Re: NAT66 was Re: using "reserved" IPv6 space

On Mon, 16 Jul 2012 21:31:42 -0700, Owen DeLong said: > Think HA pairs in Pittsburgh, Dallas, and San Jose. > > Now imagine each has different upstream connectivity and the backbone > network connecting all the corporate sites lives inside those firewalls. > > The real solution to this is to move t

Re: Managing free pairs to prevent DSL sync. loss

On Tue, 17 Jul 2012 09:15:59 -0500, "John Souvestre" said: > Have you considered grounding one end (or both) of the free pairs? Perhaps > this would reduce the amount of noise they pick up. Grounding both ends will probably result in "hilarity ensues". And I suspect that Anurag can't ground th

Re: Managing free pairs to prevent DSL sync. loss

On Tue, 17 Jul 2012 10:16:17 -0500, "John Souvestre" said: > Yes, but would this result in more or less noise than an open end acting > like an antenna? And would the ground loop noise be in the DSL spectrum? No, it will be strictly a DC current, with the amperage easily calculated from the volta

Re: using "reserved" IPv6 space

On Wed, 18 Jul 2012 10:04:05 +0300, Saku Ytti said: > However I'm not sure what would be good seed? ISO3166 alpha2 + > domestic_business_id + 0..n (for nth block you needed) You want to roll in at some entropy by adding in the current date or something, so two "Joes' Burritos and Internet" in 2 d

Re: using "reserved" IPv6 space

On Thu, 19 Jul 2012 07:40:31 -0700, Cameron Byrne said: > 3. Most FUD around ULA comes from an over-reaction to ipv4 NAT sins, > misunderstandings about how security policy works in the real world , and > deficiencies in mathmatical education. I'll add on that said security policies are *themselv

Re: using "reserved" IPv6 space

On Wed, 18 Jul 2012 21:07:35 +0300, Saku Ytti said: > If collision occurs, if dispute occurs, provability that one party did not > use BCP method can be useful to solve dispute and decide who renumbers. Looking at actual numbers out of RFC4193: The following table shows the probability of a c

Re: Weekly Routing Table Report

On Sat, 21 Jul 2012 05:10:41 +1000, Routing Analysis Role Account said: > This is an automated weekly mailing describing the state of the Internet > Routing Table as seen from APNIC's router in Japan. > BGP routing table entries examined: 418048 So, whatever happened

Re: Weekly Routing Table Report

On Fri, 20 Jul 2012 16:16:59 -0400, "Patrick W. Gilmore" said: > On Jul 20, 2012, at 16:10 , Darius Jahandarie wrote: > > On Fri, Jul 20, 2012 at 4:04 PM, wrote: > >> So, whatever happened to that whole "the internet will catch fire when > >> we get to 280K routing table entries" or whatever it

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

On Mon, 30 Jul 2012 21:04:36 +0200, Panashe Flack said: > list for continued activity. And just for reference - have you guys > SEEN the "Linux Kernel Mailing List"? - it gets frequent spam posts > and yet is perfectly able to ignore the spam/irrelevant posts and > continue on its remit. For those

Re: Is Hotmail in the habit of ignoring MX records?

On Mon, 30 Jul 2012 10:07:37 -1000, William Herrin said: > If you can reference where in the SMTP RFC it offers an authoritative > explanation what to do when merging results from various naming > systems where one but not all of the naming systems has generated an > error then let's read it. RFC

Re: DOCSIS 3.0 & PPPoE/L2TP compatibility

On Mon, 30 Jul 2012 09:33:51 -0300, iptech said: > 3.0 compliant setup, and this standard no longer supports PPPoE via > L2TP, and can now only offer PPTP for terminating with us. "Hi ISP, meet Moxie Marlinspike. Moxie, meet ISP. I think you two have something to discuss..." pgpKWNX0Eea1l.pgp

Re: Update from the NANOG Communications Committee regarding recent off-topic posts

On Thu, 02 Aug 2012 16:25:56 -0400, Robert Drake said: > Percentages: 5804/54166=1% of posts from low contributors. I suspect you fat-fingered something - I get 10.7%, not 1%, for that calculation... pgpGDidhtOsTj.pgp Description: PGP signature

Re: US House to ITU: Hands off the Internet

On Fri, 03 Aug 2012 14:06:19 -0400, "Patrick W. Gilmore" said: > The vote was unanimous: 414-0 > > Unanimous? I didn't think this congress could agree the earth is round > unanimously. And in fact, they didn't - there's 435 Representatives. pgpJqcuqtLEFV.pgp Description: PGP signature

Re: BGPttH. Neustar can do it, why can't we?

On Mon, 06 Aug 2012 15:55:19 -0700, Owen DeLong said: > That would allow a zeroconf BGP-enabled router in relatively small hardware > accepting a default route t OK Owen, I'll bite - what are the chances that a zeroconf router will accept the *wrong* default route? If you're trying to do the "Us

Re: raging bulls

On Wed, 08 Aug 2012 09:08:27 -0500, Brett Frankenberger said: > What it's about is allowing traders to arbitrage between markets. When > product A is traded in, say, London, and product B is traded in New > York, and their prices are correlated, you can make money if your > program running in NY

Re: Anyone can suggest a good and reliable VPS provider in India ?

On Fri, 10 Aug 2012 17:14:22 +0100, fc lists said: > The only requirements i have is that the VPS should be close enough to > MUMBAI (don't have an ISP there yet so can't really say "close to what" ) > and that their are reliable from a network point of view. Is hosting in another country that is

Re: Testing 1gbps bandwidth

On Tue, 14 Aug 2012 15:32:47 +0400, Luqman Kondeth said: > Is anyone aware of any public IPerf servers in the middle east or close > by?(Europe) or anywhere that can do udp?. I have a 1gbps Internet link > which I've been asked to show that it has 1gbps download speeds. First thing that comes to m

Re: Testing 1gbps bandwidth

On Tue, 14 Aug 2012 16:05:55 +0400, Luqman Kondeth said: > No, I don't want to test just the link. I want to make sure the path in my > ISP also has enough backplane bandwidth and isn't using some old sup32 > and thereby throttling traffic Still the same problem - if there's a bottleneck upstream

Re: DNS Changer items

On Wed, 15 Aug 2012 11:51:32 -0400, Randy Whitney said: > Perhaps it should not have been re-allocated at all, rather than cause > the unsuspecting allocatee trouble they would not have seen from > clean(er) space. "unsuspecting"??!? You want a clean prefix, get some IPv6 space instead. Anybody

Re: DNS caches that support partitioning ?

On Fri, 17 Aug 2012 15:32:11 -0400, Andrew Sullivan said: > On Fri, Aug 17, 2012 at 04:13:09PM -, John Levine wrote: > > The application I have in mind is to see if it helps to keep DNSBL > > traffic, which caches poorly, from pushing other stuff out of the > > cache, but there are doubtless ot

[no subject]

On Tue, 21 Aug 2012 17:11:49 -0500, Grant Ridder said: > I love spam from Honduras. I am hoping that someone is going to kick this > email from the members list. I'm hoping for something a tad more drastic. The bozo has an upstream, and this is NANOG. :) pgptOTAFjVT43.pgp Description: PGP signa

Re: Fair Use Policy

On Wed, 22 Aug 2012 17:17:14 -0400, Sean Harlow said: > Wired internet providers should not even be thinking about caps below the 250 > GB/mo point. Neither of these example speeds can even reach that level, so if > you feel the need to cap you are doing it wrong and should rethink your > business

Re: 172.0.0.0/12 has been Allocated

On Thu, 23 Aug 2012 00:29:22 -0500, "Otis L. Surratt, Jr." said: > Can you provide a link to support this? > If this is true, I wonder how this will work. > 172.0.0.0-172.15.255.255 was allocated on 2012-08-20 to AT&T Internet > Services. Why shouldn't it work? RFC1918 space is 172.16/12, there'

Re: Asia's Fastest Communications Cable Comes Online

On Fri, 24 Aug 2012 04:25:26 -0400, Joly MacFie said: > "The gain may sound small, but could prove critical to financial trades > made out of the region," according to the report. If you can use 3ms to extract enough money out of the market to pay for a cable, that market is *way* too volatile in

Re: Bizarre (.bz) abuse report - are we alone?

On Sun, 26 Aug 2012 19:35:54 -0700, Jay Hennigan said: > On 8/25/12 3:29 PM, no-re...@abuse.bz wrote: > > We have noticed illegal activity from [redacted] aimed at one of our > > servers. > > Please disable these brute force attempts, port scans and/or neighbour > > scanning technologies. I have

Re: Color vision for network techs

On Fri, 31 Aug 2012 11:27:28 -0700, JC Dill said: > So if you DO decide to test for color vision, make sure you know your > rights and responsibilities for handling any employee or applicant who > fails the test. There's something to be said for doing the test anyhow, and being prepared to deploy

Re: Blocking MX query

On Wed, 05 Sep 2012 09:29:49 +0900, Masataka Ohta said: > Suresh Ramasubramanian wrote: > > > Have your desktop MTA configured to relay through your smarthost with smtp > > auth? Howtos for doing this on sendmail, qmail, postfix etc are over a > > decade old now. > > What if, your home is also beh

Re: The End-To-End Internet (was Re: Blocking MX query)

On 05 Sep 2012 23:07:07 -, "John Levine" said: > Not really. Large mail system like Gmail and Yahoo have a pretty good > map of the IPv4 address space. If you're sending from a residential > DSL or cable modem range, they'll likely reject any mail you send > directly no matter what you do. W

Re: The End-To-End Internet (was Re: Blocking MX query)

On Thu, 06 Sep 2012 13:08:29 +0900, Masataka Ohta said: > The end to end transparency can be restored easily, if an > administrator wishes so, with UPnP capable NAT and modified > host transport layer. How does the *second* host behind the NAT that wants to use global port 7719 do it? pgpgNE8JD

Re: The End-To-End Internet (was Re: Blocking MX query)

On Thu, 06 Sep 2012 11:14:58 -0400, Andrew Sullivan said: > Despite my scepticism of the overall project, I find the above claim a > little hard to accept. RFC 2052, which defined SRV in an > experiment, came out in 1996. SRV was moved to the standards track in > 2000. I've never heard an argum

Re: The End-To-End Internet (was Re: Blocking MX query)

On Fri, 07 Sep 2012 08:30:12 +1000, Mark Andrews said: > In message <85250.1346959...@turing-police.cc.vt.edu>, > valdis.kletni...@vt.edu writes: > > My PS3 may want to talk to the world, but I have no control over Comcast's > > DNS. > > What point are you trying to make? Comcast's servers suppo

Re: The End-To-End Internet (was Re: Blocking MX query)

On Fri, 07 Sep 2012 16:01:10 +1000, Mark Andrews said: > There is NOTHING stopping Sony adding code to the PS3 to perform > dynamic updates to add the records. We have a well established > protocol to do this securely. 100's of millions of records get > updated daily using this protocol in the c

Re: time-b.netgear.com/time-c.netgear.com dns queries

On Fri, 07 Sep 2012 20:44:44 -0400, Basil Baby said: > Hmm... Even though similar issue was identified in 2003, looks like still > there are devices in market with those old firmwares or similar > behavior. sheesh !! :( A long long time ago in a network far far away, one of our campus NTP servers

Re: The End-To-End Internet (was Re: Blocking MX query)

On Tue, 11 Sep 2012 05:51:53 +0900, Masataka Ohta said: > Anything written in RFC1796 should be ignored, because RFC1796, an > informational, not standard track, RFC, states so. On the other hand, if you're relying on the fact that 1796 is informational in order to ignore it, then you're followin

Re: IPv6 Ignorance

On Tue, 18 Sep 2012 02:35:43 -0400, William Herrin said: > Then we need 32 bits to overlay the customer's IPv4 address for > convenience within our 6RD network. Well yeah. You blow 32 bits for silly reasons, you run out of bits. Film at 11. pgpvFDJ2NdnzN.pgp Description: PGP signature

Re: IPv6 Ignorance

On Tue, 18 Sep 2012 18:18:28 -0400, William Herrin said: > In http://lists.arin.net/pipermail/arin-ppml/2010-September/018180.html > I complained about mapping the full 32-bits of IPv4 address into an > IPv6 prefix. You responded, "You say that like it's somehow a bad > thing," and "I'm simply not

Re: Big Temporary Networks

On Thu, 20 Sep 2012 06:54:35 +0900, Masataka Ohta said: > Sean Harlow wrote: > > >> As I already stated, DHCP discover/request from STA to AP is > >> unicast. > > > > This didn't sound right, so I decided to test. > > Your test is invalid. You forgot to include a .jpg of Darth Vader playing bagpip

Re: The Department of Work and Pensions, UK has an entire /8

On Wed, 19 Sep 2012 18:36:08 -0400, Joe Maimon said: > So 6-8 years to try and rehabilitate 240/4 was not even enough to try? 6 years of work to accomplish something that would only buy us 16 /8s, which would be maybe 2 year's supply, instead of actually deploying IPv6. And at the end of the 2 ye

Re: The Department of Work and Pensions, UK has an entire /8 nanog@nanog.org

On Wed, 19 Sep 2012 18:46:54 -0700, Jo Rhett said: > You're all missing the point in grand style. Given that the entire thread is based on somebody who missed the point in totally grand style and managed to get press coverage of said missing the point, I am starting to suspect that several people

Re: The Department of Work and Pensions, UK has an entire /8

On Thu, 20 Sep 2012 00:21:45 -0400, Joe Maimon said: > Why is this cast as a boolean choice? And how has the getting on with > IPv6 deployment been working out? 60% of our traffic is IPv6 now. Working out pretty good for us. pgpcdxf9LHhzh.pgp Description: PGP signature

Re: Throw me a IPv6 bone (sort of was IPv6 ignorance)

On Fri, 21 Sep 2012 15:42:20 -0400, Mark Radabaugh said: > Running dual stack to residential consumers still has huge issues with > CPE. It's not an environment where we have control over the router the > customer picks up at Walmart. There is really very little point in > spending a lot of res

Re: Throw me a IPv6 bone (sort of was IPv6 ignorance)

On Fri, 21 Sep 2012 19:22:18 -0400, TJ said: > > Running dual stack to residential consumers still has huge issues with > CPE. It's not an environment where we have control over the router the > customer picks up at Walmart. There is really very little point in > spending a lot of resources on s

Re: POLL: 802.1x deployment

On Wed, 26 Sep 2012 00:37:38 +0200, Carsten Bormann said: > The entirety of eduroam is on 802.1X (better known as WPA Enterprise). > That must be an 8-digit number of users. > If you need a list of sites, start with http://en.wikipedia.org/wiki/Eduroam However, that would be more a confederation

Re: guys != gender neutral

On Fri, 28 Sep 2012 07:43:21 -0400, Miles Fidelman said: > Given that this thread started out as a query re. a "really nasty > attack," and resulted in: > 5 on-topic responses (2 of which also commented on "guys") > >20 responses re. "guys" (I stopped counting) > It occurs to me that maybe "morons

Re: guys != gender neutral

On Fri, 28 Sep 2012 07:18:54 -0700, Owen DeLong said: > > On Sep 28, 2012, at 3:29 AM, Randy Bush wrote: > > >> "Folks"? I really do mean "folks" when I write "guys", > > > > > > > > folk is the plural > > > > and, as far as the use of gender-biased terms, as someone said well the > > other day,

Re: RFC becomes Visio

On Fri, 28 Sep 2012 14:29:50 -0400, Randy Carpenter said: > Just make sure to name the scanned file VisioDi~1_vsd.png, and maybe they > won't notice. That's eeevil. ;) pgpekRqJeA2WL.pgp Description: PGP signature

Re: IPv4 address length technical design

On Wed, 03 Oct 2012 15:44:16 -0400, "Tony Patti" said: > > Perhaps worth noting (for the archives) that a significant part of the early > ARPAnet was DECsystem-10's with 36-bit words. And the -10s and -20s were the major reason RFCs refer to octets rather than bytes, as they had a rather slippery

Re: IPv4 address length technical design

On Wed, 03 Oct 2012 17:49:56 -0500, Jimmy Hess said: > (1) Stopped mixing the Host identification and the Network > identification into the same bit field; instead every packet gets a > source network address, destination network address, AND an > additional tuple of Source host a

Re: IPv4 address length technical design

On Thu, 04 Oct 2012 09:57:34, Johnny Eriksson said: > valdis.kletni...@vt.edu wrote: > > > And the -10s and -20s were the major reason RFCs refer to octets > > rather than bytes, as they had a rather slippery notion of "byte" > > (anywhere from 6 to 9 bits, often multiple sizes used *in the > > sam

Re: max-prefix and platform tcam limits: they are things

On Fri, 05 Oct 2012 21:05:07 -0300, jim deleskie said: > But here goes, 210x the size of normal really? 210% I'd have a hard > time believing. Did anyone else anywhere see a route leak equal to > larger then the entire Internet that day, anywhere else that could of > caused this? If the device w

Re: Typical additional latency for CGN?

On Sun, 07 Oct 2012 16:47:18 -0400, Tom Limoncelli said: > Have there been studies on how much latency CGN adds to a typical > internet user? I'd also be interested in anecdotes. Should we include the time spent talking to the help desk trying to resolve double-NAT'ing issues in the latency? p

Re: best way to create entropy?

On Thu, 11 Oct 2012 19:20:02 -0500, Jimmy Hess said: > You could setup a video capture card or radio tuner card, tune it into > a good noise source Finally, a good use for political talk radio. :) pgpGRW6vGgt7E.pgp Description: PGP signature

Re: Detection of Rogue Access Points

On Mon, 15 Oct 2012 13:11:00 +1100, Karl Auer said: > No-one has said this yet, so I will - why are people working around your > normal network policies? This is often a sign of something lacking that > people need in their daily work. You can often reduce this sort of > "innocent thievery" down t

Re: Internet-wide port scans

On Tue, 16 Oct 2012 08:48:47 -0400, Darius Jahandarie said: > On Tue, Oct 16, 2012 at 12:57 AM, Scott Weeks wrote: > > Want to re-write that section or should I respond now? ;-) > > I always thought it wasn't allowed because of 18 USC 2701, but > IINAL, would be happy to hear otherwise :) If a

Re: Internet-wide port scans

On Tue, 16 Oct 2012 11:38:52 -0400, Darius Jahandarie said: > In particular, my understanding was that since you're sending a SYN, > it could very well initiate access to stored communications (although What 18 USC 2701 actually says, courtesy of www.law.cornell.edu: "Offense. - Except as provid

Re: IOS architecture

On Sat, 27 Oct 2012 11:16:10 +0100, "Darren O'Connor" said: > All vendors should be writing in depth architecture books. The Juniper MX > book is a great example. Tell us exactly what your product can do and we'll > likely use more of it On the flip side, if you document what your product is prob

Re: IPv6 Netowrk Device Numbering BP

On Thu, 01 Nov 2012 14:28:48 +0100, "Miquel van Smoorenburg" said: > We use a /120 subnet for servers to prevent the NDP cache exhaustion > attack. We do maintain a mapping between IPv4 and IPv6 addresses; > it's simply 2001:db8:vv:ww::xx, where xx is the hex value of the > last octet of the IPv4

Re: IPv6 Netowrk Device Numbering BP

On Sat, 03 Nov 2012 00:44:14 -0500, Randy said: > > Veering off this topic's course, Is there any issue with addresses like > this ? > 2001:470:1f00:1aa:abad:babe:8:beef < I have a bunch of these type > 'addresses' configured for my various machines. > > I make it a point to come up with some sort

Re: "authority" to route?

On Thu, 15 Nov 2012 23:05:39 -0800, Kyle Creyts said: > Jeez, isn't RPKI supposed to solve this problem? That would presume the existence of a deployed system that everybody actually used. pgpSBbgRGoEqE.pgp Description: PGP signature

Re: Fiber terminations -- UPC vs APC

On Mon, 19 Nov 2012 16:37:05 -0500, Jeff Kell said: > The video folks are set, determined, and insistent that they need APC > terminations. > > All data references I have found preach UPC. Remember - the nozzles on unleaded gas pumps aren't interchangeable with the ones that dispense leaded gas (

Re: [OPINION] Best place in the US for NetAdmins

On Fri, 25 Jul 2014 17:52:05 -0400, Miles Fidelman said: > Still DC is a nice place to live. Depends on your definition of "nice". I'm perfectly OK with the fact that when I look out the window here in my office, the skyline is mostly National Forest. Not many places in DC have that going for t

Re: EFF gets into the CPE router software business..

On Fri, 25 Jul 2014 13:11:29 -0500, char...@thefnf.org said: > On 2014-07-25 12:22, valdis.kletni...@vt.edu wrote: > > The second big challenge is that to the best of my knowledge, there exist > > no router-class hardware that includes a TPM chip, > > OpenWRT x86? Run it on a decently specced lapto

Re: Richard Bennett, NANOG posting, and Integrity

On Sat, 26 Jul 2014 06:10:09 +0530, Suresh Ramasubramanian said: > The debate is dominated by the parties of the first part unfortunately (and > add professors of law to this already toxic mix) So what you're saying is that the debate is in total violation of RFC1925, section 4? :) pgpZXlLN7Hcc2

Re: [OPINION] Best place in the US for NetAdmins

On Sat, 26 Jul 2014 15:34:14 -0700, "Scott Weeks" said: > "Annual Mean Wage of Network and Computer Systems > Administrators by State, May 2013" > > is surprising, though. The numbers are much lower than > I would expect. Remember that's the *mean*. There's a lot of small companies that have so

Re: Many players make up application performance (was Re: Richard Bennett, NANOG posting, and Integrity)

On Tue, 29 Jul 2014 14:33:28 -, "McElearney, Kevin" said: > (w/ a level of quality). <$IP_PROVIDER> plays a big role in delivering > your *overall* Internet experience, but eyecandysource plays an even > bigger role delivering your *specific* eyecandy experience. If > eyecandystore has inter

Re: Carrier Grade NAT

On Tue, 29 Jul 2014 11:42:31 -0500, Chris Boyd said: > There's probably going to be some interesting legal fallout from that > practice. As an ISP customer, I'd be furious to find out that my > communications had been intercepted due to the bad behavior of another user. See the various lawsuits

Re: Carrier Grade NAT

On Tue, 29 Jul 2014 09:57:54 -0700, Owen DeLong said: > As an ISP customer, would you really accept not being supplied a globally > unique address? Really? I would not. Does the *other* provider in your area have a more liberal policy? pgpFZVOkelKin.pgp Description: PGP signature

Re: Netflix To Cogent To World

On Wed, 30 Jul 2014 13:04:31 -0600, randal k said: > I agree that the Netflix team is responsive and easy to work with, and > again in my experience, their network team is extremely interested in > making things happen (despite what blogs & hearsay ...) Well, it *is* in their best interests to ma

Re: Carrier Grade NAT

On Wed, 30 Jul 2014 16:39:14 -0700, Owen DeLong said: > I was talking about Amazon, not AWS. Yes, AWS would help too, but in terms of > the Alexa list, Amazon would swing the percentage meaningfully. I don’t know > to > what extent AWS would swing the percentage. There's probably not much stuff

Re: Cisco Switch Matrix

On Fri, 08 Aug 2014 10:27:49 +0100, DQ said: > I have found the best way is to find the product you are after, for example > 2960 switches Right. Except the original question was "Which units can provide X Y and Z", and get the answer "you're looking for a 2960, a 3711, or a XMJ-6, each has at l

Re: fire ants

On Tue, 12 Aug 2014 15:52:45 -0300, "Eduardo A. Su?rez" said: > it's not a joke. Here we have a fire ants nest in the fiber patch panel. > Are there any DIY ways to manage that? Does the local zoo have an aardvark they're willing to loan you? :) This might be a tad difficult to deal with, as the

Re: So Philip Smith / Geoff Huston's CIDR report becomes worth a good hard look today

On Wed, 13 Aug 2014 08:08:04 +0300, Hank Nussbacher said: > We went with 768 - enough time to replace the routers with ASR9010s. It is > merely a stop-gap measure to give everyone time to replace their routers in > an orderly fashion. The same people who, knowing the 6509 had this default config

Re: Urgent

On Mon, 18 Aug 2014 19:00:29 +0200, ra...@psg.com said: > Contact for God, please reach out to me offlist. They never want to talk to you unless you have proof of a support contract, and calling them to deal with an issue with one of their customers is futile... pgp1cpGC6lpH4.pgp Description: PG

Re: Akamai charges for IPv6 support?

On Tue, 19 Aug 2014 14:32:38 -, "Eric C. Miller" said: > I thought that keeping up with the times is part of basic necessity of > business. Yes, but here in the US, a precedent got set when some communications companies got given really sweet deals to encourage them to deploy next-gen broadba

Re: where to go to understand DDoS attack vector

On Tue, 26 Aug 2014 18:57:27 +0700, Roland Dobbins said: >. The 'mailto:' bit is interesting; it might work sort of like SNMP >reflection/amplificati Nope. It's a red herring, somebody's MUA trying to get *far* too clever with the fact that there's a literal "@.8" in the ascii dump part of

Re: Best US Tunnelbroker for Youtube

On Tue, 26 Aug 2014 21:17:14 -0400, ITechGeek said: > Someone was telling me this weekend their entire network is native dual > stack now. I haven't had a chance to confirm it yet, but he said they are > issuing /60's to residential users using DHCPv6. I believe the status is "every residential c

Re: The Next Big Thing: Named-Data Networking

On Fri, 05 Sep 2014 12:38:13 -0700, Paul Ferguson said: > The principle questions still stand unanswered: > > What is the motivation for this? What do you gain? Does it create some > large architectural and performance in efficiency? How often do the copyright owners on content give a flying fig

Re: Bare TLD resolutions

On Wed, 17 Sep 2014 17:48:58 -0400, Jay Ashworth said: > I want to return NXDOMAIN *because there is no record of that type at that > node*. NXDOMAIN means "There are no records of *any* type at that node". NOERROR means "There are no records of *that* type at that node (but the node exists and

Re: update

On Wed, 24 Sep 2014 18:50:05 -0400, Jim Popovitch said: > If someone is already invoking #!/bin/bash from a cgi, then they are > already doing it wrong (bash has massive bloat/overhead for a CGI script). You sure you don't have *any* cgi's that do something like system("mail -s 'cgi program xxyz

Re: update

On Sat, 27 Sep 2014 21:10:28 -0400, Jay Ashworth said: > I haven't an example case, but it is theoretically possible. The sendmail setuid bug, where it failed to check the return code because it was *never* possible for setuid from root to non-root to fail... ... until the Linux kernel grew new f

Re: update

On Sun, 28 Sep 2014 02:39:15 -0400, William Herrin said: > The vulnerabilities were there the whole time, but the progression of > discovery and dissemination of knowledge about those vulnerabilities > makes the systems more vulnerable. The systems are more vulnerable > because the rest of the wor

Re: update

On Sat, 27 Sep 2014 22:50:31 -0600, "Keith Medcalf" said: > If you had been rational about the change to from x86 -> x64 and 32-bit > userland to 64-bit userland, you would have limited all processes to the same > per-process address space as they had in the x86 model in order to prevent the > intr

Re: update

On Sun, 28 Sep 2014 15:06:18 -0600, "Keith Medcalf" said: > >Hopefully, Keith will admit that *THAT* qualifies as a "change" in his > >book as well. If attackers are coming at you with an updated copy > >of Metasploit, things have changed > > Sorry to disappoint, but those are not changes tha

Re: GMail contact - misroute / security issue

On Sun, 28 Sep 2014 20:57:41 -0700, Mike Lyon said: > I have the same issue and have had it for quite a while. I've met some > great new friends because of it as well! Odd. Never seen it happen to me. I wonder why. pgpAO5hwZDb7r.pgp Description: PGP signature

Re: update

On Mon, 29 Sep 2014 00:32:49 -0500, Pete Carah said: > The halting problem comes up in connection with _data_ handling in any > computer with even a language interpreter (e.g. is browser-based > javascript complete enough for the halting problem to apply to it? The halting problem applies to *any

Re: update

On Sun, 28 Sep 2014 13:22:57 -0400, Jay Ashworth said: > "The Internet is the only endeavour of man in which a single-character > typographical error in a file on a computer on the other side of the > planet *which you do not even know exists* can take your entire business > off line for the better

Re: .sj/.bv == privacy?

On Wed, 01 Oct 2014 09:08:19 -0700, Dave Crocker said: > In other words, anything that explicitly identifies traffic as > attempting greater privacy is likely to be a greater target for attack. Which is a good reason to encrypt all network traffic by default, even if it's just videos of kittens.

Re: large BCP38 compliance testing

On Thu, 02 Oct 2014 12:10:39 +0200, Mikael Abrahamsson said: > I have been getting pushback from people that this might be "illegal". > Could anyone please tell me what's illegal about trying to send a packet > with a random source address? The *real* problem isn't the testing. It's the assumpti

Re: DDOS - Law enforcement

On Fri, 03 Oct 2014 14:02:31 +1300, "Tony Wicks" said: > effects of scumbags who send DDOS attacks towards my networks, It amazes me > how you cannot put more effort into the blatant DDOS for hire platforms that > are readily available to anyone. I mean how can these sites be allowed to > continue

Re: DDOS - Law enforcement

On Fri, 03 Oct 2014 10:59:28 -0400, Alain Hebert said: > We where told to prouve 100k+ damage first before they even bother > meeting us. Remember that a single iPod full of pirated music is $8 billion of damage. http://www.youtube.com/watch?v=GZadCj8O1-0 pgp2gcLEMgkXR.pgp Description: PGP

Re: Marriott wifi blocking

On Fri, 03 Oct 2014 20:31:56 -0500, Larry Sheldon said: > What it is about red-colored APs that is offensive? I have never seen one. It's a color code that indicates it's an RFC3514-compliant device. pgpXeFC2JMDVl.pgp Description: PGP signature

Re: Belkin Router issues this morning?

On Tue, 07 Oct 2014 16:27:16 -0600, John Neiberger said: > Sounds like it might have been a DNS issue of some sort. The end result was > that the customer routers couldn't reach their heartbeat server, which made > them think they weren't on the net. Seems like a dubious idea to equate "can't reac

Re: wifi blocking [was Re: Marriott wifi blocking]

On Tue, 07 Oct 2014 20:10:44 -0500, Jimmy Hess said: > The only way to legally block cell phone RF would likely be on behalf > of the licensee In other words, possibly, persuade the cell > phone companies to allow this, then create an approved "special" > local cell tower all their phone

Re: wifi blocking [was Re: Marriott wifi blocking]

On Tue, 07 Oct 2014 23:10:15 -0500, Larry Sheldon said: > The cell service is not a requirement placed upon them, I am pretty sure. However, once having chosen to provide it, and thus create an expectation that cellular E911 is available, they're obligated to carry through on that. pgpz6n3Z670ZN

Re: Marriott wifi blocking

On Fri, 10 Oct 2014 14:03:48 -, "Naslund, Steve" said: > the AP can bug light your clients. Only if your clients are configured to allow it. pgpF_JHgfuTWH.pgp Description: PGP signature

Re: Keeping Track of Data Usage in GB Per Port

On Wed, 15 Oct 2014 13:06:56 -0500, Colton Conor said: > on a cisco switch vs a DSL port on a DSLAM for example? I would think these > access switches would have some sort of stat you can count similar to a > utility meter reader on a house. See what it was at last month, see what is > is at this

Re: Why is .gov only for US government agencies?

On Mon, 20 Oct 2014 05:58:01 -0400, shawn wilson said: > Bad idea. I'm betting we'd find half of gov web sites down due to not being > able to reboot and issues in old coldfusion and IIS and the like (and > needing to fix static links and testing etc). You say that like it's a bad thing pgp

Re: Why is .gov only for US government agencies?

On Mon, 20 Oct 2014 10:45:44 -0400, shawn wilson said: > 3. I don't want to see the report on how many Allaire ColdFusion with > NT 3.5 .gov sites are out there > > any other reasons not to do this? Maybe, but here's the real > question - why in the hell would we want to do this? See your po

Re: Why is .gov only for US government agencies?

On Mon, 20 Oct 2014 22:09:11 -0400, shawn wilson said: > There's probably also a legal issue 1here. You can't make it so that > someone can't communicate with their elected official. You might want to actually surf over to house.gov and start looking at how many totally broken pages are there. E

Re: Linux: concerns over systemd adoption and Debian's decision to switch

On Tue, 21 Oct 2014 14:44:57 +0900, Randy Bush said: > systemd is insanity. one would have hoped that deb and others would > know better. sigh. It started as a replacement init system. I suspected it had jumped the shark when it sprouted an entirely new DHCP and NTP service. And this was confi

<    4   5   6   7   8   9   10   11   12   13   >