Re: facebook worm

2008-08-07 Thread Gadi Evron
[top-posting] Now that this worm has been somewhat balked, I'd like to thank the membership for your patience with this off-topic post. I realize it is probably as annoying to some as it was useful to others. My thinking was that on the rare occasion when we can anticipate *possible* and *se

Re: facebook worm

2008-08-07 Thread Paul Wall
Gadi, Please take a few moments to reflect on: http://www.nanog.org/endsystem.html I'd appreciate it if you'd try and keep future off-topic postings like this to a minimum, as it makes the list difficult to wade through to get to what matters. Regards, Paul (not currently MLC, though I promise

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Rob Thomas
This is scanning of darknets - usually you're interested in what comes back, i.e. can you 0wn it? so src has to be valid. Yep yep. -- Rob Thomas Team Cymru http://www.team-cymru.org/ cmn_err(CEO_PANIC, "Out of coffee!");

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Rob Thomas
Hey, Randy. this is an extremely far cry from 60%. what am i not understanding? There are a few factors at work here. One, the 60% figure was from 2001-03-16. There were more bogons then, and our sundry measures saw a lot more malevolence from bogon space. A popular belief in the undergr

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Niels Bakker
* [EMAIL PROTECTED] (Randy Bush) [Fri 08 Aug 2008, 00:59 CEST]: rob, If the source of a scan or probe is a bogon, we tag it that way in our data store. I went back to 2008-01 and found the following percentages of bogons in our data: [..] 2008-08: 0.001258054% (thus far) this is an extr

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Randy Bush
rob, > If the source of a scan or probe is a bogon, we tag it that way in our > data store. I went back to 2008-01 and found the following percentages > of bogons in our data: > >2008-01: 0.001095262% >2008-02: 0.001759343% >2008-03: 0.001619555% >2008-04: 0.001433908% >2008-

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Rob Thomas
I guess I parsed that differently than you did. When he said "fully 60% of the naughty packets were obvious bogons", I read that as meaning 60% of all bad packets (bogon-sourced or otherwise) were from bogon space. That's correct. -- Rob Thomas Team Cymru http://www.team-cymru.org/ cmn_err(

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Patrick W. Gilmore
On Aug 7, 2008, at 5:35 PM, Robert E. Seastrom wrote: Randy Bush <[EMAIL PROTECTED]> writes: How much does it help to filter the bogons? In one study conducted by Rob Thomas of a frequently attacked site, fully 60% of the naughty packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.) S

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Patrick W. Gilmore
[Just a correction because Randy attributed something to me that I didn't do.] On Aug 7, 2008, at 4:14 PM, Randy Bush wrote: btw, patrick neglected the last sentences of that paragraph, which made me wonder what rob would actually say. luckily, in response to my post, rob replied that he

RE: was bogon filters, now "Brief Segue on 1918"

2008-08-07 Thread Darden, Patrick S.
Hi Jay, Jay Ashworth: > Sure. And he's not always right either; none of us are. > But he gave cogent arguments to support his point, and you gave us He gave good arguments. You, however, did not. > None of which amounts to "wants to hurt people", which is what you >accused him of. I was out

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Rob Thomas
Hi, NANOG (he says with a shout)! btw, patrick neglected the last sentences of that paragraph, which made me wonder what rob would actually say. luckily, in response to my post, rob replied that he/they would try to get some useful measures in the near term. i am patient. Yep yep, have some

Re: IPv6 bogons/unallocated space list?

2008-08-07 Thread Rob Thomas
Is there such a beast yet? I didn't see anything on the CYMRU page (so its either completely obvious, or not there). It's not easily located, but it does exist:

Re: IPv6 bogons/unallocated space list?

2008-08-07 Thread Arnold Nipper
On 07.08.2008 23:28 Deepak Jain wrote Is there such a beast yet? I didn't see anything on the CYMRU page (so its either completely obvious, or not there). Given the shrinking use of IPv4 bogon lists and the increasing need of a well-updated IPv6 one, I figured I'd ask. http://www.space.net/

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Robert E. Seastrom
Randy Bush <[EMAIL PROTECTED]> writes: >>> How much does it help to filter the bogons? In one study conducted by >>> Rob Thomas of a frequently attacked site, fully 60% of the naughty >>> packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.) >> >> Stated another way, you can get 60% success

IPv6 bogons/unallocated space list?

2008-08-07 Thread Deepak Jain
Is there such a beast yet? I didn't see anything on the CYMRU page (so its either completely obvious, or not there). Given the shrinking use of IPv4 bogon lists and the increasing need of a well-updated IPv6 one, I figured I'd ask. thanks, Deepak

Excessive Latency on Verio backbone

2008-08-07 Thread Fouant, Stefan
Is there something going on In Verio's backbone this afternoon? It seems I am getting excessive latency between two of my sites which are directly connected through AS 2914: rtrpxny> traceroute 140.174.21.x as-number-lookup traceroute to 140.174.21.x (140.174.21.x), 30 hops max, 40 byte p

Re: was bogon filters, now "Brief Segue on 1918"

2008-08-07 Thread Jay R. Ashworth
On Thu, Aug 07, 2008 at 03:55:13PM -0400, Patrick Darden wrote: > Jay R. Ashworth wrote: > >You really think Michael is malicious in his intent? > >You've spent a whole lot of time paying now attention around here, > >haven't you? > > I think Michael tends to get confrontational. As, apparently,

Re: was bogon filters, now "Brief Segue on 1918"

2008-08-07 Thread Patrick Darden
Hi Jay, Jay R. Ashworth wrote: You really think Michael is malicious in his intent? You've spent a whole lot of time paying now attention around here, haven't you? I think Michael tends to get confrontational. As, apparently, do you. I'm on a lot of the same lists Michael is on. Have b

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Randy Bush
>> How much does it help to filter the bogons? In one study conducted by >> Rob Thomas of a frequently attacked site, fully 60% of the naughty >> packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.) > Stated another way, you can get 60% success on bogon filtering by > ignoring the free pool

Re: Out of Date Bogon Prefix

2008-08-07 Thread Member Services
The code that Randy mentioned is part of an ARIN bogon testing initiative. ARIN funded this work and provided equipment to Randy to perform this testing. ARIN thanks Randy and those who worked with him for the effort in this area. ARIN will deploy this code as it continues its bogon testing ef

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Robert E. Seastrom
"Patrick W. Gilmore" <[EMAIL PROTECTED]> writes: > How much does it help to filter the bogons? In one study conducted by > Rob Thomas of a frequently attacked site, fully 60% of the naughty > packets were obvious bogons (e.g. 127.1.2.3, 0.5.4.3, etc.) Stated another way, you can get 60% success

Re: was bogon filters, now "Brief Segue on 1918"

2008-08-07 Thread Jay R. Ashworth
On Thu, Aug 07, 2008 at 01:47:02PM -0400, Patrick Darden wrote: > I've always enjoyed your posts Michael. You are obviously an expert, > with no patience for idiocy, and you always go for the throat and try to > hurt the other person as much as you can. Your messages are always very > entertai

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Patrick W. Gilmore
On Aug 7, 2008, at 2:04 PM, Pete Templin wrote: Patrick W. Gilmore wrote: Filter your bogons. But do it in an automated fashion, from a trusted source. Of course, I recommend Team Cymru, which has a most sterling record. Nearly perfect (other than the fact they still recommend MD5 on BGP

Sprint IP engineer

2008-08-07 Thread Jon Lewis
Could a Sprintlink.net IP engineer please get in touch with me. I'd like to talk about some really unusual IP routing/connectivity issues I'm seeing between our network and yours. -- Jon Lewis | I route Se

Re: Is it time to abandon bogon prefix filters?

2008-08-07 Thread Pete Templin
Patrick W. Gilmore wrote: Filter your bogons. But do it in an automated fashion, from a trusted source. Of course, I recommend Team Cymru, which has a most sterling record. Nearly perfect (other than the fact they still recommend MD5 on BGP sessions :). How can you recommend Team Cymru,

Re: was bogon filters, now "Brief Segue on 1918"

2008-08-07 Thread Patrick Darden
I've always enjoyed your posts Michael. You are obviously an expert, with no patience for idiocy, and you always go for the throat and try to hurt the other person as much as you can. Your messages are always very entertaining. In this case, however, you are responding to a conversation that

RE: was bogon filters, now "Brief Segue on 1918"

2008-08-07 Thread michael.dillon
>Your point seemed to be that > it is not a large enough allocation of IPs for an > international enterprise of 80K souls. My rebuttal is: 16.5 > million IPs isn't enough? You don't seem to understand how IPv4 networks are designed and how that interacts with scale, i.e. the large sprawling n

Ericsson / Marconi AHX ADSL2+

2008-08-07 Thread Adam Armstrong
Hi All, Are any of you using Marconi/Ericsson AXH 2500 (or similar) MSANs for ADSL2+? Does anyone know much about setting up ADSL2+ to operate stabily with fastpath (trellis off) and adaptive runtime on? Any offlist help would be much appreciated! Thanks, adam.