Re: Fiber Question [7:72544]
At 03:55 AM 7/18/2003 +, "Chuck Whose Road is Ever Shorter" wrote: >""Zsombor Papp"" wrote in message >news:[EMAIL PROTECTED] > > At 01:20 AM 7/18/2003 +, Bill wrote: > > >Just learning basics of fiber communication. > > > > Btw, optical communication is indeed an interesting topic. Does anyone >have > > a recommendation for a good book on this? I would be very interested in a > > book (let alone web site) that explains the fundamental principles > > (modulation, dispersion, spectral width, etc) in a great detail, but > > without making my brain explode with thousands of formulas. (Yeah, I know, > > it's not an easy request.) > > > > For example, why exactly do we need that conditioning cable when >connecting > > a MM cable to a SM interface? > > >not that CCO necessarily provides intimate technical details, but if you >read the footnotes you can infer that it has to do with laser strength and >signal saturation. That's probably just one part of the problem. That same footnote goes on to say that "mode-conditioning patch cord is required for link distances *greater* than 984 feet". Surely the signal doesn't get stronger as the distance increases? See also this page: http://www.l-com.com/content/ResourceCenter/Tips/pages/fiber_06.htm which talks about Differential Mode Delay (DMD) and hints about the importance of positioning the SM core against the MM core. This DMD sounds like modal dispersion, but if it really is modal dispersion, then why is the SM interface affected more by this than the MM interface? Btw, as for the laser strength and saturation, I am also wondering why that doesn't present a problem with SM cables. Because the small core doesn't carry as much energy as the large core of the MM cable? Or maybe it is a problem even for SM, they just assume that you wouldn't use SM cable for a distance measured in "10s of meters"? Thanks, Zsombor >http://www.cisco.com/en/US/products/hw/modules/ps872/products_data_sheet09186a008014cb5e.html >watch the wrap. > >probably the same reason why the minimum length of a fiber patch ( >multimode ) is 3 meters / 10 foot > > > > > > Thanks, > > > > Zsombor > > > > > I am not sure about which fiber > > >cable I saw but it was orange and basically connected two 3550's >together. > > > > > >The fiber had two connectors on each side. One was blue and the other was > > >red. > > > > > >How is it normally connected? I guess the switch ports are receive and > > >transmit. So, does that mean if you connect red on the left port on one > > >switch, you would connect the red on the other side of the cable to the > > >right port of the switch? > > > > > >Thx > > >bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72559&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Access list or Conduit? [7:72514]
Conduits are global and access lists are interface specific. Go with access lists. At 09:11 PM 7/17/2003 +, E. Keith J. wrote: >Hi all > > > >The boss wants to allow ping. > >In the website I found the way by using an access list. > >In another config I see a conduit is used. > > > >What is the difference between using a conduit and an access list to allow >ping > > > >Is it that a conduit is to a specific host > >Rather than permit any? > > > >Thanks + International Network Services Darren S. Crawford - CCNP, CCDP, CISSP Sr. Network Systems Consultant Northwest Operation - Sacramento Office Voicemail: (916) 859-5200 x310 Pager: (800) 467-1467 Text Page: [EMAIL PROTECTED] Email: mailto://[EMAIL PROTECTED] Web: www.ins.com + Every Job is a Self-Portrait of the person Who Did It...Autograph Your Work With EXCELLENCE! Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72557&t=72514 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
At 03:56 AM 7/18/2003 +, annlee wrote: >Here is some help >http://www.americanfibertek.com/FAQ.htm#fiber "singlemode fiber is half the cost of multimode fiber" ??? > and >http://www.americanfibertek.com/products/PDFCatalog/History.pdf >All the fiber I saw followed the convention orange=MM, yellow=SM. MM fiber >is not capable of handling SM input, With conditioning cable patches it can. > but SM fiber can handle MM input. Is this a fact? No restrictions, no gotcha's, it just works? > IIRC, >the reason was power on the laser emission as well as frequencies used, etc. >There is also some info in SONET, 3e, by Goralski >--it's on amazon.com. I have the 2e, and I learned a ton from it, including >the introductory material about how networking developed as it did. It's good for an introduction, I just wish it would continue to elaborate on the optical aspect, instead of getting into the boring details of SONET. He chose the title well though, I have to give him that... :) >In our lab, we weren't often blessed with red and blue connectors; more >often it was dual black connectors, in which case we ran fingers down the >fiber to get the 180-degree twist (rx--tx and tx--rx): it really is a manual >crossover. I usually check the inscription on the cable. On the cables we use, only one half has an inscription (on both ends). > The finger roll only works in a lab, though. Dolphins lose their >grip on the transoceanic fibers... They must be using color codes... :) Thanks, Zsombor >Annlee > >""Zsombor Papp"" wrote in message >news:[EMAIL PROTECTED] > > At 01:20 AM 7/18/2003 +, Bill wrote: > > >Just learning basics of fiber communication. > > > > Btw, optical communication is indeed an interesting topic. Does anyone >have > > a recommendation for a good book on this? I would be very interested in a > > book (let alone web site) that explains the fundamental principles > > (modulation, dispersion, spectral width, etc) in a great detail, but > > without making my brain explode with thousands of formulas. (Yeah, I know, > > it's not an easy request.) > > > > For example, why exactly do we need that conditioning cable when >connecting > > a MM cable to a SM interface? > > > > Thanks, > > > > Zsombor > > > > > I am not sure about which fiber > > >cable I saw but it was orange and basically connected two 3550's >together. > > > > > >The fiber had two connectors on each side. One was blue and the other was > > >red. > > > > > >How is it normally connected? I guess the switch ports are receive and > > >transmit. So, does that mean if you connect red on the left port on one > > >switch, you would connect the red on the other side of the cable to the > > >right port of the switch? > > > > > >Thx > > >bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72558&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
1601 flash card. [7:72560]
Can this type of flash card be installed in a notebook PCMCIA slot to copy
files?
"This e-mail may contain confidential information and may be legally
privileged and is intended only for the person to whom it is addressed. If
you are not the intended recipient, you are notified that you may not use,
distribute or copy this document in any manner whatsoever. Kindly also
notify the sender immediately by telephone, and delete the e-mail. When
addressed to clients of the company from where this e-mail originates ("the
sending company ") any opinion or advice contained in this e-mail is subject
to the terms and conditions expressed in any applicable terms of business or
client engagement letter . The sending company does not accept liability for
any damage, loss or expense arising from this e-mail and/or from the
accessing of any files attached to this e-mail."
"At present, the integrity of e-mail across the Internet cannot be
guaranteed and messages sent via this medium are potentially at risk. The
recipient should scan any attached files for viruses. All liability arising
as a result of the use of this medium to transmit information by or to
e-Innovation is excluded to the extent permitted by law."
>>>
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72560&t=72560
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
Zsombor Papp wrote: > For example, why exactly do we need that conditioning cable when connecting > a MM cable to a SM interface? Because some MM cable has a small flaw exactly in the center of the fiber (depending on the fabrication process, I believe). The MM interface isn't bothered by it because it completely fills the entire fiber, but the SM interface doesn't; it would run slam-bang into the flaw. What the conditioning cable does is slightly offset the SM laser from the center of the MM fiber, avoiding the flaw. That's also why you don't always need it; if your MM fiber is made differently, it may not have that flaw. At least, that's how I always understood it. Regards, Marco. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72562&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Topics covered for the CID 640-025 exam?? [7:72479]
Dear Cisco Nuts, Okay, they will ask some questions on desktop networking: broadcasts and that kind of stuff. I think you have to read that chapter in the CID book (Windows Networking). Otherwise, you should be fine with Cisco Internetwork Design (CID) course book: know it inside out because everything is there, and it can confuse if not covered thoroughly. I did it twice, but should have done it once actually. Good weekend. Mwalie Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72561&t=72479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
3524XL Error Message [7:72563]
Folks, I am troubleshooting the 3524XL and get the following message at the boot. C3500XL POST FAILURE: front-end post: GigabitEthernet0/2: C3500XL POST FAILURE: looped-back packet not received It is connected to 2950G-24. 2950 is seeing the 3524XL via CDP, but not vice versa. Has anyone seen this error messgae/condition? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72563&t=72563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CISCO RADIUS [7:72564]
Hi Team Can someone shed some lights on CiscoRadus .books or links are welcome Cheers Rohit Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72564&t=72564 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: a really big bug [7:72463]
I am glad you are not representative of the current Cisco Culture. Your attitude in this matter really is not acceptable and I would hope that Cisco's attitude would be better. Any exploit hypothetical or not quickly spreads acrossed the internet faster then Bill Gates can find another security flaw in Windows. My Solaris Servers that face the internet are under constant bombardment from would be windows script kiddies. It doesm't matter to them whether I have a Solaris System or a Windows System. They want to be real hackers and will try anything that is posted. This applies to other systems as well. Cisco has the major market share and therefore is the primary target. Cisco is not Microsoft, and never has been. They have always put their flaws right in peoples faces. The infamous SNMP bug was published and fixed long before CERT published it. Cisco has a PSIRT team whose soul function in life is security risk accessment. I have never known Cisco to call a potential Security threat "Entertainment". Perhaps we should send your response to this to John Chambers and see what he will say. I still remember his e-mail address since I too am an ex-cisco employee. Regards, Pete Peter P. Benac, CCNA Emacolet Networking Services, Inc Providing Systems and Network Consulting, Training, Web Hosting Services Phone: 919-847-1740 or 866-701-2345 Web: http://www.emacolet.com Need quick reliable Systems or Network Management advice visit http://www.nmsusers.org To have principles... First have courage.. With principles comes integrity!!! I sincerly hope that Cisco is not becoming Microsoft. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72565&t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a really big bug [7:72463]
On Dec 7, 2:55pm, "Kazan, Naim" wrote: } } Cisco advised us of a new catastrophic bug CSCeb56052 within the new IOS. I tried looking that one up and got an error saying that it couldn't be displayed. }-- End of excerpt from "Kazan, Naim" Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72566&t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
PIX translation problem [7:72567]
have anybody seen this message. 07-15-2003 13:55:38Local4.Error192.168.1.1 Jul 15 2003 09:53:35: %PIX-3-202001: Out of address translation slots! I told the customer to change the translation time-out Greg Owens 202-398-2552 [GroupStudy removed an attachment with a content-type header it could not parse.] [Content-Type: null; name="replyAll"] Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72567&t=72567 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: route commands [7:72406]
>The URL is for partners only. Where are the tech notes for us lowly >non-partner users? > >Priscilla it is here http://www.cisco.com/en/US/tech/tk365/tk80/technologies_tech_note09186a00800ef7b2.shtml Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72568&t=72406 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Free Cisco IPv4 vulnerability seminar today 7/18 [7:72569]
Hi Everyone, Global Knowledge is offering a free seminar on the new IPv4 DoS vulnerability. I have been allowed to invite the GroupStudy members to the seminar as I think some of you will find it interesting. Here is the complete invite. Sorry for the late invite . I just found out about it myself: Foundstone Security Briefings: Cisco IPv4 Remote Denial of Service Vulnerability You're invited to a Special Web Seminar today covering this critical vulnerability. Earlier this week Cisco announced a serious vulnerability for all Cisco devices that implement and are configured to process Internet Protocol version 4 (IPv4) packets. Foundstone Labs, first to respond to this serious risk, is offering this Security Briefing as part of a coordinated effort designed to protect current customers and other organizations. This vulnerability should be considered extremely critical due to the impact and ease-of-exploitation. Devices are vulnerable to a Denial of Service (DoS) attack and although no known exploit has been yet identified, a complex purposely malicious sequence of IPv4 packets targeted to a vulnerable Cisco switch or router can cause the processing interface to stop processing traffic. This vulnerability can be executed by remote unauthenticated users with mere knowledge of at least one interface IP address. Web Seminar Outline Introduction Overview of Cisco IOS Issues Analysis of the Cisco IOS Vulnerability Understanding the Impact Protection Mechanisms Questions and Answers Date: July 18, 2003 Time: 11:00 am EST To register: http://www.globalknowledge.com/training/course.asp?pageid=10 &courseid=8157&c atid=248&methodid=s&country=United+States&translation=English &courseid=8157& catid=248&methodid=s&country=United+States&translation=English> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72569&t=72569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: a really big bug [7:72463]
Oh man... Now Fred *and* Pete are on this list? What is happening to this place?? :-) It's good to see both of you here. John >>> Peter Benac 7/18/03 6:20:47 AM >>> I am glad you are not representative of the current Cisco Culture. Your attitude in this matter really is not acceptable and I would hope that Cisco's attitude would be better. Any exploit hypothetical or not quickly spreads acrossed the internet faster then Bill Gates can find another security flaw in Windows. My Solaris Servers that face the internet are under constant bombardment from would be windows script kiddies. It doesm't matter to them whether I have a Solaris System or a Windows System. They want to be real hackers and will try anything that is posted. This applies to other systems as well. Cisco has the major market share and therefore is the primary target. Cisco is not Microsoft, and never has been. They have always put their flaws right in peoples faces. The infamous SNMP bug was published and fixed long before CERT published it. Cisco has a PSIRT team whose soul function in life is security risk accessment. I have never known Cisco to call a potential Security threat "Entertainment". Perhaps we should send your response to this to John Chambers and see what he will say. I still remember his e-mail address since I too am an ex-cisco employee. Regards, Pete Peter P. Benac, CCNA Emacolet Networking Services, Inc Providing Systems and Network Consulting, Training, Web Hosting Services Phone: 919-847-1740 or 866-701-2345 Web: http://www.emacolet.com Need quick reliable Systems or Network Management advice visit http://www.nmsusers.org To have principles... First have courage.. With principles comes integrity!!! I sincerly hope that Cisco is not becoming Microsoft. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72571&t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3524XL Error Message [7:72563]
Firesox 7/18/03 6:03:15 AM >>> >Folks, >I am troubleshooting the 3524XL and get the following message at the boot. > >C3500XL POST FAILURE: front-end post: GigabitEthernet0/2: > >C3500XL POST FAILURE: looped-back packet not received > >It is connected to 2950G-24. 2950 is seeing the 3524XL via CDP, but not >vice versa. > >Has anyone seen this error messgae/condition? > >Thanks in advance. > http://www.cisco.com/warp/public/473/164.html#topicsub1 It appears that your 3500XL has faulty hardware on that interface. If this is a new switch you need to return it with an RMA, or you can get a replacement if you have it under contract. HTH, John Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72572&t=72563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: a really big bug [7:72463]
Perhaps you slightly misunderstood my "attitude" and are jumping to conclusions so that you can put a convenient label on me. I am not saying that Cisco should keep security problems a secret, rather that dissemination of information about sensitive issues posing a security threat to many should be carefully considered and coordinated. If you have access to the applicable bug reports, you will see that it was exactly the PSIRT team who carefully edited/removed all enclosures to make sure that the information necessary to reproduce the attack is not easily extracted. All the protocol names were replaced by XXX, for example. Personally, I was impressed by the thorough job they did. The only hints I could find were the code diffs. Now, does this mean that Cisco wants to hide the problems? Not at all. As you say, Cisco has always been good at publishing security flaws. The Security Advisory in question is still being updated, too. So I think Cisco has deserved some patience and the right to decide when to publish what information. Having said that, I am not writing to this mailing list as a representative of Cisco. What I say is my personal opinion (and believe it or not, it is not influenced by the fact that I work for Cisco -- only what I do *not* say is influenced by that fact). I am using my Cisco email because it is convenient. I have hoped that people on this list are mature enough to realize this, but perhaps I was wrong. I will switch to Yahoo now. > Perhaps we should send your response to this to John >Chambers and see what he will say. Will you also tell your daddy/bigger brother about me? :) Thanks, Zsombor At 11:43 AM 7/18/2003 +, Peter Benac wrote: >I am glad you are not representative of the current Cisco Culture. > >Your attitude in this matter really is not acceptable and I would hope that >Cisco's attitude would be better. > >Any exploit hypothetical or not quickly spreads acrossed the internet faster >then Bill Gates can find another security flaw in Windows. > >My Solaris Servers that face the internet are under constant bombardment >from would be windows script kiddies. It doesm't matter to them whether I >have a Solaris System or a Windows System. They want to be real hackers and >will try anything that is posted. This applies to other systems as well. >Cisco has the major market share and therefore is the primary target. > >Cisco is not Microsoft, and never has been. They have always put their flaws >right in peoples faces. The infamous SNMP bug was published and fixed long >before CERT published it. Cisco has a PSIRT team whose soul function in life >is security risk accessment. > >I have never known Cisco to call a potential Security threat >"Entertainment". Perhaps we should send your response to this to John >Chambers and see what he will say. > >I still remember his e-mail address since I too am an ex-cisco employee. > >Regards, >Pete > >Peter P. Benac, CCNA >Emacolet Networking Services, Inc >Providing Systems and Network Consulting, Training, Web Hosting Services >Phone: 919-847-1740 or 866-701-2345 >Web: http://www.emacolet.com >Need quick reliable Systems or Network Management advice visit >http://www.nmsusers.org > >To have principles... > First have courage.. With principles comes integrity!!! > > > >I sincerly hope that Cisco is not becoming Microsoft. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72570&t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 1601 flash card. [7:72560]
No, the formats are different.
""Johan Bornman"" wrote in message
news:[EMAIL PROTECTED]
> Can this type of flash card be installed in a notebook PCMCIA slot to copy
> files?
>
>
>
> "This e-mail may contain confidential information and may be legally
> privileged and is intended only for the person to whom it is addressed. If
> you are not the intended recipient, you are notified that you may not use,
> distribute or copy this document in any manner whatsoever. Kindly also
> notify the sender immediately by telephone, and delete the e-mail. When
> addressed to clients of the company from where this e-mail originates
("the
> sending company ") any opinion or advice contained in this e-mail is
subject
> to the terms and conditions expressed in any applicable terms of business
or
> client engagement letter . The sending company does not accept liability
for
> any damage, loss or expense arising from this e-mail and/or from the
> accessing of any files attached to this e-mail."
>
> "At present, the integrity of e-mail across the Internet cannot be
> guaranteed and messages sent via this medium are potentially at risk. The
> recipient should scan any attached files for viruses. All liability
arising
> as a result of the use of this medium to transmit information by or to
> e-Innovation is excluded to the extent permitted by law."
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72575&t=72560
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3524XL Error Message [7:72563]
Sounds like the transmit on the 3524 and the receive on the 2950 is OK. The transmit on the 2950 or the receive on the 3524 seems to be suspect. Is there another box with a gig interface to which you can connect the 3524 to test it? A spare GBIC to test? Try reseating the GBIC or cleaning the fiber connection - I'll leave that to those with more experience in that area to describe the proper method to use. > -Original Message- > From: Firesox [mailto:[EMAIL PROTECTED] > Sent: Friday, July 18, 2003 6:20 AM > To: [EMAIL PROTECTED] > Subject: 3524XL Error Message [7:72563] > > > Folks, > I am troubleshooting the 3524XL and get the following message > at the boot. > > C3500XL POST FAILURE: front-end post: GigabitEthernet0/2: > > C3500XL POST FAILURE: looped-back packet not received > > > > It is connected to 2950G-24. 2950 is seeing the 3524XL via > CDP, but not > vice versa. > > > > Has anyone seen this error messgae/condition? > > > > Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72577&t=72563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Speaking of PIX Translation Problems... [7:72573]
I thought I'd share an embarrassing moment from yesterday in hopes that
others will learn from my mistake.
I have a router on the outside of a firewall that needed to be upgraded
after the advisory yesterday. In order to reach the TFTP server I needed to
add a static translation in the PIX. No problem. I should also mention that
this server is one of our internal DNS servers.
The file transfer doesn't take long at all and I remove the conduit and
static translation from the PIX as soon as I'm done. As far as I'm concerned
this is the end of it. I was wrong.
We later start receiving reports that certain web pages have become
inaccessible, while others are still responding. My first thought is that
I've hosed something with the IOS upgrade, but after checking things out I
was satisfied that everything there was working properly. So, I check the
firewall logs which leads me to check the xlate table. Lo and behold, the
static translation that I'd previously added--and removed--is still there!
[I hear knowing laughter already.] It's in the table but somehow traffic is
being hosed. Our DNS server is sending queries to our external server and
replies are coming back, but something is wrong and communications continue
to fail. I clear the xlate table and all is immediately fixed. This caused a
fair amount of irritation with me but my boss was even more irritated.
I presumed this was a 'feature' or a bug because it was my _assumption_ that
the removal of the static translation from the config would also clear it
from the xlate table. Wrong! I looked up the command on CCO and there is
this little tidbit:
"Usage Guidelines
The clear xlate command clears the contents of the translation slots.
("xlate" means translation slot.) The show xlate command displays the
contents of only the translation slots.
Translation slots can persist after key changes have been made. Always use
the clear xlate command after adding, changing, or removing the aaa-server,
access-list, alias, conduit, global, nat, route, or static commands in your
configuration."
So, there are two morals to this story. First, don't get into the habit of
making assumptions about commands that you think you're familiar with,
because there may be unforeseen consequences. Second, don't get into the
habit of making changes to critical production equipment even when you think
those changes are insignificant.
Of course, I'll continue to make what I think are insignificant changes but
I'm going to be a lot more careful in the future.
Let that be a lesson to you,
John
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72573&t=72573
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a really big bug [7:72463]
I would like the opinion of the group as to what they are suggesting to customers or doing on there own network. I am of the opinion that as long as the network (Intranet) has been correctly protected, firewalls/ACL on the perimeter and that the internal network device IP's are not accessible from the Internet there should be no immediate requirement to go through the entire network upgrading the IOS. This could introduce some new bug/issue into the network that will have more catastrophic consequences than the remote possibility of someone attacking a router/switch and causing a port to stop forwarding packets for a small time period. The work around for fixing a device that has been attacked is to simply increase the Input buffer (this will allow the port to start forwarding packets again) and then schedule a reload. This is much more predictable than introducing a new bug (known or unknown) into the network by upgrading all the devices. If there was already a project underway to upgrade the network then obviously upgrade to the fixed versions. So my stand point is to ensure that the perimeter devices offer the required protection against this attack and not upgrade a stable and functional network based only on this vulnerability. Again this is my opinion and I just want to find out if I am way off base or if this is what other professionals are doing. Thanks Doug -Original Message- From: Peter Benac [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 7:44 AM To: [EMAIL PROTECTED] Subject: Re: a really big bug [7:72463] I am glad you are not representative of the current Cisco Culture. Your attitude in this matter really is not acceptable and I would hope that Cisco's attitude would be better. Any exploit hypothetical or not quickly spreads acrossed the internet faster then Bill Gates can find another security flaw in Windows. My Solaris Servers that face the internet are under constant bombardment from would be windows script kiddies. It doesm't matter to them whether I have a Solaris System or a Windows System. They want to be real hackers and will try anything that is posted. This applies to other systems as well. Cisco has the major market share and therefore is the primary target. Cisco is not Microsoft, and never has been. They have always put their flaws right in peoples faces. The infamous SNMP bug was published and fixed long before CERT published it. Cisco has a PSIRT team whose soul function in life is security risk accessment. I have never known Cisco to call a potential Security threat "Entertainment". Perhaps we should send your response to this to John Chambers and see what he will say. I still remember his e-mail address since I too am an ex-cisco employee. Regards, Pete Peter P. Benac, CCNA Emacolet Networking Services, Inc Providing Systems and Network Consulting, Training, Web Hosting Services Phone: 919-847-1740 or 866-701-2345 Web: http://www.emacolet.com Need quick reliable Systems or Network Management advice visit http://www.nmsusers.org To have principles... First have courage.. With principles comes integrity!!! I sincerly hope that Cisco is not becoming Microsoft. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72574&t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: a really big bug [7:72463]
Zsombor Papp 7/18/03 8:40:09 AM >>> >Perhaps you slightly misunderstood my "attitude" and are jumping to >conclusions so that you can put a convenient label on me. >From my vantage point this does seem to be a misunderstanding among those involved. I don't think people were trying to label you, per say, they just sensed that you were 'copping an attitude' when it sounds like you weren't. My vote is that we chalk it up to misunderstanding, knowing that postings and emails often don't do a great job of conveying intent or emotion. Regarding your change of address, I'd prefer that you stick with the Cisco address. There are a few participants that work for Cisco and we all understand that they participate for personal reasons, not as official representatives of Cisco. Besides, the last thing we need is more Yahoo users. ;-) Regards, John > >I am not saying that Cisco should keep security problems a secret, rather >that dissemination of information about sensitive issues posing a security >threat to many should be carefully considered and coordinated. > >If you have access to the applicable bug reports, you will see that it was >exactly the PSIRT team who carefully edited/removed all enclosures to make >sure that the information necessary to reproduce the attack is not easily >extracted. All the protocol names were replaced by XXX, for example. >Personally, I was impressed by the thorough job they did. The only hints I >could find were the code diffs. > >Now, does this mean that Cisco wants to hide the problems? Not at all. As >you say, Cisco has always been good at publishing security flaws. The >Security Advisory in question is still being updated, too. So I think Cisco >has deserved some patience and the right to decide when to publish what >information. > >Having said that, I am not writing to this mailing list as a representative >of Cisco. What I say is my personal opinion (and believe it or not, it is >not influenced by the fact that I work for Cisco -- only what I do *not* >say is influenced by that fact). I am using my Cisco email because it is >convenient. I have hoped that people on this list are mature enough to >realize this, but perhaps I was wrong. I will switch to Yahoo now. > >> Perhaps we should send your response to this to John >>Chambers and see what he will say. > >Will you also tell your daddy/bigger brother about me? :) > >Thanks, > >Zsombor > >At 11:43 AM 7/18/2003 +, Peter Benac wrote: >>I am glad you are not representative of the current Cisco Culture. >> >>Your attitude in this matter really is not acceptable and I would hope that >>Cisco's attitude would be better. >> >>Any exploit hypothetical or not quickly spreads acrossed the internet faster >>then Bill Gates can find another security flaw in Windows. >> >>My Solaris Servers that face the internet are under constant bombardment >>from would be windows script kiddies. It doesm't matter to them whether I >>have a Solaris System or a Windows System. They want to be real hackers and >>will try anything that is posted. This applies to other systems as well. >>Cisco has the major market share and therefore is the primary target. >> >>Cisco is not Microsoft, and never has been. They have always put their flaws >>right in peoples faces. The infamous SNMP bug was published and fixed long >>before CERT published it. Cisco has a PSIRT team whose soul function in life >>is security risk accessment. >> >>I have never known Cisco to call a potential Security threat >>"Entertainment". Perhaps we should send your response to this to John >>Chambers and see what he will say. >> >>I still remember his e-mail address since I too am an ex-cisco employee. >> >>Regards, >>Pete >> >>Peter P. Benac, CCNA >>Emacolet Networking Services, Inc >>Providing Systems and Network Consulting, Training, Web Hosting Services >>Phone: 919-847-1740 or 866-701-2345 >>Web: http://www.emacolet.com >>Need quick reliable Systems or Network Management advice visit >>http://www.nmsusers.org >> >>To have principles... >> First have courage.. With principles comes integrity!!! >> >> >> >>I sincerly hope that Cisco is not becoming Microsoft. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72576&t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Free Cisco IPv4 vulnerability seminar today 7/18 [7:72569]
Is it possible to get the material presented at this seminar? Thanks, Zsombor At 02:03 PM 7/18/2003 +, Paul Borghese wrote: Hi Everyone, Global Knowledge is offering a free seminar on the new IPv4 DoS vulnerability. I have been allowed to invite the GroupStudy members to the seminar as I think some of you will find it interesting. Here is the complete invite. Sorry for the late invite . I just found out about it myself: __ Do you Yahoo!? The New Yahoo! Search - Faster. Easier. Bingo. http://search.yahoo.com Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72578&t=72569 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Speaking of PIX Translation Problems... [7:72573]
John,
That's not so bad. I have been aware of that fact for quite some time, but
still continue to forget to issue a clear xlate about half the time. So
which is worse, ignorance or stupidity?
Robert
""John Neiberger"" wrote in message
news:[EMAIL PROTECTED]
> I thought I'd share an embarrassing moment from yesterday in hopes that
> others will learn from my mistake.
>
> I have a router on the outside of a firewall that needed to be upgraded
> after the advisory yesterday. In order to reach the TFTP server I needed
to
> add a static translation in the PIX. No problem. I should also mention
that
> this server is one of our internal DNS servers.
>
> The file transfer doesn't take long at all and I remove the conduit and
> static translation from the PIX as soon as I'm done. As far as I'm
concerned
> this is the end of it. I was wrong.
>
> We later start receiving reports that certain web pages have become
> inaccessible, while others are still responding. My first thought is that
> I've hosed something with the IOS upgrade, but after checking things out I
> was satisfied that everything there was working properly. So, I check the
> firewall logs which leads me to check the xlate table. Lo and behold, the
> static translation that I'd previously added--and removed--is still there!
> [I hear knowing laughter already.] It's in the table but somehow traffic
is
> being hosed. Our DNS server is sending queries to our external server and
> replies are coming back, but something is wrong and communications
continue
> to fail. I clear the xlate table and all is immediately fixed. This caused
a
> fair amount of irritation with me but my boss was even more irritated.
>
> I presumed this was a 'feature' or a bug because it was my _assumption_
that
> the removal of the static translation from the config would also clear it
> from the xlate table. Wrong! I looked up the command on CCO and there is
> this little tidbit:
>
> "Usage Guidelines
>
> The clear xlate command clears the contents of the translation slots.
> ("xlate" means translation slot.) The show xlate command displays the
> contents of only the translation slots.
>
> Translation slots can persist after key changes have been made. Always use
> the clear xlate command after adding, changing, or removing the
aaa-server,
> access-list, alias, conduit, global, nat, route, or static commands in
your
> configuration."
>
> So, there are two morals to this story. First, don't get into the habit of
> making assumptions about commands that you think you're familiar with,
> because there may be unforeseen consequences. Second, don't get into the
> habit of making changes to critical production equipment even when you
think
> those changes are insignificant.
>
> Of course, I'll continue to make what I think are insignificant changes
but
> I'm going to be a lot more careful in the future.
>
> Let that be a lesson to you,
> John
Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=72579&t=72573
--
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: 3524XL Error Message [7:72563]
Yes, I have seen it on one of my boxes. It's a hardware problem. Open a TAC case and they'll probably RMA it. Shawn K. -Original Message- From: Firesox [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 7:20 AM To: [EMAIL PROTECTED] Subject: 3524XL Error Message [7:72563] Folks, I am troubleshooting the 3524XL and get the following message at the boot. C3500XL POST FAILURE: front-end post: GigabitEthernet0/2: C3500XL POST FAILURE: looped-back packet not received It is connected to 2950G-24. 2950 is seeing the 3524XL via CDP, but not vice versa. Has anyone seen this error messgae/condition? Thanks in advance. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72580&t=72563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Fiber Question [7:72544]
if you are an EE, or desire that level of intimacy with the physical layer, AND you have LOTS of spare cash, you can always join IEEE and buy all their docs on the subject. ;-> ""Zsombor Papp"" wrote in message news:[EMAIL PROTECTED] > At 03:55 AM 7/18/2003 +, "Chuck Whose Road is Ever Shorter" wrote: > >""Zsombor Papp"" wrote in message > >news:[EMAIL PROTECTED] > > > At 01:20 AM 7/18/2003 +, Bill wrote: > > > >Just learning basics of fiber communication. > > > > > > Btw, optical communication is indeed an interesting topic. Does anyone > >have > > > a recommendation for a good book on this? I would be very interested in a > > > book (let alone web site) that explains the fundamental principles > > > (modulation, dispersion, spectral width, etc) in a great detail, but > > > without making my brain explode with thousands of formulas. (Yeah, I > know, > > > it's not an easy request.) > > > > > > For example, why exactly do we need that conditioning cable when > >connecting > > > a MM cable to a SM interface? > > > > > >not that CCO necessarily provides intimate technical details, but if you > >read the footnotes you can infer that it has to do with laser strength and > >signal saturation. > > That's probably just one part of the problem. That same footnote goes on to > say that "mode-conditioning patch cord is required for link distances > *greater* than 984 feet". Surely the signal doesn't get stronger as the > distance increases? > > See also this page: > > http://www.l-com.com/content/ResourceCenter/Tips/pages/fiber_06.htm > > which talks about Differential Mode Delay (DMD) and hints about the > importance of positioning the SM core against the MM core. This DMD sounds > like modal dispersion, but if it really is modal dispersion, then why is > the SM interface affected more by this than the MM interface? > > Btw, as for the laser strength and saturation, I am also wondering why that > doesn't present a problem with SM cables. Because the small core doesn't > carry as much energy as the large core of the MM cable? Or maybe it is a > problem even for SM, they just assume that you wouldn't use SM cable for a > distance measured in "10s of meters"? > > Thanks, > > Zsombor > > > >http://www.cisco.com/en/US/products/hw/modules/ps872/products_data_sheet091 86a008014cb5e.html > >watch the wrap. > > > >probably the same reason why the minimum length of a fiber patch ( > >multimode ) is 3 meters / 10 foot > > > > > > > > > > Thanks, > > > > > > Zsombor > > > > > > > I am not sure about which fiber > > > >cable I saw but it was orange and basically connected two 3550's > >together. > > > > > > > >The fiber had two connectors on each side. One was blue and the other > was > > > >red. > > > > > > > >How is it normally connected? I guess the switch ports are receive and > > > >transmit. So, does that mean if you connect red on the left port on one > > > >switch, you would connect the red on the other side of the cable to the > > > >right port of the switch? > > > > > > > >Thx > > > >bill Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72581&t=72544 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a really big bug [7:72463]
I do not agree, although I believe my own co-worker does. Where do you think attacks on the Internet are launched from? Yes, there may be some looser of a person (script kiddie) launching an attack from their home network, but I'd guess that a fair amount of attacks are launched from inside corporate networks (or universities). With that said, it is obvious that the first and most important fix be on the outside, Internet accessible, IOS devices. However, I do not believe that internal devices are immune. They will be until easy-to-use exploit tools become available (how many organizations have competent black-hats inside their network that will be capable of determining the magic packets on their own?), but I wouldn't be willing to bet on that timeframe. It sounds to me, from my reading of the advisory, that it's a little more complicated than "simply increasing the input buffer." With a default of 75 on some routers, it wouldn't take that much traffic to completely block ALL interfaces on a device so that you couldn't even get to it to increase the buffers, and it doesn't take a rocket scientist to figure that out. In all likelihood an attack would spew out the appropriate number of packets to all router interfaces in your entire network, that's what I would do if I were launching an attack, a task likely accomplishable in a small number of seconds. Because of this, you may not even be able to determine where the attack was coming from, and your entire network would be down until you manually reset each IOS device, even at remote sites, which may take quite a while to do. As soon as you reset the device, its interfaces would be blocked again. So, your only recourse would be to unplug the device from the network entirely, upgrade the IOS, and then put it back in the network. Actually, it may not be as bad as that. Wherever the attack is originating from wouldn't be able to get past their immediate default router once it was blocked. So, a successful system-wide attack would have to start at the edges of the network, disabling them and then moving towards the attacker. Still doable in a short amount of time, but some planning would be required. It would also mean that you would need to start rebooting / upgrading at your network edge before you tackle the core (assuming the attacker was at the core) because as soon as you opened up the core then the attacker would be able to disable the network again. This could be a way of finding the attacker. Unless it is designed as a DDoS. Then you are screwed. In order to defend against an attack you need to imagine how you would devise one. I'd be willing to bet that I could disable your whole entire network if I were given access inside somehow (VPN, dial-up, etc), and I had access to the magic packets. Will this doomsday scenario materialize quickly? I don't believe so. However, since I build and support networks in hospitals not doing anything is not an option. Keep in mind that most hospitals have a hard time scheduling time for maintenance. It will likely take a few months to get all devices upgraded. (Scheduling at night is sometimes not better than in the morning, as after dark and after bars close is usually not a good time to have the lab interface, or MRI devices, off-line. Shift change is also usually not a good option, nor is the time that doctors make their rounds). My recommendation would be to upgrade all IOS devices as maintenance windows allow. At a minimum install the ACLs that Cisco recommends on all routers immediately. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Robertson, Douglas [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 10:34 AM To: [EMAIL PROTECTED] Subject: RE: a really big bug [7:72463] I would like the opinion of the group as to what they are suggesting to customers or doing on there own network. I am of the opinion that as long as the network (Intranet) has been correctly protected, firewalls/ACL on the perimeter and that the internal network device IP's are not accessible from the Internet there should be no immediate requirement to go through the entire network upgrading the IOS. This could introduce some new bug/issue into the network that will have more catastrophic consequences than the remote possibility of someone attacking a router/switch and causing a port to stop forwarding packets for a small time period. The w
RE: Topics covered for the CID 640-025 exam?? [7:72479]
Well, thank you.someone finally responded!! :-) I will definitely go over the Windows networking part but how about those other topics that I mentioned.Are they going to be asked at all? I do not see these topics listed under the exam topics on CCO. When did you take your exam? Things might have changed but I am not sure. Please advise. Thank you. CN >From: "Mwalie W" >Reply-To: "Mwalie W" >To: [EMAIL PROTECTED] >Subject: RE: Topics covered for the CID 640-025 exam?? [7:72479] >Date: Fri, 18 Jul 2003 08:37:03 GMT > >Dear Cisco Nuts, > >Okay, they will ask some questions on desktop networking: broadcasts and >that kind of stuff. I think you have to read that chapter in the CID book >(Windows Networking). > >Otherwise, you should be fine with Cisco Internetwork Design (CID) course >book: know it inside out because everything is there, and it can confuse if >not covered thoroughly. > >I did it twice, but should have done it once actually. > >Good weekend. > >Mwalie misconduct and Nondisclosure violations to [EMAIL PROTECTED] Protect your PC - Click here for McAfee.com VirusScan Online Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72583&t=72479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a really big bug [7:72463]
We installed acl's on all our routers last night, which was the Workaround.. Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Robertson, Douglas Sent: Friday, July 18, 2003 7:34 AM To: [EMAIL PROTECTED] Subject: RE: a really big bug [7:72463] I would like the opinion of the group as to what they are suggesting to customers or doing on there own network. I am of the opinion that as long as the network (Intranet) has been correctly protected, firewalls/ACL on the perimeter and that the internal network device IP's are not accessible from the Internet there should be no immediate requirement to go through the entire network upgrading the IOS. This could introduce some new bug/issue into the network that will have more catastrophic consequences than the remote possibility of someone attacking a router/switch and causing a port to stop forwarding packets for a small time period. The work around for fixing a device that has been attacked is to simply increase the Input buffer (this will allow the port to start forwarding packets again) and then schedule a reload. This is much more predictable than introducing a new bug (known or unknown) into the network by upgrading all the devices. If there was already a project underway to upgrade the network then obviously upgrade to the fixed versions. So my stand point is to ensure that the perimeter devices offer the required protection against this attack and not upgrade a stable and functional network based only on this vulnerability. Again this is my opinion and I just want to find out if I am way off base or if this is what other professionals are doing. Thanks Doug -Original Message- From: Peter Benac [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 7:44 AM To: [EMAIL PROTECTED] Subject: Re: a really big bug [7:72463] I am glad you are not representative of the current Cisco Culture. Your attitude in this matter really is not acceptable and I would hope that Cisco's attitude would be better. Any exploit hypothetical or not quickly spreads acrossed the internet faster then Bill Gates can find another security flaw in Windows. My Solaris Servers that face the internet are under constant bombardment from would be windows script kiddies. It doesm't matter to them whether I have a Solaris System or a Windows System. They want to be real hackers and will try anything that is posted. This applies to other systems as well. Cisco has the major market share and therefore is the primary target. Cisco is not Microsoft, and never has been. They have always put their flaws right in peoples faces. The infamous SNMP bug was published and fixed long before CERT published it. Cisco has a PSIRT team whose soul function in life is security risk accessment. I have never known Cisco to call a potential Security threat "Entertainment". Perhaps we should send your response to this to John Chambers and see what he will say. I still remember his e-mail address since I too am an ex-cisco employee. Regards, Pete Peter P. Benac, CCNA Emacolet Networking Services, Inc Providing Systems and Network Consulting, Training, Web Hosting Services Phone: 919-847-1740 or 866-701-2345 Web: http://www.emacolet.com Need quick reliable Systems or Network Management advice visit http://www.nmsusers.org To have principles... First have courage.. With principles comes integrity!!! I sincerly hope that Cisco is not becoming Microsoft. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72582&t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Two ABRs on the same area - requirements [7:72587]
Can you see any mistake in the following network? Rx ---area 5--R2area 0---R3- || area 0 | || Ry ---area 5--R1-area 0-- R1, R2 and R3 are connected through area 0. R1 and R2 are ABRs for area 5. I am wondering if R1 and R2 should be connected through area 5 for a better design. The bad situation I see is that Rx and Ry will have different databases, although they are in the same area. From the routing table standpoint there will be conectivity. Any Thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72587&t=72587 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
what cable do I need [7:72585]
I've got two 2621XM routers with WIC-1DSU-T1 cards in them here at work to play around with, I want to mimic a serial connection between the two 2621's via the WIC, any idea as to what cable I need to use or a Cisco part number so I can connect these to routers together ? TIA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72585&t=72585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: 3524XL Error Message [7:72563]
On Friday 18 July 2003 10:47, you wrote: > Yes, I have seen it on one of my boxes. It's a hardware problem. Open a TAC > case and they'll probably RMA it. > > Shawn K. > > -Original Message- > From: Firesox [mailto:[EMAIL PROTECTED] > Sent: Friday, July 18, 2003 7:20 AM > To: [EMAIL PROTECTED] > Subject: 3524XL Error Message [7:72563] > > Folks, > I am troubleshooting the 3524XL and get the following message at the boot. > > C3500XL POST FAILURE: front-end post: GigabitEthernet0/2: > > C3500XL POST FAILURE: looped-back packet not received > > > > It is connected to 2950G-24. 2950 is seeing the 3524XL via CDP, but not > vice versa. > > > > Has anyone seen this error messgae/condition? > > > > Thanks in advance. Yea, I've got a couple 3524 with the FastEthernet's out. They seem to go in blocks of 4 ports at a time for those. Haven't seen GigE's drop though... yet. Definatlly hardware, like a circut protection device popped. Dunno about that for optical though. Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72586&t=72563 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a really big bug [7:72463]
Pete just informed me that CERT just released an advisory that the exploit was posted publicly. Sure glad I didn't bet on the timeframe! Plus, there are indications that this has been seen "in the wild." Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: Reimer, Fred [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 1:13 PM To: [EMAIL PROTECTED] Subject: RE: a really big bug [7:72463] I do not agree, although I believe my own co-worker does. Where do you think attacks on the Internet are launched from? Yes, there may be some looser of a person (script kiddie) launching an attack from their home network, but I'd guess that a fair amount of attacks are launched from inside corporate networks (or universities). With that said, it is obvious that the first and most important fix be on the outside, Internet accessible, IOS devices. However, I do not believe that internal devices are immune. They will be until easy-to-use exploit tools become available (how many organizations have competent black-hats inside their network that will be capable of determining the magic packets on their own?), but I wouldn't be willing to bet on that timeframe. It sounds to me, from my reading of the advisory, that it's a little more complicated than "simply increasing the input buffer." With a default of 75 on some routers, it wouldn't take that much traffic to completely block ALL interfaces on a device so that you couldn't even get to it to increase the buffers, and it doesn't take a rocket scientist to figure that out. In all likelihood an attack would spew out the appropriate number of packets to all router interfaces in your entire network, that's what I would do if I were launching an attack, a task likely accomplishable in a small number of seconds. Because of this, you may not even be able to determine where the attack was coming from, and your entire network would be down until you manually reset each IOS device, even at remote sites, which may take quite a while to do. As soon as you reset the device, its interfaces would be blocked again. So, your only recourse would be to unplug the device from the network entirely, upgrade the IOS, and then put it back in the network. Actually, it may not be as bad as that. Wherever the attack is originating from wouldn't be able to get past their immediate default router once it was blocked. So, a successful system-wide attack would have to start at the edges of the network, disabling them and then moving towards the attacker. Still doable in a short amount of time, but some planning would be required. It would also mean that you would need to start rebooting / upgrading at your network edge before you tackle the core (assuming the attacker was at the core) because as soon as you opened up the core then the attacker would be able to disable the network again. This could be a way of finding the attacker. Unless it is designed as a DDoS. Then you are screwed. In order to defend against an attack you need to imagine how you would devise one. I'd be willing to bet that I could disable your whole entire network if I were given access inside somehow (VPN, dial-up, etc), and I had access to the magic packets. Will this doomsday scenario materialize quickly? I don't believe so. However, since I build and support networks in hospitals not doing anything is not an option. Keep in mind that most hospitals have a hard time scheduling time for maintenance. It will likely take a few months to get all devices upgraded. (Scheduling at night is sometimes not better than in the morning, as after dark and after bars close is usually not a good time to have the lab interface, or MRI devices, off-line. Shift change is also usually not a good option, nor is the time that doctors make their rounds). My recommendation would be to upgrade all IOS devices as maintenance windows allow. At a minimum install the ACLs that Cisco recommends on all routers immediately. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recip
Re: Topics covered for the CID 640-025 exam?? [7:72479]
if it's any help, the CCDP recert exam pretty much followed right along the published exam topics. I don't recall being surprised by anything I saw. As for the CID itself, I took the 3.0 exam several years ago and the only real gripe I had about it was the stratecom stuff, which was not included in the course materials. It took me two tries to pass, but mainly because I didn't treat the LAN protocols seriously the first time through. If recent experience is worth anything, the published exam topics are probably the best place to start. For both my CCNP and CCDP recerts, I found that a couple of years of reading and hands on as part of CCIE Lab prep were all that was necessary ;-> ""Cisco Nuts"" wrote in message news:[EMAIL PROTECTED] > Hello, > > Sorry, If this is another request but > Are any of the following topics covered under the CID 640-025 exam? > The exam is still valid for upto 45 days after July 25th, I think? > > IPX > AppleTalk > Windows Networking > SNA > X.25 > Stratacom Switches > > These topics are not listed under: > http://www.cisco.com/warp/public/10/wwtraining/certprog/testing/current_exams/640-025.html > > Anyone? > > Thank you. > > Sincerely. > > _ > Protect your PC - get McAfee.com VirusScan Online > http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72591&t=72479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Topics covered for the CID 640-025 exam?? [7:72479]
Hi Cisco Nuts, IPX > AppleTalk > Windows Networking > SNA > X.25 > Stratacom Switches The topics I didn't see in Exam (12/2002)were SNA and Stratacom Switches. Regards, Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72593&t=72479 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: a really big bug [7:72463]
Nice post. a couple of thoughts in line below: ""Reimer, Fred"" wrote in message news:[EMAIL PROTECTED] > I do not agree, although I believe my own co-worker does. Where do you > think attacks on the Internet are launched from? Yes, there may be some > looser of a person (script kiddie) launching an attack from their home > network, but I'd guess that a fair amount of attacks are launched from > inside corporate networks (or universities). especially universities and other educational intisutions - don't forget your tech schools :-> > > With that said, it is obvious that the first and most important fix be on > the outside, Internet accessible, IOS devices. However, I do not believe > that internal devices are immune. They will be until easy-to-use exploit > tools become available (how many organizations have competent black-hats > inside their network that will be capable of determining the magic packets > on their own?), but I wouldn't be willing to bet on that timeframe. > > It sounds to me, from my reading of the advisory, that it's a little more > complicated than "simply increasing the input buffer." With a default of 75 > on some routers, it wouldn't take that much traffic to completely block ALL > interfaces on a device so that you couldn't even get to it to increase the > buffers, and it doesn't take a rocket scientist to figure that out. > > In all likelihood an attack would spew out the appropriate number of packets > to all router interfaces in your entire network, that's what I would do if I > were launching an attack, a task likely accomplishable in a small number of > seconds. Because of this, you may not even be able to determine where the > attack was coming from, and your entire network would be down until you > manually reset each IOS device, even at remote sites, which may take quite a > while to do. As soon as you reset the device, its interfaces would be > blocked again. So, your only recourse would be to unplug the device from > the network entirely, upgrade the IOS, and then put it back in the network. it occurs to me that an attack of this nature requires the patience to seek out and record the ips of all router interfaces. the ethernet side is usually not to difficult. most folks use the same ip host number on all of their routers, all of their subnets. usually 1, 100, 101 or 254. Discovering WAN interface addressing would be more difficult, but traceroute has its purpose ;-> Which leads to the advice that a well constructed access-list might also include methods for suppressing reporting of this information. > > Actually, it may not be as bad as that. Wherever the attack is originating > from wouldn't be able to get past their immediate default router once it was > blocked. So, a successful system-wide attack would have to start at the > edges of the network, disabling them and then moving towards the attacker. > Still doable in a short amount of time, but some planning would be required. > It would also mean that you would need to start rebooting / upgrading at > your network edge before you tackle the core (assuming the attacker was at > the core) because as soon as you opened up the core then the attacker would > be able to disable the network again. This could be a way of finding the > attacker. this does not address the mobile user or the "trusted consultant" both of which many enterprises have many. > > Unless it is designed as a DDoS. Then you are screwed. > > In order to defend against an attack you need to imagine how you would > devise one. I'd be willing to bet that I could disable your whole entire > network if I were given access inside somehow (VPN, dial-up, etc), and I had > access to the magic packets. don't forget your wireless, particularly those rogue access points. > > Will this doomsday scenario materialize quickly? I don't believe so. > However, since I build and support networks in hospitals not doing anything > is not an option. Keep in mind that most hospitals have a hard time > scheduling time for maintenance. It will likely take a few months to get > all devices upgraded. (Scheduling at night is sometimes not better than in > the morning, as after dark and after bars close is usually not a good time > to have the lab interface, or MRI devices, off-line. Shift change is also > usually not a good option, nor is the time that doctors make their rounds). funny you should mention this. we were doing a wireless project at a large hospital recently. our work hours were 3:00 a.m. through 7:00 a.m. bummer. > > My recommendation would be to upgrade all IOS devices as maintenance windows > allow. At a minimum install the ACLs that Cisco recommends on all routers > immediately. > > Fred Reimer - CCNA > > > Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 > Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > > NOTICE; This email contains confidential or proprietary information which > may be legally priv
Re: a really big bug [7:72463]
Cisco must face interesting dilemmas regarding what is done on the corporate net side of things. If it's any of my beeswax, do you pretty much forbid attachment of research and experimental nets to the main corporate net? ""Larry Letterman"" wrote in message news:[EMAIL PROTECTED] > We installed acl's on all our routers last night, which was the > Workaround.. > > > Larry Letterman > Cisco Systems > > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of > Robertson, Douglas > Sent: Friday, July 18, 2003 7:34 AM > To: [EMAIL PROTECTED] > Subject: RE: a really big bug [7:72463] > > > I would like the opinion of the group as to what they are suggesting to > customers or doing on there own network. I am of the opinion that as > long as the network (Intranet) has been correctly protected, > firewalls/ACL on the perimeter and that the internal network device IP's > are not accessible from the Internet there should be no immediate > requirement to go through the entire network upgrading the IOS. This > could introduce some new bug/issue into the network that will have more > catastrophic consequences than the remote possibility of someone > attacking a router/switch and causing a port to stop forwarding packets > for a small time period. The work around for fixing a device that has > been attacked is to simply increase the Input buffer (this will allow > the port to start forwarding packets again) and then schedule a reload. > This is much more predictable than introducing a new bug (known or > unknown) into the network by upgrading all the devices. If there was > already a project underway to upgrade the network then obviously upgrade > to the fixed versions. > > So my stand point is to ensure that the perimeter devices offer the > required protection against this attack and not upgrade a stable and > functional network based only on this vulnerability. > > Again this is my opinion and I just want to find out if I am way off > base or if this is what other professionals are doing. > > > Thanks Doug > > -Original Message- > From: Peter Benac [mailto:[EMAIL PROTECTED] > Sent: Friday, July 18, 2003 7:44 AM > To: [EMAIL PROTECTED] > Subject: Re: a really big bug [7:72463] > > > I am glad you are not representative of the current Cisco Culture. > > Your attitude in this matter really is not acceptable and I would hope > that Cisco's attitude would be better. > > Any exploit hypothetical or not quickly spreads acrossed the internet > faster then Bill Gates can find another security flaw in Windows. > > My Solaris Servers that face the internet are under constant bombardment > from would be windows script kiddies. It doesm't matter to them whether > I have a Solaris System or a Windows System. They want to be real > hackers and will try anything that is posted. This applies to other > systems as well. > Cisco has the major market share and therefore is the primary target. > > Cisco is not Microsoft, and never has been. They have always put their > flaws right in peoples faces. The infamous SNMP bug was published and > fixed long before CERT published it. Cisco has a PSIRT team whose soul > function in life is security risk accessment. > > I have never known Cisco to call a potential Security threat > "Entertainment". Perhaps we should send your response to this to John > Chambers and see what he will say. > > I still remember his e-mail address since I too am an ex-cisco employee. > > > Regards, > Pete > > Peter P. Benac, CCNA > Emacolet Networking Services, Inc > Providing Systems and Network Consulting, Training, Web Hosting Services > Phone: 919-847-1740 or 866-701-2345 > Web: http://www.emacolet.com > Need quick reliable Systems or Network Management advice visit > http://www.nmsusers.org > > To have principles... > First have courage.. With principles comes integrity!!! > > > > I sincerly hope that Cisco is not becoming Microsoft. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72589&t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: a really big bug [7:72463]
Alas, are we going to see the demise of trace-route as a useful troubleshooting and performance tracking tool? Probably would make sense. It sure makes it easy to find router addresses! :-) Good to have you back, Chuck. I hope the road is treating you well. Priscilla "Chuck Whose Road is Ever Shorte wrote: > > Nice post. a couple of thoughts in line below: > > ""Reimer, Fred"" wrote in message > news:[EMAIL PROTECTED] > > I do not agree, although I believe my own co-worker does. > Where do you > > think attacks on the Internet are launched from? Yes, there > may be some > > looser of a person (script kiddie) launching an attack from > their home > > network, but I'd guess that a fair amount of attacks are > launched from > > inside corporate networks (or universities). > > especially universities and other educational intisutions - > don't forget > your tech schools :-> > > > > > With that said, it is obvious that the first and most > important fix be on > > the outside, Internet accessible, IOS devices. However, I do > not believe > > that internal devices are immune. They will be until > easy-to-use exploit > > tools become available (how many organizations have competent > black-hats > > inside their network that will be capable of determining the > magic packets > > on their own?), but I wouldn't be willing to bet on that > timeframe. > > > > It sounds to me, from my reading of the advisory, that it's a > little more > > complicated than "simply increasing the input buffer." With > a default of > 75 > > on some routers, it wouldn't take that much traffic to > completely block > ALL > > interfaces on a device so that you couldn't even get to it to > increase the > > buffers, and it doesn't take a rocket scientist to figure > that out. > > > > In all likelihood an attack would spew out the appropriate > number of > packets > > to all router interfaces in your entire network, that's what > I would do if > I > > were launching an attack, a task likely accomplishable in a > small number > of > > seconds. Because of this, you may not even be able to > determine where the > > attack was coming from, and your entire network would be down > until you > > manually reset each IOS device, even at remote sites, which > may take quite > a > > while to do. As soon as you reset the device, its interfaces > would be > > blocked again. So, your only recourse would be to unplug the > device from > > the network entirely, upgrade the IOS, and then put it back > in the > network. > > it occurs to me that an attack of this nature requires the > patience to seek > out and record the ips of all router interfaces. the ethernet > side is > usually not to difficult. most folks use the same ip host > number on all of > their routers, all of their subnets. usually 1, 100, 101 or > 254. Discovering > WAN interface addressing would be more difficult, but > traceroute has its > purpose ;-> Which leads to the advice that a well constructed > access-list > might also include methods for suppressing reporting of this > information. > > > > > Actually, it may not be as bad as that. Wherever the attack > is > originating > > from wouldn't be able to get past their immediate default > router once it > was > > blocked. So, a successful system-wide attack would have to > start at the > > edges of the network, disabling them and then moving towards > the attacker. > > Still doable in a short amount of time, but some planning > would be > required. > > It would also mean that you would need to start rebooting / > upgrading at > > your network edge before you tackle the core (assuming the > attacker was at > > the core) because as soon as you opened up the core then the > attacker > would > > be able to disable the network again. This could be a way of > finding the > > attacker. > > this does not address the mobile user or the "trusted > consultant" both of > which many enterprises have many. > > > > > > Unless it is designed as a DDoS. Then you are screwed. > > > > In order to defend against an attack you need to imagine how > you would > > devise one. I'd be willing to bet that I could disable your > whole entire > > network if I were given access inside somehow (VPN, dial-up, > etc), and I > had > > access to the magic packets. > > don't forget your wireless, particularly those rogue access > points. > > > > > Will this doomsday scenario materialize quickly? I don't > believe so. > > However, since I build and support networks in hospitals not > doing > anything > > is not an option. Keep in mind that most hospitals have a > hard time > > scheduling time for maintenance. It will likely take a few > months to get > > all devices upgraded. (Scheduling at night is sometimes not > better than > in > > the morning, as after dark and after bars close is usually > not a good time > > to have the lab interface, or MRI devices, off-line. Shift > change is also > > usually not a good option, nor is the time that docto
RE: Two ABRs on the same area - requirements [7:72587]
I don't believe that is a valid design. Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: alaerte Vidali [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 2:27 PM To: [EMAIL PROTECTED] Subject: Two ABRs on the same area - requirements [7:72587] Can you see any mistake in the following network? Rx ---area 5--R2area 0---R3- || area 0 | || Ry ---area 5--R1-area 0-- R1, R2 and R3 are connected through area 0. R1 and R2 are ABRs for area 5. I am wondering if R1 and R2 should be connected through area 5 for a better design. The bad situation I see is that Rx and Ry will have different databases, although they are in the same area. From the routing table standpoint there will be conectivity. Any Thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72595&t=72587 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what cable do I need [7:72585]
I'm guessing a cross-over RJ-48 (not RJ-45). What are the pins for a T1 line? 4 and 5? Try crossing them, and having one side provide clocking... Fred Reimer - CCNA Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 NOTICE; This email contains confidential or proprietary information which may be legally privileged. It is intended only for the named recipient(s). If an addressing or transmission error has misdirected the email, please notify the author by replying to this message. If you are not the named recipient, you are not authorized to use, disclose, distribute, copy, print or rely on this email, and should immediately delete it from your computer. -Original Message- From: David Ristau [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 1:37 PM To: [EMAIL PROTECTED] Subject: what cable do I need [7:72585] I've got two 2621XM routers with WIC-1DSU-T1 cards in them here at work to play around with, I want to mimic a serial connection between the two 2621's via the WIC, any idea as to what cable I need to use or a Cisco part number so I can connect these to routers together ? TIA Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72594&t=72585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: what cable do I need [7:72585]
Isn't really just a crossover rj-45, i mean same cat5 "ends" ? That is what I use with the pinout. 1 to 4 2 to 5 Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72596&t=72585 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Passed BCMSN Thanks to all [7:72598]
Once again, the topics covered here and last minute questions answered by group members have paid off. 2 down, 2 to go. Time to start chewing thru BCRAN. I thought the Switching exam was definately easier than the BSCI test. Only had two things throw me. One was a network diagram that I was supposed to mark as an answer to the question and I could swear that the box in the lower right hand corner said "more" I hadnd't finished answering the question but wanted to know what more there was so I clicked it..and it moved on to the next question. So, I'm sure I got that wrong. The other issue was questions about 3500XL switches. I don't recall seeing anything in any study material saying that they were included in the test. I've worked with them and done some reading on them so I wasn't totally in the dark, but it freaked me out for a minute. Now it's time for BCRAN.guess I'll start tonight. David Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72598&t=72598 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Two ABRs on the same area - requirements [7:72587]
I think this would work, but why would you want to do it? Why not make those two parts of Area 5 different areas? Simply from a documenation and human communication point of view, you don't want the design to be confusing. When someone refers to Area 5, you don't want someone else to have to say "which Area 5?" You'll notice that the OSPF RFC covers partitioned areas but only as something that will work when an area becomes partitioned due to a network problem. In other words, they don't consider it a good design practice, but a workaround. What addressing will you use? OSPF does support discontigous subnets, so you should be OK. However, avoid making this too complex and remember that it's important to be able to summarize prefixes when injecting routes into Area 0. Design books always say to design OSPF hierarchically (and even go so far as to say that OSPF requires a hierarchical design). But I think a partitioned area is actually still allowed, just not a good idea? Comments, anyone else? Thanks. Priscilla alaerte Vidali wrote: > > Can you see any mistake in the following network? > > > Rx ---area 5--R2area 0---R3- >|| >area 0 | >|| > Ry ---area 5--R1-area 0-- > > > R1, R2 and R3 are connected through area 0. > > R1 and R2 are ABRs for area 5. > > I am wondering if R1 and R2 should be connected through area 5 > for a better design. > > The bad situation I see is that Rx and Ry will have different > databases, although they are in the same area. From the > routing table standpoint there will be conectivity. > > Any Thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72597&t=72587 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a really big bug [7:72463]
Correct me if i am wrong but an ACl on the interface that denies all traffic DEST to your "router" will prevent this "full queue status" I haven't had time to read as much as i should. I placed 12.3 on my routers 2 weeks ago. The way i understand it is that i am ok.. I don't feel that way but that what i have heard.. Sorry for being out of the loop but i have been in class this week and haven't had time to read up on this Thank you, Seth -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 1:49 PM To: [EMAIL PROTECTED] Subject: Re: a really big bug [7:72463] Alas, are we going to see the demise of trace-route as a useful troubleshooting and performance tracking tool? Probably would make sense. It sure makes it easy to find router addresses! :-) Good to have you back, Chuck. I hope the road is treating you well. Priscilla "Chuck Whose Road is Ever Shorte wrote: > > Nice post. a couple of thoughts in line below: > > ""Reimer, Fred"" wrote in message > news:[EMAIL PROTECTED] > > I do not agree, although I believe my own co-worker does. > Where do you > > think attacks on the Internet are launched from? Yes, there > may be some > > looser of a person (script kiddie) launching an attack from > their home > > network, but I'd guess that a fair amount of attacks are > launched from > > inside corporate networks (or universities). > > especially universities and other educational intisutions - > don't forget > your tech schools :-> > > > > > With that said, it is obvious that the first and most > important fix be on > > the outside, Internet accessible, IOS devices. However, I do > not believe > > that internal devices are immune. They will be until > easy-to-use exploit > > tools become available (how many organizations have competent > black-hats > > inside their network that will be capable of determining the > magic packets > > on their own?), but I wouldn't be willing to bet on that > timeframe. > > > > It sounds to me, from my reading of the advisory, that it's a > little more > > complicated than "simply increasing the input buffer." With > a default of > 75 > > on some routers, it wouldn't take that much traffic to > completely block > ALL > > interfaces on a device so that you couldn't even get to it to > increase the > > buffers, and it doesn't take a rocket scientist to figure > that out. > > > > In all likelihood an attack would spew out the appropriate > number of > packets > > to all router interfaces in your entire network, that's what > I would do if > I > > were launching an attack, a task likely accomplishable in a > small number > of > > seconds. Because of this, you may not even be able to > determine where the > > attack was coming from, and your entire network would be down > until you > > manually reset each IOS device, even at remote sites, which > may take quite > a > > while to do. As soon as you reset the device, its interfaces > would be > > blocked again. So, your only recourse would be to unplug the > device from > > the network entirely, upgrade the IOS, and then put it back > in the > network. > > it occurs to me that an attack of this nature requires the > patience to seek > out and record the ips of all router interfaces. the ethernet > side is > usually not to difficult. most folks use the same ip host > number on all of > their routers, all of their subnets. usually 1, 100, 101 or > 254. Discovering > WAN interface addressing would be more difficult, but > traceroute has its > purpose ;-> Which leads to the advice that a well constructed > access-list > might also include methods for suppressing reporting of this > information. > > > > > Actually, it may not be as bad as that. Wherever the attack > is > originating > > from wouldn't be able to get past their immediate default > router once it > was > > blocked. So, a successful system-wide attack would have to > start at the > > edges of the network, disabling them and then moving towards > the attacker. > > Still doable in a short amount of time, but some planning > would be > required. > > It would also mean that you would need to start rebooting / > upgrading at > > your network edge before you tackle the core (assuming the > attacker was at > > the core) because as soon as you opened up the core then the > attacker > would > > be able to disable the network again. This could be a way of > finding the > > attacker. > > this does not address the mobile user or the "trusted > consultant" both of > which many enterprises have many. > > > > > > Unless it is designed as a DDoS. Then you are screwed. > > > > In order to defend against an attack you need to imagine how > you would > > devise one. I'd be willing to bet that I could disable your > whole entire > > network if I were given access inside somehow (VPN, dial-up, > etc), and I > had > > access to the magic packets. > > don't forget your wireless, particularly those rogue access > points.
Re: a really big bug [7:72463]
So having a firewall in front of the edge will not stop the packets? We have a unique setup with bridging in place so we don't have a router in front of the firewall, just plugging straight into the outside port on a 515e. we do have a 3745 at the collapsed core that feeds to all of our remote sites by T1. Any insight on this is appreciated. Thanks Adam - Original Message - From: "Chuck Whose Road is Ever Shorter" To: Sent: Thursday, July 17, 2003 10:22 PM Subject: Re: a really big bug [7:72463] > ""Daniel Cotts"" wrote in message > news:[EMAIL PROTECTED] > > 53 SWIPE IP with Encryption[JI6] > > 55 MOBILE IP Mobility [Perkins] > > > oh great. so any joker with a wireless LAN card can crash your Cisco > wireless network, security or no? > > > > > 77 SUN-ND SUN ND PROTOCOL-Temporary [WM3] > > 103 PIM Protocol Independent Multicast [Farinacci] > > > > > -Original Message- > > > From: Lance Warner [mailto:[EMAIL PROTECTED] > > > > > > They are not port numbers but rather *protocol* numbers Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72600&t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
How do I check if load balancing works ? Catalyst 2900 and [7:72601]
Hi everybody I have a Compaq server with 2 NC3121 cards. According with the docs, the card supports Fast Etherchannel static configuration (ON). I couldn't find a procedure to set up Fast Etherchannel for the network card so I did what I thought it was better. I selected the following : Teaming control =Load balancing Load balancing options: --- [x]Switch assisted load balancing [ ]Transmit load balancing --- [x ]Balance with MAC addresses [ ]Balance with IP addresses --- On the switch side I set up the following: interface Port-channel no ip address flowcontrol send off ! interface FastEthernet0/1 no ip address channel-group 1 mode on ! interface FastEthernet0/2 no ip address channel-group 1 mode on Everything looks fine, the redundancy works but how can I see if it works ? I mean the load balancing. I don't know the SNMP OID to monitor that interface. Judging by the blinking lights it works only on one interface. I made the tests selecting different classes of IPs (10 mod 2 and 10 mod 5) for transmission on the server side I set up the switch on source balancing. Not very sure that both MAC aren't in the same class (MAC) mod 2. The 'show int' command shows me load only on the first interface of the channel. The 'debug etherchanel' shows that the switch senses the disconnecting of the interfaces (if I test this). Any clue ? Thank you Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72601&t=72601 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Two ABRs on the same area - requirements [7:72587]
Thanks. The addresses are contiguous. Suppose a network with many ABRs, one in each city. Any big city represents small cities. Could you use an area for each ABR? (I am wondering if there is no limit in the number of areas. I bet not). What about put toghether two cities and form a bigger area with two ABRs? In that case, it would be necessary to connect these ABR through they particular area and area 0, so the database would be the same, right? Sorry about the graphics. It is difficult to draw with characters. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72602&t=72587 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: a really big bug [7:72463]
Our engineering labs would be the experimental part of your Statement, they are connected to the backbone through gateways that Have strict acl's and statics. They can also be blackholed in a few Seconds time if they are causing any issues. Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Friday, July 18, 2003 11:41 AM To: [EMAIL PROTECTED] Subject: Re: a really big bug [7:72463] Cisco must face interesting dilemmas regarding what is done on the corporate net side of things. If it's any of my beeswax, do you pretty much forbid attachment of research and experimental nets to the main corporate net? ""Larry Letterman"" wrote in message news:[EMAIL PROTECTED] > We installed acl's on all our routers last night, which was the > Workaround.. > > > Larry Letterman > Cisco Systems > > > > > -Original Message- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf > Of Robertson, Douglas > Sent: Friday, July 18, 2003 7:34 AM > To: [EMAIL PROTECTED] > Subject: RE: a really big bug [7:72463] > > > I would like the opinion of the group as to what they are suggesting > to customers or doing on there own network. I am of the opinion that > as long as the network (Intranet) has been correctly protected, > firewalls/ACL on the perimeter and that the internal network device > IP's are not accessible from the Internet there should be no immediate > requirement to go through the entire network upgrading the IOS. This > could introduce some new bug/issue into the network that will have > more catastrophic consequences than the remote possibility of someone > attacking a router/switch and causing a port to stop forwarding > packets for a small time period. The work around for fixing a device > that has been attacked is to simply increase the Input buffer (this > will allow the port to start forwarding packets again) and then > schedule a reload. This is much more predictable than introducing a > new bug (known or > unknown) into the network by upgrading all the devices. If there was > already a project underway to upgrade the network then obviously upgrade > to the fixed versions. > > So my stand point is to ensure that the perimeter devices offer the > required protection against this attack and not upgrade a stable and > functional network based only on this vulnerability. > > Again this is my opinion and I just want to find out if I am way off > base or if this is what other professionals are doing. > > > Thanks Doug > > -Original Message- > From: Peter Benac [mailto:[EMAIL PROTECTED] > Sent: Friday, July 18, 2003 7:44 AM > To: [EMAIL PROTECTED] > Subject: Re: a really big bug [7:72463] > > > I am glad you are not representative of the current Cisco Culture. > > Your attitude in this matter really is not acceptable and I would hope > that Cisco's attitude would be better. > > Any exploit hypothetical or not quickly spreads acrossed the internet > faster then Bill Gates can find another security flaw in Windows. > > My Solaris Servers that face the internet are under constant > bombardment from would be windows script kiddies. It doesm't matter to > them whether I have a Solaris System or a Windows System. They want to > be real hackers and will try anything that is posted. This applies to > other systems as well. Cisco has the major market share and therefore > is the primary target. > > Cisco is not Microsoft, and never has been. They have always put their > flaws right in peoples faces. The infamous SNMP bug was published and > fixed long before CERT published it. Cisco has a PSIRT team whose soul > function in life is security risk accessment. > > I have never known Cisco to call a potential Security threat > "Entertainment". Perhaps we should send your response to this to John > Chambers and see what he will say. > > I still remember his e-mail address since I too am an ex-cisco > employee. > > > Regards, > Pete > > Peter P. Benac, CCNA > Emacolet Networking Services, Inc > Providing Systems and Network Consulting, Training, Web Hosting > Services > Phone: 919-847-1740 or 866-701-2345 > Web: http://www.emacolet.com > Need quick reliable Systems or Network Management advice visit > http://www.nmsusers.org > > To have principles... > First have courage.. With principles comes integrity!!! > > > > I sincerly hope that Cisco is not becoming Microsoft. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72604&t=72463 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How do I check if load balancing works ? Catalyst 2900 and [7:72605]
Look at the switch counters for the interfaces, they should Both be counting up bits and frames when the port channel Is moving data... Larry Letterman Cisco Systems -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Chris Sent: Friday, July 18, 2003 2:45 PM To: [EMAIL PROTECTED] Subject: How do I check if load balancing works ? Catalyst 2900 and [7:72601] Hi everybody I have a Compaq server with 2 NC3121 cards. According with the docs, the card supports Fast Etherchannel static configuration (ON). I couldn't find a procedure to set up Fast Etherchannel for the network card so I did what I thought it was better. I selected the following : Teaming control =Load balancing Load balancing options: --- [x]Switch assisted load balancing [ ]Transmit load balancing --- [x ]Balance with MAC addresses [ ]Balance with IP addresses --- On the switch side I set up the following: interface Port-channel no ip address flowcontrol send off ! interface FastEthernet0/1 no ip address channel-group 1 mode on ! interface FastEthernet0/2 no ip address channel-group 1 mode on Everything looks fine, the redundancy works but how can I see if it works ? I mean the load balancing. I don't know the SNMP OID to monitor that interface. Judging by the blinking lights it works only on one interface. I made the tests selecting different classes of IPs (10 mod 2 and 10 mod 5) for transmission on the server side I set up the switch on source balancing. Not very sure that both MAC aren't in the same class (MAC) mod 2. The 'show int' command shows me load only on the first interface of the channel. The 'debug etherchanel' shows that the switch senses the disconnecting of the interfaces (if I test this). Any clue ? Thank you Chris Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72605&t=72605 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Help PLEASE FAST [7:72603]
Hi all HELP! The clients on my network seem to be loosing their connection to the network for no apparent reason. we have a main office and a spoke location running over vpn. The problem seems to be at main office because it happens here and was happening before the other location came on-line. There are some internal DNS issues also. I haven't determined if they are related but is happening at both locations now. it is a AD domain and the other site is part of the domain. I need help in getting this resolved soon. I will try to answer any questions as best I can. I know this may not be Cisco issue but I do have Cisco products and this is the best list of people with experience will all types of problems that I know. I know of none better. I know someone here has had this issue before, and can help me. I just hope they read this email soon. A reboot of the machine seems to fix the problem. Lease time is 24 hours. DHCP is being used. I need to resolve this soon as it is a critical situation. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72603&t=72603 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Two ABRs on the same area - requirements [7:72587]
alaerte Vidali wrote: > > Thanks. > > The addresses are contiguous. > > Suppose a network with many ABRs, one in each city. Any big > city represents small cities. Could you use an area for each > ABR? (I am wondering if there is no limit in the number of > areas. I bet not). Yes, you should use an area for each ABR. Well two areas per ABR, actually. As you probably know, OSPF networks have a two-layer hierarchy: the backbone and the attached areas. The topology is a logical star of areas. Think of a daisy with a center circle and petals surrounding it. Each ABR connects to Area 0 (the backbone) and at least one other area. (An ABR could connect to a couple other areas too, if that fits your needs. But an area shouldn't span 2 ABRs, which I think was what you were suggesting.) Areas are supposed to be contiguous (all in one connected piece). If links fail and render areas other than area 0 discontiguous, OSPF can handle this, but it's not how you are supposed to design it. Over the years, I have collected the following design recommendations which may be a bit old, and of course, the real answer is "it depends on router CPU and RAM, what else the router is doing, how stable routers and networks are, topological requirements, performance requirements, etc." * An area should contain no more than about 50 to 100 routers. * An OSPF autonomous system should contain no more than about 100 areas. * A router should be in at most about 3 areas. * A router should have fewer than about 60 adjacent neighbors. You could put the ABR in each large city and have each area represent a big city and the small, neighboring cities. Then your backbone could be the WAN between cities. A lot of experts recommend keeping the backbone small, fast, easy to manage, reliable, etc. however. And a large inter-city WAN might not meet those needs. So instead, make the backbone a set of routers at a central site connected via Gig Ethernet. Another alternative is just to have one area, Area 0. Are you sure you need multiple areas? > > What about put toghether two cities and form a bigger area with > two ABRs? Why? There's no reason to do this, is there? Here's a paper by Peter Welcher that might help: http://www.netcraftsmen.net/welcher/papers/ospf1.htm Also check Cisco's OSPF design guide, although the current versions has a tendency to say what you can do rather than what you should do and refuses to give any definte recommendations, saying instead things like, "For this reason, it's difficult to specify a maximum number of routers per area. Consult your local sales or system engineer for specific network design help." :-) http://www.cisco.com/warp/public/104/1.html Also check papers and books by Howard Berkowitz. In addition to 2 OSPF papers at CertificationZone, he also has a paper on scaling routing protocols. Priscilla > In that case, it would be necessary to connect these > ABR through they particular area and area 0, so the database > would be the same, right? > > Sorry about the graphics. It is difficult to draw with > characters. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72607&t=72587 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OSPF over IPSec [7:72606]
Hey would like to run something by the ospf-geeks here. For a little bit I've been mulling over OSPF over an IPSec vpn tunnel. I know it can be done with routers and a GRE tunnel but what about the two actual end devices. Im currently tinkering with a PIX506 and a VPN Concentrator 3000. Both devices are OSPF aware. But, they don't seem to accept the concept of a vpn int being . an interface and really don't like to think about forming adjencies over that. I was just wondering if anyone had any ideas about this or if they've experianced ospf between two separate networks with just these devices on the edges. google turns up only GRE methods as well it seems as CCO. Thus it probably wont work but I figured Cisco might hack a way into it since after all they implemented ospf on the pix and concentrators. Thanks in advance for any ideas or thoughts. Dave Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72606&t=72606 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Two ABRs on the same area - requirements [7:72587]
""Reimer, Fred"" wrote in message news:[EMAIL PROTECTED] > I don't believe that is a valid design. why not? there is nothing that says you can't have more than one ABR for an area. In fact, there is nothing that says you can't give all your areas the same area i.d. There can be problems in doing it this way, but if you give your numbering scheme some thought, or don't summarize when there are discontiguous subnets scattered throughout the domain, nothing bad happens. not the way I would recommend, but then who listens to me anyway ;-> > > Fred Reimer - CCNA > > > Eclipsys Corporation, 200 Ashford Center North, Atlanta, GA 30338 > Phone: 404-847-5177 Cell: 770-490-3071 Pager: 888-260-2050 > > > NOTICE; This email contains confidential or proprietary information which > may be legally privileged. It is intended only for the named recipient(s). > If an addressing or transmission error has misdirected the email, please > notify the author by replying to this message. If you are not the named > recipient, you are not authorized to use, disclose, distribute, copy, print > or rely on this email, and should immediately delete it from your computer. > > > -Original Message- > From: alaerte Vidali [mailto:[EMAIL PROTECTED] > Sent: Friday, July 18, 2003 2:27 PM > To: [EMAIL PROTECTED] > Subject: Two ABRs on the same area - requirements [7:72587] > > Can you see any mistake in the following network? > > > Rx ---area 5--R2area 0---R3- >|| > area 0 | >|| > Ry ---area 5--R1-area 0-- > > > R1, R2 and R3 are connected through area 0. > > R1 and R2 are ABRs for area 5. > > I am wondering if R1 and R2 should be connected through area 5 for a better > design. > > The bad situation I see is that Rx and Ry will have different databases, > although they are in the same area. From the routing table standpoint there > will be conectivity. > > Any Thoughts? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72608&t=72587 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Revisited - Is the CCIE Written a valid certification? [7:72609]
Well, apparently Cisco now thinks so. I was registering for one of Cisco's Webinars, and ran across this question: Please check your Attendee Certification Level (Check all that apply) CCDA CCDP CCNA CCNP CCIE Written CCIE Lab Let's see how long this thread lasts this time. :-> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72609&t=72609 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Error on an interface FastEthernet of a router 3745 [7:72610]
Hi, Do you now the reason of the folowing message: 11:31:40: %GT96K_FEWAN-5-UNDERFLOW: Transmit underflow on int FastEthernet0/0 11:31:40: %GT96K_FEWAN-5-UNDERFLOW: Transmit underflow on int FastEthernet0/0 This is configuration I have on the interface interface FastEthernet0/0 ip address 63.80.132.16 255.255.255.0 ip route-cache same-interface ip policy route-map mail speed 100 full-duplex Regards, Joseba Izaga Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72610&t=72610 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Revisited - Is the CCIE Written a valid certification? [7:72611]
Cisco Training Seminars have used that format for years. > -Original Message- > From: "Chuck Whose Road is Ever Shorter" > [mailto:[EMAIL PROTECTED] > Sent: Friday, July 18, 2003 6:55 PM > To: [EMAIL PROTECTED] > Subject: Revisited - Is the CCIE Written a valid certification? > [7:72609] > > > Well, apparently Cisco now thinks so. > > I was registering for one of Cisco's Webinars, and ran across > this question: > > Please check your Attendee Certification Level (Check all that apply) > CCDA > CCDP > CCNA > CCNP > CCIE Written > CCIE Lab > > Let's see how long this thread lasts this time. :-> Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72611&t=72611 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: CISCO2950 switch boot issue.. Urgent [7:72613]
- Original Message - From: "Nate" To: Sent: Friday, July 18, 2003 8:37 PM Subject: CISCO2950 switch boot issue.. Urgent > I upgraded the IOS on the 2950. now when it boots, I get a "bad mzip file, > unknown zip method". Any ideas? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72613&t=72613 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
CISCO2950 switch boot issue.. Urgent [7:72612]
I upgraded the IOS on the 2950. now when it boots, I get a "bad mzip file, unknown zip method". Any ideas? Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72612&t=72612 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
OT: Late Friday Funnies [7:72614]
Let me apologise in advance for this one. I just couldn't resist. These friars were behind on their belfry payments, so they opened up a small florist shop to raise funds. Since everyone prefered to buy flowers from the men of God, a rival florist across town thought the competition was unfair. He asked the good fathers to close down, but they would not. He went back and begged the friars to close. They ignored him. So, the rival florist hired Hugh MacTaggart, the roughest and most vicious thug in town to "persuade" them to close. Hugh broke their windows and trashed their store, saying he'd be back if they didn't close up shop. Terrified, they did so, thereby proving that , Hugh, and only Hugh, can prevent florist friars. Message Posted at: http://www.groupstudy.com/form/read.php?f=7&i=72614&t=72614 -- FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
