On Jan 15, 2010, at 7:53 PM, Jim Burwell wrote:
> Sorry for late response here...
>
> On 1/14/2010 15:20, Cameron Byrne wrote:
>> On Thu, Jan 14, 2010 at 3:00 PM, Jim Burwell wrote:
>>
>>> On 1/14/2010 11:10, Cameron Byrne wrote:
>>>
Folks,
My question to the community is: as
- "Mark Schouten" wrote:
> Hi,
>
> FYI:
>
> http://virbl.bit.nl/index.php#ipv6
>
> Comments on the listing method are appreciated.
>
> Regards,
>
wow bind? thats gonna get slower and slower and slower. I hope you have a TON
of ram for that box. for example
if we loaded the current
Sorry for late response here...
On 1/14/2010 15:20, Cameron Byrne wrote:
> On Thu, Jan 14, 2010 at 3:00 PM, Jim Burwell wrote:
>
>> On 1/14/2010 11:10, Cameron Byrne wrote:
>>
>>> Folks,
>>>
>>> My question to the community is: assuming a network based IPv6 to IP4
>>> translator is in pl
The listing method is if you actually receive virus traffic over v6.
Which someone will, sooner or later ..
Yes, I agree with listing a slightly larger range - given that /64
seems to be what most anyone gets these days with a free tunnel.
I wish you all the very best of fun trying to run dnsbl z
That's the translation the Chinese Government has inserted into the Google
Translation service. ;)
-Original Message-
From: Fred Baker [mailto:f...@cisco.com]
Sent: Friday, January 15, 2010 4:28 PM
To: tv...@eyeconomics.com
Cc: NANOG
Subject: Re: Anyone see a game changer here?
On Jan
On Jan 15, 2010, at 4:34 PM, tv...@eyeconomics.com wrote:
On Jan 16, 2010, at 12:15 AM, Fred Baker wrote:
On Jan 15, 2010, at 3:05 PM, Bruce Williams wrote:
Can you prove you are not Chinese and my computer is not hacked?
Fred is your real name, isn't it? You are Fred, aren't you?
You.
On Sat, Jan 16, 2010 at 10:00:38AM +0900, Randy Bush wrote:
> i am confused here, which is not at all unusual. did the chinese get
> any data which google does not give to american LEAs in answer to an
> administrative request, i.e. not even a court order?
You mean why didn't they just ask for it
I have a client in Edmonton who's looking for a network drop to their
office, something in the 2-10 MB/s range. The location is at 46 Ave.
and 99 St.
The core requirement is for a bare unfiltered *symmetric* pipe (no
ADSL). Traffic volume will be low: 2-4 laptop VPNs plus some light
web server an
i am confused here, which is not at all unusual. did the chinese get
any data which google does not give to american LEAs in answer to an
administrative request, i.e. not even a court order?
randy
Hey Marcus, you got what you wanted pal
(http://www.youtube.com/watch?v=FSUPTZVlkyU), cyber security ramped up
as a
national security agenda item.
http://news.cnet.com/8301-30684_3-10436018-265.html
Congrats,
Andrew
On Jan 16, 2010, at 12:15 AM, Fred Baker wrote:
On Jan 15, 2010, at 3:05 PM, Bruce Williams wrote:
Can you prove you are not Chinese and my computer is not hacked?
Fred is your real name, isn't it? You are Fred, aren't you?
You. Says so on my business card...
看的也不見!
TV
On Fri, Jan 15, 2010 at 02:14:03PM -0800, Nathan Eisenberg wrote:
> > -Original Message-
> > From: bmann...@vacation.karoshi.com
> > [mailto:bmann...@vacation.karoshi.com]
> > Sent: Friday, January 15, 2010 1:54 PM
> > To: Michelle Sullivan
> > Cc: nanog@nanog.org
> > Subject: um... human g
On Jan 15, 2010, at 3:05 PM, Bruce Williams wrote:
Can you prove you are not Chinese and my computer is not hacked?
Fred is your real name, isn't it? You are Fred, aren't you?
You. Says so on my business card...
<>
> To my understanding they believe that people that live in China are relevant
> (which is why they brought it up in the context), but they are very
> carefully saying that they don't know the exact perpetrators.
>
> http://www.ipinc.net/IPv4.GIF
>
>
>
Uh, Fred the link is to an image that has not
On Jan 13, 2010, at 8:31 AM, Anthony Uk wrote:
The ability to automatically discern users' political positions from
their inbox is not one that any email provider reasonably needs.
I'm not Chinese, but putting myself in their position...
I would be surprised if they were trying to determine
The Google Spokesperson I heard on the radio yesterday evening said
that they had not yet stopped censoring, and declined to give a date
when they would. His point was that the clock is ticking and Google
can see it.
On Jan 13, 2010, at 8:52 AM, Jérôme Fleury wrote:
On Wed, Jan 13, 2010 at
On 1/14/10 12:31 AM, Steven Bellovin wrote:
On Jan 13, 2010, at 5:26 PM, mshel...@cox.net wrote:
From a single detection of one hostile email you can often expand the picture
to many mail recipients. A little open source research identifies the common
community the recipients belong to. I
On 1/15/10 3:14 PM, Nathan Eisenberg wrote:
Slightly confused - it sounds like you're asking if you can list
yourself on a blacklist? Is that a self-immolating form of protest,
or did I misread?
Sounds more like to me an attempt to engineer a situation to cause grief
on SORBS end.
Maybe it
> -Original Message-
> From: bmann...@vacation.karoshi.com
> [mailto:bmann...@vacation.karoshi.com]
> Sent: Friday, January 15, 2010 1:54 PM
> To: Michelle Sullivan
> Cc: nanog@nanog.org
> Subject: um... human generated requests
>
>
>
> If I may ... two questions:
>
> a) do
This report has been generated at Fri Jan 15 21:11:26 2010 AEST.
The report analyses the BGP Routing Table of AS2.0 router
and generates a report on aggregation potential within the table.
Check http://www.cidr-report.org for a current version of this report.
Recent Table History
Date
BGP Update Report
Interval: 07-Jan-10 -to- 14-Jan-10 (7 days)
Observation Point: BGP Peering with AS131072
TOP 20 Unstable Origin AS
Rank ASNUpds % Upds/PfxAS-Name
1 - AS580029398 2.6% 133.0 -- DNIC-ASBLK-05800-06055 - DoD
Network Information Center
2 -
If I may ... two questions:
a) do the humans @ SORBS use the AI/GUI that everyone else uses to
query/request
changes or do all SORBS internal manipulations use an entirely
different AI/GUI?
b) is there any method for someone to request their (as opposed to
Hello Everyone:
The thread "Sorbs on autopilot?" has been moderated.
Kind Regards,
Mike (on behalf of the NANOG CC)
--
Michael K. Smith - CISSP, GSEC, GISP
Chief Technical Officer - Adhost Internet LLC mksm...@adhost.com
w: +1 (206) 404-9500 f: +1 (206) 404-9050
PGP: B49A DDF5 8611 27F3 08B9
On 1/15/10 10:15 PM, Fred Baker wrote:
On Jan 15, 2010, at 8:13 AM, Gadi Evron wrote:
1. Unlike GhostNet, which showed an interesting attack but jumped to
conclusions without evidence that it was China behind them -- based on
Ethos alone I'd like to think that when Google says China did it, th
Logan Vig wrote:
Here are some tickets to review:
205929
206524
207964
208986
and for the /24's which finally resulted in the /18 being delisted:
208996-209062
Well from the initial look you kept submitting new tickets and the SORBS
staff kept merging them into the latest ticket as pre
On Jan 15, 2010, at 8:13 AM, Gadi Evron wrote:
1. Unlike GhostNet, which showed an interesting attack but jumped to
conclusions without evidence that it was China behind them -- based
on Ethos alone I'd like to think that when Google says China did it,
they know. Although being a commercia
In a message written on Fri, Jan 15, 2010 at 01:26:49PM -0500, Jed Smith wrote:
> Let me reiterate for the benefit of Ricky Beam, Ken Chase, Leo Bicknell, Paul,
> and anybody else who is tempted to debate Michelle in this thread: you are
> 100%
> wasting your time.
Good advice, for sure. Fortuna
On Fri, Jan 15, 2010 at 05:01:54PM +, William Hamilton wrote:
>
> I agree it's perhaps not clear how to get hold of a human, but you can't
> really argue that it's not clear how to progress the issue in general as
> the message quite clearly tells you to respond if you wish for it to be
> r
On Jan 15, 2010, at 10:06 AM, Michelle Sullivan wrote:
For fast approval:
Log ticket -> robot checks rDNS for all networks listed in ticket ->
robot confirms all space is static and submits the ticket to the
removals queue where it is manually checked by a human and processed.
For manual approval
On Jan 15, 2010, at 12:08 PM, Michelle Sullivan wrote:
>> 2) SORBS robot reponds with "you must change your rDNS."
> ... or respond to indicate why you think the robot is wrong...
This does not work. Our provider has been told that unless the in-addr was
changed to include the word "static", t
This is an automated weekly mailing describing the state of the Internet
Routing Table as seen from APNIC's router in Japan.
Daily listings are sent to bgp-st...@lists.apnic.net
For historical data, please see http://thyme.apnic.net.
If you have any comments please contact Philip Smith .
Routing
On Fri, 15 Jan 2010, Michelle Sullivan wrote:
Well 3 people have ignored the last 2 sentences... so please tell me what is
unclear in them? The only correct response was in 260573 when someone
The robot response, like much of the SORBS web site is rather longwinded,
and I suspect many people
This will be my only reply to the conversation now that Michelle has poked in
and taken control of the thread.
I had a beef with SORBS a while back on behalf of my day job, and it cost me
quite a bit -- in frustration, in doing a few things publicly that I regret, and
ultimately in spending a mont
William Hamilton wrote:
On 15/01/2010 16:57, Michael Thomas wrote:
The difference is that nobody wants to "talk" to a robot when they're
the victim
of a false positive which is causing business impacting interruption. A
robot is not
empowered to go beyond its instructions, and if it's programme
On Fri, Jan 15, 2010 at 5:37 AM, Durand, Alain
wrote:
> [resending with more readable, apologies for the duplicate]
>
> DS-lite can work both for fixed and wireless scenario, where you have a
> laptop/pda/smarphone/tablet
> that is only configured by the access network with IPv6 but want to access
Michelle,
--
Paul
In the beginner's mind there are many possibilities, but in the expert's mind
there are few.
Shunryu Suzuki
On Fri, 15 Jan 2010, Michelle Sullivan wrote:
That is my view, however most (if not all) of the tickets were for the /22
not the /32 which is why it was rejected.
Leo Bicknell wrote:
So, let me see if I got this right:
1) Network reports 1.2.3.0/24 has no dynamic IP addresses in it.
Networks don't report anything, people do, and in the majority of cases
not the network owner (where network owner = person listed in the RIR as
the POC)
2) SORBS ro
On 15/01/2010 16:57, Michael Thomas wrote:
The difference is that nobody wants to "talk" to a robot when they're
the victim
of a false positive which is causing business impacting interruption. A
robot is not
empowered to go beyond its instructions, and if it's programmed either
wrong or with
in
paul wrote:
Michelle,
Thanks for your email. Please specifically look at ticket 260695. I
created the ticket on January 5th at about 1:30EST. Immediately I got
my response from the robot.
See my other message in addition.
I replied a few minutes later with:
67.196.137.188/32
TTL is r
William Hamilton wrote:
"Please reply to this message to reopen your ticket and escalate your
case to a live human being."
And now SORBS:
"If you feel otherwise, please reply to this message
to re-open your ticket."
Try as I might I really can't see what is not clear here...
The difference
I have no information about the state of the Internet links in Haiti
(everything seems down) but, for the .HT top-level domain, here are a
few news.
.HT has six name servers, four outside of the country. They were not
affected so .HT never had a problem resolving. Main DNS lesson: always
put name
On Fri, 15 Jan 2010, Eric Brunner-Williams wrote:
> After the Katrina landfall a diverse group of wireless people started
> organizing a relief effort...
There are quite a lot of us working on it, is there something specific
you're volunteering to do?
On 1/15/2010 10:26 AM, William Hamilton wrote:
On 15/01/2010 16:14, William Herrin wrote:
Is it bad English? Is it not clear?
No, it is not clear.
It's perfectly clear.
Can anyone else give better wording
that might result in less of an issue?
"Please reply to this message to reopen your
Ken Chase wrote:
Fair enough, but it wasnt just me.
I have the customer who submitted his own tickets as well, as well as NAC.net
who has admins (an email admin, actually), who seems to know his way around RBLs
and the current state/reputation/happenings in the spam/RBL/mail world.
Customer has
Michelle,
Thanks for your email. Please specifically look at ticket 260695. I
created the ticket on January 5th at about 1:30EST. Immediately I got my
response from the robot.
I replied a few minutes later with:
67.196.137.188/32
TTL is right. PTR is right.
From your email, it is my
On Fri, Jan 15, 2010 at 11:26 AM, William Hamilton wrote:
>>> Is it bad English? Is it not clear?
>> No, it is not clear.
>
> Try as I might I really can't see what is not clear here...
It isn't clear that there's a way to reach a human being at sorbs
other than complaining acerbically on a news
After the Katrina landfall a diverse group of wireless people started
organizing a relief effort, culminating in work around Waveland. There was
also a group from the NPGS in Monterey, who worked on the Boxing Day Tsunami
aftermath.
Does anyone have a similar contact set?
hello eric
i rec'd
In a message written on Fri, Jan 15, 2010 at 05:06:18PM +0100, Michelle
Sullivan wrote:
> The common a reoccurring issue is the response by the robot has given
> the next logical step to progress any delisting request (as has been
> stated here recently, in another thread).. and the requester h
On 15/01/2010 16:14, William Herrin wrote:
Is it bad English? Is it not clear?
No, it is not clear.
It's perfectly clear.
Can anyone else give better wording
that might result in less of an issue?
"Please reply to this message to reopen your ticket and escalate your
case to a live human
On 1/15/10 5:23 PM, Sachs, Marcus Hans (Marc) wrote:
The botnet concept is one of the old rules. The way the APT works and
what it is used for is the new game.
Perhaps for talking about, but it is far from new. Come on Marc.
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevro
Fair enough, but it wasnt just me.
I have the customer who submitted his own tickets as well, as well as NAC.net
who has admins (an email admin, actually), who seems to know his way around RBLs
and the current state/reputation/happenings in the spam/RBL/mail world.
Customer has posted these ticke
On Fri, Jan 15, 2010 at 11:06 AM, Michelle Sullivan wrote:
>> I'm now marking this request as 'answered' as I think there's nothing
>> more for me to do. If you feel otherwise, please reply to this message
>> to re-open your ticket. In particular, if you change your rDNS
>> information.
>
> Each o
On 1/15/10 5:52 PM, Steven Bellovin wrote:
On Jan 15, 2010, at 10:43 AM, Jared Mauch wrote:
On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
Does anyone really believe that the use of targeted 0-day exploits to gain
unauthorized access to information hasn't been at least considered if not us
Ronald Cotoni wrote:
At the same time, I never hear this about spamhaus or outblaze. Go
figure :( Maybe your system is too confusing and you might want to
take a survey and revamp it to something a bit more functional.
I have never heard it about Outblaze, but I have heard "at least we ge
> We now have (and have had for a few years) what appears to be nation-state
> hacking. The differences are in targets and resources available to the
> attacker.
Agreed, and given that is more easy to aggregate bits of information
from different sources to put together the puzzle it makes more
Ken Chase wrote:
Anyone got some pointers on how to get off SORBS' Dynamic IP lists?
We've followed their RFC proposed static reverse DNS assignment naming and all
elements of their FAQ.
We are not spammers. The /24 in question isnt listed on any RBLs except SORBS
DUL.
We've submitted request
On Fri, Jan 15, 2010 at 10:20:33AM -0500, Marshall Eubanks wrote:
>Where are these quotes coming from ?
That particular one:
http://redtape.msnbc.com/2010/01/gregory-fayer-opened-an-e-mail-on-monday-night-that-looked-like-it-was-from-a-fellow-lawyer-at-gipson-hoffman-pancione-inst.html
On Jan 15, 2010, at 10:43 AM, Jared Mauch wrote:
>
> On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
>
>> Does anyone really believe that the use of targeted 0-day exploits to gain
>> unauthorized access to information hasn't been at least considered if not
>> used by spies working for other [
On Fri, Jan 15, 2010 at 10:17 AM, Michelle Sullivan wrote:
> telmn...@757.org wrote:
>>>
>>> Did SORBS really cause you that much pain?
>>
>> Yes. We purchased colo space for some systems that didn't need high class
>> of service (mostly development systems.) The IP space in a former lifetime
>> w
Hi,
FYI:
http://virbl.bit.nl/index.php#ipv6
Comments on the listing method are appreciated.
Regards,
--
Mark Schouten, Unix/NOC-engineer
BIT BV | i...@bit.nl | +31 318 648688 | KvK: 09090351
MS8714-RIPE | B1FD 8E60 A184 F89A 450D A128 049B 1B19 9AD6 17FF
On Jan 15, 2010, at 10:37 AM, Jon Lewis wrote:
> Does anyone really believe that the use of targeted 0-day exploits to gain
> unauthorized access to information hasn't been at least considered if not
> used by spies working for other [than China] countries?
I think only those not paying attent
Folks,
After the Katrina landfall a diverse group of wireless people started
organizing a relief effort, culminating in work around Waveland. There
was also a group from the NPGS in Monterey, who worked on the Boxing
Day Tsunami aftermath.
Does anyone have a similar contact set?
Eric
On Fri, 15 Jan 2010, Bruce Williams wrote:
"The alleged attacks from China are troubling on many fronts. On
Thursday, security firm McAfee released a report saying the program
used to target U.S. firms involved a so-called "zero day"
vulnerability -- one that was to this point unknown to the se
On Jan 15, 2010, at 9:21 AM, Gadi Evron wrote:
> On 1/15/10 4:07 PM, Bruce Williams wrote:
>> As if the old threat models weren't bad enough...
>
> The old threat models were simply not up to date.
Precisely correct. This has been going on for quite some time; some people
simply weren't payin
The botnet concept is one of the old rules. The way the APT works and what it
is used for is the new game.
--
Marcus H. Sachs
Verizon
+1 202 515 2463
Sent from my Verizon BlackBerry Storm
http://www.verizonwireless.com/storm
- Original Message -
From: Gadi Evro
Where are these quotes coming from ?
Marshall
On Jan 15, 2010, at 9:07 AM, Bruce Williams wrote:
Part of the discussion of recent attacks by targeted email to
individuals crafted to deceive that particular individual based on
intelligence gathered for this use by governments.
"The alleged att
On 1/15/10 4:32 PM, Sachs, Marcus Hans (Marc) wrote:
The APT is the new game. Old rules, new game.
I don't see why it's new just because suddenly people know what's going
on around them. A bit like with botnets before 2004.
Gadi.
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://ge
telmn...@757.org wrote:
Did SORBS really cause you that much pain?
Yes. We purchased colo space for some systems that didn't need high
class of service (mostly development systems.) The IP space in a
former lifetime was a dialup pool for analog modems.
We of course changed the reverse DNS e
The APT is the new game. Old rules, new game.
--
Marcus H. Sachs
Verizon
+1 202 515 2463
Sent from my Verizon BlackBerry Storm
http://www.verizonwireless.com/storm
- Original Message -
From: Gadi Evron
To: nanog@nanog.org
Sent: Fri Jan 15 09:21:15 2010
Subject
On 1/15/10 4:07 PM, Bruce Williams wrote:
As if the old threat models weren't bad enough...
The old threat models were simply not up to date.
Gadi.
Bruce
--
Gadi Evron,
g...@linuxbox.org.
Blog: http://gevron.livejournal.com/
Part of the discussion of recent attacks by targeted email to
individuals crafted to deceive that particular individual based on
intelligence gathered for this use by governments.
"The alleged attacks from China are troubling on many fronts. On
Thursday, security firm McAfee released a report say
[resending with more readable, apologies for the duplicate]
DS-lite can work both for fixed and wireless scenario, where you have a
laptop/pda/smarphone/tablet
that is only configured by the access network with IPv6 but want to access
IPv4 content FROM IPv4
applications. This is the main differenc
>
> I have looked at DS-lite very carefully. First, DS-Lite fits better
> for cable operators since they have CPE and can have a DS-lite
> function in the CPE that they control, and that in turn allows them to
> provide IPv4, IPv6, and dual-stack to the end-host that they do not
> control. DS
Hello,
Thank you for launching such useful discussions for operators. IPv6
introduction in mobile networks is certainly one major issue we have to
consider for services and business development.
As you stated, pressure on public and private IPv4 addresses is more and more
important and we have
74 matches
Mail list logo
