolen" merchandise, they usually get busted when
they piss off someone who knows about their activities and they get ratted
o
uting IP
lists that could be filtered by source address, let alone other more
intelligent things like distributing firewall rulesets so you could pick
off only the echo replies, BUT MAYBE THERE SHOULD BE. <-- HINT!
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
> > those peering points, you will not see any paths through Qwest on a
> > single carrier route server like Nitrous.
>
> Not true. Nitrous shows all routes it knows about whether they are
> preferred or not.
Yes true. Once the path selection is made only the "best&qu
term to refer to this nifty thing
> that we now call an Internet Exchange.
>
> The MAE in Phoenix was originally constructed by Dave Siegel
> and it ran from 1996 through 1998/9.
Or companies like http://www.maedulles.net/ who aren't exchange points at
all.
outer
would route for 30 seconds and then not route for 30 seconds, that was a
"bunch of 30 second outages" and not a 24 hour outage.
Just remember, it's not an outage, it's an (quoting AboveNet here)
"unscheduled network event". :)
--
Richard A Steenbergen <[EMAI
4-7 load
balancers). This is something that "routers" have typically avoided, and
I'm not aware of any router vendors who attempt to do load balancing based
on the load of a link.
Did you have any more specific questions?
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
hat you can design your RIB so
it is optimized for what it does most, insertions and deletions. Many RIB
applications improve greatly when they no longer need a Patricia tree.
To quote Avi Freedman, "Customer Enragement Feature".
To quote Majdi Abbas, "John Chambers owes me a pony".
ines.. they most
likely don't pay for transit..
I am about to call my lawyer about this and file lawsuits
against 95% of the #nanog room to find out who has taken advantage of my
system
...also with logs of everything said in #nanog I have over 50
cases of showing pornography to a m
bytes duped)
53862 out-of-order packets (75435307 bytes)
0.3% of non-ACK packets by packet were received out of order, or 2.8% by
bytes.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
T allow round
> robin distribution; it uses hashes. Sure, hashed distribution
> isn't perfect. But it's better than "perfect" distribution with
> added latency and/or retransmits out the wazoo.
You don't even need varying paths to create a desynch, all you n
m other
providers. Unfortunately for the cable companies, the people who they
could get the best deals from (the "mostly hosters") tend to be highly
based around the "major exchange points" cities (to most efficiently pump
traffic into the rest of the internet), not the "res
ndition that you will keep your traffic to a certain ratio?
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
k they can't
even build decent networks to deliver 10Mbit/s, @Home was the closest),
and just a general lack of things for end users to do with that much
bandwidth even if they got it.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
our
buffer, you might have the other side send you a few unnecessary bytes
that you just have to drop, but the situation should correct itself very
quickly. I don't think this would be "unfair" to any particular flow,
since you've eliminated the concept of one flow "
ace. Such silly things are detrimental to the stability of one's
> backbone. Permitting such silly things would be nightmarish.
Once upon a time, AboveNet did not permit anyone to announce their IP
space under any condition. I wonder if this is still the case.
--
Richard A Steenb
Randy) care about, not
because more routes is really harmful to the internet, but because it
impacts the memory usage and convergence times of their networks.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
it is
free'd. The limits are just there to prevent you from running away with a
socket buffer.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
're serious about sucking down data.
>
> Once a socket proves its intentions (and periodically after
> that), it gets to use a BIG buffer, so we find out just how fast
> the connection can go.
That doesn't prevent an intentional local DoS though.
--
Richard A Steenbergen <[E
for anyone to explain to me the
> issue of buffering. It appears to be completely unneccesary in a router.
Note that the previous example was about end to end systems achieving line
rate across a continent, nothing about routers was mentioned.
--
Richard A Steenbergen <[EMAIL PROTECTED]&
peoples
time for a few weeks, and the money is probably going to fund other Merit
activities, I'm not certain that I'd want the prices dropped much lower.
Unless of course, they'd like to give discounts for people who have
attended many past NANOGs are who are now unemployeed. :)
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
u can upgrade them or work around the other
side's stupidities is one of the biggest indicators of the quality of your
network.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
warm bodies or a perl monkey writing scripts to
muck with router configs, just to keep a "dynamic" routing protocol from
being "too dynamic". But I guess life isn't perfect. :)
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
ot out that UU would take calls from
anyone, every schmuck, crackpot, and prank call would be reporting
something somewhere. It's just not an easily scalable solution.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
est way to do global server load balancing, as I see it.
If you have a network, you can just use the same IP for your dns
servers in multiple locations, and let your IGP route it to the closest
one.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID
On Thu, Apr 25, 2002 at 01:15:03PM -0500, Jeff Harper wrote:
>
> Anyone think this is related the Klez virus?
Was UU running Outlook on their core routers?
With Juniper I suppose it's possible... :)
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.n
ldn't
handle a couple hundred connections from NANOG readers. If that is the
case, I would strongly suggest you reevaluate the language or method in
which it was written.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
everyone needs to
know (but usually doesn't) to handle DoS effectively, try reading:
http://www.e-gerbil.net/ras/projects/dos/dos.txt
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
till what I would rank as a secondary effect.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
, how effective would be using a no export community with ones
> peers (being non transitive, it would still distribute the force of the
> attack).
Many people do this already. If you're looking to purchase transit and you
think this is something you'll care about, ask for it
a time. More would not take down the
> session, but simply be ignored.
>
> I can carry 6 /32's for every peer I have, and if they only have
> 6, they will probably use them for the most abusive target.
I give it 2 months, then they'll start hitting random dst IPs in a ta
ring is only as good as your ability to DETERMINE WHAT
TO FILTER.
The only time you can get anything from this is when you admit defeat on
keeping your services responding to new connection but want to keep
existing connections and/or the end servers from failing completely.
Depending on the
of
> complaints.
You have an interesting situation. I think rate limiting outbound RSTs
would be the least offensive thing you could do, off the top of my head.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
On Wed, May 01, 2002 at 11:56:07PM -0600, Pete Kruckenberg wrote:
>
> On Thu, 2 May 2002, Richard A Steenbergen wrote:
>
> > You have an interesting situation. I think rate limiting
> > outbound RSTs would be the least offensive thing you
> > could do, off the top
oviding layer
3 all the way to the student. So when you send in a DoS complaint about
1.2.3.182, the campus computer nerd looks it up, and goes to knock on that
persons door. Little do they know that the actual compromised machine is
1.2.3.97 spoofing it. You ever tried explaining this to the camp
e on a DS3, or even if you have an OC48 from a provider who
either doesn't want to or doesn't know how to protect their infrastructure
from attacks, all of that means absolutily NOTHING.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
ning, I can tell you
4 things to add which will stop all existing packet kiddie tools in their
tracks. But then again, I'd rather just have a language for bitmatching at
any offset. :)
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
e enabled in JUNOS software upgrades without having to
swap hardware.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
On Thu, May 02, 2002 at 08:07:31PM +0200, Hank Nussbacher wrote:
>
> At 12:23 PM 02-05-02 -0400, Richard A Steenbergen wrote:
>
> >Thats what the IP2 does, match bytes in the headers and come back with a
> >thumbs down or a thumbs up and a destination interface. It'
o your network via transits.
The number you'd expect to filter is 50%, assuming the attacker in
question is using an evenly distributing random() function.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
On Fri, May 03, 2002 at 08:46:45AM -0700, Paul Vixie wrote:
>
> (time was, anyone who could use postfix and php would
> also know better than to spam, or at least, to spam *me*.
> .)
If you feel like you don't have enough spam, I'd be happy to let you have
some of m
rbial poop chute to prevent the sharing of simple recommendations
on DoS prevention with the networking community is that all useful,
intelligent, and responsable people consider their policies carefully
before working there.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.
). Go forth and be filterful. :)
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
think they would
stop. Spamming will stop when it stops being effective.
That said, I'm pretty sure this thread has now excercised my D key more
then a month's supply of spam. Isn't it about time we called it a day, or
perhaps moved this to a list more appropriate for compla
I don't think much work is
going to be done. Making RPF where reasonable a requirement for peering is
a place to start, but I don't see that as being enforcable.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
be interested in the data
structure. Rather then walking a straight access-list rule set doing a
comparison for every rule, you can make a "Filtering" Information Base
mtrie for source address rules. This is the entire point of standard
access-lists, and more recently compiled access-lis
could be. Of course then you'd need protocol extensions to
carry around actual null0 routes instead of a nexthop just reserved for
null routes... So this entire conversation is pretty pointless. :)
What we all really need is a protocol which can distribute filtering
information networ
On Mon, May 06, 2002 at 12:50:53AM -0400, [EMAIL PROTECTED] wrote:
> On Sun, 05 May 2002 22:11:12 EDT, Richard A Steenbergen said:
> > What we all really need is a protocol which can distribute filtering
> > information network-wide. Go make one. :)
>
> No, what we need i
> acls on E2 cards!
If your vendor isn't providing you with working products, find a new
vendor.
I'm not going to touch that config with a 10ft cattle prod though, it
better be automatically generated. That brings it down to the same level
of distasteful tolerance for the good of the i
rea, your big 3 are:
Equinix
PAIX
Switch and Data
For price, quality, and if your goal is primarily to purchase transit, I
would recommend Equinix, located in Ashburn VA.
That said, this isn't the appropriate list for that kind of question.
ISP-Bandwidth or ISP-Colo might be more appropr
as
> most other DDoS defenses.
Don't confuse the rantings of a nutcase and his T1 with useful information
about DoS. I have to admit I like the direction the made up acronyms are
going though, can we have MS-DOS next? :)
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://ww
00Mb/s minimum traffic exchanged
Must peer at OC12 or higher
Must peer in 8 locations
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
en it is to get a metro OC12. Multiply that by the number of people they
do peer with, and it adds up to a lot.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
I know this isn't quote North American, but does anyone know what major
exchange points exist in Asia? The largest one I've found so far is JPIX,
which seems to move a fair amount of traffic
(http://www.jpix.co.jp/en/techncal/traffic.html). Any other major ones?
--
Richard A S
tions and trying to find traffic stats.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
lly cheap).
If you're using the same transit provider in both cities, how about
announcing the /20, and the 2 /21s tagged with no-export. The /20 would be
heard by the world and get the traffic to your transit provider, then the
/21s would route it to the right exit point.
--
Richard A Steenberg
and maintained a reasonable throughput (say 30 or
> SJW> 40Mbs) ? I'd be interested if anyone has a proven technique
>
> Anyone know more than myself about InterNAP who can disclose
> details?
Internap uses seperate, completely unconnected ASs for each city.
--
Richard A Ste
t. More than a few people do (though I personally would not buy
from them).
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
put through the GRE tunnel.
Handy for getting around MTUs you can't increase. Unfortunately, I do not
believe Juniper has any such functionality (even when gre is done by the
RE).
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (
attacks. I'm still recommending rate limiting
your outbound RSTs either on the webservers themselves (which a good OS
should do), or on the routers. :)
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
eir own advantages and disadvantages, for
example in Dallas both PAIX and Equinix sit right beside each other at the
Infomart. In others, one or the other is out of space.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
moment to laugh uncontrollably. It has nothing to do with ISIS or MPLS,
it has to do with making your existing functionality work correctly and
behave in a sensible fashion. Nothing personal against Foundry, but the
people in charge couldn't possibly "not get it" any more than they
ate. And if^H^Hwhen you run into a really fun issue, don't even think
about calling Foundry TAC after hours, all you'll get is someone's house
with their screaming kids in the background.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
ouse
with their screaming kids in the background on a regular basis. I do know
how to operate a telephone, thanks. :)
And it's nothing personal, I have actually been one of Foundry's biggest
supporters compared to almost every other engineer I know. Everyone else
gave up using th
has better excuses to go
along with them. :)
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
quickly, and
if Merit is actually hiring people to censor NANOG 24/7 someone needs to
reevaluate their funding), but I have seen censoring in the past which is
almost comical in nature, for example the "Sexual Harassment" filter.
Best be careful, the PC police are coming for you.
--
Ri
e that held a university
> degree. One I fired after 2 months, the other I fired after 3.
"Sir, I think you have me confused with someone who cares".
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
cs from
reputable companies like GX, EXDS, and CSCO.
http://www.bblabs.com/highspeed.htm
http://www.bblabs.com/data_center_picture.html
http://www.bblabs.com/dedicated_server.htm
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
rojecting your personal prejustices about what learning style works best
upon others is neither smart nor productive. Can we all just leave it at
that, and try to get back to something operational?
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
at can
explain what your probe is doing, and a webpage for people to read
more about what you are doing and why (such as how it benefits them).
* Have an "opt out" option for networks who REALLY don't like probes.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
uys who could build a
very beefy 2GHz box for computationally intensive tasks (like a route
reflector).
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
probably best off trying to
get as much data as possible passively. :)
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
net equivilent of
crying wolf. In my opinion, it is the responsability of these personal
firewall makers to at least make an EFFORT to warn their users about this.
So far, I havn't seen it.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
hould contact them?
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
27;ve tried preparing lists of the worst offenders and emailing them, and
the vast majority don't answer and do nothing about it. If we could
seperate the people with legitimate needs from the net polluters, we could
then proceed to filter with a vengence. 5000 for 62000 sounds like a
On Thu, May 30, 2002 at 01:10:58PM -0400, Leo Bicknell wrote:
>
> In a message written on Thu, May 30, 2002 at 11:27:49AM -0400, Richard A Steenbergen
>wrote:
> > I'd be mildly concerned that people would see "free IP blocks" and start
> > using them even wh
h silly bureaucracy.
That said, this has very little place on NANOG.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
On Sat, Jun 01, 2002 at 06:42:58PM -0400, Ralph Doncaster wrote:
>
> I've noticed a large chunk of my customer traffic coming from
> Microsoft. Anyone know if they peer anywhere on the East coast?
I think you have [EMAIL PROTECTED] confused with [EMAIL PROTECTED]
--
Richard
r-CPU'd, and I think most engineers would
rather have routes converge 30% faster than protect against an attack
noone has ever done.
That and its just one more thing to negotiate with the other side. :)
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PG
all of these from my routing table, but not with filtering
RFC1918 space or exchange point routes (at least not on the border device
connecting to it :P) from source addresses.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
HOULDN'T be transited by anyone, therefore you
should not hear them from your peers.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
nues to work.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
I'm not terribly sure why you would want to make traceroutes lose all
information about the circuits you're traveling through. It would make
diagnostics an everloving nightmare, IMHO.
--
Richard A Steenbergen <[EMAIL PROTECTED]> http://www.e-gerbil.net/ras
PGP Key ID: 0x138E
1 - 100 of 506 matches
Mail list logo
