Dear Subscriber,
This is the monthly reminder of subscription information for the
pacnog list, hosted at APNIC.
For subscription information including how to un-subscribe go to
http://mailman.apnic.net/mailman/listinfo/pacnog
Thank you for participating in this discussion.
Kind Regards,
List administrator
________________________________________________________________________
Change to APNIC minimum IPv4 allocation size
________________________________________________________________________
The information in this announcement is to enable the Internet
community to update network configurations, such as routing filters,
where required.
Dear PACNOG Community,
>From 4 August 2008, the new APNIC minimum IPv4 allocation size will be
/22. For information on this policy change, see:
http://www.apnic.net/policy/proposals/prop-053-v003.html
For information on the minimum allocation sizes within address ranges
administered by APNIC, please see:
http://www.apnic.net/db/min-alloc.html
For more information on the resources administered by APNIC, please see:
http://www.apnic.net/db/ranges.html
Kind regards,
Elly
________________________________________________________________________
Elly Tawhai email: hostmaster(a)apnic.net
Senior Internet Resource Analyst, APNIC sip: hostmaster(a)voip.apnic.net
http://www.apnic.net/helpdesk phone: +61 7 3858 3188
fax: +61 7 3858 3199
________________________________________________________________________
Hope to see you at APNIC 26 in Christchurch,
New Zealand 25 - 29 August 2008
http://www.apnic.net/meetings/26/
Hi All,
Another good IPv6 training opportunity:
InternetNZ, in conjunction with REANNZ, Cisco, Packet Clearing House,
NZRS, auDA and FX Networks, is offering IPv6 technical workshops in
Christchurch and Auckland. This follows on from having already run
this workshop in Wellington in August last year.
The first 5 day programme will run in Christchurch from Saturday 30
August to Wednesday 3 September, and the second in Auckland from
Monday 8 September to Friday 12 September.
Attendance on each course is limited to 28 participants. Registration
is on a first come, first served basis. Please see the attached
document for details.
More details are available at
http://blog.internetnz.net.nz/wp-content/uploads/2008/07/2008-augsep-
ipv6-workshops.pdf
To register email richard at internetnz.net.nz
Limited PIP funding may be available to Pacific Island technical
people wishing to attend these workshops. Such applications should be
made to Don Hollander, don at i2.org.nz
Cheers,
Jonny.
http://stupid.domain.name/node/679
Today ICANN <http://www.icann.org/> releases a paper with the title
/DNSSEC @ ICANN -- Signing the root zone: A way forward toward
operational readiness/. The paper
<http://www.icann.org/en/announcements/dnssec-paper-15jul08-en.pdf>
explains in more detail than earlier documents what ICANN view on
signing of the root zone is. I think the key points mentioned in this
paper are true, and in general, I think this document is a good read. It
is not long, and summarizes what I would call /the current view/ is.
There have been some recent discoveries of threats to DNS. All described
for example in CERT VU#800113 <http://www.kb.cert.org/vuls/id/800113>.
More information about these issues has now leaked and we have already
some exploit code. For example CAU-EX-2008-0003
<http://www.caughq.org/exploits/CAU-EX-2008-0003.txt>. We also have data
from Austria <http://cert.at/static/cert.at-0802-DNS-patchanalysis.pdf>
that show that a too low percentage of resolvers are upgraded. And
further that the upgrade of software is not going as fast as one would
hope. (Thanks Otmar et al for good work!)
No single detail in the attack is really new, but the *combination* of
things is new, and the situation scares me. The fixes suggested (like
upgrading Bind to a version that is secure according to column 29 in the
BIND Vulnerability Matrix
<http://www.isc.org/sw/bind/bind-security.php#matrix>) is bringing us
back to a situation where we thought we where. But the real solution is
to digitally sign the data in DNS, and secure the full path between
querying client and authoritative server. DNSSEC is today a solution to
a large piece of that, but it also have to be deployed.
And the ICANN document just released is because of that /good stuff/.
--
Franck Martin
ICT Specialist
franck(a)sopac.org
SOPAC, Fiji
GPG Key fingerprint = 44A4 8AE4 392A 3B92 FDF9 D9C6 BE79 9E60 81D9 1320
"Toute connaissance est une reponse a une question" G.Bachelard
---------- franck(a)sopac.org wrote:-----------
From: Franck Martin <franck(a)sopac.org>
/"Jailed IT admin Terry Childs relinquished his hold over San
Francisco's multimillion-dollar FiberWAN, handing his administrative
passwords over to San Francisco Mayor Gavin Newsom
<http://www.infoworld.com/article/08/07/23/San_Franciscos_mayor_gets_back_ke…>,
who was 'the only person he felt he could trust.' Childs is still being
held on $5 million bail for his lockout of the city's FiberWAN
<snip>
----------------------------------------------
Very interesting. I also read "http://www.computerworld.com/action/article.do?command=viewArticleBasic&art…" and can understand this part... ;-) "Terry felt that his direct superior was intrusive, incompetent and obstructive and that the managers above him had no real idea of what was going on and were more interested in office politics than in getting anything done."
This seems way, way too harsh: "He was jailed on $5 million bond"..."a San Francisco Superior Court Judge refused to lower the bail, even though Childs in a dramatic move earlier this week disclosed the passwords to Mayor Gavin Newsom in a jailhouse meeting." It seems they're making an example of him, rather than just punishing him for his actions.
scott
-------------------------
Hi All,
I have an issue with VoIP calls,
The remote end hears voice fine but our inbound is suffering from packet
loss and choppy voice symptoms,
Utilization on all our internet links are less than 75% so there shouldn't
be any issues there,
Application of QoS is tricky,
Just though I'd throw it out there, I could use some ideas,
Thanks,
Chan
http://it.slashdot.org/it/08/07/23/1515203.shtml
/"Jailed IT admin Terry Childs relinquished his hold over San
Francisco's multimillion-dollar FiberWAN, handing his administrative
passwords over to San Francisco Mayor Gavin Newsom
<http://www.infoworld.com/article/08/07/23/San_Franciscos_mayor_gets_back_ke…>,
who was 'the only person he felt he could trust.' Childs is still being
held on $5 million bail for his lockout of the city's FiberWAN
<http://news.slashdot.org/news/08/07/15/120220.shtml?tid=172>, a case
that has been called into question
<http://news.slashdot.org/news/08/07/18/2349242.shtml?tid=172> since an
insider came forward
<http://www.infoworld.com/article/08/07/18/30FE-sf-network-lockout_1.html>
with details about both the network and Childs himself. The case hinges
on No Service Password Recovery commands Childs allegedly configured
onto several Cisco devices, as well as dial-up and DSL modems the SFPD
has discovered that would allow unauthorized connections to the
FiberWAN. Childs intends to 'expose the utter mismanagement, negligence,
and corruption at DTIS, which if left unchecked, will in fact place the
City of San Francisco in danger,' according to his motion. The
Department of Telecom and IS has cut 200 of its 350 IT positions since
2000 — pressure that may have contributed to Childs' actions, according
to interviews with current and former DTIS staffers. Newsom secured the
passwords without first telling the DTIS that he was meeting with Childs."/
--
Franck Martin
ICT Specialist
franck(a)sopac.org
SOPAC, Fiji
GPG Key fingerprint = 44A4 8AE4 392A 3B92 FDF9 D9C6 BE79 9E60 81D9 1320
"Toute connaissance est une reponse a une question" G.Bachelard
HI
Well, I went to this site www.www.doxpara.com and clicked on Check my DNS and recived the following message
Your name server, at 202.6.120.10, appears vulnerable to DNS Cache Poisoning.
All requests came from the following source port: 32768
Do not be concerned at this time. IT administrators have only recently been apprised of this issue, and should have some time to safely evaluate and deploy a fix.
--------------------------------------------------------------------------------
Requests seen for 47ab418bbd81.toorrr.com:
202.6.120.10:32768 TXID=35630
202.6.120.10:32768 TXID=49875
202.6.120.10:32768 TXID=18127
202.6.120.10:32768 TXID=51668
202.6.120.10:32768 TXID=23799
Is this a major problem that I should be concerned about or not.
Would appreciate any feedback.
Ioteba
TSKL, Kiribati
Anyone or Organization Interested in becoming a training partner - See Below
Thanks
Terry Rupeni
USP Cisco Networking Academy
-------------------------------------------------------------------
Expression of Interest for Training Partners
The Cisco Networking Academy Program is a non-profit partnership between
Cisco Systems, education, business, government and community
organizations around the world, aimed at:
*
improve the effectiveness and accessibility of the program
*
encourage workforce and economic development
*
preparing individuals for career opportunities in the ICT field
Cisco Systems has designated USP as a Regional Cisco® Networking Academy
in the South Pacific Region. This augurs well with USP being a regional
University and fulfills a mandate to develop and encourage ICT teaching
and learning in the region.
As a regional academy USP would like to facilitate and expand the
Academy programme to other pacific island countries. Therefore USP would
like invite regional parties who are interested in registering as a
Cisco Networking Academy to fill out the Expression of Interest (EOI)
form available on the USP Cisco website (_http://www.usp.ac.fj/its_).
EOI will close on Friday 25^th July, 2008
For more information or clarification on the programme please view the
website _http://cisco.netacad.net <http://cisco.netacad.net/>_ or
contact Mr. Peni Sigabalavu on Tel: (679) 323 2633 or Email:
sigabalavu_p(a)usp.ac.fj
**Amended resend**
Dear PacNOG subscribers and various network operators from the Pacific and
abroad who are part of this Pacific NOG family
I have just finished attending the meeting on the ITU cyber
security forum in Brisbane. While this topic of cyber security may not be
the top priority for most country leaders, it is for us in the
communication industry as it will take only micro seconds with internet to
comprimise a network or computer or even cripple country services such as
the recent DOS attacks on the mail systems in Marshall Is
For that matter, we have met (the pacnog coordinator committe) and have
included security training and to introduce more awareness in our
conference programs that precedes the hands on training. We are also
discussing with with APNIC and ICANN on consolidating training on a
complementary basis to achieve an overall progress with all the islands.
One of the outcomes of the PacNOG committee meeting is to introduce
additional PacNOG in November. (so two PacNOG (1) June (2) Nov on annual basis)
Details are now being worked out for the new look of pacnog and other
training as follows:
APNIC-PITA Training
===================
Plans to hold Sub-Regional APNIC-PITA training on internet and security
including cyber security awareness sessions to students, financial
institutions, governemnt and businesses are now already underway, with a
basic and fundamental track to be introduced for the juniors and as a means
to meet the prerequisites of PacNOG training as the PacNOG committee are
considering certications for its training.
Here are the planned sub-regional APNIC-PITA training which will be
additional and complemental to PacNOG training:
3-7 Nov 2008 in Fiji - for South Pacific
Feb 2009 in Guam for Northern Pacific
(TBA) in PNG for PNG or Eastern Pacific
Topcis will include Internet Resources Management Essentials, Internet
Services & Security. Also include sessiosn for students and stakeholders on
internet and cyber security awareness
Security training track will include devices, infrastructures and forensics
which include understanding network attacks, responding to
attacks and mitigating to these attacks. more details and registrations
will be available on PITA website www.pita.org.fj and also at the APNIC
website.
Some of these training will become prerequisites for the two PACNOG
training and educational workshop for 2009 as Certifications has been
considered by the PacNOG Coordinating committee;
Tentative calendar for PacNOG5 and PacNOG6 will be 14-20 June 2006 and
Novemebr 2009 respectively. (Dates for PACNOG6 to be determined shortly)
Please feel free to contact me for any inputs and priorities that we can
plan for inclusion and seeking the resouces for it. feel free to send your
comments to pitacoordinator(a)conect.com.fj
Thanking all
Fred Christopher
Manager PITA
---------------------------------------------
This message was sent from Connect.
http://www.connect.com.fj
