"b" == batz <batsy@vapour.net> writes:
b> This is a complicated issue. Maybe I'm off base, but Nanog is actually b> really good. Combined with Bugtraq, Incidents, and a virus alert service, b> Nanog plays a vital role. Their only limitation is that they are on the b> Internet. :) Exactly! That's why we need control plane separation. Run SNMP, SSH, telnet, and SNTP (Simple NANOG Transport Protocol) across the management network, so we're sure we have them when we need them. Actually, NANOG does great. Especially during Sept 11, information was disseminated, help was offered and accepted, and except for a couple of idiotic flames, the SNR was high. ARPA designed the thing to withstand nuclear blasts, and while this was not nuclear, it stood up well. ericb -- Eric Brandwine | Apart from hydrogen, the most common thing in the UUNetwork Security | universe is stupidity. ericb@uu.net | +1 703 886 6038 | - Harlan Ellison Key fingerprint = 3A39 2C2F D5A0 FC7C 5F60 4118 A84A BD5D 59D7 4E3E
On 14 Mar 2002, Eric Brandwine wrote:
Actually, NANOG does great. Especially during Sept 11, information was disseminated, help was offered and accepted, and except for a couple of idiotic flames, the SNR was high.
If NANOG fulfills such an important role, it's probably a good idea to make sure the list still works when there are wide spread outages. There is only a single MX for merit.edu, and as far as I can tell it's not even multihomed. Also, since this is email, it depends on the DNS. In theory, news would be more rebust than mail, because of its distributed nature and it should be possible to make news work without relying on the DNS.
In theory, news would be more rebust than mail, because of its distributed nature and it should be possible to make news work without relying on the DNS.
Many of us do not run news servers, and you have to 'login' to access it. E-mail works because it is ubiquitous. IRC and Mud type interfaces are probably better for casual use, and real time coordination during outages, crisis or events requiring synchronous participation. When we start having weird network conditions, I have learned to quickly scan my mailbox for NANOG and Dshield and a few other lists.. sometimes it helps. E-Mail's great for this. It's there when I need it. A more robust configuration for the NANOG e-mail list would be my first choice. Maybe a backup east/west coast listserv address: nanog@.... just syncing the mailing list address daily would be enough? I've got mailman running....
On Thu, 14 Mar 2002, mike harrison wrote:
In theory, news would be more rebust than mail, because of its distributed nature and it should be possible to make news work without relying on the DNS.
Many of us do not run news servers, and you have to 'login' to access it.
Obviously it's not a good idea to use the existing news service for this... But if we're looking for a very robust mechanism to get information around when there are many outages, building a network using dedicated news servers would be a simple and effective way to do it. Unlike just about anything else, news is truly distributed.
When we start having weird network conditions, I have learned to quickly scan my mailbox for NANOG and Dshield and a few other lists.. sometimes it helps. E-Mail's great for this. It's there when I need it.
Agree, but the problem is the email service isn't very robust. You could of course always use a news-to-mail gateway.
A more robust configuration for the NANOG e-mail list would be my first choice. Maybe a backup east/west coast listserv address: nanog@.... just syncing the mailing list address daily would be enough?
It would probably help, yes. Iljitsch van Beijnum
On Thu, 14 Mar 2002, Iljitsch van Beijnum wrote:
In theory, news would be more rebust than mail, because of its distributed nature and it should be possible to make news work without relying on the DNS.
USENET/news has a few properties which make it reliable. The most important is the flooding method of propagation. Second, it propogates over multiple types of transport (UUCP, TCP/IP, Satellite, Magtape via Fedex, etc). That combination results in an extremely robust mass-distribution method for messages. It is also extremely fast (a few seconds for the "core" news sites), but has a very long tail. Mailing lists, web sites, etc. have a bottleneck in the distribution process. But are much better for controlled, or authenticated information. The CDC may get hacked, or may be wrong about Anthrax, but if you go to the CDC web site it is highly probable the information on the web site is from the CDC. The lack of control of USENET is its strength and its weakness. It would be interesting to come up with a protocol that combined the robust flooding algorithm of USENET with a way to verify the source (i.e. prevent spam).
On Wed, 20 Mar 2002, Sean Donelan wrote:
It would be interesting to come up with a protocol that combined the robust flooding algorithm of USENET with a way to verify the source (i.e. prevent spam).
I'm not sure what problems you see with Usenet that would prevent it being used for what you require. It's certainly almost as easy to varify as email. With email you let just about any site on the internet contact you and send deliver using any address, with news you have a limited number of sites that you have directly authorized. You can also sign (via pgp or whatever) news articles the same way you sign email messages. It is also fairly easy to make news keep working even after long-term DNS failures (it tends to not be affected by short term ones). Verifying the source is not the same as preventing spam, like email spam most news spam comes from open sites and throw away accounts. I doubt most people here check most web pages and email messages they view for DNS poisoning or forged headers. -- Simon Lyall. | Newsmaster | Work: simon.lyall@ihug.co.nz Senior Network/System Admin | Postmaster | Home: simon@darkmere.gen.nz ihug, Auckland, NZ | Asst Doorman | Web: http://www.darkmere.gen.nz
participants (6)
-
Eric Brandwine -
Iljitsch van Beijnum -
mike harrison -
Niels Bakker -
Sean Donelan -
Simon Lyall