The reason RIP isn't used to hand out routes is not based on age, or
protocol design. It's based on the fact that we don't want host segment
routes (usually only default) to be announcement based, because that leads
to problems and uncomfortable meetings with VPs. DHCP will happily give out
a
On Tue, Dec 31, 2013 at 12:24 AM, Leo Bicknell bickn...@ufp.org wrote:
Here's what you will soon find:
1) The IPv6 pings on both machines cease to work.
That will not actually happen. An IPv6 router is only allowed to announce a
prefix by RA if it has a working uplink.
Nonetheless you are
On Tue, Dec 31, 2013 at 5:38 AM, Sabri Berisha sa...@cluecentral.netwrote:
Hi Roland.
I don't know much about Juniper
gear, but it appears that the Juniper boxes listed are similar in nature,
albeit running FreeBSD underneath (correction welcome).
With most Juniper gear, it is actually
I think there needs to be some clarification on how these tools get used,
how often they're used, and if they're ever cleaned up when no longer part
of an active operation. Of course we'll never get that.
The amount of apologists with the attitude this isn't a big deal, nothing
to see here, the
On Tue, Dec 31, 2013 at 8:05 AM, Ray Soucy r...@maine.edu wrote:
This whole backdoor business is a very, very, dangerous game.
While I agree with this (and the issues brought up with NSA's NIST
approved PRNG that RSA used). If I were in their shoes, I would have
been collecting every bit of
+1, I fully agree. And not only concerning the domestic use by country, but
also with regards to information peering with neighbors, and such.
Enjoy '14!
mh
Message d'origine
De : Ray Soucy r...@maine.edu
Date :
A : Blair Trosper blair.tros...@gmail.com
Cc :
I think there needs to be some clarification on how these tools get used,
how often they're used, and if they're ever cleaned up when no longer part
of an active operation. Of course we'll never get that.
Highly unlikely, I'd say.
The amount of apologists with the attitude this isn't a big
On (2013-12-31 14:45 +0100), sth...@nethelp.no wrote:
This whole backdoor business is a very, very, dangerous game.
It *is* a big deal. And if you want to get even more scared, listen to
Jacob Appelbaum's talk at the CCC here:
I'm going to wait calmly for some of the examples being
On Dec 31, 2013, at 8:32 AM, Saku Ytti s...@ytti.fi wrote:
I'm going to wait calmly for some of the examples being recovered from the
field, documented and analysed.
If I were Cisco/Juniper/et all I would have a team working on this right now.
It should be trivial for them to insert code into
Hello,
Looking for feedback/suggestions on a design issue. We have a two ethernet
connections in a port channel between two Cisco routers (ASR1k),
unfortunately we only have one unique flow between traversing the
ether/port channel, so traffic is pinned to just one link.
I'm looking for options
Since some weeks all my cisco / juniper equipment was replaced with open
source solutions (sometimes with embedded devices) and that works fine.
Google as search engine and Facebook accounts are deleted and some more
things. Cloud solutions outside europe now are forbidden for me. Thank
you NSA
Any one heard of a host checker issue with Juniper VPN today ?
Thanks
Kapeel
Could be related to this?
http://kb.juniper.net/InfoCenter/index?page=contentid=TSB16290
On Tue, Dec 31, 2013 at 10:31 AM, Sharma, Kapeel kapeel.sha...@mckesson.com
wrote:
Any one heard of a host checker issue with Juniper VPN today ?
Thanks
Kapeel
This is it thanks.
Kapeel
From: Jamie Gwatkin [mailto:jgwat...@magmic.com]
Sent: Tuesday, December 31, 2013 7:43 AM
To: Sharma, Kapeel
Cc: nanog@nanog.org
Subject: Re: Juniper SSL VPN
Could be related to this?
http://kb.juniper.net/InfoCenter/index?page=contentid=TSB16290
On Tue, Dec 31, 2013
Wow. Thanks for posting this. I thought we were just going crazy
yesterday.
On Dec 31, 2013 7:45 AM, Jamie Gwatkin jgwat...@magmic.com wrote:
Could be related to this?
http://kb.juniper.net/InfoCenter/index?page=contentid=TSB16290
On Tue, Dec 31, 2013 at 10:31 AM, Sharma, Kapeel
The biggest problem with Mikrotik is you just can¹t call them up for
support on buggy code. In a critical network this can be a major problem.
Justin
---
Justin Wilson j...@mtin.net
MTIN Consulting
Mikrotik UBNT Climbing Network Design
http://www.mtin.net/
On (2013-12-31 09:03 -0600), Leo Bicknell wrote:
If I were Cisco/Juniper/et all I would have a team working on this right now.
It should be trivial for them to insert code into the routers that say,
hashes all sorts of things (code image, BIOS, any PROMS and EERPOMS and
such on the
On Fri, Dec 27, 2013 at 6:47 AM, Martin Hotze m.ho...@hotze.com wrote:
Hi,
looking at the specs of Mikrotik Cloud Core Routers it seems to be to good
to be true [1] having so much bang for the bucks. So virtually all smaller
ISPs would drop their CISCO gear for Mikrotik Routerboards.
The
On Dec 31, 2013, at 11:50 AM, Saku Ytti s...@ytti.fi wrote:
I asked earlier today JTAC (#2013-1231-0033) and JTAC asked SIRT for tool to
read BIOS and output SHA2 or SHA3 hash, and such tool does not exist yet. I'm
dubious, it might be possible even with existing tools. At least it's
On (2013-12-31 16:22 +0100), na...@mitteilung.com wrote:
Since some weeks all my cisco / juniper equipment was replaced with open
source solutions (sometimes with embedded devices) and that works fine.
Google as search engine and Facebook accounts are deleted and some more
things. Cloud
On Tue, 31 Dec 2013 10:43:02 -0500, Jamie Gwatkin said:
Could be related to this?
http://kb.juniper.net/InfoCenter/index?page=contentid=TSB16290
Do I want to ask why *THIS*?
Estimated Fix Date:
Juniper engineering has root caused this issue is working to build and release
a ESAP fix as soon as
Now, boss man comes in and has a new office opening up. Go grab the r1 box
out of the closet, you need to upgrade the code and reconfigure it. Cable
it up to your PC with a serial port, open some some sort of terminal program
so you can catch the boot and password recover it. Plug it's
Hi,
some approaches were discussed in 2010, by Graeme Neilson from NZ here:
https://www.troopers.de/wp-content/uploads/2012/10/TROOPERS10_Netscreen_of_the_Dead_Graeme_Neilson.pdf
a later year, at the same conference, he gave a private session demonstrating
basically the same stuff for JunOS,
On Dec 31, 2013, at 1:10 AM, Timothy Morizot tmori...@gmail.com wrote:
I've been in the process of rolling out IPv6 (again this night) across a
very large, highly conservative, and very bureaucratic enterprise. (Roughly
100K employees. More than 600 distinct site. Yada. Yada.) I've had no
On Dec 31, 2013, at 12:49 PM, Enno Rey e...@ernw.de wrote:
Hi,
some approaches were discussed in 2010, by Graeme Neilson from NZ here:
https://www.troopers.de/wp-content/uploads/2012/10/TROOPERS10_Netscreen_of_the_Dead_Graeme_Neilson.pdf
a later year, at the same conference, he gave a
(Yes this is a top post ... get over it)
Thank you Leo for doing such a great job in this scenario of explaining why
acronym familiarity has much more to do with people's entrenched positions,
than the actual network manageability they claim to be worried about. The
hyperbolic nonsense in
* Randy Bush:
Clay Kossmeyer here from the Cisco PSIRT.
shoveling kitty litter as fast as you can, eh?
http://tools.cisco.com/security/center/content/CiscoSecurityResponse/cisco-sr-20131229-der-spiegel
The article does not discuss or disclose any Cisco product vulnerabilities.
this is
On (2013-12-31 18:49 +0100), Enno Rey wrote:
some approaches were discussed in 2010, by Graeme Neilson from NZ here:
https://www.troopers.de/wp-content/uploads/2012/10/TROOPERS10_Netscreen_of_the_Dead_Graeme_Neilson.pdf
a later year, at the same conference, he gave a private session
On Dec 31, 2013, at 7:05 AM, Ray Soucy wrote:
I think there needs to be some clarification on how these tools get used,
how often they're used, and if they're ever cleaned up when no longer part
of an active operation. Of course we'll never get that.
But that's exactly what we need.
Look
On Mon, 30 Dec 2013 19:38:12 -0800, Sabri Berisha said:
However, attempting any of the limited attacks that I can think of would
require expert-level knowledge of not just the overall architecture, but also
of the microcode that runs on the specific PFE that the attacker would target,
Already
I've been working with 40 gig for a few years. When I first ordered a
switch, one of the first publicly available with full 40 gig, I was
appalled that I was going to have to use 4 pair of multimode fiber for each
of my connections. I had planned on using single mode because I can do that
with 1
There's a limit to what can reasonably be called a *product*
vulnerability.
right. if the product was wearing a low-cut blouse and a short skirt,
it's not.
it's weasel words (excuse the idiom). shoveling kitty litter over a big
steaming pile.
let me insert a second advert for jake's 30c3
On Dec 31, 2013, at 2:00 PM, eric clark cabe...@gmail.com wrote:
Anyone know why the industry has their head stuck on MultiMode?
at 10G the optics costs are about 1/3 that of SMF (SR vs LR).
We tend to keep things SMF, but within many older datacenters MMF is broadly
available and does meet
On Dec 31, 2013, at 12:36 PM, Tony Hain alh-i...@tndh.net wrote:
likely pointless. Do you really believe that dhcp messages picked up by the
rogue router wouldn't end up answering with the wrong values and breaking
both IPv4 IPv6? Next, do you really believe that DHCP Guard for an IPv4
My guess would be it's due to existing cable plants. I've worked at a
number of places that have tons of multimode fiber run everywhere. If
you can re-terminate and re-use, even if inefficiently, it often beats
the time and expense required to run new fiber, especially if it's a
place that
+1
NSA states very clearly this is baked in and ³widely deployed². Either
Cisco is not very happy with their government overlords today, or they are
having long meetings at those oversized conference tables trying to figure
out what to tell everyone. I¹m curious about the implications to the US
Basic economics.
MM optics come with looser tolerances and are therefore easier to
produce. The wider core of the fiber and higher dispersion allowances
also mean that the fiber is easier to make. The fiber, though, is the
small end of this equation. The optics are the big one.
For those who are
On Jan 1, 2014, at 2:07 AM, Randy Bush ra...@psg.com wrote:
it's weasel words (excuse the idiom). shoveling kitty litter over a big
steaming pile.
Clayton is responding to the ability that he's allowed, and he's using words
very precisely.
Here's Cisco's official responses, so far.
The best response I've seen to all this hype and I completely agree with
Scott:
Do ya think that you wouldn't also notice a drastic increase in outbound
traffic to begin with? It's fun to watch all the hype and things like
that, but to truly sit down and think about what it would actually take
On Jan 1, 2014, at 2:16 AM, Warren Bailey
wbai...@satelliteintelligencegroup.com wrote:
Randy is right here.. Cisco has some Œsplainin to do - we buy these devices
as ³security appliances², not NSA rootkit gateways
* Randy Bush:
There's a limit to what can reasonably be called a *product*
vulnerability.
right. if the product was wearing a low-cut blouse and a short skirt,
it's not.
Uh-oh, is this an attempt at an argument based on a blame the victim
rape analogy?
On Jan 1, 2014, at 2:34 AM, Jonathan Greenwood II gwoo...@gmail.com wrote:
The best response I've seen to all this hype and I completely agree with
Scott:
Do ya think that you wouldn't also notice a drastic increase in outbound
traffic to begin with? It's fun to watch all the hype and
Money, really. The optics and fiber cost is cheaper than SM. The
standards around SM optics are to reach relatively long distances, so the
transmitters and receivers are more expensive and they use way more power.
That being said, I see MM in modern datacenters being used in-rack or very
Ryan Harden wrote:
...
IMO, being able to hand out gateway information based on $criteria via
DHCPv6 is a logical feature to ask for. Anyone asking for that isn't
trying to tell
you that RA is broken, that you're doing things wrong, or that their way
of
thinking is more important that yours.
it's weasel words (excuse the idiom). shoveling kitty litter over a
big steaming pile.
Clayton is responding to the ability that he's allowed, and he's using
words very precisely.
qed
pgp7iFOpQgLqE.pgp
Description: PGP signature
The best response I've seen to all this hype and I completely agree with
Scott:
Do ya think that you wouldn't also notice a drastic increase in outbound
traffic to begin with? It's fun to watch all the hype and things like
that, but to truly sit down and think about what it would actually
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/31/2013 12:33 PM, sth...@nethelp.no wrote:
The best response I've seen to all this hype and I completely agree with
Scott:
Do ya think that you wouldn't also notice a drastic increase in
outbound traffic to begin with? It's fun to watch
On Tue, Dec 31, 2013 at 7:31 PM, valdis.kletni...@vt.edu wrote:
On Tue, 31 Dec 2013 10:43:02 -0500, Jamie Gwatkin said:
Could be related to this?
http://kb.juniper.net/InfoCenter/index?page=contentid=TSB16290
Do I want to ask why *THIS*?
Estimated Fix Date:
Juniper engineering has root
On Tue, 31 Dec 2013 23:09:58 +0200, Eugeniu Patrascu said:
We need an emergency fix because a piece of software unexpectedly hit
an end-of-life date? Didn't we learn anything 14 years ago??!?
Juniper just posted a technical note saying the issue is fixed and a new
ESAP package is out.
On Dec 31, 2013, at 2:16 PM, Tony Hain alh-i...@tndh.net wrote:
Ryan Harden wrote:
...
IMO, being able to hand out gateway information based on $criteria via
DHCPv6 is a logical feature to ask for. Anyone asking for that isn't
trying to tell
you that RA is broken, that you're doing
On Dec 31, 2013, at 12:11 PM, Ryan Harden harde...@uchicago.edu wrote:
On Dec 31, 2013, at 1:10 AM, Timothy Morizot tmori...@gmail.com wrote:
I've been in the process of rolling out IPv6 (again this night) across a
very large, highly conservative, and very bureaucratic enterprise. (Roughly
On Tue, 31 Dec 2013, David Hubbard wrote:
My guess would be it's due to existing cable plants. I've worked at a
number of places that have tons of multimode fiber run everywhere. If
you can re-terminate and re-use, even if inefficiently, it often beats
the time and expense required to run new
On Tue, 31 Dec 2013, Justin M. Streiner wrote:
The problem is markedly worse at 100G. DPO-24 is just evil, but the cost
difference between 100G SR10, LR4, and ER4 optics is still ridiculous.
Er... MPO-24. Sorry :)
jms
Explaining, not a denial written by their legal department. I find it
insanely difficult to believe cisco systems has a backdoor into some of
their product lines with no knowledge or participation. Given the fact
that RSA had a check cut for their participation (sell outs..), would it
be out of
* Warren Bailey:
Explaining, not a denial written by their legal department. I find it
insanely difficult to believe cisco systems has a backdoor into some of
their product lines with no knowledge or participation.
As far as I understand it, these are firmware tweaks or implants
sitting on a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On 12/31/2013 4:02 PM, Florian Weimer wrote:
* Warren Bailey:
Explaining, not a denial written by their legal department. I find it
insanely difficult to believe cisco systems has a backdoor into some of
their product lines with no knowledge or
On Tue, Dec 31, 2013 at 04:19:24PM -0500, valdis.kletni...@vt.edu wrote:
On Tue, 31 Dec 2013 23:09:58 +0200, Eugeniu Patrascu said:
We need an emergency fix because a piece of software unexpectedly hit
an end-of-life date? Didn't we learn anything 14 years ago??!?
Juniper just
On Tue, Dec 31, 2013 at 11:19 PM, valdis.kletni...@vt.edu wrote:
On Tue, 31 Dec 2013 23:09:58 +0200, Eugeniu Patrascu said:
We need an emergency fix because a piece of software unexpectedly hit
an end-of-life date? Didn't we learn anything 14 years ago??!?
Juniper just posted a
Had no clue? Didn't they build it?
On Dec 31, 2013 7:46 PM, Eugeniu Patrascu eu...@imacandi.net wrote:
On Tue, Dec 31, 2013 at 11:19 PM, valdis.kletni...@vt.edu wrote:
On Tue, 31 Dec 2013 23:09:58 +0200, Eugeniu Patrascu said:
We need an emergency fix because a piece of software
Happy New Year to all, and to all a good lawful interception.
At 20:55 31/12/2013 -0500, Christopher Morrow wrote:
Had no clue? Didn't they build it?
From what I understood from the tech note, they had no clue this would
happen on the 31st of December :)
Perhaps it is a left over somehow from their Netscreen purchase (April 2004)?
-Hank
Happy New Year guys!
On Tue, Dec 31, 2013 at 10:38 PM, jamie rishaw j...@arpa.com wrote:
Happy New Year to all, and to all a good lawful interception.
--
eSited LLC
(701) 390-9638
and in ~10 yrs no one did a code review? or refactor? or dependency check?
On Wed Jan 01 2014 at 12:42:09 AM, Hank Nussbacher h...@efes.iucc.ac.il
wrote:
At 20:55 31/12/2013 -0500, Christopher Morrow wrote:
Had no clue? Didn't they build it?
From what I understood from the tech note,
Please note that Ryan’s “manage their IPv6 systems” really means “run their
business”. In many organizations the routing network is managed by a
different group with different business goals and procedures than end
systems. Allowing flexibility for this, if it is not overwhelmingly
happy new year.
On Tue, Dec 31, 2013 at 11:45 PM, Bryan Tong cont...@nullivex.com wrote:
Happy New Year guys!
On Tue, Dec 31, 2013 at 10:38 PM, jamie rishaw j...@arpa.com wrote:
Happy New Year to all, and to all a good lawful interception.
--
eSited LLC
(701) 390-9638
--
()
China. ;) lol
Sent from my Mobile Device.
Original message
From: Paul Ferguson fergdawgs...@mykolab.com
Date: 12/31/2013 4:13 PM (GMT-08:00)
To: nanog@nanog.org
Subject: Re: NSA able to compromise Cisco, Juniper, Huawei switches
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Happy new year!
Regards,
Christopher Young
Network Operations
InterMetro Communications, Inc.
805-433-8000 Main
805-433-0050 Direct
805-433-2589 Mobile
805-582-1006 Fax
*** Contact our NOC at
866-446-2662 or via email '
network.operati...@intermetro.net' ***
*** The information contained
Happy new year to all of you, all the best!
Karim
-Original Message-
From: Christopher Young [mailto:chris.yo...@intermetro.net]
Sent: January 1, 2014 2:42 AM
To: Beavis; Bryan Tong
Cc: NANOG list
Subject: Re: First! [?]
Happy new year!
Regards,
Christopher Young
Network Operations
Happy New Year !
Best Wishes for 2014 to Everyone.
Faisal Imtiaz
- Original Message -
From: A Mekkaoui amekka...@mektel.ca
To: chris young chris.yo...@intermetro.net, Beavis pfu...@gmail.com,
Bryan Tong cont...@nullivex.com
Cc: NANOG list nanog@nanog.org
Sent: Wednesday, January
69 matches
Mail list logo
