Re: OT - Gigabit Networking
I don't think it is really offensive, but I don't see that Gig to the desktop will do much good as most of the client machines don't have the system bus necessary to handle 100Mb Full Duplex, let alone gig. A good switched network with a good backbone or if you can, put it all on one switch so you can take advantage of the full speed of the back plane of the switch, is probably more than good enough for what you need. Ditto here Now, if you deal with a lot of Video, multimedia, etc, there are other options that would probably be better suited for you to use such as ATM for guaranteed Class of service or even an Etherchannel NIC in your server. All IMHO of course g, and YMMV depending on the specifics of what you are actually doing on your LAN. If you are seeing congestion, and have already implemented dedicated switched ports to every heavy bandwidth client/user, bought a super high end server and your backbone isn't getting saturated, then there might be an application for Gig to the client or server but I would be a really obscure or really unique, special case for this to happen. I do a lot of work for some pretty heavy multimedia people in the "Movie" industry and with exception of the really big $50,000.00 unix boxes, the machines internal bus and HD are usually the bottlenecks. Proprietary things are being done bus and drive card-wise to move the data faster than what's normally done such as proprietary bus architecture or specially tuned fiber-channel, etc. I would put a sniffer on some of the ports or look at your switch stats to see if you have a congestion problem before I could really recommend gig to a client machine though. I still wouldn't move to gigabit networking since its expensive as hell and you would probably be better off load balancing your network or changing around the protocols to something on a higher level such as BGP or FDDI. Besides it could be a problem with some broadcasts cluttering the pipe or something so a sniffer is a great idea. Try load balancing your routers as well on a packet based balance for dual bandwidth bursts with a load balanced router/server combo which would pick up slack and still be less expensive than throwing gig networks in. If that fails then you could limit traffic from users if programs such as napster or any other bandwidth hog are choking up the network. Reasons for Gigabit networks IMHO: ISP's Porn Sites Slashdot.org (hehehe) __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associate-Announcement.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Protocol Analyzer and Sniffers
Sniffer Pro from NAI can handle ATM OC3-12 Gigabit SX, LX Packet over Sonet and more check them out at www.nai.com p.s. I have no affiliation with them so save the flames --Original Message-- From: Fred Thomas [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: September 7, 2000 7:30:28 PM GMT Subject: Protocol Analyzer and Sniffers Hello group, does anyone know of any Analyzers, probes or sniffers that that would support (DWDM) Division Wave Division Multiplexing, ATM, Sonnet, Gigabit and Fasteternet. Thanks Fred Thomas **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associate-Announcement.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup **NOTE: New CCNA/CCDA List has been formed. For more information go to http://www.groupstudy.com/list/Associate-Announcement.html _ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: packet replay?
Not sure of any standards but this is my two cents on this subject. Using any packet sniffer I would filter out the packet I wanted info on and go on a step by step basis of what its doing. Although it can be tedious this is a surefire way of gaining good net analysis experience. Or... You could use ISS Real Secure to filter the packet based on address and replay it directly as well as network flight recorder. (ww.nfr.net) While these are Intrusion Detection System software they still can be used for other things as well. --Original Message-- From: "Yee, Jason" [EMAIL PROTECTED] To: "cisco@groupstudy. com (E-mail)" [EMAIL PROTECTED] Sent: September 7, 2000 8:59:42 AM GMT Subject: packet replay? hi all, Anyone knows how one can replay a packet after capturing ? As noted in ppp pap authentication Jason ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Training in nyc
www.globalknowledge.com (ccna,ccie,ccdp, boot camps, etc) www.salinasgroup.com (offers security related stuff) --Original Message-- From: Robert Hanley [EMAIL PROTECTED] To: "Wolf, Jonah" [EMAIL PROTECTED], "'[EMAIL PROTECTED]'" [EMAIL PROTECTED] Sent: September 3, 2000 9:44:26 PM GMT Subject: Re: Training in nyc This outfit offers a number of great prep courses for a very reasonable price including lab time. I am not affiliated in any way. http://www.tcytech.com TCY Tech 36 East 23rd St. 4th Floor New York, NY 212-995-8480 Best of luck. --- "Wolf, Jonah" [EMAIL PROTECTED] wrote: Can anyone recommend any ccnp or ccie training programs in nyc? Jonah Wolf CTNY, LLC 212.625.6206 Digital Revolutionaries: www.ctny.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ Do You Yahoo!? Yahoo! Mail - Free email you can access from anywhere! http://mail.yahoo.com/ ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP // things you should be aware of
www.antioffline.com/daemonic.c BGP Neighbor killer --Original Message-- From: "Chuck Larrieu" [EMAIL PROTECTED] To: "Cisco Mail List" [EMAIL PROTECTED] Sent: September 2, 2000 5:32:15 PM GMT Subject: BGP - some things learned Another interesting weekend. I've begun in earnest my look into BGP. I am reading the usual suspects - Halabi, Stewart, and RFC 1771. Finally got a scenario set up with iBGP where all the routes are showing up where they belong. 1) The command Show IP BGP is proving quite useful to know. This appears to yield the contents of the BGP table, which may or may not have anything in common with the routing table. 2) The process of injecting routes into BGP now makes sense to me. Halabi actually explains it quite well on pages 134-135 ( 1st edition ) , and it really is no different than with any other routing protocol in the world of Cisco. But I guess I was more tired than I thought last night. It didn't sink through the first time. Outsmarted myself again ;- 3) After a bit of fiddling with an inter-AS problem, I finally understood something in the RFC that had me a bit confused. Section 5.1.3 ( Next_Hop ) talks about the next hop router being on a common subnet with the peer and the advertiser. I was confused because a couple of days ago I had three routers talking to eachother via eBGP 9 different AS on each router ) with no problem. Last night I set up two AS's, one with three routers, one with one router. Router_1---router_2-router_3--router_4 OSPF---OSPF-OSPF AS1-AS1AS4 IBGP--IBGP/EBGP---EBGP The link between AS1 and AS4 refused to come out of the ACTIVE state. Turns out that my use of the neighbor a.b.c.d update-source loopback 0 was the problem. The loopback was not on the same subnet. I suppose that if I were to use the EBGP Multihop command, this would... naw that's not it. Just tested. Something else bad is happening. Or at least, ebgp-multihop does not seem to solve the problem of stuck-in-active when using neighbor a.b.c.d update-source loop 0 on both sides Eliminating the update-source does allow the Established state to form. Now if I could only determine why AS4 is seeing only BPG routes that originate on routers 3 and 2... :- 4) Even in this small lab, BGP appears to take an inordinate amount of time to set up and stabilize after a Clear IP BGP * command. I can imagine what it must take on a router that receives a full BGP table ( 90,000 routes according to the last Tony Bates CIDR report ) 5) There seems to be a bit more to learn. regards Chuck Please check out my new footers for a new age 1) Altruism http://www.hungersite.com/ Please help feed hungry people worldwide. A few seconds a day can make a difference to many people 2) Shameless Commerce http://www.certificationzone.com An excellent source for information, study materials, practice questions, practice exams, and practice labs. Applicable for all levels of certification, as well as the attainment of internetworking expertise. Tell them Chuck Larrieu sent you. ( disclaimer - I will receive addition free months membership when enough people mention my name upon joining ) ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: How can I get rid of broadcast storm?
I understand that since we are cloning machines over the network from ( #.#.20.#)subnet to different subnet where all the workstations are located, this traffic has to go through a router. We are using Cat 5500. Run a sniffer on your network for about 30 minutes and isolate the source sending broadcasts since its likely its a screwy program. This doesnt have anything to do with cloning and may be that some misconfiguration you may have had in the original design carried over somehome. ip verify unicast reverse-path interface {int} rate-limit output access-group 153 4500 10 10 conform-action transmit exceed-action drop rate-limit output access-group 152 100 10 10 conform-action transmit exceed-action drop Replace: 4500 with the maximum link bandwidth 100 with a value that is between 50% and 30% of the SYN flood rate burst normal and burst max rates with accurate values __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: browsing problem!!
Definitely correct it has nothing to do with cert testing but here's what may be the problem anyway (next time don't waste bandwidth on a useless response) The site attempting to connect has probably been blacklisted for spam or some other reason. The address simply seems to be blocked. This has nothing to do with certification so next time you should ask elsewhere. Solution contact the admin's of those machines and state your problem since its a concern between you and them. On a slight note, when you say browse via POP I do hope you mean send mail via POP otherwise thats your problem entirely. POP is for mail not browsing. Did I blink and miss something? This post has nothing to do with Cisco certification :) Em - Original Message - From: Yee, Jason [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Monday, August 21, 2000 4:43 PM Subject: browsing problem!! hi anyone can figure what the problem is below , I tried figuring out but make no head nor tail out of it any help will be appreciated : This is what given by my customer : Please find herewith the Trace report of mentioned destination . We are not able to browse on these sites from our POPs. ( MegaPOP 202.161.128.60/30, K1POP 202.161.128.152/30,K2POP 202.161.128.156/30).I hope it will help. www.cnnsi.com 1 sayapatri (202.51.65.129) 0.238 ms 0.170 ms 0.162 ms 2 chameli (202.51.65.1) 1.223 ms 1.013 ms 1.684 ms 3 202.161.128.157 (202.161.128.157) 546.028 ms 556.314 ms * 4 202.161.130.17 (202.161.130.17) 727.039 ms 700.569 ms 875.420 ms 5 * * * 6 12.123.195.22 (12.123.195.22) 656.484 ms 681.040 ms 618.483 ms 7 gbr2-p50.sffca.ip.att.net (12.123.13.62) 874.318 ms 773.192 ms 599.449 ms 8 gbr3-p00.sffca.ip.att.net (12.122.5.254) 700.773 ms 939.859 ms 615.867 ms 9 gbr3-p30.sl9mo.ip.att.net (12.122.2.73) 819.077 ms 766.694 ms 870.559 ms 10 gbr3-p40.wswdc.ip.att.net (12.122.2.146) 900.799 ms 728.790 ms 661.990 ms 11 gbr4-p60.wswdc.ip.att.net (12.122.1.130) 947.908 ms 948.100 ms 975.740 ms 12 gbr4-p90.attga.ip.att.net (12.122.2.177) 783.431 ms 693.992 ms 757.705 ms 13 gbr1-p60.attga.ip.att.net (12.122.5.209) 831.027 ms 1162.833 ms 932.002 ms 14 sar1-a300s2.attga.ip.att.net (12.127.2.165) 676.703 ms 766.302 ms 799.571 ms 15 12.126.31.18 (12.126.31.18) 702.499 ms !X * * 16 12.126.31.18 (12.126.31.18) 764.169 ms !X * 667.132 ms !X www.excite.com 1 sayapatri (202.51.65.129) 0.291 ms 0.217 ms 0.206 ms 2 chameli (202.51.65.1) 1.056 ms 1.027 ms 1.004 ms 3 202.161.128.157 (202.161.128.157) 577.840 ms 787.997 ms 774.090 ms 4 202.161.130.17 (202.161.130.17) 614.489 ms 627.294 ms 547.674 ms 5 12.125.94.5 (12.125.94.5) 678.025 ms 594.981 ms 645.054 ms 6 12.123.195.22 (12.123.195.22) 867.168 ms 761.846 ms 822.198 ms 7 gbr2-p50.sffca.ip.att.net (12.123.13.62) 977.515 ms 705.890 ms 819.833 ms 8 * ar4-a3120s3.sffca.ip.att.net (12.123.12.101) 962.500 ms * 9 12.126.204.18 (12.126.204.18) 639.461 ms 606.491 ms 750.553 ms 10 * * * 11 * * * 12 * * * www.usa.net 1 sayapatri (202.51.65.129) 0.247 ms 0.190 ms 0.182 ms 2 chameli (202.51.65.1) 1.090 ms 1.005 ms 0.989 ms 3 202.161.128.157 (202.161.128.157) 1119.150 ms 910.651 ms 871.040 ms 4 202.161.130.17 (202.161.130.17) 719.564 ms 674.045 ms 821.082 ms 5 12.125.94.5 (12.125.94.5) 657.772 ms 750.707 ms 605.773 ms 6 12.123.195.22 (12.123.195.22) 593.761 ms 830.054 ms 614.977 ms 7 gbr2-p50.sffca.ip.att.net (12.123.13.62) 902.859 ms 637.953 ms 837.331 ms 8 gbr4-p70.sffca.ip.att.net (12.122.1.189) 732.181 ms * 802.253 ms 9 gbr3-p10.la2ca.ip.att.net (12.122.2.169) 916.072 ms 645.733 ms 613.543 ms 10 gbr1-p70.la2ca.ip.att.net (12.122.1.174) 692.843 ms 888.032 ms 677.382 ms 11 * ar1-p3110.so2ca.ip.att.net (12.123.199.193) 875.438 ms * 12 12.124.252.26 (12.124.252.26) 1009.925 ms 950.443 ms 713.877 ms 13 * * * 14 * * * usa.net PING mxpool01.netaddress.usa.net (204.68.24.19) from 202.51.65.130 : 56(84) bytes of data. From zrcst006-p500.usa.net (204.68.22.37): Packet filtered From zrcst006-p500.usa.net (204.68.22.37): Packet filtered From zrcst006-p500.usa.net (204.68.22.37): Packet filtered From zrcst006-p500.usa.net (204.68.22.37): Packet filtered --- mxpool01.netaddress.usa.net ping statistics --- 38 packets transmitted, 0 packets received, +4 errors, 100% packet loss From MegaPOP: Tracing the route to netaddress.com (204.68.24.100) 1 202.161.128.61 [AS 11919] 588 msec 644 msec 540 msec 2 202.161.130.17 [AS 11919] 576 msec 544 msec 564 msec 3 12.125.94.5 668 msec 700 msec 656 msec 4 12.123.195.22 732 msec * * 5 * * * 6 * * * 7 * 12.126.203.250 688 msec 660 msec 8 zrcst006-p500.usa.net (204.68.22.37) !A * * FROM www.above.net TO www.excite.com. traceroute to www.excite.com (199.172.146.99): 1-30 hops, 38 byte packets 1 gate-96.main.sjc.above.net (207.126.96.189) 0.503/0.660/1.13 (0.185) ms 10/10 pkts (0% loss) 2 core5-main.sjc.above.net (209.133.31.153) 0.508/0.759/1.80 (0.366) ms 10/10 pkts (0% loss) 3 core3-core5-oc48.sjc2.above.net
RE: Checkpoint question
IMHO Its not worth it unless you just want to add the title of CCSE, CSE to your signature. If you know your stuff regarding firewalls you won't need a cert. Besides how good can a CCSE be when its only generally a 5 day course in which the pass ratio is about 95%? Doesn't mean someone knows checkpoint in and out it could mean they listened, memorized, and answered properly. Real world experience along with the cert is a different issue. So if you've used it and understand it thoroughly then go for it... But if you just want to sit in a class and pass the exam then its not worth it because it only shows you GUI stuff, installation procedures, etc... It will not show you how to configure massive networks of different specifications. --Original Message-- From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: August 11, 2000 2:57:13 PM GMT Subject: Checkpoint question Hi: Do any of you have any experience with the Checkpoint training. Is it worth it? Thanks, KF ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Checkpoint question
If your referring to what Dug Song did (http://www.zdnet.com/sp/stories/news/0,4538,2610719,00.html) you should be advised that this was done on off the shelf install and should not be compared to a properly configured firewall. If your company can't afford a Pix then Checkpoint would be the way to go because I can tell you off hand interceptor appliances totally suck. --Original Message-- From: "vr4drvr ." [EMAIL PROTECTED] To: [EMAIL PROTECTED], [EMAIL PROTECTED] Sent: August 11, 2000 4:03:50 PM GMT Subject: Re: Checkpoint question I wouldn't actually recommend checkpoint to any client. Check out some of the hacker sites to see how easily it can be breached. If you need more info let me know. From: [EMAIL PROTECTED] Reply-To: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Checkpoint question Date: Fri, 11 Aug 2000 10:57:13 EDT Hi: Do any of you have any experience with the Checkpoint training. Is it worth it? Thanks, KF ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Decisions on Tests and Studying
Heres the situation. About a year ago I started studying for the CCIE as an alternative to the CCNA. I figured I would study hardcore for about two years and ace the test. I come from a Unix based background and have what I think is pretty much a good knowledgebase on networking, thorough knowledge of security on all platforms Unix based, Windows, Novell, Apple, AIX you name it I've admin'd it or used it. NOw I know there are prerequisites for taking the CCIE and I believe if I took the CCNA within the next two months I would pass. (honestly) My question to the group and I don't want to make it a repetitive e-mail is should I go out and take the CCNA and if so is there some sort of sample (hardcore as close to the test as possible) test anyone has come across to test where I stand if I were to take the CCNA? The first time I began studying for the CCNA someone mentioned I should get into deeper stuff since it (CCNA) basically dealt with the OSI, TCP/IP topics and wasn't as thorough as the CCIE so I picked up CCIE books and got into BGP, IS-IS, RIPv1 2, OSPF, etc... I fully understand most and definitely need lab time on that subject for about a year straight (maybe.) So to make this short... Anyone know of a die hard, as-close-to-the-real-thing based test or boot camp class I could take to get this out of the way and continue with other studies such as the CCIE and CISSP (which I will get in two years... mark my word) Yours truly, J. Oquendo /* sorry for the readers digest like mail yall */ __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Network Drawing Program
Visio might be the best program for your needs. http://www.microsoft.com/office/visio/ --Original Message-- From: Evan You [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: August 8, 2000 8:40:53 PM GMT Subject: Network Drawing Program Hi all, I am in the process of looking for a program that will draw a network based on a database information. Basically, I have thousands of circuits mostly leased lines and FR that I need to draw to do analysis work. I am looking to diversify as much of the network as possible so there is not a single point of failure in the network. Currently, we are using a database system that has all the circuit information but it's very cumbersome to analyze. If I am able to see the circuits drawn automatically on demand it would be a lot easier. For example, if I wanted to see all circuits that went into a specific sets of common equipment (router, ATM switch, FRADS, MUXES, DXCs) then I could easily see the single points of failure in a network. I've looked into Granite Systems but they are too expensive and there is a limitation on the total numbers of circuits can be drawn at once. If anyone knows of any other application, I would be greatly appreciated. Thanks, Evan You - CCNA ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Editing ACL's
copy the list on your local pc edit the lines you want out then re-tftp it if I'm not mistaken. Also remember to check the bottom line and make sure everything is in order minus the line you deleted. If your on a Unix sys you can use the diff command to make sure nothing but the deleted entry was changed. --Original Message-- From: STRAND Scott [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: August 7, 2000 1:50:43 PM GMT Subject: Editing ACL's Is it possible to edit only one line of an access list without removing the entire ACL. I heard that it is possible now with having to cut and paste. Can you advise. Thanks, Scott ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: PIX versus Firewall-1 comparison
Checkpoint is an OK firewall and is actually an excellent firewall when run off of Nokia's IP400 series. I definitely wouldn't use it on NT since I hate Windows as it is and under Sun is the choice out of Sun, NT, or AIX. As for Cisco Pix that too is pretty nice and the only reason I would go with it at this point in time would be the fact that their has been fewer security advisories regarding the product. One benefit over Pix that Checkpoint has is its not hardware based which means if your server dies... Its dead... Go buy another PIX, Checkpoint... Just plop in the CD and your in business. /* my two cents */ --Original Message-- From: "Oz" [EMAIL PROTECTED] To: "cisco GroupStudy" [EMAIL PROTECTED] Sent: August 7, 2000 3:48:13 PM GMT Subject: Re: PIX versus Firewall-1 comparison Yup thats about what I found playing with both And checkpoint has some nice features and does dubbuging for you . And lot cheaper to play around on a NT box AIX SUN than a PIX box.. Oz 1) Cisco PIX is far superior in terms of throughput. 2) Checkpoint GUI / management, particularly of multiple security domains, multiple firewalls, and policy management, is far superior to anything Cisco has. 3) Both companies maintain that their product is superior in terms of general firewall features and functionality. Oz http://www.mcseco-op.com/helpfull_links.htm ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE:
Well I hope I don't sound like out of line for mentioning this but its very annoying and disturbing. rant Please refrain from sending out messages without anything in the subject lines. Its a very bad practice altogether. I'm sure many on this list are also on other mailing lists and it becomes difficult to determine which messages should be read and which should be ignored. Pesky little messages such as "Yes", "No", "where do I find?" should be the last message someone sends out without an effort to: a. Answer someone properly b. Provide relevancy in their messages c. Search for an answer before asking it, e.g. checking the archives, search engines, etc. I was hoping this would be an all purpose mailing list and not one filled with pesky little questions such as. How many questions on the CCNA s/NA/DP\s/NA/IE/ etc. Professionalism above all should stand out on this list when addressing questions and or providing answers, after all what are some of you high school retards or professionals? As for Brad Ellis selling equipment on the list... Who cares its nice to see someone with a CCIE responding to questions. He doesn't have answer squat and his presence gives many confidence to move forward with their studies. And working at some large corporation does not give anyone the right to believe their better than anyone else even if its working for Cisco directly. Putting someone down for something shows your own deficiencies, so if you have nothing positive to say you know what... Don't say it. /rant ---------- J. Oquendo II [EMAIL PROTECTED] || www.deficiency.org [EMAIL PROTECTED] || www.macroshaft.org [EMAIL PROTECTED] || www.antioffline.com PGP ID 0x889D1540 DH/DSS CAST FB96 1B34 ED52 73A0 AEA5 0D7C 671D 224B 889D 1540 http://keys.pgp.com | [EMAIL PROTECTED] "No enterprise is more likely to succeed than one concealed from the enemy until it is ripe for execution." Niccolo Machiavelli, The Prince 1521 0011 0001 0011 0011 0111 --Original Message-- From: "Jeff Sweet" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: August 5, 2000 11:58:31 PM GMT Subject: RE: WOW---Posts like that really hurt -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Nischal Chandra Sent: Saturday, August 05, 2000 10:21 PM To: [EMAIL PROTECTED] Subject: What is the minimum required for pass in the New CCNA 2.0 Thanks Nischal __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: off subject
Depends on location. I live in NYC and have a strong background on Solaris on BSD as well as Linux which in my opinion has slowly become Microsoft'ish to me. I find by looking that I get about 5x more responses in regards to my Unix Admin skills than I do for networking stuff. Although I'm fairly new (2-3 years) into the router/routing scene I fully understand how to implement and create functional networks RIP, EIGRP, OSPF, etc., but the demand seems to be higher for Unix out here but the money is to be gained by the CCIE's, CCDA's etc. They gain huge consultant fee's. Personally I'm learning it for the sake of enjoyment on a personal level though so for some it may be a financial gain. Right now I make over 75 per year without any cert's but this stems from knowledge and experience along with the fact I've worked for some huge companies and have a strong focus on security which I use to my advantage. If you really want to see a cool cert check out the CISSP and CISA which I'll acquire after the CCIE some time. For reference HPUX is a lousy system =P Solaris I see is in much demand since Oracle is pretty much a standalone and the OS of choice to run it. Veritas, Vignette, etc take strong likings to Solaris as well. HPUX has as much advisories as Windows (well not that much but enough to make me gag) and RedCrap er... Redhat has turned into a script kiddiot flavor of Unix. --Original Message-- From: "Matt C. Lange" [EMAIL PROTECTED] To: "Lawrence Dwyer" [EMAIL PROTECTED], "Agung Elvin (KPC)" [EMAIL PROTECTED], [EMAIL PROTECTED] Sent: August 1, 2000 11:39:13 PM GMT Subject: off subject Hello group, I have been asking arround and it seems to me that UNIX admins are way more desirable than router admins. I guess from what I have been hearing is that if you are solid in unix you are pretty much set for life. This is just what I hear in the chicago area. Mainly HP-UX Matt ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: FW: TACACS through firewall
Seems like some should be familiar with their port numbers after all chances are you're going to want to know what are other common ports. So heres a listing. http://www.antioffline.com/TID/assignments/port-numbers --Original Message-- From: Radford Dion [EMAIL PROTECTED] To: "'[EMAIL PROTECTED]'" [EMAIL PROTECTED] Sent: July 28, 2000 2:12:54 PM GMT Subject: FW: TACACS through firewall It's actually tcp port 49, according to my packet sniffer. -Original Message- From: Radford Dion [SMTP:[EMAIL PROTECTED]] Sent: Friday 28 July 2000 11:46 To: [EMAIL PROTECTED] Subject: TACACS through firewall Does anyone know what ports TACACS uses? I have read on cisco website http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v42/pix42cfg /p ix42apa.htm that 'TACACS requires one definition for port 65 on TCP and another for port 49 on UDP'. I have allowed these ports through on an ACL, but it still doesn't work. I have tried debugging ip packets but I don't even get an output!! Any help would be appreciated. Dion ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
BGP question
Please excuse any ignorance if this conveys any but I had to ask this question somewhere and why not ask people who have a clue. I thought up a scenario and wanted to know any input of whether or not this could happen. Any help would be appreciated. -- Sample terms... ASID (autonomous system ID) HN (hostname) RID (router ID) SRC (source address) DST (destination) WR (withdrawn routes) NLRI (should be obvious to this point ;) ) WR (withdrawn routes) AP (AS_PATH) [sample router #1] ASID -- ASf001 HN -- routerfoo IP -- 10.10.1.1 RID -- 150 NLRI -- 192.168.1.1/22, 192.168.5.1/22 [sample router #2] ASID -- ASf002 HN -- routerbong IP -- 10.10.69.1 RID -- 250 NLRI -- 10.10.69.1/22, 10.10.150.1/22 [someone lame] IP -- 10.10.69.47 Packet from [someone lame] DST -- 10.10.1.1 SRC -- 10.10.69.1 ORI -- Incomplete AP -- 10.10.69.1/22 WR -- 10.10.69.1/22 - Please do not mention egress filtering, firewalling, etc. My concern isn't securing anything and I'm very familiar with incidents. Basically I would like to know if it can be achieved or if anything similar can occur perhaps with Atomic Aggregation who know... This is for a document I'm writing so if anyone would care to share any relevant links i'd appreciate it as well. Theories in DoS document http://www.antioffline.com/TID/ __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: f5
I've gotten better results from Alteon AD3's than BigIP's and if I'm not mistaken F5 was slated to release a firewalling load balancer. [EMAIL PROTECTED] --Original Message-- From: "tayta" To: [EMAIL PROTECTED] Sent: July 21, 2000 12:29:08 PM GMT Subject: f5 Am curious to know if anybody has an opinion on the F5 Big Ip loadbalancer as compared to simalar Cisco offerings, just interested Murt ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
RE: Packet Generator For testing Routers
My friend has written Nemesis which is a packet injection suite that has some pretty neat features. (OSPF, RIP, etc) You'll need libpcap, libnet to compile it and it takes some tweaking to compile on a Solaris box. If you need help with that let me know I've only had to do it about 7-8 times. Then theres xipdump which is a protocol analyzer and tester. It's a kind of graphical tcpdump(8) which adds the possibility of changing packet values and resending them. SING sends fully customized ICMP packets from the command line. It is a replacment for ping which adds certain enhancements such as fragmentation, send/read spoofed packets, sends many ICMP types (Address Mask, Timestamp, Router Discovery, etc) and Error (Redirect, Unreach, Time Exceeded), oversize packets, etc. hping2 is a network tool which sends custom ICMP/UDP/TCP packets and displays target replies like ping does with ICMP replies. hping2 can handle fragmentation, arbitrary packet body and size and can be used in order to transfer files under any supported protocol. hping2 is useful for testing firewall rules, spoofed port scanning, testing network performance under different protocols, packet sizes, TOS, and fragmentation, path MTU discovery, file transfer even with really facist firewall rules, traceroute with different protocols, firewalk like usage, remote OS fingerprinting, TCP/IP stack auditing. -- // Check out www.packetfactory.net for Libnet and try out either www.securityfocus.com or http://packetstorm.securify.com for the other tools. [EMAIL PROTECTED] http://www.antioffline.com/TID/ --Original Message-- From: "Sundar R S" [EMAIL PROTECTED] To: "'cisco@groupstudy. com'" [EMAIL PROTECTED] Sent: July 18, 2000 5:58:55 AM GMT Subject: Packet Generator For testing Routers Hi all, Is there any public domain Packet Generator For testing Routers.If any kindly mail me back. Thanks and Regards, Sundar R S SSG Co-ordinator ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
[Off Topic] Denials of Service
For those interested in networking Denial of Service attacks whether its to refresh your knowledge or perhaps learn about different types of attacks (some theorized) please stop by and read Theories in DoS. (http://www.antioffline.com/TID/) This is a document in which I have spent some down time detailing ways Denials of Services occur and I have also included sample source code (some broken to deter script kiddies) in hopes I could gather enough data to prevent Denials of Service on my own network as well as assist others in assessing their networks. BGP4, OSPF, RIP, EIGRP, IGRP, IS-IS, ICMP are covered and or under construction. I am very well aware of the implications some may take by thinking of documents such as this and there were some codes and sample packet data which I removed and edited in order to prevent some irrated netizen from causing chaos on a network. I do not intend any malice with the document. Currently I am studying for the CCIE since the CCNA is being changed this year and hopefully I can attain it (CCIE) in about 1 1/2 years or so (who knows) besides I work too long as it is and study time is limited (hey!$! I'm married ya know) Any input or criticism is appreciated provided no spam or simple messages such as a thanks or f*ck off is sent since I receive enough e-mail as is but as stated and worthwhile comment is appreciated. Theories in DoS http://www.antioffline.com/TID/ Yours truly, J. Oquendo [EMAIL PROTECTED] http://www.antioffline.com [EMAIL PROTECTED] http://www.deficiency.org [EMAIL PROTECTED] http://www.macroshaft.org __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
Re: Joining study group
Would love to join the group J. Oquendo Security Consultant Generation X Systems [EMAIL PROTECTED] [EMAIL PROTECTED] --Original Message-- From: "Brad Ellis" [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: June 17, 2000 5:13:39 AM GMT Subject: Re: Joining study group i wana join the study group too ""Lewis Mininson"" [EMAIL PROTECTED] wrote in message 004a01bfd79c$4f536a40$[EMAIL PROTECTED]">news:004a01bfd79c$4f536a40$[EMAIL PROTECTED]... Cisco, Would like to join the email study group for the CCNA course. Lew Mininson BMC Solutions Inc. Network Engineer Professional Services VM 1800-990-9944 X414 [EMAIL PROTECTED] ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] --- ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED] __ FREE Personalized Email at Mail.com Sign up at http://www.mail.com/?sr=signup ___ UPDATED Posting Guidelines: http://www.groupstudy.com/list/guide.html FAQ, list archives, and subscription info: http://www.groupstudy.com Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]