Watch out for licensing gotchyas.
In active/active ClusterXL situations (load sharing multicast mode) be
careful of multicast--make sure any traversed switches and routers are
compatible with Ethernet Multicast (make sure they don't partition ports
due to high broadcast traffic). Active/Active
Seriously.
--p
-Original Message-
From: Aled Morris [mailto:al...@qix.co.uk]
I'd treat this as the first of their pen tests - a social engineering
attack to obtain secret information about the network, and refuse.
Aled
I'm with Barry--a network diagram showing everything from the pov of the pen
team should be part of the end report.
--p
-Original Message-
From: Barry Greene [mailto:bgre...@senki.org]
Hi Tim,
A _good_ pen test team would not need a network diagram. Their first round of
penetration
nmap has some modes that are useful for this:
nmap -sX network#christmas treepackets are sent, nastygram,
kamikaze, should light up any IPS
nmap -sS network#stealth syn scan, should light up any good IPS
nmap -O network #OS scan, should light up any
The short answer is you can't. ARIN only cares about /24s or bigger. If the
network were a /24 or larger, then your customer would need to get an ASN
(autonomous system number) and then you could register the network to them.
More info here: https://www.arin.net
--Patrick Darden
There's not that much overhead--your certs should be ok. TCP for SQL would
just make sense. I personally wouldn't want to do what you are contemplating.
Here's some stuff to think about:
1. your modems will not be able to do compression. You can't easily compress
random data (e.g.
Could a Google Op get in touch with me off-list please? I have a fairly
stupid situation
--p
It's been up and down since maybe 11am eastern. We have a ticket in
with them, but no response as of yet.
--Patrick Darden
Athens Regional Medical Center
-Original Message-
From: Raleigh Apple [mailto:rap...@rapidlink.com]
Sent: Tuesday, February 09, 2010 3:14 PM
To: nanog@nanog.org
I noticed this as well around 11:50 eastern.
--Patrick Darden
-Original Message-
From: Maria Iano [mailto:ma...@iano.org]
Sent: Thursday, May 21, 2009 11:56 AM
To: nanog@nanog.org
Subject: facebook DNS
It looks like facebook is having DNS troubles. The www.facebook.com
subdomain is
Athens GA, tried to call in a ticket (Metro Ethernet) and was told a
master ticket was already in place for my circuits. Other than the
ticket # they wouldn't give me any details. Anybody know anything?
--p
I think your next step is your lawyer. Put all your missives, your
email, your phone conversations, your logs, your auditing results, your
detection troubleshooting and sleuthing trails etc. in a folder, create
a one page summary including any damages you feel might have been caused
(e.g. time,
I don't think you will have any troubles with industry standard hardware for
the rates you are quoting. When you get in excess of 300Mbps you have to
start worrying about PPS. When you are looking at 600Mbps then you
should pick out your system more carefully (tcpoe nics, pcie(X), cpu
at over
My first thought for this was: route filtering. My second thought
was: use different AS#s. Then I reread your question and thought
of something far simpler.
It seems to me if you are migrating from provider A to provider B
then you should set everything up for B, then shut down the
interface
You can do it multiple ways:
1. old fashioned hunt groups for multiple analog lines.
2. getting a PRI with one outward facing number.
3. talk to your local Bell about what would best suit your needs (digital
calls? 56K? 64k? 128K? ISDN? Analog? dialout capability, or just dialin?
etc.
Or his DSL is set to bridging.
--p
-Original Message-
From: Nathan Ward [mailto:[EMAIL PROTECTED]
Sent: Tuesday, September 16, 2008 12:47 AM
To: nanog list
Subject: Re: confusing packet data
On 16/09/2008, at 4:43 PM, Hank Nussbacher wrote:
Are you running Skype? Have you become a
Check your ARP tables, local and on intervening switches/routers. Make sure
there are no duplicate entries for that IP. If you note the response time, the
second packet is always higher which might be indicative. I would also check
for a botched MITM a la CA.
Even if there is no obvious
Somebody's going to bring in Emacs now. Then somebody else will claim VI can
do it faster and using less memory
Argh. ;-)
--p
-Original Message-
From: Joe Greco [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 27, 2008 1:29 PM
To: [EMAIL PROTECTED]
Cc: nanog@nanog.org
Subject:
1. I think ARP is effectively a ping for a mac. It verifies connectivity on
level 2 between two hosts. You have to be on the same segment though
To make it work, you would have to know the mac address of the remote host,
clear the arp table the local host, then send the ARP request
Joe makes some good points here. I'd have to add one caveat though:
it depends.
It depends on the server. Busy email servers definitely depend on
having fast DNS, and benefit *greatly* from a caching DNS server using
local sockets instead. Web servers generally don't. Centralized
logging
I think Colin just said everything I said, but in 1/10'th the words.
And he posted before me. Drats.
--Patrick Darden
-Original Message-
From: Colin Alston [mailto:[EMAIL PROTECTED]
Sent: Monday, August 11, 2008 8:38 AM
To: Joe Greco
Cc: [EMAIL PROTECTED]
Subject: Re: maybe a dumb
Hi Jay,
Jay Ashworth:
Sure. And he's not always right either; none of us are.
But he gave cogent arguments to support his point, and you gave us
He gave good arguments. You, however, did not.
None of which amounts to wants to hurt people, which is what you
accused him of.
I was out of
Yes. 1918 (10/8, 172.16/12, 192.168/16), D, E, reflective (outgoing
mirroring), and as always individual discretion.
--Patrick Darden
-Original Message-
From: Leo Bicknell [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 9:10 AM
To: nanog@nanog.org
Subject: Is it time to
start at the bottom and work up: 192.168.0.X++,
10.0.0.X++, etc. This makes
any internetworking (ptp, vpn, etc.) ridiculously difficult. I've seen
a lot of hack jobs
using NAT to get around this. Ugly.
--Patrick Darden
-Original Message-
From: Darden, Patrick S.
Sent: Wednesday
it to
work this way (imho).
--p
-Original Message-
From: Joel Jaeggli [mailto:[EMAIL PROTECTED]
Sent: Wednesday, August 06, 2008 11:21 AM
To: Darden, Patrick S.
Cc: nanog@nanog.org
Subject: Re: was bogon filters, now Brief Segue on 1918
Darden, Patrick S. wrote:
*randomly* from
PM
To: Darden, Patrick S.
Cc: nanog@nanog.org
Subject: Re: was bogon filters, now Brief Segue on 1918
Darden, Patrick S. wrote:
Most organizations that would be doing this would not randomly pick out
subnets, if I understand you. They would randomly pick out a subnet, then
they would sub
Actually, rereading this, I agree. My experience is large companies take it
all, using huge swathes inefficiently, instead of doing it right. In my
previous post I was answering the question I thought you were asking, not your
real question.
I agree with you both.
I think that RFC1918
1. DOS of Cymru (as noted below).
2. False Positives. Your network is suddenly stranded. Maybe on purpose.
(DOS of a network, e.g. China or Youtube).
3. False Negatives. A bogus network is suddenly centrally rubber-stamped.
Could happen. We've seen a lot of shenanigans with the domain
27 matches
Mail list logo
