Re: How to have open more than 65k concurrent connections?

Jorge Amodio (jmamodio) writes: > you have only 16-bits for port numbers. 65k port numbers != number of connections. The number of open connections (if we're talking TCP) is limited by the number of max file descriptors in the kernel (fs.file_max). See also: http://www.

Re: Failover IPv6 with multiple PA prefixes (Was: IPv6 fc00::/7 — Unique local addresses)

Jeroen Massar (jeroen) writes: > > Now the problem with such a setup is the many locations where you > actually are hardcoding the IP addresses/prefixes into: firewalls, DNS > etc. That is the hard part to solve, especially when these services are > managed by other parties. And probably

Re: flow analysis for juniper devices

Mehmet Akcin (mehmet) writes: > hey there > > any recommendations on freeware flow analysis tool which can show the flow > not only per prefix basis but also show asn and/or country/region as well? > Juniper only. Hi Mehmet, As someone else answered, export v9 flows and then run

Re: vmware recover a 4.0 boot with a 4.1 cd

Randy Bush (randy) writes: > borked vmware boot, reset says no opsys found. it's a 4.0 system. > > can i do recovery (saving vmfs) using 4.1 cd, or must i use 4.0? Yes, it will work for accessing the vmfs, at the very least. Phil

Re: NIST IPv6 document

Jeff Wheeler (jsw) writes: > > IPv4) [...] > Not good, but also does not affect any other interfaces on the router. You're assuming that all routing devices have per-interface ARP tables. > IPv6) > Typically, this breaks not just on that interface, but on the entire > router

Re: NIST IPv6 document

Jeff Wheeler (jsw) writes: > are badly needed. The largest current routing devices have room for > about 100,000 ARP/NDP entries, which can be used up in a fraction of a > second with a gigabit of malicious traffic flow. What happens after > that is the problem, and we need to tell our vendors wh

Re: NIST IPv6 document

Owen DeLong (owen) writes: > > But, Jeff, if the router has a bunch of /24s attached to it and you scan > them all, the problem is much larger than 250 arp entries. > > I think that's what Phil was getting at. And so did Joel. If you've got a crapload of VLANs attached to a box,

Re: Network Simulators

Arturo Servin (arturo.servin) writes: > > GNS3 > http://www.gns3.net/ > > This is another network simulator, mainly for academic research. > > NS-2 > http://www.isi.edu/nsnam/ns/ > > And you can always setup some virtual machines with DNSs, hosts and > routers with open-source soft

Re: adaptec 5405 wedged

On 19/01/2011, at 00.23, Randy Bush wrote: > any adaptec bios-level fu out there? if so, please see > http://archive.psg.com/110119.adaptec.pdf > Hi Randy, Did you see this bit about transfer speed issues? http://ask.adaptec.com/scripts/adaptec_tic.cfg/php.exe/enduser/std_adp.php?p_faqid=

Re: Using IPv6 with prefixes shorter than a /64 on a LAN

bmann...@vacation.karoshi.com (bmanning) writes: > as a test case, i built a small home network out of /120. works just fine. > my home network has been native IPv6 for about 5 years now, using a /96 and > IVI. > > some thoughts. disable RD/RA/ND. > none of the DHCPv6 code works

Re: [outages] News item: Blackberry services down worldwide

Joe Abley (jabley) writes: > > On 2011-10-12, at 13:05, Leigh Porter wrote: > > > Email on my iPhone is working fine.. ;-) > > The blackberry message service is centralised with a lot of processing > intelligence in the core. Messaging services that use the core as a simple > transport and shi

Re: [outages] News item: Blackberry services down worldwide

Joe Abley (jabley) writes: > > > This is not the case for corporate customers with dedicated servers, > > AFAIU. > > I'm no expert, but my understanding is that at some/most/all traffic between > handhelds and a BES, carried from the handheld device through a cellular > network, still f

Re: Please change Mailman back to NOT force the rewrite for Reply-to

John Peach (john-nanog) writes: > > Normally I'd have just made this point privately, and perhaps only on > > Futures, but since it seems to be a recent change, I'm doing the public > > service of pointing it out, while asking that it be adjusted back. > > I don't see that; I have to specificall

Re: Please change Mailman back to NOT force the rewrite for Reply-to

Patrick W. Gilmore (patrick) writes: > > Yes, he said he set reply-to himself. Look at your own post, it has no such > header. Glenn Sieb (ges) writes: > > I think you missed John's last sentence, Phil... *sigh* back to the coffee machine. P.

Re: Dnssec and ptr records

Eric J Esslinger (eesslinger) writes: > Quick question for those who have researched things more closely. I have > signed all my forward zones and think I've crossed my I's and dotted my T's, > but one thing I'm not sure of... > > Are we supposed to setup signing for reverse dns zones?

Abha Ahuja, 2001

Abha passed away 10 years ago today. Time flies.

Re: Network Asset/Service Track/Management

Payam Poursaied (me) writes: > Hi all > > I'm looking for a system to keep track of network assets and also periodic > services in each pop site. Currently we have > about 500 pop-sites. In each site we have DSLAMs, Linecards and also some > passive equipments including terminals, racks > and ..

Re: Arguing against using public IP space

William Herrin (bill) writes: > If your machine is addressed with a globally routable IP, a trivial > failure of your security apparatus leaves your machine addressable > from any other host in the entire world which wishes to send it > packets. In the parlance, it tends to "fail open." Machines us

Re: Arguing against using public IP space

Doug Barton (dougb) writes: > On 11/13/2011 13:27, Phil Regnauld wrote: > > That's not exactly correct. NAT doesn't imply firewalling/filtering. > > To illustrate this to customers, I've mounted attacks/scans on > > hosts behind NAT devices, from

Re: Arguing against using public IP space

Chuck Church (chuckchurch) writes: > When you all say NAT, are you implying PAT as well? 1 to 1 NAT really > provides no security. But with PAT, different story. Are there poor > implementations of PAT that don't enforce an exact port/address match for > the translation table? If the translatio

Re: Network device command line interfaces

Jonathon Exley (Jonathon.Exley) writes: > However vendors of low cost routers/switches/muxes Hi Jonathon, have you ever tried to work with a Catalyst Express 500 ? A good example of a fully functional IOS device, where the vendor went out of their way to disable Telnet/SSH,

Re: btw, the itu imploded

On Sun, Dec 16, 2012 at 12:20:57PM -0800, Doug Barton wrote: > > I'm certain that most of you have already noticed how cutting off the > Internet is now on page 1 of every country's list of "Things to do when > there is an uprising ..." In Egypt, this may actually have led to the opposi

Re: IP Address Management IPAM software for small ISP

Thilo Bangert (thilo.bangert) writes: > > Then in your provisioning tools, you'd request resource from specific pool > > via restful API. Humand would never manually write RD/RT/IP/VLAN in the > > tool or in the configs. And this type of system is vastly simpler than the > > IPAMs I see listed, onc

Re: IP Address Management IPAM software for small ISP

Saku Ytti (saku) writes: > > If exactly what I want exist, of course I'd love to have it. But evaluating > options, working with them until you realise it does not work for you might > take more time to just build it in-house to fit your needs and integrate to > your existing systems. htt

Re: IP Management Software

Shahab Vahabzadeh (sh.vahabzadeh) writes: > Hi everybody, > Can anybody share his/her experience with IP Management software's? Which I > can use it managing near 100K IP Address? > IPPlan is not good enough, I think its covering all my need and not fully > flexible. > If you have discuss this befo

Re: incoming smtp from v6 addresses

Randy Bush (randy) writes: > > 7.8% is over ipv6 transport > > but only 2% of outgoing deliveries are over ipv6. > > what do other folk see? What's your primary configuration ? Hub, end user system ? Care to share the methodology ? I can run some stats, but want to be

Re: incoming smtp from v6 addresses

Received # grep 'amavis' mail.log | grep Passed | wc -l 1411 (1189 if only counting CLEAN, post amavisd) #grep 'amavis' mail.log | grep Passed | grep IPv6 | grep -v '::1' | wc -l 255 (253 if only counting CLEAN - so less spam in IPv6 :) Sent # grep 'postfix/smtp' mail.log | g

Re: IP Management Software

Josh Baird (joshbaird) writes: > In that case, there aren't too many options. I have used IPPLAN in > the past, and I have found it difficult to use and manage. Most of > the other open source IPAM packages are now vaporware. Like, TIPP or Netdot ? http://tipp.tobez.org/

Re: accessing multiple devices via a script

Abdullah Al-Malki (a.almalki1402) writes: > Hi fellows, > I am supporting a big service provider and sometimes I face this problem. > Sometimes I want to access my customer network and want to extract some > verification output "show commands" from a large number of devices. > > What kind of scrip

Re: 2012.02.06 NANOG54 monday morning session notes are up

Matthew Petach (mpetach) writes: > I posted my notes from this morning's session at > > http://kestrel3.netflight.com/2012.02.06-nanog54-morning-session.txt > > in case people find them to be useful. For those of us not attenting, this is invaluable. Thanks a lot for this work, M

Re: Common operational misconceptions

Mario Eirea (meirea) writes: > Something that makes me crawl out of my skin is when they refer to an access > point as "router". I have colleagues that work with radio and wireless, and they crawl out of *their* skin when I call an access point an access point, and they tell

Re: Common operational misconceptions

Mark Andrews (marka) writes: > If you want to know if your resolver talks IPv6 to the world and > supports 4096 EDNS UDP messages the following query will tell you. > > dig edns-v6-ok.isc.org txt > > Similarly for IPv4. > > dig edns-v4-ok.isc.org txt > 9.8.1

Re: Common operational misconceptions

Borderline dns-ops, sorry folks! - but this is interesting as we've been talking about ipv6 being operational, and this is part of it... Mark Andrews (marka) writes: > > If you are seeing TC between the resolver and the server and the TCP query is > being answers then > s

Re: X.509 Certs For Personal Use

toor (lists) writes: > I use http://www.startssl.com/ for all my personal certifcates. I have > not had any issues with the validations (once you have an account you > can validate a domain by sending an email to a predefined list of > contact addresses) and the certificates are issued instantly.

Re: X.509 Certs For Personal Use

John Peach (john-nanog) writes: > > > > "Your request is being held up for review by our personnel". > > > > Up to 6 hours. Must be their definition of instant :) > > It's nice to see that they actually do random reviews, rather than just > issuing everything requested. I use startss

Re: X.509 Certs For Personal Use

On 18/02/2012, at 19.58, Christopher Morrow wrote: > > (sorry, the blog's url is stupid and long) > > use your own key materials and gen your own csr ... silly simple Yep someone else pointed me to this off list. Very useful - thanks! Cheers Phil

Re: RANCID script for monitoring the routes received from peers.

Ajay Kumar (joinajay1) writes: > Hello, > > We are running IX in India.Has some one written script for monitoring the > routes announcement from peers?If yes,would you like to share code with > me.It can be done via one script under the framework of RANCID.I want to > know difference of routes,whi

Re: Questions about anycasting setup

Steve Gibbard (scg) writes: > I have no idea what Cisco equipment Elmar is using, but I wouldn't jump to > the conclusion that it can't withdraw routes when needed. Wouldn't the dns bit of ip sla do most of what's needed on IOS ? http://www.cisco.com/en/US/docs/ios/12_4/ip_sla/c

Re: $1.5 billion: The cost of cutting London-Tokyo latency by 60ms

Vitkovsky, Adam (avitkovsky) writes: > > Can't wait for the neutrino SFPs :) You know the shipping cost on a 2 light year thick lead SFP ?

Re: airFiber

Drew Weaver (drew.weaver) writes: > I've read that it requires perfect line of sight, which makes it sometimes > tricky. > > Thanks, > -Drew Define perfect line of sight ? How is this different from any other wireless link and the associated Fresnel zone ? http://en.wik

Re: rpki vs. secure dns?

Nick Hilliard (nick) writes: > > Leaving aside technical matters, this is one of the more contentious > political issues with RPKI. RPKI is a tool which can be used to locally > influence routing decisions, but allows centralised control of prefix > authenticity. If this central point is influen

Re: rpki vs. secure dns?

Rubens Kuhl (rubensk) writes: > > In case you feel a BGP announcement should not be "RPKI Invalid" but > > something else, you do what's described on slide 15-17: > > > > https://ripe64.ripe.net/presentations/77-RIPE64-Plenery-RPKI.pdf > > The same currently happens with DNSSEC, doing what Comcas

Re: rpki vs. secure dns?

Brandon Butterworth (brandon) writes: > > or you wait for the Elders of the Internet to visit with blessings > http://www.youtube.com/watch?v=iDbyYGrswtg Didn't randy just chime in ?

Re: pbx recco

Wayne Wenthin (wayne.wenthin) writes: > Randy, > > Greets from 105/102! > Now that I've said that I have had some luck with Trixbox. His fun will > be getting the Cisco phones talking sip and liking it. Am running Trixbox (which wraps FreePBX) for 11 users, and using 7940s. Has

Re: Whois data compromised?

Eric Rosenberry (eric.rosenberry) writes: > Not sure where this data got injected into the system (or who knows, > perhaps it's a DNS injection attack or something), but this certainly is > not right. :-( > http://slacksite.com/humour/whois.html

Re: DDI (DNS+DHCP+IPAM) Solutions

On 26/06/2012, at 19.37, Eric Cables wrote: > Can anyone respond with their experience with DDI in an Enterprise > environment? Have the tools been useful/reliable? What is the pricing > model?Replies can be on, or off, list Have you looked at netdot (netdot.uoregon.edu) ? Cheers, Phil

Re: IMPLEMENTING A SOFTWARE BASED ROUTE SERVER

Joseph M. Owino (jpmuga) writes: > Hi, > > Hope you are all well. I work at an exchange point and was seeking any > assistance on how to implement a software based route server as currently we > are using a Cisco Router for that purpose. Any form of assistance will be > highly appreciated.

Re: Semi-automated L3 interface DNS records

Pedersen, Sean (Sean.Pedersen) writes: > Does anyone out there have any experience with a script, tool or appliance > that would help manage the creation and maintenance of DNS records for Layer > 3 interfaces on routers and switches? Hi Sean, Part of Netdot's (Network Documenta

Re: Detection of Rogue Access Points

Raymond Burkholder (ray) writes: > > NetDisco knows how to scan networks for mac addresses, arp addresses, ip > addresses, etc. It keeps track of deltas. It may have be able to email > deltas or something similar.Or run a query against the database, as I > seem to recall it seems to hold his

Re: Whats so difficult about ISSU

Saku Ytti (saku) writes: > > I've sometimes wondered why Linux is so common, and not FreeBSD. Historical reasons and good timing. > Is it easier to hire people if you use Linux? As opposed to... ? > Or is GPL not really problematic issue, > as you can hide your intellectual pro

Re: Big day for IPv6 - 1% native penetration

joel jaeggli (joelja) writes: > On 11/24/12 8:29 PM, Dobbins, Roland wrote: > >On Nov 25, 2012, at 10:09 AM, joel jaeggli wrote: > > > >>from goeff huston's data they have more v6 at home. > >And not purposely, either - because it's enabled by default on recent client > >OSes. My guess is that a

Fw: new message

Hey! New message, please read <http://arsios.de/each.php?8x> Phil Regnauld

Re: IPAM

On 26/04/2010, at 17.57, Bryan Fields wrote: Is anyone running IPplan? http://iptrack.sourceforge.net/ I looked at it before, and at the time it's support of V6 was lacking. Is anyone running this in a SP environment with v6? Any other OSS tools for this people are using? Check out t

Re: IPAM

Michael Hertrick (mike.hertrick) writes: > > I found netdot recently. It's a work in progress, but is coming along. > IPAM (with v6 support) is just one component; it has a lot of other > features and uses as well, too many to list here. Just check out the > web site: > > http://netdot.uoregon

Re: [dns-operations] Desire to migrate back to BIND

Had forgotten to answer the list... On 28/04/2010, at 07.07, Steve Bertrand wrote: > What I ask of the members of the community, is if you can make a > recommendation on a piece of software that can bridge the gap so > that my > colleagues can use the pointy-clicky method of making simple change

Re: [dns-operations] Desire to migrate back to BIND

Steve Bertrand (steve) writes: > > Thanks for the recommendations... > > What I'm most confused about, is how this ended up on this list ;) Duh. I did a reply from my iPhone, and then reread the mail that came in, saw your "what I ask from the community" and realized I'

Re: wanted: your old NAT home router

Lars Eggert (lars.eggert) writes: > Hi, > > for a measurement study done together with Markku Kojo's team at the > University of Helsinki, we're looking to collect as many different NAT home > routers as possible. If you have an old clunker lying around somewhere, > please contact me off-list.

Re: Internationalized domain names in the root

Neil Harris (neil) writes: > > To fix it, the .eg / .xn--4gbrim TLD registrar needs to contact the > Mozilla Foundation in order to inform the Foundation of their > official IDN name allocation policy, so that the native-script URL > display can then be switched on for their domain. > > See https

Re: Config and scheduled event management software?

George Bonser (gbonser) writes: > Anyone have any recommendations of software for Configuration Management > (change control for hardware, networks etc) and > event scheduling? > > We are using a hodgepodge of homegrown stuff and RT but are outgrowing > it. > > What's good? What sucks? H

Re: Monitoring Tool

Joshua William Klubi (joshua.klubi) writes: > Hi > I have been tasked to develop a good network for a Bank and i have also been > tasked to get a good monitoring tool for the Bank's local network and > Service providers network. i would like to ask the community > to help recommend the best tool ou

Re: Monitoring Tools

jacob miller (mmzinyi) writes: > Am looking for an opensource network monitoring tool with ability to create > different views for different users. > Hi Jacob, What kind of network monitoring ? Bandwidth utilization, service availability, RTT, statistics data collection, ... ?

Re: Monitoring Tools

Nathan Eisenberg (nathan) writes: > It hasn't really changed. Almost every monitoring package I've found > where you want to monitor something like 'disk space free on /' requires > a daemon of some sort on the host - whether that's SNMPD or their agent. Anything else than SNMP is a hassle

Re: Monitoring Tools

Curtis Maurand (cmaurand) writes: > > Oh, and it avoided us having to install an agent on 1000+ servers :) > > > But the configuration learning curve for SNMP is very steep indeed. Doing network monitoring and not understanding SNMP is like, umm, well I fail to come up with an

Re: Netflow Tool

On 17/09/2010, at 21.06, Everton Marques wrote: > > nfdump with custom output. > > Custom output format: -o fmt:.. > This is the most flexibel format, as you can specify yourself how the output > looks like. The output format is defined using element tags as well as plain > ascii text. > > h

Re: Active Directory requires Microsoft DNS?

Darren Pilgrim (nanog) writes: > Tom Mikelson wrote: > >Presently our organization utilizes BIND for DNS services, with the > >Networking team administering. We are now being told by the Systems team > >that they will be responsible for DNS services and that it will be changed > >over to the Micro

Re: Dan Kaminsky

Jorge Amodio (jmamodio) writes: > > It may sound too futuristic and inspired from science fiction, but I never saw > Captain Piccard typing a URL on the Enterprise. That's ok, I've never seen the Enterprise at the airport. > Sooner or later, we or the new generation of ietfers and nanoge

Re: DNS hardening, was Re: Dan Kaminsky

bert hubert (bert.hubert) writes: > > 5 is 'edns ping', but it was effectively blocked because people > thought DNSSEC would be easier to do, or demanded that EDNS PING > (http://edns-ping.org) would offer everything that DNSSEC offered. I'm surprised you failed to mention http://dnscurve

Re: Tinet

Some hosting we have in Paris was hit by an outage between 0100 GMT and 0800 GMT which seemed to be related to a software upgrade at Tinet. The affected path was between Copenhagen (TDC) and Galacsys/AS28855, via former Tiscali. P. Ryan Werber (RWerber) wr

Re: Is v6 as important as v4? Of course not [was: IPv6 internet broken, cogent/telia/hurricane not peering]

Patrick W. Gilmore (patrick) writes: > You really can't read, can you? > > And I spoke to Martin about it personally. If he's OK with it, > perhaps you should clam down? I know Randy to be a bit taciturn and hard to get through to sometimes, but never of being a shellfish.

Re: Simple Change Management Tracking

Paul Stewart (pstewart) writes: > Thanks very much.. > > We ran RT for a while but every time a new update came out on CentOS it broke > the installation (perl mods), making it a pain to keep running. Hi Paul, I'm maintaining RT installs on FreeBSD, Debian, CentOS/RHEL, and so f

Re: Simple Change Management Tracking

Dan Young (dyoung) writes: > If you want Fedora-ish packages built for RHEL/CentOS, getting them > from EPEL is a better choice: > http://download.fedora.redhat.com/pub/epel/5/i386/repoview/rt3.html > http://download.fedora.redhat.com/pub/epel/5/x86_64/repoview/rt3.html Yes, EPEL is ok, bu

Re: OT: Remebering Abha Ahuja - 6 years

Jim Popovitch (yahoo) writes: > > If there can be weeks long discussions on 240/4 or ipv6, 240/4 and ipv6 is on topic. > why not at > least a day or two of remembrances from everyone on what Abha did for > the community as well as ways she might have helped you? Because Abha w

Re: monitoring tools

Nesser, Phil (nesser) writes: > > It has been a while since I have had to seriously think about > network/system/application monitoring and now I have got to look at it. Can > anyone point me towards: > > 1. Serious documents on monitoring (i.e. not vendor whitepapers) Hi Phil,

Re: [NANOG] Introducing latency for testing?

Joel Jaeggli (joelja) writes: > The freebsd dummynet driver is all about latency simulation... > > http://www.scalabledesign.com/articles/dummynet.html > > linux has a netem which can do the same thing > > http://www.linux-foundation.org/en/Net:Netem dummynet is significantly easier to

Re: OT: www.Amazon.com down?

Adam Fields (nanog304985) writes: > whois for yahoo.com and google.com yield similar results. And microsoft as well maybe ? MICROSOFT.COM.ARE.GODDAMN.PIGFUCKERS.NET.NS-NOT-IN-SERVICE.COM MICROSOFT.COM.AND.MINDSUCK.BOTH.SUCK.HUGE.ONES.AT.EXEGETE.NET MICROSOFT.COM > I expect this means tha

Re: smstools and CDMA

Douglas K. Rand (rand) writes: > From the GMS point of view I live and work in the boondocks: Grand > Forks, North Dakota. (OK, so there is a decent argument that the > entire US is GSM boondocks.) > > Anyway, I'm trying to figure out a way of sending and receiving text > messages using a tool lik

Re: smstools and CDMA

Douglas K. Rand (rand) writes: > > Phil> Alternatively, have you considered a Nokia handset with Gnokii ? > > No, not really. I was thinking that a "modem" would be a little more > robust and easier to deal with in the rack than a handset would be. If > I'm given a choice, I think I'd sta

Re: OS, Hardware, Network - Logging, Monitoring, and Alerting

Rev. Jeffrey Paul (sneak) writes: > > 1) Is SNMP the best way to do this? Obviously some of the data (service > checks) will need to be collected other ways. SNMP, the vendor MIBs + SNMP extensions for monitoring hardware specifics (PSU, etc...), and something like Nagios to do

Re: what problem are we solving? (was Re: ICANN opens up Pandora's Box of new TLDs)

David Conrad (drc) writes: > > Other folks believe that anything that reduces the effective monopoly > VeriSign has (through .COM and .NET) would be a good thing. This view > holds that by increasing the number of top-level domains, you increase the > opportunities for consumer (that is, domain

Re: ICANN opens up Pandora's Box of new TLDs

Owen DeLong (owen) writes: >> > Whether some choose to do that or not, I believe that the point is that: > > 1.Nobody is FORCING them to do so. Trademark law is forcing you to - you have to make reasonable attempts to actively defend your trademark. Of course, no-one forces yo

Re: ICANN opens up Pandora's Box of new TLDs

Jim Shankland (nanog) writes: > > Because it's Friday, I checked the last few weeks or so of logs from > my personal mail server (located in the US), and broke the list of > unique IP addresses rejected by zen.spamhaus.org up by registry: ... spam coming from US computers vs. spam coming f

Re: ICANN opens up Pandora's Box of new TLDs

Rich Kulawiec (rsk) writes: > > Best practice is refuse all mail that comes from any host lacking rDNS, > since that host doesn't meet the minimum requirements for a mail server. No, that's utterly stupid. You're excluding countries which have poor infrastructure or clueless ISPs

Re: ICANN opens up Pandora's Box of new TLDs

Roger Marquis (marquis) writes: > I have to conclude that ICANN has failed, simply failed, and should be > returned to the US government. Perhaps the DHL would at least solicit for > RFCs from the security community. DHS ? Otherwise, yes, you could ship ICANN back to the US gvt. with DH

Re: ICANN opens up Pandora's Box of new TLDs

Rich Kulawiec (rsk) writes: > > I don't see a problem with not accepting mail from clueless ISPs or their > customers. The requirement for rDNS has been around for decades. > Anyone who's not aware of it has no business running a mail server. Requirement ? What requirement ? There's no

Re: Mail Server best practices - was: Pandora's Box of new TLDs

[EMAIL PROTECTED] (michael.dillon) writes: > > > http://www.maawg.org/about/MAAWG_Sender_BCP/MAAWG_Senders_BCP_Combine.pdf Thanks for the pointer. I don't necessarily agree with all of it, but it's definitely a good reference. I just get irritated by actions tha

Re: ICANN opens up Pandora's Box of new TLDs

Matthew Petach (mpetach) writes: > If they simply use "smtp" as the hostname, most of the > current resolver libraries will append the local domain > name, so that instead of reaching my A record for smtp, > they'll end up trying to reach smtp.their.domain. Actually, that's a good point --

Re: ICANN opens up Pandora's Box of new TLDs

John Levine (johnl) writes: > d) 280 # dig @f.root-servers.net axfr . | egrep 'IN[[:space:]]NS' | awk '{ print $1 }' | sort -u |wc -l 281 (with . itself)

Re: ICANN opens up Pandora's Box of new TLDs

David Conrad (drc) writes: > > 1) The new gTLD stuff hasn't gotten as far as the point where the testing > of IDN stuff started. Mhh, ok :) > 2) ICANN (or rather, the technical side of ICANN staff) has thought about > this and there is a 'technical evaluation' phase of the application

Re: ICANN opens up Pandora's Box of new TLDs

Matthew Petach (mpetach) writes: > > That was amusing. Firefox very handily took me to a search > results page listing results for the word "museum", none of > which was the actual page in question. ... and Safari took me to www.museum.com. > Thanks for all the pointers! I guess I won'

Re: ICANN opens up Pandora's Box of new TLDs

Phil Regnauld (regnauld) writes: > John Levine (johnl) writes: > > d) 280 > > # dig @f.root-servers.net axfr . | egrep 'IN[[:space:]]NS' | awk '{ print $1 > }' | sort -u |wc -l > > 281 Interesting extract from a transcript of tICANN board meet

Re: Multiple DNS implementations vulnerable to cache poisoning

Eric Davis (eric) writes: > Anyone using Infoblox DNSOne? They claimed to have fixed their BIND version > but I still see issues with source ports staying the same. Which version are you running of the OS ?

Re: SANS: DNS Bug Now Public?

Joe Abley (jabley) writes: > > Having just seen some enterprise types spend time patching their > nameservers, it's also perhaps worth spelling out that "patch" in this case > might require more than upgrading resolver code -- it could also involve > reconfigurations, upgrades or replacements of

Re: Password repository

Jay Nakamura (zeusdadog) writes: > Quick question, does anyone have software/combination of tools they > recommend on centrally store various passwords securely? Home built app with GELI (FreeBSD) encrypted disk image and automated versioning of documents/secure stuff wih a VCS. W

Re: DNS query analyzer

Joseph Jackson (jjackson) writes: > Hey List! > > Anyone know of a tool that can take a pcap file from wireshark that was used > to collect dns queries and then spit out statistics about the queries such as > RTT and timeouts? I don't know if DSC does this, but check it out: ht

Article on spammers and their infrastructure

http://threatpost.com/en_us/blogs/attackers-buying-own-data-centers-botnets-spam-122109 It this something new ? The article seems to mix various issues together. And this would seem highly inefficient to me compared to traditional botnets (renting your own rack for a botnet doesn't really make se

Re: ip address management

Andy Davidson (andy) writes: > > It looks like the lack of ipv6 support in ipplan is partly due to > the maintainer not wanting to support it, so we might be tempted to > (if the license permits) It's GPL... So for away :) Also, you might want to look at TIPP: http://ti

Re: ip address management

Phil Regnauld (regnauld) writes: > > Future of TIPP > > - import/export from/to CSV; > - IP availability checks (pinging); > - editing ranges of IP addresses at once; > - plugin architecture for better integration with the existing systems; > - IPv6 support;

Re: ip address management

Nick Hilliard (nick) writes: > > There is a FAQ entry for ipv6 support in ipplan: > > > One feature request that comes up from time to time is IPv6. Adding IPv6 > > support will require major effort but has such a limited audience. > > Ironically the only people that ever requested IPv6 support a

Re: ip address management

Mark Scholten (mark) writes: > Hello, > > I am also working on creating a IP address management tool (including > changing rDNS), of course it should work with IPv4 and IPv6. If someone is > interested in it, please mail me (so I know I have to inform him/her when I > release it). If there are cer

Re: Ticket/Asset Managment system

Brandon Grant (brandon) writes: > I am currently evaluating my options for an open source trouble ticket > management system that is based on assets (the trouble ticket is opened > on a particular server, network element, etc.). Hi Brandon, Maybe RT (already mentioned) could do th

  1   2   >