Slashdot Mirror

← Back to Domains

Domain: nanog.org

Stories and comments across the archive that link to nanog.org.

Stories · 9

  1. Microsoft Buys 666,000 IP Addresses

    Microsoft · · posted by ryuzaki0 · from the number-of-a-thousand-beasts dept. · 264 comments
    RabidMonkey writes "Microsoft has managed to purchase 666,624 IP addresses from the bankrupt Canadian company Nortel for $7.5 million. This works out to $11.25/ip. An exact list of blocks isn't available yet. There has been a lot of discussion on NANOG about whether this allowed or not, and what the implications to the dwindling IPv4 pool may be. Is this the first of many such moves as IPv4 address space has run out? Will ARIN step in and block the sale/transfer? How long will such measures drag out the eventual necessity of IPv6?"

  2. Microsoft Buys 666,000 IP Addresses

    Microsoft · · posted by ryuzaki0 · from the number-of-a-thousand-beasts dept. · 264 comments
    RabidMonkey writes "Microsoft has managed to purchase 666,624 IP addresses from the bankrupt Canadian company Nortel for $7.5 million. This works out to $11.25/ip. An exact list of blocks isn't available yet. There has been a lot of discussion on NANOG about whether this allowed or not, and what the implications to the dwindling IPv4 pool may be. Is this the first of many such moves as IPv4 address space has run out? Will ARIN step in and block the sale/transfer? How long will such measures drag out the eventual necessity of IPv6?"

  3. .ORG Zone Signed With DNSSEC

    It · Security · · posted by kdawson · from the baby-steps-to-security dept. · 89 comments
    lothos and several other readers let us know that the Public Interest Registry has announced the key-signing key to validate the signatures on the ORG zone. A few more details are on the PIR DNSSEC page. PC World interviewed PIR CEO Alexa Raad and writes: "On June 2, PIR will announce that it is signing the .org domain with NSEC3 and that it has begun testing DNSSEC with a handful of registrars using first fake and then real .org names. PIR plans to keep expanding its testing over the next few months until the registry is ready to support DNSSEC for all .org domain name operators. Raad says she expects full-blown DNSSEC deployment on the .org domain in 2010."

  4. Confirmed Gmail / Google App Outage

    Tech · Google_Fb · · posted by timothy · from the were-you-there-when-it-happened dept. · 189 comments
    mbone writes "Earlier today there was a confirmed Google outage which got a lot of attention from network operators. From a post to NANOG after everything calmed down: 'Google ack'd a maintenance on their core network did not go as planned-Forced traffic to one peer link that was unable to handle all the traffic. Maintenance has been rolled back. Issue has been restored.' This is exactly what makes me nervous about cloud computing and data storage. It's bad enough when I screw up a config and it takes down my mail, but what about when it happens to the entire globe at once?" Several readers also point to CNET's coverage of the outage. Update: 05/14 19:25 GMT by T : CWmike adds this: "Steven J. Vaughan-Nichols writes that what may be happening is a massive DDoS attack. Based on the size of the attack that would be needed to interfere with Google, I believe that it's quite likely to be the result of an attack from the controllers of the Windows worm, Conficker. Another theory that has been put about — that the problem was due to AT&T NOC routing problems — does not appear to hold water, writes Steven." Update: 05/14 21:01 GMT by T : Google's put up a low-detail explanation on their blog that says "An error in one of our systems caused us to direct some of our web traffic through Asia, which created a traffic jam. As a result, about 14% of our users experienced slow services or even interruptions."

  5. IPv4 Address Crunch In 2 Years, IPv6 Not Ready

    Tech · Networking · · posted by kdawson · from the told-ya dept. · 539 comments
    An anonymous reader writes "We've known for ages that IPv4 was going to run out of addresses — now, it's happening. IPv6 was going to save us — it isn't. The upcoming crisis will hit, perhaps as soon as 2010, but nobody can agree on what to do. The three options are all pretty scary. This article covers the background, and links to a presentation by Randy Bush (PDF) that shows the reality of the problem in stark detail."

  6. AOL Blocking Spammers' Web Sites

    It · Spam · · posted by Hemos · from the fighting-the-good-fight dept. · 238 comments
    Nuclear Elephant writes "According to this article, AOL has decided to take a fresh approach to fighting spam and is now blocking the spammer's web address. The philosophy is, if the customers can't visit spammers sites, spammers will not be able to make any money. On a side note, I suggested this concept about six months ago but nobody thought ISPs would adopt it. Now perhaps we can get a group like NANOG interested in sponsoring a blacklist for spammer addresses?"

  7. Verisign's SiteFinder - An Engineer's View

    Tech · Internet · · posted by simoniker · from the find-this dept. · 159 comments
    ixs writes "CircleID has an interesting article by David Monosov about Verisign's plans to reintroduce Sitefinder. The article presents the thesis that the Internet engineering community is partly to blame for Verisign's ability to mess with the .com and .net root zones. According to the author we spend too much time with our systems and not enough with politics. The writeup was previously posted to NANOG and received a favorable response from Paul Vixie."

  8. W2K and MAC OS9 Flood Root Nameservers?

    Microsoft · · posted by ryuzaki0 · from the unintentional-dos dept. · 238 comments
    wizzy writes "Irelands toplevel domain registry has a notice on Microsoft and Apple DHCP clients sending dynamic DNS updates per RFC2136. The problem is they are not sufficiently careful about where they send it if they are in RFC1918 space - usually used for behind-firewall addressing, which is where they usually are.. This is resulting in bogus updates being sent at the rate of nearly one million an hour to root nameservers, only to be rejected - as reported on the NANOG mailing list."

  9. Carnivore Demo Report

    Yro · Court · · posted by michael · from the data-shadow dept. · 130 comments
    An anonymous reader sends: "Here's an archived copy of an anonymously remailed report on a demonstration of two versions of Carnivore by an FBI agent, at the recent NANOG 20 meeting."

    michael : People are really interested in the "inner workings" of Carnivore, as shown by the many submissions. I never thought it was anything special - from the start, when I first knew that the FBI had an Internet interception box, I just assumed that it would neatly sort and deliver all Internet traffic of a particular target. I can spec out how I would design such a box; and the FBI isn't stupid; so I assume they would do it in a similar fashion. I think there's still a lot of disbelief out there, though - "You mean the FBI can really track both Web access AND email? And IRC? And Usenet? ...." People just don't believe it, because they're used to thinking of Internet traffic in different terms than phone or whatever.

    The only important design aspects of the carnivore box are things like "Can the FBI set it to snoop on traffic it isn't supposed to? Can I dial into the box and snoop on my neighbors?" and other questions like that, which we'll *never* find out from any powerpoint presentation.

    So get used to it, people. Assume that Carnivore neatly captures, sorts, and delivers all traffic that passes through it, and that the FBI can just type in your name and plug it in. Assume that there's a user-friendly, point-and-click interface. Assume that it will pretty-print reports, ready for filing with the court if/when you are prosecuted. Assume that there's essentially no oversight of the FBI's use of this device - after all, judges exercise almost no oversight over wiretaps, there's no reason to believe that Internet-tapping will be overseen any more diligently. The FBI and police approach wiretapping requests in the same way that conniving children approach their parents - it only takes one judge to approve a request, and the FBI can approach as many different ones as needed until they find the one that just doesn't care and rubber-stamps everything.

    Get used to it. Want more data about how Carnivore works? Push for the source code to be opened. Nothing else will provide any more information about the system. You can't tell how secure it is (against the FBI, or against anyone else) from a presentation.

    As for me, I'm steadily moving toward encrypting as much of my traffic as possible. I set up ssh for my home network recently. I'm setting up SSL. I'm reading up on IPSEC. I guess I just don't have a very trusting nature. The way I figure it, the time to set up countermeasures is before you expect to need them.