Hey!
New message, please read <http://hollyberry.xxx/seemed.php?rhu0>
Skywing
Hey!
New message, please read <http://zoomincinema.in/effect.php?i>
Skywing
(Apologies for the top-post.)
I've been experiencing the same. Seems like their geolocation data is busted
(since last morning at least), if I had to take a guess.
- S
-Original Message-
From: Wil Schultz
Sent: Thursday, March 03, 2011 7:25
To: NANOG Operators Group
Subject: Interest
- S
-Original Message-
From: John Jason Brzozowski
Sent: Tuesday, August 31, 2010 5:57
To: Pekka Savola
Cc: NANOG
Subject: Re: UPDATED - Comcast enables 6to4 relays
On 8/31/10 7:36 AM, "Pekka Savola" wrote:
> On Tue, 31 Aug 2010, John Jason Brzozowski wrote:
>> Enabled two more 6t
or when I initiate offsite backups.
I've seen ISPs that react to just traffic bursts. It's not the way to go
without more intelligent decision making on the content (i.e. SMTP, all SYNs,
etc). Of course, content inspection is a whole 'nother hornet's nest :)
- S
-Original Message
What's to stop spammers from doing this to cycle through blocks in
rapid-fashion?
This proposal seems easily abusable to me.
- S
From: Peter Beckman [beck...@angryox.com]
Sent: Tuesday, September 08, 2009 10:04 PM
To: Tom Pipes
Cc: nanog@nanog.org
Subject
And how many of them also have a "cable/DSL wireless router" thingie plugged
into the wall in between?
(Sure, you can unplug it -- if you know to do that, without being able to phone
anyone to be told to do so...)
- S
-Original Message-
From: Marshall Eubanks
Sent: Friday, August 28,
Of course, as long as an adversary in your packet path can force a seamless
downgrade (e.g. to plain DNS or plain non-TLS SMTP), the hard security benefit
is nowhere near as great as it's sometimes purported to be. And this is a
problem that we'll be stuck living with for a very long time as fa
That is, of course, assuming that SCTP implementations someday clean up their
act a bit. I'm not so sure I'd suggest that they're really ready for "prime
time" at this point.
- S
-Original Message-
From: Douglas Otis
Sent: Wednesday, August 05, 2009 11:13
To: John Levine
Cc: nanog@na
Hmm... doesn't that kind of defeat the point of using Twitter instead of your
own infrastructure to begin with, aside from adding another (Posterous) single
point of failure for all your communication mechanisms?
Perhaps it is not so important for snow days vs. outage situations, but it
seems t
Firewalling based on a static port number is now DPI?
- S
-Original Message-
From: Warren Bailey
Sent: Tuesday, May 19, 2009 16:25
To: gmcl...@xilogix.net ; polar.hum...@gmail.com
Cc: nanog@nanog.org
Subject: Re: MX problems
Or...
His provider is using dpi to drop packets destined
You are brave indeed to trust your packets over the air without a VPN or tunnel
of some sort.
While it sounds like Sprint is doing something, for lack of a better word,
lame, you would be well advised to not trust your packets to the built-in cell
encryption (obfuscation).
- S
-Original M
Yes, similar happens to me all the time with both Windows Server 2008 and Vista
with respect to 802.11 putting two interfaces on the same subnet (and LAN
segment). I typically am never the wiser until I notice that a SMB connection
had gone over to 802.11 first, because that associated before t
I seem to recall that Mailstreet/MXlogic firewalls off (not rejects at SMTP
level) any AS listed in UCEProtect, at least of about a year or so ago.
- S
-Original Message-
From: Suresh Ramasubramanian
Sent: Thursday, May 07, 2009 22:25
To: Raleigh Apple
Cc: nanog@nanog.org
Subject: Re:
While we're at dealing with mailing list issues, can the mailing list be fixed
to include a Sender: header with messages, so that Sender ID implementations
don't get unhappy about every single message going through the list?
This came up about half a year ago and seems to have fallen by the ways
: Friday, April 24, 2009 13:39
To: Skywing
Cc: Jo Rhett ; Joe Greco ;
bmann...@vacation.karoshi.com ; nanog@nanog.org
Subject: Re: Important New Requirement for IPv4 Requests
> From: Skywing
> Date: Fri, 24 Apr 2009 10:55:07 -0500
>
> Of course, sftp and other ssh-based protocol
Of course, sftp and other ssh-based protocols are *still* hamstrung to a
maximum of 32k data outstanding due to hardcoded SSH channel window sizes by
default for most people, unless you're patching up both your clients and
servers.
Sadly, this blows ssh out of the water for anything with even m
Apologies for continuing this thread, but --
I don't understand this preoccupation with "early warning" systems on access to
said manhole. What's the point?
There are two possibilities here:
1) Someone goes down there and breaks something. You *already* know when this
happens, because of you
Verizon filters unsolicited inbound traffic for their EVDO customers in my
experience.
- S
-Original Message-
From: Roland Dobbins
Sent: Thursday, April 09, 2009 09:32
To: NANOG list
Subject: Re: Do we still need Gi Firewall for 3G/UMTS/HSPA network ?
On Apr 9, 2009, at 11:48 PM, Lee
Actually, I can't remember the last cable/DSL ISP that I had seen solicit
offers for service that didn't offer some level of free bundled AV.
Most conventional AV software is oriented towards checking files for "badness"
before the access is allowed, which doesn't really apply to the ms08-067
i
Except for the fact that it's actually not so uncommon for "clients" to act as
servers some of the time. Things have long ago left the days of clients were
only clients and have since moved on to a muddier state of affairs.
- S
-Original Message-
From: Brandon Galbraith [mailto:brando
Of course, whomever hosts such a service becomes an attractive DoS target
themselves if it were ever to gain real traction in the field. There is also
the "reverse-DoS" issue of an innocent party getting into the feed if anyone
can peer with it.
- S
-Original Message-
From: Nuno Vieir
I think that you've got a bit of a logic fault here. You seem to be assuming
that because you can't find any external any sign of Verizon preparing for
IPv6, that they're definitely not doing so.
Maybe they are, maybe they aren't (your -guess- is as good as mine), but that
process is not neces
For better or worse, Verizon hands out globally routable addresses for
smartphones. (Certainly, the one I've got has one.) They seem to come from
the same pool as data card links.
Note that I suspect that there's a nontrivial number of folk that are used to
using some not quite really NAT fri
If you get an address reservation from a registry, then you could certainly use
that space in a way that doesn't entail globally-reachable routing. In fact,
IIRC one of the RFCs explicitly mentions this possibility in the event that
overlapping private use address space usage makes interconnect
Any "security" provided (I must assume that you speak of fraud prevention
services) is the probablistic sort, of reducing, for example, aggregate (and
not specific) losses.
– S
-Original Message-
From: Greg Skinner
Sent: Sunday, January 04, 2009 15:52
To: Martin Hannigan
Cc: nanog@nan
er
Sent: Saturday, January 03, 2009 08:23
To: Skywing
Cc: Steven M. Bellovin ; NANOG
Subject: Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
> Then again, I just got yet another Debian DSA mail which has
> plaintext download links for new binaries. The in
it: PGP-signed md5sums.
We still have a long way to go. :)
– S
-Original Message-
From: Steven M. Bellovin
Sent: Friday, January 02, 2009 15:07
To: Skywing
Cc: Deepak Jain ; NANOG
Subject: Re: Security team successfully cracks SSL using 200 PS3's and MD5 flaw.
On Fri, 2 Jan 20
Of course, md5 *used* to be good crypto.
– S
-Original Message-
From: Steven M. Bellovin
Sent: Friday, January 02, 2009 14:46
To: Deepak Jain
Cc: NANOG
Subject: Re: Security team successfully cracks SSL using 200 PS3's and MD5
flaw.
On Fri, 2 Jan 2009 16:13:45 -0500
Deepak Jain
For IE and other things using CryptoAPI on Windows, this should be handled
through the automagic root certificate update through Windows Update (if one
hasn't disabled it), AFAIK.
The question is really whether that mechanism requires a cert rooted at a
Microsoft authority or not. The danger b
Of course, in much of the US, "vote with your feet" on residential ISP service
might as well be as realistic advice as "pack up and move to a different city".
[Perhaps not in the OP's case, though, if they are fortunate. Which it seems
like they might be.]
- S
-Original Message-
From
I find those speech recognition menus quite annoying. American Airlines has
one that's just not good enough over a lower bitrate cell voice link in a
crowded situation when you're trying to determine what's the deal with
cancelled flights or whatnot along with everyone else in the plane. Alway
The 5GB/month cutoff would be a bit of a damper there...
– S
-Original Message-
From: Tomas L. Byrnes
Sent: Wednesday, December 24, 2008 12:58
To: Matthew Black ; chaim.rie...@gmail.com
; Jay Hennigan
Cc: nanog@nanog.org
Subject: RE: What to do when your ISP off-shores tech support
Snarky replies aside, it might be interesting to hear if there are any real
examples of this being done intentionally and not out of not knowing better or
otherwise configuration error. For example, Tomas Byrnes's suggestion re:
hijacking; although, I suspect that in that case, he's speaking of
I am sure that there are foolish people doing foolish things somewhere on the
Internet. But perhaps Joe had knowledge of a specific example && possibly
"reasoning" from said example as to why they were using a broken configuration
as that?
– S
-Original Message-
From: Nathan Ward
Sen
McColo hosted the command and control servers for spam botnets and didn't
originate spam directly, at least primarily, according to my understanding.
- S
-Original Message-
From: Peter Serwe [mailto:[EMAIL PROTECTED]
Sent: Friday, December 05, 2008 3:49 PM
To: nanog@nanog.org
Subject: R
Mobiles are usually (much) cheaper than a landline in such places. Inbound
calls are usually free too, so they are becoming quite common (relatively),
even in underdeveloped areas, at least according to my understanding.
- S
-Original Message-
From: David Cantrell [mailto:[EMAIL PROTEC
No POTS line here. New office is all VoIP, too. For my own use, though, I'm
sticking with cell. Don't recall the last time that there was an outage to the
point where I couldn't make a voice call in the past few years (though I've
seen EVDO data go down for my region and have had to fall back
Yes, that's correct as far as I know -- though you might not be able to receive
a return call from the dispatcher.
- S
-Original Message-
From: Church, Charles [mailto:[EMAIL PROTECTED]
Sent: Thursday, December 04, 2008 9:44 AM
To: Russell J. Lahti
Cc: nanog@nanog.org
Subject: RE: Telec
The problem is return path ICMP time exceeded from intermediate hops, and not
the response from the final destination.
– S
-Original Message-
From: Andre Gironda <[EMAIL PROTECTED]>
Sent: Wednesday, December 03, 2008 16:35
To: nanog@nanog.org
Subject: Re: Recommendation of Tools
On We
Why not just return NXDOMAIN if you are going to all of that trouble and be
guaranteed that it'll work for standards-compliant caching resolvers? I don't
see what would be available to gain by adding this extra complexity, and
there's certainly a (much) lesser guarantee, or so I would tend to b
I don't think you want to do that. It has been done in Germany, and there's
been, for example, a chilling effect on legitimate security research that just
makes *everyone* worse off. Precisely in that case because, as you noted, dual
use tools exist - and as you made note as an unpleasant poss
Actually, I seem to recall some postings to the list stating that many of the
popular bittorrent clients already do IPv6 if available. So that would seem to
be a good recipe for allowing P2P users to prioritize ahead of regular traffic.
- S
-Original Message-
From: Niall Donegan [mailt
The person responsible already posted about this about 4 hours ago, BTW;
further speculation is obsolete. :)
- S
-Original Message-
From: Owen DeLong [mailto:[EMAIL PROTECTED]
Sent: Tuesday, October 07, 2008 9:11 PM
To: Christopher LILJENSTOLPE
Cc: nanog@nanog.org
Subject: Re: OK, who's
Maybe, but I suspect that it is more complex than that.
Most of the real environmental costs are still externalized in today's day and
age.
- S
-Original Message-
From: Deepak Jain <[EMAIL PROTECTED]>
Sent: Wednesday, October 01, 2008 15:08
To: Patrick W. Gilmore <[EMAIL PROTECTED]>
Cc:
Putting things in the automated bogon feeds (e.g. Team Cymru) that are not
strictly bogons (unallocated addresses) is likely to very quickly erode trust
in those services, if that is what you are suggesting.
- S
-Original Message-
From: Lamar Owen <[EMAIL PROTECTED]>
Sent: Wednesday, Se
It is only a good audit trail if the audit log can be trusted, though. Given
how "secure" things like faxes are, well, that's a thing for another day, I
suppose.
Very few things out there in today's interconnected world really provide "hard"
security, instead of security theatre/CYA/minor dete
-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Friday, September 12, 2008 3:50 PM
To: Andrew Fried
Cc: Skywing; Kevin Oberman; [EMAIL PROTECTED]
Subject: Re: community real-time BGP hijack notification service
On Fri, 12 Sep 2008, Andrew Fried wrote:
> Mail being what it is today, test
It might be useful to have an option to generate an example alert mail for
purposes of setting up necessary mail processing rules and that sort. Just a
thought.
- S
-Original Message-
From: Gadi Evron [mailto:[EMAIL PROTECTED]
Sent: Friday, September 12, 2008 3:13 PM
To: Kevin Oberman
Intercepting port 25 traffic of your customers (as an ISP), redirecting it to
your own servers, and allowing the connection to complete sounds like a pretty
slippery slope of badness to me.
Sure, you should be using TLS anyway, but slurping up port 25 traffic begs the
question of what is happen
I respectfully disagree that it's nonsense. You can shut off your Gopher
server, because, for some set of "nobody" that you care about, nobody uses
Gopher anymore.
There are several basic ways for an old protocol to get replaced:
- Nobody has a use for it any more, for a sufficient level of "n
"Easy upgrade" to PKI after the fact might as well be a misnomer. In
particular, there will likely be no way to ensure that nobody uses the old
system instead of the new, spiffy and "secure"-ified system. This means that
support for the old, "insecure" system must be kept around indefinitely
Then again, it does make Team Cymru an attractive target for DoS or even
compromise if they can control routing policy to a degree for a large number of
disparate networks. Especially if it gets in the way of for-profit spammers.
(Not trying to knock them, just providing a for consideration. I
If you don't mind OpenDNS proxying all your Google searches, sure. <
http://blog.metasploit.com/2008/07/on-dns-attacks-in-wild-and-journalistic.html
>
Personally, I would never use OpenDNS. Tactics like that are not particularly
acceptable in my book, well-meaning or not. Not, however, tryin
Bookmarks or favorites or whatever your browser of choice wishes to call them,
for the https URLs. That, or remember to type in the https:// prefix.
- S
-Original Message-
From: Patrick W. Gilmore [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 23, 2008 11:01 PM
To: [EMAIL PROTECTED]
Su
I think the problem that was being raised here was that past the DATA phase, if
one recipient is going to receive the message and another is going to reject
it, you have lost the ability to communicate this back to the sender (at least
without an NDR). Thus the problem of mails disappearing int
It's 10 half-open (SYN_SENT) outbound TCP connections as I recall.
- S
-Original Message-
From: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Sent: Monday, June 16, 2008 12:26
To: Glen Turner <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Subject: Re: Best utilizing fat long pipes
That's somewhat ironic of a sentiment you referred to there, given that the
conception that one should have to hand over one's SSN for "verification" to
anyone who asks for it is the kind of thing that many of these
spammers/phishers thrive on in the first place...
(I assume that you are not ac
58 matches
Mail list logo
