> Back in the old days, people cared about policing bad behavior.
And I believe that is all that is needed today. We simply, as a community,
need to decide that we aren't going to tolerate such behavior. It really is
that simple. The problem seems to be getting people to act. In fact, as th
>> Where is Milo Medin when we need him?
> how would he be helping?
He would have pulled the plug.
The story is from the very early days of the internet, probably long before
NANOG existed.
Milo worked at NASA and found a cracker from Finland on one of NASAs
machines. The link from Fin
I apologize for this being off-topic in the NANOG list, but I'm hoping some of
you have experience with the particulars of what I'm looking for...
I am looking for a server cabinet which has an electric latching mechanism on
it. I want to use my existing security system and proximity card reade
It's not uncommon (although I would agree it is ill advised) practice for some
web sites that think they cater only to an audience in a particular geography
to block access outside of that geography. I ran across this when my credit
union would not let me connect to their web server from S. Korea.
Ann,
the commas not withstanding, the le/ge operands as applicable to prefix-lists
simply mean "less-than or equal-to" or greater-than or "equal-to" wrt netmasks
in CIDR speak.
In you prefix-list below, the le operand means -
allow following ranges:
/22,/23,/24 deny all else
for the /21
it mean
from a stateside host
psg.com:/usr/home/randy> dig ssa.gov. ns
; <<>> DiG 9.4.3-P2 <<>> ssa.gov. ns
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 37734
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 4
;; QUESTION SECTION:
;ssa
Folks,
Not sure if I had posted on this list about RA-Guard evasion issues.
Anyway...nowadays most implementations remain vulnerable.
If you care to get this fixed, please provide feedback about this I-D on
the IETF *v6ops* mailing-list , and CC me if possible
(please see below).
Thanks!
Best r
On Wed, 1 Feb 2012, Jimmy Hess wrote:
What the internet really needs is Tier1 and Tier2 providers participating
in the internet who "care", regardless of the popularity or size of
netblocks or issues involved. And by "care", I mean, providers
efficiently investigating reports of hijacking o
IWL's "Maxwell" is probably what you want:
http://www.iwl.com/press-releases/new-capabilities-for-maxwell-the-network-impairment-system.html
Good luck breaking stuff!
On Wednesday, February 1, 2012, Leo Bicknell wrote:
> In a message written on Wed, Feb 01, 2012 at 08:51:13PM -0500, Robert
On Wed, Feb 1, 2012 at 4:43 PM, Seth Mattinen wrote:
> Phoenix NAP colluding to hijack address space and then balking when it
> was brought to their attention is a perfect example someone could use to
> say why "we" need to be regulated. And I'm sure it will eventually
>
There are always going t
On Thu, Feb 2, 2012 at 7:20 AM, Randy Bush wrote:
>>> They do internal aggregation of common prefixes to keep their internal
>>> tables small, see for instance this rather old preso:
>>>
>>> http://www.swinog.ch/meetings/swinog7/BGP_filtering-swinog.ppt
>
> why should swisscom pay for your traffic
In a message written on Wed, Feb 01, 2012 at 08:51:13PM -0500, Robert E.
Seastrom wrote:
> Any thoughts on products that screw up networks in deterministic (and
> realistic found-in-the-wild) ways? I'm thinking of stuff like
> PacketStorm, Dummynet, etc. Dial up jitter, latency, tail drop, RED,
> ip prefix-list prefix-filter-as100 seq 10 permit 202,168.136.0/22 le 24
> ip prefix-list prefix-filter-as100 seq 20 permit 202,22.92.0/22 le 24
> ip prefix-list prefix-filter-as100 seq 30 permit 202,21.148.0/22 le 24
> ip prefix-list prefix-filter-as100 seq 40 permit 203,178.88.0/21 le 24
Hi all,
Any thoughts on products that screw up networks in deterministic (and
realistic found-in-the-wild) ways? I'm thinking of stuff like
PacketStorm, Dummynet, etc. Dial up jitter, latency, tail drop, RED,
whatever...
(I know someone's gonna say "Just buy a Brand Z FubarSwitch 3k, they
will
> It is "brilliant" because you can kiss goodbye to multihoming if you
> have, say, a /24 that you want to hang off, say, L3 and cogent.
>
> You'd get the covering L3 /9 announcement is all, visible to swisscom ..
>
>> They do internal aggregation of common prefixes to keep their internal
>> tabl
Hi Ann,
The le parameter can be included to match all more-specific prefixes within a
par ten prefix up to a specified length. FE: 202.168.136.0/22 le 25 will match
202.168.136.0/22 and all prefixes contained therein with a length of 24 or less.
They appear to be blocking everything with a leng
Hi
I read this prefix list.
Can I know why there is "le 24" after network block in /22 and /21
Why don't have "le 24" after /24?
I also saw another prefix list before. They use "le 32" instead of "le 24"
What are their different?
ip prefix-list prefix-filter-as100 seq 10 permit 202,168.136.0
On 1 February 2012 20:25, Anurag Bhatia wrote:
> Now my question here is - why this setup and not simply using having a A
> record for googlehosted.l.googleusercontent.com. which comes from any
> anycasted IP address space? Why not anycasting at CDN itself rather then
> only at DNS layer?
You ar
It is "brilliant" because you can kiss goodbye to multihoming if you
have, say, a /24 that you want to hang off, say, L3 and cogent.
You'd get the covering L3 /9 announcement is all, visible to swisscom ..
On Thu, Feb 2, 2012 at 3:42 AM, Jeroen Massar wrote:
>
> They do internal aggregation of c
And it's gone.
--
TTFN,
patrick
On Feb 1, 2012, at 5:01 PM, Patrick W. Gilmore wrote:
> Apparently I accidentally made two hotel reservations for the Westin Gas
> Lamp. Made one, then thought I changed it, but just got confirmation I have
> two.
>
> I have until 6 PM to cancel. If you want
On 2/1/12 1:13 PM, Mark Andrews wrote:
> In message <20120201201012.ge10...@hiwaay.net>, Chris Adams writes:
>> Once upon a time, George Bonser said:
>>> Let's say I had a business in space in a building I was leasing at 100 Main
>> Street, Podunk, USA. Now let's say you didn't renew the lease s
On Feb 1, 2012, at 5:12 PM, Jeroen Massar wrote:
> On 2012-02-01 22:44 , Schiller, Heather A wrote:
>>
>> AS8300 started announcing one of the Rove Digital dns changer IP ranges.
> [..]
>> I searched around and couldn't find any mention of what they might be
>> testing. Anyone know?
>
> The
>> Where is Milo Medin when we need him?
> how would he be helping?
He would have pulled the plug.
The story is from the very early days of the internet, probably long before
NANOG existed.
Milo worked at NASA and found a cracker from Finland on one of NASAs
machines. The link from Finland to
On 2012-02-01 22:44 , Schiller, Heather A wrote:
>
> AS8300 started announcing one of the Rove Digital dns changer IP ranges.
[..]
> I searched around and couldn't find any mention of what they might be
> testing. Anyone know?
They do internal aggregation of common prefixes to keep their inte
Apparently I accidentally made two hotel reservations for the Westin Gas Lamp.
Made one, then thought I changed it, but just got confirmation I have two.
I have until 6 PM to cancel. If you want it, ping me before 5 PM PST.
--
TTFN,
patrick
AS8300 started announcing one of the Rove Digital dns changer IP ranges. (The
IP ranges the FBI is sending 'you are infected' letters about) Swisscom's
announcement is less specific than the prefixes being announced by ISC during
the remediation effort, so it's not impacting traffic... But AS8
On Wed, Feb 1, 2012 at 15:21, George Bonser wrote:
> > The problem is no one will actually blacklist a big ASN because its not
> > in the individual best interest, which scales greatly with size. RPKI
> > is pretty much the only real fix for this if the chain until the major
> > carrier refuses t
> The problem is no one will actually blacklist a big ASN because its not
> in the individual best interest, which scales greatly with size. RPKI
> is pretty much the only real fix for this if the chain until the major
> carrier refuses to delist, and RPKI has it's own issues.
>
> -Blake
Sadly, y
In message <20120201201012.ge10...@hiwaay.net>, Chris Adams writes:
> Once upon a time, George Bonser said:
> > Let's say I had a business in space in a building I was leasing at 100 Main
> Street, Podunk, USA. Now let's say you didn't renew the lease so I moved to
> a building up the block bu
On Wed, Feb 1, 2012 at 15:00, George Bonser wrote:
> > So, to pose the obvious question: Should there be?
> >
> > (I honestly don't know the answer is to this question, and am asking in
> > earnest for opinions on the subject)
> >
> > Nathan
> >
> >
>
> Well, calling the law on someone is kind of
> So, to pose the obvious question: Should there be?
>
> (I honestly don't know the answer is to this question, and am asking in
> earnest for opinions on the subject)
>
> Nathan
>
>
Well, calling the law on someone is kind of the whiner's way out anyway. It
would seem that the community cou
Take the ex-customer and their immediate upstream providers to small claims and
sue each of them for the maximum amount for your time and trouble in dealing
with the issue. If they don't show, get a judgment and put a lien on their
stuff until they pay up.
I am not a lawyer and I am not tellin
>
> I'm told IP addresses aren't property.
Neither is the address painted on your curb. So it's ok for me to paint over
the number in front of your house and paint your house number on my curb, right?
The issue isn't about property. It is about stealing an ADDRESS making
impossible for the l
On Feb 1, 2012, at 3:25 PM, Anurag Bhatia wrote:
> I have a small question and was wondering if someone could help me with
> that.
>
> Question is - why companies like Google, Amazon are having partial
> anycasting in CDN setups? E.g if we pick a random hostname from url of
> Picasa picture - lh
On Feb 1, 2012, at 3:10 PM, Chris Adams wrote:
> AFAIK there's no law covering the use of what party X considers their 32
> bit numbers (assigned by party A) by party Y.
The US bankruptcy courts have treated these as property that can be
sold/transferred comparable to other assets. (See threads
On Wed, Feb 1, 2012 at 3:25 PM, Anurag Bhatia wrote:
> Hello everyone!
>
> I have a small question and was wondering if someone could help me with
> that.
>
> Question is - why companies like Google, Amazon are having partial
> anycasting in CDN setups? E.g if we pick a random hostname from url of
On 2/1/12 10:16 AM, George Bonser wrote:
>
> Let's say I had a business in space in a building I was leasing at 100 Main
> Street, Podunk, USA. Now let's say you didn't renew the lease so I moved to
> a building up the block but put the 100 Main Street address on my new
> location and continue
Once upon a time, Nathan Eisenberg said:
> > AFAIK there's no law covering the use of what party X considers their
> > 32 bit numbers (assigned by party A) by party Y.
>
> So, to pose the obvious question: Should there be?
>
> (I honestly don't know the answer is to this question, and am asking
Hello everyone!
I have a small question and was wondering if someone could help me with
that.
Question is - why companies like Google, Amazon are having partial
anycasting in CDN setups? E.g if we pick a random hostname from url of
Picasa picture - lh3.googleusercontent.com - this one is further
> AFAIK there's no law covering the use of what party X considers their
> 32 bit numbers (assigned by party A) by party Y.
So, to pose the obvious question: Should there be?
(I honestly don't know the answer is to this question, and am asking in earnest
for opinions on the subject)
Nathan
Once upon a time, George Bonser said:
> Let's say I had a business in space in a building I was leasing at 100 Main
> Street, Podunk, USA. Now let's say you didn't renew the lease so I moved to
> a building up the block but put the 100 Main Street address on my new
> location and continued to
On Feb 1, 2012, at 10:16 AM, George Bonser wrote:
"We have a contractual relationship with our customer to announce
that space. We have neither a contractual relationship (in this
context) with the RIR nor the RIR's customer. The RIR and/or the RIR's
customer should resolve t
Once upon a time, Owen DeLong said:
> I would hardly call conserver software a home-baked solution unless you'd
> also call anything based on OSS a "home-baked solution".
Console server hardware: buy appliance, plug it in, set password/IP
Home-baked box: buy server (or buy parts and assemble), bu
I received one on an IP block that were SWIPed to me.
Has anyone written a regular expression which matches the rogue dns server
IP ranges in question?
- 85.255.112.0 through 85.255.127.255;
- 67.210.0.0 through 67.210.15.255;
- 93.188.160.0 through 93.188.167.255;
- 77.67.83.0 throug
On Wed, Feb 1, 2012 at 13:54, Bill Merriam wrote:
> I now have ATT IPv6 over their residential ADSL broadband. They
> deployed using 6RD which means every time your IPv4 address changes
> your IPv6 address changes also. Does anybody have a clue why they
> chose to use 6RD instead of the much mo
On 1/30/12 11:53 AM, "Joe Marr" wrote:
>I've yet to hear back from them on the reason for the outage and
>explanation on why our "redundant" darkfiber pairs both were down.
They cut ALL THE FIBER going into MI1 .. At the same time.
Randy
I now have ATT IPv6 over their residential ADSL broadband. They
deployed using 6RD which means every time your IPv4 address changes
your IPv6 address changes also. Does anybody have a clue why they
chose to use 6RD instead of the much more fully-assed TR-187 for their
deployment?
Saying they're
On Wed, Feb 1, 2012 at 12:37 PM, David Conrad wrote:
> On Jan 31, 2012, at 8:53 PM, Antonio Querubin wrote:
>>> "We have a contractual relationship with our customer to announce that
>>> space. We have neither a contractual relationship (in this context) with
>>> the RIR nor the RIR's customer.
> >> "We have a contractual relationship with our customer to announce
> that space. We have neither a contractual relationship (in this
> context) with the RIR nor the RIR's customer. The RIR and/or the RIR's
> customer should resolve this issue with our customer."
> > Contracts are generally no
We use WTI, too, just don't like it that it reboots to apply a change.
Frank
-Original Message-
From: Christopher O'Brien [mailto:obria...@bc.edu]
Sent: Wednesday, February 01, 2012 9:59 AM
To: nanog@nanog.org
Subject: Re: Console Server Recommendation
On 1/30/12 11:08 AM, Ray Soucy wro
> It's a product you can download, compile, configure and it works out of
> the box.
>
> It is pretty well supported by the authors and they have been very
> responsive to each and every question/feature/other request I have made
> to them, no matter how stupid. In fact, it has been better support
On Wed, 1 Feb 2012, David Conrad wrote:
On Jan 31, 2012, at 8:53 PM, Antonio Querubin wrote:
"We have a contractual relationship with our customer to announce that space. We
have neither a contractual relationship (in this context) with the RIR nor the RIR's
customer. The RIR and/or the RIR
On Feb 1, 2012, at 9:24 AM, Saku Ytti wrote:
> On (2012-02-01 09:07 -0800), Owen DeLong wrote:
>
>> I would hardly call conserver software a home-baked solution unless you'd
>> also call anything based on OSS a "home-baked solution".
>
> Home-baked, i.e. it's not product you can get shipped and
On Wed, Feb 1, 2012 at 5:12 AM, Hal Murray wrote:
> I'm not a lawyer nor an operator.
>
>> Imagine that instead of www.google.com, it was www.whitehouse.gov
>
>> At some point, I suspect that this gets service to get it fixed RIGHT NOW.
>> At some point, the guys informing you it's RIGHT NOW show
On Wed, 1 Feb 2012, George Bonser wrote:
One problem is the number of routing registries and the requirements
differ for them. The nefarious operator can enter routes in an IRR just
as easily as a legitimate operator. There was a time when some
significant networks used the IRRs for their fi
On Jan 31, 2012, at 8:53 PM, Antonio Querubin wrote:
>> "We have a contractual relationship with our customer to announce that
>> space. We have neither a contractual relationship (in this context) with
>> the RIR nor the RIR's customer. The RIR and/or the RIR's customer should
>> resolve this
On (2012-02-01 09:07 -0800), Owen DeLong wrote:
> I would hardly call conserver software a home-baked solution unless you'd
> also call anything based on OSS a "home-baked solution".
Home-baked, i.e. it's not product you can get shipped and it'll work out of
the box and you have organization sup
On Jan 31, 2012, at 11:32 PM, Saku Ytti wrote:
> On (2012-01-31 11:09 -0800), Owen DeLong wrote:
>
>>> - IP address mappable to a console port. So that accessing device normally
>>> is 'ssh router' and via OOB 'ssh router.oob' no need to train people
>>
>> How about normal is 'ssh device' and O
> I'd like to get a conversation going and possibly some support of an
> initiative to spend that extra 30-seconds to verify ownership and
> authorization of network space to be advertised. Additionally, if
> someone rings your NOC's line an industry-standard process of verifying
> "ownership"
> a
On 1/30/12 11:08 AM, Ray Soucy wrote:
What are people using for console servers these days? We've
historically used retired routers with ASYNC ports, but it's time for
an upgrade.
OpenGear seems to have some nice stuff, anyone else?
I've been using Western Telematic TSM-40 console servers an
If the IP list is pointing to DNS servers, they maybe referring to the
following:
http://www.us-cert.gov/reading_room/DNS-recursion033006.pdf
On Jan 31, 2012, at 7:38 PM, Phil Dyer wrote:
> On Fri, Jan 27, 2012 at 3:23 PM, Jon Lewis wrote:
>> On Fri, 27 Jan 2012, Bryan Horstmann-Allen wrote:
>
> On 1/30/2012 11:05 AM, nanog-request nanog.org wrote:
> > --
> >
> > Message: 8
> > Date: Mon, 30 Jan 2012 12:09:16 -0600
> > From: "Express Web Systems" expresswebsystems.com>
> > To: "'NANOG'" nanog.org>
> > Subject: RE: IP KVM suggestions
> > Message-ID: <033601c
I'm not a lawyer nor an operator.
> Imagine that instead of www.google.com, it was www.whitehouse.gov
> At some point, I suspect that this gets service to get it fixed RIGHT NOW.
> At some point, the guys informing you it's RIGHT NOW show up with badges.
Where is Milo Medin when we need him?
>
At 03:58 01/02/2012 -0500, Kelvin Williams wrote:
Those ISPs that are good network citizens have done it already. Those who
don't care and who haven't done it yet - won't do it in the future. The
only recourse you have is exactly what you have done.
-Hank
How can we prevent anyone else fr
On 1 Feb 2012, at 09:01, "Kelvin Williams" wrote:
>
> A few months ago, when establishing a new peering relationship I was
> encouraged (actually required) to utilize one of the IRRs. I took the time
> to register all of my routes, ASNs, etc. However, as I learned today, this
> was probably d
First off, I'd like to thank everyone on this list who have reached out
today and offered us help with our hijacked network space. It's so
refreshing to see that there are still so many who refuse to leave a
man/woman down.
I'm not going to place any blame, its useless. There were lies, there we
66 matches
Mail list logo
