Re: BGP next-hop self benefits

I'd like to add that one major advantage is limiting next-hops, thus labels in your network. This is not just theoretical concern but there are plenty of practical networks using practical hardware where you simply cannot expose all next-hops to every node. On 1 December 2017 at 17:30, Ken Chase

RE: Suggestions for a more privacy conscious email provider

As an anecdotal aside, approx. 70% of incoming portscanners/rdp bots/ssh bots/etc that hit the firewalls at my sites are coming from AWS. I used to send abuse emails but eventually gave up after receiving nothing beyond "well, aws ip's are dynamic/shared so we can't help you" -Original Mess

Re: BGP next-hop self benefits

Hi For the MPLS L3VPN the answer is that the next hop attribute needs to be an address from the default VRF and if the peering is happening in a VRF context, there is no address from the default VRF you could use as next hop other than self. This can be rather inconvenient as there are advan

RE: Suggestions for a more privacy conscious email provider

On Monday, 4 December, 2017 04:20, Edwin Pers wrote: >As an anecdotal aside, approx. 70% of incoming portscanners/rdp >bots/ssh bots/etc that hit the firewalls at my sites are coming from >AWS. >I used to send abuse emails but eventually gave up after receiving >nothing beyond "well, aws ip's ar

RE: Alternatives to ISE?

Ray, I'm running 2.2 with 17000 endpoints in a 7 node deployment. Main Problems: -Replication slow or failed -Displaying endpoints ends up in a "Shards" error or crashes the GUI (documented Cisco bug) -Wifi Container Service (?) fails -Inaccurate license counts causing license alarms -Moments

Re: Suggestions for a more privacy conscious email provider

On Mon, Dec 04, 2017 at 11:19:56AM +, Edwin Pers wrote: > As an anecdotal aside, approx. 70% of incoming portscanners/rdp bots/ssh > bots/etc that hit the firewalls at my sites are coming from AWS. Similar observations here. I have found it useful to attempt to enumerate their network allocat

Re: Suggestions for a more privacy conscious email provider

Hi Jean, I appreciate your response. I was considering purchasing a Raspberry Pi and setting up my own mail server on it. Would it be capable of running a personal mail server? I am on the Linux Kernel mailing list which receives around 300 emails a day. Will I also need a static IP address in o

Re: Suggestions for a more privacy conscious email provider

Hi Filip I appreciate the response! Do you host the mail server with a third party provider (e.g Rackspace)  or do you have an 'in-house' solution. If you're able to elaborate more on your setup, I would love to read more about it. I am considering purchasing a Raspberry Pi and hosting my own, as

Contact info, AS4766 Korea Telecom

Hi, is there anyone from Korea Telecom on this list ? Trying to contact anyone in NOC, it seems that they blacklisted our complete AS (198252) and they are not responding to e-mail. Our customer support is overwhelmed with complaints about non reachable servers hosted in their network. Any

RE: Suggestions for a more privacy conscious email provider

You will also need your internet provider to setup reverse DNS for you, otherwise many mail servers may reject your mail if the reverse DNS does not match the hostname of the mail server. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org] On Behalf Of Michael S. Singh Sen

Re: Suggestions for a more privacy conscious email provider

On Sun, 03 Dec 2017 09:48:02 -0800, "Michael S. Singh" said: > I am on the Linux Kernel mailing list which receives around 300 emails a day. If you're only getting 300 a day, your mail infrastructure is severely broken. As I write this, I've gotten 2,151 mails from linux-kernel so far this month,

Re: Suggestions for a more privacy conscious email provider

On 12/03/2017 10:48 AM, Michael S. Singh wrote: I was considering purchasing a Raspberry Pi and setting up my own mail server on it. Would it be capable of running a personal mail server? I am on the Linux Kernel mailing list which receives around 300 emails a day. Is a Raspberry Pi capable of

Re: Suggestions for a more privacy conscious email provider

AWS is probably the biggest cloud provider in the world. Of course the majority of junk is going to be coming from their network, simply because they are that big. Hovever, I really wanted to see what the bot statistics for my mail server were so I scanned my `Postfix` and `secure` log files f

Re: 100G - Whitebox

In terms of 1G - 10G steps, it looks like UCSC has done some of that homework already. https://people.ucsc.edu/~warner/Bufs/summary "Ability to buffer 6 Mbytes is sufficient for a 10 Gb/s sender and a 1 Gb/s receiver." I'd suspect 10x would be appropriate for 100G - 10G (certainly made mor

Re: 100G - Whitebox

Mike, Whether it becomes a practical problem depends on the use case and by that I mean buffers can cut both ways. If buffers are too small, traffic can be dropped and even worse, other traffic could be affected depending on factors like ASIC design an HOLB. Too large, latency or order sensitive

Small full BGP table capable router with low power consumption

Hi, I'm looking for suggestions on 1U-2U sized router with 1G interface which can handle both IPv4 and IPv6 full BGP table and doesn't consume too much power. The router needs to be squeezed in to a rack which doesn't have a lot of space nor power. As for space, maybe I can make spac

Re: Small full BGP table capable router with low power consumption

The Edgerouter Pro 8 meets all your specs. It's 1U, has eight GigE ports, including two SFP/combo ports, can take full IPv4 and IPv6 tables, and only consumes 40 watts (about half an amp at 120V). About $300. https://www.ubnt.com/edgemax/edgerouter-pro/ -mel beckman > On Dec 4, 2017, at 12:46

Re: Suggestions for a more privacy conscious email provider

In article <37613d30-ae69-9140-5d88-7596857ce...@wadadli.me> you write: >I am considering purchasing a Raspberry Pi and hosting my own, as it >seems worth the experience. However does it require that I have my own >DNS server and a static IP address in order to connect to the mail >server from anyw

Re: Small full BGP table capable router with low power consumption

On Mon, Dec 4, 2017 at 2:19 PM, Adam Lawson wrote: > The router needs to be squeezed in to a rack which doesn't > have a lot of space nor power. As for space, maybe I can make > space for 3U or 4U but as for power, I can only do around > 1.5A@100V on average. (There is room for burst power usage.)

RE: Small full BGP table capable router with low power consumption

Watch the memory requirements on a full Internet table in the Cisco 2900 series. More current model would be the Cisco 4300 - 4400 ISR series. They have 2/4/8/16 gigs of memory. Power consumption MAX ranges from 0.6A to 3.0A depending on model. Higher models have more throughput and more int

Re: Suggestions for a more privacy conscious email provider

On 12/04/2017 02:24 PM, John Levine wrote: From your point of view, it's a linux box you can ssh into and manage the same way you'd manage linux on a small physical machine. In my naive opinion, there are some subtle differences with where "the linux box you can ssh into" resides. Namely, when

Re: Small full BGP table capable router with low power consumption

Hey Adam, Review also: Nokia IXR-R6 (not IXR-6) Huawei NE20E-S2E On 4 December 2017 at 21:19, Adam Lawson wrote: > Hi, > > > > I'm looking for suggestions on 1U-2U sized router with 1G interface > > which can handle both IPv4 and IPv6 full BGP table and doesn't consume > > too much power. > >

RE: Small full BGP table capable router with low power consumption

On Mon, 4 Dec 2017, Naslund, Steve wrote: FWIW ... OpenBSD on a lanner appliance with openbgpd will chew 1G. Especially on the latest version - 6.2. Debian on the same lanner running bird would also chew that as well. -Original Message- From: NANOG [mailto:nanog-boun...@nanog.org]

Re: Suggestions for a more privacy conscious email provider

On Mon, 04 Dec 2017 15:06:07 -0700, Grant Taylor via NANOG said: > Namely, when I ran my server at home, it took a search warrant to > legally enter my house to access the server, which I would be > immediately made aware of. I'll just remind everybody that if this is a serious component of your t

Re: Suggestions for a more privacy conscious email provider

On 12/04/2017 04:06 PM, Grant Taylor via NANOG wrote: In my naive opinion, there are some subtle differences with where "the linux box you can ssh into" resides. Namely, when I ran my server at home, it took a search warrant to legally enter my house to access the server, which I would be imm

Re: Suggestions for a more privacy conscious email provider

On Dec 4, 2017, at 4:20 PM, valdis.kletni...@vt.edu wrote: > I'll just remind everybody that if this is a serious component of your threat > model, you probably need to have gotten in touch with some serious > professionals to help set everything up, because it's going to have more > little > got

Re: Suggestions for a more privacy conscious email provider

On Dec 4, 2017, at 4:42 PM, Andy Brezinsky wrote: > If you're really worried about this, separate your mail storage from the mail > transport. Run an inbound and outbound smarthost on your $5 VPS to queue up > mail and deliver it back to your house where your long term mail is stored. > This

Re: Suggestions for a more privacy conscious email provider

On Mon, 04 Dec 2017 16:41:55 -0600, Brad Knowles said: > > (Those 6 of you who *are* serious professionals at this can ignore = > that advice :) > > Do I count? I only accused the Director of the NSA of High Treason in > my letter to the editors of the Communications of the ACM (see >

Re: Suggestions for a more privacy conscious email provider

I'm not personally really worried about this. - I was just calling out that it is a difference. For others that do care. ;-) On 12/04/2017 03:42 PM, Andy Brezinsky wrote: If you're really worried about this, separate your mail storage from the mail transport.  Run an inbound and outbound sm

Re: Suggestions for a more privacy conscious email provider

On Dec 4, 2017, at 4:51 PM, valdis.kletni...@vt.edu wrote: >> Do I count? I only accused the Director of the NSA of High Treason in >> my letter to the editors of the Communications of the ACM (see >> ). > > Treason fail. What declared enemy of

Re: Suggestions for a more privacy conscious email provider

On 12/04/2017 03:47 PM, Brad Knowles wrote: The concept is sound, but attempting to use your $5 VPS as your outbound mail relay is only going to end in pain and tears -- your VPS cannot have or build a good enough reputation to get reliable delivery to the big mail providers. You need to use a

RE: Suggestions for a more privacy conscious email provider

There are all kinds of factual issues with the arguments in the referenced document. 1. During Desert Storm I personally sent hundreds of STU-IIIs to the sandbox. They didn't go in diplomatic pouches, they went as Air Force cargo like everything else. The State Department did not have to "sm

Re: Suggestions for a more privacy conscious email provider

On Mon, Dec 04, 2017 at 05:59:30PM +, Filip Hruska wrote: > AWS is probably the biggest cloud provider in the world. Of course the > majority of junk is going to be coming from their network, > simply because they are that big. This is incorrect reasoning. Because they're the biggest cloud pr

Re: Suggestions for a more privacy conscious email provider

On Sun, Dec 03, 2017 at 09:48:02AM -0800, Michael S. Singh wrote: > Will I also need a static IP address in order to connect to the server > from anywhere in the world? Yes. And it will need to be located in an allocation that's known to be static, i.e., a single static address in the midst of a

Akamai contact

Can one of the Akamai (non salesy) guys ping me off list please. Security related. -- =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ J. Oquendo SGFA, SGFE, C|EH, CNDA, CHFI, OSCP, CPT, RWSP, GREM "Where ignorance is our master, there is no possibility of real peace" - Dalai Lama 0

Re: Suggestions for a more privacy conscious email provider

> On Dec 4, 2017, at 6:34 PM, Rich Kulawiec wrote: > > ---rsk > > [1] I don't expect them, or anyone else, to catch everything all the > time. There are always unpleasant surprises. But there is absolutely > no excuse for systemic, chronic abuse, for failure to accept abuse > reports, for fa

Re: Suggestions for a more privacy conscious email provider

In article you write: >On 12/04/2017 02:24 PM, John Levine wrote: >> From your point of view, it's a linux box you can ssh into and manage >> the same way you'd manage linux on a small physical machine. >Namely, when I ran my server at home, it took a search warrant to >legally enter my house

Re: Suggestions for a more privacy conscious email provider

> On Dec 4, 2017, at 3:19 AM, Edwin Pers wrote: > > As an anecdotal aside, approx. 70% of incoming portscanners/rdp bots/ssh > bots/etc that hit the firewalls at my sites are coming from AWS. > I used to send abuse emails but eventually gave up after receiving nothing > beyond "well, aws ip's

Re: Suggestions for a more privacy conscious email provider

On 12/04/2017 06:46 PM, John Levine wrote: Your life appears to be much more exciting than the rest of ours. I've been running mail servers in various places including my house for the past 30 years, with no attention from law enforcement at all. I believe my comment "it took a search warrant"

Re: Suggestions for a more privacy conscious email provider

In article <0f7a39b9-efee-54d6-d449-081c7825c...@spamtrap.tnetconsulting.net> you write: >I was meaning to imply that I believe it would be more difficult to >access the server at my house than at a co-lo / hosting facility. Depends on the hosting facility. My server is in a locked room that us

Re: Suggestions for a more privacy conscious email provider

On Dec 4, 2017, at 5:22 PM, Naslund, Steve wrote: > There are all kinds of factual issues with the arguments in the referenced > document. > > 1. During Desert Storm I personally sent hundreds of STU-IIIs to the > sandbox. They didn't go in diplomatic pouches, they went as Air Force cargo >

Re: Suggestions for a more privacy conscious email provider

On 12/04/2017 02:06 PM, Grant Taylor via NANOG wrote: Namely, when I ran my server at home, it took a search warrant to legally enter my house to access the server, which I would be immediately made aware of.  I can't say the same with the same degree of certainty for a server located in a co-l

Re: Suggestions for a more privacy conscious email provider

On 12/04/2017 06:47 PM, Lyndon Nerenberg wrote: Last week we found out that Helpscout sends email from AWS servers. Thank you, Helpscout, for forcing me to lift the AWS blocks on my incoming MTAs, that were cutting down my incoming spam scanning load by a factor of two. At least. If I may m

Re: Suggestions for a more privacy conscious email provider

You can cut down significantly on SPAM by simply dropping any email with a gtld which didn't exist prior to 2001. Give it a try! On Dec 4, 2017 22:57, "Stephen Satchell" wrote: > On 12/04/2017 06:47 PM, Lyndon Nerenberg wrote: > >> Last week we found out that Helpscout sends email from AWS serve