Re: symmetric vs. asymmetric [was: Verizon Policy Statement on Net Neutrality]

On 02/28/2015 08:59 AM, Mike Hammett wrote: 20 years ago was into AOL's prime, so yes they did. Great, let's re-evaluate the system when demand necessitates it. For many systems, it's literally as simple as changing how many channels are allocated to what directions. By that logic, we would

Re: Verizon Policy Statement on Net Neutrality

On 02/28/2015 02:38 PM, Barry Shein wrote: Can we stop the disingenuity? Asymmetric service was introduced to discourage home users from deploying "commercial" services. As were bandwidth caps. Answer: Give them a lot less upload than download bandwidth. That's exactly how I remember why we

Re: Verizon Policy Statement on Net Neutrality

On 02/28/2015 03:14 PM, Clayton Zekelman wrote: You do of course realize that the asymmetry in CATV forward path/return path existed LONG before residential Internet access over cable networks exited? The cable companies didn't want "servers" on residential customers either, and were animate

Re: Verizon Policy Statement on Net Neutrality

On 02/28/2015 03:35 PM, Clayton Zekelman wrote: And for historical reasons. The forward path started at TV channel 2. The return path was shoe horned in to the frequencies below that, which limited the amount of available spectrum for return path. Originally this didn't matter much because

Re: Verizon Policy Statement on Net Neutrality

to compete with pots *and* they wanted to have something that nobody else (= oot) could compete with. The entire exercise was trying to bring the old telco billing model into the cable world, hence all of the DOCSIS QoS, RSVP, etc, etc. Mike On Feb 28, 2015 7:15 PM, "Michael Thomas"

Re: Verizon Policy Statement on Net Neutrality

On 03/01/2015 05:08 AM, Clayton Zekelman wrote: Yes, so when cable modems were introduced to the network, they had to be designed to work on the EXISTING infrastructure which was designed to deliver cable TV. It's not some conspiracy to differentiate higher priced business services - it was a

Re: Verizon Policy Statement on Net Neutrality

On 02/28/2015 06:15 PM, Scott Helms wrote: Michael, You should really learn how DOCSIS systems work. What you're trying to claim it's not only untrue it is that way for very real technical reasons. I'm well aware. I was there. Mike On Feb 28, 2015 6:27 PM, "Micha

Re: Verizon Policy Statement on Net Neutrality

ng at Packetcable at the time? Mike On Mar 1, 2015 10:51 AM, "Michael Thomas" <mailto:m...@mtcc.com>> wrote: On 02/28/2015 06:38 PM, Scott Helms wrote: You're off on this. When PacketCable 1.0 was in development and it's early deployment there

Re: Verizon Policy Statement on Net Neutrality

On 03/01/2015 08:19 AM, Scott Helms wrote: You mean CableLabs? Yes. Mike On Mar 1, 2015 11:11 AM, "Michael Thomas" <mailto:m...@mtcc.com>> wrote: On 03/01/2015 07:55 AM, Scott Helms wrote: Michael, Exactly what are you basing that on? Like I said, none

Re: Verizon Policy Statement on Net Neutrality

On 03/01/2015 08:19 AM, Scott Helms wrote: Michael, Then you understand that having the upstreams and downstreams use the same frequencies, especially in a flexible manner, would require completely redesigning every diplex filter, amplifier, fiber node, and tap filters in the plant. At the

Re: Verizon Policy Statement on Net Neutrality

On 03/02/2015 09:20 AM, Naslund, Steve wrote: Average != Peak. What is peak? There is a question for you. If we get all the way down to the fundamentals of any network, peak is always 100%. There is either a bit on the wire or not. Your network is either 100% busy or 100% idle at any inst

Re: Searching for a quote

Jon Postel. I'm told that it is out of favor these days in protocol-land, from a security standpoint if nothing else. Mike On 3/12/15 5:24 PM, Tom Paseka wrote: Be conservative in what you send, be liberal in what you accept ^http://en.wikipedia.org/wiki/Robustness_principle On Thu, Mar 12, 2

Re: Searching for a quote

On 03/12/2015 11:52 PM, Eygene Ryabinkin wrote: Thu, Mar 12, 2015 at 05:31:54PM -0700, Michael Thomas wrote: Jon Postel. I'm told that it is out of favor these days in protocol-land, from a security standpoint if nothing else. The principle has nothing to do with security: it doesn&#

Re: Rasberry pi - high density

As it turns out, I've been playing around benchmarking things lately using the tried and true UnixBench suite and here are a few numbers that might put this in some perspective: 1) My new Rapsberry pi (4 cores, arm): 406 2) My home i5-like thing (asus 4 cores, 16gb's from last year): 3857 3) AW

Re: Password storage (was Re: gmail security is a joke)

On 05/28/2015 02:29 AM, Robert Kisteleki wrote: Bcrypt or PBKDF2 with random salts per password is really what anyone storing passwords should be using today. Indeed. A while ago I had a brainfart and presented it in a draft: https://tools.ietf.org/html/draft-kistel-encrypted-password-storage-00

Re: West Coast FIOS disconnect

It's still down here in SF. Mike On 05/28/2015 05:51 PM, James Laszko wrote: It's really odd - we seem to have a decent amount of connectivity restored with customers however traceroutes and pings are all failing to sites that are accessible via HTTP/HTTPS.. James -Original Messag

Re: hiring net engs

On 6/6/15 10:34 AM, Randy Bush wrote: nanog as dinosaur food Don't you mean nanog as dinosaur water cooler? Mike

Re: Android (lack of) support for DHCPv6

On 06/09/2015 08:37 PM, Karl Auer wrote: On Tue, 2015-06-09 at 23:09 -0400, valdis.kletni...@vt.edu wrote: How does the device ask for a *second* DHCPv6'ed address for tethering or whatever? RFC 3315 says you just chuck in multiple IA_NA (or IA_TA) options. The server will respond with multiple

Re: Android (lack of) support for DHCPv6

On 06/10/2015 02:36 PM, Doug Barton wrote: It *could*, but Lorenzo actually does have a point when he talks about not wanting to cripple future application development. I'd also like to see a rough outline of an implementation before commenting further. Meanwhile, DHCPv6 + PD solves all of L

Re: Android (lack of) support for DHCPv6

On 06/10/2015 02:51 PM, Paul B. Henson wrote: From: Lorenzo Colitti Sent: Wednesday, June 10, 2015 8:27 AM please do not construe my words on this thread as being Google's position on anything. These messages were sent from my personal email address, and I do not speak for my employer. Can we c

Re: Android (lack of) support for DHCPv6

On 06/10/2015 03:32 PM, George, Wes wrote: From: Ted Hardie mailto:ted.i...@gmail.com>> Date: Wednesday, June 10, 2015 at 6:09 PM To: "George, Wes" mailto:wesley.geo...@twcable.com>> Cc: Doug Barton mailto:do...@dougbarton.us>>, "nanog@nanog.org" mailto:nanog@nanog.org>>

Re: Android (lack of) support for DHCPv6

The thing about this is that I get the impression that there was violent agreement that DHCPv6 with PD would be Good Thing. I think that the disagreement is about single address assignments being a Bad Thing or Good Thing. For Android, it seems that if operators implemented the ability to fetch

Re: huawei

On 06/13/2013 09:31 AM, Saku Ytti wrote: On (2013-06-13 12:22 -0400), Patrick W. Gilmore wrote: Do you think Huawei has a magic ability to transmit data without you noticing? I always found it dubious that public sector can drop them from tender citing publicly about spying, when AFAIK Huawei

Re: huawei

On 06/13/2013 09:35 AM, Patrick W. Gilmore wrote: I am assuming a not-Hauwei-only network. The idea that a router could send things through other routers without someone who is looking for it noticing is ludicrous. ::cough:: steganography ::cough:: Mike

Re: huawei

On 06/13/2013 10:20 AM, Scott Helms wrote: Not really, no one has claimed it's impossible to hide traffic. What is true is that it's not feasible to do so at scale without it becoming obvious. Steganography is great for hiding traffic inside of legitimate traffic between two hosts but if

Re: huawei

On 06/13/2013 05:28 PM, Scott Helms wrote: Bill, Certainly everything you said is correct and at the same time is not useful for the kinds traffic interception that's been implied. 20 packets of random traffic capture is extraordinarily unlikely to contain anything of interest and eve if you do

Re: huawei

On 06/13/2013 06:11 PM, Scott Helms wrote: Not at all Michael, but that is a targeted piece of data and that means a command and control system. I challenge your imagination to come up with a common scenario where a non targeted "I'm/they're here" that's useful to either the company or the

Re: huawei

On 06/13/2013 06:57 PM, Scott Helms wrote: What you're describing is a command and control channel unless you're suggesting that the router itself had the capacity to somehow discern that. That's the problem with all the pixie dust theories. The router can't, it doesn't know who the rebels

Re: huawei

On 06/14/2013 10:51 AM, valdis.kletni...@vt.edu wrote: On Fri, 14 Jun 2013 13:21:09 -0400, Scott Helms said: How? There is truly not that much room in the IP packet to play games and if you're modifying all your traffic this would again be pretty easy to spot. Again, the easiest/cheapest meth

Re: huawei

On 06/14/2013 11:35 AM, Scott Helms wrote: In $random_deployment they have no idea what the topology is and odd behavior is *always *noticed over time. The amount of time it would take to transmit useful information would nearly guarantees someone noticing and the more successful the exploit was t

Re: huawei

On 06/14/2013 05:34 PM, Scott Helms wrote: Is it possible? Yes, but it's not feasible because the data rate would be too low. That's what I'm trying to get across. There are lots things that can be done but many of those are not useful. I could encode communications in fireworks displays, but

Re: huawei

On 06/15/2013 05:13 AM, Rich Kulawiec wrote: First: this is a fascinating discussion. Thank you. Second: On Sat, Jun 15, 2013 at 01:56:34AM -0500, Jimmy Hess wrote: There will be indeed be _plenty_ of ways that a low bit rate channel can do everything the right adversary needs. A few bits fo

Google's QUIC

http://arstechnica.com/information-technology/2013/06/google-making-the-web-faster-with-protocol-that-reduces-round-trips/?comments=1 Sorry if this is a little more on the dev side, and less on the ops side but since it's Google, it will almost certainly affect the ops side eventually. My first

Re: Google's QUIC

repeat it. https://docs.google.com/document/d/1lmL9EF6qKrk7gbazY8bIdvq3Pno2Xj_l_YShP40GLQE/preview?sle=true#heading=h.h3jsxme7rovm Mike On Fri, Jun 28, 2013 at 3:09 PM, Michael Thomas wrote: http://arstechnica.com/information-technology/2013/06/google-making-the-web-faster-with-protocol-that-red

Re: Google's QUIC

On 06/28/2013 02:07 PM, Jay Ashworth wrote: - Original Message - From: "Michael Thomas" My first reaction to this was why not SCTP, but apparently they think Simple Computer Telephony Protocol? Did anyone ever actually implement that? No: http://en.wikipedi

Re: Google's QUIC

On 06/28/2013 02:28 PM, joel jaeggli wrote: On 6/28/13 2:15 PM, Michael Thomas wrote: On 06/28/2013 02:07 PM, Jay Ashworth wrote: - Original Message - From: "Michael Thomas" My first reaction to this was why not SCTP, but apparently they think Simple Computer Telephon

Re: Google's QUIC

On 06/28/2013 09:54 PM, shawn wilson wrote: On Jun 29, 2013 12:23 AM, "Christopher Morrow" wrote: On Fri, Jun 28, 2013 at 10:12 PM, Octavio Alvarez wrote: On Fri, 28 Jun 2013 17:20:21 -0700, Christopher Morrow wrote: "Runs in top of UDP"... "Is not UDP"... If it has protocol set to 17 it

Re: ARIN WHOIS for leads

On 7/26/13 9:54 AM, Alex Rubenstein wrote: Case in point.. And I'm going to name drop, but do not consider this a shame. I have been looking at various filtering technologies, and was looking at Barracudas site. I went on with my day, but noticed that filtering vendors start showing up on random

Re: Super Space Self Storage : At The Heart of what was to become the epicenter of Silicon Valley.

On 07/28/2013 07:20 AM, jamie rishaw wrote: http://www.theatlantic.com/technology/archive/13/07/not-even-silicon-valley-escapes-history/277824/ -j Yeah, that's a fun article. My guess in 20 years the current boom in SF will revert to the wildtype and instead of the Twitter on midmarket the T

Re: Yahoo is now recycling handles

On 09/04/2013 09:17 PM, valdis.kletni...@vt.edu wrote: On Wed, 04 Sep 2013 20:47:40 -0500, Leo Bicknell said: There's still the much more minor point that when I tried to "self serve" I ended up at a blank page on the Yahoo! web site, hopefully they will figure that out as well. I'm continually

Re: The US government has betrayed the Internet. We need to take it back

On 09/06/2013 12:14 PM, Eugen Leitl wrote: On Fri, Sep 06, 2013 at 12:03:56PM -0700, Michael Thomas wrote: On 09/06/2013 11:19 AM, Nicolai wrote: That's true -- it is far easier to subvert email than most other services, and in the case of email we probably need a wholly new protocol.

Re: The US government has betrayed the Internet. We need to take it back

On 09/06/2013 12:52 PM, Nicolai wrote: On Fri, Sep 06, 2013 at 12:03:56PM -0700, Michael Thomas wrote: On 09/06/2013 11:19 AM, Nicolai wrote: That's true -- it is far easier to subvert email than most other services, and in the case of email we probably need a wholly new protocol.

Re: The US government has betrayed the Internet. We need to take it back

On 09/06/2013 11:19 AM, Nicolai wrote: That's true -- it is far easier to subvert email than most other services, and in the case of email we probably need a wholly new protocol. Uh, a first step might be to just turn on [START]TLS. We're not using the tools that have been implemented and depl

Re: Internet Surveillance and Boomerang Routing: A Call for Canadian Network Sovereignty

On 9/8/13 12:58 AM, Randy Bush wrote: Quite frankly, all this chatter about technical 'calls to arms' and whatnot is pointless and distracting (thereby calling into question the motivations behind continued agitation for technical remedies, which clearly won't have any effect whatsoever). cool.

Re: nanog.org website - restored

On 10/7/13 4:24 PM, Andrew Koch wrote: Working with onsite personel to upgrade the server with additional memory failed during the first announced maintenance. Compatible memory was located and tested leading to the second maintenance when it was successfully installed. At this time we have inc

Re: If you're on LinkedIn, and you use a smart phone...

Chris Hartley wrote: Anyone who has access to logs for their email infrastructure ought probably to check for authentications to user accounts from linkedin's servers. Likely, people in your organization are entering their credentials into linkedin to add to their contact list. Is it a problem

Re: If you're on LinkedIn, and you use a smart phone...

Scott Howard wrote: Have you actually confirmed it's NOT opt-in? The screenshots on the Linked-in engineering blog referenced earlier certainly make it look like it is. http://engineering.linkedin.com/sites/default/files/intro_installer_0.png Of course, you could argue there's a difference be

Re: Happy Birthday, ARPANET!

On 10/29/2013 07:51 PM, Jay Ashworth wrote: The Paley Center for Media reminds us that on this day in 1969 at 2230 PST, the first link was turned up between UCLAs Sigma 7 and SRIs 940. OMG: I didn't know that I've actually worked on one of the net's first machines. Though not at the time,

Re: latest Snowden docs show NSA intercepts all Google and Yahoo DC-to-DC traffic

On 11/01/2013 07:18 PM, Mike Lyon wrote: So even if Goog or Yahoo encrypt their data between DCs, what stops the NSA from decrypting that data? Or would it be done simply to make their lives a bit more of a PiTA to get the data they want? My bet is that when the said the were "partially" capa

Re: Caps (was Re: AT&T UVERSE Native IPv6, a HOWTO)

On 12/06/2013 05:54 AM, Mark Radabaugh wrote: I realize most of the NANOG operators are not running end user networks anymore. Real consumption data: Monthly_GBCountPercent <100GB 3658 90% 100-149 368 10% 150-199 173 4.7% 200-249 97 2

Re: NSA able to compromise Cisco, Juniper, Huawei switches

On 12/30/2013 08:03 AM, Dobbins, Roland wrote: On Dec 30, 2013, at 10:44 PM, wrote: What percentage of Cisco gear that supports a CALEA lawful intercept mode is installed in situations where CALEA doesn't apply, and thus there's a high likelyhood that said support is misconfigured and abus

Re: what about 48 bits?

On 04/07/2010 04:18 AM, Joe Greco wrote: To me, this is a Dilbert-class engineering failure. I would imagine that if you could implement a hub on the network card, the same chip(s) would work in an external tin can with a separate power supply. Designing a product that actually exhibits a worse

Re: what about 48 bits?

On 04/07/2010 04:18 AM, Joe Greco wrote: To me, this is a Dilbert-class engineering failure. I would imagine that if you could implement a hub on the network card, the same chip(s) would work in an external tin can with a separate power supply. Designing a product that actually exhibits a worse

Re: Inquiries to Acquire IPs

Schiller, Heather A (HeatherSkanks) wrote: +2 so far here.. Same email, same guy, different netblocks. Spamming for IP's to spam with? $5k payable in faked viagra, no doubt. Mike

Re: IPv4 Exhaustion...

On 07/26/2010 01:30 PM, Ricky Beam wrote: On Fri, 23 Jul 2010 17:43:39 -0400, Lee Howard wrote: RIAA should be IPv6 activists. Right. That's not going to bite them on the ass either... privacy addresses only stick around for ~72hrs. A demand for an address from 3 months back would be impossib

Re: Did Internet Founders Actually Anticipate Paid, Prioritized Traffic?

On 09/13/2010 06:28 AM, Rodrick Brown wrote: Its unrealistic to believe payment for priority access isn't going to happen this model is used for many other outlets today I'm not sure why so many are against it when it comes to net access. Sent from my iPhone 4. On Sep 13, 2010, at 3:22 AM, Ha

Re: Why choose 120 volts?

Peter Dambier wrote:> > Apropos, I remember a frenchman who fed his personal computer 288 Volts DC. Gives a whole new meaning to "French Fries" :) Mike, sorry

Re: Is your ISP blocking outgoing port 25?

Sean Donelan wrote: On Fri, 19 Jun 2009, Jeroen Wunnink wrote: 1. Customers remember it more easily 2. Some ISP's also block 587 (hence 'SMTP ports' rather then 'SMTP port' in my previous comment ;-) Those same clueless ISPs will probably block 2525 someday too, clueless expands to fill any

Re: Can someone from SORBS contact me offlist?

Patrick W. Gilmore wrote: Given that you said AHBL requires two weeks to remove good IP addresses unless there is an "established contact", I'll be sure never to use said list. Suppose my business partner gets listed? Am I to ruin our relationship for two weeks because you are busy or don't l

Re: Issues with Gmail

On 09/02/2009 10:33 AM, Robert Mathews (OSIA) wrote: On Wed, Sep 2, 2009 at 5:05 AM, Randy Bush wrote: [] the internet is a wonderful demonstration of building a reliable network out of reliable components. but what we have with google mail (and apps) is two scary problems o way too many

Re: Issues with Gmail

atter of time unless somebody's willing to stand up and say that such things have been safely engineered away :) Mike Michael Thomas wrote: On 09/02/2009 10:33 AM, Robert Mathews (OSIA) wrote: On Wed, Sep 2, 2009 at 5:05 AM, Randy Bush wrote: [] the internet is a wonderful demonstrati

Re: SA pigeon 'faster than broadband'

On 09/11/2009 06:36 AM, Jeff Kell wrote: William Allen Simpson wrote: http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/2/hi/africa/8248056.stm?ad=1 Update needed for RFC 1149 (1 April 1990), A Standard for the Transmission of IP Datagrams on Avian Carriers Truly practical wit

Re: ISP customer assignments

On 10/05/2009 04:41 PM, robert.e.vanor...@frb.gov wrote: The address space is daunting in scale as you have noted, but I don't see any lessons learned in address allocation between IPv6 and IPv4. Consider as a residential customer, I will be provided a /64, which means each individual on Earth w

Re: ISP customer assignments

On 10/05/2009 04:59 PM, David Andersen wrote: On Oct 5, 2009, at 7:50 PM, Michael Thomas wrote: I'm perplexed. At what size address would people stop worrying about the "finite" address space? 256 bits? 1024 bits? I just don't get it. It's not like people get stressed

Re: ISP customer assignments

On 10/05/2009 05:09 PM, Adrian Chadd wrote: On Mon, Oct 05, 2009, Antonio Querubin wrote: On Mon, 5 Oct 2009, robert.e.vanor...@frb.gov wrote: The address space is daunting in scale as you have noted, but I don't see any lessons learned in address allocation between IPv6 and IPv4. Consider

Re: hotmail send bare LF

On 10/08/2009 04:54 PM, Ingo Flaschberger wrote: Hi, it seems, that hotmail send a bare LF in the added signature (and violates RFC). qmail drops the connection afterwards: 451 See http://pobox.com/~djb/docs/smtplf.html no helpfull response from hotmail: https://windowslivehelp.com/community/t

Re: Another driver for v6?

[EMAIL PROTECTED] wrote: I think that technical people underestimate the impact that this type of an event can provide. While we want to avoid being forced into a flag-day switchover, that does not mean that a flag day is all bad. We could have the Internet PLUS flag day in order to raise awarene

Re: routing around Sprint's depeering damage

Matthew Kaufman wrote: James Jun wrote: As much as we blame Cogent and Sprint for breaking the internet, I also have no sympathy for individual single-homed downstream customers on either networks. If you are complaining about Sprint<->Cogent depeering and have customers demanding for your miss

Re: Telecom Collapse?

Joe Abley wrote: This is straying far from network operations, but I think 911 generally engenders an unnecessary degree of hysteria. As I suggested before, the marketing of this fear from certain quarters has apparently been quiet effective. The probability of any single individual needing t

Re: v6 & DSL / Cable modems [was: Private use of non-RFC1918 IP space (IPv6-MW)]

Nathan Ward wrote: On 10/02/2009, at 11:35 AM, Scott Howard wrote: Go and ask those people who "feel statics are a given for IPv6" if they would prefer static or dynamic IPv4 addresses, and I suspect most/all of them will want the static there too. Now ask your average user the same question a

Re: Global Blackhole Service

[] I keep reading this subject as "Global Backhoe Service", ie, the sworn enemy of NANOG :) Mike

Re: IPv6 Confusion

Mikael Abrahamsson wrote: On Tue, 17 Feb 2009, Justin Shore wrote: different vendors, I asked each of them about their IPv6 support and they all unanimously claimed that there was no demand for it from their customers. Well, this is just ignorance or a kind of a lie. There might be few cust

Re: Yahoo and their mail filters..

valdis.kletni...@vt.edu wrote: On Tue, 24 Mar 2009 15:18:16 CDT, Jack Bates said: It's not a false spam report? The recipient obviously didn't think they wanted the email. I've seen people subscribe to a list, then *reply* to the subscription confirmation - and then hit "spam" not 5 minutes l

Re: maybe a dumb idea on how to fix the dns problems i don't know....

Randy Bush wrote: Paul Vixie wrote: hey are not occurring on nanog@, where they would be off-topic, like this thread here you may want to read the aup. by my read they are not off topic. Also: given how serious the problem is, I'd think that far and wide perspective on this is ap

Re: maybe a dumb idea on how to fix the dns problems i don't know....

Joe Greco wrote: Actually, it's quite a problem, for the server. Try, sometime, having a few thousand file descriptors all open, and then running select() on that fdset. But it's not even really that pleasant on many clients. It's a kernel consumable. You try to avoid introducing additional

Re: It's Ars Tech's turn to bang the IPv4 exhaustion drum

Justin M. Streiner wrote: On Tue, 19 Aug 2008, [EMAIL PROTECTED] wrote: I don't have a problem with assigning customers a /64 of v6 space. Why so little? Normally customers get a /48 except for residential customers who can be given a /56 if you want to keep track of different block sizes. If

Re: US government mandates? use of DNSSEC by federal agencies

Kevin Oberman wrote: Date: Tue, 26 Aug 2008 16:53:24 -0400 From: "Bill Bogstad" <[EMAIL PROTECTED]> Not sure what this will actually mean in the long run, but it's at least worth noting. http://www.gcn.com/online/vol1_no1/46987-1.html http://www.whitehouse.gov/omb/memoranda/fy2008/m08-23.pdf

Re: US government mandates? use of DNSSEC by federal agencies

Jeroen Massar wrote: Steven M. Bellovin wrote: On Wed, 27 Aug 2008 09:53:26 -0700 "Kevin Oberman" <[EMAIL PROTECTED]> wrote: So the question I have is... will operators (ISP, etc) turn on DNSsec checking? Or a more basic question of whether you even _could_ turn on checking if you were so incl

Re: US government mandates? use of DNSSEC by federal agencies

David Conrad wrote: On Aug 27, 2008, at 11:03 AM, Michael Thomas wrote: In any case, the point of my first question was really about the concern of false positives. Do we really have any idea what will happen if you hard fail dnssec failures? As far as I'm aware, there is no 'soft

Re: ingress SMTP

Jay R. Ashworth wrote: On Wed, Sep 03, 2008 at 11:56:51AM -0400, Justin Scott wrote: As a small player who operates a mail server used by many local businesses, this becomes a support issue for admins in our position. We operate an SMTP server of our own that the employees of these various

Why not go after bots? (was: ingress SMTP)

Charles Wyble wrote: I have SBC / AT&T / Yahoo DSL in Southern California and they block outbound 25 to anything but Yahoo SMTP server farm, and they only allow SSL connectivity at that. I'm all for that personally. That seems to be the convention wisdom, but the science experiment as it wer

Re: SMTP rate-limits [Was: Re: ingress SMTP]

Paul Ferguson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - -- Simon Waters <[EMAIL PROTECTED]> wrote: If the ISP blocks port 25, then the ISP is taking responsibility for delivering all email sent by a user, and they have to start applying rate limits. Otherwise if they send

Re: ingress SMTP

Eugeniu Patrascu wrote: On Sep 3, 2008, at 8:08 PM, Winders, Timothy A wrote: Yes, setting up a 587 submit server internally would be best, but man power is at a premium and it hasn't happened. I don't know what SMTP server you're using, but on Postfix you just need to uncomment one lin

Re: ingress SMTP

[EMAIL PROTECTED] wrote: - Original Message - From: Michael Thomas <[EMAIL PROTECTED]> Date: Monday, September 8, 2008 7:31 am Subject: Re: ingress SMTP Would that it were so easy :) You also have the more daunting task of hooking up your auth/aaa infrastructure with your MTA&

Re: hat tip to .gov hostmasters

Jason Frisvold wrote: On Mon, Sep 22, 2008 at 11:02 AM, Chris Owen <[EMAIL PROTECTED]> wrote: Chicken, meet egg. I think the point of the original post is that one end or the other has to start things. At least we have one US zone doing something on the server end of things. Oh, agre

Re: Breaking the internet (hotels, guestnet style)

On 12/07/2009 09:39 PM, Mark Andrews wrote: Joe Greco - sol.net Network Services - Milwaukee, WI - http://www.sol.net "We call it the 'one bite at the apple' rule. Give me one chance [and] then I won't contact you again." - Direct Marketing Ass'n position on e-mail spam(CN N) With 24 million sma

Re: Breaking the internet (hotels, guestnet style)

On 12/08/2009 01:21 PM, Jorge Amodio wrote: (Aside: my local library blocks everything but 80 and 443 outbound. I complained to the director; he cited "security". I tried explaining that I knew something about Internet security; he told me that the firm that had installed the system had "do

Re: best practices for PTR naming and whois (was, sadly, Re: Arrogant RBL list maintainers)

On 12/10/2009 07:54 AM, Steven Champeon wrote: In a nutshell, if you're not clearly indicating mail sources as mail sources, don't expect great deliverability. If you're running a Web hosting shop and don't have rate-limited outbound smarthosts, expect all your clients' mail to be suspected of be

Re: best practices for PTR naming and whois (was, sadly, Re: Arrogant RBL list maintainers)

On 12/10/2009 08:38 AM, Mark Andrews wrote: In message<4b211da6.9000...@mtcc.com>, Michael Thomas writes: To Crocker's point though: if IETF came up with a way to publish your network's dynamic space (assuming that's The Problem!), would operators do that? Or is this a

Re: best practices for PTR naming and whois (was, sadly, Re: Arrogant RBL list maintainers)

On 12/10/2009 09:06 AM, Joe Abley wrote: On 2009-12-10, at 16:42, Michael Thomas wrote: On 12/10/2009 08:38 AM, Mark Andrews wrote: The way to do this is to put other data in the ip6.arpa/in-addr.arpa and stop trying to infer things from the PTR records. Sigh. What is the "this"

Re: ip-precedence for management traffic

Randy Bush wrote: Totally out of the box, but here goes: why don't we run the entire Internet management plane "out of band" tread caefully. we have experienced (and some continue to experience) non-linear expansion of management, control, and stability problems when layers are non-congru

Re: ip-precedence for management traffic

David Hiers wrote: If the world wants an internet that is as predictable and reliable as the PSTN, it'll bear the cost of protecting the control plane. A fundamental choice in the protection scheme is physical architecture. IB or OOB, it's always a good thing to be explicit in design decisions,

Re: SORBS on autopilot?

On 01/12/2010 10:48 AM, Dave Martin wrote: On Tue, Jan 12, 2010 at 11:51:47AM -0500, Jed Smith wrote: On Jan 11, 2010, at 11:11 AM, Jon Lewis wrote: The vibe I got from a number of administrators I talked to about it was "why would a standards document assume an IPv4/IPv6 unicast address is a re

Re: SORBS on autopilot?

On 01/12/2010 11:34 AM, Patrick W. Gilmore wrote: On Jan 12, 2010, at 2:11 PM, Michael Thomas wrote: On 01/12/2010 10:48 AM, Dave Martin wrote: On Tue, Jan 12, 2010 at 11:51:47AM -0500, Jed Smith wrote: On Jan 11, 2010, at 11:11 AM, Jon Lewis wrote: The vibe I got from a number of

Bad Support Bots (was: SORBS on autopilot?)

William Hamilton wrote: "Please reply to this message to reopen your ticket and escalate your case to a live human being." And now SORBS: "If you feel otherwise, please reply to this message to re-open your ticket." Try as I might I really can't see what is not clear here... The difference

Re: Bad Support Bots

William Hamilton wrote: On 15/01/2010 16:57, Michael Thomas wrote: The difference is that nobody wants to "talk" to a robot when they're the victim of a false positive which is causing business impacting interruption. A robot is not empowered to go beyond its instructio

Re: Christopher Neitzert wants to stay in touch on LinkedIn

Paul Ferguson wrote: -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Fri, Feb 5, 2010 at 12:36 AM, Christopher Neitzert wrote: LinkedIn I'd like to add you to my professional network on LinkedIn. - Christopher Neitzert Confirm that you know Christopher Neitzert https://ww

Re: Earthquakes

Something to keep in mind is that raw magnitude isn't the whole story. The ground composition is *much* more important when it comes to destructiveness. A 5.0 earthquake in the Netherlands might be extremely damaging because of liquifaction. Also: California since we get quakes all the time, our r

Re: "Is TDM going the way of dial-up?"

On 03/26/2010 08:26 AM, Steve Meuse wrote: Rick Ernst expunged (na...@shreddedmail.com): I'm wondering if others are seeing the same behavior, if it's market-dependant, or if I'm just imagining things. I'm working on building new infrastructure and my current thoughts are to minimize my TDM fo

Re: "Is TDM going the way of dial-up?"

On 03/26/2010 08:26 AM, Steve Meuse wrote: Rick Ernst expunged (na...@shreddedmail.com): I'm wondering if others are seeing the same behavior, if it's market-dependant, or if I'm just imagining things. I'm working on building new infrastructure and my current thoughts are to minimize my TDM fo

<    3   4   5   6   7   8   9   >