How the NSA tampers with US-made Internet routers

snowden Enjoy! - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlNw+6cACgkQKJasdVTchbJvwAD9GySSpd3dpSMNkJM0y6GjWRzC +Ys/giaX2

New Zealand Spy Agency To Vet Network Builds, Provider Staff

FYI, - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version: GnuPG v2.0.22 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iF4EAREIAAYFAlNyHw4ACgkQKJasdVTchbLwDgD/WVHo2iTap

Re: New Zealand Spy Agency To Vet Network Builds, Provider Staff

calling them at 3am to > report BGP failures and ask permission to remediate. > > > On Tue, May 13, 2014 at 3:33 PM, Paul Ferguson > mailto:fergdawgs...@mykolab.com>> > wrote: > > I realize that New Zealand is *not* in North America (hence > NANOG), but I figure

Re: level3 dia egress filtering?

You can't really have your cake, and eat it too. If this is a deal breaker for anyone, getting it in writing within the contract should be the most basic of steps to undertake. Asking beforehand will also actually let you know who will and won't do this, thus avoid surprises like these altoget

Re: Observations of an Internet Middleman (Level3)

erent story. Okay, then call it the "faster lane" or the "uncongested lane" or something that actually reflects bias and preferential treatment. It's a done deal now: http://www.washingtonpost.com/blogs/the-switch/wp/2014/05/15/fcc-approves-plan-to-allow-for-paid-priority-

Re: Observations of an Internet Middleman (Level3)

e > for Flash on my Mac. > > Owen > > On May 15, 2014, at 10:17 AM, Paul Ferguson > wrote: > > On 5/15/2014 10:06 AM, Ryan Brooks wrote: > >>>> It's a shame the use of 'fast lane' is ubiquitous in this >>>> argument. If the loc

Dyn Acquires Internet Intelligence Service Renesys

-BEGIN PGP SIGNED MESSAGE- Hash: SHA256 Interesting development. http://techcrunch.com/2014/05/21/dyn-acquires-internet-intelligence-service-renesys/ FYI, - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 -BEGIN PGP SIGNATURE- Version

Re: ipmi access

On 6/2/2014 午後 09:19, Andrew Latham wrote: I use OpenVPN to access an Admin/sandboxed network with insecure portals, wiki, and ipmi. On Jun 2, 2014 7:13 AM, "Randy Bush" wrote: so how to folk protect yet access ipmi? it is pretty vulnerable, so 99% of the time i want it blocked off. but that

Re: ipmi access

True, excellent point as well. Multiple openvpn/ipsec entry points on a internal network is probably the best way to go. On 6/2/2014 午後 09:33, Jeroen Massar wrote: On 2014-06-02 14:23, Paul S. wrote: [..] On most ATEN chip based BMC boards from Supermicro, it includes a UI to iptables that

Re: real-time traffic engineering/management solutions

Two 'established' options are, 0. Noction IRP (As mentioned) 1. Internap FCP Everyone appears to either be using one of these, or have gone full custom. On 6/4/2014 午後 10:52, Tassos Chatzithomaoglou wrote: I'm having a look at real-time traffic engineering/management solutions that include vi

World Cup Streaming

Olympics for example but have no way to know if that is a pure guess or an educated estimate. I am assuming that the CDN’s involved have some pretty accurate ideas on what to expect but in the past I have not been able to get feedback from them with any specific estimations. Thanks, Paul

Re: World Cup Streaming

. Thanks, Paul From: Rubens Kuhl Date: Sunday, June 8, 2014 at 12:57 PM To: Paul Stewart Cc: Nanog Subject: Re: World Cup Streaming > > Sports events have their rights sold on per country basis; this leads to some > fragmentation of those numbers as network X has the rights for

Re: routing issues to AWS via 2914(NTT)

, Paul Wall On Fri, Jun 13, 2014 at 5:50 AM, Bryan Socha wrote: > Amazon hasn't reached out to us either... > > If you have other providers, use a combination of local-preference and the > customer communitiy strings with ntt to prepend around the circuit(s) in > nyc with the iss

Re: Client on OS X, Browsers ALL fail DNS Lookup off net Hosts, SMTP+shell OK

Oh lord... On 6/19/2014 午前 12:42, Nick Hilliard wrote: The Internet is down. Didn't you hear? Nick On 18/06/2014 16:40, Niels Bakker wrote: I'm sorry, this is NANOG, not your local helpdesk. HTH, HAND, -- Niels. * efba...@gmail.com (Everett F Batey II Gi) [Wed 18 Jun 2014, 17:34 CES

Re: Owning a name

p-level domain names was made with the knowledge that ISO has a procedure for determining which entities should be and should not be on that list." - Jon Postel, RFC 1591 - - ferg - -- Paul Ferguson VP Threat Intelligence, IID PGP Public Key ID: 0x54DC85B2 Key fingerprint: 19EC 2945 FE

Re: Team Cymru / Spamhaus

gt; > > Just wondering if anyone has any words of caution ("False > positives! Avoid FULLBOGONS and Spamhaus!"), or words of praise > ("Do it all! These services are wonderful!") before we take the > plunge. > > > > Thanks, > > Adam >

Re: Team Cymru / Spamhaus

+1, blanket banning is probably not the best way to go. On 6/28/2014 午前 05:40, Jon Lewis wrote: On Fri, 27 Jun 2014, Adam Greene wrote: We're evaluating whether to add BGP feeds from these two sources in attempt to minimize exposure to DoS. The Team Cymru BOGON list ( http://www.team-cymru.

Re: Listing or google map of peering exchange

I’ve actually been working on a site like that for a while (with Google Maps) - just never got around to putting it online. Honestly I wasn’t sure if there was an interest in it :) Paul On 2014-07-09, 2:18 PM, "Dennis Burgess" wrote: >Looking for a good listing of US/Canada pee

Re: Verizon Public Policy on Netflix

Unless said tf2 server happens to be hosted within UU's own network, I'd imagine the blame would go to whichever party in the transit path refused to upgrade their commitments. On 7/11/2014 午前 10:21, Jim Popovitch wrote: On Thu, Jul 10, 2014 at 9:12 PM, Miles Fidelman wrote: Randy Bush wrote

Re: Inevitable death, was Re: Verizon Public Policy on Netflix

On 7/15/2014 午後 12:51, Brett Glass wrote: But regardless of the financial arrangements, such a connection doesn't require an ASN or BGP. In fact, it doesn't even require a registered IP address at either end! A simple Ethernet connection (or a leased line of any kind, in fact; it could just as

Re: Net Neutrality...

On 7/19/2014 午前 03:35, William Herrin wrote: On Fri, Jul 18, 2014 at 2:05 PM, Rob Seastrom wrote: Michael Thomas writes: On 7/17/14, 2:15 PM, valdis.kletni...@vt.edu wrote: /me makes popcorn and waits for 4K displays to drop under US$1K and watch the network providers completely lose their s

Re: BGP Session

I believe you'll find that all of this gets a lot easier if you try to understand how layer 3 routing itself works instead of asking sparodic questions one at a time. I recommend picking up a layer 3 routing book for the platform of your choice and going through the basics. On 7/19/2014 午後 0

Re: DDoS mitigation Equinix?

This is done by performing some sort of filtering / acling, be it proactive or reactive on the traffic before it's handed off to you. How exactly EQX' solution is engineered is a question best left for their sales engineers or similar people to answer, though. On 7/19/2014 午後 04:44, Abuse Con

Re: DDoS mitigation Equinix?

CF is willing to offer network drops over GRE / XCs too and filter everything apparently if the price is right. It is a custom service, though. On 7/20/2014 午後 11:32, Ameen Pishdadi wrote: Equinix doesn't provide Ddos protection , cloud flare is able to mitigate attacks by spreading out the

Re: DDoS mitigation Equinix?

I believe so, that was just a generalized answer. On 7/20/2014 午後 11:12, Christopher Morrow wrote: isn't the offering just a whiteboxed verisgn/prolexic equivalent though? On Sat, Jul 19, 2014 at 3:51 AM, Paul S. wrote: This is done by performing some sort of filtering / acling,

Re: Verizon Public Policy on Netflix

When exactly did we sign up for a discreet math course `-` On 7/21/2014 午後 09:31, Michael Conlen wrote: On Jul 18, 2014, at 2:32 PM, Jay Ashworth wrote: - Original Message - From: "Owen DeLong" But the part that will really bend your mind is when you realize that there is no such th

Re: Inevitable death, was Re: Verizon Public Policy on Netflix

resulting in a loss of his 100% margin on the service. You're not a charity that's providing internet access to the poor ignored rural folks like you claim, you're a competitive overbuilder. You give the little boys who are deploying service where the big guys won't a bad name.

Richard Bennett, NANOG posting, and Integrity

Provided without comment: http://www.esquire.com/blogs/news/comcast-astroturfing-net-neutrality Drive Slow, Paul Wall

RE: Streaming

Streaming the Windows version here just fine... -Original Message- From: Joe Maimon [mailto:jmai...@ttec.com] Sent: Monday, June 13, 2011 11:43 AM To: North American Networking and Offtopic Gripes List Subject: Streaming Is it just me tearing my hair out?

RE: Streaming

Not the FLV stream I'm watching (http://hidef.mich.net:1234) Big black box in upper left -Original Message- From: Joel Jaeggli [mailto:joe...@bogus.com] Sent: Monday, June 13, 2011 2:19 PM To: Matt Hite Cc: North American Networking and Offtopic Gripes List Subject: Re: Streaming The sl

Re: ICANN to allow commercial gTLDs

a commercial basis. I don't mind new TLDs, but company ones are crazy and going to lead to a confusing and messy internet. Paul

Re: ICANN to allow commercial gTLDs

, see: http://www.icann.org/en/announcements/announcement-04jan08.htm other rootops who have spoken about this have said similar/compatible things. -- Paul Vixie KI6YSY

Re: unqualified domains, was ICANN to allow commercial gTLDs

in a search list containing 'this' and 'that', where the default search list is normally the parent domain name of your own hostname (so for me on six.vix.com the search list would be vix.com and so as long as dk.vix.com did not exist then http://dk/ would reach "dk.") -- Paul Vixie KI6YSY

Re: ICANN to allow commercial gTLDs

then get burned by all of the local "foobar.this.tld" and "foobar.that.tld" names that will get reached instead of their TLD. i say inevitable; i don't know a way to avoid it since there will be a lot of money and a lot of people involved. -- Paul Vixie KI6YSY

Re: unqualified domains, was ICANN to allow commercial gTLDs

> Date: Sun, 19 Jun 2011 19:30:58 -0500 > From: Jeremy > > "DK" may not be hierarchical, but "DK." is. If you try to resolve "DK" > on it's own, many (most? all?) DNS clients will attach the search > string/domain name of the local system in order to make it a FQDN. The > same happens when you tr

Re: unqualified domains, was ICANN to allow commercial gTLDs

> From: David Conrad > Date: Sun, 19 Jun 2011 16:04:09 -1000 > > On Jun 19, 2011, at 3:24 PM, Paul Vixie wrote: > > > i think we have to just discourage lookups of single-token names, > > universally. > > How? that's a good question. marka mentioned w

Re: unqualified domains, was ICANN to allow commercial gTLDs

> Date: Sun, 19 Jun 2011 19:22:46 -0700 > From: Michael Thomas > > > that's a good question. marka mentioned writing an RFC, but i expect > > that ICANN could also have an impact on this by having applicants sign > > something that says "i know that my single-label top level domain name > > will

Re: unqualified domains, was ICANN to allow commercial gTLDs

> Date: Sun, 19 Jun 2011 22:32:59 -0700 > From: Doug Barton > > ... the highly risk-averse folks who won't unconditionally enable IPv6 > on their web sites because it will cause problems for 1/2000 of their > customers. let me just say that if i was making millions of dollars a day and i had the

Re: IPv6 words

ef, but spotted this when testing connectivity using a site from one of the rackspace guys: ipv6.icanhazip.com.7200IN 2001:470:1f10:d57:feed:beef:cafe:d00d Paul

Re: Wacky Weekend: NERC to relax power grid frequency strictures

On 6/25/2011 12:32 PM, Seth Mattinen wrote: On 6/25/2011 15:12, Leo Bicknell wrote: I have never seen a generator that syncs to the utility for live, no break transfer. I'm sure such a thing exists, but that sounds crazy dangerous to me. Generators sync to each other, not the utility. Most o

Re: MX 80 advantages and shortcomings

Pros - small footprint, cost, feature rich Cons - no redundancy (other than power), 1/3rd the processor power Paul On Tue, 5 Jul 2011, chavan sanjay wrote: Hi Team,   Can anyone enlighten me on the pros and cons of MX 80 platform   Thanks Sanjay C.P. --- On Tue, 7/5/11, nanog-requ

Spam?

New location means we now get spam on Nanog? Could we go back to the old place?

Re: Spam?

e hard work, folk. > Let's work harder -- seriously, MailMan seemed to be working fine. ~:-/ - ferg -- "Fergie", a.k.a. Paul Ferguson  Engineering Architecture for the Internet  fergdawgster(at)gmail.com  ferg's tech blog: http://fergdawg.blogspot.com/

Re: Spam?

On Tue, Jul 12, 2011 at 8:00 AM, Randy Bush wrote: >>> thanks for the hard work, folk. >> Let's work harder > > thanks for volunteering.  when will you be flying out to the bay? > I already live in The Bay Area. Is there an 'revert' button? - f

Re: NANOG List Update - Moving Forward

e -- give it a rest. And let's take this thread to it's ultimate conclusion, please. - ferg -- "Fergie", a.k.a. Paul Ferguson  Engineering Architecture for the Internet  fergdawgster(at)gmail.com  ferg's tech blog: http://fergdawg.blogspot.com/

Re: Spam?

didn't see dozens). Does make me rather curious what the rejection stats are like for the old Mailman setup. Paul

Re: NetFlix Down

On 7/17/2011 12:36 PM, Scott, Robert D. wrote: > There appears to be a login issue at Netflix. Calls to their 1-866-579-7113 > number only yields a recording that they are experiencing a higher than > normal call volume, try again later. Widespread? Likewise from Hawaii. Guess this'll be anot

Re: best practices for management nets in IPv6

ryan> We keep running into problem with our IPv6 roll out. I just ryan> confirmed today that Exchange does not fully support IPv6 [...] ryan> Yes sorry Exchange 2010 - OCS, Lync, Exchange UM - these require ryan> IPv4 It's a hack (but all ipv6 transition stuff is...) but have you tried using ipv

RE: OOB

We do everything in-band with strict monitoring/policies in place. Paul -Original Message- From: harbor235 [mailto:harbor...@gmail.com] Sent: Tuesday, July 26, 2011 9:57 AM To: NANOG list Subject: OOB I am curious what is the best practice for OOB for a core infrastructure environment

RE: OOB

the radar constantly. Maybe it's "once bitten, twice shy" that needs to occur for the priority to change again. -Original Message- From: christopher.mor...@gmail.com [mailto:christopher.mor...@gmail.com] On Behalf Of Christopher Morrow Sent: Tuesday, July 26, 2011 10:14 AM To:

IPv6 Linux Server Support

orks best in an IPv6 server related environment. Thanks, Paul

Re: SORBS contact

On 07/29/2011 12:24 PM, Nick Hilliard wrote: On 29/07/2011 22:55, Michelle Sullivan wrote: Friendly or non friendly response is usually gaugable in advance by the tone of the initial email. Which is usually gaugeable in advance by the tone of the customer complaints that precipitated contact wi

Re: [BULK] Re: SORBS contact

d a subset of them. Would you not agree that it would be reasonable to assume that you (or your product designers) would know and understand all the standards appropriate to your product, and are ensuring your own compliance? Paul

Re: US internet providers hijacking users' search queries

On 08/05/2011 02:53 PM, Brielle wrote: Until they start MitM the ssl traffic, fake certs and all. Didn't a certain repressive regime already do this tactic with facebook or some other major site? Syria did: https://www.eff.org/deeplinks/2011/05/syrian-man-middle-against-facebook

not operational -- call for nominations for ARIN council & board

renew several expiring terms. candidates need not be ARIN members. please see <https://www.arin.net/announcements/2011/20110725_elec.html> and think about whether who you can nominate or whether you can self- nominate. paul vixie chairman, 2011 arin nomcom

Re: NANOGers home data centers - What's in your closet?

extremely flexible running some form of embedded linux distribution that you can access if you need to. Paul

Re: IPv6 Real World Maturity (was re: How long is your rack?)

in the world. Protocols have never been perfect, and probably never will be. Engineers and Ops have always struggled to make something that suits both worlds. Paul

Re: What do you do when your Home ISP is down?

On 8/19/2011 7:56 AM, Jason LeBlanc wrote: This is why I love my mom and pop DSL provider, I can call and get someone who speaks packets and listens and understands. I may not have the speed some cable providers offer (if you actually get it..) but it is reliable and I can get resolution quick

RE: New Natural Disaster! 8/27/2011 Hurricane Irene

>MRE's? In an enclosed space? For an extended period? >Time to implement the new Marine Rule of Engagement - no audible farting. >Hopefully they've gotten rid of the "bean component" ones. The audible ones are usually the ones you need to worry about ;)

Re: New Natural Disaster! 8/27/2011 Hurricane Irene

Sure, but it's not appropriately filtered to avoid contaminants, spikes and dips in the flow. Paul On 8/27/2011 6:16 AM, Kenton A. Hoover wrote: The hurricane provides its own redundant water. Text and URLs mangled by theiPhone Kenton A. Hoover +1.415.830.5843 ken...@nemersonhoover.org

Re: New Natural Disaster! 8/27/2011 Hurricane Irene

On 8/28/2011 6:01 AM, andrew.wallace wrote: It looks like the DHS, FEMA got this emergency wrong... by the time it got to NYC it was the equivalent of a normal day in Scotland.I live in Scotland... Andrew I'm sure the rest of the East Coast will be particularly appreciative of that sentiment

serviceproviderworld.com

at this site is literally getting started - there is an email link I found at the bottom of the site where you can email the group for assistance/questions/feedback. Just an FYI ... Thanks, Paul

RE: serviceproviderworld.com

Hehe... I said almost the exact same thing - oh well, give it some time and I'm sure it'll be "prettier"...;) From: brandon.j@live.com [mailto:brandon.j@live.com] On Behalf Of Brandon Kim Sent: September-02-11 9:21 AM To: p...@paulstewart.org; nanog group Subject: RE: serviceproviderwor

ISP Two-Way Utilization Studies between Subscriber and Network

Can anyone point me to useful recent studies showing the ratio of downstream to upstream traffic loading for a typical home Internet user? Broken out by traffic type would be really nice but not holding my breath. Thanks, -Donner

RE: serviceproviderworld.com

the layout scare you... Appreciate the feedback, Paul -Original Message- From: David Swafford [mailto:da...@davidswafford.com] Sent: September-03-11 7:56 AM To: Paul Stewart Cc: nanog@nanog.org Subject: Re: serviceproviderworld.com Good concept, here's two points of feedback: - Given the

RE: Pricing for Comcast Connectivity

Yes, definitely NDA in any of our dealings... I'd say the pricing was "competitive" for sure... Paul -Original Message- From: John van Oppen [mailto:jvanop...@spectrumnet.us] Sent: Friday, September 09, 2011 3:02 PM To: 'Oscar Caraig'; nanog@nanog.org Subject

Re: wet-behind-the-ears whippersnapper seeking advice on building a nationwide network

publically here, or privately, as you prefer. -- Paul Vixie KI6YSY

Re: wet-behind-the-ears whippersnapper seeking advice on building a nationwide network

Benson Schliesser writes: > Hi, Paul. sorry for the delay. i'll include the entirety of this short thread. >>> For what it's worth, I agree that ARIN has a pretty good governance >>> structure. (With the exception of NomCom this year, which is shamefully >

Re: wet-behind-the-ears whippersnapper seeking advice on building a nationwide network

increased member involvement, as well as broader > involvement from the community. (For instance, policy petitions > should include responses from the entire affected community, not just > PPML.) But my criticisms should be interpreted as constructive, and > are not an indictment of the whole approach. thanks for saying so. -- Paul Vixie

Re: Steve Jobs has died

rice, ease of use or whatever. Paul

Re: Telus mail server admin

ionable but short of quitting and finding other employment over something utterly trivial, what can you do if protests fall on deaf ears? Paul

Re: Telus mail server admin

On 10/7/2011 5:30 AM, Joel jaeggli wrote: On 10/7/11 08:26 , Paul Graydon wrote: On 10/6/2011 8:02 PM, John Levine wrote: DISCLAIMER:... Wow. I was thinking about answering the question, but now I don't dare. Regards, John Levine, jo...@iecc.com, Primary Perpetrator of "The In

RE: [outages] News item: Blackberry services down worldwide, Egypt affected (not N.A.)

Maybe they use the same security solutions as Playstation Network does... that would explain a lot suddenly. Paul -Original Message- From: andrew.wallace [mailto:andrew.wall...@rocketmail.com] Sent: Wednesday, October 12, 2011 10:47 AM To: frnk...@iname.com Cc: nanog@nanog.org Subject

Re: Did Internap lose all clue?

nd mirrors, but from Internap? -- Bas Reply with a link to wikipedia? http://en.wikipedia.org/wiki/BGP Possibly better still, Cisco's docwiki about it, assuming he might consider Cisco a bit more of an authoritative source: http://docwiki.cisco.com/wiki/Border_Gateway_Protocol#BGP_Attributes Paul

Re: Colocation providers and ACL requests

On 10/25/2011 08:43 AM, Christopher Pilkington wrote: Is it common in the industry for a colocation provider, when requested to put an egress ACL facing us such as: deny udp any a.b.c.d/24 eq 80 …to refuse and tell us we must subscribe to their managed DDOS product? -cjp For colo? No, f

Re: Performance Issues - PTR Records

paul4004> It is entirely possible they have it pointed to their paul4004> non-existent or broken DNS. Given current best practices, I paul4004> see no reason not to assign a generic paul4004> x.x.x.x-dynamic.customer.isp.com DNS across their netblock. It's already been pointed out that lame dele

Re: Performance Issues - PTR Records

tim> If PTR exists in zone file, serve it. Else, synthesize generic tim> reverse. Jobsagoodun. If all we're doing is lying with some generic answer that we hack our server to produce, why are we bothering? At that point, you're not proving clue. You're proving you at least bought a solution fr

Re: Comcast IPv6 Update

d minor ISPs to jump on board. Paul

Re: Welcome to the "Marketing" mailing list

s complete without a bit of righteous indignation. Paul

Re: IP addresses are now assets

urely about time it flared up again? Wouldn't want anyone to miss out on the fun ;) Paul

High latency/dropped packets on Mitel circuit in LA

eing the same missed pings on both the outside and inside interfaces from here (Richmond, VA) across the MPLS network. I know it's possible that it could be the router, but my gut tells me it's a circuit issue. Does anybody know of anything going on out there? Thanks, Paul

Re: Internet Edge and Defense in Depth

, and it's better than nothing, but I can't picture it actually being an improvement over split out functions. Paul

Postini Exiting ISP Business?

bout competitive solutions either in appliances or in cloud based - this is *not* an invitation for sales people to call me please. Thanks, Paul

RE: Ddos mitigation service

Akamai (CDN) does scrubbing??? Paul -Original Message- From: Pierre Lamy [mailto:pie...@userid.org] Sent: February-01-13 9:58 AM To: matt kelly Cc: nanog@nanog.org Subject: Re: Ddos mitigation service The 3 major scrubbing vendors: Prolexic Verisign Akamai

Re: TelePacific a good choice?

The lack of IPv6 implementation: http://bgp.he.net/AS14265#_asinfo should be the only feedback you need. On 2/19/13, Jeff Harper wrote: > Hiya, > > We're looking at TelePacific as a possible solution for some of our transit > needs. If you have an honest experience with them, positive or negat

Re: BCP38 - Internet Death Penalty

y for testing. > An argument could be made that "...fraud is fraud, is fraud, is fraud..." and should vigorously discouraged. :-) - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com

Re: Open Resolver Problems

on attacks is getting worse, not better. Oh yeah... and BCP38, too. :-) They both kind of go hand-in-hand. - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com

Re: Open Resolver Problems

vers, then against non-rate-limited > authoratative servers, default public RO SNMP communities, etc. > And I don't plan on being around doing this sort of work in another 10+ years, so let's stop farting around. :-p - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com

Re: BCP38 needs advertising

a great number of networks that don't >> participate with the community at large and may have no idea about >> BCP38 and why it is important. >> >> >> Jack >> >> >> >> >> > > -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com

Re: BCP38 needs advertising

But of course. :-) Also, just saw this: http://blog.cloudflare.com/the-ddos-that-almost-broke-the-internet - ferg On Wed, Mar 27, 2013 at 11:02 AM, Arturo Servin wrote: > > And do not forget > > http://tools.ietf.org/html/bcp38 > > :) > > -as > &

Re: Cloudflare, and the 120Gbps DDOS "that almost broke the Internet"

tention of the masses I can't help but feel that this is essentially a > time bomb. If this attack was an order of magnitude larger, things might be > very different. > Consider this a call-to-arms, in all aspects. Please. - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com

Re: BCP38 - Internet Death Penalty

, at various events, and start talking about this. And we need a lot more people on board. Nation & international campaigns, etc. And there may even be some stick approaches to accompany the carrot, but some awareness is going to have to happen. Sing it from the mountain tops. - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com

Re: BCP38 - Internet Death Penalty

the risks and how to mitigate them, and how doing so > enhances business continuity. > Funny you should mention it. Actually, I do know someone who is in the "digital insurance" (for lack of a better term) business, and although I just met them a few weeks ago, somehow I get the

Re: Verizon Wireless security contact needed

You should get yourself a lawyer. This is what happened the last time someone from this community attempted to report a security/data breach issue to a mobile provider: http://en.wikipedia.org/wiki/Weev Drive Slow, Paul Wall On 3/27/13, nick hatch wrote: > Hi all, > > I just dis

Re: Tier 2 ingress filtering

hich disallows a downstream network from sourcing spoofed packets -- and the closer to the "edge" you are, the better, Hierarchy is great for that. :-) I guess the next best thing is "Trust but verify"? - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com

Re: BCP38 tester?

The Things I Think RFC 2100 > Ashworth & Associates http://baylink.pitas.com 2000 Land Rover DII > St Petersburg FL USA #natog +1 727 647 1274 > -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com

Re: Open Resolver Problems

one of the > resolvers is a Netgear SOHO NAT box. EoL'd, no new firmware available. > Anyone have any feeling for what percentage are these types of boxes? > A lot? :-/ - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com

Re: Open Resolver Problems

oligopoly situation, that's hardly a valid set of choices and is > tantamount to extortion. > Yeah, I thought so, too, but apparently the FCC and the SEC hasn't seen it that way for the past 20 years. Go figure. :-) - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com

Re: Open Resolver Problems

ere you are in the U.S., many consumers have a choice between bad and worse. :-) - ferg -- "Fergie", a.k.a. Paul Ferguson fergdawgster(at)gmail.com

RE: Speedtest Results speedtest.net vs Mikrotik bandwidth test

We host one of the gazillion speed test sites and for networks that are close to us we find it "reasonably accurate" .. a good benchmark at least .. Even our installers in the field use it as a "reference point" YMMV obviously Paul -Original Message-

<    1   2   3   4   5   6   7   8   9   10   >