Hi all, Spoke to XTRA and they are now correctly announcing 202.49.143/24 at APE to CLEAR, this has corrected the Australia routing spacial anomily :). ~ben =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Ben Martel Ph: +64 9 9124067 CLEAR Net Development Fax:+64 9 9125008 Mob:+64 21 541202 =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
Ben Martel wrote:
Hi all,
Spoke to XTRA and they are now correctly announcing 202.49.143/24 at APE to CLEAR, this has corrected the Australia routing spacial anomily :).
Umm... I'm sorry, I don't understand. We didn't change anything and neither did Bart who you were speaking to. Can anyone else connected to APE confirm whether or not they were seeing 202.49.143.0/24 from XTRA this morning? It seemed to be working for Joe.
maggie$ mtr -4 --report --report-cycles 1 "202.49.143.70" HOST LOSS RCVD SENT BEST AVG WORST gateway1-acc-skyt.qsi.net.nz 0% 1 1 1.60 1.60 1.60 xtra.ape.net.nz 0% 1 1 3.39 3.39 3.39 100% 0 1 0.00 0.00 0.00
Regarding ICMP and traceroute. The reason you see nothing from the National Bank link and many other of our customer links, is they have access lists, so the last hop you see is the XTRA router they're connected to. This just happens to be the same router we use to peer at APE. So if we're blocking all ICMP how do you explain the "xtra.ape.net.nz 0% Loss" above. Cheers, Andrew --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, Aug 22, 2001 at 03:05:25PM +1200, Andrew Cutler wrote:
It seemed to be working for Joe.
Well, it *seems* to be working fine, right up until the point where I get to the account balance, and there's this big negative number, which surely is wrong, wrong, wrong. Back to the tangent of the original issue, would anybody who currently filters ICMP or high-numbered UDP through routers be interested in describing what benefit they think they get from doing so? Lots of people do it. I'm just not exactly sure why. Joe --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
At 11:31 PM 8/21/2001 -0400, Joe Abley wrote:
On Wed, Aug 22, 2001 at 03:05:25PM +1200, Andrew Cutler wrote:
It seemed to be working for Joe. <snip> Back to the tangent of the original issue, would anybody who currently filters ICMP or high-numbered UDP through routers be interested in describing what benefit they think they get from doing so?
Lots of people do it. I'm just not exactly sure why.
I generally get quoted their security policy. I suggested unplugging the box, turning it off and driving over it with a car or truck, dowsing it with petrol and burning it, so that "nasties" wouldn't be able to read anything off it. Another common thread is that they have no sense of humour. So instead I monitor their connections using SMTP, http or snmp or something else. They're frequently Govt Depts who deal with money. They also get agitated if you scan them vigorously but seem oblivious to broken smtp stuff flying in. It can be quite funny richard.naylor(a)citylink.co.nz --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
What benefit do they get ... the most important one of all of course ... they don't need to think. If you are a server guy trying to handle a routerey thing (technical term), and can't see a need for either UDP or ICMP (well it's not TCP is it, so it can't be important), then filtering them out will make you look good to your boss !! I think we need to make sure we don't over-estimate the average network technician, and do the following: a) be glad they're doing something b) help them understand the issue by telling what they SHOULD be doing, rather than slagging them for what they shouldn't be doing. Arron Scott Cisco NZ
-----Original Message----- From: owner-nznog(a)list.waikato.ac.nz [mailto:owner-nznog(a)list.waikato.ac.nz]On Behalf Of Joe Abley Sent: Wednesday, 22 August 2001 3:31 PM To: Andrew Cutler Cc: NZNOG List Subject: Re: UPDATE: Xtra broken?
On Wed, Aug 22, 2001 at 03:05:25PM +1200, Andrew Cutler wrote:
It seemed to be working for Joe.
Well, it *seems* to be working fine, right up until the point where I get to the account balance, and there's this big negative number, which surely is wrong, wrong, wrong.
Back to the tangent of the original issue, would anybody who currently filters ICMP or high-numbered UDP through routers be interested in describing what benefit they think they get from doing so?
Lots of people do it. I'm just not exactly sure why.
Joe
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
On Wed, Aug 22, 2001 at 06:34:07PM +1200, Arron Scott wrote:
What benefit do they get ... the most important one of all of course ... they don't need to think. If you are a server guy trying to handle a routerey thing (technical term), and can't see a need for either UDP or ICMP (well it's not TCP is it, so it can't be important), then filtering them out will make you look good to your boss !!
I don't know any NZ carriers who fall into this description. They are all pretty clued up in that regard. Dean --------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
A couple of years ago I wrote a web page for a number of NZ ISPs who were doing just that (including Web hosting sites from 2 Carriers), or had Web hosting companies below them doing it, I referred a number of people to it, and continued to do so for a long time. There are still a few enterprises and hosting companies I come across who do it !! I was just answering Joe's question, and in most cases, ignorance is the reason, and it still is. Arron
-----Original Message----- From: Dean Pemberton [mailto:dean(a)flatnet.gen.nz] Sent: Wednesday, 22 August 2001 6:47 PM To: Arron Scott Cc: Joe Abley; Andrew Cutler; NZNOG List Subject: Re: UPDATE: Xtra broken?
On Wed, Aug 22, 2001 at 06:34:07PM +1200, Arron Scott wrote:
What benefit do they get ... the most important one of all of course ... they don't need to think. If you are a server guy trying to handle a routerey thing (technical term), and can't see a need for either UDP or ICMP (well it's not TCP is it, so it can't be important), then filtering them out will make you look good to your boss !!
I don't know any NZ carriers who fall into this description. They are all pretty clued up in that regard.
Dean
--------- To unsubscribe from nznog, send email to majordomo(a)list.waikato.ac.nz where the body of your message reads: unsubscribe nznog
participants (6)
-
Andrew Cutler -
Arron Scott -
Ben Martel -
Dean Pemberton -
Joe Abley -
Richard Naylor