This. Rate-limiting can help...I'm quite sure Google has rate-limiting in place on 8.8.8.8 for instance. But for those who don't have Google's budget, it's a challenge. There are not currently any sufficiently tested and stable DNS rate-limiting features in any of the top 3 resolvers out there. The problem here is networks letting spoofed packets out of their nets, not DNS servers performing correctly.
SPF is only somewhat effective as unfortunately only some have adopted it. Still, it takes all of a few seconds to add an SPF record for your domain. It can't hurt. Also, try reporting the servers hitting you with backscatter to Spamcop. Again, it might not help much, but it can't hurt.
Nice to see that Eweek and Slashdot editors failed to note Gadi's hobby as NANOG troll. His chicken little ravings about botnets aren't taken seriously there, nor should they here.
Find a local webhost. Ask to tour their datacenter -- verify for yourself that they are what they claim to be. And for Pete's sake, remember my first rule of technology: You get what you pay for.
If you're paying $5/mo. for webhosting, do you really think you're getting top-notch service??
I'd bet L3's argument is that they will not provide transit across their AS to Cogent.
Actually, no. L3 is a "Tier-1" provider and as such does not *purchase* transit from anyone. Instead, they have peering arrangements with all the other "Tier-1" providers where they exchange routes and traffic bound exclusively for each others networks. When they depeered Cogent, they stopped exchanging routes and traffic with Cogent, and as they do not purchase transit from *anyone* they have no way of reaching Cogent's network. In order for L3 to reach Cogent's network with peering turned off, the traffic would have to traverse through someone else's network to get there. And that, boys and girls, is transit, not peering.
I know this is anathema to most big businesses, but you say you work for.com, so maybe this isn't so far out in left field. What is the point in paying Keynote big bucks to tell you what your page load times are? Great, you've improved your performance 40%. Does it matter? No one here can tell you, Keynote can't tell you. Only your customers can tell you what about your site makes them happy and what frustrates them. So ask them!
No doubt US'ers can be major pains. But at least, for the most part, they're quite upfront about their views. Obviously you disagree with their views, which is your right. But I don't think that's what really has you upset. What really has you upset is that the US doesn't give a damn what you think. And that seems to drive so many self-important Europeans (And quite a few self-flagellating, guilt-ridden, Euro Trash wannabe American's as well.) absolutely batshit. And so the natural reaction to soothe the tattered ego of the pompous literati of the Old World is to look down their noses at the U.S., smug in their sense of moral superiority. And it's that smug condesencion that creeps into many a European's viewpoint on anything regarding the U.S. that pretty much guarantees your average American will stop listening.
Not so much trolling you as pointing out why your arguments are falling on deaf ears. Talk to someone like they are a child, and you'll get a childish response.
"Sadly, judging by the angrily aggressive jingoism of some Americans, it seems now we have to wait for you to catch up."
You're so right. But I'm sure eventually Americans will learn how to emanate crass sanctimoniousness like "enlightened" European dillettantes such as yourself.
Exactly. This is just another scheme to redistribute wealth to underdeveloped countries hidden in the guise of "improving the Internet." It's the same thing being tried with the Kyoto Treaty, which is intended to redistribute wealth while pretending to be about the environment. I'm surprised Bono hasn't started organizing concerts to raise awareness of the evils of ICANN...
Yes...I've watched night launches from both the parking lot of the museum (Not sure if this is allowed anymore...this was ~20 years ago...) and from Cocoa Beach. Honestly, there isn't much difference in either case. All you can really see is a bright ball of light lifting up into the sky from either location. It's awe-inspiring either way.
I'm on a neverending quest for basically the same thing. Every piece of asset tracking software I've tried either has extra bells and whistles like a ticketing system or other nonsense included, or is far too focused on software or Windows to be useful to me. Ideally, I'd love to find an open-source, web-based asset tracking system that allows for custom fields, hyperlinks, and user/group permissions to allow different levels of access to different assets/groups of assets. No ticketing, no monitoring, no nonsense. Too many tools try to become monolithic pieces of software that do everything for an enterprise, with the end result being that they do none of the tasks well.
Maybe. Assuming everyone doesn't just publish "spf2.0/pra +all" which seems to be the case more often than not now. And when that's what people publish, what have we actually accomplished?
"Hotmail says that they will only check v2 records, and if a domain has no record, they'll treat that as a Sender-ID failure and display the yellow warning box."
So if you want to play with Hotmail, you'll have to publish v2 records.
If this were actually a push to prevent spam you might be right. Unfortunately that is not the case. First and foremost this is a blatant attempt by Microsoft to try to force their sender identification standard (which, incidentally they have patents on) on the rest of the world.
Furthermore, SPF/Sender-ID and all their ilk will do little if anything to help with the spam problem. Spammers can publish SPF records just as easily as anyone else. The only major effect it can have is to protect corporate identities by helping to prevent forged From: addresses. Which is great for corporate behemoth's like Microsoft, but does nothing for you or I.
In theory, yes. But that just doesn't wash with this particular situation. *If* Comcast had that kind of problem it would affect many more than just this one user, and we'd no doubt have heard about it through the NOG grapevines by now.
Sounds to me like you have bigger problems than the portscanning. Even hundreds of simultaneous port scans are unlikely to chew through all your bandwidth on a cable line. Sounds to me like your computer(s) may be zombied and *that's* what's eating up your bandwidth.
None. Provided that the publisher exhausted all reasonable means to notify the software manufacturer and still got no response, the responsibility then falls on the manufacturer for their failure to adequately address the problem in a reasonable timeframe after it was first brought to their attention.
Is the guy who first discovers a dangerous design flaw in a children's toy responsible for all the children injured as a result of the flaw if the company refuses to recall the toy?
Because without proof-of-concept any moron out there can claim all sorts of vulnerabilities for no other reason than to try to tarnish the reputation of software companies.
Well, perhaps not direct financial gain, but there certainly is something to be said for security companies looking to prove their expertise (and consequently boost sales) by trumpeting all the exploits they've discovered.
That said, I think publishing exploits is a necessary thing. I think the discoverer of an exploit has a responsibility to all the other users of whatever software has the hole in it to make the hole known. However I think the discoverer also has a responsibility to make a genuine attempt to notify the software developers of the problem and give them the chance to release a patch before making any public proclamations. To me, the public announcement should be used as a last resort to try to prod an unresponsive software manufacturer into action.
Slashdot Mirror
This. Rate-limiting can help...I'm quite sure Google has rate-limiting in place on 8.8.8.8 for instance. But for those who don't have Google's budget, it's a challenge. There are not currently any sufficiently tested and stable DNS rate-limiting features in any of the top 3 resolvers out there. The problem here is networks letting spoofed packets out of their nets, not DNS servers performing correctly.
SPF is only somewhat effective as unfortunately only some have adopted it. Still, it takes all of a few seconds to add an SPF record for your domain. It can't hurt. Also, try reporting the servers hitting you with backscatter to Spamcop. Again, it might not help much, but it can't hurt.
Nice to see that Eweek and Slashdot editors failed to note Gadi's hobby as NANOG troll. His chicken little ravings about botnets aren't taken seriously there, nor should they here.
Yes, but if you're paying $500/mo. you have a much bigger bat to wield when you aren't happy with the service you're receiving. :-)
Find a local webhost. Ask to tour their datacenter -- verify for yourself that they are what they claim to be. And for Pete's sake, remember my first rule of technology: You get what you pay for.
If you're paying $5/mo. for webhosting, do you really think you're getting top-notch service??
I'd bet L3's argument is that they will not provide transit across their AS to Cogent.
Actually, no. L3 is a "Tier-1" provider and as such does not *purchase* transit from anyone. Instead, they have peering arrangements with all the other "Tier-1" providers where they exchange routes and traffic bound exclusively for each others networks. When they depeered Cogent, they stopped exchanging routes and traffic with Cogent, and as they do not purchase transit from *anyone* they have no way of reaching Cogent's network. In order for L3 to reach Cogent's network with peering turned off, the traffic would have to traverse through someone else's network to get there. And that, boys and girls, is transit, not peering.
I know this is anathema to most big businesses, but you say you work for .com, so maybe this isn't so far out in left field. What is the point in paying Keynote big bucks to tell you what your page load times are? Great, you've improved your performance 40%. Does it matter? No one here can tell you, Keynote can't tell you. Only your customers can tell you what about your site makes them happy and what frustrates them. So ask them!
http://profitability.net/email-archiving-complianc e.html
Looks like that does exactly what you're looking for.
http://www.boomarangdbs.com/
Can't directly speak to their level of service, but they're a client and seem like nice folks who are on top of their game.
No doubt US'ers can be major pains. But at least, for the most part, they're quite upfront about their views. Obviously you disagree with their views, which is your right. But I don't think that's what really has you upset. What really has you upset is that the US doesn't give a damn what you think. And that seems to drive so many self-important Europeans (And quite a few self-flagellating, guilt-ridden, Euro Trash wannabe American's as well.) absolutely batshit. And so the natural reaction to soothe the tattered ego of the pompous literati of the Old World is to look down their noses at the U.S., smug in their sense of moral superiority. And it's that smug condesencion that creeps into many a European's viewpoint on anything regarding the U.S. that pretty much guarantees your average American will stop listening.
Not so much trolling you as pointing out why your arguments are falling on deaf ears. Talk to someone like they are a child, and you'll get a childish response.
"Sadly, judging by the angrily aggressive jingoism of some Americans, it seems now we have to wait for you to catch up."
You're so right. But I'm sure eventually Americans will learn how to emanate crass sanctimoniousness like "enlightened" European dillettantes such as yourself.
"leveling the costs of internet access globally"
Exactly. This is just another scheme to redistribute wealth to underdeveloped countries hidden in the guise of "improving the Internet." It's the same thing being tried with the Kyoto Treaty, which is intended to redistribute wealth while pretending to be about the environment. I'm surprised Bono hasn't started organizing concerts to raise awareness of the evils of ICANN...
Yes...I've watched night launches from both the parking lot of the museum (Not sure if this is allowed anymore...this was ~20 years ago...) and from Cocoa Beach. Honestly, there isn't much difference in either case. All you can really see is a bright ball of light lifting up into the sky from either location. It's awe-inspiring either way.
http://www.nagios.org/products/environmental/esens ors/em01b.php
Doesn't get any easier.
I'm on a neverending quest for basically the same thing. Every piece of asset tracking software I've tried either has extra bells and whistles like a ticketing system or other nonsense included, or is far too focused on software or Windows to be useful to me. Ideally, I'd love to find an open-source, web-based asset tracking system that allows for custom fields, hyperlinks, and user/group permissions to allow different levels of access to different assets/groups of assets. No ticketing, no monitoring, no nonsense. Too many tools try to become monolithic pieces of software that do everything for an enterprise, with the end result being that they do none of the tasks well.
Maybe. Assuming everyone doesn't just publish "spf2.0/pra +all" which seems to be the case more often than not now. And when that's what people publish, what have we actually accomplished?
"Hotmail says that they will only check v2 records, and if a domain has no record, they'll treat that as a Sender-ID failure and display the yellow warning box."
So if you want to play with Hotmail, you'll have to publish v2 records.
If this were actually a push to prevent spam you might be right. Unfortunately that is not the case. First and foremost this is a blatant attempt by Microsoft to try to force their sender identification standard (which, incidentally they have patents on) on the rest of the world.
Furthermore, SPF/Sender-ID and all their ilk will do little if anything to help with the spam problem. Spammers can publish SPF records just as easily as anyone else. The only major effect it can have is to protect corporate identities by helping to prevent forged From: addresses. Which is great for corporate behemoth's like Microsoft, but does nothing for you or I.
Despite the fact that Hotmail will only be using SPF v2 records to do the filtering, it seems that Hotmail themselves haven't bothered yet to publish one: http://www.dnsstuff.com/tools/lookup.ch?type=TXT&n ame=hotmail.com
In theory, yes. But that just doesn't wash with this particular situation. *If* Comcast had that kind of problem it would affect many more than just this one user, and we'd no doubt have heard about it through the NOG grapevines by now.
Andrew
Sounds to me like you have bigger problems than the portscanning. Even hundreds of simultaneous port scans are unlikely to chew through all your bandwidth on a cable line. Sounds to me like your computer(s) may be zombied and *that's* what's eating up your bandwidth.
Do yourself a favor and go see Closer. Then decide how much of a prude she is.
None. Provided that the publisher exhausted all reasonable means to notify the software manufacturer and still got no response, the responsibility then falls on the manufacturer for their failure to adequately address the problem in a reasonable timeframe after it was first brought to their attention.
Is the guy who first discovers a dangerous design flaw in a children's toy responsible for all the children injured as a result of the flaw if the company refuses to recall the toy?
Because without proof-of-concept any moron out there can claim all sorts of vulnerabilities for no other reason than to try to tarnish the reputation of software companies.
Well, perhaps not direct financial gain, but there certainly is something to be said for security companies looking to prove their expertise (and consequently boost sales) by trumpeting all the exploits they've discovered.
That said, I think publishing exploits is a necessary thing. I think the discoverer of an exploit has a responsibility to all the other users of whatever software has the hole in it to make the hole known. However I think the discoverer also has a responsibility to make a genuine attempt to notify the software developers of the problem and give them the chance to release a patch before making any public proclamations. To me, the public announcement should be used as a last resort to try to prod an unresponsive software manufacturer into action.