Found some interesting news on one of the Australia news websites.
http://www.scmagazine.com.au/News/368527,nsa-able-to-compromise-cisco-juniper-huawei-switches.aspx
Regards,
Steven.
On (2013-12-30 20:30 +1100), sten rulz wrote:
Found some interesting news on one of the Australia news websites.
http://www.scmagazine.com.au/News/368527,nsa-able-to-compromise-cisco-juniper-huawei-switches.aspx
The quality of this data is too damn low.
Not as bad as this though,
Ever since first using it I've always liked tacacs+. Having said that
I've grown to dislike some things about it recently. I guess, there
have always been problems but I've been willing to leave them alone.
I don't have time to give the code a real deep inspection, so I'm
interested in
Saku Ytti s...@ytti.fi wrote:
On (2013-12-30 20:30 +1100), sten rulz wrote:
I really think we're doing disservice to an issue which might be at
scale of
human-rights issue, by spamming media with 0 data news. Where is this
backdoor? How does it work? How can I recreate on my devices?
I don't
I don't understand why vendors and operators keep turning to TACACS. It
seems like they're often looking to Cisco as some paragon of best security
practices. It's a vulnerable protocol, but some times the only thing to
choose from.
One approach to secure devices that can support only TACACS or
On (2013-12-30 06:12 -0500), Shawn Wilson wrote:
I don't really want you to know how to recreate it until the companies have
had a chance to fix said issue. I'd hope, if such issues were disclosed,
those news outlets would go through proper channels of disclosure before
going to press with
On Dec 30, 2013, at 5:06 PM, Saku Ytti s...@ytti.fi wrote:
The quality of this data is too damn low.
The #1 way that Cisco routers and switches are compromised is brute-forcing
against an unsecured management plane, with username 'cisco' and password
'cisco.
The #1 way that Juniper and
On (2013-12-30 05:06 -0500), Robert Drake wrote:
TACACS+ was proposed as a standard to the IETF. They never adopted
it and let the standards draft expire in 1998. Since then there
If continued existence of TACACS+ can be justified at IETF level, in parallel
with radius and diameter, I have
On Dec 30, 2013, at 6:18 PM, Saku Ytti s...@ytti.fi wrote:
I welcome the short-term havok and damage of such disclose if it would be
anywhere near the magnitude implied, it would create pressure to change
things.
This is the type of change we're likely to see, IMHO:
Even more outrageous than the domestic spying is the arrogance to think
that they can protect the details on backdoors into critical
infrastructure.
They may have basically created the framework for an Internet-wide kill
switch, that likely also affects every aspect of modern communication.
On Mon, Dec 30, 2013 at 8:07 AM, Ray Soucy r...@maine.edu wrote:
I hope Cisco, Juniper, and others respond quickly with updated images for
all platforms affected before the details leak.
So, if this plays out nice (if true, it won't), the fix will come
months before the disclosure. Think, if
I don't think radius nor kerberos nor ssh with certificates supports
command authorization, do they?
On Dec 30, 2013 6:33 AM, Saku Ytti s...@ytti.fi wrote:
On (2013-12-30 05:06 -0500), Robert Drake wrote:
TACACS+ was proposed as a standard to the IETF. They never adopted
it and let the
Nor accounting...
On Dec 30, 2013 8:48 AM, Christopher Morrow christopher.mor...@gmail.com
wrote:
I don't think radius nor kerberos nor ssh with certificates supports
command authorization, do they?
On Dec 30, 2013 6:33 AM, Saku Ytti s...@ytti.fi wrote:
On (2013-12-30 05:06 -0500), Robert
On (2013-12-30 08:49 -0500), Christopher Morrow wrote:
Nor accounting...
I think this is probably sufficient justification for TACACS+. I'm not sure if
command authorization is sufficient, as you can deliver group via radius which
maps to authorized commands.
But if you must support accounting,
Hi,
On Mon, 30 Dec 2013, Christopher Morrow wrote:
I don't think radius nor kerberos nor ssh with certificates supports
command authorization, do they?
it is with radius afaik ...
Greetings
Christian
--
Christian Kratzer CK Software GmbH
Email: c...@cksoft.de
On Dec 30, 2013 9:01 AM, Saku Ytti s...@ytti.fi wrote:
On (2013-12-30 08:49 -0500), Christopher Morrow wrote:
Nor accounting...
I think this is probably sufficient justification for TACACS+. I'm not
sure if
command authorization is sufficient, as you can deliver group via radius
which
On Dec 30, 2013, at 9:01 AM, Christian Kratzer ck-li...@cksoft.de wrote:
Hi,
On Mon, 30 Dec 2013, Christopher Morrow wrote:
I don't think radius nor kerberos nor ssh with certificates supports
command authorization, do they?
it is with radius afaik ...
RADIUS does not support command
On Dec 30, 2013, at 8:07 PM, Ray Soucy r...@maine.edu wrote:
I hope Cisco, Juniper, and others respond quickly with updated images for all
platforms affected before the details leak.
During my time at Cisco, I was involved deeply enough with various platform
teams as well as PSIRT, etc., to
I'd love to know how they were getting in flight wifi.
Sent from my Mobile Device.
Original message
From: sten rulz stenr...@gmail.com
Date: 12/30/2013 12:32 AM (GMT-09:00)
To: nanog@nanog.org
Subject: NSA able to compromise Cisco, Juniper, Huawei switches
Found some
On Mon, 30 Dec 2013 14:34:52 +, Dobbins, Roland said:
My assumption is that this allegation about Cisco and Juniper is the result
of non-specialists reading about lawful intercept for the first time, and
failing to do their homework.
That does raise an interesting question. What
From: Matthew Petach mpet...@netflight.com
Date: Saturday, December 21, 2013 10:55 PM
To: Lee Howard l...@asgard.org
Cc: Jamie Bowden ja...@photon.com, Owen DeLong o...@delong.com,
m...@kenweb.org m...@kenweb.org, nanog@nanog.org nanog@nanog.org
So there's an interesting question. You
On Dec 30, 2013, at 10:44 PM, valdis.kletni...@vt.edu
valdis.kletni...@vt.edu wrote:
What percentage of Cisco gear that supports a CALEA lawful intercept mode is
installed in situations where CALEA doesn't apply, and thus there's a high
likelyhood that said support is misconfigured and
On Dec 30, 2013, at 11:03 PM, Dobbins, Roland rdobb...@arbor.net wrote:
AFAIK, it must be explicitly enabled in order to be functional. It isn't the
sort of thing which is enabled by default, nor can it be enabled without
making explicit configuration changes.
It's also possible they're
On 12/30/2013 08:03 AM, Dobbins, Roland wrote:
On Dec 30, 2013, at 10:44 PM, valdis.kletni...@vt.edu
valdis.kletni...@vt.edu wrote:
What percentage of Cisco gear that supports a CALEA lawful intercept mode is
installed in situations where CALEA doesn't apply, and thus there's a high
On Mon, Dec 30, 2013 at 04:03:07PM +, Dobbins, Roland wrote:
On Dec 30, 2013, at 10:44 PM, valdis.kletni...@vt.edu
valdis.kletni...@vt.edu wrote:
What percentage of Cisco gear that supports a CALEA lawful intercept mode
is installed in situations where CALEA doesn't apply, and thus
On Dec 24, 2013, at 8:15 AM, Lee Howard l...@asgard.org wrote:
Why?
You say, The protocol suite doesn't meet my needs; I need default gateway
in DHCPv6. So the IETF WG must change for you to deploy IPv6. Why?
Why must the people who want it justify to _you_?
This is fundamental part I've
This might be an interesting example of it's (mis)use.
http://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%932005
Sam Moats
On 2013-12-30 11:16, Enno Rey wrote:
On Mon, Dec 30, 2013 at 04:03:07PM +, Dobbins, Roland wrote:
On Dec 30, 2013, at 10:44 PM, valdis.kletni...@vt.edu
On 12/30/2013 9:05 AM, Warren Bailey wrote:
I'd love to know how they were getting in flight wifi.
Sent from my Mobile Device.
Original message
From: sten rulz stenr...@gmail.com
Date: 12/30/2013 12:32 AM (GMT-09:00)
To: nanog@nanog.org
Subject: NSA able to compromise
We had a hell of a time finding anything that supported the calea stuff past a
7206. This was for an in flight global wifi network, hence my original concern.
Also note that when we did get it to work, it pretty much didn't. Or I should
say.. It worked when it wanted to.
How they are mapping
I built the other.
Sent from my Mobile Device.
Original message
From: Jeremy Bresley b...@brezworks.com
Date: 12/30/2013 7:34 AM (GMT-09:00)
To: nanog@nanog.org
Subject: Re: NSA able to compromise Cisco, Juniper, Huawei switches
On 12/30/2013 9:05 AM, Warren Bailey wrote:
On Dec 30, 2013, at 11:16 PM, Enno Rey e...@ernw.de wrote:
at least back in 2007 it could be enabled/configured by SNMP RW access [see
slide 43 of the presentation referenced in this post
http://www.insinuator.net/2013/07/snmp-reflected-amplification-ddos-attacks/]
so knowing the term
On Dec 30, 2013, at 11:18 PM, Sam Moats s...@circlenet.us wrote:
This might be an interesting example of it's (mis)use.
http://en.wikipedia.org/wiki/Greek_wiretapping_case_2004%E2%80%932005
That's one of the cases I know about; it was utilized via Ericsson gear.
Looking more at the actual leaked information it seems that if the NSA is
working with companies, it's not anything the companies are likely aware
of.
The common form of infection seems to be though software updates performed
by administrators (through the NSA hijacking web traffic). They are
You say, The protocol suite doesn't meet my needs; I need default
gateway in DHCPv6. So the IETF WG must change for you to deploy
IPv6. Why?
this is actually a non-trivial barrier to enterprise deployment and the
ietf has been in stubborn denial for years. when an it department has
been
On Tue, 24 Dec 2013, Lee Howard wrote:
I used to run an enterprise network. It was very different from an ISP
network. I didn't say, You're wrong! I said, What's missing?
default route information via DHCPv6. That's what I'm still waiting for.
Why?
You say, The protocol suite doesn't meet
On Dec 24, 2013, at 8:15 AM, Lee Howard l...@asgard.org wrote:
default route information via DHCPv6. That's what I'm still waiting for.
Why?
You say, The protocol suite doesn't meet my needs; I need default gateway
in DHCPv6. So the IETF WG must change for you to deploy IPv6. Why?
Lee
NANOG:
Here's the really scary question for me.
Would it be possible for NSA-payload traffic that originates on our private
networks that is destined for the NSA to go undetected by our IDS systems?
For example tcpdump-based IDS systems like Snort has been rooted to ignore
or not report packets
On Mon, Dec 30, 2013 at 1:17 PM, Lorell Hathcock lor...@hathcock.org wrote:
NANOG:
Here's the really scary question for me.
Would it be possible for NSA-payload traffic that originates on our private
networks that is destined for the NSA to go undetected by our IDS systems?
Yup.
On 12/30/13 11:19 AM, Leo Bicknell bickn...@ufp.org wrote:
On Dec 24, 2013, at 8:15 AM, Lee Howard l...@asgard.org wrote:
Why?
You say, The protocol suite doesn't meet my needs; I need default
gateway
in DHCPv6. So the IETF WG must change for you to deploy IPv6. Why?
Why must the people
On a side note,
I've been involved with organizing the New England regional Collegiate
Cyber-Defense Competition for a while, and one our Red Team members was
able to make a pretty convincing IOS rootkit using IOS TCL scripting to
mask configuration from the students. I don't think any students
On 12/30/13 1:04 PM, Ryan Harden harde...@uchicago.edu wrote:
On Dec 24, 2013, at 8:15 AM, Lee Howard l...@asgard.org wrote:
default route information via DHCPv6. That's what I'm still waiting
for.
Why?
You say, The protocol suite doesn't meet my needs; I need default
gateway
in DHCPv6.
IIRC, Cisco threatened to sue if it was ever released
you gotta love it. they will roll over and piss themselves for nsa and
other who are violating every principle, but threaten paying customers
who would report a hole.
the question is what have these companies and gov people not violated?
Hi all,
I've been watching this list for a couple weeks now and while risking
beeing flamed, i just wanted to say that any network professional that puts
any equipment into production without securing it against the kind of
issues mentioned so far (cisco/cisco, snmp private, etc) is negligent and
On Dec 30, 2013, at 12:58 PM, Lee Howard l...@asgard.org wrote:
'Rewrite all of your tools and change your long standing business
practices¹ is a very large barrier to entry to IPv6. If adding gateway as
an optional field will help people get over that barrier, why not add it?
Sure it
There are many ways a backdoor could be used in a properly secured system.
To think otherwise is a huge mistake. I can think of several ways, if
tasked and given the resources of a large gov't that I would attack this
problem. To assume that those tasked and focused only this type of
solution
The better question is are you using RIP or ICMP to set gateways in your
network now?
If you don't use those now, why is RA a better solution in ipv6?
-Blake
On Mon, Dec 30, 2013 at 1:20 PM, Ryan Harden harde...@uchicago.edu wrote:
On Dec 30, 2013, at 12:58 PM, Lee Howard l...@asgard.org
On 12/30/13 2:20 PM, Ryan Harden harde...@uchicago.edu wrote:
On Dec 30, 2013, at 12:58 PM, Lee Howard l...@asgard.org wrote:
'Rewrite all of your tools and change your long standing business
practices¹ is a very large barrier to entry to IPv6. If adding gateway
as
an optional field
I'm not really an advocate for or against DHCP or RAs. I really just want
to understand what feature is missing.
From: Blake Dunlap iki...@gmail.com
Date: Monday, December 30, 2013 3:19 PM
To: Ryan Harden harde...@uchicago.edu
Cc: Lee Howard l...@asgard.org, Jamie Bowden ja...@photon.com,
These are not backdoor issues, NSA related, whatever... This is noise.
Trying to get this thread on track, can the original poster provide any
proof of this so called ability of the so called inteligence agency beeing
able to access cisco/juniper, taking into account that management access
Hi Folks -
Clay Kossmeyer here from the Cisco PSIRT.
We've published the following document in response to the original (Dec. 29)
Der Spiegel article:
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel
and are investing the claims in the Dec.
On Dec 30, 2013, at 8:19 AM, Leo Bicknell bickn...@ufp.org wrote:
On Dec 24, 2013, at 8:15 AM, Lee Howard l...@asgard.org wrote:
Why?
You say, The protocol suite doesn't meet my needs; I need default gateway
in DHCPv6. So the IETF WG must change for you to deploy IPv6. Why?
Why must
On Dec 30, 2013, at 10:04 AM, Ryan Harden harde...@uchicago.edu wrote:
On Dec 24, 2013, at 8:15 AM, Lee Howard l...@asgard.org wrote:
default route information via DHCPv6. That's what I'm still waiting for.
Why?
You say, The protocol suite doesn't meet my needs; I need default gateway
On Mon, Dec 30, 2013 at 3:49 PM, Lee Howard l...@asgard.org wrote:
I'm not really an advocate for or against DHCP or RAs. I really just want
to understand what feature is missing.
From: Blake Dunlap iki...@gmail.com
Date: Monday, December 30, 2013 3:19 PM
To: Ryan Harden
Clay Kossmeyer here from the Cisco PSIRT.
shoveling kitty litter as fast as you can, eh?
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel
The article does not discuss or disclose any Cisco product vulnerabilities.
this is disengenuous at
Hi,
you gotta love it. they will roll over and piss themselves for nsa and
other who are violating every principle, but threaten paying customers
who would report a hole.
Don't forget that for C and J, the U.S. government is a large customer as well.
Thanks,
Sabri
On Dec 30, 2013, at 3:43 PM, Owen DeLong o...@delong.com wrote:
The current situation isn’t attributable to “the current IPv6 crowd” (whoever
that is), it’s the current IETF consensus position. Changing that IETF
consensus position is a matter of going through the IETF process and getting
On Dec 30, 2013, at 2:49 PM, Lee Howard l...@asgard.org wrote:
I'm not really an advocate for or against DHCP or RAs. I really just want
to understand what feature is missing.
I encourage you to try this simple experiment in your lab, because this
happens all day long on corporate networks
On Dec 30, 2013, at 4:37 PM, Victor Kuarsingh vic...@jvknet.com wrote:
On Mon, Dec 30, 2013 at 3:49 PM, Lee Howard l...@asgard.org wrote:
The better question is are you using RIP or ICMP to set gateways in your
network now?
I disagree that that's a better question.
I'm not using RIP
On Mon, Dec 30, 2013 at 8:11 AM, Javier Henderson jav...@kjsl.org wrote:
Given the problem of remote auth; the restriction of choice of protocols
is dictated by what protocols the relying party device supports.
This is the problem: You are at the mercy of your router vendor, to
support the
On Dec 30, 2013, at 6:42 PM, Jimmy Hess mysi...@gmail.com wrote:
How do you feel about having to wait 30 seconds between every command you
enter to troubleshoot, to fail to the second server, if the TACACS or
RADIUS system is nonresponsive, because the dumb router can't remember
On 12/30/2013 3:51 PM, Randy Bush wrote:
Clay Kossmeyer here from the Cisco PSIRT.
shoveling kitty litter as fast as you can, eh?
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel
The article does not discuss or disclose any Cisco product
On Mon, Dec 30, 2013 at 6:05 PM, Javier Henderson jav...@kjsl.org wrote:
Are you talking about Cisco routers? The default timeout value for TACACS+
is five seconds, so I’m not sure where you’re coming up with thirty
seconds, unless you have seven servers listed on the router and the first
What the enterprise folks need is IPv6 champions, like yourself, like Lee, to
user stand their use case that even if you don't end up deploying it on your
own network you will show up at the IETF, or at least participate on the IETF
mailing lists and help them get what they need, so IPv6
You can accomplish the same thing in IPv4….
Plug in Sally’s PC with Internet Connection Sharing turned on and watch as her
DHCP server takes over your network.
Yes, you have to pay attention when you plug in a router just like you’d have
to pay attention if you plugged in a DHCP server you
On Dec 30, 2013, at 7:51 PM, Owen DeLong o...@delong.com wrote:
I have yet to see a use case from enterprise that actually requires RIO or
default route in DHCPv6, and I have seen many many use cases.
Most of them are, actually, better solved through education, so I tend to
focus my
On Dec 30, 2013, at 6:56 PM, Owen DeLong o...@delong.com wrote:
You can accomplish the same thing in IPv4….
Plug in Sally’s PC with Internet Connection Sharing turned on and watch as her
DHCP server takes over your network.
No, the failure mode is still different.
With IPv6 RA's, the
On Dec 30, 2013, at 11:28 PM, Marco Teixeira ad...@marcoteixeira.com wrote:
i just wanted to say that any network professional that puts any equipment
into production without securing it against the kind of
issues mentioned so far (cisco/cisco, snmp private, etc) is negligent and
should be
On Dec 31, 2013, at 12:00 AM, Ray Soucy r...@maine.edu wrote:
So this isn't an issue of the NSA working with Cisco and Juniper to include
back doors, it's an issue of the NSA modifying those releases after the fact
though BIOS implants.
Yes, I see this now, thanks.
AFAICT, the Cisco boxes
On 12/30/2013 8:16 PM, Leo Bicknell wrote:
There's a reason why there's huge efforts to put RA guard in switches, and do
cryptographic RA's.
These are two admissions that the status quo does not work for many
folks, but for some reason these two solutions get pushed over a simple
DHCP router
So this isn't an issue of the NSA working with Cisco and Juniper to
include back doors, it's an issue of the NSA modifying those releases
after the fact though BIOS implants.
Yes, I see this now, thanks.
AFAICT, the Cisco boxes listed are ASAs and PIXes, which are
essentially Linux PCs
On Dec 31, 2013, at 9:41 AM, Randy Bush ra...@psg.com wrote:
you may want to read the more complete, well let's say extensive
Thanks, Randy - now I see the JunOS stuff in there for J-series and M-series.
---
Roland Dobbins
The cynic in me says that cisco switch/router gear isn't part of that
report on clandestine backdoors, because they don't need said clandestine
backdoors to access them...
-Blake
On Mon, Dec 30, 2013 at 8:54 PM, Dobbins, Roland rdobb...@arbor.net wrote:
On Dec 31, 2013, at 9:41 AM, Randy
On Dec 31, 2013, at 10:16 AM, Blake Dunlap iki...@gmail.com wrote:
The cynic in me says that cisco switch/router gear isn't part of that report
on clandestine backdoors, because they don't need said clandestine backdoors
to access them...
T-series is in there, too.
It's also important to
Hi Roland.
I don't know much about Juniper
gear, but it appears that the Juniper boxes listed are similar in nature,
albeit running FreeBSD underneath (correction welcome).
With most Juniper gear, it is actually quite difficult to achieve wire-tapping
on a large scale using something as
- Original Message -
From: Ray Soucy r...@maine.edu
I hope when [if] the truth is learned it is a lot less prevalent than
it sounds, but I'm not optimistic.
This is why we need all infrastructure to be implemented using open
standards, open hardware designs, and open source
Is Ken Thompson turning over in his grave yet?
I certainly hope not...
It's also important to keep in mind that all these purported documents
refer to technologies which were supposedly available 5 years ago,
based on the dates in the slides.
assumptions that the TAO folk have been taking a long much-deserved
sabbatical are probably naive
the shocking revelation
Sabri,
As I was going through reading all these replies, the one thing that
continued to poke at me was the requirement of the signed binaries and
microcode. The same goes for many of the Cisco binaries, without direct
assistance, which is unclear at this point through the cloud of smoke so
to
On Dec 31, 2013, at 10:59 AM, Randy Bush ra...@psg.com wrote:
assumptions that the TAO folk have been taking a long much-deserved
sabbatical are probably naive
Indeed; that is my point.
These documents allege that the capabilities in question were present five
years ago, which is an
On Dec 31, 2013, at 10:38 AM, Sabri Berisha sa...@cluecentral.net wrote:
Assuming M/MX/T series, you are correct that the foundation of the
control-plane is a FreeBSD-based kernel.
And the management plane, too?
However, that control-plane talks to a forwarding-plane (PFE). The PFE runs
On Dec 31, 2013, at 11:06 AM, [AP] NANOG na...@armoredpackets.com wrote:
Then looking at things from the evil side though, if they owned the system
which provides the signing then they could sign
virtually anything they wish.
Or if they owned *people* with the right level of access to do
On Mon, Dec 30, 2013 at 6:31 PM, Leo Bicknell bickn...@ufp.org wrote:
On Dec 30, 2013, at 4:37 PM, Victor Kuarsingh vic...@jvknet.com wrote:
On Mon, Dec 30, 2013 at 3:49 PM, Lee Howard l...@asgard.org wrote:
The better question is are you using RIP or ICMP to set gateways in
your
Roland,
I did fail to mention the HUMINT (Human Intelligence) side of things,
thank you for bringing that up!
--
Thank you,
Robert Miller
http://www.armoredpackets.com
Twitter: @arch3angel
On 12/30/13, 11:33 PM, Dobbins, Roland wrote:
On Dec 31, 2013, at 11:06 AM, [AP] NANOG
I'm torn on this. On one hand, it seems sinister. On the other, it's not
only what the NSA is tasked with doing, but it's what you'd EXPECT them to
be doing in the role as the NSA.
I'm not saying it's right or wrong...it creeps me out a little,
though...but these are the kinds of things we have
On 12/30/2013 11:06 PM, [AP] NANOG wrote:
As I was going through reading all these replies, the one thing that
continued to poke at me was the requirement of the signed binaries and
microcode. The same goes for many of the Cisco binaries, without direct
assistance, which is unclear at this
On Mon, Dec 30, 2013 at 10:41 PM, Blair Trosper blair.tros...@gmail.comwrote:
I'm torn on this. On one hand, it seems sinister. On the other, it's not
only what the NSA is tasked with doing, but it's what you'd EXPECT them to
be doing in the role as the NSA.
[snip]
The NSA's role is not
We're all getting far too conditioned for the click OK to proceed
overload, and the sources aren't helping.
If one embarks with deliberation upon a course of action which may entertain
certain results then the intent to cause the result so obtained is, by
implication, proved.
To supplement and amend what I said:
These are the KINDS of things we want the NSA to do; however, the
institutional oversight necessary to make sure it's Constitutional,
warranted, and kept in bounds is woefully lacking (if any exists at all).
Even FISA is unsatisfactory.
At any rate, I agree
Leo,
On Mon, Dec 30, 2013 at 6:24 PM, Leo Bicknell bickn...@ufp.org wrote:
On Dec 30, 2013, at 2:49 PM, Lee Howard l...@asgard.org wrote:
I'm not really an advocate for or against DHCP or RAs. I really just
want
to understand what feature is missing.
I encourage you to try this
On Dec 30, 2013, at 9:29 PM, Victor Kuarsingh vic...@jvknet.com wrote:
I think a new initiative to revive this concept will need to address the
[negative] points from those previous experiences and contrast them to the
operational benefits of having it available. I am willing to help out
I've been in the process of rolling out IPv6 (again this night) across a
very large, highly conservative, and very bureaucratic enterprise. (Roughly
100K employees. More than 600 distinct site. Yada. Yada.) I've had no
issues whatsoever implementing the IPv6 RA+DHCPv6 model alongside the IPv4
91 matches
Mail list logo