nanog mailing list archives
RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS
From: John Fraizer <nanog () Overkill EnterZone Net>
Date: Mon, 14 May 2001 04:32:45 -0400 (EDT)
On Mon, 14 May 2001, Roeland Meyer whimpered:
From: Adam McKenna [mailto:adam () flounder net] Sent: Sunday, May 13, 2001 10:06 PMOracle (try and build a DB without reverse working right.Net8 stops youdead in your tracks).Sorry, but this is just 100% wrong. I've set up Oracle on many boxes and you don't need any DNS at all to set up an oracle DB. In fact, I tell our DBA's to use IP addresses in their TNSNAMES.ORA files because I don't want the DB depending on DNS.Let's see, I don't want to make my DBs dependent on DNS, so I use IP addrs. Yet, I can't depend on IP addrs because my upstream might have to be changed... damn, I shouldn't have depended on my scumbag DSL upstream, eh? Gee, maybe I should have had a names based system after all? Either way, I wind up having to rebuild Oracle boxen and application servers, every time somebody farts. Just what in blue hell are we supposed to do?
Um, lets see...how about this. You use NAT. That'll be $180.00 please. I'll send you an invoice.
BTW, the last I checked SSL certs are usually names based. Pretty slack security, eh?
Slack, no. You're comparing apples to oranges here and HOPEFULLY, you know it. Basing security on IN-ADDR is absolutely idiotic. It is VERY easy to spoof and there's not a damned thing you can do to stop the spoofing. Basing security on IP addresses on the other hand is while not a complete security solution, MUCH MORE SOUND than IN-ADDR. You can at least build ACLs in your router(s) that don't allow spoofed traffic to enter your network. Now, about the SSL security thing. SSL certification is designed to certify the identity of the server and that identity is based on the FQDN. SSL CERTs are around for the PRECISE reason that it is too easy to spoof IN-ADDR, etc.
This is right on up there with: 1) You idiot DSL monkey, you deserve your Inet death because you didn't multi-home. 2) No, you can't advertise less than a /20. 3) No, you don't deserve larger than a /32. 4) Yes, we know that makes multi-homing impossible for those that need it the most. 5) No, we don't care, you idiot DSL monkeys deserve Inet death. Yeah, the message you send out is real clear. ... and one wonders why the Internet has an implosion problem...
And that's right up there with "<plonk!> me please! I'm an idiot DSL monkey! WAAAAAAAAAA! My DSL provider went tits-up and I hadn't built any contengency plan. I'm going to go bankrupt! WAAAAAAAAA!" You got caught with your pants down. It's that simple. You're not alone. A whole slew of folks went through (or are going through) the same thing. The difference is that the VAST MAJORITY of them are NOT bitching and moaning about it on NANOG about it. This is the NORTH AMERICAN NETWORK OPERATORS GROUP, *NOT* the "NORTH AMERICAN DISENFRANCHISED DSL CUSTOMERS GROUP." If your business depends (depended) on stable and reliable internet connectivity with your own (or at least non-changing) address space, might I suggest that you should have gone to ARIN for a microblock of address space and established a contengency plan with some other provider(s) in the event that the sky fell?
-- Internet implosion at 10:00 ... special web report, at 11:00.
--- John Fraizer EnterZone, Inc
Current thread:
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS, (continued)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Hunter Pine (May 14)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Christopher A. Woodfield (May 14)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Hunter Pine (May 14)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Alex Rubenstein (May 15)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Stephen Griffin (May 17)
- Re: Swipping /29's /30's and singles.. mike harrison (May 15)
- Re: Swipping /29's /30's and singles.. Hunter Pine (May 15)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Adam McKenna (May 14)
- RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS John Fraizer (May 14)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Christopher A. Woodfield (May 14)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Adam McKenna (May 14)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Christopher A. Woodfield (May 14)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Adam McKenna (May 15)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Valdis . Kletnieks (May 15)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Pyda Srisuresh (May 15)
- RE: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Vivien M. (May 15)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Shawn McMahon (May 15)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Brett Frankenberger (May 17)
- Re: To CAIS Engineers - WAKE UP AND TAKE CARE OF YOUR CUSTOMERS Shawn McMahon (May 17)