Ha!
The first warning sign would be where they discuss your AUP and
exceptions / corner cases to it
Or
'we just need a /24, we are doing e-mail services and we can assure
you its all good'
...
Bye, Raymond
better.
Posting on list since i hope, just like we tell people to implement bcp38, more
people will look into cleaning things at the far beginning of the chain.
If you want to make the world a better place i think
Thanks,
Raymond Dijkxhoorn
(You can find more about it on the e-hawk site (www
Hello Ben,
Is anyone else seeing connectivity issues along the east coast? Our pipe
through HE in NYC is showing loss to things behind most of Level3, and
Qwest below Washington.
*Ben Hatton*
Network Engineer
Haefele TV Inc.
d:(607)589-8000
bhat...@htva.net
www.htva.net
We see the same,
Hi!
That's fine, but the listings don't even make sense. There is no
evidence in the listing and i'm still trying to figure out a) why they
think that these new listings have anything to do with the ones we
already cleaned and b) which customers actually need to be removed and
for specifically w
Hi!
1) The sites were already null routed. The problem is with Spamhaus'
inability to contact me prior to impacting other legitimate customers.
Null routed?
Its up!
[root@master tmp]# host www.viagra-shopping.com
www.viagra-shopping.com has address 208.64.127.78
viagra-shopping .com
po
Hi!
That is not in our IP space. These are the only SBL's we have outstanding:
SBL101835
208.64.127.64/27blacklotus.net
17-Jan-2011 14:44 GMT
Drug spam domain hosting
SBL101662
208.64.123.176/28 blacklotus.net
14-Jan-2011 10:31 GMT
Drug spam domain hosting
208.64.120.186 cana
Hi!
208.64.120.186 canadian-rx-store.org
That is not in our IP space.
http://whois.arin.net/rest/nets;q=208.64.120.186?showDetails=true&showARIN=false
If they claim its not theirs lets ask ARIN to revoke the space.
Bye,
Raymond.
Hi!
Spam does not make me nervous, it's a practical matter that we will
address in due course. The null routes we have set are pretty recent
so you may have received some spam prior to that time but I absolutely
guarantee you that it did not come from our network, otherwise we
would have detecte
Hi!
Actually, that was just a brain lapse. The domain didn't resolve at
all (misspelled?) and it returned the Cox default resolution.
Instead of looking at typo's or misspelled stuff, can you null route the
rest of the abuse reports that came in? Or should we get it added on the
SBL listing
Hi!
We've acted on every report that we're aware of and instead you want
to play pharmacy domain scavenger hunt. This domain at 208.64.120.197
redirects to IP space we already null routed. It's the same customer.
Either you place strange nullroutes or you did not at all.
[root@mi10 tmp]# wget
Hi!
I fat fingered the netmask, try now.
HTTP request sent, awaiting response...
1 HTTP/1.1 301 Moved Permanently
2 Cache-Control: private
3 Content-Length: 0
4 Location: http://www.vertrouwdeapotheek.nl/Home.aspx
5 Server: Microsoft-IIS/7.0
6 X-AspNet-Version: 4.0.30319
7 X-Powered-By
Hi!
Unless you guys can help find some more related IP space I think the
issue has been solved.
You are not able to even shutdown one thats mentioned. You keep telling
us its down and null routed. Its simply not. Its alive and kicking. Bullet
proof hosting rocks doesnt it?
This is now:
[r
Hi!
I do not take you for a fool, the assignment is legitimately null
routed. My traceroutes are dropping at my home ISP.
I call bollocks. It's alive and kicking via BGP here.
edge1.lax01# show ip bgp 208.64.120.197/32
BGP routing table entry for 208.64.120.0/24, version 2014041464
Paths: (
Hello Jimmy,
I'm still seeing this behavior, which is causing a good amount of
Teredo-based connectivity to fail. The relay appears to be
miredo.surfnet.nl - any chance someone on the list is from SURFNet and
could take a look?
If you can send me offlist some traces i can check for you.
Th
Hi!
I'm still seeing this behavior, which is causing a good amount of
Teredo-based connectivity to fail. The relay appears to be
miredo.surfnet.nl - any chance someone on the list is from SURFNet and
could take a look?
If you can send me offlist some traces i can check for you.
This path
Hi!
anyone else getting a route for 212.118.142.0/24 with invalid
attributes? Seems this is (again) causing problems with some (older)
routers/software.
Announcement bits (4): 0-KRT 3-KRT 5-Resolve tree 1
6-Resolve tree 2
AS path: 6453 39386 25019 I Unrecognized Att
Hi!
Takes our HE tunnel to get out. Were also Native with Cogent (Not that it
gets us anything..)
No dice.
Native also no luck here (from .nl) :
[root@ipv6proxy ~]# traceroute6 www.charter.com
traceroute to www.charter.com (2607:f428:3:1:80:80:80:1), 30 hops max, 80
byte packets
1 2a00:d
isnt licated
there does that mean its bad? You need to know much more. If your customers are
local there its even prefered.
Its never that black/white ...its depending on your needs!
Thanks,
Raymond Dijkxhoorn, Prolocation
Op 19 okt. 2011 om 08:46 heeft "Nathanael C. Cariaga"
Hi!
You wont see those local peerings unless all those providers have looking
glasses. So thats not gonna work out in this case. You will only see who they
transit with...
Thanks,
Raymond Dijkxhoorn, Prolocation
Op 19 okt. 2011 om 09:21 heeft "Nathanael C. Cariaga"
het volgende
Hi!
Ok. Thanks for the information :) So that would mean that to answer my
question, I would need to determine the web hosting provider who has the most
number of peers and most number of transit providers?
You wont see those local peerings unless all those providers have looking
glasses. S
Hai!
Check with lft or mtr ...
Thanks,
Raymond Dijkxhoorn, Prolocation
Op 7 dec. 2011 om 20:56 heeft "Meftah Tayeb" het
volgende geschreven:
> please tel me how to ?
> i don't know astraceroute:)
>
> - Original Message - From: "Steven Bellovin&quo
Hi!
Using LFT:
root@debian:~# lft 8.8.8.8
traceroute to 8.8.8.8 (8.8.8.8), 30 hops max, 60 byte packets
1 172.28.1.1 (172.28.1.1) 0.798 ms 0.711 ms
2 10.16.0.2 (10.16.0.2) 0.414 ms 0.331 ms
3 41.200.16.1 (41.200.16.1) 11.400 ms 11.474 ms
4 172.17.2.25 (172.17.2.25) 10.184 ms 11.322 m
Hi!
I believe Akamai,
LLNW, & L3 are the only companies that stream movies for Netflix. Peer with
the CDNs to save your transit.
That would be good if more than one of those CDNs peered openly.
So what one doesnt?
Akamai will peer with you anywhere and i doubt LLNW will give you trouble.
Hi!
But I was wondering if a more permanent solution for these resolvers exist.
74.82.42.42 2373 msec
2001:470:20::2 2592 msec
The google DNS server I'm using is doing swimmingly so far, OpenDNS seems ok
too.
2001:4860:4860::8844 16 msec
[root@ipv6proxy ~]# ping 74.82.42.42
PING
Hi!
So please stop responding with ping response times already :-)
No, pfSense does not set these per default, they are in wide use
because these are part of the Google DNS whitelist for V6 records.
And a similar mistake I see others respond too as well, this is another
domain with just a I
Hi!
This was mailed to many ISP's the last days.
Bye,
Raymond.
I know this tactic isn't exactly new .. just thought I'd pass this along.
Text below is exact with exception of our ARIN information and ranges
(which any of you could figure out anyway).
Cheers,
Michael Holstein
Cleveland State
Jason,
In preparation for the World IPv6 Launch, inbound (SMTP) email to the
comcast.net domain was IPv6-enabled today, June 5, 2012, at 9:34 UTC.
Roughly one minute later, at 9:35:30 UTC we received our first
inbound email over IPv6 from 2001:4ba0:fff4:1c::2. That first bit of mail
was spam, an
Hi!
In preparation for the World IPv6 Launch, inbound (SMTP) email to the
comcast.net domain was IPv6-enabled today, June 5, 2012, at 9:34 UTC.
Roughly one minute later, at 9:35:30 UTC we received our first
inbound email over IPv6 from 2001:4ba0:fff4:1c::2. That first bit of mail
was spam, and w
Hi! Seth,
In the past several hours we have of course seen other messages from a
range of hosts, many of which were legitimate email so it wasn't just
spam! ;-)
Since the Internet is of course more than just the web, we encourage
others to start making non-HTTP services available via IPv6 as
Hi!
Drive Slow
Paul
Not very well if you have a modern box (RHES/CentOS 6) and Java apps running
on them. RHES/CentOS 5 merrily ignored it. Worse, just bouncing the Java
stack didn't fix it, it required the box to be rebooted. A sizeable number
of annoyed sysadmins tweeting about it this
Hi!
The cache needs to be big enough that it has a thrashy bit that is
getting changed all the time. Those are the records that go into the
cache and then die without being queried again. If the problem is
that there's some other record in there that might be queried again,
but that doesn't ge
Hai Marco,
Same in NL so most likely bigger then Italy alone.
Thanks,
Raymond Dijkxhoorn, Prolocation
> Op 28 sep. 2015 om 22:35 heeft Marco Paesani het volgende
> geschreven:
>
> Hi,
> some issues from FB network ??
> Do you have some info ?
> Regards,
>
> --
Hai!
whois.conf-compatible format
What uses whois.conf? Not the whois on my FreeBSD or Mac.
Or you can just use this shell script:
#!/bin/bash
WHOISHOST=${1##*.}.ws.sp.am
exec whois -h $WHOISHOST $*
I just a slightly different one but still my fav one... jwhois
Has a whois.conf style l
working fine, but of course Brighthouse doesn't
> offer that lol.
>
> Anyone seeing the same?
>
> David
Yes. See also another thread here:
http://mailman.nanog.org/pipermail/nanog/2015-June/076189.html
Thanks,
Raymond Dijkxhoorn - Prolication
Hai!
Wouw! This is what they came up with?!
Hopefully Level3 will take appropriate measures. Its amazing. Really.
'Some internationally routes'
Have they any idea what they did at all?
Its amazing that with parties like that the internet still works as is ...
Thanks,
Raymond
t globally.
Thanks,
Raymond Dijkxhoorn
> Op 14 jun. 2015 om 23:04 heeft Mark Tinka het volgende
> geschreven:
>
>
>
>> On 14/Jun/15 22:55, Raymond Dijkxhoorn wrote:
>> Hai!
>>
>> Wouw! This is what they came up with?!
>>
>> Hopefully Le
Hello Mel,
Must just be me then.
I was most likely expecting a more in depth report. Strange things happened.
Perhaps they could post a 'what exactly happened' since this wasnt a average
route leak.
Thanks,
Raymond Dijkxhoorn
> Op 14 jun. 2015 om 23:27 heeft Mel Beckman
Hai!
Extreme supports route compression since several years. I hope other vendors
will also start doing this.
Thanks,
Raymond Dijkxhoorn, Prolocation
Op 22 jun. 2013 om 15:11 heeft Daniel Suchy het volgende
geschreven:
> On 06/22/2013 12:27 AM, Jakob Heitz wrote:
>>> Date: Fri,
Hi!
We just got Cyclops alerts showing several of our prefixes sourced from
AS23474 propagating through AS4134. Anyone else?
aut-num: AS23724
as-name: CHINANET-IDC-BJ-AP
descr:IDC, China Telecommunications Corporation
country: CN
aut-num: AS4134
as-name: CHINA
Hi!
- do ISPs typically use token bucket filters with large bursts to shape traffic?
- what kind of burst sizes and latencies/limits are typically used for
the filter?
You will definitely have to account for latency.
For emulating cable traffic, latencies (in the USA) will be about
60-80ms t
Hi!
Either you're looking only at the loop contribution, or you're in the
SF bay area and nearly every "typical site" is available locally.
Here in the relatively backwater Seattle suburbs, unless it's served
by Microsoft or a content distribution network, there are substantial
latencies to typi
Hi!
Cringely has a theory and it involves Google and Verizon,
but it doesn't involve net neutrality:
http://www.nytimes.com/2010/08/08/opinion/08cringeley.html?_r=2
Woow this is fantactic news. Oh wait. Didnt Akamai invent this years ago?
Bye,
Raymond.
Hi!
btw, considering that you appearantly run a larger network than the 3
networks we own and operate, willing to sell? :P
That would be rarther funny Sven, you buying IBM. Sweet dreams.
Bye,
Raymond.
Hi!
I think you blame the wrong people. The vendor should make sure that
their implementation does not violate the very basics of the BGP
protocol.
The curious thing here is that the peer that resets the session, as
required by the spec, causes the actual damage (the session reset),
and not t
Hi!
Cisco posts their advisories to the NANOG list.
'The vulnerability manifests itself when a BGP peer announces a prefix
with a specific, valid but unrecognized transitive attribute. On
receipt of this prefix, the Cisco IOS XR device will corrupt the
attribute before sending it to the neigh
Hi!
Yes, i can get sample of configuration via Google search.
but i am looking for best practices and from experience people.
Then post your suggested config and ask for comments.
Bye,
Raymond.
Hi!
Yes, i can get sample of configuration via Google search.
but i am looking for best practices and from experience people.
Then post your suggested config and ask for comments.
...on a suitable list, dedicated to Cisco gear..
Sorry, yes. :-) Plenty of Cisco lists there to answer 'ques
Hi!
Should have said "And, they have no plans to deploy IPv6 in the immediate
future."
:)
"Cogent's official stance on IPv6 is that we will deploy IPv6 when it
becomes a commercial necessity. We have tested IPv6 and we have our plan
for rolling it out, but there are no commercial drivers to
Hi!
"Cogent's official stance on IPv6 is that we will deploy IPv6 when it
becomes a commercial necessity. We have tested IPv6 and we have our
plan
for rolling it out, but there are no commercial drivers to spend money
to upgrade a network to IPv6 for no real return on investment."
Thats stran
Hi!
Both containing prefixes that should not be announced on the internet,
but often used by spammers trying to deliver their content.
When did you experience this last time, this is not what we see on
various antispam projects.
So if you have new information, please share, we didnt see bog
Hi!
Sounds great but who cover the costs?
If done right, such a treaty here in the US and elsewhere thing would be a
major win for the Internet.
The ISP's will pick up the costs. A cleaner customer base is also a win
for them.
First implementations wont be next week however but the sta
Hi!
A major reason ISPs are hesitant to take deliberate measures against such
systems is that they are afraid that disconnecting users and making them
spend time and money cleaning up their systems will only drive them into the
hands of competitors. And the support process itself is expensive,
Hi!
I like to use ntop (from ntop.org) for this, along with MRTG. Others prefer
cacti. I found MRTG easier to setup. It comes down to personal preference.
MRTG provides graphs of usage, but I'm not aware of it providing a monthly
total usage (or 95% or other) in report form (though would be h
Hi!
Been trying to get someone from [EMAIL PROTECTED] to get back to me but haven't
had any luck. Anyone?
If you have someone responding. we have created accounts there for a
couple of our customers, but still are read only level. Not really handu
if you ask people on peeringforum.eu to joi
Hi!
That's not true, as not all our prefixes were hijacked nor leaked,
since they were originating them. If they were leaking them you might
be able to see further AS's on the AS-PATH, incluiding the legitimate
AS for originating those prefixes.
We have seen issues like this also when a cus
Hi!
94.46.0.0/16
194.88.142.0/23
194.11.23.0/24
82.102.0.0/18
195.246.238.0/23
194.107.127.0/24
81.92.192.0/19
193.227.238.0/23
We are trying to contact them in order to get some feedback, and some good
explanation for this.
The obviously were leaking full routing, are we all gonna annno
Hi!
We were hijacked aswell, by 27664 16735
Our affected prefixes were:
94.46.0.0/16
194.88.142.0/23
194.11.23.0/24
82.102.0.0/18
195.246.238.0/23
194.107.127.0/24
81.92.192.0/19
193.227.238.0/23
We are trying to contact them in order to get some feedback, and some good
explanation for this.
Hi!
networks with visitors have shown a serious problem with rouge RAs
Does that get better with RAs from the good routers turned off?
Aria Stewart
aredri...@nbtsc.org
Is there something like RA filtering on switches yet, so end users can be
filtered? Just like the dhcp stuff thats availa
Hi!
Some days ago, a BGP issue was announced about "IP hijacking".
OK, we understand that this is some "new" because the traffic is also sent
back to the "real owner" of the block.
Traffic will walk the shotest path, so you can never tell its the 'real'
owner that will receive this traffic.
Hi!
Thanks to the efforts of the people on this list, you've known
Estdomains/Esthost was bad news for several weeks or more.
[EMAIL PROTECTED] ~]# dig estdomains.com
; <<>> DiG 9.5.0-P2 <<>> estdomains.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOE
Hi!
Anyone know of a tool that can take a pcap file from wireshark that was
used to collect dns queries and then spit out statistics about the
queries such as RTT and timeouts?
It just so happens there is a tool aptly named DNS Analyzer by NLnet Labs.
I used it a while back but if I recall yo
Hi!
RBLs are neither authorised (EU privacy laws anyone?), nor the appointed
authority to keep databases on "whats static or not". RIRs -are-, if
anyone should maintain a database on such things, i'd be the rirs
(which they have, it's called "whois", it just lacks a field that
indicates the type
Hi!
thing is that it's illegal to maintain a database with "personal details"
which ip addresses according to various german courts are (don't ask..
mmk? ;) ofcourse we all know ip addresses identify nodes on a network, not
persons, but the germans seem to mainain a different view on this,
despi
Hi!
Are this Blacklistservers since x-mas down. We receive in the last days many
errors from this servers...
Exemple enclosed Anonymsed.
Greeting
Xaver
Dec 31 10:12:37 linux-1ij2 named[14306]: too many timeouts resolving
'XXX.cn-kr.blackholes.us/A' (in 'cn-kr.blackholes.us'?): disabling EDNS
Hi!
I have try to check BGP traffic behaviors related to recent VISPA ISP DDOS.
For this task I have using BGplay and I need feedback about my analysis. If
you are interested check
http://extraexploit.blogspot.com/2010/01/trying-to-analyze-vispa-isp-outage_08.html
Thank you for your attention.
Hi!
I am wondering if anyone has implemented the failover features of ISC
DHCP? And if so, how successful has failover been in your environment?
We run it on various locations and this works pretty well.
Student dormitory's, and so on.
Bye,
Raymond.
Hi!
would someone at SIXXS please contact me off-list regarding an account
issue?
Contact
The main contact address for SixXS is i...@sixxs.net, which is the sole
email address one should use to contact SixXS. Non-English, impolite,
clueless, UCE and HTML email gets discarded automatically. T
Hi!
If, for any reason, you want to opt out from us using your ASN
for our experiments, you can do so in the following form before May 9:
https://forms.gle/ZvZaodndPhCqMvR89
If I am interpreting this correctly that you are just going to yolo a
bunch of random ASNs to poison paths with
Hi!
> If I am interpreting this correctly that you are just going to yolo a
> bunch of random ASNs to poison paths with, perhaps you should consider
> getting explicit permission for the ASNs you want to use instead.
>
> A lot of operators monitor the DFZ for prefixes with their ASN in the
> pa
69 matches
Mail list logo
