On Wed, 10 Feb 2010, Suresh Ramasubramanian wrote:
That's IODEF, if and when it picks up enough steam to get widely deployed.
That looks over-engineered, but at least someone can create a web service
where the user can fill in fields and use drop-down menus to create the
XML and the cut/past
That's IODEF, if and when it picks up enough steam to get widely deployed.
On Wed, Feb 10, 2010 at 10:37 AM, Mikael Abrahamsson wrote:
>
> Unfortunately this seems very focused on reporting SPAM and other email
> related abuses. What I was looking for was a way to format a generic abuse
> report
On Tue, 9 Feb 2010, J.D. Falk wrote:
A few years I proposed a standard way to report abuse by email (X-headers) but
nobody was interested.
There's a (draft, de facto) standard format for automated reports between
providers:
http://mipassoc.org/arf/
http://tools.ietf.org/wg/marf/
Unfortuna
On Tue, Feb 9, 2010 at 8:20 PM, Drew Weaver wrote:
>
> Half of the time our abuse people spend is wading through the spam at the
> abuse@ addresses =)
Oh we love that. Find some way to automate feeding all that to your
spam filters and you got yourself a sizeable trap, if the abuse
address is a
On Tue, 2010-02-09 at 17:44 -0500, Andrey Gordon wrote:
> What I don't get is why there is consistency in opening sites. Why does
> facebook open all the time and store.apple.com barely opens all the time.
> I'd say if it would be NAT exhaustion, they would all behave the same way
> meaning open an
On Tue, 2010-02-09 at 17:04 -0500, Andrey Gordon wrote:
> Thx to all the folks replying off the list.
>
> The more I trouble shoot the more I'm convinced that it's not the sites that
> are doing rate-limiting. I went to a website of one of my previous employers
> (a small company). Chances of them
On Tue, 09 Feb 2010 17:44:01 EST, Andrey Gordon said:
> It does seem much like NAT exhaustion even though the f/w claims only 13K
> session for two dynamic NATs and about 20 static ones.
> What I don't get is why there is consistency in opening sites. Why does
> facebook open all the time and stor
On Tue, Feb 09, 2010 at 09:56:23AM -0800, Jay Hennigan wrote:
> Mark wrote:
>> Hello nanog,
>>
>> Just wondering if anyone is experiencing the same problem with google
>> and openDNS on their end or knows what's going on there with openDNS.
>> The problem just occurred about 20 minutes ago.
>
>
That's not surprising behaviour on a PaloAlto unit, they are still
very young in the market and my colleagues have had issues with NAT
and proxy arp in the recent past.
Chris Campbell
-
On 9 Feb 2010, at 22:31, "Andrey Gordon"
wrote:
> By changing my outbound IP addres
Thanks to all,
The problem seems to be fixed by changing the NAT ip to something else and
than back.
It does seem much like NAT exhaustion even though the f/w claims only 13K
session for two dynamic NATs and about 20 static ones.
What I don't get is why there is consistency in opening sites. Why d
By changing my outbound IP address to a different one (i suspect effectively
resetting sessions) the problem was solved. So, after that I set it back to
the original source NAT. And the sites open up just fine still. It really
behaves like a NAT table exhaustion, but the firewall only reports 13000
On Wed, 10 Feb 2010 09:12:11 +1100, Mark Andrews said:
> In message ,
> Thomas
> Habets writes:
> > On Fri, 5 Feb 2010, Mark Andrews wrote:
> > > And now for the trick question. Is :::077.077.077.077 a legal
> > > mapped address and if it, does it match 077.077.077.077?
> >
> > Forget IPv6.
Could it be a dns issue? Some sites trying to resolve your ip address
and others don't?
Sent from my iPhone
On Feb 9, 2010, at 4:47 PM, Andrey Gordon
wrote:
Can't find my IP on any of the black lists. Don't have any proxies.
Sites
that behave poorly are consistent. That is to say that
In message , Thomas
Habets writes:
> On Fri, 5 Feb 2010, Mark Andrews wrote:
> > And now for the trick question. Is :::077.077.077.077 a legal
> > mapped address and if it, does it match 077.077.077.077?
>
> Forget IPv6. The first question is does 077.077.077.077 match
> 077.077.077.077 in
Thx to all the folks replying off the list.
The more I trouble shoot the more I'm convinced that it's not the sites that
are doing rate-limiting. I went to a website of one of my previous employers
(a small company). Chances of them having a fancy reverse proxy with some
sort of black list filteri
Andrey Gordon wrote:
Can't find my IP on any of the black lists. Don't have any proxies. Sites
that behave poorly are consistent. That is to say that facebook.com,
apple.com would always come up without an issue, but cnn.com,
forever21.com(i know, don't ask, students),
store.apple.com would consi
Andrey Gordon wrote:
Can't find my IP on any of the black lists. Don't have any proxies. Sites
that behave poorly are consistent. That is to say that facebook.com,
apple.com would always come up without an issue, but cnn.com,
forever21.com(i know, don't ask, students),
store.apple.com would consi
Can't find my IP on any of the black lists. Don't have any proxies. Sites
that behave poorly are consistent. That is to say that facebook.com,
apple.com would always come up without an issue, but cnn.com,
forever21.com(i know, don't ask, students),
store.apple.com would consistently take forever to
On Feb 9, 2010, at 7:53 AM, Mikael Abrahamsson wrote:
> On Tue, 9 Feb 2010, John Peach wrote:
>
>> Damn forms; whatever happened to abuse@ addresses?
>
> A few years I proposed a standard way to report abuse by email (X-headers)
> but nobody was interested.
There's a (draft, de facto) standard
Have to get out of the gravity well these days to be on the safe side :)
cheers
Jeff
On Tue, Feb 9, 2010 at 11:24 AM, Lunch Hound wrote:
> Hi,
> Who do you like for data centers these days?
>
> Looking for a site more than 1000 miles from Chicago.
>
>
> Thanks!
>
True...and I was a subscriber, so I should have remembered that...but it
was roughly a decade ago and in that form dead most of that time.
Irrelevant to this guy's current issue.
On Tue, 9 Feb 2010, Tony Finch wrote:
On Tue, 9 Feb 2010, Jon Lewis wrote:
Other than the Spamhaus DROP list, I'
--- b...@herrin.us wrote:
From: William Herrin
On Tue, Feb 9, 2010 at 2:24 PM, Lunch Hound wrote:
> Who do you like for data centers these days?
> Looking for a site more than 1000 miles from Chicago.
DR Fortress in Honolulu. Especially in February. And wouldn't you know
it, ORD has direct f
It's been up and down since maybe 11am eastern. We have a ticket in
with them, but no response as of yet.
--Patrick Darden
Athens Regional Medical Center
-Original Message-
From: Raleigh Apple [mailto:rap...@rapidlink.com]
Sent: Tuesday, February 09, 2010 3:14 PM
To: nanog@nanog.org
On Tue, 9 Feb 2010, Jon Lewis wrote:
>
> Other than the Spamhaus DROP list, I've never heard of blacklisting being
> applied to IP routing.
The RBL was originally distributed via BGP.
Tony.
--
f.anthony.n.finchhttp://dotat.at/
GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY
Anybody have any idea whats going on with AT&T metro E in Atlanta?
r
Corenap. In Austin, Texas. That should cover your 1000 miles pretty easily.
www.corenap.com
*NOTE: I'm biased because I work there but I've worked at a lot of datacenters
and this one is by far my favorite.
Jessica
-Original Message-
From: Lunch Hound [mailto:lunchhound9...@gmail.com]
On Tue, 9 Feb 2010, Andrey Gordon wrote:
I have a problem that I can't seem to find a solution to yet. My student
network is being NATted out and anyone who's on that network had troubles
accessing random websites.
For example, going to www.apple.com or www.facebook.com would work great,
but sto
On Tue, Feb 9, 2010 at 2:24 PM, Lunch Hound wrote:
> Who do you like for data centers these days?
>
> Looking for a site more than 1000 miles from Chicago.
DR Fortress in Honolulu. Especially in February. And wouldn't you know
it, ORD has direct flights...
--
William D. Herrin ...
On Tue, 9 Feb 2010, Lunch Hound wrote:
Hi,
Who do you like for data centers these days?
Looking for a site more than 1000 miles from Chicago.
Can you be a little less specific in what you're looking for in a data
center?
1000 miles away puts you in the New England area, the peninsula of FL
I know that cisco either are or have integrated the IronPort
reputation service into their IPS devices, maybe a check on www.senderbase.org
could help.
Chris Campbell
-
On 9 Feb 2010, at 19:36, "Andrey Gordon"
wrote:
> Hi list
>
> I have a problem that I can't seem to
Equinix
On Feb 9, 2010, at 2:24 PM, Lunch Hound wrote:
Hi,
Who do you like for data centers these days?
Looking for a site more than 1000 miles from Chicago.
Thanks!
Hi list
I have a problem that I can't seem to find a solution to yet. My student
network is being NATted out and anyone who's on that network had troubles
accessing random websites.
For example, going to www.apple.com or www.facebook.com would work great,
but store.apple.com would either not load
Hi,
Who do you like for data centers these days?
Looking for a site more than 1000 miles from Chicago.
Thanks!
If you don't need UDP, disallow it to your entire network or to the
/xx where such is applicable. We have basic filters like this with our
carriers upstream and have prevented several Gbps of traffic from ever
hitting our filters as a result.
Jeff
2010/2/9 Michael Holstein :
>
>> What does ap
Mark wrote:
Hello nanog,
Just wondering if anyone is experiencing the same problem with google
and openDNS on their end or knows what's going on there with openDNS.
The problem just occurred about 20 minutes ago.
Don't do that then.
OpenDNS is a form of censorware and almost certainly hijac
>>> On 2/8/2010 at 7:17 PM, Doug Barton wrote:
> On 02/08/10 17:13, Crist Clark wrote:
>> For want of a better place to ask, I'm wondering if anyone monitoring
>> this list might know what is up with the registro.nic.ve web site.
>> The WHOIS at www.nic.ve refers to that site, and it appears to be
>>> On 2/8/2010 at 7:28 PM, Nathan Ward wrote:
> On 9/02/2010, at 2:13 PM, Crist Clark wrote:
>
>> For want of a better place to ask, I'm wondering if anyone monitoring
>> this list might know what is up with the registro.nic.ve web site.
>> The WHOIS at www.nic.ve refers to that site, and it app
>What does application use 8.8080,0 port for the proper purpose?
>
>
I've seen newer BitTorrent clients do this (UDP is supported, and the
port can be arbitrary).
Cheers,
Michael Holstein
Cleveland State University
Having managed an abuse desk, I can honestly say that sometimes the amount of
email you receive can be overwhelming. There were times I was receiving 30k-50k
emails a day. It's easy for some to get lost.
On that note, dealing with Yahoo! has been a constant pain. I think they've
grown so large
On Fri, 5 Feb 2010, Mark Andrews wrote:
And now for the trick question. Is :::077.077.077.077 a legal
mapped address and if it, does it match 077.077.077.077?
Forget IPv6. The first question is does 077.077.077.077 match
077.077.077.077 in IPv4?
The answer is a long one full of differen
On Tue, Feb 9, 2010 at 4:54 AM, John Peach wrote:
> Does anyone know how to get Yahoo abuse to recognize that they're
> hosting a phishing site? All I can ever get back from them is
> boilerplate telling me they know how frustrating it is to get spam,
> that it did not originate from them and how
On Tue, 9 Feb 2010, John Peach wrote:
Damn forms; whatever happened to abuse@ addresses?
A few years I proposed a standard way to report abuse by email (X-headers)
but nobody was interested.
I suspect forms are because the abuse desks want necessary information in
a structured way that doe
Doh. Didn't realize that. Thanks for the heads up Joe. I'll go take
another look.
Thanks in advance!
Kind regards,
Mark
On Feb 9, 2010, at 10:50 PM, Joe Abley wrote:
On 2010-02-09, at 09:43, Mark wrote:
It's over a vpn from Asia to US. I wouldn't worry about that 280ms
latency. :)
No
SPAM, at a guess :)
On 09/02/2010, at 10:47 PM, John Peach wrote:
> Damn forms; whatever happened to abuse@ addresses?
>
>
>
> On Tue, 9 Feb 2010 07:39:20 -0700
> Jaren Angerbauer wrote:
>
>> On Tue, Feb 9, 2010 at 5:54 AM, John Peach
>> wrote:
>>> Does anyone know how to get Yahoo abuse to
On Tue, Feb 9, 2010 at 6:47 AM, John Peach wrote:
> Damn forms; whatever happened to abuse@ addresses?
>
They got abused. :/
Matt
On 2010-02-09, at 09:43, Mark wrote:
> It's over a vpn from Asia to US. I wouldn't worry about that 280ms latency. :)
Note that you're not trying to reach google, either.
OpenDNS is returning you addresses for their own proxies. I believe they do
this as part of some of their content-control s
They were likely spammed out of existence.
Half of the time our abuse people spend is wading through the spam at the
abuse@ addresses =)
Kind of ironic ;-)
You can't really use anti-spam tech on there because people are literally
forwarding you spam ;-)
-Drew
-Original Message-
From
Damn forms; whatever happened to abuse@ addresses?
On Tue, 9 Feb 2010 07:39:20 -0700
Jaren Angerbauer wrote:
> On Tue, Feb 9, 2010 at 5:54 AM, John Peach
> wrote:
> > Does anyone know how to get Yahoo abuse to recognize that they're
> > hosting a phishing site? All I can ever get back from th
It's over a vpn from Asia to US. I wouldn't worry about that 280ms
latency. :)
Kind regards,
Mark
On Feb 9, 2010, at 10:41 PM, Joachim Tingvold wrote:
On 9. feb. 2010, at 15.32, Mark wrote:
Just wondering if anyone is experiencing the same problem with
google and openDNS on their end or k
On Tue, Feb 9, 2010 at 5:54 AM, John Peach wrote:
> Does anyone know how to get Yahoo abuse to recognize that they're
> hosting a phishing site? All I can ever get back from them is
> boilerplate telling me they know how frustrating it is to get spam,
> that it did not originate from them and how
Hello nanog,
Just wondering if anyone is experiencing the same problem with google
and openDNS on their end or knows what's going on there with openDNS.
The problem just occurred about 20 minutes ago.
Trace is as follows: http://inetpro.org/pastebin/2418
Kind regards,
Mark
It's almost as much fun as getting them to recognize that my home mail server
is not a bulk sender, however even after filling out their form they still
continue to block me.
In all seriousness my only suggestion is to fill this form out repeatedly. My
general experience is that they read 1 o
Cool video, it explains better than I can, I think I will show this to
my colleagues rather than failing to simplify an explanation to them.
--
Regards,
James ;)
Marie von Ebner-Eschenbach - "Even a stopped clock is right twice a
day." -
http://www.brainyquote.com/quotes/authors/m/marie_von_eb
Does anyone know how to get Yahoo abuse to recognize that they're
hosting a phishing site? All I can ever get back from them is
boilerplate telling me they know how frustrating it is to get spam,
that it did not originate from them and how to read the headers. Not
half as frustrating as their ignor
On Feb 9, 2010, at 6:57 PM, 최종훈 wrote:
> Is there anyone who have experiences controlling udp port 8,8080,0 ?
> rate-limiting or block!
Not a good idea to use rate-limiting to deal with DDoS attacks - the
programmatically-generated bad traffic ends up crowding out legitimate traffic.
All ki
These days, most of ddos attack use udp port 80.8080.0 in our country
and our network.
Sometimes the traffic volume is up to 100gbps higher.
So, we are considering to rate(bps) control about udp port 8,8080,0 in
our ISP network.
Although such a ports arp not be used commonly...
56 matches
Mail list logo
