can you find the fatal flaw?
[ hint: how does an isp in phnom penh validate my route? ]
randy
--- Begin Message ---
Our records indicate that you have requested and received access to
ARIN's RPKI Pilot. ARIN is preparing to release our production RPKI
hosted solution in mid to late September of
I was wondering if there is a repository with references of prefix
hijack cases.
We would like to use such information for a BGP anomaly detection
analysis that we are carrying out in our research centre.
Unfortunately, apart from the well known cases (Youtube-Pakistan case in
2008 and the China
On 09/04/2012 03:52 PM, Michael Thomas wrote:
On 09/04/2012 09:34 AM, Daniel Taylor wrote:
If you are sending direct SMTP on behalf of your domain from
essentially random locations, how are we supposed to pick you out
from spammers that do the same?
Use DKIM.
You say that like it's a lower
On Sep 4, 2012, at 11:45 PM, Suresh Ramasubramanian wrote:
>
> So - now with ipv6 you're going to see "hi, my toto highly
> computerized toilet is trying to make outbound port 25 connections to
> gmail"
>
> http://www.telecoms.com/48734/vodafone-and-ibm-team-up-on-connected-home-appliances/
>
On 09/05/12 05:56 , Daniel Taylor wrote:
>> Use DKIM.
> You say that like it's a lower bar than setting up a fixed SMTP server
> and using that.
> Besides, doesn't DKIM break on mailing lists?
Not only that, but a majority of spam I receive lately has a valid DKIM
signature. They are adaptive, li
On Wed, Sep 05, 2012 at 07:50:12AM -0700, Henry Stryker wrote:
> Not only that, but a majority of spam I receive lately has a valid DKIM
> signature. They are adaptive, like cockroaches.
This is why tcp port 25 filtering is totally effective and will remain so
forever. Definitely worth breaking
On 09/05/2012 05:56 AM, Daniel Taylor wrote:
On 09/04/2012 03:52 PM, Michael Thomas wrote:
On 09/04/2012 09:34 AM, Daniel Taylor wrote:
If you are sending direct SMTP on behalf of your domain from essentially random
locations, how are we supposed to pick you out from spammers that do the same
>Just for kicks, I tried using a .0.0/16 and .255.255/16 adress for stuff
>in IOS (configured it as loopback and tried to establish bgp sessions
>etc), that didn't work so well. I don't remember exactly what the problem
>was, but I did indeed run into problems.
LU-CIX uses .255 and .0 for their r
On Wed, Sep 5, 2012 at 11:11 AM, Izaac wrote:
> On Wed, Sep 05, 2012 at 07:50:12AM -0700, Henry Stryker wrote:
> > Not only that, but a majority of spam I receive lately has a valid DKIM
> > signature. They are adaptive, like cockroaches.
>
> This is why tcp port 25 filtering is totally effectiv
On Sep 5, 2012, at 11:11, Izaac wrote:
> This is why tcp port 25 filtering is totally effective and will remain so
> forever. Definitely worth breaking basic function principles of a
> global communications network over which trillions of dollars of commerce
> occur.
Two things to note:
1. Rest
On Sep 5, 2012, at 11:46, Greg Ihnen wrote:
> But as someone pointed out further back on this thread people who want to
> have their mail servers available to people who are on the other side of
> port 25 filtering just use the alternate ports. So then what does filtering
> port 25 accomplish?
Th
On 09/05/2012 07:50 AM, Henry Stryker wrote:
Not only that, but a majority of spam I receive lately has a valid DKIM signature. They are adaptive, like cockroaches.
The "I" part of DKIM is "Identified". That's all it promises. It's a
feature, not a bug, that spammers use it.
Mike
On 09/05/2012 08:49 AM, Sean Harlow wrote:
2. The reason port 25 blocks remain effective is that there really isn't a
bypass.
In the Maginot Line sense, manifestly.
Mike
On 9/5/12 3:26 AM, "Randy Bush" wrote:
>can you find the fatal flaw?
>
>[ hint: how does an isp in phnom penh validate my route? ]
>
>randy
Hi Randy
Your question is a bit cryptic. Could you be more specific about your
concern?
Thanks,
Mark
Anyone on the list from Tata that can help address a Tata Equinix
Ashburn issue?
--
Morgan A. Miskell
CaroNet Data Centers
704-643-8330 x206
The information contained in this e-mail is confidential and is intended
only fo
I think Randy meant to imply that requiring anyone that wants to
actually use the RPKI to make a legal agreement with ARIN might not be
the best way to encourage deployment.
On Wed, Sep 5, 2012 at 2:56 PM, Mark Kosters wrote:
> On 9/5/12 3:26 AM, "Randy Bush" wrote:
>
>>can you find the fatal f
On 09/05/12 09:13 , Michael Thomas wrote:
> The "I" part of DKIM is "Identified". That's all it promises. It's a
> feature, not a bug, that spammers use it.
Which is why DKIM does not really address any concerns. The spammers
have reduced its value.
I am retired now, but do run my own mail serve
On Wed, Sep 5, 2012 at 3:05 PM, Richard Barnes wrote:
> I think Randy meant to imply that requiring anyone that wants to
> actually use the RPKI to make a legal agreement with ARIN might not be
define 'use'...
o 'stick their objects into the repo' sure a contract sounds good
o 'access the re
On Wed, Sep 5, 2012 at 7:24 PM, Christopher Morrow
wrote:
.
> a closer (by me) reading of:
> " In order to access the
> production RPKI TAL, you will first have to agree to ARIN's Relying
> Party Agreement before the TAL will be emailed to you. To request the
> TAL after the production release
On 09/05/2012 10:19 AM, Michael Thomas wrote:
On 09/05/2012 05:56 AM, Daniel Taylor wrote:
On 09/04/2012 03:52 PM, Michael Thomas wrote:
On 09/04/2012 09:34 AM, Daniel Taylor wrote:
If you are sending direct SMTP on behalf of your domain from
essentially random locations, how are we supposed
On 09/05/2012 12:50 PM, Daniel Taylor wrote:
On 09/05/2012 10:19 AM, Michael Thomas wrote:
On 09/05/2012 05:56 AM, Daniel Taylor wrote:
On 09/04/2012 03:52 PM, Michael Thomas wrote:
On 09/04/2012 09:34 AM, Daniel Taylor wrote:
If you are sending direct SMTP on behalf of your domain from ess
On 09/05/2012 03:01 PM, Michael Thomas wrote:
On 09/05/2012 12:50 PM, Daniel Taylor wrote:
On 09/05/2012 10:19 AM, Michael Thomas wrote:
On 09/05/2012 05:56 AM, Daniel Taylor wrote:
On 09/04/2012 03:52 PM, Michael Thomas wrote:
On 09/04/2012 09:34 AM, Daniel Taylor wrote:
If you are sendin
On Wed, Sep 05, 2012 at 11:46:34AM -0400, Greg Ihnen wrote:
> On Wed, Sep 5, 2012 at 11:11 AM, Izaac wrote:
> > On Wed, Sep 05, 2012 at 07:50:12AM -0700, Henry Stryker wrote:
> > > signature. They are adaptive, like cockroaches.
> >
> > This is why tcp port 25 filtering is totally effective and w
On Sep 5, 2012, at 3:32 PM, Gary Buhrmaster wrote:
>
> My interpretation was what Randy implied, and that ARIN
> wants an agreement with everyone who gets a (presumably
> unique to the agreement) TAL to protect ARIN. That would
> seem like a lot of overhead to maintain to me (since as I recall
>
Izaac commented:
#I suspect your ISP is also stripping tags. Let's try it out
#again:
#
# You can tell that tcp port 25 filtering is a highly effective spam
# mitigation technique because spam levels have declined in direct
# proportion to their level of deployment. Today, we barely see
On Tue, Sep 04, 2012 at 03:45:32PM -0400, William Herrin wrote:
> That's what firewalls *are for* Jay. They intentionally break
> end-to-end for communications classified by the network owner as
> undesirable. Whether a particular firewall employs NAT or not is
> largely beside the point here. Eith
>> [ hint: how does an isp in phnom penh validate my route? ]
> Your question is a bit cryptic.
moi? :)
> Could you be more specific about your concern?
essentially, as the rirs have resisted iana being the root ta, the arin
tal is necessary for anyone to validate anything which dependa on the
On Sep 5, 2012, at 5:12 PM, Izaac wrote:
>
>Since tcp25 filtering has been so successful, we should deploy
> filters for everything except tcp80 and tcp443 and maaaybe tcp21 --
> but NAT already does so much to enhance the user experience there
> already. And what with ISP customers us
Hi All,
If there is an Akamai peering tech around could they contact me
off-list regarding a BGP session which has been bouncing for a while.
Cheers,
Kris
On Wed, Sep 5, 2012 at 5:12 PM, Izaac wrote:
> I suspect your ISP is also stripping tags. Let's try it out
> again:
>
>You can tell that tcp port 25 filtering is a highly effective spam
>mitigation technique because spam levels have declined in direct
>proportion to their level of de
In article <5047a2ea.8010...@hup.org> you write:
>On 09/05/12 09:13 , Michael Thomas wrote:
>> The "I" part of DKIM is "Identified". That's all it promises. It's a
>> feature, not a bug, that spammers use it.
>
>Which is why DKIM does not really address any concerns. The spammers
>have reduced its
>Well, if you've got proper forward and reverse DNS, and your portable
>SMTP server identifies itself properly, and you are using networks that
>don't filter outbound port 25, AND you have DKIM configured correctly
>and aren't using it for a situation for which it is inappropriate, then
>you'll
On 05 Sep 2012 23:07:07 -, "John Levine" said:
> Not really. Large mail system like Gmail and Yahoo have a pretty good
> map of the IPv4 address space. If you're sending from a residential
> DSL or cable modem range, they'll likely reject any mail you send
> directly no matter what you do.
W
On 9/4/12, Jay Ashworth wrote:
> It is regularly alleged, on this mailing list, that NAT is bad *because it
> violates the end-to-end principle of the Internet*, where each host is a
> full-fledged host, able to connect to any other host to perform
> transactions.
Both true. and NAT inherently br
On Sep 5, 2012, at 19:07, John Levine wrote:
> Not really. Large mail system like Gmail and Yahoo have a pretty good
> map of the IPv4 address space. If you're sending from a residential
> DSL or cable modem range, they'll likely reject any mail you send
> directly no matter what you do.
While
On 9/5/12, Sean Harlow wrote:
> While I've clearly been on the side of "don't expect this to work", "why do
> you have your laptop set up like that?", and defending the default-blocking
> behavior on outbound, this is not true at least for Gmail. I have a test
> Asterisk box which I've been real
Jimmy Hess wrote:
> NAT would fall under design flaw, because it breaks end-to-end
> connectivity, such that there is no longer an administrative choice
> that can be made to restore it (other than redesign with NAT
> removed).
The end to end transparency can be restored easily, if an
administra
On Thu, 06 Sep 2012 13:08:29 +0900, Masataka Ohta said:
> The end to end transparency can be restored easily, if an
> administrator wishes so, with UPnP capable NAT and modified
> host transport layer.
How does the *second* host behind the NAT that wants to use
global port 7719 do it?
pgpgNE8JD
(2012/09/06 13:15), valdis.kletni...@vt.edu wrote:
> On Thu, 06 Sep 2012 13:08:29 +0900, Masataka Ohta said:
>
>> The end to end transparency can be restored easily, if an
>> administrator wishes so, with UPnP capable NAT and modified
>> host transport layer.
>
> How does the *second* host behind
On Sep 5, 2012, at 21:08 , Masataka Ohta
wrote:
> Jimmy Hess wrote:
>
>> NAT would fall under design flaw, because it breaks end-to-end
>> connectivity, such that there is no longer an administrative choice
>> that can be made to restore it (other than redesign with NAT
>> removed).
>
> The
On Wed, Sep 5, 2012 at 9:39 PM, Owen DeLong wrote:
>
> On Sep 5, 2012, at 21:08 , Masataka Ohta
> wrote:
>
>> Jimmy Hess wrote:
>>
>>> NAT would fall under design flaw, because it breaks end-to-end
>>> connectivity, such that there is no longer an administrative choice
>>> that can be made to re
Owen DeLong wrote:
>> then, if transport layer of the host is modified to perform
>> reverse translation (information for the translation can be
>> obtained through UPnP):
>>
>> (local IP, global port) <-> (global IP, global port)
>>
>> Now, NAT is transparent to application layer.
> Never m
Subject: Re: The End-To-End Internet (was Re: Blocking MX query) Date: Wed, Sep
05, 2012 at 06:56:36PM -0400 Quoting William Herrin (b...@herrin.us):
> Thing is, spam levels *are* down a good 20% in the last couple years,
> that being about the time ISPs began doing this. More, 20% *is* in
> rou
43 matches
Mail list logo
