Am 27.03.2013 00:04, schrieb Alain Hebert:
We're on it here...
Been using the work of http://bindguard.activezone.de/ to watch it =D
There is a lot of targets... kinda hard to figure out the goal...
-
Alain Hebertaheb...@pubnix.net
PubNIX Inc
nyt reports capture of scuba divers attempting to cut telecom egypt
undersea fiber.
http://www.nytimes.com/aponline/2013/03/27/world/middleeast/ap-ml-egypt-internet.html
randy
On Mar 28, 2013, at 11:42 AM, Paul Ferguson wrote:
> Actually, I do know someone who is in the "digital insurance" (for lack of a
> better term) business, and although I just met them a few weeks ago, somehow
> I get the feeling that it is a growth industry.
I think this concept applies to tr
On Wed, Mar 27, 2013 at 9:18 PM, Dobbins, Roland wrote:
>
> On Mar 28, 2013, at 6:01 AM, Mark Andrews wrote:
>
>> Secondly you reduce your legal liability.
>
> IANAL, but this has yet to be proven, AFAIK.
>
> One approach that hasn't been tried, to my knowledge, is educating the
> insurance comp
On Mar 28, 2013, at 6:01 AM, Mark Andrews wrote:
> Secondly you reduce your legal liability.
IANAL, but this has yet to be proven, AFAIK.
One approach that hasn't been tried, to my knowledge, is educating the
insurance companies about how they can potentially reduce *their* liability for
payo
On Wed, 27 Mar 2013 16:59:16 -0500, Jack Bates said:
> On 3/27/2013 4:49 PM, Tony Finch wrote:
> > Jack Bates wrote:
> >
> >> 3) BCP38 (in spirit)
> > That should be deployed as well as RRL.
> >
> > Tony.
>
> If BCP38 was properly deployed, what would be the purpose of RRL outside
> of misbehaving
The BBC has a similar story:
http://www.bbc.co.uk/news/world-middle-east-21963100
On Mar 27, 2013, at 6:41 PM, Neil J. McRae wrote:
> Via renesys
>
> http://www.washingtonpost.com/world/middle_east/egypt-naval-forces-capture-3-scuba-divers-trying-to-sabotage-undersea-internet-cable/2013/03/27/
I am afraid you are right.
It is going to cost us money and time, but unfortunately I do not see
another way out.
/as
On 3/27/13 6:19 PM, Paul Ferguson wrote:
> As I mentioned on another list earlier today, let's face it -- this is
> going to require a large-scale, very public,
On 3/26/13, Dobbins, Roland wrote:
> On Mar 26, 2013, at 9:51 PM, Jay Ashworth wrote:
Perhaps you should reframe your strategy as "security problem", and
show how providers have implemented BCP38, how it is such a common
practice, that not implementing BCP38 may fall short of the minimum
stan
An important question...
I recall a peering panel at an ISPCON in 1996 when the current
Peering Badguys, BBN, were represented by John, who listened
to a ton of bitching for an hour about the unfairness of it all and
said (paraphrasing)...
"I understand you all have your opinions and desires bu
In message
, Jason Ackley writes:
>
> On Wed, Mar 27, 2013 at 4:19 PM, Paul Ferguson wrote:
>
>
> > Some people are going to have to step and add a few thousand more
> > frequent flier miles and get out to various geographic constituencies,
> > at various events, and start talking about this.
On 2013-03-27, at 17:59, Jack Bates wrote:
> DNS is UDP for a reason.
Not a great reason, as it turns out. But hindsight is 20/20.
> The infrastructure to switch it to TCP is prohibitive and completely destroys
> the anycast mechanisms.
No.
Joe
Jack Bates wrote:
>
> If BCP38 was properly deployed, what would be the purpose of RRL outside of
> misbehaving clients or direct attacks against that one server?
If fictional scenario, irrelevant answer. Given the current situation,
efforts to deploy both RRL and BCP38 in parallel will reduce th
On Mar 27, 2013, at 6:25 PM, Rich Kulawiec wrote:
> Or worse, before some government somewhere decides to "solve" this
> problem for a value of "solved" involving (shudder) legislation.
In general, governments have avoided regulating various aspects of
the Internet, in part because of lack of u
Via renesys
http://www.washingtonpost.com/world/middle_east/egypt-naval-forces-capture-3-scuba-divers-trying-to-sabotage-undersea-internet-cable/2013/03/27/dd2975ec-9725-11e2-a976-7eb906f9ed9b_story.html
Sent from my iPhone
On 27 Mar 2013, at 21:53, "Neil J. McRae"
mailto:n...@domino.org>> wro
I think the media fire about this will enlighten many c level executives. After
that, it's a matter of them saying "go do this". You can't get any traction if
there isn't a perceived issue, from what I've seen anyways. I still think the
ipv4 to 6 transition will require media outlets running spe
Hi all,
I just discovered a somewhat-exigent issue which affects
confidentiality for Verizon Wireless customers. (PSTN / Voice)
I'm failing at trying to find a Verizon Wireless security contact
through normal means. If someone can provide a contact off-list it
would be much appreciated.
Thanks,
On Mar 27, 2013, at 4:54 PM, Mark Andrews
wrote:
>> Umm... How many North American ISP's/datacenters/web hosting firms were
>> aware of the BCP 38 development as it was on-going, and participated in
>> some manner in its review? ...
>
> I'd say enough were aware. :-)
>
> 8. Acknowledgments
>
On Wed, Mar 27, 2013 at 12:30:43PM -0700, Paul Ferguson wrote:
> Consider this a call-to-arms, in all aspects. Please.
+1
No. Not enough. +10.
But...our collective track record in responding in a timely and effective
fashion to such calls is not very good. Twenty years ago we could have
kille
On 3/27/13 2:46 PM, Warren Bailey wrote:
Wasn't there a ton of drama with the SpamHaus guys a year or so ago
regarding RBL's on NANOG?
There's always someone who publicly flips out over being listed by a
major DNSBL at least once a year.
~Seth
Noted.
But today's contribution by Eric M. Caroll might end up on the front
page =D.
I got the domains... Now I just need a few free hours to setup
something useful.
As always, don't be shy to drop me contribution offlist.
-
Alain Hebertah
On Wed, Mar 27, 2013 at 4:19 PM, Paul Ferguson wrote:
> Some people are going to have to step and add a few thousand more
> frequent flier miles and get out to various geographic constituencies,
> at various events, and start talking about this. And we need a lot
> more people on board. Nation &
On Wed, 27 Mar 2013 14:19:05 -0700, Paul Ferguson said:
> And there may even be some stick approaches to accompany the carrot,
> but some awareness is going to have to happen.
>
> Sing it from the mountain tops.
http://www.sans.org/dosstep/roadmap.php
Note the date. Note the list of recommendat
On 3/27/2013 4:49 PM, Tony Finch wrote:
Jack Bates wrote:
3) BCP38 (in spirit)
That should be deployed as well as RRL.
Tony.
If BCP38 was properly deployed, what would be the purpose of RRL outside
of misbehaving clients or direct attacks against that one server?
We already know the fix
that article is absolute rubbish. take with large pinch of salt, rockstar in
hamster outfit type nonsense.
$dayjob didn't lose any traffic during the period, some guys where affected
because of the lottery of being on the same switch as couldfare.
regards,
Neil.
On 27 Mar 2013, at 18:45, "Jay
Jack Bates wrote:
> You'll also find that [DNS RRL] serves little purpose.
In my experience it works extremely well. Yes it is possible to work
around it, but you still need to stop the attacks that are happening now.
It is good to make the attacker's job harder.
> 1) tcp
RRL pushes legitimate
quite a few EU to India cables are impacted right now 4/7 down.
Sent from my iPad
On 27 Mar 2013, at 18:14, "Aftab Siddiqui" wrote:
> Well, it's not just SMW4 outage, we've been witnessing serious issues on
> IMEWE for couple of weeks now and this outages just made it worse.
> So, right now mo
Wasn't there a ton of drama with the SpamHaus guys a year or so ago
regarding RBL's on NANOG?
On 3/27/13 2:54 PM, "Scott Weeks" wrote:
>
>--- b...@herrin.us wrote:
>From: William Herrin
>
>According to the New York Times it was 300 gbps and Cyberbunker was the
>bad guy.
>http://www.nytimes.co
"...Sven Olaf Kamphuis, an Internet activist who
said he was a spokesman for the attackers..."
I wonder is he'll ever post here again as he has in the past. It
probably would not go well for him if he did...
scott
Jack Bates wrote:
>
> Tracking the clients would be a huge dataset and be especially complicated in
> clusters.
The memory usage is guite manageable: for the BIND patch it is at most
40-80 bytes (for 32 or 64 bit machines) per request per second. You're
doing well if you need a megabyte. There's
Joe Abley wrote:
>
> My assessment is that the implementations I have seen are ready for
> production use, but I think it's understandable given the moving
> goalpoasts that some vendors have not yet promoted the code to be
> included in stable releases.
It is in the current stable release of NSD
--- b...@herrin.us wrote:
From: William Herrin
According to the New York Times it was 300 gbps and Cyberbunker was the bad guy.
http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html?pagewanted=all&_r=0
-
On Wed, Mar 27, 2013 at 1:54 PM, Mark Andrews wrote:
>
> In message <8da1853ce466b041b104c1caee00b3748fa4e...@chaxch01.corp.arin.net>,
> John Curran writes:
>>
>> Umm... How many North American ISP's/datacenters/web hosting firms were
>> aware of the BCP 38 development as it was on-going, and pa
In message <8da1853ce466b041b104c1caee00b3748fa4e...@chaxch01.corp.arin.net>,
John Curran writes:
> On Mar 27, 2013, at 10:23 AM, Jay Ashworth wrote:
>
> > Indeed, but I have an even better example of how that's already done,
> that
> > is probably pertinent.
> >
>
> > The National Electric
At least they compared it to a traffic jam. ;)
>From my Android phone on T-Mobile. The first nationwide 4G network.
Original message
From: Huasong Zhou
Date: 03/27/2013 1:00 PM (GMT-08:00)
To: sur...@mauigateway.com,nanog@nanog.org
Subject: Re: Cloudflare, and the 120Gbps DD
Try this one:
http://www.bbc.co.uk/news/technology-21954636
On 3/27/13 3:55 PM, "Scott Weeks" wrote:
>
>
>--- b...@herrin.us wrote:
>From: William Herrin
>
>According to the New York Times it was 300 gbps and Cyberbunker was the
>bad guy.
>http://www.nytimes.com/2013/03/27/technology/internet/o
On Wed, Mar 27, 2013 at 3:55 PM, Scott Weeks wrote:
> According to the New York Times it was 300 gbps and Cyberbunker was the bad
> guy.
> http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html?pagewanted=all&_r=0
> -
The root cause of high scale directed amplification attacks is the failure
to assure the integrity of the source IP address. This failure leads to a
large set of directed amplification attack vectors.
BCP38 was written in 2000, coming up on its 13th anniversary. This root
cause, and various method
--- b...@herrin.us wrote:
From: William Herrin
According to the New York Times it was 300 gbps and Cyberbunker was the bad guy.
http://www.nytimes.com/2013/03/27/technology/internet/online-dispute-becomes-internet-snarling-attack.html?pagewanted=all&_r=0
On Wed, Mar 27, 2013 at 12:18 PM, Joshua Goldbard wrote:
> That was a really big attack.
>
> The scary part is that it's all DNS reflection, meaning the attackers only
> need 3Gbps of bandwidth to generate 300Gbps of DDoS.
>
> Imagine if they compromised some of the medium sized corporate networ
As cyberbunker stops killing spamhaus and goes after Gilmore.. I think
these are the guys who used to colo HavenCo after they burnt their
platform down? I'm not sure how I feel about Cloudflare comparing being
packeted to a nuclear bomb? After the packeting drys up, is there really
total devastatio
You won't care "who" until the target is you. ;)
Warm Regards,
Jordan Michaels
On 03/27/2013 12:09 PM, Warren Bailey wrote:
Seldom do hax0r nations target things without some type of
"justification". I don't really care who is being internet murdered, I
care why.
On Wed, Mar 27, 2013 at 3:09 PM, Warren Bailey
wrote:
> Is someone pissed off at Spamhaus, or was the intention to packet them so
> hard their entire network ceased to exist so they can no longer offer
> DROP/RBL/xyz service?
According to the New York Times it was 300 gbps and Cyberbunker was the
That was a really big attack.
The scary part is that it's all DNS reflection, meaning the attackers only need
3Gbps of bandwidth to generate 300Gbps of DDoS.
Imagine if they compromised some of the medium sized corporate networks along
with these Botnets. I don't know if the exchanges could hol
On (2013-03-27 11:05 -0500), Jack Bates wrote:
> I'm not arguing that the process can't be done. The problem is,
> there are a number of networks that don't know it needs to be done
> and why, or they don't know how to do it. There are a number of
> networks that have no concept of scripting chang
Is someone pissed off at Spamhaus, or was the intention to packet them so
hard their entire network ceased to exist so they can no longer offer
DROP/RBL/xyz service?
Seldom do hax0r nations target things without some type of
"justification". I don't really care who is being internet murdered, I
ca
On 2013-03-27, at 14:52, Jared Mauch wrote:
> I am very concerned about examples such as this possibly being implemented by
> a well intentioned sysadmin or neteng type without understanding their query
> load and patterns. bind with the rrl patch does log when things are
> happening. While
- Original Message -
> From: "Valdis Kletnieks"
> On Wed, 27 Mar 2013 10:51:35 -0500, Jack Bates said:
> > They are not, and I can think of quite a few people who would stare
> > blankly at you for making such a statement. Of course, I can think
> > of plenty of people who we'd like to se
On Mar 27, 2013, at 11:54 AM, Owen DeLong wrote:
> It's been available in linux for a long time, just not in BIND…
>
> Here is a working ip6tales example:
>
> -A RH-Firewall-1-INPUT -s 2620:0:930::/48 -m state --state NEW -m udp -p udp
> --dport 53 -j ACCEPT
> -A RH-Firewall-1-INPUT -s 2001:4
On Wed, 27 Mar 2013 10:51:35 -0500, Jack Bates said:
> They are not, and I can think of quite a few people who would stare
> blankly at you for making such a statement. Of course, I can think of
> plenty of people who we'd like to see implementing BCP38 concepts that
> would need you to define ing
Op 27-03-13 16:54, Owen DeLong schreef:
> It's been available in linux for a long time, just not in BIND…
Not entirely true:
http://www.redbarn.org/dns/ratelimits
>
> Here is a working ip6tales example:
>
Tricky...
There is also the 'hashlimit' module (at least for v4, not sure about
v6), that m
http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
Yes: 120 gigabits/second, primarily of DNS amplification traffic.
Still think it's optional to implement BCP38 pervasively?
Cheers,
-- jra
--
Jay R. Ashworth Baylink j...@baylink.com
Design
But of course. :-)
Also, just saw this:
http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet
- ferg
On Wed, Mar 27, 2013 at 11:02 AM, Arturo Servin wrote:
>
> And do not forget
>
> http://tools.ietf.org/html/bcp38
>
> :)
>
> -as
>
>
> On 3/27/13 2:17 PM, Paul Fergus
Well, it's not just SMW4 outage, we've been witnessing serious issues on
IMEWE for couple of weeks now and this outages just made it worse.
So, right now most of the traffic taking east bound routes.
Who needs DDoS at this stage, these links are already chocked up :)
> Maybe it was because of this
And do not forget
http://tools.ietf.org/html/bcp38
:)
-as
On 3/27/13 2:17 PM, Paul Ferguson wrote:
> Please reference:
>
> http://openresolverproject.org/
> http://spoofer.csail.mit.edu/
> http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack
>
> ...and
Maybe it was because of this: Global Internet Slows after 'biggest attack
in history'
http://www.bbc.co.uk/news/technology-21954636
Huasong Zhou
Associate
Kalorama Group, LLC
1000 Potomac Street, NW, Suite 350
Washington, D.C. 20007
Mobile: +1 763 221 6784
Email: huas...@kalorama.com
www.kalora
Please reference:
http://openresolverproject.org/
http://spoofer.csail.mit.edu/
http://blog.cloudflare.com/deep-inside-a-dns-amplification-ddos-attack
...and anything else to raise the awareness level.
Thanks,
- ferg (co-perpetrator of BCP38) :-)
On Wed, Mar 27, 2013 at 9:48 AM, Alain Hebert
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco IOS Software Zone-Based Policy Firewall Session Initiation
Protocol Inspection Denial of Service Vulnerability
Advisory ID: cisco-sa-20130327-cce
Revision 1.0
For Public Release 2013 March 27 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco IOS Software Internet Key Exchange Vulnerability
Advisory ID: cisco-sa-20130327-ike
Revision 1.0
For Public Release 2013 March 27 16:00 UTC (GMT)
+-
Summary
===
The
bcp38.org coming soon =D
-
Alain Hebertaheb...@pubnix.net
PubNIX Inc.
50 boul. St-Charles
P.O. Box 26770 Beaconsfield, Quebec H9W 6G7
Tel: 514-990-5911 http://www.pubnix.netFax: 514-990-9443
On 03/27/13 11:20, Jack Bates wrote:
> Out
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco IOS Software Resource Reservation Protocol Denial of Service
Vulnerability
Advisory ID: cisco-sa-20130327-rsvp
Revision 1.0
For Public Release 2013 March 27 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco IOS Software Network Address Translation Vulnerability
Advisory ID: cisco-sa-20130327-nat
Revision 1.0
For Public Release 2013 March 27 10:00 UTC (GMT)
+-
Summary
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco IOS Software Smart Install Denial of Service Vulnerability
Advisory ID: cisco-sa-20130327-smartinstall
Revision 1.0
For Public Release 2013 March 27 16:00 UTC (GMT
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco IOS Software Protocol Translation Vulnerability
Advisory ID: cisco-sa-20130327-pt
Revision 1.0
For Public Release 2013 March 27 16:00 UTC (GMT)
+-
Summary
===
The
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Cisco IOS Software IP Service Level Agreement Vulnerability
Advisory ID: cisco-sa-20130327-ipsla
Revision 1.0
For Public Release 2013 March 27 16:00 UTC (GMT)
+-
Summary
Yes smw4 issues across Egypt.
In India (and Pakistan also) services are badly impacted.
Here in India most of traffic from major networks is going via East Asia
route and we are experiencing latency of over 700ms with US and Europe from
last few hours.
On Wed, Mar 27, 2013 at 6:50 PM, James Smi
On 3/27/2013 10:40 AM, William Herrin wrote:
Build a web page where a downstream can set the filters on his
interface at his convenience. Apply some basic sanity checks against
wide-open. Worry about small lies from a forensic after-the-fact
perspective. This problem has a trivial technology-on
It's been available in linux for a long time, just not in BIND…
Here is a working ip6tales example:
-A RH-Firewall-1-INPUT -s 2620:0:930::/48 -m state --state NEW -m udp -p udp
--dport 53 -j ACCEPT
-A RH-Firewall-1-INPUT -s 2001:470:1f00:3142::/64 -m state --state NEW -m udp
-p udp --dport 53 -
On 3/27/2013 10:25 AM, Mark Andrews wrote:
Technologies change. Concepts rarely do. BCP38 is technology neutral.
If we follow that, we should just state "Don't allow spoofed IP
Addresses!" and leave it to the individual to figure it out. BCP38
leaves that premise by mentioning ingress filteri
On Wed, Mar 27, 2013 at 11:02 AM, Jack Bates wrote:
> It's also not a bad idea for an ISP to deploy EGRESS filters if they do not
> offer BGP Transit services.
Nor is it a bad idea for their upstream to inquire as to whether the
downstream offers BGP transit services and apply INGRESS filters if
On Mar 27, 2013, at 10:23 AM, Jay Ashworth wrote:
> Indeed, but I have an even better example of how that's already done, that
> is probably pertinent.
>
> The National Electric Code is assimilated law now, I think, in every
> state in the US. It is promulgated by the National Fire Protection
In message <515309ec.4070...@brightok.net>, Jack Bates writes:
> On 3/27/2013 9:23 AM, Jay Ashworth wrote:
> > Is BCP38 *not* well enough though out even for large and medium sized
> > carriers to adopt as contractual language, much less for FCC or
> > someone to impose upon them? If so, we shou
Outside of needing more details and examples, BCP38 could use more
advertising.
The best option, if they would accept it, is to have all RIRs mention
BCP38 as well as require that mention of BCP38 be included in all IP
justification requests to customers (so that those who receive netblocks
f
In message <51530632.3020...@brightok.net>, Jack Bates writes:
> On 3/27/2013 9:34 AM, William Herrin wrote:
> > On Wed, Mar 27, 2013 at 10:00 AM, Jack Bates wrote:
> >>
> >> Tracking the clients would be a huge dataset and be especially complicated
> >> in clusters. They'd be better off at detec
On 3/27/2013 9:23 AM, Jay Ashworth wrote:
Is BCP38 *not* well enough though out even for large and medium sized
carriers to adopt as contractual language, much less for FCC or
someone to impose upon them? If so, we should work on it further.
BCP38 could definitely use some work. It is correct
On 3/27/2013 9:34 AM, William Herrin wrote:
On Wed, Mar 27, 2013 at 10:00 AM, Jack Bates wrote:
Tracking the clients would be a huge dataset and be especially complicated
in clusters. They'd be better off at detecting actual attack vectors rather
than rate limiting.
I count this among the sev
On Wed, Mar 27, 2013 at 10:00 AM, Jack Bates wrote:
> On 3/27/2013 8:47 AM, William Herrin wrote:
>> Right now that's a complaint for the mainstream software authors, not
>> for the system operators. When the version of Bind in Debian Stable
>> implements this feature, I'll surely turn it on.
>
>
- Original Message -
> From: "John Curran"
> On Mar 26, 2013, at 10:51 AM, Jay Ashworth wrote:
> > The problem here is, of course, one of externalities and the Common
> > Good, hard sales to make in a business environment.
>
>
> "Common Good" situations are readily dealt with, but gene
On 3/27/2013 8:47 AM, William Herrin wrote:
On Tue, Mar 26, 2013 at 10:07 PM, Tom Paseka wrote:
Authoritative DNS servers need to implement rate limiting. (a client
shouldn't query you twice for the same thing within its TTL).
Right now that's a complaint for the mainstream software authors, n
On Mar 27, 2013, at 8:47 AM, Nick Hilliard wrote:
> then use a vpn and/or provide that service to your users. Sure, hotels and
> public access wifi does all sorts of stupid and obnoxious stuff, but the
> way to work around this is not by hardwiring your dns to some open resolver.
I've been in
On 2013-03-27, at 09:47, William Herrin wrote:
> On Tue, Mar 26, 2013 at 10:07 PM, Tom Paseka wrote:
>> Authoritative DNS servers need to implement rate limiting. (a client
>> shouldn't query you twice for the same thing within its TTL).
>
> Right now that's a complaint for the mainstream soft
On Tue, Mar 26, 2013 at 10:07 PM, Tom Paseka wrote:
> Authoritative DNS servers need to implement rate limiting. (a client
> shouldn't query you twice for the same thing within its TTL).
Right now that's a complaint for the mainstream software authors, not
for the system operators. When the versi
On Tue, Mar 26, 2013 at 9:18 PM, Jay Ashworth wrote:
>> From: "William Herrin"
>> Indeed. But it isn't achievable. $Random_SOHO will continue to be
>> hacked on a regular basis. He doesn't have someone working for him
>> with the skill to prevent it. Further victimizing him with a game of
>> whac
Little bit of fun with http://bindguard.activezone.de/
This little example with an open resolver with only 200 queries a
minute...
The following list show the # of queries made followed by the query
in question.
False positive:
69.x.x.x
2 a1.mzstatic.com IN A +
2
Thanks for the quick responses, great information!
> From: thepacketmas...@hotmail.com
> To: nanog@nanog.org
> Subject: Line cut in Mediterranean?
> Date: Wed, 27 Mar 2013 08:49:10 -0400
>
>
> Getting reports from a third party vendor that there's been a line cut in the
> Mediterranean that is
> Getting reports from a third party vendor that there's been a line cut in the
> Mediterranean that is affecting some Internet traffic. Anyone have any
> details?
See the outages list:
https://puck.nether.net/pipermail/outages/2013-March/005386.html
Steinar Haug, Nethelp consulting, sth...@n
On 27/03/2013 12:49, James Smith wrote:
> Getting reports from a third party vendor that there's been a line cut
> in the Mediterranean that is affecting some Internet traffic. Anyone
> have any details?
smw4 is down, off the north coast of egypt:
> http://www.itnewsafrica.com/2013/03/seacom-suf
Hello James,
2013/3/27 James Smith :
>
> Getting reports from a third party vendor that there's been a line cut in the
> Mediterranean that is affecting some Internet traffic. Anyone have any
> details?
>
SMW4 : http://www.seacom.mu/news/article-140/seacom-outage-08-40-gmt/
"SEACOM can confir
On Tue, Mar 26, 2013 at 10:40 PM, Mark Andrews wrote:
> Surveying which connections are open to address spoofing may or may
> not be a criminal activity. It all depends on intent of the person
> gathering the data.
Such is the nature of law. When a dead body shows up shot, intent
(fancily called
Getting reports from a third party vendor that there's been a line cut in the
Mediterranean that is affecting some Internet traffic. Anyone have any details?
On 27/03/2013 12:40, Rich Kulawiec wrote:
> It's necessary because many operations are screwing with DNS results in
> order to advance/suppress political agendas, impose their moral code
> via censorship, profit via redirection to search portals, etc. If we
> could actually trust that J. Random Ho
On Wed, Mar 27, 2013 at 11:20:54AM +, Nick Hilliard wrote:
> I'm struggling to understand why it's necessary to hard-code dns servers
> into the ip networking configuration of a portable device. By definition,
> these devices will already have dhcp enabled.
It's necessary because many operati
Same ol' same ol'
(at least since I started this around '93 =D)
On 03/26/13 22:25, Jon Lewis wrote:
> On Tue, 26 Mar 2013, Matthew Petach wrote:
>
>> The concern Valdis raised about securing recursives while still
>> being able to issue static nameserver IPs to mobile devices
>> is an ort
Well,
On 03/27/13 07:20, Nick Hilliard wrote:
> On 26/03/2013 14:21, valdis.kletni...@vt.edu wrote:
>> And if you get a recursive lookup for www.ebay.com from a hotel network,
> I'm struggling to understand why it's necessary to hard-code dns servers
> into the ip networking configuration o
On Mar 26, 2013, at 10:51 AM, Jay Ashworth wrote:
> The problem here is, of course, one of externalities and the Common Good,
> hard sales to make in a business environment.
"Common Good" situations are readily dealt with, but generally not on a
voluntary basis. You establish how the resource
On 26/03/2013 14:21, valdis.kletni...@vt.edu wrote:
> And if you get a recursive lookup for www.ebay.com from a hotel network,
I'm struggling to understand why it's necessary to hard-code dns servers
into the ip networking configuration of a portable device. By definition,
these devices will alre
96 matches
Mail list logo
