Hi,
Just to let you know about Cyclops (beta for now), a tool for topology
visibility and real-time routing anomaly detection/alerting for
service providers and enterprise networks. Cyclops uses real time data
from hundreds of vantage points of route-views, ripe-ris, packet
clearing
I've been nudging an operator at Covad about a handful of hosts from his
DHCP pool that have been attacking - relentlessly port scanning - our assets.
I've been informed by this individual that there's no way to determine which
customer had that address at the times I list in my logs - even
I think your next step is your lawyer. Put all your missives, your
email, your phone conversations, your logs, your auditing results, your
detection troubleshooting and sleuthing trails etc. in a folder, create
a one page summary including any damages you feel might have been caused
(e.g. time,
On Wed, 11 Mar 2009, Darden, Patrick S. wrote:
I think your next step is your lawyer. Put all your missives, your
email, your phone conversations, your logs, your auditing results, your
detection troubleshooting and sleuthing trails etc. in a folder, create
a one page summary including any
On 11-Mar-2009, at 10:03, Jon Lewis wrote:
but what's the point in getting lawyers involved?
It might convince some pointy-haired person at covad to review the
policies and procedures on the abuse desk, maybe.
Whatever access isn't supposed to be open should be filtered.
If you can
Brett Charbeneau wrote:
I've been nudging an operator at Covad about a handful of hosts from
his DHCP pool that have been attacking - relentlessly port scanning -
our assets.
Port scanning is rather common, and shouldn't be considered attacking --
unless it's taking a significant amount
On Wed, 11 Mar 2009, William Allen Simpson wrote:
WAS While I applaud your taking security seriously, and your active monitoring
WAS of your resources, other folks might be handling huge numbers of Conficker,
WAS Mebroot, and Torpig infections these days. So, they might be rather busy.
On Wed, 11 Mar 2009 10:28:33 -0400
Joe Abley jab...@hopcount.ca wrote:
On 11-Mar-2009, at 10:03, Jon Lewis wrote:
but what's the point in getting lawyers involved?
It might convince some pointy-haired person at covad to review the
policies and procedures on the abuse desk, maybe.
Covad telling you they don't keep logs is different from them not
really having the logs... but, if they really don't keep logs, they
are posing a risk that FBI or DHS might not be happy with. The feds
will probably be more persuasive than you, so maybe hinting them about
this situation may change
On Wed, 11 Mar 2009 12:42:40 -0300
Rubens Kuhl rube...@gmail.com wrote:
Covad telling you they don't keep logs is different from them not
really having the logs... but, if they really don't keep logs, they
are posing a risk that FBI or DHS might not be happy with. The feds
will probably be
On Wed, Mar 11, 2009 at 10:55:43AM -0400, Brett Charbeneau wrote:
On Wed, 11 Mar 2009, William Allen Simpson wrote:
WAS While I applaud your taking security seriously, and your active
monitoring
WAS of your resources, other folks might be handling huge numbers of
Conficker,
WAS Mebroot,
Hope you did that scan from covad. Lol. *ducks*
Sent via BlackBerry from T-Mobile
On Wed, 11 Mar 2009, Marcus Reid wrote:
MR A quick scan of the reverse mapping for your address space in DNS reveals
MR that you have basically your entire network on public addresses. No wonder
MR you're worried about portscans when the printer down the hall and the
MR receptionists machine are
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jon Lewis wrote:
If port scans really bother you, then you should setup a system to detect
them, and regularly rebuild ACLs/null route lists/etc. to stop them in
near real time. AFAIK, Cisco sells such a product, as do other network
vendors
Yes and no.
Yes, in that it does best path selection, no in that it does not use BGP, since
low cost assumes DSL or cable, over which I've never seen BGP deployed. This
class of device assumes an appliance at each end. Performance data is
collected, compression and load balancing techniques
On Wed, Mar 11, 2009 at 12:57 PM, Alec Berry alec.be...@restontech.com wrote:
block in log quick from evil to any label evil
RFC 3514? :-)
--
Jeremy L. Gaddis
http://evilrouters.net/
Anyone have any experience with SUP32? Please contact me off list.
I'm trying to evaluate a lower-cost alternative to the 720-3bxl.
I'm only pushing a few hundred megs of traffic, exchanging a few routes with
less than 20 peers and don't see the need for a 720's worth of throughput in
the near
On Wed, Mar 11, 2009, Bill Blackford wrote:
Can the 32 handle a full table?
Start here:
http://www.mail-archive.com/cisco-...@puck.nether.net/msg12492.html
adrian
Honestly, my advise is don't handle full tables in switches unless you
want to use 3bxl. Use routers, any old ISR can do 1GB memory or so
and handle the table just fine, and run you a fraction of the cost.
Keep internal routes, defaults, etc in the switching core.
Brian
On Mar 11,
On Wed, 11 Mar 2009, Bill Blackford wrote:
I'm trying to evaluate a lower-cost alternative to the 720-3bxl.
I'm only pushing a few hundred megs of traffic, exchanging a few routes with
less than 20 peers and don't see the need for a 720's worth of throughput in
the near future.
Can the 32
Actually let me amend that and say 3800's as far as inexpensive
routers. They are basically NPE400 class devices, with alot of memory
and sufficient to handle the full table. Other router devices like
7200's etc will work fine as well.
On Mar 11, 2009, at 2:29 PM, Brian Feeny wrote:
Thank you to everyone who offered advice. I thinks it's clearer what my path
should be.
Incidentally, I am using 7300/7200 based units with G1 RP and found that at
200M they start seeing 50% CPU load which is why I'm looking to go to the next
step.
Again, thanks to all
-b
-Original
On Wed, Mar 11, 2009, Bill Blackford wrote:
Thank you to everyone who offered advice. I thinks it's clearer what my path
should be.
Incidentally, I am using 7300/7200 based units with G1 RP and found that at
200M they start seeing 50% CPU load which is why I'm looking to go to the
next
William Allen Simpson wrote:
Port scanning is rather common, and shouldn't be considered attacking --
unless it's taking a significant amount of bandwidth.
Attempting to gain unauthorised access to a computing system is a crime in
most countries. Port scanning is a tool used to gain
I have found that Cisco IPSLA is heavily used in the MSO/Service
Provider Space. Juniper has equivalent functionality via RPM.
Rich
-Original Message-
From: Saqib Ilyas [mailto:msa...@gmail.com]
Sent: Saturday, March 07, 2009 6:12 AM
To: nanog@nanog.org
Subject: Re: Network SLA
I
Bill,
As far as pricing for refurbished Cisco Supervisor Engines the 3BXL is
selling for around $7500 whereas the WS-SUP32-10GE-3B $5500, WS-SUP32-GE-3B
$2500...
Best regards,
Larry E. Stites
Northern California Networks, Inc.
LIC# 2004 SR KH 100-484111
Nevada City, CA 95959
on 3/11/09
Make sure that the new 10 GiGE line cards are not in your plans if you
choose the SUP32. This holds for some of the other copper and fiber line
cards where line card buffer capacity may be critical to effective
throughput. Some new line cards only connect to the 720 Gig backplane.
-Original
A quick scan of the reverse mapping for your address space in DNS reveals
that you have basically your entire network on public addresses. No wonder
you're worried about portscans when the printer down the hall and the
receptionists machine are sitting on public addresses. I think you are
Joe Greco wrote:
A quick scan of the reverse mapping for your address space in DNS reveals
that you have basically your entire network on public addresses. No wonder
you're worried about portscans when the printer down the hall and the
receptionists machine are sitting on public addresses. I
On Wed, 11 Mar 2009, Joe Greco wrote:
In our neighbourhood, we don't have a high crime rate. Despite that,
if we saw someone walking from house to house, trying doorknobs, we'd
call the cops. The fact that everyone has locks on their doors does
not make it all right for someone to go around
On Wed, 11 Mar 2009, Joe Greco wrote:
In our neighbourhood, we don't have a high crime rate. Despite that,
if we saw someone walking from house to house, trying doorknobs, we'd
call the cops. The fact that everyone has locks on their doors does
not make it all right for someone to go
On Wed, Mar 11, 2009 at 6:27 PM, Peter Beckman beck...@angryox.com wrote:
On Wed, 11 Mar 2009, Joe Greco wrote:
In our neighbourhood, we don't have a high crime rate. Despite that,
if we saw someone walking from house to house, trying doorknobs, we'd
call the cops. The fact that everyone
On Thursday 12 March 2009 03:06:05 am Bill Blackford wrote:
Incidentally, I am using 7300/7200 based units with G1 RP
and found that at 200M they start seeing 50% CPU load
which is why I'm looking to go to the next step.
Be sure to optimize your configuration before you upgrade.
Depending on
33 matches
Mail list logo