Re: HTTPS-everywhere vs. proxy caching

On Fri, May 3, 2013 at 3:33 PM, Wes Felter wrote: > On 5/3/13 2:06 PM, Jay Ashworth wrote: > >> It occurs to me that I don't believe I've seen any discussion of the >> Unexpected Consequence of pervasive HTTPS replacing HTTP for >> unauthenticated >> sessions, like non-logged-in users browsing si

Re: Announcing a reserved ASN?

Some links: http://www.nanog.org/meetings/nanog45/presentations/Tuesday/Hankins_4byteASN_N45.pdf https://tools.ietf.org/html/rfc6793 On Sun, Feb 3, 2013 at 11:15 AM, Brandon Ross wrote: > I strongly recommend that you read about and fully understand how 4-byte > ASNs work, and their use of AS23

Re: btw, the itu imploded

See also: http://www.ipv.sx/wcit/ On Fri, Dec 14, 2012 at 2:41 PM, Randy Bush wrote: > >

Re: Middle East MPLS

Where MENOG list == me...@menog.net http://www.menog.org/ On Wed, Nov 28, 2012 at 3:31 PM, Scott Weeks wrote: > > > --- 2asx1y...@sneakemail.com wrote: > > Anyone from Etisalat on list? I'm interested in some MPLS connectivity > into Dubai. > > > > > Try on

Re: Big day for IPv6 - 1% native penetration

On Mon, Nov 26, 2012 at 12:15 PM, Cameron Byrne wrote: > On Mon, Nov 26, 2012 at 8:27 AM, Dobbins, Roland > wrote: > > > > On Nov 26, 2012, at 10:36 PM, Cameron Byrne wrote: > > > >> Ipv6 is not important for users, it is important for network operators > who want to sustain their business. > >

Re: "authority" to route?

I think Heather was pointing out that this would be a good time to actually use it. On Fri, Nov 16, 2012 at 12:55 PM, wrote: > On Thu, 15 Nov 2012 23:05:39 -0800, Kyle Creyts said: > > Jeez, isn't RPKI supposed to solve this problem? > > That would presume the existence of a deployed system tha

Re: Throw me a IPv6 bone (sort of was IPv6 ignorance)

The folks that have done the most work in enabling IPv6-only end users seem to be CERNET2 in China. To let people get to v4, they're using what they call IVI (get it?), which is basically NAT64+DNS64. If you don't mind runn

Re: CAIDA's AS-rank project

No IPv6? On Thu, Sep 6, 2012 at 6:46 PM, Matthew Luckie wrote: > Hello, > > We have been working on refreshing the data and algorithms behind CAIDA's > as-rank project. We have published AS-relationships and AS-rankings > computed for June 2012. We are currently seeking further validation of ou

Re: RPKI Pilot Participant Notice

I think Randy meant to imply that requiring anyone that wants to actually use the RPKI to make a legal agreement with ARIN might not be the best way to encourage deployment. On Wed, Sep 5, 2012 at 2:56 PM, Mark Kosters wrote: > On 9/5/12 3:26 AM, "Randy Bush" wrote: > >>can you find the fatal f

Re: Regarding smaller prefix for hijack protection

This seems like an opportune time to remind people about RPKI-based origin validation as a hijack mitigation: I haven't run the numbers, but

Re: Drupal-GEO maping

http://lmgtfy.com/?q=drupal+geo+ip http://lmgtfy.com/?q=joomla+geo+ip On Tue, Jun 5, 2012 at 3:19 PM, Anurag Bhatia wrote: > Hi James > > > Nice question. I am interested if someone can suggest some similar > extension or some code to integrate it within Joomla too. > > > > Thanks. > > On Wed, Ju

Re: rpki vs. secure dns?

>>> So in RPKI, partial data – so you failed to fetch one of the ROAs in the >>> set – can make something 'invalid' or 'unknown' that should actually be >>> 'valid'. >>> http://tools.ietf.org/html/rfc6483#page-3 >> >> I wouldn't read that as saying that the RPKI requires you to have full >> data

Re: rpki vs. secure dns?

> i can tell more than that. rover is a system that only works at all > when everything everywhere is working well, and when changes always > come in perfect time-order, Exactly like DNSSEC. >>> >>> no. dnssec for a response only needs that response's delegation and >>> signing pat

Re: Operation Ghost Click

ISPs in the Netherlands have had a "botnet treaty" in effect since 2009, which calls for blocking, user notification, and inter-ISP information sharing.

Re: Cool IPs: 1.234.35.245 brute force SSHing

While you're in Korea, you could talk to Samsung as well about 123.32.0.0/12 (including 123.45.67.89). Closer to home, you could also talk to AT&T about 12.0.0.0/8 (12.34.56.78). --Richard On Sat, Feb 25, 2012 at 2:26 AM, Joel M Snyder wrote: > Normally I wouldn't say anything to anyone about an

Re: do not filter your customers

>> I think if we asked telstra why they didn't filter their customer some >> answer like: >> 1) we did, we goofed, oops! >> 2) we don't it's too hard >> 3) filters? what? >> >> I suspect in the case of 1 it's a software problem that needs more >> belts/suspenders >> I suspect in the case of 2 it's

HP contact?

Anyone have a clueful contact at HP? One of their proprietary DHCP features is squatting on an IANA-registered code point. Thanks, --Richard

Re: Iran blocking essentially all encyrpted protocols

FWIW: A colleague in Iran was able to connect to a server in the US using HTTPS on a non-standard port (). It appears that the Iranian government is not blocking TLS/HTTPS per se, but just port 443. So in principle, if there were just some HTTPS proxies using non-standard ports, then people w

Re: Dear RIPE: Please don't encourage phishing

So because of phishing, nobody should send messages with URLs in them? On Fri, Feb 10, 2012 at 8:56 AM, Steven Bellovin wrote: > I received the enclosed note, apparently from RIPE (and the headers check > out). > Why are you sending messages with clickable objects that I'm supposed to use > t

Re: Thanks & Let's Prevent this in the Future.

In related news, the IETF working group that is writing standards for the RPKI is having an interim meeting in San Diego just after NANOG. They deliberately chose that place/time to make it easy for NANOG attendees to contribute, so comments from this community are definitely welcome.

Re: http://tools.ietf.org - Down

There was some discussion of this on tools-disc...@tools.ietf.org. There was a temporary issue that I believe has been resolved. --Richard On Tue, Jan 31, 2012 at 11:59 AM, Matt Taylor wrote: > Fine for me, .au > > Matt. > > > On 31/01/2012 9:59 PM, Sébastien Riccio wrote: >> >> Up from here (

Re: Why not to use RPKI (Was Re: Argus: a hijacking alarm system)

BBN has also released an initial version of their relying party software. Core features are basically the same as the other validators (namely, RPKI certificate validation), with -- more fine-grained error diagnostics and -- more robust support for the RTR protocol for distributing validated infor

Re: Whacky Weekend: Is Internet Access a Human Right?

The analogy that occurs to me is to roads. People generally have a right of free movement, which implies that if they are capable of using roads (e.g., if they have a car and can drive it), then they should be generally free to do so, certain reasonable legal constraints notwithstanding. And in t

Re: Global BGP and Google

See also this: https://labs.ripe.net/Members/denis/geolocation-prototype-for-ripe-database Speak up if you want something similar in the ARIN or LACNIC regions. --Richard On Dec 5, 2011 5:19 PM, "Andy Warner" wrote: On Tue, Dec 6, 2011 at 2:41 AM, Victor Esposito wrote: > Has anyone had a...

Re: Recent DNS attacks from China?

An attack originating from somewhere indicates the presence of either an attacker or a compromised host. A particular density of either in a particular geographical area would seem like an interesting data point. --Richard On Wed, Nov 30, 2011 at 1:24 PM, andrew.wallace wrote: > Before we see k

Re: Historical records of IP allocations

Sounds like a good application for INRDB: RIPEstat also has at least its routing history, back as far as 2006: On Sun, Nov 6, 2011 at 7:01 PM, Louis P wrote: > Hello

Re: using IPv6 address block across multiple locations

Couldn't you also advertise the /48 from all the sites, if you're willing to sort things out over the inter-site VPNs?--Richard On Mon, Oct 31, 2011 at 4:37 AM, Mikael Abrahamsson wrote: > On Mon, 31 Oct 2011, Dmitry Cherkasov wrote: > >> Need your advice: is this normal to distribute /48 by /56 p

Re: meeting network

VPN traffic was also slow / bursty. So I guess there's some capacity issues as well as layer 7 cruft. On Oct 10, 2011 10:20 AM, "Randy Carpenter" wrote: On the hotel network, I have also seen some issues beyond getting an address. I can usually trace just fine, but applications, specifically web

Re: meeting network

Problem for me at least has not been the MAC layer (either hotel room or meeting room), it was that the DHCP server was not responding. Ironically, I could still see everyone's Bonjour and SMB service advertisements. --Richard On Mon, Oct 10, 2011 at 8:46 AM, Nick Hilliard wrote: > On 10/10/201

Re: Botnets buying up IPv4 address space

If not short-lived, then at least self-limiting. --Richard On Fri, Oct 7, 2011 at 3:15 PM, Christopher Morrow wrote: > On Fri, Oct 7, 2011 at 3:10 PM, Arturo Servin wrote: >> >>        I agree with Benson. >> >>        In fact, for this "problem" I find irrelevant that IPv4 is running >> out. T

Re: Internet mauled by bears

And if they turn up the voltage on the fence high enough, dinner could be cooked by the time the crew gets there! On Sep 19, 2011 9:34 PM, "Suresh Ramasubramanian" wrote: On Tue, Sep 20, 2011 at 12:20 AM, John van Oppen wrote: > We had a cow br... Your crews turning up there the next time a cow

Re: Why are we still using the CA model? (Re: Microsoft deems all DigiNotar certificates untrustworthy, releases updates)

There's an app^W^Wa Working Group for that. On Sun, Sep 11, 2011 at 2:44 PM, Mike Jones wrote: > On 11 September 2011 16:55, Bjørn Mork wrote: >> You can rewrite that: Trust is the CA business.  Trust has a price.  If >> the CA is not trusted, the price increases

Re: Saudi Telecom sending route with invalid attributes 212.118.142.0/24

Looks like the RIS collectors are seeing it originating mostly from STC and KACST ASNs: Some of the "show ip bgp" reports on that screen are also showing AS8866 "BTC-AS Bulgarian Telecommunication Company". Not sure what's up with that. --Richard On Sat

Re: Errant Advertisement - 128.1/16

Plus, technically, since symbolics.com was non-operational for a while, bbn.com is the oldest .com domain in continuous operation. And you'll notice that it has IPv6-reachable web and DNS servers :) On Mon, Aug 8, 2011 at 11:29 AM, Peter Stockli wrote: > Wow, BBN, the reason we use the @ sign, s

Re: unqualified domains, was ICANN to allow commercial gTLDs

The same type that Colombia/NeuStar is doing with .co? On Sun, Jun 19, 2011 at 2:49 PM, Chris Adams wrote: > Once upon a time, Randy Bush said: >> > Now I'm tempted to be the guy that gets .mail >> >> express that temptation in dollars, and well into two commas. > > Imagine the "typo-squating"

Re: Re: v6 Avian Carriers?

Be careful what you wish for: On Fri, Apr 1, 2011 at 6:47 PM, Dorn Hetzel wrote: > I was thinking today would be a good day to write an RFC for "fractional > DHCP" where end-users can get issued say 1/64 of an v4 IP, say > 155.229.10.20:1024-2047.  

Re: The state-level attack on the SSL CA security model

Which is especially funny since Comodo is citing the fact that they've had no OCSP requests for the bad certs as evidence that they haven't been used. --Richard On Thu, Mar 24, 2011 at 10:53 AM, Tony Finch wrote: > Harald Koch wrote: >> >> This story strikes me as a success - the certs were r

Re: Interesting google redirects.

What networks are the affected clients on? On Thu, Mar 3, 2011 at 10:53 AM, Skywing wrote: > (Apologies for the top-post.) > > I've been experiencing the same.  Seems like their geolocation data is busted > (since last morning at least), if I had to take a guess. > > - S > > -Original Messa

Re: Mac OS X 10.7, still no DHCPv6

>>       Anyone care to start the IPv4 dead pool, Price is Right >> style, for when the last v4 NLRI is removed from the DFZ? > > That's funny, I don't care what galaxy you're from :) So that puts your bet at more than 25,000 years?

Re: Mac OS X 10.7, still no DHCPv6

>> In fairness, said device can do the same sort of inspection of SLAAC >> traffic.  It just looks at neighbor discovery messages instead of DHCP >> messages. >> >> > > Any known (existing) or planned implementations of this? None that you can buy

Re: Mac OS X 10.7, still no DHCPv6

In fairness, said device can do the same sort of inspection of SLAAC traffic. It just looks at neighbor discovery messages instead of DHCP messages. On Sun, Feb 27, 2011 at 2:17 PM, Leigh Porter wrote: > > > On 27 Feb 2011, at 19:07, Antonio Qu

Re: 123.45.67.89

Looks like that's in a CEGETEL dynamic pool in France. Maybe you should sign up for their service? On Fri, Feb 18, 2011 at 12:01 PM, Matlock, Kenneth L wrote: > I'm not s

Re: NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet

Never mind, Messrs. Cowie and Baker answered my question: <http://mailman.nanog.org/pipermail/nanog/2011-February/033181.html> Couldn't have paths through Egypt if layer 2 were cut off. (Right?) --Richard On Wed, Feb 16, 2011 at 5:38 PM, Richard Barnes wrote: > It also seems l

Re: NYTimes: Egypt Leaders Found ‘Off’ Switch for Internet

It also seems like a question that could be decided empirically. Can anyone on here comment on whether or not the BGP session ended gracefully and the link lights remained lit? --Richard On Wed, Feb 16, 2011 at 9:09 AM, Marshall Eubanks wrote: > > On Feb 16, 2011, at 12:15 AM, Joly MacFie wro

Re: My upstream ISP does not support IPv6

This seems ironic, given the number of ISPs I've heard say "There's no customer demand." --Richard On Thu, Feb 3, 2011 at 10:04 PM, Franck Martin wrote: > The biggest complaint that I hear from ISPs, is that their upstream ISP does > not support IPv6 or will not provide them with a native IPv6

Re: ipv4's last graph

Note that the ARIN, APNIC, and RIPE lines should all basically level out to asymptotes after they hit 1 /8 left, due to the "soft run out" policies in place [1][2][3]. Either that, or just consider arriving at 1 /8 left as depletion. Geoff: How are your graphs dealing with these policies? [1]

Re: APNIC description: "unknown"

Some times they're not so anonymous :) 122.200.40.0/21 38272 >>UNKNOWN<< "Sonargaon Online Limited(SOL) is the leading Internet Service Provider in Dhaka" " 40/1, Rahman Plaza Shahid Faruk Road (4th Floor) Jatrabari,

Re: Future of the IPv6 CPE survey on RIPE Labs - Your Input Needed

Could you elaborate? Which circumstances? On Wed, Jan 26, 2011 at 4:23 AM, Owen DeLong wrote: > It works for routing native IPv6 under some circumstances as well. > > Owen > > On Jan 26, 2011, at 12:01 AM, Mohacsi Janos wrote: > >> >> >> >> On Wed, 26 Jan 2011, Franck Martin wrote: >> >>> What a

Re: [arin-announce] ARIN Resource Certification Update

On Mon, Jan 24, 2011 at 9:16 PM, Danny McPherson wrote: > > On Jan 24, 2011, at 9:02 PM, Joe Abley wrote: >> >> In this case the DNS delegations go directly from RIR to C; there's no >> opportunity for A or B to sign intermediate zones, and hence no opportunity >> for them to indicate the legiti

Re: [arin-announce] ARIN Resource Certification Update

It's in-band only in the sense of delivery. The worst that a corruption of the underlying network can do to you is deny you updates; it can't convince you that a route validates when it shouldn't. And even denying updates to your RPKI cache isn't that bad, since the update process doesn't really

IPv6 prefix lengths

Hi all, What IPv6 prefix lengths are people accepting in BGP from peers/customers? My employer just got a /48 allocation from ARIN, and we're trying to figure out how to support multiple end sites out of this (probably around 10). I was thinking about assigning a /56 per site, but looking at the

Re: NIST IPv6 document

> IPv6) I can scan your v6 /64 subnet, and your router will have to send > out NDP NS for every host I scan.  If it requires "incomplete" entries > in its table, I will use them all up, and NDP learning will be broken. >  Typically, this breaks not just on that interface, but on the entire > router

Re: 2010 IPv4 (and IPv6) Address Use Report

Certainly not. I was thinking more if people wanted something to pass on to management, marketing, mother, etc --Richard On Tue, Jan 4, 2011 at 12:21 PM, Iljitsch van Beijnum wrote: > On 4 jan 2011, at 17:30, Richard Barnes wrote: > >> Also, for a slightly more average-person-f

Re: 2010 IPv4 (and IPv6) Address Use Report

Also, for a slightly more average-person-friendly view, see Iljitsch's article in Ars Technica: On Tue, Jan 4, 2011 at 6:29 AM, Iljitsch van Beijnum wrote: > [ (Non-cross)posted to NANO

Re: Wireless IPv6

FWIW, the same does not appear to be true of the Verizon 3G network. (Not that anyone expected it to be.) My VZW device has a NATted v4 address and only link-local v6. On Dec 28, 2010 1:26 PM, "Cameron Byrne" wrote: On Tue, Dec 28, 2010 at 10:15 AM, wrote: > On Tue, 28 Dec 2010 12:49:37 E...

Re: wikileaks dns (was Re: Blocking International DNS)

> Other possible solution would be a DNSarchive, in > the same way there is a WebArchive. Any volunteer? The RIPE REX tool provides something like this, at least for the reverse tree.

Re: CAP / WARN / iPAWS

There is also some work in the IETF on the more general problem of distributing early warning messages: Right now, they're taking a pretty layer-7 approach (distributing CAP in SIP messages), but part of their charter is figuring out how this application relates to

Re: Online games stealing your bandwidth

BitTorrent have been active contributors to the IETF LEDBAT working group, which is looking at transport protocols that back off much more aggressively than TCP, with exactly the idea of making P2P have a lower impact on other things at the customer edge. On T

Re: Online games stealing your bandwidth

010, at 4:32 PM, "Richard Barnes" > wrote: > >> There's some standardization work being done in the IETF ALTO working >> group.  They're looking at ways ISPs can inform P2P clints about which peers >> are "better", I.e., topologically nearby.

Re: Online games stealing your bandwidth

There's some standardization work being done in the IETF ALTO working group. They're looking at ways ISPs can inform P2P clints about which peers are "better", I.e., topologically nearby. http://tools.ietf.org/wg/alto/ I'm less familiar with DECADE, but I believe they're working on more directly

Re: ip block history.

RIPE has been developing a couple of projects to support this sort of history searching: Internet Resource Database (INRDB): Resource EXplainer (REX): On Tue, Sep 14, 2010 at 5:46

Re: IP characteristics for 3G and WiFi links

On Thu, Aug 26, 2010 at 6:26 AM, Daniel Migault wrote: > Hi, > > We are testing protocols on our lab platform and we would like to simulate > communication 2 types of communication : >   - From terminals to service platform using a 3G (HSPA / HSPA+) Access > connection >   - From terminal to servi

Re: Inquiries to Acquire IPs

Maybe APNIC should give him 1.1.1.1 and see how he likes it! On Fri, Jul 2, 2010 at 3:33 PM, Jess Kitchen wrote: > On Fri, 2 Jul 2010, Kevin Stange wrote: > > Hello, > > According to Whois data, you company owns the following > IP address space: > > 206.220.220.0/24 >> >

Re: The Economist, cyber war issue

Apparently the Economist has just become aware of the coming 8-bit apocalypse: On Thu, Jul 1, 2010 at 9:25 AM, Gadi Evron wrote: > The upcoming issue will be about cyber war. Check out the front page image: > > http://sphotos.ak.fbcdn.net/hphotos-ak-sn

Re: ATT BGP - Advertising my network on accident

So, as periodically happens to me, what started as an idle curiosity turned into an experiment. I took a look at a RIB snapshot from Friday, from one of the RouteViews collectors, to see how common it is that a block gets advertised by two different ASes, as a whole block by one, and as a set of s

Re: ATT BGP - Advertising my network on accident

I wonder how much of the de-aggregation in the routing table is attributable to issues like this? On Fri, Jun 25, 2010 at 9:56 AM, Eric Williams wrote: > This issue has been resolved by breaking up the /22 into /24's.  Thanks to > all for the advise. > > Maybe next time I will take someone's adv

Re: DNS performance...

... and here's the direct link to the full report: <https://www.dns-oarc.net/files/rzaia/rzaia_report.pdf> On Wed, May 5, 2010 at 4:48 PM, Richard Barnes wrote: > OARC did a performance study of a few name servers in the context of > root zone scaling, but it should be gener

Re: DNS performance...

OARC did a performance study of a few name servers in the context of root zone scaling, but it should be generalizable: On Wed, May 5, 2010 at 4:41 PM, Donald Eastlake wrote: > Hi, > > There are a large number of DN

Re: [Nanog] Re: IPv6 rDNS - how will it be done?

Presumably, if you've already got a script that's provisioning reverse results, you could amend it to add name constraints. No idea if this is possible with current DynDNS software, though. --Richard On Tue, Apr 27, 2010 at 9:10 PM, Jason 'XenoPhage' Frisvold wrote: > On Apr 27, 2010, at 9:00

Re: [Nanog] Re: IPv6 rDNS - how will it be done?

ither find something there or fail. On Tue, Apr 27, 2010 at 9:19 PM, Larry Sheldon wrote: > On 4/27/2010 19:50, Richard Barnes wrote: >> Naďve question: If you used macro expansion, wouldn't you end up >> providing responses for a lot of addresses that aren't in use?  Ma

Re: [Nanog] Re: IPv6 rDNS - how will it be done?

Naïve question: If you used macro expansion, wouldn't you end up providing responses for a lot of addresses that aren't in use? Maybe that's not a problem? On Tue, Apr 27, 2010 at 8:47 PM, Jason 'XenoPhage' Frisvold wrote: > On Apr 27, 2010, at 8:42 PM, Mark Andrews wrote: >> Windows will just

Re: [Re: http://tools.ietf.org/search/draft-hain-ipv6-ulac-01]

Moreover, the general point stands that Mark's problem is one of bad ISP decisions, not anything different between IPv4/RFC1918 and IPv6. On Sun, Apr 25, 2010 at 11:48 AM, Owen DeLong wrote: > > On Apr 25, 2010, at 8:17 AM, Tony Hoyle wrote: > >> -BEGIN PGP SIGNED MESSAGE- >> Hash: SHA1

Re: [Re: http://tools.ietf.org/search/draft-hain-ipv6-ulac-01]

Isn't "global addresses you can take with you when you change providers" kind of the definition of Provider Independent address space? If you want to keep the same addresses when you change providers, you just need to get a PI allocation. --Richard On Wed, Apr 21, 2010 at 5:47 PM, Mark Smith wro

Re: [Fwd: [members-discuss] [ncc-announce] RIPE NCC Position On The ITU IPv6 Group]

Actually, it's 31,800 CHF == 30,170 USD. Plus, you have to get the approval of your local government even to submit an application. On Wed, Mar 31, 2010 at 6:15 PM, Owen DeLong wrote: > > On Mar 31, 2010, at 12:18 PM, David Conrad wrote: > >> On M

Re: Posting from freebie E-mail Accounts

+1 On Wed, Mar 31, 2010 at 12:00 AM, jim deleskie wrote: > I'm betting more then a few of use free mail accts to keep this > separate from our work mail.  If your really having that much issue, > config your mail server to drop it yourself or unsub > > Seriously > > -jim   yes posted from

Re: [Fwd: [members-discuss] [ncc-announce] RIPE NCC Position On The ITU IPv6 Group]

There were a few representatives of the Internet community at the meeting. All five RIRs were represented, as was ISOC. The notable absence was ICANN. Of course, this sample is by no means representative of the entire community, but it's more than "None." On Tue, Mar 30, 2010 at 7:50 PM, Mart

Re: [members-discuss] Re: RIPE NCC Position On The ITU IPv6 Group (fwd)

>> Care to explain what that could possibly be? (I simply don't see an >> upside to making it easy to censor the internet by national identity). > > Maintenance of "GeoIP"-databases becomes easier and less error-prone ? > > Possible less out of date because of it. > > We've seen complaints about th

Re: Email Portability Approved by Knesset Committee

Dude, think to the future -- /128s! On Mon, Feb 22, 2010 at 3:03 PM, Hank Nussbacher wrote: > On Mon, 22 Feb 2010, Dorn Hetzel wrote: > >> I am sure the various carriers faced with the onset of Local Number >> Portability and WLNP in this part of the world would have been happy to >> escape with

Re: Comcast IPv6 Trials

What I've heard is that the driver is IPv4 exhaustion: Comcast is starting to have enough subscribers that it can't address them all out of 10/8 -- ~millions of subscribers, each with >1 IP address (e.g., for user data / control of the cable box). On Thu, Jan 28, 2010 at 12:55 AM, Kevin Oberman

Re: Countries with the most botnets

Team Cymru seems to put out a lot of information in their newsletters about where bots are, e.g. this article about the locations of botnet controllers: On Wed, Jan 27, 2010 at 6:07 PM, Steven Bellovin wrote: > A

Re: 1/8 and 27/8 allocated to APNIC

Would it make sense for the RIRs to just carve out the bad parts of the blocks, instead of IANA? Under current policy, would reserving "bad" bits make it more difficult for an RIR to get additional allocations? --Richard On Fri, Jan 22, 2010 at 11:56 AM, Leo Vegoda wrote: > On 22 Jan 2010, at 8:

Re: 1/8 and 27/8 allocated to APNIC

To echo and earlier post, what's the operational importance of assigning adjacent /8s? Are you hoping to aggregate them into a /7? --Richard On Fri, Jan 22, 2010 at 10:16 AM, William Allen Simpson wrote: > Nick Hilliard wrote: >> >> On 22/01/2010 13:54, William Allen Simpson wrote: >>> >>> Why n

Re: New netblock Geolocate wrong (Google)

Just to be fair here, I appreciate that there's some additional complexity here (not much -- I implemented a client for this yesterday in ~80 lines of Javascript), but LOC records don't cover everything. They're fine for stationary stuff, but not so great for anything that moves with any frequency

Re: New netblock Geolocate wrong (Google)

>> Something that I have often wondered is how folks would feel about >> publishing some sort of geo information in reverse DNS (something like >> LOC records, with whatever precision you like) -- this would allow the >> folks that geo stuff to automagically provide the best answer, and >> because