Fw: new message

Hey! New message, please read <http://wbank.info/company.php?bc> Steven Bellovin

Fw: new message

Hey! New message, please read <http://maaike.info/could.php?b> Steven Bellovin

Fw: new message

Hey! New message, please read <http://bambooco.ru/ladies.php?5al> Steven Bellovin

Fw: new message

Hey! New message, please read <http://baldrfilm.nl/mind.php?5f3> Steven Bellovin

Re: Filter-based routing table management (was: Re: minimum IPv6 announcement size)

On Sep 26, 2013, at 11:07 AM, John Curran wrote: > On Sep 26, 2013, at 4:52 AM, bmann...@vacation.karoshi.com wrote: > >> sounds just like folks in 1985, talking about IPv4... > > If there were ever were a need for an market/settlement model, it is with > respect > to routing table slots. h

Practical effects of DNSSEC deployment

There was an interesting paper at Usenix Security on the effects of deploying DNSSEC; see https://www.usenix.org/conference/usenixsecurity13/measuring-practical-impact-dnssec-deployment . The difference in geographical impact was quite striking. --Steve Bellovin, https://www.cs

IPMI vulnerabilities

http://www.wired.com/threatlevel/2013/07/ipmi/ Capsule summary: watch out! --Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: skype shoots self in foot

On Apr 26, 2013, at 3:24 AM, Randy Bush wrote: >>> until widespread availability of webrtc, a bunch of us are using >>> jitsi for video, https://jitsi.org/ >> And last I tried it, it kept segfaulting on something dumb ;) > > try the nightlies > I'm trying the latest two nightlies -- two annoy

Re: RFC 1149

On Apr 2, 2013, at 9:16 PM, Jay Ashworth wrote: > - Original Message - >> From: "Steven Bellovin" > >> DLT? I first heard it as a station wagon full of (9-track, 1600 bpi, >> that having been the state of the art) mag tapes on the Taconic Parkway

Re: RFC 1149

DLT? I first heard it as a station wagon full of (9-track, 1600 bpi, that having been the state of the art) mag tapes on the Taconic Parkway, circa 1970. I suspect, though, that Herman Hollerith expressed the idea about a stage coach full of punchcards, back in the 1880s. On Apr 2, 2013, at 3:

Re: Line cut in Mediterranean?

The BBC has a similar story: http://www.bbc.co.uk/news/world-middle-east-21963100 On Mar 27, 2013, at 6:41 PM, Neil J. McRae wrote: > Via renesys > > http://www.washingtonpost.com/world/middle_east/egypt-naval-forces-capture-3-scuba-divers-trying-to-sabotage-undersea-internet-cable/2013/03/27/

Re: What are y'all doing for CALEA compliance?

On Mar 15, 2013, at 9:38 AM, Ben Bartsch wrote: > Is there actually any teeth to the law? Find a real lawyer and show her/him http://www.law.cornell.edu/uscode/text/18/2522 --Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: internet in the box

On Mar 8, 2013, at 2:30 PM, Philip Lavine wrote: > Has anybody set up a Cellular front end (LTE or 3G) access to the Internet > and a WiFi backend supporting 150 devices. > I need to provide temporary Internet access (7 days) to a convention center > room that is about 2000 square feet. > Stoo

Re: NYT covers China cyberthreat

On Feb 20, 2013, at 9:07 PM, Steven Bellovin wrote: > > On Feb 20, 2013, at 1:33 PM, valdis.kletni...@vt.edu wrote: > >> On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said: >>> boys and girls, all the cyber-capable countries are cyber-culpable. you >>> can b

Re: NYT covers China cyberthreat

On Feb 20, 2013, at 1:33 PM, valdis.kletni...@vt.edu wrote: > On Wed, 20 Feb 2013 15:39:42 +0900, Randy Bush said: >> boys and girls, all the cyber-capable countries are cyber-culpable. you >> can bet that they are all snooping and attacking eachother, the united >> states no less than the rest.

Re: Network security on multiple levels (was Re: NYT covers China cyberthreat)

On Feb 20, 2013, at 3:20 PM, Jack Bates wrote: > On 2/20/2013 1:05 PM, Jon Lewis wrote: >> >> See thread: nanog impossible circuit >> >> Even your leased lines can have packets copied off or injected into them, >> apparently so easily it can be done by accident. >> > > This is especially tr

Re: OOB core router connectivity wish list

On Jan 9, 2013, at 1:18 PM, Leo Bicknell wrote: > In a message written on Wed, Jan 09, 2013 at 06:39:28PM +0100, Mikael > Abrahamsson wrote: >> IPMI is exactly what we're going for. > > For Vendors that use a "PC" motherboard, IPMI would probably not be > difficult at all! :) > > I think IPMI

Re: Gmail and SSL

On Jan 3, 2013, at 3:52 PM, Matthias Leisi wrote: > On Thu, Jan 3, 2013 at 4:59 AM, Damian Menscher wrote: > > >> While I'm writing, I'll also point out that the Diginotar hack which came >> up in this discussion as an example of why CAs can't be trusted was >> discovered due to a feature of

Re: Gmail and SSL

On Jan 2, 2013, at 8:25 PM, Seth David Schoen wrote: > Steven Bellovin writes: > >> The only Chrome browser I have lying around right now is on a Nexus 7 tablet; >> I don't see any way to list the pinned certs from the browser. There is a >> list at http://ww

Re: Gmail and SSL

On Jan 2, 2013, at 7:15 PM, Randy Bush wrote: >> Do you run Cert Patrol (a Firefox extension) in your browser? > > yes, but my main browser is chrome (ff does poorly with nine windows and > 60+ tabs). there is some sort of pinning, or at least discussion of it. > but it is not clear what is ac

Re: Gmail and SSL

On Jan 2, 2013, at 7:53 AM, valdis.kletni...@vt.edu wrote: > On Sun, 30 Dec 2012 19:25:04 -0600, Jimmy Hess said: > >> I would say those claiming certificates from a public CA provide no >> assurance of authentication of server identity greater than that of a >> self-signed one would have the bu

Re: F-ckin Leap Seconds, how do they work?

On Jul 5, 2012, at 10:49 48AM, Peter Lothberg wrote: >>> On one of my BSD boxes. /usr/src/share/zoneinfo/leapseconds, I see no >>> "-" >> No, but they're allowed; see Figure 9 of RFC 5905: > > Steve, > > I commented that it was stated that we where doing both positive and > negative correction

Re: F-ckin Leap Seconds, how do they work?

On Jul 3, 2012, at 5:06 PM, Peter Lothberg wrote: > > > On one of my BSD boxes. /usr/src/share/zoneinfo/leapseconds, I see no > "-" No, but they're allowed; see Figure 9 of RFC 5905: LI Leap Indicator (leap): 2-bit integer warning of an impending leap second to be inserted or deleted i

Re: FYI Netflix is down

On Jul 2, 2012, at 3:43 PM, Greg D. Moore wrote: > At 03:08 PM 7/2/2012, George Herbert wrote: > > If folks have not read it, I would suggest reading Normal Accidents by > Charles Perrow. Strong second to that suggestion. --Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: F-ckin Leap Seconds, how do they work?

On Jul 2, 2012, at 11:47 AM, AP NANOG wrote: > Do you happen to know all the kernels and versions affected by this? > > See http://landslidecoding.blogspot.com/2012/07/linuxs-leap-second-deadlocks.html --Steve Bellovin, https://www.cs.columbia.edu/~smb

Re: Protocols for Testing Intrusion Detection?

On May 14, 2012, at 7:52 PM, Bill Stewart wrote: > > - Is there any application that can actually set the RFC3514 Evil Bit? Code was added to FreeBSD to set it (though I think the commit was later reverted); see the change logs at https://www.cs.columbia.edu/~smb/3514.html --St

Re: Host scanning in IPv6 Networks

Also see https://www.cs.columbia.edu/~smb/papers/v6worms.pdf (Worm propagation strategies in an IPv6 Internet. ;login:, pages 70-76, February 2006.) On Apr 20, 2012, at 3:08 50AM, Fernando Gont wrote: > FYI > > Original Message > Subject: IPv6 host scanning in IPv6 > Date: Fri

Re: Most energy efficient (home) setup

On Apr 19, 2012, at 6:31 43PM, Douglas Otis wrote: > On 4/18/12 8:09 PM, Steven Bellovin wrote: >> >> On Apr 18, 2012, at 5:55 32PM, Douglas Otis wrote: >> > Dear Jeroen, >> > >> > In the work that led up to RFC3309, many of the errors found on the &

Re: Most energy efficient (home) setup

On Apr 18, 2012, at 5:55 32PM, Douglas Otis wrote: > On 4/18/12 12:35 PM, Jeroen van Aart wrote: >> Laurent GUERBY wrote: >> > Do you have reference to recent papers with experimental data about >> > non ECC memory errors? It should be fairly easy to do >> Maybe this provides some information: >>

Re: BBC reports Kenya fiber break

On Feb 29, 2012, at 11:17 17AM, Marshall Eubanks wrote: > On Wed, Feb 29, 2012 at 10:08 AM, Justin M. Streiner > wrote: >> On Wed, 29 Feb 2012, Rodrick Brown wrote: >> >>> There's about 1/2 a dozen or so known private and government research >>> facilities on Antarctica and I'm surprised to see

Re: do not filter your customers

On Feb 24, 2012, at 2:26 14PM, Danny McPherson wrote: > > On Feb 24, 2012, at 1:10 PM, Steven Bellovin wrote: > >> But just because we can't solve the whole problem, does that >> mean we shouldn't solve any of it? > > Nope, we most certainly should deco

Re: do not filter your customers

On Feb 24, 2012, at 7:46 40AM, Danny McPherson wrote: > > On Feb 23, 2012, at 10:42 PM, Randy Bush wrote: > >> the problem is that you have yet to rigorously define it and how to >> unambiguously and rigorously detect it. lack of that will prevent >> anyone from helping you prevent it. > > Yo

Re: Common operational misconceptions

On Feb 20, 2012, at 10:27 PM, Masataka Ohta wrote: > Steven Bellovin wrote: > >>> Timer timeouts do not affect TCP MSS. > >> RFC 2923: >> TCP should notice that the connection is timing out. After >> several timeouts, TCP should attempt to se

Re: Common operational misconceptions

> > >> The timer for Linux is 5 minute by default but you can change it. > > Timer timeouts do not affect TCP MSS. > RFC 2923: TCP should notice that the connection is timing out. After several timeouts, TCP should attempt to send smaller packets, perhaps turning off the DF

Re: public scalable vpn?

On Feb 18, 2012, at 6:51 PM, George Bonser wrote: >> academics in ontario are gonna need a scalable vpn service until they >> find jobs elsewhere. >> >> http://www.cautbulletin.ca/en_article.asp?SectionID=1386&SectionName=Ne >> ws&VolID=336&VolumeName=No%202&VolumeStartDate=2/10/2012&EditionID=3

Re: Dear RIPE: Please don't encourage phishing

> > > Oh, and 'i' and 'l' need to be banned as well, because a san-serif uppercase I > looks a lot like a san-serif lowercase l. (In fact, in the font I'm currently > using, > the two are pixel-identical). > > I don't see anybody calling for the banning of 'i' and 'l' in domain names > due to

Re: Dear RIPE: Please don't encourage phishing

On Feb 10, 2012, at 12:37 01PM, Leo Bicknell wrote: > In a message written on Fri, Feb 10, 2012 at 09:29:30AM -0800, Randy Bush > wrote: >> more and more these days, i have taken to not clicking the update messages, >> but going to the web site manyually to get it. >> >> wy to much phishin

Re: Dear RIPE: Please don't encourage phishing

On Feb 10, 2012, at 12:29 30PM, Randy Bush wrote: >> So because of phishing, nobody should send messages with URLs in them? > > more and more these days, i have taken to not clicking the update messages, > but going to the web site manyually to get it. Yup -- I wrote about that a while back (

Re: Dear RIPE: Please don't encourage phishing

If they're intended as a path to log in with a typed password, that's correct. Sad, but correct. On Feb 10, 2012, at 12:18 PM, Richard Barnes wrote: > So because of phishing, nobody should send messages with URLs in them? > > > > On Fri, Feb 10, 2012 at 8:56 AM, Ste

Dear RIPE: Please don't encourage phishing

I received the enclosed note, apparently from RIPE (and the headers check out). Why are you sending messages with clickable objects that I'm supposed to use to change my password? --- From: ripe_dbannou...@ripe.net Subject: Advisory notice on passwords in the RIPE Database Date: February 9, 2

Re: LAw Enforcement Contact

On Jan 23, 2012, at 2:46 AM, Chris wrote: > The appropriately named SS mainly deals with counterfeit currency, > widespread ID theft (See also: Ryan1918) and threats to the President. Actually, they have statutory authority to deal with computer crime, too; see http://www.secretservice.gov/crimi

Re: Megaupload.com seized

On Jan 21, 2012, at 8:00 PM, Jay Ashworth wrote: > - Original Message - >> From: "Lyle Giese" > >> Not that I would not be a bit miffed if personal files disappeared, but >> that's one of the risks associated with using a cloud service for file >> storage. It could have been a fire, a v

Re: Megaupload.com seized

> If megaupload's corporate email was siezed to provide due diligence in > such a prosecution - it would quite probably not constitute private > mail > > On Fri, Jan 20, 2012 at 8:49 AM, Steven Bellovin wrote: >> >> >>The Megaupload case is unusual, sa

Re: Megaupload.com seized

On Jan 19, 2012, at 10:07 PM, Suresh Ramasubramanian wrote: > I would agree. They've dotted every i and crossed every t here. > > This will inevitably be followed by a prosecution of some sort and/or > there's also scope for Megaupload to sue the USG for restitution. > > It'll be interesting t

Re: Megaupload.com seized

On Jan 19, 2012, at 6:44 PM, ja...@smithwaysecurity.com wrote: > You guys serous, when did the order come in to sezie the domain? http://arstechnica.com/tech-policy/news/2012/01/why-the-feds-smashed-megaupload.ars has a good analysis; also see http://online.wsj.com/article_email/SB100014240529

Re: DNS Attacks

On Jan 18, 2012, at 10:41 30AM, Christopher Morrow wrote: > On Wed, Jan 18, 2012 at 10:05 AM, Nick Hilliard wrote: >> On 18/01/2012 14:18, Leigh Porter wrote: >>> Yeah like I say, it wasn't my idea to put DNS behind firewalls. As long >>> as it is not *my* firewalls I really don't care what they

Re: question regarding US requirements for journaling public email (possible legislation?)

On Jan 5, 2012, at 11:05 37PM, Suresh Ramasubramanian wrote: > There's no shortage of stuff that reaches you 80..90 days after the fact > > The UK voluntary retention rules make a lot more sense, compared to "a > few days", which is entirely impractical > > On Fri, Jan 6, 2012 at 9:30 AM, wro

Re: question regarding US requirements for journaling public email (possible legislation?)

On Jan 5, 2012, at 2:16 PM, Fred Baker wrote: > > On Jan 5, 2012, at 10:42 AM, William Herrin wrote: > >> On Thu, Jan 5, 2012 at 10:56 AM, Eric J Esslinger >> wrote: >>> His response was there is legislation being pushed in both >>> House and Senate that would require journalling for 2 or 5 >

Re: AD and enforced password policies

On Jan 3, 2012, at 8:09 19AM, Greg Ihnen wrote: > > On Jan 3, 2012, at 4:14 AM, Måns Nilsson wrote: > >> Subject: RE: AD and enforced password policies Date: Mon, Jan 02, 2012 at >> 11:15:08PM + Quoting Blake T. Pfankuch (bl...@pfankuch.me): >> >>> However I would say 365 day expiration i

Re: AD and enforced password policies

On Jan 2, 2012, at 9:10 PM, Lyndon Nerenberg wrote: >> I just went through some calculations for a (government) site that has the >> following rules: > [...] >> Under the plausible assumption that very many people will start with a string >> of digits, continue with a string of lower-case letters

Re: AD and enforced password policies

On Jan 2, 2012, at 7:05 PM, Gary Buhrmaster wrote: > On Mon, Jan 2, 2012 at 22:32, Jimmy Hess wrote: > >> The sole root cause for "easily guessable passwords" is not lack of >> technical restrictions. It's also: lazy or limited memory humans who need >> passwords that they can remember.

Re: Does anybody out there use Authentication Header (AH)?

ons to deal with. This time there is some > support for it .. > > Jack > > On Mon, Jan 2, 2012 at 7:20 AM, Steven Bellovin wrote: >> >> On Jan 1, 2012, at 8:34 PM, TR Shaw wrote: >> >>> John, >>> >>> Unlike AH, ESP in transport mode does no

Re: Does anybody out there use Authentication Header (AH)?

On Jan 1, 2012, at 8:34 PM, TR Shaw wrote: > John, > > Unlike AH, ESP in transport mode does not provide integrity and > authentication for the entire IP packet. However, in Tunnel Mode, where the > entire original IP packet is encapsulated with a new packet header added, > ESP protection

Re: Misconceptions, was: IPv6 RA vs DHCPv6 - The chosen one?

On Dec 29, 2011, at 5:30 16PM, Masataka Ohta wrote: > valdis.kletni...@vt.edu wrote: > >>> IGP snooping is not necessary if the host have only one next >>> hop router. > >> You don't need an IGP either at that point, no matter what some paper from >> years ago tries to assert. :) > > IGP is th

Re: IPv6 RA vs DHCPv6 - The chosen one?

On Dec 26, 2011, at 1:23 46PM, Mark Radabaugh wrote: > On 12/26/11 12:56 PM, valdis.kletni...@vt.edu wrote: >> On Mon, 26 Dec 2011 12:32:46 EST, Ray Soucy said: >>> 2011/12/26 Masataka Ohta: And, if RA is obsoleted, which is a point of discussion, there is no reason to keep so bloated N

Re: what if...?

On Dec 22, 2011, at 7:04 PM, Jeroen van Aart wrote: > Marshall Eubanks wrote: >> Does your Mom call you up every time she gets a dialog box complaining >> about an invalid certificate ? >> If she has been conditioned just to click "OK" when that happens, then >> she probably can't. > > Everyone

Re: Traceroute explanation

using Windows, I have no idea what's available. On Dec 7, 2011, at 2:56 16PM, Meftah Tayeb wrote: > please tel me how to ? > i don't know astraceroute:) > > - Original Message - From: "Steven Bellovin" > To: "Meftah Tayeb" > Cc: "Fr

Re: Traceroute explanation

On Dec 7, 2011, at 2:51 08PM, Meftah Tayeb wrote: > big thank for that > but, i am testing that for one day :) Can you do an AStraceroute or manually translate those addresses into AS#s? That is, might level3 and tinet be using multiple AS#s, in which case this isn't unreasonable? > >

Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmapwith malware!]

On Dec 6, 2011, at 12:34 31PM, William Allen Simpson wrote: > On 12/6/11 12:00 PM, Eric Tykwinski wrote: >> Maybe it's just me, but I would think that simply getting them listed on >> stopbadware.org and other similar sites would probably have much more of an >> effect. >> The bad publicity can c

Re: [fyo...@insecure.org: C|Net Download.Com is now bundling Nmap with malware!]

> > > F*ck them! If anyone knows a great copyright attorney in the U.S., > please send me the details or ask them to get in touch with me. Hmm -- did you say "copyright"? I wonder what would happen if you sent them a DMCA takedown notice. To quote Salvor Hardin, "It's a poor atom blaster th

Re: IPv6 prefixes longer then /64: are they possible in DOCSIS networks?

On Nov 28, 2011, at 4:51 52PM, Owen DeLong wrote: > > On Nov 28, 2011, at 7:29 AM, Ray Soucy wrote: > >> It's a good practice to reserve a 64-bit prefix for each network. >> That's a good general rule. For point to point or link networks you >> can use something as small as a 126-bit prefix (w

Re: First real-world SCADA attack in US

On Nov 22, 2011, at 8:08 58PM, Steven Bellovin wrote: > > On Nov 22, 2011, at 7:51 59PM, valdis.kletni...@vt.edu wrote: > >> On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said: >> >>>> http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alle

Re: First real-world SCADA attack in US

On Nov 22, 2011, at 7:51 59PM, valdis.kletni...@vt.edu wrote: > On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said: > >>> http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html > >> And "In addition, DHS and FBI have concluded that there was no malicious >> traffic

Re: First real-world SCADA attack in US

On Nov 21, 2011, at 4:30 PM, Mark Radabaugh wrote: >> >> > Probably nowhere near that sophisticated. More like somebody owned the PC > running Windows 98 being used as an operator interface to the control system. > Then they started poking buttons on the pretty screen. > > Somewhere there

Re: airgap / negligent homicide charge

Here's a quote from a famous court case (T.J. Hooper) on liability and industry standards: Indeed in most cases reasonable prudence is in face common prudence; but strictly it is never its measure; a whole calling may have unduly lagged in the adoption of new and available devices. It

Re: using IPv6 address block across multiple locations

On Oct 31, 2011, at 12:30 49PM, Joel jaeggli wrote: > On 10/31/11 03:43 , Jeroen Massar wrote: >> On 2011-10-31 08:56 , Dmitry Cherkasov wrote: >>> Hello, >>> >>> Please advice what is the best practice to use IPv6 address block >>> across distributed locations. >> >> You go to multiple RIRs an

Re: 13 years ago today - October 16, 1998...

On Oct 15, 2011, at 11:20 58PM, Jay Ashworth wrote: > - Original Message - >> From: "Rodney Joffe" > >> Subject: 13 years ago today - October 16, 1998... >> we lost Jon. >> >> It feels like just yesterday. >> >> http://www.apps.ietf.org/rfc/rfc2468.html > > My path didn't cross Jon's

Re: East Coast Earthquake 8-23-2011

On Aug 24, 2011, at 9:44 20AM, Patrick W. Gilmore wrote: > On Aug 24, 2011, at 8:55 AM, JC Dill wrote: >> On 23/08/11 3:13 PM, William Herrin wrote: >>> A. Our structures aren't built to seismic zone standards. Our >>> construction workers aren't familiar with*how* to build to seismic >>> zone

Re: How long is your rack?

On Aug 15, 2011, at 10:12 21AM, Randy Bush wrote: >> I've always wondered if the next cisco/juniper 0 day will be delivered >> via a set of exploits delivered via a link posted to NANOG. :) Maybe >> I'll do a talk at DEFCON next year about that. > > more likely a 'shortened' url. how anyone can

Re: NANOGers home data centers - What's in your closet?

On Aug 12, 2011, at 10:17 39PM, Joe Greco wrote: >> What nobody wired their abode with fiber ? >> >> Am i the only one here > > I ran a bunch of fiber from the telco rack to the server rack to reduce > the risk of damage to expensive servers ... it's likely to be > meaningless but it is just a

Re: NANOGers home data centers - What's in your closet?

> The holy grail I'm searching for now? A GigE switch with POE, > unmanaged is ok, and probably preferred from a price perspective; > but with NO FAN. I can't help with the POE part. I have a 16-port D-Link DGS-1016D -- GigE, no fan, unmanaged. --Steve Bellovin, http://www.cs.c

Re: Comcast Bussiness Class and GRE Tunnels

On Jul 26, 2011, at 11:07 37AM, Nate Burke wrote: > Hello, I'm hoping that someone here might have run into a similar issue and > might be able to offer me some pointers. > > I have a customer that I am providing redundant paths to, one link over a > microwave connection, and a backup link ove

Re: Strange TCP connection behavior 2.0 RC2 (+3)

On Jun 29, 2011, at 8:59 49AM, Ryan Malayter wrote: > > > On Jun 28, 3:35 pm, Cameron Byrne wrote: > >> >> AFAIK, Verizon and all the other 4 largest mobile networks in the USA >> have transparent TCP proxies in place. > > Do you have a reference for that information? Neither AT&T nor Spri

Re: Address Assignment Question

On Jun 20, 2011, at 10:22 45PM, John R. Levine wrote: >> All they need -- or, I suspect, need to assert -- is to have >> multiple physical networks. They can claim a production net, a DMZ, >> a management net, a back-end net for their databases, a developer >> net, and no one would question an a

Re: Address Assignment Question

On Jun 20, 2011, at 5:52 27PM, John Levine wrote: >> They have inquired about IPv6 already, but it's only gone so far as >> that. I would gladly give them a /64 and be done with it, but my >> concern is that they are going to want several /64 subnets for the >> same reason and I don't really *th

Re: IPv6 and DNS

On Jun 12, 2011, at 1:46 20PM, Jeff Kell wrote: > On 6/12/2011 11:44 AM, Matthew Palmer wrote: >> I don't believe we were talking about DHCPv6, we were talking about SLAAC. >> And I *still* think it's a better idea for the client to be registering >> itself in DNS; the host knows what domain(s) i

Re: Yup; the Internet is screwed up.

On Jun 11, 2011, at 5:34 10AM, Jeroen van Aart wrote: > Ricardo Ferreira wrote: >> Funny, how in the title refers to the Internet globally when the article is >> specific about the USA. >> I live in europe and we have at home 100Mbps . Mid sized city of 500k >> people. Some ISPs even spread WiFi

Re: IPv6 day fun is beginning!

On Jun 7, 2011, at 7:22 58PM, wrote: > No issues connecting to FB for me on IPv6 (both to www.v6.facebook.com and to > the returned by www.facebook.com now). > > Interesting (perhaps) side note - www.facebook.com has a , but > "facebook.com" does not. > > Google / Youtube records

Re: IT Survey Request: Win an iPad2 or Kindle!

On May 27, 2011, at 10:24 22AM, Michael Holstein wrote: > >> I am a student at UCLA Anderson School of Managment and my MBA field study >> team is working on a research that involves conducting a survey of CIOs, IT >> Managers/Administrators, IT Engineers to understand challenges in managing

Re: Rogers Canada using 7.0.0.0/8 for internal address space

On May 24, 2011, at 9:29 06PM, Jay Ashworth wrote: > - Original Message - >> From: "Jimmy Hess" > >> On Tue, May 24, 2011 at 4:34 PM, wrote: >>> I think those within the organization that deploy those vehicles or >>> are Navy SEALs might sit at different lunch tables than the guys worr

Re: Netflix Is Eating Up More Of North America's Bandwidth Than Any Other Company

It was TBS, in the 1980s: http://web.archive.org/web/19981203103811/www.stargate.com/history.html It used TBS because that was one of the first "superstations", distributed to cable systems nationwide via satellite. On May 24, 2011, at 8:12 31PM, Max wrote: > Was PBS one of the companies you a

Re: Had an idea - looking for a math buff to tell me if it's possiblewith today's technology.

On May 19, 2011, at 9:48 35AM, Jamie Bowden wrote: > I know you're having fun with him, but I think what the original poster > had in mind was more like thinking of a file as just a string of > numbers. Create an equation that generates that string of numbers, send > equation, regenerate string

Re: user-relative names - was:[Re: Yahoo and IPv6]

On May 17, 2011, at 10:30 13PM, Joel Jaeggli wrote: > > On May 17, 2011, at 6:09 PM, Scott Weeks wrote: > >> --- joe...@bogus.com wrote: >> From: Joel Jaeggli >> On May 17, 2011, at 4:30 PM, Scott Brim wrote: >>> On May 17, 2011 6:26 PM, wrote: On Tue, 17 May 2011 15:04:19 PDT, Scott Wee

Re: Had an idea - looking for a math buff to tell me if it's possible with today's technology.

On May 18, 2011, at 4:07 32PM, Landon Stewart wrote: > Lets say you had a file that was 1,000,000,000 characters consisting of > 8,000,000,000bits. What if instead of transferring that file through the > interwebs you transmitted a mathematical equation to tell a computer on the > other end how

Re: 23,000 IP addresses

On May 10, 2011, at 9:53 16PM, Michael Painter wrote: > Deepak Jain wrote: >> For examples, see the RIAA's attempts and more recently the criminal >> investigations of child porn downloads from unsecured access >> points. From what I understand (or wildly guess) is that ISPs with remote >> diag

Re: 23,000 IP addresses

On May 10, 2011, at 3:51 32PM, Michael Holstein wrote: > >> In the US, I believe that CALEA requires you to have those records for 7 >> years. >> > > No, it doesn't (records *of the requests* are required, but no > obligation to create subscriber records exists). > > Even if it did .. academ

Re: 23,000 IP addresses

On May 10, 2011, at 3:02 33PM, Owen DeLong wrote: > > On May 10, 2011, at 11:49 AM, Michael Holstein wrote: > >> >>> In the EU you have Directive 2006/24/EC: >>> >> >> But I'm not, and neither are most of the ISPs in the linked document. >> >> Regards, >> >> Michael Holstein >> Information

Re: 23,000 IP addresses

On May 10, 2011, at 2:10 10PM, Wil Schultz wrote: > On May 10, 2011, at 10:56 AM, Steven Bellovin wrote: > >> >> On May 10, 2011, at 9:07 11AM, Marshall Eubanks wrote: >> >> >> Has anyone converted that file to some useful format like ASCII? You know >

Re: 23,000 IP addresses

On May 10, 2011, at 9:07 11AM, Marshall Eubanks wrote: > A Federal Judge has decided to let the "U.S. Copyright Group" subpoena ISPs > over 23,000 alleged downloads of some > Sylvester Stallone movie I have never heard of; subpoenas are expected to go > out this week. > > I thought that there

Re: How do you put a TV station on the Mbone?

On May 5, 2011, at 1:55 54AM, George Bonser wrote: >>> There is a security aspect to such things, though, as how do you > know >>> the content is from a trusted source? That is the bugaboo with >>> multicast. It needs to be information that isn't going to hurt >> anything >>> if it is bogus. A

Re: How do you put a TV station on the Mbone?

On May 4, 2011, at 3:37 48PM, Jeff Wheeler wrote: > On Wed, May 4, 2011 at 2:22 PM, Scott Helms wrote: >> Local caching is MUCH more efficient than having the same traffic running in >> streams and depending on everyone's PC to try and update in the same time > > This only works, of course, if

Re: VPN over slow Internet connections

On Apr 21, 2011, at 5:28 46PM, Terry Baranski wrote: > On Apr 21, 2011, at 4:20PM, Steven Bellovin wrote: > >> For your application or for the VPN? For the VPN, I *strongly* >> suggest you use UDP, or you're going to get dueling retransmissions >> and spend a lot o

Re: VPN over slow Internet connections

On Apr 21, 2011, at 4:31 32PM, Phil Regnauld wrote: > Steven Bellovin (smb) writes: >> >> I should note: IPsec, being datagram-based, will also work well. PPTP, >> which runs over TCP as far as I know, will suffer all of the ills I just >> outlined. > >

Re: VPN over slow Internet connections

On Apr 21, 2011, at 12:55 32PM, Ben Whorwood wrote: > Dear all, > > Can anyone share any thoughts or experiences for VPN links running over slow > Internet connections, typically 2kB/s - 3kB/s (think 33.6k modem)? > > We are looking into utilising OpenVPN for out-of-office workers who would be

Re: Comcast's 6to4 Relays

On Apr 20, 2011, at 3:50 03PM, Owen DeLong wrote: > > On Apr 20, 2011, at 11:25 AM, Doug Barton wrote: > >> On 04/20/2011 10:54, Brzozowski, John wrote: >>> Doug, >>> >>> I am aware of the drafts you cited earlier, as Mikael mentions below the >>> existence of the same will not result in 6to4

Re: 365x24x7

On Apr 17, 2011, at 11:47 20PM, Frank Bulk wrote: > Timely article on the FAA's involvement with sleep schedules: > http://www.ajc.com/news/air-traffic-controller-scheduling-913244.html > "Union spokesman Doug Church said up to now, 25 percent of > the nation's air traffic controller

Re: 365x24x7 (sleep patterns)

On Apr 15, 2011, at 1:41 26PM, Marshall Eubanks wrote: > > On Apr 15, 2011, at 12:44 PM, Mark Green wrote: > >> >> Suggestion; once on the 'night shift' stay put for at least three months... >> Sleep patterns take time to adjust. Jumping between day and night shifts >> will burn out even t

Re: v6 Avian Carriers?

Dailey wrote: > >> Swallows have MTU issues. >> >> On Fri, Apr 1, 2011 at 8:27 PM, Owen DeLong wrote: >> >> On Apr 1, 2011, at 10:45 AM, Steven Bellovin wrote: >> >> > >> > On Apr 1, 2011, at 8:41 11AM, Sachs, Marcus Hans (Marc) wro

Re: v6 Avian Carriers?

On Apr 1, 2011, at 8:41 11AM, Sachs, Marcus Hans (Marc) wrote: > I was wondering which April 1st this would happen on. Now I know. So if a > v6 carrier swallows a v4 datagram does that count as packet loss or tunneling? > > http://datatracker.ietf.org/doc/rfc6214/ > I was disappointed in t

Re: The state-level attack on the SSL CA security model

On Mar 26, 2011, at 12:21 12AM, Franck Martin wrote: > > > On 3/26/11 15:36 , "Joe Sniderman" wrote: > >> On 03/25/2011 11:12 PM, Steven Bellovin wrote: >>> >>> On Mar 25, 2011, at 12:19 52PM, Akyol, Bora A wrote: >>> >>>

  1   2   3   >