On Wed, Dec 8, 2010 at 5:08 PM, Iljitsch van Beijnum wrote:
> On 8 dec 2010, at 23:48, Jack Bates wrote:
>> I'm going to go out on a limb (and not read the last BGP summary reports)
>> and say that ISPs being assigned fragmented space has caused more routing
>> table bloat than deaggregation for
On Mon, Dec 6, 2010 at 1:50 AM, Sean Donelan wrote:
> February 2000 weren't the first DDOS attacks, but the attacks on multiple
> Other than buying lots of bandwidth and scrubber boxes, have any other DDOS
> attack vectors been stopped or rendered useless during the last decade?
Very little, no
On Mon, Nov 22, 2010 at 8:02 AM, Brandon Ross wrote:
> On Mon, 22 Nov 2010, Nick Hilliard wrote:
> least once a second. Perhaps you are thinking about the rate counters that
> are often _configured_ to use the last 30 seconds of data to compute the
> average but also update much more often than e
On Sat, Dec 4, 2010 at 9:40 PM, Mark Radabaugh wrote:
> of running RIPng. The thought of letting Belkin routers (if you can call
> them that) into the routing table scares me no end.
I think that indeed looks scary. I wouldn't be too concerned about the
Belkin routers.
How many SP routers are re
> On Sun, 05 Dec 2010 02:53:22 GMT, Michael Sokolov said:
>> Factoid: we outnumber the pigs by 1000 to 1. Even if only 1% of us were
>> to go out and shoot a pig, we would still outnumber them 10 to 1! We
>> *CAN* win -- wake up, people!
> Yes, but shooting down an RFC1925-compliant porker may r
On Wed, Dec 1, 2010 at 5:42 PM, Brett Watson wrote:
> I'm not able to get my fingers or thumbs to randomly (seemingly)
> select approximately 15% of all prefixes, originate those, modify
> filters so I can do so, and also somehow divert it to another router
> that doesn't have the hijacked prefixe
On Tue, Nov 30, 2010 at 2:41 PM, bill manning wrote:
> 96 days left Martin? Don't think we'll make it past January?
> --bill
I doubt whether or not there are more than 60 days left for the IANA pool.
The number of addresses that remain for normal allocation happens to
be identical
to the approxi
On Tue, Nov 9, 2010 at 10:17 AM, Brandon Kim wrote:
> I'm not looking for companies that offer this service, but the actual
> software engines that allow you
> to create VM's on the fly. So a customer goes to your website and says I want
> Win2008 with 8gigs of RAM and 120gigs of HDD.
> Just lik
On Tue, Oct 26, 2010 at 9:12 AM, Jack Carrozzo wrote:
> Well, I whois'd 702, got no match, said "hm, I see 701 all over the place,
> lemmy take a look" and found:
There is a match... I think "WHOIS as702" is erroneous WHOIS query syntax,
typing "asX" not being the way to search for an A
On Wed, Oct 20, 2010 at 8:46 PM, Matthew Kaufman wrote:
> On 10/20/2010 6:20 PM, Mark Smith wrote:
> Right. Just like to multihome with IPv6 you would have both PA addresses
> from provider #1 and PA addresses from provider #2 in your network.
> Only nobody wants to do that either.
A perfectly va
On Wed, Oct 20, 2010 at 4:48 PM, Jeroen van Aart wrote:
>
> these addresses, their address scope is global, i.e. they are expected to be
> globally unique."
The ULA /48s are hoped to only be globally unique, but this only has
a good chance of happening
if all users pick good random numbers
On Sat, Oct 16, 2010 at 11:46 PM, Day Domes wrote:
> I have been tasked with coming up with a new name for are transit data
> network. I am thinking of using 101100010100110.net does anyone see
> any issues with this?
The domain-name starts with a digit, which is not really recommended, RFC 103
On Sat, Oct 2, 2010 at 3:41 PM, John Curran wrote:
> On Oct 2, 2010, at 4:03 PM, Robert Bonomi wrote:
> Robert -
> You are matching nearly verbatim from ARIN's actual procedures for
> recognizing a transfer via merger or acquisition. The problem is compounded
> because often the parties ap
On Sun, Aug 29, 2010 at 3:12 PM, Thomas Mangin
wrote:
> However to make sense you would need to find a resynchronisation point to
> only exclude the one faulty message. Initially I thought that the last
> received KEEPALIVE (for the receiver of the error message) could do - but you
> find yours
On Fri, Aug 27, 2010 at 2:33 PM, Dave Israel wrote:
> On 8/27/2010 3:22 PM, Jared Mauch wrote:
[snip]
> an MD5 hash that can be added to the packet. If the TCP hash checks
Hello, layering violation.If the TCP MD5 option was used, the
MD5 checksum was probably correct.
Malformed BGP Protoc
On Fri, Aug 20, 2010 at 4:08 PM, Butch Evans wrote:
I would suggest the recommendation be that ICMP Redirects, proxy ARP,
directed broadcast, source routing, and acceptance/usage
of all fancy/surprising features should be off by default. Where
"surprising" is defined as the sort of thing tha
On Thu, Jul 29, 2010 at 10:23 PM, Franck Martin wrote:
> Hmmm, from the interview of the British guy, the smart card seems to be in UK
> (he did a lapsus on it), which differs from what you describe.
You gotta read up on the whole ceremony and their statement of
practices: https://www.iana.o
On Tue, Jul 20, 2010 at 9:44 PM, Antonio Querubin wrote:
> On Tue, 20 Jul 2010, Marshall Eubanks wrote:
>> Maybe they are having issues with their multicast mail routing protocol.
> Looks like their mmrpf (multicast mail reply path forwarding) is broken ;)
>
Or.. perhaps someone over there just
On Fri, Jul 2, 2010 at 2:07 PM, Owen DeLong wrote:
> Crist Clark wrote:
An interesting if disturbing thing to see... I suppose there is a
possibility that some IP address speculator is trying to er, acquire
interesting /24s in anticipation of RIR address exhaustion.
I have doubts that an uns
On Thu, Jul 1, 2010 at 8:03 AM, Franck Martin wrote:
> The question is because gTLDs operations are in the USA, does it mean that
> the USA have control over all those domain names?
> Can we trust solely the USA for such control?
No. However, anyone signing up for a GTLD should already have
lo
On Wed, Jun 16, 2010 at 5:57 PM, Chris Woodfield wrote:
> OK, this sounds Really Wacky (or, Really Hacky if you're into puns) but
> there's a reason for it, I swear...
> Will typical OSS UNIX kernels (Linux, BSD, MacOS X, etc) reply to a crafted
> ARP request that, instead of having FF:FF:FF:FF
On Thu, Jun 10, 2010 at 9:56 PM, Rubens Kuhl wrote:
> comeonspammer32...@wannahaveapieceofme.com, dynamically generated to
> match a download session, and suddenly this account starts to get
> spam...
well... yes.. doesn't help much if the token being abused is the
admin POC's phone number, howe
On Tue, Jun 1, 2010 at 3:50 PM, Andrey Khomyakov
wrote:
>Seems like to do that I'd have to run a software router on a VM that would
[snip]
For a VM router (for performance reasons is different than what i'd
suggest for a generic software router), I would suggest picking an
off-the-shelf OS that V
On Sun, May 23, 2010 at 5:16 PM, Christopher Gatlin
wrote:
> That is a stellar TCL script!
> I generally use netflow to glean information regarding average packet size.
Seems like a good script to me. My only criticism would be pretty
hard to do anything about... you're averaging an average ov
On Thu, May 6, 2010 at 1:12 PM, L. Gabriel Somlo wrote: ..
> I wonder if DNS for GLOP/RFC3180 is still expected to work/be supported,
> or should I just give up :) > Thanks,
I am not sure, but I believe as a best practice, RFC3180 is
considered basically defunct at this point, it's obvious
On Thu, Apr 29, 2010 at 7:15 PM, wrote:
> So if you want to make an analogy, it's more like taking the keys away from
> a drunk so they can't drive. Good luck finding a DA who will indict you for
> grand theft auto for taking the keys to prevent a DWI.
According to news reports in this case it
On Tue, Apr 27, 2010 at 7:58 PM, Jason 'XenoPhage' Frisvold
wrote:
> On Apr 27, 2010, at 8:50 PM, Richard Barnes wrote:
>...However, I was under the impression that having both forward and reverse
>for >dynamic IPs was a best practice..
Perhaps we should back up a bit and delete 'how' from the s
On Tue, Apr 27, 2010 at 4:25 PM, Jon Lewis wrote:
> breaks. i.e. they'll know its broken. When they change the default policy
> on the firewall to Accept/Allow all, everything will still work...until all
> their machines are infected with enough stuff to break them.
The same is true with IPv4 +
On Tue, Apr 20, 2010 at 3:08 PM, James Martin wrote:
> All:
> In the process of requesting a block of IP's for a client, ARIN requested
> that we list Reverse DNS Servers for the block. I've never done this
> before, nor have I ever thought it through.
The Reverse DNS zone is for mapping interne
On Mon, Apr 19, 2010 at 11:47 PM, Adrian Chadd
wrote: > On Tue, Apr 20, 2010, Perry Lorier
wrote:
>> could dimension a NAT box for an ISP. His research is available here
>> http://www.wand.net.nz/~salcock/spnat/tech_report.pdf . If walls of
>> text scare you (why are you reading this mailing lis
On Wed, Jan 20, 2010 at 9:52 AM, wrote:
> On Wed, 20 Jan 2010 08:01:50 CST, Jorge Amodio said:
>> Ohh yeah, now we can send sort of a telegram with multiple fonts and
>> colors almost from anywhere...
> At least it doesn't do BLINK ;)
Oh SMS/MMS do a few things that make blink tags look utter
On Thu, Apr 15, 2010 at 3:59 PM, William Pitcock
wrote:
> For someone who is a CCNA, Mikrotik Certified Whatever, etc, etc, etc,
> you really should know how to use dig(1).
Certifications usually only suggest certain skills or knowledge they
were designed to validate, and sometimes might fail ev
On Thu, Apr 8, 2010 at 9:35 PM, Brielle Bruns wrote:
> I grabbed that access-list from the routers directly, so thats why it's been
> generated already. If there's a tool for UNIX/Linux that can generate the
> wildcard masks from CIDR in bulk for use in creating ACLs, I'd be happy to
> put it up
On Sun, Apr 4, 2010 at 9:53 AM, A.B. Jr. wrote:
> Lots of traffic recently about 64 bits being too short or too long.
> What about mac addresses? Aren't they close to exhaustion? Should be. Or it
> is assumed that mac addresses are being widely reused throughout the world?
> All those low cost swi
On Sun, Apr 4, 2010 at 2:33 PM, Michael Sokolov
wrote:
> feature blocking seems to negate that. I mean, how could their
> disabled-until-you-pay blocking of "premium features" be effective if a
> user can get to the underlying Unix OS, shell, file system, processes,
Probably signed binaries, ver
On Sat, Apr 3, 2010 at 11:31 AM, George Bonser wrote:
> Any school teaching v4 at this point other than as a legacy protocol
> that they teach on the second year because "they might see it in the
> wild" should be closed down. All new instruction that this point should
> begin and end with v6 wit
On Fri, Apr 2, 2010 at 9:17 PM, jim deleskie wrote:
> not, but I've been asking people last few months why we don't just do
> something like this. don't even need to get rid of BGP, just add some
[snip]
> On Fri, Apr 2, 2010 at 11:13 PM, George Bonser wrote:
[snip]>> and there ya go. Oh, and prob
On Fri, Mar 26, 2010 at 9:29 PM, Chuck Anderson wrote:
> So basically, the problem is the core switches implement a proprietary
> loop-prevention protocol that sends "beacon" frames out every 500ms,
> and if a certain number of these special frames come back (exceeds
--> loop first, but I'm beginn
On Fri, Mar 26, 2010 at 5:21 PM, Matthew Huff wrote:
> Bpduguard if running cisco. set all the switch ports to bpduguard or enable
> it globally
Bpduguarding a cool idea, and not a bad protective measure, if running
that vendor's equipment, but it still allows a possibly large
disruption for
On Sat, Mar 13, 2010 at 7:52 AM, Mark Scholten wrote:
..
> It is probably the best way to get 1.x free if it is used by big websites.
> However I don't think that they will change it (to only use these IPs). I
> think they have an interest somewhere to not change it...
If they added a basic java
Well, those UDP captures appear to be BitTorrent Peer-to-Peer file
sharing traffic, or something disguised as such.
Note the "64 31 3a 61 64 32 3a 69 64 32 30 3a"
and also the textual reference to info_hash
On Fri, Mar 12, 2010 at 12:18 AM, Joe wrote:
>
> Not to distract from the IPV4/IPV6 th
On Mon, Feb 22, 2010 at 10:30 AM, Jeff Kell wrote:
> There's no way to do this without some underlying forwarding... and
Forwarding SMTP traffic consumes major bandwidth resources
(potentially), as the number of 'ports' eventually increases, and
seems like a juicy target for many different types
On Sun, Feb 21, 2010 at 1:16 PM, Patrick W. Gilmore wrote:
> You should not randomly respond to packets at arbitrary rates. If you do,
> you are being a bad Netizen for exactly this reason. See things like
> amplification attacks for why. ...
> --
Whether it's SMTP, TCP, or ICMP spam inv
On Sat, Feb 20, 2010 at 6:25 PM, Jon Lewis wrote:
> it off to jail. The questions of when/whether/and to who bounces should be
> sent is a debate for spam-l or nanae.
I don't know about that. Bounce handling is not a question of spam filtering.
Spam or not is orthogonal to the issue of forged r
>> > Does the RFC say what to do if the reverse-path has been
>> > damaged and now points to somebody who had nothing
>> > what ever to do with the email?
Do the TCP RFCs say what to do in response to a SYN packet, if the
source IP address has been damaged, and now points to some source IP
that has
On Sat, Feb 20, 2010 at 2:34 PM, Mike Lyon wrote:
hm..If you really want to snarf the imap, think fetchmail for
downloading. hypermail/pipermail for parsing. Get it into a DBM
(such as PgSQL) and perform full-text indexing. Or coax Hypermail into
generating HTML flat files
Then your full-
On Thu, Feb 18, 2010 at 3:49 PM, Larry Sheldon wrote:
> On 2/18/2010 2:36 PM, Crist Clark wrote:
> Would appear to this uninformed ignoramus that Barracuda is using the
> data for a commercial purpose and should be buying the feed.
According to the Spamhaus web site, Your mail volume is automati
On Sun, Feb 14, 2010 at 7:55 PM, Larry Sheldon wrote:
> I understand that--but it the TTL is being managed correctly the server
> answering authoritatively ought to stop doing so when the TTL runs out,
> since it will not have had its authority renewed.
The TTL can never "run out" on an author
On Thu, Feb 11, 2010 at 7:30 PM, Hector Herrera wrote:
> As far as I can tell from IANA, the block 192/8 is allocated to ARIN.
> ARIN does not have a record of 192.255.103 being allocated to anybody.
I can infer very strongly that the block has probably not been
allocated, or if it was, has not b
On Thu, Feb 11, 2010 at 1:41 PM, J.D. Falk
wrote:
> Some types of conversations simply don't take well to automation.
>
However, automatically indexing/archiving such conversations for
future reference can be useful (and can assist participants to the
conversation in looking up past similar conv
On Wed, Feb 10, 2010 at 3:00 PM, David Hubbard
wrote:
> Residential computers with enough bandwidth to DoS
> hosting providers; that should be fun. Maybe it will
Enough to DoS hosting providers based on _current_ practices. If 1g
FTTH catches on, hosting providers will probably want 10/100 Gig
On Fri, Feb 5, 2010 at 12:15 AM, wrote:
>> > And now for the trick question. Is :::077.077.077.077 a legal
>> > mapped address and if it, does it match 077.077.077.077?
Wasn't there an internet draft on that subject, recently?
http://tools.ietf.org/html/draft-ietf-6man-text-addr-representa
ed message ------
From: James Hess
Date: Sat, Jan 30, 2010 at 12:23 AM
Subject: Re: SSH brute force China and Linux: best practices
To: Bobby Mac
For home?Turn off the SSH daemon and keep it off, unless you really need it.
Or use iptables and /etc/hosts.deny + /etc/hosts.allow
to limit acces
On Sat, Jan 23, 2010 at 5:51 PM, Dobbins, Roland wrote:
> It isn't 'FUD'.
> redistribute connected.
In that case, the fault would lie just as much with the unconditional
redistribution policy, as the addressing scheme, which is error-prone
in and of itself.
No matter how you address your links o
On Sat, Jan 23, 2010 at 7:50 AM, Dobbins, Roland wrote:
> On Jan 23, 2010, at 7:56 PM, Mikael Abrahamsson wrote:
"We should forget about small efficiencies, say about 97% of the time:
premature optimization is the root of all evil" --Donald Knuth
> A couple of points for thought:
> 1. Yes
On Thu, Jan 21, 2010 at 9:52 PM, Gadi Evron wrote:
> On 1/15/10 5:52 PM, Steven Bellovin wrote:
..> 2. Is Microsoft, while usually timely and responsible, completely
> irresponsible in wanting to patch this only in February? While they patched
> it sooner (which couldn't have been easy), their ove
On Tue, Jan 12, 2010 at 1:33 AM, Pierfrancesco Caci wrote:
..
> Maybe next time drop me a line when it's happening, I don't see the
> route from the customer now.
Can still be seen on routeviews... a ghost route, perhaps?
route-views6.routeviews.org> show bgp d000::
BGP routing table entry f
On Sun, Jan 10, 2010 at 11:47 AM, William Herrin wrote:
> On Sun, Jan 10, 2010 at 3:48 AM, James Hess wrote:
>> there are a few different things that can be
>> done, such as the firewall answering on behalf of the server (using
>> SYN cookies) and negotiating connection
On Fri, Jan 8, 2010 at 10:48 AM, Joe Greco wrote:
> Putting a stateful firewall in front of that would be dumb; the server
> is completely capable of coping with the superfluous SYN's in a much
> more competent manner than the firewall.
The trouble with blanket statements about "all stateful fire
On Sat, Jan 9, 2010 at 8:09 PM, Martin Hannigan
wrote: >..
> is reasonable to inject it and everyone who can ignore it should
> simply ignore it.
"confidentiality notices" are non-innocuous for recipients who pay per
kilobyte for data service, or who are frustrated by time wasted by
reading the
On Wed, Jan 6, 2010 at 1:12 PM, Jim Burwell wrote:
[snip]
> Yeah. And for devices with no console, only network interfaces, a
> default IP address, no default password, and no default route (just in
> case they plug it into a real LAN instead of a laptop. :p ).
Ah... don't worry about default
On Tue, Jan 5, 2010 at 11:41 PM, Dobbins, Roland wrote:
> On Jan 6, 2010, at 11:52 AM, Jonathan Lassoff wrote:
> DDoS attacks are attacks against capacity and/or state. Start reducing
DDoS, by its very nature is a type of attack that dances around
common security measures like conventional fi
On Tue, Jan 5, 2010 at 2:16 PM, Brian Johnson wrote:
> I have my own idea of what a firewall is and what it does. I also
A firewall is a term for a class of device (or software program). Ask
different people and you should get different answers, depending on
who you ask.
Windows firewall... bp
On Fri, Dec 18, 2009 at 1:24 PM, Jonny Martin wrote:
> On Dec 19, 2009, at 1:47 AM, Fred Baker wrote:
..
> modified if need be - to achieve this. Mixing billing with the reachability
> information signalled through BGP just doesn't seem like a good idea.
Indeed not.. but it might offer one adva
On Thu, Dec 17, 2009 at 6:54 AM, Tony Finch wrote:
> On Wed, 16 Dec 2009, Douglas Otis wrote: > more polite to use a nonexistent
> name that you control, but that doesn't allow the source MTA to skip
> further DNS lookups
If you want to be kind, point the MX to an A record that resolves to
On Tue, Dec 15, 2009 at 11:30 PM, Adam Armstrong wrote:
> personally, i'd recommend not being a dick and setting valid *meaningful*
> reverse dns for things relaying mail.
Many sites don't use names that will necessarily be meaningful to an outsider.
Sometimes the non-meaningful name is the actua
On Wed, Nov 25, 2009 at 2:58 PM, Jorge Amodio wrote:
[snip]
> What needs to be done to have ISPs and other service providers stop tampering
> with DNS ?
Well, NXDOMAIN substitution, on ISP provided DNS servers, is not
"tampering with DNS", anymore than spam/virus filtering/attachment
limits, d
On Mon, Nov 16, 2009 at 6:23 PM, Jack Kohn wrote:
> However, i still dont understand why AH would be preferred over
> ESP-NULL in case of OSPFv3. The draft speaks of issues with replaying
> the OSPF packets. One could also do these things with AH.
> Am i missing something?
Neither protects agains
On Sat, Oct 24, 2009 at 8:00 AM, William Allen Simpson
> What's going on? Since when are we required to take down an entire
> customer's net for one of their subscriber's so-called infringement?
Since people are afraid. Organizations may send DMCA letters,
whether they are valid or not; the rec
On Fri, Oct 23, 2009 at 5:43 PM, Justin Shore wrote:
>[...] Just because someone bought themselves a
>Camry doesn't mean that Toyota is deciding for them that they can't haul
> 1000lbs of concrete with it. [...]
Server does not necessarily equal business. A server that handles
a few perso
On Tue, Oct 13, 2009 at 6:34 PM, Cord MacLeod wrote:
> IPv4? What's the point of a /64 on a point to point link? I'm not clear
IP Addressing uniformity and simplicity.
Use of /127s for Point-to-Point links introduces addressing
complexity that may be avoided in V6: the scarcity of I
>> unimaginably huge *classless* network. Yet, 2 hours into day one, a
>> classful boundary has already been woven into it's DNA. Saying it's
No bit patterns in a V6 address indicate total size of a network. v6
doesn't bring classful addressing back or get rid of CIDR..
v6 dispenses with somet
On Wed, Aug 26, 2009 at 3:01 PM, wrote:
> (Seriously - if 95% of the mail out there is spam, then the top 4-5 MTAs are
> probably the ratware that's sending out the spam. Something to consider...)
http://www.mailradar.com/mailstat/
Some of the most popular:
1. Sendmail; (24%)
2. Postfix (20%)
3.
On Tue, Aug 25, 2009 at 7:53 AM, Jeff Aitken wrote:
>[..] Periodically inducing failures to catch [...] them is sorta like using
>your smoke detector as an oven timer.
>[..]
> machine-parsable format, but the benefit is that you know in pseudo-realtime
> when something is wrong, as opposed to find
On Mon, Aug 17, 2009 at 4:19 PM, Darren Bolding wrote:
> the ICMP reply leaves with the same DSCP marking.
ICMPs may have special treatment. This is the kernel replying, not a
user application.
> However, when I do this with apache and mysql connections (TCP 80/3306), the
> incoming packets are m
I wouldn't condone usage of SORBS' lists, because they sometimes use
robots to automatically list things that have little rational basis
for being listed, which causes problems. But it may be hard to
convince your mail recipients to avoid the same.
Commonly, providers may give un-assigned s
On Sat, Jul 11, 2009 at 11:08 AM, Christopher
Morrow wrote:
> >From www.sorbs.net:
> "It comes with great sadness that I have to announce the imminent
[snip]
You might want to read the June 25th update they made to the
announcement, as shown on the very same page.
"
SORBS has had 2 offers of hosti
On Mon, May 11, 2009 at 7:04 PM, Ben Scott wrote:
> On Mon, May 11, 2009 at 6:01 PM, Patrick W. Gilmore wrote:
>[snip]
Many OSes should handle it correctly, in principle, there's nothing wrong with
hosts homed twice to the same network and addressed inside the same
subnet, but for Linux hosts,
> 29/256 = 11% of the available address space. My argument is, if
> someone is scanning you from random source addresses blocking 10%
> of the scan traffic is reaching a point of very little return for
> the effort of updating the address lists, and as we all know it is
> getting smaller and small
On Thu, May 7, 2009 at 3:10 PM, D'Arcy J.M. Cain wrote:
> It is. I understand what they are trying to do but we were cut off
> from some places because someone else in the huge upstream we are with
> did something that appeared to be spam. It's too broad of a brush.
It's not the tool or list it
On Fri, May 1, 2009 at 8:46 PM, Joel Jaeggli wrote:
> By definition, every single one of them that buys wireless router, then
> buys another and hangs it off the first. That happens more often then
> you would think.
A /62 takes care of that unusual case, no real need for a /56 for
the average
>> I have trouble understanding why an ARIN record for a network regularly
>> receiving new, out-sized IPv4 allocations on the order of millions of
>> OrgName:Cellco Partnership DBA Verizon Wireless
>> CIDR: 97.128.0.0/9
>> Comment:Verizon Wireless currently has 44.3 Million
>> Commen
On Sat, Jan 24, 2009 at 9:00 PM, Frank Bulk wrote:
> I would not recommend sucking in your dns log into array, rather, read line
> by line and iterate over the file, line by line.
>
> Frank
True.. reading into an array can get a bit nasty, if your server logs
are a few gigabytes in size.
Could u
On Sun, Jan 4, 2009 at 10:27 PM, wrote:
> On Sun, Jan 04, 2009 at 09:55:20PM -0600, Gadi Evron wrote:
>> A legal botnet is a distributed system you own.
>> A legal DDoS network doesn't exist. The question is set wrong, no?
>kind of depends on what the model is. a botnet for hire
>
On Wed, Dec 24, 2008 at 11:38 AM, Scott Morris wrote:
> I would guess (hope?) that most, if not all, providers filter the RFC1918
> space addresses from entering or leaving their networks unchecked. But just
> my two cents there...
All sites (not just providers) should, but many just don't do wh
>> On 08.12.13 09:33, Tomas L. Byrnes wrote:
>>> anyone with half a brain blocks proxies from their e-commerce site.
>> can you know at a reasonable confidence level that it's a proxy?
> Give me an IP address (privately, of course). I can tell you if it is, with
> consult from other colleagues in t
It's also not effective in various situations.
The bad behavior is not disabling abused domains, it's the method used to do it
(by giving no answer instead of actively giving a negative answer).
When a http client asks recursive resolver A for an A RR, and no
response is received,
the client wil
I don't think he wants the domain. The problem is Godaddy listing NS
records for some domains (for any reason) to only DNS servers that
were all down or didn't exist. The entry of only lame DNS servers is
an inconclusive situation and doesn't let a message be permanently
rejected as spam; it's
On Sun, Nov 2, 2008 at 8:29 PM, Martin Hannigan <[EMAIL PROTECTED]> wrote:
> But according to Sprint, this isn't a peering spat. This is a customer
> who didn't pay their bill.
>
> Probably useful to keep that in perspective.
> -M<
I would say it's a "peering spat", because Cogent's press releases
Perl provides some cleaner methods for interpreting/displaying IPs.
There isn't a formal standard notation for an IP that looks like a string of
decimal digits with no dots though.
I.e. no RFC will define the host byte order and tell you that "127.0.0.1"
corresponds to the decimal integer 21307064
On Thu, Jul 24, 2008 at 8:35 AM, Joe Greco <[EMAIL PROTECTED]> wrote:
> If the old code system could result in an infected name server in 11
> seconds, this "fix" looks to me to be at best a dangerous and risky
> exercise at merely reducing the odds. Some criminal enterprise will
> figure out that
> I'm still having a hard time seeing what everyone is getting worked up about.
Maybe it's not that bad. The eventual result is instead of having a
billion .COM SLDs, there are a billion TLDs: all eggs in one basket,
the root zone -- there will be so many gTLD servers, no DNS resolver
can cache
> > Our mail servers reject connections that don't follow the RFC. Am I
> > wrong to do this?
> Seth,
> RFC 1122 (Requirements for Internet Hosts - Communication Layers)
> section 1.2.2 (Robustness Principle):
>
> "Be liberal in what you accept, and
> conservative
On Jan 4, 2008 6:02 PM, Rick Astley <[EMAIL PROTECTED]> wrote:
> I know large mostly unused pools of client IP's make it more difficult to
> use traditional worm propagation methods in IPv6[1], but if customers move
> from IPv4 "firewalls" to IPv6 "routers", we still lose an important layer of
>
On Dec 31, 2007 3:26 PM, Church, Charles <[EMAIL PROTECTED]> wrote:
> like a natural choice, leaving 80 bits for network addressing. This
> waste of space seems vaguely familiar to handing out Class A netblocks
> 20+ years ago. "We'll never run out"... Maybe it's just me though.
The compariso
On Dec 20, 2007 8:13 PM, Greg Skinner <[EMAIL PROTECTED]> wrote:
>
> Personally, I have trouble accepting some of the claims the
> geotargeting companies have made, such as Quova's 99.9% to the country
> level, and 95% to the US state level. ( More info at
> http://www.quova.com/page.php?id=132 )
Possible scenario...
Subscriber bandwidth caps are in theory too high, if the ISP can't support it --
but if the ISP were to lower them, the competition's service would look better,
advertising the larger supposed data rate -- plus the cap reduction would hurt
polite users.
In the absence of the
On 7/23/07, Perry Lorier <[EMAIL PROTECTED]> wrote:
With my Undernet admin hat on, we have regular issues with botnets and
the like for years and probably will for the foreseeable future.
In my personal experience we see a new "crop" of script kiddies about
every 6 months to a year. Generall
On 7/22/07, Steven M. Bellovin <[EMAIL PROTECTED]> wrote:
I would suggest not underestimating the ingenuity and persistence of
the bad guys
to escalate the neverending war, when a new weapon is invented to use
against them. If there's a way around it, history has shown, the new
weapon quickly b
On 6/18/07, Suresh Ramasubramanian <[EMAIL PROTECTED]> wrote:
On 6/18/07, Jeroen Massar <[EMAIL PROTECTED]> wrote:
> Of course, though 25 is (afaik ;) the most abused one that will annoy a
> lot of other folks with spam, phishings and virus distribution, though
> the latter seems to have come to
1 - 100 of 101 matches
Mail list logo
