Re: Counter DoS
I actually thought that this was some kind of April Fools day joke a few weeks early. Anyone who buys this should be shot on principleWait...First I have a bridge to sell them. At 05:55 PM 3/10/2004, Steven M. Bellovin wrote: In message <[EMAIL PROTECTED]>, "Joshua Brady" writes: > >http://news.zdnet.co.uk/internet/security/0,39020375,39148215,00.htm > >Comments? The phrase "seriously bad idea" comes to mind. Other phrases include "illegal", "collateral damage", and "stupid". --Steve Bellovin, http://www.research.att.com/~smb -tdawson [EMAIL PROTECTED]
Re: scripts to map IP to AS?
You could just rune trace from a cisco router (or do a trace from a looking glass). It shows the AS numbers along the path. Just pick out the last one. It also has the advantage of telling you who is really announcing it at this time rather then who 'should' be announcing it. Guessing a script could be written using RANCID or some code from lookingglass quite quickly. Tracing the route to w2.scd.yahoo.com (66.218.71.81) 1 sjc3-core5-pos6-0.atlas.algx.net (165.117.48.62) 204 msec 204 msec 200 msec 2 sjc3-yahoo.peer.algx.net (165.117.67.110) 200 msec 200 msec 4 msec 3 ge-0-0-0-p32.pat2.pao.yahoo.com (216.115.100.76) [AS 10310] 200 msec 0 msec ge-0-0-0-p31.pat2.pao.yahoo.com (216.115.100.68) [AS 10310] 200 msec 4 vl28.bas1.scd.yahoo.com (216.115.101.42) [AS 10310] 200 msec 204 msec 200 msec 5 w2.scd.yahoo.com (66.218.71.81) [AS 26101] 0 msec 204 msec 228 msec At 08:09 AM 2/20/2003 -0500, William Allen Simpson wrote: Anybody have a pointer to scripts to map IP to AS? There are still 10K-20K hosts spewing M$SQL slammer/sapphire packets, and I'd like to start blocking routing to those irresponsible AS's that haven't blocked their miscreant customers. http://isc.sans.org/port_details.html?port=1434 -- William Allen Simpson Key fingerprint = 17 40 5E 67 15 6F 31 26 DD 0D B9 9B 6A 15 2C 32 -tdawson [EMAIL PROTECTED]
Re: Let's talk about Distance Sniffing/Remote Visibility
At 06:27 AM 3/28/2002, [EMAIL PROTECTED] wrote: >It seems to me that the means available are A) a very expensive distributed >NAI Sniffer installation B) standard RMON probes and the NMS of your choice >and C) A linux box with a ton of interfaces running Ethereal accessed via >Xwindows/VNC/whatever. Ran into this and went with C but couldn't fit as many NIC's in the newly christened sniffer box that I wanted. My solution was to take an Cisco Cat 2900 (and a Foundry Workgroup switch later) and I worked up a series of rancid scripts (since changed to SNMP Set commands in a perl script) that would enable and disable ports along with setting the port mirroring. This gave me 22 ports to play with, each into a different switch so that I could directly monitor almost every FE port in the Co-lo. Its a little 'hacky' but it works surprisingly well (after a bit of up-front work). I haven't attempted to monitor a GigE port yet but Im sure that a Cisco Cat 3508 would be able to do the job as well. Hope this helps someone. -tdawson -Network Geek (Bit Pusher) -BlueMartini Software
Re: looking to reduce hops from toronto to singtel
>anyone got any ideas on who might be able to reduce my hopcount from >toronto to singtel? > >currently we are seeing uunet->alternet->bbnplanet->singtel. You can peer with bbnplanet or singtel at a local IX. (would become you->bbnplanet->singtel or you->singtel) Or Ask UUNet to alter their peering with singtel so that the bbnplanet AS is skipped (would become uunet->singtel) BTW: uunet and alternet are the same Later -tdawson -Network Geek (Bit Pusher) -BlueMartini Software
Re: SNMP and BGP
The snmp root for BGP is .1.3.6.1.2.1.15 with the specific OID for which peer gave you the prefix at .1.3.6.1.2.1.15.6. There is also come stuff under enterprises.cisco but not much more info or at least I can't figure out where anything really useful is in the cisco bgp mib. (anyone else??) I will send you the generic MIB file if you need it. Its on the cisco site listed as BGP4-MIB-V1SMI.my I warn you to NOT do an snmpwalk on that table on a router with multiple full routing tables, it can take forever and will push the CPU on the router to the max (not a happy thing). Load a router with a partial table and poll that to test it out. Or if you just want what actually makes it into the routing table you might want to look at . 1.3.6.1.2.1.4.21.1 . Enjoy. At 03:11 PM 3/21/2002, Adam Spann wrote: >Hi Guys and Ladies, > >I was wondering if anyone had worked out how to SNMP poll a cisco router for >BGP information. >I know that Cisco has support for this but I can't work out the SNMP path to >actually reach the BGP Mib portion. > >I am looking to obtain the number of route prefixes recieved for a given BGP >Peer. I can currently do this using some perl. But I would like to move to >SNMP if possible. > >If anyone has any pointers, and ideally the actual MIB path to at least >reach the BGP Mib I would be greatful. > >Kind Regards, > > > >Adam Spann >Network Operations Engineer > >Email: [EMAIL PROTECTED] >Phone: 61 2 8304 9300 Fax: 61 2 9317 5856 >631-637 Gardners Road Mascot NSW 2020 >Web: www.au.psi.net -tdawson -Network Geek (Bit Pusher) -BlueMartini Software