|
North American Network Operators Group Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical Re: NANOG Digest, Vol 8, Issue 38
--- [Message envoyé a partir d'un mobile] Bruno VAZ Ipercast Operations 40, Rue de PARIS / 92100 Boulogne-Billancourt Tel +33 1 72 77 70 87 [email protected] -----Original Message----- From: [email protected] Date: Wed, 10 Sep 2008 19:59:40 To: <[email protected]> Subject: NANOG Digest, Vol 8, Issue 38 Send NANOG mailing list submissions to [email protected] To subscribe or unsubscribe via the World Wide Web, visit http://mailman.nanog.org/mailman/listinfo/nanog or, via email, send a message with subject or body 'help' to [email protected] You can reach the person managing the list at [email protected] When replying, please edit your Subject line so it is more specific than "Re: Contents of NANOG digest..." Today's Topics: 1. RE: duplicate packet (Darden, Patrick S.) 2. RE: duplicate packet (Eric Van Tol) 3. Re: duplicate packet (Jon Lewis) 4. Re: duplicate packet (Sebastian Abt) 5. RE: duplicate packet (Tim Sanderson) 6. Re: duplicate packet (Laurence F. Sheldon, Jr.) 7. Re: Yahoo! mail admins? (Matthew Petach) 8. Re: ingress SMTP (*Hobbit*) 9. New (2-byte) ASN Allocation for RIPE NCC (Leo Vegoda) 10. Teleglobe appears to be spam-source zombie network? (Jo Rhett) 11. Re: Teleglobe appears to be spam-source zombie network? (Nuno Vieira - nfsi telecom) 12. Re: Teleglobe appears to be spam-source zombie network? (Marshall Eubanks) ---------------------------------------------------------------------- Message: 1 Date: Wed, 10 Sep 2008 08:01:32 -0400 From: "Darden, Patrick S." <[email protected]> Subject: RE: duplicate packet To: "chloe K" <[email protected]>, <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="iso-8859-1" Check your ARP tables, local and on intervening switches/routers. Make sure there are no duplicate entries for that IP. If you note the response time, the second packet is always higher which might be indicative. I would also check for a botched MITM a la C&A. Even if there is no obvious ARP table manglement, you might try flushing the local and intervening caches. Try the ping from another host, another subnet, another segment, get more info. --p -----Original Message----- From: chloe K [mailto:[email protected]] Sent: Wednesday, September 10, 2008 6:46 AM To: [email protected] Subject: duplicate packet Hi all When I ping the ip, I get the duplicate I check the ip is just one. Why it happens? Thank you 64 bytes from 192.168.0.95: icmp_seq=1 ttl=63 time=0.344 ms 64 bytes from 192.168.0.95: icmp_seq=1 ttl=63 time=0.401 ms (DUP!) 64 bytes from 192.168.0.95: icmp_seq=2 ttl=63 time=0.296 ms 64 bytes from 192.168.0.95: icmp_seq=2 ttl=63 time=0.328 ms (DUP!) 64 bytes from 192.168.0.95: icmp_seq=3 ttl=63 time=0.291 ms 64 bytes from 192.168.0.95: icmp_seq=3 ttl=63 time=0.316 ms (DUP!) 64 bytes from 192.168.0.95: icmp_seq=4 ttl=63 time=0.279 ms 64 bytes from 192.168.0.95: icmp_seq=4 ttl=63 time=0.309 ms (DUP!) 64 bytes from 192.168.0.95: icmp_seq=5 ttl=63 time=0.271 ms 64 bytes from 192.168.0.95: icmp_seq=5 ttl=63 time=0.299 ms (DUP!) --------------------------------- Yahoo! Canada Toolbar : Search from anywhere on the web and bookmark your favourite sites. Download it now! ------------------------------ Message: 2 Date: Wed, 10 Sep 2008 08:06:02 -0400 From: Eric Van Tol <[email protected]> Subject: RE: duplicate packet To: 'chloe K' <[email protected]>, "[email protected]" <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset="us-ascii" > -----Original Message----- > From: chloe K [mailto:[email protected]] > Sent: Wednesday, September 10, 2008 6:46 AM > To: [email protected] > Subject: duplicate packet > > Hi all > > When I ping the ip, I get the duplicate > > I check the ip is just one. Why it happens? > > Thank you > > 64 bytes from 192.168.0.95: icmp_seq=1 ttl=63 time=0.344 ms > 64 bytes from 192.168.0.95: icmp_seq=1 ttl=63 time=0.401 ms (DUP!) > 64 bytes from 192.168.0.95: icmp_seq=2 ttl=63 time=0.296 ms > 64 bytes from 192.168.0.95: icmp_seq=2 ttl=63 time=0.328 ms (DUP!) > 64 bytes from 192.168.0.95: icmp_seq=3 ttl=63 time=0.291 ms > 64 bytes from 192.168.0.95: icmp_seq=3 ttl=63 time=0.316 ms (DUP!) > 64 bytes from 192.168.0.95: icmp_seq=4 ttl=63 time=0.279 ms > 64 bytes from 192.168.0.95: icmp_seq=4 ttl=63 time=0.309 ms (DUP!) > 64 bytes from 192.168.0.95: icmp_seq=5 ttl=63 time=0.271 ms > 64 bytes from 192.168.0.95: icmp_seq=5 ttl=63 time=0.299 ms (DUP!) Check to see whether or not the port connected to that host is mirrored or in a SPAN VLAN. Misconfiguration on an analyzer server can cause duplicate traffic to be generated. -evt ------------------------------ Message: 3 Date: Wed, 10 Sep 2008 08:11:18 -0400 (EDT) From: Jon Lewis <[email protected]> Subject: Re: duplicate packet To: chloe K <[email protected]> Cc: [email protected] Message-ID: <[email protected]> Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed On Wed, 10 Sep 2008, chloe K wrote: > When I ping the ip, I get the duplicate > > I check the ip is just one. Why it happens? > > 64 bytes from 192.168.0.95: icmp_seq=1 ttl=63 time=0.344 ms > 64 bytes from 192.168.0.95: icmp_seq=1 ttl=63 time=0.401 ms (DUP!) Not enough information has been given. Just hope it's not being caused by a Level3/Sprint circuit...ours is still doing this (when I change back to HDLC) and they just don't freaking care. Sometimes I wish I worked for a big telco so I could leave things broken and say "hey, I'm the telco, I don't have to care." Maybe we should refuse to pay for the affected DS3 and see if that gets more attention. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ ------------------------------ Message: 4 Date: Wed, 10 Sep 2008 14:11:48 +0200 From: Sebastian Abt <[email protected]> Subject: Re: duplicate packet To: chloe K <[email protected]> Cc: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset=us-ascii * chloe K wrote: > When I ping the ip, I get the duplicate > > 64 bytes from 192.168.0.95: icmp_seq=1 ttl=63 time=0.344 ms > 64 bytes from 192.168.0.95: icmp_seq=1 ttl=63 time=0.401 ms (DUP!) ^^^^^^^^^^^^ What's your netmask? Is 192.168.0.95 your net's broadcast address? sebastian -- SABT-RIPE PGPKEY-D008DA9C ------------------------------ Message: 5 Date: Wed, 10 Sep 2008 08:26:52 -0400 From: Tim Sanderson <[email protected]> Subject: RE: duplicate packet To: "[email protected]" <[email protected]> Message-ID: <[email protected]xxxxxxx> Content-Type: text/plain; charset="us-ascii" Instead, dispute the bill and then when they won't credit you for not giving you what you ordered, open a complaint with the state public utilities commission. It may get you some movement on the issue. -- Tim Sanderson, network administrator [email protected] -----Original Message----- From: Jon Lewis [mailto:[email protected]] Sent: Wednesday, September 10, 2008 8:11 AM To: chloe K Cc: [email protected] Subject: Re: duplicate packet On Wed, 10 Sep 2008, chloe K wrote: > When I ping the ip, I get the duplicate > > I check the ip is just one. Why it happens? > > 64 bytes from 192.168.0.95: icmp_seq=1 ttl=63 time=0.344 ms > 64 bytes from 192.168.0.95: icmp_seq=1 ttl=63 time=0.401 ms (DUP!) Not enough information has been given. Just hope it's not being caused by a Level3/Sprint circuit...ours is still doing this (when I change back to HDLC) and they just don't freaking care. Sometimes I wish I worked for a big telco so I could leave things broken and say "hey, I'm the telco, I don't have to care." Maybe we should refuse to pay for the affected DS3 and see if that gets more attention. ---------------------------------------------------------------------- Jon Lewis | I route Senior Network Engineer | therefore you are Atlantic Net | _________ http://www.lewis.org/~jlewis/pgp for PGP public key_________ ------------------------------ Message: 6 Date: Wed, 10 Sep 2008 08:10:20 -0500 From: "Laurence F. Sheldon, Jr." <[email protected]> Subject: Re: duplicate packet Cc: [email protected] Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Sebastian Abt wrote: > * chloe K wrote: >> When I ping the ip, I get the duplicate >> >> 64 bytes from 192.168.0.95: icmp_seq=1 ttl=63 time=0.344 ms >> 64 bytes from 192.168.0.95: icmp_seq=1 ttl=63 time=0.401 ms (DUP!) > ^^^^^^^^^^^^ > What's your netmask? Is 192.168.0.95 your net's broadcast address? Ohhh! Nice catch! ------------------------------ Message: 7 Date: Wed, 10 Sep 2008 06:13:18 -0700 From: "Matthew Petach" <[email protected]> Subject: Re: Yahoo! mail admins? To: "Paul Kelly :: Blacknight" <[email protected]> Cc: "[email protected]" <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset=ISO-8859-1 On 9/10/08, Paul Kelly :: Blacknight <[email protected]> wrote: > Hi There, > > Are there any Yahoo! e-mail admins on the list? We're having some issues at times delivering e-mail to yahoo.co.uk and sometimes some of the other yahoo networks. > Probably not--but folks can probably get the message to the right ears. Let me know off list the nature of the issue (layer 3 reachability vs layer 7 application error messages) and I'll see what I can do to get the message to the right recipients. Thanks! Matt > Thanks, > > Paul > > Paul Kelly > Technical Director > Blacknight Internet Solutions ltd > Hosting, Colocation, Dedicated servers > IP Transit Services > Tel: +353 (0) 59 9183072 > Lo-call: 1850 929 929 > DDI: +353 (0) 59 9183091 > > e-mail: [email protected] > web: http://www.blacknight.ie > > Blacknight Internet Solutions Ltd, > Unit 12A,Barrowside Business Park, > Sleaty Road, > Graiguecullen, > Carlow, > Ireland > > Company No.: 370845 > > ------------------------------ Message: 8 Date: Wed, 10 Sep 2008 12:35:24 +0000 (GMT) From: [email protected] (*Hobbit*) Subject: Re: ingress SMTP To: [email protected] Message-ID: <[email protected]> I am completely convinced that [email protected] in most big providers is a black hole with an autoresponder hung off it, and nothing ever gets done with complaints. NO HUMAN ever sees them, and even if they did, most of the humans at these outfits wouldn't recognize a Received: header if it bit them in the ass. I invite and welcome anyone from the "big boyz" I named in the original question -- verizon, comcast, roadrunner, charter, bellsouth/SBC, and now Google -- *especially* Gmail, given that counterproductive "privacy" policy we noted -- to inform me otherwise. _H* ------------------------------ Message: 9 Date: Wed, 10 Sep 2008 07:38:44 -0700 From: Leo Vegoda <[email protected]> Subject: New (2-byte) ASN Allocation for RIPE NCC To: Leo Vegoda <[email protected]> Message-ID: <C4EDA894.1EC4C%[email protected]> Content-Type: text/plain; charset="iso-8859-1" -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi, This is to confirm that the IANA has allocated one 2-byte ASN block to the RIPE NCC: 48128-49151 Assigned by RIPE NCC whois.ripe.net 2008-09-09 A note of the allocation has been made at: http://www.iana.org/assignments/as-numbers/as-numbers.xml http://www.iana.org/assignments/as-numbers/as-numbers.xhtml http://www.iana.org/assignments/as-numbers/as-numbers.txt Thank you and best regards, Leo Vegoda [email protected] ******************************************* Internet Assigned Numbers Authority (IANA) 4676 Admiralty Way, Suite 330 Marina del Rey, CA 90292 Phone: +1-310-823-9358 Fax: +1-310-823-8649 ******************************************* -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.7 (Darwin) iD8DBQFIx9suvBLymJnAzRwRAgnkAKDDxJCilYy0aErDQtQQFEcsCKG/QwCgi+Ao 029EI3Ful4LKPXMJEUGKs3g= =7EeD -----END PGP SIGNATURE----- ------------------------------ Message: 10 Date: Wed, 10 Sep 2008 12:47:26 -0700 From: Jo Rhett <[email protected]> Subject: Teleglobe appears to be spam-source zombie network? To: nanog <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes We started getting a flood of autobot spam to our listed abuse mailbox about an hour ago out of Teleglobe. Trying to find someone to shut this down has found that 1. Teleglobe has no listed abuse contacts for any of their netblocks 2. The few of their records which have listed e-mail addresses all bounce 3. All listed phone numbers on any netblocks we can find are invalid Any chance that RIPE is more strigent than ARIN and would pull their netblocks until they fix this stuff? -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness ------------------------------ Message: 11 Date: Wed, 10 Sep 2008 20:51:09 +0100 (WEST) From: Nuno Vieira - nfsi telecom <[email protected]> Subject: Re: Teleglobe appears to be spam-source zombie network? To: Jo Rhett <[email protected]> Cc: nanog <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset=utf-8 Try reach them at [email protected] cheers, --- Nuno Vieira nfsi telecom, lda. [email protected] Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301 http://www.nfsi.pt/ ----- "Jo Rhett" <[email protected]> wrote: > We started getting a flood of autobot spam to our listed abuse mailbox > > about an hour ago out of Teleglobe. Trying to find someone to shut > this down has found that > > 1. Teleglobe has no listed abuse contacts for any of their netblocks > 2. The few of their records which have listed e-mail addresses all > bounce > 3. All listed phone numbers on any netblocks we can find are invalid > > Any chance that RIPE is more strigent than ARIN and would pull their > > netblocks until they fix this stuff? > > -- > Jo Rhett > Net Consonance : consonant endings by net philanthropy, open source > and other randomness ------------------------------ Message: 12 Date: Wed, 10 Sep 2008 15:59:35 -0400 From: Marshall Eubanks <[email protected]> Subject: Re: Teleglobe appears to be spam-source zombie network? To: Nuno Vieira - nfsi telecom <[email protected]> Cc: nanog <[email protected]> Message-ID: <[email protected]> Content-Type: text/plain; charset=US-ASCII; format=flowed; delsp=yes On Sep 10, 2008, at 3:51 PM, Nuno Vieira - nfsi telecom wrote: > Try reach them at [email protected] > Yes - all my teleglobe contacts went over to Tata email addresses during the summer. Regards Marshall > cheers, > --- > Nuno Vieira > nfsi telecom, lda. > > [email protected] > Tel. (+351) 21 949 2300 - Fax (+351) 21 949 2301 > http://www.nfsi.pt/ > > > > ----- "Jo Rhett" <[email protected]> wrote: > >> We started getting a flood of autobot spam to our listed abuse >> mailbox >> >> about an hour ago out of Teleglobe. Trying to find someone to shut >> this down has found that >> >> 1. Teleglobe has no listed abuse contacts for any of their netblocks >> 2. The few of their records which have listed e-mail addresses all >> bounce >> 3. All listed phone numbers on any netblocks we can find are invalid >> >> Any chance that RIPE is more strigent than ARIN and would pull their >> >> netblocks until they fix this stuff? >> >> -- >> Jo Rhett >> Net Consonance : consonant endings by net philanthropy, open source >> and other randomness > ------------------------------ _______________________________________________ NANOG mailing list [email protected] http://mailman.nanog.org/mailman/listinfo/nanog End of NANOG Digest, Vol 8, Issue 38 ************************************
|